From d245f0a65027281aadee8c716c1b11ebeb729fd3 Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Fri, 23 May 2025 14:40:05 -0400 Subject: [PATCH 01/18] feat: support a pg 14 version of postgres bundle --- nix/postgresql/14.nix | 14 ++++++++++++++ nix/tools/run-client.sh.in | 8 ++++++-- nix/tools/run-server.sh.in | 9 +++++++-- 3 files changed, 27 insertions(+), 4 deletions(-) create mode 100644 nix/postgresql/14.nix diff --git a/nix/postgresql/14.nix b/nix/postgresql/14.nix new file mode 100644 index 000000000..daec57264 --- /dev/null +++ b/nix/postgresql/14.nix @@ -0,0 +1,14 @@ +import ./generic.nix { + version = "14.18"; + hash = "sha256-g6sp1r/D3Fiy7TxmQRT9++tqBFDEuNf6aa7pHjyhT44="; + # muslPatches = { + # disable-test-collate-icu-utf8 = { + # url = "https://git.alpinelinux.org/aports/plain/main/postgresql14/disable-test-collate.icu.utf8.patch?id=56999e6d0265ceff5c5239f85fdd33e146f06cb7"; + # hash = "sha256-jXe23AxnFjEl+TZQm4R7rStk2Leo08ctxMNmu1xr5zM="; + # }; + # dont-use-locale-a = { + # url = "https://git.alpinelinux.org/aports/plain/main/postgresql14/dont-use-locale-a-on-musl.patch?id=56999e6d0265ceff5c5239f85fdd33e146f06cb7"; + # hash = "sha256-fk+y/SvyA4Tt8OIvDl7rje5dLs3Zw+Ln1oddyYzerOo="; + # }; + # }; +} \ No newline at end of file diff --git a/nix/tools/run-client.sh.in b/nix/tools/run-client.sh.in index 6acb4d6c0..329971178 100644 --- a/nix/tools/run-client.sh.in +++ b/nix/tools/run-client.sh.in @@ -13,7 +13,7 @@ print_help() { echo "Usage: nix run .#start-client -- [options]" echo echo "Options:" - echo " -v, --version [15|16|orioledb-16] Specify the PostgreSQL version to use (required)" + echo " -v, --version [14|15|16|orioledb-16] Specify the PostgreSQL version to use (required)" echo " -u, --user USER Specify the user/role to use (default: postgres)" echo " -h, --help Show this help message" echo @@ -81,7 +81,11 @@ if [[ -z "$PSQL_VERSION" ]]; then fi # Determine PostgreSQL version -if [ "$PSQL_VERSION" == "15" ]; then +if [ "$PSQL_VERSION" == "14" ]; then + echo "Starting client for PSQL 14" + PSQL14=@PSQL14_BINDIR@ + BINDIR="$PSQL14" +elif [ "$PSQL_VERSION" == "15" ]; then echo "Starting client for PSQL 15" PSQL15=@PSQL15_BINDIR@ BINDIR="$PSQL15" diff --git a/nix/tools/run-server.sh.in b/nix/tools/run-server.sh.in index 182cbe554..d37e3433f 100644 --- a/nix/tools/run-server.sh.in +++ b/nix/tools/run-server.sh.in @@ -141,7 +141,12 @@ else PGSODIUM_GETKEY_SCRIPT="${PGSODIUM_GETKEY_SCRIPT:-@PGSODIUM_GETKEY@}" fi # Verify version and set binary directory -if [ "$VERSION" == "15" ]; then + +if [ "$VERSION" == "14" ]; then + echo "Starting server for PSQL 14" + PSQL14=@PSQL14_BINDIR@ + BINDIR="$PSQL14" +elif [ "$VERSION" == "15" ]; then echo "Starting server for PSQL 15" PSQL15=@PSQL15_BINDIR@ BINDIR="$PSQL15" @@ -154,7 +159,7 @@ elif [ "$VERSION" == "orioledb-17" ]; then PSQLORIOLEDB17=@PSQLORIOLEDB17_BINDIR@ BINDIR="$PSQLORIOLEDB17" else - echo "Please provide a valid Postgres version (15, 17, orioledb-17)" + echo "Please provide a valid Postgres version (14, 15, 17, orioledb-17)" exit 1 fi From a8bdfb8f5cf5aa7556d634e6cd2e995af1e85db1 Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Fri, 23 May 2025 14:42:21 -0400 Subject: [PATCH 02/18] chore: cleanup pkg --- nix/postgresql/14.nix | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) diff --git a/nix/postgresql/14.nix b/nix/postgresql/14.nix index daec57264..35d48e3fe 100644 --- a/nix/postgresql/14.nix +++ b/nix/postgresql/14.nix @@ -1,14 +1,5 @@ import ./generic.nix { version = "14.18"; hash = "sha256-g6sp1r/D3Fiy7TxmQRT9++tqBFDEuNf6aa7pHjyhT44="; - # muslPatches = { - # disable-test-collate-icu-utf8 = { - # url = "https://git.alpinelinux.org/aports/plain/main/postgresql14/disable-test-collate.icu.utf8.patch?id=56999e6d0265ceff5c5239f85fdd33e146f06cb7"; - # hash = "sha256-jXe23AxnFjEl+TZQm4R7rStk2Leo08ctxMNmu1xr5zM="; - # }; - # dont-use-locale-a = { - # url = "https://git.alpinelinux.org/aports/plain/main/postgresql14/dont-use-locale-a-on-musl.patch?id=56999e6d0265ceff5c5239f85fdd33e146f06cb7"; - # hash = "sha256-fk+y/SvyA4Tt8OIvDl7rje5dLs3Zw+Ln1oddyYzerOo="; - # }; - # }; -} \ No newline at end of file + +} From 9548899d6ebdc9f91e7b287a9f1186ce26349cc4 Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Tue, 27 May 2025 15:52:43 -0400 Subject: [PATCH 03/18] test: collect garbage --- .github/workflows/test.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 6be368784..779245bd2 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -71,6 +71,7 @@ jobs: echo "EOF" >> $GITHUB_OUTPUT - name: verify schema.sql is committed run: | + nix-collect-garbage -d nix run github:supabase/postgres/${{ github.sha }}#dbmate-tool -- --version ${{ env.PGMAJOR }} --flake-url github:supabase/postgres/${{ github.sha }} if ! git diff --exit-code --quiet migrations/schema-${{ env.PGMAJOR }}.sql; then echo "Detected changes in schema.sql:" From 9b2434873b73c10708ae482b6f8d76c68f1cbd4b Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Tue, 27 May 2025 18:45:18 -0400 Subject: [PATCH 04/18] feat: workflow_dispatch release of single version of postgres --- .github/workflows/ami-release-nix-single.