(CDPE-7204) Update to Ruby 3.2, PDK 3.4.0, and Debian bullseye and update tooling gems #156
Conversation
This commit updates PDK to current latest, 3.4.0. It also removes some unnecessary `rm` lines from the Dockerfile: in PDK 3.2.0 the dependencies that used to be used to analytics were dropped when the analytics code was removed, and this included the `httpclient` gem, which contained the files we used to delete because they triggered security scanners. The gem is no longer included with the PDK package, so the delete lines aren't needed. Building this image with the latest nokogiri (1.18.8) ran into an issue where they have split their gem platforms for the precompiled gem from just `linux` to `linux-gnu` and `linux-musl`. However on Ruby 3.1 and Debian Buster, bundler recognized the platform as just plain `linux`, so it failed to grab the precompiled gems. We wanted to update to Ruby 3.2 to match what puppet-agent ships with anyway, and the docker images for 3.2 only support back through bullseye, not buster, so this commit also updates to Debian Buster and Ruby 3.2. On this platform, bundler correctly detects the gem platform and installs the correct pre-compiled gems. Updating to Ruby 3.2 required installing a newer version of rugged (a dependency of octocatalog-diff), and this version depends on `pkg-config`, as well as `libssl-dev` rather than just `libssl1.1` for HTTPS support, so this commit also installs those.
Magisus
changed the title
| @@ -51,7 +47,7 @@ RUN groupadd --gid 1001 puppetdev \ | |||
| && useradd --uid 1001 --gid puppetdev --create-home puppetdev | |||
|
|
|||
| # Prep for non-root user | |||
| RUN gem install bundler -v 2.4.22 \ | |||
| RUN gem install bundler -v 2.6.9 \ | |||
There was a problem hiding this comment.
Older versions of bundler have some weird bugs around the gem platform stuff. Just updating this to latest didn't fix the issue I was seeing with nokogiri, but it also didn't hurt anything, so figured I might as well update it.
|
Release note for nokogiri explaining the gem platform change: https://nokogiri.org/CHANGELOG.html#v1180-2024-12-25 Note that even rebuilding the |
|
I've tested this with all of our built-in jobs and they all succeeded. But I'm not sure how useful the code I tested them on was. |
Magisus
force-pushed
the
pdk-3.4.0
branch
3 times, most recently
from
6f05dae to
cabde57
Compare
Magisus
changed the title
Magisus
changed the title
Magisus
changed the title
Magisus
force-pushed
the
pdk-3.4.0
branch
2 times, most recently
from
2fdc863 to
cbe25da
Compare
Gemfile
Outdated
| @@ -2,29 +2,26 @@ source 'https://rubygems.org' | |||
|
|
|||
| gem 'puppet', '~> 8.4' | |||
There was a problem hiding this comment.
This currently pulls in puppet 8.10, which was the last gem release, but the latest puppet version is actually 8.12. I think this is probably related to the Puppet Core changes, I imagine they stopped shipping gems to Rubygems. I'm going to figure out what it would take for us to get the actual latest version of Puppet here.
There was a problem hiding this comment.
Getting a more recent gem than 8.10 is going to be a bit fraught, and might have security implications for the way we build and publish this image. For now, I might leave that for a separate effort while we discuss how to make it work. It seems like it might be valuable to get the rest of these changes published sooner rather than later.
This commit updates all of our gem dependencies to latest versions whenever possible, and as new as possible to avoid dependency resolution conflicts besides that. This list plays nicely together. It also removes a few puppet-lint plugins that have since been included in puppet-lint itself. This update required a couple of test changes: * When the `legacy_facts` plugin was incorporated into core puppet-lint, they changed the message it emits when a legacy fact is detected to include the name of the fact. This commit updates the test to match the new message. * There was also a new check added that ensures there is only a single space before an arrow `=>` when there is only a single parameter in a resource. We had a resource with a second param commented out, where we never adjusted the spacing for the one that was left. This now failed the linter, so this commit updates the spacing to make it happy, since that was in the `goodsyntax` test.
This commit updates PDK to current latest, 3.4.0. It also removes some
unnecessary
rmlines from the Dockerfile: in PDK 3.2.0 thedependencies that used to be used to analytics were dropped when the
analytics code was removed, and this included the
httpclientgem,which contained the files we used to delete because they triggered
security scanners. The gem is no longer included with the PDK package,
so the delete lines aren't needed.
Building this image with the latest nokogiri (1.18.8) ran into an issue
where they have split their gem platforms for the precompiled gem from
just
linuxtolinux-gnuandlinux-musl. However on Ruby 3.1 andDebian Buster, bundler recognized the platform as just plain
linux, soit failed to grab the precompiled gems. We wanted to update to Ruby 3.2
to match what puppet-agent ships with anyway, and the docker images for
3.2 only support back through bullseye, not buster, so this commit
also updates to Debian Buster and Ruby 3.2. On this platform, bundler
correctly detects the gem platform and installs the correct pre-compiled
gems.
Updating to Ruby 3.2 required installing a newer version of rugged (a
dependency of octocatalog-diff), and this version depends on
pkg-config, as well aslibssl-devrather than justlibssl1.1forHTTPS support, so this commit also installs those.
This PR also updates all of the other test gems and their deps. See commits for details.