Switch to native-tls for postgres connections #562
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "Aries-Askar" | |
env: | |
RUST_VERSION: "1.70.0" | |
CROSS_VERSION: "0.2.4" | |
TEST_FEATURES: "" | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
on: | |
push: | |
branches: [main] | |
pull_request: | |
branches: [main] | |
release: | |
types: [created] | |
workflow_dispatch: | |
inputs: | |
publish-binaries: | |
description: "Publish Binaries to Release (will create a release if no release exists for branch or tag)" | |
required: true | |
default: false | |
type: boolean | |
publish-python-wrapper: | |
description: "Publish Python Wrapper to Registries" | |
required: true | |
default: false | |
type: boolean | |
publish-javascript-wrapper: | |
description: "Publish JavaScript Wrapper to Registries" | |
required: true | |
default: false | |
type: boolean | |
jobs: | |
checks: | |
name: Run checks | |
strategy: | |
fail-fast: false | |
matrix: | |
os: [ubuntu-latest, macos-latest, windows-latest] | |
runs-on: ${{ matrix.os }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Install Rust toolchain | |
uses: dtolnay/rust-toolchain@master | |
with: | |
toolchain: ${{ env.RUST_VERSION }} | |
components: clippy, rustfmt | |
- name: Cache cargo resources | |
uses: Swatinem/rust-cache@v2 | |
with: | |
shared-key: deps | |
cache-on-failure: true | |
- name: Cargo fmt | |
run: cargo fmt --all -- --check | |
- name: Cargo check | |
run: cargo check --workspace | |
- if: ${{ runner.os == 'Linux' }} | |
name: Pre-install cross | |
run: | | |
cargo install --bins --git https://github.com/rust-embedded/cross --tag v${{ env.CROSS_VERSION }} cross | |
tests: | |
name: Run tests | |
needs: [checks] | |
strategy: | |
fail-fast: false | |
matrix: | |
os: [ubuntu-latest, macos-latest, windows-latest] | |
runs-on: ${{ matrix.os }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Install Rust toolchain | |
uses: dtolnay/rust-toolchain@master | |
with: | |
toolchain: ${{ env.RUST_VERSION }} | |
- name: Cache cargo resources | |
uses: Swatinem/rust-cache@v2 | |
with: | |
shared-key: deps | |
save-if: false | |
- name: Debug build | |
run: cargo build --all-targets | |
- if: ${{ runner.os == 'Linux' }} | |
name: Start postgres (Linux) | |
run: | | |
sudo systemctl start postgresql.service | |
pg_isready | |
sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD 'postgres'" | |
echo "POSTGRES_URL=postgres://postgres:postgres@localhost:5432/test-db" >> $GITHUB_ENV | |
echo "TEST_FEATURES=pg_test" >> $GITHUB_ENV | |
- name: Run tests | |
run: cargo test --workspace --features "${{ env.TEST_FEATURES || 'default' }}" -- --nocapture --test-threads 1 --skip contention | |
env: | |
RUST_BACKTRACE: full | |
# RUST_LOG: debug | |
- name: Test askar-crypto no default features | |
run: cargo test --manifest-path ./askar-crypto/Cargo.toml --no-default-features | |
build-release: | |
name: Build library | |
needs: [checks] | |
strategy: | |
matrix: | |
include: | |
- architecture: linux-aarch64 | |
os: ubuntu-latest | |
lib: libaries_askar.so | |
target: aarch64-unknown-linux-gnu | |
use_cross: true | |
- architecture: linux-x86_64 | |
os: ubuntu-latest | |
lib: libaries_askar.so | |
target: x86_64-unknown-linux-gnu | |
use_cross: true | |
- architecture: darwin-universal | |
os: macos-latest | |
lib: libaries_askar.dylib | |
target: darwin-universal | |
# beta or nightly required for aarch64-apple-darwin target | |
toolchain: beta | |
- architecture: windows-x86_64 | |
os: windows-latest | |
lib: aries_askar.dll | |
target: x86_64-pc-windows-msvc | |
runs-on: ${{ matrix.os }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Install Rust toolchain | |
uses: dtolnay/rust-toolchain@master | |
with: | |
