From 705f9bbab6a31f08be594149672a506c69cf4064 Mon Sep 17 00:00:00 2001 From: Yuri Astrakhan Date: Wed, 27 Sep 2023 13:19:40 -0400 Subject: [PATCH] Test everything on SSL connections --- .github/workflows/ci.yml | 117 ++++++++++++++++++++++++++------------- 1 file changed, 77 insertions(+), 40 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 6167cbcdb..fa5bd6473 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -156,7 +156,7 @@ jobs: cargo test --package martin-mbtiles --no-default-features --features rustls cargo test --package martin --features vendored-openssl cargo test --doc - rm -rf target + cargo clean env: DATABASE_URL: ${{ steps.pg.outputs.connection-uri }} - name: Download build artifact build-${{ matrix.target }} @@ -192,7 +192,7 @@ jobs: export MARTIN_BUILD=- export MARTIN_BIN=/usr/bin/martin${{ matrix.ext }} export MBTILES_BUILD=- - export MBTILES_BIN=target/mbtiles${{ matrix.ext }} + export MBTILES_BIN=/usr/bin/mbtiles${{ matrix.ext }} tests/test.sh env: DATABASE_URL: ${{ steps.pg.outputs.connection-uri }} @@ -255,12 +255,43 @@ jobs: - name: Checkout sources uses: actions/checkout@v4 - name: Setup database - run: | - # sudo apt-get install postgresql-client - tests/fixtures/initdb.sh + run: tests/fixtures/initdb.sh env: PGPORT: ${{ job.services.postgres.ports[5432] }} - - name: Unit Tests (Linux) + - name: Download build artifact build-x86_64-unknown-linux-gnu + uses: actions/download-artifact@v3 + with: + name: build-x86_64-unknown-linux-gnu + path: target_releases/ + - name: Integration Tests + run: | + export MARTIN_BUILD=- + export MARTIN_BIN=target_releases/martin + export MBTILES_BUILD=- + export MBTILES_BIN=target_releases/mbtiles + chmod +x "$MARTIN_BIN" "$MBTILES_BIN" + tests/test.sh + rm -rf target_releases + env: + DATABASE_URL: postgres://${{ env.PGUSER }}:${{ env.PGUSER }}@${{ env.PGHOST }}:${{ job.services.postgres.ports[5432] }}/${{ env.PGDATABASE }}?sslmode=${{ matrix.sslmode }} + - name: Download Debian package + uses: actions/download-artifact@v3 + with: + name: build-debian-x86_64 + path: target_releases/ + - name: Tests Debian package + run: | + sudo dpkg -i target_releases/debian-x86_64.deb + export MARTIN_BUILD=- + export MARTIN_BIN=/usr/bin/martin + export MBTILES_BUILD=- + export MBTILES_BIN=/usr/bin/mbtiles + tests/test.sh + sudo dpkg -P martin + rm -rf target_releases + env: + DATABASE_URL: postgres://${{ env.PGUSER }}:${{ env.PGUSER }}@${{ env.PGHOST }}:${{ job.services.postgres.ports[5432] }}/${{ env.PGDATABASE }}?sslmode=${{ matrix.sslmode }} + - name: Unit Tests run: | echo "Running unit tests, connecting to DATABASE_URL=$DATABASE_URL" echo "Same but as base64 to prevent GitHub obfuscation (this is not a secret):" @@ -272,38 +303,56 @@ jobs: cargo test --package martin --features vendored-openssl cargo test --doc RUSTDOCFLAGS="-D warnings" cargo doc --no-deps --workspace - rm -rf target + cargo clean env: DATABASE_URL: postgres://${{ env.PGUSER }}:${{ env.PGUSER }}@${{ env.PGHOST }}:${{ job.services.postgres.ports[5432] }}/${{ env.PGDATABASE }}?sslmode=${{ matrix.sslmode }} - - name: Save test output on failure + - name: On error, save test output if: failure() uses: actions/upload-artifact@v3 with: name: test-output path: tests/output/* retention-days: 5 - - uses: actions/download-artifact@v3 - with: - name: build-x86_64-unknown-linux-gnu - path: target/ - - name: Integration Tests - run: | - export MARTIN_BUILD=- - export MARTIN_BIN=target/martin - export MBTILES_BUILD=- - export MBTILES_BIN=target/mbtiles - chmod +x "$MARTIN_BIN" "$MBTILES_BIN" - tests/test.sh - env: - DATABASE_URL: postgres://${{ env.PGUSER }}:${{ env.PGUSER }}@${{ env.PGHOST }}:${{ job.services.postgres.ports[5432] }}/${{ env.PGDATABASE }}?sslmode=${{ matrix.sslmode }} docker: name: Build docker images runs-on: ubuntu-latest needs: [ build ] + env: + # PG_* variables are used by psql + PGDATABASE: test + PGHOST: localhost + PGUSER: postgres + PGPASSWORD: postgres + services: + postgres: + image: postgis/postgis:15-3.3 + ports: + # will assign a random free host port + - 5432/tcp + # Sadly there is currently no way to pass arguments to the service image other than this hack + # See also https://stackoverflow.com/a/62720566/177275 + options: >- + -e POSTGRES_DB=test + -e POSTGRES_USER=postgres + -e POSTGRES_PASSWORD=postgres + -e PGDATABASE=test + -e PGUSER=postgres + -e PGPASSWORD=postgres + --health-cmd pg_isready + --health-interval 10s + --health-timeout 5s + --health-retries 5 + --entrypoint sh + postgis/postgis:15-3.3 + -c "exec docker-entrypoint.sh postgres -c ssl=on -c ssl_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem -c ssl_key_file=/etc/ssl/private/ssl-cert-snakeoil.key" steps: - name: Checkout sources uses: actions/checkout@v4 + - name: Setup database + run: tests/fixtures/initdb.sh + env: + PGPORT: ${{ job.services.postgres.ports[5432] }} - name: Set up QEMU uses: docker/setup-qemu-action@v3 @@ -318,31 +367,19 @@ jobs: platforms: linux/amd64,linux/arm64 - run: rm -rf target_releases - - uses: actions/download-artifact@v3 + - name: Download build artifact build-aarch64-unknown-linux-gnu + uses: actions/download-artifact@v3 with: name: build-aarch64-unknown-linux-gnu path: target_releases/linux/arm64 - - uses: actions/download-artifact@v3 + - name: Download build artifact build-x86_64-unknown-linux-gnu + uses: actions/download-artifact@v3 with: name: build-x86_64-unknown-linux-gnu path: target_releases/linux/amd64 - name: Reset permissions run: chmod -R +x target_releases/ - - name: Start postgres - uses: nyurik/action-setup-postgis@v1 - id: pg - with: - username: test - password: test - database: test - rights: --superuser - - name: Init database - shell: bash - run: tests/fixtures/initdb.sh - env: - DATABASE_URL: ${{ steps.pg.outputs.connection-uri }} - - name: Build linux/arm64 Docker image id: docker_aarch64-unknown-linux-gnu uses: docker/build-push-action@v5 @@ -363,7 +400,7 @@ jobs: export MARTIN_BIN="docker run --rm --net host --platform $PLATFORM -e DATABASE_URL -v $PWD/tests:/tests $TAG" tests/test.sh env: - DATABASE_URL: ${{ steps.pg.outputs.connection-uri }} + DATABASE_URL: postgres://${{ env.PGUSER }}:${{ env.PGUSER }}@${{ env.PGHOST }}:${{ job.services.postgres.ports[5432] }}/${{ env.PGDATABASE }}?sslmode=require - name: Build linux/amd64 Docker image id: docker_x86_64-unknown-linux-gnu @@ -385,7 +422,7 @@ jobs: export MARTIN_BIN="docker run --rm --net host --platform $PLATFORM -e DATABASE_URL -v $PWD/tests:/tests $TAG" tests/test.sh env: - DATABASE_URL: ${{ steps.pg.outputs.connection-uri }} + DATABASE_URL: postgres://${{ env.PGUSER }}:${{ env.PGUSER }}@${{ env.PGHOST }}:${{ job.services.postgres.ports[5432] }}/${{ env.PGDATABASE }}?sslmode=require - name: Login to GitHub Docker registry if: github.event_name != 'pull_request'