Build and Uninstall

.github/workflows/release-eql.yml

@@ -36,10 +36,11 @@ jobs:
       - name: Build EQL release
         run: |
           just build
-          mv release/cipherstash-encrypt-dsl.sql release/cipherstash-eql.sql
 
       - name: Publish EQL release artifacts
         uses: softprops/action-gh-release@v2
         if: startsWith(github.ref, 'refs/tags/')
         with:
-          files: release/cipherstash-eql.sql
+          files: |
+            release/cipherstash-eql.sql
+            release/cipherstash-eql-uninstall.sql

.github/workflows/test-eql.yml

@@ -0,0 +1,51 @@
+name: "Test EQL"
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - ".github/workflows/test-eql.yml"
+      - "sql/*.sql"
+
+  pull_request:
+    branches:
+      - main
+    paths:
+      - ".github/workflows/test-eql.yml"
+      - "sql/*.sql"
+
+  workflow_dispatch:
+
+defaults:
+  run:
+    shell: bash -l {0}
+
+jobs:
+  test:
+    name: "Test EQL SQL components"
+    runs-on: ubuntu-24.04
+
+    strategy:
+      fail-fast: false
+      matrix:
+        postgres-version: [17, 16, 15, 14]
+
+    env:
+      CS_DATABASE__PASSWORD:
+      CS_DATABASE__PORT: 5432
+      CS_DATABASE__NAME: test
+
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: extractions/setup-just@v1
+
+      - uses: ankane/setup-postgres@v1
+        with:
+          postgres-version: ${{ matrix.postgres-version }}
+          database: ${{ env.CS_DATABASE__NAME }}
+
+      - name: Test EQL
+        run: |
+          just build test
+

.gitignore

@@ -183,3 +183,5 @@ cipherstash-proxy.toml
 
 # build artifacts
 release/
+
+.mise.*

justfile

@@ -2,32 +2,69 @@ set dotenv-load
 set positional-arguments
 
 
-test_dsl:
+test:
   #!/usr/bin/env bash
   set -euxo pipefail
 
-  PGPASSWORD=$CS_DATABASE__PASSWORD dropdb --force --if-exists --username $CS_DATABASE__USERNAME --port $CS_DATABASE__PORT cs_migrator_test
-  PGPASSWORD=$CS_DATABASE__PASSWORD createdb --username $CS_DATABASE__USERNAME --port $CS_DATABASE__PORT cs_migrator_test
+  PGPASSWORD=$CS_DATABASE__PASSWORD dropdb --force --if-exists --username ${CS_DATABASE__USERNAME:-$USER} --port $CS_DATABASE__PORT $CS_DATABASE__NAME
+  PGPASSWORD=$CS_DATABASE__PASSWORD createdb --username ${CS_DATABASE__USERNAME:-$USER} --port $CS_DATABASE__PORT $CS_DATABASE__NAME
 
-  connection_url=postgresql://$CS_DATABASE__USERNAME:@localhost:$CS_DATABASE__PORT/cs_migrator_test
-  PGPASSWORD=$CS_DATABASE__PASSWORD psql $connection_url -f sql/dsl-core.sql
-  PGPASSWORD=$CS_DATABASE__PASSWORD psql $connection_url -f sql/dsl-config-schema.sql
-  PGPASSWORD=$CS_DATABASE__PASSWORD psql $connection_url -f sql/dsl-config-functions.sql
-  PGPASSWORD=$CS_DATABASE__PASSWORD psql $connection_url -f sql/dsl-encryptindex.sql
+  connection_url=postgresql://${CS_DATABASE__USERNAME:-$USER}:@localhost:$CS_DATABASE__PORT/$CS_DATABASE__NAME
+
+  # Install
+  PGPASSWORD=$CS_DATABASE__PASSWORD psql $connection_url -f release/cipherstash-encrypt.sql
 
   # tests
   PGPASSWORD=$CS_DATABASE__PASSWORD psql $connection_url -f tests/core.sql
   PGPASSWORD=$CS_DATABASE__PASSWORD psql $connection_url -f tests/config.sql
   PGPASSWORD=$CS_DATABASE__PASSWORD psql $connection_url -f tests/encryptindex.sql
 
-  dropdb --username $CS_DATABASE__USERNAME --port $CS_DATABASE__PORT cs_migrator_test
+  # Uninstall
+  PGPASSWORD=$CS_DATABASE__PASSWORD psql $connection_url -f release/cipherstash-encrypt-uninstall.sql
 
+  dropdb --username ${CS_DATABASE__USERNAME:-$USER} --port $CS_DATABASE__PORT $CS_DATABASE__NAME
 
 build:
   #!/usr/bin/env bash
   set -euxo pipefail
 
-  cat sql/database-extensions/postgresql/install.sql sql/ore-cllw.sql sql/ste-vec.sql sql/dsl-core.sql sql/dsl-config-schema.sql sql/dsl-config-functions.sql sql/dsl-encryptindex.sql > release/cipherstash-encrypt-dsl.sql
+  mkdir -p release
+
+  rm -f release/cipherstash-encrypt-uninstall.sql
+  rm -f release/cipherstash-encrypt.sql
+
+  # Collect all the drops
+  # In reverse order (tac) so that we drop the constraints before the tables
+  grep -h -E '^(DROP|ALTER DOMAIN [^ ]+ DROP CONSTRAINT)' sql/0*-*.sql | tac > release/cipherstash-encrypt-tmp-drop.sql
+  # types are always last
+  cat sql/666-drop_types.sql >> release/cipherstash-encrypt-tmp-drop.sql
+
+
+  # Build cipherstash-encrypt.sql
+  # drop everything first
+  cat release/cipherstash-encrypt-tmp-drop.sql > release/cipherstash-encrypt.sql
+  # cat the rest of the sql files
+  cat sql/0*-*.sql >> release/cipherstash-encrypt.sql
+
+
+  # Build cipherstash-encrypt-uninstall.sql
+  # prepend the drops to the main sql file
+  cat release/cipherstash-encrypt-tmp-drop.sql >> release/cipherstash-encrypt-uninstall.sql
+  # uninstall renames configuration table
+  cat sql/666-rename_configuration_table.sql >> release/cipherstash-encrypt-uninstall.sql
+
+  # remove the drop file
+  rm release/cipherstash-encrypt-tmp-drop.sql
+
+
+reset:
+  #!/usr/bin/env bash
+  set -euxo pipefail
+
+  PGPASSWORD=$CS_DATABASE__PASSWORD dropdb --force --if-exists --username ${CS_DATABASE__USERNAME:-$USER} --port $CS_DATABASE__PORT $CS_DATABASE__NAME
+  PGPASSWORD=$CS_DATABASE__PASSWORD createdb --username ${CS_DATABASE__USERNAME:-$USER} --port $CS_DATABASE__PORT $CS_DATABASE__NAME
+
+  PGPASSWORD=$CS_DATABASE__PASSWORD psql $connection_url -f release/cipherstash-encrypt.sql
 
 
 psql: