Merge branch 'develop' into TheOtherBrian1-patch-1

Author: TheOtherBrian1

.github/workflows/ami-release-nix.yml

@@ -55,7 +55,7 @@ jobs:
       - name: Run checks if triggered manually
         if: ${{ github.event_name == 'workflow_dispatch' }}
         run: |
-          SUFFIX=$(sudo nix run nixpkgs#yq -- '.postgres_release["postgres${{ matrix.postgres_version }}"]' ansible/vars.yml | sed -E 's/[0-9\.]+(.*)$/\1/')
+          SUFFIX=$(sudo nix run nixpkgs#yq -- ".postgres_release[\"postgres${{ matrix.postgres_version }}\"]" ansible/vars.yml | sed -E 's/[0-9\.]+(.*)$/\1/')
           if [[ -z $SUFFIX ]] ; then
             echo "Version must include non-numeric characters if built manually."
             exit 1

.github/workflows/dockerhub-release-15-6.yml renamed to .github/workflows/dockerhub-release-15-8.yml

@@ -60,7 +60,7 @@ jobs:
           platforms: linux/${{ matrix.arch }}
           cache-from: type=gha,scope=${{ github.ref_name }}-latest-${{ matrix.arch }}
           cache-to: type=gha,mode=max,scope=${{ github.ref_name }}-latest-${{ matrix.arch }}
-          file: "Dockerfile-156"
+          file: "Dockerfile-158"
       - name: Slack Notification
         if: ${{ failure() }}
         uses: rtCamp/action-slack-notify@v2

.github/workflows/dockerhub-release-aio.yml

@@ -74,6 +74,7 @@ jobs:
           push: true
           build-args: |
             postgres_version=${{ needs.settings.outputs.base_docker_version }}
+            envoy_lds=lds.supabase.yaml
             ${{ needs.settings.outputs.build_args }}
           target: production
           tags: ${{ needs.settings.outputs.image_tag }}_${{ matrix.arch }}

