CI-Test everything on SSL connections #1978
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
branches: [ main ] | |
paths-ignore: | |
- '**.md' | |
- 'demo/**' | |
- 'docs/**' | |
- 'homebrew-formula/**' | |
pull_request: | |
branches: [ main ] | |
paths-ignore: | |
- '**.md' | |
- 'demo/**' | |
- 'docs/**' | |
- 'homebrew-formula/**' | |
release: | |
types: [ published ] | |
workflow_dispatch: | |
defaults: | |
run: | |
shell: bash | |
jobs: | |
build: | |
name: Build ${{ matrix.target }} | |
runs-on: ${{ matrix.os }} | |
strategy: | |
fail-fast: true | |
matrix: | |
include: | |
- target: aarch64-apple-darwin | |
os: macOS-latest | |
cross: 'true' | |
- target: aarch64-unknown-linux-gnu | |
os: ubuntu-latest | |
cross: 'true' | |
- target: debian-x86_64 | |
os: ubuntu-latest | |
cross: 'true' | |
- target: x86_64-apple-darwin | |
os: macOS-latest | |
- target: x86_64-pc-windows-msvc | |
os: windows-latest | |
ext: '.exe' | |
- target: x86_64-unknown-linux-gnu | |
os: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Rust Versions | |
run: rustc --version && cargo --version | |
- name: Lint (Linux) | |
if: matrix.target == 'x86_64-unknown-linux-gnu' | |
run: | | |
set -x | |
cargo fmt --all -- --check | |
cargo clippy --package martin-tile-utils -- -D warnings | |
cargo clippy --package martin-mbtiles -- -D warnings | |
cargo clippy --package martin-mbtiles --no-default-features --features native-tls -- -D warnings | |
cargo clippy --package martin-mbtiles --no-default-features --features rustls -- -D warnings | |
cargo clippy --package martin -- -D warnings | |
cargo clippy --package martin --features vendored-openssl -- -D warnings | |
cargo clippy --package martin --features bless-tests -- -D warnings | |
- name: Install OpenSSL (Windows) | |
if: runner.os == 'Windows' | |
shell: powershell | |
run: | | |
echo "VCPKG_ROOT=$env:VCPKG_INSTALLATION_ROOT" | Out-File -FilePath $env:GITHUB_ENV -Append | |
vcpkg install openssl:x64-windows-static-md | |
- name: Build (native) | |
if: matrix.cross != 'true' | |
run: | | |
cargo build --release --target ${{ matrix.target }} --features=ssl --package martin | |
cargo build --release --target ${{ matrix.target }} --features=cli --package martin-mbtiles | |
- name: Build (cross - aarch64-apple-darwin) | |
if: matrix.target == 'aarch64-apple-darwin' | |
run: | | |
rustup target add "${{ matrix.target }}" | |
# compile without debug symbols because stripping them with `strip` does not work cross-platform | |
export RUSTFLAGS='-C link-arg=-s' | |
cargo build --release --target ${{ matrix.target }} --features=vendored-openssl --package martin | |
cargo build --release --target ${{ matrix.target }} --no-default-features --features=rustls,cli --package martin-mbtiles | |
- name: Build (cross - aarch64-unknown-linux-gnu) | |
if: matrix.target == 'aarch64-unknown-linux-gnu' | |
run: | | |
sudo apt-get install -y gcc-aarch64-linux-gnu binutils-aarch64-linux-gnu | |
rustup target add "${{ matrix.target }}" | |
# compile without debug symbols because stripping them with `strip` does not work cross-platform | |
export RUSTFLAGS='-C link-arg=-s -C linker=aarch64-linux-gnu-gcc' | |
cargo build --release --target ${{ matrix.target }} --features=vendored-openssl --package martin | |
cargo build --release --target ${{ matrix.target }} --no-default-features --features=rustls,cli --package martin-mbtiles | |
- name: Build (debian package) | |
if: matrix.target == 'debian-x86_64' | |
run: | | |
sudo apt-get install -y dpkg dpkg-dev liblzma-dev | |
cargo install cargo-deb | |
