create read and write roles and enforce them during s3 access #10
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI lints and tests | |
on: | |
push: | |
branches: | |
- "*" | |
concurrency: | |
group: ${{ github.ref }} | |
cancel-in-progress: true | |
env: | |
AWS_ACCESS_KEY_ID: test_secret_access_key | |
AWS_SECRET_ACCESS_KEY: test_access_key_id | |
AWS_REGION: us-east-1 | |
AWS_S3_TEST_BUCKET: testbucket | |
PG_PARQUET_TEST: true | |
jobs: | |
build-and-test: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up Rust | |
uses: dtolnay/rust-toolchain@stable | |
with: | |
toolchain: 1.81.0 | |
target: x86_64-unknown-linux-gnu | |
components: rustfmt, clippy | |
- name: Install cargo-llvm-cov for coverage report | |
run: cargo install --locked [email protected] | |
- name: Install PostgreSQL | |
run: | | |
sudo sh -c 'echo "deb https://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list' | |
wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add - | |
sudo apt-get update | |
sudo apt-get install build-essential libreadline-dev zlib1g-dev flex bison libxml2-dev libxslt-dev libssl-dev libxml2-utils xsltproc ccache pkg-config | |
sudo apt-get -y install postgresql-16-postgis-3 libpq-dev postgresql-server-dev-16 postgresql-client-16 | |
- name: Install MinIO | |
run: | | |
# Download and install MinIO server and client | |
wget https://dl.min.io/server/minio/release/linux-amd64/$MINIO_VERSION | |
chmod +x $MINIO_VERSION | |
mv $MINIO_VERSION /usr/local/bin/minio | |
echo "$MINIO_SHA256 /usr/local/bin/minio" | sha256sum --check | |
# Download and install MinIO admin | |
wget https://dl.min.io/client/mc/release/linux-amd64/$MINIO_ADMIN_VERSION | |
chmod +x $MINIO_ADMIN_VERSION | |
mv $MINIO_ADMIN_VERSION /usr/local/bin/mc | |
echo "$MINIO_ADMIN_SHA256 /usr/local/bin/mc" | sha256sum --check | |
env: | |
MINIO_VERSION: "minio.RELEASE.2024-09-22T00-33-43Z" | |
MINIO_SHA256: "dea08573980057d84c14d5c55926e10b91fb2993a99696ff136fb0bddaa7c98f" | |
MINIO_ADMIN_VERSION: "mc.RELEASE.2024-09-16T17-43-14Z" | |
MINIO_ADMIN_SHA256: "9a9e7d32c175f2804d6880d5ad3623097ea439f0e0304aa6039874d0f0c493d8" | |
- name: Install and configure pgrx | |
run: | | |
cargo install --locked [email protected] | |
cargo pgrx init --pg16 $(which pg_config) | |
- name: Format and lint | |
run: | | |
cargo fmt --all -- --check | |
cargo clippy --all-targets --all-features -- -D warnings | |
# pgrx tests with runas argument ignores environment variables, | |
# so we need to create a .env file beforehand | |
- name: Create .env file | |
run: | | |
touch /tmp/.env | |
echo AWS_ACCESS_KEY_ID=${{ env.AWS_ACCESS_KEY_ID }} >> /tmp/.env | |
echo AWS_SECRET_ACCESS_KEY=${{ env.AWS_SECRET_ACCESS_KEY }} >> /tmp/.env | |
echo AWS_REGION=${{ env.AWS_REGION }} >> /tmp/.env | |
echo AWS_S3_TEST_BUCKET=${{ env.AWS_S3_TEST_BUCKET }} >> /tmp/.env | |
echo PG_PARQUET_TEST=${{ env.PG_PARQUET_TEST }} >> /tmp/.env | |
- name: Run tests | |
run: | | |
# Start MinIO server | |
export MINIO_ROOT_USER=${{ env.AWS_ACCESS_KEY_ID }} | |
export MINIO_ROOT_PASSWORD=${{ env.AWS_SECRET_ACCESS_KEY }} | |
minio server /tmp/minio-storage > /dev/null 2>&1 & | |
# Set access key and create test bucket | |
mc alias set local http://localhost:9000 ${{ env.AWS_ACCESS_KEY_ID }} ${{ env.AWS_SECRET_ACCESS_KEY }} | |
aws --endpoint-url http://localhost:9000 s3 mb s3://${{ env.AWS_S3_TEST_BUCKET }} | |
# Run tests with coverage tool | |
cargo llvm-cov test --lcov --output-path lcov.info | |
# Stop MinIO server | |
pkill -9 minio | |
env: | |
RUST_TEST_THREADS: 1 | |
CARGO_PGRX_TEST_RUNAS: postgres | |
CARGO_PGRX_TEST_PGDATA: /tmp/pgdata | |
- name: Upload coverage report to Codecov | |
uses: codecov/codecov-action@v4 | |
with: | |
fail_ci_if_error: false | |
files: ./lcov.info | |
flags: pgrxtests | |
token: ${{ secrets.CODECOV_TOKEN }} |