186 new registration flow

.github/CONTRIBUTING.md

@@ -245,15 +245,23 @@ with:
 BEAKER_PUPPET_COLLECTION=puppet7 BEAKER_setfile=debian11-64 bundle exec rake beaker
 ```
 
+or
+
+```sh
+BEAKER_PUPPET_COLLECTION=none BEAKER_setfile=archlinux-64 bundle exec rake beaker
+```
+
+This latter example will use the distribution's own version of Puppet.
+
 You can replace the string `debian11` with any common operating system.
 The following strings are known to work:
 
 * ubuntu2004
 * ubuntu2204
 * debian11
-* centos7
-* centos8
+* debian12
 * centos9
+* archlinux
 * almalinux8
 * almalinux9
 * fedora36

.github/labeler.yml

@@ -1,3 +1,6 @@
 ---
+# Managed by modulesync - DO NOT EDIT
+# https://voxpupuli.org/docs/updating-files-managed-with-modulesync/
+
 skip-changelog:
  - head-branch: ['^release-*', 'release']

.github/release.yml

@@ -0,0 +1,42 @@
+---
+# Managed by modulesync - DO NOT EDIT
+# https://voxpupuli.org/docs/updating-files-managed-with-modulesync/
+
+# https://docs.github.com/en/repositories/releasing-projects-on-github/automatically-generated-release-notes
+
+changelog:
+  exclude:
+    labels:
+      - duplicate
+      - invalid
+      - modulesync
+      - question
+      - skip-changelog
+      - wont-fix
+      - wontfix
+
+  categories:
+    - title: Breaking Changes 🛠
+      labels:
+        - backwards-incompatible
+
+    - title: New Features 🎉
+      labels:
+        - enhancement
+
+    - title: Bug Fixes 🐛
+      labels:
+        - bug
+
+    - title: Documentation Updates 📚
+      labels:
+        - documentation
+        - docs
+
+    - title: Dependency Updates ⬆️
+      labels:
+        - dependencies
+
+    - title: Other Changes
+      labels:
+        - "*"

.github/workflows/labeler.yml

@@ -0,0 +1,17 @@
+---
+# Managed by modulesync - DO NOT EDIT
+# https://voxpupuli.org/docs/updating-files-managed-with-modulesync/
+
+name: "Pull Request Labeler"
+
+on:
+  pull_request_target: {}
+
+jobs:
+  labeler:
+    permissions:
+      contents: read
+      pull-requests: write
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/labeler@v5

.github/workflows/release.yml

@@ -20,3 +20,10 @@ jobs:
       #  https://docs.github.com/en/actions/security-guides/encrypted-secrets
       username: ${{ secrets.PUPPET_FORGE_USERNAME }}
       api_key: ${{ secrets.PUPPET_FORGE_API_KEY }}
+
+  create-github-release:
+    name: Create GitHub Release
+    runs-on: ubuntu-latest
+    steps:
+      - name: Create GitHub release
+        uses: voxpupuli/gha-create-a-github-release@v1

.msync.yml

@@ -2,4 +2,4 @@
 # Managed by modulesync - DO NOT EDIT
 # https://voxpupuli.org/docs/updating-files-managed-with-modulesync/
 
-modulesync_config_version: '9.0.0'
+modulesync_config_version: '9.1.0'

.puppet-lint.rc

@@ -1,3 +1,6 @@
+# Managed by modulesync - DO NOT EDIT
+# https://voxpupuli.org/docs/updating-files-managed-with-modulesync/
+
 --fail-on-warnings
 --no-parameter_documentation-check
 --no-parameter_types-check

CHANGELOG.md

@@ -4,6 +4,17 @@ All notable changes to this project will be documented in this file.
 Each new release typically also includes the latest modulesync defaults.
 These should not affect the functionality of the module.
 
+## [v5.2.0](https://github.com/voxpupuli/puppet-gitlab_ci_runner/tree/v5.1.0) (2024-07-21)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-gitlab_ci_runner/compare/v5.0.0...v5.1.0)
+
+**Implemented enhancements:**
+
+- New Registration Flow being rolled out - requires adaption [\#186](https://github.com/voxpupuli/puppet-gitlab_ci_runner/pull/186) ([juokelis](https://github.com/juokelis))
+- Drop RHEL/CentOS 7,8 support
+- Drop Debian 10 \(EOL\)
+- Add Debian 12
+
 ## [v5.1.0](https://github.com/voxpupuli/puppet-gitlab_ci_runner/tree/v5.1.0) (2023-12-04)
 
 [Full Changelog](https://github.com/voxpupuli/puppet-gitlab_ci_runner/compare/v5.0.0...v5.1.0)

Gemfile

@@ -4,7 +4,7 @@
 source ENV['GEM_SOURCE'] || 'https://rubygems.org'
 
 group :test do
-  gem 'voxpupuli-test', '~> 8.0',   :require => false
+  gem 'voxpupuli-test', '~> 9.0',   :require => false
   gem 'coveralls',                  :require => false
   gem 'simplecov-console',          :require => false
   gem 'puppet_metadata', '~> 4.0',  :require => false

REFERENCE.md

@@ -910,4 +910,3 @@ The url to your Gitlab instance. Please provide the host part only! (e.g https:/
 Data type: `String[1]`
 
 Runners authentication token.
