LDEV-5236 GHA: fix public schema permissions for postgres 15+ (7.0) #8253
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build 7.0 | |
on: | |
workflow_call: | |
inputs: | |
LUCEE_TEST_JAVA_VERSION: | |
required: true | |
type: string | |
LUCEE_BUILD_JAVA_VERSION: | |
required: true | |
type: string | |
default: '21' | |
push: | |
branches: | |
- '**' # thus ignoring tagging | |
pull_request: | |
workflow_dispatch: | |
inputs: | |
LUCEE_BUILD_JAVA_VERSION: | |
required: true | |
type: string | |
default: '21' | |
LUCEE_TEST_JAVA_VERSION: | |
description: Optional Java Test version, default is the build java version | |
required: false | |
type: string | |
#concurrency: | |
# group: ${{ github.head_ref }} | |
# cancel-in-progress: true | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
env: | |
DO_DEPLOY: "${{ github.event_name == 'push' && startsWith(github.ref, 'refs/heads/6.2') }}" | |
LUCEE_BUILD_JAVA_VERSION: 21 | |
LUCEE_TEST_JAVA_VERSION: '' | |
services: | |
ldap_with_creds: | |
image: ${{ (github.secret_source != 'none') && 'rroemhild/test-openldap' || '' }} | |
ports: | |
- 10389:10389 | |
- 10636:10636 | |
credentials: | |
username: ${{ secrets.DOCKERHUB_PUBLIC_USERNAME || ' ' }} # empty string to avoid invalid template | |
password: ${{ secrets.DOCKERHUB_PUBLIC_TOKEN || ' ' }} | |
ldap_no_creds: | |
image: ${{ (github.secret_source == 'none') && 'rroemhild/test-openldap' || '' }} | |
ports: | |
- 10389:10389 | |
- 10636:10636 | |
sql-server_with_creds: | |
image: ${{ (github.secret_source != 'none') && 'mcr.microsoft.com/mssql/server:2022-latest' || '' }} | |
env: | |
MSSQL_PID: Express | |
ACCEPT_EULA: Y | |
SA_PASSWORD: Lucee!1433 # password must be complex or the service won't start | |
ports: | |
- 1433:1433 | |
options: --health-cmd="/opt/mssql-tools18/bin/sqlcmd -C -S localhost -U SA -P ${SA_PASSWORD} -Q 'SELECT 1' || exit 1" --health-interval 10s --health-timeout 5s --health-retries 5 | |
credentials: | |
username: ${{ secrets.DOCKERHUB_PUBLIC_USERNAME || ' ' }} | |
password: ${{ secrets.DOCKERHUB_PUBLIC_TOKEN || ' ' }} | |
sql-server_without_creds: | |
image: ${{ (github.secret_source == 'none') && 'mcr.microsoft.com/mssql/server:2022-latest' || '' }} | |
env: | |
MSSQL_PID: Express | |
ACCEPT_EULA: Y | |
SA_PASSWORD: Lucee!1433 # password must be complex or the service won't start | |
ports: | |
- 1433:1433 | |
options: --health-cmd="/opt/mssql-tools18/bin/sqlcmd -C -S localhost -U SA -P ${SA_PASSWORD} -Q 'SELECT 1' || exit 1" --health-interval 10s --health-timeout 5s --health-retries 5 | |
redis_with_creds: | |
image: ${{ (github.secret_source != 'none') && 'redis' || '' }} | |
# Set health checks to wait until redis has started | |
options: >- | |
--health-cmd "redis-cli ping" | |
--health-interval 10s | |
--health-timeout 5s | |
--health-retries 5 | |
ports: | |
# Maps port 6379 on service container to the host | |
- 6379:6379 | |
credentials: | |
username: ${{ secrets.DOCKERHUB_PUBLIC_USERNAME || ' ' }} | |
password: ${{ secrets.DOCKERHUB_PUBLIC_TOKEN || ' ' }} | |
redis_without_creds: | |
# Docker Hub image | |
image: ${{ (github.secret_source == 'none') && 'redis' || '' }} | |
# Set health checks to wait until redis has started | |
options: >- | |
--health-cmd "redis-cli ping" | |
--health-interval 10s | |
--health-timeout 5s | |
--health-retries 5 | |
ports: | |
# Maps port 6379 on service container to the host | |
- 6379:6379 | |
greenmail_with_creds: | |
image: ${{ (github.secret_source != 'none') && 'greenmail/standalone:1.6.9' || '' }} | |
ports: | |
- 3025:3025 #SMTP | |
- 3110:3110 #POP3 | |
- 3143:3143 #IMAP | |
- 3465:3465 #SMTPS | |
- 3993:3993 #IMAPS | |
- 3995:3995 #POP3S | |
- 8080:8080 #API | |
