simp-beaker-helpers 1.21.4 → 1.22.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 843c00fb877d83ee9cd76a342b122923764e67452b3e8974de7232193d31d387
-  data.tar.gz: 195e83133f422f09bf168870c7acafbea8c59ed22c0bae7aea87126c4248349a
+  metadata.gz: cf4dabba2a12366f3acb4e850cd1894df06f7ab2f1de040f384351c8a2fdc3a1
+  data.tar.gz: ee3ee574fbb0165bc5354cc5a5bc5a9355add5da3412f5e65d2e3d27274d1f4a
 SHA512:
-  metadata.gz: 3ba248b4786e0950a8f6df44e6f697e7d4f83603334e101dc49c3096403d5ded68aaf3c98845cd6b1046706021c2957556b80d792f6588e9f6a6eee9184ba4f9
-  data.tar.gz: 40d7e4f4a8ea7ab2b6d3d841be12b95a85006093f290030c91958dd6215ac8f5cabd064af1773e94a5b2cb4c9beb86c47958b09a17fd56d4017372d4297d6cdd
+  metadata.gz: c11025a91bc2e4cb079531e9930c54e7540b759bc365bb7a676c90a1c6ce50b5af4f610fb22e3c74b54f8c1d858d71ff4f12b30ba136ef5d1788255727c0df91
+  data.tar.gz: 50696f976eba788b3ed287af8aab9925ff237ba8d1b524ea0eaf04dbd97b11192a350cde65004696f6b0d83c3ce0bae1561fd408dce6d334aab57745cc1e7f40

data/.fips_fixtures

@@ -1,6 +1,7 @@
 ---
 fixtures:
   repositories:
+    crypto_policy: https://github.com/simp/pupmod-simp-crypto_policy
     fips: https://github.com/simp/pupmod-simp-fips
     augeasproviders_core: https://github.com/simp/augeasproviders_core
     augeasproviders_grub: https://github.com/simp/augeasproviders_grub

data/.github/workflows/pr_glci.yml

@@ -0,0 +1,190 @@
+# Push/Trigger a GitLab CI pipeline for the PR HEAD, **ONLY IF:**
+#
+#   1. The .gitlab-ci.yaml file exists and validates
+#   2. The PR submitter has write access to the target repository.
+#
+# ------------------------------------------------------------------------------
+#
+#             NOTICE: **This file is maintained with puppetsync**
+#
+# This file is updated automatically as part of a puppet module baseline.
+#
+# The next baseline sync will overwrite any local changes to this file!
+#
+# ==============================================================================
+#
+# GitHub Action Secrets variables available for this pipeline:
+#
+#   GitHub Secret variable    Type      Notes
+#   ------------------------  --------  ----------------------------------------
+#   GITLAB_API_PRIVATE_TOKEN  Secure    Should have `api` scope
+#   GITLAB_API_URL            Optional
+#
+#   The secure vars will be filtered in GitHub Actions log output, and aren't
+#   provided to untrusted builds (i.e, triggered by PR from another repository)
+#
+# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+# WARNING   WARNING   WARNING   WARNING   WARNING   WARNING   WARNING   WARNING
+# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!V!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+#
+# DO NOT MODIFY this workflow, unless you **REALLY** know what you are doing.
+#
+# This workflow bypasses some of the built-in protections of the
+# `pull_request_target` event by explicitly checking out the PR's **HEAD**.
+# Without being VERY CAREFUL, this could easily allow a malcious PR
+# contributor the chance to access secrets or a GITHUB_TOKEN with write scope!!
+#
+# The jobs in this workflow are designed to handle this safely -- but DO NOT
+# assume any alterations will also be safe.
+#
+# For general information, see:
+#
+#   https://docs.github.com/en/actions/reference/events-that-trigger-workflows#pull_request_target
+#
+# For further information, or if ANY of this seems confusing or unecessary:
+#
+#     ASK FOR ASSISTANCE **BEFORE** ATTEMPTING TO MODIFY THIS WORKFLOW.
+#
+# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+# WARNING   WARNING   WARNING   WARNING   WARNING   WARNING   WARNING   WARNING
+# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!V!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
+#
+# https://docs.github.com/en/actions/reference/events-that-trigger-workflows
+#
+---
+name: PR GLCI
+on:
+  pull_request_target:
+    types: [opened, reopened, synchronize]
+
+jobs:
+
+  # The ONLY reason we can validate the PR HEAD's content safely here is that
+  # we restrict ourselves to sending data elsewhere.
+  glci-syntax:
+    name: '.gitlab-ci.yml Syntax'
+    runs-on: ubuntu-16.04
+    outputs:
+      valid: ${{ steps.validate-glci-file.outputs.valid }}
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          repository: ${{ github.event.pull_request.head.repo.full_name }}
+          ref: ${{ github.event.pull_request.head.ref }}
+      - name: 'Validate GLCI file syntax'
+        id: validate-glci-file
+        uses: simp/github-action-gitlab-ci-syntax-check@main
+        with:
+          gitlab_api_private_token: ${{ secrets.GITLAB_API_PRIVATE_TOKEN }}
+          gitlab_api_url: ${{ secrets.GITLAB_API_URL }}       # https://gitlab.com/api/v4
+
+  contributor-permissions:
+    name: 'PR contributor check'
+    runs-on: ubuntu-18.04
+    outputs:
+      permitted: ${{ steps.user-repo-permissions.outputs.permitted }}
+    steps:
+      - uses: actions/github-script@v3
+        id: user-repo-permissions
+        with:
+          github-token: ${{secrets.GITHUB_TOKEN}}
+          # See:
+          #   - https://octokit.github.io/rest.js/
+          #   - https://docs.github.com/en/free-pro-team@latest/rest/reference/repos#get-repository-permissions-for-a-user
+          script: |
+            const project_permission = await github.request('GET /repos/{owner}/{repo}/collaborators/{username}/permission', {
+              headers: {
+                accept: 'application/vnd.github.v3+json'
+              },
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              username: context.payload.sender.login,
+            })
+            const has_write_access = perm_lvl => (perm_lvl == "admin" || perm_lvl == "write" )
+            const write_access_desc = perm_bool => (perm_bool ? "PERMISSION OK" : "PERMISSION DENIED" )
+            if( has_write_access(project_permission.data.permission )){
+              core.setOutput( 'permitted', 'true' )
+            } else {
+              core.setOutput( 'permitted', 'false' )
+              console.log(`::error ::payload user '${context.payload.sender.login}' does not have CI trigger permission for '${context.repository}; not triggering external CI'`)
+            }
+            console.log(`== payload user '${context.payload.sender.login}' CI trigger permission for '${context.repo.owner}': ${write_access_desc(has_write_access(project_permission.data.permission))}`)
+
+
+  trigger-when-user-has-repo-permissions:
+    name: 'Trigger CI [trusted users only]'
+    needs: [ glci-syntax, contributor-permissions ]
+    # This conditional provides an extra safety control, in case the workflow's
+    # `on` section is inadventently modified without considering the security
+    # implications.
+    #
+    # This job will ONLY trigger on:
+    #
+    #   - [x] pull_request_target event:  github.event_name == 'pull_request_target'
+    #   AND:
+    #   - [x] Newly-opened PRs:           github.event.action == 'opened'
+    #   - [x] Re-opened PRs:              github.event.action == 'reopened'
+    #   - [x] Commits are added to PR:    github.event.action == 'synchronize'
+    #   AND:
+    #   - [x] .gitlab-ci.yml exists/ok:   needs.glci-syntax.outputs.valid == 'true'
+    #
+    # [Not implemented] It should NEVER trigger on:
+    #
+    #   - [ ] Merged PRs:                 github.event.pull_request.merged == 'false'
+    #     - (the downstream GitLab mirror will take care of that)
+    #     - Not implemented: For some reason, this conditional always fails
+    #     - Unnecessary if on>pull_request_target>types doesn't include 'closed'
+    if: github.event_name == 'pull_request_target' && ( github.event.action == 'opened' || github.event.action == 'reopened' || github.event.action == 'synchronize' ) && github.event.pull_request.merged != 'true' && needs.glci-syntax.outputs.valid == 'true' && needs.contributor-permissions.outputs.permitted == 'true'
+    runs-on: ubuntu-18.04
+    steps:
+      # Things we'd like to do:
+      # - [ ] if there's no GitLab mirror, make one
+      #   - [ ] if there's no GitLab <-> GitHub integration, make one
+      #   - [ ] if there's no PR check on the main GitHub branch, make one (?)
+      # - [x] Cancel any GLCI pipelines already pending/running for this branch
+      #       - "created|waiting_for_resource|preparing|pending|running"
+      #       - Exception: don't cancel existing pipeline for our own commit
+      # - [x] if PR: force-push branch to GitLab
+      - uses: actions/checkout@v2
+        if: needs.contributor-permissions.outputs.permitted == 'true'
+        with:
+          clean: true
+          fetch-depth: 0  # Need full checkout to push to gitlab mirror
+          repository: ${{ github.event.pull_request.head.repo.full_name }}
+          ref: ${{ github.event.pull_request.head.ref }}
+
+      - name: Trigger CI when user has Repo Permissions
+        if: needs.contributor-permissions.outputs.permitted == 'true'
+        uses: simp/github-action-gitlab-ci-pipeline-trigger@v1
+        with:
+          git_branch: ${{ github.event.pull_request.head.ref }} # TODO check for/avoid protected branches?
+          git_hashref:  ${{ github.event.pull_request.head.sha }}
+          gitlab_api_private_token: ${{ secrets.GITLAB_API_PRIVATE_TOKEN }}
+          gitlab_group: ${{ github.event.organization.login }}
+          github_repository: ${{ github.repository }}
+          github_repository_owner: ${{ github.repository_owner }}
+
+      - name: When user does NOT have Repo Permissions
+        if: needs.contributor-permissions.outputs.permitted == 'false'
+        continue-on-error: true
+        run: |
+          echo "Ending gracefully; Contributor $GITHUB_ACTOR does not have permission to trigger CI"
+          false
+
+###  examine_contexts:
+###    name: 'Examine Context contents'
+###    if: always()
+###    runs-on: ubuntu-16.04
+###    needs: [ glci-syntax, contributor-permissions ]
+###    steps:
+###      - name: Dump contexts
+###        env:
+###          GITHUB_CONTEXT: ${{ toJson(github) }}
+###        run: echo "$GITHUB_CONTEXT"
+###      - name: Dump needs context
+###        env:
+###          ENV_CONTEXT: ${{ toJson(needs) }}
+###        run: echo "$ENV_CONTEXT"
+###      - name: Dump env vars
+###        run: env | sort
+

