CORE-250: upgrade Postgres to 16.6 #177
Conversation
|
davidangb
changed the title
| @@ -24,7 +24,7 @@ jobs: | |||
| runs-on: ubuntu-latest | |||
| services: | |||
| postgres: | |||
| image: postgres:12.3 | |||
| image: postgres:16.6 | |||
There was a problem hiding this comment.
16.6 is the version supplied by Google for CloudSQL: https://cloud.google.com/sql/docs/postgres/db-versions
| CREATE ROLE dbuser WITH LOGIN ENCRYPTED PASSWORD 'dbpwd'; | ||
| CREATE ROLE dbuser_stairway WITH LOGIN ENCRYPTED PASSWORD 'dbpwd_stairway'; | ||
|
|
||
| CREATE DATABASE testdb OWNER dbuser; | ||
| CREATE DATABASE testdb_stairway OWNER dbuser_stairway; |
There was a problem hiding this comment.
this change is necessary due to permission lockdown as of Postgres 15. https://www.percona.com/blog/public-schema-security-upgrade-in-postgresql-15/ is a good writeup of this change. Without the fix, Liquibase fails to create tables in these dbs, leading to widespread failures of everything else.
This only affects unit tests, which use a blank/empty database each time. In live environments, when we upgrade from Postgres 12 to 16, permissions should be preserved:
Upgrading a cluster or restoring a database dump will preserve public's existing permissions.
davidangb
requested review from
a team,
kevinpalis and
samanehsan
and removed request for
a team
Upgrades unit tests and local development to Postgres 16.6.
The unit tests passed 10 times in a row in GHA for this PR (I re-ran it manually). I do see intermittent unit test failures when running locally - but they're not consistent, and different test cases fail on different runs. I am inclined to write that off as an environmental issue. When running locally, unit tests pass about half the time with only one test causing each failure.
We could go all the way to Postgres 17. However, Postgres 16 is the GCP default (see here) and in my opinion this is not the place to push the envelope, nor would Janitor particularly benefit from the newer version. Postgres 16 does not hit extended support charges until February 1, 2029.