CI: Use Ubuntu 22.04, drop 18.04

GitHub Actions has deprecated its Ubuntu 18.04 runners, and they will be
removed by December 1, 2022. Moreover, GitHub Actions now offers Ubuntu 22.04
runners.  It seems like a good time to upgrade our CI accordingly.

Somewhat annoyingly, the `haskell` Docker images that we use in our Dockerfiles
use such an old version of Debian that their version of `glibc` is incompatible
with any of the `what4-solvers` built for Ubuntu 20.04 or 22.04. As a result, I
switched them from the `haskell` Docker image to the `ubuntu` one. This
required some minor tweaks to how dependencies are installed, but nothing too
serious.

Fixes #1741. By upgrading the version of the solvers being used, this also
fixes #1744.

.dockerignore

@@ -3,6 +3,7 @@
 .DS_Store
 .cabal-sandbox
 cabal.sandbox.config
+cabal.project.local
 .ghc.environment.x86_64-darwin-*
 s2nTests
 

.github/workflows/ci.yml

@@ -1,6 +1,7 @@
 # Overall configuration notes:
 # - Artifact uploads for binaries are from GHC 8.10.7
-# - Builds for Ubuntu happen on 18.04 (would like to include 20.04, in addition)
+# - Builds for Ubuntu happen on 22.04. We also include a single configuration
+#   for 20.04 to increase our Linux coverage.
 # - Docker builds happen nightly, on manual invocation, and on release branch commits
 # Please update this comment as those details change.
 
@@ -23,13 +24,13 @@ env:
   # ./saw-remote-api/Dockerfile
   # ./s2nTests/scripts/blst-entrypoint.sh
   # ./s2nTests/docker/saw.dockerfile
-  SOLVER_PKG_VERSION: "snapshot-20220721"
+  SOLVER_PKG_VERSION: "snapshot-20220902"
 
   OCAML_VERSION: 4.09.x
 
 jobs:
   config:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     outputs:
       name: ${{ steps.config.outputs.name }}
       version: ${{ steps.config.outputs.version }}
@@ -66,8 +67,11 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [ubuntu-18.04, macos-12, windows-latest]
+        os: [ubuntu-22.04, macos-12, windows-latest]
         ghc: ["8.8.4", "8.10.7", "9.0.2"]
+        include:
+          - os: ubuntu-20.04
+            ghc: "8.10.7"
         exclude:
           # Exclude 8.8 on macOS 12 due to
           # https://gitlab.haskell.org/ghc/ghc/-/issues/18446
@@ -209,7 +213,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [ubuntu-latest, macos-12]
+        os: [ubuntu-22.04, macos-12]
     runs-on: ${{ matrix.os }}
     steps:
       - uses: actions/checkout@v2
@@ -243,7 +247,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [ubuntu-latest, macos-12]
+        os: [ubuntu-22.04, macos-12]
     runs-on: ${{ matrix.os }}
     steps:
       - uses: actions/checkout@v2
@@ -295,7 +299,7 @@ jobs:
         include:
           - name: Install and test
             test: saw-remote-api/scripts/run_rpc_tests.sh
-            os: ubuntu-18.04
+            os: ubuntu-22.04
           # TODO: saw-remote-api unit tests are disabled pending a fix for #1699
           - name: Install on MacOS
             test: |
@@ -306,7 +310,7 @@ jobs:
             os: macos-12
           - name: Check docs
             test: saw-remote-api/scripts/check_docs.sh
-            os: ubuntu-18.04
+            os: ubuntu-22.04
     steps:
       - uses: actions/checkout@v2
         with:
@@ -350,7 +354,7 @@ jobs:
       fail-fast: false
       matrix:
         suite: ${{ fromJson(needs.build.outputs.cabal-test-suites-json) }}
-        os: [ubuntu-18.04]
+        os: [ubuntu-22.04]
         continue-on-error: [false]
         include:
           - suite: integration_tests
@@ -414,7 +418,7 @@ jobs:
           dist-tests/${{ matrix.suite }}
 
