chore(deps): Bump the all-npm-fe-version-updates group across 1 directory with 10 updates #5325
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: [ main ] | |
| pull_request: | |
| branches: [ main ] | |
| release: | |
| types: [ published ] | |
| workflow_dispatch: | |
| defaults: | |
| run: | |
| shell: bash | |
| jobs: | |
| lint-debug-test: | |
| name: Lint and Unit test | |
| runs-on: ubuntu-latest | |
| env: | |
| PGDATABASE: test | |
| PGHOST: localhost | |
| PGUSER: postgres | |
| PGPASSWORD: postgres | |
| services: | |
| postgres: | |
| image: postgis/postgis:16-3.5 | |
| ports: | |
| # will assign a random free host port | |
| - 5432/tcp | |
| # Sadly there is currently no way to pass arguments to the service image other than this hack | |
| # See also https://stackoverflow.com/a/62720566/177275 | |
| options: >- | |
| -e POSTGRES_DB=test | |
| -e POSTGRES_USER=postgres | |
| -e POSTGRES_PASSWORD=postgres | |
| -e PGDATABASE=test | |
| -e PGUSER=postgres | |
| -e PGPASSWORD=postgres | |
| --health-cmd pg_isready | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| --entrypoint sh | |
| postgis/postgis:16-3.5 | |
| -c "exec docker-entrypoint.sh postgres -c ssl=on -c ssl_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem -c ssl_key_file=/etc/ssl/private/ssl-cert-snakeoil.key" | |
| steps: | |
| - run: rustup update stable && rustup default stable | |
| - uses: taiki-e/install-action@v2 | |
| # TODO: add cargo-sort once https://github.com/taiki-e/install-action/pull/997 is resolved | |
| with: { tool: 'just,cargo-binstall' } | |
| - name: Checkout sources | |
| uses: actions/checkout@v5 | |
| - uses: Swatinem/rust-cache@v2 | |
| if: github.event_name != 'release' && github.event_name != 'workflow_dispatch' | |
| - run: just env-info | |
| - run: just test-fmt | |
| - run: npm install | |
| working-directory: martin/martin-ui | |
| - run: just biomejs-martin-ui | |
| - run: just test-frontend | |
| - run: just type-check | |
| - run: just clippy | |
| - run: just check | |
| - run: just check-doc | |
| - name: Check semver | |
| uses: obi1kenobi/cargo-semver-checks-action@v2 | |
| with: { exclude: martin-core } | |
| - name: Init database | |
| run: tests/fixtures/initdb.sh | |
| env: | |
| PGPORT: ${{ job.services.postgres.ports[5432] }} | |
| - name: Run cargo test | |
| run: | | |
| set -x | |
| cargo test --package martin-tile-utils | |
| cargo test --package mbtiles --no-default-features | |
| cargo test --package mbtiles | |
| cargo test --package martin | |
| cargo test --doc | |
| env: | |
| DATABASE_URL: postgres://${{ env.PGUSER }}:${{ env.PGUSER }}@${{ env.PGHOST }}:${{ job.services.postgres.ports[5432] }}/${{ env.PGDATABASE }}?sslmode=require | |
| AWS_SKIP_CREDENTIALS: 1 | |
| AWS_REGION: eu-central-1 | |
| musl-build: | |
| name: Build ${{ matrix.target }} | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: true | |
| matrix: | |
| include: | |
| - target: aarch64-unknown-linux-musl | |
| - target: x86_64-unknown-linux-musl | |
| steps: | |
| - run: rustup update stable && rustup default stable | |
| - name: Checkout sources | |
| uses: actions/checkout@v5 | |
| with: { set-safe-directory: false } | |
| - name: Install zig | |
| uses: korandoru/setup-zig@v1 | |
| with: { zig-version: '0.14.0' } | |
| - uses: taiki-e/install-action@v2 | |
| with: { tool: cargo-zigbuild } | |
| - run: rustup target add ${{ matrix.target }} | |
| - name: Build ${{ matrix.target }} | |
| run: | | |
| export "CARGO_TARGET_$(echo ${{ matrix.target }} | tr 'a-z-' 'A-Z_')_RUSTFLAGS"='-C strip=debuginfo' | |
| cargo zigbuild --release --target ${{ matrix.target }} --workspace --locked | |
| - name: Move the artefacts to the expected place | |
| run: | | |
| mkdir -p target_releases/ | |
| mv target/${{ matrix.target }}/release/martin target_releases/ | |
| mv target/${{ matrix.target }}/release/martin-cp target_releases/ | |
| mv target/${{ matrix.target }}/release/mbtiles target_releases/ | |
| - name: Save build artifacts to build-${{ matrix.target }} | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: build-${{ matrix.target }} | |
