mirror/TinyORM
1
0
Fork 0
mirror of https://github.com/silverqx/TinyORM.git synced 2026-05-05 07:59:19 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
f06e18d77b20437f892b8fcf19205dc5697ba11f
TinyORM/.github/workflows/linux-qt6.yml
T

811 lines
33 KiB
YAML
Raw Blame History

# MySQL
# ---
# Forces TLS connections with the caching_sha2_password and certificate validation, also validates
# certificate's CN for issuer and subject.
# PostgreSQL
# ---
# Forces TLS connections with the certificate authentication and full certificate validation
# using the clientname=DN map=dn in the pg_hba.conf, so the username is matched against
# the entire Distinguished Name (DN) of the client certificate and sslmode=verify-full
# on the libpq client side, so the the server host name is matched against the CN (Common Name)
# stored in the server certificate.
name: Linux GCC/Clang Qt6.4
on:
workflow_dispatch:
push:
branches:
- main
- gh-actions
jobs:
build:
name: cmake build / ctest
runs-on: ubuntu-24.04
env:
# Settings (constant variables)
# This number must also be changed in the matrix as env context can't be used in the matrix
TINY_LLVM_VERSION: 18
TINY_LLVM_APT_NAME: noble
# First value is a compressed data size
# gcc: ~ 165 * 3 + 100 ; clang: ~ 100 * 3 + 100
TINY_CCACHE_MAX_SIZE_GCC: 600M
TINY_CCACHE_MAX_SIZE_CLANG: 400M
# Clang and vcpkg use $(nproc) (max. available cores)
TINY_PARALLEL_GCC: 2
strategy:
matrix:
compiler:
- key: clang
name: clang18
apt: [ clang-18, lld-18 ]
command: clang++-18
linker-command: ld.lld-18
# Don't upgrade to v13 or v14 to test also older g++ versions
- key: gcc
name: gcc12
apt: [ g++-12 ]
command: g++-12
linker-command: ld
steps:
- uses: actions/checkout@v4
- name: TinyORM prepare environment
run: |
runnerWorkPath=$(realpath "$RUNNER_WORKSPACE/..")
echo "TinyRunnerWorkPath=$runnerWorkPath" >> $GITHUB_ENV
sqlitePath="$runnerWorkPath/SQLite/$DB_SQLITE_DATABASE"
echo "TinySQLitePath=$sqlitePath" >> $GITHUB_ENV
[[ '${{ matrix.compiler.key }}' == 'gcc' ]] && ccacheMaxSize="$TINY_CCACHE_MAX_SIZE_GCC" \
|| ccacheMaxSize="$TINY_CCACHE_MAX_SIZE_CLANG"
echo "TinyCcacheMaxSize=$ccacheMaxSize" >> $GITHUB_ENV
[[ '${{ matrix.compiler.key }}' == 'gcc' ]] && parallel=$TINY_PARALLEL_GCC \
|| parallel=$(nproc)
echo "TinyParallel=$parallel" >> $GITHUB_ENV
echo "TinyParallelVcpkg=$(nproc)" >> $GITHUB_ENV
tinyormBuildName='${{ matrix.compiler.name }}-cmake-debug'
echo "TinyORMBuildName=$tinyormBuildName" >> $GITHUB_ENV
tinyormBuildTree="$RUNNER_WORKSPACE/TinyORM-builds-cmake/build-$tinyormBuildName"
echo "TinyORMBuildTree=$tinyormBuildTree" >> $GITHUB_ENV
env:
DB_SQLITE_DATABASE: ${{ secrets.DB_SQLITE_DATABASE }}
- name: Hosts add PostgreSQL server hostname
run: >-
sudo -- sh -c "echo '127.0.0.1\t$DB_PGSQL_HOST' >> /etc/hosts"
env:
DB_PGSQL_HOST: ${{ secrets.DB_PGSQL_HOST_SSL }}
- name: PostgreSQL service start
run: |
sudo systemctl start postgresql.service
- name: PostgreSQL prepare environment
id: databases-initialize-postgresql
run: |
pgConfigFile=$(sudo --user=postgres --login -- \
psql --command='show config_file;' --no-align --tuples-only)
pgConfigPath=$(dirname "$pgConfigFile")
echo "PgConfigPath=$pgConfigPath" >> $GITHUB_OUTPUT
pgDataPath=$(sudo --user=postgres --login -- \
psql --command='show data_directory;' --no-align --tuples-only)
echo "PgDataPath=$pgDataPath" >> $GITHUB_OUTPUT
- name: PostgreSQL initialize configuration
working-directory: .github/resources/postgresql
run: |
sudo --user=postgres -- cp --recursive --target-directory="$pg_config_path" ./
echo "\
ssl_cert_file = 'server.crt'
ssl_key_file = 'server.key'
" | \
sudo tee --append "$pg_config_path/conf.d/90-crystal.conf" > /dev/null
env:
pg_config_path: ${{ steps.databases-initialize-postgresql.outputs.PgConfigPath }}
- name: PostgreSQL SSL certificates initialize
