Merge branch 'main' into feat/add-pg_vim-extension

Signed-off-by: Husn E Rabbi <shussan@gmail.com>

Author: shusaan

.github/workflows/bake.yml

@@ -12,6 +12,7 @@ on:
           - pgvector
           - postgis
           - pgaudit
+          - pg-crash
           - pg_ivm
 
 defaults:
@@ -34,7 +35,7 @@ jobs:
           persist-credentials: false
 
       - name: Check for changes
-        uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
+        uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # v4.0.1
         id: filter
         with:
           filters: |
@@ -53,6 +54,9 @@ jobs:
             pgaudit:
               - 'pgaudit/**'
               - *shared
+            pg-crash:
+              - 'pg-crash/**'
+              - *shared
             pg_ivm:
               - 'pg_ivm/**'
               - *shared
@@ -65,8 +69,9 @@ jobs:
           CHANGES: ${{ steps.filter.outputs.changes }}
           # Input Extension name
           INPUT_EXTENSION_NAME: ${{ github.event.inputs.extension_name }}
+          EVENT_NAME: ${{ github.event_name }}
         run: |
-          if [[ "${{ github.event_name }}" == 'workflow_dispatch' ]]; then
+          if [[ "${EVENT_NAME}" == 'workflow_dispatch' ]]; then
             CHANGES="[\"$INPUT_EXTENSION_NAME\"]"
           fi
 

.github/workflows/bake_targets.yml

@@ -32,22 +32,22 @@ jobs:
           persist-credentials: false
 
       - name: Log in to the GitHub Container registry
-        uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3
+        uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v3
+        uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4
         with:
           platforms: 'linux/arm64'
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@8d2750c68a42422c14e847fe6c8ac0403b4cbd6f # v3
+        uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4
 
       - name: Build and push
-        uses: docker/bake-action@5be5f02ff8819ecd3092ea6b2e6261c31774f2b4 # v6
+        uses: docker/bake-action@82490499d2e5613fcead7e128237ef0b0ea210f7 # v7
         id: build
         env:
           BUILDX_METADATA_PROVENANCE: disabled
@@ -127,12 +127,12 @@ jobs:
           persist-credentials: false
 
       - name: Install Task
-        uses: go-task/setup-task@0ab1b2a65bc55236a3bc64cde78f80e20e8885c2 # v1.0.0
+        uses: go-task/setup-task@70f2430ad412f838533de8c0515c749ffb2b8bd3 # v1.1.0
 
       - name: Install Dagger
         env:
           # renovate: datasource=github-tags depName=dagger/dagger versioning=semver
-          DAGGER_VERSION: 0.19.11
+          DAGGER_VERSION: 0.20.1
         run: |
           curl -L https://dl.dagger.io/dagger/install.sh | BIN_DIR=$HOME/.local/bin sh
 
@@ -141,15 +141,20 @@ jobs:
           task e2e:setup-env
 
       - name: Generate Chainsaw testing values
+        env:
+          MATRIX_IMAGE: ${{ matrix.image }}
+          EXTENSION_NAME: ${{ inputs.extension_name }}
         run: |
-          task e2e:generate-values EXTENSION_IMAGE="${{ matrix.image }}" TARGET="${{ inputs.extension_name }}"
+          task e2e:generate-values EXTENSION_IMAGE="${MATRIX_IMAGE}" TARGET="${EXTENSION_NAME}"
 
       - name: Run e2e tests
+        env:
+          EXTENSION_NAME: ${{ inputs.extension_name }}
         run: |
           # Get Kind cluster internal kubeconfig
           task e2e:export-kubeconfig KUBECONFIG_PATH=./kubeconfig INTERNAL=true
 
-          task e2e:test TARGET="${{ inputs.extension_name }}" KUBECONFIG_PATH="./kubeconfig"
+          task e2e:test TARGET="${EXTENSION_NAME}" KUBECONFIG_PATH="./kubeconfig"
 
   copytoproduction:
     name: Copy images to production

.github/workflows/update-catalogs.yml

@@ -16,7 +16,10 @@ defaults:
 
 jobs:
   update-catalogs:
+    name: Updating catalogs
     runs-on: ubuntu-24.04
+    permissions:
+      id-token: write
     steps:
       - name: Checkout
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
@@ -33,15 +36,25 @@ jobs:
 
