AB-449 PostgreSQL Operator: Release workflow + PostgreSQL 15 to 18 Test Matrix

.github/workflows/release.yml

@@ -0,0 +1,85 @@
+name: Release
+
+on:
+  workflow_dispatch:
+    inputs:
+      increment:
+        description: "Version increment type"
+        type: choice
+        required: true
+        default: "Patch"
+        options:
+          - "Major"
+          - "Minor"
+          - "Patch"
+          - "Prerelease"
+
+env:
+  DOCKER_IMAGE: ghcr.io/${{ github.repository }}
+
+jobs:
+  test:
+    uses: ./.github/workflows/test.yml
+    secrets: inherit
+
+  build-and-release:
+    needs: test
+    runs-on: ubuntu-24.04
+    timeout-minutes: 15
+    steps:
+      - uses: actions/checkout@v6
+        with:
+          token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}
+      - uses: aboutbits/github-actions-base/git-setup@v2
+      - uses: aboutbits/github-actions-java/setup-with-gradle@v4
+        with:
+          java-version: 25
+          cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
+      - name: Increment version
+        run: ./gradlew --console=colored createRelease -Prelease.versionIncrementer=increment${{ github.event.inputs.increment }}
+        shell: bash
+      - name: Get next package version
+        id: nextVersion
+        run: echo "version=$(./gradlew currentVersion -q -Prelease.quiet)" >> $GITHUB_OUTPUT
+        shell: bash
+      - name: Build package
+        run: ./gradlew --console=colored build -x test
+      - name: Build Docker image
+        uses: aboutbits/github-actions-docker/build-push@v1
+        with:
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+          docker-image: ${{ env.DOCKER_IMAGE }}
+          docker-tag: ${{ steps.nextVersion.outputs.version }}
+          working-directory: './operator'
+          dockerfile: './operator/src/main/docker/Dockerfile.jvm'
+      - name: Push tag to remote
+        run: ./gradlew --console=colored pushRelease
+        shell: bash
+      - uses: aboutbits/github-actions-base/github-create-release@v2
+        with:
+          tag-name: 'v${{ steps.nextVersion.outputs.version }}'
+          release-description: |
+            ## Installation
+
+            ### Helm Chart
+            ```bash
+            helm install postgresql-operator https://github.com/${{ github.repository }}/releases/download/v${{ steps.nextVersion.outputs.version }}/postgresql-operator-${{ steps.nextVersion.outputs.version }}.tgz
+            ```
+
+            ### Manual CRD Installation
+            ```bash
+            kubectl apply -f https://github.com/${{ github.repository }}/releases/download/v${{ steps.nextVersion.outputs.version }}/clusterconnections.postgresql.aboutbits.it-v1.yml
+            kubectl apply -f https://github.com/${{ github.repository }}/releases/download/v${{ steps.nextVersion.outputs.version }}/databases.postgresql.aboutbits.it-v1.yml
+            kubectl apply -f https://github.com/${{ github.repository }}/releases/download/v${{ steps.nextVersion.outputs.version }}/schemas.postgresql.aboutbits.it-v1.yml
+            kubectl apply -f https://github.com/${{ github.repository }}/releases/download/v${{ steps.nextVersion.outputs.version }}/roles.postgresql.aboutbits.it-v1.yml
+            kubectl apply -f https://github.com/${{ github.repository }}/releases/download/v${{ steps.nextVersion.outputs.version }}/grants.postgresql.aboutbits.it-v1.yml
+            kubectl apply -f https://github.com/${{ github.repository }}/releases/download/v${{ steps.nextVersion.outputs.version }}/defaultprivileges.postgresql.aboutbits.it-v1.yml
+            ```
+          release-notes-generation: 'true'
+      - name: Upload Helm chart and CRD assets
+        env:
+          GH_TOKEN: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}
+        run: |
+          gh release upload v${{ steps.nextVersion.outputs.version }} operator/build/helm/kubernetes/*.tgz operator/build/kubernetes/*.postgresql.aboutbits.it-v1.yml
+        shell: bash

.github/workflows/test.yml

@@ -5,11 +5,17 @@ on:
 
 jobs:
   test:
-    name: Tests
+    name: Tests (PostgreSQL ${{ matrix.postgres-version }})
     runs-on: ubuntu-24.04
     timeout-minutes: 5
+    strategy:
+      fail-fast: false
+      matrix:
+        postgres-version: [ 15, 16, 17, 18 ]
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
+        with:
+          token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}
       - uses: aboutbits/github-actions-java/setup-with-gradle@v4
         with:
           java-version: 25
@@ -20,6 +26,7 @@ jobs:
           --console=colored
           :operator:test
           --fail-fast
+          -Dquarkus.test.profile=test-pg${{ matrix.postgres-version }}
         env:
           GITHUB_USER_NAME: ${{ github.actor }}
           GITHUB_ACCESS_TOKEN: ${{ secrets.GITHUB_TOKEN }}