id: openssl-initialize-postgresql-certificates
run: |
folderPath="$TinyRunnerWorkPath/tiny-postgresql-certificates"
# Create an empty folder for generating certificates
sudo mkdir "$folderPath"
sudo chown runner:docker "$folderPath"
echo "FolderPath=$folderPath" >> $GITHUB_OUTPUT
# This hash invalidates the PostgreSQL certificates cache every month
hash=$(date +%4Y%2m)
echo "Hash=$hash" >> $GITHUB_OUTPUT
- name: PostgreSQL SSL certificates restore cache
uses: actions/cache/restore@v4
id: openssl-cache-postgresql-certificates
with:
path: |
${{ env.folder_path }}/*.crt
${{ env.folder_path }}/*.key
key: ${{ runner.os }}-openssl-${{ env.cache_name }}-${{ env.cache_hash }}
env:
# This hash invalidates this certificates cache every month
cache_hash: ${{ steps.openssl-initialize-postgresql-certificates.outputs.Hash }}
cache_name: postgresql-certificates
folder_path: ${{ steps.openssl-initialize-postgresql-certificates.outputs.FolderPath }}
- name: PostgreSQL SSL certificates generate
if: steps.openssl-cache-postgresql-certificates.outputs.cache-hit != 'true'
working-directory: ${{ steps.openssl-initialize-postgresql-certificates.outputs.FolderPath }}
run: |
echo '::group::Print openssl version'
openssl version -a
echo '::endgroup::'
echo '::group::CA certificate'
# -days 32 is important, -days 30 is not enough
openssl req -new -x509 -nodes -subj "$DB_PGSQL_SSL_SUBJECT_CA" -days 32 \
-keyout ./root.key -out ./root.crt
echo '::endgroup::'
echo '::group::Server certificate'
openssl req -new -nodes -subj "$DB_PGSQL_SSL_SUBJECT_SERVER" -keyout ./server.key -out \
./server.csr
OPENSSL_SAN="DNS:${DB_PGSQL_HOST}" \
openssl x509 -req -CA ./root.crt -CAkey ./root.key -days 32 -set_serial 01 \
-extfile "$extfile" -in ./server.csr -out ./server.crt
echo '::endgroup::'
echo '::group::Client certificate'
openssl req -new -nodes -subj "$DB_PGSQL_SSL_SUBJECT_CLIENT" -keyout ./postgresql.key \
-out ./postgresql.csr
OPENSSL_SAN="DNS:${DB_PGSQL_USERNAME}" \
openssl x509 -req -CA ./root.crt -CAkey ./root.key -days 32 -set_serial 02 \
-extfile "$extfile" -in ./postgresql.csr -out ./postgresql.crt
echo '::endgroup::'
env:
extfile: ${{ github.workspace }}/.github/resources/openssl/usr_cert.cnf
DB_PGSQL_HOST: ${{ secrets.DB_PGSQL_HOST_SSL }}
DB_PGSQL_USERNAME: ${{ secrets.DB_PGSQL_USERNAME }}
DB_PGSQL_SSL_SUBJECT_CA: ${{ secrets.DB_PGSQL_SSL_SUBJECT_CA }}
DB_PGSQL_SSL_SUBJECT_SERVER: ${{ secrets.DB_PGSQL_SSL_SUBJECT_SERVER }}
DB_PGSQL_SSL_SUBJECT_CLIENT: ${{ secrets.DB_PGSQL_SSL_SUBJECT_CLIENT }}
- name: PostgreSQL SSL certificates print
working-directory: ${{ steps.openssl-initialize-postgresql-certificates.outputs.FolderPath }}
run: |
echo '::group::CA certificate'
openssl x509 -noout -text -in ./root.crt
echo '::endgroup::'
echo '::group::Server certificate'
openssl x509 -noout -text -in ./server.crt
echo '::endgroup::'
echo '::group::Client certificate'
openssl x509 -noout -text -in ./postgresql.crt
echo '::endgroup::'
# Always verify, regardless if certificates were newly generated or restored from the cache
- name: PostgreSQL SSL certificates verify
working-directory: ${{ steps.openssl-initialize-postgresql-certificates.outputs.FolderPath }}
run: |
openssl verify -CAfile ./root.crt ./server.crt ./postgresql.crt
# Save the cache only if certificates were newly generated
# The actions/cache/save allows to use the Move-Item during the install step
- name: PostgreSQL SSL certificates save cache
if: steps.openssl-cache-postgresql-certificates.outputs.cache-hit != 'true'
uses: actions/cache/save@v4
with:
path: |
${{ env.folder_path }}/*.crt
${{ env.folder_path }}/*.key
key: ${{ steps.openssl-cache-postgresql-certificates.outputs.cache-primary-key }}
env:
folder_path: ${{ steps.openssl-initialize-postgresql-certificates.outputs.FolderPath }}
