AB-449 PostgreSQL Operator: Release workflow + PostgreSQL 15 to 18 Test Matrix

.github/workflows/main.yml

@@ -10,6 +10,28 @@ concurrency:
 
 jobs:
   test:
-    name: Tests
-    uses: ./.github/workflows/test.yml
-    secrets: inherit
+    name: Tests (PostgreSQL ${{ matrix.postgres-version }})
+    runs-on: ubuntu-24.04
+    timeout-minutes: 5
+    strategy:
+      fail-fast: false
+      matrix:
+        postgres-version: [ 15, 16, 17, 18 ]
+    steps:
+      - uses: actions/checkout@v5
+        with:
+          token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}
+      - uses: aboutbits/github-actions-java/setup-with-gradle@v4
+        with:
+          java-version: 25
+          cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
+      - name: Build & Test
+        run: >-
+          ./gradlew
+          --console=colored
+          :operator:test
+          --fail-fast
+          -Dquarkus.test.profile=test-pg${{ matrix.postgres-version }}
+        env:
+          GITHUB_USER_NAME: ${{ github.actor }}
+          GITHUB_ACCESS_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/release.yml

@@ -0,0 +1,85 @@
+name: Release
+
+on:
+  workflow_dispatch:
+    inputs:
+      increment:
+        description: "Version increment type"
+        type: choice
+        required: true
+        default: "Patch"
+        options:
+          - "Major"
+          - "Minor"
+          - "Patch"
+          - "Prerelease"
+
+env:
+  DOCKER_IMAGE: ghcr.io/${{ github.repository }}
+
+jobs:
+  build-and-publish:
+    runs-on: ubuntu-24.04
+    timeout-minutes: 15
+    steps:
+      - uses: actions/checkout@v6
+        with:
+          token: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}
+      - uses: aboutbits/github-actions-base/git-setup@v2
+      - uses: aboutbits/github-actions-java/setup-with-gradle@v4
+        with:
+          java-version: 25
+          cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }}
+      - name: Increment version
+        run: ./gradlew --console=colored createRelease -Prelease.versionIncrementer=increment${{ github.event.inputs.increment }}
+        shell: bash
+      - name: Get next package version
+        id: nextVersion
+        run: echo "version=$(./gradlew currentVersion -q -Prelease.quiet)" >> $GITHUB_OUTPUT
+        shell: bash
+      - name: Build package
+        run: ./gradlew --console=colored build
+      - name: Build Docker image
+        uses: aboutbits/github-actions-docker/build-push@v1
+        with:
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+          docker-image: ${{ env.DOCKER_IMAGE }}
+          docker-tag: ${{ steps.nextVersion.outputs.version }}
+          working-directory: './operator'
+          dockerfile: './operator/src/main/docker/Dockerfile.jvm'
+      - name: Push tag to remote
+        run: ./gradlew --console=colored pushRelease
+        shell: bash
+      - uses: aboutbits/github-actions-base/github-create-release@v2
+        with:
+          tag-name: 'v${{ steps.nextVersion.outputs.version }}'
+          release-description: |
+            ## Installation
+
+            **Docker Image:**
+            ```bash
+            docker pull ${{ env.DOCKER_IMAGE }}:${{ steps.nextVersion.outputs.version }}
+            ```
+
+            **Helm Chart:**
+            ```bash
+            helm install postgresql-operator https://github.com/${{ github.repository }}/releases/download/v${{ steps.nextVersion.outputs.version }}/postgresql-operator-${{ steps.nextVersion.outputs.version }}.tgz
+            ```
+
+            **Manually installing CRDs:**
+            ```bash
+            kubectl apply -f https://github.com/${{ github.repository }}/releases/download/v${{ steps.nextVersion.outputs.version }}/clusterconnections.postgresql.aboutbits.it-v1.yml
+            kubectl apply -f https://github.com/${{ github.repository }}/releases/download/v${{ steps.nextVersion.outputs.version }}/databases.postgresql.aboutbits.it-v1.yml
+            kubectl apply -f https://github.com/${{ github.repository }}/releases/download/v${{ steps.nextVersion.outputs.version }}/schemas.postgresql.aboutbits.it-v1.yml
+            kubectl apply -f https://github.com/${{ github.repository }}/releases/download/v${{ steps.nextVersion.outputs.version }}/roles.postgresql.aboutbits.it-v1.yml
+            kubectl apply -f https://github.com/${{ github.repository }}/releases/download/v${{ steps.nextVersion.outputs.version }}/grants.postgresql.aboutbits.it-v1.yml
+            kubectl apply -f https://github.com/${{ github.repository }}/releases/download/v${{ steps.nextVersion.outputs.version }}/defaultprivileges.postgresql.aboutbits.it-v1.yml
+            ```
+          release-notes-generation: 'true'
+      - name: Upload Helm chart and CRD assets
+        env:
+          GH_TOKEN: ${{ secrets.GH_PERSONAL_ACCESS_TOKEN }}
+        run: |
+          gh release upload v${{ steps.nextVersion.outputs.version }} operator/build/helm/kubernetes/*.tgz operator/build/kubernetes/*.postgresql.aboutbits.it-v1.yml
+        shell: bash

