From eb5810019aba46edc8629bc2bb72ef754dfe4642 Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Mon, 3 Feb 2025 15:06:15 -0500 Subject: [PATCH 1/2] chore: remove unused/deprecated code --- .github/workflows/build-ccache.yml | 86 -- .github/workflows/dockerhub-release-15-8.yml | 104 -- .github/workflows/dockerhub-release-aio.yml | 124 -- .../workflows/dockerhub-release-orioledb.yml | 86 -- .github/workflows/dockerhub-release.yml | 102 -- .github/workflows/package-plv8.yml | 78 -- .github/workflows/test-pg-upgrade.yml | 133 --- Dockerfile | 998 ---------------- Dockerfile-158 | 221 ---- amazon-arm64.pkr.hcl | 278 ----- .../tasks/postgres-extensions/01-postgis.yml | 102 -- .../postgres-extensions/02-pgrouting.yml | 52 - .../tasks/postgres-extensions/03-pgtap.yml | 25 - .../tasks/postgres-extensions/04-pg_cron.yml | 30 - .../tasks/postgres-extensions/05-pgaudit.yml | 43 - .../tasks/postgres-extensions/06-pgjwt.yml | 17 - .../postgres-extensions/07-pgsql-http.yml | 43 - .../postgres-extensions/08-plpgsql_check.yml | 38 - .../postgres-extensions/09-pg-safeupdate.yml | 30 - .../postgres-extensions/10-timescaledb.yml | 36 - .../tasks/postgres-extensions/11-wal2json.yml | 17 - .../tasks/postgres-extensions/12-pljava.yml | 84 -- ansible/tasks/postgres-extensions/13-plv8.yml | 73 -- .../postgres-extensions/14-pg_plan_filter.yml | 23 - .../tasks/postgres-extensions/15-pg_net.yml | 37 - ansible/tasks/postgres-extensions/16-rum.yml | 34 - .../postgres-extensions/17-pg_hashids.yml | 22 - .../tasks/postgres-extensions/18-pgsodium.yml | 80 -- .../postgres-extensions/19-pg_graphql.yml | 3 - .../20-pg_stat_monitor.yml | 23 - .../postgres-extensions/22-pg_jsonschema.yml | 3 - .../tasks/postgres-extensions/23-vault.yml | 31 - .../tasks/postgres-extensions/24-pgroonga.yml | 85 -- .../tasks/postgres-extensions/25-wrappers.yml | 3 - .../tasks/postgres-extensions/26-hypopg.yml | 17 - .../postgres-extensions/27-pg_repack.yml | 38 - .../tasks/postgres-extensions/28-pgvector.yml | 23 - .../tasks/postgres-extensions/29-pg_tle.yml | 12 - .../99-finish_async_tasks.yml | 19 - ansible/vars.yml | 98 -- common.vars.pkr.hcl | 1 - digitalOcean.json | 45 - docker/all-in-one/Dockerfile | 317 ----- docker/all-in-one/README.md | 59 - docker/all-in-one/configure-shim.sh | 16 - docker/all-in-one/entrypoint.sh | 366 ------ docker/all-in-one/etc/adminapi/adminapi.yaml | 83 -- .../etc/fail2ban/filter.d/pgbouncer.conf | 2 - .../etc/fail2ban/filter.d/postgresql.conf | 8 - .../all-in-one/etc/fail2ban/jail.d/jail.local | 4 - .../etc/fail2ban/jail.d/pgbouncer.conf | 7 - .../etc/fail2ban/jail.d/postgresql.conf | 8 - .../all-in-one/etc/fail2ban/jail.d/sshd.local | 3 - docker/all-in-one/etc/gotrue.env | 9 - docker/all-in-one/etc/kong/kong.conf | 37 - docker/all-in-one/etc/kong/kong.yml | 94 -- .../etc/logrotate.d/postgresql.conf | 11 - docker/all-in-one/etc/logrotate.d/walg.conf | 9 - .../etc/pgbouncer-custom/custom-overrides.ini | 0 .../generated-optimizations.ini | 0 .../etc/pgbouncer-custom/ssl-config.ini | 4 - docker/all-in-one/etc/pgbouncer/pgbouncer.ini | 363 ------ docker/all-in-one/etc/pgbouncer/userlist.txt | 0 .../postgresql-custom/custom-overrides.conf | 0 .../generated-optimizations.conf | 0 .../postgresql-platform-defaults.conf | 7 - docker/all-in-one/etc/postgresql.schema.sql | 16 - docker/all-in-one/etc/postgresql/logging.conf | 33 - docker/all-in-one/etc/postgresql/pg_hba.conf | 94 -- docker/all-in-one/etc/postgrest/base.conf | 7 - docker/all-in-one/etc/postgrest/bootstrap.sh | 8 - .../all-in-one/etc/postgrest/generated.conf | 0 docker/all-in-one/etc/salt/minion | 71 -- docker/all-in-one/etc/sudoers.d/adminapi | 27 - .../etc/supa-shutdown/shutdown.conf | 1 - .../supervisor/base-services/adminapi.conf | 10 - .../supervisor/base-services/logrotate.conf | 11 - .../base-services/lsn-checkpoint-push.conf | 10 - .../base-services/pg_egress_collect.conf | 10 - .../supervisor/base-services/postgresql.conf | 13 - .../base-services/supa-shutdown.conf | 11 - .../etc/supervisor/services/envoy.conf | 10 - .../etc/supervisor/services/exporter.conf | 11 - .../etc/supervisor/services/fail2ban.conf | 9 - .../etc/supervisor/services/gotrue.conf | 10 - .../etc/supervisor/services/group.conf | 3 - .../etc/supervisor/services/kong.conf | 11 - .../etc/supervisor/services/pgbouncer.conf | 10 - .../etc/supervisor/services/postgrest.conf | 10 - .../etc/supervisor/supervisord.conf | 170 --- .../all-in-one/etc/tmpfiles.d/pgbouncer.conf | 2 - docker/all-in-one/etc/vector/vector.yaml | 306 ----- docker/all-in-one/healthcheck.sh | 46 - docker/all-in-one/init/configure-admin-mgr.sh | 8 - docker/all-in-one/init/configure-adminapi.sh | 56 - .../all-in-one/init/configure-autoshutdown.sh | 21 - docker/all-in-one/init/configure-envoy.sh | 53 - docker/all-in-one/init/configure-exporter.sh | 5 - docker/all-in-one/init/configure-fail2ban.sh | 6 - docker/all-in-one/init/configure-gotrue.sh | 40 - docker/all-in-one/init/configure-kong.sh | 48 - .../init/configure-pg_egress_collect.sh | 14 - docker/all-in-one/init/configure-pgbouncer.sh | 46 - docker/all-in-one/init/configure-postgrest.sh | 41 - docker/all-in-one/init/configure-vector.sh | 56 - docker/all-in-one/init/start-kong.sh | 7 - .../pg_egress_collect/pg_egress_collect.pl | 126 -- .../opt/postgres_exporter/queries.yml | 345 ------ docker/all-in-one/postgres-entrypoint.sh | 358 ------ docker/all-in-one/run-logrotate.sh | 8 - docker/all-in-one/shutdown.sh | 96 -- docker/cache/.gitkeep | 0 docker/orioledb/Dockerfile | 1059 ---------------- docker/orioledb/entrypoint.sh | 36 - ebssurrogate/scripts/chroot-bootstrap.sh | 204 ---- ebssurrogate/scripts/surrogate-bootstrap.sh | 324 ----- migrations/schema-16.sql | 1064 ----------------- testinfra/test_all_in_one.py | 135 --- testinfra/test_ami.py | 443 ------- 119 files changed, 10323 deletions(-) delete mode 100644 .github/workflows/build-ccache.yml delete mode 100644 .github/workflows/dockerhub-release-15-8.yml delete mode 100644 .github/workflows/dockerhub-release-aio.yml delete mode 100644 .github/workflows/dockerhub-release-orioledb.yml delete mode 100644 .github/workflows/dockerhub-release.yml delete mode 100644 .github/workflows/package-plv8.yml delete mode 100644 .github/workflows/test-pg-upgrade.yml delete mode 100644 Dockerfile delete mode 100644 Dockerfile-158 delete mode 100644 amazon-arm64.pkr.hcl delete mode 100644 ansible/tasks/postgres-extensions/01-postgis.yml delete mode 100644 ansible/tasks/postgres-extensions/02-pgrouting.yml delete mode 100644 ansible/tasks/postgres-extensions/03-pgtap.yml delete mode 100644 ansible/tasks/postgres-extensions/04-pg_cron.yml delete mode 100644 ansible/tasks/postgres-extensions/05-pgaudit.yml delete mode 100644 ansible/tasks/postgres-extensions/06-pgjwt.yml delete mode 100644 ansible/tasks/postgres-extensions/07-pgsql-http.yml delete mode 100644 ansible/tasks/postgres-extensions/08-plpgsql_check.yml delete mode 100644 ansible/tasks/postgres-extensions/09-pg-safeupdate.yml delete mode 100644 ansible/tasks/postgres-extensions/10-timescaledb.yml delete mode 100644 ansible/tasks/postgres-extensions/11-wal2json.yml delete mode 100644 ansible/tasks/postgres-extensions/12-pljava.yml delete mode 100644 ansible/tasks/postgres-extensions/13-plv8.yml delete mode 100644 ansible/tasks/postgres-extensions/14-pg_plan_filter.yml delete mode 100644 ansible/tasks/postgres-extensions/15-pg_net.yml delete mode 100644 ansible/tasks/postgres-extensions/16-rum.yml delete mode 100644 ansible/tasks/postgres-extensions/17-pg_hashids.yml delete mode 100644 ansible/tasks/postgres-extensions/18-pgsodium.yml delete mode 100644 ansible/tasks/postgres-extensions/19-pg_graphql.yml delete mode 100644 ansible/tasks/postgres-extensions/20-pg_stat_monitor.yml delete mode 100644 ansible/tasks/postgres-extensions/22-pg_jsonschema.yml delete mode 100644 ansible/tasks/postgres-extensions/23-vault.yml delete mode 100644 ansible/tasks/postgres-extensions/24-pgroonga.yml delete mode 100644 ansible/tasks/postgres-extensions/25-wrappers.yml delete mode 100644 ansible/tasks/postgres-extensions/26-hypopg.yml delete mode 100644 ansible/tasks/postgres-extensions/27-pg_repack.yml delete mode 100644 ansible/tasks/postgres-extensions/28-pgvector.yml delete mode 100644 ansible/tasks/postgres-extensions/29-pg_tle.yml delete mode 100644 ansible/tasks/postgres-extensions/99-finish_async_tasks.yml delete mode 100644 common.vars.pkr.hcl delete mode 100644 digitalOcean.json delete mode 100644 docker/all-in-one/Dockerfile delete mode 100644 docker/all-in-one/README.md delete mode 100755 docker/all-in-one/configure-shim.sh delete mode 100755 docker/all-in-one/entrypoint.sh delete mode 100644 docker/all-in-one/etc/adminapi/adminapi.yaml delete mode 100644 docker/all-in-one/etc/fail2ban/filter.d/pgbouncer.conf delete mode 100644 docker/all-in-one/etc/fail2ban/filter.d/postgresql.conf delete mode 100644 docker/all-in-one/etc/fail2ban/jail.d/jail.local delete mode 100644 docker/all-in-one/etc/fail2ban/jail.d/pgbouncer.conf delete mode 100644 docker/all-in-one/etc/fail2ban/jail.d/postgresql.conf delete mode 100644 docker/all-in-one/etc/fail2ban/jail.d/sshd.local delete mode 100644 docker/all-in-one/etc/gotrue.env delete mode 100644 docker/all-in-one/etc/kong/kong.conf delete mode 100644 docker/all-in-one/etc/kong/kong.yml delete mode 100644 docker/all-in-one/etc/logrotate.d/postgresql.conf delete mode 100644 docker/all-in-one/etc/logrotate.d/walg.conf delete mode 100644 docker/all-in-one/etc/pgbouncer-custom/custom-overrides.ini delete mode 100644 docker/all-in-one/etc/pgbouncer-custom/generated-optimizations.ini delete mode 100644 docker/all-in-one/etc/pgbouncer-custom/ssl-config.ini delete mode 100644 docker/all-in-one/etc/pgbouncer/pgbouncer.ini delete mode 100644 docker/all-in-one/etc/pgbouncer/userlist.txt delete mode 100644 docker/all-in-one/etc/postgresql-custom/custom-overrides.conf delete mode 100644 docker/all-in-one/etc/postgresql-custom/generated-optimizations.conf delete mode 100644 docker/all-in-one/etc/postgresql-custom/postgresql-platform-defaults.conf delete mode 100644 docker/all-in-one/etc/postgresql.schema.sql delete mode 100644 docker/all-in-one/etc/postgresql/logging.conf delete mode 100755 docker/all-in-one/etc/postgresql/pg_hba.conf delete mode 100644 docker/all-in-one/etc/postgrest/base.conf delete mode 100755 docker/all-in-one/etc/postgrest/bootstrap.sh delete mode 100644 docker/all-in-one/etc/postgrest/generated.conf delete mode 100644 docker/all-in-one/etc/salt/minion delete mode 100644 docker/all-in-one/etc/sudoers.d/adminapi delete mode 100644 docker/all-in-one/etc/supa-shutdown/shutdown.conf delete mode 100644 docker/all-in-one/etc/supervisor/base-services/adminapi.conf delete mode 100644 docker/all-in-one/etc/supervisor/base-services/logrotate.conf delete mode 100644 docker/all-in-one/etc/supervisor/base-services/lsn-checkpoint-push.conf delete mode 100644 docker/all-in-one/etc/supervisor/base-services/pg_egress_collect.conf delete mode 100644 docker/all-in-one/etc/supervisor/base-services/postgresql.conf delete mode 100644 docker/all-in-one/etc/supervisor/base-services/supa-shutdown.conf delete mode 100644 docker/all-in-one/etc/supervisor/services/envoy.conf delete mode 100644 docker/all-in-one/etc/supervisor/services/exporter.conf delete mode 100644 docker/all-in-one/etc/supervisor/services/fail2ban.conf delete mode 100644 docker/all-in-one/etc/supervisor/services/gotrue.conf delete mode 100644 docker/all-in-one/etc/supervisor/services/group.conf delete mode 100644 docker/all-in-one/etc/supervisor/services/kong.conf delete mode 100644 docker/all-in-one/etc/supervisor/services/pgbouncer.conf delete mode 100644 docker/all-in-one/etc/supervisor/services/postgrest.conf delete mode 100644 docker/all-in-one/etc/supervisor/supervisord.conf delete mode 100644 docker/all-in-one/etc/tmpfiles.d/pgbouncer.conf delete mode 100644 docker/all-in-one/etc/vector/vector.yaml delete mode 100755 docker/all-in-one/healthcheck.sh delete mode 100755 docker/all-in-one/init/configure-admin-mgr.sh delete mode 100755 docker/all-in-one/init/configure-adminapi.sh delete mode 100755 docker/all-in-one/init/configure-autoshutdown.sh delete mode 100755 docker/all-in-one/init/configure-envoy.sh delete mode 100755 docker/all-in-one/init/configure-exporter.sh delete mode 100755 docker/all-in-one/init/configure-fail2ban.sh delete mode 100755 docker/all-in-one/init/configure-gotrue.sh delete mode 100755 docker/all-in-one/init/configure-kong.sh delete mode 100755 docker/all-in-one/init/configure-pg_egress_collect.sh delete mode 100755 docker/all-in-one/init/configure-pgbouncer.sh delete mode 100755 docker/all-in-one/init/configure-postgrest.sh delete mode 100755 docker/all-in-one/init/configure-vector.sh delete mode 100755 docker/all-in-one/init/start-kong.sh delete mode 100644 docker/all-in-one/opt/pg_egress_collect/pg_egress_collect.pl delete mode 100644 docker/all-in-one/opt/postgres_exporter/queries.yml delete mode 100755 docker/all-in-one/postgres-entrypoint.sh delete mode 100755 docker/all-in-one/run-logrotate.sh delete mode 100755 docker/all-in-one/shutdown.sh delete mode 100644 docker/cache/.gitkeep delete mode 100644 docker/orioledb/Dockerfile delete mode 100755 docker/orioledb/entrypoint.sh delete mode 100755 ebssurrogate/scripts/chroot-bootstrap.sh delete mode 100755 ebssurrogate/scripts/surrogate-bootstrap.sh delete mode 100644 migrations/schema-16.sql delete mode 100644 testinfra/test_all_in_one.py delete mode 100644 testinfra/test_ami.py diff --git a/.github/workflows/build-ccache.yml b/.github/workflows/build-ccache.yml deleted file mode 100644 index f296dd62f..000000000 --- a/.github/workflows/build-ccache.yml +++ /dev/null @@ -1,86 +0,0 @@ -name: Update ccache - -on: - push: - branches: - - develop - paths: - - ".github/workflows/build-ccache.yml" - - "ansible/vars.yml" - - "Dockerfile" - workflow_dispatch: - -env: - image_tag: public.ecr.aws/supabase/postgres:ccache -permissions: - contents: read - packages: write - id-token: write - -jobs: - settings: - runs-on: ubuntu-latest - outputs: - build_args: ${{ steps.args.outputs.result }} - steps: - - uses: actions/checkout@v3 - - id: args - uses: mikefarah/yq@master - with: - cmd: yq 'to_entries | map(select(.value|type == "!!str")) | map(.key + "=" + .value) | join("\n")' 'ansible/vars.yml' - - build_image: - needs: settings - strategy: - matrix: - include: - - runner: [self-hosted, X64] - arch: amd64 - - runner: arm-runner - arch: arm64 - runs-on: ${{ matrix.runner }} - timeout-minutes: 180 - outputs: - image_digest: ${{ steps.build.outputs.digest }} - steps: - - run: docker context create builders - - uses: docker/setup-buildx-action@v3 - with: - endpoint: builders - - name: Configure AWS credentials - prod - uses: aws-actions/configure-aws-credentials@v1 - with: - role-to-assume: ${{ secrets.PROD_AWS_ROLE }} - aws-region: "us-east-1" - - uses: docker/login-action@v2 - with: - registry: public.ecr.aws - - id: build - uses: docker/build-push-action@v5 - with: - push: true - target: buildcache - build-args: | - CACHE_EPOCH=${{ github.event.repository.updated_at }} - ${{ needs.settings.outputs.build_args }} - tags: ${{ env.image_tag }}_${{ matrix.arch }} - platforms: linux/${{ matrix.arch }} - - merge_manifest: - needs: build_image - runs-on: ubuntu-latest - steps: - - uses: docker/setup-buildx-action@v3 - - name: Configure AWS credentials - prod - uses: aws-actions/configure-aws-credentials@v1 - with: - role-to-assume: ${{ secrets.PROD_AWS_ROLE }} - aws-region: "us-east-1" - - uses: docker/login-action@v2 - with: - registry: public.ecr.aws - - name: Merge multi-arch manifests - run: | - docker buildx imagetools create -t ${{ env.image_tag }} \ - ${{ env.image_tag }}_amd64 \ - ${{ env.image_tag }}_arm64 diff --git a/.github/workflows/dockerhub-release-15-8.yml b/.github/workflows/dockerhub-release-15-8.yml deleted file mode 100644 index 11ffd2e48..000000000 --- a/.github/workflows/dockerhub-release-15-8.yml +++ /dev/null @@ -1,104 +0,0 @@ -name: Release 15.6 on Dockerhub - -on: - push: - branches: - - develop - - release/* - paths: - - ".github/workflows/dockerhub-release-15-6.yml" - - "common-nix.vars*" - workflow_dispatch: - -jobs: - settings: - runs-on: ubuntu-latest - outputs: - docker_version: ${{ steps.settings.outputs.postgres-version }} - image_tag: supabase/postgres:${{ steps.settings.outputs.postgres-version }} - build_args: ${{ steps.args.outputs.result }} - steps: - - uses: actions/checkout@v3 - - id: settings - # Remove spaces and quotes to get the raw version string - run: sed -r 's/(\s|\")+//g' common-nix.vars.pkr.hcl >> $GITHUB_OUTPUT - - id: args - uses: mikefarah/yq@master - with: - cmd: yq 'to_entries | map(select(.value|type == "!!str")) | map(.key + "=" + .value) | join("\n")' 'ansible/vars.yml' - - build_release_image: - needs: [settings] - strategy: - matrix: - include: - - runner: [self-hosted, X64] - arch: amd64 - - runner: arm-runner - arch: arm64 - runs-on: ${{ matrix.runner }} - timeout-minutes: 180 - outputs: - image_digest: ${{ steps.build.outputs.digest }} - steps: - - run: docker context create builders - - uses: docker/setup-buildx-action@v3 - with: - endpoint: builders - - uses: docker/login-action@v2 - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - - id: build - uses: docker/build-push-action@v5 - with: - push: true - build-args: | - ${{ needs.settings.outputs.build_args }} - target: production - tags: ${{ needs.settings.outputs.image_tag }}_${{ matrix.arch }} - platforms: linux/${{ matrix.arch }} - cache-from: type=gha,scope=${{ github.ref_name }}-latest-${{ matrix.arch }} - cache-to: type=gha,mode=max,scope=${{ github.ref_name }}-latest-${{ matrix.arch }} - file: "Dockerfile-158" - - name: Slack Notification - if: ${{ failure() }} - uses: rtCamp/action-slack-notify@v2 - env: - SLACK_WEBHOOK: ${{ secrets.SLACK_NOTIFICATIONS_WEBHOOK }} - SLACK_USERNAME: "gha-failures-notifier" - SLACK_COLOR: "danger" - SLACK_MESSAGE: "Building Postgres ${{ matrix.arch }} image failed" - SLACK_FOOTER: "" - - merge_manifest: - needs: [settings, build_release_image] - runs-on: ubuntu-latest - steps: - - uses: docker/setup-buildx-action@v3 - - uses: docker/login-action@v2 - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - - name: Merge multi-arch manifests - run: | - docker buildx imagetools create -t ${{ needs.settings.outputs.image_tag }} \ - ${{ needs.settings.outputs.image_tag }}_amd64 \ - ${{ needs.settings.outputs.image_tag }}_arm64 - - name: Slack Notification - if: ${{ failure() }} - uses: rtCamp/action-slack-notify@v2 - env: - SLACK_WEBHOOK: ${{ secrets.SLACK_NOTIFICATIONS_WEBHOOK }} - SLACK_USERNAME: "gha-failures-notifier" - SLACK_COLOR: "danger" - SLACK_MESSAGE: "Building Postgres image failed" - SLACK_FOOTER: "" - - publish: - needs: [settings, merge_manifest] - # Call workflow explicitly because events from actions cannot trigger more actions - uses: ./.github/workflows/mirror.yml - with: - version: ${{ needs.settings.outputs.docker_version }} - secrets: inherit diff --git a/.github/workflows/dockerhub-release-aio.yml b/.github/workflows/dockerhub-release-aio.yml deleted file mode 100644 index e6717df9f..000000000 --- a/.github/workflows/dockerhub-release-aio.yml +++ /dev/null @@ -1,124 +0,0 @@ -name: Release AIO image - -on: - push: - branches: - - develop - paths: - - ".github/workflows/dockerhub-release-aio.yml" - - "docker/all-in-one/*" - workflow_run: - workflows: [Release on Dockerhub] - branches: - - develop - types: - - completed - workflow_dispatch: - inputs: - baseDockerVersion: - description: 'Base Docker Version. E.g., 15.1.1.27' - required: false - -jobs: - settings: - runs-on: ubuntu-latest - outputs: - base_docker_version: ${{ steps.base_docker.outputs.base-docker-version }} - docker_version: ${{ steps.settings.outputs.postgres-version }} - image_tag: supabase/postgres:aio-${{ steps.settings.outputs.postgres-version }} - fly_image_tag: supabase-postgres-image:aio-${{ steps.settings.outputs.postgres-version }} - build_args: ${{ steps.args.outputs.result }} - steps: - - uses: actions/checkout@v3 - - id: settings - # Remove spaces and quotes to get the raw version string - run: sed -r 's/(\s|\")+//g' common.vars.pkr.hcl >> $GITHUB_OUTPUT - - id: base_docker - run: | - if [[ "${{ inputs.baseDockerVersion }}" != "" ]]; then - echo "base-docker-version=${{ inputs.baseDockerVersion }}" >> $GITHUB_OUTPUT - else - echo "base-docker-version=${{ steps.settings.outputs.postgres-version }}" >> $GITHUB_OUTPUT - fi - - id: args - uses: mikefarah/yq@master - with: - cmd: yq 'to_entries | map(select(.value|type == "!!str")) | map(.key + "=" + .value) | join("\n")' 'ansible/vars.yml' - - build_image: - needs: settings - strategy: - matrix: - include: - - runner: [self-hosted, X64] - arch: amd64 - - runner: arm-runner - arch: arm64 - runs-on: ${{ matrix.runner }} - timeout-minutes: 180 - outputs: - image_digest: ${{ steps.build.outputs.digest }} - steps: - - run: docker context create builders - - uses: docker/setup-buildx-action@v3 - with: - endpoint: builders - - uses: docker/login-action@v2 - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - - id: build - uses: docker/build-push-action@v5 - with: - file: docker/all-in-one/Dockerfile - push: true - build-args: | - postgres_version=${{ needs.settings.outputs.base_docker_version }} - envoy_lds=lds.supabase.yaml - ${{ needs.settings.outputs.build_args }} - target: production - tags: ${{ needs.settings.outputs.image_tag }}_${{ matrix.arch }} - platforms: linux/${{ matrix.arch }} - cache-from: type=gha,scope=${{ github.ref_name }}-aio-${{ matrix.arch }} - cache-to: type=gha,mode=max,scope=${{ github.ref_name }}-aio-${{ matrix.arch }} - - name: Slack Notification - if: ${{ failure() }} - uses: rtCamp/action-slack-notify@v2 - env: - SLACK_WEBHOOK: ${{ secrets.SLACK_NOTIFICATIONS_WEBHOOK }} - SLACK_USERNAME: "gha-failures-notifier" - SLACK_COLOR: "danger" - SLACK_MESSAGE: "Building Postgres AIO ${{ matrix.arch }} image failed" - SLACK_FOOTER: "" - - merge_manifest: - needs: [settings, build_image] - runs-on: ubuntu-latest - steps: - - uses: docker/setup-buildx-action@v3 - - uses: docker/login-action@v2 - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - - name: Merge multi-arch manifests - run: | - docker buildx imagetools create -t ${{ needs.settings.outputs.image_tag }} \ - ${{ needs.settings.outputs.image_tag }}_amd64 \ - ${{ needs.settings.outputs.image_tag }}_arm64 - - name: Slack Notification - if: ${{ failure() }} - uses: rtCamp/action-slack-notify@v2 - env: - SLACK_WEBHOOK: ${{ secrets.SLACK_NOTIFICATIONS_WEBHOOK }} - SLACK_USERNAME: "gha-failures-notifier" - SLACK_COLOR: "danger" - SLACK_MESSAGE: "Building Postgres image failed" - SLACK_FOOTER: "" - - publish: - needs: [settings, merge_manifest] - # Call workflow explicitly because events from actions cannot trigger more actions - uses: ./.github/workflows/mirror.yml - with: - version: aio-${{ needs.settings.outputs.docker_version }} - secrets: inherit diff --git a/.github/workflows/dockerhub-release-orioledb.yml b/.github/workflows/dockerhub-release-orioledb.yml deleted file mode 100644 index 2c2f05186..000000000 --- a/.github/workflows/dockerhub-release-orioledb.yml +++ /dev/null @@ -1,86 +0,0 @@ -name: Release OrioleDB on Dockerhub - -on: - push: - branches: - - develop - paths: - - ".github/workflows/dockerhub-release-orioledb.yml" - - "docker/orioledb/*" - - "common.vars*" - -jobs: - settings: - runs-on: ubuntu-latest - outputs: - docker_version: orioledb-${{ steps.settings.outputs.postgres-version }} - image_tag: supabase/postgres:orioledb-${{ steps.settings.outputs.postgres-version }} - build_args: ${{ steps.args.outputs.result }} - steps: - - uses: actions/checkout@v3 - - id: settings - # Remove spaces and quotes to get the raw version string - run: sed -r 's/(\s|\")+//g' common.vars.pkr.hcl >> $GITHUB_OUTPUT - - id: args - uses: mikefarah/yq@master - with: - cmd: yq 'to_entries | map(select(.value|type == "!!str")) | map(.key + "=" + .value) | join("\n")' 'ansible/vars.yml' - - build_image: - needs: settings - strategy: - fail-fast: false - matrix: - include: - - runner: [self-hosted, X64] - arch: amd64 - - runner: arm-runner - arch: arm64 - runs-on: ${{ matrix.runner }} - timeout-minutes: 180 - outputs: - image_digest: ${{ steps.build.outputs.digest }} - steps: - - run: docker context create builders - - uses: docker/setup-buildx-action@v3 - with: - endpoint: builders - - uses: docker/login-action@v2 - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - - id: build - uses: docker/build-push-action@v5 - with: - file: docker/orioledb/Dockerfile - push: true - build-args: | - ${{ needs.settings.outputs.build_args }} - target: production - tags: ${{ needs.settings.outputs.image_tag }}_${{ matrix.arch }} - platforms: linux/${{ matrix.arch }} - cache-from: type=gha,scope=${{ github.ref_name }}-orioledb-${{ matrix.arch }} - cache-to: type=gha,mode=max,scope=${{ github.ref_name }}-orioledb-${{ matrix.arch }} - - merge_manifest: - needs: [settings, build_image] - runs-on: ubuntu-latest - steps: - - uses: docker/setup-buildx-action@v3 - - uses: docker/login-action@v2 - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - - name: Merge multi-arch manifests - run: | - docker buildx imagetools create -t ${{ needs.settings.outputs.image_tag }} \ - ${{ needs.settings.outputs.image_tag }}_amd64 \ - ${{ needs.settings.outputs.image_tag }}_arm64 - - publish: - needs: [settings, merge_manifest] - # Call workflow explicitly because events from actions cannot trigger more actions - uses: ./.github/workflows/mirror.yml - with: - version: ${{ needs.settings.outputs.docker_version }} - secrets: inherit diff --git a/.github/workflows/dockerhub-release.yml b/.github/workflows/dockerhub-release.yml deleted file mode 100644 index 7f4be5552..000000000 --- a/.github/workflows/dockerhub-release.yml +++ /dev/null @@ -1,102 +0,0 @@ -name: Release on Dockerhub - -on: - push: - branches: - - develop - paths: - - ".github/workflows/dockerhub-release.yml" - - "common.vars*" - -jobs: - settings: - runs-on: ubuntu-latest - outputs: - docker_version: ${{ steps.settings.outputs.postgres-version }} - image_tag: supabase/postgres:${{ steps.settings.outputs.postgres-version }} - build_args: ${{ steps.args.outputs.result }} - steps: - - uses: actions/checkout@v3 - - id: settings - # Remove spaces and quotes to get the raw version string - run: sed -r 's/(\s|\")+//g' common.vars.pkr.hcl >> $GITHUB_OUTPUT - - id: args - uses: mikefarah/yq@master - with: - cmd: yq 'to_entries | map(select(.value|type == "!!str")) | map(.key + "=" + .value) | join("\n")' 'ansible/vars.yml' - - - build_image: - needs: settings - strategy: - matrix: - include: - - runner: [self-hosted, X64] - arch: amd64 - - runner: arm-runner - arch: arm64 - runs-on: ${{ matrix.runner }} - timeout-minutes: 180 - outputs: - image_digest: ${{ steps.build.outputs.digest }} - steps: - - run: docker context create builders - - uses: docker/setup-buildx-action@v3 - with: - endpoint: builders - - uses: docker/login-action@v2 - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - - id: build - uses: docker/build-push-action@v5 - with: - push: true - build-args: | - ${{ needs.settings.outputs.build_args }} - target: production - tags: ${{ needs.settings.outputs.image_tag }}_${{ matrix.arch }} - platforms: linux/${{ matrix.arch }} - cache-from: type=gha,scope=${{ github.ref_name }}-latest-${{ matrix.arch }} - cache-to: type=gha,mode=max,scope=${{ github.ref_name }}-latest-${{ matrix.arch }} - - name: Slack Notification - if: ${{ failure() }} - uses: rtCamp/action-slack-notify@v2 - env: - SLACK_WEBHOOK: ${{ secrets.SLACK_NOTIFICATIONS_WEBHOOK }} - SLACK_USERNAME: "gha-failures-notifier" - SLACK_COLOR: "danger" - SLACK_MESSAGE: "Building Postgres ${{ matrix.arch }} image failed" - SLACK_FOOTER: "" - - merge_manifest: - needs: [settings, build_image] - runs-on: ubuntu-latest - steps: - - uses: docker/setup-buildx-action@v3 - - uses: docker/login-action@v2 - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - - name: Merge multi-arch manifests - run: | - docker buildx imagetools create -t ${{ needs.settings.outputs.image_tag }} \ - ${{ needs.settings.outputs.image_tag }}_amd64 \ - ${{ needs.settings.outputs.image_tag }}_arm64 - - name: Slack Notification - if: ${{ failure() }} - uses: rtCamp/action-slack-notify@v2 - env: - SLACK_WEBHOOK: ${{ secrets.SLACK_NOTIFICATIONS_WEBHOOK }} - SLACK_USERNAME: "gha-failures-notifier" - SLACK_COLOR: "danger" - SLACK_MESSAGE: "Building Postgres image failed" - SLACK_FOOTER: "" - - publish: - needs: [settings, merge_manifest] - # Call workflow explicitly because events from actions cannot trigger more actions - uses: ./.github/workflows/mirror.yml - with: - version: ${{ needs.settings.outputs.docker_version }} - secrets: inherit diff --git a/.github/workflows/package-plv8.yml b/.github/workflows/package-plv8.yml deleted file mode 100644 index 09b2c4efd..000000000 --- a/.github/workflows/package-plv8.yml +++ /dev/null @@ -1,78 +0,0 @@ -name: Package plv8 - -on: - push: - branches: - - develop - paths: - - ".github/workflows/package-plv8.yml" - - "Dockerfile" - workflow_dispatch: - -env: - image: ghcr.io/supabase/plv8 -permissions: - contents: read - packages: write - id-token: write - -jobs: - settings: - runs-on: ubuntu-latest - outputs: - image_tag: ${{ env.image }}:${{ steps.meta.outputs.image_tag }} - steps: - - uses: actions/checkout@v3 - - id: meta - run: | - plv8_release=$(grep -o 'plv8_release=.*' Dockerfile | head -1 | cut -d "=" -f 2) - postgresql_major=$(grep -o 'postgresql_major=.*' Dockerfile | head -1 | cut -d "=" -f 2) - echo "image_tag=${plv8_release}-pg${postgresql_major}" >> $GITHUB_OUTPUT - - build_image: - needs: settings - strategy: - matrix: - include: - - runner: [self-hosted, X64] - arch: amd64 - - runner: arm-runner - arch: arm64 - runs-on: ${{ matrix.runner }} - timeout-minutes: 180 - outputs: - image_digest: ${{ steps.build.outputs.digest }} - steps: - - run: docker context create builders - - uses: docker/setup-buildx-action@v3 - with: - endpoint: builders - - uses: docker/login-action@v2 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - id: build - uses: docker/build-push-action@v5 - with: - push: true - target: plv8-deb - tags: ${{ needs.settings.outputs.image_tag }}_${{ matrix.arch }} - platforms: linux/${{ matrix.arch }} - no-cache: true - - merge_manifest: - needs: [settings, build_image] - runs-on: ubuntu-latest - steps: - - uses: docker/setup-buildx-action@v3 - - uses: docker/login-action@v2 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - name: Merge multi-arch manifests - run: | - docker buildx imagetools create -t ${{ needs.settings.outputs.image_tag }} \ - ${{ needs.settings.outputs.image_tag }}_amd64 \ - ${{ needs.settings.outputs.image_tag }}_arm64 diff --git a/.github/workflows/test-pg-upgrade.yml b/.github/workflows/test-pg-upgrade.yml deleted file mode 100644 index b90791bc6..000000000 --- a/.github/workflows/test-pg-upgrade.yml +++ /dev/null @@ -1,133 +0,0 @@ -name: Test pg_upgrade - -on: - push: - branches: - - develop - - pcnc/pg_upgrade-test-extensions - workflow_dispatch: - -permissions: - id-token: write - -jobs: - test: - strategy: - matrix: - base_pg_version: - - 15.1.1.60 - - 15.1.1.70 - runs-on: arm-runner - timeout-minutes: 30 - defaults: - run: - working-directory: ./tests/pg_upgrade - env: - PGPORT: 5478 - PGPASSWORD: postgres - PGDATABASE: postgres - PGUSER: supabase_admin - PGHOST: localhost - PG_MAJOR_VERSION: 15 - IS_CI: true - container: pg_upgrade_test - steps: - - uses: actions/checkout@v3 - - - name: Grab release version - id: process_release_version - working-directory: ./ - run: | - VERSION=$(sed -e 's/postgres-version = "\(.*\)"/\1/g' common.vars.pkr.hcl) - echo "version=$VERSION" >> "$GITHUB_OUTPUT" - - - name: configure aws credentials - staging - uses: aws-actions/configure-aws-credentials@v1 - with: - role-to-assume: ${{ secrets.DEV_AWS_ROLE }} - aws-region: "us-east-1" - - - name: Download pg_upgrade_scripts and binaries - run: | - aws s3 cp s3://${{ secrets.ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/pg_upgrade_scripts.tar.gz scripts/pg_upgrade_scripts.tar.gz - aws s3 cp s3://${{ secrets.ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/20.04.tar.gz scripts/pg_upgrade_bin.tar.gz - - - run: docker context create builders - - uses: docker/setup-buildx-action@v2 - with: - endpoint: builders - driver-opts: image=moby/buildkit:v0.11.6 - buildkitd-flags: --debug - - - name: Start Postgres - run: | - docker rm -f "$container" || true - docker run --name "$container" --env-file .env \ - -v "$(pwd)/scripts:/tmp/upgrade" \ - --entrypoint "/tmp/upgrade/entrypoint.sh" -d \ - -p ${PGPORT}:5432 \ - "supabase/postgres:${{ matrix.base_pg_version }}" - - - name: Install psql - run: | - sudo apt update - sudo apt install -y --no-install-recommends postgresql-client - - - name: Install pg_prove - run: | - sudo apt-get update - sudo apt-get install -y --no-install-recommends perl cpanminus - sudo cpanm -n App::cpanminus - sudo cpanm -n TAP::Parser::SourceHandler::pgTAP - env: - SHELL: /bin/bash - PERL_MM_USE_DEFAULT: 1 - PERL_MM_NONINTERACTIVE: 1 - - - name: Wait for healthy database - run: | - count=0 - while ! docker exec "$container" bash -c "pg_isready"; do - count=$((count + 1)) - if [ $count -ge "$retries" ]; then - echo "Retry $count/$retries exited $exit, no more retries left." - docker logs "$container" - docker rm -f "$container" - exit 1 - fi - done - env: - retries: 20 - - - name: Run migrations - run: | - docker cp ../../migrations/db/migrations "$container:/docker-entrypoint-initdb.d/" - docker exec "$container" bash -c "/docker-entrypoint-initdb.d/migrate.sh > /tmp/migrate.log 2>&1" - - - name: Run initial tests - run: pg_prove "../../migrations/tests/test.sql" - env: - PERL5LIB: /usr/local/lib/perl5 - - - name: Apply pre-upgrade fixtures - run: | - psql -f "./tests/97-enable-extensions.sql" - psql -f "./tests/98-data-fixtures.sql" - psql -f "./tests/99-fixtures.sql" - - - name: Initiate upgrade - run: docker exec "$container" bash -c '/tmp/upgrade/pg_upgrade_scripts/initiate.sh "$PG_MAJOR_VERSION"; exit $?' - - - name: Complete pg_upgrade - run: docker exec pg_upgrade_test bash -c '/tmp/upgrade/pg_upgrade_scripts/complete.sh; exit $?' - - - name: Run post-upgrade tests - run: | - pg_prove tests/01-schema.sql - pg_prove tests/02-data.sql - pg_prove tests/03-settings.sql - - - name: Clean up container - if: ${{ always() }} - continue-on-error: true - run: docker rm -f "$container" || true diff --git a/Dockerfile b/Dockerfile deleted file mode 100644 index 8309c2585..000000000 --- a/Dockerfile +++ /dev/null @@ -1,998 +0,0 @@ -# syntax=docker/dockerfile:1.6 -ARG postgresql_major=15 -ARG postgresql_release=${postgresql_major}.1 - -# Bump default build arg to build a package from source -# Bump vars.yml to specify runtime package version -ARG sfcgal_release=1.3.10 -ARG postgis_release=3.3.2 -ARG pgrouting_release=3.4.1 -ARG pgtap_release=1.2.0 -ARG pg_cron_release=1.6.2 -ARG pgaudit_release=1.7.0 -ARG pgjwt_release=9742dab1b2f297ad3811120db7b21451bca2d3c9 -ARG pgsql_http_release=1.5.0 -ARG plpgsql_check_release=2.2.5 -ARG pg_safeupdate_release=1.4 -ARG timescaledb_release=2.9.1 -ARG wal2json_release=2_5 -ARG pljava_release=1.6.4 -ARG plv8_release=3.1.5 -ARG pg_plan_filter_release=5081a7b5cb890876e67d8e7486b6a64c38c9a492 -ARG pg_net_release=0.9.2 -ARG rum_release=1.3.13 -ARG pg_hashids_release=cd0e1b31d52b394a0df64079406a14a4f7387cd6 -ARG libsodium_release=1.0.18 -ARG pgsodium_release=3.1.6 -ARG pg_graphql_release=1.5.1 -ARG pg_stat_monitor_release=1.1.1 -ARG pg_jsonschema_release=0.1.4 -ARG pg_repack_release=1.4.8 -ARG vault_release=0.2.8 -ARG groonga_release=12.0.8 -ARG pgroonga_release=2.4.0 -ARG wrappers_release=0.4.1 -ARG hypopg_release=1.3.1 -ARG pgvector_release=0.4.0 -ARG pg_tle_release=1.3.2 -ARG index_advisor_release=0.2.0 -ARG supautils_release=2.5.0 -ARG wal_g_release=2.0.1 - -#################### -# Setup Postgres PPA -#################### -FROM ubuntu:focal as ppa -# Redeclare args for use in subsequent stages -ARG postgresql_major -RUN apt-get update && apt-get install -y --no-install-recommends \ - gnupg \ - ca-certificates \ - && rm -rf /var/lib/apt/lists/* -# Add Postgres PPA -# In the off-chance that the key in the repository expires, it can be replaced by running the following in the repository's root: -# gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys $NEW_POSTGRESQL_GPG_KEY -# gpg --export --armor $NEW_POSTGRESQL_GPG_KEY > postgresql.gpg.key -COPY postgresql.gpg.key /tmp/postgresql.gpg.key -RUN apt-key add /tmp/postgresql.gpg.key && \ - echo "deb https://apt-archive.postgresql.org/pub/repos/apt focal-pgdg-archive main" > /etc/apt/sources.list.d/pgdg.list - -#################### -# Download pre-built postgres -#################### -FROM ppa as pg -ARG postgresql_release -# Download .deb packages -RUN apt-get update && apt-get install -y --no-install-recommends --download-only \ - postgresql-${postgresql_major}=${postgresql_release}-1.pgdg20.04+1 \ - && rm -rf /var/lib/apt/lists/* -RUN mv /var/cache/apt/archives/*.deb /tmp/ - -FROM ppa as pg-dev -ARG postgresql_release -# Download .deb packages -RUN apt-get update && apt-get install -y --no-install-recommends --download-only \ - postgresql-server-dev-${postgresql_major}=${postgresql_release}-1.pgdg20.04+1 \ - && rm -rf /var/lib/apt/lists/* -RUN mv /var/cache/apt/archives/*.deb /tmp/ - -#################### -# Install postgres -#################### -FROM ubuntu:focal as base -# Redeclare args for use in subsequent stages -ARG TARGETARCH -ARG postgresql_major - -# Install postgres -COPY --from=pg /tmp /tmp -# Ref: https://github.com/docker-library/postgres/blob/master/15/bullseye/Dockerfile#L91 -ENV DEBIAN_FRONTEND=noninteractive -RUN set -ex; \ - export PYTHONDONTWRITEBYTECODE=1; \ - apt-get update; \ - apt-get install -y --no-install-recommends /tmp/postgresql-common_*.deb /tmp/postgresql-client-common_*.deb; \ - sed -ri 's/#(create_main_cluster) .*$/\1 = false/' /etc/postgresql-common/createcluster.conf; \ - apt-get install -y --no-install-recommends /tmp/*.deb; \ - rm -rf /var/lib/apt/lists/* /tmp/*; \ - find /usr -name '*.pyc' -type f -exec bash -c 'for pyc; do dpkg -S "$pyc" &> /dev/null || rm -vf "$pyc"; done' -- '{}' + - -ENV PATH=$PATH:/usr/lib/postgresql/${postgresql_major}/bin -ENV PGDATA=/var/lib/postgresql/data - -# Make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default -RUN localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 -ENV LANG=en_US.UTF-8 -ENV LC_CTYPE=C.UTF-8 -ENV LC_COLLATE=C.UTF-8 - -FROM base as builder -# Install build dependencies -COPY --from=pg-dev /tmp /tmp -RUN apt-get update && \ - rm -f /tmp/libssl-dev* && \ - apt-get install -y --no-install-recommends \ - /tmp/*.deb \ - build-essential \ - checkinstall \ - cmake \ - && rm -rf /var/lib/apt/lists/* /tmp/* - -FROM builder as ccache -# Cache large build artifacts -RUN apt-get update && apt-get install -y --no-install-recommends \ - clang \ - ccache \ - && rm -rf /var/lib/apt/lists/* -ENV CCACHE_DIR=/ccache -ENV PATH=/usr/lib/ccache:$PATH -# Used to update ccache -ARG CACHE_EPOCH - -#################### -# 01-postgis.yml -#################### -FROM ccache as sfcgal -# Download and extract -ARG sfcgal_release -ARG sfcgal_release_checksum -ADD --checksum=${sfcgal_release_checksum} \ - "https://supabase-public-artifacts-bucket.s3.amazonaws.com/sfcgal/SFCGAL-v${sfcgal_release}.tar.gz" \ - /tmp/sfcgal.tar.gz -RUN tar -xvf /tmp/sfcgal.tar.gz -C /tmp --one-top-level --strip-components 1 && \ - rm -rf /tmp/sfcgal.tar.gz -# Install build dependencies -RUN apt-get update && apt-get install -y --no-install-recommends \ - libcgal-dev \ - libboost-serialization1.71-dev \ - libmpfr-dev \ - libgmp-dev \ - && rm -rf /var/lib/apt/lists/* -# Build from source -WORKDIR /tmp/sfcgal/build -RUN cmake .. -RUN --mount=type=cache,target=/ccache,from=public.ecr.aws/supabase/postgres:ccache \ - make -j$(nproc) -# Create debian package -RUN checkinstall -D --install=yes --fstrans=no --backup=no --pakdir=/tmp --pkgname=sfcgal --pkgversion=${sfcgal_release} --requires=libgmpxx4ldbl,libboost-serialization1.71.0,libmpfr6 --nodoc - -FROM sfcgal as postgis-source -# Download and extract -ARG postgis_release -ARG postgis_release_checksum -ADD --checksum=${postgis_release_checksum} \ - "https://supabase-public-artifacts-bucket.s3.amazonaws.com/postgis-${postgis_release}.tar.gz" \ - /tmp/postgis.tar.gz -RUN tar -xvf /tmp/postgis.tar.gz -C /tmp && \ - rm -rf /tmp/postgis.tar.gz -# Install build dependencies -RUN apt-get update && apt-get install -y --no-install-recommends \ - protobuf-c-compiler \ - libgeos-dev \ - libproj-dev \ - libgdal-dev \ - libjson-c-dev \ - libxml2-dev \ - libprotobuf-c-dev \ - && rm -rf /var/lib/apt/lists/* -# Build from source -WORKDIR /tmp/postgis-${postgis_release} -RUN ./configure --with-sfcgal -RUN --mount=type=cache,target=/ccache,from=public.ecr.aws/supabase/postgres:ccache \ - make -j$(nproc) -# Create debian package -RUN checkinstall -D --install=no --fstrans=no --backup=no --pakdir=/tmp --requires=libgeos-c1v5,libproj15,libjson-c4,libprotobuf-c1,libgdal26 --nodoc - -FROM ppa as postgis -# Latest available is 3.3.2 -ARG postgis_release -# Download pre-built packages -RUN apt-get update && apt-get install -y --no-install-recommends --download-only \ - postgresql-${postgresql_major}-postgis-3=${postgis_release}+dfsg-1.pgdg20.04+1 \ - && rm -rf /var/lib/apt/lists/* -RUN mv /var/cache/apt/archives/*.deb /tmp/ - -#################### -# 02-pgrouting.yml -#################### -FROM ccache as pgrouting-source -# Download and extract -ARG pgrouting_release -ARG pgrouting_release_checksum -ADD --checksum=${pgrouting_release_checksum} \ - "https://github.com/pgRouting/pgrouting/releases/download/v${pgrouting_release}/pgrouting-${pgrouting_release}.tar.gz" \ - /tmp/pgrouting.tar.gz -RUN tar -xvf /tmp/pgrouting.tar.gz -C /tmp && \ - rm -rf /tmp/pgrouting.tar.gz -# Install build dependencies -RUN apt-get update && apt-get install -y --no-install-recommends \ - libboost-all-dev \ - && rm -rf /var/lib/apt/lists/* -# Build from source -WORKDIR /tmp/pgrouting-${pgrouting_release}/build -RUN cmake -DBUILD_HTML=OFF -DBUILD_DOXY=OFF .. -RUN --mount=type=cache,target=/ccache,from=public.ecr.aws/supabase/postgres:ccache \ - make -j$(nproc) -# Create debian package -RUN checkinstall -D --install=no --fstrans=no --backup=no --pakdir=/tmp --pkgname=pgrouting --pkgversion=${pgrouting_release} --nodoc - -FROM ppa as pgrouting -ARG pgrouting_release -# Download pre-built packages -RUN apt-get update && apt-get install -y --no-install-recommends --download-only \ - postgresql-${postgresql_major}-pgrouting=${pgrouting_release}-1.pgdg20.04+1 \ - && rm -rf /var/lib/apt/lists/* -RUN mv /var/cache/apt/archives/*.deb /tmp/ - -#################### -# 03-pgtap.yml -#################### -FROM builder as pgtap-source -# Download and extract -ARG pgtap_release -ARG pgtap_release_checksum -ADD --checksum=${pgtap_release_checksum} \ - "https://github.com/theory/pgtap/archive/v${pgtap_release}.tar.gz" \ - /tmp/pgtap.tar.gz -RUN tar -xvf /tmp/pgtap.tar.gz -C /tmp && \ - rm -rf /tmp/pgtap.tar.gz -# Build from source -WORKDIR /tmp/pgtap-${pgtap_release} -RUN make -j$(nproc) -# Create debian package -RUN checkinstall -D --install=no --fstrans=no --backup=no --pakdir=/tmp --nodoc - -#################### -# 04-pg_cron.yml -#################### -FROM ccache as pg_cron-source -# Download and extract -ARG pg_cron_release -ARG pg_cron_release_checksum -ADD --checksum=${pg_cron_release_checksum} \ - "https://github.com/citusdata/pg_cron/archive/refs/tags/v${pg_cron_release}.tar.gz" \ - /tmp/pg_cron.tar.gz -RUN tar -xvf /tmp/pg_cron.tar.gz -C /tmp && \ - rm -rf /tmp/pg_cron.tar.gz -# Build from source -WORKDIR /tmp/pg_cron-${pg_cron_release} -RUN --mount=type=cache,target=/ccache,from=public.ecr.aws/supabase/postgres:ccache \ - make -j$(nproc) -# Create debian package -RUN checkinstall -D --install=no --fstrans=no --backup=no --pakdir=/tmp --nodoc - -#################### -# 05-pgaudit.yml -#################### -FROM ccache as pgaudit-source -# Download and extract -ARG pgaudit_release -ARG pgaudit_release_checksum -ADD --checksum=${pgaudit_release_checksum} \ - "https://github.com/pgaudit/pgaudit/archive/refs/tags/${pgaudit_release}.tar.gz" \ - /tmp/pgaudit.tar.gz -RUN tar -xvf /tmp/pgaudit.tar.gz -C /tmp && \ - rm -rf /tmp/pgaudit.tar.gz -# Install build dependencies -RUN apt-get update && apt-get install -y --no-install-recommends \ - libssl-dev \ - libkrb5-dev \ - && rm -rf /var/lib/apt/lists/* -# Build from source -WORKDIR /tmp/pgaudit-${pgaudit_release} -ENV USE_PGXS=1 -RUN --mount=type=cache,target=/ccache,from=public.ecr.aws/supabase/postgres:ccache \ - make -j$(nproc) -# Create debian package -RUN checkinstall -D --install=no --fstrans=no --backup=no --pakdir=/tmp --nodoc - -#################### -# 06-pgjwt.yml -#################### -FROM builder as pgjwt-source -# Download and extract -ARG pgjwt_release -ADD "https://github.com/michelp/pgjwt.git#${pgjwt_release}" \ - /tmp/pgjwt-${pgjwt_release} -# Build from source -WORKDIR /tmp/pgjwt-${pgjwt_release} -RUN make -j$(nproc) -# Create debian package -RUN checkinstall -D --install=no --fstrans=no --backup=no --pakdir=/tmp --pkgversion=1 --nodoc - -#################### -# 07-pgsql-http.yml -#################### -FROM ccache as pgsql-http-source -# Download and extract -ARG pgsql_http_release -ARG pgsql_http_release_checksum -ADD --checksum=${pgsql_http_release_checksum} \ - "https://github.com/pramsey/pgsql-http/archive/refs/tags/v${pgsql_http_release}.tar.gz" \ - /tmp/pgsql-http.tar.gz -RUN tar -xvf /tmp/pgsql-http.tar.gz -C /tmp && \ - rm -rf /tmp/pgsql-http.tar.gz -# Install build dependencies -RUN apt-get update && apt-get install -y --no-install-recommends \ - libcurl4-gnutls-dev \ - && rm -rf /var/lib/apt/lists/* -# Build from source -WORKDIR /tmp/pgsql-http-${pgsql_http_release} -RUN --mount=type=cache,target=/ccache,from=public.ecr.aws/supabase/postgres:ccache \ - make -j$(nproc) -# Create debian package -RUN checkinstall -D --install=no --fstrans=no --backup=no --pakdir=/tmp --requires=libcurl3-gnutls --nodoc - -#################### -# 08-plpgsql_check.yml -#################### -FROM ccache as plpgsql_check-source -# Download and extract -ARG plpgsql_check_release -ARG plpgsql_check_release_checksum -ADD --checksum=${plpgsql_check_release_checksum} \ - "https://github.com/okbob/plpgsql_check/archive/refs/tags/v${plpgsql_check_release}.tar.gz" \ - /tmp/plpgsql_check.tar.gz -RUN tar -xvf /tmp/plpgsql_check.tar.gz -C /tmp && \ - rm -rf /tmp/plpgsql_check.tar.gz -# Install build dependencies -RUN apt-get update && apt-get install -y --no-install-recommends \ - libicu-dev \ - && rm -rf /var/lib/apt/lists/* -# Build from source -WORKDIR /tmp/plpgsql_check-${plpgsql_check_release} -RUN --mount=type=cache,target=/ccache,from=public.ecr.aws/supabase/postgres:ccache \ - make -j$(nproc) -# Create debian package -RUN checkinstall -D --install=no --fstrans=no --backup=no --pakdir=/tmp --nodoc - -#################### -# 09-pg-safeupdate.yml -#################### -FROM ccache as pg-safeupdate-source -# Download and extract -ARG pg_safeupdate_release -ARG pg_safeupdate_release_checksum -ADD --checksum=${pg_safeupdate_release_checksum} \ - "https://github.com/eradman/pg-safeupdate/archive/refs/tags/${pg_safeupdate_release}.tar.gz" \ - /tmp/pg-safeupdate.tar.gz -RUN tar -xvf /tmp/pg-safeupdate.tar.gz -C /tmp && \ - rm -rf /tmp/pg-safeupdate.tar.gz -# Build from source -WORKDIR /tmp/pg-safeupdate-${pg_safeupdate_release} -RUN --mount=type=cache,target=/ccache,from=public.ecr.aws/supabase/postgres:ccache \ - make -j$(nproc) -# Create debian package -RUN checkinstall -D --install=no --fstrans=no --backup=no --pakdir=/tmp --nodoc - -#################### -# 10-timescaledb.yml -#################### -FROM ccache as timescaledb-source -# Download and extract -ARG timescaledb_release -ARG timescaledb_release_checksum -ADD --checksum=${timescaledb_release_checksum} \ - "https://github.com/timescale/timescaledb/archive/refs/tags/${timescaledb_release}.tar.gz" \ - /tmp/timescaledb.tar.gz -RUN tar -xvf /tmp/timescaledb.tar.gz -C /tmp && \ - rm -rf /tmp/timescaledb.tar.gz -# Build from source -WORKDIR /tmp/timescaledb-${timescaledb_release}/build -RUN cmake -DAPACHE_ONLY=1 .. -RUN --mount=type=cache,target=/ccache,from=public.ecr.aws/supabase/postgres:ccache \ - make -j$(nproc) -# Create debian package -RUN checkinstall -D --install=no --fstrans=no --backup=no --pakdir=/tmp --pkgname=timescaledb --pkgversion=${timescaledb_release} --nodoc - -#################### -# 11-wal2json.yml -#################### -FROM ccache as wal2json-source -# Download and extract -ARG wal2json_release -ARG wal2json_release_checksum -ADD --checksum=${wal2json_release_checksum} \ - "https://github.com/eulerto/wal2json/archive/refs/tags/wal2json_${wal2json_release}.tar.gz" \ - /tmp/wal2json.tar.gz -RUN tar -xvf /tmp/wal2json.tar.gz -C /tmp --one-top-level --strip-components 1 && \ - rm -rf /tmp/wal2json.tar.gz -# Build from source -WORKDIR /tmp/wal2json -RUN --mount=type=cache,target=/ccache,from=public.ecr.aws/supabase/postgres:ccache \ - make -j$(nproc) -# Create debian package -ENV version=${wal2json_release} -RUN checkinstall -D --install=no --fstrans=no --backup=no --pakdir=/tmp --pkgversion="\${version/_/.