- name: PostgreSQL SSL certificates install
working-directory: ${{ steps.openssl-initialize-postgresql-certificates.outputs.FolderPath }}
run: |
echo '::group::Install server certificates'
sudo cp --target-directory="$pg_data_path" ./root.crt
sudo mv --target-directory="$pg_data_path" ./server.{crt,key}
sudo chown postgres:postgres "$pg_data_path"/server.{crt,key} "$pg_data_path/root.crt"
sudo chmod 600 "$pg_data_path/server.key"
sudo chmod 640 "$pg_data_path"/{root,server}.crt
echo '::endgroup::'
echo '::group::Install client certificates'
folderPath=~/.postgresql
mkdir "$folderPath"
mv --target-directory="$folderPath" ./postgresql.{crt,key} ./root.crt
chmod 600 "$folderPath/postgresql.key"
chmod 640 "$folderPath"/{postgresql,root}.crt
echo '::endgroup::'
env:
pg_data_path: ${{ steps.databases-initialize-postgresql.outputs.PgDataPath }}
- name: PostgreSQL change ${{ secrets.DB_PGSQL_ROOT_USERNAME }} password
run: >-
sudo --user=postgres --login --
psql --command="alter user \"$DB_PGSQL_ROOT_USERNAME\"
with password '$DB_PGSQL_ROOT_PASSWORD';"
env:
DB_PGSQL_ROOT_PASSWORD: ${{ secrets.DB_PGSQL_ROOT_PASSWORD }}
DB_PGSQL_ROOT_USERNAME: ${{ secrets.DB_PGSQL_ROOT_USERNAME }}
- name: PostgreSQL create TinyORM user
run: >-
sudo --user=postgres --login --
psql --command="create user \"$DB_PGSQL_USERNAME\"
with createdb password '$DB_PGSQL_PASSWORD';"
env:
DB_PGSQL_PASSWORD: ${{ secrets.DB_PGSQL_PASSWORD }}
DB_PGSQL_USERNAME: ${{ secrets.DB_PGSQL_USERNAME }}
- name: PostgreSQL create TinyORM database
run: >-
sudo --user=postgres --login --
createdb --owner="$DB_PGSQL_USERNAME" "$DB_PGSQL_DATABASE"
env:
DB_PGSQL_DATABASE: ${{ secrets.DB_PGSQL_DATABASE }}
DB_PGSQL_USERNAME: ${{ secrets.DB_PGSQL_USERNAME }}
- name: PostgreSQL initialize client authentication
run: |
# Create the $PGDATA/tinyorm_dbs file with databases list
tinyormDbsPath="$pg_config_path/tinyorm_dbs"
databasesArr=("$DB_PGSQL_DATABASE" "$TINYORM_DATABASE_TESTS_SCHEMABUILDER")
(IFS=$'\n'; echo "${databasesArr[*]}") | \
sudo --user=postgres -- tee --append "$tinyormDbsPath" > /dev/null
sudo chmod 640 "$tinyormDbsPath"
pgHbaConf="$pg_config_path/pg_hba.conf"
pgHbaTmplTmpl='\\n\
# crystal\
hostssl @tinyorm_dbs %s 127.0.0.1\/32 cert clientname=DN map=dn'
pgHbaTmpl=$(printf "$pgHbaTmplTmpl" "$DB_PGSQL_USERNAME")
sudo sed --regexp-extended "s/(# +TYPE +DATABASE +USER +ADDRESS +METHOD)/\1$pgHbaTmpl/" \
--in-place "$pgHbaConf"
pgIdentConf="$pg_config_path/pg_ident.conf"
printf 'dn "/^%s$" %s' "$DB_PGSQL_SSL_DN" "$DB_PGSQL_USERNAME" | \
sudo tee --append "$pgIdentConf" > /dev/null
env:
pg_config_path: ${{ steps.databases-initialize-postgresql.outputs.PgConfigPath }}
DB_PGSQL_DATABASE: ${{ secrets.DB_PGSQL_DATABASE }}
DB_PGSQL_SSL_DN: ${{ secrets.DB_PGSQL_SSL_DN }}
DB_PGSQL_USERNAME: ${{ secrets.DB_PGSQL_USERNAME }}
TINYORM_DATABASE_TESTS_SCHEMABUILDER: ${{ secrets.TINYORM_DATABASE_TESTS_SCHEMABUILDER }}
- name: PostgreSQL service restart
run: |
sudo systemctl restart postgresql.service
- name: PostgreSQL service check status
run: |
echo '::group::Service status'
systemctl status postgresql.service
echo '::endgroup::'
echo '::group::pg_isready'
pg_isready
echo '::endgroup::'
# Adding the DB_MYSQL_HOST_CLIENT isn't strictly needed (works without it too)
- name: Hosts add MySQL server hostname
run: >-
sudo -- sh -c "echo '127.0.0.1\t$DB_MYSQL_HOST $DB_MYSQL_HOST_CLIENT' >> /etc/hosts"
env:
DB_MYSQL_HOST: ${{ secrets.DB_MYSQL_HOST_SSL }}
DB_MYSQL_HOST_CLIENT: ${{ secrets.DB_MYSQL_HOST_CLIENT_SSL }}
- name: MySQL initialize crystal_mysqld.cnf configuration
working-directory: .github/resources/linux
run: |
sudo mv ./crystal_mysqld_ssl.cnf /etc/mysql/mysql.conf.d/crystal_mysqld.cnf
- name: MySQL initialize crystal_client.cnf configuration (global)