| path: target_releases/ | |
| docker-build-test: | |
| name: Build and test docker images | |
| runs-on: ubuntu-latest | |
| needs: [ musl-build, lint-debug-test ] | |
| permissions: | |
| id-token: write | |
| attestations: write | |
| packages: write | |
| contents: read | |
| env: | |
| # PG_* variables are used by psql | |
| PGDATABASE: test | |
| PGHOST: localhost | |
| PGUSER: postgres | |
| PGPASSWORD: postgres | |
| # TODO: aarch64-unknown-linux-gnu | |
| services: | |
| postgres: | |
| image: postgis/postgis:16-3.5 | |
| ports: | |
| - 5432/tcp | |
| options: >- | |
| -e POSTGRES_DB=test | |
| -e POSTGRES_USER=postgres | |
| -e POSTGRES_PASSWORD=postgres | |
| -e PGDATABASE=test | |
| -e PGUSER=postgres | |
| -e PGPASSWORD=postgres | |
| --health-cmd pg_isready | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| --entrypoint sh | |
| postgis/postgis:16-3.5 | |
| -c "exec docker-entrypoint.sh postgres -c ssl=on -c ssl_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem -c ssl_key_file=/etc/ssl/private/ssl-cert-snakeoil.key" | |
| steps: | |
| - name: Checkout sources | |
| uses: actions/checkout@v5 | |
| with: { set-safe-directory: false } | |
| - name: Init database | |
| run: tests/fixtures/initdb.sh | |
| env: | |
| PGPORT: ${{ job.services.postgres.ports[5432] }} | |
| # we want to test our docker images before we push them to the registry | |
| # this is done by | |
| # - building multi-arch images | |
| # - executing the test script against each arch via docker | |
| # - pushing them to the registry | |
| # | |
| # We need the containerd image store, as otherwise multi-arch cannot be loaded => https://github.com/docker/buildx/blob/master/docs/reference/buildx_build.md#docker | |
| # > The default image store in Docker Engine doesn't support loading multi-platform images. | |
| # > You can enable the containerd image store, or push multi-platform images is to directly push to a registry | |
| - name: Set up Docker | |
| uses: docker/setup-docker-action@v4 | |
| with: | |
| daemon-config: | | |
| { | |
| "features": { | |
| "containerd-snapshotter": true | |
| } | |
| } | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| # https://github.com/docker/setup-qemu-action | |
| with: { platforms: 'linux/amd64,linux/arm64' } | |
| - name: Set up gdal-bin and sqlite3-tools | |
| run: sudo apt-get update && sudo apt-get install -y gdal-bin sqlite3-tools | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| # https://github.com/docker/setup-buildx-action | |
| with: { install: true, platforms: 'linux/amd64,linux/arm64' } | |
| - name: Download build artifact build-aarch64-unknown-linux-musl | |
| uses: actions/download-artifact@v5 | |
| with: { name: 'build-aarch64-unknown-linux-musl', path: 'target_releases/linux/arm64/' } | |
| - name: Mark target_releases/linux/arm64/* as executable | |
| run: chmod +x target_releases/linux/arm64/* | |
| - name: Download build artifact build-x86_64-unknown-linux-musl | |
| uses: actions/download-artifact@v5 | |
| with: { name: 'build-x86_64-unknown-linux-musl', path: 'target_releases/linux/amd64/' } | |
| - name: Mark target_releases/linux/amd64/* as executable | |
| run: chmod +x target_releases/linux/amd64/* | |
| - name: Start NGINX | |
| uses: nyurik/[email protected] | |
| id: nginx | |
| with: { port: '5412', output-unix-paths: 'yes' } | |
| - name: Copy static files | |
| run: cp -r tests/fixtures/pmtiles2/* ${{ steps.nginx.outputs.html-dir }} | |
| - name: Docker meta | |
| id: docker_meta | |
| uses: docker/metadata-action@v5 | |
| # https://github.com/docker/metadata-action | |
| with: | |
| images: ghcr.io/${{ github.repository }} | |
| labels: | | |
| org.opencontainers.image.created={{commit_date 'YYYY-MM-DDTHH:mm:ss.SSS[Z]'}} | |
| org.opencontainers.image.authors=Yuri Astrakhan, Stepan Kuzmin and MapLibre contributors | |
| org.opencontainers.image.url=https://github.com/${{ github.repository }} | |
| org.opencontainers.image.documentation=https://maplibre.org/martin/ | |
