mirror of
https://github.com/neondatabase/neon.git
synced 2025-12-22 21:59:59 +00:00
0dbe551802
## Problem We want to have the data-api served by the proxy directly instead of relying on a 3rd party to run a deployment for each project/endpoint. ## Summary of changes With the changes below, the proxy (auth-broker) becomes also a "rest-broker", that can be thought of as a "Multi-tenant" data-api which provides an automated REST api for all the databases in the region. The core of the implementation (that leverages the subzero library) is in proxy/src/serverless/rest.rs and this is the only place that has "new logic". --------- Co-authored-by: Ruslan Talpa <ruslan.talpa@databricks.com> Co-authored-by: Alexander Bayandin <alexander@neon.tech> Co-authored-by: Conrad Ludgate <conrad@neon.tech>
129 lines
4.8 KiB
YAML
129 lines
4.8 KiB
YAML
name: Check neon with MacOS builds
|
|
|
|
on:
|
|
workflow_call:
|
|
inputs:
|
|
pg_versions:
|
|
description: "Array of the pg versions to build for, for example: ['v14', 'v17']"
|
|
type: string
|
|
default: '[]'
|
|
required: false
|
|
rebuild_rust_code:
|
|
description: "Rebuild Rust code"
|
|
type: boolean
|
|
default: false
|
|
required: false
|
|
rebuild_everything:
|
|
description: "If true, rebuild for all versions"
|
|
type: boolean
|
|
default: false
|
|
required: false
|
|
|
|
env:
|
|
RUST_BACKTRACE: 1
|
|
COPT: '-Werror'
|
|
|
|
# TODO: move `check-*` and `files-changed` jobs to the "Caller" Workflow
|
|
# We should care about that as Github has limitations:
|
|
# - You can connect up to four levels of workflows
|
|
# - You can call a maximum of 20 unique reusable workflows from a single workflow file.
|
|
# https://docs.github.com/en/actions/sharing-automations/reusing-workflows#limitations
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
make-all:
|
|
if: |
|
|
inputs.pg_versions != '[]' || inputs.rebuild_rust_code || inputs.rebuild_everything ||
|
|
contains(github.event.pull_request.labels.*.name, 'run-extra-build-macos') ||
|
|
contains(github.event.pull_request.labels.*.name, 'run-extra-build-*') ||
|
|
github.ref_name == 'main'
|
|
timeout-minutes: 60
|
|
runs-on: macos-15
|
|
env:
|
|
# Use release build only, to have less debug info around
|
|
# Hence keeping target/ (and general cache size) smaller
|
|
BUILD_TYPE: release
|
|
steps:
|
|
- name: Harden the runner (Audit all outbound calls)
|
|
uses: step-security/harden-runner@4d991eb9b905ef189e4c376166672c3f2f230481 # v2.11.0
|
|
with:
|
|
egress-policy: audit
|
|
|
|
- name: Checkout main repo
|
|
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
with:
|
|
submodules: true
|
|
|
|
- uses: ./.github/actions/prepare-for-subzero
|
|
with:
|
|
token: ${{ secrets.CI_ACCESS_TOKEN }}
|
|
|
|
- name: Install build dependencies
|
|
run: |
|
|
brew install flex bison openssl protobuf icu4c
|
|
|
|
- name: Set extra env for macOS
|
|
run: |
|
|
echo 'LDFLAGS=-L/usr/local/opt/openssl@3/lib' >> $GITHUB_ENV
|
|
echo 'CPPFLAGS=-I/usr/local/opt/openssl@3/include' >> $GITHUB_ENV
|
|
|
|
- name: Restore "pg_install/" cache
|
|
id: cache_pg
|
|
uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
|
|
with:
|
|
path: pg_install
|
|
key: v1-${{ runner.os }}-${{ runner.arch }}-${{ env.BUILD_TYPE }}-pg-install-v14-${{ hashFiles('Makefile', 'postgres.mk', 'vendor/revisions.json') }}
|
|
|
|
- name: Checkout vendor/postgres submodules
|
|
if: steps.cache_pg.outputs.cache-hit != 'true'
|
|
run: |
|
|
git submodule init
|
|
git submodule update --depth 1 --recursive
|
|
|
|
- name: Build Postgres
|
|
if: steps.cache_pg.outputs.cache-hit != 'true'
|
|
run: |
|
|
make postgres -j$(sysctl -n hw.ncpu)
|
|
|
|
# This isn't strictly necessary, but it makes the cached and non-cached builds more similar,
|
|
# When pg_install is restored from cache, there is no 'build/' directory. By removing it
|
|
# in a non-cached build too, we enforce that the rest of the steps don't depend on it,
|
|
# so that we notice any build caching bugs earlier.
|
|
- name: Remove build artifacts
|
|
if: steps.cache_pg.outputs.cache-hit != 'true'
|
|
run: |
|
|
rm -rf build
|
|
|
|
# Explicitly update the rust toolchain before running 'make'. The parallel make build can
|
|
# invoke 'cargo build' more than once in parallel, for different crates. That's OK, 'cargo'
|
|
# does its own locking to prevent concurrent builds from stepping on each other's
|
|
# toes. However, it will first try to update the toolchain, and that step is not locked the
|
|
# same way. To avoid two toolchain updates running in parallel and stepping on each other's
|
|
# toes, ensure that the toolchain is up-to-date beforehand.
|
|
- name: Update rust toolchain
|
|
run: |
|
|
rustup --version &&
|
|
rustup update &&
|
|
rustup show
|
|
|
|
- name: Cache cargo deps
|
|
uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
|
|
with:
|
|
path: |
|
|
~/.cargo/registry
|
|
!~/.cargo/registry/src
|
|
~/.cargo/git
|
|
target
|
|
key: v1-${{ runner.os }}-${{ runner.arch }}-cargo-${{ hashFiles('./Cargo.lock') }}-${{ hashFiles('./rust-toolchain.toml') }}-rust
|
|
|
|
# Build the neon-specific postgres extensions, and all the Rust bits.
|
|
#
|
|
# Pass PG_INSTALL_CACHED=1 because PostgreSQL was already built and cached
|
|
# separately.
|
|
- name: Build all
|
|
run: PG_INSTALL_CACHED=1 BUILD_TYPE=release make -j$(sysctl -n hw.ncpu) all
|
|
|
|
- name: Check that no warnings are produced
|
|
run: ./run_clippy.sh
|