feature: Private Dependencies #6438
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Validate | |
# We use bash as default even in windows | |
# to try keep the workflow as uniform as possible | |
defaults: | |
run: | |
shell: bash | |
# See: https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#concurrency. | |
concurrency: | |
group: ${{ github.ref }}-${{ github.workflow }} | |
cancel-in-progress: true | |
# Note: This workflow file contains the required job "Validate post job". We are using path filtering | |
# here to ignore PRs which only change documentation. This can cause a problem, see the workflow file | |
# "validate.skip.yml" for a description of the problem and the solution provided in that file. | |
on: | |
push: | |
paths-ignore: | |
- 'doc/**' | |
- '**/README.md' | |
- 'CONTRIBUTING.md' | |
branches: | |
- master | |
pull_request: | |
paths-ignore: | |
- 'doc/**' | |
- '**/README.md' | |
- 'CONTRIBUTING.md' | |
release: | |
types: | |
- created | |
workflow_call: | |
# See https://github.com/haskell/cabal/blob/master/CONTRIBUTING.md#hackage-revisions | |
workflow_dispatch: | |
inputs: | |
allow-newer: | |
description: allow-newer line | |
required: true | |
type: string | |
constraints: | |
description: constraints line | |
required: true | |
type: string | |
env: | |
# We choose a stable ghc version across all os's | |
# which will be used to do the next release | |
GHC_FOR_RELEASE: '9.4.8' | |
# Ideally we should use the version about to be released for hackage tests and benchmarks | |
GHC_FOR_SOLVER_BENCHMARKS: '9.4.8' | |
GHC_FOR_COMPLETE_HACKAGE_TESTS: '9.4.8' | |
COMMON_FLAGS: '-j 2 -v' | |
# See https://github.com/haskell/cabal/blob/master/CONTRIBUTING.md#hackage-revisions | |
ALLOWNEWER: ${{ github.event.inputs.allow-newer }} | |
CONSTRAINTS: ${{ github.event.inputs.constraints }} | |
jobs: | |
validate: | |
name: Validate ${{ matrix.os }} ghc-${{ matrix.ghc }} | |
runs-on: ${{ matrix.os }} | |
outputs: | |
GHC_FOR_RELEASE: ${{ format('["{0}"]', env.GHC_FOR_RELEASE) }} | |
strategy: | |
matrix: | |
os: [ubuntu-latest, macos-13, windows-latest] | |
# If you remove something from here.. then add it to the old-ghcs job. | |
ghc: ['9.8.2', '9.6.4', '9.4.8', '9.2.8', '9.0.2', '8.10.7', '8.8.4', '8.6.5'] | |
exclude: | |
# corrupts GHA cache or the fabric of reality itself, see https://github.com/haskell/cabal/issues/8356 | |
- os: windows-latest | |
ghc: '8.10.7' | |
# lot of segfaults caused by ghc bugs | |
- os: windows-latest | |
ghc: '8.8.4' | |
# it often randomly does "C:\Users\RUNNER~1\AppData\Local\Temp\ghcFEDE.c: DeleteFile "\\\\?\\C:\\Users\\RUNNER~1\\AppData\\Local\\Temp\\ghcFEDE.c": permission denied (Access is denied.)" | |
- os: windows-latest | |
ghc: '8.6.5' | |
steps: | |
- name: Work around XDG directories existence (haskell-actions/setup#62) | |
if: runner.os == 'macOS' | |
run: | | |
rm -rf ~/.config/cabal | |
rm -rf ~/.cache/cabal | |
- uses: actions/checkout@v4 | |
# See https://github.com/haskell/cabal/blob/master/CONTRIBUTING.md#hackage-revisions | |
- name: Manually supplied constraints/allow-newer | |
if: github.event_name == 'workflow_dispatch' | |
run: | | |
echo "allow-newer: ${ALLOWNEWER}" >> cabal.project.validate | |
echo "constraints: ${CONSTRAINTS}" >> cabal.project.validate | |
- uses: haskell-actions/setup@v2 | |
id: setup-haskell | |
with: | |
ghc-version: ${{ matrix.ghc }} | |
cabal-version: latest # latest is mandatory for cabal-testsuite, see https://github.com/haskell/cabal/issues/8133 | |
# See the following link for a breakdown of the following step | |
# https://github.com/haskell/actions/issues/7#issuecomment-745697160 | |
- uses: actions/cache@v4 | |
with: | |
# validate.sh uses a special build dir | |
path: | | |
${{ steps.setup-haskell.outputs.cabal-store }} | |