working-directory: .github/resources/linux
run: >-
cat ./crystal_client_ssl.template.cnf |
sed 's/{SSL_CERTIFICATES_PATH}/\/usr\/local\/share\/crystal-mysql/' |
sed "s/{MYSQL_HOST}/$DB_MYSQL_HOST/" |
sudo tee /etc/mysql/conf.d/crystal_client.cnf > /dev/null
env:
DB_MYSQL_HOST: ${{ secrets.DB_MYSQL_HOST_SSL }}
# Remove certificates to generate are own
- name: MySQL SSL certificates remove
run: >-
sudo --user=mysql --
rm /var/lib/mysql/{ca,ca-key,server-cert,server-key,client-cert,client-key}.pem
- name: MySQL SSL certificates initialize
id: openssl-initialize-mysql-certificates
run: |
folderPath="$TinyRunnerWorkPath/tiny-mysql-certificates"
# Create an empty folder for generating certificates
sudo mkdir "$folderPath"
sudo chown runner:docker "$folderPath"
echo "FolderPath=$folderPath" >> $GITHUB_OUTPUT
# This hash invalidates the MySQL certificates cache every month
hash=$(date +%4Y%2m)
echo "Hash=$hash" >> $GITHUB_OUTPUT
- name: MySQL SSL certificates restore cache
uses: actions/cache/restore@v4
id: openssl-cache-mysql-certificates
with:
path: |
${{ env.folder_path }}/*.pem
key: ${{ runner.os }}-openssl-${{ env.cache_name }}-${{ env.cache_hash }}
env:
# This hash invalidates this certificates cache every month
cache_hash: ${{ steps.openssl-initialize-mysql-certificates.outputs.Hash }}
cache_name: mysql-certificates
folder_path: ${{ steps.openssl-initialize-mysql-certificates.outputs.FolderPath }}
- name: MySQL SSL certificates generate
if: steps.openssl-cache-mysql-certificates.outputs.cache-hit != 'true'
working-directory: ${{ steps.openssl-initialize-mysql-certificates.outputs.FolderPath }}
run: |
echo '::group::Print openssl version'
openssl version -a
echo '::endgroup::'
echo '::group::CA certificate'
# -days 32 is important, -days 30 is not enough
openssl req -new -x509 -nodes -subj "$DB_MYSQL_SSL_SUBJECT_CA" -days 32 \
-keyout ./ca-key.pem -out ./ca.pem
echo '::endgroup::'
echo '::group::Server certificate'
openssl req -new -nodes -subj "$DB_MYSQL_SSL_SUBJECT_SERVER" -keyout ./server-key.pem -out \
./server-req.pem
OPENSSL_SAN="DNS:${DB_MYSQL_HOST}" \
openssl x509 -req -CA ./ca.pem -CAkey ./ca-key.pem -days 32 -set_serial 01 \
-extfile "$extfile" -in ./server-req.pem -out ./server-cert.pem
echo '::endgroup::'
echo '::group::Client certificate'
openssl req -new -nodes -subj "$DB_MYSQL_SSL_SUBJECT_CLIENT" -keyout ./client-key.pem \
-out ./client-req.pem
OPENSSL_SAN="DNS:${DB_MYSQL_HOST_CLIENT}" \
openssl x509 -req -CA ./ca.pem -CAkey ./ca-key.pem -days 32 -set_serial 02 \
-extfile "$extfile" -in ./client-req.pem -out ./client-cert.pem
echo '::endgroup::'
env:
extfile: ${{ github.workspace }}/.github/resources/openssl/usr_cert.cnf
DB_MYSQL_HOST: ${{ secrets.DB_MYSQL_HOST_SSL }}
DB_MYSQL_HOST_CLIENT: ${{ secrets.DB_MYSQL_HOST_CLIENT_SSL }}
DB_MYSQL_SSL_SUBJECT_CA: ${{ secrets.DB_MYSQL_SSL_SUBJECT_CA }}
DB_MYSQL_SSL_SUBJECT_SERVER: ${{ secrets.DB_MYSQL_SSL_SUBJECT_SERVER }}
DB_MYSQL_SSL_SUBJECT_CLIENT: ${{ secrets.DB_MYSQL_SSL_SUBJECT_CLIENT }}
# Always verify, regardless if certificates were newly generated or restored from the cache
- name: MySQL SSL certificates verify
working-directory: ${{ steps.openssl-initialize-mysql-certificates.outputs.FolderPath }}
run: |
openssl verify -CAfile ./ca.pem ./server-cert.pem ./client-cert.pem
# Save the cache only if certificates were newly generated
# The actions/cache/save allows to use the Move-Item during the install step
- name: MySQL SSL certificates save cache
if: steps.openssl-cache-mysql-certificates.outputs.cache-hit != 'true'
uses: actions/cache/save@v4
with:
path: |
${{ env.folder_path }}/*.pem
key: ${{ steps.openssl-cache-mysql-certificates.outputs.cache-primary-key }}
env:
folder_path: ${{ steps.openssl-initialize-mysql-certificates.outputs.FolderPath }}
- name: MySQL SSL certificates install