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/ami-release-nix-single.yml b/.github/workflows/ami-release-nix-single.yml index d99939f1d..5e241e9e7 100644 --- a/.github/workflows/ami-release-nix-single.yml +++ b/.github/workflows/ami-release-nix-single.yml @@ -148,5 +148,9 @@ jobs: - name: Cleanup resources on build cancellation if: ${{ cancelled() }} run: | +<<<<<<< HEAD aws ec2 describe-instances --filters "Name=tag:packerExecutionId,Values=${GITHUB_RUN_ID}" --query "Reservations[].Instances[].InstanceId" --output text | xargs -r aws ec2 terminate-instances --instance-ids +======= + aws ec2 describe-instances --filters "Name=tag:packerExecutionId,Values=${GITHUB_RUN_ID}" --query "Reservations[].Instances[].InstanceId" --output text | xargs -r aws ec2 terminate-instances --instance-ids +>>>>>>> 0bbd35ab (feat: workflow_dispatch release of single version of postgres) From 5a8368594cc12c60bdbc7d9b55a473070be14c52 Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Wed, 28 May 2025 15:02:10 -0400 Subject: [PATCH 05/18] chore: include pg 14 in versions --- .github/workflows/ami-release-nix-single.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.github/workflows/ami-release-nix-single.yml b/.github/workflows/ami-release-nix-single.yml index 5e241e9e7..d99939f1d 100644 --- a/.github/workflows/ami-release-nix-single.yml +++ b/.github/workflows/ami-release-nix-single.yml @@ -148,9 +148,5 @@ jobs: - name: Cleanup resources on build cancellation if: ${{ cancelled() }} run: | -<<<<<<< HEAD aws ec2 describe-instances --filters "Name=tag:packerExecutionId,Values=${GITHUB_RUN_ID}" --query "Reservations[].Instances[].InstanceId" --output text | xargs -r aws ec2 terminate-instances --instance-ids -======= - aws ec2 describe-instances --filters "Name=tag:packerExecutionId,Values=${GITHUB_RUN_ID}" --query "Reservations[].Instances[].InstanceId" --output text | xargs -r aws ec2 terminate-instances --instance-ids ->>>>>>> 0bbd35ab (feat: workflow_dispatch release of single version of postgres) From e6e5951551f5e7e0dec157ee602f4826dc31f84d Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Thu, 29 May 2025 08:54:50 -0400 Subject: [PATCH 06/18] chore: version bump for test --- ansible/vars.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ansible/vars.yml b/ansible/vars.yml index cae51b58d..3f1abe2db 100644 --- a/ansible/vars.yml +++ b/ansible/vars.yml @@ -13,6 +13,11 @@ postgres_release: postgres17: "17.4.1.057" postgres15: "15.8.1.114" +# Note, postgres14 AMI image is not built on every release, but is available in the nix cache. +# postgres14 is included here to support upgrading from postgres14 to newer versions. +# an image can be created with a special workflow that builds postgres14 image. +# Supabase will not create and release postgres14 images other than as a utility for internal use. + # Non Postgres Extensions pgbouncer_release: "1.19.0" pgbouncer_release_checksum: sha256:af0b05e97d0e1fd9ad45fe00ea6d2a934c63075f67f7e2ccef2ca59e3d8ce682 From 6d33d7b25fc9862e26e6910d1ba0860b267615fd Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Thu, 29 May 2025 09:25:40 -0400 Subject: [PATCH 07/18] chore: bump version and include workflow to run from this branch --- .github/workflows/ami-release-nix-single.yml | 133 +++++++++++++++++++ ansible/vars.yml | 3 +- 2 files changed, 135 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ami-release-nix-single.yml b/.github/workflows/ami-release-nix-single.yml index d99939f1d..7823981f1 100644 --- a/.github/workflows/ami-release-nix-single.yml +++ b/.github/workflows/ami-release-nix-single.yml @@ -150,3 +150,136 @@ jobs: run: | aws ec2 describe-instances --filters "Name=tag:packerExecutionId,Values=${GITHUB_RUN_ID}" --query "Reservations[].Instances[].InstanceId" --output text | xargs -r aws ec2 terminate-instances --instance-ids +name: Release Single AMI Nix + +on: + workflow_dispatch: + inputs: + postgres_version: + description: 'PostgreSQL major version to build (e.g. 15)' + required: true + type: string + branch: + description: 'Branch to run the workflow from' + required: true + type: string + default: 'main' + +permissions: + contents: write + id-token: write + +jobs: + build: + runs-on: arm-runner + timeout-minutes: 150 + + steps: + - name: Checkout Repo + uses: actions/checkout@v3 + with: + ref: ${{ github.event.inputs.branch }} + + - name: Get current branch SHA + id: get_sha + run: | + echo "sha=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT + - uses: DeterminateSystems/nix-installer-action@main + + - name: Set PostgreSQL version environment variable + run: echo "POSTGRES_MAJOR_VERSION=${{ github.event.inputs.postgres_version }}" >> $GITHUB_ENV + + - name: Generate common-nix.vars.pkr.hcl + run: | + PG_VERSION=$(sudo nix run nixpkgs#yq -- '.postgres_release["postgres'${{ env.POSTGRES_MAJOR_VERSION }}'"]' ansible/vars.yml) + PG_VERSION=$(echo "$PG_VERSION" | tr -d '"') # Remove any surrounding quotes + echo 'postgres-version = "'$PG_VERSION'"' > common-nix.vars.pkr.hcl + # Ensure there's a newline at the end of the file + echo "" >> common-nix.vars.pkr.hcl + - name: Build AMI stage 1 + env: + POSTGRES_MAJOR_VERSION: ${{ env.POSTGRES_MAJOR_VERSION }} + run: | + packer init amazon-arm64-nix.pkr.hcl + GIT_SHA=${{ steps.get_sha.outputs.sha }} + packer build -var "git-head-version=${GIT_SHA}" -var "packer-execution-id=${GITHUB_RUN_ID}" -var-file="development-arm.vars.pkr.hcl" -var-file="common-nix.vars.pkr.hcl" -var "ansible_arguments=-e postgresql_major=${POSTGRES_MAJOR_VERSION}" amazon-arm64-nix.pkr.hcl + - name: Build AMI stage 2 + env: + POSTGRES_MAJOR_VERSION: ${{ env.POSTGRES_MAJOR_VERSION }} + run: | + packer init stage2-nix-psql.pkr.hcl + GIT_SHA=${{ steps.get_sha.outputs.sha }} + POSTGRES_MAJOR_VERSION=${{ env.POSTGRES_MAJOR_VERSION }} + packer build -var "git_sha=${GIT_SHA}" -var "git-head-version=${GIT_SHA}" -var "packer-execution-id=${GITHUB_RUN_ID}" -var "postgres_major_version=${POSTGRES_MAJOR_VERSION}" -var-file="development-arm.vars.pkr.hcl" -var-file="common-nix.vars.pkr.hcl" stage2-nix-psql.pkr.hcl + - name: Grab release version + id: process_release_version + run: | + VERSION=$(cat common-nix.vars.pkr.hcl | sed -e 's/postgres-version = "\(.*\)"/\1/g') + echo "version=$VERSION" >> $GITHUB_OUTPUT + - name: Create nix flake revision tarball + run: | + GIT_SHA=${{ steps.get_sha.outputs.sha }} + MAJOR_VERSION=${{ env.POSTGRES_MAJOR_VERSION }} + mkdir -p "/tmp/pg_upgrade_bin/${MAJOR_VERSION}" + echo "$GIT_SHA" >> "/tmp/pg_upgrade_bin/${MAJOR_VERSION}/nix_flake_version" + tar -czf "/tmp/pg_binaries.tar.gz" -C "/tmp/pg_upgrade_bin" . + - name: configure aws credentials - staging + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ secrets.DEV_AWS_ROLE }} + aws-region: "us-east-1" + + - name: Upload software manifest to s3 staging + run: | + cd ansible + ansible-playbook -i localhost \ + -e "ami_release_version=${{ steps.process_release_version.outputs.version }}" \ + -e "internal_artifacts_bucket=${{ secrets.ARTIFACTS_BUCKET }}" \ + -e "postgres_major_version=${{ env.POSTGRES_MAJOR_VERSION }}" \ + manifest-playbook.yml + - name: Upload nix flake revision to s3 staging + run: | + aws s3 cp /tmp/pg_binaries.tar.gz s3://${{ secrets.ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/20.04.tar.gz + - name: configure aws credentials - prod + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ secrets.PROD_AWS_ROLE }} + aws-region: "us-east-1" + + - name: Upload software manifest to s3 prod + run: | + cd ansible + ansible-playbook -i localhost \ + -e "ami_release_version=${{ steps.process_release_version.outputs.version }}" \ + -e "internal_artifacts_bucket=${{ secrets.PROD_ARTIFACTS_BUCKET }}" \ + -e "postgres_major_version=${{ env.POSTGRES_MAJOR_VERSION }}" \ + manifest-playbook.yml + + - name: Upload nix flake revision to s3 prod + run: | + aws s3 cp /tmp/pg_binaries.tar.gz s3://${{ secrets.PROD_ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/20.04.tar.gz + - name: Create release + uses: softprops/action-gh-release@v2 + with: + name: ${{ steps.process_release_version.outputs.version }} + tag_name: ${{ steps.process_release_version.outputs.version }} + target_commitish: ${{ steps.get_sha.outputs.sha }} + + - name: Slack Notification on Failure + if: ${{ failure() }} + uses: rtCamp/action-slack-notify@v2 + env: + SLACK_WEBHOOK: ${{ secrets.SLACK_NOTIFICATIONS_WEBHOOK }} + SLACK_USERNAME: 'gha-failures-notifier' + SLACK_COLOR: 'danger' + SLACK_MESSAGE: 'Building Postgres AMI failed' + SLACK_FOOTER: '' + + - name: Cleanup resources after build + if: ${{ always() }} + run: | + aws ec2 describe-instances --filters "Name=tag:packerExecutionId,Values=${GITHUB_RUN_ID}" --query "Reservations[].Instances[].InstanceId" --output text | xargs -r aws ec2 terminate-instances --instance-ids + - name: Cleanup resources on build cancellation + if: ${{ cancelled() }} + run: | + aws ec2 describe-instances --filters "Name=tag:packerExecutionId,Values=${GITHUB_RUN_ID}" --query "Reservations[].Instances[].InstanceId" --output text | xargs -r aws ec2 terminate-instances --instance-ids diff --git a/ansible/vars.yml b/ansible/vars.yml index 3f1abe2db..9066c26f5 100644 --- a/ansible/vars.yml +++ b/ansible/vars.yml @@ -12,7 +12,8 @@ postgres_release: postgresorioledb-17: "17.0.1.107-orioledb" postgres17: "17.4.1.057" postgres15: "15.8.1.114" - + postgres14: "14.18.1.001-test-2" + # Note, postgres14 AMI image is not built on every release, but is available in the nix cache. # postgres14 is included here to support upgrading from postgres14 to newer versions. # an image can be created with a special workflow that builds postgres14 image. From 9ff2608e520bba6b6baf2974688cdd4fd4fa91f6 Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Thu, 29 May 2025 11:37:51 -0400 Subject: [PATCH 08/18] chore: bump test version --- ansible/vars.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/vars.yml b/ansible/vars.yml index 9066c26f5..6afb76a48 100644 --- a/ansible/vars.yml +++ b/ansible/vars.yml @@ -2,6 +2,7 @@ supabase_internal: true ebssurrogate_mode: true async_mode: true +# versions listed here will have an image built for them. postgres_major: - "15" - "17" @@ -14,7 +15,6 @@ postgres_release: postgres15: "15.8.1.114" postgres14: "14.18.1.001-test-2" -# Note, postgres14 AMI image is not built on every release, but is available in the nix cache. # postgres14 is included here to support upgrading from postgres14 to newer versions. # an image can be created with a special workflow that builds postgres14 image. # Supabase will not create and release postgres14 images other than as a utility for internal use. From a1b846496e8524b0dedacf72ab590e01104770b5 Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Tue, 15 Jul 2025 11:37:52 -0400 Subject: [PATCH 09/18] chore: bump release to test --- ansible/vars.yml | 14 +++++++++----- nix/config.nix | 4 ++++ nix/ext/pg_stat_monitor.nix | 19 ++++++++++++++++--- nix/ext/pgaudit.nix | 4 ++++ nix/ext/versions.json | 1 + nix/overlays/default.nix | 1 + nix/packages/default.nix | 2 ++ nix/packages/lib.nix | 2 ++ nix/packages/postgres.nix | 1 + nix/packages/start-client.nix | 2 ++ nix/postgresql/14.nix | 5 ----- nix/tools/run-server.sh.in | 4 ++-- 12 files changed, 44 insertions(+), 15 deletions(-) delete mode 100644 nix/postgresql/14.nix diff --git a/ansible/vars.yml b/ansible/vars.yml index 6afb76a48..091189a15 100644 --- a/ansible/vars.yml +++ b/ansible/vars.yml @@ -10,14 +10,18 @@ postgres_major: # Full version strings for each major version postgres_release: - postgresorioledb-17: "17.0.1.107-orioledb" - postgres17: "17.4.1.057" - postgres15: "15.8.1.114" - postgres14: "14.18.1.001-test-2" - + postgresorioledb-17: "17.0.1.107-orioledb-rc1" + postgres17: "17.4.1.057-rc1" + postgres15: "15.8.1.114-rc1" + postgres14: "14.18.1.001-rc1" #legacy for internal maintenance only. + +# Note, postgres14 is not built on every release, but is available in the nix cache. # postgres14 is included here to support upgrading from postgres14 to newer versions. # an image can be created with a special workflow that builds postgres14 image. # Supabase will not create and release postgres14 images other than as a utility for internal use. +# Supase strongly recommends using postgres17 or newer for self-hosted Supabase/postgres. +# Supabase offers no support of any kind for postgres14. + # Non Postgres Extensions pgbouncer_release: "1.19.0" diff --git a/nix/config.nix b/nix/config.nix index b1ebe3fd7..df55ddf6c 100644 --- a/nix/config.nix +++ b/nix/config.nix @@ -41,6 +41,10 @@ in defaults = { }; supportedPostgresVersions = { postgres = { + "14" = { + version = "14.18"; + hash = "sha256-g6sp1r/D3Fiy7TxmQRT9++tqBFDEuNf6aa7pHjyhT44="; + }; "15" = { version = "15.8"; hash = "sha256-RANRX5pp7rPv68mPMLjGlhIr/fiV6Ss7I/W452nty2o="; diff --git a/nix/ext/pg_stat_monitor.nix b/nix/ext/pg_stat_monitor.nix index 742e1c0aa..c6d073e75 100644 --- a/nix/ext/pg_stat_monitor.nix +++ b/nix/ext/pg_stat_monitor.nix @@ -5,9 +5,23 @@ postgresql, }: +let + source = + if lib.versionAtLeast postgresql.version "15" then + { + version = "2.1.0"; + hash = "sha256-STJVvvrLVLe1JevNu6u6EftzAWv+X+J8lu66su7Or2s="; + } + else + { + version = "1.1.1"; + hash = "sha256-S4N4Xnbkz57ue6f/eGjuRi64xT0NXjpMJiNNZnbbvbU="; + }; +in + stdenv.mkDerivation rec { pname = "pg_stat_monitor"; - version = "2.1.0"; + inherit (source) version; buildInputs = [ postgresql ]; @@ -15,7 +29,7 @@ stdenv.mkDerivation rec { owner = "percona"; repo = pname; rev = "refs/tags/${version}"; - hash = "sha256-STJVvvrLVLe1JevNu6u6EftzAWv+X+J8lu66su7Or2s="; + hash = source.hash; }; makeFlags = [ "USE_PGXS=1" ]; @@ -33,6 +47,5 @@ stdenv.mkDerivation rec { homepage = "https://github.com/percona/${pname}"; platforms = postgresql.meta.platforms; license = licenses.postgresql; - broken = lib.versionOlder postgresql.version "15"; }; } diff --git a/nix/ext/pgaudit.nix b/nix/ext/pgaudit.nix index 3535447a7..830768e24 100644 --- a/nix/ext/pgaudit.nix +++ b/nix/ext/pgaudit.nix @@ -22,6 +22,10 @@ let version = "1.7.0"; hash = "sha256-8pShPr4HJaJQPjW1iPJIpj3CutTx8Tgr+rOqoXtgCcw="; }; + "14" = { + version = "1.6.3"; + hash = "sha256-KgLidJHjUK9BTp6ffmGUj1chcwIe6IzlcadRpGCfNdM="; + }; } .${lib.versions.major postgresql.version} or (throw "Source for pgaudit is not available for ${postgresql.version}"); diff --git a/nix/ext/versions.json b/nix/ext/versions.json index e5c4e90b1..6c40c1495 100644 --- a/nix/ext/versions.json +++ b/nix/ext/versions.json @@ -2,6 +2,7 @@ "wrappers": { "0.5.3": { "postgresql": [ + "14", "15", "17", "orioledb-17" diff --git a/nix/overlays/default.nix b/nix/overlays/default.nix index f6eda4243..0242ac435 100644 --- a/nix/overlays/default.nix +++ b/nix/overlays/default.nix @@ -7,6 +7,7 @@ # explicit is better. inherit (self.packages.${final.system}) + postgresql_14 postgresql_15 postgresql_17 postgresql_orioledb-17 diff --git a/nix/packages/default.nix b/nix/packages/default.nix index cd6d6a1d0..b8fbc4b46 100644 --- a/nix/packages/default.nix +++ b/nix/packages/default.nix @@ -20,6 +20,7 @@ pkgs.callPackage ../ext/pg_regress.nix { postgresql = postgresqlPackage; }; pgsqlSuperuser = "supabase_admin"; pkgs-lib = pkgs.callPackage ./lib.nix { + psql_legacy-14 = self'.packages."psql_legacy-14/bin"; psql_15 = self'.packages."psql_15/bin"; psql_17 = self'.packages."psql_17/bin"; psql_orioledb-17 = self'.packages."psql_orioledb-17/bin"; @@ -43,6 +44,7 @@ run-testinfra = pkgs.callPackage ./run-testinfra.nix { }; show-commands = pkgs.callPackage ./show-commands.nix { }; start-client = pkgs.callPackage ./start-client.nix { + psql_legacy-14 = self'.packages."psql_legacy-14/bin"; psql_15 = self'.packages."psql_15/bin"; psql_17 = self'.packages."psql_17/bin"; psql_orioledb-17 = self'.packages."psql_orioledb-17/bin"; diff --git a/nix/packages/lib.nix b/nix/packages/lib.nix index 971909162..31d0f7484 100644 --- a/nix/packages/lib.nix +++ b/nix/packages/lib.nix @@ -1,6 +1,7 @@ { psql_17, psql_15, + psql_legacy-14, psql_orioledb-17, defaults, supabase-groonga, @@ -76,6 +77,7 @@ SHELL_PATH = "${pkgs.bash}/bin/bash"; PGSQL_DEFAULT_PORT = "${defaults.port}"; PGSQL_SUPERUSER = "${defaults.superuser}"; + PSQL14_BINDIR = "${psql_legacy-14}"; PSQL15_BINDIR = "${psql_15}"; PSQL17_BINDIR = "${psql_17}"; PSQL_CONF_FILE = "${paths.pgconfigFile}"; diff --git a/nix/packages/postgres.nix b/nix/packages/postgres.nix index bf8710b4d..a612edd49 100644 --- a/nix/packages/postgres.nix +++ b/nix/packages/postgres.nix @@ -165,6 +165,7 @@ recurseForDerivations = true; }; basePackages = { + psql_legacy-14 = makePostgres "14"; psql_15 = makePostgres "15"; psql_17 = makePostgres "17"; psql_orioledb-17 = makePostgres "orioledb-17"; diff --git a/nix/packages/start-client.nix b/nix/packages/start-client.nix index 84ab06209..d1b427440 100644 --- a/nix/packages/start-client.nix +++ b/nix/packages/start-client.nix @@ -1,5 +1,6 @@ { runCommand, + psql_legacy-14, psql_15, psql_17, psql_orioledb-17, @@ -16,6 +17,7 @@ runCommand "start-postgres-client" { } '' substitute ${../tools/run-client.sh.in} $out/bin/start-postgres-client \ --subst-var-by 'PGSQL_DEFAULT_PORT' '${defaults.port}' \ --subst-var-by 'PGSQL_SUPERUSER' '${defaults.superuser}' \ + --subst-var-by 'PSQL14_BINDIR' '${psql_legacy-14}' \ --subst-var-by 'PSQL15_BINDIR' '${psql_15}' \ --subst-var-by 'PSQL17_BINDIR' '${psql_17}' \ --subst-var-by 'PSQLORIOLEDB17_BINDIR' '${psql_orioledb-17}' \ diff --git a/nix/postgresql/14.nix b/nix/postgresql/14.nix deleted file mode 100644 index 35d48e3fe..000000000 --- a/nix/postgresql/14.nix +++ /dev/null @@ -1,5 +0,0 @@ -import ./generic.nix { - version = "14.18"; - hash = "sha256-g6sp1r/D3Fiy7TxmQRT9++tqBFDEuNf6aa7pHjyhT44="; - -} diff --git a/nix/tools/run-server.sh.in b/nix/tools/run-server.sh.in index d37e3433f..1f7c227e6 100644 --- a/nix/tools/run-server.sh.in +++ b/nix/tools/run-server.sh.in @@ -20,7 +20,7 @@ print_help() { echo " --getkey-script SCRIPT Provide a custom path to the PGSODIUM_GETKEY_SCRIPT" echo " -h, --help Show this help message" echo - echo "VERSION must be one of: 15, orioledb-17" + echo "VERSION must be one of: 14, 15, 17, orioledb-17" echo "PORT is optional (default: @PGSQL_DEFAULT_PORT@)" } @@ -162,7 +162,7 @@ else echo "Please provide a valid Postgres version (14, 15, 17, orioledb-17)" exit 1 fi - +echo "$BINDIR" # Set environment variables and paths export PATH=$BINDIR/bin:$PATH PGSQL_SUPERUSER=@PGSQL_SUPERUSER@ From 24d1315af10d25e2e3249c4d7adfbce38f453b7f Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Tue, 15 Jul 2025 12:44:16 -0400 Subject: [PATCH 10/18] fix: duplicate code in workflow --- .github/workflows/ami-release-nix-single.yml | 134 ------------------- 1 file changed, 134 deletions(-) diff --git a/.github/workflows/ami-release-nix-single.yml b/.github/workflows/ami-release-nix-single.yml index 7823981f1..cd5d412a5 100644 --- a/.github/workflows/ami-release-nix-single.yml +++ b/.github/workflows/ami-release-nix-single.yml @@ -149,137 +149,3 @@ jobs: if: ${{ cancelled() }} run: | aws ec2 describe-instances --filters "Name=tag:packerExecutionId,Values=${GITHUB_RUN_ID}" --query "Reservations[].Instances[].InstanceId" --output text | xargs -r aws ec2 terminate-instances --instance-ids - -name: Release Single AMI Nix - -on: - workflow_dispatch: - inputs: - postgres_version: - description: 'PostgreSQL major version to build (e.g. 15)' - required: true - type: string - branch: - description: 'Branch to run the workflow from' - required: true - type: string - default: 'main' - -permissions: - contents: write - id-token: write - -jobs: - build: - runs-on: arm-runner - timeout-minutes: 150 - - steps: - - name: Checkout Repo - uses: actions/checkout@v3 - with: - ref: ${{ github.event.inputs.branch }} - - - name: Get current branch SHA - id: get_sha - run: | - echo "sha=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT - - uses: DeterminateSystems/nix-installer-action@main - - - name: Set PostgreSQL version environment variable - run: echo "POSTGRES_MAJOR_VERSION=${{ github.event.inputs.postgres_version }}" >> $GITHUB_ENV - - - name: Generate common-nix.vars.pkr.hcl - run: | - PG_VERSION=$(sudo nix run nixpkgs#yq -- '.postgres_release["postgres'${{ env.POSTGRES_MAJOR_VERSION }}'"]' ansible/vars.yml) - PG_VERSION=$(echo "$PG_VERSION" | tr -d '"') # Remove any surrounding quotes - echo 'postgres-version = "'$PG_VERSION'"' > common-nix.vars.pkr.hcl - # Ensure there's a newline at the end of the file - echo "" >> common-nix.vars.pkr.hcl - - name: Build AMI stage 1 - env: - POSTGRES_MAJOR_VERSION: ${{ env.POSTGRES_MAJOR_VERSION }} - run: | - packer init amazon-arm64-nix.pkr.hcl - GIT_SHA=${{ steps.get_sha.outputs.sha }} - packer build -var "git-head-version=${GIT_SHA}" -var "packer-execution-id=${GITHUB_RUN_ID}" -var-file="development-arm.vars.pkr.hcl" -var-file="common-nix.vars.pkr.hcl" -var "ansible_arguments=-e postgresql_major=${POSTGRES_MAJOR_VERSION}" amazon-arm64-nix.pkr.hcl - - name: Build AMI stage 2 - env: - POSTGRES_MAJOR_VERSION: ${{ env.POSTGRES_MAJOR_VERSION }} - run: | - packer init stage2-nix-psql.pkr.hcl - GIT_SHA=${{ steps.get_sha.outputs.sha }} - POSTGRES_MAJOR_VERSION=${{ env.POSTGRES_MAJOR_VERSION }} - packer build -var "git_sha=${GIT_SHA}" -var "git-head-version=${GIT_SHA}" -var "packer-execution-id=${GITHUB_RUN_ID}" -var "postgres_major_version=${POSTGRES_MAJOR_VERSION}" -var-file="development-arm.vars.pkr.hcl" -var-file="common-nix.vars.pkr.hcl" stage2-nix-psql.pkr.hcl - - name: Grab release version - id: process_release_version - run: | - VERSION=$(cat common-nix.vars.pkr.hcl | sed -e 's/postgres-version = "\(.