Upgrade to PG17

.example.env

@@ -13,8 +13,8 @@ LANG=en_US.UTF-8
 # locale filter to include in the locale generator
 LANGS="en_US.UTF-8,id_ID.UTF-8"
 
-POSTGRES_MAJOR_VERSION=16
+POSTGRES_MAJOR_VERSION=17
 POSTGIS_MAJOR_VERSION=3
-POSTGIS_MINOR_RELEASE=4
+POSTGIS_MINOR_RELEASE=5
 BUILD_TIMESCALE=false
 TIMESCALE_VERSION=2-2.14.2

.github/workflows/build-latest.yaml

@@ -21,7 +21,12 @@ jobs:
   build-docker-image:
     runs-on: ubuntu-latest
     timeout-minutes: 25
-    if: github.actor != 'dependabot[bot]'
+    if: |
+      github.actor != 'dependabot[bot]' &&
+      !(
+        contains(github.event.pull_request.title, '[skip-release]') ||
+        contains(github.event.comment.body, '/skiprelease')
+      )
     strategy:
       matrix:
         postgresMajorVersion:
@@ -29,7 +34,7 @@ jobs:
         postgisMajorVersion:
           - 3
         postgisMinorRelease:
-          - 4
+          - 5
         imageVersion:
           - imageDistro: debian
             imageDistroVersion: bookworm
@@ -75,7 +80,12 @@ jobs:
     runs-on: ubuntu-latest
     needs: [build-docker-image]
     timeout-minutes: 20
-    if: github.actor != 'dependabot[bot]'
+    if: |
+      github.actor != 'dependabot[bot]' &&
+      !(
+        contains(github.event.pull_request.title, '[skip-release]') ||
+        contains(github.event.comment.body, '/skiprelease')
+      )
     strategy:
       matrix:
         scenario:
@@ -106,7 +116,12 @@ jobs:
   scan_image:
     runs-on: ubuntu-latest
     timeout-minutes: 20
-    if: github.actor != 'dependabot[bot]'
+    if: |
+      github.actor != 'dependabot[bot]' &&
+      !(
+        contains(github.event.pull_request.title, '[skip-release]') ||
+        contains(github.event.comment.body, '/skiprelease')
+      )
     needs: [build-docker-image, run-scenario-tests]
     steps:
       - uses: actions/checkout@v4
@@ -134,7 +149,14 @@ jobs:
           sarif_file: 'trivy-results.sarif'
 
   push-internal-pr-images:
-    if: github.event.pull_request.base.repo.url == github.event.pull_request.head.repo.url && github.actor != 'dependabot[bot]'
+    if: |
+      github.event_name == 'pull_request' && 
+      github.event.pull_request.base.repo.url == github.event.pull_request.head.repo.url && 
+      github.actor != 'dependabot[bot]'  &&
+      !(
+        contains(github.event.pull_request.title, '[skip-release]') ||
+        contains(github.event.comment.body, '/skiprelease')
+      )
     runs-on: ubuntu-latest
     needs: [ build-docker-image, run-scenario-tests ]
     steps:

.github/workflows/deploy-image.yaml

@@ -12,17 +12,22 @@ jobs:
   deploy-image:
     runs-on: ubuntu-latest
     timeout-minutes: 20
-    if: github.actor != 'dependabot[bot]'
+    if: |
+      github.actor != 'dependabot[bot]' &&
+      !(
+        contains(github.event.pull_request.title, '[skip-release]') ||
+        contains(github.event.comment.body, '/skiprelease')
+      ) && github.event.workflow_run.conclusion == 'success'
     env:
       latest-ref: refs/heads/develop
     strategy:
       matrix:
         postgresMajorVersion:
-          - 16
+          - 17
         postgisMajorVersion:
           - 3
         postgisMinorRelease:
-          - 4
+          - 5
         imageVersion:
           - imageDistro: debian
             imageDistroVersion: bookworm
@@ -97,3 +102,43 @@ jobs:
             type=gha,scope=base
           cache-to: type=gha,scope=prod
           target: postgis-prod
+
+  publish_release_artifacts:
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+    if: |
+      github.actor != 'dependabot[bot]' &&
+      !(
+        contains(github.event.pull_request.title, '[skip-release]') ||
+        contains(github.event.comment.body, '/skiprelease') 
+      ) &&  github.event.workflow_run.conclusion == 'success'
+    needs: [ deploy-image ]
+    strategy:
+      matrix:
+        postgresMajorVersion:
+          - 17
+        postgisMajorVersion:
+          - 3
+        postgisMinorRelease:
+          - 5
+    steps:
+      - name: Checkout code
+        id: git_checkout
+        uses: actions/checkout@v3
+        with:
+          ref: 'develop'
+
+      - name: Get Current Date
+        id: current_date
+        run: echo "formatted=$(date -u +%Y.%m.%d)" >> $GITHUB_OUTPUT
+
+      - name: Get Latest Commit Hash
+        id: latest_commit_hash
+        run: echo "commit=$(git rev-parse --short "$GITHUB_SHA")" >> $GITHUB_OUTPUT
+
+      - name: publish_release
+        id: tag_releases
+        run: |
+          gh release create v${{ matrix.postgresMajorVersion }}.${{ matrix.postgisMajorVersion }}.${{ matrix.postgisMinorRelease }}--v${{ steps.current_date.outputs.formatted }}--${{ steps.latest_commit_hash.outputs.commit }} --notes ${{ steps.latest_commit_hash.outputs.commit }} --target develop --repo $GITHUB_REPOSITORY
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Dockerfile

