supabase
diff --git a/‎.github/workflows/base-image-nightly.yml‎
Lines changed: 85 additions & 0 deletions b/‎.github/workflows/base-image-nightly.yml‎
Lines changed: 85 additions & 0 deletions
diff --git a/‎Dockerfile-15‎
Lines changed: 54 additions & 5 deletions b/‎Dockerfile-15‎
Lines changed: 54 additions & 5 deletions
diff --git a/‎Dockerfile-17‎
Lines changed: 54 additions & 5 deletions b/‎Dockerfile-17‎
Lines changed: 54 additions & 5 deletions
diff --git a/‎Dockerfile-orioledb-17‎
Lines changed: 54 additions & 5 deletions b/‎Dockerfile-orioledb-17‎
Lines changed: 54 additions & 5 deletions
diff --git a/‎nix/docs/README.md‎
Lines changed: 2 additions & 0 deletions b/‎nix/docs/README.md‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎nix/docs/adding-new-package.md‎
Lines changed: 5 additions & 0 deletions b/‎nix/docs/adding-new-package.md‎
Lines changed: 5 additions & 0 deletions
@@ -0,0 +1,85 @@
+name: Build Base Image Nightly
+
+on:
+  #schedule:
+  #  - cron: '0 2 * * *'  # 2 AM UTC daily
+  workflow_dispatch:
+    inputs:
+      branch:
+        description: 'Branch to build from'
+        required: false
+        default: 'develop'
+        type: string
+
+permissions:
+  contents: read
+  id-token: write
+
+jobs:
+  build-base-image:
+    runs-on: blacksmith-4vcpu-ubuntu-2404-arm
+    timeout-minutes: 150
+
+    steps:
+      - name: Checkout Repo
+        uses: supabase/postgres/.github/actions/shared-checkout@HEAD
+        with:
+          ref: ${{ github.event.inputs.branch || 'develop' }}
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ secrets.DEV_AWS_ROLE }}
+          aws-region: "us-east-1"
+          output-credentials: true
+          role-duration-seconds: 7200
+
+      - name: Install nix
+        uses: cachix/install-nix-action@v27
+        with:
+          install_url: https://releases.nixos.org/nix/nix-2.29.1/install
+          extra_nix_config: |
+            substituters = https://cache.nixos.org https://nix-postgres-artifacts.s3.amazonaws.com
+            trusted-public-keys = nix-postgres-artifacts:dGZlQOvKcNEjvT7QEAJbcV6b6uk7VF/hWMjhYleiaLI= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
+
+      - name: Set execution ID and timestamp
+        run: |
+          echo "EXECUTION_ID=${{ github.run_id }}-base-nightly" >> $GITHUB_ENV
+          echo "BUILD_TIMESTAMP=$(date -u +%Y%m%d-%H%M%S)" >> $GITHUB_ENV
+
+      - name: Build base stage 1 AMI
+        env:
+          AWS_MAX_ATTEMPTS: 10
+          AWS_RETRY_MODE: adaptive
+        run: |
+          GIT_SHA=${{ github.sha }}
+          nix run github:supabase/postgres/${GIT_SHA}#packer -- init amazon-arm64-nix.pkr.hcl
+          nix run github:supabase/postgres/${GIT_SHA}#packer -- build \
+            -var "git-head-version=${GIT_SHA}" \
+            -var "packer-execution-id=${EXECUTION_ID}" \
+            -var-file="development-arm.vars.pkr.hcl" \
+            -var "base-image-nightly=true" \
+            -var "build-timestamp=${BUILD_TIMESTAMP}" \
+            -var "region=us-east-1" \
+            -var 'ami_regions=["us-east-1","ap-southeast-1"]' \
+            amazon-arm64-nix.pkr.hcl
+
+      - name: Slack Notification on Failure
+        if: ${{ failure() }}
+        uses: rtCamp/action-slack-notify@v2
+        env:
+          SLACK_WEBHOOK: ${{ secrets.SLACK_NOTIFICATIONS_WEBHOOK }}
+          SLACK_USERNAME: 'gha-failures-notifier'
+          SLACK_COLOR: 'danger'
+          SLACK_MESSAGE: 'Building base image nightly failed'
+          SLACK_FOOTER: ''
+
+      - name: Cleanup resources after build
+        if: ${{ always() }}
+        run: |
+          aws ec2 --region us-east-1 describe-instances --filters "Name=tag:packerExecutionId,Values=${EXECUTION_ID}" --query "Reservations[].Instances[].InstanceId" --output text | xargs -r aws ec2 terminate-instances --region us-east-1 --instance-ids
+
+      - name: Cleanup resources on build cancellation
+        if: ${{ cancelled() }}
+        run: |
+          aws ec2 --region us-east-1 describe-instances --filters "Name=tag:packerExecutionId,Values=${EXECUTION_ID}" --query "Reservations[].Instances[].InstanceId" --output text | xargs -r aws ec2 terminate-instances --region us-east-1 --instance-ids
@@ -40,7 +40,56 @@ ARG wal_g_release=2.0.1
 