LICENSE

@@ -0,0 +1,7 @@
+Copyright About Bits GmbH
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

Makefile

@@ -14,8 +14,21 @@ run:
 generate-jooq:
 	./gradlew --console=colored :generated:jooqCodegen
 
+# Latest PostgreSQL Version configured in application.yml
 test:
-	./gradlew --console=colored :operator:clean :operator:test
+	./gradlew --console=colored :operator:clean :operator:test --rerun-tasks
+
+test-pg18:
+	./gradlew --console=colored :operator:clean :operator:test --rerun-tasks -Dquarkus.test.profile=test-pg18
+
+test-pg17:
+	./gradlew --console=colored :operator:clean :operator:test --rerun-tasks -Dquarkus.test.profile=test-pg17
+
+test-pg16:
+	./gradlew --console=colored :operator:clean :operator:test --rerun-tasks -Dquarkus.test.profile=test-pg16
+
+test-pg15:
+	./gradlew --console=colored :operator:clean :operator:test --rerun-tasks -Dquarkus.test.profile=test-pg15
 
 # Flag targets as phony, to tell `make` that these are no file targets
-.PHONY: init install run generate-jooq test
+.PHONY: init install run generate-jooq test test-pg18 test-pg17 test-pg16 test-pg15

build.gradle.kts

@@ -8,22 +8,36 @@ plugins {
     java
     checkstyle
     id("io.quarkus").apply(false)
+    alias(libs.plugins.axionReleasePlugin)
     alias(libs.plugins.errorPronePlugin)
     alias(libs.plugins.jooqPlugin).apply(false)
 }
 
 description = "AboutBits PostgreSQL Operator"
 
+scmVersion {
+    checks {
+        aheadOfRemote = true
+        snapshotDependencies = false
+        uncommittedChanges = false
+    }
+    releaseBranchNames = setOf("main")
+    releaseOnlyOnReleaseBranches = true
+    versionCreator("simple")
+}
+
+version = scmVersion.version
+
 allprojects {
     group = "it.aboutbits.postgresql"
-    version = "0.0.1-SNAPSHOT"
+    version = rootProject.version
 
     tasks.withType<Checkstyle>().configureEach {
         dependsOn(":checkstyleExtractConfig")
 
         reports {
-            html.required.set(false)
-            xml.required.set(false)
+            html.required = false
+            xml.required = false
         }
     }
 }

gradle.properties

@@ -1,13 +1,15 @@
 # Gradle properties
 org.gradle.caching=true
-org.gradle.parallel=true
+org.gradle.configuration-cache=true
+# TODO: Set to true when https://github.com/quarkusio/quarkus/issues/49115 is fixed
+org.gradle.parallel=false
 org.gradle.logging.level=INFO
 
 # Quarkus
 quarkusPluginId=io.quarkus
-quarkusPluginVersion=3.30.7
+quarkusPluginVersion=3.30.8
 # https://mvnrepository.com/artifact/io.quarkus.platform/quarkus-bom
 quarkusPlatformGroupId=io.quarkus.platform
 quarkusPlatformArtifactId=quarkus-bom
-quarkusPlatformVersion=3.30.7
+quarkusPlatformVersion=3.30.8
 systemProp.quarkus.analytics.disabled=true

gradle/libs.versions.toml

@@ -1,6 +1,9 @@
 [versions]
 ## AboutBits Libraries ##
-checkstyleConfig = "2.0.0"
+checkstyleConfig = "2.0.0-RC1"
+
+# Axion Release Plugin #
+axionReleasePlugin = "1.21.1"
 
 ## Libraries ##
 jooq = "3.20.10"
@@ -11,14 +14,18 @@ quarkiverse-helm = "1.2.7"
 scram-client = "3.2"
 
 ## Testing ##
-assertj = "3.27.6"
+assertj = "3.27.7"
 checkstyle = "13.0.0"
 datafaker = "2.5.3"
 errorProne = "2.46.0"
 errorPronePlugin = "4.4.0"
 nullAway = "0.13.0"
 
 [plugins]
+# https://github.com/allegro/axion-release-plugin
+# https://axion-release-plugin.readthedocs.io/
+axionReleasePlugin = { id = "pl.allegro.tech.build.axion-release", version.ref = "axionReleasePlugin" }
+
 # https://github.com/tbroyer/gradle-errorprone-plugin
 # https://mvnrepository.com/artifact/net.ltgt.errorprone/net.ltgt.errorprone.gradle.plugin
 errorPronePlugin = { id = "net.ltgt.errorprone", version.ref = "errorPronePlugin" }

