From a40a281af49a3e9da0140136eab06ca601ad9820 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Niccol=C3=B2=20Fei?= Date: Thu, 16 Apr 2026 16:26:04 +0200 Subject: [PATCH 1/7] ci: avoid triggering CI for all extensions on non-impactful shared file changes MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Niccolò Fei --- .github/filters.yaml | 17 ++++++++++++++ .github/workflows/bake.yml | 26 ++------------------- CONTRIBUTING_NEW_EXTENSION.md | 43 +++++++++++++++++++++++++++-------- 3 files changed, 53 insertions(+), 33 deletions(-) create mode 100644 .github/filters.yaml diff --git a/.github/filters.yaml b/.github/filters.yaml new file mode 100644 index 0000000..a5625ef --- /dev/null +++ b/.github/filters.yaml @@ -0,0 +1,17 @@ +_shared: &shared + - 'docker-bake.hcl' + - 'Taskfile.yml' + - 'test/**' + - '.github/workflows/bake_targets.yml' +pgvector: + - 'pgvector/**' + - *shared +postgis: + - 'postgis/**' + - *shared +pgaudit: + - 'pgaudit/**' + - *shared +pg-crash: + - 'pg-crash/**' + - *shared diff --git a/.github/workflows/bake.yml b/.github/workflows/bake.yml index efbbfb0..e8158e3 100644 --- a/.github/workflows/bake.yml +++ b/.github/workflows/bake.yml @@ -7,12 +7,7 @@ on: extension_name: description: "The PostgreSQL extension to build (directory name)" required: true - type: choice - options: - - pgvector - - postgis - - pgaudit - - pg-crash + type: string defaults: run: @@ -37,24 +32,7 @@ jobs: uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # v4.0.1 id: filter with: - filters: | - _shared: &shared - - 'docker-bake.hcl' - - 'Taskfile.yml' - - 'test/**' - - '.github/workflows/bake*.yml' - pgvector: - - 'pgvector/**' - - *shared - postgis: - - 'postgis/**' - - *shared - pgaudit: - - 'pgaudit/**' - - *shared - pg-crash: - - 'pg-crash/**' - - *shared + filters: .github/filters.yaml # Compute a matrix containing the list of all extensions that have been modified - name: Compute matrix diff --git a/CONTRIBUTING_NEW_EXTENSION.md b/CONTRIBUTING_NEW_EXTENSION.md index af55c8c..f44faa1 100644 --- a/CONTRIBUTING_NEW_EXTENSION.md +++ b/CONTRIBUTING_NEW_EXTENSION.md @@ -15,17 +15,17 @@ Before proposing a change, ensure your local machine is compatible with the 1. **Fork** the [cloudnative-pg/postgres-extensions-containers](https://github.com/cloudnative-pg/postgres-extensions-containers) repository. 2. **Clone** your fork and enter the directory: -```sh -git clone https://github.com//postgres-extensions-containers.git -cd postgres-extensions-containers -``` + ```sh + git clone https://github.com//postgres-extensions-containers.git + cd postgres-extensions-containers + ``` 3. **Verify the Environment:** Run the following to ensure you can build the existing project ecosystem. -```sh -task prereqs # Check if Go, Task, and Docker are ready -task checks:all # Validate current configurations -task bake:all # Optional: build all existing extensions to confirm the Dagger engine -``` + ```sh + task prereqs # Check if Go, Task, and Docker are ready + task checks:all # Validate current configurations + task bake:all # Optional: build all existing extensions to confirm the Dagger engine + ``` --- @@ -264,6 +264,31 @@ The `README.md` is typically the last file you complete. A clear, professional `README.md` makes an extension successful. Ensure it includes YAML examples for `Cluster` and `Database` resources so users can immediately adopt your work. +### Add your extension to `.github/filters.yaml` + +The `.github/filters.yaml` file is used by the CI pipeline to detect which +extensions have been modified and need to be built, scanned, and