Static macos

.github/workflows/build.yaml

@@ -30,8 +30,22 @@ concurrency:
 
 jobs:
   static:
-    name: Nix - Linux static
-    runs-on: ubuntu-24.04
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - name: Linux
+            runs-on: ubuntu-24.04
+            artifact: postgrest-linux-static-x64
+            docker: postgrest-linux-docker-x64
+
+          - name: MacOS
+            runs-on: macos-14
+            artifact: postgrest-macos-static-x64
+            docker: postgrest-macos-docker-x64
+
+    name: Nix - ${{ matrix.name }} static
+    runs-on: ${{ matrix.runs-on }}
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: Setup Nix Environment
@@ -40,11 +54,12 @@ jobs:
           authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
 
       - name: Build static executable
-        run: nix-build -A postgrestStatic
+        run: |
+          nix-build -j6 -A postgrestStatic --keep-going 2>&1 | grep '^error: builder' -B50
       - name: Save built executable as artifact
         uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
         with:
-          name: postgrest-linux-static-x64
+          name: ${{ matrix.artifact }}
           path: result/bin/postgrest
           if-no-files-found: error
 
@@ -53,35 +68,11 @@ jobs:
       - name: Save built Docker image as artifact
         uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0
         with:
-          name: postgrest-docker-x64
+          name: ${{ matrix.docker }}
           path: postgrest-docker.tar.gz
           if-no-files-found: error
 
 
-  macos:
-    name: Nix - MacOS
-    runs-on: macos-14
-    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - name: Setup Nix Environment
-        uses: ./.github/actions/setup-nix
-        with:
-          authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
-      - name: Install gnu sed
-        run: brew install gnu-sed
-
-      - name: Build everything
-        run: |
-          # The --dry-run will give us a list of derivations to download from cachix and
-          # derivations to build. We only take those that would have to be built and then build
-          # those explicitly. This has the advantage that pure verification will not include
-          # a download anymore, making it much faster. If something needs to be built, only
-          # the dependencies required to do so will be downloaded, but not everything.
-          nix-build --dry-run 2>&1 \
-            | gsed -e '1,/derivations will be built:$/d' -e '/paths will be fetched/Q' \
-            | xargs nix-build
-
-
   stack:
     strategy:
       fail-fast: false

.github/workflows/ci.yaml

@@ -277,7 +277,7 @@ jobs:
       - name: Download Docker image
         uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
         with:
-          name: postgrest-docker-x64
+          name: postgrest-linux-docker-x64
       - name: Publish images on Docker Hub
         run: |
           docker login -u "$DOCKER_USER" -p "$DOCKER_PASS"

default.nix

@@ -35,7 +35,6 @@ let
       allOverlays.build-toolbox
       allOverlays.checked-shell-script
       allOverlays.gitignore
-      allOverlays.postgresql-libpq
       (allOverlays.haskell-packages { inherit compiler; })
       allOverlays.slocat
     ];
@@ -51,7 +50,6 @@ let
       { name = "postgresql-15"; postgresql = pkgs.postgresql_15.withPackages (p: [ p.postgis p.pg_safeupdate ]); }
       { name = "postgresql-14"; postgresql = pkgs.postgresql_14.withPackages (p: [ p.postgis p.pg_safeupdate ]); }
       { name = "postgresql-13"; postgresql = pkgs.postgresql_13.withPackages (p: [ p.postgis p.pg_safeupdate ]); }
-      { name = "postgresql-12"; postgresql = pkgs.postgresql_12.withPackages (p: [ p.postgis p.pg_safeupdate ]); }
     ];
 
   # Dynamic derivation for PostgREST
@@ -144,7 +142,7 @@ rec {
       inherit (pkgs.haskell.packages."${compiler}") hpc-codecov;
       inherit (pkgs.haskell.packages."${compiler}") weeder;
     };
-} // pkgs.lib.optionalAttrs pkgs.stdenv.isLinux rec {
+
   # Static executable.
   inherit (staticHaskellPackage) postgrestStatic;
   inherit (staticHaskellPackage) packagesStatic;

nix/README.md

@@ -75,12 +75,12 @@ The PostgREST utilities available in `nix-shell` all have names that begin with
 postgrest-build                   postgrest-test-spec
 postgrest-check                   postgrest-watch
 postgrest-clean                   postgrest-with-all
-postgrest-coverage                postgrest-with-postgresql-12
-postgrest-lint                    postgrest-with-postgresql-13
-postgrest-run                     postgrest-with-postgresql-14
-postgrest-style                   postgrest-with-postgresql-15
-postgrest-style-check             postgrest-with-postgresql-16
-postgrest-test-io                 postgrest-with-postgresql-17
+postgrest-coverage                postgrest-with-postgresql-13
+postgrest-lint                    postgrest-with-postgresql-14
+postgrest-run                     postgrest-with-postgresql-15
+postgrest-style                   postgrest-with-postgresql-16
+postgrest-style-check             postgrest-with-postgresql-17
+postgrest-test-io
 ...
 
