GQAdonis
diff --git a/‎.github/workflows/nix-build.yml
Lines changed: 33 additions & 13 deletions b/‎.github/workflows/nix-build.yml
Lines changed: 33 additions & 13 deletions
diff --git a/‎.github/workflows/nix-cache-upload.yml
Lines changed: 7 additions & 1 deletion b/‎.github/workflows/nix-cache-upload.yml
Lines changed: 7 additions & 1 deletion
diff --git a/‎.github/workflows/nix-docker-image.yml
Lines changed: 0 additions & 41 deletions b/‎.github/workflows/nix-docker-image.yml
Lines changed: 0 additions & 41 deletions
diff --git a/‎.gitignore
Lines changed: 2 additions & 0 deletions b/‎.gitignore
Lines changed: 2 additions & 0 deletions
diff --git a/‎docker/nix/Dockerfile
Lines changed: 18 additions & 0 deletions b/‎docker/nix/Dockerfile
Lines changed: 18 additions & 0 deletions
diff --git a/‎docker/nix/build.sh
Lines changed: 11 additions & 0 deletions b/‎docker/nix/build.sh
Lines changed: 11 additions & 0 deletions
diff --git a/‎flake.lock
Lines changed: 3 additions & 3 deletions b/‎flake.lock
Lines changed: 3 additions & 3 deletions
diff --git a/‎flake.nix
Lines changed: 9 additions & 9 deletions b/‎flake.nix
Lines changed: 9 additions & 9 deletions
diff --git a/‎nix/ext/pg_graphql.nix
Lines changed: 9 additions & 5 deletions b/‎nix/ext/pg_graphql.nix
Lines changed: 9 additions & 5 deletions
diff --git a/‎nix/ext/pg_jsonschema.nix
Lines changed: 10 additions & 5 deletions b/‎nix/ext/pg_jsonschema.nix
Lines changed: 10 additions & 5 deletions
@@ -3,24 +3,44 @@ name: Nix CI
 on:
   push:
     branches:
-      - main
+      - develop
   pull_request:
 
-permissions: read-all
+permissions:
+  contents: read
+  id-token: write    
+    
 jobs:
-  build:
+  build-run-image:
     strategy:
       fail-fast: false
       matrix:
-        os: [ ubuntu-latest ]
-        cmd: [ "nix flake check -L --show-trace", "nix build .#psql_15/bin .#psql_15/docker"]
-    runs-on: ${{ matrix.os }}
-    name: nix-build
+        include:
+          - runner: larger-runner-4cpu
+            arch: amd64
+          - runner: arm-runner
+            arch: arm64
+    runs-on: ${{ matrix.runner }}
+
     steps:
-      - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
+
+      - name: Check out code
+        uses: actions/checkout@v3
+      - name: aws-creds
+        uses: aws-actions/configure-aws-credentials@v4
         with:
-          fetch-depth: 0
-      - uses: DeterminateSystems/nix-installer-action@65d7c888b2778e8cf30a07a88422ccb23499bfb8
-      - uses: DeterminateSystems/magic-nix-cache-action@749fc5bbc9fa49d60c2b93f6c4bc867b82e1d295
-      - run: ${{ matrix.cmd }}
+          role-to-assume: ${{ secrets.DEV_AWS_ROLE }}
+          aws-region: "us-east-1"
+          output-credentials: true
+      - name: write secret key
+        # use python so we don't interpolate the secret into the workflow logs, in case of bugs
+        run: |
+          python -c "import os; file = open('nix-secret-key', 'w'); file.write(os.environ['NIX_SIGN_SECRET_KEY']); file.close()"
+        env:
+          NIX_SIGN_SECRET_KEY: ${{ secrets.NIX_SIGN_SECRET_KEY }}
+  
+      - name: Build docker images
+        run: docker build -t base_nix -f docker/nix/Dockerfile .
+      - name: Run build psql bundle
+        run:  docker run -e AWS_ACCESS_KEY_ID=${{ env.AWS_ACCESS_KEY_ID }} -e AWS_SECRET_ACCESS_KEY=${{ env.AWS_SECRET_ACCESS_KEY }} -e AWS_SESSION_TOKEN=${{ env.AWS_SESSION_TOKEN }} base_nix bash -c "./workspace/docker/nix/build.sh"
+    name: build psql bundle on ${{ matrix.arch }}
@@ -14,7 +14,13 @@ jobs:
   build:
     strategy:
       fail-fast: false
-    runs-on: ubuntu-latest
+      matrix:
+        include:
+          - runner: [self-hosted, X64]
+            arch: amd64
+          - runner: arm-runner
+            arch: arm64
+    runs-on: ${{ matrix.runner }}
     name: nix-build
     steps:
       - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
 
@@ -13,3 +13,5 @@ __pycache__/
 
 #nix related
 result*
+.env-local
+.history
@@ -0,0 +1,18 @@
+FROM nixpkgs/nix-flakes
+
+RUN echo "substituters = https://cache.nixos.org https://nix-postgres-artifacts.s3.amazonaws.com" >> /etc/nix/nix.conf
+
+RUN echo "trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= nix-postgres-artifacts:dGZlQOvKcNEjvT7QEAJbcV6b6uk7VF/hWMjhYleiaLI=%" >> /etc/nix/nix.conf
+
+
+USER $USER
+
+RUN mkdir -p /workspace
+
+COPY ./ /workspace
+
+RUN chmod +x /workspace/docker/nix/build.sh
+
+RUN chown -R $USER:$USER /workspace
+
+
@@ -0,0 +1,11 @@
+#!/bin/env bash
+set -eou pipefail
+
+nix --version
+cd /workspace
+nix build .#psql_15/bin -o psql_15
+nix build .#psql_15/docker
+nix flake check -L --all-systems
+nix copy --to s3://nix-postgres-artifacts?secret-key=nix-secret-key ./psql_15
+
+#a future step nix run .#psql_15/docker.copyToRegistry 
@@ -60,9 +60,8 @@
             # pull them from the overlays/ directory automatically, but we don't
             # want to have an arbitrary order, since it might matter. being
             # explicit is better.
-            (import ./nix/overlays/cargo-pgrx.nix)
-            (import ./nix/overlays/cargo-pgrx-0-10-2.nix)
-            (import ./nix/overlays/gdal-small.nix)
+            (import ./nix/overlays/cargo-pgrx-0-11-3.nix)
+            #(import ./nix/overlays/gdal-small.nix)
 
