Merge remote-tracking branch 'origin/develop' into INDATA-152

* origin/develop:
  chore: add our substituter config to flake.nix (#1839)
  refactor: improve test harness logging and error handling (#1834)
  feat: support multiple versions of the pgroonga extension (#1677)
  refactor(ansible): bring our ansible up to modern ansible-lint standards (#1862)
  fix: bump version for new release (#1860)

Author: hunleyd

Dockerfile-15

@@ -122,6 +122,20 @@ RUN nix profile install .#wal-g-3 && \
 
 RUN nix store gc
 
+WORKDIR /
+####################
+# setup-groonga
+####################
+FROM base as groonga
+
+WORKDIR /nixpg
+
+RUN nix profile install .#supabase-groonga && \
+    mkdir -p /tmp/groonga-plugins && \
+    cp -r /nix/var/nix/profiles/default/lib/groonga/plugins /tmp/groonga-plugins/
+
+RUN nix store gc
+
 WORKDIR /
 # ####################
 # # Download gosu for easy step-down from root
@@ -153,6 +167,7 @@ FROM gosu as production
 RUN id postgres || (echo "postgres user does not exist" && exit 1)
 # # Setup extensions
 COPY --from=walg /tmp/wal-g /usr/local/bin/
+COPY --from=groonga /tmp/groonga-plugins/plugins /usr/lib/groonga/plugins
 
 # # Initialise configs
 COPY --chown=postgres:postgres ansible/files/postgresql_config/postgresql.conf.j2 /etc/postgresql/postgresql.conf
@@ -210,4 +225,7 @@ ENV LOCALE_ARCHIVE /usr/lib/locale/locale-archive
 RUN mkdir -p /usr/share/postgresql/extension/ && \
     ln -s /usr/lib/postgresql/bin/pgsodium_getkey.sh /usr/share/postgresql/extension/pgsodium_getkey && \
     chmod +x /usr/lib/postgresql/bin/pgsodium_getkey.sh
+
+ENV GRN_PLUGINS_DIR=/usr/lib/groonga/plugins
+
 CMD ["postgres", "-D", "/etc/postgresql"]

Dockerfile-17

@@ -126,6 +126,20 @@ RUN nix profile install .#wal-g-3 && \
 
 RUN nix store gc
 
+WORKDIR /
+####################
+# setup-groonga
+####################
+FROM base as groonga
+
+WORKDIR /nixpg
+
+RUN nix profile install .#supabase-groonga && \
+    mkdir -p /tmp/groonga-plugins && \
+    cp -r /nix/var/nix/profiles/default/lib/groonga/plugins /tmp/groonga-plugins/
+
+RUN nix store gc
+
 WORKDIR /
 # ####################
 # # Download gosu for easy step-down from root
@@ -157,6 +171,7 @@ FROM gosu as production
 RUN id postgres || (echo "postgres user does not exist" && exit 1)
 # # Setup extensions
 COPY --from=walg /tmp/wal-g /usr/local/bin/
+COPY --from=groonga /tmp/groonga-plugins/plugins /usr/lib/groonga/plugins
 
 # # Initialise configs
 COPY --chown=postgres:postgres ansible/files/postgresql_config/postgresql.conf.j2 /etc/postgresql/postgresql.conf
@@ -223,4 +238,7 @@ ENV LOCALE_ARCHIVE /usr/lib/locale/locale-archive
 RUN mkdir -p /usr/share/postgresql/extension/ && \
     ln -s /usr/lib/postgresql/bin/pgsodium_getkey.sh /usr/share/postgresql/extension/pgsodium_getkey && \
     chmod +x /usr/lib/postgresql/bin/pgsodium_getkey.sh
+
+ENV GRN_PLUGINS_DIR=/usr/lib/groonga/plugins
+
 CMD ["postgres", "-D", "/etc/postgresql"]

Dockerfile-orioledb-17

@@ -126,6 +126,20 @@ RUN nix profile install .#wal-g-3 && \
 
 RUN nix store gc
 
+WORKDIR /
+####################
+# setup-groonga
+####################
+FROM base as groonga
+
+WORKDIR /nixpg
+
+RUN nix profile install .#supabase-groonga && \
+    mkdir -p /tmp/groonga-plugins && \
+    cp -r /nix/var/nix/profiles/default/lib/groonga/plugins /tmp/groonga-plugins/
+
+RUN nix store gc
+
 WORKDIR /
 # ####################
 # # Download gosu for easy step-down from root
@@ -157,6 +171,7 @@ FROM gosu as production
 RUN id postgres || (echo "postgres user does not exist" && exit 1)
 # # Setup extensions
 COPY --from=walg /tmp/wal-g /usr/local/bin/
+COPY --from=groonga /tmp/groonga-plugins/plugins /usr/lib/groonga/plugins
 
