Linux GCC/Clang Qt6.4 #376
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# MySQL | |
# --- | |
# Forces TLS connections with the caching_sha2_password and certificate validation, also validates | |
# certificate's CN for issuer and subject. | |
# PostgreSQL | |
# --- | |
# Forces TLS connections with the certificate authentication and full certificate validation | |
# using the clientname=DN map=dn in the pg_hba.conf, so the username is matched against | |
# the entire Distinguished Name (DN) of the client certificate and sslmode=verify-full | |
# on the libpq client side, so the the server host name is matched against the CN (Common Name) | |
# stored in the server certificate. | |
name: Linux GCC/Clang Qt6.2 | |
on: | |
workflow_dispatch: | |
push: | |
branches: | |
- main | |
- gh-actions | |
jobs: | |
build: | |
name: cmake build / ctest | |
runs-on: ubuntu-24.04 | |
strategy: | |
matrix: | |
compiler: | |
- key: clang18 | |
apt: [ clang-18, lld-18 ] | |
command: clang++-18 | |
- key: gcc12 | |
apt: [ g++-12 ] | |
command: g++-12 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: TinyORM prepare environment | |
run: | | |
runnerWorkPath=$(realpath "$RUNNER_WORKSPACE/..") | |
echo "TinyRunnerWorkPath=$runnerWorkPath" >> $GITHUB_ENV | |
sqlitePath="$runnerWorkPath/SQLite/$DB_SQLITE_DATABASE" | |
echo "TinySQLitePath=$sqlitePath" >> $GITHUB_ENV | |
env: | |
DB_SQLITE_DATABASE: ${{ secrets.DB_SQLITE_DATABASE }} | |
- name: Hosts add PostgreSQL server hostname | |
run: >- | |
sudo -- sh -c "echo '127.0.0.1\t$DB_PGSQL_HOST' >> /etc/hosts" | |
env: | |
DB_PGSQL_HOST: ${{ secrets.DB_PGSQL_HOST_SSL }} | |
- name: PostgreSQL service start | |
run: | | |
sudo systemctl start postgresql.service | |
- name: PostgreSQL prepare environment | |
id: databases-initialize-postgresql | |
run: | | |
pgConfigFile=$(sudo --user=postgres --login -- \ | |
psql --command='show config_file;' --no-align --tuples-only) | |
pgConfigPath=$(dirname "$pgConfigFile") | |
echo "PgConfigPath=$pgConfigPath" >> $GITHUB_OUTPUT | |
pgDataPath=$(sudo --user=postgres --login -- \ | |
psql --command='show data_directory;' --no-align --tuples-only) | |
echo "PgDataPath=$pgDataPath" >> $GITHUB_OUTPUT | |
- name: PostgreSQL initialize configuration | |
working-directory: .github/resources/postgresql | |
run: | | |
sudo --user=postgres -- cp --recursive --target-directory="$pg_config_path" ./ | |
echo "\ | |
ssl_cert_file = 'server.crt' | |
ssl_key_file = 'server.key' | |
" | \ | |
sudo tee --append "$pg_config_path/conf.d/90-crystal.conf" > /dev/null | |
env: | |
pg_config_path: ${{ steps.databases-initialize-postgresql.outputs.PgConfigPath }} | |
- name: PostgreSQL SSL certificates initialize | |
id: openssl-initialize-postgresql-certificates | |
run: | | |
folderPath="$TinyRunnerWorkPath/tiny-postgresql-certificates" | |
# Create an empty folder for generating certificates | |
sudo mkdir "$folderPath" | |
sudo chown runner:docker "$folderPath" | |
echo "FolderPath=$folderPath" >> $GITHUB_OUTPUT | |
# This hash invalidates the PostgreSQL certificates cache every month | |
hash=$(date +%4Y%2m) | |
echo "Hash=$hash" >> $GITHUB_OUTPUT | |
- name: PostgreSQL SSL certificates restore cache | |
uses: actions/cache/restore@v3 | |
id: openssl-cache-postgresql-certificates | |
with: | |
path: | | |
${{ env.folder_path }}/*.crt | |
${{ env.folder_path }}/*.key | |
key: ${{ runner.os }}-openssl-${{ env.cache_name }}-${{ env.cache_hash }} | |
env: | |
# This hash invalidates this certificates cache every month | |
cache_hash: ${{ steps.openssl-initialize-postgresql-certificates.outputs.Hash }} | |
cache_name: postgresql-certificates | |
folder_path: ${{ steps.openssl-initialize-postgresql-certificates.outputs.FolderPath }} | |
- name: PostgreSQL SSL certificates generate | |
