Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

add dependabot: add Actions CI updates merge requests automation #7809

Closed

Conversation

Anton-Latukha
Copy link
Collaborator

Dependabot would weekly check updates for project's .github/workflows/workflow.yml & send information & patch updates (like these).

PR to CI configuration run CI with changes applied, which is a self-test.


@Mikolaj
Copy link
Member

Mikolaj commented Nov 10, 2021

@Anton-Latukha: hi! Do you think using https://github.com/haskell/actions would aid us in solving #7798? Is that preferable to ghcup or does it complement it?

@jneira
Copy link
Member

jneira commented Nov 10, 2021

@Anton-Latukha: hi! Do you think using https://github.com/haskell/actions would aid us in solving #7798? Is that preferable to ghcup or does it complement it?

They are complementary, for example it uses chocolatey for win and ghcup for the rest automatically so you dont have to worry about. When the action will switch to use ghcup for all os's it will be transparent for us.

@Mikolaj
Copy link
Member

Mikolaj commented Nov 10, 2021

Great, let's use it. Whom does the dependabot send info to? Is it via email?

@jneira
Copy link
Member

jneira commented Nov 10, 2021

Great, let's use it. Whom does the dependabot send info to? Is it via email?

I think security info about deprecated actions will be here: https://github.com/haskell/cabal/security/dependabot. I have received emails about those alerts for being watching the repo (or be a maintainer? not sure)
Like the recent ones about python deps when we changed the doc generation

And it will open auto pr's to update dependencies

@fgaz
Copy link
Member

fgaz commented Nov 10, 2021

And it will open auto pr's to update dependencies

our workflow files are generated, so prs would be useless (but issues wouldn't)

@Anton-Latukha
Copy link
Collaborator Author

Anton-Latukha commented Nov 10, 2021

And it will open auto pr's to update dependencies

our workflow files are generated, so prs would be useless (but issues wouldn't)

Ok. Haskell-CI is both blessing & a curse.

I am "on the way" & think contributing some GitHub automation into it (I want to merge there HLint automation). But first I need to arrange stuff for that in actions.


@Anton-Latukha: hi! Do you think using https://github.com/haskell/actions would aid us in solving #7798? Is that preferable to ghcup or does it complement it?

I do not have access to actions repository & it seems without a maintainer, lives on drive-by maintenance. I can adopt it if needed.

actions/setup - yes - mainly uses ghcup.
https://github.com/haskell/actions/blob/f0ecab9af1c178879d2243035bba5832e5529b43/setup/src/installer.ts#L148-L166
haskell-ci mainly uses hardcode type of generation on ghcup.
Does haskell-ci uses it - yes. Autogenerated haskell-ci.yml it creates is great & portable way - but it is a very limiting design & does not allow to support CI platform abilities well. For example - I am sure Cabal need to use GitHub Actions for half of a CI & other half may be haskell-ci generated. I want to bridge the actions & tooling - but we will see - maintainers always decide.

The solution to the question of #7798 - is to make ghcup being able to provide (even if hidden from CLI & only for internal users) - support for old versions & for Cabal to work together with that project accordingly. To keep everything in one project. That probably requires where shell is required - to keep an archive of old code duplicates in ghcup to match shell code for old versions, for simplicity of keeping legacy compatibility & that requires more hands than one person.

I'm thinking about helping in ghcup more. Besides Haskell - I love POSIX shell programming. After a while would look at ghcup internals & remember what was discussed here. Maybe, as Ospald now has more shell experience - we should be compatible now. Now style in ghcup strangely reassembles how I write.


Because Cabal CI as said - is autogenerated - yes - do not see a reason to keep PR around, if only to use dependabot PRs as notifications.

@Anton-Latukha
Copy link
Collaborator Author

Anton-Latukha commented Nov 11, 2021

Looked into CI.

Thought through the situation from different angles.

The situation is obviously complex.

I can not recommend anything. Especially because almost nothing in workflows can be done, deshotgun-surgered or shelled-out to understand how to simplify it, because they are autogenerated from GenValidate.hs. & that is made by phadej pretty recently & who knew what & how to do - better than him. If there was a place to leverage haskell-ci - he'd probably used it.

It obviously a mess - because the installation was a mess before standardization work for ghcup.

& I do not know what Zinza is & Hoogle actually returns null (for me) but it is on hackage Hackage - I notified phadej on that occasion with his package.

In time I currently can only work on the fringes here and there taking responsibilities to ease the situation (like maybe helping-out in ghcup & haskell-ci. I already have a number of promises made which I should deliver.

@andreabedini
Copy link
Collaborator

@Anton-Latukha the CI has been rehauled in #7952. Do you think we could reconsider this analysis?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants