feat: multiple versions for the pgaudit extension #210
  
    
      This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
      Learn more about bidirectional Unicode characters
    
  
  
    
  | name: Testinfra Integration Tests Nix | |
| on: | |
| pull_request: | |
| workflow_dispatch: | |
| permissions: | |
| contents: read | |
| id-token: write | |
| jobs: | |
| prepare: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| postgres_versions: ${{ steps.set-versions.outputs.postgres_versions }} | |
| steps: | |
| - name: Checkout Repo | |
| uses: supabase/postgres/.github/actions/shared-checkout@HEAD | |
| - uses: DeterminateSystems/nix-installer-action@main | |
| - name: Clean Nix store before build | |
| run: | | |
| sudo nix-collect-garbage -d || true | |
| sudo nix-store --optimize || true | |
| df -h / # Display available space | |
| - name: Set PostgreSQL versions | |
| id: set-versions | |
| run: | | |
| VERSIONS=$(nix run nixpkgs#yq -- '.postgres_major[]' ansible/vars.yml | nix run nixpkgs#jq -- -R -s -c 'split("\n")[:-1]') | |
| echo "postgres_versions=$VERSIONS" >> $GITHUB_OUTPUT | |
| test-ami-nix: | |
| needs: prepare | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| postgres_version: ${{ fromJson(needs.prepare.outputs.postgres_versions) }} | |
| include: | |
| - runner: arm-runner | |
| arch: arm64 | |
| ubuntu_release: focal | |
| ubuntu_version: 20.04 | |
| mcpu: neoverse-n1 | |
| runs-on: ${{ matrix.runner }} | |
| timeout-minutes: 150 | |
| permissions: | |
| contents: write | |
| packages: write | |
| id-token: write | |
| steps: | |
| - name: Checkout Repo | |
| uses: supabase/postgres/.github/actions/shared-checkout@HEAD | |
| - id: args | |
| uses: mikefarah/yq@master | |
| with: | |
| cmd: yq 'to_entries | map(select(.value|type == "!!str")) | map(.key + "=" + .value) | join("\n")' 'ansible/vars.yml' | |
| - run: docker context create builders | |
| - uses: docker/setup-buildx-action@v3 | |
| with: | |
| endpoint: builders | |
| - name: Generate random string | |
| id: random | |
| run: echo "random_string=$(openssl rand -hex 8)" >> $GITHUB_OUTPUT | |
| - name: Set PostgreSQL version environment variable | |
| run: echo "POSTGRES_MAJOR_VERSION=${{ matrix.postgres_version }}" >> $GITHUB_ENV | |
| - name: Generate common-nix.vars.pkr.hcl | |
| run: | | |
| PG_VERSION=$(sudo nix run nixpkgs#yq -- '.postgres_release["postgres'${{ matrix.postgres_version }}'"]' ansible/vars.yml) | |
| PG_VERSION=$(echo "$PG_VERSION" | tr -d '"') # Remove any surrounding quotes | |
| echo 'postgres-version = "'$PG_VERSION'"' > common-nix.vars.pkr.hcl | |
| # Ensure there's a newline at the end of the file | |
| echo "" >> common-nix.vars.pkr.hcl | |
| - name: Build AMI stage 1 | |
| run: | | |
| packer init amazon-arm64-nix.pkr.hcl | |
| GIT_SHA=${{github.sha}} | |
| packer build -var "git-head-version=${GIT_SHA}" -var "packer-execution-id=${GITHUB_RUN_ID}" -var-file="development-arm.vars.pkr.hcl" -var-file="common-nix.vars.pkr.hcl" -var "ansible_arguments=" -var "postgres-version=${{ steps.random.outputs.random_string }}" -var "region=ap-southeast-1" -var 'ami_regions=["ap-southeast-1"]' -var "force-deregister=true" -var "ansible_arguments=-e postgresql_major=${POSTGRES_MAJOR_VERSION}" amazon-arm64-nix.pkr.hcl | |
| - name: Clean up after AMI stage 1 | |
| if: always() # Run even if previous steps fail | |
| run: | | |
| sudo nix-collect-garbage -d # Delete old generations of all profiles | |
| sudo rm -rf /tmp/* # Clean temporary files | |
| df -h / # Display available space | |
| - name: Build AMI stage 2 | |
| run: | | |
| packer init stage2-nix-psql.pkr.hcl | |
| GIT_SHA=${{github.sha}} | |
| packer build -var "git-head-version=${GIT_SHA}" -var "packer-execution-id=${GITHUB_RUN_ID}" -var "postgres_major_version=${POSTGRES_MAJOR_VERSION}" -var-file="development-arm.vars.pkr.hcl" -var-file="common-nix.vars.pkr.hcl" -var "postgres-version=${{ steps.random.outputs.random_string }}" -var "region=ap-southeast-1" -var 'ami_regions=["ap-southeast-1"]' -var "force-deregister=true" -var "git_sha=${GITHUB_SHA}" stage2-nix-psql.pkr.hcl | |
| - name: Clean up after AMI stage 2 | |
| if: always() # Run even if previous steps fail | |
| run: | | |
| sudo nix-collect-garbage -d # Delete old generations of all profiles | |
| sudo rm -rf /tmp/* # Clean temporary files | |
| df -h / # Display available space | |
| - name: Run tests | |
| timeout-minutes: 10 | |
| env: | |
| AMI_NAME: "supabase-postgres-${{ steps.random.outputs.random_string }}" | |
| run: | | |
| # TODO: use poetry for pkg mgmt | |
| pip3 install boto3 boto3-stubs[essential] docker ec2instanceconnectcli pytest pytest-testinfra[paramiko,docker] requests | |
| pytest -vv -s testinfra/test_ami_nix.py | |
| - name: Cleanup resources on build cancellation | |
| if: ${{ cancelled() }} | |
| run: | | |
| aws ec2 --region ap-southeast-1 describe-instances --filters "Name=tag:packerExecutionId,Values=${GITHUB_RUN_ID}" --query "Reservations[].Instances[].InstanceId" --output text | xargs -r aws ec2 terminate-instances --region ap-southeast-1 --instance-ids | |
| - name: Cleanup resources after build | |
| if: ${{ always() }} | |
| run: | | |
| aws ec2 --region ap-southeast-1 describe-instances --filters "Name=tag:testinfra-run-id,Values=${GITHUB_RUN_ID}" --query "Reservations[].Instances[].InstanceId" --output text | xargs -r aws ec2 terminate-instances --region ap-southeast-1 --instance-ids || true | |
| - name: Cleanup AMIs | |
| if: always() | |
| run: | | |
| # Define AMI name patterns | |
| STAGE1_AMI_NAME="supabase-postgres-ci-ami-test-stage-1" | |
| STAGE2_AMI_NAME="${{ steps.random.outputs.random_string }}" | |
| # Function to deregister AMIs by name pattern | |
| deregister_ami_by_name() { | |
| local ami_name_pattern=$1 | |
| local ami_ids=$(aws ec2 describe-images --region ap-southeast-1 --owners self --filters "Name=name,Values=${ami_name_pattern}" --query 'Images[*].ImageId' --output text) | |
| for ami_id in $ami_ids; do | |
| echo "Deregistering AMI: $ami_id" | |
| aws ec2 deregister-image --region ap-southeast-1 --image-id $ami_id | |
| done | |
| } | |
| # Deregister AMIs | |
| deregister_ami_by_name "$STAGE1_AMI_NAME" | |
| deregister_ami_by_name "$STAGE2_AMI_NAME" |