Additional version bound checks #8651
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Validate | |
# See: https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#concurrency. | |
concurrency: | |
group: ${{ github.ref }}-${{ github.workflow }} | |
cancel-in-progress: true | |
# Note: This workflow file contains the required job "Validate post job". We are using path filtering | |
# here to ignore PRs which only change documentation. This can cause a problem, see the workflow file | |
# "validate.skip.yml" for a description of the problem and the solution provided in that file. | |
on: | |
push: | |
paths-ignore: | |
- "doc/**" | |
- "**/README.md" | |
- "CONTRIBUTING.md" | |
- "changelog.d/**" | |
# only top level for these, because various test packages have them too | |
- "*/ChangeLog.md" | |
- "*/changelog.md" | |
- "release-notes/**" | |
branches: | |
- master | |
# hardcoded LTS branch, change when new LTS released! | |
- '3.12' | |
pull_request: | |
paths-ignore: | |
- "doc/**" | |
- "**/README.md" | |
- "CONTRIBUTING.md" | |
- "changelog.d/**" | |
- "*/ChangeLog.md" | |
- "*/changelog.md" | |
- "release-notes/**" | |
release: | |
types: | |
- created | |
workflow_call: | |
# See https://github.com/haskell/cabal/blob/master/CONTRIBUTING.md#hackage-revisions | |
workflow_dispatch: | |
inputs: | |
allow-newer: | |
description: allow-newer line | |
required: false | |
type: string | |
constraints: | |
description: constraints line | |
required: false | |
type: string | |
env: | |
# We choose a stable ghc version across all os's | |
# which will be used to do the next release | |
GHC_FOR_RELEASE: "9.4.8" | |
# Ideally we should use the version about to be released for hackage tests and benchmarks | |
GHC_FOR_SOLVER_BENCHMARKS: "9.4.8" | |
GHC_FOR_COMPLETE_HACKAGE_TESTS: "9.4.8" | |
COMMON_FLAGS: "-j 2 -v" | |
# See https://github.com/haskell/cabal/blob/master/CONTRIBUTING.md#hackage-revisions | |
ALLOWNEWER: ${{ github.event.inputs.allow-newer }} | |
CONSTRAINTS: ${{ github.event.inputs.constraints }} | |
jobs: | |
validate: | |
name: Validate ${{ matrix.sys.os }} ghc-${{ matrix.ghc }} | |
runs-on: ${{ matrix.sys.os }} | |
outputs: | |
GHC_FOR_RELEASE: ${{ format('["{0}"]', env.GHC_FOR_RELEASE) }} | |
strategy: | |
fail-fast: false | |
matrix: | |
sys: | |
- { os: windows-latest, shell: "C:/msys64/usr/bin/bash.exe -e {0}" } | |
- { os: ubuntu-22.04, shell: bash } | |
- { os: macos-latest, shell: bash } | |
# If you remove something from here, then add it to the old-ghcs job. | |
# Also a removed GHC from here means that we are actually dropping | |
# support, so the PR *must* have a changelog entry. | |
ghc: | |
[ | |
"9.10.1", | |
"9.8.2", | |
"9.6.6", | |
"9.4.8", | |
"9.2.8", | |
"9.0.2", | |
"8.10.7", | |
"8.8.4", | |
] | |
exclude: | |
# Throws fatal "cabal-tests.exe: fd:8: hGetLine: end of file" exception | |
# even with --io-manager=native | |
- sys: | |
{ os: windows-latest, shell: "C:/msys64/usr/bin/bash.exe -e {0}" } | |
ghc: "9.0.2" | |
# corrupts GHA cache or the fabric of reality itself, see https://github.com/haskell/cabal/issues/8356 | |
- sys: | |
{ os: windows-latest, shell: "C:/msys64/usr/bin/bash.exe -e {0}" } | |
ghc: "8.10.7" | |
# lot of segfaults caused by ghc bugs | |
- sys: | |
{ os: windows-latest, shell: "C:/msys64/usr/bin/bash.exe -e {0}" } | |
ghc: "8.8.4" | |
# ghc before 8.10.5 doesn't run on AArch64 | |
# 9.0.2 suffers from https://gitlab.haskell.org/ghc/ghc/-/issues/20592 | |
# 8.10.7 throws asm errors in hashable's cbits suggesting the runner doesn't | |
# support a CPU extension for hardware SHA; may be fixable with flags | |
- sys: | |
{ os: macos-latest, shell: bash } | |
ghc: "9.0.2" | |
- sys: | |
{ os: macos-latest, shell: bash } | |
