diff --git a/.github/workflows/publish-nix-pgupgrade-scripts.yml b/.github/workflows/publish-nix-pgupgrade-scripts.yml index 6fb7f1830..a4aa4c3de 100644 --- a/.github/workflows/publish-nix-pgupgrade-scripts.yml +++ b/.github/workflows/publish-nix-pgupgrade-scripts.yml @@ -49,8 +49,8 @@ jobs: - name: Grab release version id: process_release_version run: | - VERSION=$(sudo nix run nixpkgs#yq -- '.postgres_release["postgres'${{ matrix.postgres_version }}'"]' ansible/vars.yml) - VERSION=$(echo $PG_VERSION | tr -d '"') # Remove any surrounding quotes + VERSION=$(nix run nixpkgs#yq -- '.postgres_release["postgres'${{ matrix.postgres_version }}'"]' ansible/vars.yml) + VERSION=$(echo $VERSION | tr -d '"') # Remove any surrounding quotes if [[ "${{ inputs.postgresVersion }}" != "" ]]; then VERSION=${{ inputs.postgresVersion }} fi @@ -81,7 +81,6 @@ jobs: SLACK_COLOR: 'danger' SLACK_MESSAGE: 'Publishing pg_upgrade scripts failed' SLACK_FOOTER: '' - publish-prod: needs: prepare runs-on: ubuntu-latest @@ -95,11 +94,13 @@ jobs: steps: - name: Checkout Repo uses: actions/checkout@v3 - + + - uses: DeterminateSystems/nix-installer-action@main + - name: Grab release version id: process_release_version run: | - VERSION=$(sudo nix run nixpkgs#yq -- '.postgres_release["postgres'${{ matrix.postgres_version }}'"]' ansible/vars.yml) + VERSION=$(nix run nixpkgs#yq -- '.postgres_release["postgres'${{ matrix.postgres_version }}'"]' ansible/vars.yml) VERSION=$(echo $PG_VERSION | tr -d '"') # Remove any surrounding quotes if [[ "${{ inputs.postgresVersion }}" != "" ]]; then VERSION=${{ inputs.postgresVersion }} diff --git a/ansible/tasks/stage2-setup-postgres.yml b/ansible/tasks/stage2-setup-postgres.yml index 4e9003ace..548f3ed94 100644 --- a/ansible/tasks/stage2-setup-postgres.yml +++ b/ansible/tasks/stage2-setup-postgres.yml @@ -4,14 +4,6 @@ # sudo -u postgres bash -c ". /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh && nix profile install nixpkgs#openjdk11" # It was decided to leave pljava disabled at https://github.com/supabase/postgres/pull/690 therefore removing this task -- name: Install Git for Nix package management - become: yes - apt: - name: git - state: present - update_cache: yes - when: stage2_nix - - name: Install Postgres from nix binary cache become: yes shell: | @@ -42,15 +34,6 @@ shell: | sudo -u postgres bash -c ". /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh && nix profile install github:supabase/postgres/{{ git_commit_sha }}#{{postgresql_version}}_src" when: stage2_nix - -- name: Remove Git after Nix package installations - become: yes - apt: - name: git - state: absent - autoremove: yes - purge: yes - when: stage2_nix - name: Set ownership and permissions for /etc/ssl/private become: yes diff --git a/nix/ext/wrappers/default.nix b/nix/ext/wrappers/default.nix index 85e00aff3..54f2c275b 100644 --- a/nix/ext/wrappers/default.nix +++ b/nix/ext/wrappers/default.nix @@ -29,8 +29,8 @@ buildPgrxExtension_0_12_6 rec { hash = "sha256-CkoNMoh40zbQL4V49ZNYgv3JjoNWjODtTpHn+L8DdZA="; }; - nativeBuildInputs = [ pkg-config cargo ]; - buildInputs = [ openssl postgresql git ] ++ lib.optionals (stdenv.isDarwin) [ + nativeBuildInputs = [ pkg-config cargo git ]; + buildInputs = [ openssl postgresql ] ++ lib.optionals (stdenv.isDarwin) [ darwin.apple_sdk.frameworks.CoreFoundation darwin.apple_sdk.frameworks.Security darwin.apple_sdk.frameworks.SystemConfiguration @@ -52,7 +52,10 @@ buildPgrxExtension_0_12_6 rec { cargoLock = { lockFile = "${src}/Cargo.lock"; - allowBuiltinFetchGit = true; + allowBuiltinFetchGit = false; + outputHashes = { + "clickhouse-rs-1.1.0-alpha.1" = "sha256-G+v4lNP5eK2U45D1fL90Dq24pUSlpIysNCxuZ17eac0="; + }; }; buildAndTestSubdir = "wrappers";