Cardano Updates

Signed-off-by: Chris Gianelloni <[email protected]>

Signed-off-by: Chris Gianelloni <[email protected]>

Signed-off-by: Chris Gianelloni <[email protected]>

Add mkHydraNodeConfig smart constructor

Add config smart constructors for multi party configs

Signed-off-by: jeluard <[email protected]>

Signed-off-by: jeluard <[email protected]>

Signed-off-by: jeluard <[email protected]>

feat: do not emit error too fast when no OTEL endpoint

Signed-off-by: jeluard <[email protected]>

Signed-off-by: Roland Kuhn <[email protected]>

Signed-off-by: jeluard <[email protected]>

Signed-off-by: jeluard <[email protected]>

Two fixes for CI failures when consuming devx containers:

1. Use Nix-provided Bash in shebang instead of /usr/bin/env bash.
   On macOS GitHub Actions runners, /usr/bin/env bash resolves to
   Apple's Bash 3.2 (GPLv2), but nixpkgs' setup.sh requires Bash 5+.
   pkgs.bash is already in the closure via stdenv.

2. Disable NIX_ENFORCE_PURITY before sourcing stdenv/setup.
   The stdenv preHook defaults NIX_ENFORCE_PURITY to 1, causing
   cc-wrapper to reject -I/-L flags outside /nix/store/. This breaks
   cabal builds that use $HOME/.cabal-devx/store/. Setting it to empty
   before sourcing setup.sh matches nix develop behavior.

have rustfmt standardise imports

Two fixes for CI failures when consuming devx containers:

1. Use Nix-provided Bash in shebang instead of /usr/bin/env bash.
   On macOS GitHub Actions runners, /usr/bin/env bash resolves to
   Apple's Bash 3.2 (GPLv2), but nixpkgs' setup.sh requires Bash 5+.
   pkgs.bash is already in the closure via stdenv.

2. Disable NIX_ENFORCE_PURITY before sourcing stdenv/setup.
   The stdenv preHook defaults NIX_ENFORCE_PURITY to 1, causing
   cc-wrapper to reject -I/-L flags outside /nix/store/. This breaks
   cabal builds that use $HOME/.cabal-devx/store/. Setting it to empty
   before sourcing setup.sh matches nix develop behavior.

* Update to nixpkgs-2511 and bump dependencies

- Switch from nixpkgs-2411 to nixpkgs-2511
- Update cabal-experimental to stable-haskell/feature/cross-compile
- Bump haskell.nix, head.hackage, HLS 2.10→2.11
- Update cabal build configuration to inline constraints
- Fix flake packages attribute naming (dots → dashes)

* Enable all platforms and remove ghc810

- Add aarch64-linux to supportedSystems
- Re-enable macOS and aarch64-linux in CI workflows
- Remove ghc810 from compiler list
- Update lints workflow to use ghc96

* Replace recursive-nix -env jobs with devShellTools

The old -env job generation used recursive-nix to run
`nix print-dev-env` inside a derivation, which is not supported
on remote builders. Replace with pure evaluation-time approach:

- Use devShellTools.unstructuredDerivationInputEnv to extract
  environment variables from mkShell derivations
- Construct PATH via lib.makeBinPath from flattened buildInputs
- Filter internal nix variables, keeping only user-defined ones
- Generate self-contained wrapper scripts at eval time
- Update ghcr-upload.sh to match new -env.sh naming

* Fix nixpkgs-2511 build failures: happy, openssl, postgresql

- happy: disable disallowGhcReference check — happy-2.1.7
  transitively references GHC through happy-lib
- openssl musl: skip flaky OCSP test 82-test_ocsp_cert_chain.t
- postgresql musl: comprehensive fix for pkgsCross.musl64 which
  doesn't set isStatic=true, causing all optional features to
  default on:
  - Disable jitSupport, perlSupport, pythonSupport, tclSupport
  - Override llvmPackages_20 to prevent LLVM stdenv switch
  - Disable LTO (GCC + GNU ld .ltrans failures)
  - Clear outputChecks, disallowedReferences, separateDebugInfo
  - Break dev↔out and lib↔out reference cycles with
    remove-references-to

* Add -env-test Hydra jobs to validate devcontainer environments

Source each -env.sh script in a sandbox and verify that ghc, cabal,
and pkg-config are functional. Optionally checks HLS for non-minimal,
non-JS, non-Windows shells with compiler < 9.11. Catches PATH
construction errors, missing packages, and broken shellHooks that
would produce unusable containers. Not yet in `required` aggregate.

