Begin moving to postgres spilo + adding pgvector #8309
Conversation
FelixMalfait
changed the title
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
There was a problem hiding this comment.
PR Summary
This PR transitions from a custom PostgreSQL image to Spilo PostgreSQL across development and production environments, standardizing database management and adding pgvector support.
- Replaces
POSTGRES_ADMIN_PASSWORDwithPGUSER_SUPERUSER/PGPASSWORD_SUPERUSERacross all configurations to align with Spilo's environment variables - Changes database volume mount path from
/var/lib/postgresql/datato/home/postgres/pgdatain Docker and K8s configurations - Adds
vectorextension support insetup-db.tsfor pgvector functionality - Modifies database connection strings to use
postgresuser instead oftwentyacross all environments - Preserves critical schemas (
metric_helpers,user_management,public) during database truncation
28 file(s) reviewed, 20 comment(s)
Edit PR Review Bot Settings | Greptile
| - name: Server / Create DB | ||
| if: steps.changed-files.outputs.any_changed == 'true' | ||
| run: | | ||
| PGPASSWORD=twenty psql -h localhost -p 5432 -U postgres -d postgres -c 'CREATE DATABASE "default";' | ||
| PGPASSWORD=twenty psql -h localhost -p 5432 -U postgres -d postgres -c 'CREATE DATABASE "test";' |
There was a problem hiding this comment.
logic: Database creation step should be moved before worker run but after environment setup to ensure proper initialization order
| services: | ||
| postgres: | ||
| image: twentycrm/twenty-postgres | ||
| image: twentycrm/twenty-postgres-spilo | ||
| env: | ||
| POSTGRES_PASSWORD: postgres | ||
| POSTGRES_USER: postgres | ||
| PGUSER_SUPERUSER: postgres | ||
| PGPASSWORD_SUPERUSER: twenty | ||
| ALLOW_NOSSL: "true" | ||
| SPILO_PROVIDER: "local" | ||
| ports: | ||
| - 5432:5432 | ||
| options: >- | ||
| --health-cmd pg_isready | ||
| --health-interval 10s | ||
| --health-timeout 5s | ||
| --health-retries 5 |
There was a problem hiding this comment.
logic: Missing database creation step in server-integration-test job that's present in server-setup job
| docker compose logs db | ||
| exit 1 | ||
| fi | ||
| echo "Still waiting for database... (${count}/60)" |
There was a problem hiding this comment.
logic: Message shows '(${count}/60)' but timeout is 300 - inconsistent messaging
| docker compose logs db server -f & | ||
| pid=$! |
There was a problem hiding this comment.
logic: Background process pid is never killed if containers start successfully - potential resource leak
| @@ -37,16 +44,20 @@ jobs: | |||
| if: steps.changed-files.outputs.changed == 'true' | |||
| uses: ./.github/workflows/actions/yarn-install | |||
|
|
|||
| - name: Server / Create DB | |||
| if: steps.changed-files.outputs.any_changed == 'true' | |||
There was a problem hiding this comment.
logic: Condition uses any_changed but previous steps use changed - this inconsistency could cause the database creation to run when it shouldn't or vice versa
| - name: PG_DATABASE_URL | ||
| value: "postgres://twenty:[email protected]/default" | ||
| value: "postgres://postgres:[email protected]/default" |
There was a problem hiding this comment.
logic: Ensure this connection string matches the credentials configured in the Spilo database deployment. The superuser password should be securely stored and accessed via a secret rather than hardcoded.
| | <a name="input_twentycrm_app_hostname"></a> [twentycrm\_app\_hostname](#input\_twentycrm\_app\_hostname) | The protocol, DNS fully qualified hostname, and port used to access TwentyCRM in your environment. Ex: https://crm.example.com:443 | `string` | n/a | yes | | ||
| | <a name="input_twentycrm_pgdb_admin_password"></a> [twentycrm\_pgdb\_admin\_password](#input\_twentycrm\_pgdb\_admin\_password) | TwentyCRM password for postgres database. | `string` | n/a | yes | |
There was a problem hiding this comment.
style: check if pgdb_admin_password variable needs to be renamed to match new Spilo environment variable PGPASSWORD_SUPERUSER
| PGUSER=$(echo $PG_DATABASE_URL | awk -F '//' '{print $2}' | awk -F ':' '{print $1}') | ||
| PGPASS=$(echo $PG_DATABASE_URL | awk -F ':' '{print $3}' | awk -F '@' '{print $1}') | ||
| PGHOST=$(echo $PG_DATABASE_URL | awk -F '@' '{print $2}' | awk -F ':' '{print $1}') | ||
| PGPORT=$(echo $PG_DATABASE_URL | awk -F ':' '{print $4}' | awk -F '/' '{print $1}') |
There was a problem hiding this comment.
logic: URL parsing with awk is fragile - will break if credentials contain special characters or if URL format changes. Consider using a more robust parsing method.
| PGPASSWORD=${PGPASS} psql -h ${PGHOST} -p ${PGPORT} -U ${PGUSER} -d postgres -tc "SELECT 1 FROM pg_database WHERE datname = 'default'" | grep -q 1 || \ | ||
| PGPASSWORD=${PGPASS} psql -h ${PGHOST} -p ${PGPORT} -U ${PGUSER} -d postgres -c "CREATE DATABASE \"default\"" |
There was a problem hiding this comment.
logic: Missing error handling if psql commands fail. Script continues even if database creation fails.
| if ( | ||
| schema.schema_name === 'metric_helpers' || | ||
| schema.schema_name === 'user_management' || | ||
| schema.schema_name === 'public' | ||
| ) { | ||
| continue; | ||
| } |
There was a problem hiding this comment.
style: Consider making protected schemas configurable via environment variables rather than hardcoding them
We will remove the
twenty-postgresimage that was used for local development and only usetwenty-postgres-pilo(which we use in prod), bringing the development environment closer to prod and avoiding having to maintain 2 images.Instead of provisioning the super user after the db initialization, we directly rely on the superuser provided by Spilo for simplicity. We also introduce a change that tries to create the right database (
defaultortest) based on the context.How to test: