Opened 14 months ago
Closed 13 months ago
#5566 closed task (fixed)
Add CI testing under sandboxed system
Reported by: | strk | Owned by: | robe |
---|---|---|---|
Priority: | medium | Milestone: | Website Management, Bots |
Component: | QA/buildbots | Version: | |
Keywords: | pgextwlist | Cc: |
Change History (11)
comment:1 by , 14 months ago
comment:2 by , 14 months ago
Docker image is ready, work in progress pull request to use an non-superuser account to run tests is in https://git.osgeo.org/gitea/postgis/postgis/pulls/158
comment:3 by , 14 months ago
As I found out empirically, "test using non-superuser account" is too generic: only EXTENSION based tests can run as non-superuser when using pgextwlist (and maybe in the future "trusted" extension - see #5567)
So we need SUPERUSER for script based and can use another role for extension based (if the target database setup allows for that). Maybe a run_test.pl
switch could request using a special role for extension via a --extension-test-role
or something along those lines.
comment:4 by , 13 months ago
I've settled for a POSTGIS_REGRESS_ROLE_EXT_CREATOR environment variable support in run_test.pl which landed in the master branch with [52bfcd5faa3a7577292814d0a5a17c5698a9032f/git]
In https://git.osgeo.org/gitea/postgis/postgis/pulls/158 I'm experimenting with that.
comment:7 by , 13 months ago
CI is failing due to our own script refusing to package functions owned by a different owner than the extension owner: https://woodie.osgeo.org/repos/30/pipeline/1441/4#L5492
Should we relax that check and accept mixed ownership as long as the owner of existing function is a superuser ?
comment:8 by , 13 months ago
The ownership check was implemented in commit [06f49e8dc83cfd7319709518ba479a3fd95e5000/git] referencing #4648
I've added preconfiguration of pgextwlist in the docker image, and granted
postgis_reg_unprivileged_user
user db creation privileges with https://git.osgeo.org/gitea/postgis/postgis-docker/commit/b6a836fd3421b15bd272dfc9f257cddbc7e24e5fOnce the image build completes ( https://debbie.postgis.net/view/PostGIS/job/PostGIS-docker/52/ ) we can experiment with using the unprivileged user for testing.