From afe3766e78248bb04b3e9b161e88bacaf22485e9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jean-Fran=C3=A7ois=20Roche?= Date: Mon, 10 Nov 2025 13:45:25 +0100 Subject: [PATCH 1/4] feat: add branch-based versioning for PR AMI builds Manually create unique Postgres version names in branch often leads to version conflicts with the base branch versions. These conflicts force developers to deal with manual conflict resolution and unnecessary rebuilds. To address this, this change implement automatic branch-based versioning for AMI builds triggered via workflow_dispatch on non-develop and non-release branches. The branch name is sanitized and appended to the Postgres version string. Example: Branch 'multi-version-ext/pg-partman' produces postgres version 'multi-version-ext-pg-partman' --- .github/workflows/ami-release-nix.yml | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) diff --git a/.github/workflows/ami-release-nix.yml b/.github/workflows/ami-release-nix.yml index af003c0e2..b24384588 100644 --- a/.github/workflows/ami-release-nix.yml +++ b/.github/workflows/ami-release-nix.yml @@ -67,15 +67,6 @@ jobs: substituters = https://cache.nixos.org https://nix-postgres-artifacts.s3.amazonaws.com trusted-public-keys = nix-postgres-artifacts:dGZlQOvKcNEjvT7QEAJbcV6b6uk7VF/hWMjhYleiaLI= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= - - name: Run checks if triggered manually - if: ${{ github.event_name == 'workflow_dispatch' }} - run: | - SUFFIX=$(nix run nixpkgs#yq -- ".postgres_release[\"postgres${{ matrix.postgres_version }}\"]" ansible/vars.yml | sed -E 's/[0-9\.]+(.*)$/\1/') - if [[ -z "$SUFFIX" ]] ; then - echo "Version must include non-numeric characters if built manually." - exit 1 - fi - - name: Set PostgreSQL version environment variable run: | echo "POSTGRES_MAJOR_VERSION=${{ matrix.postgres_version }}" >> $GITHUB_ENV @@ -83,8 +74,13 @@ jobs: - name: Generate common-nix.vars.pkr.hcl run: | - PG_VERSION=$(nix run nixpkgs#yq -- '.postgres_release["postgres'${{ matrix.postgres_version }}'"]' ansible/vars.yml) - PG_VERSION=$(echo "$PG_VERSION" | tr -d '"') # Remove any surrounding quotes + PG_VERSION="$(nix run nixpkgs#yq -- -r '.postgres_release["postgres'${{ matrix.postgres_version }}'"]' ansible/vars.yml)" + BRANCH_NAME="$(echo "${{ github.ref }}" | sed 's|refs/heads/||')" + if [[ "${{ github.event_name }}" == "workflow_dispatch" && "$BRANCH_NAME" != "develop" && "$BRANCH_NAME" != release/* ]]; then + SUFFIX="${BRANCH_NAME//[^a-zA-Z0-9._-]/-}" + PG_VERSION="${PG_VERSION}-${SUFFIX}" + echo "Added branch suffix to version: $SUFFIX" + fi echo 'postgres-version = "'$PG_VERSION'"' > common-nix.vars.pkr.hcl # Ensure there's a newline at the end of the file echo "" >> common-nix.vars.pkr.hcl From e3a832d270bd7b0f35d7d0f59b02ab6258c0e24f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jean-Fran=C3=A7ois=20Roche?= Date: Mon, 10 Nov 2025 13:58:46 +0100 Subject: [PATCH 2/4] feat: add notice message for published AMI version Display the published postgres AMI version using GitHub Actions `::notice` annotation. --- .github/workflows/ami-release-nix.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/ami-release-nix.yml b/.github/workflows/ami-release-nix.yml index b24384588..1e75d7e94 100644 --- a/.github/workflows/ami-release-nix.yml +++ b/.github/workflows/ami-release-nix.yml @@ -108,6 +108,7 @@ jobs: run: | VERSION=$(cat common-nix.vars.pkr.hcl | sed -e 's/postgres-version = "\(.*\)"/\1/g') echo "version=$VERSION" >> $GITHUB_OUTPUT + echo "::notice title=AMI Published::Postgres AMI version: $VERSION" - name: Create nix flake revision tarball run: | From dfc525c02f05f2c6de885138df9ba1f35d5a1fae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jean-Fran=C3=A7ois=20Roche?