feat: introduce PostGIS extension container image

.github/workflows/bake.yml

@@ -2,6 +2,15 @@ name: Build, test and publish extensions
 
 on:
   push:
+  workflow_dispatch:
+    inputs:
+      extension_name:
+        description: "The PostgreSQL extension to build (directory name)"
+        required: true
+        type: choice
+        options:
+          - pgvector
+          - postgis
 
 defaults:
   run:
@@ -30,14 +39,21 @@ jobs:
           filters: |
             pgvector:
               - 'pgvector/**'
+            postgis:
+              - 'postgis/**'
 
       # Compute a matrix containing the list of all extensions that have been modified
       - name: Compute matrix
         id: get-matrix
         env:
           # JSON array containing the extensions that have been changed
           EXTENSIONS_CHANGED: ${{ steps.filter.outputs.changes }}
+          # Input Extension name
+          INPUT_EXTENSION_NAME: ${{ github.event.inputs.extension_name }}
         run: |
+          if [[ "${{ github.event_name }}" == 'workflow_dispatch' ]]; then
+            EXTENSIONS_CHANGED="[\"$INPUT_EXTENSION_NAME\"]"
+          fi
           echo "{\"name\": $EXTENSIONS_CHANGED}" > matrix.json
           echo "matrix=$(cat matrix.json)" >> "$GITHUB_OUTPUT"
 
@@ -54,7 +70,6 @@ jobs:
       matrix: ${{ fromJSON(needs.change-triage.outputs.matrix) }}
     uses: ./.github/workflows/bake_targets.yml
     with:
-      environment: ${{ (github.ref == 'refs/heads/main') && 'production' || 'testing'}}
       extension_name: ${{ matrix.name }}
     secrets:
       SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}

.github/workflows/bake_targets.yml

@@ -3,11 +3,6 @@ name: Build, test and publish a target extension
 on:
   workflow_call:
     inputs:
-      environment:
-        description: "Target environment for the image build (e.g. testing, production)."
-        required: true
-        type: string
-        default: "testing"
       extension_name:
         description: "The PostgreSQL extension to build (directory name)"
         required: true
@@ -59,7 +54,7 @@ jobs:
           registry: ghcr.io/${{ github.repository_owner }}
           revision: ${{ github.sha }}
         with:
-          files: ./${{ inputs.extension_name }}/metadata.json,./docker-bake.hcl
+          files: ./${{ inputs.extension_name }}/metadata.hcl,./docker-bake.hcl
           push: true
 
       # From bake's metadata, extract each unique tag (e.g. the ones with the timestamp)
@@ -93,6 +88,7 @@ jobs:
     needs:
       - testbuild
     strategy:
+      fail-fast: false
       matrix:
         image: ${{fromJson(needs.testbuild.outputs.images)}}
     steps:
@@ -119,6 +115,7 @@ jobs:
     needs:
       - testbuild
     strategy:
+      fail-fast: false
       matrix:
         image: ${{fromJson(needs.testbuild.outputs.images)}}
         cnpg: ["main", "1.27"]
@@ -133,6 +130,12 @@ jobs:
         with:
           persist-credentials: false
 
+      - name: Install Go
+        uses: actions/setup-go@4dc6199c7b1a012772edbd06daecab0f50c9053c # v6
+        with:
+          cache: false
+          go-version: 'stable'
+
       - name: Create kind cluster
         uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0
         with:
@@ -158,16 +161,17 @@ jobs:
           EXT_IMAGE: ${{ matrix.image }}
         run: |
           # Get the PG base image
-          PG_IMAGE=$(skopeo inspect "docker://$EXT_IMAGE" -f '{{ json .Labels }}' | jq -r '."io.cloudnativepg.image.base.name"')
+          export PG_IMAGE=$(skopeo inspect "docker://$EXT_IMAGE" -f '{{ json .Labels }}' | jq -r '."io.cloudnativepg.image.base.name"')
 
-          # Merge metadata.json with runtime values to generate Chainsaw values.yaml
-          jq --arg ext_image "$EXT_IMAGE" \
-             --arg pg_image "$PG_IMAGE" \
-            '.metadata + { extension_image: $ext_image, pg_image: $pg_image }' \
-            "$EXT_NAME/metadata.json" > "$EXT_NAME/values.json"
+          go install github.com/tmccombs/hcl2json@v0.6.8
+          go install github.com/mikefarah/yq/v4@v4
 
-          # Convert to YAML
-          yq -p json -o yaml "$EXT_NAME/values.json" > "$EXT_NAME/values.yaml"
+          # Convert metadata.hcl to YAML and merge it with runtime values to generate a valid Chainsaw values.yaml
+          yq eval -P '
+            .metadata.extension_image = strenv(EXT_IMAGE) |
+            .metadata.pg_image = strenv(PG_IMAGE) |
+            .metadata
+          ' <(hcl2json "$EXT_NAME/metadata.hcl") > "$EXT_NAME/values.yaml"
           cat "$EXT_NAME/values.yaml"
 
       - name: Install Chainsaw
@@ -187,9 +191,7 @@ jobs:
 
   copytoproduction:
     name: Copy images to production
-    if: |
-      github.ref == 'refs/heads/main' &&
-      ( github.event.inputs.environment == 'production' || github.event_name == 'schedule' )
+    if: ${{ github.ref == 'refs/heads/main' }}
     runs-on: ubuntu-24.04
     needs:
       - testbuild