cargo deb -v -p martin --output target/debian/debian-x86_64.deb | |
- name: Move build artifacts | |
run: | | |
mkdir -p target_releases | |
if [[ "${{ matrix.target }}" == "debian-x86_64" ]]; then | |
mv target/debian/debian-x86_64.deb target_releases | |
else | |
mv target/${{ matrix.target }}/release/martin${{ matrix.ext }} target_releases | |
mv target/${{ matrix.target }}/release/mbtiles${{ matrix.ext }} target_releases | |
fi | |
- name: Save build artifacts to build-${{ matrix.target }} | |
uses: actions/upload-artifact@v3 | |
with: | |
name: build-${{ matrix.target }} | |
path: target_releases/* | |
test: | |
name: Test ${{ matrix.target }} | |
runs-on: ${{ matrix.os }} | |
needs: [ build ] | |
strategy: | |
fail-fast: true | |
matrix: | |
include: | |
- target: x86_64-apple-darwin | |
os: macOS-latest | |
- target: x86_64-pc-windows-msvc | |
os: windows-latest | |
ext: '.exe' | |
- target: x86_64-unknown-linux-gnu | |
os: ubuntu-latest | |
steps: | |
- name: Checkout sources | |
uses: actions/checkout@v4 | |
- name: Start postgres | |
uses: nyurik/action-setup-postgis@v1 | |
id: pg | |
with: | |
username: test | |
password: test | |
database: test | |
rights: --superuser | |
- name: Init database | |
run: | | |
echo "DATABASE_URL=$DATABASE_URL" | |
echo "Print the same in base64 to bypass Github's obfuscation (uses hardcoded password):" | |
echo "$DATABASE_URL" | base64 | |
tests/fixtures/initdb.sh | |
env: | |
DATABASE_URL: ${{ steps.pg.outputs.connection-uri }} | |
- name: Unit Tests (Linux) | |
if: matrix.target == 'x86_64-unknown-linux-gnu' | |
run: | | |
set -x | |
cargo test --package martin-tile-utils | |
cargo test --package martin-mbtiles | |
cargo test --package martin-mbtiles --no-default-features --features rustls | |
cargo test --package martin --features vendored-openssl | |
cargo test --doc | |
cargo clean | |
env: | |
DATABASE_URL: ${{ steps.pg.outputs.connection-uri }} | |
- name: Download build artifact build-${{ matrix.target }} | |
uses: actions/download-artifact@v3 | |
with: | |
name: build-${{ matrix.target }} | |
path: target/ | |
- name: Integration Tests | |
run: | | |
export MARTIN_BUILD=- | |
export MARTIN_BIN=target/martin${{ matrix.ext }} | |
export MBTILES_BUILD=- | |
export MBTILES_BIN=target/mbtiles${{ matrix.ext }} | |
if [[ "${{ runner.os }}" != "Windows" ]]; then | |
chmod +x "$MARTIN_BIN" "$MBTILES_BIN" | |
fi | |
tests/test.sh | |
env: | |
DATABASE_URL: ${{ steps.pg.outputs.connection-uri }} | |
- name: Compare test output results (Linux) | |
if: matrix.target == 'x86_64-unknown-linux-gnu' | |
run: diff --brief --recursive --new-file tests/output tests/expected | |
- name: Download Debian package (Linux) | |
if: matrix.target == 'x86_64-unknown-linux-gnu' | |
uses: actions/download-artifact@v3 | |
with: | |
name: build-debian-x86_64 | |
path: target/ | |
- name: Tests Debian package (Linux) | |
if: matrix.target == 'x86_64-unknown-linux-gnu' | |
run: | | |
sudo dpkg -i target/debian-x86_64.deb | |
export MARTIN_BUILD=- | |
export MARTIN_BIN=/usr/bin/martin${{ matrix.ext }} | |
export MBTILES_BUILD=- | |
export MBTILES_BIN=/usr/bin/mbtiles${{ matrix.ext }} | |
tests/test.sh | |
env: | |
DATABASE_URL: ${{ steps.pg.outputs.connection-uri }} | |
- name: Save test output on failure (Linux) | |
if: failure() && matrix.target == 'x86_64-unknown-linux-gnu' | |
uses: actions/upload-artifact@v3 | |
with: | |
name: failed-test-output | |
path: tests/output/* | |
retention-days: 5 | |
test-legacy: | |
name: Test Legacy DB | |
runs-on: ubuntu-latest | |
needs: [ build ] | |
strategy: | |
