From 1ee5abba141e781e05a17a896f3018141982736c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tam=C3=A1s=20T=C3=B3th?= Date: Mon, 24 Jun 2024 17:52:29 +0200 Subject: [PATCH] Add workflow to run `actionlint` (#4468) [actionlint](https://github.com/rhysd/actionlint) is a static checker for GitHub Actions workflow files. This PR adds a workflow that runs `actionlint` to check `.yml` files in `.github/workflows`. It also cleans up some issues flagged by `shellcheck`, a linter for shell scripts `actionlint` calls out to. --------- Co-authored-by: Bruce Collie --- .github/actionlint.yaml | 5 ++ .github/workflows/develop.yml | 48 ++++++++--------- .github/workflows/master-pr.yml | 8 +-- .github/workflows/release.yml | 79 +++++++++++++++------------- .github/workflows/run-actionlint.yml | 16 ++++++ .github/workflows/test-pr.yml | 45 ++++++++-------- .github/workflows/update-deps.yml | 6 +-- 7 files changed, 118 insertions(+), 89 deletions(-) create mode 100644 .github/actionlint.yaml create mode 100644 .github/workflows/run-actionlint.yml diff --git a/.github/actionlint.yaml b/.github/actionlint.yaml new file mode 100644 index 00000000000..cdd80bc93a8 --- /dev/null +++ b/.github/actionlint.yaml @@ -0,0 +1,5 @@ +self-hosted-runner: + labels: + - MacM1 + - normal + - performance diff --git a/.github/workflows/develop.yml b/.github/workflows/develop.yml index 088b6676933..c3623290323 100644 --- a/.github/workflows/develop.yml +++ b/.github/workflows/develop.yml @@ -27,7 +27,7 @@ jobs: git checkout -B master origin/master old_develop="$(git merge-base origin/develop origin/master)" new_develop="$(git rev-parse origin/develop)" - if git diff --exit-code ${old_develop} ${new_develop} -- package/version; then + if git diff --exit-code "${old_develop}" "${new_develop}" -- package/version; then git merge --no-edit origin/develop ./package/version.sh bump else @@ -55,41 +55,41 @@ jobs: run: | set -euxo pipefail workspace=$(pwd) - docker run --name k-posting-profiling-tests-${GITHUB_SHA} \ - --rm -it --detach \ - -e BENCHER_API_TOKEN=$BENCHER_API_TOKEN \ - -e BENCHER_PROJECT=$BENCHER_PROJECT \ - -e BENCHER_ADAPTER=$BENCHER_ADAPTER \ - -e GITHUB_HEAD_REF=$GITHUB_HEAD_REF \ - -e GITHUB_BASE_REF=$GITHUB_BASE_REF \ - -e GITHUB_TOKEN=$GITHUB_TOKEN \ - -e GITHUB_ACTIONS=true \ - -e GITHUB_EVENT_NAME=$GITHUB_EVENT_NAME \ - -e GITHUB_EVENT_PATH=$GITHUB_EVENT_PATH \ - -e GITHUB_REPOSITORY=$GITHUB_REPOSITORY \ - -e GITHUB_REF=$GITHUB_REF \ - -e GITHUB_SHA=${GITHUB_SHA} \ - --workdir /opt/workspace \ - -v "${workspace}:/opt/workspace" \ - -v "${GITHUB_EVENT_PATH}:${GITHUB_EVENT_PATH}" \ - ${BASE_OS}:${BASE_DISTRO} + docker run --name "k-posting-profiling-tests-${GITHUB_SHA}" \ + --rm -it --detach \ + -e BENCHER_API_TOKEN="$BENCHER_API_TOKEN" \ + -e BENCHER_PROJECT="$BENCHER_PROJECT" \ + -e BENCHER_ADAPTER="$BENCHER_ADAPTER" \ + -e GITHUB_HEAD_REF="$GITHUB_HEAD_REF" \ + -e GITHUB_BASE_REF="$GITHUB_BASE_REF" \ + -e GITHUB_TOKEN="$GITHUB_TOKEN" \ + -e GITHUB_ACTIONS=true \ + -e GITHUB_EVENT_NAME="$GITHUB_EVENT_NAME" \ + -e GITHUB_EVENT_PATH="$GITHUB_EVENT_PATH" \ + -e GITHUB_REPOSITORY="$GITHUB_REPOSITORY" \ + -e GITHUB_REF="$GITHUB_REF" \ + -e GITHUB_SHA="$GITHUB_SHA" \ + --workdir /opt/workspace \ + -v "${workspace}:/opt/workspace" \ + -v "${GITHUB_EVENT_PATH}:${GITHUB_EVENT_PATH}" \ + "${BASE_OS}:${BASE_DISTRO}" - name: 