From 0a101f3203a4b7133c358f2332445dc0ad8ab2c3 Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Tue, 10 Jun 2025 14:25:43 -0400 Subject: [PATCH 01/13] feat: allow checkout of fork repo on workflow approval --- .github/workflows/nix-build.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/nix-build.yml b/.github/workflows/nix-build.yml index c1811fd00..b8fc7b8cd 100644 --- a/.github/workflows/nix-build.yml +++ b/.github/workflows/nix-build.yml @@ -31,9 +31,11 @@ jobs: - name: Check out code uses: actions/checkout@v4 with: - ref: ${{ github.event.pull_request.head.ref || github.ref }} + repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} + ref: ${{ github.event.pull_request.head.sha || github.sha }} fetch-depth: 0 fetch-tags: true + token: ${{ secrets.GITHUB_TOKEN }} - name: aws-creds uses: aws-actions/configure-aws-credentials@v4 with: From 04794c33b8028b8ac64fde83a89bdb43fa8f2c5d Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Tue, 10 Jun 2025 15:03:08 -0400 Subject: [PATCH 02/13] feat: cover all workflows --- .github/workflows/ami-release-nix-single.yml | 6 +++- .github/workflows/ami-release-nix.yml | 12 ++++++++ .github/workflows/check-shellscripts.yml | 6 ++++ .github/workflows/ci.yml | 6 ++++ .../workflows/dockerhub-release-matrix.yml | 30 +++++++++++++++++++ .github/workflows/manual-docker-release.yml | 30 +++++++++++++++++++ .github/workflows/mirror-postgrest.yml | 6 ++++ .github/workflows/publish-migrations-prod.yml | 6 ++++ .../workflows/publish-migrations-staging.yml | 6 ++++ ...ublish-nix-pgupgrade-bin-flake-version.yml | 18 +++++++++++ .../publish-nix-pgupgrade-scripts.yml | 18 +++++++++++ .github/workflows/qemu-image-build.yml | 12 ++++++++ .github/workflows/test.yml | 12 ++++++++ .github/workflows/testinfra-ami-build.yml | 12 ++++++++ 14 files changed, 179 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ami-release-nix-single.yml b/.github/workflows/ami-release-nix-single.yml index 86a1d40fc..75aaf150d 100644 --- a/.github/workflows/ami-release-nix-single.yml +++ b/.github/workflows/ami-release-nix-single.yml @@ -26,7 +26,11 @@ jobs: - name: Checkout Repo uses: actions/checkout@v3 with: - ref: ${{ github.event.inputs.branch }} + repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} + ref: ${{ github.event.pull_request.head.sha || github.sha }} + fetch-depth: 0 + fetch-tags: true + token: ${{ secrets.GITHUB_TOKEN }} - name: Get current branch SHA id: get_sha diff --git a/.github/workflows/ami-release-nix.yml b/.github/workflows/ami-release-nix.yml index 004a597d7..c56850a32 100644 --- a/.github/workflows/ami-release-nix.yml +++ b/.github/workflows/ami-release-nix.yml @@ -23,6 +23,12 @@ jobs: steps: - name: Checkout Repo uses: actions/checkout@v3 + with: + repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} + ref: ${{ github.event.pull_request.head.sha || github.sha }} + fetch-depth: 0 + fetch-tags: true + token: ${{ secrets.GITHUB_TOKEN }} - uses: DeterminateSystems/nix-installer-action@main @@ -49,6 +55,12 @@ jobs: steps: - name: Checkout Repo uses: actions/checkout@v3 + with: + repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} + ref: ${{ github.event.pull_request.head.sha || github.sha }} + fetch-depth: 0 + fetch-tags: true + token: ${{ secrets.GITHUB_TOKEN }} - uses: DeterminateSystems/nix-installer-action@main diff --git a/.github/workflows/check-shellscripts.yml b/.github/workflows/check-shellscripts.yml index ab0f59b87..b5d912964 100644 --- a/.github/workflows/check-shellscripts.yml +++ b/.github/workflows/check-shellscripts.yml @@ -15,6 +15,12 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 + with: + repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} + ref: ${{ github.event.pull_request.head.sha || github.sha }} + fetch-depth: 0 + fetch-tags: true + token: ${{ secrets.GITHUB_TOKEN }} - name: Run ShellCheck uses: ludeeus/action-shellcheck@master env: diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 93a2afdc5..928bd9010 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -13,6 +13,12 @@ jobs: steps: - name: Checkout Repo uses: actions/checkout@v3 + with: + repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} + ref: ${{ github.event.pull_request.head.sha || github.sha }} + fetch-depth: 0 + fetch-tags: true + token: ${{ secrets.GITHUB_TOKEN }} - name: Load postgres_release values id: load_postgres_release diff --git a/.github/workflows/dockerhub-release-matrix.yml b/.github/workflows/dockerhub-release-matrix.yml index ed7075d1d..4ea7e97bf 100644 --- a/.github/workflows/dockerhub-release-matrix.yml +++ b/.github/workflows/dockerhub-release-matrix.yml @@ -23,6 +23,12 @@ jobs: - uses: DeterminateSystems/nix-installer-action@main - name: Checkout Repo uses: actions/checkout@v3 + with: + repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} + ref: ${{ github.event.pull_request.head.sha || github.sha }} + fetch-depth: 0 + fetch-tags: true + token: ${{ secrets.GITHUB_TOKEN }} - name: Generate build matrix id: set-matrix run: | @@ -54,6 +60,12 @@ jobs: build_args: ${{ steps.args.outputs.result }} steps: - uses: actions/checkout@v3 + with: + repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} + ref: ${{ github.event.pull_request.head.sha || github.sha }} + fetch-depth: 0 + fetch-tags: true + token: ${{ secrets.GITHUB_TOKEN }} - uses: DeterminateSystems/nix-installer-action@main - name: Set PostgreSQL version environment variable run: echo "POSTGRES_MAJOR_VERSION=${{ matrix.version }}" >> $GITHUB_ENV @@ -78,6 +90,12 @@ jobs: timeout-minutes: 180 steps: - uses: actions/checkout@v3 + with: + repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} + ref: ${{ github.event.pull_request.head.sha || github.sha }} + fetch-depth: 0 + fetch-tags: true + token: ${{ secrets.GITHUB_TOKEN }} - uses: DeterminateSystems/nix-installer-action@main - run: docker context create builders - uses: docker/setup-buildx-action@v3 @@ -133,6 +151,12 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 + with: + repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} + ref: ${{ github.event.pull_request.head.sha || github.sha }} + fetch-depth: 0 + fetch-tags: true + token: ${{ secrets.GITHUB_TOKEN }} - uses: DeterminateSystems/nix-installer-action@main - uses: docker/setup-buildx-action@v3 - uses: docker/login-action@v2 @@ -176,6 +200,12 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 + with: + repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} + ref: ${{ github.event.pull_request.head.sha || github.sha }} + fetch-depth: 0 + fetch-tags: true + token: ${{ secrets.GITHUB_TOKEN }} - uses: DeterminateSystems/nix-installer-action@main - name: Debug Input from Prepare diff --git a/.github/workflows/manual-docker-release.yml b/.github/workflows/manual-docker-release.yml index 8948324db..51a4f835f 100644 --- a/.github/workflows/manual-docker-release.yml +++ b/.github/workflows/manual-docker-release.yml @@ -20,6 +20,12 @@ jobs: - uses: DeterminateSystems/nix-installer-action@main - name: Checkout Repo uses: actions/checkout@v3 + with: + repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} + ref: ${{ github.event.pull_request.head.sha || github.sha }} + fetch-depth: 0 + fetch-tags: true + token: ${{ secrets.GITHUB_TOKEN }} - name: Generate build matrix id: set-matrix run: | @@ -51,6 +57,12 @@ jobs: build_args: ${{ steps.args.outputs.result }} steps: - uses: actions/checkout@v3 + with: + repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} + ref: ${{ github.event.pull_request.head.sha || github.sha }} + fetch-depth: 0 + fetch-tags: true + token: ${{ secrets.GITHUB_TOKEN }} - uses: DeterminateSystems/nix-installer-action@main - name: Set PostgreSQL version environment variable run: echo "POSTGRES_MAJOR_VERSION=${{ matrix.version }}" >> $GITHUB_ENV @@ -75,6 +87,12 @@ jobs: timeout-minutes: 180 steps: - uses: actions/checkout@v3 + with: + repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} + ref: ${{ github.event.pull_request.head.sha || github.sha }} + fetch-depth: 0 + fetch-tags: true + token: ${{ secrets.GITHUB_TOKEN }} - uses: DeterminateSystems/nix-installer-action@main - run: docker context create builders - uses: docker/setup-buildx-action@v3 @@ -142,6 +160,12 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 + with: + repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} + ref: ${{ github.event.pull_request.head.sha || github.sha }} + fetch-depth: 0 + fetch-tags: true + token: ${{ secrets.GITHUB_TOKEN }} - uses: DeterminateSystems/nix-installer-action@main - uses: docker/setup-buildx-action@v3 - uses: docker/login-action@v2 @@ -185,6 +209,12 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 + with: + repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} + ref: ${{ github.event.pull_request.head.sha || github.sha }} + fetch-depth: 0 + fetch-tags: true + token: ${{ secrets.GITHUB_TOKEN }} - uses: DeterminateSystems/nix-installer-action@main - name: Debug Input from Prepare diff --git a/.github/workflows/mirror-postgrest.yml b/.github/workflows/mirror-postgrest.yml index 1658730f7..8f739e345 100644 --- a/.github/workflows/mirror-postgrest.yml +++ b/.github/workflows/mirror-postgrest.yml @@ -18,6 +18,12 @@ jobs: postgrest_release: ${{ steps.args.outputs.result }} steps: - uses: actions/checkout@v4 + with: + repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} + ref: ${{ github.event.pull_request.head.sha || github.sha }} + fetch-depth: 0 + fetch-tags: true + token: ${{ secrets.GITHUB_TOKEN }} - id: args uses: mikefarah/yq@master with: diff --git a/.github/workflows/publish-migrations-prod.yml b/.github/workflows/publish-migrations-prod.yml index d7e813667..4ef0a9e1b 100644 --- a/.github/workflows/publish-migrations-prod.yml +++ b/.github/workflows/publish-migrations-prod.yml @@ -23,6 +23,12 @@ jobs: - name: Checkout Repo uses: actions/checkout@v2 + with: + repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} + ref: ${{ github.event.pull_request.head.sha || github.sha }} + fetch-depth: 0 + fetch-tags: true + token: ${{ secrets.GITHUB_TOKEN }} - name: Merging migration files run: cat $(ls -1) > ../migration-output.sql diff --git a/.github/workflows/publish-migrations-staging.yml b/.github/workflows/publish-migrations-staging.yml index 72b28e927..d49b5e258 100644 --- a/.github/workflows/publish-migrations-staging.yml +++ b/.github/workflows/publish-migrations-staging.yml @@ -17,6 +17,12 @@ jobs: steps: - name: Checkout Repo uses: actions/checkout@v2 + with: + repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} + ref: ${{ github.event.pull_request.head.sha || github.sha }} + fetch-depth: 0 + fetch-tags: true + token: ${{ secrets.GITHUB_TOKEN }} - name: Merging migration files run: cat $(ls -1) > ../migration-output.sql diff --git a/.github/workflows/publish-nix-pgupgrade-bin-flake-version.yml b/.github/workflows/publish-nix-pgupgrade-bin-flake-version.yml index bec85166e..db9cfb7b1 100644 --- a/.github/workflows/publish-nix-pgupgrade-bin-flake-version.yml +++ b/.github/workflows/publish-nix-pgupgrade-bin-flake-version.yml @@ -18,6 +18,12 @@ jobs: steps: - name: Checkout Repo uses: actions/checkout@v3 + with: + repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} + ref: ${{ github.event.pull_request.head.sha || github.sha }} + fetch-depth: 0 + fetch-tags: true + token: ${{ secrets.GITHUB_TOKEN }} - uses: DeterminateSystems/nix-installer-action@main @@ -37,6 +43,12 @@ jobs: steps: - name: Checkout Repo uses: actions/checkout@v3 + with: + repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} + ref: ${{ github.event.pull_request.head.sha || github.sha }} + fetch-depth: 0 + fetch-tags: true + token: ${{ secrets.GITHUB_TOKEN }} - uses: DeterminateSystems/nix-installer-action@main @@ -89,6 +101,12 @@ jobs: steps: - name: Checkout Repo uses: actions/checkout@v3 + with: + repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} + ref: ${{ github.event.pull_request.head.sha || github.sha }} + fetch-depth: 0 + fetch-tags: true + token: ${{ secrets.GITHUB_TOKEN }} - name: Grab release