   build-push-image:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     needs: [config]
     if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch' || needs.config.outputs.release == 'true'
     strategy:
@@ -516,7 +520,7 @@ jobs:
     name: "Test s2n proofs"
     timeout-minutes: 120
     needs: build
-    runs-on: ubuntu-18.04
+    runs-on: ubuntu-22.04
     strategy:
       fail-fast: false
       matrix:
@@ -569,7 +573,7 @@ jobs:
   # - changes to jobs or job instances don't require a mergify config update
   # - dependencies through `needs:` are validated, CI will fail if it's invalid
   mergify:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     needs:
       - build
       - heapster-tests

s2nTests/README.md

@@ -3,7 +3,7 @@ This directory contains Docker configurations for running some more complex cryp
 (These are the same configurations used in our GitHub Actions CI.)
 
 ## Building SAWScript
-Running `make saw-script` will build SAWScript from the current working tree and place the resulting `saw` binary in `bin/`. This is useful if you develop on a system that isn't binary-compatible with Ubuntu 18.04 (e.g. macOS or NixOS).
+Running `make saw-script` will build SAWScript from the current working tree and place the resulting `saw` binary in `bin/`. This is useful if you develop on a system that isn't binary-compatible with Ubuntu 22.04 (e.g. macOS or NixOS).
 
 ## Running tests
 Running `make <target>` on one of the following targets will use the `saw` binary in `bin/` to run the respective proof:

s2nTests/scripts/blst-entrypoint.sh

@@ -5,7 +5,7 @@ cd /workdir
 ./scripts/install.sh
 cp /saw-bin/saw bin/saw
 
-wget --quiet -O solvers.zip "https://github.com/GaloisInc/what4-solvers/releases/download/snapshot-20210917/ubuntu-20.04-bin.zip"
+wget --quiet -O solvers.zip "https://github.com/GaloisInc/what4-solvers/releases/download/snapshot-20220902/ubuntu-20.04-bin.zip"
 (cd bin && unzip -o ../solvers.zip)
 chmod +x bin/*
 

saw-remote-api/Dockerfile

@@ -1,25 +1,41 @@
-FROM haskell:8.8.4 AS build
+FROM ubuntu:22.04 AS build
 USER root
-RUN apt-get update && apt-get install -y wget libncurses-dev unzip
+RUN apt-get update && \
+    apt-get install -y \
+      # ghcup requirements
+      build-essential curl libffi-dev libffi8 libgmp-dev libgmp10 libncurses-dev libncurses6 libtinfo6 \
+      # SAW dependencies
+      zlib1g-dev \
+      # Miscellaneous
+      git wget unzip
 RUN useradd -m saw
 COPY --chown=saw:saw . /home/saw
 USER saw
 WORKDIR /home/saw
 ENV LANG=C.UTF-8 \
     LC_ALL=C.UTF-8
 COPY cabal.GHC-8.8.4.config cabal.project.freeze
+ENV PATH=/home/saw/ghcup-download/bin:/home/saw/.ghcup/bin:$PATH
+RUN mkdir -p /home/saw/ghcup-download/bin && \
+    curl -L https://downloads.haskell.org/~ghcup/0.1.17.7/x86_64-linux-ghcup-0.1.17.7 -o /home/saw/ghcup-download/bin/ghcup && \
+    chmod +x /home/saw/ghcup-download/bin/ghcup
+RUN mkdir -p /home/saw/.ghcup && \
+    ghcup --version && \
+    ghcup install cabal 3.6.2.0 && \
+    ghcup install ghc 8.8.4 && \
+    ghcup set ghc 8.8.4
 RUN cabal v2-update && cabal v2-build -j exe:saw-remote-api
 RUN mkdir -p /home/saw/rootfs/usr/local/bin
 RUN cp $(cabal v2-exec which saw-remote-api) /home/saw/rootfs/usr/local/bin/saw-remote-api
 WORKDIR /home/saw//rootfs/usr/local/bin
-RUN curl -o solvers.zip -sL "https://github.com/GaloisInc/what4-solvers/releases/download/snapshot-20210917/ubuntu-18.04-bin.zip"
+RUN curl -o solvers.zip -sL "https://github.com/GaloisInc/what4-solvers/releases/download/snapshot-20220902/ubuntu-22.04-bin.zip"
 RUN unzip solvers.zip && rm solvers.zip && chmod +x *
 USER root
 RUN chown -R root:root /home/saw/rootfs
 
