feat: generate Debian (12) Bookworm images (#62)

Add Debian 12 images and the related ClusterImageCatalog
---------

Signed-off-by: Niccolò Fei <niccolo.fei@enterprisedb.com>
Signed-off-by: Jonathan Gonzalez V <jonathan.gonzalez@enterprisedb.com>
Signed-off-by: Francesco Canovai <francesco.canovai@enterprisedb.com>
Co-authored-by: Jonathan Gonzalez V <jonathan.gonzalez@enterprisedb.com>
Co-authored-by: Francesco Canovai <francesco.canovai@enterprisedb.com>

.github/generate-strategy.sh

@@ -13,6 +13,9 @@ declare -A aliases=(
 	[16]='latest'
 )
 
+# Define the current default distribution
+DEFAULT_DISTRO="bullseye"
+
 GITHUB_ACTIONS=${GITHUB_ACTIONS:-false}
 
 cd "$(dirname "$(readlink -f "${BASH_SOURCE[0]}/..")")"
@@ -39,37 +42,54 @@ join() {
 	echo "${out#$sep}"
 }
 
-entries=()
-for version in "${debian_versions[@]}"; do
+generator() {
+	local os="$1"; shift
+	local distro="$1"; shift
 
-	# Read versions from the definition file
-	versionFile="${version}/.versions.json"
-	postgresImageVersion=$(jq -r '.POSTGRES_IMAGE_VERSION | split("-") | .[0]' "${versionFile}")
-	releaseVersion=$(jq -r '.IMAGE_RELEASE_VERSION' "${versionFile}")
+	cd "${BASE_DIRECTORY}"/"${os}"/
+	for version in "${debian_versions[@]}"; do
 
-	# Initial aliases are "major version", "optional alias", "full version with release"
-	# i.e. "14", "latest", "14.2-1", "14.2-debian","14.2"
-	fullTag="${postgresImageVersion}-${releaseVersion}"
-	versionAliases=(
-			"${version}"
-			${aliases[$version]:+"${aliases[$version]}"}
-			"${fullTag}"
-			"${postgresImageVersion}"
-	)
-	# Add all the version prefixes between full version and major version
-	# i.e "13.2"
-	while [ "$postgresImageVersion" != "$version" ] && [ "${postgresImageVersion%[.-]*}" != "$postgresImageVersion" ]; do
-		versionAliases+=("$postgresImageVersion-debian")
-		postgresImageVersion="${postgresImageVersion%[.-]*}"
+		# Read versions from the definition file
+		versionDir="${version}/${distro}"
+		versionFile="${versionDir}/.versions.json"
+		postgresImageVersion=$(jq -r '.POSTGRES_IMAGE_VERSION | split("-") | .[0]' "${versionFile}")
+		releaseVersion=$(jq -r '.IMAGE_RELEASE_VERSION' "${versionFile}")
+
+		# Setting distribution tags: "major version", "full version", "full version with release"
+		# i.e. "14-bullseye", "14.2-bullseye", "14.2-1-bullseye"
+		fullTag="${postgresImageVersion}-${releaseVersion}-${distro}"
+		versionAliases=(
+				"${version}-${distro}"
+				"${postgresImageVersion}-${distro}"
+				"${fullTag}"
+			)
+
+		# Additional aliases in case we are running in the default distro
+		# i.e. "14", "14.2", "14.2-1", "latest"
+		if [ "${distro}" == "${DEFAULT_DISTRO}" ]; then
+			versionAliases+=(
+				"$version"
+				"${postgresImageVersion}"
+				"${postgresImageVersion}-${releaseVersion}"
+				${aliases[$version]:+"${aliases[$version]}"}
+			)
+		fi
+
+		# Supported platforms for container images
+		platforms="linux/amd64,linux/arm64"
+
+		# Build the json entry
+		entries+=(
+			"{\"name\": \"Debian ${version} - ${distro}\", \"platforms\": \"$platforms\", \"dir\": \"$os/$versionDir\", \"file\": \"$os/$versionDir/Dockerfile\", \"distro\": \"$distro\", \"version\": \"$version\", \"tags\": [\"$(join "\", \"" "${versionAliases[@]}")\"], \"fullTag\": \"${fullTag}\"}"
+		)
 	done
-    # Support platform for container images
-	platforms="linux/amd64,linux/arm64"
+}
 
