Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
18 commits
Select commit Hold shift + click to select a range
ef17738
feat(postgres): resource model, bindings, and Local controller
ItamarZand88 Jun 25, 2026
826c02b
feat(postgres): cloud client SDKs
ItamarZand88 Jun 25, 2026
680737e
feat(postgres): TypeScript core schemas and SDK binding
ItamarZand88 Jun 25, 2026
74dad90
fix(postgres): keep the Local binding password out of serialized cont…
ItamarZand88 Jun 25, 2026
7e9a6fd
fix(postgres): strip the Local binding password from the synced bindi…
ItamarZand88 Jun 25, 2026
8d6d5ce
fix(postgres): address foundation review findings (secret-error statu…
ItamarZand88 Jun 25, 2026
a583ac3
fix(postgres): deliver the Local binding to linked workers off the sy…
ItamarZand88 Jun 25, 2026
f93d6b0
fix(postgres): address review feedback on the Local runtime
ItamarZand88 Jun 26, 2026
5c034a2
style(sdk): apply biome formatting to the postgres binding
ItamarZand88 Jun 26, 2026
de06d52
fix(ci): strip the top-level dir when extracting the Postgres tarball
ItamarZand88 Jun 28, 2026
2bed9a1
fix(postgres): keep the binding password out of persisted local worke…
ItamarZand88 Jun 28, 2026
2604d23
docs: clarify per-cloud cpu and memory sizing on the Postgres builder
ItamarZand88 Jun 29, 2026
8d624b0
fix(postgres): resolve conflicts from rebase onto main
ItamarZand88 Jul 1, 2026
9bbce02
fix(worker): migrate Azure DNS tests to the public_endpoints WorkerOu…
ItamarZand88 Jul 1, 2026
768ca4a
refactor(postgres): drop the redundant resolve_binding_params channel
ItamarZand88 Jul 1, 2026
09b6afb
feat(postgres): make local Postgres reachable from same-stack containers
ItamarZand88 Jul 1, 2026
7d369d8
ci(pgvector): pass a Windows-format PGROOT to MSVC nmake
ItamarZand88 Jul 2, 2026
7aae9ab
ci(pgvector): point macOS PGXS at the runner SDK via PG_SYSROOT
ItamarZand88 Jul 2, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
235 changes: 235 additions & 0 deletions .github/workflows/release-pgvector.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,235 @@
name: Release pgvector

# Builds the pgvector extension once per (Postgres-major × target) and publishes to Alien's release
# host, so `LocalPostgresManager` installs it at startup and `CREATE EXTENSION vector` works on Local.
# Deliberately does NOT depend on `portalcorp/pgvector_compiled` (PG16-only, stale): Alien owns the matrix.
#
# Each artifact is ABI-matched to the embedded server: built against the SAME
# `theseus-rs/postgresql-binaries` archive `postgresql_embedded` downloads at runtime. The zip carries
# the three files the `postgresql_extensions` extractor maps by extension, so the installer (which
# overrides only the download URL) extracts it unchanged.
#
# Published layout (mirrors release.yml + `latest`); manager fetches via CloudFront at
# releases.alien.dev/pgvector/v<ver>/<os>-<arch>/pg<major>/pgvector_compiled.zip
# (see ALIEN_PGVECTOR_RELEASES_URL_DEFAULT / pgvector_target in crates/alien-local).

on:
workflow_dispatch:
inputs:
dry_run:
description: "Build only; skip the S3 upload"
type: boolean
default: false

permissions:
contents: read
id-token: write # OIDC for the alien-releases-upload role

env:
# Keep this in lockstep with PGVECTOR_VERSION in crates/alien-local/src/postgres_manager.rs.
PGVECTOR_VERSION: "0.8.1"
# Majors must match the embedded-Postgres majors LocalPostgresManager supports.
PG_MAJORS: "15 16 17"

jobs:
# ─── Linux (x86_64 + aarch64, native per runner; glibc, matching the embedded default) ───
build-linux:
strategy:
fail-fast: false
matrix:
pg_major: [15, 16, 17]
target:
- { arch: x86_64, runner: depot-ubuntu-24.04-16, triple: x86_64-unknown-linux-gnu }
- { arch: aarch64, runner: depot-ubuntu-24.04-arm-16, triple: aarch64-unknown-linux-gnu }
runs-on: ${{ matrix.target.runner }}
timeout-minutes: 30
steps:
- name: Install build tools
run: sudo apt-get update && sudo apt-get install -y build-essential git curl jq

