1+ name : Release Single AMI Nix
2+
3+ on :
4+ workflow_dispatch :
5+ inputs :
6+ postgres_version :
7+ description : ' PostgreSQL major version to build (e.g. 15)'
8+ required : true
9+ type : string
10+ branch :
11+ description : ' Branch to run the workflow from'
12+ required : true
13+ type : string
14+ default : ' main'
15+
16+ permissions :
17+ contents : write
18+ id-token : write
19+
20+ jobs :
21+ build :
22+ runs-on : arm-runner
23+ timeout-minutes : 150
24+
25+ steps :
26+ - name : Checkout Repo
27+ uses : actions/checkout@v3
28+ with :
29+ ref : ${{ github.event.inputs.branch }}
30+
31+ - uses : DeterminateSystems/nix-installer-action@main
32+
33+ - name : Set PostgreSQL version environment variable
34+ run : echo "POSTGRES_MAJOR_VERSION=${{ github.event.inputs.postgres_version }}" >> $GITHUB_ENV
35+
36+ - name : Generate common-nix.vars.pkr.hcl
37+ run : |
38+ PG_VERSION=$(sudo nix run nixpkgs#yq -- '.postgres_release["postgres'${{ env.POSTGRES_MAJOR_VERSION }}'"]' ansible/vars.yml)
39+ PG_VERSION=$(echo "$PG_VERSION" | tr -d '"') # Remove any surrounding quotes
40+ echo 'postgres-version = "'$PG_VERSION'"' > common-nix.vars.pkr.hcl
41+ # Ensure there's a newline at the end of the file
42+ echo "" >> common-nix.vars.pkr.hcl
43+
44+ name : Build AMI stage 1
45+ env :
46+ POSTGRES_MAJOR_VERSION : ${{ env.POSTGRES_MAJOR_VERSION }}
47+ run : |
48+ packer init amazon-arm64-nix.pkr.hcl
49+ GIT_SHA=${{github.sha}}
50+ packer build -var "git-head-version=${GIT_SHA}" -var "packer-execution-id=${GITHUB_RUN_ID}" -var-file="development-arm.vars.pkr.hcl" -var-file="common-nix.vars.pkr.hcl" -var "ansible_arguments=-e postgresql_major=${POSTGRES_MAJOR_VERSION}" amazon-arm64-nix.pkr.hcl
51+
52+ name : Build AMI stage 2
53+ env :
54+ POSTGRES_MAJOR_VERSION : ${{ env.POSTGRES_MAJOR_VERSION }}
55+ run : |
56+ packer init stage2-nix-psql.pkr.hcl
57+ GIT_SHA=${{github.sha}}
58+ POSTGRES_MAJOR_VERSION=${{ env.POSTGRES_MAJOR_VERSION }}
59+ packer build -var "git_sha=${GIT_SHA}" -var "git-head-version=${GIT_SHA}" -var "packer-execution-id=${GITHUB_RUN_ID}" -var "postgres_major_version=${POSTGRES_MAJOR_VERSION}" -var-file="development-arm.vars.pkr.hcl" -var-file="common-nix.vars.pkr.hcl" stage2-nix-psql.pkr.hcl
60+
61+ name : Grab release version
62+ id : process_release_version
63+ run : |
64+ VERSION=$(cat common-nix.vars.pkr.hcl | sed -e 's/postgres-version = "\(.*\)"/\1/g')
65+ echo "version=$VERSION" >> $GITHUB_OUTPUT
66+
67+ name : Create nix flake revision tarball
68+ run : |
69+ GIT_SHA=${{github.sha}}
70+ MAJOR_VERSION=${{ env.POSTGRES_MAJOR_VERSION }}
71+
72+ mkdir -p "/tmp/pg_upgrade_bin/${MAJOR_VERSION}"
73+ echo "$GIT_SHA" >> "/tmp/pg_upgrade_bin/${MAJOR_VERSION}/nix_flake_version"
74+ tar -czf "/tmp/pg_binaries.tar.gz" -C "/tmp/pg_upgrade_bin" .
75+
76+ name : configure aws credentials - staging
77+ uses : aws-actions/configure-aws-credentials@v4
78+ with :
79+ role-to-assume : ${{ secrets.DEV_AWS_ROLE }}
80+ aws-region : " us-east-1"
81+
82+ - name : Upload software manifest to s3 staging
83+ run : |
84+ cd ansible
85+ ansible-playbook -i localhost \
86+ -e "ami_release_version=${{ steps.process_release_version.outputs.version }}" \
87+ -e "internal_artifacts_bucket=${{ secrets.ARTIFACTS_BUCKET }}" \
88+ -e "postgres_major_version=${{ env.POSTGRES_MAJOR_VERSION }}" \
89+ manifest-playbook.yml
90+
91+ name : Upload nix flake revision to s3 staging
92+ run : |
93+ aws s3 cp /tmp/pg_binaries.tar.gz s3://${{ secrets.ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/20.04.tar.gz
94+
95+ name : configure aws credentials - prod
96+ uses : aws-actions/configure-aws-credentials@v4
97+ with :
98+ role-to-assume : ${{ secrets.PROD_AWS_ROLE }}
99+ aws-region : " us-east-1"
100+
101+ - name : Upload software manifest to s3 prod
102+ run : |
103+ cd ansible
104+ ansible-playbook -i localhost \
105+ -e "ami_release_version=${{ steps.process_release_version.outputs.version }}" \
106+ -e "internal_artifacts_bucket=${{ secrets.PROD_ARTIFACTS_BUCKET }}" \
107+ -e "postgres_major_version=${{ env.POSTGRES_MAJOR_VERSION }}" \
108+ manifest-playbook.yml
109+
110+ - name : Upload nix flake revision to s3 prod
111+ run : |
112+ aws s3 cp /tmp/pg_binaries.tar.gz s3://${{ secrets.PROD_ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/20.04.tar.gz
113+
114+ name : Create release
115+ uses : softprops/action-gh-release@v2
116+ with :
117+ name : ${{ steps.process_release_version.outputs.version }}
118+ tag_name : ${{ steps.process_release_version.outputs.version }}
119+ target_commitish : ${{github.sha}}
120+
121+ - name : Slack Notification on Failure
122+ if : ${{ failure() }}
123+ uses : rtCamp/action-slack-notify@v2
124+ env :
125+ SLACK_WEBHOOK : ${{ secrets.SLACK_NOTIFICATIONS_WEBHOOK }}
126+ SLACK_USERNAME : ' gha-failures-notifier'
127+ SLACK_COLOR : ' danger'
128+ SLACK_MESSAGE : ' Building Postgres AMI failed'
129+ SLACK_FOOTER : ' '
130+
131+ - name : Cleanup resources after build
132+ if : ${{ always() }}
133+ run : |
134+ aws ec2 describe-instances --filters "Name=tag:packerExecutionId,Values=${GITHUB_RUN_ID}" --query "Reservations[].Instances[].InstanceId" --output text | xargs -r aws ec2 terminate-instances --instance-ids
135+
136+ name : Cleanup resources on build cancellation
137+ if : ${{ cancelled() }}
138+ run : |
139+ aws ec2 describe-instances --filters "Name=tag:packerExecutionId,Values=${GITHUB_RUN_ID}" --query "Reservations[].Instances[].InstanceId" --output text | xargs -r aws ec2 terminate-instances --instance-ids
0 commit comments