Skip to content

PG-1244 Added a limitation about KMS configuration update #406

PG-1244 Added a limitation about KMS configuration update

PG-1244 Added a limitation about KMS configuration update #406

name: postgresql-pgdg-package-pgxs
on:
pull_request:
workflow_dispatch:
push:
branches: [main]
permissions:
contents: read
jobs:
build:
permissions:
contents: write # for ncipollo/release-action to create a release
name: pg-pgdg-package-pgxs-build
runs-on: ubuntu-24.04
strategy:
matrix:
postgresql-version: [16, 17]
steps:
- name: Remove old postgres
run: |
sudo apt-get update
sudo apt purge postgresql-client-common postgresql-common \
postgresql postgresql*
sudo rm -rf /var/lib/postgresql /var/log/postgresql /etc/postgresql \
/usr/lib/postgresql /usr/include/postgresql /usr/share/postgresql \
/etc/postgresql
sudo rm -f /usr/bin/pg_config
- name: Install dependencies
run: |
sudo apt-get install -y libreadline6-dev systemtap-sdt-dev wget \
zlib1g-dev libssl-dev libpam0g-dev bison flex libipc-run-perl \
libcurl4-openssl-dev libhttp-server-simple-perl python3-pykmip
sudo /usr/bin/perl -MCPAN -e 'install IPC::Run'
sudo /usr/bin/perl -MCPAN -e 'install Text::Trim'
wget -O- https://apt.releases.hashicorp.com/gpg | sudo gpg --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list
sudo apt update && sudo apt install -y vault
- name: Install PG Distribution Postgresql
env:
POSTGRESQL_VERSION: ${{ matrix.postgresql-version }}
run: |
sudo sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt \
$(lsb_release -cs)-pgdg main $POSTGRESQL_VERSION" > /etc/apt/sources.list.d/pgdg.list'
sudo wget --quiet -O - \
https://www.postgresql.org/media/keys/ACCC4CF8.asc |
sudo apt-key add -
sudo apt update
sudo apt -y install postgresql-$POSTGRESQL_VERSION postgresql-server-dev-$POSTGRESQL_VERSION
- name: Clone pg_tde repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
path: 'src/pg_tde'
- name: Checkout libkmip submodule
run: |
git submodule update --init --recursive
working-directory: src/pg_tde
- name: Change src owner to postgres
run: |
sudo chmod o+rx ~
sudo chown -R postgres:postgres src
- name: Build pg_tde
env:
POSTGRESQL_VERSION: ${{ matrix.postgresql-version }}
run: |
sudo -u postgres bash -c 'make USE_PGXS=1'
sudo make USE_PGXS=1 MAJORVERSION=$POSTGRESQL_VERSION install
working-directory: src/pg_tde
- name: Setup kmip 1
run: |
wget https://raw.githubusercontent.com/OpenKMIP/PyKMIP/refs/heads/master/bin/create_certificates.py
python3 create_certificates.py
cat client_certificate_jane_doe.pem >> client_key_jane_doe.pem
working-directory: /tmp
- name: Start pg_tde tests
env:
POSTGRESQL_VERSION: ${{ matrix.postgresql-version }}
run: |
TV=$(mktemp)
{ exec >$TV; vault server -dev; } &
pykmip-server -f `pwd`/../contrib/pg_tde/pykmip-server.conf -l /tmp/kmip-server.log &
sleep 10
export ROOT_TOKEN=$(cat $TV | grep "Root Token" | cut -d ":" -f 2 | xargs echo -n)
echo "Root token: $ROOT_TOKEN"
sudo psql -V
sudo service postgresql stop
echo "shared_preload_libraries = 'pg_tde'" |
sudo tee -a /etc/postgresql/$POSTGRESQL_VERSION/main/postgresql.conf
sudo service postgresql start