 FROM ubuntu:noble as base
 
-RUN apt update -y && apt install -y \
+# Create reusable apt mirror fallback function
+RUN echo '#!/bin/bash\n\
+apt_update_with_fallback() {\n\
+    local sources_file="/etc/apt/sources.list.d/ubuntu.sources"\n\
+    local max_attempts=2\n\
+    local attempt=1\n\
+    local mirrors="archive.ubuntu.com us.archive.ubuntu.com"\n\
+    \n\
+    for mirror in $mirrors; do\n\
+        echo "========================================="\n\
+        echo "Attempting apt-get update with mirror: ${mirror}"\n\
+        echo "Attempt ${attempt} of ${max_attempts}"\n\
+        echo "========================================="\n\
+        \n\
+        if [ -f "${sources_file}" ]; then\n\
+            sed -i "s|http://[^/]*/ubuntu/|http://${mirror}/ubuntu/|g" "${sources_file}"\n\
+        fi\n\
+        \n\
+        if timeout 300 apt-get update 2>&1; then\n\
+            echo "========================================="\n\
+            echo "✓ Successfully updated apt cache using mirror: ${mirror}"\n\
+            echo "========================================="\n\
+            return 0\n\
+        else\n\
+            local exit_code=$?\n\
+            echo "========================================="\n\
+            echo "✗ Failed to update using mirror: ${mirror}"\n\
+            echo "Exit code: ${exit_code}"\n\
+            echo "========================================="\n\
+            \n\
+            apt-get clean\n\
+            rm -rf /var/lib/apt/lists/*\n\
+            \n\
+            if [ ${attempt} -lt ${max_attempts} ]; then\n\
+                local sleep_time=$((attempt * 5))\n\
+                echo "Waiting ${sleep_time} seconds before trying next mirror..."\n\
+                sleep ${sleep_time}\n\
+            fi\n\
+        fi\n\
+        \n\
+        attempt=$((attempt + 1))\n\
+    done\n\
+    \n\
+    echo "========================================="\n\
+    echo "ERROR: All mirror tiers failed after ${max_attempts} attempts"\n\
+    echo "========================================="\n\
+    return 1\n\
+}' > /usr/local/bin/apt-update-fallback.sh && chmod +x /usr/local/bin/apt-update-fallback.sh
+
+RUN bash -c 'source /usr/local/bin/apt-update-fallback.sh && apt_update_with_fallback' && apt install -y \
     curl \
     gnupg \
     lsb-release \
@@ -96,13 +145,13 @@ RUN chown -R postgres:postgres /usr/lib/postgresql
 RUN ln -sf /usr/lib/postgresql/share/postgresql/timezonesets /usr/share/postgresql/timezonesets
 
 
-RUN apt-get update && \
+RUN bash -c 'source /usr/local/bin/apt-update-fallback.sh && apt_update_with_fallback' && \
     apt-get install -y --no-install-recommends tzdata
 