'Setting up dependencies' run: | set -euxo pipefail - docker exec -t k-posting-profiling-tests-${GITHUB_SHA} /bin/bash -c './k-distribution/tests/profiling/setup_profiling.sh SKIP_K_BUILD' + docker exec -t "k-posting-profiling-tests-${GITHUB_SHA}" /bin/bash -c './k-distribution/tests/profiling/setup_profiling.sh SKIP_K_BUILD' - name: 'Getting Performance Tests Results' run: | set -euxo pipefail - docker exec -t k-posting-profiling-tests-${GITHUB_SHA} /bin/bash -c './k-distribution/tests/profiling/post_results_to_develop.py ${GITHUB_SHA}' + docker exec -t "k-posting-profiling-tests-${GITHUB_SHA}" /bin/bash -c './k-distribution/tests/profiling/post_results_to_develop.py "${GITHUB_SHA}"' - name: 'Posting Performance Tests Results' run: | set -euxo pipefail - docker exec -t k-posting-profiling-tests-${GITHUB_SHA} /bin/bash -c 'bencher run \ + docker exec -t "k-posting-profiling-tests-${GITHUB_SHA}" /bin/bash -c 'bencher run \ --if-branch "develop" --else-if-branch "master" \ --file .profiling-results.json --err --ci-only-on-alert \ --github-actions "${GITHUB_TOKEN}" "echo Exporting report"' - name: 'Tear down Docker' if: always() run: | - docker stop --time=0 k-posting-profiling-tests-${GITHUB_SHA} - docker container rm --force k-posting-profiling-tests-${GITHUB_SHA} || true + docker stop --time=0 "k-posting-profiling-tests-${GITHUB_SHA}" + docker container rm --force "k-posting-profiling-tests-${GITHUB_SHA}" || true diff --git a/.github/workflows/master-pr.yml b/.github/workflows/master-pr.yml index e96dfb1d31a..2dda01b9e34 100644 --- a/.github/workflows/master-pr.yml +++ b/.github/workflows/master-pr.yml @@ -25,8 +25,8 @@ jobs: run: | set -x pull_number=$(jq --raw-output .pull_request.number "${GITHUB_EVENT_PATH}") - curl -X PATCH \ - -H "Accept: application/vnd.github+json" \ - -H "Authorization: Bearer ${GITHUB_TOKEN}" \ - https://api.github.com/repos/runtimeverification/k/pulls/${pull_number} \ + curl -X PATCH \ + -H "Accept: application/vnd.github+json" \ + -H "Authorization: Bearer ${GITHUB_TOKEN}" \ + "https://api.github.com/repos/runtimeverification/k/pulls/${pull_number}" \ -d '{"base":"develop"}' diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index f45bfe88ef3..2c1fd886c47 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-24.04 steps: - name: 'Get release_id' - run: echo "release_id=$(jq --raw-output '.release.id' $GITHUB_EVENT_PATH)" >> ${GITHUB_OUTPUT} + run: echo "release_id=$(jq --raw-output '.release.id' "$GITHUB_EVENT_PATH")" >> "${GITHUB_OUTPUT}" id: release outputs: release_id: ${{ steps.release.outputs.release_id }} @@ -35,13 +35,14 @@ jobs: set -x version=$(cat package/version) tarball=kframework-${version}-src.tar.gz + # shellcheck disable=SC2038 find . -name .git | xargs rm -r CURDIR=$(pwd) cd .. - tar czvf ${tarball} $(basename ${CURDIR}) - mv ${tarball} ${CURDIR}/ - cd ${CURDIR} - gh release upload --repo runtimeverification/k --clobber v${version} ${tarball} + tar czvf "${tarball}" "$(basename "${CURDIR}")" + mv "${tarball}" "${CURDIR}/" + cd "${CURDIR}" + gh release upload --repo runtimeverification/k --clobber "v${version}" "${tarball}" cachix-release: name: 'k-framework-binary cachix release' @@ -114,8 +115,8 @@ jobs: run: | set -x version=$(cat package/version) - cp kframework_amd64_ubuntu_jammy.deb kframework_${version}_amd64_ubuntu_jammy.deb - gh release upload --repo runtimeverification/k --clobber v${version} kframework_${version}_amd64_ubuntu_jammy.deb + cp kframework_amd64_ubuntu_jammy.deb "kframework_${version}_amd64_ubuntu_jammy.deb" + gh release upload --repo runtimeverification/k --clobber "v${version}" "kframework_${version}_amd64_ubuntu_jammy.deb" - name: 'Build, Test, and Push Dockerhub Image' shell: bash {0} env: @@ -125,19 +126,19 @@ jobs: set -euxo pipefail version=$(cat package/version) version_tag=ubuntu-jammy-${version} - docker login --username rvdockerhub --password ${DOCKERHUB_PASSWORD} - docker image build . --file package/docker/Dockerfile.ubuntu-jammy --tag ${DOCKERHUB_REPO}:${version_tag} - docker run --name k-package-docker-test-jammy-${GITHUB_SHA} --rm -it --detach ${DOCKERHUB_REPO}:${version_tag} - docker exec -t k-package-docker-test-jammy-${GITHUB_SHA} bash -c 'cd ~ && echo "module TEST imports BOOL endmodule" > test.k' - docker exec -t k-package-docker-test-jammy-${GITHUB_SHA} bash -c 'cd ~ && kompile test.k --backend llvm' - docker exec -t k-package-docker-test-jammy-${GITHUB_SHA} bash -c 'cd ~ && kompile test.k --backend haskell' - docker exec -t k-package-docker-test-jammy-${GITHUB_SHA} bash -c 'cd ~ && pyk kompile test.k --backend llvm' - docker exec -t k-package-docker-test-jammy-${GITHUB_SHA} bash -c 'cd ~ && pyk kompile test.k --backend haskell' - docker image push ${DOCKERHUB_REPO}:${version_tag} + docker login --username rvdockerhub --password "${DOCKERHUB_PASSWORD}" + docker image build . --file package/docker/Dockerfile.ubuntu-jammy --tag "${DOCKERHUB_REPO}:${version_tag}" + docker run --name "k-package-docker-test-jammy-${GITHUB_SHA}" --rm -it --detach "${DOCKERHUB_REPO}:${version_tag}" + docker exec -t "k-package-docker-test-jammy-${GITHUB_SHA}" bash -c 'cd ~ && echo "module TEST imports BOOL endmodule" > test.k' + docker exec -t "k-package-docker-test-jammy-${GITHUB_SHA}" bash -c 'cd ~ && kompile test.k --backend llvm' + docker exec -t "k-package-docker-test-jammy-${GITHUB_SHA}" bash -c 'cd ~ && kompile test.k --backend haskell' + docker exec -t "k-package-docker-test-jammy-${GITHUB_SHA}" bash -c 'cd ~ && pyk kompile test.k --backend llvm' + docker exec -t "k-package-docker-test-jammy-${GITHUB_SHA}" bash -c 'cd ~ && pyk kompile test.k --backend haskell' + docker image push "${DOCKERHUB_REPO}:${version_tag}" - name: 'Clean up Docker Container' if: always() run: | - docker stop --time=0 k-package-docker-test-jammy-${GITHUB_SHA} + docker stop --time=0 "k-package-docker-test-jammy-${GITHUB_SHA}" - name: On Failure, Upload the kore-exec.tar.gz file to the Summary Page if: failure() uses: actions/upload-artifact@v4 @@ -193,7 +194,9 @@ jobs: # https://github.com/actions/runner-images/issues/6459 # https://github.com/actions/runner-images/issues/6507 # https://github.com/actions/runner-images/issues/2322 - brew list -1 | grep python | while read formula; do brew unlink $formula; brew link --overwrite $formula; done + + # shellcheck disable=SC2162 + brew list -1 | grep python | while read formula; do brew unlink "$formula"; brew link --overwrite "$formula"; done - name: Build brew bottle id: build @@ -209,15 +212,16 @@ jobs: ROOT_URL='https://github.com/runtimeverification/k/releases/download' wget "$ROOT_URL/v${VERSION}/kframework-${VERSION}-src.tar.gz" cd homebrew-k - ../kframework/package/macos/brew-update-to-local ${PACKAGE} ${VERSION} - git commit Formula/$PACKAGE.rb -m "Update ${PACKAGE} to ${VERSION}: part 1" - ../kframework/package/macos/brew-build-and-update-to-local-bottle ${PACKAGE} ${VERSION} ${ROOT_URL} + ../kframework/package/macos/brew-update-to-local "${PACKAGE}" "${VERSION}" + git commit "Formula/$PACKAGE.rb" -m "Update ${PACKAGE} to ${VERSION}: part 1" + ../kframework/package/macos/brew-build-and-update-to-local-bottle "${PACKAGE}" "${VERSION}" "${ROOT_URL}" git reset HEAD^ - LOCAL_BOTTLE_NAME=$(basename $(find . -name "kframework--${VERSION}.arm64_sonoma.bottle*.tar.gz")) - BOTTLE_NAME=$(echo ${LOCAL_BOTTLE_NAME#./} | sed 's!kframework--!kframework-!') - ../kframework/package/macos/brew-update-to-final ${PACKAGE} ${VERSION} ${ROOT_URL} - echo "path=${LOCAL_BOTTLE_NAME}" >> ${GITHUB_OUTPUT} - echo "path_remote=${BOTTLE_NAME}" >> ${GITHUB_OUTPUT} + LOCAL_BOTTLE_NAME=$(basename "$(find . -name "kframework--${VERSION}.arm64_sonoma.bottle*.tar.gz")") + # shellcheck disable=2001 + BOTTLE_NAME=$(echo "${LOCAL_BOTTLE_NAME#./}" | sed 's!kframework--!kframework-!') + ../kframework/package/macos/brew-update-to-final "${PACKAGE}" "${VERSION}" "${ROOT_URL}" + echo "path=${LOCAL_BOTTLE_NAME}" >> "${GITHUB_OUTPUT}" + echo "path_remote=${BOTTLE_NAME}" >> "${GITHUB_OUTPUT}" - name: Upload bottle uses: actions/upload-artifact@v4 @@ -279,7 +283,9 @@ jobs: # https://github.com/actions/runner-images/issues/6459 # https://github.com/actions/runner-images/issues/6507 # https://github.com/actions/runner-images/issues/2322 - brew list -1 | grep python | while read formula; do brew unlink $formula; brew link --overwrite $formula; done + + # shellcheck disable=SC2162 + brew list -1 | grep python | while read formula; do brew unlink "$formula"; brew link --overwrite "$formula"; done - name: 'Test brew bottle' id: test @@ -324,8 +330,8 @@ jobs: run: | set -x version=$(cat k-homebrew-checkout/package/version) - mv homebrew-k-old/${BOTTLE_NAME} homebrew-k-old/${REMOTE_BOTTLE_NAME} - gh release upload --repo runtimeverification/k --clobber v${version} homebrew-k-old/${REMOTE_BOTTLE_NAME} + mv "homebrew-k-old/${BOTTLE_NAME}" "homebrew-k-old/${REMOTE_BOTTLE_NAME}" + gh release upload --repo runtimeverification/k --clobber "v${version}" "homebrew-k-old/${REMOTE_BOTTLE_NAME}" - run: | git config --global user.name rv-jenkins @@ -385,16 +391,16 @@ jobs: MAVEN_PASSWORD: ${{ secrets.CLOUDREPO_PASSWORD }} run: | cat ~/.m2/settings.xml - docker exec -t k-release-ci-${GITHUB_SHA} bash -c 'mkdir -p /home/github-runner/.m2' - docker cp ~/.m2/settings.xml k-release-ci-${GITHUB_SHA}:/tmp/settings.xml - docker exec -t k-release-ci-${GITHUB_SHA} bash -c 'mv /tmp/settings.xml /home/github-runner/.m2/settings.xml' - docker exec -e MAVEN_USERNAME -e MAVEN_PASSWORD -t k-release-ci-${GITHUB_SHA} bash -c "mvn --batch-mode deploy" + docker exec -t "k-release-ci-${GITHUB_SHA}" bash -c 'mkdir -p /home/github-runner/.m2' + docker cp ~/.m2/settings.xml "k-release-ci-${GITHUB_SHA}:/tmp/settings.xml" + docker exec -t "k-release-ci-${GITHUB_SHA} bash" -c 'mv /tmp/settings.xml /home/github-runner/.m2/settings.xml' + docker exec -e MAVEN_USERNAME -e MAVEN_PASSWORD -t "k-release-ci-${GITHUB_SHA}" bash -c "mvn --batch-mode deploy" - name: 'Tear down Docker' if: always() run: | - docker stop --time=0 k-release-ci-${GITHUB_SHA} - docker container rm --force k-release-ci-${GITHUB_SHA} || true + docker stop --time=0 "k-release-ci-${GITHUB_SHA}" + docker container rm --force "k-release-ci-${GITHUB_SHA}" || true - name: Publish release uses: actions/github-script@v7 @@ -455,7 +461,7 @@ jobs: -H "Authorization: Bearer ${GITHUB_TOKEN}" \ -H "X-GitHub-Api-Version: 2022-11-28" \ https://api.github.com/repos/runtimeverification/devops/dispatches \ - -d '{"event_type":"on-demand-test","client_payload":{"repo":"runtimeverification/k","version":"'${VERSION}'"}}' + -d '{"event_type":"on-demand-test","client_payload":{"repo":"runtimeverification/k","version":"'"${VERSION}"'"}}' pyk-build-docs: name: 'Build Pyk Documentation' @@ -532,6 +538,7 @@ jobs: npm run build-sitemap cd - mv web/public_content ./ + # shellcheck disable=SC2046 rm -rf $(find . -maxdepth 1 -not -name public_content -a -not -name .git -a -not -path . -a -not -path .. -a -not -name CNAME) mv public_content/* ./ rm -rf public_content diff --git a/.github/workflows/run-actionlint.yml b/.github/workflows/run-actionlint.yml new file mode 100644 index 00000000000..2d7cd5f6a09 --- /dev/null +++ b/.github/workflows/run-actionlint.yml @@ -0,0 +1,16 @@ +name: Lint GitHub Actions workflows +on: pull_request + +jobs: + actionlint: + name: Run actionlint + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Download actionlint + id: get_actionlint + run: bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash) + shell: bash + - name: Check workflow files + run: ${{ steps.get_actionlint.outputs.executable }} -color + shell: bash diff --git a/.github/workflows/test-pr.yml b/.github/workflows/test-pr.yml index 4d43a311ed7..77a19e55e99 100644 --- a/.github/workflows/test-pr.yml +++ b/.github/workflows/test-pr.yml @@ -81,12 +81,12 @@ jobs: distro: jammy llvm: 15 - name: 'Build and Test K' - run: docker exec -t k-ci-${GITHUB_SHA} /bin/bash -c 'mvn verify -Dspotless.check.skip=true --batch-mode -U' + run: docker exec -t "k-ci-${GITHUB_SHA}" /bin/bash -c 'mvn verify -Dspotless.check.skip=true --batch-mode -U' - name: 'Tear down Docker' if: always() run: | - docker stop --time=0 k-ci-${GITHUB_SHA} - docker container rm --force k-ci-${GITHUB_SHA} || true + docker stop --time=0 "k-ci-${GITHUB_SHA}" + docker container rm --force "k-ci-${GITHUB_SHA}" || true test-package-ubuntu-jammy: @@ -222,10 +222,11 @@ jobs: GC_DONT_GC: '1' run: | nix --version - export JQ=$(nix-build '' -A jq --no-link)/bin/jq + JQ=$(nix-build '' -A jq --no-link)/bin/jq + export JQ k=$(nix build . --print-build-logs --json | $JQ -r '.[].outputs | to_entries[].value') - drv=$(nix-store --query --deriver ${k}) - nix-store --query --requisites ${drv} | cachix push k-framework + drv=$(nix-store --query --deriver "$k") + nix-store --query --requisites "$drv" | cachix push k-framework - name: 'Smoke test K' run: GC_DONT_GC=1 nix build --print-build-logs .