Makefile

@@ -14,8 +14,21 @@ run:
 generate-jooq:
 	./gradlew --console=colored :generated:jooqCodegen
 
+# Latest PostgreSQL Version configured in application.yml
 test:
-	./gradlew --console=colored :operator:clean :operator:test
+	./gradlew --console=colored :operator:clean :operator:test --rerun-tasks
+
+test-pg18:
+	./gradlew --console=colored :operator:clean :operator:test --rerun-tasks -Dquarkus.test.profile=test-pg18
+
+test-pg17:
+	./gradlew --console=colored :operator:clean :operator:test --rerun-tasks -Dquarkus.test.profile=test-pg17
+
+test-pg16:
+	./gradlew --console=colored :operator:clean :operator:test --rerun-tasks -Dquarkus.test.profile=test-pg16
+
+test-pg15:
+	./gradlew --console=colored :operator:clean :operator:test --rerun-tasks -Dquarkus.test.profile=test-pg15
 
 # Flag targets as phony, to tell `make` that these are no file targets
-.PHONY: init install run generate-jooq test
+.PHONY: init install run generate-jooq test test-pg18 test-pg17 test-pg16 test-pg15

build.gradle.kts

@@ -8,22 +8,36 @@ plugins {
     java
     checkstyle
     id("io.quarkus").apply(false)
+    alias(libs.plugins.axionReleasePlugin)
     alias(libs.plugins.errorPronePlugin)
     alias(libs.plugins.jooqPlugin).apply(false)
 }
 
 description = "AboutBits PostgreSQL Operator"
 
+scmVersion {
+    checks {
+        aheadOfRemote = true
+        snapshotDependencies = false
+        uncommittedChanges = false
+    }
+    releaseBranchNames = setOf("main")
+    releaseOnlyOnReleaseBranches = true
+    versionCreator("simple")
+}
+
+version = scmVersion.version
+
 allprojects {
     group = "it.aboutbits.postgresql"
-    version = "0.0.1-SNAPSHOT"
+    version = rootProject.version
 
     tasks.withType<Checkstyle>().configureEach {
         dependsOn(":checkstyleExtractConfig")
 
         reports {
-            html.required.set(false)
-            xml.required.set(false)
+            html.required = false
+            xml.required = false
         }
     }
 }

gradle.properties

@@ -1,13 +1,15 @@
 # Gradle properties
 org.gradle.caching=true
-org.gradle.parallel=true
+org.gradle.configuration-cache=true
+# TODO: Set to true when https://github.com/quarkusio/quarkus/issues/49115 is fixed
+org.gradle.parallel=false
 org.gradle.logging.level=INFO
 