| org.opencontainers.image.source=${{ github.event.repository.html_url }} | |
| org.opencontainers.image.revision=${{ github.sha }} | |
| org.opencontainers.image.vendor=maplibre | |
| org.opencontainers.image.licenses=Apache-2.0 OR MIT | |
| org.opencontainers.image.description=Blazing fast and lightweight tile server with PostGIS, MBTiles, and PMTiles support | |
| org.opencontainers.image.title=${{ github.event.repository.name }} | |
| org.opencontainers.image.source=https://github.com/maplibre/martin | |
| annotations: | | |
| org.opencontainers.image.created={{commit_date 'YYYY-MM-DDTHH:mm:ss.SSS[Z]'}} | |
| org.opencontainers.image.authors=Yuri Astrakhan, Stepan Kuzmin and MapLibre contributors | |
| org.opencontainers.image.url=https://github.com/${{ github.repository }} | |
| org.opencontainers.image.documentation=https://maplibre.org/martin/ | |
| org.opencontainers.image.source=${{ github.event.repository.html_url }} | |
| org.opencontainers.image.revision=${{ github.sha }} | |
| org.opencontainers.image.vendor=maplibre | |
| org.opencontainers.image.licenses=Apache-2.0 OR MIT | |
| org.opencontainers.image.description=Blazing fast and lightweight tile server with PostGIS, MBTiles, and PMTiles support | |
| org.opencontainers.image.title=${{ github.event.repository.name }} | |
| org.opencontainers.image.source=https://github.com/maplibre/martin | |
| env: | |
| DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index | |
| - name: Build linux/arm64,linux/amd64 Docker image | |
| uses: docker/build-push-action@v6 | |
| # https://github.com/docker/build-push-action | |
| with: | |
| provenance: mode=max | |
| sbom: true | |
| context: . | |
| file: .github/files/multi-platform.Dockerfile | |
| push: false | |
| load: true | |
| tags: ${{ github.repository }}:linux | |
| annotations: ${{ steps.docker_meta.outputs.annotations }} | |
| labels: ${{ steps.docker_meta.outputs.labels }} | |
| platforms: linux/arm64,linux/amd64 | |
| - name: Test linux/arm64 Docker image | |
| run: | | |
| PLATFORM=linux/arm64 | |
| TAG=${{ github.repository }}:linux | |
| export MARTIN_BUILD_ALL=- | |
| export MARTIN_BIN="docker run --rm --net host --platform $PLATFORM -e DATABASE_URL -e AWS_REGION=eu-central-1 -e AWS_SKIP_CREDENTIALS=1 -v $PWD/tests:/tests $TAG" | |
| export MARTIN_CP_BIN="docker run --rm --net host --platform $PLATFORM -e DATABASE_URL -e AWS_REGION=eu-central-1 -e AWS_SKIP_CREDENTIALS=1 -v $PWD/tests:/tests --entrypoint /usr/local/bin/martin-cp $TAG" | |
| export MBTILES_BIN="docker run --rm --net host --platform $PLATFORM -e DATABASE_URL -e AWS_REGION=eu-central-1 -e AWS_SKIP_CREDENTIALS=1 -v $PWD/tests:/tests --entrypoint /usr/local/bin/mbtiles $TAG" | |
| tests/test.sh | |
| env: | |
| DATABASE_URL: postgres://${{ env.PGUSER }}:${{ env.PGUSER }}@${{ env.PGHOST }}:${{ job.services.postgres.ports[5432] }}/${{ env.PGDATABASE }}?sslmode=require | |
| - name: Test linux/amd64 Docker image | |
| run: | | |
| PLATFORM=linux/amd64 | |
| TAG=${{ github.repository }}:linux | |
| export MARTIN_BUILD_ALL=- | |
| export MARTIN_BIN="docker run --rm --net host --platform $PLATFORM -e DATABASE_URL -e AWS_REGION=eu-central-1 -e AWS_SKIP_CREDENTIALS=1 -v $PWD/tests:/tests $TAG" | |
| export MARTIN_CP_BIN="docker run --rm --net host --platform $PLATFORM -e DATABASE_URL -e AWS_REGION=eu-central-1 -e AWS_SKIP_CREDENTIALS=1 -v $PWD/tests:/tests --entrypoint /usr/local/bin/martin-cp $TAG" | |
| export MBTILES_BIN="docker run --rm --net host --platform $PLATFORM -e DATABASE_URL -e AWS_REGION=eu-central-1 -e AWS_SKIP_CREDENTIALS=1 -v $PWD/tests:/tests --entrypoint /usr/local/bin/mbtiles $TAG" | |
| tests/test.sh | |
| env: | |
| DATABASE_URL: postgres://${{ env.PGUSER }}:${{ env.PGUSER }}@${{ env.PGHOST }}:${{ job.services.postgres.ports[5432] }}/${{ env.PGDATABASE }}?sslmode=require | |
| - name: Save test output (on error) | |
| if: failure() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: failed-test-output-docker | |
| path: | | |
| tests/output/* | |