= Date: Mon, 6 Oct 2025 15:05:41 +0200 Subject: [PATCH 3/4] feat: run actionlint on GitHub Actions workflows Starting to lint GitHub Actions workflows with actionlint. --- .github/actionlint.yml | 4 ++++ .github/workflows/ami-release-nix.yml | 12 ++++++------ nix/hooks.nix | 12 ++++++++++++ 3 files changed, 22 insertions(+), 6 deletions(-) create mode 100644 .github/actionlint.yml diff --git a/.github/actionlint.yml b/.github/actionlint.yml new file mode 100644 index 000000000..eaf4d7d50 --- /dev/null +++ b/.github/actionlint.yml @@ -0,0 +1,4 @@ +self-hosted-runner: + labels: + - blacksmith-2vcpu-ubuntu-2404-arm + - blacksmith-4vcpu-ubuntu-2404 diff --git a/.github/workflows/ami-release-nix.yml b/.github/workflows/ami-release-nix.yml index 1e75d7e94..3bcddf6e0 100644 --- a/.github/workflows/ami-release-nix.yml +++ b/.github/workflows/ami-release-nix.yml @@ -36,7 +36,7 @@ jobs: id: set-versions run: | VERSIONS=$(nix run nixpkgs#yq -- '.postgres_major[]' ansible/vars.yml | nix run nixpkgs#jq -- -R -s -c 'split("\n")[:-1]') - echo "postgres_versions=$VERSIONS" >> $GITHUB_OUTPUT + echo "postgres_versions=$VERSIONS" >> "$GITHUB_OUTPUT" build: needs: prepare @@ -69,8 +69,8 @@ jobs: - name: Set PostgreSQL version environment variable run: | - echo "POSTGRES_MAJOR_VERSION=${{ matrix.postgres_version }}" >> $GITHUB_ENV - echo "EXECUTION_ID=${{ github.run_id }}-${{ matrix.postgres_version }}" >> $GITHUB_ENV + echo "POSTGRES_MAJOR_VERSION=${{ matrix.postgres_version }}" >> "$GITHUB_ENV" + echo "EXECUTION_ID=${{ github.run_id }}-${{ matrix.postgres_version }}" >> "$GITHUB_ENV" - name: Generate common-nix.vars.pkr.hcl run: | @@ -81,7 +81,7 @@ jobs: PG_VERSION="${PG_VERSION}-${SUFFIX}" echo "Added branch suffix to version: $SUFFIX" fi - echo 'postgres-version = "'$PG_VERSION'"' > common-nix.vars.pkr.hcl + echo "postgres-version = \"$PG_VERSION\"" > common-nix.vars.pkr.hcl # Ensure there's a newline at the end of the file echo "" >> common-nix.vars.pkr.hcl @@ -106,8 +106,8 @@ jobs: - name: Grab release version id: process_release_version run: | - VERSION=$(cat common-nix.vars.pkr.hcl | sed -e 's/postgres-version = "\(.*\)"/\1/g') - echo "version=$VERSION" >> $GITHUB_OUTPUT + VERSION=$(sed -e 's/postgres-version = "\(.*\)"/\1/g' common-nix.vars.pkr.hcl) + echo "version=$VERSION" >> "$GITHUB_OUTPUT" echo "::notice title=AMI Published::Postgres AMI version: $VERSION" - name: Create nix flake revision tarball diff --git a/nix/hooks.nix b/nix/hooks.nix index 896c262ba..bcd0e0300 100644 --- a/nix/hooks.nix +++ b/nix/hooks.nix @@ -1,4 +1,8 @@ { inputs, ... }: +let + ghWorkflows = builtins.attrNames (builtins.readDir ../.github/workflows); + lintedWorkflows = [ "ami-release-nix.yml" ]; +in { imports = [ inputs.git-hooks.flakeModule ]; perSystem = @@ -8,9 +12,17 @@ check.enable = true; settings = { hooks = { + actionlint = { + enable = true; + excludes = builtins.filter (name: !builtins.elem name lintedWorkflows) ghWorkflows; + verbose = true; + }; + treefmt = { enable = true; package = config.treefmt.build.wrapper; + pass_filenames = false; + verbose = true; }; }; }; From 38df1529982b5455b3cd434c15d8c2502600711b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jean-Fran=C3=A7ois=20Roche?= Date: Mon, 10 Nov 2025 23:07:04 +0100 Subject: [PATCH 4/4] fix: generate a unique AMI version GitHub run_id is appended to the version suffix to ensure uniqueness. It also enables to track the AMI back to the specific workflow run that created it using url like: https://github.com/supabase/postgres/actions/runs/ --- .github/workflows/ami-release-nix.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ami-release-nix.yml b/.github/workflows/ami-release-nix.yml index 3bcddf6e0..3a8bf726f 100644 --- a/.github/workflows/ami-release-nix.yml +++ b/.github/workflows/ami-release-nix.yml @@ -77,7 +77,7 @@ jobs: PG_VERSION="$(nix run nixpkgs#yq -- -r '.postgres_release["postgres'${{ matrix.postgres_version }}'"]' ansible/vars.yml)" BRANCH_NAME="$(echo "${{ github.ref }}" | sed 's|refs/heads/||')" if [[ "${{ github.event_name }}" == "workflow_dispatch" && "$BRANCH_NAME" != "develop" && "$BRANCH_NAME" != release/* ]]; then - SUFFIX="${BRANCH_NAME//[^a-zA-Z0-9._-]/-}" + SUFFIX="${BRANCH_NAME//[^a-zA-Z0-9._-]/-}-${{ github.run_id }}" PG_VERSION="${PG_VERSION}-${SUFFIX}" echo "Added branch suffix to version: $SUFFIX" fi