From 5f294705dc79cd4e474f5afe6499dda7f580cdbd Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Wed, 4 Feb 2026 10:31:21 -0500 Subject: [PATCH 01/10] fix: we needed to restore publishing on merge or wf dispatch to us-east-1 --- .github/workflows/ami-release-nix.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ami-release-nix.yml b/.github/workflows/ami-release-nix.yml index cef369afa..5789a40bf 100644 --- a/.github/workflows/ami-release-nix.yml +++ b/.github/workflows/ami-release-nix.yml @@ -89,13 +89,13 @@ jobs: GIT_SHA=${{github.sha}} nix run github:supabase/postgres/${GIT_SHA}#packer -- init amazon-arm64-nix.pkr.hcl # why is postgresql_major defined here instead of where the _three_ other postgresql_* variables are defined? - nix run github:supabase/postgres/${GIT_SHA}#packer -- build -var "git-head-version=${GIT_SHA}" -var "packer-execution-id=${EXECUTION_ID}" -var-file="development-arm.vars.pkr.hcl" -var-file="common-nix.vars.pkr.hcl" -var "ansible_arguments=-e postgresql_major=${POSTGRES_MAJOR_VERSION}" amazon-arm64-nix.pkr.hcl + nix run github:supabase/postgres/${GIT_SHA}#packer -- build -var "git-head-version=${GIT_SHA}" -var "packer-execution-id=${EXECUTION_ID}" -var-file="development-arm.vars.pkr.hcl" -var-file="common-nix.vars.pkr.hcl" -var "ansible_arguments=-e postgresql_major=${POSTGRES_MAJOR_VERSION}" -var "region=us-east-1" -var 'ami_regions=["us-east-1"]' amazon-arm64-nix.pkr.hcl - name: Find stage 1 AMI run: | GIT_SHA=${{github.sha}} PG_VERSION=$(sed -n 's/postgres-version = "\(.*\)"/\1/p' common-nix.vars.pkr.hcl) - REGION=$(grep '^region=' development-arm.vars.pkr.hcl | cut -d'=' -f2 | tr -d ' "') + REGION="us-east-1" echo "Looking for stage 1 AMI with postgresVersion=${PG_VERSION}-stage1 and sourceSha=${GIT_SHA} in region ${REGION}" @@ -124,7 +124,7 @@ jobs: GIT_SHA=${{github.sha}} nix run github:supabase/postgres/${GIT_SHA}#packer -- init stage2-nix-psql.pkr.hcl POSTGRES_MAJOR_VERSION=${{ env.POSTGRES_MAJOR_VERSION }} - nix run github:supabase/postgres/${GIT_SHA}#packer -- build -var "git_sha=${GIT_SHA}" -var "git-head-version=${GIT_SHA}" -var "packer-execution-id=${EXECUTION_ID}" -var "postgres_major_version=${POSTGRES_MAJOR_VERSION}" -var "source_ami=${STAGE1_AMI_ID}" -var-file="development-arm.vars.pkr.hcl" -var-file="common-nix.vars.pkr.hcl" stage2-nix-psql.pkr.hcl + nix run github:supabase/postgres/${GIT_SHA}#packer -- build -var "git_sha=${GIT_SHA}" -var "git-head-version=${GIT_SHA}" -var "packer-execution-id=${EXECUTION_ID}" -var "postgres_major_version=${POSTGRES_MAJOR_VERSION}" -var "source_ami=${STAGE1_AMI_ID}" -var-file="development-arm.vars.pkr.hcl" -var-file="common-nix.vars.pkr.hcl" -var "region=us-east-1" -var 'ami_regions=["us-east-1"]' stage2-nix-psql.pkr.hcl - name: Grab release version id: process_release_version From 4fccbe2a08637b789f881ad986801b708acdafa5 Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Wed, 4 Feb 2026 11:33:30 -0500 Subject: [PATCH 02/10] fix: bump to test release --- ansible/vars.