From 8a6dfdbfd6b117e18f12eb0c7a9d352441b375bc Mon Sep 17 00:00:00 2001
From: Nicolas Temciuc <nicotemciuc@gmail.com>
Date: Tue, 18 Feb 2025 00:04:39 -0300
Subject: [PATCH 1/3] ci: update `build` workflow to run on `ubuntu-24`

---
 .github/workflows/build.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 5927bea..610f4fb 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -26,7 +26,7 @@ jobs:
       - name: Lint code for consistent style
         run: bundle exec rubocop -f github
   test:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-24.04
     strategy:
       fail-fast: false
       matrix:

From aca755d0d67ca2c27d440a3a480c6f52ede8f6bb Mon Sep 17 00:00:00 2001
From: Nicolas Temciuc <nicolas.temciuc@cedarcode.com>
Date: Fri, 9 May 2025 13:39:53 -0300
Subject: [PATCH 2/3] ci: manually install `OpenSSL 1.1.1w`

---
 .github/actions/install-openssl/action.yml | 36 ++++++++++++
 .github/actions/install-ruby/action.yml    | 64 ++++++++++++++++++++++
 .github/workflows/build.yml                | 16 +++++-
 3 files changed, 113 insertions(+), 3 deletions(-)
 create mode 100644 .github/actions/install-openssl/action.yml
 create mode 100644 .github/actions/install-ruby/action.yml

diff --git a/.github/actions/install-openssl/action.yml b/.github/actions/install-openssl/action.yml
new file mode 100644
index 0000000..fe4201c
--- /dev/null
+++ b/.github/actions/install-openssl/action.yml
@@ -0,0 +1,36 @@
+name: Install OpenSSL
+inputs:
+  version:
+    description: 'The version of OpenSSL to install'
+    required: true
+  os:
+    description: 'The operating system to install OpenSSL on'
+    required: true
+runs:
+  using: 'composite'
+  steps:
+    - name: Cache OpenSSL library
+      id: cache-openssl
+      uses: actions/cache@v4
+      with:
+        path: ~/openssl
+        key: openssl-${{ inputs.version }}-${{ inputs.os }}
+
+    - name: Compile OpenSSL library
+      if: steps.cache-openssl.outputs.cache-hit != 'true'
+      shell: bash
+      run: |
+        mkdir -p tmp/build-openssl && cd tmp/build-openssl
+        case ${{ inputs.version }} in
+        1.1.*)
+          OPENSSL_COMMIT=OpenSSL_
+          OPENSSL_COMMIT+=$(echo ${{ inputs.version  }} | sed -e 's/\./_/g')
+          git clone -b $OPENSSL_COMMIT --depth 1 https://github.com/openssl/openssl.git .
+          echo "Git commit: $(git rev-parse HEAD)"
+          ./Configure --prefix=$HOME/openssl --libdir=lib linux-x86_64
+          make depend && make -j4 && make install_sw
+          ;;
+        *)
+          echo "Don't know how to build OpenSSL ${{ inputs.version }}"
+          ;;
+        esac
diff --git a/.github/actions/install-ruby/action.yml b/.github/actions/install-ruby/action.yml
new file mode 100644
index 0000000..644442f
--- /dev/null
+++ b/.github/actions/install-ruby/action.yml
@@ -0,0 +1,64 @@
+name: Install Ruby
+inputs:
+  version:
+    description: 'The version of Ruby to install'
+    required: true
+  os:
+    description: 'The operating system to install Ruby on'
+    required: true
+runs:
+  using: 'composite'
+  steps:
+    - name: Cache Ruby
+      id: ruby-cache
+      uses: actions/cache@v4
+      with:
+        path: ~/rubies/ruby-${{ inputs.version }}
+        key: ruby-${{ inputs.version }}-${{ inputs.os }}-openssl-1.1.1w
+
+    - name: Install Ruby
+      if: steps.ruby-cache.outputs.cache-hit != 'true'
+      shell: bash
+      run: |
+        latest_patch=$(curl -s https://cache.ruby-lang.org/pub/ruby/${{ inputs.version }}/ \
+           | grep -oP "ruby-${{ inputs.version }}\.\d+\.tar\.xz" \
+           | grep -oP "\d+(?=\.tar\.xz)" \
+           | sort -V | tail -n 1)
+        wget https://cache.ruby-lang.org/pub/ruby/${{ inputs.version }}/ruby-${{ inputs.version }}.${latest_patch}.tar.xz
+        tar -xJvf ruby-${{ inputs.version }}.${latest_patch}.tar.xz
+        cd ruby-${{ inputs.version }}.${latest_patch}
+        ./configure --prefix=$HOME/rubies/ruby-${{ inputs.version }} --with-openssl-dir=$HOME/openssl
+        make
+        make install
+    - name: Update PATH
+      shell: bash
+      run: |
+        echo "~/rubies/ruby-${{ inputs.version }}/bin" >> $GITHUB_PATH
+    - name: Install Bundler
+      shell: bash
+      run: |
+        case ${{ inputs.version }} in
+        2.7* | 3.*)
+          echo "Skipping Bundler installation for Ruby ${{ inputs.version }}"
+          ;;
+        2.4* | 2.5* | 2.6*)
+          gem install bundler -v '~> 2.3.0'
+          ;;
+        *)
+          echo "Don't know how to install Bundler for Ruby ${{ inputs.version }}"
+          ;;
+        esac
+    - name: Cache Bundler Install
+      id: bundler-cache
+      uses: actions/cache@v4
+      env:
+        GEMFILE: ${{ env.BUNDLE_GEMFILE || 'Gemfile' }}
+      with:
+        path: ./vendor/bundle
+        key: bundler-ruby-${{ inputs.version }}-${{ inputs.os }}-${{ hashFiles(env.Gemfile, 'tpm-key_attestation.gemspec') }}
+
+    - name: Install dependencies
+      shell: bash
+      run: |
+        bundle config set --local path ../vendor/bundle
+        bundle install
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 610f4fb..6c09777 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -74,9 +74,19 @@ jobs:
       BUNDLE_GEMFILE: gemfiles/${{ matrix.gemfile }}.gemfile
     steps:
     - uses: actions/checkout@v2
+
     - run: rm Gemfile.lock
-    - uses: ruby/setup-ruby@v1
+
+    - name: Install OpenSSL
+      uses: ./.github/actions/install-openssl
       with:
-        ruby-version: ${{ matrix.ruby }}
-        bundler-cache: true
+        version: "1.1.1w"
+        os: ${{ runner.os }}
+
+    - name: Manually set up Ruby
+      uses: ./.github/actions/install-ruby
+      with:
+        version: ${{ matrix.ruby }}
+        os: ${{ runner.os }}
+
     - run: bundle exec rspec