- name: Resolve embedded Postgres version
id: pg
run: |
# postgresql_embedded resolves "^<major>" to the newest theseus-rs patch; mirror that.
VERSION=$(curl -fsSL "https://api.github.com/repos/theseus-rs/postgresql-binaries/releases?per_page=100" \
| jq -r --arg M "${{ matrix.pg_major }}" '.[].tag_name | select(startswith($M + "."))' \
| sort -V | tail -1)
test -n "$VERSION" || { echo "no theseus-rs release for PG ${{ matrix.pg_major }}"; exit 1; }
echo "version=$VERSION" >> "$GITHUB_OUTPUT"

- name: Fetch embedded Postgres binaries
run: |
V="${{ steps.pg.outputs.version }}"
curl -fsSL -o pg.tar.gz \
"https://github.com/theseus-rs/postgresql-binaries/releases/download/${V}/postgresql-${V}-${{ matrix.target.triple }}.tar.gz"
# theseus tarballs wrap everything in a top-level postgresql-<ver>-<triple>/ dir; strip it
mkdir -p pgdist && tar -xzf pg.tar.gz -C pgdist --strip-components=1
echo "PG_CONFIG=$PWD/pgdist/bin/pg_config" >> "$GITHUB_ENV"

- name: Build & install pgvector
run: |
git clone --depth 1 --branch "v${PGVECTOR_VERSION}" https://github.com/pgvector/pgvector.git
make -C pgvector PG_CONFIG="$PG_CONFIG"
make -C pgvector PG_CONFIG="$PG_CONFIG" install

- name: Package artifact
run: |
LIBDIR=$("$PG_CONFIG" --pkglibdir)
EXTDIR=$("$PG_CONFIG" --sharedir)/extension
mkdir -p out
cp "$LIBDIR/vector.so" out/
cp "$EXTDIR"/vector.control "$EXTDIR"/vector--*.sql out/
(cd out && zip -j "pgvector_compiled.zip" vector.so vector.control vector--*.sql)

- uses: actions/upload-artifact@v4
with:
name: pgvector-linux-${{ matrix.target.arch }}-pg${{ matrix.pg_major }}
retention-days: 1
path: out/pgvector_compiled.zip

# ─── macOS (aarch64 only, native; no Intel build, matching release.yml's target set) ───
build-darwin:
strategy:
fail-fast: false
matrix:
pg_major: [15, 16, 17]
runs-on: depot-macos-15
timeout-minutes: 30
steps:
- name: Resolve embedded Postgres version
id: pg
run: |
VERSION=$(curl -fsSL "https://api.github.com/repos/theseus-rs/postgresql-binaries/releases?per_page=100" \
| jq -r --arg M "${{ matrix.pg_major }}" '.[].tag_name | select(startswith($M + "."))' \
| sort -V | tail -1)
test -n "$VERSION" || { echo "no theseus-rs release for PG ${{ matrix.pg_major }}"; exit 1; }
echo "version=$VERSION" >> "$GITHUB_OUTPUT"

- name: Fetch embedded Postgres binaries
run: |
V="${{ steps.pg.outputs.version }}"
curl -fsSL -o pg.tar.gz \
"https://github.com/theseus-rs/postgresql-binaries/releases/download/${V}/postgresql-${V}-aarch64-apple-darwin.tar.gz"
# theseus tarballs wrap everything in a top-level postgresql-<ver>-<triple>/ dir; strip it
mkdir -p pgdist && tar -xzf pg.tar.gz -C pgdist --strip-components=1
echo "PG_CONFIG=$PWD/pgdist/bin/pg_config" >> "$GITHUB_ENV"

- name: Build & install pgvector
run: |
git clone --depth 1 --branch "v${PGVECTOR_VERSION}" https://github.com/pgvector/pgvector.git
# theseus's pg_config bakes an -isysroot for its build-time Xcode SDK, which is absent on
# the runner; point PGXS at the runner's actual SDK so system headers (stdio.h) resolve.
SDK="$(xcrun --show-sdk-path)"
make -C pgvector PG_CONFIG="$PG_CONFIG" PG_SYSROOT="$SDK"
make -C pgvector PG_CONFIG="$PG_CONFIG" PG_SYSROOT="$SDK" install

- name: Package artifact
run: |
LIBDIR=$("$PG_CONFIG" --pkglibdir)
EXTDIR=$("$PG_CONFIG" --sharedir)/extension
mkdir -p out
cp "$LIBDIR/vector.dylib" out/ 2>/dev/null || cp "$LIBDIR/vector.so" out/vector.dylib
cp "$EXTDIR"/vector.control "$EXTDIR"/vector--*.sql out/
(cd out && zip -j "pgvector_compiled.zip" vector.dylib vector.control vector--*.sql)