ghc: "8.10.7" | |
- sys: | |
{ os: macos-latest, shell: bash } | |
ghc: "8.8.4" | |
defaults: | |
run: | |
shell: ${{ matrix.sys.shell }} | |
steps: | |
- name: Work around XDG directories existence (haskell-actions/setup#62) | |
if: runner.os == 'macOS' | |
run: | | |
rm -rf ~/.config/cabal | |
rm -rf ~/.cache/cabal | |
- name: "WIN: Setup TMP environment variable" | |
if: runner.os == 'Windows' | |
run: | | |
echo "TMP=${{ runner.temp }}" >> "$GITHUB_ENV" | |
- uses: actions/checkout@v4 | |
# See https://github.com/haskell/cabal/blob/master/CONTRIBUTING.md#hackage-revisions | |
- name: Add manually supplied allow-newer | |
if: github.event_name == 'workflow_dispatch' && github.event.inputs.allow-newer != '' | |
run: | | |
echo "allow-newer: ${{ github.event.inputs.allow-newer }}" >> cabal.validate.project | |
- name: Add manually supplied constraints | |
if: github.event_name == 'workflow_dispatch' && github.event.inputs.constraints != '' | |
run: | | |
echo "constraints: ${{ github.event.inputs.constraints }}" >> cabal.validate.project | |
- uses: haskell-actions/setup@v2 | |
id: setup-haskell | |
with: | |
ghc-version: ${{ matrix.ghc }} | |
cabal-version: 3.12.1.0 # see https://github.com/haskell/cabal/pull/10251 | |
ghcup-release-channel: https://raw.githubusercontent.com/haskell/ghcup-metadata/master/ghcup-prereleases-0.0.8.yaml | |
# See the following link for a breakdown of the following step | |
# https://github.com/haskell/actions/issues/7#issuecomment-745697160 | |
- uses: actions/cache@v4 | |
with: | |
# validate.sh uses a special build dir | |
path: | | |
${{ steps.setup-haskell.outputs.cabal-store }} | |
dist-* | |
key: ${{ runner.os }}-${{ matrix.ghc }}-${{ github.sha }} | |
restore-keys: ${{ runner.os }}-${{ matrix.ghc }}- | |
# The tool is not essential to the rest of the test suite. If | |
# hackage-repo-tool is not present, any test that requires it will | |
# be skipped. | |
# We want to keep this in the loop but we don't want to fail if | |
# hackage-repo-tool breaks or fails to support a newer GHC version. | |
- name: Install hackage-repo-tool | |
continue-on-error: true | |
run: cabal install --ignore-project hackage-repo-tool | |
# Needed by cabal-testsuite/PackageTests/Configure/setup.test.hs | |
- name: "MAC: Install Autotools" | |
if: runner.os == 'macOS' | |
run: brew install automake | |
# Needed by cabal-testsuite/PackageTests/Configure/setup.test.hs | |
- name: "WIN: Install Autotools" | |
if: runner.os == 'Windows' | |
run: /usr/bin/pacman --noconfirm -S autotools | |
- name: Set validate inputs | |
run: | | |
FLAGS="${{ env.COMMON_FLAGS }}" | |
if [[ "${{ matrix.ghc }}" == "${{ env.GHC_FOR_SOLVER_BENCHMARKS }}" ]]; then | |
FLAGS="$FLAGS --solver-benchmarks" | |
fi | |
if [[ "${{ matrix.ghc }}" == "${{ env.GHC_FOR_COMPLETE_HACKAGE_TESTS }}" ]]; then | |
FLAGS="$FLAGS --complete-hackage-tests" | |
fi | |
echo "FLAGS=$FLAGS" >> "$GITHUB_ENV" | |
- name: Validate print-config | |
run: sh validate.sh $FLAGS -s print-config | |
- name: Validate print-tool-versions | |
run: sh validate.sh $FLAGS -s print-tool-versions | |
- name: Validate build | |
run: sh validate.sh $FLAGS -s build | |
- name: Canonicalize architecture | |
run: | | |
case ${{ runner.arch }} in | |
X86) arch=i386 ;; | |
X64) arch=x86_64 ;; | |
ARM64) arch=aarch64 ;; | |
*) echo "Unsupported architecture, please fix validate.yaml" 2>/dev/null; exit 1 ;; | |
esac | |
echo "CABAL_ARCH=$arch" >> "$GITHUB_ENV" | |
- name: Tar cabal head executable | |
if: matrix.ghc == env.GHC_FOR_RELEASE | |
run: | | |
CABAL_EXEC=$(cabal list-bin --builddir=dist-newstyle-validate-ghc-${{ matrix.ghc }} --project-file=cabal.validate.project cabal-install:exe:cabal) | |