*\)"/\1/g') - echo "version=$VERSION" >> $GITHUB_OUTPUT - - name: Create nix flake revision tarball - run: | - GIT_SHA=${{ steps.get_sha.outputs.sha }} - MAJOR_VERSION=${{ env.POSTGRES_MAJOR_VERSION }} - mkdir -p "/tmp/pg_upgrade_bin/${MAJOR_VERSION}" - echo "$GIT_SHA" >> "/tmp/pg_upgrade_bin/${MAJOR_VERSION}/nix_flake_version" - tar -czf "/tmp/pg_binaries.tar.gz" -C "/tmp/pg_upgrade_bin" . - - name: configure aws credentials - staging - uses: aws-actions/configure-aws-credentials@v4 - with: - role-to-assume: ${{ secrets.DEV_AWS_ROLE }} - aws-region: "us-east-1" - - - name: Upload software manifest to s3 staging - run: | - cd ansible - ansible-playbook -i localhost \ - -e "ami_release_version=${{ steps.process_release_version.outputs.version }}" \ - -e "internal_artifacts_bucket=${{ secrets.ARTIFACTS_BUCKET }}" \ - -e "postgres_major_version=${{ env.POSTGRES_MAJOR_VERSION }}" \ - manifest-playbook.yml - - name: Upload nix flake revision to s3 staging - run: | - aws s3 cp /tmp/pg_binaries.tar.gz s3://${{ secrets.ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/20.04.tar.gz - - name: configure aws credentials - prod - uses: aws-actions/configure-aws-credentials@v4 - with: - role-to-assume: ${{ secrets.PROD_AWS_ROLE }} - aws-region: "us-east-1" - - - name: Upload software manifest to s3 prod - run: | - cd ansible - ansible-playbook -i localhost \ - -e "ami_release_version=${{ steps.process_release_version.outputs.version }}" \ - -e "internal_artifacts_bucket=${{ secrets.PROD_ARTIFACTS_BUCKET }}" \ - -e "postgres_major_version=${{ env.POSTGRES_MAJOR_VERSION }}" \ - manifest-playbook.yml - - - name: Upload nix flake revision to s3 prod - run: | - aws s3 cp /tmp/pg_binaries.tar.gz s3://${{ secrets.PROD_ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/20.04.tar.gz - - name: Create release - uses: softprops/action-gh-release@v2 - with: - name: ${{ steps.process_release_version.outputs.version }} - tag_name: ${{ steps.process_release_version.outputs.version }} - target_commitish: ${{ steps.get_sha.outputs.sha }} - - - name: Slack Notification on Failure - if: ${{ failure() }} - uses: rtCamp/action-slack-notify@v2 - env: - SLACK_WEBHOOK: ${{ secrets.SLACK_NOTIFICATIONS_WEBHOOK }} - SLACK_USERNAME: 'gha-failures-notifier' - SLACK_COLOR: 'danger' - SLACK_MESSAGE: 'Building Postgres AMI failed' - SLACK_FOOTER: '' - - - name: Cleanup resources after build - if: ${{ always() }} - run: | - aws ec2 describe-instances --filters "Name=tag:packerExecutionId,Values=${GITHUB_RUN_ID}" --query "Reservations[].Instances[].InstanceId" --output text | xargs -r aws ec2 terminate-instances --instance-ids - - name: Cleanup resources on build cancellation - if: ${{ cancelled() }} - run: | - aws ec2 describe-instances --filters "Name=tag:packerExecutionId,Values=${GITHUB_RUN_ID}" --query "Reservations[].Instances[].InstanceId" --output text | xargs -r aws ec2 terminate-instances --instance-ids From 76ccfed8967c7aa156997fe4f47899b96b419096 Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Tue, 15 Jul 2025 13:23:05 -0400 Subject: [PATCH 11/18] fix: rebase dropped needed lines of code. restoring --- nix/checks.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nix/checks.nix b/nix/checks.nix index 13be10f23..db18ab6af 100644 --- a/nix/checks.nix +++ b/nix/checks.nix @@ -10,6 +10,7 @@ }: let pkgs-lib = pkgs.callPackage ./packages/lib.nix { + psql_legacy-14 = self'.packages."psql_legacy-14/bin"; psql_15 = self'.packages."psql_15/bin"; psql_17 = self'.packages."psql_17/bin"; psql_orioledb-17 = self'.packages."psql_orioledb-17/bin"; From e46b6c8b89837bc9d2cc5a2c90eb29f33f8b6f87 Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Tue, 15 Jul 2025 13:46:47 -0400 Subject: [PATCH 12/18] fix: checks must run even on legacy to build and cache --- nix/checks.nix | 14 +++++++++++++- nix/tests/prime.sql | 7 ++++++- 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/nix/checks.nix b/nix/checks.nix index db18ab6af..dafbb8e47 100644 --- a/nix/checks.nix +++ b/nix/checks.nix @@ -84,7 +84,7 @@ let name = pkg.version; in - if builtins.match "15.*" name != null then + if builtins.match "15.*" name != null || builtins.match "14.*" name != null then "15" else if builtins.match "17.*" name != null then "17" @@ -108,6 +108,8 @@ builtins.match "z_orioledb-17_.*" name != null else if version == "17" then builtins.match "z_17_.*" name != null + else if version == "14" then + builtins.match "z_15_.*" name != null else builtins.match "z_15_.