if: steps.openssl-cache-postgresql-certificates.outputs.cache-hit != 'true' | |
working-directory: ${{ steps.openssl-initialize-postgresql-certificates.outputs.FolderPath }} | |
run: | | |
echo '::group::Print openssl version' | |
openssl version -a | |
echo '::endgroup::' | |
echo '::group::CA certificate' | |
# -days 32 is important, -days 30 is not enough | |
openssl req -new -x509 -nodes -subj "$DB_PGSQL_SSL_SUBJECT_CA" -days 32 \ | |
-keyout ./root.key -out ./root.crt | |
echo '::endgroup::' | |
echo '::group::Server certificate' | |
openssl req -new -nodes -subj "$DB_PGSQL_SSL_SUBJECT_SERVER" -keyout ./server.key -out \ | |
./server.csr | |
OPENSSL_SAN="DNS:${DB_PGSQL_HOST}" \ | |
openssl x509 -req -CA ./root.crt -CAkey ./root.key -days 32 -set_serial 01 \ | |
-extfile "$extfile" -in ./server.csr -out ./server.crt | |
echo '::endgroup::' | |
echo '::group::Client certificate' | |
openssl req -new -nodes -subj "$DB_PGSQL_SSL_SUBJECT_CLIENT" -keyout ./postgresql.key \ | |
-out ./postgresql.csr | |
OPENSSL_SAN="DNS:${DB_PGSQL_USERNAME}" \ | |
openssl x509 -req -CA ./root.crt -CAkey ./root.key -days 32 -set_serial 02 \ | |
-extfile "$extfile" -in ./postgresql.csr -out ./postgresql.crt | |
echo '::endgroup::' | |
env: | |
extfile: ${{ github.workspace }}/.github/resources/openssl/usr_cert.cnf | |
DB_PGSQL_HOST: ${{ secrets.DB_PGSQL_HOST_SSL }} | |
DB_PGSQL_USERNAME: ${{ secrets.DB_PGSQL_USERNAME }} | |
DB_PGSQL_SSL_SUBJECT_CA: ${{ secrets.DB_PGSQL_SSL_SUBJECT_CA }} | |
DB_PGSQL_SSL_SUBJECT_SERVER: ${{ secrets.DB_PGSQL_SSL_SUBJECT_SERVER }} | |
DB_PGSQL_SSL_SUBJECT_CLIENT: ${{ secrets.DB_PGSQL_SSL_SUBJECT_CLIENT }} | |
- name: PostgreSQL SSL certificates print | |
working-directory: ${{ steps.openssl-initialize-postgresql-certificates.outputs.FolderPath }} | |
run: | | |
echo '::group::CA certificate' | |
openssl x509 -noout -text -in ./root.crt | |
echo '::endgroup::' | |
echo '::group::Server certificate' | |
openssl x509 -noout -text -in ./server.crt | |
echo '::endgroup::' | |
echo '::group::Client certificate' | |
openssl x509 -noout -text -in ./postgresql.crt | |
echo '::endgroup::' | |
# Always verify, regardless if certificates were newly generated or restored from the cache | |
- name: PostgreSQL SSL certificates verify | |
working-directory: ${{ steps.openssl-initialize-postgresql-certificates.outputs.FolderPath }} | |
run: | | |
openssl verify -CAfile ./root.crt ./server.crt ./postgresql.crt | |
# Save the cache only if certificates were newly generated | |
# The actions/cache/save allows to use the Move-Item during the install step | |
- name: PostgreSQL SSL certificates save cache | |
if: steps.openssl-cache-postgresql-certificates.outputs.cache-hit != 'true' | |
uses: actions/cache/save@v3 | |
with: | |
path: | | |
${{ env.folder_path }}/*.crt | |
${{ env.folder_path }}/*.key | |
key: ${{ steps.openssl-cache-postgresql-certificates.outputs.cache-primary-key }} | |
env: | |
folder_path: ${{ steps.openssl-initialize-postgresql-certificates.outputs.FolderPath }} | |
- name: PostgreSQL SSL certificates install | |
working-directory: ${{ steps.openssl-initialize-postgresql-certificates.outputs.FolderPath }} | |
run: | | |
echo '::group::Install server certificates' | |
sudo cp --target-directory="$pg_data_path" ./root.crt | |
sudo mv --target-directory="$pg_data_path" ./server.{crt,key} | |
sudo chown postgres:postgres "$pg_data_path"/server.{crt,key} "$pg_data_path/root.crt" | |
sudo chmod 600 "$pg_data_path/server.key" | |
sudo chmod 640 "$pg_data_path"/{root,server}.crt | |
echo '::endgroup::' | |
echo '::group::Install client certificates' | |
folderPath=~/.postgresql | |
mkdir "$folderPath" | |
mv --target-directory="$folderPath" ./postgresql.{crt,key} ./root.crt | |
