Skip to content

feat: multiple versions for the pgaudit extension #210

feat: multiple versions for the pgaudit extension

feat: multiple versions for the pgaudit extension #210

name: Testinfra Integration Tests Nix
on:
pull_request:
workflow_dispatch:
permissions:
contents: read
id-token: write
jobs:
prepare:
runs-on: ubuntu-latest
outputs:
postgres_versions: ${{ steps.set-versions.outputs.postgres_versions }}
steps:
- name: Checkout Repo
uses: supabase/postgres/.github/actions/shared-checkout@HEAD
- uses: DeterminateSystems/nix-installer-action@main
- name: Clean Nix store before build
run: |
sudo nix-collect-garbage -d || true
sudo nix-store --optimize || true
df -h / # Display available space
- name: Set PostgreSQL versions
id: set-versions
run: |
VERSIONS=$(nix run nixpkgs#yq -- '.postgres_major[]' ansible/vars.yml | nix run nixpkgs#jq -- -R -s -c 'split("\n")[:-1]')
echo "postgres_versions=$VERSIONS" >> $GITHUB_OUTPUT
test-ami-nix:
needs: prepare
strategy:
fail-fast: false
matrix:
postgres_version: ${{ fromJson(needs.prepare.outputs.postgres_versions) }}
include:
- runner: arm-runner
arch: arm64
ubuntu_release: focal
ubuntu_version: 20.04
mcpu: neoverse-n1
runs-on: ${{ matrix.runner }}
timeout-minutes: 150
permissions:
contents: write
packages: write
id-token: write
steps:
- name: Checkout Repo
uses: supabase/postgres/.github/actions/shared-checkout@HEAD
- id: args
uses: mikefarah/yq@master
with:
cmd: yq 'to_entries | map(select(.value|type == "!!str")) | map(.key + "=" + .value) | join("\n")' 'ansible/vars.yml'
- run: docker context create builders
- uses: docker/setup-buildx-action@v3
with:
endpoint: builders
- name: Generate random string
id: random
run: echo "random_string=$(openssl rand -hex 8)" >> $GITHUB_OUTPUT
- name: Set PostgreSQL version environment variable
run: echo "POSTGRES_MAJOR_VERSION=${{ matrix.postgres_version }}" >> $GITHUB_ENV
- name: Generate common-nix.vars.pkr.hcl
run: |
PG_VERSION=$(sudo nix run nixpkgs#yq -- '.postgres_release["postgres'${{ matrix.postgres_version }}'"]' ansible/vars.yml)
PG_VERSION=$(echo "$PG_VERSION" | tr -d '"') # Remove any surrounding quotes
echo 'postgres-version = "'$PG_VERSION'"' > common-nix.vars.pkr.hcl
# Ensure there's a newline at the end of the file
echo "" >> common-nix.vars.pkr.hcl
- name: Build AMI stage 1
run: |
packer init amazon-arm64-nix.pkr.hcl
GIT_SHA=${{github.sha}}
packer build -var "git-head-version=${GIT_SHA}" -var "packer-execution-id=${GITHUB_RUN_ID}" -var-file="development-arm.vars.pkr.hcl" -var-file="common-nix.vars.pkr.hcl" -var "ansible_arguments=" -var "postgres-version=${{ steps.random.outputs.random_string }}" -var "region=ap-southeast-1" -var 'ami_regions=["ap-southeast-1"]' -var "force-deregister=true" -var "ansible_arguments=-e postgresql_major=${POSTGRES_MAJOR_VERSION}" amazon-arm64-nix.pkr.hcl
- name: Clean up after AMI stage 1
if: always() # Run even if previous steps fail
run: |
sudo nix-collect-garbage -d # Delete old generations of all profiles
sudo rm -rf /tmp/* # Clean temporary files
df -h / # Display available space
- name: Build AMI stage 2
run: |
packer init stage2-nix-psql.pkr.hcl
GIT_SHA=${{github.sha}}
packer build -var "git-head-version=${GIT_SHA}" -var "packer-execution-id=${GITHUB_RUN_ID}" -var "postgres_major_version=${POSTGRES_MAJOR_VERSION}" -var-file="development-arm.vars.pkr.hcl" -var-file="common-nix.vars.pkr.hcl" -var "postgres-version=${{ steps.random.outputs.random_string }}" -var "region=ap-southeast-1" -var 'ami_regions=["ap-southeast-1"]' -var "force-deregister=true" -var "git_sha=${GITHUB_SHA}" stage2-nix-psql.pkr.hcl
- name: Clean up after AMI stage 2
if: always() # Run even if previous steps fail
run: |
sudo nix-collect-garbage -d # Delete old generations of all profiles
sudo rm -rf /tmp/* # Clean temporary files
df -h / # Display available space
- name: Run tests
timeout-minutes: 10
env:
AMI_NAME: "supabase-postgres-${{ steps.random.outputs.random_string }}"
run: |
# TODO: use poetry for pkg mgmt
pip3 install boto3 boto3-stubs[essential] docker ec2instanceconnectcli pytest pytest-testinfra[paramiko,docker] requests
pytest -vv -s testinfra/test_ami_nix.py
- name: Cleanup resources on build cancellation
if: ${{ cancelled() }}
run: |
aws ec2 --region ap-southeast-1 describe-instances --filters "Name=tag:packerExecutionId,Values=${GITHUB_RUN_ID}" --query "Reservations[].Instances[].InstanceId" --output text | xargs -r aws ec2 terminate-instances --region ap-southeast-1 --instance-ids
- name: Cleanup resources after build
if: ${{ always() }}
run: |
aws ec2 --region ap-southeast-1 describe-instances --filters "Name=tag:testinfra-run-id,Values=${GITHUB_RUN_ID}" --query "Reservations[].Instances[].InstanceId" --output text | xargs -r aws ec2 terminate-instances --region ap-southeast-1 --instance-ids || true
- name: Cleanup AMIs
if: always()
run: |
# Define AMI name patterns
STAGE1_AMI_NAME="supabase-postgres-ci-ami-test-stage-1"
STAGE2_AMI_NAME="${{ steps.random.outputs.random_string }}"
# Function to deregister AMIs by name pattern
deregister_ami_by_name() {
local ami_name_pattern=$1
local ami_ids=$(aws ec2 describe-images --region ap-southeast-1 --owners self --filters "Name=name,Values=${ami_name_pattern}" --query 'Images[*].ImageId' --output text)
for ami_id in $ami_ids; do
echo "Deregistering AMI: $ami_id"
aws ec2 deregister-image --region ap-southeast-1 --image-id $ami_id
done
}
# Deregister AMIs
deregister_ami_by_name "$STAGE1_AMI_NAME"
deregister_ami_by_name "$STAGE2_AMI_NAME"