From 558b4415dee43ecc43511d366afb9ae1758b7231 Mon Sep 17 00:00:00 2001 From: Div Arora Date: Mon, 12 Aug 2024 08:26:44 +0800 Subject: [PATCH 01/19] chore: backport 33b49ebe981ce2756a634205ad19e2eea0897606 to current prod release Avoids landing unrelated changes on prod this week. --- ansible/playbook.yml | 6 ++++++ common-nix.vars.pkr.hcl | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/ansible/playbook.yml b/ansible/playbook.yml index 7938aa7b4..84802e469 100644 --- a/ansible/playbook.yml +++ b/ansible/playbook.yml @@ -206,3 +206,9 @@ shell: | sudo -u ubuntu bash -c ". /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh && nix profile remove osquery" when: stage2_nix + + - name: nix collect garbage + become: yes + shell: | + sudo -u ubuntu bash -c ". /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh && nix-collect-garbage -d" + when: stage2_nix diff --git a/common-nix.vars.pkr.hcl b/common-nix.vars.pkr.hcl index 04eb9d52f..77421cc3e 100644 --- a/common-nix.vars.pkr.hcl +++ b/common-nix.vars.pkr.hcl @@ -1 +1 @@ -postgres-version = "15.6.1.104" +postgres-version = "15.6.1.110" From f069325fd4bdc5485ece0fa9de7312a1ab2d9327 Mon Sep 17 00:00:00 2001 From: Div Arora Date: Mon, 12 Aug 2024 08:43:06 +0800 Subject: [PATCH 02/19] chore: build AMI on release branch --- .github/workflows/ami-release-nix.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/ami-release-nix.yml b/.github/workflows/ami-release-nix.yml index d500af738..cb004ce82 100644 --- a/.github/workflows/ami-release-nix.yml +++ b/.github/workflows/ami-release-nix.yml @@ -4,6 +4,7 @@ on: push: branches: - develop + - release/* paths: - '.github/workflows/ami-release-nix.yml' - 'common-nix.vars.pkr.hcl' From 3ddf2d29990a384234cd11aab9d878bd540eba3e Mon Sep 17 00:00:00 2001 From: Div Arora Date: Mon, 12 Aug 2024 11:25:23 +0800 Subject: [PATCH 03/19] chore: also release docker image --- .github/workflows/dockerhub-release-15-6.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/dockerhub-release-15-6.yml b/.github/workflows/dockerhub-release-15-6.yml index 253648bd4..4c7b5b998 100644 --- a/.github/workflows/dockerhub-release-15-6.yml +++ b/.github/workflows/dockerhub-release-15-6.yml @@ -4,9 +4,11 @@ on: push: branches: - develop + - release/* paths: - ".github/workflows/dockerhub-release-15-6.yml" - "common-nix.vars*" + workflow_dispatch: jobs: settings: From 9559a105efac3459ea9cdd92d5733ab6fd51a77b Mon Sep 17 00:00:00 2001 From: Div Arora Date: Mon, 12 Aug 2024 11:30:12 +0800 Subject: [PATCH 04/19] chore: release pg_upgrade scripts off release branches --- .github/workflows/publish-nix-pgupgrade-scripts.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/publish-nix-pgupgrade-scripts.yml b/.github/workflows/publish-nix-pgupgrade-scripts.yml index 8ce9de40f..b82cdddb2 100644 --- a/.github/workflows/publish-nix-pgupgrade-scripts.yml +++ b/.github/workflows/publish-nix-pgupgrade-scripts.yml @@ -4,7 +4,7 @@ on: push: branches: - develop - - sam/nix-and-conventional-ami + - release/* paths: - '.github/workflows/publish-pgupgrade-scripts.yml' - 'common-nix.vars.pkr.hcl' @@ -62,7 +62,7 @@ jobs: publish-prod: runs-on: ubuntu-latest - if: github.ref_name == 'develop' + if: github.ref_name == 'develop' || contains( github.ref, 'release' ) steps: - name: Checkout Repo From 1cf22f8e1f4000384c3bab0da6c4a634b22ee7d5 Mon Sep 17 00:00:00 2001 From: Div Arora Date: Mon, 12 Aug 2024 11:31:17 +0800 Subject: [PATCH 05/19] fix: watch correct spec --- .github/workflows/publish-nix-pgupgrade-scripts.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish-nix-pgupgrade-scripts.yml b/.github/workflows/publish-nix-pgupgrade-scripts.yml index b82cdddb2..5d373ad8f 100644 --- a/.github/workflows/publish-nix-pgupgrade-scripts.yml +++ b/.github/workflows/publish-nix-pgupgrade-scripts.yml @@ -6,7 +6,7 @@ on: - develop - release/* paths: - - '.github/workflows/publish-pgupgrade-scripts.yml' + - '.github/workflows/publish-nix-pgupgrade-scripts.yml' - 'common-nix.vars.pkr.hcl' workflow_dispatch: inputs: From 5dcba64041c532cb31deea16e72ff4f77fd2c1a9 Mon Sep 17 00:00:00 2001 From: Div Arora Date: Mon, 12 Aug 2024 15:54:37 +0800 Subject: [PATCH 06/19] fix: