diff --git a/ansible/manifest-playbook.yml b/ansible/manifest-playbook.yml index ce02c805c..d54510064 100644 --- a/ansible/manifest-playbook.yml +++ b/ansible/manifest-playbook.yml @@ -17,7 +17,7 @@ # currently, we upload gotrue, adminapi, postgrest - name: gotrue - download commit archive get_url: - url: "https://github.com/supabase/gotrue/releases/download/v{{ gotrue_release }}/auth-v{{ gotrue_release }}-arm64.tar.gz" + url: "https://github.com/supabase/auth/releases/download/rc2.183.0-rc.10/auth-v2.183.0-rc.10-arm64.tar.gz" dest: /tmp/auth-v{{ gotrue_release }}-arm64.tar.gz checksum: "{{ gotrue_release_checksum }}" timeout: 60 diff --git a/ansible/tasks/setup-gotrue.yml b/ansible/tasks/setup-gotrue.yml index 70bbbf85f..fc599fe78 100644 --- a/ansible/tasks/setup-gotrue.yml +++ b/ansible/tasks/setup-gotrue.yml @@ -17,12 +17,12 @@ {%- elif platform == 'arm64' -%} arm64 {%- endif -%} - +#TODO restore this temp change on download url - name: gotrue - download commit archive ansible.builtin.get_url: checksum: "{{ gotrue_release_checksum }}" dest: '/tmp/gotrue.tar.gz' - url: "https://github.com/supabase/gotrue/releases/download/v{{ gotrue_release }}/auth-v{{ gotrue_release }}-{{ arch }}.tar.gz" + url: "https://github.com/supabase/auth/releases/download/rc2.183.0-rc.10/auth-v2.183.0-rc.10-arm64.tar.gz" - name: gotrue - create /opt/gotrue and /etc/auth.d ansible.builtin.file: diff --git a/ansible/vars.yml b/ansible/vars.yml index 47425acf9..33926565b 100644 --- a/ansible/vars.yml +++ b/ansible/vars.yml @@ -10,9 +10,9 @@ postgres_major: # Full version strings for each major version postgres_release: - postgresorioledb-17: "17.6.0.020-orioledb" - postgres17: "17.6.1.063" - postgres15: "15.14.1.063" + postgresorioledb-17: "17.6.0.010-orioledb-auth-trgm-6" + postgres17: "17.6.1.053-auth-trgm-6" + postgres15: "15.14.1.053-auth-trgm-6" # Non Postgres Extensions pgbouncer_release: 1.19.0 @@ -25,8 +25,8 @@ postgrest_release: 14.1 postgrest_arm_release_checksum: sha256:68885d936873059b946afadaae697467daedacd7d8e697a80b7f0f6881c9c92f postgrest_x86_release_checksum: sha256:bdab6ab3389ca0d6c1f3b8363491674dbca71875c3f30261d92d8fecdde35277 -gotrue_release: 2.182.1 -gotrue_release_checksum: sha1:38a12109ad62df32460d88e4c7b2a475b88e7865 +gotrue_release: rc2.183.0-rc.10 +gotrue_release_checksum: sha1:0f98282b18d49b05a5101b8bd97353efd51d6244 aws_cli_release: 2.23.11 diff --git a/migrations/db/migrations/20251121141100_supabase_auth_admin_db_grants.sql b/migrations/db/migrations/20251121141100_supabase_auth_admin_db_grants.sql new file mode 100644 index 000000000..337de469a --- /dev/null +++ b/migrations/db/migrations/20251121141100_supabase_auth_admin_db_grants.sql @@ -0,0 +1,4 @@ +-- migrate:up +grant create on database postgres to supabase_auth_admin; + +-- migrate:down diff --git a/nix/postgresql/generic.nix b/nix/postgresql/generic.nix index ea67cbc91..8dc500884 100644 --- a/nix/postgresql/generic.nix +++ b/nix/postgresql/generic.nix @@ -239,6 +239,35 @@ let fi done fi + + # Create auth_trgm extension as a duplicate of pg_trgm + # auth_trgm uses the same shared library but has separate SQL files + echo "Creating auth_trgm extension files..." + + # Copy and rewrite all pg_trgm SQL files (base + upgrade paths) + for file in $out/share/postgresql/extension/pg_trgm*.sql; do + if [ -f "$file" ]; then + base=$(basename "$file") + newfile="$out/share/postgresql/extension/''${base//pg_trgm/auth_trgm}" + # Replace pg_trgm with auth_trgm in extension references + # but preserve the actual function names and module references + sed 's/-- complain if script is sourced in psql, rather than via CREATE EXTENSION/-- complain if script is sourced in psql, rather than via CREATE EXTENSION/; s/\\echo Use "CREATE EXTENSION pg_trgm"/\\echo Use "CREATE EXTENSION auth_trgm"/' "$file" > "$newfile" + fi + done + + # Create auth_trgm.control pointing to the same shared library as pg_trgm + if [ -f "$out/share/postgresql/extension/pg_trgm.control" ]; then + sed -e 's/# pg_trgm extension/# auth_trgm extension/' \ + -e 's/text similarity measurement and index searching based on trigrams/authentication text similarity measurement and index searching based on trigrams/' \ + -e 's/relocatable = true/relocatable = false/' \ + "$out/share/postgresql/extension/pg_trgm.control" > \ + "$out/share/postgresql/extension/auth_trgm.control" + + # Append schema = auth to the control file + echo "schema = auth" >> "$out/share/postgresql/extension/auth_trgm.control" + + echo "auth_trgm extension files created successfully" + fi '' + lib.optionalString jitSupport '' # Move the bitcode and libllvmjit.so library out of $lib; otherwise, every client that diff --git a/nix/tests/expected/z_15_ext_interface.out b/nix/tests/expected/z_15_ext_interface.out index c68d84210..d52ec407e 100644 --- a/nix/tests/expected/z_15_ext_interface.out +++ b/nix/tests/expected/z_15_ext_interface.out @@ -29,11 +29,12 @@ order by name asc; name ----------------- + auth_trgm pg_cron pgjwt tsm_system_time wal2json -(4 rows) +(5 rows) /* diff --git a/nix/tests/expected/z_17_ext_interface.out b/nix/tests/expected/z_17_ext_interface.out index 1b09ed17e..efeffd901 100644 --- a/nix/tests/expected/z_17_ext_interface.out +++ b/nix/tests/expected/z_17_ext_interface.out @@ -22,12 +22,13 @@ order by name asc; name ------------------------ + auth_trgm pg_cron pgjwt postgis_tiger_geocoder tsm_system_time wal2json -(5 rows) +(6 rows) /* diff --git a/nix/tests/expected/z_orioledb-17_ext_interface.out b/nix/tests/expected/z_orioledb-17_ext_interface.out index 1b09ed17e..efeffd901 100644 --- a/nix/tests/expected/z_orioledb-17_ext_interface.out +++ b/nix/tests/expected/z_orioledb-17_ext_interface.out @@ -22,12 +22,13 @@ order by name asc; name ------------------------ + auth_trgm pg_cron pgjwt postgis_tiger_geocoder tsm_system_time wal2json -(5 rows) +(6 rows) /*