.github/workflows/dockerhub-release-matrix.yml

@@ -0,0 +1,240 @@
+name: Release all major versions on Dockerhub
+
+on:
+  push:
+    branches:
+      - develop
+      - release/*
+    paths:
+      - ".github/workflows/dockerhub-release-matrix.yml"
+  workflow_dispatch:
+ 
+jobs:
+  prepare:
+    runs-on: ubuntu-latest
+    outputs:
+      matrix_config: ${{ steps.set-matrix.outputs.matrix_config }}
+    steps:
+      - uses: DeterminateSystems/nix-installer-action@main
+      - name: Checkout Repo
+        uses: actions/checkout@v3
+      - name: Generate build matrix
+        id: set-matrix
+        run: |
+          nix run nixpkgs#nushell -- -c 'let versions = (open ansible/vars.yml | get postgres_major)
+          let matrix = ($versions | each { |ver|
+            let version = ($ver | str trim)
+            let dockerfile = $"Dockerfile-($version)"
+            if ($dockerfile | path exists) {
+              {
+                version: $version,
+                dockerfile: $dockerfile
+              }
+            } else {
+              null
+            }
+          } | compact)
+
+          let matrix_config = {
+            include: $matrix
+          }
+
+          $"matrix_config=($matrix_config | to json -r)" | save --append $env.GITHUB_OUTPUT'
+  build:
+    needs: prepare
+    strategy:
+      matrix: ${{ fromJson(needs.prepare.outputs.matrix_config) }}
+    runs-on: ubuntu-latest
+    outputs:
+      build_args: ${{ steps.args.outputs.result }}
+    steps:
+      - uses: actions/checkout@v3
+      - uses: DeterminateSystems/nix-installer-action@main
+      - name: Set PostgreSQL version environment variable
+        run: echo "POSTGRES_MAJOR_VERSION=${{ matrix.version }}" >> $GITHUB_ENV
+      
+      - id: args
+        run: |
+          nix run nixpkgs#nushell -- -c '
+            open ansible/vars.yml 
+            | items { |key value| {name: $key, item: $value} } 
+            | where { |it| ($it.item | describe) == "string" } 
+            | each { |it| $"($it.name)=($it.item)" } 
+            | str join "\n" 
+            | save --append $env.GITHUB_OUTPUT
+          '    
+  build_release_image:
+    needs: [prepare, build]
+    strategy:
+      matrix:
+        postgres: ${{ fromJson(needs.prepare.outputs.matrix_config).include }}
+        arch: [amd64, arm64]
+    runs-on: ${{ matrix.arch == 'amd64' && 'ubuntu-latest' || 'arm-runner' }}
+    timeout-minutes: 180
+    steps:
+      - uses: actions/checkout@v3
+      - uses: DeterminateSystems/nix-installer-action@main
+      - run: docker context create builders
+      - uses: docker/setup-buildx-action@v3
+        with:
+          endpoint: builders
+      - uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+      - name: Get image tag
+        id: image
+        run: |
+          if [[ "${{ matrix.arch }}" == "arm64" ]]; then
+            pg_version=$(sudo nix run nixpkgs#nushell -- -c '
+              let version = "${{ matrix.postgres.version }}"
+              let release_key = if ($version | str contains "orioledb") {
+                $"postgresorioledb-17"
+              } else {
+                $"postgres($version)"
+              }
+              open ansible/vars.yml | get postgres_release | get $release_key | str trim
+            ')
+            echo "pg_version=supabase/postgres:$pg_version" >> $GITHUB_OUTPUT
+          else
+            pg_version=$(nix run nixpkgs#nushell -- -c '
+              let version = "${{ matrix.postgres.version }}"
+              let release_key = if ($version | str contains "orioledb") {
+                $"postgresorioledb-17"
+              } else {
+                $"postgres($version)"
+              }
+              open ansible/vars.yml | get postgres_release | get $release_key | str trim
+            ')
+            echo "pg_version=supabase/postgres:$pg_version" >> $GITHUB_OUTPUT
+          fi
+      - id: build
+        uses: docker/build-push-action@v5
+        with:
+          push: true
+          build-args: |
+            ${{ needs.build.outputs.build_args }}
+          target: production
+          tags: ${{ steps.image.outputs.pg_version }}_${{ matrix.arch }}
+          platforms: linux/${{ matrix.arch }}
+          cache-from: type=gha,scope=${{ github.ref_name }}-latest-${{ matrix.arch }}
+          cache-to: type=gha,mode=max,scope=${{ github.ref_name }}-latest-${{ matrix.arch }}
+          file: ${{ matrix.postgres.dockerfile }}
+  merge_manifest:
+    needs: [prepare, build, build_release_image]
+    strategy:
+      matrix:
+        include: ${{ fromJson(needs.prepare.outputs.matrix_config).include }}
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: DeterminateSystems/nix-installer-action@main
+      - uses: docker/setup-buildx-action@v3
+      - uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+      - name: Get image tag
+        id: get_version
+        run: |
+          nix run nixpkgs#nushell -- -c '
+            let version = "${{ matrix.version }}"
+            let release_key = if ($version | str contains "orioledb") {
+              $"postgresorioledb-17"
+            } else {
+              $"postgres($version)"
+            }
+            let pg_version = (open ansible/vars.yml | get postgres_release | get $release_key | str trim)
+            $"pg_version=supabase/postgres:($pg_version)" | save --append $env.GITHUB_OUTPUT
+          '
+      - name: Output version
+        id: output_version
+        run: |
+          echo "result=${{ steps.get_version.outputs.pg_version }}" >> $GITHUB_OUTPUT
+      - name: Collect versions
+        id: collect_versions
+        run: |
+          echo "${{ steps.output_version.outputs.result }}" >> results.txt  # Append results
+      - name: Upload Results Artifact
+        uses: actions/upload-artifact@v3
+        with:
+          name: merge_results-${{ matrix.version }}
+          path: results.txt
+          if-no-files-found: warn
+      - name: Merge multi-arch manifests
+        run: |
+          docker buildx imagetools create -t ${{ steps.get_version.outputs.pg_version }} \
+          ${{ steps.get_version.outputs.pg_version }}_amd64 \
+          ${{ steps.get_version.outputs.pg_version }}_arm64
+  combine_results:
+    needs: [prepare, merge_manifest]
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: DeterminateSystems/nix-installer-action@main
+
+      - name: Debug Input from Prepare
+        run: |
+          echo "Raw matrix_config output:"
+          echo "${{ needs.prepare.outputs.matrix_config }}"
+      - name: Get Versions from Matrix Config
+        id: get_versions
+        run: |
+          nix run nixpkgs#nushell -- -c '
+            # Parse the matrix configuration directly
+            let matrix_config = (${{ toJson(needs.prepare.outputs.matrix_config) }} | from json)
+      
+            # Get versions directly from include array
+            let versions = ($matrix_config.include | get version)
+      
+            echo "Versions: $versions"
+      
+            # Convert the versions to a comma-separated string
+            let versions_str = ($versions | str join ",")
+            $"versions=$versions_str" | save --append $env.GITHUB_ENV
+          '
+      - name: Download Results Artifacts
+        uses: actions/download-artifact@v3
+        with:
+          pattern: merge_results-*
+      - name: Combine Results
+        id: combine
+        run: |
+          nix run nixpkgs#nushell -- -c '
+            # Get all results files and process them in one go
+            let files = (ls **/results.txt | get name)
+            echo $"Found files: ($files)"
+            
+            let matrix = {
+              include: (
+                $files
+                | each { |file| open $file }          # Open each file
+                | each { |content| $content | lines }  # Split into lines
+                | flatten                             # Flatten the nested lists
+                | where { |line| $line != "" }        # Filter empty lines
+                | each { |line| 
+                    # Extract just the version part after the last colon
+                    let version = ($line | parse "supabase/postgres:{version}" | get version.0)
+                    {version: $version}
+                }
+              )
+            }
+            
+            let json_output = ($matrix | to json -r)  # -r for raw output
+            echo $"Debug output: ($json_output)"
+            
+            $"matrix=($json_output)" | save --append $env.GITHUB_OUTPUT
+          '
+      - name: Debug Combined Results
+        run: |
+          echo "Combined Results: '${{ steps.combine.outputs.matrix }}'"
+    outputs:
+      matrix: ${{ steps.combine.outputs.matrix }}
+  publish:
+      needs: combine_results
+      strategy:
+        matrix: ${{ fromJson(needs.combine_results.outputs.matrix) }}
+      uses: ./.github/workflows/mirror.yml
+      with:
+        version: ${{ matrix.version }}
+      secrets: inherit