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ansible/vars.yml b/ansible/vars.yml index 84861b604..4b9973ce7 100644 --- a/ansible/vars.yml +++ b/ansible/vars.yml @@ -10,9 +10,9 @@ postgres_major: # Full version strings for each major version postgres_release: - postgresorioledb-17: "17.6.0.037-orioledb" - postgres17: "17.6.1.080" - postgres15: "15.14.1.080" + postgresorioledb-17: "17.6.0.037-orioledb-region-1" + postgres17: "17.6.1.080-region-1" + postgres15: "15.14.1.080-region-1" # Non Postgres Extensions pgbouncer_release: 1.25.1 From 0dd9e246615429697aeffe86b2436589a843bf14 Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Wed, 4 Feb 2026 12:42:22 -0500 Subject: [PATCH 03/10] fix: give some space for vector download --- ansible/tasks/setup-supabase-internal.yml | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/ansible/tasks/setup-supabase-internal.yml b/ansible/tasks/setup-supabase-internal.yml index d59062012..00007ecd6 100644 --- a/ansible/tasks/setup-supabase-internal.yml +++ b/ansible/tasks/setup-supabase-internal.yml @@ -33,9 +33,20 @@ ansible.builtin.command: cmd: aws configure set default.s3.use_dualstack_endpoint true +- name: download Vector package + ansible.builtin.get_url: + url: "{{ vector_x86_deb if platform == 'amd64' else vector_arm_deb }}" + dest: /tmp/vector.deb + timeout: 120 + become: true + retries: 3 + delay: 10 + register: vector_download + until: vector_download is success + - name: install Vector for logging apt: - deb: "{{ vector_x86_deb if platform == 'amd64' else vector_arm_deb }}" + deb: /tmp/vector.deb become: true - name: add Vector to postgres group From 8417da7703de06b138b64fda7a792b1fec5a26ba Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Wed, 4 Feb 2026 13:06:38 -0500 Subject: [PATCH 04/10] fix: Fix publish-prod condition to only match release/* branches and add missing -r flag to yq in publish-staging job --- .github/workflows/publish-nix-pgupgrade-bin-flake-version.yml | 4 ++-- .github/workflows/publish-nix-pgupgrade-scripts.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/publish-nix-pgupgrade-bin-flake-version.yml b/.github/workflows/publish-nix-pgupgrade-bin-flake-version.yml index 7a8a45e00..9cfb0d7aa 100644 --- a/.github/workflows/publish-nix-pgupgrade-bin-flake-version.yml +++ b/.github/workflows/publish-nix-pgupgrade-bin-flake-version.yml @@ -51,7 +51,7 @@ jobs: if [[ "${{ inputs.postgresVersion }}" != "" ]]; then VERSION="${{ inputs.postgresVersion }}" else - VERSION=$(nix run nixpkgs#yq -- '.postgres_release["postgres'${{ matrix.postgres_version }}'"]' ansible/vars.yml) + VERSION=$(nix run nixpkgs#yq -- -r '.postgres_release["postgres'${{ matrix.postgres_version }}'"]' ansible/vars.yml) fi echo "version=$VERSION" >> "$GITHUB_OUTPUT" echo "major_version=$(echo $VERSION | cut -d'.' -f1)" >> "$GITHUB_OUTPUT" @@ -87,7 +87,7 @@ jobs: publish-prod: runs-on: large-linux-x86 - if: github.ref_name == 'develop' || contains( github.ref, 'release' ) + if: github.ref_name == 'develop' || startsWith(github.ref_name, 'release/') needs: prepare strategy: matrix: diff --git a/.github/workflows/publish-nix-pgupgrade-scripts.yml b/.github/workflows/publish-nix-pgupgrade-scripts.yml index 98eb9015c..f0f779947 100644 --- a/.github/workflows/publish-nix-pgupgrade-scripts.yml +++ b/.github/workflows/publish-nix-pgupgrade-scripts.yml @@ -88,7 +88,7 @@ jobs: publish-prod: needs: prepare runs-on: large-linux-x86 - if: github.ref_name == 'develop' || contains( github.ref, 'release' ) + if: github.ref_name == 'develop' || startsWith(github.ref_name, 'release/') strategy: matrix: From b6161d1c0bfa28cf0f4ce978069b8cb22f4d6937 Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Wed, 4 Feb 2026 13:21:39 -0500 Subject: [PATCH 05/10] fix: stage2 doe snot have the var ami_regions --- .github/workflows/ami-release-nix.