@@ -3,17 +3,40 @@ name: Release AMI Nix
3
3
on :
4
4
push :
5
5
branches :
6
- - develop
7
- - release/*
6
+ # - develop
7
+ # - release/*
8
+ - sam/15-16-ghactions
8
9
paths :
9
10
- ' .github/workflows/ami-release-nix.yml'
10
11
- ' common-nix.vars.pkr.hcl'
12
+ - ' ansible/vars.yml'
11
13
workflow_dispatch :
12
14
13
15
jobs :
16
+ prepare :
17
+ runs-on : ubuntu-latest
18
+ outputs :
19
+ postgres_versions : ${{ steps.set-versions.outputs.postgres_versions }}
20
+ steps :
21
+ - name : Checkout Repo
22
+ uses : actions/checkout@v3
23
+
24
+ - name : Install yq
25
+ run : |
26
+ sudo wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64
27
+ sudo chmod a+x /usr/local/bin/yq
28
+
29
+ - name : Set PostgreSQL versions
30
+ id : set-versions
31
+ run : |
32
+ VERSIONS=$(yq eval '.postgres_major[]' ansible/vars.yml | jq -R -s -c 'split("\n")[:-1]')
33
+ echo "postgres_versions=$VERSIONS" >> $GITHUB_OUTPUT
34
+
14
35
build :
36
+ needs : prepare
15
37
strategy :
16
38
matrix :
39
+ postgres_version : ${{ fromJson(needs.prepare.outputs.postgres_versions) }}
17
40
include :
18
41
- runner : arm-runner
19
42
arch : arm64
@@ -31,42 +54,54 @@ jobs:
31
54
- name : Checkout Repo
32
55
uses : actions/checkout@v3
33
56
57
+ - name : Install yq
58
+ run : |
59
+ sudo wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64
60
+ sudo chmod a+x /usr/local/bin/yq
61
+
34
62
- name : Run checks if triggered manually
35
63
if : ${{ github.event_name == 'workflow_dispatch' }}
36
- # Update `ci.yaml` too if changing constraints.
37
64
run : |
38
- SUFFIX=$(sed -E 's/postgres-version = " [0-9\.]+(.*)" /\1/g' common-nix.vars.pkr.hcl )
65
+ SUFFIX=$(yq eval '.postgres_release["postgres${{ matrix.postgres_version }}"]' ansible/vars.yml | sed -E 's/[0-9\.]+(.*)$ /\1/' )
39
66
if [[ -z $SUFFIX ]] ; then
40
67
echo "Version must include non-numeric characters if built manually."
41
68
exit 1
42
69
fi
43
70
44
- # extensions are build in nix prior to this step
45
- # so we can just use the binaries from the nix store
46
- # for postgres, extensions and wrappers
71
+ - name : Set PostgreSQL version environment variable
72
+ run : echo "POSTGRES_MAJOR_VERSION=${{ matrix.postgres_version }}" >> $GITHUB_ENV
73
+
74
+ - name : Generate common-nix.vars.pkr.hcl
75
+ run : |
76
+ PG_VERSION=$(yq eval '.postgres_release["postgres${{ matrix.postgres_version }}"]' ansible/vars.yml)
77
+ echo "postgres-version = \"$PG_VERSION\"" > common-nix.vars.pkr.hcl
47
78
48
79
- name : Build AMI stage 1
80
+ env :
81
+ POSTGRES_MAJOR_VERSION : ${{ env.POSTGRES_MAJOR_VERSION }}
49
82
run : |
50
83
packer init amazon-arm64-nix.pkr.hcl
51
84
GIT_SHA=${{github.sha}}
52
- packer build -var "git-head-version=${GIT_SHA}" -var "packer-execution-id=${GITHUB_RUN_ID}" -var- file="development-arm.vars.pkr.hcl" -var-file="common-nix.vars.pkr.hcl" -var "ansible_arguments=" amazon-arm64-nix.pkr.hcl
85
+ packer build -var "git-head-version=${GIT_SHA}" -var "packer-execution-id=${GITHUB_RUN_ID}" -var "postgres_major_version=${POSTGRES_MAJOR_VERSION}" -var- file="development-arm.vars.pkr.hcl" -var-file="common-nix.vars.pkr.hcl" -var "ansible_arguments=-e postgres_major_version=${POSTGRES_MAJOR_VERSION} " amazon-arm64-nix.pkr.hcl
53
86
54
87
- name : Build AMI stage 2
88
+ env :
89
+ POSTGRES_MAJOR_VERSION : ${{ env.POSTGRES_MAJOR_VERSION }}
55
90
run : |
56
91
packer init stage2-nix-psql.pkr.hcl
57
92
GIT_SHA=${{github.sha}}
58
- packer build -var "git_sha=${GIT_SHA}" -var "git-head-version=${GIT_SHA}" -var "packer-execution-id=${GITHUB_RUN_ID}" -var- file="development-arm.vars.pkr.hcl" -var-file="common-nix.vars.pkr.hcl" stage2-nix-psql.pkr.hcl
93
