feat: refactored dockerfile, tests

Author: samrose

Dockerfile-multigres

@@ -153,6 +153,7 @@ COPY --chown=postgres:postgres ansible/files/postgresql_config/supautils.conf.j2
 COPY --chown=postgres:postgres ansible/files/postgresql_extension_custom_scripts /etc/postgresql-custom/extension-custom-scripts
 COPY --chown=postgres:postgres ansible/files/postgresql_config/custom_walg.conf /etc/postgresql-custom/wal-g.conf
 COPY --chown=postgres:postgres ansible/files/postgresql_config/custom_read_replica.conf /etc/postgresql-custom/read-replica.conf
+COPY --chown=postgres:postgres ansible/files/pgsodium_getkey_urandom.sh.j2 /usr/lib/postgresql/bin/pgsodium_getkey.sh
 
 # Apply settings shared by all variants:
 #   - enable unix socket, session preload, config includes
@@ -167,7 +168,12 @@ RUN sed -i \
     -e "s/ pgsodium,//g" \
     -e "s/db_user_namespace = off/#db_user_namespace = off/g" \
     /etc/postgresql/postgresql.conf && \
-    chown -R postgres:postgres /etc/postgresql-custom
+    echo "pgsodium.getkey_script= '/usr/lib/postgresql/bin/pgsodium_getkey.sh'" >> /etc/postgresql/postgresql.conf && \
+    echo "vault.getkey_script= '/usr/lib/postgresql/bin/pgsodium_getkey.sh'" >> /etc/postgresql/postgresql.conf && \
+    chown -R postgres:postgres /etc/postgresql-custom && \
+    mkdir -p /usr/share/postgresql/extension/ && \
+    ln -s /usr/lib/postgresql/bin/pgsodium_getkey.sh /usr/share/postgresql/extension/pgsodium_getkey && \
+    chmod +x /usr/lib/postgresql/bin/pgsodium_getkey.sh
 
 COPY migrations/db /docker-entrypoint-initdb.d/
 COPY ansible/files/pgbouncer_config/pgbouncer_auth_schema.sql /docker-entrypoint-initdb.d/init-scripts/00-schema.sql

nix/checks.nix

@@ -107,6 +107,8 @@
                   "5539"
                 else if (majorVersion == "orioledb-17" && isSlim) then
                   "5540"
+                else if (majorVersion == "17" && isCliVariant) then
+                  "5541"
                 else if (majorVersion == "17") then
                   "5535"
                 else if (majorVersion == "15") then

nix/packages/docker-image-test.nix

@@ -108,7 +108,7 @@ writeShellApplication {
         "index_advisor"
     )
 
-    # Tests to skip for multigres images (pgsodium requires getkey script not present in multigres)
+    # Tests to skip for multigres images (pgsodium not installed; vault has z_multigres-17_ variant)
     MULTIGRES_SKIP_TESTS=(
         "pgsodium"
         "vault"
@@ -136,6 +136,17 @@ writeShellApplication {
             fi
         done
 
+        # Build list of multigres-17-specific test basenames
+        local multigres_17_variants=()
+        for f in "$TESTS_SQL_DIR"/z_multigres-17_*.sql; do
+            if [[ -f "$f" ]]; then
+                local variant_name
+                variant_name=$(basename "$f" .sql)
+                local base_name="''${variant_name#z_multigres-17_}"
+                multigres_17_variants+=("$base_name")
+            fi
+        done
+
         # Build list of multigres-orioledb-17-specific test basenames
         local multigres_orioledb_variants=()
         for f in "$TESTS_SQL_DIR"/z_multigres-orioledb-17_*.sql; do
@@ -192,7 +203,7 @@ writeShellApplication {
                     multigres-orioledb-17) [[ "$_basename" == z_multigres-orioledb-17_* ]] && tests+=("$_basename") ;;
                 esac
             else
-                # For orioledb-like versions, use z_ variants where they exist instead of the base test
+                # For variant versions, use z_ overrides where they exist instead of the base test
                 if [[ "$version" == "orioledb-17" ]]; then
                     local has_variant=false
                     for variant in "''${orioledb_variants[@]}"; do
@@ -204,6 +215,17 @@ writeShellApplication {
                     if [[ "$has_variant" == "false" ]]; then
                         tests+=("$_basename")
                     fi
+                elif [[ "$version" == "multigres-17" ]]; then
+                    local has_variant=false
+                    for variant in "''${multigres_17_variants[@]}"; do
+                        if [[ "$_basename" == "$variant" ]]; then
+                            has_variant=true
+                            break
+                        fi
+                    done
+                    if [[ "$has_variant" == "false" ]]; then
+                        tests+=("$_basename")
+                    fi
                 elif [[ "$version" == "multigres-orioledb-17" ]]; then
                     local has_variant=false
                     for variant in "''${multigres_orioledb_variants[@]}"; do
@@ -277,22 +299,21 @@ writeShellApplication {
 