       - name: Update catalogs
         id: update-extension-catalogs
-        uses: dagger/dagger-for-github@d913e70051faf3b907d4dd96ef1161083c88c644 # v8.2.0
+        uses: dagger/dagger-for-github@27b130bf0f79a7f6fbbbe0fbca6760dc9bb40a77 # v8.4.1
         env:
           # renovate: datasource=github-tags depName=dagger/dagger versioning=semver
-          DAGGER_VERSION: 0.19.11
+          DAGGER_VERSION: 0.20.1
         with:
           version: ${{ env.DAGGER_VERSION }}
           verb: call
           module: ./dagger/maintenance/
-          args: generate-catalogs --catalogs-dir artifacts/image-catalogs/ export --path artifacts/image-catalogs/
+          args: generate-catalogs --catalogs-dir artifacts/image-catalogs/ export --path artifacts/image-catalogs-extensions/
+
+      - name: Install cosign
+        uses: sigstore/cosign-installer@398d4b0eeef1380460a10c8013a76f728fb906ac # v3
+
+      - name: Sign catalogs
+        run: |
+          for file in artifacts/image-catalogs-extensions/*.yaml; do
+              echo "Signing $file..."
+              cosign sign-blob "$file" --bundle "$file.sigstore.json" --yes
+          done
 
       - name: Diff
         working-directory: artifacts
@@ -54,7 +67,7 @@ jobs:
         if: github.ref == 'refs/heads/main'
         with:
           cwd: 'artifacts'
-          add: 'image-catalogs'
+          add: 'image-catalogs-extensions'
           author_name: CloudNativePG Automated Updates
           author_email: noreply@cnpg.com
           message: 'chore: update extensions imageCatalogs'

.github/workflows/update_os_libraries.yml

@@ -25,10 +25,10 @@ jobs:
 
       - name: Fetch extensions
         id: get-extensions-dagger
-        uses: dagger/dagger-for-github@d913e70051faf3b907d4dd96ef1161083c88c644 # v8.2.0
+        uses: dagger/dagger-for-github@27b130bf0f79a7f6fbbbe0fbca6760dc9bb40a77 # v8.4.1
         env:
           # renovate: datasource=github-tags depName=dagger/dagger versioning=semver
-          DAGGER_VERSION: 0.19.11
+          DAGGER_VERSION: 0.20.1
         with:
           version: ${{ env.DAGGER_VERSION }}
           verb: call
@@ -37,8 +37,10 @@ jobs:
 
       - name: Set extensions output
         id: get-extensions
+        env:
+          EXTENSIONS_OUTPUT: ${{ steps.get-extensions-dagger.outputs.output }}
         run: |
-          EXTENSIONS='${{ steps.get-extensions-dagger.outputs.output }}'
+          EXTENSIONS="${EXTENSIONS_OUTPUT}"
           echo "extensions=$(echo "$EXTENSIONS" | jq -c .)" >> $GITHUB_OUTPUT
 
   update-extension-os-libs:
@@ -54,17 +56,17 @@ jobs:
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
 
       - name: Log in to the GitHub Container registry
-        uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3
+        uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Update OS libs for ${{ matrix.extension }}
-        uses: dagger/dagger-for-github@d913e70051faf3b907d4dd96ef1161083c88c644 # v8.2.0
+        uses: dagger/dagger-for-github@27b130bf0f79a7f6fbbbe0fbca6760dc9bb40a77 # v8.4.1
         env:
           # renovate: datasource=github-tags depName=dagger/dagger versioning=semver
-          DAGGER_VERSION: 0.19.11
+          DAGGER_VERSION: 0.20.1
         with:
           version: ${{ env.DAGGER_VERSION }}
           verb: call

BUILD.md

@@ -4,6 +4,12 @@ This guide explains how to build Postgres extensions container images for
 [CloudNativePG](https://cloudnative-pg.io) locally, using
 [Docker Bake](https://docs.docker.com/build/bake/).
 
