From 3c0e6fc363b561385c14fef0f583acea1ab19aea Mon Sep 17 00:00:00 2001 From: Alistair Burrowes Date: Mon, 27 Dec 2021 07:49:55 +1100 Subject: [PATCH 1/5] Run ci on ubuntu-latest --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 1a77192..f692f86 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -8,7 +8,7 @@ on: jobs: ci: timeout-minutes: 30 - runs-on: ubuntu-18.04 + runs-on: ubuntu-latest name: ${{ matrix.ghc }}-${{ matrix.deb }} strategy: fail-fast: false From b469f921e5b48f22b0af23b3ed25f7bac028b158 Mon Sep 17 00:00:00 2001 From: Alistair Burrowes Date: Mon, 27 Dec 2021 08:30:33 +1100 Subject: [PATCH 2/5] Add support for ARM64 The current pattern did not work well for this, so the opportunity was taken to make improvements based on what other popular official images are doing. --- 8.10/buster/Dockerfile | 157 ++++++++++++++++++++++++++++++----------- 9.0/buster/Dockerfile | 156 +++++++++++++++++++++++++++++----------- 9.2/buster/Dockerfile | 143 ++++++++++++++++++++++++++----------- 3 files changed, 333 insertions(+), 123 deletions(-) diff --git a/8.10/buster/Dockerfile b/8.10/buster/Dockerfile index 3f5ca0f..16442b7 100644 --- a/8.10/buster/Dockerfile +++ b/8.10/buster/Dockerfile @@ -7,6 +7,7 @@ RUN apt-get update && \ apt-get install -y --no-install-recommends \ ca-certificates \ curl \ + dpkg-dev \ git \ gcc \ gnupg \ @@ -14,6 +15,7 @@ RUN apt-get update && \ libc6-dev \ libffi-dev \ libgmp-dev \ + libnuma-dev \ libsqlite3-dev \ libtinfo-dev \ make \ @@ -25,56 +27,129 @@ RUN apt-get update && \ ARG CABAL_INSTALL=3.6.2.0 ARG CABAL_INSTALL_RELEASE_KEY=A970DF3AC3B9709706D74544B3D9F94B8DCAE210 -# get from https://downloads.haskell.org/~cabal/cabal-install-$CABAL_INSTALL/SHA256SUMS -ARG CABAL_INSTALL_RELEASE_SHA256=4759B56E9257E02F29FA374A6B25D6CB2F9D80C7E3A55D4F678A8E570925641C -RUN cd /tmp && \ - export GNUPGHOME="$(mktemp -d)" && \ - gpg --batch --keyserver keyserver.ubuntu.com --recv-keys ${CABAL_INSTALL_RELEASE_KEY} && \ - curl -fSLO https://downloads.haskell.org/~cabal/cabal-install-$CABAL_INSTALL/SHA256SUMS && \ - curl -fSLO https://downloads.haskell.org/~cabal/cabal-install-$CABAL_INSTALL/SHA256SUMS.sig && \ - gpg --batch --trusted-key B3D9F94B8DCAE210 --verify SHA256SUMS.sig SHA256SUMS && \ - curl -fSL https://downloads.haskell.org/~cabal/cabal-install-$CABAL_INSTALL/cabal-install-$CABAL_INSTALL-x86_64-linux-deb10.tar.xz -o cabal-install.tar.gz && \ - echo "$CABAL_INSTALL_RELEASE_SHA256 cabal-install.tar.gz" | sha256sum --strict --check && \ - tar -xf cabal-install.tar.gz -C /usr/local/bin && \ - rm -rf "$GNUPGHOME" /var/lib/apt/lists/* /tmp/* +RUN set -eux; \ + cd /tmp; \ + ARCH="$(dpkg-architecture --query DEB_BUILD_GNU_CPU)"; \ + CABAL_INSTALL_URL="https://downloads.haskell.org/~cabal/cabal-install-$CABAL_INSTALL/cabal-install-$CABAL_INSTALL-$ARCH-linux-deb10.tar.xz"; \ + CABAL_INSTALL_SHA256SUMS_URL="https://downloads.haskell.org/~cabal/cabal-install-$CABAL_INSTALL/SHA256SUMS"; \ + # sha256 from https://downloads.haskell.org/~cabal/cabal-install-$CABAL_INSTALL/SHA256SUMS + case "$ARCH" in \ + 'aarch64') \ + CABAL_INSTALL_SHA256='d9acee67d4308bc5c22d27bee034d388cc4192a25deff9e7e491e2396572b030'; \ + ;; \ + 'x86_64') \ + CABAL_INSTALL_SHA256='4759b56e9257e02f29fa374a6b25d6cb2f9d80c7e3a55d4f678a8e570925641c'; \ + ;; \ + *) echo >&2 "error: unsupported architecture '$ARCH'"; exit 1 ;; \ + esac; \ + curl -fSL "$CABAL_INSTALL_URL" -o cabal-install.tar.gz; \ + echo "$CABAL_INSTALL_SHA256 cabal-install.tar.gz" | sha256sum --strict --check; \ + \ + curl -sSLO "$CABAL_INSTALL_SHA256SUMS_URL"; \ + curl -sSLO "$CABAL_INSTALL_SHA256SUMS_URL.sig"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --keyserver keyserver.ubuntu.com --receive-keys "$CABAL_INSTALL_RELEASE_KEY"; \ + gpg --batch --verify SHA256SUMS.sig SHA256SUMS; \ + gpgconf --kill all; \ + \ + tar -xf cabal-install.tar.gz -C /usr/local/bin; \ + \ + rm -rf /tmp/*; \ + \ + cabal --version + +# GHC 8.10 requires LLVM version 9 - 12 on aarch64 +ARG LLVM_VERSION=12 + +RUN set -eux; \ + if [ "$(dpkg-architecture --query DEB_BUILD_GNU_CPU)" = "aarch64" ]; then \ + # adapted from https://apt.llvm.org/llvm.sh + curl -sSL https://apt.llvm.org/llvm-snapshot.gpg.key | apt-key add -; \ + echo "deb http://apt.llvm.org/buster/ llvm-toolchain-buster-$LLVM_VERSION main" > /etc/apt/sources.list.d/llvm.list; \ + apt-get update; \ + apt-get install -y --no-install-recommends llvm-$LLVM_VERSION; \ + rm -rf /var/lib/apt/lists/*; \ + fi ARG GHC=8.10.7 ARG GHC_RELEASE_KEY=88B57FCF7DB53B4DB3BFA4B1588764FBE22D19C4 -# get from https://downloads.haskell.org/~ghc/$GHC/SHA256SUMS -ARG GHC_RELEASE_SHA256=A13719BCA87A0D3AC0C7D4157A4E60887009A7F1A8DBE95C4759EC413E086D30 -RUN cd /tmp && \ - export GNUPGHOME="$(mktemp -d)" && \ - curl -sSL https://downloads.haskell.org/~ghc/$GHC/ghc-$GHC-x86_64-deb10-linux.tar.xz -o ghc.tar.xz && \ - curl -sSL https://downloads.haskell.org/~ghc/$GHC/ghc-$GHC-x86_64-deb10-linux.tar.xz.sig -o ghc.tar.xz.sig && \ - gpg --batch --keyserver keyserver.ubuntu.com --receive-keys ${GHC_RELEASE_KEY} && \ - gpg --batch --trusted-key 588764FBE22D19C4 --verify ghc.tar.xz.sig ghc.tar.xz && \ - echo "$GHC_RELEASE_SHA256 ghc.tar.xz" | sha256sum --strict --check && \ - tar xf ghc.tar.xz && \ - cd ghc-$GHC && \ - ./configure --prefix /opt/ghc/$GHC && \ - make install && \ - find /opt/ghc/$GHC/ \( -name "*_p.a" -o -name "*.p_hi" \) -type f -delete && \ - rm -rf /opt/ghc/$GHC/share/ && \ - rm -rf "$GNUPGHOME" /tmp/* +RUN set -eux; \ + cd /tmp; \ + ARCH="$(dpkg-architecture --query DEB_BUILD_GNU_CPU)"; \ + GHC_URL="https://downloads.haskell.org/~ghc/$GHC/ghc-$GHC-$ARCH-deb10-linux.tar.xz"; \ + # sha256 from https://downloads.haskell.org/~ghc/$GHC/SHA256SUMS + case "$ARCH" in \ + 'aarch64') \ + GHC_SHA256='fad2417f9b295233bf8ade79c0e6140896359e87be46cb61cd1d35863d9d0e55'; \ + ;; \ + 'x86_64') \ + GHC_SHA256='a13719bca87a0d3ac0c7d4157a4e60887009a7f1a8dbe95c4759ec413e086d30'; \ + ;; \ + *) echo >&2 "error: unsupported architecture '$ARCH'" ; exit 1 ;; \ + esac; \ + curl -sSL "$GHC_URL" -o ghc.tar.xz; \ + echo "$GHC_SHA256 ghc.tar.xz" | sha256sum --strict --check; \ + \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -sSL "$GHC_URL.sig" -o ghc.tar.xz.sig; \ + gpg --batch --keyserver keyserver.ubuntu.com --receive-keys "$GHC_RELEASE_KEY"; \ + gpg --batch --verify ghc.tar.xz.sig ghc.tar.xz; \ + gpgconf --kill all; \ + \ + tar xf ghc.tar.xz; \ + cd "ghc-$GHC"; \ + ./configure --prefix "/opt/ghc/$GHC"; \ + make install; \ + # remove profiling support to save space + find "/opt/ghc/$GHC/" \( -name "*_p.a" -o -name "*.p_hi" \) -type f -delete; \ + # remove some docs + rm -rf "/opt/ghc/$GHC/share/"; \ + \ + rm -rf /tmp/*; \ + \ + "/opt/ghc/$GHC/bin/ghc" --version ARG STACK=2.7.3 ARG STACK_RELEASE_KEY=C5705533DA4F78D8664B5DC0575159689BEFB442 -# get from https://github.com/commercialhaskell/stack/releases/download/v${STACK}/stack-${STACK}-linux-x86_64.tar.gz.sha256 -ARG STACK_RELEASE_SHA256=A6C090555FA1C64AA61C29AA4449765A51D79E870CF759CDE192937CD614E72B -RUN cd /tmp && \ - export GNUPGHOME="$(mktemp -d)" && \ - gpg --batch --keyserver keyserver.ubuntu.com --recv-keys ${STACK_RELEASE_KEY} && \ - curl -fSL https://github.com/commercialhaskell/stack/releases/download/v${STACK}/stack-${STACK}-linux-x86_64.tar.gz -o stack.tar.gz && \ - curl -fSL https://github.com/commercialhaskell/stack/releases/download/v${STACK}/stack-${STACK}-linux-x86_64.tar.gz.asc -o stack.tar.gz.asc && \ - gpg --batch --trusted-key 575159689BEFB442 --verify stack.tar.gz.asc stack.tar.gz && \ - echo "$STACK_RELEASE_SHA256 stack.tar.gz" | sha256sum --strict --check && \ - tar -xf stack.tar.gz -C /usr/local/bin --strip-components=1 stack-$STACK-linux-x86_64/stack && \ - /usr/local/bin/stack config set system-ghc --global true && \ - /usr/local/bin/stack config set install-ghc --global false && \ - rm -rf "$GNUPGHOME" /var/lib/apt/lists/* /tmp/* +RUN set -eux; \ + cd /tmp; \ + ARCH="$(dpkg-architecture --query DEB_BUILD_GNU_CPU)"; \ + INSTALL_STACK="true"; \ + STACK_URL="https://github.com/commercialhaskell/stack/releases/download/v${STACK}/stack-${STACK}-linux-$ARCH.tar.gz"; \ + # sha256 from https://github.com/commercialhaskell/stack/releases/download/v${STACK}/stack-${STACK}-linux-$ARCH.tar.gz.sha256 + case "$ARCH" in \ + 'aarch64') \ + # Stack does not officially support ARM64, nor do the binaries that exist work. + # Hitting https://github.com/commercialhaskell/stack/issues/2103#issuecomment-972329065 when trying to use + # stack-2.7.1-linux-aarch64.tar.gz + INSTALL_STACK="false"; \ + ;; \ + 'x86_64') \ + STACK_SHA256='a6c090555fa1c64aa61c29aa4449765a51d79e870cf759cde192937cd614e72b'; \ + ;; \ + *) echo >&2 "error: unsupported architecture '$ARCH'" ; exit 1 ;; \ + esac; \ + if [ "$INSTALL_STACK" = "true" ]; then \ + curl -sSL "$STACK_URL" -o stack.tar.gz; \ + echo "$STACK_SHA256 stack.tar.gz" | sha256sum --strict --check; \ + \ + curl -sSL "$STACK_URL.asc" -o stack.tar.gz.asc; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --keyserver keyserver.ubuntu.com --receive-keys "$STACK_RELEASE_KEY"; \ + gpg --batch --verify stack.tar.gz.asc stack.tar.gz; \ + gpgconf --kill all; \ + \ + tar -xf stack.tar.gz -C /usr/local/bin --strip-components=1 "stack-$STACK-linux-$ARCH/stack"; \ + stack config set system-ghc --global true; \ + stack config set install-ghc --global false; \ + \ + rm -rf /tmp/*; \ + \ + stack --version; \ + fi ENV PATH /root/.cabal/bin:/root/.local/bin:/opt/ghc/${GHC}/bin:$PATH diff --git a/9.0/buster/Dockerfile b/9.0/buster/Dockerfile index 7ba8759..07e90d9 100644 --- a/9.0/buster/Dockerfile +++ b/9.0/buster/Dockerfile @@ -7,6 +7,7 @@ RUN apt-get update && \ apt-get install -y --no-install-recommends \ ca-certificates \ curl \ + dpkg-dev \ git \ gcc \ gnupg \ @@ -26,56 +27,129 @@ RUN apt-get update && \ ARG CABAL_INSTALL=3.6.2.0 ARG CABAL_INSTALL_RELEASE_KEY=A970DF3AC3B9709706D74544B3D9F94B8DCAE210 -# get from https://downloads.haskell.org/~cabal/cabal-install-$CABAL_INSTALL/SHA256SUMS -ARG CABAL_INSTALL_RELEASE_SHA256=4759B56E9257E02F29FA374A6B25D6CB2F9D80C7E3A55D4F678A8E570925641C -RUN cd /tmp && \ - export GNUPGHOME="$(mktemp -d)" && \ - gpg --batch --keyserver keyserver.ubuntu.com --recv-keys ${CABAL_INSTALL_RELEASE_KEY} && \ - curl -fSLO https://downloads.haskell.org/~cabal/cabal-install-$CABAL_INSTALL/SHA256SUMS && \ - curl -fSLO https://downloads.haskell.org/~cabal/cabal-install-$CABAL_INSTALL/SHA256SUMS.sig && \ - gpg --batch --trusted-key B3D9F94B8DCAE210 --verify SHA256SUMS.sig SHA256SUMS && \ - curl -fSL https://downloads.haskell.org/~cabal/cabal-install-$CABAL_INSTALL/cabal-install-$CABAL_INSTALL-x86_64-linux-deb10.tar.xz -o cabal-install.tar.gz && \ - echo "$CABAL_INSTALL_RELEASE_SHA256 cabal-install.tar.gz" | sha256sum --strict --check && \ - tar -xf cabal-install.tar.gz -C /usr/local/bin && \ - rm -rf "$GNUPGHOME" /var/lib/apt/lists/* /tmp/* +RUN set -eux; \ + cd /tmp; \ + ARCH="$(dpkg-architecture --query DEB_BUILD_GNU_CPU)"; \ + CABAL_INSTALL_URL="https://downloads.haskell.org/~cabal/cabal-install-$CABAL_INSTALL/cabal-install-$CABAL_INSTALL-$ARCH-linux-deb10.tar.xz"; \ + CABAL_INSTALL_SHA256SUMS_URL="https://downloads.haskell.org/~cabal/cabal-install-$CABAL_INSTALL/SHA256SUMS"; \ + # sha256 from https://downloads.haskell.org/~cabal/cabal-install-$CABAL_INSTALL/SHA256SUMS + case "$ARCH" in \ + 'aarch64') \ + CABAL_INSTALL_SHA256='d9acee67d4308bc5c22d27bee034d388cc4192a25deff9e7e491e2396572b030'; \ + ;; \ + 'x86_64') \ + CABAL_INSTALL_SHA256='4759b56e9257e02f29fa374a6b25d6cb2f9d80c7e3a55d4f678a8e570925641c'; \ + ;; \ + *) echo >&2 "error: unsupported architecture '$ARCH'"; exit 1 ;; \ + esac; \ + curl -fSL "$CABAL_INSTALL_URL" -o cabal-install.tar.gz; \ + echo "$CABAL_INSTALL_SHA256 cabal-install.tar.gz" | sha256sum --strict --check; \ + \ + curl -sSLO "$CABAL_INSTALL_SHA256SUMS_URL"; \ + curl -sSLO "$CABAL_INSTALL_SHA256SUMS_URL.sig"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --keyserver keyserver.ubuntu.com --receive-keys "$CABAL_INSTALL_RELEASE_KEY"; \ + gpg --batch --verify SHA256SUMS.sig SHA256SUMS; \ + gpgconf --kill all; \ + \ + tar -xf cabal-install.tar.gz -C /usr/local/bin; \ + \ + rm -rf /tmp/*; \ + \ + cabal --version + +# GHC 9.0 requires LLVM version 9 - 12 on aarch64 +ARG LLVM_VERSION=12 + +RUN set -eux; \ + if [ "$(dpkg-architecture --query DEB_BUILD_GNU_CPU)" = "aarch64" ]; then \ + # adapted from https://apt.llvm.org/llvm.sh + curl -sSL https://apt.llvm.org/llvm-snapshot.gpg.key | apt-key add -; \ + echo "deb http://apt.llvm.org/buster/ llvm-toolchain-buster-$LLVM_VERSION main" > /etc/apt/sources.list.d/llvm.list; \ + apt-get update; \ + apt-get install -y --no-install-recommends llvm-$LLVM_VERSION; \ + rm -rf /var/lib/apt/lists/*; \ + fi ARG GHC=9.0.2 ARG GHC_RELEASE_KEY=88B57FCF7DB53B4DB3BFA4B1588764FBE22D19C4 -# get from https://downloads.haskell.org/~ghc/$GHC/SHA256SUMS -ARG GHC_RELEASE_SHA256=5D0B9414B10CFB918453BCD01C5EA7A1824FE95948B08498D6780F20BA247AFC -RUN cd /tmp && \ - export GNUPGHOME="$(mktemp -d)" && \ - curl -sSL https://downloads.haskell.org/~ghc/$GHC/ghc-$GHC-x86_64-deb10-linux.tar.xz -o ghc.tar.xz && \ - curl -sSL https://downloads.haskell.org/~ghc/$GHC/ghc-$GHC-x86_64-deb10-linux.tar.xz.sig -o ghc.tar.xz.sig && \ - gpg --batch --keyserver keyserver.ubuntu.com --receive-keys ${GHC_RELEASE_KEY} && \ - gpg --batch --trusted-key 588764FBE22D19C4 --verify ghc.tar.xz.sig ghc.tar.xz && \ - echo "$GHC_RELEASE_SHA256 ghc.tar.xz" | sha256sum --strict --check && \ - tar xf ghc.tar.xz && \ - cd ghc-$GHC && \ - ./configure --prefix /opt/ghc/$GHC && \ - make install && \ - find /opt/ghc/$GHC/ \( -name "*_p.a" -o -name "*.p_hi" \) -type f -delete && \ - rm -rf /opt/ghc/$GHC/share/ && \ - rm -rf "$GNUPGHOME" /tmp/* +RUN set -eux; \ + cd /tmp; \ + ARCH="$(dpkg-architecture --query DEB_BUILD_GNU_CPU)"; \ + GHC_URL="https://downloads.haskell.org/~ghc/$GHC/ghc-$GHC-$ARCH-deb10-linux.tar.xz"; \ + # sha256 from https://downloads.haskell.org/~ghc/$GHC/SHA256SUMS + case "$ARCH" in \ + 'aarch64') \ + GHC_SHA256='cb016344c70a872738a24af60bd15d3b18749087b9905c1b3f1b1549dc01f46d'; \ + ;; \ + 'x86_64') \ + GHC_SHA256='5d0b9414b10cfb918453bcd01c5ea7a1824fe95948b08498d6780f20ba247afc'; \ + ;; \ + *) echo >&2 "error: unsupported architecture '$ARCH'" ; exit 1 ;; \ + esac; \ + curl -sSL "$GHC_URL" -o ghc.tar.xz; \ + echo "$GHC_SHA256 ghc.tar.xz" | sha256sum --strict --check; \ + \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -sSL "$GHC_URL.sig" -o ghc.tar.xz.sig; \ + gpg --batch --keyserver keyserver.ubuntu.com --receive-keys "$GHC_RELEASE_KEY"; \ + gpg --batch --verify ghc.tar.xz.sig ghc.tar.xz; \ + gpgconf --kill all; \ + \ + tar xf ghc.tar.xz; \ + cd "ghc-$GHC"; \ + ./configure --prefix "/opt/ghc/$GHC"; \ + make install; \ + # remove profiling support to save space + find "/opt/ghc/$GHC/" \( -name "*_p.a" -o -name "*.p_hi" \) -type f -delete; \ + # remove some docs + rm -rf "/opt/ghc/$GHC/share/"; \ + \ + rm -rf /tmp/*; \ + \ + "/opt/ghc/$GHC/bin/ghc" --version ARG STACK=2.7.3 ARG STACK_RELEASE_KEY=C5705533DA4F78D8664B5DC0575159689BEFB442 -# get from https://github.com/commercialhaskell/stack/releases/download/v${STACK}/stack-${STACK}-linux-x86_64.tar.gz.sha256 -ARG STACK_RELEASE_SHA256=A6C090555FA1C64AA61C29AA4449765A51D79E870CF759CDE192937CD614E72B -RUN cd /tmp && \ - export GNUPGHOME="$(mktemp -d)" && \ - gpg --batch --keyserver keyserver.ubuntu.com --recv-keys ${STACK_RELEASE_KEY} && \ - curl -fSL https://github.com/commercialhaskell/stack/releases/download/v${STACK}/stack-${STACK}-linux-x86_64.tar.gz -o stack.tar.gz && \ - curl -fSL https://github.com/commercialhaskell/stack/releases/download/v${STACK}/stack-${STACK}-linux-x86_64.tar.gz.asc -o stack.tar.gz.asc && \ - gpg --batch --trusted-key 575159689BEFB442 --verify stack.tar.gz.asc stack.tar.gz && \ - echo "$STACK_RELEASE_SHA256 stack.tar.gz" | sha256sum --strict --check && \ - tar -xf stack.tar.gz -C /usr/local/bin --strip-components=1 stack-$STACK-linux-x86_64/stack && \ - /usr/local/bin/stack config set system-ghc --global true && \ - /usr/local/bin/stack config set install-ghc --global false && \ - rm -rf "$GNUPGHOME" /var/lib/apt/lists/* /tmp/* +RUN set -eux; \ + cd /tmp; \ + ARCH="$(dpkg-architecture --query DEB_BUILD_GNU_CPU)"; \ + INSTALL_STACK="true"; \ + STACK_URL="https://github.com/commercialhaskell/stack/releases/download/v${STACK}/stack-${STACK}-linux-$ARCH.tar.gz"; \ + # sha256 from