omniauth · pboling · Jul 28, 2025 · Jul 28, 2025 · Jul 28, 2025 · Jul 28, 2025
diff --git a/.github/workflows/current.yml b/.github/workflows/current.yml
@@ -38,19 +38,19 @@ jobs:
       matrix:
         include:
           # Ruby 3.4
-          - ruby: "3.4"
+          - ruby: "ruby"
             appraisal_name: "ar-7-2"
             exec_cmd: "rake spec:orm:active_record"
             gemfile: "Appraisal.root"
             rubygems: latest
             bundler: latest
-          - ruby: "3.4"
+          - ruby: "ruby"
             appraisal_name: "ar-8-0"
             exec_cmd: "rake spec:orm:active_record"
             gemfile: "Appraisal.root"
             rubygems: latest
             bundler: latest
-          - ruby: "3.4"
+          - ruby: "ruby"
             appraisal_name: "sequel-5.86-r3"
             exec_cmd: "rake spec:orm:sequel"
             gemfile: "Appraisal.root"

diff --git a/.github/workflows/kitchen.yml → .github/workflows/deps_locked.yml b/.github/workflows/kitchen.yml → .github/workflows/deps_locked.yml
@@ -1,7 +1,21 @@
 ---
-# Targets the Rakefile's default task and the main Gemfile,
-#   which contributors and maintainers would use locally for development
-name: Kitchen Sink
+# Lock/Unlock Deps Pattern
+#
+# Two often conflicting goals resolved!
+#
+#  - deps_unlocked.yml
+#    - All runtime & dev dependencies, but does not have a `gemfiles/*.gemfile.lock` committed
+#    - Uses an Appraisal2 "deps_unlocked" gemfile, and the current MRI Ruby release
+#    - Know when new dependency releases will break local dev with unlocked dependencies
+#    - Broken workflow indicates that new releases of dependencies may not work
+#
+#  - deps_locked.yml
+#    - All runtime & dev dependencies, and has a `Gemfile.lock` committed
+#    - Uses the project's main Gemfile, and the current MRI Ruby release
+#    - Matches what contributors and maintainers use locally for development
+#    - Broken workflow indicates that a new contributor will have a bad time
+#
+name: Deps Locked
 
 permissions:
   contents: read
@@ -30,7 +44,7 @@ concurrency:
 
 jobs:
   test:
-    name: Tests default rake task with main Gemfile.lock ${{ matrix.name_extra || '' }}
+    name: Default rake task w/ main Gemfile.lock ${{ matrix.name_extra || '' }}
     if: ${{ !contains(github.event.commits[0].message, '[ci skip]') && !contains(github.event.commits[0].message, '[skip ci]') }}
     runs-on: ubuntu-latest
     continue-on-error: ${{ matrix.experimental }}

diff --git a/.github/workflows/deps_unlocked.yml b/.github/workflows/deps_unlocked.yml
@@ -0,0 +1,84 @@
+---
+# Lock/Unlock Deps Pattern
+#
+# Two often conflicting goals resolved!
+#
+#  - deps_unlocked.yml
+#    - All runtime & dev dependencies, but does not have a `gemfiles/*.gemfile.lock` committed
+#    - Uses an Appraisal2 "deps_unlocked" gemfile, and the current MRI Ruby release
+#    - Know when new dependency releases will break local dev with unlocked dependencies
+#    - Broken workflow indicates that new releases of dependencies may not work
+#
+#  - deps_locked.yml
+#    - All runtime & dev dependencies, and has a `Gemfile.lock` committed
+#    - Uses the project's main Gemfile, and the current MRI Ruby release
+#    - Matches what contributors and maintainers use locally for development
+#    - Broken workflow indicates that a new contributor will have a bad time
+#
+name: Deps Unlocked
+
+permissions:
+  contents: read
+
+env:
+  K_SOUP_COV_DO: false
+
+on:
+  push:
+    branches:
+      - 'main'
+      - "*-stable"
+    tags:
+      - '!*' # Do not execute on tags
+  pull_request:
+    branches:
+      - '*'
+  # Allow manually triggering the workflow.
+  workflow_dispatch:
+
+# Cancels all previous workflow runs for the same branch that have not yet completed.