chmod 600 "$folderPath/postgresql.key" | |
chmod 640 "$folderPath"/{postgresql,root}.crt | |
echo '::endgroup::' | |
env: | |
pg_data_path: ${{ steps.databases-initialize-postgresql.outputs.PgDataPath }} | |
- name: PostgreSQL change ${{ secrets.DB_PGSQL_ROOT_USERNAME }} password | |
run: >- | |
sudo --user=postgres --login -- | |
psql --command="alter user \"$DB_PGSQL_ROOT_USERNAME\" | |
with password '$DB_PGSQL_ROOT_PASSWORD';" | |
env: | |
DB_PGSQL_ROOT_PASSWORD: ${{ secrets.DB_PGSQL_ROOT_PASSWORD }} | |
DB_PGSQL_ROOT_USERNAME: ${{ secrets.DB_PGSQL_ROOT_USERNAME }} | |
- name: PostgreSQL create TinyORM user | |
run: >- | |
sudo --user=postgres --login -- | |
psql --command="create user \"$DB_PGSQL_USERNAME\" | |
with createdb password '$DB_PGSQL_PASSWORD';" | |
env: | |
DB_PGSQL_PASSWORD: ${{ secrets.DB_PGSQL_PASSWORD }} | |
DB_PGSQL_USERNAME: ${{ secrets.DB_PGSQL_USERNAME }} | |
- name: PostgreSQL create TinyORM database | |
run: >- | |
sudo --user=postgres --login -- | |
createdb --owner="$DB_PGSQL_USERNAME" "$DB_PGSQL_DATABASE" | |
env: | |
DB_PGSQL_DATABASE: ${{ secrets.DB_PGSQL_DATABASE }} | |
DB_PGSQL_USERNAME: ${{ secrets.DB_PGSQL_USERNAME }} | |
- name: PostgreSQL initialize client authentication | |
run: | | |
# Create the $PGDATA/tinyorm_dbs file with databases list | |
tinyormDbsPath="$pg_config_path/tinyorm_dbs" | |
databasesArr=("$DB_PGSQL_DATABASE" "$TINYORM_DATABASE_TESTS_SCHEMABUILDER") | |
(IFS=$'\n'; echo "${databasesArr[*]}") | \ | |
sudo --user=postgres -- tee --append "$tinyormDbsPath" > /dev/null | |
sudo chmod 640 "$tinyormDbsPath" | |
pgHbaConf="$pg_config_path/pg_hba.conf" | |
pgHbaTmplTmpl='\\n\ | |
# crystal\ | |
hostssl @tinyorm_dbs %s 127.0.0.1\/32 cert clientname=DN map=dn' | |
pgHbaTmpl=$(printf "$pgHbaTmplTmpl" "$DB_PGSQL_USERNAME") | |
sudo sed --regexp-extended "s/(# +TYPE +DATABASE +USER +ADDRESS +METHOD)/\1$pgHbaTmpl/" \ | |
--in-place "$pgHbaConf" | |
pgIdentConf="$pg_config_path/pg_ident.conf" | |
printf 'dn "/^%s$" %s' "$DB_PGSQL_SSL_DN" "$DB_PGSQL_USERNAME" | \ | |
sudo tee --append "$pgIdentConf" > /dev/null | |
env: | |
pg_config_path: ${{ steps.databases-initialize-postgresql.outputs.PgConfigPath }} | |
DB_PGSQL_DATABASE: ${{ secrets.DB_PGSQL_DATABASE }} | |
DB_PGSQL_SSL_DN: ${{ secrets.DB_PGSQL_SSL_DN }} | |
DB_PGSQL_USERNAME: ${{ secrets.DB_PGSQL_USERNAME }} | |
TINYORM_DATABASE_TESTS_SCHEMABUILDER: ${{ secrets.TINYORM_DATABASE_TESTS_SCHEMABUILDER }} | |
- name: PostgreSQL service restart | |
run: | | |
sudo systemctl restart postgresql.service | |
- name: PostgreSQL service check status | |
run: | | |
echo '::group::Service status' | |
systemctl status postgresql.service | |
echo '::endgroup::' | |
echo '::group::pg_isready' | |
pg_isready | |
echo '::endgroup::' | |
# Adding the DB_MYSQL_HOST_CLIENT isn't strictly needed (works without it too) | |
- name: Hosts add MySQL server hostname | |
run: >- | |
sudo -- sh -c "echo '127.0.0.1\t$DB_MYSQL_HOST $DB_MYSQL_HOST_CLIENT' >> /etc/hosts" | |
env: | |
DB_MYSQL_HOST: ${{ secrets.DB_MYSQL_HOST_SSL }} | |
DB_MYSQL_HOST_CLIENT: ${{ secrets.DB_MYSQL_HOST_CLIENT_SSL }} | |
- name: MySQL initialize crystal_mysqld.cnf configuration | |
working-directory: .github/resources/linux | |
run: | | |
sudo mv ./crystal_mysqld_ssl.cnf /etc/mysql/mysql.conf.d/crystal_mysqld.cnf | |
- name: MySQL initialize crystal_client.cnf configuration (global) | |
working-directory: .github/resources/linux | |
run: >- | |
cat ./crystal_client_ssl.template.cnf | | |
sed 's/{SSL_CERTIFICATES_PATH}/\/usr\/local\/share\/crystal-mysql/' | | |
sed "s/{MYSQL_HOST}/$DB_MYSQL_HOST/" | | |
sudo tee /etc/mysql/conf.d/crystal_client.cnf > /dev/null | |
env: | |
DB_MYSQL_HOST: ${{ secrets.DB_MYSQL_HOST_SSL }} | |
# Remove certificates to generate are own | |
- name: MySQL SSL certificates remove | |