+ packer build -var "git_sha=${GIT_SHA}" -var "git-head-version=${GIT_SHA}" -var "packer-execution-id=${GITHUB_RUN_ID}" -var "postgres_major_version=${POSTGRES_MAJOR_VERSION}" -var- file="development-arm.vars.pkr.hcl" -var-file="common-nix.vars.pkr.hcl" -var "ansible_arguments=-e postgres_major_version=${POSTGRES_MAJOR_VERSION} " stage2-nix-psql.pkr.hcl
59
94
60
95
- name : Grab release version
61
96
id : process_release_version
62
97
run : |
63
- VERSION=$(sed -e 's/postgres-version = "\(.*\)"/\1/g' common-nix.vars.pkr.hcl )
64
- echo "version=$VERSION" >> " $GITHUB_OUTPUT"
98
+ VERSION=$(cat common-nix.vars.pkr.hcl | sed -e 's/postgres-version = "\(.*\)"/\1/g')
99
+ echo "version=$VERSION" >> $GITHUB_OUTPUT
65
100
66
101
- name : Create nix flake revision tarball
67
102
run : |
68
103
GIT_SHA=${{github.sha}}
69
- MAJOR_VERSION=$(echo "$ {{ steps.process_release_version.outputs.version }}" | cut -d. -f1)
104
+ MAJOR_VERSION=${{ env.POSTGRES_MAJOR_VERSION }}
70
105
71
106
mkdir -p "/tmp/pg_upgrade_bin/${MAJOR_VERSION}"
72
107
echo "$GIT_SHA" >> "/tmp/pg_upgrade_bin/${MAJOR_VERSION}/nix_flake_version"
@@ -84,17 +119,13 @@ jobs:
84
119
ansible-playbook -i localhost \
85
120
-e "ami_release_version=${{ steps.process_release_version.outputs.version }}" \
86
121
-e "internal_artifacts_bucket=${{ secrets.ARTIFACTS_BUCKET }}" \
122
+ -e "postgres_major_version=${{ env.POSTGRES_MAJOR_VERSION }}" \
87
123
manifest-playbook.yml
88
124
89
125
- name : Upload nix flake revision to s3 staging
90
126
run : |
91
127
aws s3 cp /tmp/pg_binaries.tar.gz s3://${{ secrets.ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/20.04.tar.gz
92
128
93
- # Our self hosted github runner already has permissions to publish images
94
- # but they're limited to only that;
95
- # so if we want s3 access we'll need to config credentials with the below steps
96
- # (which overwrites existing perms) after the ami build
97
-
98
129
- name : configure aws credentials - prod
99
130
uses : aws-actions/configure-aws-credentials@v4
100
131
with :
@@ -107,6 +138,7 @@ jobs:
107
138
ansible-playbook -i localhost \
108
139
-e "ami_release_version=${{ steps.process_release_version.outputs.version }}" \
109
140
-e "internal_artifacts_bucket=${{ secrets.PROD_ARTIFACTS_BUCKET }}" \
141
+ -e "postgres_major_version=${{ env.POSTGRES_MAJOR_VERSION }}" \
110
142
manifest-playbook.yml
111
143
112
144
- name : Upload nix flake revision to s3 prod
@@ -130,12 +162,12 @@ jobs:
130
162
SLACK_MESSAGE : ' Building Postgres AMI failed'
131
163
SLACK_FOOTER : ' '
132
164
133
- - name : Cleanup resources on build cancellation
165
+ - name : Cleanup resources after build
134
166
if : ${{ always() }}
135
167
run : |
136
- aws ec2 describe-instances --filters "Name=tag:packerExecutionId,Values=${GITHUB_RUN_ID}" --query "Reservations[].Instances[].InstanceId" --output text | xargs -n 1 -I {} aws ec2 terminate-instances --instance-ids {}
168
+ aws ec2 describe-instances --filters "Name=tag:packerExecutionId,Values=${GITHUB_RUN_ID}" --query "Reservations[].Instances[].InstanceId" --output text | xargs -r aws ec2 terminate-instances --instance-ids
137
169
138
170
- name : Cleanup resources on build cancellation
139
171
if : ${{ cancelled() }}
140
172
run : |
141
- aws ec2 describe-instances --filters "Name=tag:packerExecutionId,Values=${GITHUB_RUN_ID}" --query "Reservations[].Instances[].InstanceId" --output text | xargs -n 1 -I {} aws ec2 terminate-instances --instance-ids {}
173
+ aws ec2 describe-instances --filters "Name=tag:packerExecutionId,Values=${GITHUB_RUN_ID}" --query "Reservations[].Instances[].InstanceId" --output text | xargs -r aws ec2 terminate-instances --instance-ids
0 commit comments