Merge branch 'haskell:main' into main

akacase · Mar 21, 2024 · 7baab49 · 7baab49
2 parents a648b0c + 9543bd9
commit 7baab49
Show file tree

Hide file tree

Showing 62 changed files with 2,901 additions and 565 deletions.
diff --git a/.github/haskell-ci.patch b/.github/haskell-ci.patch
@@ -6,21 +6,22 @@ index 96282c2..e40c573 100644
  jobs:
 +  tools_changed:
 +    continue-on-error: true
-+    runs-on: ubuntu-20.04
++    runs-on: ubuntu-22.04
 +    outputs:
 +      should_skip: ${{ steps.skip_check.outputs.should_skip }}
 +    steps:
 +      - id: skip_check
-+        uses: fkirc/[email protected].0
++        uses: fkirc/[email protected].1
 +        with:
 +          concurrent_skipping: "never"
 +          skip_after_successful_duplicate: "true"
 +          paths: '["code/**"]'
 +          do_not_skip: '["push", "workflow_dispatch", "schedule"]'
    linux:
      name: Haskell-CI - Linux - ${{ matrix.compiler }}
+-    runs-on: ubuntu-20.04
 +    needs: tools_changed
 +    if: ${{ needs.tools_changed.outputs.should_skip != 'true' }}
-     runs-on: ubuntu-20.04
++    runs-on: ubuntu-22.04
      timeout-minutes:
        60
diff --git a/.github/workflows/call-check-advisories.yml b/.github/workflows/call-check-advisories.yml
@@ -5,9 +5,6 @@ on:
       fetch-key:
         required: true
         type: string
-      is-artifact:
-        required: true
-        type: boolean
       changed-advisories:
         required: false
         type: string
@@ -16,31 +13,15 @@ jobs:
   check-advisories:
     runs-on: ubuntu-20.04
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           path: source
           # We need to retrieve full history to determine the correct
           # `published` and `modified` timestamps
           fetch-depth: 0
       - run: mkdir -p ~/.local/dockerImages
-      - name: Fetch artifact
-        if: ${{ inputs.is-artifact }}
-        uses: actions/download-artifact@v3
-        with:
-          name: ${{ inputs.fetch-key }}
-          path: ~/.local/dockerImages
       - name: Fetch cache
         id: fetch-binaries
-        if: ${{ !inputs.is-artifact }}
-        uses: actions/cache/restore@v3
-        with:
-          key: ${{ inputs.fetch-key }}
-          path: ~/.local/dockerImages
-      - name: Populate cache on cache miss
-        if: ${{ !inputs.is-artifact && steps.fetch-binaries.outputs.cache-hit != 'true' }}
-        uses: ./.github/workflows/call-nix.yml
-      - name: Fetch cache (second attempt after cache miss)
-        if: ${{ !inputs.is-artifact && steps.fetch-binaries.outputs.cache-hit != 'true' }}
         uses: actions/cache/restore@v3
         with:
           key: ${{ inputs.fetch-key }}

diff --git a/.github/workflows/call-nix.yml b/.github/workflows/call-nix.yml
@@ -1,13 +1,17 @@
 name: nix build
 on:
   workflow_call:
+    inputs:
+      cache-key:
+        required: true
+        type: string
 jobs:
   check_nix:
     name: Check nix build
     runs-on: ubuntu-22.04
     steps:
       - name: git checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Install Nix
         uses: DeterminateSystems/nix-installer-action@main
         with:
@@ -21,18 +25,13 @@ jobs:
         run: nix build -L '.#packages.x86_64-linux.hsec-tools-image'
       - run: mkdir -p ~/.local/dockerImages
       - run: cp result ~/.local/dockerImages/hsec-tools
-      - id: code-hash
-        name: Compute code directory hash
-        run: |
-          code_hash=$(git rev-parse HEAD:code)
-          echo "code-hash=$code_hash" >> "$GITHUB_OUTPUT"
       - uses: actions/cache/save@v3
-        if: ${{ github.event_name == 'push' && github.ref_name == 'main' }}
         with:
-          key: hsec-tools-${{ steps.code-hash.outputs.code-hash}}
+          key: ${{ inputs.cache-key }}
           path: ~/.local/dockerImages
       - name: upload executable
         uses: actions/upload-artifact@v3
