From b4d8dfc7e774ccc4bb6cca52fa1dd29040407f97 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jean-Fran=C3=A7ois=20Roche?= Date: Tue, 11 Nov 2025 11:44:50 +0100 Subject: [PATCH 1/2] feat: add branch-based versioning for PR AMI builds (#1902) * feat: add branch-based versioning for PR AMI builds Manually create unique Postgres version names in branch often leads to version conflicts with the base branch versions. These conflicts force developers to deal with manual conflict resolution and unnecessary rebuilds. To address this, this change implement automatic branch-based versioning for AMI builds triggered via workflow_dispatch on non-develop and non-release branches. The branch name is sanitized and appended to the Postgres version string. Example: Branch 'multi-version-ext/pg-partman' produces postgres version 'multi-version-ext-pg-partman' * feat: add notice message for published AMI version Display the published postgres AMI version using GitHub Actions `::notice` annotation. * feat: run actionlint on GitHub Actions workflows Starting to lint GitHub Actions workflows with actionlint. * fix: generate a unique AMI version GitHub run_id is appended to the version suffix to ensure uniqueness. It also enables to track the AMI back to the specific workflow run that created it using url like: https://github.com/supabase/postgres/actions/runs/ --- .github/actionlint.yml | 4 ++++ .github/workflows/ami-release-nix.yml | 31 ++++++++++++--------------- nix/hooks.nix | 12 +++++++++++ 3 files changed, 30 insertions(+), 17 deletions(-) create mode 100644 .github/actionlint.yml diff --git a/.github/actionlint.yml b/.github/actionlint.yml new file mode 100644 index 000000000..eaf4d7d50 --- /dev/null +++ b/.github/actionlint.yml @@ -0,0 +1,4 @@ +self-hosted-runner: + labels: + - blacksmith-2vcpu-ubuntu-2404-arm + - blacksmith-4vcpu-ubuntu-2404 diff --git a/.github/workflows/ami-release-nix.yml b/.github/workflows/ami-release-nix.yml index af003c0e2..3a8bf726f 100644 --- a/.github/workflows/ami-release-nix.yml +++ b/.github/workflows/ami-release-nix.yml @@ -36,7 +36,7 @@ jobs: id: set-versions run: | VERSIONS=$(nix run nixpkgs#yq -- '.postgres_major[]' ansible/vars.yml | nix run nixpkgs#jq -- -R -s -c 'split("\n")[:-1]') - echo "postgres_versions=$VERSIONS" >> $GITHUB_OUTPUT + echo "postgres_versions=$VERSIONS" >> "$GITHUB_OUTPUT" build: needs: prepare @@ -67,25 +67,21 @@ jobs: substituters = https://cache.nixos.org https://nix-postgres-artifacts.s3.amazonaws.com trusted-public-keys = nix-postgres-artifacts:dGZlQOvKcNEjvT7QEAJbcV6b6uk7VF/hWMjhYleiaLI= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= - - name: Run checks if triggered manually - if: ${{ github.event_name == 'workflow_dispatch' }} - run: | - SUFFIX=$(nix run nixpkgs#yq -- ".postgres_release[\"postgres${{ matrix.postgres_version }}\"]" ansible/vars.yml | sed -E 's/[0-9\.]+(.*)$/\1/') - if [[ -z "$SUFFIX" ]] ; then - echo "Version must include non-numeric characters if built manually." - exit 1 - fi - - name: Set PostgreSQL version environment variable run: | - echo "POSTGRES_MAJOR_VERSION=${{ matrix.postgres_version }}" >> $GITHUB_ENV - echo "EXECUTION_ID=${{ github.run_id }}-${{ matrix.postgres_version }}" >> $GITHUB_ENV + echo "POSTGRES_MAJOR_VERSION=${{ matrix.postgres_version }}" >> "$GITHUB_ENV" + echo "EXECUTION_ID=${{ github.run_id }}-${{ matrix.postgres_version }}" >> "$GITHUB_ENV" - name: Generate common-nix.vars.pkr.hcl run: | - PG_VERSION=$(nix run nixpkgs#yq -- '.postgres_release["postgres'${{ matrix.postgres_version }}'"]' ansible/vars.yml) - PG_VERSION=$(echo "$PG_VERSION" | tr -d '"') # Remove any surrounding quotes - echo 'postgres-version = "'$PG_VERSION'"' > common-nix.vars.pkr.hcl + PG_VERSION="$(nix run nixpkgs#yq -- -r '.postgres_release["postgres'${{ matrix.postgres_version }}'"]' ansible/vars.yml)" + BRANCH_NAME="$(echo "${{ github.ref }}" | sed 's|refs/heads/||')" + if [[ "${{ github.event_name }}" == "workflow_dispatch" && "$BRANCH_NAME" != "develop" && "$BRANCH_NAME" != release/* ]]; then + SUFFIX="${BRANCH_NAME//[^a-zA-Z0-9._-]/-}-${{ github.run_id }}" + PG_VERSION="${PG_VERSION}-${SUFFIX}" + echo "Added branch suffix to version: $SUFFIX" + fi + echo "postgres-version = \"$PG_VERSION\"" > common-nix.vars.pkr.hcl # Ensure there's a newline at the end of the file echo "" >> common-nix.vars.pkr.hcl @@ -110,8 +106,9 @@ jobs: - name: Grab release version id: process_release_version run: | - VERSION=$(cat common-nix.vars.pkr.hcl | sed -e 's/postgres-version = "\(.*\)"/\1/g') - echo "version=$VERSION" >> $GITHUB_OUTPUT + VERSION=$(sed -e 's/postgres-version = "\(.*\)"/\1/g' common-nix.vars.pkr.hcl) + echo "version=$VERSION" >> "$GITHUB_OUTPUT" + echo "::notice title=AMI Published::Postgres AMI version: $VERSION" - name: Create nix flake revision tarball run: | diff --git a/nix/hooks.nix b/nix/hooks.nix index 896c262ba..bcd0e0300 100644 --- a/nix/hooks.nix +++ b/nix/hooks.nix @@ -1,4 +1,8 @@ { inputs, ... }: +let + ghWorkflows = builtins.attrNames (builtins.readDir ../.github/workflows); + lintedWorkflows = [ "ami-release-nix.yml" ]; +in { imports = [ inputs.git-hooks.flakeModule ]; perSystem = @@ -8,9 +12,17 @@ check.enable = true; settings = { hooks = { + actionlint = { + enable = true; + excludes = builtins.filter (name: !builtins.elem name lintedWorkflows) ghWorkflows; + verbose = true; + }; + treefmt = { enable = true; package = config.treefmt.build.wrapper; + pass_filenames = false; + verbose = true; }; }; }; From 6817c8448017c59c965f88dd0964be0c16bab506 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jean-Fran=C3=A7ois=20Roche?= Date: Tue, 11 Nov 2025 21:38:51 +0100 Subject: [PATCH 2/2] feat: ami-release-nix.yml workflow triggers for pg_upgrade scripts and bin flake version workflows Once the AMI release workflow completes, it now triggers the pg_upgrade_scripts and pg_upgrade_bin flake version publishing workflows. This ensures that the necessary upgrade tools are published in sync with new PostgreSQL releases with the correct versioning. --- .github/workflows/ami-release-nix.yml | 15 +++++++++++++++ ...publish-nix-pgupgrade-bin-flake-version.yml | 18 +++++++++++++----- .../publish-nix-pgupgrade-scripts.yml | 17 ++++++++++------- 3 files changed, 38 insertions(+), 12 deletions(-) diff --git a/.github/workflows/ami-release-nix.yml b/.github/workflows/ami-release-nix.yml index 3a8bf726f..d47b20340 100644 --- a/.github/workflows/ami-release-nix.yml +++ b/.github/workflows/ami-release-nix.yml @@ -14,6 +14,7 @@ on: permissions: contents: write id-token: write + actions: write jobs: prepare: @@ -168,6 +169,20 @@ jobs: tag_name: ${{ steps.process_release_version.outputs.version }} target_commitish: ${{github.sha}} + - name: Trigger pg_upgrade_scripts workflow + env: + GH_TOKEN: ${{ github.token }} + run: | + gh workflow run publish-nix-pgupgrade-scripts.yml \ + -f postgresVersion="${{ steps.process_release_version.outputs.version }}" + + - name: Trigger pg_upgrade_bin flake version workflow + env: + GH_TOKEN: ${{ github.token }} + run: | + gh workflow run publish-nix-pgupgrade-bin-flake-version.yml \ + -f postgresVersion="${{ steps.process_release_version.outputs.version }}" + - name: Slack Notification on Failure if: ${{ failure() }} uses: rtCamp/action-slack-notify@v2 diff --git a/.github/workflows/publish-nix-pgupgrade-bin-flake-version.yml b/.github/workflows/publish-nix-pgupgrade-bin-flake-version.yml index 1e1b69b1d..00dbab558 100644 --- a/.github/workflows/publish-nix-pgupgrade-bin-flake-version.yml +++ b/.github/workflows/publish-nix-pgupgrade-bin-flake-version.yml @@ -24,7 +24,12 @@ jobs: - name: Set PostgreSQL versions id: set-versions run: | - VERSIONS=$(nix run nixpkgs#yq -- '.postgres_major[]' ansible/vars.yml | nix run nixpkgs#jq -- -R -s -c 'split("\n")[:-1]') + if [[ "${{ inputs.postgresVersion }}" != "" ]]; then + MAJOR_VERSION=$(echo "${{ inputs.postgresVersion }}" | cut -d'.' -f1) + VERSIONS="[\"$MAJOR_VERSION\"]" + else + VERSIONS=$(nix run nixpkgs#yq -- '.postgres_major[]' ansible/vars.yml | nix run nixpkgs#jq -- -R -s -c 'split("\n")[:-1]') + fi echo "postgres_versions=$VERSIONS" >> $GITHUB_OUTPUT publish-staging: @@ -43,10 +48,10 @@ jobs: - name: Grab release version id: process_release_version run: | - VERSION=$(nix run nixpkgs#yq -- '.postgres_release["postgres'${{ matrix.postgres_version }}'"]' ansible/vars.yml) - VERSION=$(echo "$VERSION" | tr -d '"') # Remove any surrounding quotes if [[ "${{ inputs.postgresVersion }}" != "" ]]; then VERSION="${{ inputs.postgresVersion }}" + else + VERSION=$(nix run nixpkgs#yq -- '.postgres_release["postgres'${{ matrix.postgres_version }}'"]' ansible/vars.yml) fi echo "version=$VERSION" >> "$GITHUB_OUTPUT" echo "major_version=$(echo $VERSION | cut -d'.' -f1)" >> "$GITHUB_OUTPUT" @@ -95,8 +100,11 @@ jobs: - name: Grab release version id: process_release_version run: | - VERSION=$(nix run nixpkgs#yq -- '.postgres_release["postgres'${{ matrix.postgres_version }}'"]' ansible/vars.yml) - VERSION=$(echo $VERSION | tr -d '"') # Remove any surrounding quotes + if [[ "${{ inputs.postgresVersion }}" != "" ]]; then + VERSION="${{ inputs.postgresVersion }}" + else + VERSION=$(nix run nixpkgs#yq -- -r '.postgres_release["postgres'${{ matrix.postgres_version }}'"]' ansible/vars.yml) + fi echo "version=$VERSION" >> "$GITHUB_OUTPUT" echo "major_version=$(echo $VERSION | cut -d'.' -f1)" >> "$GITHUB_OUTPUT" diff --git a/.github/workflows/publish-nix-pgupgrade-scripts.yml b/.github/workflows/publish-nix-pgupgrade-scripts.yml index 029d7deaf..761e149a1 100644 --- a/.github/workflows/publish-nix-pgupgrade-scripts.yml +++ b/.github/workflows/publish-nix-pgupgrade-scripts.yml @@ -25,13 +25,16 @@ jobs: steps: - name: Checkout Repo uses: supabase/postgres/.github/actions/shared-checkout@HEAD - - uses: ./.github/actions/nix-install-ephemeral - - name: Set PostgreSQL versions id: set-versions run: | - VERSIONS=$(nix run nixpkgs#yq -- '.postgres_major[]' ansible/vars.yml | nix run nixpkgs#jq -- -R -s -c 'split("\n")[:-1]') + if [[ "${{ inputs.postgresVersion }}" != "" ]]; then + MAJOR_VERSION=$(echo "${{ inputs.postgresVersion }}" | cut -d'.' -f1) + VERSIONS="[\"$MAJOR_VERSION\"]" + else + VERSIONS=$(nix run nixpkgs#yq -- '.postgres_major[]' ansible/vars.yml | nix run nixpkgs#jq -- -R -s -c 'split("\n")[:-1]') + fi echo "postgres_versions=$VERSIONS" >> $GITHUB_OUTPUT publish-staging: @@ -50,10 +53,10 @@ jobs: - name: Grab release version id: process_release_version run: | - VERSION=$(nix run nixpkgs#yq -- '.postgres_release["postgres'${{ matrix.postgres_version }}'"]' ansible/vars.yml) - VERSION=$(echo "$VERSION" | tr -d '"') # Remove any surrounding quotes if [[ "${{ inputs.postgresVersion }}" != "" ]]; then VERSION="${{ inputs.postgresVersion }}" + else + VERSION=$(nix run nixpkgs#yq -- -r '.postgres_release["postgres'${{ matrix.postgres_version }}'"]' ansible/vars.yml) fi echo "version=$VERSION" >> "$GITHUB_OUTPUT" @@ -101,10 +104,10 @@ jobs: - name: Grab release version id: process_release_version run: | - VERSION=$(nix run nixpkgs#yq -- '.postgres_release["postgres'${{ matrix.postgres_version }}'"]' ansible/vars.yml) - VERSION=$(echo "$VERSION" | tr -d '"') # Remove any surrounding quotes if [[ "${{ inputs.postgresVersion }}" != "" ]]; then VERSION="${{ inputs.postgresVersion }}" + else + VERSION=$(nix run nixpkgs#yq -- -r '.postgres_release["postgres'${{ matrix.postgres_version }}'"]' ansible/vars.yml) fi echo "version=$VERSION" >> "$GITHUB_OUTPUT"