martin/.github/workflows/ci.yml
dependabot[bot] edcb2203d2
chore(deps): Bump peter-evans/create-pull-request from 6 to 7 (#1498)
Bumps
[peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request)
from 6 to 7.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/peter-evans/create-pull-request/releases">peter-evans/create-pull-request's
releases</a>.</em></p>
<blockquote>
<h2>Create Pull Request v7.0.0</h2>
<p> Now supports commit signing with bot-generated tokens! See
&quot;What's new&quot; below. ✍️🤖</p>
<h3>Behaviour changes</h3>
<ul>
<li>Action input <code>git-token</code> has been renamed
<code>branch-token</code>, to be more clear about its purpose. The
<code>branch-token</code> is the token that the action will use to
create and update the branch.</li>
<li>The action now handles requests that have been rate-limited by
GitHub. Requests hitting a primary rate limit will retry twice, for a
total of three attempts. Requests hitting a secondary rate limit will
not be retried.</li>
<li>The <code>pull-request-operation</code> output now returns
<code>none</code> when no operation was executed.</li>
<li>Removed deprecated output environment variable
<code>PULL_REQUEST_NUMBER</code>. Please use the
<code>pull-request-number</code> action output instead.</li>
</ul>
<h3>What's new</h3>
<ul>
<li>The action can now sign commits as <code>github-actions[bot]</code>
when using <code>GITHUB_TOKEN</code>, or your own bot when using <a
href="https://github.com/peter-evans/create-pull-request/blob/HEAD/docs/concepts-guidelines.md#authenticating-with-github-app-generated-tokens">GitHub
App tokens</a>. See <a
href="https://github.com/peter-evans/create-pull-request/blob/HEAD/docs/concepts-guidelines.md#commit-signature-verification-for-bots">commit
signing</a> for details.</li>
<li>Action input <code>draft</code> now accepts a new value
<code>always-true</code>. This will set the pull request to draft status
when the pull request is updated, as well as on creation.</li>
<li>A new action input <code>maintainer-can-modify</code> indicates
whether <a
href="https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/working-with-forks/allowing-changes-to-a-pull-request-branch-created-from-a-fork">maintainers
can modify</a> the pull request. The default is <code>true</code>, which
retains the existing behaviour of the action.</li>
<li>A new output <code>pull-request-commits-verified</code> returns
<code>true</code> or <code>false</code>, indicating whether GitHub
considers the signature of the branch's commits to be verified.</li>
</ul>
<h2>What's Changed</h2>
<ul>
<li>build(deps-dev): bump <code>@​types/node</code> from 18.19.36 to
18.19.39 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/3000">peter-evans/create-pull-request#3000</a></li>
<li>build(deps-dev): bump ts-jest from 29.1.5 to 29.2.0 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/3008">peter-evans/create-pull-request#3008</a></li>
<li>build(deps-dev): bump prettier from 3.3.2 to 3.3.3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/3018">peter-evans/create-pull-request#3018</a></li>
<li>build(deps-dev): bump ts-jest from 29.2.0 to 29.2.2 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/3019">peter-evans/create-pull-request#3019</a></li>
<li>build(deps-dev): bump eslint-plugin-prettier from 5.1.3 to 5.2.1 by
<a href="https://github.com/dependabot"><code>@​dependabot</code></a> in
<a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/3035">peter-evans/create-pull-request#3035</a></li>
<li>build(deps-dev): bump <code>@​types/node</code> from 18.19.39 to
18.19.41 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/3037">peter-evans/create-pull-request#3037</a></li>
<li>build(deps): bump undici from 6.19.2 to 6.19.4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/3036">peter-evans/create-pull-request#3036</a></li>
<li>build(deps-dev): bump ts-jest from 29.2.2 to 29.2.3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/3038">peter-evans/create-pull-request#3038</a></li>
<li>build(deps-dev): bump <code>@​types/node</code> from 18.19.41 to