data/.github/workflows/pr_glci_cleanup.yml

@@ -0,0 +1,105 @@
+# When a PR is closed, clean up any associated GitLab CI pipelines & branch
+#
+# * Cancels all GLCI pipelines associated with the PR HEAD ref (branch)
+# * Removes the PR HEAD branch from the corresponding gitlab.com/org/ project
+#
+# ------------------------------------------------------------------------------
+#
+#             NOTICE: **This file is maintained with puppetsync**
+#
+# This file is updated automatically as part of a standardized asset baseline.
+#
+# The next baseline sync will overwrite any local changes to this file!
+#
+# ==============================================================================
+#
+# GitHub Action Secrets variables available for this pipeline:
+#
+#   GitHub Secret variable    Type      Notes
+#   ------------------------  --------  ----------------------------------------
+#   GITLAB_API_PRIVATE_TOKEN  Secure    Should have `api` scope
+#   GITLAB_API_URL            Optional
+#
+#   The secure vars will be filtered in GitHub Actions log output, and aren't
+#   provided to untrusted builds (i.e, triggered by PR from another repository)
+#
+# ------------------------------------------------------------------------------
+#
+# https://docs.github.com/en/actions/reference/events-that-trigger-workflows
+#
+---
+name: PR GLCI Cleanup
+on:
+  pull_request_target:
+    types: [closed]
+
+jobs:
+  cleanup-glci-branch:
+    name: 'Clean up GLCI'
+    # This conditional provides an extra safety control, in case the workflow's
+    # `on` section is inadventently modified without considering the security
+    # implications.
+    if: github.event_name == 'pull_request_target' && github.event.action == 'closed'
+    runs-on: ubuntu-18.04
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          repository: ${{ github.event.pull_request.head.repo.full_name }}
+          ref: ${{ github.event.pull_request.head.ref }}
+      - name: Trigger CI when user has Repo Permissions
+        env:
+          GITLAB_SERVER_URL: ${{ secrets.GITLAB_SERVER_URL }} # https://gitlab.com
+          GITLAB_API_URL: ${{ secrets.GITLAB_API_URL }}       # https://gitlab.com/api/v4
+          GITLAB_ORG: ${{ github.event.organization.login }}
+          GITLAB_API_PRIVATE_TOKEN: ${{ secrets.GITLAB_API_PRIVATE_TOKEN }}
+          GIT_BRANCH: ${{ github.event.pull_request.head.ref }}
+        run: |
+          GITLAB_SERVER_URL="${GITLAB_SERVER_URL:-https://gitlab.com}"
+          GITLAB_API_URL="${GITLAB_API_URL:-${GITLAB_SERVER_URL}/api/v4}"
+          GIT_BRANCH="${GIT_BRANCH:-GITHUB_HEAD_REF}"
+          GITXXB_REPO_NAME="${GITHUB_REPOSITORY/$GITHUB_REPOSITORY_OWNER\//}"
+          GITLAB_PROJECT_ID="${GITLAB_ORG}%2F${GITXXB_REPO_NAME}"
+          # --http1.0 avoids an HTTP/2 load balancing issue when run from GA
+          CURL_CMD=(curl --http1.0 --fail --silent --show-error \
+            --header "Authorization: Bearer $GITLAB_API_PRIVATE_TOKEN" \
+            --header "Content-Type: application/json" \
+            --header "Accept: application/json" \
+          )
+
+          # Cancel any active/pending GitLab CI pipelines for the same project+branch
+          active_pipeline_ids=()
+          for pipe_status in created waiting_for_resource preparing pending running; do
+            echo "  ---- checking for CI pipelines with status '$pipe_status' for project '$GITLAB_PROJECT_ID', branch '$GIT_BRANCH'"
+            url="${GITLAB_API_URL}/projects/${GITLAB_PROJECT_ID}/pipelines?ref=${GIT_BRANCH}&status=${pipe_status}"
+            active_pipelines="$("${CURL_CMD[@]}" "$url" | jq -r '.[] | .id , .web_url')"
+            active_pipeline_ids+=($(echo "$active_pipelines" | grep -E '^[0-9]*$'))
+            printf "$active_pipelines\n\n"
+          done
+          if [ "${#active_pipeline_ids[@]}" -gt 0 ]; then
+            printf "\nFound %s active pipeline ids:\n" "${#active_pipeline_ids[@]}"
+            echo "${active_pipeline_ids[@]}"
+            for pipe_id in "${active_pipeline_ids[@]}"; do
+              printf "\n  ------ Cancelling pipeline ID %s...\n" "$pipe_id"
+              "${CURL_CMD[@]}" --request POST "${GITLAB_API_URL}/projects/${GITLAB_PROJECT_ID}/pipelines/${pipe_id}/cancel"
+            done
+          else
+            echo No active pipelines found
+          fi
+
+          echo "== Removing $GIT_BRANCH from gitlab"
+          git remote add gitlab "https://oauth2:${GITLAB_API_PRIVATE_TOKEN}@${GITLAB_SERVER_URL#*://}/${GITLAB_ORG}/${GITXXB_REPO_NAME}.git"
+          git push gitlab ":${GIT_BRANCH}" -f || : # attempt to un-weird GLCI's `changed` tracking
+
+###  examine_contexts:
+###    name: 'Examine Context contents'
+###    if: always()
+###    runs-on: ubuntu-16.04
+###    steps:
+###      - name: Dump contexts
+###        env:
+###          GITHUB_CONTEXT: ${{ toJson(github) }}
+###        run: echo "$GITHUB_CONTEXT"
+###        run: echo "$ENV_CONTEXT"
+###      - name: Dump env vars
+###        run: env | sort
+

