THREESCALE 12122: Fix tests suite with SSL

.circleci/ca-circleci-cert.pem

@@ -0,0 +1,32 @@
+-----BEGIN CERTIFICATE-----
+MIIFkzCCA3ugAwIBAgIUHRet5+cRWT4dJ5GUgWINj2Je0WEwDQYJKoZIhvcNAQEL
+BQAwWTELMAkGA1UEBhMCWFgxFTATBgNVBAcMDERlZmF1bHQgQ2l0eTEcMBoGA1UE
+CgwTRGVmYXVsdCBDb21wYW55IEx0ZDEVMBMGA1UEAwwMY2EubG9jYWxob3N0MB4X
+DTI0MDYwNjA5MDYwN1oXDTM0MDYwNDA5MDYwN1owWTELMAkGA1UEBhMCWFgxFTAT
+BgNVBAcMDERlZmF1bHQgQ2l0eTEcMBoGA1UECgwTRGVmYXVsdCBDb21wYW55IEx0
+ZDEVMBMGA1UEAwwMY2EubG9jYWxob3N0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
+MIICCgKCAgEArFuCUyOfIj0u5MOyX9V/nvJLKAKiqJTr99kQ1oCJmVsDDC5NWQc8
+2ZcewSnWqIkvGWqtA1s7A0kbQ6rXVTmFU+J5pIiPgEy6XtWKLVGZ1llA7xdmx0Jq
+7NGMz2V+zVmYim+G5zD4FptxNt61J5/AVDev7Yp0ADuOwbBqIGMpP0HUvJr4nncb
+fg/xNggCwxnqFqR0sDHqM+PbigjXtl/J+YLzo4K7AhJDrvusI1vdXCONQnWt/FA5
+ftOSbH47pkW6yST8m96d37mVENF5SfcTlmXvCX3Kwop+IVp/v2HgoiZs8HTmNoGF
+V+JO1IJGWi7mCxAcQ/Z/6HIAg4QtWvyDiXR8Z36BVYetO4r7Tm2XAdUl4AnEP3/I
+NFSv9dqw/2VJTyqJQYrCXa+ZjKGwhrSZMZF/Ux8jk5mP81bocwyuGjxwKa9hl7HT
+SOYvnGrx4QVouuFxC8hKZoDHSChAoomP3iakEXwgBF7BbgJNYM1KOrVTEtv3LGsq
+IPtPN5LsMM0DOrUMkht9mXRPL9BNlWhuVmGEkYRRJ6z2wnHmXBCAl1t79ptdokow
+Gbdy1D7OUMxXVQysooDp+q3t2d9QihYYnVrBg03DFgiXgSR70iVqJRFBG6u8+54w
+S0Kjdb3L9+xNghGJzkOGdho4h+JCCdmdmiCc3gZuQDndw9/WD9dIQOsCAwEAAaNT
+MFEwHQYDVR0OBBYEFHfFI6rN7WXIPXfAzKIZaYNlVATCMB8GA1UdIwQYMBaAFHfF
+I6rN7WXIPXfAzKIZaYNlVATCMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL
+BQADggIBAAZh8t6U9EuSXiCuXIUFX8uC1blplp9nIudfiWoi/orAbzpJp1FNcvwU
+sJKZPFItmuwGWNilVYFPpG3+f+N7dmCgB4BIvh2bgPNKmw4qe20UT183QhrKWm2r
+sSlL1A437tQVb6HOYbF9qTW4Z1vfc3l7yj4hPYHDH715hGtkOUYDkwwpUfOSO4lk
+vpE/YXm6PZPuSl4cS4pZ9DVCSe0u1q9iVDGD4CMUmXw0R9p1Y83Dd09IaURj8TpG
+OYNEgQx5wY1ZfDcsytLGerdEbTnm65AOzmjDtB95JZpNJ39ejI2/6jE0lq8evi2m
+s1eK4jaZlJlJWMADfpkO8nIOKRt7BF4d3FiO/Vd/A6gH2otCVZucZdy5zKFlI6+O
+esyCiWUVO/p3XaN+qC4qerfaW4T2nMKr3HG2sY8/liI8wTFY+RUA8d1GhSSGvbU1
+/x1WhSX+HAHeJhApOeHEet8crvujlonP8VpnNXLqJacRVU3vocw8G1hQ17VvItpY
+q10aioyWAvElhrXP1Ts6p601tBeNWLLOPPNs/WLOUE6mbE2Ld8wy4Shb5dMJweuh
+DJcEe2o7ap3InrUXsHg+jlvS9eZ0LXXrQESrnX9Mcn3xTv+m7JsETbtC5a0VN9RU
+dyCVgKiQN0UR7p8OLcw/b1nCJWTBlynesbhsH15kBbzcxZQhSWnZ
+-----END CERTIFICATE-----