toolchain: ${{ matrix.toolchain || env.RUST_VERSION }} | |
- name: Cache cargo resources | |
uses: Swatinem/rust-cache@v2 | |
with: | |
shared-key: deps | |
save-if: false | |
- name: Build | |
shell: sh | |
run: | | |
if [ -n "${{ matrix.use_cross }}" ]; then | |
cargo install --bins --git https://github.com/rust-embedded/cross --tag v${{ env.CROSS_VERSION }} cross | |
cross build --lib --release --target ${{ matrix.target }} | |
elif [ "${{ matrix.architecture }}" == "darwin-universal" ]; then | |
./build-universal.sh | |
else | |
cargo build --lib --release --target ${{ matrix.target }} | |
fi | |
- name: Upload artifacts | |
uses: actions/upload-artifact@v3 | |
with: | |
name: library-${{ matrix.architecture }} | |
path: target/${{ matrix.target }}/release/${{ matrix.lib }} | |
- name: Create artifacts directory | |
if: | | |
github.event_name == 'release' || | |
(github.event_name == 'workflow_dispatch' && github.event.inputs.publish-binaries == 'true') | |
run: | | |
mkdir release-artifacts | |
cp target/${{ matrix.target }}/release/${{ matrix.lib }} release-artifacts/ | |
- uses: a7ul/[email protected] | |
if: | | |
github.event_name == 'release' || | |
(github.event_name == 'workflow_dispatch' && github.event.inputs.publish-binaries == 'true') | |
with: | |
command: c | |
cwd: release-artifacts | |
files: . | |
outPath: "library-${{ matrix.architecture }}.tar.gz" | |
- name: Add artifacts to release | |
if: | | |
github.event_name == 'release' || | |
(github.event_name == 'workflow_dispatch' && github.event.inputs.publish-binaries == 'true') | |
uses: svenstaro/upload-release-action@v2 | |
with: | |
file: library-${{ matrix.architecture }}.tar.gz | |
asset_name: "library-${{ matrix.architecture }}.tar.gz" | |
build-py: | |
name: Build and test Python wrapper | |
needs: [build-release] | |
strategy: | |
matrix: | |
architecture: | |
[linux-aarch64, linux-x86_64, darwin-universal, windows-x86_64] | |
python-version: ["3.8"] | |
include: | |
- os: ubuntu-latest | |
architecture: linux-aarch64 | |
plat-name: manylinux2014_aarch64 | |
- os: ubuntu-latest | |
architecture: linux-x86_64 | |
plat-name: manylinux2014_x86_64 | |
- os: macos-latest | |
architecture: darwin-universal | |
plat-name: macosx_10_9_universal2 # macosx_10_9_x86_64 | |
- os: windows-latest | |
architecture: windows-x86_64 | |
plat-name: win_amd64 | |
runs-on: ${{ matrix.os }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Set up Python ${{ matrix.python-version }} | |
uses: actions/setup-python@v4 | |
with: | |
python-version: ${{ matrix.python-version }} | |
- name: Install dependencies | |
run: | | |
python -m pip install --upgrade pip | |
pip install setuptools wheel twine auditwheel | |
- name: Fetch library artifacts | |
uses: actions/download-artifact@v3 | |
with: | |
name: library-${{ matrix.architecture }} | |
path: wrappers/python/aries_askar/ | |
- if: ${{ runner.os == 'Linux' }} | |
name: Start postgres (Linux) | |
run: | | |
sudo systemctl start postgresql.service | |
pg_isready | |
sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD 'postgres'" | |
echo "POSTGRES_URL=postgres://postgres:postgres@localhost:5432/test-db" >> $GITHUB_ENV | |
- name: Build wheel package | |
shell: sh | |
run: | | |
python setup.py bdist_wheel --python-tag=py3 --plat-name=${{ matrix.plat-name }} | |
working-directory: wrappers/python | |
- name: Run tests | |
# FIXME cross platform test the python package | |
# maybe use the cross docker image? | |
if: ${{ matrix.architecture != 'linux-aarch64' }} | |
shell: sh | |
run: | | |
pip install pytest pytest-asyncio dist/* | |
echo "-- Test SQLite in-memory --" | |
python -m pytest --log-cli-level=WARNING -k "not contention" | |
echo "-- Test SQLite file DB --" | |