}" --nodoc - -#################### -# 12-pljava.yml -#################### -FROM builder as pljava-source -# Download and extract -# TODO: revert to using main repo after PG15 support is merged: https://github.com/tada/pljava/pull/413 -ARG pljava_release=master -ARG pljava_release_checksum=sha256:e99b1c52f7b57f64c8986fe6ea4a6cc09d78e779c1643db060d0ac66c93be8b6 -ADD --checksum=${pljava_release_checksum} \ - "https://github.com/supabase/pljava/archive/refs/heads/${pljava_release}.tar.gz" \ - /tmp/pljava.tar.gz -RUN tar -xvf /tmp/pljava.tar.gz -C /tmp && \ - rm -rf /tmp/pljava.tar.gz -# Install build dependencies -RUN apt-get update && apt-get install -y --no-install-recommends \ - maven \ - default-jdk \ - libssl-dev \ - libkrb5-dev \ - && rm -rf /var/lib/apt/lists/* -# Build from source -WORKDIR /tmp/pljava-${pljava_release} -RUN mvn -T 1C clean install -Dmaven.test.skip -DskipTests -Dmaven.javadoc.skip=true -# Create debian package -RUN cp pljava-packaging/target/pljava-pg${postgresql_major}.jar /tmp/ - -FROM base as pljava -# Download pre-built packages -RUN apt-get update && apt-get install -y --no-install-recommends --download-only \ - default-jdk-headless \ - postgresql-${postgresql_major}-pljava \ - && rm -rf /var/lib/apt/lists/* -RUN mv /var/cache/apt/archives/*.deb /tmp/ - -#################### -# 13-plv8.yml -#################### -FROM ccache as plv8-source -# Download and extract -ARG plv8_release -ARG plv8_release_checksum -ADD --checksum=${plv8_release_checksum} \ - "https://github.com/supabase/plv8/archive/refs/tags/v${plv8_release}.tar.gz" \ - /tmp/plv8.tar.gz -RUN tar -xvf /tmp/plv8.tar.gz -C /tmp && \ - rm -rf /tmp/plv8.tar.gz -# Install build dependencies -RUN apt-get update && apt-get install -y --no-install-recommends \ - ca-certificates \ - pkg-config \ - ninja-build \ - git \ - libtinfo5 \ - libstdc++-10-dev \ - && rm -rf /var/lib/apt/lists/* -# Build from source -WORKDIR /tmp/plv8-${plv8_release} -ENV DOCKER=1 -RUN --mount=type=cache,target=/ccache,from=public.ecr.aws/supabase/postgres:ccache \ - make -# Create debian package -RUN checkinstall -D --install=no --fstrans=no --backup=no --pakdir=/tmp --nodoc - -FROM scratch as plv8-deb -COPY --from=plv8-source /tmp/*.deb /tmp/ - -FROM ghcr.io/supabase/plv8:${plv8_release}-pg${postgresql_major} as plv8 - -#################### -# 14-pg_plan_filter.yml -#################### -FROM ccache as pg_plan_filter-source -# Download and extract -ARG pg_plan_filter_release -ADD "https://github.com/pgexperts/pg_plan_filter.git#${pg_plan_filter_release}" \ - /tmp/pg_plan_filter-${pg_plan_filter_release} -# Build from source -WORKDIR /tmp/pg_plan_filter-${pg_plan_filter_release} -RUN --mount=type=cache,target=/ccache,from=public.ecr.aws/supabase/postgres:ccache \ - make -j$(nproc) -# Create debian package -RUN checkinstall -D --install=no --fstrans=no --backup=no --pakdir=/tmp --pkgversion=1 --nodoc - -#################### -# 15-pg_net.yml -#################### -FROM ccache as pg_net-source -# Download and extract -ARG pg_net_release -ARG pg_net_release_checksum -ADD --checksum=${pg_net_release_checksum} \ - "https://github.com/supabase/pg_net/archive/refs/tags/v${pg_net_release}.tar.gz" \ - /tmp/pg_net.tar.gz -RUN tar -xvf /tmp/pg_net.tar.gz -C /tmp && \ - rm -rf /tmp/pg_net.tar.gz -# Install build dependencies -RUN apt-get update && apt-get install -y --no-install-recommends \ - libcurl4-gnutls-dev \ - && rm -rf /var/lib/apt/lists/* -# Build from source -WORKDIR /tmp/pg_net-${pg_net_release} -RUN --mount=type=cache,target=/ccache,from=public.ecr.aws/supabase/postgres:ccache \ - make -j$(nproc) -# Create debian package -RUN checkinstall -D --install=no --fstrans=no --backup=no --pakdir=/tmp --requires=libcurl3-gnutls --nodoc - -#################### -# 16-rum.yml -#################### -FROM ccache as rum-source -# Download and extract -ARG rum_release -ARG rum_release_checksum -ADD --checksum=${rum_release_checksum} \ - "https://github.com/postgrespro/rum/archive/refs/tags/${rum_release}.tar.gz" \ - /tmp/rum.tar.gz -RUN tar -xvf /tmp/rum.tar.gz -C /tmp && \ - rm -rf /tmp/rum.tar.gz -# Install build dependencies -RUN apt-get update && apt-get install -y --no-install-recommends \ - systemtap-sdt-dev \ - && rm -rf /var/lib/apt/lists/* -# Build from source -WORKDIR /tmp/rum-${rum_release} -ENV USE_PGXS=1 -RUN --mount=type=cache,target=/ccache,from=public.ecr.aws/supabase/postgres:ccache \ - make -j$(nproc) -# Create debian package -RUN checkinstall -D --install=no --fstrans=no --backup=no --pakdir=/tmp --nodoc - -#################### -# 17-pg_hashids.yml -#################### -FROM ccache as pg_hashids-source -# Download and extract -ARG pg_hashids_release -ADD "https://github.com/iCyberon/pg_hashids.git#${pg_hashids_release}" \ - /tmp/pg_hashids-${pg_hashids_release} -# Build from source -WORKDIR /tmp/pg_hashids-${pg_hashids_release} -RUN make -j$(nproc) -# Create debian package -RUN checkinstall -D --install=no --fstrans=no --backup=no --pakdir=/tmp --pkgversion=1 --nodoc - -#################### -# 18-pgsodium.yml -#################### -FROM ccache as libsodium -# Download and extract -ARG libsodium_release -ARG libsodium_release_checksum -ADD --checksum=${libsodium_release_checksum} \ - "https://supabase-public-artifacts-bucket.s3.amazonaws.com/libsodium/libsodium-${libsodium_release}.tar.gz" \ - /tmp/libsodium.tar.gz -RUN tar -xvf /tmp/libsodium.tar.gz -C /tmp && \ - rm -rf /tmp/libsodium.tar.gz -# Build from source -WORKDIR /tmp/libsodium-${libsodium_release} -RUN ./configure -RUN --mount=type=cache,target=/ccache,from=public.ecr.aws/supabase/postgres:ccache \ - make -j$(nproc) -RUN make install - -FROM libsodium as pgsodium-source -# Download and extract -ARG pgsodium_release -ARG pgsodium_release_checksum -ADD --checksum=${pgsodium_release_checksum} \ - "https://github.com/michelp/pgsodium/archive/refs/tags/v${pgsodium_release}.tar.gz" \ - /tmp/pgsodium.tar.gz -RUN tar -xvf /tmp/pgsodium.tar.gz -C /tmp && \ - rm -rf /tmp/pgsodium.tar.gz -# Build from source -WORKDIR /tmp/pgsodium-${pgsodium_release} -RUN --mount=type=cache,target=/ccache,from=public.ecr.aws/supabase/postgres:ccache \ - make -j$(nproc) -# Create debian package -RUN checkinstall -D --install=no --fstrans=no --backup=no --pakdir=/tmp --requires=libsodium23 --nodoc - -#################### -# 19-pg_graphql.yml -#################### -FROM base as pg_graphql -# Download package archive -ARG pg_graphql_release -ADD "https://github.com/supabase/pg_graphql/releases/download/v${pg_graphql_release}/pg_graphql-v${pg_graphql_release}-pg${postgresql_major}-${TARGETARCH}-linux-gnu.deb" \ - /tmp/pg_graphql.deb - -#################### -# 20-pg_stat_monitor.yml -#################### -FROM ccache as pg_stat_monitor-source -# Download and extract -ARG pg_stat_monitor_release -ARG pg_stat_monitor_release_checksum -ADD --checksum=${pg_stat_monitor_release_checksum} \ - "https://github.com/percona/pg_stat_monitor/archive/refs/tags/${pg_stat_monitor_release}.tar.gz" \ - /tmp/pg_stat_monitor.tar.gz -RUN tar -xvf /tmp/pg_stat_monitor.tar.gz -C /tmp && \ - rm -rf /tmp/pg_stat_monitor.tar.gz -# Build from source -WORKDIR /tmp/pg_stat_monitor-${pg_stat_monitor_release} -ENV USE_PGXS=1 -RUN --mount=type=cache,target=/ccache,from=public.ecr.aws/supabase/postgres:ccache \ - make -j$(nproc) -# Create debian package -RUN checkinstall -D --install=no --fstrans=no --backup=no --pakdir=/tmp --nodoc - -#################### -# 22-pg_jsonschema.yml -#################### -FROM base as pg_jsonschema -# Download package archive -ARG pg_jsonschema_release -ADD "https://github.com/supabase/pg_jsonschema/releases/download/v${pg_jsonschema_release}/pg_jsonschema-v${pg_jsonschema_release}-pg${postgresql_major}-${TARGETARCH}-linux-gnu.deb" \ - /tmp/pg_jsonschema.deb - -#################### -# 23-vault.yml -#################### -FROM builder as vault-source -# Download and extract -ARG vault_release -ARG vault_release_checksum -ADD --checksum=${vault_release_checksum} \ - "https://github.com/supabase/vault/archive/refs/tags/v${vault_release}.tar.gz" \ - /tmp/vault.tar.gz -RUN tar -xvf /tmp/vault.tar.gz -C /tmp && \ - rm -rf /tmp/vault.tar.gz -# Build from source -WORKDIR /tmp/vault-${vault_release} -RUN make -j$(nproc) -# Create debian package -RUN checkinstall -D --install=no --fstrans=no --backup=no --pakdir=/tmp --nodoc - -#################### -# 24-pgroonga.yml -#################### -FROM ccache as groonga -# Download and extract -ARG groonga_release -ARG groonga_release_checksum -ADD --checksum=${groonga_release_checksum} \ - "https://packages.groonga.org/source/groonga/groonga-${groonga_release}.tar.gz" \ - /tmp/groonga.tar.gz -RUN tar -xvf /tmp/groonga.tar.gz -C /tmp && \ - rm -rf /tmp/groonga.tar.gz -# Install build dependencies -RUN apt-get update && apt-get install -y --no-install-recommends \ - zlib1g-dev \ - liblz4-dev \ - libzstd-dev \ - libmsgpack-dev \ - libzmq3-dev \ - libevent-dev \ - libmecab-dev \ - rapidjson-dev \ - pkg-config \ - && rm -rf /var/lib/apt/lists/* -# Build from source -WORKDIR /tmp/groonga-${groonga_release} -RUN ./configure -RUN --mount=type=cache,target=/ccache,from=public.ecr.aws/supabase/postgres:ccache \ - make -j$(nproc) -# Create debian package -RUN checkinstall -D --install=yes --fstrans=no --backup=no --pakdir=/tmp --requires=zlib1g,liblz4-1,libzstd1,libmsgpackc2,libzmq5,libevent-2.1-7,libmecab2 --nodoc - -FROM groonga as pgroonga-source -# Download and extract -ARG pgroonga_release -ARG pgroonga_release_checksum -ADD --checksum=${pgroonga_release_checksum} \ - "https://packages.groonga.org/source/pgroonga/pgroonga-${pgroonga_release}.tar.gz" \ - /tmp/pgroonga.tar.gz -RUN tar -xvf /tmp/pgroonga.tar.gz -C /tmp && \ - rm -rf /tmp/pgroonga.tar.gz -# Build from source -WORKDIR /tmp/pgroonga-${pgroonga_release} -RUN --mount=type=cache,target=/ccache,from=public.ecr.aws/supabase/postgres:ccache \ - make -j$(nproc) -# Create debian package -RUN checkinstall -D --install=no --fstrans=no --backup=no --pakdir=/tmp --requires=mecab-naist-jdic --nodoc - -FROM scratch as pgroonga-deb -COPY --from=pgroonga-source /tmp/*.deb /tmp/ - -FROM base as pgroonga -# Latest available is 3.0.3 -ARG pgroonga_release -# Download pre-built packages -ADD "https://packages.groonga.org/ubuntu/groonga-apt-source-latest-focal.deb" /tmp/source.deb -RUN apt-get update && apt-get install -y --no-install-recommends \ - ca-certificates \ - /tmp/source.deb \ - && rm -rf /var/lib/apt/lists/* -RUN rm /tmp/source.deb -RUN apt-get update && apt-get install -y --no-install-recommends --download-only \ - postgresql-${postgresql_major}-pgdg-pgroonga=${pgroonga_release}-1 \ - && rm -rf /var/lib/apt/lists/* -RUN mv /var/cache/apt/archives/*.deb /tmp/ - -#################### -# 25-wrappers.yml -#################### -FROM base as wrappers -# Download package archive -ARG wrappers_release -ADD "https://github.com/supabase/wrappers/releases/download/v${wrappers_release}/wrappers-v${wrappers_release}-pg${postgresql_major}-${TARGETARCH}-linux-gnu.deb" \ - /tmp/wrappers.deb - -#################### -# 26-hypopg.yml -#################### -FROM ccache as hypopg-source -# Download and extract -ARG hypopg_release -ARG hypopg_release_checksum -ADD --checksum=${hypopg_release_checksum} \ - "https://github.com/HypoPG/hypopg/archive/refs/tags/${hypopg_release}.tar.gz" \ - /tmp/hypopg.tar.gz -RUN tar -xvf /tmp/hypopg.tar.gz -C /tmp && \ - rm -rf /tmp/hypopg.tar.gz -# Build from source -WORKDIR /tmp/hypopg-${hypopg_release} -RUN --mount=type=cache,target=/ccache,from=public.ecr.aws/supabase/postgres:ccache \ - make -j$(nproc) -# Create debian package -RUN checkinstall -D --install=no --fstrans=no --backup=no --pakdir=/tmp --nodoc - -#################### - # 27-pg_repack.yml - #################### - FROM ccache as pg_repack-source - ARG pg_repack_release - ARG pg_repack_release_checksum - ADD --checksum=${pg_repack_release_checksum} \ - "https://github.com/reorg/pg_repack/archive/refs/tags/ver_${pg_repack_release}.tar.gz" \ - /tmp/pg_repack.tar.gz - RUN tar -xvf /tmp/pg_repack.tar.gz -C /tmp && \ - rm -rf /tmp/pg_repack.tar.gz - # Install build dependencies - RUN apt-get update && apt-get install -y --no-install-recommends \ - liblz4-dev \ - libz-dev \ - libzstd-dev \ - libreadline-dev \ - && rm -rf /var/lib/apt/lists/* - # Build from source - WORKDIR /tmp/pg_repack-ver_${pg_repack_release} - ENV USE_PGXS=1 - RUN --mount=type=cache,target=/ccache,from=public.ecr.aws/supabase/postgres:ccache \ - make -j$(nproc) - # Create debian package - RUN checkinstall -D --install=no --fstrans=no --backup=no --pakdir=/tmp --pkgversion=${pg_repack_release} --nodoc - -#################### -# 28-pgvector.yml -#################### -FROM ccache as pgvector-source -ARG pgvector_release -ARG pgvector_release_checksum -ADD --checksum=${pgvector_release_checksum} \ - "https://github.com/pgvector/pgvector/archive/refs/tags/v${pgvector_release}.tar.gz" \ - /tmp/pgvector.tar.gz -RUN tar -xvf /tmp/pgvector.tar.gz -C /tmp && \ - rm -rf /tmp/pgvector.tar.gz -# Build from source -WORKDIR /tmp/pgvector-${pgvector_release} -RUN --mount=type=cache,target=/ccache,from=public.ecr.aws/supabase/postgres:ccache \ - make -j$(nproc) -# Create debian package -RUN checkinstall -D --install=no --fstrans=no --backup=no --pakdir=/tmp --nodoc - -#################### -# 29-pg_tle.yml -#################### -FROM ccache as pg_tle-source -ARG pg_tle_release -ARG pg_tle_release_checksum -ADD --checksum=${pg_tle_release_checksum} \ - "https://github.com/aws/pg_tle/archive/refs/tags/v${pg_tle_release}.tar.gz" \ - /tmp/pg_tle.tar.gz -RUN tar -xvf /tmp/pg_tle.tar.gz -C /tmp && \ - rm -rf /tmp/pg_tle.tar.gz -RUN apt-get update && apt-get install -y --no-install-recommends \ - flex \ - libkrb5-dev \ - && rm -rf /var/lib/apt/lists/* -# Build from source -WORKDIR /tmp/pg_tle-${pg_tle_release} -RUN --mount=type=cache,target=/ccache,from=public.ecr.aws/supabase/postgres:ccache \ - make -j$(nproc) -# Create debian package -RUN checkinstall -D --install=no --fstrans=no --backup=no --pakdir=/tmp --nodoc - -###################### -# 30-index_advisor.yml -###################### -FROM ccache as index_advisor -ARG index_advisor_release -ARG index_advisor_release_checksum -ADD --checksum=${index_advisor_release_checksum} \ - "https://github.com/olirice/index_advisor/archive/refs/tags/v${index_advisor_release}.tar.gz" \ - /tmp/index_advisor.tar.gz -RUN tar -xvf /tmp/index_advisor.tar.gz -C /tmp && \ - rm -rf /tmp/index_advisor.tar.gz -# Build from source -WORKDIR /tmp/index_advisor-${index_advisor_release} -RUN --mount=type=cache,target=/ccache,from=public.ecr.aws/supabase/postgres:ccache \ - make -j$(nproc) -# Create debian package -RUN checkinstall -D --install=no --fstrans=no --backup=no --pakdir=/tmp --nodoc - -#################### -# internal/supautils.yml -#################### -FROM base as supautils -# Download package archive -ARG supautils_release -# Define checksums for different architectures -ARG supautils_release_arm64_deb_checksum -ARG supautils_release_amd64_deb_checksum - -RUN apt-get update && apt-get install -y curl && rm -rf /var/lib/apt/lists/* - -# Set up a script to download the correct package -RUN echo '#!/bin/sh' > /tmp/download_supautils.sh && \ - echo 'set -e' >> /tmp/download_supautils.sh && \ - echo 'if [ "$TARGETARCH" = "amd64" ]; then' >> /tmp/download_supautils.sh && \ - echo ' CHECKSUM="${supautils_release_amd64_deb_checksum}"' >> /tmp/download_supautils.sh && \ - echo ' ARCH="amd64"' >> /tmp/download_supautils.sh && \ - echo 'elif [ "$TARGETARCH" = "arm64" ]; then' >> /tmp/download_supautils.sh && \ - echo ' CHECKSUM="${supautils_release_arm64_deb_checksum}"' >> /tmp/download_supautils.sh && \ - echo ' ARCH="arm64"' >> /tmp/download_supautils.sh && \ - echo 'else' >> /tmp/download_supautils.sh && \ - echo ' echo "Unsupported architecture: $TARGETARCH" >&2' >> /tmp/download_supautils.sh && \ - echo ' exit 1' >> /tmp/download_supautils.sh && \ - echo 'fi' >> /tmp/download_supautils.sh && \ - echo 'CHECKSUM=$(echo $CHECKSUM | sed "s/^sha256://")' >> /tmp/download_supautils.sh && \ - echo 'curl -fsSL -o /tmp/supautils.deb \\' >> /tmp/download_supautils.sh && \ - echo ' "https://github.com/supabase/supautils/releases/download/v${supautils_release}/supautils-v${supautils_release}-pg${postgresql_major}-$ARCH-linux-gnu.deb"' >> /tmp/download_supautils.sh && \ - echo 'echo "$CHECKSUM /tmp/supautils.deb" | sha256sum -c -' >> /tmp/download_supautils.sh && \ - chmod +x /tmp/download_supautils.sh - -# Run the script to download and verify the package -RUN /tmp/download_supautils.sh && rm /tmp/download_supautils.sh - -#################### -# setup-wal-g.yml -#################### -FROM base as walg -ARG wal_g_release -# ADD "https://github.com/wal-g/wal-g/releases/download/v${wal_g_release}/wal-g-pg-ubuntu-20.04-${TARGETARCH}.tar.gz" /tmp/wal-g.tar.gz -RUN arch=$([ "$TARGETARCH" = "arm64" ] && echo "aarch64" || echo "$TARGETARCH") && \ - apt-get update && apt-get install -y --no-install-recommends curl && \ - curl -kL "https://github.com/wal-g/wal-g/releases/download/v${wal_g_release}/wal-g-pg-ubuntu-20.04-${arch}.tar.gz" -o /tmp/wal-g.tar.gz && \ - tar -xvf /tmp/wal-g.tar.gz -C /tmp && \ - rm -rf /tmp/wal-g.tar.gz && \ - mv /tmp/wal-g-pg-ubuntu*20.04-$arch /tmp/wal-g - -#################### -# Collect extension packages -#################### -FROM scratch as extensions -COPY --from=postgis-source /tmp/*.deb /tmp/ -COPY --from=pgrouting-source /tmp/*.deb /tmp/ -COPY --from=pgtap-source /tmp/*.deb /tmp/ -COPY --from=pg_cron-source /tmp/*.deb /tmp/ -COPY --from=pgaudit-source /tmp/*.deb /tmp/ -COPY --from=pgjwt-source /tmp/*.deb /tmp/ -COPY --from=pgsql-http-source /tmp/*.deb /tmp/ -COPY --from=plpgsql_check-source /tmp/*.deb /tmp/ -COPY --from=pg-safeupdate-source /tmp/*.deb /tmp/ -COPY --from=timescaledb-source /tmp/*.deb /tmp/ -COPY --from=wal2json-source /tmp/*.deb /tmp/ -# COPY --from=pljava /tmp/*.deb /tmp/ -COPY --from=plv8 /tmp/*.deb /tmp/ -COPY --from=pg_plan_filter-source /tmp/*.deb /tmp/ -COPY --from=pg_net-source /tmp/*.deb /tmp/ -COPY --from=rum-source /tmp/*.deb /tmp/ -COPY --from=pgsodium-source /tmp/*.deb /tmp/ -COPY --from=pg_hashids-source /tmp/*.deb /tmp/ -COPY --from=pg_graphql /tmp/*.deb /tmp/ -COPY --from=pg_stat_monitor-source /tmp/*.deb /tmp/ -COPY --from=pg_jsonschema /tmp/*.deb /tmp/ -COPY --from=vault-source /tmp/*.deb /tmp/ -COPY --from=pgroonga-source /tmp/*.deb /tmp/ -COPY --from=wrappers /tmp/*.deb /tmp/ -COPY --from=hypopg-source /tmp/*.deb /tmp/ -COPY --from=pg_repack-source /tmp/*.deb /tmp/ -COPY --from=pgvector-source /tmp/*.deb /tmp/ -COPY --from=pg_tle-source /tmp/*.deb /tmp/ -COPY --from=index_advisor /tmp/*.deb /tmp/ -COPY --from=supautils /tmp/*.deb /tmp/ - -#################### -# Download gosu for easy step-down from root -#################### -FROM ubuntu:focal as gosu -ARG TARGETARCH -# Install dependencies -RUN apt-get update && apt-get install -y --no-install-recommends \ - gnupg \ - ca-certificates \ - && rm -rf /var/lib/apt/lists/* -# Download binary -ARG GOSU_VERSION=1.16 -ARG GOSU_GPG_KEY=B42F6819007F00F88E364FD4036A9C25BF357DD4 -ADD https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$TARGETARCH \ - /usr/local/bin/gosu -ADD https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$TARGETARCH.asc \ - /usr/local/bin/gosu.asc -# Verify checksum -RUN gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys $GOSU_GPG_KEY && \ - gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu && \ - gpgconf --kill all && \ - chmod +x /usr/local/bin/gosu - -#################### -# Build final image -#################### -FROM base as production - -# Setup extensions -COPY --from=extensions /tmp /tmp -COPY --from=walg /tmp/wal-g /usr/local/bin/ - -ENV DEBIAN_FRONTEND=noninteractive -RUN apt-get update && apt-get install -y --no-install-recommends \ - /tmp/*.deb \ - # Needed for anything using libcurl - # https://github.com/supabase/postgres/issues/573 - ca-certificates \ - && rm -rf /var/lib/apt/lists/* /tmp/* - -# Initialise configs -COPY --chown=postgres:postgres ansible/files/postgresql_config/postgresql.conf.j2 /etc/postgresql/postgresql.conf -COPY --chown=postgres:postgres ansible/files/postgresql_config/pg_hba.conf.j2 /etc/postgresql/pg_hba.conf -COPY --chown=postgres:postgres ansible/files/postgresql_config/pg_ident.conf.j2 /etc/postgresql/pg_ident.conf -COPY --chown=postgres:postgres ansible/files/postgresql_config/postgresql-stdout-log.conf /etc/postgresql/logging.conf -COPY --chown=postgres:postgres ansible/files/postgresql_config/supautils.conf.j2 /etc/postgresql-custom/supautils.conf -COPY --chown=postgres:postgres ansible/files/postgresql_extension_custom_scripts /etc/postgresql-custom/extension-custom-scripts -COPY --chown=postgres:postgres ansible/files/pgsodium_getkey_urandom.sh.j2 /usr/lib/postgresql/${postgresql_major}/bin/pgsodium_getkey.sh -COPY --chown=postgres:postgres ansible/files/postgresql_config/custom_read_replica.conf.j2 /etc/postgresql-custom/read-replica.conf -COPY --chown=postgres:postgres ansible/files/postgresql_config/custom_walg.conf.j2 /etc/postgresql-custom/wal-g.conf -COPY --chown=postgres:postgres ansible/files/walg_helper_scripts/wal_fetch.sh /home/postgres/wal_fetch.sh -COPY ansible/files/walg_helper_scripts/wal_change_ownership.sh /root/wal_change_ownership.sh - -RUN sed -i \ - -e "s|#unix_socket_directories = '/tmp'|unix_socket_directories = '/var/run/postgresql'|g" \ - -e "s|#session_preload_libraries = ''|session_preload_libraries = 'supautils'|g" \ - -e "s|#include = '/etc/postgresql-custom/supautils.conf'|include = '/etc/postgresql-custom/supautils.conf'|g" \ - -e "s|#include = '/etc/postgresql-custom/wal-g.conf'|include = '/etc/postgresql-custom/wal-g.conf'|g" /etc/postgresql/postgresql.conf && \ - echo "pljava.libjvm_location = '/usr/lib/jvm/java-11-openjdk-${TARGETARCH}/lib/server/libjvm.so'" >> /etc/postgresql/postgresql.conf && \ - echo "pgsodium.getkey_script= '/usr/lib/postgresql/${postgresql_major}/bin/pgsodium_getkey.sh'" >> /etc/postgresql/postgresql.conf && \ - useradd --create-home --shell /bin/bash wal-g -G postgres && \ - mkdir -p /etc/postgresql-custom && \ - chown postgres:postgres /etc/postgresql-custom - -# Include schema migrations -COPY migrations/db /docker-entrypoint-initdb.d/ -COPY ansible/files/pgbouncer_config/pgbouncer_auth_schema.sql /docker-entrypoint-initdb.d/init-scripts/00-schema.sql -COPY ansible/files/stat_extension.sql /docker-entrypoint-initdb.d/migrations/00-extension.sql - -# Add upstream entrypoint script -COPY --from=gosu /usr/local/bin/gosu /usr/local/bin/gosu -ADD --chmod=0755 \ - https://github.com/docker-library/postgres/raw/master/15/bullseye/docker-entrypoint.sh \ - /usr/local/bin/ -ENTRYPOINT ["docker-entrypoint.sh"] - -HEALTHCHECK --interval=2s --timeout=2s --retries=10 CMD pg_isready -U postgres -h localhost -STOPSIGNAL SIGINT -EXPOSE 5432 - -ENV POSTGRES_HOST=/var/run/postgresql -CMD ["postgres", "-D", "/etc/postgresql"] - -#################### -# Update build cache -#################### -FROM ccache as stats -COPY --from=extensions /tmp/*.deb /dev/null -# Additional packages that are separately built from source -# COPY --from=plv8-deb /tmp/*.deb /dev/null -# Cache mount is only populated by docker build --no-cache -RUN --mount=type=cache,target=/ccache,from=public.ecr.aws/supabase/postgres:ccache \ - ccache -s && \ - cp -r /ccache/* /tmp -FROM scratch as buildcache -COPY --from=stats /tmp / diff --git a/Dockerfile-158 b/Dockerfile-158 deleted file mode 100644 index 52c4e5af3..000000000 --- a/Dockerfile-158 +++ /dev/null @@ -1,221 +0,0 @@ -# syntax=docker/dockerfile:1.6 -ARG postgresql_major=15 -ARG postgresql_release=${postgresql_major}.1 - -# Bump default build arg to build a package from source -# Bump vars.yml to specify runtime package version -ARG sfcgal_release=1.3.10 -ARG postgis_release=3.3.2 -ARG pgrouting_release=3.4.1 -ARG pgtap_release=1.2.0 -ARG pg_cron_release=1.6.2 -ARG pgaudit_release=1.7.0 -ARG pgjwt_release=9742dab1b2f297ad3811120db7b21451bca2d3c9 -ARG pgsql_http_release=1.5.0 -ARG plpgsql_check_release=2.2.5 -ARG pg_safeupdate_release=1.4 -ARG timescaledb_release=2.9.1 -ARG wal2json_release=2_5 -ARG pljava_release=1.6.4 -ARG plv8_release=3.1.5 -ARG pg_plan_filter_release=5081a7b5cb890876e67d8e7486b6a64c38c9a492 -ARG pg_net_release=0.7.1 -ARG rum_release=1.3.13 -ARG pg_hashids_release=cd0e1b31d52b394a0df64079406a14a4f7387cd6 -ARG libsodium_release=1.0.18 -ARG pgsodium_release=3.1.6 -ARG pg_graphql_release=1.5.1 -ARG pg_stat_monitor_release=1.1.1 -ARG pg_jsonschema_release=0.1.4 -ARG pg_repack_release=1.4.8 -ARG vault_release=0.2.8 -ARG groonga_release=12.0.8 -ARG pgroonga_release=2.4.0 -ARG wrappers_release=0.3.0 -ARG hypopg_release=1.3.1 -ARG pgvector_release=0.4.0 -ARG pg_tle_release=1.3.2 -ARG index_advisor_release=0.2.0 -ARG supautils_release=2.2.0 -ARG wal_g_release=2.0.1 - -FROM ubuntu:focal as base - -RUN apt update -y && apt install -y \ - curl \ - gnupg \ - lsb-release \ - software-properties-common \ - wget \ - sudo \ - && apt clean - - -RUN adduser --system --home /var/lib/postgresql --no-create-home --shell /bin/bash --group --gecos "PostgreSQL administrator" postgres -RUN adduser --system --no-create-home --shell /bin/bash --group wal-g -RUN curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install linux \ ---init none \ ---no-confirm \ ---extra-conf "substituters = https://cache.nixos.org https://nix-postgres-artifacts.s3.amazonaws.com" \ ---extra-conf "trusted-public-keys = nix-postgres-artifacts:dGZlQOvKcNEjvT7QEAJbcV6b6uk7VF/hWMjhYleiaLI=% cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" - -ENV PATH="${PATH}:/nix/var/nix/profiles/default/bin" - -COPY . /nixpg - -WORKDIR /nixpg - -RUN nix profile install .#psql_15/bin - - - -WORKDIR / - - -RUN mkdir -p /usr/lib/postgresql/bin \ - /usr/lib/postgresql/share/postgresql \ - /usr/share/postgresql \ - /var/lib/postgresql \ - && chown -R postgres:postgres /usr/lib/postgresql \ - && chown -R postgres:postgres /var/lib/postgresql \ - && chown -R postgres:postgres /usr/share/postgresql - -# Create symbolic links -RUN ln -s /nix/var/nix/profiles/default/bin/* /usr/lib/postgresql/bin/ \ - && ln -s /nix/var/nix/profiles/default/bin/* /usr/bin/ \ - && chown -R postgres:postgres /usr/bin - -# Create symbolic links for PostgreSQL shares -RUN ln -s /nix/var/nix/profiles/default/share/postgresql/* /usr/lib/postgresql/share/postgresql/ -RUN ln -s /nix/var/nix/profiles/default/share/postgresql/* /usr/share/postgresql/ -RUN chown -R postgres:postgres /usr/lib/postgresql/share/postgresql/ -RUN chown -R postgres:postgres /usr/share/postgresql/ -# Create symbolic links for contrib directory -RUN mkdir -p /usr/lib/postgresql/share/postgresql/contrib \ - && find /nix/var/nix/profiles/default/share/postgresql/contrib/ -mindepth 1 -type d -exec sh -c 'for dir do ln -s "$dir" "/usr/lib/postgresql/share/postgresql/contrib/$(basename "$dir")"; done' sh {} + \ - && chown -R postgres:postgres /usr/lib/postgresql/share/postgresql/contrib/ - -RUN chown -R postgres:postgres /usr/lib/postgresql - -RUN ln -sf /usr/lib/postgresql/share/postgresql/timezonesets /usr/share/postgresql/timezonesets - - -RUN apt-get update && \ - apt-get install -y --no-install-recommends tzdata - -RUN ln -fs /usr/share/zoneinfo/Etc/UTC /etc/localtime && \ - dpkg-reconfigure --frontend noninteractive tzdata - -RUN apt-get update && \ - apt-get install -y --no-install-recommends \ - build-essential \ - checkinstall \ - cmake - -ENV PGDATA=/var/lib/postgresql/data - -#################### -# setup-wal-g.yml -#################### -FROM base as walg -ARG wal_g_release -# ADD "https://github.com/wal-g/wal-g/releases/download/v${wal_g_release}/wal-g-pg-ubuntu-20.04-${TARGETARCH}.tar.gz" /tmp/wal-g.tar.gz -RUN arch=$([ "$TARGETARCH" = "arm64" ] && echo "aarch64" || echo "$TARGETARCH") && \ - apt-get update && apt-get install -y --no-install-recommends curl && \ - curl -kL "https://github.com/wal-g/wal-g/releases/download/v${wal_g_release}/wal-g-pg-ubuntu-20.04-aarch64.tar.gz" -o /tmp/wal-g.tar.gz && \ - tar -xvf /tmp/wal-g.tar.gz -C /tmp && \ - rm -rf /tmp/wal-g.tar.gz && \ - mv /tmp/wal-g-pg-ubuntu*20.04-aarch64 /tmp/wal-g - -# #################### -# # Download gosu for easy step-down from root -# #################### -FROM base as gosu -ARG TARGETARCH -# Install dependencies -RUN apt-get update && apt-get install -y --no-install-recommends \ - gnupg \ - ca-certificates \ - && rm -rf /var/lib/apt/lists/* -# Download binary -ARG GOSU_VERSION=1.16 -ARG GOSU_GPG_KEY=B42F6819007F00F88E364FD4036A9C25BF357DD4 -ADD https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$TARGETARCH \ - /usr/local/bin/gosu -ADD https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$TARGETARCH.asc \ - /usr/local/bin/gosu.asc -# Verify checksum -RUN gpg --batch --keyserver hkps://keys.openpgp.org --recv-keys $GOSU_GPG_KEY && \ - gpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu && \ - gpgconf --kill all && \ - chmod +x /usr/local/bin/gosu - -# #################### -# # Build final image -# #################### -FROM gosu as production -RUN id postgres || (echo "postgres user does not exist" && exit 1) -# # Setup extensions -COPY --from=walg /tmp/wal-g /usr/local/bin/ - -# # Initialise configs -COPY --chown=postgres:postgres ansible/files/postgresql_config/postgresql.conf.j2 /etc/postgresql/postgresql.conf -COPY --chown=postgres:postgres ansible/files/postgresql_config/pg_hba.conf.j2 /etc/postgresql/pg_hba.conf -COPY --chown=postgres:postgres ansible/files/postgresql_config/pg_ident.conf.j2 /etc/postgresql/pg_ident.conf -COPY --chown=postgres:postgres ansible/files/postgresql_config/postgresql-stdout-log.conf /etc/postgresql/logging.conf -COPY --chown=postgres:postgres ansible/files/postgresql_config/supautils.conf.j2 /etc/postgresql-custom/supautils.conf -COPY --chown=postgres:postgres ansible/files/postgresql_extension_custom_scripts /etc/postgresql-custom/extension-custom-scripts -COPY --chown=postgres:postgres ansible/files/pgsodium_getkey_urandom.sh.j2 /usr/lib/postgresql/bin/pgsodium_getkey.sh -COPY --chown=postgres:postgres ansible/files/postgresql_config/custom_read_replica.conf.j2 /etc/postgresql-custom/read-replica.conf -COPY --chown=postgres:postgres ansible/files/postgresql_config/custom_walg.conf.j2 /etc/postgresql-custom/wal-g.conf -COPY --chown=postgres:postgres ansible/files/walg_helper_scripts/wal_fetch.sh /home/postgres/wal_fetch.sh -COPY ansible/files/walg_helper_scripts/wal_change_ownership.sh /root/wal_change_ownership.sh - -RUN sed -i \ - -e "s|#unix_socket_directories = '/tmp'|unix_socket_directories = '/var/run/postgresql'|g" \ - -e "s|#session_preload_libraries = ''|session_preload_libraries = 'supautils'|g" \ - -e "s|#include = '/etc/postgresql-custom/supautils.conf'|include = '/etc/postgresql-custom/supautils.conf'|g" \ - -e "s|#include = '/etc/postgresql-custom/wal-g.conf'|include = '/etc/postgresql-custom/wal-g.conf'|g" /etc/postgresql/postgresql.conf && \ - echo "cron.database_name = 'postgres'" >> /etc/postgresql/postgresql.conf && \ - #echo "pljava.libjvm_location = '/usr/lib/jvm/java-11-openjdk-${TARGETARCH}/lib/server/libjvm.so'" >> /etc/postgresql/postgresql.conf && \ - echo "pgsodium.getkey_script= '/usr/lib/postgresql/bin/pgsodium_getkey.sh'" >> /etc/postgresql/postgresql.conf && \ - echo 'auto_explain.log_min_duration = 10s' >> /etc/postgresql/postgresql.conf && \ - usermod -aG postgres wal-g && \ - mkdir -p /etc/postgresql-custom && \ - chown postgres:postgres /etc/postgresql-custom - -# # Include schema migrations -COPY migrations/db /docker-entrypoint-initdb.d/ -COPY ansible/files/pgbouncer_config/pgbouncer_auth_schema.sql /docker-entrypoint-initdb.d/init-scripts/00-schema.sql -COPY ansible/files/stat_extension.sql /docker-entrypoint-initdb.d/migrations/00-extension.sql - -# # Add upstream entrypoint script -COPY --from=gosu /usr/local/bin/gosu /usr/local/bin/gosu -ADD --chmod=0755 \ - https://github.com/docker-library/postgres/raw/master/15/bullseye/docker-entrypoint.sh \ - /usr/local/bin/ - -RUN mkdir -p /var/run/postgresql && chown postgres:postgres /var/run/postgresql - -ENTRYPOINT ["docker-entrypoint.sh"] - -HEALTHCHECK --interval=2s --timeout=2s --retries=10 CMD pg_isready -U postgres -h localhost -STOPSIGNAL SIGINT -EXPOSE 5432 - -ENV POSTGRES_HOST=/var/run/postgresql -ENV POSTGRES_USER=supabase_admin -ENV POSTGRES_DB=postgres -RUN apt-get update && apt-get install -y --no-install-recommends \ - locales \ - && rm -rf /var/lib/apt/lists/* && \ - localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 \ - && localedef -i C -c -f UTF-8 -A /usr/share/locale/locale.alias C.UTF-8 -RUN echo "C.UTF-8 UTF-8" > /etc/locale.gen && echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen && locale-gen -ENV LANG en_US.UTF-8 -ENV LANGUAGE en_US:en -ENV LC_ALL en_US.UTF-8 -ENV LC_CTYPE=C.UTF-8 -ENV LC_COLLATE=C.UTF-8 -ENV LOCALE_ARCHIVE /usr/lib/locale/locale-archive -CMD ["postgres", "-D", "/etc/postgresql"] diff --git a/amazon-arm64.pkr.hcl b/amazon-arm64.pkr.hcl deleted file mode 100644 index 993537297..000000000 --- a/amazon-arm64.pkr.hcl +++ /dev/null @@ -1,278 +0,0 @@ -variable "ami" { - type = string - default = "ubuntu/images/hvm-ssd/ubuntu-focal-20.04-arm64-server-*" -} - -variable "profile" { - type = string - default = "${env("AWS_PROFILE")}" -} - -variable "ami_name" { - type = string - default = "supabase-postgres" -} - -variable "ami_regions" { - type = list(string) - default = ["ap-southeast-2"] -} - -variable "ansible_arguments" { - type = string - default = "--skip-tags install-postgrest,install-pgbouncer,install-supabase-internal" -} - -variable "aws_access_key" { - type = string - default = "" -} - -variable "aws_secret_key" { - type = string - default = "" -} - -variable "environment" { - type = string - default = "prod" -} - -variable "region" { - type = string -} - -variable "build-vol" { - type = string - default = "xvdc" -} - -# ccache docker image details -variable "docker_user" { - type = string - default = "" -} - -variable "docker_passwd" { - type = string - default = "" -} - -variable "docker_image" { - type = string - default = "" -} - -variable "docker_image_tag" { - type = string - default = "latest" -} - -locals { - creator = "packer" -} - -variable "postgres-version" { - type = string - default = "" -} - -variable "git-head-version" { - type = string - default = "unknown" -} - -variable "packer-execution-id" { - type = string - default = "unknown" -} - -variable "force-deregister" { - type = bool - default = false -} - -packer { - required_plugins { - amazon = { - source = "github.com/hashicorp/amazon" - version = "~> 1" - } - } -} - -# source block -source "amazon-ebssurrogate" "source" { - profile = "${var.profile}" - #access_key = "${var.aws_access_key}" - #ami_name = "${var.ami_name}-arm64-${formatdate("YYYY-MM-DD-hhmm", timestamp())}" - ami_name = "${var.ami_name}-${var.postgres-version}" - ami_virtualization_type = "hvm" - ami_architecture = "arm64" - ami_regions = "${var.ami_regions}" - instance_type = "c6g.4xlarge" - region = "${var.region}" - #secret_key = "${var.aws_secret_key}" - force_deregister = var.force-deregister - - # Use latest official ubuntu focal ami owned by Canonical. - source_ami_filter { - filters = { - virtualization-type = "hvm" - name = "${var.ami}" - root-device-type = "ebs" - } - owners = [ "099720109477" ] - most_recent = true - } - ena_support = true - launch_block_device_mappings { - device_name = "/dev/xvdf" - delete_on_termination = true - volume_size = 10 - volume_type = "gp3" - } - - launch_block_device_mappings { - device_name = "/dev/xvdh" - delete_on_termination = true - volume_size = 8 - volume_type = "gp3" - } - - launch_block_device_mappings { - device_name = "/dev/${var.build-vol}" - delete_on_termination = true - volume_size = 16 - volume_type = "gp2" - omit_from_artifact = true - } - - run_tags = { - creator = "packer" - appType = "postgres" - packerExecutionId = "${var.packer-execution-id}" - } - run_volume_tags = { - creator = "packer" - appType = "postgres" - } - snapshot_tags = { - creator = "packer" - appType = "postgres" - } - tags = { - creator = "packer" - appType = "postgres" - postgresVersion = "${var.postgres-version}" - sourceSha = "${var.git-head-version}" - } - - communicator = "ssh" - ssh_pty = true - ssh_username = "ubuntu" - ssh_timeout = "5m" - - ami_root_device { - source_device_name = "/dev/xvdf" - device_name = "/dev/xvda" - delete_on_termination = true - volume_size = 10 - volume_type = "gp2" - } - - associate_public_ip_address = true -} - -# a build block invokes sources and runs provisioning steps on them. -build { - sources = ["source.amazon-ebssurrogate.source"] - - provisioner "file" { - source = "ebssurrogate/files/sources-arm64.cfg" - destination = "/tmp/sources.list" - } - - provisioner "file" { - source = "ebssurrogate/files/ebsnvme-id" - destination = "/tmp/ebsnvme-id" - } - - provisioner "file" { - source = "ebssurrogate/files/70-ec2-nvme-devices.rules" - destination = "/tmp/70-ec2-nvme-devices.rules" - } - - provisioner "file" { - source = "ebssurrogate/scripts/chroot-bootstrap.sh" - destination = "/tmp/chroot-bootstrap.sh" - } - - provisioner "file" { - source = "ebssurrogate/files/cloud.cfg" - destination = "/tmp/cloud.cfg" - } - - provisioner "file" { - source = "ebssurrogate/files/vector.timer" - destination = "/tmp/vector.timer" - } - - provisioner "file" { - source = "ebssurrogate/files/apparmor_profiles" - destination = "/tmp" - } - - provisioner "file" { - source = "migrations" - destination = "/tmp" - } - - provisioner "file" { - source = "ebssurrogate/files/unit-tests" - destination = "/tmp" - } - - # Copy ansible playbook - provisioner "shell" { - inline = ["mkdir /tmp/ansible-playbook"] - } - - provisioner "file" { - source = "ansible" - destination = "/tmp/ansible-playbook" - } - - provisioner "file" { - source = "scripts" - destination = "/tmp/ansible-playbook" - } - - provisioner "shell" { - environment_vars = [ - "ARGS=${var.ansible_arguments}", - "DOCKER_USER=${var.docker_user}", - "DOCKER_PASSWD=${var.docker_passwd}", - "DOCKER_IMAGE=${var.docker_image}", - "DOCKER_IMAGE_TAG=${var.docker_image_tag}", - "POSTGRES_SUPABASE_VERSION=${var.postgres-version}" - ] - use_env_var_file = true - script = "ebssurrogate/scripts/surrogate-bootstrap.sh" - execute_command = "sudo -S sh -c '. {{.EnvVarFile}} && {{.Path}}'" - start_retry_timeout = "5m" - skip_clean = true - } - - provisioner "file" { - source = "/tmp/ansible.log" - destination = "/tmp/ansible.log" - direction = "download" - } - - provisioner "file" { - source = "/tmp/pg_binaries.tar.gz" - destination = "/tmp/pg_binaries.tar.gz" - direction = "download" - } -} diff --git a/ansible/tasks/postgres-extensions/01-postgis.yml b/ansible/tasks/postgres-extensions/01-postgis.yml deleted file mode 100644 index 7475a5d95..000000000 --- a/ansible/tasks/postgres-extensions/01-postgis.yml +++ /dev/null @@ -1,102 +0,0 @@ -# postgis -- name: postgis - download & install dependencies - apt: - pkg: - - libgeos-dev - - libproj-dev - - libgdal-dev - - libjson-c-dev - - libxml2-dev - - libboost-all-dev - - libcgal-dev - - libmpfr-dev - - libgmp-dev - - cmake - - libprotobuf-c-dev - - protobuf-c-compiler - update_cache: yes - cache_valid_time: 3600 - install_recommends: no - -- name: postgis - ensure dependencies do not get autoremoved - shell: | - set -e - apt-mark manual libgeos* libproj* libgdal* libjson-c* libxml2* libboost* libcgal* libmpfr* libgmp* - apt-mark auto libgeos*-dev libproj*-dev libgdal*-dev libjson-c*-dev libxml2*-dev libboost*-dev libcgal*-dev libmpfr*-dev libgmp*-dev - - become: yes - args: - executable: /bin/bash - -- name: postgis - download SFCGAL dependency - get_url: - url: "https://supabase-public-artifacts-bucket.s3.amazonaws.com/sfcgal/SFCGAL-v{{ sfcgal_release }}.tar.gz" - dest: /tmp/SFCGAL-v{{ sfcgal_release }}.tar.gz - checksum: "{{ sfcgal_release_checksum }}" - timeout: 60 - -- name: postgis - unpack SFCGAL - unarchive: - remote_src: yes - src: /tmp/SFCGAL-v{{ sfcgal_release }}.tar.gz - dest: /tmp - become: yes - -- name: postgis - compile SFCGAL - shell: - cmd: "cmake ." - chdir: /tmp/SFCGAL-v{{ sfcgal_release }} - become: yes - -- name: postgis - build SFCGAL - community.general.make: - target: all - chdir: /tmp/SFCGAL-v{{ sfcgal_release }} - jobs: "{{ parallel_jobs | default(omit) }}" - become: yes - -- name: postgis - install SFCGAL - make: - chdir: /tmp/SFCGAL-v{{ sfcgal_release }} - target: install - become: yes - -- name: postgis - download latest release - shell: - cmd: "curl -sf -L https://supabase-public-artifacts-bucket.s3.amazonaws.com/postgis-{{ postgis_release }}.tar.gz -o /tmp/postgis-{{ postgis_release }}.tar.gz" - -- name: postgis - unpack archive - unarchive: - remote_src: yes - src: /tmp/postgis-{{ postgis_release }}.tar.gz - dest: /tmp - become: yes - -- name: postgis - configure - shell: - cmd: "./configure --with-sfcgal" - chdir: /tmp/postgis-{{ postgis_release }} - become: yes - -- name: postgis - build - community.general.make: - target: all - chdir: /tmp/postgis-{{ postgis_release }} - jobs: "{{ parallel_jobs | default(omit) }}" - become: yes - -- name: postgis - install - make: - chdir: /tmp/postgis-{{ postgis_release }} - target: install - become: yes - -- name: postgis - SFCGAL cleanup - file: - state: absent - path: /tmp/SFCGAL-v{{ sfcgal_release }} - -- name: postgis - cleanup - file: - state: absent - path: /tmp/postgis-{{ postgis_release }} diff --git a/ansible/tasks/postgres-extensions/02-pgrouting.yml b/ansible/tasks/postgres-extensions/02-pgrouting.yml deleted file mode 100644 index 746870a01..000000000 --- a/ansible/tasks/postgres-extensions/02-pgrouting.yml +++ /dev/null @@ -1,52 +0,0 @@ -# pgRouting -- name: pgRouting - download & install dependencies - apt: - pkg: - - libboost-all-dev - update_cache: yes - cache_valid_time: 3600 - install_recommends: no - -- name: pgRouting - download latest release - get_url: - url: "https://github.com/pgRouting/pgrouting/releases/download/v{{ pgrouting_release }}/pgrouting-{{ pgrouting_release }}.tar.gz" - dest: /tmp/pgrouting-{{ pgrouting_release }}.tar.gz - checksum: "{{ pgrouting_release_checksum }}" - timeout: 60 - -- name: pgRouting - unpack archive - unarchive: - remote_src: yes - src: /tmp/pgrouting-{{ pgrouting_release }}.tar.gz - dest: /tmp - become: yes - -- name: pgRouting - create build directory - file: - path: /tmp/pgrouting-{{ pgrouting_release }}/build - state: directory - become: yes - -- name: pgRouting - compile - shell: - cmd: "cmake -DBUILD_HTML=OFF -DBUILD_DOXY=OFF .." - chdir: /tmp/pgrouting-{{ pgrouting_release }}/build - become: yes - -- name: pgRouting - build - community.general.make: - target: all - chdir: /tmp/pgrouting-{{ pgrouting_release }}/build - jobs: "{{ parallel_jobs | default(omit) }}" - become: yes - -- name: pgRouting - install - make: - chdir: /tmp/pgrouting-{{ pgrouting_release }}/build - target: install - become: yes - -- name: pgRouting - cleanup - file: - state: absent - path: /tmp/pgrouting-{{ pgrouting_release }} diff --git a/ansible/tasks/postgres-extensions/03-pgtap.yml b/ansible/tasks/postgres-extensions/03-pgtap.yml deleted file mode 100644 index 9b818b92a..000000000 --- a/ansible/tasks/postgres-extensions/03-pgtap.yml +++ /dev/null @@ -1,25 +0,0 @@ -# pgTAP -- name: pgTAP - download latest release - get_url: - url: "https://github.com/theory/pgtap/archive/v{{ pgtap_release }}.tar.gz" - dest: /tmp/pgtap-{{ pgtap_release }}.tar.gz - checksum: "{{ pgtap_release_checksum }}" - timeout: 60 - -- name: pgTAP - unpack archive - unarchive: - remote_src: yes - src: /tmp/pgtap-{{ pgtap_release }}.tar.gz - dest: /tmp - become: yes - -- name: pgTAP - install - make: - chdir: /tmp/pgtap-{{ pgtap_release }} - target: install - become: yes - -- name: pgTAP - cleanup - file: - state: absent - path: /tmp/pgtap-{{ pgtap_release }} diff --git a/ansible/tasks/postgres-extensions/04-pg_cron.yml b/ansible/tasks/postgres-extensions/04-pg_cron.yml deleted file mode 100644 index d9a11c037..000000000 --- a/ansible/tasks/postgres-extensions/04-pg_cron.yml +++ /dev/null @@ -1,30 +0,0 @@ -# pg_cron -- name: pg_cron - download latest release - get_url: - url: "https://github.com/citusdata/pg_cron/archive/refs/tags/v{{ pg_cron_release }}.tar.gz" - dest: /tmp/pg_cron-{{ pg_cron_release }}.tar.gz - checksum: "{{ pg_cron_release_checksum }}" - timeout: 60 - -- name: pg_cron - unpack archive - unarchive: - remote_src: yes - src: /tmp/pg_cron-{{ pg_cron_release }}.tar.gz - dest: /tmp - become: yes - -- name: pg_cron - build - make: - chdir: /tmp/pg_cron-{{ pg_cron_release }} - become: yes - -- name: pg_cron - install - make: - chdir: /tmp/pg_cron-{{ pg_cron_release }} - target: install - become: yes - -- name: pg_cron - cleanup - file: - state: absent - path: /tmp/pg_cron-{{ pg_cron_release }} diff --git a/ansible/tasks/postgres-extensions/05-pgaudit.yml b/ansible/tasks/postgres-extensions/05-pgaudit.yml deleted file mode 100644 index 5f88c8473..000000000 --- a/ansible/tasks/postgres-extensions/05-pgaudit.yml +++ /dev/null @@ -1,43 +0,0 @@ -# pgAudit -- name: pgAudit - download & install dependencies - apt: - pkg: - - libssl-dev - - libkrb5-dev - update_cache: yes - install_recommends: no - -- name: pgAudit - download latest release - get_url: - url: "https://github.com/pgaudit/pgaudit/archive/refs/tags/{{ pgaudit_release }}.tar.gz" - dest: /tmp/pgaudit-{{ pgaudit_release }}.tar.gz - checksum: "{{ pgaudit_release_checksum }}" - timeout: 60 - -- name: pgAudit - unpack archive - unarchive: - remote_src: yes - src: /tmp/pgaudit-{{ pgaudit_release }}.tar.gz - dest: /tmp - become: yes - -- name: pgAudit - build - make: - chdir: /tmp/pgaudit-{{ pgaudit_release }} - target: check - params: - USE_PGXS: 1 - become: yes - -- name: pgAudit - install - make: - chdir: /tmp/pgaudit-{{ pgaudit_release }} - target: install - params: - USE_PGXS: 1 - become: yes - -- name: pgAudit - cleanup - file: - state: absent - path: /tmp/pgaudit-{{ pgaudit_release }} diff --git a/ansible/tasks/postgres-extensions/06-pgjwt.yml b/ansible/tasks/postgres-extensions/06-pgjwt.yml deleted file mode 100644 index 61890bf43..000000000 --- a/ansible/tasks/postgres-extensions/06-pgjwt.yml +++ /dev/null @@ -1,17 +0,0 @@ -# pgjwt -- name: pgjwt - download from master branch - git: - repo: https://github.com/michelp/pgjwt.git - dest: /tmp/pgjwt - version: "{{ pgjwt_release }}" - -- name: pgjwt - install - make: - chdir: /tmp/pgjwt - target: install - become: yes - -- name: pgjwt - cleanup - file: - state: absent - path: /tmp/pgjwt diff --git a/ansible/tasks/postgres-extensions/07-pgsql-http.yml b/ansible/tasks/postgres-extensions/07-pgsql-http.yml deleted file mode 100644 index 73044d261..000000000 --- a/ansible/tasks/postgres-extensions/07-pgsql-http.yml +++ /dev/null @@ -1,43 +0,0 @@ -# pgsql-http -- name: pgsql-http - libcurl4 package - apt: - pkg: - - libcurl4 - state: absent - -- name: pgsql-http - download & install dependencies - apt: - pkg: - - libcurl4-gnutls-dev - update_cache: yes - install_recommends: no - -- name: pgsql-http - download latest release - get_url: - url: "https://github.com/pramsey/pgsql-http/archive/refs/tags/v{{ pgsql_http_release }}.tar.gz" - dest: /tmp/pgsql_http-{{ pgsql_http_release }}.tar.gz - checksum: "{{ pgsql_http_release_checksum }}" - timeout: 60 - -- name: pgsql-http - unpack archive - unarchive: - remote_src: yes - src: /tmp/pgsql_http-{{ pgsql_http_release }}.tar.gz - dest: /tmp - become: yes - -- name: pgsql-http - build - make: - chdir: /tmp/pgsql-http-{{ pgsql_http_release }} - become: yes - -- name: pgsql-http - install - make: - chdir: /tmp/pgsql-http-{{ pgsql_http_release }} - target: install - become: yes - -- name: pgsql-http - cleanup - file: - state: absent - path: /tmp/pgsql-http-{{ pgsql_http_release }} diff --git a/ansible/tasks/postgres-extensions/08-plpgsql_check.yml b/ansible/tasks/postgres-extensions/08-plpgsql_check.yml deleted file mode 100644 index 75bb041d5..000000000 --- a/ansible/tasks/postgres-extensions/08-plpgsql_check.yml +++ /dev/null @@ -1,38 +0,0 @@ -# plpgsql_check -- name: plpgsql_check - download & install dependencies - apt: - pkg: - - libicu-dev - update_cache: yes - install_recommends: no - -- name: plpgsql_check - download latest release - get_url: - url: "https://github.com/okbob/plpgsql_check/archive/refs/tags/v{{ plpgsql_check_release }}.tar.gz" - dest: /tmp/plpgsql_check-{{ plpgsql_check_release }}.tar.gz - checksum: "{{ plpgsql_check_release_checksum }}" - timeout: 60 - -- name: plpgsql_check - unpack archive - unarchive: - remote_src: yes - src: /tmp/plpgsql_check-{{ plpgsql_check_release }}.tar.gz - dest: /tmp - become: yes - -- name: plpgsql_check - clean - make: - chdir: /tmp/plpgsql_check-{{ plpgsql_check_release }} - target: clean - become: yes - -- name: plpgsql_check - install - make: - chdir: /tmp/plpgsql_check-{{ plpgsql_check_release }} - target: install - become: yes - -- name: plpgsql_check - cleanup - file: - state: absent - path: /tmp/plpgsql_check-{{ plpgsql_check_release }} diff --git a/ansible/tasks/postgres-extensions/09-pg-safeupdate.yml b/ansible/tasks/postgres-extensions/09-pg-safeupdate.yml deleted file mode 100644 index 36ae41cfa..000000000 --- a/ansible/tasks/postgres-extensions/09-pg-safeupdate.yml +++ /dev/null @@ -1,30 +0,0 @@ -# pg-safeupdate -- name: pg-safeupdate - download latest release - get_url: - url: "https://github.com/eradman/pg-safeupdate/archive/refs/tags/{{ pg_safeupdate_release }}.tar.gz" - dest: /tmp/pg_safeupdate-{{ pg_safeupdate_release }}.tar.gz - checksum: "{{ pg_safeupdate_release_checksum }}" - timeout: 60 - -- name: pg-safeupdate - unpack archive - unarchive: - remote_src: yes - src: /tmp/pg_safeupdate-{{ pg_safeupdate_release }}.tar.gz - dest: /tmp - become: yes - -- name: pg-safeupdate - build - make: - chdir: /tmp/pg-safeupdate-{{ pg_safeupdate_release }} - become: yes - -- name: pg-safeupdate - install - make: - chdir: /tmp/pg-safeupdate-{{ pg_safeupdate_release }} - target: install - become: yes - -- name: pg-safeupdate - cleanup - file: - state: absent - path: /tmp/pg-safeupdate-{{ pg_safeupdate_release }} diff --git a/ansible/tasks/postgres-extensions/10-timescaledb.yml b/ansible/tasks/postgres-extensions/10-timescaledb.yml deleted file mode 100644 index cb4b84237..000000000 --- a/ansible/tasks/postgres-extensions/10-timescaledb.yml +++ /dev/null @@ -1,36 +0,0 @@ -# timescaledb -- name: timescaledb - download & install dependencies - apt: - pkg: - - cmake - update_cache: yes - install_recommends: no - -- name: timescaledb - download latest release - git: - repo: https://github.com/timescale/timescaledb.git - dest: /tmp/timescaledb - version: "{{ timescaledb_release }}" - become: yes - -- name: timescaledb - bootstrap - shell: - cmd: "./bootstrap -DAPACHE_ONLY=1" - chdir: /tmp/timescaledb - become: yes - -- name: timescaledb - build - make: - chdir: /tmp/timescaledb/build - become: yes - -- name: timescaledb - install - make: - chdir: /tmp/timescaledb/build - target: install - become: yes - -- name: timescaledb - cleanup - file: - state: absent - path: /tmp/timescaledb diff --git a/ansible/tasks/postgres-extensions/11-wal2json.yml b/ansible/tasks/postgres-extensions/11-wal2json.yml deleted file mode 100644 index c5abde95c..000000000 --- a/ansible/tasks/postgres-extensions/11-wal2json.yml +++ /dev/null @@ -1,17 +0,0 @@ -# wal2json -- name: wal2json - download by commit sha - git: - repo: https://github.com/eulerto/wal2json.git - dest: /tmp/wal2json - version: "wal2json_{{ wal2json_release }}" - -- name: wal2json - install - make: - chdir: /tmp/wal2json - target: install - become: yes - -- name: wal2json - cleanup - file: - state: absent - path: /tmp/wal2json diff --git a/ansible/tasks/postgres-extensions/12-pljava.yml b/ansible/tasks/postgres-extensions/12-pljava.yml deleted file mode 100644 index bd16d1cec..000000000 --- a/ansible/tasks/postgres-extensions/12-pljava.yml +++ /dev/null @@ -1,84 +0,0 @@ -# pljava -- name: pljava - download & install dependencies - apt: - pkg: - - maven - - default-jre - - default-jdk - - libssl-dev - update_cache: yes - install_recommends: no - -#TODO: revert to using main repo after PG15 support is merged: https://github.com/tada/pljava/pull/413 -# - name: pljava - download latest release -# get_url: -# url: https://github.com/tada/pljava/archive/V{{ pljava_release }}.tar.gz -# dest: /tmp/pljava-{{ pljava_release }}.tar.gz -# checksum: "{{ pljava_release_checksum }}" -# timeout: 60 - -# - name: pljava - unpack archive -# unarchive: -# remote_src: yes -# src: /tmp/pljava-{{ pljava_release }}.tar.gz -# dest: /tmp -# become: yes - -- name: pljava - download latest release - become: yes - git: - repo: https://github.com/supabase/pljava.git - dest: /tmp/pljava-{{ pljava_release }} - version: "{{ pljava_release }}" - -- name: pljava - build - become: yes - shell: - cmd: mvn -T 1C clean install -Dmaven.test.skip -DskipTests -Dmaven.javadoc.skip=true - chdir: /tmp/pljava-{{ pljava_release }} - -- name: pljava - install - become: yes - shell: - cmd: java -jar pljava-packaging/target/pljava-pg{{ postgresql_major }}.jar - chdir: /tmp/pljava-{{ pljava_release }} - -- name: pljava - remove build dependencies - apt: - pkg: - - maven - - default-jre - - default-jdk - state: absent - -- name: pljava - install headless jdk - apt: - pkg: - - default-jdk-headless - update_cache: yes - install_recommends: no - -- name: Hold jre package - dpkg_selections: - name: default-jre-headless - selection: hold - when: async_mode - -- name: pljava - set pljava.libjvm_location - become: yes - lineinfile: - path: /etc/postgresql/postgresql.conf - state: present - line: pljava.libjvm_location = '/usr/lib/jvm/java-11-openjdk-{{ platform }}/lib/server/libjvm.so' - -- name: pljava - remove ~/.m2 directory - become: yes - file: - path: ~/.m2 - state: absent - -- name: pljava - cleanup - become: yes - file: - state: absent - path: /tmp/pljava-{{ pljava_release }} diff --git a/ansible/tasks/postgres-extensions/13-plv8.yml b/ansible/tasks/postgres-extensions/13-plv8.yml deleted file mode 100644 index 9f117355e..000000000 --- a/ansible/tasks/postgres-extensions/13-plv8.yml +++ /dev/null @@ -1,73 +0,0 @@ -# plv8 -- name: plv8 - download & install dependencies - apt: - pkg: - - build-essential - - ca-certificates - - curl - - git-core - - gpp - - cpp - - pkg-config - - apt-transport-https - - cmake - - libc++-dev - - libc++abi-dev - - libc++1 - - libglib2.0-dev - - libtinfo5 - - libc++abi1 - - ninja-build - - python - update_cache: yes - install_recommends: no - -- name: plv8 - download latest release - git: - repo: https://github.com/plv8/plv8.git - dest: /tmp/plv8 - version: "v{{ plv8_release }}" - become: yes - -- name: Create a symbolic link - file: - src: /lib/aarch64-linux-gnu/libc++.so.1 - dest: /lib/aarch64-linux-gnu/libc++.so - state: link - when: platform == "arm64" - ignore_errors: yes # not needed for docker build - -- name: plv8 - enable ccache - become: yes - replace: - path: /tmp/plv8/Makefiles/Makefile.docker - regexp: "^GN_ARGS =" - replace: GN_ARGS = cc_wrapper=\"env CCACHE_SLOPPINESS=time_macros ccache\" - -- name: plv8 - build - make: - chdir: /tmp/plv8 - become: yes - when: not async_mode - -- name: plv8 - install - make: - chdir: /tmp/plv8 - target: install - become: yes - when: not async_mode - -- name: plv8 - cleanup - file: - state: absent - path: /tmp/plv8 - when: not async_mode - -- name: plv8 - build - make: - chdir: /tmp/plv8 - become: yes - async: 2000 - poll: 0 - register: plv8_build - when: async_mode diff --git a/ansible/tasks/postgres-extensions/14-pg_plan_filter.yml b/ansible/tasks/postgres-extensions/14-pg_plan_filter.yml deleted file mode 100644 index 0fa099066..000000000 --- a/ansible/tasks/postgres-extensions/14-pg_plan_filter.yml +++ /dev/null @@ -1,23 +0,0 @@ -# pg_plan_filter -- name: pg_plan_filter - download latest release - git: - repo: https://github.com/pgexperts/pg_plan_filter.git - dest: /tmp/pg_plan_filter - version: "{{ pg_plan_filter_release }}" - become: yes - -- name: pg_plan_filter - build - make: - chdir: /tmp/pg_plan_filter - become: yes - -- name: pg_plan_filter - install - make: - chdir: /tmp/pg_plan_filter - target: install - become: yes - -- name: pg_plan_filter - cleanup - file: - state: absent - path: /tmp/pg_plan_filter diff --git a/ansible/tasks/postgres-extensions/15-pg_net.yml b/ansible/tasks/postgres-extensions/15-pg_net.yml deleted file mode 100644 index 260f38d55..000000000 --- a/ansible/tasks/postgres-extensions/15-pg_net.yml +++ /dev/null @@ -1,37 +0,0 @@ -# pg_net -- name: pg_net - download & install dependencies - apt: - pkg: - - libcurl4-gnutls-dev - update_cache: yes - install_recommends: no - -- name: pg_net - download latest release - get_url: - url: "https://github.com/supabase/pg_net/archive/refs/tags/v{{pg_net_release}}.tar.gz" - dest: /tmp/pg_net-{{ pg_net_release }}.tar.gz - checksum: "{{ pg_net_release_checksum }}" - timeout: 60 - -- name: pg_net - unpack archive - unarchive: - remote_src: yes - src: /tmp/pg_net-{{ pg_net_release }}.tar.gz - dest: /tmp - become: yes - -- name: pg_net - build - make: - chdir: /tmp/pg_net-{{ pg_net_release }} - become: yes - -- name: pg_net - install - make: - chdir: /tmp/pg_net-{{ pg_net_release }} - target: install - become: yes - -- name: pg_net - cleanup - file: - state: absent - path: /tmp/pg_net-{{ pg_net_release }} diff --git a/ansible/tasks/postgres-extensions/16-rum.yml b/ansible/tasks/postgres-extensions/16-rum.yml deleted file mode 100644 index f8cca1600..000000000 --- a/ansible/tasks/postgres-extensions/16-rum.yml +++ /dev/null @@ -1,34 +0,0 @@ -# rum -- name: rum - download latest release - get_url: - url: "https://github.com/postgrespro/rum/archive/refs/tags/{{rum_release}}.tar.gz" - dest: /tmp/rum-{{ rum_release }}.tar.gz - checksum: "{{ rum_release_checksum }}" - timeout: 60 - -- name: rum - unpack archive - unarchive: - remote_src: yes - src: /tmp/rum-{{ rum_release }}.tar.gz - dest: /tmp - become: yes - -- name: rum - build - make: - chdir: /tmp/rum-{{ rum_release }} - params: - USE_PGXS: 1 - become: yes - -- name: rum - install - make: - chdir: /tmp/rum-{{ rum_release }} - target: install - params: - USE_PGXS: 1 - become: yes - -- name: rum - cleanup - file: - state: absent - path: /tmp/rum-{{ rum_release }} diff --git a/ansible/tasks/postgres-extensions/17-pg_hashids.yml b/ansible/tasks/postgres-extensions/17-pg_hashids.yml deleted file mode 100644 index 8bd02917d..000000000 --- a/ansible/tasks/postgres-extensions/17-pg_hashids.yml +++ /dev/null @@ -1,22 +0,0 @@ -# pg_hashids -- name: pg_hashids - download from master branch - git: - repo: https://github.com/iCyberon/pg_hashids.git - dest: /tmp/pg_hashids - version: "{{ pg_hashids_release }}" - -- name: pg_hashids - build - make: - chdir: /tmp/pg_hashids - become: yes - -- name: pg_hashids - install - make: - chdir: /tmp/pg_hashids - target: install - become: yes - -- name: pg_hashids - cleanup - file: - state: absent - path: /tmp/pg_hashids diff --git a/ansible/tasks/postgres-extensions/18-pgsodium.yml b/ansible/tasks/postgres-extensions/18-pgsodium.yml deleted file mode 100644 index ed3c8ee09..000000000 --- a/ansible/tasks/postgres-extensions/18-pgsodium.yml +++ /dev/null @@ -1,80 +0,0 @@ -# libsodium and pgsodium -- name: determine postgres bin directory - shell: pg_config --bindir - register: pg_bindir_output -- set_fact: - pg_bindir: "{{ pg_bindir_output.stdout }}" - -- name: libsodium - download libsodium - get_url: - url: "https://supabase-public-artifacts-bucket.s3.amazonaws.com/libsodium/libsodium-{{ libsodium_release }}.tar.gz" - dest: /tmp/libsodium-{{ libsodium_release }}.tar.gz - checksum: "{{ libsodium_release_checksum }}" - timeout: 60 - -- name: libsodium - unpack archive - unarchive: - remote_src: yes - src: /tmp/libsodium-{{ libsodium_release }}.tar.gz - dest: /tmp - become: yes - -- name: libsodium - configure - shell: - cmd: ./configure - chdir: /tmp/libsodium-{{ libsodium_release }} - become: yes - -- name: libsodium - build - make: - chdir: /tmp/libsodium-{{ libsodium_release }} - become: yes - -- name: libsodium - install - make: - chdir: /tmp/libsodium-{{ libsodium_release }} - target: install - become: yes - -- name: pgsodium - download pgsodium - get_url: - url: "https://github.com/michelp/pgsodium/archive/refs/tags/v{{ pgsodium_release }}.tar.gz" - dest: /tmp/pgsodium-{{ pgsodium_release }}.tar.gz - checksum: "{{ pgsodium_release_checksum }}" - timeout: 60 - -- name: pgsodium - unpack archive - unarchive: - remote_src: yes - src: /tmp/pgsodium-{{ pgsodium_release }}.tar.gz - dest: /tmp - become: yes - -- name: pgsodium - build - make: - chdir: /tmp/pgsodium-{{ pgsodium_release }} - become: yes - -- name: pgsodium - install - make: - chdir: /tmp/pgsodium-{{ pgsodium_release }} - target: install - become: yes - -- name: pgsodium - set pgsodium.getkey_script - become: yes - lineinfile: - path: /etc/postgresql/postgresql.conf - state: present - # script is expected to be placed by finalization tasks for different target platforms - line: pgsodium.getkey_script= '{{ pg_bindir }}/pgsodium_getkey.sh' - -- name: libsodium - cleanup - file: - state: absent - path: /tmp/libsodium-{{ libsodium_release }} - -- name: pgsodium - cleanup - file: - state: absent - path: /tmp/pgsodium-{{ pgsodium_release }} diff --git a/ansible/tasks/postgres-extensions/19-pg_graphql.yml b/ansible/tasks/postgres-extensions/19-pg_graphql.yml deleted file mode 100644 index 642becdb6..000000000 --- a/ansible/tasks/postgres-extensions/19-pg_graphql.yml +++ /dev/null @@ -1,3 +0,0 @@ -- name: install pg_graphql - ansible.builtin.apt: - deb: "https://github.com/supabase/pg_graphql/releases/download/v{{ pg_graphql_release }}/pg_graphql-v{{ pg_graphql_release }}-pg{{ postgresql_major }}-{{ platform }}-linux-gnu.deb" diff --git a/ansible/tasks/postgres-extensions/20-pg_stat_monitor.yml b/ansible/tasks/postgres-extensions/20-pg_stat_monitor.yml deleted file mode 100644 index bffddefc3..000000000 --- a/ansible/tasks/postgres-extensions/20-pg_stat_monitor.yml +++ /dev/null @@ -1,23 +0,0 @@ -# pg_stat_monitor -- name: pg_stat_monitor - download and install dependencies - git: - repo: https://github.com/percona/pg_stat_monitor.git - dest: /tmp/pg_stat_monitor - version: "{{ pg_stat_monitor_release }}" - become: yes - -- name: pg_stat_monitor build - make: - chdir: /tmp/pg_stat_monitor - params: USE_PGXS=1 - -- name: pg_stat_monitor install - make: - chdir: /tmp/pg_stat_monitor - target: install - params: USE_PGXS=1 - -- name: pg_stat_monitor cleanup - file: - state: absent - path: /tmp/pg_stat_monitor diff --git a/ansible/tasks/postgres-extensions/22-pg_jsonschema.yml b/ansible/tasks/postgres-extensions/22-pg_jsonschema.yml deleted file mode 100644 index fc71ab8ed..000000000 --- a/ansible/tasks/postgres-extensions/22-pg_jsonschema.yml +++ /dev/null @@ -1,3 +0,0 @@ -- name: install pg_jsonschema - ansible.builtin.apt: - deb: "https://github.com/supabase/pg_jsonschema/releases/download/v{{ pg_jsonschema_release }}/pg_jsonschema-v{{ pg_jsonschema_release }}-pg{{ postgresql_major }}-{{ platform }}-linux-gnu.deb" diff --git a/ansible/tasks/postgres-extensions/23-vault.yml b/ansible/tasks/postgres-extensions/23-vault.yml deleted file mode 100644 index 1cc76c83a..000000000 --- a/ansible/tasks/postgres-extensions/23-vault.yml +++ /dev/null @@ -1,31 +0,0 @@ -# vault - -- name: vault - download vault - get_url: - url: "https://github.com/supabase/vault/archive/refs/tags/v{{ vault_release }}.tar.gz" - dest: /tmp/vault-{{ vault_release }}.tar.gz - checksum: "{{ vault_release_checksum }}" - timeout: 60 - -- name: vault - unpack archive - unarchive: - remote_src: yes - src: /tmp/vault-{{ vault_release }}.tar.gz - dest: /tmp - become: yes - -- name: vault - build - make: - chdir: /tmp/vault-{{ vault_release }} - become: yes - -- name: vault - install - make: - chdir: /tmp/vault-{{ vault_release }} - target: install - become: yes - -- name: vault - cleanup - file: - state: absent - path: /tmp/vault-{{ vault_release }} diff --git a/ansible/tasks/postgres-extensions/24-pgroonga.yml b/ansible/tasks/postgres-extensions/24-pgroonga.yml deleted file mode 100644 index f8baaa6f9..000000000 --- a/ansible/tasks/postgres-extensions/24-pgroonga.yml +++ /dev/null @@ -1,85 +0,0 @@ -# groonga and pgroonga -- name: groonga - download & install dependencies - apt: - pkg: - - zlib1g-dev - - liblzo2-dev - - libmsgpack-dev - - libzmq3-dev - - libevent-dev - - libmecab-dev - - mecab-naist-jdic - update_cache: yes - install_recommends: no - -- name: groonga - download groonga - get_url: - url: "https://packages.groonga.org/source/groonga/groonga-{{ groonga_release }}.tar.gz" - dest: /tmp/groonga-{{ groonga_release }}.tar.gz - checksum: "{{ groonga_release_checksum }}" - timeout: 60 - -- name: groonga - unpack archive - unarchive: - remote_src: yes - src: /tmp/groonga-{{ groonga_release }}.tar.gz - dest: /tmp - become: yes - -- name: groonga - configure - shell: - cmd: ./configure - chdir: /tmp/groonga-{{ groonga_release }} - become: yes - -- name: groonga - build - community.general.make: - target: all - chdir: /tmp/groonga-{{ groonga_release }} - jobs: "{{ parallel_jobs | default(omit) }}" - become: yes - -- name: groonga - install - make: - chdir: /tmp/groonga-{{ groonga_release }} - target: install - become: yes - -- name: pgroonga - download pgroonga - get_url: - url: "https://packages.groonga.org/source/pgroonga/pgroonga-{{ pgroonga_release }}.tar.gz" - dest: /tmp/pgroonga-{{ pgroonga_release }}.tar.gz - checksum: "{{ pgroonga_release_checksum }}" - timeout: 60 - -- name: pgroonga - unpack archive - unarchive: - remote_src: yes - src: /tmp/pgroonga-{{ pgroonga_release }}.tar.gz - dest: /tmp - become: yes - -- name: pgroonga - build - community.general.make: - target: all - chdir: /tmp/pgroonga-{{ pgroonga_release }} - jobs: "{{ parallel_jobs | default(omit) }}" - become: yes - -- name: pgroonga - install - make: - chdir: /tmp/pgroonga-{{ pgroonga_release }} - target: install - become: yes - -- name: groonga - cleanup - file: - state: absent - path: /tmp/groonga-{{ groonga_release }} - become: yes - -- name: pgroonga - cleanup - file: - state: absent - path: /tmp/pgroonga-{{ pgroonga_release }} - become: yes diff --git a/ansible/tasks/postgres-extensions/25-wrappers.yml b/ansible/tasks/postgres-extensions/25-wrappers.yml deleted file mode 100644 index 717fa5ce8..000000000 --- a/ansible/tasks/postgres-extensions/25-wrappers.yml +++ /dev/null @@ -1,3 +0,0 @@ -- name: install wrappers - ansible.builtin.apt: - deb: "https://github.com/supabase/wrappers/releases/download/v{{ wrappers_release }}/wrappers-v{{ wrappers_release }}-pg{{ postgresql_major }}-{{ platform }}-linux-gnu.deb" diff --git a/ansible/tasks/postgres-extensions/26-hypopg.yml b/ansible/tasks/postgres-extensions/26-hypopg.yml deleted file mode 100644 index 4a9afcf7c..000000000 --- a/ansible/tasks/postgres-extensions/26-hypopg.yml +++ /dev/null @@ -1,17 +0,0 @@ -# hypopg -- name: hypopg - download by commit sha - git: - repo: https://github.com/HypoPG/hypopg.git - dest: /tmp/hypopg - version: "{{ hypopg_release }}" - -- name: hypopg - install - make: - chdir: /tmp/hypopg - target: install - become: yes - -- name: hypopg - cleanup - file: - state: absent - path: /tmp/hypopg diff --git a/ansible/tasks/postgres-extensions/27-pg_repack.yml b/ansible/tasks/postgres-extensions/27-pg_repack.yml deleted file mode 100644 index 81ca80160..000000000 --- a/ansible/tasks/postgres-extensions/27-pg_repack.yml +++ /dev/null @@ -1,38 +0,0 @@ -# pg_repack - - name: pg_repack - download & install dependencies - apt: - pkg: - - liblz4-dev - - libz-dev - - libzstd-dev - - libreadline-dev - update_cache: yes - install_recommends: no - - - name: pg_repack - download latest release - git: - repo: https://github.com/reorg/pg_repack.git - dest: /tmp/pg_repack - version: "ver_{{ pg_repack_release }}" - become: yes - - - name: pg_repack - build - make: - chdir: /tmp/pg_repack - params: - USE_PGXS: 1 - become: yes - - - name: pg_repack - install - make: - chdir: /tmp/pg_repack - target: install - params: - USE_PGXS: 1 - become: yes - - - name: pg_repack - cleanup - file: - state: absent - path: /tmp/pg_repack - diff --git a/ansible/tasks/postgres-extensions/28-pgvector.yml b/ansible/tasks/postgres-extensions/28-pgvector.yml deleted file mode 100644 index a673ab2a2..000000000 --- a/ansible/tasks/postgres-extensions/28-pgvector.yml +++ /dev/null @@ -1,23 +0,0 @@ -# pgvector -- name: pgvector - download latest release - git: - repo: https://github.com/pgvector/pgvector.git - dest: /tmp/pgvector - version: 'v{{ pgvector_release }}' - become: yes - -- name: pgvector - build - make: - chdir: /tmp/pgvector - become: yes - -- name: pgvector - install - make: - chdir: /tmp/pgvector - target: install - become: yes - -- name: pgvector - cleanup - file: - state: absent - path: /tmp/pgvector diff --git a/ansible/tasks/postgres-extensions/29-pg_tle.yml b/ansible/tasks/postgres-extensions/29-pg_tle.yml deleted file mode 100644 index ea0b199e1..000000000 --- a/ansible/tasks/postgres-extensions/29-pg_tle.yml +++ /dev/null @@ -1,12 +0,0 @@ -# pg_tle -- name: pg_tle - download - git: - repo: https://github.com/aws/pg_tle.git - dest: /tmp/pg_tle - version: v{{ pg_tle_release }} - -- name: pg_tle - install - make: - chdir: /tmp/pg_tle - target: install - become: yes diff --git a/ansible/tasks/postgres-extensions/99-finish_async_tasks.yml b/ansible/tasks/postgres-extensions/99-finish_async_tasks.yml deleted file mode 100644 index 2e0609ba0..000000000 --- a/ansible/tasks/postgres-extensions/99-finish_async_tasks.yml +++ /dev/null @@ -1,19 +0,0 @@ -## Verify plv8 status and complete plv8-install -- name: Check if plv8 is complete - async_status: - jid: "{{ plv8_build.ansible_job_id }}" - register: job_result - until: job_result.finished - delay: 60 - retries: 60 - -- name: plv8 - install - make: - chdir: /tmp/plv8 - target: install - become: yes - -- name: plv8 - cleanup - file: - state: absent - path: /tmp/plv8 diff --git a/ansible/vars.yml b/ansible/vars.yml index 617fa93a9..fc39cb507 100644 --- a/ansible/vars.yml +++ b/ansible/vars.yml @@ -47,9 +47,6 @@ nginx_release_checksum: sha1:419efb77b80f165666e2ee406ad8ae9b845aba93 wal_g_release: "2.0.1" -sfcgal_release: "1.3.10" -sfcgal_release_checksum: sha256:4e39b3b2adada6254a7bdba6d297bb28e1a9835a9f879b74f37e2dab70203232 - postgres_exporter_release: "0.15.0" postgres_exporter_release_checksum: arm64: sha256:29ba62d538b92d39952afe12ee2e1f4401250d678ff4b354ff2752f4321c87a0 @@ -58,100 +55,5 @@ postgres_exporter_release_checksum: adminapi_release: 0.74.0 adminmgr_release: 0.24.1 -# Postgres Extensions -postgis_release: "3.3.2" -postgis_release_checksum: sha256:9a2a219da005a1730a39d1959a1c7cec619b1efb009b65be80ffc25bad299068 - -pgrouting_release: "3.4.1" -pgrouting_release_checksum: sha256:a4e034efee8cf67582b67033d9c3ff714a09d8f5425339624879df50aff3f642 - -pgtap_release: "1.2.0" -pgtap_release_checksum: sha256:9c7c3de67ea41638e14f06da5da57bac6f5bd03fea05c165a0ec862205a5c052 - -pg_cron_release: "1.6.2" -pg_cron_release_checksum: sha256:9f4eb3193733c6fa93a6591406659aac54b82c24a5d91ffaf4ec243f717d94a0 - -pgaudit_release: "1.7.0" -pgaudit_release_checksum: sha256:8f4a73e451c88c567e516e6cba7dc1e23bc91686bb6f1f77f8f3126d428a8bd8 - -pgjwt_release: 9742dab1b2f297ad3811120db7b21451bca2d3c9 - -pgsql_http_release: "1.6.1" - -plpgsql_check_release: "2.2.5" -plpgsql_check_release_checksum: sha256:6c3a3c5faf3f9689425c6db8a6b20bf4cd5e7144a055e29538eae980c7232573 - -pg_safeupdate_release: "1.4" -pg_safeupdate_release_checksum: sha256:ff01d3d444d35924bd3d745c5695696292e2855042da4c30fe728fb3b6648122 - -timescaledb_release: "2.9.1" -timescaledb_release_checksum: sha256:883638f2e79d25ec88ee58f603f3c81c999b6364cb4c799919d363f04089b47b - -wal2json_release: "2_5" -wal2json_release_checksum: sha256:b516653575541cf221b99cf3f8be9b6821f6dbcfc125675c85f35090f824f00e - -supautils_release: "2.6.0" -supautils_release_arm64_deb_checksum: sha256:b83f0777e506e310e33af4dafa8ae130b1b0e2871d6099234b332bfb33a5466f -supautils_release_amd64_deb_checksum: sha256:709d6cf4939031998b9392d435ad113564fb42c4c77e81e5035106840f8a74e0 -supautils_release_tar_checksum: sha256:b1cf964d1c56f45120d4724bfaf258cc7c0caccb30d8bde20bcda088a5990718 - -pljava_release: master -pljava_release_checksum: sha256:e99b1c52f7b57f64c8986fe6ea4a6cc09d78e779c1643db060d0ac66c93be8b6 - -plv8_release: "3.1.5" -plv8_release_checksum: sha256:2edf9a219844b2b6abae09c0bdb840c5b0d6e3dd418631744c7326c0b107cc10 - -pg_plan_filter_release: 5081a7b5cb890876e67d8e7486b6a64c38c9a492 - -pg_net_release: "0.9.2" -# To obtain the checksum use `wget https://github.com/supabase/pg_net/archive/refs/tags/v0.9.2.tar.gz -q -O- | sha256sum` -pg_net_release_checksum: sha256:268c87c09ccd26e6566d2522cb02ba7918b4cbda37eb5076d2e790bbd994a087 - -rum_release: "1.3.13" -rum_release_checksum: sha256:6ab370532c965568df6210bd844ac6ba649f53055e48243525b0b7e5c4d69a7d - -pg_hashids_release: cd0e1b31d52b394a0df64079406a14a4f7387cd6 - vector_x86_deb: "https://packages.timber.io/vector/0.22.3/vector_0.22.3-1_amd64.deb" vector_arm_deb: "https://packages.timber.io/vector/0.22.3/vector_0.22.3-1_arm64.deb" - -libsodium_release: "1.0.18" -libsodium_release_checksum: sha256:6f504490b342a4f8a4c4a02fc9b866cbef8622d5df4e5452b46be121e46636c1 - -pgsodium_release: "3.1.8" -pgsodium_release_checksum: sha256:4d027aeee5163f3f33740d269938a120d1593a41c3701c920d2a1de80aa97486 - -pg_graphql_release: "1.5.7" - -pg_jsonschema_release: "0.2.0" - -pg_stat_monitor_release: "1.1.1" -pg_stat_monitor_release_checksum: sha256:1756a02d5a6dd66b892d15920257c69a17a67d48d3d4e2f189b681b83001ec2a - -vault_release: "0.2.9" -vault_release_checksum: sha256:1e813216395c59bb94c92be47ce8b70ba19ccc0efbcdb1fb14ed6d34a42c6cdb - -groonga_release: "13.0.1" -groonga_release_checksum: sha256:1c2d1a6981c1ad3f02a11aff202b15ba30cb1c6147f1fa9195b519a2b728f8ba - -pgroonga_release: "3.0.7" -pgroonga_release_checksum: sha256:885ff3878cc30e9030e5fc56d561bc8b66df3ede1562c9d802bc0ea04fe5c203 - -wrappers_release: "0.4.4" - -hypopg_release: "1.4.1" -hypopg_release_checksum: sha256:9afe6357fd389d8d33fad81703038ce520b09275ec00153c6c89282bcdedd6bc - -pg_repack_release: "1.5.0" -pg_repack_release_checksum: sha256:9a14d6a95bfa29f856aa10538238622c1f351d38eb350b196c06720a878ccc52 - -pgvector_release: "0.8.0" -pgvector_release_checksum: sha256:867a2c328d4928a5a9d6f052cd3bc78c7d60228a9b914ad32aa3db88e9de27b0 - -pg_tle_release: "1.3.2" -pg_tle_release_checksum: sha256:d04f72d88b21b954656609743560684ac42645b64a36c800d4d2f84d1f180de1 - -index_advisor_release: "0.2.0" -index_advisor_checksum: sha256:2d3642012a9185cda51f1e82ba43d64a81b24a2655a3ac3afdcbbd95d46a1a27 - -pg_backtrace_release: "1.1" diff --git a/common.vars.pkr.hcl b/common.vars.pkr.hcl deleted file mode 100644 index 871647b06..000000000 --- a/common.vars.pkr.hcl +++ /dev/null @@ -1 +0,0 @@ -postgres-version = "15.1.1.95" diff --git a/digitalOcean.json b/digitalOcean.json deleted file mode 100644 index 36396fc29..000000000 --- a/digitalOcean.json +++ /dev/null @@ -1,45 +0,0 @@ -{ - "variables": { - "do_token": "", - "image_name": "ubuntu-20-04-x64", - "region": "sgp1", - "snapshot_regions": "sgp1", - "snapshot_name": "supabase-postgres-13.3.0", - "ansible_arguments": "--skip-tags,update-only,--skip-tags,aws-only,-e,supabase_internal='false'" - }, - "builders": [ - { - "type": "digitalocean", - "api_token": "{{user `do_token`}}", - "image": "{{user `image_name`}}", - "region": "{{user `region`}}", - "snapshot_regions": "{{user `snapshot_regions`}}", - "size": "s-1vcpu-1gb", - "ssh_username": "root", - "snapshot_name": "{{user `snapshot_name`}}" - } - ], - "provisioners": [ - { - "type": "shell", - "inline": [ - "while [ ! -f /var/lib/cloud/instance/boot-finished ]; do echo 'Waiting for cloud-init...'; sleep 1; done" - ] - }, - { - "type": "ansible", - "user": "root", - "playbook_file": "ansible/playbook.yml", - "extra_arguments": "{{user `ansible_arguments`}}" - }, - { - "type": "shell", - "scripts": [ - "scripts/01-postgres_check.sh", - "scripts/90-cleanup.sh", - "scripts/91-log_cleanup.sh", - "scripts/99-img_check.sh" - ] - } - ] -} diff --git a/docker/all-in-one/Dockerfile b/docker/all-in-one/Dockerfile deleted file mode 100644 index ec0c51637..000000000 --- a/docker/all-in-one/Dockerfile +++ /dev/null @@ -1,317 +0,0 @@ -ARG postgres_version=15.1.1.49 - -ARG pgbouncer_release=1.18.0 -ARG postgrest_release=10.1.2 -ARG gotrue_release=2.130.0 -ARG adminapi_release=0.64.1 -ARG adminmgr_release=0.22.1 -ARG vector_release=0.22.3 -ARG postgres_exporter_release=0.15.0 -ARG envoy_release=1.28.0 - -# Update `gateway-28` in the URL below if upgrading above v2.8.x. -ARG kong_release=2.8.1 - -FROM supabase/postgres:${postgres_version} as base -ARG TARGETARCH -ARG postgresql_major - -FROM base as builder -# Install build dependencies -RUN apt-get update && apt-get install -y \ - postgresql-server-dev-${postgresql_major} \ - build-essential \ - checkinstall \ - pkg-config \ - cmake \ - && rm -rf /var/lib/apt/lists/* - -#################### -# Install pgbouncer -#################### -FROM builder as pgbouncer-source -# Download and extract -ARG pgbouncer_release -ADD "https://www.pgbouncer.org/downloads/files/${pgbouncer_release}/pgbouncer-${pgbouncer_release}.tar.gz" /tmp/pgbouncer.tar.gz -RUN tar -xvf /tmp/pgbouncer.tar.gz -C /tmp && \ - rm -rf /tmp/pgbouncer.tar.gz -# Install build dependencies -RUN apt-get update && apt-get install -y \ - libevent-dev \ - && rm -rf /var/lib/apt/lists/* -# Build from source -WORKDIR /tmp/pgbouncer-${pgbouncer_release} -RUN ./configure --prefix=/usr/local -RUN make -j$(nproc) -# Create debian package -RUN checkinstall -D --install=no --fstrans=no --backup=no --pakdir=/tmp --requires=libevent-2.1-7 --nodoc - -FROM base as pgbouncer -# Download pre-built packages -RUN apt-get update && apt-get install -y --no-install-recommends --download-only \ - pgbouncer \ - && rm -rf /var/lib/apt/lists/* -RUN mv /var/cache/apt/archives/*.deb /tmp/ - -#################### -# Install PostgREST -#################### -FROM postgrest/postgrest:v${postgrest_release} as pgrst - -#################### -# Install GoTrue -#################### -FROM supabase/gotrue:v${gotrue_release} as gotrue - -#################### -# Install Envoy -#################### -FROM envoyproxy/envoy:v${envoy_release} as envoy - -#################### -# Install Kong -#################### -FROM base as kong -ARG kong_release -ADD "https://packages.konghq.com/public/gateway-28/deb/ubuntu/pool/focal/main/k/ko/kong_${kong_release}/kong_${kong_release}_${TARGETARCH}.deb" \ - /tmp/kong.deb - -#################### -# Install admin api -#################### -FROM base as adminapi -ARG adminapi_release -ADD "https://supabase-public-artifacts-bucket.s3.amazonaws.com/supabase-admin-api/v${adminapi_release}/supabase-admin-api_${adminapi_release}_linux_${TARGETARCH}.tar.gz" /tmp/supabase-admin-api.tar.gz -RUN tar -xvf /tmp/supabase-admin-api.tar.gz -C /tmp && \ - rm -rf /tmp/supabase-admin-api.tar.gz - -#################### -# Install admin mgr -#################### -FROM base as adminmgr -ARG adminmgr_release -ADD "https://supabase-public-artifacts-bucket.s3.amazonaws.com/admin-mgr/v${adminmgr_release}/admin-mgr_${adminmgr_release}_linux_${TARGETARCH}.tar.gz" /tmp/admin-mgr.tar.gz -RUN tar -xvf /tmp/admin-mgr.tar.gz -C /tmp && \ - rm -rf /tmp/admin-mgr.tar.gz - -#################### -# Install Prometheus Exporter -#################### -FROM base as exporter -ARG postgres_exporter_release -ADD "https://github.com/prometheus-community/postgres_exporter/releases/download/v${postgres_exporter_release}/postgres_exporter-${postgres_exporter_release}.linux-${TARGETARCH}.tar.gz" /tmp/postgres_exporter.tar.gz -RUN tar -xvf /tmp/postgres_exporter.tar.gz -C /tmp --strip-components 1 && \ - rm -rf /tmp/postgres_exporter.tar.gz - -#################### -# Install vector -#################### -FROM base as vector -ARG vector_release -ADD "https://packages.timber.io/vector/${vector_release}/vector_${vector_release}-1_${TARGETARCH}.deb" /tmp/vector.deb - -#################### -# Install supervisord -#################### -FROM base as supervisor -# Download pre-built packages -RUN apt-get update -y && apt-get install -y --no-install-recommends --download-only \ - supervisor \ - && rm -rf /var/lib/apt/lists/* -RUN mv /var/cache/apt/archives/*.deb /tmp/ - -#################### -# Create the final image for production -#################### -FROM base as production - -# Copy dependencies from previous build stages -COPY --from=pgbouncer /tmp/*.deb /tmp/ -COPY --from=vector /tmp/*.deb /tmp/ -COPY --from=kong /tmp/*.deb /tmp/ -COPY --from=supervisor /tmp/*.deb /tmp/ - -# Install runtime dependencies -RUN apt-get update && apt-get install -y --no-install-recommends \ - /tmp/*.deb \ - # For health check - curl \ - # For parsing init payload - jq \ - # Security tools - fail2ban \ - # sudo - sudo \ - vim-tiny \ - less \ - libnuma1 \ - logrotate \ - dumb-init \ - # pg_egress_collect deps - tcpdump libio-async-perl \ - && rm -rf /var/lib/apt/lists/* /tmp/* \ - && mkdir -p /dist \ - && mkdir -p /data/opt && chmod go+rwx /data/opt - -#################### -# Install salt -#################### -ENV DEBIAN_FRONTEND=noninteractive -ENV SALT_VERSION=3006 - -# Install one-dir salt -RUN cat < /etc/apt/preferences.d/salt-pin-1001 -Package: salt-* -Pin: version ${SALT_VERSION}.