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ami-release-nix.yml b/.github/workflows/ami-release-nix.yml index 5789a40bf..0799bbb8d 100644 --- a/.github/workflows/ami-release-nix.yml +++ b/.github/workflows/ami-release-nix.yml @@ -124,7 +124,7 @@ jobs: GIT_SHA=${{github.sha}} nix run github:supabase/postgres/${GIT_SHA}#packer -- init stage2-nix-psql.pkr.hcl POSTGRES_MAJOR_VERSION=${{ env.POSTGRES_MAJOR_VERSION }} - nix run github:supabase/postgres/${GIT_SHA}#packer -- build -var "git_sha=${GIT_SHA}" -var "git-head-version=${GIT_SHA}" -var "packer-execution-id=${EXECUTION_ID}" -var "postgres_major_version=${POSTGRES_MAJOR_VERSION}" -var "source_ami=${STAGE1_AMI_ID}" -var-file="development-arm.vars.pkr.hcl" -var-file="common-nix.vars.pkr.hcl" -var "region=us-east-1" -var 'ami_regions=["us-east-1"]' stage2-nix-psql.pkr.hcl + nix run github:supabase/postgres/${GIT_SHA}#packer -- build -var "git_sha=${GIT_SHA}" -var "git-head-version=${GIT_SHA}" -var "packer-execution-id=${EXECUTION_ID}" -var "postgres_major_version=${POSTGRES_MAJOR_VERSION}" -var "source_ami=${STAGE1_AMI_ID}" -var-file="development-arm.vars.pkr.hcl" -var-file="common-nix.vars.pkr.hcl" -var "region=us-east-1" stage2-nix-psql.pkr.hcl - name: Grab release version id: process_release_version From ecc699a6e64af525e2a513a6ebec07ecac97eccd Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Wed, 4 Feb 2026 13:39:02 -0500 Subject: [PATCH 06/10] fix: we will not add extra data to ami testing suffix at this time --- .github/workflows/ami-release-nix.yml | 8 -------- ansible/vars.yml | 6 +++--- 2 files changed, 3 insertions(+), 11 deletions(-) diff --git a/.github/workflows/ami-release-nix.yml b/.github/workflows/ami-release-nix.yml index 0799bbb8d..5f5796455 100644 --- a/.github/workflows/ami-release-nix.yml +++ b/.github/workflows/ami-release-nix.yml @@ -72,15 +72,7 @@ jobs: - name: Generate common-nix.vars.pkr.hcl run: | PG_VERSION="$(nix run nixpkgs#yq -- -r '.postgres_release["postgres'${{ matrix.postgres_version }}'"]' ansible/vars.yml)" - BRANCH_NAME="$(echo "${{ github.ref }}" | sed 's|refs/heads/||')" - if [[ "${{ github.event_name }}" == "workflow_dispatch" && "$BRANCH_NAME" != "develop" && "$BRANCH_NAME" != release/* ]]; then - SUFFIX="${BRANCH_NAME//[^a-zA-Z0-9._-]/-}-${{ github.run_id }}" - PG_VERSION="${PG_VERSION}-${SUFFIX}" - echo "Added branch suffix to version: $SUFFIX" - fi echo "postgres-version = \"$PG_VERSION\"" > common-nix.vars.pkr.hcl - # Ensure there's a newline at the end of the file - echo "" >> common-nix.vars.pkr.hcl - name: Build AMI stage 1 env: diff --git a/ansible/vars.yml b/ansible/vars.yml index 4b9973ce7..26f3cf484 100644 --- a/ansible/vars.yml +++ b/ansible/vars.yml @@ -10,9 +10,9 @@ postgres_major: # Full version strings for each major version postgres_release: - postgresorioledb-17: "17.6.0.037-orioledb-region-1" - postgres17: "17.6.1.080-region-1" - postgres15: "15.14.1.080-region-1" + postgresorioledb-17: "17.6.0.037-orioledb-region-2" + postgres17: "17.6.1.080-region-2" + postgres15: "15.14.1.080-region-2" # Non Postgres Extensions pgbouncer_release: 1.25.1 From 02b58c6200124fa0ea15297fa9b050d033db450b Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Wed, 4 Feb 2026 13:44:21 -0500 Subject: [PATCH 07/10] fix: need concurrency block that was lost --- .github/workflows/nix-build.