data/.github/workflows/pr_glci_manual.yml

@@ -0,0 +1,143 @@
+# Manually trigger GLCI pipelines for a PR
+# ------------------------------------------------------------------------------
+#
+#             NOTICE: **This file is maintained with puppetsync**
+#
+# This file is updated automatically as part of a standardized asset baseline.
+#
+# The next baseline sync will overwrite any local changes to this file!
+#
+# ==============================================================================
+#
+# This pipeline uses the following GitHub Action Secrets:
+#
+#   GitHub Secret variable    Type      Notes
+#   ------------------------  --------  ----------------------------------------
+#   GITLAB_API_PRIVATE_TOKEN  Required  GitLab token (should have `api` scope)
+#   NO_SCOPE_GITHUB_TOKEN     Required  GitHub token (should have no scopes)
+#   GITLAB_SERVER_URL         Optional  Specify a GL server other than gitlab.com
+#   The secure vars will be filtered in GitHub Actions log output, and aren't
+#   provided to untrusted builds (i.e, triggered by PR from another repository)
+#
+# ------------------------------------------------------------------------------
+#
+# NOTES:
+#   It is necessary to provide NO_SCOPE_GITHUB_TOKEN because $secrets.GITHUB_AUTO
+#   is NOT provide to manually-triggered (`workflow_dispatch`) events, in order
+#   to prevent recursive triggers between workflows
+#
+#   Reference:
+#
+#   https://docs.github.com/en/actions/reference/events-that-trigger-workflows#triggering-new-workflows-using-a-personal-access-token
+---
+name: 'Manual: PR GLCI'
+
+on:
+  workflow_dispatch:
+    inputs:
+      pr_number:
+        description: "PR number to trigger GLCI"
+        required: true
+
+jobs:
+  glci-syntax:
+    name: '.gitlab-ci.yml Syntax'
+    runs-on: ubuntu-18.04
+    outputs:
+      valid: ${{ steps.validate-glci-file.outputs.valid }}
+      pr_head_ref: ${{ steps.get-pr.outputs.pr_head_ref }}
+      pr_head_sha: ${{ steps.get-pr.outputs.pr_head_sha }}
+      pr_head_label: ${{ steps.get-pr.outputs.pr_head_label }}
+      pr_head_full_name: ${{ steps.get-pr.outputs.pr_full_name }}
+    steps:
+      - uses: actions/github-script@v3
+        id: get-pr
+        with:
+          github-token: ${{secrets.NO_SCOPE_GITHUB_TOKEN}}
+          # See:
+          #   - https://octokit.github.io/rest.js/
+          script: |
+            console.log(`== pr number: ${context.payload.inputs.pr_number}`)
+            const pr = await github.request('get /repos/{owner}/{repo}/pulls/{pull_number}', {
+              headers: {
+                accept: 'application/vnd.github.v3+json'
+              },
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              pull_number: context.payload.inputs.pr_number
+            });
+
+            console.log("\n\n== pr\n");
+            console.log(pr);
+            console.log("\n\n== pr.data.head\n");
+            console.log(pr.data.head);
+            console.log(pr.status);
+
+            // PR must have been returned
+            if ( pr.status != 200 ) {
+              //#console.log(`::error ::Error looking up PR \#${context.payload.inputs.pr_number}: HTTP Response ${pr.status}`)
+              return(false)
+            }
+
+            // TODO: should either of these conditions really prevent a GLCI trigger?
+            if ( pr.data.state != 'open' ) {
+              console.log(`::error ::PR# ${context.payload.inputs.pr_number} is not open`)
+            }
+            if ( pr.data.merged ) {
+              console.log(`::error ::PR# ${context.payload.inputs.pr_number} is already merged`)
+            }
+            core.setOutput( 'pr_head_sha', pr.data.head.sha )
+            core.setOutput( 'pr_head_ref', pr.data.head.ref )
+            core.setOutput( 'pr_head_label', pr.data.head.label )
+            core.setOutput( 'pr_head_full_name', pr.data.head.full_name )
+      - uses: actions/checkout@v2
+        with:
+          repository: ${{ steps.get-pr.outputs.pr_head_full_name }}
+          ref: ${{ steps.get-pr.outputs.pr_head_sha }}
+          token: ${{secrets.NO_SCOPE_GITHUB_TOKEN}}
+          clean: true
+      - name: 'Validate GLCI file syntax'
+        id: validate-glci-file
+        uses: simp/github-action-gitlab-ci-syntax-check@main
+        with:
+          gitlab_api_private_token: ${{ secrets.GITLAB_API_PRIVATE_TOKEN }}
+          gitlab_api_url: ${{ secrets.GITLAB_API_URL }}       # https://gitlab.com/api/v4
+
+  trigger-when-user-has-repo-permissions:
+    name: 'Trigger CI'
+    needs: [ glci-syntax ]
+    runs-on: ubuntu-18.04
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          repository: ${{ needs.glci-syntax.outputs.pr_head_full_name }}
+          ref: ${{ needs.glci-syntax.outputs.pr_head_sha }}
+          token: ${{secrets.NO_SCOPE_GITHUB_TOKEN}}
+          fetch-depth: 0  # Need full checkout to push to gitlab mirror
+          clean: true
+      - name: Trigger CI when user has Repo Permissions
+        uses: simp/github-action-gitlab-ci-pipeline-trigger@v1
+        with:
+          git_hashref:  ${{ needs.glci-syntax.outputs.pr_head_sha }}
+          git_branch: ${{ needs.glci-syntax.outputs.pr_head_ref }}
+          gitlab_api_private_token: ${{ secrets.GITLAB_API_PRIVATE_TOKEN }}
+          gitlab_group: ${{ github.event.organization.login }}
+          github_repository: ${{ github.repository }}
+          github_repository_owner: ${{ github.repository_owner }}
+
+###  examine_contexts:
+###    needs: [ glci-syntax ]
+###    name: 'Examine Context contents'
+###    if: always()
+###    runs-on: ubuntu-18.04
+###    steps:
+###      - name: Dump contexts
+###        env:
+###          GITHUB_CONTEXT: ${{ toJson(github) }}
+###        run: echo "$GITHUB_CONTEXT"
+###      - name: Dump 'needs' context
+###        env:
+###          ENV_CONTEXT: ${{ toJson(needs) }}
+###        run: echo "$ENV_CONTEXT"
+###      - name: Dump env vars
+###        run: env | sort