README.md

@@ -21,6 +21,7 @@ in CloudNativePG.
 ## Supported Extensions
 
 - [pgvector](pgvector) - Open-source vector similarity search for PostgreSQL
+- [PostGIS](postgis) - Open-source geospatial database extension for PostgreSQL
 
 ---
 

docker-bake.hcl

@@ -28,7 +28,7 @@ variable "pgVersions" {
   ]
 }
 
-fullname = ( environment == "testing") ? "${registry}/${metadata.name}-testing" : "${registry}/${metadata.name}"
+fullname = ( environment == "testing") ? "${registry}/${metadata.image_name}-testing" : "${registry}/${metadata.image_name}"
 now = timestamp()
 authors = "The CloudNativePG Contributors"
 url = "https://github.com/cloudnative-pg/postgres-extensions-containers"

pgvector/metadata.hcl

@@ -0,0 +1,20 @@
+metadata = {
+  name                     = "pgvector"
+  sql_name                 = "vector"
+  image_name               = "pgvector"
+  shared_preload_libraries = []
+  extension_control_path   = []
+  dynamic_library_path     = []
+  ld_library_path          = []
+
+  versions = {
+    bookworm = {
+      // renovate: suite=bookworm-pgdg depName=postgresql-18-pgvector
+      "18" = "0.8.1-2.pgdg12+1"
+    }
+    trixie = {
+      // renovate: suite=trixie-pgdg depName=postgresql-18-pgvector
+      "18" = "0.8.1-2.pgdg13+1"
+    }
+  }
+}

postgis/Dockerfile

@@ -0,0 +1,77 @@
+ARG BASE=ghcr.io/cloudnative-pg/postgresql:18-minimal-trixie
+FROM $BASE AS builder
+
+ARG PG_MAJOR
+ARG EXT_VERSION
+ARG POSTGIS_MAJOR
+
+USER 0
+
+RUN set -eux && \
+	# Initial system libraries
+	ldconfig -p | awk '{print $NF}' | grep '^/' | sort | uniq > /tmp/base-image-libs.out && \
+	# Install PostGIS
+	apt-get update && \
+	apt-get install -y --no-install-recommends \
+		"postgresql-${PG_MAJOR}-postgis-${POSTGIS_MAJOR}=${EXT_VERSION}"
+
+# Gather PostGIS system libraries and their licenses
+RUN mkdir -p /system /licenses && \
+	# Get libraries
+	ldd /usr/lib/postgresql/${PG_MAJOR}/lib/address_standardizer*.so \
+		/usr/lib/postgresql/${PG_MAJOR}/lib/postgis*.so \
+		| awk '{print $3}' | grep '^/' | sort | uniq > /tmp/all-deps.out && \
+	# Extract all the libs that aren't already part of the base image
+	comm -13 /tmp/base-image-libs.out /tmp/all-deps.out > /tmp/libraries.out && \
+	while read -r lib; do \
+		resolved=$(readlink -f "$lib"); \
+		dir=$(dirname "$lib"); \
+		base=$(basename "$lib"); \
+		# Copy the real file
+		cp -a "$resolved" /system/; \
+		# Reconstruct all its symlinks
+		for file in "$dir"/"${base%.so*}.so"*; do \
+			[ -e "$file" ] || continue; \
+			# If it's a symlink and it resolves to the same real file, we reconstruct it
+			if [ -L "$file" ] && [ "$(readlink -f "$file")" = "$resolved" ]; then \
+				ln -sf "$(basename "$resolved")" "/system/$(basename "$file")"; \
+			fi; \
+		done; \
+	done < /tmp/libraries.out && \
+	# Get licenses
+	for lib in $(find /system -maxdepth 1 -type f -name '*.so*'); do \
+		# Get the name of the pkg that installed the library
+		pkg=$(dpkg -S "$(basename "$lib")" | grep -v "diversion by" | awk -F: '/:/{print $1; exit}'); \
+		[ -z "$pkg" ] && continue; \
+		mkdir -p "/licenses/$pkg" && cp -a "/usr/share/doc/$pkg/copyright" "/licenses/$pkg/copyright"; \
+	done
+
+
+FROM scratch
+ARG PG_MAJOR
+ARG POSTGIS_MAJOR
+
+# Licenses
+COPY --from=builder /licenses /licenses/
+COPY --from=builder /usr/share/doc/postgresql-${PG_MAJOR}-postgis-${POSTGIS_MAJOR}/copyright /licenses/postgresql-${PG_MAJOR}-postgis-${POSTGIS_MAJOR}/
+
+# Libraries
+COPY --from=builder \
+	/usr/lib/postgresql/${PG_MAJOR}/lib/address_standardizer* \
+	/usr/lib/postgresql/${PG_MAJOR}/lib/postgis* \
+	/lib/
+
+COPY --from=builder /usr/lib/postgresql/18/lib/bitcode/ /lib/bitcode/
+
+# Share
+COPY --from=builder \
+	/usr/share/postgresql/${PG_MAJOR}/extension/address_standardizer* \
+	/usr/share/postgresql/${PG_MAJOR}/extension/postgis* \
+	/share/extension/
+
+COPY --from=builder /usr/share/postgresql/${PG_MAJOR}/contrib/postgis* /share/contrib/
+
+# System libs
+COPY --from=builder /system /system/
+
+USER 65532:65532