From c45336c611971037c2cc9fa21045870d225f80d5 Mon Sep 17 00:00:00 2001
From: Paul Cioanca <paul.cioanca@supabase.io>
Date: Thu, 12 Dec 2024 18:51:23 +0200
Subject: [PATCH] chore: merge 15.6 changes into develop (#1368)

* fix: account for `public` grantee

* fix(ci): respect postgresVersion input (#1237)

* feat: bump gotrue version to v2.162.0 (#1241)

* fix: only grant pg_read_all_data if it exists (#1242)

* fix: only grant pg_read_all_data if it exists

* fix: prevent `public` from being casted into `regrole`

* fix(15.6): account for pg_stat_monitor major version upgrade (#1247)

* chore: release updates to run physical backup as a service to 15.6 image (#1248)

* chore: updates to run physical backups as a service (#1235)

* chore: init commence-backup service

* chore: bump adminapi and adminmgr

* chore: bump version

* fix: provide correct filename

* chore: bump postgres version

* fix(15.6/pg_upgrade): retry commands within the cleanup step; wait until PG is ready to accept connections (#1250)

* fix(15.6/upgrades): collision when patching wrappers lib locations for upgrades (#1252)

* feat: bump auth 2.162.1 on 15.6 (#1256)

* fix(15.6): disable pg_stat_monitor (#1260)

* fix: disable pg_stat_monitor

* chore: bump version

* fix(15.6): disable pg_stat_monitor (#1262)

* fix: disable pg_stat_monitor

* chore: bump version

* feat: bump gotrue to v2.162.2 (#1264)

* chore: add timescaledb 2.9.1; wrappers upgrade fix; wrappers & plv8 naming fix (#1259)

Co-authored-by: Bobbie Soedirgo <bobbie@soedirgo.dev>
Co-authored-by: Bobbie Soedirgo <31685197+soedirgo@users.noreply.github.com>
Co-authored-by: Kang Ming <kang.ming1996@gmail.com>
Co-authored-by: Stojan Dimitrovski <sdimitrovski@gmail.com>
Co-authored-by: Sam Rose <samuel@supabase.io>
fix(ci): respect postgresVersion input (#1237)
fix: only grant pg_read_all_data if it exists (#1242)
fix(15.6): disable pg_stat_monitor (#1260)

* chore(15.6): bump pg version (#1273)

* feat: bump auth to v2.163.0 on 15.6 (#1275)

* fix: restart PG during pre-upgrade steps to shed hanging connections (#1271)

* fix(upgrades): wrappers 4.2.0 -> wrappers 4.2.0 (#1278)

* fix: handle supabase_admin authenticator membership snowflake

* feat: add auth v2.163.1 to 15.6 (#1283)

* feat: bump gotrue to v2.163.2 (#1287)

* pg_net 0.11 on 15.6 release branch (#1290)

* bump pg_net to 0.11.0

* bump image to 15.6.1.135

* fix: don't copy custom extension scripts during pg_upgrade (#1291)

* fix: add recursive flag to custom extension script directory delete (#1292)

* [GEN-11027] chore: reserve a fixed amount of blocks for the data volume; remove ansible pkg + ppa (#1295)

* fix: grant predefined roles post-upgrade

* fix: add more roles to reserved_roles & reserved_memberships (#1303)

* fix: add more roles to reserved_roles & reserved_memberships

* Update common-nix.vars.pkr.hcl

* feat: update envoy lds config with auth jwks, oidc URLs, strip `sb-opk` header (#1296)

* chore: udpate package repo for salt (#1307)

* fix: use sudo for apt-get commands

* Update pg net to 0.13.0 on pg 15.6 branch (#1315)

* upgrade pg_net to 0.13.0 on 15.6

* bump postgres-version

* chore: cleanup pgbouncer.get_auth ownership accordingly

* chore: standardize

* Upgrade pgvector to 0.8.0

* Update common-nix.vars.pkr.hcl

Bump version to 15.6.1.140

* feat: upgrade to auth v2.164.0 (#1329)

* fix: update auth to v2.164.0

* fix: upgrade version

* fix: bump nix instead

* fix: replace `alter routine` with `alter function|procedure` (#1333)

* fix: pg_upgrade_script (#1336)

* feat: supautils v2.5.0

* pgmq in 15.6 image (#1337)

