From fe6a6f941234e2c1cd79af8b3a462705531f6d0b Mon Sep 17 00:00:00 2001
From: Bobbie Soedirgo <bobbie@soedirgo.dev>
Date: Wed, 24 Jan 2024 16:07:36 +0800
Subject: [PATCH 1/5] chore: reorder exts

---
 ansible/files/postgresql_config/supautils.conf.j2 | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ansible/files/postgresql_config/supautils.conf.j2 b/ansible/files/postgresql_config/supautils.conf.j2
index 999018a00..6992b766f 100644
--- a/ansible/files/postgresql_config/supautils.conf.j2
+++ b/ansible/files/postgresql_config/supautils.conf.j2
@@ -1,7 +1,7 @@
-# full list:                                 address_standardizer, address_standardizer_data_us, adminpack, amcheck, autoinc, bloom, btree_gin, btree_gist, citext, cube, dblink, dict_int, dict_xsyn, earthdistance, file_fdw, fuzzystrmatch, hstore, http, hypopg, insert_username, intagg, intarray, isn, lo, ltree, moddatetime, old_snapshot, pageinspect, pg_buffercache, pg_cron, pg_freespacemap, pg_graphql, pg_hashids, pg_jsonschema, pg_net, pg_prewarm, pg_stat_monitor, pg_stat_statements, pg_surgery, pg_tle, pg_trgm, pg_visibility, pg_walinspect, pgaudit, pgcrypto, pgjwt, pgroonga, pgroonga_database, pgrouting, pgrowlocks, pgsodium, pgstattuple, pgtap, plcoffee, pljava, plls, plpgsql, plpgsql_check, plv8, postgis, postgis_raster, postgis_sfcgal, postgis_tiger_geocoder, postgis_topology, postgres_fdw, refint, rum, seg, sslinfo, supabase_vault, supautils, tablefunc, tcn, timescaledb, tsm_system_rows, tsm_system_time, unaccent, uuid-ossp, vector, wrappers, xml2
+# full list:                                 address_standardizer, address_standardizer_data_us, adminpack, amcheck, autoinc, bloom, btree_gin, btree_gist, citext, cube, dblink, dict_int, dict_xsyn, earthdistance, file_fdw, fuzzystrmatch, hstore, http, hypopg, insert_username, intagg, intarray, isn, lo, ltree, moddatetime, old_snapshot, orioledb, pageinspect, pg_buffercache, pg_cron, pg_freespacemap, pg_graphql, pg_hashids, pg_jsonschema, pg_net, pg_prewarm, pg_stat_monitor, pg_stat_statements, pg_surgery, pg_tle, pg_trgm, pg_visibility, pg_walinspect, pgaudit, pgcrypto, pgjwt, pgroonga, pgroonga_database, pgrouting, pgrowlocks, pgsodium, pgstattuple, pgtap, plcoffee, pljava, plls, plpgsql, plpgsql_check, plv8, postgis, postgis_raster, postgis_sfcgal, postgis_tiger_geocoder, postgis_topology, postgres_fdw, refint, rum, seg, sslinfo, supabase_vault, supautils, tablefunc, tcn, timescaledb, tsm_system_rows, tsm_system_time, unaccent, uuid-ossp, vector, wrappers, xml2
 # omitted because may be unsafe:             adminpack, amcheck, file_fdw, lo, old_snapshot, pageinspect, pg_buffercache, pg_freespacemap, pg_prewarm, pg_surgery, pg_visibility, pgstattuple
 # omitted because deprecated:                intagg, xml2
-supautils.privileged_extensions = 'address_standardizer, address_standardizer_data_us, autoinc, bloom, btree_gin, btree_gist, citext, cube, dblink, dict_int, dict_xsyn, earthdistance, fuzzystrmatch, hstore, http, hypopg, insert_username, intarray, isn, ltree, moddatetime, pg_cron, pg_graphql, pg_hashids, pg_jsonschema, pg_net, pg_stat_monitor, pg_stat_statements, pg_tle, pg_trgm, pg_walinspect, pgaudit, pgcrypto, pgjwt, pgroonga, pgroonga_database, pgrouting, pgrowlocks, pgsodium, pgtap, plcoffee, pljava, plls, plpgsql, plpgsql_check, plv8, postgis, postgis_raster, postgis_sfcgal, postgis_tiger_geocoder, postgis_topology, postgres_fdw, refint, rum, seg, sslinfo, supabase_vault, supautils, tablefunc, tcn, timescaledb, tsm_system_rows, tsm_system_time, unaccent, uuid-ossp, vector, wrappers, orioledb'
+supautils.privileged_extensions = 'address_standardizer, address_standardizer_data_us, autoinc, bloom, btree_gin, btree_gist, citext, cube, dblink, dict_int, dict_xsyn, earthdistance, fuzzystrmatch, hstore, http, hypopg, insert_username, intarray, isn, ltree, moddatetime, orioledb, pg_cron, pg_graphql, pg_hashids, pg_jsonschema, pg_net, pg_stat_monitor, pg_stat_statements, pg_tle, pg_trgm, pg_walinspect, pgaudit, pgcrypto, pgjwt, pgroonga, pgroonga_database, pgrouting, pgrowlocks, pgsodium, pgtap, plcoffee, pljava, plls, plpgsql, plpgsql_check, plv8, postgis, postgis_raster, postgis_sfcgal, postgis_tiger_geocoder, postgis_topology, postgres_fdw, refint, rum, seg, sslinfo, supabase_vault, supautils, tablefunc, tcn, timescaledb, tsm_system_rows, tsm_system_time, unaccent, uuid-ossp, vector, wrappers'
 supautils.privileged_extensions_custom_scripts_path = '/etc/postgresql-custom/extension-custom-scripts'
 supautils.privileged_extensions_superuser = 'supabase_admin'
 supautils.privileged_role = 'postgres'

