-
Notifications
You must be signed in to change notification settings - Fork 0
Set up CI #10
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: master
Are you sure you want to change the base?
Set up CI #10
Changes from all commits
d1322ff
905cdb1
f078287
8d52621
7cf3034
324cb1c
e662158
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| @@ -0,0 +1,99 @@ | ||||||||||||||||
| name: CI | ||||||||||||||||
|
|
||||||||||||||||
| on: | ||||||||||||||||
| pull_request: | ||||||||||||||||
| branches: [master] | ||||||||||||||||
| push: | ||||||||||||||||
| branches: [master] | ||||||||||||||||
|
|
||||||||||||||||
| jobs: | ||||||||||||||||
| test: | ||||||||||||||||
| runs-on: ubuntu-latest | ||||||||||||||||
| strategy: | ||||||||||||||||
| fail-fast: false | ||||||||||||||||
| matrix: | ||||||||||||||||
| ghc-version: ['9.6.7', '9.8.4', '9.10.2', '9.12.2'] | ||||||||||||||||
| steps: | ||||||||||||||||
| - uses: actions/checkout@v4 | ||||||||||||||||
|
|
||||||||||||||||
| - name: Setup Haskell | ||||||||||||||||
| uses: haskell-actions/setup@v2 | ||||||||||||||||
| with: | ||||||||||||||||
| ghc-version: ${{ matrix.ghc-version }} | ||||||||||||||||
| cabal-version: '3.12' | ||||||||||||||||
|
|
||||||||||||||||
| - name: Cache cabal packages | ||||||||||||||||
| uses: actions/cache@v4 | ||||||||||||||||
| with: | ||||||||||||||||
| path: | | ||||||||||||||||
| ~/.cabal/packages | ||||||||||||||||
| ~/.cabal/store | ||||||||||||||||
| dist-newstyle | ||||||||||||||||
| key: ${{ runner.os }}-ghc-${{ matrix.ghc-version }}-cabal-${{ hashFiles('**/*.cabal') }} | ||||||||||||||||
| restore-keys: | | ||||||||||||||||
| ${{ runner.os }}-ghc-${{ matrix.ghc-version }}-cabal- | ||||||||||||||||
|
|
||||||||||||||||
| - name: Build | ||||||||||||||||
| run: cabal build all | ||||||||||||||||
|
|
||||||||||||||||
| - name: Run tests | ||||||||||||||||
| run: cabal test --test-show-details=direct | ||||||||||||||||
|
|
||||||||||||||||
| benchmark: | ||||||||||||||||
| runs-on: ubuntu-latest | ||||||||||||||||
| steps: | ||||||||||||||||
| - uses: actions/checkout@v4 | ||||||||||||||||
|
|
||||||||||||||||
| - name: Setup Haskell | ||||||||||||||||
| uses: haskell-actions/setup@v2 | ||||||||||||||||
| with: | ||||||||||||||||
| ghc-version: '9.10.3' | ||||||||||||||||
|
||||||||||||||||
| ghc-version: '9.10.3' | |
| ghc-version: '9.10.2' |
Copilot
AI
Mar 6, 2026
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Benchmark cache key doesn’t include the GHC (or cabal) version, so it can restore an incompatible ~/.cabal/store/dist-newstyle if the toolchain changes (or if this job’s GHC version is adjusted later). Include ${{ matrix.ghc-version }} (or the pinned GHC version) and cabal version in the cache key to avoid subtle cache poisoning.
Copilot
AI
Mar 6, 2026
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The workflow downloads an executable from GitHub Releases without verifying a checksum/signature. If the download is tampered with (or the release asset is replaced), this can execute untrusted code in CI. Consider pinning and verifying a SHA256/SHA512 checksum (or using a trusted installation method such as building from source with a pinned dependency set).
| curl -sSfL "https://github.com/fourmolu/fourmolu/releases/download/v${FOURMOLU_VERSION}/fourmolu-${FOURMOLU_VERSION}-linux-x86_64" -o "$BINDIR/fourmolu" | |
| chmod a+x "$BINDIR/fourmolu" | |
| curl -sSfL "https://github.com/fourmolu/fourmolu/releases/download/v${FOURMOLU_VERSION}/fourmolu-${FOURMOLU_VERSION}-linux-x86_64" -o "$BINDIR/fourmolu" | |
| curl -sSfL "https://github.com/fourmolu/fourmolu/releases/download/v${FOURMOLU_VERSION}/fourmolu-${FOURMOLU_VERSION}-linux-x86_64.sha256" -o "$BINDIR/fourmolu.sha256" | |
| (cd "$BINDIR" && sha256sum -c fourmolu.sha256) | |
| chmod a+x "$BINDIR/fourmolu" | |
| rm -f "$BINDIR/fourmolu.sha256" |
Copilot
AI
Mar 6, 2026
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
echo "$BINDIR" >> $GITHUB_PATH should quote $GITHUB_PATH to avoid issues if the path ever contains spaces or special characters. Use >> "$GITHUB_PATH" for safer shell behavior.
| echo "$BINDIR" >> $GITHUB_PATH | |
| echo "$BINDIR" >> "$GITHUB_PATH" |
| Original file line number | Diff line number | Diff line change | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| @@ -0,0 +1,22 @@ | ||||||||||||||||||||||||||
| #!/usr/bin/env bash | ||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||
| set -euo pipefail | ||||||||||||||||||||||||||
|
|
||||||||||||||||||||||||||
| if [[ $# -gt 0 ]]; then | ||||||||||||||||||||||||||
| case "$1" in | ||||||||||||||||||||||||||
| --changes) | ||||||||||||||||||||||||||
| # Run fourmolu on changes compared to `master`. | ||||||||||||||||||||||||||
| git diff --diff-filter=MA --name-only origin/master HEAD -- '*.hs' | ||||||||||||||||||||||||||
|
Comment on lines
+8
to
+9
|
||||||||||||||||||||||||||
| # Run fourmolu on changes compared to `master`. | |
| git diff --diff-filter=MA --name-only origin/master HEAD -- '*.hs' | |
| # Run fourmolu on changes compared to the default branch. | |
| # The base ref can be overridden via FOURMOLU_BASE_REF (e.g. "origin/main"). | |
| base_ref="${FOURMOLU_BASE_REF:-origin/HEAD}" | |
| if ! git rev-parse --verify "$base_ref" >/dev/null 2>&1; then | |
| # Attempt to fetch the base ref if it is not available locally. | |
| # Ignore failures so the script can still run in environments without network access. | |
| git fetch origin "${base_ref#origin/}" >/dev/null 2>&1 || true | |
| fi | |
| merge_base="$(git merge-base "$base_ref" HEAD)" | |
| git diff --diff-filter=MA --name-only "$merge_base" HEAD -- '*.hs' |
Copilot
AI
Mar 6, 2026
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This pipeline uses xargs with whitespace-delimited filenames. That will break if any tracked .hs path contains spaces/newlines, and xargs -r is GNU-specific (not available on macOS/BSD). Prefer a NUL-delimited pipeline (e.g., git … -z + grep -z/filtering + xargs -0) or an explicit bash loop/array to pass filenames safely and portably.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The CI test matrix GHC versions should align with the package’s declared support.
antigen.cabaldeclarestested-with: GHC == 9.10.3, but the matrix uses9.10.2(and also includes9.12.2). If these versions aren’t actually supported by the dependency bounds/tooling, CI will fail or be misleading; consider updating the matrix to matchtested-with(or updatingtested-withto match the matrix).