 # # Initialise configs
 COPY --chown=postgres:postgres ansible/files/postgresql_config/postgresql.conf.j2 /etc/postgresql/postgresql.conf
@@ -229,4 +244,6 @@ RUN mkdir -p /usr/share/postgresql/extension/ && \
     ln -s /usr/lib/postgresql/bin/pgsodium_getkey.sh /usr/share/postgresql/extension/pgsodium_getkey && \
     chmod +x /usr/lib/postgresql/bin/pgsodium_getkey.sh
 
+ENV GRN_PLUGINS_DIR=/usr/lib/groonga/plugins
+
 CMD ["postgres", "-D", "/etc/postgresql"]

ansible/tasks/setup-wal-g.yml

@@ -1,87 +1,94 @@
-- name: Create wal-g group
-  group:
-    name: wal-g
-    state: present
-  when: nixpkg_mode
+- name: Execute wal-g things when nixpkg_mode
+  when:
+    - nixpkg_mode
+  block:
+    - name: Create wal-g group
+      ansible.builtin.group:
+        name: 'wal-g'
+        state: 'present'
 
-- name: Create wal-g user
-  user:
-    name: wal-g
-    shell: /bin/false
-    comment: WAL-G user
-    group: wal-g
-    groups: wal-g, postgres
-  when: nixpkg_mode
-- name: Create a config directory owned by wal-g
-  file:
-    path: /etc/wal-g
-    state: directory
-    owner: wal-g
-    group: wal-g
-    mode: '0770'
-  when: nixpkg_mode
+    - name: Create wal-g user
+      ansible.builtin.user:
+        comment: 'WAL-G user'
+        group: 'wal-g'
+        groups: 'wal-g, postgres'
+        name: 'wal-g'
+        shell: '/usr/bin/nologin'
+        system: true
 
-- name: Install wal-g 2 from nix binary cache
-  become: yes
-  shell: |
-    sudo -u wal-g bash -c ". /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh && nix profile install github:supabase/postgres/{{ git_commit_sha }}#wal-g-2"
-  when: stage2_nix
+    - name: Create a config directory owned by wal-g
+      ansible.builtin.file:
+        group: 'wal-g'
+        mode: '0770'
+        owner: 'wal-g'
+        path: '/etc/wal-g'
+        state: 'directory'
 
-- name: Install wal-g 3 from nix binary cache
-  become: yes
-  shell: |
-    sudo -u wal-g bash -c ". /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh && nix profile install github:supabase/postgres/{{ git_commit_sha }}#wal-g-3"
-  when: stage2_nix
+- name: Execute wal-g things when stage2_nix
+  when:
+    - stage2_nix
+  block:
+    - name: Install wal-g 2 from nix binary cache
+      ansible.builtin.shell:
+        cmd: sudo -u wal-g bash -c ". /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh && nix profile install github:supabase/postgres/{{ git_commit_sha }}#wal-g-2"
+      become: true
 
-- name: Create symlink for wal-g-3 from Nix profile to /usr/local/bin
-  ansible.builtin.file:
-    src: /home/wal-g/.nix-profile/bin/wal-g-3
-    dest: /usr/local/bin/wal-g-v3
-    state: link
-    force: yes  # This will replace existing file/symlink if it exists
-  become: yes   # Need sudo to write to /usr/local/bin
-  when: stage2_nix
+    - name: Install wal-g 3 from nix binary cache
+      ansible.builtin.shell:
+        cmd: sudo -u wal-g bash -c ". /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh && nix profile install github:supabase/postgres/{{ git_commit_sha }}#wal-g-3"
+      become: true
 
-- name: Create symlink to make wal-g-v2 the default wal-g
-  ansible.builtin.file:
-    src: /home/wal-g/.nix-profile/bin/wal-g-2
-    dest: /usr/local/bin/wal-g
-    state: link
-    force: yes
-  become: yes
-  when: stage2_nix
+    - name: Create symlink for wal-g-3 from Nix profile to /usr/local/bin
+      ansible.builtin.file:
+        dest: '/usr/local/bin/wal-g-v3'
+        force: true
+        src: '/home/wal-g/.nix-profile/bin/wal-g-3'
+        state: 'link'
+      become: true
 
