Update haskell.nix and use nixpkgs-2511 (#220)
* Update to nixpkgs-2511 and bump dependencies
- Switch from nixpkgs-2411 to nixpkgs-2511
- Update cabal-experimental to stable-haskell/feature/cross-compile
- Bump haskell.nix, head.hackage, HLS 2.10→2.11
- Update cabal build configuration to inline constraints
- Fix flake packages attribute naming (dots → dashes)
* Enable all platforms and remove ghc810
- Add aarch64-linux to supportedSystems
- Re-enable macOS and aarch64-linux in CI workflows
- Remove ghc810 from compiler list
- Update lints workflow to use ghc96
* Replace recursive-nix -env jobs with devShellTools
The old -env job generation used recursive-nix to run
`nix print-dev-env` inside a derivation, which is not supported
on remote builders. Replace with pure evaluation-time approach:
- Use devShellTools.unstructuredDerivationInputEnv to extract
environment variables from mkShell derivations
- Construct PATH via lib.makeBinPath from flattened buildInputs
- Filter internal nix variables, keeping only user-defined ones
- Generate self-contained wrapper scripts at eval time
- Update ghcr-upload.sh to match new -env.sh naming
* Fix nixpkgs-2511 build failures: happy, openssl, postgresql
- happy: disable disallowGhcReference check — happy-2.1.7
transitively references GHC through happy-lib
- openssl musl: skip flaky OCSP test 82-test_ocsp_cert_chain.t
- postgresql musl: comprehensive fix for pkgsCross.musl64 which
doesn't set isStatic=true, causing all optional features to
default on:
- Disable jitSupport, perlSupport, pythonSupport, tclSupport
- Override llvmPackages_20 to prevent LLVM stdenv switch
- Disable LTO (GCC + GNU ld .ltrans failures)
- Clear outputChecks, disallowedReferences, separateDebugInfo
- Break dev↔out and lib↔out reference cycles with
remove-references-to
* Add -env-test Hydra jobs to validate devcontainer environments
Source each -env.sh script in a sandbox and verify that ghc, cabal,
and pkg-config are functional. Optionally checks HLS for non-minimal,
non-JS, non-Windows shells with compiler < 9.11. Catches PATH
construction errors, missing packages, and broken shellHooks that
would produce unusable containers. Not yet in `required` aggregate.
* Fix env wrapper with stdenv/setup, gate GHCR uploads to main
The devShellTools approach only captured Nix-level derivation attributes,
missing hook-computed variables (NIX_CFLAGS_COMPILE, NIX_LDFLAGS,
PKG_CONFIG_PATH, etc.) that stdenv setup hooks produce at shell init
time. This caused downstream "Missing C library" errors.
Fix: export all drvAttrs (including stdenv, buildInputs, initialPath)
then source $stdenv/setup at runtime, exactly like `nix develop` does.
This runs cc-wrapper, pkg-config-wrapper, and all other setup hooks.
Also fix env-tests to save $out before sourcing (setup.sh resets it),
gate GHCR uploads to main branch (prevents PR pushes from overwriting
production images), gate hello.yml to main, and add pr-validate.yml
for PR closure validation via Hydra cache.
* Fix PR validation: paginated API response and devx invocation
gh api --paginate returns multiple JSON objects (one per page).
The old jq heredoc processed each page separately, producing
multiple arrays (some empty []) which GitHub Actions rejected
as invalid output format. Use jq --slurp to merge all pages
into a single array before filtering.
Also fix the validate step: the devx wrapper sources $1 as a
file path, it doesn't support bash-style -c. Write smoke test
commands to a temp file instead.
* Fix devx wrapper: set $out for stdenv/setup outside Nix builds
stdenv's setup.sh calls _assignFirst which requires $out to be set
for output variable assignment. Inside a Nix build the builder sets
$out automatically, but when running the devx wrapper directly
(containers, CI validation) $out is unset and setup.sh fails with:
error: _assignFirst: could not find a non-empty variable whose
name to assign to outputDev.
Fix in two places:
- mkEnvScript: wrapper sets $out to a temp dir when unset
- pr-validate.yml: set $out before invoking cached wrappers
that don't yet include the mkEnvScript fix
* Filter discover to only successfully built check-runs
Hydra posts check-runs at evaluation time before builds complete.
When flake.nix changes cause new derivation hashes, the discover
step would pick up store paths not yet available in any cache,
causing nix-store -r to fail on GH runners.
Filter for conclusion=="success" and valid /nix/store/ paths to
only validate closures that are actually built and cached.
* Set all Nix builder runtime vars for devx wrapper outside builds
setup.sh runs with set -eu and expects NIX_BUILD_TOP, TMPDIR, out,
and other variables that the Nix builder sets at runtime. The
previous fix only set $out; NIX_BUILD_TOP was the next failure.
Set all required builder runtime variables (NIX_BUILD_TOP, TMPDIR,
TMP, TEMP, TEMPDIR, NIX_STORE, out) in both mkEnvScript and the
CI validate step.
Verified locally on hydra: both static (ghc96-static-env) and
dynamic (ghc98-minimal-env) wrappers work correctly.
---------
Co-authored-by: Moritz Angermann <[email protected]>