* Fix env wrapper with stdenv/setup, gate GHCR uploads to main

The devShellTools approach only captured Nix-level derivation attributes,
missing hook-computed variables (NIX_CFLAGS_COMPILE, NIX_LDFLAGS,
PKG_CONFIG_PATH, etc.) that stdenv setup hooks produce at shell init
time. This caused downstream "Missing C library" errors.

Fix: export all drvAttrs (including stdenv, buildInputs, initialPath)
then source $stdenv/setup at runtime, exactly like `nix develop` does.
This runs cc-wrapper, pkg-config-wrapper, and all other setup hooks.

Also fix env-tests to save $out before sourcing (setup.sh resets it),
gate GHCR uploads to main branch (prevents PR pushes from overwriting
production images), gate hello.yml to main, and add pr-validate.yml
for PR closure validation via Hydra cache.

* Fix PR validation: paginated API response and devx invocation

gh api --paginate returns multiple JSON objects (one per page).
The old jq heredoc processed each page separately, producing
multiple arrays (some empty []) which GitHub Actions rejected
as invalid output format. Use jq --slurp to merge all pages
into a single array before filtering.

Also fix the validate step: the devx wrapper sources $1 as a
file path, it doesn't support bash-style -c. Write smoke test
commands to a temp file instead.

* Fix devx wrapper: set $out for stdenv/setup outside Nix builds

stdenv's setup.sh calls _assignFirst which requires $out to be set
for output variable assignment. Inside a Nix build the builder sets
$out automatically, but when running the devx wrapper directly
(containers, CI validation) $out is unset and setup.sh fails with:

  error: _assignFirst: could not find a non-empty variable whose
  name to assign to outputDev.

Fix in two places:
- mkEnvScript: wrapper sets $out to a temp dir when unset
- pr-validate.yml: set $out before invoking cached wrappers
  that don't yet include the mkEnvScript fix

* Filter discover to only successfully built check-runs

Hydra posts check-runs at evaluation time before builds complete.
When flake.nix changes cause new derivation hashes, the discover
step would pick up store paths not yet available in any cache,
causing nix-store -r to fail on GH runners.

Filter for conclusion=="success" and valid /nix/store/ paths to
only validate closures that are actually built and cached.

* Set all Nix builder runtime vars for devx wrapper outside builds

setup.sh runs with set -eu and expects NIX_BUILD_TOP, TMPDIR, out,
and other variables that the Nix builder sets at runtime. The
previous fix only set $out; NIX_BUILD_TOP was the next failure.

Set all required builder runtime variables (NIX_BUILD_TOP, TMPDIR,
TMP, TEMP, TEMPDIR, NIX_STORE, out) in both mkEnvScript and the
CI validate step.

Verified locally on hydra: both static (ghc96-static-env) and
dynamic (ghc98-minimal-env) wrappers work correctly.

---------

Co-authored-by: Moritz Angermann <[email protected]>

Introduces a .small passthru variant on GHC derivations that opts out of
profiling libraries and Haddock documentation, significantly reducing closure
size for CI, Docker, and cross-compilation toolchain use cases.

Also fixes a pre-existing bug where `enableLibraryProfiling = false` had no
effect on Hadrian builds (GHC 9.4+): the `+no_profiled_libs` flavour
transformer was only applied for GHCJS/Wasm targets, silently ignoring the
parameter for all other platforms.

Changes:
- Add `enableHaddockDocs` parameter (default true, fully backwards-compatible)
- Fix legacy make build: HADDOCK_DOCS=NO now also honours enableHaddockDocs
- Fix Hadrian: +no_profiled_libs applied whenever enableLibraryProfiling=false
- Hadrian: --docs=nothing when enableHaddockDocs=false, no-sphinx otherwise
- Make sphinx and hscolour nativeBuildInputs conditional on enableHaddockDocs
- Add .small passthru variant (enableLibraryProfiling=false, enableHaddockDocs=false)

Usage: pkgs.haskell-nix.compiler.ghc967.small

following advice here: to override stupid, incorrect Linguist determination that our 99.9% Markdown code is >50% Python.