+concurrency:
+  # The concurrency group contains the workflow name and the branch name.
+  group: "${{ github.workflow }}-${{ github.ref }}"
+  cancel-in-progress: true
+
+jobs:
+  test:
+    name: Default rake task w/ unlocked deps ${{ matrix.name_extra || '' }}
+    if: "!contains(github.event.commits[0].message, '[ci skip]') && !contains(github.event.commits[0].message, '[skip ci]')"
+    runs-on: ubuntu-latest
+    continue-on-error: ${{ matrix.experimental || endsWith(matrix.ruby, 'head') }}
+    env: # $BUNDLE_GEMFILE must be set at job level, so it is set for all steps
+      BUNDLE_GEMFILE: ${{ github.workspace }}/${{ matrix.gemfile }}.gemfile
+    strategy:
+      matrix:
+        include:
+          # Ruby <whichever version is current, e.g., 3.4 as of 2025-07-12>
+          - ruby: "ruby"
+            appraisal_name: "deps_unlocked"
+            exec_cmd: "rake"
+            gemfile: "Appraisal.root"
+            rubygems: latest
+            bundler: latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Ruby & RubyGems
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
+          rubygems: ${{ matrix.rubygems }}
+          bundler: ${{ matrix.bundler }}
+          bundler-cache: false
+
+      # Raw `bundle` will use the BUNDLE_GEMFILE set to matrix.gemfile (i.e. Appraisal.root)
+      # We need to do this first to get appraisal installed.
+      # NOTE: This does not use the main Gemfile at all.
+      - name: Install Root Appraisal
+        run: bundle
+      - name: Appraisal for ${{ matrix.ruby }}@${{ matrix.appraisal_name }}
+        run: bundle exec appraisal ${{ matrix.appraisal_name }} bundle
+      - name: Run ${{ matrix.exec_cmd }} on ${{ matrix.ruby }}@${{ matrix.appraisal_name }}
+        run: bundle exec appraisal ${{ matrix.appraisal_name }} bundle exec ${{ matrix.exec_cmd }}
diff --git a/.idea/omniauth-identity.iml b/.idea/omniauth-identity.iml
diff --git a/.idea/vcs.xml b/.idea/vcs.xml
diff --git a/.rubocop_gradual.lock b/.rubocop_gradual.lock
@@ -1,5 +1,5 @@
 {
-  "README.md:2730514579": [
+  "README.md:3239175719": [
     [201, 3, 100, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 3592044714]
   ],
   "Rakefile:3407355619": [

diff --git a/Appraisals b/Appraisals
@@ -4,6 +4,31 @@
 #   BUNDLE_GEMFILE=Appraisal.root.gemfile bundle
 #   BUNDLE_GEMFILE=Appraisal.root.gemfile bundle exec appraisal update
 #   bundle exec rake rubocop_gradual:autocorrect
+# NOTE: Commands need to be run from the devcontainer if old Rails or old sqlite3 won't install for you locally.
+
+# Lock/Unlock Deps Pattern
+#
+# Two often conflicting goals resolved!
+#
+#  - deps_unlocked.yml
+#    - All runtime & dev dependencies, but does not have a `gemfiles/*.gemfile.lock` committed
+#    - Uses an Appraisal2 "deps_unlocked" gemfile, and the current MRI Ruby release
+#    - Know when new dependency releases will break local dev with unlocked dependencies
+#    - Broken workflow indicates that new releases of dependencies may not work
+#
+#  - deps_locked.yml
+#    - All runtime & dev dependencies, and has a `Gemfile.lock` committed
+#    - Uses the project's main Gemfile, and the current MRI Ruby release
+#    - Matches what contributors and maintainers use locally for development
+#    - Broken workflow indicates that a new contributor will have a bad time
+#
+appraise "deps_unlocked" do
+  eval_gemfile("modular/audit.gemfile")
+  eval_gemfile("modular/coverage.gemfile")
+  eval_gemfile("modular/documentation.gemfile")
+  eval_gemfile("modular/style.gemfile")
+  eval_gemfile("modular/x_std_libs.gemfile")
+end
 
 # Used for HEAD (nightly) releases of ruby, truffleruby, and jruby.
 # Split into discrete appraisals if one of them needs a dependency locked discretely.

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -34,8 +34,37 @@ BUNDLE_GEMFILE=Appraisal.root.gemfile bundle exec appraisal update
 bundle exec rake rubocop_gradual:autocorrect
 ```
 
+NOTE: Commands need to be run from the devcontainer if old Rails or old sqlite3 won't install for you locally.
