supabase
diff --git a/‎.github/CODEOWNERS
Lines changed: 1 addition & 0 deletions b/‎.github/CODEOWNERS
Lines changed: 1 addition & 0 deletions
diff --git a/‎.github/workflows/ami-release.yml
Lines changed: 10 additions & 0 deletions b/‎.github/workflows/ami-release.yml
Lines changed: 10 additions & 0 deletions
diff --git a/‎.github/workflows/ci.yml
Lines changed: 9 additions & 7 deletions b/‎.github/workflows/ci.yml
Lines changed: 9 additions & 7 deletions
diff --git a/‎.github/workflows/dockerhub-release-aio.yml
Lines changed: 38 additions & 4 deletions b/‎.github/workflows/dockerhub-release-aio.yml
Lines changed: 38 additions & 4 deletions
diff --git a/‎.github/workflows/dockerhub-release.yml
Lines changed: 2 additions & 1 deletion b/‎.github/workflows/dockerhub-release.yml
Lines changed: 2 additions & 1 deletion
diff --git a/‎.github/workflows/testinfra.yml
Lines changed: 14 additions & 4 deletions b/‎.github/workflows/testinfra.yml
Lines changed: 14 additions & 4 deletions
diff --git a/‎Dockerfile
Lines changed: 1 addition & 1 deletion b/‎Dockerfile
Lines changed: 1 addition & 1 deletion
diff --git a/‎amazon-arm64.pkr.hcl
Lines changed: 2 additions & 1 deletion b/‎amazon-arm64.pkr.hcl
Lines changed: 2 additions & 1 deletion
diff --git a/‎ansible/files/admin_api_scripts/pg_upgrade_scripts/initiate.sh
Lines changed: 0 additions & 3 deletions b/‎ansible/files/admin_api_scripts/pg_upgrade_scripts/initiate.sh
Lines changed: 0 additions & 3 deletions
diff --git a/‎ansible/files/adminapi.sudoers.conf
Lines changed: 6 additions & 4 deletions b/‎ansible/files/adminapi.sudoers.conf
Lines changed: 6 additions & 4 deletions
@@ -1,3 +1,4 @@
 * @supabase/backend
 migrations/ @supabase/cli @supabase/backend
 docker/orioledb @supabase/postgres
+common.vars.pkr.hcl @supabase/postgres @supabase/backend
@@ -30,6 +30,16 @@ jobs:
       - name: Checkout Repo
         uses: actions/checkout@v3
 
+      - name: Run checks if triggered manually
+        if: ${{ github.event_name == 'workflow_dispatch' }}
+        # Update `ci.yaml` too if changing constraints.
+        run: |
+          SUFFIX=$(sed -E 's/postgres-version = "[0-9\.]+(.*)"/\1/g' common.vars.pkr.hcl)
+          if [[ -z $SUFFIX ]] ; then
+            echo "Version must include non-numeric characters if built manually."
+            exit 1
+          fi
+
       - id: args
         uses: mikefarah/yq@master
         with:
 
@@ -4,16 +4,18 @@ on:
   pull_request:
 
 jobs:
-
   check-release-version:
     timeout-minutes: 5
+    runs-on: ubuntu-latest
     steps:
       - name: Checkout Repo
         uses: actions/checkout@v3
 
-      run: |
-        SUFFIX=$(sed -E 's/postgres-version = "[0-9\.]+(.*)"/\1/g' common.vars.pkr.hcl)
-        if [[ -n $SUFFIX ]] ; then
-          echo "We no longer allow merging RC versions to develop."
-          exit 1
-        fi
+      - name: Run checks
+        # Update `ami-release.yaml` too if changing constraints.
+        run: |
+          SUFFIX=$(sed -E 's/postgres-version = "[0-9\.]+(.*)"/\1/g' common.vars.pkr.hcl)
+          if [[ -n $SUFFIX ]] ; then
+            echo "We no longer allow merging RC versions to develop."
+            exit 1
+          fi
@@ -1,26 +1,26 @@
-name: Release AIO image on Dockerhub
+name: Release AIO image
 