tested. +You must add an entry for your new extension so that changes to its directory +trigger the testing CI pipeline. + +Add a new block at the end of the file following the existing pattern: + +``` +: + - '/**' + - *shared +``` + +> [!IMPORTANT] +> is the name of your extension's directory in the +> root of the repository. + +- `/**`: This ensures that the CI pipeline is triggered when any + file within your extension directory is modified. +- `*shared`: This anchor includes common paths (such as `docker-bake.hcl`, + `Taskfile.yml`, `test/**`, and the reusable workflow), and ensures that your + extension is also re-built and tested when any of these files are modified. + ### Commit and Submit Once you have verified your extension locally and are satisfied with the From 08611e5938b942ecf6614b41ace4e0e11ee865b3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Niccol=C3=B2=20Fei?= Date: Fri, 17 Apr 2026 18:20:35 +0200 Subject: [PATCH 2/7] chore: rename filters.yaml to bake-filters.yaml MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Niccolò Fei --- .github/{filters.yaml => bake-filters.yaml} | 0 .github/workflows/bake.yml | 2 +- CONTRIBUTING_NEW_EXTENSION.md | 4 ++-- 3 files changed, 3 insertions(+), 3 deletions(-) rename .github/{filters.yaml => bake-filters.yaml} (100%) diff --git a/.github/filters.yaml b/.github/bake-filters.yaml similarity index 100% rename from .github/filters.yaml rename to .github/bake-filters.yaml diff --git a/.github/workflows/bake.yml b/.github/workflows/bake.yml index e8158e3..37c38a1 100644 --- a/.github/workflows/bake.yml +++ b/.github/workflows/bake.yml @@ -32,7 +32,7 @@ jobs: uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # v4.0.1 id: filter with: - filters: .github/filters.yaml + filters: .github/bake-filters.yaml # Compute a matrix containing the list of all extensions that have been modified - name: Compute matrix diff --git a/CONTRIBUTING_NEW_EXTENSION.md b/CONTRIBUTING_NEW_EXTENSION.md index f44faa1..c2e75b7 100644 --- a/CONTRIBUTING_NEW_EXTENSION.md +++ b/CONTRIBUTING_NEW_EXTENSION.md @@ -264,9 +264,9 @@ The `README.md` is typically the last file you complete. A clear, professional `README.md` makes an extension successful. Ensure it includes YAML examples for `Cluster` and `Database` resources so users can immediately adopt your work. -### Add your extension to `.github/filters.yaml` +### Add your extension to `.github/bake-filters.yaml` -The `.github/filters.yaml` file is used by the CI pipeline to detect which +The `.github/bake-filters.yaml` file is used by the CI pipeline to detect which extensions have been modified and need to be built, scanned, and tested. You must add an entry for your new extension so that changes to its directory trigger the testing CI pipeline. From 543eceb83b92c21d175e8c896b4de066498dae66 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Niccol=C3=B2=20Fei?= Date: Wed, 22 Apr 2026 16:32:20 +0200 Subject: [PATCH 3/7] ci: validate workflow_dispatch input MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Hai He Signed-off-by: Niccolò Fei --- .github/workflows/bake.yml | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/.github/workflows/bake.yml b/.github/workflows/bake.yml index 37c38a1..49a9183 100644 --- a/.github/workflows/bake.yml +++ b/.github/workflows/bake.yml @@ -27,7 +27,15 @@ jobs: uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: persist-credentials: false - + - name: Validate extension name + if: github.event_name == 'workflow_dispatch' + env: + INPUT_EXTENSION_NAME: ${{ github.event.inputs.extension_name }} + run: | + if [[ ! -d "$INPUT_EXTENSION_NAME" ]]; then + echo "Error: '$INPUT_EXTENSION_NAME' is not a valid extension (no such directory)" + exit 1 + fi - name: Check for changes uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # v4.0.1 id: filter From 543d7331cdf1214bf500b3a28a239b92680b9e5b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Niccol=C3=B2=20Fei?