supabase · samrose · Jun 24, 2024 · Jun 24, 2024 · Jun 24, 2024 · Jun 24, 2024
@@ -0,0 +1,120 @@
+name: Release AMI Nix
+
+on:
+  # push:
+  #   branches:
+  #     - sam/nix-and-conventional-ami
+  #     - '.github/workflows/ami-release-nix.yml'
+  #     - 'common-nix.vars.pkr.hcl'
+  workflow_dispatch:
+
+jobs:
+  build:
+    strategy:
+      matrix:
+        include:
+          - runner: arm-runner
+            arch: arm64
+            ubuntu_release: focal
+            ubuntu_version: 20.04
+            mcpu: neoverse-n1
+    runs-on: ${{ matrix.runner }}
+    timeout-minutes: 150
+    permissions:
+      contents: write
+      packages: write
+      id-token: write
+
+    steps:
+      - name: Checkout Repo
+        uses: actions/checkout@v3
+
+      - name: Run checks if triggered manually
+        if: ${{ github.event_name == 'workflow_dispatch' }}
+        # Update `ci.yaml` too if changing constraints.
+        run: |
+          SUFFIX=$(sed -E 's/postgres-version = "[0-9\.]+(.*)"/\1/g' common-nix.vars.pkr.hcl)
+          if [[ -z $SUFFIX ]] ; then
+            echo "Version must include non-numeric characters if built manually."
+            exit 1
+          fi
+
+      # extensions are build in nix prior to this step
+      # so we can just use the binaries from the nix store
+      # for postgres, extensions and wrappers
+
+      - name: Build AMI stage 1
+        run: |
+          packer init amazon-arm64-nix.pkr.hcl
+          GIT_SHA=${{github.sha}}
+          packer build -var "git-head-version=${GIT_SHA}" -var "packer-execution-id=${GITHUB_RUN_ID}" -var-file="development-arm.vars.pkr.hcl" -var-file="common-nix.vars.pkr.hcl" -var "ansible_arguments="  amazon-arm64-nix.pkr.hcl
+
+      - name: Build AMI stage 2
+        run: |
+          packer init stage2-nix-psql.pkr.hcl
+          GIT_SHA=${{github.sha}}
+          packer build -var "git-head-version=${GIT_SHA}" -var "packer-execution-id=${GITHUB_RUN_ID}" -var-file="development-arm.vars.pkr.hcl" -var-file="common-nix.vars.pkr.hcl" stage2-nix-psql.pkr.hcl
+
+      - name: Grab release version
+        id: process_release_version
+        run: |
+          VERSION=$(sed -e 's/postgres-version = "\(.*\)"/\1/g' common-nix.vars.pkr.hcl)
+          echo "version=$VERSION" >> "$GITHUB_OUTPUT"
+
+      - name: configure aws credentials - staging
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ secrets.DEV_AWS_ROLE }}
+          aws-region: "us-east-1"
+
+      - name: Upload software manifest to s3 staging
+        run: |
+          cd ansible
+          ansible-playbook -i localhost \
+            -e "ami_release_version=${{ steps.process_release_version.outputs.version }}" \
+            -e "internal_artifacts_bucket=${{ secrets.ARTIFACTS_BUCKET }}" \
+            manifest-playbook.yml
+
+
+      #Our self hosted github runner already has permissions to publish images 
+      #but they're limited to only that; 
+      #so if we want s3 access we'll need to config credentials with the below steps 
+      # (which overwrites existing perms) after the ami build
+
+      - name: configure aws credentials - prod
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ secrets.PROD_AWS_ROLE }}
+          aws-region: "us-east-1"
+
+      - name: Upload software manifest to s3 prod
+        run: |
+          cd ansible
+          ansible-playbook -i localhost \
+            -e "ami_release_version=${{ steps.process_release_version.outputs.version }}" \
+            -e "internal_artifacts_bucket=${{ secrets.PROD_ARTIFACTS_BUCKET }}" \
+            manifest-playbook.yml
+
+
+
+      - name: Create release
+        uses: softprops/action-gh-release@v1
+        with:
+          name: ${{ steps.process_release_version.outputs.version }}
+          tag_name: ${{ steps.process_release_version.outputs.version }}
+          target_commitish: ${{github.sha}}
+
+      - name: Slack Notification on Failure
+        if: ${{ failure() }}
+        uses: rtCamp/action-slack-notify@v2
+        env:
+          SLACK_WEBHOOK: ${{ secrets.SLACK_NOTIFICATIONS_WEBHOOK }}
+          SLACK_USERNAME: 'gha-failures-notifier'
