diff --git a/flake.nix b/flake.nix index e83ffab1c..fbe995fb1 100644 --- a/flake.nix +++ b/flake.nix @@ -429,6 +429,27 @@ chmod +x $out/bin/start-postgres-client ''; + # Start a version of the client and runs migrations script on server. + start-client-and-migrate = + let + migrationsDir = ./migrations/db; + postgresqlSchemaSql = ./nix/tools/postgresql_schema.sql; + pgbouncerAuthSchemaSql = ./ansible/files/pgbouncer_config/pgbouncer_auth_schema.sql; + statExtensionSql = ./ansible/files/stat_extension.sql; + in + pkgs.runCommand "start-postgres-client-migrate" { } '' + mkdir -p $out/bin + substitute ${./nix/tools/run-client-migrate.sh.in} $out/bin/start-postgres-client-migrate \ + --subst-var-by 'PGSQL_DEFAULT_PORT' '${pgsqlDefaultPort}' \ + --subst-var-by 'PGSQL_SUPERUSER' '${pgsqlSuperuser}' \ + --subst-var-by 'PSQL15_BINDIR' '${basePackages.psql_15.bin}' \ + --subst-var-by 'MIGRATIONS_DIR' '${migrationsDir}' \ + --subst-var-by 'POSTGRESQL_SCHEMA_SQL' '${postgresqlSchemaSql}' \ + --subst-var-by 'PGBOUNCER_AUTH_SCHEMA_SQL' '${pgbouncerAuthSchemaSql}' \ + --subst-var-by 'STAT_EXTENSION_SQL' '${statExtensionSql}' + chmod +x $out/bin/start-postgres-client-migrate + ''; + # Migrate between two data directories. migrate-tool = let @@ -535,6 +556,7 @@ { start-server = mkApp "start-server" "start-postgres-server"; start-client = mkApp "start-client" "start-postgres-client"; + start-client-and-migrate = mkApp "start-client-and-migrate" "start-postgres-client-migrate"; start-replica = mkApp "start-replica" "start-postgres-replica"; migration-test = mkApp "migrate-tool" "migrate-postgres"; sync-exts-versions = mkApp "sync-exts-versions" "sync-exts-versions"; diff --git a/nix/tests/util/pgsodium_getkey.sh b/nix/tests/util/pgsodium_getkey.sh index 778918ca1..106e3bf4a 100755 --- a/nix/tests/util/pgsodium_getkey.sh +++ b/nix/tests/util/pgsodium_getkey.sh @@ -1,4 +1,10 @@ -# NOTE (aseipp): just use some random key for testing, no need to query -# /dev/urandom. also helps ferrit out other random flukes, perhaps? +#!/bin/bash -echo -n 8359dafbba5c05568799c1c24eb6c2fbff497654bc6aa5e9a791c666768875a1 +set -euo pipefail + +KEY_FILE="${1:-/tmp/pgsodium.key}" + +if [[ ! -f "${KEY_FILE}" ]]; then + head -c 32 /dev/urandom | od -A n -t x1 | tr -d ' \n' > "${KEY_FILE}" +fi +cat $KEY_FILE \ No newline at end of file diff --git a/nix/tools/postgresql_schema.sql b/nix/tools/postgresql_schema.sql new file mode 100644 index 000000000..4547ab239 --- /dev/null +++ b/nix/tools/postgresql_schema.sql @@ -0,0 +1,11 @@ +ALTER DATABASE postgres SET "app.settings.jwt_secret" TO 'my_jwt_secret_which_is_not_so_secret'; +ALTER DATABASE postgres SET "app.settings.jwt_exp" TO 3600; +ALTER USER supabase_admin WITH PASSWORD 'postgres'; +ALTER USER postgres WITH PASSWORD 'postgres'; +ALTER USER authenticator WITH PASSWORD 'postgres'; +ALTER USER pgbouncer WITH PASSWORD 