data/.github/workflows/tag_deploy_rubygem.yml

@@ -0,0 +1,152 @@
+# Build & Deploy RubyGem & GitHub release when a SemVer tag is pushed
+# ------------------------------------------------------------------------------
+#
+#             NOTICE: **This file is maintained with puppetsync**
+#
+# This file is updated automatically as part of a standardized asset baseline.
+#
+# The next baseline sync will overwrite any local changes to this file!
+#
+# ==============================================================================
+#
+# This pipeline uses the following GitHub Action Secrets:
+#
+#   GitHub Secret variable    Type      Notes
+#   ------------------------  --------  ----------------------------------------
+#   RUBYGEMS_API_KEY          Required
+#
+# ------------------------------------------------------------------------------
+#
+# NOTES:
+#
+# * The CHANGLOG text is altered to remove RPM-style date headers, which don't
+#   render well as markdown on the GitHub release pages
+---
+name: 'Tag: Release to GitHub & rubygems.org'
+
+on:
+  push:
+    tags:
+      - '[0-9]+\.[0-9]+\.[0-9]+'
+
+env:
+  PUPPET_VERSION: '~> 6'
+  LOCAL_WORKFLOW_CONFIG_FILE: .github/workflows.local.json
+
+jobs:
+  releng-checks:
+    name: "RELENG checks"
+    runs-on: ubuntu-18.04
+    outputs:
+      build_command: ${{ steps.commands.outputs.build_command }}
+      release_command: ${{ steps.commands.outputs.release_command }}
+    steps:
+      - name: "Assert '${{ github.ref }}' is a tag"
+        run: '[[ "$GITHUB_REF" =~ ^refs/tags/ ]] || { echo "::error ::GITHUB_REF is not a tag: ${GITHUB_REF}"; exit 1 ; }'
+      - uses: actions/checkout@v2
+        with:
+          ref: ${{ github.ref }}
+          clean: true
+      - name: Determing build and release commands
+        id: commands
+        run: |
+          # By default, these are the standard tasks from "bundler/gem_tasks"
+          # To override them in the LOCAL_WORKFLOW_CONFIG_FILE
+          GEM_BUILD_COMMAND='bundle exec rake build'
+          GEM_RELEASE_COMMAND='gem push pkg/*.gem'
+          if jq -r '. | keys' "$LOCAL_WORKFLOW_CONFIG_FILE" 2>/dev/null | \
+              grep -w '"gem_build_command"' &> /dev/null; then
+            GEM_BUILD_COMMAND="$(jq .gem_build_command "$LOCAL_WORKFLOW_CONFIG_FILE" )"
+          fi
+          if jq -r '. | keys' "$LOCAL_WORKFLOW_CONFIG_FILE" 2>/dev/null | \
+              grep -w '"gem_release_command"' &> /dev/null; then
+            GEM_RELEASE_COMMAND="$(jq .gem_release_command "$LOCAL_WORKFLOW_CONFIG_FILE" )"
+          fi
+          echo "::set-output name=build_command::${GEM_BUILD_COMMAND}"
+          echo "::set-output name=release_command::${GEM_RELEASE_COMMAND}"
+      - uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: 2.5
+          bundler-cache: true
+      - name: Test build the package
+        run: "${{ steps.commands.outputs.build_command }}"
+
+  create-github-release:
+    name: Deploy GitHub Release
+    needs: [ releng-checks ]
+    runs-on: ubuntu-18.04
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+        with:
+          ref: ${{ github.ref }}
+          clean: true
+          fetch-depth: 0
+      - name: Get tag & annotation info (${{github.ref}})
+        id: tag-check
+        run: |
+          tag="${GITHUB_REF/refs\/tags\//}"
+          annotation="$(git for-each-ref "$GITHUB_REF" --format='%(contents)' --count=1)"
+          annotation_title="$(echo "$annotation" | head -1)"
+
+          echo "::set-output name=tag::${tag}"
+          echo "::set-output name=annotation_title::${annotation_title}"
+
+          # Prepare annotation body as a file for the next step
+          #
+          # * The GitHub Release render the text in this file as markdown
+          # * The file is needed because :set-output only supports single lines
+          # * The `perl -pe` removes RPM-style date headers from the CHANGELOG,
+          #   because they don't render well as markdown on the Release page
+          #
+          echo "$annotation" |  tail -n +2 | \
+            perl -pe 'BEGIN{undef $/;} s/\n\* (Mon|Tue|Wed|Thu|Fri|Sat|Sun) .*?\n//smg;' > /tmp/annotation.body
+
+      - name: Create Release
+        uses: actions/create-release@v1
+        id: create_release
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          tag_name: ${{ github.ref }}
+          release_name: ${{ steps.tag-check.outputs.annotation_title }}
+          body_path: /tmp/annotation.body
+          draft: false
+          prerelease: false
+
+  deploy-rubygem:
+    name: Deploy RubyGem Release
+    needs: [ releng-checks ]
+    runs-on: ubuntu-18.04
+    env:
+      RUBYGEMS_API_KEY: ${{ secrets.RUBYGEMS_API_KEY }}
+      BUILD_COMMAND: ${{ needs.releng-checks.outputs.build_command }}
+      RELEASE_COMMAND: ${{ needs.releng-checks.outputs.release_command }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+        with:
+          ref: ${{ github.ref }}
+          clean: true
+      - uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: 2.5
+          bundler-cache: true
+      - name: Build RubyGem
+        run: '$BUILD_COMMAND'
+
+      - name: Release RubyGem
+        run: |
+          echo "Setting up gem credentials..."
+          mkdir -p ~/.gem
+
+          cat << EOF > ~/.gem/credentials
+          ---
+          :rubygems_api_key: ${RUBYGEMS_API_KEY}
+          EOF
+          chmod 0600 ~/.gem/credentials
+
+          chmod -R go=u-w .
+
+          echo "Running '$RELEASE_COMMAND'..."
+          $RELEASE_COMMAND

data/.gitlab-ci.yml

@@ -1,11 +1,4 @@
 # ------------------------------------------------------------------------------
-#             NOTICE: **This file is maintained with puppetsync**
-#
-# This file is updated automatically as part of a puppet module baseline.
-#
-# The next baseline sync will overwrite any local changes to everything above
-# the line "# Repo-specific content"
-# ------------------------------------------------------------------------------
 # The testing matrix considers ruby/puppet versions supported by SIMP and PE:
 #
 # https://puppet.com/docs/pe/2019.8/component_versions_in_recent_pe_releases.html
@@ -216,28 +209,28 @@ variables:
 # Puppet Versions
 #-----------------------------------------------------------------------
 
