Misc fixes to allow local file to work with both Docker for Mac and C…

.github/workflows/ci.yml

@@ -70,13 +70,11 @@ jobs:
         if: (matrix.project == 'rootNative') && startsWith(matrix.os, 'ubuntu')
         run: /home/linuxbrew/.linuxbrew/bin/brew install s2n utf8proc
 
-      - name: Set up cert permissions
-        run: |
-          chmod 600 world/server.key
-          sudo chown 999 world/server.key
-
       - name: Start up Postgres
-        run: docker-compose up -d
+        run: |
+          export SERVER_KEY=$(cat world/server.key)
+          export SERVER_CERT=$(cat world/server.crt)
+          docker-compose up -d
 
       - name: Check that workflows are up to date
         run: sbt githubWorkflowCheck
@@ -316,13 +314,11 @@ jobs:
             ~/Library/Caches/Coursier/v1
           key: ${{ runner.os }}-sbt-cache-v2-${{ hashFiles('**/*.sbt') }}-${{ hashFiles('project/build.properties') }}
 
-      - name: Set up cert permissions
-        run: |
-          chmod 600 world/server.key
-          sudo chown 999 world/server.key
-
       - name: Start up Postgres
-        run: docker-compose up -d
+        run: |
+          export SERVER_KEY=$(cat world/server.key)
+          export SERVER_CERT=$(cat world/server.crt)
+          docker-compose up -d
 
       - run: sbt '++${{ matrix.scala }}' coverage rootJVM/test coverageReport
 

bin/local

@@ -22,7 +22,10 @@ case $DIR in
   ;;
 esac
 
-# Fix postgres ssl key permissions.
-chmod 600 world/server.key
+# Export server files as environment variables
+# so we can load them onto the file system 
+# as postgres user
+export SERVER_KEY=$(cat world/server.key)
+export SERVER_CERT=$(cat world/server.crt)
 
 docker-compose $CMD $EXTRA_FLAGS

build.sbt

@@ -26,11 +26,7 @@ ThisBuild / nativeBrewInstallCond := Some("matrix.project == 'rootNative'")
 
 lazy val setupCertAndDocker = Seq(
   WorkflowStep.Run(
-    commands = List("chmod 600 world/server.key", "sudo chown 999 world/server.key"),
-    name = Some("Set up cert permissions"),
-  ),
-  WorkflowStep.Run(
-    commands = List("docker-compose up -d"),
+    commands = List("export SERVER_KEY=$(cat world/server.key)", "export SERVER_CERT=$(cat world/server.crt)", "docker-compose up -d"),
     name = Some("Start up Postgres"),
   )
 )

docker-compose.yml

@@ -3,18 +3,19 @@ services:
   # main instance for testing
   postgres:
     image: postgres:11
-    command: -c ssl=on -c ssl_cert_file=/var/lib/postgresql/server.crt -c ssl_key_file=/var/lib/postgresql/server.key
     volumes:
+      - ./world/fix_perms.sh:/docker-entrypoint-initdb.d/fix_perms.sh
       - ./world/world.sql:/docker-entrypoint-initdb.d/world.sql
       - ./world/ltree.sql:/docker-entrypoint-initdb.d/ltree.sql
-      - ./world/server.crt:/var/lib/postgresql/server.crt
-      - ./world/server.key:/var/lib/postgresql/server.key
+      - ./world/config.sql:/docker-entrypoint-initdb.d/config.sql
     ports:
       - 5432:5432
     environment:
       POSTGRES_USER: jimmy
       POSTGRES_PASSWORD: banana
       POSTGRES_DB: world
+      SERVER_KEY: $SERVER_KEY
+      SERVER_CERT: $SERVER_CERT
   # for testing password-free login
   trust:
     image: postgres:11

world/config.sql

@@ -0,0 +1,3 @@
+ALTER SYSTEM SET ssl_cert_file TO '/var/lib/postgresql/server.crt';
+ALTER SYSTEM SET ssl_key_file TO '/var/lib/postgresql/server.key';
+ALTER SYSTEM SET ssl TO 'ON';

world/fix_perms.sh

@@ -0,0 +1,16 @@
+#!/bin/bash 
+
+# Loads cert/key into container as environment variable so
+# we can write it as postgres user in the container
+#
+# Bind mounting it from host on non-native Docker environments
+# (e.g., OS X) leads to permission issues.
+
+echo "$SERVER_CERT" > /var/lib/postgresql/server.crt
+echo "$SERVER_KEY" > /var/lib/postgresql/server.key
+
+cat /var/lib/postgresql/server.crt
+cat /var/lib/postgresql/server.key
+
+chmod 600 /var/lib/postgresql/server.key
+chmod 600 /var/lib/postgresql/server.crt

world/ltree.sql

@@ -1 +1 @@
-CREATE EXTENSION ltree ;
+CREATE EXTENSION if not exists ltree ;