run: >- | |
sudo --user=mysql -- | |
rm /var/lib/mysql/{ca,ca-key,server-cert,server-key,client-cert,client-key}.pem | |
- name: MySQL SSL certificates initialize | |
id: openssl-initialize-mysql-certificates | |
run: | | |
folderPath="$TinyRunnerWorkPath/tiny-mysql-certificates" | |
# Create an empty folder for generating certificates | |
sudo mkdir "$folderPath" | |
sudo chown runner:docker "$folderPath" | |
echo "FolderPath=$folderPath" >> $GITHUB_OUTPUT | |
# This hash invalidates the MySQL certificates cache every month | |
hash=$(date +%4Y%2m) | |
echo "Hash=$hash" >> $GITHUB_OUTPUT | |
- name: MySQL SSL certificates restore cache | |
uses: actions/cache/restore@v3 | |
id: openssl-cache-mysql-certificates | |
with: | |
path: | | |
${{ env.folder_path }}/*.pem | |
key: ${{ runner.os }}-openssl-${{ env.cache_name }}-${{ env.cache_hash }} | |
env: | |
# This hash invalidates this certificates cache every month | |
cache_hash: ${{ steps.openssl-initialize-mysql-certificates.outputs.Hash }} | |
cache_name: mysql-certificates | |
folder_path: ${{ steps.openssl-initialize-mysql-certificates.outputs.FolderPath }} | |
- name: MySQL SSL certificates generate | |
if: steps.openssl-cache-mysql-certificates.outputs.cache-hit != 'true' | |
working-directory: ${{ steps.openssl-initialize-mysql-certificates.outputs.FolderPath }} | |
run: | | |
echo '::group::Print openssl version' | |
openssl version -a | |
echo '::endgroup::' | |
echo '::group::CA certificate' | |
# -days 32 is important, -days 30 is not enough | |
openssl req -new -x509 -nodes -subj "$DB_MYSQL_SSL_SUBJECT_CA" -days 32 \ | |
-keyout ./ca-key.pem -out ./ca.pem | |
echo '::endgroup::' | |
echo '::group::Server certificate' | |
openssl req -new -nodes -subj "$DB_MYSQL_SSL_SUBJECT_SERVER" -keyout ./server-key.pem -out \ | |
./server-req.pem | |
OPENSSL_SAN="DNS:${DB_MYSQL_HOST}" \ | |
openssl x509 -req -CA ./ca.pem -CAkey ./ca-key.pem -days 32 -set_serial 01 \ | |
-extfile "$extfile" -in ./server-req.pem -out ./server-cert.pem | |
echo '::endgroup::' | |
echo '::group::Client certificate' | |
openssl req -new -nodes -subj "$DB_MYSQL_SSL_SUBJECT_CLIENT" -keyout ./client-key.pem \ | |
-out ./client-req.pem | |
OPENSSL_SAN="DNS:${DB_MYSQL_HOST_CLIENT}" \ | |
openssl x509 -req -CA ./ca.pem -CAkey ./ca-key.pem -days 32 -set_serial 02 \ | |
-extfile "$extfile" -in ./client-req.pem -out ./client-cert.pem | |
echo '::endgroup::' | |
env: | |
extfile: ${{ github.workspace }}/.github/resources/openssl/usr_cert.cnf | |
DB_MYSQL_HOST: ${{ secrets.DB_MYSQL_HOST_SSL }} | |
DB_MYSQL_HOST_CLIENT: ${{ secrets.DB_MYSQL_HOST_CLIENT_SSL }} | |
DB_MYSQL_SSL_SUBJECT_CA: ${{ secrets.DB_MYSQL_SSL_SUBJECT_CA }} | |
DB_MYSQL_SSL_SUBJECT_SERVER: ${{ secrets.DB_MYSQL_SSL_SUBJECT_SERVER }} | |
DB_MYSQL_SSL_SUBJECT_CLIENT: ${{ secrets.DB_MYSQL_SSL_SUBJECT_CLIENT }} | |
# Always verify, regardless if certificates were newly generated or restored from the cache | |
- name: MySQL SSL certificates verify | |
working-directory: ${{ steps.openssl-initialize-mysql-certificates.outputs.FolderPath }} | |
run: | | |
openssl verify -CAfile ./ca.pem ./server-cert.pem ./client-cert.pem | |
# Save the cache only if certificates were newly generated | |
# The actions/cache/save allows to use the Move-Item during the install step | |
- name: MySQL SSL certificates save cache | |
if: steps.openssl-cache-mysql-certificates.outputs.cache-hit != 'true' | |
uses: actions/cache/save@v3 | |
with: | |
path: | | |
${{ env.folder_path }}/*.pem | |
key: ${{ steps.openssl-cache-mysql-certificates.outputs.cache-primary-key }} | |
env: | |
folder_path: ${{ steps.openssl-initialize-mysql-certificates.outputs.FolderPath }} | |
- name: MySQL SSL certificates install | |