+          SLACK_COLOR: 'danger'
+          SLACK_MESSAGE: 'Building Postgres AMI failed'
+          SLACK_FOOTER: ''
+
+      - name: Cleanup resources on build cancellation
+        if: ${{ cancelled() }}
+        run: |
+          aws ec2 describe-instances --filters "Name=tag:packerExecutionId,Values=${GITHUB_RUN_ID}" --query "Reservations[].Instances[].InstanceId" --output text | xargs -n 1 -I {} aws ec2 terminate-instances --instance-ids {}
@@ -25,7 +25,11 @@ jobs:
     steps:
 
       - name: Check out code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.pull_request.head.ref || github.ref }}
+          fetch-depth: 0
+          fetch-tags: true
       - name: aws-creds
         uses: aws-actions/configure-aws-credentials@v4
         with:

@@ -0,0 +1,142 @@
+name: Test pg_upgrade
+
+on:
+  push:
+    branches:
+      - develop
+      - pcnc/auto-pg_upgrade-testing
+      - sam/nix-docker-build
+  workflow_dispatch:
+
+permissions:
+  id-token: write
+
+jobs:
+  test:
+    strategy:
+      matrix:
+        base_pg_version:
+          - 15.6.1.90-nix-staged
+    runs-on: arm-runner
+    timeout-minutes: 30
+    defaults:
+      run:
+        working-directory: ./tests/pg_upgrade
+    env:
+      PGPORT: 5478
+      PGPASSWORD: postgres
+      PGDATABASE: postgres
+      PGUSER: supabase_admin
+      PGHOST: localhost
+      PG_MAJOR_VERSION: 15
+      IS_CI: true
+      container: pg_upgrade_test
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Grab release version
+        id: process_release_version
+        working-directory: ./
+        run: |
+          VERSION=$(sed -e 's/postgres-version = "\(.*\)"/\1/g' common-nix.vars.pkr.hcl)
+          echo "version=$VERSION" >> "$GITHUB_OUTPUT"
+
+      - name: configure aws credentials - staging
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          role-to-assume: ${{ secrets.DEV_AWS_ROLE }}
+          aws-region: "us-east-1"
+
+      # - name: copy needed scripts
+      #   run: cp -r ../../nix/tools/pg_upgrade_scripts scripts/
+
+      - run: docker context create builders
+      - uses: docker/setup-buildx-action@v2
+        with:
+          endpoint: builders
+          driver-opts: image=moby/buildkit:v0.11.6
+          buildkitd-flags: --debug
+
+      - name: Start Postgres
+        run: |
+          docker rm -f "$container" || true
+          docker run --name "$container" --env-file .env \
+          -v "$(pwd)/scripts:/tmp/upgrade" \
+          --entrypoint "/tmp/upgrade/entrypoint-nix.sh" -d \
+          -p ${PGPORT}:5432 \
+          "samrose/postgresql-15-aarch64-linux-pg-upgrade-test:${{ matrix.base_pg_version }}"
+          docker logs "$container"
+
+      - name: Check container status
+        run: |
+          docker ps -a
+          docker inspect "$container" --format '{{.State.Status}}'
+          docker inspect "$container" --format '{{.State.ExitCode}}'
+
+      - name: Install psql
+        run: |
+          sudo apt update
+          sudo apt install -y --no-install-recommends postgresql-client
+
+      - name: Install pg_prove
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y --no-install-recommends perl cpanminus
+          sudo cpanm -n App::cpanminus
+          sudo cpanm -n TAP::Parser::SourceHandler::pgTAP
+        env:
+          SHELL: /bin/bash
+          PERL_MM_USE_DEFAULT: 1
+          PERL_MM_NONINTERACTIVE: 1
+
+      - name: Wait for healthy database
+        run: |
+          start_time=$(date +%s)
+          timeout=600  # 10 minutes in seconds
+
+          while ! docker exec "$container" bash -c "pg_isready -p 5432"; do
+            current_time=$(date +%s)
+            elapsed=$((current_time - start_time))
+
+            if [ $elapsed -ge $timeout ]; then
+                echo "Timeout reached after ${elapsed} seconds. Database is not ready."
+                docker logs "$container"
+                docker rm -f "$container"
+                exit 1
+            fi
+
+            echo "Database not ready. Waiting..."
+            sleep 5
+          done
+
+          echo "Database is ready after ${elapsed} seconds."
