appraisal2 3.0.5 → 3.0.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 41e1c49f3289b00343d40bd52113acd06d835489990d21da9757923f6b9f416c
-  data.tar.gz: 0b5d97ac9d843f838764d3914b1ad0ff28864cb530614f8002025e03ad9bfce8
+  metadata.gz: d133d78a6198d0a3b26dd959c3c1f70e7106ca48c188639db816b594cbe821ed
+  data.tar.gz: 03e9f36d0704cd7f3c8bb6b9a79d318f5793a587e3e719084066f9cf91f395a4
 SHA512:
-  metadata.gz: b7b0ca0169406f8ee4004b3b8e25ccbbae5ae5f7f692d26344794f0b8d8bb5edd6974205823db2bec3adf1280ab5199d2f3d29965c4f51faea8ffb7d3dc55a9b
-  data.tar.gz: 7496d18c934299dde6bfb261f98cbda0ed1fe66d817f03aed00e2940eb35aa5b657a23d388cd5366535b6270e14fa7286d30ea6a71f7f18b1d9e4ad319da5e46
+  metadata.gz: e9d4d82c677bd83ba21c8590f6a92c5fd475bb9374243744fceb353f3acd985f99fd8ec28b9309b5ffca09f25db5ddef76850fb5f8163f105353b41d7b1abf3a
+  data.tar.gz: d65eb45d17fd233ac1de8b36d34b186b9f6f8bf82fcc106f16c045df1c943a65fb017f739c9da2a3a01027934a3e9f0d6afb5044531caecffcd86788708b25a8

data/CHANGELOG.md

@@ -19,6 +19,40 @@ Versioning: [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ### Security
 
+## [3.0.6] - 2026-02-17
+
+- TAG: [v3.0.6][3.0.6t]
+- COVERAGE: 88.34% -- 727/823 lines in 27 files
+- BRANCH COVERAGE: 76.05% -- 127/167 branches in 27 files
+- 43.11% documented
+
+### Added
+
+- Test for bundler handling with pre-existing appraisal lockfiles
+  - Added acceptance test that verifies appraisal correctly handles `gemfiles/*.gemfile.lock` files with `BUNDLED WITH` specified
+  - Test validates that:
+    - Appraisal gemfiles with pre-created lockfiles install correctly
+    - Lockfiles preserve the `BUNDLED WITH` section reporting which bundler version was used
+    - The bundler version in the lockfile is correctly maintained during installation
+  - Note: Multi-version bundler switching in CI would require pre-installing multiple bundler versions; coverage is limited to lockfile preservation and environment handling.
+
+### Fixed
+
+- Restore bundler's automatic version switching for modern bundler versions (2.2+)
+  - Bundler can detect and switch to the version specified in `Gemfile.lock` (or appraisal lockfiles) via `BUNDLED WITH`
+  - Previously, `with_original_env` stripped all bundler-related variables, preventing bundler from detecting version mismatches and breaking test isolation
+  - Now uses `with_bundler_env` with selective cleanup:
+    - Starts from `Bundler.original_env` when available
+    - Preserves critical bundler and isolation variables (for example: `BUNDLE_GEMFILE`, `BUNDLE_APP_CONFIG`, `BUNDLE_PATH`, `BUNDLE_USER_CACHE`)
+    - Removes `BUNDLER_SETUP` and `BUNDLER_VERSION` activation markers
+    - Removes `bundler/setup` from `RUBYOPT` to prevent auto-activation in subprocesses
+    - Prevents `BUNDLE_LOCKFILE` lockfile pollution of subprocesses so per-gemfile lockfiles are created correctly
+  - This approach:
+    - Lets subprocess bundler start fresh and process the target gemfile cleanly
+    - Preserves test isolation and prevents global config pollution
+    - Enables committing appraisal lockfiles with specific bundler versions for stable, repeatable builds
+  - This fix maintains backward compatibility with all bundler versions
+
 ## [3.0.5] - 2026-02-14
 
 - TAG: [v3.0.5][3.0.5t]
@@ -171,7 +205,9 @@ Versioning: [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
   - code coverage tracked with Coveralls, QLTY.sh, and the kettle-soup-cover gem
   - other minor fixes and improvements
 