-FROM debian:buster-slim
-RUN apt-get update \
-    && apt-get install -y libgmp10 libgomp1 libffi6 wget libncurses5 unzip libreadline-dev openjdk-11-jdk-headless
+FROM ubuntu:22.04
+RUN apt-get update && \
+    apt-get install -y libgmp10 libgomp1 libffi8 wget libncurses6 unzip libreadline-dev openjdk-11-jdk-headless
 COPY --from=build /home/saw/rootfs /
 RUN useradd -m saw && chown -R saw:saw /home/saw
 USER saw

saw/Dockerfile

@@ -1,26 +1,42 @@
-FROM haskell:8.8.4 AS build
+FROM ubuntu:22.04 AS build
 USER root
-RUN apt-get update && apt-get install -y wget libncurses-dev unzip
+RUN apt-get update && \
+    apt-get install -y \
+      # ghcup requirements
+      build-essential curl libffi-dev libffi8 libgmp-dev libgmp10 libncurses-dev libncurses6 libtinfo6 \
+      # SAW dependencies
+      zlib1g-dev \
+      # Miscellaneous
+      git wget unzip
 RUN useradd -m saw
 COPY --chown=saw:saw . /home/saw
 USER saw
 WORKDIR /home/saw
 ENV LANG=C.UTF-8 \
     LC_ALL=C.UTF-8
 COPY cabal.GHC-8.8.4.config cabal.project.freeze
+ENV PATH=/home/saw/ghcup-download/bin:/home/saw/.ghcup/bin:$PATH
+RUN mkdir -p /home/saw/ghcup-download/bin && \
+    curl -L https://downloads.haskell.org/~ghcup/0.1.17.7/x86_64-linux-ghcup-0.1.17.7 -o /home/saw/ghcup-download/bin/ghcup && \
+    chmod +x /home/saw/ghcup-download/bin/ghcup
+RUN mkdir -p /home/saw/.ghcup && \
+    ghcup --version && \
+    ghcup install cabal 3.6.2.0 && \
+    ghcup install ghc 8.8.4 && \
+    ghcup set ghc 8.8.4
 RUN cabal v2-update
 RUN cabal v2-build
 RUN mkdir -p /home/saw/rootfs/usr/local/bin
 RUN cp $(cabal v2-exec which saw) /home/saw/rootfs/usr/local/bin/saw
 WORKDIR /home/saw//rootfs/usr/local/bin
-RUN curl -o solvers.zip -sL "https://github.com/GaloisInc/what4-solvers/releases/download/snapshot-20210917/ubuntu-18.04-bin.zip"
+RUN curl -o solvers.zip -sL "https://github.com/GaloisInc/what4-solvers/releases/download/snapshot-20220902/ubuntu-22.04-bin.zip"
 RUN unzip solvers.zip && rm solvers.zip && chmod +x *
 USER root
 RUN chown -R root:root /home/saw/rootfs
 
-FROM debian:buster-slim
-RUN apt-get update \
-    && apt-get install -y libgmp10 libgomp1 libffi6 wget libncurses5 libreadline-dev unzip
+FROM ubuntu:22.04
+RUN apt-get update && \
+    apt-get install -y libgmp10 libgomp1 libffi8 wget libncurses6 libreadline-dev unzip
 COPY --from=build /home/saw/rootfs /
 RUN useradd -m saw && chown -R saw:saw /home/saw
 USER saw