+
 When adding an appraisal to CI, check the [runner tool cache][🏃‍♂️runner-tool-cache] to see which runner to use.
 
+### We commit, and don't commit, our "gemfile.lock" files
+
+Thanks to [Appraisal2](https://github.com/appraisal-rb/appraisal2) we have a `gemfiles/*.gemfile` suite
+in addition to the main `Gemfile` at the root of the project.
+We run a workflow against the main Gemfile, which has a `Gemfile.lock` committed, and
+we also run workflows against each of the Appraisal2 `gemfiles/*.gemfile` suite,
+which **do not** have `gemfiles/*.gemfile.lock` committed.
+
+```
+# Lock/Unlock Deps Pattern
+#
+# Two often conflicting goals resolved!
+#
+#  - deps_unlocked.yml
+#    - All runtime & dev dependencies, but does not have a `gemfiles/*.gemfile.lock` committed
+#    - Uses an Appraisal2 "deps_unlocked" gemfile, and the current MRI Ruby release
+#    - Know when new dependency releases will break local dev with unlocked dependencies
+#    - Broken workflow indicates that new releases of dependencies may not work
+#
+#  - deps_locked.yml
+#    - All runtime & dev dependencies, and has a `Gemfile.lock` committed
+#    - Uses the project's main Gemfile, and the current MRI Ruby release
+#    - Matches what contributors and maintainers use locally for development
+#    - Broken workflow indicates that a new contributor will have a bad time
+#
+```
+
 ## The Reek List
 
 Take a look at the `reek` list which is the file called `REEK` and find something to improve.

diff --git a/Gemfile b/Gemfile
@@ -11,7 +11,7 @@ git_source(:github) { |repo_name| "https://github.com/#{repo_name}" }
 gemspec
 
 ### Std Lib Extracted Gems
-eval_gemfile "gemfiles/modular/x_std_libs/r3/libs.gemfile"
+eval_gemfile "gemfiles/modular/x_std_libs.gemfile"
 
 ### Security Audit
 eval_gemfile "gemfiles/modular/audit.gemfile"

diff --git a/README.md b/README.md
@@ -12,7 +12,7 @@
 
 # 🫵 OmniAuth::Identity
 
-[![Version][👽versioni]][👽version] [![License: MIT][📄license-img]][📄license-ref] [![Downloads Rank][👽dl-ranki]][👽dl-rank] [![Open Source Helpers][👽oss-helpi]][👽oss-help] [![Depfu][🔑depfui♻️]][🔑depfu] [![Coveralls Test Coverage][🔑coveralls-img]][🔑coveralls] [![CodeCov Test Coverage][🔑codecovi♻️]][🔑codecov] [![QLTY Test Coverage][🔑qlty-covi]][🔑qlty-cov] [![QLTY Maintainability][🔑qlty-mnti]][🔑qlty-mnt] [![CI Heads][🚎3-hd-wfi]][🚎3-hd-wf] [![CI Runtime Dependencies @ HEAD][🚎12-crh-wfi]][🚎12-crh-wf] [![CI Current][🚎11-c-wfi]][🚎11-c-wf] [![CI JRuby][🚎10-j-wfi]][🚎10-j-wf] [![CI Supported][🚎6-s-wfi]][🚎6-s-wf] [![CI Legacy][🚎4-lg-wfi]][🚎4-lg-wf] [![CI Unsupported][🚎7-us-wfi]][🚎7-us-wf] [![CI Ancient][🚎1-an-wfi]][🚎1-an-wf] [![CI Test Coverage][🚎2-cov-wfi]][🚎2-cov-wf] [![CI Style][🚎5-st-wfi]][🚎5-st-wf] [![CI w/ committed Gemfile.lock][🚎13-k-wfi]][🚎13-k-wf]