 [nix-shell]$
@@ -99,12 +99,12 @@ $ nix-shell --arg memory true
 postgrest-build                   postgrest-test-spec
 postgrest-check                   postgrest-watch
 postgrest-clean                   postgrest-with-all
-postgrest-coverage                postgrest-with-postgresql-12
-postgrest-lint                    postgrest-with-postgresql-13
-postgrest-run                     postgrest-with-postgresql-14
-postgrest-style                   postgrest-with-postgresql-15
-postgrest-style-check             postgrest-with-postgresql-16
-postgrest-test-io                 postgrest-with-postgresql-17
+postgrest-coverage                postgrest-with-postgresql-13
+postgrest-lint                    postgrest-with-postgresql-14
+postgrest-run                     postgrest-with-postgresql-15
+postgrest-style                   postgrest-with-postgresql-16
+postgrest-style-check             postgrest-with-postgresql-17
+postgrest-test-io
 postgrest-test-memory
 ...
 

nix/nixpkgs-version.nix

@@ -2,8 +2,8 @@
 {
   owner = "NixOS";
   repo = "nixpkgs";
-  ref = "refs/heads/nixpkgs-unstable-darwin";
-  date = "2024-11-09";
-  rev = "a90280100f41a10914edfe729a4053e60c92b8e3";
-  tarballHash = "1vwr665b6l6gma24w45q5hic86vbd8alc01mziwwr621hwlca88f";
+  ref = "refs/heads/nixpkgs-unstable";
+  date = "2024-12-23";
+  rev = "fc9c33366b98237cc759cdd90ef6058f5a1cb9dd";
+  tarballHash = "08ya8l1w7wwa66i0r9amqdvqp1mxrrvxbn53c9n98phxzpw2dvsy";
 }

nix/overlays/default.nix

@@ -3,6 +3,5 @@
   checked-shell-script = import ./checked-shell-script;
   gitignore = import ./gitignore.nix;
   haskell-packages = import ./haskell-packages.nix;
-  postgresql-libpq = import ./postgresql-libpq.nix;
   slocat = import ./slocat.nix;
 }

nix/overlays/haskell-packages.nix

@@ -67,7 +67,7 @@ let
           sha256 = "sha256-tXOMqCO8opMilI9rx0D+njqjIjbZsH168Bzb8Aq8Ff4=";
         }
         {
-          postgresql = super.libpq;
+          postgresql = super.postgresql_16;
         });
     };
 in

nix/static.nix

@@ -8,64 +8,22 @@ let
   inherit (pkgs) pkgsStatic;
   inherit (pkgsStatic.haskell) lib;
 
-  packagesStatic =
-    pkgsStatic.haskell.packages."${compiler}".override (old: {
-      ghc = pkgsStatic.pkgsBuildHost.haskell.compiler."${compiler}".override {
-        # Using the bundled libffi generally works better for cross-compiling
-        libffi = null;
-        # Building sphinx fails on some platforms
-        enableDocs = false;
-        # Cross compiling with native bignum works better than with gmp
-        enableNativeBignum = true;
-      };
-
-      overrides = pkgs.lib.composeExtensions old.overrides (_: prev: {
-        postgresql-libpq = (lib.overrideCabal prev.postgresql-libpq {
-          # TODO: This section can be simplified when this PR has made it's way to us:
-          #  https://github.com/NixOS/nixpkgs/pull/286370
-          # Additionally, we need to use the default version in nixpkgs, otherwise the
-          # override will not be active as well.
-          # Using use-pkg-config flag, because pg_config won't work when cross-compiling
-          configureFlags = [ "-fuse-pkg-config" ];
-          # postgresql doesn't build in the fully static overlay - but the default
-          # derivation is built with static libraries anyway.
-          libraryPkgconfigDepends = [ pkgsStatic.libpq ];
-          librarySystemDepends = [ ];
-        }).overrideAttrs (_: prevAttrs: {
-          buildInputs = prevAttrs.buildInputs ++ [ pkgsStatic.openssl ];
-        });
-      });
-    });
+  packagesStatic = pkgsStatic.haskell.packages."${compiler}";
 
   makeExecutableStatic = drv: pkgs.lib.pipe drv [
     lib.compose.justStaticExecutables
 