credentials: | |
username: ${{ secrets.DOCKERHUB_PUBLIC_USERNAME || ' ' }} | |
password: ${{ secrets.DOCKERHUB_PUBLIC_TOKEN || ' ' }} | |
greenmail_no_creds: | |
image: ${{ (github.secret_source == 'none') && 'greenmail/standalone:1.6.9' || '' }} | |
ports: | |
- 3025:3025 #SMTP | |
- 3110:3110 #POP3 | |
- 3143:3143 #IMAP | |
- 3465:3465 #SMTPS | |
- 3993:3993 #IMAPS | |
- 3995:3995 #POP3S | |
- 8080:8080 #API | |
steps: | |
# when workflow is run via a workflow_call, these vars are found under input, which doesn't exist otherwise | |
# so lets copy them over to the normal env vars | |
- name: Login to Docker Hub | |
uses: docker/login-action@v3 | |
if: ${{ github.secret_source != 'none' }} | |
with: | |
username: ${{ secrets.DOCKERHUB_PUBLIC_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_PUBLIC_TOKEN }} | |
- name: Configure Build Java Version | |
if: ${{ inputs.LUCEE_BUILD_JAVA_VERSION != '' }} | |
run: echo "LUCEE_BUILD_JAVA_VERSION=${{ inputs.LUCEE_BUILD_JAVA_VERSION }}" >> $GITHUB_ENV | |
- name: Configure Test Java Version | |
if: ${{ inputs.LUCEE_TEST_JAVA_VERSION != '' }} | |
run: echo "LUCEE_TEST_JAVA_VERSION=${{ inputs.LUCEE_TEST_JAVA_VERSION }}" >> $GITHUB_ENV | |
- uses: szenius/set-timezone@v2.0 | |
with: | |
timezoneLinux: "UTC" | |
- uses: actions/checkout@v4 | |
- name: Set up Test Java Version ${{ env.LUCEE_TEST_JAVA_VERSION }} | |
uses: actions/setup-java@v4 | |
if: ${{ env.LUCEE_TEST_JAVA_VERSION != '' }} | |
with: | |
java-version: ${{ env.LUCEE_TEST_JAVA_VERSION }} | |
distribution: 'temurin' | |
- name: Stash Test Java Version Home | |
if: ${{ env.LUCEE_TEST_JAVA_VERSION != '' }} | |
run: echo "LUCEE_TEST_JAVA_EXEC=${{ env.JAVA_HOME }}/bin/java" >> $GITHUB_ENV | |
- name: Set up build JDK '${{ env.LUCEE_BUILD_JAVA_VERSION }}' | |
uses: actions/setup-java@v4 | |
if: ${{ env.LUCEE_TEST_JAVA_VERSION != env.LUCEE_BUILD_JAVA_VERSION }} | |
with: | |
java-version: '${{ env.LUCEE_BUILD_JAVA_VERSION }}' | |
distribution: 'temurin' | |
- name: Cache Lucee extensions | |
uses: actions/cache@v4 | |
with: | |
path: ~/work/Lucee/Lucee/cache/ | |
key: lucee-extensions | |
restore-keys: lucee-extensions | |
- name: Cache Maven packages | |
uses: actions/cache@v4 | |
with: | |
path: | | |
~/.m2/repository/* | |
!~/.m2/repository/org/lucee/lucee/ | |
key: ${{ runner.os }}-maven-${{ hashFiles('loader/pom.xml','core/pom.xml') }} | |
restore-keys: | | |
${{ runner.os }}-maven- | |
- name: Import GPG key | |
run: | | |
if [[ ! -z "$GPG_PRIVATE_KEY" ]]; then | |
echo "$GPG_PRIVATE_KEY" | base64 --decode | gpg --batch --import | |
fi | |
env: | |
GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }} | |
- name: Set up MySQL (local) | |
run: | | |
sudo systemctl start mysql | |
mysql -e 'CREATE DATABASE lucee' -uroot -proot | |
mysql -e 'CREATE USER "lucee"@"localhost" IDENTIFIED WITH mysql_native_password BY "lucee";' -uroot -proot | |
mysql -e 'GRANT ALL PRIVILEGES ON lucee.* TO "lucee"@"localhost"' -uroot -proot | |
- name: Set up Postgres (local) | |
run: | | |
sudo /etc/init.d/postgresql start | |
sudo -u postgres psql -c 'create database lucee;' | |
sudo -u postgres psql -c "create user lucee with encrypted password 'lucee'"; | |
sudo -u postgres psql -c 'grant all privileges on database lucee to lucee;' | |
sudo -u postgres psql -c 'grant all on schema public to lucee;' -d lucee | |
- name: Start MongoDB (docker) | |
uses: supercharge/mongodb-github-action@1.6.0 | |
with: | |
mongodb-version: 4.4 | |
mongodb-port: 27017 | |
- name: Setup Memcached (docker) | |
uses: niden/actions-memcached@v7 | |
- name: Extract version number | |
id: extract-version | |
run: | | |
VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout) | |