https://github.com/commercialhaskell/stack/releases/download/v${STACK}/stack-${STACK}-linux-$ARCH.tar.gz.sha256 + case "$ARCH" in \ + 'aarch64') \ + # Stack does not officially support ARM64, nor do the binaries that exist work. + # Hitting https://github.com/commercialhaskell/stack/issues/2103#issuecomment-972329065 when trying to use + # stack-2.7.1-linux-aarch64.tar.gz + INSTALL_STACK="false"; \ + ;; \ + 'x86_64') \ + STACK_SHA256='a6c090555fa1c64aa61c29aa4449765a51d79e870cf759cde192937cd614e72b'; \ + ;; \ + *) echo >&2 "error: unsupported architecture '$ARCH'" ; exit 1 ;; \ + esac; \ + if [ "$INSTALL_STACK" = "true" ]; then \ + curl -sSL "$STACK_URL" -o stack.tar.gz; \ + echo "$STACK_SHA256 stack.tar.gz" | sha256sum --strict --check; \ + \ + curl -sSL "$STACK_URL.asc" -o stack.tar.gz.asc; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --keyserver keyserver.ubuntu.com --receive-keys "$STACK_RELEASE_KEY"; \ + gpg --batch --verify stack.tar.gz.asc stack.tar.gz; \ + gpgconf --kill all; \ + \ + tar -xf stack.tar.gz -C /usr/local/bin --strip-components=1 "stack-$STACK-linux-$ARCH/stack"; \ + stack config set system-ghc --global true; \ + stack config set install-ghc --global false; \ + \ + rm -rf /tmp/*; \ + \ + stack --version; \ + fi ENV PATH /root/.cabal/bin:/root/.local/bin:/opt/ghc/${GHC}/bin:$PATH diff --git a/9.2/buster/Dockerfile b/9.2/buster/Dockerfile index 4bde3b2..9a9d2e0 100644 --- a/9.2/buster/Dockerfile +++ b/9.2/buster/Dockerfile @@ -7,6 +7,7 @@ RUN apt-get update && \ apt-get install -y --no-install-recommends \ ca-certificates \ curl \ + dpkg-dev \ git \ gcc \ gnupg \ @@ -26,56 +27,116 @@ RUN apt-get update && \ ARG CABAL_INSTALL=3.6.2.0 ARG CABAL_INSTALL_RELEASE_KEY=A970DF3AC3B9709706D74544B3D9F94B8DCAE210 -# get from https://downloads.haskell.org/~cabal/cabal-install-$CABAL_INSTALL/SHA256SUMS -ARG CABAL_INSTALL_RELEASE_SHA256=4759B56E9257E02F29FA374A6B25D6CB2F9D80C7E3A55D4F678A8E570925641C -RUN cd /tmp && \ - export GNUPGHOME="$(mktemp -d)" && \ - gpg --batch --keyserver keyserver.ubuntu.com --recv-keys ${CABAL_INSTALL_RELEASE_KEY} && \ - curl -fSLO https://downloads.haskell.org/~cabal/cabal-install-$CABAL_INSTALL/SHA256SUMS && \ - curl -fSLO https://downloads.haskell.org/~cabal/cabal-install-$CABAL_INSTALL/SHA256SUMS.sig && \ - gpg --batch --trusted-key B3D9F94B8DCAE210 --verify SHA256SUMS.sig SHA256SUMS && \ - curl -fSL https://downloads.haskell.org/~cabal/cabal-install-$CABAL_INSTALL/cabal-install-$CABAL_INSTALL-x86_64-linux-deb10.tar.xz -o cabal-install.tar.gz && \ - echo "$CABAL_INSTALL_RELEASE_SHA256 cabal-install.tar.gz" | sha256sum --strict --check && \ - tar -xf cabal-install.tar.gz -C /usr/local/bin && \ - rm -rf "$GNUPGHOME" /var/lib/apt/lists/* /tmp/* +RUN set -eux; \ + cd /tmp; \ + ARCH="$(dpkg-architecture --query DEB_BUILD_GNU_CPU)"; \ + CABAL_INSTALL_URL="https://downloads.haskell.org/~cabal/cabal-install-$CABAL_INSTALL/cabal-install-$CABAL_INSTALL-$ARCH-linux-deb10.tar.xz"; \ + CABAL_INSTALL_SHA256SUMS_URL="https://downloads.haskell.org/~cabal/cabal-install-$CABAL_INSTALL/SHA256SUMS"; \ + # sha256 from https://downloads.haskell.org/~cabal/cabal-install-$CABAL_INSTALL/SHA256SUMS + case "$ARCH" in \ + 'aarch64') \ + CABAL_INSTALL_SHA256='d9acee67d4308bc5c22d27bee034d388cc4192a25deff9e7e491e2396572b030'; \ + ;; \ + 'x86_64') \ + CABAL_INSTALL_SHA256='4759b56e9257e02f29fa374a6b25d6cb2f9d80c7e3a55d4f678a8e570925641c'; \ + ;; \ + *) echo >&2 "error: unsupported architecture '$ARCH'"; exit 1 ;; \ + esac; \ + curl -fSL "$CABAL_INSTALL_URL" -o cabal-install.tar.gz; \ + echo "$CABAL_INSTALL_SHA256 cabal-install.tar.gz" | sha256sum --strict --check; \ + \ + curl -sSLO "$CABAL_INSTALL_SHA256SUMS_URL"; \ + curl -sSLO "$CABAL_INSTALL_SHA256SUMS_URL.sig"; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --keyserver keyserver.ubuntu.com --receive-keys "$CABAL_INSTALL_RELEASE_KEY"; \ + gpg --batch --verify SHA256SUMS.sig SHA256SUMS; \ + gpgconf --kill all; \ + \ + tar -xf cabal-install.tar.gz -C /usr/local/bin; \ + \ + rm -rf /tmp/*; \ + \ + cabal --version ARG GHC=9.2.1 ARG GHC_RELEASE_KEY=FFEB7CE81E16A36B3E2DED6F2DE04D4E97DB64AD -# get from https://downloads.haskell.org/~ghc/$GHC/SHA256SUMS -ARG GHC_RELEASE_SHA256=53F1650ED092230480FF5750B94F409E5DFE66BD07CED00BBBCDF5D6B180234C -RUN cd /tmp && \ - export GNUPGHOME="$(mktemp -d)" && \ - curl -sSL https://downloads.haskell.org/~ghc/$GHC/ghc-$GHC-x86_64-deb10-linux.tar.xz -o ghc.tar.xz && \ - curl -sSL https://downloads.haskell.org/~ghc/$GHC/ghc-$GHC-x86_64-deb10-linux.tar.xz.sig -o ghc.tar.xz.sig && \ - gpg --batch --keyserver keyserver.ubuntu.com --receive-keys ${GHC_RELEASE_KEY} && \ - gpg --batch --trusted-key 2DE04D4E97DB64AD --verify ghc.tar.xz.sig ghc.tar.xz && \ - echo "$GHC_RELEASE_SHA256 ghc.tar.xz" | sha256sum --strict --check && \ - tar xf ghc.tar.xz && \ - cd ghc-$GHC && \ - ./configure --prefix /opt/ghc/$GHC && \ - make install && \ - find /opt/ghc/$GHC/ \( -name "*_p.a" -o -name "*.p_hi" \) -type f -delete && \ - rm -rf /opt/ghc/$GHC/share/ && \ - rm -rf "$GNUPGHOME" /tmp/* +RUN set -eux; \ + cd /tmp; \ + ARCH="$(dpkg-architecture --query DEB_BUILD_GNU_CPU)"; \ + GHC_URL="https://downloads.haskell.org/~ghc/$GHC/ghc-$GHC-$ARCH-deb10-linux.tar.xz"; \ + # sha256 from https://downloads.haskell.org/~ghc/$GHC/SHA256SUMS + case "$ARCH" in \ + 'aarch64') \ + GHC_SHA256='717d4246a8b407a807048ce6eddb2785aca2e4c73b6b634c01e1726f42d539a1'; \ + ;; \ + 'x86_64') \ + GHC_SHA256='53f1650ed092230480ff5750b94f409e5dfe66bd07ced00bbbcdf5d6b180234c'; \ + ;; \ + *) echo >&2 "error: unsupported architecture '$ARCH'" ; exit 1 ;; \ + esac; \ + curl -sSL "$GHC_URL" -o ghc.tar.xz; \ + echo "$GHC_SHA256 ghc.tar.xz" | sha256sum --strict --check; \ + \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + curl -sSL "$GHC_URL.sig" -o ghc.tar.xz.sig; \ + gpg --batch --keyserver keyserver.ubuntu.com --receive-keys "$GHC_RELEASE_KEY"; \ + gpg --batch --verify ghc.tar.xz.sig ghc.tar.xz; \ + gpgconf --kill all; \ + \ + tar xf ghc.tar.xz; \ + cd "ghc-$GHC"; \ + ./configure --prefix "/opt/ghc/$GHC"; \ + make install; \ + # remove profiling support to save space + find "/opt/ghc/$GHC/" \( -name "*_p.a" -o -name "*.p_hi" \) -type f -delete; \ + # remove some docs + rm -rf "/opt/ghc/$GHC/share/"; \ + \ + rm -rf /tmp/*; \ + \ + "/opt/ghc/$GHC/bin/ghc" --version ARG STACK=2.7.3 ARG STACK_RELEASE_KEY=C5705533DA4F78D8664B5DC0575159689BEFB442 -# get from https://github.com/commercialhaskell/stack/releases/download/v${STACK}/stack-${STACK}-linux-x86_64.tar.gz.sha256 -ARG STACK_RELEASE_SHA256=A6C090555FA1C64AA61C29AA4449765A51D79E870CF759CDE192937CD614E72B -RUN cd /tmp && \ - export GNUPGHOME="$(mktemp -d)" && \ - gpg --batch --keyserver keyserver.ubuntu.com --recv-keys ${STACK_RELEASE_KEY} && \ - curl -fSL https://github.com/commercialhaskell/stack/releases/download/v${STACK}/stack-${STACK}-linux-x86_64.tar.gz -o stack.tar.gz && \ - curl -fSL https://github.com/commercialhaskell/stack/releases/download/v${STACK}/stack-${STACK}-linux-x86_64.tar.gz.asc -o stack.tar.gz.asc && \ - gpg --batch --trusted-key 575159689BEFB442 --verify stack.tar.gz.asc stack.tar.gz && \ - echo "$STACK_RELEASE_SHA256 stack.tar.gz" | sha256sum --strict --check && \ - tar -xf stack.tar.gz -C /usr/local/bin --strip-components=1 stack-$STACK-linux-x86_64/stack && \ - /usr/local/bin/stack config set system-ghc --global true && \ - /usr/local/bin/stack config set install-ghc --global false && \ - rm -rf "$GNUPGHOME" /var/lib/apt/lists/* /tmp/* +RUN set -eux; \ + cd /tmp; \ + ARCH="$(dpkg-architecture --query DEB_BUILD_GNU_CPU)"; \ + INSTALL_STACK="true"; \ + STACK_URL="https://github.com/commercialhaskell/stack/releases/download/v${STACK}/stack-${STACK}-linux-$ARCH.tar.gz"; \ + # sha256 from https://github.com/commercialhaskell/stack/releases/download/v${STACK}/stack-${STACK}-linux-$ARCH.tar.gz.sha256 + case "$ARCH" in \ + 'aarch64') \ + # Stack does not officially support ARM64, nor do the binaries that exist work. + # Hitting https://github.com/commercialhaskell/stack/issues/2103#issuecomment-972329065 when trying to use + # stack-2.7.1-linux-aarch64.tar.gz + INSTALL_STACK="false"; \ + ;; \ + 'x86_64') \ + STACK_SHA256='a6c090555fa1c64aa61c29aa4449765a51d79e870cf759cde192937cd614e72b'; \ + ;; \ + *) echo >&2 "error: unsupported architecture '$ARCH'" ; exit 1 ;; \ + esac; \ + if [ "$INSTALL_STACK" = "true" ]; then \ + curl -sSL "$STACK_URL" -o stack.tar.gz; \ + echo "$STACK_SHA256 stack.tar.gz" | sha256sum --strict --check; \ + \ + curl -sSL "$STACK_URL.asc" -o stack.tar.gz.asc; \ + GNUPGHOME="$(mktemp -d)"; export GNUPGHOME; \ + gpg --batch --keyserver keyserver.ubuntu.com --receive-keys "$STACK_RELEASE_KEY"; \ + gpg --batch --verify stack.tar.gz.asc stack.tar.gz; \ + gpgconf --kill all; \ + \ + tar -xf stack.tar.gz -C /usr/local/bin --strip-components=1 "stack-$STACK-linux-$ARCH/stack"; \ + stack config set system-ghc --global true; \ + stack config set install-ghc --global false; \ + \ + rm -rf /tmp/*; \ + \ + stack --version; \ + fi ENV PATH /root/.cabal/bin:/root/.local/bin:/opt/ghc/${GHC}/bin:$PATH From 0795fd197865dcaec1b4f2987240aa236a83b4c4 Mon Sep 17 00:00:00 2001 From: Alistair Burrowes Date: Mon, 27 Dec 2021 08:33:38 +1100 Subject: [PATCH 3/5] Add hadolint check --- .github/workflows/ci.yml | 16 ++++++++++++---- .hadolint.yaml | 10 ++++++++++ 2 files changed, 22 insertions(+), 4 deletions(-) create mode 100644 .hadolint.yaml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f692f86..8809e64 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,4 +1,4 @@ -name: Build and Smoke Test +name: Validate on: pull_request: @@ -6,7 +6,7 @@ on: - master jobs: - ci: + build-smoke-test: timeout-minutes: 30 runs-on: ubuntu-latest name: ${{ matrix.ghc }}-${{ matrix.deb }} @@ -24,8 +24,8 @@ jobs: ghc_minor: '9.2' steps: - uses: actions/checkout@v2 - - name: docker build [${{ matrix.ghc }}] - uses: nick-invision/retry@v1 + - name: build + smoke test [${{ matrix.ghc }}] + uses: nick-invision/retry@v2 with: timeout_minutes: 8 max_attempts: 3 @@ -39,3 +39,11 @@ jobs: path: official-images - name: run official-images tests run: ./official-images/test/run.sh haskell:${{ matrix.ghc }}-${{ matrix.deb }} + + hadolint: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - uses: hadolint/hadolint-action@v1.6.0 + with: + recursive: true diff --git a/.hadolint.yaml b/.hadolint.yaml new file mode 100644 index 0000000..863ec02 --- /dev/null +++ b/.hadolint.yaml @@ -0,0 +1,10 @@ +ignored: + # https://github.com/hadolint/hadolint/wiki/DL3008 + # Don't want to micro manage the dependency versions. + - DL3008 + # https://github.com/hadolint/hadolint/wiki/DL3003 + # Using cd /tmp is a very convenient way to clean up after a step. + - DL3003 + # https://github.com/hadolint/hadolint/wiki/DL4006 + # The set -eux; pattern is common in many of the official images. It likely is a better approach here. + - DL4006 From 633528199032bfbf1d1d251e54f4b065b1d6a111 Mon Sep 17 00:00:00 2001 From: Alistair Burrowes Date: Mon, 27 Dec 2021 10:00:44 +1100 Subject: [PATCH 4/5] Delete old dockerfiles There isn't much point to keeping them around, they out of date and not the newest pattern. If someone wanted a dockerfile with older versions they would be better off copying the pattern from the new dockerfiles. It is convenient to do this now as hadolint has been added to check the ARM related changes, but these old ones trigger failures. --- 7.10/Dockerfile | 22 ------------------- 7.8/Dockerfile | 18 --------------- 8.0/Dockerfile | 25 --------------------- 8.2/Dockerfile | 28 ----------------------- 8.4/Dockerfile | 27 ----------------------- 8.6/Dockerfile | 41 ---------------------------------- 8.8/buster/Dockerfile | 50 ------------------------------------------ 8.8/stretch/Dockerfile | 50 ------------------------------------------ 8 files changed, 261 deletions(-) delete mode 100644 7.10/Dockerfile delete mode 100644 7.8/Dockerfile delete mode 100644 8.0/Dockerfile delete mode 100644 8.2/Dockerfile delete mode 100644 8.4/Dockerfile delete mode 100644 8.6/Dockerfile delete mode 100644 8.8/buster/Dockerfile delete mode 100644 8.8/stretch/Dockerfile diff --git a/7.10/Dockerfile b/7.10/Dockerfile deleted file mode 100644 index ddf9542..0000000 --- a/7.10/Dockerfile +++ /dev/null @@ -1,22 +0,0 @@ -## Dockerfile for a haskell environment -FROM debian:jessie -MAINTAINER Chris Biscardi - -## ensure locale is set during build -ENV LANG C.UTF-8 - -RUN echo 'deb http://ppa.launchpad.net/hvr/ghc/ubuntu trusty main' > /etc/apt/sources.list.d/ghc.list && \ - echo 'deb http://download.fpcomplete.com/debian/jessie stable main'| tee /etc/apt/sources.list.d/fpco.list && \ - # hvr keys - apt-key adv --keyserver keyserver.ubuntu.com --recv-keys F6F88286 && \ - # fpco keys - apt-key adv --keyserver keyserver.ubuntu.com --recv-keys C5705533DA4F78D8664B5DC0575159689BEFB442 && \ - apt-get update && \ - apt-get install -y --no-install-recommends cabal-install-1.22 ghc-7.10.3 happy-1.19.5 alex-3.1.4 \ - stack zlib1g-dev libtinfo-dev libsqlite3-0 libsqlite3-dev ca-certificates g++ && \ - rm -rf /var/lib/apt/lists/* - -ENV PATH /root/.cabal/bin:/root/.local/bin:/opt/cabal/1.22/bin:/opt/ghc/7.10.3/bin:/opt/happy/1.19.5/bin:/opt/alex/3.1.4/bin:$PATH - -## run ghci by default unless a command is specified -CMD ["ghci"] diff --git a/7.8/Dockerfile b/7.8/Dockerfile deleted file mode 100644 index 6e61836..0000000 --- a/7.8/Dockerfile +++ /dev/null @@ -1,18 +0,0 @@ -## Dockerfile for a haskell environment -FROM debian:jessie -MAINTAINER Chris Biscardi - -## ensure locale is set during build -ENV LANG C.UTF-8 - -RUN echo 'deb http://ppa.launchpad.net/hvr/ghc/ubuntu trusty main' > /etc/apt/sources.list.d/ghc.list && \ - apt-key adv --keyserver keyserver.ubuntu.com --recv-keys F6F88286 && \ - apt-get update && \ - apt-get install -y --no-install-recommends cabal-install-1.22 ghc-7.8.4 happy-1.19.4 alex-3.1.3 \ - zlib1g-dev libtinfo-dev libsqlite3-0 libsqlite3-dev ca-certificates g++ && \ - rm -rf /var/lib/apt/lists/* - -ENV PATH /root/.cabal/bin:/opt/cabal/1.22/bin:/opt/ghc/7.8.4/bin:/opt/happy/1.19.4/bin:/opt/alex/3.1.3/bin:$PATH - -## run ghci by default unless a command is specified -CMD ["ghci"] diff --git a/8.0/Dockerfile b/8.0/Dockerfile deleted file mode 100644 index ec386d8..0000000 --- a/8.0/Dockerfile +++ /dev/null @@ -1,25 +0,0 @@ -## Dockerfile for a haskell environment -FROM debian:jessie - -## ensure locale is set during build -ENV LANG C.UTF-8 - -RUN echo 'deb http://ppa.launchpad.net/hvr/ghc/ubuntu trusty main' > /etc/apt/sources.list.d/ghc.list && \ - apt-key adv --keyserver keyserver.ubuntu.com --recv-keys F6F88286 && \ - apt-get update && \ - apt-get install -y --no-install-recommends cabal-install-1.24 ghc-8.0.2 happy-1.19.5 alex-3.1.7 \ - zlib1g-dev libtinfo-dev libsqlite3-0 libsqlite3-dev ca-certificates g++ git curl && \ - curl -fSL https://github.com/commercialhaskell/stack/releases/download/v1.3.2/stack-1.3.2-linux-x86_64-static.tar.gz -o stack.tar.gz && \ - curl -fSL https://github.com/commercialhaskell/stack/releases/download/v1.3.2/stack-1.3.2-linux-x86_64-static.tar.gz.asc -o stack.tar.gz.asc && \ - apt-get purge -y --auto-remove curl && \ - export GNUPGHOME="$(mktemp -d)" && \ - gpg --keyserver ha.pool.sks-keyservers.net --recv-keys C5705533DA4F78D8664B5DC0575159689BEFB442 && \ - gpg --batch --verify stack.tar.gz.asc stack.tar.gz && \ - tar -xf stack.tar.gz -C /usr/local/bin --strip-components=1 && \ - /usr/local/bin/stack config set system-ghc --global true && \ - rm -rf "$GNUPGHOME" /var/lib/apt/lists/* /stack.tar.gz.asc /stack.tar.gz - -ENV PATH /root/.cabal/bin:/root/.local/bin:/opt/cabal/1.24/bin:/opt/ghc/8.0.2/bin:/opt/happy/1.19.5/bin:/opt/alex/3.1.7/bin:$PATH - -## run ghci by default unless a command is specified -CMD ["ghci"] diff --git a/8.2/Dockerfile b/8.2/Dockerfile deleted file mode 100644 index 61e3123..0000000 --- a/8.2/Dockerfile +++ /dev/null @@ -1,28 +0,0 @@ -## Dockerfile for a haskell environment -FROM debian:stretch - -## ensure locale is set during build -ENV LANG C.UTF-8 - -RUN apt-get update && \ - apt-get install -y --no-install-recommends gnupg ca-certificates dirmngr curl git && \ - echo 'deb http://downloads.haskell.org/debian stretch main' > /etc/apt/sources.list.d/ghc.list && \ - apt-key adv --keyserver keyserver.ubuntu.com --recv-keys BA3CBA3FFE22B574 && \ - apt-get update && \ - apt-get install -y --no-install-recommends ghc-8.2.2 cabal-install-2.2 \ - zlib1g-dev libtinfo-dev libsqlite3-dev g++ netbase xz-utils