+        if: ${{ github.event_name == 'push' && github.ref_name == 'main' }}
         with:
           name: hsec-tools-${{ github.sha }}
           path: ~/.local/dockerImages
diff --git a/.github/workflows/check-advisories.yml b/.github/workflows/check-advisories.yml
@@ -9,7 +9,7 @@ jobs:
       should_skip: ${{ steps.skip_check.outputs.should_skip }}
     steps:
       - id: skip_check
-        uses: fkirc/[email protected].0
+        uses: fkirc/[email protected].1
         with:
           concurrent_skipping: "never"
           skip_after_successful_duplicate: "true"
@@ -23,7 +23,7 @@ jobs:
       changed_files: ${{ steps.process-changed-files.outputs.out }}
     steps:
       - id: skip_check
-        uses: fkirc/[email protected].0
+        uses: fkirc/[email protected].1
         with:
           concurrent_skipping: "never"
           skip_after_successful_duplicate: "true"
@@ -45,17 +45,21 @@ jobs:
       code_hash: ${{ steps.code-hash.outputs.code-hash }}
     steps:
       - name: git checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - id: code-hash
         run: |
           code_hash=$(git rev-parse HEAD:code)
           echo "code-hash=$code_hash" >> "$GITHUB_OUTPUT"
+  populate_cache:
+    name: Populate cache
+    uses: ./.github/workflows/call-nix.yml
+    with:
+      cache-key: hsec-tools-${{ needs.code_hash.outputs.code_hash }}
   check_advisories:
     name: Invoke check-advisories workflow
-    needs: [tools_changed, advisories_changed, code_hash]
+    needs: [tools_changed, advisories_changed, code_hash, populate_cache]
     if: ${{ needs.tools_changed.outputs.should_skip == 'true' && needs.advisories_changed.outputs.should_skip != 'true' }}
     uses: ./.github/workflows/call-check-advisories.yml
     with:
       fetch-key: hsec-tools-${{ needs.code_hash.outputs.code_hash }}
-      is-artifact: false
       changed-advisories: ${{ needs.advisories_changed.outputs.changed_files }}
diff --git a/.github/workflows/haskell-ci.yml b/.github/workflows/haskell-ci.yml
@@ -1,16 +1,16 @@
 # This GitHub workflow config has been generated by a script via
 #
-#   haskell-ci 'github' '--haddock' '--hlint' '--hlint-job' '9.4.5' '--github-patches' '.github/haskell-ci.patch' 'code/hsec-tools/hsec-tools.cabal'
+#   haskell-ci 'github' '--haddock' '--hlint' '--hlint-job' '9.4.8' '--github-patches' '.github/haskell-ci.patch' 'cabal.project'
 #
 # To regenerate the script (for example after adjusting tested-with) run
 #
 #   haskell-ci regenerate
 #
 # For more information, see https://github.com/haskell-CI/haskell-ci
 #
-# version: 0.16.3
+# version: 0.17.20231110
 #
-# REGENDATA ("0.16.3",["github","--haddock","--hlint","--hlint-job","9.4.5","--github-patches",".github/haskell-ci.patch","code/hsec-tools/hsec-tools.cabal"])
+# REGENDATA ("0.17.20231110",["github","--haddock","--hlint","--hlint-job","9.4.8","--github-patches",".github/haskell-ci.patch","cabal.project"])
 #
 name: Haskell-CI
 on:
@@ -19,12 +19,12 @@ on:
 jobs:
   tools_changed:
     continue-on-error: true
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     outputs:
       should_skip: ${{ steps.skip_check.outputs.should_skip }}
     steps:
       - id: skip_check
-        uses: fkirc/[email protected].0
+        uses: fkirc/[email protected].1
         with:
           concurrent_skipping: "never"
           skip_after_successful_duplicate: "true"
@@ -34,7 +34,7 @@ jobs:
     name: Haskell-CI - Linux - ${{ matrix.compiler }}
     needs: tools_changed
     if: ${{ needs.tools_changed.outputs.should_skip != 'true' }}
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     timeout-minutes:
       60
     container:
@@ -43,19 +43,24 @@ jobs:
     strategy:
       matrix:
         include:
-          - compiler: ghc-9.6.2
+          - compiler: ghc-9.8.1
             compilerKind: ghc
