feat: introduce PostGIS extension container image

.github/workflows/bake.yml

@@ -2,6 +2,15 @@ name: Build, test and publish extensions
 
 on:
   push:
+  workflow_dispatch:
+    inputs:
+      extension_name:
+        description: "The PostgreSQL extension to build (directory name)"
+        required: true
+        type: choice
+        options:
+          - pgvector
+          - postgis
 
 defaults:
   run:
@@ -30,14 +39,21 @@ jobs:
           filters: |
             pgvector:
               - 'pgvector/**'
+            postgis:
+              - 'postgis/**'
 
       # Compute a matrix containing the list of all extensions that have been modified
       - name: Compute matrix
         id: get-matrix
         env:
           # JSON array containing the extensions that have been changed
           EXTENSIONS_CHANGED: ${{ steps.filter.outputs.changes }}
+          # Input Extension name
+          INPUT_EXTENSION_NAME: ${{ github.event.inputs.extension_name }}
         run: |
+          if [[ "${{ github.event_name }}" == 'workflow_dispatch' ]]; then
+            EXTENSIONS_CHANGED="[\"$INPUT_EXTENSION_NAME\"]"
+          fi
           echo "{\"name\": $EXTENSIONS_CHANGED}" > matrix.json
           echo "matrix=$(cat matrix.json)" >> "$GITHUB_OUTPUT"
 
@@ -54,7 +70,6 @@ jobs:
       matrix: ${{ fromJSON(needs.change-triage.outputs.matrix) }}
     uses: ./.github/workflows/bake_targets.yml
     with:
-      environment: ${{ (github.ref == 'refs/heads/main') && 'production' || 'testing'}}
       extension_name: ${{ matrix.name }}
     secrets:
       SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}

.github/workflows/bake_targets.yml

@@ -3,11 +3,6 @@ name: Build, test and publish a target extension
 on:
   workflow_call:
     inputs:
-      environment:
-        description: "Target environment for the image build (e.g. testing, production)."
-        required: true
-        type: string
-        default: "testing"
       extension_name:
         description: "The PostgreSQL extension to build (directory name)"
         required: true
@@ -59,7 +54,7 @@ jobs:
           registry: ghcr.io/${{ github.repository_owner }}
           revision: ${{ github.sha }}
         with:
-          files: ./${{ inputs.extension_name }}/metadata.json,./docker-bake.hcl
+          files: ./${{ inputs.extension_name }}/metadata.hcl,./docker-bake.hcl
           push: true
 
       # From bake's metadata, extract each unique tag (e.g. the ones with the timestamp)
@@ -93,6 +88,7 @@ jobs:
     needs:
       - testbuild
     strategy:
+      fail-fast: false
       matrix:
         image: ${{fromJson(needs.testbuild.outputs.images)}}
     steps:
@@ -119,6 +115,7 @@ jobs:
     needs:
       - testbuild
     strategy:
+      fail-fast: false
       matrix:
         image: ${{fromJson(needs.testbuild.outputs.images)}}
         cnpg: ["main", "1.27"]
@@ -133,6 +130,12 @@ jobs:
         with:
           persist-credentials: false
 
+      - name: Install Go
+        uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6
+        with:
+          cache: false
+          go-version: 'stable'
+
       - name: Create kind cluster
         uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0
         with:
@@ -158,16 +161,17 @@ jobs:
           EXT_IMAGE: ${{ matrix.image }}
         run: |
           # Get the PG base image
-          PG_IMAGE=$(skopeo inspect "docker://$EXT_IMAGE" -f '{{ json .Labels }}' | jq -r '."io.cloudnativepg.image.base.name"')
+          export PG_IMAGE=$(skopeo inspect "docker://$EXT_IMAGE" -f '{{ json .Labels }}' | jq -r '."io.cloudnativepg.image.base.name"')
 
-          # Merge metadata.json with runtime values to generate Chainsaw values.yaml
-          jq --arg ext_image "$EXT_IMAGE" \
-             --arg pg_image "$PG_IMAGE" \
-            '.metadata + { extension_image: $ext_image, pg_image: $pg_image }' \
-            "$EXT_NAME/metadata.json" > "$EXT_NAME/values.json"
+          go install github.com/tmccombs/[email protected]
+          go install github.com/mikefarah/yq/v4@v4
 
-          # Convert to YAML
-          yq -p json -o yaml "$EXT_NAME/values.json" > "$EXT_NAME/values.yaml"
+          # Convert metadata.hcl to YAML and merge it with runtime values to generate a valid Chainsaw values.yaml
+          yq eval -P '
+            .metadata.extension_image = strenv(EXT_IMAGE) |
+            .metadata.pg_image = strenv(PG_IMAGE) |
+            .metadata
+          ' <(hcl2json "$EXT_NAME/metadata.hcl") > "$EXT_NAME/values.yaml"
           cat "$EXT_NAME/values.yaml"
 
       - name: Install Chainsaw
@@ -187,9 +191,7 @@ jobs:
 
   copytoproduction:
     name: Copy images to production
-    if: |
-      github.ref == 'refs/heads/main' &&
-      ( github.event.inputs.environment == 'production' || github.event_name == 'schedule' )
+    if: ${{ github.ref == 'refs/heads/main' }}
     runs-on: ubuntu-24.04
     needs:
       - testbuild

BUILD.md

@@ -0,0 +1,91 @@
+# Building Postgres Extensions Container Images for CloudNativePG
+
+This guide explains how to build Postgres extensions operand images for
+[CloudNativePG](https://cloudnative-pg.io) using
+[Docker Bake](https://docs.docker.com/build/bake/) together with a
+[GitHub Actions workflow](.github/workflows/bake.yml).
+
+Although it is not necessary, we recommend you use
+[GNU Make](https://www.gnu.org/software/make/) to build the images locally as
+outlined below.
+
+## Prerequisites
+
+Before you begin, ensure that you have met the following
+[prerequisites](https://github.com/cloudnative-pg/postgres-containers/blob/main/BUILD.md#prerequisites),
+which primarily include:
+
+1.  **Docker:** Must be installed and running.
+2.  **Docker Command Line:** The `docker` command must be executable.
+3.  **Docker Buildx:** The `docker buildx` plugin must be available.
+4.  **Docker Context:** A valid Docker context must be configured.
+
+---
+
+## Usage and Targets
+
+The `Makefile` dynamically discovers all subdirectories that contain a
+`metadata.hcl` file (e.g., `./pgvector/metadata.hcl`) and creates individual
+build targets for each project.
+
+### 1. Check prerequisites only
+
+To verify that Docker and Buildx are correctly installed and configured:
+
+```bash
+make prereqs
+```
+
+### 2. Build configuration check (dry run)
+
+To verify the configuration (running `docker buildx bake --check`) for all
+projects without building or pulling layers:
+
+```bash
+make check
+```
+
+### 3. Build all projects
+
+To check prerequisites and build all discovered projects:
+
+```bash
+make
+# or
+make all
+```
+
+### 4. Build a specific project
+
+To build a single project (e.g., the directory named `pgvector`):
+
+```bash
+make pgvector
+```
+
+### 5. Push all images
+
+To build all images and immediately push them to the configured registry:
+
+```bash
+make push
+```
+
+### 6. Push images for a specific project
+
+To push images for a single project (e.g., the directory named `pgvector`):
+
+```bash
+make push-pgvector
+```
+
+### 7. Dry run mode
+
+To see the commands that would be executed without running the actual `docker
+buildx bake` command, set the `DRY_RUN` flag:
+
+```bash
+make DRY_RUN=true
+# or
+make pgvector DRY_RUN=true
+```