-.pup_5: &pup_5
+.pup_5_x: &pup_5_x
   image: 'ruby:2.4'
   variables:
     PUPPET_VERSION: '~> 5.0'
     BEAKER_PUPPET_COLLECTION: 'puppet5'
     MATRIX_RUBY_VERSION: '2.4'
 
-.pup_6: &pup_6
+.pup_6_x: &pup_6_x
   image: 'ruby:2.5'
   variables:
     PUPPET_VERSION: '~> 6.0'
     BEAKER_PUPPET_COLLECTION: 'puppet6'
     MATRIX_RUBY_VERSION: '2.5'
 
-.pup_6_18_0: &pup_6_18_0
+.pup_6_pe: &pup_6_pe
   image: 'ruby:2.5'
   variables:
     PUPPET_VERSION: '6.18.0'
     BEAKER_PUPPET_COLLECTION: 'puppet6'
     MATRIX_RUBY_VERSION: '2.5'
 
-.pup_7: &pup_7
+.pup_7_x: &pup_7_x
   image: 'ruby:2.7'
   variables:
     PUPPET_VERSION: '~> 7.0'
@@ -280,24 +273,18 @@ variables:
 # Unit Tests
 #-----------------------------------------------------------------------
 
-pup5-unit:
-  <<: *pup_5
+pup5.x-unit:
+  <<: *pup_5_x
   <<: *unit_tests
 
-pup6-unit:
-  <<: *pup_6
+pup6.x-unit:
+  <<: *pup_6_x
   <<: *unit_tests
 
-pup7-unit:
-  <<: *pup_7
+pup7.x-unit:
+  <<: *pup_7_x
   <<: *unit_tests
 
-# ------------------------------------------------------------------------------
-#             NOTICE: **This file is maintained with puppetsync**
-#
-# Everything above the "Repo-specific content" comment will be overwritten by
-# the next puppetsync.
-# ------------------------------------------------------------------------------
 
 # Repo-specific content
 # ==============================================================================
@@ -305,20 +292,20 @@ pup7-unit:
 #=======================================================================
 # Packaging test
 
-pup5-pkg:
-  <<: *pup_5
+pup5.x-pkg:
+  <<: *pup_5_x
   <<: *unit_tests
   script:
     'bundle exec rake pkg:gem'
 
-pup6-pkg:
-  <<: *pup_6
+pup6.x-pkg:
+  <<: *pup_6_x
   <<: *unit_tests
   script:
     'bundle exec rake pkg:gem'
 
-pup7-pkg:
-  <<: *pup_7
+pup7.x-pkg:
+  <<: *pup_7_x
   <<: *unit_tests
   script:
     'bundle exec rake pkg:gem'
@@ -326,49 +313,49 @@ pup7-pkg:
 #=======================================================================
 # Acceptance tests
 default:
-  <<: *pup_6
+  <<: *pup_6_x
   <<: *acceptance_base
   script:
     - bundle exec rake beaker:suites[default]
 
 default-fips:
-  <<: *pup_6
+  <<: *pup_6_x
   <<: *acceptance_base
   script:
     - BEAKER_fips=yes bundle exec rake beaker:suites[default]
 
 fips_from_fixtures:
-  <<: *pup_6
+  <<: *pup_6_x
   <<: *acceptance_base
   script:
     - bundle exec rake beaker:suites[fips_from_fixtures]
 
 puppet5_collections:
-  <<: *pup_5
+  <<: *pup_5_x
   <<: *acceptance_base
   script:
     - bundle exec rake beaker:suites[puppet_collections]
 
 puppet6_collections:
-  <<: *pup_6
+  <<: *pup_6_x
   <<: *acceptance_base
   script:
     - bundle exec rake beaker:suites[puppet_collections]
 
 puppet7_collections:
-  <<: *pup_7
+  <<: *pup_7_x
   <<: *acceptance_base
   script:
     - bundle exec rake beaker:suites[puppet_collections]
 
 windows:
-  <<: *pup_6
+  <<: *pup_6_x
   <<: *acceptance_base
   script:
     - bundle exec rake beaker:suites[windows]
 
 snapshot:
-  <<: *pup_6
+  <<: *pup_6_x
   <<: *acceptance_base
   # This is prone to breakage in the underlying system
   allow_failure: true

data/CHANGELOG.md

@@ -1,3 +1,23 @@
+### 1.22.1 / 2021-03-01
+* Fixed: enable_epel_on() now installs the correct EPEL repository
+  package on OracleLinux
+
+### 1.22.0 / 2021-01-27
+* Fixed:
+  * Ensure that the simp-crypto_policy module is installed when flipping to FIPS
+    mode
+  * Only attempt to install the simp repos once in case they are broken for some
+    reason
+* Added:
+  * Documentation for all of the beaker environment variables
+  * set_simp_repo_release() for setting the release and release_type of the
+    public SIMP yum repos
+  * set_yum_opts_on() method for setting bulk yum config options
+  * set_yum_opt_on() method for setting singular yum config options
+  * install_package_unless_present_on() method
+  * Allow users to set repos to disable using an environment variable
+  * A total run time summary for beaker suites
+
 ### 1.21.4 / 2021-01-21
 * Fixed:
   * Reverted the use of OpenStruct due to issues with seralization

data/README.md

@@ -13,6 +13,8 @@ Methods to assist beaker acceptance tests for SIMP.
   * [`rake beaker:suites`](#rake-beakersuites)
   * [Suite Execution](#suite-execution)
     * [Environment Variables](#environment-variables)
+      * [Beaker Management](#beaker-management)
+      * [Beaker Helpers Adjustments](#beaker-helpers-adjustments)
     * [Global Suite Configuration](#global-suite-configuration)
       * [Supported Config:](#supported-config)
     * [Individual Suite Configuration](#individual-suite-configuration)
@@ -112,12 +114,68 @@ sensitive).
 
