Merge remote-tracking branch 'origin/develop' into INDATA-152

* origin/develop:
  chore: bump Wrappers version to 0.5.7 (#1945)
  chore: bump versions (#1949)
  Revert "docs: create an automated changlog file that shows up in release file…" (#1948)
  chore: remove precreated Storage objects (#1911)
  refactor: Move PostgreSQL auto_explain config to conf.d (#1943)
  docs: create an automated changlog file that shows up in release files (#1793)
  fix: removing dead nix code (#1946)
  docs: expansion to help understand anatomy and code api in user here (#1944)
  fix: try to use mirror fallbacks for docker images (#1942)
  feat: need this workflow present to test (#1941)
  feat: Add PostgreSQL conf.d directory (#1929)
  [jj-spr] initial version (#1866)
  chore: upgrade supabase-admin-agent (#1935)
  fix: garbage collect after every profile intall + remove osquery (#1938)
  fix(ci): limit max-jobs of nix to 8 to prevent OOM while running nix flake check (#1933)
  Revert "fix: disable temporary Nix checks on aarch64-linux" (#1934)
  fix: adaptive retry on aws (#1917)
  fix: disable temporary Nix checks on aarch64-linux (#1930)
  feat: release orioledb with rewind functionality (#1880)
  feat: reduciton of closure size for plv8 (#1925)

Author: hunleyd

.github/actions/nix-install-ephemeral/action.yml

@@ -44,3 +44,4 @@ runs:
           substituters = https://cache.nixos.org https://nix-postgres-artifacts.s3.amazonaws.com
           trusted-public-keys = nix-postgres-artifacts:dGZlQOvKcNEjvT7QEAJbcV6b6uk7VF/hWMjhYleiaLI= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
           ${{ inputs.push-to-cache == 'true' && 'post-build-hook = /etc/nix/upload-to-cache.sh' || '' }}
+          max-jobs = 4

.github/workflows/base-image-nightly.yml

@@ -0,0 +1,85 @@
+name: Build Base Image Nightly
+
+on:
+  #schedule:
+  #  - cron: '0 2 * * *'  # 2 AM UTC daily
+  workflow_dispatch:
+    inputs:
+      branch:
+        description: 'Branch to build from'
+        required: false
+        default: 'develop'
+        type: string
+
+permissions:
+  contents: read
+  id-token: write
+
+jobs:
+  build-base-image:
+    runs-on: blacksmith-4vcpu-ubuntu-2404-arm
+    timeout-minutes: 150
+
+    steps:
+      - name: Checkout Repo
+        uses: supabase/postgres/.github/actions/shared-checkout@HEAD
+        with:
+          ref: ${{ github.event.inputs.branch || 'develop' }}
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ secrets.DEV_AWS_ROLE }}
+          aws-region: "us-east-1"
+          output-credentials: true
+          role-duration-seconds: 7200
+
+      - name: Install nix
+        uses: cachix/install-nix-action@v27
+        with:
+          install_url: https://releases.nixos.org/nix/nix-2.29.1/install
+          extra_nix_config: |
+            substituters = https://cache.nixos.org https://nix-postgres-artifacts.s3.amazonaws.com
+            trusted-public-keys = nix-postgres-artifacts:dGZlQOvKcNEjvT7QEAJbcV6b6uk7VF/hWMjhYleiaLI= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
+
+      - name: Set execution ID and timestamp
+        run: |
+          echo "EXECUTION_ID=${{ github.run_id }}-base-nightly" >> $GITHUB_ENV
+          echo "BUILD_TIMESTAMP=$(date -u +%Y%m%d-%H%M%S)" >> $GITHUB_ENV
+
+      - name: Build base stage 1 AMI
+        env:
+          AWS_MAX_ATTEMPTS: 10
+          AWS_RETRY_MODE: adaptive
+        run: |
+          GIT_SHA=${{ github.sha }}
+          nix run github:supabase/postgres/${GIT_SHA}#packer -- init amazon-arm64-nix.pkr.hcl
+          nix run github:supabase/postgres/${GIT_SHA}#packer -- build \
+            -var "git-head-version=${GIT_SHA}" \
+            -var "packer-execution-id=${EXECUTION_ID}" \
+            -var-file="development-arm.vars.pkr.hcl" \
+            -var "base-image-nightly=true" \
+            -var "build-timestamp=${BUILD_TIMESTAMP}" \
+            -var "region=us-east-1" \
+            -var 'ami_regions=["us-east-1","ap-southeast-1"]' \
+            amazon-arm64-nix.pkr.hcl
+
+      - name: Slack Notification on Failure
+        if: ${{ failure() }}
+        uses: rtCamp/action-slack-notify@v2
+        env:
+          SLACK_WEBHOOK: ${{ secrets.SLACK_NOTIFICATIONS_WEBHOOK }}
+          SLACK_USERNAME: 'gha-failures-notifier'
+          SLACK_COLOR: 'danger'
+          SLACK_MESSAGE: 'Building base image nightly failed'
+          SLACK_FOOTER: ''
+
+      - name: Cleanup resources after build
+        if: ${{ always() }}
+        run: |
+          aws ec2 --region us-east-1 describe-instances --filters "Name=tag:packerExecutionId,Values=${EXECUTION_ID}" --query "Reservations[].Instances[].InstanceId" --output text | xargs -r aws ec2 terminate-instances --region us-east-1 --instance-ids
+
+      - name: Cleanup resources on build cancellation
+        if: ${{ cancelled() }}
+        run: |
+          aws ec2 --region us-east-1 describe-instances --filters "Name=tag:packerExecutionId,Values=${EXECUTION_ID}" --query "Reservations[].Instances[].InstanceId" --output text | xargs -r aws ec2 terminate-instances --region us-east-1 --instance-ids