# We have to tar the executable to preserve executable permissions | |
# see https://github.com/actions/upload-artifact/issues/38 | |
if [[ "${{ runner.os }}" == "Windows" ]]; then | |
# `cabal list-bin` gives us a windows path but tar needs the posix one | |
CABAL_EXEC=$(cygpath "$CABAL_EXEC") | |
fi | |
if [[ "${{ runner.os }}" == "macOS" ]]; then | |
# Workaround to avoid bsdtar corrupts the executable | |
# so executing it after untar throws `cannot execute binary file` | |
# see https://github.com/actions/virtual-environments/issues/2619#issuecomment-788397841 | |
sudo /usr/sbin/purge | |
fi | |
DIR=$(dirname "$CABAL_EXEC") | |
FILE=$(basename "$CABAL_EXEC") | |
CABAL_EXEC_TAR="cabal-head-${{ runner.os }}-$CABAL_ARCH.tar.gz" | |
tar -czvf "$CABAL_EXEC_TAR" -C "$DIR" "$FILE" | |
echo "CABAL_EXEC_TAR=$CABAL_EXEC_TAR" >> "$GITHUB_ENV" | |
# We upload the cabal executable built with the ghc used in the release for: | |
# - Reuse it in the dogfooding job (although we could use the cached build dir) | |
# - Make it available in the workflow to make easier testing it locally | |
- name: Upload cabal-install executable to workflow artifacts | |
if: matrix.ghc == env.GHC_FOR_RELEASE | |
uses: actions/upload-artifact@v4 | |
with: | |
name: cabal-${{ runner.os }}-${{ env.CABAL_ARCH }} | |
path: ${{ env.CABAL_EXEC_TAR }} | |
- name: Validate tests | |
env: | |
# `rawSystemStdInOut reports text decoding errors` | |
# test does not find ghc without the full path in windows | |
GHCPATH: ${{ steps.setup-haskell.outputs.ghc-exe }} | |
run: | | |
set +e | |
rc=0 | |
tests="lib-tests lib-suite cli-tests cli-suite" | |
if [ "${{ matrix.ghc }}" = "${{ env.GHC_FOR_SOLVER_BENCHMARKS }}" ]; then | |
tests="$tests solver-benchmarks-tests solver-benchmarks-run" | |
fi | |
for test in $tests; do | |
echo Validate "$test" | |
sh validate.sh $FLAGS -s "$test" || rc=1 | |
echo End "$test" | |
done | |
exit $rc | |
# The above ensures all the tests get run, for a single platform+ghc. | |
# Trying to ensure they run for *all* combinations but still fail | |
# at the end seems to be extremely difficult at best. It's doable, | |
# but it requires a continuously growing stack of conditions and | |
# one possibly nightmarish final conditional. 'fail-fast' gets us | |
# partway there, at least, but is still imperfect. | |
validate-old-ghcs: | |
name: Validate old ghcs ${{ matrix.extra-ghc }} | |
runs-on: ubuntu-22.04 | |
needs: validate | |
strategy: | |
matrix: | |
extra-ghc: | |
["8.4.4", "8.2.2", "8.0.2"] | |
## GHC 7.10.3 does not install on ubuntu-22.04 with ghcup. | |
## Older GHCs are not supported by ghcup in the first place. | |
fail-fast: false | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Install prerequisites for old GHCs | |
run: | | |
sudo apt-get update | |
sudo apt-get install libncurses5 libtinfo5 | |
- name: Install extra compiler | |
run: ghcup install ghc ${{ matrix.extra-ghc }} | |
- name: GHCup logs | |
if: always() | |
run: cat /usr/local/.ghcup/logs/* | |
- name: Install primary compiler | |
uses: haskell-actions/setup@v2 | |
id: setup-haskell | |
with: | |
ghc-version: ${{ env.GHC_FOR_RELEASE }} | |
cabal-version: latest | |
- name: GHC versions | |
run: | | |
ghc --version | |
"ghc-${{ matrix.extra-ghc }}" --version | |
# As we are reusing the cached build dir from the previous step | |
# the generated artifacts are available here, | |
# including the cabal executable and the test suite | |
- uses: actions/cache@v4 | |
with: | |
path: | | |
${{ steps.setup-haskell.outputs.cabal-store }} | |
dist-* | |
key: ${{ runner.os }}-${{ env.GHC_FOR_RELEASE }}-${{ github.sha }} | |
restore-keys: ${{ runner.os }}-${{ env.GHC_FOR_RELEASE }}- | |
- name: Validate build | |
id: build | |
