Cache initdb output to speed up tenant creation in tests

initdb takes about 1 s. Our tests create and destroy a lot of tenants, so that adds up. Cache the initdb result to speed it up. This is currently only enabled in tests. Out of caution, mostly. But also because when you reuse the initdb result, all the postgres clusters end up having the same system_identifier, which is supposed to be unique. It's not necessary for it to be unique for correctness, nothing critical relies on it and you can easily end up with duplicate system_identifiers in standalone PostgreSQL too, if you e.g. create a backup and restore it on a different system. But it is used in various checks to reduce the chance that you e.g. accidentally apply WAL belonging to a different cluster. Because this is aimed at tests, there are a few things that might be surprising: - The initdb cache directory is configurable, and can be outside the pageserver's repo directory. This allows reuse across different pageservers running on the same host. In production use, that'd be pointless, but our tests create a lot of pageservers. - The cache is not automatically purged at start / shutdown. For production use, we'd probably want that, so that we'd pick up any changes in what an empty cluster looks like after a Postgres minor version upgrade, for example. But again tests create and destroy a lot of pageservers, so it's important to retain the cache. - The locking on the cache directory relies purely on filesystem operations and atomic rename(). Using e.g. a rust Mutex() would be more straightforward, but that's not enough because the cache needs to be shared between different pageservers running on the same system.
2026-01-30 16:50:37 +00:00 · 2024-09-21 02:09:39 +03:00
873 changed files with 23353 additions and 74112 deletions
--- a/.config/hakari.toml
+++ b/.config/hakari.toml
@@ -46,9 +46,6 @@ workspace-members = [
    "utils",
    "wal_craft",
    "walproposer",
    "postgres-protocol2",
    "postgres-types2",
    "tokio-postgres2",
 ]
 # Write out exact versions rather than a semver range. (Defaults to false.)
--- a/.dockerignore
+++ b/.dockerignore
@@ -5,22 +5,26 @@
 !Cargo.toml
 !Makefile
 !rust-toolchain.toml
 !scripts/combine_control_files.py
 !scripts/ninstall.sh
 !vm-cgconfig.conf
 !docker-compose/run-tests.sh
 # Directories
 !.cargo/
 !.config/
 !compute/
 !compute_tools/
 !control_plane/
 !libs/
 !neon_local/
 !pageserver/
 !patches/
 !pgxn/
 !proxy/
 !storage_scrubber/
 !safekeeper/
 !storage_broker/
 !storage_controller/
 !trace/
 !vendor/postgres-*/
 !workspace_hack/
--- a/.github/actionlint.yml
+++ b/.github/actionlint.yml
@@ -20,4 +20,3 @@ config-variables:
  - REMOTE_STORAGE_AZURE_REGION
  - SLACK_UPCOMING_RELEASE_CHANNEL_ID
  - DEV_AWS_OIDC_ROLE_ARN
  - BENCHMARK_INGEST_TARGET_PROJECTID
--- a/.github/actions/allure-report-generate/action.yml
+++ b/.github/actions/allure-report-generate/action.yml
@@ -7,10 +7,6 @@ inputs:
    type: boolean
    required: false
    default: false
  aws_oicd_role_arn:
    description: 'the OIDC role arn to (re-)acquire for allure report upload - if not set call must acquire OIDC role'
    required: false
    default: ''
 outputs:
  base-url:
@@ -43,8 +39,7 @@ runs:
        PR_NUMBER=$(jq --raw-output .pull_request.number "$GITHUB_EVENT_PATH" || true)
        if [ "${PR_NUMBER}" != "null" ]; then
          BRANCH_OR_PR=pr-${PR_NUMBER}
-        elif [ "${GITHUB_REF_NAME}" = "main" ] || [ "${GITHUB_REF_NAME}" = "release" ] || \
+        elif [ "${GITHUB_REF_NAME}" = "main" ] || [ "${GITHUB_REF_NAME}" = "release" ] || [ "${GITHUB_REF_NAME}" = "release-proxy" ]; then
             [ "${GITHUB_REF_NAME}" = "release-proxy" ] || [ "${GITHUB_REF_NAME}" = "release-compute" ]; then
          # Shortcut for special branches
          BRANCH_OR_PR=${GITHUB_REF_NAME}
        else
@@ -84,14 +79,6 @@ runs:
        ALLURE_VERSION: 2.27.0
        ALLURE_ZIP_SHA256: b071858fb2fa542c65d8f152c5c40d26267b2dfb74df1f1608a589ecca38e777
    - name: (Re-)configure AWS credentials # necessary to upload reports to S3 after a long-running test
      if: ${{ !cancelled() && (inputs.aws_oicd_role_arn != '') }}
      uses: aws-actions/configure-aws-credentials@v4
      with:
        aws-region: eu-central-1
        role-to-assume: ${{ inputs.aws_oicd_role_arn }}
        role-duration-seconds: 3600 # 1 hour should be more than enough to upload report
    # Potentially we could have several running build for the same key (for example, for the main branch), so we use improvised lock for this
    - name: Acquire lock
      shell: bash -euxo pipefail {0}
@@ -196,7 +183,7 @@ runs:
      uses: actions/cache@v4
      with:
        path: ~/.cache/pypoetry/virtualenvs
-        key: v2-${{ runner.os }}-${{ runner.arch }}-python-deps-bookworm-${{ hashFiles('poetry.lock') }}
+        key: v2-${{ runner.os }}-${{ runner.arch }}-python-deps-${{ hashFiles('poetry.lock') }}
    - name: Store Allure test stat in the DB (new)
      if: ${{ !cancelled() && inputs.store-test-results-into-db == 'true' }}
@@ -234,8 +221,6 @@ runs:
        REPORT_URL: ${{ steps.generate-report.outputs.report-url }}
        COMMIT_SHA: ${{ github.event.pull_request.head.sha || github.sha }}
      with:
        # Retry script for 5XX server errors: https://github.com/actions/github-script#retries
        retries: 5
        script: |
          const { REPORT_URL, COMMIT_SHA } = process.env
--- a/.github/actions/allure-report-store/action.yml
+++ b/.github/actions/allure-report-store/action.yml
@@ -8,10 +8,6 @@ inputs:
  unique-key:
    description: 'string to distinguish different results in the same run'
    required: true
  aws_oicd_role_arn:
    description: 'the OIDC role arn to (re-)acquire for allure report upload - if not set call must acquire OIDC role'
    required: false
    default: ''
 runs:
  using: "composite"
@@ -23,8 +19,7 @@ runs:
        PR_NUMBER=$(jq --raw-output .pull_request.number "$GITHUB_EVENT_PATH" || true)
        if [ "${PR_NUMBER}" != "null" ]; then
          BRANCH_OR_PR=pr-${PR_NUMBER}
-        elif [ "${GITHUB_REF_NAME}" = "main" ] || [ "${GITHUB_REF_NAME}" = "release" ] || \
+        elif [ "${GITHUB_REF_NAME}" = "main" ] || [ "${GITHUB_REF_NAME}" = "release" ] || [ "${GITHUB_REF_NAME}" = "release-proxy" ]; then
             [ "${GITHUB_REF_NAME}" = "release-proxy" ] || [ "${GITHUB_REF_NAME}" = "release-compute" ]; then
          # Shortcut for special branches
          BRANCH_OR_PR=${GITHUB_REF_NAME}
        else
@@ -36,14 +31,6 @@ runs:
      env:
        REPORT_DIR: ${{ inputs.report-dir }}
    - name: (Re-)configure AWS credentials # necessary to upload reports to S3 after a long-running test
      if: ${{ !cancelled() && (inputs.aws_oicd_role_arn != '') }}
      uses: aws-actions/configure-aws-credentials@v4
      with:
        aws-region: eu-central-1
        role-to-assume: ${{ inputs.aws_oicd_role_arn }}
        role-duration-seconds: 3600 # 1 hour should be more than enough to upload report
    - name: Upload test results
      shell: bash -euxo pipefail {0}
      run: |
--- a/.github/actions/run-python-test-set/action.yml
+++ b/.github/actions/run-python-test-set/action.yml
@@ -36,8 +36,8 @@ inputs:
    description: 'Region name for real s3 tests'
    required: false
    default: ''
-  rerun_failed:
+  rerun_flaky:
-    description: 'Whether to rerun failed tests'
+    description: 'Whether to rerun flaky tests'
    required: false
    default: 'false'
  pg_version:
@@ -48,10 +48,6 @@ inputs:
    description: 'benchmark durations JSON'
    required: false
    default: '{}'
  aws_oicd_role_arn:
    description: 'the OIDC role arn to (re-)acquire for allure report upload - if not set call must acquire OIDC role'
    required: false
    default: ''
 runs:
  using: "composite"
@@ -92,7 +88,7 @@ runs:
      uses: actions/cache@v4
      with:
        path: ~/.cache/pypoetry/virtualenvs
-        key: v2-${{ runner.os }}-${{ runner.arch }}-python-deps-bookworm-${{ hashFiles('poetry.lock') }}
+        key: v2-${{ runner.os }}-${{ runner.arch }}-python-deps-${{ hashFiles('poetry.lock') }}
    - name: Install Python deps
      shell: bash -euxo pipefail {0}
@@ -108,7 +104,7 @@ runs:
        COMPATIBILITY_SNAPSHOT_DIR: /tmp/compatibility_snapshot_pg${{ inputs.pg_version }}
        ALLOW_BACKWARD_COMPATIBILITY_BREAKAGE: contains(github.event.pull_request.labels.*.name, 'backward compatibility breakage')
        ALLOW_FORWARD_COMPATIBILITY_BREAKAGE: contains(github.event.pull_request.labels.*.name, 'forward compatibility breakage')
-        RERUN_FAILED: ${{ inputs.rerun_failed }}
+        RERUN_FLAKY: ${{ inputs.rerun_flaky }}
        PG_VERSION: ${{ inputs.pg_version }}
      shell: bash -euxo pipefail {0}
      run: |
@@ -154,8 +150,15 @@ runs:
          EXTRA_PARAMS="--out-dir $PERF_REPORT_DIR $EXTRA_PARAMS"
        fi
-        if [ "${RERUN_FAILED}" == "true" ]; then
+        if [ "${RERUN_FLAKY}" == "true" ]; then
-          EXTRA_PARAMS="--reruns 2 $EXTRA_PARAMS"
+          mkdir -p $TEST_OUTPUT
          poetry run ./scripts/flaky_tests.py "${TEST_RESULT_CONNSTR}" \
                                              --days 7 \
                                              --output "$TEST_OUTPUT/flaky.json" \
                                              --pg-version "${DEFAULT_PG_VERSION}" \
                                              --build-type "${BUILD_TYPE}"
          EXTRA_PARAMS="--flaky-tests-json $TEST_OUTPUT/flaky.json $EXTRA_PARAMS"
        fi
        # We use pytest-split plugin to run benchmarks in parallel on different CI runners
@@ -215,17 +218,7 @@ runs:
        name: compatibility-snapshot-${{ runner.arch }}-${{ inputs.build_type }}-pg${{ inputs.pg_version }}
        # Directory is created by test_compatibility.py::test_create_snapshot, keep the path in sync with the test
        path: /tmp/test_output/compatibility_snapshot_pg${{ inputs.pg_version }}/
        # The lack of compatibility snapshot shouldn't fail the job
        # (for example if we didn't run the test for non build-and-test workflow)
        skip-if-does-not-exist: true
    - name: (Re-)configure AWS credentials # necessary to upload reports to S3 after a long-running test
      if: ${{ !cancelled() && (inputs.aws_oicd_role_arn != '') }}
      uses: aws-actions/configure-aws-credentials@v4
      with:
        aws-region: eu-central-1
        role-to-assume: ${{ inputs.aws_oicd_role_arn }}
        role-duration-seconds: 3600 # 1 hour should be more than enough to upload report
    - name: Upload test results
      if: ${{ !cancelled() }}
      uses: ./.github/actions/allure-report-store
--- a/.github/actions/set-docker-config-dir/action.yml
+++ b/.github/actions/set-docker-config-dir/action.yml
@@ -0,0 +1,36 @@
 name: "Set custom docker config directory"
 description: "Create a directory for docker config and set DOCKER_CONFIG"
 # Use custom DOCKER_CONFIG directory to avoid conflicts with default settings
 runs:
  using: "composite"
  steps:
  - name: Show warning on GitHub-hosted runners
    if: runner.environment == 'github-hosted'
    shell: bash -euo pipefail {0}
    run: |
      # Using the following environment variables to find a path to the workflow file
      # ${GITHUB_WORKFLOW_REF} - octocat/hello-world/.github/workflows/my-workflow.yml@refs/heads/my_branch
      # ${GITHUB_REPOSITORY}   - octocat/hello-world
      # ${GITHUB_REF}          - refs/heads/my_branch
      # From https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/variables
      filename_with_ref=${GITHUB_WORKFLOW_REF#"$GITHUB_REPOSITORY/"}
      filename=${filename_with_ref%"@$GITHUB_REF"}
      # https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/workflow-commands-for-github-actions#setting-a-warning-message
      title='Unnecessary usage of `.github/actions/set-docker-config-dir`'
      message='No need to use `.github/actions/set-docker-config-dir` action on GitHub-hosted runners'
      echo "::warning file=${filename},title=${title}::${message}"
  - uses: pyTooling/Actions/with-post-step@74afc5a42a17a046c90c68cb5cfa627e5c6c5b6b # v1.0.7
    env:
      DOCKER_CONFIG: .docker-custom-${{ github.run_id }}-${{ github.run_attempt }}
    with:
      main: |
        mkdir -p "${DOCKER_CONFIG}"
        echo DOCKER_CONFIG=${DOCKER_CONFIG} | tee -a $GITHUB_ENV
      post: |
        if [ -d "${DOCKER_CONFIG}" ]; then
          rm -r "${DOCKER_CONFIG}"
        fi
--- a/.github/actions/upload/action.yml
+++ b/.github/actions/upload/action.yml
@@ -7,10 +7,6 @@ inputs:
  path:
    description: "A directory or file to upload"
    required: true
  skip-if-does-not-exist:
    description: "Allow to skip if path doesn't exist, fail otherwise"
    default: false
    required: false
  prefix:
    description: "S3 prefix. Default is '${GITHUB_SHA}/${GITHUB_RUN_ID}/${GITHUB_RUN_ATTEMPT}'"
    required: false
@@ -19,12 +15,10 @@ runs:
  using: "composite"
  steps:
    - name: Prepare artifact
      id: prepare-artifact
      shell: bash -euxo pipefail {0}
      env:
        SOURCE: ${{ inputs.path }}
        ARCHIVE: /tmp/uploads/${{ inputs.name }}.tar.zst
        SKIP_IF_DOES_NOT_EXIST: ${{ inputs.skip-if-does-not-exist }}
      run: |
        mkdir -p $(dirname $ARCHIVE)
@@ -39,22 +33,14 @@ runs:
        elif [ -f ${SOURCE} ]; then
          time tar -cf ${ARCHIVE} --zstd ${SOURCE}
        elif ! ls ${SOURCE} > /dev/null 2>&1; then
-          if [ "${SKIP_IF_DOES_NOT_EXIST}" = "true" ]; then
+          echo >&2 "${SOURCE} does not exist"
-            echo 'SKIPPED=true' >> $GITHUB_OUTPUT
+          exit 2
            exit 0
          else
            echo >&2 "${SOURCE} does not exist"
            exit 2
          fi
        else
          echo >&2 "${SOURCE} is neither a directory nor a file, do not know how to handle it"
          exit 3
        fi
        echo 'SKIPPED=false' >> $GITHUB_OUTPUT
    - name: Upload artifact
      if: ${{ steps.prepare-artifact.outputs.SKIPPED == 'false' }}
      shell: bash -euxo pipefail {0}
      env:
        SOURCE: ${{ inputs.path }}
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@@ -1,3 +1,14 @@
 ## Problem
 ## Summary of changes
 ## Checklist before requesting a review
 - [ ] I have performed a self-review of my code.
 - [ ] If it is a core feature, I have added thorough tests.
 - [ ] Do we need to implement analytics? if so did you add the relevant metrics to the dashboard?
 - [ ] If this PR requires public announcement, mark it with /release-notes label and add several sentences in this section.
 ## Checklist before merging
 - [ ] Do not forget to reformat commit message to not include the above checklist
--- a/.github/workflows/_benchmarking_preparation.yml
+++ b/.github/workflows/_benchmarking_preparation.yml
@@ -10,10 +10,6 @@ defaults:
 jobs:
  setup-databases:
    permissions:
      contents: write
      statuses: write
      id-token: write # aws-actions/configure-aws-credentials
    strategy:
      fail-fast: false
      matrix:
@@ -27,10 +23,7 @@ jobs:
    runs-on: [ self-hosted, us-east-2, x64 ]
    container:
-      image: neondatabase/build-tools:pinned-bookworm
+      image: 369495373322.dkr.ecr.eu-central-1.amazonaws.com/build-tools:pinned
      credentials:
        username: ${{ secrets.NEON_DOCKERHUB_USERNAME }}
        password: ${{ secrets.NEON_DOCKERHUB_PASSWORD }}
      options: --init
    steps:
@@ -57,13 +50,6 @@ jobs:
    - uses: actions/checkout@v4
    - name: Configure AWS credentials
      uses: aws-actions/configure-aws-credentials@v4
      with:
        aws-region: eu-central-1
        role-to-assume: ${{ vars.DEV_AWS_OIDC_ROLE_ARN }}
        role-duration-seconds: 18000 # 5 hours
    - name: Download Neon artifact
      uses: ./.github/actions/download
      with:
--- a/.github/workflows/_build-and-test-locally.yml
+++ b/.github/workflows/_build-and-test-locally.yml
@@ -19,8 +19,8 @@ on:
        description: 'debug or release'
        required: true
        type: string
-      test-cfg:
+      pg-versions:
-        description: 'a json object of postgres versions and lfc states to run regression tests on'
+        description: 'a json array of postgres versions to run regression tests on'
        required: true
        type: string
@@ -53,6 +53,20 @@ jobs:
      BUILD_TAG: ${{ inputs.build-tag }}
    steps:
      - name: Fix git ownership
        run: |
          # Workaround for `fatal: detected dubious ownership in repository at ...`
          #
          # Use both ${{ github.workspace }} and ${GITHUB_WORKSPACE} because they're different on host and in containers
          #   Ref https://github.com/actions/checkout/issues/785
          #
          git config --global --add safe.directory ${{ github.workspace }}
          git config --global --add safe.directory ${GITHUB_WORKSPACE}
          for r in 14 15 16 17; do
            git config --global --add safe.directory "${{ github.workspace }}/vendor/postgres-v$r"
            git config --global --add safe.directory "${GITHUB_WORKSPACE}/vendor/postgres-v$r"
          done
      - uses: actions/checkout@v4
        with:
          submodules: true
@@ -110,28 +124,28 @@ jobs:
        uses: actions/cache@v4
        with:
          path: pg_install/v14
-          key: v1-${{ runner.os }}-${{ runner.arch }}-${{ inputs.build-type }}-pg-${{ steps.pg_v14_rev.outputs.pg_rev }}-bookworm-${{ hashFiles('Makefile', 'build-tools.Dockerfile') }}
+          key: v1-${{ runner.os }}-${{ runner.arch }}-${{ inputs.build-type }}-pg-${{ steps.pg_v14_rev.outputs.pg_rev }}-${{ hashFiles('Makefile', 'Dockerfile.build-tools') }}
      - name: Cache postgres v15 build
        id: cache_pg_15
        uses: actions/cache@v4
        with:
          path: pg_install/v15
-          key: v1-${{ runner.os }}-${{ runner.arch }}-${{ inputs.build-type }}-pg-${{ steps.pg_v15_rev.outputs.pg_rev }}-bookworm-${{ hashFiles('Makefile', 'build-tools.Dockerfile') }}
+          key: v1-${{ runner.os }}-${{ runner.arch }}-${{ inputs.build-type }}-pg-${{ steps.pg_v15_rev.outputs.pg_rev }}-${{ hashFiles('Makefile', 'Dockerfile.build-tools') }}
      - name: Cache postgres v16 build
        id: cache_pg_16
        uses: actions/cache@v4
        with:
          path: pg_install/v16
-          key: v1-${{ runner.os }}-${{ runner.arch }}-${{ inputs.build-type }}-pg-${{ steps.pg_v16_rev.outputs.pg_rev }}-bookworm-${{ hashFiles('Makefile', 'build-tools.Dockerfile') }}
+          key: v1-${{ runner.os }}-${{ runner.arch }}-${{ inputs.build-type }}-pg-${{ steps.pg_v16_rev.outputs.pg_rev }}-${{ hashFiles('Makefile', 'Dockerfile.build-tools') }}
      - name: Cache postgres v17 build
        id: cache_pg_17
        uses: actions/cache@v4
        with:
          path: pg_install/v17
-          key: v1-${{ runner.os }}-${{ runner.arch }}-${{ inputs.build-type }}-pg-${{ steps.pg_v17_rev.outputs.pg_rev }}-bookworm-${{ hashFiles('Makefile', 'build-tools.Dockerfile') }}
+          key: v1-${{ runner.os }}-${{ runner.arch }}-${{ inputs.build-type }}-pg-${{ steps.pg_v17_rev.outputs.pg_rev }}-${{ hashFiles('Makefile', 'Dockerfile.build-tools') }}
      - name: Build postgres v14
        if: steps.cache_pg_14.outputs.cache-hit != 'true'
@@ -222,7 +236,9 @@ jobs:
          # run pageserver tests with different settings
          for io_engine in std-fs tokio-epoll-uring ; do
-            NEON_PAGESERVER_UNIT_TEST_VIRTUAL_FILE_IOENGINE=$io_engine ${cov_prefix} cargo nextest run $CARGO_FLAGS $CARGO_FEATURES  -E 'package(pageserver)'
+            for io_buffer_alignment in 0 1 512 ; do
              NEON_PAGESERVER_UNIT_TEST_VIRTUAL_FILE_IOENGINE=$io_engine NEON_PAGESERVER_UNIT_TEST_IO_BUFFER_ALIGNMENT=$io_buffer_alignment ${cov_prefix} cargo nextest run $CARGO_FLAGS $CARGO_FEATURES  -E 'package(pageserver)'
            done
          done
          # Run separate tests for real S3
@@ -241,15 +257,7 @@ jobs:
          ${cov_prefix} cargo nextest run $CARGO_FLAGS $CARGO_FEATURES -E 'package(remote_storage)' -E 'test(test_real_azure)'
      - name: Install postgres binaries
-        run: |
+        run: cp -a pg_install /tmp/neon/pg_install
          # Use tar to copy files matching the pattern, preserving the paths in the destionation
          tar c \
            pg_install/v* \
            pg_install/build/*/src/test/regress/*.so \
            pg_install/build/*/src/test/regress/pg_regress \
            pg_install/build/*/src/test/isolation/isolationtester \
            pg_install/build/*/src/test/isolation/pg_isolation_regress \
            | tar  x -C /tmp/neon
      - name: Upload Neon artifact
        uses: ./.github/actions/upload
@@ -276,14 +284,14 @@ jobs:
      options: --init --shm-size=512mb --ulimit memlock=67108864:67108864
    strategy:
      fail-fast: false
-      matrix: ${{ fromJSON(format('{{"include":{0}}}', inputs.test-cfg)) }}
+      matrix:
        pg_version: ${{ fromJson(inputs.pg-versions) }}
    steps:
      - uses: actions/checkout@v4
        with:
          submodules: true
      - name: Pytest regression tests
        continue-on-error: ${{ matrix.lfc_state == 'with-lfc' }}
        uses: ./.github/actions/run-python-test-set
        timeout-minutes: 60
        with:
@@ -293,14 +301,13 @@ jobs:
          run_with_real_s3: true
          real_s3_bucket: neon-github-ci-tests
          real_s3_region: eu-central-1
-          rerun_failed: true
+          rerun_flaky: true
          pg_version: ${{ matrix.pg_version }}
        env:
          TEST_RESULT_CONNSTR: ${{ secrets.REGRESS_TEST_RESULT_CONNSTR_NEW }}
          CHECK_ONDISK_DATA_COMPATIBILITY: nonempty
          BUILD_TAG: ${{ inputs.build-tag }}
          PAGESERVER_VIRTUAL_FILE_IO_ENGINE: tokio-epoll-uring
          USE_LFC: ${{ matrix.lfc_state == 'with-lfc' && 'true' || 'false' }}
      # Temporary disable this step until we figure out why it's so flaky
      # Ref https://github.com/neondatabase/neon/issues/4540
--- a/.github/workflows/_check-codestyle-python.yml
+++ b/.github/workflows/_check-codestyle-python.yml
@@ -1,37 +0,0 @@
 name: Check Codestyle Python
 on:
  workflow_call:
    inputs:
      build-tools-image:
        description: 'build-tools image'
        required: true
        type: string
 defaults:
  run:
    shell: bash -euxo pipefail {0}
 jobs:
  check-codestyle-python:
    runs-on: [ self-hosted, small ]
    container:
      image: ${{ inputs.build-tools-image }}
      credentials:
        username: ${{ secrets.NEON_DOCKERHUB_USERNAME }}
        password: ${{ secrets.NEON_DOCKERHUB_PASSWORD }}
      options: --init
    steps:
      - uses: actions/checkout@v4
      - uses: actions/cache@v4
        with:
          path: ~/.cache/pypoetry/virtualenvs
          key: v2-${{ runner.os }}-${{ runner.arch }}-python-deps-bookworm-${{ hashFiles('poetry.lock') }}
      - run: ./scripts/pysync
      - run: poetry run ruff check .