+[![Version][👽versioni]][👽version] [![License: MIT][📄license-img]][📄license-ref] [![Downloads Rank][👽dl-ranki]][👽dl-rank] [![Open Source Helpers][👽oss-helpi]][👽oss-help] [![Depfu][🔑depfui♻️]][🔑depfu] [![Coveralls Test Coverage][🔑coveralls-img]][🔑coveralls] [![CodeCov Test Coverage][🔑codecovi♻️]][🔑codecov] [![QLTY Test Coverage][🔑qlty-covi]][🔑qlty-cov] [![QLTY Maintainability][🔑qlty-mnti]][🔑qlty-mnt] [![CI Heads][🚎3-hd-wfi]][🚎3-hd-wf] [![CI Runtime Dependencies @ HEAD][🚎12-crh-wfi]][🚎12-crh-wf] [![CI Current][🚎11-c-wfi]][🚎11-c-wf] [![CI JRuby][🚎10-j-wfi]][🚎10-j-wf] [![Deps Locked][🚎13-🔒️-wfi]][🚎13-🔒️-wf] [![Deps Unlocked][🚎14-🔓️-wfi]][🚎14-🔓️-wf] [![CI Supported][🚎6-s-wfi]][🚎6-s-wf] [![CI Legacy][🚎4-lg-wfi]][🚎4-lg-wf] [![CI Unsupported][🚎7-us-wfi]][🚎7-us-wf] [![CI Ancient][🚎1-an-wfi]][🚎1-an-wf] [![CI Test Coverage][🚎2-cov-wfi]][🚎2-cov-wf] [![CI Style][🚎5-st-wfi]][🚎5-st-wf] [![CI w/ committed Gemfile.lock][🚎13-k-wfi]][🚎13-k-wf]
 
 ---
 
@@ -566,8 +566,10 @@ P.S. If you need help️, or want to say thanks, 👇 Join the Discord.
 [🚎11-c-wfi]: https://github.com/omniauth/omniauth-identity/actions/workflows/current.yml/badge.svg
 [🚎12-crh-wf]: https://github.com/omniauth/omniauth-identity/actions/workflows/current-runtime-heads.yml
 [🚎12-crh-wfi]: https://github.com/omniauth/omniauth-identity/actions/workflows/current-runtime-heads.yml/badge.svg
-[🚎13-k-wf]: https://github.com/omniauth/omniauth-identity/actions/workflows/kitchen.yml
-[🚎13-k-wfi]: https://github.com/omniauth/omniauth-identity/actions/workflows/kitchen.yml/badge.svg
+[🚎13-🔒️-wf]: https://github.com/omniauth/omniauth-identity/actions/workflows/deps_locked.yml
+[🚎13-🔒️-wfi]: https://github.com/omniauth/omniauth-identity/actions/workflows/deps_locked.yml/badge.svg
+[🚎14-🔓️-wf]: https://github.com/omniauth/omniauth-identity/actions/workflows/deps_unlocked.yml
+[🚎14-🔓️-wfi]: https://github.com/omniauth/omniauth-identity/actions/workflows/deps_unlocked.yml/badge.svg
 [💎ruby-2.3i]: https://img.shields.io/badge/Ruby-2.3-DF00CA?style=for-the-badge&logo=ruby&logoColor=white
 [💎ruby-2.4i]: https://img.shields.io/badge/Ruby-2.4-DF00CA?style=for-the-badge&logo=ruby&logoColor=white
 [💎ruby-2.5i]: https://img.shields.io/badge/Ruby-2.5-DF00CA?style=for-the-badge&logo=ruby&logoColor=white

diff --git a/bin/appraisal b/bin/appraisal
@@ -10,18 +10,7 @@
 
 ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__)
 
-bundle_binstub = File.expand_path("bundle", __dir__)
-
-if File.file?(bundle_binstub)
-  if File.read(bundle_binstub, 300).include?("This file was generated by Bundler")
-    load(bundle_binstub)
-  else
-    abort("Your `bin/bundle` was not generated by Bundler, so this binstub cannot run.
-Replace `bin/bundle` by running `bundle binstubs bundler --force`, then run this command again.")
