Pcnc/revert pgsodium

.github/workflows/ami-release.yml

@@ -4,6 +4,7 @@ on:
   push:
     branches:
       - develop
+      - pcnc/revert-pgsodium 
 
 jobs:
   build:
@@ -18,30 +19,30 @@ jobs:
         run: |
           packer build -var-file="development-arm.vars.pkr.hcl" -var-file="common.vars.pkr.hcl" amazon-arm64.pkr.hcl
 
-      - name: Merging migration files
-        run: cat $(ls -1) > ../migration-output.sql
-        working-directory: ${{ github.workspace }}/migrations/db/migrations
+      # - name: Merging migration files
+      #   run: cat $(ls -1) > ../migration-output.sql
+      #   working-directory: ${{ github.workspace }}/migrations/db/migrations
 
-      - name: Push migration files to S3
-        uses: jakejarvis/s3-sync-action@master
-        with:
-          args: --delete
-        env:
-          AWS_S3_BUCKET: ${{ secrets.PG_INIT_SCRIPT_S3_BUCKET_STAGING }}
-          AWS_ACCESS_KEY_ID: ${{ secrets.PG_INIT_SCRIPT_ACCESS_KEY_ID_STAGING }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.PG_INIT_SCRIPT_SECRET_ACCESS_KEY_STAGING }}
-          AWS_REGION: ap-southeast-1
-          SOURCE_DIR: migrations/db
-          DEST_DIR: migrations/db
+      # - name: Push migration files to S3
+      #   uses: jakejarvis/s3-sync-action@master
+      #   with:
+      #     args: --delete
+      #   env:
+      #     AWS_S3_BUCKET: ${{ secrets.PG_INIT_SCRIPT_S3_BUCKET_STAGING }}
+      #     AWS_ACCESS_KEY_ID: ${{ secrets.PG_INIT_SCRIPT_ACCESS_KEY_ID_STAGING }}
+      #     AWS_SECRET_ACCESS_KEY: ${{ secrets.PG_INIT_SCRIPT_SECRET_ACCESS_KEY_STAGING }}
+      #     AWS_REGION: ap-southeast-1
+      #     SOURCE_DIR: migrations/db
+      #     DEST_DIR: migrations/db
 
-      - name: Push migration files to S3
-        uses: jakejarvis/s3-sync-action@master
-        with:
-          args: --delete
-        env:
-          AWS_S3_BUCKET: ${{ secrets.PG_INIT_SCRIPT_S3_BUCKET_PROD }}
-          AWS_ACCESS_KEY_ID: ${{ secrets.PG_INIT_SCRIPT_ACCESS_KEY_ID_PROD }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.PG_INIT_SCRIPT_SECRET_ACCESS_KEY_PROD }}
-          AWS_REGION: ap-southeast-1
-          SOURCE_DIR: migrations/db
-          DEST_DIR: migrations/db
+      # - name: Push migration files to S3
+      #   uses: jakejarvis/s3-sync-action@master
+      #   with:
+      #     args: --delete
+      #   env:
+      #     AWS_S3_BUCKET: ${{ secrets.PG_INIT_SCRIPT_S3_BUCKET_PROD }}
+      #     AWS_ACCESS_KEY_ID: ${{ secrets.PG_INIT_SCRIPT_ACCESS_KEY_ID_PROD }}
+      #     AWS_SECRET_ACCESS_KEY: ${{ secrets.PG_INIT_SCRIPT_SECRET_ACCESS_KEY_PROD }}
+      #     AWS_REGION: ap-southeast-1
+      #     SOURCE_DIR: migrations/db
+      #     DEST_DIR: migrations/db

.github/workflows/dockerhub-release.yml

@@ -4,6 +4,7 @@ on:
   push:
     branches:
       - develop
+      - pcnc/revert-pgsodium
     paths:
       - '.github/workflows/dockerhub-release.yml'
       - 'common.vars*'
@@ -35,7 +36,7 @@ jobs:
           images: |
             supabase/postgres
           tags: |
-            type=raw,value=${{ needs.settings.outputs.docker_version }}_${{ env.arch }}
+            type=raw,value=${{ needs.settings.outputs.docker_version }}
 
       - id: buildx-context
         run: |

README.md

@@ -49,8 +49,8 @@ Aside from having [ufw](https://help.ubuntu.com/community/UFW),[fail2ban](https:
 | Goodie | Version | Description |
 | ------------- | :-------------: | ------------- |
 | [PgBouncer](https://www.pgbouncer.org/) | [1.16.1](http://www.pgbouncer.org/changelog.html#pgbouncer-116x) | Set up Connection Pooling. |
-| [PostgREST](https://postgrest.org/en/stable/) | [v8.0.0](https://github.com/PostgREST/postgrest/releases/tag/v8.0.0) | Instantly transform your database into an RESTful API. |
-| [WAL-G](https://github.com/wal-g/wal-g#wal-g) | [v1.1](https://github.com/wal-g/wal-g/releases/tag/v1.1) | Tool for physical database backup and recovery. |
+| [PostgREST](https://postgrest.org/en/stable/) | [v10.1.1](https://github.com/PostgREST/postgrest/releases/tag/v10.1.1) | Instantly transform your database into an RESTful API. |
+| [WAL-G](https://github.com/wal-g/wal-g#wal-g) | [v2.0.1](https://github.com/wal-g/wal-g/releases/tag/v2.0.1) | Tool for physical database backup and recovery. |
 
 ## Install
 

ansible/tasks/internal/admin-api.yml

@@ -18,6 +18,10 @@
     - { file: "enable_walg.sh" }
     - { file: "grow_fs.sh" }
     - { file: "manage_readonly_mode.sh" }
+    - { file: "pg_upgrade_check.sh" }
+    - { file: "pg_upgrade_complete.sh" }
+    - { file: "pg_upgrade_initiate.sh" }
+    - { file: "pg_upgrade_prepare.sh" }
 
 - name: give adminapi user permissions
   copy:

ansible/vars.yml

@@ -31,7 +31,7 @@ kong_deb_checksum: sha1:2086f6ccf8454fe64435252fea4d29d736d7ec61
 nginx_release: 1.22.0
 nginx_release_checksum: sha1:419efb77b80f165666e2ee406ad8ae9b845aba93
 
-wal_g_release: "v2.0.0"
+wal_g_release: "v2.0.1"
 
 sfcgal_release: "1.3.10"
 sfcgal_release_checksum: sha1:f4add34a00afb0b5f594685fc646565a2bda259b

common.vars.pkr.hcl

@@ -1 +1 @@
-postgres-version = "15.1.0.2"
+postgres-version = "15.1.0.18"

ebssurrogate/files/apparmor_profiles/usr.bin.vector

@@ -19,6 +19,8 @@
   /run/log/journal/ r,
   /var/log/journal/** r,
   /run/systemd/notify rw,
+  /sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c r,
+  /sys/fs/cgroup/cpu,cpuacct/cpu.cfs_quota_us r,
   /sys/kernel/mm/transparent_hugepage/enabled r,
   /usr/bin/journalctl mrix,
   /usr/bin/vector mrix,