Merge branch 'main' into main

Author: houssemexo26

.github/workflows/acceptance.yml

@@ -1,7 +1,8 @@
 ---
 name: Beaker OpenVox Acceptance Tests
 run-name: |-
-  Beaker acceptance tests of openvox for
+  Beaker acceptance tests of openvox
+  on ${{ inputs.guest-arch }} runners for
   ${{ inputs.pre-release-build && 'pre-release' || 'release' }}
   packages of openvox-agent
   ${{ (inputs.pre-release-build && inputs.openvox-agent-version) ||
@@ -80,6 +81,20 @@ on:
           true)
         default: 'https://s3.osuosl.org/openvox-artifacts'
         type: string
+      guest-arch:
+        description: |-
+          The architecture of the guest VMs to run the acceptance tests
+          on. This is used by the nested_vms action to determine which
+          VM images to use.
+
+          If not provided, the default is x86_64.
+
+          NOTE: Currently only x86_64 *runners* support nested
+          virtualization, so if guest-arch is set to arm64, the
+          nested_vms will run under qemu and be quite a bit slower
+          (5x-20x).
+        type: string
+        default: 'x86_64'
 
 permissions:
   contents: read
@@ -103,3 +118,4 @@ jobs:
       openvox-server-version: ${{ inputs.openvox-server-version }}
       openvox-server-pre-release-build: ${{ inputs.pre-release-build }}
       artifacts-url: ${{ inputs.artifacts-url }}
+      guest-arch: ${{ inputs.guest-arch }}

.github/workflows/backport.yml

@@ -40,9 +40,10 @@ jobs:
           git config --global commit.gpgsign true
           git config --global tag.gpgsign true
       - name: Checkout repository
-        uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
+        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
         with:
           token: ${{ secrets.OPENVOXBOT_COMMIT_AND_PRS }}
+          ref: main
       - name: Create backport pull requests
         uses: korthout/backport-action@66065406958f46e82238fd59546f5a99e69e22aa # v4.5.2
         with:

.github/workflows/gem_release.yaml

@@ -15,16 +15,16 @@ jobs:
     name: Build the gem
     runs-on: ubuntu-24.04
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
       - name: Install Ruby
-        uses: ruby/setup-ruby@v1
+        uses: ruby/setup-ruby@9eb537ca036ebaed86729dcb9309076e4c5c3b74 # v1.314.0
         with:
           ruby-version: 'ruby'
       - name: Build gem
         shell: bash
         run: gem build --verbose *.gemspec
       - name: Upload gem to GitHub cache
-        uses: actions/upload-artifact@v7
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
         with:
           name: gem-artifact
           path: '*.gem'
@@ -39,7 +39,7 @@ jobs:
       contents: write # clone repo and create release
     steps:
       - name: Download gem from GitHub cache
-        uses: actions/download-artifact@v8
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
         with:
           name: gem-artifact
       - name: Create Release
@@ -56,7 +56,7 @@ jobs:
       packages: write # publish to rubygems.pkg.github.com
     steps:
       - name: Download gem from GitHub cache
-        uses: actions/download-artifact@v8
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
         with:
           name: gem-artifact
       - name: Publish gem to GitHub packages
@@ -73,10 +73,10 @@ jobs:
       id-token: write # rubygems.org authentication
     steps:
       - name: Download gem from GitHub cache
-        uses: actions/download-artifact@v8
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
         with:
           name: gem-artifact
-      - uses: rubygems/configure-rubygems-credentials@v2.0.0
+      - uses: rubygems/configure-rubygems-credentials@dc5a8d8553e6ee01fc26761a49e99e733d17954a # v2.1.0
       - name: Publish gem to rubygems.org
         shell: bash
         run: gem push *.gem
@@ -92,11 +92,11 @@ jobs:
       - release-to-rubygems
     steps:
       - name: Download gem from GitHub cache
-        uses: actions/download-artifact@v8
+        uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
         with:
           name: gem-artifact
       - name: Install Ruby
-        uses: ruby/setup-ruby@v1
+        uses: ruby/setup-ruby@9eb537ca036ebaed86729dcb9309076e4c5c3b74 # v1.314.0
         with:
           ruby-version: 'ruby'
       - name: Wait for release to propagate

.github/workflows/promote.yml

@@ -31,7 +31,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
         with:
           ref: ${{ inputs.branch }}
           token: ${{ secrets.OPENVOXBOT_COMMIT_AND_PRS }}
@@ -86,7 +86,7 @@ jobs:
           cat "packaging/configs/components/${component}.json"
 
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@v8
+        uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8.1.1
         with:
           commit-message: "Promote ${{ inputs.component }} ${{ inputs.ref }} into ${{ inputs.branch }}"
           branch: "promote/${{ inputs.branch }}/${{ inputs.component }}/${{ inputs.ref }}"

.github/workflows/release.yml

@@ -23,7 +23,7 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
         with:
           ref: ${{ inputs.base-branch }}
 

.github/workflows/tests.yaml

@@ -25,10 +25,10 @@ jobs:
     runs-on: ${{ matrix.cfg.os }}
     steps:
       - name: Checkout current PR
-        uses: actions/checkout@v6
+        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
 
