Skip to content

create read and write roles and enforce them during s3 access #39

create read and write roles and enforce them during s3 access

create read and write roles and enforce them during s3 access #39

Workflow file for this run

name: CI lints and tests
on:
push:
branches:
- "*"
concurrency:
group: ${{ github.ref }}
cancel-in-progress: true
env:
AWS_ACCESS_KEY_ID: test_secret_access_key
AWS_SECRET_ACCESS_KEY: test_access_key_id
AWS_REGION: us-east-1
AWS_S3_TEST_BUCKET: testbucket
PG_PARQUET_TEST: true
jobs:
build-and-test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up Rust
uses: dtolnay/rust-toolchain@stable
with:
toolchain: 1.81.0
target: x86_64-unknown-linux-gnu
components: rustfmt, clippy
- name: Install cargo-llvm-cov for coverage report
run: cargo install --locked [email protected]
- name: Install PostgreSQL
run: |
sudo sh -c 'echo "deb https://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list'
wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -
sudo apt-get update
sudo apt-get install build-essential libreadline-dev zlib1g-dev flex bison libxml2-dev libxslt-dev libssl-dev libxml2-utils xsltproc ccache pkg-config
sudo apt-get -y install postgresql-16-postgis-3 libpq-dev postgresql-server-dev-16 postgresql-client-16
- name: Install MinIO
run: |
# Download and install MinIO server and client
wget https://dl.min.io/server/minio/release/linux-amd64/$MINIO_VERSION
chmod +x $MINIO_VERSION
mv $MINIO_VERSION /usr/local/bin/minio
echo "$MINIO_SHA256 /usr/local/bin/minio" | sha256sum --check
# Download and install MinIO admin
wget https://dl.min.io/client/mc/release/linux-amd64/$MINIO_ADMIN_VERSION
chmod +x $MINIO_ADMIN_VERSION
mv $MINIO_ADMIN_VERSION /usr/local/bin/mc
echo "$MINIO_ADMIN_SHA256 /usr/local/bin/mc" | sha256sum --check
env:
MINIO_VERSION: "minio.RELEASE.2024-09-22T00-33-43Z"
MINIO_SHA256: "dea08573980057d84c14d5c55926e10b91fb2993a99696ff136fb0bddaa7c98f"
MINIO_ADMIN_VERSION: "mc.RELEASE.2024-09-16T17-43-14Z"
MINIO_ADMIN_SHA256: "9a9e7d32c175f2804d6880d5ad3623097ea439f0e0304aa6039874d0f0c493d8"
- name: Install and configure pgrx
run: |
cargo install --locked [email protected]
cargo pgrx init --pg16 $(which pg_config)
- name: Format and lint
run: |
cargo fmt --all -- --check
cargo clippy --all-targets --all-features -- -D warnings
# pgrx tests with runas argument ignores environment variables,
# so we need to create a .env file beforehand
- name: Create .env file
run: |
touch /tmp/.env
echo AWS_ACCESS_KEY_ID=${{ env.AWS_ACCESS_KEY_ID }} >> /tmp/.env
echo AWS_SECRET_ACCESS_KEY=${{ env.AWS_SECRET_ACCESS_KEY }} >> /tmp/.env
echo AWS_REGION=${{ env.AWS_REGION }} >> /tmp/.env
echo AWS_S3_TEST_BUCKET=${{ env.AWS_S3_TEST_BUCKET }} >> /tmp/.env
echo PG_PARQUET_TEST=${{ env.PG_PARQUET_TEST }} >> /tmp/.env
- name: Run tests
run: |
# Start MinIO server
export MINIO_ROOT_USER=${{ env.AWS_ACCESS_KEY_ID }}
export MINIO_ROOT_PASSWORD=${{ env.AWS_SECRET_ACCESS_KEY }}
minio server /tmp/minio-storage > /dev/null 2>&1 &
# Set access key and create test bucket
mc alias set local http://localhost:9000 ${{ env.AWS_ACCESS_KEY_ID }} ${{ env.AWS_SECRET_ACCESS_KEY }}
aws --endpoint-url http://localhost:9000 s3 mb s3://${{ env.AWS_S3_TEST_BUCKET }}
# Run tests with coverage tool
cargo llvm-cov test --lcov --output-path lcov.info
# Stop MinIO server
pkill -9 minio
env:
RUST_TEST_THREADS: 1
CARGO_PGRX_TEST_RUNAS: postgres
CARGO_PGRX_TEST_PGDATA: /tmp/pgdata
- name: Upload coverage report to Codecov
uses: codecov/codecov-action@v4
with:
fail_ci_if_error: false
files: ./lcov.info
flags: pgrxtests
token: ${{ secrets.CODECOV_TOKEN }}