docs: split README, real docs, sphinx #380
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # badge: https://github.com/borgbackup/borgstore/workflows/CI/badge.svg?branch=master | |
| name: CI | |
| permissions: | |
| contents: read | |
| on: | |
| push: | |
| branches: [ master ] | |
| paths: | |
| - '**.py' | |
| - '**.yml' | |
| - '**.toml' | |
| - '**.cfg' | |
| - '**.ini' | |
| - 'requirements.d/*' | |
| - '!docs/**' | |
| pull_request: | |
| branches: [ master ] | |
| paths: | |
| - '**.py' | |
| - '**.yml' | |
| - '**.toml' | |
| - '**.cfg' | |
| - '**.ini' | |
| - 'requirements.d/*' | |
| - '!docs/**' | |
| jobs: | |
| ci_job: | |
| strategy: | |
| fail-fast: true | |
| matrix: | |
| include: | |
| - os: ubuntu-24.04 | |
| python-version: '3.11' | |
| toxenv: flake8 | |
| - os: ubuntu-24.04 | |
| python-version: '3.11' | |
| toxenv: mypy | |
| - os: ubuntu-24.04 | |
| python-version: '3.10' | |
| toxenv: py310 | |
| - os: ubuntu-24.04 | |
| python-version: '3.11' | |
| toxenv: py311 | |
| - os: ubuntu-24.04 | |
| python-version: '3.13' | |
| toxenv: py313 | |
| - os: ubuntu-latest | |
| python-version: '3.14' | |
| toxenv: py314 | |
| - os: macos-latest | |
| python-version: '3.12' | |
| toxenv: py312 | |
| - os: windows-latest | |
| python-version: '3.11' | |
| toxenv: py311 | |
| allow-failure: true | |
| env: | |
| TOXENV: ${{ matrix.toxenv }} | |
| runs-on: ${{ matrix.os }} | |
| continue-on-error: ${{ matrix.allow-failure || false }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| # just fetching 1 commit is not enough for setuptools-scm, so we fetch all | |
| fetch-depth: 0 | |
| - name: Install Linux packages | |
| if: runner.os == 'Linux' | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y rclone openssh-server curl | |
| - name: Install macOS packages | |
| if: runner.os == 'macOS' | |
| run: | | |
| brew update | |
| brew install rclone | |
| - name: Configure OpenSSH SFTP server (test only) | |
| if: runner.os == 'Linux' && matrix.toxenv != 'flake8' && matrix.toxenv != 'mypy' | |
| run: | | |
| sudo mkdir -p /run/sshd | |
| sudo useradd -m -s /bin/bash sftpuser || true | |
| # Create SSH key for the CI user and authorize it for sftpuser | |
| mkdir -p ~/.ssh | |
| chmod 700 ~/.ssh | |
| test -f ~/.ssh/id_ed25519 || ssh-keygen -t ed25519 -N '' -f ~/.ssh/id_ed25519 | |
| sudo mkdir -p /home/sftpuser/.ssh | |
| sudo chmod 700 /home/sftpuser/.ssh | |
| sudo cp ~/.ssh/id_ed25519.pub /home/sftpuser/.ssh/authorized_keys | |
| sudo chown -R sftpuser:sftpuser /home/sftpuser/.ssh | |
| sudo chmod 600 /home/sftpuser/.ssh/authorized_keys | |
| # Allow publickey auth and enable Subsystem sftp | |
| sudo sed -i 's/^#\?PasswordAuthentication .*/PasswordAuthentication no/' /etc/ssh/sshd_config | |
| sudo sed -i 's/^#\?PubkeyAuthentication .*/PubkeyAuthentication yes/' /etc/ssh/sshd_config | |
| if ! grep -q '^Subsystem sftp' /etc/ssh/sshd_config; then echo 'Subsystem sftp /usr/lib/openssh/sftp-server' | sudo tee -a /etc/ssh/sshd_config; fi | |
| # Ensure host keys exist to avoid slow generation on first sshd start | |
| sudo ssh-keygen -A | |
| # Start sshd (listen on default 22 inside runner) | |
| sudo /usr/sbin/sshd -D & | |