-	# Build the json entry
-	entries+=(
-		"{\"name\": \"Debian ${postgresImageVersion}\", \"platforms\": \"$platforms\", \"dir\": \"Debian/$version\", \"file\": \"Debian/$version/Dockerfile\", \"version\": \"$version\", \"tags\": [\"$(join "\", \"" "${versionAliases[@]}")\"], \"fullTag\": \"${fullTag}\"}"
-	)
-done
+entries=()
+
+# Debian
+generator "Debian" "bullseye"
+generator "Debian" "bookworm"
 
 # Build the strategy as a JSON object
 strategy="{\"fail-fast\": false, \"matrix\": {\"include\": [$(join ', ' "${entries[@]}")]}}"

.github/workflows/build.yml

@@ -6,11 +6,13 @@ on:
       - main
     paths-ignore:
       - Debian/ClusterImageCatalog.yaml
+      - Debian/ClusterImageCatalog-bookworm.yaml
   workflow_dispatch:
 
 env:
   IMAGE_STAGING: "ghcr.io/${{ github.repository_owner }}/postgresql-testing"
   IMAGE_RELEASE: "ghcr.io/${{ github.repository_owner }}/postgresql"
+  DEFAULT_DISTRO: "bullseye"
 
 jobs:
   generate-jobs:
@@ -87,7 +89,7 @@ jobs:
         exit-code: '1'
         failure-threshold: WARN
         accept-keywords: key
-        accept-filenames: usr/share/cmake/Templates/Windows/Windows_TemporaryKey.pfx,etc/trusted-key.key,usr/share/doc/perl-IO-Socket-SSL/certs/server_enc.p12,usr/share/doc/perl-IO-Socket-SSL/certs/server.p12,usr/local/lib/python3.9/dist-packages/azure/core/settings.py,usr/local/lib/python3.8/site-packages/azure/core/settings.py,usr/share/postgresql-common/pgdg/apt.postgresql.org.asc,usr/local/lib/python3.7/dist-packages/azure/core/settings.py,etc/ssl/private/ssl-cert-snakeoil.key,usr/lib/python3.9/site-packages/azure/core/settings.py
+        accept-filenames: usr/share/cmake/Templates/Windows/Windows_TemporaryKey.pfx,etc/trusted-key.key,usr/share/doc/perl-IO-Socket-SSL/certs/server_enc.p12,usr/share/doc/perl-IO-Socket-SSL/certs/server.p12,usr/local/lib/python3.9/dist-packages/azure/core/settings.py,usr/local/lib/python3.8/site-packages/azure/core/settings.py,usr/share/postgresql-common/pgdg/apt.postgresql.org.asc,usr/local/lib/python3.7/dist-packages/azure/core/settings.py,etc/ssl/private/ssl-cert-snakeoil.key,usr/lib/python3.9/site-packages/azure/core/settings.py,usr/local/lib/python3.11/dist-packages/azure/core/settings.py
 
     - name: Run Snyk to check Docker image for vulnerabilities
       uses: snyk/actions/docker@master
@@ -136,13 +138,13 @@ jobs:
               }
             ]
           }
-        }' > ${{ matrix.version }}.yaml
+        }' > ${{ matrix.version }}-${{ matrix.distro }}.yaml
 
     - name: Upload artifact
       uses: actions/upload-artifact@v4
       with:
-        name: ${{ matrix.version }}-clusterimagecatalog
-        path: ${{ matrix.version }}.yaml
+        name: ${{ matrix.version }}-${{ matrix.distro }}-clusterimagecatalog
+        path: ${{ matrix.version }}-${{ matrix.distro }}.yaml
 
   image-catalog:
     name: Generate ClusterImageCatalog
@@ -163,8 +165,10 @@ jobs:
 