run: sh validate.sh ${{ env.COMMON_FLAGS }} -s build | |
- name: "Validate lib-suite-extras --extra-hc ghc-${{ matrix.extra-ghc }}" | |
env: | |
EXTRA_GHC: ghc-${{ matrix.extra-ghc }} | |
run: sh validate.sh ${{ env.COMMON_FLAGS }} --lib-only -s lib-suite-extras --extra-hc "${{ env.EXTRA_GHC }}" | |
# See the comment above about running all tests but still failing if one | |
# of them does; it also applies here. | |
build-alpine: | |
name: Build statically linked using alpine | |
runs-on: ubuntu-latest | |
container: "alpine:3.19" | |
steps: | |
- name: Install extra dependencies | |
shell: sh | |
run: | | |
apk add bash curl sudo jq pkgconfig \ | |
zlib-dev zlib-static binutils-gold curl \ | |
gcc g++ gmp-dev libc-dev libffi-dev make \ | |
musl-dev ncurses-dev perl tar xz | |
- uses: actions/checkout@v4 | |
# See https://github.com/haskell/cabal/blob/master/CONTRIBUTING.md#hackage-revisions | |
- name: Manually supplied constraints/allow-newer | |
if: github.event_name == 'workflow_dispatch' | |
run: | | |
echo "allow-newer: ${ALLOWNEWER}" >> cabal.validate.project | |
echo "constraints: ${CONSTRAINTS}" >> cabal.validate.project | |
- uses: haskell-actions/setup@v2 | |
id: setup-haskell | |
with: | |
ghc-version: ${{ env.GHC_FOR_RELEASE }} | |
cabal-version: latest # latest is mandatory for cabal-testsuite, see https://github.com/haskell/cabal/issues/8133 | |
# See the following link for a breakdown of the following step | |
# https://github.com/haskell/actions/issues/7#issuecomment-745697160 | |
- uses: actions/cache@v4 | |
with: | |
# validate.sh uses a special build dir | |
path: | | |
${{ steps.setup-haskell.outputs.cabal-store }} | |
dist-* | |
key: ${{ runner.os }}-${{ env.GHC_FOR_RELEASE }}-${{ github.sha }} | |
restore-keys: ${{ runner.os }}-${{ env.GHC_FOR_RELEASE }}- | |
- name: Enable statically linked executables | |
run: | | |
echo 'executable-static: true' >> cabal.validate.project | |
- name: Build | |
run: sh validate.sh $FLAGS -s build | |
- name: Tar cabal head executable | |
run: | | |
CABAL_EXEC=$(cabal list-bin --builddir=dist-newstyle-validate-ghc-${{ env.GHC_FOR_RELEASE }} --project-file=cabal.validate.project cabal-install:exe:cabal) | |
# We have to tar the executable to preserve executable permissions | |
# see https://github.com/actions/upload-artifact/issues/38 | |
DIR=$(dirname "$CABAL_EXEC") | |
FILE=$(basename "$CABAL_EXEC") | |
CABAL_EXEC_TAR="cabal-head-${{ runner.os }}-static-x86_64.tar.gz" | |
tar -czvf "$CABAL_EXEC_TAR" -C "$DIR" "$FILE" | |
echo "CABAL_EXEC_TAR=$CABAL_EXEC_TAR" >> "$GITHUB_ENV" | |
- name: Upload cabal-install executable to workflow artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: cabal-${{ runner.os }}-static-x86_64 | |
path: ${{ env.CABAL_EXEC_TAR }} | |
# The previous jobs use a released version of cabal to build cabal HEAD itself | |
# This one uses the cabal HEAD generated executable in the previous step | |
# to build itself again, as sanity check | |
dogfooding: | |
name: Dogfooding ${{ matrix.sys.os }} ghc-${{ matrix.ghc }} | |
runs-on: ${{ matrix.sys.os }} | |
needs: validate | |
strategy: | |
matrix: | |
sys: | |
- { os: windows-latest, shell: "C:/msys64/usr/bin/bash.exe -e {0}" } | |
- { os: ubuntu-22.04, shell: bash } | |
- { os: macos-latest, shell: bash } | |
# We only use one ghc version the used one for the next release (defined at top of the workflow) | |
# We need to build an array dynamically to inject the appropiate env var in a previous job, | |
# see https://docs.github.com/en/actions/learn-github-actions/expressions#fromjson | |
ghc: ${{ fromJSON (needs.validate.outputs.GHC_FOR_RELEASE) }} | |
defaults: | |
run: | |
shell: ${{ matrix.sys.shell }} | |
steps: | |