fail-fast: true | |
matrix: | |
include: | |
# These must match the versions of postgres used in the docker-compose.yml | |
- image: postgis/postgis:11-3.0-alpine | |
args: postgres | |
sslmode: disable | |
- image: postgis/postgis:14-3.3-alpine | |
args: postgres | |
sslmode: disable | |
# alpine images don't support SSL, so for this we use the debian images | |
- image: postgis/postgis:15-3.3 | |
args: postgres -c ssl=on -c ssl_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem -c ssl_key_file=/etc/ssl/private/ssl-cert-snakeoil.key | |
sslmode: require | |
env: | |
# PG_* variables are used by psql | |
PGDATABASE: test | |
PGHOST: localhost | |
PGUSER: postgres | |
PGPASSWORD: postgres | |
services: | |
postgres: | |
image: ${{ matrix.image }} | |
ports: | |
# will assign a random free host port | |
- 5432/tcp | |
# Sadly there is currently no way to pass arguments to the service image other than this hack | |
# See also https://stackoverflow.com/a/62720566/177275 | |
options: >- | |
-e POSTGRES_DB=test | |
-e POSTGRES_USER=postgres | |
-e POSTGRES_PASSWORD=postgres | |
-e PGDATABASE=test | |
-e PGUSER=postgres | |
-e PGPASSWORD=postgres | |
--health-cmd pg_isready | |
--health-interval 10s | |
--health-timeout 5s | |
--health-retries 5 | |
--entrypoint sh | |
${{ matrix.image }} | |
-c "exec docker-entrypoint.sh ${{ matrix.args }}" | |
steps: | |
- name: Checkout sources | |
uses: actions/checkout@v4 | |
- name: Setup database | |
run: tests/fixtures/initdb.sh | |
env: | |
PGPORT: ${{ job.services.postgres.ports[5432] }} | |
- name: Download build artifact build-x86_64-unknown-linux-gnu | |
uses: actions/download-artifact@v3 | |
with: | |
name: build-x86_64-unknown-linux-gnu | |
path: target_releases/ | |
- name: Integration Tests | |
run: | | |
export MARTIN_BUILD=- | |
export MARTIN_BIN=target_releases/martin | |
export MBTILES_BUILD=- | |
export MBTILES_BIN=target_releases/mbtiles | |
chmod +x "$MARTIN_BIN" "$MBTILES_BIN" | |
tests/test.sh | |
rm -rf target_releases | |
env: | |
DATABASE_URL: postgres://${{ env.PGUSER }}:${{ env.PGUSER }}@${{ env.PGHOST }}:${{ job.services.postgres.ports[5432] }}/${{ env.PGDATABASE }}?sslmode=${{ matrix.sslmode }} | |
- name: Download Debian package | |
uses: actions/download-artifact@v3 | |
with: | |
name: build-debian-x86_64 | |
path: target_releases/ | |
- name: Tests Debian package | |
run: | | |
sudo dpkg -i target_releases/debian-x86_64.deb | |
export MARTIN_BUILD=- | |
export MARTIN_BIN=/usr/bin/martin | |
export MBTILES_BUILD=- | |
export MBTILES_BIN=/usr/bin/mbtiles | |
tests/test.sh | |
sudo dpkg -P martin | |
rm -rf target_releases | |
env: | |
DATABASE_URL: postgres://${{ env.PGUSER }}:${{ env.PGUSER }}@${{ env.PGHOST }}:${{ job.services.postgres.ports[5432] }}/${{ env.PGDATABASE }}?sslmode=${{ matrix.sslmode }} | |
- name: Unit Tests | |
run: | | |
echo "Running unit tests, connecting to DATABASE_URL=$DATABASE_URL" | |
echo "Same but as base64 to prevent GitHub obfuscation (this is not a secret):" | |
echo "$DATABASE_URL" | base64 | |
set -x | |
cargo test --package martin-tile-utils | |
cargo test --package martin-mbtiles | |
cargo test --package martin-mbtiles --no-default-features --features rustls | |
cargo test --package martin --features vendored-openssl | |
cargo test --doc | |
RUSTDOCFLAGS="-D warnings" cargo doc --no-deps --workspace | |
cargo clean | |
env: | |
DATABASE_URL: postgres://${{ env.PGUSER }}:${{ env.PGUSER }}@${{ env.PGHOST }}:${{ job.services.postgres.ports[5432] }}/${{ env.PGDATABASE }}?sslmode=${{ matrix.sslmode }} | |
- name: On error, save test output | |