* pick pgmq to 15.6

* update extension interface test output

* bump image version

* fix: upload gotrue binary to internal-artifacts as a gz file (#1340)

* feat: upgrade to auth v2.165.0 (#1357)

Upgrade Auth version to v2.165.0

https://github.com/supabase/auth/pull/1846

Co-authored-by: Chris Stockton <chris.stockton@supabase.io>

* feat: bump gotrue to v2.165.1 (#1358)

* feat: build and cache debug and src on this branch (#1360)

* fix: pgmq ownership (#1362)

* fix: pgmq ownership

* tmp

* bump version for production release

---------

Co-authored-by: Oliver Rice <github@oliverrice.com>

* fix: remove duplicate pgmq in test

* chore: filter timescale 2.9.1 on pg 16 and oriole17

* chore: bumping versions (#1370)

---------

Co-authored-by: Bobbie Soedirgo <bobbie@soedirgo.dev>
Co-authored-by: Bobbie Soedirgo <31685197+soedirgo@users.noreply.github.com>
Co-authored-by: Kang Ming <kang.ming1996@gmail.com>
Co-authored-by: angelico <Angelico.delosreyes@gmail.com>
Co-authored-by: Stojan Dimitrovski <sdimitrovski@gmail.com>
Co-authored-by: Sam Rose <samuel@supabase.io>
Co-authored-by: Oliver Rice <github@oliverrice.com>
Co-authored-by: Pavel Borisov <pashkin.elfe@gmail.com>
Co-authored-by: Pavel Borisov <63344111+pashkinelfe@users.noreply.github.com>
Co-authored-by: Joel Lee <lee.yi.jie.joel@gmail.com>
Co-authored-by: Chris Stockton <180184+cstockton@users.noreply.github.com>
Co-authored-by: Chris Stockton <chris.stockton@supabase.io>
---
 Dockerfile                                    |  2 +-
 .../pg_upgrade_scripts/common.sh              |  5 ++++-
 .../pgmq/after-create.sql                     | 19 ++++++++++++++++++
 ansible/manifest-playbook.yml                 | 20 ++-----------------
 ansible/vars.yml                              | 14 ++++++-------
 docker/orioledb/Dockerfile                    |  2 +-
 flake.nix                                     | 11 ++++++++--
 nix/tests/prime.sql                           |  2 +-
 8 files changed, 44 insertions(+), 31 deletions(-)
 create mode 100644 ansible/files/postgresql_extension_custom_scripts/pgmq/after-create.sql

diff --git a/Dockerfile b/Dockerfile
index 9e98a73ee..8309c2585 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -36,7 +36,7 @@ ARG hypopg_release=1.3.1
 ARG pgvector_release=0.4.0
 ARG pg_tle_release=1.3.2
 ARG index_advisor_release=0.2.0
-ARG supautils_release=2.2.1
+ARG supautils_release=2.5.0
 ARG wal_g_release=2.0.1
 