wrappers nix-based pg_upgrade (#1111) Co-authored-by: Paul Cioanca --- .../pg_upgrade_scripts/initiate.sh | 69 ++++++++++++------- 1 file changed, 45 insertions(+), 24 deletions(-) diff --git a/ansible/files/admin_api_scripts/pg_upgrade_scripts/initiate.sh b/ansible/files/admin_api_scripts/pg_upgrade_scripts/initiate.sh index 879b63246..088935cdf 100755 --- a/ansible/files/admin_api_scripts/pg_upgrade_scripts/initiate.sh +++ b/ansible/files/admin_api_scripts/pg_upgrade_scripts/initiate.sh @@ -171,6 +171,50 @@ EOF done } +function patch_wrappers { + local IS_NIX_UPGRADE=$1 + + # This is a workaround for older versions of wrappers which don't have the expected + # naming scheme, containing the version in their library's file name + # e.g. wrappers-0.1.16.so, rather than wrappers.so + # pg_upgrade errors out when it doesn't find an equivalent file in the new PG version's + # library directory, so we're making sure the new version has the expected (old version's) + # file name. + # After the upgrade completes, the new version's library file is used. + # i.e. + # - old version: wrappers-0.1.16.so + # - new version: wrappers-0.1.18.so + # - workaround to make pg_upgrade happy: copy wrappers-0.1.18.so to wrappers-0.1.16.so + if [ "$IS_NIX_UPGRADE" = "true" ]; then + OLD_WRAPPER_LIB_PATH=$(find "$PGLIBOLD" -name "wrappers*so" -print -quit) + OLD_LIB_FILE_NAME=$(basename "$OLD_WRAPPER_LIB_PATH") + + find /nix/store/ -name "wrappers*so" -print0 | while read -r -d $'\0' WRAPPERS_LIB_PATH; do + if [ -f "$WRAPPERS_LIB_PATH" ]; then + WRAPPERS_LIB_PATH_DIR=$(dirname "$WRAPPERS_LIB_PATH") + if [ "$WRAPPERS_LIB_PATH" != "$WRAPPERS_LIB_PATH_DIR/${OLD_LIB_FILE_NAME}" ]; then + echo "Copying $WRAPPERS_LIB_PATH to $WRAPPERS_LIB_PATH_DIR/${OLD_LIB_FILE_NAME}" + cp "$WRAPPERS_LIB_PATH" "$WRAPPERS_LIB_PATH_DIR/${OLD_LIB_FILE_NAME}" + fi + fi + done + else + if [ -d "$PGLIBOLD" ]; then + WRAPPERS_LIB_PATH=$(find "$PGLIBNEW" -name "wrappers*so" -print -quit) + if [ -f "$WRAPPERS_LIB_PATH" ]; then + OLD_WRAPPER_LIB_PATH=$(find "$PGLIBOLD" -name "wrappers*so" -print -quit) + if [ -f "$OLD_WRAPPER_LIB_PATH" ]; then + LIB_FILE_NAME=$(basename "$OLD_WRAPPER_LIB_PATH") + if [ "$WRAPPERS_LIB_PATH" != "$PGLIBNEW/${LIB_FILE_NAME}" ]; then + echo "Copying $WRAPPERS_LIB_PATH to $PGLIBNEW/${LIB_FILE_NAME}" + cp "$WRAPPERS_LIB_PATH" "$PGLIBNEW/${LIB_FILE_NAME}" + fi + fi + fi + fi + fi +} + function initiate_upgrade { mkdir -p "$MOUNT_POINT" SHARED_PRELOAD_LIBRARIES=$(cat "$POSTGRES_CONFIG_PATH" | grep shared_preload_libraries | sed "s/shared_preload_libraries =\s\{0,1\}'\(.*\)'.*/\1/") @@ -324,30 +368,7 @@ function initiate_upgrade { export LD_LIBRARY_PATH="${PGLIBNEW}" fi - # This is a workaround for older versions of wrappers which don't have the expected - # naming scheme, containing the version in their library's file name - # e.g. wrappers-0.1.16.so, rather than wrappers.so - # pg_upgrade errors out when it doesn't find an equivalent file in the new PG version's - # library directory, so we're making sure the new version has the expected (old version's) - # file name. - # After the upgrade completes, the new version's library file is used. - # i.e. - # - old version: wrappers-0.1.16.so - # - new version: wrappers-0.1.18.so - # - workaround to make pg_upgrade happy: copy wrappers-0.1.18.so to wrappers-0.1.16.so - if [ -d "$PGLIBOLD" ]; then - WRAPPERS_LIB_PATH=$(find "$PGLIBNEW" -name "wrappers*so" -print -quit) - if [ -f "$WRAPPERS_LIB_PATH" ]; then - OLD_WRAPPER_LIB_PATH=$(find "$PGLIBOLD" -name "wrappers*so" -print -quit) - if [ -f "$OLD_WRAPPER_LIB_PATH" ]; then - LIB_FILE_NAME=$(basename "$OLD_WRAPPER_LIB_PATH") - if [ "$WRAPPERS_LIB_PATH" != "$PGLIBNEW/${LIB_FILE_NAME}" ]; then - echo "Copying $OLD_WRAPPER_LIB_PATH to $WRAPPERS_LIB_PATH" - cp "$WRAPPERS_LIB_PATH" "$PGLIBNEW/${LIB_FILE_NAME}" - fi - fi - fi - fi + patch_wrappers "$IS_NIX_UPGRADE" echo "9. Creating new data directory, initializing database" chown -R postgres:postgres "$MOUNT_POINT/" From 27500c76e20644f621f6b39589c792b2cefd7a13 Mon Sep 17 00:00:00 2001 From: Paul Cioanca Date: Mon, 12 Aug 2024 17:13:31 +0300 Subject: [PATCH 07/19] fix: nix-specific wrappers fix fix (#1112) --- .../pg_upgrade_scripts/initiate.sh | 24 ++++++++++--------- 1 file changed, 13 insertions(+), 11 deletions(-) diff --git a/ansible/files/admin_api_scripts/pg_upgrade_scripts/initiate.sh b/ansible/files/admin_api_scripts/pg_upgrade_scripts/initiate.sh index 088935cdf..2923fffd7 100755 --- a/ansible/files/admin_api_scripts/pg_upgrade_scripts/initiate.sh +++ b/ansible/files/admin_api_scripts/pg_upgrade_scripts/initiate.sh @@ -186,18 +186,20 @@ function patch_wrappers { # - new version: wrappers-0.1.18.so # - workaround to make pg_upgrade happy: copy wrappers-0.1.18.so to wrappers-0.1.16.so if [ "$IS_NIX_UPGRADE" = "true" ]; then - OLD_WRAPPER_LIB_PATH=$(find "$PGLIBOLD" -name "wrappers*so" -print -quit) - OLD_LIB_FILE_NAME=$(basename "$OLD_WRAPPER_LIB_PATH") - - find /nix/store/ -name "wrappers*so" -print0 | while read -r -d $'\0' WRAPPERS_LIB_PATH; do - if [ -f "$WRAPPERS_LIB_PATH" ]; then - WRAPPERS_LIB_PATH_DIR=$(dirname "$WRAPPERS_LIB_PATH") - if [ "$WRAPPERS_LIB_PATH" != "$WRAPPERS_LIB_PATH_DIR/${OLD_LIB_FILE_NAME}" ]; then - echo "Copying $WRAPPERS_LIB_PATH to $WRAPPERS_LIB_PATH_DIR/${OLD_LIB_FILE_NAME}" - cp "$WRAPPERS_LIB_PATH" "$WRAPPERS_LIB_PATH_DIR/${OLD_LIB_FILE_NAME}" + if [ -d "$PGLIBOLD" ]; then + OLD_WRAPPER_LIB_PATH=$(find "$PGLIBOLD" -name "wrappers*so" -print -quit) + OLD_LIB_FILE_NAME=$(basename "$OLD_WRAPPER_LIB_PATH") + + find /nix/store/ -name "wrappers*so" -print0 | while read -r -d $'\0' WRAPPERS_LIB_PATH; do + if [ -f "$WRAPPERS_LIB_PATH" ]; then + WRAPPERS_LIB_PATH_DIR=$(dirname "$WRAPPERS_LIB_PATH") + if [ "$WRAPPERS_LIB_PATH" != "$WRAPPERS_LIB_PATH_DIR/${OLD_LIB_FILE_NAME}" ]; then + echo "Copying $WRAPPERS_LIB_PATH to $WRAPPERS_LIB_PATH_DIR/${OLD_LIB_FILE_NAME}" + cp "$WRAPPERS_LIB_PATH" "$WRAPPERS_LIB_PATH_DIR/${OLD_LIB_FILE_NAME}" + fi fi - fi - done + done + fi else if [ -d "$PGLIBOLD" ]; then WRAPPERS_LIB_PATH=$(find "$PGLIBNEW" -name "wrappers*so" -print -quit) From fe0e511a67483212c7a637ec327eded7b48c91d3 Mon Sep 17 00:00:00 2001 From: samrose Date: Mon, 12 Aug 2024 23:39:14 +0000 Subject: [PATCH 08/19] fix: write sql migration files for wrappers (#1114) Co-authored-by: Paul Cioanca Co-authored-by: Sam Rose --- .github/workflows/ami-release-nix.yml | 2 +- common-nix.vars.pkr.hcl | 2 +- nix/ext/wrappers/default.nix | 51 ++++++++++++++++++--------- 3 files changed, 37 insertions(+), 18 deletions(-) diff --git a/.github/workflows/ami-release-nix.yml b/.github/workflows/ami-release-nix.yml index cb004ce82..08de3dca9 100644 --- a/.github/workflows/ami-release-nix.yml +++ b/.github/workflows/ami-release-nix.yml @@ -55,7 +55,7 @@ jobs: run: | packer init stage2-nix-psql.pkr.hcl GIT_SHA=${{github.sha}} - packer build -var "git-head-version=${GIT_SHA}" -var "packer-execution-id=${GITHUB_RUN_ID}" -var-file="development-arm.vars.pkr.hcl" -var-file="common-nix.vars.pkr.hcl" stage2-nix-psql.pkr.hcl + packer build -var "git_sha=${GIT_SHA}" -var "git-head-version=${GIT_SHA}" -var "packer-execution-id=${GITHUB_RUN_ID}" -var-file="development-arm.vars.pkr.hcl" -var-file="common-nix.vars.pkr.hcl" stage2-nix-psql.pkr.hcl - name: Grab release version id: process_release_version diff --git a/common-nix.vars.pkr.hcl b/common-nix.vars.pkr.hcl index 77421cc3e..a4f97def6 100644 --- a/common-nix.vars.pkr.hcl +++ b/common-nix.vars.pkr.hcl @@ -1 +1 @@ -postgres-version = "15.6.1.110" +postgres-version = "15.6.1.111" diff --git a/nix/ext/wrappers/default.nix b/nix/ext/wrappers/default.nix index aca14dc9a..af0c15b5d 100644 --- a/nix/ext/wrappers/default.nix +++ b/nix/ext/wrappers/default.nix @@ -7,43 +7,41 @@ , buildPgrxExtension_0_11_3 , cargo , darwin +, jq }: +let + gitTags = builtins.fromJSON (builtins.readFile (builtins.fetchurl { + url = "https://api.github.com/repos/supabase/wrappers/tags"; + sha256 = "0am40yspir70wp8pik1c7qmfvbby3nyxza115pi9klp6fyv2s93j"; # Replace with actual hash + })); +in buildPgrxExtension_0_11_3 rec { pname = "supabase-wrappers"; version = "0.4.1"; inherit postgresql; - src = fetchFromGitHub { owner = "supabase"; repo = "wrappers"; rev = "v${version}"; hash = "sha256-AU9Y43qEMcIBVBThu+Aor1HCtfFIg+CdkzK9IxVdkzM="; }; - - nativeBuildInputs = [ pkg-config