.circleci/ca-circleci-key.pem

@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCsW4JTI58iPS7k
+w7Jf1X+e8ksoAqKolOv32RDWgImZWwMMLk1ZBzzZlx7BKdaoiS8Zaq0DWzsDSRtD
+qtdVOYVT4nmkiI+ATLpe1YotUZnWWUDvF2bHQmrs0YzPZX7NWZiKb4bnMPgWm3E2
+3rUnn8BUN6/tinQAO47BsGogYyk/QdS8mviedxt+D/E2CALDGeoWpHSwMeoz49uK
+CNe2X8n5gvOjgrsCEkOu+6wjW91cI41Cda38UDl+05JsfjumRbrJJPyb3p3fuZUQ
+0XlJ9xOWZe8JfcrCin4hWn+/YeCiJmzwdOY2gYVX4k7UgkZaLuYLEBxD9n/ocgCD
+hC1a/IOJdHxnfoFVh607ivtObZcB1SXgCcQ/f8g0VK/12rD/ZUlPKolBisJdr5mM
+obCGtJkxkX9THyOTmY/zVuhzDK4aPHApr2GXsdNI5i+cavHhBWi64XELyEpmgMdI
+KECiiY/eJqQRfCAEXsFuAk1gzUo6tVMS2/csayog+083kuwwzQM6tQySG32ZdE8v
+0E2VaG5WYYSRhFEnrPbCceZcEICXW3v2m12iSjAZt3LUPs5QzFdVDKyigOn6re3Z
+31CKFhidWsGDTcMWCJeBJHvSJWolEUEbq7z7njBLQqN1vcv37E2CEYnOQ4Z2GjiH
+4kIJ2Z2aIJzeBm5AOd3D39YP10hA6wIDAQABAoICABcNeD1hds/QCh0b1Zg+yH58
+XrP/wjy1CmiQdlGSSJUj2KEA8mR1dNyPe1QPof/RtWR7YZ+gzKBQX16qE3n5Iw2I
+rYdlonfhC05S1lPgZaiHMImqAhullQKOtnwo0ZBqqt3dM9hpMs1nRfm2SNl/YuyA
+tD2bto8vaBUc4NzrFmG5DtiZC6a6PImcXUFCSghJR4d2wIquamo9UChCrYNdhXij
+XK3idtu8kKPvUmM6Tr2bnbGlZrtoCYCekKeFLLo8+lIb6dN5L3l0a20f706Gxu5n
+PNTyp7NkbaFNZue0kiRt6kUxBXeF1E1gXfXLZNh8DFWvdnBaoFn5IXt1qtFQE9GO
+ed2pcaMeA73UhQX2oaN3kZEfI88oOI8PVVXNSN6kWOWME2CBPOMSzcGvF5RF8Km6
+Bf+U+ZwrYv8fArQnNKM7BXm8F3NDPwvnpb/ktz0mII8QCHT/B7MyGZQmSL8eHxGH
+b/kUd/3pDrgPzLEpc2z4rFpeyp1PNYI8duTNUDS16SjAxKU5xLJdaoZrZTmTIsYx
+muHf+l1u2YCbF0atsypwWXdDHQXNfeD/Z/EQ5aIe3aPDcz1FRNzs3rD7FoEja/FR
+32viLIwopgzggPGQCcIiDh5rjdRI/ThyhbryMaDxIc2YBQLyiKk1S5RHLGLqnaN4
+sSV4UNcT5ftBiVpKNpWJAoIBAQDwPX6JPGPqoz6/EhkwYUliiZwNHk921sovQXU4
+vzBqhLz85EsGRGCu6452k0eVsMf1miob9CZTGQpgb5418n2h8/P+Zi3vb8+B6IT6
+OIAKsOap6vwAIUbQApHrTFyEPKRqIwcVMecPvSjhgcgfJ0ZM3ym9sa6YxJNfwxn0
