Add script support when making hot key authorisation certificates #2544
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Haskell CI | |
on: | |
merge_group: | |
pull_request: | |
push: | |
# we need this to populate cache for `main` branch to make it available to the child branches, see | |
# https://docs.github.com/en/actions/using-workflows/caching-dependencies-to-speed-up-workflows#restrictions-for-accessing-a-cache | |
branches: | |
- main | |
jobs: | |
build: | |
runs-on: ${{ matrix.os }} | |
strategy: | |
fail-fast: false | |
matrix: | |
ghc: ["8.10.7", "9.6.4", "9.8.1"] | |
cabal: ["3.10.2.0"] | |
os: [ubuntu-latest, macos-latest, windows-latest] | |
env: | |
# Modify this value to "invalidate" the cabal cache. | |
CABAL_CACHE_VERSION: "2024-02-15" | |
concurrency: | |
group: > | |
a+${{ github.event_name }} | |
b+${{ github.workflow_ref }} | |
c+${{ github.job }} | |
d+${{ matrix.ghc }} | |
e+${{ matrix.cabal }} | |
f+${{ matrix.os }} | |
g+${{ (startsWith(github.ref, 'refs/heads/gh-readonly-queue/') && github.run_id) || github.event.pull_request.number || github.ref }} | |
cancel-in-progress: true | |
steps: | |
- name: Concurrency group | |
run: > | |
echo | |
a+${{ github.event_name }} | |
b+${{ github.workflow_ref }} | |
c+${{ github.job }} | |
d+${{ matrix.ghc }} | |
e+${{ matrix.cabal }} | |
f+${{ matrix.os }} | |
g+${{ (startsWith(github.ref, 'refs/heads/gh-readonly-queue/') && github.run_id) || github.event.pull_request.number || github.ref }} | |
- name: Install Haskell | |
uses: input-output-hk/actions/haskell@latest | |
id: setup-haskell | |
with: | |
ghc-version: ${{ matrix.ghc }} | |
cabal-version: ${{ matrix.cabal }} | |
- name: Install system dependencies | |
uses: input-output-hk/actions/base@latest | |
with: | |
use-sodium-vrf: true # default is true | |
- uses: actions/checkout@v3 | |
- name: Cabal update | |
run: cabal update | |
# A dry run `build all` operation does *NOT* downlaod anything, it just looks at the package | |
# indices to generate an install plan. | |
- name: Build dry run | |
run: cabal build all --enable-tests --dry-run --minimize-conflict-set | |
# From the install plan we generate a dependency list. | |
- name: Record dependencies | |
id: record-deps | |
run: | | |
# The tests call out to msys2 commands. We generally do not want to mix toolchains, so | |
# we are very deliberate about only adding msys64 to the path where absolutely necessary. | |
${{ (runner.os == 'Windows' && '$env:PATH=("C:\msys64\mingw64\bin;{0}" -f $env:PATH)') || '' }} | |
cat dist-newstyle/cache/plan.json | jq -r '."install-plan"[].id' | sort | uniq > dependencies.txt | |
# From the dependency list we restore the cached dependencies. | |
# We use the hash of `dependencies.txt` as part of the cache key because that will be stable | |
# until the `index-state` values in the `cabal.project` file changes. | |
- name: Restore cached dependencies | |
uses: actions/cache/restore@v4 | |
id: cache | |
with: | |
path: | | |
${{ steps.setup-haskell.outputs.cabal-store }} | |
dist-newstyle | |
key: cache-${{ env.CABAL_CACHE_VERSION }}-${{ runner.os }}-${{ matrix.ghc }}-${{ hashFiles('dependencies.txt') }} | |
# Now we install the dependencies. If the cache was found and restored in the previous step, | |
# this should be a no-op, but if the cache key was not found we need to build stuff so we can | |
# cache it for the next step. | |
- name: Install dependencies | |
run: cabal build all --enable-tests --only-dependencies -j --ghc-option=-j4 | |
# Always store the cabal cache. | |
- name: Cache Cabal store | |
uses: actions/cache@v4 | |
with: | |
path: | | |
${{ steps.setup-haskell.outputs.cabal-store }} | |
dist-newstyle | |
key: cache-${{ env.CABAL_CACHE_VERSION }}-${{ runner.os }}-${{ matrix.ghc }}-${{ hashFiles('dependencies.txt') }} | |
# Now we build. | |
- name: Build all | |
run: cabal build all --enable-tests | |
- name: Run tests | |
env: | |
# these two are msys2 env vars, they have no effect on non-msys2 installs. | |
MSYS2_PATH_TYPE: inherit | |
MSYSTEM: MINGW64 | |
TMPDIR: ${{ runner.temp }} | |
TMP: ${{ runner.temp }} | |
KEEP_WORKSPACE: 1 | |
run: cabal test all --enable-tests --test-show-details=direct -j1 | |
- name: "Tar artifacts" | |
shell: bash | |
run: | | |
mkdir -p artifacts | |
for exe in $(cat dist-newstyle/cache/plan.json | jq -r '."install-plan"[] | select(.style == "local" and (."component-name" | startswith("exe:"))) | ."bin-file"'); do | |
if [ -f $exe ]; then | |
echo "Including artifact $exe" | |
( cd artifacts | |
tar -C "$(dirname $exe)" -czf "$(basename $exe).tar.gz" "$(basename $exe)" | |
) | |
else | |
echo "Skipping artifact $exe" | |
fi | |
done | |
- name: Save Artifact | |
uses: actions/upload-artifact@v3 | |
with: | |
name: artifacts-${{ matrix.os }}-${{ matrix.ghc }} | |
path: ./artifacts | |
# Uncomment the following back in for debugging. Remember to launch a `pwsh` from | |
# the tmux session to debug `pwsh` issues. And be reminded that the `/msys2` and | |
# `/msys2/mingw64` paths are not in PATH by default for the workflow, but tmate | |
# will put them in. | |
# You may also want to run | |
# | |
# $env:PATH=("C:\Program Files\PowerShell\7;{0}" -f $env:ORIGINAL_PATH) | |
# | |
# to restore the original path. Do note that some test might need msys2 | |
# and will silently fail if msys2 is not in path. See the "Run tests" step. | |
# | |
# - name: Setup tmate session | |
# if: ${{ failure() }} | |
# uses: mxschmitt/action-tmate@v3 | |
# with: | |
# limit-access-to-actor: true | |
build-complete: | |
needs: [build] | |
if: ${{ always() }} | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check if any previous job failed | |
run: | | |
if [[ "${{ needs.build.result }}" == "failure" ]]; then | |
# this ignores skipped dependencies | |
echo 'Required jobs failed to build.' | |
exit 1 | |
else | |
echo 'Build complete' | |
fi | |
release: | |
needs: [build] | |
if: ${{ startsWith(github.ref, 'refs/tags') }} | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
- name: Create Release Tag | |
id: create_release_tag | |
run: | | |
echo "TAG=${GITHUB_REF/refs\/tags\//}" >> $GITHUB_OUTPUT | |
- name: Create Release | |
id: create_release | |
uses: actions/create-release@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
tag_name: ${{ github.ref }} | |
release_name: Release ${{ github.ref }} | |
draft: true | |
prerelease: false |