PG-1244 Added a limitation about KMS configuration update #406
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: postgresql-pgdg-package-pgxs | |
on: | |
pull_request: | |
workflow_dispatch: | |
push: | |
branches: [main] | |
permissions: | |
contents: read | |
jobs: | |
build: | |
permissions: | |
contents: write # for ncipollo/release-action to create a release | |
name: pg-pgdg-package-pgxs-build | |
runs-on: ubuntu-24.04 | |
strategy: | |
matrix: | |
postgresql-version: [16, 17] | |
steps: | |
- name: Remove old postgres | |
run: | | |
sudo apt-get update | |
sudo apt purge postgresql-client-common postgresql-common \ | |
postgresql postgresql* | |
sudo rm -rf /var/lib/postgresql /var/log/postgresql /etc/postgresql \ | |
/usr/lib/postgresql /usr/include/postgresql /usr/share/postgresql \ | |
/etc/postgresql | |
sudo rm -f /usr/bin/pg_config | |
- name: Install dependencies | |
run: | | |
sudo apt-get install -y libreadline6-dev systemtap-sdt-dev wget \ | |
zlib1g-dev libssl-dev libpam0g-dev bison flex libipc-run-perl \ | |
libcurl4-openssl-dev libhttp-server-simple-perl python3-pykmip | |
sudo /usr/bin/perl -MCPAN -e 'install IPC::Run' | |
sudo /usr/bin/perl -MCPAN -e 'install Text::Trim' | |
wget -O- https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg | |
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list | |
sudo apt update && sudo apt install -y vault | |
- name: Install PG Distribution Postgresql | |
env: | |
POSTGRESQL_VERSION: ${{ matrix.postgresql-version }} | |
run: | | |
sudo sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt \ | |
$(lsb_release -cs)-pgdg main $POSTGRESQL_VERSION" > /etc/apt/sources.list.d/pgdg.list' | |
sudo wget --quiet -O - \ | |
https://www.postgresql.org/media/keys/ACCC4CF8.asc | | |
sudo apt-key add - | |
sudo apt update | |
sudo apt -y install postgresql-$POSTGRESQL_VERSION postgresql-server-dev-$POSTGRESQL_VERSION | |
- name: Clone pg_tde repository | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
path: 'src/pg_tde' | |
- name: Checkout libkmip submodule | |
run: | | |
git submodule update --init --recursive | |
working-directory: src/pg_tde | |
- name: Change src owner to postgres | |
run: | | |
sudo chmod o+rx ~ | |
sudo chown -R postgres:postgres src | |
- name: Build pg_tde | |
env: | |
POSTGRESQL_VERSION: ${{ matrix.postgresql-version }} | |
run: | | |
sudo -u postgres bash -c 'make USE_PGXS=1' | |
sudo make USE_PGXS=1 MAJORVERSION=$POSTGRESQL_VERSION install | |
working-directory: src/pg_tde | |
- name: Setup kmip 1 | |
run: | | |
wget https://raw.githubusercontent.com/OpenKMIP/PyKMIP/refs/heads/master/bin/create_certificates.py | |
python3 create_certificates.py | |
cat client_certificate_jane_doe.pem >> client_key_jane_doe.pem | |
working-directory: /tmp | |
- name: Start pg_tde tests | |
env: | |
POSTGRESQL_VERSION: ${{ matrix.postgresql-version }} | |
run: | | |
TV=$(mktemp) | |
{ exec >$TV; vault server -dev; } & | |
pykmip-server -f `pwd`/../contrib/pg_tde/pykmip-server.conf -l /tmp/kmip-server.log & | |
sleep 10 | |
export ROOT_TOKEN=$(cat $TV | grep "Root Token" | cut -d ":" -f 2 | xargs echo -n) | |
echo "Root token: $ROOT_TOKEN" | |
sudo psql -V | |
sudo service postgresql stop | |
echo "shared_preload_libraries = 'pg_tde'" | | |
sudo tee -a /etc/postgresql/$POSTGRESQL_VERSION/main/postgresql.conf | |
sudo service postgresql start | |