 on:
   push:
     branches:
-      - pcnc/trigger-build
+      - develop
     paths:
       - ".github/workflows/dockerhub-release-aio.yml"
       - "docker/all-in-one/*"
-      - "common.vars*"
   workflow_run:
     workflows: [Release on Dockerhub]
     branches:
       - develop
     types:
       - completed
-    
+
 jobs:
   settings:
     runs-on: ubuntu-latest
     outputs:
       docker_version: ${{ steps.settings.outputs.postgres-version }}
       image_tag: supabase/postgres:aio-${{ steps.settings.outputs.postgres-version }}
+      fly_image_tag: supabase-postgres-image:aio-${{ steps.settings.outputs.postgres-version }}
       build_args: ${{ steps.args.outputs.result }}
     steps:
       - uses: actions/checkout@v3
@@ -108,3 +108,37 @@ jobs:
     with:
       version: aio-${{ needs.settings.outputs.docker_version }}
     secrets: inherit
+
+  publish_to_fly:
+    needs: [settings, build_image]
+    runs-on: ubuntu-latest
+    steps:
+      - uses: docker/setup-buildx-action@v3
+      - uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+      - name: Push to Fly
+        uses: superfly/flyctl-actions/setup-flyctl@dfdfedc86b296f5e5384f755a18bf400409a15d0
+        with:
+          version: 0.1.64
+      - run: |
+          docker pull ${{ needs.settings.outputs.image_tag }}_amd64
+          docker tag ${{ needs.settings.outputs.image_tag }}_amd64 "registry.fly.io/staging-${{ needs.settings.outputs.fly_image_tag }}"
+          docker tag ${{ needs.settings.outputs.image_tag }}_amd64 "registry.fly.io/prod-${{ needs.settings.outputs.fly_image_tag }}"
+
+          flyctl auth docker
+          docker push "registry.fly.io/staging-${{ needs.settings.outputs.fly_image_tag }}"
+          docker push "registry.fly.io/prod-${{ needs.settings.outputs.fly_image_tag }}"
+        env:
+          FLY_API_TOKEN: ${{ secrets.FLY_API_TOKEN }}
+          
+      - name: Slack Notification
+        if: ${{ failure() }}
+        uses: rtCamp/action-slack-notify@v2
+        env:
+          SLACK_WEBHOOK: ${{ secrets.SLACK_NOTIFICATIONS_WEBHOOK }}
+          SLACK_USERNAME: "gha-failures-notifier"
+          SLACK_COLOR: "danger"
+          SLACK_MESSAGE: "Failed pushing AIO image to Fly.io"
+          SLACK_FOOTER: ""
@@ -7,7 +7,7 @@ on:
     paths:
       - ".github/workflows/dockerhub-release.yml"
       - "common.vars*"
-
+ 
 jobs:
   settings:
     runs-on: ubuntu-latest
@@ -25,6 +25,7 @@ jobs:
         with:
           cmd: yq 'to_entries | map(select(.value|type == "!!str")) |  map(.key + "=" + .value) | join("\n")' 'ansible/vars.yml'
 
+
   build_image:
     needs: settings
     strategy:
 
@@ -14,7 +14,7 @@ jobs:
           - runner: arm-runner
             arch: arm64
     runs-on: ${{ matrix.runner }}
-    timeout-minutes: 60
+    timeout-minutes: 30
     steps:
       - uses: actions/checkout@v3
 
@@ -27,7 +27,17 @@ jobs:
         run: |
           # TODO: use poetry for pkg mgmt
           pip3 install boto3 boto3-stubs[essential] docker ec2instanceconnectcli pytest pytest-testinfra[paramiko,docker] requests
-          pytest -vv testinfra/test_all_in_one.py
+          
+
+          if ! pytest -vv testinfra/test_all_in_one.py; then
+            # display container logs if the test fails
+            
+            if [ -f testinfra-aio-container-logs.log ]; then
+              echo "AIO container logs:"
+              cat testinfra-aio-container-logs.log
+            fi
+            exit 1
+          fi
 
   test-ami:
     strategy:
@@ -132,9 +142,9 @@ jobs:
       - name: Cleanup resources on build cancellation
         if: ${{ cancelled() }}
         run: |
-          aws ec2 --region ap-southeast-1 describe-instances --filters "Name=tag:packerExecutionId,Values=${GITHUB_RUN_ID}" --query "Reservations[].Instances[].InstanceId" --output text | xargs -I {} aws ec2 terminate-instances --instance-ids {}
+          aws ec2 --region ap-southeast-1 describe-instances --filters "Name=tag:packerExecutionId,Values=${GITHUB_RUN_ID}" --query "Reservations[].Instances[].InstanceId" --output text | xargs -I {} aws ec2 terminate-instances --region ap-southeast-1 --instance-ids {}
 
       - name: Cleanup resources on build cancellation
         if: ${{ always() }}
         run: |
-          aws ec2 --region ap-southeast-1 describe-instances --filters "Name=tag:testinfra-run-id,Values=${GITHUB_RUN_ID}" --query "Reservations[].Instances[].InstanceId" --output text | xargs -I {} aws ec2 terminate-instances --instance-ids {} || true
+          aws ec2 --region ap-southeast-1 describe-instances --filters "Name=tag:testinfra-run-id,Values=${GITHUB_RUN_ID}" --query "Reservations[].Instances[].InstanceId" --output text | xargs -I {} aws ec2 terminate-instances --region ap-southeast-1 --instance-ids {} || true
@@ -30,7 +30,7 @@ ARG pg_jsonschema_release=0.1.4
 ARG vault_release=0.2.8
 ARG groonga_release=12.0.8
 ARG pgroonga_release=2.4.0
-ARG wrappers_release=0.1.19
+ARG wrappers_release=0.2.0
 ARG hypopg_release=1.3.1
 ARG pg_repack_release=1.4.8
 ARG pgvector_release=0.4.0
 