-            compilerVersion: 9.6.2
+            compilerVersion: 9.8.1
             setup-method: ghcup
             allow-failure: false
-          - compiler: ghc-9.4.5
+          - compiler: ghc-9.6.3
             compilerKind: ghc
-            compilerVersion: 9.4.5
+            compilerVersion: 9.6.3
             setup-method: ghcup
             allow-failure: false
-          - compiler: ghc-9.2.7
+          - compiler: ghc-9.4.8
             compilerKind: ghc
-            compilerVersion: 9.2.7
+            compilerVersion: 9.4.8
+            setup-method: ghcup
+            allow-failure: false
+          - compiler: ghc-9.2.8
+            compilerKind: ghc
+            compilerVersion: 9.2.8
             setup-method: ghcup
             allow-failure: false
           - compiler: ghc-9.0.2
@@ -75,10 +80,10 @@ jobs:
           apt-get update
           apt-get install -y --no-install-recommends gnupg ca-certificates dirmngr curl git software-properties-common libtinfo5
           mkdir -p "$HOME/.ghcup/bin"
-          curl -sL https://downloads.haskell.org/ghcup/0.1.19.2/x86_64-linux-ghcup-0.1.19.2 > "$HOME/.ghcup/bin/ghcup"
+          curl -sL https://downloads.haskell.org/ghcup/0.1.20.0/x86_64-linux-ghcup-0.1.20.0 > "$HOME/.ghcup/bin/ghcup"
           chmod a+x "$HOME/.ghcup/bin/ghcup"
           "$HOME/.ghcup/bin/ghcup" install ghc "$HCVER" || (cat "$HOME"/.ghcup/logs/*.* && false)
-          "$HOME/.ghcup/bin/ghcup" install cabal 3.10.1.0 || (cat "$HOME"/.ghcup/logs/*.* && false)
+          "$HOME/.ghcup/bin/ghcup" install cabal 3.10.2.0 || (cat "$HOME"/.ghcup/logs/*.* && false)
         env:
           HCKIND: ${{ matrix.compilerKind }}
           HCNAME: ${{ matrix.compiler }}
@@ -90,11 +95,13 @@ jobs:
           echo "CABAL_DIR=$HOME/.cabal" >> "$GITHUB_ENV"
           echo "CABAL_CONFIG=$HOME/.cabal/config" >> "$GITHUB_ENV"
           HCDIR=/opt/$HCKIND/$HCVER
-          HC=$HOME/.ghcup/bin/$HCKIND-$HCVER
+          HC=$("$HOME/.ghcup/bin/ghcup" whereis ghc "$HCVER")
+          HCPKG=$(echo "$HC" | sed 's#ghc$#ghc-pkg#')
+          HADDOCK=$(echo "$HC" | sed 's#ghc$#haddock#')
           echo "HC=$HC" >> "$GITHUB_ENV"
-          echo "HCPKG=$HOME/.ghcup/bin/$HCKIND-pkg-$HCVER" >> "$GITHUB_ENV"
-          echo "HADDOCK=$HOME/.ghcup/bin/haddock-$HCVER" >> "$GITHUB_ENV"
-          echo "CABAL=$HOME/.ghcup/bin/cabal-3.10.1.0 -vnormal+nowrap" >> "$GITHUB_ENV"
+          echo "HCPKG=$HCPKG" >> "$GITHUB_ENV"
+          echo "HADDOCK=$HADDOCK" >> "$GITHUB_ENV"
+          echo "CABAL=$HOME/.ghcup/bin/cabal-3.10.2.0 -vnormal+nowrap" >> "$GITHUB_ENV"
           HCNUMVER=$(${HC} --numeric-version|perl -ne '/^(\d+)\.(\d+)\.(\d+)(\.(\d+))?$/; print(10000 * $1 + 100 * $2 + ($3 == 0 ? $5 != 1 : $3))')
           echo "HCNUMVER=$HCNUMVER" >> "$GITHUB_ENV"
           echo "ARG_TESTS=--enable-tests" >> "$GITHUB_ENV"
@@ -144,7 +151,7 @@ jobs:
       - name: cache (tools)
         uses: actions/cache/restore@v3
         with:
-          key: ${{ runner.os }}-${{ matrix.compiler }}-tools-6b1f90a1
+          key: ${{ runner.os }}-${{ matrix.compiler }}-tools-d8b62173
           path: ~/.haskell-ci-tools
       - name: install cabal-plan
         run: |
@@ -165,7 +172,7 @@ jobs:
         uses: actions/cache/save@v3
         if: always()
         with:
-          key: ${{ runner.os }}-${{ matrix.compiler }}-tools-6b1f90a1
+          key: ${{ runner.os }}-${{ matrix.compiler }}-tools-d8b62173
           path: ~/.haskell-ci-tools
       - name: checkout
         uses: actions/checkout@v3
@@ -174,7 +181,10 @@ jobs:
       - name: initial cabal.project for sdist
         run: |
           touch cabal.project
+          echo "packages: $GITHUB_WORKSPACE/source/code/hsec-core" >> cabal.project
           echo "packages: $GITHUB_WORKSPACE/source/code/hsec-tools" >> cabal.project