-[Unreleased]: https://github.com/appraisal-rb/appraisal2/compare/v3.0.5...HEAD
+[Unreleased]: https://github.com/appraisal-rb/appraisal2/compare/v3.0.6...HEAD
+[3.0.6]: https://github.com/appraisal-rb/appraisal2/compare/v3.0.5...v3.0.6
+[3.0.6t]: https://github.com/appraisal-rb/appraisal2/releases/tag/v3.0.6
 [3.0.5]: https://github.com/appraisal-rb/appraisal2/compare/v3.0.4...v3.0.5
 [3.0.5t]: https://github.com/appraisal-rb/appraisal2/releases/tag/v3.0.5
 [3.0.4]: https://github.com/appraisal-rb/appraisal2/compare/v3.0.3...v3.0.4

data/CONTRIBUTING.md

@@ -7,7 +7,7 @@ the [code of conduct][🤝conduct].
 To submit a patch, please fork the project and create a patch with tests.
 Once you're happy with it send a pull request.
 
-We [![Keep A Changelog][📗keep-changelog-img]][📗keep-changelog] so if you make changes, remember to update it.
+Remember to [![Keep A Changelog][📗keep-changelog-img]][📗keep-changelog] if you make changes.
 
 ## You can help!
 
@@ -33,6 +33,23 @@ NOTE: Run tests with `act` to have confidence they will pass in CI.
       many specs will fail locally in subsequent runs unless run via `act`.
       The spec suite is not idempotent.  This is a goal for the future, if you'd like to work on it.
 
+## Appraisals
+
+From time to time the [appraisal2][🚎appraisal2] gemfiles in `gemfiles/` will need to be updated.
+They are created and updated with the commands:
+
+```console
+bin/rake appraisal:update
+```
+
+If you need to reset all gemfiles/*.gemfile.lock files:
+
+```console
+bin/rake appraisal:reset
+```
+
+When adding an appraisal to CI, check the [runner tool cache][🏃‍♂️runner-tool-cache] to see which runner to use.
+
 ## The Reek List
 
 Take a look at the `reek` list which is the file called `REEK` and find something to improve.
@@ -86,37 +103,49 @@ Also see GitLab Contributors: [https://gitlab.com/appraisal-rb/appraisal2/-/grap
 
 ### One-time, Per-maintainer, Setup
 
-**IMPORTANT**: If you want to sign the build you create,
-your public key for signing gems will need to be picked up by the line in the
+**IMPORTANT**: To sign a build,
+a public key for signing gems will need to be picked up by the line in the
 `gemspec` defining the `spec.cert_chain` (check the relevant ENV variables there).
-All releases to RubyGems.org will be signed.
+All releases are signed releases.
 See: [RubyGems Security Guide][🔒️rubygems-security-guide]
 
 NOTE: To build without signing the gem you must set `SKIP_GEM_SIGNING` to some value in your environment.
 