cargo ]; - - buildInputs = [ openssl ] ++ lib.optionals (stdenv.isDarwin) [ + nativeBuildInputs = [ pkg-config cargo jq ]; + buildInputs = [ openssl ] ++ lib.optionals (stdenv.isDarwin) [ darwin.apple_sdk.frameworks.CoreFoundation darwin.apple_sdk.frameworks.Security darwin.apple_sdk.frameworks.SystemConfiguration ]; - - # Needed to get openssl-sys to use pkg-config. OPENSSL_NO_VENDOR = 1; CARGO="${cargo}/bin/cargo"; - cargoLock = { - #TODO when we move to newer versions this lockfile will need to be sourced - # from ${src}/Cargo.lock lockFile = "${src}/Cargo.lock"; outputHashes = { "clickhouse-rs-1.0.0-alpha.1" = "sha256-0zmoUo/GLyCKDLkpBsnLAyGs1xz6cubJhn+eVqMEMaw="; }; }; postPatch = "cp ${cargoLock.lockFile} Cargo.lock"; - buildAndTestSubdir = "wrappers"; buildFeatures = [ "helloworld_fdw" @@ -60,12 +58,33 @@ buildPgrxExtension_0_11_3 rec { "cognito_fdw" "wasm_fdw" ]; - - # FIXME (aseipp): disable the tests since they try to install .control - # files into the wrong spot, aside from that the one main test seems - # to work, though doCheck = false; + preBuild = '' + echo "Processing git tags..." + echo '${builtins.toJSON gitTags}' | ${jq}/bin/jq -r '.[].name' | sort -rV > git_tags.txt + ''; + + postInstall = '' + echo "Creating SQL files for previous versions..." + current_version="${version}" + sql_file="$out/share/postgresql/extension/wrappers--$current_version.sql" + + if [ -f "$sql_file" ]; then + while read -r tag; do + tag_version=$(echo "$tag" | sed 's/^v//') + if [ "$(printf '%s\n' "$tag_version" "$current_version" | sort -V | head -n1)" = "$tag_version" ] && [ "$tag_version" != "$current_version" ]; then + new_file="$out/share/postgresql/extension/wrappers--$tag_version--$current_version.sql" + echo "Creating $new_file" + cp "$sql_file" "$new_file" + fi + done < git_tags.txt + else + echo "Warning: $sql_file not found" + fi + rm git_tags.txt + ''; + meta = with lib; { description = "Various Foreign Data Wrappers (FDWs) for PostreSQL"; homepage = "https://github.com/supabase/wrappers"; @@ -73,4 +92,4 @@ buildPgrxExtension_0_11_3 rec { platforms = postgresql.meta.platforms; license = licenses.postgresql; }; -} \ No newline at end of file +} From 659cef79abad3c6905218bca7155e465c87d006b Mon Sep 17 00:00:00 2001 From: Paul Cioanca Date: Tue, 13 Aug 2024 16:21:38 +0300 Subject: [PATCH 09/19] chore: add workflow dispatch to nix ci --- .github/workflows/nix-build.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/nix-build.yml b/.github/workflows/nix-build.yml index 6513e21c0..2c79fc1b4 100644 --- a/.github/workflows/nix-build.yml +++ b/.github/workflows/nix-build.yml @@ -5,6 +5,7 @@ on: branches: - develop pull_request: + workflow_dispatch: permissions: contents: read @@ -56,4 +57,4 @@ jobs: -e AWS_SESSION_TOKEN=${{ env.AWS_SESSION_TOKEN }} \ base_nix bash -c "./workspace/docker/nix/build_nix.sh" name: build psql bundle on ${{ matrix.arch }} - \ No newline at end of file + From c92c6593f2b336e3cc9fda51668faaab4679604d Mon Sep 17 00:00:00 2001 From: Paul Cioanca Date: Tue, 13 Aug 2024 16:28:22 +0300 Subject: [PATCH 10/19] chore: add on-push workflow trigger to nix ci --- .github/workflows/nix-build.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/nix-build.yml b/.github/workflows/nix-build.yml index 2c79fc1b4..a3f95f95f 100644 --- a/.github/workflows/nix-build.yml +++ b/.github/workflows/nix-build.yml @@ -4,6 +4,7 @@ on: push: branches: - develop + - release/* pull_request: workflow_dispatch: From 0721540ebd6b7dce77bb2c185dc0a2d66f5e4b71 Mon Sep 17 00:00:00 2001 From: Paul Cioanca Date: Wed, 14 Aug 2024 12:55:31 +0300 Subject: [PATCH 11/19] chore: don't shim wrappers if project doesn't have wrappers enabled (#1118) --- .../files/admin_api_scripts/pg_upgrade_scripts/initiate.sh | 6 ++++++ nix/ext/wrappers/default.nix | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/ansible/files/admin_api_scripts/pg_upgrade_scripts/initiate.sh b/ansible/files/admin_api_scripts/pg_upgrade_scripts/initiate.sh index 2923fffd7..f9c35ed16 100755 --- a/ansible/files/admin_api_scripts/pg_upgrade_scripts/initiate.sh +++ b/ansible/files/admin_api_scripts/pg_upgrade_scripts/initiate.sh @@ -174,6 +174,12 @@ EOF