Added ssl support

README.md

@@ -63,6 +63,9 @@ steps:
       password: sw0rdfish
       database: test
       port: 34837
+      ssl: "on"
+      # If ssl isn't "on", ca_file_output won't have any effect
+      ca_file_output: "some_path_suitable_for_you"
     id: postgres
 
   - run: pytest -vv tests/

action.yml

@@ -21,6 +21,14 @@ inputs:
     description: The server port to listen on.
     default: "5432"
     required: false
+  ssl:
+    description: The ssl turn on or off.
+    default: "off"
+    required: false
+  ca_file_output:
+    description: Location for the certificate file.
+    default: ./root.crt
+    required: false
 outputs:
   connection-uri:
     description: The connection URI to connect to PostgreSQL.
@@ -98,10 +106,25 @@ runs:
           --locale="$DEFAULT_LOCALE" \
           --no-instructions
 
+        # Create new ssl certificate
+        if [ ${{ inputs.ssl }} == "on" ]; then
+          openssl req -new -x509 -days 365 -nodes -text -out $PGDATA/server.crt -keyout $PGDATA/server.key -subj "/CN=localhost"
+          chmod og-rwx $PGDATA/server.key $PGDATA/server.crt
+          cp $PGDATA/server.crt ${{ inputs.ca_file_output }}
+        fi
+
         # Do not create unix sockets since they are created by default in the
         # directory we have no permissions to (owned by system postgres user).
         echo "unix_socket_directories = ''" >> "$PGDATA/postgresql.conf"
         echo "port = ${{ inputs.port }}" >> "$PGDATA/postgresql.conf"
+
+        # Set new configuration option with ssl to Postgres
+        if [ ${{ inputs.ssl }} == "on" ]; then
+          echo "ssl = on" >> "$PGDATA/postgresql.conf"
+          echo "ssl_cert_file = '$PGDATA/server.crt'" >> "$PGDATA/postgresql.conf"
+          echo "ssl_key_file = '$PGDATA/server.key'" >> "$PGDATA/postgresql.conf"
+        fi
+
         pg_ctl start
 
         # Save required connection parameters for created superuser to the