.github/workflows/nix-build.yml

@@ -24,7 +24,7 @@ jobs:
       fail-fast: false
       matrix:
         include:
-          - runner: blacksmith-32vcpu-ubuntu-2404	
+          - runner: blacksmith-32vcpu-ubuntu-2404
             arch: amd64
           - runner: blacksmith-32vcpu-ubuntu-2404-arm
             arch: arm64
@@ -66,11 +66,11 @@ jobs:
           sudo rm -rf /tmp/* 2>/dev/null || true
           echo "=== AFTER CLEANUP ==="
           df -h
-      - 
+      -
         name: Build psql bundle
         run: >
-          nix run "github:Mic92/nix-fast-build?rev=b1dae483ab7d4139a6297e02b6de9e5d30e43d48" 
-          -- --skip-cached --no-nom ${{ matrix.runner == 'macos-latest-xlarge' && '--max-jobs 1' || '' }}
+          nix run "github:Mic92/nix-fast-build?rev=b1dae483ab7d4139a6297e02b6de9e5d30e43d48"
+          -- --skip-cached --no-nom ${{ matrix.runner == 'macos-latest-xlarge' && '--max-jobs 1' || '' }} --copy-to "s3://nix-postgres-artifacts?secret-key=/etc/nix/nix-secret-key"
           --flake ".#checks.$(nix eval --raw --impure --expr 'builtins.currentSystem')"
         env:
           AWS_ACCESS_KEY_ID: ${{ env.AWS_ACCESS_KEY_ID }}

.github/workflows/testinfra-ami-build.yml

@@ -109,12 +109,18 @@ jobs:
           echo "" >> common-nix.vars.pkr.hcl
 
       - name: Build AMI stage 1
+        env:
+          AWS_MAX_ATTEMPTS: 10
+          AWS_RETRY_MODE: adaptive
         run: |
           GIT_SHA=${{github.sha}}
           nix run github:supabase/postgres/${GIT_SHA}#packer -- init amazon-arm64-nix.pkr.hcl
           nix run github:supabase/postgres/${GIT_SHA}#packer -- build -var "git-head-version=${GIT_SHA}" -var "packer-execution-id=${EXECUTION_ID}" -var-file="development-arm.vars.pkr.hcl" -var-file="common-nix.vars.pkr.hcl" -var "ansible_arguments=" -var "postgres-version=${{ steps.random.outputs.random_string }}" -var "region=ap-southeast-1" -var 'ami_regions=["ap-southeast-1"]' -var "force-deregister=true" -var "ansible_arguments=-e postgresql_major=${POSTGRES_MAJOR_VERSION}" amazon-arm64-nix.pkr.hcl
 
       - name: Build AMI stage 2
+        env:
+          AWS_MAX_ATTEMPTS: 10
+          AWS_RETRY_MODE: adaptive
         run: |
           GIT_SHA=${{github.sha}}
           nix run github:supabase/postgres/${GIT_SHA}#packer -- init stage2-nix-psql.pkr.hcl

Dockerfile-15

@@ -30,7 +30,7 @@ ARG pg_repack_release=1.4.8
 ARG vault_release=0.2.8
 ARG groonga_release=12.0.8
 ARG pgroonga_release=2.4.0
-ARG wrappers_release=0.5.6
+ARG wrappers_release=0.5.7
 ARG hypopg_release=1.3.1
 ARG pgvector_release=0.4.0
 ARG pg_tle_release=1.3.2
@@ -40,7 +40,56 @@ ARG wal_g_release=2.0.1
 
