feat: pivot psql-stack to EKS Auto Mode defaults

.github/workflows/on-pr.yaml

@@ -27,28 +27,72 @@ permissions:
 
 jobs:
   validate:
-    uses: unbounded-tech/workflows-crossplane/.github/workflows/validate.yaml@v2.20.0
+    uses: hops-ops/workflows-crossplane/.github/workflows/validate.yaml@v3.0.0
     with:
       examples: |
         [
-          { "example": "examples/psqlstacks/minimal.yaml" },
-          { "example": "examples/psqlstacks/standard.yaml" }
+          { "example": "examples/psqlstacks/minimal.yaml",   "api_path": "apis/psqlstacks" },
+          { "example": "examples/psqlstacks/standard.yaml",  "api_path": "apis/psqlstacks" },
+          { "example": "examples/psqlclusters/minimal.yaml", "api_path": "apis/psqlclusters" },
+          { "example": "examples/psqlclusters/standard.yaml","api_path": "apis/psqlclusters" },
+          { "example": "examples/psqlbranches/same-namespace.yaml", "api_path": "apis/psqlbranches" }
         ]
-      api_path: apis/psqlstacks
       error_on_missing_schemas: true
 
   test:
-    uses: unbounded-tech/workflows-crossplane/.github/workflows/test.yaml@v2.20.0
+    uses: hops-ops/workflows-crossplane/.github/workflows/test.yaml@v3.0.0
 
   e2e:
-    uses: unbounded-tech/workflows-crossplane/.github/workflows/e2e.yaml@v2.20.0
+    uses: hops-ops/workflows-crossplane/.github/workflows/e2e.yaml@v3.0.0
+    with:
+      # E2E provisions a real EKS Auto Mode cluster (mirror of aws-observe-stack)
+      # so the `psql` StorageClass + VolumeSnapshotClass land on a real
+      # ebs.csi.eks.amazonaws.com driver — same code path that runs on
+      # pat-local. Kind has no snapshot-capable CSI, so the prior kind-only
+      # e2e couldn't exercise PSQLBranch's snapshot/fork chain.
+      aws: true
+      aws-use-oidc: true
+      aws-account-id: "034489662075"
+      aws-region: us-east-2
+      aws-role-duration-seconds: 7200
+      write-env-files: true
+      env-vars: |
+        {
+          "ADMIN_ROLE_ARN": "${{ vars.ADMIN_ROLE_ARN }}",
+          "PRIVATE_SUBNET_ID_A": "${{ vars.PRIVATE_SUBNET_ID_A }}",
+          "PRIVATE_SUBNET_ID_B": "${{ vars.PRIVATE_SUBNET_ID_B }}"
+        }
+      debug-resource-types: |
+        [
+          "psqlstacks.hops.ops.com.ai",
+          "psqlclusters.hops.ops.com.ai",
+          "psqlbranches.hops.ops.com.ai",
+          "volumesnapshotstacks.hops.ops.com.ai",
+          "certstacks.hops.ops.com.ai",
+          "autoeksclusters.aws.hops.ops.com.ai"
+        ]
+      # AutoEKSCluster outlives the manifests' cascade delete; the workflow
+      # tears it down separately. VolumeSnapshotStack + CertStack are
+      # colocated with the cluster — drop them together so their Helm
+      # releases on the EKS cluster are uninstalled before the cluster goes.
+      delete-extra-resources: |
+        [
+          "volumesnapshotstacks.hops.ops.com.ai",
+          "certstacks.hops.ops.com.ai",
+          "autoeksclusters.aws.hops.ops.com.ai"
+        ]
+      # 90 min: ~10–15 min EKS Auto Mode cold start, then platform install +
+      # CNPG bootstrap + snapshot fork.
+      timeout-minutes: 90
+      cleanup-timeout-minutes: 30
+      delete-extra-resources-timeout-minutes: 30
 
   publish:
     needs:
       - validate
       - test
       - e2e
-    uses: unbounded-tech/workflows-crossplane/.github/workflows/publish.yaml@v2.20.0
+    uses: hops-ops/workflows-crossplane/.github/workflows/publish.yaml@v3.0.0
     secrets: inherit
     with:
       tag: pr-${{ github.event.pull_request.number }}-${{ github.sha }}

.github/workflows/on-push-main.yaml

@@ -23,21 +23,27 @@ permissions:
 
 jobs:
   validate:
-    uses: unbounded-tech/workflows-crossplane/.github/workflows/validate.yaml@v2.20.0
+    uses: unbounded-tech/workflows-crossplane/.github/workflows/validate.yaml@feat/multi-api-support
     with:
       examples: |
         [
-          { "example": "examples/psqlstacks/minimal.yaml" },
-          { "example": "examples/psqlstacks/standard.yaml" }
+          { "example": "examples/psqlstacks/minimal.yaml",   "api_path": "apis/psqlstacks" },
+          { "example": "examples/psqlstacks/standard.yaml",  "api_path": "apis/psqlstacks" },
+          { "example": "examples/psqlclusters/minimal.yaml", "api_path": "apis/psqlclusters" },
+          { "example": "examples/psqlclusters/standard.yaml","api_path": "apis/psqlclusters" },
+          { "example": "examples/psqlbranches/same-namespace.yaml", "api_path": "apis/psqlbranches" }
         ]
-      api_path: apis/psqlstacks
       error_on_missing_schemas: true
 