       - name: Update ClusterImageCatalog
         run: |
-          yq eval-all '. as $item ireduce ({}; . *+ $item )' clusterimagecatalog/*.yaml > Debian/ClusterImageCatalog.yaml
-          cat Debian/ClusterImageCatalog.yaml
+          yq eval-all '. as $item ireduce ({}; . *+ $item )' clusterimagecatalog/*-bullseye.yaml > Debian/ClusterImageCatalog-bullseye.yaml
+          yq eval-all '. as $item ireduce ({}; . *+ $item )' clusterimagecatalog/*-bookworm.yaml > Debian/ClusterImageCatalog-bookworm.yaml
+          ln -f -s ClusterImageCatalog-${DEFAULT_DISTRO}.yaml Debian/ClusterImageCatalog.yaml
+          cat Debian/ClusterImageCatalog.yaml Debian/ClusterImageCatalog-bullseye.yaml Debian/ClusterImageCatalog-bookworm.yaml
 
       - name: Temporarily disable "include administrators" branch protection
         if: ${{ always() && github.ref == 'refs/heads/main' }}
@@ -182,7 +186,7 @@ jobs:
           author_name: CloudNativePG Automated Updates
           author_email: noreply@cnpg.com
           message: 'Automatic ClusterImageCatalog update'
-          add: 'Debian/ClusterImageCatalog.yaml'
+          add: 'Debian/ClusterImageCatalog*.yaml'
 
       - name: Enable "include administrators" branch protection
         uses: benjefferies/branch-protection-bot@v1.1.2

.github/workflows/update.yml

@@ -5,9 +5,6 @@ on:
     - cron: 0 0 * * *
   workflow_dispatch:
 
-env:
-  PYTHON_VERSION: "3.9"
-
 defaults:
   run:
     shell: 'bash -Eeuo pipefail -x {0}'
@@ -20,9 +17,11 @@ jobs:
       - uses: actions/checkout@v4
         with:
           token: ${{ secrets.REPO_GHA_PAT }}
+
       - uses: actions/setup-python@v5
         with:
-          python-version: ${{ env.PYTHON_VERSION }}
+          python-version: 3.9
+
       - name: Run update script
         uses: nick-fields/retry@v3
         with:
@@ -32,12 +31,30 @@ jobs:
             # pip-tools provides pip-compile used by update.sh
             pip3 install --upgrade pip-tools pip
             export PATH=$HOME/.local/bin:$PATH
-            echo "Updating Debian images"
-            ./Debian/update.sh
+            echo "Updating Debian bullseye images"
+            ./Debian/update.sh -d bullseye
+
+      - uses: actions/setup-python@v5
+        with:
+          python-version: 3.11
+
+      - name: Run update script
+        uses: nick-fields/retry@v3
+        with:
+          timeout_minutes: 15
+          max_attempts: 3
+          command: |
+            # pip-tools provides pip-compile used by update.sh
+            pip3 install --upgrade pip-tools pip
+            export PATH=$HOME/.local/bin:$PATH
+            echo "Updating Debian bookworm images"
+            ./Debian/update.sh -d bookworm
+
       - name: Diff
         run: |
           git status
           git diff
+
       - name: Temporarily disable "include administrators" branch protection
         if: ${{ always() && github.ref == 'refs/heads/main' }}
         id: disable_include_admins
@@ -46,11 +63,13 @@ jobs:
           access_token: ${{ secrets.REPO_GHA_PAT }}
           branch: main
           enforce_admins: false
+
       - uses: EndBug/add-and-commit@v9
         with:
           author_name: CloudNativePG Automated Updates
           author_email: noreply@cnpg.com
           message: 'Daily automatic update'
+
       - name: Enable "include administrators" branch protection
         uses: benjefferies/branch-protection-bot@v1.1.2
         if: ${{ always() && github.ref == 'refs/heads/main' }}