= Date: Wed, 22 Apr 2026 16:52:25 +0200 Subject: [PATCH 4/7] ci: improve the input's extension_name validation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Niccolò Fei --- .github/workflows/bake.yml | 34 +++++++++++++++++++++++++--------- 1 file changed, 25 insertions(+), 9 deletions(-) diff --git a/.github/workflows/bake.yml b/.github/workflows/bake.yml index 49a9183..0586270 100644 --- a/.github/workflows/bake.yml +++ b/.github/workflows/bake.yml @@ -27,15 +27,31 @@ jobs: uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6 with: persist-credentials: false - - name: Validate extension name - if: github.event_name == 'workflow_dispatch' - env: - INPUT_EXTENSION_NAME: ${{ github.event.inputs.extension_name }} - run: | - if [[ ! -d "$INPUT_EXTENSION_NAME" ]]; then - echo "Error: '$INPUT_EXTENSION_NAME' is not a valid extension (no such directory)" - exit 1 - fi + + - name: Fetch valid targets + if: github.event_name == 'workflow_dispatch' + id: get-targets + uses: dagger/dagger-for-github@27b130bf0f79a7f6fbbbe0fbca6760dc9bb40a77 # v8.4.1 + env: + # renovate: datasource=github-tags depName=dagger/dagger versioning=semver + DAGGER_VERSION: 0.20.6 + with: + version: ${{ env.DAGGER_VERSION }} + verb: call + module: ./dagger/maintenance/ + args: get-targets + + - name: Validate extension name + if: github.event_name == 'workflow_dispatch' + env: + INPUT_EXTENSION_NAME: ${{ github.event.inputs.extension_name }} + VALID_TARGETS: ${{ steps.get-targets.outputs.output }} + run: | + if ! echo "$VALID_TARGETS" | jq -e --arg ext "$INPUT_EXTENSION_NAME" 'index($ext)' > /dev/null; then + echo "::error::'$INPUT_EXTENSION_NAME' is not a valid extension target. Valid targets: $VALID_TARGETS" + exit 1 + fi + - name: Check for changes uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # v4.0.1 id: filter From f247537c0b0fee209380c51508301a6d75cae6ac Mon Sep 17 00:00:00 2001 From: Marco Nenciarini Date: Thu, 23 Apr 2026 11:26:55 +0200 Subject: [PATCH 5/7] ci: generate paths-filter config from dagger targets Signed-off-by: Marco Nenciarini --- .github/bake-filters.yaml | 17 ----------------- .github/workflows/bake.yml | 20 ++++++++++++++++++-- CONTRIBUTING_NEW_EXTENSION.md | 25 ------------------------- 3 files changed, 18 insertions(+), 44 deletions(-) delete mode 100644 .github/bake-filters.yaml diff --git a/.github/bake-filters.yaml b/.github/bake-filters.yaml deleted file mode 100644 index a5625ef..0000000 --- a/.github/bake-filters.yaml +++ /dev/null @@ -1,17 +0,0 @@ -_shared: &shared - - 'docker-bake.hcl' - - 'Taskfile.yml' - - 'test/**' - - '.github/workflows/bake_targets.yml' -pgvector: - - 'pgvector/**' - - *shared -postgis: - - 'postgis/**' - - *shared -pgaudit: - - 'pgaudit/**' - - *shared -pg-crash: - - 'pg-crash/**' - - *shared diff --git a/.github/workflows/bake.yml b/.github/workflows/bake.yml index 0586270..03bb6e7 100644 --- a/.github/workflows/bake.yml +++ b/.github/workflows/bake.yml @@ -29,7 +29,6 @@ jobs: persist-credentials: false - name: Fetch valid targets - if: github.event_name == 'workflow_dispatch' id: get-targets uses: dagger/dagger-for-github@27b130bf0f79a7f6fbbbe0fbca6760dc9bb40a77 # v8.4.1 env: @@ -52,11 +51,28 @@ jobs: exit 1 fi + - name: Compute paths-filter