Skip to content

Document unprivileged user in GitHub workflows #210

Document unprivileged user in GitHub workflows

Document unprivileged user in GitHub workflows #210

Workflow file for this run

name: CI/CD
on:
push:
pull_request:
schedule:
- cron: '0 14 3 * *' # Monthly at 2pm on the 3rd
jobs:
test:
name: 🐘 PostgreSQL ${{ matrix.pg }}
runs-on: ubuntu-latest
strategy:
matrix:
pg: [16, 15, 14, 13, 12, 11, 10, 9.6, 9.5, 9.4, 9.3, 9.2, 9.1, '9.0', 8.4, 8.3, 8.2]
steps:
- uses: actions/checkout@v4
- name: Build Image
run: docker build -t pgxn-tools-test .
# Test with Git repo
- name: Test Git as root
run: "docker run -w /repo --rm --volume \"$(pwd):/repo\" pgxn-tools-test ./test/runtest.sh ${{ matrix.pg }} git"
- name: Test Git as non-root
run: "docker run -w /repo --rm --volume \"$(pwd):/repo\" -e AS_USER=worker pgxn-tools-test ./test/runtest.sh ${{ matrix.pg }} git"
- name: Test Git with extra file
run: "docker run -w /repo --rm --volume \"$(pwd):/repo\" pgxn-tools-test ./test/runtest.sh ${{ matrix.pg }} git yes"
- name: Test Git with archive-all
env: { GIT_ARCHIVE_CMD: archive-all }
run: "docker run -w /repo --rm --volume \"$(pwd):/repo\" pgxn-tools-test ./test/runtest.sh ${{ matrix.pg }} git"
# Test without Git repo
- name: Test Zip as root
run: "docker run -w /repo --rm --volume \"$(pwd)/test:/repo\" pgxn-tools-test ./runtest.sh ${{ matrix.pg }} zip"
- name: Test Zip as non-root
run: "docker run -w /repo --rm --volume \"$(pwd)/test:/repo\" -e AS_USER=worker pgxn-tools-test ./runtest.sh ${{ matrix.pg }} zip"
- name: Test Zip with zip excluded file
run: "docker run -w /repo --rm --volume \"$(pwd)/test:/repo\" pgxn-tools-test ./runtest.sh ${{ matrix.pg }} zip yes"
publish:
# Publish for a tag starting with v.
name: Push to Docker Hub
needs: test
if: startsWith(github.ref, 'refs/tags/v')
runs-on: ubuntu-latest
steps:
- name: Check out the repo
uses: actions/checkout@v4
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: pgxn/pgxn-tools
tags: |
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern=v{{major}}
type=raw,value=bookworm
labels: |
org.opencontainers.image.title=PGXN Tools
org.opencontainers.image.licenses=PostgreSQL
- name: Login to DockerHub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Build and Push
# https://github.com/marketplace/actions/build-and-push-docker-images
uses: docker/build-push-action@v5
with:
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}