Skip to content

[StepSecurity] ci: Harden GitHub Actions (#488) #177

[StepSecurity] ci: Harden GitHub Actions (#488)

[StepSecurity] ci: Harden GitHub Actions (#488) #177

name: postgresql-16-ppg-package
on:
pull_request:
push:
branches:
- main
tags:
- '[0-9]+.[0-9]+.[0-9]+*'
permissions:
contents: read
jobs:
build:
name: pg-16-ppg-package-test
runs-on: ubuntu-22.04
timeout-minutes: 30
steps:
- name: Clone pg_stat_monitor repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
path: 'src/pg_stat_monitor'
- name: Delete old postgresql files
run: |
sudo apt-get update
sudo apt purge postgresql-client-common postgresql-common \
postgresql postgresql*
sudo apt-get install -y libreadline6-dev systemtap-sdt-dev \
zlib1g-dev libssl-dev libpam0g-dev python3-dev bison flex \
libipc-run-perl wget
sudo rm -rf /var/lib/postgresql /var/log/postgresql /etc/postgresql \
/usr/lib/postgresql /usr/include/postgresql /usr/share/postgresql \
/etc/postgresql
sudo rm -f /usr/bin/pg_config
sudo /usr/bin/perl -MCPAN -e 'install IPC::Run'
sudo /usr/bin/perl -MCPAN -e 'install Text::Trim'
- name: Install percona-release script
run: |
sudo apt-get -y update
sudo apt-get -y upgrade
sudo apt-get install -y wget gnupg2 curl lsb-release
sudo wget \
https://repo.percona.com/apt/percona-release_latest.generic_all.deb
sudo dpkg -i percona-release_latest.generic_all.deb
- name: Install Percona Distribution Postgresql 16 & Extensions
run: |
sudo percona-release setup ppg-16
sudo apt-get update -y
sudo apt-get install -y percona-postgresql-16 \
percona-postgresql-contrib percona-postgresql-server-dev-all \
percona-pgpool2 libpgpool2 percona-postgresql-16-pgaudit \
percona-postgresql-16-pgaudit-dbgsym percona-postgresql-16-repack \
percona-postgresql-16-repack-dbgsym percona-pgaudit16-set-user \
percona-pgaudit16-set-user-dbgsym percona-postgresql-16-postgis-3 \
percona-postgresql-16-postgis-3-scripts \
percona-postgresql-postgis-scripts percona-postgresql-postgis \
percona-postgis
- name: Change src owner to postgres
run: |
sudo chmod o+rx ~
sudo chown -R postgres:postgres src
- name: Build pg_stat_monitor
run: |
sudo -u postgres bash -c 'make USE_PGXS=1'
sudo make USE_PGXS=1 install
working-directory: src/pg_stat_monitor
- name: Start pg_stat_monitor_tests
run: |
sudo service postgresql stop
echo "shared_preload_libraries = 'pg_stat_monitor'" |
sudo tee -a /etc/postgresql/16/main/postgresql.conf
sudo service postgresql start
sudo psql -V
export PG_TEST_PORT_DIR=${GITHUB_WORKSPACE}/src/pg_stat_monitor
echo $PG_TEST_PORT_DIR
sudo -E -u postgres bash -c 'make installcheck USE_PGXS=1'
working-directory: src/pg_stat_monitor
- name: Change dir permissions on fail
if: ${{ failure() }}
run: |
sudo chmod -R ugo+rwx t
sudo chmod -R ugo+rwx tmp_check
exit 2 # regenerate error so that we can upload files in next step
working-directory: src/pg_stat_monitor
- name: Upload logs on fail
if: ${{ failure() }}
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: Regressions diff and postgresql log
path: |
src/pg_stat_monitor/regression.diffs
src/pg_stat_monitor/regression.out
src/pg_stat_monitor/logfile
src/pg_stat_monitor/t/results/
src/pg_stat_monitor/tmp_check/log/
!src/pg_stat_monitor/tmp_check/**/archives/*
!src/pg_stat_monitor/tmp_check/**/backup/*
!src/pg_stat_monitor/tmp_check/**/pgdata/*
!src/pg_stat_monitor/tmp_check/**/archives/
!src/pg_stat_monitor/tmp_check/**/backup/
!src/pg_stat_monitor/tmp_check/**/pgdata/
if-no-files-found: warn
retention-days: 3