|
| 1 | +name: Setup PostgreSQL for Linux/macOS/Windows |
| 2 | +author: Ihor Kalnytskyi |
| 3 | +description: Setup a preinstalled PostgreSQL server. |
| 4 | +branding: |
| 5 | + icon: database |
| 6 | + color: purple |
| 7 | +inputs: |
| 8 | + username: |
| 9 | + description: The username of the user to setup. |
| 10 | + default: postgres |
| 11 | + required: false |
| 12 | + password: |
| 13 | + description: The password of the user to setup. |
| 14 | + default: postgres |
| 15 | + required: false |
| 16 | + database: |
| 17 | + description: The database name to setup and grant permissions to created user. |
| 18 | + default: postgres |
| 19 | + required: false |
| 20 | + port: |
| 21 | + description: The server port to listen on. |
| 22 | + default: "5432" |
| 23 | + required: false |
| 24 | + ssl_on: |
| 25 | + description: The ssl turn on or off. |
| 26 | + default: "off" |
| 27 | + required: false |
| 28 | + ca_file_output: |
| 29 | + description: Location for the certificate file. |
| 30 | + default: ./root.crt |
| 31 | + required: false |
| 32 | +outputs: |
| 33 | + connection-uri: |
| 34 | + description: The connection URI to connect to PostgreSQL. |
| 35 | + value: ${{ steps.set-outputs.outputs.connection-uri }} |
| 36 | + service-name: |
| 37 | + description: The service name with connection parameters. |
| 38 | + value: ${{ steps.set-outputs.outputs.service-name }} |
| 39 | +runs: |
| 40 | + using: composite |
| 41 | + steps: |
| 42 | + - name: Prerequisites |
| 43 | + run: | |
| 44 | + if [ "$RUNNER_OS" == "Linux" ]; then |
| 45 | + echo "$(pg_config --bindir)" >> $GITHUB_PATH |
| 46 | + elif [ "$RUNNER_OS" == "Windows" ]; then |
| 47 | + echo "$PGBIN" >> $GITHUB_PATH |
| 48 | + echo "PQ_LIB_DIR=$PGROOT\lib" >> $GITHUB_ENV |
| 49 | +
|
| 50 | + # The Windows runner has some PostgreSQL environment variables set |
| 51 | + # that may confuse users since they may be irrelevant to the |
| 52 | + # PostgreSQL server we're using. |
| 53 | + for name in "PGROOT" "PGDATA" "PGBIN" "PGUSER" "PGPASSWORD"; do |
| 54 | + echo "$name=" >> $GITHUB_ENV |
| 55 | + done |
| 56 | + elif [ "$RUNNER_OS" == "macOS" ]; then |
| 57 | + case "$(sw_vers -productVersion)" in |
| 58 | + 13.*|14.*) |
| 59 | + # Unfortunately, the macOS 13 runner image doesn't come w/ |
| 60 | + # pre-installed PostgreSQL server. |
| 61 | + export HOMEBREW_NO_INSTALLED_DEPENDENTS_CHECK=1 |
| 62 | + export HOMEBREW_NO_INSTALL_CLEANUP=1 |
| 63 | + export HOMEBREW_NO_INSTALL_UPGRADE=1 |
| 64 | + brew install --skip-post-install postgresql@14 |
| 65 | + ;; |
| 66 | + esac |
| 67 | + fi |
| 68 | + shell: bash |
| 69 | + |
| 70 | + - name: Setup and start PostgreSQL |
| 71 | + run: | |
| 72 | + export PGDATA="$RUNNER_TEMP/pgdata" |
| 73 | + export PWFILE="$RUNNER_TEMP/pwfile" |
| 74 | +
|
| 75 | + DEFAULT_ENCODING="UTF-8" |
| 76 | + DEFAULT_LOCALE="en_US.$DEFAULT_ENCODING" |
| 77 | +
|
| 78 | + # Unfortunately, Windows Server 2019 doesn't understand locale |
| 79 | + # specified in the format defined by the POSIX standard, i.e. |
| 80 | + # <language>_<country>.<encoding>. Therefore, we have to convert it |
| 81 | + # into something it can swallow, i.e. <language>-<country>. |
| 82 | + if [[ "$RUNNER_OS" == "Windows" && "$(wmic os get Caption)" == *"2019"* ]]; then |
| 83 | + DEFAULT_LOCALE="${DEFAULT_LOCALE%%.*}" |
| 84 | + DEFAULT_LOCALE="${DEFAULT_LOCALE//_/-}" |
| 85 | + fi |
| 86 | +
|
| 87 | + # Unfortunately 'initdb' could only receive a password via file on disk |
| 88 | + # or prompt to enter on. Prompting is not an option since we're running |
| 89 | + # in non-interactive mode. |
| 90 | + echo '${{ inputs.password }}' > $PWFILE |
| 91 | +
|
| 92 | + # There are couple of reasons why we need to create a new PostgreSQL |
| 93 | + # database cluster. First and foremost, we have to create a superuser |