* -Pin-Priority: 1001 -EOF - -RUN mkdir /etc/apt/keyrings \ - && curl -fsSL -o /etc/apt/keyrings/salt-archive-keyring.pgp https://packages.broadcom.com/artifactory/api/security/keypair/SaltProjectKey/public \ - && curl -fsSL https://github.com/saltstack/salt-install-guide/releases/latest/download/salt.sources > /etc/apt/sources.list.d/salt.sources \ - && apt-get clean && apt-get update && apt-get install -y salt-minion - -ADD docker/all-in-one/etc/salt/minion /etc/salt/minion - - -# Copy single binary dependencies -COPY --from=pgrst /bin/postgrest /dist/ -COPY --from=gotrue /usr/local/bin/auth /dist/gotrue -COPY --from=gotrue /usr/local/etc/auth /opt/gotrue/ -COPY --from=envoy /usr/local/bin/envoy /dist/ -COPY --from=adminapi /tmp/supabase-admin-api /dist/ -COPY --chown=root:root --from=adminmgr /tmp/admin-mgr /dist/ -COPY --from=exporter /tmp/postgres_exporter /opt/postgres_exporter/ -COPY docker/all-in-one/opt/postgres_exporter /opt/postgres_exporter/ - -# Configuring dangling symlinks for binaries -RUN ln -s /data/opt/supabase-admin-api /opt/supabase-admin-api \ - && ln -s /data/opt/postgrest /opt/postgrest \ - && ln -s /data/opt/gotrue /opt/gotrue/gotrue \ - && ln -s /data/opt/admin-mgr /usr/bin/admin-mgr - -# Scripts for adminapi -COPY ansible/files/admin_api_scripts /root -COPY --chown=adminapi:adminapi docker/all-in-one/etc/adminapi /etc/adminapi -COPY --chmod=644 docker/all-in-one/etc/sudoers.d /etc/sudoers.d/ - -# Script for pg_egress_collect -COPY --chown=adminapi:adminapi docker/all-in-one/opt/pg_egress_collect /opt/pg_egress_collect - -# Customizations for pgbouncer -COPY docker/all-in-one/etc/pgbouncer /etc/pgbouncer -COPY docker/all-in-one/etc/pgbouncer-custom /etc/pgbouncer-custom -COPY docker/all-in-one/etc/tmpfiles.d /etc/tmpfiles.d - -# Customizations for postgres -COPY --chown=postgres:postgres docker/all-in-one/etc/postgresql/pg_hba.conf /etc/postgresql/ -COPY --chown=postgres:postgres docker/all-in-one/etc/postgresql/logging.conf /etc/postgresql/ -COPY --chown=postgres:postgres docker/all-in-one/etc/postgresql-custom /etc/postgresql-custom -COPY --chown=postgres:postgres docker/all-in-one/etc/postgresql.schema.sql /etc/postgresql.schema.sql - -# Customizations for postgres_exporter -COPY --chown=postgres:postgres docker/all-in-one/opt/postgres_exporter/queries.yml /opt/postgres_exporter/queries.yml - -# Customizations for fail2ban -COPY docker/all-in-one/etc/fail2ban/filter.d /etc/fail2ban/filter.d/ -COPY docker/all-in-one/etc/fail2ban/jail.d /etc/fail2ban/jail.d/ - -# Customizations for postgrest -COPY --chown=postgrest:postgrest docker/all-in-one/etc/postgrest/bootstrap.sh /etc/postgrest/bootstrap.sh -COPY --chown=postgrest:postgrest docker/all-in-one/etc/postgrest/base.conf /etc/postgrest/base.conf -COPY --chown=postgrest:postgrest docker/all-in-one/etc/postgrest/generated.conf /etc/postgrest/generated.conf - -# Customizations for logrotate -COPY docker/all-in-one/etc/logrotate.d/walg.conf /etc/logrotate.d/walg.conf -COPY docker/all-in-one/etc/logrotate.d/postgresql.conf /etc/logrotate.d/postgresql.conf - -# Customizations for gotrue -COPY docker/all-in-one/etc/gotrue.env /etc/gotrue.env - -# Customizations for envoy -ARG envoy_release -ARG envoy_lds="lds.yaml" -ADD --chmod=755 --chown=envoy:envoy "https://raw.githubusercontent.com/envoyproxy/envoy/v${envoy_release}/restarter/hot-restarter.py" /opt/envoy-hot-restarter.py -COPY --chmod=775 --chown=envoy:envoy ansible/files/envoy_config/ /etc/envoy/ -COPY --chmod=755 --chown=envoy:envoy ansible/files/start-envoy.sh /opt/ -RUN mv /etc/envoy/${envoy_lds} /etc/envoy/lds.yaml -RUN rm -f /etc/envoy/lds.supabase.yaml - -# Customizations for kong -COPY docker/all-in-one/etc/kong/kong.conf /etc/kong/kong.conf -COPY docker/all-in-one/etc/kong/kong.yml /etc/kong/kong.yml - -# Customizations for vector -COPY --chown=vector:vector docker/all-in-one/etc/vector/vector.yaml /etc/vector/vector.yaml - -# Customizations for supervisor -COPY docker/all-in-one/etc/supervisor /etc/supervisor - -# Customizations for supa-shutdown -COPY --chown=adminapi:adminapi docker/all-in-one/etc/supa-shutdown /etc/supa-shutdown -COPY docker/all-in-one/configure-shim.sh /usr/local/bin/configure-shim.sh - -# Configure service ports -ENV PGRST_SERVER_PORT=3000 -ENV PGRST_ADMIN_SERVER_PORT=3001 -EXPOSE ${PGRST_SERVER_PORT} - -ENV GOTRUE_SITE_URL=http://localhost:${PGRST_SERVER_PORT} -ENV GOTRUE_API_PORT=9999 -EXPOSE ${GOTRUE_API_PORT} - -ENV ENVOY_HTTP_PORT=8000 -ENV ENVOY_HTTPS_PORT=8443 - -ENV KONG_HTTP_PORT=8000 -ENV KONG_HTTPS_PORT=8443 - -ENV HTTP_PORT=${ENVOY_HTTP_PORT:-KONG_HTTP_PORT} -ENV HTTP_PORT=${ENVOY_HTTPS_PORT:-KONG_HTTPS_PORT} -EXPOSE ${HTTP_PORT} ${HTTPS_PORT} - -ENV ADMIN_API_CERT_DIR=/etc/ssl/adminapi -ENV ADMIN_API_PORT=8085 -EXPOSE ${ADMIN_API_PORT} - -ENV PGBOUNCER_PORT=6543 -EXPOSE ${PGBOUNCER_PORT} - -ENV PGEXPORTER_PORT=9187 -EXPOSE ${PGEXPORTER_PORT} - -ENV VECTOR_API_PORT=9001 - -# Create system users -RUN useradd --create-home --shell /bin/bash postgrest && \ - useradd --create-home --shell /bin/bash gotrue && \ - useradd --create-home --shell /bin/bash envoy && \ - useradd --create-home --shell /bin/bash pgbouncer -G postgres,ssl-cert && \ - useradd --create-home --shell /bin/bash adminapi -G root,envoy,kong,pgbouncer,postgres,postgrest,wal-g && \ - usermod --append --shell /bin/bash -G postgres vector -RUN mkdir -p /etc/wal-g && \ - chown -R adminapi:adminapi /etc/wal-g && \ - chmod g+w /etc/wal-g -RUN mkdir -p /var/log/wal-g \ - && chown -R postgres:postgres /var/log/wal-g \ - && chmod +x /dist/admin-mgr \ - && chmod ug+s /dist/admin-mgr \ - && touch /etc/wal-g/config.json \ - && chown adminapi:adminapi /etc/wal-g/config.json \ - && echo '{"WALG_S3_PREFIX": "s3://foo/bar/"}' > /etc/wal-g/config.json -RUN chown -R adminapi:adminapi /etc/adminapi -RUN sed -i "s;#include = '/etc/postgresql-custom/generated-optimizations.conf';include = '/etc/postgresql-custom/generated-optimizations.conf';" /etc/postgresql/postgresql.conf - -# Add healthcheck and entrypoint scripts -COPY docker/all-in-one/healthcheck.sh /usr/local/bin/ -HEALTHCHECK --interval=3s --timeout=2s --start-period=4s --retries=10 CMD [ "healthcheck.sh" ] - -COPY docker/all-in-one/init /init -COPY docker/all-in-one/entrypoint.sh /usr/local/bin/ -COPY docker/all-in-one/postgres-entrypoint.sh /usr/local/bin/ -COPY docker/all-in-one/shutdown.sh /usr/local/bin/supa-shutdown.sh -COPY docker/all-in-one/run-logrotate.sh /usr/local/bin/run-logrotate.sh - -ENTRYPOINT [ "/usr/bin/dumb-init" ] - -CMD [ "entrypoint.sh"] diff --git a/docker/all-in-one/README.md b/docker/all-in-one/README.md deleted file mode 100644 index 72e120009..000000000 --- a/docker/all-in-one/README.md +++ /dev/null @@ -1,59 +0,0 @@ -# Supabase All-in-One - -All Supabase backend services bundled in a single Docker image for quick local testing and edge deployment. - -## Build - -```bash -# cwd: repo root -docker build -f docker/all-in-one/Dockerfile -t supabase/all-in-one . -``` - -## Run - -```bash -docker run --rm -it \ - -e POSTGRES_PASSWORD=postgres \ - -e JWT_SECRET=super-secret-jwt-token-with-at-least-32-characters-long \ - -e ANON_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyAgCiAgICAicm9sZSI6ICJhbm9uIiwKICAgICJpc3MiOiAic3VwYWJhc2UtZGVtbyIsCiAgICAiaWF0IjogMTY0MTc2OTIwMCwKICAgICJleHAiOiAxNzk5NTM1NjAwCn0.dc_X5iR_VP_qT0zsiyj_I_OZ2T9FtRU2BBNWN8Bu4GE \ - -e SERVICE_ROLE_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyAgCiAgICAicm9sZSI6ICJzZXJ2aWNlX3JvbGUiLAogICAgImlzcyI6ICJzdXBhYmFzZS1kZW1vIiwKICAgICJpYXQiOiAxNjQxNzY5MjAwLAogICAgImV4cCI6IDE3OTk1MzU2MDAKfQ.DaYlNEoUrrEn2Ig7tqibS-PHK5vgusbcbo7X36XVt4Q \ - -e ADMIN_API_KEY=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb2xlIjoic3VwYWJhc2VfYWRtaW4iLCJpc3MiOiJzdXBhYmFzZS1kZW1vIiwiaWF0IjoxNjQxNzY5MjAwLCJleHAiOjE3OTk1MzU2MDB9.Y9mSNVuTw2TdfryoaqM5wySvwQemGGWfSe9ixcklVfM \ - -e DATA_VOLUME_MOUNTPOINT=/data \ - -e MACHINE_TYPE=shared_cpu_1x_512m \ - -p 5432:5432 \ - -p 8000:8000 \ - supabase/all-in-one -``` - -Use bind mount to start from an existing physical backup: `-v $(pwd)/data:/var/lib/postgresql/data` - -Alternatively, the container may be initialised using a payload tarball. - -```bash -docker run --rm \ - -e POSTGRES_PASSWORD=postgres \ - -e INIT_PAYLOAD_PRESIGNED_URL= \ - -p 5432:5432 \ - -p 8000:8000 \ - -it supabase/all-in-one -``` - -## Test - -```bash -curl -H "apikey: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyAgCiAgICAicm9sZSI6ICJhbm9uIiwKICAgICJpc3MiOiAic3VwYWJhc2UtZGVtbyIsCiAgICAiaWF0IjogMTY0MTc2OTIwMCwKICAgICJleHAiOiAxNzk5NTM1NjAwCn0.dc_X5iR_VP_qT0zsiyj_I_OZ2T9FtRU2BBNWN8Bu4GE" \ - localhost:8000/rest/v1/ | jq -``` - -## TODO - -- [x] optimise admin config -- [x] propagate shutdown signals -- [x] add http health checks -- [x] generate dynamic JWT -- [ ] ufw / nftables -- [x] log rotation -- [x] egress metrics -- [x] vector -- [ ] apparmor -- [x] wal-g diff --git a/docker/all-in-one/configure-shim.sh b/docker/all-in-one/configure-shim.sh deleted file mode 100755 index f42f1557a..000000000 --- a/docker/all-in-one/configure-shim.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/bash - -INITIAL_BINARY_PATH=$1 -SYMLINK_PATH=$2 - -SYMLINK_TARGET=$(readlink -m "$SYMLINK_PATH") - -if [ ! -f "$SYMLINK_TARGET" ]; then - cp "$INITIAL_BINARY_PATH" "$SYMLINK_TARGET" - - PERMS=$(stat -c "%a" "$INITIAL_BINARY_PATH") - chmod "$PERMS" "$SYMLINK_TARGET" - - OWNER_GROUP=$(stat -c "%u:%g" "$INITIAL_BINARY_PATH") - chown "$OWNER_GROUP" "$SYMLINK_TARGET" -fi diff --git a/docker/all-in-one/entrypoint.sh b/docker/all-in-one/entrypoint.sh deleted file mode 100755 index 0aff0b1ec..000000000 --- a/docker/all-in-one/entrypoint.sh +++ /dev/null @@ -1,366 +0,0 @@ -#!/bin/bash -set -eou pipefail - -START_TIME=$(date +%s%N) - -PG_CONF=/etc/postgresql/postgresql.conf -SUPERVISOR_CONF=/etc/supervisor/supervisord.conf - -export DATA_VOLUME_MOUNTPOINT=${DATA_VOLUME_MOUNTPOINT:-/data} -export CONFIGURED_FLAG_PATH=${CONFIGURED_FLAG_PATH:-$DATA_VOLUME_MOUNTPOINT/machine.configured} - -export MAX_IDLE_TIME_MINUTES=${MAX_IDLE_TIME_MINUTES:-5} - -function calculate_duration { - local start_time=$1 - local end_time=$2 - - local duration=$((end_time - start_time)) - local milliseconds=$((duration / 1000000)) - - echo "$milliseconds" -} - -# Ref: https://gist.github.com/sj26/88e1c6584397bb7c13bd11108a579746 -function retry { - # Pass 0 for unlimited retries - local retries=$1 - shift - - local start=$EPOCHSECONDS - local count=0 - until "$@"; do - exit=$? - # Reset count if service has been running for more than 2 minutes - local elapsed=$((EPOCHSECONDS - start)) - if [ $elapsed -gt 120 ]; then - count=0 - fi - # Exponential backoff up to n tries - local wait=$((2 ** count)) - count=$((count + 1)) - if [ $count -ge "$retries" ] && [ "$retries" -gt 0 ]; then - echo "Retry $count/$retries exited $exit, no more retries left." - return $exit - fi - echo "Retry $count/$retries exited $exit, retrying in $wait seconds..." - sleep $wait - start=$EPOCHSECONDS - done - return 0 -} - -function configure_services { - # Start services after migrations are run - for file in /init/configure-*.sh; do - retry 0 "$file" - done -} - -function enable_swap { - fallocate -l 1G /mnt/swapfile - chmod 600 /mnt/swapfile - mkswap /mnt/swapfile - swapon /mnt/swapfile -} - -function push_lsn_checkpoint_file { - if [ "${PLATFORM_DEPLOYMENT:-}" != "true" ]; then - echo "Skipping push of LSN checkpoint file" - return - fi - - /usr/bin/admin-mgr lsn-checkpoint-push --immediately || echo "Failed to push LSN checkpoint" -} - -function graceful_shutdown { - echo "$(date): Received SIGINT. Shutting down." - - # Postgres ships the latest WAL file using archive_command during shutdown, in a blocking operation - # This is to ensure that the WAL file is shipped, just in case - sleep 0.2 - push_lsn_checkpoint_file -} - -function enable_autoshutdown { - sed -i "s/autostart=.*/autostart=true/" /etc/supervisor/base-services/supa-shutdown.conf -} - -function enable_lsn_checkpoint_push { - sed -i "s/autostart=.*/autostart=true/" /etc/supervisor/base-services/lsn-checkpoint-push.conf - sed -i "s/autorestart=.*/autorestart=true/" /etc/supervisor/base-services/lsn-checkpoint-push.conf -} - -function disable_fail2ban { - sed -i "s/autostart=.*/autostart=false/" /etc/supervisor/services/fail2ban.conf - sed -i "s/autorestart=.*/autorestart=false/" /etc/supervisor/services/fail2ban.conf -} - -function setup_postgres { - tar -xzvf "$INIT_PAYLOAD_PATH" -C / ./etc/postgresql.schema.sql - mv /etc/postgresql.schema.sql /docker-entrypoint-initdb.d/migrations/99-schema.sql - - tar -xzvf "$INIT_PAYLOAD_PATH" -C / ./etc/postgresql-custom/pgsodium_root.key - sed -i "/# Automatically generated optimizations/i # Supabase Platform Defaults\ninclude = '/etc/postgresql-custom/platform-defaults.conf'\n" $PG_CONF - - # TODO (darora): walg enablement is temporarily performed here until changes from https://github.com/supabase/postgres/pull/639 get picked up - # other things will still be needed in the future (auth_delay config) - sed -i \ - -e "s|#include = '/etc/postgresql-custom/custom-overrides.conf'|include = '/etc/postgresql-custom/custom-overrides.conf'|g" \ - -e "s|#include = '/etc/postgresql-custom/wal-g.conf'|include = '/etc/postgresql-custom/wal-g.conf'|g" \ - -e "s|shared_preload_libraries = '\(.*\)'|shared_preload_libraries = '\1, auth_delay'|" \ - -e "/# Automatically generated optimizations/i auth_delay.milliseconds = '3000'" \ - "${PG_CONF}" - - # Setup ssl certs - mkdir -p /etc/ssl/certs/postgres - tar -xzvf "$INIT_PAYLOAD_PATH" -C /etc/ssl/certs/postgres/ --strip-components 2 ./ssl/server.crt - tar -xzvf "$INIT_PAYLOAD_PATH" -C /etc/ssl/certs/postgres/ --strip-components 2 ./ssl/ca.crt - tar -xzvf "$INIT_PAYLOAD_PATH" -C /etc/ssl/private/ --strip-components 2 ./ssl/server.key - # tar -xzvf "$INIT_PAYLOAD_PATH" -C /etc/ssl/certs/postgres/ ./ssl/server-intermediate.srl - - PGSSLROOTCERT=/etc/ssl/certs/postgres/ca.crt - PGSSLCERT=/etc/ssl/certs/postgres/server.crt - PGSSLKEY=/etc/ssl/private/server.key - chown root:postgres $PGSSLROOTCERT $PGSSLKEY $PGSSLCERT - chmod 640 $PGSSLROOTCERT $PGSSLKEY $PGSSLCERT - - # Change ssl back to on in postgres.conf - sed -i -e "s|ssl = off|ssl = on|g" \ - -e "s|ssl_ca_file = ''|ssl_ca_file = '$PGSSLROOTCERT'|g" \ - -e "s|ssl_cert_file = ''|ssl_cert_file = '$PGSSLCERT'|g" \ - -e "s|ssl_key_file = ''|ssl_key_file = '$PGSSLKEY'|g" \ - $PG_CONF - - if [ "${DATA_VOLUME_MOUNTPOINT}" ]; then - mkdir -p "${DATA_VOLUME_MOUNTPOINT}/opt" - /usr/local/bin/configure-shim.sh /dist/supabase-admin-api /opt/supabase-admin-api - /opt/supabase-admin-api optimize db --destination-config-file-path /etc/postgresql-custom/generated-optimizations.conf - - # Preserve postgresql configs across restarts - POSTGRESQL_CUSTOM_DIR="${DATA_VOLUME_MOUNTPOINT}/etc/postgresql-custom" - - mkdir -p "${POSTGRESQL_CUSTOM_DIR}" - - if [ ! -f "${CONFIGURED_FLAG_PATH}" ]; then - echo "Copying existing custom postgresql config from /etc/postgresql-custom to ${POSTGRESQL_CUSTOM_DIR}" - cp -R "/etc/postgresql-custom/." "${POSTGRESQL_CUSTOM_DIR}/" - fi - - rm -rf "/etc/postgresql-custom" - ln -s "${POSTGRESQL_CUSTOM_DIR}" "/etc/postgresql-custom" - chown -R postgres:postgres "/etc/postgresql-custom" - chown -R postgres:postgres "${POSTGRESQL_CUSTOM_DIR}" - chmod g+rx "${POSTGRESQL_CUSTOM_DIR}" - - # Preserve wal-g configs across restarts - WALG_CONF_DIR="${DATA_VOLUME_MOUNTPOINT}/etc/wal-g" - mkdir -p "${WALG_CONF_DIR}" - - if [ ! -f "${CONFIGURED_FLAG_PATH}" ]; then - echo "Copying existing custom wal-g config from /etc/wal-g to ${WALG_CONF_DIR}" - cp -R "/etc/wal-g/." "${WALG_CONF_DIR}/" - fi - - rm -rf "/etc/wal-g" - ln -s "${WALG_CONF_DIR}" "/etc/wal-g" - chown -R adminapi:adminapi "/etc/wal-g" - chown -R adminapi:adminapi "${WALG_CONF_DIR}" - chmod g+rx "/etc/wal-g" - chmod g+rx "${WALG_CONF_DIR}" - fi - DURATION=$(calculate_duration "$START_TIME" "$(date +%s%N)") - echo "E: Execution time to setting up postgresql: $DURATION milliseconds" -} - -function setup_credentials { - # Load credentials from init json - tar -xzvf "$INIT_PAYLOAD_PATH" -C / ./tmp/init.json - export ANON_KEY=${ANON_KEY:-$(jq -r '.["anon_key"]' /tmp/init.json)} - export SERVICE_ROLE_KEY=${SERVICE_ROLE_KEY:-$(jq -r '.["service_key"]' /tmp/init.json)} - export ADMIN_API_KEY=${ADMIN_API_KEY:-$(jq -r '.["supabase_admin_key"]' /tmp/init.json)} - export JWT_SECRET=${JWT_SECRET:-$(jq -r '.["jwt_secret"]' /tmp/init.json)} - DURATION=$(calculate_duration "$START_TIME" "$(date +%s%N)") - echo "E: Execution time to setting up credentials: $DURATION milliseconds" -} - -function report_health { - if [ -z "${REPORTING_TOKEN:-}" ]; then - echo "Skipped health reporting: missing REPORTING_TOKEN" - exit 0 - fi - if [ -d "$ADMIN_API_CERT_DIR" ]; then - retry 10 curl -sSkf "https://localhost:$ADMIN_API_PORT/health-reporter/send" -X POST -H "apikey: $ADMIN_API_KEY" - else - retry 10 curl -sSf "http://localhost:$ADMIN_API_PORT/health-reporter/send" -X POST -H "apikey: $ADMIN_API_KEY" - fi -} - -function run_prelaunch_hooks { - if [ -f "/etc/postgresql-custom/supautils.conf" ]; then - sed -i -e 's/dblink, //' "/etc/postgresql-custom/supautils.conf" - fi -} - -function start_supervisor { - # Start health reporting - report_health & - - # Start supervisord - /usr/bin/supervisord -c $SUPERVISOR_CONF -} - -DELEGATED_ARCHIVE_PATH=/data/delegated-init.tar.gz -DELEGATED_ENTRY_PATH=/data/delegated-entry.sh - -function fetch_and_execute_delegated_payload { - curl -s --time-cond $DELEGATED_ARCHIVE_PATH -o $DELEGATED_ARCHIVE_PATH "$DELEGATED_INIT_LOCATION" - - if [ ! -f $DELEGATED_ARCHIVE_PATH ]; then - echo "No delegated payload found, bailing" - return - fi - - # only extract a valid archive - if tar -tzf "$DELEGATED_ARCHIVE_PATH" &>/dev/null; then - TAR_MTIME_EPOCH=$(tar -tvzf "$DELEGATED_ARCHIVE_PATH" delegated-entry.sh | awk '{print $4, $5}' | xargs -I {} date -d {} +%s) - - if [ -f $DELEGATED_ENTRY_PATH ]; then - FILE_MTIME_EPOCH=$(stat -c %Y "$DELEGATED_ENTRY_PATH") - - if [ "$TAR_MTIME_EPOCH" -gt "$FILE_MTIME_EPOCH" ]; then - tar -xvzf "$DELEGATED_ARCHIVE_PATH" -C /data - else - echo "TAR archive is not newer, skipping extraction" - fi - else - tar -xvzf "$DELEGATED_ARCHIVE_PATH" -C /data - fi - else - echo "Invalid TAR archive" - return - fi - - # Run our delegated entry script here - if [ -f "$DELEGATED_ENTRY_PATH" ]; then - chmod +x $DELEGATED_ENTRY_PATH - bash -c "$DELEGATED_ENTRY_PATH $START_TIME" - fi -} - -# Increase max number of open connections -ulimit -n 65536 - -# Update pgsodium root key -if [ "${PGSODIUM_ROOT_KEY:-}" ]; then - echo "${PGSODIUM_ROOT_KEY}" >/etc/postgresql-custom/pgsodium_root.key -fi - -# Update pgdata directory -if [ "${PGDATA_REAL:-}" ]; then - mkdir -p "${PGDATA_REAL}" - chown -R postgres:postgres "${PGDATA_REAL}" - chmod -R g+rx "${PGDATA_REAL}" -fi - -if [ "${PGDATA:-}" ]; then - if [ "${PGDATA_REAL:-}" ]; then - mkdir -p "$(dirname "${PGDATA}")" - rm -rf "${PGDATA}" - ln -s "${PGDATA_REAL}" "${PGDATA}" - chmod -R g+rx "${PGDATA}" - else - mkdir -p "$PGDATA" - chown postgres:postgres "$PGDATA" - fi - sed -i "s|data_directory = '.*'|data_directory = '$PGDATA'|g" $PG_CONF -fi - -# Download and extract init payload from s3 -export INIT_PAYLOAD_PATH=${INIT_PAYLOAD_PATH:-/tmp/payload.tar.gz} - -if [ "${INIT_PAYLOAD_PRESIGNED_URL:-}" ]; then - curl -fsSL "$INIT_PAYLOAD_PRESIGNED_URL" -o "/tmp/payload.tar.gz" || true - if [ -f "/tmp/payload.tar.gz" ] && [ "/tmp/payload.tar.gz" != "$INIT_PAYLOAD_PATH" ]; then - mv "/tmp/payload.tar.gz" "$INIT_PAYLOAD_PATH" - fi -fi - -if [ "${DATA_VOLUME_MOUNTPOINT}" ]; then - BASE_LOGS_FOLDER="${DATA_VOLUME_MOUNTPOINT}/logs" - - for folder in "postgresql" "services" "wal-g"; do - mkdir -p "${BASE_LOGS_FOLDER}/${folder}" - rm -rf "/var/log/${folder}" - ln -s "${BASE_LOGS_FOLDER}/${folder}" "/var/log/${folder}" - done - - chown -R postgres:postgres "${BASE_LOGS_FOLDER}" - - mkdir -p "${DATA_VOLUME_MOUNTPOINT}/etc/logrotate" -fi - -# Process init payload -if [ -f "$INIT_PAYLOAD_PATH" ]; then - setup_credentials - setup_postgres -else - echo "Skipped extracting init payload: $INIT_PAYLOAD_PATH does not exist" -fi - -mkdir -p /var/log/services - -SUPERVISOR_CONF=/etc/supervisor/supervisord.conf -find /etc/supervisor/ -type d -exec chmod 0770 {} + -find /etc/supervisor/ -type f -exec chmod 0660 {} + - -# Start services in the background -if [ "${POSTGRES_ONLY:-}" == "true" ]; then - sed -i "s| - postgrest| # - postgrest|g" /etc/adminapi/adminapi.yaml - sed -i "s|files = services/\*.conf base-services/\*.conf|files = base-services/\*.conf|g" $SUPERVISOR_CONF - /init/configure-adminapi.sh -else - sed -i "s| # - postgrest| - postgrest|g" /etc/adminapi/adminapi.yaml - sed -i "s|files = base-services/\*.conf|files = services/\*.conf base-services/\*.conf|g" $SUPERVISOR_CONF - configure_services -fi - -if [ "${AUTOSHUTDOWN_ENABLED:-}" == "true" ]; then - enable_autoshutdown -fi - -if [ "${ENVOY_ENABLED:-}" == "true" ]; then - sed -i "s/autostart=.*/autostart=true/" /etc/supervisor/services/envoy.conf - sed -i "s/autostart=.*/autostart=false/" /etc/supervisor/services/kong.conf - sed -i "s/kong/envoy/" /etc/supervisor/services/group.conf -fi - -if [ "${FAIL2BAN_DISABLED:-}" == "true" ]; then - disable_fail2ban -fi - -if [ "${GOTRUE_DISABLED:-}" == "true" ]; then - sed -i "s/autostart=.*/autostart=false/" /etc/supervisor/services/gotrue.conf - sed -i "s/autorestart=.*/autorestart=false/" /etc/supervisor/services/gotrue.conf -fi - -if [ "${PLATFORM_DEPLOYMENT:-}" == "true" ]; then - if [ "${SWAP_DISABLED:-}" != "true" ]; then - enable_swap - fi - enable_lsn_checkpoint_push - - trap graceful_shutdown SIGINT -fi - -touch "$CONFIGURED_FLAG_PATH" -run_prelaunch_hooks - -if [ -n "${DELEGATED_INIT_LOCATION:-}" ]; then - fetch_and_execute_delegated_payload -else - DURATION=$(calculate_duration "$START_TIME" "$(date +%s%N)") - echo "E: Execution time to starting supervisor: $DURATION milliseconds" - start_supervisor - push_lsn_checkpoint_file -fi diff --git a/docker/all-in-one/etc/adminapi/adminapi.yaml b/docker/all-in-one/etc/adminapi/adminapi.yaml deleted file mode 100644 index 7784fd7d4..000000000 --- a/docker/all-in-one/etc/adminapi/adminapi.yaml +++ /dev/null @@ -1,83 +0,0 @@ -port: 8085 -host: 0.0.0.0 -ref: {{ .ProjectRef }} -jwt_secret: {{ .JwtSecret }} -metric_collectors: - - filesystem - - meminfo - - netdev - - loadavg - - cpu - - diskstats - - vmstat -node_exporter_additional_args: - - "--collector.filesystem.ignored-mount-points=^/(boot|sys|dev|run).*" - - "--collector.netdev.device-exclude=lo" -# cert_path: /etc/ssl/adminapi/server.crt -# key_path: /etc/ssl/adminapi/server.key -upstream_metrics_refresh_duration: 60s -pgbouncer_endpoints: - - "postgres://pgbouncer:{{ .PgbouncerPassword }}@localhost:6543/pgbouncer" -fail2ban_socket: /var/run/fail2ban/fail2ban.sock -upstream_metrics_sources: - - name: system - url: "https://localhost:8085/metrics" - labels_to_attach: - - name: supabase_project_ref - value: {{ .ProjectRef }} - - name: service_type - value: db - skip_tls_verify: true - - name: postgresql - url: "http://localhost:9187/metrics" - labels_to_attach: - - name: supabase_project_ref - value: {{ .ProjectRef }} - - name: service_type - value: postgresql - - name: gotrue - url: "http://localhost:9122/metrics" - labels_to_attach: - - name: supabase_project_ref - value: {{ .ProjectRef }} - - name: service_type - value: gotrue - - name: postgrest - url: "http://localhost:3001/metrics" - labels_to_attach: - - name: supabase_project_ref - value: {{ .ProjectRef }} - - name: service_type - value: postgrest -monitoring: - disk_usage: - enabled: true -upgrades_config: - region: us-east-1 - s3_bucket_name: supabase-internal-artifacts-prod-bucket - common_prefix: upgrades - destination_dir: /tmp -firewall: - enabled: true - internal_ports: - - 9187 - - 8085 - - 9122 - privileged_ports: - - 22 - privileged_ports_allowlist: - - 0.0.0.0/0 - filtered_ports: - - 5432 - - 6543 - unfiltered_ports: - - 80 - - 443 - managed_rules_file: /etc/nftables/supabase_managed.conf -pg_egress_collect_path: /tmp/pg_egress_collect.txt -health_reporting: - api_url: {{ .SupabaseUrl }} - project_token: {{ .ReportingToken }} - check_services: - # - postgres - # - postgrest diff --git a/docker/all-in-one/etc/fail2ban/filter.d/pgbouncer.conf b/docker/all-in-one/etc/fail2ban/filter.d/pgbouncer.conf deleted file mode 100644 index b2d59c1b3..000000000 --- a/docker/all-in-one/etc/fail2ban/filter.d/pgbouncer.conf +++ /dev/null @@ -1,2 +0,0 @@ -[Definition] -failregex = ^.+@:.+error: password authentication failed$ diff --git a/docker/all-in-one/etc/fail2ban/filter.d/postgresql.conf b/docker/all-in-one/etc/fail2ban/filter.d/postgresql.conf deleted file mode 100644 index 4c708069d..000000000 --- a/docker/all-in-one/etc/fail2ban/filter.d/postgresql.conf +++ /dev/null @@ -1,8 +0,0 @@ -[Definition] -failregex = ^.*,.*,.*,.*,":.*password authentication failed for user.*$ -ignoreregex = ^.*,.*,.*,.*,"127\.0\.0\.1.*password authentication failed for user.*$ - ^.*,.*,.*,.*,":.*password authentication failed for user ""supabase_admin".*$ - ^.*,.*,.*,.*,":.*password authentication failed for user ""supabase_auth_admin".*$ - ^.*,.*,.*,.*,":.*password authentication failed for user ""supabase_storage_admin".*$ - ^.*,.*,.*,.*,":.*password authentication failed for user ""authenticator".*$ - ^.*,.*,.*,.*,":.*password authentication failed for user ""pgbouncer".*$ diff --git a/docker/all-in-one/etc/fail2ban/jail.d/jail.local b/docker/all-in-one/etc/fail2ban/jail.d/jail.local deleted file mode 100644 index 44e8210f1..000000000 --- a/docker/all-in-one/etc/fail2ban/jail.d/jail.local +++ /dev/null @@ -1,4 +0,0 @@ -[DEFAULT] - -banaction = nftables-multiport -banaction_allports = nftables-allports diff --git a/docker/all-in-one/etc/fail2ban/jail.d/pgbouncer.conf b/docker/all-in-one/etc/fail2ban/jail.d/pgbouncer.conf deleted file mode 100644 index c8b3c49c5..000000000 --- a/docker/all-in-one/etc/fail2ban/jail.d/pgbouncer.conf +++ /dev/null @@ -1,7 +0,0 @@ -[pgbouncer] -enabled = true -port = 6543 -protocol = tcp -filter = pgbouncer -logpath = /var/log/services/pgbouncer.log -maxretry = 3 diff --git a/docker/all-in-one/etc/fail2ban/jail.d/postgresql.conf b/docker/all-in-one/etc/fail2ban/jail.d/postgresql.conf deleted file mode 100644 index 0ec1819d6..000000000 --- a/docker/all-in-one/etc/fail2ban/jail.d/postgresql.conf +++ /dev/null @@ -1,8 +0,0 @@ -[postgresql] -enabled = true -port = 5432 -protocol = tcp -filter = postgresql -logpath = /var/log/postgresql/auth-failures.csv -maxretry = 3 -ignoreip = 192.168.0.0/16 172.17.1.0/20 diff --git a/docker/all-in-one/etc/fail2ban/jail.d/sshd.local b/docker/all-in-one/etc/fail2ban/jail.d/sshd.local deleted file mode 100644 index 703373833..000000000 --- a/docker/all-in-one/etc/fail2ban/jail.d/sshd.local +++ /dev/null @@ -1,3 +0,0 @@ -[sshd] - -enabled = false diff --git a/docker/all-in-one/etc/gotrue.env b/docker/all-in-one/etc/gotrue.env deleted file mode 100644 index eb1e1a3c6..000000000 --- a/docker/all-in-one/etc/gotrue.env +++ /dev/null @@ -1,9 +0,0 @@ -API_EXTERNAL_URL=api_external_url -GOTRUE_API_HOST=gotrue_api_host -GOTRUE_SITE_URL=gotrue_site_url -GOTRUE_DB_DRIVER=postgres -GOTRUE_DB_DATABASE_URL=postgres://supabase_auth_admin@localhost/postgres?sslmode=disable -GOTRUE_DB_MIGRATIONS_PATH=/opt/gotrue/migrations -GOTRUE_JWT_ADMIN_ROLES=supabase_admin,service_role -GOTRUE_JWT_AUD=authenticated -GOTRUE_JWT_SECRET=gotrue_jwt_secret diff --git a/docker/all-in-one/etc/kong/kong.conf b/docker/all-in-one/etc/kong/kong.conf deleted file mode 100644 index 47789021b..000000000 --- a/docker/all-in-one/etc/kong/kong.conf +++ /dev/null @@ -1,37 +0,0 @@ -database = off -declarative_config = /etc/kong/kong.yml - -# plugins defined in the dockerfile -plugins = request-transformer,cors,key-auth,basic-auth,http-log,ip-restriction,rate-limiting - -admin_listen = off -proxy_listen = 0.0.0.0:80 reuseport backlog=16384, 0.0.0.0:443 http2 ssl reuseport backlog=16834, [::]:80 reuseport backlog=16384, [::]:443 http2 ssl reuseport backlog=16348 - -nginx_http_log_format = custom_log '$remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" $request_time $request_length' -nginx_http_client_body_buffer_size = 512k -proxy_access_log = off -dns_stale_ttl = 60 -nginx_proxy_proxy_max_temp_file_size = 0 -nginx_proxy_proxy_buffer_size = 128k -nginx_proxy_proxy_buffers = 4 256k -nginx_proxy_proxy_busy_buffers_size = 256k -nginx_proxy_proxy_read_timeout = 120s -nginx_proxy_proxy_ssl_verify = off -nginx_http_gzip=on -nginx_http_gzip_comp_level=6 -nginx_http_gzip_min_length=256 -nginx_http_gzip_proxied=any -nginx_http_gzip_vary=on -nginx_http_gzip_types=text/plain application/xml application/openapi+json application/json - -# the upstream requests will be timed out after 60s idle anyway -# this ensures that we're not unnecessarily cycling them -upstream_keepalive_max_requests = 0 -# the pool size can be (and ought to be) scaled up on larger instances -upstream_keepalive_pool_size = 500 - -nginx_events_use = epoll -# can be tuned to be higher on larger boxes (4096 is totally fine) -nginx_events_worker_connections = 1024 -anonymous_reports = off -headers = latency_tokens diff --git a/docker/all-in-one/etc/kong/kong.yml b/docker/all-in-one/etc/kong/kong.yml deleted file mode 100644 index 9952f9861..000000000 --- a/docker/all-in-one/etc/kong/kong.yml +++ /dev/null @@ -1,94 +0,0 @@ -# ############################################################################################## -# Updating this file also requires a corresponding update in worker/src/lib/config-utils/kong.ts -# ############################################################################################## -_format_version: '1.1' -services: - - { - name: auth-v1-open, - url: 'http://localhost:9999/verify', - routes: [{ name: auth-v1-open, strip_path: true, paths: [/auth/v1/verify] }], - plugins: [{ name: cors }], - } - - { - name: auth-v1-open-callback, - url: 'http://localhost:9999/callback', - routes: [{ name: auth-v1-open-callback, strip_path: true, paths: [/auth/v1/callback] }], - plugins: [{ name: cors }], - } - - { - name: auth-v1-open-authorize, - url: 'http://localhost:9999/authorize', - routes: [{ name: auth-v1-open-authorize, strip_path: true, paths: [/auth/v1/authorize] }], - plugins: [{ name: cors }], - } - - { - name: auth-v1-open-saml, - url: 'http://localhost:9999/sso/saml/', - routes: [{ name: auth-v1-open-saml, strip_path: true, paths: [/auth/v1/sso/saml/] }], - plugins: [{ name: cors }], - } - - { - name: auth-v1-open-well-known, - url: 'http://localhost:9999/.well-known/', - routes: [{ name: auth-v1-open-well-known, strip_path: true, paths: [/auth/v1/.well-known/] }], - plugins: [{ name: cors }], - } - - { - name: auth-v1, - url: 'http://localhost:9999/', - routes: [{ name: auth-v1, strip_path: true, paths: [/auth/v1/] }], - plugins: [{ name: cors }, { name: key-auth, config: { hide_credentials: false } }], - } - - { - name: rest-v1-admin, - url: 'http://localhost:3001/', - routes: [{ name: rest-admin-v1, strip_path: true, paths: [/rest-admin/v1/] }], - plugins: [{ name: cors }, { name: key-auth, config: { hide_credentials: true } }], - } - - { - name: rest-v1, - url: 'http://localhost:3000/', - routes: [{ name: rest-v1, strip_path: true, paths: [/rest/v1/] }], - plugins: [{ name: cors }, { name: key-auth, config: { hide_credentials: true } }], - } - - { - name: graphql-v1, - url: 'http://localhost:3000/rpc/graphql', - routes: [{ name: graphql-v1, strip_path: true, paths: [/graphql/v1] }], - plugins: - [ - { name: cors }, - { name: key-auth, config: { hide_credentials: true } }, - { - name: request-transformer, - config: { add: { headers: [Content-Profile:graphql_public] } }, - }, - ], - } - - { - name: admin-v1, - url: 'https://localhost:8085/', - routes: [{ name: admin-v1, strip_path: true, paths: [/admin/v1/] }], - plugins: [{ name: cors }, { name: key-auth, config: { hide_credentials: false } }], - } - - { - name: admin-v1-user-routes, - url: 'https://localhost:8085/privileged', - routes: [{ name: admin-v1-user-routes, strip_path: true, paths: [/customer/v1/privileged] }], - plugins: [{ name: cors }, { name: basic-auth, config: { hide_credentials: false } }], - } - - { - name: admin-v1-metrics, - url: 'https://localhost:8085/metrics/aggregated', - routes: [{ name: admin-v1-metrics, strip_path: true, paths: [/supabase-internal/metrics] }], - plugins: [{ name: cors }, { name: ip-restriction, config: { allow: [10.0.0.0/8] } }], - } -consumers: - - { username: anon-key, keyauth_credentials: [{ key: anon_key }] } - - { username: service_role-key, keyauth_credentials: [{ key: service_key }] } - - { username: supabase-admin-key, keyauth_credentials: [{ key: supabase_admin_key }] } -basicauth_credentials: - - consumer: service_role-key - username: 'service_role' - password: service_key -plugins: [] diff --git a/docker/all-in-one/etc/logrotate.d/postgresql.conf b/docker/all-in-one/etc/logrotate.d/postgresql.conf deleted file mode 100644 index 6e2b8828a..000000000 --- a/docker/all-in-one/etc/logrotate.d/postgresql.conf +++ /dev/null @@ -1,11 +0,0 @@ -/var/log/postgresql/postgresql.csv { - size 50M - rotate 4 - compress - delaycompress - notifempty - missingok - postrotate - sudo -u postgres /usr/lib/postgresql/15/bin/pg_ctl -D /var/lib/postgresql/data logrotate - endscript -} diff --git a/docker/all-in-one/etc/logrotate.d/walg.conf b/docker/all-in-one/etc/logrotate.d/walg.conf deleted file mode 100644 index 49eeb59eb..000000000 --- a/docker/all-in-one/etc/logrotate.d/walg.conf +++ /dev/null @@ -1,9 +0,0 @@ -/var/log/wal-g/*.log { - size 50M - rotate 3 - copytruncate - delaycompress - compress - notifempty - missingok -} diff --git a/docker/all-in-one/etc/pgbouncer-custom/custom-overrides.ini b/docker/all-in-one/etc/pgbouncer-custom/custom-overrides.ini deleted file mode 100644 index e69de29bb..000000000 diff --git a/docker/all-in-one/etc/pgbouncer-custom/generated-optimizations.ini b/docker/all-in-one/etc/pgbouncer-custom/generated-optimizations.ini deleted file mode 100644 index e69de29bb..000000000 diff --git a/docker/all-in-one/etc/pgbouncer-custom/ssl-config.ini b/docker/all-in-one/etc/pgbouncer-custom/ssl-config.ini deleted file mode 100644 index 69a802500..000000000 --- a/docker/all-in-one/etc/pgbouncer-custom/ssl-config.ini +++ /dev/null @@ -1,4 +0,0 @@ -client_tls_sslmode = allow -client_tls_ca_file = /etc/ssl/certs/postgres/ca.crt -client_tls_key_file = /etc/ssl/private/server.key -client_tls_cert_file = /etc/ssl/certs/postgres/server.crt diff --git a/docker/all-in-one/etc/pgbouncer/pgbouncer.ini b/docker/all-in-one/etc/pgbouncer/pgbouncer.ini deleted file mode 100644 index 5a36ac197..000000000 --- a/docker/all-in-one/etc/pgbouncer/pgbouncer.ini +++ /dev/null @@ -1,363 +0,0 @@ -;;; -;;; PgBouncer configuration file -;;; - -;; database name = connect string -;; -;; connect string params: -;; dbname= host= port= user= password= auth_user= -;; client_encoding= datestyle= timezone= -;; pool_size= reserve_pool= max_db_connections= -;; pool_mode= connect_query= application_name= -[databases] -* = host=localhost auth_user=pgbouncer - -;; foodb over Unix socket -;foodb = - -;; redirect bardb to bazdb on localhost -;bardb = host=localhost dbname=bazdb - -;; access to dest database will go with single user -;forcedb = host=localhost port=300 user=baz password=foo client_encoding=UNICODE datestyle=ISO connect_query='SELECT 1' - -;; use custom pool sizes -;nondefaultdb = pool_size=50 reserve_pool=10 - -;; use auth_user with auth_query if user not present in auth_file -;; auth_user must exist in auth_file -; foodb = auth_user=bar - -;; fallback connect string -;* = host=testserver - -;; User-specific configuration -[users] - -;user1 = pool_mode=transaction max_user_connections=10 - -;; Configuration section -[pgbouncer] - -;;; -;;; Administrative settings -;;; - -pidfile = /var/run/pgbouncer/pgbouncer.pid - -;;; -;;; Where to wait for clients -;;; - -;; IP address or * which means all IPs -listen_addr = * -listen_port = 6543 - -;; Unix socket is also used for -R. -;; On Debian it should be /var/run/postgresql -unix_socket_dir = /tmp -;unix_socket_mode = 0777 -;unix_socket_group = - -;;; -;;; TLS settings for accepting clients -;;; - -;; disable, allow, require, verify-ca, verify-full -;client_tls_sslmode = disable - -;; Path to file that contains trusted CA certs -;client_tls_ca_file = - -;; Private key and cert to present to clients. -;; Required for accepting TLS connections from clients. -;client_tls_key_file = -;client_tls_cert_file = - -;; fast, normal, secure, legacy, -;client_tls_ciphers = fast - -;; all, secure, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3 -;client_tls_protocols = secure - -;; none, auto, legacy -;client_tls_dheparams = auto - -;; none, auto, -;client_tls_ecdhcurve = auto - -;;; -;;; TLS settings for connecting to backend databases -;;; - -;; disable, allow, require, verify-ca, verify-full -;server_tls_sslmode = disable - -;; Path to that contains trusted CA certs -;server_tls_ca_file = - -;; Private key and cert to present to backend. -;; Needed only if backend server require client cert. -;server_tls_key_file = -;server_tls_cert_file = - -;; all, secure, tlsv1.0, tlsv1.1, tlsv1.2, tlsv1.3 -;server_tls_protocols = secure - -;; fast, normal, secure, legacy, -;server_tls_ciphers = fast - -;;; -;;; Authentication settings -;;; - -;; any, trust, plain, md5, cert, hba, pam -auth_type = scram-sha-256 -auth_file = /etc/pgbouncer/userlist.txt - -;; Path to HBA-style auth config -;auth_hba_file = - -;; Query to use to fetch password from database. Result -;; must have 2 columns - username and password hash. -auth_query = SELECT * FROM pgbouncer.get_auth($1) - -;;; -;;; Users allowed into database 'pgbouncer' -;;; - -;; comma-separated list of users who are allowed to change settings -admin_users = pgbouncer - -;; comma-separated list of users who are just allowed to use SHOW command -stats_users = pgbouncer - -;;; -;;; Pooler personality questions -;;; - -;; When server connection is released back to pool: -;; session - after client disconnects (default) -;; transaction - after transaction finishes -;; statement - after statement finishes -pool_mode = transaction - -;; Query for cleaning connection immediately after releasing from -;; client. No need to put ROLLBACK here, pgbouncer does not reuse -;; connections where transaction is left open. -;server_reset_query = DISCARD ALL - -;; Whether server_reset_query should run in all pooling modes. If it -;; is off, server_reset_query is used only for session-pooling. -;server_reset_query_always = 0 - -;; Comma-separated list of parameters to ignore when given in startup -;; packet. Newer JDBC versions require the extra_float_digits here. -ignore_startup_parameters = extra_float_digits - -;; When taking idle server into use, this query is run first. -;server_check_query = select 1 - -;; If server was used more recently that this many seconds ago, -; skip the check query. Value 0 may or may not run in immediately. -;server_check_delay = 30 - -;; Close servers in session pooling mode after a RECONNECT, RELOAD, -;; etc. when they are idle instead of at the end of the session. -;server_fast_close = 0 - -;; Use as application_name on server. -;application_name_add_host = 0 - -;; Period for updating aggregated stats. -;stats_period = 60 - -;;; -;;; Connection limits -;;; - -;; Total number of clients that can connect -;max_client_conn = 100 - -;; Default pool size. 20 is good number when transaction pooling -;; is in use, in session pooling it needs to be the number of -;; max clients you want to handle at any moment -default_pool_size = 15 - -;; Minimum number of server connections to keep in pool. -;min_pool_size = 0 - -; how many additional connection to allow in case of trouble -;reserve_pool_size = 0 - -;; If a clients needs to wait more than this many seconds, use reserve -;; pool. -;reserve_pool_timeout = 5 - -;; Maximum number of server connections for a database -;max_db_connections = 0 - -;; Maximum number of server connections for a user -;max_user_connections = 0 - -;; If off, then server connections are reused in LIFO manner -;server_round_robin = 0 - -;;; -;;; Logging -;;; - -;; Syslog settings -;syslog = 0 -;syslog_facility = daemon -;syslog_ident = pgbouncer - -;; log if client connects or server connection is made -;log_connections = 1 - -;; log if and why connection was closed -;log_disconnections = 1 - -;; log error messages pooler sends to clients -;log_pooler_errors = 1 - -;; write aggregated stats into log -;log_stats = 1 - -;; Logging verbosity. Same as -v switch on command line. -;verbose = 0 - -;;; -;;; Timeouts -;;; - -;; Close server connection if its been connected longer. -;server_lifetime = 3600 - -;; Close server connection if its not been used in this time. Allows -;; to clean unnecessary connections from pool after peak. -;server_idle_timeout = 600 - -;; Cancel connection attempt if server does not answer takes longer. -;server_connect_timeout = 15 - -;; If server login failed (server_connect_timeout or auth failure) -;; then wait this many second. -;server_login_retry = 15 - -;; Dangerous. Server connection is closed if query does not return in -;; this time. Should be used to survive network problems, _not_ as -;; statement_timeout. (default: 0) -;query_timeout = 0 - -;; Dangerous. Client connection is closed if the query is not -;; assigned to a server in this time. Should be used to limit the -;; number of queued queries in case of a database or network -;; failure. (default: 120) -;query_wait_timeout = 120 - -;; Dangerous. Client connection is closed if no activity in this -;; time. Should be used to survive network problems. (default: 0) -;client_idle_timeout = 0 - -;; Disconnect clients who have not managed to log in after connecting -;; in this many seconds. -;client_login_timeout = 60 - -;; Clean automatically created database entries (via "*") if they stay -;; unused in this many seconds. -; autodb_idle_timeout = 3600 - -;; Close connections which are in "IDLE in transaction" state longer -;; than this many seconds. -;idle_transaction_timeout = 0 - -;; How long SUSPEND/-R waits for buffer flush before closing -;; connection. -;suspend_timeout = 10 - -;;; -;;; Low-level tuning options -;;; - -;; buffer for streaming packets -;pkt_buf = 4096 - -;; man 2 listen -;listen_backlog = 128 - -;; Max number pkt_buf to process in one event loop. -;sbuf_loopcnt = 5 - -;; Maximum PostgreSQL protocol packet size. -;max_packet_size = 2147483647 - -;; Set SO_REUSEPORT socket option -;so_reuseport = 0 - -;; networking options, for info: man 7 tcp - -;; Linux: Notify program about new connection only if there is also -;; data received. (Seconds to wait.) On Linux the default is 45, on -;; other OS'es 0. -;tcp_defer_accept = 0 - -;; In-kernel buffer size (Linux default: 4096) -;tcp_socket_buffer = 0 - -;; whether tcp keepalive should be turned on (0/1) -;tcp_keepalive = 1 - -;; The following options are Linux-specific. They also require -;; tcp_keepalive=1. - -;; Count of keepalive packets -;tcp_keepcnt = 0 - -;; How long the connection can be idle before sending keepalive -;; packets -;tcp_keepidle = 0 - -;; The time between individual keepalive probes -;tcp_keepintvl = 0 - -;; How long may transmitted data remain unacknowledged before TCP -;; connection is closed (in milliseconds) -;tcp_user_timeout = 0 - -;; DNS lookup caching time -;dns_max_ttl = 15 - -;; DNS zone SOA lookup period -;dns_zone_check_period = 0 - -;; DNS negative result caching time -;dns_nxdomain_ttl = 15 - -;; Custom resolv.conf file, to set custom DNS servers or other options -;; (default: empty = use OS settings) -;resolv_conf = /etc/pgbouncer/resolv.conf - -;;; -;;; Random stuff -;;; - -;; Hackish security feature. Helps against SQL injection: when PQexec -;; is disabled, multi-statement cannot be made. -;disable_pqexec = 0 - -;; Config file to use for next RELOAD/SIGHUP -;; By default contains config file from command line. -;conffile - -;; Windows service name to register as. job_name is alias for -;; service_name, used by some Skytools scripts. -;service_name = pgbouncer -;job_name = pgbouncer - -;; Read additional config from other file -;%include /etc/pgbouncer/pgbouncer-other.ini - -%include /etc/pgbouncer-custom/generated-optimizations.ini -%include /etc/pgbouncer-custom/custom-overrides.ini -# %include /etc/pgbouncer-custom/ssl-config.ini diff --git a/docker/all-in-one/etc/pgbouncer/userlist.txt b/docker/all-in-one/etc/pgbouncer/userlist.txt deleted file mode 100644 index e69de29bb..000000000 diff --git a/docker/all-in-one/etc/postgresql-custom/custom-overrides.conf b/docker/all-in-one/etc/postgresql-custom/custom-overrides.conf deleted file mode 100644 index e69de29bb..000000000 diff --git a/docker/all-in-one/etc/postgresql-custom/generated-optimizations.conf b/docker/all-in-one/etc/postgresql-custom/generated-optimizations.conf deleted file mode 100644 index e69de29bb..000000000 diff --git a/docker/all-in-one/etc/postgresql-custom/postgresql-platform-defaults.conf b/docker/all-in-one/etc/postgresql-custom/postgresql-platform-defaults.conf deleted file mode 100644 index 51d34a13a..000000000 --- a/docker/all-in-one/etc/postgresql-custom/postgresql-platform-defaults.conf +++ /dev/null @@ -1,7 +0,0 @@ -# these get imported _after_ the user specified overrides -row_security = on -wal_level = logical -log_connections = on -statement_timeout = 120000 -jit = off -pgaudit.log = 'ddl' diff --git a/docker/all-in-one/etc/postgresql.schema.sql b/docker/all-in-one/etc/postgresql.schema.sql deleted file mode 100644 index 475b09bb9..000000000 --- a/docker/all-in-one/etc/postgresql.schema.sql +++ /dev/null @@ -1,16 +0,0 @@ -\set admin_pass `echo "${SUPABASE_ADMIN_PASSWORD:-$POSTGRES_PASSWORD}"` -\set pgrst_pass `echo "${AUTHENTICATOR_PASSWORD:-$POSTGRES_PASSWORD}"` -\set pgbouncer_pass `echo "${PGBOUNCER_PASSWORD:-$POSTGRES_PASSWORD}"` -\set auth_pass `echo "${SUPABASE_AUTH_ADMIN_PASSWORD:-$POSTGRES_PASSWORD}"` -\set storage_pass `echo "${SUPABASE_STORAGE_ADMIN_PASSWORD:-$POSTGRES_PASSWORD}"` -\set replication_pass `echo "${SUPABASE_REPLICATION_ADMIN_PASSWORD:-$POSTGRES_PASSWORD}"` -\set read_only_pass `echo "${SUPABASE_READ_ONLY_USER_PASSWORD:-$POSTGRES_PASSWORD}"` - -ALTER USER supabase_admin WITH PASSWORD :'admin_pass'; -ALTER USER authenticator WITH PASSWORD :'pgrst_pass'; -ALTER USER pgbouncer WITH PASSWORD :'pgbouncer_pass'; -ALTER USER supabase_auth_admin WITH PASSWORD :'auth_pass'; -ALTER USER supabase_storage_admin WITH PASSWORD :'storage_pass'; -ALTER USER supabase_replication_admin WITH PASSWORD :'replication_pass'; -ALTER ROLE supabase_read_only_user WITH PASSWORD :'read_only_pass'; -ALTER ROLE supabase_admin SET search_path TO "$user",public,auth,extensions; diff --git a/docker/all-in-one/etc/postgresql/logging.conf b/docker/all-in-one/etc/postgresql/logging.conf deleted file mode 100644 index b8d64da51..000000000 --- a/docker/all-in-one/etc/postgresql/logging.conf +++ /dev/null @@ -1,33 +0,0 @@ -# - Where to Log - - -log_destination = 'csvlog' # Valid values are combinations of - # stderr, csvlog, syslog, and eventlog, - # depending on platform. csvlog - # requires logging_collector to be on. - -# This is used when logging to stderr: -logging_collector = on # Enable capturing of stderr and csvlog - # into log files. Required to be on for - # csvlogs. - # (change requires restart) - -# These are only used if logging_collector is on: -log_directory = '/var/log/postgresql' # directory where log files are written, - # can be absolute or relative to PGDATA -log_filename = 'postgresql.log' # log file name pattern, - # can include