Skip to content

Trim PostgreSQL Windows runtime package#38

Merged
lukyrys merged 1 commit intomainfrom
fix/postgresql-windows-runtime-package
May 4, 2026
Merged

Trim PostgreSQL Windows runtime package#38
lukyrys merged 1 commit intomainfrom
fix/postgresql-windows-runtime-package

Conversation

@lukyrys
Copy link
Copy Markdown
Contributor

@lukyrys lukyrys commented May 4, 2026
edited by coderabbitai Bot
Loading

Summary

  • stage only PostgreSQL runtime directories from the EnterpriseDB Windows archive
  • exclude pgAdmin, StackBuilder, GUI DLLs, and test binaries from the Windows release asset
  • update release and README wording for the runtime-only package

Verification

  • git diff --check
  • PostgreSQL workflow will be run on this branch for version 18.3

Summary by CodeRabbit

  • Documentation

    • Updated to accurately describe the PostgreSQL Windows artifact as a runtime-only package.

  • Chores

    • Refined Windows PostgreSQL build process to stage only necessary components and validate their presence.
    • Enhanced build artifact quality by excluding unnecessary files from the package.

@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented May 4, 2026
edited
Loading

📝 Walkthrough

Walkthrough

The Windows PostgreSQL build staging logic is refined to copy only runtime directories (bin, lib, share, include), remove auxiliary executables, and validate postgres.exe and initdb.exe exist. Release description and README documentation are updated to reflect this "runtime-only" packaging approach.

Changes

PostgreSQL Build & Documentation Update

Layer / File(s) Summary
Windows Build Staging
.github/workflows/build-postgresql.yml (lines 38–59)		 Windows job now copies only bin, lib, share, and include directories from EnterpriseDB runtime ZIP; removes stackbuilder.exe, wx*.dll, and test*.exe; asserts postgres.exe and initdb.exe exist; fails if pgAdmin 4 is present.
Release Description
.github/workflows/build-postgresql.yml (line 97)		 Windows x64 artifact description updated from "repackaged" to "runtime-only package staged" to clarify the staged nature of the build output.
Documentation
README.md (lines 17, 79)		 Features section and Build Matrix are updated to describe PostgreSQL as a "runtime-only" EnterpriseDB Windows package and a "runtime subset" respectively.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~5 minutes

Possibly related PRs

Poem

A rabbit hops through staging directories so fine,
Keeping only the runtime, each binary and line.
No pgAdmin, no stackbuilder to clutter the way,
Just postgres and lib—a lean ZIP for the day! 🐰✨

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title directly and clearly describes the main change: reducing the PostgreSQL Windows runtime package to only essential components.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch fix/postgresql-windows-runtime-package

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share
Review rate limit: 0/1 reviews remaining, refill in 60 minutes.

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai Bot reviewed May 4, 2026
View reviewed changes
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
.github/workflows/build-postgresql.yml (1)

43-44: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

No integrity check on the upstream EDB ZIP — supply chain gap vs. the Unix build.

The Unix job fetches a .sha256 sidecar from the official PostgreSQL FTP and verifies it before extraction. The Windows job trusts the EDB binary ZIP on TLS alone. A compromised EDB origin or CDN swap would propagate silently.

EnterpriseDB does not appear to publish SHA256 checksums for the binary ZIP archives, so a byte-for-byte expected-hash cannot be pinned the same way as the Unix source tarball. However, at minimum, hash the downloaded archive and surface it in the step summary so that any divergence across re-runs is visible:

🛡️ Proposed mitigation: log the hash for audit 
  Invoke-WebRequest -Uri $url -OutFile upstream.zip
+ $hash = (Get-FileHash upstream.zip -Algorithm SHA256).Hash
+ Write-Output "upstream.zip SHA256: $hash"
+ "## Windows upstream ZIP hash`n``$hash``" | Out-File $env:GITHUB_STEP_SUMMARY -Append
  Expand-Archive upstream.zip -DestinationPath upstream -Force

If EDB ever ships per-version checksum files alongside the ZIP (e.g., .sha256), replace this with a verification step identical to the Unix job.

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.github/workflows/build-postgresql.yml around lines 43 - 44, After
downloading upstream.zip with Invoke-WebRequest (before Expand-Archive), compute
a SHA256 of upstream.zip (using Get-FileHash -Algorithm SHA256) and append the
resulting hex digest to the GitHub Actions step summary (via the
GITHUB_STEP_SUMMARY file or $env:GITHUB_STEP_SUMMARY) so the fingerprint is
recorded for audit; keep the existing Expand-Archive step, and add a note to
replace this with an actual checksum verification (matching the Unix job) if EDB
publishes a per-version .sha256 in the future.
🧹 Nitpick comments (1)
.github/workflows/build-postgresql.yml (1)

59-59: 💤 Low value

The pgAdmin 4 guard is a dead assertion — it can never be true.

Since only bin, lib, share, and include are copied into stage/, and pgAdmin resides at pgsql/pgAdmin 4/ in the EDB archive (not inside any of those four directories), Test-Path 'stage/pgAdmin 4' is structurally always false. The check conveys intent but provides no real protection.

If the goal is to guard against future staging regressions, a broader assertion (e.g., asserting that stage contains only the four expected subdirectories plus VERSION) would be more meaningful.

🤖 Prompt for all review comments with AI agents 
Verify each finding against the current code and only fix it if needed.

Outside diff comments:
In @.github/workflows/build-postgresql.yml:
- Around line 43-44: After downloading upstream.zip with Invoke-WebRequest
(before Expand-Archive), compute a SHA256 of upstream.zip (using Get-FileHash
-Algorithm SHA256) and append the resulting hex digest to the GitHub Actions
step summary (via the GITHUB_STEP_SUMMARY file or $env:GITHUB_STEP_SUMMARY) so
the fingerprint is recorded for audit; keep the existing Expand-Archive step,
and add a note to replace this with an actual checksum verification (matching
the Unix job) if EDB publishes a per-version .sha256 in the future.
ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: b9c87d44-24c3-4262-a9d8-07e09e17809b

📥 Commits

Reviewing files that changed from the base of the PR and between 6aa280b and fc38b22.

📒 Files selected for processing (2)
  • .github/workflows/build-postgresql.yml
  • README.md

@lukyrys lukyrys merged commit 7acbf97 into main May 4, 2026
4 checks passed
@lukyrys lukyrys deleted the fix/postgresql-windows-runtime-package branch May 4, 2026 11:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@lukyrys