      - run: poetry run ruff format --check .
      - run: poetry run mypy .
--- a/.github/workflows/_create-release-pr.yml
+++ b/.github/workflows/_create-release-pr.yml
@@ -1,79 +0,0 @@
 name: Create Release PR
 on:
  workflow_call:
    inputs:
      component-name:
        description: 'Component name'
        required: true
        type: string
      release-branch:
        description: 'Release branch'
        required: true
        type: string
    secrets:
      ci-access-token:
        description: 'CI access token'
        required: true
 defaults:
  run:
    shell: bash -euo pipefail {0}
 jobs:
  create-release-branch:
    runs-on: ubuntu-22.04
    permissions:
      contents: write # for `git push`
    steps:
    - uses: actions/checkout@v4
      with:
        ref: main
    - name: Set variables
      id: vars
      env:
        COMPONENT_NAME: ${{ inputs.component-name }}
        RELEASE_BRANCH: ${{ inputs.release-branch }}
      run: |
        today=$(date +'%Y-%m-%d')
        echo "title=${COMPONENT_NAME} release ${today}" | tee -a ${GITHUB_OUTPUT}
        echo "rc-branch=rc/${RELEASE_BRANCH}/${today}"  | tee -a ${GITHUB_OUTPUT}
    - name: Configure git
      run: |
        git config user.name "github-actions[bot]"
        git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
    - name: Create RC branch
      env:
        RC_BRANCH: ${{ steps.vars.outputs.rc-branch }}
        TITLE: ${{ steps.vars.outputs.title }}
      run: |
        git checkout -b "${RC_BRANCH}"
        # create an empty commit to distinguish workflow runs
        # from other possible releases from the same commit
        git commit --allow-empty -m "${TITLE}"
        git push origin "${RC_BRANCH}"
    - name: Create a PR into ${{ inputs.release-branch }}
      env:
        GH_TOKEN: ${{ secrets.ci-access-token }}
        RC_BRANCH: ${{ steps.vars.outputs.rc-branch }}
        RELEASE_BRANCH: ${{ inputs.release-branch }}
        TITLE: ${{ steps.vars.outputs.title }}
      run: |
        cat << EOF > body.md
          ## ${TITLE}
          **Please merge this Pull Request using 'Create a merge commit' button**
        EOF
        gh pr create --title "${TITLE}" \
                     --body-file "body.md" \
                     --head "${RC_BRANCH}" \
                     --base "${RELEASE_BRANCH}"
--- a/.github/workflows/benchmarking.yml
+++ b/.github/workflows/benchmarking.yml
@@ -12,6 +12,7 @@ on:
    #          │ │ │ ┌───────────── month (1 - 12 or JAN-DEC)
    #          │ │ │ │ ┌───────────── day of the week (0 - 6 or SUN-SAT)
    - cron:   '0 3 * * *' # run once a day, timezone is utc
  workflow_dispatch: # adds ability to run this manually
    inputs:
      region_id:
@@ -58,7 +59,7 @@ jobs:
    permissions:
      contents: write
      statuses: write
-      id-token: write # aws-actions/configure-aws-credentials
+      id-token: write # Required for OIDC authentication in azure runners
    strategy:
      fail-fast: false
      matrix:
@@ -67,10 +68,12 @@ jobs:
            PLATFORM: "neon-staging"
            region_id: ${{ github.event.inputs.region_id || 'aws-us-east-2' }}
            RUNNER: [ self-hosted, us-east-2, x64 ]
            IMAGE: 369495373322.dkr.ecr.eu-central-1.amazonaws.com/build-tools:pinned
          - DEFAULT_PG_VERSION: 16
            PLATFORM: "azure-staging"
            region_id: 'azure-eastus2'
            RUNNER: [ self-hosted, eastus2, x64 ]
            IMAGE: neondatabase/build-tools:pinned
    env:
      TEST_PG_BENCH_DURATIONS_MATRIX: "300"
      TEST_PG_BENCH_SCALES_MATRIX: "10,100"
@@ -83,10 +86,7 @@ jobs:
    runs-on: ${{ matrix.RUNNER }}
    container:
-      image: neondatabase/build-tools:pinned-bookworm
+      image: ${{ matrix.IMAGE }}
      credentials:
        username: ${{ secrets.NEON_DOCKERHUB_USERNAME }}
        password: ${{ secrets.NEON_DOCKERHUB_PASSWORD }}
      options: --init
    steps:
@@ -122,7 +122,6 @@ jobs:
        run_in_parallel: false
        save_perf_report: ${{ env.SAVE_PERF_REPORT }}
        pg_version: ${{ env.DEFAULT_PG_VERSION }}
        aws_oicd_role_arn: ${{ vars.DEV_AWS_OIDC_ROLE_ARN }}
        # Set --sparse-ordering option of pytest-order plugin
        # to ensure tests are running in order of appears in the file.
        # It's important for test_perf_pgbench.py::test_pgbench_remote_* tests
@@ -134,7 +133,6 @@ jobs:
          --ignore test_runner/performance/test_perf_pgvector_queries.py
          --ignore test_runner/performance/test_logical_replication.py
          --ignore test_runner/performance/test_physical_replication.py
          --ignore test_runner/performance/test_perf_ingest_using_pgcopydb.py
      env:
        BENCHMARK_CONNSTR: ${{ steps.create-neon-project.outputs.dsn }}
        VIP_VAP_ACCESS_TOKEN: "${{ secrets.VIP_VAP_ACCESS_TOKEN }}"
@@ -151,14 +149,12 @@ jobs:
      id: create-allure-report
      if: ${{ !cancelled() }}
      uses: ./.github/actions/allure-report-generate
      with:
        aws_oicd_role_arn: ${{ vars.DEV_AWS_OIDC_ROLE_ARN }}
    - name: Post to a Slack channel
      if: ${{ github.event.schedule && failure() }}
      uses: slackapi/slack-github-action@v1
      with:
-        channel-id: "C06KHQVQ7U3" # on-call-qa-staging-stream
+        channel-id: "C033QLM5P7D" # dev-staging-stream
        slack-message: |
          Periodic perf testing: ${{ job.status }}
          <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|GitHub Run>
@@ -168,10 +164,6 @@ jobs:
  replication-tests:
    if: ${{ github.event.inputs.run_only_pgvector_tests == 'false' || github.event.inputs.run_only_pgvector_tests == null }}
    permissions:
      contents: write
      statuses: write
      id-token: write # aws-actions/configure-aws-credentials
    env:
      POSTGRES_DISTRIB_DIR: /tmp/neon/pg_install
      DEFAULT_PG_VERSION: 16
@@ -182,21 +174,12 @@ jobs:
    runs-on: [ self-hosted, us-east-2, x64 ]
    container:
-      image: neondatabase/build-tools:pinned-bookworm
+      image: 369495373322.dkr.ecr.eu-central-1.amazonaws.com/build-tools:pinned
      credentials:
        username: ${{ secrets.NEON_DOCKERHUB_USERNAME }}
        password: ${{ secrets.NEON_DOCKERHUB_PASSWORD }}
      options: --init
    steps:
    - uses: actions/checkout@v4
    - name: Configure AWS credentials
      uses: aws-actions/configure-aws-credentials@v4
      with:
        aws-region: eu-central-1
        role-to-assume: ${{ vars.DEV_AWS_OIDC_ROLE_ARN }}
        role-duration-seconds: 18000 # 5 hours
    - name: Download Neon artifact
      uses: ./.github/actions/download
@@ -214,7 +197,6 @@ jobs:
        save_perf_report: ${{ env.SAVE_PERF_REPORT }}
        extra_params: -m remote_cluster --timeout 5400
        pg_version: ${{ env.DEFAULT_PG_VERSION }}
        aws_oicd_role_arn: ${{ vars.DEV_AWS_OIDC_ROLE_ARN }}
      env:
        VIP_VAP_ACCESS_TOKEN: "${{ secrets.VIP_VAP_ACCESS_TOKEN }}"
        PERF_TEST_RESULT_CONNSTR: "${{ secrets.PERF_TEST_RESULT_CONNSTR }}"
@@ -231,7 +213,6 @@ jobs:
        save_perf_report: ${{ env.SAVE_PERF_REPORT }}
        extra_params: -m remote_cluster --timeout 5400
        pg_version: ${{ env.DEFAULT_PG_VERSION }}
        aws_oicd_role_arn: ${{ vars.DEV_AWS_OIDC_ROLE_ARN }}
      env:
        VIP_VAP_ACCESS_TOKEN: "${{ secrets.VIP_VAP_ACCESS_TOKEN }}"
        PERF_TEST_RESULT_CONNSTR: "${{ secrets.PERF_TEST_RESULT_CONNSTR }}"
@@ -243,13 +224,11 @@ jobs:
      uses: ./.github/actions/allure-report-generate
      with:
        store-test-results-into-db: true
        aws_oicd_role_arn: ${{ vars.DEV_AWS_OIDC_ROLE_ARN }}
      env:
        REGRESS_TEST_RESULT_CONNSTR_NEW: ${{ secrets.REGRESS_TEST_RESULT_CONNSTR_NEW }}
    # Post both success and failure to the Slack channel
    - name: Post to a Slack channel
-      if: ${{ github.event.schedule && !cancelled() }}
+      if: ${{ github.event.schedule && failure() }}
      uses: slackapi/slack-github-action@v1
      with:
        channel-id: "C06T9AMNDQQ" # on-call-compute-staging-stream
@@ -288,7 +267,7 @@ jobs:
        region_id_default=${{ env.DEFAULT_REGION_ID }}
        runner_default='["self-hosted", "us-east-2", "x64"]'
        runner_azure='["self-hosted", "eastus2", "x64"]'
-        image_default="neondatabase/build-tools:pinned-bookworm"
+        image_default="369495373322.dkr.ecr.eu-central-1.amazonaws.com/build-tools:pinned"
        matrix='{
          "pg_version" : [
            16
@@ -307,9 +286,9 @@ jobs:
          "include": [{ "pg_version": 16, "region_id": "'"$region_id_default"'", "platform": "neonvm-captest-freetier",       "db_size": "3gb" ,"runner": '"$runner_default"', "image": "'"$image_default"'" },
                      { "pg_version": 16, "region_id": "'"$region_id_default"'", "platform": "neonvm-captest-new",            "db_size": "10gb","runner": '"$runner_default"', "image": "'"$image_default"'" },
                      { "pg_version": 16, "region_id": "'"$region_id_default"'", "platform": "neonvm-captest-new",            "db_size": "50gb","runner": '"$runner_default"', "image": "'"$image_default"'" },
-                      { "pg_version": 16, "region_id": "azure-eastus2",          "platform": "neonvm-azure-captest-freetier", "db_size": "3gb" ,"runner": '"$runner_azure"',   "image": "neondatabase/build-tools:pinned-bookworm" },
+                      { "pg_version": 16, "region_id": "azure-eastus2",          "platform": "neonvm-azure-captest-freetier", "db_size": "3gb" ,"runner": '"$runner_azure"',   "image": "neondatabase/build-tools:pinned" },
-                      { "pg_version": 16, "region_id": "azure-eastus2",          "platform": "neonvm-azure-captest-new",      "db_size": "10gb","runner": '"$runner_azure"',   "image": "neondatabase/build-tools:pinned-bookworm" },
+                      { "pg_version": 16, "region_id": "azure-eastus2",          "platform": "neonvm-azure-captest-new",      "db_size": "10gb","runner": '"$runner_azure"',   "image": "neondatabase/build-tools:pinned" },
-                      { "pg_version": 16, "region_id": "azure-eastus2",          "platform": "neonvm-azure-captest-new",      "db_size": "50gb","runner": '"$runner_azure"',   "image": "neondatabase/build-tools:pinned-bookworm" },
+                      { "pg_version": 16, "region_id": "azure-eastus2",          "platform": "neonvm-azure-captest-new",      "db_size": "50gb","runner": '"$runner_azure"',   "image": "neondatabase/build-tools:pinned" },
                      { "pg_version": 16, "region_id": "'"$region_id_default"'", "platform": "neonvm-captest-sharding-reuse", "db_size": "50gb","runner": '"$runner_default"', "image": "'"$image_default"'" }]
        }'
@@ -365,7 +344,7 @@ jobs:
    permissions:
      contents: write
      statuses: write
-      id-token: write # aws-actions/configure-aws-credentials
+      id-token: write # Required for OIDC authentication in azure runners
    strategy:
      fail-fast: false
@@ -392,7 +371,7 @@ jobs:
    steps:
    - uses: actions/checkout@v4
-    - name: Configure AWS credentials
+    - name: Configure AWS credentials # necessary on Azure runners
      uses: aws-actions/configure-aws-credentials@v4
      with:
        aws-region: eu-central-1
@@ -452,7 +431,6 @@ jobs:
        save_perf_report: ${{ env.SAVE_PERF_REPORT }}
        extra_params: -m remote_cluster --timeout 21600 -k test_pgbench_remote_init
        pg_version: ${{ env.DEFAULT_PG_VERSION }}
        aws_oicd_role_arn: ${{ vars.DEV_AWS_OIDC_ROLE_ARN }}
      env:
        BENCHMARK_CONNSTR: ${{ steps.set-up-connstr.outputs.connstr }}
        VIP_VAP_ACCESS_TOKEN: "${{ secrets.VIP_VAP_ACCESS_TOKEN }}"
@@ -467,7 +445,6 @@ jobs:
        save_perf_report: ${{ env.SAVE_PERF_REPORT }}
        extra_params: -m remote_cluster --timeout 21600 -k test_pgbench_remote_simple_update
        pg_version: ${{ env.DEFAULT_PG_VERSION }}
        aws_oicd_role_arn: ${{ vars.DEV_AWS_OIDC_ROLE_ARN }}
      env:
        BENCHMARK_CONNSTR: ${{ steps.set-up-connstr.outputs.connstr }}
        VIP_VAP_ACCESS_TOKEN: "${{ secrets.VIP_VAP_ACCESS_TOKEN }}"
@@ -482,7 +459,6 @@ jobs:
        save_perf_report: ${{ env.SAVE_PERF_REPORT }}
        extra_params: -m remote_cluster --timeout 21600 -k test_pgbench_remote_select_only
        pg_version: ${{ env.DEFAULT_PG_VERSION }}
        aws_oicd_role_arn: ${{ vars.DEV_AWS_OIDC_ROLE_ARN }}
      env:
        BENCHMARK_CONNSTR: ${{ steps.set-up-connstr.outputs.connstr }}
        VIP_VAP_ACCESS_TOKEN: "${{ secrets.VIP_VAP_ACCESS_TOKEN }}"
@@ -499,14 +475,12 @@ jobs:
      id: create-allure-report
      if: ${{ !cancelled() }}
      uses: ./.github/actions/allure-report-generate
      with:
        aws_oicd_role_arn: ${{ vars.DEV_AWS_OIDC_ROLE_ARN }}
    - name: Post to a Slack channel
      if: ${{ github.event.schedule && failure() }}
      uses: slackapi/slack-github-action@v1
      with:
-        channel-id: "C06KHQVQ7U3" # on-call-qa-staging-stream
+        channel-id: "C033QLM5P7D" # dev-staging-stream
        slack-message: |
          Periodic perf testing on ${{ matrix.platform }}: ${{ job.status }}
          <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|GitHub Run>
@@ -518,15 +492,17 @@ jobs:
    permissions:
      contents: write
      statuses: write
-      id-token: write # aws-actions/configure-aws-credentials
+      id-token: write # Required for OIDC authentication in azure runners
    strategy:
      fail-fast: false
      matrix:
        include:
          - PLATFORM: "neonvm-captest-pgvector"
            RUNNER: [ self-hosted, us-east-2, x64 ]
            IMAGE: 369495373322.dkr.ecr.eu-central-1.amazonaws.com/build-tools:pinned
          - PLATFORM: "azure-captest-pgvector"
            RUNNER: [ self-hosted, eastus2, x64 ]
            IMAGE: neondatabase/build-tools:pinned
    env:
      TEST_PG_BENCH_DURATIONS_MATRIX: "15m"
@@ -535,16 +511,13 @@ jobs:
      DEFAULT_PG_VERSION: 16
      TEST_OUTPUT: /tmp/test_output
      BUILD_TYPE: remote
-
+      LD_LIBRARY_PATH: /home/nonroot/pg/usr/lib/x86_64-linux-gnu
      SAVE_PERF_REPORT: ${{ github.event.inputs.save_perf_report || ( github.ref_name == 'main' ) }}
      PLATFORM: ${{ matrix.PLATFORM }}
    runs-on: ${{ matrix.RUNNER }}
    container:
-      image: neondatabase/build-tools:pinned-bookworm
+      image: ${{ matrix.IMAGE }}
      credentials:
        username: ${{ secrets.NEON_DOCKERHUB_USERNAME }}
        password: ${{ secrets.NEON_DOCKERHUB_PASSWORD }}
      options: --init
    steps:
@@ -554,26 +527,17 @@ jobs:
    # instead of using Neon artifacts containing pgbench
    - name: Install postgresql-16 where pytest expects it
      run: |
        # Just to make it easier to test things locally on macOS (with arm64)
        arch=$(uname -m | sed 's/x86_64/amd64/g' | sed 's/aarch64/arm64/g')
        cd /home/nonroot
-        wget -q "https://apt.postgresql.org/pub/repos/apt/pool/main/p/postgresql-17/libpq5_17.2-1.pgdg120+1_${arch}.deb"
+        wget -q https://apt.postgresql.org/pub/repos/apt/pool/main/p/postgresql-16/libpq5_16.4-1.pgdg110%2B1_amd64.deb
-        wget -q "https://apt.postgresql.org/pub/repos/apt/pool/main/p/postgresql-16/postgresql-client-16_16.6-1.pgdg120+1_${arch}.deb"
+        wget -q https://apt.postgresql.org/pub/repos/apt/pool/main/p/postgresql-16/postgresql-client-16_16.4-1.pgdg110%2B1_amd64.deb
-        wget -q "https://apt.postgresql.org/pub/repos/apt/pool/main/p/postgresql-16/postgresql-16_16.6-1.pgdg120+1_${arch}.deb"
+        wget -q https://apt.postgresql.org/pub/repos/apt/pool/main/p/postgresql-16/postgresql-16_16.4-1.pgdg110%2B1_amd64.deb 
-        dpkg -x libpq5_17.2-1.pgdg120+1_${arch}.deb pg
+        dpkg -x libpq5_16.4-1.pgdg110+1_amd64.deb pg
-        dpkg -x postgresql-16_16.6-1.pgdg120+1_${arch}.deb pg
+        dpkg -x postgresql-client-16_16.4-1.pgdg110+1_amd64.deb pg
-        dpkg -x postgresql-client-16_16.6-1.pgdg120+1_${arch}.deb pg
+        dpkg -x postgresql-16_16.4-1.pgdg110+1_amd64.deb pg
        mkdir -p /tmp/neon/pg_install/v16/bin
        ln -s /home/nonroot/pg/usr/lib/postgresql/16/bin/pgbench /tmp/neon/pg_install/v16/bin/pgbench  
-        ln -s /home/nonroot/pg/usr/lib/postgresql/16/bin/psql    /tmp/neon/pg_install/v16/bin/psql
+        ln -s /home/nonroot/pg/usr/lib/postgresql/16/bin/psql /tmp/neon/pg_install/v16/bin/psql  
-        ln -s /home/nonroot/pg/usr/lib/$(uname -m)-linux-gnu     /tmp/neon/pg_install/v16/lib
+        ln -s /home/nonroot/pg/usr/lib/x86_64-linux-gnu /tmp/neon/pg_install/v16/lib 
        LD_LIBRARY_PATH="/home/nonroot/pg/usr/lib/$(uname -m)-linux-gnu:${LD_LIBRARY_PATH:-}"
        export LD_LIBRARY_PATH
        echo "LD_LIBRARY_PATH=${LD_LIBRARY_PATH}" >> ${GITHUB_ENV}
        /tmp/neon/pg_install/v16/bin/pgbench --version
        /tmp/neon/pg_install/v16/bin/psql --version
@@ -595,7 +559,7 @@ jobs:
        echo "connstr=${CONNSTR}" >> $GITHUB_OUTPUT
-    - name: Configure AWS credentials
+    - name: Configure AWS credentials # necessary on Azure runners to read/write from/to S3
      uses: aws-actions/configure-aws-credentials@v4
      with:
        aws-region: eu-central-1
@@ -611,7 +575,6 @@ jobs:
        save_perf_report: ${{ env.SAVE_PERF_REPORT }}
        extra_params: -m remote_cluster --timeout 21600 -k test_pgvector_indexing
        pg_version: ${{ env.DEFAULT_PG_VERSION }}
        aws_oicd_role_arn: ${{ vars.DEV_AWS_OIDC_ROLE_ARN }}
      env:
        VIP_VAP_ACCESS_TOKEN: "${{ secrets.VIP_VAP_ACCESS_TOKEN }}"
        PERF_TEST_RESULT_CONNSTR: "${{ secrets.PERF_TEST_RESULT_CONNSTR }}"
@@ -626,7 +589,6 @@ jobs:
        save_perf_report: ${{ env.SAVE_PERF_REPORT }}
        extra_params: -m remote_cluster --timeout 21600
        pg_version: ${{ env.DEFAULT_PG_VERSION }}
        aws_oicd_role_arn: ${{ vars.DEV_AWS_OIDC_ROLE_ARN }}
      env:
        BENCHMARK_CONNSTR: ${{ steps.set-up-connstr.outputs.connstr }}
        VIP_VAP_ACCESS_TOKEN: "${{ secrets.VIP_VAP_ACCESS_TOKEN }}"
@@ -636,14 +598,12 @@ jobs:
      id: create-allure-report
      if: ${{ !cancelled() }}
      uses: ./.github/actions/allure-report-generate
      with:
        aws_oicd_role_arn: ${{ vars.DEV_AWS_OIDC_ROLE_ARN }}
    - name: Post to a Slack channel
      if: ${{ github.event.schedule && failure() }}
      uses: slackapi/slack-github-action@v1
      with:
-        channel-id: "C06KHQVQ7U3" # on-call-qa-staging-stream
+        channel-id: "C033QLM5P7D" # dev-staging-stream
        slack-message: |
          Periodic perf testing on ${{ env.PLATFORM }}: ${{ job.status }}
          <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|GitHub Run>
@@ -660,10 +620,6 @@ jobs:
    # *_CLICKBENCH_CONNSTR: Genuine ClickBench DB with ~100M rows
    # *_CLICKBENCH_10M_CONNSTR: DB with the first 10M rows of ClickBench DB
    if: ${{ !cancelled() && (github.event.inputs.run_only_pgvector_tests == 'false' || github.event.inputs.run_only_pgvector_tests == null) }}
    permissions:
      contents: write
      statuses: write
      id-token: write # aws-actions/configure-aws-credentials
    needs: [ generate-matrices, pgbench-compare, prepare_AWS_RDS_databases ]
    strategy:
@@ -682,26 +638,12 @@ jobs:
    runs-on: [ self-hosted, us-east-2, x64 ]
    container:
-      image: neondatabase/build-tools:pinned-bookworm
+      image: 369495373322.dkr.ecr.eu-central-1.amazonaws.com/build-tools:pinned
      credentials:
        username: ${{ secrets.NEON_DOCKERHUB_USERNAME }}
        password: ${{ secrets.NEON_DOCKERHUB_PASSWORD }}
      options: --init
    # Increase timeout to 12h, default timeout is 6h
    # we have regression in clickbench causing it to run 2-3x longer
    timeout-minutes: 720
    steps:
    - uses: actions/checkout@v4
    - name: Configure AWS credentials
      uses: aws-actions/configure-aws-credentials@v4
      with:
        aws-region: eu-central-1
        role-to-assume: ${{ vars.DEV_AWS_OIDC_ROLE_ARN }}
        role-duration-seconds: 18000 # 5 hours
    - name: Download Neon artifact
      uses: ./.github/actions/download
      with:
@@ -737,9 +679,8 @@ jobs:
        test_selection: performance/test_perf_olap.py
        run_in_parallel: false
        save_perf_report: ${{ env.SAVE_PERF_REPORT }}
-        extra_params: -m remote_cluster --timeout 43200 -k test_clickbench
+        extra_params: -m remote_cluster --timeout 21600 -k test_clickbench
        pg_version: ${{ env.DEFAULT_PG_VERSION }}
        aws_oicd_role_arn: ${{ vars.DEV_AWS_OIDC_ROLE_ARN }}
      env:
        VIP_VAP_ACCESS_TOKEN: "${{ secrets.VIP_VAP_ACCESS_TOKEN }}"
        PERF_TEST_RESULT_CONNSTR: "${{ secrets.PERF_TEST_RESULT_CONNSTR }}"
@@ -752,14 +693,12 @@ jobs:
      id: create-allure-report
      if: ${{ !cancelled() }}
      uses: ./.github/actions/allure-report-generate
      with:
        aws_oicd_role_arn: ${{ vars.DEV_AWS_OIDC_ROLE_ARN }}
    - name: Post to a Slack channel
      if: ${{ github.event.schedule && failure() }}
      uses: slackapi/slack-github-action@v1
      with:
-        channel-id: "C06KHQVQ7U3" # on-call-qa-staging-stream
+        channel-id: "C033QLM5P7D" # dev-staging-stream
        slack-message: |
          Periodic OLAP perf testing on ${{ matrix.platform }}: ${{ job.status }}
          <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|GitHub Run>
@@ -775,10 +714,6 @@ jobs:
    #
    # *_TPCH_S10_CONNSTR: DB generated with scale factor 10 (~10 GB)
    if: ${{ !cancelled() && (github.event.inputs.run_only_pgvector_tests == 'false' || github.event.inputs.run_only_pgvector_tests == null) }}
    permissions:
      contents: write
      statuses: write
      id-token: write # aws-actions/configure-aws-credentials
    needs: [ generate-matrices, clickbench-compare, prepare_AWS_RDS_databases ]
    strategy:
@@ -796,22 +731,12 @@ jobs:
    runs-on: [ self-hosted, us-east-2, x64 ]
    container:
-      image: neondatabase/build-tools:pinned-bookworm
+      image: 369495373322.dkr.ecr.eu-central-1.amazonaws.com/build-tools:pinned
      credentials:
        username: ${{ secrets.NEON_DOCKERHUB_USERNAME }}
        password: ${{ secrets.NEON_DOCKERHUB_PASSWORD }}
      options: --init
    steps:
    - uses: actions/checkout@v4
    - name: Configure AWS credentials
      uses: aws-actions/configure-aws-credentials@v4
      with:
        aws-region: eu-central-1
        role-to-assume: ${{ vars.DEV_AWS_OIDC_ROLE_ARN }}
        role-duration-seconds: 18000 # 5 hours
    - name: Download Neon artifact
      uses: ./.github/actions/download
      with:
@@ -856,7 +781,6 @@ jobs:
        save_perf_report: ${{ env.SAVE_PERF_REPORT }}
        extra_params: -m remote_cluster --timeout 21600 -k test_tpch
        pg_version: ${{ env.DEFAULT_PG_VERSION }}
        aws_oicd_role_arn: ${{ vars.DEV_AWS_OIDC_ROLE_ARN }}
      env:
        VIP_VAP_ACCESS_TOKEN: "${{ secrets.VIP_VAP_ACCESS_TOKEN }}"
        PERF_TEST_RESULT_CONNSTR: "${{ secrets.PERF_TEST_RESULT_CONNSTR }}"
@@ -867,14 +791,12 @@ jobs:
      id: create-allure-report
      if: ${{ !cancelled() }}
      uses: ./.github/actions/allure-report-generate
      with:
        aws_oicd_role_arn: ${{ vars.DEV_AWS_OIDC_ROLE_ARN }}
    - name: Post to a Slack channel
      if: ${{ github.event.schedule && failure() }}
      uses: slackapi/slack-github-action@v1
      with:
-        channel-id: "C06KHQVQ7U3" # on-call-qa-staging-stream
+        channel-id: "C033QLM5P7D" # dev-staging-stream
        slack-message: |
          Periodic TPC-H perf testing on ${{ matrix.platform }}: ${{ job.status }}
          <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|GitHub Run>
@@ -884,10 +806,6 @@ jobs:
  user-examples-compare:
    if: ${{ !cancelled() && (github.event.inputs.run_only_pgvector_tests == 'false' || github.event.inputs.run_only_pgvector_tests == null) }}
    permissions:
      contents: write
      statuses: write
      id-token: write # aws-actions/configure-aws-credentials
    needs: [ generate-matrices, tpch-compare, prepare_AWS_RDS_databases ]
    strategy:
@@ -904,22 +822,12 @@ jobs:
    runs-on: [ self-hosted, us-east-2, x64 ]
    container:
-      image: neondatabase/build-tools:pinned-bookworm
+      image: 369495373322.dkr.ecr.eu-central-1.amazonaws.com/build-tools:pinned
      credentials:
        username: ${{ secrets.NEON_DOCKERHUB_USERNAME }}
        password: ${{ secrets.NEON_DOCKERHUB_PASSWORD }}
      options: --init
    steps:
    - uses: actions/checkout@v4
    - name: Configure AWS credentials
      uses: aws-actions/configure-aws-credentials@v4
      with:
        aws-region: eu-central-1
        role-to-assume: ${{ vars.DEV_AWS_OIDC_ROLE_ARN }}
        role-duration-seconds: 18000 # 5 hours
    - name: Download Neon artifact
      uses: ./.github/actions/download
      with:
@@ -957,7 +865,6 @@ jobs:
        save_perf_report: ${{ env.SAVE_PERF_REPORT }}
        extra_params: -m remote_cluster --timeout 21600 -k test_user_examples
        pg_version: ${{ env.DEFAULT_PG_VERSION }}
        aws_oicd_role_arn: ${{ vars.DEV_AWS_OIDC_ROLE_ARN }}
      env:
        VIP_VAP_ACCESS_TOKEN: "${{ secrets.VIP_VAP_ACCESS_TOKEN }}"
        PERF_TEST_RESULT_CONNSTR: "${{ secrets.PERF_TEST_RESULT_CONNSTR }}"
@@ -967,14 +874,12 @@ jobs:
      id: create-allure-report
      if: ${{ !cancelled() }}
      uses: ./.github/actions/allure-report-generate
      with:
        aws_oicd_role_arn: ${{ vars.DEV_AWS_OIDC_ROLE_ARN }}
    - name: Post to a Slack channel
      if: ${{ github.event.schedule && failure() }}
      uses: slackapi/slack-github-action@v1
      with:
-        channel-id: "C06KHQVQ7U3" # on-call-qa-staging-stream
+        channel-id: "C033QLM5P7D" # dev-staging-stream
        slack-message: |
          Periodic TPC-H perf testing on ${{ matrix.platform }}: ${{ job.status }}
          <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|GitHub Run>
--- a/.github/workflows/build-build-tools-image.yml
+++ b/.github/workflows/build-build-tools-image.yml
@@ -3,86 +3,32 @@ name: Build build-tools image
 on:
  workflow_call:
    inputs:
-      archs:
+      image-tag:
-        description: "Json array of architectures to build"
+        description: "build-tools image tag"
-        # Default values are set in `check-image` job, `set-variables` step
+        required: true
        type: string
        required: false
      debians:
        description: "Json array of Debian versions to build"
        # Default values are set in `check-image` job, `set-variables` step
        type: string
        required: false
    outputs:
      image-tag:
        description: "build-tools tag"
-        value: ${{ jobs.check-image.outputs.tag }}
+        value: ${{ inputs.image-tag }}
      image:
        description: "build-tools image"
-        value: neondatabase/build-tools:${{ jobs.check-image.outputs.tag }}
+        value: neondatabase/build-tools:${{ inputs.image-tag }}
 defaults:
  run:
    shell: bash -euo pipefail {0}
-# The initial idea was to prevent the waste of resources by not re-building the `build-tools` image
+concurrency:
-# for the same tag in parallel workflow runs, and queue them to be skipped once we have
+  group: build-build-tools-image-${{ inputs.image-tag }}
-# the first image pushed to Docker registry, but GitHub's concurrency mechanism is not working as expected.