strftime() escapes -log_file_mode = 0640 # creation mode for log files, - # begin with 0 to use octal notation -log_rotation_age = 0 # Automatic rotation of logfiles will - # happen after that time. 0 disables. -log_rotation_size = 0 # Automatic rotation of logfiles will - # happen after that much log output. - # 0 disables. -#log_truncate_on_rotation = off # If on, an existing log file with the - # same name as the new log file will be - # truncated rather than appended to. - # But such truncation only occurs on - # time-driven rotation, not on restarts - # or size-driven rotation. Default is - # off, meaning append to existing files - # in all cases. diff --git a/docker/all-in-one/etc/postgresql/pg_hba.conf b/docker/all-in-one/etc/postgresql/pg_hba.conf deleted file mode 100755 index 9cafd4146..000000000 --- a/docker/all-in-one/etc/postgresql/pg_hba.conf +++ /dev/null @@ -1,94 +0,0 @@ -# PostgreSQL Client Authentication Configuration File -# =================================================== -# -# Refer to the "Client Authentication" section in the PostgreSQL -# documentation for a complete description of this file. A short -# synopsis follows. -# -# This file controls: which hosts are allowed to connect, how clients -# are authenticated, which PostgreSQL user names they can use, which -# databases they can access. Records take one of these forms: -# -# local DATABASE USER METHOD [OPTIONS] -# host DATABASE USER ADDRESS METHOD [OPTIONS] -# hostssl DATABASE USER ADDRESS METHOD [OPTIONS] -# hostnossl DATABASE USER ADDRESS METHOD [OPTIONS] -# hostgssenc DATABASE USER ADDRESS METHOD [OPTIONS] -# hostnogssenc DATABASE USER ADDRESS METHOD [OPTIONS] -# -# (The uppercase items must be replaced by actual values.) -# -# The first field is the connection type: "local" is a Unix-domain -# socket, "host" is either a plain or SSL-encrypted TCP/IP socket, -# "hostssl" is an SSL-encrypted TCP/IP socket, and "hostnossl" is a -# non-SSL TCP/IP socket. Similarly, "hostgssenc" uses a -# GSSAPI-encrypted TCP/IP socket, while "hostnogssenc" uses a -# non-GSSAPI socket. -# -# DATABASE can be "all", "sameuser", "samerole", "replication", a -# database name, or a comma-separated list thereof. The "all" -# keyword does not match "replication". Access to replication -# must be enabled in a separate record (see example below). -# -# USER can be "all", a user name, a group name prefixed with "+", or a -# comma-separated list thereof. In both the DATABASE and USER fields -# you can also write a file name prefixed with "@" to include names -# from a separate file. -# -# ADDRESS specifies the set of hosts the record matches. It can be a -# host name, or it is made up of an IP address and a CIDR mask that is -# an integer (between 0 and 32 (IPv4) or 128 (IPv6) inclusive) that -# specifies the number of significant bits in the mask. A host name -# that starts with a dot (.) matches a suffix of the actual host name. -# Alternatively, you can write an IP address and netmask in separate -# columns to specify the set of hosts. Instead of a CIDR-address, you -# can write "samehost" to match any of the server's own IP addresses, -# or "samenet" to match any address in any subnet that the server is -# directly connected to. -# -# METHOD can be "trust", "reject", "md5", "password", "scram-sha-256", -# "gss", "sspi", "ident", "peer", "pam", "ldap", "radius" or "cert". -# Note that "password" sends passwords in clear text; "md5" or -# "scram-sha-256" are preferred since they send encrypted passwords. -# -# OPTIONS are a set of options for the authentication in the format -# NAME=VALUE. The available options depend on the different -# authentication methods -- refer to the "Client Authentication" -# section in the documentation for a list of which options are -# available for which authentication methods. -# -# Database and user names containing spaces, commas, quotes and other -# special characters must be quoted. Quoting one of the keywords -# "all", "sameuser", "samerole" or "replication" makes the name lose -# its special character, and just match a database or username with -# that name. -# -# This file is read on server startup and when the server receives a -# SIGHUP signal. If you edit the file on a running system, you have to -# SIGHUP the server for the changes to take effect, run "pg_ctl reload", -# or execute "SELECT pg_reload_conf()". -# -# Put your actual configuration here -# ---------------------------------- -# -# If you want to allow non-local connections, you need to add more -# "host" records. In that case you will also need to make PostgreSQL -# listen on a non-local interface via the listen_addresses -# configuration parameter, or via the -i or -h command line switches. - -# TYPE DATABASE USER ADDRESS METHOD - -# trust local connections -local all supabase_admin scram-sha-256 -local all all peer map=supabase_map -host all all 127.0.0.1/32 trust -host all all ::1/128 trust - -# IPv4 external connections -host all all 10.0.0.0/8 scram-sha-256 -host all all 172.16.0.0/12 scram-sha-256 -host all all 192.168.0.0/16 scram-sha-256 -host all all 0.0.0.0/0 scram-sha-256 - -# IPv6 external connections -host all all ::0/0 scram-sha-256 diff --git a/docker/all-in-one/etc/postgrest/base.conf b/docker/all-in-one/etc/postgrest/base.conf deleted file mode 100644 index e5120ede6..000000000 --- a/docker/all-in-one/etc/postgrest/base.conf +++ /dev/null @@ -1,7 +0,0 @@ -server-port="pgrst_server_port" -admin-server-port="pgrst_admin_server_port" -db-schema="pgrst_db_schemas" -db-extra-search-path="pgrst_db_extra_search_path" -db-anon-role="pgrst_db_anon_role" -jwt-secret="pgrst_jwt_secret" -db-uri="postgres://authenticator@localhost:5432/postgres?application_name=postgrest" diff --git a/docker/all-in-one/etc/postgrest/bootstrap.sh b/docker/all-in-one/etc/postgrest/bootstrap.sh deleted file mode 100755 index 9ac21d201..000000000 --- a/docker/all-in-one/etc/postgrest/bootstrap.sh +++ /dev/null @@ -1,8 +0,0 @@ -#! /usr/bin/env bash -set -euo pipefail -set -x - -cd "$(dirname "$0")" -cat $@ > merged.conf - -/opt/postgrest merged.conf diff --git a/docker/all-in-one/etc/postgrest/generated.conf b/docker/all-in-one/etc/postgrest/generated.conf deleted file mode 100644 index e69de29bb..000000000 diff --git a/docker/all-in-one/etc/salt/minion b/docker/all-in-one/etc/salt/minion deleted file mode 100644 index 29d840696..000000000 --- a/docker/all-in-one/etc/salt/minion +++ /dev/null @@ -1,71 +0,0 @@ -# Minions can connect to multiple masters simultaneously (all masters -# are "hot"), or can be configured to failover if a master becomes -# unavailable. Multiple hot masters are configured by setting this -# value to "str". Failover masters can be requested by setting -# to "failover". MAKE SURE TO SET master_alive_interval if you are -# using failover. -# Setting master_type to 'disable' lets you have a running minion (with engines and -# beacons) without a master connection -master_type: disable - -# The minion can locally cache the return data from jobs sent to it, this -# can be a good way to keep track of jobs the minion has executed -# (on the minion side). By default this feature is disabled, to enable, set -# cache_jobs to True. -cache_jobs: True - -# The minion can take a while to start up when lspci and/or dmidecode is used -# to populate the grains for the minion. Set this to False if you do not need -# GPU hardware grains for your minion. -enable_gpu_grains: False - -# Backup files that are replaced by file.managed and file.recurse under -# 'cachedir'/file_backup relative to their original location and appended -# with a timestamp. The only valid setting is "minion". Disabled by default. -# -# Alternatively this can be specified for each file in state files: -# /etc/ssh/sshd_config: -# file.managed: -# - source: salt://ssh/sshd_config -# - backup: minion -# -backup_mode: minion - -##### File Directory Settings ##### -########################################## -# The Salt Minion can redirect all file server operations to a local directory, -# this allows for the same state tree that is on the master to be used if -# copied completely onto the minion. This is a literal copy of the settings on -# the master but used to reference a local directory on the minion. - -# Set the file client. The client defaults to looking on the master server for -# files, but can be directed to look at the local file directory setting -# defined below by setting it to "local". Setting a local file_client runs the -# minion in masterless mode. -file_client: local - -# The file directory works on environments passed to the minion, each environment -# can have multiple root directories, the subdirectories in the multiple file -# roots cannot match, otherwise the downloaded files will not be able to be -# reliably ensured. A base environment is required to house the top file. -# Example: -# file_roots: -# base: -# - /srv/salt/ -# dev: -# - /srv/salt/dev/services -# - /srv/salt/dev/states -# prod: -# - /srv/salt/prod/services -# - /srv/salt/prod/states -# -file_roots: - base: - - /data/salt/state - -# The Salt pillar is searched for locally if file_client is set to local. If -# this is the case, and pillar data is defined, then the pillar_roots need to -# also be configured on the minion: -pillar_roots: - base: - - /data/salt/pillar diff --git a/docker/all-in-one/etc/sudoers.d/adminapi b/docker/all-in-one/etc/sudoers.d/adminapi deleted file mode 100644 index eeff5fb9c..000000000 --- a/docker/all-in-one/etc/sudoers.d/adminapi +++ /dev/null @@ -1,27 +0,0 @@ -Cmnd_Alias ENVOY = /usr/bin/supervisorctl start services\:envoy, /usr/bin/supervisorctl stop services\:envoy, /usr/bin/supervisorctl restart services\:envoy, /usr/bin/supervisorctl status services\:envoy -Cmnd_Alias KONG = /usr/bin/supervisorctl start services\:kong, /usr/bin/supervisorctl stop services\:kong, /usr/bin/supervisorctl restart services\:kong, /usr/bin/supervisorctl status services\:kong -Cmnd_Alias POSTGREST = /usr/bin/supervisorctl start services\:postgrest, /usr/bin/supervisorctl stop services\:postgrest, /usr/bin/supervisorctl restart services\:postgrest, /usr/bin/supervisorctl status services\:postgrest -Cmnd_Alias GOTRUE = /usr/bin/supervisorctl start services\:gotrue, /usr/bin/supervisorctl stop services\:gotrue, /usr/bin/supervisorctl restart services\:gotrue, /usr/bin/supervisorctl status services\:gotrue -Cmnd_Alias PGBOUNCER = /usr/bin/supervisorctl start pgbouncer, /usr/bin/supervisorctl stop pgbouncer, /usr/bin/supervisorctl restart pgbouncer, /usr/bin/supervisorctl status pgbouncer - -%adminapi ALL= NOPASSWD: /root/grow_fs.sh -%adminapi ALL= NOPASSWD: /root/manage_readonly_mode.sh -%adminapi ALL= NOPASSWD: /etc/adminapi/pg_upgrade_scripts/prepare.sh -%adminapi ALL= NOPASSWD: /etc/adminapi/pg_upgrade_scripts/initiate.sh -%adminapi ALL= NOPASSWD: /etc/adminapi/pg_upgrade_scripts/complete.sh -%adminapi ALL= NOPASSWD: /etc/adminapi/pg_upgrade_scripts/check.sh -%adminapi ALL= NOPASSWD: /etc/adminapi/pg_upgrade_scripts/common.sh -%adminapi ALL= NOPASSWD: /etc/adminapi/pg_upgrade_scripts/pgsodium_getkey.sh -%adminapi ALL= NOPASSWD: /usr/bin/supervisorctl reread -%adminapi ALL= NOPASSWD: /usr/bin/supervisorctl update -%adminapi ALL= NOPASSWD: /usr/bin/supervisorctl restart postgresql -%adminapi ALL= NOPASSWD: /usr/bin/supervisorctl status postgresql -%adminapi ALL= NOPASSWD: /usr/bin/supervisorctl restart adminapi -%adminapi ALL= NOPASSWD: /usr/bin/supervisorctl restart services\:* -%adminapi ALL= NOPASSWD: /usr/sbin/nft -f /etc/nftables/supabase_managed.conf -%adminapi ALL= NOPASSWD: /usr/bin/admin-mgr -%adminapi ALL= NOPASSWD: ENVOY -%adminapi ALL= NOPASSWD: KONG -%adminapi ALL= NOPASSWD: POSTGREST -%adminapi ALL= NOPASSWD: GOTRUE -%adminapi ALL= NOPASSWD: PGBOUNCER diff --git a/docker/all-in-one/etc/supa-shutdown/shutdown.conf b/docker/all-in-one/etc/supa-shutdown/shutdown.conf deleted file mode 100644 index 384b9357f..000000000 --- a/docker/all-in-one/etc/supa-shutdown/shutdown.conf +++ /dev/null @@ -1 +0,0 @@ -SHUTDOWN_IDLE_TIME_MINUTES= diff --git a/docker/all-in-one/etc/supervisor/base-services/adminapi.conf b/docker/all-in-one/etc/supervisor/base-services/adminapi.conf deleted file mode 100644 index 66b591f80..000000000 --- a/docker/all-in-one/etc/supervisor/base-services/adminapi.conf +++ /dev/null @@ -1,10 +0,0 @@ -[program:adminapi] -command=/opt/supabase-admin-api -user=adminapi -autorestart=true -autostart=true -startretries=1000 -stdout_logfile=/var/log/services/adminapi.log -redirect_stderr=true -stdout_logfile_maxbytes=10MB -priority=50 diff --git a/docker/all-in-one/etc/supervisor/base-services/logrotate.conf b/docker/all-in-one/etc/supervisor/base-services/logrotate.conf deleted file mode 100644 index a1ccea647..000000000 --- a/docker/all-in-one/etc/supervisor/base-services/logrotate.conf +++ /dev/null @@ -1,11 +0,0 @@ -[program:logrotate] -command=/usr/local/bin/run-logrotate.sh -autostart=true -autorestart=true -user=root -startretries=1000 -stdout_logfile=/var/log/services/logrotate.log -redirect_stderr=true -stdout_logfile_maxbytes=10MB -priority=50 -environment=DATA_VOLUME_MOUNTPOINT="%(ENV_DATA_VOLUME_MOUNTPOINT)s" diff --git a/docker/all-in-one/etc/supervisor/base-services/lsn-checkpoint-push.conf b/docker/all-in-one/etc/supervisor/base-services/lsn-checkpoint-push.conf deleted file mode 100644 index 36abcf867..000000000 --- a/docker/all-in-one/etc/supervisor/base-services/lsn-checkpoint-push.conf +++ /dev/null @@ -1,10 +0,0 @@ -[program:lsn-checkpoint-push] -command=/usr/bin/admin-mgr lsn-checkpoint-push --watch -user=root -autorestart=false -autostart=false -startretries=1000 -stdout_logfile=/var/log/services/lsn-push.log -redirect_stderr=true -stdout_logfile_maxbytes=10MB -priority=50 diff --git a/docker/all-in-one/etc/supervisor/base-services/pg_egress_collect.conf b/docker/all-in-one/etc/supervisor/base-services/pg_egress_collect.conf deleted file mode 100644 index d340a9c93..000000000 --- a/docker/all-in-one/etc/supervisor/base-services/pg_egress_collect.conf +++ /dev/null @@ -1,10 +0,0 @@ -[program:pg_egress_collect] -command=/bin/bash -c "tcpdump -s 128 -Q out -nn -tt -vv -p -l 'tcp and (port 5432 or port 6543)' | perl /opt/pg_egress_collect/pg_egress_collect.pl" -user=root -autorestart=true -autostart=true -startretries=1000 -stdout_logfile=/var/log/services/pg_egress_collect.log -redirect_stderr=true -stdout_logfile_maxbytes=10MB -priority=50 diff --git a/docker/all-in-one/etc/supervisor/base-services/postgresql.conf b/docker/all-in-one/etc/supervisor/base-services/postgresql.conf deleted file mode 100644 index b9dbe0228..000000000 --- a/docker/all-in-one/etc/supervisor/base-services/postgresql.conf +++ /dev/null @@ -1,13 +0,0 @@ -[program:postgresql] -command=/usr/local/bin/postgres-entrypoint.sh postgres -D /etc/postgresql -user=postgres -stopsignal=INT -autorestart=true -autostart=true -startretries=1000 -priority=1 -# Inherit env vars from https://github.com/supabase/postgres/blob/develop/Dockerfile#L800 -environment=POSTGRES_PASSWORD="%(ENV_POSTGRES_PASSWORD)s",POSTGRES_HOST="%(ENV_POSTGRES_HOST)s",HOME="/var/lib/postgresql" -stdout_logfile=/var/log/postgresql/init.log -redirect_stderr=true -stdout_logfile_maxbytes=10MB diff --git a/docker/all-in-one/etc/supervisor/base-services/supa-shutdown.conf b/docker/all-in-one/etc/supervisor/base-services/supa-shutdown.conf deleted file mode 100644 index 06b24a7b5..000000000 --- a/docker/all-in-one/etc/supervisor/base-services/supa-shutdown.conf +++ /dev/null @@ -1,11 +0,0 @@ -[program:supa-shutdown] -command=/usr/local/bin/supa-shutdown.sh -user=root -autorestart=true -autostart=false -startretries=1000 -stdout_logfile=/var/log/services/supa-shutdown.log -redirect_stderr=true -stdout_logfile_maxbytes=10MB -priority=50 -environment=MAX_IDLE_TIME_MINUTES="%(ENV_MAX_IDLE_TIME_MINUTES)s" diff --git a/docker/all-in-one/etc/supervisor/services/envoy.conf b/docker/all-in-one/etc/supervisor/services/envoy.conf deleted file mode 100644 index 2b33807a6..000000000 --- a/docker/all-in-one/etc/supervisor/services/envoy.conf +++ /dev/null @@ -1,10 +0,0 @@ -[program:envoy] -command=/opt/envoy-hot-restarter.py /opt/start-envoy.sh -user=envoy -autorestart=true -autostart=false -stopasgroup=true -startretries=1000 -stdout_logfile=/var/log/services/envoy.log -redirect_stderr=true -stdout_logfile_maxbytes=10MB diff --git a/docker/all-in-one/etc/supervisor/services/exporter.conf b/docker/all-in-one/etc/supervisor/services/exporter.conf deleted file mode 100644 index 36979588f..000000000 --- a/docker/all-in-one/etc/supervisor/services/exporter.conf +++ /dev/null @@ -1,11 +0,0 @@ -[program:exporter] -command=/opt/postgres_exporter/postgres_exporter --disable-settings-metrics --extend.query-path=/opt/postgres_exporter/queries.yml --disable-default-metrics --no-collector.locks --no-collector.replication --no-collector.replication_slot --no-collector.stat_bgwriter --no-collector.stat_database --no-collector.stat_user_tables --no-collector.statio_user_tables --no-collector.wal -user=root -autorestart=true -autostart=true -startretries=1000 -environment=DATA_SOURCE_NAME="host=localhost dbname=postgres sslmode=disable user=supabase_admin pg_stat_statements.track=none application_name=postgres_exporter" -stdout_logfile=/var/log/services/exporter.log -redirect_stderr=true -stdout_logfile_maxbytes=10MB -priority=150 diff --git a/docker/all-in-one/etc/supervisor/services/fail2ban.conf b/docker/all-in-one/etc/supervisor/services/fail2ban.conf deleted file mode 100644 index 8000386dc..000000000 --- a/docker/all-in-one/etc/supervisor/services/fail2ban.conf +++ /dev/null @@ -1,9 +0,0 @@ -[program:fail2ban] -command=/usr/bin/fail2ban-client -f start -user=root -autorestart=true -autostart=true -stdout_logfile=/var/log/services/fail2ban.log -redirect_stderr=true -stdout_logfile_maxbytes=10MB -priority=200 diff --git a/docker/all-in-one/etc/supervisor/services/gotrue.conf b/docker/all-in-one/etc/supervisor/services/gotrue.conf deleted file mode 100644 index 679057ee8..000000000 --- a/docker/all-in-one/etc/supervisor/services/gotrue.conf +++ /dev/null @@ -1,10 +0,0 @@ -[program:gotrue] -directory=/opt/gotrue -command=/opt/gotrue/gotrue --config /etc/gotrue.env -user=gotrue -startretries=1000 -autorestart=true -autostart=true -stdout_logfile=/var/log/services/gotrue.log -redirect_stderr=true -stdout_logfile_maxbytes=10MB diff --git a/docker/all-in-one/etc/supervisor/services/group.conf b/docker/all-in-one/etc/supervisor/services/group.conf deleted file mode 100644 index ef6673d59..000000000 --- a/docker/all-in-one/etc/supervisor/services/group.conf +++ /dev/null @@ -1,3 +0,0 @@ -[group:services] -programs=gotrue,kong,postgrest -priority=100 diff --git a/docker/all-in-one/etc/supervisor/services/kong.conf b/docker/all-in-one/etc/supervisor/services/kong.conf deleted file mode 100644 index 04f5219a8..000000000 --- a/docker/all-in-one/etc/supervisor/services/kong.conf +++ /dev/null @@ -1,11 +0,0 @@ -[program:kong] -command=/init/start-kong.sh -user=kong -autorestart=true -autostart=true -stopasgroup=true -startretries=1000 -environment=KONG_NGINX_DAEMON="off" -stdout_logfile=/var/log/services/kong.log -redirect_stderr=true -stdout_logfile_maxbytes=10MB diff --git a/docker/all-in-one/etc/supervisor/services/pgbouncer.conf b/docker/all-in-one/etc/supervisor/services/pgbouncer.conf deleted file mode 100644 index 6926c34bc..000000000 --- a/docker/all-in-one/etc/supervisor/services/pgbouncer.conf +++ /dev/null @@ -1,10 +0,0 @@ -[program:pgbouncer] -command=/usr/sbin/pgbouncer /etc/pgbouncer/pgbouncer.ini -user=pgbouncer -stopsignal=INT -autorestart=false -autostart=false -stdout_logfile=/var/log/services/pgbouncer.log -redirect_stderr=true -stdout_logfile_maxbytes=10MB -priority=150 diff --git a/docker/all-in-one/etc/supervisor/services/postgrest.conf b/docker/all-in-one/etc/supervisor/services/postgrest.conf deleted file mode 100644 index ad43b5208..000000000 --- a/docker/all-in-one/etc/supervisor/services/postgrest.conf +++ /dev/null @@ -1,10 +0,0 @@ -[program:postgrest] -command=/etc/postgrest/bootstrap.sh /etc/postgrest/generated.conf /etc/postgrest/base.conf -user=postgrest -autorestart=true -autostart=true -stopasgroup=true -startretries=1000 -stdout_logfile=/var/log/services/postgrest.log -redirect_stderr=true -stdout_logfile_maxbytes=10MB diff --git a/docker/all-in-one/etc/supervisor/supervisord.conf b/docker/all-in-one/etc/supervisor/supervisord.conf deleted file mode 100644 index d64f40f71..000000000 --- a/docker/all-in-one/etc/supervisor/supervisord.conf +++ /dev/null @@ -1,170 +0,0 @@ -; Sample supervisor config file. -; -; For more information on the config file, please see: -; http://supervisord.org/configuration.html -; -; Notes: -; - Shell expansion ("~" or "$HOME") is not supported. Environment -; variables can be expanded using this syntax: "%(ENV_HOME)s". -; - Quotes around values are not supported, except in the case of -; the environment= options as shown below. -; - Comments must have a leading space: "a=b ;comment" not "a=b;comment". -; - Command will be truncated if it looks like a config file comment, e.g. -; "command=bash -c 'foo ; bar'" will truncate to "command=bash -c 'foo ". -; -; Warning: -; Paths throughout this example file use /tmp because it is available on most -; systems. You will likely need to change these to locations more appropriate -; for your system. Some systems periodically delete older files in /tmp. -; Notably, if the socket file defined in the [unix_http_server] section below -; is deleted, supervisorctl will be unable to connect to supervisord. - -[unix_http_server] -file=/tmp/supervisor.sock ; the path to the socket file -chmod=0760 ; socket file mode (default 0700) -chown=root:root ; socket file uid:gid owner -;username=user ; default is no username (open server) -;password=123 ; default is no password (open server) - -; Security Warning: -; The inet HTTP server is not enabled by default. The inet HTTP server is -; enabled by uncommenting the [inet_http_server] section below. The inet -; HTTP server is intended for use within a trusted environment only. It -; should only be bound to localhost or only accessible from within an -; isolated, trusted network. The inet HTTP server does not support any -; form of encryption. The inet HTTP server does not use authentication -; by default (see the username= and password= options to add authentication). -; Never expose the inet HTTP server to the public internet. - -;[inet_http_server] ; inet (TCP) server disabled by default -;port=127.0.0.1:9001 ; ip_address:port specifier, *:port for all iface -;username=user ; default is no username (open server) -;password=123 ; default is no password (open server) - -[supervisord] -logfile=/tmp/supervisord.log ; main log file; default $CWD/supervisord.log -logfile_maxbytes=50MB ; max main logfile bytes b4 rotation; default 50MB -logfile_backups=10 ; # of main logfile backups; 0 means none, default 10 -loglevel=info ; log level; default info; others: debug,warn,trace -pidfile=/tmp/supervisord.pid ; supervisord pidfile; default supervisord.pid -nodaemon=true ; start in foreground if true; default false -silent=false ; no logs to stdout if true; default false -minfds=1024 ; min. avail startup file descriptors; default 1024 -minprocs=200 ; min. avail process descriptors;default 200 -user=root ; setuid to this UNIX account at startup; recommended if root -;umask=022 ; process file creation umask; default 022 -;identifier=supervisor ; supervisord identifier, default is 'supervisor' -;directory=/tmp ; default is not to cd during start -;nocleanup=true ; don't clean up tempfiles at start; default false -;childlogdir=/tmp ; 'AUTO' child log dir, default $TEMP -;environment=KEY="value" ; key value pairs to add to environment -;strip_ansi=false ; strip ansi escape codes in logs; def. false - -; The rpcinterface:supervisor section must remain in the config file for -; RPC (supervisorctl/web interface) to work. Additional interfaces may be -; added by defining them in separate [rpcinterface:x] sections. - -[rpcinterface:supervisor] -supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface - -; The supervisorctl section configures how supervisorctl will connect to -; supervisord. configure it match the settings in either the unix_http_server -; or inet_http_server section. - -[supervisorctl] -serverurl=unix:///tmp/supervisor.sock ; use a unix:// URL for a unix socket -;serverurl=http://127.0.0.1:9001 ; use an http:// url to specify an inet socket -;username=chris ; should be same as in [*_http_server] if set -;password=123 ; should be same as in [*_http_server] if set -;prompt=mysupervisor ; cmd line prompt (default "supervisor") -;history_file=~/.sc_history ; use readline history if available - -; The sample program section below shows all possible program subsection values. -; Create one or more 'real' program: sections to be able to control them under -; supervisor. - -;[program:theprogramname] -;command=/bin/cat ; the program (relative uses PATH, can take args) -;process_name=%(program_name)s ; process_name expr (default %(program_name)s) -;numprocs=1 ; number of processes copies to start (def 1) -;directory=/tmp ; directory to cwd to before exec (def no cwd) -;umask=022 ; umask for process (default None) -;priority=999 ; the relative start priority (default 999) -;autostart=true ; start at supervisord start (default: true) -;startsecs=1 ; # of secs prog must stay up to be running (def. 1) -;startretries=3 ; max # of serial start failures when starting (default 3) -;autorestart=unexpected ; when to restart if exited after running (def: unexpected) -;exitcodes=0 ; 'expected' exit codes used with autorestart (default 0) -;stopsignal=QUIT ; signal used to kill process (default TERM) -;stopwaitsecs=10 ; max num secs to wait b4 SIGKILL (default 10) -;stopasgroup=false ; send stop signal to the UNIX process group (default false) -;killasgroup=false ; SIGKILL the UNIX process group (def false) -;user=chrism ; setuid to this UNIX account to run the program -;redirect_stderr=true ; redirect proc stderr to stdout (default false) -;stdout_logfile=/a/path ; stdout log path, NONE for none; default AUTO -;stdout_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB) -;stdout_logfile_backups=10 ; # of stdout logfile backups (0 means none, default 10) -;stdout_capture_maxbytes=1MB ; number of bytes in 'capturemode' (default 0) -;stdout_events_enabled=false ; emit events on stdout writes (default false) -;stdout_syslog=false ; send stdout to syslog with process name (default false) -;stderr_logfile=/a/path ; stderr log path, NONE for none; default AUTO -;stderr_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB) -;stderr_logfile_backups=10 ; # of stderr logfile backups (0 means none, default 10) -;stderr_capture_maxbytes=1MB ; number of bytes in 'capturemode' (default 0) -;stderr_events_enabled=false ; emit events on stderr writes (default false) -;stderr_syslog=false ; send stderr to syslog with process name (default false) -;environment=A="1",B="2" ; process environment additions (def no adds) -;serverurl=AUTO ; override serverurl computation (childutils) - -; The sample eventlistener section below shows all possible eventlistener -; subsection values. Create one or more 'real' eventlistener: sections to be -; able to handle event notifications sent by supervisord. - -;[eventlistener:theeventlistenername] -;command=/bin/eventlistener ; the program (relative uses PATH, can take args) -;process_name=%(program_name)s ; process_name expr (default %(program_name)s) -;numprocs=1 ; number of processes copies to start (def 1) -;events=EVENT ; event notif. types to subscribe to (req'd) -;buffer_size=10 ; event buffer queue size (default 10) -;directory=/tmp ; directory to cwd to before exec (def no cwd) -;umask=022 ; umask for process (default None) -;priority=-1 ; the relative start priority (default -1) -;autostart=true ; start at supervisord start (default: true) -;startsecs=1 ; # of secs prog must stay up to be running (def. 1) -;startretries=3 ; max # of serial start failures when starting (default 3) -;autorestart=unexpected ; autorestart if exited after running (def: unexpected) -;exitcodes=0 ; 'expected' exit codes used with autorestart (default 0) -;stopsignal=QUIT ; signal used to kill process (default TERM) -;stopwaitsecs=10 ; max num secs to wait b4 SIGKILL (default 10) -;stopasgroup=false ; send stop signal to the UNIX process group (default false) -;killasgroup=false ; SIGKILL the UNIX process group (def false) -;user=chrism ; setuid to this UNIX account to run the program -;redirect_stderr=false ; redirect_stderr=true is not allowed for eventlisteners -;stdout_logfile=/a/path ; stdout log path, NONE for none; default AUTO -;stdout_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB) -;stdout_logfile_backups=10 ; # of stdout logfile backups (0 means none, default 10) -;stdout_events_enabled=false ; emit events on stdout writes (default false) -;stdout_syslog=false ; send stdout to syslog with process name (default false) -;stderr_logfile=/a/path ; stderr log path, NONE for none; default AUTO -;stderr_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB) -;stderr_logfile_backups=10 ; # of stderr logfile backups (0 means none, default 10) -;stderr_events_enabled=false ; emit events on stderr writes (default false) -;stderr_syslog=false ; send stderr to syslog with process name (default false) -;environment=A="1",B="2" ; process environment additions -;serverurl=AUTO ; override serverurl computation (childutils) - -; The sample group section below shows all possible group values. Create one -; or more 'real' group: sections to create "heterogeneous" process groups. - -;[group:thegroupname] -;programs=progname1,progname2 ; each refers to 'x' in [program:x] definitions -;priority=999 ; the relative start priority (default 999) - -; The [include] section can just contain the "files" setting. This -; setting can list multiple files (separated by whitespace or -; newlines). It can also contain wildcards. The filenames are -; interpreted as relative to this file. Included files *cannot* -; include files themselves. - -[include] -files = base-services/*.conf diff --git a/docker/all-in-one/etc/tmpfiles.d/pgbouncer.conf b/docker/all-in-one/etc/tmpfiles.d/pgbouncer.conf deleted file mode 100644 index d5d2cd49d..000000000 --- a/docker/all-in-one/etc/tmpfiles.d/pgbouncer.conf +++ /dev/null @@ -1,2 +0,0 @@ -# Directory for PostgreSQL sockets, lockfiles and stats tempfiles -d /run/pgbouncer 2775 pgbouncer postgres - - \ No newline at end of file diff --git a/docker/all-in-one/etc/vector/vector.yaml b/docker/all-in-one/etc/vector/vector.yaml deleted file mode 100644 index 8bcf867b8..000000000 --- a/docker/all-in-one/etc/vector/vector.yaml +++ /dev/null @@ -1,306 +0,0 @@ -data_dir: /var/lib/vector -sources: - gotrue_log: - type: file - include: - - /var/log/services/gotrue.log - - postgrest_log: - type: file - include: - - /var/log/services/postgrest.log - - pgbouncer_log: - type: file - include: - - /var/log/services/pgbouncer.log - - pitr_log: - type: file - include: - - /var/log/wal-g/pitr.log - read_from: end - - postgres_log: - type: file - include: - - /var/log/postgresql/postgres*.csv - read_from: end - multiline: - start_pattern: '^20[0-9][0-9]-[0-1][0-9]-[0-3][0-9] [0-2][0-9]:[0-5][0-9]:[0-5][0-9].[0-9]{3} UTC,"' - mode: halt_before - condition_pattern: '^20[0-9][0-9]-[0-1][0-9]-[0-3][0-9] [0-2][0-9]:[0-5][0-9]:[0-5][0-9].[0-9]{3} UTC,"' - timeout_ms: 500 - -transforms: - csv_parse: - type: remap - inputs: - - postgres_log - source: |- - csv_data = parse_csv!(.message) - .metadata.parsed.timestamp = csv_data[0] - .metadata.parsed.user_name = csv_data[1] - .metadata.parsed.database_name = csv_data[2] - .metadata.parsed.process_id = to_int(csv_data[3]) ?? null - .metadata.parsed.connection_from = csv_data[4] - .metadata.parsed.session_id = csv_data[5] - .metadata.parsed.session_line_num = to_int(csv_data[6]) ?? null - .metadata.parsed.command_tag = csv_data[7] - .metadata.parsed.session_start_time = csv_data[8] - .metadata.parsed.virtual_transaction_id = csv_data[9] - .metadata.parsed.transaction_id = to_int(csv_data[10]) ?? null - .metadata.parsed.error_severity = csv_data[11] - .metadata.parsed.sql_state_code = csv_data[12] - .metadata.parsed.message = csv_data[13] - .metadata.parsed.detail = csv_data[14] - .metadata.parsed.hint = csv_data[15] - .metadata.parsed.internal_query = csv_data[16] - .metadata.parsed.internal_query_pos = to_int(csv_data[17]) ?? null - .metadata.parsed.context = csv_data[18] - .metadata.parsed.query = csv_data[19] - .metadata.parsed.query_pos = to_int(csv_data[20]) ?? null - .metadata.parsed.location = csv_data[21] - .metadata.parsed.application_name = csv_data[22] - .metadata.parsed.backend_type = csv_data[23] - .metadata.parsed.leader_pid = to_int(csv_data[24]) ?? null - .metadata.parsed.query_id = to_int(csv_data[25]) ?? null - - z_ts = replace!(.metadata.parsed.timestamp, " UTC", "Z") - iso8601_ts = replace(z_ts, " ", "T") - - .timestamp = iso8601_ts - - # Sends original csv log line duplicating data. Used for QA. - # .metadata.parsed_from = .message - - .message = del(.metadata.parsed.message) - .metadata.host = del(.host) - del(.file) - del(.source_type) - - drop_metrics: - type: filter - inputs: - - csv_parse - condition: > - .metadata.parsed.application_name != "postgres_exporter" && .metadata.parsed.application_name != "realtime_rls" && !contains!(.message, "disconnection: session time") - - add_project_ref: - type: add_fields - inputs: - - drop_metrics - fields: - project: {{ .ProjectRef }} - - auth_failures: - type: filter - inputs: - - postgres_log - condition: >- - contains!(.message, "password authentication failed for user") - - filter_pgbouncer_stats: - type: filter - inputs: - - pgbouncer_log - condition: >- - !starts_with!(.message, "stats:") && !starts_with!(.message, "kernel file descriptor limit") && !contains!(.message, "FIXME") - - filter_postgrest_stats: - type: filter - inputs: - - postgrest_log - condition: >- - !starts_with!(.message, "+") && !starts_with!(.message, "INFO:") && !contains!(.message, "Admin server listening") - - gotrue_to_object: - inputs: - - gotrue_log - type: remap - source: |2- - .project = "{{ .ProjectRef }}" - - .parsed, err = parse_json(.message) - if err == null { - .metadata = .parsed - .metadata.msg = .parsed.msg - .timestamp = del(.metadata.time) - } - del(.parsed) - .metadata.host = del(.host) - - del(.source_type) - del(.PRIORITY) - del(.SYSLOG_FACILITY) - del(.SYSLOG_IDENTIFIER) - del(._BOOT_ID) - del(._CAP_EFFECTIVE) - del(._CMDLINE) - del(._COMM) - del(._EXE) - del(._GID) - del(._MACHINE_ID) - del(._PID) - del(._SELINUX_CONTEXT) - del(._STREAM_ID) - del(._SYSTEMD_CGROUP) - del(._SYSTEMD_INVOCATION_ID) - del(._SYSTEMD_SLICE) - del(._SYSTEMD_UNIT) - del(._TRANSPORT) - del(._UID) - del(.__MONOTONIC_TIMESTAMP) - del(.__REALTIME_TIMESTAMP) - - postgrest_to_object: - inputs: - - filter_postgrest_stats - type: remap - source: |2- - .project = "{{ .ProjectRef }}" - - # removes timestamp embedded in log since Vector already sends it - .message = replace!(.message, r'^\d+/\w+/\d+:\d+:\d+:\d+\s\+\d+:\s', "") - .metadata.host = del(.host) - del(.source_type) - del(.PRIORITY) - del(.SYSLOG_FACILITY) - del(.SYSLOG_IDENTIFIER) - del(._BOOT_ID) - del(._CAP_EFFECTIVE) - del(._CMDLINE) - del(._COMM) - del(._EXE) - del(._GID) - del(._MACHINE_ID) - del(._PID) - del(._SELINUX_CONTEXT) - del(._STREAM_ID) - del(._SYSTEMD_CGROUP) - del(._SYSTEMD_INVOCATION_ID) - del(._SYSTEMD_SLICE) - del(._SYSTEMD_UNIT) - del(._TRANSPORT) - del(._UID) - del(.__MONOTONIC_TIMESTAMP) - del(.__REALTIME_TIMESTAMP) - - pgbouncer_to_object: - inputs: - - filter_pgbouncer_stats - type: remap - source: |2- - .project = "{{ .ProjectRef }}" - .metadata.host = del(.host) - del(.source_type) - del(.PRIORITY) - del(.SYSLOG_IDENTIFIER) - del(._BOOT_ID) - del(._CAP_EFFECTIVE) - del(._CMDLINE) - del(._COMM) - del(._EXE) - del(._GID) - del(._MACHINE_ID) - del(._PID) - del(._SELINUX_CONTEXT) - del(._SOURCE_REALTIME_TIMESTAMP) - del(._SYSTEMD_CGROUP) - del(._SYSTEMD_INVOCATION_ID) - del(._SYSTEMD_SLICE) - del(._SYSTEMD_UNIT) - del(._TRANSPORT) - del(._UID) - del(.__MONOTONIC_TIMESTAMP) - del(.__REALTIME_TIMESTAMP) - - pitr_to_object: - inputs: - - pitr_log - type: remap - source: |2- - .project = "{{ .ProjectRef }}" - - .parsed, err = parse_key_value(.message) - if err == null { - .metadata = .parsed - .metadata.host = del(.host) - .message = del(.metadata.msg) - .timestamp = del(.metadata.time) - } - - del(.parsed) - del(.source_type) - del(.file) - - filter_pitr_error: - inputs: - - pitr_to_object - type: filter - condition: > - .metadata.level != "info" - -sinks: - http_gotrue: - type: "http" - inputs: - - gotrue_to_object - encoding: - codec: "json" - method: "post" - compression: none - request: - retry_max_duration_secs: 10 - uri: "https://{{ .LogflareHost }}/logs?api_key={{ .ApiKey }}&source={{ .GotrueSource }}" - - http_postgrest: - type: http - inputs: - - postgrest_to_object - encoding: - codec: "json" - method: "post" - compression: none - request: - retry_max_duration_secs: 10 - uri: "https://{{ .LogflareHost }}/logs?api_key={{ .ApiKey }}&source={{ .PostgrestSource }}" - - http_pgbouncer: - type: http - inputs: - - pgbouncer_to_object - encoding: - codec: json - compression: none - uri: "https://{{ .LogflareHost }}/logs?api_key={{ .ApiKey }}&source={{ .PgbouncerSource }}" - - http_pitr_error: - type: http - inputs: - - filter_pitr_error - encoding: - codec: json - compression: none - uri: "https://{{ .LogflareHost }}/logs?api_key={{ .ApiKey }}&source={{ .PitrErrorsSource }}" - - http_postgres: - type: http - inputs: - - add_project_ref - encoding: - codec: "json" - method: "post" - compression: none - request: - retry_max_duration_secs: 10 - uri: "https://{{ .LogflareHost }}/logs?api_key={{ .ApiKey }}&source={{ .DbSource }}" - - file_postgres: - type: file - inputs: - - auth_failures - encoding: - codec: text - path: >- - /var/log/postgresql/auth-failures.csv diff --git a/docker/all-in-one/healthcheck.sh b/docker/all-in-one/healthcheck.sh deleted file mode 100755 index 0b5c9607d..000000000 --- a/docker/all-in-one/healthcheck.sh +++ /dev/null @@ -1,46 +0,0 @@ -#!/bin/bash -set -eou pipefail - -# database up -pg_isready -U postgres -h localhost -p 5432 - -if [ -f "/tmp/init.json" ]; then - ADMIN_API_KEY=${ADMIN_API_KEY:-$(jq -r '.["supabase_admin_key"]' /tmp/init.json)} -fi - -# adminapi up -if [ -d "$ADMIN_API_CERT_DIR" ]; then - curl -sSkf "https://localhost:$ADMIN_API_PORT/health" -H "apikey: $ADMIN_API_KEY" -else - curl -sSf "http://localhost:$ADMIN_API_PORT/health" -H "apikey: $ADMIN_API_KEY" -fi - -if [ "${POSTGRES_ONLY:-}" ]; then - exit 0 -fi - -# postgrest up -curl -sSfI "http://localhost:$PGRST_ADMIN_SERVER_PORT/ready" - -# gotrue up -curl -sSf "http://localhost:$GOTRUE_API_PORT/health" - -if [ "${ENVOY_ENABLED:-}" == "true" ]; then - # envoy up - curl -sSfI "http://localhost:$ENVOY_HTTP_PORT/health" -else - # kong up - kong health -fi - -# fail2ban up -fail2ban-client status - -# prometheus exporter up -curl -sSfI "http://localhost:$PGEXPORTER_PORT/metrics" - -# vector is up (if starting logflare) -# TODO: make this non-conditional once we set up local logflare for testinfra -if [ -n "${LOGFLARE_API_KEY:-}" ]; then - curl -sSfI "http://localhost:$VECTOR_API_PORT/health" -fi diff --git a/docker/all-in-one/init/configure-admin-mgr.sh b/docker/all-in-one/init/configure-admin-mgr.sh deleted file mode 100755 index 98ebf6c17..000000000 --- a/docker/all-in-one/init/configure-admin-mgr.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/bash -set -eou pipefail - -touch "/var/log/wal-g/pitr.log" -chown postgres:postgres "/var/log/wal-g/pitr.log" -chmod 0666 "/var/log/wal-g/pitr.log" - -/usr/local/bin/configure-shim.sh /dist/admin-mgr /usr/bin/admin-mgr diff --git a/docker/all-in-one/init/configure-adminapi.sh b/docker/all-in-one/init/configure-adminapi.sh deleted file mode 100755 index e56e5ee0c..000000000 --- a/docker/all-in-one/init/configure-adminapi.sh +++ /dev/null @@ -1,56 +0,0 @@ -#!/bin/bash -set -eou pipefail - -ADMIN_API_CONF=/etc/adminapi/adminapi.yaml -touch /var/log/services/adminapi.log - -ADMINAPI_CUSTOM_DIR="${DATA_VOLUME_MOUNTPOINT}/etc/adminapi" - -/usr/local/bin/configure-shim.sh /dist/supabase-admin-api /opt/supabase-admin-api - -if [ -f "${INIT_PAYLOAD_PATH:-}" ]; then - echo "init adminapi payload" - tar -xzvf "$INIT_PAYLOAD_PATH" -C / ./etc/adminapi/adminapi.yaml - chown adminapi:adminapi ./etc/adminapi/adminapi.yaml - - mkdir -p $ADMIN_API_CERT_DIR - tar -xzvf "$INIT_PAYLOAD_PATH" -C $ADMIN_API_CERT_DIR --strip-components 2 ./ssl/server.crt - tar -xzvf "$INIT_PAYLOAD_PATH" -C $ADMIN_API_CERT_DIR --strip-components 2 ./ssl/server.key - chown -R adminapi:root $ADMIN_API_CERT_DIR - chmod 700 -R $ADMIN_API_CERT_DIR -else - PROJECT_REF=${PROJECT_REF:-default} - PGBOUNCER_PASSWORD=${PGBOUNCER_PASSWORD:-$POSTGRES_PASSWORD} - SUPABASE_URL=${SUPABASE_URL:-https://api.supabase.io/system} - REPORTING_TOKEN=${REPORTING_TOKEN:-token} - - sed -i "s|{{ .JwtSecret }}|$JWT_SECRET|g" $ADMIN_API_CONF - sed -i "s|{{ .PgbouncerPassword }}|$PGBOUNCER_PASSWORD|g" $ADMIN_API_CONF - sed -i "s|{{ .ProjectRef }}|$PROJECT_REF|g" $ADMIN_API_CONF - sed -i "s|{{ .SupabaseUrl }}|$SUPABASE_URL|g" $ADMIN_API_CONF - sed -i "s|{{ .ReportingToken }}|$REPORTING_TOKEN|g" $ADMIN_API_CONF -fi - -# Allow adminapi to write to /etc and manage Postgres configs -chmod g+w /etc -chmod -R 0775 /etc/postgresql -chmod -R 0775 /etc/postgresql-custom -chmod -R 0775 /etc/pgbouncer-custom - -# Update api port -sed -i "s|^port: .*$|port: ${ADMIN_API_PORT:-8085}|g" $ADMIN_API_CONF - -if [ "${DATA_VOLUME_MOUNTPOINT}" ]; then - mkdir -p "${ADMINAPI_CUSTOM_DIR}" - if [ ! -f "${CONFIGURED_FLAG_PATH}" ]; then - echo "Copying existing custom adminapi config from /etc/adminapi to ${ADMINAPI_CUSTOM_DIR}" - cp -R "/etc/adminapi/." "${ADMINAPI_CUSTOM_DIR}/" - fi - - rm -rf "/etc/adminapi" - ln -s "${ADMINAPI_CUSTOM_DIR}" "/etc/adminapi" - chown -R adminapi:adminapi "/etc/adminapi" - - chown -R adminapi:adminapi "${ADMINAPI_CUSTOM_DIR}" - chmod g+wrx "${ADMINAPI_CUSTOM_DIR}" -fi diff --git a/docker/all-in-one/init/configure-autoshutdown.sh b/docker/all-in-one/init/configure-autoshutdown.sh deleted file mode 100755 index 66343e518..000000000 --- a/docker/all-in-one/init/configure-autoshutdown.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/bash -set -eou pipefail - -mkdir -p /etc/supa-shutdown - -AUTOSHUTDOWN_CUSTOM_DIR="${DATA_VOLUME_MOUNTPOINT}/etc/supa-shutdown" -if [ "${DATA_VOLUME_MOUNTPOINT}" ]; then - mkdir -p "${AUTOSHUTDOWN_CUSTOM_DIR}" - - AUTOSHUTDOWN_CUSTOM_CONFIG_FILE_PATH="${AUTOSHUTDOWN_CUSTOM_DIR}/shutdown.conf" - if [ ! -f "${AUTOSHUTDOWN_CUSTOM_CONFIG_FILE_PATH}" ]; then - echo "Copying existing custom shutdown config from /etc/supa-shutdown to ${AUTOSHUTDOWN_CUSTOM_CONFIG_FILE_PATH}" - cp "/etc/supa-shutdown/shutdown.conf" "${AUTOSHUTDOWN_CUSTOM_CONFIG_FILE_PATH}" - fi - - rm -f "/etc/supa-shutdown/shutdown.conf" - ln -s "${AUTOSHUTDOWN_CUSTOM_CONFIG_FILE_PATH}" "/etc/supa-shutdown/shutdown.conf" - chmod g+wrx "${AUTOSHUTDOWN_CUSTOM_DIR}" - chown -R adminapi:adminapi "/etc/supa-shutdown/shutdown.conf" - chown -R adminapi:adminapi "${AUTOSHUTDOWN_CUSTOM_CONFIG_FILE_PATH}" -fi diff --git a/docker/all-in-one/init/configure-envoy.sh b/docker/all-in-one/init/configure-envoy.sh deleted file mode 100755 index 4d3382f8a..000000000 --- a/docker/all-in-one/init/configure-envoy.sh +++ /dev/null @@ -1,53 +0,0 @@ -#!