postgres/.github/workflows/publish-nix-pgupgrade-scripts.yml at develop · KBVE/postgres · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
name: Publish nix pg_upgrade_scripts

on:
  push:
    branches:
      - develop
      - release/*
    paths:
      - '.github/workflows/publish-nix-pgupgrade-scripts.yml'
      - 'ansible/vars.yml'
  workflow_dispatch:
    inputs:
      postgresVersion:
        description: 'Optional. Postgres version to publish against, i.e. 15.1.1.78'
        required: false

permissions:
  id-token: write

jobs:
  prepare:
    runs-on: blacksmith-2vcpu-ubuntu-2404
    outputs:
      postgres_versions: ${{ steps.set-versions.outputs.postgres_versions }}
    steps:
      - name: Checkout Repo
        uses: supabase/postgres/.github/actions/shared-checkout@HEAD
      - uses: ./.github/actions/nix-install-ephemeral
      - name: Set PostgreSQL versions
        id: set-versions
        run: |
          VERSIONS=$(nix run nixpkgs#yq --  '.postgres_major[]' ansible/vars.yml | nix run nixpkgs#jq -- -R -s -c 'split("\n")[:-1]')
          echo "postgres_versions=$VERSIONS" >> $GITHUB_OUTPUT

  publish-staging:
    needs: prepare
    runs-on: large-linux-x86
    strategy:
      matrix:
        postgres_version: ${{ fromJson(needs.prepare.outputs.postgres_versions) }}

    steps:
      - name: Checkout Repo
        uses: supabase/postgres/.github/actions/shared-checkout@HEAD

      - uses: ./.github/actions/nix-install-ephemeral

      - name: Grab release version
        id: process_release_version
        run: |
          VERSION=$(nix run nixpkgs#yq -- -r '.postgres_release["postgres'${{ matrix.postgres_version }}'"]' ansible/vars.yml)
          echo "version=$VERSION" >> "$GITHUB_OUTPUT"

      - name: Create a tarball containing pg_upgrade scripts
        run: |
          mkdir -p /tmp/pg_upgrade_scripts
          cp -r ansible/files/admin_api_scripts/pg_upgrade_scripts/* /tmp/pg_upgrade_scripts
          tar -czvf /tmp/pg_upgrade_scripts.tar.gz -C /tmp/ pg_upgrade_scripts

      - name: configure aws credentials - staging
        uses: aws-actions/configure-aws-credentials@67fbcbb121271f7775d2e7715933280b06314838 # v1.7.0
        with:
          role-to-assume: ${{ secrets.DEV_AWS_ROLE }}
          aws-region: "us-east-1"

      - name: Upload pg_upgrade scripts to s3 staging
        run: |
          aws s3 cp /tmp/pg_upgrade_scripts.tar.gz "s3://${{ secrets.ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/pg_upgrade_scripts.tar.gz"

      - name: Slack Notification on Failure
        if: ${{ failure() }}
        uses: rtCamp/action-slack-notify@e31e87e03dd19038e411e38ae27cbad084a90661 # v2.3.3
        env:
          SLACK_WEBHOOK: ${{ secrets.SLACK_NOTIFICATIONS_WEBHOOK }}
          SLACK_USERNAME: 'gha-failures-notifier'
          SLACK_COLOR: 'danger'
          SLACK_MESSAGE: 'Publishing pg_upgrade scripts failed'
          SLACK_FOOTER: ''
  publish-prod:
    needs: prepare
    runs-on: large-linux-x86
    if: github.ref_name == 'develop' || startsWith(github.ref_name, 'release/')

    strategy:
      matrix:
        postgres_version: ${{ fromJson(needs.prepare.outputs.postgres_versions) }}


    steps:
      - name: Checkout Repo
        uses: supabase/postgres/.github/actions/shared-checkout@HEAD

      - uses: ./.github/actions/nix-install-ephemeral

      - name: Grab release version
        id: process_release_version
        run: |
          VERSION=$(nix run nixpkgs#yq -- -r '.postgres_release["postgres'${{ matrix.postgres_version }}'"]' ansible/vars.yml)
          echo "version=$VERSION" >> "$GITHUB_OUTPUT"

      - name: Create a tarball containing pg_upgrade scripts
        run: |
          mkdir -p /tmp/pg_upgrade_scripts
          cp -r ansible/files/admin_api_scripts/pg_upgrade_scripts/* /tmp/pg_upgrade_scripts
          tar -czvf /tmp/pg_upgrade_scripts.tar.gz -C /tmp/ pg_upgrade_scripts

      - name: configure aws credentials - prod
        uses: aws-actions/configure-aws-credentials@67fbcbb121271f7775d2e7715933280b06314838 # v1.7.0
        with:
          role-to-assume: ${{ secrets.PROD_AWS_ROLE }}
          aws-region: "us-east-1"

      - name: Upload pg_upgrade scripts to s3 prod
        run: |
          aws s3 cp /tmp/pg_upgrade_scripts.tar.gz "s3://${{ secrets.PROD_ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/pg_upgrade_scripts.tar.gz"

      - name: Slack Notification on Failure
        if: ${{ failure() }}
        uses: rtCamp/action-slack-notify@e31e87e03dd19038e411e38ae27cbad084a90661 # v2.3.3
        env:
          SLACK_WEBHOOK: ${{ secrets.SLACK_NOTIFICATIONS_WEBHOOK }}
          SLACK_USERNAME: 'gha-failures-notifier'
          SLACK_COLOR: 'danger'
          SLACK_MESSAGE: 'Publishing pg_upgrade scripts failed'
          SLACK_FOOTER: ''