     # To successfully compile a redistributable, fully static executable we need to:
-    # 1. make executable really statically linked.
-    # 2. avoid any references to /nix/store to prevent blowing up the closure size.
-    # 3. be able to run the executable.
-    # When checking for references, we ignore the following:
-    # - eeee... are removed references which don't actually exist
-    # - openssl-etc references are purposely designed to be very small
-    (lib.compose.overrideCabal (drv: {
-      postFixup = drv.postFixup + ''
-        exe="$out/bin/postgrest"
-
-        if ! (file "$exe" | grep 'statically linked') then
-          echo "not a static executable, ldd output:"
-          ldd "$exe"
-          exit 1
-        fi
-
-        echo "Checking for references to /nix/store..."
-        (${pkgsStatic.binutils}/bin/strings "$exe" \
-          | grep -v /nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee \
-          | grep -v -etc/etc/ssl \
-          | grep /nix/store || exit 0 && exit 1)
-        echo "No references to /nix/store found"
-
-        "$exe" --help
-      '';
+    # 1. avoid any references to /nix/store to prevent blowing up the closure size.
+    # 2. be able to run the executable.
+    (drv: drv.overrideAttrs (finalAttrs: {
+      allowedReferences = [
+        pkgsStatic.openssl.etc
+      ];
+
+      passthru.tests.version = pkgsStatic.testers.testVersion {
+        package = finalAttrs.finalPackage;
+      };
     }))
   ];
 

src/PostgREST/App.hs

@@ -44,7 +44,6 @@ import PostgREST.ApiRequest           (ApiRequest (..))
 import PostgREST.AppState             (AppState)
 import PostgREST.Auth                 (AuthResult (..))
 import PostgREST.Config               (AppConfig (..), LogLevel (..))
-import PostgREST.Config.PgVersion     (PgVersion (..))
 import PostgREST.Error                (Error)
 import PostgREST.Network              (resolveHost)
 import PostgREST.Observation          (Observation (..))
@@ -107,12 +106,11 @@ postgrest logLevel appState connWorker =
       Right authResult -> do
         appConf <- AppState.getConfig appState -- the config must be read again because it can reload
         maybeSchemaCache <- AppState.getSchemaCache appState
-        pgVer <- AppState.getPgVersion appState
 
         let
           eitherResponse :: IO (Either Error Wai.Response)
           eitherResponse =
-            runExceptT $ postgrestResponse appState appConf maybeSchemaCache pgVer authResult req
+            runExceptT $ postgrestResponse appState appConf maybeSchemaCache authResult req
 
         response <- either Error.errorResponseFor identity <$> eitherResponse
         -- Launch the connWorker when the connection is down.  The postgrest
@@ -128,11 +126,10 @@ postgrestResponse
   :: AppState.AppState
   -> AppConfig
   -> Maybe SchemaCache
-  -> PgVersion
   -> AuthResult
   -> Wai.Request
   -> Handler IO Wai.Response
-postgrestResponse appState conf@AppConfig{..} maybeSchemaCache pgVer authResult@AuthResult{..} req = do
+postgrestResponse appState conf@AppConfig{..} maybeSchemaCache authResult@AuthResult{..} req = do
   sCache <-
     case maybeSchemaCache of
       Just sCache ->
@@ -146,7 +143,7 @@ postgrestResponse appState conf@AppConfig{..} maybeSchemaCache pgVer authResult@
 
   (parseTime, apiReq@ApiRequest{..}) <- withTiming $ liftEither . mapLeft Error.ApiRequestError $ ApiRequest.userApiRequest conf req body sCache
   (planTime, plan)                   <- withTiming $ liftEither $ Plan.actionPlan iAction conf apiReq sCache
-  (queryTime, queryResult)           <- withTiming $ Query.runQuery appState conf authResult apiReq plan sCache pgVer (Just authRole /= configDbAnonRole)
+  (queryTime, queryResult)           <- withTiming $ Query.runQuery appState conf authResult apiReq plan sCache (Just authRole /= configDbAnonRole)
   (respTime, resp)                   <- withTiming $ liftEither $ Response.actionResponse queryResult apiReq (T.decodeUtf8 prettyVersion, docsVersion) conf sCache iSchema iNegotiatedByProfile
 
   return $ toWaiResponse (ServerTiming jwtTime parseTime planTime queryTime respTime) resp

src/PostgREST/Config/PgVersion.hs

@@ -3,7 +3,6 @@
 module PostgREST.Config.PgVersion
   ( PgVersion(..)
   , minimumPgVersion
-  , pgVersion130
   , pgVersion140
   , pgVersion150
   , pgVersion170
@@ -26,10 +25,7 @@ instance Ord PgVersion where
 
 -- | Tells the minimum PostgreSQL version required by this version of PostgREST
 minimumPgVersion :: PgVersion
-minimumPgVersion = pgVersion121
-
-pgVersion121 :: PgVersion
-pgVersion121 = PgVersion 120001 "12.1" "12.1"
+minimumPgVersion = pgVersion130
 
 pgVersion130 :: PgVersion
 pgVersion130 = PgVersion 130000 "13.0" "13.0"