supabase · samrose · Jul 24, 2025 · Jan 22, 2025 · Jan 22, 2025 · Jan 22, 2025
@@ -103,6 +103,8 @@ jobs:
       - name: Upload nix flake revision to s3 staging
         run: |
           aws s3 cp /tmp/pg_binaries.tar.gz s3://${{ secrets.ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/20.04.tar.gz
+          aws s3 cp /tmp/pg_binaries.tar.gz s3://${{ secrets.ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/24.04.tar.gz
+          aws s3 cp /tmp/pg_binaries.tar.gz s3://${{ secrets.ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/upgrade_bundle.tar.gz
 
       - name: configure aws credentials - prod
         uses: aws-actions/configure-aws-credentials@v4
@@ -122,6 +124,8 @@ jobs:
       - name: Upload nix flake revision to s3 prod
         run: |
           aws s3 cp /tmp/pg_binaries.tar.gz s3://${{ secrets.PROD_ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/20.04.tar.gz
+          aws s3 cp /tmp/pg_binaries.tar.gz s3://${{ secrets.PROD_ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/24.04.tar.gz
+          aws s3 cp /tmp/pg_binaries.tar.gz s3://${{ secrets.PROD_ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/upgrade_bundle.tar.gz
 
       - name: Create release
         uses: softprops/action-gh-release@v2

@@ -125,6 +125,8 @@ jobs:
       - name: Upload nix flake revision to s3 staging
         run: |
           aws s3 cp /tmp/pg_binaries.tar.gz s3://${{ secrets.ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/20.04.tar.gz
+          aws s3 cp /tmp/pg_binaries.tar.gz s3://${{ secrets.ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/24.04.tar.gz
+          aws s3 cp /tmp/pg_binaries.tar.gz s3://${{ secrets.ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/upgrade_bundle.tar.gz
 
       - name: configure aws credentials - prod
         uses: aws-actions/configure-aws-credentials@v4
@@ -144,6 +146,8 @@ jobs:
       - name: Upload nix flake revision to s3 prod
         run: |
           aws s3 cp /tmp/pg_binaries.tar.gz s3://${{ secrets.PROD_ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/20.04.tar.gz
+          aws s3 cp /tmp/pg_binaries.tar.gz s3://${{ secrets.PROD_ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/24.04.tar.gz
+          aws s3 cp /tmp/pg_binaries.tar.gz s3://${{ secrets.PROD_ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/upgrade_bundle.tar.gz
 
       - name: Create release
         uses: softprops/action-gh-release@v2

@@ -66,7 +66,9 @@ jobs:
 
       - name: Upload pg_upgrade scripts to s3 staging
         run: |
-          aws s3 cp /tmp/pg_upgrade_bin.tar.gz "s3://${{ secrets.ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/20.04.tar.gz"
+          aws s3 cp /tmp/pg_upgrade_bin.tar.gz s3://${{ secrets.ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/20.04.tar.gz
+          aws s3 cp /tmp/pg_upgrade_bin.tar.gz s3://${{ secrets.ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/24.04.tar.gz
+          aws s3 cp /tmp/pg_upgrade_bin.tar.gz s3://${{ secrets.ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/upgrade_bundle.tar.gz
 
       - name: Slack Notification on Failure
         if: ${{ failure() }}
@@ -113,7 +115,9 @@ jobs:
 
       - name: Upload pg_upgrade scripts to s3 prod
         run: |
-          aws s3 cp /tmp/pg_upgrade_bin.tar.gz "s3://${{ secrets.PROD_ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/20.04.tar.gz"
+          aws s3 cp /tmp/pg_upgrade_bin.tar.gz s3://${{ secrets.PROD_ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/20.04.tar.gz
+          aws s3 cp /tmp/pg_upgrade_bin.tar.gz s3://${{ secrets.PROD_ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/24.04.tar.gz
+          aws s3 cp /tmp/pg_upgrade_bin.tar.gz s3://${{ secrets.PROD_ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/upgrade_bundle.tar.gz
 
       - name: Slack Notification on Failure
         if: ${{ failure() }}

@@ -34,8 +34,8 @@ jobs:
         include:
           - runner: arm-runner
             arch: arm64
-            ubuntu_release: focal
-            ubuntu_version: 20.04
+            ubuntu_release: noble
+            ubuntu_version: 24.04
             mcpu: neoverse-n1
     runs-on: ${{ matrix.runner }}
     timeout-minutes: 150

@@ -38,7 +38,7 @@ ARG index_advisor_release=0.2.0
 ARG supautils_release=2.2.0
 ARG wal_g_release=2.0.1
 