 #### Environment Variables
 
-* BEAKER_suite_runall
+##### Beaker Management
+
+* BEAKER_suite_runall [yes|no]
   * Run all Suites
 
-* BEAKER_suite_basedir
+* BEAKER_suite_basedir [String]
   * The base directory where suites will be defined
-  * Default: spec/acceptance
+  * Default: `spec/acceptance`
+
+##### Beaker Helpers Adjustments
+
+* BEAKER_SIMP_parallel [yes|no]
+  * `yes` => Run simp-beaker-helpers methods on SUTs in parallel if possible
+  * `no` => Do not run methods in parallel
+
+* BEAKER_docker_cmd [String]
+  * The specific command to use for performing `docker` operations
+
+* BEAKER_helpers_verbose [yes|no]
+  * `yes` => Enable verbose output
+  * `no` => Do not enable verbose output
+
+* BEAKER_copy_fixtures [yes|no]
+  * `yes` => Enable copying fixtures to the SUT
+  * `no` => Disable copying fixtures to the SUT
+
+* BEAKER_use_fixtures_dir_for_modules [yes|no]
+  * `yes` => Pull fixtures directly from `spec/fixtures/modules`
+  * `no` => Ignore `spec/fixtures/modules` content
+
+* BEAKER_stringify_facts [yes|no]
+  * `yes` => Enable fact stringification
+
+* BEAKER_fips_module_version [String]
+  * The specific version of the FIPS module to install from the puppet forge
+
+* BEAKER_RHSM_USER [String]
+  * The username for using with RHSM
+
+* BEAKER_RHSM_PASS [String]
+  * The password for using with RHSM
+
+* BEAKER_fips [yes|no]
+  * `yes` => Enable FIPS on the SUT
+  * `no` => Do not manage FIPS on the SUT (will not disable if enabled)
+
+* BEAKER_no_fix_interfaces [Boolean]
+  * If present, will not try to fix the interfaces on the SUT
+
+* BEAKER_SIMP_install_repos [yes|no]
+  * `yes` => Install the SIMP YUM repositories
+  * `no` => No not install the SIMP YUM repositories
+
+* BEAKER_SIMP_disable_repos [String]
+  * Comma delimited list of YUM repositories to disable on the SUT
+
+* BEAKER_SIMP_repo_release [String]
+  * The release of SIMP to target in the YUM repos (usually a number)
+
+* BEAKER_SIMP_repo_release_type [String]
+  * The release type of SIMP to target in the YUM repos
+    * Something like `stable`, `rolling`, or `unstable`
 
 #### Global Suite Configuration
 
@@ -406,7 +464,7 @@ might try to install packages before subscription manager is configured.
 The version of InSpec to use when running inspec tests. Currently hard-coded to
 `4.16.14` due to a bug introduced in `4.16.15`.
 
-Let to 'latest' to use the latest available in the upstream repos.
+Set to 'latest' to use the latest available in the upstream repos.
 
 ## Examples
 
@@ -510,7 +568,7 @@ underlying OS configuration.
 
 `Simp::BeakerHelpers::Snapshot.save(sut, '<name of snapshot>')` will save a
 snapshot with the given name. If the snapshot already exists, it will be
-forceably overwritten.
+forcibly overwritten.
 
 
 ##### Base Snapshots

data/lib/simp/beaker_helpers.rb

@@ -18,7 +18,53 @@ module Simp::BeakerHelpers
     "simp-beaker-helpers-#{t}-#{$$}-#{rand(0x100000000).to_s(36)}.tmp"
   end
 
-  def install_latest_package_on(suts, package_name, package_source=nil, opts={})
+  # Sets a single YUM option in the form that yum-config-manager/dnf
+  # config-manager would expect.
+  #
+  # If not prefaced with a repository, the option will be applied globally.
+  #
+  # Has no effect if yum or dnf is not present.
+  def set_yum_opt_on(suts, key, value)
+    parallel = (ENV['BEAKER_SIMP_parallel'] == 'yes')
+    block_on(suts, :run_in_parallel => parallel) do |sut|
+      repo,target = key.split('.')
+
+      unless target
+        key = "\\*.#{repo}"
+      end
+
+      command = nil
+      if !sut.which('dnf').empty?
+        install_package_unless_present_on(sut, 'dnf-plugins-core', :accept_all_exit_codes => true)
+        command = 'dnf config-manager'
+      elsif !sut.which('yum').empty?
+        command = 'yum-config-manager'
+      end
+
+      on(sut, %{#{command} --save --setopt=#{key}=#{value}}, :silent => true) if command
+    end
+  end
+
+  # Takes a hash of YUM options to set in the form that yum-config-manager/dnf
+  # config-manager would expect.
+  #
+  # If not prefaced with a repository, the option will be applied globally.
+  #
+  # Example:
+  #   {
+  #     'skip_if_unavailable' => '1', # Applies globally
+  #     'foo.installonly_limit' => '5' # Applies only to the 'foo' repo
+  #   }
+  def set_yum_opts_on(suts, yum_opts={})
+    parallel = (ENV['BEAKER_SIMP_parallel'] == 'yes')
+    block_on(suts, :run_in_parallel => parallel) do |sut|
+      yum_opts.each_pair do |k,v|
+        set_yum_opt_on(sut, k, v)
+      end
+    end
+  end
+
+  def install_package_unless_present_on(suts, package_name, package_source=nil, opts={})
     default_opts = {
       max_retries: 3,
       retry_interval: 10
@@ -28,19 +74,35 @@ module Simp::BeakerHelpers
     block_on(suts, :run_in_parallel => parallel) do |sut|
       package_source = package_name unless package_source
 
-      if sut.check_for_package(package_name)
-        sut.upgrade_package(
+      unless sut.check_for_package(package_name)
+        sut.install_package(
           package_source,
           '',
+          nil,
           default_opts.merge(opts)
         )
-      else
-        sut.install_package(
+      end
+    end
+  end
+
+  def install_latest_package_on(suts, package_name, package_source=nil, opts={})
+    default_opts = {
+      max_retries: 3,
+      retry_interval: 10
+    }
+
+    parallel = (ENV['BEAKER_SIMP_parallel'] == 'yes')
+    block_on(suts, :run_in_parallel => parallel) do |sut|
+      package_source = package_name unless package_source
+
+      if sut.check_for_package(package_name)
+        sut.upgrade_package(
           package_source,
           '',
-          nil,
           default_opts.merge(opts)
         )
+      else
+        install_package_unless_present_on(sut, package_name, package_source, opts)
       end
     end
   end
@@ -434,13 +496,16 @@ module Simp::BeakerHelpers
 
         fips_enable_modulepath = '--modulepath=/root/.beaker_fips/modules'
 
-        module_install_cmd = 'puppet module install simp-fips --target-dir=/root/.beaker_fips/modules'
+        modules_to_install = {
+          'simp-fips' => ENV['BEAKER_fips_module_version'],
+          'simp-crypto_policy' => nil
+        }
 
-        if ENV['BEAKER_fips_module_version']
-          module_install_cmd += " --version #{ENV['BEAKER_fips_module_version']}"
+        modules_to_install.each_pair do |to_install, version|
+          module_install_cmd = "puppet module install #{to_install} --target-dir=/root/.beaker_fips/modules"
+          module_install_cmd += " --version #{version}" if version
+          on(sut, module_install_cmd)
         end
-
-        on(sut, module_install_cmd)
       end
 
       # Work around Vagrant and cipher restrictions in EL8+
@@ -549,12 +614,13 @@ module Simp::BeakerHelpers
   def enable_epel_on(suts)
     parallel = (ENV['BEAKER_SIMP_parallel'] == 'yes')
     block_on(suts, :run_in_parallel => parallel) do |sut|
-      if ONLINE && (ENV['BEAKER_stringify_facts'] != 'no')
+      if ONLINE
         os_info = fact_on(sut, 'os')
         os_maj_rel = os_info['release']['major']
 
