feat: realease 15 and 16 to staging

Author: samrose

.github/workflows/ami-release-nix.yml

@@ -3,17 +3,40 @@ name: Release AMI Nix
 on:
   push:
     branches:
-      - develop
-      - release/*
+      #- develop
+      #- release/*
+      - sam/15-16-ghactions
     paths:
       - '.github/workflows/ami-release-nix.yml'
       - 'common-nix.vars.pkr.hcl'
+      - 'ansible/vars.yml'
   workflow_dispatch:
 
 jobs:
+  prepare:
+    runs-on: ubuntu-latest
+    outputs:
+      postgres_versions: ${{ steps.set-versions.outputs.postgres_versions }}
+    steps:
+      - name: Checkout Repo
+        uses: actions/checkout@v3
+      
+      - name: Install yq
+        run: |
+          sudo wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64
+          sudo chmod a+x /usr/local/bin/yq
+
+      - name: Set PostgreSQL versions
+        id: set-versions
+        run: |
+          VERSIONS=$(yq eval '.postgres_major[]' ansible/vars.yml | jq -R -s -c 'split("\n")[:-1]')
+          echo "postgres_versions=$VERSIONS" >> $GITHUB_OUTPUT
+
   build:
+    needs: prepare
     strategy:
       matrix:
+        postgres_version: ${{ fromJson(needs.prepare.outputs.postgres_versions) }}
         include:
           - runner: arm-runner
             arch: arm64
@@ -31,42 +54,54 @@ jobs:
       - name: Checkout Repo
         uses: actions/checkout@v3
 
+      - name: Install yq
+        run: |
+          sudo wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64
+          sudo chmod a+x /usr/local/bin/yq
+
       - name: Run checks if triggered manually
         if: ${{ github.event_name == 'workflow_dispatch' }}
-        # Update `ci.yaml` too if changing constraints.
         run: |
-          SUFFIX=$(sed -E 's/postgres-version = "[0-9\.]+(.*)"/\1/g' common-nix.vars.pkr.hcl)
+          SUFFIX=$(yq eval '.postgres_release["postgres${{ matrix.postgres_version }}"]' ansible/vars.yml | sed -E 's/[0-9\.]+(.*)$/\1/')
           if [[ -z $SUFFIX ]] ; then
             echo "Version must include non-numeric characters if built manually."
             exit 1
           fi
 
-      # extensions are build in nix prior to this step
-      # so we can just use the binaries from the nix store
-      # for postgres, extensions and wrappers
+      - name: Set PostgreSQL version environment variable
+        run: echo "POSTGRES_MAJOR_VERSION=${{ matrix.postgres_version }}" >> $GITHUB_ENV
+
+      - name: Generate common-nix.vars.pkr.hcl
+        run: |
+          PG_VERSION=$(yq eval '.postgres_release["postgres${{ matrix.postgres_version }}"]' ansible/vars.yml)
+          echo "postgres-version = \"$PG_VERSION\"" > common-nix.vars.pkr.hcl
 
       - name: Build AMI stage 1
+        env:
+          POSTGRES_MAJOR_VERSION: ${{ env.POSTGRES_MAJOR_VERSION }}
         run: |
           packer init amazon-arm64-nix.pkr.hcl
           GIT_SHA=${{github.sha}}
-          packer build -var "git-head-version=${GIT_SHA}" -var "packer-execution-id=${GITHUB_RUN_ID}" -var-file="development-arm.vars.pkr.hcl" -var-file="common-nix.vars.pkr.hcl" -var "ansible_arguments="  amazon-arm64-nix.pkr.hcl
+          packer build -var "git-head-version=${GIT_SHA}" -var "packer-execution-id=${GITHUB_RUN_ID}" -var "postgres_major_version=${POSTGRES_MAJOR_VERSION}" -var-file="development-arm.vars.pkr.hcl" -var-file="common-nix.vars.pkr.hcl" -var "ansible_arguments=-e postgres_major_version=${POSTGRES_MAJOR_VERSION}"  amazon-arm64-nix.pkr.hcl
 