+  cancel-in-progress: false
 # GitHub can't have more than 1 job in a queue and removes the previous one, it causes failures if the dependent jobs.
 #
 # Ref https://github.com/orgs/community/discussions/41518
 #
 # concurrency:
 #   group: build-build-tools-image-${{ inputs.image-tag }}
 #   cancel-in-progress: false
 # No permission for GITHUB_TOKEN by default; the **minimal required** set of permissions should be granted in each job.
 permissions: {}
 jobs:
  check-image:
-    runs-on: ubuntu-22.04
+    uses: ./.github/workflows/check-build-tools-image.yml
    outputs:
      archs: ${{ steps.set-variables.outputs.archs }}
      debians: ${{ steps.set-variables.outputs.debians }}
      tag: ${{ steps.set-variables.outputs.image-tag }}
      everything: ${{ steps.set-more-variables.outputs.everything }}
      found: ${{ steps.set-more-variables.outputs.found }}
    steps:
      - uses: actions/checkout@v4
      - name: Set variables
        id: set-variables
        env:
          ARCHS: ${{ inputs.archs || '["x64","arm64"]' }}
          DEBIANS: ${{ inputs.debians || '["bullseye","bookworm"]' }}
          IMAGE_TAG: |
            ${{ hashFiles('build-tools.Dockerfile',
                          '.github/workflows/build-build-tools-image.yml') }}
        run: |
          echo "archs=${ARCHS}"           | tee -a ${GITHUB_OUTPUT}
          echo "debians=${DEBIANS}"       | tee -a ${GITHUB_OUTPUT}
          echo "image-tag=${IMAGE_TAG}"   | tee -a ${GITHUB_OUTPUT}
      - name: Set more variables
        id: set-more-variables
        env:
          IMAGE_TAG: ${{ steps.set-variables.outputs.image-tag }}
          EVERYTHING: |
            ${{ contains(fromJson(steps.set-variables.outputs.archs), 'x64') &&
                contains(fromJson(steps.set-variables.outputs.archs), 'arm64') &&
                contains(fromJson(steps.set-variables.outputs.debians), 'bullseye') &&
                contains(fromJson(steps.set-variables.outputs.debians), 'bookworm') }}
        run: |
          if docker manifest inspect neondatabase/build-tools:${IMAGE_TAG}; then
            found=true
          else
            found=false
          fi
          echo "everything=${EVERYTHING}" | tee -a ${GITHUB_OUTPUT}
          echo "found=${found}"           | tee -a ${GITHUB_OUTPUT}
  build-image:
    needs: [ check-image ]
@@ -90,15 +36,27 @@ jobs:
    strategy:
      matrix:
-        arch: ${{ fromJson(needs.check-image.outputs.archs) }}
+        arch: [ x64, arm64 ]
        debian: ${{ fromJson(needs.check-image.outputs.debians) }}
    runs-on: ${{ fromJson(format('["self-hosted", "{0}"]', matrix.arch == 'arm64' && 'large-arm64' || 'large')) }}
    env:
      IMAGE_TAG: ${{ inputs.image-tag }}
    steps:
      - name: Check `input.tag` is correct
        env:
          INPUTS_IMAGE_TAG: ${{ inputs.image-tag }}
          CHECK_IMAGE_TAG : ${{ needs.check-image.outputs.image-tag }}
        run: |
          if [ "${INPUTS_IMAGE_TAG}" != "${CHECK_IMAGE_TAG}" ]; then
            echo "'inputs.image-tag' (${INPUTS_IMAGE_TAG}) does not match the tag of the latest build-tools image 'inputs.image-tag' (${CHECK_IMAGE_TAG})"
            exit 1
          fi
      - uses: actions/checkout@v4
-      - uses: neondatabase/dev-actions/set-docker-config-dir@6094485bf440001c94a94a3f9e221e81ff6b6193
+      - uses: ./.github/actions/set-docker-config-dir
      - uses: docker/setup-buildx-action@v3
        with:
          cache-binary: false
@@ -116,22 +74,22 @@ jobs:
      - uses: docker/build-push-action@v6
        with:
          file: build-tools.Dockerfile
          context: .
          provenance: false
          push: true
          pull: true
-          build-args: |
+          file: Dockerfile.build-tools
-            DEBIAN_VERSION=${{ matrix.debian }}
+          cache-from: type=registry,ref=cache.neon.build/build-tools:cache-${{ matrix.arch }}
-          cache-from: type=registry,ref=cache.neon.build/build-tools:cache-${{ matrix.debian }}-${{ matrix.arch }}
+          cache-to: ${{ github.ref_name == 'main' && format('type=registry,ref=cache.neon.build/build-tools:cache-{0},mode=max', matrix.arch) || '' }}
-          cache-to: ${{ github.ref_name == 'main' && format('type=registry,ref=cache.neon.build/build-tools:cache-{0}-{1},mode=max', matrix.debian, matrix.arch) || '' }}
+          tags: neondatabase/build-tools:${{ inputs.image-tag }}-${{ matrix.arch }}
          tags: |
            neondatabase/build-tools:${{ needs.check-image.outputs.tag }}-${{ matrix.debian }}-${{ matrix.arch }}
  merge-images:
-    needs: [ check-image, build-image ]
+    needs: [ build-image ]
    runs-on: ubuntu-22.04
    env:
      IMAGE_TAG: ${{ inputs.image-tag }}
    steps:
      - uses: docker/login-action@v3
        with:
@@ -139,23 +97,7 @@ jobs:
          password: ${{ secrets.NEON_DOCKERHUB_PASSWORD }}
      - name: Create multi-arch image
        env:
          DEFAULT_DEBIAN_VERSION: bookworm
          ARCHS: ${{ join(fromJson(needs.check-image.outputs.archs), ' ') }}
          DEBIANS: ${{ join(fromJson(needs.check-image.outputs.debians), ' ') }}
          EVERYTHING: ${{ needs.check-image.outputs.everything }}
          IMAGE_TAG: ${{ needs.check-image.outputs.tag }}
        run: |
-          for debian in ${DEBIANS}; do
+          docker buildx imagetools create -t neondatabase/build-tools:${IMAGE_TAG} \
-            tags=("-t" "neondatabase/build-tools:${IMAGE_TAG}-${debian}")
+                                             neondatabase/build-tools:${IMAGE_TAG}-x64 \
-
+                                             neondatabase/build-tools:${IMAGE_TAG}-arm64
            if [ "${EVERYTHING}" == "true" ] && [ "${debian}" == "${DEFAULT_DEBIAN_VERSION}" ]; then
              tags+=("-t" "neondatabase/build-tools:${IMAGE_TAG}")
            fi
            for arch in ${ARCHS}; do
              tags+=("neondatabase/build-tools:${IMAGE_TAG}-${debian}-${arch}")
            done
            docker buildx imagetools create "${tags[@]}"
          done
--- a/.github/workflows/build_and_test.yml
+++ b/.github/workflows/build_and_test.yml
@@ -6,7 +6,6 @@ on:
      - main
      - release
      - release-proxy
      - release-compute
  pull_request:
 defaults:
@@ -71,28 +70,25 @@ jobs:
            echo "tag=release-$(git rev-list --count HEAD)" >> $GITHUB_OUTPUT
          elif [[ "$GITHUB_REF_NAME" == "release-proxy" ]]; then
            echo "tag=release-proxy-$(git rev-list --count HEAD)" >> $GITHUB_OUTPUT
          elif [[ "$GITHUB_REF_NAME" == "release-compute" ]]; then
            echo "tag=release-compute-$(git rev-list --count HEAD)" >> $GITHUB_OUTPUT
          else
-            echo "GITHUB_REF_NAME (value '$GITHUB_REF_NAME') is not set to either 'main' or 'release', 'release-proxy', 'release-compute'"
+            echo "GITHUB_REF_NAME (value '$GITHUB_REF_NAME') is not set to either 'main' or 'release'"
            echo "tag=$GITHUB_RUN_ID" >> $GITHUB_OUTPUT
          fi
        shell: bash
        id: build-tag
-  build-build-tools-image:
+  check-build-tools-image:
    needs: [ check-permissions ]
    uses: ./.github/workflows/check-build-tools-image.yml
  build-build-tools-image:
    needs: [ check-build-tools-image ]
    uses: ./.github/workflows/build-build-tools-image.yml
    with:
      image-tag: ${{ needs.check-build-tools-image.outputs.image-tag }}
    secrets: inherit
  check-codestyle-python:
    needs: [ check-permissions, build-build-tools-image ]
    uses: ./.github/workflows/_check-codestyle-python.yml
    with:
      build-tools-image: ${{ needs.build-build-tools-image.outputs.image }}-bookworm
    secrets: inherit
  check-codestyle-jsonnet:
    needs: [ check-permissions, build-build-tools-image ]
    runs-on: [ self-hosted, small ]
    container:
@@ -106,63 +102,23 @@ jobs:
      - name: Checkout
        uses: actions/checkout@v4
-      - name: Check Jsonnet code formatting
+      - name: Cache poetry deps
-        run: |
+        uses: actions/cache@v4
          make -C compute jsonnetfmt-test
  # Check that the vendor/postgres-* submodules point to the
  # corresponding REL_*_STABLE_neon branches.
  check-submodules:
    needs: [ check-permissions ]
    runs-on: ubuntu-22.04
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
-          submodules: true
+          path: ~/.cache/pypoetry/virtualenvs
          key: v2-${{ runner.os }}-${{ runner.arch }}-python-deps-${{ hashFiles('poetry.lock') }}
-      - uses: dorny/paths-filter@v3
+      - name: Install Python deps
-        id: check-if-submodules-changed
+        run: ./scripts/pysync
        with:
          filters: |
            vendor:
              - 'vendor/**'
-      - name: Check vendor/postgres-v14 submodule reference
+      - name: Run `ruff check` to ensure code format
-        if: steps.check-if-submodules-changed.outputs.vendor == 'true'
+        run: poetry run ruff check .
        uses: jtmullen/submodule-branch-check-action@v1
        with:
          path: "vendor/postgres-v14"
          fetch_depth: "50"
          sub_fetch_depth: "50"
          pass_if_unchanged: true
-      - name: Check vendor/postgres-v15 submodule reference
+      - name: Run `ruff format` to ensure code format
-        if: steps.check-if-submodules-changed.outputs.vendor == 'true'
+        run: poetry run ruff format --check .
        uses: jtmullen/submodule-branch-check-action@v1
        with:
          path: "vendor/postgres-v15"
          fetch_depth: "50"
          sub_fetch_depth: "50"
          pass_if_unchanged: true
-      - name: Check vendor/postgres-v16 submodule reference
+      - name: Run mypy to check types
-        if: steps.check-if-submodules-changed.outputs.vendor == 'true'
+        run: poetry run mypy .
        uses: jtmullen/submodule-branch-check-action@v1
        with:
          path: "vendor/postgres-v16"
          fetch_depth: "50"
          sub_fetch_depth: "50"
          pass_if_unchanged: true
      - name: Check vendor/postgres-v17 submodule reference
        if: steps.check-if-submodules-changed.outputs.vendor == 'true'
        uses: jtmullen/submodule-branch-check-action@v1
        with:
          path: "vendor/postgres-v17"
          fetch_depth: "50"
          sub_fetch_depth: "50"
          pass_if_unchanged: true
  check-codestyle-rust:
    needs: [ check-permissions, build-build-tools-image ]
@@ -172,7 +128,7 @@ jobs:
    runs-on: ${{ fromJson(format('["self-hosted", "{0}"]', matrix.arch == 'arm64' && 'small-arm64' || 'small')) }}
    container:
-      image: ${{ needs.build-build-tools-image.outputs.image }}-bookworm
+      image: ${{ needs.build-build-tools-image.outputs.image }}
      credentials:
        username: ${{ secrets.NEON_DOCKERHUB_USERNAME }}
        password: ${{ secrets.NEON_DOCKERHUB_PASSWORD }}
@@ -184,15 +140,16 @@ jobs:
        with:
          submodules: true
-      - name: Cache cargo deps
+#      Disabled for now
-        uses: actions/cache@v4
+#      - name: Restore cargo deps cache
-        with:
+#        id: cache_cargo
-          path: |
+#        uses: actions/cache@v4
-            ~/.cargo/registry
+#        with:
-            !~/.cargo/registry/src
+#          path: |
-            ~/.cargo/git
+#            !~/.cargo/registry/src
-            target
+#            ~/.cargo/git/
-          key: v1-${{ runner.os }}-${{ runner.arch }}-cargo-${{ hashFiles('./Cargo.lock') }}-${{ hashFiles('./rust-toolchain.toml') }}-rust
+#            target/
 #          key: v1-${{ runner.os }}-${{ runner.arch }}-cargo-clippy-${{ hashFiles('rust-toolchain.toml') }}-${{ hashFiles('Cargo.lock') }}
      # Some of our rust modules use FFI and need those to be checked
      - name: Get postgres headers
@@ -252,18 +209,11 @@ jobs:
    uses: ./.github/workflows/_build-and-test-locally.yml
    with:
      arch: ${{ matrix.arch }}
-      build-tools-image: ${{ needs.build-build-tools-image.outputs.image }}-bookworm
+      build-tools-image: ${{ needs.build-build-tools-image.outputs.image }}
      build-tag: ${{ needs.tag.outputs.build-tag }}
      build-type: ${{ matrix.build-type }}
      # Run tests on all Postgres versions in release builds and only on the latest version in debug builds
-      # run without LFC on v17 release only
+      pg-versions: ${{ matrix.build-type == 'release' && '["v14", "v15", "v16", "v17"]' || '["v17"]' }}
      test-cfg: |
        ${{ matrix.build-type == 'release' && '[{"pg_version":"v14", "lfc_state": "without-lfc"},
                                                {"pg_version":"v15", "lfc_state": "without-lfc"},
                                                {"pg_version":"v16", "lfc_state": "without-lfc"},
                                                {"pg_version":"v17", "lfc_state": "without-lfc"},
                                                {"pg_version":"v17", "lfc_state": "with-lfc"}]'
                                           || '[{"pg_version":"v17", "lfc_state": "without-lfc"}]' }}
    secrets: inherit
  # Keep `benchmarks` job outside of `build-and-test-locally` workflow to make job failures non-blocking
@@ -274,7 +224,7 @@ jobs:
    needs: [ check-permissions, build-build-tools-image ]
    runs-on: [ self-hosted, small ]
    container:
-      image: ${{ needs.build-build-tools-image.outputs.image }}-bookworm
+      image: ${{ needs.build-build-tools-image.outputs.image }}
      credentials:
        username: ${{ secrets.NEON_DOCKERHUB_USERNAME }}
        password: ${{ secrets.NEON_DOCKERHUB_PASSWORD }}
@@ -287,7 +237,7 @@ jobs:
        uses: actions/cache@v4
        with:
          path: ~/.cache/pypoetry/virtualenvs
-          key: v2-${{ runner.os }}-${{ runner.arch }}-python-deps-bookworm-${{ hashFiles('poetry.lock') }}
+          key: v1-${{ runner.os }}-${{ runner.arch }}-python-deps-${{ hashFiles('poetry.lock') }}
      - name: Install Python deps
        run: ./scripts/pysync
@@ -307,7 +257,7 @@ jobs:
    needs: [ check-permissions, build-and-test-locally, build-build-tools-image, get-benchmarks-durations ]
    runs-on: [ self-hosted, small ]
    container:
-      image: ${{ needs.build-build-tools-image.outputs.image }}-bookworm
+      image: ${{ needs.build-build-tools-image.outputs.image }}
      credentials:
        username: ${{ secrets.NEON_DOCKERHUB_USERNAME }}
        password: ${{ secrets.NEON_DOCKERHUB_PASSWORD }}
@@ -338,7 +288,7 @@ jobs:
          PERF_TEST_RESULT_CONNSTR: "${{ secrets.PERF_TEST_RESULT_CONNSTR }}"
          TEST_RESULT_CONNSTR: "${{ secrets.REGRESS_TEST_RESULT_CONNSTR_NEW }}"
          PAGESERVER_VIRTUAL_FILE_IO_ENGINE: tokio-epoll-uring
-          SYNC_BETWEEN_TESTS: true
+          SYNC_AFTER_EACH_TEST: true
      # XXX: no coverage data handling here, since benchmarks are run on release builds,
      # while coverage is currently collected for the debug ones
@@ -365,7 +315,7 @@ jobs:
    runs-on: [ self-hosted, small ]
    container:
-      image: ${{ needs.build-build-tools-image.outputs.image }}-bookworm
+      image: ${{ needs.build-build-tools-image.outputs.image }}
      credentials:
        username: ${{ secrets.NEON_DOCKERHUB_USERNAME }}
        password: ${{ secrets.NEON_DOCKERHUB_PASSWORD }}
@@ -413,7 +363,7 @@ jobs:
    needs: [ check-permissions, build-build-tools-image, build-and-test-locally ]
    runs-on: [ self-hosted, small ]
    container:
-      image: ${{ needs.build-build-tools-image.outputs.image }}-bookworm
+      image: ${{ needs.build-build-tools-image.outputs.image }}
      credentials:
        username: ${{ secrets.NEON_DOCKERHUB_USERNAME }}
        password: ${{ secrets.NEON_DOCKERHUB_PASSWORD }}
@@ -501,8 +451,6 @@ jobs:
          REPORT_URL_NEW: ${{ steps.upload-coverage-report-new.outputs.report-url }}
          COMMIT_SHA: ${{ github.event.pull_request.head.sha || github.sha }}
        with:
          # Retry script for 5XX server errors: https://github.com/actions/github-script#retries
          retries: 5
          script: |
            const { REPORT_URL_NEW, COMMIT_SHA } = process.env
@@ -516,7 +464,7 @@ jobs:
            })
  trigger-e2e-tests:
-    if: ${{ !github.event.pull_request.draft || contains( github.event.pull_request.labels.*.name, 'run-e2e-tests-in-draft') || github.ref_name == 'main' || github.ref_name == 'release' || github.ref_name == 'release-proxy' || github.ref_name == 'release-compute' }}
+    if: ${{ !github.event.pull_request.draft || contains( github.event.pull_request.labels.*.name, 'run-e2e-tests-in-draft') || github.ref_name == 'main' || github.ref_name == 'release' || github.ref_name == 'release-proxy' }}
    needs: [ check-permissions, promote-images, tag ]
    uses: ./.github/workflows/trigger-e2e-tests.yml
    secrets: inherit
@@ -534,7 +482,7 @@ jobs:
        with:
          submodules: true
-      - uses: neondatabase/dev-actions/set-docker-config-dir@6094485bf440001c94a94a3f9e221e81ff6b6193
+      - uses: ./.github/actions/set-docker-config-dir
      - uses: docker/setup-buildx-action@v3
        with:
          cache-binary: false
@@ -559,16 +507,15 @@ jobs:
            ADDITIONAL_RUSTFLAGS=${{ matrix.arch == 'arm64' && '-Ctarget-feature=+lse -Ctarget-cpu=neoverse-n1' || '' }}
            GIT_VERSION=${{ github.event.pull_request.head.sha || github.sha }}
            BUILD_TAG=${{ needs.tag.outputs.build-tag }}
-            TAG=${{ needs.build-build-tools-image.outputs.image-tag }}-bookworm
+            TAG=${{ needs.build-build-tools-image.outputs.image-tag }}
            DEBIAN_VERSION=bookworm
          provenance: false
          push: true
          pull: true
          file: Dockerfile
-          cache-from: type=registry,ref=cache.neon.build/neon:cache-bookworm-${{ matrix.arch }}
+          cache-from: type=registry,ref=cache.neon.build/neon:cache-${{ matrix.arch }}
-          cache-to: ${{ github.ref_name == 'main' && format('type=registry,ref=cache.neon.build/neon:cache-{0}-{1},mode=max', 'bookworm', matrix.arch) || '' }}
+          cache-to: ${{ github.ref_name == 'main' && format('type=registry,ref=cache.neon.build/neon:cache-{0},mode=max', matrix.arch) || '' }}
          tags: |
-            neondatabase/neon:${{ needs.tag.outputs.build-tag }}-bookworm-${{ matrix.arch }}
+            neondatabase/neon:${{ needs.tag.outputs.build-tag }}-${{ matrix.arch }}
  neon-image:
    needs: [ neon-image-arch, tag ]
@@ -583,9 +530,8 @@ jobs:
      - name: Create multi-arch image
        run: |
          docker buildx imagetools create -t neondatabase/neon:${{ needs.tag.outputs.build-tag }} \
-                                          -t neondatabase/neon:${{ needs.tag.outputs.build-tag }}-bookworm \
+                                             neondatabase/neon:${{ needs.tag.outputs.build-tag }}-x64 \
-                                             neondatabase/neon:${{ needs.tag.outputs.build-tag }}-bookworm-x64 \
+                                             neondatabase/neon:${{ needs.tag.outputs.build-tag }}-arm64
                                             neondatabase/neon:${{ needs.tag.outputs.build-tag }}-bookworm-arm64
      - uses: docker/login-action@v3
        with:
@@ -603,19 +549,7 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        version:
+        version: [ v14, v15, v16, v17 ]