| target/test_logs/* | |
| retention-days: 5 | |
| - name: Login to GitHub Docker registry | |
| if: github.event_name != 'pull_request' | |
| uses: docker/login-action@v3 | |
| # https://github.com/docker/login-action | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Push the Docker image | |
| id: docker_push | |
| if: github.event_name != 'pull_request' | |
| uses: docker/build-push-action@v6 | |
| with: | |
| provenance: mode=max | |
| sbom: true | |
| context: . | |
| file: .github/files/multi-platform.Dockerfile | |
| push: true | |
| load: false | |
| tags: ${{ steps.docker_meta.outputs.tags }} | |
| annotations: ${{ steps.docker_meta.outputs.annotations }} | |
| labels: ${{ steps.docker_meta.outputs.labels }} | |
| platforms: linux/amd64,linux/arm64 | |
| - name: Attest | |
| if: github.event_name != 'pull_request' | |
| uses: actions/attest-build-provenance@v2 | |
| id: attest | |
| with: | |
| subject-name: ghcr.io/${{ github.repository }} | |
| subject-digest: ${{ steps.docker_push.outputs.digest }} | |
| push-to-registry: true | |
| build: | |
| name: Build ${{ matrix.target }} | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: true | |
| matrix: | |
| include: | |
| - target: aarch64-apple-darwin | |
| os: macos-latest # M-series CPU | |
| - target: debian-x86_64 | |
| os: ubuntu-22.04 # downgraded to have lower libc support. Debian-12 (stable at the time of writing) does not support the same version ubuntu does. | |
| # TODO: update to ubuntu-latest again once debian 13 launches | |
| - target: x86_64-apple-darwin | |
| os: macos-13 # x64 CPU | |
| - target: x86_64-pc-windows-msvc | |
| os: windows-latest | |
| ext: '.exe' | |
| - target: x86_64-unknown-linux-gnu | |
| os: ubuntu-latest | |
| steps: | |
| - name: Checkout sources | |
| uses: actions/checkout@v5 | |
| - run: rustup update stable && rustup default stable | |
| # the macOS x86 runners are 3x slower than all other runners. | |
| # We need to cache here to not spend 30 minutes on each build. | |
| # We cannot cache the others as well because we only have 10GB of cache | |
| - if: matrix.target == 'x86_64-apple-darwin' && github.event_name != 'release' && github.event_name != 'workflow_dispatch' | |
| uses: Swatinem/rust-cache@v2 | |
| - name: Rust Versions | |
| run: rustc --version && cargo --version | |
| - name: Install NASM for rustls/aws-lc-rs on Windows | |
| if: runner.os == 'Windows' | |
| uses: ilammy/setup-nasm@v1 | |
| - name: Build (.deb) | |
| if: matrix.target == 'debian-x86_64' | |
| run: | | |
| set -x | |
| sudo apt-get install -y dpkg dpkg-dev liblzma-dev | |
| cargo install cargo-deb --locked | |
| cargo deb -v -p martin --output target/debian/debian-x86_64.deb | |
| mkdir -p target_releases | |
| mv target/debian/debian-x86_64.deb target_releases/ | |
| - name: Build | |
| if: matrix.target != 'debian-x86_64' | |
| run: | | |
| set -x | |
| rustup target add "${{ matrix.target }}" | |
| export RUSTFLAGS='-C strip=debuginfo' | |
| cargo build --release --target ${{ matrix.target }} --package mbtiles --locked | |
| cargo build --release --target ${{ matrix.target }} --package martin --locked | |
| mkdir -p target_releases | |
| mv target/${{ matrix.target }}/release/martin${{ matrix.ext }} target_releases/ | |
| mv target/${{ matrix.target }}/release/martin-cp${{ matrix.ext }} target_releases/ | |
| mv target/${{ matrix.target }}/release/mbtiles${{ matrix.ext }} target_releases/ | |
| - name: Save build artifacts to build-${{ matrix.target }} | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: build-${{ matrix.target }} | |
| path: target_releases/* | |
| test-aws-lambda: | |
| name: Test AWS Lambda | |
| runs-on: ubuntu-latest | |
| needs: [ musl-build ] | |
| steps: | |
| - name: Checkout sources | |
| uses: actions/checkout@v5 | |
| - name: Download build artifact build-x86_64-unknown-linux-musl | |
| uses: actions/download-artifact@v5 | |
| with: { name: 'build-x86_64-unknown-linux-musl', path: 'target/' } | |
| - run: tests/test-aws-lambda.sh | |
| env: | |
| MARTIN_BIN: target/martin | |