+
+      - name: Run migrations
+        run: docker exec "$container" bash -c "/docker-entrypoint-initdb.d/migrate.sh 2>&1"
+
+      - name: Run initial tests
+        run: pg_prove "../../migrations/tests/test.sql"
+        env:
+          PERL5LIB: /usr/local/lib/perl5
+
+      - name: Apply pre-upgrade fixtures
+        run: |
+          psql -f "./tests/98-data-fixtures.sql"
+          psql -f "./tests/99-fixtures.sql"
+
+      - name: Initiate upgrade
+        run: docker exec "$container" bash -c '/tmp/upgrade/initiate-nix.sh "github:supabase/postgres/sam/nix-docker-build#psql_15/bin" "github:supabase/postgres/develop#psql_15/bin"; exit $?'
+
+      - name: Complete pg_upgrade
+        run: docker exec pg_upgrade_test bash -c '/tmp/upgrade/complete-nix.sh; exit $?'
+
+      - name: Run post-upgrade tests
+        run: |
+          pg_prove ./tests/01-schema.sql
+          pg_prove ./tests/02-data.sql
+          pg_prove ./tests/03-settings.sql
+
+      - name: Clean up container
+        if: ${{ always() }}
+        continue-on-error: true
+        run: docker rm -f "$container" || true
@@ -0,0 +1,67 @@
+name: Testinfra Integration Tests Nix
+
+on:
+  #pull_request:
+  workflow_dispatch:
+
+jobs:
+  test-ami-nix:
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - runner: arm-runner
+            arch: arm64
+            ubuntu_release: focal
+            ubuntu_version: 20.04
+            mcpu: neoverse-n1
+    runs-on: ${{ matrix.runner }}
+    timeout-minutes: 150
+    permissions:
+      contents: write
+      packages: write
+      id-token: write
+
+    steps:
+      - name: Checkout Repo
+        uses: actions/checkout@v4
+
+      - id: args
+        uses: mikefarah/yq@master
+        with:
+          cmd: yq 'to_entries | map(select(.value|type == "!!str")) |  map(.key + "=" + .value) | join("\n")' 'ansible/vars.yml'
+
+      - run: docker context create builders
+
+      - uses: docker/setup-buildx-action@v3
+        with:
+          endpoint: builders
+
+      - name: Build AMI stage 1
+        run: |
+          packer init amazon-arm64-nix.pkr.hcl
+          GIT_SHA=${{github.sha}}
+          packer build -var "git-head-version=${GIT_SHA}" -var "packer-execution-id=${GITHUB_RUN_ID}" -var-file="development-arm.vars.pkr.hcl" -var-file="common-nix.vars.pkr.hcl" -var "ansible_arguments=" -var "postgres-version=ci-ami-test" -var "region=ap-southeast-1" -var 'ami_regions=["ap-southeast-1"]' -var "force-deregister=true" amazon-arm64-nix.pkr.hcl
+
+      - name: Build AMI stage 2
+        run: |
+          packer init stage2-nix-psql.pkr.hcl
+          GIT_SHA=${{github.sha}}
+          packer build -var "git-head-version=${GIT_SHA}" -var "packer-execution-id=${GITHUB_RUN_ID}" -var-file="development-arm.vars.pkr.hcl" -var-file="common-nix.vars.pkr.hcl"  -var "postgres-version=ci-ami-test" -var "region=ap-southeast-1" -var 'ami_regions=["ap-southeast-1"]' -var "force-deregister=true" stage2-nix-psql.pkr.hcl 
+
+      - name: Run tests
+        timeout-minutes: 10
+        run: |
+          # TODO: use poetry for pkg mgmt
+          pip3 install boto3 boto3-stubs[essential] docker ec2instanceconnectcli pytest pytest-testinfra[paramiko,docker] requests
+          pytest -vv -s testinfra/test_ami_nix.py
+
+      - name: Cleanup resources on build cancellation
+        if: ${{ cancelled() }}
+        run: |
+          aws ec2 --region ap-southeast-1 describe-instances --filters "Name=tag:packerExecutionId,Values=${GITHUB_RUN_ID}" --query "Reservations[].Instances[].InstanceId" --output text | xargs -n 1 -I {} aws ec2 terminate-instances --region ap-southeast-1 --instance-ids {}
+
+      - name: Cleanup resources on build cancellation
+        if: ${{ always() }}
+        run: |
+          aws ec2 --region ap-southeast-1 describe-instances --filters "Name=tag:testinfra-run-id,Values=${GITHUB_RUN_ID}" --query "Reservations[].Instances[].InstanceId" --output text | xargs -n 1 -I {} aws ec2 terminate-instances --region ap-southeast-1 --instance-ids {} || true