Skip to content
KBVE Postgres CI & Release

feat: auto-version from vars.yml, build only on version change #7

Sign in to view logs

feat: auto-version from vars.yml, build only on version change

feat: auto-version from vars.yml, build only on version change #7

Workflow file for this run

.github/workflows/ci-kilobase-runner.yaml at 12f5594
name: KBVE Postgres CI & Release
on:
push:
branches: [develop]
pull_request:
branches: [develop]
workflow_dispatch:
permissions:
contents: write
packages: write
id-token: write
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
check:
runs-on: ubuntu-latest
timeout-minutes: 30
steps:
- name: Checkout repository
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
- name: Install Nix
uses: NixOS/nix-installer-action@d6ef7ecd8f685af89869e5aca0580a33e3e3150c
with:
installer-version: 2.33.2
extra-conf: |
substituters = https://cache.nixos.org https://nix-postgres-artifacts.s3.amazonaws.com
trusted-public-keys = nix-postgres-artifacts:dGZlQOvKcNEjvT7QEAJbcV6b6uk7VF/hWMjhYleiaLI= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
max-jobs = 4
- name: Evaluate PG17 derivation
run: nix build --dry-run .#packages.x86_64-linux."psql_17/bin" --accept-flake-config
detect-version:
runs-on: ubuntu-latest
outputs:
tag: ${{ steps.version.outputs.tag }}
changed: ${{ steps.check-tag.outputs.changed }}
owner: ${{ steps.owner.outputs.name }}
steps:
- name: Checkout repository
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
- name: Lowercase owner
id: owner
run: echo "name=$(echo '${{ github.repository_owner }}' | tr '[:upper:]' '[:lower:]')" >> $GITHUB_OUTPUT
- name: Extract version from vars.yml
id: version
run: |
VERSION=$(grep 'postgres17:' ansible/vars.yml | sed 's/.*"\(.*\)".*/\1/')
echo "tag=${VERSION}-kbve" >> $GITHUB_OUTPUT
echo "Detected version: ${VERSION}-kbve"
- name: Login to GHCR
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Check if tag exists in GHCR
id: check-tag
run: |
TAG="${{ steps.version.outputs.tag }}"
OWNER="${{ steps.owner.outputs.name }}"
if docker manifest inspect "ghcr.io/${OWNER}/postgres:${TAG}" > /dev/null 2>&1; then
echo "Tag ${TAG} already exists in GHCR, skipping build"
echo "changed=false" >> $GITHUB_OUTPUT
else
echo "Tag ${TAG} not found in GHCR, will build"
echo "changed=true" >> $GITHUB_OUTPUT
fi
build-and-release:
needs: [check, detect-version]
if: |
github.event_name == 'workflow_dispatch' ||
(github.event_name == 'push' && needs.detect-version.outputs.changed == 'true')
runs-on: ubuntu-latest
timeout-minutes: 180
steps:
- name: Checkout repository
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
fetch-depth: 0
fetch-tags: true
- name: Install Nix
uses: NixOS/nix-installer-action@d6ef7ecd8f685af89869e5aca0580a33e3e3150c
with:
installer-version: 2.33.2
extra-conf: |
substituters = https://cache.nixos.org https://nix-postgres-artifacts.s3.amazonaws.com
trusted-public-keys = nix-postgres-artifacts:dGZlQOvKcNEjvT7QEAJbcV6b6uk7VF/hWMjhYleiaLI= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
max-jobs = 4
- name: Set up Docker Buildx
run: docker context create builders
- uses: docker/setup-buildx-action@v3
with:
endpoint: builders
- name: Login to GHCR
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Get build args from vars.yml
id: args
run: |
nix run nixpkgs#nushell -- -c '
open ansible/vars.yml
| items { |key value| {name: $key, item: $value} }
| where { |it| ($it.item | describe) == "string" }
| each { |it| $"($it.name)=($it.item)" }
| str join "\n"
| save --append $env.GITHUB_OUTPUT
'
- name: Build and push Docker image
uses: docker/build-push-action@v5
with:
push: true
build-args: |
${{ steps.args.outputs.result }}
target: production
tags: |
ghcr.io/${{ needs.detect-version.outputs.owner }}/postgres:${{ needs.detect-version.outputs.tag }}
ghcr.io/${{ needs.detect-version.outputs.owner }}/postgres:latest
platforms: linux/amd64
cache-from: type=gha,scope=${{ github.ref_name }}-pg17-kbve
cache-to: type=gha,mode=max,scope=${{ github.ref_name }}-pg17-kbve
file: Dockerfile-17
- name: Create GitHub Release
uses: softprops/action-gh-release@v1
with:
tag_name: ${{ needs.detect-version.outputs.tag }}
name: "PostgreSQL 17 KBVE Build ${{ needs.detect-version.outputs.tag }}"
body: |
## PostgreSQL 17 Docker Image (KBVE Build)
### Docker Image
```bash
docker pull ghcr.io/${{ needs.detect-version.outputs.owner }}/postgres:${{ needs.detect-version.outputs.tag }}
```
### CNPG Cluster Usage
```yaml
apiVersion: postgresql.cnpg.io/v1
kind: Cluster
metadata:
name: postgres-kbve
spec:
instances: 3
imageName: ghcr.io/${{ needs.detect-version.outputs.owner }}/postgres:${{ needs.detect-version.outputs.tag }}
postgresql:
shared_preload_libraries:
- "pg_stat_statements"
- "pg_failover_slots"
```
### Fork Customizations
- kilobase (pgrx 0.16.1 extension)
- pg_failover_slots (logical replication slot failover)
- All standard Supabase PostgreSQL extensions
### Build Details
- PostgreSQL 17
- Platform: linux/amd64
- Base: Supabase PostgreSQL distribution
- Built with Nix reproducible builds
draft: false
prerelease: false