version id: process_release_version diff --git a/.github/workflows/publish-nix-pgupgrade-scripts.yml b/.github/workflows/publish-nix-pgupgrade-scripts.yml index ece3e5966..8fd3ddd4c 100644 --- a/.github/workflows/publish-nix-pgupgrade-scripts.yml +++ b/.github/workflows/publish-nix-pgupgrade-scripts.yml @@ -25,6 +25,12 @@ jobs: steps: - name: Checkout Repo uses: actions/checkout@v3 + with: + repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} + ref: ${{ github.event.pull_request.head.sha || github.sha }} + fetch-depth: 0 + fetch-tags: true + token: ${{ secrets.GITHUB_TOKEN }} - uses: DeterminateSystems/nix-installer-action@main @@ -44,6 +50,12 @@ jobs: steps: - name: Checkout Repo uses: actions/checkout@v3 + with: + repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} + ref: ${{ github.event.pull_request.head.sha || github.sha }} + fetch-depth: 0 + fetch-tags: true + token: ${{ secrets.GITHUB_TOKEN }} - uses: DeterminateSystems/nix-installer-action@main @@ -95,6 +107,12 @@ jobs: steps: - name: Checkout Repo uses: actions/checkout@v3 + with: + repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} + ref: ${{ github.event.pull_request.head.sha || github.sha }} + fetch-depth: 0 + fetch-tags: true + token: ${{ secrets.GITHUB_TOKEN }} - uses: DeterminateSystems/nix-installer-action@main diff --git a/.github/workflows/qemu-image-build.yml b/.github/workflows/qemu-image-build.yml index 708c7faf2..2e37d4e1a 100644 --- a/.github/workflows/qemu-image-build.yml +++ b/.github/workflows/qemu-image-build.yml @@ -24,6 +24,12 @@ jobs: steps: - name: Checkout Repo uses: actions/checkout@v3 + with: + repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} + ref: ${{ github.event.pull_request.head.sha || github.sha }} + fetch-depth: 0 + fetch-tags: true + token: ${{ secrets.GITHUB_TOKEN }} - uses: DeterminateSystems/nix-installer-action@main @@ -48,6 +54,12 @@ jobs: steps: - name: Checkout Repo uses: actions/checkout@v3 + with: + repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} + ref: ${{ github.event.pull_request.head.sha || github.sha }} + fetch-depth: 0 + fetch-tags: true + token: ${{ secrets.GITHUB_TOKEN }} - uses: DeterminateSystems/nix-installer-action@main diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index a218ef882..0f3ea73c8 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -18,6 +18,12 @@ jobs: steps: - name: Checkout Repo uses: actions/checkout@v4 + with: + repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} + ref: ${{ github.event.pull_request.head.sha || github.sha }} + fetch-depth: 0 + fetch-tags: true + token: ${{ secrets.GITHUB_TOKEN }} - name: Clear Nix cache run: | @@ -50,6 +56,12 @@ jobs: POSTGRES_PASSWORD: password steps: - uses: actions/checkout@v4 + with: + repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} + ref: ${{ github.event.pull_request.head.sha || github.sha }} + fetch-depth: 0 + fetch-tags: true + token: ${{ secrets.GITHUB_TOKEN }} - name: Clear Nix cache run: | sudo rm -rf /home/runner/.cache/nix diff --git a/.github/workflows/testinfra-ami-build.yml b/.github/workflows/testinfra-ami-build.yml index 2b07e716f..353a02fb1 100644 --- a/.github/workflows/testinfra-ami-build.yml +++ b/.github/workflows/testinfra-ami-build.yml @@ -16,6 +16,12 @@ jobs: steps: - name: Checkout Repo uses: actions/checkout@v4 + with: + repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} + ref: ${{ github.event.pull_request.head.sha || github.sha }} + fetch-depth: 0 + fetch-tags: true + token: ${{ secrets.GITHUB_TOKEN }} - uses: DeterminateSystems/nix-installer-action@main @@ -53,6 +59,12 @@ jobs: steps: - name: Checkout Repo uses: actions/checkout@v4 + with: + repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} + ref: ${{ github.event.pull_request.head.sha || github.sha }} + fetch-depth: 0 + fetch-tags: true + token: ${{ secrets.GITHUB_TOKEN }} - id: args uses: mikefarah/yq@master From cf3b20b91283467805a66e817a64dae2cfc40b21 Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Tue, 10 Jun 2025 16:39:21 -0400 Subject: [PATCH 03/13] feat: use shared workflow for repeated checkout lines --- .github/workflows/ami-release-nix-single.yml | 9 +--- .github/workflows/ami-release-nix.yml | 18 +------- .github/workflows/check-shellscripts.yml | 33 +++++++-------- .github/workflows/ci.yml | 9 +--- .../workflows/dockerhub-release-matrix.yml | 41 +++---------------- .github/workflows/manual-docker-release.yml | 41 +++---------------- .github/workflows/mirror-postgrest.yml | 9 +--- .github/workflows/nix-build.yml | 10 +---- .github/workflows/publish-migrations-prod.yml | 9 +--- .../workflows/publish-migrations-staging.yml | 9 +--- ...ublish-nix-pgupgrade-bin-flake-version.yml | 27 ++---------- .../publish-nix-pgupgrade-scripts.yml | 27 ++---------- .github/workflows/qemu-image-build.yml | 18 +------- .github/workflows/shared-checkout.yml | 18 ++++++++ .github/workflows/test.yml | 18 ++------ .github/workflows/testinfra-ami-build.yml | 18 +------- 16 files changed, 65 insertions(+), 249 deletions(-) create mode 100644 .github/workflows/shared-checkout.yml diff --git a/.github/workflows/ami-release-nix-single.yml b/.github/workflows/ami-release-nix-single.yml index 75aaf150d..36e38664e 100644 --- a/.github/workflows/ami-release-nix-single.yml +++ b/.github/workflows/ami-release-nix-single.yml @@ -23,14 +23,7 @@ jobs: timeout-minutes: 150 steps: - - name: Checkout Repo - uses: actions/checkout@v3 - with: - repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} - ref: ${{ github.event.pull_request.head.sha || github.sha }} - fetch-depth: 0 - fetch-tags: true - token: ${{ secrets.GITHUB_TOKEN }} + - uses: ./.github/workflows/shared-checkout.yml - name: Get current branch SHA id: get_sha diff --git a/.github/workflows/ami-release-nix.yml b/.github/workflows/ami-release-nix.yml index c56850a32..31321cb58 100644 --- a/.github/workflows/ami-release-nix.yml +++ b/.github/workflows/ami-release-nix.yml @@ -21,14 +21,7 @@ jobs: outputs: postgres_versions: ${{ steps.set-versions.outputs.postgres_versions }} steps: - - name: Checkout Repo - uses: actions/checkout@v3 - with: - repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} - ref: ${{ github.event.pull_request.head.sha || github.sha }} - fetch-depth: 0 - fetch-tags: true - token: ${{ secrets.GITHUB_TOKEN }} + - uses: ./.github/workflows/shared-checkout.yml - uses: DeterminateSystems/nix-installer-action@main @@ -53,14 +46,7 @@ jobs: timeout-minutes: 150 steps: - - name: Checkout Repo - uses: actions/checkout@v3 - with: - repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} - ref: ${{ github.event.pull_request.head.sha || github.sha }} - fetch-depth: 0 - fetch-tags: true - token: ${{ secrets.GITHUB_TOKEN }} + - uses: ./.github/workflows/shared-checkout.yml - uses: DeterminateSystems/nix-installer-action@main diff --git a/.github/workflows/check-shellscripts.yml b/.github/workflows/check-shellscripts.yml index b5d912964..e03d6bad4 100644 --- a/.github/workflows/check-shellscripts.yml +++ b/.github/workflows/check-shellscripts.yml @@ -14,23 +14,18 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - with: - repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} - ref: ${{ github.event.pull_request.head.sha || github.sha }} - fetch-depth: 0 - fetch-tags: true - token: ${{ secrets.GITHUB_TOKEN }} - - name: Run ShellCheck - uses: ludeeus/action-shellcheck@master - env: - SHELLCHECK_OPTS: -e SC2001 -e SC2002 -e SC2143 - with: - scandir: './ansible/files/admin_api_scripts' + - uses: ./.github/workflows/shared-checkout.yml - - name: Run ShellCheck on pg_upgrade scripts - uses: ludeeus/action-shellcheck@master - env: - SHELLCHECK_OPTS: -e SC2001 -e SC2002 -e SC2143 - with: - scandir: './ansible/files/admin_api_scripts/pg_upgrade_scripts' + - name: Run ShellCheck + uses: ludeeus/action-shellcheck@master + env: + SHELLCHECK_OPTS: -e SC2001 -e SC2002 -e SC2143 + with: + scandir: './ansible/files/admin_api_scripts' + + - name: Run ShellCheck on pg_upgrade scripts + uses: ludeeus/action-shellcheck@master + env: + SHELLCHECK_OPTS: -e SC2001 -e SC2002 -e SC2143 + with: + scandir: './ansible/files/admin_api_scripts/pg_upgrade_scripts' diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 928bd9010..456247ebf 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -11,14 +11,7 @@ jobs: timeout-minutes: 5 runs-on: ubuntu-latest steps: - - name: Checkout Repo - uses: actions/checkout@v3 - with: - repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} - ref: ${{ github.event.pull_request.head.sha || github.sha }} - fetch-depth: 0 - fetch-tags: true - token: ${{ secrets.GITHUB_TOKEN }} + - uses: ./.github/workflows/shared-checkout.yml - name: Load postgres_release values id: load_postgres_release diff --git a/.github/workflows/dockerhub-release-matrix.yml b/.github/workflows/dockerhub-release-matrix.yml index 4ea7e97bf..25662122f 100644 --- a/.github/workflows/dockerhub-release-matrix.yml +++ b/.github/workflows/dockerhub-release-matrix.yml @@ -21,14 +21,7 @@ jobs: matrix_config: ${{ steps.set-matrix.outputs.matrix_config }} steps: - uses: DeterminateSystems/nix-installer-action@main - - name: Checkout Repo - uses: actions/checkout@v3 - with: - repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} - ref: ${{ github.event.pull_request.head.sha || github.sha }} - fetch-depth: 0 - fetch-tags: true - token: ${{ secrets.GITHUB_TOKEN }} + - uses: ./.github/workflows/shared-checkout.yml - name: Generate build matrix id: set-matrix run: | @@ -59,13 +52,7 @@ jobs: outputs: build_args: ${{ steps.args.outputs.result }} steps: - - uses: actions/checkout@v3 - with: - repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} - ref: ${{ github.event.pull_request.head.sha || github.sha }} - fetch-depth: 0 - fetch-tags: true - token: ${{ secrets.GITHUB_TOKEN }} + - uses: ./.github/workflows/shared-checkout.yml - uses: DeterminateSystems/nix-installer-action@main - name: Set PostgreSQL version environment variable run: echo "POSTGRES_MAJOR_VERSION=${{ matrix.version }}" >> $GITHUB_ENV @@ -89,13 +76,7 @@ jobs: runs-on: ${{ matrix.arch == 'amd64' && 'ubuntu-latest' || 'arm-runner' }} timeout-minutes: 180 steps: - - uses: actions/checkout@v3 - with: - repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} - ref: ${{ github.event.pull_request.head.sha || github.sha }} - fetch-depth: 0 - fetch-tags: true - token: ${{ secrets.GITHUB_TOKEN }} + - uses: ./.github/workflows/shared-checkout.yml - uses: DeterminateSystems/nix-installer-action@main - run: docker context create builders - uses: docker/setup-buildx-action@v3 @@ -150,13 +131,7 @@ jobs: include: ${{ fromJson(needs.prepare.outputs.matrix_config).include }} runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - with: - repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} - ref: ${{ github.event.pull_request.head.sha || github.sha }} - fetch-depth: 0 - fetch-tags: true - token: ${{ secrets.GITHUB_TOKEN }} + - uses: ./.github/workflows/shared-checkout.yml - uses: DeterminateSystems/nix-installer-action@main - uses: docker/setup-buildx-action@v3 - uses: docker/login-action@v2 @@ -199,13 +174,7 @@ jobs: needs: [prepare, merge_manifest] runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - with: - repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} - ref: ${{ github.event.pull_request.head.sha || github.sha }} - fetch-depth: 0 - fetch-tags: true - token: ${{ secrets.GITHUB_TOKEN }} + - uses: ./.github/workflows/shared-checkout.yml - uses: DeterminateSystems/nix-installer-action@main - name: Debug Input from Prepare diff --git a/.github/workflows/manual-docker-release.yml b/.github/workflows/manual-docker-release.yml index 51a4f835f..53eac2f83 100644 --- a/.github/workflows/manual-docker-release.yml +++ b/.github/workflows/manual-docker-release.yml @@ -18,14 +18,7 @@ jobs: matrix_config: ${{ steps.set-matrix.outputs.matrix_config }} steps: - uses: DeterminateSystems/nix-installer-action@main - - name: Checkout Repo - uses: actions/checkout@v3 - with: - repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} - ref: ${{ github.event.pull_request.head.sha || github.sha }} - fetch-depth: 0 - fetch-tags: true - token: ${{ secrets.GITHUB_TOKEN }} + - uses: ./.github/workflows/shared-checkout.yml - name: Generate build matrix id: set-matrix run: | @@ -56,13 +49,7 @@ jobs: outputs: build_args: ${{ steps.args.outputs.result }} steps: - - uses: actions/checkout@v3 - with: - repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} - ref: ${{ github.event.pull_request.head.sha || github.sha }} - fetch-depth: 0 - fetch-tags: true - token: ${{ secrets.GITHUB_TOKEN }} + - uses: ./.github/workflows/shared-checkout.yml - uses: DeterminateSystems/nix-installer-action@main - name: Set PostgreSQL version environment variable run: echo "POSTGRES_MAJOR_VERSION=${{ matrix.version }}" >> $GITHUB_ENV @@ -86,13 +73,7 @@ jobs: runs-on: ${{ matrix.arch == 'amd64' && 'ubuntu-latest' || 'arm-runner' }} timeout-minutes: 180 steps: - - uses: actions/checkout@v3 - with: - repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} - ref: ${{ github.event.pull_request.head.sha || github.sha }} - fetch-depth: 0 - fetch-tags: true - token: ${{ secrets.GITHUB_TOKEN }} + - uses: ./.github/workflows/shared-checkout.yml - uses: DeterminateSystems/nix-installer-action@main - run: docker context create builders - uses: docker/setup-buildx-action@v3 @@ -159,13 +140,7 @@ jobs: include: ${{ fromJson(needs.prepare.outputs.matrix_config).include }} runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - with: - repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} - ref: ${{ github.event.pull_request.head.sha || github.sha }} - fetch-depth: 0 - fetch-tags: true - token: ${{ secrets.GITHUB_TOKEN }} + - uses: ./.github/workflows/shared-checkout.yml - uses: DeterminateSystems/nix-installer-action@main - uses: docker/setup-buildx-action@v3 - uses: docker/login-action@v2 @@ -208,13 +183,7 @@ jobs: needs: [prepare, merge_manifest] runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - with: - repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} - ref: ${{ github.event.pull_request.head.sha || github.sha }} - fetch-depth: 0 - fetch-tags: true - token: ${{ secrets.GITHUB_TOKEN }} + - uses: ./.github/workflows/shared-checkout.yml - uses: DeterminateSystems/nix-installer-action@main - name: Debug Input from Prepare diff --git a/.github/workflows/mirror-postgrest.yml b/.github/workflows/mirror-postgrest.yml index 8f739e345..c7c75f2a1 100644 --- a/.github/workflows/mirror-postgrest.yml +++ b/.github/workflows/mirror-postgrest.yml @@ -17,13 +17,8 @@ jobs: outputs: postgrest_release: ${{ steps.args.outputs.result }} steps: - - uses: actions/checkout@v4 - with: - repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} - ref: ${{ github.event.pull_request.head.sha || github.sha }} - fetch-depth: 0 - fetch-tags: true - token: ${{ secrets.GITHUB_TOKEN }} + - uses: ./.github/workflows/shared-checkout.yml + - id: args uses: mikefarah/yq@master with: diff --git a/.github/workflows/nix-build.yml b/.github/workflows/nix-build.yml index b8fc7b8cd..a45f928be 100644 --- a/.github/workflows/nix-build.yml +++ b/.github/workflows/nix-build.yml @@ -27,15 +27,9 @@ jobs: runs-on: ${{ matrix.runner }} timeout-minutes: 180 steps: - - name: Check out code - uses: actions/checkout@v4 - with: - repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} - ref: ${{ github.event.pull_request.head.sha || github.sha }} - fetch-depth: 0 - fetch-tags: true - token: ${{ secrets.GITHUB_TOKEN }} + uses: ./.github/workflows/shared-checkout.yml + - name: aws-creds uses: aws-actions/configure-aws-credentials@v4 with: diff --git a/.github/workflows/publish-migrations-prod.yml b/.github/workflows/publish-migrations-prod.yml index 4ef0a9e1b..fe33e81e1 100644 --- a/.github/workflows/publish-migrations-prod.yml +++ b/.github/workflows/publish-migrations-prod.yml @@ -21,14 +21,7 @@ jobs: env: GITHUB_REF: ${{ github.ref }} - - name: Checkout Repo - uses: actions/checkout@v2 - with: - repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} - ref: ${{ github.event.pull_request.head.sha || github.sha }} - fetch-depth: 0 - fetch-tags: true - token: ${{ secrets.GITHUB_TOKEN }} + - uses: ./.github/workflows/shared-checkout.yml - name: Merging migration files run: cat $(ls -1) > ../migration-output.sql diff --git a/.github/workflows/publish-migrations-staging.yml b/.github/workflows/publish-migrations-staging.yml index d49b5e258..afbc4180c 100644 --- a/.github/workflows/publish-migrations-staging.yml +++ b/.github/workflows/publish-migrations-staging.yml @@ -15,14 +15,7 @@ jobs: contents: read steps: - - name: Checkout Repo - uses: actions/checkout@v2 - with: - repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} - ref: ${{ github.event.pull_request.head.sha || github.sha }} - fetch-depth: 0 - fetch-tags: true - token: ${{ secrets.GITHUB_TOKEN }} + - uses: ./.github/workflows/shared-checkout.yml - name: Merging migration files run: cat $(ls -1) > ../migration-output.sql diff --git a/.github/workflows/publish-nix-pgupgrade-bin-flake-version.yml b/.github/workflows/publish-nix-pgupgrade-bin-flake-version.yml index db9cfb7b1..3bcb7ca12 100644 --- a/.github/workflows/publish-nix-pgupgrade-bin-flake-version.yml +++ b/.github/workflows/publish-nix-pgupgrade-bin-flake-version.yml @@ -16,14 +16,7 @@ jobs: outputs: postgres_versions: ${{ steps.set-versions.outputs.postgres_versions }} steps: - - name: Checkout Repo - uses: actions/checkout@v3 - with: - repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} - ref: ${{ github.event.pull_request.head.sha || github.sha }} - fetch-depth: 0 - fetch-tags: true - token: ${{ secrets.GITHUB_TOKEN }} + - uses: ./.github/workflows/shared-checkout.yml - uses: DeterminateSystems/nix-installer-action@main @@ -41,14 +34,7 @@ jobs: postgres_version: ${{ fromJson(needs.prepare.outputs.postgres_versions) }} steps: - - name: Checkout Repo - uses: actions/checkout@v3 - with: - repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} - ref: ${{ github.event.pull_request.head.sha || github.sha }} - fetch-depth: 0 - fetch-tags: true - token: ${{ secrets.GITHUB_TOKEN }} + - uses: ./.github/workflows/shared-checkout.yml - uses: DeterminateSystems/nix-installer-action@main @@ -99,14 +85,7 @@ jobs: postgres_version: ${{ fromJson(needs.prepare.outputs.postgres_versions) }} steps: - - name: Checkout Repo - uses: actions/checkout@v3 - with: - repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} - ref: ${{ github.event.pull_request.head.sha || github.sha }} - fetch-depth: 0 - fetch-tags: true - token: ${{ secrets.GITHUB_TOKEN }} + - uses: ./.github/workflows/shared-checkout.yml - name: Grab release version id: process_release_version diff --git a/.github/workflows/publish-nix-pgupgrade-scripts.yml b/.github/workflows/publish-nix-pgupgrade-scripts.yml index 8fd3ddd4c..48b8543b8 100644 --- a/.github/workflows/publish-nix-pgupgrade-scripts.yml +++ b/.github/workflows/publish-nix-pgupgrade-scripts.yml @@ -23,14 +23,7 @@ jobs: outputs: postgres_versions: ${{ steps.set-versions.outputs.postgres_versions }} steps: - - name: Checkout Repo - uses: actions/checkout@v3 - with: - repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} - ref: ${{ github.event.pull_request.head.sha || github.sha }} - fetch-depth: 0 - fetch-tags: true - token: ${{ secrets.GITHUB_TOKEN }} + - uses: ./.github/workflows/shared-checkout.yml - uses: DeterminateSystems/nix-installer-action@main @@ -48,14 +41,7 @@ jobs: postgres_version: ${{ fromJson(needs.prepare.outputs.postgres_versions) }} steps: - - name: Checkout Repo - uses: actions/checkout@v3 - with: - repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} - ref: ${{ github.event.pull_request.head.sha || github.sha }} - fetch-depth: 0 - fetch-tags: true - token: ${{ secrets.GITHUB_TOKEN }} + - uses: ./.github/workflows/shared-checkout.yml - uses: DeterminateSystems/nix-installer-action@main @@ -105,14 +91,7 @@ jobs: steps: - - name: Checkout Repo - uses: actions/checkout@v3 - with: - repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} - ref: ${{ github.event.pull_request.head.sha || github.sha }} - fetch-depth: 0 - fetch-tags: true - token: ${{ secrets.GITHUB_TOKEN }} + - uses: ./.github/workflows/shared-checkout.yml - uses: DeterminateSystems/nix-installer-action@main diff --git a/.github/workflows/qemu-image-build.yml b/.github/workflows/qemu-image-build.yml index 2e37d4e1a..d947d8774 100644 --- a/.github/workflows/qemu-image-build.yml +++ b/.github/workflows/qemu-image-build.yml @@ -22,14 +22,7 @@ jobs: outputs: postgres_versions: ${{ steps.set-versions.outputs.postgres_versions }} steps: - - name: Checkout Repo - uses: actions/checkout@v3 - with: - repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} - ref: ${{ github.event.pull_request.head.sha || github.sha }} - fetch-depth: 0 - fetch-tags: true - token: ${{ secrets.GITHUB_TOKEN }} + - uses: ./.github/workflows/shared-checkout.yml - uses: DeterminateSystems/nix-installer-action@main @@ -52,14 +45,7 @@ jobs: id-token: write steps: - - name: Checkout Repo - uses: actions/checkout@v3 - with: - repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} - ref: ${{ github.event.pull_request.head.sha || github.sha }} - fetch-depth: 0 - fetch-tags: true - token: ${{ secrets.GITHUB_TOKEN }} + - uses: ./.github/workflows/shared-checkout.yml - uses: DeterminateSystems/nix-installer-action@main diff --git a/.github/workflows/shared-checkout.yml b/.github/workflows/shared-checkout.yml new file mode 100644 index 000000000..a7b9c16e5 --- /dev/null +++ b/.github/workflows/shared-checkout.yml @@ -0,0 +1,18 @@ +name: Shared Checkout + +on: + workflow_call: + # No inputs needed as we're using the default GitHub context + +jobs: + checkout: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} + ref: ${{ github.event.pull_request.head.sha || github.sha }} + fetch-depth: 0 + fetch-tags: true + token: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 0f3ea73c8..571e74c4b 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -16,14 +16,7 @@ jobs: outputs: postgres_versions: ${{ steps.set-versions.outputs.postgres_versions }} steps: - - name: Checkout Repo - uses: actions/checkout@v4 - with: - repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} - ref: ${{ github.event.pull_request.head.sha || github.sha }} - fetch-depth: 0 - fetch-tags: true - token: ${{ secrets.GITHUB_TOKEN }} + - uses: ./.github/workflows/shared-checkout.yml - name: Clear Nix cache run: | @@ -55,13 +48,8 @@ jobs: POSTGRES_PORT: 5478 POSTGRES_PASSWORD: password steps: - - uses: actions/checkout@v4 - with: - repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} - ref: ${{ github.event.pull_request.head.sha || github.sha }} - fetch-depth: 0 - fetch-tags: true - token: ${{ secrets.GITHUB_TOKEN }} + - uses: ./.github/workflows/shared-checkout.yml + - name: Clear Nix cache run: | sudo rm -rf /home/runner/.cache/nix diff --git a/.github/workflows/testinfra-ami-build.yml b/.github/workflows/testinfra-ami-build.yml index 353a02fb1..b29df6c48 100644 --- a/.github/workflows/testinfra-ami-build.yml +++ b/.github/workflows/testinfra-ami-build.yml @@ -14,14 +14,7 @@ jobs: outputs: postgres_versions: ${{ steps.set-versions.outputs.postgres_versions }} steps: - - name: Checkout Repo - uses: actions/checkout@v4 - with: - repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} - ref: ${{ github.event.pull_request.head.sha || github.sha }} - fetch-depth: 0 - fetch-tags: true - token: ${{ secrets.GITHUB_TOKEN }} + - uses: ./.github/workflows/shared-checkout.yml - uses: DeterminateSystems/nix-installer-action@main @@ -57,14 +50,7 @@ jobs: id-token: write steps: - - name: Checkout Repo - uses: actions/checkout@v4 - with: - repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} - ref: ${{ github.event.pull_request.head.sha || github.sha }} - fetch-depth: 0 - fetch-tags: true - token: ${{ secrets.GITHUB_TOKEN }} + - uses: ./.github/workflows/shared-checkout.yml - id: args uses: mikefarah/yq@master From 2ec64337352e0e57cec9caf78f7ed6da1e2c7ff3 Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Tue, 10 Jun 2025 16:49:32 -0400 Subject: [PATCH 04/13] feat: shared item should be action not workflow --- .github/actions/shared-checkout/action.yml | 19 +++++++++++++++++++ .github/workflows/ami-release-nix-single.yml | 2 +- .github/workflows/ami-release-nix.yml | 4 ++-- .github/workflows/check-shellscripts.yml | 2 +- .github/workflows/ci.yml | 2 +- .../workflows/dockerhub-release-matrix.yml | 10 +++++----- .github/workflows/manual-docker-release.yml | 10 +++++----- .github/workflows/mirror-postgrest.yml | 2 +- .github/workflows/nix-build.yml | 2 +- .github/workflows/publish-migrations-prod.yml | 2 +- .../workflows/publish-migrations-staging.yml | 2 +- ...ublish-nix-pgupgrade-bin-flake-version.yml | 6 +++--- .../publish-nix-pgupgrade-scripts.yml | 6 +++--- .github/workflows/qemu-image-build.yml | 4 ++-- .github/workflows/test.yml | 4 ++-- .github/workflows/testinfra-ami-build.yml | 4 ++-- 16 files changed, 50 insertions(+), 31 deletions(-) create mode 100644 .github/actions/shared-checkout/action.yml diff --git a/.github/actions/shared-checkout/action.yml b/.github/actions/shared-checkout/action.yml new file mode 100644 index 000000000..0e9dddef1 --- /dev/null +++ b/.github/actions/shared-checkout/action.yml @@ -0,0 +1,19 @@ +name: 'Shared Checkout' +description: 'Checkout repository with common configuration' + +inputs: + token: + description: 'GitHub token' + required: false + default: ${{ github.token }} + +runs: + using: "composite" + steps: + - uses: actions/checkout@v4 + with: + repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} + ref: ${{ github.event.pull_request.head.sha || github.sha }} + fetch-depth: 0 + fetch-tags: true + token: ${{ inputs.token }} \ No newline at end of file diff --git a/.github/workflows/ami-release-nix-single.yml b/.github/workflows/ami-release-nix-single.yml index 36e38664e..e98bdae15 100644 --- a/.github/workflows/ami-release-nix-single.yml +++ b/.github/workflows/ami-release-nix-single.yml @@ -23,7 +23,7 @@ jobs: timeout-minutes: 150 steps: - - uses: ./.github/workflows/shared-checkout.yml + - uses: ./.github/actions/shared-checkout - name: Get current branch SHA id: get_sha diff --git a/.github/workflows/ami-release-nix.yml b/.github/workflows/ami-release-nix.yml index 31321cb58..97c3d3850 100644 --- a/.github/workflows/ami-release-nix.yml +++ b/.github/workflows/ami-release-nix.yml @@ -21,7 +21,7 @@ jobs: outputs: postgres_versions: ${{ steps.set-versions.outputs.postgres_versions }} steps: - - uses: ./.github/workflows/shared-checkout.yml + - uses: ./.github/actions/shared-checkout - uses: DeterminateSystems/nix-installer-action@main @@ -46,7 +46,7 @@ jobs: timeout-minutes: 150 steps: - - uses: ./.github/workflows/shared-checkout.yml + - uses: ./.github/actions/shared-checkout - uses: DeterminateSystems/nix-installer-action@main diff --git a/.github/workflows/check-shellscripts.yml b/.github/workflows/check-shellscripts.yml index e03d6bad4..ee28a448c 100644 --- a/.github/workflows/check-shellscripts.yml +++ b/.github/workflows/check-shellscripts.yml @@ -14,7 +14,7 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: ./.github/workflows/shared-checkout.yml + - uses: ./.github/actions/shared-checkout - name: Run ShellCheck uses: ludeeus/action-shellcheck@master diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 456247ebf..973f226cf 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -11,7 +11,7 @@ jobs: timeout-minutes: 5 runs-on: ubuntu-latest steps: - - uses: ./.github/workflows/shared-checkout.yml + - uses: ./.github/actions/shared-checkout - name: Load postgres_release values id: load_postgres_release diff --git a/.github/workflows/dockerhub-release-matrix.yml b/.github/workflows/dockerhub-release-matrix.yml index 25662122f..217db9bdb 100644 --- a/.github/workflows/dockerhub-release-matrix.yml +++ b/.github/workflows/dockerhub-release-matrix.yml @@ -21,7 +21,7 @@ jobs: matrix_config: ${{ steps.set-matrix.outputs.matrix_config }} steps: - uses: DeterminateSystems/nix-installer-action@main - - uses: ./.github/workflows/shared-checkout.yml + - uses: ./.github/actions/shared-checkout - name: Generate build matrix id: set-matrix run: | @@ -52,7 +52,7 @@ jobs: outputs: build_args: ${{ steps.args.outputs.result }} steps: - - uses: ./.github/workflows/shared-checkout.yml + - uses: ./.github/actions/shared-checkout - uses: DeterminateSystems/nix-installer-action@main - name: Set PostgreSQL version environment variable run: echo "POSTGRES_MAJOR_VERSION=${{ matrix.version }}" >> $GITHUB_ENV @@ -76,7 +76,7 @@ jobs: runs-on: ${{ matrix.arch == 'amd64' && 'ubuntu-latest' || 'arm-runner' }} timeout-minutes: 180 steps: - - uses: ./.github/workflows/shared-checkout.yml + - uses: ./.github/actions/shared-checkout - uses: DeterminateSystems/nix-installer-action@main - run: docker context create builders - uses: docker/setup-buildx-action@v3 @@ -131,7 +131,7 @@ jobs: include: ${{ fromJson(needs.prepare.outputs.matrix_config).include }} runs-on: ubuntu-latest steps: - - uses: ./.github/workflows/shared-checkout.yml + - uses: ./.github/actions/shared-checkout - uses: DeterminateSystems/nix-installer-action@main - uses: docker/setup-buildx-action@v3 - uses: docker/login-action@v2 @@ -174,7 +174,7 @@ jobs: needs: [prepare, merge_manifest] runs-on: ubuntu-latest steps: - - uses: ./.github/workflows/shared-checkout.yml + - uses: ./.github/actions/shared-checkout - uses: DeterminateSystems/nix-installer-action@main - name: Debug Input from Prepare diff --git a/.github/workflows/manual-docker-release.yml b/.github/workflows/manual-docker-release.yml index 53eac2f83..c3ffb460b 100644 --- a/.github/workflows/manual-docker-release.yml +++ b/.github/workflows/manual-docker-release.yml @@ -18,7 +18,7 @@ jobs: matrix_config: ${{ steps.set-matrix.outputs.matrix_config }} steps: - uses: DeterminateSystems/nix-installer-action@main - - uses: ./.github/workflows/shared-checkout.yml + - uses: ./.github/actions/shared-checkout - name: Generate build matrix id: set-matrix run: | @@ -49,7 +49,7 @@ jobs: outputs: build_args: ${{ steps.args.outputs.result }} steps: - - uses: ./.github/workflows/shared-checkout.yml + - uses: ./.github/actions/shared-checkout - uses: DeterminateSystems/nix-installer-action@main - name: Set PostgreSQL version environment variable run: echo "POSTGRES_MAJOR_VERSION=${{ matrix.version }}" >> $GITHUB_ENV @@ -73,7 +73,7 @@ jobs: runs-on: ${{ matrix.arch == 'amd64' && 'ubuntu-latest' || 'arm-runner' }} timeout-minutes: 180 steps: - - uses: ./.github/workflows/shared-checkout.yml + - uses: ./.github/actions/shared-checkout - uses: DeterminateSystems/nix-installer-action@main - run: docker context create builders - uses: docker/setup-buildx-action@v3 @@ -140,7 +140,7 @@ jobs: include: ${{ fromJson(needs.prepare.outputs.matrix_config).include }} runs-on: ubuntu-latest steps: - - uses: ./.github/workflows/shared-checkout.yml + - uses: ./.github/actions/shared-checkout - uses: DeterminateSystems/nix-installer-action@main - uses: docker/setup-buildx-action@v3 - uses: docker/login-action@v2 @@ -183,7 +183,7 @@ jobs: needs: [prepare, merge_manifest] runs-on: ubuntu-latest steps: - - uses: ./.github/workflows/shared-checkout.yml + - uses: ./.github/actions/shared-checkout - uses: DeterminateSystems/nix-installer-action@main - name: Debug Input from Prepare diff --git a/.github/workflows/mirror-postgrest.yml b/.github/workflows/mirror-postgrest.yml index c7c75f2a1..07ba1fe50 100644 --- a/.github/workflows/mirror-postgrest.yml +++ b/.github/workflows/mirror-postgrest.yml @@ -17,7 +17,7 @@ jobs: outputs: postgrest_release: ${{ steps.args.outputs.result }} steps: - - uses: ./.github/workflows/shared-checkout.yml + - uses: ./.github/actions/shared-checkout - id: args uses: mikefarah/yq@master diff --git a/.github/workflows/nix-build.yml b/.github/workflows/nix-build.yml index a45f928be..b540632f1 100644 --- a/.github/workflows/nix-build.yml +++ b/.github/workflows/nix-build.yml @@ -28,7 +28,7 @@ jobs: timeout-minutes: 180 steps: - name: Check out code - uses: ./.github/workflows/shared-checkout.yml + uses: ./.github/actions/shared-checkout - name: aws-creds uses: aws-actions/configure-aws-credentials@v4 diff --git a/.github/workflows/publish-migrations-prod.yml b/.github/workflows/publish-migrations-prod.yml index fe33e81e1..46b3f20ed 100644 --- a/.github/workflows/publish-migrations-prod.yml +++ b/.github/workflows/publish-migrations-prod.yml @@ -21,7 +21,7 @@ jobs: env: GITHUB_REF: ${{ github.ref }} - - uses: ./.github/workflows/shared-checkout.yml + - uses: ./.github/actions/shared-checkout - name: Merging migration files run: cat $(ls -1) > ../migration-output.sql diff --git a/.github/workflows/publish-migrations-staging.yml b/.github/workflows/publish-migrations-staging.yml index afbc4180c..73a28443c 100644 --- a/.github/workflows/publish-migrations-staging.yml +++ b/.github/workflows/publish-migrations-staging.yml @@ -15,7 +15,7 @@ jobs: contents: read steps: - - uses: ./.github/workflows/shared-checkout.yml + - uses: ./.github/actions/shared-checkout - name: Merging migration files run: cat $(ls -1) > ../migration-output.sql diff --git a/.github/workflows/publish-nix-pgupgrade-bin-flake-version.yml b/.github/workflows/publish-nix-pgupgrade-bin-flake-version.yml index 3bcb7ca12..242560ebc 100644 --- a/.github/workflows/publish-nix-pgupgrade-bin-flake-version.yml +++ b/.github/workflows/publish-nix-pgupgrade-bin-flake-version.yml @@ -16,7 +16,7 @@ jobs: outputs: postgres_versions: ${{ steps.set-versions.outputs.postgres_versions }} steps: - - uses: ./.github/workflows/shared-checkout.yml + - uses: ./.github/actions/shared-checkout - uses: DeterminateSystems/nix-installer-action@main @@ -34,7 +34,7 @@ jobs: postgres_version: ${{ fromJson(needs.prepare.outputs.postgres_versions) }} steps: - - uses: ./.github/workflows/shared-checkout.yml + - uses: ./.github/actions/shared-checkout - uses: DeterminateSystems/nix-installer-action@main @@ -85,7 +85,7 @@ jobs: postgres_version: ${{ fromJson(needs.prepare.outputs.postgres_versions) }} steps: - - uses: ./.github/workflows/shared-checkout.yml + - uses: ./.github/actions/shared-checkout - name: Grab release version id: process_release_version diff --git a/.github/workflows/publish-nix-pgupgrade-scripts.yml b/.github/workflows/publish-nix-pgupgrade-scripts.yml index 48b8543b8..046ddd588 100644 --- a/.github/workflows/publish-nix-pgupgrade-scripts.yml +++ b/.github/workflows/publish-nix-pgupgrade-scripts.yml @@ -23,7 +23,7 @@ jobs: outputs: postgres_versions: ${{ steps.set-versions.outputs.postgres_versions }} steps: - - uses: ./.github/workflows/shared-checkout.yml + - uses: ./.github/actions/shared-checkout - uses: DeterminateSystems/nix-installer-action@main @@ -41,7 +41,7 @@ jobs: postgres_version: ${{ fromJson(needs.prepare.outputs.postgres_versions) }} steps: - - uses: ./.github/workflows/shared-checkout.yml + - uses: ./.github/actions/shared-checkout - uses: DeterminateSystems/nix-installer-action@main @@ -91,7 +91,7 @@ jobs: steps: - - uses: ./.github/workflows/shared-checkout.yml + - uses: ./.github/actions/shared-checkout - uses: DeterminateSystems/nix-installer-action@main diff --git a/.github/workflows/qemu-image-build.yml b/.github/workflows/qemu-image-build.yml index d947d8774..d9f4082ff 100644 --- a/.github/workflows/qemu-image-build.yml +++ b/.github/workflows/qemu-image-build.yml @@ -22,7 +22,7 @@ jobs: outputs: postgres_versions: ${{ steps.set-versions.outputs.postgres_versions }} steps: - - uses: ./.github/workflows/shared-checkout.yml + - uses: ./.github/actions/shared-checkout - uses: DeterminateSystems/nix-installer-action@main @@ -45,7 +45,7 @@ jobs: id-token: write steps: - - uses: ./.github/workflows/shared-checkout.yml + - uses: ./.github/actions/shared-checkout - uses: DeterminateSystems/nix-installer-action@main diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 