/bin/bash -set -eou pipefail - -if [[ "${ENVOY_ENABLED:-}" != "true" ]]; then - exit -fi - -ENVOY_CDS_CONF=/etc/envoy/cds.yaml -ENVOY_LDS_CONF=/etc/envoy/lds.yaml -touch /var/log/services/envoy.log - -/usr/local/bin/configure-shim.sh /dist/envoy /opt/envoy - -if [[ -n "${DATA_VOLUME_MOUNTPOINT}" ]]; then - ENVOY_CUSTOM_DIR="${DATA_VOLUME_MOUNTPOINT}/etc/envoy" - mkdir -p "${ENVOY_CUSTOM_DIR}" - if [[ ! -f "${CONFIGURED_FLAG_PATH}" ]]; then - echo "Copying existing custom envoy config from /etc/envoy/ to ${ENVOY_CUSTOM_DIR}" - cp -R "/etc/envoy/." "${ENVOY_CUSTOM_DIR}/" - fi - - rm -rf "/etc/envoy" - ln -s "${ENVOY_CUSTOM_DIR}" "/etc/envoy" - chown -R envoy:envoy "/etc/envoy" - chmod -R g+w "/etc/envoy" - - chown -R envoy:envoy "${ENVOY_CUSTOM_DIR}" - chmod -R g+w "${ENVOY_CUSTOM_DIR}" - chmod g+rx "${ENVOY_CUSTOM_DIR}" -fi - -if [[ -f "${INIT_PAYLOAD_PATH:-}" ]]; then - echo "init envoy payload" - tar -xzvhf "${INIT_PAYLOAD_PATH}" -C / ./etc/envoy/ - chown -HR envoy:envoy /etc/envoy - chmod -HR g+w /etc/envoy -fi - -# Inject project specific configuration -# "c2VydmljZV9yb2xlOnNlcnZpY2Vfa2V5" is base64-encoded "service_role:service_key". -sed -i -e "s|anon_key|${ANON_KEY}|g" \ - -e "s|service_key|${SERVICE_ROLE_KEY}|g" \ - -e "s|supabase_admin_key|${ADMIN_API_KEY}|g" \ - -e "s|c2VydmljZV9yb2xlOnNlcnZpY2Vfa2V5|$(echo -n "service_role:${SERVICE_ROLE_KEY}" | base64 --wrap 0)|g" \ - "${ENVOY_LDS_CONF}" - -# Update Envoy ports -sed -i "s|port_value: 80$|port_value: ${ENVOY_HTTP_PORT}|g" "${ENVOY_LDS_CONF}" -sed -i "s|port_value: 443$|port_value: ${ENVOY_HTTPS_PORT}|g" "${ENVOY_LDS_CONF}" -sed -i "s|port_value: 3000$|port_value: ${PGRST_SERVER_PORT}|g" "${ENVOY_CDS_CONF}" -sed -i "s|port_value: 3001$|port_value: ${PGRST_ADMIN_SERVER_PORT}|g" "${ENVOY_CDS_CONF}" -sed -i "s|port_value: 8085$|port_value: ${ADMIN_API_PORT}|g" "${ENVOY_CDS_CONF}" -sed -i "s|port_value: 9999$|port_value: ${GOTRUE_API_PORT}|g" "${ENVOY_CDS_CONF}" diff --git a/docker/all-in-one/init/configure-exporter.sh b/docker/all-in-one/init/configure-exporter.sh deleted file mode 100755 index 93498c4e6..000000000 --- a/docker/all-in-one/init/configure-exporter.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash -set -eou pipefail - -touch /var/log/services/exporter.log - diff --git a/docker/all-in-one/init/configure-fail2ban.sh b/docker/all-in-one/init/configure-fail2ban.sh deleted file mode 100755 index 39b0a27a6..000000000 --- a/docker/all-in-one/init/configure-fail2ban.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash -set -eou pipefail - -mkdir -p /var/run/fail2ban -touch /var/log/services/fail2ban.log -touch /var/log/postgresql/auth-failures.csv diff --git a/docker/all-in-one/init/configure-gotrue.sh b/docker/all-in-one/init/configure-gotrue.sh deleted file mode 100755 index 5fe4ad25e..000000000 --- a/docker/all-in-one/init/configure-gotrue.sh +++ /dev/null @@ -1,40 +0,0 @@ -#!/bin/bash -set -eou pipefail - -touch /var/log/services/gotrue.log - -GOTRUE_CUSTOM_DIR="${DATA_VOLUME_MOUNTPOINT}/etc/gotrue" -GOTRUE_CUSTOM_CONFIG_FILE_PATH="${DATA_VOLUME_MOUNTPOINT}/etc/gotrue/gotrue.env" - -/usr/local/bin/configure-shim.sh /dist/gotrue /opt/gotrue/gotrue - -if [ "${DATA_VOLUME_MOUNTPOINT}" ]; then - mkdir -p "${GOTRUE_CUSTOM_DIR}" - chmod g+wrx "${GOTRUE_CUSTOM_DIR}" - chown adminapi:adminapi "${GOTRUE_CUSTOM_DIR}" - - if [ ! -f "${CONFIGURED_FLAG_PATH}" ]; then - echo "Copying existing GoTrue config from /etc/gotrue.env to ${GOTRUE_CUSTOM_CONFIG_FILE_PATH}" - cp "/etc/gotrue.env" "${GOTRUE_CUSTOM_CONFIG_FILE_PATH}" - fi - - rm -f "/etc/gotrue.env" - ln -s "${GOTRUE_CUSTOM_CONFIG_FILE_PATH}" "/etc/gotrue.env" - chown -R adminapi:adminapi "/etc/gotrue.env" - - chown -R adminapi:adminapi "${GOTRUE_CUSTOM_CONFIG_FILE_PATH}" - chmod g+rx "${GOTRUE_CUSTOM_CONFIG_FILE_PATH}" -fi - -if [ -f "${INIT_PAYLOAD_PATH:-}" ]; then - if [ ! -f "${CONFIGURED_FLAG_PATH}" ]; then - echo "init gotrue payload" - tar -h --overwrite -xzvf "$INIT_PAYLOAD_PATH" -C / ./etc/gotrue.env - chown -R adminapi:adminapi /etc/gotrue.env - fi -else - sed -i "s|api_external_url|${API_EXTERNAL_URL:-http://localhost}|g" /etc/gotrue.env - sed -i "s|gotrue_api_host|${GOTRUE_API_HOST:-0.0.0.0}|g" /etc/gotrue.env - sed -i "s|gotrue_site_url|$GOTRUE_SITE_URL|g" /etc/gotrue.env - sed -i "s|gotrue_jwt_secret|$JWT_SECRET|g" /etc/gotrue.env -fi diff --git a/docker/all-in-one/init/configure-kong.sh b/docker/all-in-one/init/configure-kong.sh deleted file mode 100755 index 110525d44..000000000 --- a/docker/all-in-one/init/configure-kong.sh +++ /dev/null @@ -1,48 +0,0 @@ -#!/bin/bash -set -eou pipefail - -KONG_CONF=/etc/kong/kong.yml -KONG_CUSTOM_DIR="${DATA_VOLUME_MOUNTPOINT}/etc/kong" - -touch /var/log/services/kong.log - -if [ -f "${INIT_PAYLOAD_PATH:-}" ]; then - echo "init kong payload" - # Setup ssl termination - tar -xzvf "$INIT_PAYLOAD_PATH" -C / ./etc/kong/ - chown -R adminapi:adminapi ./etc/kong/kong.yml - chown -R adminapi:adminapi ./etc/kong/*pem - echo "ssl_cipher_suite = intermediate" >> /etc/kong/kong.conf - echo "ssl_cert = /etc/kong/fullChain.pem" >> /etc/kong/kong.conf - echo "ssl_cert_key = /etc/kong/privKey.pem" >> /etc/kong/kong.conf -else - # Default gateway config - export KONG_DNS_ORDER=LAST,A,CNAME - export KONG_PROXY_ERROR_LOG=syslog:server=unix:/dev/log - export KONG_ADMIN_ERROR_LOG=syslog:server=unix:/dev/log -fi - -# Inject project specific configuration -sed -i -e "s|anon_key|$ANON_KEY|g" \ - -e "s|service_key|$SERVICE_ROLE_KEY|g" \ - -e "s|supabase_admin_key|$ADMIN_API_KEY|g" \ - $KONG_CONF - -# Update kong ports -sed -i "s|:80 |:$KONG_HTTP_PORT |g" /etc/kong/kong.conf -sed -i "s|:443 |:$KONG_HTTPS_PORT |g" /etc/kong/kong.conf - -if [ "${DATA_VOLUME_MOUNTPOINT}" ]; then - mkdir -p "${KONG_CUSTOM_DIR}" - if [ ! -f "${CONFIGURED_FLAG_PATH}" ]; then - echo "Copying existing custom kong config from /etc/kong/kong.yml to ${KONG_CUSTOM_DIR}" - cp /etc/kong/kong.yml "${KONG_CUSTOM_DIR}/kong.yml" - fi - - rm -rf "/etc/kong/kong.yml" - ln -s "${KONG_CUSTOM_DIR}/kong.yml" "/etc/kong/kong.yml" - chown -R adminapi:adminapi "/etc/kong/kong.yml" - - chown -R adminapi:adminapi "${KONG_CUSTOM_DIR}" - chmod g+wrx "${KONG_CUSTOM_DIR}" -fi \ No newline at end of file diff --git a/docker/all-in-one/init/configure-pg_egress_collect.sh b/docker/all-in-one/init/configure-pg_egress_collect.sh deleted file mode 100755 index 17051aba9..000000000 --- a/docker/all-in-one/init/configure-pg_egress_collect.sh +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/bash -set -eou pipefail - -PG_EGRESS_COLLECT_FILE=/tmp/pg_egress_collect.txt - -if [ "${DATA_VOLUME_MOUNTPOINT:-}" != "" ]; then - if [ ! -L $PG_EGRESS_COLLECT_FILE ]; then - if [ -f $PG_EGRESS_COLLECT_FILE ]; then - rm -f $PG_EGRESS_COLLECT_FILE - fi - touch "${DATA_VOLUME_MOUNTPOINT}/pg_egress_collect.txt" - ln -s "${DATA_VOLUME_MOUNTPOINT}/pg_egress_collect.txt" $PG_EGRESS_COLLECT_FILE - fi -fi diff --git a/docker/all-in-one/init/configure-pgbouncer.sh b/docker/all-in-one/init/configure-pgbouncer.sh deleted file mode 100755 index c9c8062e6..000000000 --- a/docker/all-in-one/init/configure-pgbouncer.sh +++ /dev/null @@ -1,46 +0,0 @@ -#!/bin/bash -set -eou pipefail - -touch /var/log/services/pgbouncer.log - -mkdir -p /var/run/pgbouncer -chown pgbouncer:postgres /var/run/pgbouncer - -PGBOUNCER_CONF=/etc/pgbouncer/pgbouncer.ini - -if [ -f "${INIT_PAYLOAD_PATH:-}" ]; then - echo "init pgbouncer payload" - sed -i -E "s|^# (%include /etc/pgbouncer-custom/ssl-config.ini)$|\1|g" $PGBOUNCER_CONF - - tar -xzvf "$INIT_PAYLOAD_PATH" -C /etc/pgbouncer/ --strip-components 3 ./etc/pgbouncer/userlist.txt - chown -R pgbouncer:pgbouncer /etc/pgbouncer/userlist.txt -fi - -if [ "${DATA_VOLUME_MOUNTPOINT}" ]; then - /opt/supabase-admin-api optimize pgbouncer --destination-config-file-path /etc/pgbouncer-custom/generated-optimizations.ini - - # Preserve pgbouncer configs across restarts - PGBOUNCER_DIR="${DATA_VOLUME_MOUNTPOINT}/etc/pgbouncer" - PGBOUNCER_CUSTOM_DIR="${DATA_VOLUME_MOUNTPOINT}/etc/pgbouncer-custom" - - mkdir -p "${PGBOUNCER_DIR}" - mkdir -p "${PGBOUNCER_CUSTOM_DIR}" - - if [ ! -f "${CONFIGURED_FLAG_PATH}" ]; then - echo "Copying existing custom pgbouncer config from /etc/pgbouncer-custom to ${PGBOUNCER_CUSTOM_DIR}" - cp -R "/etc/pgbouncer-custom/." "${PGBOUNCER_CUSTOM_DIR}/" - cp -R "/etc/pgbouncer/." "${PGBOUNCER_DIR}/" - fi - - rm -rf "/etc/pgbouncer-custom" - ln -s "${PGBOUNCER_CUSTOM_DIR}" "/etc/pgbouncer-custom" - chown -R pgbouncer:pgbouncer "/etc/pgbouncer-custom" - chown -R pgbouncer:pgbouncer "${PGBOUNCER_CUSTOM_DIR}" - chmod -R g+wrx "${PGBOUNCER_CUSTOM_DIR}" - - rm -rf "/etc/pgbouncer" - ln -s "${PGBOUNCER_DIR}" "/etc/pgbouncer" - chown -R pgbouncer:pgbouncer "/etc/pgbouncer" - chown -R pgbouncer:pgbouncer "${PGBOUNCER_DIR}" - chmod -R g+wrx "${PGBOUNCER_DIR}" -fi diff --git a/docker/all-in-one/init/configure-postgrest.sh b/docker/all-in-one/init/configure-postgrest.sh deleted file mode 100755 index 20f5a9902..000000000 --- a/docker/all-in-one/init/configure-postgrest.sh +++ /dev/null @@ -1,41 +0,0 @@ -#!/bin/bash -set -eou pipefail - -touch /var/log/services/postgrest.log - -# Default in-database config -sed -i "s|pgrst_server_port|${PGRST_SERVER_PORT:-3000}|g" /etc/postgrest/base.conf -sed -i "s|pgrst_admin_server_port|${PGRST_ADMIN_SERVER_PORT:-3001}|g" /etc/postgrest/base.conf -sed -i "s|pgrst_db_schemas|${PGRST_DB_SCHEMAS:-public,storage,graphql_public}|g" /etc/postgrest/base.conf -sed -i "s|pgrst_db_extra_search_path|${PGRST_DB_SCHEMAS:-public,extensions}|g" /etc/postgrest/base.conf -sed -i "s|pgrst_db_anon_role|${PGRST_DB_ANON_ROLE:-anon}|g" /etc/postgrest/base.conf -sed -i "s|pgrst_jwt_secret|$JWT_SECRET|g" /etc/postgrest/base.conf - -/usr/local/bin/configure-shim.sh /dist/postgrest /opt/postgrest - -if [ -f "${INIT_PAYLOAD_PATH:-}" ]; then - echo "init postgrest payload" - tar -xzvf "$INIT_PAYLOAD_PATH" -C / ./etc/postgrest/base.conf - chown -R postgrest:postgrest /etc/postgrest -fi - -if [ "${DATA_VOLUME_MOUNTPOINT}" ]; then - POSTGREST_CUSTOM_DIR="${DATA_VOLUME_MOUNTPOINT}/etc/postgrest" - mkdir -p "${POSTGREST_CUSTOM_DIR}" - if [ ! -f "${CONFIGURED_FLAG_PATH}" ]; then - echo "Copying existing custom PostgREST config from /etc/postgrest/ to ${POSTGREST_CUSTOM_DIR}" - cp -R "/etc/postgrest/." "${POSTGREST_CUSTOM_DIR}/" - fi - - rm -rf "/etc/postgrest" - ln -s "${POSTGREST_CUSTOM_DIR}" "/etc/postgrest" - chown -R postgrest:postgrest "/etc/postgrest" - - chown -R postgrest:postgrest "${POSTGREST_CUSTOM_DIR}" - chmod g+wrx "${POSTGREST_CUSTOM_DIR}" -fi - -PGRST_CONF=/etc/postgrest/generated.conf - -/opt/supabase-admin-api optimize postgrest --destination-config-file-path $PGRST_CONF -cat /etc/postgrest/base.conf >> $PGRST_CONF diff --git a/docker/all-in-one/init/configure-vector.sh b/docker/all-in-one/init/configure-vector.sh deleted file mode 100755 index 9177a0f94..000000000 --- a/docker/all-in-one/init/configure-vector.sh +++ /dev/null @@ -1,56 +0,0 @@ -#!/bin/bash -set -eou pipefail - -VECTOR_CONF=/etc/vector/vector.yaml -touch /var/log/services/vector.log - -if [ -f "${INIT_PAYLOAD_PATH:-}" ]; then - echo "init vector payload" - tar -xzvf "$INIT_PAYLOAD_PATH" -C /etc/vector/ --strip-components 2 ./tmp/init.json - PROJECT_REF=$(jq -r '.["project_ref"]' /etc/vector/init.json) - LOGFLARE_DB_SOURCE=$(jq -r '.["logflare_db_source"]' /etc/vector/init.json) - LOGFLARE_GOTRUE_SOURCE=$(jq -r '.["logflare_gotrue_source"]' /etc/vector/init.json) - LOGFLARE_POSTGREST_SOURCE=$(jq -r '.["logflare_postgrest_source"]' /etc/vector/init.json) - LOGFLARE_PGBOUNCER_SOURCE=$(jq -r '.["logflare_pgbouncer_source"]' /etc/vector/init.json) - LOGFLARE_PITR_ERRORS_SOURCE=$(jq -r '.["logflare_pitr_errors_source"]' /etc/vector/init.json) - LOGFLARE_API_KEY=$(jq -r '.["logflare_api_key"]' /etc/vector/init.json) -fi - -# Exit early if not starting logflare -if [ -z "${LOGFLARE_API_KEY:-}" ]; then - echo "Skipped starting vector: missing LOGFLARE_API_KEY" - exit 0 -fi - -# Add vector to support both base-services and services config -cat < /etc/supervisor/services/vector.conf - -[program:vector] -command=/usr/bin/vector --config-yaml /etc/vector/vector.yaml -user=root -autorestart=true -stdout_logfile=/var/log/services/vector.log -redirect_stderr=true -stdout_logfile_maxbytes=10MB -priority=250 - -EOF - -VECTOR_API_PORT=${VECTOR_API_PORT:-9001} -PROJECT_REF=${PROJECT_REF:-default} -LOGFLARE_HOST=${LOGFLARE_HOST:-api.logflare.app} -LOGFLARE_DB_SOURCE=${LOGFLARE_DB_SOURCE:-postgres.logs} -LOGFLARE_GOTRUE_SOURCE=${LOGFLARE_GOTRUE_SOURCE:-gotrue.logs.prod} -LOGFLARE_POSTGREST_SOURCE=${LOGFLARE_POSTGREST_SOURCE:-postgREST.logs.prod} -LOGFLARE_PGBOUNCER_SOURCE=${LOGFLARE_PGBOUNCER_SOURCE:-pgbouncer.logs.prod} -LOGFLARE_PITR_ERRORS_SOURCE=${LOGFLARE_PITR_ERRORS_SOURCE:-pitr_errors.logs.prod} - -sed -i "s|{{ .ApiPort }}|$VECTOR_API_PORT|g" $VECTOR_CONF -sed -i "s|{{ .ProjectRef }}|$PROJECT_REF|g" $VECTOR_CONF -sed -i "s|{{ .LogflareHost }}|$LOGFLARE_HOST|g" $VECTOR_CONF -sed -i "s|{{ .ApiKey }}|$LOGFLARE_API_KEY|g" $VECTOR_CONF -sed -i "s|{{ .DbSource }}|$LOGFLARE_DB_SOURCE|g" $VECTOR_CONF -sed -i "s|{{ .GotrueSource }}|$LOGFLARE_GOTRUE_SOURCE|g" $VECTOR_CONF -sed -i "s|{{ .PostgrestSource }}|$LOGFLARE_POSTGREST_SOURCE|g" $VECTOR_CONF -sed -i "s|{{ .PgbouncerSource }}|$LOGFLARE_PGBOUNCER_SOURCE|g" $VECTOR_CONF -sed -i "s|{{ .PitrErrorsSource }}|$LOGFLARE_PITR_ERRORS_SOURCE|g" $VECTOR_CONF diff --git a/docker/all-in-one/init/start-kong.sh b/docker/all-in-one/init/start-kong.sh deleted file mode 100755 index 7418d26c4..000000000 --- a/docker/all-in-one/init/start-kong.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/bash -set -eou pipefail - -# In the event of a restart, properly stop any running kong instances first -# Confirmed by running /usr/local/bin/kong health -trap '/usr/local/bin/kong quit' EXIT -/usr/local/bin/kong start diff --git a/docker/all-in-one/opt/pg_egress_collect/pg_egress_collect.pl b/docker/all-in-one/opt/pg_egress_collect/pg_egress_collect.pl deleted file mode 100644 index 2acc98aa6..000000000 --- a/docker/all-in-one/opt/pg_egress_collect/pg_egress_collect.pl +++ /dev/null @@ -1,126 +0,0 @@ -#!/usr/bin/env perl - -# This script receive tcpdump output through STDIN and does: -# -# 1. extract outgoing TCP packet length on the 1st non-loopback device port 5432 and 6543 -# 2. sum the length up to one minute -# 3. save the total length to file (default is /tmp/pg_egress_collect.txt) per minute -# -# Usage: -# -# tcpdump -s 128 -Q out -nn -tt -vv -p -l 'tcp and (port 5432 or port 6543)' | perl pg_egress_collect.pl -o /tmp/output.txt -# - -use POSIX; -use List::Util qw(sum); -use Getopt::Long 'HelpMessage'; -use IO::Async::Loop; -use IO::Async::Stream; -use IO::Async::Timer::Periodic; - -use strict; -use warnings; - -# total captured packets lenth in a time frame -my $captured_len = 0; - -# extract tcp packet length captured by tcpdump -# -# Sample input lines: -# -# 1674013833.940253 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60) -# 10.112.101.122.5432 > 220.235.16.223.62599: Flags [S.], cksum 0x5de3 (incorrect -> 0x63da), seq 2314200657, ack 2071735457, win 62643, options [mss 8961,sackOK,TS val 3358598837 ecr 1277499190,nop,wscale 7], length 0 -# 1674013833.989257 IP (tos 0x0, ttl 64, id 24975, offset 0, flags [DF], proto TCP (6), length 52) -# 10.112.101.122.5432 > 220.235.16.223.62599: Flags [.], cksum 0x5ddb (incorrect -> 0xa25b), seq 1, ack 9, win 490, options [nop,nop,TS val 3358598885 ecr 1277499232], length 0 -sub extract_packet_length { - my ($line) = @_; - - #print("debug: >> " . $line); - - if ($line =~ /^\s+\d+\.\d+\.\d+\.\d+\..*, length (\d+)$/) { - # extract tcp packet length and add it up - my $len = $1; - $captured_len += $len; - } -} - -# write total length to file -sub write_file { - my ($output) = @_; - - my $now = strftime "%F %T", localtime time; - print "[$now] write captured len $captured_len to $output\n"; - - open(my $fh, "+>", $output) or die "Could not open file '$output' $!"; - print $fh "$captured_len"; - close($fh) or die "Could not write file '$output' $!"; -} - -# main -sub main { - # get arguments - GetOptions( - "interval:i" => \(my $interval = 60), - "output:s" => \(my $output = "/tmp/pg_egress_collect.txt"), - "help" => sub { HelpMessage(0) }, - ) or HelpMessage(1); - - my $loop = IO::Async::Loop->new; - - # tcpdump extractor - my $extractor = IO::Async::Stream->new_for_stdin( - on_read => sub { - my ($self, $buffref, $eof) = @_; - - while($$buffref =~ s/^(.*\n)//) { - my $line = $1; - extract_packet_length($line); - } - - return 0; - }, - ); - - # schedule file writer per minute - my $writer = IO::Async::Timer::Periodic->new( - interval => $interval, - on_tick => sub { - write_file($output); - - # reset total captured length - $captured_len = 0; - }, - ); - $writer->start; - - print "pg_egress_collect started, egress data will be saved to $output at interval $interval seconds.\n"; - - $loop->add($extractor); - $loop->add($writer); - $loop->run; -} - -main(); - -__END__ - -=head1 NAME - -pg_egress_collect.pl - collect egress from tcpdump output, extract TCP packet length, aggregate in specified interval and write to output file. - -=head1 SYNOPSIS - -pg_egress_collect.pl [-i interval] [-o output] - -Options: - - -i, --interval interval - output file write interval, in seconds, default is 60 seconds - - -o, --output output - output file path, default is /tmp/pg_egress_collect.txt - - -h, --help - print this help message - -=cut diff --git a/docker/all-in-one/opt/postgres_exporter/queries.yml b/docker/all-in-one/opt/postgres_exporter/queries.yml deleted file mode 100644 index 45b9058eb..000000000 --- a/docker/all-in-one/opt/postgres_exporter/queries.yml +++ /dev/null @@ -1,345 +0,0 @@ -set_timeout: - master: true - cache_seconds: 5 - query: "set statement_timeout to '20s'" - -pg_database: - master: true - cache_seconds: 60 - query: "SELECT SUM(pg_database_size(pg_database.datname)) / (1024 * 1024) as size_mb FROM pg_database" - metrics: - - size_mb: - usage: "GAUGE" - description: "Disk space used by the database" - -pg_stat_bgwriter: - master: true - cache_seconds: 60 - query: | - select checkpoints_timed as checkpoints_timed_total, - checkpoints_req as checkpoints_req_total, - checkpoint_write_time as checkpoint_write_time_total, - checkpoint_sync_time as checkpoint_sync_time_total, - buffers_checkpoint as buffers_checkpoint_total, - buffers_clean as buffers_clean_total, - maxwritten_clean as maxwritten_clean_total, - buffers_backend as buffers_backend_total, - buffers_backend_fsync as buffers_backend_fsync_total, - buffers_alloc as buffers_alloc_total, - stats_reset - from pg_stat_bgwriter - metrics: - - checkpoints_timed_total: - usage: "COUNTER" - description: "Scheduled checkpoints performed" - - checkpoints_req_total: - usage: "COUNTER" - description: "Requested checkpoints performed" - - checkpoint_write_time_total: - usage: "COUNTER" - description: "Time spent writing checkpoint files to disk" - - checkpoint_sync_time_total: - usage: "COUNTER" - description: "Time spent synchronizing checkpoint files to disk" - - buffers_checkpoint_total: - usage: "COUNTER" - description: "Buffers written during checkpoints" - - buffers_clean_total: - usage: "COUNTER" - description: "Buffers written by bg writter" - - maxwritten_clean_total: - usage: "COUNTER" - description: "Number of times bg writer stopped a cleaning scan because it had written too many buffers" - - buffers_backend_total: - usage: "COUNTER" - description: "Buffers written directly by a backend" - - buffers_backend_fsync_total: - usage: "COUNTER" - description: "fsync calls executed by a backend directly" - - buffers_alloc_total: - usage: "COUNTER" - description: "Buffers allocated" - - stats_reset: - usage: "COUNTER" - description: "Most recent stat reset time" - -pg_stat_database: - master: true - cache_seconds: 60 - query: | - SELECT sum(numbackends) as num_backends, - sum(xact_commit) as xact_commit_total, - sum(xact_rollback) as xact_rollback_total, - sum(blks_read) as blks_read_total, - sum(blks_hit) as blks_hit_total, - sum(tup_returned) as tup_returned_total, - sum(tup_fetched) as tup_fetched_total, - sum(tup_inserted) as tup_inserted_total, - sum(tup_updated) as tup_updated_total, - sum(tup_deleted) as tup_deleted_total, - sum(conflicts) as conflicts_total, - sum(temp_files) as temp_files_total, - sum(temp_bytes) as temp_bytes_total, - sum(deadlocks) as deadlocks_total, - max(stats_reset) as most_recent_reset - FROM pg_stat_database - metrics: - - num_backends: - usage: "GAUGE" - description: "The number of active backends" - - xact_commit_total: - usage: "COUNTER" - description: "Transactions committed" - - xact_rollback_total: - usage: "COUNTER" - description: "Transactions rolled back" - - blks_read_total: - usage: "COUNTER" - description: "Number of disk blocks read" - - blks_hit_total: - usage: "COUNTER" - description: "Disk blocks found in buffer cache" - - tup_returned_total: - usage: "COUNTER" - description: "Rows returned by queries" - - tup_fetched_total: - usage: "COUNTER" - description: "Rows fetched by queries" - - tup_inserted_total: - usage: "COUNTER" - description: "Rows inserted" - - tup_updated_total: - usage: "COUNTER" - description: "Rows updated" - - tup_deleted_total: - usage: "COUNTER" - description: "Rows deleted" - - conflicts_total: - usage: "COUNTER" - description: "Queries canceled due to conflicts with recovery" - - temp_files_total: - usage: "COUNTER" - description: "Temp files created by queries" - - temp_bytes_total: - usage: "COUNTER" - description: "Temp data written by queries" - - deadlocks_total: - usage: "COUNTER" - description: "Deadlocks detected" - - most_recent_reset: - usage: "COUNTER" - description: "The most recent time one of the databases had its statistics reset" - -pg_stat_database_conflicts: - master: true - cache_seconds: 60 - query: | - SELECT sum(confl_tablespace) as confl_tablespace_total, - sum(confl_lock) as confl_lock_total, - sum(confl_snapshot) as confl_snapshot_total, - sum(confl_bufferpin) as confl_bufferpin_total, - sum(confl_deadlock) as confl_deadlock_total - from pg_stat_database_conflicts - metrics: - - confl_tablespace_total: - usage: "COUNTER" - description: "Queries cancelled due to dropped tablespaces" - - confl_lock_total: - usage: "COUNTER" - description: "Queries cancelled due to lock timeouts" - - confl_snapshot_total: - usage: "COUNTER" - description: "Queries cancelled due to old snapshots" - - confl_bufferpin_total: - usage: "COUNTER" - description: "Queries cancelled due to pinned buffers" - - confl_deadlock_total: - usage: "COUNTER" - description: "Queries cancelled due to deadlocks" - -pg_stat_statements: - master: true - cache_seconds: 60 - query: "SELECT sum(calls) as total_queries, sum(total_exec_time / 1000) as total_time_seconds FROM extensions.pg_stat_statements t1 JOIN pg_database t3 ON (t1.dbid=t3.oid)" - metrics: - - total_queries: - usage: "COUNTER" - description: "Number of times executed" - - total_time_seconds: - usage: "COUNTER" - description: "Total time spent, in seconds" - -pg_ls_archive_statusdir: - master: true - cache_seconds: 60 - query: "select count(*) as wal_pending_count from pg_ls_archive_statusdir() where name like '%.ready'" - metrics: - - wal_pending_count: - usage: "COUNTER" - description: "Number of not yet archived WAL files" - -auth_users: - master: true - cache_seconds: 21600 # 6 hours - query: "select count(id) as user_count from auth.users" - metrics: - - user_count: - usage: "GAUGE" - description: "Number of users in the project db" - -realtime: - master: true - cache_seconds: 60 - query: "select count(1) as postgres_changes_total_subscriptions, count(distinct subscription_id) as postgres_changes_client_subscriptions from realtime.subscription" - metrics: - - postgres_changes_total_subscriptions: - usage: "GAUGE" - description: "Total subscription records listening for Postgres changes" - - postgres_changes_client_subscriptions: - usage: "GAUGE" - description: "Client subscriptions listening for Postgres changes" - -replication: - master: true - cache_seconds: 60 - query: "SELECT slot_name, pg_wal_lsn_diff(pg_current_wal_lsn(), restart_lsn) AS realtime_lag_bytes, active AS realtime_slot_status FROM pg_replication_slots WHERE slot_name LIKE ANY (ARRAY['realtime', 'realtime_rls', 'supabase_realtime_replication_slot%'])" - metrics: - - realtime_slot_name: - usage: "LABEL" - description: "Replication Slot Name for Realtime" - - realtime_lag_bytes: - usage: "GAUGE" - description: "Replication Lag for Realtime" - - realtime_slot_status: - usage: "GAUGE" - description: "Replication Slot Active Status" - -replication_slots: - master: true - cache_seconds: 60 - query: "SELECT max(pg_wal_lsn_diff(pg_current_wal_lsn(), restart_lsn)) AS max_lag_bytes FROM pg_replication_slots" - metrics: - - max_lag_bytes: - usage: "GAUGE" - description: "Max Replication Lag" - -storage: - master: true - cache_seconds: 60 - query: "select sum(size) / (1024 * 1024) as storage_size_mb from storage.get_size_by_bucket()" - metrics: - - storage_size_mb: - usage: "GAUGE" - description: "The total size used for all storage buckets, in mb" - -supabase_usage_metrics: - # pg_stat_statements collects metrics from all databases on the cluster, so querying just the master db should be sufficient - master: true - cache_seconds: 60 - query: | - select sum(calls) as user_queries_total - from extensions.pg_stat_statements - where query <> 'SELECT version()' - and query <> 'BEGIN ISOLATION LEVEL READ COMMITTED READ ONLY' - and query <> 'COMMIT' - and query <> 'SET client_encoding = ''UTF8''' - and query <> 'SET client_min_messages TO WARNING' - and query <> 'LISTEN "ddl_command_end"' - and query <> 'LISTEN "pgrst"' - and query <> 'SELECT * FROM migrations ORDER BY id' - and query <> 'SELECT COUNT(*) = $1 FROM pg_publication WHERE pubname = $2' - and query <> 'SELECT COUNT(*) >= $1 FROM pg_replication_slots WHERE slot_name = $2' - and query <> 'SELECT EXISTS (SELECT schema_migrations.* FROM schema_migrations AS schema_migrations WHERE version = $1)' - and query <> 'SELECT current_setting($1)::integer, current_setting($2)' - and query <> 'SELECT pg_advisory_unlock($1)' - and query <> 'SELECT pg_try_advisory_lock($1)' - and query <> 'SELECT slot_name, pg_wal_lsn_diff(pg_current_wal_lsn(), restart_lsn) FROM pg_replication_slots' - and query <> 'SELECT typname::text, oid::int4, typarray::int4 FROM pg_type WHERE typname IN ($1,$2) ORDER BY typname' - and query <> 'select * from schema_migrations' - and query <> 'set local schema ''''' - and query <> 'SELECT SUM(pg_database_size(pg_database.datname)) / ($1 * $2) as size_mb FROM pg_database' - and query not like 'select set_config(%' - and query not like '%LATERAL (SELECT * FROM pg_namespace WHERE pg_namespace.oid = other.relnamespace) AS ns2%' - and query not like '%LEFT JOIN (pg_collation co JOIN pg_namespace nco ON co.collnamespace = nco.oid)%' - and query not like '%LEFT JOIN pg_description as d ON d.objoid = p.oid%' - and query not like '%LEFT JOIN pg_description as d on d.objoid = c.oid%' - and query not like '%-- CTE to replace information_schema.key_column_usage to remove owner limit%' - and query not like '%join pg_namespace sch on sch.oid = tbl.relnamespace%' - and query not like '%select setdatabase, unnest(setconfig) as setting from pg_catalog.pg_db_role_setting%' - and lower(trim(regexp_replace(regexp_replace(query, E'\n', ' ', 'g'), E'\\s+', ' ', 'g'))) not in - ('with rows as ( select id from net.http_request_queue order by id limit $1 ) delete from net.http_request_queue q using rows where q.id = rows.id returning q.id, q.method, q.url, timeout_milliseconds, array(select key || $2 || value from jsonb_each_text(q.headers)), q.body', - 'with rows as ( select ctid from net._http_response where created < now() - $1 order by created limit $2 ) delete from net._http_response r using rows where r.ctid = rows.ctid', - -- version of query above before https://github.com/supabase/pg_net/commit/eaa721e11761da07d01fc04b5114c90cd7973b83 - 'with rows as ( select ctid from net._http_response where created < $1 - $2 order by created limit $3 ) delete from net._http_response r using rows where r.ctid = rows.ctid', - 'select exists ( select $2 from pg_catalog.pg_class c where c.relname = $1 and c.relkind = $3 )', - 'select description from pg_namespace n left join pg_description d on d.objoid = n.oid where n.nspname = $1', - 'select concat(schemaname, $1, tablename, $2, policyname) as policy from pg_policies order by 1 desc', - 'select concat(table_schema, $1, table_name) as table from information_schema.tables where table_schema not like $2 and table_schema <> $3 order by 1 desc', - 'select concat(conrelid::regclass, $1, conname) as fk from pg_constraint where contype = $2 order by 1 desc', - 'select datname from pg_database where datallowconn = $1 order by oid asc', - 'select count(*) > $1 as pgsodium_enabled from pg_extension where extname = $2', - 'select count(*) > $1 as keys_created from pgsodium.key') - and query <> 'insert into schema_migrations (version) values ($1)' - -- temporarily included for older versions of pg_net - and query not like 'SELECT%FROM net.http_request_queue%' - and query not like 'DELETE FROM net.http_request_queue%' - and query not like '%source: project usage%' - and query not like 'select name, setting from pg_settings where name in ($1, $2)%' - and userid not in (select oid from pg_roles where rolname in ('authenticator', 'pgbouncer', 'supabase_admin', 'supabase_storage_admin')) - metrics: - - user_queries_total: - usage: "COUNTER" - description: "The total number of user queries executed" - -pg_settings: - master: true - cache-seconds: 30 - query: "SELECT COUNT(*) as default_transaction_read_only FROM pg_settings WHERE name = 'default_transaction_read_only' AND setting = 'on';" - metrics: - - default_transaction_read_only: - usage: "GAUGE" - description: "Default transaction mode set to read only" - -pg_status: - master: true - cache-seconds: 60 - query: "SELECT CASE WHEN pg_is_in_recovery() = false THEN 0 ELSE 1 END as in_recovery" - metrics: - - in_recovery: - usage: "GAUGE" - description: "Database in recovery" - -# specific to read replicas -# for primary databases, all columns will always return a value of 0 -# --- -# for checking replication lag (physical_replication_lag_seconds) -# we firstly check if the replica is connected to its primary -# and if last WAL received is equivalent to last WAL replayed -# if so return 0 -# otherwise calculate replication lag as per usual -physical_replication_lag: - master: true - cache-seconds: 60 - query: | - select - case - when (select count(*) from pg_stat_wal_receiver) = 1 and pg_last_wal_receive_lsn() = pg_last_wal_replay_lsn() - then 0 - else coalesce(extract(epoch from now() - pg_last_xact_replay_timestamp()),0) - end as physical_replication_lag_seconds, - case - when pg_is_in_recovery() - then case when pg_is_wal_replay_paused() = false then 0 else 1 end - else 0 - end as is_wal_replay_paused, - (select count(*) from pg_stat_wal_receiver) as is_connected_to_primary - metrics: - - physical_replication_lag_seconds: - usage: "GAUGE" - description: "Physical replication lag in seconds" - - is_wal_replay_paused: - usage: "GAUGE" - description: "Check if WAL replay has been paused" - - is_connected_to_primary: - usage: "GAUGE" - description: "Monitor connection to the primary database" diff --git a/docker/all-in-one/postgres-entrypoint.sh b/docker/all-in-one/postgres-entrypoint.sh deleted file mode 100755 index 52bff7847..000000000 --- a/docker/all-in-one/postgres-entrypoint.sh +++ /dev/null @@ -1,358 +0,0 @@ -#!/usr/bin/env bash - -# Downloaded from https://github.com/docker-library/postgres/raw/master/15/bullseye/docker-entrypoint.sh -# Changes needed to make adminapi able to read the recovery.signal file: -# -44: chmod 00700 "$PGDATA" || : -# +44: chmod 00750 "$PGDATA" || : -# -# We're already including the original file in the base postgres Docker image. - -set -Eeo pipefail - -# usage: file_env VAR [DEFAULT] -# ie: file_env 'XYZ_DB_PASSWORD' 'example' -# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of -# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature) -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - printf >&2 'error: both %s and %s are set (but are exclusive)\n' "$var" "$fileVar" - exit 1 - fi - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - export "$var"="$val" - unset "$fileVar" -} - -# check to see if this file is being run or sourced from another script -_is_sourced() { - # https://unix.stackexchange.com/a/215279 - [ "${#FUNCNAME[@]}" -ge 2 ] \ - && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ - && [ "${FUNCNAME[1]}" = 'source' ] -} - -# used to create initial postgres directories and if run as root, ensure ownership to the "postgres" user -docker_create_db_directories() { - local user; user="$(id -u)" - - mkdir -p "$PGDATA" - # ignore failure since there are cases where we can't chmod (and PostgreSQL might fail later anyhow - it's picky about permissions of this directory) - chmod 00750 "$PGDATA" || : - - # ignore failure since it will be fine when using the image provided directory; see also https://github.com/docker-library/postgres/pull/289 - mkdir -p /var/run/postgresql || : - chmod 03775 /var/run/postgresql || : - - # Create the transaction log directory before initdb is run so the directory is owned by the correct user - if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then - mkdir -p "$POSTGRES_INITDB_WALDIR" - if [ "$user" = '0' ]; then - find "$POSTGRES_INITDB_WALDIR" \! -user postgres -exec chown postgres '{}' + - fi - chmod 700 "$POSTGRES_INITDB_WALDIR" - fi - - # allow the container to be started with `--user` - if [ "$user" = '0' ]; then - find "$PGDATA" \! -user postgres -exec chown postgres '{}' + - find /var/run/postgresql \! -user postgres -exec chown postgres '{}' + - fi -} - -# initialize empty PGDATA directory with new database via 'initdb' -# arguments to `initdb` can be passed via POSTGRES_INITDB_ARGS or as arguments to this function -# `initdb` automatically creates the "postgres", "template0", and "template1" dbnames -# this is also where the database user is created, specified by `POSTGRES_USER` env -docker_init_database_dir() { - # "initdb" is particular about the current user existing in "/etc/passwd", so we use "nss_wrapper" to fake that if necessary - # see https://github.com/docker-library/postgres/pull/253, https://github.com/docker-library/postgres/issues/359, https://cwrap.org/nss_wrapper.html - local uid; uid="$(id -u)" - if ! getent passwd "$uid" &> /dev/null; then - # see if we can find a suitable "libnss_wrapper.so" (https://salsa.debian.org/sssd-team/nss-wrapper/-/commit/b9925a653a54e24d09d9b498a2d913729f7abb15) - local wrapper - for wrapper in {/usr,}/lib{/*,}/libnss_wrapper.so; do - if [ -s "$wrapper" ]; then - NSS_WRAPPER_PASSWD="$(mktemp)" - NSS_WRAPPER_GROUP="$(mktemp)" - export LD_PRELOAD="$wrapper" NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - local gid; gid="$(id -g)" - printf 'postgres:x:%s:%s:PostgreSQL:%s:/bin/false\n' "$uid" "$gid" "$PGDATA" > "$NSS_WRAPPER_PASSWD" - printf 'postgres:x:%s:\n' "$gid" > "$NSS_WRAPPER_GROUP" - break - fi - done - fi - - if [ -n "${POSTGRES_INITDB_WALDIR:-}" ]; then - set -- --waldir "$POSTGRES_INITDB_WALDIR" "$@" - fi - - # --pwfile refuses to handle a properly-empty file (hence the "\n"): https://github.com/docker-library/postgres/issues/1025 - eval 'initdb --username="$POSTGRES_USER" --pwfile=<(printf "%s\n" "$POSTGRES_PASSWORD") '"$POSTGRES_INITDB_ARGS"' "$@"' - - # unset/cleanup "nss_wrapper" bits - if [[ "${LD_PRELOAD:-}" == */libnss_wrapper.so ]]; then - rm -f "$NSS_WRAPPER_PASSWD" "$NSS_WRAPPER_GROUP" - unset LD_PRELOAD NSS_WRAPPER_PASSWD NSS_WRAPPER_GROUP - fi -} - -# print large warning if POSTGRES_PASSWORD is long -# error if both POSTGRES_PASSWORD is empty and POSTGRES_HOST_AUTH_METHOD is not 'trust' -# print large warning if POSTGRES_HOST_AUTH_METHOD is set to 'trust' -# assumes database is not set up, ie: [ -z "$DATABASE_ALREADY_EXISTS" ] -docker_verify_minimum_env() { - # check password first so we can output the warning before postgres - # messes it up - if [ "${#POSTGRES_PASSWORD}" -ge 100 ]; then - cat >&2 <<-'EOWARN' - - WARNING: The supplied POSTGRES_PASSWORD is 100+ characters. - - This will not work if used via PGPASSWORD with "psql". - - https://www.postgresql.org/message-id/flat/E1Rqxp2-0004Qt-PL%40wrigleys.postgresql.org (BUG #6412) - https://github.com/docker-library/postgres/issues/507 - - EOWARN - fi - if [ -z "$POSTGRES_PASSWORD" ] && [ 'trust' != "$POSTGRES_HOST_AUTH_METHOD" ]; then - # The - option suppresses leading tabs but *not* spaces. :) - cat >&2 <<-'EOE' - Error: Database is uninitialized and superuser password is not specified. - You must specify POSTGRES_PASSWORD to a non-empty value for the - superuser. For example, "-e POSTGRES_PASSWORD=password" on "docker run". - - You may also use "POSTGRES_HOST_AUTH_METHOD=trust" to allow all - connections without a password. This is *not* recommended. - - See PostgreSQL documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - EOE - exit 1 - fi - if [ 'trust' = "$POSTGRES_HOST_AUTH_METHOD" ]; then - cat >&2 <<-'EOWARN' - ******************************************************************************** - WARNING: POSTGRES_HOST_AUTH_METHOD has been set to "trust". This will allow - anyone with access to the Postgres port to access your database without - a password, even if POSTGRES_PASSWORD is set. See PostgreSQL - documentation about "trust": - https://www.postgresql.org/docs/current/auth-trust.html - In Docker's default configuration, this is effectively any other - container on the same system. - - It is not recommended to use POSTGRES_HOST_AUTH_METHOD=trust. Replace - it with "-e POSTGRES_PASSWORD=password" instead to set a password in - "docker run". - ******************************************************************************** - EOWARN - fi -} - -# usage: docker_process_init_files [file [file [...]]] -# ie: docker_process_init_files /always-initdb.d/* -# process initializer files, based on file extensions and permissions -docker_process_init_files() { - # psql here for backwards compatibility "${psql[@]}" - psql=( docker_process_sql ) - - printf '\n' - local f - for f; do - case "$f" in - *.sh) - # https://github.com/docker-library/postgres/issues/450#issuecomment-393167936 - # https://github.com/docker-library/postgres/pull/452 - if [ -x "$f" ]; then - printf '%s: running %s\n' "$0" "$f" - "$f" - else - printf '%s: sourcing %s\n' "$0" "$f" - . "$f" - fi - ;; - *.sql) printf '%s: running %s\n' "$0" "$f"; docker_process_sql -f "$f"; printf '\n' ;; - *.sql.gz) printf '%s: running %s\n' "$0" "$f"; gunzip -c "$f" | docker_process_sql; printf '\n' ;; - *.sql.xz) printf '%s: running %s\n' "$0" "$f"; xzcat "$f" | docker_process_sql; printf '\n' ;; - *.sql.zst) printf '%s: running %s\n' "$0" "$f"; zstd -dc "$f" | docker_process_sql; printf '\n' ;; - *) printf '%s: ignoring %s\n' "$0" "$f" ;; - esac - printf '\n' - done -} - -# Execute sql script, passed via stdin (or -f flag of pqsl) -# usage: docker_process_sql [psql-cli-args] -# ie: docker_process_sql --dbname=mydb <<<'INSERT ...' -# ie: docker_process_sql -f my-file.sql -# ie: docker_process_sql > "$PGDATA/pg_hba.conf" -} - -# start socket-only postgresql server for setting up or running scripts -# all arguments will be passed along as arguments to `postgres` (via pg_ctl) -docker_temp_server_start() { - if [ "$1" = 'postgres' ]; then - shift - fi - - # internal start of server in order to allow setup using psql client - # does not listen on external TCP/IP and waits until start finishes - set -- "$@" -c listen_addresses='' -p "${PGPORT:-5432}" - - PGUSER="${PGUSER:-$POSTGRES_USER}" \ - pg_ctl -D "$PGDATA" \ - -o "$(printf '%q ' "$@")" \ - -w start -} - -# stop postgresql server after done setting up user and running scripts -docker_temp_server_stop() { - PGUSER="${PGUSER:-postgres}" \ - pg_ctl -D "$PGDATA" -m fast -w stop -} - -# check arguments for an option that would cause postgres to stop -# return true if there is one -_pg_want_help() { - local arg - for arg; do - case "$arg" in - # postgres --help | grep 'then exit' - # leaving out -C on purpose since it always fails and is unhelpful: - # postgres: could not access the server configuration file "/var/lib/postgresql/data/postgresql.conf": No such file or directory - -'?'|--help|--describe-config|-V|--version) - return 0 - ;; - esac - done - return 1 -} - -_main() { - # if first arg looks like a flag, assume we want to run postgres server - if [ "${1:0:1}" = '-' ]; then - set -- postgres "$@" - fi - - if [ "$1" = 'postgres' ] && ! _pg_want_help "$@"; then - docker_setup_env - # setup data directories and permissions (when run as root) - docker_create_db_directories - if [ "$(id -u)" = '0' ]; then - # then restart script as postgres user - exec gosu postgres "$BASH_SOURCE" "$@" - fi - - # only run initialization on an empty data directory - if [ -z "$DATABASE_ALREADY_EXISTS" ]; then - docker_verify_minimum_env - - # check dir permissions to reduce likelihood of half-initialized database - ls /docker-entrypoint-initdb.d/ > /dev/null - - docker_init_database_dir - pg_setup_hba_conf "$@" - - # PGPASSWORD is required for psql when authentication is required for 'local' connections via pg_hba.conf and is otherwise harmless - # e.g. when '--auth=md5' or '--auth-local=md5' is used in POSTGRES_INITDB_ARGS - export PGPASSWORD="${PGPASSWORD:-$POSTGRES_PASSWORD}" - docker_temp_server_start "$@" - - docker_setup_db - docker_process_init_files /docker-entrypoint-initdb.d/* - - docker_temp_server_stop - unset PGPASSWORD - - cat <<-'EOM' - - PostgreSQL init process complete; ready for start up. - - EOM - else - cat <<-'EOM' - - PostgreSQL Database directory appears to contain a database; Skipping initialization - - EOM - fi - fi - - exec "$@" -} - -if ! _is_sourced; then - _main "$@" -fi diff --git a/docker/all-in-one/run-logrotate.sh b/docker/all-in-one/run-logrotate.sh deleted file mode 100755 index 40805f855..000000000 --- a/docker/all-in-one/run-logrotate.sh +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/bash - -set -eou pipefail - -while true; do - sleep 1800 - /usr/sbin/logrotate /etc/logrotate.conf --state "${DATA_VOLUME_MOUNTPOINT}/etc/logrotate/logrotate.state" --verbose -done diff --git a/docker/all-in-one/shutdown.sh b/docker/all-in-one/shutdown.sh deleted file mode 100755 index 9f5beb250..000000000 --- a/docker/all-in-one/shutdown.sh +++ /dev/null @@ -1,96 +0,0 @@ -#!