CONTRIBUTING.md: add reference to --sha256 example #1133
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Haskell CI | |
on: | |
merge_group: | |
pull_request: | |
jobs: | |
build: | |
runs-on: ${{ matrix.os }} | |
strategy: | |
fail-fast: false | |
matrix: | |
ghc: ["8.10.7", "9.2.7", "9.6.2"] | |
cabal: ["3.10.1.0"] | |
os: [ubuntu-latest, macos-latest, windows-latest] | |
exclude: | |
- ghc: "9.2.7" | |
os: macos-latest | |
env: | |
# Modify this value to "invalidate" the cabal cache. | |
CABAL_CACHE_VERSION: "2023-08-29" | |
concurrency: | |
group: > | |
a+${{ github.event_name }} | |
b+${{ github.workflow_ref }} | |
c+${{ github.job }} | |
d+${{ matrix.ghc }} | |
e+${{ matrix.cabal }} | |
f+${{ matrix.os }} | |
g+${{ (startsWith(github.ref, 'refs/heads/gh-readonly-queue/') && github.run_id) || github.event.pull_request.number || github.ref }} | |
cancel-in-progress: true | |
steps: | |
- name: Concurrency group | |
run: > | |
echo | |
a+${{ github.event_name }} | |
b+${{ github.workflow_ref }} | |
c+${{ github.job }} | |
d+${{ matrix.ghc }} | |
e+${{ matrix.cabal }} | |
f+${{ matrix.os }} | |
g+${{ (startsWith(github.ref, 'refs/heads/gh-readonly-queue/') && github.run_id) || github.event.pull_request.number || github.ref }} | |
- name: Install Haskell | |
uses: input-output-hk/actions/haskell@latest | |
id: setup-haskell | |
with: | |
ghc-version: ${{ matrix.ghc }} | |
cabal-version: ${{ matrix.cabal }} | |
- name: Install system dependencies | |
uses: input-output-hk/actions/base@latest | |
with: | |
use-sodium-vrf: true # default is true | |
- uses: actions/checkout@v3 | |
- name: Cabal update | |
run: cabal update | |
- name: Build dry run | |
run: cabal build all --dry-run --minimize-conflict-set | |
# For users who fork cardano-cli and want to define a writable cache, then can set up their own | |
# S3 bucket then define in their forked repository settings the following secrets: | |
# | |
# CACHE_AWS_ACCESS_KEY_ID | |
# CACHE_AWS_SECRET_ACCESS_KEY | |
# CACHE_URI | |
# CACHE_AWS_REGION | |
- name: Cabal cache over S3 | |
uses: action-works/cabal-cache-s3@v1 | |
env: | |
AWS_ACCESS_KEY_ID: ${{ secrets.CACHE_AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.CACHE_AWS_SECRET_ACCESS_KEY }} | |
with: | |
region: ${{ vars.CACHE_AWS_REGION }} | |
dist-dir: dist-newstyle | |
store-path: ${{ steps.setup-haskell.outputs.cabal-store }} | |
threads: ${{ vars.CACHE_THREADS }} | |
archive-uri: ${{ vars.CACHE_URI }}/${{ env.CABAL_CACHE_VERSION }}/${{ runner.os }}/${{ matrix.cabal }}/${{ matrix.ghc }} | |
skip: "${{ vars.CACHE_URI == '' || env.CABAL_CACHE_VERSION == '' }}" | |
# It's important to ensure that people who fork this repository can not only successfully build in | |
# CI by default, but also have meaning cabal store caching. | |
# | |
# Because syncing with S3 requires credentials, we cannot rely on S3 for this. For this reason a | |
# https fallback is used. The https server mirrors the content of the S3 bucket. The https cabal | |
# store archive is read-only for security reasons. | |
# | |
# Users who fork this repository who want to have a writable cabal store archive are encouraged | |
# to set up their own S3 bucket. | |
- name: Cabal cache over HTTPS | |
uses: action-works/cabal-cache-s3@v1 | |
with: | |
dist-dir: dist-newstyle | |
store-path: ${{ steps.setup-haskell.outputs.cabal-store }} | |
threads: 16 | |
archive-uri: https://iohk.cache.haskellworks.io/${{ env.CABAL_CACHE_VERSION }}/${{ runner.os }}/${{ matrix.cabal }}/${{ matrix.ghc }} | |
skip: "${{ vars.CACHE_URI != '' || env.CABAL_CACHE_VERSION == '' }}" | |
enable-save: false | |
- name: Build all | |
run: cabal build all | |
- name: Run tests | |
env: | |
# these two are msys2 env vars, they have no effect on non-msys2 installs. | |
MSYS2_PATH_TYPE: inherit | |
MSYSTEM: MINGW64 | |
TMPDIR: ${{ runner.temp }} | |
TMP: ${{ runner.temp }} | |
KEEP_WORKSPACE: 1 | |
run: cabal test all | |
- name: "Tar artifacts" | |
shell: bash | |
run: | | |
mkdir -p artifacts | |
for exe in $(cat dist-newstyle/cache/plan.json | jq -r '."install-plan"[] | select(.style == "local" and (."component-name" | startswith("exe:"))) | ."bin-file"'); do | |
if [ -f $exe ]; then | |
echo "Including artifact $exe" | |
( cd artifacts | |
tar -C "$(dirname $exe)" -czf "$(basename $exe).tar.gz" "$(basename $exe)" | |
) | |
else | |
echo "Skipping artifact $exe" | |
fi | |
done | |
- name: Save Artifact | |
uses: actions/upload-artifact@v1 | |
with: | |
name: artifacts-${{ matrix.os }}-${{ matrix.ghc }} | |
path: ./artifacts | |
# Uncomment the following back in for debugging. Remember to launch a `pwsh` from | |
# the tmux session to debug `pwsh` issues. And be reminded that the `/msys2` and | |
# `/msys2/mingw64` paths are not in PATH by default for the workflow, but tmate | |
# will put them in. | |
# You may also want to run | |
# | |
# $env:PATH=("C:\Program Files\PowerShell\7;{0}" -f $env:ORIGINAL_PATH) | |
# | |
# to restore the original path. Do note that some test might need msys2 | |
# and will silently fail if msys2 is not in path. See the "Run tests" step. | |
# | |
# - name: Setup tmate session | |
# if: ${{ failure() }} | |
# uses: mxschmitt/action-tmate@v3 | |
# with: | |
# limit-access-to-actor: true | |
build-complete: | |
needs: [build] | |
if: ${{ always() }} | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check if any previous job failed | |
run: | | |
if [[ "${{ needs.build.result }}" == "failure" ]]; then | |
# this ignores skipped dependencies | |
echo 'Required jobs failed to build.' | |
exit 1 | |
else | |
echo 'Build complete' | |
fi | |
release: | |
needs: [build] | |
if: ${{ startsWith(github.ref, 'refs/tags') }} | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
- name: Create Release Tag | |
id: create_release_tag | |
run: | | |
echo "TAG=${GITHUB_REF/refs\/tags\//}" >> $GITHUB_OUTPUT | |
- name: Create Release | |
id: create_release | |
uses: actions/create-release@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
tag_name: ${{ github.ref }} | |
release_name: Release ${{ github.ref }} | |
draft: true | |
prerelease: false |