-

lib/puppet/functions/gitlab_ci_runner/register.rb

@@ -8,7 +8,7 @@
   # @param token Registration token.
   # @param additional_options A hash with all additional configuration options for that runner
   # @param ca_file An absolute path to a trusted certificate authority file.
-  # @return [Struct[{ id => Integer[1], token => String[1], }]] Returns a hash with the runner id and authentcation token
+  # @return [Struct[{ id => Integer[1], token => String[1], }]] Returns a hash with the runner id and authentication token
   # @example Using it as a replacement for the Bolt 'register_runner' task
   #   puppet apply -e "notice(gitlab_ci_runner::register('https://gitlab.com', 'registration-token'))"
   #
@@ -21,8 +21,14 @@
   end
 
   def register(url, token, additional_options = {}, ca_file = nil)
-    PuppetX::Gitlab::Runner.register(url, additional_options.merge('token' => token), ca_file: ca_file)
-  rescue Net::HTTPError => e
-    raise "Gitlab runner failed to register: #{e.message}"
+    if token.start_with?('glrt-')
+      raise "Gitlab runner failed to register: authentication token provided instead of registration token."
+    end
+
+    begin
+      PuppetX::Gitlab::Runner.register(url, additional_options.merge('registration-token' => token), ca_file)
+    rescue Net::HTTPError => e
+      raise "Gitlab runner failed to register: #{e.message}"
+    end
   end
 end

lib/puppet/functions/gitlab_ci_runner/register_to_file.rb

@@ -51,7 +51,13 @@ def register_to_file(url, regtoken, runner_name, additional_options = {}, proxy
         # will be returned unmodified.
         regtoken = call_function('unwrap', regtoken)
 
-        authtoken = PuppetX::Gitlab::Runner.register(url, additional_options.merge('token' => regtoken), proxy, ca_file)['token']
+        # Combine options based on the token
+        if regtoken.start_with?('glrt-')
+          PuppetX::Gitlab::Runner.verify(url, regtoken, proxy, ca_file)
+          authtoken = regtoken
+        else
+          authtoken = PuppetX::Gitlab::Runner.register(url, additional_options.merge('registration-token' => regtoken), proxy, ca_file)['token']
+        end
 
         # If this function is used as a Deferred function the Gitlab Runner config dir
         # will not exist on the first run, because the package isn't installed yet.

lib/puppet_x/gitlab/runner.rb

@@ -70,6 +70,12 @@ def self.register(host, options, proxy = nil, ca_file = nil)
         PuppetX::Gitlab::APIClient.post(url, options, proxy, ca_file)
       end
 
+      def self.verify(host, token, proxy = nil, ca_file = nil)
+        url = "#{host}/api/v4/runners/verify"
+        Puppet.info "Verifying gitlab runner with #{host}"
+        PuppetX::Gitlab::APIClient.post(url, {'token'=>token}, proxy, ca_file)
+      end
+
       def self.unregister(host, options, proxy = nil, ca_file = nil)
         url = "#{host}/api/v4/runners"
         Puppet.info "Unregistering gitlab runner with #{host}"

manifests/runner.pp

@@ -84,12 +84,14 @@
     default => $config,
   }
 
-  if $_config['registration-token'] {
+  if $_config['registration-token'] or $_config['token'] {
     $register_additional_options = $config
     .filter |$item| { $item[0] =~ Gitlab_ci_runner::Register_parameters } # Get all items use for the registration process
     .reduce({}) |$memo, $item| { $memo + { regsubst($item[0], '-', '_', 'G') => $item[1] } } # Ensure all keys use '_' instead of '-'
 
-    $deferred_call = Deferred('gitlab_ci_runner::register_to_file', [$_config['url'], $_config['registration-token'], $_config['name'], $register_additional_options, $http_proxy, $ca_file])
+    $token = pick($_config['token'], $_config['registration-token'])
+
+    $deferred_call = Deferred('gitlab_ci_runner::register_to_file', [$_config['url'], $token, $_config['name'], $register_additional_options, $http_proxy, $ca_file])
 
     # Remove registration-token and add a 'token' key to the config with a Deferred function to get it.
     $__config = ($_config - (Array(Gitlab_ci_runner::Register_parameters) + 'registration-token')) + { 'token' => $deferred_call }

metadata.json

@@ -1,6 +1,6 @@
 {
   "name": "puppet-gitlab_ci_runner",
-  "version": "5.1.1-rc0",
+  "version": "5.2.0-rc0",
   "author": "Vox Pupuli",
   "summary": "Installation and configuration of Gitlab CI Runner",
   "license": "Apache-2.0",
@@ -64,7 +64,8 @@
     {
       "operatingsystem": "Debian",
       "operatingsystemrelease": [
-        "11"
+        "11",
+        "12"
       ]
     },
     {

spec/spec_helper.rb

@@ -9,6 +9,10 @@
 
 require 'voxpupuli/test/spec_helper'
 
+RSpec.configure do |c|
+  c.facterdb_string_keys = false
+end
+
 add_mocked_facts!
 
 if File.exist?(File.join(__dir__, 'default_module_facts.yml'))