Open hasufell opened 4 months ago
Hi! That's a great idea. Providing contribution instructions using cabal should be trivial, it should already “just work”. I will do that.
I probably won’t maintain a stack.yaml though, I never personally use that tool and it is kinda subsumed by what nix does.
This would be great. For example, trying just now:
git clone git@github.com:MangoIV/cabal-audit.git
cd cabal-audit
cabal update
cabal install
cabal run cabal-audit
Apparently does not work, resulting in the following error:
cabal-audit failed:
Listing the advisories in directory /tmp/cabal-audit-f2a93cceff80dacf failed with:
[AdvisoryError [MatchMessage {matchAnn = Nothing, matchPath = [], matchMessage = "missing mandatory key: advisory.date"}] "missing mandatory key: advisory.date in <top-level>\n",AdvisoryError [MatchMessage {matchAnn = Nothing, matchPath = [], matchMessage = "missing mandatory key: advisory.date"}] "missing mandatory key: advisory.date in <top-level>\n",AdvisoryError [MatchMessage {matchAnn = Nothing, matchPath = [], matchMessage = "missing mandatory key: advisory.date"}] "missing mandatory key: advisory.date in <top-level>\n",AdvisoryError [MatchMessage {matchAnn = Nothing, matchPath = [], matchMessage = "missing mandatory key: advisory.date"}] "missing mandatory key: advisory.date in <top-level>\n",AdvisoryError [MatchMessage {matchAnn = Nothing, matchPath = [], matchMessage = "missing mandatory key: advisory.date"}] "missing mandatory key: advisory.date in <top-level>\n",AdvisoryError [MatchMessage {matchAnn = Nothing, matchPath = [], matchMessage = "missing mandatory key: advisory.date"}] "missing mandatory key: advisory.date in <top-level>\n",AdvisoryError [MatchMessage {matchAnn = Nothing, matchPath = [], matchMessage = "missing mandatory key: advisory.date"}] "missing mandatory key: advisory.date in <top-level>\n",AdvisoryError [MatchMessage {matchAnn = Nothing, matchPath = [], matchMessage = "missing mandatory key: advisory.date"}] "missing mandatory key: advisory.date in <top-level>\n",AdvisoryError [MatchMessage {matchAnn = Nothing, matchPath = [], matchMessage = "missing mandatory key: advisory.date"}] "missing mandatory key: advisory.date in <top-level>\n",AdvisoryError [MatchMessage {matchAnn = Nothing, matchPath = [], matchMessage = "missing mandatory key: advisory.date"}] "missing mandatory key: advisory.date in <top-level>\n",AdvisoryError [MatchMessage {matchAnn = Nothing, matchPath = [], matchMessage = "missing mandatory key: advisory.date"}] "missing mandatory key: advisory.date in <top-level>\n",AdvisoryError [MatchMessage {matchAnn = Nothing, matchPath = [], matchMessage = "missing mandatory key: advisory.date"}] "missing mandatory key: advisory.date in <top-level>\n",AdvisoryError [MatchMessage {matchAnn = Nothing, matchPath = [], matchMessage = "missing mandatory key: advisory.date"}] "missing mandatory key: advisory.date in <top-level>\n",AdvisoryError [MatchMessage {matchAnn = Nothing, matchPath = [], matchMessage = "missing mandatory key: advisory.date"}] "missing mandatory key: advisory.date in <top-level>\n",AdvisoryError [MatchMessage {matchAnn = Nothing, matchPath = [], matchMessage = "missing mandatory key: advisory.date"}] "missing mandatory key: advisory.date in <top-level>\n",AdvisoryError [MatchMessage {matchAnn = Nothing, matchPath = [], matchMessage = "missing mandatory key: advisory.date"}] "missing mandatory key: advisory.date in <top-level>\n",AdvisoryError [MatchMessage {matchAnn = Nothing, matchPath = [], matchMessage = "missing mandatory key: advisory.date"}] "missing mandatory key: advisory.date in <top-level>\n",AdvisoryError [MatchMessage {matchAnn = Nothing, matchPath = [], matchMessage = "missing mandatory key: advisory.date"}] "missing mandatory key: advisory.date in <top-level>\n"]
can you come around? I don’t think the reason has anything to do with the installation, it’s an upstream bug in the security advisories tooling. The PR I have open there will fix it.
The issue is how git
outputs dates and how the security-advisories tooling parsers them.
Both the installation section and the contribution section tell me to use nix as the first option. In the worst case, this will make an uninformed newcomer install nix and go down a rabbit hole of tooling nightmares (YMMV).
I suggest to be a bit more balanced. Cabal and Stack are by far the most popular options to build haskell projects: https://taylor.fausak.me/2022/11/18/haskell-survey-results/#s3q0
I don't see a
stack.yaml
in this repo either.