          # Much data was already generated on old PG versions with bullseye's
          # libraries, the locales of which can cause data incompatibilities.
          # However, new PG versions should be build on newer images,
          # as that reduces the support burden of old and ancient distros.
          - pg: v14
            debian: bullseye
          - pg: v15
            debian: bullseye
          - pg: v16
            debian: bullseye
          - pg: v17
            debian: bookworm
        arch: [ x64, arm64 ]
    runs-on: ${{ fromJson(format('["self-hosted", "{0}"]', matrix.arch == 'arm64' && 'large-arm64' || 'large')) }}
@@ -625,7 +559,7 @@ jobs:
        with:
          submodules: true
-      - uses: neondatabase/dev-actions/set-docker-config-dir@6094485bf440001c94a94a3f9e221e81ff6b6193
+      - uses: ./.github/actions/set-docker-config-dir
      - uses: docker/setup-buildx-action@v3
        with:
          cache-binary: false
@@ -658,45 +592,41 @@ jobs:
          context: .
          build-args: |
            GIT_VERSION=${{ github.event.pull_request.head.sha || github.sha }}
-            PG_VERSION=${{ matrix.version.pg }}
+            PG_VERSION=${{ matrix.version }}
            BUILD_TAG=${{ needs.tag.outputs.build-tag }}
-            TAG=${{ needs.build-build-tools-image.outputs.image-tag }}-${{ matrix.version.debian }}
+            TAG=${{ needs.build-build-tools-image.outputs.image-tag }}
            DEBIAN_VERSION=${{ matrix.version.debian }}
          provenance: false
          push: true
          pull: true
-          file: compute/compute-node.Dockerfile
+          file: Dockerfile.compute-node
-          cache-from: type=registry,ref=cache.neon.build/compute-node-${{ matrix.version.pg }}:cache-${{ matrix.version.debian }}-${{ matrix.arch }}
+          cache-from: type=registry,ref=cache.neon.build/compute-node-${{ matrix.version }}:cache-${{ matrix.arch }}
-          cache-to: ${{ github.ref_name == 'main' && format('type=registry,ref=cache.neon.build/compute-node-{0}:cache-{1}-{2},mode=max', matrix.version.pg, matrix.version.debian, matrix.arch) || '' }}
+          cache-to: ${{ github.ref_name == 'main' && format('type=registry,ref=cache.neon.build/compute-node-{0}:cache-{1},mode=max', matrix.version, matrix.arch) || '' }}
          tags: |
-            neondatabase/compute-node-${{ matrix.version.pg }}:${{ needs.tag.outputs.build-tag }}-${{ matrix.version.debian }}-${{ matrix.arch }}
+            neondatabase/compute-node-${{ matrix.version }}:${{ needs.tag.outputs.build-tag }}-${{ matrix.arch }}
      - name: Build neon extensions test image
-        if: matrix.version.pg >= 'v16'
+        if: matrix.version == 'v16'
        uses: docker/build-push-action@v6
        with:
          context: .
          build-args: |
            GIT_VERSION=${{ github.event.pull_request.head.sha || github.sha }}
-            PG_VERSION=${{ matrix.version.pg }}
+            PG_VERSION=${{ matrix.version }}
            BUILD_TAG=${{ needs.tag.outputs.build-tag }}
-            TAG=${{ needs.build-build-tools-image.outputs.image-tag }}-${{ matrix.version.debian }}
+            TAG=${{ needs.build-build-tools-image.outputs.image-tag }}
            DEBIAN_VERSION=${{ matrix.version.debian }}
          provenance: false
          push: true
          pull: true
-          file: compute/compute-node.Dockerfile
+          file: Dockerfile.compute-node
          target: neon-pg-ext-test
-          cache-from: type=registry,ref=cache.neon.build/compute-node-${{ matrix.version.pg }}:cache-${{ matrix.version.debian }}-${{ matrix.arch }}
+          cache-from: type=registry,ref=cache.neon.build/neon-test-extensions-${{ matrix.version }}:cache-${{ matrix.arch }}
          cache-to: ${{ github.ref_name == 'main' && format('type=registry,ref=cache.neon.build/neon-test-extensions-{0}:cache-{1},mode=max', matrix.version, matrix.arch) || '' }}
          tags: |
-            neondatabase/neon-test-extensions-${{ matrix.version.pg }}:${{needs.tag.outputs.build-tag}}-${{ matrix.version.debian }}-${{ matrix.arch }}
+            neondatabase/neon-test-extensions-${{ matrix.version }}:${{needs.tag.outputs.build-tag}}-${{ matrix.arch }}
      - name: Build compute-tools image
        # compute-tools are Postgres independent, so build it only once
-        # We pick 16, because that builds on debian 11 with older glibc (and is
+        if: matrix.version == 'v17'
        # thus compatible with newer glibc), rather than 17 on Debian 12, as
        # that isn't guaranteed to be compatible with Debian 11
        if: matrix.version.pg == 'v16'
        uses: docker/build-push-action@v6
        with:
          target: compute-tools-image
@@ -704,16 +634,13 @@ jobs:
          build-args: |
            GIT_VERSION=${{ github.event.pull_request.head.sha || github.sha }}
            BUILD_TAG=${{ needs.tag.outputs.build-tag }}
-            TAG=${{ needs.build-build-tools-image.outputs.image-tag }}-${{ matrix.version.debian }}
+            TAG=${{ needs.build-build-tools-image.outputs.image-tag }}
            DEBIAN_VERSION=${{ matrix.version.debian }}
          provenance: false
          push: true
          pull: true
-          file: compute/compute-node.Dockerfile
+          file: Dockerfile.compute-node
          cache-from: type=registry,ref=cache.neon.build/compute-node-${{ matrix.version.pg }}:cache-${{ matrix.version.debian }}-${{ matrix.arch }}
          cache-to: ${{ github.ref_name == 'main' && format('type=registry,ref=cache.neon.build/compute-tools-{0}:cache-{1}-{2},mode=max', matrix.version.pg, matrix.version.debian, matrix.arch) || '' }}
          tags: |
-            neondatabase/compute-tools:${{ needs.tag.outputs.build-tag }}-${{ matrix.version.debian }}-${{ matrix.arch }}
+            neondatabase/compute-tools:${{ needs.tag.outputs.build-tag }}-${{ matrix.arch }}
  compute-node-image:
    needs: [ compute-node-image-arch, tag ]
@@ -721,16 +648,7 @@ jobs:
    strategy:
      matrix:
-        version:
+        version: [ v14, v15, v16, v17 ]
          # see the comment for `compute-node-image-arch` job
          - pg: v14
            debian: bullseye
          - pg: v15
            debian: bullseye
          - pg: v16
            debian: bullseye
          - pg: v17
            debian: bookworm
    steps:
      - uses: docker/login-action@v3
@@ -740,26 +658,23 @@ jobs:
      - name: Create multi-arch compute-node image
        run: |
-          docker buildx imagetools create -t neondatabase/compute-node-${{ matrix.version.pg }}:${{ needs.tag.outputs.build-tag }} \
+          docker buildx imagetools create -t neondatabase/compute-node-${{ matrix.version }}:${{ needs.tag.outputs.build-tag }} \
-                                          -t neondatabase/compute-node-${{ matrix.version.pg }}:${{ needs.tag.outputs.build-tag }}-${{ matrix.version.debian }} \
+                                             neondatabase/compute-node-${{ matrix.version }}:${{ needs.tag.outputs.build-tag }}-x64 \
-                                             neondatabase/compute-node-${{ matrix.version.pg }}:${{ needs.tag.outputs.build-tag }}-${{ matrix.version.debian }}-x64 \
+                                             neondatabase/compute-node-${{ matrix.version }}:${{ needs.tag.outputs.build-tag }}-arm64
                                             neondatabase/compute-node-${{ matrix.version.pg }}:${{ needs.tag.outputs.build-tag }}-${{ matrix.version.debian }}-arm64
      - name: Create multi-arch neon-test-extensions image
-        if: matrix.version.pg >= 'v16'
+        if: matrix.version == 'v16'
        run: |
-          docker buildx imagetools create -t neondatabase/neon-test-extensions-${{ matrix.version.pg }}:${{ needs.tag.outputs.build-tag }} \
+          docker buildx imagetools create -t neondatabase/neon-test-extensions-${{ matrix.version }}:${{ needs.tag.outputs.build-tag }} \
-                                          -t neondatabase/neon-test-extensions-${{ matrix.version.pg }}:${{ needs.tag.outputs.build-tag }}-${{ matrix.version.debian }} \
+                                             neondatabase/neon-test-extensions-${{ matrix.version }}:${{ needs.tag.outputs.build-tag }}-x64 \
-                                             neondatabase/neon-test-extensions-${{ matrix.version.pg }}:${{ needs.tag.outputs.build-tag }}-${{ matrix.version.debian }}-x64 \
+                                             neondatabase/neon-test-extensions-${{ matrix.version }}:${{ needs.tag.outputs.build-tag }}-arm64
                                             neondatabase/neon-test-extensions-${{ matrix.version.pg }}:${{ needs.tag.outputs.build-tag }}-${{ matrix.version.debian }}-arm64
      - name: Create multi-arch compute-tools image
-        if: matrix.version.pg == 'v16'
+        if: matrix.version == 'v17'
        run: |
          docker buildx imagetools create -t neondatabase/compute-tools:${{ needs.tag.outputs.build-tag }} \
-                                          -t neondatabase/compute-tools:${{ needs.tag.outputs.build-tag }}-${{ matrix.version.debian }} \
+                                             neondatabase/compute-tools:${{ needs.tag.outputs.build-tag }}-x64 \
-                                             neondatabase/compute-tools:${{ needs.tag.outputs.build-tag }}-${{ matrix.version.debian }}-x64 \
+                                             neondatabase/compute-tools:${{ needs.tag.outputs.build-tag }}-arm64
                                             neondatabase/compute-tools:${{ needs.tag.outputs.build-tag }}-${{ matrix.version.debian }}-arm64
      - uses: docker/login-action@v3
        with:
@@ -767,13 +682,13 @@ jobs:
          username: ${{ secrets.AWS_ACCESS_KEY_DEV }}
          password: ${{ secrets.AWS_SECRET_KEY_DEV }}
-      - name: Push multi-arch compute-node-${{ matrix.version.pg }} image to ECR
+      - name: Push multi-arch compute-node-${{ matrix.version }} image to ECR
        run: |
-          docker buildx imagetools create -t 369495373322.dkr.ecr.eu-central-1.amazonaws.com/compute-node-${{ matrix.version.pg }}:${{ needs.tag.outputs.build-tag }} \
+          docker buildx imagetools create -t 369495373322.dkr.ecr.eu-central-1.amazonaws.com/compute-node-${{ matrix.version }}:${{ needs.tag.outputs.build-tag }} \
-                                                                                neondatabase/compute-node-${{ matrix.version.pg }}:${{ needs.tag.outputs.build-tag }}
+                                                                                neondatabase/compute-node-${{ matrix.version }}:${{ needs.tag.outputs.build-tag }}
      - name: Push multi-arch compute-tools image to ECR
-        if: matrix.version.pg == 'v16'
+        if: matrix.version == 'v17'
        run: |
          docker buildx imagetools create -t 369495373322.dkr.ecr.eu-central-1.amazonaws.com/compute-tools:${{ needs.tag.outputs.build-tag }} \
                                                                                neondatabase/compute-tools:${{ needs.tag.outputs.build-tag }}
@@ -784,18 +699,9 @@ jobs:
    strategy:
      fail-fast: false
      matrix:
-        version:
+        version: [ v14, v15, v16, v17 ]
          # see the comment for `compute-node-image-arch` job
          - pg: v14
            debian: bullseye
          - pg: v15
            debian: bullseye
          - pg: v16
            debian: bullseye
          - pg: v17
            debian: bookworm
    env:
-      VM_BUILDER_VERSION: v0.35.0
+      VM_BUILDER_VERSION: v0.29.3
    steps:
      - uses: actions/checkout@v4
@@ -805,7 +711,7 @@ jobs:
          curl -fL https://github.com/neondatabase/autoscaling/releases/download/$VM_BUILDER_VERSION/vm-builder -o vm-builder
          chmod +x vm-builder
-      - uses: neondatabase/dev-actions/set-docker-config-dir@6094485bf440001c94a94a3f9e221e81ff6b6193
+      - uses: ./.github/actions/set-docker-config-dir
      - uses: docker/login-action@v3
        with:
          username: ${{ secrets.NEON_DOCKERHUB_USERNAME }}
@@ -815,19 +721,18 @@ jobs:
      # it won't have the proper authentication (written at v0.6.0)
      - name: Pulling compute-node image
        run: |
-          docker pull neondatabase/compute-node-${{ matrix.version.pg }}:${{ needs.tag.outputs.build-tag }}
+          docker pull neondatabase/compute-node-${{ matrix.version }}:${{ needs.tag.outputs.build-tag }}
      - name: Build vm image
        run: |
          ./vm-builder \
-            -size=2G \
+            -spec=vm-image-spec.yaml \
-            -spec=compute/vm-image-spec-${{ matrix.version.debian }}.yaml \
+            -src=neondatabase/compute-node-${{ matrix.version }}:${{ needs.tag.outputs.build-tag }} \
-            -src=neondatabase/compute-node-${{ matrix.version.pg }}:${{ needs.tag.outputs.build-tag }} \
+            -dst=neondatabase/vm-compute-node-${{ matrix.version }}:${{ needs.tag.outputs.build-tag }}
            -dst=neondatabase/vm-compute-node-${{ matrix.version.pg }}:${{ needs.tag.outputs.build-tag }}
      - name: Pushing vm-compute-node image
        run: |
-          docker push neondatabase/vm-compute-node-${{ matrix.version.pg }}:${{ needs.tag.outputs.build-tag }}
+          docker push neondatabase/vm-compute-node-${{ matrix.version }}:${{ needs.tag.outputs.build-tag }}
  test-images:
    needs: [ check-permissions, tag, neon-image, compute-node-image ]
@@ -835,14 +740,13 @@ jobs:
      fail-fast: false
      matrix:
        arch: [ x64, arm64 ]
        pg_version: [v16, v17]
    runs-on: ${{ fromJson(format('["self-hosted", "{0}"]', matrix.arch == 'arm64' && 'small-arm64' || 'small')) }}
    steps:
      - uses: actions/checkout@v4
-      - uses: neondatabase/dev-actions/set-docker-config-dir@6094485bf440001c94a94a3f9e221e81ff6b6193
+      - uses: ./.github/actions/set-docker-config-dir
      - uses: docker/login-action@v3
        with:
          username: ${{ secrets.NEON_DOCKERHUB_USERNAME }}
@@ -874,10 +778,7 @@ jobs:
      - name: Verify docker-compose example and test extensions
        timeout-minutes: 20
-        env:
+        run: env TAG=${{needs.tag.outputs.build-tag}} ./docker-compose/docker_compose_test.sh
          TAG: ${{needs.tag.outputs.build-tag}}
          TEST_VERSION_ONLY: ${{ matrix.pg_version }}
        run: ./docker-compose/docker_compose_test.sh
      - name: Print logs and clean up
        if: always()
@@ -889,9 +790,6 @@ jobs:
    needs: [ check-permissions, tag, test-images, vm-compute-node-image ]
    runs-on: ubuntu-22.04
    permissions:
      id-token: write # for `aws-actions/configure-aws-credentials`
    env:
      VERSIONS: v14 v15 v16 v17
@@ -936,22 +834,16 @@ jobs:
          docker buildx imagetools create -t neondatabase/neon-test-extensions-v16:latest \
                                              neondatabase/neon-test-extensions-v16:${{ needs.tag.outputs.build-tag }}
      - name: Configure AWS-prod credentials
        if: github.ref_name == 'release'|| github.ref_name == 'release-proxy' || github.ref_name == 'release-compute'
        uses: aws-actions/configure-aws-credentials@v4
        with:
          aws-region: eu-central-1
          mask-aws-account-id: true
          role-to-assume: ${{ secrets.PROD_GHA_OIDC_ROLE }}
      - name: Login to prod ECR
        uses: docker/login-action@v3
-        if: github.ref_name == 'release'|| github.ref_name == 'release-proxy' || github.ref_name == 'release-compute'
+        if: github.ref_name == 'release'|| github.ref_name == 'release-proxy'
        with:
          registry: 093970136003.dkr.ecr.eu-central-1.amazonaws.com
          username: ${{ secrets.PROD_GHA_RUNNER_LIMITED_AWS_ACCESS_KEY_ID }}
          password: ${{ secrets.PROD_GHA_RUNNER_LIMITED_AWS_SECRET_ACCESS_KEY }}
      - name: Copy all images to prod ECR
-        if: github.ref_name == 'release' || github.ref_name == 'release-proxy' || github.ref_name == 'release-compute'
+        if: github.ref_name == 'release'|| github.ref_name == 'release-proxy'
        run: |
          for image in neon compute-tools {vm-,}compute-node-{v14,v15,v16,v17}; do
            docker buildx imagetools create -t 093970136003.dkr.ecr.eu-central-1.amazonaws.com/${image}:${{ needs.tag.outputs.build-tag }} \
@@ -971,7 +863,7 @@ jobs:
      tenant_id: ${{ vars.AZURE_TENANT_ID }}
  push-to-acr-prod:
-    if: github.ref_name == 'release' || github.ref_name == 'release-proxy' || github.ref_name == 'release-compute'
+    if: github.ref_name == 'release'|| github.ref_name == 'release-proxy'
    needs: [ tag, promote-images ]
    uses: ./.github/workflows/_push-to-acr.yml
    with:
@@ -1059,11 +951,25 @@ jobs:
  deploy:
    needs: [ check-permissions, promote-images, tag, build-and-test-locally, trigger-custom-extensions-build-and-wait, push-to-acr-dev, push-to-acr-prod ]
    # `!failure() && !cancelled()` is required because the workflow depends on the job that can be skipped: `push-to-acr-dev` and `push-to-acr-prod`
-    if: (github.ref_name == 'main' || github.ref_name == 'release' || github.ref_name == 'release-proxy' || github.ref_name == 'release-compute') && !failure() && !cancelled()
+    if: (github.ref_name == 'main' || github.ref_name == 'release' || github.ref_name == 'release-proxy') && !failure() && !cancelled()
    runs-on: [ self-hosted, small ]
    container: 369495373322.dkr.ecr.eu-central-1.amazonaws.com/ansible:latest
    steps:
      - name: Fix git ownership
        run: |
          # Workaround for `fatal: detected dubious ownership in repository at ...`
          #
          # Use both ${{ github.workspace }} and ${GITHUB_WORKSPACE} because they're different on host and in containers
          #   Ref https://github.com/actions/checkout/issues/785
          #
          git config --global --add safe.directory ${{ github.workspace }}
          git config --global --add safe.directory ${GITHUB_WORKSPACE}
          for r in 14 15 16 17; do
            git config --global --add safe.directory "${{ github.workspace }}/vendor/postgres-v$r"
            git config --global --add safe.directory "${GITHUB_WORKSPACE}/vendor/postgres-v$r"
          done
      - uses: actions/checkout@v4
      - name: Trigger deploy workflow
@@ -1072,6 +978,7 @@ jobs:
        run: |
          if [[ "$GITHUB_REF_NAME" == "main" ]]; then
            gh workflow --repo neondatabase/infra run deploy-dev.yml --ref main -f branch=main -f dockerTag=${{needs.tag.outputs.build-tag}} -f deployPreprodRegion=false
            gh workflow --repo neondatabase/azure run deploy.yml -f dockerTag=${{needs.tag.outputs.build-tag}}
          elif [[ "$GITHUB_REF_NAME" == "release" ]]; then
            gh workflow --repo neondatabase/infra run deploy-dev.yml --ref main \
              -f deployPgSniRouter=false \
@@ -1102,21 +1009,16 @@ jobs:
            gh workflow --repo neondatabase/infra run deploy-proxy-prod.yml --ref main \
              -f deployPgSniRouter=true \
-              -f deployProxyLink=true \
+              -f deployProxy=true \
              -f deployPrivatelinkProxy=true \
              -f deployProxyScram=true \
              -f deployProxyAuthBroker=true \
              -f branch=main \
              -f dockerTag=${{needs.tag.outputs.build-tag}}
          elif [[ "$GITHUB_REF_NAME" == "release-compute" ]]; then
            gh workflow --repo neondatabase/infra run deploy-compute-dev.yml --ref main -f dockerTag=${{needs.tag.outputs.build-tag}}
          else
-            echo "GITHUB_REF_NAME (value '$GITHUB_REF_NAME') is not set to either 'main', 'release', 'release-proxy' or 'release-compute'"
+            echo "GITHUB_REF_NAME (value '$GITHUB_REF_NAME') is not set to either 'main' or 'release'"
            exit 1
          fi
      - name: Create git tag
-        if: github.ref_name == 'release' || github.ref_name == 'release-proxy' || github.ref_name == 'release-compute'
+        if: github.ref_name == 'release' || github.ref_name == 'release-proxy'
        uses: actions/github-script@v7
        with:
          # Retry script for 5XX server errors: https://github.com/actions/github-script#retries
@@ -1207,9 +1109,10 @@ jobs:
              files_to_promote+=("s3://${BUCKET}/${s3_key}")
-              for pg_version in v14 v15 v16 v17; do
+              # TODO Add v17
              for pg_version in v14 v15 v16; do
                # We run less tests for debug builds, so we don't need to promote them
-                if [ "${build_type}" == "debug" ] && { [ "${arch}" == "ARM64" ] || [ "${pg_version}" != "v17" ] ; }; then
+                if [ "${build_type}" == "debug" ] && { [ "${arch}" == "ARM64" ] || [ "${pg_version}" != "v16" ] ; }; then
                  continue
                fi
--- a/.github/workflows/check-build-tools-image.yml
+++ b/.github/workflows/check-build-tools-image.yml
@@ -0,0 +1,51 @@
 name: Check build-tools image
 on:
  workflow_call:
    outputs:
      image-tag:
        description: "build-tools image tag"
        value: ${{ jobs.check-image.outputs.tag }}
      found:
        description: "Whether the image is found in the registry"
        value: ${{ jobs.check-image.outputs.found }}
 defaults:
  run:
