refactoring: extract core and osv

Author: blackheaven

.github/workflows/haskell-ci.yml

@@ -181,8 +181,10 @@ jobs:
       - name: initial cabal.project for sdist
         run: |
           touch cabal.project
+          echo "packages: $GITHUB_WORKSPACE/source/code/hsec-core" >> cabal.project
           echo "packages: $GITHUB_WORKSPACE/source/code/hsec-tools" >> cabal.project
           echo "packages: $GITHUB_WORKSPACE/source/code/cvss" >> cabal.project
+          echo "packages: $GITHUB_WORKSPACE/source/code/osv" >> cabal.project
           cat cabal.project
       - name: sdist
         run: |
@@ -196,20 +198,34 @@ jobs:
         run: |
           PKGDIR_hsec_tools="$(find "$GITHUB_WORKSPACE/unpacked" -maxdepth 1 -type d -regex '.*/hsec-tools-[0-9.]*')"
           echo "PKGDIR_hsec_tools=${PKGDIR_hsec_tools}" >> "$GITHUB_ENV"
+          PKGDIR_hsec_tools="$(find "$GITHUB_WORKSPACE/unpacked" -maxdepth 1 -type d -regex '.*/hsec-tools-[0-9.]*')"
+          echo "PKGDIR_hsec_tools=${PKGDIR_hsec_tools}" >> "$GITHUB_ENV"
+          PKGDIR_hsec_core="$(find "$GITHUB_WORKSPACE/unpacked" -maxdepth 1 -type d -regex '.*/hsec-core-[0-9.]*')"
+          echo "PKGDIR_hsec_core=${PKGDIR_hsec_core}" >> "$GITHUB_ENV"
+          PKGDIR_osv="$(find "$GITHUB_WORKSPACE/unpacked" -maxdepth 1 -type d -regex '.*/osv-[0-9.]*')"
+          echo "PKGDIR_osv=${PKGDIR_osv}" >> "$GITHUB_ENV"
           PKGDIR_cvss="$(find "$GITHUB_WORKSPACE/unpacked" -maxdepth 1 -type d -regex '.*/cvss-[0-9.]*')"
           echo "PKGDIR_cvss=${PKGDIR_cvss}" >> "$GITHUB_ENV"
           rm -f cabal.project cabal.project.local
           touch cabal.project
           touch cabal.project.local
+          echo "packages: ${PKGDIR_hsec_core}" >> cabal.project
           echo "packages: ${PKGDIR_hsec_tools}" >> cabal.project
+          echo "packages: ${PKGDIR_osv}" >> cabal.project
           echo "packages: ${PKGDIR_cvss}" >> cabal.project
           echo "package hsec-tools" >> cabal.project
           echo "    ghc-options: -Werror=missing-methods" >> cabal.project
+          echo "package hsec-tools" >> cabal.project
+          echo "    ghc-options: -Werror=missing-methods" >> cabal.project
+          echo "package hsec-core" >> cabal.project
+          echo "    ghc-options: -Werror=missing-methods" >> cabal.project
+          echo "package osv" >> cabal.project
+          echo "    ghc-options: -Werror=missing-methods" >> cabal.project
           echo "package cvss" >> cabal.project
           echo "    ghc-options: -Werror=missing-methods" >> cabal.project
           cat >> cabal.project <<EOF
           EOF
-          $HCPKG list --simple-output --names-only | perl -ne 'for (split /\s+/) { print "constraints: $_ installed\n" unless /^(cvss|hsec-tools)$/; }' >> cabal.project.local
+          $HCPKG list --simple-output --names-only | perl -ne 'for (split /\s+/) { print "constraints: $_ installed\n" unless /^(cvss|osv|hsec-core|hsec-tools)$/; }' >> cabal.project.local
           cat cabal.project
           cat cabal.project.local
       - name: dump install plan
@@ -239,13 +255,19 @@ jobs:
         run: |
           if [ $((HCNUMVER >= 90400 && HCNUMVER < 90600)) -ne 0 ] ; then (cd ${PKGDIR_hsec_tools} && hlint -XHaskell2010 src) ; fi
           if [ $((HCNUMVER >= 90400 && HCNUMVER < 90600)) -ne 0 ] ; then (cd ${PKGDIR_hsec_tools} && hlint -XHaskell2010 app) ; fi
+          if [ $((HCNUMVER >= 90400 && HCNUMVER < 90600)) -ne 0 ] ; then (cd ${PKGDIR_hsec_core} && hlint -XHaskell2010 src) ; fi
+          if [ $((HCNUMVER >= 90400 && HCNUMVER < 90600)) -ne 0 ] ; then (cd ${PKGDIR_osv} && hlint -XHaskell2010 src) ; fi
           if [ $((HCNUMVER >= 90400 && HCNUMVER < 90600)) -ne 0 ] ; then (cd ${PKGDIR_cvss} && hlint -XHaskell2010 src) ; fi
       - name: cabal check
         run: |
+          cd ${PKGDIR_hsec_core} || false
+          ${CABAL} -vnormal check
           cd ${PKGDIR_hsec_tools} || false
           ${CABAL} -vnormal check
           cd ${PKGDIR_cvss} || false
           ${CABAL} -vnormal check
+          cd ${PKGDIR_osv} || false
+          ${CABAL} -vnormal check
       - name: haddock
         run: |
           $CABAL v2-haddock --disable-documentation --haddock-all $ARG_COMPILER --with-haddock $HADDOCK $ARG_TESTS $ARG_BENCH all