         # This is based on the official EPEL docs https://fedoraproject.org/wiki/EPEL
-        if ['RedHat', 'CentOS'].include?(os_info['name'])
+        case os_info['name']
+        when 'RedHat','CentOS'
           install_latest_package_on(
             sut,
             'epel-release',
@@ -580,7 +646,11 @@ module Simp::BeakerHelpers
               on sut, %{dnf config-manager --set-enabled powertools || dnf config-manager --set-enabled PowerTools}
             end
           end
+        when 'OracleLinux'
+          package_name = "oracle-epel-release-el#{os_maj_rel}"
+          install_latest_package_on(sut,package_name)
         end
+
       end
     end
   end
@@ -1397,49 +1467,79 @@ module Simp::BeakerHelpers
   #    * 'simp-community-postgres'
   #    * 'simp-community-puppet'
   #
-  def install_simp_repos(sut, disable = [])
+  #
+  # Environment Variables:
+  #   * BEAKER_SIMP_install_repos
+  #     * 'no' => disable the capability
+  #   * BEAKER_SIMP_disable_repos
+  #     * Comma delimited list of active yum repo names to disable
+  def install_simp_repos(suts, disable = [])
     # NOTE: Do *NOT* use puppet in this method since it may not be available yet
 
-    install_latest_package_on(sut, 'yum-utils')
-    install_latest_package_on(
-      sut,
-      'simp-release-community',
-      "https://download.simp-project.com/simp-release-community.rpm",
-    )
+    return if (ENV.fetch('SIMP_install_repos', 'yes') == 'no')
+
+    parallel = (ENV['BEAKER_SIMP_parallel'] == 'yes')
+    block_on(suts, :run_in_parallel => parallel) do |sut|
+      install_package_unless_present_on(sut, 'yum-utils')
+
+      install_package_unless_present_on(
+        sut,
+        'simp-release-community',
+        "https://download.simp-project.com/simp-release-community.rpm",
+      )
 
-    to_disable = disable.dup
+      to_disable = disable.dup
+      to_disable += ENV.fetch('BEAKER_SIMP_disable_repos', '').split(',').map(&:strip)
 
-    unless to_disable.empty?
-      if to_disable.include?('simp')
-        to_disable.delete('simp')
-        to_disable << 'simp-community-simp'
-      end
+      unless to_disable.empty?
+        if to_disable.include?('simp')
+          to_disable.delete('simp')
+          to_disable << 'simp-community-simp'
+        end
 
-      if to_disable.include?('simp_deps')
-        to_disable.delete('simp_deps')
-        to_disable << 'simp-community-epel'
-        to_disable << 'simp-community-postgres'
-        to_disable << 'simp-community-puppet'
-      end
+        if to_disable.include?('simp_deps')
+          to_disable.delete('simp_deps')
+          to_disable << 'simp-community-epel'
+          to_disable << 'simp-community-postgres'
+          to_disable << 'simp-community-puppet'
+        end
 
-      # NOTE: This --enablerepo enables the repos for listing and is inherited
-      # from YUM. This does not actually "enable" the repos, that would require
-      # the "--enable" option (from yum-config-manager) :-D.
-      #
-      # Note: Certain versions of EL8 do not dump by default and EL7 does not
-      # have the '--dump' option.
-      available_repos = on(sut, %{yum-config-manager --enablerepo="*" || yum-config-manager --enablerepo="*" --dump}).stdout.lines.grep(/\A\[(.+)\]\Z/){|x| $1}
+        # NOTE: This --enablerepo enables the repos for listing and is inherited
+        # from YUM. This does not actually "enable" the repos, that would require
+        # the "--enable" option (from yum-config-manager) :-D.
+        #
+        # Note: Certain versions of EL8 do not dump by default and EL7 does not
+        # have the '--dump' option.
+        available_repos = on(sut, %{yum-config-manager --enablerepo="*" || yum-config-manager --enablerepo="*" --dump}).stdout.lines.grep(/\A\[(.+)\]\Z/){|x| $1}
 
-      invalid_repos = (to_disable - available_repos)
+        invalid_repos = (to_disable - available_repos)
 
-      # Verify that the repos passed to disable are in the list of valid repos
-      unless invalid_repos.empty?
-        logger.warn(%{WARN: install_simp_repo - requested repos to disable do not exist on the target system '#{invalid_repos.join("', '")}'.})
-      end
+        # Verify that the repos passed to disable are in the list of valid repos
+        unless invalid_repos.empty?
+          logger.warn(%{WARN: install_simp_repo - requested repos to disable do not exist on the target system '#{invalid_repos.join("', '")}'.})
+        end
 
-      (to_disable - invalid_repos).each do |repo|
-        on(sut, %{yum-config-manager --disable "#{repo}"})
+        (to_disable - invalid_repos).each do |repo|
+          on(sut, %{yum-config-manager --disable "#{repo}"})
+        end
       end
     end
+
+    set_yum_opts_on(suts, {'simp*.skip_if_unavailable' => '1' })
+  end
+
+  # Set the release and release type of the SIMP yum repos
+  #
+  # Environment variables may be used to set either one
+  #   * BEAKER_SIMP_repo_release => The actual release (version number)
+  #   * BEAKER_SIMP_repo_release_type => The type of release (stable, unstable, rolling, etc...)
+  def set_simp_repo_release(sut, simp_release_type='stable', simp_release='6')
+    simp_release = ENV.fetch('BEAKER_SIMP_repo_release', simp_release)
+    simp_release_type = ENV.fetch('BEAKER_SIMP_repo_release_type', simp_release_type)
+
+    simp_release_type = 'releases' if (simp_release_type == 'stable')
+
+    create_remote_file(sut, '/etc/yum/vars/simprelease', simp_release)
+    create_remote_file(sut, '/etc/yum/vars/simpreleasetype', simp_release_type)
   end
 end

data/lib/simp/beaker_helpers/version.rb

@@ -1,5 +1,5 @@
 module Simp; end
 
 module Simp::BeakerHelpers
-  VERSION = '1.21.4'
+  VERSION = '1.22.1'
 end

data/lib/simp/rake/beaker.rb

@@ -196,6 +196,7 @@ module Simp::Rake
           default_suite = ordered_suites.delete('default')
           ordered_suites.unshift(default_suite) if default_suite
 
+          suite_start_time = Process.clock_gettime(Process::CLOCK_MONOTONIC)
           ordered_suites.each do |ste|
 
             next unless (suites[ste]['default_run'] == true)
@@ -255,6 +256,11 @@ module Simp::Rake
               $stdout.puts("\n\n=== Suite '#{name}' Complete ===\n\n")
             end
           end
+          suite_end_time = Process.clock_gettime(Process::CLOCK_MONOTONIC)
+
+          suite_run_time = ((suite_end_time - suite_start_time)/60).round(2)
+
+          $stdout.puts("== Total Runtime: #{suite_run_time} minutes ==\n\n")
 
           unless failures.keys.empty?
             $stdout.puts("The following tests had failures:")

data/spec/acceptance/suites/default/install_simp_deps_repo_spec.rb

@@ -1,12 +1,12 @@
 require 'spec_helper_acceptance'
 
 hosts.each do |host|
-  describe '#write_hieradata_to' do
-    expect_failures = false
-    if hosts_with_role(hosts, 'el8').include?(host)
-      expect_failures = true
-    end
+  expect_failures = false
+  if hosts_with_role(hosts, 'el8').include?(host)
+    expect_failures = true
+  end
 