- uses: actions/upload-artifact@v4
with:
name: pgvector-darwin-aarch64-pg${{ matrix.pg_major }}
retention-days: 1
path: out/pgvector_compiled.zip

# ─── Windows (x86_64 only; nmake against the MSVC embedded build) ───
build-windows:
strategy:
fail-fast: false
matrix:
pg_major: [15, 16, 17]
runs-on: depot-windows-2025-16
timeout-minutes: 40
steps:
- name: Resolve embedded Postgres version
id: pg
shell: bash
run: |
VERSION=$(curl -fsSL "https://api.github.com/repos/theseus-rs/postgresql-binaries/releases?per_page=100" \
| jq -r --arg M "${{ matrix.pg_major }}" '.[].tag_name | select(startswith($M + "."))' \
| sort -V | tail -1)
test -n "$VERSION" || { echo "no theseus-rs release for PG ${{ matrix.pg_major }}"; exit 1; }
echo "version=$VERSION" >> "$GITHUB_OUTPUT"

- name: Fetch embedded Postgres binaries
shell: bash
run: |
V="${{ steps.pg.outputs.version }}"
curl -fsSL -o pg.tar.gz \
"https://github.com/theseus-rs/postgresql-binaries/releases/download/${V}/postgresql-${V}-x86_64-pc-windows-msvc.tar.gz"
# theseus tarballs wrap everything in a top-level postgresql-<ver>-<triple>/ dir; strip it
mkdir -p pgdist && tar -xzf pg.tar.gz -C pgdist --strip-components=1
# PGROOT (MSYS path) for the bash package step; PGROOT_WIN (C:\ path) for MSVC nmake,
# which can't resolve the /c/... form.
echo "PGROOT=$PWD/pgdist" >> "$GITHUB_ENV"
echo "PGROOT_WIN=$(cygpath -w "$PWD/pgdist")" >> "$GITHUB_ENV"

- name: Build pgvector (MSVC nmake)
shell: cmd
run: |
git clone --depth 1 --branch "v%PGVECTOR_VERSION%" https://github.com/pgvector/pgvector.git
call "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvars64.bat"
cd pgvector
nmake /NOLOGO /F Makefile.win PGROOT="%PGROOT_WIN%"
nmake /NOLOGO /F Makefile.win PGROOT="%PGROOT_WIN%" install

- name: Package artifact
shell: bash
run: |
mkdir -p out
cp "$PGROOT/lib/vector.dll" out/
cp "$PGROOT"/share/extension/vector.control "$PGROOT"/share/extension/vector--*.sql out/
(cd out && 7z a -tzip "pgvector_compiled.zip" vector.dll vector.control vector--*.sql)

- uses: actions/upload-artifact@v4
with:
name: pgvector-windows-x86_64-pg${{ matrix.pg_major }}
retention-days: 1
path: out/pgvector_compiled.zip

# ─── Upload all 12 artifacts to S3 (versioned + latest), then invalidate CloudFront ───
upload:
needs: [build-linux, build-darwin, build-windows]
if: ${{ !inputs.dry_run }}
runs-on: depot-ubuntu-24.04-arm
timeout-minutes: 10
steps:
- name: Download all artifacts
uses: actions/download-artifact@v4
with:
pattern: pgvector-*
path: ./artifacts

- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::216938125589:role/alien-releases-upload
aws-region: us-east-1

- name: Upload to S3 (versioned + latest)
run: |
# Artifact names encode the axes: pgvector-<os>-<arch>-pg<major>. Re-key each one to
# the path the manager fetches, publishing both the pinned and the moving aliases.
for dir in ./artifacts/pgvector-*; do
name=$(basename "$dir") # pgvector-linux-x86_64-pg17
rest=${name#pgvector-} # linux-x86_64-pg17
major=${rest##*-pg} # 17
osarch=${rest%-pg*} # linux-x86_64
src="$dir/pgvector_compiled.zip"
for prefix in "v${PGVECTOR_VERSION}" latest; do
aws s3 cp "$src" \
"s3://alien-releases-prod/pgvector/${prefix}/${osarch}/pg${major}/pgvector_compiled.zip"
done
done

- name: Invalidate CloudFront cache
run: |
aws cloudfront create-invalidation \
--distribution-id ${{ vars.RELEASES_CLOUDFRONT_DISTRIBUTION_ID }} \
--paths "/pgvector/*"
Loading
Loading