From 8e45ef624dfa497b1182037f61bfe980497db774 Mon Sep 17 00:00:00 2001 From: Joris Dral Date: Thu, 21 May 2026 14:04:55 +0200 Subject: [PATCH 1/3] Update README badges --- README.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index e2f2293..40c2aae 100644 --- a/README.md +++ b/README.md @@ -1,10 +1,12 @@ # Welcome to botan +![License: BSD-3-Clause](https://img.shields.io/badge/license-BSD--3--Clause-lightgray.svg) [![Hackage: botan-bindings](https://img.shields.io/hackage/v/botan-bindings?label=Hackage:%20botan-bindings)](https://hackage.haskell.org/package/botan-bindings) [![Hackage: botan-low](https://img.shields.io/hackage/v/botan-low?label=Hackage:%20botan-low)](https://hackage.haskell.org/package/botan-low) [![Hackage: botan](https://img.shields.io/hackage/v/botan?label=Hackage:%20botan)](https://hackage.haskell.org/package/botan) -[![Build](https://img.shields.io/github/actions/workflow/status/haskell-cryptography/botan/ci.yml?label=Build)](https://github.com/haskell-cryptography/botan/actions/workflows/ci.yml) [![Haddocks](https://img.shields.io/badge/documentation-Haddocks-purple)](https://haskell-cryptography.github.io/botan/) +[![CI](https://img.shields.io/github/actions/workflow/status/haskell-cryptography/botan/ci.yml?label=CI)](https://github.com/haskell-cryptography/botan/actions/workflows/ci.yml) +[![CI: documentation](https://img.shields.io/github/actions/workflow/status/haskell-cryptography/botan/documentation.yml?label=CI:%20documentation)](https://github.com/haskell-cryptography/botan/actions/workflows/documentation.yml) # Acknowledgements From 3eb4be0d45010290923b6ae3c4e341eb663addfa Mon Sep 17 00:00:00 2001 From: Joris Dral Date: Thu, 21 May 2026 14:05:11 +0200 Subject: [PATCH 2/3] `CI`: only build documentation on pushes to `main` It's a relatively slow job, and we publish the built documentation on `main` only anyway --- .github/workflows/documentation.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/documentation.yml b/.github/workflows/documentation.yml index bf34682..f84ed8d 100644 --- a/.github/workflows/documentation.yml +++ b/.github/workflows/documentation.yml @@ -4,11 +4,9 @@ on: push: branches: - "main" - pull_request: - merge_group: concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true permissions: From 784d058232654654f92485ea87eb808cf71b0232 Mon Sep 17 00:00:00 2001 From: Joris Dral Date: Thu, 21 May 2026 14:06:14 +0200 Subject: [PATCH 3/3] `CI`: dynamically set up the matrix for the Build job Now it is easier to update the matrix without having to change the required status checks in the repository settings. --- .github/workflows/ci.yml | 225 +++++++++++++++++++++++++-------------- 1 file changed, 145 insertions(+), 80 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 78f7a65..59782ab 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -15,99 +15,164 @@ permissions: contents: read jobs: + ################################################################################ + # Build: setup matrix + ################################################################################ + build-setup-matrix: + name: "Build: setup matrix" + runs-on: ubuntu-latest + timeout-minutes: 5 + + outputs: + matrix: ${{ steps.output-matrix.outputs.matrix }} + + defaults: + run: + shell: bash + + env: + sys-ubuntu: '{"os": "ubuntu-latest" , "shell": "bash" }' + sys-macos: '{"os": "macos-latest" , "shell": "bash" }' + sys-windows: '{"os": "windows-latest", "shell": "C:/msys64/usr/bin/bash.exe -e {0}" }' + botan-default: '"3.12.0"' + ghc-default: '"9.8"' + cabal-default: '"3.16"' + + steps: + # TODO: ideally, we would be able to detect automatically that the matrix + # should be updated to include newer Botan versions (or GHC versions for + # that matter). The setup-botan action already contains a TODO that would + # allow us to specify incomplete Botan versions like 3 and 3.8 that would + # then automatically be resolved to the greatest complete versions, e.g., + # 3.10.0 and 3.8.1. Similarly, haskell-actions/setup@v2 allows specifying + # incomplete GHC and Cabal versions that are resolved to complete + # versions. However, if a new Botan MAJOR and/or MINOR version is released + # (or a new GHC major version), then we would want to include it as a new + # matrix combination while keeping the older combinations. Automatic + # resolving does not solve this. See issue #40. + + # PR: we only run one combination per OS for fast feedback. + + - name: ๐Ÿ› ๏ธ Setup matrix (PR) + if: ${{ github.event_name == 'pull_request' }} + run: | + { echo 'MATRIX_COMBINATIONS<> "$GITHUB_ENV" + + # MR, push to main: we extensively test the code using various combinations. + # We don't want combinatorial explosion, so we do not test all combinations + # exhaustively. + # + # NOTE: For caching purposes, the matrix combinations that we test on pull + # requests should be a subset of the matrix combinations we run on the merge + # queue and pushes to main. + - name: ๐Ÿ› ๏ธ Setup matrix (MQ, push to main) + if: ${{ github.event_name != 'pull_request' }} + run: | + { echo 'MATRIX_COMBINATIONS<> "$GITHUB_ENV" + + - name: ๐Ÿ› ๏ธ Output matrix + id: output-matrix + run: | + echo $MATRIX_COMBINATIONS + MATRIX="{\"include\":[$MATRIX_COMBINATIONS]}" + echo $MATRIX + { + echo 'MATRIX<> "$GITHUB_OUTPUT" + + ################################################################################ + # Build: check success + ################################################################################ + check-success: + name: "Build: check success" + runs-on: ubuntu-latest + timeout-minutes: 5 + + needs: + - build + + defaults: + run: + shell: bash + + if: ${{ !cancelled() }} + + steps: + - name: ๐Ÿงช Report failure + if: ${{ needs.build.result == 'failure' }} + run: | + echo "Some jobs failed" + exit 1 + + - name: ๐Ÿงช Report success + if: ${{ needs.build.result == 'success' }} + run: | + echo "All jobs succeeded" + exit 0 + ################################################################################ # Build ################################################################################ build: + name: Build (${{ matrix.sys.os}}, GHC-${{matrix.ghc-version}}, Cabal-${{matrix.cabal-version}}, Botan-${{matrix.botan-version}}) runs-on: ${{ matrix.sys.os }} timeout-minutes: 60 + needs: + - build-setup-matrix + defaults: run: shell: ${{ matrix.sys.shell }} strategy: + matrix: ${{ fromJSON(needs.build-setup-matrix.outputs.matrix) }} fail-fast: false - # Picking matrix combinations is tricky as it's a trade-off: on the one - # hand we want to test as many interesting combinations as possible, but - # on the other hand we don't want combinatorial explosion. We strike a - # balance as follows: - # - # * Build and test with all combinations of OS/GHC/Cabal, but with a fixed - # Botan version, preferably the latest version which is currently - # Botan-3.12.0. - # - # * Build and test with all Botan versions, but with a fixed OS/GHC/Cabal - # combination, preferably Linux/GHC-9.6/Cabal-3.16 - # - # TODO: ideally, we would be able to detect automatically that the matrix - # should be updated to include newer Botan versions (or GHC versions for - # that matter). The setup-botan action already contains a TODO that would - # allow us to specify incomplete Botan versions like 3 and 3.8 that would - # then automatically be resolved to the greatest complete versions, e.g., - # 3.10.0 and 3.8.1. Similarly, haskell-actions/setup@v2 allows specifying - # incomplete GHC and Cabal versions that are resolved to complete - # versions. However, if a new Botan MAJOR and/or MINOR version is released - # (or a new GHC major version), then we would want to include it as a new - # matrix combination while keeping the older combinations. Automatic - # resolving does not solve this. See issue #40. - matrix: - sys: - - { os: windows-latest, shell: "C:/msys64/usr/bin/bash.exe -e {0}" } - - { os: ubuntu-latest, shell: bash } - - { os: macos-latest, shell: bash } - ghc-version: ["9.2", "9.4", "9.6", "9.8", "9.10", "9.12"] - cabal-version: ["3.16"] - botan-version: ["3.12.0"] - include: - - sys: { os: ubuntu-latest, shell: bash } - ghc-version: "9.6" - cabal-version: "3.16" - botan-version: "3.0.0" - - sys: { os: ubuntu-latest, shell: bash } - ghc-version: "9.6" - cabal-version: "3.16" - botan-version: "3.1.1" - - sys: { os: ubuntu-latest, shell: bash } - ghc-version: "9.6" - cabal-version: "3.16" - botan-version: "3.2.0" - - sys: { os: ubuntu-latest, shell: bash } - ghc-version: "9.6" - cabal-version: "3.16" - botan-version: "3.3.0" - - sys: { os: ubuntu-latest, shell: bash } - ghc-version: "9.6" - cabal-version: "3.16" - botan-version: "3.4.0" - - sys: { os: ubuntu-latest, shell: bash } - ghc-version: "9.6" - cabal-version: "3.16" - botan-version: "3.5.0" - - sys: { os: ubuntu-latest, shell: bash } - ghc-version: "9.6" - cabal-version: "3.16" - botan-version: "3.6.1" - - sys: { os: ubuntu-latest, shell: bash } - ghc-version: "9.6" - cabal-version: "3.16" - botan-version: "3.7.1" - - sys: { os: ubuntu-latest, shell: bash } - ghc-version: "9.6" - cabal-version: "3.16" - botan-version: "3.8.1" - - sys: { os: ubuntu-latest, shell: bash } - ghc-version: "9.6" - cabal-version: "3.12" - botan-version: "3.9.0" - - sys: { os: ubuntu-latest, shell: bash } - ghc-version: "9.6" - cabal-version: "3.12" - botan-version: "3.10.0" - - sys: { os: ubuntu-latest, shell: bash } - ghc-version: "9.6" - cabal-version: "3.12" - botan-version: "3.11.1" steps: - name: ๐Ÿ“ฅ Checkout repository