[Scheduled] Update dependencies (#906)

Author: github-actions[bot]

.github/workflows/checks.yaml

@@ -10,10 +10,7 @@ jobs:
   tests:
     uses: ./.github/workflows/wf_check.yaml
     secrets:
-      AWS_ACCOUNT_ID: ${{ secrets.AWS_PRODUCTION_CORE_ACCOUNT_ID }}
       NHOST_PAT: ${{ secrets.NHOST_PAT }}
-      NIX_CACHE_PUB_KEY: ${{ secrets.NIX_CACHE_PUB_KEY }}
-      NIX_CACHE_PRIV_KEY: ${{ secrets.NIX_CACHE_PRIV_KEY }}
 
   build_artifacts:
     strategy:
@@ -28,8 +25,3 @@ jobs:
       VERSION: ${{ github.sha }}
     secrets:
       NHOST_PAT: ${{ secrets.NHOST_PAT }}
-      AWS_ACCOUNT_ID: ${{ secrets.AWS_PRODUCTION_CORE_ACCOUNT_ID }}
-      CERT_FULL_CHAIN: ${{ secrets.CERT_FULL_CHAIN }}
-      CERT_PRIV_KEY: ${{ secrets.CERT_PRIV_KEY }}
-      NIX_CACHE_PUB_KEY: ${{ secrets.NIX_CACHE_PUB_KEY }}
-      NIX_CACHE_PRIV_KEY: ${{ secrets.NIX_CACHE_PRIV_KEY }}

.github/workflows/release.yaml

@@ -8,10 +8,7 @@ jobs:
   tests:
     uses: ./.github/workflows/wf_check.yaml
     secrets:
-      AWS_ACCOUNT_ID: ${{ secrets.AWS_PRODUCTION_CORE_ACCOUNT_ID }}
       NHOST_PAT: ${{ secrets.NHOST_PAT }}
-      NIX_CACHE_PUB_KEY: ${{ secrets.NIX_CACHE_PUB_KEY }}
-      NIX_CACHE_PRIV_KEY: ${{ secrets.NIX_CACHE_PRIV_KEY }}
 
   build_artifacts:
     strategy:
@@ -25,11 +22,6 @@ jobs:
       VERSION: ${{ github.ref_name }}
     secrets:
       NHOST_PAT: ${{ secrets.NHOST_PAT }}
-      AWS_ACCOUNT_ID: ${{ secrets.AWS_PRODUCTION_CORE_ACCOUNT_ID }}
-      CERT_FULL_CHAIN: ${{ secrets.CERT_FULL_CHAIN }}
-      CERT_PRIV_KEY: ${{ secrets.CERT_PRIV_KEY }}
-      NIX_CACHE_PUB_KEY: ${{ secrets.NIX_CACHE_PUB_KEY }}
-      NIX_CACHE_PRIV_KEY: ${{ secrets.NIX_CACHE_PRIV_KEY }}
 
   publish:
     uses: ./.github/workflows/wf_publish.yaml

.github/workflows/wf_build_artifacts.yaml

@@ -17,16 +17,6 @@ on:
     secrets:
       NHOST_PAT:
         required: true
-      AWS_ACCOUNT_ID:
-        required: true
-      CERT_FULL_CHAIN:
-        required: true
-      CERT_PRIV_KEY:
-        required: true
-      NIX_CACHE_PUB_KEY:
-        required: true
-      NIX_CACHE_PRIV_KEY:
-        required: true
 
 jobs:
   artifacts:
@@ -44,52 +34,27 @@ jobs:
         ref: ${{ inputs.GIT_REF }}
         submodules: true
 
-    - name: Configure aws
-      uses: aws-actions/configure-aws-credentials@v4
+    - uses: cachix/install-nix-action@v27
       with:
-        role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/github-actions-nhost-${{ github.event.repository.name }}
-        aws-region: eu-central-1
-
-    - uses: nixbuild/nix-quick-install-action@v26
-      with:
-        nix_version: 2.16.2
-        nix_conf: |
+        install_url: "https://releases.nixos.org/nix/nix-2.22.3/install"
+        install_options: "--no-daemon"
+        extra_nix_config: |
           experimental-features = nix-command flakes
           sandbox = false
           access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
-          substituters = https://cache.nixos.org/?priority=40 s3://nhost-nix-cache?region=eu-central-1&priority=50
-          trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= ${{ secrets.NIX_CACHE_PUB_KEY }}
-          builders-use-substitutes = true
+          substituters = https://cache.nixos.org/?priority=40
+          trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
 
-    - name: Cache nix store
-      uses: actions/cache@v4
+    - uses: DeterminateSystems/magic-nix-cache-action@v7
       with:
-        path: |
-          /nix/store/**
-          /nix/var/nix/*/*
-          /nix/var/nix/db/*
-          /nix/var/nix/db/*/**
-          !/nix/var/nix/daemon-socket/socket
-          !/nix/var/nix/userpool/*
-          !/nix/var/nix/gc.lock
-          !/nix/var/nix/db/big-lock
-          !/nix/var/nix/db/reserved
-        key: nix-build-${{ inputs.GOOS }}-${{ inputs.GOARCH}}-${{ hashFiles('flake.nix', 'flake.lock', '**.nix') }}
+        diagnostic-endpoint: ""
+        use-flakehub: false
+
     - name: Compute common env vars
       id: vars
       run: |
         echo "VERSION=$(make get-version VERSION=${{ inputs.VERSION }})" >> $GITHUB_OUTPUT
 