working-directory: ${{ steps.openssl-initialize-mysql-certificates.outputs.FolderPath }} | |
run: | | |
mysqlDataPath=/var/lib/mysql | |
echo '::group::Install CA certificate' | |
sudo mv --target-directory="$mysqlDataPath" ./ca.pem | |
sudo chmod 644 "$mysqlDataPath/ca.pem" | |
sudo chown mysql:mysql "$mysqlDataPath/ca.pem" | |
echo '::endgroup::' | |
echo '::group::Install server certificates' | |
sudo mv --target-directory="$mysqlDataPath" ./server-{cert,key}.pem | |
sudo chmod 640 "$mysqlDataPath/server-cert.pem" | |
sudo chmod 600 "$mysqlDataPath/server-key.pem" | |
sudo chown mysql:mysql "$mysqlDataPath"/server-{cert,key}.pem | |
echo '::endgroup::' | |
echo '::group::Install client certificates' | |
sudo mv --target-directory="$mysqlDataPath" ./client-{cert,key}.pem | |
sudo chmod 640 "$mysqlDataPath/client-cert.pem" | |
sudo chmod 600 "$mysqlDataPath/client-key.pem" | |
sudo chown mysql:mysql "$mysqlDataPath"/client-{cert,key}.pem | |
echo '::endgroup::' | |
env: | |
pg_data_path: ${{ steps.databases-initialize-mysql.outputs.PgDataPath }} | |
- name: MySQL copy SSL certificates for runner user | |
run: | | |
crystalMySqlPath=/usr/local/share/crystal-mysql | |
sudo mkdir --parents "$crystalMySqlPath" | |
cd "$crystalMySqlPath" | |
sudo cp --target-directory="$crystalMySqlPath" \ | |
/var/lib/mysql/{ca,client-cert,client-key}.pem | |
sudo chown --recursive root:root "$crystalMySqlPath" | |
sudo chmod 444 "$crystalMySqlPath"/{ca,client-cert,client-key}.pem | |
- name: MySQL service start | |
run: | | |
sudo systemctl start mysql.service | |
# Securing the root account even on localhost is for testing to make sure that everything | |
# works as expected | |
- name: MySQL change ${{ secrets.DB_MYSQL_ROOT_USERNAME }} password | |
run: >- | |
echo " | |
alter user '$DB_MYSQL_ROOT_USERNAME'@'localhost' | |
identified with caching_sha2_password by '$DB_MYSQL_ROOT_PASSWORD' | |
require issuer '$DB_MYSQL_SSL_SUBJECT_CA' and | |
subject '$DB_MYSQL_SSL_SUBJECT_CLIENT';" | | |
mysql --user="$DB_MYSQL_ROOT_USERNAME" --password="$DB_MYSQL_ROOT_PASSWORD_DEFAULT" | |
env: | |
DB_MYSQL_ROOT_PASSWORD: ${{ secrets.DB_MYSQL_ROOT_PASSWORD }} | |
DB_MYSQL_ROOT_PASSWORD_DEFAULT: ${{ secrets.DB_MYSQL_ROOT_PASSWORD_DEFAULT }} | |
DB_MYSQL_ROOT_USERNAME: ${{ secrets.DB_MYSQL_ROOT_USERNAME }} | |
DB_MYSQL_SSL_SUBJECT_CA: ${{ secrets.DB_MYSQL_SSL_SUBJECT_CA }} | |
DB_MYSQL_SSL_SUBJECT_CLIENT: ${{ secrets.DB_MYSQL_SSL_SUBJECT_CLIENT }} | |
- name: MySQL populate time zone tables π | |
run: >- | |
mysql_tzinfo_to_sql /usr/share/zoneinfo | | |
mysql --user="$DB_MYSQL_ROOT_USERNAME" --password="$DB_MYSQL_ROOT_PASSWORD" mysql | |
sudo systemctl restart mysql.service | |
env: | |
DB_MYSQL_ROOT_PASSWORD: ${{ secrets.DB_MYSQL_ROOT_PASSWORD }} | |
DB_MYSQL_ROOT_USERNAME: ${{ secrets.DB_MYSQL_ROOT_USERNAME }} | |
- name: MySQL service check status | |
run: | | |
echo '::group::Service status' | |
systemctl status mysql.service | |
echo '::endgroup::' | |
echo '::group::Service is-active check' | |
systemctl is-active --quiet mysql.service | |
echo '::endgroup::' | |
echo '::group::Ping' | |
mysqladmin --user="$DB_MYSQL_ROOT_USERNAME" --password="$DB_MYSQL_ROOT_PASSWORD" ping | |
echo '::endgroup::' | |
env: | |
DB_MYSQL_ROOT_PASSWORD: ${{ secrets.DB_MYSQL_ROOT_PASSWORD }} | |
DB_MYSQL_ROOT_USERNAME: ${{ secrets.DB_MYSQL_ROOT_USERNAME }} | |
- name: MySQL create TinyORM database | |
run: >- | |
echo " | |
create database if not exists \`$DB_MYSQL_DATABASE\` | |
default character set $DB_MYSQL_CHARSET | |
default collate $DB_MYSQL_COLLATION;" | | |
mysql --user="$DB_MYSQL_ROOT_USERNAME" --password="$DB_MYSQL_ROOT_PASSWORD" | |
env: | |
DB_MYSQL_CHARSET: ${{ secrets.DB_MYSQL_CHARSET }} | |
DB_MYSQL_COLLATION: ${{ secrets.DB_MYSQL_COLLATION }} | |