18.19.42 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/3070">peter-evans/create-pull-request#3070</a></li>
<li>build(deps): bump undici from 6.19.4 to 6.19.5 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/3086">peter-evans/create-pull-request#3086</a></li>
<li>build(deps-dev): bump <code>@​types/node</code> from 18.19.42 to
18.19.43 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/3087">peter-evans/create-pull-request#3087</a></li>
<li>build(deps-dev): bump ts-jest from 29.2.3 to 29.2.4 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/3088">peter-evans/create-pull-request#3088</a></li>
<li>build(deps): bump undici from 6.19.5 to 6.19.7 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/3145">peter-evans/create-pull-request#3145</a></li>
<li>build(deps-dev): bump <code>@​types/node</code> from 18.19.43 to
18.19.44 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/3144">peter-evans/create-pull-request#3144</a></li>
<li>Update distribution by <a
href="https://github.com/actions-bot"><code>@​actions-bot</code></a> in
<a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/3154">peter-evans/create-pull-request#3154</a></li>
<li>build(deps): bump undici from 6.19.7 to 6.19.8 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/3213">peter-evans/create-pull-request#3213</a></li>
<li>build(deps-dev): bump <code>@​types/node</code> from 18.19.44 to
18.19.45 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/3214">peter-evans/create-pull-request#3214</a></li>
<li>Update distribution by <a
href="https://github.com/actions-bot"><code>@​actions-bot</code></a> in
<a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/3221">peter-evans/create-pull-request#3221</a></li>
<li>build(deps-dev): bump eslint-import-resolver-typescript from 3.6.1
to 3.6.3 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/3255">peter-evans/create-pull-request#3255</a></li>
<li>build(deps-dev): bump <code>@​types/node</code> from 18.19.45 to
18.19.46 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/3254">peter-evans/create-pull-request#3254</a></li>
<li>build(deps-dev): bump ts-jest from 29.2.4 to 29.2.5 by <a
href="https://github.com/dependabot"><code>@​dependabot</code></a> in <a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/3256">peter-evans/create-pull-request#3256</a></li>
<li>v7 - signed commits by <a
href="https://github.com/peter-evans"><code>@​peter-evans</code></a> in
<a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/3057">peter-evans/create-pull-request#3057</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a
href="https://github.com/rustycl0ck"><code>@​rustycl0ck</code></a> made
their first contribution in <a
href="https://redirect.github.com/peter-evans/create-pull-request/pull/3057">peter-evans/create-pull-request#3057</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/peter-evans/create-pull-request/compare/v6.1.0...v7.0.0">https://github.com/peter-evans/create-pull-request/compare/v6.1.0...v7.0.0</a></p>
<h2>Create Pull Request v6.1.0</h2>
<p> Adds <code>pull-request-branch</code> as an action output.</p>
<h2>What's Changed</h2>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="4320041ed3"><code>4320041</code></a>
feat: signed commits (v7) (<a
href="https://redirect.github.com/peter-evans/create-pull-request/issues/3057">#3057</a>)</li>
<li><a
href="0c2a66fe4a"><code>0c2a66f</code></a>
build(deps-dev): bump ts-jest from 29.2.4 to 29.2.5 (<a
href="https://redirect.github.com/peter-evans/create-pull-request/issues/3256">#3256</a>)</li>
<li><a
href="17121bc5b5"><code>17121bc</code></a>
build(deps-dev): bump <code>@​types/node</code> from 18.19.45 to
18.19.46 (<a
href="https://redirect.github.com/peter-evans/create-pull-request/issues/3254">#3254</a>)</li>
<li><a
href="87b5d6d564"><code>87b5d6d</code></a>
build(deps-dev): bump eslint-import-resolver-typescript (<a
href="https://redirect.github.com/peter-evans/create-pull-request/issues/3255">#3255</a>)</li>
<li><a
href="00897e0bc2"><code>00897e0</code></a>
build: update distribution (<a
href="https://redirect.github.com/peter-evans/create-pull-request/issues/3221">#3221</a>)</li>