function patch_wrappers { local IS_NIX_UPGRADE=$1 + WRAPPERS_ENABLED=$(run_sql -A -t -c "SELECT EXISTS(SELECT 1 FROM pg_extension WHERE extname = 'wrappers');") + if [ "$WRAPPERS_ENABLED" = "f" ]; then + echo "Wrappers extension not enabled. Skipping." + return + fi + # This is a workaround for older versions of wrappers which don't have the expected # naming scheme, containing the version in their library's file name # e.g. wrappers-0.1.16.so, rather than wrappers.so diff --git a/nix/ext/wrappers/default.nix b/nix/ext/wrappers/default.nix index af0c15b5d..0411c003c 100644 --- a/nix/ext/wrappers/default.nix +++ b/nix/ext/wrappers/default.nix @@ -13,7 +13,7 @@ let gitTags = builtins.fromJSON (builtins.readFile (builtins.fetchurl { url = "https://api.github.com/repos/supabase/wrappers/tags"; - sha256 = "0am40yspir70wp8pik1c7qmfvbby3nyxza115pi9klp6fyv2s93j"; # Replace with actual hash + sha256 = "0pvavn0f8wnaszq4bmvjkadm6xbvf91rbhcmmgjasqajb69vskv9"; # Replace with actual hash })); in buildPgrxExtension_0_11_3 rec { From bfe5f7b7f6305f9ab8b5b2ddd602f56eab28e315 Mon Sep 17 00:00:00 2001 From: Paul Cioanca Date: Wed, 14 Aug 2024 14:33:22 +0300 Subject: [PATCH 12/19] fix(nix/wrappers): move previous versions to a static list (#1119) --- nix/ext/wrappers/default.nix | 20 ++++++++------------ 1 file changed, 8 insertions(+), 12 deletions(-) diff --git a/nix/ext/wrappers/default.nix b/nix/ext/wrappers/default.nix index 0411c003c..db1e972f1 100644 --- a/nix/ext/wrappers/default.nix +++ b/nix/ext/wrappers/default.nix @@ -10,15 +10,12 @@ , jq }: -let - gitTags = builtins.fromJSON (builtins.readFile (builtins.fetchurl { - url = "https://api.github.com/repos/supabase/wrappers/tags"; - sha256 = "0pvavn0f8wnaszq4bmvjkadm6xbvf91rbhcmmgjasqajb69vskv9"; # Replace with actual hash - })); -in buildPgrxExtension_0_11_3 rec { pname = "supabase-wrappers"; version = "0.4.1"; + # update the following array when the wrappers version is updated + # required to ensure that extensions update scripts from previous versions are generated + previousVersions = ["0.4.0" "0.3.1" "0.3.0" "0.2.0" "0.1.19" "0.1.18" "0.1.17" "0.1.16" "0.1.15" "0.1.14" "0.1.12" "0.1.11" "0.1.10" "0.1.9" "0.1.8" "0.1.7" "0.1.6" "0.1.5" "0.1.4" "0.1.1" "0.1.0"]; inherit postgresql; src = fetchFromGitHub { owner = "supabase"; @@ -26,7 +23,7 @@ buildPgrxExtension_0_11_3 rec { rev = "v${version}"; hash = "sha256-AU9Y43qEMcIBVBThu+Aor1HCtfFIg+CdkzK9IxVdkzM="; }; - nativeBuildInputs = [ pkg-config cargo jq ]; + nativeBuildInputs = [ pkg-config cargo ]; buildInputs = [ openssl ] ++ lib.optionals (stdenv.isDarwin) [ darwin.apple_sdk.frameworks.CoreFoundation darwin.apple_sdk.frameworks.Security @@ -62,7 +59,7 @@ buildPgrxExtension_0_11_3 rec { preBuild = '' echo "Processing git tags..." - echo '${builtins.toJSON gitTags}' | ${jq}/bin/jq -r '.[].name' | sort -rV > git_tags.txt + echo '${builtins.concatStringsSep "," previousVersions}' | sed 's/,/\n/g' > git_tags.txt ''; postInstall = '' @@ -71,10 +68,9 @@ buildPgrxExtension_0_11_3 rec { sql_file="$out/share/postgresql/extension/wrappers--$current_version.sql" if [ -f "$sql_file" ]; then - while read -r tag; do - tag_version=$(echo "$tag" | sed 's/^v//') - if [ "$(printf '%s\n' "$tag_version" "$current_version" | sort -V | head -n1)" = "$tag_version" ] && [ "$tag_version" != "$current_version" ]; then - new_file="$out/share/postgresql/extension/wrappers--$tag_version--$current_version.sql" + while read -r previous_version; do + if [ "$(printf '%s\n' "$previous_version" "$current_version" | sort -V | head -n1)" = "$previous_version" ] && [ "$previous_version" != "$current_version" ]; then + new_file="$out/share/postgresql/extension/wrappers--$previous_version--$current_version.sql" echo "Creating $new_file" cp "$sql_file" "$new_file" fi From fabd8e2dd9b283c5a22a29e7bdaeb17feca1ff0c Mon Sep 17 00:00:00 2001 From: Paul Cioanca Date: Thu, 15 Aug 2024 11:57:57 +0300 Subject: [PATCH 13/19] chore: install latest libpq for pg15 (#1122) --- ansible/tasks/setup-postgrest.yml | 24 ++++++++++++++++++++++++ common-nix.vars.pkr.hcl | 2 +- 2 files changed, 25 insertions(+), 1 deletion(-) diff --git a/ansible/tasks/setup-postgrest.yml