+H8XRKoviDoYuMKqFRzjC/4KK4KcsdkSsXlkK3SqDUhz5zRa04+kwZ2kePpEsNr6I
+RwbotGIDZSIA/mH15jjt0saZKnXsld8KLpyOnQcrdoi//G0uB1oh5HjQuHK8jw2m
+fvXBNP/gWbrwLOgMpNNSMWyoZ34IlOGTe3/JXmfQOF5OxLAjAoIBAQC3qgRMxkry
+xo6GHURgqYgbUIBN/L32HSQ7S4KsaOGP/ePDsHttka2horhMhH3ad4OgI1IiajLS
+GvTg3XfsqFpF+SwUrxbLrnRkVOPSHsxuEsieof7qh5jAtOAQcrxdbrBW3oMUnNMj
+3KZACaT4tcIKV+45l/M0G9NhTtXBHVhrms50rS1PrmNMoz2KosFx4KW4EbBHBjPA
+KzhiPGc/LzZsvaave+YgKxy1jhvoxUMR3G+54mLqE/th7clITgVRtDQU6WV0eMrs
+tKy+qKymvLMHxNF6xLqelCXPC1Mb8Tn8oytTadhBnnU+i8ncWDka8M2Bz0swGkUN
+4jriFOLFitSZAoIBADCj8ruse3plRO4ApxLxj58gx3Ssf2BLSrJYqXgs1YurhmwZ
+eMszCvQ/gx+k4CiBm2qxpPb17tCCUGSIFNtNVnx03SDT5VcGJ1hhEJNs3xfLC1i5
+1/3avvCcpJikZFLtyEgpAWUcLnE0VlOaKD+OfyBPSq86i2Qo4MHRya5wxGd+GsZR
+NH+joNLNQcPRYcfmhlJtO6g+jf6yGspt1KoLCR7kyjDfrxvNhS0ThG4pG1AAPZv8
+XO8gkgrsavhT5ZvbSfb1vSvdlhsV1f7JyBQ+8ogQOwKDtKZlwe1FdXkRWYadyXTO
+FhhMr0roEFUi5qIOGil4o1dt+Mh3kcNJtmZyUksCggEBALLaMc3B3AKHMQuRPKEU
+9qICxq8rTKF6x2mmot3aVK2wBDjwh4Gvt3ILz4VUEGrKr7cmLjmtSUgpUAYaJUqk
+tyQk/bQ2vPAkNtvtft2DeHhIem1gO6mP2kTu3rOlx6EExVwS23sbLNFjcdIykiBQ
+f2ErN6WGPyOjZTkBWE7ykMRYwGwGqHVL0Q80eB2lWNPYfAi/0PWZKJQego3HXJO/
+GjTSipug//ybfx2eAbevQR0HmRVfTAu+4bH/qV9r+uoRnhYvIslFR/cyCnawM1E7
+uOv70jLHmSQMCLWSxaAUTO+kxfA4xotAD9SUtEKK9zExBi8++m0hZ9WZVNYMmLjd
+9SECggEBAMV/Vr4yXuU1RpxUnw75hvrQ/WpC4pp/8ZdVIuaIddQpKd2eHp+OHOGT
+3t4m18/iEidI4SkSn941PbXnzcojkSQaaXS1gE7DFYOjZBaFTbsMxcWCtoiXjoFh
+DmMq9JceyvyqAgrt+TDaiqOhOGkYhW7vjex7nnl5Ekrsx2/xS10o2QaMbsnG5BRA
+y2WhHw09qJF3znnpX7xGFQi7OJ+C/ASqljVCr7M7knTm/TLaxmmxDBDrBwuwp4H5
+FpRqgGfS3QjNEOqCN4ryyPt6+26g/Gdc+G8w1GrvNvifUqMNbwZ88RG1/h5DDdsz
+TTZp5b2Zo37lsdaS0EUbWzIO15Ohd7Q=
+-----END PRIVATE KEY-----

