From 27310f9cf93118faf465e6a6815a98c03553145a Mon Sep 17 00:00:00 2001
From: Joakim Antman <antmanj@gmail.com>
Date: Sat, 24 Oct 2020 00:01:45 +0300
Subject: [PATCH 01/12] Drop Rails compatiblity tests to favour different
 openssl configurations

---
 .travis.yml                  | 26 +++++++++-----------------
 Appraisals                   | 18 ------------------
 gemfiles/openssl_2.1.gemfile |  0
 gemfiles/rails_5.0.gemfile   |  7 -------
 gemfiles/rails_5.1.gemfile   |  7 -------
 gemfiles/rails_5.2.gemfile   |  7 -------
 gemfiles/rails_6.0.gemfile   |  7 -------
 ruby-jwt.gemspec             |  4 ----
 8 files changed, 9 insertions(+), 67 deletions(-)
 delete mode 100644 Appraisals
 create mode 100644 gemfiles/openssl_2.1.gemfile
 delete mode 100644 gemfiles/rails_5.0.gemfile
 delete mode 100644 gemfiles/rails_5.1.gemfile
 delete mode 100644 gemfiles/rails_5.2.gemfile
 delete mode 100644 gemfiles/rails_6.0.gemfile

diff --git a/.travis.yml b/.travis.yml
index 2a65e90d..0d9c7495 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,33 +1,25 @@
-sudo: required
-cache: bundler
-dist: trusty
 language: ruby
 rvm:
   - 2.3
   - 2.4
   - 2.5
   - 2.6
+  - 2.7
+  - ruby-head
   - truffleruby-head
 gemfile:
   - gemfiles/standalone.gemfile
-  - gemfiles/rails_5.0.gemfile
-  - gemfiles/rails_5.1.gemfile
-  - gemfiles/rails_5.2.gemfile
-  - gemfiles/rails_6.0.gemfile
-script: "bundle exec rspec && bundle exec codeclimate-test-reporter"
+  - gemfiles/openssl_2.1.gemfile
+script: 
+  - bundle exec rspec 
+  - bundle exec codeclimate-test-reporter
 before_install:
   - sudo add-apt-repository ppa:chris-lea/libsodium -y
   - sudo apt-get update -q
   - sudo apt-get install libsodium-dev -y
   - gem install bundler
-
 matrix:
   fast_finish: true
-  exclude:
-    - gemfile: gemfiles/rails_6.0.gemfile
-      rvm: 2.3
-    - gemfile: gemfiles/rails_6.0.gemfile
-      rvm: 2.4
-  include:
-    - gemfile: gemfiles/standalone.gemfile
-      rvm: truffleruby-head
+  allow_failures:
+    - rvm: truffleruby-head
+    - rvm: ruby-head
diff --git a/Appraisals b/Appraisals
deleted file mode 100644
index 353d0202..00000000
--- a/Appraisals
+++ /dev/null
@@ -1,18 +0,0 @@
-appraise 'standalone' do
-end
-
-appraise 'rails-5.0' do
-  gem 'rails', '~> 5.0.0'
-end
-
-appraise 'rails-5.1' do
-  gem 'rails', '~> 5.1.0'
-end
-
-appraise 'rails-5.2' do
-  gem 'rails', '~> 5.2.0'
-end
-
-appraise 'rails-6.0' do
-  gem 'rails', '~> 6.0.0'
-end
diff --git a/gemfiles/openssl_2.1.gemfile b/gemfiles/openssl_2.1.gemfile
new file mode 100644
index 00000000..e69de29b
diff --git a/gemfiles/rails_5.0.gemfile b/gemfiles/rails_5.0.gemfile
deleted file mode 100644
index 10f52e7a..00000000
--- a/gemfiles/rails_5.0.gemfile
+++ /dev/null
@@ -1,7 +0,0 @@
-# This file was generated by Appraisal
-
-source "https://rubygems.org"
-
-gem "rails", "~> 5.0.0"
-
-gemspec path: "../"
diff --git a/gemfiles/rails_5.1.gemfile b/gemfiles/rails_5.1.gemfile
deleted file mode 100644
index 6100e830..00000000
--- a/gemfiles/rails_5.1.gemfile
+++ /dev/null
@@ -1,7 +0,0 @@
-# This file was generated by Appraisal
-
-source "https://rubygems.org"
-
-gem "rails", "~> 5.1.0"
-
-gemspec path: "../"
diff --git a/gemfiles/rails_5.2.gemfile b/gemfiles/rails_5.2.gemfile
deleted file mode 100644
index 5a706dcb..00000000
--- a/gemfiles/rails_5.2.gemfile
+++ /dev/null
@@ -1,7 +0,0 @@
-# This file was generated by Appraisal
-
-source "https://rubygems.org"
-
-gem "rails", "~> 5.2.0"
-
-gemspec path: "../"
diff --git a/gemfiles/rails_6.0.gemfile b/gemfiles/rails_6.0.gemfile
deleted file mode 100644
index 15b9b275..00000000
--- a/gemfiles/rails_6.0.gemfile
+++ /dev/null
@@ -1,7 +0,0 @@
-# This file was generated by Appraisal
-
-source "https://rubygems.org"
-
-gem "rails", "~> 6.0.0"
-
-gemspec path: "../"
diff --git a/ruby-jwt.gemspec b/ruby-jwt.gemspec
index 02e06e58..ac41e2ae 100644
--- a/ruby-jwt.gemspec
+++ b/ruby-jwt.gemspec
@@ -20,7 +20,6 @@ Gem::Specification.new do |spec|
   spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = %w[lib]
 
