Migrate Postgres to Neon.tech (#492)

* Document loading data into Neon.tech from Fly.io Postgres

Signed-off-by: Gerhard Lazu <[email protected]>

* Bump local Postgres to v16.1

Same version that we are running in Neon.tech.

Signed-off-by: Gerhard Lazu <[email protected]>

* Update infrastructure diagram to account for Neon.tech

Signed-off-by: Gerhard Lazu <[email protected]>

* Configure R2_ASSETS_BUCKET via environment variable

I found this helpful when testing a new production setup.

Signed-off-by: Gerhard Lazu <[email protected]>

* Remove redundant HTTPS prod config

We have not used this in years, pretty sure that we will not need it
anytime soon. Making it easy to git revert if I'm wrong about it.

Signed-off-by: Gerhard Lazu <[email protected]>

* Make it easier to publish prod images locally

This adds the op CLI & versions the dagger CLI so that I can run the
following locally & publish a prod image:

    op inject -i envrc.op -o .envrc
    direnv allow
    dagger run mage image:production

Also check that a few more required env variables are present, otherwise
we will continue being surprised why things don't work...

Signed-off-by: Gerhard Lazu <[email protected]>

* Comment start & stop Dagger Engine on Fly mage tasks

This looks better:

    Targets:
      cd                  Run the CD pipeline
      ci                  Run the CI pipeline
      fly:daggerStart     Start Dagger Engine on Fly.io
      fly:daggerStop      Stop Dagger Engine on Fly.io
      fly:deploy          Push app container image to Fly.io
      image:production    Build & publish the production image
      image:runtime       Build & publish the runtime image
      test                Run tests

Signed-off-by: Gerhard Lazu <[email protected]>

* Setup new changelog app on Fly.io with 1Password Service Account

This will deploy https://changelog-2023-12-17.fly.dev

We are setting up a new production app so that we can test the Neon.tech
Postgres integration before promoting this to the new production. There
is one more commit missing to get this integration going...

Meanwhile, the 1Password Service Account integration allows us to set a
single secret in the app - OP_SERVICE_ACCOUNT_TOKEN - and then `op`
takes care of templating all other secrets just-in-time, when specific
commands are run, i.e. `db.migrate` or `app.start`. This simplifies the
app configuration considerably, and also makes rotating secrets super
simple - just modify them in 1Password, the `changelog` vault, and
restart the app 😉

Signed-off-by: Gerhard Lazu <[email protected]>

* Configure changelog app to use Neon.tech Postgres

This didn't work as documented, but I will add more context to the PR so
that we can go over it with with Neon.tech Support...

Signed-off-by: Gerhard Lazu <[email protected]>

* Use iad region for changelog-2023-12-17

So that it is close to Neon AWS us-east-1 (lower db latency).

Signed-off-by: Gerhard Lazu <[email protected]>

* Default changelog VM size to performance-4x

Same as the current production config.

Signed-off-by: Gerhard Lazu <[email protected]>

* Capture latest pg_dump & pg_restore steps

Just did this again & captured what worked today.

Also made a few more changes to INFRASTRUCTURE so that it reflects the
upcoming changes more accurately.

Signed-off-by: Gerhard Lazu <[email protected]>

* Save the .envrc template which I am currently using for debugging

Signed-off-by: Gerhard Lazu <[email protected]>

* Make :verify_peer work when connecting to Neon.tech

Signed-off-by: Gerhard Lazu <[email protected]>

* Always deploy

Especially useful when iterating locally, and the git sha doesn't change.

Signed-off-by: Gerhard Lazu <[email protected]>

* Add a few missing env vars for aws.stats

Signed-off-by: Gerhard Lazu <[email protected]>

* Create new changelog-2024-01-12 app instance

We are in 2024 baby!

While at it, capture the step-by-step instructions.

Signed-off-by: Gerhard Lazu <[email protected]>

* Delete changelog-2022-03-13 app instance config

While this app is still the current production, we will no longer be
deploying to it after we merge this.

I also updated all references to this app instance in our internal docs.

I also removed the other app which we were using to debug various Fastly
& Fly.io proxying issues. No longer needed, cleaning all of 2022.fly.

Signed-off-by: Gerhard Lazu <[email protected]>

* Fix app path for Fly.io config

Signed-off-by: Gerhard Lazu <[email protected]>

---------

Signed-off-by: Gerhard Lazu <[email protected]>

.github/workflows/dagger_on_fly.yml

@@ -51,6 +51,7 @@ jobs:
           R2_API_HOST: "${{ secrets.R2_API_HOST }}"
           R2_ACCESS_KEY_ID: "${{ secrets.R2_ACCESS_KEY_ID }}"
           R2_SECRET_ACCESS_KEY: "${{ secrets.R2_SECRET_ACCESS_KEY }}"
+          R2_ASSETS_BUCKET: "${{ env.R2_ASSETS_BUCKET }}"
           OBAN_KEY_FINGERPRINT: "${{ secrets.OBAN_KEY_FINGERPRINT }}"
           OBAN_LICENSE_KEY: "${{ secrets.OBAN_LICENSE_KEY }}"
         run: |

.github/workflows/dagger_on_github.yml

@@ -24,6 +24,7 @@ jobs:
           R2_API_HOST: "${{ secrets.R2_API_HOST }}"
           R2_ACCESS_KEY_ID: "${{ secrets.R2_ACCESS_KEY_ID }}"
           R2_SECRET_ACCESS_KEY: "${{ secrets.R2_SECRET_ACCESS_KEY }}"
+          R2_ASSETS_BUCKET: "${{ env.R2_ASSETS_BUCKET }}"
           OBAN_KEY_FINGERPRINT: "${{ secrets.OBAN_KEY_FINGERPRINT }}"
           OBAN_LICENSE_KEY: "${{ secrets.OBAN_LICENSE_KEY }}"
         run: |

.github/workflows/dagger_on_k8s.yml

@@ -25,6 +25,7 @@ jobs:
           R2_API_HOST: "${{ secrets.R2_API_HOST }}"
           R2_ACCESS_KEY_ID: "${{ secrets.R2_ACCESS_KEY_ID }}"
           R2_SECRET_ACCESS_KEY: "${{ secrets.R2_SECRET_ACCESS_KEY }}"
+          R2_ASSETS_BUCKET: "${{ env.R2_ASSETS_BUCKET }}"
           OBAN_KEY_FINGERPRINT: "${{ secrets.OBAN_KEY_FINGERPRINT }}"
           OBAN_LICENSE_KEY: "${{ secrets.OBAN_LICENSE_KEY }}"
         run: |

.tool-versions

@@ -4,5 +4,7 @@ erlang 26.2
 golang 1.20.12
 nodejs 20.10.0
 yarn 1.22.19
-postgres 15.3
-flyctl 0.1.134
+postgres 16.1
+flyctl 0.1.135
+1password-cli 2.24.0
+dagger 0.6.4