feat: allow checkout of fork repo on workflow approval #4556
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Test Database | |
| on: | |
| push: | |
| branches: | |
| - develop | |
| pull_request: | |
| workflow_dispatch: | |
| permissions: | |
| contents: read | |
| id-token: write | |
| jobs: | |
| checkout: | |
| uses: ./.github/workflows/shared-checkout.yml | |
| prepare: | |
| needs: checkout | |
| runs-on: ubuntu-latest | |
| outputs: | |
| postgres_versions: ${{ steps.set-versions.outputs.postgres_versions }} | |
| steps: | |
| - name: Download repository | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: repository | |
| path: . | |
| - name: Clear Nix cache | |
| run: | | |
| sudo rm -rf /home/runner/.cache/nix | |
| - uses: DeterminateSystems/nix-installer-action@main | |
| with: | |
| extra-conf: | | |
| substituters = https://cache.nixos.org https://nix-postgres-artifacts.s3.amazonaws.com | |
| trusted-public-keys = nix-postgres-artifacts:dGZlQOvKcNEjvT7QEAJbcV6b6uk7VF/hWMjhYleiaLI=% cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= | |
| - name: Set PostgreSQL versions | |
| id: set-versions | |
| run: | | |
| VERSIONS=$(nix run nixpkgs#yq -- '.postgres_major[]' ansible/vars.yml | nix run nixpkgs#jq -- -R -s -c "split(\"\n\")[:-1]") | |
| echo "postgres_versions=$VERSIONS" >> $GITHUB_OUTPUT | |
| build: | |
| needs: prepare | |
| strategy: | |
| matrix: | |
| postgres_version: ${{ fromJson(needs.prepare.outputs.postgres_versions) }} | |
| include: | |
| - runner: ubuntu-22.04 | |
| arch: amd64 | |
| - runner: ubuntu-22.04 | |
| arch: arm64 | |
| runs-on: ${{ matrix.runner }} | |
| timeout-minutes: 180 | |
| env: | |
| POSTGRES_PORT: 5478 | |
| POSTGRES_PASSWORD: password | |
| steps: | |
| - name: Download repository | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: repository | |
| path: . | |
| - name: Clear Nix cache | |
| run: | | |
| sudo rm -rf /home/runner/.cache/nix | |
| - uses: DeterminateSystems/nix-installer-action@main | |
| with: | |
| extra-conf: | | |
| substituters = https://cache.nixos.org https://nix-postgres-artifacts.s3.amazonaws.com | |
| trusted-public-keys = nix-postgres-artifacts:dGZlQOvKcNEjvT7QEAJbcV6b6uk7VF/hWMjhYleiaLI=% cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= | |
| - name: Set PostgreSQL version environment variable | |
| run: echo "POSTGRES_MAJOR_VERSION=${{ matrix.postgres_version }}" >> $GITHUB_ENV | |
| - name: Strip quotes from pg major and set env var | |
| run: | | |
| stripped_version=$(echo "${{ matrix.postgres_version }}" | sed 's/^"\(.*\)"$/\1/') | |
| echo "PGMAJOR=$stripped_version" >> $GITHUB_ENV | |
| - name: Generate common-nix.vars.pkr.hcl | |
| run: | | |
| PG_VERSION=$(nix run nixpkgs#yq -- '.postgres_release["postgres'${{ matrix.postgres_version }}'"]' ansible/vars.yml) | |
| PG_VERSION=$(echo $PG_VERSION | tr -d '"') # Remove any surrounding quotes | |
| echo 'postgres-version = "'$PG_VERSION'"' > common-nix.vars.pkr.hcl | |
| echo "" >> common-nix.vars.pkr.hcl | |
| - id: settings | |
| run: sed -r 's/(\s|\")+//g' common-nix.vars.pkr.hcl >> $GITHUB_OUTPUT | |
| - name: Generate args | |
| id: args | |
| run: | | |
| ARGS=$(nix run nixpkgs#yq -- 'to_entries | map(select(.value|type == "!!str")) | map(.key + "=" + .value) | join("\n")' ansible/vars.yml) | |
| echo "result<<EOF" >> $GITHUB_OUTPUT | |
| echo "$ARGS" >> $GITHUB_OUTPUT | |
| echo "EOF" >> $GITHUB_OUTPUT | |
| - name: verify schema.sql is committed | |
| run: | | |
| # Save the original schema file | |
| cp migrations/schema-${{ env.PGMAJOR }}.sql migrations/schema-${{ env.PGMAJOR }}.sql.original | |
| # Run dbmate-tool | |
| nix run github:supabase/postgres/${{ github.sha }}#dbmate-tool -- --version ${{ env.PGMAJOR }} --flake-url github:supabase/postgres/${{ github.sha }} | |
| # Compare the files | |
| if ! cmp -s migrations/schema-${{ env.PGMAJOR }}.sql migrations/schema-${{ env.PGMAJOR }}.sql.original; then | |
| echo "Detected changes in schema.sql:" | |
| diff -u migrations/schema-${{ env.PGMAJOR }}.sql.original migrations/schema-${{ env.PGMAJOR }}.sql | |
| exit 1 | |
| fi |