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/nix-build.yml b/.github/workflows/nix-build.yml index 509893eb0..712513fba 100644 --- a/.github/workflows/nix-build.yml +++ b/.github/workflows/nix-build.yml @@ -14,6 +14,10 @@ permissions: contents: write packages: write +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: ${{ github.event_name == 'pull_request' }} + jobs: nix-eval: uses: ./.github/workflows/nix-eval.yml From 9d59f0ac1996037b077cc4c3137992ec2642e434 Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Wed, 4 Feb 2026 15:21:18 -0500 Subject: [PATCH 08/10] fix: Removed input parameter version extraction logic and always read all postgres versions from ansible/vars.yml to ensure all versions (15, 17, orioledb-17) are published. --- ...ublish-nix-pgupgrade-bin-flake-version.yml | 19 +++---------------- .../publish-nix-pgupgrade-scripts.yml | 19 +++---------------- 2 files changed, 6 insertions(+), 32 deletions(-) diff --git a/.github/workflows/publish-nix-pgupgrade-bin-flake-version.yml b/.github/workflows/publish-nix-pgupgrade-bin-flake-version.yml index 9cfb0d7aa..ee6737a42 100644 --- a/.github/workflows/publish-nix-pgupgrade-bin-flake-version.yml +++ b/.github/workflows/publish-nix-pgupgrade-bin-flake-version.yml @@ -24,12 +24,7 @@ jobs: - name: Set PostgreSQL versions id: set-versions run: | - if [[ "${{ inputs.postgresVersion }}" != "" ]]; then - MAJOR_VERSION=$(echo "${{ inputs.postgresVersion }}" | cut -d'.' -f1) - VERSIONS="[\"$MAJOR_VERSION\"]" - else - VERSIONS=$(nix run nixpkgs#yq -- '.postgres_major[]' ansible/vars.yml | nix run nixpkgs#jq -- -R -s -c 'split("\n")[:-1]') - fi + VERSIONS=$(nix run nixpkgs#yq -- '.postgres_major[]' ansible/vars.yml | nix run nixpkgs#jq -- -R -s -c 'split("\n")[:-1]') echo "postgres_versions=$VERSIONS" >> $GITHUB_OUTPUT publish-staging: @@ -48,11 +43,7 @@ jobs: - name: Grab release version id: process_release_version run: | - if [[ "${{ inputs.postgresVersion }}" != "" ]]; then - VERSION="${{ inputs.postgresVersion }}" - else - VERSION=$(nix run nixpkgs#yq -- -r '.postgres_release["postgres'${{ matrix.postgres_version }}'"]' ansible/vars.yml) - fi + VERSION=$(nix run nixpkgs#yq -- -r '.postgres_release["postgres'${{ matrix.postgres_version }}'"]' ansible/vars.yml) echo "version=$VERSION" >> "$GITHUB_OUTPUT" echo "major_version=$(echo $VERSION | cut -d'.' -f1)" >> "$GITHUB_OUTPUT" @@ -100,11 +91,7 @@ jobs: - name: Grab release version id: process_release_version run: | - if [[ "${{ inputs.postgresVersion }}" != "" ]]; then - VERSION="${{ inputs.postgresVersion }}" - else - VERSION=$(nix run nixpkgs#yq -- -r '.postgres_release["postgres'${{ matrix.postgres_version }}'"]' ansible/vars.yml) - fi + VERSION=$(nix run nixpkgs#yq -- -r '.postgres_release["postgres'${{ matrix.postgres_version }}'"]' ansible/vars.yml) echo "version=$VERSION" >> "$GITHUB_OUTPUT" echo "major_version=$(echo $VERSION | cut -d'.' -f1)" >> "$GITHUB_OUTPUT" diff --git a/.github/workflows/publish-nix-pgupgrade-scripts.yml b/.github/workflows/publish-nix-pgupgrade-scripts.yml index f0f779947..721250fd1 100644 --- a/.github/workflows/publish-nix-pgupgrade-scripts.yml +++ b/.github/workflows/publish-nix-pgupgrade-scripts.yml @@ -29,12 +29,7 @@ jobs: - name: Set PostgreSQL versions id: set-versions run: | - if [[ "${{ inputs.postgresVersion }}" != "" ]]; then - MAJOR_VERSION=$(echo "${{ inputs.postgresVersion }}" | cut -d'.' -f1) - VERSIONS="[\"$MAJOR_VERSION\"]" - else - VERSIONS=$(nix run nixpkgs#yq -- '.postgres_major[]' ansible/vars.yml | nix run nixpkgs#jq -- -R -s -c 'split("\n")[:-1]') - fi + VERSIONS=$(nix run nixpkgs#yq -- '.postgres_major[]' ansible/vars.yml | nix run nixpkgs#jq -- -R -s -c 'split("\n")[:-1]') echo "postgres_versions=$VERSIONS" >> $GITHUB_OUTPUT publish-staging: @@ -53,11 +48,7 @@ jobs: - name: Grab release version id: process_release_version run: | - if [[ "${{ inputs.postgresVersion }}" != "" ]]; then - VERSION="${{ inputs.postgresVersion }}" - else - VERSION=$(nix run nixpkgs#yq -- -r '.postgres_release["postgres'${{ matrix.postgres_version }}'"]' ansible/vars.yml) - fi + VERSION=$(nix run nixpkgs#yq -- -r '.postgres_release["postgres'${{ matrix.postgres_version }}'"]' ansible/vars.yml) echo "version=$VERSION" >> "$GITHUB_OUTPUT" - name: Create a tarball containing pg_upgrade scripts @@ -104,11 +95,7 @@ jobs: - name: Grab release version id: process_release_version run: | - if [[ "${{ inputs.postgresVersion }}" != "" ]]; then - VERSION="${{ inputs.postgresVersion }}" - else - VERSION=$(nix run nixpkgs#yq -- -r '.postgres_release["postgres'${{ matrix.postgres_version }}'"]' ansible/vars.yml) - fi + VERSION=$(nix run nixpkgs#yq -- -r '.postgres_release["postgres'${{ matrix.postgres_version }}'"]' ansible/vars.yml) echo "version=$VERSION" >> "$GITHUB_OUTPUT" - name: Create a tarball containing pg_upgrade scripts From 23db28e6f931f0aafe7f0009b72a5167bc99ffda Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Wed, 4 Feb 2026 16:43:42 -0500 Subject: [PATCH 09/10] chore: bump to test release again --- ansible/vars.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/ansible/vars.yml b/ansible/vars.yml index 26f3cf484..3769718d5 100644 --- a/ansible/vars.yml +++ b/ansible/vars.yml @@ -10,15 +10,15 @@ postgres_major: # Full version strings for each major version postgres_release: - postgresorioledb-17: "17.6.0.037-orioledb-region-2" - postgres17: "17.6.1.080-region-2" - postgres15: "15.14.1.080-region-2" + postgresorioledb-17: "17.6.0.037-orioledb-region-3" + postgres17: "17.6.1.080-region-3" + postgres15: "15.14.1.080-region-3" # Non Postgres Extensions pgbouncer_release: 1.25.1 pgbouncer_release_checksum: sha256:6e566ae92fe3ef7f6a1b9e26d6049f7d7ca39c40e29e7b38f6d5500ae15d8465 -# The checksum can be found under "Assets", in the GitHub release page for each version. +# The checksum can be found under "Assets", in the GitHub release page for each version. # The binaries used are: ubuntu-aarch64 and linux-static. # https://github.com/PostgREST/postgrest/releases postgrest_release: 14.1 From 4c897672c0eab5509e21305fd8f798f1fe69821b Mon Sep 17 00:00:00 2001 From: Sam Rose Date: Wed, 4 Feb 2026 18:52:08 -0500 Subject: [PATCH 10/10] chore: bump to release --- ansible/vars.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ansible/vars.yml b/ansible/vars.yml index 3769718d5..209fcde31 100644 --- a/ansible/vars.yml +++ b/ansible/vars.yml @@ -10,9 +10,9 @@ postgres_major: # Full version strings for each major version postgres_release: - postgresorioledb-17: "17.6.0.037-orioledb-region-3" - postgres17: "17.6.1.080-region-3" - postgres15: "15.14.1.080-region-3" + postgresorioledb-17: "17.6.0.038-orioledb" + postgres17: "17.6.1.081" + postgres15: "15.14.1.081" # Non Postgres Extensions pgbouncer_release: 1.25.1