| test-multi-os: | |
| name: Test on ${{ matrix.os }} | |
| runs-on: ${{ matrix.os }} | |
| needs: [ build ] | |
| env: | |
| # PG_* variables are used by psql | |
| PGDATABASE: test | |
| PGHOST: localhost | |
| PGUSER: postgres | |
| PGPASSWORD: postgres | |
| PGPORT: 34837 | |
| # AWS variables for S3 access | |
| AWS_REGION: eu-central-1 | |
| AWS_SKIP_CREDENTIALS: 1 | |
| strategy: | |
| fail-fast: true | |
| matrix: | |
| include: | |
| # temporary disabled due to an issue with homebrew which is difficult to debug | |
| # - target: x86_64-apple-darwin | |
| # os: macos-13 | |
| - target: x86_64-pc-windows-msvc | |
| os: windows-latest | |
| ext: '.exe' | |
| - target: x86_64-unknown-linux-gnu | |
| os: ubuntu-latest | |
| steps: | |
| - name: Install and run Postgis (Windows) | |
| if: matrix.os == 'windows-latest' | |
| uses: nyurik/[email protected] | |
| id: pg | |
| with: { username: 'postgres', password: 'postgres', database: 'test', postgres-version: 16, port: 34837, postgis_version: 3.5.2 } | |
| - name: Install and run Postgis (Ubuntu) | |
| if: matrix.os == 'ubuntu-latest' | |
| run: | | |
| docker run -d \ | |
| -p 34837:5432 \ | |
| -e POSTGRES_DB=test \ | |
| -e POSTGRES_USER=postgres \ | |
| -e POSTGRES_PASSWORD=postgres \ | |
| -e PGDATABASE=test \ | |
| -e PGUSER=postgres \ | |
| -e PGPASSWORD=postgres \ | |
| --health-cmd="pg_isready" \ | |
| --health-interval=10s \ | |
| --health-timeout=5s \ | |
| --health-retries=5 \ | |
| postgis/postgis:16-3.5 \ | |
| postgres \ | |
| -c ssl=on \ | |
| -c ssl_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem \ | |
| -c ssl_key_file=/etc/ssl/private/ssl-cert-snakeoil.key | |
| - name: Start NGINX | |
| uses: nyurik/[email protected] | |
| id: nginx | |
| with: { port: '5412', output-unix-paths: 'yes' } | |
| - name: Checkout sources | |
| uses: actions/checkout@v5 | |
| - name: Init database | |
| env: | |
| PGPORT: ${{ env.PGPORT }} | |
| run: | | |
| if [ "$RUNNER_OS" == "Linux" ]; then | |
| export DATABASE_URL="postgres://${{ env.PGUSER }}:${{ env.PGUSER }}@${{ env.PGHOST }}:${{ env.PGPORT }}/${{ env.PGDATABASE }}?sslmode=require" | |
| else | |
| export PGSERVICE="${{ steps.pg.outputs.service-name }}" | |
| fi | |
| tests/fixtures/initdb.sh | |
| - name: Copy static files | |
| run: cp -r tests/fixtures/pmtiles2/* ${{ steps.nginx.outputs.html-dir }} | |
| - name: Download build artifact build-${{ matrix.target }} | |
| uses: actions/download-artifact@v5 | |
| with: | |
| name: build-${{ matrix.target }} | |
| path: target/ | |
| - name: Set up gdal-bin and sqlite3-tools | |
| if: matrix.os == 'ubuntu-latest' | |
| run: sudo apt-get update && sudo apt-get install -y gdal-bin sqlite3-tools | |
| - name: Integration Tests | |
| run: | | |
| export MARTIN_BUILD_ALL=- | |
| export AWS_REGION=eu-central-1 | |
| export AWS_SKIP_CREDENTIALS=1 | |
| export MARTIN_BIN=target/martin${{ matrix.ext }} | |
| export MARTIN_CP_BIN=target/martin-cp${{ matrix.ext }} | |
| export MBTILES_BIN=target/mbtiles${{ matrix.ext }} | |
| if [[ "${{ runner.os }}" != "Windows" ]]; then | |
| chmod +x "$MARTIN_BIN" "$MARTIN_CP_BIN" "$MBTILES_BIN" | |
| fi | |
| if [ "$RUNNER_OS" == "Linux" ]; then | |
| export DATABASE_URL="postgres://${{ env.PGUSER }}:${{ env.PGUSER }}@${{ env.PGHOST }}:${{ env.PGPORT }}/${{ env.PGDATABASE }}?sslmode=require" | |
| else | |
| export DATABASE_URL="${{ steps.pg.outputs.connection-uri }}" | |
| fi | |
| tests/test.sh | |
| - name: Compare test output results (Linux) | |
| if: matrix.target == 'x86_64-unknown-linux-gnu' | |
| run: diff --brief --recursive --new-file --exclude='*.pbf' tests/output tests/expected | |
| - name: Download Debian package (Linux) | |
| if: matrix.target == 'x86_64-unknown-linux-gnu' | |
| uses: actions/download-artifact@v5 | |
| with: { name: 'build-debian-x86_64', path: 'target/' } | |
| - name: Tests Debian package (Linux) | |
| if: matrix.target == 'x86_64-unknown-linux-gnu' | |
| run: | | |
| sudo dpkg -i target/debian-x86_64.deb | |
| export MARTIN_BUILD_ALL=- | |