#smoke-test # These tests take a really long time to run on other platforms, so we @@ -366,33 +367,33 @@ jobs: run: | set -euxo pipefail workspace=$(pwd) - docker run --name k-profiling-tests-${GITHUB_SHA} \ + docker run --name "k-profiling-tests-${GITHUB_SHA}" \ --rm -it --detach --user root \ - -e BENCHER_API_TOKEN=$BENCHER_API_TOKEN \ - -e BENCHER_PROJECT=$BENCHER_PROJECT \ - -e BENCHER_ADAPTER=$BENCHER_ADAPTER \ - -e GITHUB_HEAD_REF=$GITHUB_HEAD_REF \ - -e GITHUB_BASE_REF=$GITHUB_BASE_REF \ - -e GITHUB_TOKEN=$GITHUB_TOKEN \ + -e BENCHER_API_TOKEN="$BENCHER_API_TOKEN" \ + -e BENCHER_PROJECT="$BENCHER_PROJECT" \ + -e BENCHER_ADAPTER="$BENCHER_ADAPTER" \ + -e GITHUB_HEAD_REF="$GITHUB_HEAD_REF" \ + -e GITHUB_BASE_REF="$GITHUB_BASE_REF" \ + -e GITHUB_TOKEN="$GITHUB_TOKEN" \ -e GITHUB_ACTIONS=true \ - -e GITHUB_EVENT_NAME=$GITHUB_EVENT_NAME \ - -e GITHUB_EVENT_PATH=$GITHUB_EVENT_PATH \ - -e GITHUB_REPOSITORY=$GITHUB_REPOSITORY \ - -e GITHUB_REF=$GITHUB_REF \ + -e GITHUB_EVENT_NAME="$GITHUB_EVENT_NAME" \ + -e GITHUB_EVENT_PATH="$GITHUB_EVENT_PATH" \ + -e GITHUB_REPOSITORY="$GITHUB_REPOSITORY" \ + -e GITHUB_REF="$GITHUB_REF" \ --workdir /opt/workspace \ -v "${workspace}:/opt/workspace" \ -v "${GITHUB_EVENT_PATH}:${GITHUB_EVENT_PATH}" \ - runtimeverificationinc/k-profiling-tests-${GITHUB_SHA} + "runtimeverificationinc/k-profiling-tests-${GITHUB_SHA}" - name: 'Install K from Package' run: | set -euxo pipefail - docker exec -t k-profiling-tests-${GITHUB_SHA} /bin/bash -c './k-distribution/tests/profiling/setup_profiling.sh' + docker exec -t "k-profiling-tests-${GITHUB_SHA}" /bin/bash -c './k-distribution/tests/profiling/setup_profiling.sh' - name: 'Profiling Performance Tests' run: | set -euxo pipefail - docker exec -t k-profiling-tests-${GITHUB_SHA} /bin/bash -c 'cd k-distribution/tests/profiling && make' + docker exec -t "k-profiling-tests-${GITHUB_SHA}" /bin/bash -c 'cd k-distribution/tests/profiling && make' - name: 'Tear down Docker' if: always() run: | - docker stop --time=0 k-profiling-tests-${GITHUB_SHA} - docker container rm --force k-profiling-tests-${GITHUB_SHA} || true + docker stop --time=0 "k-profiling-tests-${GITHUB_SHA}" + docker container rm --force "k-profiling-tests-${GITHUB_SHA}" || true diff --git a/.github/workflows/update-deps.yml b/.github/workflows/update-deps.yml index 6edafbfacc8..9a66903a64b 100644 --- a/.github/workflows/update-deps.yml +++ b/.github/workflows/update-deps.yml @@ -48,16 +48,16 @@ jobs: hs_backend_version=$(cat deps/haskell-backend_release) cd haskell-backend/src/main/native/haskell-backend - git checkout ${hs_backend_version} + git checkout "${hs_backend_version}" cd - - sed -i 's! haskell-backend.url = "github:runtimeverification/haskell-backend/.*";! haskell-backend.url = "github:runtimeverification/haskell-backend/'${hs_backend_version}'";!' flake.nix + sed -i 's! haskell-backend.url = "github:runtimeverification/haskell-backend/.*";! haskell-backend.url = "github:runtimeverification/haskell-backend/'"${hs_backend_version}"'";!' flake.nix if git add flake.nix haskell-backend/src/main/native/haskell-backend && git commit -m "flake.nix, haskell-backend/src/main/native/haskell-backend: update to version ${hs_backend_version}"; then changed=true fi llvm_backend_version="v$(cat deps/llvm-backend_release)" cd llvm-backend/src/main/native/llvm-backend - git checkout ${llvm_backend_version} + git checkout "${llvm_backend_version}" cd - sed -i 's! url = "github:runtimeverification/llvm-backend/.*";! url = "github:runtimeverification/llvm-backend/'"${llvm_backend_version}"'";!' flake.nix if git add flake.nix llvm-backend/src/main/native/llvm-backend && git commit -m "flake.nix, llvm-backend/src/main/native/llvm-backend: update to version ${llvm_backend_version}"; then