From 26ba18b0972b3bf11c64960c8b4ec85fbe10f5ba Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Tue, 5 Nov 2024 13:48:41 -0500 Subject: [PATCH 01/13] chore: adding support for x86_64-darwin --- .github/workflows/nix-build.yml | 2 ++ flake.nix | 1 + 2 files changed, 3 insertions(+) diff --git a/.github/workflows/nix-build.yml b/.github/workflows/nix-build.yml index 08c316bce..fe69c3dd3 100644 --- a/.github/workflows/nix-build.yml +++ b/.github/workflows/nix-build.yml @@ -24,6 +24,8 @@ jobs: arch: arm64 - runner: macos-latest arch: arm64 + - runner: macos-13 + arch: amd64 runs-on: ${{ matrix.runner }} steps: diff --git a/flake.nix b/flake.nix index 615df5da5..f1cff1abd 100644 --- a/flake.nix +++ b/flake.nix @@ -17,6 +17,7 @@ system.x86_64-linux system.aarch64-linux system.aarch64-darwin + system.x86_64-darwin ]; in flake-utils.lib.eachSystem ourSystems (system: From ebc78ce4c2d1309b48cee8eedd1f103f7900acd1 Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Tue, 5 Nov 2024 14:23:25 -0500 Subject: [PATCH 02/13] fix: handle logic for various darwin platforms --- .github/workflows/nix-build.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/nix-build.yml b/.github/workflows/nix-build.yml index fe69c3dd3..d838f93e8 100644 --- a/.github/workflows/nix-build.yml +++ b/.github/workflows/nix-build.yml @@ -49,23 +49,23 @@ jobs: env: NIX_SIGN_SECRET_KEY: ${{ secrets.NIX_SIGN_SECRET_KEY }} - name: Log in to Docker Hub - if: matrix.runner != 'macos-latest' + if: matrix.runner != 'macos-latest' || matrix.runner != 'macos-13' uses: docker/login-action@v2 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - name: Build psql bundle with nix - if: matrix.runner != 'macos-latest' + if: matrix.runner != 'macos-latest' || matrix.runner != 'macos-13' run: docker build -t base_nix -f docker/nix/Dockerfile . - name: Run build psql bundle - if: matrix.runner != 'macos-latest' + if: matrix.runner != 'macos-latest' || matrix.runner != 'macos-13' run: | docker run -e AWS_ACCESS_KEY_ID=${{ env.AWS_ACCESS_KEY_ID }} \ -e AWS_SECRET_ACCESS_KEY=${{ env.AWS_SECRET_ACCESS_KEY }} \ -e AWS_SESSION_TOKEN=${{ env.AWS_SESSION_TOKEN }} \ base_nix bash -c "./workspace/docker/nix/build_nix.sh" - name: Build psql bundle on macos - if: matrix.runner == 'macos-latest' + if: matrix.runner == 'macos-latest' || matrix.runner == 'macos-13' run: | curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install --no-confirm \ --extra-conf "substituters = https://cache.nixos.org https://nix-postgres-artifacts.s3.amazonaws.com" \ From 58b7513421eb8bb079b78229a6ad571d417c91df Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Tue, 5 Nov 2024 14:38:29 -0500 Subject: [PATCH 03/13] fix: != &&, == || --- .github/workflows/nix-build.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/nix-build.yml b/.github/workflows/nix-build.yml index d838f93e8..70641cf34 100644 --- a/.github/workflows/nix-build.yml +++ b/.github/workflows/nix-build.yml @@ -49,16 +49,16 @@ jobs: env: NIX_SIGN_SECRET_KEY: ${{ secrets.NIX_SIGN_SECRET_KEY }} - name: Log in to Docker Hub - if: matrix.runner != 'macos-latest' || matrix.runner != 'macos-13' + if: matrix.runner != 'macos-latest' && matrix.runner != 'macos-13' uses: docker/login-action@v2 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - name: Build psql bundle with nix - if: matrix.runner != 'macos-latest' || matrix.runner != 'macos-13' + if: matrix.runner != 'macos-latest' && matrix.runner != 'macos-13' run: docker build -t base_nix -f docker/nix/Dockerfile . - name: Run build psql bundle - if: matrix.runner != 'macos-latest' || matrix.runner != 'macos-13' + if: matrix.runner != 'macos-latest' && matrix.runner != 'macos-13' run: | docker run -e AWS_ACCESS_KEY_ID=${{ env.AWS_ACCESS_KEY_ID }} \ -e AWS_SECRET_ACCESS_KEY=${{ env.AWS_SECRET_ACCESS_KEY }} \ From 9b6a69eb38444de4740f7de4f2a83007878ae3ca Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Tue, 5 Nov 2024 14:45:09 -0500 Subject: [PATCH 04/13] fix: support system here too --- nix/ext/plv8.