| export AWS_REGION=eu-central-1 | |
| export AWS_SKIP_CREDENTIALS=1 | |
| export MARTIN_BIN=/usr/bin/martin${{ matrix.ext }} | |
| export MARTIN_CP_BIN=/usr/bin/martin-cp${{ matrix.ext }} | |
| export MBTILES_BIN=/usr/bin/mbtiles${{ matrix.ext }} | |
| tests/test.sh | |
| env: | |
| DATABASE_URL: postgres://${{ env.PGUSER }}:${{ env.PGUSER }}@${{ env.PGHOST }}:${{ env.PGPORT }}/${{ env.PGDATABASE }}?sslmode=require | |
| - name: Save test output (on error) | |
| if: failure() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: failed-test-output-${{ runner.os }} | |
| path: | | |
| tests/output/* | |
| target/test_logs/* | |
| retention-days: 5 | |
| test-with-svc: | |
| name: Test postgis:${{ matrix.img_ver }} sslmode=${{ matrix.sslmode }} | |
| runs-on: ubuntu-latest | |
| needs: [ build ] | |
| strategy: | |
| fail-fast: true | |
| matrix: | |
| include: | |
| # These must match the versions of postgres used in the docker-compose.yml | |
| - img_ver: 11-3.0-alpine | |
| args: postgres | |
| sslmode: disable | |
| - img_ver: 16-3.5-alpine | |
| args: postgres | |
| sslmode: disable | |
| # alpine images don't support SSL, so for this we use the debian images | |
| - img_ver: 16-3.5 | |
| args: postgres -c ssl=on -c ssl_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem -c ssl_key_file=/etc/ssl/private/ssl-cert-snakeoil.key | |
| sslmode: require | |
| # | |
| # FIXME! | |
| # DISABLED because Rustls fails to validate name (CN?) with the NotValidForName error | |
| #- img_ver: 15-3.3 | |
| # args: postgres -c ssl=on -c ssl_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem -c ssl_key_file=/etc/ssl/private/ssl-cert-snakeoil.key | |
| # sslmode: verify-ca | |
| #- img_ver: 15-3.3 | |
| # args: postgres -c ssl=on -c ssl_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem -c ssl_key_file=/etc/ssl/private/ssl-cert-snakeoil.key | |
| # sslmode: verify-full | |
| env: | |
| PGDATABASE: test | |
| PGHOST: localhost | |
| PGUSER: postgres | |
| PGPASSWORD: postgres | |
| services: | |
| postgres: | |
| image: postgis/postgis:${{ matrix.img_ver }} | |
| ports: | |
| - 5432/tcp | |
| options: >- | |
| -e POSTGRES_DB=test | |
| -e POSTGRES_USER=postgres | |
| -e POSTGRES_PASSWORD=postgres | |
| -e PGDATABASE=test | |
| -e PGUSER=postgres | |
| -e PGPASSWORD=postgres | |
| --health-cmd pg_isready | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| --entrypoint sh | |
| postgis/postgis:${{ matrix.img_ver }} | |
| -c "exec docker-entrypoint.sh ${{ matrix.args }}" | |
| steps: | |
| - run: rustup update stable && rustup default stable | |
| - name: Checkout sources | |
| uses: actions/checkout@v5 | |
| - uses: Swatinem/rust-cache@v2 # for the unit-test to be run against postgres | |
| if: github.event_name != 'release' && github.event_name != 'workflow_dispatch' | |
| - name: Run NGINX | |
| uses: nyurik/[email protected] | |
| id: nginx | |
| with: { port: '5412', output-unix-paths: 'yes' } | |
| - name: Copy static files | |
| run: cp -r tests/fixtures/pmtiles2/* ${{ steps.nginx.outputs.html-dir }} | |
| - name: Init database | |
| run: tests/fixtures/initdb.sh | |
| env: | |
| PGPORT: ${{ job.services.postgres.ports[5432] }} | |
| - name: Get DB SSL cert (sslmode=verify-*) | |
| if: matrix.sslmode == 'verify-ca' || matrix.sslmode == 'verify-full' | |
| run: | | |
| set -x | |
| mkdir -p target/certs | |
| docker cp ${{ job.services.postgres.id }}:/etc/ssl/certs/ssl-cert-snakeoil.pem target/certs/server.crt | |
| docker cp ${{ job.services.postgres.id }}:/etc/ssl/private/ssl-cert-snakeoil.key target/certs/server.key | |
| - name: Download build artifact build-x86_64-unknown-linux-gnu | |
| uses: actions/download-artifact@v5 | |
| with: { name: 'build-x86_64-unknown-linux-gnu', path: 'target_releases/' } | |
| - name: Set up gdal-bin and sqlite3-tools | |
| run: sudo apt update && sudo apt-get install -y gdal-bin sqlite3-tools | |
| - name: Integration Tests | |
| run: | | |
| if [[ "${{ matrix.sslmode }}" == "verify-ca" || "${{ matrix.sslmode }}" == "verify-full" ]]; then | |