         log_info "Multigres: initializing PostgreSQL cluster..."
         docker exec -u postgres "$container" \
-            initdb \
-            -D /var/lib/postgresql/data \
-            --allow-group-access \
-            --locale-provider=icu \
-            --encoding=UTF-8 \
-            --icu-locale=en_US.UTF-8
+            bash -c "echo '$POSTGRES_PASSWORD' > /tmp/pgpwfile && \
+                initdb \
+                    -D /var/lib/postgresql/data \
+                    --username=supabase_admin \
+                    --pwfile=/tmp/pgpwfile \
+                    --allow-group-access \
+                    --locale-provider=icu \
+                    --encoding=UTF-8 \
+                    --icu-locale=en_US.UTF-8 && \
+                rm /tmp/pgpwfile"
 
         log_info "Multigres: starting PostgreSQL (config at /etc/postgresql)..."
         docker exec -u postgres "$container" \
             pg_ctl start -D /etc/postgresql -w -t 60
 
-        log_info "Multigres: bootstrapping supabase_admin role..."
-        docker exec -u postgres "$container" \
-            psql -U postgres -d postgres \
-            -c "CREATE ROLE supabase_admin WITH SUPERUSER LOGIN PASSWORD '$POSTGRES_PASSWORD'; ALTER DATABASE postgres OWNER TO supabase_admin;"
-
         log_info "Multigres: running schema migrations..."
         docker exec \
             -e POSTGRES_PASSWORD="$POSTGRES_PASSWORD" \

nix/tests/expected/z_multigres-17_evtrigs.out

@@ -0,0 +1,27 @@
+select
+  e.evtname,
+  e.evtowner::regrole as evtowner,
+  n_func.nspname as evtfunction_schema,
+  e.evtfoid::regproc as evtfunction,
+  p.proowner::regrole as function_owner
+from pg_event_trigger e
+join pg_proc p
+  on e.evtfoid = p.oid
+join pg_namespace n_func
+  on p.pronamespace = n_func.oid
+where p.prorettype = 'event_trigger'::regtype;
+                evtname                 |    evtowner    | evtfunction_schema |            evtfunction             | function_owner 
+----------------------------------------+----------------+--------------------+------------------------------------+----------------
+ issue_pg_graphql_access                | supabase_admin | extensions         | grant_pg_graphql_access            | supabase_admin
+ issue_graphql_placeholder              | supabase_admin | extensions         | set_graphql_placeholder            | supabase_admin
+ pgrst_ddl_watch                        | supabase_admin | extensions         | pgrst_ddl_watch                    | supabase_admin
+ pgrst_drop_watch                       | supabase_admin | extensions         | pgrst_drop_watch                   | supabase_admin
+ graphql_watch_ddl                      | supabase_admin | graphql            | graphql.increment_schema_version   | supabase_admin
+ graphql_watch_drop                     | supabase_admin | graphql            | graphql.increment_schema_version   | supabase_admin
+ issue_pg_cron_access                   | supabase_admin | extensions         | grant_pg_cron_access               | supabase_admin
+ issue_pg_net_access                    | supabase_admin | extensions         | grant_pg_net_access                | supabase_admin
+ pgaudit_ddl_command_end                | supabase_admin | public             | pgaudit_ddl_command_end            | supabase_admin
+ pgaudit_sql_drop                       | supabase_admin | public             | pgaudit_sql_drop                   | supabase_admin
+ pg_tle_event_trigger_for_drop_function | supabase_admin | pgtle              | pgtle.pg_tle_feature_info_sql_drop | supabase_admin
+(11 rows)
+