<li><a
href="4cfc1fc717"><code>4cfc1fc</code></a>
build(deps-dev): bump <code>@​types/node</code> from 18.19.44 to
18.19.45 (<a
href="https://redirect.github.com/peter-evans/create-pull-request/issues/3214">#3214</a>)</li>
<li><a
href="cb4ed6491a"><code>cb4ed64</code></a>
build(deps): bump undici from 6.19.7 to 6.19.8 (<a
href="https://redirect.github.com/peter-evans/create-pull-request/issues/3213">#3213</a>)</li>
<li><a
href="4eb90b7bc7"><code>4eb90b7</code></a>
ci: separate test suite commands in pr comment</li>
<li><a
href="5308ecb864"><code>5308ecb</code></a>
ci: add sign-commits flag to test suite comment</li>
<li><a
href="ba864ad40c"><code>ba864ad</code></a>
build: update distribution (<a
href="https://redirect.github.com/peter-evans/create-pull-request/issues/3154">#3154</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/peter-evans/create-pull-request/compare/v6...v7">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=peter-evans/create-pull-request&package-manager=github_actions&previous-version=6&new-version=7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2024-09-11 18:50:01 -04:00

702 lines
26 KiB
YAML

name: CI
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
paths-ignore:
- '**.md'
- 'demo/**'
- 'docs/**'
release:
types: [ published ]
workflow_dispatch:
defaults:
run:
shell: bash
jobs:
lint-debug-test:
name: Lint and Unit test
runs-on: ubuntu-latest
env:
PGDATABASE: test
PGHOST: localhost
PGUSER: postgres
PGPASSWORD: postgres
services:
postgres:
image: postgis/postgis:16-3.4
ports:
# will assign a random free host port
- 5432/tcp
# Sadly there is currently no way to pass arguments to the service image other than this hack
# See also https://stackoverflow.com/a/62720566/177275
options: >-
-e POSTGRES_DB=test
-e POSTGRES_USER=postgres
-e POSTGRES_PASSWORD=postgres
-e PGDATABASE=test
-e PGUSER=postgres
-e PGPASSWORD=postgres
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
--entrypoint sh
postgis/postgis:16-3.4
-c "exec docker-entrypoint.sh postgres -c ssl=on -c ssl_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem -c ssl_key_file=/etc/ssl/private/ssl-cert-snakeoil.key"
steps:
- uses: taiki-e/install-action@v2
with: { tool: just }
- name: Checkout sources
uses: actions/checkout@v4
- uses: Swatinem/rust-cache@v2
if: github.event_name != 'release' && github.event_name != 'workflow_dispatch'
- run: just env-info
- run: just fmt
- run: just clippy
- run: just check
- run: just check-doc
- name: Check semver
uses: obi1kenobi/cargo-semver-checks-action@v2
- name: Init database
run: tests/fixtures/initdb.sh
env:
PGPORT: ${{ job.services.postgres.ports[5432] }}
- name: Run cargo test
run: |
set -x
cargo test --package martin-tile-utils
cargo test --package mbtiles --no-default-features
cargo test --package mbtiles
cargo test --package martin
cargo test --doc
env:
DATABASE_URL: postgres://${{ env.PGUSER }}:${{ env.PGUSER }}@${{ env.PGHOST }}:${{ job.services.postgres.ports[5432] }}/${{ env.PGDATABASE }}?sslmode=require
docker-build-test:
name: Build and test docker images
runs-on: ubuntu-latest
env:
# PG_* variables are used by psql
PGDATABASE: test
PGHOST: localhost
PGUSER: postgres
PGPASSWORD: postgres
# TODO: aarch64-unknown-linux-gnu
services:
postgres:
image: postgis/postgis:15-3.3
ports:
- 5432/tcp
options: >-
-e POSTGRES_DB=test
-e POSTGRES_USER=postgres
-e POSTGRES_PASSWORD=postgres
-e PGDATABASE=test
-e PGUSER=postgres
-e PGPASSWORD=postgres
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
--entrypoint sh
postgis/postgis:15-3.3
-c "exec docker-entrypoint.sh postgres -c ssl=on -c ssl_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem -c ssl_key_file=/etc/ssl/private/ssl-cert-snakeoil.key"
steps:
- uses: taiki-e/install-action@v2
with: { tool: cross }
- name: Checkout sources
uses: actions/checkout@v4
with:
set-safe-directory: false
- uses: Swatinem/rust-cache@v2
if: github.event_name != 'release' && github.event_name != 'workflow_dispatch'
- name: Init database
run: tests/fixtures/initdb.sh
env:
PGPORT: ${{ job.services.postgres.ports[5432] }}
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
