Spoc 374: Add 'make installcheck' a Spock standard workflow

[danolivo]

• Add GitHub Actions installcheck workflow that runs standard PostgreSQL regression tests on a Docker-based three-node Spock cluster across PG 15-18. The workflow builds the cluster, runs pg_regress on node n1, collects logs from all nodes, and uploads them as artifacts. The security_label test is excluded (requires PostgreSQL core changes).
• Add run-installcheck.sh script that invokes pg_regress against the existing cluster using the standard parallel_schedule, outputting results to a dedicated directory for artifact collection.
• Fix Docker infrastructure:
  • Pass DBUSER and DBNAME build args through docker-compose.yml to allow overriding at build time (needed for regression test defaults)
  • Export PG_SRCDIR in .bashrc so the installcheck script can locate the PostgreSQL source tree
  • Default BASE_IMAGE to ghcr.io/pgedge/base-test-image:latest instead of local tag
  • Add log_statement = 'none' to entrypoint.sh PostgreSQL config
• Normalize Dockerfile indentation from mixed spaces to consistent tabs

[coderabbitai]

📝 Walkthrough

Walkthrough

Adds a GitHub Actions workflow to run three-node Spock installcheck tests on PostgreSQL 15–18, updates Docker build/compose and container entrypoint logging, and adds a script to run pg_regress with artifact collection and failure-diff output.

Changes

Cohort / File(s)	Summary
CI/CD workflow .github/workflows/installcheck.yml	Adds "Installcheck Tests (Three-Node Cluster)" workflow: matrix over OS and pgver (15–18), boots a three-node Spock cluster, runs installcheck on node n1, treats abnormal exits/non-OK tests (excluding security_label) as failures, uploads per-pgver artifacts and always tears down cluster.
Docker build & compose tests/docker/Dockerfile-step-1.el9, tests/docker/docker-compose.yml	Dockerfile: formatting, export PG_SRCDIR, switch some build steps to non-root user; docker-compose: adds build args DBUSER/DBNAME, switches base image to ghcr.io/pgedge/base-test-image:latest, normalizes healthcheck syntax and adds start_period: 60s.
Container entrypoint tests/docker/entrypoint.sh	Adds postgresql.conf lines during init: log_min_messages = log and log_statement = 'none' (plus a comment).
Test runner script tests/docker/run-installcheck.sh	New script to run PostgreSQL regression tests via pg_regress: sources env, validates vars, derives BINDIR/LIBDIR from pg_config, sets INPUTDIR/SCHEDULE/OUTPUTDIR, runs pg_regress with dlpath/bindir/schedule/dbname/host/port/user, captures exit code and prints regression.diffs on failure.

Poem

🐇 I hopped into containers, bright-eyed and spry,
Three nodes a-tiptoe beneath CI's sky,
pg_regress hummed and logs began to sing,
I nibbled diffs and watched the artifacts cling,
A rabbit claps as pipelines leap high!

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title directly reflects the main objective: adding an installcheck workflow as a standard Spock workflow, accurately summarizing the primary change.
Description check	✅ Passed	The description is directly related to the changeset, detailing the GitHub Actions workflow, the run-installcheck.sh script, and Docker infrastructure fixes.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch spoc-374

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🤖 Fix all issues with AI agents

In @.github/workflows/installcheck.yml:
- Around line 100-113: The workflow step "Collect installcheck artifacts"
attempts to copy regression.diffs unconditionally which can fail when the file
is absent; update the step to guard that copy by first checking for the file on
the container (e.g., run a short docker compose exec or docker compose run
command like "test -e /home/pgedge/installcheck-output/regression.diffs" and
only run "docker compose cp
pgedge-n1:/home/pgedge/installcheck-output/regression.diffs installcheck-logs/"
if present) or simply append "|| true" to the docker compose cp for
regression.diffs to make it non-fatal, keeping the other guarded copies
(regression.out, results) as-is.
- Around line 67-98: The step currently masks the exit code from "docker compose
exec -T pgedge-n1 bash -c '~/run-installcheck.sh' | tee installcheck_output.txt
|| true"; enable pipefail (set -o pipefail) at the top of the run block, run the
docker compose exec pipeline, then capture the producer's exit code via
PIPESTATUS[0] (e.g. DOCKER_EXIT=${PIPESTATUS[0]}) and fail the job or set
test_result=failed unless DOCKER_EXIT is 0 (or you still allow failures only for
security_label by combining this with the existing FAILED_TESTS check); update
the logic around FAILED_TESTS and the exit handling so the step exits non-zero
or writes test_result=failed when DOCKER_EXIT is non-zero and not accounted for
by ignored security_label failures.