DB_MYSQL_DATABASE: ${{ secrets.DB_MYSQL_DATABASE }} | |
DB_MYSQL_ROOT_PASSWORD: ${{ secrets.DB_MYSQL_ROOT_PASSWORD }} | |
DB_MYSQL_ROOT_USERNAME: ${{ secrets.DB_MYSQL_ROOT_USERNAME }} | |
- name: MySQL create TinyORM user | |
run: >- | |
echo " | |
create user '$DB_MYSQL_USERNAME'@'%' | |
identified with caching_sha2_password by '$DB_MYSQL_PASSWORD' | |
require issuer '$DB_MYSQL_SSL_SUBJECT_CA' and | |
subject '$DB_MYSQL_SSL_SUBJECT_CLIENT'; | |
grant all privileges on \`tinyorm\\_%\`.* to '$DB_MYSQL_USERNAME'@'%'; | |
grant select on \`mysql\`.\`time_zone_name\` to '$DB_MYSQL_USERNAME'@'%'; | |
flush privileges;" | | |
mysql --user="$DB_MYSQL_ROOT_USERNAME" --password="$DB_MYSQL_ROOT_PASSWORD" | |
env: | |
DB_MYSQL_PASSWORD: ${{ secrets.DB_MYSQL_PASSWORD }} | |
DB_MYSQL_ROOT_PASSWORD: ${{ secrets.DB_MYSQL_ROOT_PASSWORD }} | |
DB_MYSQL_ROOT_USERNAME: ${{ secrets.DB_MYSQL_ROOT_USERNAME }} | |
DB_MYSQL_USERNAME: ${{ secrets.DB_MYSQL_USERNAME }} | |
DB_MYSQL_SSL_SUBJECT_CA: ${{ secrets.DB_MYSQL_SSL_SUBJECT_CA }} | |
DB_MYSQL_SSL_SUBJECT_CLIENT: ${{ secrets.DB_MYSQL_SSL_SUBJECT_CLIENT }} | |
- name: SQLite create TinyORM database | |
run: | | |
mkdir --parents "$(dirname "$TinySQLitePath")" | |
touch "$TinySQLitePath" | |
- name: Print MySQL, SQLite, PostgreSQL database versions | |
run: | | |
mysql --version | |
pg_config --version | |
sqlite3 --version | |
- name: add-apt-repository Clang 18 | |
if: matrix.compiler.key == 'clang18' | |
run: >- | |
wget -O- https://apt.llvm.org/llvm-snapshot.gpg.key | | |
sudo tee /etc/apt/trusted.gpg.d/llvm-18.asc > /dev/null | |
sudo add-apt-repository --yes | |
--sourceslist 'deb http://apt.llvm.org/jammy/ llvm-toolchain-jammy-18 main' | |
- name: apt update | |
run: | | |
sudo apt update | |
- name: apt install ${{ join(matrix.compiler.apt, ', ') }}, Qt 6.2.4 base, and ccache | |
run: >- | |
sudo apt install --yes ${{ join(matrix.compiler.apt, ' ') }} | |
qt6-base-dev libqt6sql6-mysql libqt6sql6-sqlite libqt6sql6-psql ccache | |
# No need to use lukka/get-cmake, these images always have latest version | |
- name: Ninja install latest version | |
uses: seanmiddleditch/gha-setup-ninja@master | |
with: | |
destination: ${{ env.TinyRunnerWorkPath }}/ninja-build | |
- name: Ccache initialize | |
id: ccache-initialize-cache | |
run: | | |
cachePath=$(ccache --get-config cache_dir) | |
echo "CachePath=$cachePath" >> $GITHUB_OUTPUT | |
echo "ImageOS=$ImageOS" >> $GITHUB_OUTPUT | |
- name: Ccache restore cache πΊ | |
uses: actions/cache@v3 | |
with: | |
path: ${{ env.cache_path }} | |
key: ${{ runner.os }}-${{ env.image_os }}-ccache-${{ env.cache_name }}-${{ github.run_id }} | |
restore-keys: | | |
${{ runner.os }}-${{ env.image_os }}-ccache-${{ env.cache_name }}- | |
env: | |
cache_name: ${{ matrix.compiler.key }}-qt62 | |
cache_path: ${{ steps.ccache-initialize-cache.outputs.CachePath }} | |
image_os: ${{ steps.ccache-initialize-cache.outputs.ImageOS }} | |
- name: Ccache prepare configuration π₯³ | |
run: | | |
# First value is compressed data size | |
# gcc: ~ 165 * 3 + 100 ; clang: ~ 100 * 3 + 100 | |
ccache --set-config max_size=${{ matrix.compiler.key == 'gcc12' && '600M' || '400M' }} | |
ccache --set-config sloppiness=pch_defines,time_macros | |
- name: Ccache print version and configuration | |
run: | | |
echo '::group::Print version' | |
ccache --version | |
echo '::endgroup::' | |
echo '::group::Print ccache config' | |
ccache --show-config | |
echo '::endgroup::' | |
- name: vcpkg prepare environment | |
run: | | |
echo "VCPKG_ROOT=$VCPKG_INSTALLATION_ROOT" >> $GITHUB_ENV | |
echo 'VCPKG_DEFAULT_TRIPLET=x64-linux-dynamic' >> $GITHUB_ENV | |
echo 'VCPKG_MAX_CONCURRENCY=2' >> $GITHUB_ENV | |
- name: CMake print version | |
run: | | |
cmake --version | |
- name: TinyORM create build folder (${{ matrix.compiler.key }}-cmake-debug) | |