 RUN ln -fs /usr/share/zoneinfo/Etc/UTC /etc/localtime && \
     dpkg-reconfigure --frontend noninteractive tzdata
 
-RUN apt-get update && \
+RUN bash -c 'source /usr/local/bin/apt-update-fallback.sh && apt_update_with_fallback' && \
     apt-get install -y --no-install-recommends \
     build-essential \
     checkinstall \
@@ -143,7 +192,7 @@ WORKDIR /
 FROM base as gosu
 ARG TARGETARCH
 # Install dependencies
-RUN apt-get update && apt-get install -y --no-install-recommends \
+RUN bash -c 'source /usr/local/bin/apt-update-fallback.sh && apt_update_with_fallback' && apt-get install -y --no-install-recommends \
    gnupg \
    ca-certificates \
    && rm -rf /var/lib/apt/lists/*
@@ -218,7 +267,7 @@ EXPOSE 5432
 ENV POSTGRES_HOST=/var/run/postgresql
 ENV POSTGRES_USER=supabase_admin
 ENV POSTGRES_DB=postgres
-RUN apt-get update && apt-get install -y --no-install-recommends \
+RUN bash -c 'source /usr/local/bin/apt-update-fallback.sh && apt_update_with_fallback' && apt-get install -y --no-install-recommends \
     locales \
     && rm -rf /var/lib/apt/lists/* && \
     localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 \
 
@@ -41,7 +41,56 @@ ARG wal_g_release=3.0.5
 
 FROM ubuntu:noble as base
 
-RUN apt update -y && apt install -y \
+# Create reusable apt mirror fallback function
+RUN echo '#!/bin/bash\n\
+apt_update_with_fallback() {\n\
+    local sources_file="/etc/apt/sources.list.d/ubuntu.sources"\n\
+    local max_attempts=2\n\
+    local attempt=1\n\
+    local mirrors="archive.ubuntu.com us.archive.ubuntu.com"\n\
+    \n\
+    for mirror in $mirrors; do\n\
+        echo "========================================="\n\
+        echo "Attempting apt-get update with mirror: ${mirror}"\n\
+        echo "Attempt ${attempt} of ${max_attempts}"\n\
+        echo "========================================="\n\
+        \n\
+        if [ -f "${sources_file}" ]; then\n\
+            sed -i "s|http://[^/]*/ubuntu/|http://${mirror}/ubuntu/|g" "${sources_file}"\n\
+        fi\n\
+        \n\
+        if timeout 300 apt-get update 2>&1; then\n\
+            echo "========================================="\n\
+            echo "✓ Successfully updated apt cache using mirror: ${mirror}"\n\
+            echo "========================================="\n\
+            return 0\n\
+        else\n\
+            local exit_code=$?\n\
+            echo "========================================="\n\
+            echo "✗ Failed to update using mirror: ${mirror}"\n\
+            echo "Exit code: ${exit_code}"\n\
+            echo "========================================="\n\
+            \n\
+            apt-get clean\n\
+            rm -rf /var/lib/apt/lists/*\n\
+            \n\
+            if [ ${attempt} -lt ${max_attempts} ]; then\n\
+                local sleep_time=$((attempt * 5))\n\
+                echo "Waiting ${sleep_time} seconds before trying next mirror..."\n\
+                sleep ${sleep_time}\n\
+            fi\n\
+        fi\n\
+        \n\
+        attempt=$((attempt + 1))\n\
+    done\n\
+    \n\
+    echo "========================================="\n\
+    echo "ERROR: All mirror tiers failed after ${max_attempts} attempts"\n\
+    echo "========================================="\n\
+    return 1\n\
+}' > /usr/local/bin/apt-update-fallback.sh && chmod +x /usr/local/bin/apt-update-fallback.sh
+
+RUN bash -c 'source /usr/local/bin/apt-update-fallback.sh && apt_update_with_fallback' && apt install -y \
     curl \
     gnupg \
     lsb-release \
@@ -100,13 +149,13 @@ RUN chown -R postgres:postgres /usr/lib/postgresql
 RUN ln -sf /usr/lib/postgresql/share/postgresql/timezonesets /usr/share/postgresql/timezonesets
 