*" name != null else @@ -123,11 +125,14 @@ version = builtins.trace "pgpkg.version is: ${pgpkg.version}" pgpkg.version; isOrioledbMatch = builtins.match "^17_[0-9]+$" version != null; isSeventeenMatch = builtins.match "^17[.][0-9]+$" version != null; + isFourteenMatch = builtins.match "^14[.][0-9]+$" version != null; result = if isOrioledbMatch then "orioledb-17" else if isSeventeenMatch then "17" + else if isFourteenMatch then + "14" else "15"; in @@ -141,6 +146,8 @@ "5535" else if (majorVersion == "15") then "5536" + else if (majorVersion == "14") then + "5538" else "5537"; @@ -222,6 +229,10 @@ exit 1 fi done + + # Print PostgreSQL version + echo "PostgreSQL version:" + postgres --version createdb -p ${pgPort} -h ${self.supabase.defaults.host} --username=supabase_admin testing if ! psql -p ${pgPort} -h ${self.supabase.defaults.host} --username=supabase_admin -d testing -v ON_ERROR_STOP=1 -Xf ${./tests/prime.sql}; then echo "Error executing SQL file. PostgreSQL log content:" @@ -291,6 +302,7 @@ psql_15 = makeCheckHarness self'.packages."psql_15/bin"; psql_17 = makeCheckHarness self'.packages."psql_17/bin"; psql_orioledb-17 = makeCheckHarness self'.packages."psql_orioledb-17/bin"; + psql_legacy-14 = makeCheckHarness self'.packages."psql_legacy-14/bin"; inherit (self'.packages) wal-g-2 wal-g-3 diff --git a/nix/tests/prime.sql b/nix/tests/prime.sql index fb724847f..d5042768b 100644 --- a/nix/tests/prime.sql +++ b/nix/tests/prime.sql @@ -53,7 +53,12 @@ create extension if not exists pg_surgery; create extension if not exists pg_tle; create extension if not exists pg_trgm; create extension if not exists pg_visibility; -create extension if not exists pg_walinspect; +DO $$ +BEGIN + IF current_setting('server_version_num')::integer >= 150000 THEN + CREATE EXTENSION IF NOT EXISTS pg_walinspect; + END IF; +END $$; create extension if not exists pgaudit; create extension if not exists pgcrypto; create extension if not exists pgtap; From 87afdb944db54e100a9770e5b279b5c53c0a593f Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Tue, 15 Jul 2025 16:47:54 -0400 Subject: [PATCH 13/18] fix: yq is actually named yq-go in nixpkgs due to conflict --- .github/workflows/ami-release-nix-single.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ami-release-nix-single.yml b/.github/workflows/ami-release-nix-single.yml index cd5d412a5..f2b1264c3 100644 --- a/.github/workflows/ami-release-nix-single.yml +++ b/.github/workflows/ami-release-nix-single.yml @@ -47,7 +47,7 @@ jobs: - name: Generate common-nix.vars.pkr.hcl run: | - PG_VERSION=$(nix run nixpkgs#yq -- '.postgres_release["postgres'${{ env.POSTGRES_MAJOR_VERSION }}'"]' ansible/vars.yml) + PG_VERSION=$(nix run nixpkgs#yq-go -- '.postgres_release["postgres'${{ env.POSTGRES_MAJOR_VERSION }}'"]' ansible/vars.yml) PG_VERSION=$(echo "$PG_VERSION" | tr -d '"') # Remove any surrounding quotes echo 'postgres-version = "'$PG_VERSION'"' > common-nix.vars.pkr.hcl # Ensure there's a newline at the end of the file From 852cbcc89e07f06785a26c6f3c09a8b89db246ff Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Wed, 16 Jul 2025 07:18:51 -0400 Subject: [PATCH 14/18] fix: drop legacy string --- nix/checks.nix | 4 ++-- nix/packages/default.nix | 4 ++-- nix/packages/lib.nix | 4 ++-- nix/packages/postgres.nix | 2 +- nix/packages/start-client.nix | 4 ++-- 5 files changed, 9 insertions(+), 9 deletions(-) diff --git a/nix/checks.nix b/nix/checks.nix index dafbb8e47..2997cef82 100644 --- a/nix/checks.nix +++ b/nix/checks.nix @@ -10,7 +10,7 @@ }: let pkgs-lib = pkgs.callPackage ./packages/lib.nix { - psql_legacy-14 = self'.packages."psql_legacy-14/bin"; + psql_14 = self'.packages."psql_14/bin"; psql_15 = self'.packages."psql_15/bin"; psql_17 = self'.packages."psql_17/bin"; psql_orioledb-17 = self'.packages."psql_orioledb-17/bin"; @@ -302,7 +302,7 @@ psql_15 = makeCheckHarness self'.packages."psql_15/bin"; psql_17 = makeCheckHarness self'.packages."psql_17/bin"; psql_orioledb-17 = makeCheckHarness self'.packages."psql_orioledb-17/bin"; - psql_legacy-14 = makeCheckHarness self'.packages."psql_legacy-14/bin"; + psql_14 = makeCheckHarness self'.packages."psql_14/bin"; inherit (self'.packages) wal-g-2 wal-g-3 diff --git a/nix/packages/default.nix b/nix/packages/default.nix index b8fbc4b46..7873c8ebe 100644 --- a/nix/packages/default.nix +++ b/nix/packages/default.nix @@ -20,7 +20,7 @@ pkgs.callPackage ../ext/pg_regress.nix { postgresql = postgresqlPackage; }; pgsqlSuperuser = "supabase_admin"; pkgs-lib = pkgs.callPackage ./lib.nix { - psql_legacy-14 = self'.packages."psql_legacy-14/bin"; + psql_14 = self'.packages."psql_14/bin"; psql_15 = self'.packages."psql_15/bin"; psql_17 = self'.packages."psql_17/bin"; psql_orioledb-17 = self'.packages."psql_orioledb-17/bin"; @@ -44,7 +44,7 @@ run-testinfra = pkgs.callPackage ./run-testinfra.nix { }; show-commands = pkgs.callPackage ./show-commands.nix { }; start-client = pkgs.callPackage ./start-client.nix { - psql_legacy-14 = self'.packages."psql_legacy-14/bin"; + psql_14 = self'.packages."psql_14/bin"; psql_15 = self'.packages."psql_15/bin"; psql_17 = self'.packages."psql_17/bin"; psql_orioledb-17 = self'.packages."psql_orioledb-17/bin"; diff --git a/nix/packages/lib.nix b/nix/packages/lib.nix index 31d0f7484..5d488d0f5 100644 --- a/nix/packages/lib.nix +++ b/nix/packages/lib.nix @@ -1,7 +1,7 @@ { psql_17, psql_15, - psql_legacy-14, + psql_14, psql_orioledb-17, defaults, supabase-groonga, @@ -77,7 +77,7 @@ SHELL_PATH = "${pkgs.bash}/bin/bash"; PGSQL_DEFAULT_PORT = "${defaults.port}"; PGSQL_SUPERUSER = "${defaults.superuser}"; - PSQL14_BINDIR = "${psql_legacy-14}"; + PSQL14_BINDIR = "${psql_14}"; PSQL15_BINDIR = "${psql_15}"; PSQL17_BINDIR = "${psql_17}"; PSQL_CONF_FILE = "${paths.pgconfigFile}"; diff --git a/nix/packages/postgres.nix b/nix/packages/postgres.nix index a612edd49..66170aede 100644 --- a/nix/packages/postgres.nix +++ b/nix/packages/postgres.nix @@ -165,7 +165,7 @@ recurseForDerivations = true; }; basePackages = { - psql_legacy-14 = makePostgres "14"; + psql_14 = makePostgres "14"; psql_15 = makePostgres "15"; psql_17 = makePostgres "17"; psql_orioledb-17 = makePostgres "orioledb-17"; diff --git a/nix/packages/start-client.nix b/nix/packages/start-client.nix index d1b427440..f760fbc11 100644 --- a/nix/packages/start-client.nix +++ b/nix/packages/start-client.nix @@ -1,6 +1,6 @@ { runCommand, - psql_legacy-14, + psql_14, psql_15, psql_17, psql_orioledb-17, @@ -17,7 +17,7 @@ runCommand "start-postgres-client" { } '' substitute ${../tools/run-client.sh.in} $out/bin/start-postgres-client \ --subst-var-by 'PGSQL_DEFAULT_PORT' '${defaults.port}' \ --subst-var-by 'PGSQL_SUPERUSER' '${defaults.superuser}' \ - --subst-var-by 'PSQL14_BINDIR' '${psql_legacy-14}' \ + --subst-var-by 'PSQL14_BINDIR' '${psql_14}' \ --subst-var-by 'PSQL15_BINDIR' '${psql_15}' \ --subst-var-by 'PSQL17_BINDIR' '${psql_17}' \ --subst-var-by 'PSQLORIOLEDB17_BINDIR' '${psql_orioledb-17}' \ From 35ad54c21721279b38f7fba285182abdb5fc59aa Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Wed, 16 Jul 2025 08:56:54 -0400 Subject: [PATCH 15/18] tests: bump testing release --- ansible/vars.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/ansible/vars.yml b/ansible/vars.yml index 091189a15..abef8e867 100644 --- a/ansible/vars.yml +++ b/ansible/vars.yml @@ -10,10 +10,10 @@ postgres_major: # Full version strings for each major version postgres_release: - postgresorioledb-17: "17.0.1.107-orioledb-rc1" - postgres17: "17.4.1.057-rc1" - postgres15: "15.8.1.114-rc1" - postgres14: "14.18.1.001-rc1" #legacy for internal maintenance only. + postgresorioledb-17: "17.0.1.108-orioledb-rc2" + postgres17: "17.4.1.058-rc2" + postgres15: "15.8.1.115-rc2" + postgres14: "14.18.1.001-rc2" #legacy for internal maintenance only. # Note, postgres14 is not built on every release, but is available in the nix cache. # postgres14 is included here to support upgrading from postgres14 to newer versions. From 4897f1c667671f40425e5a9b2f1184d1ac0d1707 Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Wed, 16 Jul 2025 12:49:56 -0400 Subject: [PATCH 16/18] feat: allow single ami release option to publish to prod --- .github/workflows/ami-release-nix-single.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/.github/workflows/ami-release-nix-single.yml b/.github/workflows/ami-release-nix-single.yml index f2b1264c3..6699dbf64 100644 --- a/.github/workflows/ami-release-nix-single.yml +++ b/.github/workflows/ami-release-nix-single.yml @@ -12,6 +12,11 @@ on: required: true type: string default: 'main' + release_to_prod: + description: 'Release AMI to production (will also create GitHub release)' + required: false + type: boolean + default: false permissions: contents: write @@ -105,12 +110,14 @@ jobs: aws s3 cp /tmp/pg_binaries.tar.gz s3://${{ secrets.ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/20.04.tar.gz - name: configure aws credentials - prod + if: ${{ github.event.inputs.release_to_prod == 'true' }} uses: aws-actions/configure-aws-credentials@v4 with: role-to-assume: ${{ secrets.PROD_AWS_ROLE }} aws-region: "us-east-1" - name: Upload software manifest to s3 prod + if: ${{ github.event.inputs.release_to_prod == 'true' }} run: | cd ansible ansible-playbook -i localhost \ @@ -120,10 +127,12 @@ jobs: manifest-playbook.yml - name: Upload nix flake revision to s3 prod + if: ${{ github.event.inputs.release_to_prod == 'true' }} run: | aws s3 cp /tmp/pg_binaries.tar.gz s3://${{ secrets.PROD_ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/20.04.tar.gz - name: Create release + if: ${{ github.event.inputs.release_to_prod == 'true' }} uses: softprops/action-gh-release@v2 with: name: ${{ steps.process_release_version.outputs.version }} From 0a89442dec045a5e82b0b30503571b98bb8dd4e6 Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Wed, 16 Jul 2025 13:04:14 -0400 Subject: [PATCH 17/18] chore: bump suffix --- ansible/vars.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ansible/vars.yml b/ansible/vars.yml index abef8e867..ebfa8554a 100644 --- a/ansible/vars.yml +++ b/ansible/vars.yml @@ -11,9 +11,9 @@ postgres_major: # Full version strings for each major version postgres_release: postgresorioledb-17: "17.0.1.108-orioledb-rc2" - postgres17: "17.4.1.058-rc2" - postgres15: "15.8.1.115-rc2" - postgres14: "14.18.1.001-rc2" #legacy for internal maintenance only. + postgres17: "17.4.1.058-rc3" + postgres15: "15.8.1.115-rc3" + postgres14: "14.18.1.001-rc3" #legacy for internal maintenance only. # Note, postgres14 is not built on every release, but is available in the nix cache. # postgres14 is included here to support upgrading from postgres14 to newer versions. From 486de509cf037c72c04320d1d1538ea83436a99c Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Wed, 16 Jul 2025 17:48:01 -0400 Subject: [PATCH 18/18] chore: non suffix for 14.8 --- ansible/vars.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/vars.yml b/ansible/vars.yml index ebfa8554a..cd46344d8 100644 --- a/ansible/vars.yml +++ b/ansible/vars.yml @@ -13,7 +13,7 @@ postgres_release: postgresorioledb-17: "17.0.1.108-orioledb-rc2" postgres17: "17.4.1.058-rc3" postgres15: "15.8.1.115-rc3" - postgres14: "14.18.1.001-rc3" #legacy for internal maintenance only. + postgres14: "14.18.1.002" #legacy for internal maintenance only. # Note, postgres14 is not built on every release, but is available in the nix cache. # postgres14 is included here to support upgrading from postgres14 to newer versions.