-  spec.add_development_dependency 'appraisal'
   spec.add_development_dependency 'bundler'
   spec.add_development_dependency 'rake'
   spec.add_development_dependency 'rspec'
@@ -28,7 +27,4 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency 'simplecov-json'
   spec.add_development_dependency 'codeclimate-test-reporter'
   spec.add_development_dependency 'codacy-coverage'
-  spec.add_development_dependency 'rbnacl'
-  # RSASSA-PSS support provided by OpenSSL +2.1
-  spec.add_development_dependency 'openssl', '~> 2.1'
 end

From ac3fa3f54c499071076c6f2d8043fb296a540dfe Mon Sep 17 00:00:00 2001
From: Joakim Antman <antmanj@gmail.com>
Date: Sat, 24 Oct 2020 00:38:03 +0300
Subject: [PATCH 02/12] Make the RbNaCl dependent tests optional

---
 .travis.yml                              |   6 +-
 Appraisals                               |  10 ++
 gemfiles/openssl.gemfile                 |   7 +
 gemfiles/openssl_2.1.gemfile             |   0
 gemfiles/rbnacl.gemfile                  |   7 +
 ruby-jwt.gemspec                         |   1 +
 spec/integration/readme_examples_spec.rb |   2 +-
 spec/jwt_spec.rb                         | 162 +++++++++++++----------
 8 files changed, 124 insertions(+), 71 deletions(-)
 create mode 100644 Appraisals
 create mode 100644 gemfiles/openssl.gemfile
 delete mode 100644 gemfiles/openssl_2.1.gemfile
 create mode 100644 gemfiles/rbnacl.gemfile

diff --git a/.travis.yml b/.travis.yml
index 0d9c7495..6f6a1422 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,3 +1,6 @@
+sudo: required
+cache: bundler
+dist: trusty
 language: ruby
 rvm:
   - 2.3
@@ -9,7 +12,8 @@ rvm:
   - truffleruby-head
 gemfile:
   - gemfiles/standalone.gemfile
-  - gemfiles/openssl_2.1.gemfile
+  - gemfiles/openssl.gemfile
+  - gemfiles/rbnacl.gemfile
 script: 
   - bundle exec rspec 
   - bundle exec codeclimate-test-reporter
diff --git a/Appraisals b/Appraisals
new file mode 100644
index 00000000..21954496
--- /dev/null
+++ b/Appraisals
@@ -0,0 +1,10 @@
+appraise 'standalone' do
+end
+
+appraise 'openssl' do
+  gem 'openssl', '~> 2.1'
+end
+
+appraise 'rbnacl' do
+  gem 'rbnacl'
+end
diff --git a/gemfiles/openssl.gemfile b/gemfiles/openssl.gemfile
new file mode 100644
index 00000000..94ce8660
--- /dev/null
+++ b/gemfiles/openssl.gemfile
@@ -0,0 +1,7 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "openssl", "~> 2.1"
+
+gemspec path: "../"
diff --git a/gemfiles/openssl_2.1.gemfile b/gemfiles/openssl_2.1.gemfile
deleted file mode 100644
index e69de29b..00000000
diff --git a/gemfiles/rbnacl.gemfile b/gemfiles/rbnacl.gemfile
new file mode 100644
index 00000000..ad523a89
--- /dev/null
+++ b/gemfiles/rbnacl.gemfile
@@ -0,0 +1,7 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "rbnacl"
+
+gemspec path: "../"
diff --git a/ruby-jwt.gemspec b/ruby-jwt.gemspec
index ac41e2ae..a0415b7d 100644
--- a/ruby-jwt.gemspec
+++ b/ruby-jwt.gemspec
@@ -20,6 +20,7 @@ Gem::Specification.new do |spec|
   spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = %w[lib]
 