571e74c4b..46471653f 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -16,7 +16,7 @@ jobs: outputs: postgres_versions: ${{ steps.set-versions.outputs.postgres_versions }} steps: - - uses: ./.github/workflows/shared-checkout.yml + - uses: ./.github/actions/shared-checkout - name: Clear Nix cache run: | @@ -48,7 +48,7 @@ jobs: POSTGRES_PORT: 5478 POSTGRES_PASSWORD: password steps: - - uses: ./.github/workflows/shared-checkout.yml + - uses: ./.github/actions/shared-checkout - name: Clear Nix cache run: | diff --git a/.github/workflows/testinfra-ami-build.yml b/.github/workflows/testinfra-ami-build.yml index b29df6c48..e57c42d47 100644 --- a/.github/workflows/testinfra-ami-build.yml +++ b/.github/workflows/testinfra-ami-build.yml @@ -14,7 +14,7 @@ jobs: outputs: postgres_versions: ${{ steps.set-versions.outputs.postgres_versions }} steps: - - uses: ./.github/workflows/shared-checkout.yml + - uses: ./.github/actions/shared-checkout - uses: DeterminateSystems/nix-installer-action@main @@ -50,7 +50,7 @@ jobs: id-token: write steps: - - uses: ./.github/workflows/shared-checkout.yml + - uses: ./.github/actions/shared-checkout - id: args uses: mikefarah/yq@master From 9fe1845dbcdcef7aa9eecbb99103867495f7407c Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Tue, 10 Jun 2025 17:13:36 -0400 Subject: [PATCH 05/13] feat: shared workflow --- .github/actions/shared-checkout/action.yml | 19 ------------------- .github/workflows/ami-release-nix-single.yml | 3 ++- .github/workflows/ami-release-nix.yml | 10 ++++++++-- .github/workflows/check-shellscripts.yml | 3 ++- .github/workflows/ci.yml | 3 ++- .../workflows/dockerhub-release-matrix.yml | 15 ++++++++++----- .github/workflows/manual-docker-release.yml | 15 ++++++++++----- .github/workflows/mirror-postgrest.yml | 3 ++- .github/workflows/nix-build.yml | 4 ++-- .github/workflows/publish-migrations-prod.yml | 3 ++- .../workflows/publish-migrations-staging.yml | 3 ++- ...ublish-nix-pgupgrade-bin-flake-version.yml | 9 ++++++--- .../publish-nix-pgupgrade-scripts.yml | 9 ++++++--- .github/workflows/qemu-image-build.yml | 6 ++++-- .github/workflows/test.yml | 6 ++++-- .github/workflows/testinfra-ami-build.yml | 6 ++++-- 16 files changed, 66 insertions(+), 51 deletions(-) delete mode 100644 .github/actions/shared-checkout/action.yml diff --git a/.github/actions/shared-checkout/action.yml b/.github/actions/shared-checkout/action.yml deleted file mode 100644 index 0e9dddef1..000000000 --- a/.github/actions/shared-checkout/action.yml +++ /dev/null @@ -1,19 +0,0 @@ -name: 'Shared Checkout' -description: 'Checkout repository with common configuration' - -inputs: - token: - description: 'GitHub token' - required: false - default: ${{ github.token }} - -runs: - using: "composite" - steps: - - uses: actions/checkout@v4 - with: - repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} - ref: ${{ github.event.pull_request.head.sha || github.sha }} - fetch-depth: 0 - fetch-tags: true - token: ${{ inputs.token }} \ No newline at end of file diff --git a/.github/workflows/ami-release-nix-single.yml b/.github/workflows/ami-release-nix-single.yml index e98bdae15..26dcbc4d3 100644 --- a/.github/workflows/ami-release-nix-single.yml +++ b/.github/workflows/ami-release-nix-single.yml @@ -23,7 +23,8 @@ jobs: timeout-minutes: 150 steps: - - uses: ./.github/actions/shared-checkout + - uses: actions/checkout@v4 + - uses: ./.github/workflows/shared-checkout.yml - name: Get current branch SHA id: get_sha diff --git a/.github/workflows/ami-release-nix.yml b/.github/workflows/ami-release-nix.yml index 97c3d3850..804a091e6 100644 --- a/.github/workflows/ami-release-nix.yml +++ b/.github/workflows/ami-release-nix.yml @@ -21,7 +21,12 @@ jobs: outputs: postgres_versions: ${{ steps.set-versions.outputs.postgres_versions }} steps: - - uses: ./.github/actions/shared-checkout + # a quirk of GitHub Actions: + # The workflow needs to do actions/checkout@v4 first because: + # It needs to get the workflow files (including our shared-checkout.yml) + # Without this, GitHub Actions can't find the shared workflow to run it + - uses: actions/checkout@v4 + - uses: ./.github/workflows/shared-checkout.yml - uses: DeterminateSystems/nix-installer-action@main @@ -46,7 +51,8 @@ jobs: timeout-minutes: 150 steps: - - uses: ./.github/actions/shared-checkout + - uses: actions/checkout@v4 + - uses: ./.github/workflows/shared-checkout.yml - uses: DeterminateSystems/nix-installer-action@main diff --git a/.github/workflows/check-shellscripts.yml b/.github/workflows/check-shellscripts.yml index ee28a448c..6a6716e9e 100644 --- a/.github/workflows/check-shellscripts.yml +++ b/.github/workflows/check-shellscripts.yml @@ -14,7 +14,8 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: ./.github/actions/shared-checkout + - uses: actions/checkout@v4 + - uses: ./.github/workflows/shared-checkout.yml - name: Run ShellCheck uses: ludeeus/action-shellcheck@master diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 973f226cf..0c12e5c5c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -11,7 +11,8 @@ jobs: timeout-minutes: 5 runs-on: ubuntu-latest steps: - - uses: ./.github/actions/shared-checkout + - uses: actions/checkout@v4 + - uses: ./.github/workflows/shared-checkout.yml - name: Load postgres_release values id: load_postgres_release diff --git a/.github/workflows/dockerhub-release-matrix.yml b/.github/workflows/dockerhub-release-matrix.yml index 217db9bdb..2e333e300 100644 --- a/.github/workflows/dockerhub-release-matrix.yml +++ b/.github/workflows/dockerhub-release-matrix.yml @@ -21,7 +21,8 @@ jobs: matrix_config: ${{ steps.set-matrix.outputs.matrix_config }} steps: - uses: DeterminateSystems/nix-installer-action@main - - uses: ./.github/actions/shared-checkout + - uses: actions/checkout@v4 + - uses: ./.github/workflows/shared-checkout.yml - name: Generate build matrix id: set-matrix run: | @@ -52,7 +53,8 @@ jobs: outputs: build_args: ${{ steps.args.outputs.result }} steps: - - uses: ./.github/actions/shared-checkout + - uses: actions/checkout@v4 + - uses: ./.github/workflows/shared-checkout.yml - uses: DeterminateSystems/nix-installer-action@main - name: Set PostgreSQL version environment variable run: echo "POSTGRES_MAJOR_VERSION=${{ matrix.version }}" >> $GITHUB_ENV @@ -76,7 +78,8 @@ jobs: runs-on: ${{ matrix.arch == 'amd64' && 'ubuntu-latest' || 'arm-runner' }} timeout-minutes: 180 steps: - - uses: ./.github/actions/shared-checkout + - uses: actions/checkout@v4 + - uses: ./.github/workflows/shared-checkout.yml - uses: DeterminateSystems/nix-installer-action@main - run: docker context create builders - uses: docker/setup-buildx-action@v3 @@ -131,7 +134,8 @@ jobs: include: ${{ fromJson(needs.prepare.outputs.matrix_config).include }} runs-on: ubuntu-latest steps: - - uses: ./.github/actions/shared-checkout + - uses: actions/checkout@v4 + - uses: ./.github/workflows/shared-checkout.yml - uses: DeterminateSystems/nix-installer-action@main - uses: docker/setup-buildx-action@v3 - uses: docker/login-action@v2 @@ -174,7 +178,8 @@ jobs: needs: [prepare, merge_manifest] runs-on: ubuntu-latest steps: - - uses: ./.github/actions/shared-checkout + - uses: actions/checkout@v4 + - uses: ./.github/workflows/shared-checkout.yml - uses: DeterminateSystems/nix-installer-action@main - name: Debug Input from Prepare diff --git a/.github/workflows/manual-docker-release.yml b/.github/workflows/manual-docker-release.yml index c3ffb460b..07494b670 100644 --- a/.github/workflows/manual-docker-release.yml +++ b/.github/workflows/manual-docker-release.yml @@ -18,7 +18,8 @@ jobs: matrix_config: ${{ steps.set-matrix.outputs.matrix_config }} steps: - uses: DeterminateSystems/nix-installer-action@main - - uses: ./.github/actions/shared-checkout + - uses: actions/checkout@v4 + - uses: ./.github/workflows/shared-checkout.yml - name: Generate build matrix id: set-matrix run: | @@ -49,7 +50,8 @@ jobs: outputs: build_args: ${{ steps.args.outputs.result }} steps: - - uses: ./.github/actions/shared-checkout + - uses: actions/checkout@v4 + - uses: ./.github/workflows/shared-checkout.yml - uses: DeterminateSystems/nix-installer-action@main - name: Set PostgreSQL version environment variable run: echo "POSTGRES_MAJOR_VERSION=${{ matrix.version }}" >> $GITHUB_ENV @@ -73,7 +75,8 @@ jobs: runs-on: ${{ matrix.arch == 'amd64' && 'ubuntu-latest' || 'arm-runner' }} timeout-minutes: 180 steps: - - uses: ./.github/actions/shared-checkout + - uses: actions/checkout@v4 + - uses: ./.github/workflows/shared-checkout.yml - uses: DeterminateSystems/nix-installer-action@main - run: docker context create builders - uses: docker/setup-buildx-action@v3 @@ -140,7 +143,8 @@ jobs: include: ${{ fromJson(needs.prepare.outputs.matrix_config).include }} runs-on: ubuntu-latest steps: - - uses: ./.github/actions/shared-checkout + - uses: actions/checkout@v4 + - uses: ./.github/workflows/shared-checkout.yml - uses: DeterminateSystems/nix-installer-action@main - uses: docker/setup-buildx-action@v3 - uses: docker/login-action@v2 @@ -183,7 +187,8 @@ jobs: needs: [prepare, merge_manifest] runs-on: ubuntu-latest steps: - - uses: ./.github/actions/shared-checkout + - uses: actions/checkout@v4 + - uses: ./.github/workflows/shared-checkout.yml - uses: DeterminateSystems/nix-installer-action@main - name: Debug Input from Prepare diff --git a/.github/workflows/mirror-postgrest.yml b/.github/workflows/mirror-postgrest.yml index 07ba1fe50..9f5f8ab43 100644 --- a/.github/workflows/mirror-postgrest.yml +++ b/.github/workflows/mirror-postgrest.yml @@ -17,7 +17,8 @@ jobs: outputs: postgrest_release: ${{ steps.args.outputs.result }} steps: - - uses: ./.github/actions/shared-checkout + - uses: actions/checkout@v4 + - uses: ./.github/workflows/shared-checkout.yml - id: args uses: mikefarah/yq@master diff --git a/.github/workflows/nix-build.yml b/.github/workflows/nix-build.yml index b540632f1..733386718 100644 --- a/.github/workflows/nix-build.yml +++ b/.github/workflows/nix-build.yml @@ -27,8 +27,8 @@ jobs: runs-on: ${{ matrix.runner }} timeout-minutes: 180 steps: - - name: Check out code - uses: ./.github/actions/shared-checkout + - uses: actions/checkout@v4 + - uses: ./.github/workflows/shared-checkout.yml - name: aws-creds uses: aws-actions/configure-aws-credentials@v4 diff --git a/.github/workflows/publish-migrations-prod.yml b/.github/workflows/publish-migrations-prod.yml index 46b3f20ed..093793bc2 100644 --- a/.github/workflows/publish-migrations-prod.yml +++ b/.github/workflows/publish-migrations-prod.yml @@ -21,7 +21,8 @@ jobs: env: GITHUB_REF: ${{ github.ref }} - - uses: ./.github/actions/shared-checkout + - uses: actions/checkout@v4 + - uses: ./.github/workflows/shared-checkout.yml - name: Merging migration files run: cat $(ls -1) > ../migration-output.sql diff --git a/.github/workflows/publish-migrations-staging.yml b/.github/workflows/publish-migrations-staging.yml index 73a28443c..2d259596e 100644 --- a/.github/workflows/publish-migrations-staging.yml +++ b/.github/workflows/publish-migrations-staging.yml @@ -15,7 +15,8 @@ jobs: contents: read steps: - - uses: ./.github/actions/shared-checkout + - uses: actions/checkout@v4 + - uses: ./.github/workflows/shared-checkout.yml - name: Merging migration files run: cat $(ls -1) > ../migration-output.sql diff --git a/.github/workflows/publish-nix-pgupgrade-bin-flake-version.yml b/.github/workflows/publish-nix-pgupgrade-bin-flake-version.yml index 242560ebc..bd3a836a2 100644 --- a/.github/workflows/publish-nix-pgupgrade-bin-flake-version.yml +++ b/.github/workflows/publish-nix-pgupgrade-bin-flake-version.yml @@ -16,7 +16,8 @@ jobs: outputs: postgres_versions: ${{ steps.set-versions.outputs.postgres_versions }} steps: - - uses: ./.github/actions/shared-checkout + - uses: actions/checkout@v4 + - uses: ./.github/workflows/shared-checkout.yml - uses: DeterminateSystems/nix-installer-action@main @@ -34,7 +35,8 @@ jobs: postgres_version: ${{ fromJson(needs.prepare.outputs.postgres_versions) }} steps: - - uses: ./.github/actions/shared-checkout + - uses: actions/checkout@v4 + - uses: ./.github/workflows/shared-checkout.yml - uses: DeterminateSystems/nix-installer-action@main @@ -85,7 +87,8 @@ jobs: postgres_version: ${{ fromJson(needs.prepare.outputs.postgres_versions) }} steps: - - uses: ./.github/actions/shared-checkout + - uses: actions/checkout@v4 + - uses: ./.github/workflows/shared-checkout.yml - name: Grab release version id: process_release_version diff --git a/.github/workflows/publish-nix-pgupgrade-scripts.yml b/.github/workflows/publish-nix-pgupgrade-scripts.yml index 046ddd588..475b6ba43 100644 --- a/.github/workflows/publish-nix-pgupgrade-scripts.yml +++ b/.github/workflows/publish-nix-pgupgrade-scripts.yml @@ -23,7 +23,8 @@ jobs: outputs: postgres_versions: ${{ steps.set-versions.outputs.postgres_versions }} steps: - - uses: ./.github/actions/shared-checkout + - uses: actions/checkout@v4 + - uses: ./.github/workflows/shared-checkout.yml - uses: DeterminateSystems/nix-installer-action@main @@ -41,7 +42,8 @@ jobs: postgres_version: ${{ fromJson(needs.prepare.outputs.postgres_versions) }} steps: - - uses: ./.github/actions/shared-checkout + - uses: actions/checkout@v4 + - uses: ./.github/workflows/shared-checkout.yml - uses: DeterminateSystems/nix-installer-action@main @@ -91,7 +93,8 @@ jobs: steps: - - uses: ./.github/actions/shared-checkout + - uses: actions/checkout@v4 + - uses: ./.github/workflows/shared-checkout.yml - uses: DeterminateSystems/nix-installer-action@main diff --git a/.github/workflows/qemu-image-build.yml b/.github/workflows/qemu-image-build.yml index d9f4082ff..aa151e65e 100644 --- a/.github/workflows/qemu-image-build.yml +++ b/.github/workflows/qemu-image-build.yml @@ -22,7 +22,8 @@ jobs: outputs: postgres_versions: ${{ steps.set-versions.outputs.postgres_versions }} steps: - - uses: ./.github/actions/shared-checkout + - uses: actions/checkout@v4 + - uses: ./.github/workflows/shared-checkout.yml - uses: DeterminateSystems/nix-installer-action@main @@ -45,7 +46,8 @@ jobs: id-token: write steps: - - uses: ./.github/actions/shared-checkout + - uses: actions/checkout@v4 + - uses: ./.github/workflows/shared-checkout.yml - uses: DeterminateSystems/nix-installer-action@main diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 46471653f..e904a2941 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -16,7 +16,8 @@ jobs: outputs: postgres_versions: ${{ steps.set-versions.outputs.postgres_versions }} steps: - - uses: ./.github/actions/shared-checkout + - uses: actions/checkout@v4 + - uses: ./.github/workflows/shared-checkout.yml - name: Clear Nix cache run: | @@ -48,7 +49,8 @@ jobs: POSTGRES_PORT: 5478 POSTGRES_PASSWORD: password steps: - - uses: ./.github/actions/shared-checkout + - uses: actions/checkout@v4 + - uses: ./.github/workflows/shared-checkout.yml - name: Clear Nix cache run: | diff --git a/.github/workflows/testinfra-ami-build.yml b/.github/workflows/testinfra-ami-build.yml index e57c42d47..798bde02d 100644 --- a/.github/workflows/testinfra-ami-build.yml +++ b/.github/workflows/testinfra-ami-build.yml @@ -14,7 +14,8 @@ jobs: outputs: postgres_versions: ${{ steps.set-versions.outputs.postgres_versions }} steps: - - uses: ./.github/actions/shared-checkout + - uses: actions/checkout@v4 + - uses: ./.github/workflows/shared-checkout.yml - uses: DeterminateSystems/nix-installer-action@main @@ -50,7 +51,8 @@ jobs: id-token: write steps: - - uses: ./.github/actions/shared-checkout + - uses: actions/checkout@v4 + - uses: ./.github/workflows/shared-checkout.yml - id: args uses: mikefarah/yq@master From e65c0817c09248fcf5cbfd2602ffa8b3224a38fa Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Tue, 10 Jun 2025 22:15:52 -0400 Subject: [PATCH 06/13] feat: shared worflow as job --- .github/workflows/ami-release-nix-single.yml | 7 ++++--- .github/workflows/ami-release-nix.yml | 16 +++++----------- .github/workflows/check-shellscripts.yml | 7 ++++--- .github/workflows/ci.yml | 7 ++++--- .github/workflows/dockerhub-release-matrix.yml | 14 ++++---------- .github/workflows/manual-docker-release.yml | 14 ++++---------- .github/workflows/mirror-postgrest.yml | 7 ++++--- .github/workflows/nix-build.yml | 7 ++++--- .github/workflows/publish-migrations-prod.yml | 7 ++++--- .../workflows/publish-migrations-staging.yml | 7 ++++--- ...publish-nix-pgupgrade-bin-flake-version.yml | 18 +++++++----------- .../publish-nix-pgupgrade-scripts.yml | 14 ++++---------- .github/workflows/qemu-image-build.yml | 10 ++++------ .github/workflows/test.yml | 11 +++++------ .github/workflows/testinfra-ami-build.yml | 10 +++++----- 15 files changed, 66 insertions(+), 90 deletions(-) diff --git a/.github/workflows/ami-release-nix-single.yml b/.github/workflows/ami-release-nix-single.yml index 26dcbc4d3..6bf949029 100644 --- a/.github/workflows/ami-release-nix-single.yml +++ b/.github/workflows/ami-release-nix-single.yml @@ -18,14 +18,15 @@ permissions: id-token: write jobs: + checkout: + uses: ./.github/workflows/shared-checkout.yml + build: + needs: checkout runs-on: arm-runner timeout-minutes: 150 steps: - - uses: actions/checkout@v4 - - uses: ./.github/workflows/shared-checkout.yml - - name: Get current branch SHA id: get_sha run: | diff --git a/.github/workflows/ami-release-nix.yml b/.github/workflows/ami-release-nix.yml index 804a091e6..db66fe712 100644 --- a/.github/workflows/ami-release-nix.yml +++ b/.github/workflows/ami-release-nix.yml @@ -16,18 +16,15 @@ permissions: id-token: write jobs: + checkout: + uses: ./.github/workflows/shared-checkout.yml + prepare: + needs: checkout runs-on: ubuntu-latest outputs: postgres_versions: ${{ steps.set-versions.outputs.postgres_versions }} steps: - # a quirk of GitHub Actions: - # The workflow needs to do actions/checkout@v4 first because: - # It needs to get the workflow files (including our shared-checkout.yml) - # Without this, GitHub Actions can't find the shared workflow to run it - - uses: actions/checkout@v4 - - uses: ./.github/workflows/shared-checkout.yml - - uses: DeterminateSystems/nix-installer-action@main - name: Set PostgreSQL versions @@ -37,7 +34,7 @@ jobs: echo "postgres_versions=$VERSIONS" >> $GITHUB_OUTPUT build: - needs: prepare + needs: [checkout, prepare] strategy: matrix: postgres_version: ${{ fromJson(needs.prepare.outputs.postgres_versions) }} @@ -51,9 +48,6 @@ jobs: timeout-minutes: 150 steps: - - uses: actions/checkout@v4 - - uses: ./.github/workflows/shared-checkout.yml - - uses: DeterminateSystems/nix-installer-action@main - name: Run checks if triggered manually diff --git a/.github/workflows/check-shellscripts.yml b/.github/workflows/check-shellscripts.yml index 6a6716e9e..6d3c926d8 100644 --- a/.github/workflows/check-shellscripts.yml +++ b/.github/workflows/check-shellscripts.yml @@ -11,12 +11,13 @@ permissions: contents: read jobs: + checkout: + uses: ./.github/workflows/shared-checkout.yml + build: + needs: checkout runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: ./.github/workflows/shared-checkout.yml - - name: Run ShellCheck uses: ludeeus/action-shellcheck@master env: diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 0c12e5c5c..15e602305 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -7,13 +7,14 @@ permissions: contents: read jobs: + checkout: + uses: ./.github/workflows/shared-checkout.yml + check-release-version: + needs: checkout timeout-minutes: 5 runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: ./.github/workflows/shared-checkout.yml - - name: Load postgres_release values id: load_postgres_release uses: mikefarah/yq@master diff --git a/.github/workflows/dockerhub-release-matrix.yml b/.github/workflows/dockerhub-release-matrix.yml index 2e333e300..aecd8ce55 100644 --- a/.github/workflows/dockerhub-release-matrix.yml +++ b/.github/workflows/dockerhub-release-matrix.yml @@ -15,14 +15,16 @@ permissions: id-token: write jobs: + checkout: + uses: ./.github/workflows/shared-checkout.yml + prepare: + needs: checkout runs-on: ubuntu-latest outputs: matrix_config: ${{ steps.set-matrix.outputs.matrix_config }} steps: - uses: DeterminateSystems/nix-installer-action@main - - uses: actions/checkout@v4 - - uses: ./.github/workflows/shared-checkout.yml - name: Generate build matrix id: set-matrix run: | @@ -53,8 +55,6 @@ jobs: outputs: build_args: ${{ steps.args.outputs.result }} steps: - - uses: actions/checkout@v4 - - uses: ./.github/workflows/shared-checkout.yml - uses: DeterminateSystems/nix-installer-action@main - name: Set PostgreSQL version environment variable run: echo "POSTGRES_MAJOR_VERSION=${{ matrix.version }}" >> $GITHUB_ENV @@ -78,8 +78,6 @@ jobs: runs-on: ${{ matrix.arch == 'amd64' && 'ubuntu-latest' || 'arm-runner' }} timeout-minutes: 180 steps: - - uses: actions/checkout@v4 - - uses: ./.github/workflows/shared-checkout.yml - uses: DeterminateSystems/nix-installer-action@main - run: docker context create builders - uses: docker/setup-buildx-action@v3 @@ -134,8 +132,6 @@ jobs: include: ${{ fromJson(needs.prepare.outputs.matrix_config).include }} runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: ./.github/workflows/shared-checkout.yml - uses: DeterminateSystems/nix-installer-action@main - uses: docker/setup-buildx-action@v3 - uses: docker/login-action@v2 @@ -178,8 +174,6 @@ jobs: needs: [prepare, merge_manifest] runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: ./.github/workflows/shared-checkout.yml - uses: DeterminateSystems/nix-installer-action@main - name: Debug Input from Prepare diff --git a/.github/workflows/manual-docker-release.yml b/.github/workflows/manual-docker-release.yml index 07494b670..ea80fa577 100644 --- a/.github/workflows/manual-docker-release.yml +++ b/.github/workflows/manual-docker-release.yml @@ -12,14 +12,16 @@ permissions: contents: read jobs: + checkout: + uses: ./.github/workflows/shared-checkout.yml + prepare: + needs: checkout runs-on: ubuntu-latest outputs: matrix_config: ${{ steps.set-matrix.outputs.matrix_config }} steps: - uses: DeterminateSystems/nix-installer-action@main - - uses: actions/checkout@v4 - - uses: ./.github/workflows/shared-checkout.yml - name: Generate build matrix id: set-matrix run: | @@ -50,8 +52,6 @@ jobs: outputs: build_args: ${{ steps.args.outputs.result }} steps: - - uses: actions/checkout@v4 - - uses: ./.github/workflows/shared-checkout.yml - uses: DeterminateSystems/nix-installer-action@main - name: Set PostgreSQL version environment variable run: echo "POSTGRES_MAJOR_VERSION=${{ matrix.version }}" >> $GITHUB_ENV @@ -75,8 +75,6 @@ jobs: runs-on: ${{ matrix.arch == 'amd64' && 'ubuntu-latest' || 'arm-runner' }} timeout-minutes: 180 steps: - - uses: actions/checkout@v4 - - uses: ./.github/workflows/shared-checkout.yml - uses: DeterminateSystems/nix-installer-action@main - run: docker context create builders - uses: docker/setup-buildx-action@v3 @@ -143,8 +141,6 @@ jobs: include: ${{ fromJson(needs.prepare.outputs.matrix_config).include }} runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: ./.github/workflows/shared-checkout.yml - uses: DeterminateSystems/nix-installer-action@main - uses: docker/setup-buildx-action@v3 - uses: docker/login-action@v2 @@ -187,8 +183,6 @@ jobs: needs: [prepare, merge_manifest] runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: ./.github/workflows/shared-checkout.yml - uses: DeterminateSystems/nix-installer-action@main - name: Debug Input from Prepare diff --git a/.github/workflows/mirror-postgrest.yml b/.github/workflows/mirror-postgrest.yml index 9f5f8ab43..76402051f 100644 --- a/.github/workflows/mirror-postgrest.yml +++ b/.github/workflows/mirror-postgrest.yml @@ -12,14 +12,15 @@ permissions: contents: read jobs: + checkout: + uses: ./.github/workflows/shared-checkout.yml + version: + needs: checkout runs-on: ubuntu-latest outputs: postgrest_release: ${{ steps.args.outputs.result }} steps: - - uses: actions/checkout@v4 - - uses: ./.github/workflows/shared-checkout.yml - - id: args uses: mikefarah/yq@master with: diff --git a/.github/workflows/nix-build.yml b/.github/workflows/nix-build.yml index 733386718..9068de402 