In `@tests/docker/Dockerfile-step-1.el9`:
- Around line 126-137: The tag-selection pipeline that sets LATEST_TAG can pick
up prerelease tags (RC/BETA); update the pipeline that computes LATEST_TAG (the
series using git ls-remote | grep | sed | tr | sort | tail | tr) to explicitly
exclude tags containing _RC or _BETA (e.g., add a negative grep/filter for
(_RC|_BETA)) and then add a defensive test for non-empty LATEST_TAG before
running git clone (fail fast with an error/log if LATEST_TAG is empty);
reference the LATEST_TAG variable and the clone step that uses --branch
"${LATEST_TAG}" so you ensure only stable tags matching PGVER are cloned.

🧹 Nitpick comments (2)

tests/docker/entrypoint.sh (1)

66-69: Clarify the temporary logging override comment.
Line 67’s “To be changed on purpose” is vague; consider stating the reason (e.g., reduce installcheck noise) and when it should be reverted.

tests/docker/run-installcheck.sh (1)

7-23: Fail fast on missing env and propagate early errors.
Lines 7–23 rely on PG_CONFIG/PG_SRCDIR/PGPORT/PGUSER being set; missing values produce confusing failures later. Consider enabling strict mode after sourcing and validating required variables.

Proposed fix

 source "${HOME}/.bashrc"
+
+set -euo pipefail
+
+: "${PG_CONFIG:?PG_CONFIG must be set}"
+: "${PG_SRCDIR:?PG_SRCDIR must be set}"
+: "${PGPORT:?PGPORT must be set}"
+: "${PGUSER:?PGUSER must be set}"

[coderabbitai]

Actionable comments posted: 2

🤖 Fix all issues with AI agents

In @.github/workflows/installcheck.yml:
- Around line 44-74: Quote all instances of ${GITHUB_WORKSPACE} (e.g., change cd
${GITHUB_WORKSPACE}/tests/docker/ to cd "${GITHUB_WORKSPACE}/tests/docker/") and
any other unquoted expansions in the workflow to avoid word-splitting (also the
occurrences in sed commands and the docker compose up invocation), and replace
the tilde-in-quotes usage in the exec command (docker compose exec -T pgedge-n1
bash -c '~/run-installcheck.sh') with a dollar-home expansion (bash -c
"$HOME/run-installcheck.sh") so tilde expansion warnings are removed while
preserving behavior.

In `@tests/docker/run-installcheck.sh`:
- Around line 9-23: Add upfront validation for the other required PG_* env
variables before they are used: check PG_CONFIG, PG_SRCDIR, PGPORT, and PGUSER
(in addition to PGDATABASE) at the top of the script and fail fast with a clear
message and non-zero exit if any are unset; perform these checks before calling
"${PG_CONFIG}" or referencing PG_SRCDIR so functions/variables like BINDIR,
LIBDIR, PG_REGRESS, INPUTDIR, and SCHEDULE are not computed with missing inputs.

🧹 Nitpick comments (1)

tests/docker/run-installcheck.sh (1)

26-42: Quote paths/vars in pg_regress invocation.

Unquoted expansions can lead to word-splitting/globbing if any path contains spaces. Easy hardening.

Suggested fix

 OUTPUTDIR="/home/pgedge/installcheck-output"
-mkdir -p ${OUTPUTDIR}
+mkdir -p "${OUTPUTDIR}"

-${PG_REGRESS} \
-	--dlpath=${PG_SRCDIR}/src/test/regress/	\
-	--inputdir=${INPUTDIR} \
-	--outputdir=${OUTPUTDIR} \
-	--bindir=${BINDIR} \
-	--schedule=${SCHEDULE} \
-	--dbname=${PGDATABASE} \
+ "${PG_REGRESS}" \
+	--dlpath="${PG_SRCDIR}/src/test/regress/" \
+	--inputdir="${INPUTDIR}" \
+	--outputdir="${OUTPUTDIR}" \
+	--bindir="${BINDIR}" \
+	--schedule="${SCHEDULE}" \
+	--dbname="${PGDATABASE}" \
 	--use-existing \
 	--host=/tmp \
-	--port=${PGPORT} \
-	--user=${PGUSER}
+	--port="${PGPORT}" \
+	--user="${PGUSER}"

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In @.github/workflows/installcheck.yml:
- Around line 69-76: The step currently exits on a failing pipeline before
DOCKER_EXIT=${PIPESTATUS[0]} runs; change the script to temporarily disable
immediate exit around the test pipeline so the exit code can be captured. For
example, before running the pipeline for "docker compose exec -T pgedge-n1 bash
-c \"$HOME/run-installcheck.sh\" | tee installcheck_output.txt" do a set +e, run
the pipeline, immediately assign DOCKER_EXIT=${PIPESTATUS[0]}, then restore set
-e (or set -o errexit) so subsequent error-handling logic runs; this ensures
PIPESTATUS is captured even if the docker command fails.