From f2ce128c087c3224ed2e8bc9c5057a9cdfb365cb Mon Sep 17 00:00:00 2001
From: Bobbie Soedirgo <bobbie@soedirgo.dev>
Date: Wed, 24 Jan 2024 16:08:21 +0800
Subject: [PATCH 2/5] chore: dbmate annotations

---
 .../20231130133139_set_lock_timeout_to_authenticator_role.sql  | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/migrations/db/migrations/20231130133139_set_lock_timeout_to_authenticator_role.sql b/migrations/db/migrations/20231130133139_set_lock_timeout_to_authenticator_role.sql
index c04c7400f..a0cee20e6 100644
--- a/migrations/db/migrations/20231130133139_set_lock_timeout_to_authenticator_role.sql
+++ b/migrations/db/migrations/20231130133139_set_lock_timeout_to_authenticator_role.sql
@@ -1 +1,4 @@
+-- migrate:up
 ALTER ROLE authenticator set lock_timeout to '8s';
+
+-- migrate:down

From 3f48097c702efe0522f4d0291fdaa76a50860f26 Mon Sep 17 00:00:00 2001
From: Bobbie Soedirgo <bobbie@soedirgo.dev>
Date: Wed, 24 Jan 2024 16:08:30 +0800
Subject: [PATCH 3/5] feat(migrations): alter lo_export/lo_import owner

---
 .../20240124080435_alter_lo_export_lo_import_owner.sql      | 6 ++++++
 1 file changed, 6 insertions(+)
 create mode 100644 migrations/db/migrations/20240124080435_alter_lo_export_lo_import_owner.sql

diff --git a/migrations/db/migrations/20240124080435_alter_lo_export_lo_import_owner.sql b/migrations/db/migrations/20240124080435_alter_lo_export_lo_import_owner.sql
new file mode 100644
index 000000000..7c0d57d47
--- /dev/null
+++ b/migrations/db/migrations/20240124080435_alter_lo_export_lo_import_owner.sql
@@ -0,0 +1,6 @@
+-- migrate:up
+alter function pg_catalog.lo_export owner to supabase_admin;
+alter function pg_catalog.lo_import(text) owner to supabase_admin;
+alter function pg_catalog.lo_import(text, oid) owner to supabase_admin;
+
+-- migrate:down

From 9574177e8628a7560cac1f77d6d45ea2bc36767f Mon Sep 17 00:00:00 2001
From: Bobbie Soedirgo <bobbie@soedirgo.dev>
Date: Thu, 25 Jan 2024 14:14:46 +0800
Subject: [PATCH 4/5] fix: docker builders

`docker save` was exporting the image in OCI format - we can't easily
extract the `.deb`s from it.
---
 .github/workflows/ami-release.yml | 18 ++++++------------
 .github/workflows/testinfra.yml   | 18 ++++++------------
 2 files changed, 12 insertions(+), 24 deletions(-)

diff --git a/.github/workflows/ami-release.yml b/.github/workflows/ami-release.yml
index b1d40cb93..f95f56c92 100644
--- a/.github/workflows/ami-release.yml
+++ b/.github/workflows/ami-release.yml
@@ -50,28 +50,24 @@ jobs:
           endpoint: builders
       - uses: docker/build-push-action@v5
         with:
-          load: true
           build-args: |
             ${{ steps.args.outputs.result }}
           target: extensions
           tags: supabase/postgres:extensions
           platforms: linux/${{ matrix.arch }}
+          outputs: type=tar,dest=/tmp/extensions.tar
           cache-from: type=gha,scope=${{ github.ref_name }}-latest-${{ matrix.arch }}
           # No need to export extensions cache because latest depends on it
       - name: Extract built packages
         run: |
-          mkdir -p /tmp/extensions ansible/files/extensions
-          docker save supabase/postgres:extensions | tar xv -C /tmp/extensions
-          for layer in /tmp/extensions/*/layer.tar; do
-            tar xvf "$layer" -C ansible/files/extensions --strip-components 1
-          done
+          mkdir -p ansible/files/extensions
+          tar xvf /tmp/extensions.tar -C ansible/files/extensions --strip-components 1
 