# https://github.com/docker/setup-qemu-action
with:
platforms: linux/amd64,linux/arm64
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
# https://github.com/docker/setup-buildx-action
with:
install: true
platforms: linux/amd64,linux/arm64
- name: Set up AWS SAM
uses: aws-actions/setup-sam@v2
with:
use-installer: true
- name: Build targets
run: |
for target in "aarch64-unknown-linux-musl" "x86_64-unknown-linux-musl"; do
echo -e "\n----------------------------------------------"
echo "Building $target"
# See https://github.com/cross-rs/cross/issues/1526
# TODO: Remove this once a version after cross 0.2.5 is released
export CROSS_BUILD_OPTS="--output=type=docker"
export "CARGO_TARGET_$(echo $target | tr 'a-z-' 'A-Z_')_RUSTFLAGS"='-C strip=debuginfo'
cross build --release --target $target --workspace
mkdir -p target_releases/$target
mv target/$target/release/martin target_releases/$target
mv target/$target/release/martin-cp target_releases/$target
mv target/$target/release/mbtiles target_releases/$target
done
- name: Save build artifacts to build-${{ matrix.target }}
uses: actions/upload-artifact@v4
with:
name: cross-build
path: target_releases/*
- name: Reorganize artifacts for docker build
run: |
mkdir -p target_releases/linux/arm64
mv target_releases/aarch64-unknown-linux-musl/* target_releases/linux/arm64/
mkdir -p target_releases/linux/amd64
mv target_releases/x86_64-unknown-linux-musl/* target_releases/linux/amd64/
- name: Start NGINX
uses: nyurik/action-setup-nginx@v1.1
id: nginx
with: { port: '5412', output-unix-paths: 'yes' }
- name: Copy static files
run: cp -r tests/fixtures/pmtiles2/* ${{ steps.nginx.outputs.html-dir }}
- name: Build linux/arm64 Docker image
uses: docker/build-push-action@v6
# https://github.com/docker/build-push-action
with:
context: .
file: .github/files/multi-platform.Dockerfile
load: true
tags: ${{ github.repository }}:linux-arm64
platforms: linux/arm64
- name: Test linux/arm64 Docker image
run: |
PLATFORM=linux/arm64
TAG=${{ github.repository }}:linux-arm64
export MARTIN_BUILD_ALL=-
export MARTIN_BIN="docker run --rm --net host --platform $PLATFORM -e DATABASE_URL -v $PWD/tests:/tests $TAG"
export MARTIN_CP_BIN="docker run --rm --net host --platform $PLATFORM -e DATABASE_URL -v $PWD/tests:/tests --entrypoint /usr/local/bin/martin-cp $TAG"
export MBTILES_BIN="docker run --rm --net host --platform $PLATFORM -e DATABASE_URL -v $PWD/tests:/tests --entrypoint /usr/local/bin/mbtiles $TAG"
tests/test.sh
env:
DATABASE_URL: postgres://${{ env.PGUSER }}:${{ env.PGUSER }}@${{ env.PGHOST }}:${{ job.services.postgres.ports[5432] }}/${{ env.PGDATABASE }}?sslmode=require
- name: Build linux/amd64 Docker image
uses: docker/build-push-action@v6
# https://github.com/docker/build-push-action
with:
context: .
file: .github/files/multi-platform.Dockerfile
load: true
tags: ${{ github.repository }}:linux-amd64
platforms: linux/amd64
- name: Test linux/amd64 Docker image
run: |
PLATFORM=linux/amd64
TAG=${{ github.repository }}:linux-amd64
export MARTIN_BUILD_ALL=-
export MARTIN_BIN="docker run --rm --net host --platform $PLATFORM -e DATABASE_URL -v $PWD/tests:/tests $TAG"
export MARTIN_CP_BIN="docker run --rm --net host --platform $PLATFORM -e DATABASE_URL -v $PWD/tests:/tests --entrypoint /usr/local/bin/martin-cp $TAG"
export MBTILES_BIN="docker run --rm --net host --platform $PLATFORM -e DATABASE_URL -v $PWD/tests:/tests --entrypoint /usr/local/bin/mbtiles $TAG"
tests/test.sh
env:
DATABASE_URL: postgres://${{ env.PGUSER }}:${{ env.PGUSER }}@${{ env.PGHOST }}:${{ job.services.postgres.ports[5432] }}/${{ env.PGDATABASE }}?sslmode=require
- name: Login to GitHub Docker registry
if: github.event_name != 'pull_request'
uses: docker/login-action@v3
# https://github.com/docker/login-action
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Docker meta
id: docker_meta
uses: docker/metadata-action@v5
# https://github.com/docker/metadata-action
with:
images: ghcr.io/${{ github.repository }}
- name: Push the Docker image
if: github.event_name != 'pull_request'
uses: docker/build-push-action@v6
with:
context: .