operator/src/main/docker/compose-devservices-test-pg15.yml

@@ -0,0 +1,19 @@
+services:
+  db:
+    image: postgres:15
+    command: [ "postgres", "-c", "checkpoint_timeout=10min", "-c", "fsync=off", "-c", "full_page_writes=off", "-c", "max_wal_size=2GB", "-c", "synchronous_commit=off" ]
+    tmpfs:
+      - /var/lib/postgresql/data:rw,async,noatime
+    healthcheck:
+      test: pg_isready -U root -d dummy
+      interval: 3s
+      timeout: 3s
+      retries: 3
+    ports:
+      - "5432"
+    labels:
+      io.quarkus.devservices.compose.config_map.port.5432: quarkus.datasource.jdbc.port
+    environment:
+      - POSTGRES_USER=root
+      - POSTGRES_PASSWORD=password
+      - POSTGRES_DB=dummy

operator/src/main/docker/compose-devservices-test-pg16.yml

@@ -0,0 +1,19 @@
+services:
+  db:
+    image: postgres:16
+    command: [ "postgres", "-c", "checkpoint_timeout=10min", "-c", "fsync=off", "-c", "full_page_writes=off", "-c", "max_wal_size=2GB", "-c", "synchronous_commit=off" ]
+    tmpfs:
+      - /var/lib/postgresql/data:rw,async,noatime
+    healthcheck:
+      test: pg_isready -U root -d dummy
+      interval: 3s
+      timeout: 3s
+      retries: 3
+    ports:
+      - "5432"
+    labels:
+      io.quarkus.devservices.compose.config_map.port.5432: quarkus.datasource.jdbc.port
+    environment:
+      - POSTGRES_USER=root
+      - POSTGRES_PASSWORD=password
+      - POSTGRES_DB=dummy

operator/src/main/docker/compose-devservices-test-pg17.yml

@@ -0,0 +1,19 @@
+services:
+  db:
+    image: postgres:17
+    command: [ "postgres", "-c", "checkpoint_timeout=10min", "-c", "fsync=off", "-c", "full_page_writes=off", "-c", "max_wal_size=2GB", "-c", "synchronous_commit=off" ]
+    tmpfs:
+      - /var/lib/postgresql/data:rw,async,noatime
+    healthcheck:
+      test: pg_isready -U root -d dummy
+      interval: 3s
+      timeout: 3s
+      retries: 3
+    ports:
+      - "5432"
+    labels:
+      io.quarkus.devservices.compose.config_map.port.5432: quarkus.datasource.jdbc.port
+    environment:
+      - POSTGRES_USER=root
+      - POSTGRES_PASSWORD=password
+      - POSTGRES_DB=dummy

operator/src/main/docker/compose-devservices-test-pg18.yml

@@ -0,0 +1,19 @@
+services:
+  db:
+    image: postgres:18
+    command: [ "postgres", "-c", "checkpoint_timeout=10min", "-c", "fsync=off", "-c", "full_page_writes=off", "-c", "max_wal_size=2GB", "-c", "synchronous_commit=off" ]
+    tmpfs:
+      - /var/lib/postgresql/18/docker:rw,async,noatime
+    healthcheck:
+      test: pg_isready -U root -d dummy
+      interval: 3s
+      timeout: 3s
+      retries: 3
+    ports:
+      - "5432"
+    labels:
+      io.quarkus.devservices.compose.config_map.port.5432: quarkus.datasource.jdbc.port
+    environment:
+      - POSTGRES_USER=root
+      - POSTGRES_PASSWORD=password
+      - POSTGRES_DB=dummy

operator/src/main/java/it/aboutbits/postgresql/core/Privilege.java

@@ -1,8 +1,12 @@
 package it.aboutbits.postgresql.core;
 
 import com.fasterxml.jackson.annotation.JsonValue;
+import lombok.Getter;
+import lombok.RequiredArgsConstructor;
+import lombok.experimental.Accessors;
 import org.jooq.impl.DSL;
 import org.jspecify.annotations.NullMarked;
+import org.jspecify.annotations.Nullable;
 
 import java.util.Locale;
 
@@ -12,19 +16,25 @@
  * </a>
  */
 @NullMarked
+@Getter
+@Accessors(fluent = true)
+@RequiredArgsConstructor
 public enum Privilege {
-    SELECT,
-    INSERT,
-    UPDATE,
-    DELETE,
-    TRUNCATE,
-    REFERENCES,
-    TRIGGER,
-    CREATE,
-    CONNECT,
-    TEMPORARY,
-    USAGE,
-    MAINTAIN;
+    SELECT(null),
+    INSERT(null),
+    UPDATE(null),
+    DELETE(null),
+    TRUNCATE(null),
+    REFERENCES(null),
+    TRIGGER(null),
+    CREATE(null),
+    CONNECT(null),
+    TEMPORARY(null),
+    USAGE(null),
+    MAINTAIN(17);
+
+    @Nullable
+    private final Integer minimumPostgresVersion;
 
     @JsonValue
     public String toValue() {