echo "VERSION=$VERSION" >> $GITHUB_ENV | |
- name: Build Lucee with Maven | |
env: | |
MYSQL_SERVER: localhost | |
MYSQL_USERNAME: lucee | |
MYSQL_PASSWORD: lucee | |
MYSQL_PORT: 3306 | |
MYSQL_DATABASE: lucee | |
POSTGRES_SERVER: localhost | |
POSTGRES_USERNAME: lucee | |
POSTGRES_PASSWORD: lucee | |
POSTGRES_PORT: 5432 | |
POSTGRES_DATABASE: lucee | |
MONGODB_SERVER: localhost | |
MONGODB_PORT: 27017 | |
MONGODB_DB: lucee | |
MONGODB_DATABASE: lucee | |
MSSQL_SERVER: localhost | |
MSSQL_USERNAME: sa | |
MSSQL_PASSWORD: Lucee!1433 | |
MSSQL_PORT: 1433 | |
MSSQL_DATABASE: master | |
MEMCACHED_PORT: 11211 | |
MEMCACHED_SERVER: localhost | |
REDIS_PORT: 6379 | |
REDIS_SERVER: localhost | |
SMTP_PORT_INSECURE: 3025 | |
SMTP_PORT_SECURE: 3465 | |
SMTP_SERVER: localhost | |
SMTP_USERNAME: lucee | |
SMTP_PASSWORD: doesntmatter | |
IMAP_PORT_INSECURE: 3143 | |
IMAP_PORT_SECURE: 3993 | |
IMAP_SERVER: localhost | |
IMAP_USERNAME: lucee | |
IMAP_PASSWORD: doesntmatter | |
POP_PORT_INSECURE: 3110 | |
POP_PORT_SECURE: 3995 | |
POP_SERVER: localhost | |
POP_USERNAME: lucee | |
POP_PASSWORD: doesntmatter | |
LDAP_SERVER: localhost | |
LDAP_PORT: 10389 | |
LDAP_PORT_SECURE: 10636 | |
LDAP_BASE_DN: dc=planetexpress,dc=com | |
LDAP_USERNAME: cn=admin,dc=planetexpress,dc=com | |
LDAP_PASSWORD: GoodNewsEveryone | |
S3_ACCESS_KEY_ID: ${{ secrets.S3_ACCESS_ID_TEST }} | |
S3_SECRET_KEY: ${{ secrets.S3_SECRET_KEY_TEST }} | |
S3_BUCKET_PREFIX: lucee-ldev-6- | |
# for uploading successful builds | |
S3_ACCESS_ID_DOWNLOAD: ${{ secrets.S3_ACCESS_ID_DOWNLOAD }} | |
S3_SECRET_KEY_DOWNLOAD: ${{ secrets.S3_SECRET_KEY_DOWNLOAD }} | |
# used by maven-settings.xml | |
MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }} | |
MAVEN_PASSWORD: ${{ secrets.MAVEN_PASSWORD }} | |
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} | |
LUCEE_DOCKER_FILES_PAT_TOKEN: ${{ secrets.LUCEE_DOCKER_FILES_PAT_TOKEN }} | |
LUCEE_BUILD_FAIL_CONFIGURED_SERVICES_FATAL: true | |
#run: ant -noinput -buildfile loader/build.xml | |
run: | | |
echo "-------DO_DEPLOY: ${{ env.DO_DEPLOY }} -------"; | |
if [[ "$VERSION" == *-SNAPSHOT ]]; then | |
echo "------- Maven Deploy SNAPSHOT on ${{ github.event_name }} ---------"; | |
mvn -B -e -f loader/pom.xml clean deploy -DtestJavaVersionExec="${{ env.LUCEE_TEST_JAVA_EXEC }}" | |
else | |
echo "------- Maven Deploy RELEASE on ${{ github.event_name }} -------"; | |
mvn -B -e -f loader/pom.xml clean deploy --settings maven-settings.xml -DperformRelease=true -DtestJavaVersionExec="${{ env.LUCEE_TEST_JAVA_EXEC }}"; | |
fi | |
- name: clean github.ref_name | |
uses: mad9000/actions-find-and-replace-string@5 | |
id: cleanrefname | |
if: always() | |
with: | |
source: ${{ github.ref_name }} | |
find: '/' | |
replace: '-' | |
- name: Upload Artifact (junit-test-results) | |
uses: actions/upload-artifact@v4 | |
if: always() | |
with: | |
name: Lucee-${{ steps.cleanrefname.outputs.value }}-junit-test-results-${{ github.run_number }} | |
path: test/reports/*.xml | |
- name: Remove Lucee build artifacts from local maven cache (avoid growing cache) | |
run: | | |
rm -rfv ~/.m2/repository/org/lucee/lucee/ | |
- name: Publish Test Results | |
uses: EnricoMi/publish-unit-test-result-action@v2 | |
if: always() | |
with: | |
junit_files: test/reports/*.xml | |
check_name: "Lucee Test Results" | |
- name: Trigger Docker Build | |
if: ${{ env.DO_DEPLOY == 'true' }} | |
env: | |
TRAVIS_JOB_ID: ${{ github.run_id }} | |
TRAVIS_TOKEN: ${{ secrets.DOCKER_AUTH_TOKEN }} # not set up yet | |
run: | | |
echo "Trigger Docker Build on Travis https://travis-ci.com/github/lucee/lucee-dockerfiles" | |
chmod +x travis-docker-build.sh | |
./travis-docker-build.sh | |