file: .github/files/multi-platform.Dockerfile
push: true
tags: ${{ steps.docker_meta.outputs.tags }}
labels: ${{ steps.docker_meta.outputs.labels }}
platforms: linux/amd64,linux/arm64
build:
name: Build ${{ matrix.target }}
runs-on: ${{ matrix.os }}
strategy:
fail-fast: true
matrix:
include:
- target: aarch64-apple-darwin
os: macos-14 # M1 CPU
- target: debian-x86_64
os: ubuntu-latest
- target: x86_64-apple-darwin
os: macos-13 # x64 CPU
- target: x86_64-pc-windows-msvc
os: windows-latest
ext: '.exe'
- target: x86_64-unknown-linux-gnu
os: ubuntu-latest
steps:
- name: Checkout sources
uses: actions/checkout@v4
- name: Rust Versions
run: rustc --version && cargo --version
- uses: Swatinem/rust-cache@v2
if: github.event_name != 'release' && github.event_name != 'workflow_dispatch'
- name: Install NASM for rustls/aws-lc-rs on Windows
if: runner.os == 'Windows'
uses: ilammy/setup-nasm@v1
- name: Build (.deb)
if: matrix.target == 'debian-x86_64'
run: |
set -x
sudo apt-get install -y dpkg dpkg-dev liblzma-dev
cargo install cargo-deb --locked
cargo deb -v -p martin --output target/debian/debian-x86_64.deb
mkdir -p target_releases
mv target/debian/debian-x86_64.deb target_releases/
- name: Build
if: matrix.target != 'debian-x86_64'
run: |
set -x
rustup target add "${{ matrix.target }}"
export RUSTFLAGS='-C strip=debuginfo'
cargo build --release --target ${{ matrix.target }} --package mbtiles
cargo build --release --target ${{ matrix.target }} --package martin
mkdir -p target_releases
mv target/${{ matrix.target }}/release/martin${{ matrix.ext }} target_releases/
mv target/${{ matrix.target }}/release/martin-cp${{ matrix.ext }} target_releases/
mv target/${{ matrix.target }}/release/mbtiles${{ matrix.ext }} target_releases/
- name: Save build artifacts to build-${{ matrix.target }}
uses: actions/upload-artifact@v4
with:
name: build-${{ matrix.target }}
path: target_releases/*
test-aws-lambda:
name: Test AWS Lambda
runs-on: ubuntu-latest
needs: [ docker-build-test ]
steps:
- name: Checkout sources
uses: actions/checkout@v4
- name: Download build artifact cross-build
uses: actions/download-artifact@v4
with:
name: cross-build
- run: tests/test-aws-lambda.sh
env:
MARTIN_BIN: x86_64-unknown-linux-musl/martin
test-multi-os:
name: Test on ${{ matrix.os }}
runs-on: ${{ matrix.os }}
needs: [ build ]
strategy:
fail-fast: true
matrix:
include:
- target: x86_64-apple-darwin
os: macos-13
- target: x86_64-pc-windows-msvc
os: windows-latest
ext: '.exe'
- target: x86_64-unknown-linux-gnu
os: ubuntu-latest
steps:
- name: Install and run Postgis
uses: nyurik/action-setup-postgis@v2
id: pg
with: { username: 'test', password: 'test', database: 'test' }
- name: Start NGINX
uses: nyurik/action-setup-nginx@v1.1
id: nginx
with: { port: '5412', output-unix-paths: 'yes' }
- name: Checkout sources
uses: actions/checkout@v4
- name: Init database
run: |
echo "DATABASE_URL=${{ steps.pg.outputs.connection-uri }}"
echo "Print the same in base64 to bypass Github's obfuscation (uses hardcoded password):"
echo "${{ steps.pg.outputs.connection-uri }}" | base64
tests/fixtures/initdb.sh
env:
PGSERVICE: ${{ steps.pg.outputs.service-name }}
- name: Copy static files
run: cp -r tests/fixtures/pmtiles2/* ${{ steps.nginx.outputs.html-dir }}
- name: Download build artifact build-${{ matrix.target }}
uses: actions/download-artifact@v4
with:
name: build-${{ matrix.target }}
path: target/
- name: Integration Tests
run: |
export MARTIN_BUILD_ALL=-
export MARTIN_BIN=target/martin${{ matrix.ext }}
export MARTIN_CP_BIN=target/martin-cp${{ matrix.ext }}
