diff --git a/.github/actions/shared-checkout/action.yml b/.github/actions/shared-checkout/action.yml new file mode 100644 index 000000000..59a236db8 --- /dev/null +++ b/.github/actions/shared-checkout/action.yml @@ -0,0 +1,12 @@ +name: Checkout +description: Checkout repository for pull requests and branches +runs: + using: "composite" + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} + ref: ${{ github.event.pull_request.head.sha || github.sha }} + fetch-depth: 0 + fetch-tags: true diff --git a/.github/workflows/ami-release-nix-single.yml b/.github/workflows/ami-release-nix-single.yml index 86a1d40fc..863135ef3 100644 --- a/.github/workflows/ami-release-nix-single.yml +++ b/.github/workflows/ami-release-nix-single.yml @@ -24,7 +24,7 @@ jobs: steps: - name: Checkout Repo - uses: actions/checkout@v3 + uses: supabase/postgres/.github/actions/shared-checkout@HEAD with: ref: ${{ github.event.inputs.branch }} diff --git a/.github/workflows/ami-release-nix.yml b/.github/workflows/ami-release-nix.yml index 004a597d7..ee78de99c 100644 --- a/.github/workflows/ami-release-nix.yml +++ b/.github/workflows/ami-release-nix.yml @@ -22,8 +22,8 @@ jobs: postgres_versions: ${{ steps.set-versions.outputs.postgres_versions }} steps: - name: Checkout Repo - uses: actions/checkout@v3 - + uses: supabase/postgres/.github/actions/shared-checkout@HEAD + - uses: DeterminateSystems/nix-installer-action@main - name: Set PostgreSQL versions @@ -48,7 +48,7 @@ jobs: steps: - name: Checkout Repo - uses: actions/checkout@v3 + uses: supabase/postgres/.github/actions/shared-checkout@HEAD - uses: DeterminateSystems/nix-installer-action@main diff --git a/.github/workflows/check-shellscripts.yml b/.github/workflows/check-shellscripts.yml index ab0f59b87..aabf17413 100644 --- a/.github/workflows/check-shellscripts.yml +++ b/.github/workflows/check-shellscripts.yml @@ -14,7 +14,8 @@ jobs: build: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - name: Checkout Repo + uses: supabase/postgres/.github/actions/shared-checkout@HEAD - name: Run ShellCheck uses: ludeeus/action-shellcheck@master env: diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 93a2afdc5..f10f5f58e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -12,7 +12,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout Repo - uses: actions/checkout@v3 + uses: supabase/postgres/.github/actions/shared-checkout@HEAD - name: Load postgres_release values id: load_postgres_release diff --git a/.github/workflows/dockerhub-release-matrix.yml b/.github/workflows/dockerhub-release-matrix.yml index ed7075d1d..1ac5b2ccc 100644 --- a/.github/workflows/dockerhub-release-matrix.yml +++ b/.github/workflows/dockerhub-release-matrix.yml @@ -22,7 +22,7 @@ jobs: steps: - uses: DeterminateSystems/nix-installer-action@main - name: Checkout Repo - uses: actions/checkout@v3 + uses: supabase/postgres/.github/actions/shared-checkout@HEAD - name: Generate build matrix id: set-matrix run: | @@ -53,7 +53,8 @@ jobs: outputs: build_args: ${{ steps.args.outputs.result }} steps: - - uses: actions/checkout@v3 + - name: Checkout Repo + uses: supabase/postgres/.github/actions/shared-checkout@HEAD - uses: DeterminateSystems/nix-installer-action@main - name: Set PostgreSQL version environment variable run: echo "POSTGRES_MAJOR_VERSION=${{ matrix.version }}" >> $GITHUB_ENV @@ -77,7 +78,8 @@ jobs: runs-on: ${{ matrix.arch == 'amd64' && 'ubuntu-latest' || 'arm-runner' }} timeout-minutes: 180 steps: - - uses: actions/checkout@v3 + - name: Checkout Repo + uses: supabase/postgres/.github/actions/shared-checkout@HEAD - uses: DeterminateSystems/nix-installer-action@main - run: docker context create builders - uses: docker/setup-buildx-action@v3 @@ -132,7 +134,8 @@ jobs: include: ${{ fromJson(needs.prepare.outputs.matrix_config).include }} runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - name: Checkout Repo + uses: supabase/postgres/.github/actions/shared-checkout@HEAD - uses: DeterminateSystems/nix-installer-action@main - uses: docker/setup-buildx-action@v3 - uses: docker/login-action@v2 @@ -175,7 +178,8 @@ jobs: needs: [prepare, merge_manifest] runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - name: Checkout Repo + uses: supabase/postgres/.github/actions/shared-checkout@HEAD - uses: DeterminateSystems/nix-installer-action@main - name: Debug Input from Prepare diff --git a/.github/workflows/manual-docker-release.yml b/.github/workflows/manual-docker-release.yml index 8948324db..e702014dc 100644 --- a/.github/workflows/manual-docker-release.yml +++ b/.github/workflows/manual-docker-release.yml @@ -19,7 +19,7 @@ jobs: steps: - uses: DeterminateSystems/nix-installer-action@main - name: Checkout Repo - uses: actions/checkout@v3 + uses: supabase/postgres/.github/actions/shared-checkout@HEAD - name: Generate build matrix id: set-matrix run: | @@ -50,7 +50,8 @@ jobs: outputs: build_args: ${{ steps.args.outputs.result }} steps: - - uses: actions/checkout@v3 + - name: Checkout Repo + uses: supabase/postgres/.github/actions/shared-checkout@HEAD - uses: DeterminateSystems/nix-installer-action@main - name: Set PostgreSQL version environment variable run: echo "POSTGRES_MAJOR_VERSION=${{ matrix.version }}" >> $GITHUB_ENV @@ -74,7 +75,8 @@ jobs: runs-on: ${{ matrix.arch == 'amd64' && 'ubuntu-latest' || 'arm-runner' }} timeout-minutes: 180 steps: - - uses: actions/checkout@v3 + - name: Checkout Repo + uses: supabase/postgres/.github/actions/shared-checkout@HEAD - uses: DeterminateSystems/nix-installer-action@main - run: docker context create builders - uses: docker/setup-buildx-action@v3 @@ -141,7 +143,8 @@ jobs: include: ${{ fromJson(needs.prepare.outputs.matrix_config).include }} runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - name: Checkout Repo + uses: supabase/postgres/.github/actions/shared-checkout@HEAD - uses: DeterminateSystems/nix-installer-action@main - uses: docker/setup-buildx-action@v3 - uses: docker/login-action@v2 @@ -184,7 +187,8 @@ jobs: needs: [prepare, merge_manifest] runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - name: Checkout Repo + uses: supabase/postgres/.github/actions/shared-checkout@HEAD - uses: DeterminateSystems/nix-installer-action@main - name: Debug Input from Prepare diff --git a/.github/workflows/mirror-postgrest.yml b/.github/workflows/mirror-postgrest.yml index 1658730f7..0195ab695 100644 --- a/.github/workflows/mirror-postgrest.yml +++ b/.github/workflows/mirror-postgrest.yml @@ -17,7 +17,8 @@ jobs: outputs: postgrest_release: ${{ steps.args.outputs.result }} steps: - - uses: actions/checkout@v4 + - name: Checkout Repo + uses: supabase/postgres/.github/actions/shared-checkout@HEAD - id: args uses: mikefarah/yq@master with: diff --git a/.github/workflows/nix-build.yml b/.github/workflows/nix-build.yml index c1811fd00..b6458a807 100644 --- a/.github/workflows/nix-build.yml +++ b/.github/workflows/nix-build.yml @@ -27,15 +27,11 @@ jobs: runs-on: ${{ matrix.runner }} timeout-minutes: 180 steps: - - - name: Check out code - uses: actions/checkout@v4 - with: - ref: ${{ github.event.pull_request.head.ref || github.ref }} - fetch-depth: 0 - fetch-tags: true + - name: Checkout Repo + uses: supabase/postgres/.github/actions/shared-checkout@HEAD - name: aws-creds uses: aws-actions/configure-aws-credentials@v4 + if: ${{ github.secret_source == 'Actions' }} with: role-to-assume: ${{ secrets.DEV_AWS_ROLE }} aws-region: "us-east-1" @@ -48,7 +44,7 @@ jobs: env: NIX_SIGN_SECRET_KEY: ${{ secrets.NIX_SIGN_SECRET_KEY }} - name: Log in to Docker Hub - if: matrix.runner != 'macos-latest' && matrix.runner != 'macos-13' + if: matrix.runner != 'macos-latest' && matrix.runner != 'macos-13' && github.secret_source == 'Actions' uses: docker/login-action@v2 with: username: ${{ secrets.DOCKER_USERNAME }} diff --git a/.github/workflows/publish-migrations-prod.yml b/.github/workflows/publish-migrations-prod.yml