Release Single AMI Nix #21
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release Single AMI Nix | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| postgres_version: | |
| description: 'PostgreSQL major version to build (e.g. 15)' | |
| required: true | |
| type: string | |
| branch: | |
| description: 'Branch to run the workflow from' | |
| required: true | |
| type: string | |
| default: 'main' | |
| release_to_prod: | |
| description: 'Release AMI to production (will also create GitHub release)' | |
| required: false | |
| type: boolean | |
| default: false | |
| permissions: | |
| contents: write | |
| id-token: write | |
| jobs: | |
| build: | |
| runs-on: large-linux-arm | |
| timeout-minutes: 150 | |
| steps: | |
| - name: Checkout Repo | |
| uses: supabase/postgres/.github/actions/shared-checkout@HEAD | |
| with: | |
| ref: ${{ github.event.inputs.branch }} | |
| - name: aws-creds | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ secrets.DEV_AWS_ROLE }} | |
| aws-region: "us-east-1" | |
| output-credentials: true | |
| role-duration-seconds: 7200 | |
| - name: Get current branch SHA | |
| id: get_sha | |
| run: | | |
| echo "sha=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT | |
| - uses: DeterminateSystems/nix-installer-action@main | |
| - name: Set PostgreSQL version environment variable | |
| run: echo "POSTGRES_MAJOR_VERSION=${{ github.event.inputs.postgres_version }}" >> $GITHUB_ENV | |
| - name: Generate common-nix.vars.pkr.hcl | |
| run: | | |
| PG_VERSION=$(nix run nixpkgs#yq-go -- '.postgres_release["postgres'${{ env.POSTGRES_MAJOR_VERSION }}'"]' ansible/vars.yml) | |
| PG_VERSION=$(echo "$PG_VERSION" | tr -d '"') # Remove any surrounding quotes | |
| echo 'postgres-version = "'$PG_VERSION'"' > common-nix.vars.pkr.hcl | |
| # Ensure there's a newline at the end of the file | |
| echo "" >> common-nix.vars.pkr.hcl | |
| - name: Build AMI stage 1 | |
| env: | |
| POSTGRES_MAJOR_VERSION: ${{ env.POSTGRES_MAJOR_VERSION }} | |
| run: | | |
| packer init amazon-arm64-nix.pkr.hcl | |
| GIT_SHA=${{ steps.get_sha.outputs.sha }} | |
| packer build -var "git-head-version=${GIT_SHA}" -var "packer-execution-id=${GITHUB_RUN_ID}" -var-file="development-arm.vars.pkr.hcl" -var-file="common-nix.vars.pkr.hcl" -var "ansible_arguments=-e postgresql_major=${POSTGRES_MAJOR_VERSION}" amazon-arm64-nix.pkr.hcl | |
| - name: Build AMI stage 2 | |
| env: | |
| POSTGRES_MAJOR_VERSION: ${{ env.POSTGRES_MAJOR_VERSION }} | |
| run: | | |
| packer init stage2-nix-psql.pkr.hcl | |
| GIT_SHA=${{ steps.get_sha.outputs.sha }} | |
| POSTGRES_MAJOR_VERSION=${{ env.POSTGRES_MAJOR_VERSION }} | |
| packer build -var "git_sha=${GIT_SHA}" -var "git-head-version=${GIT_SHA}" -var "packer-execution-id=${GITHUB_RUN_ID}" -var "postgres_major_version=${POSTGRES_MAJOR_VERSION}" -var-file="development-arm.vars.pkr.hcl" -var-file="common-nix.vars.pkr.hcl" stage2-nix-psql.pkr.hcl | |
| - name: Grab release version | |
| id: process_release_version | |
| run: | | |
| VERSION=$(cat common-nix.vars.pkr.hcl | sed -e 's/postgres-version = "\(.*\)"/\1/g') | |
| echo "version=$VERSION" >> $GITHUB_OUTPUT | |
| - name: Create nix flake revision tarball | |
| run: | | |
