Skip to content

Lock internal and principal keys in RAM #75

Lock internal and principal keys in RAM

Lock internal and principal keys in RAM #75

name: postgresql-16-ppg-package-pgxs
on:
pull_request:
workflow_dispatch:
push:
branches: [main]
jobs:
build:
name: pg-16-ppg-package-pgxs-build
runs-on: ubuntu-22.04
steps:
- name: Remove old postgres
run: |
sudo apt-get update
sudo apt purge postgresql-client-common postgresql-common \
postgresql postgresql*
sudo rm -rf /var/lib/postgresql /var/log/postgresql /etc/postgresql \
/usr/lib/postgresql /usr/include/postgresql /usr/share/postgresql \
/etc/postgresql
sudo rm -f /usr/bin/pg_config
- name: Install dependencies
run: |
sudo apt-get install -y libreadline6-dev systemtap-sdt-dev wget \
zlib1g-dev libssl-dev libpam0g-dev bison flex libipc-run-perl \
libcurl4-openssl-dev libhttp-server-simple-perl
sudo /usr/bin/perl -MCPAN -e 'install IPC::Run'
sudo /usr/bin/perl -MCPAN -e 'install Text::Trim'
wget -O- https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list
sudo apt update && sudo apt install -y vault
- name: Install percona-release script
run: |
sudo apt-get -y update
sudo apt-get -y upgrade
sudo apt-get install -y wget gnupg2 curl lsb-release
sudo wget \
https://repo.percona.com/apt/percona-release_latest.generic_all.deb
sudo dpkg -i percona-release_latest.generic_all.deb
- name: Install Percona Distribution Postgresql 16 & Extensions
run: |
sudo percona-release setup ppg-16
sudo apt-get update -y
sudo apt-get install -y percona-postgresql-16 \
percona-postgresql-contrib percona-postgresql-server-dev-all \
percona-pgpool2 libpgpool2 percona-postgresql-16-pgaudit \
percona-postgresql-16-pgaudit-dbgsym percona-postgresql-16-repack \
percona-postgresql-16-repack-dbgsym percona-pgaudit16-set-user \
percona-pgaudit16-set-user-dbgsym percona-postgresql-16-postgis-3 \
percona-postgresql-16-postgis-3-scripts \
percona-postgresql-postgis-scripts percona-postgresql-postgis \
percona-postgis percona-pg-stat-monitor16
- name: Clone pg_tde repository
uses: actions/checkout@master
with:
path: 'src/pg_tde'
- name: Change src owner to postgres
run: |
sudo chmod o+rx ~
sudo chown -R postgres:postgres src
- name: Build pg_tde
run: |
sudo -u postgres bash -c './configure'
sudo -u postgres bash -c 'make USE_PGXS=1'
sudo make USE_PGXS=1 install
working-directory: src/pg_tde
- name: Start pg_tde tests
run: |
TV=$(mktemp)
{ exec >$TV; vault server -dev; } &
sleep 10
export ROOT_TOKEN=$(cat $TV | grep "Root Token" | cut -d ":" -f 2 | xargs echo -n)
echo "Root token: $ROOT_TOKEN"
sudo psql -V
sudo service postgresql stop
echo "shared_preload_libraries = 'pg_tde'" |
sudo tee -a /etc/postgresql/16/main/postgresql.conf
sudo service postgresql start
sudo -u postgres bash -c "export ROOT_TOKEN=$ROOT_TOKEN && make installcheck USE_PGXS=1"
working-directory: src/pg_tde
- name: Report on test fail
uses: actions/upload-artifact@v4
if: ${{ failure() }}
with:
name: Regressions diff and postgresql log
path: |
src/pg_tde/regression.diffs
src/pg_tde/logfile
retention-days: 3
- name: Report on test fail 2
if: ${{ failure() }}
run: |
cat src/pg_tde/regression.diffs
- name: Create release directory
run: |
sudo mkdir pgtde-ppg16
sudo mkdir -p pgtde-ppg16/usr/lib/postgresql/16/lib/
sudo mkdir -p pgtde-ppg16/share/postgresql/16/extension/
sudo cp /usr/share/postgresql/16/extension/pg_tde* pgtde-ppg16/share/postgresql/16/extension/
sudo cp /usr/lib/postgresql/16/lib/pg_tde* pgtde-ppg16/usr/lib/postgresql/16/lib/
- name: Upload tgz
uses: actions/upload-artifact@v4
with:
name: pg_tde_ppg16_binary
path: pgtde-ppg16
- name: Create deb
run: |
sudo mkdir pgtde-ppg16/DEBIAN
sudo sh -c 'echo "Package: pgtde-ppg16" > pgtde-ppg16/DEBIAN/control'
sudo sh -c 'echo "Version: 0.1" >> pgtde-ppg16/DEBIAN/control'
sudo sh -c 'echo "Architecture: amd64" >> pgtde-ppg16/DEBIAN/control'
sudo sh -c 'echo "Maintainer: Percona" >> pgtde-ppg16/DEBIAN/control'
sudo sh -c 'echo "Description: Experimental pg_tde extension" >> pgtde-ppg16/DEBIAN/control'
sudo dpkg-deb --build --root-owner-group pgtde-ppg16
- name: Test deb
run: |
sudo rm -rf /usr/share/postgresql/16/extension/pg_tde*
sudo rm -rf /usr/lib/postgresql/16/lib/pg_tde*
sudo dpkg -i --debug=7777 pgtde-ppg16.deb
- name: Upload deb
uses: actions/upload-artifact@v4
with:
name: pg_tde_deb
path: pgtde-ppg16.deb
- name: Create tgz
run: |
cd pgtde-ppg16 && sudo tar -czvf ../pgtde-ppg16.tar.gz .
- name: Publish release
uses: ncipollo/release-action@v1
# Only try and deploy on merged code
if: "github.repository == 'Percona-Lab/pg_tde' && github.ref_name == 'main' && (github.event_name == 'push' || github.event_name == 'schedule')"
with:
artifacts: "pgtde-ppg16.tar.gz,pgtde-ppg16.deb"
omitBody: true
allowUpdates: true
generateReleaseNotes: true
makeLatest: true
tag: "latest"
name: "HEAD"
replacesArtifacts: true