-FROM ubuntu:focal as base
+FROM ubuntu:noble as base
 
 RUN apt update -y && apt install -y \
     curl \

@@ -1,6 +1,6 @@
 FROM alpine:3.22
 
-ADD ./output-cloudimg/packer-cloudimg /disk/focal.qcow2
+ADD ./output-cloudimg/packer-cloudimg /disk/image.qcow2
 
 RUN apk add --no-cache qemu-system-aarch64 qemu-img openssh-client aavmf virtiofsd \
     && truncate -s 64M /root/varstore.img \

@@ -39,7 +39,7 @@ ARG index_advisor_release=0.2.0
 ARG supautils_release=2.2.0
 ARG wal_g_release=3.0.5
 
-FROM ubuntu:focal as base
+FROM ubuntu:noble as base
 
 RUN apt update -y && apt install -y \
     curl \

@@ -7,10 +7,6 @@ init: qemu-arm64-nix.pkr.hcl
 output-cloudimg/packer-cloudimg: ansible qemu-arm64-nix.pkr.hcl
 	packer build -var "git_sha=$(UPSTREAM_NIX_GIT_SHA)" qemu-arm64-nix.pkr.hcl
 
-disk/focal-raw.img: output-cloudimg/packer-cloudimg
-	mkdir -p disk
-	sudo qemu-img convert -O raw output-cloudimg/packer-cloudimg disk/focal-raw.img
-
 alpine-image: output-cloudimg/packer-cloudimg
 	sudo nerdctl build . -t supabase-postgres-test:$(GIT_SHA) -f ./Dockerfile-kubernetes
 

@@ -6,7 +6,7 @@ Unmodified Postgres with some useful plugins. Our goal with this repo is not to
 - ✅ Postgres [postgresql-15.8](https://www.postgresql.org/docs/15/index.html)
 - ✅ Postgres [postgresql-17.4](https://www.postgresql.org/docs/17/index.html)
 - ✅ Postgres [orioledb-postgresql-17_6](https://github.com/orioledb/orioledb)
-- ✅ Ubuntu 20.04 (Focal Fossa).
+- ✅ Ubuntu 24.04 (Noble Numbat).
 - ✅ [wal_level](https://www.postgresql.org/docs/current/runtime-config-wal.html) = logical and [max_replication_slots](https://www.postgresql.org/docs/current/runtime-config-replication.html) = 5. Ready for replication.
 - ✅ [Large Systems Extensions](https://github.com/aws/aws-graviton-getting-started#building-for-graviton-and-graviton2). Enabled for ARM images.
 ## Extensions 
@@ -115,7 +115,7 @@ Unmodified Postgres with some useful plugins. Our goal with this repo is not to
 | Goodie | Version | Description |
 | ------------- | :-------------: | ------------- |
 | [PgBouncer](https://www.pgbouncer.org/) | [1.19.0](http://www.pgbouncer.org/changelog.html#pgbouncer-119x) | Set up Connection Pooling. |
-| [PostgREST](https://postgrest.org/en/stable/) | [v12.2.3](https://github.com/PostgREST/postgrest/releases/tag/v12.2.3) | Instantly transform your database into an RESTful API. |
+| [PostgREST](https://postgrest.org/en/stable/) | [v13.0.4](https://github.com/PostgREST/postgrest/releases/tag/v13.0.4) | Instantly transform your database into an RESTful API. |
 | [WAL-G](https://github.com/wal-g/wal-g#wal-g) | [v2.0.1](https://github.com/wal-g/wal-g/releases/tag/v2.0.1) | Tool for physical database backup and recovery. | -->
 
 ## Install

@@ -1,6 +1,6 @@
 variable "ami" {
   type    = string
-  default = "ubuntu/images/hvm-ssd/ubuntu-focal-20.04-arm64-server-*"
+  default = "ubuntu/images/hvm-ssd-gp3/ubuntu-noble-24.04-arm64-server-*"
 }
 
 variable "profile" {
@@ -115,7 +115,7 @@ source "amazon-ebssurrogate" "source" {
   #secret_key   = "${var.aws_secret_key}"
   force_deregister = var.force-deregister
 
-  # Use latest official ubuntu focal ami owned by Canonical.
+  # Use latest official ubuntu noble ami owned by Canonical.
   source_ami_filter {
     filters = {
       virtualization-type = "hvm"

@@ -266,6 +266,7 @@ function complete_pg_upgrade {
         echo "5.1. Restarting gotrue and postgrest"
         retry 3 service gotrue restart
         retry 3 service postgrest restart
+
     else
         retry 3 CI_stop_postgres || true
         retry 3 CI_start_postgres

@@ -23,6 +23,7 @@ Cmnd_Alias PGBOUNCER = /bin/systemctl start pgbouncer.service, /bin/systemctl st
 %adminapi ALL= NOPASSWD: /bin/systemctl restart services.slice
 %adminapi ALL= NOPASSWD: /usr/sbin/nft -f /etc/nftables/supabase_managed.conf
 %adminapi ALL= NOPASSWD: /usr/bin/admin-mgr
+%adminapi ALL= NOPASSWD: /usr/sbin/netplan apply
 %adminapi ALL= NOPASSWD: ENVOY
 %adminapi ALL= NOPASSWD: KONG
 %adminapi ALL= NOPASSWD: POSTGREST

@@ -40,7 +40,6 @@
     "backup": [{"groupname": "backup", "username": "backup"}],
     "list": [{"groupname": "list", "username": "list"}],
     "irc": [{"groupname": "irc", "username": "irc"}],
-    "gnats": [{"groupname": "gnats", "username": "gnats"}],
     "nobody": [{"groupname": "nogroup", "username": "nobody"}],
     "systemd-network": [
         {"groupname": "systemd-network", "username": "systemd-network"}
@@ -224,7 +223,6 @@ def main():
         "backup",
         "list",
         "irc",
-        "gnats",
         "nobody",
         "systemd-network",
         "systemd-resolve",

@@ -1,5 +1,6 @@
 [Unit]
 Description=Check if systemd-networkd has broken NDisc routes and fix
+# Remove Requisite to prevent being killed when restarting networkd
 Requisite=systemd-networkd.service
 After=systemd-networkd.service
 

@@ -24,7 +24,7 @@
 
     - name: PostgREST - download ubuntu binary archive (arm)
       get_url:
-        url: "https://github.com/PostgREST/postgrest/releases/download/v{{ postgrest_release }}/postgrest-v{{ postgrest_release }}-ubuntu-20.04-aarch64.tar.xz"
+        url: "https://github.com/PostgREST/postgrest/releases/download/v{{ postgrest_release }}/postgrest-v{{ postgrest_release }}-ubuntu-aarch64.tar.xz"
         dest: /tmp/postgrest-{{ postgrest_release }}-arm64.tar.xz
         checksum: "{{ postgrest_arm_release_checksum }}"
         timeout: 60

@@ -78,8 +78,8 @@
         - install-supabase-internal
       when: debpkg_mode or nixpkg_mode
 
-    - name: Fix IPv6 NDisc issues
-      import_tasks: tasks/fix_ipv6_ndisc.yml
+    - name: Fix IPv6 NDisc issues (disabled)
+      import_tasks: tasks/fix-ipv6-ndisc.yml
       tags:
         - install-supabase-internal
       when: (debpkg_mode or nixpkg_mode) and (qemu_mode is undefined)

@@ -25,9 +25,9 @@
 
 - name: fix Network - reload systemd
   systemd:
-    daemon_reload: yes
+    daemon_reload: false
 
-- name: fix Network - enable systemd timer
+- name: fix Network - ensure systemd timer is installed but disabled
   systemd:
     name: systemd-networkd-check-and-fix.timer
-    enabled: true
+    enabled: false
@@ -23,7 +23,7 @@
 
 - name: Postgres - install server
   apt:
-    name: postgresql-{{ postgresql_major }}={{ postgresql_release }}-1.pgdg20.04+1
+    name: postgresql-{{ postgresql_major }}={{ postgresql_release }}-1.pgdg24.04+1
     install_recommends: no
   when: debpkg_mode
 

@@ -8,7 +8,7 @@
 
 - name: PostgREST - add Postgres PPA main
   apt_repository:
-    repo: "deb http://apt.postgresql.org/pub/repos/apt/ focal-pgdg main"
+    repo: "deb http://apt.postgresql.org/pub/repos/apt/ noble-pgdg {{ postgresql_major }}"
     state: present
     filename: postgresql-pgdg
 
@@ -36,7 +36,7 @@
 
 - name: PostgREST - remove Postgres PPA
   apt_repository:
-    repo: "deb http://apt.postgresql.org/pub/repos/apt/ focal-pgdg main"
+    repo: "deb http://apt.postgresql.org/pub/repos/apt/ noble-pgdg {{ postgresql_major }}"
     state: absent
 