+> [!IMPORTANT]
+> If you are looking to contribute a new PostgreSQL extension to this
+> repository, please refer to the [`CONTRIBUTING_NEW_EXTENSION.md` file](CONTRIBUTING_NEW_EXTENSION.md).
+> This guide covers the entire lifecycle, from proposing the extension and
+> scaffolding the project to local validation and submitting a Pull Request.
+
 ## Prerequisites
 
 Before you begin, ensure that you have met the following
@@ -45,6 +51,8 @@ following scaffolded files:
 > [!NOTE]
 > These files are generated from generic templates and should be customized to
 > meet your extension's specific requirements.
+> For a complete walkthrough of the requirements and package discovery phase,
+> see [`CONTRIBUTING_NEW_EXTENSION.md`](./CONTRIBUTING_NEW_EXTENSION.md).
 
 ### Advanced Scaffolding
 
@@ -172,6 +180,20 @@ task e2e:setup-env
 > If changed, you must pass this variable to all subsequent tasks that interact
 > with the registry to ensure connectivity.
 
+#### Configuring credentials for private registries
+
+If you need to pull images from a private registry during testing, you can
+configure authentication credentials when setting up the environment:
+
+```bash
+REGISTRY_PASSWORD="your-password" task e2e:setup-env \
+  REGISTRY_HOST="registry.example.com" \
+  REGISTRY_USERNAME="your-username"
+```
+
+These credentials are configured at the kubelet level, allowing pods to pull
+images from the private registry without requiring ImagePullSecrets.
+
 ### Get access to the cluster
 
 To interact with the cluster via `kubectl` from your local terminal:
@@ -218,6 +240,18 @@ the E2E tests:
 task e2e:generate-values TARGET="<extension>" EXTENSION_IMAGE="<my-local-image>"
 ```
 
+#### Using private registries
+
+If your extension image is hosted in a private registry, you can provide authentication
+credentials when generating test values:
+
+```bash
+REGISTRY_PASSWORD="your-password" task generate-values \
+  TARGET="<extension>" \
+  EXTENSION_IMAGE="<my-private-registry>/image:tag" \
+  REGISTRY_USERNAME="your-username"
+```
+
 ### Execute End-to-End tests
 
 Run the test suite using the internal Kubeconfig. This executes both the
@@ -228,6 +262,15 @@ generic tests (global `/test` folder) and extension-specific tests (target
 task e2e:test TARGET="<extension>" KUBECONFIG_PATH="./kubeconfig"
 ```
 
+#### Pass arguments to chainsaw test
+
+It is possible to pass arguments to the [Chainsaw test command](https://kyverno.github.io/chainsaw/latest/reference/commands/chainsaw_test/) by using the `EXTRA_ARGS` 
+argument, like:
+
+```bash
+task e2e:test TARGET="pgvector" KUBECONFIG_PATH="./kubeconfig" EXTRA_ARGS="--skip-delete,--fail-fast"
+```
+
 ---
 
 ### Tear down the local test environment

CONTRIBUTING.md

@@ -0,0 +1,25 @@
+# Contributing to CloudNativePG
+
+Thank you for your interest in contributing! 💖
+
+To ensure consistency across the project, all CloudNativePG repositories follow
+a common set of guidelines regarding code of conduct, AI usage, and
+contribution workflows.
+
+Please review the [CloudNativePG Project contributing guidelines](https://github.com/cloudnative-pg/governance/blob/main/CONTRIBUTING.md)
+before searching for issues, reporting bugs, or submitting a pull request.
+
+## Adding a New Extension
+
+This repository is specifically designed for the lifecycle of PostgreSQL
+extension container images. If you are looking to add a new extension, we have
+a dedicated guide that covers everything from environment setup and package
+discovery to local testing and submission:
+
+- [Guide to adding a new extension: `CONTRIBUTING_NEW_EXTENSION.md`](CONTRIBUTING_NEW_EXTENSION.md)
+
+## Development Environment
+
+If you are working on the build system or testing framework itself, please
+refer to [BUILD.md](./BUILD.md) for technical details on how Dagger and Task are
+used to manage the pipeline.