Skip to content

Switch to native-tls for postgres connections #562

Switch to native-tls for postgres connections

Switch to native-tls for postgres connections #562

Workflow file for this run

name: "Aries-Askar"
env:
RUST_VERSION: "1.70.0"
CROSS_VERSION: "0.2.4"
TEST_FEATURES: ""
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
on:
push:
branches: [main]
pull_request:
branches: [main]
release:
types: [created]
workflow_dispatch:
inputs:
publish-binaries:
description: "Publish Binaries to Release (will create a release if no release exists for branch or tag)"
required: true
default: false
type: boolean
publish-python-wrapper:
description: "Publish Python Wrapper to Registries"
required: true
default: false
type: boolean
publish-javascript-wrapper:
description: "Publish JavaScript Wrapper to Registries"
required: true
default: false
type: boolean
jobs:
checks:
name: Run checks
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest, macos-latest, windows-latest]
runs-on: ${{ matrix.os }}
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Install Rust toolchain
uses: dtolnay/rust-toolchain@master
with:
toolchain: ${{ env.RUST_VERSION }}
components: clippy, rustfmt
- name: Cache cargo resources
uses: Swatinem/rust-cache@v2
with:
shared-key: deps
cache-on-failure: true
- name: Cargo fmt
run: cargo fmt --all -- --check
- name: Cargo check
run: cargo check --workspace
- if: ${{ runner.os == 'Linux' }}
name: Pre-install cross
run: |
cargo install --bins --git https://github.com/rust-embedded/cross --tag v${{ env.CROSS_VERSION }} cross
tests:
name: Run tests
needs: [checks]
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest, macos-latest, windows-latest]
runs-on: ${{ matrix.os }}
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Install Rust toolchain
uses: dtolnay/rust-toolchain@master
with:
toolchain: ${{ env.RUST_VERSION }}
- name: Cache cargo resources
uses: Swatinem/rust-cache@v2
with:
shared-key: deps
save-if: false
- name: Debug build
run: cargo build --all-targets
- if: ${{ runner.os == 'Linux' }}
name: Start postgres (Linux)
run: |
sudo systemctl start postgresql.service
pg_isready
sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD 'postgres'"
echo "POSTGRES_URL=postgres://postgres:postgres@localhost:5432/test-db" >> $GITHUB_ENV
echo "TEST_FEATURES=pg_test" >> $GITHUB_ENV
- name: Run tests
run: cargo test --workspace --features "${{ env.TEST_FEATURES || 'default' }}" -- --nocapture --test-threads 1 --skip contention
env:
RUST_BACKTRACE: full
# RUST_LOG: debug
- name: Test askar-crypto no default features
run: cargo test --manifest-path ./askar-crypto/Cargo.toml --no-default-features
build-release:
name: Build library
needs: [checks]
strategy:
matrix:
include:
- architecture: linux-aarch64
os: ubuntu-latest
lib: libaries_askar.so
target: aarch64-unknown-linux-gnu
use_cross: true
- architecture: linux-x86_64
os: ubuntu-latest
lib: libaries_askar.so
target: x86_64-unknown-linux-gnu
use_cross: true
- architecture: darwin-universal
os: macos-latest
lib: libaries_askar.dylib
target: darwin-universal
# beta or nightly required for aarch64-apple-darwin target
toolchain: beta
- architecture: windows-x86_64
os: windows-latest
lib: aries_askar.dll
target: x86_64-pc-windows-msvc
runs-on: ${{ matrix.os }}
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Install Rust toolchain
uses: dtolnay/rust-toolchain@master
with:
toolchain: ${{ matrix.toolchain || env.RUST_VERSION }}
- name: Cache cargo resources
uses: Swatinem/rust-cache@v2
with:
shared-key: deps
save-if: false
- name: Build
shell: sh
run: |
if [ -n "${{ matrix.use_cross }}" ]; then
cargo install --bins --git https://github.com/rust-embedded/cross --tag v${{ env.CROSS_VERSION }} cross
cross build --lib --release --target ${{ matrix.target }}
elif [ "${{ matrix.architecture }}" == "darwin-universal" ]; then
./build-universal.sh
else
cargo build --lib --release --target ${{ matrix.target }}
fi
- name: Upload artifacts
uses: actions/upload-artifact@v3
with:
name: library-${{ matrix.architecture }}
path: target/${{ matrix.target }}/release/${{ matrix.lib }}
- name: Create artifacts directory
if: |
github.event_name == 'release' ||
(github.event_name == 'workflow_dispatch' && github.event.inputs.publish-binaries == 'true')
run: |
mkdir release-artifacts
cp target/${{ matrix.target }}/release/${{ matrix.lib }} release-artifacts/
- uses: a7ul/[email protected]
if: |
