From 8f0a305331f581d7d1ad921bdc2e96ae3172b6f5 Mon Sep 17 00:00:00 2001 From: Steven Pritchard Date: Thu, 15 Jan 2026 17:29:06 +0000 Subject: [PATCH 1/2] Add GHA job for deploying to the Forge Fixes #80 --- .github/workflows/tag_deploy_rubygem.yml | 32 ++++++++++++- .pdkignore | 60 ++++++++++++++++++++++++ Gemfile | 4 ++ metadata.json | 4 +- 4 files changed, 98 insertions(+), 2 deletions(-) create mode 100644 .pdkignore diff --git a/.github/workflows/tag_deploy_rubygem.yml b/.github/workflows/tag_deploy_rubygem.yml index aba5e95..6d5ea8b 100644 --- a/.github/workflows/tag_deploy_rubygem.yml +++ b/.github/workflows/tag_deploy_rubygem.yml @@ -1,4 +1,4 @@ -# Create GitHub release, build & publish .gem to rubygems.org on SemVer tag push +# Create GitHub release, build & publish .gem to rubygems.org and Puppet Forge on SemVer tag push # # This workflow's jobs are only triggered in repos under the `simp` organization # ------------------------------------------------------------------------------ @@ -16,6 +16,7 @@ # GitHub Secret variable Type Notes # ------------------------ -------- ---------------------------------------- # RUBYGEMS_API_KEY Required +# PUPPETFORGE_API_TOKEN Required # # ------------------------------------------------------------------------------ # @@ -210,3 +211,32 @@ jobs: echo "Running '$RELEASE_COMMAND'..." $RELEASE_COMMAND + + deploy-to-puppet-forge: + name: 'Deploy PuppetForge Release' + needs: [ create-github-release ] + if: (github.repository_owner == 'simp') && (needs.create-github-release.outputs.prerelease != 'yes') + runs-on: ubuntu-latest + env: + PUPPETFORGE_API_TOKEN: ${{ secrets.PUPPETFORGE_API_TOKEN }} + FORGE_USER_AGENT: GitHubActions-ForgeReleng-Workflow/0.4.1 (Purpose/forge-ops-for-${{ github.event.repository.name }}) + FORGE_API_URL: https://forgeapi.puppet.com/v3/releases + steps: + - name: Checkout code + uses: actions/checkout@v6 + with: + ref: ${{ github.ref }} + clean: true + - uses: ruby/setup-ruby@v1 + with: + ruby-version: 3.2.9 + bundler-cache: true + - name: Build Puppet module (PDK) + run: bundle exec pdk build --force + - name: Deploy to Puppet Forge (skipped when prerelease) + run: | + curl -X POST --silent --show-error --fail \ + --user-agent "$FORGE_USER_AGENT" \ + --header "Authorization: Bearer ${PUPPETFORGE_API_TOKEN}" \ + --form "file=@$(find $PWD/pkg -name ''*.tar.gz'')" \ + "$FORGE_API_URL" diff --git a/.pdkignore b/.pdkignore new file mode 100644 index 0000000..8da5427 --- /dev/null +++ b/.pdkignore @@ -0,0 +1,60 @@ +# .pdkignore masks files from inclusion by `pdk build`. +# +# It is used by CI when building modules to publish to the Puppet Forge and to +# mask symlinks from the `pdk build` test in the module's RELENG checks. +# ------------------------------------------------------------------------------ +# NOTICE: **This file is maintained with puppetsync** +# +# This file is automatically updated as part of a puppet module baseline. +# The next baseline sync will overwrite any local changes made to this file. +# ------------------------------------------------------------------------------ +.*.sw? +.git/ +.metadata +.yardoc +.yardwarns +*.iml +/.bundle/ +/.idea/ +/.vagrant/ +/coverage/ +/bin/ +/doc/ +/Gemfile.local +/Gemfile.lock +/junit/ +/log/ +/pkg/ +/dist/ +/tmp/ +/vendor/ +/.vendor/ +/convert_report.txt +/update_report.txt +.DS_Store +.project +.envrc +/inventory.yaml +/appveyor.yml +/.fixtures.yml +/Gemfile +/.gitattributes +/.gitignore +/.github/ +/.gitlab-ci.yml +/.pdkignore +/.puppet-lint.rc +/.sync.yml +/.pmtignore +/Rakefile +/rakelib/ +/.rspec +/.rubocop.yml +/.travis.yml +/.yardopts +/spec/ +/.vscode/ +/tests/ +/renovate.json +/exe/ +/*.gemspec diff --git a/Gemfile b/Gemfile index 2a086ff..99ea95e 100644 --- a/Gemfile +++ b/Gemfile @@ -2,6 +2,8 @@ source 'https://rubygems.org' +ENV['PDK_DISABLE_ANALYTICS'] ||= 'true' + # Specify your gem's dependencies in compliance_engine.gemspec gemspec @@ -9,6 +11,8 @@ gem 'rake', '~> 13.3.0' group :tests do gem 'openvox', ENV.fetch('OPENVOX_VERSION', ENV.fetch('PUPPET_VERSION', '~> 8.0')) + # renovate: datasource=rubygems versioning=ruby + gem 'pdk', ENV.fetch('PDK_VERSION', ['>= 2.0', '< 4.0']), require: false gem 'syslog', require: false gem 'voxpupuli-test', '~> 13.0' end diff --git a/metadata.json b/metadata.json index 562e362..e8ad37f 100644 --- a/metadata.json +++ b/metadata.json @@ -4,7 +4,9 @@ "author": "Sicura", "summary": "Hiera backend for Sicura Compliance Engine data", "license": "Apache-2.0", - "source": "https://github.com/simp/rubygem-simp-compliance_engine", + "source": "https://github.com/simp/rubygem-simp-compliance_engine.git", + "project_page": "https://github.com/simp/rubygem-simp-compliance_engine", + "issues_url": "https://github.com/simp/rubygem-simp-compliance_engine/issues", "dependencies": [ ], "operatingsystem_support": [ From 553df705169090a7297940989c5e93cfaaf9ba07 Mon Sep 17 00:00:00 2001 From: Steven Pritchard Date: Thu, 15 Jan 2026 18:04:07 +0000 Subject: [PATCH 2/2] Only use the PDK gem on Ruby < 4 --- Gemfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Gemfile b/Gemfile index 99ea95e..0d48ca8 100644 --- a/Gemfile +++ b/Gemfile @@ -12,7 +12,7 @@ gem 'rake', '~> 13.3.0' group :tests do gem 'openvox', ENV.fetch('OPENVOX_VERSION', ENV.fetch('PUPPET_VERSION', '~> 8.0')) # renovate: datasource=rubygems versioning=ruby - gem 'pdk', ENV.fetch('PDK_VERSION', ['>= 2.0', '< 4.0']), require: false + gem 'pdk', ENV.fetch('PDK_VERSION', ['>= 2.0', '< 4.0']), require: false if RUBY_VERSION < '4' gem 'syslog', require: false gem 'voxpupuli-test', '~> 13.0' end