       - name: Build AMI stage 2
+        env:
+          POSTGRES_MAJOR_VERSION: ${{ env.POSTGRES_MAJOR_VERSION }}
         run: |
           packer init stage2-nix-psql.pkr.hcl
           GIT_SHA=${{github.sha}}
-          packer build -var "git_sha=${GIT_SHA}" -var "git-head-version=${GIT_SHA}" -var "packer-execution-id=${GITHUB_RUN_ID}" -var-file="development-arm.vars.pkr.hcl" -var-file="common-nix.vars.pkr.hcl" stage2-nix-psql.pkr.hcl
+          packer build -var "git_sha=${GIT_SHA}" -var "git-head-version=${GIT_SHA}" -var "packer-execution-id=${GITHUB_RUN_ID}" -var "postgres_major_version=${POSTGRES_MAJOR_VERSION}" -var-file="development-arm.vars.pkr.hcl" -var-file="common-nix.vars.pkr.hcl" -var "ansible_arguments=-e postgres_major_version=${POSTGRES_MAJOR_VERSION}" stage2-nix-psql.pkr.hcl
 
       - name: Grab release version
         id: process_release_version
         run: |
-          VERSION=$(sed -e 's/postgres-version = "\(.*\)"/\1/g' common-nix.vars.pkr.hcl)
-          echo "version=$VERSION" >> "$GITHUB_OUTPUT"
+          VERSION=$(cat common-nix.vars.pkr.hcl | sed -e 's/postgres-version = "\(.*\)"/\1/g')
+          echo "version=$VERSION" >> $GITHUB_OUTPUT
 
       - name: Create nix flake revision tarball
         run: |
           GIT_SHA=${{github.sha}}
-          MAJOR_VERSION=$(echo "${{ steps.process_release_version.outputs.version }}" | cut -d. -f1)
+          MAJOR_VERSION=${{ env.POSTGRES_MAJOR_VERSION }}
 
           mkdir -p "/tmp/pg_upgrade_bin/${MAJOR_VERSION}"
           echo "$GIT_SHA" >> "/tmp/pg_upgrade_bin/${MAJOR_VERSION}/nix_flake_version"
@@ -84,17 +119,13 @@ jobs:
           ansible-playbook -i localhost \
             -e "ami_release_version=${{ steps.process_release_version.outputs.version }}" \
             -e "internal_artifacts_bucket=${{ secrets.ARTIFACTS_BUCKET }}" \
+            -e "postgres_major_version=${{ env.POSTGRES_MAJOR_VERSION }}" \
             manifest-playbook.yml
 
       - name: Upload nix flake revision to s3 staging
         run: |
           aws s3 cp /tmp/pg_binaries.tar.gz s3://${{ secrets.ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/20.04.tar.gz
 
-      #Our self hosted github runner already has permissions to publish images 
-      #but they're limited to only that; 
-      #so if we want s3 access we'll need to config credentials with the below steps 
-      # (which overwrites existing perms) after the ami build
-
       - name: configure aws credentials - prod
         uses: aws-actions/configure-aws-credentials@v4
         with:
@@ -107,6 +138,7 @@ jobs:
           ansible-playbook -i localhost \
             -e "ami_release_version=${{ steps.process_release_version.outputs.version }}" \
             -e "internal_artifacts_bucket=${{ secrets.PROD_ARTIFACTS_BUCKET }}" \
+            -e "postgres_major_version=${{ env.POSTGRES_MAJOR_VERSION }}" \
             manifest-playbook.yml
     
       - name: Upload nix flake revision to s3 prod
@@ -130,12 +162,12 @@ jobs:
           SLACK_MESSAGE: 'Building Postgres AMI failed'
           SLACK_FOOTER: ''
 
-      - name: Cleanup resources on build cancellation
+      - name: Cleanup resources after build
         if: ${{ always() }}
         run: |
-          aws ec2 describe-instances --filters "Name=tag:packerExecutionId,Values=${GITHUB_RUN_ID}" --query "Reservations[].Instances[].InstanceId" --output text | xargs -n 1 -I {} aws ec2 terminate-instances --instance-ids {}
+          aws ec2 describe-instances --filters "Name=tag:packerExecutionId,Values=${GITHUB_RUN_ID}" --query "Reservations[].Instances[].InstanceId" --output text | xargs -r aws ec2 terminate-instances --instance-ids
 
