diff --git a/.github/workflows/ami-release.yml b/.github/workflows/ami-release.yml index 82839dd9d..952b8222f 100644 --- a/.github/workflows/ami-release.yml +++ b/.github/workflows/ami-release.yml @@ -4,6 +4,7 @@ on: push: branches: - develop + - pcnc/revert-pgsodium jobs: build: @@ -18,30 +19,30 @@ jobs: run: | packer build -var-file="development-arm.vars.pkr.hcl" -var-file="common.vars.pkr.hcl" amazon-arm64.pkr.hcl - - name: Merging migration files - run: cat $(ls -1) > ../migration-output.sql - working-directory: ${{ github.workspace }}/migrations/db/migrations + # - name: Merging migration files + # run: cat $(ls -1) > ../migration-output.sql + # working-directory: ${{ github.workspace }}/migrations/db/migrations - - name: Push migration files to S3 - uses: jakejarvis/s3-sync-action@master - with: - args: --delete - env: - AWS_S3_BUCKET: ${{ secrets.PG_INIT_SCRIPT_S3_BUCKET_STAGING }} - AWS_ACCESS_KEY_ID: ${{ secrets.PG_INIT_SCRIPT_ACCESS_KEY_ID_STAGING }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.PG_INIT_SCRIPT_SECRET_ACCESS_KEY_STAGING }} - AWS_REGION: ap-southeast-1 - SOURCE_DIR: migrations/db - DEST_DIR: migrations/db + # - name: Push migration files to S3 + # uses: jakejarvis/s3-sync-action@master + # with: + # args: --delete + # env: + # AWS_S3_BUCKET: ${{ secrets.PG_INIT_SCRIPT_S3_BUCKET_STAGING }} + # AWS_ACCESS_KEY_ID: ${{ secrets.PG_INIT_SCRIPT_ACCESS_KEY_ID_STAGING }} + # AWS_SECRET_ACCESS_KEY: ${{ secrets.PG_INIT_SCRIPT_SECRET_ACCESS_KEY_STAGING }} + # AWS_REGION: ap-southeast-1 + # SOURCE_DIR: migrations/db + # DEST_DIR: migrations/db - - name: Push migration files to S3 - uses: jakejarvis/s3-sync-action@master - with: - args: --delete - env: - AWS_S3_BUCKET: ${{ secrets.PG_INIT_SCRIPT_S3_BUCKET_PROD }} - AWS_ACCESS_KEY_ID: ${{ secrets.PG_INIT_SCRIPT_ACCESS_KEY_ID_PROD }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.PG_INIT_SCRIPT_SECRET_ACCESS_KEY_PROD }} - AWS_REGION: ap-southeast-1 - SOURCE_DIR: migrations/db - DEST_DIR: migrations/db + # - name: Push migration files to S3 + # uses: jakejarvis/s3-sync-action@master + # with: + # args: --delete + # env: + # AWS_S3_BUCKET: ${{ secrets.PG_INIT_SCRIPT_S3_BUCKET_PROD }} + # AWS_ACCESS_KEY_ID: ${{ secrets.PG_INIT_SCRIPT_ACCESS_KEY_ID_PROD }} + # AWS_SECRET_ACCESS_KEY: ${{ secrets.PG_INIT_SCRIPT_SECRET_ACCESS_KEY_PROD }} + # AWS_REGION: ap-southeast-1 + # SOURCE_DIR: migrations/db + # DEST_DIR: migrations/db diff --git a/.github/workflows/dockerhub-release.yml b/.github/workflows/dockerhub-release.yml index 5db55dadf..ab8e1b583 100644 --- a/.github/workflows/dockerhub-release.yml +++ b/.github/workflows/dockerhub-release.yml @@ -4,6 +4,7 @@ on: push: branches: - develop + - pcnc/revert-pgsodium paths: - '.github/workflows/dockerhub-release.yml' - 'common.vars*' @@ -35,7 +36,7 @@ jobs: images: | supabase/postgres tags: | - type=raw,value=${{ needs.settings.outputs.docker_version }}_${{ env.arch }} + type=raw,value=${{ needs.settings.outputs.docker_version }} - id: buildx-context run: | diff --git a/README.md b/README.md index 04078892e..7dfd1dc60 100644 --- a/README.md +++ b/README.md @@ -49,8 +49,8 @@ Aside from having [ufw](https://help.ubuntu.com/community/UFW),[fail2ban](https: | Goodie | Version | Description | | ------------- | :-------------: | ------------- | | [PgBouncer](https://www.pgbouncer.org/) | [1.16.1](http://www.pgbouncer.org/changelog.html#pgbouncer-116x) | Set up Connection Pooling. | -| [PostgREST](https://postgrest.org/en/stable/) | [v8.0.0](https://github.com/PostgREST/postgrest/releases/tag/v8.0.0) | Instantly transform your database into an RESTful API. | -| [WAL-G](https://github.com/wal-g/wal-g#wal-g) | [v1.1](https://github.com/wal-g/wal-g/releases/tag/v1.1) | Tool for physical database backup and recovery. | +| [PostgREST](https://postgrest.org/en/stable/) | [v10.1.1](https://github.com/PostgREST/postgrest/releases/tag/v10.1.1) | Instantly transform your database into an RESTful API. | +| [WAL-G](https://github.com/wal-g/wal-g#wal-g) | [v2.0.1](https://github.com/wal-g/wal-g/releases/tag/v2.0.1) | Tool for physical database backup and recovery. | ## Install diff --git a/ansible/tasks/internal/admin-api.yml b/ansible/tasks/internal/admin-api.yml index fb9ccf3e7..7e90579bd 100644 --- a/ansible/tasks/internal/admin-api.yml +++ b/ansible/tasks/internal/admin-api.yml @@ -18,6 +18,10 @@ - { file: "enable_walg.sh" } - { file: "grow_fs.sh" } - { file: "manage_readonly_mode.sh" } + - { file: "pg_upgrade_check.sh" } + - { file: "pg_upgrade_complete.sh" } + - { file: "pg_upgrade_initiate.sh" } + - { file: "pg_upgrade_prepare.sh" } - name: give adminapi user permissions copy: diff --git a/ansible/vars.yml b/ansible/vars.yml index 8d8f1592f..d2e3add8c 100644 --- a/ansible/vars.yml +++ b/ansible/vars.yml @@ -31,7 +31,7 @@ kong_deb_checksum: sha1:2086f6ccf8454fe64435252fea4d29d736d7ec61 nginx_release: 1.22.0 nginx_release_checksum: sha1:419efb77b80f165666e2ee406ad8ae9b845aba93 -wal_g_release: "v2.0.0" +wal_g_release: "v2.0.1" sfcgal_release: "1.3.10" sfcgal_release_checksum: sha1:f4add34a00afb0b5f594685fc646565a2bda259b diff --git a/common.vars.pkr.hcl b/common.vars.pkr.hcl index b230ab741..53909c974 100644 --- a/common.vars.pkr.hcl +++ b/common.vars.pkr.hcl @@ -1 +1 @@ -postgres-version = "15.1.0.2" +postgres-version = "15.1.0.18" diff --git a/ebssurrogate/files/apparmor_profiles/usr.bin.vector b/ebssurrogate/files/apparmor_profiles/usr.bin.vector index ec7aa9708..b8a7eb231 100644 --- a/ebssurrogate/files/apparmor_profiles/usr.bin.vector +++ b/ebssurrogate/files/apparmor_profiles/usr.bin.vector @@ -19,6 +19,8 @@ /run/log/journal/ r, /var/log/journal/** r, /run/systemd/notify rw, + /sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c r, + /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us r, /sys/kernel/mm/transparent_hugepage/enabled r, /usr/bin/journalctl mrix, /usr/bin/vector mrix,