| export PGSSLROOTCERT=target/certs/server.crt | |
| fi | |
| export MARTIN_BUILD_ALL=- | |
| export AWS_REGION=eu-central-1 | |
| export AWS_SKIP_CREDENTIALS=1 | |
| export MARTIN_BIN=target_releases/martin | |
| export MARTIN_CP_BIN=target_releases/martin-cp | |
| export MBTILES_BIN=target_releases/mbtiles | |
| chmod +x "$MARTIN_BIN" "$MARTIN_CP_BIN" "$MBTILES_BIN" | |
| tests/test.sh | |
| rm -rf target_releases | |
| env: | |
| DATABASE_URL: postgres://${{ env.PGUSER }}:${{ env.PGUSER }}@${{ env.PGHOST }}:${{ job.services.postgres.ports[5432] }}/${{ env.PGDATABASE }}?sslmode=${{ matrix.sslmode }} | |
| - name: Download Debian package | |
| uses: actions/download-artifact@v5 | |
| with: { name: 'build-debian-x86_64', path: 'target_releases/' } | |
| - name: Tests Debian package | |
| run: | | |
| sudo dpkg -i target_releases/debian-x86_64.deb | |
| if [[ "${{ matrix.sslmode }}" == "verify-ca" || "${{ matrix.sslmode }}" == "verify-full" ]]; then | |
| export PGSSLROOTCERT=target/certs/server.crt | |
| fi | |
| export MARTIN_BUILD_ALL=- | |
| export AWS_REGION=eu-central-1 | |
| export AWS_SKIP_CREDENTIALS=1 | |
| export MARTIN_BIN=/usr/bin/martin | |
| export MARTIN_CP_BIN=/usr/bin/martin-cp | |
| export MBTILES_BIN=/usr/bin/mbtiles | |
| tests/test.sh | |
| sudo dpkg -P martin | |
| rm -rf target_releases | |
| env: | |
| DATABASE_URL: postgres://${{ env.PGUSER }}:${{ env.PGUSER }}@${{ env.PGHOST }}:${{ job.services.postgres.ports[5432] }}/${{ env.PGDATABASE }}?sslmode=${{ matrix.sslmode }} | |
| - name: Unit Tests | |
| if: matrix.sslmode != 'verify-ca' && matrix.sslmode != 'verify-full' | |
| run: | | |
| echo "Running unit tests, connecting to DATABASE_URL=$DATABASE_URL" | |
| echo "Same but as base64 to prevent GitHub obfuscation (this is not a secret):" | |
| echo "$DATABASE_URL" | base64 | |
| set -x | |
| cargo test --package martin | |
| cargo clean | |
| env: | |
| DATABASE_URL: postgres://${{ env.PGUSER }}:${{ env.PGUSER }}@${{ env.PGHOST }}:${{ job.services.postgres.ports[5432] }}/${{ env.PGDATABASE }}?sslmode=${{ matrix.sslmode }} | |
| AWS_SKIP_CREDENTIALS: 1 | |
| AWS_REGION: eu-central-1 | |
| - name: Save test output (on error) | |
| if: failure() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: test-output | |
| path: | | |
| tests/output/* | |
| target/test_logs/* | |
| retention-days: 5 | |
| package: | |
| name: Package | |
| runs-on: ubuntu-latest | |
| needs: [ lint-debug-test, test-multi-os, test-with-svc, test-aws-lambda ] | |
| steps: | |
| - name: Checkout sources | |
| uses: actions/checkout@v5 | |
| - name: Download build artifact build-aarch64-apple-darwin | |
| uses: actions/download-artifact@v5 | |
| with: { name: 'build-aarch64-apple-darwin', path: 'target/aarch64-apple-darwin' } | |
| - name: Download build artifact build-x86_64-apple-darwin | |
| uses: actions/download-artifact@v5 | |
| with: { name: 'build-x86_64-apple-darwin', path: 'target/x86_64-apple-darwin' } | |
| - name: Download build artifact build-x86_64-unknown-linux-gnu | |
| uses: actions/download-artifact@v5 | |
| with: { name: 'build-x86_64-unknown-linux-gnu', path: 'target/x86_64-unknown-linux-gnu' } | |
| - name: Download build artifact build-aarch64-unknown-linux-musl | |
| uses: actions/download-artifact@v5 | |
| with: { name: 'build-aarch64-unknown-linux-musl', path: 'target/aarch64-unknown-linux-musl' } | |
| - name: Download build artifact build-x86_64-unknown-linux-musl | |
| uses: actions/download-artifact@v5 | |
| with: { name: 'build-x86_64-unknown-linux-musl', path: 'target/x86_64-unknown-linux-musl' } | |
| - name: Download build artifact build-x86_64-pc-windows-msvc | |
| uses: actions/download-artifact@v5 | |
| with: { name: 'build-x86_64-pc-windows-msvc', path: 'target/x86_64-pc-windows-msvc' } | |
| - name: Download build artifact build-debian-x86_64 | |
| uses: actions/download-artifact@v5 | |
| with: { name: 'build-debian-x86_64', path: 'target/debian-x86_64' } | |
| - name: Package | |
| run: | | |
| set -x | |
| cd target | |
| mkdir files | |