sudo -u postgres bash -c "export ROOT_TOKEN=$ROOT_TOKEN && make installcheck USE_PGXS=1"
working-directory: src/pg_tde
- name: Report on test fail
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
if: ${{ failure() }}
with:
name: Regressions diff and postgresql log
path: |
src/pg_tde/regression.diffs
src/pg_tde/logfile
retention-days: 3
- name: Report on test fail 2
if: ${{ failure() }}
run: |
cat src/pg_tde/regression.diffs
- name: Create release directory
env:
POSTGRESQL_VERSION: ${{ matrix.postgresql-version }}
run: |
sudo -E mkdir pgtde-pgdg$POSTGRESQL_VERSION
sudo -E mkdir -p pgtde-pgdg$POSTGRESQL_VERSION/usr/lib/postgresql/$POSTGRESQL_VERSION/lib/
sudo -E mkdir -p pgtde-pgdg$POSTGRESQL_VERSION/share/postgresql/$POSTGRESQL_VERSION/extension/
sudo -E cp /usr/share/postgresql/$POSTGRESQL_VERSION/extension/pg_tde* pgtde-pgdg$POSTGRESQL_VERSION/share/postgresql/$POSTGRESQL_VERSION/extension/
sudo -E cp /usr/lib/postgresql/$POSTGRESQL_VERSION/lib/pg_tde* pgtde-pgdg$POSTGRESQL_VERSION/usr/lib/postgresql/$POSTGRESQL_VERSION/lib/
- name: Upload tgz
env:
POSTGRESQL_VERSION: ${{ matrix.postgresql-version }}
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
with:
name: pg_tde_pgdg$POSTGRESQL_VERSION_binary
path: pgtde-pgdg$POSTGRESQL_VERSION
- name: Create deb
env:
POSTGRESQL_VERSION: ${{ matrix.postgresql-version }}
run: |
sudo -E mkdir pgtde-pgdg$POSTGRESQL_VERSION/DEBIAN
sudo -E sh -c 'echo "Package: pgtde-pgdg$POSTGRESQL_VERSION" > pgtde-pgdg$POSTGRESQL_VERSION/DEBIAN/control'
sudo -E sh -c 'echo "Version: 0.1" >> pgtde-pgdg$POSTGRESQL_VERSION/DEBIAN/control'
sudo -E sh -c 'echo "Architecture: amd64" >> pgtde-pgdg$POSTGRESQL_VERSION/DEBIAN/control'
sudo -E sh -c 'echo "Maintainer: Percona" >> pgtde-pgdg$POSTGRESQL_VERSION/DEBIAN/control'
sudo -E sh -c 'echo "Description: Experimental pg_tde extension" >> pgtde-pgdg$POSTGRESQL_VERSION/DEBIAN/control'
sudo -E dpkg-deb --build --root-owner-group pgtde-pgdg$POSTGRESQL_VERSION
- name: Test deb
env:
POSTGRESQL_VERSION: ${{ matrix.postgresql-version }}
run: |
sudo -E rm -rf /usr/share/postgresql/$POSTGRESQL_VERSION/extension/pg_tde*
sudo -E rm -rf /usr/lib/postgresql/$POSTGRESQL_VERSION/lib/pg_tde*
sudo -E dpkg -i --debug=7777 pgtde-pgdg$POSTGRESQL_VERSION.deb
- name: Upload deb
env:
POSTGRESQL_VERSION: ${{ matrix.postgresql-version }}
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
with:
name: pg_tde_deb
path: pgtde-pgdg$POSTGRESQL_VERSION.deb
- name: Create tgz
env:
POSTGRESQL_VERSION: ${{ matrix.postgresql-version }}
run: |
cd pgtde-pgdg$POSTGRESQL_VERSION && sudo tar -czvf ../pgtde-pgdg$POSTGRESQL_VERSION.tar.gz .
- name: Publish release
uses: ncipollo/release-action@2c591bcc8ecdcd2db72b97d6147f871fcd833ba5 # v1.14.0
# Only try and deploy on merged code
if: "github.repository == 'percona/pg_tde' && github.ref_name == 'main' && (github.event_name == 'push' || github.event_name == 'schedule')"
with:
artifacts: "pgtde-pgdg${{ matrix.postgresql-version }}.tar.gz,pgtde-pgdg${{ matrix.postgresql-version }}.deb"
omitBody: true
allowUpdates: true
generateReleaseNotes: true
makeLatest: true
tag: "latest"
name: "HEAD"
replacesArtifacts: true