       - name: Install ruby version ${{ matrix.cfg.ruby }}
-        uses: ruby/setup-ruby@v1
+        uses: ruby/setup-ruby@9eb537ca036ebaed86729dcb9309076e4c5c3b74 # v1.314.0
         with:
           ruby-version: ${{ matrix.cfg.ruby }}
           bundler-cache: true
@@ -58,10 +58,10 @@ jobs:
     runs-on: ${{ matrix.cfg.os }}
     steps:
       - name: Checkout current PR
-        uses: actions/checkout@v6
+        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
 
       - name: Install ruby version ${{ matrix.cfg.ruby }}
-        uses: ruby/setup-ruby@v1
+        uses: ruby/setup-ruby@9eb537ca036ebaed86729dcb9309076e4c5c3b74 # v1.314.0
         with:
           ruby-version: ${{ matrix.cfg.ruby }}
           bundler-cache: true
@@ -117,11 +117,11 @@ jobs:
     steps:
       # needs fetch-depth because the packaging dem reads old git tags
       - name: Checkout current PR
-        uses: actions/checkout@v6
+        uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
         with:
           fetch-depth: 0
       - name: Install Ruby version 3.3
-        uses: ruby/setup-ruby@v1
+        uses: ruby/setup-ruby@9eb537ca036ebaed86729dcb9309076e4c5c3b74 # v1.314.0
         with:
           ruby-version: 3.3
           bundler-cache: true

acceptance/pre-suite/010_set_puppetserver_memory_defaults.rb

@@ -12,7 +12,13 @@
                  end
 
   if half_mem > 2048
-    on(master, "sed -i -E -e '/^JAVA_ARGS=/ s/-Xms[0-9]+[m|g] -Xmx[0-9]+[m|g]/-Xms#{half_mem}m -Xmx#{half_mem}m/' #{defaults_dir}/puppetserver")
+    mem_regex       = "-Xms[0-9]+[m|g][[:blank:]]+-Xmx[0-9]+[m|g]"
+    mem_replacement = "-Xms#{half_mem}m -Xmx#{half_mem}m"
+    on(master, <<~EOS)
+      sed -i -E \
+        -e '/^JAVA_ARGS=/ s/#{mem_regex}/#{mem_replacement}/' \
+        #{defaults_dir}/puppetserver
+    EOS
     on(master, "cat #{defaults_dir}/puppetserver")
   else
     logger.info("System memory on the primary is less than 4GB (#{(mem_in_bytes.to_i / megabytes)}m). Leaving the defult 2GB for Puppetserver memory.")

acceptance/pre-suite/011_set_puppetserver_timeouts.rb

@@ -0,0 +1,34 @@
+test_name 'Set Puppetserver start and reload timeouts' do
+  skip_test 'No primary node to configure Puppetserver timeouts for' unless master
+
+  start_timeout = options['puppetserver-start-timeout']
+  reload_timeout = options['puppetserver-reload-timeout']
+  skip_test 'No timeout options specified, skipping' if (start_timeout.nil? && reload_timeout.nil?)
+
+  # Update the defaults used internally by the puppetserver
+  # service scripts.
+  defaults_dir = case master.platform
+                 when /debian|ubuntu/ then  '/etc/default'
+                 else '/etc/sysconfig'
+                 end
+
+  exprs = []
+  exprs <<  "-e '/^START_TIMEOUT=/ s/=.*$/=#{start_timeout}/'" if !start_timeout.nil?
+  exprs <<  "-e '/^RELOAD_TIMEOUT=/ s/=.*$/=#{reload_timeout}/'" if !reload_timeout.nil?
+  on(master, "sed -i #{exprs.join(' ')} #{defaults_dir}/puppetserver")
+  on(master, "cat #{defaults_dir}/puppetserver")
+
+  # And update the defaults used by the systemd service unit.
+  # Puppetserver will effectively timeout a start at whichever
+  # is shorter...
+  if !start_timeout.nil?
+    dropin_dir = '/etc/systemd/system/puppetserver.service.d'
+    on(master, <<~EOS)
+      mkdir -p #{dropin_dir}
+      printf '[Service]\\nTimeoutStartSec=#{start_timeout}\\n' \
+        > #{dropin_dir}/timeouts.conf
+    EOS
+    on(master, 'systemctl daemon-reload')
+    on(master, 'systemctl cat puppetserver.service')
+  end
+end

acceptance/tests/agent/agent_disable_lockfile.rb

@@ -3,7 +3,8 @@
                          # The validation of the `vardir` at the OS level
                          # should be accomplished in another test.
     'audit:high',
-    'audit:refactor'     # This test should not require a master. Remove the use of `with_puppet_running_on`.
+    'audit:refactor',    # This test should not require a master. Remove the use of `with_puppet_running_on`.
+    'shard:group1' # For splitting out groups of tests for slow test runners
 
 #
 # This test is intended to ensure that puppet agent --enable/--disable

acceptance/tests/agent/agent_fails_with_unknown_resource.rb

@@ -1,6 +1,7 @@
 test_name "agent run should fail if it finds an unknown resource type" do
   tag 'audit:high',
-      'audit:integration'
+      'audit:integration',
+      'shard:group2' # For splitting out groups of tests for slow test runners
 
   require 'puppet/acceptance/common_utils'