-- name: Create /etc/wal-g/config.json
-  file:
-    path: /etc/wal-g/config.json
-    state: touch
-    owner: wal-g
-    group: wal-g
-    mode: '0664'
-  when: stage2_nix
+    - name: Create symlink to make wal-g-v2 the default wal-g
+      ansible.builtin.file:
+        dest: '/usr/local/bin/wal-g'
+        force: true
+        src: '/home/wal-g/.nix-profile/bin/wal-g-2'
+        state: 'link'
+      become: true
 
-- name: Move custom wal-g.conf file to /etc/postgresql-custom/conf.d/wal-g.conf
-  copy:
-    src: "files/postgresql_config/conf.d/wal-g.conf"
-    dest: /etc/postgresql-custom/conf.d/wal-g.conf
-    mode: 0664
-    owner: postgres
-    group: postgres
-  when: stage2_nix
+    - name: Create /etc/wal-g/config.json
+      ansible.builtin.file:
+        group: 'wal-g'
+        mode: '0664'
+        owner: 'wal-g'
+        path: '/etc/wal-g/config.json'
+        state: 'touch'
 
-- name: Add script to be run for restore_command
-  template:
-    src: "files/walg_helper_scripts/wal_fetch.sh"
-    dest: /home/postgres/wal_fetch.sh
-    mode: 0500
-    owner: postgres
-    group: postgres
-  when: stage2_nix
+    - name: Move custom wal-g.conf file to /etc/postgresql-custom/wal-g.conf
+      ansible.builtin.template:
+        dest: '/etc/postgresql-custom/wal-g.conf'
+        group: 'postgres'
+        mode: '0664'
+        owner: 'postgres'
+        src: 'files/postgresql_config/custom_walg.conf.j2'
 
-- name: Add helper script for wal_fetch.sh
-  template:
-    src: "files/walg_helper_scripts/wal_change_ownership.sh"
-    dest: /root/wal_change_ownership.sh
-    mode: 0700
-    owner: root
-  when: stage2_nix
+    - name: Add script to be run for restore_command
+      ansible.builtin.template:
+        dest: '/home/postgres/wal_fetch.sh'
+        group: 'postgres'
+        mode: '0500'
+        owner: 'postgres'
+        src: 'files/walg_helper_scripts/wal_fetch.sh'
+
+    - name: Add helper script for wal_fetch.sh
+      ansible.builtin.template:
+        dest: '/root/wal_change_ownership.sh'
+        mode: '0700'
+        owner: 'root'
+        src: 'files/walg_helper_scripts/wal_change_ownership.sh'
+
+    - name: Move custom wal-g.conf file to /etc/postgresql-custom/conf.d/wal-g.conf
+      ansible.builtin.copy:
+        dest: '/etc/postgresql-custom/conf.d/wal-g.conf'
+        group: 'postgresq'
+        mode: '0664'
+        owner: 'postgres'
+        src: 'files/postgresql_config/conf.d/wal-g.conf'

ansible/vars.yml

@@ -10,9 +10,9 @@ postgres_major:
 
 # Full version strings for each major version
 postgres_release:
-  postgresorioledb-17: "17.5.1.048-orioledb"
-  postgres17: "17.6.1.027"
-  postgres15: "15.14.1.027"
+  postgresorioledb-17: "17.5.1.050-orioledb"
+  postgres17: "17.6.1.029"
+  postgres15: "15.14.1.029"
 
 # Non Postgres Extensions
 pgbouncer_release: 1.19.0

flake.nix

@@ -1,6 +1,11 @@
 {
   description = "Prototype tooling for deploying PostgreSQL";
-
+  nixConfig = {
+    extra-substituters = [ "https://nix-postgres-artifacts.s3.amazonaws.com" ];
+    extra-trusted-public-keys = [
+      "nix-postgres-artifacts:dGZlQOvKcNEjvT7QEAJbcV6b6uk7VF/hWMjhYleiaLI="
+    ];
+  };
   inputs = {
     nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable";
     flake-utils.url = "github:numtide/flake-utils";
@@ -30,7 +35,6 @@
         nix/checks.nix
         nix/config.nix
         nix/devShells.nix
-        nix/ext
         nix/fmt.nix
         nix/hooks.nix
         nix/nixpkgs.nix