github.event_name == 'release' ||
(github.event_name == 'workflow_dispatch' && github.event.inputs.publish-binaries == 'true')
with:
command: c
cwd: release-artifacts
files: .
outPath: "library-${{ matrix.architecture }}.tar.gz"
- name: Add artifacts to release
if: |
github.event_name == 'release' ||
(github.event_name == 'workflow_dispatch' && github.event.inputs.publish-binaries == 'true')
uses: svenstaro/upload-release-action@v2
with:
file: library-${{ matrix.architecture }}.tar.gz
asset_name: "library-${{ matrix.architecture }}.tar.gz"
build-py:
name: Build and test Python wrapper
needs: [build-release]
strategy:
matrix:
architecture:
[linux-aarch64, linux-x86_64, darwin-universal, windows-x86_64]
python-version: ["3.8"]
include:
- os: ubuntu-latest
architecture: linux-aarch64
plat-name: manylinux2014_aarch64
- os: ubuntu-latest
architecture: linux-x86_64
plat-name: manylinux2014_x86_64
- os: macos-latest
architecture: darwin-universal
plat-name: macosx_10_9_universal2 # macosx_10_9_x86_64
- os: windows-latest
architecture: windows-x86_64
plat-name: win_amd64
runs-on: ${{ matrix.os }}
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v4
with:
python-version: ${{ matrix.python-version }}
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install setuptools wheel twine auditwheel
- name: Fetch library artifacts
uses: actions/download-artifact@v3
with:
name: library-${{ matrix.architecture }}
path: wrappers/python/aries_askar/
- if: ${{ runner.os == 'Linux' }}
name: Start postgres (Linux)
run: |
sudo systemctl start postgresql.service
pg_isready
sudo -u postgres psql -c "ALTER USER postgres WITH PASSWORD 'postgres'"
echo "POSTGRES_URL=postgres://postgres:postgres@localhost:5432/test-db" >> $GITHUB_ENV
- name: Build wheel package
shell: sh
run: |
python setup.py bdist_wheel --python-tag=py3 --plat-name=${{ matrix.plat-name }}
working-directory: wrappers/python
- name: Run tests
# FIXME cross platform test the python package
# maybe use the cross docker image?
if: ${{ matrix.architecture != 'linux-aarch64' }}
shell: sh
run: |
pip install pytest pytest-asyncio dist/*
echo "-- Test SQLite in-memory --"
python -m pytest --log-cli-level=WARNING -k "not contention"
echo "-- Test SQLite file DB --"
TEST_STORE_URI=sqlite://test.db python -m pytest --log-cli-level=WARNING -k "not contention"
if [ -n "$POSTGRES_URL" ]; then
echo "-- Test Postgres DB --"
TEST_STORE_URI="$POSTGRES_URL" python -m pytest --log-cli-level=WARNING -k "not contention"
fi
working-directory: wrappers/python
env:
no_proxy: "*" # python issue 30385
RUST_BACKTRACE: full
# RUST_LOG: debug
- if: ${{ runner.os == 'Linux' }}
name: Audit wheel
run: |
auditwheel show wrappers/python/dist/* | tee auditwheel.log
grep -q manylinux_2_17_ auditwheel.log
- if: |
github.event_name == 'release' ||
(github.event_name == 'workflow_dispatch' && github.event.inputs.publish-python-wrapper == 'true')
name: Publish
env:
TWINE_USERNAME: ${{ secrets.PYPI_USERNAME }}
TWINE_PASSWORD: ${{ secrets.PYPI_PASSWORD }}
run: |
twine upload --skip-existing dist/*
working-directory: wrappers/python
build-javascript:
name: Build and test JavaScript wrapper
needs: [build-release]
runs-on: ubuntu-latest
defaults:
run:
working-directory: wrappers/javascript
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Set up Node.JS 18.x
uses: actions/setup-node@v3
with:
node-version: 18.x
- name: Fetch library artifacts
uses: actions/download-artifact@v3
with:
name: library-linux-x86_64
- name: Install dependencies
run: yarn install
- name: Build
run: yarn build
- name: Lint
run: yarn lint
- name: Check format
run: yarn check-format
- name: Check types
run: yarn check-types
- name: Run tests
env:
# binary is downloaded to root of repository
LIB_ARIES_ASKAR_PATH: ../../../
run: yarn test
- name: Set NPM config
if: |
github.event_name == 'release' ||
(github.event_name == 'workflow_dispatch' && github.event.inputs.publish-javascript-wrapper == 'true')
run: |
echo "//registry.npmjs.org/:_authToken=${{ secrets.NPM_TOKEN }}" >> .npmrc
echo "registry=https://registry.npmjs.org/" >> .npmrc
echo "always-auth=true" >> .npmrc
# TODO: this will currently publish the version as defined in the package.json. If the version already
# exists on NPM it will skip the publishing. This means if a new version is released, but the version hasn't been
# updated in the package.json files yet, it won't publish to NPM (which is kinda nice). We should however add a check
# to see if the JS version matches the release version (do we want to keep the js and rust version in sync?)
- name: Publish