.circleci/circleci.crt

@@ -0,0 +1,27 @@
+-----BEGIN CERTIFICATE-----
+MIIEfzCCAmegAwIBAgIUc5OyGFy8dC9+7Qgi+IS8mt/QE6cwDQYJKoZIhvcNAQEL
+BQAwWTELMAkGA1UEBhMCWFgxFTATBgNVBAcMDERlZmF1bHQgQ2l0eTEcMBoGA1UE
+CgwTRGVmYXVsdCBDb21wYW55IEx0ZDEVMBMGA1UEAwwMY2EubG9jYWxob3N0MB4X
+DTI0MDYwNjEwMTgyNloXDTM0MDYwNDEwMTgyNlowVjELMAkGA1UEBhMCWFgxFTAT
+BgNVBAcMDERlZmF1bHQgQ2l0eTEcMBoGA1UECgwTRGVmYXVsdCBDb21wYW55IEx0
+ZDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEAmc6WdjXpNQZHySLfQrt/KFErCbMF8yPRJQiY8uG5gX1kUHBEYghP7z9J
+T6dmrtkyUnCT4dICV82hxOAJX51tPMyS7x/EENORBEoFCZcBo795YuUwAbsne4ih
+hw7Y0BotnN8f1vgeVkpL0bTbeCRjbGWy3Z5Mry7YWmdOvTT+abpzmv/fJJjDGatL
+BVSzS2Zs7hqT4LhA3A6ozEaPTk/5WvUsGq5gHj59M5RnA/AlVrHRoQ2F3iZfqIZy
+PSlutG3s5MP1N9ffHXLUyuWNexLhbztS92OQR4id83gFqRcrYuYjPVtG8BdtMIW0
+sczHj8Ge4AeIThuNBxXKeu4a6CtxTwIDAQABo0IwQDAdBgNVHQ4EFgQUHPfHi6d6
+5SymJJIjMyzGNPFl+aEwHwYDVR0jBBgwFoAUd8Ujqs3tZcg9d8DMohlpg2VUBMIw
+DQYJKoZIhvcNAQELBQADggIBAI2XzkT0AmtXFQozJCPZiD9sDWT8WwkFZn65b3LJ
+9UmwcLZ7bn6eVz0s+BUiDpNDp4FBFEgNtqZWBBH0tzRN7GI8ksii3WR3F3MYvshc
+bsgWE+EVEFKABe6cu2sqPbA1xN9YRkw/aLMDCczxA7kRdF4/NkZ2v9GxWaZVSOSD
+SBxp0w/LKpod3d/Nt3vbmuWqfWtjQaStYpuiiXKmX95RghEpTStpGTUCPNLVDsAA
+TnZRkQLb27XKszD7whGXwx7z6fWJ4Nja5ivwPAfrbMLbh78uvQPbfh6kdEtKG9bv
+qG4sCLqyKpGdseE28WfNF5nWKuw2TX4/3vCB30XzVQEAfozoO46o2AuxMHHrZLD+
+IDFD3fnvi5MEhdJLds7wDWoZ1i57ytpGFsFnd2Ha7wIHOPMGUv6NVGT9xVz5f5kH
+RkWKiqpYgb+gcCNCMHkUd+rdXP7c7ATJL5fEyODTOl7JDYSzMLU8Bpjy1GB95HRd
+pcO4zJ7ZiCPezzSv/fQBc7Lc3D5lR45hwhlmiSEJSO2XXjQO0IonY2qa/zDw1c+Z
+3PirEEVGzI2c8OpcBfTjL1WXsV2OnBdHQZOKezqeFUgfKKTewDg9868P2sh/EkgY
+krFJ8L8cK7J23YV6cdjPCPGZtKU2xJc37Qp4GDpoSHViwd4s3GeAHIt6XEZ5jShf
+q7ab
+-----END CERTIFICATE-----