/bin/bash - -# This script provides a method of shutting down the machine/container when the database has been idle -# for a certain amount of time (configurable via the MAX_IDLE_TIME_MINUTES env var) -# -# It checks for any active (non-idle) connections and for any connections which have been idle for more than MAX_IDLE_TIME_MINUTES. -# If there are no active connections and no idle connections, it then checks if the last disconnection event happened more than MAX_IDLE_TIME_MINUTES ago. -# -# If all of these conditions are met, then Postgres is shut down, allowing it to wrap up any pending transactions (such as WAL shippipng) and gracefully exit. -# To terminate the machine/container, a SIGTERM signal is sent to the top-level process (supervisord) which will then shut down all other processes and exit. - -DEFAULT_MAX_IDLE_TIME_MINUTES=${MAX_IDLE_TIME_MINUTES:-5} -CONFIG_FILE_PATH=${CONFIG_FILE_PATH:-/etc/supa-shutdown/shutdown.conf} - -run_sql() { - psql -h localhost -U supabase_admin -d postgres "$@" -} - -check_activity() { - pg_isready -h localhost > /dev/null 2>&1 || (echo "Postgres is not ready yet" && exit 1) - - QUERY=$(cat </dev/null || echo 0) - NOW=$(date +%s) - TIME_SINCE_LAST_DISCONNECT="$((NOW - LAST_DISCONNECT_TIME))" - - if [ $TIME_SINCE_LAST_DISCONNECT -gt "$((MAX_IDLE_TIME_MINUTES * 60))" ]; then - echo "$(date): No active connections for $MAX_IDLE_TIME_MINUTES minutes. Shutting down." - - supervisorctl stop postgresql - - # Postgres ships the latest WAL file using archive_command during shutdown, in a blocking operation - # This is to ensure that the WAL file is shipped, just in case - sleep 1 - - /usr/bin/admin-mgr lsn-checkpoint-push --immediately || echo "Failed to push LSN checkpoint" - - kill -s TERM "$(supervisorctl pid)" - fi -} - -# Wait for Postgres to be up -until pg_isready -h localhost > /dev/null 2>&1; - do sleep 3 -done - -# Enable logging of disconnections so the script can check when the last disconnection happened -run_sql -c "ALTER SYSTEM SET log_disconnections = 'on';" -run_sql -c "SELECT pg_reload_conf();" - -sleep $((DEFAULT_MAX_IDLE_TIME_MINUTES * 60)) -while true; do - if [ -f "$CONFIG_FILE_PATH" ]; then - source "$CONFIG_FILE_PATH" - - if [ -z "$SHUTDOWN_IDLE_TIME_MINUTES" ]; then - MAX_IDLE_TIME_MINUTES="$DEFAULT_MAX_IDLE_TIME_MINUTES" - else - MAX_IDLE_TIME_MINUTES="$SHUTDOWN_IDLE_TIME_MINUTES" - fi - else - MAX_IDLE_TIME_MINUTES="$DEFAULT_MAX_IDLE_TIME_MINUTES" - fi - - if [ "$MAX_IDLE_TIME_MINUTES" -gt 0 ] && [ "$MAX_IDLE_TIME_MINUTES" -lt 50000000 ]; then - check_activity - fi - - sleep 30 -done diff --git a/docker/cache/.gitkeep b/docker/cache/.gitkeep deleted file mode 100644 index e69de29bb..000000000 diff --git a/docker/orioledb/Dockerfile b/docker/orioledb/Dockerfile deleted file mode 100644 index 7adb7d74a..000000000 --- a/docker/orioledb/Dockerfile +++ /dev/null @@ -1,1059 +0,0 @@ -# syntax=docker/dockerfile:1.6 -ARG postgresql_major=15 -ARG postgresql_release=${postgresql_major}.1 - -# Bump default build arg to build a package from source -# Bump vars.yml to specify runtime package version -ARG sfcgal_release=1.3.10 -ARG postgis_release=3.3.2 -ARG pgrouting_release=3.4.1 -ARG pgtap_release=1.2.0 -ARG pg_cron_release=1.6.2 -ARG pgaudit_release=1.7.0 -ARG pgjwt_release=9742dab1b2f297ad3811120db7b21451bca2d3c9 -ARG pgsql_http_release=1.5.0 -ARG plpgsql_check_release=2.2.5 -ARG pg_safeupdate_release=1.4 -ARG timescaledb_release=2.9.1 -ARG wal2json_release=2_5 -ARG pljava_release=1.6.4 -ARG plv8_release=3.1.5 -ARG pg_plan_filter_release=5081a7b5cb890876e67d8e7486b6a64c38c9a492 -ARG pg_net_release=0.9.2 -ARG rum_release=1.3.13 -ARG pg_hashids_release=cd0e1b31d52b394a0df64079406a14a4f7387cd6 -ARG libsodium_release=1.0.18 -ARG pgsodium_release=3.1.6 -ARG pg_graphql_release=1.5.1 -ARG pg_stat_monitor_release=1.1.1 -ARG pg_jsonschema_release=0.2.0 -ARG pg_repack_release=1.4.8 -ARG vault_release=0.2.8 -ARG groonga_release=12.0.8 -ARG pgroonga_release=2.4.0 -ARG wrappers_release=0.2.0 -ARG hypopg_release=1.3.1 -ARG pgvector_release=0.4.0 -ARG pg_tle_release=1.3.2 -ARG index_advisor_release=0.2.0 -ARG supautils_release=2.5.0 -ARG wal_g_release=2.0.1 - -#################### -# Install postgres -#################### -FROM orioledb/orioledb:latest-pg${postgresql_major}-ubuntu as base -# Redeclare args for use in subsequent stages -ARG TARGETARCH -ARG postgresql_major - -ENV PATH=$PATH:/usr/lib/postgresql/${postgresql_major}/bin -ENV PGDATA=/var/lib/postgresql/data - -# Make the "en_US.UTF-8" locale so postgres will be utf-8 enabled by default -# RUN localedef -i en_US -c -f UTF-8 -A /usr/share/locale/locale.alias en_US.UTF-8 -ENV LANG=en_US.UTF-8 -ENV LC_CTYPE=C.UTF-8 -ENV LC_COLLATE=C - -FROM base as builder -# Install build dependencies -RUN apt-get update && apt-get install -y --no-install-recommends \ - build-essential \ - checkinstall \ - cmake \ - && rm -rf /var/lib/apt/lists/* /tmp/* - -FROM builder as ccache -# Cache large build artifacts -RUN apt-get update && apt-get install -y --no-install-recommends \ - clang \ - ccache \ - && rm -rf /var/lib/apt/lists/* -ENV CCACHE_DIR=/ccache -ENV PATH=/usr/lib/ccache:$PATH -# Used to update ccache -ARG CACHE_EPOCH - -FROM builder as rust-toolchain -ENV PATH=/root/.cargo/bin:$PATH -RUN apt-get update && apt-get install -y --no-install-recommends curl pkg-config && \ - curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --no-modify-path --profile minimal --default-toolchain stable && \ - rustup --version && \ - rustc --version && \ - cargo --version - -RUN cargo install cargo-pgrx --version 0.10.2 --locked -RUN cargo pgrx init --pg${postgresql_major} $(which pg_config) - -#################### -# 01-postgis.yml -#################### -FROM ccache as sfcgal -# Download and extract -ARG sfcgal_release -ARG sfcgal_release_checksum -ADD --checksum=${sfcgal_release_checksum} \ - "https://supabase-public-artifacts-bucket.s3.amazonaws.com/sfcgal/SFCGAL-v${sfcgal_release}.tar.gz" \ - /tmp/sfcgal.tar.gz -RUN tar -xvf /tmp/sfcgal.tar.gz -C /tmp --one-top-level --strip-components 1 && \ - rm -rf /tmp/sfcgal.tar.gz -# Install build dependencies -RUN apt-get update && apt-get install -y --no-install-recommends \ - libcgal-dev \ - libboost-serialization1.71-dev \ - libmpfr-dev \ - libgmp-dev \ - && rm -rf /var/lib/apt/lists/* -# Build from source -WORKDIR /tmp/sfcgal/build -RUN cmake .. -RUN --mount=type=cache,target=/ccache,from=public.ecr.aws/supabase/postgres:ccache \ - make -j$(nproc) -# Create debian package -RUN checkinstall -D --install=yes --fstrans=no --backup=no --pakdir=/tmp --pkgname=sfcgal --pkgversion=${sfcgal_release} --requires=libgmpxx4ldbl,libboost-serialization1.71.0,libmpfr6 --nodoc - -FROM sfcgal as postgis-source -# Download and extract -ARG postgis_release -ARG postgis_release_checksum -ADD --checksum=${postgis_release_checksum} \ - "https://supabase-public-artifacts-bucket.s3.amazonaws.com/postgis-${postgis_release}.tar.gz" \ - /tmp/postgis.tar.gz -RUN tar -xvf /tmp/postgis.tar.gz -C /tmp && \ - rm -rf /tmp/postgis.tar.gz -# Install build dependencies -RUN apt-get update && apt-get install -y --no-install-recommends \ - protobuf-c-compiler \ - libgeos-dev \ - libproj-dev \ - libgdal-dev \ - libjson-c-dev \ - libxml2-dev \ - libprotobuf-c-dev \ - && rm -rf /var/lib/apt/lists/* -# Build from source -WORKDIR /tmp/postgis-${postgis_release} -RUN ./configure --with-sfcgal -RUN --mount=type=cache,target=/ccache,from=public.ecr.aws/supabase/postgres:ccache \ - make -j$(nproc) -# Create debian package -RUN checkinstall -D --install=no --fstrans=no --backup=no --pakdir=/tmp --requires=libgeos-c1v5,libproj15,libjson-c4,libprotobuf-c1,libgdal26 --nodoc - -#################### -# 02-pgrouting.yml -#################### -FROM ccache as pgrouting-source -# Download and extract -ARG pgrouting_release -ARG pgrouting_release_checksum -ADD --checksum=${pgrouting_release_checksum} \ - "https://github.com/pgRouting/pgrouting/releases/download/v${pgrouting_release}/pgrouting-${pgrouting_release}.tar.gz" \ - /tmp/pgrouting.tar.gz -RUN tar -xvf /tmp/pgrouting.tar.gz -C /tmp && \ - rm -rf /tmp/pgrouting.tar.gz -# Install build dependencies -RUN apt-get update && apt-get install -y --no-install-recommends \ - libboost-all-dev \ - && rm -rf /var/lib/apt/lists/* -# Build from source -WORKDIR /tmp/pgrouting-${pgrouting_release}/build -RUN cmake -DBUILD_HTML=OFF -DBUILD_DOXY=OFF .. -RUN --mount=type=cache,target=/ccache,from=public.ecr.aws/supabase/postgres:ccache \ - make -j$(nproc) -# Create debian package -RUN checkinstall -D --install=no --fstrans=no --backup=no --pakdir=/tmp --pkgname=pgrouting --pkgversion=${pgrouting_release} --nodoc - -#################### -# 03-pgtap.yml -#################### -FROM builder as pgtap-source -# Download and extract -ARG pgtap_release -ARG pgtap_release_checksum -ADD --checksum=${pgtap_release_checksum} \ - "https://github.com/theory/pgtap/archive/v${pgtap_release}.tar.gz" \ - /tmp/pgtap.tar.gz -RUN tar -xvf /tmp/pgtap.tar.gz -C /tmp && \ - rm -rf /tmp/pgtap.tar.gz -# Build from source -WORKDIR /tmp/pgtap-${pgtap_release} -RUN make -j$(nproc) -# Create debian package -RUN checkinstall -D --install=no --fstrans=no --backup=no --pakdir=/tmp --nodoc - -#################### -# 04-pg_cron.yml -#################### -FROM ccache as pg_cron-source -# Download and extract -ARG pg_cron_release -ARG pg_cron_release_checksum -ADD --checksum=${pg_cron_release_checksum} \ - "https://github.com/citusdata/pg_cron/archive/refs/tags/v${pg_cron_release}.tar.gz" \ - /tmp/pg_cron.tar.gz -RUN tar -xvf /tmp/pg_cron.tar.gz -C /tmp && \ - rm -rf /tmp/pg_cron.tar.gz -# Build from source -WORKDIR /tmp/pg_cron-${pg_cron_release} -# error: redefinition of typedef 'snapshot_hook_type' is a C11 feature [-Werror,-Wtypedef-redefinition] -RUN sed -i -e "s|-std=c99|-std=c11|g" Makefile -RUN --mount=type=cache,target=/ccache,from=public.ecr.aws/supabase/postgres:ccache \ - make -j$(nproc) -# Create debian package -RUN checkinstall -D --install=no --fstrans=no --backup=no --pakdir=/tmp --nodoc - -#################### -# 05-pgaudit.yml -#################### -FROM ccache as pgaudit-source -# Download and extract -ARG pgaudit_release -ARG pgaudit_release_checksum -ADD --checksum=${pgaudit_release_checksum} \ - "https://github.com/pgaudit/pgaudit/archive/refs/tags/${pgaudit_release}.tar.gz" \ - /tmp/pgaudit.tar.gz -RUN tar -xvf /tmp/pgaudit.tar.gz -C /tmp && \ - rm -rf /tmp/pgaudit.tar.gz -# Install build dependencies -RUN apt-get update && apt-get install -y --no-install-recommends \ - libssl-dev \ - libkrb5-dev \ - && rm -rf /var/lib/apt/lists/* -# Build from source -WORKDIR /tmp/pgaudit-${pgaudit_release} -ENV USE_PGXS=1 -RUN --mount=type=cache,target=/ccache,from=public.ecr.aws/supabase/postgres:ccache \ - make -j$(nproc) -# Create debian package -RUN checkinstall -D --install=no --fstrans=no --backup=no --pakdir=/tmp --nodoc - -#################### -# 06-pgjwt.yml -#################### -FROM builder as pgjwt-source -# Download and extract -ARG pgjwt_release -ADD "https://github.com/michelp/pgjwt.git#${pgjwt_release}" \ - /tmp/pgjwt-${pgjwt_release} -# Build from source -WORKDIR /tmp/pgjwt-${pgjwt_release} -RUN make -j$(nproc) -# Create debian package -RUN checkinstall -D --install=no --fstrans=no --backup=no --pakdir=/tmp --pkgversion=1 --nodoc - -#################### -# 07-pgsql-http.yml -#################### -FROM ccache as pgsql-http-source -# Download and extract -ARG pgsql_http_release -ARG pgsql_http_release_checksum -ADD --checksum=${pgsql_http_release_checksum} \ - "https://github.com/pramsey/pgsql-http/archive/refs/tags/v${pgsql_http_release}.tar.gz" \ - /tmp/pgsql-http.tar.gz -RUN tar -xvf /tmp/pgsql-http.tar.gz -C /tmp && \ - rm -rf /tmp/pgsql-http.tar.gz -# Install build dependencies -RUN apt-get update && apt-get install -y --no-install-recommends \ - libcurl4-gnutls-dev \ - && rm -rf /var/lib/apt/lists/* -# Build from source -WORKDIR /tmp/pgsql-http-${pgsql_http_release} -RUN --mount=type=cache,target=/ccache,from=public.ecr.aws/supabase/postgres:ccache \ - make -j$(nproc) -# Create debian package -RUN checkinstall -D --install=no --fstrans=no --backup=no --pakdir=/tmp --requires=libcurl3-gnutls --nodoc - -#################### -# 08-plpgsql_check.yml -#################### -FROM ccache as plpgsql_check-source -# Download and extract -ARG plpgsql_check_release -ARG plpgsql_check_release_checksum -ADD --checksum=${plpgsql_check_release_checksum} \ - "https://github.com/okbob/plpgsql_check/archive/refs/tags/v${plpgsql_check_release}.tar.gz" \ - /tmp/plpgsql_check.tar.gz -RUN tar -xvf /tmp/plpgsql_check.tar.gz -C /tmp && \ - rm -rf /tmp/plpgsql_check.tar.gz -# Install build dependencies -RUN apt-get update && apt-get install -y --no-install-recommends \ - libicu-dev \ - && rm -rf /var/lib/apt/lists/* -# Build from source -WORKDIR /tmp/plpgsql_check-${plpgsql_check_release} -RUN --mount=type=cache,target=/ccache,from=public.ecr.aws/supabase/postgres:ccache \ - make -j$(nproc) -# Create debian package -RUN checkinstall -D --install=no --fstrans=no --backup=no --pakdir=/tmp --nodoc - -#################### -# 09-pg-safeupdate.yml -#################### -FROM ccache as pg-safeupdate-source -# Download and extract -ARG pg_safeupdate_release -ARG pg_safeupdate_release_checksum -ADD --checksum=${pg_safeupdate_release_checksum} \ - "https://github.com/eradman/pg-safeupdate/archive/refs/tags/${pg_safeupdate_release}.tar.gz" \ - /tmp/pg-safeupdate.tar.gz -RUN tar -xvf /tmp/pg-safeupdate.tar.gz -C /tmp && \ - rm -rf /tmp/pg-safeupdate.tar.gz -# Build from source -WORKDIR /tmp/pg-safeupdate-${pg_safeupdate_release} -RUN --mount=type=cache,target=/ccache,from=public.ecr.aws/supabase/postgres:ccache \ - make -j$(nproc) -# Create debian package -RUN checkinstall -D --install=no --fstrans=no --backup=no --pakdir=/tmp --nodoc - -#################### -# 10-timescaledb.yml -#################### -FROM ccache as timescaledb-source -# Download and extract -ARG timescaledb_release -ARG timescaledb_release_checksum -ADD --checksum=${timescaledb_release_checksum} \ - "https://github.com/timescale/timescaledb/archive/refs/tags/${timescaledb_release}.tar.gz" \ - /tmp/timescaledb.tar.gz -RUN tar -xvf /tmp/timescaledb.tar.gz -C /tmp && \ - rm -rf /tmp/timescaledb.tar.gz -# Build from source -WORKDIR /tmp/timescaledb-${timescaledb_release}/build -RUN cmake -DAPACHE_ONLY=1 .. -# error: too few arguments to function ‘table_tuple_update’ -# error: too few arguments to function ‘table_tuple_delete’ -RUN sed -i \ - -e "1981s|);|, NULL);|g" \ - -e "2567s|);|, NULL);|g" \ - ../src/nodes/hypertable_modify.c -RUN --mount=type=cache,target=/ccache,from=public.ecr.aws/supabase/postgres:ccache \ - make -j$(nproc) -# Create debian package -RUN checkinstall -D --install=no --fstrans=no --backup=no --pakdir=/tmp --pkgname=timescaledb --pkgversion=${timescaledb_release} --nodoc - -#################### -# 11-wal2json.yml -#################### -FROM ccache as wal2json-source -# Download and extract -ARG wal2json_release -ARG wal2json_release_checksum -ADD --checksum=${wal2json_release_checksum} \ - "https://github.com/eulerto/wal2json/archive/refs/tags/wal2json_${wal2json_release}.tar.gz" \ - /tmp/wal2json.tar.gz -RUN tar -xvf /tmp/wal2json.tar.gz -C /tmp --one-top-level --strip-components 1 && \ - rm -rf /tmp/wal2json.tar.gz -# Build from source -WORKDIR /tmp/wal2json -RUN --mount=type=cache,target=/ccache,from=public.ecr.aws/supabase/postgres:ccache \ - make -j$(nproc) -# Create debian package -ENV version=${wal2json_release} -RUN checkinstall -D --install=no --fstrans=no --backup=no --pakdir=/tmp --pkgversion="\${version/_/.}" --nodoc - -#################### -# 12-pljava.yml -#################### -FROM builder as pljava-source -# Download and extract -# TODO: revert to using main repo after PG15 support is merged: https://github.com/tada/pljava/pull/413 -ARG pljava_release=master -ARG pljava_release_checksum=sha256:e99b1c52f7b57f64c8986fe6ea4a6cc09d78e779c1643db060d0ac66c93be8b6 -ADD --checksum=${pljava_release_checksum} \ - "https://github.com/supabase/pljava/archive/refs/heads/${pljava_release}.tar.gz" \ - /tmp/pljava.tar.gz -RUN tar -xvf /tmp/pljava.tar.gz -C /tmp && \ - rm -rf /tmp/pljava.tar.gz -# Install build dependencies -RUN apt-get update && apt-get install -y --no-install-recommends \ - maven \ - default-jdk \ - libssl-dev \ - libkrb5-dev \ - && rm -rf /var/lib/apt/lists/* -# Build from source -WORKDIR /tmp/pljava-${pljava_release} -RUN mvn -T 1C clean install -Dmaven.test.skip -DskipTests -Dmaven.javadoc.skip=true -# Create debian package -RUN cp pljava-packaging/target/pljava-pg${postgresql_major}.jar /tmp/ - -#################### -# 13-plv8.yml -#################### -FROM ccache as plv8-source -# Download and extract -ARG plv8_release -ARG plv8_release_checksum -ADD --checksum=${plv8_release_checksum} \ - "https://github.com/plv8/plv8/archive/refs/tags/v${plv8_release}.tar.gz" \ - /tmp/plv8.tar.gz -RUN tar -xvf /tmp/plv8.tar.gz -C /tmp && \ - rm -rf /tmp/plv8.tar.gz -# Install build dependencies -RUN apt-get update && apt-get install -y --no-install-recommends \ - ca-certificates \ - pkg-config \ - ninja-build \ - git \ - libtinfo5 \ - && rm -rf /var/lib/apt/lists/* -# Build from source -WORKDIR /tmp/plv8-${plv8_release} -ENV DOCKER=1 -RUN --mount=type=cache,target=/ccache,from=public.ecr.aws/supabase/postgres:ccache \ - make -# Create debian package -RUN checkinstall -D --install=no --fstrans=no --backup=no --pakdir=/tmp --nodoc - -FROM scratch as plv8-deb -COPY --from=plv8-source /tmp/*.deb /tmp/ - -FROM ghcr.io/supabase/plv8:${plv8_release}-pg${postgresql_major} as plv8 - -#################### -# 14-pg_plan_filter.yml -#################### -FROM ccache as pg_plan_filter-source -# Download and extract -ARG pg_plan_filter_release -ADD "https://github.com/pgexperts/pg_plan_filter.git#${pg_plan_filter_release}" \ - /tmp/pg_plan_filter-${pg_plan_filter_release} -# Build from source -WORKDIR /tmp/pg_plan_filter-${pg_plan_filter_release} -RUN --mount=type=cache,target=/ccache,from=public.ecr.aws/supabase/postgres:ccache \ - make -j$(nproc) -# Create debian package -RUN checkinstall -D --install=no --fstrans=no --backup=no --pakdir=/tmp --pkgversion=1 --nodoc - -#################### -# 15-pg_net.yml -#################### -FROM ccache as pg_net-source -# Download and extract -ARG pg_net_release -ARG pg_net_release_checksum -ADD --checksum=${pg_net_release_checksum} \ - "https://github.com/supabase/pg_net/archive/refs/tags/v${pg_net_release}.tar.gz" \ - /tmp/pg_net.tar.gz -RUN tar -xvf /tmp/pg_net.tar.gz -C /tmp && \ - rm -rf /tmp/pg_net.tar.gz -# Install build dependencies -RUN apt-get update && apt-get install -y --no-install-recommends \ - libcurl4-gnutls-dev \ - && rm -rf /var/lib/apt/lists/* -# Build from source -WORKDIR /tmp/pg_net-${pg_net_release} -RUN --mount=type=cache,target=/ccache,from=public.ecr.aws/supabase/postgres:ccache \ - make -j$(nproc) -# Create debian package -RUN checkinstall -D --install=no --fstrans=no --backup=no --pakdir=/tmp --requires=libcurl3-gnutls --nodoc - -#################### -# 16-rum.yml -#################### -FROM ccache as rum-source -# Download and extract -ARG rum_release -ARG rum_release_checksum -ADD --checksum=${rum_release_checksum} \ - "https://github.com/postgrespro/rum/archive/refs/tags/${rum_release}.tar.gz" \ - /tmp/rum.tar.gz -RUN tar -xvf /tmp/rum.tar.gz -C /tmp && \ - rm -rf /tmp/rum.tar.gz -# Install build dependencies -RUN apt-get update && apt-get install -y --no-install-recommends \ - systemtap-sdt-dev \ - && rm -rf /var/lib/apt/lists/* -# Build from source -WORKDIR /tmp/rum-${rum_release} -RUN sed -i \ - # error: typedef redefinition with different types ('struct SortTuple' vs 'struct SortTuple') - -e "183s|^|// |g" \ - -e "184s|^|// |g" \ - -e "185s|^|// |g" \ - -e "186s|^|// |g" \ - -e "187s|^|// |g" \ - -e "188s|^|// |g" \ - -e "189s|^|// |g" \ - # error: static declaration of 'tuplesort_begin_common' follows non-static declaration - -e "621s|static ||g" \ - # error: static declaration of 'tuplesort_begin_common' follows non-static declaration - -e "846s|static ||g" \ - # error: static declaration of 'tuplesort_gettuple_common' follows non-static declaration - -e "2308s|static ||g" \ - src/tuplesort15.c -ENV USE_PGXS=1 -RUN --mount=type=cache,target=/ccache,from=public.ecr.aws/supabase/postgres:ccache \ - make -j$(nproc) -# Create debian package -RUN checkinstall -D --install=no --fstrans=no --backup=no --pakdir=/tmp --nodoc - -#################### -# 17-pg_hashids.yml -#################### -FROM ccache as pg_hashids-source -# Download and extract -ARG pg_hashids_release -ADD "https://github.com/iCyberon/pg_hashids.git#${pg_hashids_release}" \ - /tmp/pg_hashids-${pg_hashids_release} -# Build from source -WORKDIR /tmp/pg_hashids-${pg_hashids_release} -RUN make -j$(nproc) -# Create debian package -RUN checkinstall -D --install=no --fstrans=no --backup=no --pakdir=/tmp --pkgversion=1 --nodoc - -#################### -# 18-pgsodium.yml -#################### -FROM ccache as libsodium -# Download and extract -ARG libsodium_release -ARG libsodium_release_checksum -ADD --checksum=${libsodium_release_checksum} \ - "https://supabase-public-artifacts-bucket.s3.amazonaws.com/libsodium/libsodium-${libsodium_release}.tar.gz" \ - /tmp/libsodium.tar.gz -RUN tar -xvf /tmp/libsodium.tar.gz -C /tmp && \ - rm -rf /tmp/libsodium.tar.gz -# Build from source -WORKDIR /tmp/libsodium-${libsodium_release} -RUN ./configure -RUN --mount=type=cache,target=/ccache,from=public.ecr.aws/supabase/postgres:ccache \ - make -j$(nproc) -RUN make install - -FROM libsodium as pgsodium-source -# Download and extract -ARG pgsodium_release -ARG pgsodium_release_checksum -ADD --checksum=${pgsodium_release_checksum} \ - "https://github.com/michelp/pgsodium/archive/refs/tags/v${pgsodium_release}.tar.gz" \ - /tmp/pgsodium.tar.gz -RUN tar -xvf /tmp/pgsodium.tar.gz -C /tmp && \ - rm -rf /tmp/pgsodium.tar.gz -# Build from source -WORKDIR /tmp/pgsodium-${pgsodium_release} -RUN --mount=type=cache,target=/ccache,from=public.ecr.aws/supabase/postgres:ccache \ - make -j$(nproc) -# Create debian package -RUN checkinstall -D --install=no --fstrans=no --backup=no --pakdir=/tmp --requires=libsodium23 --nodoc - -#################### -# 19-pg_graphql.yml -#################### -FROM rust-toolchain as pg_graphql-source -# Download and extract -ARG pg_graphql_release -ARG pg_graphql_release_checksum -ADD --checksum=${pg_graphql_release_checksum} \ - "https://github.com/supabase/pg_graphql/archive/refs/tags/v${pg_graphql_release}.tar.gz" \ - /tmp/pg_graphql.tar.gz -RUN tar -xvf /tmp/pg_graphql.tar.gz -C /tmp && \ - rm -rf /tmp/pg_graphql.tar.gz -WORKDIR /tmp/pg_graphql-${pg_graphql_release} -RUN cargo pgrx package --no-default-features --features pg${postgresql_major} - -# Create installable package -RUN mkdir archive -RUN cp target/release/pg_graphql-pg${postgresql_major}/usr/local/share/postgresql/extension/pg_graphql* archive -RUN cp target/release/pg_graphql-pg${postgresql_major}/usr/local/lib/postgresql/pg_graphql.so archive - -# name of the package directory before packaging -ENV package_dir=pg_graphql-v${pg_graphql_release}-pg${postgresql_major}-${TARGETARCH}-linux-gnu - -## Copy files into directory structure -RUN mkdir -p ${package_dir}/usr/lib/postgresql/lib -RUN mkdir -p ${package_dir}/var/lib/postgresql/extension -RUN cp archive/*.so ${package_dir}/usr/lib/postgresql/lib -RUN cp archive/*.control ${package_dir}/var/lib/postgresql/extension -RUN cp archive/*.sql ${package_dir}/var/lib/postgresql/extension - -# symlinks to Copy files into directory structure -RUN mkdir -p ${package_dir}/usr/local/lib/postgresql -WORKDIR ${package_dir}/usr/local/lib/postgresql -RUN cp -s ../../../lib/postgresql/lib/*.so . -WORKDIR ../../../../.. - -RUN mkdir -p ${package_dir}/usr/local/share/postgresql/extension -WORKDIR ${package_dir}/usr/local/share/postgresql/extension -RUN cp -s ../../../../../var/lib/postgresql/extension/pg_graphql.control . -RUN cp -s ../../../../../var/lib/postgresql/extension/pg_graphql*.sql . -WORKDIR ../../../../../.. - -RUN mkdir -p ${package_dir}/DEBIAN -RUN touch ${package_dir}/DEBIAN/control -RUN echo 'Package: pg-graphql' >> ${package_dir}/DEBIAN/control -RUN echo 'Version:' ${pg_graphql_release} >> ${package_dir}/DEBIAN/control -RUN echo "Architecture: ${TARGETARCH}" >> ${package_dir}/DEBIAN/control -RUN echo 'Maintainer: supabase' >> ${package_dir}/DEBIAN/control -RUN echo 'Description: A PostgreSQL extension' >> ${package_dir}/DEBIAN/control - -# Create deb package -RUN chown -R root:root ${package_dir} -RUN chmod -R 00755 ${package_dir} -RUN dpkg-deb --build --root-owner-group ${package_dir} -RUN cp ./*.deb /tmp/pg_graphql.deb - -#################### -# 20-pg_stat_monitor.yml -#################### -FROM ccache as pg_stat_monitor-source -# Download and extract -ARG pg_stat_monitor_release -ARG pg_stat_monitor_release_checksum -ADD --checksum=${pg_stat_monitor_release_checksum} \ - "https://github.com/percona/pg_stat_monitor/archive/refs/tags/${pg_stat_monitor_release}.tar.gz" \ - /tmp/pg_stat_monitor.tar.gz -RUN tar -xvf /tmp/pg_stat_monitor.tar.gz -C /tmp && \ - rm -rf /tmp/pg_stat_monitor.tar.gz -# Build from source -WORKDIR /tmp/pg_stat_monitor-${pg_stat_monitor_release} -ENV USE_PGXS=1 -RUN --mount=type=cache,target=/ccache,from=public.ecr.aws/supabase/postgres:ccache \ - make -j$(nproc) -# Create debian package -RUN checkinstall -D --install=no --fstrans=no --backup=no --pakdir=/tmp --nodoc - -#################### -# 22-pg_jsonschema.yml -#################### -FROM rust-toolchain as pg_jsonschema-source -# Download and extract -ARG pg_jsonschema_release -ARG pg_jsonschema_release_checksum -ADD --checksum=${pg_jsonschema_release_checksum} \ - "https://github.com/supabase/pg_jsonschema/archive/refs/tags/v${pg_jsonschema_release}.tar.gz" \ - /tmp/pg_jsonschema.tar.gz -RUN tar -xvf /tmp/pg_jsonschema.tar.gz -C /tmp && \ - rm -rf /tmp/pg_jsonschema.tar.gz -WORKDIR /tmp/pg_jsonschema-${pg_jsonschema_release} -RUN cargo pgrx package --no-default-features --features pg${postgresql_major} - -# Create installable package -RUN mkdir archive -RUN cp target/release/pg_jsonschema-pg${postgresql_major}/usr/local/share/postgresql/extension/pg_jsonschema* archive -RUN cp target/release/pg_jsonschema-pg${postgresql_major}/usr/local/lib/postgresql/pg_jsonschema.so archive - -# name of the package directory before packaging -ENV package_dir=pg_jsonschema-v${pg_jsonschema_release}-pg${postgresql_major}-${TARGETARCH}-linux-gnu - -## Copy files into directory structure -RUN mkdir -p ${package_dir}/usr/lib/postgresql/lib -RUN mkdir -p ${package_dir}/var/lib/postgresql/extension -RUN cp archive/*.so ${package_dir}/usr/lib/postgresql/lib -RUN cp archive/*.control ${package_dir}/var/lib/postgresql/extension -RUN cp archive/*.sql ${package_dir}/var/lib/postgresql/extension - -# symlinks to Copy files into directory structure -RUN mkdir -p ${package_dir}/usr/local/lib/postgresql -WORKDIR ${package_dir}/usr/local/lib/postgresql -RUN cp -s ../../../lib/postgresql/lib/*.so . -WORKDIR ../../../../.. - -RUN mkdir -p ${package_dir}/usr/local/share/postgresql/extension -WORKDIR ${package_dir}/usr/local/share/postgresql/extension - -RUN cp -s ../../../../../var/lib/postgresql/extension/pg_jsonschema.control . -RUN cp -s ../../../../../var/lib/postgresql/extension/pg_jsonschema*.sql . -WORKDIR ../../../../../.. - -RUN mkdir -p ${package_dir}/DEBIAN -RUN touch ${package_dir}/DEBIAN/control -RUN echo 'Package: pg-jsonschema' >> ${package_dir}/DEBIAN/control -RUN echo 'Version:' ${pg_jsonschema_release} >> ${package_dir}/DEBIAN/control -RUN echo "Architecture: ${TARGETARCH}" >> ${package_dir}/DEBIAN/control -RUN echo 'Maintainer: supabase' >> ${package_dir}/DEBIAN/control -RUN echo 'Description: A PostgreSQL extension' >> ${package_dir}/DEBIAN/control - -# Create deb package -RUN chown -R root:root ${package_dir} -RUN chmod -R 00755 ${package_dir} -RUN dpkg-deb --build --root-owner-group ${package_dir} -RUN cp ./*.deb /tmp/pg_jsonschema.deb - -#################### -# 23-vault.yml -#################### -FROM builder as vault-source -# Download and extract -ARG vault_release -ARG vault_release_checksum -ADD --checksum=${vault_release_checksum} \ - "https://github.com/supabase/vault/archive/refs/tags/v${vault_release}.tar.gz" \ - /tmp/vault.tar.gz -RUN tar -xvf /tmp/vault.tar.gz -C /tmp && \ - rm -rf /tmp/vault.tar.gz -# Build from source -WORKDIR /tmp/vault-${vault_release} -RUN make -j$(nproc) -# Create debian package -RUN checkinstall -D --install=no --fstrans=no --backup=no --pakdir=/tmp --nodoc - -#################### -# 24-pgroonga.yml -#################### -FROM ccache as groonga -# Download and extract -ARG groonga_release -ARG groonga_release_checksum -ADD --checksum=${groonga_release_checksum} \ - "https://packages.groonga.org/source/groonga/groonga-${groonga_release}.tar.gz" \ - /tmp/groonga.tar.gz -RUN tar -xvf /tmp/groonga.tar.gz -C /tmp && \ - rm -rf /tmp/groonga.tar.gz -# Install build dependencies -RUN apt-get update && apt-get install -y --no-install-recommends \ - zlib1g-dev \ - liblz4-dev \ - libzstd-dev \ - libmsgpack-dev \ - libzmq3-dev \ - libevent-dev \ - libmecab-dev \ - rapidjson-dev \ - pkg-config \ - && rm -rf /var/lib/apt/lists/* -# Build from source -WORKDIR /tmp/groonga-${groonga_release} -RUN ./configure -RUN --mount=type=cache,target=/ccache,from=public.ecr.aws/supabase/postgres:ccache \ - make -j$(nproc) -# Create debian package -RUN checkinstall -D --install=yes --fstrans=no --backup=no --pakdir=/tmp --requires=zlib1g,liblz4-1,libzstd1,libmsgpackc2,libzmq5,libevent-2.1-7,libmecab2 --nodoc - -FROM groonga as pgroonga-source -# Download and extract -ARG pgroonga_release -ARG pgroonga_release_checksum -ADD --checksum=${pgroonga_release_checksum} \ - "https://packages.groonga.org/source/pgroonga/pgroonga-${pgroonga_release}.tar.gz" \ - /tmp/pgroonga.tar.gz -RUN tar -xvf /tmp/pgroonga.tar.gz -C /tmp && \ - rm -rf /tmp/pgroonga.tar.gz -# Build from source -WORKDIR /tmp/pgroonga-${pgroonga_release} -RUN --mount=type=cache,target=/ccache,from=public.ecr.aws/supabase/postgres:ccache \ - make -j$(nproc) -# Create debian package -RUN checkinstall -D --install=no --fstrans=no --backup=no --pakdir=/tmp --requires=mecab-naist-jdic --nodoc - -FROM scratch as pgroonga-deb -COPY --from=pgroonga-source /tmp/*.deb /tmp/ - -#################### -# 25-wrappers.yml -#################### -FROM rust-toolchain as wrappers-source -# Required by wrappers 0.2.0 -RUN cargo install cargo-pgrx --version 0.11.0 --locked -RUN cargo pgrx init --pg${postgresql_major} $(which pg_config) -# Download and extract -ARG wrappers_release -ARG wrappers_release_checksum -ADD --checksum=${wrappers_release_checksum} \ - "https://github.com/supabase/wrappers/archive/refs/tags/v${wrappers_release}.tar.gz" \ - /tmp/wrappers.tar.gz -RUN tar -xvf /tmp/wrappers.tar.gz -C /tmp && \ - rm -rf /tmp/wrappers.tar.gz -WORKDIR /tmp/wrappers-${wrappers_release}/wrappers -RUN cargo pgrx package --no-default-features --features pg${postgresql_major},all_fdws - -ENV extension_dir=target/release/wrappers-pg${postgresql_major}/usr/local/share/postgresql/extension - -# copy schema file to version update sql files -# Note: some version numbers may be skipped -RUN cp ${extension_dir}/wrappers--${wrappers_release}.sql ${extension_dir}/wrappers--0.1.6--${wrappers_release}.sql -RUN cp ${extension_dir}/wrappers--${wrappers_release}.sql ${extension_dir}/wrappers--0.1.7--${wrappers_release}.sql -RUN cp ${extension_dir}/wrappers--${wrappers_release}.sql ${extension_dir}/wrappers--0.1.8--${wrappers_release}.sql -RUN cp ${extension_dir}/wrappers--${wrappers_release}.sql ${extension_dir}/wrappers--0.1.9--${wrappers_release}.sql -RUN cp ${extension_dir}/wrappers--${wrappers_release}.sql ${extension_dir}/wrappers--0.1.10--${wrappers_release}.sql -RUN cp ${extension_dir}/wrappers--${wrappers_release}.sql ${extension_dir}/wrappers--0.1.11--${wrappers_release}.sql -RUN cp ${extension_dir}/wrappers--${wrappers_release}.sql ${extension_dir}/wrappers--0.1.14--${wrappers_release}.sql -RUN cp ${extension_dir}/wrappers--${wrappers_release}.sql ${extension_dir}/wrappers--0.1.15--${wrappers_release}.sql -RUN cp ${extension_dir}/wrappers--${wrappers_release}.sql ${extension_dir}/wrappers--0.1.16--${wrappers_release}.sql -RUN cp ${extension_dir}/wrappers--${wrappers_release}.sql ${extension_dir}/wrappers--0.1.17--${wrappers_release}.sql -RUN cp ${extension_dir}/wrappers--${wrappers_release}.sql ${extension_dir}/wrappers--0.1.18--${wrappers_release}.sql - -# Create installable package -RUN mkdir archive -RUN cp target/release/wrappers-pg${postgresql_major}/usr/local/share/postgresql/extension/wrappers* archive -RUN cp target/release/wrappers-pg${postgresql_major}/usr/local/lib/postgresql/wrappers-${wrappers_release}.so archive - -# name of the package directory before packaging -ENV package_dir=wrappers-v${wrappers_release}-pg${postgresql_major}-${TARGETARCH}-linux-gnu - -## Copy files into directory structure -RUN mkdir -p ${package_dir}/usr/lib/postgresql/lib -RUN mkdir -p ${package_dir}/var/lib/postgresql/extension -RUN cp archive/*.so ${package_dir}/usr/lib/postgresql/lib -RUN cp archive/*.control ${package_dir}/var/lib/postgresql/extension -RUN cp archive/*.sql ${package_dir}/var/lib/postgresql/extension - -# symlinks to Copy files into directory structure -RUN mkdir -p ${package_dir}/usr/local/lib/postgresql -WORKDIR ${package_dir}/usr/local/lib/postgresql -RUN cp -s ../../../lib/postgresql/lib/*.so . -WORKDIR ../../../../.. - -RUN mkdir -p ${package_dir}/usr/local/share/postgresql/extension -WORKDIR ${package_dir}/usr/local/share/postgresql/extension - -RUN cp -s ../../../../../var/lib/postgresql/extension/wrappers.control . -RUN cp -s ../../../../../var/lib/postgresql/extension/wrappers*.sql . -WORKDIR ../../../../../.. - -RUN mkdir -p ${package_dir}/DEBIAN -RUN touch ${package_dir}/DEBIAN/control -RUN echo 'Package: wrappers' >> ${package_dir}/DEBIAN/control -RUN echo 'Version:' ${wrappers_release} >> ${package_dir}/DEBIAN/control -RUN echo "Architecture: ${TARGETARCH}" >> ${package_dir}/DEBIAN/control -RUN echo 'Maintainer: supabase' >> ${package_dir}/DEBIAN/control -RUN echo 'Description: A PostgreSQL extension' >> ${package_dir}/DEBIAN/control - -# Create deb package -RUN chown -R root:root ${package_dir} -RUN chmod -R 00755 ${package_dir} -RUN dpkg-deb --build --root-owner-group ${package_dir} -RUN cp ./*.deb /tmp/wrappers.deb - -#################### -# 26-hypopg.yml -#################### -FROM ccache as hypopg-source -# Download and extract -ARG hypopg_release -ARG hypopg_release_checksum -ADD --checksum=${hypopg_release_checksum} \ - "https://github.com/HypoPG/hypopg/archive/refs/tags/${hypopg_release}.tar.gz" \ - /tmp/hypopg.tar.gz -RUN tar -xvf /tmp/hypopg.tar.gz -C /tmp && \ - rm -rf /tmp/hypopg.tar.gz -# Build from source -WORKDIR /tmp/hypopg-${hypopg_release} -RUN --mount=type=cache,target=/ccache,from=public.ecr.aws/supabase/postgres:ccache \ - make -j$(nproc) -# Create debian package -RUN checkinstall -D --install=no --fstrans=no --backup=no --pakdir=/tmp --nodoc - -#################### - # 27-pg_repack.yml - #################### - FROM ccache as pg_repack-source - ARG pg_repack_release - ARG pg_repack_release_checksum - ADD --checksum=${pg_repack_release_checksum} \ - "https://github.com/reorg/pg_repack/archive/refs/tags/ver_${pg_repack_release}.tar.gz" \ - /tmp/pg_repack.tar.gz - RUN tar -xvf /tmp/pg_repack.tar.gz -C /tmp && \ - rm -rf /tmp/pg_repack.tar.gz - # Install build dependencies - RUN apt-get update && apt-get install -y --no-install-recommends \ - liblz4-dev \ - libz-dev \ - libzstd-dev \ - libreadline-dev \ - && rm -rf /var/lib/apt/lists/* - # Build from source - WORKDIR /tmp/pg_repack-ver_${pg_repack_release} - ENV USE_PGXS=1 - RUN --mount=type=cache,target=/ccache,from=public.ecr.aws/supabase/postgres:ccache \ - make -j$(nproc) - # Create debian package - RUN checkinstall -D --install=no --fstrans=no --backup=no --pakdir=/tmp --pkgversion=${pg_repack_release} --nodoc - -#################### -# 28-pgvector.yml -#################### -FROM ccache as pgvector-source -ARG pgvector_release -ARG pgvector_release_checksum -ADD --checksum=${pgvector_release_checksum} \ - "https://github.com/pgvector/pgvector/archive/refs/tags/v${pgvector_release}.tar.gz" \ - /tmp/pgvector.tar.gz -RUN tar -xvf /tmp/pgvector.tar.gz -C /tmp && \ - rm -rf /tmp/pgvector.tar.gz -# Build from source -WORKDIR /tmp/pgvector-${pgvector_release} -# error: the clang compiler does not support '-march=native' -RUN sed -i -e "s|-march=native||g" Makefile -RUN --mount=type=cache,target=/ccache,from=public.ecr.aws/supabase/postgres:ccache \ - make -j$(nproc) -# Create debian package -RUN checkinstall -D --install=no --fstrans=no --backup=no --pakdir=/tmp --nodoc - -#################### -# 29-pg_tle.yml -#################### -FROM ccache as pg_tle-source -ARG pg_tle_release -ARG pg_tle_release_checksum -ADD --checksum=${pg_tle_release_checksum} \ - "https://github.com/aws/pg_tle/archive/refs/tags/v${pg_tle_release}.tar.gz" \ - /tmp/pg_tle.tar.gz -RUN tar -xvf /tmp/pg_tle.tar.gz -C /tmp && \ - rm -rf /tmp/pg_tle.tar.gz -RUN apt-get update && apt-get install -y --no-install-recommends \ - flex \ - libkrb5-dev \ - && rm -rf /var/lib/apt/lists/* -# Build from source -WORKDIR /tmp/pg_tle-${pg_tle_release} -RUN --mount=type=cache,target=/ccache,from=public.ecr.aws/supabase/postgres:ccache \ - make -j$(nproc) -# Create debian package -RUN checkinstall -D --install=no --fstrans=no --backup=no --pakdir=/tmp --nodoc - -###################### -# 30-index_advisor.yml -###################### -FROM ccache as index_advisor -ARG index_advisor_release -ARG index_advisor_release_checksum -ADD --checksum=${index_advisor_release_checksum} \ - "https://github.com/olirice/index_advisor/archive/refs/tags/v${index_advisor_release}.tar.gz" \ - /tmp/index_advisor.tar.gz -RUN tar -xvf /tmp/index_advisor.tar.gz -C /tmp && \ - rm -rf /tmp/index_advisor.tar.gz -# Build from source -WORKDIR /tmp/index_advisor-${index_advisor_release} -RUN --mount=type=cache,target=/ccache,from=public.ecr.aws/supabase/postgres:ccache \ - make -j$(nproc) -# Create debian package -RUN checkinstall -D --install=no --fstrans=no --backup=no --pakdir=/tmp --nodoc - -#################### -# internal/supautils.yml -#################### -FROM ccache as supautils-source -ARG supautils_release -ARG supautils_release_tar_checksum -ADD --checksum=${supautils_release_tar_checksum} \ - "https://github.com/supabase/supautils/archive/refs/tags/v${supautils_release}.tar.gz" \ - /tmp/supautils.tar.gz -RUN tar -xvf /tmp/supautils.tar.gz -C /tmp && \ - rm -rf /tmp/supautils.tar.gz -# Install build dependencies -RUN apt-get update && apt-get install -y --no-install-recommends \ - libicu-dev \ - && rm -rf /var/lib/apt/lists/* -# Build from source -WORKDIR /tmp/supautils-${supautils_release} -RUN --mount=type=cache,target=/ccache,from=public.ecr.aws/supabase/postgres:ccache \ - make -j$(nproc) -# Create debian package -RUN checkinstall -D --install=no --fstrans=no --backup=no --pakdir=/tmp --nodoc - -#################### -# setup-wal-g.yml -#################### -FROM base as walg -ARG wal_g_release -# ADD "https://github.com/wal-g/wal-g/releases/download/v${wal_g_release}/wal-g-pg-ubuntu-20.04-${TARGETARCH}.tar.gz" /tmp/wal-g.tar.gz -RUN arch=$([ "$TARGETARCH" = "arm64" ] && echo "aarch64" || echo "$TARGETARCH") && \ - apt-get update && apt-get install -y --no-install-recommends curl && \ - curl -kL "https://github.com/wal-g/wal-g/releases/download/v${wal_g_release}/wal-g-pg-ubuntu-20.04-${arch}.tar.gz" -o /tmp/wal-g.tar.gz && \ - tar -xvf /tmp/wal-g.tar.gz -C /tmp && \ - rm -rf /tmp/wal-g.tar.gz && \ - mv /tmp/wal-g-pg-ubuntu*20.04-$arch /tmp/wal-g - -#################### -# Collect extension packages -#################### -FROM scratch as extensions -COPY --from=postgis-source /tmp/*.deb /tmp/ -COPY --from=pgrouting-source /tmp/*.deb /tmp/ -COPY --from=pgtap-source /tmp/*.deb /tmp/ -COPY --from=pg_cron-source /tmp/*.deb /tmp/ -COPY --from=pgaudit-source /tmp/*.deb /tmp/ -COPY --from=pgjwt-source /tmp/*.deb /tmp/ -COPY --from=pgsql-http-source /tmp/*.deb /tmp/ -COPY --from=plpgsql_check-source /tmp/*.deb /tmp/ -COPY --from=pg-safeupdate-source /tmp/*.deb /tmp/ -COPY --from=timescaledb-source /tmp/*.deb /tmp/ -COPY --from=wal2json-source /tmp/*.deb /tmp/ -# COPY --from=pljava /tmp/*.deb /tmp/ -COPY --from=plv8 /tmp/*.deb /tmp/ -COPY --from=pg_plan_filter-source /tmp/*.deb /tmp/ -COPY --from=pg_net-source /tmp/*.deb /tmp/ -COPY --from=rum-source /tmp/*.deb /tmp/ -COPY --from=pgsodium-source /tmp/*.deb /tmp/ -COPY --from=pg_hashids-source /tmp/*.deb /tmp/ -COPY --from=pg_graphql-source /tmp/*.deb /tmp/ -COPY --from=pg_stat_monitor-source /tmp/*.deb /tmp/ -COPY --from=pg_jsonschema-source /tmp/*.deb /tmp/ -COPY --from=vault-source /tmp/*.deb /tmp/ -COPY --from=pgroonga-source /tmp/*.deb /tmp/ -COPY --from=wrappers-source /tmp/*.deb /tmp/ -COPY --from=hypopg-source /tmp/*.deb /tmp/ -COPY --from=pg_repack-source /tmp/*.deb /tmp/ -COPY --from=pgvector-source /tmp/*.deb /tmp/ -COPY --from=pg_tle-source /tmp/*.deb /tmp/ -COPY --from=index_advisor /tmp/*.deb /tmp/ -COPY --from=supautils-source /tmp/*.deb /tmp/ - -#################### -# Build final image -#################### -FROM base as production - -# Setup extensions -COPY --from=extensions /tmp /tmp -COPY --from=walg /tmp/wal-g /usr/local/bin/ - -ENV DEBIAN_FRONTEND=noninteractive -RUN apt-get update && apt-get install -y --no-install-recommends \ - /tmp/*.deb \ - # Needed for anything using libcurl - # https://github.com/supabase/postgres/issues/573 - ca-certificates \ - && rm -rf /var/lib/apt/lists/* /tmp/* - -# Initialise configs -COPY --chown=postgres:postgres ansible/files/postgresql_config/postgresql.conf.j2 /etc/postgresql/postgresql.conf -COPY --chown=postgres:postgres ansible/files/postgresql_config/pg_hba.conf.j2 /etc/postgresql/pg_hba.conf -COPY --chown=postgres:postgres ansible/files/postgresql_config/pg_ident.conf.j2 /etc/postgresql/pg_ident.conf -COPY --chown=postgres:postgres ansible/files/postgresql_config/postgresql-stdout-log.conf /etc/postgresql/logging.conf -COPY --chown=postgres:postgres ansible/files/postgresql_config/supautils.conf.j2 /etc/postgresql-custom/supautils.conf -COPY --chown=postgres:postgres ansible/files/postgresql_extension_custom_scripts /etc/postgresql-custom/extension-custom-scripts -COPY --chown=postgres:postgres ansible/files/pgsodium_getkey_urandom.sh.j2 /usr/lib/postgresql/${postgresql_major}/bin/pgsodium_getkey.sh -COPY --chown=postgres:postgres ansible/files/postgresql_config/custom_read_replica.conf.j2 /etc/postgresql-custom/read-replica.conf -COPY --chown=postgres:postgres ansible/files/postgresql_config/custom_walg.conf.j2 /etc/postgresql-custom/wal-g.conf -COPY --chown=postgres:postgres ansible/files/walg_helper_scripts/wal_fetch.sh /home/postgres/wal_fetch.sh -COPY ansible/files/walg_helper_scripts/wal_change_ownership.sh /root/wal_change_ownership.sh - -RUN sed -i \ - -e "s|#unix_socket_directories = '/tmp'|unix_socket_directories = '/var/run/postgresql'|g" \ - -e "s|#session_preload_libraries = ''|session_preload_libraries = 'supautils'|g" \ - -e "s|shared_preload_libraries = '\(.*\)'|shared_preload_libraries = '\1, orioledb'|g" \ - -e "s|#max_wal_size = 1GB|max_wal_size = 8GB|g" \ - -e "s|#include = '/etc/postgresql-custom/supautils.conf'|include = '/etc/postgresql-custom/supautils.conf'|g" \ - -e "s|#include = '/etc/postgresql-custom/wal-g.conf'|include = '/etc/postgresql-custom/wal-g.conf'|g" /etc/postgresql/postgresql.conf && \ - echo "pljava.libjvm_location = '/usr/lib/jvm/java-11-openjdk-${TARGETARCH}/lib/server/libjvm.so'" >> /etc/postgresql/postgresql.conf && \ - echo "pgsodium.getkey_script= '/usr/lib/postgresql/${postgresql_major}/bin/pgsodium_getkey.sh'" >> /etc/postgresql/postgresql.conf && \ - echo "orioledb.main_buffers = 1GB" >> /etc/postgresql/postgresql.conf && \ - echo "orioledb.undo_buffers = 256MB" >> /etc/postgresql/postgresql.conf && \ - useradd --create-home --shell /bin/bash wal-g -G postgres && \ - mkdir -p /etc/postgresql-custom && \ - chown postgres:postgres /etc/postgresql-custom - -# Include schema migrations -COPY migrations/db /docker-entrypoint-initdb.d/ -COPY ansible/files/pgbouncer_config/pgbouncer_auth_schema.sql /docker-entrypoint-initdb.d/init-scripts/00-schema.sql -COPY ansible/files/stat_extension.sql /docker-entrypoint-initdb.d/migrations/00-extension.sql - -# Patch upstream entrypoint script -RUN sed -i \ - -e "s|su-exec|gosu|g" \ - -e "s|PGHOST= PGHOSTADDR=|PGHOST=\$POSTGRES_HOST|g" \ - /usr/local/bin/docker-entrypoint.sh && \ - mv /usr/local/bin/docker-entrypoint.sh /usr/local/bin/orioledb-entrypoint.sh - -COPY docker/orioledb/entrypoint.sh /usr/local/bin/docker-entrypoint.sh - -HEALTHCHECK --interval=2s --timeout=2s --retries=10 CMD pg_isready -U postgres -h localhost -STOPSIGNAL SIGINT -EXPOSE 5432 - -ENV POSTGRES_HOST=/var/run/postgresql -CMD ["postgres", "-D", "/etc/postgresql"] diff --git a/docker/orioledb/entrypoint.sh b/docker/orioledb/entrypoint.sh deleted file mode 100755 index b9a460b7d..000000000 --- a/docker/orioledb/entrypoint.sh +++ /dev/null @@ -1,36 +0,0 @@ -#!/usr/bin/env bash -set -eou pipefail - -PG_CONF=/etc/postgresql/postgresql.conf - -if [ "${S3_ENABLED:-}" == "true" ]; then - echo "Enabling OrioleDB S3 Backend..." - - echo " -archive_mode = on -archive_library = 'orioledb' -max_worker_processes = 50 # should fit orioledb.s3_num_workers as long as other workers -orioledb.s3_num_workers = 20 # should be enough for comfortable work -orioledb.s3_mode = true -orioledb.s3_host = '$S3_HOST' # replace with your bucket URL, accelerated buckets are recommended -orioledb.s3_region = '$S3_REGION' # replace with your S3 region -orioledb.s3_accesskey = '$S3_ACCESS_KEY' # replace with your S3 key -orioledb.s3_secretkey = '$S3_SECRET_KEY' # replace with your S3 secret key -" >> "$PG_CONF" -else - echo "Disabling OrioleDB S3 Backend..." - - sed -i \ - -e "/^archive_mode = on/d" \ - -e "/^archive_library = 'orioledb'/d" \ - -e "/^max_worker_processes = 50/d" \ - -e "/^orioledb.s3_num_workers = /d" \ - -e "/^orioledb.s3_mode = /d" \ - -e "/^orioledb.s3_host = /d" \ - -e "/^orioledb.s3_region = /d" \ - -e "/^orioledb.s3_accesskey = /d" \ - -e "/^orioledb.s3_secretkey = /d" \ - "$PG_CONF" -fi - -orioledb-entrypoint.sh "$@" diff --git a/ebssurrogate/scripts/chroot-bootstrap.sh b/ebssurrogate/scripts/chroot-bootstrap.sh deleted file mode 100755 index 4b7ceaf8d..000000000 --- a/ebssurrogate/scripts/chroot-bootstrap.sh +++ /dev/null @@ -1,204 +0,0 @@ -#!