 - name: postgis - ensure dependencies do not get autoremoved
@@ -48,7 +48,7 @@
 
 - name: PostgREST - download ubuntu binary archive (arm)
   get_url:
-    url: "https://github.com/PostgREST/postgrest/releases/download/v{{ postgrest_release }}/postgrest-v{{ postgrest_release }}-ubuntu-20.04-aarch64.tar.xz"
+    url: "https://github.com/PostgREST/postgrest/releases/download/v{{ postgrest_release }}/postgrest-v{{ postgrest_release }}-ubuntu-aarch64.tar.xz"
     dest: /tmp/postgrest.tar.xz
     checksum: "{{ postgrest_arm_release_checksum }}"
     timeout: 60

@@ -9,19 +9,20 @@ postgres_major:
 
 # Full version strings for each major version
 postgres_release:
-  postgresorioledb-17: "17.5.1.007-orioledb"
-  postgres17: "17.4.1.064"
-  postgres15: "15.8.1.121"
+  postgresorioledb-17: "17.5.1.008-orioledb"
+  postgres17: "17.4.1.065"
+  postgres15: "15.8.1.122"
 
 # Non Postgres Extensions
 pgbouncer_release: "1.19.0"
 pgbouncer_release_checksum: sha256:af0b05e97d0e1fd9ad45fe00ea6d2a934c63075f67f7e2ccef2ca59e3d8ce682
 
-# The checksum can be found under "Assets", in the GitHub release page for each version:
+# The checksum can be found under "Assets", in the GitHub release page for each version.
+# The binaries used are: ubuntu-aarch64 and linux-static.
 # https://github.com/PostgREST/postgrest/releases
-postgrest_release: "12.2.12"
-postgrest_arm_release_checksum: sha256:6b2eaa5759329e024df76f79d93f6bb3d87a93de11433acc5d66aa6c96f81f90
-postgrest_x86_release_checksum: sha256:5de4092f1719da3353c40bf96c8dec6913f2254a7cd0b61cc05f233153b557d5
+postgrest_release: "13.0.4"
+postgrest_arm_release_checksum: sha256:2b400200fb15eb5849267e4375fbbc516dd727afadd8786815b48074ed8c03e1
+postgrest_x86_release_checksum: sha256:a0052c8d4726f52349e0298f98da51140ef4941855548590ee88331afa617811
 
 gotrue_release: 2.177.0
 gotrue_release_checksum: sha1:664a26237618c4bfb1e33e4f03a540c3cef3e3c8
@@ -30,16 +31,16 @@ aws_cli_release: "2.23.11"
 
 salt_minion_version: 3007
 
-golang_version: "1.19.3"
+golang_version: "1.22.11"
 golang_version_checksum:
-  arm64: sha256:99de2fe112a52ab748fb175edea64b313a0c8d51d6157dba683a6be163fd5eab
-  amd64: sha256:74b9640724fd4e6bb0ed2a1bc44ae813a03f1e72a4c76253e2d5c015494430ba
+  arm64: sha256:0fc88d966d33896384fbde56e9a8d80a305dc17a9f48f1832e061724b1719991
+  amd64: sha256:9ebfcab26801fa4cf0627c6439db7a4da4d3c6766142a3dd83508240e4f21031
 
 envoy_release: 1.28.0
 envoy_release_checksum: sha1:b0a06e9cfb170f1993f369beaa5aa9d7ec679ce5
 envoy_hot_restarter_release_checksum: sha1:6d43b89d266fb2427a4b51756b649883b0617eda
 
-kong_release_target: focal # if it works, it works
+kong_release_target: focal
 kong_deb: kong_2.8.1_arm64.deb
 kong_deb_checksum: sha1:2086f6ccf8454fe64435252fea4d29d736d7ec61
 

@@ -1,8 +1,8 @@
-ARG ubuntu_release=focal
+ARG ubuntu_release=noble
 FROM ubuntu:${ubuntu_release} as base
 
 ARG ubuntu_release=flocal
-ARG ubuntu_release_no=20.04
+ARG ubuntu_release_no=24.04
 ARG postgresql_major=15
 ARG postgresql_release=${postgresql_major}.1
 

