feat(auth): bump to v2.184.0 (#1981) #885
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release AMI Nix | |
| on: | |
| push: | |
| branches: | |
| - develop | |
| - release/* | |
| paths: | |
| - '.github/workflows/ami-release-nix.yml' | |
| - 'common-nix.vars.pkr.hcl' | |
| - 'ansible/vars.yml' | |
| workflow_dispatch: | |
| permissions: | |
| contents: write | |
| id-token: write | |
| jobs: | |
| prepare: | |
| runs-on: blacksmith-4vcpu-ubuntu-2404 | |
| outputs: | |
| postgres_versions: ${{ steps.set-versions.outputs.postgres_versions }} | |
| steps: | |
| - name: Checkout Repo | |
| uses: supabase/postgres/.github/actions/shared-checkout@HEAD | |
| - name: Install nix | |
| uses: ./.github/actions/nix-install-ephemeral | |
| - name: Set PostgreSQL versions | |
| id: set-versions | |
| run: | | |
| VERSIONS=$(nix run nixpkgs#yq -- -r '.postgres_major[]' ansible/vars.yml | nix run nixpkgs#jq -- -R -s -c 'split("\n")[:-1]') | |
| echo "postgres_versions=$VERSIONS" >> "$GITHUB_OUTPUT" | |
| build: | |
| needs: prepare | |
| strategy: | |
| matrix: | |
| postgres_version: ${{ fromJson(needs.prepare.outputs.postgres_versions) }} | |
| include: | |
| - runner: blacksmith-2vcpu-ubuntu-2404-arm | |
| runs-on: ${{ matrix.runner }} | |
| timeout-minutes: 150 | |
| steps: | |
| - name: Checkout Repo | |
| uses: supabase/postgres/.github/actions/shared-checkout@HEAD | |
| - name: aws-creds | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ secrets.DEV_AWS_ROLE }} | |
| aws-region: "us-east-1" | |
| output-credentials: true | |
| role-duration-seconds: 7200 | |
| - name: Install nix | |
| uses: ./.github/actions/nix-install-ephemeral | |
| with: | |
| push-to-cache: 'true' | |
| env: | |
| DEV_AWS_ROLE: ${{ secrets.DEV_AWS_ROLE }} | |
| NIX_SIGN_SECRET_KEY: ${{ secrets.NIX_SIGN_SECRET_KEY }} | |
| - name: Run checks if triggered manually | |
| if: ${{ github.event_name == 'workflow_dispatch' }} | |
| run: | | |
| SUFFIX=$(nix run nixpkgs#yq -- ".postgres_release[\"postgres${{ matrix.postgres_version }}\"]" ansible/vars.yml | sed -E 's/[0-9\.]+(.*)$/\1/') | |
| if [[ -z "$SUFFIX" ]] ; then | |
| echo "Version must include non-numeric characters if built manually." | |
| exit 1 | |
| fi | |
| - name: Build AMI | |
| id: build-ami | |
| uses: ./.github/actions/build-ami | |
| with: | |
| postgres_version: ${{ matrix.postgres_version }} | |
| region: us-east-1 | |
| ami_regions: '["us-east-1"]' | |
| git_sha: ${{ github.sha }} | |
| - name: Grab release version | |
| id: process_release_version | |
| run: | | |
| VERSION="${{ steps.build-ami.outputs.postgres_release_version }}" | |
| echo "version=$VERSION" >> "$GITHUB_OUTPUT" | |
| - name: Create nix flake revision tarball | |
| run: | | |
| GIT_SHA=${{github.sha}} | |
| MAJOR_VERSION=${{ matrix.postgres_version }} | |
| mkdir -p "/tmp/pg_upgrade_bin/${MAJOR_VERSION}" | |
| echo "$GIT_SHA" >> "/tmp/pg_upgrade_bin/${MAJOR_VERSION}/nix_flake_version" | |
| tar -czf "/tmp/pg_binaries.tar.gz" -C "/tmp/pg_upgrade_bin" . | |
| - name: configure aws credentials - staging | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ secrets.DEV_AWS_ROLE }} | |
| aws-region: "us-east-1" | |