cabal.project

@@ -1,4 +1,6 @@
 packages: code/*/*.cabal
 
+package hsec-core
 package hsec-tools
 package cvss
+package osv

code/hsec-core/.gitignore

@@ -0,0 +1,30 @@
+##### Haskell
+dist
+dist-*
+cabal-dev
+*.o
+*.hi
+*.hie
+*.chi
+*.chs.h
+*.dyn_o
+*.dyn_hi
+.hpc
+.hsenv
+.cabal-sandbox/
+cabal.sandbox.config
+*.prof
+*.aux
+*.hp
+*.eventlog
+.stack-work/
+cabal.project.local
+cabal.project.local~
+.HTF/
+.ghc.environment.*
+build
+bin-*
+
+result
+.direnv
+.env

code/hsec-core/CHANGELOG.md

@@ -0,0 +1,15 @@
+# hsec-core
+
+`hesc-core` aims to support [Haskell advisories database](https://github.com/haskell/security-advisories).
+
+## Building
+
+We aim to support both regular cabal-based and nix-based builds.
+
+## Testing
+
+Run (and auto update) the golden test:
+
+```ShellSession
+cabal test -O0 --test-show-details=direct --test-option=--accept
+```

code/hsec-core/README.md

@@ -0,0 +1,67 @@
+cabal-version:      2.4
+name:               hsec-core
+version:            0.1.0.0
+
+-- A short (one-line) description of the package.
+synopsis:           Core package representing Haskell advisories
+
+-- A longer description of the package.
+description:        Core package representing Haskell advisories.
+
+-- A URL where users can report bugs.
+-- bug-reports:
+
+-- The license under which the package is released.
+license:            BSD-3-Clause
+author:             David Christiansen
+maintainer:         [email protected]
+
+-- A copyright notice.
+-- copyright:
+category:           Data
+extra-doc-files:    CHANGELOG.md
+
+tested-with:
+  GHC ==8.10.7 || ==9.0.2 || ==9.2.8 || ==9.4.8 || ==9.6.3 || ==9.8.1
+
+library
+  exposed-modules:
+    Security.Advisories.Core.Advisory
+    Security.Advisories.Core.HsecId
+
+  build-depends:
+    , base          >=4.14    && <4.20
+    , Cabal-syntax  >=3.8.1.0 && <3.11
+    , cvss
+    , osv
+    , pandoc-types  >=1.22    && <2
+    , safe          >=0.3
+    , text          >=1.2     && <3
+    , time          >=1.9     && <1.14
+
+  -- , commonmark            ^>=0.2.2
+  -- , commonmark-pandoc     >=0.2     && <0.3
+  -- , containers            >=0.6     && <0.7
+  -- , mtl                   >=2.2     && <2.4
+  hs-source-dirs:   src
+  default-language: Haskell2010
+  ghc-options:
+    -Wall -Wcompat -Widentities -Wincomplete-record-updates
+    -Wincomplete-uni-patterns -Wpartial-fields -Wredundant-constraints
+
+test-suite spec
+  type:             exitcode-stdio-1.0
+  hs-source-dirs:   test
+  main-is:          Spec.hs
+  build-depends:
+    , base         <5
+    , cvss
+    , hsec-core
+    , tasty        <1.5
+    , tasty-hunit  <0.11
+    , text
+
+  default-language: Haskell2010
+  ghc-options:
+    -Wall -Wcompat -Widentities -Wincomplete-record-updates
+    -Wincomplete-uni-patterns -Wpartial-fields -Wredundant-constraints

code/hsec-core/hsec-core.cabal

@@ -1,6 +1,6 @@
 {-# LANGUAGE DerivingVia #-}
 
-module Security.Advisories.Definition
+module Security.Advisories.Core.Advisory
   ( Advisory(..)
     -- * Supporting types
   , Affected(..)
@@ -19,7 +19,7 @@ import Distribution.Types.VersionRange (VersionRange)
 
 import Text.Pandoc.Definition (Pandoc)
 
-import Security.Advisories.HsecId
+import Security.Advisories.Core.HsecId
 import qualified Security.CVSS as CVSS
 import Security.OSV (Reference)
 

code/hsec-tools/src/Security/Advisories/Definition.hs renamed to code/hsec-core/src/Security/Advisories/Core/Advisory.hs

@@ -1,4 +1,4 @@
-module Security.Advisories.HsecId
+module Security.Advisories.Core.HsecId
   (
     HsecId
   , hsecIdYear

code/hsec-tools/src/Security/Advisories/HsecId.hs renamed to code/hsec-core/src/Security/Advisories/Core/HsecId.hs

@@ -0,0 +1,10 @@
+module Main where
+
+import Test.Tasty
+
+main :: IO ()
+main =
+  defaultMain $
+    testGroup
+      "Tests"
+      []

code/hsec-core/test/Spec.hs

@@ -13,7 +13,7 @@ import Security.Advisories.Git
   , explainGitError
   , getRepoRoot
   )
-import Security.Advisories.HsecId
+import Security.Advisories.Core.HsecId
   ( placeholder
   , printHsecId
   , getNextHsecId