Skip to content

Bump github/codeql-action from 3.27.9 to 3.28.0 #521

Bump github/codeql-action from 3.27.9 to 3.28.0

Bump github/codeql-action from 3.27.9 to 3.28.0 #521

name: postgresql-16-ppg-package-pgxs
on:
pull_request:
workflow_dispatch:
push:
branches: [main]
permissions:
contents: read
jobs:
build:
permissions:
contents: write # for ncipollo/release-action to create a release
name: pg-16-ppg-package-pgxs-build
runs-on: ubuntu-22.04
steps:
- name: Remove old postgres
run: |
sudo apt-get update
sudo apt purge postgresql-client-common postgresql-common \
postgresql postgresql*
sudo rm -rf /var/lib/postgresql /var/log/postgresql /etc/postgresql \
/usr/lib/postgresql /usr/include/postgresql /usr/share/postgresql \
/etc/postgresql
sudo rm -f /usr/bin/pg_config
- name: Install dependencies
run: |
sudo apt-get install -y libreadline6-dev systemtap-sdt-dev wget \
zlib1g-dev libssl-dev libpam0g-dev bison flex libipc-run-perl \
libcurl4-openssl-dev libhttp-server-simple-perl python3-pykmip
sudo /usr/bin/perl -MCPAN -e 'install IPC::Run'
sudo /usr/bin/perl -MCPAN -e 'install Text::Trim'
wget -O- https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list
sudo apt update && sudo apt install -y vault
- name: Install percona-release script
run: |
sudo apt-get -y update
sudo apt-get -y upgrade
sudo apt-get install -y wget gnupg2 curl lsb-release
sudo wget \
https://repo.percona.com/apt/percona-release_latest.generic_all.deb
sudo dpkg -i percona-release_latest.generic_all.deb
- name: Install Percona Distribution Postgresql 16 & Extensions
run: |
sudo percona-release setup ppg-16
sudo apt-get update -y
sudo apt-get install -y percona-postgresql-16 \
percona-postgresql-contrib percona-postgresql-server-dev-all \
percona-pgpool2 libpgpool2 percona-postgresql-16-pgaudit \
percona-postgresql-16-pgaudit-dbgsym percona-postgresql-16-repack \
percona-postgresql-16-repack-dbgsym percona-pgaudit16-set-user \
percona-pgaudit16-set-user-dbgsym percona-postgresql-16-postgis-3 \
percona-postgresql-16-postgis-3-scripts \
percona-postgresql-postgis-scripts percona-postgresql-postgis \
percona-postgis percona-pg-stat-monitor16
- name: Clone pg_tde repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
path: 'src/pg_tde'
- name: Checkout libkmip submodule
run: |
git submodule update --init --recursive
working-directory: src/pg_tde
- name: Change src owner to postgres
run: |
sudo chmod o+rx ~
sudo chown -R postgres:postgres src
- name: Build pg_tde
run: |
sudo -u postgres bash -c 'make USE_PGXS=1'
sudo make USE_PGXS=1 install
working-directory: src/pg_tde
- name: Setup kmip 1
run: |
wget https://raw.githubusercontent.com/OpenKMIP/PyKMIP/refs/heads/master/bin/create_certificates.py
python3 create_certificates.py
cat client_certificate_jane_doe.pem >> client_key_jane_doe.pem
working-directory: /tmp
- name: Start pg_tde tests
run: |
TV=$(mktemp)
{ exec >$TV; vault server -dev; } &
pykmip-server -f `pwd`/../contrib/pg_tde/pykmip-server.conf -l /tmp/kmip-server.log &
sleep 10
export ROOT_TOKEN=$(cat $TV | grep "Root Token" | cut -d ":" -f 2 | xargs echo -n)
echo "Root token: $ROOT_TOKEN"
sudo psql -V
sudo service postgresql stop
echo "shared_preload_libraries = 'pg_tde'" |
sudo tee -a /etc/postgresql/16/main/postgresql.conf
sudo service postgresql start
sudo -u postgres bash -c "export ROOT_TOKEN=$ROOT_TOKEN && make installcheck USE_PGXS=1"
working-directory: src/pg_tde
- name: Report on test fail
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
if: ${{ failure() }}
with:
name: Regressions diff and postgresql log
path: |
src/pg_tde/regression.diffs
src/pg_tde/logfile
retention-days: 3
- name: Report on test fail 2
if: ${{ failure() }}
run: |
cat src/pg_tde/regression.diffs
- name: Create release directory
run: |
sudo mkdir pgtde-ppg16
sudo mkdir -p pgtde-ppg16/usr/lib/postgresql/16/lib/
sudo mkdir -p pgtde-ppg16/share/postgresql/16/extension/
sudo cp /usr/share/postgresql/16/extension/pg_tde* pgtde-ppg16/share/postgresql/16/extension/
sudo cp /usr/lib/postgresql/16/lib/pg_tde* pgtde-ppg16/usr/lib/postgresql/16/lib/
- name: Upload tgz
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: pg_tde_ppg16_binary
path: pgtde-ppg16
- name: Create deb
run: |
sudo mkdir pgtde-ppg16/DEBIAN
sudo sh -c 'echo "Package: pgtde-ppg16" > pgtde-ppg16/DEBIAN/control'
sudo sh -c 'echo "Version: 0.1" >> pgtde-ppg16/DEBIAN/control'
sudo sh -c 'echo "Architecture: amd64" >> pgtde-ppg16/DEBIAN/control'
sudo sh -c 'echo "Maintainer: Percona" >> pgtde-ppg16/DEBIAN/control'
sudo sh -c 'echo "Description: Experimental pg_tde extension" >> pgtde-ppg16/DEBIAN/control'
sudo dpkg-deb --build --root-owner-group pgtde-ppg16
- name: Test deb
run: |
sudo rm -rf /usr/share/postgresql/16/extension/pg_tde*
sudo rm -rf /usr/lib/postgresql/16/lib/pg_tde*
sudo dpkg -i --debug=7777 pgtde-ppg16.deb
- name: Upload deb
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: pg_tde_deb
path: pgtde-ppg16.deb
- name: Create tgz
run: |
cd pgtde-ppg16 && sudo tar -czvf ../pgtde-ppg16.tar.gz .
- name: Publish release
uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 # v1.14.0
# Only try and deploy on merged code
if: "github.repository == 'percona/pg_tde' && github.ref_name == 'main' && (github.event_name == 'push' || github.event_name == 'schedule')"
with:
artifacts: "pgtde-ppg16.tar.gz,pgtde-ppg16.deb"
omitBody: true
allowUpdates: true
generateReleaseNotes: true
makeLatest: true
tag: "latest"
name: "HEAD"
replacesArtifacts: true