export MBTILES_BIN=target/mbtiles${{ matrix.ext }}
if [[ "${{ runner.os }}" != "Windows" ]]; then
chmod +x "$MARTIN_BIN" "$MARTIN_CP_BIN" "$MBTILES_BIN"
fi
tests/test.sh
env:
DATABASE_URL: ${{ steps.pg.outputs.connection-uri }}
- name: Compare test output results (Linux)
if: matrix.target == 'x86_64-unknown-linux-gnu'
run: diff --brief --recursive --new-file tests/output tests/expected
- name: Download Debian package (Linux)
if: matrix.target == 'x86_64-unknown-linux-gnu'
uses: actions/download-artifact@v4
with:
name: build-debian-x86_64
path: target/
- name: Tests Debian package (Linux)
if: matrix.target == 'x86_64-unknown-linux-gnu'
run: |
sudo dpkg -i target/debian-x86_64.deb
export MARTIN_BUILD_ALL=-
export MARTIN_BIN=/usr/bin/martin${{ matrix.ext }}
export MARTIN_CP_BIN=/usr/bin/martin-cp${{ matrix.ext }}
export MBTILES_BIN=/usr/bin/mbtiles${{ matrix.ext }}
tests/test.sh
env:
DATABASE_URL: ${{ steps.pg.outputs.connection-uri }}
- name: Save test output (on error)
if: failure()
uses: actions/upload-artifact@v4
with:
name: failed-test-output-${{ runner.os }}
path: |
tests/output/*
target/test_logs/*
retention-days: 5
test-with-svc:
name: Test postgis:${{ matrix.img_ver }} sslmode=${{ matrix.sslmode }}
runs-on: ubuntu-latest
needs: [ build, docker-build-test ]
strategy:
fail-fast: true
matrix:
include:
# These must match the versions of postgres used in the docker-compose.yml
- img_ver: 11-3.0-alpine
args: postgres
sslmode: disable
- img_ver: 14-3.3-alpine
args: postgres
sslmode: disable
# alpine images don't support SSL, so for this we use the debian images
- img_ver: 15-3.3
args: postgres -c ssl=on -c ssl_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem -c ssl_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
sslmode: require
#
# FIXME!
# DISABLED because Rustls fails to validate name (CN?) with the NotValidForName error
#- img_ver: 15-3.3
# args: postgres -c ssl=on -c ssl_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem -c ssl_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
# sslmode: verify-ca
#- img_ver: 15-3.3
# args: postgres -c ssl=on -c ssl_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem -c ssl_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
# sslmode: verify-full
env:
PGDATABASE: test
PGHOST: localhost
PGUSER: postgres
PGPASSWORD: postgres
services:
postgres:
image: postgis/postgis:${{ matrix.img_ver }}
ports:
- 5432/tcp
options: >-
-e POSTGRES_DB=test
-e POSTGRES_USER=postgres
-e POSTGRES_PASSWORD=postgres
-e PGDATABASE=test
-e PGUSER=postgres
-e PGPASSWORD=postgres
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
--entrypoint sh
postgis/postgis:${{ matrix.img_ver }}
-c "exec docker-entrypoint.sh ${{ matrix.args }}"
steps:
- name: Checkout sources
uses: actions/checkout@v4
- uses: Swatinem/rust-cache@v2
if: github.event_name != 'release' && github.event_name != 'workflow_dispatch'
- name: Run NGINX
uses: nyurik/action-setup-nginx@v1.1
id: nginx
with: { port: '5412', output-unix-paths: 'yes' }
- name: Copy static files
run: cp -r tests/fixtures/pmtiles2/* ${{ steps.nginx.outputs.html-dir }}
- name: Init database
run: tests/fixtures/initdb.sh
env:
PGPORT: ${{ job.services.postgres.ports[5432] }}
- name: Get DB SSL cert (sslmode=verify-*)
if: matrix.sslmode == 'verify-ca' || matrix.sslmode == 'verify-full'
run: |
set -x
mkdir -p target/certs
docker cp ${{ job.services.postgres.id }}:/etc/ssl/certs/ssl-cert-snakeoil.pem target/certs/server.crt
docker cp ${{ job.services.postgres.id }}:/etc/ssl/private/ssl-cert-snakeoil.key target/certs/server.key