 # Quarkus
 quarkusPluginId=io.quarkus
-quarkusPluginVersion=3.30.7
+quarkusPluginVersion=3.30.8
 # https://mvnrepository.com/artifact/io.quarkus.platform/quarkus-bom
 quarkusPlatformGroupId=io.quarkus.platform
 quarkusPlatformArtifactId=quarkus-bom
-quarkusPlatformVersion=3.30.7
+quarkusPlatformVersion=3.30.8
 systemProp.quarkus.analytics.disabled=true

gradle/libs.versions.toml

@@ -2,6 +2,9 @@
 ## AboutBits Libraries ##
 checkstyleConfig = "2.0.0"
 
+# Axion Release Plugin #
+axionReleasePlugin = "1.21.1"
+
 ## Libraries ##
 jooq = "3.20.10"
 jSpecify = "1.0.0"
@@ -19,6 +22,10 @@ errorPronePlugin = "4.4.0"
 nullAway = "0.13.0"
 
 [plugins]
+# https://github.com/allegro/axion-release-plugin
+# https://axion-release-plugin.readthedocs.io/
+axionReleasePlugin = { id = "pl.allegro.tech.build.axion-release", version.ref = "axionReleasePlugin" }
+
 # https://github.com/tbroyer/gradle-errorprone-plugin
 # https://mvnrepository.com/artifact/net.ltgt.errorprone/net.ltgt.errorprone.gradle.plugin
 errorPronePlugin = { id = "net.ltgt.errorprone", version.ref = "errorPronePlugin" }

operator/src/main/docker/compose-devservices-test-pg15.yml

@@ -0,0 +1,19 @@
+services:
+  db:
+    image: postgres:15
+    command: "postgres -c checkpoint_timeout=10min -c fsync=off -c full_page_writes=off -c max_wal_size=2GB -c synchronous_commit=off"
+    tmpfs:
+      - /var/lib/postgresql/data:rw,async,noatime
+    healthcheck:
+      test: pg_isready -U root -d dummy
+      interval: 3s
+      timeout: 3s
+      retries: 3
+    ports:
+      - "5432"
+    labels:
+      io.quarkus.devservices.compose.config_map.port.5432: quarkus.datasource.jdbc.port
+    environment:
+      - POSTGRES_USER=root
+      - POSTGRES_PASSWORD=password
+      - POSTGRES_DB=dummy

operator/src/main/docker/compose-devservices-test-pg16.yml

@@ -0,0 +1,19 @@
+services:
+  db:
+    image: postgres:16
+    command: "postgres -c checkpoint_timeout=10min -c fsync=off -c full_page_writes=off -c max_wal_size=2GB -c synchronous_commit=off"
+    tmpfs:
+      - /var/lib/postgresql/data:rw,async,noatime
+    healthcheck:
+      test: pg_isready -U root -d dummy
+      interval: 3s
+      timeout: 3s
+      retries: 3
+    ports:
+      - "5432"
+    labels:
+      io.quarkus.devservices.compose.config_map.port.5432: quarkus.datasource.jdbc.port
+    environment:
+      - POSTGRES_USER=root
+      - POSTGRES_PASSWORD=password
+      - POSTGRES_DB=dummy

operator/src/main/docker/compose-devservices-test-pg17.yml

@@ -0,0 +1,19 @@
+services:
+  db:
+    image: postgres:17
+    command: "postgres -c checkpoint_timeout=10min -c fsync=off -c full_page_writes=off -c max_wal_size=2GB -c synchronous_commit=off"
+    tmpfs:
+      - /var/lib/postgresql/data:rw,async,noatime
+    healthcheck:
+      test: pg_isready -U root -d dummy
+      interval: 3s
+      timeout: 3s
+      retries: 3
+    ports:
+      - "5432"
+    labels:
+      io.quarkus.devservices.compose.config_map.port.5432: quarkus.datasource.jdbc.port
+    environment:
+      - POSTGRES_USER=root
+      - POSTGRES_PASSWORD=password
+      - POSTGRES_DB=dummy