-  end
-end
-
 require "rubygems"
 require "bundler/setup"
 
-load Gem.bin_path("appraisal", "appraisal")
+load Gem.bin_path("appraisal2", "appraisal")
diff --git a/bin/erb b/bin/erb
@@ -0,0 +1,16 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+#
+# This file was generated by Bundler.
+#
+# The application 'erb' is installed as part of a gem, and
+# this file is here to facilitate running it.
+#
+
+ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__)
+
+require "rubygems"
+require "bundler/setup"
+
+load Gem.bin_path("erb", "erb")
diff --git a/bin/kramdown b/bin/kramdown
@@ -0,0 +1,16 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+#
+# This file was generated by Bundler.
+#
+# The application 'kramdown' is installed as part of a gem, and
+# this file is here to facilitate running it.
+#
+
+ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__)
+
+require "rubygems"
+require "bundler/setup"
+
+load Gem.bin_path("kramdown", "kramdown")
diff --git a/bin/nokogiri b/bin/nokogiri
@@ -0,0 +1,16 @@
+#!/usr/bin/env ruby
+# frozen_string_literal: true
+
+#
+# This file was generated by Bundler.
+#
+# The application 'nokogiri' is installed as part of a gem, and
+# this file is here to facilitate running it.
+#
+
+ENV["BUNDLE_GEMFILE"] ||= File.expand_path("../Gemfile", __dir__)
+
+require "rubygems"
+require "bundler/setup"
+
+load Gem.bin_path("nokogiri", "nokogiri")
diff --git a/docs/OmniAuth.html b/docs/OmniAuth.html
@@ -107,7 +107,7 @@ <h2>Defined Under Namespace</h2>
 </div>
 
       <div id="footer">
-  Generated on Mon Jul 28 12:41:27 2025 by
+  Generated on Mon Jul 28 13:55:04 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>

diff --git a/docs/OmniAuth/Identity.html b/docs/OmniAuth/Identity.html
@@ -107,7 +107,7 @@ <h2>Defined Under Namespace</h2>
 </div>
 
       <div id="footer">
-  Generated on Mon Jul 28 12:41:27 2025 by
+  Generated on Mon Jul 28 13:55:04 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>

diff --git a/docs/OmniAuth/Identity/Model.html b/docs/OmniAuth/Identity/Model.html
@@ -744,7 +744,7 @@ <h3 class="signature " id="uid-instance_method">
 </div>
 
       <div id="footer">
-  Generated on Mon Jul 28 12:41:27 2025 by
+  Generated on Mon Jul 28 13:55:04 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>

diff --git a/docs/OmniAuth/Identity/Model/ClassCreateApi.html b/docs/OmniAuth/Identity/Model/ClassCreateApi.html
@@ -248,7 +248,7 @@ <h3 class="signature first" id="create-instance_method">
 </div>
 
       <div id="footer">
-  Generated on Mon Jul 28 12:41:27 2025 by
+  Generated on Mon Jul 28 13:55:04 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>

diff --git a/docs/OmniAuth/Identity/Model/ClassMethods.html b/docs/OmniAuth/Identity/Model/ClassMethods.html
@@ -436,7 +436,7 @@ <h3 class="signature " id="locate-instance_method">
 </div>
 
       <div id="footer">
-  Generated on Mon Jul 28 12:41:27 2025 by
+  Generated on Mon Jul 28 13:55:04 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>

diff --git a/docs/OmniAuth/Identity/Model/InstancePersistedApi.html b/docs/OmniAuth/Identity/Model/InstancePersistedApi.html
@@ -226,7 +226,7 @@ <h3 class="signature first" id="persisted?-instance_method">
 </div>
 
       <div id="footer">
-  Generated on Mon Jul 28 12:41:27 2025 by
+  Generated on Mon Jul 28 13:55:04 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>

diff --git a/docs/OmniAuth/Identity/Model/InstanceSaveApi.html b/docs/OmniAuth/Identity/Model/InstanceSaveApi.html
@@ -228,7 +228,7 @@ <h3 class="signature first" id="save-instance_method">
 </div>
 
       <div id="footer">
-  Generated on Mon Jul 28 12:41:27 2025 by
+  Generated on Mon Jul 28 13:55:04 2025 by
   <a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
   0.9.37 (ruby-3.4.5).
 </div>