+  spec.add_development_dependency 'appraisal'
   spec.add_development_dependency 'bundler'
   spec.add_development_dependency 'rake'
   spec.add_development_dependency 'rspec'
diff --git a/spec/integration/readme_examples_spec.rb b/spec/integration/readme_examples_spec.rb
index 361a7ab2..7488541c 100644
--- a/spec/integration/readme_examples_spec.rb
+++ b/spec/integration/readme_examples_spec.rb
@@ -79,7 +79,7 @@
         { 'data' => 'test' },
         { 'alg' => 'PS256' }
       ]
-    end
+    end if OpenSSL::VERSION >= '2.1'
   end
 
   context 'claims' do
diff --git a/spec/jwt_spec.rb b/spec/jwt_spec.rb
index e49f8dee..1ffedc99 100644
--- a/spec/jwt_spec.rb
+++ b/spec/jwt_spec.rb
@@ -7,7 +7,7 @@
   let(:payload) { { 'user_id' => 'some@user.tld' } }
 
   let :data do
-    {
+   data = {
       :secret => 'My$ecretK3y',
       :rsa_private => OpenSSL::PKey.read(File.read(File.join(CERT_PATH, 'rsa-2048-private.pem'))),
       :rsa_public => OpenSSL::PKey.read(File.read(File.join(CERT_PATH, 'rsa-2048-public.pem'))),
@@ -19,8 +19,6 @@
       'ES384_public' => OpenSSL::PKey.read(File.read(File.join(CERT_PATH, 'ec384-public.pem'))),
       'ES512_private' => OpenSSL::PKey.read(File.read(File.join(CERT_PATH, 'ec512-private.pem'))),
       'ES512_public' => OpenSSL::PKey.read(File.read(File.join(CERT_PATH, 'ec512-public.pem'))),
-      'ED25519_private' =>  RbNaCl::Signatures::Ed25519::SigningKey.new('abcdefghijklmnopqrstuvwxyzABCDEF'),
-      'ED25519_public' => RbNaCl::Signatures::Ed25519::SigningKey.new('abcdefghijklmnopqrstuvwxyzABCDEF').verify_key,
       'NONE' => 'eyJhbGciOiJub25lIn0.eyJ1c2VyX2lkIjoic29tZUB1c2VyLnRsZCJ9.',
       'HS256' => 'eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoic29tZUB1c2VyLnRsZCJ9.kWOVtIOpWcG7JnyJG0qOkTDbOy636XrrQhMm_8JrRQ8',
       'HS512256' => 'eyJhbGciOiJIUzUxMjI1NiJ9.eyJ1c2VyX2lkIjoic29tZUB1c2VyLnRsZCJ9.Ds_4ibvf7z4QOBoKntEjDfthy3WJ-3rKMspTEcHE2bA',
@@ -36,6 +34,14 @@
       'PS384' => '',
       'PS512' => ''
     }
+
+    if defined?(RbNaCl)
+      data.merge!(
+        'ED25519_private' =>  RbNaCl::Signatures::Ed25519::SigningKey.new('abcdefghijklmnopqrstuvwxyzABCDEF'),
+        'ED25519_public' => RbNaCl::Signatures::Ed25519::SigningKey.new('abcdefghijklmnopqrstuvwxyzABCDEF').verify_key,
+      )
+    end
+    data
   end
 
   after(:each) do
@@ -99,7 +105,7 @@
       expect(validator).to receive(:validate!) { true }
 
       payload = {}
-      JWT.encode payload, "secret", JWT::Algos::Hmac::SUPPORTED.sample
+      JWT.encode payload, "secret", 'HS256'
     end
 
     it 'does not validate the payload if it is not present' do
@@ -107,11 +113,14 @@
       expect(JWT::ClaimsValidator).not_to receive(:new) { validator }
 
       payload = nil
-      JWT.encode payload, "secret", JWT::Algos::Hmac::SUPPORTED.sample
+      JWT.encode payload, "secret", 'HS256'
     end
   end
 