working-directory: ${{ steps.openssl-initialize-mysql-certificates.outputs.FolderPath }}
run: |
mysqlDataPath=/var/lib/mysql
echo '::group::Install CA certificate'
sudo mv --target-directory="$mysqlDataPath" ./ca.pem
sudo chmod 644 "$mysqlDataPath/ca.pem"
sudo chown mysql:mysql "$mysqlDataPath/ca.pem"
echo '::endgroup::'
echo '::group::Install server certificates'
sudo mv --target-directory="$mysqlDataPath" ./server-{cert,key}.pem
sudo chmod 640 "$mysqlDataPath/server-cert.pem"
sudo chmod 600 "$mysqlDataPath/server-key.pem"
sudo chown mysql:mysql "$mysqlDataPath"/server-{cert,key}.pem
echo '::endgroup::'
echo '::group::Install client certificates'
sudo mv --target-directory="$mysqlDataPath" ./client-{cert,key}.pem
sudo chmod 640 "$mysqlDataPath/client-cert.pem"
sudo chmod 600 "$mysqlDataPath/client-key.pem"
sudo chown mysql:mysql "$mysqlDataPath"/client-{cert,key}.pem
echo '::endgroup::'
env:
pg_data_path: ${{ steps.databases-initialize-mysql.outputs.PgDataPath }}
- name: MySQL copy SSL certificates for runner user
run: |
crystalMySqlPath=/usr/local/share/crystal-mysql
sudo mkdir --parents "$crystalMySqlPath"
cd "$crystalMySqlPath"
sudo cp --target-directory="$crystalMySqlPath" \
/var/lib/mysql/{ca,client-cert,client-key}.pem
sudo chown --recursive root:root "$crystalMySqlPath"
sudo chmod 444 "$crystalMySqlPath"/{ca,client-cert,client-key}.pem
- name: MySQL service start
run: |
sudo systemctl start mysql.service
# Securing the root account even on localhost is for testing to make sure that everything
# works as expected
- name: MySQL change ${{ secrets.DB_MYSQL_ROOT_USERNAME }} password
run: >-
echo "
alter user '$DB_MYSQL_ROOT_USERNAME'@'localhost'
identified with caching_sha2_password by '$DB_MYSQL_ROOT_PASSWORD'
require issuer '$DB_MYSQL_SSL_SUBJECT_CA' and
subject '$DB_MYSQL_SSL_SUBJECT_CLIENT';" |
mysql --user="$DB_MYSQL_ROOT_USERNAME" --password="$DB_MYSQL_ROOT_PASSWORD_DEFAULT"
env:
DB_MYSQL_ROOT_PASSWORD: ${{ secrets.DB_MYSQL_ROOT_PASSWORD }}
DB_MYSQL_ROOT_PASSWORD_DEFAULT: ${{ secrets.DB_MYSQL_ROOT_PASSWORD_DEFAULT }}
DB_MYSQL_ROOT_USERNAME: ${{ secrets.DB_MYSQL_ROOT_USERNAME }}
DB_MYSQL_SSL_SUBJECT_CA: ${{ secrets.DB_MYSQL_SSL_SUBJECT_CA }}
DB_MYSQL_SSL_SUBJECT_CLIENT: ${{ secrets.DB_MYSQL_SSL_SUBJECT_CLIENT }}
- name: MySQL populate time zone tables 👌
run: >-
mysql_tzinfo_to_sql /usr/share/zoneinfo |
mysql --user="$DB_MYSQL_ROOT_USERNAME" --password="$DB_MYSQL_ROOT_PASSWORD" mysql
sudo systemctl restart mysql.service
env:
DB_MYSQL_ROOT_PASSWORD: ${{ secrets.DB_MYSQL_ROOT_PASSWORD }}
DB_MYSQL_ROOT_USERNAME: ${{ secrets.DB_MYSQL_ROOT_USERNAME }}
- name: MySQL service check status
run: |
echo '::group::Service status'
systemctl status mysql.service
echo '::endgroup::'
echo '::group::Service is-active check'
systemctl is-active --quiet mysql.service
echo '::endgroup::'
echo '::group::Ping'
mysqladmin --user="$DB_MYSQL_ROOT_USERNAME" --password="$DB_MYSQL_ROOT_PASSWORD" ping
echo '::endgroup::'
env:
DB_MYSQL_ROOT_PASSWORD: ${{ secrets.DB_MYSQL_ROOT_PASSWORD }}
DB_MYSQL_ROOT_USERNAME: ${{ secrets.DB_MYSQL_ROOT_USERNAME }}
- name: MySQL create TinyORM database
run: >-
echo "
create database if not exists \`$DB_MYSQL_DATABASE\`
default character set $DB_MYSQL_CHARSET
default collate $DB_MYSQL_COLLATION;" |
mysql --user="$DB_MYSQL_ROOT_USERNAME" --password="$DB_MYSQL_ROOT_PASSWORD"
env:
DB_MYSQL_CHARSET: ${{ secrets.DB_MYSQL_CHARSET }}
DB_MYSQL_COLLATION: ${{ secrets.DB_MYSQL_COLLATION }}
DB_MYSQL_DATABASE: ${{ secrets.DB_MYSQL_DATABASE }}
DB_MYSQL_ROOT_PASSWORD: ${{ secrets.DB_MYSQL_ROOT_PASSWORD }}
DB_MYSQL_ROOT_USERNAME: ${{ secrets.DB_MYSQL_ROOT_USERNAME }}
- name: MySQL create TinyORM user
run: >-
echo "
create user '$DB_MYSQL_USERNAME'@'%'
identified with caching_sha2_password by '$DB_MYSQL_PASSWORD'