100644 --- a/.github/workflows/nix-build.yml +++ b/.github/workflows/nix-build.yml @@ -13,7 +13,11 @@ permissions: id-token: write jobs: + checkout: + uses: ./.github/workflows/shared-checkout.yml + build-run-image: + needs: checkout strategy: fail-fast: false matrix: @@ -27,9 +31,6 @@ jobs: runs-on: ${{ matrix.runner }} timeout-minutes: 180 steps: - - uses: actions/checkout@v4 - - uses: ./.github/workflows/shared-checkout.yml - - name: aws-creds uses: aws-actions/configure-aws-credentials@v4 with: diff --git a/.github/workflows/publish-migrations-prod.yml b/.github/workflows/publish-migrations-prod.yml index 093793bc2..442f74165 100644 --- a/.github/workflows/publish-migrations-prod.yml +++ b/.github/workflows/publish-migrations-prod.yml @@ -4,7 +4,11 @@ on: workflow_dispatch: jobs: + checkout: + uses: ./.github/workflows/shared-checkout.yml + build: + needs: checkout runs-on: [self-hosted, linux] timeout-minutes: 15 permissions: @@ -21,9 +25,6 @@ jobs: env: GITHUB_REF: ${{ github.ref }} - - uses: actions/checkout@v4 - - uses: ./.github/workflows/shared-checkout.yml - - name: Merging migration files run: cat $(ls -1) > ../migration-output.sql working-directory: ${{ github.workspace }}/migrations/db/migrations diff --git a/.github/workflows/publish-migrations-staging.yml b/.github/workflows/publish-migrations-staging.yml index 2d259596e..e033b922e 100644 --- a/.github/workflows/publish-migrations-staging.yml +++ b/.github/workflows/publish-migrations-staging.yml @@ -7,7 +7,11 @@ on: workflow_dispatch: jobs: + checkout: + uses: ./.github/workflows/shared-checkout.yml + build: + needs: checkout runs-on: [self-hosted, linux] timeout-minutes: 15 permissions: @@ -15,9 +19,6 @@ jobs: contents: read steps: - - uses: actions/checkout@v4 - - uses: ./.github/workflows/shared-checkout.yml - - name: Merging migration files run: cat $(ls -1) > ../migration-output.sql working-directory: ${{ github.workspace }}/migrations/db/migrations diff --git a/.github/workflows/publish-nix-pgupgrade-bin-flake-version.yml b/.github/workflows/publish-nix-pgupgrade-bin-flake-version.yml index bd3a836a2..3c9d8a443 100644 --- a/.github/workflows/publish-nix-pgupgrade-bin-flake-version.yml +++ b/.github/workflows/publish-nix-pgupgrade-bin-flake-version.yml @@ -11,14 +11,15 @@ permissions: id-token: write jobs: + checkout: + uses: ./.github/workflows/shared-checkout.yml + prepare: + needs: checkout runs-on: ubuntu-latest outputs: postgres_versions: ${{ steps.set-versions.outputs.postgres_versions }} steps: - - uses: actions/checkout@v4 - - uses: ./.github/workflows/shared-checkout.yml - - uses: DeterminateSystems/nix-installer-action@main - name: Set PostgreSQL versions @@ -33,12 +34,8 @@ jobs: strategy: matrix: postgres_version: ${{ fromJson(needs.prepare.outputs.postgres_versions) }} - steps: - - uses: actions/checkout@v4 - - uses: ./.github/workflows/shared-checkout.yml - - - uses: DeterminateSystems/nix-installer-action@main + - uses: DeterminateSystems/nix-installer-action@main - name: Grab release version id: process_release_version @@ -87,8 +84,7 @@ jobs: postgres_version: ${{ fromJson(needs.prepare.outputs.postgres_versions) }} steps: - - uses: actions/checkout@v4 - - uses: ./.github/workflows/shared-checkout.yml + - uses: DeterminateSystems/nix-installer-action@main - name: Grab release version id: process_release_version @@ -110,7 +106,7 @@ jobs: with: role-to-assume: ${{ secrets.PROD_AWS_ROLE }} aws-region: "us-east-1" - + - name: Upload pg_upgrade scripts to s3 prod run: | aws s3 cp /tmp/pg_upgrade_bin.tar.gz "s3://${{ secrets.PROD_ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/20.04.tar.gz" diff --git a/.github/workflows/publish-nix-pgupgrade-scripts.yml b/.github/workflows/publish-nix-pgupgrade-scripts.yml index 475b6ba43..1e37f59d8 100644 --- a/.github/workflows/publish-nix-pgupgrade-scripts.yml +++ b/.github/workflows/publish-nix-pgupgrade-scripts.yml @@ -18,14 +18,15 @@ permissions: id-token: write jobs: + checkout: + uses: ./.github/workflows/shared-checkout.yml + prepare: + needs: checkout runs-on: ubuntu-latest outputs: postgres_versions: ${{ steps.set-versions.outputs.postgres_versions }} steps: - - uses: actions/checkout@v4 - - uses: ./.github/workflows/shared-checkout.yml - - uses: DeterminateSystems/nix-installer-action@main - name: Set PostgreSQL versions @@ -42,9 +43,6 @@ jobs: postgres_version: ${{ fromJson(needs.prepare.outputs.postgres_versions) }} steps: - - uses: actions/checkout@v4 - - uses: ./.github/workflows/shared-checkout.yml - - uses: DeterminateSystems/nix-installer-action@main - name: Grab release version @@ -91,11 +89,7 @@ jobs: matrix: postgres_version: ${{ fromJson(needs.prepare.outputs.postgres_versions) }} - steps: - - uses: actions/checkout@v4 - - uses: ./.github/workflows/shared-checkout.yml - - uses: DeterminateSystems/nix-installer-action@main - name: Grab release version diff --git a/.github/workflows/qemu-image-build.yml b/.github/workflows/qemu-image-build.yml index aa151e65e..d77d1ada0 100644 --- a/.github/workflows/qemu-image-build.yml +++ b/.github/workflows/qemu-image-build.yml @@ -17,14 +17,15 @@ permissions: id-token: write jobs: + checkout: + uses: ./.github/workflows/shared-checkout.yml + prepare: + needs: checkout runs-on: ubuntu-latest outputs: postgres_versions: ${{ steps.set-versions.outputs.postgres_versions }} steps: - - uses: actions/checkout@v4 - - uses: ./.github/workflows/shared-checkout.yml - - uses: DeterminateSystems/nix-installer-action@main - name: Set PostgreSQL versions - only builds pg17 atm @@ -46,9 +47,6 @@ jobs: id-token: write steps: - - uses: actions/checkout@v4 - - uses: ./.github/workflows/shared-checkout.yml - - uses: DeterminateSystems/nix-installer-action@main - name: Run checks if triggered manually diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index e904a2941..78ebbb698 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -11,14 +11,15 @@ permissions: id-token: write jobs: + checkout: + uses: ./.github/workflows/shared-checkout.yml + prepare: + needs: checkout runs-on: ubuntu-latest outputs: postgres_versions: ${{ steps.set-versions.outputs.postgres_versions }} steps: - - uses: actions/checkout@v4 - - uses: ./.github/workflows/shared-checkout.yml - - name: Clear Nix cache run: | sudo rm -rf /home/runner/.cache/nix @@ -48,10 +49,8 @@ jobs: env: POSTGRES_PORT: 5478 POSTGRES_PASSWORD: password + steps: - - uses: actions/checkout@v4 - - uses: ./.github/workflows/shared-checkout.yml - - name: Clear Nix cache run: | sudo rm -rf /home/runner/.cache/nix diff --git a/.github/workflows/testinfra-ami-build.yml b/.github/workflows/testinfra-ami-build.yml index 798bde02d..df5688841 100644 --- a/.github/workflows/testinfra-ami-build.yml +++ b/.github/workflows/testinfra-ami-build.yml @@ -9,14 +9,15 @@ permissions: id-token: write jobs: + checkout: + uses: ./.github/workflows/shared-checkout.yml + prepare: + needs: checkout runs-on: ubuntu-latest outputs: postgres_versions: ${{ steps.set-versions.outputs.postgres_versions }} steps: - - uses: actions/checkout@v4 - - uses: ./.github/workflows/shared-checkout.yml - - uses: DeterminateSystems/nix-installer-action@main - name: Clean Nix store before build @@ -51,8 +52,7 @@ jobs: id-token: write steps: - - uses: actions/checkout@v4 - - uses: ./.github/workflows/shared-checkout.yml + - uses: DeterminateSystems/nix-installer-action@main - id: args uses: mikefarah/yq@master From a8278ac5fdf71c90f1d79982df36a3aa6185dc9c Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Tue, 10 Jun 2025 22:26:14 -0400 Subject: [PATCH 07/13] feat: upload checked out code and download to use between workflows --- .github/workflows/nix-build.yml | 6 ++++++ .github/workflows/shared-checkout.yml | 12 +++++++++++- 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/.github/workflows/nix-build.yml b/.github/workflows/nix-build.yml index 9068de402..8f62cf7ab 100644 --- a/.github/workflows/nix-build.yml +++ b/.github/workflows/nix-build.yml @@ -31,6 +31,12 @@ jobs: runs-on: ${{ matrix.runner }} timeout-minutes: 180 steps: + - name: Download repository + uses: actions/download-artifact@v4 + with: + name: repository + path: . + - name: aws-creds uses: aws-actions/configure-aws-credentials@v4 with: diff --git a/.github/workflows/shared-checkout.yml b/.github/workflows/shared-checkout.yml index a7b9c16e5..3322b120e 100644 --- a/.github/workflows/shared-checkout.yml +++ b/.github/workflows/shared-checkout.yml @@ -7,6 +7,9 @@ on: jobs: checkout: runs-on: ubuntu-latest + outputs: + ref: ${{ github.event.pull_request.head.sha || github.sha }} + repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} steps: - name: Checkout repository uses: actions/checkout@v4 @@ -15,4 +18,11 @@ jobs: ref: ${{ github.event.pull_request.head.sha || github.sha }} fetch-depth: 0 fetch-tags: true - token: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file + token: ${{ secrets.GITHUB_TOKEN }} + + - name: Upload repository + uses: actions/upload-artifact@v4 + with: + name: repository + path: . + retention-days: 1 \ No newline at end of file From 2e447d0f9d79871b9b1b66ab03b047e2e837ad59 Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Tue, 10 Jun 2025 22:44:02 -0400 Subject: [PATCH 08/13] feat: download everywhere needed --- .github/workflows/ami-release-nix-single.yml | 6 ++++++ .github/workflows/ami-release-nix.yml | 12 ++++++++++++ .github/workflows/check-shellscripts.yml | 6 ++++++ .github/workflows/ci.yml | 6 ++++++ .github/workflows/dockerhub-release-matrix.yml | 18 ++++++++++++++++++ .github/workflows/manual-docker-release.yml | 18 ++++++++++++++++++ .github/workflows/mirror-postgrest.yml | 6 ++++++ ...publish-nix-pgupgrade-bin-flake-version.yml | 18 ++++++++++++++++++ .../publish-nix-pgupgrade-scripts.yml | 18 ++++++++++++++++++ .github/workflows/qemu-image-build.yml | 12 ++++++++++++ .github/workflows/test.yml | 12 ++++++++++++ .github/workflows/testinfra-ami-build.yml | 12 ++++++++++++ 12 files changed, 144 insertions(+) diff --git a/.github/workflows/ami-release-nix-single.yml b/.github/workflows/ami-release-nix-single.yml index 6bf949029..17c6cfb06 100644 --- a/.github/workflows/ami-release-nix-single.yml +++ b/.github/workflows/ami-release-nix-single.yml @@ -27,6 +27,12 @@ jobs: timeout-minutes: 150 steps: + - name: Download repository + uses: actions/download-artifact@v4 + with: + name: repository + path: . + - name: Get current branch SHA id: get_sha run: | diff --git a/.github/workflows/ami-release-nix.yml b/.github/workflows/ami-release-nix.yml index db66fe712..99873aa35 100644 --- a/.github/workflows/ami-release-nix.yml +++ b/.github/workflows/ami-release-nix.yml @@ -25,6 +25,12 @@ jobs: outputs: postgres_versions: ${{ steps.set-versions.outputs.postgres_versions }} steps: + - name: Download repository + uses: actions/download-artifact@v4 + with: + name: repository + path: . + - uses: DeterminateSystems/nix-installer-action@main - name: Set PostgreSQL versions @@ -48,6 +54,12 @@ jobs: timeout-minutes: 150 steps: + - name: Download repository + uses: actions/download-artifact@v4 + with: + name: repository + path: . + - uses: DeterminateSystems/nix-installer-action@main - name: Run checks if triggered manually diff --git a/.github/workflows/check-shellscripts.yml b/.github/workflows/check-shellscripts.yml index 6d3c926d8..b54a264e4 100644 --- a/.github/workflows/check-shellscripts.yml +++ b/.github/workflows/check-shellscripts.yml @@ -18,6 +18,12 @@ jobs: needs: checkout runs-on: ubuntu-latest steps: + - name: Download repository + uses: actions/download-artifact@v4 + with: + name: repository + path: . + - name: Run ShellCheck uses: ludeeus/action-shellcheck@master env: diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 15e602305..33fec7345 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -15,6 +15,12 @@ jobs: timeout-minutes: 5 runs-on: ubuntu-latest steps: + - name: Download repository + uses: actions/download-artifact@v4 + with: + name: repository + path: . + - name: Load postgres_release values