 
-RUN apt-get update && \
+RUN bash -c 'source /usr/local/bin/apt-update-fallback.sh && apt_update_with_fallback' && \
     apt-get install -y --no-install-recommends tzdata
 
 RUN ln -fs /usr/share/zoneinfo/Etc/UTC /etc/localtime && \
     dpkg-reconfigure --frontend noninteractive tzdata
 
-RUN apt-get update && \
+RUN bash -c 'source /usr/local/bin/apt-update-fallback.sh && apt_update_with_fallback' && \
     apt-get install -y --no-install-recommends \
     build-essential \
     checkinstall \
@@ -148,7 +197,7 @@ WORKDIR /
 FROM base as gosu
 ARG TARGETARCH
 # Install dependencies
-RUN apt-get update && apt-get install -y --no-install-recommends \
+RUN bash -c 'source /usr/local/bin/apt-update-fallback.sh && apt_update_with_fallback' && apt-get install -y --no-install-recommends \
    gnupg \
    ca-certificates \
    && rm -rf /var/lib/apt/lists/*
@@ -232,7 +281,7 @@ ENV POSTGRES_HOST=/var/run/postgresql
 ENV POSTGRES_USER=supabase_admin
 ENV POSTGRES_DB=postgres
 ENV POSTGRES_INITDB_ARGS="--allow-group-access --locale-provider=icu --encoding=UTF-8 --icu-locale=en_US.UTF-8"
-RUN apt-get update && apt-get install -y --no-install-recommends \
+RUN bash -c 'source /usr/local/bin/apt-update-fallback.sh && apt_update_with_fallback' && apt-get install -y --no-install-recommends \
     locales \
     && rm -rf /var/lib/apt/lists/* && \
     localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 \
 
@@ -41,7 +41,56 @@ ARG wal_g_release=3.0.5
 
 FROM ubuntu:noble as base
 
-RUN apt update -y && apt install -y \
+# Create reusable apt mirror fallback function
+RUN echo '#!/bin/bash\n\
+apt_update_with_fallback() {\n\
+    local sources_file="/etc/apt/sources.list.d/ubuntu.sources"\n\
+    local max_attempts=2\n\
+    local attempt=1\n\
+    local mirrors="archive.ubuntu.com us.archive.ubuntu.com"\n\
+    \n\
+    for mirror in $mirrors; do\n\
+        echo "========================================="\n\
+        echo "Attempting apt-get update with mirror: ${mirror}"\n\
+        echo "Attempt ${attempt} of ${max_attempts}"\n\
+        echo "========================================="\n\
+        \n\
+        if [ -f "${sources_file}" ]; then\n\
+            sed -i "s|http://[^/]*/ubuntu/|http://${mirror}/ubuntu/|g" "${sources_file}"\n\
+        fi\n\
+        \n\
+        if timeout 300 apt-get update 2>&1; then\n\
+            echo "========================================="\n\
+            echo "✓ Successfully updated apt cache using mirror: ${mirror}"\n\
+            echo "========================================="\n\
+            return 0\n\
+        else\n\
+            local exit_code=$?\n\
+            echo "========================================="\n\
+            echo "✗ Failed to update using mirror: ${mirror}"\n\
+            echo "Exit code: ${exit_code}"\n\
+            echo "========================================="\n\
+            \n\
+            apt-get clean\n\
+            rm -rf /var/lib/apt/lists/*\n\
+            \n\
+            if [ ${attempt} -lt ${max_attempts} ]; then\n\
+                local sleep_time=$((attempt * 5))\n\
+                echo "Waiting ${sleep_time} seconds before trying next mirror..."\n\
+                sleep ${sleep_time}\n\
+            fi\n\
+        fi\n\
+        \n\
+        attempt=$((attempt + 1))\n\
+    done\n\
+    \n\
+    echo "========================================="\n\
+    echo "ERROR: All mirror tiers failed after ${max_attempts} attempts"\n\
+    echo "========================================="\n\
+    return 1\n\
+}' > /usr/local/bin/apt-update-fallback.sh && chmod +x /usr/local/bin/apt-update-fallback.sh
+
+RUN bash -c 'source /usr/local/bin/apt-update-fallback.sh && apt_update_with_fallback' && apt install -y \
     curl \
     gnupg \
     lsb-release \
@@ -100,13 +149,13 @@ RUN chown -R postgres:postgres /usr/lib/postgresql
 RUN ln -sf /usr/lib/postgresql/share/postgresql/timezonesets /usr/share/postgresql/timezonesets
 