extensions block + env: + VALID_TARGETS: ${{ steps.get-targets.outputs.output }} + run: | + { + echo 'EXTENSIONS<> "$GITHUB_ENV" + - name: Check for changes uses: dorny/paths-filter@fbd0ab8f3e69293af611ebaee6363fc25e6d187d # v4.0.1 id: filter with: - filters: .github/bake-filters.yaml + filters: | + _shared: &shared + - 'docker-bake.hcl' + - 'Taskfile.yml' + - 'test/**' + - 'dagger/maintenance/**' + - '.github/workflows/bake_targets.yml' + ${{ env.EXTENSIONS }} # Compute a matrix containing the list of all extensions that have been modified - name: Compute matrix diff --git a/CONTRIBUTING_NEW_EXTENSION.md b/CONTRIBUTING_NEW_EXTENSION.md index c2e75b7..d3568f2 100644 --- a/CONTRIBUTING_NEW_EXTENSION.md +++ b/CONTRIBUTING_NEW_EXTENSION.md @@ -264,31 +264,6 @@ The `README.md` is typically the last file you complete. A clear, professional `README.md` makes an extension successful. Ensure it includes YAML examples for `Cluster` and `Database` resources so users can immediately adopt your work. -### Add your extension to `.github/bake-filters.yaml` - -The `.github/bake-filters.yaml` file is used by the CI pipeline to detect which -extensions have been modified and need to be built, scanned, and tested. -You must add an entry for your new extension so that changes to its directory -trigger the testing CI pipeline. - -Add a new block at the end of the file following the existing pattern: - -``` -: - - '/**' - - *shared -``` - -> [!IMPORTANT] -> is the name of your extension's directory in the -> root of the repository. - -- `/**`: This ensures that the CI pipeline is triggered when any - file within your extension directory is modified. -- `*shared`: This anchor includes common paths (such as `docker-bake.hcl`, - `Taskfile.yml`, `test/**`, and the reusable workflow), and ensures that your - extension is also re-built and tested when any of these files are modified. - ### Commit and Submit Once you have verified your extension locally and are satisfied with the From df72689a4d2ac1f07879de90b5ed52611878a8f9 Mon Sep 17 00:00:00 2001 From: Marco Nenciarini Date: Thu, 23 Apr 2026 11:56:48 +0200 Subject: [PATCH 6/7] ci: fail loudly when dagger returns no extensions Signed-off-by: Marco Nenciarini --- .github/workflows/bake.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/bake.yml b/.github/workflows/bake.yml index 03bb6e7..22d9800 100644 --- a/.github/workflows/bake.yml +++ b/.github/workflows/bake.yml @@ -55,6 +55,10 @@ jobs: env: VALID_TARGETS: ${{ steps.get-targets.outputs.output }} run: | + if ! echo "$VALID_TARGETS" | jq -e 'length > 0' > /dev/null; then + echo "::error::dagger get-targets returned no extensions: $VALID_TARGETS" + exit 1 + fi { echo 'EXTENSIONS< Date: Thu, 23 Apr 2026 11:56:49 +0200 Subject: [PATCH 7/7] chore: let renovate track versions in workflow files Signed-off-by: Marco Nenciarini --- renovate.json | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/renovate.json b/renovate.json index efac5b4..edcec7d 100644 --- a/renovate.json +++ b/renovate.json @@ -48,10 +48,11 @@ "datasourceTemplate": "deb" }, { - "description": "updates the Taskfile dependencies", + "description": "updates the Taskfile and GitHub Actions workflow dependencies", "customType": "regex", "managerFilePatterns": [ - "Taskfile.yml" + "Taskfile.yml", + ".github/workflows/*.yml" ], "matchStrings": [ "# renovate: datasource=(?[a-z-.]+?) depName=(?[^\\s]+?)(?: (?:lookupName|packageName)=(?[^\\s]+?))?(?: versioning=(?[^\\s]+?))?(?: extractVersion=(?[^\\s]+?))?(?: currentValue=(?[^\\s]+?))?\\s+[A-Za-z0-9_]+?_SHA\\s*:\\s*[\"']?(?[a-f0-9]+?)[\"']?\\s",