    shell: bash -euo pipefail {0}
 # No permission for GITHUB_TOKEN by default; the **minimal required** set of permissions should be granted in each job.
 permissions: {}
 jobs:
  check-image:
    runs-on: ubuntu-22.04
    outputs:
      tag: ${{ steps.get-build-tools-tag.outputs.image-tag }}
      found: ${{ steps.check-image.outputs.found }}
    steps:
      - uses: actions/checkout@v4
      - name: Get build-tools image tag for the current commit
        id: get-build-tools-tag
        env:
          IMAGE_TAG: |
            ${{ hashFiles('Dockerfile.build-tools',
                          '.github/workflows/check-build-tools-image.yml',
                          '.github/workflows/build-build-tools-image.yml') }}
        run: |
          echo "image-tag=${IMAGE_TAG}" | tee -a $GITHUB_OUTPUT
      - name: Check if such tag found in the registry
        id: check-image
        env:
          IMAGE_TAG: ${{ steps.get-build-tools-tag.outputs.image-tag }}
        run: |
          if docker manifest inspect neondatabase/build-tools:${IMAGE_TAG}; then
            found=true
          else
            found=false
          fi
          echo "found=${found}" | tee -a $GITHUB_OUTPUT
--- a/.github/workflows/cloud-regress.yml
+++ b/.github/workflows/cloud-regress.yml
@@ -1,102 +0,0 @@
 name: Cloud Regression Test
 on:
  schedule:
    # * is a special character in YAML so you have to quote this string
    #          ┌───────────── minute (0 - 59)
    #          │ ┌───────────── hour (0 - 23)
    #          │ │ ┌───────────── day of the month (1 - 31)
    #          │ │ │ ┌───────────── month (1 - 12 or JAN-DEC)
    #          │ │ │ │ ┌───────────── day of the week (0 - 6 or SUN-SAT)
    - cron:  '45 1 * * *' # run once a day, timezone is utc
  workflow_dispatch: # adds ability to run this manually
 defaults:
  run:
    shell: bash -euxo pipefail {0}
 concurrency:
  # Allow only one workflow
  group: ${{ github.workflow }}
  cancel-in-progress: true
 jobs:
  regress:
    env:
      POSTGRES_DISTRIB_DIR: /tmp/neon/pg_install
      DEFAULT_PG_VERSION: 16
      TEST_OUTPUT: /tmp/test_output
      BUILD_TYPE: remote
      AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_DEV }}
      AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_KEY_DEV }}
    runs-on: us-east-2
    container:
      image: neondatabase/build-tools:pinned-bookworm
      options: --init
    steps:
      - uses: actions/checkout@v4
        with:
          submodules: true
      - name: Patch the test
        run: |
          cd "vendor/postgres-v${DEFAULT_PG_VERSION}"
          patch -p1 < "../../compute/patches/cloud_regress_pg${DEFAULT_PG_VERSION}.patch"
      - name: Generate a random password
        id: pwgen
        run: |
          set +x
          DBPASS=$(dd if=/dev/random bs=48 count=1 2>/dev/null | base64)
          echo "::add-mask::${DBPASS//\//}"
          echo DBPASS="${DBPASS//\//}" >> "${GITHUB_OUTPUT}"
      - name: Change tests according to the generated password
        env:
          DBPASS: ${{ steps.pwgen.outputs.DBPASS }}
        run: |
          cd vendor/postgres-v"${DEFAULT_PG_VERSION}"/src/test/regress
          for fname in sql/*.sql expected/*.out; do
            sed -i.bak s/NEON_PASSWORD_PLACEHOLDER/"'${DBPASS}'"/ "${fname}"
          done
          for ph in $(grep NEON_MD5_PLACEHOLDER expected/password.out | awk '{print $3;}' | sort | uniq); do
            USER=$(echo "${ph}" | cut -c 22-)
            MD5=md5$(echo -n "${DBPASS}${USER}" | md5sum | awk '{print $1;}')
            sed -i.bak "s/${ph}/${MD5}/" expected/password.out
          done
      - name: Download Neon artifact
        uses: ./.github/actions/download
        with:
          name: neon-${{ runner.os }}-${{ runner.arch }}-release-artifact
          path: /tmp/neon/
          prefix: latest
      - name: Run the regression tests
        uses: ./.github/actions/run-python-test-set
        with:
          build_type: ${{ env.BUILD_TYPE }}
          test_selection: cloud_regress
          pg_version: ${{ env.DEFAULT_PG_VERSION }}
          extra_params: -m remote_cluster
        env:
          BENCHMARK_CONNSTR: ${{ secrets.PG_REGRESS_CONNSTR }}
      - name: Create Allure report
        id: create-allure-report
        if: ${{ !cancelled() }}
        uses: ./.github/actions/allure-report-generate
      - name: Post to a Slack channel
        if: ${{ github.event.schedule && failure() }}
        uses: slackapi/slack-github-action@v1
        with:
          channel-id: "C033QLM5P7D" # on-call-staging-stream
          slack-message: |
            Periodic pg_regress on staging: ${{ job.status }}
            <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|GitHub Run>
            <${{ steps.create-allure-report.outputs.report-url }}|Allure report>
        env:
          SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
--- a/.github/workflows/ingest_benchmark.yml
+++ b/.github/workflows/ingest_benchmark.yml
@@ -1,160 +0,0 @@
 name: benchmarking ingest
 on:
  # uncomment to run on push for debugging your PR
  # push:
  #   branches: [ your branch ]
  schedule:
    # * is a special character in YAML so you have to quote this string
    #          ┌───────────── minute (0 - 59)
    #          │ ┌───────────── hour (0 - 23)
    #          │ │ ┌───────────── day of the month (1 - 31)
    #          │ │ │ ┌───────────── month (1 - 12 or JAN-DEC)
    #          │ │ │ │ ┌───────────── day of the week (0 - 6 or SUN-SAT)
    - cron:   '0 9 * * *' # run once a day, timezone is utc
  workflow_dispatch: # adds ability to run this manually
 defaults:
  run:
    shell: bash -euxo pipefail {0}
 concurrency:
  # Allow only one workflow globally because we need dedicated resources which only exist once
  group: ingest-bench-workflow
  cancel-in-progress: true
 jobs:
  ingest:
    strategy:
      fail-fast: false # allow other variants to continue even if one fails
      matrix:
        target_project: [new_empty_project, large_existing_project]  
    permissions:
      contents: write
      statuses: write
      id-token: write # aws-actions/configure-aws-credentials
    env:
      PG_CONFIG: /tmp/neon/pg_install/v16/bin/pg_config
      PSQL: /tmp/neon/pg_install/v16/bin/psql
      PG_16_LIB_PATH: /tmp/neon/pg_install/v16/lib
      PGCOPYDB: /pgcopydb/bin/pgcopydb
      PGCOPYDB_LIB_PATH: /pgcopydb/lib
    runs-on: [ self-hosted, us-east-2, x64 ]
    container:
      image: neondatabase/build-tools:pinned-bookworm
      credentials:
        username: ${{ secrets.NEON_DOCKERHUB_USERNAME }}
        password: ${{ secrets.NEON_DOCKERHUB_PASSWORD }}
      options: --init
    timeout-minutes: 1440
    steps:
    - uses: actions/checkout@v4
    - name: Configure AWS credentials # necessary to download artefacts
      uses: aws-actions/configure-aws-credentials@v4
      with:
        aws-region: eu-central-1
        role-to-assume: ${{ vars.DEV_AWS_OIDC_ROLE_ARN }}
        role-duration-seconds: 18000 # 5 hours is currently max associated with IAM role 
    - name: Download Neon artifact
      uses: ./.github/actions/download
      with:
        name: neon-${{ runner.os }}-${{ runner.arch }}-release-artifact
        path: /tmp/neon/
        prefix: latest
    - name: Create Neon Project
      if: ${{ matrix.target_project == 'new_empty_project' }}
      id: create-neon-project-ingest-target
      uses: ./.github/actions/neon-project-create
      with:
        region_id: aws-us-east-2
        postgres_version: 16
        compute_units: '[7, 7]' # we want to test large compute here to avoid compute-side bottleneck
        api_key: ${{ secrets.NEON_STAGING_API_KEY }}
    - name: Initialize Neon project
      if: ${{ matrix.target_project == 'new_empty_project' }}
      env:
          BENCHMARK_INGEST_TARGET_CONNSTR: ${{ steps.create-neon-project-ingest-target.outputs.dsn }}
          NEW_PROJECT_ID: ${{ steps.create-neon-project-ingest-target.outputs.project_id }}
      run: |
        echo "Initializing Neon project with project_id: ${NEW_PROJECT_ID}"
        export LD_LIBRARY_PATH=${PG_16_LIB_PATH}
        ${PSQL} "${BENCHMARK_INGEST_TARGET_CONNSTR}" -c "CREATE EXTENSION IF NOT EXISTS neon; CREATE EXTENSION IF NOT EXISTS neon_utils;"
        echo "BENCHMARK_INGEST_TARGET_CONNSTR=${BENCHMARK_INGEST_TARGET_CONNSTR}" >> $GITHUB_ENV
    - name: Create Neon Branch for large tenant
      if: ${{ matrix.target_project == 'large_existing_project' }}
      id: create-neon-branch-ingest-target
      uses: ./.github/actions/neon-branch-create
      with:
        project_id: ${{ vars.BENCHMARK_INGEST_TARGET_PROJECTID }}
        api_key: ${{ secrets.NEON_STAGING_API_KEY }}
    - name: Initialize Neon project 
      if: ${{ matrix.target_project == 'large_existing_project' }}
      env:
          BENCHMARK_INGEST_TARGET_CONNSTR: ${{ steps.create-neon-branch-ingest-target.outputs.dsn }}
          NEW_BRANCH_ID: ${{ steps.create-neon-branch-ingest-target.outputs.branch_id }}
      run: |
        echo "Initializing Neon branch with branch_id: ${NEW_BRANCH_ID}"
        export LD_LIBRARY_PATH=${PG_16_LIB_PATH}
        # Extract the part before the database name
        base_connstr="${BENCHMARK_INGEST_TARGET_CONNSTR%/*}"
        # Extract the query parameters (if any) after the database name
        query_params="${BENCHMARK_INGEST_TARGET_CONNSTR#*\?}"
        # Reconstruct the new connection string
        if [ "$query_params" != "$BENCHMARK_INGEST_TARGET_CONNSTR" ]; then
          new_connstr="${base_connstr}/neondb?${query_params}"
        else
          new_connstr="${base_connstr}/neondb"
        fi
        ${PSQL} "${new_connstr}" -c "drop database ludicrous;"
        ${PSQL} "${new_connstr}" -c "CREATE DATABASE ludicrous;"
        if [ "$query_params" != "$BENCHMARK_INGEST_TARGET_CONNSTR" ]; then
          BENCHMARK_INGEST_TARGET_CONNSTR="${base_connstr}/ludicrous?${query_params}"
        else
          BENCHMARK_INGEST_TARGET_CONNSTR="${base_connstr}/ludicrous"
        fi
        ${PSQL} "${BENCHMARK_INGEST_TARGET_CONNSTR}" -c "CREATE EXTENSION IF NOT EXISTS neon; CREATE EXTENSION IF NOT EXISTS neon_utils;"
        echo "BENCHMARK_INGEST_TARGET_CONNSTR=${BENCHMARK_INGEST_TARGET_CONNSTR}" >> $GITHUB_ENV
    - name: Invoke pgcopydb  
      uses: ./.github/actions/run-python-test-set
      with:
        build_type: remote
        test_selection: performance/test_perf_ingest_using_pgcopydb.py
        run_in_parallel: false
        extra_params: -s -m remote_cluster --timeout 86400 -k test_ingest_performance_using_pgcopydb
        pg_version: v16
        save_perf_report: true
        aws_oicd_role_arn: ${{ vars.DEV_AWS_OIDC_ROLE_ARN }}
      env:
        BENCHMARK_INGEST_SOURCE_CONNSTR: ${{ secrets.BENCHMARK_INGEST_SOURCE_CONNSTR }}
        TARGET_PROJECT_TYPE: ${{ matrix.target_project }}
        # we report PLATFORM in zenbenchmark NeonBenchmarker perf database and want to distinguish between new project and large tenant
        PLATFORM: "${{ matrix.target_project }}-us-east-2-staging"
        PERF_TEST_RESULT_CONNSTR: "${{ secrets.PERF_TEST_RESULT_CONNSTR }}"
    - name: show tables sizes after ingest
      run: |
        export LD_LIBRARY_PATH=${PG_16_LIB_PATH}
        ${PSQL} "${BENCHMARK_INGEST_TARGET_CONNSTR}" -c "\dt+"
    - name: Delete Neon Project
      if: ${{ always() && matrix.target_project == 'new_empty_project' }}
      uses: ./.github/actions/neon-project-delete
      with:
        project_id: ${{ steps.create-neon-project-ingest-target.outputs.project_id }}
        api_key: ${{ secrets.NEON_STAGING_API_KEY }}
    - name: Delete Neon Branch for large tenant
      if: ${{ always() && matrix.target_project == 'large_existing_project' }}
      uses: ./.github/actions/neon-branch-delete
      with:
        project_id: ${{ vars.BENCHMARK_INGEST_TARGET_PROJECTID }}
        branch_id: ${{ steps.create-neon-branch-ingest-target.outputs.branch_id }}
        api_key: ${{ secrets.NEON_STAGING_API_KEY }}
--- a/.github/workflows/neon_extra_builds.yml
+++ b/.github/workflows/neon_extra_builds.yml
@@ -26,9 +26,15 @@ jobs:
    with:
      github-event-name: ${{ github.event_name}}
-  build-build-tools-image:
+  check-build-tools-image:
    needs: [ check-permissions ]
    uses: ./.github/workflows/check-build-tools-image.yml
  build-build-tools-image:
    needs: [ check-build-tools-image ]
    uses: ./.github/workflows/build-build-tools-image.yml
    with:
      image-tag: ${{ needs.check-build-tools-image.outputs.image-tag }}
    secrets: inherit
  check-macos-build:
@@ -38,7 +44,7 @@ jobs:
      contains(github.event.pull_request.labels.*.name, 'run-extra-build-*') ||
      github.ref_name == 'main'
    timeout-minutes: 90
-    runs-on: macos-15
+    runs-on: macos-14
    env:
      # Use release build only, to have less debug info around
@@ -52,7 +58,7 @@ jobs:
          submodules: true
      - name: Install macOS postgres dependencies
-        run: brew install flex bison openssl protobuf icu4c
+        run: brew install flex bison openssl protobuf icu4c pkg-config
      - name: Set pg 14 revision for caching
        id: pg_v14_rev
@@ -149,7 +155,7 @@ jobs:
      github.ref_name == 'main'
    runs-on: [ self-hosted, large ]
    container:
-      image: ${{ needs.build-build-tools-image.outputs.image }}-bookworm
+      image: ${{ needs.build-build-tools-image.outputs.image }}
      credentials:
        username: ${{ secrets.NEON_DOCKERHUB_USERNAME }}
        password: ${{ secrets.NEON_DOCKERHUB_PASSWORD }}
@@ -195,8 +201,6 @@ jobs:
          REPORT_URL: ${{ steps.upload-stats.outputs.report-url }}
          SHA: ${{ github.event.pull_request.head.sha || github.sha }}
        with:
          # Retry script for 5XX server errors: https://github.com/actions/github-script#retries
          retries: 5
          script: |
            const { REPORT_URL, SHA } = process.env
--- a/.github/workflows/periodic_pagebench.yml
+++ b/.github/workflows/periodic_pagebench.yml
@@ -29,7 +29,7 @@ jobs:
  trigger_bench_on_ec2_machine_in_eu_central_1:
    runs-on: [ self-hosted, small ]
    container:
-      image: neondatabase/build-tools:pinned-bookworm
+      image: neondatabase/build-tools:pinned
      credentials:
        username: ${{ secrets.NEON_DOCKERHUB_USERNAME }}
        password: ${{ secrets.NEON_DOCKERHUB_PASSWORD }}
@@ -134,7 +134,7 @@ jobs:
      if: ${{ github.event.schedule && failure() }}
      uses: slackapi/slack-github-action@v1
      with:
-        channel-id: "C06KHQVQ7U3" # on-call-qa-staging-stream
+        channel-id: "C033QLM5P7D" # dev-staging-stream
        slack-message: "Periodic pagebench testing on dedicated hardware: ${{ job.status }}\n${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
      env:
        SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
--- a/.github/workflows/pg-clients.yml
+++ b/.github/workflows/pg-clients.yml
@@ -39,9 +39,15 @@ jobs:
    with:
      github-event-name: ${{ github.event_name }}
-  build-build-tools-image:
+  check-build-tools-image:
    needs: [ check-permissions ]
    uses: ./.github/workflows/check-build-tools-image.yml
  build-build-tools-image:
    needs: [ check-build-tools-image ]
    uses: ./.github/workflows/build-build-tools-image.yml
    with:
      image-tag: ${{ needs.check-build-tools-image.outputs.image-tag }}
    secrets: inherit
  test-logical-replication:
@@ -49,7 +55,7 @@ jobs:
    runs-on: ubuntu-22.04
    container:
-      image: ${{ needs.build-build-tools-image.outputs.image }}-bookworm
+      image: ${{ needs.build-build-tools-image.outputs.image }}
      credentials:
        username: ${{ secrets.NEON_DOCKERHUB_USERNAME }}
        password: ${{ secrets.NEON_DOCKERHUB_PASSWORD }}
@@ -144,7 +150,7 @@ jobs:
    runs-on: ubuntu-22.04
    container:
-      image: ${{ needs.build-build-tools-image.outputs.image }}-bookworm
+      image: ${{ needs.build-build-tools-image.outputs.image }}
      credentials:
        username: ${{ secrets.NEON_DOCKERHUB_USERNAME }}
        password: ${{ secrets.NEON_DOCKERHUB_PASSWORD }}
--- a/.github/workflows/pin-build-tools-image.yml
+++ b/.github/workflows/pin-build-tools-image.yml
@@ -71,6 +71,7 @@ jobs:
    steps:
      - uses: docker/login-action@v3
        with:
          username: ${{ secrets.NEON_DOCKERHUB_USERNAME }}
          password: ${{ secrets.NEON_DOCKERHUB_PASSWORD }}
@@ -93,22 +94,8 @@ jobs:
          az acr login --name=neoneastus2
      - name: Tag build-tools with `${{ env.TO_TAG }}` in Docker Hub, ECR, and ACR
        env:
          DEFAULT_DEBIAN_VERSION: bookworm
        run: |
-          for debian_version in bullseye bookworm; do
+          docker buildx imagetools create -t 369495373322.dkr.ecr.eu-central-1.amazonaws.com/build-tools:${TO_TAG} \
-            tags=()
+                                          -t neoneastus2.azurecr.io/neondatabase/build-tools:${TO_TAG} \
-
+                                          -t neondatabase/build-tools:${TO_TAG} \
-            tags+=("-t" "neondatabase/build-tools:${TO_TAG}-${debian_version}")
+                                             neondatabase/build-tools:${FROM_TAG}
            tags+=("-t" "369495373322.dkr.ecr.eu-central-1.amazonaws.com/build-tools:${TO_TAG}-${debian_version}")
            tags+=("-t" "neoneastus2.azurecr.io/neondatabase/build-tools:${TO_TAG}-${debian_version}")
            if [ "${debian_version}" == "${DEFAULT_DEBIAN_VERSION}" ]; then
              tags+=("-t" "neondatabase/build-tools:${TO_TAG}")
              tags+=("-t" "369495373322.dkr.ecr.eu-central-1.amazonaws.com/build-tools:${TO_TAG}")
              tags+=("-t" "neoneastus2.azurecr.io/neondatabase/build-tools:${TO_TAG}")
            fi
            docker buildx imagetools create "${tags[@]}" \
                                              neondatabase/build-tools:${FROM_TAG}-${debian_version}
          done
--- a/.github/workflows/pre-merge-checks.yml
+++ b/.github/workflows/pre-merge-checks.yml
@@ -1,95 +0,0 @@
 name: Pre-merge checks
 on:
  merge_group:
    branches:
      - main
 defaults:
  run:
    shell: bash -euxo pipefail {0}
 # No permission for GITHUB_TOKEN by default; the **minimal required** set of permissions should be granted in each job.
 permissions: {}
 jobs:
  get-changed-files:
    runs-on: ubuntu-22.04
    outputs:
      python-changed: ${{ steps.python-src.outputs.any_changed }}
    steps:
      - uses: actions/checkout@v4
      - uses: tj-actions/changed-files@4edd678ac3f81e2dc578756871e4d00c19191daf # v45.0.4
        id: python-src
        with:
          files: |
            .github/workflows/_check-codestyle-python.yml
            .github/workflows/build-build-tools-image.yml
            .github/workflows/pre-merge-checks.yml
            **/**.py
            poetry.lock
            pyproject.toml
      - name: PRINT ALL CHANGED FILES FOR DEBUG PURPOSES
        env:
          PYTHON_CHANGED_FILES: ${{ steps.python-src.outputs.all_changed_files }}
        run: |
          echo "${PYTHON_CHANGED_FILES}"
  build-build-tools-image:
    if: needs.get-changed-files.outputs.python-changed == 'true'
    needs: [ get-changed-files ]
    uses: ./.github/workflows/build-build-tools-image.yml
    with:
      # Build only one combination to save time
      archs: '["x64"]'
      debians: '["bookworm"]'
    secrets: inherit
  check-codestyle-python:
    if: needs.get-changed-files.outputs.python-changed == 'true'
    needs: [ get-changed-files, build-build-tools-image ]
    uses: ./.github/workflows/_check-codestyle-python.yml
    with:
      # `-bookworm-x64` suffix should match the combination in `build-build-tools-image`
      build-tools-image: ${{ needs.build-build-tools-image.outputs.image }}-bookworm-x64
