postgres/.github/workflows/base-image-nightly.yml at develop · supabase/postgres · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
name: Build Base Image Nightly

on:
  #schedule:
  #  - cron: '0 2 * * *'  # 2 AM UTC daily
  workflow_dispatch:
    inputs:
      branch:
        description: 'Branch to build from'
        required: false
        default: 'develop'
        type: string

permissions:
  contents: read
  id-token: write

jobs:
  build-base-image:
    runs-on: blacksmith-4vcpu-ubuntu-2404-arm
    timeout-minutes: 150

    steps:
      - name: Checkout Repo
        uses: supabase/postgres/.github/actions/shared-checkout@HEAD
        with:
          ref: ${{ github.event.inputs.branch || 'develop' }}

      - name: Install nix (ephemeral)
        uses: ./.github/actions/nix-install-ephemeral
        with:
          push-to-cache: 'true'
        env:
          DEV_AWS_ROLE: ${{ secrets.DEV_AWS_ROLE }}
          NIX_SIGN_SECRET_KEY: ${{ secrets.NIX_SIGN_SECRET_KEY }}

      - name: Set execution ID and timestamp
        run: |
          echo "EXECUTION_ID=${{ github.run_id }}-base-nightly" >> $GITHUB_ENV
          echo "BUILD_TIMESTAMP=$(date -u +%Y%m%d-%H%M%S)" >> $GITHUB_ENV

      - name: Build base stage 1 AMI
        env:
          AWS_MAX_ATTEMPTS: 10
          AWS_RETRY_MODE: adaptive
        run: |
          GIT_SHA=${{ github.sha }}
          nix run github:supabase/postgres/${GIT_SHA}#packer -- init amazon-arm64-nix.pkr.hcl
          nix run github:supabase/postgres/${GIT_SHA}#packer -- build \
            -var "git-head-version=${GIT_SHA}" \
            -var "packer-execution-id=${EXECUTION_ID}" \
            -var-file="development-arm.vars.pkr.hcl" \
            -var "base-image-nightly=true" \
            -var "build-timestamp=${BUILD_TIMESTAMP}" \
            -var "region=us-east-1" \
            -var 'ami_regions=["us-east-1","ap-southeast-1"]' \
            amazon-arm64-nix.pkr.hcl

      - name: Slack Notification on Failure
        if: ${{ failure() }}
        uses: rtCamp/action-slack-notify@e31e87e03dd19038e411e38ae27cbad084a90661 # v2.3.3
        env:
          SLACK_WEBHOOK: ${{ secrets.SLACK_NOTIFICATIONS_WEBHOOK }}
          SLACK_USERNAME: 'gha-failures-notifier'
          SLACK_COLOR: 'danger'
          SLACK_MESSAGE: 'Building base image nightly failed'
          SLACK_FOOTER: ''

      - name: Cleanup resources after build
        if: ${{ always() }}
        run: |
          aws ec2 --region us-east-1 describe-instances --filters "Name=tag:packerExecutionId,Values=${EXECUTION_ID}" --query "Reservations[].Instances[].InstanceId" --output text | xargs -r aws ec2 terminate-instances --region us-east-1 --instance-ids

      - name: Cleanup resources on build cancellation
        if: ${{ cancelled() }}
        run: |
          aws ec2 --region us-east-1 describe-instances --filters "Name=tag:packerExecutionId,Values=${EXECUTION_ID}" --query "Reservations[].Instances[].InstanceId" --output text | xargs -r aws ec2 terminate-instances --region us-east-1 --instance-ids