 ### To release a new version:
 
-1. Run `bin/setup && bin/rake` as a tests, coverage, & linting sanity check
+#### Automated process
+
+1. Update version.rb to contain the correct version-to-be-released.
+2. Run `bundle exec kettle-changelog`.
+3. Run `bundle exec kettle-release`.
+4. Stay awake and monitor the release process for any errors, and answer any prompts.
+
+#### Manual process
+
+1. Run `bin/setup && bin/rake` as a "test, coverage, & linting" sanity check
 2. Update the version number in `version.rb`, and ensure `CHANGELOG.md` reflects changes
 3. Run `bin/setup && bin/rake` again as a secondary check, and to update `Gemfile.lock`
 4. Run `git commit -am "🔖 Prepare release v<VERSION>"` to commit the changes
-5. Run `git push` to trigger the final CI pipeline before release, & merge PRs
-    - NOTE: Remember to [check the build][🧪build]!
+5. Run `git push` to trigger the final CI pipeline before release, and merge PRs
+    - NOTE: Remember to [check the build][🧪build].
 6. Run `export GIT_TRUNK_BRANCH_NAME="$(git remote show origin | grep 'HEAD branch' | cut -d ' ' -f5)" && echo $GIT_TRUNK_BRANCH_NAME`
 7. Run `git checkout $GIT_TRUNK_BRANCH_NAME`
-8. Run `git pull origin $GIT_TRUNK_BRANCH_NAME` to ensure you will release the latest trunk code
-9. Set `SOURCE_DATE_EPOCH` so `rake build` and `rake release` use same timestamp, and generate same checksums
+8. Run `git pull origin $GIT_TRUNK_BRANCH_NAME` to ensure latest trunk code
+9. Optional for older Bundler (< 2.7.0): Set `SOURCE_DATE_EPOCH` so `rake build` and `rake release` use the same timestamp and generate the same checksums
+    - If your Bundler is >= 2.7.0, you can skip this; builds are reproducible by default.
     - Run `export SOURCE_DATE_EPOCH=$EPOCHSECONDS && echo $SOURCE_DATE_EPOCH`
     - If the echo above has no output, then it didn't work.
-    - Note that you'll need the `zsh/datetime` module, if running `zsh`.
+    - Note: `zsh/datetime` module is needed, if running `zsh`.
     - In older versions of `bash` you can use `date +%s` instead, i.e. `export SOURCE_DATE_EPOCH=$(date +%s) && echo $SOURCE_DATE_EPOCH`
 10. Run `bundle exec rake build`
 11. Run `bin/gem_checksums` (more context [1][🔒️rubygems-checksums-pr], [2][🔒️rubygems-guides-pr])
     to create SHA-256 and SHA-512 checksums. This functionality is provided by the `stone_checksums`
     [gem][💎stone_checksums].
-    - Checksums will be committed automatically by the script, but not pushed
-12. Run `bundle exec rake release` which will create a git tag for the version,
-    push git commits and tags, and push the `.gem` file to [rubygems.org][💎rubygems]
+    - The script automatically commits but does not push the checksums
+12. Sanity check the SHA256, comparing with the output from the `bin/gem_checksums` command:
+    - `sha256sum pkg/<gem name>-<version>.gem`
+13. Run `bundle exec rake release` which will create a git tag for the version,
+    push git commits and tags, and push the `.gem` file to the gem host configured in the gemspec.
 
 [🚎src-main]: https://gitlab.com/appraisal-rb/appraisal2
 [🧪build]: https://github.com/appraisal-rb/appraisal2/actions
@@ -125,7 +154,7 @@ NOTE: To build without signing the gem you must set `SKIP_GEM_SIGNING` to some v
 [🖐contributors]: https://github.com/appraisal-rb/appraisal2/graphs/contributors
 [🚎contributors-gl]: https://gitlab.com/appraisal-rb/appraisal2/-/graphs/main
 [🖐contributors-img]: https://contrib.rocks/image?repo=appraisal-rb/appraisal2
-[💎rubygems]: https://rubygems.org
+[💎gem-coop]: https://gem.coop
 [🔒️rubygems-security-guide]: https://guides.rubygems.org/security/#building-gems
 [🔒️rubygems-checksums-pr]: https://github.com/rubygems/rubygems/pull/6022
 [🔒️rubygems-guides-pr]: https://github.com/rubygems/guides/pull/325
@@ -134,3 +163,5 @@ NOTE: To build without signing the gem you must set `SKIP_GEM_SIGNING` to some v
 [📗keep-changelog-img]: https://img.shields.io/badge/keep--a--changelog-1.0.0-FFDD67.svg?style=flat
 [✉️discord-invite]: https://discord.gg/3qme4XHNKN
 [✉️discord-invite-img]: https://img.shields.io/discord/1373797679469170758?style=for-the-badge
+[🚎appraisal2]: https://github.com/appraisal-rb/appraisal2
+[🏃‍♂️runner-tool-cache]: https://github.com/ruby/ruby-builder/releases/tag/toolcache