    secrets: inherit
  # To get items from the merge queue merged into main we need to satisfy "Status checks that are required".
  # Currently we require 2 jobs (checks with exact name):
  # - conclusion
  # - neon-cloud-e2e
  conclusion:
    if: always()
    permissions:
      statuses: write # for `github.repos.createCommitStatus(...)`
    needs:
      - get-changed-files
      - check-codestyle-python
    runs-on: ubuntu-22.04
    steps:
      - name: Create fake `neon-cloud-e2e` check
        uses: actions/github-script@v7
        with:
          # Retry script for 5XX server errors: https://github.com/actions/github-script#retries
          retries: 5
          script: |
            const { repo, owner } = context.repo;
            const targetUrl = `${context.serverUrl}/${owner}/${repo}/actions/runs/${context.runId}`;
            await github.rest.repos.createCommitStatus({
              owner: owner,
              repo: repo,
              sha: context.sha,
              context: `neon-cloud-e2e`,
              state: `success`,
              target_url: targetUrl,
              description: `fake check for merge queue`,
            });
      - name: Fail the job if any of the dependencies do not succeed or skipped
        run: exit 1
        if: |
          (contains(needs.check-codestyle-python.result, 'skipped') && needs.get-changed-files.outputs.python-changed == 'true')
          || contains(needs.*.result, 'failure')
          || contains(needs.*.result, 'cancelled')
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -15,10 +15,6 @@ on:
        type: boolean
        description: 'Create Proxy release PR'
        required: false
      create-compute-release-branch:
        type: boolean
        description: 'Create Compute release PR'
        required: false
 # No permission for GITHUB_TOKEN by default; the **minimal required** set of permissions should be granted in each job.
 permissions: {}
@@ -29,40 +25,83 @@ defaults:
 jobs:
  create-storage-release-branch:
-    if: ${{ github.event.schedule == '0 6 * * MON' || inputs.create-storage-release-branch }}
+    if: ${{ github.event.schedule == '0 6 * * MON' || format('{0}', inputs.create-storage-release-branch) == 'true' }}
    runs-on: ubuntu-22.04
    permissions:
-      contents: write
+      contents: write # for `git push`
-    uses: ./.github/workflows/_create-release-pr.yml
+    steps:
-    with:
+    - name: Check out code
-      component-name: 'Storage'
+      uses: actions/checkout@v4
-      release-branch: 'release'
+      with:
-    secrets:
+        ref: main
-      ci-access-token: ${{ secrets.CI_ACCESS_TOKEN }}
+
    - name: Set environment variables
      run: |
        echo "RELEASE_DATE=$(date +'%Y-%m-%d')" | tee -a $GITHUB_ENV
        echo "RELEASE_BRANCH=rc/$(date +'%Y-%m-%d')" | tee -a $GITHUB_ENV
    - name: Create release branch
      run: git checkout -b $RELEASE_BRANCH
    - name: Push new branch
      run: git push origin $RELEASE_BRANCH
    - name: Create pull request into release
      env:
        GH_TOKEN: ${{ secrets.CI_ACCESS_TOKEN }}
      run: |
        TITLE="Storage & Compute release ${RELEASE_DATE}"
        cat << EOF > body.md
          ## ${TITLE}
          **Please merge this Pull Request using 'Create a merge commit' button**
        EOF
        gh pr create --title "${TITLE}" \
                     --body-file "body.md" \
                     --head "${RELEASE_BRANCH}" \
                     --base "release"
  create-proxy-release-branch:
-    if: ${{ github.event.schedule == '0 6 * * THU' || inputs.create-proxy-release-branch }}
+    if: ${{ github.event.schedule == '0 6 * * THU' || format('{0}', inputs.create-proxy-release-branch) == 'true' }}
    runs-on: ubuntu-22.04
    permissions:
-      contents: write
+      contents: write # for `git push`
-    uses: ./.github/workflows/_create-release-pr.yml
+    steps:
-    with:
+    - name: Check out code
-      component-name: 'Proxy'
+      uses: actions/checkout@v4
-      release-branch: 'release-proxy'
+      with:
-    secrets:
+        ref: main
      ci-access-token: ${{ secrets.CI_ACCESS_TOKEN }}
-  create-compute-release-branch:
+    - name: Set environment variables
-    if: inputs.create-compute-release-branch
+      run: |
        echo "RELEASE_DATE=$(date +'%Y-%m-%d')" | tee -a $GITHUB_ENV
        echo "RELEASE_BRANCH=rc/proxy/$(date +'%Y-%m-%d')" | tee -a $GITHUB_ENV
-    permissions:
+    - name: Create release branch
-      contents: write
+      run: git checkout -b $RELEASE_BRANCH
-    uses: ./.github/workflows/_create-release-pr.yml
+    - name: Push new branch
-    with:
+      run: git push origin $RELEASE_BRANCH
-      component-name: 'Compute'
+
-      release-branch: 'release-compute'
+    - name: Create pull request into release
-    secrets:
+      env:
-      ci-access-token: ${{ secrets.CI_ACCESS_TOKEN }}
+        GH_TOKEN: ${{ secrets.CI_ACCESS_TOKEN }}
      run: |
        TITLE="Proxy release ${RELEASE_DATE}"
        cat << EOF > body.md
          ## ${TITLE}
          **Please merge this Pull Request using 'Create a merge commit' button**
        EOF
        gh pr create --title "${TITLE}" \
                     --body-file "body.md" \
                     --head "${RELEASE_BRANCH}" \
                     --base "release-proxy"
--- a/.github/workflows/report-workflow-stats-batch.yml
+++ b/.github/workflows/report-workflow-stats-batch.yml
@@ -1,53 +0,0 @@
 name: Report Workflow Stats Batch
 on:
  schedule:
    - cron: '*/15 * * * *'
    - cron: '25 0 * * *'
    - cron: '25 1 * * 6'
 jobs:
  gh-workflow-stats-batch-2h:
    name: GitHub Workflow Stats Batch 2 hours
    if: github.event.schedule == '*/15 * * * *'
    runs-on: ubuntu-22.04
    permissions:
      actions: read
    steps:
    - name: Export Workflow Run for the past 2 hours
      uses: neondatabase/gh-workflow-stats-action@v0.2.1
      with:
        db_uri: ${{ secrets.GH_REPORT_STATS_DB_RW_CONNSTR }}
        db_table: "gh_workflow_stats_neon"
        gh_token: ${{ secrets.GITHUB_TOKEN }}
        duration: '2h'
  gh-workflow-stats-batch-48h:
    name: GitHub Workflow Stats Batch 48 hours
    if: github.event.schedule == '25 0 * * *'
    runs-on: ubuntu-22.04
    permissions:
      actions: read
    steps:
    - name: Export Workflow Run for the past 48 hours
      uses: neondatabase/gh-workflow-stats-action@v0.2.1
      with:
        db_uri: ${{ secrets.GH_REPORT_STATS_DB_RW_CONNSTR }}
        db_table: "gh_workflow_stats_neon"
        gh_token: ${{ secrets.GITHUB_TOKEN }}
        duration: '48h'
  gh-workflow-stats-batch-30d:
    name: GitHub Workflow Stats Batch 30 days
    if: github.event.schedule == '25 1 * * 6'
    runs-on: ubuntu-22.04
    permissions:
      actions: read
    steps:
    - name: Export Workflow Run for the past 30 days
      uses: neondatabase/gh-workflow-stats-action@v0.2.1
      with:
        db_uri: ${{ secrets.GH_REPORT_STATS_DB_RW_CONNSTR }}
        db_table: "gh_workflow_stats_neon"
        gh_token: ${{ secrets.GITHUB_TOKEN }}
        duration: '720h'
--- a/.github/workflows/trigger-e2e-tests.yml
+++ b/.github/workflows/trigger-e2e-tests.yml
@@ -51,8 +51,6 @@ jobs:
            echo "tag=release-$(git rev-list --count HEAD)" | tee -a $GITHUB_OUTPUT
          elif [[ "$GITHUB_REF_NAME" == "release-proxy" ]]; then
            echo "tag=release-proxy-$(git rev-list --count HEAD)" >> $GITHUB_OUTPUT
          elif [[ "$GITHUB_REF_NAME" == "release-compute" ]]; then
            echo "tag=release-compute-$(git rev-list --count HEAD)" >> $GITHUB_OUTPUT
          else
            echo "GITHUB_REF_NAME (value '$GITHUB_REF_NAME') is not set to either 'main' or 'release'"
            BUILD_AND_TEST_RUN_ID=$(gh run list -b $CURRENT_BRANCH -c $CURRENT_SHA -w 'Build and Test' -L 1 --json databaseId --jq '.[].databaseId')
@@ -104,17 +102,12 @@ jobs:
          # Default set of platforms to run e2e tests on
          platforms='["docker", "k8s"]'
-          # If a PR changes anything that affects computes, add k8s-neonvm to the list of platforms.
+          # If the PR changes vendor/, pgxn/ or libs/vm_monitor/ directories, or Dockerfile.compute-node, add k8s-neonvm to the list of platforms.
          # If the workflow run is not a pull request, add k8s-neonvm to the list.
          if [ "$GITHUB_EVENT_NAME" == "pull_request" ]; then
            for f in $(gh api "/repos/${GITHUB_REPOSITORY}/pulls/${PR_NUMBER}/files" --paginate --jq '.[].filename'); do
              case "$f" in
-                # List of directories that contain code which affect compute images.
+                vendor/*|pgxn/*|libs/vm_monitor/*|Dockerfile.compute-node)
                #
                # This isn't exhaustive, just the paths that are most directly compute-related.
                # For example, compute_ctl also depends on libs/utils, but we don't trigger
                # an e2e run on that.
                vendor/*|pgxn/*|compute_tools/*|libs/vm_monitor/*|compute/compute-node.Dockerfile)
                  platforms=$(echo "${platforms}" | jq --compact-output '. += ["k8s-neonvm"] | unique')
                  ;;
                *)
--- a/.gitignore
+++ b/.gitignore
@@ -6,8 +6,6 @@ __pycache__/
 test_output/
 .vscode
 .idea
 *.swp
 tags
 neon.iml
 /.neon
 /integration_tests/.neon
--- a/5
+++ b/5
@@ -1,8 +1,7 @@
 /.github/ @neondatabase/developer-productivity
 /compute_tools/ @neondatabase/control-plane @neondatabase/compute
 /storage_controller @neondatabase/storage
 /libs/pageserver_api/ @neondatabase/storage
 /libs/postgres_ffi/ @neondatabase/compute @neondatabase/storage
 /libs/proxy/ @neondatabase/proxy
 /libs/remote_storage/ @neondatabase/storage
 /libs/safekeeper_api/ @neondatabase/storage
 /libs/vm_monitor/ @neondatabase/autoscaling
@@ -11,6 +10,4 @@
 /pgxn/neon/ @neondatabase/compute @neondatabase/storage
 /proxy/ @neondatabase/proxy
 /safekeeper/ @neondatabase/storage
 /storage_controller @neondatabase/storage
 /storage_scrubber @neondatabase/storage
 /vendor/ @neondatabase/compute
--- a/Cargo.lock
+++ b/Cargo.lock
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -33,11 +33,6 @@ members = [
    "libs/postgres_ffi/wal_craft",
    "libs/vm_monitor",
    "libs/walproposer",
    "libs/wal_decoder",
    "libs/postgres_initdb",
    "libs/proxy/postgres-protocol2",
    "libs/proxy/postgres-types2",
    "libs/proxy/tokio-postgres2",
 ]
 [workspace.package]
@@ -58,32 +53,32 @@ azure_storage_blobs = { version = "0.19", default-features = false, features = [
 flate2 = "1.0.26"
 async-stream = "0.3"
 async-trait = "0.1"
-aws-config = { version = "1.5", default-features = false, features=["rustls", "sso"] }
+aws-config = { version = "1.3", default-features = false, features=["rustls"] }
-aws-sdk-s3 = "1.52"
+aws-sdk-s3 = "1.26"
-aws-sdk-iam = "1.46.0"
+aws-sdk-iam = "1.15.0"
 aws-sdk-kms = "1.47.0"
 aws-smithy-async = { version = "1.2.1", default-features = false, features=["rt-tokio"] }
-aws-smithy-types = "1.2"
+aws-smithy-types = "1.1.9"
 aws-credential-types = "1.2.0"
-aws-sigv4 = { version = "1.2", features = ["sign-http"] }
+aws-sigv4 = { version = "1.2.1", features = ["sign-http"] }
-aws-types = "1.3"
+aws-types = "1.2.0"
-axum = { version = "0.7.5", features = ["ws"] }
+axum = { version = "0.6.20", features = ["ws"] }
 base64 = "0.13.0"
 bincode = "1.3"
 bindgen = "0.70"
 bit_field = "0.10.2"
 bstr = "1.0"
 byteorder = "1.4"
-bytes = "1.9"
+bytes = "1.0"
 camino = "1.1.6"
 cfg-if = "1.0.0"
 chrono = { version = "0.4", default-features = false, features = ["clock"] }
-clap = { version = "4.0", features = ["derive", "env"] }
+clap = { version = "4.0", features = ["derive"] }
 comfy-table = "7.1"
 const_format = "0.2"
 crc32c = "0.6"
 crossbeam-deque = "0.8.5"
 crossbeam-utils = "0.8.5"
 dashmap = { version = "5.5.0", features = ["raw-api"] }
 diatomic-waker = { version = "0.2.3" }
 either = "1.8"
 enum-map = "2.4.2"
 enumset = "1.0.12"
@@ -100,59 +95,54 @@ hdrhistogram = "7.5.2"
 hex = "0.4"
 hex-literal = "0.4"
 hmac = "0.12.1"
-hostname = "0.4"
+hostname = "0.3.1"
 http = {version = "1.1.0", features = ["std"]}
 http-types = { version = "2", default-features = false }
 http-body-util = "0.1.2"
 humantime = "2.1"
 humantime-serde = "1.1.1"
-hyper0 = { package = "hyper", version = "0.14" }
+hyper = "0.14"
-hyper = "1.4"
+tokio-tungstenite = "0.20.0"
 hyper-util = "0.1"
 tokio-tungstenite = "0.21.0"
 indexmap = "2"
 indoc = "2"
-ipnet = "2.10.0"
+inotify = "0.10.2"
 ipnet = "2.9.0"
 itertools = "0.10"
 itoa = "1.0.11"
 jemalloc_pprof = "0.6"
 jsonwebtoken = "9"
 lasso = "0.7"
 libc = "0.2"
 md5 = "0.7.0"
 measured = { version = "0.0.22", features=["lasso"] }
 measured-process = { version = "0.0.22" }
-memoffset = "0.9"
+memoffset = "0.8"
 nix = { version = "0.27", features = ["dir", "fs", "process", "socket", "signal", "poll"] }
 notify = "6.0.0"
 num_cpus = "1.15"
 num-traits = "0.2.15"
 once_cell = "1.13"
-opentelemetry = "0.26"
+opentelemetry = "0.20.0"
-opentelemetry_sdk = "0.26"
+opentelemetry-otlp = { version = "0.13.0", default-features=false, features = ["http-proto", "trace", "http", "reqwest-client"] }
-opentelemetry-otlp = { version = "0.26", default-features=false, features = ["http-proto", "trace", "http", "reqwest-client"] }
+opentelemetry-semantic-conventions = "0.12.0"
 opentelemetry-semantic-conventions = "0.26"
 parking_lot = "0.12"
 parquet = { version = "53", default-features = false, features = ["zstd"] }
 parquet_derive = "53"
 pbkdf2 = { version = "0.12.1", features = ["simple", "std"] }
 pin-project-lite = "0.2"
 pprof = { version = "0.14", features = ["criterion", "flamegraph", "protobuf", "protobuf-codec"] }
 procfs = "0.16"
 prometheus = {version = "0.13", default-features=false, features = ["process"]} # removes protobuf dependency
-prost = "0.13"
+prost = "0.11"
 rand = "0.8"
 redis = { version = "0.25.2", features = ["tokio-rustls-comp", "keep-alive"] }
 regex = "1.10.2"
 reqwest = { version = "0.12", default-features = false, features = ["rustls-tls"] }
-reqwest-tracing = { version = "0.5", features = ["opentelemetry_0_26"] }
+reqwest-tracing = { version = "0.5", features = ["opentelemetry_0_20"] }
-reqwest-middleware = "0.4"
+reqwest-middleware = "0.3.0"
-reqwest-retry = "0.7"
+reqwest-retry = "0.5"
 routerify = "3"
 rpds = "0.13"
 rustc-hash = "1.1.0"
-rustls = { version = "0.23.16", default-features = false }
+rustls = "0.22"
 rustls-pemfile = "2"
 rustls-split = "0.3"
 scopeguard = "1.1"
 sysinfo = "0.29.2"
 sd-notify = "0.4.1"
@@ -161,7 +151,7 @@ sentry = { version = "0.32", default-features = false, features = ["backtrace",
 serde = { version = "1.0", features = ["derive"] }
 serde_json = "1"
 serde_path_to_error = "0.1"
-serde_with = { version = "2.0", features = [ "base64" ] }
+serde_with = "2.0"
 serde_assert = "0.5.0"
 sha2 = "0.10.2"
 signal-hook = "0.3"
@@ -174,25 +164,26 @@ strum_macros = "0.26"
 svg_fmt = "0.4.3"
 sync_wrapper = "0.1.2"
 tar = "0.4"
 task-local-extensions = "0.1.4"
 test-context = "0.3"
 thiserror = "1.0"
-tikv-jemallocator = { version = "0.6", features = ["profiling", "stats", "unprefixed_malloc_on_supported_platforms"] }
+tikv-jemallocator = "0.5"
-tikv-jemalloc-ctl = { version = "0.6", features = ["stats"] }
+tikv-jemalloc-ctl = "0.5"
 tokio = { version = "1.17", features = ["macros"] }
 tokio-epoll-uring = { git = "https://github.com/neondatabase/tokio-epoll-uring.git" , branch = "main" }
 tokio-io-timeout = "1.2.0"
-tokio-postgres-rustls = "0.12.0"
+tokio-postgres-rustls = "0.11.0"
-tokio-rustls = { version = "0.26.0", default-features = false, features = ["tls12", "ring"]}
+tokio-rustls = "0.25"
 tokio-stream = "0.1"
 tokio-tar = "0.3"
 tokio-util = { version = "0.7.10", features = ["io", "rt"] }
 toml = "0.8"
 toml_edit = "0.22"
-tonic = {version = "0.12.3", features = ["tls", "tls-roots"]}
+tonic = {version = "0.9", features = ["tls", "tls-roots"]}
 tower-service = "0.3.2"
 tracing = "0.1"
-tracing-error = "0.2"
+tracing-error = "0.2.0"
-tracing-opentelemetry = "0.27"
+tracing-opentelemetry = "0.21.0"
 tracing-subscriber = { version = "0.3", default-features = false, features = ["smallvec", "fmt", "tracing-log", "std", "env-filter", "json"] }
 try-lock = "0.2.5"
 twox-hash = { version = "1.6.3", default-features = false }
@@ -201,33 +192,41 @@ url = "2.2"
 urlencoding = "2.1"
 uuid = { version = "1.6.1", features = ["v4", "v7", "serde"] }
 walkdir = "2.3.2"
-rustls-native-certs = "0.8"
+rustls-native-certs = "0.7"
-x509-parser = "0.16"
+x509-parser = "0.15"
 whoami = "1.5.1"
 zerocopy = { version = "0.7", features = ["derive"] }
 ## TODO replace this with tracing
 env_logger = "0.10"
 log = "0.4"
 ## Libraries from neondatabase/ git forks, ideally with changes to be upstreamed
-postgres = { git = "https://github.com/neondatabase/rust-postgres.git", branch = "neon" }
+
-postgres-protocol = { git = "https://github.com/neondatabase/rust-postgres.git", branch = "neon" }
+# We want to use the 'neon' branch for these, but there's currently one
-postgres-types = { git = "https://github.com/neondatabase/rust-postgres.git", branch = "neon" }
+# incompatible change on the branch. See:
-tokio-postgres = { git = "https://github.com/neondatabase/rust-postgres.git", branch = "neon" }
+#
 # - PR #8076 which contained changes that depended on the new changes in
 #   the rust-postgres crate, and
 # - PR #8654 which reverted those changes and made the code in proxy incompatible
 #   with the tip of the 'neon' branch again.
 #
 # When those proxy changes are re-applied (see PR #8747), we can switch using
 # the tip of the 'neon' branch again.
 postgres = { git = "https://github.com/neondatabase/rust-postgres.git", rev = "20031d7a9ee1addeae6e0968e3899ae6bf01cee2" }
 postgres-protocol = { git = "https://github.com/neondatabase/rust-postgres.git", rev = "20031d7a9ee1addeae6e0968e3899ae6bf01cee2" }
 postgres-types = { git = "https://github.com/neondatabase/rust-postgres.git", rev = "20031d7a9ee1addeae6e0968e3899ae6bf01cee2" }
 tokio-postgres = { git = "https://github.com/neondatabase/rust-postgres.git", rev = "20031d7a9ee1addeae6e0968e3899ae6bf01cee2" }
 ## Local libraries
 compute_api = { version = "0.1", path = "./libs/compute_api/" }
 consumption_metrics = { version = "0.1", path = "./libs/consumption_metrics/" }
 metrics = { version = "0.1", path = "./libs/metrics/" }
 pageserver = { path = "./pageserver" }
 pageserver_api = { version = "0.1", path = "./libs/pageserver_api/" }
 pageserver_client = { path = "./pageserver/client" }
 pageserver_compaction = { version = "0.1", path = "./pageserver/compaction/" }
 postgres_backend = { version = "0.1", path = "./libs/postgres_backend/" }
 postgres_connection = { version = "0.1", path = "./libs/postgres_connection/" }
 postgres_ffi = { version = "0.1", path = "./libs/postgres_ffi/" }
 postgres_initdb = { path = "./libs/postgres_initdb" }
 pq_proto = { version = "0.1", path = "./libs/pq_proto/" }
 remote_storage = { version = "0.1", path = "./libs/remote_storage/" }
 safekeeper_api = { version = "0.1", path = "./libs/safekeeper_api" }
@@ -239,22 +238,21 @@ tracing-utils = { version = "0.1", path = "./libs/tracing-utils/" }
 utils = { version = "0.1", path = "./libs/utils/" }
 vm_monitor = { version = "0.1", path = "./libs/vm_monitor/" }
 walproposer = { version = "0.1", path = "./libs/walproposer/" }
 wal_decoder = { version = "0.1", path = "./libs/wal_decoder" }
 ## Common library dependency
 workspace_hack = { version = "0.1", path = "./workspace_hack/" }
 ## Build dependencies
 criterion = "0.5.1"
-rcgen = "0.13"
+rcgen = "0.12"
 rstest = "0.18"
 camino-tempfile = "1.0.2"
-tonic-build = "0.12"
+tonic-build = "0.9"
 [patch.crates-io]
 # Needed to get `tokio-postgres-rustls` to depend on our fork.
-tokio-postgres = { git = "https://github.com/neondatabase/rust-postgres.git", branch = "neon" }
+tokio-postgres = { git = "https://github.com/neondatabase/rust-postgres.git", rev = "20031d7a9ee1addeae6e0968e3899ae6bf01cee2" }
 ################# Binary contents sections
--- a/4
+++ b/4
@@ -7,8 +7,6 @@ ARG IMAGE=build-tools
 ARG TAG=pinned
 ARG DEFAULT_PG_VERSION=17
 ARG STABLE_PG_VERSION=16
 ARG DEBIAN_VERSION=bookworm
 ARG DEBIAN_FLAVOR=${DEBIAN_VERSION}-slim
 # Build Postgres
 FROM $REPOSITORY/$IMAGE:$TAG AS pg-build
@@ -59,7 +57,7 @@ RUN set -e \
 # Build final image
 #
-FROM debian:${DEBIAN_FLAVOR}
+FROM debian:bullseye-slim
 ARG DEFAULT_PG_VERSION
 WORKDIR /data
--- a/Dockerfile.build-tools
+++ b/Dockerfile.build-tools
@@ -1,70 +1,18 @@
-ARG DEBIAN_VERSION=bookworm
+FROM debian:bullseye-slim
-FROM debian:bookworm-slim AS pgcopydb_builder
+# Use ARG as a build-time environment variable here to allow.
-ARG DEBIAN_VERSION
+# It's not supposed to be set outside.
