diff --git a/.github/workflows/ami-release-nix-single.yml b/.github/workflows/ami-release-nix-single.yml index d99939f1d..6699dbf64 100644 --- a/.github/workflows/ami-release-nix-single.yml +++ b/.github/workflows/ami-release-nix-single.yml @@ -12,6 +12,11 @@ on: required: true type: string default: 'main' + release_to_prod: + description: 'Release AMI to production (will also create GitHub release)' + required: false + type: boolean + default: false permissions: contents: write @@ -47,7 +52,7 @@ jobs: - name: Generate common-nix.vars.pkr.hcl run: | - PG_VERSION=$(nix run nixpkgs#yq -- '.postgres_release["postgres'${{ env.POSTGRES_MAJOR_VERSION }}'"]' ansible/vars.yml) + PG_VERSION=$(nix run nixpkgs#yq-go -- '.postgres_release["postgres'${{ env.POSTGRES_MAJOR_VERSION }}'"]' ansible/vars.yml) PG_VERSION=$(echo "$PG_VERSION" | tr -d '"') # Remove any surrounding quotes echo 'postgres-version = "'$PG_VERSION'"' > common-nix.vars.pkr.hcl # Ensure there's a newline at the end of the file @@ -105,12 +110,14 @@ jobs: aws s3 cp /tmp/pg_binaries.tar.gz s3://${{ secrets.ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/20.04.tar.gz - name: configure aws credentials - prod + if: ${{ github.event.inputs.release_to_prod == 'true' }} uses: aws-actions/configure-aws-credentials@v4 with: role-to-assume: ${{ secrets.PROD_AWS_ROLE }} aws-region: "us-east-1" - name: Upload software manifest to s3 prod + if: ${{ github.event.inputs.release_to_prod == 'true' }} run: | cd ansible ansible-playbook -i localhost \ @@ -120,10 +127,12 @@ jobs: manifest-playbook.yml - name: Upload nix flake revision to s3 prod + if: ${{ github.event.inputs.release_to_prod == 'true' }} run: | aws s3 cp /tmp/pg_binaries.tar.gz s3://${{ secrets.PROD_ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/20.04.tar.gz - name: Create release + if: ${{ github.event.inputs.release_to_prod == 'true' }} uses: softprops/action-gh-release@v2 with: name: ${{ steps.process_release_version.outputs.version }} @@ -149,4 +158,3 @@ jobs: if: ${{ cancelled() }} run: | aws ec2 describe-instances --filters "Name=tag:packerExecutionId,Values=${GITHUB_RUN_ID}" --query "Reservations[].Instances[].InstanceId" --output text | xargs -r aws ec2 terminate-instances --instance-ids - diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 6be368784..779245bd2 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -71,6 +71,7 @@ jobs: echo "EOF" >> $GITHUB_OUTPUT - name: verify schema.sql is committed run: | + nix-collect-garbage -d nix run github:supabase/postgres/${{ github.sha }}#dbmate-tool -- --version ${{ env.PGMAJOR }} --flake-url github:supabase/postgres/${{ github.sha }} if ! git diff --exit-code --quiet migrations/schema-${{ env.PGMAJOR }}.sql; then echo "Detected changes in schema.sql:" diff --git a/ansible/vars.yml b/ansible/vars.yml index cae51b58d..cd46344d8 100644 --- a/ansible/vars.yml +++ b/ansible/vars.yml @@ -2,6 +2,7 @@ supabase_internal: true ebssurrogate_mode: true async_mode: true +# versions listed here will have an image built for them. postgres_major: - "15" - "17" @@ -9,9 +10,18 @@ postgres_major: # Full version strings for each major version postgres_release: - postgresorioledb-17: "17.0.1.107-orioledb" - postgres17: "17.4.1.057" - postgres15: "15.8.1.114" + postgresorioledb-17: "17.0.1.108-orioledb-rc2" + postgres17: "17.4.1.058-rc3" + postgres15: "15.8.1.115-rc3" + postgres14: "14.18.1.002" #legacy for internal maintenance only. + +# Note, postgres14 is not built on every