Merge remote-tracking branch 'origin/develop' into pcnc/pinned-nix-installer

Author: pcnc

ansible/files/admin_api_scripts/pg_upgrade_scripts/common.sh

@@ -88,10 +88,23 @@ CI_start_postgres() {
 
 swap_postgres_and_supabase_admin() {
     run_sql <<'EOSQL'
+alter database postgres connection limit 0;
+select pg_terminate_backend(pid) from pg_stat_activity where backend_type = 'client backend' and pid != pg_backend_pid();
+EOSQL
+    run_sql <<'EOSQL'
+set statement_timeout = '300s';
 begin;
 create role supabase_tmp superuser;
 set session authorization supabase_tmp;
 
+do $$
+begin
+  if exists (select from pg_extension where extname = 'timescaledb') then
+    execute(format('select %I.timescaledb_pre_restore()', (select pronamespace::regnamespace from pg_proc where proname = 'timescaledb_pre_restore')));
+  end if;
+end
+$$;
+
 do $$
 declare
   postgres_rolpassword text := (select rolpassword from pg_authid where rolname = 'postgres');
@@ -492,6 +505,19 @@ begin
 end
 $$;
 
+do $$
+begin
+  if exists (select from pg_extension where extname = 'timescaledb') then
+    execute(format('select %I.timescaledb_post_restore()', (select pronamespace::regnamespace from pg_proc where proname = 'timescaledb_post_restore')));
+  end if;
+end
+$$;
+
+alter database postgres connection limit -1;
+
+-- #incident-2024-09-12-project-upgrades-are-temporarily-disabled
+grant pg_read_all_data, pg_signal_backend to postgres;
+
 set session authorization supabase_admin;
 drop role supabase_tmp;
 commit;

ansible/files/admin_api_scripts/pg_upgrade_scripts/initiate.sh

@@ -127,6 +127,9 @@ cleanup() {
     echo "Removing SUPERUSER grant from postgres"
     run_sql -c "ALTER USER postgres WITH NOSUPERUSER;"
 
+    echo "Resetting postgres database connection limit"
+    run_sql -c "ALTER DATABASE postgres CONNECTION LIMIT -1;"
+
     if [ -z "$IS_CI" ] && [ -z "$IS_LOCAL_UPGRADE" ]; then
         echo "Unmounting data disk from ${MOUNT_POINT}"
         umount $MOUNT_POINT

ansible/files/envoy_config/lds.yaml

@@ -93,8 +93,7 @@ resources:
                             local path = request_handle:headers():get(":path")
                             request_handle
                               :headers()
-                              :replace(":path", path:gsub("&=[^&]*", ""):gsub("?=[^&]*$", ""):gsub("?=[^&]*&", "?"))
-                              :replace(":path", path:gsub("&apikey=[^&]*", ""):gsub("?apikey=[^&]*$", ""):gsub("?apikey=[^&]*&", "?"))
+                              :replace(":path", path:gsub("&=[^&]*", ""):gsub("?=[^&]*$", ""):gsub("?=[^&]*&", "?"):gsub("&apikey=[^&]*", ""):gsub("?apikey=[^&]*$", ""):gsub("?apikey=[^&]*&", "?"))
                           end
                       remove_empty_key_query_parameters:
                         inline_string: |-
@@ -103,7 +102,6 @@ resources:
                             request_handle
                               :headers()
                               :replace(":path", path:gsub("&=[^&]*", ""):gsub("?=[^&]*$", ""):gsub("?=[^&]*&", "?"))
-
                           end
                 - name: envoy.filters.http.compressor.brotli
                   typed_config:
@@ -290,7 +288,7 @@ resources:
                           envoy.filters.http.lua:
                             '@type': >-
                               type.googleapis.com/envoy.extensions.filters.http.lua.v3.LuaPerRoute
-                            name: remove_apikey_and_empty_key_query_parameter
+                            name: remove_apikey_and_empty_key_query_parameters
                       - match:
                           prefix: /rest/v1/
                         request_headers_to_remove:
@@ -303,7 +301,7 @@ resources:
                           envoy.filters.http.lua:
                             '@type': >-
                               type.googleapis.com/envoy.extensions.filters.http.lua.v3.LuaPerRoute
-                            name: remove_empty_key_query_parameter
+                            name: remove_empty_key_query_parameters
                       - match:
                           prefix: /rest-admin/v1/
                           query_parameters:
@@ -414,3 +412,4 @@ resources:
                     filename: /etc/envoy/fullChain.pem
                   private_key:
                     filename: /etc/envoy/privKey.pem
+