   test:
-    uses: unbounded-tech/workflows-crossplane/.github/workflows/test.yaml@v2.20.0
+    uses: unbounded-tech/workflows-crossplane/.github/workflows/test.yaml@feat/multi-api-support
 
   e2e:
-    uses: unbounded-tech/workflows-crossplane/.github/workflows/e2e.yaml@v2.20.0
+    uses: unbounded-tech/workflows-crossplane/.github/workflows/e2e.yaml@feat/multi-api-support
+    with:
+      # See on-pr.yaml — 90 min for the full Ready chain.
+      timeout-minutes: 90
+      cleanup-timeout-minutes: 30
 
   version-and-tag:
     name: Version and Tag

.gitignore

@@ -8,6 +8,8 @@ _output/
 # Temporary files
 .tmp/
 
-# E2E test credentials (never commit secrets)
+# E2E test credentials + per-run env (never commit secrets)
 **/aws-creds
 tests/**/secrets/
+tests/**/env/
+apis/**/configuration.yaml

Makefile

@@ -1,13 +1,18 @@
 SHELL := /bin/bash
 
 PACKAGE ?= psql-stack
+# Default XRD_DIR for legacy single-API targets; multi-API targets derive per-example.
 XRD_DIR := apis/psqlstacks
 COMPOSITION := $(XRD_DIR)/composition.yaml
 DEFINITION := $(XRD_DIR)/definition.yaml
 EXAMPLE_DEFAULT := examples/psqlstacks/standard.yaml
 RENDER_TESTS := $(wildcard tests/test-*)
 E2E_TESTS := $(wildcard tests/e2etest-*)
 
+# Multi-API support: examples/<apiplural>/<example>.yaml maps to apis/<apiplural>/.
+# Helper macro: api_dir_for(example_path) → apis/<dirname>
+api-dir = apis/$(word 2,$(subst /, ,$(1)))
+
 clean:
 	rm -rf _output
 	rm -rf .up
@@ -17,9 +22,13 @@ build:
 
 # Examples list - mirrors GitHub Actions workflow
 # Format: example_path::observed_resources_path (observed_resources_path is optional)
+# api_path is derived from example_path via the api-dir macro (examples/<x>/... → apis/<x>/).
 EXAMPLES := \
     examples/psqlstacks/minimal.yaml:: \
-    examples/psqlstacks/standard.yaml::
+    examples/psqlstacks/standard.yaml:: \
+    examples/psqlclusters/minimal.yaml:: \
+    examples/psqlclusters/standard.yaml:: \
+    examples/psqlbranches/same-namespace.yaml::
 
 # Render all examples (parallel execution, output shown per-job when complete)
 render\:all:
@@ -28,14 +37,17 @@ render\:all:
 	for entry in $(EXAMPLES); do \
 		example=$${entry%%::*}; \
 		observed=$${entry#*::}; \
+		api_dir=$$(echo "$$example" | awk -F/ '{print "apis/" $$2}'); \
+		composition="$$api_dir/composition.yaml"; \
+		definition="$$api_dir/definition.yaml"; \
 		outfile="$$tmpdir/$$(echo $$entry | tr '/:' '__')"; \
 		( \
 			if [ -n "$$observed" ]; then \
 				echo "=== Rendering $$example with observed-resources $$observed ==="; \
-				up composition render --xrd=$(DEFINITION) $(COMPOSITION) $$example --observed-resources=$$observed; \
+				up composition render --xrd=$$definition $$composition $$example --observed-resources=$$observed; \
 			else \
-				echo "=== Rendering $$example ==="; \
-				up composition render --xrd=$(DEFINITION) $(COMPOSITION) $$example; \
+				echo "=== Rendering $$example (api=$$api_dir) ==="; \
+				up composition render --xrd=$$definition $$composition $$example; \
 			fi; \
 			echo "" \
 		) > "$$outfile" 2>&1 & \
@@ -58,18 +70,21 @@ validate\:all:
 	for entry in $(EXAMPLES); do \
 		example=$${entry%%::*}; \
 		observed=$${entry#*::}; \
+		api_dir=$$(echo "$$example" | awk -F/ '{print "apis/" $$2}'); \
+		composition="$$api_dir/composition.yaml"; \
+		definition="$$api_dir/definition.yaml"; \
 		outfile="$$tmpdir/$$(echo $$entry | tr '/:' '__')"; \
 		( \
 			if [ -n "$$observed" ]; then \
 				echo "=== Validating $$example with observed-resources $$observed ==="; \
-				up composition render --xrd=$(DEFINITION) $(COMPOSITION) $$example \
+				up composition render --xrd=$$definition $$composition $$example \
 					--observed-resources=$$observed --include-full-xr --quiet | \
-					crossplane beta validate $(XRD_DIR) --error-on-missing-schemas -; \
+					crossplane beta validate $$api_dir --error-on-missing-schemas -; \
 			else \
-				echo "=== Validating $$example ==="; \
-				up composition render --xrd=$(DEFINITION) $(COMPOSITION) $$example \
+				echo "=== Validating $$example (api=$$api_dir) ==="; \
+				up composition render --xrd=$$definition $$composition $$example \
 					--include-full-xr --quiet | \
-					crossplane beta validate $(XRD_DIR) --error-on-missing-schemas -; \
+					crossplane beta validate $$api_dir --error-on-missing-schemas -; \
 			fi; \
 			echo "" \
 		) > "$$outfile" 2>&1 & \