-  %w[HS256 HS512256 HS384 HS512].each do |alg|
+  algorithms = %w[HS256 HS384 HS512]
+  algorithms << 'HS512256' if defined?(RbNaCl)
+
+  algorithms.each do |alg|
     context "alg: #{alg}" do
       it 'should generate a valid token' do
         token = JWT.encode payload, data[:secret], alg
@@ -180,38 +189,40 @@
     end
   end
 
-  %w[ED25519].each do |alg|
-    context "alg: #{alg}" do
-      before(:each) do
-        data[alg] = JWT.encode payload, data["#{alg}_private"], alg
-      end
+  if defined?(RbNaCl)
+    %w[ED25519].each do |alg|
+      context "alg: #{alg}" do
+        before(:each) do
+          data[alg] = JWT.encode payload, data["#{alg}_private"], alg
+        end
 
-      let(:wrong_key) { OpenSSL::PKey.read(File.read(File.join(CERT_PATH, 'ec256-wrong-public.pem'))) }
+        let(:wrong_key) { OpenSSL::PKey.read(File.read(File.join(CERT_PATH, 'ec256-wrong-public.pem'))) }
 
-      it 'should generate a valid token' do
-        jwt_payload, header = JWT.decode data[alg], data["#{alg}_public"], true, algorithm: alg
+        it 'should generate a valid token' do
+          jwt_payload, header = JWT.decode data[alg], data["#{alg}_public"], true, algorithm: alg
 
-        expect(header['alg']).to eq alg
-        expect(jwt_payload).to eq payload
-      end
+          expect(header['alg']).to eq alg
+          expect(jwt_payload).to eq payload
+        end
 
-      it 'should decode a valid token' do
-        jwt_payload, header = JWT.decode data[alg], data["#{alg}_public"], true, algorithm: alg
+        it 'should decode a valid token' do
+          jwt_payload, header = JWT.decode data[alg], data["#{alg}_public"], true, algorithm: alg
 
-        expect(header['alg']).to eq alg
-        expect(jwt_payload).to eq payload
-      end
+          expect(header['alg']).to eq alg
+          expect(jwt_payload).to eq payload
+        end
 
-      it 'wrong key should raise JWT::DecodeError' do
-        expect do
-          JWT.decode data[alg], wrong_key
-        end.to raise_error JWT::DecodeError
-      end
+        it 'wrong key should raise JWT::DecodeError' do
+          expect do
+            JWT.decode data[alg], wrong_key
+          end.to raise_error JWT::DecodeError
+        end
 
-      it 'wrong key and verify = false should not raise JWT::DecodeError' do
-        expect do
-          JWT.decode data[alg], wrong_key, false
-        end.not_to raise_error
+        it 'wrong key and verify = false should not raise JWT::DecodeError' do
+          expect do
+            JWT.decode data[alg], wrong_key, false
+          end.not_to raise_error
+        end
       end
     end
   end
@@ -252,51 +263,64 @@
     end
   end
 
-  %w[PS256 PS384 PS512].each do |alg|
-    context "alg: #{alg}" do
-      before(:each) do
-        data[alg] = JWT.encode payload, data[:rsa_private], alg
+  unless OpenSSL::VERSION >= '2.1'
+    %w[PS256 PS384 PS512].each do |alg|
+      context "alg: #{alg}" do
+        it 'raises error about OpenSSL version' do
+          expect { JWT.encode payload, data[:rsa_private], alg }.to raise_error(
+            JWT::RequiredDependencyError,
+            /You currently have OpenSSL .*. PS support requires >= 2.1/
+          )
+        end
       end
+    end
+  else
+    %w[PS256 PS384 PS512].each do |alg|
+      context "alg: #{alg}" do
+        before(:each) do
+          data[alg] = JWT.encode payload, data[:rsa_private], alg
+        end
 
-      let(:wrong_key) { data[:wrong_rsa_public] }
+        let(:wrong_key) { data[:wrong_rsa_public] }
 