common-nix.vars.pkr.hcl

@@ -1 +1 @@
-postgres-version = "15.6.1.120"
+postgres-version = "15.6.1.121"

flake.nix

@@ -46,22 +46,37 @@
         #This variable works the same as 'oriole_pkgs' but builds using the upstream
         #nixpkgs builds of postgresql 15 and 16 + the overlays listed below
         pkgs = import nixpkgs {
-          config = { allowUnfree = true; };
+          config = { 
+            allowUnfree = true;
+            permittedInsecurePackages = [
+              "v8-9.7.106.18"
+            ];  
+          };
           inherit system;
           overlays = [
             # NOTE (aseipp): add any needed overlays here. in theory we could
             # pull them from the overlays/ directory automatically, but we don't
             # want to have an arbitrary order, since it might matter. being
             # explicit is better.
+            (final: prev: {
+              postgresql = final.callPackage ./nix/postgresql/default.nix {
+                inherit (final) lib;
+                inherit (final) stdenv;
+                inherit (final) fetchurl;
+                inherit (final) makeWrapper;
+                inherit (final) callPackage;
+              };
+            })
             (import ./nix/overlays/cargo-pgrx-0-11-3.nix)
             # (import ./nix/overlays/postgis.nix)
             #(import ./nix/overlays/gdal-small.nix)
 
           ];
         };
-
+        postgresql_15 = pkgs.postgresql.postgresql_15;
+        postgresql = pkgs.postgresql.postgresql_15;
         sfcgal = pkgs.callPackage ./nix/ext/sfcgal/sfcgal.nix { };
-        pg_regress = pkgs.callPackage ./nix/ext/pg_regress.nix { };
+        pg_regress = pkgs.callPackage ./nix/ext/pg_regress.nix { inherit postgresql; };
 
         # Our list of PostgreSQL extensions which come from upstream Nixpkgs.
         # These are maintained upstream and can easily be used here just by
@@ -128,7 +143,10 @@
         #this var is a convenience setting to import the orioledb patched version of postgresql
         postgresql_orioledb_16 = oriole_pkgs.postgresql_orioledb_16;
         #postgis_override = pkgs.postgis_override;
-
+        getPostgresqlPackage = version:
+          pkgs.postgresql."postgresql_${version}";
+        #we will add supported versions to this list in the future
+        supportedVersions = [ "15" ];
         # Create a 'receipt' file for a given postgresql package. This is a way
         # of adding a bit of metadata to the package, which can be used by other
         # tools to inspect what the contents of the install are: the PSQL
@@ -170,7 +188,7 @@
           in map (path: pkgs.callPackage path { inherit postgresql; }) orioledbExtension;
 
         makeOurPostgresPkgs = version:
-          let postgresql = pkgs."postgresql_${version}";
+          let postgresql = getPostgresqlPackage version;
           in map (path: pkgs.callPackage path { inherit postgresql; }) ourExtensions;
 
         # Create an attrset that contains all the extensions included in a server for the orioledb version of postgresql + extension.
@@ -202,7 +220,7 @@
         # basis for building extensions, etc.
         makePostgresBin = version:
           let
-            postgresql = pkgs."postgresql_${version}";
+            postgresql = getPostgresqlPackage version;
             upstreamExts = map
               (ext: {
                 name = postgresql.pkgs."${ext}".pname;
@@ -273,6 +291,30 @@
           sfcgal = sfcgal;
           pg_regress = pg_regress;
           pg_prove = pkgs.perlPackages.TAPParserSourceHandlerpgTAP;
+          postgresql_15 = pkgs.postgresql_15;
+
+          postgresql_15_src = pkgs.stdenv.mkDerivation {
+            pname = "postgresql-15-src";
+            version = pkgs.postgresql_15.version;
+
+            src = pkgs.postgresql_15.src;
+
+            nativeBuildInputs = [ pkgs.bzip2 ];
+
+            phases = [ "unpackPhase" "installPhase" ];
+
+            installPhase = ''
+              mkdir -p $out
+              cp -r . $out
+            '';
+
+            meta = with pkgs.lib; {
+              description = "PostgreSQL 15 source files";
+              homepage = "https://www.postgresql.org/";
+              license = licenses.postgresql;
+              platforms = platforms.all;
+            };
+          };
           # Start a version of the server.
           start-server =
             let