| - name: Upload software manifest to s3 staging | |
| run: | | |
| cd ansible | |
| ansible-playbook -i localhost \ | |
| -e "ami_release_version=${{ steps.process_release_version.outputs.version }}" \ | |
| -e "internal_artifacts_bucket=${{ secrets.ARTIFACTS_BUCKET }}" \ | |
| -e "postgres_major_version=${{ matrix.postgres_version }}" \ | |
| manifest-playbook.yml | |
| - name: Upload nix flake revision to s3 staging | |
| run: | | |
| aws s3 cp /tmp/pg_binaries.tar.gz s3://${{ secrets.ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/20.04.tar.gz | |
| aws s3 cp /tmp/pg_binaries.tar.gz s3://${{ secrets.ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/24.04.tar.gz | |
| aws s3 cp /tmp/pg_binaries.tar.gz s3://${{ secrets.ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/upgrade_bundle.tar.gz | |
| - name: configure aws credentials - prod | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ secrets.PROD_AWS_ROLE }} | |
| aws-region: "us-east-1" | |
| - name: Upload software manifest to s3 prod | |
| run: | | |
| cd ansible | |
| ansible-playbook -i localhost \ | |
| -e "ami_release_version=${{ steps.process_release_version.outputs.version }}" \ | |
| -e "internal_artifacts_bucket=${{ secrets.PROD_ARTIFACTS_BUCKET }}" \ | |
| -e "postgres_major_version=${{ matrix.postgres_version }}" \ | |
| manifest-playbook.yml | |
| - name: Upload nix flake revision to s3 prod | |
| run: | | |
| aws s3 cp /tmp/pg_binaries.tar.gz s3://${{ secrets.PROD_ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/20.04.tar.gz | |
| aws s3 cp /tmp/pg_binaries.tar.gz s3://${{ secrets.PROD_ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/24.04.tar.gz | |
| aws s3 cp /tmp/pg_binaries.tar.gz s3://${{ secrets.PROD_ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/upgrade_bundle.tar.gz | |
| - name: Create release | |
| uses: softprops/action-gh-release@v2 | |
| with: | |
| name: ${{ steps.process_release_version.outputs.version }} | |
| tag_name: ${{ steps.process_release_version.outputs.version }} | |
| target_commitish: ${{github.sha}} | |
| - name: Slack Notification on Failure | |
| if: ${{ failure() }} | |
| uses: rtCamp/action-slack-notify@v2 | |
| env: | |
| SLACK_WEBHOOK: ${{ secrets.SLACK_NOTIFICATIONS_WEBHOOK }} | |
| SLACK_USERNAME: 'gha-failures-notifier' | |
| SLACK_COLOR: 'danger' | |
| SLACK_MESSAGE: 'Building Postgres AMI failed' | |
| SLACK_FOOTER: '' | |
| - name: Cleanup resources after build | |
| if: ${{ always() }} | |
| run: | | |
| EXECUTION_ID="${{ steps.build-ami.outputs.execution_id }}" | |
| aws ec2 --region us-east-1 describe-instances --filters "Name=tag:packerExecutionId,Values=${EXECUTION_ID}" --query "Reservations[].Instances[].InstanceId" --output text | xargs -r aws ec2 terminate-instances --region us-east-1 --instance-ids | |
| - name: Cleanup resources on build cancellation | |
| if: ${{ cancelled() }} | |
| run: | | |
| EXECUTION_ID="${{ steps.build-ami.outputs.execution_id }}" | |
| aws ec2 --region us-east-1 describe-instances --filters "Name=tag:packerExecutionId,Values=${EXECUTION_ID}" --query "Reservations[].Instances[].InstanceId" --output text | xargs -r aws ec2 terminate-instances --region us-east-1 --instance-ids |