-      it 'should generate a valid token' do
-        token = data[alg]
-
-        header, body, signature = token.split('.')
-
-        expect(header).to eql(Base64.strict_encode64({ alg: alg }.to_json))
-        expect(body).to   eql(Base64.strict_encode64(payload.to_json))
-
-        # Validate signature is made of up header and body of JWT
-        translated_alg  = alg.gsub('PS', 'sha')
-        valid_signature = data[:rsa_public].verify_pss(
-          translated_alg,
-          JWT::Base64.url_decode(signature),
-          [header, body].join('.'),
-          salt_length: :auto,
-          mgf1_hash:   translated_alg
-        )
-        expect(valid_signature).to be true
-      end
+        it 'should generate a valid token' do
+          token = data[alg]
 
-      it 'should decode a valid token' do
-        jwt_payload, header = JWT.decode data[alg], data[:rsa_public], true, algorithm: alg
+          header, body, signature = token.split('.')
 
-        expect(header['alg']).to eq alg
-        expect(jwt_payload).to eq payload
-      end
+          expect(header).to eql(Base64.strict_encode64({ alg: alg }.to_json))
+          expect(body).to   eql(Base64.strict_encode64(payload.to_json))
 
-      it 'wrong key should raise JWT::DecodeError' do
-        expect do
-          JWT.decode data[alg], wrong_key
-        end.to raise_error JWT::DecodeError
-      end
+          # Validate signature is made of up header and body of JWT
+          translated_alg  = alg.gsub('PS', 'sha')
+          valid_signature = data[:rsa_public].verify_pss(
+            translated_alg,
+            JWT::Base64.url_decode(signature),
+            [header, body].join('.'),
+            salt_length: :auto,
+            mgf1_hash:   translated_alg
+          )
+          expect(valid_signature).to be true
+        end
 
-      it 'wrong key and verify = false should not raise JWT::DecodeError' do
-        expect do
-          JWT.decode data[alg], wrong_key, false
-        end.not_to raise_error
+        it 'should decode a valid token' do
+          jwt_payload, header = JWT.decode data[alg], data[:rsa_public], true, algorithm: alg
+
+          expect(header['alg']).to eq alg
+          expect(jwt_payload).to eq payload
+        end
+
+        it 'wrong key should raise JWT::DecodeError' do
+          expect do
+            JWT.decode data[alg], wrong_key
+          end.to raise_error JWT::DecodeError
+        end
+
+        it 'wrong key and verify = false should not raise JWT::DecodeError' do
+          expect do
+            JWT.decode data[alg], wrong_key, false
+          end.not_to raise_error
+        end
       end
     end
   end

From 769c8d567840c5d7151cb5dd80763c6b44ab9687 Mon Sep 17 00:00:00 2001
From: Joakim Antman <antmanj@gmail.com>
Date: Sun, 25 Oct 2020 21:44:22 +0200
Subject: [PATCH 03/12] Use default distribution supported by Travis CI

---
 .travis.yml | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index 6f6a1422..be563d83 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,6 +1,4 @@
-sudo: required
 cache: bundler
-dist: trusty
 language: ruby
 rvm:
   - 2.3
@@ -18,7 +16,6 @@ script:
   - bundle exec rspec 
   - bundle exec codeclimate-test-reporter
 before_install:
-  - sudo add-apt-repository ppa:chris-lea/libsodium -y
   - sudo apt-get update -q
   - sudo apt-get install libsodium-dev -y
   - gem install bundler

From e0ee94f81b6e2f35c15cb987b22f5a53dc96a407 Mon Sep 17 00:00:00 2001
From: Joakim Antman <antmanj@gmail.com>
Date: Sun, 25 Oct 2020 22:50:19 +0200
Subject: [PATCH 04/12] Add EOL but supported rubies to CI matrix

---
 .travis.yml | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index be563d83..ce78d435 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,11 +1,13 @@
 cache: bundler
 language: ruby
 rvm:
-  - 2.3
-  - 2.4
-  - 2.5
-  - 2.6
   - 2.7
+  - 2.6
+  - 2.5
+  - 2.4
+  - 2.3
+  - 2.2
+  - 2.1
   - ruby-head
   - truffleruby-head
 gemfile:
@@ -22,5 +24,7 @@ before_install:
 matrix:
   fast_finish: true
   allow_failures:
-    - rvm: truffleruby-head
+    - rvm: 2.2
+    - rvm: 2.1
     - rvm: ruby-head
+    - rvm: truffleruby-head