.circleci/circleci.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCZzpZ2Nek1BkfJ
+It9Cu38oUSsJswXzI9ElCJjy4bmBfWRQcERiCE/vP0lPp2au2TJScJPh0gJXzaHE
+4AlfnW08zJLvH8QQ05EESgUJlwGjv3li5TABuyd7iKGHDtjQGi2c3x/W+B5WSkvR
+tNt4JGNsZbLdnkyvLthaZ069NP5punOa/98kmMMZq0sFVLNLZmzuGpPguEDcDqjM
+Ro9OT/la9SwarmAePn0zlGcD8CVWsdGhDYXeJl+ohnI9KW60bezkw/U3198dctTK
+5Y17EuFvO1L3Y5BHiJ3zeAWpFyti5iM9W0bwF20whbSxzMePwZ7gB4hOG40HFcp6
+7hroK3FPAgMBAAECggEASC4vZmJ+gyfjYH1BEWw0jJMrA25EiIpyiFK0lKdiC2bx
+QN6u+OK1wK2OlhcVlVDQ0OeMPxnzh4k1NdN+EqUqsrG+8wGRXeQr1jt2ib2YQ2SE
+bujn0qgmK08/nsZU8bSXW1tK8fOXKR/M3SlnJcbN8fz4KBE2I7B0UFjTFvBbxPnE
++xlrVdcjEG7KE61NYK1u7X6U1vk4JJABspYQcL8AU/sevQVYYik5zhpGXFWZs3Td
+VR00mWNkHaxvNC6PM5eYW/qStj20J2QQ+VXuylQ2Gp7VTseMV2wTRH8QrLNeMcrd
+MupRvRklBeYC0OygcNJ/7+IuoMSqBVguxpG0CqHtYQKBgQDQAY2EKqjbTrZ6/PHy
+xrhigHTHnlgk43+KBVOjmlI7NbtWxSW7Jes7dlXyFMLhr34c00zVjunNLD9zqEKs
+GqOx73kcGcz7u/ey/6QFHPMI7/qp3bCX4V2guvbEluqlxWnYrW+UAw0WsKl212Yg
+C2VA37gTou4zqwNqNnMH/tmbewKBgQC9S54vCLMAqs/VxatKo9Hm6YXy97Zh10N0
+69dLZp6ttNy4RFprkyFh1y345CgeuI9s8ChrZuiw+WSNcUMGGoyR05t/cvCIT8zE
+QjFALvRkm/pPbOT8Vh3ZSpj7uIuWHpeRVMK90WpXTnWn54YKH2vXvRrUbo3YmAQ5
+lwNs+ECfPQKBgF4JFa02i/f5cc3QJKGY7Sq64BCOqVKj9rizB8jir2JNPFBR+GjP
+D7VmHhy+/guBhwYJEKdLYK983YKwAtRDhtWeaaYmk+EKbUTjBYe6OrVDqJK6wmcn
+X2iWnZDqmVIwGVX3soW7i2NCopozbtv1yuS1P0bBVebN3VFbJE3tDPuZAoGAAq4v
+bzsQTdIdX0mNQ2FOd5aW7vnS+0+xBNbSFZ8+X/dPqMxO+3b54gjJ/dw9NTIn1cMQ
+z3SFlvvxEI+qA0wc8XOtoABgp415uM23JNGFZGdRBA7mrywJACquP+I9F8MXIlew
+6j8s4k+aGuaMX1hSjpt+5cMq/wYoCSi6Q7DAOYECgYAWtUKCQ4dOOK4vtgK3r1TX
+QuIRkLk+MMB6kQf2szu9rFdkd0tzJmgKkaa92EjXV9/QnL5XM8PGBzEYpv6T0Xej
+0GtFtKlGamn6XwSTmd4WLuSopvwT64f4DZ3C9axuOQ97CfkS26Hh0v2bmJy6kDp0
+3WrcwsPRpEkpsgbyQvE4HQ==
+-----END PRIVATE KEY-----