| 94 | + # with provided credentials. Second, we want the PostgreSQL client |
| 95 | + # applications [1] to be available for execution without |
| 96 | + # run-from-another-user dances. Third, we want to make sure that |
| 97 | + # settings are the same between operating systems and aren't changed by |
| 98 | + # package vendors. |
| 99 | + # |
| 100 | + # [1] https://www.postgresql.org/docs/15/reference-client.html |
| 101 | + initdb \ |
| 102 | + --username="${{ inputs.username }}" \ |
| 103 | + --pwfile="$PWFILE" \ |
| 104 | + --auth="scram-sha-256" \ |
| 105 | + --encoding="$DEFAULT_ENCODING" \ |
| 106 | + --locale="$DEFAULT_LOCALE" \ |
| 107 | + --no-instructions |
| 108 | +
|
| 109 | + # Create new ssl certificate |
| 110 | + if [ ${{ inputs.ssl_on }} == "on" ]; then |
| 111 | + openssl req -new -x509 -days 365 -nodes -text -out $PGDATA/server.crt -keyout $PGDATA/server.key -subj "/CN=localhost" |
| 112 | + chmod og-rwx $PGDATA/server.key $PGDATA/server.crt |
| 113 | + cp $PGDATA/server.crt ${{ inputs.ca_file_output }} |
| 114 | + fi |
| 115 | +
|
| 116 | + # Do not create unix sockets since they are created by default in the |
| 117 | + # directory we have no permissions to (owned by system postgres user). |
| 118 | + echo "unix_socket_directories = ''" >> "$PGDATA/postgresql.conf" |
| 119 | + echo "port = ${{ inputs.port }}" >> "$PGDATA/postgresql.conf" |
| 120 | +
|
| 121 | + # Set new configuration option with ssl to Postgres |
| 122 | + if [ ${{ inputs.ssl_on }} == "on" ]; then |
| 123 | + echo "ssl = on" >> "$PGDATA/postgresql.conf" |
| 124 | + echo "ssl_cert_file = '$PGDATA/server.crt'" >> "$PGDATA/postgresql.conf" |
| 125 | + echo "ssl_key_file = '$PGDATA/server.key'" >> "$PGDATA/postgresql.conf" |
| 126 | + fi |
| 127 | +
|
| 128 | + pg_ctl start |
| 129 | +
|
| 130 | + # Save required connection parameters for created superuser to the |
| 131 | + # connection service file [1]. This allows using these connection |
| 132 | + # parameters by setting 'PGSERVICE' environment variable or by |
| 133 | + # requesting them via connection string. |
| 134 | + # |
| 135 | + # HOST is required for Linux/macOS because these OS-es default to unix |
| 136 | + # sockets but we turned them off. |
| 137 | + # |
| 138 | + # PORT, USER, PASSWORD and DBNAME are required because they could be |
| 139 | + # parametrized via action input parameters. |
| 140 | + # |
| 141 | + # [1] https://www.postgresql.org/docs/15/libpq-pgservice.html |
| 142 | + cat <<EOF > "$PGDATA/pg_service.conf" |
| 143 | + [${{ inputs.username }}] |
| 144 | + host=localhost |
| 145 | + port=${{ inputs.port }} |
| 146 | + user=${{ inputs.username }} |
| 147 | + password=${{ inputs.password }} |
| 148 | + dbname=${{ inputs.database }} |
| 149 | + EOF |
| 150 | + echo "PGSERVICEFILE=$PGDATA/pg_service.conf" >> $GITHUB_ENV |
| 151 | + shell: bash |
| 152 | + |
| 153 | + - name: Setup PostgreSQL database |
| 154 | + run: | |
| 155 | + # The 'postgres' database is a pre-created database meant for use by |
| 156 | + # users, utilities and third party applications. There's no way to |
| 157 | + # parametrize the name, so all we can do is to avoid creating a |
| 158 | + # database if provided name is 'postgres'. |
| 159 | + if [ "${{ inputs.database }}" != "postgres" ]; then |
| 160 | + createdb -O "${{ inputs.username }}" "${{ inputs.database }}" |
| 161 | + fi |
| 162 | + env: |
| 163 | + PGSERVICE: ${{ inputs.username }} |
| 164 | + shell: bash |
| 165 | + |
| 166 | + - name: Set action outputs |
| 167 | + run: | |
| 168 | + CONNECTION_URI="postgresql://${{ inputs.username }}:${{ inputs.password }}@localhost:${{ inputs.port }}/${{ inputs.database }}" |
| 169 | +
|
| 170 | + echo "connection-uri=$CONNECTION_URI" >> $GITHUB_OUTPUT |
| 171 | + echo "service-name=${{ inputs.username }}" >> $GITHUB_OUTPUT |
| 172 | + shell: bash |
| 173 | + id: set-outputs |
0 commit comments