data/README.md

@@ -66,7 +66,7 @@ Appraisal2 adds:
 | Documentation           | [![Current release on RubyDoc.info][📜docs-cr-rd-img]][🚎yard-current] [![YARD on Galtzo.com][📜docs-head-rd-img]][🚎yard-head] [![BDFL Blog][🚂bdfl-blog-img]][🚂bdfl-blog] [![Wiki][📜wiki-img]][📜wiki]                                                                                                                                                                                                                                                          |
 | Compliance              | [![License: MIT][📄license-img]][📄license-ref] [![📄ilo-declaration-img]][📄ilo-declaration] [![Security Policy][🔐security-img]][🔐security] [![Contributor Covenant 2.1][🪇conduct-img]][🪇conduct] [![SemVer 2.0.0][📌semver-img]][📌semver]                                                                                                                                                                                                                    |
 | Style                   | [![Enforced Code Style Linter][💎rlts-img]][💎rlts] [![Keep-A-Changelog 1.0.0][📗keep-changelog-img]][📗keep-changelog] [![Gitmoji Commits][📌gitmoji-img]][📌gitmoji]                                                                                                                                                                                                                                                                                              |
-| Support                 | [![Live Chat on Discord][✉️discord-invite-img]][✉️discord-invite] [![Get help from me on Upwork][👨🏼‍🏫expsup-upwork-img]][👨🏼‍🏫expsup-upwork] [![Get help from me on Codementor][👨🏼‍🏫expsup-codementor-img]][👨🏼‍🏫expsup-codementor]                                                                                                                                                                                                                       |
+| Support                 | [![Join Me on Daily.dev's RubyFriends][✉️ruby-friends-img]][✉️ruby-friends] [![Live Chat on Discord][✉️discord-invite-img-ftb]][🖼️galtzo-discord] [![Get help from me on Upwork][👨🏼‍🏫expsup-upwork-img]][👨🏼‍🏫expsup-upwork] [![Get help from me on Codementor][👨🏼‍🏫expsup-codementor-img]][👨🏼‍🏫expsup-codementor]                                                                                                                                      |
 | Enterprise Support      | [![Get help from me on Tidelift][🏙️entsup-tidelift-img]][🏙️entsup-tidelift]<br/>💡Subscribe for support guarantees covering _all_ FLOSS dependencies!<br/>💡Tidelift is part of [Sonar][🏙️entsup-tidelift-sonar]!<br/>💡Tidelift pays maintainers to maintain the software you depend on!<br/>📊`@`Pointy Haired Boss: An [enterprise support][🏙️entsup-tidelift] subscription is "[never gonna let you down][🧮kloc]", and *supports* open source maintainers! |
 | Comrade BDFL 🎖️        | [![Follow Me on LinkedIn][💖🖇linkedin-img]][💖🖇linkedin] [![Follow Me on Ruby.Social][💖🐘ruby-mast-img]][💖🐘ruby-mast] [![Follow Me on Bluesky][💖🦋bluesky-img]][💖🦋bluesky] [![Contact BDFL][🚂bdfl-contact-img]][🚂bdfl-contact] [![My technical writing][💖💁🏼‍♂️devto-img]][💖💁🏼‍♂️devto]                                                                                                                                                              |
 | `...` 💖                | [![Find Me on WellFound:][💖✌️wellfound-img]][💖✌️wellfound] [![Find Me on CrunchBase][💖💲crunchbase-img]][💖💲crunchbase] [![My LinkTree][💖🌳linktree-img]][💖🌳linktree] [![More About Me][💖💁🏼‍♂️aboutme-img]][💖💁🏼‍♂️aboutme] [🧊][💖🧊berg] [🐙][💖🐙hub]  [🛖][💖🛖hut] [🧪][💖🧪lab]                                                                                                                                                                   |
@@ -1181,7 +1181,7 @@ Thanks for RTFM. ☺️
 [📌gitmoji]:https://gitmoji.dev
 [📌gitmoji-img]:https://img.shields.io/badge/gitmoji_commits-%20😜%20😍-34495e.svg?style=flat-square
 [🧮kloc]: https://www.youtube.com/watch?v=dQw4w9WgXcQ
-[🧮kloc-img]: https://img.shields.io/badge/KLOC-0.784-FFDD67.svg?style=for-the-badge&logo=YouTube&logoColor=blue
+[🧮kloc-img]: https://img.shields.io/badge/KLOC-0.823-FFDD67.svg?style=for-the-badge&logo=YouTube&logoColor=blue
 [🔐security]: SECURITY.md
 [🔐security-img]: https://img.shields.io/badge/security-policy-259D6C.svg?style=flat
 [📄copyright-notice-explainer]: https://opensource.stackexchange.com/questions/5778/why-do-licenses-such-as-the-mit-license-specify-a-single-year

data/lib/appraisal/command.rb

@@ -7,6 +7,33 @@ module Appraisal
   class Command
     attr_reader :command, :env, :gemfile
 