release, but is available in the nix cache. +# postgres14 is included here to support upgrading from postgres14 to newer versions. +# an image can be created with a special workflow that builds postgres14 image. +# Supabase will not create and release postgres14 images other than as a utility for internal use. +# Supase strongly recommends using postgres17 or newer for self-hosted Supabase/postgres. +# Supabase offers no support of any kind for postgres14. + # Non Postgres Extensions pgbouncer_release: "1.19.0" diff --git a/nix/checks.nix b/nix/checks.nix index 13be10f23..2997cef82 100644 --- a/nix/checks.nix +++ b/nix/checks.nix @@ -10,6 +10,7 @@ }: let pkgs-lib = pkgs.callPackage ./packages/lib.nix { + psql_14 = self'.packages."psql_14/bin"; psql_15 = self'.packages."psql_15/bin"; psql_17 = self'.packages."psql_17/bin"; psql_orioledb-17 = self'.packages."psql_orioledb-17/bin"; @@ -83,7 +84,7 @@ let name = pkg.version; in - if builtins.match "15.*" name != null then + if builtins.match "15.*" name != null || builtins.match "14.*" name != null then "15" else if builtins.match "17.*" name != null then "17" @@ -107,6 +108,8 @@ builtins.match "z_orioledb-17_.*" name != null else if version == "17" then builtins.match "z_17_.*" name != null + else if version == "14" then + builtins.match "z_15_.*" name != null else builtins.match "z_15_.*" name != null else @@ -122,11 +125,14 @@ version = builtins.trace "pgpkg.version is: ${pgpkg.version}" pgpkg.version; isOrioledbMatch = builtins.match "^17_[0-9]+$" version != null; isSeventeenMatch = builtins.match "^17[.][0-9]+$" version != null; + isFourteenMatch = builtins.match "^14[.][0-9]+$" version != null; result = if isOrioledbMatch then "orioledb-17" else if isSeventeenMatch then "17" + else if isFourteenMatch then + "14" else "15"; in @@ -140,6 +146,8 @@ "5535" else if (majorVersion == "15") then "5536" + else if (majorVersion == "14") then + "5538" else "5537"; @@ -221,6 +229,10 @@ exit 1 fi done + + # Print PostgreSQL version + echo "PostgreSQL version:" + postgres --version createdb -p ${pgPort} -h ${self.supabase.defaults.host} --username=supabase_admin testing if ! psql -p ${pgPort} -h ${self.supabase.defaults.host} --username=supabase_admin -d testing -v ON_ERROR_STOP=1 -Xf ${./tests/prime.sql}; then echo "Error executing SQL file. PostgreSQL log content:" @@ -290,6 +302,7 @@ psql_15 = makeCheckHarness self'.packages."psql_15/bin"; psql_17 = makeCheckHarness self'.packages."psql_17/bin"; psql_orioledb-17 = makeCheckHarness self'.packages."psql_orioledb-17/bin"; + psql_14 = makeCheckHarness self'.packages."psql_14/bin"; inherit (self'.packages) wal-g-2 wal-g-3 diff --git a/nix/config.nix b/nix/config.nix index b1ebe3fd7..df55ddf6c 100644 --- a/nix/config.nix +++ b/nix/config.nix @@ -41,6 +41,10 @@ in defaults = { }; supportedPostgresVersions = { postgres = { + "14" = { + version = "14.18"; + hash = "sha256-g6sp1r/D3Fiy7TxmQRT9++tqBFDEuNf6aa7pHjyhT44="; + }; "15" = { version = "15.8"; hash = "sha256-RANRX5pp7rPv68mPMLjGlhIr/fiV6Ss7I/W452nty2o="; diff --git a/nix/ext/pg_stat_monitor.nix b/nix/ext/pg_stat_monitor.nix index 742e1c0aa..c6d073e75 100644 --- a/nix/ext/pg_stat_monitor.nix +++ b/nix/ext/pg_stat_monitor.nix @@ -5,9 +5,23 @@ postgresql, }: +let + source = + if lib.versionAtLeast postgresql.version "15" then + { + version = "2.1.0"; + hash = "sha256-STJVvvrLVLe1JevNu6u6EftzAWv+X+J8lu66su7Or2s="; + } + else + { + version = "1.1.1"; + hash = "sha256-S4N4Xnbkz57ue6f/eGjuRi64xT0NXjpMJiNNZnbbvbU="; + }; +in + stdenv.mkDerivation rec { pname = "pg_stat_monitor"; - version = "2.1.0"; + inherit (source) version; buildInputs = [ postgresql ]; @@ -15,7 +29,7 @@ stdenv.mkDerivation rec { owner = "percona"; repo = pname; rev = "refs/tags/${version}"; - hash = "sha256-STJVvvrLVLe1JevNu6u6EftzAWv+X+J8lu66su7Or2s="; + hash = source.hash; }; makeFlags = [ "USE_PGXS=1" ]; @@ -33,6 +47,5 @@ stdenv.mkDerivation rec { homepage = "https://github.com/percona/${pname}"; platforms = postgresql.meta.platforms; license = licenses.postgresql; - broken = lib.versionOlder postgresql.version "15"; }; } diff --git a/nix/ext/pgaudit.nix b/nix/ext/pgaudit.nix index 3535447a7..830768e24 100644 --- a/nix/ext/pgaudit.nix +++ b/nix/ext/pgaudit.nix @@ -22,6 +22,10 @@ let version = "1.7.0"; hash = "sha256-8pShPr4HJaJQPjW1iPJIpj3CutTx8Tgr+rOqoXtgCcw="; }; + "14" = { + version = "1.6.3"; + hash = "sha256-KgLidJHjUK9BTp6ffmGUj1chcwIe6IzlcadRpGCfNdM="; + }; } .${lib.versions.major postgresql.version} or (throw "Source for pgaudit is not available for ${postgresql.version}"); diff --git a/nix/ext/versions.json b/nix/ext/versions.json index e5c4e90b1..6c40c1495 100644 --- a/nix/ext/versions.json +++ b/nix/ext/versions.json @@ -2,6 +2,7 @@ "wrappers": { "0.5.3": { "postgresql": [ + "14", "15", "17", "orioledb-17" diff --git a/nix/overlays/default.nix b/nix/overlays/default.nix index f6eda4243..0242ac435 100644 --- a/nix/overlays/default.nix +++ b/nix/overlays/default.nix @@ -7,6 +7,7 @@ # explicit is better. inherit (self.packages.${final.system}) + postgresql_14 postgresql_15 postgresql_17 postgresql_orioledb-17 diff --git a/nix/packages/default.nix b/nix/packages/default.nix index cd6d6a1d0..7873c8ebe 100644 --- a/nix/packages/default.nix +++ b/nix/packages/default.nix @@ -20,6 +20,7 @@ pkgs.callPackage ../ext/pg_regress.nix { postgresql = postgresqlPackage; }; pgsqlSuperuser = "supabase_admin"; pkgs-lib = pkgs.callPackage ./lib.nix { + psql_14 = self'.packages."psql_14/bin"; psql_15 = self'.packages."psql_15/bin"; psql_17 = self'.packages."psql_17/bin"; psql_orioledb-17 = self'.packages."psql_orioledb-17/bin"; @@ -43,6 +44,7 @@ run-testinfra = pkgs.callPackage ./run-testinfra.nix { }; show-commands = pkgs.callPackage ./show-commands.nix { }; start-client = pkgs.callPackage ./start-client.nix { + psql_14 = self'.packages."psql_14/bin"; psql_15 = self'.packages."psql_15/bin"; psql_17 = self'.packages."psql_17/bin"; psql_orioledb-17 = self'.packages."psql_orioledb-17/bin"; diff --git a/nix/packages/lib.nix b/nix/packages/lib.nix index 971909162..5d488d0f5 100644 --- a/nix/packages/lib.nix +++ b/nix/packages/lib.nix @@ -1,6 +1,7 @@ { psql_17, psql_15, + psql_14, psql_orioledb-17, defaults, supabase-groonga, @@ -76,6 +77,7 @@ SHELL_PATH = "${pkgs.bash}/bin/bash"; PGSQL_DEFAULT_PORT = "${defaults.port}"; PGSQL_SUPERUSER = "${defaults.superuser}"; + PSQL14_BINDIR = "${psql_14}"; PSQL15_BINDIR = "${psql_15}"; PSQL17_BINDIR = "${psql_17}"; PSQL_CONF_FILE = "${paths.pgconfigFile}"; diff --git a/nix/packages/postgres.nix b/nix/packages/postgres.nix index bf8710b4d..66170aede 100644 --- a/nix/packages/postgres.nix +++ b/nix/packages/postgres.nix @@ -165,6 +165,7 @@ recurseForDerivations = true; }; basePackages = { + psql_14 = makePostgres "14"; psql_15 = makePostgres "15"; psql_17 = makePostgres "17"; psql_orioledb-17 = makePostgres "orioledb-17"; diff --git a/nix/packages/start-client.nix b/nix/packages/start-client.nix index 84ab06209..f760fbc11 100644 --- a/nix/packages/start-client.nix +++ b/nix/packages/start-client.nix @@ -1,5 +1,6 @@ { runCommand, + psql_14, psql_15, psql_17, psql_orioledb-17, @@ -16,6 +17,7 @@ runCommand "start-postgres-client" { } '' substitute ${../tools/run-client.sh.in} $out/bin/start-postgres-client \ --subst-var-by 'PGSQL_DEFAULT_PORT' '${defaults.port}' \ --subst-var-by 'PGSQL_SUPERUSER' '${defaults.superuser}' \ + --subst-var-by 'PSQL14_BINDIR' '${psql_14}' \ --subst-var-by 'PSQL15_BINDIR' '${psql_15}' \ --subst-var-by 'PSQL17_BINDIR' '${psql_17}' \ --subst-var-by 'PSQLORIOLEDB17_BINDIR' '${psql_orioledb-17}' \ diff --git a/nix/tests/prime.sql b/nix/tests/prime.sql index fb724847f..d5042768b 100644 --- a/nix/tests/prime.sql +++ b/nix/tests/prime.sql @@ -53,7 +53,12 @@ create extension if not exists pg_surgery; create extension if not exists pg_tle; create extension if not exists pg_trgm; create extension if not exists pg_visibility; -create extension if not exists pg_walinspect; +DO $$ +BEGIN + IF current_setting('server_version_num')::integer >= 150000 THEN + CREATE EXTENSION IF NOT EXISTS pg_walinspect; + END IF; +END $$; create extension if not exists pgaudit; create extension if not exists pgcrypto; create extension if not exists pgtap; diff --git a/nix/tools/run-client.sh.in b/nix/tools/run-client.sh.in index 6acb4d6c0..329971178 100644 --- a/nix/tools/run-client.sh.in +++ b/nix/tools/run-client.sh.in @@ -13,7 +13,7 @@ print_help() { echo "Usage: nix run .#start-client -- [options]" echo echo "Options:" - echo " -v, --version [15|16|orioledb-16] Specify the PostgreSQL version to use (required)" + echo " -v, --version [14|15|16|orioledb-16] Specify the PostgreSQL version to use (required)" echo " -u, --user USER Specify the user/role to use (default: postgres)" echo " -h, --help Show this help message" echo @@ -81,7 +81,11 @@ if [[ -z "$PSQL_VERSION" ]]; then fi # Determine PostgreSQL version -if [ "$PSQL_VERSION" == "15" ]; then +if [ "$PSQL_VERSION" == "14" ]; then + echo "Starting client for PSQL 14" + PSQL14=@PSQL14_BINDIR@ + BINDIR="$PSQL14" +elif [ "$PSQL_VERSION" == "15" ]; then echo "Starting client for PSQL 15" PSQL15=@PSQL15_BINDIR@ BINDIR="$PSQL15" diff --git a/nix/tools/run-server.sh.in b/nix/tools/run-server.sh.in index 182cbe554..1f7c227e6 100644 --- a/nix/tools/run-server.sh.in +++ b/nix/tools/run-server.sh.in @@ -20,7 +20,7 @@ print_help() { echo " --getkey-script SCRIPT Provide a custom path to the PGSODIUM_GETKEY_SCRIPT" echo " -h, --help Show this help message" echo - echo "VERSION must be one of: 15, orioledb-17" + echo "VERSION must be one of: 14, 15, 17, orioledb-17" echo "PORT is optional (default: @PGSQL_DEFAULT_PORT@)" } @@ -141,7 +141,12 @@ else PGSODIUM_GETKEY_SCRIPT="${PGSODIUM_GETKEY_SCRIPT:-@PGSODIUM_GETKEY@}" fi # Verify version and set binary directory -if [ "$VERSION" == "15" ]; then + +if [ "$VERSION" == "14" ]; then + echo "Starting server for PSQL 14" + PSQL14=@PSQL14_BINDIR@ + BINDIR="$PSQL14" +elif [ "$VERSION" == "15" ]; then echo "Starting server for PSQL 15" PSQL15=@PSQL15_BINDIR@ BINDIR="$PSQL15" @@ -154,10 +159,10 @@ elif [ "$VERSION" == "orioledb-17" ]; then PSQLORIOLEDB17=@PSQLORIOLEDB17_BINDIR@ BINDIR="$PSQLORIOLEDB17" else - echo "Please provide a valid Postgres version (15, 17, orioledb-17)" + echo "Please provide a valid Postgres version (14, 15, 17, orioledb-17)" exit 1 fi - +echo "$BINDIR" # Set environment variables and paths export PATH=$BINDIR/bin:$PATH PGSQL_SUPERUSER=@PGSQL_SUPERUSER@