-
+# Alternatively it can be obtained using the following command
-RUN if [ "${DEBIAN_VERSION}" = "bookworm" ]; then \
+# ```
-        set -e && \
+# . /etc/os-release && echo "${VERSION_CODENAME}"
-        apt update && \
+# ```
-        apt install -y --no-install-recommends \
+ARG DEBIAN_VERSION_CODENAME=bullseye
        ca-certificates wget gpg && \
        wget -qO - https://www.postgresql.org/media/keys/ACCC4CF8.asc | gpg --dearmor -o /usr/share/keyrings/postgresql-keyring.gpg && \
        echo "deb [signed-by=/usr/share/keyrings/postgresql-keyring.gpg] http://apt.postgresql.org/pub/repos/apt bookworm-pgdg main" > /etc/apt/sources.list.d/pgdg.list && \
        apt-get update && \
        apt install -y --no-install-recommends \
        build-essential \
        autotools-dev \
        libedit-dev \
        libgc-dev \
        libpam0g-dev \
        libreadline-dev \
        libselinux1-dev \
        libxslt1-dev \
        libssl-dev \
        libkrb5-dev \
        zlib1g-dev \
        liblz4-dev \
        libpq5 \
        libpq-dev \
        libzstd-dev \
        postgresql-16 \
        postgresql-server-dev-16 \
        postgresql-common  \
        python3-sphinx && \
        wget -O /tmp/pgcopydb.tar.gz https://github.com/dimitri/pgcopydb/archive/refs/tags/v0.17.tar.gz && \
        mkdir /tmp/pgcopydb && \
        tar -xzf /tmp/pgcopydb.tar.gz -C /tmp/pgcopydb --strip-components=1 && \
        cd /tmp/pgcopydb && \
        make -s clean && \
        make -s -j12 install && \
        libpq_path=$(find /lib /usr/lib -name "libpq.so.5" | head -n 1) && \
        mkdir -p /pgcopydb/lib && \
        cp "$libpq_path" /pgcopydb/lib/; \
    else \
        # copy command below will fail if we don't have dummy files, so we create them for other debian versions
        mkdir -p /usr/lib/postgresql/16/bin && touch /usr/lib/postgresql/16/bin/pgcopydb && \
        mkdir -p mkdir -p /pgcopydb/lib && touch /pgcopydb/lib/libpq.so.5; \
    fi
 FROM debian:${DEBIAN_VERSION}-slim AS build_tools
 ARG DEBIAN_VERSION
 # Add nonroot user
 RUN useradd -ms /bin/bash nonroot -b /home
 SHELL ["/bin/bash", "-c"]
 RUN mkdir -p /pgcopydb/bin && \
    mkdir -p /pgcopydb/lib && \
    chmod -R 755 /pgcopydb && \
    chown -R nonroot:nonroot /pgcopydb
 COPY --from=pgcopydb_builder /usr/lib/postgresql/16/bin/pgcopydb /pgcopydb/bin/pgcopydb
 COPY --from=pgcopydb_builder /pgcopydb/lib/libpq.so.5 /pgcopydb/lib/libpq.so.5
 # System deps
 #
 # 'gdb' is included so that we get backtraces of core dumps produced in
 # regression tests
 RUN set -e \
    && apt update \
    && apt install -y \
@@ -76,12 +24,10 @@ RUN set -e \
        cmake \
        curl \
        flex \
        gdb \
        git \
        gnupg \
        gzip \
        jq \
        jsonnet \
        libcurl4-openssl-dev \
        libbz2-dev \
        libffi-dev \
@@ -92,14 +38,14 @@ RUN set -e \
        libseccomp-dev \
        libsqlite3-dev \
        libssl-dev \
-        $([[ "${DEBIAN_VERSION}" = "bullseye" ]] && echo libstdc++-10-dev || echo libstdc++-11-dev) \
+        libstdc++-10-dev \
        libtool \
        libxml2-dev \
        libxmlsec1-dev \
        libxxhash-dev \
        lsof \
        make \
-        netcat-openbsd \
+        netcat \
        net-tools \
        openssh-client \
        parallel \
@@ -111,18 +57,6 @@ RUN set -e \
        zstd \
    && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
 # sql_exporter
 # Keep the version the same as in compute/compute-node.Dockerfile and
 # test_runner/regress/test_compute_metrics.py.
 ENV SQL_EXPORTER_VERSION=0.13.1
 RUN curl -fsSL \
    "https://github.com/burningalchemist/sql_exporter/releases/download/${SQL_EXPORTER_VERSION}/sql_exporter-${SQL_EXPORTER_VERSION}.linux-$(case "$(uname -m)" in x86_64) echo amd64;; aarch64) echo arm64;; esac).tar.gz" \
    --output sql_exporter.tar.gz \
    && mkdir /tmp/sql_exporter \
    && tar xzvf sql_exporter.tar.gz -C /tmp/sql_exporter --strip-components=1 \
    && mv /tmp/sql_exporter/sql_exporter /usr/local/bin/sql_exporter
 # protobuf-compiler (protoc)
 ENV PROTOC_VERSION=25.1
 RUN curl -fsSL "https://github.com/protocolbuffers/protobuf/releases/download/v${PROTOC_VERSION}/protoc-${PROTOC_VERSION}-linux-$(uname -m | sed 's/aarch64/aarch_64/g').zip" -o "protoc.zip" \
@@ -138,9 +72,9 @@ RUN curl -sL "https://github.com/peak/s5cmd/releases/download/v${S5CMD_VERSION}/
    && mv s5cmd /usr/local/bin/s5cmd
 # LLVM
-ENV LLVM_VERSION=19
+ENV LLVM_VERSION=18
 RUN curl -fsSL 'https://apt.llvm.org/llvm-snapshot.gpg.key' | apt-key add - \
-    && echo "deb http://apt.llvm.org/${DEBIAN_VERSION}/ llvm-toolchain-${DEBIAN_VERSION}-${LLVM_VERSION} main" > /etc/apt/sources.list.d/llvm.stable.list \
+    && echo "deb http://apt.llvm.org/${DEBIAN_VERSION_CODENAME}/ llvm-toolchain-${DEBIAN_VERSION_CODENAME}-${LLVM_VERSION} main" > /etc/apt/sources.list.d/llvm.stable.list \
    && apt update \
    && apt install -y clang-${LLVM_VERSION} llvm-${LLVM_VERSION} \
    && bash -c 'for f in /usr/bin/clang*-${LLVM_VERSION} /usr/bin/llvm*-${LLVM_VERSION}; do ln -s "${f}" "${f%-${LLVM_VERSION}}"; done' \
@@ -148,7 +82,7 @@ RUN curl -fsSL 'https://apt.llvm.org/llvm-snapshot.gpg.key' | apt-key add - \
 # Install docker
 RUN curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg \
-    && echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian ${DEBIAN_VERSION} stable" > /etc/apt/sources.list.d/docker.list \
+    && echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian ${DEBIAN_VERSION_CODENAME} stable" > /etc/apt/sources.list.d/docker.list \
    && apt update \
    && apt install -y docker-ce docker-ce-cli \
    && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
@@ -165,7 +99,7 @@ RUN curl "https://awscli.amazonaws.com/awscli-exe-linux-$(uname -m).zip" -o "aws
    && rm awscliv2.zip
 # Mold: A Modern Linker
-ENV MOLD_VERSION=v2.34.1
+ENV MOLD_VERSION=v2.33.0
 RUN set -e \
    && git clone https://github.com/rui314/mold.git \
    && mkdir mold/build \
@@ -208,7 +142,7 @@ RUN wget -O /tmp/openssl-${OPENSSL_VERSION}.tar.gz https://www.openssl.org/sourc
 # Use the same version of libicu as the compute nodes so that
 # clusters created using inidb on pageserver can be used by computes.
 #
-# TODO: at this time, compute-node.Dockerfile uses the debian bullseye libicu
+# TODO: at this time, Dockerfile.compute-node uses the debian bullseye libicu
 # package, which is 67.1. We're duplicating that knowledge here, and also, technically,
 # Debian has a few patches on top of 67.1 that we're not adding here.
 ENV ICU_VERSION=67.1
@@ -234,7 +168,7 @@ USER nonroot:nonroot
 WORKDIR /home/nonroot
 # Python
-ENV PYTHON_VERSION=3.11.10 \
+ENV PYTHON_VERSION=3.9.19 \
    PYENV_ROOT=/home/nonroot/.pyenv \
    PATH=/home/nonroot/.pyenv/shims:/home/nonroot/.pyenv/bin:/home/nonroot/.poetry/bin:$PATH
 RUN set -e \
@@ -258,14 +192,14 @@ WORKDIR /home/nonroot
 # Rust
 # Please keep the version of llvm (installed above) in sync with rust llvm (`rustc --version --verbose | grep LLVM`)
-ENV RUSTC_VERSION=1.83.0
+ENV RUSTC_VERSION=1.81.0
 ENV RUSTUP_HOME="/home/nonroot/.rustup"
 ENV PATH="/home/nonroot/.cargo/bin:${PATH}"
 ARG RUSTFILT_VERSION=0.2.1
-ARG CARGO_HAKARI_VERSION=0.9.33
+ARG CARGO_HAKARI_VERSION=0.9.30
-ARG CARGO_DENY_VERSION=0.16.2
+ARG CARGO_DENY_VERSION=0.16.1
-ARG CARGO_HACK_VERSION=0.6.33
+ARG CARGO_HACK_VERSION=0.6.31
-ARG CARGO_NEXTEST_VERSION=0.9.85
+ARG CARGO_NEXTEST_VERSION=0.9.72
 RUN curl -sSO https://static.rust-lang.org/rustup/dist/$(uname -m)-unknown-linux-gnu/rustup-init && whoami && \
 	chmod +x rustup-init && \
 	./rustup-init -y --default-toolchain ${RUSTC_VERSION} && \
@@ -291,11 +225,5 @@ RUN whoami \
    && rustc --version --verbose \
    && clang --version
 RUN if [ "${DEBIAN_VERSION}" = "bookworm" ]; then \
    LD_LIBRARY_PATH=/pgcopydb/lib /pgcopydb/bin/pgcopydb --version; \
 else \
    echo "pgcopydb is not available for ${DEBIAN_VERSION}"; \
 fi
 # Set following flag to check in Makefile if its running in Docker
 RUN touch /home/nonroot/.docker_build
--- a/compute/compute-node.Dockerfile
+++ b/compute/compute-node.Dockerfile
--- a/22
+++ b/22
@@ -38,7 +38,6 @@ ifeq ($(UNAME_S),Linux)
 	# Seccomp BPF is only available for Linux
 	PG_CONFIGURE_OPTS += --with-libseccomp
 else ifeq ($(UNAME_S),Darwin)
 	PG_CFLAGS += -DUSE_PREFETCH
 	ifndef DISABLE_HOMEBREW
 		# macOS with brew-installed openssl requires explicit paths
 		# It can be configured with OPENSSL_PREFIX variable
@@ -147,8 +146,6 @@ postgres-%: postgres-configure-% \
 	$(MAKE) -C $(POSTGRES_INSTALL_DIR)/build/$*/contrib/pg_prewarm install
 	+@echo "Compiling pg_buffercache $*"
 	$(MAKE) -C $(POSTGRES_INSTALL_DIR)/build/$*/contrib/pg_buffercache install
 	+@echo "Compiling pg_visibility $*"
 	$(MAKE) -C $(POSTGRES_INSTALL_DIR)/build/$*/contrib/pg_visibility install
 	+@echo "Compiling pageinspect $*"
 	$(MAKE) -C $(POSTGRES_INSTALL_DIR)/build/$*/contrib/pageinspect install
 	+@echo "Compiling amcheck $*"
@@ -171,27 +168,27 @@ postgres-check-%: postgres-%
 neon-pg-ext-%: postgres-%
 	+@echo "Compiling neon $*"
 	mkdir -p $(POSTGRES_INSTALL_DIR)/build/neon-$*
-	$(MAKE) PG_CONFIG=$(POSTGRES_INSTALL_DIR)/$*/bin/pg_config COPT='$(COPT)' \
+	$(MAKE) PG_CONFIG=$(POSTGRES_INSTALL_DIR)/$*/bin/pg_config CFLAGS='$(PG_CFLAGS) $(COPT)' \
 		-C $(POSTGRES_INSTALL_DIR)/build/neon-$* \
 		-f $(ROOT_PROJECT_DIR)/pgxn/neon/Makefile install
 	+@echo "Compiling neon_walredo $*"
 	mkdir -p $(POSTGRES_INSTALL_DIR)/build/neon-walredo-$*
-	$(MAKE) PG_CONFIG=$(POSTGRES_INSTALL_DIR)/$*/bin/pg_config COPT='$(COPT)' \
+	$(MAKE) PG_CONFIG=$(POSTGRES_INSTALL_DIR)/$*/bin/pg_config CFLAGS='$(PG_CFLAGS) $(COPT)' \
 		-C $(POSTGRES_INSTALL_DIR)/build/neon-walredo-$* \
 		-f $(ROOT_PROJECT_DIR)/pgxn/neon_walredo/Makefile install
 	+@echo "Compiling neon_rmgr $*"
 	mkdir -p $(POSTGRES_INSTALL_DIR)/build/neon-rmgr-$*
-	$(MAKE) PG_CONFIG=$(POSTGRES_INSTALL_DIR)/$*/bin/pg_config COPT='$(COPT)' \
+	$(MAKE) PG_CONFIG=$(POSTGRES_INSTALL_DIR)/$*/bin/pg_config CFLAGS='$(PG_CFLAGS) $(COPT)' \
 		-C $(POSTGRES_INSTALL_DIR)/build/neon-rmgr-$* \
 		-f $(ROOT_PROJECT_DIR)/pgxn/neon_rmgr/Makefile install
 	+@echo "Compiling neon_test_utils $*"
 	mkdir -p $(POSTGRES_INSTALL_DIR)/build/neon-test-utils-$*
-	$(MAKE) PG_CONFIG=$(POSTGRES_INSTALL_DIR)/$*/bin/pg_config COPT='$(COPT)' \
+	$(MAKE) PG_CONFIG=$(POSTGRES_INSTALL_DIR)/$*/bin/pg_config CFLAGS='$(PG_CFLAGS) $(COPT)' \
 		-C $(POSTGRES_INSTALL_DIR)/build/neon-test-utils-$* \
 		-f $(ROOT_PROJECT_DIR)/pgxn/neon_test_utils/Makefile install
 	+@echo "Compiling neon_utils $*"
 	mkdir -p $(POSTGRES_INSTALL_DIR)/build/neon-utils-$*
-	$(MAKE) PG_CONFIG=$(POSTGRES_INSTALL_DIR)/$*/bin/pg_config COPT='$(COPT)' \
+	$(MAKE) PG_CONFIG=$(POSTGRES_INSTALL_DIR)/$*/bin/pg_config CFLAGS='$(PG_CFLAGS) $(COPT)' \
 		-C $(POSTGRES_INSTALL_DIR)/build/neon-utils-$* \
 		-f $(ROOT_PROJECT_DIR)/pgxn/neon_utils/Makefile install
@@ -223,7 +220,7 @@ neon-pg-clean-ext-%:
 walproposer-lib: neon-pg-ext-v17
 	+@echo "Compiling walproposer-lib"
 	mkdir -p $(POSTGRES_INSTALL_DIR)/build/walproposer-lib
-	$(MAKE) PG_CONFIG=$(POSTGRES_INSTALL_DIR)/v17/bin/pg_config COPT='$(COPT)' \
+	$(MAKE) PG_CONFIG=$(POSTGRES_INSTALL_DIR)/v17/bin/pg_config CFLAGS='$(PG_CFLAGS) $(COPT)' \
 		-C $(POSTGRES_INSTALL_DIR)/build/walproposer-lib \
 		-f $(ROOT_PROJECT_DIR)/pgxn/neon/Makefile walproposer-lib
 	cp $(POSTGRES_INSTALL_DIR)/v17/lib/libpgport.a $(POSTGRES_INSTALL_DIR)/build/walproposer-lib
@@ -294,13 +291,12 @@ postgres-check: \
 # This doesn't remove the effects of 'configure'.
 .PHONY: clean
 clean: postgres-clean neon-pg-clean-ext
 	$(MAKE) -C compute clean
 	$(CARGO_CMD_PREFIX) cargo clean
 # This removes everything
 .PHONY: distclean
 distclean:
-	$(RM) -r $(POSTGRES_INSTALL_DIR)
+	rm -rf $(POSTGRES_INSTALL_DIR)
 	$(CARGO_CMD_PREFIX) cargo clean
 .PHONY: fmt
@@ -332,12 +328,12 @@ postgres-%-pgindent: postgres-%-pg-bsd-indent postgres-%-typedefs.list
 		$(ROOT_PROJECT_DIR)/vendor/postgres-$*/src/tools/pgindent/pgindent --typedefs postgres-$*-typedefs-full.list \
 		$(ROOT_PROJECT_DIR)/vendor/postgres-$*/src/ \
 		--excludes $(ROOT_PROJECT_DIR)/vendor/postgres-$*/src/tools/pgindent/exclude_file_patterns
-	$(RM) pg*.BAK
+	rm -f pg*.BAK
 # Indent pxgn/neon.
 .PHONY: neon-pgindent
 neon-pgindent: postgres-v17-pg-bsd-indent neon-pg-ext-v17
-	$(MAKE) PG_CONFIG=$(POSTGRES_INSTALL_DIR)/v17/bin/pg_config COPT='$(COPT)' \
+	$(MAKE) PG_CONFIG=$(POSTGRES_INSTALL_DIR)/v17/bin/pg_config CFLAGS='$(PG_CFLAGS) $(COPT)' \
 		FIND_TYPEDEF=$(ROOT_PROJECT_DIR)/vendor/postgres-v17/src/tools/find_typedef \
 		INDENT=$(POSTGRES_INSTALL_DIR)/build/v17/src/tools/pg_bsd_indent/pg_bsd_indent \
 		PGINDENT_SCRIPT=$(ROOT_PROJECT_DIR)/vendor/postgres-v17/src/tools/pgindent/pgindent \
--- a/README.md
+++ b/README.md
@@ -31,7 +31,7 @@ See developer documentation in [SUMMARY.md](/docs/SUMMARY.md) for more informati
 ```bash
 apt install build-essential libtool libreadline-dev zlib1g-dev flex bison libseccomp-dev \
 libssl-dev clang pkg-config libpq-dev cmake postgresql-client protobuf-compiler \
-libprotobuf-dev libcurl4-openssl-dev openssl python3-poetry lsof libicu-dev
+libcurl4-openssl-dev openssl python3-poetry lsof libicu-dev
 ```
 * On Fedora, these packages are needed:
 ```bash
@@ -58,7 +58,7 @@ curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
 1. Install XCode and dependencies
 ```
 xcode-select --install
-brew install protobuf openssl flex bison icu4c pkg-config m4
+brew install protobuf openssl flex bison icu4c pkg-config
 # add openssl to PATH, required for ed25519 keys generation in neon_local
 echo 'export PATH="$(brew --prefix openssl)/bin:$PATH"' >> ~/.zshrc
@@ -132,7 +132,7 @@ make -j`sysctl -n hw.logicalcpu` -s
 To run the `psql` client, install the `postgresql-client` package or modify `PATH` and `LD_LIBRARY_PATH` to include `pg_install/bin` and `pg_install/lib`, respectively.
 To run the integration tests or Python scripts (not required to use the code), install
-Python (3.11 or higher), and install the python3 packages using `./scripts/pysync` (requires [poetry>=1.8](https://python-poetry.org/)) in the project directory.
+Python (3.9 or higher), and install the python3 packages using `./scripts/pysync` (requires [poetry>=1.8](https://python-poetry.org/)) in the project directory.
 #### Running neon database
--- a/compute/.gitignore
+++ b/compute/.gitignore
@@ -1,5 +0,0 @@
 # sql_exporter config files generated from Jsonnet
 etc/neon_collector.yml
 etc/neon_collector_autoscaling.yml
 etc/sql_exporter.yml
 etc/sql_exporter_autoscaling.yml
--- a/compute/Makefile
+++ b/compute/Makefile
@@ -1,50 +0,0 @@
 jsonnet_files = $(wildcard \
 	etc/*.jsonnet \
 	etc/sql_exporter/*.libsonnet)
 .PHONY: all
 all: neon_collector.yml neon_collector_autoscaling.yml sql_exporter.yml sql_exporter_autoscaling.yml
 neon_collector.yml: $(jsonnet_files)
 	JSONNET_PATH=jsonnet:etc jsonnet \
 		--output-file etc/$@ \
 		--ext-str pg_version=$(PG_VERSION) \
 		etc/neon_collector.jsonnet
 neon_collector_autoscaling.yml: $(jsonnet_files)
 	JSONNET_PATH=jsonnet:etc jsonnet \
 		--output-file etc/$@ \
 		--ext-str pg_version=$(PG_VERSION) \
 		etc/neon_collector_autoscaling.jsonnet
 sql_exporter.yml: $(jsonnet_files)
 	JSONNET_PATH=etc jsonnet \
 		--output-file etc/$@ \
 		--tla-str collector_name=neon_collector \
 		--tla-str collector_file=neon_collector.yml \
 		--tla-str 'connection_string=postgresql://cloud_admin@127.0.0.1:5432/postgres?sslmode=disable&application_name=sql_exporter' \
 		etc/sql_exporter.jsonnet
 sql_exporter_autoscaling.yml: $(jsonnet_files)
 	JSONNET_PATH=etc jsonnet \
 		--output-file etc/$@ \
 		--tla-str collector_name=neon_collector_autoscaling \
 		--tla-str collector_file=neon_collector_autoscaling.yml \
 		--tla-str 'connection_string=postgresql://cloud_admin@127.0.0.1:5432/postgres?sslmode=disable&application_name=sql_exporter_autoscaling' \
 		etc/sql_exporter.jsonnet
 .PHONY: clean
 clean:
 	$(RM) \
 		etc/neon_collector.yml \
 		etc/neon_collector_autoscaling.yml \
 		etc/sql_exporter.yml \
 		etc/sql_exporter_autoscaling.yml
 .PHONY: jsonnetfmt-test
 jsonnetfmt-test:
 	jsonnetfmt --test $(jsonnet_files)
 .PHONY: jsonnetfmt-format
 jsonnetfmt-format:
 	jsonnetfmt --in-place $(jsonnet_files)
--- a/compute/README.md
+++ b/compute/README.md
@@ -1,21 +0,0 @@
 This directory contains files that are needed to build the compute
 images, or included in the compute images.
 compute-node.Dockerfile
 	To build the compute image
 vm-image-spec.yaml
 	Instructions for vm-builder, to turn the compute-node image into
 	corresponding vm-compute-node image.
 etc/
 	Configuration files included in /etc in the compute image
 patches/
 	Some extensions need to be patched to work with Neon. This
 	directory contains such patches. They are applied to the extension
 	sources in compute-node.Dockerfile
 In addition to these, postgres itself, the neon postgres extension,
 and compute_ctl are built and copied into the compute image by
 compute-node.Dockerfile.
--- a/compute/etc/README.md
+++ b/compute/etc/README.md
@@ -1,17 +0,0 @@
 # Compute Configuration
 These files are the configuration files for various other pieces of software
 that will be running in the compute alongside Postgres.
 ## `sql_exporter`
 ### Adding a `sql_exporter` Metric
 We use `sql_exporter` to export various metrics from Postgres. In order to add
 a metric, you will need to create two files: a `libsonnet` and a `sql` file. You
 will then import the `libsonnet` file in one of the collector files, and the
 `sql` file will be imported in the `libsonnet` file.
 In the event your statistic is an LSN, you may want to cast it to a `float8`
 because Prometheus only supports floats. It's probably fine because `float8` can
 store integers from `-2^53` to `+2^53` exactly.
--- a/compute/etc/neon_collector.jsonnet
+++ b/compute/etc/neon_collector.jsonnet
@@ -1,54 +0,0 @@
 {
  collector_name: 'neon_collector',
  metrics: [
    import 'sql_exporter/checkpoints_req.libsonnet',
    import 'sql_exporter/checkpoints_timed.libsonnet',
    import 'sql_exporter/compute_backpressure_throttling_seconds.libsonnet',
    import 'sql_exporter/compute_current_lsn.libsonnet',
    import 'sql_exporter/compute_logical_snapshot_files.libsonnet',
    import 'sql_exporter/compute_logical_snapshots_bytes.libsonnet',
    import 'sql_exporter/compute_max_connections.libsonnet',
    import 'sql_exporter/compute_receive_lsn.libsonnet',
    import 'sql_exporter/compute_subscriptions_count.libsonnet',
    import 'sql_exporter/connection_counts.libsonnet',
    import 'sql_exporter/db_total_size.libsonnet',
    import 'sql_exporter/file_cache_read_wait_seconds_bucket.libsonnet',
    import 'sql_exporter/file_cache_read_wait_seconds_count.libsonnet',
    import 'sql_exporter/file_cache_read_wait_seconds_sum.libsonnet',
    import 'sql_exporter/file_cache_write_wait_seconds_bucket.libsonnet',
    import 'sql_exporter/file_cache_write_wait_seconds_count.libsonnet',
    import 'sql_exporter/file_cache_write_wait_seconds_sum.libsonnet',
    import 'sql_exporter/getpage_prefetch_discards_total.libsonnet',
    import 'sql_exporter/getpage_prefetch_misses_total.libsonnet',
    import 'sql_exporter/getpage_prefetch_requests_total.libsonnet',
    import 'sql_exporter/getpage_prefetches_buffered.libsonnet',
    import 'sql_exporter/getpage_sync_requests_total.libsonnet',
    import 'sql_exporter/getpage_wait_seconds_bucket.libsonnet',
    import 'sql_exporter/getpage_wait_seconds_count.libsonnet',
    import 'sql_exporter/getpage_wait_seconds_sum.libsonnet',
    import 'sql_exporter/lfc_approximate_working_set_size.libsonnet',
    import 'sql_exporter/lfc_approximate_working_set_size_windows.libsonnet',
    import 'sql_exporter/lfc_cache_size_limit.libsonnet',
    import 'sql_exporter/lfc_hits.libsonnet',
    import 'sql_exporter/lfc_misses.libsonnet',
    import 'sql_exporter/lfc_used.libsonnet',
    import 'sql_exporter/lfc_writes.libsonnet',
    import 'sql_exporter/logical_slot_restart_lsn.libsonnet',
    import 'sql_exporter/max_cluster_size.libsonnet',
    import 'sql_exporter/pageserver_disconnects_total.libsonnet',
    import 'sql_exporter/pageserver_requests_sent_total.libsonnet',
    import 'sql_exporter/pageserver_send_flushes_total.libsonnet',
    import 'sql_exporter/pageserver_open_requests.libsonnet',
    import 'sql_exporter/pg_stats_userdb.libsonnet',
    import 'sql_exporter/replication_delay_bytes.libsonnet',
    import 'sql_exporter/replication_delay_seconds.libsonnet',
    import 'sql_exporter/retained_wal.libsonnet',
    import 'sql_exporter/wal_is_lost.libsonnet',
  ],
  queries: [
    {
      query_name: 'neon_perf_counters',
      query: importstr 'sql_exporter/neon_perf_counters.sql',
    },
  ],
 }
--- a/compute/etc/neon_collector_autoscaling.jsonnet
+++ b/compute/etc/neon_collector_autoscaling.jsonnet
@@ -1,11 +0,0 @@
 {
  collector_name: 'neon_collector_autoscaling',
  metrics: [
    import 'sql_exporter/lfc_approximate_working_set_size_windows.autoscaling.libsonnet',
    import 'sql_exporter/lfc_cache_size_limit.libsonnet',
    import 'sql_exporter/lfc_hits.libsonnet',
    import 'sql_exporter/lfc_misses.libsonnet',
    import 'sql_exporter/lfc_used.libsonnet',
    import 'sql_exporter/lfc_writes.libsonnet',
  ],
 }
--- a/compute/etc/pgbouncer.ini
+++ b/compute/etc/pgbouncer.ini
@@ -1,21 +0,0 @@
 [databases]
 ;; pgbouncer propagates application_name (if it's specified) to the server, but some
 ;; clients don't set it. We set default application_name=pgbouncer to make it
 ;; easier to identify pgbouncer connections in Postgres. If client sets
 ;; application_name, it will be used instead.