From 1fd7ccc73f2f2604a2a40bff27d41e8580e48f8c Mon Sep 17 00:00:00 2001
From: Nicolas Temciuc <nicolas.temciuc@cedarcode.com>
Date: Fri, 9 May 2025 14:49:18 -0300
Subject: [PATCH 3/3] ci: not use our ruby installation script for ruby 2.4

Error:
```
Could not find a valid gem 'bundler' (~> 2.3.0), here is why:
  Unable to download data from https://rubygems.org/ - SSL_connect returned=1 errno=0 state=error: certificate verify failed (https://api.rubygems.org/specs.4.8.gz)
```

See:
https://github.com/rubygems/rubygems/issues/1736
---
 .github/workflows/build.yml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 6c09777..d6f260a 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -78,15 +78,24 @@ jobs:
     - run: rm Gemfile.lock
 
     - name: Install OpenSSL
+      if: matrix.ruby != '2.4'
       uses: ./.github/actions/install-openssl
       with:
         version: "1.1.1w"
         os: ${{ runner.os }}
 
     - name: Manually set up Ruby
+      if: matrix.ruby != '2.4'
       uses: ./.github/actions/install-ruby
       with:
         version: ${{ matrix.ruby }}
         os: ${{ runner.os }}
 
+    - name: Set up Ruby
+      if: matrix.ruby == '2.4'
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: ${{ matrix.ruby }}
+        bundler-cache: true
+
     - run: bundle exec rspec