require issuer '$DB_MYSQL_SSL_SUBJECT_CA' and
subject '$DB_MYSQL_SSL_SUBJECT_CLIENT';
grant all privileges on \`tinyorm\\_%\`.* to '$DB_MYSQL_USERNAME'@'%';
grant select on \`mysql\`.\`time_zone_name\` to '$DB_MYSQL_USERNAME'@'%';
flush privileges;" |
mysql --user="$DB_MYSQL_ROOT_USERNAME" --password="$DB_MYSQL_ROOT_PASSWORD"
env:
DB_MYSQL_PASSWORD: ${{ secrets.DB_MYSQL_PASSWORD }}
DB_MYSQL_ROOT_PASSWORD: ${{ secrets.DB_MYSQL_ROOT_PASSWORD }}
DB_MYSQL_ROOT_USERNAME: ${{ secrets.DB_MYSQL_ROOT_USERNAME }}
DB_MYSQL_USERNAME: ${{ secrets.DB_MYSQL_USERNAME }}
DB_MYSQL_SSL_SUBJECT_CA: ${{ secrets.DB_MYSQL_SSL_SUBJECT_CA }}
DB_MYSQL_SSL_SUBJECT_CLIENT: ${{ secrets.DB_MYSQL_SSL_SUBJECT_CLIENT }}
- name: SQLite create TinyORM database
run: |
mkdir --parents "$(dirname "$TinySQLitePath")"
touch "$TinySQLitePath"
- name: Print MySQL, PostgreSQL, and SQLite database versions
run: |
echo '::group::MySQL version'
mysql --version
echo '::endgroup::'
echo '::group::PostgreSQL version'
pg_config --version
echo '::endgroup::'
echo '::group::SQLite version'
sqlite3 --version
echo '::endgroup::'
- name: add-apt-repository Clang ${{ env.TINY_LLVM_VERSION }}
if: matrix.compiler.key == 'clang'
run: >-
wget -O- https://apt.llvm.org/llvm-snapshot.gpg.key |
sudo tee /etc/apt/trusted.gpg.d/llvm-${{ env.TINY_LLVM_VERSION }}.asc > /dev/null
sudo add-apt-repository --yes
--sourceslist 'deb http://apt.llvm.org/${{ env.TINY_LLVM_APT_NAME }}/
llvm-toolchain-${{ env.TINY_LLVM_APT_NAME }}-${{ env.TINY_LLVM_VERSION }} main'
- name: apt update
run: |
sudo apt update
# qmake6 command is only used to query the Qt version
- name: apt install ${{ join(matrix.compiler.apt, ', ') }}, Qt 6 base, and ccache
run: >-
sudo apt install --yes ${{ join(matrix.compiler.apt, ' ') }}
qt6-base-dev libqt6sql6-mysql libqt6sql6-sqlite libqt6sql6-psql ccache qmake6
# Always install the latest CMake and Ninja
- name: CMake and Ninja install latest versions
uses: lukka/get-cmake@latest
- name: Ccache initialize
id: ccache-initialize-cache
run: |
cachePath=$(ccache --get-config cache_dir)
echo "CachePath=$cachePath" >> $GITHUB_OUTPUT
echo "ImageOS=$ImageOS" >> $GITHUB_OUTPUT
- name: Ccache restore cache 🕺
uses: actions/cache@v4
with:
path: ${{ env.cache_path }}
key: ${{ runner.os }}-${{ env.image_os }}-ccache-${{ env.cache_name }}-${{ github.run_id }}
restore-keys: |
${{ runner.os }}-${{ env.image_os }}-ccache-${{ env.cache_name }}-
env:
cache_name: ${{ matrix.compiler.name }}-qt6
cache_path: ${{ steps.ccache-initialize-cache.outputs.CachePath }}
image_os: ${{ steps.ccache-initialize-cache.outputs.ImageOS }}
- name: Ccache prepare configuration 🥳
run: |
ccache --set-config max_size="$TinyCcacheMaxSize"
ccache --set-config sloppiness=pch_defines,time_macros
- name: Ccache print version and configuration
run: |
echo '::group::Print version'
ccache --version
echo '::endgroup::'
echo '::group::Print ccache config'
ccache --show-config
echo '::endgroup::'
- name: vcpkg prepare environment
run: |
echo "VCPKG_ROOT=$VCPKG_INSTALLATION_ROOT" >> $GITHUB_ENV
echo 'VCPKG_DEFAULT_TRIPLET=x64-linux-dynamic' >> $GITHUB_ENV
echo "VCPKG_MAX_CONCURRENCY=$TinyParallelVcpkg" >> $GITHUB_ENV
- name: Compiler print version (${{ matrix.compiler.command }})
run: |
${{ matrix.compiler.command }} --version
- name: Linker print version (${{ matrix.compiler.linker-command }})
run: |
${{ matrix.compiler.linker-command }} --version
- name: CMake print version
run: |
cmake --version
- name: Ninja print version
run: |
ninja --version
- name: vcpkg print version
run: |
vcpkg --version
- name: Qt print version
run: |
qmake6 -query QT_VERSION
- name: Ccache clear statistics
run: |
ccache --zero-stats
- name: TinyORM cmake configure (${{ env.TinyORMBuildName }})
run: >-
cmake --log-level=DEBUG --log-context
-S .
