[chore] fix CI config and update hsec tools and core

.github/workflows/haskell-ci.yml

@@ -40,16 +40,15 @@ jobs:
         with:
           ghc-version: ${{ matrix.ghc }}
           cabal-version: 'latest'
-      - name: Set up environment for ${{ matrix.os }}
-        run: |
-          if [ "${{ matrix.os }}" == "ubuntu-latest" ]; then
-            sudo apt-get update
-            sudo apt-get install -y libsodium-dev
-          elif [ "${{ matrix.os }}" == "macos-latest" ]; then
-            brew install libsodium
-          elif [ "${{ matrix.os }}" == "windows-latest" ]; then
-            choco install libsodium --version=1.0.18
-          fi
+      - name: Install libsodium ubuntu
+        if: ${{ matrix.os == "ubuntu-latest" }}
+        run: sudo apt-get install -y libsodium-dev
+      - name: Install libsodium macos
+        if: ${{ matrix.os == "macos-latest" }}
+        run: brew install libsodium
+      - name: Install libsodium windows
+        if: ${{ matrix.os == "windows-latest" }}
+        run:  choco install libsodium --version=1.0.18
       - name: Update 
         run: cabal update
       - name: Freeze

cabal.project

@@ -1,11 +1,17 @@
 packages:
   ./.
 
--- https://github.com/haskell/security-advisories/pull/201
+-- unreleased changes in hsec-tools and hsec-core
 source-repository-package
   type: git
   subdir: code/hsec-tools
-  location: https://github.com/mangoiv/security-advisories.git
-  tag: c1703e8cdb1b78a8692921a74a0584b66bef917e
+  location: https://github.com/haskell/security-advisories.git
+  tag: 4b773dd6d3ab31313fa7f2470053980af175bf27
+
+source-repository-package
+  type: git
+  subdir: code/hsec-core
+  location: https://github.com/haskell/security-advisories.git
+  tag: 4b773dd6d3ab31313fa7f2470053980af175bf27
 
 test-show-details: direct

flake.nix

@@ -99,13 +99,17 @@
             runtimeInputs = [pkgs.cabal2nix pkgs.alejandra];
             text = ''
               pushd "$PRJ_ROOT"/nix
-              cabal2nix cabal://hsec-core > ./hsec-core.nix
+              cabal2nix cabal://toml-parser > ./toml-parser.nix
               cabal2nix cabal://cvss > ./cvss.nix
               cabal2nix cabal://osv > ./osv.nix
-              # https://github.com/haskell/security-advisories/pull/201
+              # unreleased changes
+              # cabal2nix cabal://hsec-core > ./hsec-core.nix
               # cabal2nix cabal://hsec-tools > ./hsec-tools.nix
               cabal2nix https://github.com/haskell/security-advisories.git \
-                --revision 8e8b11e08d8026af91f4487391935dcdc8833c75 \
+                --revision 4b773dd6d3ab31313fa7f2470053980af175bf27 \
+                --subpath code/hsec-core/ > ./hsec-core.nix
+              cabal2nix https://github.com/haskell/security-advisories.git \
+                --revision 4b773dd6d3ab31313fa7f2470053980af175bf27 \
                 --subpath code/hsec-tools/ > ./hsec-tools.nix
               cabal2nix ../. > ./cabal-audit.nix
               alejandra ./.

nix/haskell-overlay.nix

@@ -5,7 +5,8 @@
   hsec-tools = hfinal.callPackage ./hsec-tools.nix {};
   cvss = hfinal.callPackage ./cvss.nix {};
 
-  toml-parser = hprev.toml-parser_2_0_0_0;
+  toml-parser = hfinal.callPackage ./toml-parser.nix {};
+
   Cabal-syntax = hprev.Cabal-syntax_3_10_3_0;
   Cabal = hprev.Cabal_3_10_3_0;
   sel = hlib.doJailbreak (hlib.markUnbroken hprev.sel);

nix/hsec-core.nix

@@ -3,6 +3,7 @@
   base,
   Cabal-syntax,
   cvss,
+  fetchgit,
   lib,
   osv,
   pandoc-types,
@@ -14,8 +15,14 @@
 }:
 mkDerivation {
   pname = "hsec-core";
-  version = "0.1.0.0";
-  sha256 = "036d33f56b0de81e85031eb2bb5357b4f36eaf3c50b22b5214258f1d76dbc679";
+  version = "0.2.0.0";
+  src = fetchgit {
+    url = "https://github.com/haskell/security-advisories.git";
+    sha256 = "1pi643pgsb3l9a7i2003wn3x3wh8sji8p5s5zz1nfj29qy2j0ldq";
+    rev = "4b773dd6d3ab31313fa7f2470053980af175bf27";
+    fetchSubmodules = true;
+  };
+  postUnpack = "sourceRoot+=/code/hsec-core/; echo source root reset to $sourceRoot";
   libraryHaskellDepends = [
     base
     Cabal-syntax

nix/hsec-tools.nix

@@ -13,6 +13,7 @@
   extra,
   feed,
   fetchgit,
+  file-embed,
   filepath,
   hsec-core,
   lib,
@@ -29,6 +30,7 @@
   tasty,
   tasty-golden,
   tasty-hunit,
+  template-haskell,
   text,
   time,
   toml-parser,
@@ -40,8 +42,8 @@ mkDerivation {
   version = "0.2.0.0";
   src = fetchgit {
     url = "https://github.com/haskell/security-advisories.git";
-    sha256 = "0j7q8mmlgi5rw82h75rz3nfh6d36qw805hwwy9d5mmchdpsgpall";
-    rev = "8e8b11e08d8026af91f4487391935dcdc8833c75";
+    sha256 = "1pi643pgsb3l9a7i2003wn3x3wh8sji8p5s5zz1nfj29qy2j0ldq";
+    rev = "4b773dd6d3ab31313fa7f2470053980af175bf27";
     fetchSubmodules = true;
   };
   postUnpack = "sourceRoot+=/code/hsec-tools/; echo source root reset to $sourceRoot";
@@ -50,6 +52,7 @@ mkDerivation {
   libraryHaskellDepends = [
     aeson
     base
+    bytestring
     Cabal-syntax
     commonmark
     commonmark-pandoc
@@ -58,6 +61,7 @@ mkDerivation {
     directory
     extra
     feed
+    file-embed
     filepath
     hsec-core
     lucid
@@ -68,6 +72,7 @@ mkDerivation {
     pathwalk
     process
     safe
+    template-haskell
     text
     time
     toml-parser

nix/toml-parser.nix

@@ -0,0 +1,45 @@
+{
+  mkDerivation,
+  alex,
+  array,
+  base,
+  containers,
+  happy,
+  hspec,
+  hspec-discover,
+  lib,
+  markdown-unlit,
+  prettyprinter,
+  template-haskell,
+  text,
+  time,
+  transformers,
+}:
+mkDerivation {
+  pname = "toml-parser";
+  version = "2.0.1.0";
+  sha256 = "03366d727abac9e30055487dbfa07973c321aff571a0de9e504337aa586697e1";
+  isLibrary = true;
+  isExecutable = true;
+  libraryHaskellDepends = [
+    array
+    base
+    containers
+    prettyprinter
+    text
+    time
+    transformers
+  ];
+  libraryToolDepends = [alex happy];
+  testHaskellDepends = [
+    base
+    containers
+    hspec
+    template-haskell
+    text
+    time
+  ];
+  testToolDepends = [hspec-discover markdown-unlit];
+  description = "TOML 1.0.0 parser";
+  license = lib.licenses.isc;
+}