.circleci/config.yml

@@ -1,4 +1,77 @@
 version: 2.1
+
+commands:
+  bundle_install:
+    parameters:
+      run_in_zync:
+        type: boolean
+        default: false
+    steps:
+      - run:
+          name: bundle install
+          command: |
+            <<# parameters.run_in_zync >>docker exec zync bash -c "<</ parameters.run_in_zync >>
+            bundle config set --local force_ruby_platform true
+            bundle config set --local deployment 'true'
+            bundle config set --local path 'vendor/bundle'
+            bundle install --jobs $(grep -c processor /proc/cpuinfo) --retry 3
+            <<# parameters.run_in_zync >>"<</ parameters.run_in_zync >>
+
+  boot_zync:
+    parameters:
+      run_in_zync:
+        type: boolean
+        default: false
+    steps:
+      - run:
+          name: boot zync
+          command: |
+            <<# parameters.run_in_zync >>docker exec zync bash -c "<</ parameters.run_in_zync >>
+            BUNDLE_WITHOUT=development:test bundle exec bin/rails runner --environment=production 'puts Rails.env'
+            <<# parameters.run_in_zync >>"<</ parameters.run_in_zync >>
+
+  setup_db:
+    parameters:
+      run_in_zync:
+        type: boolean
+        default: false
+    steps:
+      - run:
+          name: Set up the DB
+          command: |
+            <<# parameters.run_in_zync >>docker exec zync bash -c "<</ parameters.run_in_zync >>
+            bundle exec bin/rails db:wait db:setup
+            <<# parameters.run_in_zync >>"<</ parameters.run_in_zync >>
+
+  run_tests:
+    parameters:
+      run_in_zync:
+        type: boolean
+        default: false
+    steps:
+      - run:
+          name: rails test
+          command: |
+            <<# parameters.run_in_zync >>
+            circleci tests glob "test/**/*_test.rb" | circleci tests run --command="xargs docker exec zync bundle exec rake test TESTOPTS='-v'" --verbose --split-by=timings
+            <</ parameters.run_in_zync >>
+            <<^ parameters.run_in_zync >>
+            circleci tests glob "test/**/*_test.rb" | circleci tests run --command="xargs bundle exec rake test TESTOPTS='-v'" --verbose --split-by=timings
+            <</ parameters.run_in_zync >>
+
+  run_license_finder:
+    parameters:
+      run_in_zync:
+        type: boolean
+        default: false
+    steps:
+      - run:
+          name: license_finder
+          command: |
+            <<# parameters.run_in_zync >>docker exec zync bash -c "<</ parameters.run_in_zync >>
+            bundle exec license_finder
+            <<# parameters.run_in_zync >>"<</ parameters.run_in_zync >>
+
 jobs:
   docker-build:
     resource_class: small
@@ -37,50 +110,86 @@ jobs:
         RAILS_ENV: test
         DISABLE_SPRING: 1 # we can't really run spring as it hangs on local circleci build
         DATABASE_URL: postgres://postgres:@localhost/circle_test
+        SECRET_KEY_BASE: test
     steps:
       - checkout
-
-      # Restore bundle cache
       - restore_cache:
           keys:
             - zync-bundle-v2-{{ .Environment.CACHE_VERSION }}-{{ arch }}-{{ checksum "Gemfile.lock" }}
-
-      - run:
-          name: bundle install
-          command: |
-            bundle config --local force_ruby_platform true
-            bundle config set --local deployment 'true'
-            bundle config set --local path 'vendor/bundle'
-            bundle install --jobs $(grep -c processor /proc/cpuinfo) --retry 3
-      - run:
-          name: boot zync
-          command: SECRET_KEY_BASE=test BUNDLE_WITHOUT=development:test bundle exec bin/rails runner --environment=production 'puts Rails.env'
-
+      - bundle_install
       - save_cache:
           key: zync-bundle-v2-{{ .Environment.CACHE_VERSION }}-{{ arch }}-{{ checksum "Gemfile.lock" }}
           paths:
             - vendor/bundle
+      - boot_zync
+      - setup_db
+      - run_tests
+      - run_license_finder
+      - store_test_results:
+          path: test/reports
 