@@ -72,9 +72,9 @@ FROM postgis-base AS postgis-prod
 
 # Reset ARG for version
 ARG IMAGE_VERSION
-ARG POSTGRES_MAJOR_VERSION=16
+ARG POSTGRES_MAJOR_VERSION=17
 ARG POSTGIS_MAJOR_VERSION=3
-ARG POSTGIS_MINOR_RELEASE=4
+ARG POSTGIS_MINOR_RELEASE=5
 # https://packagecloud.io/timescale/timescaledb
 ARG TIMESCALE_VERSION=2-2.11.2
 ARG BUILD_TIMESCALE=false

README.md

@@ -83,7 +83,7 @@ The following convention is used for tagging the images we build:
 
 So for example:
 
-``kartoza/postgis:14-3.1`` Provides PostgreSQL 14.0, PostGIS 3.1
+``kartoza/postgis:17-3.5`` Provides PostgreSQL 17.0, PostGIS 3.5
 
 **Note:** We highly recommend that you use tagged versions because successive minor versions of
 `PostgreSQL` write their database clusters into different database directories - which will cause
@@ -324,7 +324,7 @@ provided by the `timescaledb-tune`. Example,
     ```bash
     docker run -it --name timescale -e ACCEPT_TIMESCALE_TUNING=TRUE \
       -e POSTGRES_MULTIPLE_EXTENSIONS=postgis,hstore,postgis_topology,postgis_raster,pgrouting,timescaledb \
-      -e TIMESCALE_TUNING_PARAMS="-cpus=4" kartoza/postgis:14-3.1
+      -e TIMESCALE_TUNING_PARAMS="-cpus=4" kartoza/postgis:17-3.5
     ```
 
 **Note:** `ACCEPT_TIMESCALE_TUNING` environment variable will overwrite all configurations based
@@ -572,7 +572,7 @@ FORCE_SSL=TRUE
 The following example sets up a container with custom ssl private key and certificate:
 
 ```shell
-docker run -p 25432:5432 -e FORCE_SSL=TRUE -e SSL_DIR="/etc/ssl_certificates" -e SSL_CERT_FILE='/etc/ssl_certificates/fullchain.pem' -e SSL_KEY_FILE='/etc/ssl_certificates/privkey.pem' -e SSL_CA_FILE='/etc/ssl_certificates/root.crt' -v /tmp/postgres/letsencrypt:/etc/ssl_certificates --name ssl -d kartoza/postgis:13-3.1
+docker run -p 25432:5432 -e FORCE_SSL=TRUE -e SSL_DIR="/etc/ssl_certificates" -e SSL_CERT_FILE='/etc/ssl_certificates/fullchain.pem' -e SSL_KEY_FILE='/etc/ssl_certificates/privkey.pem' -e SSL_CA_FILE='/etc/ssl_certificates/root.crt' -v /tmp/postgres/letsencrypt:/etc/ssl_certificates --name ssl -d kartoza/postgis:13-3.5
 ```
 
 The environment variable `SSL_DIR` allows a user to specify the location
@@ -605,7 +605,7 @@ When setting up the database you need to define the following environment variab
 Example:
 
 ```shell
-docker run -p 5432:5432 -e FORCE_SSL=TRUE -e SSL_CERT_FILE='/ssl_certificates/fullchain.pem' -e SSL_KEY_FILE='/ssl_certificates/privkey.pem' -e SSL_CA_FILE='/ssl_certificates/root.crt' --name ssl -d kartoza/postgis:13-3.1
+docker run -p 5432:5432 -e FORCE_SSL=TRUE -e SSL_CERT_FILE='/ssl_certificates/fullchain.pem' -e SSL_KEY_FILE='/ssl_certificates/privkey.pem' -e SSL_CA_FILE='/ssl_certificates/root.crt' --name ssl -d kartoza/postgis:13-3.5
 ```
 
 On the host machine where you need to connect to the database you also 
@@ -663,7 +663,7 @@ replication methods allowed are,
 
 Replication  uses a dedicated user `REPLICATION_USER`. The role `${REPLICATION_USER}` uses the
 default group role `pg_read_all_data`. You can read more about this from the
-[PostgreSQL documentation](https://www.postgresql.org/docs/14/predefined-roles.html)
+[PostgreSQL documentation](https://www.postgresql.org/docs/17/predefined-roles.html)
 