index d7e813667..e3d7365cb 100644 --- a/.github/workflows/publish-migrations-prod.yml +++ b/.github/workflows/publish-migrations-prod.yml @@ -21,8 +21,8 @@ jobs: env: GITHUB_REF: ${{ github.ref }} - - name: Checkout Repo - uses: actions/checkout@v2 + - name: Checkout repo + uses: supabase/postgres/.github/actions/shared-checkout@HEAD - name: Merging migration files run: cat $(ls -1) > ../migration-output.sql diff --git a/.github/workflows/publish-migrations-staging.yml b/.github/workflows/publish-migrations-staging.yml index 72b28e927..9cef8be4b 100644 --- a/.github/workflows/publish-migrations-staging.yml +++ b/.github/workflows/publish-migrations-staging.yml @@ -16,8 +16,7 @@ jobs: steps: - name: Checkout Repo - uses: actions/checkout@v2 - + uses: supabase/postgres/.github/actions/shared-checkout@HEAD - name: Merging migration files run: cat $(ls -1) > ../migration-output.sql working-directory: ${{ github.workspace }}/migrations/db/migrations diff --git a/.github/workflows/publish-nix-pgupgrade-bin-flake-version.yml b/.github/workflows/publish-nix-pgupgrade-bin-flake-version.yml index bec85166e..847e6d47c 100644 --- a/.github/workflows/publish-nix-pgupgrade-bin-flake-version.yml +++ b/.github/workflows/publish-nix-pgupgrade-bin-flake-version.yml @@ -17,8 +17,8 @@ jobs: postgres_versions: ${{ steps.set-versions.outputs.postgres_versions }} steps: - name: Checkout Repo - uses: actions/checkout@v3 - + uses: supabase/postgres/.github/actions/shared-checkout@HEAD + - uses: DeterminateSystems/nix-installer-action@main - name: Set PostgreSQL versions @@ -36,8 +36,8 @@ jobs: steps: - name: Checkout Repo - uses: actions/checkout@v3 - + uses: supabase/postgres/.github/actions/shared-checkout@HEAD + - uses: DeterminateSystems/nix-installer-action@main - name: Grab release version @@ -88,7 +88,7 @@ jobs: steps: - name: Checkout Repo - uses: actions/checkout@v3 + uses: supabase/postgres/.github/actions/shared-checkout@HEAD - name: Grab release version id: process_release_version diff --git a/.github/workflows/publish-nix-pgupgrade-scripts.yml b/.github/workflows/publish-nix-pgupgrade-scripts.yml index ece3e5966..19e255fca 100644 --- a/.github/workflows/publish-nix-pgupgrade-scripts.yml +++ b/.github/workflows/publish-nix-pgupgrade-scripts.yml @@ -24,7 +24,7 @@ jobs: postgres_versions: ${{ steps.set-versions.outputs.postgres_versions }} steps: - name: Checkout Repo - uses: actions/checkout@v3 + uses: supabase/postgres/.github/actions/shared-checkout@HEAD - uses: DeterminateSystems/nix-installer-action@main @@ -43,7 +43,7 @@ jobs: steps: - name: Checkout Repo - uses: actions/checkout@v3 + uses: supabase/postgres/.github/actions/shared-checkout@HEAD - uses: DeterminateSystems/nix-installer-action@main @@ -94,8 +94,8 @@ jobs: steps: - name: Checkout Repo - uses: actions/checkout@v3 - + uses: supabase/postgres/.github/actions/shared-checkout@HEAD + - uses: DeterminateSystems/nix-installer-action@main - name: Grab release version diff --git a/.github/workflows/qemu-image-build.yml b/.github/workflows/qemu-image-build.yml index 708c7faf2..8abee1461 100644 --- a/.github/workflows/qemu-image-build.yml +++ b/.github/workflows/qemu-image-build.yml @@ -23,7 +23,7 @@ jobs: postgres_versions: ${{ steps.set-versions.outputs.postgres_versions }} steps: - name: Checkout Repo - uses: actions/checkout@v3 + uses: supabase/postgres/.github/actions/shared-checkout@HEAD - uses: DeterminateSystems/nix-installer-action@main @@ -47,7 +47,7 @@ jobs: steps: - name: Checkout Repo - uses: actions/checkout@v3 + uses: supabase/postgres/.github/actions/shared-checkout@HEAD - uses: DeterminateSystems/nix-installer-action@main diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index a218ef882..ac285af26 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -17,7 +17,7 @@ jobs: postgres_versions: ${{ steps.set-versions.outputs.postgres_versions }} steps: - name: Checkout Repo - uses: actions/checkout@v4 + uses: supabase/postgres/.github/actions/shared-checkout@HEAD - name: Clear Nix cache run: | @@ -49,7 +49,8 @@ jobs: POSTGRES_PORT: 5478 POSTGRES_PASSWORD: password steps: - - uses: actions/checkout@v4 + - name: Checkout Repo + uses: supabase/postgres/.github/actions/shared-checkout@HEAD - name: Clear Nix cache run: | sudo rm -rf /home/runner/.cache/nix @@ -86,4 +87,4 @@ jobs: echo "Detected changes in schema.sql:" git diff migrations/schema-${{ env.PGMAJOR }}.sql exit 1 - fi \ No newline at end of file + fi diff --git a/.github/workflows/testinfra-ami-build.yml b/.github/workflows/testinfra-ami-build.yml index 2b07e716f..752bc3938 100644 --- a/.github/workflows/testinfra-ami-build.yml +++ b/.github/workflows/testinfra-ami-build.yml @@ -15,7 +15,7 @@ jobs: postgres_versions: ${{ steps.set-versions.outputs.postgres_versions }} steps: - name: Checkout Repo - uses: actions/checkout@v4 + uses: supabase/postgres/.github/actions/shared-checkout@HEAD - uses: DeterminateSystems/nix-installer-action@main @@ -52,7 +52,7 @@ jobs: steps: - name: Checkout Repo - uses: actions/checkout@v4 + uses: supabase/postgres/.github/actions/shared-checkout@HEAD - id: args uses: mikefarah/yq@master diff --git a/docker/nix/build_nix.sh b/docker/nix/build_nix.sh index efaafbe89..8e7d9cfa8 100644 --- a/docker/nix/build_nix.sh +++ b/docker/nix/build_nix.sh @@ -18,11 +18,13 @@ nix build .#wal-g-2 -o wal-g-2 -L nix build .#wal-g-3 -o wal-g-3 -L # Copy to S3 -nix copy --to s3://nix-postgres-artifacts?secret-key=nix-secret-key ./wal-g-2 -nix copy --to s3://nix-postgres-artifacts?secret-key=nix-secret-key ./wal-g-3 -nix copy --to s3://nix-postgres-artifacts?secret-key=nix-secret-key ./psql_15 -nix copy --to s3://nix-postgres-artifacts?secret-key=nix-secret-key ./psql_orioledb_17 -nix copy --to s3://nix-postgres-artifacts?secret-key=nix-secret-key ./psql_17 +if [[ -n "${AWS_ACCESS_KEY_ID-}" && -n "${AWS_SECRET_ACCESS_KEY-}" ]]; then + nix copy --to s3://nix-postgres-artifacts?secret-key=nix-secret-key ./wal-g-2 + nix copy --to s3://nix-postgres-artifacts?secret-key=nix-secret-key ./wal-g-3 + nix copy --to s3://nix-postgres-artifacts?secret-key=nix-secret-key ./psql_15 + nix copy --to s3://nix-postgres-artifacts?secret-key=nix-secret-key ./psql_orioledb_17 + nix copy --to s3://nix-postgres-artifacts?secret-key=nix-secret-key ./psql_17 +fi if [ "$SYSTEM" = "aarch64-linux" ]; then nix build .#postgresql_15_debug -o ./postgresql_15_debug @@ -31,10 +33,13 @@ if [ "$SYSTEM" = "aarch64-linux" ]; then nix build .#postgresql_orioledb-17_src -o ./postgresql_orioledb-17_src nix build .#postgresql_17_debug -o ./postgresql_17_debug nix build .#postgresql_17_src -o ./postgresql_17_src - nix copy --to s3://nix-postgres-artifacts?secret-key=nix-secret-key ./postgresql_15_debug-debug - nix copy --to s3://nix-postgres-artifacts?secret-key=nix-secret-key ./postgresql_15_src - nix copy --to s3://nix-postgres-artifacts?secret-key=nix-secret-key ./postgresql_orioledb-17_debug-debug - nix copy --to s3://nix-postgres-artifacts?secret-key=nix-secret-key ./postgresql_orioledb-17_src - nix copy --to s3://nix-postgres-artifacts?secret-key=nix-secret-key ./postgresql_17_debug-debug - nix copy --to s3://nix-postgres-artifacts?secret-key=nix-secret-key ./postgresql_17_src + + if [[ -n "${AWS_ACCESS_KEY_ID-}" && -n "${AWS_SECRET_ACCESS_KEY-}" ]]; then + nix copy --to s3://nix-postgres-artifacts?secret-key=nix-secret-key ./postgresql_15_debug-debug + nix copy --to s3://nix-postgres-artifacts?secret-key=nix-secret-key ./postgresql_15_src + nix copy --to s3://nix-postgres-artifacts?secret-key=nix-secret-key ./postgresql_orioledb-17_debug-debug + nix copy --to s3://nix-postgres-artifacts?secret-key=nix-secret-key ./postgresql_orioledb-17_src + nix copy --to s3://nix-postgres-artifacts?secret-key=nix-secret-key ./postgresql_17_debug-debug + nix copy --to s3://nix-postgres-artifacts?secret-key=nix-secret-key ./postgresql_17_src + fi fi