dist-* | |
key: ${{ runner.os }}-${{ matrix.ghc }}-${{ github.sha }} | |
restore-keys: ${{ runner.os }}-${{ matrix.ghc }}- | |
- name: Work around git problem https://bugs.launchpad.net/ubuntu/+source/git/+bug/1993586 (cabal PR #8546) | |
run: git config --global protocol.file.allow always | |
# The tool is not essential to the rest of the test suite. If | |
# hackage-repo-tool is not present, any test that requires it will | |
# be skipped. | |
# We want to keep this in the loop but we don't want to fail if | |
# hackage-repo-tool breaks or fails to support a newer GHC version. | |
- name: Install hackage-repo-tool | |
continue-on-error: true | |
run: cabal install --ignore-project hackage-repo-tool | |
# Needed by cabal-testsuite/PackageTests/Configure/setup.test.hs | |
- name: Install Autotools | |
if: runner.os == 'macOS' | |
run: brew install automake | |
- name: Set validate inputs | |
run: | | |
FLAGS="${{ env.COMMON_FLAGS }}" | |
if [[ "${{ matrix.ghc }}" == "${{ env.GHC_FOR_SOLVER_BENCHMARKS }}" ]]; then | |
FLAGS="$FLAGS --solver-benchmarks" | |
fi | |
if [[ "${{ matrix.ghc }}" == "${{ env.GHC_FOR_COMPLETE_HACKAGE_TESTS }}" ]]; then | |
FLAGS="$FLAGS --complete-hackage-tests" | |
fi | |
echo "FLAGS=$FLAGS" >> "$GITHUB_ENV" | |
- name: Validate print-config | |
run: sh validate.sh $FLAGS -s print-config | |
- name: Validate print-tool-versions | |
run: sh validate.sh $FLAGS -s print-tool-versions | |
- name: Validate build | |
run: sh validate.sh $FLAGS -s build | |
- name: Tar cabal head executable | |
if: matrix.ghc == env.GHC_FOR_RELEASE | |
run: | | |
CABAL_EXEC=$(cabal list-bin --builddir=dist-newstyle-validate-ghc-${{ matrix.ghc }} --project-file=cabal.project.validate cabal-install:exe:cabal) | |
# We have to tar the executable to preserve executable permissions | |
# see https://github.com/actions/upload-artifact/issues/38 | |
if [[ "${{ runner.os }}" == "Windows" ]]; then | |
# `cabal list-bin` gives us a windows path but tar needs the posix one | |
CABAL_EXEC=$(cygpath "$CABAL_EXEC") | |
fi | |
if [[ "${{ runner.os }}" == "macOS" ]]; then | |
# Workaround to avoid bsdtar corrupts the executable | |
# so executing it after untar throws `cannot execute binary file` | |
# see https://github.com/actions/virtual-environments/issues/2619#issuecomment-788397841 | |
sudo /usr/sbin/purge | |
fi | |
DIR=$(dirname "$CABAL_EXEC") | |
FILE=$(basename "$CABAL_EXEC") | |
CABAL_EXEC_TAR="cabal-head-${{ runner.os }}-x86_64.tar.gz" | |
tar -czvf "$CABAL_EXEC_TAR" -C "$DIR" "$FILE" | |
echo "CABAL_EXEC_TAR=$CABAL_EXEC_TAR" >> "$GITHUB_ENV" | |
# We upload the cabal executable built with the ghc used in the release for: | |
# - Reuse it in the dogfooding job (although we could use the cached build dir) | |
# - Make it available in the workflow to make easier testing it locally | |
- name: Upload cabal-install executable to workflow artifacts | |
if: matrix.ghc == env.GHC_FOR_RELEASE | |
uses: actions/upload-artifact@v3 | |
with: | |
name: cabal-${{ runner.os }}-x86_64 | |
path: ${{ env.CABAL_EXEC_TAR }} | |
- name: Validate lib-tests | |
env: | |
# `rawSystemStdInOut reports text decoding errors` | |
# test does not find ghc without the full path in windows | |
GHCPATH: ${{ steps.setup-haskell.outputs.ghc-exe }} | |
run: sh validate.sh $FLAGS -s lib-tests | |
- name: Validate lib-suite | |
run: sh validate.sh $FLAGS -s lib-suite | |
- name: Validate cli-tests | |
run: sh validate.sh $FLAGS -s cli-tests | |
- name: Validate cli-suite | |
run: sh validate.sh $FLAGS -s cli-suite | |
- name: Validate solver-benchmarks-tests | |
if: matrix.ghc == env.GHC_FOR_SOLVER_BENCHMARKS | |
run: sh validate.sh $FLAGS -s solver-benchmarks-tests | |
- name: Validate solver-benchmarks-run | |
if: matrix.ghc == env.GHC_FOR_SOLVER_BENCHMARKS | |