/usr/bin/env bash -# -# This script runs inside chrooted environment. It installs grub and its -# Configuration file. -# - -set -o errexit -set -o pipefail -set -o xtrace - -export DEBIAN_FRONTEND=noninteractive - -export APT_OPTIONS="-oAPT::Install-Recommends=false \ - -oAPT::Install-Suggests=false \ - -oAcquire::Languages=none" - -if [ $(dpkg --print-architecture) = "amd64" ]; -then - ARCH="amd64"; -else - ARCH="arm64"; -fi - - - -function update_install_packages { - source /etc/os-release - - # Update APT with new sources - cat /etc/apt/sources.list - apt-get $APT_OPTIONS update && apt-get $APT_OPTIONS --yes dist-upgrade - - # Do not configure grub during package install - if [ "${ARCH}" = "amd64" ]; then - echo 'grub-pc grub-pc/install_devices_empty select true' | debconf-set-selections - echo 'grub-pc grub-pc/install_devices select' | debconf-set-selections - # Install various packages needed for a booting system - apt-get install -y \ - linux-aws \ - grub-pc \ - e2fsprogs - else - apt-get install -y e2fsprogs - fi - # Install standard packages - apt-get install -y \ - sudo \ - wget \ - cloud-init \ - acpid \ - ec2-hibinit-agent \ - ec2-instance-connect \ - hibagent \ - ncurses-term \ - ssh-import-id \ - - # apt upgrade - apt-get upgrade -y - - # Install OpenSSH and other packages - sudo add-apt-repository universe - apt-get update - apt-get install -y --no-install-recommends \ - openssh-server \ - git \ - ufw \ - cron \ - logrotate \ - fail2ban \ - locales \ - at \ - less \ - python3-systemd - - if [ "${ARCH}" = "arm64" ]; then - apt-get $APT_OPTIONS --yes install linux-aws initramfs-tools dosfstools - fi -} - -function setup_locale { -cat << EOF >> /etc/locale.gen -en_US.UTF-8 UTF-8 -EOF - -cat << EOF > /etc/default/locale -LANG="C.UTF-8" -LC_CTYPE="C.UTF-8" -EOF - localedef -i en_US -f UTF-8 en_US.UTF-8 -} - -function install_packages_for_build { - apt-get install -y --no-install-recommends linux-libc-dev \ - acl \ - magic-wormhole sysstat \ - build-essential libreadline-dev zlib1g-dev flex bison libxml2-dev libxslt-dev libssl-dev libsystemd-dev libpq-dev libxml2-utils uuid-dev xsltproc ssl-cert \ - gcc-10 g++-10 \ - libgeos-dev libproj-dev libgdal-dev libjson-c-dev libboost-all-dev libcgal-dev libmpfr-dev libgmp-dev cmake \ - libkrb5-dev \ - maven default-jre default-jdk \ - curl gpp apt-transport-https cmake libc++-dev libc++abi-dev libc++1 libglib2.0-dev libtinfo5 libc++abi1 ninja-build python \ - liblzo2-dev - - source /etc/os-release - - apt-get install -y --no-install-recommends llvm-11-dev clang-11 - # Mark llvm as manual to prevent auto removal - apt-mark manual libllvm11:arm64 -} - -function setup_apparmor { - apt-get install -y apparmor apparmor-utils auditd - - # Copy apparmor profiles - cp -rv /tmp/apparmor_profiles/* /etc/apparmor.d/ -} - -function setup_grub_conf_arm64 { -cat << EOF > /etc/default/grub -GRUB_DEFAULT=0 -GRUB_TIMEOUT=0 -GRUB_TIMEOUT_STYLE="hidden" -GRUB_DISTRIBUTOR="Supabase postgresql" -GRUB_CMDLINE_LINUX_DEFAULT="nomodeset console=tty1 console=ttyS0 ipv6.disable=0" -EOF -} - -# Install GRUB -function install_configure_grub { - if [ "${ARCH}" = "arm64" ]; then - apt-get $APT_OPTIONS --yes install cloud-guest-utils fdisk grub-efi-arm64 efibootmgr - setup_grub_conf_arm64 - rm -rf /etc/grub.d/30_os-prober - sleep 1 - fi - grub-install /dev/xvdf && update-grub -} - -# skip fsck for first boot -function disable_fsck { - touch /fastboot -} - -# Don't request hostname during boot but set hostname -function setup_hostname { - sed -i 's/gethostname()/ubuntu /g' /etc/dhcp/dhclient.conf - sed -i 's/host-name,//g' /etc/dhcp/dhclient.conf - echo "ubuntu" > /etc/hostname - chmod 644 /etc/hostname -} - -# Set options for the default interface -function setup_eth0_interface { -cat << EOF > /etc/netplan/eth0.yaml -network: - version: 2 - ethernets: - eth0: - dhcp4: true -EOF -} - -function disable_sshd_passwd_auth { - sed -i -E -e 's/^#?\s*PasswordAuthentication\s+(yes|no)\s*$/PasswordAuthentication no/g' \ - -e 's/^#?\s*ChallengeResponseAuthentication\s+(yes|no)\s*$/ChallengeResponseAuthentication no/g' \ - /etc/ssh/sshd_config -} - -function create_admin_account { - groupadd admin -} - -#Set default target as multi-user -function set_default_target { - rm -f /etc/systemd/system/default.target - ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target -} - -# Setup ccache -function setup_ccache { - apt-get install ccache -y - mkdir -p /tmp/ccache - export PATH=/usr/lib/ccache:$PATH - echo "PATH=$PATH" >> /etc/environment -} - -# Clear apt caches -function cleanup_cache { - apt-get clean -} - -update_install_packages -setup_locale -#install_packages_for_build -install_configure_grub -setup_apparmor -setup_hostname -create_admin_account -set_default_target -setup_eth0_interface -disable_sshd_passwd_auth -disable_fsck -#setup_ccache -cleanup_cache diff --git a/ebssurrogate/scripts/surrogate-bootstrap.sh b/ebssurrogate/scripts/surrogate-bootstrap.sh deleted file mode 100755 index 54eb98fb5..000000000 --- a/ebssurrogate/scripts/surrogate-bootstrap.sh +++ /dev/null @@ -1,324 +0,0 @@ -#!/usr/bin/env bash -# -# This script creates filesystem and setups up chrooted -# enviroment for further processing. It also runs -# ansible playbook and finally does system cleanup. -# -# Adapted from: https://github.com/jen20/packer-ubuntu-zfs - -set -o errexit -set -o pipefail -set -o xtrace - -if [ $(dpkg --print-architecture) = "amd64" ]; -then - ARCH="amd64"; -else - ARCH="arm64"; -fi - -function waitfor_boot_finished { - export DEBIAN_FRONTEND=noninteractive - - echo "args: ${ARGS}" - # Wait for cloudinit on the surrogate to complete before making progress - while [[ ! -f /var/lib/cloud/instance/boot-finished ]]; do - echo 'Waiting for cloud-init...' - sleep 1 - done -} - -function install_packages { - # Setup Ansible on host VM - apt-get update && sudo apt-get install software-properties-common -y - add-apt-repository --yes --update ppa:ansible/ansible && sudo apt-get install ansible -y - ansible-galaxy collection install community.general - - # Update apt and install required packages - apt-get update - apt-get install -y \ - gdisk \ - e2fsprogs \ - debootstrap \ - nvme-cli -} - -# Partition the new root EBS volume -function create_partition_table { - - if [ "${ARCH}" = "arm64" ]; then - parted --script /dev/xvdf \ - mklabel gpt \ - mkpart UEFI 1MiB 100MiB \ - mkpart ROOT 100MiB 100% - set 1 esp on \ - set 1 boot on - parted --script /dev/xvdf print - else - sgdisk -Zg -n1:0:4095 -t1:EF02 -c1:GRUB -n2:0:0 -t2:8300 -c2:EXT4 /dev/xvdf - fi - - sleep 2 -} - -function device_partition_mappings { - # NVMe EBS launch device mappings (symlinks): /dev/nvme*n* to /dev/xvd* - declare -A blkdev_mappings - for blkdev in $(nvme list | awk '/^\/dev/ { print $1 }'); do # /dev/nvme*n* - # Mapping info from disk headers - header=$(nvme id-ctrl --raw-binary "${blkdev}" | cut -c3073-3104 | tr -s ' ' | sed 's/ $//g' | sed 's!/dev/!!') - mapping="/dev/${header%%[0-9]}" # normalize sda1 => sda - - # Create /dev/xvd* device symlink - if [[ ! -z "$mapping" ]] && [[ -b "${blkdev}" ]] && [[ ! -L "${mapping}" ]]; then - ln -s "$blkdev" "$mapping" - - blkdev_mappings["$blkdev"]="$mapping" - fi - done - - create_partition_table - - # NVMe EBS launch device partition mappings (symlinks): /dev/nvme*n*p* to /dev/xvd*[0-9]+ - declare -A partdev_mappings - for blkdev in "${!blkdev_mappings[@]}"; do # /dev/nvme*n* - mapping="${blkdev_mappings[$blkdev]}" - - # Create /dev/xvd*[0-9]+ partition device symlink - for partdev in "${blkdev}"p*; do - partnum=${partdev##*p} - if [[ ! -L "${mapping}${partnum}" ]]; then - ln -s "${blkdev}p${partnum}" "${mapping}${partnum}" - - partdev_mappings["${blkdev}p${partnum}"]="${mapping}${partnum}" - fi - done - done -} - - -#Download and install latest e2fsprogs for fast_commit feature,if required. -function format_and_mount_rootfs { - mkfs.ext4 -m0.1 /dev/xvdf2 - - mount -o noatime,nodiratime /dev/xvdf2 /mnt - if [ "${ARCH}" = "arm64" ]; then - mkfs.fat -F32 /dev/xvdf1 - mkdir -p /mnt/boot/efi - sleep 2 - mount /dev/xvdf1 /mnt/boot/efi - fi - - mkfs.ext4 /dev/xvdh - mkdir -p /mnt/data - mount -o defaults,discard /dev/xvdh /mnt/data -} - -function create_swapfile { - fallocate -l 1G /mnt/swapfile - chmod 600 /mnt/swapfile - mkswap /mnt/swapfile -} - -function format_build_partition { - mkfs.ext4 -O ^has_journal /dev/xvdc -} -function pull_docker { - apt-get install -y docker.io - docker run -itd --name ccachedata "${DOCKER_IMAGE}:${DOCKER_IMAGE_TAG}" sh - docker exec -itd ccachedata mkdir -p /build/ccache -} - -# Create fstab -function create_fstab { - FMT="%-42s %-11s %-5s %-17s %-5s %s" -cat > "/mnt/etc/fstab" << EOF -$(printf "${FMT}" "# DEVICE UUID" "MOUNTPOINT" "TYPE" "OPTIONS" "DUMP" "FSCK") -$(findmnt -no SOURCE /mnt | xargs blkid -o export | awk -v FMT="${FMT}" '/^UUID=/ { printf(FMT, $0, "/", "ext4", "defaults,discard", "0", "1" ) }') -$(findmnt -no SOURCE /mnt/boot/efi | xargs blkid -o export | awk -v FMT="${FMT}" '/^UUID=/ { printf(FMT, $0, "/boot/efi", "vfat", "umask=0077", "0", "1" ) }') -$(findmnt -no SOURCE /mnt/data | xargs blkid -o export | awk -v FMT="${FMT}" '/^UUID=/ { printf(FMT, $0, "/data", "ext4", "defaults,discard", "0", "2" ) }') -$(printf "$FMT" "/swapfile" "none" "swap" "sw" "0" "0") -EOF - unset FMT -} - -function setup_chroot_environment { - UBUNTU_VERSION=$(lsb_release -cs) # 'focal' for Ubuntu 20.04 - - # Bootstrap Ubuntu into /mnt - debootstrap --arch ${ARCH} --variant=minbase "$UBUNTU_VERSION" /mnt - - # Update ec2-region - REGION=$(curl --silent --fail http://169.254.169.254/latest/meta-data/placement/availability-zone | sed -E 's|[a-z]+$||g') - sed -i "s/REGION/${REGION}/g" /tmp/sources.list - cp /tmp/sources.list /mnt/etc/apt/sources.list - - if [ "${ARCH}" = "arm64" ]; then - create_fstab - fi - - # Create mount points and mount the filesystem - mkdir -p /mnt/{dev,proc,sys} - mount --rbind /dev /mnt/dev - mount --rbind /proc /mnt/proc - mount --rbind /sys /mnt/sys - - # Create build mount point and mount - mkdir -p /mnt/tmp - mount /dev/xvdc /mnt/tmp - chmod 777 /mnt/tmp - - # Copy apparmor profiles - chmod 644 /tmp/apparmor_profiles/* - cp -r /tmp/apparmor_profiles /mnt/tmp/ - - # Copy migrations - cp -r /tmp/migrations /mnt/tmp/ - - # Copy unit tests - cp -r /tmp/unit-tests /mnt/tmp/ - - # Copy the bootstrap script into place and execute inside chroot - cp /tmp/chroot-bootstrap.sh /mnt/tmp/chroot-bootstrap.sh - chroot /mnt /tmp/chroot-bootstrap.sh - rm -f /mnt/tmp/chroot-bootstrap.sh - echo "${POSTGRES_SUPABASE_VERSION}" > /mnt/root/supabase-release - - # Copy the nvme identification script into /sbin inside the chroot - mkdir -p /mnt/sbin - cp /tmp/ebsnvme-id /mnt/sbin/ebsnvme-id - chmod +x /mnt/sbin/ebsnvme-id - - # Copy the udev rules for identifying nvme devices into the chroot - mkdir -p /mnt/etc/udev/rules.d - cp /tmp/70-ec2-nvme-devices.rules \ - /mnt/etc/udev/rules.d/70-ec2-nvme-devices.rules - - #Copy custom cloud-init - rm -f /mnt/etc/cloud/cloud.cfg - cp /tmp/cloud.cfg /mnt/etc/cloud/cloud.cfg - - sleep 2 -} - -function download_ccache { - docker cp ccachedata:/build/ccache/. /mnt/tmp/ccache -} - -function execute_playbook { - -tee /etc/ansible/ansible.cfg <= 14 THEN - RETURN jsonb_build_object( - 'errors', jsonb_build_array( - jsonb_build_object( - 'message', 'pg_graphql extension is not enabled.' - ) - ) - ); - ELSE - RETURN jsonb_build_object( - 'errors', jsonb_build_array( - jsonb_build_object( - 'message', 'pg_graphql is only available on projects running Postgres 14 onwards.' - ) - ) - ); - END IF; - END; - $$; - END IF; - - END; -$_$; - - --- --- Name: FUNCTION set_graphql_placeholder(); Type: COMMENT; Schema: extensions; Owner: - --- - -COMMENT ON FUNCTION extensions.set_graphql_placeholder() IS 'Reintroduces placeholder function for graphql_public.graphql'; - - --- --- Name: get_auth(text); Type: FUNCTION; Schema: pgbouncer; Owner: - --- - -CREATE FUNCTION pgbouncer.get_auth(p_usename text) RETURNS TABLE(username text, password text) - LANGUAGE plpgsql SECURITY DEFINER - AS $$ -BEGIN - RAISE WARNING 'PgBouncer auth request: %', p_usename; - - RETURN QUERY - SELECT usename::TEXT, passwd::TEXT FROM pg_catalog.pg_shadow - WHERE usename = p_usename; -END; -$$; - - --- --- Name: extension(text); Type: FUNCTION; Schema: storage; Owner: - --- - -CREATE FUNCTION storage.extension(name text) RETURNS text - LANGUAGE plpgsql - AS $$ -DECLARE -_parts text[]; -_filename text; -BEGIN - select string_to_array(name, '/') into _parts; - select _parts[array_length(_parts,1)] into _filename; - -- @todo return the last part instead of 2 - return split_part(_filename, '.', 2); -END -$$; - - --- --- Name: filename(text); Type: FUNCTION; Schema: storage; Owner: - --- - -CREATE FUNCTION storage.filename(name text) RETURNS text - LANGUAGE plpgsql - AS $$ -DECLARE -_parts text[]; -BEGIN - select string_to_array(name, '/') into _parts; - return _parts[array_length(_parts,1)]; -END -$$; - - --- --- Name: foldername(text); Type: FUNCTION; Schema: storage; Owner: - --- - -CREATE FUNCTION storage.foldername(name text) RETURNS text[] - LANGUAGE plpgsql - AS $$ -DECLARE -_parts text[]; -BEGIN - select string_to_array(name, '/') into _parts; - return _parts[1:array_length(_parts,1)-1]; -END -$$; - - --- --- Name: search(text, text, integer, integer, integer); Type: FUNCTION; Schema: storage; Owner: - --- - -CREATE FUNCTION storage.search(prefix text, bucketname text, limits integer DEFAULT 100, levels integer DEFAULT 1, offsets integer DEFAULT 0) RETURNS TABLE(name text, id uuid, updated_at timestamp with time zone, created_at timestamp with time zone, last_accessed_at timestamp with time zone, metadata jsonb) - LANGUAGE plpgsql - AS $$ -DECLARE -_bucketId text; -BEGIN - -- will be replaced by migrations when server starts - -- saving space for cloud-init -END -$$; - - --- --- Name: secrets_encrypt_secret_secret(); Type: FUNCTION; Schema: vault; Owner: - --- - -CREATE FUNCTION vault.secrets_encrypt_secret_secret() RETURNS trigger - LANGUAGE plpgsql - AS $$ - BEGIN - new.secret = CASE WHEN new.secret IS NULL THEN NULL ELSE - CASE WHEN new.key_id IS NULL THEN NULL ELSE pg_catalog.encode( - pgsodium.crypto_aead_det_encrypt( - pg_catalog.convert_to(new.secret, 'utf8'), - pg_catalog.convert_to((new.id::text || new.description::text || new.created_at::text || new.updated_at::text)::text, 'utf8'), - new.key_id::uuid, - new.nonce - ), - 'base64') END END; - RETURN new; - END; - $$; - - -SET default_tablespace = ''; - -SET default_table_access_method = heap; - --- --- Name: audit_log_entries; Type: TABLE; Schema: auth; Owner: - --- - -CREATE TABLE auth.audit_log_entries ( - instance_id uuid, - id uuid NOT NULL, - payload json, - created_at timestamp with time zone -); - - --- --- Name: TABLE audit_log_entries; Type: COMMENT; Schema: auth; Owner: - --- - -COMMENT ON TABLE auth.audit_log_entries IS 'Auth: Audit trail for user actions.'; - - --- --- Name: instances; Type: TABLE; Schema: auth; Owner: - --- - -CREATE TABLE auth.instances ( - id uuid NOT NULL, - uuid uuid, - raw_base_config text, - created_at timestamp with time zone, - updated_at timestamp with time zone -); - - --- --- Name: TABLE instances; Type: COMMENT; Schema: auth; Owner: - --- - -COMMENT ON TABLE auth.instances IS 'Auth: Manages users across multiple sites.'; - - --- --- Name: refresh_tokens; Type: TABLE; Schema: auth; Owner: - --- - -CREATE TABLE auth.refresh_tokens ( - instance_id uuid, - id bigint NOT NULL, - token character varying(255), - user_id character varying(255), - revoked boolean, - created_at timestamp with time zone, - updated_at timestamp with time zone -); - - --- --- Name: TABLE refresh_tokens; Type: COMMENT; Schema: auth; Owner: - --- - -COMMENT ON TABLE auth.refresh_tokens IS 'Auth: Store of tokens used to refresh JWT tokens once they expire.'; - - --- --- Name: refresh_tokens_id_seq; Type: SEQUENCE; Schema: auth; Owner: - --- - -CREATE SEQUENCE auth.refresh_tokens_id_seq - START WITH 1 - INCREMENT BY 1 - NO MINVALUE - NO MAXVALUE - CACHE 1; - - --- --- Name: refresh_tokens_id_seq; Type: SEQUENCE OWNED BY; Schema: auth; Owner: - --- - -ALTER SEQUENCE auth.refresh_tokens_id_seq OWNED BY auth.refresh_tokens.id; - - --- --- Name: schema_migrations; Type: TABLE; Schema: auth; Owner: - --- - -CREATE TABLE auth.schema_migrations ( - version character varying(255) NOT NULL -); - - --- --- Name: TABLE schema_migrations; Type: COMMENT; Schema: auth; Owner: - --- - -COMMENT ON TABLE auth.schema_migrations IS 'Auth: Manages updates to the auth system.'; - - --- --- Name: users; Type: TABLE; Schema: auth; Owner: - --- - -CREATE TABLE auth.users ( - instance_id uuid, - id uuid NOT NULL, - aud character varying(255), - role character varying(255), - email character varying(255), - encrypted_password character varying(255), - confirmed_at timestamp with time zone, - invited_at timestamp with time zone, - confirmation_token character varying(255), - confirmation_sent_at timestamp with time zone, - recovery_token character varying(255), - recovery_sent_at timestamp with time zone, - email_change_token character varying(255), - email_change character varying(255), - email_change_sent_at timestamp with time zone, - last_sign_in_at timestamp with time zone, - raw_app_meta_data jsonb, - raw_user_meta_data jsonb, - is_super_admin boolean, - created_at timestamp with time zone, - updated_at timestamp with time zone -); - - --- --- Name: TABLE users; Type: COMMENT; Schema: auth; Owner: - --- - -COMMENT ON TABLE auth.users IS 'Auth: Stores user login data within a secure schema.'; - - --- --- Name: schema_migrations; Type: TABLE; Schema: public; Owner: - --- - -CREATE TABLE public.schema_migrations ( - version character varying(128) NOT NULL -); - - --- --- Name: buckets; Type: TABLE; Schema: storage; Owner: - --- - -CREATE TABLE storage.buckets ( - id text NOT NULL, - name text NOT NULL, - owner uuid, - created_at timestamp with time zone DEFAULT now(), - updated_at timestamp with time zone DEFAULT now() -); - - --- --- Name: migrations; Type: TABLE; Schema: storage; Owner: - --- - -CREATE TABLE storage.migrations ( - id integer NOT NULL, - name character varying(100) NOT NULL, - hash character varying(40) NOT NULL, - executed_at timestamp without time zone DEFAULT CURRENT_TIMESTAMP -); - - --- --- Name: objects; Type: TABLE; Schema: storage; Owner: - --- - -CREATE TABLE storage.objects ( - id uuid DEFAULT extensions.uuid_generate_v4() NOT NULL, - bucket_id text, - name text, - owner uuid, - created_at timestamp with time zone DEFAULT now(), - updated_at timestamp with time zone DEFAULT now(), - last_accessed_at timestamp with time zone DEFAULT now(), - metadata jsonb -); - - --- --- Name: decrypted_secrets; Type: VIEW; Schema: vault; Owner: - --- - -CREATE VIEW vault.decrypted_secrets AS - SELECT id, - name, - description, - secret, - CASE - WHEN (secret IS NULL) THEN NULL::text - ELSE - CASE - WHEN (key_id IS NULL) THEN NULL::text - ELSE convert_from(pgsodium.crypto_aead_det_decrypt(decode(secret, 'base64'::text), convert_to(((((id)::text || description) || (created_at)::text) || (updated_at)::text), 'utf8'::name), key_id, nonce), 'utf8'::name) - END - END AS decrypted_secret, - key_id, - nonce, - created_at, - updated_at - FROM vault.secrets; - - --- --- Name: refresh_tokens id; Type: DEFAULT; Schema: auth; Owner: - --- - -ALTER TABLE ONLY auth.refresh_tokens ALTER COLUMN id SET DEFAULT nextval('auth.refresh_tokens_id_seq'::regclass); - - --- --- Name: audit_log_entries audit_log_entries_pkey; Type: CONSTRAINT; Schema: auth; Owner: - --- - -ALTER TABLE ONLY auth.audit_log_entries - ADD CONSTRAINT audit_log_entries_pkey PRIMARY KEY (id); - - --- --- Name: instances instances_pkey; Type: CONSTRAINT; Schema: auth; Owner: - --- - -ALTER TABLE ONLY auth.instances - ADD CONSTRAINT instances_pkey PRIMARY KEY (id); - - --- --- Name: refresh_tokens refresh_tokens_pkey; Type: CONSTRAINT; Schema: auth; Owner: - --- - -ALTER TABLE ONLY auth.refresh_tokens - ADD CONSTRAINT refresh_tokens_pkey PRIMARY KEY (id); - - --- --- Name: schema_migrations schema_migrations_pkey; Type: CONSTRAINT; Schema: auth; Owner: - --- - -ALTER TABLE ONLY auth.schema_migrations - ADD CONSTRAINT schema_migrations_pkey PRIMARY KEY (version); - - --- --- Name: users users_email_key; Type: CONSTRAINT; Schema: auth; Owner: - --- - -ALTER TABLE ONLY auth.users - ADD CONSTRAINT users_email_key UNIQUE (email); - - --- --- Name: users users_pkey; Type: CONSTRAINT; Schema: auth; Owner: - --- - -ALTER TABLE ONLY auth.users - ADD CONSTRAINT users_pkey PRIMARY KEY (id); - - --- --- Name: schema_migrations schema_migrations_pkey; Type: CONSTRAINT; Schema: public; Owner: - --- - -ALTER TABLE ONLY public.schema_migrations - ADD CONSTRAINT schema_migrations_pkey PRIMARY KEY (version); - - --- --- Name: buckets buckets_pkey; Type: CONSTRAINT; Schema: storage; Owner: - --- - -ALTER TABLE ONLY storage.buckets - ADD CONSTRAINT buckets_pkey PRIMARY KEY (id); - - --- --- Name: migrations migrations_name_key; Type: CONSTRAINT; Schema: storage; Owner: - --- - -ALTER TABLE ONLY storage.migrations - ADD CONSTRAINT migrations_name_key UNIQUE (name); - - --- --- Name: migrations migrations_pkey; Type: CONSTRAINT; Schema: storage; Owner: - --- - -ALTER TABLE ONLY storage.migrations - ADD CONSTRAINT migrations_pkey PRIMARY KEY (id); - - --- --- Name: objects objects_pkey; Type: CONSTRAINT; Schema: storage; Owner: - --- - -ALTER TABLE ONLY storage.objects - ADD CONSTRAINT objects_pkey PRIMARY KEY (id); - - --- --- Name: audit_logs_instance_id_idx; Type: INDEX; Schema: auth; Owner: - --- - -CREATE INDEX audit_logs_instance_id_idx ON auth.audit_log_entries USING btree (instance_id); - - --- --- Name: refresh_tokens_instance_id_idx; Type: INDEX; Schema: auth; Owner: - --- - -CREATE INDEX refresh_tokens_instance_id_idx ON auth.refresh_tokens USING btree (instance_id); - - --- --- Name: refresh_tokens_instance_id_user_id_idx; Type: INDEX; Schema: auth; Owner: - --- - -CREATE INDEX refresh_tokens_instance_id_user_id_idx ON auth.refresh_tokens USING btree (instance_id, user_id); - - --- --- Name: refresh_tokens_token_idx; Type: INDEX; Schema: auth; Owner: - --- - -CREATE INDEX refresh_tokens_token_idx ON auth.refresh_tokens USING btree (token); - - --- --- Name: users_instance_id_email_idx; Type: INDEX; Schema: auth; Owner: - --- - -CREATE INDEX users_instance_id_email_idx ON auth.users USING btree (instance_id, email); - - --- --- Name: users_instance_id_idx; Type: INDEX; Schema: auth; Owner: - --- - -CREATE INDEX users_instance_id_idx ON auth.users USING btree (instance_id); - - --- --- Name: bname; Type: INDEX; Schema: storage; Owner: - --- - -CREATE UNIQUE INDEX bname ON storage.buckets USING btree (name); - - --- --- Name: bucketid_objname; Type: INDEX; Schema: storage; Owner: - --- - -CREATE UNIQUE INDEX bucketid_objname ON storage.objects USING btree (bucket_id, name); - - --- --- Name: name_prefix_search; Type: INDEX; Schema: storage; Owner: - --- - -CREATE INDEX name_prefix_search ON storage.objects USING btree (name text_pattern_ops); - - --- --- Name: buckets buckets_owner_fkey; Type: FK CONSTRAINT; Schema: storage; Owner: - --- - -ALTER TABLE ONLY storage.buckets - ADD CONSTRAINT buckets_owner_fkey FOREIGN KEY (owner) REFERENCES auth.users(id); - - --- --- Name: objects objects_bucketId_fkey; Type: FK CONSTRAINT; Schema: storage; Owner: - --- - -ALTER TABLE ONLY storage.objects - ADD CONSTRAINT "objects_bucketId_fkey" FOREIGN KEY (bucket_id) REFERENCES storage.buckets(id); - - --- --- Name: objects objects_owner_fkey; Type: FK CONSTRAINT; Schema: storage; Owner: - --- - -ALTER TABLE ONLY storage.objects - ADD CONSTRAINT objects_owner_fkey FOREIGN KEY (owner) REFERENCES auth.users(id); - - --- --- Name: objects; Type: ROW SECURITY; Schema: storage; Owner: - --- - -ALTER TABLE storage.objects ENABLE ROW LEVEL SECURITY; - --- --- Name: supabase_realtime; Type: PUBLICATION; Schema: -; Owner: - --- - -CREATE PUBLICATION supabase_realtime WITH (publish = 'insert, update, delete, truncate'); - - --- --- Name: issue_graphql_placeholder; Type: EVENT TRIGGER; Schema: -; Owner: - --- - -CREATE EVENT TRIGGER issue_graphql_placeholder ON sql_drop - WHEN TAG IN ('DROP EXTENSION') - EXECUTE FUNCTION extensions.set_graphql_placeholder(); - - --- --- Name: issue_pg_cron_access; Type: EVENT TRIGGER; Schema: -; Owner: - --- - -CREATE EVENT TRIGGER issue_pg_cron_access ON ddl_command_end - WHEN TAG IN ('CREATE EXTENSION') - EXECUTE FUNCTION extensions.grant_pg_cron_access(); - - --- --- Name: issue_pg_graphql_access; Type: EVENT TRIGGER; Schema: -; Owner: - --- - -CREATE EVENT TRIGGER issue_pg_graphql_access ON ddl_command_end - WHEN TAG IN ('CREATE FUNCTION') - EXECUTE FUNCTION extensions.grant_pg_graphql_access(); - - --- --- Name: issue_pg_net_access; Type: EVENT TRIGGER; Schema: -; Owner: - --- - -CREATE EVENT TRIGGER issue_pg_net_access ON ddl_command_end - WHEN TAG IN ('CREATE EXTENSION') - EXECUTE FUNCTION extensions.grant_pg_net_access(); - - --- --- Name: pgrst_ddl_watch; Type: EVENT TRIGGER; Schema: -; Owner: - --- - -CREATE EVENT TRIGGER pgrst_ddl_watch ON ddl_command_end - EXECUTE FUNCTION extensions.pgrst_ddl_watch(); - - --- --- Name: pgrst_drop_watch; Type: EVENT TRIGGER; Schema: -; Owner: - --- - -CREATE EVENT TRIGGER pgrst_drop_watch ON sql_drop - EXECUTE FUNCTION extensions.pgrst_drop_watch(); - - --- --- PostgreSQL database dump complete --- - - --- --- Dbmate schema migrations --- - diff --git a/testinfra/test_all_in_one.py b/testinfra/test_all_in_one.py deleted file mode 100644 index 2763c5160..000000000 --- a/testinfra/test_all_in_one.py +++ /dev/null @@ -1,135 +0,0 @@ -from docker.models.containers import Container -from os import path -from time import sleep -from typing import cast -import docker -import pytest -import requests -import subprocess -import testinfra - -all_in_one_image_tag = "supabase/all-in-one:testinfra" -all_in_one_envs = { - "POSTGRES_PASSWORD": "postgres", - "JWT_SECRET": "super-secret-jwt-token-with-at-least-32-characters-long", - "ANON_KEY": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb2xlIjoiYW5vbiIsImlzcyI6InN1cGFiYXNlLWRlbW8iLCJpYXQiOjE2NDE3NjkyMDAsImV4cCI6MTc5OTUzNTYwMH0.F_rDxRTPE8OU83L_CNgEGXfmirMXmMMugT29Cvc8ygQ", - "SERVICE_ROLE_KEY": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb2xlIjoic2VydmljZV9yb2xlIiwiaXNzIjoic3VwYWJhc2UtZGVtbyIsImlhdCI6MTY0MTc2OTIwMCwiZXhwIjoxNzk5NTM1NjAwfQ.5z-pJI1qwZg1LE5yavGLqum65WOnnaaI5eZ3V00pLww", - "ADMIN_API_KEY": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb2xlIjoic3VwYWJhc2VfYWRtaW4iLCJpc3MiOiJzdXBhYmFzZS1kZW1vIiwiaWF0IjoxNjQxNzY5MjAwLCJleHAiOjE3OTk1MzU2MDB9.Y9mSNVuTw2TdfryoaqM5wySvwQemGGWfSe9ixcklVfM", - "DATA_VOLUME_MOUNTPOINT": "/data", - "MACHINE_TYPE": "shared_cpu_1x_512m", - "PLATFORM_DEPLOYMENT": "true", - "SWAP_DISABLED": "true", - "AUTOSHUTDOWN_ENABLED": "true", - "ENV_MAX_IDLE_TIME_MINUTES": "60", - "PGDATA": "/var/lib/postgresql/data", - "PGDATA_REAL": "/data/pgdata", -} - -# TODO: spin up local Logflare for Vector tests. - - -# scope='session' uses the same container for all the tests; -# scope='function' uses a new container per test function. -@pytest.fixture(scope="session") -def host(): - # We build the image with the Docker CLI in path instead of using docker-py - # (official Docker SDK for Python) because the latter doesn't use BuildKit, - # so things like `ARG TARGETARCH` don't work: - # - https://github.com/docker/docker-py/issues/2230 - # - https://docs.docker.com/engine/reference/builder/#automatic-platform-args-in-the-global-scope - subprocess.check_call( - [ - "docker", - "buildx", - "build", - "--file", - path.join(path.dirname(__file__), "../docker/all-in-one/Dockerfile"), - "--load", - "--tag", - all_in_one_image_tag, - path.join(path.dirname(__file__), ".."), - ] - ) - - docker_client = docker.from_env() - container = cast( - Container, - docker_client.containers.run( - all_in_one_image_tag, - detach=True, - environment=all_in_one_envs, - ports={ - "5432/tcp": 5432, - "8000/tcp": 8000, - }, - ), - ) - - def get_health(container: Container) -> str: - inspect_results = docker_client.api.inspect_container(container.name) - return inspect_results["State"]["Health"]["Status"] - - attempts = 0 - - # containers might appear healthy but crash during bootstrap - sleep(3) - - while True: - health = get_health(container) - if health == "healthy": - break - if attempts > 60 or health == "exited": - # print container logs for debugging - print(container.logs().decode("utf-8")) - - # write logs to file to be displayed in GHA output - with open("testinfra-aio-container-logs.log", "w") as f: - f.write(container.logs().decode("utf-8")) - - raise TimeoutError("Container failed to become healthy.") - attempts += 1 - sleep(1) - - # return a testinfra connection to the container - yield testinfra.get_host("docker://" + cast(str, container.name)) - - # at the end of the test suite, destroy the container - container.remove(v=True, force=True) - - -@pytest.mark.parametrize("service_name", [ - 'adminapi', - 'lsn-checkpoint-push', - 'pg_egress_collect', - 'postgresql', - 'logrotate', - 'supa-shutdown', - 'services:kong', - 'services:postgrest', - 'services:gotrue', -]) -def test_service_is_running(host, service_name): - assert host.supervisor(service_name).is_running - - -def test_postgrest_responds_to_requests(): - res = requests.get( - "http://localhost:8000/rest/v1/", - headers={ - "apikey": all_in_one_envs["ANON_KEY"], - "authorization": f"Bearer {all_in_one_envs['ANON_KEY']}", - }, - ) - assert res.ok - - -def test_postgrest_can_connect_to_db(): - res = requests.get( - "http://localhost:8000/rest/v1/buckets", - headers={ - "apikey": all_in_one_envs["SERVICE_ROLE_KEY"], - "authorization": f"Bearer {all_in_one_envs['SERVICE_ROLE_KEY']}", - "accept-profile": "storage", - }, - ) - assert res.ok diff --git a/testinfra/test_ami.py b/testinfra/test_ami.py deleted file mode 100644 index 403641dac..000000000 --- a/testinfra/test_ami.py +++ /dev/null @@ -1,443 +0,0 @@ -import base64 -import boto3 -import gzip -import logging -import os -import pytest -import requests -import socket -import testinfra -from ec2instanceconnectcli.EC2InstanceConnectLogger import EC2InstanceConnectLogger -from ec2instanceconnectcli.EC2InstanceConnectKey import EC2InstanceConnectKey -from time import sleep - -# if GITHUB_RUN_ID is not set, use a default value that includes the user and hostname -RUN_ID = os.environ.get("GITHUB_RUN_ID", "unknown-ci-run-" + os.environ.get("USER", "unknown-user") + '@' + socket.gethostname()) - -postgresql_schema_sql_content = """ -ALTER DATABASE postgres SET "app.settings.jwt_secret" TO 'my_jwt_secret_which_is_not_so_secret'; -ALTER DATABASE postgres SET "app.settings.jwt_exp" TO 3600; - -ALTER USER supabase_admin WITH PASSWORD 'postgres'; -ALTER USER postgres WITH PASSWORD 'postgres'; -ALTER USER authenticator WITH PASSWORD 'postgres'; -ALTER USER pgbouncer WITH PASSWORD 'postgres'; -ALTER USER supabase_auth_admin WITH PASSWORD 'postgres'; -ALTER USER supabase_storage_admin WITH PASSWORD 'postgres'; -ALTER USER supabase_replication_admin WITH PASSWORD 'postgres'; -ALTER ROLE supabase_read_only_user WITH PASSWORD 'postgres'; -ALTER ROLE supabase_admin SET search_path TO "$user",public,auth,extensions; -""" -realtime_env_content = "" -adminapi_yaml_content = """ -port: 8085 -host: 0.0.0.0 -ref: aaaaaaaaaaaaaaaaaaaa -jwt_secret: my_jwt_secret_which_is_not_so_secret -metric_collectors: - - filesystem - - meminfo - - netdev - - loadavg - - cpu - - diskstats - - vmstat -node_exporter_additional_args: - - '--collector.filesystem.ignored-mount-points=^/(boot|sys|dev|run).*' - - '--collector.netdev.device-exclude=lo' -cert_path: /etc/ssl/adminapi/server.crt -key_path: /etc/ssl/adminapi/server.key -upstream_metrics_refresh_duration: 60s -pgbouncer_endpoints: - - 'postgres://pgbouncer:postgres@localhost:6543/pgbouncer' -fail2ban_socket: /var/run/fail2ban/fail2ban.sock -upstream_metrics_sources: - - - name: system - url: 'https://localhost:8085/metrics' - labels_to_attach: [{name: supabase_project_ref, value: aaaaaaaaaaaaaaaaaaaa}, {name: service_type, value: db}] - skip_tls_verify: true - - - name: postgresql - url: 'http://localhost:9187/metrics' - labels_to_attach: [{name: supabase_project_ref, value: aaaaaaaaaaaaaaaaaaaa}, {name: service_type, value: postgresql}] - - - name: gotrue - url: 'http://localhost:9122/metrics' - labels_to_attach: [{name: supabase_project_ref, value: aaaaaaaaaaaaaaaaaaaa}, {name: service_type, value: gotrue}] - - - name: postgrest - url: 'http://localhost:3001/metrics' - labels_to_attach: [{name: supabase_project_ref, value: aaaaaaaaaaaaaaaaaaaa}, {name: service_type, value: postgrest}] -monitoring: - disk_usage: - enabled: true -firewall: - enabled: true - internal_ports: - - 9187 - - 8085 - - 9122 - privileged_ports: - - 22 - privileged_ports_allowlist: - - 0.0.0.0/0 - filtered_ports: - - 5432 - - 6543 - unfiltered_ports: - - 80 - - 443 - managed_rules_file: /etc/nftables/supabase_managed.conf -pg_egress_collect_path: /tmp/pg_egress_collect.txt -aws_config: - creds: - enabled: false - check_frequency: 1h - refresh_buffer_duration: 6h -""" -pgsodium_root_key_content = ( - "0000000000000000000000000000000000000000000000000000000000000000" -) -postgrest_base_conf_content = """ -db-uri = "postgres://authenticator:postgres@localhost:5432/postgres?application_name=postgrest" -db-schema = "public, storage, graphql_public" -db-anon-role = "anon" -jwt-secret = "my_jwt_secret_which_is_not_so_secret" -role-claim-key = ".role" -openapi-mode = "ignore-privileges" -db-use-legacy-gucs = true -admin-server-port = 3001 -server-host = "*6" -db-pool-acquisition-timeout = 10 -max-rows = 1000 -db-extra-search-path = "public, extensions" -""" -gotrue_env_content = """ -API_EXTERNAL_URL=http://localhost -GOTRUE_API_HOST=0.0.0.0 -GOTRUE_SITE_URL= -GOTRUE_DB_DRIVER=postgres -GOTRUE_DB_DATABASE_URL=postgres://supabase_auth_admin@localhost/postgres?sslmode=disable -GOTRUE_JWT_ADMIN_ROLES=supabase_admin,service_role -GOTRUE_JWT_AUD=authenticated -GOTRUE_JWT_SECRET=my_jwt_secret_which_is_not_so_secret -""" -walg_config_json_content = """ -{ - "AWS_REGION": "ap-southeast-1", - "WALG_S3_PREFIX": "", - "PGDATABASE": "postgres", - "PGUSER": "supabase_admin", - "PGPORT": 5432, - "WALG_DELTA_MAX_STEPS": 6, - "WALG_COMPRESSION_METHOD": "lz4" -} -""" -anon_key = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6ImFhYWFhYWFhYWFhYWFhYWFhYWFhIiwicm9sZSI6ImFub24iLCJpYXQiOjE2OTYyMjQ5NjYsImV4cCI6MjAxMTgwMDk2Nn0.QW95aRPA-4QuLzuvaIeeoFKlJP9J2hvAIpJ3WJ6G5zo" -service_role_key = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6ImFhYWFhYWFhYWFhYWFhYWFhYWFhIiwicm9sZSI6InNlcnZpY2Vfcm9sZSIsImlhdCI6MTY5NjIyNDk2NiwiZXhwIjoyMDExODAwOTY2fQ.Om7yqv15gC3mLGitBmvFRB3M4IsLsX9fXzTQnFM7lu0" -supabase_admin_key = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6ImFhYWFhYWFhYWFhYWFhYWFhYWFhIiwicm9sZSI6InN1cGFiYXNlX2FkbWluIiwiaWF0IjoxNjk2MjI0OTY2LCJleHAiOjIwMTE4MDA5NjZ9.jrD3j2rBWiIx0vhVZzd1CXFv7qkAP392nBMadvXxk1c" -init_json_content = f""" -{{ - "jwt_secret": "my_jwt_secret_which_is_not_so_secret", - "project_ref": "aaaaaaaaaaaaaaaaaaaa", - "logflare_api_key": "", - "logflare_pitr_errors_source": "", - "logflare_postgrest_source": "", - "logflare_pgbouncer_source": "", - "logflare_db_source": "", - "logflare_gotrue_source": "", - "anon_key": "{anon_key}", - "service_key": "{service_role_key}", - "supabase_admin_key": "{supabase_admin_key}", - "common_name": "db.aaaaaaaaaaaaaaaaaaaa.supabase.red", - "region": "ap-southeast-1", - "init_database_only": false -}} -""" - -logger = logging.getLogger("ami-tests") -handler = logging.StreamHandler() -formatter = logging.Formatter( - '%(asctime)s %(name)-12s %(levelname)-8s %(message)s') -handler.setFormatter(formatter) -logger.addHandler(handler) -logger.setLevel(logging.DEBUG) - -# scope='session' uses the same container for all the tests; -# scope='function' uses a new container per test function. -@pytest.fixture(scope="session") -def host(): - ec2 = boto3.resource("ec2", region_name="ap-southeast-1") - images = list( - ec2.images.filter( - Filters=[{"Name": "name", "Values": ["supabase-postgres-ci-ami-test"]}] - ) - ) - assert len(images) == 1 - image = images[0] - - def gzip_then_base64_encode(s: str) -> str: - return base64.b64encode(gzip.compress(s.encode())).decode() - - instance = list( - ec2.create_instances( - BlockDeviceMappings=[ - { - "DeviceName": "/dev/sda1", - "Ebs": { - "VolumeSize": 8, # gb - "Encrypted": True, - "DeleteOnTermination": True, - "VolumeType": "gp3", - }, - }, - ], - MetadataOptions={ - "HttpTokens": "required", - "HttpEndpoint": "enabled", - }, - IamInstanceProfile={"Name": "pg-ap-southeast-1"}, - InstanceType="t4g.micro", - MinCount=1, - MaxCount=1, - ImageId=image.id, - NetworkInterfaces=[ - { - "DeviceIndex": 0, - "AssociatePublicIpAddress": True, - "Groups": ["sg-0a883ca614ebfbae0", "sg-014d326be5a1627dc"], - } - ], - UserData=f"""#cloud-config -hostname: db-aaaaaaaaaaaaaaaaaaaa -write_files: - - {{path: /etc/postgresql.schema.sql, content: {gzip_then_base64_encode(postgresql_schema_sql_content)}, permissions: '0600', encoding: gz+b64}} - - {{path: /etc/realtime.env, content: {gzip_then_base64_encode(realtime_env_content)}, permissions: '0664', encoding: gz+b64}} - - {{path: /etc/adminapi/adminapi.yaml, content: {gzip_then_base64_encode(adminapi_yaml_content)}, permissions: '0600', owner: 'adminapi:root', encoding: gz+b64}} - - {{path: /etc/postgresql-custom/pgsodium_root.key, content: {gzip_then_base64_encode(pgsodium_root_key_content)}, permissions: '0600', owner: 'postgres:postgres', encoding: gz+b64}} - - {{path: /etc/postgrest/base.conf, content: {gzip_then_base64_encode(postgrest_base_conf_content)}, permissions: '0664', encoding: gz+b64}} - - {{path: /etc/gotrue.env, content: {gzip_then_base64_encode(gotrue_env_content)}, permissions: '0664', encoding: gz+b64}} - - {{path: /etc/wal-g/config.json, content: {gzip_then_base64_encode(walg_config_json_content)}, permissions: '0664', owner: 'wal-g:wal-g', encoding: gz+b64}} - - {{path: /tmp/init.json, content: {gzip_then_base64_encode(init_json_content)}, permissions: '0600', encoding: gz+b64}} -runcmd: - - 'sudo echo \"pgbouncer\" \"postgres\" >> /etc/pgbouncer/userlist.txt' - - 'cd /tmp && aws s3 cp --region ap-southeast-1 s3://init-scripts-staging/project/init.sh .' - - 'bash init.sh "staging"' - - 'rm -rf /tmp/*' -""", - TagSpecifications=[ - { - "ResourceType": "instance", - "Tags": [ - {"Key": "Name", "Value": "ci-ami-test"}, - {"Key": "creator", "Value": "testinfra-ci"}, - {"Key": "testinfra-run-id", "Value": RUN_ID} - ], - } - ], - ) - )[0] - instance.wait_until_running() - - ec2logger = EC2InstanceConnectLogger(debug=False) - temp_key = EC2InstanceConnectKey(ec2logger.get_logger()) - ec2ic = boto3.client("ec2-instance-connect", region_name="ap-southeast-1") - response = ec2ic.send_ssh_public_key( - InstanceId=instance.id, - InstanceOSUser="ubuntu", - SSHPublicKey=temp_key.get_pub_key(), - ) - assert response["Success"] - - # instance doesn't have public ip yet - while not instance.public_ip_address: - logger.warning("waiting for ip to be available") - sleep(5) - instance.reload() - - while True: - sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) - if sock.connect_ex((instance.public_ip_address, 22)) == 0: - break - else: - logger.warning("waiting for ssh to be available") - sleep(10) - - host = testinfra.get_host( - # paramiko is an ssh backend - f"paramiko://ubuntu@{instance.public_ip_address}?timeout=60", - ssh_identity_file=temp_key.get_priv_key_file(), - ) - - def is_healthy(host) -> bool: - cmd = host.run("pg_isready -U postgres") - if cmd.failed is True: - logger.warning("pg not ready") - return False - - cmd = host.run(f"curl -sf -k --connect-timeout 30 --max-time 60 https://localhost:8085/health -H 'apikey: {supabase_admin_key}'") - if cmd.failed is True: - logger.warning("adminapi not ready") - return False - - cmd = host.run("curl -sf --connect-timeout 30 --max-time 60 http://localhost:3001/ready") - if cmd.failed is True: - logger.warning("postgrest not ready") - return False - - cmd = host.run("curl -sf --connect-timeout 30 --max-time 60 http://localhost:8081/health") - if cmd.failed is True: - logger.warning("gotrue not ready") - return False - - # TODO(thebengeu): switch to checking Envoy once it's the default. - cmd = host.run("sudo kong health") - if cmd.failed is True: - logger.warning("kong not ready") - return False - - cmd = host.run("sudo fail2ban-client status") - if cmd.failed is True: - logger.warning("fail2ban not ready") - return False - - return True - - while True: - if is_healthy(host): - break - sleep(1) - - # return a testinfra connection to the instance - yield host - - # at the end of the test suite, destroy the instance - instance.terminate() - - -def test_postgrest_is_running(host): - postgrest = host.service("postgrest") - assert postgrest.is_running - - -def test_postgrest_responds_to_requests(host): - res = requests.get( - f"http://{host.backend.get_hostname()}/rest/v1/", - headers={ - "apikey": anon_key, - "authorization": f"Bearer {anon_key}", - }, - ) - assert res.ok - - -def test_postgrest_can_connect_to_db(host): - res = requests.get( - f"http://{host.backend.get_hostname()}/rest/v1/buckets", - headers={ - "apikey": service_role_key, - "authorization": f"Bearer {service_role_key}", - "accept-profile": "storage", - }, - ) - assert res.ok - - -# There would be an error if the `apikey` query parameter isn't removed, -# since PostgREST treats query parameters as conditions. -# -# Worth testing since remove_apikey_query_parameters uses regexp instead -# of parsed query parameters. -def test_postgrest_starting_apikey_query_parameter_is_removed(host): - res = requests.get( - f"http://{host.backend.get_hostname()}/rest/v1/buckets", - headers={ - "accept-profile": "storage", - }, - params={ - "apikey": service_role_key, - "id": "eq.absent", - "name": "eq.absent", - }, - ) - assert res.ok - - -def test_postgrest_middle_apikey_query_parameter_is_removed(host): - res = requests.get( - f"http://{host.backend.get_hostname()}/rest/v1/buckets", - headers={ - "accept-profile": "storage", - }, - params={ - "id": "eq.absent", - "apikey": service_role_key, - "name": "eq.absent", - }, - ) - assert res.ok - - -def test_postgrest_ending_apikey_query_parameter_is_removed(host): - res = requests.get( - f"http://{host.backend.get_hostname()}/rest/v1/buckets", - headers={ - "accept-profile": "storage", - }, - params={ - "id": "eq.absent", - "name": "eq.absent", - "apikey": service_role_key, - }, - ) - assert res.ok - -# There would be an error if the empty key query parameter isn't removed, -# since PostgREST treats empty key query parameters as malformed input. -# -# Worth testing since remove_apikey_and_empty_key_query_parameters uses regexp instead -# of parsed query parameters. -def test_postgrest_starting_empty_key_query_parameter_is_removed(host): - res = requests.get( - f"http://{host.backend.get_hostname()}/rest/v1/buckets", - headers={ - "accept-profile": "storage", - }, - params={ - "": "empty_key", - "id": "eq.absent", - "apikey": service_role_key, - }, - ) - assert res.ok - - -def test_postgrest_middle_empty_key_query_parameter_is_removed(host): - res = requests.get( - f"http://{host.backend.get_hostname()}/rest/v1/buckets", - headers={ - "accept-profile": "storage", - }, - params={ - "apikey": service_role_key, - "": "empty_key", - "id": "eq.absent", - }, - ) - assert res.ok - - -def test_postgrest_ending_empty_key_query_parameter_is_removed(host): - res = requests.get( - f"http://{host.backend.get_hostname()}/rest/v1/buckets", - headers={ - "accept-profile": "storage", - }, - params={ - "id": "eq.absent", - "apikey": service_role_key, - "": "empty_key", - }, - ) - assert res.ok From f60adbbdc64e5ac738e53e2c79feab06ff67cb14 Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Mon, 3 Feb 2025 15:20:33 -0500 Subject: [PATCH 2/2] chore: update ci.yml to reflect where data is now stored --- .github/workflows/ci.yml | 38 ++++++++++++++++++++++++++++++++------ 1 file changed, 32 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 59993411c..510de7be6 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -11,11 +11,37 @@ jobs: - name: Checkout Repo uses: actions/checkout@v3 + - name: Load postgres_release values + id: load_postgres_release + uses: mikefarah/yq@master + with: + args: eval '.postgres_release' ansible/vars.yml + # The output will be available as steps.load_postgres_release.outputs.stdout + - name: Run checks - # Update `ami-release.yaml` too if changing constraints. run: | - SUFFIX=$(sed -E 's/postgres-version = "[0-9\.]+(.*)"/\1/g' common.vars.pkr.hcl) - if [[ -n $SUFFIX ]] ; then - echo "We no longer allow merging RC versions to develop." - exit 1 - fi + POSTGRES_RELEASES="${{ steps.load_postgres_release.outputs.stdout }}" + + # Iterate through each release + for release in $(echo "$POSTGRES_RELEASES" | yq eval 'keys | .[]' -); do + VERSION=$(echo "$POSTGRES_RELEASES" | yq eval ".\"$release\"" -) + if [[ "$release" == "postgresorioledb-17" ]]; then + # Check for suffix after -orioledb + if [[ "$VERSION" =~ -orioledb(.*) ]]; then + SUFFIX="${BASH_REMATCH[1]}" + if [[ -n "$SUFFIX" ]]; then + echo "We no longer allow merging versions with suffixes after -orioledb." + exit 1 + fi + fi + else + # Check for suffix after version digits + if [[ "$VERSION" =~ ([0-9]+\.[0-9]+\.[0-9]+)(.*) ]]; then + SUFFIX="${BASH_REMATCH[2]}" + if [[ -n "$SUFFIX" ]]; then + echo "We no longer allow merging versions with suffixes after version $VERSION." + exit 1 + fi + fi + fi + done