run: | | |
mkdir --parents '../TinyORM-builds-cmake/build-${{ matrix.compiler.key }}-cmake-debug' | |
- name: Ccache clear statistics | |
run: | | |
ccache --zero-stats | |
- name: TinyORM cmake configure (${{ matrix.compiler.key }}-cmake-debug) | |
run: >- | |
cmake | |
--log-level=DEBUG --log-context | |
-S . | |
-B ../TinyORM-builds-cmake/build-${{ matrix.compiler.key }}-cmake-debug | |
-G Ninja | |
-D CMAKE_CXX_COMPILER_LAUNCHER:FILEPATH=ccache | |
-D CMAKE_CXX_COMPILER:FILEPATH=${{ matrix.compiler.command }} | |
-D CMAKE_TOOLCHAIN_FILE:FILEPATH="$VCPKG_INSTALLATION_ROOT/scripts/buildsystems/vcpkg.cmake" | |
-D CMAKE_DISABLE_PRECOMPILE_HEADERS:BOOL=ON | |
-D CMAKE_EXPORT_PACKAGE_REGISTRY:BOOL=OFF | |
-D CMAKE_BUILD_TYPE:STRING=Debug | |
-D CMAKE_CXX_SCAN_FOR_MODULES:BOOL=OFF | |
-D VCPKG_APPLOCAL_DEPS:BOOL=OFF | |
-D VERBOSE_CONFIGURE:BOOL=ON | |
-D BUILD_TREE_DEPLOY:BOOL=OFF | |
-D MATCH_EQUAL_EXPORTED_BUILDTREE:BOOL=OFF | |
-D STRICT_MODE:BOOL=OFF | |
-D MYSQL_PING:BOOL=ON | |
-D BUILD_TESTS:BOOL=ON | |
-D ORM:BOOL=ON | |
-D TOM:BOOL=ON | |
-D TOM_EXAMPLE:BOOL=ON | |
-D BUILD_DRIVERS:BOOL=OFF | |
- name: TinyORM cmake build β¨ (${{ matrix.compiler.key }}-cmake-debug) | |
run: >- | |
cmake --build ../TinyORM-builds-cmake/build-${{ matrix.compiler.key }}-cmake-debug | |
--target all --parallel 2 | |
- name: Ccache print statistics | |
run: | | |
ccache --show-stats -vv | |
- name: Create and Seed tables for unit tests π | |
working-directory: ../TinyORM-builds-cmake/build-${{ matrix.compiler.key }}-cmake-debug/tests/testdata_tom | |
run: >- | |
export LD_LIBRARY_PATH=../..${LD_LIBRARY_PATH:+:}"$LD_LIBRARY_PATH" | |
./tom_testdata migrate | |
--database=tinyorm_testdata_tom_mysql,tinyorm_testdata_tom_postgres,tinyorm_testdata_tom_sqlite | |
--seed --no-ansi | |
env: | |
DB_MYSQL_CHARSET: ${{ secrets.DB_MYSQL_CHARSET }} | |
DB_MYSQL_COLLATION: ${{ secrets.DB_MYSQL_COLLATION }} | |
DB_MYSQL_DATABASE: ${{ secrets.DB_MYSQL_DATABASE }} | |
DB_MYSQL_HOST: ${{ secrets.DB_MYSQL_HOST_SSL }} | |
DB_MYSQL_PASSWORD: ${{ secrets.DB_MYSQL_PASSWORD }} | |
DB_MYSQL_SSL_CA: /usr/local/share/crystal-mysql/ca.pem | |
DB_MYSQL_SSL_CERT: /usr/local/share/crystal-mysql/client-cert.pem | |
DB_MYSQL_SSL_KEY: /usr/local/share/crystal-mysql/client-key.pem | |
DB_MYSQL_SSL_MODE: ${{ secrets.DB_MYSQL_SSL_MODE }} | |
DB_MYSQL_USERNAME: ${{ secrets.DB_MYSQL_USERNAME }} | |
DB_PGSQL_CHARSET: ${{ secrets.DB_PGSQL_CHARSET }} | |
DB_PGSQL_DATABASE: ${{ secrets.DB_PGSQL_DATABASE }} | |
DB_PGSQL_HOST: ${{ secrets.DB_PGSQL_HOST_SSL }} | |
DB_PGSQL_SEARCHPATH: ${{ secrets.DB_PGSQL_SEARCHPATH }} | |
DB_PGSQL_SSLMODE: ${{ secrets.DB_PGSQL_SSLMODE }} | |
DB_PGSQL_USERNAME: ${{ secrets.DB_PGSQL_USERNAME }} | |
DB_SQLITE_DATABASE: ${{ env.TinySQLitePath }} | |
TOM_TESTDATA_ENV: ${{ vars.TOM_TESTDATA_ENV }} | |
- name: TinyORM execute ctest π₯ | |
working-directory: ../TinyORM-builds-cmake/build-${{ matrix.compiler.key }}-cmake-debug | |
run: | | |
ctest --output-on-failure --parallel 4 | |
env: | |
DB_MYSQL_CHARSET: ${{ secrets.DB_MYSQL_CHARSET }} | |
DB_MYSQL_COLLATION: ${{ secrets.DB_MYSQL_COLLATION }} | |
DB_MYSQL_DATABASE: ${{ secrets.DB_MYSQL_DATABASE }} | |
DB_MYSQL_HOST: ${{ secrets.DB_MYSQL_HOST_SSL }} | |
DB_MYSQL_PASSWORD: ${{ secrets.DB_MYSQL_PASSWORD }} | |
DB_MYSQL_SSL_CA: /usr/local/share/crystal-mysql/ca.pem | |
DB_MYSQL_SSL_CERT: /usr/local/share/crystal-mysql/client-cert.pem | |
DB_MYSQL_SSL_KEY: /usr/local/share/crystal-mysql/client-key.pem | |
DB_MYSQL_SSL_MODE: ${{ secrets.DB_MYSQL_SSL_MODE }} | |
DB_MYSQL_USERNAME: ${{ secrets.DB_MYSQL_USERNAME }} | |
DB_PGSQL_CHARSET: ${{ secrets.DB_PGSQL_CHARSET }} | |
DB_PGSQL_DATABASE: ${{ secrets.DB_PGSQL_DATABASE }} | |
DB_PGSQL_HOST: ${{ secrets.DB_PGSQL_HOST_SSL }} | |
