PG-853: Access control of pg_tde SQL functions (#277) #72
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: postgresql-16-ppg-package-pgxs | |
on: | |
pull_request: | |
workflow_dispatch: | |
push: | |
branches: [main] | |
jobs: | |
build: | |
name: pg-16-ppg-package-pgxs-build | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Remove old postgres | |
run: | | |
sudo apt-get update | |
sudo apt purge postgresql-client-common postgresql-common \ | |
postgresql postgresql* | |
sudo rm -rf /var/lib/postgresql /var/log/postgresql /etc/postgresql \ | |
/usr/lib/postgresql /usr/include/postgresql /usr/share/postgresql \ | |
/etc/postgresql | |
sudo rm -f /usr/bin/pg_config | |
- name: Install dependencies | |
run: | | |
sudo apt-get install -y libreadline6-dev systemtap-sdt-dev wget \ | |
zlib1g-dev libssl-dev libpam0g-dev bison flex libipc-run-perl \ | |
libcurl4-openssl-dev libhttp-server-simple-perl | |
sudo /usr/bin/perl -MCPAN -e 'install IPC::Run' | |
sudo /usr/bin/perl -MCPAN -e 'install Text::Trim' | |
wget -O- https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg | |
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list | |
sudo apt update && sudo apt install -y vault | |
- name: Install percona-release script | |
run: | | |
sudo apt-get -y update | |
sudo apt-get -y upgrade | |
sudo apt-get install -y wget gnupg2 curl lsb-release | |
sudo wget \ | |
https://repo.percona.com/apt/percona-release_latest.generic_all.deb | |
sudo dpkg -i percona-release_latest.generic_all.deb | |
- name: Install Percona Distribution Postgresql 16 & Extensions | |
run: | | |
sudo percona-release setup ppg-16 | |
sudo apt-get update -y | |
sudo apt-get install -y percona-postgresql-16 \ | |
percona-postgresql-contrib percona-postgresql-server-dev-all \ | |
percona-pgpool2 libpgpool2 percona-postgresql-16-pgaudit \ | |
percona-postgresql-16-pgaudit-dbgsym percona-postgresql-16-repack \ | |
percona-postgresql-16-repack-dbgsym percona-pgaudit16-set-user \ | |
percona-pgaudit16-set-user-dbgsym percona-postgresql-16-postgis-3 \ | |
percona-postgresql-16-postgis-3-scripts \ | |
percona-postgresql-postgis-scripts percona-postgresql-postgis \ | |
percona-postgis percona-pg-stat-monitor16 | |
- name: Clone pg_tde repository | |
uses: actions/checkout@master | |
with: | |
path: 'src/pg_tde' | |
- name: Change src owner to postgres | |
run: | | |
sudo chmod o+rx ~ | |
sudo chown -R postgres:postgres src | |
- name: Build pg_tde | |
run: | | |
sudo -u postgres bash -c './configure' | |
sudo -u postgres bash -c 'make USE_PGXS=1' | |
sudo make USE_PGXS=1 install | |
working-directory: src/pg_tde | |
- name: Start pg_tde tests | |
run: | | |
TV=$(mktemp) | |
{ exec >$TV; vault server -dev; } & | |
sleep 10 | |
export ROOT_TOKEN=$(cat $TV | grep "Root Token" | cut -d ":" -f 2 | xargs echo -n) | |
echo "Root token: $ROOT_TOKEN" | |
sudo psql -V | |
sudo service postgresql stop | |
echo "shared_preload_libraries = 'pg_tde'" | | |
sudo tee -a /etc/postgresql/16/main/postgresql.conf | |
sudo service postgresql start | |
sudo -u postgres bash -c "export ROOT_TOKEN=$ROOT_TOKEN && make installcheck USE_PGXS=1" | |
working-directory: src/pg_tde | |
- name: Report on test fail | |
uses: actions/upload-artifact@v4 | |
if: ${{ failure() }} | |
with: | |
name: Regressions diff and postgresql log | |
path: | | |
src/pg_tde/regression.diffs | |
src/pg_tde/logfile | |
retention-days: 3 | |
- name: Report on test fail 2 | |
if: ${{ failure() }} | |
run: | | |
cat src/pg_tde/regression.diffs | |
- name: Create release directory | |
run: | | |
sudo mkdir pgtde-ppg16 | |
sudo mkdir -p pgtde-ppg16/usr/lib/postgresql/16/lib/ | |
sudo mkdir -p pgtde-ppg16/share/postgresql/16/extension/ | |
sudo cp /usr/share/postgresql/16/extension/pg_tde* pgtde-ppg16/share/postgresql/16/extension/ | |
sudo cp /usr/lib/postgresql/16/lib/pg_tde* pgtde-ppg16/usr/lib/postgresql/16/lib/ | |
- name: Upload tgz | |
uses: actions/upload-artifact@v4 | |
with: | |
name: pg_tde_ppg16_binary | |
path: pgtde-ppg16 | |
- name: Create deb | |
run: | | |
sudo mkdir pgtde-ppg16/DEBIAN | |
sudo sh -c 'echo "Package: pgtde-ppg16" > pgtde-ppg16/DEBIAN/control' | |
sudo sh -c 'echo "Version: 0.1" >> pgtde-ppg16/DEBIAN/control' | |
sudo sh -c 'echo "Architecture: amd64" >> pgtde-ppg16/DEBIAN/control' | |
sudo sh -c 'echo "Maintainer: Percona" >> pgtde-ppg16/DEBIAN/control' | |
sudo sh -c 'echo "Description: Experimental pg_tde extension" >> pgtde-ppg16/DEBIAN/control' | |
sudo dpkg-deb --build --root-owner-group pgtde-ppg16 | |
- name: Test deb | |
run: | | |
sudo rm -rf /usr/share/postgresql/16/extension/pg_tde* | |
sudo rm -rf /usr/lib/postgresql/16/lib/pg_tde* | |
sudo dpkg -i --debug=7777 pgtde-ppg16.deb | |
- name: Upload deb | |
uses: actions/upload-artifact@v4 | |
with: | |
name: pg_tde_deb | |
path: pgtde-ppg16.deb | |
- name: Create tgz | |
run: | | |
cd pgtde-ppg16 && sudo tar -czvf ../pgtde-ppg16.tar.gz . | |
- name: Publish release | |
uses: ncipollo/release-action@v1 | |
# Only try and deploy on merged code | |
if: "github.repository == 'Percona-Lab/pg_tde' && github.ref_name == 'main' && (github.event_name == 'push' || github.event_name == 'schedule')" | |
with: | |
artifacts: "pgtde-ppg16.tar.gz,pgtde-ppg16.deb" | |
omitBody: true | |
allowUpdates: true | |
generateReleaseNotes: true | |
makeLatest: true | |
tag: "latest" | |
name: "HEAD" | |
replacesArtifacts: true |