if: |
github.event_name == 'release' ||
(github.event_name == 'workflow_dispatch' && github.event.inputs.publish-javascript-wrapper == 'true')
run: npx lerna publish from-package --no-push --no-private --yes --no-git-tag-version
build-ios:
name: Build library (iOS)
needs: [checks]
runs-on: macos-latest
strategy:
matrix:
target: [aarch64-apple-ios, aarch64-apple-ios-sim, x86_64-apple-ios]
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Install Rust toolchain
uses: dtolnay/rust-toolchain@master
with:
toolchain: ${{ env.RUST_VERSION }}
targets: ${{ matrix.target }}
- name: Build
run: |
cargo build --lib --release --target ${{matrix.target}}
- name: Upload artifacts
uses: actions/upload-artifact@v3
with:
name: library-${{ matrix.target }}
path: target/${{ matrix.target }}/release/libaries_askar.a
build-android:
name: Build library (Android)
needs: [checks]
env:
RUST_VERSION: "1.67"
runs-on: ubuntu-latest
strategy:
matrix:
target:
[
aarch64-linux-android,
armv7-linux-androideabi,
i686-linux-android,
x86_64-linux-android,
]
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Install Rust toolchain
uses: dtolnay/rust-toolchain@master
with:
toolchain: ${{ env.RUST_VERSION }}
- name: Cache cargo resources
uses: Swatinem/rust-cache@v2
with:
shared-key: deps
save-if: false
- name: Build
run: |
cargo install --bins --git https://github.com/rust-embedded/cross --tag v${{ env.CROSS_VERSION }} cross
cross build --lib --release --target ${{matrix.target}}
- name: Upload artifacts
uses: actions/upload-artifact@v3
with:
name: library-${{ matrix.target }}
path: target/${{ matrix.target }}/release/libaries_askar.so
create-ios-xcframework:
name: Create iOS xcframework
runs-on: macos-latest
needs: [build-ios]
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Fetch static libraries
uses: actions/download-artifact@v3
- run: >
./build-xcframework.sh library-aarch64-apple-ios \
library-aarch64-apple-ios-sim \
library-x86_64-apple-ios \
include
- name: Save xcframework
uses: actions/upload-artifact@v3
with:
name: aries_askar.xcframework
path: ./out
- uses: geekyeggo/delete-artifact@v2
with:
name: |
library-aarch64-apple-ios
library-aarch64-apple-ios-sim
library-x86_64-apple-ios
failOnError: false
create-android-library:
name: Create library (Android)
runs-on: ubuntu-latest
needs: [build-android]
steps:
- name: Fetch libraries
uses: actions/download-artifact@v3
- run: |
sudo mkdir ./libs
sudo mv library-aarch64-linux-android ./libs/arm64-v8a
sudo mv library-armv7-linux-androideabi ./libs/armeabi-v7a
sudo mv library-i686-linux-android ./libs/x86
sudo mv library-x86_64-linux-android ./libs/x86_64
- name: Save Android library
uses: actions/upload-artifact@v3
with:
name: android-libraries
path: ./libs
- uses: geekyeggo/delete-artifact@v2
with:
name: |
library-aarch64-linux-android
library-armv7-linux-androideabi
library-i686-linux-android
library-x86_64-linux-android
failOnError: false
create-ios-android-release-asset:
name: Create iOS and Android release assets
runs-on: ubuntu-latest
needs:
- create-ios-xcframework
- create-android-library
if: |
(github.event_name == 'release' ||
(github.event_name == 'workflow_dispatch' &&
github.event.inputs.publish-binaries == 'true'))
steps:
- name: Fetch Android libraries
uses: actions/download-artifact@v3
with:
name: android-libraries
path: mobile/android/
- name: Fetch iOS Framework
uses: actions/download-artifact@v3
with:
name: aries_askar.xcframework
path: mobile/ios/
- uses: a7ul/[email protected]
with:
command: c
files: ./mobile
outPath: "library-ios-android.tar.gz"
- name: Add library artifacts to release
uses: svenstaro/upload-release-action@v2
with:
file: library-ios-android.tar.gz
asset_name: "library-ios-android.tar.gz"
build-success:
# see https://github.community/t/status-check-for-a-matrix-jobs/127354/7
name: Successful build
needs: [tests, build-release, build-py, build-javascript]
if: ${{ always() }}
runs-on: ubuntu-latest
steps:
- name: Check all job status
# see https://docs.github.com/en/actions/reference/context-and-expression-syntax-for-github-actions#needs-context
# see https://stackoverflow.com/a/67532120/4907315
if: >-
${{
contains(needs.*.result, 'failure')
|| contains(needs.*.result, 'cancelled')
|| contains(needs.*.result, 'skipped')
}}
run: exit 1