| # Add host key to known_hosts so paramiko trusts it | |
| ssh-keyscan -H localhost 127.0.0.1 | tee -a ~/.ssh/known_hosts | |
| # Start ssh-agent and add our key so paramiko can use the agent | |
| eval "$(ssh-agent -s)" | |
| ssh-add ~/.ssh/id_ed25519 | |
| # Export SFTP test URL for tox via GITHUB_ENV | |
| echo "BORGSTORE_TEST_SFTP_URL=sftp://sftpuser@localhost:22/borgstore/temp-store" >> $GITHUB_ENV | |
| - name: Install and configure MinIO S3 server (test only) | |
| if: runner.os == 'Linux' && matrix.toxenv != 'flake8' && matrix.toxenv != 'mypy' | |
| run: | | |
| set -e | |
| arch=$(uname -m) | |
| case "$arch" in | |
| x86_64|amd64) srv_url=https://dl.min.io/server/minio/release/linux-amd64/minio; cli_url=https://dl.min.io/client/mc/release/linux-amd64/mc ;; | |
| aarch64|arm64) srv_url=https://dl.min.io/server/minio/release/linux-arm64/minio; cli_url=https://dl.min.io/client/mc/release/linux-arm64/mc ;; | |
| *) echo "Unsupported arch: $arch"; exit 1 ;; | |
| esac | |
| curl -fsSL -o /usr/local/bin/minio "$srv_url" | |
| curl -fsSL -o /usr/local/bin/mc "$cli_url" | |
| sudo chmod +x /usr/local/bin/minio /usr/local/bin/mc | |
| export PATH=/usr/local/bin:$PATH | |
| # Start MinIO on :9000 with default credentials (minioadmin/minioadmin) | |
| MINIO_DIR="$GITHUB_WORKSPACE/.minio-data" | |
| MINIO_LOG="$GITHUB_WORKSPACE/.minio.log" | |
| mkdir -p "$MINIO_DIR" | |
| nohup minio server "$MINIO_DIR" --address ":9000" >"$MINIO_LOG" 2>&1 & | |
| # Wait for MinIO port to be ready | |
| for i in $(seq 1 60); do (echo > /dev/tcp/127.0.0.1/9000) >/dev/null 2>&1 && break; sleep 1; done | |
| # Configure client and create bucket | |
| mc alias set local http://127.0.0.1:9000 minioadmin minioadmin | |
| mc mb --ignore-existing local/test | |
| # Export S3 test URL for tox via GITHUB_ENV | |
| echo "BORGSTORE_TEST_S3_URL=s3:minioadmin:minioadmin@http://127.0.0.1:9000/test/path" >> $GITHUB_ENV | |
| - name: Configure nginx + borgstore REST server via systemd socket activation (test only) | |
| if: runner.os == 'Linux' && matrix.toxenv != 'flake8' && matrix.toxenv != 'mypy' | |
| run: | | |
| set -e | |
| sudo apt-get install -y nginx | |
| # Create borgstore system user (matches contrib/server/nginx-systemd/borgstore@.service) | |
| sudo useradd --system --home /srv/borgstore --shell /usr/sbin/nologin borgstore || true | |
| # Add the web server user (www-data) to the borgstore group so it can connect | |
| # to the unix sockets (which are owned by borgstore:borgstore or borgstore:www-data). | |
| sudo usermod -aG borgstore www-data || true | |
| # Install borgstore[rest] to the system Python so the borgstore service user can run it. | |
| # Must NOT use -e (editable): the service runs with ProtectHome=true, which makes | |
| # /home inaccessible. An editable install leaves a .pth pointing to the workspace | |
| # under /home/runner/work/, so the import would fail at service start. A regular | |
| # install copies the package into system site-packages (/usr/lib/python3/...) which | |
| # is always accessible. | |
| sudo pip3 install --break-system-packages ".[rest]" | |
| # Running pip3 as root may have changed ownership of src, so we fix that. | |
| sudo chown -R $USER:$USER src/ | |