make && \ - curl -fSL https://github.com/commercialhaskell/stack/releases/download/v1.7.1/stack-1.7.1-linux-x86_64.tar.gz -o stack.tar.gz && \ - curl -fSL https://github.com/commercialhaskell/stack/releases/download/v1.7.1/stack-1.7.1-linux-x86_64.tar.gz.asc -o stack.tar.gz.asc && \ - apt-get purge -y --auto-remove curl && \ - export GNUPGHOME="$(mktemp -d)" && \ - gpg --keyserver ha.pool.sks-keyservers.net --recv-keys C5705533DA4F78D8664B5DC0575159689BEFB442 && \ - gpg --batch --verify stack.tar.gz.asc stack.tar.gz && \ - tar -xf stack.tar.gz -C /usr/local/bin --strip-components=1 && \ - /usr/local/bin/stack config set system-ghc --global true && \ - /usr/local/bin/stack config set install-ghc --global false && \ - rm -rf "$GNUPGHOME" /var/lib/apt/lists/* /stack.tar.gz.asc /stack.tar.gz - -ENV PATH /root/.cabal/bin:/root/.local/bin:/opt/cabal/2.2/bin:/opt/ghc/8.2.2/bin:$PATH - -## run ghci by default unless a command is specified -CMD ["ghci"] diff --git a/8.4/Dockerfile b/8.4/Dockerfile deleted file mode 100644 index 61222ef..0000000 --- a/8.4/Dockerfile +++ /dev/null @@ -1,27 +0,0 @@ -## Dockerfile for a haskell environment -FROM debian:stretch - -## ensure locale is set during build -ENV LANG C.UTF-8 - -RUN apt-get update && \ - apt-get install -y --no-install-recommends gnupg ca-certificates dirmngr curl git && \ - echo 'deb http://downloads.haskell.org/debian stretch main' > /etc/apt/sources.list.d/ghc.list && \ - apt-key adv --keyserver keyserver.ubuntu.com --recv-keys BA3CBA3FFE22B574 && \ - apt-get update && \ - apt-get install -y --no-install-recommends ghc-8.4.4 cabal-install-2.4 \ - zlib1g-dev libtinfo-dev libsqlite3-dev g++ netbase xz-utils make && \ - curl -fSL https://github.com/commercialhaskell/stack/releases/download/v1.9.1/stack-1.9.1-linux-x86_64.tar.gz -o stack.tar.gz && \ - curl -fSL https://github.com/commercialhaskell/stack/releases/download/v1.9.1/stack-1.9.1-linux-x86_64.tar.gz.asc -o stack.tar.gz.asc && \ - export GNUPGHOME="$(mktemp -d)" && \ - gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys C5705533DA4F78D8664B5DC0575159689BEFB442 && \ - gpg --batch --verify stack.tar.gz.asc stack.tar.gz && \ - tar -xf stack.tar.gz -C /usr/local/bin --strip-components=1 && \ - /usr/local/bin/stack config set system-ghc --global true && \ - /usr/local/bin/stack config set install-ghc --global false && \ - rm -rf "$GNUPGHOME" /var/lib/apt/lists/* /stack.tar.gz.asc /stack.tar.gz - -ENV PATH /root/.cabal/bin:/root/.local/bin:/opt/cabal/2.4/bin:/opt/ghc/8.4.4/bin:$PATH - -## run ghci by default unless a command is specified -CMD ["ghci"] diff --git a/8.6/Dockerfile b/8.6/Dockerfile deleted file mode 100644 index 213cdbd..0000000 --- a/8.6/Dockerfile +++ /dev/null @@ -1,41 +0,0 @@ -FROM debian:stretch - -RUN apt-get update && \ - apt-get install -y --no-install-recommends gnupg ca-certificates dirmngr && \ - rm -rf /var/lib/apt/lists/* - -ARG GHC=8.6.5 -ARG STACK=1.9.3 -ARG CABAL_INSTALL=2.4 - -RUN apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 427CB69AAC9D00F2A43CAF1CBA3CBA3FFE22B574 && \ - echo 'deb http://downloads.haskell.org/debian stretch main' > /etc/apt/sources.list.d/ghc.list && \ - apt-get update && \ - apt-get install -y --no-install-recommends \ - cabal-install-${CABAL_INSTALL} \ - curl \ - g++ \ - ghc-${GHC} \ - git \ - libsqlite3-dev \ - libtinfo-dev \ - make \ - netbase \ - openssh-client \ - xz-utils \ - zlib1g-dev && \ - rm -rf /var/lib/apt/lists/* - -RUN export GNUPGHOME="$(mktemp -d)" && \ - gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys C5705533DA4F78D8664B5DC0575159689BEFB442 && \ - curl -fSL https://github.com/commercialhaskell/stack/releases/download/v${STACK}/stack-${STACK}-linux-x86_64.tar.gz -o stack.tar.gz && \ - curl -fSL https://github.com/commercialhaskell/stack/releases/download/v${STACK}/stack-${STACK}-linux-x86_64.tar.gz.asc -o stack.tar.gz.asc && \ - gpg --batch --trusted-key 0x575159689BEFB442 --verify stack.tar.gz.asc stack.tar.gz && \ - tar -xf stack.tar.gz -C /usr/local/bin --strip-components=1 && \ - /usr/local/bin/stack config set system-ghc --global true && \ - /usr/local/bin/stack config set install-ghc --global false && \ - rm -rf "$GNUPGHOME" /var/lib/apt/lists/* /stack.tar.gz.asc /stack.tar.gz - -ENV PATH /root/.cabal/bin:/root/.local/bin:/opt/cabal/${CABAL_INSTALL}/bin:/opt/ghc/${GHC}/bin:$PATH - -CMD ["ghci"] diff --git a/8.8/buster/Dockerfile b/8.8/buster/Dockerfile deleted file mode 100644 index ebea0bb..0000000 --- a/8.8/buster/Dockerfile +++ /dev/null @@ -1,50 +0,0 @@ -FROM debian:buster - -ENV LANG C.UTF-8 - -RUN apt-get update && \ - apt-get install -y --no-install-recommends gnupg ca-certificates dirmngr && \ - rm -rf /var/lib/apt/lists/* - -ARG GHC=8.8.4 -ARG DEBIAN_KEY=427CB69AAC9D00F2A43CAF1CBA3CBA3FFE22B574 -ARG CABAL_INSTALL=3.4 -ARG STACK=2.5.1 -ARG STACK_KEY=C5705533DA4F78D8664B5DC0575159689BEFB442 -ARG STACK_RELEASE_KEY=2C6A674E85EE3FB896AFC9B965101FF31C5C154D - -RUN export GNUPGHOME="$(mktemp -d)" && \ - gpg --batch --keyserver keyserver.ubuntu.com --recv-keys ${DEBIAN_KEY} && \ - gpg --batch --armor --export ${DEBIAN_KEY} > /etc/apt/trusted.gpg.d/haskell.org.gpg.asc && \ - gpgconf --kill all && \ - echo 'deb http://downloads.haskell.org/debian buster main' > /etc/apt/sources.list.d/ghc.list && \ - apt-get update && \ - apt-get install -y --no-install-recommends \ - cabal-install-${CABAL_INSTALL} \ - curl \ - g++ \ - ghc-${GHC} \ - git \ - libsqlite3-dev \ - libtinfo-dev \ - make \ - netbase \ - openssh-client \ - xz-utils \ - zlib1g-dev && \ - rm -rf "$GNUPGHOME" /var/lib/apt/lists/* - -RUN export GNUPGHOME="$(mktemp -d)" && \ - gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys ${STACK_KEY} && \ - gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys ${STACK_RELEASE_KEY} && \ - curl -fSL https://github.com/commercialhaskell/stack/releases/download/v${STACK}/stack-${STACK}-linux-x86_64.tar.gz -o stack.tar.gz && \ - curl -fSL https://github.com/commercialhaskell/stack/releases/download/v${STACK}/stack-${STACK}-linux-x86_64.tar.gz.asc -o stack.tar.gz.asc && \ - gpg --batch --trusted-key 0x575159689BEFB442 --verify stack.tar.gz.asc stack.tar.gz && \ - tar -xf stack.tar.gz -C /usr/local/bin --strip-components=1 && \ - /usr/local/bin/stack config set system-ghc --global true && \ - /usr/local/bin/stack config set install-ghc --global false && \ - rm -rf "$GNUPGHOME" /var/lib/apt/lists/* /stack.tar.gz.asc /stack.tar.gz - -ENV PATH /root/.cabal/bin:/root/.local/bin:/opt/cabal/${CABAL_INSTALL}/bin:/opt/ghc/${GHC}/bin:$PATH - -CMD ["ghci"] diff --git a/8.8/stretch/Dockerfile b/8.8/stretch/Dockerfile deleted file mode 100644 index 638d61b..0000000 --- a/8.8/stretch/Dockerfile +++ /dev/null @@ -1,50 +0,0 @@ -FROM debian:stretch - -ENV LANG C.UTF-8 - -RUN apt-get update && \ - apt-get install -y --no-install-recommends gnupg ca-certificates dirmngr && \ - rm -rf /var/lib/apt/lists/* - -ARG GHC=8.8.4 -ARG DEBIAN_KEY=427CB69AAC9D00F2A43CAF1CBA3CBA3FFE22B574 -ARG CABAL_INSTALL=3.4 -ARG STACK=2.5.1 -ARG STACK_KEY=C5705533DA4F78D8664B5DC0575159689BEFB442 -ARG STACK_RELEASE_KEY=2C6A674E85EE3FB896AFC9B965101FF31C5C154D - -RUN export GNUPGHOME="$(mktemp -d)" && \ - gpg --batch --keyserver keyserver.ubuntu.com --recv-keys ${DEBIAN_KEY} && \ - gpg --batch --armor --export ${DEBIAN_KEY} > /etc/apt/trusted.gpg.d/haskell.org.gpg.asc && \ - gpgconf --kill all && \ - echo 'deb http://downloads.haskell.org/debian stretch main' > /etc/apt/sources.list.d/ghc.list && \ - apt-get update && \ - apt-get install -y --no-install-recommends \ - cabal-install-${CABAL_INSTALL} \ - curl \ - g++ \ - ghc-${GHC} \ - git \ - libsqlite3-dev \ - libtinfo-dev \ - make \ - netbase \ - openssh-client \ - xz-utils \ - zlib1g-dev && \ - rm -rf "$GNUPGHOME" /var/lib/apt/lists/* - -RUN export GNUPGHOME="$(mktemp -d)" && \ - gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys ${STACK_KEY} && \ - gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys ${STACK_RELEASE_KEY} && \ - curl -fSL https://github.com/commercialhaskell/stack/releases/download/v${STACK}/stack-${STACK}-linux-x86_64.tar.gz -o stack.tar.gz && \ - curl -fSL https://github.com/commercialhaskell/stack/releases/download/v${STACK}/stack-${STACK}-linux-x86_64.tar.gz.asc -o stack.tar.gz.asc && \ - gpg --batch --trusted-key 0x575159689BEFB442 --verify stack.tar.gz.asc stack.tar.gz && \ - tar -xf stack.tar.gz -C /usr/local/bin --strip-components=1 && \ - /usr/local/bin/stack config set system-ghc --global true && \ - /usr/local/bin/stack config set install-ghc --global false && \ - rm -rf "$GNUPGHOME" /var/lib/apt/lists/* /stack.tar.gz.asc /stack.tar.gz - -ENV PATH /root/.cabal/bin:/root/.local/bin:/opt/cabal/${CABAL_INSTALL}/bin:/opt/ghc/${GHC}/bin:$PATH - -CMD ["ghci"] From 4b9bee3a10d5ac813fb4076bd7d89e5adb370f45 Mon Sep 17 00:00:00 2001 From: Alistair Burrowes Date: Wed, 5 Jan 2022 08:05:34 +1100 Subject: [PATCH 5/5] Add ARM64 emulated CI check --- .github/workflows/ci.yml | 56 +++++++++++++++++++++++++++++++++++++++- 1 file changed, 55 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 8809e64..eca4279 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,9 +1,12 @@ -name: Validate +name: Validate Docker on: pull_request: branches: - master + paths: + - '**/Dockerfile' + - '.github/workflows/**' jobs: build-smoke-test: @@ -47,3 +50,54 @@ jobs: - uses: hadolint/hadolint-action@v1.6.0 with: recursive: true + + emulated-architecture-tests: + timeout-minutes: 60 + runs-on: ubuntu-latest + name: ${{ matrix.arch }}-${{ matrix.ghc }}-${{ matrix.deb }} + strategy: + fail-fast: false + matrix: + ghc: ['8.10.7', '9.0.2', '9.2.1'] + deb: ['buster'] + arch: ['aarch64'] + include: + - ghc: '8.10.7' + ghc_minor: '8.10' + - ghc: '9.0.2' + ghc_minor: '9.0' + - ghc: '9.2.1' + ghc_minor: '9.2' + - arch: aarch64 + docker_platform: arm64 + steps: + - uses: actions/checkout@v2 + - name: docker build [ ${{ matrix.arch }} ${{ matrix.ghc }}] + uses: uraimo/run-on-arch-action@e9117b926d001f8683802c315b5a134f8c5da3d3 + with: + arch: ${{ matrix.arch }} + distro: ${{ matrix.deb }} + githubToken: ${{ github.token }} + dockerRunArgs: + --volume /var/run/docker.sock:/var/run/docker.sock + install: | + apt-get update + apt-get install -y curl + curl -fsSL https://get.docker.com | sh + run: | + docker build --pull \ + --platform "linux/${{ matrix.docker_platform }}" \ + -t haskell:${{ matrix.ghc }}-${{ matrix.deb }} \ + ${{ matrix.ghc_minor }}/${{ matrix.deb }} + echo 'testing..' + docker run \ + --platform "linux/${{ matrix.docker_platform }}" \ + -t haskell:${{ matrix.ghc }}-${{ matrix.deb }} \ + bash -c "cabal update && cabal install --lib hashable" + docker run \ + --platform "linux/${{ matrix.docker_platform }}" \ + -t haskell:${{ matrix.ghc }}-${{ matrix.deb }} \ + bash -c "echo | ghci" + +# Running the official tests does not work as we need to hardcode the plaform due to the emulated nature. +# This solution is fairly hacky, but gets us most of benefit of the official tests.