 FROM ubuntu:noble as base
 
-RUN apt update -y && apt install -y \
+# Create reusable apt mirror fallback function
+RUN echo '#!/bin/bash\n\
+apt_update_with_fallback() {\n\
+    local sources_file="/etc/apt/sources.list.d/ubuntu.sources"\n\
+    local max_attempts=2\n\
+    local attempt=1\n\
+    local mirrors="archive.ubuntu.com us.archive.ubuntu.com"\n\
+    \n\
+    for mirror in $mirrors; do\n\
+        echo "========================================="\n\
+        echo "Attempting apt-get update with mirror: ${mirror}"\n\
+        echo "Attempt ${attempt} of ${max_attempts}"\n\
+        echo "========================================="\n\
+        \n\
+        if [ -f "${sources_file}" ]; then\n\
+            sed -i "s|http://[^/]*/ubuntu/|http://${mirror}/ubuntu/|g" "${sources_file}"\n\
+        fi\n\
+        \n\
+        if timeout 300 apt-get update 2>&1; then\n\
+            echo "========================================="\n\
+            echo "✓ Successfully updated apt cache using mirror: ${mirror}"\n\
+            echo "========================================="\n\
+            return 0\n\
+        else\n\
+            local exit_code=$?\n\
+            echo "========================================="\n\
+            echo "✗ Failed to update using mirror: ${mirror}"\n\
+            echo "Exit code: ${exit_code}"\n\
+            echo "========================================="\n\
+            \n\
+            apt-get clean\n\
+            rm -rf /var/lib/apt/lists/*\n\
+            \n\
+            if [ ${attempt} -lt ${max_attempts} ]; then\n\
+                local sleep_time=$((attempt * 5))\n\
+                echo "Waiting ${sleep_time} seconds before trying next mirror..."\n\
+                sleep ${sleep_time}\n\
+            fi\n\
+        fi\n\
+        \n\
+        attempt=$((attempt + 1))\n\
+    done\n\
+    \n\
+    echo "========================================="\n\
+    echo "ERROR: All mirror tiers failed after ${max_attempts} attempts"\n\
+    echo "========================================="\n\
+    return 1\n\
+}' > /usr/local/bin/apt-update-fallback.sh && chmod +x /usr/local/bin/apt-update-fallback.sh
+
+RUN bash -c 'source /usr/local/bin/apt-update-fallback.sh && apt_update_with_fallback' && apt install -y \
     curl \
     gnupg \
     lsb-release \
@@ -96,13 +145,13 @@ RUN chown -R postgres:postgres /usr/lib/postgresql
 RUN ln -sf /usr/lib/postgresql/share/postgresql/timezonesets /usr/share/postgresql/timezonesets
 
 
-RUN apt-get update && \
+RUN bash -c 'source /usr/local/bin/apt-update-fallback.sh && apt_update_with_fallback' && \
     apt-get install -y --no-install-recommends tzdata
 
 RUN ln -fs /usr/share/zoneinfo/Etc/UTC /etc/localtime && \
     dpkg-reconfigure --frontend noninteractive tzdata
 