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nix/ext/plv8.nix b/nix/ext/plv8.nix index 785f5e601..a331a1127 100644 --- a/nix/ext/plv8.nix +++ b/nix/ext/plv8.nix @@ -120,7 +120,7 @@ stdenv.mkDerivation (finalAttrs: { description = "V8 Engine Javascript Procedural Language add-on for PostgreSQL"; homepage = "https://plv8.github.io/"; maintainers = with maintainers; [ samrose ]; - platforms = [ "x86_64-linux" "aarch64-linux" "aarch64-darwin" ]; + platforms = [ "x86_64-linux" "aarch64-linux" "aarch64-darwin" "x86_64-darwin" ]; license = licenses.postgresql; }; }) From f8e5835ad9f24e58a9cab087a9f1553fd57d93f5 Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Wed, 6 Nov 2024 09:29:45 -0500 Subject: [PATCH 05/13] feature: support added for x86_64-darwin --- ansible/vars.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ansible/vars.yml b/ansible/vars.yml index da1b61704..1017ef18c 100644 --- a/ansible/vars.yml +++ b/ansible/vars.yml @@ -11,8 +11,8 @@ postgres_major: # Full version strings for each major version postgres_release: - postgres15: "15.8.1.006" - postgres16: "16.3.1.012" + postgres15: "15.8.1.007" + postgres16: "16.3.1.013" # Non Postgres Extensions pgbouncer_release: "1.19.0" From e0588011e130677c322d510b7d4031f464ad6408 Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Wed, 6 Nov 2024 11:59:40 -0500 Subject: [PATCH 06/13] fix: increase timeout so that aws access does not expire --- .github/workflows/nix-build.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/nix-build.yml b/.github/workflows/nix-build.yml index 70641cf34..2849c8c80 100644 --- a/.github/workflows/nix-build.yml +++ b/.github/workflows/nix-build.yml @@ -27,7 +27,7 @@ jobs: - runner: macos-13 arch: amd64 runs-on: ${{ matrix.runner }} - + timeout-minutes: 180 steps: - name: Check out code @@ -42,6 +42,7 @@ jobs: role-to-assume: ${{ secrets.DEV_AWS_ROLE }} aws-region: "us-east-1" output-credentials: true + role-duration-seconds: 10800 - name: write secret key # use python so we don't interpolate the secret into the workflow logs, in case of bugs run: | From e23ab28b90b12cc3852f1e1bc0c79b7ca81d352d Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Wed, 6 Nov 2024 15:03:56 -0500 Subject: [PATCH 07/13] fix: duration was too high --- .github/workflows/nix-build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/nix-build.yml b/.github/workflows/nix-build.yml index 2849c8c80..0258dd321 100644 --- a/.github/workflows/nix-build.yml +++ b/.github/workflows/nix-build.yml @@ -42,7 +42,7 @@ jobs: role-to-assume: ${{ secrets.DEV_AWS_ROLE }} aws-region: "us-east-1" output-credentials: true - role-duration-seconds: 10800 + role-duration-seconds: 3600 - name: write secret key # use python so we don't interpolate the secret into the workflow logs, in case of bugs run: | From 6689c9fd2189f6cd52f78ec1b46d1c171b01d5af Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Wed, 6 Nov 2024 15:24:40 -0500 Subject: [PATCH 08/13] chore: see if 2 hours will work --- .github/workflows/nix-build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/nix-build.yml b/.github/workflows/nix-build.yml index 0258dd321..473579875 100644 --- a/.github/workflows/nix-build.yml +++ b/.github/workflows/nix-build.yml @@ -42,7 +42,7 @@ jobs: role-to-assume: ${{ secrets.DEV_AWS_ROLE }} aws-region: "us-east-1" output-credentials: true - role-duration-seconds: 3600 + role-duration-seconds: 7200 - name: write secret key # use python so we don't interpolate the secret into the workflow logs, in case of bugs run: | From ca48b96c25ba89e4770232cee846f7349a1660ac Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Wed, 6 Nov 2024 15:27:32 -0500 Subject: [PATCH 09/13] fix: try more than 2 less than 3 hrs --- .github/workflows/nix-build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/nix-build.yml b/.github/workflows/nix-build.yml index 473579875..4fc50e5e8 100644 --- a/.github/workflows/nix-build.yml +++ b/.github/workflows/nix-build.yml @@ -42,7 +42,7 @@ jobs: role-to-assume: ${{ secrets.DEV_AWS_ROLE }} aws-region: "us-east-1" output-credentials: true - role-duration-seconds: 7200 + role-duration-seconds: 9000 - name: write secret key # use python so we don't interpolate the secret into the workflow logs, in case of bugs run: | From b8c243997322f3f1f7a6eadaaa4861ed4a2e100c Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Wed, 6 Nov 2024 15:29:24 -0500 Subject: [PATCH 10/13] chore: try a bit lower --- .github/workflows/nix-build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/nix-build.yml b/.github/workflows/nix-build.yml index 4fc50e5e8..b67aeb2ff 100644 --- a/.github/workflows/nix-build.yml +++ b/.github/workflows/nix-build.yml @@ -42,7 +42,7 @@ jobs: role-to-assume: ${{ secrets.DEV_AWS_ROLE }} aws-region: "us-east-1" output-credentials: true - role-duration-seconds: 9000 + role-duration-seconds: 8200 - name: write secret key # use python so we don't interpolate the secret into the workflow logs, in case of bugs run: | From 22dbf5e2e665e965f28374af2305bbcfe0f13828 Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Wed, 6 Nov 2024 15:30:25 -0500 Subject: [PATCH 11/13] chore: bump down lower --- .github/workflows/nix-build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/nix-build.yml b/.github/workflows/nix-build.yml index b67aeb2ff..4677fa3b4 100644 --- a/.github/workflows/nix-build.yml +++ b/.github/workflows/nix-build.yml @@ -42,7 +42,7 @@ jobs: role-to-assume: ${{ secrets.DEV_AWS_ROLE }} aws-region: "us-east-1" output-credentials: true - role-duration-seconds: 8200 + role-duration-seconds: 7500 - name: write secret key # use python so we don't interpolate the secret into the workflow logs, in case of bugs run: | From 22e8a536b1abff0c92aa7a359aed09581c30e85f Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Wed, 6 Nov 2024 15:31:33 -0500 Subject: [PATCH 12/13] chore: set to the apparent max --- .github/workflows/nix-build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/nix-build.yml b/.github/workflows/nix-build.yml index 4677fa3b4..473579875 100644 --- a/.github/workflows/nix-build.yml +++ b/.github/workflows/nix-build.yml @@ -42,7 +42,7 @@ jobs: role-to-assume: ${{ secrets.DEV_AWS_ROLE }} aws-region: "us-east-1" output-credentials: true - role-duration-seconds: 7500 + role-duration-seconds: 7200 - name: write secret key # use python so we don't interpolate the secret into the workflow logs, in case of bugs run: | From 2a3ed2144b6be67aac01079b85fa2795e0b4431a Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Wed, 6 Nov 2024 18:26:12 -0500 Subject: [PATCH 13/13] chore: limit nix build to 15 on x86_64-darwin --- docker/nix/build_nix.sh | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/docker/nix/build_nix.sh b/docker/nix/build_nix.sh index 3cf8505c0..5a7896a46 100644 --- a/docker/nix/build_nix.sh +++ b/docker/nix/build_nix.sh @@ -5,9 +5,15 @@ nix --version if [ -d "/workspace" ]; then cd /workspace fi -nix build .#checks.$(nix-instantiate --eval -E builtins.currentSystem | tr -d '"').psql_15 -L --no-link -nix build .#checks.$(nix-instantiate --eval -E builtins.currentSystem | tr -d '"').psql_16 -L --no-link -nix build .#psql_15/bin -o psql_15 -nix build .#psql_16/bin -o psql_16 -nix copy --to s3://nix-postgres-artifacts?secret-key=nix-secret-key ./psql_15 -nix copy --to s3://nix-postgres-artifacts?secret-key=nix-secret-key ./psql_16 +if [ $(nix-instantiate --eval -E builtins.currentSystem | tr -d '"') == "x86_64-darwin" ]; then + nix build .#checks.$(nix-instantiate --eval -E builtins.currentSystem | tr -d '"').psql_15 -L --no-link + nix build .#psql_15/bin -o psql_15 + nix copy --to s3://nix-postgres-artifacts?secret-key=nix-secret-key ./psql_15 +else + nix build .#checks.$(nix-instantiate --eval -E builtins.currentSystem | tr -d '"').psql_15 -L --no-link + nix build .#checks.$(nix-instantiate --eval -E builtins.currentSystem | tr -d '"').psql_16 -L --no-link + nix build .#psql_15/bin -o psql_15 + nix build .#psql_16/bin -o psql_16 + nix copy --to s3://nix-postgres-artifacts?secret-key=nix-secret-key ./psql_15 + nix copy --to s3://nix-postgres-artifacts?secret-key=nix-secret-key ./psql_16 +fi