TEST_STORE_URI=sqlite://test.db python -m pytest --log-cli-level=WARNING -k "not contention" | |
if [ -n "$POSTGRES_URL" ]; then | |
echo "-- Test Postgres DB --" | |
TEST_STORE_URI="$POSTGRES_URL" python -m pytest --log-cli-level=WARNING -k "not contention" | |
fi | |
working-directory: wrappers/python | |
env: | |
no_proxy: "*" # python issue 30385 | |
RUST_BACKTRACE: full | |
# RUST_LOG: debug | |
- if: ${{ runner.os == 'Linux' }} | |
name: Audit wheel | |
run: | | |
auditwheel show wrappers/python/dist/* | tee auditwheel.log | |
grep -q manylinux_2_17_ auditwheel.log | |
- if: | | |
github.event_name == 'release' || | |
(github.event_name == 'workflow_dispatch' && github.event.inputs.publish-python-wrapper == 'true') | |
name: Publish | |
env: | |
TWINE_USERNAME: ${{ secrets.PYPI_USERNAME }} | |
TWINE_PASSWORD: ${{ secrets.PYPI_PASSWORD }} | |
run: | | |
twine upload --skip-existing dist/* | |
working-directory: wrappers/python | |
build-javascript: | |
name: Build and test JavaScript wrapper | |
needs: [build-release] | |
runs-on: ubuntu-latest | |
defaults: | |
run: | |
working-directory: wrappers/javascript | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Set up Node.JS 18.x | |
uses: actions/setup-node@v3 | |
with: | |
node-version: 18.x | |
- name: Fetch library artifacts | |
uses: actions/download-artifact@v3 | |
with: | |
name: library-linux-x86_64 | |
- name: Install dependencies | |
run: yarn install | |
- name: Build | |
run: yarn build | |
- name: Lint | |
run: yarn lint | |
- name: Check format | |
run: yarn check-format | |
- name: Check types | |
run: yarn check-types | |
- name: Run tests | |
env: | |
# binary is downloaded to root of repository | |
LIB_ARIES_ASKAR_PATH: ../../../ | |
run: yarn test | |
- name: Set NPM config | |
if: | | |
github.event_name == 'release' || | |
(github.event_name == 'workflow_dispatch' && github.event.inputs.publish-javascript-wrapper == 'true') | |
run: | | |
echo "//registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN }}" >> .npmrc | |
echo "registry=https://registry.npmjs.org/" >> .npmrc | |
echo "always-auth=true" >> .npmrc | |
# TODO: this will currently publish the version as defined in the package.json. If the version already | |
# exists on NPM it will skip the publishing. This means if a new version is released, but the version hasn't been | |
# updated in the package.json files yet, it won't publish to NPM (which is kinda nice). We should however add a check | |
# to see if the JS version matches the release version (do we want to keep the js and rust version in sync?) | |
- name: Publish | |
if: | | |
github.event_name == 'release' || | |
(github.event_name == 'workflow_dispatch' && github.event.inputs.publish-javascript-wrapper == 'true') | |
run: npx lerna publish from-package --no-push --no-private --yes --no-git-tag-version | |
build-ios: | |
name: Build library (iOS) | |
needs: [checks] | |
runs-on: macos-latest | |
strategy: | |
matrix: | |
target: [aarch64-apple-ios, aarch64-apple-ios-sim, x86_64-apple-ios] | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Install Rust toolchain | |
uses: dtolnay/rust-toolchain@master | |
with: | |
toolchain: ${{ env.RUST_VERSION }} | |
targets: ${{ matrix.target }} | |
- name: Build | |
run: | | |
cargo build --lib --release --target ${{matrix.target}} | |
- name: Upload artifacts | |
uses: actions/upload-artifact@v3 | |
with: | |
name: library-${{ matrix.target }} | |
path: target/${{ matrix.target }}/release/libaries_askar.a | |
build-android: | |
name: Build library (Android) | |
needs: [checks] | |
env: | |
RUST_VERSION: "1.67" | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
target: | |
[ | |
aarch64-linux-android, | |
armv7-linux-androideabi, | |