       - id: version
         run: echo "${{ steps.args.outputs.result }}" | grep "postgresql" >> "$GITHUB_OUTPUT"
       - name: Build Postgres deb
         uses: docker/build-push-action@v5
         with:
-          load: true
           file: docker/Dockerfile
           target: pg-deb
           build-args: |
@@ -82,15 +78,13 @@ jobs:
             CPPFLAGS=-mcpu=${{ matrix.mcpu }}
           tags: supabase/postgres:deb
           platforms: linux/${{ matrix.arch }}
+          outputs: type=tar,dest=/tmp/pg-deb.tar
           cache-from: type=gha,scope=${{ github.ref_name }}-deb
           cache-to: type=gha,mode=max,scope=${{ github.ref_name }}-deb
       - name: Extract Postgres deb
         run: |
-          mkdir -p /tmp/build ansible/files/postgres
-          docker save supabase/postgres:deb | tar xv -C /tmp/build
-          for layer in /tmp/build/*/layer.tar; do
-            tar xvf "$layer" -C ansible/files/postgres --strip-components 1
-          done
+          mkdir -p ansible/files/postgres
+          tar xvf /tmp/pg-deb.tar -C ansible/files/postgres --strip-components 1
 
       - name: Build AMI
         run: |
diff --git a/.github/workflows/testinfra.yml b/.github/workflows/testinfra.yml
index 9fe84e34a..468675124 100644
--- a/.github/workflows/testinfra.yml
+++ b/.github/workflows/testinfra.yml
@@ -72,12 +72,12 @@ jobs:
 
       - uses: docker/build-push-action@v5
         with:
-          load: true
           build-args: |
             ${{ steps.args.outputs.result }}
           target: extensions
           tags: supabase/postgres:extensions
           platforms: linux/${{ matrix.arch }}
+          outputs: type=tar,dest=/tmp/extensions.tar
           cache-from: |
             type=gha,scope=${{ github.ref_name }}-extensions
             type=gha,scope=${{ github.base_ref }}-extensions
@@ -86,11 +86,8 @@ jobs:
 
       - name: Extract built packages
         run: |
-          mkdir -p /tmp/extensions ansible/files/extensions
-          docker save supabase/postgres:extensions | tar xv -C /tmp/extensions
-          for layer in /tmp/extensions/*/layer.tar; do
-            tar xvf "$layer" -C ansible/files/extensions --strip-components 1
-          done
+          mkdir -p ansible/files/extensions
+          tar xvf /tmp/extensions.tar -C ansible/files/extensions --strip-components 1
 
       - id: version
         run: echo "${{ steps.args.outputs.result }}" | grep "postgresql" >> "$GITHUB_OUTPUT"
@@ -98,7 +95,6 @@ jobs:
       - name: Build Postgres deb
         uses: docker/build-push-action@v5
         with:
-          load: true
           file: docker/Dockerfile
           target: pg-deb
           build-args: |
@@ -109,6 +105,7 @@ jobs:
             CPPFLAGS=-mcpu=${{ matrix.mcpu }}
           tags: supabase/postgres:deb
           platforms: linux/${{ matrix.arch }}
+          outputs: type=tar,dest=/tmp/pg-deb.tar
           cache-from: |
             type=gha,scope=${{ github.ref_name }}-deb
             type=gha,scope=${{ github.base_ref }}-deb
@@ -117,11 +114,8 @@ jobs:
 
       - name: Extract Postgres deb
         run: |
-          mkdir -p /tmp/build ansible/files/postgres
-          docker save supabase/postgres:deb | tar xv -C /tmp/build
-          for layer in /tmp/build/*/layer.tar; do
-            tar xvf "$layer" -C ansible/files/postgres --strip-components 1
-          done
+          mkdir -p ansible/files/postgres
+          tar xvf /tmp/pg-deb.tar -C ansible/files/postgres --strip-components 1
 
       # Packer doesn't support skipping registering the AMI for the ebssurrogate
       # builder, so we register an AMI with a fixed name and run tests on an

From 8a0467a872b982be73194f8e1ff593cfd950e8eb Mon Sep 17 00:00:00 2001
From: Bobbie Soedirgo <bobbie@soedirgo.dev>
Date: Thu, 25 Jan 2024 14:16:34 +0800
Subject: [PATCH 5/5] chore: bump version

---
 common.vars.pkr.hcl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/common.vars.pkr.hcl b/common.vars.pkr.hcl
index 6d649bede..e2209983e 100644
--- a/common.vars.pkr.hcl
+++ b/common.vars.pkr.hcl
@@ -1 +1 @@
-postgres-version = "15.1.1.5"
+postgres-version = "15.1.1.6"