| for target in aarch64-apple-darwin x86_64-apple-darwin x86_64-unknown-linux-gnu aarch64-unknown-linux-musl x86_64-unknown-linux-musl; | |
| do | |
| cd "$target" | |
| chmod +x martin martin-cp mbtiles | |
| tar czvf ../files/martin-${target}.tar.gz martin martin-cp mbtiles | |
| cd .. | |
| done | |
| # | |
| # Special case for Windows | |
| # | |
| cd x86_64-pc-windows-msvc | |
| 7z a ../files/martin-x86_64-pc-windows-msvc.zip martin.exe martin-cp.exe mbtiles.exe | |
| cd .. | |
| # | |
| # Special case for Debian .deb package | |
| # | |
| cd debian-x86_64 | |
| mv debian-x86_64.deb ../files/martin-Debian-x86_64.deb | |
| cd .. | |
| - name: Create Homebrew config | |
| run: | | |
| set -x | |
| # Extract Github release version only without the "v" prefix | |
| MARTIN_VERSION=$(echo "${{ github.ref }}" | sed -e 's/refs\/tags\/v//') | |
| mkdir -p target/homebrew | |
| cd target | |
| cat << EOF > homebrew_config.yaml | |
| version: "$MARTIN_VERSION" | |
| macos_arm_sha256: "$(shasum -a 256 files/martin-aarch64-apple-darwin.tar.gz | cut -d' ' -f1)" | |
| macos_intel_sha256: "$(shasum -a 256 files/martin-x86_64-apple-darwin.tar.gz | cut -d' ' -f1)" | |
| linux_arm_sha256: "$(shasum -a 256 files/martin-aarch64-unknown-linux-musl.tar.gz | cut -d' ' -f1)" | |
| linux_intel_sha256: "$(shasum -a 256 files/martin-x86_64-unknown-linux-musl.tar.gz | cut -d' ' -f1)" | |
| EOF | |
| - name: Save Homebrew Config | |
| uses: actions/upload-artifact@v4 | |
| with: { name: 'homebrew-config', path: 'target/homebrew_config.yaml' } | |
| - name: Publish | |
| if: startsWith(github.ref, 'refs/tags/') | |
| uses: softprops/action-gh-release@v2 | |
| with: { files: 'target/files/*', generate_release_notes: true } | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| # Create a personal access token | |
| # Gen: https://github.com/settings/personal-access-tokens/new | |
| # Can also use "regenerate token" button in the expired token screen | |
| # Set: https://github.com/maplibre/martin/settings/secrets/actions/GH_HOMEBREW_MARTIN_TOKEN | |
| # Docs: https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens#creating-a-fine-grained-personal-access-token | |
| # Name: anything descriptive | |
| # One year long (sadly that's max) | |
| # Repository owner and repo: maplibre/homebrew-martin | |
| # Access Contents: Read and write | |
| # Access Metadata: Read-only | |
| # Access Pull requests: Read and write | |
| - name: Checkout maplibre/homebrew-martin | |
| if: startsWith(github.ref, 'refs/tags/') | |
| uses: actions/checkout@v5 | |
| with: | |
| repository: maplibre/homebrew-martin | |
| token: ${{ secrets.GH_HOMEBREW_MARTIN_TOKEN }} # See instructions above | |
| path: target/homebrew | |
| - name: Create Homebrew formula | |
| uses: cuchi/jinja2-action@master | |
| with: | |
| template: .github/files/homebrew.martin.rb.j2 | |
| output_file: target/homebrew/martin.rb | |
| data_file: target/homebrew_config.yaml | |
| - name: Create a PR for maplibre/homebrew-martin | |
| if: startsWith(github.ref, 'refs/tags/') | |
| uses: peter-evans/create-pull-request@v7 | |
| with: | |
| token: ${{ secrets.GH_HOMEBREW_MARTIN_TOKEN }} # See instructions above | |
| commit-message: 'Update to ${{ github.ref }}' | |
| title: 'Update to ${{ github.ref }}' | |
| body: 'Update to ${{ github.ref }}' | |
| branch: 'update-to-${{ github.ref }}' | |
| branch-suffix: timestamp | |
| base: 'main' | |
| labels: 'auto-update' | |
| assignees: 'nyurik' | |
| draft: false | |
| delete-branch: true | |
| path: target/homebrew | |
| # This final step is needed to mark the whole workflow as successful | |
| # Don't change its name - it is used by the merge protection rules | |
| done: | |
| name: CI Finished | |
| runs-on: ubuntu-latest | |
| needs: [ package, docker-build-test ] | |
| if: always() | |
| steps: | |
| - name: Result of the needed steps | |
| run: echo "${{ toJSON(needs) }}" | |
| - if: ${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') || contains(needs.*.result, 'skipped') }} | |
| name: CI Result | |
| run: exit 1 |