+          echo "packages: $GITHUB_WORKSPACE/source/code/cvss" >> cabal.project
+          echo "packages: $GITHUB_WORKSPACE/source/code/osv" >> cabal.project
           cat cabal.project
       - name: sdist
         run: |
@@ -188,15 +198,34 @@ jobs:
         run: |
           PKGDIR_hsec_tools="$(find "$GITHUB_WORKSPACE/unpacked" -maxdepth 1 -type d -regex '.*/hsec-tools-[0-9.]*')"
           echo "PKGDIR_hsec_tools=${PKGDIR_hsec_tools}" >> "$GITHUB_ENV"
+          PKGDIR_hsec_tools="$(find "$GITHUB_WORKSPACE/unpacked" -maxdepth 1 -type d -regex '.*/hsec-tools-[0-9.]*')"
+          echo "PKGDIR_hsec_tools=${PKGDIR_hsec_tools}" >> "$GITHUB_ENV"
+          PKGDIR_hsec_core="$(find "$GITHUB_WORKSPACE/unpacked" -maxdepth 1 -type d -regex '.*/hsec-core-[0-9.]*')"
+          echo "PKGDIR_hsec_core=${PKGDIR_hsec_core}" >> "$GITHUB_ENV"
+          PKGDIR_osv="$(find "$GITHUB_WORKSPACE/unpacked" -maxdepth 1 -type d -regex '.*/osv-[0-9.]*')"
+          echo "PKGDIR_osv=${PKGDIR_osv}" >> "$GITHUB_ENV"
+          PKGDIR_cvss="$(find "$GITHUB_WORKSPACE/unpacked" -maxdepth 1 -type d -regex '.*/cvss-[0-9.]*')"
+          echo "PKGDIR_cvss=${PKGDIR_cvss}" >> "$GITHUB_ENV"
           rm -f cabal.project cabal.project.local
           touch cabal.project
           touch cabal.project.local
+          echo "packages: ${PKGDIR_hsec_core}" >> cabal.project
           echo "packages: ${PKGDIR_hsec_tools}" >> cabal.project
+          echo "packages: ${PKGDIR_osv}" >> cabal.project
+          echo "packages: ${PKGDIR_cvss}" >> cabal.project
+          echo "package hsec-tools" >> cabal.project
+          echo "    ghc-options: -Werror=missing-methods" >> cabal.project
           echo "package hsec-tools" >> cabal.project
           echo "    ghc-options: -Werror=missing-methods" >> cabal.project
+          echo "package hsec-core" >> cabal.project
+          echo "    ghc-options: -Werror=missing-methods" >> cabal.project
+          echo "package osv" >> cabal.project
+          echo "    ghc-options: -Werror=missing-methods" >> cabal.project
+          echo "package cvss" >> cabal.project
+          echo "    ghc-options: -Werror=missing-methods" >> cabal.project
           cat >> cabal.project <<EOF
           EOF
-          $HCPKG list --simple-output --names-only | perl -ne 'for (split /\s+/) { print "constraints: $_ installed\n" unless /^(hsec-tools)$/; }' >> cabal.project.local
+          $HCPKG list --simple-output --names-only | perl -ne 'for (split /\s+/) { print "constraints: $_ installed\n" unless /^(cvss|osv|hsec-core|hsec-tools)$/; }' >> cabal.project.local
           cat cabal.project
           cat cabal.project.local
       - name: dump install plan
@@ -226,10 +255,19 @@ jobs:
         run: |
           if [ $((HCNUMVER >= 90400 && HCNUMVER < 90600)) -ne 0 ] ; then (cd ${PKGDIR_hsec_tools} && hlint -XHaskell2010 src) ; fi
           if [ $((HCNUMVER >= 90400 && HCNUMVER < 90600)) -ne 0 ] ; then (cd ${PKGDIR_hsec_tools} && hlint -XHaskell2010 app) ; fi
+          if [ $((HCNUMVER >= 90400 && HCNUMVER < 90600)) -ne 0 ] ; then (cd ${PKGDIR_hsec_core} && hlint -XHaskell2010 src) ; fi
+          if [ $((HCNUMVER >= 90400 && HCNUMVER < 90600)) -ne 0 ] ; then (cd ${PKGDIR_osv} && hlint -XHaskell2010 src) ; fi
+          if [ $((HCNUMVER >= 90400 && HCNUMVER < 90600)) -ne 0 ] ; then (cd ${PKGDIR_cvss} && hlint -XHaskell2010 src) ; fi
       - name: cabal check
         run: |
+          cd ${PKGDIR_hsec_core} || false
+          ${CABAL} -vnormal check
           cd ${PKGDIR_hsec_tools} || false
           ${CABAL} -vnormal check
+          cd ${PKGDIR_cvss} || false
+          ${CABAL} -vnormal check
+          cd ${PKGDIR_osv} || false
+          ${CABAL} -vnormal check
       - name: haddock
         run: |
           $CABAL v2-haddock --disable-documentation --haddock-all $ARG_COMPILER --with-haddock $HADDOCK $ARG_TESTS $ARG_BENCH all