           ];
         };
@@ -89,6 +88,7 @@
         # may also bring in new versions of the extensions.
         psqlExtensions = [
           /* pljava */
+          "postgis"
         ];
 
         #FIXME for now, timescaledb is not included in the orioledb version of supabase extensions, as there is an issue
@@ -118,7 +118,7 @@
           ./nix/ext/plpgsql-check.nix
           ./nix/ext/pgjwt.nix
           ./nix/ext/pgaudit.nix
-          ./nix/ext/postgis.nix
+          #./nix/ext/postgis.nix
           ./nix/ext/pgrouting.nix
           ./nix/ext/pgtap.nix
           ./nix/ext/pg_cron.nix
@@ -313,7 +313,7 @@
             '';
           in
           nix2img.buildImage {
-            name = "postgresql-${version}";
+            name = "nix-experimental-postgresql-${version}-${system}";
             tag = "latest";
 
             nixUid = l.toInt uid;
@@ -469,8 +469,8 @@
               --subst-var-by 'YQ' '${pkgs.yq}/bin/yq' \
               --subst-var-by 'JQ' '${pkgs.jq}/bin/jq' \
               --subst-var-by 'NIX_EDITOR' '${nix-editor.packages.${system}.nix-editor}/bin/nix-editor' \
-              --subst-var-by 'NIXPREFETCHURL' '${pkgs.nixVersions.nix_2_14}/bin/nix-prefetch-url' \
-              --subst-var-by 'NIX' '${pkgs.nixVersions.nix_2_14}/bin/nix' 
+              --subst-var-by 'NIXPREFETCHURL' '${pkgs.nixVersions.nix_2_20}/bin/nix-prefetch-url' \
+              --subst-var-by 'NIX' '${pkgs.nixVersions.nix_2_20}/bin/nix' 
             chmod +x $out/bin/sync-exts-versions
           '';
         };
@@ -513,8 +513,8 @@
           # Any extra packages we might want to include in our package
           # set can go here.
           inherit (pkgs)
-            # NOTE: comes from our cargo-pgrx.nix overlay
-            cargo-pgrx_0_11_0 cargo-pgrx_0_10_2;
+            # NOTE: comes from our cargo-pgrx-0-11-3.nix overlay
+            cargo-pgrx_0_11_3;
 
         };
 
 
@@ -1,18 +1,22 @@
-{ lib, stdenv, fetchFromGitHub, postgresql, buildPgrxExtension }:
+{ lib, stdenv, fetchFromGitHub, postgresql, buildPgrxExtension_0_11_3, cargo }:
 
-buildPgrxExtension rec {
+buildPgrxExtension_0_11_3 rec {
   pname = "pg_graphql";
-  version = "1.5.1";
+  version = "1.5.2";
   inherit postgresql;
 
   src = fetchFromGitHub {
     owner = "supabase";
     repo = pname;
     rev = "v${version}";
-    hash = "sha256-cAiD2iSFmZwC+Zy0x+MABseWCxXRtRY74Dj0oBKet+o=";
+    hash = "sha256-npza6cGKyUyufabaUcGzV3knNa7vhR+xbZeaZy5CJ8c= ";
   };
 
-  cargoHash = "sha256-BOw4SafWD8z2Oj8KPVv7GQEOQ1TCShhcG7XmQiM9W68=";
+  nativeBuildInputs = [ cargo ];
+  
+  CARGO="${cargo}/bin/cargo";
+  
+  cargoHash = "sha256-9XyUJsYptP0KanMJDAzQ4rFSN1vqZnyUdFBPQf6ryS4=";
 
   # FIXME (aseipp): disable the tests since they try to install .control
   # files into the wrong spot, aside from that the one main test seems
 
@@ -1,18 +1,23 @@
-{ lib, stdenv, fetchFromGitHub, postgresql, buildPgrxExtension_0_10_2 }:
+{ lib, stdenv, fetchFromGitHub, postgresql, buildPgrxExtension_0_11_3, cargo }:
 
-buildPgrxExtension_0_10_2 rec {
+buildPgrxExtension_0_11_3 rec {
   pname = "pg_jsonschema";
-  version = "0.2.0";
+  version = "0.3.1";
   inherit postgresql;
 
   src = fetchFromGitHub {
     owner = "supabase";
     repo = pname;
     rev = "v${version}";
-    hash = "sha256-57gZbUVi8P4EB8T0P19JBVXcetQcr6IxuIx96NNFA/0=";
+    hash = "sha256-YdKpOEiDIz60xE7C+EzpYjBcH0HabnDbtZl23CYls6g=";
   };
 
-  cargoHash = "sha256-XMKZUdubCwPDnrv6yao7GaavoRK6cVyy1WqFBQ6wh3s=";
+  nativeBuildInputs = [ cargo ];
+  
+  CARGO="${cargo}/bin/cargo";
+
+
+  cargoHash = "sha256-VcS+efMDppofuFW2zNrhhsbC28By3lYekDFquHPta2g=";
 
   # FIXME (aseipp): testsuite tries to write files into /nix/store; we'll have
   # to fix this a bit later.