sudo -u postgres bash -c "export ROOT_TOKEN=$ROOT_TOKEN && make installcheck USE_PGXS=1" | |
working-directory: src/pg_tde | |
- name: Report on test fail | |
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 | |
if: ${{ failure() }} | |
with: | |
name: Regressions diff and postgresql log | |
path: | | |
src/pg_tde/regression.diffs | |
src/pg_tde/logfile | |
retention-days: 3 | |
- name: Report on test fail 2 | |
if: ${{ failure() }} | |
run: | | |
cat src/pg_tde/regression.diffs | |
- name: Create release directory | |
env: | |
POSTGRESQL_VERSION: ${{ matrix.postgresql-version }} | |
run: | | |
sudo -E mkdir pgtde-pgdg$POSTGRESQL_VERSION | |
sudo -E mkdir -p pgtde-pgdg$POSTGRESQL_VERSION/usr/lib/postgresql/$POSTGRESQL_VERSION/lib/ | |
sudo -E mkdir -p pgtde-pgdg$POSTGRESQL_VERSION/share/postgresql/$POSTGRESQL_VERSION/extension/ | |
sudo -E cp /usr/share/postgresql/$POSTGRESQL_VERSION/extension/pg_tde* pgtde-pgdg$POSTGRESQL_VERSION/share/postgresql/$POSTGRESQL_VERSION/extension/ | |
sudo -E cp /usr/lib/postgresql/$POSTGRESQL_VERSION/lib/pg_tde* pgtde-pgdg$POSTGRESQL_VERSION/usr/lib/postgresql/$POSTGRESQL_VERSION/lib/ | |
- name: Upload tgz | |
env: | |
POSTGRESQL_VERSION: ${{ matrix.postgresql-version }} | |
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 | |
with: | |
name: pg_tde_pgdg$POSTGRESQL_VERSION_binary | |
path: pgtde-pgdg$POSTGRESQL_VERSION | |
- name: Create deb | |
env: | |
POSTGRESQL_VERSION: ${{ matrix.postgresql-version }} | |
run: | | |
sudo -E mkdir pgtde-pgdg$POSTGRESQL_VERSION/DEBIAN | |
sudo -E sh -c 'echo "Package: pgtde-pgdg$POSTGRESQL_VERSION" > pgtde-pgdg$POSTGRESQL_VERSION/DEBIAN/control' | |
sudo -E sh -c 'echo "Version: 0.1" >> pgtde-pgdg$POSTGRESQL_VERSION/DEBIAN/control' | |
sudo -E sh -c 'echo "Architecture: amd64" >> pgtde-pgdg$POSTGRESQL_VERSION/DEBIAN/control' | |
sudo -E sh -c 'echo "Maintainer: Percona" >> pgtde-pgdg$POSTGRESQL_VERSION/DEBIAN/control' | |
sudo -E sh -c 'echo "Description: Experimental pg_tde extension" >> pgtde-pgdg$POSTGRESQL_VERSION/DEBIAN/control' | |
sudo -E dpkg-deb --build --root-owner-group pgtde-pgdg$POSTGRESQL_VERSION | |
- name: Test deb | |
env: | |
POSTGRESQL_VERSION: ${{ matrix.postgresql-version }} | |
run: | | |
sudo -E rm -rf /usr/share/postgresql/$POSTGRESQL_VERSION/extension/pg_tde* | |
sudo -E rm -rf /usr/lib/postgresql/$POSTGRESQL_VERSION/lib/pg_tde* | |
sudo -E dpkg -i --debug=7777 pgtde-pgdg$POSTGRESQL_VERSION.deb | |
- name: Upload deb | |
env: | |
POSTGRESQL_VERSION: ${{ matrix.postgresql-version }} | |
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 | |
with: | |
name: pg_tde_deb | |
path: pgtde-pgdg$POSTGRESQL_VERSION.deb | |
- name: Create tgz | |
env: | |
POSTGRESQL_VERSION: ${{ matrix.postgresql-version }} | |
run: | | |
cd pgtde-pgdg$POSTGRESQL_VERSION && sudo tar -czvf ../pgtde-pgdg$POSTGRESQL_VERSION.tar.gz . | |
- name: Publish release | |
uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 # v1.14.0 | |
# Only try and deploy on merged code | |
if: "github.repository == 'percona/pg_tde' && github.ref_name == 'main' && (github.event_name == 'push' || github.event_name == 'schedule')" | |
with: | |
artifacts: "pgtde-pgdg${{ matrix.postgresql-version }}.tar.gz,pgtde-pgdg${{ matrix.postgresql-version }}.deb" | |
omitBody: true | |
allowUpdates: true | |
generateReleaseNotes: true | |
makeLatest: true | |
tag: "latest" | |
name: "HEAD" | |
replacesArtifacts: true |