+  describe '#install_simp_repos' do
     it 'should install yum utils' do
       host.install_package('yum-utils')
     end
@@ -21,6 +21,18 @@ hosts.each do |host|
       end
     end
 
+    context 'when targeting a release type' do
+      it 'adjusts the SIMP release target' do
+        set_simp_repo_release(host, 'rolling')
+        expect(file_content_on(host, '/etc/yum/vars/simpreleasetype').strip).to eq('rolling')
+      end
+
+      it 'lists the simp rpm' do
+        skip "#{host} is not supported yet" if expect_failures
+        on(host, 'yum list simp')
+      end
+    end
+
     context 'when passed a disabled list ' do
       before(:all) { install_simp_repos(host, ['simp-community-simp'] ) }
 

data/spec/acceptance/suites/fips_from_fixtures/00_default_spec.rb

@@ -18,6 +18,7 @@ new_fixtures = {
   }
 }
 
+new_fixtures['fixtures']['repositories']['crypto_policy'] = 'https://github.com/simp/pupmod-simp-crypto_policy'
 new_fixtures['fixtures']['repositories']['fips'] = 'https://github.com/simp/pupmod-simp-fips'
 new_fixtures['fixtures']['repositories']['augeasproviders_core'] = 'https://github.com/simp/augeasproviders_core'
 new_fixtures['fixtures']['repositories']['augeasproviders_grub'] = 'https://github.com/simp/augeasproviders_grub'

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: simp-beaker-helpers
 version: !ruby/object:Gem::Version
-  version: 1.21.4
+  version: 1.22.1
 platform: ruby
 authors:
 - Chris Tessmer
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-01-21 00:00:00.000000000 Z
+date: 2021-03-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: beaker
@@ -163,11 +163,14 @@ extra_rdoc_files: []
 files:
 - ".fips_fixtures"
 - ".fixtures.yml"
+- ".github/workflows/pr_glci.yml"
+- ".github/workflows/pr_glci_cleanup.yml"
+- ".github/workflows/pr_glci_manual.yml"
+- ".github/workflows/tag_deploy_rubygem.yml"
 - ".gitignore"
 - ".gitlab-ci.yml"
 - ".rspec"
 - ".rubocop.yml"
-- ".travis.yml"
 - CHANGELOG.md
 - Gemfile
 - LICENSE

data/.travis.yml

@@ -1,42 +0,0 @@
----
-language: shell
-notifications:
-  email: false
-stages:
-  - name: deploy
-    if: 'tag IS present'
-
-###  Testing on Travis CI is indefinitely disabled
-###
-###  See:
-###    * https://blog.travis-ci.com/2020-11-02-travis-ci-new-billing
-###    * https://simp-project.atlassian.net/browse/SIMP-8703
-jobs:
-  include:
-    - stage: deploy
-      script: skip
-      cache: bundler
-      before_install:
-        - rm Gemfile.lock || true
-      bundler_args: "--without development --path .vendor"
-      language: ruby
-      rvm: 2.4.5
-      before_deploy:
-        - bundle exec rake clobber
-        - "export GEM_VERSION=`ruby -r ./lib/simp/beaker_helpers/version.rb -e 'puts Simp::BeakerHelpers::VERSION'`"
-        - '[[ $TRAVIS_TAG =~ ^${GEM_VERSION}$ ]]'
-      deploy:
-        - provider: rubygems
-          gemspec: simp-beaker-helpers.gemspec
-          gem: simp-beaker-helpers
-          token:
-            secure: "AlnBx0dBSxn+S97n0h14ltKUOA+6v0bc7QZPIcwGJV9nnf1hKH3pf9La1TVknEx7XgpAcM9jusQJ7hBlqvSq8z8SFF0bZk1EgSRIKc1cuYPLiGyUM2O7+AFHyCy3iCnPvKeoQmE/BJb5O1dGnbmSbf4A0fqLxA7jiHG1j7z+cnmJB1i67wovDfl13TsOXyBfbespWBMMc0BKAw56FPs9XggAk2cNusS3hd5tqW1AZPT2/xwt+d8ngkmO96u8QcichYRFQ+w+XW4H0w935wNg/dWiskJlt7TIYVAh4Ko5s2DZKf52Tne8TugALSn0LhRatpp7sw1FTTpteCW8UqK8uwGC2hM4pZViAOv4P1YObz2IPOZPriBl+cCayJdMKnotkUJliAMnw5TLiSWKLou+S0Pdj2h3fJZWdOEwRPMzIVoJtsOHG3GdNcPL6f7iU0vP/wr6FeR3uWa+fA7NHRi2Du955O8JpogjdrW08ahcAEwhtI3A4mrA08wN09axsrwr093uDRm/5h4FHyAhExJ0YiA/6kcPpUvILcLStyHe0RQDICQMdsQo2DSbnL65w3QjFa2fML2Shf9cRwX06+ia2BxozWzFD/6p3RiRtPxphnbFiUdjYSGWcwCcUgbJx9SW04lSSxOhpyItuXgxZqiybkzstXd6riu5zwg1R8TWk34="
-          on:
-            tags: true
-            condition: "($SKIP_PUBLISH != true)"
-        - provider: releases
-          token:
-            secure: "I41p4aqjkrNDHJhZ5gWC4gzn7BVwEYRm5Q3PAxQRSIUDB/QTVgNqZx8YptkuIvSGpw8kIywyZg3NKdzGUO8aJJ0NlXapL7e9qQIigkYhdaCZjZFG5zIxdOFs4sVoz/6vnQT9JIcGWy7uS5xiNOulGvfEWU78+e+I9yPdT74RApve5VAVT/km5lV5ldRnwwehLnTx+volUlnOD8rwfizoVLqFTrfRfr4cVMF605UYyaiVxHF50hywFRZoAdVcMEhlLQnQXfz/ZsLMJLJm9eCpjQ989N0oX6theSLCcv7QtHcWMXydjWMcpuTfBZSFrwUVbC23uMOKTJVEWq5LMG3m2L6hP3//2gvUzGhOVLvoGuC+erboB7QoXdcoOgXY+dTZPMcPBxpArdDLWVQSLTvPs05QzpaUdRLVMC/kD1d1EudlEicgkNgNDBhBn3089nVmvKndbKLvj+23a5AQVVbs+8C0x+SJvTc9N2N+bmuH7jIJPrEvWK4xwcQa+g2M/EBv05jaEdSErlVa6B6UKCH0Lea9rpy1se9vn5OzpaaMCCJIpcpQqHDjo0PMAQXBSbqjKcBei6lR5fIFl5UO9gWP1v8PGPuCzGTBivQ92XlgV1TWXmdbJHwIuSbJx3Ali7Wp19RR4E4uHC+TPFssvgkh9ZLkORnWWS35wzzU1LkwWx0="
-          on:
-            tags: true
-            condition: "($SKIP_PUBLISH != true)"