-B "$TinyORMBuildTree"
-G Ninja
-D CMAKE_CXX_COMPILER_LAUNCHER:FILEPATH=ccache
-D CMAKE_CXX_COMPILER:FILEPATH=${{ matrix.compiler.command }}
-D CMAKE_TOOLCHAIN_FILE:FILEPATH="$VCPKG_INSTALLATION_ROOT/scripts/buildsystems/vcpkg.cmake"
-D CMAKE_DISABLE_PRECOMPILE_HEADERS:BOOL=ON
-D CMAKE_EXPORT_PACKAGE_REGISTRY:BOOL=OFF
-D CMAKE_BUILD_TYPE:STRING=Debug
-D CMAKE_CXX_SCAN_FOR_MODULES:BOOL=OFF
-D VCPKG_APPLOCAL_DEPS:BOOL=OFF
-D VERBOSE_CONFIGURE:BOOL=ON
-D BUILD_TREE_DEPLOY:BOOL=OFF
-D STRICT_MODE:BOOL=OFF
-D MYSQL_PING:BOOL=ON
-D BUILD_TESTS:BOOL=ON
-D ORM:BOOL=ON
-D TOM:BOOL=ON
-D TOM_EXAMPLE:BOOL=ON
-D BUILD_DRIVERS:BOOL=OFF
- name: TinyORM cmake build ✨ (${{ env.TinyORMBuildName }})
working-directory: ${{ env.TinyORMBuildTree }}
run: |
cmake --build . --target all --parallel $TinyParallel
- name: Ccache print statistics
run: |
ccache --show-stats --verbose
- name: libTinyOrm print .comment section
working-directory: ${{ env.TinyORMBuildTree }}
run: |
readelf --string-dump .comment ./libTinyOrmd.so
- name: TinyORM add on the $LD_LIBRARY_PATH
run: |
echo "LD_LIBRARY_PATH=$TinyORMBuildTree${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH" >> $env:GITHUB_ENV
- name: Create and Seed tables for unit tests 🎉
working-directory: ${{ env.TinyORMBuildTree }}/tests/testdata_tom
run: >-
./tom_testdata migrate
--database=tinyorm_testdata_tom_mysql,tinyorm_testdata_tom_postgres,tinyorm_testdata_tom_sqlite
--seed --no-ansi
env:
DB_MYSQL_CHARSET: ${{ secrets.DB_MYSQL_CHARSET }}
DB_MYSQL_COLLATION: ${{ secrets.DB_MYSQL_COLLATION }}
DB_MYSQL_DATABASE: ${{ secrets.DB_MYSQL_DATABASE }}
DB_MYSQL_HOST: ${{ secrets.DB_MYSQL_HOST_SSL }}
DB_MYSQL_PASSWORD: ${{ secrets.DB_MYSQL_PASSWORD }}
DB_MYSQL_SSL_CA: /usr/local/share/crystal-mysql/ca.pem
DB_MYSQL_SSL_CERT: /usr/local/share/crystal-mysql/client-cert.pem
DB_MYSQL_SSL_KEY: /usr/local/share/crystal-mysql/client-key.pem
DB_MYSQL_SSL_MODE: ${{ secrets.DB_MYSQL_SSL_MODE }}
DB_MYSQL_USERNAME: ${{ secrets.DB_MYSQL_USERNAME }}
DB_PGSQL_CHARSET: ${{ secrets.DB_PGSQL_CHARSET }}
DB_PGSQL_DATABASE: ${{ secrets.DB_PGSQL_DATABASE }}
DB_PGSQL_HOST: ${{ secrets.DB_PGSQL_HOST_SSL }}
DB_PGSQL_SEARCHPATH: ${{ secrets.DB_PGSQL_SEARCHPATH }}
DB_PGSQL_SSLMODE: ${{ secrets.DB_PGSQL_SSLMODE }}
DB_PGSQL_USERNAME: ${{ secrets.DB_PGSQL_USERNAME }}
DB_SQLITE_DATABASE: ${{ env.TinySQLitePath }}
TOM_TESTDATA_ENV: ${{ vars.TOM_TESTDATA_ENV }}
- name: TinyORM execute ctest 🔥
working-directory: ${{ env.TinyORMBuildTree }}
run: |
ctest --output-on-failure --parallel $(($TinyParallel + $(nproc) / 2))
env:
DB_MYSQL_CHARSET: ${{ secrets.DB_MYSQL_CHARSET }}
DB_MYSQL_COLLATION: ${{ secrets.DB_MYSQL_COLLATION }}
DB_MYSQL_DATABASE: ${{ secrets.DB_MYSQL_DATABASE }}
DB_MYSQL_HOST: ${{ secrets.DB_MYSQL_HOST_SSL }}
DB_MYSQL_PASSWORD: ${{ secrets.DB_MYSQL_PASSWORD }}
DB_MYSQL_SSL_CA: /usr/local/share/crystal-mysql/ca.pem
DB_MYSQL_SSL_CERT: /usr/local/share/crystal-mysql/client-cert.pem
DB_MYSQL_SSL_KEY: /usr/local/share/crystal-mysql/client-key.pem
DB_MYSQL_SSL_MODE: ${{ secrets.DB_MYSQL_SSL_MODE }}
DB_MYSQL_USERNAME: ${{ secrets.DB_MYSQL_USERNAME }}
DB_PGSQL_CHARSET: ${{ secrets.DB_PGSQL_CHARSET }}
DB_PGSQL_DATABASE: ${{ secrets.DB_PGSQL_DATABASE }}
DB_PGSQL_HOST: ${{ secrets.DB_PGSQL_HOST_SSL }}