migrations/db/migrations/20211124212715_update-auth-owner.sql

@@ -1,8 +1,24 @@
 -- migrate:up
 
 -- update owner for auth.uid, auth.role and auth.email functions
-ALTER FUNCTION auth.uid owner to supabase_auth_admin;
-ALTER FUNCTION auth.role owner to supabase_auth_admin;
-ALTER FUNCTION auth.email owner to supabase_auth_admin;
+DO $$
+BEGIN
+    ALTER FUNCTION auth.uid owner to supabase_auth_admin;
+EXCEPTION WHEN OTHERS THEN
+    RAISE WARNING 'Error encountered when changing owner of auth.uid to supabase_auth_admin';
+END $$;
 
+DO $$
+BEGIN
+    ALTER FUNCTION auth.role owner to supabase_auth_admin;
+EXCEPTION WHEN OTHERS THEN
+    RAISE WARNING 'Error encountered when changing owner of auth.role to supabase_auth_admin';
+END $$;
+
+DO $$
+BEGIN
+    ALTER FUNCTION auth.email owner to supabase_auth_admin;
+EXCEPTION WHEN OTHERS THEN
+    RAISE WARNING 'Error encountered when changing owner of auth.email to supabase_auth_admin';
+END $$;
 -- migrate:down

nix/ext/pg_graphql.nix

@@ -16,9 +16,11 @@ buildPgrxExtension_0_11_3 rec {
   buildInputs = [ postgresql ];
 
   CARGO="${cargo}/bin/cargo";
+  #darwin env needs PGPORT to be unique for build to not clash with other pgrx extensions
   env = lib.optionalAttrs stdenv.isDarwin {
     POSTGRES_LIB = "${postgresql}/lib";
     RUSTFLAGS = "-C link-arg=-undefined -C link-arg=dynamic_lookup";
+    PGPORT = "5434";
   };
   cargoHash = "sha256-WkHufMw8OvinMRYd06ZJACnVvY9OLi069nCgq3LSmMY=";
 

nix/ext/pg_jsonschema.nix

@@ -19,9 +19,11 @@ buildPgrxExtension_0_11_3 rec {
 
   previousVersions = ["0.3.0" "0.2.0" "0.1.4" "0.1.4" "0.1.2" "0.1.1" "0.1.0"];
   CARGO="${cargo}/bin/cargo";
+  #darwin env needs PGPORT to be unique for build to not clash with other pgrx extensions
   env = lib.optionalAttrs stdenv.isDarwin {
     POSTGRES_LIB = "${postgresql}/lib";
     RUSTFLAGS = "-C link-arg=-undefined -C link-arg=dynamic_lookup";
+    PGPORT = "5433";
   };
   cargoHash = "sha256-VcS+efMDppofuFW2zNrhhsbC28By3lYekDFquHPta2g=";
 

nix/postgresql/15.nix

@@ -0,0 +1,4 @@
+import ./generic.nix {
+  version = "15.6";
+  hash = "sha256-hFUUbtnGnJOlfelUrq0DAsr60DXCskIXXWqh4X68svs=";
+}

nix/postgresql/default.nix

@@ -0,0 +1,20 @@
+self:
+let
+  #adapted from the postgresql nixpkgs package
+  versions = {
+    postgresql_15 = ./15.nix;
+  };
+
+  mkAttributes = jitSupport:
+    self.lib.mapAttrs' (version: path:
+      let
+        attrName = if jitSupport then "${version}_jit" else version;
+      in
+      self.lib.nameValuePair attrName (import path {
+        inherit jitSupport self;
+      })
+    ) versions;
+
+in
+# variations without and with JIT
+(mkAttributes false) // (mkAttributes true)