run: sh validate.sh $FLAGS -s solver-benchmarks-run | |
validate-old-ghcs: | |
name: Validate old ghcs ${{ matrix.extra-ghc }} | |
runs-on: ubuntu-latest | |
needs: validate | |
strategy: | |
matrix: | |
extra-ghc: ['8.4.4', '8.2.2', '8.0.2'] | |
## GHC 7.10.3 does not install on ubuntu-22.04 with ghcup. | |
## Older GHCs are not supported by ghcup in the first place. | |
fail-fast: false | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Install prerequisites for old GHCs | |
run: | | |
sudo apt-get update | |
sudo apt-get install libncurses5 libtinfo5 | |
- name: Install extra compiler | |
run: ghcup install ghc ${{ matrix.extra-ghc }} | |
- name: GHCup logs | |
if: always() | |
run: cat /usr/local/.ghcup/logs/* | |
- name: Install primary compiler | |
uses: haskell-actions/setup@v2 | |
id: setup-haskell | |
with: | |
ghc-version: ${{ env.GHC_FOR_RELEASE }} | |
cabal-version: latest | |
- name: GHC versions | |
run: | | |
ghc --version | |
"ghc-${{ matrix.extra-ghc }}" --version | |
# As we are reusing the cached build dir from the previous step | |
# the generated artifacts are available here, | |
# including the cabal executable and the test suite | |
- uses: actions/cache@v4 | |
with: | |
path: | | |
${{ steps.setup-haskell.outputs.cabal-store }} | |
dist-* | |
key: ${{ runner.os }}-${{ env.GHC_FOR_RELEASE }}-${{ github.sha }} | |
restore-keys: ${{ runner.os }}-${{ env.GHC_FOR_RELEASE }}- | |
- name: Validate build | |
run: sh validate.sh ${{ env.COMMON_FLAGS }} -s build | |
- name: "Validate lib-suite-extras --extra-hc ghc-${{ matrix.extra-ghc }}" | |
env: | |
EXTRA_GHC: ghc-${{ matrix.extra-ghc }} | |
run: sh validate.sh ${{ env.COMMON_FLAGS }} --lib-only -s lib-suite-extras --extra-hc "${{ env.EXTRA_GHC }}" | |
build-alpine: | |
name: Build statically linked using alpine | |
runs-on: ubuntu-latest | |
container: 'alpine:3.19' | |
steps: | |
- name: Install extra dependencies | |
shell: sh | |
run: | | |
apk add bash curl sudo jq pkgconfig \ | |
zlib-dev zlib-static binutils-gold curl \ | |
gcc g++ gmp-dev libc-dev libffi-dev make \ | |
musl-dev ncurses-dev perl tar xz | |
- uses: actions/checkout@v4 | |
# See https://github.com/haskell/cabal/blob/master/CONTRIBUTING.md#hackage-revisions | |
- name: Manually supplied constraints/allow-newer | |
if: github.event_name == 'workflow_dispatch' | |
run: | | |
echo "allow-newer: ${ALLOWNEWER}" >> cabal.project.validate | |
echo "constraints: ${CONSTRAINTS}" >> cabal.project.validate | |
- uses: haskell-actions/setup@v2 | |
id: setup-haskell | |
with: | |
ghc-version: ${{ env.GHC_FOR_RELEASE }} | |
cabal-version: latest # latest is mandatory for cabal-testsuite, see https://github.com/haskell/cabal/issues/8133 | |
# See the following link for a breakdown of the following step | |
# https://github.com/haskell/actions/issues/7#issuecomment-745697160 | |
- uses: actions/cache@v4 | |
with: | |
# validate.sh uses a special build dir | |
path: | | |
${{ steps.setup-haskell.outputs.cabal-store }} | |
dist-* | |
key: ${{ runner.os }}-${{ env.GHC_FOR_RELEASE }}-${{ github.sha }} | |
restore-keys: ${{ runner.os }}-${{ env.GHC_FOR_RELEASE }}- | |
- name: Enable statically linked executables | |
run: | | |
echo 'executable-static: true' >> cabal.project.validate | |
- name: Build | |
run: sh validate.sh $FLAGS -s build | |
- name: Tar cabal head executable | |
run: | | |
CABAL_EXEC=$(cabal list-bin --builddir=dist-newstyle-validate-ghc-${{ env.GHC_FOR_RELEASE }} --project-file=cabal.project.validate cabal-install:exe:cabal) | |
# We have to tar the executable to preserve executable permissions | |
# see https://github.com/actions/upload-artifact/issues/38 | |
DIR=$(dirname "$CABAL_EXEC") | |
FILE=$(basename "$CABAL_EXEC") | |
CABAL_EXEC_TAR="cabal-head-${{ runner.os }}-static-x86_64.tar.gz" | |