@@ -1,10 +1,10 @@
-deb http://REGION.clouds.ports.ubuntu.com/ubuntu-ports/ focal main restricted
-deb http://REGION.clouds.ports.ubuntu.com/ubuntu-ports/ focal-updates main restricted
-deb http://REGION.clouds.ports.ubuntu.com/ubuntu-ports/ focal universe
-deb http://REGION.clouds.ports.ubuntu.com/ubuntu-ports/ focal-updates universe
-deb http://REGION.clouds.ports.ubuntu.com/ubuntu-ports/ focal multiverse
-deb http://REGION.clouds.ports.ubuntu.com/ubuntu-ports/ focal-updates multiverse
-deb http://REGION.clouds.ports.ubuntu.com/ubuntu-ports/ focal-backports main restricted universe multiverse
-deb http://ports.ubuntu.com/ubuntu-ports focal-security main restricted
-deb http://ports.ubuntu.com/ubuntu-ports focal-security universe
-deb http://ports.ubuntu.com/ubuntu-ports focal-security multiverse
+deb http://REGION.clouds.ports.ubuntu.com/ubuntu-ports/ noble main restricted
+deb http://REGION.clouds.ports.ubuntu.com/ubuntu-ports/ noble-updates main restricted
+deb http://REGION.clouds.ports.ubuntu.com/ubuntu-ports/ noble universe
+deb http://REGION.clouds.ports.ubuntu.com/ubuntu-ports/ noble-updates universe
+deb http://REGION.clouds.ports.ubuntu.com/ubuntu-ports/ noble multiverse
+deb http://REGION.clouds.ports.ubuntu.com/ubuntu-ports/ noble-updates multiverse
+deb http://REGION.clouds.ports.ubuntu.com/ubuntu-ports/ noble-backports main restricted universe multiverse
+deb http://ports.ubuntu.com/ubuntu-ports noble-security main restricted
+deb http://ports.ubuntu.com/ubuntu-ports noble-security universe
+deb http://ports.ubuntu.com/ubuntu-ports noble-security multiverse
@@ -1,10 +1,10 @@
-deb http://REGION.ec2.archive.ubuntu.com/ubuntu/ focal main restricted
-deb http://REGION.ec2.archive.ubuntu.com/ubuntu/ focal-updates main restricted
-deb http://REGION.ec2.archive.ubuntu.com/ubuntu/ focal universe
-deb http://REGION.ec2.archive.ubuntu.com/ubuntu/ focal-updates universe
-deb http://REGION.ec2.archive.ubuntu.com/ubuntu/ focal multiverse
-deb http://REGION.ec2.archive.ubuntu.com/ubuntu/ focal-updates multiverse
-deb http://REGION.ec2.archive.ubuntu.com/ubuntu/ focal-backports main restricted universe multiverse
-deb http://security.ubuntu.com/ubuntu focal-security main restricted
-deb http://security.ubuntu.com/ubuntu focal-security universe
-deb http://security.ubuntu.com/ubuntu focal-security multiverse
+deb http://REGION.ec2.archive.ubuntu.com/ubuntu/ noble main restricted
+deb http://REGION.ec2.archive.ubuntu.com/ubuntu/ noble-updates main restricted
+deb http://REGION.ec2.archive.ubuntu.com/ubuntu/ noble universe
+deb http://REGION.ec2.archive.ubuntu.com/ubuntu/ noble-updates universe
+deb http://REGION.ec2.archive.ubuntu.com/ubuntu/ noble multiverse
+deb http://REGION.ec2.archive.ubuntu.com/ubuntu/ noble-updates multiverse
+deb http://REGION.ec2.archive.ubuntu.com/ubuntu/ noble-backports main restricted universe multiverse
+deb http://security.ubuntu.com/ubuntu noble-security main restricted
+deb http://security.ubuntu.com/ubuntu noble-security universe
+deb http://security.ubuntu.com/ubuntu noble-security multiverse
@@ -58,7 +58,7 @@ function update_install_packages {
 	apt-get upgrade -y
 
 	# Install OpenSSH and other packages
-	sudo add-apt-repository universe
+	sudo add-apt-repository --yes universe
 	apt-get update
 	apt-get install -y --no-install-recommends \
 		openssh-server \
@@ -157,10 +157,21 @@ function disable_fsck {
 
 # Don't request hostname during boot but set hostname
 function setup_hostname {
-	sed -i 's/gethostname()/ubuntu /g' /etc/dhcp/dhclient.conf
-	sed -i 's/host-name,//g' /etc/dhcp/dhclient.conf
+	# Set the static hostname
 	echo "ubuntu" > /etc/hostname
 	chmod 644 /etc/hostname
+	# Update netplan configuration to not send hostname
+	cat << EOF > /etc/netplan/01-hostname.yaml
+network:
+  version: 2
+  ethernets:
+    eth0:
+      dhcp4: true
+      dhcp4-overrides:
+        send-hostname: false
+EOF
+	# Set proper permissions for netplan security
+	chmod 600 /etc/netplan/01-hostname.yaml
 }
 
 # Set options for the default interface
@@ -172,6 +183,8 @@ network:
     eth0:
       dhcp4: true
 EOF
+	# Set proper permissions for netplan security
+	chmod 600 /etc/netplan/eth0.yaml
 }
 
 function disable_sshd_passwd_auth {