'postgres'; +ALTER USER supabase_auth_admin WITH PASSWORD 'postgres'; +ALTER USER supabase_storage_admin WITH PASSWORD 'postgres'; +ALTER USER supabase_replication_admin WITH PASSWORD 'postgres'; +ALTER ROLE supabase_read_only_user WITH PASSWORD 'postgres'; +ALTER ROLE supabase_admin SET search_path TO "$user",public,auth,extensions; diff --git a/nix/tools/run-client-migrate.sh.in b/nix/tools/run-client-migrate.sh.in new file mode 100644 index 000000000..50e06f22d --- /dev/null +++ b/nix/tools/run-client-migrate.sh.in @@ -0,0 +1,50 @@ +#!/usr/bin/env bash +# shellcheck shell=bash + +[ ! -z "$DEBUG" ] && set -x + +# first argument should be '15' or '16' for the version +if [ "$1" == "15" ]; then + echo "Starting client for PSQL 15" + PSQL15=@PSQL15_BINDIR@ + BINDIR="$PSQL15" +elif [ "$1" == "16" ]; then + echo "Starting client for PSQL 16" + PSQL16=@PSQL16_BINDIR@ + BINDIR="$PSQL16" +elif [ "$1" == "orioledb-16" ]; then + echo "Starting client for PSQL ORIOLEDB 16" + PSQLORIOLEDB16=@PSQLORIOLEDB16_BINDIR@ + BINDIR="$PSQLORIOLEDB16" +else + echo "Please provide a valid Postgres version (15, 16, or orioledb-16)" + exit 1 +fi +#vars for migration.sh +export PATH=$BINDIR/bin:$PATH +export POSTGRES_DB=postgres +export POSTGRES_HOST=localhost +export POSTGRES_PORT=@PGSQL_DEFAULT_PORT@ +PORTNO="${2:-@PGSQL_DEFAULT_PORT@}" +PGSQL_SUPERUSER=@PGSQL_SUPERUSER@ +MIGRATIONS_DIR=@MIGRATIONS_DIR@ +POSTGRESQL_SCHEMA_SQL=@POSTGRESQL_SCHEMA_SQL@ +PGBOUNCER_AUTH_SCHEMA_SQL=@PGBOUNCER_AUTH_SCHEMA_SQL@ +STAT_EXTENSION_SQL=@STAT_EXTENSION_SQL@ +psql -v ON_ERROR_STOP=1 --no-password --no-psqlrc -U "$PGSQL_SUPERUSER" -p "$PORTNO" -h localhost -d postgres -f "$PGBOUNCER_AUTH_SCHEMA_SQL" +psql -v ON_ERROR_STOP=1 --no-password --no-psqlrc -U "$PGSQL_SUPERUSER" -p "$PORTNO" -h localhost -d postgres -f "$STAT_EXTENSION_SQL" +for sql in "$MIGRATIONS_DIR"/init-scripts/*.sql; do + echo "$0: running $sql" + psql -v ON_ERROR_STOP=1 --no-password --no-psqlrc -U postgres -p "$PORTNO" -h localhost -f "$sql" postgres +done +psql -v ON_ERROR_STOP=1 --no-password --no-psqlrc -U postgres -p "$PORTNO" -h localhost -c "ALTER USER supabase_admin WITH PASSWORD '$PGPASSWORD'" +# run migrations as super user - postgres user demoted in post-setup +for sql in "$MIGRATIONS_DIR"/migrations/*.sql; do + echo "$0: running $sql" + psql -v ON_ERROR_STOP=1 --no-password --no-psqlrc -U supabase_admin -p "$PORTNO" -h localhost -f "$sql" postgres +done +psql -v ON_ERROR_STOP=1 --no-password --no-psqlrc -U supabase_admin -p "$PORTNO" -h localhost -f "$POSTGRESQL_SCHEMA_SQL" postgres +# TODO Do we need to reset stats when running migrations locally? +#psql -v ON_ERROR_STOP=1 --no-password --no-psqlrc -U supabase_admin -p "$PORTNO" -h localhost -c 'SELECT extensions.pg_stat_statements_reset(); SELECT pg_stat_reset();' postgres || true + +exec psql -U "$PGSQL_SUPERUSER" -p "$PORTNO" -h localhost postgres