feat: allow checkout of fork repo on workflow approval #4545
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Test Database | |
| on: | |
| push: | |
| branches: | |
| - develop | |
| pull_request: | |
| workflow_dispatch: | |
| permissions: | |
| contents: read | |
| id-token: write | |
| jobs: | |
| checkout: | |
| uses: ./.github/workflows/shared-checkout.yml | |
| prepare: | |
| needs: checkout | |
| runs-on: ubuntu-latest | |
| outputs: | |
| postgres_versions: ${{ steps.set-versions.outputs.postgres_versions }} | |
| steps: | |
| - name: Download repository | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: repository | |
| path: . | |
| - name: Clear Nix cache | |
| run: | | |
| sudo rm -rf /home/runner/.cache/nix | |
| - uses: DeterminateSystems/nix-installer-action@main | |
| with: | |
| extra-conf: | | |
| substituters = https://cache.nixos.org https://nix-postgres-artifacts.s3.amazonaws.com | |
| trusted-public-keys = nix-postgres-artifacts:dGZlQOvKcNEjvT7QEAJbcV6b6uk7VF/hWMjhYleiaLI=% cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= | |
| - name: Set PostgreSQL versions | |
| id: set-versions | |
| run: | | |
| VERSIONS=$(nix run nixpkgs#yq -- '.postgres_major[]' ansible/vars.yml | nix run nixpkgs#jq -- -R -s -c "split(\"\n\")[:-1]") | |
| echo "postgres_versions=$VERSIONS" >> $GITHUB_OUTPUT | |
| build: | |
| needs: prepare | |
| strategy: | |
| matrix: | |
| postgres_version: ${{ fromJson(needs.prepare.outputs.postgres_versions) }} | |
| include: | |
| - runner: ubuntu-22.04 | |
| arch: amd64 | |
| - runner: ubuntu-22.04 | |
| arch: arm64 | |
| runs-on: ${{ matrix.runner }} | |
| timeout-minutes: 180 | |
| env: | |
| POSTGRES_PORT: 5478 | |
| POSTGRES_PASSWORD: password | |
| steps: | |
| - name: Download repository | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: repository | |
| path: . | |
| - name: Clear Nix cache | |
| run: | | |
| sudo rm -rf /home/runner/.cache/nix | |
| - uses: DeterminateSystems/nix-installer-action@main | |
| with: | |
| extra-conf: | | |
| substituters = https://cache.nixos.org https://nix-postgres-artifacts.s3.amazonaws.com | |
| trusted-public-keys = nix-postgres-artifacts:dGZlQOvKcNEjvT7QEAJbcV6b6uk7VF/hWMjhYleiaLI=% cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= | |
| - name: Set PostgreSQL version environment variable | |
| run: echo "POSTGRES_MAJOR_VERSION=${{ matrix.postgres_version }}" >> $GITHUB_ENV | |
| - name: Strip quotes from pg major and set env var | |
| run: | | |
| stripped_version=$(echo "${{ matrix.postgres_version }}" | sed 's/^"\(.*\)"$/\1/') | |
| echo "PGMAJOR=$stripped_version" >> $GITHUB_ENV | |
| - name: Generate common-nix.vars.pkr.hcl | |
| run: | | |
| PG_VERSION=$(nix run nixpkgs#yq -- '.postgres_release["postgres'${{ matrix.postgres_version }}'"]' ansible/vars.yml) | |
| PG_VERSION=$(echo $PG_VERSION | tr -d '"') # Remove any surrounding quotes | |
| echo 'postgres-version = "'$PG_VERSION'"' > common-nix.vars.pkr.hcl | |
| echo "" >> common-nix.vars.pkr.hcl | |
| - id: settings | |
| run: sed -r 's/(\s|\")+//g' common-nix.vars.pkr.hcl >> $GITHUB_OUTPUT | |
| - name: Generate args | |
| id: args | |
| run: | | |
| ARGS=$(nix run nixpkgs#yq -- 'to_entries | map(select(.value|type == "!!str")) | map(.key + "=" + .value) | join("\n")' ansible/vars.yml) | |
| echo "result<<EOF" >> $GITHUB_OUTPUT | |
| echo "$ARGS" >> $GITHUB_OUTPUT | |
| echo "EOF" >> $GITHUB_OUTPUT | |
| - name: verify schema.sql is committed | |
| run: | | |
| nix run github:supabase/postgres/${{ github.sha }}#dbmate-tool -- --version ${{ env.PGMAJOR }} --flake-url github:supabase/postgres/${{ github.sha }} | |
| if ! git diff --exit-code --quiet migrations/schema-${{ env.PGMAJOR }}.sql; then | |
| echo "Detected changes in schema.sql:" | |
| git diff migrations/schema-${{ env.PGMAJOR }}.sql | |
| exit 1 | |
| fi |