.github/workflows/nix-build.yml

@@ -24,8 +24,10 @@ jobs:
             arch: arm64
           - runner: macos-latest
             arch: arm64
+          - runner: macos-13
+            arch: amd64
     runs-on: ${{ matrix.runner }}
-
+    timeout-minutes: 180
     steps:
 
       - name: Check out code
@@ -40,30 +42,31 @@ jobs:
           role-to-assume: ${{ secrets.DEV_AWS_ROLE }}
           aws-region: "us-east-1"
           output-credentials: true
+          role-duration-seconds: 7200
       - name: write secret key
         # use python so we don't interpolate the secret into the workflow logs, in case of bugs
         run: |
           python -c "import os; file = open('nix-secret-key', 'w'); file.write(os.environ['NIX_SIGN_SECRET_KEY']); file.close()"
         env:
           NIX_SIGN_SECRET_KEY: ${{ secrets.NIX_SIGN_SECRET_KEY }}
       - name: Log in to Docker Hub
-        if: matrix.runner != 'macos-latest'
+        if: matrix.runner != 'macos-latest' && matrix.runner != 'macos-13'
         uses: docker/login-action@v2
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
       - name: Build psql bundle with nix
-        if: matrix.runner != 'macos-latest'
+        if: matrix.runner != 'macos-latest' && matrix.runner != 'macos-13'
         run: docker build -t base_nix -f docker/nix/Dockerfile .
       - name: Run build psql bundle
-        if: matrix.runner != 'macos-latest'
+        if: matrix.runner != 'macos-latest' && matrix.runner != 'macos-13'
         run:  |
           docker run -e AWS_ACCESS_KEY_ID=${{ env.AWS_ACCESS_KEY_ID }} \
                     -e AWS_SECRET_ACCESS_KEY=${{ env.AWS_SECRET_ACCESS_KEY }} \
                     -e AWS_SESSION_TOKEN=${{ env.AWS_SESSION_TOKEN }} \
                     base_nix bash -c "./workspace/docker/nix/build_nix.sh"
       - name: Build psql bundle on macos
-        if: matrix.runner == 'macos-latest'
+        if: matrix.runner == 'macos-latest' || matrix.runner == 'macos-13'
         run: |
           curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install --no-confirm \
           --extra-conf "substituters = https://cache.nixos.org https://nix-postgres-artifacts.s3.amazonaws.com" \