 ####################
diff --git a/ansible/files/admin_api_scripts/pg_upgrade_scripts/common.sh b/ansible/files/admin_api_scripts/pg_upgrade_scripts/common.sh
index ea7217fcc..e9e3afe8a 100755
--- a/ansible/files/admin_api_scripts/pg_upgrade_scripts/common.sh
+++ b/ansible/files/admin_api_scripts/pg_upgrade_scripts/common.sh
@@ -456,7 +456,10 @@ begin
   foreach obj in array functions
   loop
     if obj->>'owner' = 'postgres' then
-      execute(format('alter routine %s(%s) owner to postgres;', (obj->>'oid')::regproc, pg_get_function_identity_arguments((obj->>'oid')::regproc)));
+      execute(format('alter %s %s(%s) owner to postgres;'
+                     , case when obj->>'kind' = 'p' then 'procedure' else 'function' end
+                     , (obj->>'oid')::regproc
+                     , pg_get_function_identity_arguments((obj->>'oid')::regproc)));
     end if;
     for rec in
       select grantor, grantee, privilege_type, is_grantable
diff --git a/ansible/files/postgresql_extension_custom_scripts/pgmq/after-create.sql b/ansible/files/postgresql_extension_custom_scripts/pgmq/after-create.sql
new file mode 100644
index 000000000..8b126d403
--- /dev/null
+++ b/ansible/files/postgresql_extension_custom_scripts/pgmq/after-create.sql
@@ -0,0 +1,19 @@
+do $$
+declare
+  extoid oid := (select oid from pg_extension where extname = 'pgmq');
+  r record;
+begin
+  set local search_path = '';
+  update pg_extension set extowner = 'postgres'::regrole where extname = 'pgmq';
+  for r in (select * from pg_depend where refobjid = extoid) loop
+    if r.classid = 'pg_type'::regclass then
+      execute(format('alter type %s owner to postgres;', r.objid::regtype));
+    elsif r.classid = 'pg_proc'::regclass then
+      execute(format('alter function %s(%s) owner to postgres;', r.objid::regproc, pg_get_function_identity_arguments(r.objid)));
+    elsif r.classid = 'pg_class'::regclass then
+      execute(format('alter table %s owner to postgres;', r.objid::regclass));
+    else
+      raise exception 'error on pgmq after-create script: unexpected object type %', r.classid;
+    end if;
+  end loop;
+end $$;
diff --git a/ansible/manifest-playbook.yml b/ansible/manifest-playbook.yml
index 93f0e15c5..5c1c65053 100644
--- a/ansible/manifest-playbook.yml
+++ b/ansible/manifest-playbook.yml
@@ -18,26 +18,10 @@
     - name: gotrue - download commit archive
       get_url:
         url: "https://github.com/supabase/gotrue/releases/download/v{{ gotrue_release }}/auth-v{{ gotrue_release }}-arm64.tar.gz"
-        dest: /tmp/gotrue.tar.gz
+        dest: /tmp/auth-v{{ gotrue_release }}-arm64.tar.gz
         checksum: "{{ gotrue_release_checksum }}"
         timeout: 60
 
-    - name: gotrue - create /tmp/gotrue
-      file:
-        path: /tmp/gotrue
-        state: directory
-        mode: 0775
-
-    - name: gotrue - unpack archive in /tmp/gotrue
-      unarchive:
-        remote_src: yes
-        src: /tmp/gotrue.tar.gz
-        dest: /tmp/gotrue
-
-    - name: gotrue - pack archive
-      shell: |
-        cd /tmp && tar -cJf gotrue-v{{ gotrue_release }}-arm64.tar.xz gotrue
-
     - name: PostgREST - download ubuntu binary archive (arm)
       get_url:
         url: "https://github.com/PostgREST/postgrest/releases/download/v{{ postgrest_release }}/postgrest-v{{ postgrest_release }}-ubuntu-aarch64.tar.xz"
@@ -82,7 +66,7 @@
         aws s3 cp /tmp/{{ item.file }} s3://{{ internal_artifacts_bucket }}/upgrades/{{ item.service }}/{{ item.file }}
       with_items:
         - service: gotrue
-          file: gotrue-v{{ gotrue_release }}-arm64.tar.xz
+          file: auth-v{{ gotrue_release }}-arm64.tar.gz
         - service: postgrest
           file: postgrest-{{ postgrest_release }}-arm64.tar.xz
         - service: supabase-admin-api
diff --git a/ansible/vars.yml b/ansible/vars.yml
index dff487733..588ac1e95 100644
--- a/ansible/vars.yml
+++ b/ansible/vars.yml
@@ -9,9 +9,9 @@ postgres_major:
 
 # Full version strings for each major version
 postgres_release:
-  postgresorioledb-17: "17.0.1.007-orioledb"
-  postgres15: "15.8.1.017"
-  postgres16: "16.3.1.023"
+  postgresorioledb-17: "17.0.1.008-orioledb"
+  postgres15: "15.8.1.018"
+  postgres16: "16.3.1.024"
 
 # Non Postgres Extensions
 pgbouncer_release: "1.19.0"
@@ -92,10 +92,10 @@ timescaledb_release_checksum: sha256:883638f2e79d25ec88ee58f603f3c81c999b6364cb4
 wal2json_release: "2_5"
 wal2json_release_checksum: sha256:b516653575541cf221b99cf3f8be9b6821f6dbcfc125675c85f35090f824f00e
 