From 5353da44aa0c6319063913dc7b42cfe42db48ff1 Mon Sep 17 00:00:00 2001
From: Joakim Antman <antmanj@gmail.com>
Date: Sun, 25 Oct 2020 22:54:05 +0200
Subject: [PATCH 05/12] Only run code-climate-reporter once

---
 .travis.yml | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index ce78d435..207d3919 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -15,14 +15,18 @@ gemfile:
   - gemfiles/openssl.gemfile
   - gemfiles/rbnacl.gemfile
 script: 
-  - bundle exec rspec 
-  - bundle exec codeclimate-test-reporter
+  - bundle exec rspec
 before_install:
   - sudo apt-get update -q
   - sudo apt-get install libsodium-dev -y
   - gem install bundler
 matrix:
   fast_finish: true
+  includes:
+    - rvm: 2.7
+      name: "Run Code Climate"
+      after_script:
+        - bundle exec codeclimate-test-reporter
   allow_failures:
     - rvm: 2.2
     - rvm: 2.1

From 9b7a8177e1b6d6af05f6230d970be7dba803cd50 Mon Sep 17 00:00:00 2001
From: Joakim Antman <antmanj@gmail.com>
Date: Sun, 25 Oct 2020 23:11:24 +0200
Subject: [PATCH 06/12] Run 2.7 tests only once

---
 .travis.yml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index 207d3919..a734d0bb 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,7 +1,6 @@
 cache: bundler
 language: ruby
 rvm:
-  - 2.7
   - 2.6
   - 2.5
   - 2.4
@@ -24,7 +23,7 @@ matrix:
   fast_finish: true
   includes:
     - rvm: 2.7
-      name: "Run Code Climate"
+      name: "Ruby 2.7 and Code Climate"
       after_script:
         - bundle exec codeclimate-test-reporter
   allow_failures:

From 54d36a6ba596e62ce7dc8e066e33ce070ae464b9 Mon Sep 17 00:00:00 2001
From: Joakim Antman <antmanj@gmail.com>
Date: Mon, 26 Oct 2020 10:56:39 +0200
Subject: [PATCH 07/12] Let Travis handle installing of bundler

---
 .travis.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.travis.yml b/.travis.yml
index a734d0bb..99938bd4 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -18,7 +18,6 @@ script:
 before_install:
   - sudo apt-get update -q
   - sudo apt-get install libsodium-dev -y
-  - gem install bundler
 matrix:
   fast_finish: true
   includes:

From e9e67927616b13701939c1b6801030563da17f94 Mon Sep 17 00:00:00 2001
From: Joakim Antman <antmanj@gmail.com>
Date: Wed, 2 Dec 2020 21:37:16 +0200
Subject: [PATCH 08/12] Initial GitHub workflow CI

---
 .github/workflows/ci.yml | 38 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)
 create mode 100644 .github/workflows/ci.yml

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
new file mode 100644
index 00000000..f62a608c
--- /dev/null
+++ b/.github/workflows/ci.yml
@@ -0,0 +1,38 @@
+---
+name: ci
+on:
+  push:
+    branches:
+      - "*"
+  pull_request:
+    branches:
+      - "*"
+jobs:
+  test:
+    strategy:
+      fail-fast: false
+      matrix:
+        ruby:
+        - 2.3
+        - 2.4
+        - 2.5
+        - 2.6
+        - 2.7
+        experimental: [false]
+        include:
+          - ruby: "ruby-head"
+            experimental: true
+    runs-on: ubuntu-latest
+    continue-on-error: ${{ matrix.experimental }}
+
+    steps:
+    - uses: actions/checkout@v2
+
+    - name: Set up Ruby
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: ${{ matrix.ruby }}
+        bundler-cache: true
+
+    - name: Run tests
+      run: bundle exec rspec

From 286979f92c97337ab33cb87cc94c02d2a4cb2e04 Mon Sep 17 00:00:00 2001
From: Joakim Antman <antmanj@gmail.com>
Date: Wed, 2 Dec 2020 21:42:18 +0200
Subject: [PATCH 09/12] Truffleruby

---
 .github/workflows/ci.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index f62a608c..60ae2e4f 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -9,6 +9,7 @@ on:
       - "*"
 jobs:
   test:
+    name: "Ruby {{ matrix.ruby }}"
     strategy:
       fail-fast: false
       matrix:
@@ -22,6 +23,8 @@ jobs:
         include:
           - ruby: "ruby-head"
             experimental: true
+          - ruby: "truffleruby-head"
+            experimental: true
     runs-on: ubuntu-latest
     continue-on-error: ${{ matrix.experimental }}
 