# TODO: make a reusable action for this | |
- name: Canonicalize architecture | |
run: | | |
case ${{ runner.arch }} in | |
X86) arch=i386 ;; | |
X64) arch=x86_64 ;; | |
ARM64) arch=aarch64 ;; | |
*) echo "Unsupported architecture" 2>/dev/null; exit 1 ;; | |
esac | |
echo "CABAL_ARCH=$arch" >> "$GITHUB_ENV" | |
- name: "MAC: Work around XDG directories existence (haskell-actions/setup#62)" | |
if: runner.os == 'macOS' | |
run: | | |
rm -rf ~/.config/cabal | |
rm -rf ~/.cache/cabal | |
- name: "WIN: Setup TMP environment variable" | |
if: runner.os == 'Windows' | |
run: | | |
echo "TMP=${{ runner.temp }}" >> "$GITHUB_ENV" | |
- uses: actions/checkout@v4 | |
- uses: haskell-actions/setup@v2 | |
id: setup-haskell | |
with: | |
ghc-version: ${{ matrix.ghc }} | |
cabal-version: latest # default, we are not using it in this job | |
- name: Download cabal executable from workflow artifacts | |
uses: actions/download-artifact@v4 | |
with: | |
name: cabal-${{ runner.os }}-${{ env.CABAL_ARCH }} | |
path: cabal-head | |
- name: Untar the cabal executable | |
run: tar -xzf "./cabal-head/cabal-head-${{ runner.os }}-$CABAL_ARCH.tar.gz" -C cabal-head | |
- name: print-config using cabal HEAD | |
run: sh validate.sh ${{ env.COMMON_FLAGS }} --with-cabal ./cabal-head/cabal -s print-config | |
# We dont use cache to force a build with a fresh store dir and build dir | |
# This way we check cabal can build all its dependencies | |
- name: Build using cabal HEAD | |
run: sh validate.sh ${{ env.COMMON_FLAGS }} --with-cabal ./cabal-head/cabal -s build | |
prerelease-head: | |
name: Create a GitHub prerelease with the binary artifacts | |
runs-on: ubuntu-latest | |
if: github.ref == 'refs/heads/master' | |
permissions: | |
contents: write | |
# IMPORTANT! Any job added to the workflow should be added here too | |
needs: [validate, validate-old-ghcs, build-alpine, dogfooding] | |
steps: | |
# for now this is hardcoded. is there a better way? | |
- uses: actions/download-artifact@v4 | |
with: | |
pattern: cabal-* | |
path: binaries | |
merge-multiple: true | |
- name: Create GitHub prerelease | |
uses: softprops/action-gh-release@v2 | |
with: | |
tag_name: cabal-head | |
prerelease: true | |
files: binaries/cabal-* | |
prerelease-lts: | |
name: Create a GitHub LTS prerelease with the binary artifacts | |
runs-on: ubuntu-latest | |
# The LTS branch is hardcoded for now, update it on a new LTS! | |
# if: github.ref == 'refs/heads/3.12' | |
permissions: | |
contents: write | |
# IMPORTANT! Any job added to the workflow should be added here too | |
needs: [validate, validate-old-ghcs, build-alpine, dogfooding] | |
steps: | |
- uses: actions/download-artifact@v4 | |
with: | |
pattern: cabal-* | |
path: binaries | |
merge-multiple: true | |
- run: | | |
# bash-ism, but we forced bash above | |
cd binaries | |
for f in cabal-*; do | |
mv "$f" "cabal-lts-${f##cabal-}" | |
done | |
- run: echo ${{ github.ref }} | |
- name: Create GitHub prerelease | |
if: github.ref == 'refs/heads/3.12' | |
uses: softprops/action-gh-release@v2 | |
with: | |
tag_name: cabal-lts-head | |
prerelease: true | |
files: binaries/cabal-* | |
# We use this job as a summary of the workflow | |
# It will fail if any of the previous jobs does | |
# This way we can use it exclusively in branch protection rules | |
# and abstract away the concrete jobs of the workflow, including their names | |
validate-post-job: | |
if: always() | |
name: Validate post job | |
runs-on: ubuntu-latest | |
# IMPORTANT! Any job added to the workflow should be added here too | |
needs: [validate, validate-old-ghcs, build-alpine, dogfooding] | |
steps: | |
- run: | | |
echo "jobs info: ${{ toJSON(needs) }}" | |
- if: contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') | |
run: exit 1 |