+    # BUNDLE_* environment variables that must be preserved for proper bundler operation
+    # and test isolation. These are preserved when using with_bundler_env to ensure:
+    # - Bundler version switching works (BUNDLE_GEMFILE)
+    # - Test isolation is maintained (BUNDLE_APP_CONFIG, etc.)
+    # - User settings are respected (BUNDLE_PATH, BUNDLE_USER_CACHE, etc.)
+    #
+    # NOTE: BUNDLE_LOCKFILE is NOT preserved because:
+    # - Bundler automatically infers lockfile from BUNDLE_GEMFILE (e.g., foo.gemfile -> foo.gemfile.lock)
+    # - Forcing BUNDLE_LOCKFILE breaks appraisal's ability to create per-gemfile lockfiles
+    # - Each appraisal needs its own lockfile, not the root Gemfile.lock
+    PRESERVED_BUNDLE_VARS = %w[
+      BUNDLE_GEMFILE
+      BUNDLE_APP_CONFIG
+      BUNDLE_PATH
+      BUNDLE_BIN_PATH
+      BUNDLE_USER_CONFIG
+      BUNDLE_USER_CACHE
+      BUNDLE_USER_PLUGIN
+      BUNDLE_IGNORE_FUNDING_REQUESTS
+      BUNDLE_DISABLE_SHARED_GEMS
+    ].freeze
+
+    PRESERVED_RUNTIME_VARS = %w[
+      PATH
+      GEM_PATH
+    ].freeze
+
     def initialize(command, options = {})
       @gemfile = options[:gemfile]
       @env = options.fetch(:env, {})
@@ -15,19 +42,21 @@ module Appraisal
     end
 
     def run
-      # Capture BUNDLE_PATH from the current environment before with_original_env scrubs it
-      bundle_path = ENV["BUNDLE_PATH"]
       run_env = test_environment.merge(env)
 
       if @skip_bundle_exec
         execute(run_env)
       else
-        # This will wipe out BUNDLE_* variables
-        Bundler.with_original_env do
-          # Restore BUNDLE_PATH if it was set
-          # BUNDLE_PATH is often used for caching between appraisals
-          ENV["BUNDLE_PATH"] = bundle_path if bundle_path
+        # For bundler version switching to work in modern bundler (2.2+),
+        # we need to preserve certain BUNDLE_* environment variables.
+        # However, we still need to isolate from the parent's bundler state
+        # to avoid conflicts.
+        #
+        # Solution: Use a selective environment approach instead of with_original_env,
+        # which strips all BUNDLE_* variables and breaks version switching.
+        with_bundler_env do
           ensure_bundler_is_available
+          ensure_locked_bundler_is_available
           execute(run_env)
         end
       end
@@ -35,6 +64,50 @@ module Appraisal
 