- name: Download build artifact build-x86_64-unknown-linux-gnu
uses: actions/download-artifact@v4
with:
name: build-x86_64-unknown-linux-gnu
path: target_releases/
- name: Integration Tests
run: |
if [[ "${{ matrix.sslmode }}" == "verify-ca" || "${{ matrix.sslmode }}" == "verify-full" ]]; then
export PGSSLROOTCERT=target/certs/server.crt
fi
export MARTIN_BUILD_ALL=-
export MARTIN_BIN=target_releases/martin
export MARTIN_CP_BIN=target_releases/martin-cp
export MBTILES_BIN=target_releases/mbtiles
chmod +x "$MARTIN_BIN" "$MARTIN_CP_BIN" "$MBTILES_BIN"
tests/test.sh
rm -rf target_releases
env:
DATABASE_URL: postgres://${{ env.PGUSER }}:${{ env.PGUSER }}@${{ env.PGHOST }}:${{ job.services.postgres.ports[5432] }}/${{ env.PGDATABASE }}?sslmode=${{ matrix.sslmode }}
- name: Download Debian package
uses: actions/download-artifact@v4
with:
name: build-debian-x86_64
path: target_releases/
- name: Tests Debian package
run: |
sudo dpkg -i target_releases/debian-x86_64.deb
if [[ "${{ matrix.sslmode }}" == "verify-ca" || "${{ matrix.sslmode }}" == "verify-full" ]]; then
export PGSSLROOTCERT=target/certs/server.crt
fi
export MARTIN_BUILD_ALL=-
export MARTIN_BIN=/usr/bin/martin
export MARTIN_CP_BIN=/usr/bin/martin-cp
export MBTILES_BIN=/usr/bin/mbtiles
tests/test.sh
sudo dpkg -P martin
rm -rf target_releases
env:
DATABASE_URL: postgres://${{ env.PGUSER }}:${{ env.PGUSER }}@${{ env.PGHOST }}:${{ job.services.postgres.ports[5432] }}/${{ env.PGDATABASE }}?sslmode=${{ matrix.sslmode }}
- name: Unit Tests
if: matrix.sslmode != 'verify-ca' && matrix.sslmode != 'verify-full'
run: |
echo "Running unit tests, connecting to DATABASE_URL=$DATABASE_URL"
echo "Same but as base64 to prevent GitHub obfuscation (this is not a secret):"
echo "$DATABASE_URL" | base64
set -x
cargo test --package martin
cargo clean
env:
DATABASE_URL: postgres://${{ env.PGUSER }}:${{ env.PGUSER }}@${{ env.PGHOST }}:${{ job.services.postgres.ports[5432] }}/${{ env.PGDATABASE }}?sslmode=${{ matrix.sslmode }}
- name: Save test output (on error)
if: failure()
uses: actions/upload-artifact@v4
with:
name: test-output
path: |
tests/output/*
target/test_logs/*
retention-days: 5
package:
name: Package
runs-on: ubuntu-latest
needs: [ lint-debug-test, docker-build-test, test-multi-os, test-with-svc ]
steps:
- name: Checkout sources
uses: actions/checkout@v4
- name: Download build artifact build-aarch64-apple-darwin
uses: actions/download-artifact@v4
with:
name: build-aarch64-apple-darwin
path: target/aarch64-apple-darwin
- name: Download build artifact build-x86_64-apple-darwin
uses: actions/download-artifact@v4
with:
name: build-x86_64-apple-darwin
path: target/x86_64-apple-darwin
- name: Download build artifact build-x86_64-unknown-linux-gnu
uses: actions/download-artifact@v4
with:
name: build-x86_64-unknown-linux-gnu
path: target/x86_64-unknown-linux-gnu
- name: Download cross-build artifacts
uses: actions/download-artifact@v4
with:
name: cross-build
path: target/cross
- name: Download build artifact build-x86_64-pc-windows-msvc
uses: actions/download-artifact@v4
with:
name: build-x86_64-pc-windows-msvc
path: target/x86_64-pc-windows-msvc
- name: Download build artifact build-debian-x86_64
uses: actions/download-artifact@v4
with:
name: build-debian-x86_64
path: target/debian-x86_64
- name: Package
run: |
set -x
cd target
mkdir files
mv cross/* .
cd aarch64-apple-darwin
chmod +x martin martin-cp mbtiles
tar czvf ../files/martin-aarch64-apple-darwin.tar.gz martin martin-cp mbtiles
cd ..