DB_PGSQL_SEARCHPATH: ${{ secrets.DB_PGSQL_SEARCHPATH }}
DB_PGSQL_SSLMODE: ${{ secrets.DB_PGSQL_SSLMODE }}
DB_PGSQL_USERNAME: ${{ secrets.DB_PGSQL_USERNAME }}
DB_SQLITE_DATABASE: ${{ env.TinySQLitePath }}
TOM_TESTS_ENV: ${{ vars.TOM_TESTS_ENV }}
- name: Tom example test some commands (MySQL) 🚀
working-directory: ${{ env.TinyORMBuildTree }}/examples/tom
run: |
./tom migrate:fresh --database=tinyorm_tom_mysql --no-ansi
./tom migrate:uninstall --reset --database=tinyorm_tom_mysql --no-ansi
./tom migrate:install --database=tinyorm_tom_mysql --no-ansi
./tom migrate --database=tinyorm_tom_mysql --seed --no-ansi
./tom migrate:status --database=tinyorm_tom_mysql --no-ansi
./tom migrate:refresh --database=tinyorm_tom_mysql --seed --no-ansi
./tom migrate:reset --database=tinyorm_tom_mysql --no-ansi
./tom migrate:uninstall --database=tinyorm_tom_mysql --no-ansi
env:
DB_MYSQL_CHARSET: ${{ secrets.DB_MYSQL_CHARSET }}
DB_MYSQL_COLLATION: ${{ secrets.DB_MYSQL_COLLATION }}
DB_MYSQL_DATABASE: ${{ secrets.DB_MYSQL_DATABASE }}
DB_MYSQL_HOST: ${{ secrets.DB_MYSQL_HOST_SSL }}
DB_MYSQL_PASSWORD: ${{ secrets.DB_MYSQL_PASSWORD }}
DB_MYSQL_SSL_CA: /usr/local/share/crystal-mysql/ca.pem
DB_MYSQL_SSL_CERT: /usr/local/share/crystal-mysql/client-cert.pem
DB_MYSQL_SSL_KEY: /usr/local/share/crystal-mysql/client-key.pem
DB_MYSQL_SSL_MODE: ${{ secrets.DB_MYSQL_SSL_MODE }}
DB_MYSQL_USERNAME: ${{ secrets.DB_MYSQL_USERNAME }}
TOM_EXAMPLE_ENV: ${{ vars.TOM_EXAMPLE_ENV }}
- name: Tom example test some commands (PostgreSQL) 🙌
working-directory: ${{ env.TinyORMBuildTree }}/examples/tom
run: |
./tom migrate:fresh --database=tinyorm_tom_postgres --no-ansi
./tom migrate:uninstall --reset --database=tinyorm_tom_postgres --no-ansi
./tom migrate:install --database=tinyorm_tom_postgres --no-ansi
./tom migrate --database=tinyorm_tom_postgres --seed --no-ansi
./tom migrate:status --database=tinyorm_tom_postgres --no-ansi
./tom migrate:refresh --database=tinyorm_tom_postgres --seed --no-ansi
./tom migrate:reset --database=tinyorm_tom_postgres --no-ansi
./tom migrate:uninstall --database=tinyorm_tom_postgres --no-ansi
env:
DB_PGSQL_CHARSET: ${{ secrets.DB_PGSQL_CHARSET }}
DB_PGSQL_DATABASE: ${{ secrets.DB_PGSQL_DATABASE }}
DB_PGSQL_HOST: ${{ secrets.DB_PGSQL_HOST_SSL }}
DB_PGSQL_SEARCHPATH: ${{ secrets.DB_PGSQL_SEARCHPATH }}
DB_PGSQL_SSLMODE: ${{ secrets.DB_PGSQL_SSLMODE }}
DB_PGSQL_USERNAME: ${{ secrets.DB_PGSQL_USERNAME }}
TOM_EXAMPLE_ENV: ${{ vars.TOM_EXAMPLE_ENV }}
- name: Tom example test some commands (SQLite) 🏁
working-directory: ${{ env.TinyORMBuildTree }}/examples/tom
run: |
./tom migrate:fresh --database=tinyorm_tom_sqlite --no-ansi
./tom migrate:uninstall --reset --database=tinyorm_tom_sqlite --no-ansi
./tom migrate:install --database=tinyorm_tom_sqlite --no-ansi
./tom migrate --database=tinyorm_tom_sqlite --seed --no-ansi
./tom migrate:status --database=tinyorm_tom_sqlite --no-ansi
./tom migrate:refresh --database=tinyorm_tom_sqlite --seed --no-ansi
./tom migrate:reset --database=tinyorm_tom_sqlite --no-ansi
./tom migrate:uninstall --database=tinyorm_tom_sqlite --no-ansi
env:
DB_SQLITE_DATABASE: ${{ env.TinySQLitePath }}
TOM_EXAMPLE_ENV: ${{ vars.TOM_EXAMPLE_ENV }}
Reference in New Issue View Git Blame Copy Permalink