 **Note:** When setting up replication you need to specify the password using the environment
 variable `REPLICATION_PASS`. If you do not specify it a random strong password will be generated.
@@ -679,7 +679,7 @@ is accessed from the replicant database. When edits to the master layer are save
 automatically propagated to the replicant. Note also that the replicant is read-only.
 
 ```shell
-docker run --name "streaming-replication" -e REPLICATION=true -e WAL_LEVEL='replica' -d -p 25432:5432 kartoza/postgis:14.3.2
+docker run --name "streaming-replication" -e REPLICATION=true -e WAL_LEVEL='replica' -d -p 25432:5432 kartoza/postgis:17.3.2
 ```
 
 **Note** If you do not pass the env variable `REPLICATION_PASS` a random password will be generated

docker-compose.build-timescale.yml

@@ -1,5 +1,4 @@
 # Used solely for docker-compose build
-version: '3.9'
 services:
   postgis-base:
     image: kartoza/postgis:base-${DISTRO}-${IMAGE_VERSION}-${IMAGE_VARIANT}

docker-compose.build.yml

@@ -1,5 +1,4 @@
 # Used solely for docker-compose build
-version: '3.9'
 services:
   postgis-base:
     image: kartoza/postgis:base-${DISTRO}-${IMAGE_VERSION}-${IMAGE_VARIANT}

docker-compose.yml

@@ -1,5 +1,4 @@
 # docker-compose build
-version: '3.9'
 volumes:
   dbbackups:
   postgis-data:

scenario_tests/collations/docker-compose.yml

@@ -1,6 +1,3 @@
-
-version: '3.9'
-
 volumes:
   pg-data-dir:
   new-pg-data-dir:

scenario_tests/datadir_init/docker-compose-gs.yml

@@ -1,4 +1,4 @@
-version: '3.9'
+
 volumes:
   default-pg-data-dir:
   new-pg-data-dir:

scenario_tests/datadir_init/docker-compose.yml

@@ -1,4 +1,4 @@
-version: '3.9'
+
 volumes:
   default-pg-data-dir:
   new-pg-data-dir:

scenario_tests/extensions/docker-compose.yml

@@ -1,6 +1,4 @@
 
-version: '3.9'
-
 services:
   pg:
     image: 'kartoza/postgis:${TAG:-manual-build}'

scenario_tests/init_scripts/docker-compose.yml

@@ -1,4 +1,4 @@
-version: '3.9'
+
 volumes:
   default-pg-data-dir-md5:
   new-pg-data-dir:

scenario_tests/logical_replication/docker-compose-gs.yml

@@ -1,6 +1,4 @@
 
-version: '3.9'
-
 volumes:
   pg-publisher-data-dir:
   pg-subscriber-data-dir:

scenario_tests/logical_replication/docker-compose.yml

@@ -1,6 +1,4 @@
 
-version: '3.9'
-
 volumes:
   pg-publisher-data-dir:
   pg-subscriber-data-dir:

scenario_tests/multiple_databases/docker-compose.yml

@@ -1,6 +1,4 @@
 
-version: '3.9'
-
 volumes:
   pg-db-data-dir:
   pg-db-schema-dir:

scenario_tests/streaming_replication/docker-compose-gs-promote.yml

@@ -1,6 +1,4 @@
 
-version: '2.1'
-
 volumes:
   pg-master-data-dir:
   pg-node-data-dir:

scenario_tests/streaming_replication/docker-compose-gs.yml

@@ -1,6 +1,4 @@
 
-version: '3.9'
-
 volumes:
   pg-master-data-dir:
   pg-node-data-dir:

scenario_tests/streaming_replication/docker-compose-root-promote.yml

@@ -1,6 +1,4 @@
 
-version: '2.1'
-
 volumes:
   pg-master-data-dir:
   pg-node-data-dir:

scenario_tests/streaming_replication/docker-compose.yml

@@ -1,6 +1,4 @@
 
-version: '3.9'
-
 volumes:
   pg-master-data-dir:
   pg-node-data-dir:

scripts/env-data.sh

@@ -508,7 +508,7 @@ function configure_replication_permissions {
 }
 
 function streaming_replication {
-  until START_COMMAND "${PG_BASEBACKUP} -X stream -h ${REPLICATE_FROM} -p ${REPLICATE_PORT} -D ${DATADIR} -U ${REPLICATION_USER} -R -vP -w --label=gis_pg_custer"
+  until START_COMMAND "${PG_BASEBACKUP} -X stream -h ${REPLICATE_FROM} -p ${REPLICATE_PORT} -D ${DATADIR} -U ${REPLICATION_USER} --incremental -R -vP -w --label=gis_pg_custer"
     do
       echo -e "[Entrypoint] \e[1;31m Waiting for master to connect... \033[0m"
       sleep 1s