cd x86_64-apple-darwin
chmod +x martin martin-cp mbtiles
tar czvf ../files/martin-x86_64-apple-darwin.tar.gz martin martin-cp mbtiles
cd ..
cd x86_64-unknown-linux-gnu
chmod +x martin martin-cp mbtiles
tar czvf ../files/martin-x86_64-unknown-linux-gnu.tar.gz martin martin-cp mbtiles
cd ..
cd aarch64-unknown-linux-musl
chmod +x martin martin-cp mbtiles
tar czvf ../files/martin-aarch64-unknown-linux-musl.tar.gz martin martin-cp mbtiles
cd ..
cd x86_64-unknown-linux-musl
chmod +x martin martin-cp mbtiles
tar czvf ../files/martin-x86_64-unknown-linux-musl.tar.gz martin martin-cp mbtiles
cd ..
#
# Special case for Windows
#
cd x86_64-pc-windows-msvc
7z a ../files/martin-x86_64-pc-windows-msvc.zip martin.exe martin-cp.exe mbtiles.exe
cd ..
#
# Special case for Debian .deb package
#
cd debian-x86_64
mv debian-x86_64.deb ../files/martin-Debian-x86_64.deb
cd ..
- name: Create Homebrew config
run: |
set -x
# Extract Github release version only without the "v" prefix
MARTIN_VERSION=$(echo "${{ github.ref }}" | sed -e 's/refs\/tags\/v//')
mkdir -p target/homebrew
cd target
cat << EOF > homebrew_config.yaml
version: "$MARTIN_VERSION"
macos_arm_sha256: "$(shasum -a 256 files/martin-aarch64-apple-darwin.tar.gz | cut -d' ' -f1)"
macos_intel_sha256: "$(shasum -a 256 files/martin-x86_64-apple-darwin.tar.gz | cut -d' ' -f1)"
linux_arm_sha256: "$(shasum -a 256 files/martin-aarch64-unknown-linux-musl.tar.gz | cut -d' ' -f1)"
linux_intel_sha256: "$(shasum -a 256 files/martin-x86_64-unknown-linux-musl.tar.gz | cut -d' ' -f1)"
EOF
- name: Save Homebrew Config
uses: actions/upload-artifact@v4
with:
name: homebrew-config
path: target/homebrew_config.yaml
- name: Publish
if: startsWith(github.ref, 'refs/tags/')
uses: softprops/action-gh-release@v2
with:
draft: true
files: 'target/files/*'
body_path: CHANGELOG.md
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Checkout maplibre/homebrew-martin
if: startsWith(github.ref, 'refs/tags/')
uses: actions/checkout@v4
with:
repository: maplibre/homebrew-martin
token: ${{ secrets.GH_HOMEBREW_MARTIN_TOKEN }}
path: target/homebrew
- name: Create Homebrew formula
uses: cuchi/jinja2-action@master
with:
template: .github/files/homebrew.martin.rb.j2
output_file: target/homebrew/martin.rb
data_file: target/homebrew_config.yaml
- name: Create a PR for maplibre/homebrew-martin
if: startsWith(github.ref, 'refs/tags/')
uses: peter-evans/create-pull-request@v7
with:
# Create a personal access token
# Gen: https://github.com/settings/personal-access-tokens/new
# Set: https://github.com/maplibre/martin/settings/secrets/actions/GH_HOMEBREW_MARTIN_TOKEN
# Docs: https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#creating-a-fine-grained-personal-access-token
# Name: anything descriptive
# One year long (sadly that's max)
# Repository owner and repo: maplibre/homebrew-martin
# Access Contents: Read and write
# Access Metadata: Read-only
# Access Pull requests: Read and write
token: ${{ secrets.GH_HOMEBREW_MARTIN_TOKEN }}
commit-message: 'Update to ${{ github.ref }}'
title: 'Update to ${{ github.ref }}'
body: 'Update to ${{ github.ref }}'
branch: 'update-to-${{ github.ref }}'
branch-suffix: timestamp
base: 'main'
labels: 'auto-update'
assignees: 'nyurik'
draft: false
delete-branch: true
path: target/homebrew
# This final step is needed to mark the whole workflow as successful
# Don't change its name - it is used by the merge protection rules
done:
name: CI Finished
runs-on: ubuntu-latest
needs: [ package ]
steps:
- name: Finished
run: echo "CI finished successfully"