-    # - name: place let's encrypt cert
-    #   run: |
-    #     cat <<EOF > ssl/.ssl/fullchain.pem
-    #     ${{ secrets.CERT_FULL_CHAIN }}
-    #     EOF
-    #     cat <<EOF > ssl/.ssl/privkey.pem
-    #     ${{ secrets.CERT_PRIV_KEY }}
-    #     EOF
-    #   shell: bash
-
     - name: "Build artifact"
       run: |
         make build ARCH=${{ inputs.GOARCH }} OS=${{ inputs.GOOS }}
@@ -140,10 +105,3 @@ jobs:
         path: result
         retention-days: 7
       if: ${{ ( inputs.GOOS == 'linux' ) }}
-
-    - name: "Cache nix store on s3"
-      run: |
-        echo ${{ secrets.NIX_CACHE_PRIV_KEY }} > cache-priv-key.pem
-        nix store sign --key-file cache-priv-key.pem --all
-        find /nix/store -maxdepth 1 -name "*-*" -type d | grep -v source | xargs -n 1000 nix copy --to s3://nhost-nix-cache\?region=eu-central-1
-      if: always()

.github/workflows/wf_check.yaml

@@ -8,12 +8,6 @@ on:
     secrets:
       NHOST_PAT:
         required: true
-      AWS_ACCOUNT_ID:
-        required: true
-      NIX_CACHE_PUB_KEY:
-        required: true
-      NIX_CACHE_PRIV_KEY:
-        required: true
 
 jobs:
   tests:
@@ -31,46 +25,23 @@ jobs:
         ref: ${{ inputs.GIT_REF }}
         submodules: true
 
-    - name: Configure aws
-      uses: aws-actions/configure-aws-credentials@v4
+    - uses: cachix/install-nix-action@v27
       with:
-        role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/github-actions-nhost-${{ github.event.repository.name }}
-        aws-region: eu-central-1
-
-    - uses: nixbuild/nix-quick-install-action@v26
-      with:
-        nix_version: 2.16.2
-        nix_conf: |
+        install_url: "https://releases.nixos.org/nix/nix-2.22.3/install"
+        install_options: "--no-daemon"
+        extra_nix_config: |
           experimental-features = nix-command flakes
           sandbox = false
           access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
-          substituters = https://cache.nixos.org/?priority=40 s3://nhost-nix-cache?region=eu-central-1&priority=50
-          trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= ${{ secrets.NIX_CACHE_PUB_KEY }}
-          builders-use-substitutes = true
+          substituters = https://cache.nixos.org/?priority=40
+          trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
 
-    - name: Cache nix store
-      uses: actions/cache@v4
+    - uses: DeterminateSystems/magic-nix-cache-action@v7
       with:
-        path: |
-          /nix/store/**
-          /nix/var/nix/*/*
-          /nix/var/nix/db/*
-          /nix/var/nix/db/*/**
-          !/nix/var/nix/daemon-socket/socket
-          !/nix/var/nix/userpool/*
-          !/nix/var/nix/gc.lock
-          !/nix/var/nix/db/big-lock
-          !/nix/var/nix/db/reserved
-        key: nix-${{ runner.os }}-${{ hashFiles('flake.nix', 'flake.lock', '**.nix') }}
+        diagnostic-endpoint: ""
+        use-flakehub: false
 
     - name: "Run checks"
       run: |
         export NHOST_PAT=${{ secrets.NHOST_PAT }}
         make check
-
-    - name: "Cache nix store on s3"
-      run: |
-        echo ${{ secrets.NIX_CACHE_PRIV_KEY }} > cache-priv-key.pem
-        nix store sign --key-file cache-priv-key.pem --all
-        find /nix/store -maxdepth 1 -name "*-*" -type d | grep -v source | xargs -n 1000 nix copy --to s3://nhost-nix-cache\?region=eu-central-1
-      if: always()

cert.sh

@@ -43,7 +43,7 @@ certbot certonly \
     --config-dir letsencrypt \
     --work-dir letsencrypt
 
-cp letsencrypt/live/local.auth.nhost.run/fullchain.pem ssl/.ssl/sub-fullchain.pem
-cp letsencrypt/live/local.auth.nhost.run/privkey.pem ssl/.ssl/sub-privkey.pem
+cp letsencrypt/live/auth.local.nhost.run/fullchain.pem ssl/.ssl/sub-fullchain.pem
+cp letsencrypt/live/auth.local.nhost.run/privkey.pem ssl/.ssl/sub-privkey.pem
 
 rm -rf letsencrypt

examples/myproject/nhost/nhost.toml

@@ -4,7 +4,7 @@ name = 'GREET'
 value = 'Sayonara'
 
 [hasura]
-version = 'v2.33.4-ce'
+version = 'v2.38.0-ce'
 adminSecret = '{{ secrets.HASURA_GRAPHQL_ADMIN_SECRET }}'
 webhookSecret = '{{ secrets.NHOST_WEBHOOK_SECRET }}'
 
@@ -22,7 +22,7 @@ liveQueriesMultiplexedRefetchInterval = 3000
 version = 20
 
 [auth]
-version = '0.30.0'
+version = '0.33.0'
 
 [auth.redirections]
 clientUrl = 'http://localhost:3000'
@@ -127,7 +127,7 @@ timeout = 60000
 enabled = false
 
 [postgres]
-version = '14.11-20240429-1'
+version = '16.2-20240901-1'
 
 [postgres.settings]
 maxConnections = 100
@@ -151,7 +151,7 @@ maxParallelMaintenanceWorkers = 2
 [provider]
 
 [storage]
-version = '0.6.0'
+version = '0.6.1'
 
 [observability]
 [observability.grafana]