Publish nix pg_upgrade_scripts #169
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Publish nix pg_upgrade_scripts | |
on: | |
push: | |
branches: | |
- develop | |
- release/* | |
paths: | |
- '.github/workflows/publish-nix-pgupgrade-scripts.yml' | |
workflow_dispatch: | |
inputs: | |
postgresVersion: | |
description: 'Optional. Postgres version to publish against, i.e. 15.1.1.78' | |
required: false | |
permissions: | |
id-token: write | |
jobs: | |
prepare: | |
runs-on: ubuntu-latest | |
outputs: | |
postgres_versions: ${{ steps.set-versions.outputs.postgres_versions }} | |
steps: | |
- name: Checkout Repo | |
uses: actions/checkout@v3 | |
- uses: DeterminateSystems/nix-installer-action@main | |
- name: Set PostgreSQL versions | |
id: set-versions | |
run: | | |
VERSIONS=$(nix run nixpkgs#yq -- '.postgres_major[]' ansible/vars.yml | nix run nixpkgs#jq -- -R -s -c 'split("\n")[:-1]') | |
echo "postgres_versions=$VERSIONS" >> $GITHUB_OUTPUT | |
publish-staging: | |
needs: prepare | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
postgres_version: ${{ fromJson(needs.prepare.outputs.postgres_versions) }} | |
steps: | |
- name: Checkout Repo | |
uses: actions/checkout@v3 | |
- uses: DeterminateSystems/nix-installer-action@main | |
- name: Grab release version | |
id: process_release_version | |
run: | | |
VERSION=$(sudo nix run nixpkgs#yq -- '.postgres_release["postgres'${{ matrix.postgres_version }}'"]' ansible/vars.yml) | |
VERSION=$(echo $PG_VERSION | tr -d '"') # Remove any surrounding quotes | |
if [[ "${{ inputs.postgresVersion }}" != "" ]]; then | |
VERSION=${{ inputs.postgresVersion }} | |
fi | |
echo "version=$VERSION" >> "$GITHUB_OUTPUT" | |
- name: Create a tarball containing pg_upgrade scripts | |
run: | | |
mkdir -p /tmp/pg_upgrade_scripts | |
cp -r ansible/files/admin_api_scripts/pg_upgrade_scripts/* /tmp/pg_upgrade_scripts | |
tar -czvf /tmp/pg_upgrade_scripts.tar.gz -C /tmp/ pg_upgrade_scripts | |
- name: configure aws credentials - staging | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
role-to-assume: ${{ secrets.DEV_AWS_ROLE }} | |
aws-region: "us-east-1" | |
- name: Upload pg_upgrade scripts to s3 staging | |
run: | | |
aws s3 cp /tmp/pg_upgrade_scripts.tar.gz s3://${{ secrets.ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/pg_upgrade_scripts.tar.gz | |
- name: Slack Notification on Failure | |
if: ${{ failure() }} | |
uses: rtCamp/action-slack-notify@v2 | |
env: | |
SLACK_WEBHOOK: ${{ secrets.SLACK_NOTIFICATIONS_WEBHOOK }} | |
SLACK_USERNAME: 'gha-failures-notifier' | |
SLACK_COLOR: 'danger' | |
SLACK_MESSAGE: 'Publishing pg_upgrade scripts failed' | |
SLACK_FOOTER: '' | |
publish-prod: | |
needs: prepare | |
runs-on: ubuntu-latest | |
if: github.ref_name == 'develop' || contains( github.ref, 'release' ) | |
strategy: | |
matrix: | |
postgres_version: ${{ fromJson(needs.prepare.outputs.postgres_versions) }} | |
steps: | |
- name: Checkout Repo | |
uses: actions/checkout@v3 | |
- name: Grab release version | |
id: process_release_version | |
run: | | |
VERSION=$(sudo nix run nixpkgs#yq -- '.postgres_release["postgres'${{ matrix.postgres_version }}'"]' ansible/vars.yml) | |
VERSION=$(echo $PG_VERSION | tr -d '"') # Remove any surrounding quotes | |
echo "version=$VERSION" >> "$GITHUB_OUTPUT" | |
- name: Create a tarball containing pg_upgrade scripts | |
run: | | |
mkdir -p /tmp/pg_upgrade_scripts | |
cp -r ansible/files/admin_api_scripts/pg_upgrade_scripts/* /tmp/pg_upgrade_scripts | |
tar -czvf /tmp/pg_upgrade_scripts.tar.gz -C /tmp/ pg_upgrade_scripts | |
- name: configure aws credentials - prod | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
role-to-assume: ${{ secrets.PROD_AWS_ROLE }} | |
aws-region: "us-east-1" | |
- name: Upload pg_upgrade scripts to s3 prod | |
run: | | |
aws s3 cp /tmp/pg_upgrade_scripts.tar.gz s3://${{ secrets.PROD_ARTIFACTS_BUCKET }}/upgrades/postgres/supabase-postgres-${{ steps.process_release_version.outputs.version }}/pg_upgrade_scripts.tar.gz | |
- name: Slack Notification on Failure | |
if: ${{ failure() }} | |
uses: rtCamp/action-slack-notify@v2 | |
env: | |
SLACK_WEBHOOK: ${{ secrets.SLACK_NOTIFICATIONS_WEBHOOK }} | |
SLACK_USERNAME: 'gha-failures-notifier' | |
SLACK_COLOR: 'danger' | |
SLACK_MESSAGE: 'Publishing pg_upgrade scripts failed' | |
SLACK_FOOTER: '' |