| # Create backend directories for the two test repos | |
| sudo mkdir -p /srv/borgstore/repos/repo1 /srv/borgstore/repos/repo2 | |
| sudo chown -R borgstore:borgstore /srv/borgstore/ | |
| # Create env files for both repos (format from contrib/server/nginx-systemd/repo1.env.example) | |
| sudo mkdir -p /etc/borgstore | |
| printf 'BORGSTORE_BACKEND=file:///srv/borgstore/repos/repo1\nBORGSTORE_USERNAME=testuser\nBORGSTORE_PASSWORD=testpass\n' \ | |
| | sudo tee /etc/borgstore/repo1.env > /dev/null | |
| printf 'BORGSTORE_BACKEND=file:///srv/borgstore/repos/repo2\nBORGSTORE_USERNAME=testuser\nBORGSTORE_PASSWORD=testpass\n' \ | |
| | sudo tee /etc/borgstore/repo2.env > /dev/null | |
| sudo chmod 600 /etc/borgstore/repo1.env /etc/borgstore/repo2.env | |
| # Install systemd units from contrib | |
| sudo cp contrib/server/nginx-systemd/borgstore@.service /etc/systemd/system/ | |
| sudo cp contrib/server/nginx-systemd/borgstore@.socket /etc/systemd/system/ | |
| sudo systemctl daemon-reload | |
| # Enable socket units for both repos — socket activation starts each borgstore on demand | |
| sudo systemctl enable --now borgstore@repo1.socket | |
| sudo systemctl enable --now borgstore@repo2.socket | |
| # Install nginx proxy snippet from contrib | |
| sudo mkdir -p /etc/nginx/snippets | |
| sudo cp contrib/server/nginx-systemd/borgstore-proxy.conf /etc/nginx/snippets/ | |
| # Install nginx config from contrib | |
| sudo cp contrib/server/nginx-systemd/nginx-borgstore.conf /etc/nginx/sites-available/borgstore | |
| sudo ln -sf /etc/nginx/sites-available/borgstore /etc/nginx/sites-enabled/borgstore | |
| sudo rm -f /etc/nginx/sites-enabled/default | |
| sudo nginx -t | |
| sudo systemctl restart nginx | |
| # Export REST test URLs for tox via GITHUB_ENV | |
| echo "BORGSTORE_TEST_REST1_URL=http://testuser:testpass@localhost/repos/repo1/" >> $GITHUB_ENV | |
| echo "BORGSTORE_TEST_REST2_URL=http://testuser:testpass@localhost/repos/repo2/" >> $GITHUB_ENV | |
| - name: Set up Python ${{ matrix.python-version }} | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - name: Install Python requirements | |
| run: | | |
| python -m pip install --upgrade pip setuptools | |
| pip install -r requirements.d/dev.txt | |
| - name: Install borgstore (Linux) | |
| if: runner.os == 'Linux' | |
| run: pip install -ve ".[s3,sftp,rest,rclone]" | |
| - name: Install borgstore (Windows) | |
| if: runner.os == 'Windows' | |
| run: pip install -ve ".[rest]" | |
| - name: Install borgstore (macOS) | |
| if: runner.os == 'macOS' | |
| run: pip install -ve ".[rest,rclone]" | |
| - name: run tox envs | |
| run: tox -e ${{ matrix.toxenv }} | |
| - name: Display diagnostics on failure | |
| if: failure() && runner.os == 'Linux' | |
| run: | | |
| echo "--- /run/borgstore/ listing ---" | |
| sudo ls -la /run/borgstore/ || true | |
| echo "--- nginx access log ---" | |
| sudo cat /var/log/nginx/access.log || true | |
| echo "--- nginx error log ---" | |
| sudo cat /var/log/nginx/error.log || true | |
| echo "--- borgstore@repo1 journal ---" | |
| sudo journalctl -u borgstore@repo1.service --no-pager -n 100 || true | |
| echo "--- borgstore@repo1 status ---" | |
| sudo systemctl status borgstore@repo1.service --no-pager || true |