deps: centralize toolchain pins (Alpine, macOS target, Python) in versions.env#58
Merged
Merged
Conversation
…sions.env
versions.env was only the source of truth for MUMPS / OpenBLAS / GHC.
Other toolchain pins (Alpine base image, MACOSX_DEPLOYMENT_TARGET,
Python version) were duplicated as literals across the Dockerfile,
three build/prebuild workflows, two pyvolca workflows, and three shell
scripts. A real drift case just hit us: docker/Dockerfile pinned
OPENBLAS_VERSION=0.3.27 as an ARG default while versions.env had moved
to 0.3.33, so `./docker-build.sh` silently kept building the older
release until a fresh container build failed unrelatedly.
Make versions.env the single source for every toolchain pin:
* Dockerfile now sources OPENBLAS_VERSION from /tmp/versions.env (same
pattern MUMPS_VERSION already used). ALPINE_VERSION is an ARG with
no default — docker/docker-build.sh sources versions.env and passes
--build-arg. No default on purpose: a stale default is exactly how
OpenBLAS drifted.
* The three build/prebuild workflows (_build-matrix, prebuild-mumps,
prebuild-cabal-store) gain a tiny `versions` job that reads
versions.env and exposes alpine + macos_target as job outputs. The
build matrix references those at job level for `container:` and the
workflow-level `MACOSX_DEPLOYMENT_TARGET` env. matrix.container is
gone — `if: matrix.os == 'linux'` replaces the brittle
`matrix.container == 'alpine:3.23'` string compare.
* pyvolca.yml and pyvolca-release.yml gain the same versions job and
reference its python output for setup-python.
* build.sh, build-mumps.sh and gen-cabal-config.sh replace the
`${MACOSX_DEPLOYMENT_TARGET:-13.0}` fallbacks with `:?`, so a
standalone invocation without sourcing versions.env now fails fast
with a clear message instead of silently reverting to a stale
default.
Bumping any toolchain pin is now a one-line edit in versions.env.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
versions.env was only the source of truth for MUMPS / OpenBLAS / GHC. Other toolchain pins (Alpine base image,
MACOSX_DEPLOYMENT_TARGET, Python version) were duplicated as literals across the Dockerfile, three build/prebuild workflows, two pyvolca workflows, and three shell scripts.A real drift case just hit us:
docker/DockerfilepinnedOPENBLAS_VERSION=0.3.27as an ARG default while versions.env had moved to0.3.33, so./docker-build.shsilently kept building the older release until a fresh container build failed unrelatedly. This PR makes versions.env the single source for every toolchain pin so the next bump is a one-line edit.Changes
OPENBLAS_VERSIONfrom/tmp/versions.env(same patternMUMPS_VERSIONalready used).ALPINE_VERSIONis anARGwith no default —docker/docker-build.shsourcesversions.envand passes--build-arg. No default on purpose: a stale default is exactly how OpenBLAS drifted.versionsjob that readsversions.envand exposesalpine+macos_targetas job outputs. The build matrix references those at job level forcontainer:and the workflow-levelMACOSX_DEPLOYMENT_TARGETenv.matrix.containeris gone;if: matrix.os == 'linux'replaces the brittlematrix.container == 'alpine:3.23'string compare.versionsjob and reference itspythonoutput forsetup-python.${MACOSX_DEPLOYMENT_TARGET:-13.0}fallbacks with:?, so a standalone invocation without sourcing versions.env now fails fast with a clear message instead of silently reverting to a stale default.Test plan
./deploy.sh ecobalyserebuilds thevolca-with-frontendimage cleanly (this is what surfaced the OpenBLAS drift in the first place).prebuild-mumps.yml,prebuild-cabal-store.yml, and the build matrix to confirm the newversionsjob + container wiring work end-to-end.pyvolca.ymlto confirmpython-versionresolves to3.12via the versions job.Downstream
Consumers of
docker/Dockerfileoutside this repo must sourceversions.envand pass--build-arg ALPINE_VERSION=...themselves (the docker-build.sh wrapper here already does it). Forvolca-deploy/, the matching follow-up is at ccomb/volca-deploy#16.