I created a Github Action that (regularly or when triggered manually)
- Checks out your repository
- Uses
cabal bounds
to recognize bumpable dependencies - Build and tests (
cabal build && cabal test
), forcing the use of that dependency with--allow-newer
and--constraint
- Update the cabal file accordingly
- Create a PR (or update an existing PR)
Step three is crucial, becase with the typical Haskell CI setup, a PR that just bumps the dependency is not enough:
Imagine your package foo
depends on bar < 1.2
and baz
. Now bar-1.2
is released, and someone (or something) creates a PR against your repository changing the version bound to bar < 1.3
. Your CI runs the usual set of tests, and turns . You merge the PR. All well?
No! If baz
happens to depend on bar < 1.2
and no new version is available yet, your CI still silently used the old version of bar
!
This is why this action test the compatibility with precisely that new version.
(There may be ways to have your existing CI perform such logic, see this haskell-ci
issue. Then the PR creation would be much simpler, and could even be delegated to tools like dependabot or renovate. But I expect we don’t have that in most cases).
See this README section for more answers to possible questions about this tool.
This is very new, just created with @andreasabel during MuniHac, so grab it now and enjoy finding problems before someone else does!