id: load_postgres_release uses: mikefarah/yq@master diff --git a/.github/workflows/dockerhub-release-matrix.yml b/.github/workflows/dockerhub-release-matrix.yml index aecd8ce55..3f80354d3 100644 --- a/.github/workflows/dockerhub-release-matrix.yml +++ b/.github/workflows/dockerhub-release-matrix.yml @@ -24,6 +24,12 @@ jobs: outputs: matrix_config: ${{ steps.set-matrix.outputs.matrix_config }} steps: + - name: Download repository + uses: actions/download-artifact@v4 + with: + name: repository + path: . + - uses: DeterminateSystems/nix-installer-action@main - name: Generate build matrix id: set-matrix @@ -55,6 +61,12 @@ jobs: outputs: build_args: ${{ steps.args.outputs.result }} steps: + - name: Download repository + uses: actions/download-artifact@v4 + with: + name: repository + path: . + - uses: DeterminateSystems/nix-installer-action@main - name: Set PostgreSQL version environment variable run: echo "POSTGRES_MAJOR_VERSION=${{ matrix.version }}" >> $GITHUB_ENV @@ -78,6 +90,12 @@ jobs: runs-on: ${{ matrix.arch == 'amd64' && 'ubuntu-latest' || 'arm-runner' }} timeout-minutes: 180 steps: + - name: Download repository + uses: actions/download-artifact@v4 + with: + name: repository + path: . + - uses: DeterminateSystems/nix-installer-action@main - run: docker context create builders - uses: docker/setup-buildx-action@v3 diff --git a/.github/workflows/manual-docker-release.yml b/.github/workflows/manual-docker-release.yml index ea80fa577..a3198770b 100644 --- a/.github/workflows/manual-docker-release.yml +++ b/.github/workflows/manual-docker-release.yml @@ -21,6 +21,12 @@ jobs: outputs: matrix_config: ${{ steps.set-matrix.outputs.matrix_config }} steps: + - name: Download repository + uses: actions/download-artifact@v4 + with: + name: repository + path: . + - uses: DeterminateSystems/nix-installer-action@main - name: Generate build matrix id: set-matrix @@ -52,6 +58,12 @@ jobs: outputs: build_args: ${{ steps.args.outputs.result }} steps: + - name: Download repository + uses: actions/download-artifact@v4 + with: + name: repository + path: . + - uses: DeterminateSystems/nix-installer-action@main - name: Set PostgreSQL version environment variable run: echo "POSTGRES_MAJOR_VERSION=${{ matrix.version }}" >> $GITHUB_ENV @@ -75,6 +87,12 @@ jobs: runs-on: ${{ matrix.arch == 'amd64' && 'ubuntu-latest' || 'arm-runner' }} timeout-minutes: 180 steps: + - name: Download repository + uses: actions/download-artifact@v4 + with: + name: repository + path: . + - uses: DeterminateSystems/nix-installer-action@main - run: docker context create builders - uses: docker/setup-buildx-action@v3 diff --git a/.github/workflows/mirror-postgrest.yml b/.github/workflows/mirror-postgrest.yml index 76402051f..e4f55adb8 100644 --- a/.github/workflows/mirror-postgrest.yml +++ b/.github/workflows/mirror-postgrest.yml @@ -21,6 +21,12 @@ jobs: outputs: postgrest_release: ${{ steps.args.outputs.result }} steps: + - name: Download repository + uses: actions/download-artifact@v4 + with: + name: repository + path: . + - id: args uses: mikefarah/yq@master with: diff --git a/.github/workflows/publish-nix-pgupgrade-bin-flake-version.yml b/.github/workflows/publish-nix-pgupgrade-bin-flake-version.yml index 3c9d8a443..37120be88 100644 --- a/.github/workflows/publish-nix-pgupgrade-bin-flake-version.yml +++ b/.github/workflows/publish-nix-pgupgrade-bin-flake-version.yml @@ -20,6 +20,12 @@ jobs: outputs: postgres_versions: ${{ steps.set-versions.outputs.postgres_versions }} steps: + - name: Download repository + uses: actions/download-artifact@v4 + with: + name: repository + path: . + - uses: DeterminateSystems/nix-installer-action@main - name: Set PostgreSQL versions @@ -35,6 +41,12 @@ jobs: matrix: postgres_version: ${{ fromJson(needs.prepare.outputs.postgres_versions) }} steps: + - name: Download repository + uses: actions/download-artifact@v4 + with: + name: repository + path: . + - uses: DeterminateSystems/nix-installer-action@main - name: Grab release version @@ -84,6 +96,12 @@ jobs: postgres_version: ${{ fromJson(needs.prepare.outputs.postgres_versions) }} steps: + - name: Download repository + uses: actions/download-artifact@v4 + with: + name: repository + path: . + - uses: DeterminateSystems/nix-installer-action@main - name: Grab release version diff --git a/.github/workflows/publish-nix-pgupgrade-scripts.yml b/.github/workflows/publish-nix-pgupgrade-scripts.yml index 1e37f59d8..bc2d662d5 100644 --- a/.github/workflows/publish-nix-pgupgrade-scripts.yml +++ b/.github/workflows/publish-nix-pgupgrade-scripts.yml @@ -27,6 +27,12 @@ jobs: outputs: postgres_versions: ${{ steps.set-versions.outputs.postgres_versions }} steps: + - name: Download repository + uses: actions/download-artifact@v4 + with: + name: repository + path: . + - uses: DeterminateSystems/nix-installer-action@main - name: Set PostgreSQL versions @@ -43,6 +49,12 @@ jobs: postgres_version: ${{ fromJson(needs.prepare.outputs.postgres_versions) }} steps: + - name: Download repository + uses: actions/download-artifact@v4 + with: + name: repository + path: . + - uses: DeterminateSystems/nix-installer-action@main - name: Grab release version @@ -90,6 +102,12 @@ jobs: postgres_version: ${{ fromJson(needs.prepare.outputs.postgres_versions) }} steps: + - name: Download repository + uses: actions/download-artifact@v4 + with: + name: repository + path: . + - uses: DeterminateSystems/nix-installer-action@main - name: Grab release version diff --git a/.github/workflows/qemu-image-build.yml b/.github/workflows/qemu-image-build.yml index d77d1ada0..cab673cb2 100644 --- a/.github/workflows/qemu-image-build.yml +++ b/.github/workflows/qemu-image-build.yml @@ -26,6 +26,12 @@ jobs: outputs: postgres_versions: ${{ steps.set-versions.outputs.postgres_versions }} steps: + - name: Download repository + uses: actions/download-artifact@v4 + with: + name: repository + path: . + - uses: DeterminateSystems/nix-installer-action@main - name: Set PostgreSQL versions - only builds pg17 atm @@ -47,6 +53,12 @@ jobs: id-token: write steps: + - name: Download repository + uses: actions/download-artifact@v4 + with: + name: repository + path: . + - uses: DeterminateSystems/nix-installer-action@main - name: Run checks if triggered manually diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 78ebbb698..dbb34613b 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -20,6 +20,12 @@ jobs: outputs: postgres_versions: ${{ steps.set-versions.outputs.postgres_versions }} steps: + - name: Download repository + uses: actions/download-artifact@v4 + with: + name: repository + path: . + - name: Clear Nix cache run: | sudo rm -rf /home/runner/.cache/nix @@ -51,6 +57,12 @@ jobs: POSTGRES_PASSWORD: password steps: + - name: Download repository + uses: actions/download-artifact@v4 + with: + name: repository + path: . + - name: Clear Nix cache run: | sudo rm -rf /home/runner/.cache/nix diff --git a/.github/workflows/testinfra-ami-build.yml b/.github/workflows/testinfra-ami-build.yml index df5688841..218c26894 100644 --- a/.github/workflows/testinfra-ami-build.yml +++ b/.github/workflows/testinfra-ami-build.yml @@ -18,6 +18,12 @@ jobs: outputs: postgres_versions: ${{ steps.set-versions.outputs.postgres_versions }} steps: + - name: Download repository + uses: actions/download-artifact@v4 + with: + name: repository + path: . + - uses: DeterminateSystems/nix-installer-action@main - name: Clean Nix store before build @@ -52,6 +58,12 @@ jobs: id-token: write steps: + - name: Download repository + uses: actions/download-artifact@v4 + with: + name: repository + path: . + - uses: DeterminateSystems/nix-installer-action@main - id: args From 1dcca95ea0a6934840e3e8cb6ed211f2db96987a Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Tue, 10 Jun 2025 23:14:09 -0400 Subject: [PATCH 09/13] fix: perms on script --- .github/workflows/testinfra-ami-build.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/testinfra-ami-build.yml b/.github/workflows/testinfra-ami-build.yml index 218c26894..b57b579e3 100644 --- a/.github/workflows/testinfra-ami-build.yml +++ b/.github/workflows/testinfra-ami-build.yml @@ -23,6 +23,10 @@ jobs: with: name: repository path: . + - name: Set script permissions + run: | + chmod +x ebssurrogate/scripts/chroot-bootstrap-nix.sh + chmod +x ebssurrogate/scripts/surrogate-bootstrap-nix.sh - uses: DeterminateSystems/nix-installer-action@main From f601af41867f7e4a8ed682a046e566a5063f02e8 Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Wed, 11 Jun 2025 09:28:30 -0400 Subject: [PATCH 10/13] feat: change perm in build section --- .github/workflows/testinfra-ami-build.yml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/.github/workflows/testinfra-ami-build.yml b/.github/workflows/testinfra-ami-build.yml index b57b579e3..71caca4fc 100644 --- a/.github/workflows/testinfra-ami-build.yml +++ b/.github/workflows/testinfra-ami-build.yml @@ -23,10 +23,6 @@ jobs: with: name: repository path: . - - name: Set script permissions - run: | - chmod +x ebssurrogate/scripts/chroot-bootstrap-nix.sh - chmod +x ebssurrogate/scripts/surrogate-bootstrap-nix.sh - uses: DeterminateSystems/nix-installer-action@main @@ -68,6 +64,11 @@ jobs: name: repository path: . + - name: Set script permissions + run: | + chmod +x ebssurrogate/scripts/chroot-bootstrap-nix.sh + chmod +x ebssurrogate/scripts/surrogate-bootstrap-nix.sh + - uses: DeterminateSystems/nix-installer-action@main - id: args From f79fe2d39df6665e0382ba09596e98fd99cb4771 Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Wed, 11 Jun 2025 10:51:24 -0400 Subject: [PATCH 11/13] fix: script perms --- .github/workflows/testinfra-ami-build.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/testinfra-ami-build.yml b/.github/workflows/testinfra-ami-build.yml index 71caca4fc..a7d6b2681 100644 --- a/.github/workflows/testinfra-ami-build.yml +++ b/.github/workflows/testinfra-ami-build.yml @@ -68,6 +68,7 @@ jobs: run: | chmod +x ebssurrogate/scripts/chroot-bootstrap-nix.sh chmod +x ebssurrogate/scripts/surrogate-bootstrap-nix.sh + chmod +x migrate.sh - uses: DeterminateSystems/nix-installer-action@main From b9d8b6d6a06f89783402ae40356d38d675cabae8 Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Wed, 11 Jun 2025 13:44:07 -0400 Subject: [PATCH 12/13] fix: apply perms in correct location --- .github/workflows/testinfra-ami-build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/testinfra-ami-build.yml b/.github/workflows/testinfra-ami-build.yml index a7d6b2681..dc956ec57 100644 --- a/.github/workflows/testinfra-ami-build.yml +++ b/.github/workflows/testinfra-ami-build.yml @@ -68,7 +68,7 @@ jobs: run: | chmod +x ebssurrogate/scripts/chroot-bootstrap-nix.sh chmod +x ebssurrogate/scripts/surrogate-bootstrap-nix.sh - chmod +x migrate.sh + chmod +x migrations/db/migrate.sh - uses: DeterminateSystems/nix-installer-action@main From 1365801545c199af73b826cf4c567f6ea832fa54 Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Wed, 11 Jun 2025 15:04:17 -0400 Subject: [PATCH 13/13] feat: handle diff --- .github/workflows/test.yml | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index dbb34613b..182be1ed1 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -94,9 +94,15 @@ jobs: echo "EOF" >> $GITHUB_OUTPUT - name: verify schema.sql is committed run: | + # Save the original schema file + cp migrations/schema-${{ env.PGMAJOR }}.sql migrations/schema-${{ env.PGMAJOR }}.sql.original + + # Run dbmate-tool nix run github:supabase/postgres/${{ github.sha }}#dbmate-tool -- --version ${{ env.PGMAJOR }} --flake-url github:supabase/postgres/${{ github.sha }} - if ! git diff --exit-code --quiet migrations/schema-${{ env.PGMAJOR }}.sql; then + + # Compare the files + if ! cmp -s migrations/schema-${{ env.PGMAJOR }}.sql migrations/schema-${{ env.PGMAJOR }}.sql.original; then echo "Detected changes in schema.sql:" - git diff migrations/schema-${{ env.PGMAJOR }}.sql + diff -u migrations/schema-${{ env.PGMAJOR }}.sql.original migrations/schema-${{ env.PGMAJOR }}.sql exit 1 fi \ No newline at end of file