Document unprivileged user in GitHub workflows #212
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI/CD | |
on: | |
push: | |
pull_request: | |
schedule: | |
- cron: '0 14 3 * *' # Monthly at 2pm on the 3rd | |
jobs: | |
test: | |
name: π PostgreSQL ${{ matrix.pg }} | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
pg: [16, 15, 14, 13, 12, 11, 10, 9.6, 9.5, 9.4, 9.3, 9.2, 9.1, '9.0', 8.4, 8.3, 8.2] | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Build Image | |
run: docker build -t pgxn-tools-test . | |
# Test with Git repo | |
- name: Test Git as root | |
run: "docker run -w /repo --rm --volume \"$(pwd):/repo\" pgxn-tools-test ./test/runtest.sh ${{ matrix.pg }} git" | |
- name: Test Git as non-root | |
run: "docker run -w /repo --rm --volume \"$(pwd):/repo\" -e AS_USER=worker pgxn-tools-test ./test/runtest.sh ${{ matrix.pg }} git" | |
- name: Test Git with extra file | |
run: "docker run -w /repo --rm --volume \"$(pwd):/repo\" pgxn-tools-test ./test/runtest.sh ${{ matrix.pg }} git yes" | |
- name: Test Git with archive-all | |
env: { GIT_ARCHIVE_CMD: archive-all } | |
run: "docker run -w /repo --rm --volume \"$(pwd):/repo\" pgxn-tools-test ./test/runtest.sh ${{ matrix.pg }} git" | |
# Test without Git repo | |
- name: Test Zip as root | |
run: "docker run -w /repo --rm --volume \"$(pwd)/test:/repo\" pgxn-tools-test ./runtest.sh ${{ matrix.pg }} zip" | |
- name: Test Zip as non-root | |
run: "docker run -w /repo --rm --volume \"$(pwd)/test:/repo\" -e AS_USER=worker pgxn-tools-test ./runtest.sh ${{ matrix.pg }} zip" | |
- name: Test Zip with zip excluded file | |
run: "docker run -w /repo --rm --volume \"$(pwd)/test:/repo\" pgxn-tools-test ./runtest.sh ${{ matrix.pg }} zip yes" | |
publish: | |
# Publish for a tag starting with v. | |
name: Push to Docker Hub | |
needs: test | |
if: startsWith(github.ref, 'refs/tags/v') | |
runs-on: ubuntu-latest | |
steps: | |
- name: Check out the repo | |
uses: actions/checkout@v4 | |
- name: Docker meta | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: pgxn/pgxn-tools | |
tags: | | |
type=semver,pattern={{version}} | |
type=semver,pattern={{major}}.{{minor}} | |
type=semver,pattern=v{{major}} | |
type=raw,value=bookworm | |
labels: | | |
org.opencontainers.image.title=PGXN Tools | |
org.opencontainers.image.licenses=PostgreSQL | |
- name: Login to DockerHub | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKER_PASSWORD }} | |
- name: Build and Push | |
# https://github.com/marketplace/actions/build-and-push-docker-images | |
uses: docker/build-push-action@v5 | |
with: | |
push: true | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} |