-RUN apt-get update && \
+RUN bash -c 'source /usr/local/bin/apt-update-fallback.sh && apt_update_with_fallback' && \
     apt-get install -y --no-install-recommends \
     build-essential \
     checkinstall \
@@ -143,7 +192,7 @@ WORKDIR /
 FROM base as gosu
 ARG TARGETARCH
 # Install dependencies
-RUN apt-get update && apt-get install -y --no-install-recommends \
+RUN bash -c 'source /usr/local/bin/apt-update-fallback.sh && apt_update_with_fallback' && apt-get install -y --no-install-recommends \
    gnupg \
    ca-certificates \
    && rm -rf /var/lib/apt/lists/*
@@ -174,6 +223,8 @@ COPY --chown=postgres:postgres ansible/files/postgresql_config/postgresql.conf.j
 COPY --chown=postgres:postgres ansible/files/postgresql_config/pg_hba.conf.j2 /etc/postgresql/pg_hba.conf
 COPY --chown=postgres:postgres ansible/files/postgresql_config/pg_ident.conf.j2 /etc/postgresql/pg_ident.conf
 COPY --chown=postgres:postgres ansible/files/postgresql_config/conf.d /etc/postgresql-custom/
+COPY --chown=postgres:postgres ansible/files/postgresql_config/postgresql-stdout-log.conf /etc/postgresql/logging.conf
+COPY --chown=postgres:postgres ansible/files/postgresql_config/supautils.conf.j2 /etc/postgresql-custom/supautils.conf
 COPY --chown=postgres:postgres ansible/files/postgresql_extension_custom_scripts /etc/postgresql-custom/extension-custom-scripts
 COPY --chown=postgres:postgres ansible/files/pgsodium_getkey_urandom.sh.j2 /usr/lib/postgresql/bin/pgsodium_getkey.sh
 COPY --chown=postgres:postgres ansible/files/walg_helper_scripts/wal_fetch.sh /home/postgres/wal_fetch.sh
@@ -185,7 +236,6 @@ RUN \
     #echo "pljava.libjvm_location = '/usr/lib/jvm/java-11-openjdk-${TARGETARCH}/lib/server/libjvm.so'" >> /etc/postgresql/postgresql.conf && \
     echo "pgsodium.getkey_script= '/usr/lib/postgresql/bin/pgsodium_getkey.sh'" >> /etc/postgresql/postgresql.conf && \    
     echo "vault.getkey_script= '/usr/lib/postgresql/bin/pgsodium_getkey.sh'" >> /etc/postgresql/postgresql.conf && \
-    echo 'auto_explain.log_min_duration = 10s' >> /etc/postgresql/postgresql.conf && \
     usermod -aG postgres wal-g && \
     mkdir -p /etc/postgresql-custom/conf.d && \
     chown -R postgres:postgres /etc/postgresql-custom
@@ -212,7 +262,7 @@ EXPOSE 5432
 ENV POSTGRES_HOST=/var/run/postgresql
 ENV POSTGRES_USER=supabase_admin
 ENV POSTGRES_DB=postgres
-RUN apt-get update && apt-get install -y --no-install-recommends \
+RUN bash -c 'source /usr/local/bin/apt-update-fallback.sh && apt_update_with_fallback' && apt-get install -y --no-install-recommends \
     locales \
     && rm -rf /var/lib/apt/lists/* && \
     localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 \

Dockerfile-17

@@ -31,7 +31,7 @@ ARG pg_repack_release=1.4.8
 ARG vault_release=0.2.8
 ARG groonga_release=12.0.8
 ARG pgroonga_release=2.4.0
-ARG wrappers_release=0.5.6
+ARG wrappers_release=0.5.7
 ARG hypopg_release=1.3.1
 ARG pgvector_release=0.4.0
 ARG pg_tle_release=1.3.2
@@ -41,7 +41,56 @@ ARG wal_g_release=3.0.5
 
 FROM ubuntu:noble as base
 
-RUN apt update -y && apt install -y \
+# Create reusable apt mirror fallback function
+RUN echo '#!/bin/bash\n\
+apt_update_with_fallback() {\n\
+    local sources_file="/etc/apt/sources.list.d/ubuntu.sources"\n\
+    local max_attempts=2\n\
+    local attempt=1\n\
+    local mirrors="archive.ubuntu.com us.archive.ubuntu.com"\n\
+    \n\
+    for mirror in $mirrors; do\n\
+        echo "========================================="\n\
+        echo "Attempting apt-get update with mirror: ${mirror}"\n\
+        echo "Attempt ${attempt} of ${max_attempts}"\n\
+        echo "========================================="\n\
+        \n\
+        if [ -f "${sources_file}" ]; then\n\
+            sed -i "s|http://[^/]*/ubuntu/|http://${mirror}/ubuntu/|g" "${sources_file}"\n\
+        fi\n\
+        \n\
+        if timeout 300 apt-get update 2>&1; then\n\
+            echo "========================================="\n\
+            echo "✓ Successfully updated apt cache using mirror: ${mirror}"\n\
+            echo "========================================="\n\
+            return 0\n\
+        else\n\
+            local exit_code=$?\n\
+            echo "========================================="\n\
+            echo "✗ Failed to update using mirror: ${mirror}"\n\
+            echo "Exit code: ${exit_code}"\n\
+            echo "========================================="\n\
+            \n\
+            apt-get clean\n\
+            rm -rf /var/lib/apt/lists/*\n\
+            \n\
+            if [ ${attempt} -lt ${max_attempts} ]; then\n\
+                local sleep_time=$((attempt * 5))\n\
+                echo "Waiting ${sleep_time} seconds before trying next mirror..."\n\
+                sleep ${sleep_time}\n\
+            fi\n\
+        fi\n\
+        \n\
+        attempt=$((attempt + 1))\n\
+    done\n\
+    \n\
+    echo "========================================="\n\
+    echo "ERROR: All mirror tiers failed after ${max_attempts} attempts"\n\
+    echo "========================================="\n\
+    return 1\n\
+}' > /usr/local/bin/apt-update-fallback.sh && chmod +x /usr/local/bin/apt-update-fallback.sh
+
+RUN bash -c 'source /usr/local/bin/apt-update-fallback.sh && apt_update_with_fallback' && apt install -y \
     curl \
     gnupg \
     lsb-release \
@@ -100,13 +149,13 @@ RUN chown -R postgres:postgres /usr/lib/postgresql
 RUN ln -sf /usr/lib/postgresql/share/postgresql/timezonesets /usr/share/postgresql/timezonesets
 