+  build_ssl:
+    parameters:
+      postgresql_image:
+        type: string
+    machine:
+      image: ubuntu-2204:current
+    steps:
+      - checkout
       - run:
-          name: Set up the DB
-          command: bundle exec bin/rails db:wait db:setup
-
-      - run:
-          name: rails test
+          name: Start PostgreSQL with SSL
           command: |
-            circleci tests glob "test/**/*_test.rb" | circleci tests run --command="xargs bundle exec rake test TESTOPTS='-v'" --verbose --split-by=timings
+            docker run -d --name postgres --network host \
+              -e POSTGRES_HOST_AUTH_METHOD=trust \
+              -e POSTGRES_DB=circle_test \
+              -v $(pwd)/.circleci/circleci.crt:/tmp/server.crt:ro \
+              -v $(pwd)/.circleci/circleci.key:/tmp/server.key:ro \
+              -v $(pwd)/.circleci/ca-circleci-cert.pem:/tmp/ca.crt:ro \
+              << parameters.postgresql_image >> \
+              bash -c "
+                cp /tmp/server.crt /server.crt
+                cp /tmp/server.key /server.key
+                cp /tmp/ca.crt /ca.crt
+                chown postgres:postgres /server.crt /server.key /ca.crt
+                chmod 600 /server.key
+                exec docker-entrypoint.sh postgres -c ssl=on -c ssl_cert_file=/server.crt -c ssl_key_file=/server.key -c ssl_ca_file=/ca.crt
+              "
       - run:
-          name: license_finder
+          name: Start zync container
           command: |
-            bundle exec license_finder
-
-      - store_test_results:
-          path: test/reports
-
+            chmod 600 $(pwd)/.circleci/circleci.key && \
+            docker run -d --name zync --network host \
+              -v $(pwd):/opt/app-root/src -w /opt/app-root/src \
+              -e RAILS_ENV=test \
+              -e DISABLE_SPRING=1 \
+              -e DATABASE_URL=postgres://postgres:@localhost/circle_test \
+              -e DATABASE_SSL_CA=/opt/app-root/src/.circleci/ca-circleci-cert.pem \
+              -e DATABASE_SSL_CERT=/opt/app-root/src/.circleci/circleci.crt \
+              -e DATABASE_SSL_KEY=/opt/app-root/src/.circleci/circleci.key \
+              -e DATABASE_SSL_MODE=verify-full \
+              -e SECRET_KEY_BASE=test \
+              -e HOME=/opt/app-root/src \
+              quay.io/3scale/zync:ci-builder-ruby-3.3 \
+              sleep infinity
+      - restore_cache:
+          keys:
+            - zync-bundle-v2-{{ .Environment.CACHE_VERSION }}-{{ arch }}-{{ checksum "Gemfile.lock" }}
+      - bundle_install:
+          run_in_zync: true
       - save_cache:
-          key: zync-branch-v2-{{ arch }}-{{ .Branch }}
+          key: zync-bundle-v2-{{ .Environment.CACHE_VERSION }}-{{ arch }}-{{ checksum "Gemfile.lock" }}
           paths:
             - vendor/bundle
+      - boot_zync:
+          run_in_zync: true
+      - setup_db:
+          run_in_zync: true
+      - run_tests:
+          run_in_zync: true
+      - run_license_finder:
+          run_in_zync: true
+      - store_test_results:
+          path: test/reports
 
 workflows:
   version: 2.1
@@ -90,4 +199,8 @@ workflows:
           matrix:
             parameters:
               postgresql_image: [ "cimg/postgres:14.19", "cimg/postgres:15.14", "cimg/postgres:16.10", "cimg/postgres:17.6", "cimg/postgres:18.0" ]
+      - build_ssl:
+          matrix:
+            parameters:
+              postgresql_image: [ "cimg/postgres:14.19", "cimg/postgres:15.14", "cimg/postgres:16.10", "cimg/postgres:17.6", "cimg/postgres:18.0" ]
       - docker-build

.gitleaks.toml

@@ -0,0 +1,8 @@
+[allowlist]
+description = "Global Allowlist"
+
+# Ignore based on any subset of the file path
+paths = [
+    # Ignore all fake private keys for CircleCI, they are for tests
+    '''.circleci\/.+\.(pem|key)$'''
+]

config/initializers/que.rb

@@ -15,10 +15,17 @@
 
 def Que.start!
   require 'que/locker'
+  require 'que/db_connection_url'
 
   # Workaround for https://github.com/chanks/que/pull/192
   require 'active_record/base'
-  Que.locker = Que::Locker.new(**Rails.application.config.x.que)
+
+  # Build connection URL with SSL parameters from database config
+  # Workaround for https://github.com/que-rb/que/issues/442
+  db_config = ActiveRecord::Base.connection_db_config.configuration_hash
+  connection_url = Que::DBConnectionURL.build_connection_url(db_config)
+
+  Que.locker = Que::Locker.new(connection_url: connection_url, **Rails.application.config.x.que)
 end
 
 def Que.stop!