-supautils_release: "2.2.1"
-supautils_release_arm64_deb_checksum: sha256:1a2d2b8fe604d38921ed9cf3a0d56dd142a274035d0dca17ad21cdc81ddd9569
-supautils_release_amd64_deb_checksum: sha256:4674fac146976dc179f5871271830718112f5eaa853bc461df9e303c8df2e1ab
-supautils_release_tar_checksum: sha256:f1f33371390322ac830645b8b0b8e249cb8ca10b19fdeae917f383014ed01b5d
+supautils_release: "2.5.0"
+supautils_release_arm64_deb_checksum: sha256:406e4a816f719bd6c4b2143e9bb38078fbe60d7e85018ec0aed5d76924e28000
+supautils_release_amd64_deb_checksum: sha256:71f182b478d8aaf167609dd382875cdce3fbe992e888988b3d51cdad39e08202
+supautils_release_tar_checksum: sha256:07c41244e4374248da9c2df2822152f3ae8f1e74c8a92d361300480193219b63
 
 pljava_release: master
 pljava_release_checksum: sha256:e99b1c52f7b57f64c8986fe6ea4a6cc09d78e779c1643db060d0ac66c93be8b6
diff --git a/docker/orioledb/Dockerfile b/docker/orioledb/Dockerfile
index 72bc9ba62..7adb7d74a 100644
--- a/docker/orioledb/Dockerfile
+++ b/docker/orioledb/Dockerfile
@@ -36,7 +36,7 @@ ARG hypopg_release=1.3.1
 ARG pgvector_release=0.4.0
 ARG pg_tle_release=1.3.2
 ARG index_advisor_release=0.2.0
-ARG supautils_release=2.2.1
+ARG supautils_release=2.5.0
 ARG wal_g_release=2.0.1
 
 ####################
diff --git a/flake.nix b/flake.nix
index b2a42c5f8..0ef79e1d0 100644
--- a/flake.nix
+++ b/flake.nix
@@ -108,6 +108,7 @@
         ourExtensions = [
           ./nix/ext/rum.nix
           ./nix/ext/timescaledb.nix
+          ./nix/ext/timescaledb-2.9.1.nix
           ./nix/ext/pgroonga.nix
           ./nix/ext/index_advisor.nix
           ./nix/ext/wal2json.nix
@@ -144,7 +145,8 @@
         #we're not using timescaledb in the orioledb version of supabase extensions
         orioleFilteredExtensions = builtins.filter (
           x: 
-            x != ./nix/ext/timescaledb.nix && 
+            x != ./nix/ext/timescaledb.nix &&
+            x != ./nix/ext/timescaledb-2.9.1.nix &&
             x != ./nix/ext/plv8.nix && 
             x != ./nix/ext/postgis.nix && 
             x != ./nix/ext/pgrouting.nix &&
@@ -153,7 +155,10 @@
         ) ourExtensions;
 
         orioledbExtensions = orioleFilteredExtensions ++ [ ./nix/ext/orioledb.nix ];
-
+        pg16Extensions = builtins.filter (
+          x:
+          x != ./nix/ext/timescaledb-2.9.1.nix
+        ) ourExtensions;
         getPostgresqlPackage = version:
           pkgs.postgresql."postgresql_${version}";
         # Create a 'receipt' file for a given postgresql package. This is a way
@@ -197,6 +202,8 @@
             postgresql = getPostgresqlPackage version;
             extensionsToUse = if (builtins.elem version ["orioledb-16" "orioledb-17"])
               then orioledbExtensions
+              else if version == "16"
+              then pg16Extensions
               else ourExtensions;
           in map (path: pkgs.callPackage path { inherit postgresql; }) extensionsToUse;
 
diff --git a/nix/tests/prime.sql b/nix/tests/prime.sql
index a72f3bf48..7203eaa54 100644
--- a/nix/tests/prime.sql
+++ b/nix/tests/prime.sql
@@ -43,6 +43,7 @@ create extension pg_graphql;
 create extension pg_freespacemap;
 create extension pg_hashids;
 create extension pg_prewarm;
+create extension pgmq;
 create extension pg_jsonschema;
 create extension pg_repack;
 create extension pg_stat_monitor;
@@ -54,7 +55,6 @@ create extension pg_visibility;
 create extension pg_walinspect;
 create extension pgaudit;
 create extension pgcrypto;
-create extension pgmq;
 create extension pgtap;
 create extension pgjwt;
 create extension pgroonga;