operator/src/main/docker/compose-devservices-test-pg18.yml

@@ -0,0 +1,19 @@
+services:
+  db:
+    image: postgres:18
+    command: "postgres -c checkpoint_timeout=10min -c fsync=off -c full_page_writes=off -c max_wal_size=2GB -c synchronous_commit=off"
+    tmpfs:
+      - /var/lib/postgresql/18/docker:rw,async,noatime
+    healthcheck:
+      test: pg_isready -U root -d dummy
+      interval: 3s
+      timeout: 3s
+      retries: 3
+    ports:
+      - "5432"
+    labels:
+      io.quarkus.devservices.compose.config_map.port.5432: quarkus.datasource.jdbc.port
+    environment:
+      - POSTGRES_USER=root
+      - POSTGRES_PASSWORD=password
+      - POSTGRES_DB=dummy

operator/src/main/java/it/aboutbits/postgresql/core/Privilege.java

@@ -23,8 +23,8 @@ public enum Privilege {
     CREATE,
     CONNECT,
     TEMPORARY,
-    USAGE,
-    MAINTAIN;
+    USAGE;
+    //MAINTAIN; // PostgreSQL 17+
 
     @JsonValue
     public String toValue() {

operator/src/main/java/it/aboutbits/postgresql/crd/defaultprivilege/DefaultPrivilegeObjectType.java

@@ -14,7 +14,6 @@
 import static it.aboutbits.postgresql.core.Privilege.CREATE;
 import static it.aboutbits.postgresql.core.Privilege.DELETE;
 import static it.aboutbits.postgresql.core.Privilege.INSERT;
-import static it.aboutbits.postgresql.core.Privilege.MAINTAIN;
 import static it.aboutbits.postgresql.core.Privilege.REFERENCES;
 import static it.aboutbits.postgresql.core.Privilege.SELECT;
 import static it.aboutbits.postgresql.core.Privilege.TRIGGER;
@@ -48,8 +47,8 @@ public enum DefaultPrivilegeObjectType {
                     DELETE,
                     TRUNCATE,
                     REFERENCES,
-                    TRIGGER,
-                    MAINTAIN
+                    TRIGGER
+                    //MAINTAIN // PostgreSQL 17+
             )
     ),
     SEQUENCE(

operator/src/main/java/it/aboutbits/postgresql/crd/defaultprivilege/DefaultPrivilegeSpec.java

@@ -102,7 +102,6 @@ public class DefaultPrivilegeSpec {
     /// - `trigger`
     /// - `create`
     /// - `usage`
-    /// - `maintain`
     @Required
     @JsonFormat(with = JsonFormat.Feature.ACCEPT_CASE_INSENSITIVE_VALUES)
     @ValidationRule(

operator/src/main/java/it/aboutbits/postgresql/crd/grant/GrantObjectType.java

@@ -15,7 +15,6 @@
 import static it.aboutbits.postgresql.core.Privilege.CREATE;
 import static it.aboutbits.postgresql.core.Privilege.DELETE;
 import static it.aboutbits.postgresql.core.Privilege.INSERT;
-import static it.aboutbits.postgresql.core.Privilege.MAINTAIN;
 import static it.aboutbits.postgresql.core.Privilege.REFERENCES;
 import static it.aboutbits.postgresql.core.Privilege.SELECT;
 import static it.aboutbits.postgresql.core.Privilege.TEMPORARY;
@@ -55,8 +54,8 @@ public enum GrantObjectType {
                     DELETE,
                     TRUNCATE,
                     REFERENCES,
-                    TRIGGER,
-                    MAINTAIN
+                    TRIGGER
+                    //MAINTAIN // PostgreSQL 17+
             )
     ),
     SEQUENCE(

operator/src/main/java/it/aboutbits/postgresql/crd/grant/GrantSpec.java

@@ -105,7 +105,6 @@ public class GrantSpec {
     /// - `connect`
     /// - `temporary`
     /// - `usage`
-    /// - `maintain`
     @Required
     @JsonFormat(with = JsonFormat.Feature.ACCEPT_CASE_INSENSITIVE_VALUES)
     @ValidationRule(