 
-RUN apt-get update && \
+RUN bash -c 'source /usr/local/bin/apt-update-fallback.sh && apt_update_with_fallback' && \
     apt-get install -y --no-install-recommends tzdata
 
 RUN ln -fs /usr/share/zoneinfo/Etc/UTC /etc/localtime && \
     dpkg-reconfigure --frontend noninteractive tzdata
 
-RUN apt-get update && \
+RUN bash -c 'source /usr/local/bin/apt-update-fallback.sh && apt_update_with_fallback' && \
     apt-get install -y --no-install-recommends \
     build-essential \
     checkinstall \
@@ -148,7 +197,7 @@ WORKDIR /
 FROM base as gosu
 ARG TARGETARCH
 # Install dependencies
-RUN apt-get update && apt-get install -y --no-install-recommends \
+RUN bash -c 'source /usr/local/bin/apt-update-fallback.sh && apt_update_with_fallback' && apt-get install -y --no-install-recommends \
    gnupg \
    ca-certificates \
    && rm -rf /var/lib/apt/lists/*
@@ -179,6 +228,8 @@ COPY --chown=postgres:postgres ansible/files/postgresql_config/postgresql.conf.j
 COPY --chown=postgres:postgres ansible/files/postgresql_config/pg_hba.conf.j2 /etc/postgresql/pg_hba.conf
 COPY --chown=postgres:postgres ansible/files/postgresql_config/pg_ident.conf.j2 /etc/postgresql/pg_ident.conf
 COPY --chown=postgres:postgres ansible/files/postgresql_config/conf.d /etc/postgresql-custom/
+COPY --chown=postgres:postgres ansible/files/postgresql_config/postgresql-stdout-log.conf /etc/postgresql/logging.conf
+COPY --chown=postgres:postgres ansible/files/postgresql_config/supautils.conf.j2 /etc/postgresql-custom/supautils.conf
 COPY --chown=postgres:postgres ansible/files/postgresql_extension_custom_scripts /etc/postgresql-custom/extension-custom-scripts
 COPY --chown=postgres:postgres ansible/files/pgsodium_getkey_urandom.sh.j2 /usr/lib/postgresql/bin/pgsodium_getkey.sh
 COPY --chown=postgres:postgres ansible/files/walg_helper_scripts/wal_fetch.sh /home/postgres/wal_fetch.sh
@@ -190,7 +241,6 @@ RUN \
     #echo "pljava.libjvm_location = '/usr/lib/jvm/java-11-openjdk-${TARGETARCH}/lib/server/libjvm.so'" >> /etc/postgresql/postgresql.conf && \
     echo "pgsodium.getkey_script= '/usr/lib/postgresql/bin/pgsodium_getkey.sh'" >> /etc/postgresql/postgresql.conf && \
     echo "vault.getkey_script= '/usr/lib/postgresql/bin/pgsodium_getkey.sh'" >> /etc/postgresql/postgresql.conf && \
-    echo 'auto_explain.log_min_duration = 10s' >> /etc/postgresql/postgresql.conf && \
     usermod -aG postgres wal-g && \
     mkdir -p /etc/postgresql-custom/conf.d && \
     chown -R postgres:postgres /etc/postgresql-custom
@@ -226,7 +276,7 @@ ENV POSTGRES_HOST=/var/run/postgresql
 ENV POSTGRES_USER=supabase_admin
 ENV POSTGRES_DB=postgres
 ENV POSTGRES_INITDB_ARGS="--allow-group-access --locale-provider=icu --encoding=UTF-8 --icu-locale=en_US.UTF-8"
-RUN apt-get update && apt-get install -y --no-install-recommends \
+RUN bash -c 'source /usr/local/bin/apt-update-fallback.sh && apt_update_with_fallback' && apt-get install -y --no-install-recommends \
     locales \
     && rm -rf /var/lib/apt/lists/* && \
     localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 \