i686-linux-android, | |
x86_64-linux-android, | |
] | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Install Rust toolchain | |
uses: dtolnay/rust-toolchain@master | |
with: | |
toolchain: ${{ env.RUST_VERSION }} | |
- name: Cache cargo resources | |
uses: Swatinem/rust-cache@v2 | |
with: | |
shared-key: deps | |
save-if: false | |
- name: Build | |
run: | | |
cargo install --bins --git https://github.com/rust-embedded/cross --tag v${{ env.CROSS_VERSION }} cross | |
cross build --lib --release --target ${{matrix.target}} | |
- name: Upload artifacts | |
uses: actions/upload-artifact@v3 | |
with: | |
name: library-${{ matrix.target }} | |
path: target/${{ matrix.target }}/release/libaries_askar.so | |
create-ios-xcframework: | |
name: Create iOS xcframework | |
runs-on: macos-latest | |
needs: [build-ios] | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Fetch static libraries | |
uses: actions/download-artifact@v3 | |
- run: > | |
./build-xcframework.sh library-aarch64-apple-ios \ | |
library-aarch64-apple-ios-sim \ | |
library-x86_64-apple-ios \ | |
include | |
- name: Save xcframework | |
uses: actions/upload-artifact@v3 | |
with: | |
name: aries_askar.xcframework | |
path: ./out | |
- uses: geekyeggo/delete-artifact@v2 | |
with: | |
name: | | |
library-aarch64-apple-ios | |
library-aarch64-apple-ios-sim | |
library-x86_64-apple-ios | |
failOnError: false | |
create-android-library: | |
name: Create library (Android) | |
runs-on: ubuntu-latest | |
needs: [build-android] | |
steps: | |
- name: Fetch libraries | |
uses: actions/download-artifact@v3 | |
- run: | | |
sudo mkdir ./libs | |
sudo mv library-aarch64-linux-android ./libs/arm64-v8a | |
sudo mv library-armv7-linux-androideabi ./libs/armeabi-v7a | |
sudo mv library-i686-linux-android ./libs/x86 | |
sudo mv library-x86_64-linux-android ./libs/x86_64 | |
- name: Save Android library | |
uses: actions/upload-artifact@v3 | |
with: | |
name: android-libraries | |
path: ./libs | |
- uses: geekyeggo/delete-artifact@v2 | |
with: | |
name: | | |
library-aarch64-linux-android | |
library-armv7-linux-androideabi | |
library-i686-linux-android | |
library-x86_64-linux-android | |
failOnError: false | |
create-ios-android-release-asset: | |
name: Create iOS and Android release assets | |
runs-on: ubuntu-latest | |
needs: | |
- create-ios-xcframework | |
- create-android-library | |
if: | | |
(github.event_name == 'release' || | |
(github.event_name == 'workflow_dispatch' && | |
github.event.inputs.publish-binaries == 'true')) | |
steps: | |
- name: Fetch Android libraries | |
uses: actions/download-artifact@v3 | |
with: | |
name: android-libraries | |
path: mobile/android/ | |
- name: Fetch iOS Framework | |
uses: actions/download-artifact@v3 | |
with: | |
name: aries_askar.xcframework | |
path: mobile/ios/ | |
- uses: a7ul/[email protected] | |
with: | |
command: c | |
files: ./mobile | |
outPath: "library-ios-android.tar.gz" | |
- name: Add library artifacts to release | |
uses: svenstaro/upload-release-action@v2 | |
with: | |
file: library-ios-android.tar.gz | |
asset_name: "library-ios-android.tar.gz" | |
build-success: | |
# see https://github.community/t/status-check-for-a-matrix-jobs/127354/7 | |
name: Successful build | |
needs: [tests, build-release, build-py, build-javascript] | |
if: ${{ always() }} | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check all job status | |
# see https://docs.github.com/en/actions/reference/context-and-expression-syntax-for-github-actions#needs-context | |
# see https://stackoverflow.com/a/67532120/4907315 | |
if: >- | |
${{ | |
contains(needs.*.result, 'failure') | |
|| contains(needs.*.result, 'cancelled') | |
|| contains(needs.*.result, 'skipped') | |
}} | |
run: exit 1 |