tar -czvf "$CABAL_EXEC_TAR" -C "$DIR" "$FILE" | |
echo "CABAL_EXEC_TAR=$CABAL_EXEC_TAR" >> "$GITHUB_ENV" | |
- name: Upload cabal-install executable to workflow artifacts | |
uses: actions/upload-artifact@v3 | |
with: | |
name: cabal-${{ runner.os }}-static-x86_64 | |
path: ${{ env.CABAL_EXEC_TAR }} | |
# The previous jobs use a released version of cabal to build cabal HEAD itself | |
# This one uses the cabal HEAD generated executable in the previous step | |
# to build itself again, as sanity check | |
dogfooding: | |
name: Dogfooding ${{ matrix.os }} ghc-${{ matrix.ghc }} | |
runs-on: ${{ matrix.os }} | |
needs: validate | |
strategy: | |
matrix: | |
os: [ubuntu-latest, macos-latest, windows-latest] | |
# We only use one ghc version the used one for the next release (defined at top of the workflow) | |
# We need to build an array dynamically to inject the appropiate env var in a previous job, | |
# see https://docs.github.com/en/actions/learn-github-actions/expressions#fromjson | |
ghc: ${{ fromJSON (needs.validate.outputs.GHC_FOR_RELEASE) }} | |
steps: | |
- name: Work around XDG directories existence (haskell-actions/setup#62) | |
if: runner.os == 'macOS' | |
run: | | |
rm -rf ~/.config/cabal | |
rm -rf ~/.cache/cabal | |
- uses: actions/checkout@v4 | |
- uses: haskell-actions/setup@v2 | |
id: setup-haskell | |
with: | |
ghc-version: ${{ matrix.ghc }} | |
cabal-version: latest # default, we are not using it in this job | |
- name: Download cabal executable from workflow artifacts | |
uses: actions/download-artifact@v3 | |
with: | |
name: cabal-${{ runner.os }}-x86_64 | |
path: cabal-head | |
- name: Untar the cabal executable | |
run: tar -xzf "./cabal-head/cabal-head-${{ runner.os }}-x86_64.tar.gz" -C cabal-head | |
- name: print-config using cabal HEAD | |
run: sh validate.sh ${{ env.COMMON_FLAGS }} --with-cabal ./cabal-head/cabal -s print-config | |
# We dont use cache to force a build with a fresh store dir and build dir | |
# This way we check cabal can build all its dependencies | |
- name: Build using cabal HEAD | |
run: sh validate.sh ${{ env.COMMON_FLAGS }} --with-cabal ./cabal-head/cabal -s build | |
prerelease-head: | |
name: Create a GitHub prerelease with the binary artifacts | |
runs-on: ubuntu-latest | |
if: github.ref == 'refs/heads/master' | |
# IMPORTANT! Any job added to the workflow should be added here too | |
needs: [validate, validate-old-ghcs, build-alpine, dogfooding] | |
steps: | |
- uses: actions/download-artifact@v3 | |
with: | |
name: cabal-Windows-x86_64 | |
- uses: actions/download-artifact@v3 | |
with: | |
name: cabal-Linux-x86_64 | |
- uses: actions/download-artifact@v3 | |
with: | |
name: cabal-Linux-static-x86_64 | |
- uses: actions/download-artifact@v3 | |
with: | |
name: cabal-macOS-x86_64 | |
- name: Create GitHub prerelease | |
uses: marvinpinto/[email protected] | |
with: | |
repo_token: ${{ secrets.GITHUB_TOKEN }} | |
automatic_release_tag: cabal-head | |
prerelease: true | |
title: cabal-head | |
files: | | |
cabal-head-Windows-x86_64.tar.gz | |
cabal-head-Linux-x86_64.tar.gz | |
cabal-head-Linux-static-x86_64.tar.gz | |
cabal-head-macOS-x86_64.tar.gz | |
# We use this job as a summary of the workflow | |
# It will fail if any of the previous jobs does it | |
# This way we can use it exclusively in branch protection rules | |
# and abstract away the concrete jobs of the workflow, including their names | |
validate-post-job: | |
if: always() | |
name: Validate post job | |
runs-on: ubuntu-latest | |
# IMPORTANT! Any job added to the workflow should be added here too | |
needs: [validate, validate-old-ghcs, build-alpine, dogfooding] | |
steps: | |
- run: | | |
echo "jobs info: ${{ toJSON(needs) }}" | |
- if: contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') | |
run: exit 1 |