 
-RUN apt-get update && \
+RUN bash -c 'source /usr/local/bin/apt-update-fallback.sh && apt_update_with_fallback' && \
     apt-get install -y --no-install-recommends tzdata
 
 RUN ln -fs /usr/share/zoneinfo/Etc/UTC /etc/localtime && \
     dpkg-reconfigure --frontend noninteractive tzdata
 
-RUN apt-get update && \
+RUN bash -c 'source /usr/local/bin/apt-update-fallback.sh && apt_update_with_fallback' && \
     apt-get install -y --no-install-recommends \
     build-essential \
     checkinstall \
@@ -148,7 +197,7 @@ WORKDIR /
 FROM base as gosu
 ARG TARGETARCH
 # Install dependencies
-RUN apt-get update && apt-get install -y --no-install-recommends \
+RUN bash -c 'source /usr/local/bin/apt-update-fallback.sh && apt_update_with_fallback' && apt-get install -y --no-install-recommends \
    gnupg \
    ca-certificates \
    && rm -rf /var/lib/apt/lists/*
@@ -243,7 +292,7 @@ ENV POSTGRES_HOST=/var/run/postgresql
 ENV POSTGRES_USER=supabase_admin
 ENV POSTGRES_DB=postgres
 ENV POSTGRES_INITDB_ARGS="--allow-group-access --locale-provider=icu --encoding=UTF-8 --icu-locale=en_US.UTF-8"
-RUN apt-get update && apt-get install -y --no-install-recommends \
+RUN bash -c 'source /usr/local/bin/apt-update-fallback.sh && apt_update_with_fallback' && apt-get install -y --no-install-recommends \
     locales \
     && rm -rf /var/lib/apt/lists/* && \
     localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 \
 
@@ -11,6 +11,8 @@ learn how to play with `postgres` in the [build guide](./build-postgres.md).
 ## Development
 
 - **[Nix tree structure](./nix-directory-structure.md)** - Overview of the Nix directory structure
+- **[Flake-Parts Architecture](./flake-parts-architecture.md)** - Deep dive into the flake-parts module system
+- **[Flake-Parts and nixpkgs lib](./flake-parts-nixpkgs-lib.md)** - How flake-parts uses nixpkgs lib foundations
 - **[Development Workflow](./development-workflow.md)** - Complete development and testing workflow
 - **[Build PostgreSQL](./build-postgres.md)** - Building PostgreSQL from source
 - **[Receipt Files](./receipt-files.md)** - Understanding build receipts
 
@@ -1,5 +1,10 @@
 # Adding a new extension package
 
+!!! tip "Understanding the Module System"
+    To better understand how packages are organized and how `ourExtensions` works with flake-parts, see:
+
+    - **[Flake-Parts Architecture](./flake-parts-architecture.md)** - Module structure overview
+    - **[Flake-Parts and nixpkgs lib](./flake-parts-nixpkgs-lib.md)** - Extension composition patterns
 
 ## Pre-packaging steps
 1. Make sure you have nix installed [Nix installer](https://github.com/DeterminateSystems/nix-installer)