if: failure() | |
uses: actions/upload-artifact@v3 | |
with: | |
name: test-output | |
path: tests/output/* | |
retention-days: 5 | |
docker: | |
name: Build docker images | |
runs-on: ubuntu-latest | |
needs: [ build ] | |
env: | |
# PG_* variables are used by psql | |
PGDATABASE: test | |
PGHOST: localhost | |
PGUSER: postgres | |
PGPASSWORD: postgres | |
services: | |
postgres: | |
image: postgis/postgis:15-3.3 | |
ports: | |
# will assign a random free host port | |
- 5432/tcp | |
# Sadly there is currently no way to pass arguments to the service image other than this hack | |
# See also https://stackoverflow.com/a/62720566/177275 | |
options: >- | |
-e POSTGRES_DB=test | |
-e POSTGRES_USER=postgres | |
-e POSTGRES_PASSWORD=postgres | |
-e PGDATABASE=test | |
-e PGUSER=postgres | |
-e PGPASSWORD=postgres | |
--health-cmd pg_isready | |
--health-interval 10s | |
--health-timeout 5s | |
--health-retries 5 | |
--entrypoint sh | |
postgis/postgis:15-3.3 | |
-c "exec docker-entrypoint.sh postgres -c ssl=on -c ssl_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem -c ssl_key_file=/etc/ssl/private/ssl-cert-snakeoil.key" | |
steps: | |
- name: Checkout sources | |
uses: actions/checkout@v4 | |
- name: Setup database | |
run: tests/fixtures/initdb.sh | |
env: | |
PGPORT: ${{ job.services.postgres.ports[5432] }} | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
# https://github.com/docker/setup-qemu-action | |
with: | |
platforms: linux/amd64,linux/arm64 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
# https://github.com/docker/setup-buildx-action | |
with: | |
install: true | |
platforms: linux/amd64,linux/arm64 | |
- run: rm -rf target_releases | |
- name: Download build artifact build-aarch64-unknown-linux-gnu | |
uses: actions/download-artifact@v3 | |
with: | |
name: build-aarch64-unknown-linux-gnu | |
path: target_releases/linux/arm64 | |
- name: Download build artifact build-x86_64-unknown-linux-gnu | |
uses: actions/download-artifact@v3 | |
with: | |
name: build-x86_64-unknown-linux-gnu | |
path: target_releases/linux/amd64 | |
- name: Reset permissions | |
run: chmod -R +x target_releases/ | |
- name: Build linux/arm64 Docker image | |
id: docker_aarch64-unknown-linux-gnu | |
uses: docker/build-push-action@v5 | |
# https://github.com/docker/build-push-action | |
with: | |
context: . | |
file: multi-platform.Dockerfile | |
load: true | |
tags: ${{ github.repository }}:linux-arm64 | |
platforms: linux/arm64 | |
- name: Test linux/arm64 Docker image | |
run: | | |
PLATFORM=linux/arm64 | |
TAG=${{ github.repository }}:linux-arm64 | |
export MBTILES_BUILD=- | |
export MBTILES_BIN="docker run --rm --net host --platform $PLATFORM -e DATABASE_URL -v $PWD/tests:/tests --entrypoint /usr/local/bin/mbtiles $TAG" | |
export MARTIN_BUILD=- | |
export MARTIN_BIN="docker run --rm --net host --platform $PLATFORM -e DATABASE_URL -v $PWD/tests:/tests $TAG" | |
tests/test.sh | |
env: | |
DATABASE_URL: postgres://${{ env.PGUSER }}:${{ env.PGUSER }}@${{ env.PGHOST }}:${{ job.services.postgres.ports[5432] }}/${{ env.PGDATABASE }}?sslmode=require | |
- name: Build linux/amd64 Docker image | |
id: docker_x86_64-unknown-linux-gnu | |
uses: docker/build-push-action@v5 | |
# https://github.com/docker/build-push-action | |
with: | |
context: . | |
file: multi-platform.Dockerfile | |
load: true | |
tags: ${{ github.repository }}:linux-amd64 | |
platforms: linux/amd64 | |
- name: Test linux/amd64 Docker image | |
run: | | |
PLATFORM=linux/amd64 | |
TAG=${{ github.repository }}:linux-amd64 | |
export MBTILES_BUILD=- | |