     private
 
+    # Provide a clean environment while preserving bundler's version switching capability
+    # and test isolation settings.
+    #
+    # The current Ruby process has bundler activated, which adds bundler/setup to RUBYOPT.
+    # When we run a subprocess, we need to remove that activation so the subprocess bundler
+    # can start fresh. However, we keep all test isolation variables intact.
+    def with_bundler_env
+      backup_env = ENV.to_h
+
+      begin
+        clean_env = if Bundler.respond_to?(:original_env)
+          Bundler.original_env.to_h
+        else
+          backup_env.to_h
+        end
+
+        # Avoid leaking a global BUNDLE_LOCKFILE into subprocesses.
+        clean_env.delete("BUNDLE_LOCKFILE")
+
+        preserved_vars = PRESERVED_BUNDLE_VARS + PRESERVED_RUNTIME_VARS
+
+        preserved_vars.each do |var|
+          clean_env[var] = backup_env[var] if backup_env[var]
+        end
+
+        # Remove bundler/setup from RUBYOPT so subprocess doesn't auto-load bundler
+        if backup_env["RUBYOPT"]
+          rubyopt = backup_env["RUBYOPT"].split(" ")
+          rubyopt.reject! { |opt| opt == "-rbundler/setup" || opt.include?("bundler/setup") }
+          clean_env["RUBYOPT"] = rubyopt.join(" ") unless rubyopt.empty?
+        end
+
+        # Remove bundler activation markers from the subprocess environment
+        clean_env.delete("BUNDLER_SETUP")
+        clean_env.delete("BUNDLER_VERSION")
+
+        ENV.replace(clean_env)
+
+        yield
+      ensure
+        ENV.replace(backup_env)
+      end
+    end
+
     def execute(run_env)
       announce
 
@@ -65,6 +138,46 @@ manually.
       exit(1)
     end
 
+    def ensure_locked_bundler_is_available
+      # Bundler 2.2+ already switches to the lockfile version automatically.
+      # Only install the locked version as a fallback for older Bundler releases.
+      return if bundler_handles_lockfile_version?
+
+      locked_version = locked_bundler_version
+      return unless locked_version
+
+      return if system(%(gem list --silent -i bundler -v "#{locked_version}"))
+
+      puts ">> Bundler #{locked_version} not found, attempting to install..."
+      return if system("gem install bundler -v #{Shellwords.escape(locked_version)} --no-document")
+
+      puts
+      puts <<-ERROR.rstrip
+Bundler #{locked_version} installation failed.
+Please try running:
+  `gem install bundler -v #{locked_version}`
+manually.
+      ERROR
+      exit(1)
+    end
+
+    def bundler_handles_lockfile_version?
+      return false unless defined?(Bundler::VERSION)
+
+      Gem::Version.new(Bundler::VERSION) >= Gem::Version.new("2.2.0")
+    end
+
+    def locked_bundler_version
+      return unless gemfile
+
+      lockfile_path = "#{gemfile}.lock"
+      return unless File.exist?(lockfile_path)
+
+      lockfile_content = File.read(lockfile_path)
+      match = lockfile_content.match(/BUNDLED WITH\s*\n\s*([^\s]+)/)
+      match && match[1]
+    end
+
     def announce
       if gemfile
         puts ">> BUNDLE_GEMFILE=#{gemfile} #{command_as_string}"

data/lib/appraisal/version.rb

@@ -2,7 +2,7 @@
 
 module Appraisal
   module Version
-    VERSION = "3.0.5"
+    VERSION = "3.0.6"
   end
   VERSION = Version::VERSION # Traditional constant location
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: appraisal2
 version: !ruby/object:Gem::Version
-  version: 3.0.5
+  version: 3.0.6
 platform: ruby
 authors:
 - Peter Boling
@@ -400,10 +400,10 @@ licenses:
 - MIT
 metadata:
   homepage_uri: https://appraisal2.galtzo.com/
-  source_code_uri: https://github.com/appraisal-rb/appraisal2/releases/tag/v3.0.5
-  changelog_uri: https://gitlab.com/appraisal-rb/appraisal2/-/blob/v3.0.5/CHANGELOG.md
+  source_code_uri: https://github.com/appraisal-rb/appraisal2/releases/tag/v3.0.6
+  changelog_uri: https://gitlab.com/appraisal-rb/appraisal2/-/blob/v3.0.6/CHANGELOG.md
   bug_tracker_uri: https://gitlab.com/appraisal-rb/appraisal2/-/issues
-  documentation_uri: https://www.rubydoc.info/gems/appraisal2/3.0.5
+  documentation_uri: https://www.rubydoc.info/gems/appraisal2/3.0.6
   wiki_uri: https://gitlab.com/appraisal-rb/appraisal2/-/wiki
   funding_uri: https://github.com/sponsors/pboling
   news_uri: https://www.railsbling.com/tags/appraisal2