.github/workflows/publish-nix-pgupgrade-bin-flake-version.yml

@@ -42,7 +42,7 @@ jobs:
         id: process_release_version
         run: |
           VERSION=$(sudo nix run nixpkgs#yq -- '.postgres_release["postgres'${{ matrix.postgres_version }}'"]' ansible/vars.yml)
-          VERSION=$(echo $PG_VERSION | tr -d '"')  # Remove any surrounding quotes
+          VERSION=$(echo $VERSION | tr -d '"')  # Remove any surrounding quotes
           if [[ "${{ inputs.postgresVersion }}" != "" ]]; then
             VERSION=${{ inputs.postgresVersion }}
           fi
@@ -92,7 +92,7 @@ jobs:
         id: process_release_version
         run: |
           VERSION=$(sudo nix run nixpkgs#yq -- '.postgres_release["postgres'${{ matrix.postgres_version }}'"]' ansible/vars.yml)
-          VERSION=$(echo $PG_VERSION | tr -d '"')  # Remove any surrounding quotes
+          VERSION=$(echo $VERSION | tr -d '"')  # Remove any surrounding quotes
           echo "version=$VERSION" >> "$GITHUB_OUTPUT"
           echo "major_version=$(echo $VERSION | cut -d'.' -f1)" >> "$GITHUB_OUTPUT"
 

.github/workflows/publish-nix-pgupgrade-scripts.yml

@@ -49,8 +49,8 @@ jobs:
       - name: Grab release version
         id: process_release_version
         run: |
-          VERSION=$(sudo nix run nixpkgs#yq -- '.postgres_release["postgres'${{ matrix.postgres_version }}'"]' ansible/vars.yml)
-          VERSION=$(echo $PG_VERSION | tr -d '"')  # Remove any surrounding quotes
+          VERSION=$(nix run nixpkgs#yq -- '.postgres_release["postgres'${{ matrix.postgres_version }}'"]' ansible/vars.yml)
+          VERSION=$(echo $VERSION | tr -d '"')  # Remove any surrounding quotes
           if [[ "${{ inputs.postgresVersion }}" != "" ]]; then
             VERSION=${{ inputs.postgresVersion }}
           fi
@@ -81,7 +81,6 @@ jobs:
           SLACK_COLOR: 'danger'
           SLACK_MESSAGE: 'Publishing pg_upgrade scripts failed'
           SLACK_FOOTER: ''
-
   publish-prod:
     needs: prepare
     runs-on: ubuntu-latest
@@ -95,12 +94,17 @@ jobs:
     steps:
       - name: Checkout Repo
         uses: actions/checkout@v3
-
+      
+      - uses: DeterminateSystems/nix-installer-action@main
+  
       - name: Grab release version
         id: process_release_version
         run: |
-          VERSION=$(sudo nix run nixpkgs#yq -- '.postgres_release["postgres'${{ matrix.postgres_version }}'"]' ansible/vars.yml)
-          VERSION=$(echo $PG_VERSION | tr -d '"')  # Remove any surrounding quotes
+          VERSION=$(nix run nixpkgs#yq -- '.postgres_release["postgres'${{ matrix.postgres_version }}'"]' ansible/vars.yml)
+          VERSION=$(echo $VERSION | tr -d '"')  # Remove any surrounding quotes
+          if [[ "${{ inputs.postgresVersion }}" != "" ]]; then
+            VERSION=${{ inputs.postgresVersion }}
+          fi
           echo "version=$VERSION" >> "$GITHUB_OUTPUT"
 
       - name: Create a tarball containing pg_upgrade scripts