| GIT_SHA=${{ steps.get_sha.outputs.sha }} | |
| MAJOR_VERSION=${{ env.POSTGRES_MAJOR_VERSION }} | |
| mkdir -p "/tmp/pg_upgrade_bin/${MAJOR_VERSION}" | |
| echo "$GIT_SHA" >> "/tmp/pg_upgrade_bin/${MAJOR_VERSION}/nix_flake_version" | |
| tar -czf "/tmp/pg_binaries.tar.gz" -C "/tmp/pg_upgrade_bin" . | |
| - name: configure aws credentials - staging | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ secrets.DEV_AWS_ROLE }} | |
| aws-region: "us-east-1" | |
| - name: Upload software manifest to s3 staging | |
| run: | | |
| cd ansible | |
| ansible-playbook -i localhost \ | |
| -e "ami_release_version=${{ steps.process_release_version.outputs.version }}" \ | |
| -e "internal_artifacts_bucket=${{ secrets.ARTIFACTS_BUCKET }}" \ | |
| -e "postgres_major_version=${{ env.POSTGRES_MAJOR_VERSION }}" \ | |
| manifest-playbook.yml | |
| - name: Upload nix flake revision to s3 staging | |
| run: | | |
| aws s3 cp /tmp/pg_binaries.tar.gz s3://${{ secrets.ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/20.04.tar.gz | |
| - name: configure aws credentials - prod | |
| if: ${{ github.event.inputs.release_to_prod == 'true' }} | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ secrets.PROD_AWS_ROLE }} | |
| aws-region: "us-east-1" | |
| - name: Upload software manifest to s3 prod | |
| if: ${{ github.event.inputs.release_to_prod == 'true' }} | |
| run: | | |
| cd ansible | |
| ansible-playbook -i localhost \ | |
| -e "ami_release_version=${{ steps.process_release_version.outputs.version }}" \ | |
| -e "internal_artifacts_bucket=${{ secrets.PROD_ARTIFACTS_BUCKET }}" \ | |
| -e "postgres_major_version=${{ env.POSTGRES_MAJOR_VERSION }}" \ | |
| manifest-playbook.yml | |
| - name: Upload nix flake revision to s3 prod | |
| if: ${{ github.event.inputs.release_to_prod == 'true' }} | |
| run: | | |
| aws s3 cp /tmp/pg_binaries.tar.gz s3://${{ secrets.PROD_ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/20.04.tar.gz | |
| - name: Create release | |
| if: ${{ github.event.inputs.release_to_prod == 'true' }} | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| name: ${{ steps.process_release_version.outputs.version }} | |
| tag_name: ${{ steps.process_release_version.outputs.version }} | |
| target_commitish: ${{ steps.get_sha.outputs.sha }} | |
| - name: Slack Notification on Failure | |
| if: ${{ failure() }} | |
| uses: rtCamp/action-slack-notify@v2 | |
| env: | |
| SLACK_WEBHOOK: ${{ secrets.SLACK_NOTIFICATIONS_WEBHOOK }} | |
| SLACK_USERNAME: 'gha-failures-notifier' | |
| SLACK_COLOR: 'danger' | |
| SLACK_MESSAGE: 'Building Postgres AMI failed' | |
| SLACK_FOOTER: '' | |
| - name: Cleanup resources after build | |
| if: ${{ always() }} | |
| run: | | |
| aws ec2 describe-instances --filters "Name=tag:packerExecutionId,Values=${GITHUB_RUN_ID}" --query "Reservations[].Instances[].InstanceId" --output text | xargs -r aws ec2 terminate-instances --instance-ids | |
| - name: Cleanup resources on build cancellation | |
| if: ${{ cancelled() }} | |
| run: | | |
| aws ec2 describe-instances --filters "Name=tag:packerExecutionId,Values=${GITHUB_RUN_ID}" --query "Reservations[].Instances[].InstanceId" --output text | xargs -r aws ec2 terminate-instances --instance-ids |