export MBTILES_BIN="docker run --rm --net host --platform $PLATFORM -e DATABASE_URL -v $PWD/tests:/tests --entrypoint /usr/local/bin/mbtiles $TAG" | |
export MARTIN_BUILD=- | |
export MARTIN_BIN="docker run --rm --net host --platform $PLATFORM -e DATABASE_URL -v $PWD/tests:/tests $TAG" | |
tests/test.sh | |
env: | |
DATABASE_URL: postgres://${{ env.PGUSER }}:${{ env.PGUSER }}@${{ env.PGHOST }}:${{ job.services.postgres.ports[5432] }}/${{ env.PGDATABASE }}?sslmode=require | |
- name: Login to GitHub Docker registry | |
if: github.event_name != 'pull_request' | |
uses: docker/login-action@v3 | |
# https://github.com/docker/login-action | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Docker meta | |
id: docker_meta | |
uses: docker/metadata-action@v5 | |
# https://github.com/docker/metadata-action | |
with: | |
images: ghcr.io/${{ github.repository }} | |
- name: Push the Docker image | |
if: github.event_name != 'pull_request' | |
uses: docker/build-push-action@v5 | |
with: | |
context: . | |
file: multi-platform.Dockerfile | |
push: true | |
tags: ${{ steps.docker_meta.outputs.tags }} | |
labels: ${{ steps.docker_meta.outputs.labels }} | |
platforms: linux/amd64,linux/arm64 | |
package: | |
name: Package ${{ matrix.target }} | |
runs-on: ${{ matrix.os }} | |
needs: [ test, test-legacy ] | |
strategy: | |
fail-fast: true | |
matrix: | |
include: | |
- target: aarch64-apple-darwin | |
os: ubuntu-latest | |
name: martin-Darwin-aarch64.tar.gz | |
cross: 'true' | |
sha: 'true' | |
- target: aarch64-unknown-linux-gnu | |
os: ubuntu-latest | |
name: martin-Linux-aarch64.tar.gz | |
cross: 'true' | |
- target: x86_64-apple-darwin | |
os: macOS-latest | |
name: martin-Darwin-x86_64.tar.gz | |
sha: 'true' | |
- target: x86_64-pc-windows-msvc | |
os: windows-latest | |
name: martin-Windows-x86_64.zip | |
ext: '.exe' | |
- target: x86_64-unknown-linux-gnu | |
os: ubuntu-latest | |
name: martin-Linux-x86_64.tar.gz | |
- target: debian-x86_64 | |
os: ubuntu-latest | |
name: martin-Debian-x86_64.deb | |
cross: 'true' | |
steps: | |
- name: Checkout sources | |
uses: actions/checkout@v4 | |
- name: Download build artifact build-${{ matrix.target }} | |
uses: actions/download-artifact@v3 | |
with: | |
name: build-${{ matrix.target }} | |
path: target/ | |
- name: Strip symbols | |
# Symbol stripping does not work cross-platform | |
# For cross, symbols were already removed during build | |
if: matrix.cross != 'true' | |
run: | | |
cd target/ | |
strip martin${{ matrix.ext }} | |
strip mbtiles${{ matrix.ext }} | |
- name: Package | |
run: | | |
cd target/ | |
if [[ "${{ runner.os }}" == "Windows" ]]; then | |
7z a ../${{ matrix.name }} martin${{ matrix.ext }} mbtiles${{ matrix.ext }} | |
elif [[ "${{ matrix.target }}" == "debian-x86_64" ]]; then | |
mv debian-x86_64.deb ../${{ matrix.name }} | |
else | |
tar czvf ../${{ matrix.name }} martin${{ matrix.ext }} mbtiles${{ matrix.ext }} | |
fi | |
- name: Generate SHA-256 (MacOS) | |
if: matrix.sha == 'true' | |
run: shasum -a 256 ${{ matrix.name }} | |
- name: Publish | |
if: startsWith(github.ref, 'refs/tags/') | |
uses: softprops/action-gh-release@v1 | |
with: | |
draft: true | |
files: 'martin*' | |
body_path: CHANGELOG.md | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
# This final step is needed to mark the whole workflow as successful | |
# Don't change its name - it is used by the merge protection rules | |
done: | |
name: CI Finished | |
runs-on: ubuntu-latest | |
needs: [ docker, package ] | |
steps: | |
- name: Finished | |
run: echo "CI finished successfully" |