       - name: Cleanup resources on build cancellation
         if: ${{ cancelled() }}
         run: |
-          aws ec2 describe-instances --filters "Name=tag:packerExecutionId,Values=${GITHUB_RUN_ID}" --query "Reservations[].Instances[].InstanceId" --output text | xargs -n 1 -I {} aws ec2 terminate-instances --instance-ids {}
+          aws ec2 describe-instances --filters "Name=tag:packerExecutionId,Values=${GITHUB_RUN_ID}" --query "Reservations[].Instances[].InstanceId" --output text | xargs -r aws ec2 terminate-instances --instance-ids

ansible/tasks/stage2-setup-postgres.yml

@@ -6,7 +6,7 @@
 - name: Install Postgres from nix binary cache
   become: yes
   shell: |
-    sudo -u postgres bash -c ". /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh && nix profile install github:supabase/postgres/{{ git_commit_sha }}#psql_15/bin"
+    sudo -u postgres bash -c ". /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh && nix profile install github:supabase/postgres/{{ git_commit_sha }}#{{psql_version}}/bin"
 #TODO (samrose) switch pg_prove sourcing to develop branch once PR is merged
   when: stage2_nix
 
@@ -22,6 +22,18 @@
     sudo -u postgres bash -c ". /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh && nix profile install github:supabase/postgres/{{ git_commit_sha }}#supabase-groonga"
   when: stage2_nix
 
+- name: Install debug symbols for postgres version
+  become: yes
+  shell: |
+    sudo -u postgres bash -c ". /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh && nix profile install github:supabase/postgres/{{ git_commit_sha }}#{{postgresql_version}}_debug"
+  when: stage2_nix
+
+- name: Install source files for postgresql version
+  become: yes
+  shell: |
+    sudo -u postgres bash -c ". /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh && nix profile install github:supabase/postgres/{{ git_commit_sha }}#{{postgresql_version}}_src"
+  when: stage2_nix
+
 - name: Set ownership and permissions for /etc/ssl/private
   become: yes
   file:

ansible/vars.yml

@@ -2,9 +2,17 @@ supabase_internal: true
 ebssurrogate_mode: true
 async_mode: true
 
-postgresql_major: "15"
-postgresql_release: "15.1"
-postgresql_release_checksum: sha256:ea2cf059a85882654b989acd07edc121833164a30340faee0d3615cf7058e66c
+# postgresql_major: "15"
+# postgresql_release: "15.1"
+# postgresql_release_checksum: sha256:ea2cf059a85882654b989acd07edc121833164a30340faee0d3615cf7058e66c
+postgres_major:
+  - "15"
+  - "16"
+
+# Full version strings for each major version
+postgres_release:
+  postgres15: "15.8.1.003"
+  postgres16: "16.2.0.001"
 
 # Non Postgres Extensions
 pgbouncer_release: "1.19.0"

scripts/nix-provision.sh

@@ -30,11 +30,32 @@ function execute_stage2_playbook {
 callbacks_enabled = timer, profile_tasks, profile_roles
 EOF
     sed -i 's/- hosts: all/- hosts: localhost/' /tmp/ansible-playbook/ansible/playbook.yml
+
+    # Set psql_version and postgresql_version based on POSTGRES_MAJOR_VERSION
+    case "${POSTGRES_MAJOR_VERSION}" in
+        15)
+            psql_version="psql_15"
+            postgresql_version="postgresql15"
+            ;;
+        16)
+            psql_version="psql_16"
+            postgresql_version="postgresql16"
+            ;;
+        *)
+            echo "Error: Unsupported POSTGRES_MAJOR_VERSION: ${POSTGRES_MAJOR_VERSION}"
+            exit 1
+            ;;
+    esac
+
     # Run Ansible playbook
     export ANSIBLE_LOG_PATH=/tmp/ansible.log && export ANSIBLE_REMOTE_TEMP=/tmp
     ansible-playbook /tmp/ansible-playbook/ansible/playbook.yml \
         --extra-vars '{"nixpkg_mode": false, "stage2_nix": true, "debpkg_mode": false}' \
         --extra-vars "git_commit_sha=${GIT_SHA}" \
+        --extra-vars "psql_version=${psql_version}" \
+        --extra-vars "postgresql_version=${postgresql_version}" \
+        --extra-vars "nix_secret_key=${NIX_SECRET_KEY}" \
+        --extra-vars "postgres_major_version=${POSTGRES_MAJOR_VERSION}" \
         $ARGS
 }
 

stage2-nix-psql.pkr.hcl

@@ -56,7 +56,7 @@ packer {
 }
 
 source "amazon-ebs" "ubuntu" {
-  ami_name      = "${var.ami_name}-${var.postgres-version}"
+  ami_name      = "${var.ami_name}-${var.postgres-version}-staging"
   instance_type = "c6g.4xlarge"
   region        = "${var.region}"
   source_ami_filter {