@@ -243,7 +243,8 @@ build {
       "DOCKER_USER=${var.docker_user}",
       "DOCKER_PASSWD=${var.docker_passwd}",
       "DOCKER_IMAGE=${var.docker_image}",
-      "DOCKER_IMAGE_TAG=${var.docker_image_tag}"
+      "DOCKER_IMAGE_TAG=${var.docker_image_tag}",
+      "POSTGRES_SUPABASE_VERSION=${var.postgres-version}"
     ]
     use_env_var_file = true
     script = "ebssurrogate/scripts/surrogate-bootstrap.sh"
 
@@ -11,9 +11,6 @@
 # them depending on regtypes referencing system OIDs or outdated library files.
 EXTENSIONS_TO_DISABLE=(
     "pg_graphql"
-    "plv8"
-    "plcoffee"
-    "plls"
 )
 
 PG14_EXTENSIONS_TO_DISABLE=(
 
@@ -1,7 +1,8 @@
-Cmnd_Alias KONG = /bin/systemctl start kong.service, /bin/systemctl stop kong.service, /bin/systemctl restart kong.service, /bin/systemctl disable kong.service, /bin/systemctl enable kong.service, /bin/systemctl reload kong.service
-Cmnd_Alias POSTGREST = /bin/systemctl start postgrest.service, /bin/systemctl stop postgrest.service, /bin/systemctl restart postgrest.service, /bin/systemctl disable postgrest.service, /bin/systemctl enable postgrest.service
-Cmnd_Alias GOTRUE = /bin/systemctl start gotrue.service, /bin/systemctl stop gotrue.service, /bin/systemctl restart gotrue.service, /bin/systemctl disable gotrue.service, /bin/systemctl enable gotrue.service
-Cmnd_Alias PGBOUNCER = /bin/systemctl start pgbouncer.service, /bin/systemctl stop pgbouncer.service, /bin/systemctl restart pgbouncer.service, /bin/systemctl disable pgbouncer.service, /bin/systemctl enable pgbouncer.service, /bin/systemctl reload pgbouncer.service
+Cmnd_Alias ENVOY = /bin/systemctl start envoy.service, /bin/systemctl stop envoy.service, /bin/systemctl restart envoy.service, /bin/systemctl disable envoy.service, /bin/systemctl enable envoy.service, /bin/systemctl reload envoy.service, /bin/systemctl try-restart envoy.service
+Cmnd_Alias KONG = /bin/systemctl start kong.service, /bin/systemctl stop kong.service, /bin/systemctl restart kong.service, /bin/systemctl disable kong.service, /bin/systemctl enable kong.service, /bin/systemctl reload kong.service, /bin/systemctl try-restart kong.service
+Cmnd_Alias POSTGREST = /bin/systemctl start postgrest.service, /bin/systemctl stop postgrest.service, /bin/systemctl restart postgrest.service, /bin/systemctl disable postgrest.service, /bin/systemctl enable postgrest.service, /bin/systemctl try-restart postgrest.service
+Cmnd_Alias GOTRUE = /bin/systemctl start gotrue.service, /bin/systemctl stop gotrue.service, /bin/systemctl restart gotrue.service, /bin/systemctl disable gotrue.service, /bin/systemctl enable gotrue.service, /bin/systemctl try-restart gotrue.service
+Cmnd_Alias PGBOUNCER = /bin/systemctl start pgbouncer.service, /bin/systemctl stop pgbouncer.service, /bin/systemctl restart pgbouncer.service, /bin/systemctl disable pgbouncer.service, /bin/systemctl enable pgbouncer.service, /bin/systemctl reload pgbouncer.service, /bin/systemctl try-restart pgbouncer.service
 
 %adminapi ALL= NOPASSWD: /root/grow_fs.sh
 %adminapi ALL= NOPASSWD: /root/manage_readonly_mode.sh
@@ -20,6 +21,7 @@ Cmnd_Alias PGBOUNCER = /bin/systemctl start pgbouncer.service, /bin/systemctl st
 %adminapi ALL= NOPASSWD: /bin/systemctl restart services.slice
 %adminapi ALL= NOPASSWD: /usr/sbin/nft -f /etc/nftables/supabase_managed.conf
 %adminapi ALL= NOPASSWD: /usr/bin/admin-mgr
+%adminapi ALL= NOPASSWD: ENVOY
 %adminapi ALL= NOPASSWD: KONG
 %adminapi ALL= NOPASSWD: POSTGREST
 %adminapi ALL= NOPASSWD: GOTRUE
Original file line number	Diff line number	Diff line change
`@@ -11,9 +11,6 @@`
`11`	`11`	`# them depending on regtypes referencing system OIDs or outdated library files.`
`12`	`12`	`EXTENSIONS_TO_DISABLE=(`
`13`	`13`	`"pg_graphql"`
`14`		`- "plv8"`
`15`		`- "plcoffee"`
`16`		`- "plls"`
`17`	`14`	`)`
`18`	`15`
`19`	`16`	`PG14_EXTENSIONS_TO_DISABLE=(`