DB_PGSQL_SEARCHPATH: ${{ secrets.DB_PGSQL_SEARCHPATH }} | |
DB_PGSQL_SSLMODE: ${{ secrets.DB_PGSQL_SSLMODE }} | |
DB_PGSQL_USERNAME: ${{ secrets.DB_PGSQL_USERNAME }} | |
DB_SQLITE_DATABASE: ${{ env.TinySQLitePath }} | |
TOM_TESTS_ENV: ${{ vars.TOM_TESTS_ENV }} | |
- name: Tom example test some commands (MySQL) π | |
working-directory: ../TinyORM-builds-cmake/build-${{ matrix.compiler.key }}-cmake-debug/examples/tom | |
run: | | |
export LD_LIBRARY_PATH=../..${LD_LIBRARY_PATH:+:}"$LD_LIBRARY_PATH" | |
./tom migrate:fresh --database=tinyorm_tom_mysql --no-ansi | |
./tom migrate:uninstall --reset --database=tinyorm_tom_mysql --no-ansi | |
./tom migrate:install --database=tinyorm_tom_mysql --no-ansi | |
./tom migrate --database=tinyorm_tom_mysql --seed --no-ansi | |
./tom migrate:status --database=tinyorm_tom_mysql --no-ansi | |
./tom migrate:refresh --database=tinyorm_tom_mysql --seed --no-ansi | |
./tom migrate:reset --database=tinyorm_tom_mysql --no-ansi | |
./tom migrate:uninstall --database=tinyorm_tom_mysql --no-ansi | |
env: | |
DB_MYSQL_CHARSET: ${{ secrets.DB_MYSQL_CHARSET }} | |
DB_MYSQL_COLLATION: ${{ secrets.DB_MYSQL_COLLATION }} | |
DB_MYSQL_DATABASE: ${{ secrets.DB_MYSQL_DATABASE }} | |
DB_MYSQL_HOST: ${{ secrets.DB_MYSQL_HOST_SSL }} | |
DB_MYSQL_PASSWORD: ${{ secrets.DB_MYSQL_PASSWORD }} | |
DB_MYSQL_SSL_CA: /usr/local/share/crystal-mysql/ca.pem | |
DB_MYSQL_SSL_CERT: /usr/local/share/crystal-mysql/client-cert.pem | |
DB_MYSQL_SSL_KEY: /usr/local/share/crystal-mysql/client-key.pem | |
DB_MYSQL_SSL_MODE: ${{ secrets.DB_MYSQL_SSL_MODE }} | |
DB_MYSQL_USERNAME: ${{ secrets.DB_MYSQL_USERNAME }} | |
TOM_EXAMPLE_ENV: ${{ vars.TOM_EXAMPLE_ENV }} | |
- name: Tom example test some commands (PostgreSQL) π | |
working-directory: ../TinyORM-builds-cmake/build-${{ matrix.compiler.key }}-cmake-debug/examples/tom | |
run: | | |
export LD_LIBRARY_PATH=../..${LD_LIBRARY_PATH:+:}"$LD_LIBRARY_PATH" | |
./tom migrate:fresh --database=tinyorm_tom_postgres --no-ansi | |
./tom migrate:uninstall --reset --database=tinyorm_tom_postgres --no-ansi | |
./tom migrate:install --database=tinyorm_tom_postgres --no-ansi | |
./tom migrate --database=tinyorm_tom_postgres --seed --no-ansi | |
./tom migrate:status --database=tinyorm_tom_postgres --no-ansi | |
./tom migrate:refresh --database=tinyorm_tom_postgres --seed --no-ansi | |
./tom migrate:reset --database=tinyorm_tom_postgres --no-ansi | |
./tom migrate:uninstall --database=tinyorm_tom_postgres --no-ansi | |
env: | |
DB_PGSQL_CHARSET: ${{ secrets.DB_PGSQL_CHARSET }} | |
DB_PGSQL_DATABASE: ${{ secrets.DB_PGSQL_DATABASE }} | |
DB_PGSQL_HOST: ${{ secrets.DB_PGSQL_HOST_SSL }} | |
DB_PGSQL_SEARCHPATH: ${{ secrets.DB_PGSQL_SEARCHPATH }} | |
DB_PGSQL_SSLMODE: ${{ secrets.DB_PGSQL_SSLMODE }} | |
DB_PGSQL_USERNAME: ${{ secrets.DB_PGSQL_USERNAME }} | |
TOM_EXAMPLE_ENV: ${{ vars.TOM_EXAMPLE_ENV }} | |
- name: Tom example test some commands (SQLite) π | |
working-directory: ../TinyORM-builds-cmake/build-${{ matrix.compiler.key }}-cmake-debug/examples/tom | |
run: | | |
export LD_LIBRARY_PATH=../..${LD_LIBRARY_PATH:+:}"$LD_LIBRARY_PATH" | |
./tom migrate:fresh --database=tinyorm_tom_sqlite --no-ansi | |
./tom migrate:uninstall --reset --database=tinyorm_tom_sqlite --no-ansi | |
./tom migrate:install --database=tinyorm_tom_sqlite --no-ansi | |
./tom migrate --database=tinyorm_tom_sqlite --seed --no-ansi | |
./tom migrate:status --database=tinyorm_tom_sqlite --no-ansi | |
./tom migrate:refresh --database=tinyorm_tom_sqlite --seed --no-ansi | |
./tom migrate:reset --database=tinyorm_tom_sqlite --no-ansi | |
./tom migrate:uninstall --database=tinyorm_tom_sqlite --no-ansi | |
env: | |
DB_SQLITE_DATABASE: ${{ env.TinySQLitePath }} | |
TOM_EXAMPLE_ENV: ${{ vars.TOM_EXAMPLE_ENV }} |