From 91e17c72d1326988609eceb81d91807345ddac4b Mon Sep 17 00:00:00 2001
From: Joakim Antman <antmanj@gmail.com>
Date: Wed, 2 Dec 2020 22:03:55 +0200
Subject: [PATCH 10/12] Gemfiles into the CI action

---
 .github/workflows/ci.yml | 34 ++++++++++++++++++++++++----------
 1 file changed, 24 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 60ae2e4f..1c083708 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -9,28 +9,42 @@ on:
       - "*"
 jobs:
   test:
-    name: "Ruby {{ matrix.ruby }}"
     strategy:
       fail-fast: false
       matrix:
         ruby:
-        - 2.3
-        - 2.4
-        - 2.5
-        - 2.6
-        - 2.7
-        experimental: [false]
+          - 2.3
+          - 2.4
+          - 2.5
+          - 2.6
+          - 2.7
+        gemfile:
+          - gemfiles/standalone.gemfile
+          - gemfiles/openssl.gemfile
+          - gemfiles/rbnacl.gemfile
+        allow_failure: [false]
         include:
+          - ruby: 2.1
+            allow_failure: true
+          - ruby: 2.2
+            allow_failure: true
           - ruby: "ruby-head"
-            experimental: true
+            allow_failure: true
           - ruby: "truffleruby-head"
-            experimental: true
+            allow_failure: true
     runs-on: ubuntu-latest
-    continue-on-error: ${{ matrix.experimental }}
+    continue-on-error: ${{ matrix.allow_failure }}
+    env:
+      BUNDLE_GEMFILE: ${{ matrix.gemfile }}
 
     steps:
     - uses: actions/checkout@v2
 
+    - name: Install libsodium
+      run: |
+        sudo apt-get update -q
+        sudo apt-get install libsodium-dev -y
+
     - name: Set up Ruby
       uses: ruby/setup-ruby@v1
       with:

From 16985980dfd75850541875c8e4b56cdc7c50399b Mon Sep 17 00:00:00 2001
From: Joakim Antman <antmanj@gmail.com>
Date: Wed, 2 Dec 2020 22:12:06 +0200
Subject: [PATCH 11/12] Use ubuntu 20.4

---
 .github/workflows/ci.yml | 20 +++++++++++++-------
 1 file changed, 13 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 1c083708..d2971dd9 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -22,18 +22,20 @@ jobs:
           - gemfiles/standalone.gemfile
           - gemfiles/openssl.gemfile
           - gemfiles/rbnacl.gemfile
-        allow_failure: [false]
+        experimental: [false]
         include:
           - ruby: 2.1
-            allow_failure: true
+            experimental: true
           - ruby: 2.2
-            allow_failure: true
+            experimental: true
+          - ruby: 2.7
+            coverage: "true"
           - ruby: "ruby-head"
-            allow_failure: true
+            experimental: true
           - ruby: "truffleruby-head"
-            allow_failure: true
-    runs-on: ubuntu-latest
-    continue-on-error: ${{ matrix.allow_failure }}
+            experimental: true
+    runs-on: ubuntu-20.04
+    continue-on-error: ${{ matrix.experimental }}
     env:
       BUNDLE_GEMFILE: ${{ matrix.gemfile }}
 
@@ -53,3 +55,7 @@ jobs:
 
     - name: Run tests
       run: bundle exec rspec
+
+    - name: Report coverage
+      if: ${{ success() && matrix.coverage == 'true' }}
+      run: bundle exec codeclimate-test-reporter

From b00a50d47ad9a471bee28e281ac8f5ad9ac619eb Mon Sep 17 00:00:00 2001
From: Joakim Antman <antmanj@gmail.com>
Date: Wed, 2 Dec 2020 22:41:42 +0200
Subject: [PATCH 12/12] Report coverage on the 2.7+rbnacl step

---
 .github/workflows/ci.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index d2971dd9..8c6511c5 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -30,6 +30,7 @@ jobs:
             experimental: true
           - ruby: 2.7
             coverage: "true"
+            gemfile: 'gemfiles/rbnacl.gemfile'
           - ruby: "ruby-head"
             experimental: true
           - ruby: "truffleruby-head"