feat: support string comparison for jwt-role-claim-key #617
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build | |
on: | |
workflow_call: | |
secrets: | |
CACHIX_AUTH_TOKEN: | |
required: false | |
pull_request: | |
branches: | |
- main | |
- v[0-9]+ | |
paths: | |
- .github/workflows/build.yaml | |
- .github/actions/** | |
- .github/scripts/** | |
- .github/* | |
- '*.nix' | |
- nix/** | |
- .cirrus.yml | |
- cabal.project* | |
- postgrest.cabal | |
- stack.yaml* | |
- '**.hs' | |
- '!**.md' | |
concurrency: | |
# Terminate all previous runs of the same workflow for pull requests | |
group: build-${{ github.head_ref || github.run_id }} | |
cancel-in-progress: true | |
jobs: | |
static: | |
name: Nix - Linux static | |
runs-on: ubuntu-24.04 | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Setup Nix Environment | |
uses: ./.github/actions/setup-nix | |
with: | |
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' | |
- name: Build static executable | |
run: nix-build -A postgrestStatic | |
- name: Save built executable as artifact | |
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 | |
with: | |
name: postgrest-linux-static-x64 | |
path: result/bin/postgrest | |
if-no-files-found: error | |
- name: Build Docker image | |
run: nix-build -A docker.image --out-link postgrest-docker.tar.gz | |
- name: Save built Docker image as artifact | |
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 | |
with: | |
name: postgrest-docker-x64 | |
path: postgrest-docker.tar.gz | |
if-no-files-found: error | |
macos: | |
name: Nix - MacOS | |
runs-on: macos-14 | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Setup Nix Environment | |
uses: ./.github/actions/setup-nix | |
with: | |
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' | |
- name: Install gnu sed | |
run: brew install gnu-sed | |
- name: Build everything | |
run: | | |
# The --dry-run will give us a list of derivations to download from cachix and | |
# derivations to build. We only take those that would have to be built and then build | |
# those explicitly. This has the advantage that pure verification will not include | |
# a download anymore, making it much faster. If something needs to be built, only | |
# the dependencies required to do so will be downloaded, but not everything. | |
nix-build --dry-run 2>&1 \ | |
| gsed -e '1,/derivations will be built:$/d' -e '/paths will be fetched/Q' \ | |
| xargs nix-build | |
stack: | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- name: Linux | |
runs-on: ubuntu-22.04 | |
cache: | | |
~/.stack/pantry | |
~/.stack/snapshots | |
~/.stack/stack.sqlite3 | |
# no artifact for Linux, because we use the static build | |
- name: MacOS | |
runs-on: macos-14 | |
cache: | | |
~/.stack/pantry | |
~/.stack/snapshots | |
~/.stack/stack.sqlite3 | |
artifact: postgrest-macos-x64 | |
deps: brew install libpq && brew link --force libpq | |
- name: Windows | |
runs-on: windows-2022 | |
cache: | | |
~\AppData\Roaming\stack\pantry | |
~\AppData\Local\Programs\stack\pantry | |
~\AppData\Roaming\stack\snapshots | |
~\AppData\Local\Programs\stack\snapshots | |
~\AppData\Roaming\stack\stack.sqlite3 | |
~\AppData\Local\Programs\stack\stack.sqlite3 | |
deps: Add-Content $env:GITHUB_PATH $env:PGBIN | |
artifact: postgrest-windows-x64 | |
name: Stack - ${{ matrix.name }} | |
runs-on: ${{ matrix.runs-on }} | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- uses: haskell-actions/setup@dd344bc1cec854a369df8814ce17ef337d6e6170 # v2.7.6 | |
with: | |
# This must match the version in stack.yaml's resolver | |
ghc-version: 9.6.6 | |
enable-stack: true | |
stack-no-global: true | |
stack-setup-ghc: true | |
- name: Cache ~/.stack | |
uses: ./.github/actions/cache-on-main | |
with: | |
path: ${{ matrix.cache }} | |
prefix: stack | |
suffix: ${{ hashFiles('postgrest.cabal', 'stack.yaml.lock') }} | |
- name: Cache .stack-work | |
uses: ./.github/actions/cache-on-main | |
with: | |
path: .stack-work | |
save-prs: true | |
prefix: stack-work-${{ hashFiles('postgrest.cabal', 'stack.yaml.lock') }} | |
suffix: ${{ hashFiles('main/**/*.hs', 'src/**/*.hs') }} | |
- name: Install dependencies | |
if: matrix.deps | |
run: ${{ matrix.deps }} | |
- name: Build with Stack | |
run: stack build --lock-file error-on-write --local-bin-path result --copy-bins | |
- name: Strip Executable | |
run: strip result/postgrest* | |
- name: Save built executable as artifact | |
if: matrix.artifact | |
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 | |
with: | |
name: ${{ matrix.artifact }} | |
path: | | |
result/postgrest | |
result/postgrest.exe | |
if-no-files-found: error | |
freebsd: | |
name: Stack - FreeBSD from CirrusCI | |
runs-on: ubuntu-24.04 | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- uses: ./.github/actions/artifact-from-cirrus | |
with: | |
token: ${{ github.token }} | |
task: Build FreeBSD (Stack) | |
download: bin | |
upload: postgrest-freebsd-x64 | |
cabal: | |
strategy: | |
matrix: | |
ghc: ['9.6.6', '9.8.2'] | |
fail-fast: false | |
name: Cabal - Linux GHC ${{ matrix.ghc }} | |
runs-on: ubuntu-24.04 | |
steps: | |
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- uses: haskell-actions/setup@dd344bc1cec854a369df8814ce17ef337d6e6170 # v2.7.6 | |
with: | |
ghc-version: ${{ matrix.ghc }} | |
- name: Cache .cabal | |
uses: ./.github/actions/cache-on-main | |
with: | |
path: | | |
~/.cabal/packages | |
~/.cabal/store | |
prefix: cabal-${{ matrix.ghc }}-${{ hashFiles('cabal.project.freeze') }} | |
suffix: ${{ hashFiles('postgrest.cabal', 'cabal.project') }} | |
- name: Cache dist-newstyle | |
uses: ./.github/actions/cache-on-main | |
with: | |
path: dist-newstyle | |
save-prs: true | |
prefix: cabal-${{ matrix.ghc }}-dist-newstyle-${{ hashFiles('postgrest.cabal', 'cabal.project', 'cabal.project.freeze') }} | |
suffix: ${{ hashFiles('**/*.hs') }} | |
- name: Install dependencies | |
run: cabal build --only-dependencies --enable-tests --enable-benchmarks | |
- name: Build | |
run: cabal build --enable-tests --enable-benchmarks all |