b/ansible/tasks/setup-postgrest.yml index 57b76e1ee..1517c61b6 100644 --- a/ansible/tasks/setup-postgrest.yml +++ b/ansible/tasks/setup-postgrest.yml @@ -1,6 +1,20 @@ - name: PostgREST - system user user: name=postgrest +- name: PostgREST - add Postgres PPA gpg key + apt_key: + url: https://www.postgresql.org/media/keys/ACCC4CF8.asc + state: present + +- name: PostgREST - add Postgres PPA + apt_repository: + repo: "deb http://apt.postgresql.org/pub/repos/apt/ focal-pgdg {{ postgresql_major }}" + state: present + +- name: PostgREST - update apt cache + apt: + update_cache: yes + # libpq is a C library that enables user programs to communicate with # the PostgreSQL database server. - name: PostgREST - system dependencies @@ -9,6 +23,16 @@ - libpq5 - libnuma-dev +- name: PostgREST - remove Postgres PPA gpg key + apt_key: + url: https://www.postgresql.org/media/keys/ACCC4CF8.asc + state: absent + +- name: PostgREST - remove Postgres PPA + apt_repository: + repo: "deb http://apt.postgresql.org/pub/repos/apt/ focal-pgdg {{ postgresql_major }}" + state: absent + - name: postgis - ensure dependencies do not get autoremoved shell: | set -e diff --git a/common-nix.vars.pkr.hcl b/common-nix.vars.pkr.hcl index a4f97def6..bf7a7712e 100644 --- a/common-nix.vars.pkr.hcl +++ b/common-nix.vars.pkr.hcl @@ -1 +1 @@ -postgres-version = "15.6.1.111" +postgres-version = "15.6.1.112" From 6acd4c3dd8f70574a682bde206f0e3f9a061ca05 Mon Sep 17 00:00:00 2001 From: Paul Cioanca Date: Thu, 15 Aug 2024 12:22:07 +0300 Subject: [PATCH 14/19] chore: mark libpq as manually installed (#1123) --- ansible/tasks/setup-postgrest.yml | 1 + common-nix.vars.pkr.hcl | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/ansible/tasks/setup-postgrest.yml b/ansible/tasks/setup-postgrest.yml index 1517c61b6..a98d1990f 100644 --- a/ansible/tasks/setup-postgrest.yml +++ b/ansible/tasks/setup-postgrest.yml @@ -36,6 +36,7 @@ - name: postgis - ensure dependencies do not get autoremoved shell: | set -e + apt-mark manual libpq5* apt-mark manual libnuma* apt-mark auto libnuma*-dev diff --git a/common-nix.vars.pkr.hcl b/common-nix.vars.pkr.hcl index bf7a7712e..529a21a64 100644 --- a/common-nix.vars.pkr.hcl +++ b/common-nix.vars.pkr.hcl @@ -1 +1 @@ -postgres-version = "15.6.1.112" +postgres-version = "15.6.1.113" From 90a93ab0d9d08b6b1377b5a11537cf7e9f329afe Mon Sep 17 00:00:00 2001 From: Paul Cioanca Date: Thu, 15 Aug 2024 17:29:15 +0300 Subject: [PATCH 15/19] chore: add workflow to update pg_upgrade binary nix flake version on-demand --- ...ublish-nix-pgupgrade-bin-flake-version.yml | 105 ++++++++++++++++++ common-nix.vars.pkr.hcl | 2 +- 2 files changed, 106 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/publish-nix-pgupgrade-bin-flake-version.yml diff --git a/.github/workflows/publish-nix-pgupgrade-bin-flake-version.yml b/.github/workflows/publish-nix-pgupgrade-bin-flake-version.yml new file mode 100644 index 000000000..aaec43884 --- /dev/null +++ b/.github/workflows/publish-nix-pgupgrade-bin-flake-version.yml @@ -0,0 +1,105 @@ +name: Publish nix pg_upgrade_bin flake version + +on: + push: + branches: + - pcnc/nix-flake-workflow + paths: + - '.github/workflows/publish-nix-pgupgrade-bin-flake-version.yml' + workflow_dispatch: + inputs: + postgresVersion: + description: 'Optional. Postgres version to publish against, i.e. 15.1.1.78' + required: false + +permissions: + id-token: write + +jobs: + publish-staging: + runs-on: ubuntu-latest + + steps: + - name: Checkout Repo + uses: actions/checkout@v3 + + - name: Grab release version + id: process_release_version + run: | + VERSION=$(grep 'postgres-version' common-nix.vars.pkr.hcl | sed -e 's/postgres-version = "\(.*\)"/\1/g') + if [[ "${{ inputs.postgresVersion }}" != "" ]]; then + VERSION=${{ inputs.postgresVersion }} + fi + echo "version=$VERSION" >> "$GITHUB_OUTPUT" + echo "major_version=$(echo $VERSION | cut -d'.' -f1)" >> "$GITHUB_OUTPUT" + + - name: Create a tarball containing the latest nix flake version + working-directory: /tmp/ + run: | + mkdir -p ${{ steps.process_release_version.outputs.major_version }} + echo $GITHUB_SHA > ${{ steps.process_release_version.outputs.major_version }}/nix_flake_version + tar -czvf pg_upgrade_bin.tar.gz ${{ steps.process_release_version.outputs.major_version }} + + - name: configure aws credentials - staging + uses: aws-actions/configure-aws-credentials@v1 + with: + role-to-assume: ${{ secrets.DEV_AWS_ROLE }} + aws-region: "us-east-1" + + - name: Upload pg_upgrade scripts to s3 staging + run: | + aws s3 cp /tmp/pg_upgrade_bin.tar.gz s3://${{ secrets.ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/20.04.tar.gz + + - name: Slack Notification on Failure + if: ${{ failure() }} + uses: rtCamp/action-slack-notify@v2 + env: + SLACK_WEBHOOK: ${{ secrets.SLACK_NOTIFICATIONS_WEBHOOK }} + SLACK_USERNAME: 'gha-failures-notifier' + SLACK_COLOR: 'danger' + SLACK_MESSAGE: 'Publishing pg_upgrade binaries flake version failed' + SLACK_FOOTER: '' + + publish-prod: + runs-on: ubuntu-latest + if: github.ref_name == 'develop' || contains( github.ref, 'release' ) + + steps: + - name: Checkout Repo + uses: actions/checkout@v3 + + - name: Grab release version + id: process_release_version + run: | + VERSION=$(grep 'postgres-version' common-nix.vars.pkr.hcl | sed -e 's/postgres-version = "\(.*\)"/\1/g') + if [[ "${{ inputs.postgresVersion }}" != "" ]]; then + VERSION=${{ inputs.postgresVersion }} + fi + echo "version=$VERSION" >> "$GITHUB_OUTPUT" + echo "major_version=$(echo $VERSION | cut -d'.' -f1)" >> "$GITHUB_OUTPUT" + + - name: Create a tarball containing the latest nix flake version + run: | + mkdir -p /tmp/${{ steps.process_release_version.outputs.major_version }} + echo $GITHUB_SHA > /tmp/${{ steps.process_release_version.outputs.major_version }}/nix_flake_version + tar -czvf pg_upgrade_bin.tar.gz -C /tmp/ /${{ steps.process_release_version.outputs.major_version }} + + - name: configure aws credentials - prod + uses: aws-actions/configure-aws-credentials@v1 + with: + role-to-assume: ${{ secrets.PROD_AWS_ROLE }} + aws-region: "us-east-1" + + - name: Upload pg_upgrade scripts to s3 prod + run: | + aws s3 cp /tmp/pg_upgrade_bin.tar.gz s3://${{ secrets.PROD_ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/20.04.tar.gz + + - name: Slack Notification on Failure + if: ${{ failure() }} + uses: rtCamp/action-slack-notify@v2 + env: + SLACK_WEBHOOK: ${{ secrets.SLACK_NOTIFICATIONS_WEBHOOK }} + SLACK_USERNAME: 'gha-failures-notifier' + SLACK_COLOR: 'danger' + SLACK_MESSAGE: 'Publishing pg_upgrade binaries flake version failed' + SLACK_FOOTER: '' diff --git a/common-nix.vars.pkr.hcl b/common-nix.vars.pkr.hcl index 529a21a64..9239017c6 100644 --- a/common-nix.vars.pkr.hcl +++ b/common-nix.vars.pkr.hcl @@ -1 +1 @@ -postgres-version = "15.6.1.113" +postgres-version = "15.6.1.113-workflow-release-test" From 654389cea1c4ce437895a44fe82894579510dfae Mon Sep 17 00:00:00 2001 From: Paul Cioanca Date: Thu, 15 Aug 2024 17:36:21 +0300 Subject: [PATCH 16/19] chore: cleanup --- .../publish-nix-pgupgrade-bin-flake-version.yml | 12 ++++-------- common-nix.vars.pkr.hcl | 2 +- 2 files changed, 5 insertions(+), 9 deletions(-) diff --git a/.github/workflows/publish-nix-pgupgrade-bin-flake-version.yml b/.github/workflows/publish-nix-pgupgrade-bin-flake-version.yml index aaec43884..5b985f4be 100644 --- a/.github/workflows/publish-nix-pgupgrade-bin-flake-version.yml +++ b/.github/workflows/publish-nix-pgupgrade-bin-flake-version.yml @@ -1,11 +1,6 @@ name: Publish nix pg_upgrade_bin flake version on: - push: - branches: - - pcnc/nix-flake-workflow - paths: - - '.github/workflows/publish-nix-pgupgrade-bin-flake-version.yml' workflow_dispatch: inputs: postgresVersion: @@ -79,10 +74,11 @@ jobs: echo "major_version=$(echo $VERSION | cut -d'.' -f1)" >> "$GITHUB_OUTPUT" - name: Create a tarball containing the latest nix flake version + working-directory: /tmp/ run: | - mkdir -p /tmp/${{ steps.process_release_version.outputs.major_version }} - echo $GITHUB_SHA > /tmp/${{ steps.process_release_version.outputs.major_version }}/nix_flake_version - tar -czvf pg_upgrade_bin.tar.gz -C /tmp/ /${{ steps.process_release_version.outputs.major_version }} + mkdir -p ${{ steps.process_release_version.outputs.major_version }} + echo $GITHUB_SHA > ${{ steps.process_release_version.outputs.major_version }}/nix_flake_version + tar -czvf pg_upgrade_bin.tar.gz ${{ steps.process_release_version.outputs.major_version }} - name: configure aws credentials - prod uses: aws-actions/configure-aws-credentials@v1 diff --git a/common-nix.vars.pkr.hcl b/common-nix.vars.pkr.hcl index 9239017c6..529a21a64 100644 --- a/common-nix.vars.pkr.hcl +++ b/common-nix.vars.pkr.hcl @@ -1 +1 @@ -postgres-version = "15.6.1.113-workflow-release-test" +postgres-version = "15.6.1.113" From e064bbc8ae9d0087388950c93b78f668d138f55b Mon Sep 17 00:00:00 2001 From: samrose Date: Fri, 16 Aug 2024 12:10:52 +0000 Subject: [PATCH 17/19] fix: sql migration files for pg_jsonschema (#1127) Co-authored-by: Sam Rose --- nix/ext/pg_jsonschema.nix | 30 +++++++++++++++++++++++++++++- 1 file changed, 29 insertions(+), 1 deletion(-) diff --git a/nix/ext/pg_jsonschema.nix b/nix/ext/pg_jsonschema.nix index 7bc737d1c..33eb7ff6c 100644 --- a/nix/ext/pg_jsonschema.nix +++ b/nix/ext/pg_jsonschema.nix @@ -14,7 +14,10 @@ buildPgrxExtension_0_11_3 rec { nativeBuildInputs = [ cargo ]; buildInputs = [ postgresql ]; - + # update the following array when the pg_jsonschema version is updated + # required to ensure that extensions update scripts from previous versions are generated + + previousVersions = ["0.3.0" "0.2.0" "0.1.4" "0.1.4" "0.1.2" "0.1.1" "0.1.0"]; CARGO="${cargo}/bin/cargo"; env = lib.optionalAttrs stdenv.isDarwin { POSTGRES_LIB = "${postgresql}/lib"; @@ -26,6 +29,31 @@ buildPgrxExtension_0_11_3 rec { # to fix this a bit later. doCheck = false; + preBuild = '' + echo "Processing git tags..." + echo '${builtins.concatStringsSep "," previousVersions}' | sed 's/,/\n/g' > git_tags.txt + ''; + + postInstall = '' + echo "Creating SQL files for previous versions..." + current_version="${version}" + sql_file="$out/share/postgresql/extension/pg_jsonschema--$current_version.sql" + + if [ -f "$sql_file" ]; then + while read -r previous_version; do + if [ "$(printf '%s\n' "$previous_version" "$current_version" | sort -V | head -n1)" = "$previous_version" ] && [ "$previous_version" != "$current_version" ]; then + new_file="$out/share/postgresql/extension/pg_jsonschema--$previous_version--$current_version.sql" + echo "Creating $new_file" + cp "$sql_file" "$new_file" + fi + done < git_tags.txt + else + echo "Warning: $sql_file not found" + fi + rm git_tags.txt + ''; + + meta = with lib; { description = "JSON Schema Validation for PostgreSQL"; homepage = "https://github.com/supabase/${pname}"; From 2e1be6be456646799100803435aefc80373e323e Mon Sep 17 00:00:00 2001 From: Div Arora Date: Tue, 20 Aug 2024 13:27:15 +0800 Subject: [PATCH 18/19] chore: include new adminapi build --- ansible/vars.yml | 2 +- common-nix.vars.pkr.hcl | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ansible/vars.yml b/ansible/vars.yml index 816dcc2df..38cdbb227 100644 --- a/ansible/vars.yml +++ b/ansible/vars.yml @@ -50,7 +50,7 @@ postgres_exporter_release_checksum: arm64: sha256:29ba62d538b92d39952afe12ee2e1f4401250d678ff4b354ff2752f4321c87a0 amd64: sha256:cb89fc5bf4485fb554e0d640d9684fae143a4b2d5fa443009bd29c59f9129e84 -adminapi_release: 0.64.2 +adminapi_release: 0.66.1 adminmgr_release: 0.22.1 # Postgres Extensions diff --git a/common-nix.vars.pkr.hcl b/common-nix.vars.pkr.hcl index 529a21a64..17f58af83 100644 --- a/common-nix.vars.pkr.hcl +++ b/common-nix.vars.pkr.hcl @@ -1 +1 @@ -postgres-version = "15.6.1.113" +postgres-version = "15.6.1.114" From 112147e766702f201ec087b6114d1e2446d54485 Mon Sep 17 00:00:00 2001 From: Paul Cioanca Date: Tue, 20 Aug 2024 18:22:15 +0300 Subject: [PATCH 19/19] chore: bail on executing grow_fs is resize2fs is already running --- ansible/files/admin_api_scripts/grow_fs.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ansible/files/admin_api_scripts/grow_fs.sh b/ansible/files/admin_api_scripts/grow_fs.sh index 5c3dc73d4..1bca017b7 100644 --- a/ansible/files/admin_api_scripts/grow_fs.sh +++ b/ansible/files/admin_api_scripts/grow_fs.sh @@ -4,6 +4,11 @@ set -euo pipefail VOLUME_TYPE=${1:-data} +if pgrep resizefs; then + echo "resize2fs is already running" + exit 1 +fi + if [ -b /dev/nvme1n1 ] ; then if [[ "${VOLUME_TYPE}" == "data" ]]; then resize2fs /dev/nvme1n1