 *=host=localhost port=5432 auth_user=cloud_admin application_name=pgbouncer
 [pgbouncer]
 listen_port=6432
 listen_addr=0.0.0.0
 auth_type=scram-sha-256
 auth_user=cloud_admin
 auth_dbname=postgres
 client_tls_sslmode=disable
 server_tls_sslmode=disable
 pool_mode=transaction
 max_client_conn=10000
 default_pool_size=64
 max_prepared_statements=0
 admin_users=postgres
 unix_socket_dir=/tmp/
 unix_socket_mode=0777
--- a/compute/etc/postgres_exporter.yml
+++ b/compute/etc/postgres_exporter.yml
--- a/compute/etc/sql_exporter.jsonnet
+++ b/compute/etc/sql_exporter.jsonnet
@@ -1,40 +0,0 @@
 function(collector_name, collector_file, connection_string) {
  // Configuration for sql_exporter for autoscaling-agent
  // Global defaults.
  global: {
    // If scrape_timeout <= 0, no timeout is set unless Prometheus provides one. The default is 10s.
    scrape_timeout: '10s',
    // Subtracted from Prometheus' scrape_timeout to give us some headroom and prevent Prometheus from timing out first.
    scrape_timeout_offset: '500ms',
    // Minimum interval between collector runs: by default (0s) collectors are executed on every scrape.
    min_interval: '0s',
    // Maximum number of open connections to any one target. Metric queries will run concurrently on multiple connections,
    // as will concurrent scrapes.
    max_connections: 1,
    // Maximum number of idle connections to any one target. Unless you use very long collection intervals, this should
    // always be the same as max_connections.
    max_idle_connections: 1,
    // Maximum number of maximum amount of time a connection may be reused. Expired connections may be closed lazily before reuse.
    // If 0, connections are not closed due to a connection's age.
    max_connection_lifetime: '5m',
  },
  // The target to monitor and the collectors to execute on it.
  target: {
    // Data source name always has a URI schema that matches the driver name. In some cases (e.g. MySQL)
    // the schema gets dropped or replaced to match the driver expected DSN format.
    data_source_name: connection_string,
    // Collectors (referenced by name) to execute on the target.
    // Glob patterns are supported (see <https://pkg.go.dev/path/filepath#Match> for syntax).
    collectors: [
      collector_name,
    ],
  },
  // Collector files specifies a list of globs. One collector definition is read from each matching file.
  // Glob patterns are supported (see <https://pkg.go.dev/path/filepath#Match> for syntax).
  collector_files: [
    collector_file,
  ],
 }
--- a/compute/etc/sql_exporter/checkpoints_req.17.sql
+++ b/compute/etc/sql_exporter/checkpoints_req.17.sql
@@ -1 +0,0 @@
 SELECT num_requested AS checkpoints_req FROM pg_stat_checkpointer;
--- a/compute/etc/sql_exporter/checkpoints_req.libsonnet
+++ b/compute/etc/sql_exporter/checkpoints_req.libsonnet
@@ -1,15 +0,0 @@
 local neon = import 'neon.libsonnet';
 local pg_stat_bgwriter = importstr 'sql_exporter/checkpoints_req.sql';
 local pg_stat_checkpointer = importstr 'sql_exporter/checkpoints_req.17.sql';
 {
  metric_name: 'checkpoints_req',
  type: 'gauge',
  help: 'Number of requested checkpoints',
  key_labels: null,
  values: [
    'checkpoints_req',
  ],
  query: if neon.PG_MAJORVERSION_NUM < 17 then pg_stat_bgwriter else pg_stat_checkpointer,
 }
--- a/compute/etc/sql_exporter/checkpoints_req.sql
+++ b/compute/etc/sql_exporter/checkpoints_req.sql
@@ -1 +0,0 @@
 SELECT checkpoints_req FROM pg_stat_bgwriter;
--- a/compute/etc/sql_exporter/checkpoints_timed.17.sql
+++ b/compute/etc/sql_exporter/checkpoints_timed.17.sql
@@ -1 +0,0 @@
 SELECT num_timed AS checkpoints_timed FROM pg_stat_checkpointer;
--- a/compute/etc/sql_exporter/checkpoints_timed.libsonnet
+++ b/compute/etc/sql_exporter/checkpoints_timed.libsonnet
@@ -1,15 +0,0 @@
 local neon = import 'neon.libsonnet';
 local pg_stat_bgwriter = importstr 'sql_exporter/checkpoints_timed.sql';
 local pg_stat_checkpointer = importstr 'sql_exporter/checkpoints_timed.17.sql';
 {
  metric_name: 'checkpoints_timed',
  type: 'gauge',
  help: 'Number of scheduled checkpoints',
  key_labels: null,
  values: [
    'checkpoints_timed',
  ],
  query: if neon.PG_MAJORVERSION_NUM < 17 then pg_stat_bgwriter else pg_stat_checkpointer,
 }
--- a/compute/etc/sql_exporter/checkpoints_timed.sql
+++ b/compute/etc/sql_exporter/checkpoints_timed.sql
@@ -1 +0,0 @@
 SELECT checkpoints_timed FROM pg_stat_bgwriter;
--- a/compute/etc/sql_exporter/compute_backpressure_throttling_seconds.libsonnet
+++ b/compute/etc/sql_exporter/compute_backpressure_throttling_seconds.libsonnet
@@ -1,10 +0,0 @@
 {
  metric_name: 'compute_backpressure_throttling_seconds',
  type: 'gauge',
  help: 'Time compute has spent throttled',
  key_labels: null,
  values: [
    'throttled',
  ],
  query: importstr 'sql_exporter/compute_backpressure_throttling_seconds.sql',
 }
--- a/compute/etc/sql_exporter/compute_backpressure_throttling_seconds.sql
+++ b/compute/etc/sql_exporter/compute_backpressure_throttling_seconds.sql
@@ -1 +0,0 @@
 SELECT (neon.backpressure_throttling_time()::float8 / 1000000) AS throttled;
--- a/compute/etc/sql_exporter/compute_current_lsn.libsonnet
+++ b/compute/etc/sql_exporter/compute_current_lsn.libsonnet
@@ -1,10 +0,0 @@
 {
  metric_name: 'compute_current_lsn',
  type: 'gauge',
  help: 'Current LSN of the database',
  key_labels: null,
  values: [
    'lsn',
  ],
  query: importstr 'sql_exporter/compute_current_lsn.sql',
 }
--- a/compute/etc/sql_exporter/compute_current_lsn.sql
+++ b/compute/etc/sql_exporter/compute_current_lsn.sql
@@ -1,4 +0,0 @@
 SELECT CASE
  WHEN pg_catalog.pg_is_in_recovery() THEN (pg_last_wal_replay_lsn() - '0/0')::FLOAT8
  ELSE (pg_current_wal_lsn() - '0/0')::FLOAT8
 END AS lsn;
--- a/compute/etc/sql_exporter/compute_logical_snapshot_files.libsonnet
+++ b/compute/etc/sql_exporter/compute_logical_snapshot_files.libsonnet
@@ -1,12 +0,0 @@
 {
  metric_name: 'compute_logical_snapshot_files',
  type: 'gauge',
  help: 'Number of snapshot files in pg_logical/snapshot',
  key_labels: [
    'timeline_id',
  ],
  values: [
    'num_logical_snapshot_files',
  ],
  query: importstr 'sql_exporter/compute_logical_snapshot_files.sql',
 }
--- a/compute/etc/sql_exporter/compute_logical_snapshot_files.sql
+++ b/compute/etc/sql_exporter/compute_logical_snapshot_files.sql
@@ -1,7 +0,0 @@
 SELECT
  (SELECT setting FROM pg_settings WHERE name = 'neon.timeline_id') AS timeline_id,
  -- Postgres creates temporary snapshot files of the form %X-%X.snap.%d.tmp.
  -- These temporary snapshot files are renamed to the actual snapshot files
  -- after they are completely built. We only WAL-log the completely built
  -- snapshot files
  (SELECT COUNT(*) FROM pg_ls_dir('pg_logical/snapshots') AS name WHERE name LIKE '%.snap') AS num_logical_snapshot_files;
--- a/compute/etc/sql_exporter/compute_logical_snapshots_bytes.15.sql
+++ b/compute/etc/sql_exporter/compute_logical_snapshots_bytes.15.sql
@@ -1,7 +0,0 @@
 SELECT
  (SELECT current_setting('neon.timeline_id')) AS timeline_id,
  -- Postgres creates temporary snapshot files of the form %X-%X.snap.%d.tmp.
  -- These temporary snapshot files are renamed to the actual snapshot files
  -- after they are completely built. We only WAL-log the completely built
  -- snapshot files
  (SELECT COALESCE(sum(size), 0) FROM pg_ls_logicalsnapdir() WHERE name LIKE '%.snap') AS logical_snapshots_bytes;
--- a/compute/etc/sql_exporter/compute_logical_snapshots_bytes.libsonnet
+++ b/compute/etc/sql_exporter/compute_logical_snapshots_bytes.libsonnet
@@ -1,17 +0,0 @@
 local neon = import 'neon.libsonnet';
 local pg_ls_logicalsnapdir = importstr 'sql_exporter/compute_logical_snapshots_bytes.15.sql';
 local pg_ls_dir = importstr 'sql_exporter/compute_logical_snapshots_bytes.sql';
 {
  metric_name: 'compute_logical_snapshots_bytes',
  type: 'gauge',
  help: 'Size of the pg_logical/snapshots directory, not including temporary files',
  key_labels: [
    'timeline_id',
  ],
  values: [
    'logical_snapshots_bytes',
  ],
  query: if neon.PG_MAJORVERSION_NUM < 15 then pg_ls_dir else pg_ls_logicalsnapdir,
 }
--- a/compute/etc/sql_exporter/compute_logical_snapshots_bytes.sql
+++ b/compute/etc/sql_exporter/compute_logical_snapshots_bytes.sql
@@ -1,9 +0,0 @@
 SELECT
  (SELECT setting FROM pg_settings WHERE name = 'neon.timeline_id') AS timeline_id,
  -- Postgres creates temporary snapshot files of the form %X-%X.snap.%d.tmp.
  -- These temporary snapshot files are renamed to the actual snapshot files
  -- after they are completely built. We only WAL-log the completely built
  -- snapshot files
  (SELECT COALESCE(sum((pg_stat_file('pg_logical/snapshots/' || name, missing_ok => true)).size), 0)
    FROM (SELECT * FROM pg_ls_dir('pg_logical/snapshots') WHERE pg_ls_dir LIKE '%.snap') AS name
  ) AS logical_snapshots_bytes;
--- a/compute/etc/sql_exporter/compute_max_connections.libsonnet
+++ b/compute/etc/sql_exporter/compute_max_connections.libsonnet
@@ -1,10 +0,0 @@
 {
  metric_name: 'compute_max_connections',
  type: 'gauge',
  help: 'Max connections allowed for Postgres',
  key_labels: null,
  values: [
    'max_connections',
  ],
  query: importstr 'sql_exporter/compute_max_connections.sql',
 }
--- a/compute/etc/sql_exporter/compute_max_connections.sql
+++ b/compute/etc/sql_exporter/compute_max_connections.sql
@@ -1 +0,0 @@
 SELECT current_setting('max_connections') as max_connections;
--- a/compute/etc/sql_exporter/compute_receive_lsn.libsonnet
+++ b/compute/etc/sql_exporter/compute_receive_lsn.libsonnet
@@ -1,10 +0,0 @@
 {
  metric_name: 'compute_receive_lsn',
  type: 'gauge',
  help: 'Returns the last write-ahead log location that has been received and synced to disk by streaming replication',
  key_labels: null,
  values: [
    'lsn',
  ],
  query: importstr 'sql_exporter/compute_receive_lsn.sql',
 }
--- a/compute/etc/sql_exporter/compute_receive_lsn.sql
+++ b/compute/etc/sql_exporter/compute_receive_lsn.sql
@@ -1,4 +0,0 @@
 SELECT CASE
  WHEN pg_catalog.pg_is_in_recovery() THEN (pg_last_wal_receive_lsn() - '0/0')::FLOAT8
  ELSE 0
 END AS lsn;
--- a/compute/etc/sql_exporter/compute_subscriptions_count.libsonnet
+++ b/compute/etc/sql_exporter/compute_subscriptions_count.libsonnet
@@ -1,12 +0,0 @@
 {
  metric_name: 'compute_subscriptions_count',
  type: 'gauge',
  help: 'Number of logical replication subscriptions grouped by enabled/disabled',
  key_labels: [
    'enabled',
  ],
  values: [
    'subscriptions_count',
  ],
  query: importstr 'sql_exporter/compute_subscriptions_count.sql',
 }
--- a/compute/etc/sql_exporter/compute_subscriptions_count.sql
+++ b/compute/etc/sql_exporter/compute_subscriptions_count.sql
@@ -1 +0,0 @@
 SELECT subenabled::text AS enabled, count(*) AS subscriptions_count FROM pg_subscription GROUP BY subenabled;
--- a/compute/etc/sql_exporter/connection_counts.libsonnet
+++ b/compute/etc/sql_exporter/connection_counts.libsonnet
@@ -1,13 +0,0 @@
 {
  metric_name: 'connection_counts',
  type: 'gauge',
  help: 'Connection counts',
  key_labels: [
    'datname',
    'state',
  ],
  values: [
    'count',
  ],
  query: importstr 'sql_exporter/connection_counts.sql',
 }
--- a/compute/etc/sql_exporter/connection_counts.sql
+++ b/compute/etc/sql_exporter/connection_counts.sql
@@ -1 +0,0 @@
 SELECT datname, state, count(*) AS count FROM pg_stat_activity WHERE state <> '' GROUP BY datname, state;
--- a/compute/etc/sql_exporter/db_total_size.libsonnet
+++ b/compute/etc/sql_exporter/db_total_size.libsonnet
@@ -1,10 +0,0 @@
 {
  metric_name: 'db_total_size',
  type: 'gauge',
  help: 'Size of all databases',
  key_labels: null,
  values: [
    'total',
  ],
  query: importstr 'sql_exporter/db_total_size.sql',
 }
--- a/compute/etc/sql_exporter/db_total_size.sql
+++ b/compute/etc/sql_exporter/db_total_size.sql
@@ -1 +0,0 @@
 SELECT sum(pg_database_size(datname)) AS total FROM pg_database;
--- a/compute/etc/sql_exporter/file_cache_read_wait_seconds_bucket.libsonnet
+++ b/compute/etc/sql_exporter/file_cache_read_wait_seconds_bucket.libsonnet
@@ -1,12 +0,0 @@
 {
  metric_name: 'file_cache_read_wait_seconds_bucket',
  type: 'counter',
  help: 'Histogram buckets of LFC read operation latencies',
  key_labels: [
    'bucket_le',
  ],
  values: [
    'value',
  ],
  query: importstr 'sql_exporter/file_cache_read_wait_seconds_bucket.sql',
 }
--- a/compute/etc/sql_exporter/file_cache_read_wait_seconds_bucket.sql
+++ b/compute/etc/sql_exporter/file_cache_read_wait_seconds_bucket.sql
@@ -1 +0,0 @@
 SELECT bucket_le, value FROM neon.neon_perf_counters WHERE metric = 'file_cache_read_wait_seconds_bucket';
--- a/compute/etc/sql_exporter/file_cache_read_wait_seconds_count.libsonnet
+++ b/compute/etc/sql_exporter/file_cache_read_wait_seconds_count.libsonnet
@@ -1,9 +0,0 @@
 {
  metric_name: 'file_cache_read_wait_seconds_count',
  type: 'counter',
  help: 'Number of read operations in LFC',
  values: [
    'file_cache_read_wait_seconds_count',
  ],
  query_ref: 'neon_perf_counters',
 }
--- a/compute/etc/sql_exporter/file_cache_read_wait_seconds_sum.libsonnet
+++ b/compute/etc/sql_exporter/file_cache_read_wait_seconds_sum.libsonnet
@@ -1,9 +0,0 @@
 {
  metric_name: 'file_cache_read_wait_seconds_sum',
  type: 'counter',
  help: 'Time spent in LFC read operations',
  values: [
    'file_cache_read_wait_seconds_sum',
  ],
  query_ref: 'neon_perf_counters',
 }
--- a/compute/etc/sql_exporter/file_cache_write_wait_seconds_bucket.libsonnet
+++ b/compute/etc/sql_exporter/file_cache_write_wait_seconds_bucket.libsonnet
@@ -1,12 +0,0 @@
 {
  metric_name: 'file_cache_write_wait_seconds_bucket',
  type: 'counter',
  help: 'Histogram buckets of LFC write operation latencies',
  key_labels: [
    'bucket_le',
  ],
  values: [
    'value',
  ],
  query: importstr 'sql_exporter/file_cache_write_wait_seconds_bucket.sql',
 }
--- a/compute/etc/sql_exporter/file_cache_write_wait_seconds_bucket.sql
+++ b/compute/etc/sql_exporter/file_cache_write_wait_seconds_bucket.sql
@@ -1 +0,0 @@
 SELECT bucket_le, value FROM neon.neon_perf_counters WHERE metric = 'file_cache_write_wait_seconds_bucket';
--- a/compute/etc/sql_exporter/file_cache_write_wait_seconds_count.libsonnet
+++ b/compute/etc/sql_exporter/file_cache_write_wait_seconds_count.libsonnet
@@ -1,9 +0,0 @@
 {
  metric_name: 'file_cache_write_wait_seconds_count',
  type: 'counter',
  help: 'Number of write operations in LFC',
  values: [
    'file_cache_write_wait_seconds_count',
  ],
  query_ref: 'neon_perf_counters',
 }
--- a/compute/etc/sql_exporter/file_cache_write_wait_seconds_sum.libsonnet
+++ b/compute/etc/sql_exporter/file_cache_write_wait_seconds_sum.libsonnet
@@ -1,9 +0,0 @@
 {
  metric_name: 'file_cache_write_wait_seconds_sum',
  type: 'counter',
  help: 'Time spent in LFC write operations',
  values: [
    'file_cache_write_wait_seconds_sum',
  ],
  query_ref: 'neon_perf_counters',
 }
--- a/compute/etc/sql_exporter/getpage_prefetch_discards_total.libsonnet
+++ b/compute/etc/sql_exporter/getpage_prefetch_discards_total.libsonnet
@@ -1,9 +0,0 @@
 {
  metric_name: 'getpage_prefetch_discards_total',
  type: 'counter',
  help: 'Number of prefetch responses issued but not used',
  values: [
    'getpage_prefetch_discards_total',
  ],
  query_ref: 'neon_perf_counters',
 }
--- a/compute/etc/sql_exporter/getpage_prefetch_misses_total.libsonnet
+++ b/compute/etc/sql_exporter/getpage_prefetch_misses_total.libsonnet
@@ -1,9 +0,0 @@
 {
  metric_name: 'getpage_prefetch_misses_total',
  type: 'counter',
  help: "Total number of readahead misses; consisting of either prefetches that don't satisfy the LSN bounds once the prefetch got read by the backend, or cases where somehow no readahead was issued for the read",
  values: [
    'getpage_prefetch_misses_total',
  ],
  query_ref: 'neon_perf_counters',
 }
--- a/compute/etc/sql_exporter/getpage_prefetch_requests_total.libsonnet
+++ b/compute/etc/sql_exporter/getpage_prefetch_requests_total.libsonnet
@@ -1,9 +0,0 @@
 {
  metric_name: 'getpage_prefetch_requests_total',
  type: 'counter',
  help: 'Number of getpage issued for prefetching',
  values: [
    'getpage_prefetch_requests_total',
  ],
  query_ref: 'neon_perf_counters',
 }
--- a/compute/etc/sql_exporter/getpage_prefetches_buffered.libsonnet
+++ b/compute/etc/sql_exporter/getpage_prefetches_buffered.libsonnet
@@ -1,9 +0,0 @@
 {
  metric_name: 'getpage_prefetches_buffered',
  type: 'gauge',
  help: 'Number of prefetched pages buffered in neon',
  values: [
    'getpage_prefetches_buffered',
  ],
  query_ref: 'neon_perf_counters',
 }
--- a/compute/etc/sql_exporter/getpage_sync_requests_total.libsonnet
+++ b/compute/etc/sql_exporter/getpage_sync_requests_total.libsonnet
@@ -1,9 +0,0 @@
 {
  metric_name: 'getpage_sync_requests_total',
  type: 'counter',
  help: 'Number of synchronous getpage issued',
  values: [
    'getpage_sync_requests_total',
  ],
  query_ref: 'neon_perf_counters',
 }
--- a/compute/etc/sql_exporter/getpage_wait_seconds_bucket.libsonnet
+++ b/compute/etc/sql_exporter/getpage_wait_seconds_bucket.libsonnet
@@ -1,12 +0,0 @@
 {
  metric_name: 'getpage_wait_seconds_bucket',
  type: 'counter',
  help: 'Histogram buckets of getpage request latency',
  key_labels: [
    'bucket_le',
  ],
  values: [
    'value',
  ],
  query: importstr 'sql_exporter/getpage_wait_seconds_bucket.sql',
 }
--- a/compute/etc/sql_exporter/getpage_wait_seconds_bucket.sql
+++ b/compute/etc/sql_exporter/getpage_wait_seconds_bucket.sql
@@ -1 +0,0 @@
 SELECT bucket_le, value FROM neon.neon_perf_counters WHERE metric = 'getpage_wait_seconds_bucket';
--- a/compute/etc/sql_exporter/getpage_wait_seconds_count.libsonnet
+++ b/compute/etc/sql_exporter/getpage_wait_seconds_count.libsonnet
@@ -1,9 +0,0 @@
 {
  metric_name: 'getpage_wait_seconds_count',
  type: 'counter',
  help: 'Number of getpage requests',
  values: [
    'getpage_wait_seconds_count',
  ],
  query_ref: 'neon_perf_counters',
 }
--- a/compute/etc/sql_exporter/getpage_wait_seconds_sum.libsonnet
+++ b/compute/etc/sql_exporter/getpage_wait_seconds_sum.libsonnet
@@ -1,9 +0,0 @@
 {
  metric_name: 'getpage_wait_seconds_sum',
  type: 'counter',
  help: 'Time spent in getpage requests',
  values: [
    'getpage_wait_seconds_sum',
  ],
  query_ref: 'neon_perf_counters',
 }
--- a/compute/etc/sql_exporter/lfc_approximate_working_set_size.libsonnet
+++ b/compute/etc/sql_exporter/lfc_approximate_working_set_size.libsonnet
@@ -1,12 +0,0 @@
 // DEPRECATED
 {
  metric_name: 'lfc_approximate_working_set_size',
  type: 'gauge',
  help: 'Approximate working set size in pages of 8192 bytes',
  key_labels: null,
  values: [
    'approximate_working_set_size',
  ],
  query: importstr 'sql_exporter/lfc_approximate_working_set_size.sql',
 }
--- a/compute/etc/sql_exporter/lfc_approximate_working_set_size.sql
+++ b/compute/etc/sql_exporter/lfc_approximate_working_set_size.sql
@@ -1 +0,0 @@
 SELECT neon.approximate_working_set_size(false) AS approximate_working_set_size;
--- a/compute/etc/sql_exporter/lfc_approximate_working_set_size_windows.autoscaling.libsonnet
+++ b/compute/etc/sql_exporter/lfc_approximate_working_set_size_windows.autoscaling.libsonnet
@@ -1,12 +0,0 @@
 {
  metric_name: 'lfc_approximate_working_set_size_windows',
  type: 'gauge',
  help: 'Approximate working set size in pages of 8192 bytes',
  key_labels: [
    'duration_seconds',
  ],
  values: [
    'size',
  ],
  query: importstr 'sql_exporter/lfc_approximate_working_set_size_windows.autoscaling.sql',
 }
--- a/compute/etc/sql_exporter/lfc_approximate_working_set_size_windows.autoscaling.sql
+++ b/compute/etc/sql_exporter/lfc_approximate_working_set_size_windows.autoscaling.sql
@@ -1,8 +0,0 @@
 -- NOTE: This is the "internal" / "machine-readable" version. This outputs the
 -- working set size looking back 1..60 minutes, labeled with the number of
 -- minutes.
 SELECT
  x::text as duration_seconds,
  neon.approximate_working_set_size_seconds(x) AS size
 FROM (SELECT generate_series * 60 AS x FROM generate_series(1, 60)) AS t (x);
--- a/compute/etc/sql_exporter/lfc_approximate_working_set_size_windows.libsonnet
+++ b/compute/etc/sql_exporter/lfc_approximate_working_set_size_windows.libsonnet
@@ -1,12 +0,0 @@
 {
  metric_name: 'lfc_approximate_working_set_size_windows',
  type: 'gauge',
  help: 'Approximate working set size in pages of 8192 bytes',
  key_labels: [
    'duration',
  ],
  values: [
    'size',
  ],
  query: importstr 'sql_exporter/lfc_approximate_working_set_size_windows.sql',
 }
--- a/compute/etc/sql_exporter/lfc_approximate_working_set_size_windows.sql
+++ b/compute/etc/sql_exporter/lfc_approximate_working_set_size_windows.sql
@@ -1,8 +0,0 @@
 -- NOTE: This is the "public" / "human-readable" version. Here, we supply a
 -- small selection of durations in a pretty-printed form.
 SELECT
  x AS duration,
  neon.approximate_working_set_size_seconds(extract('epoch' FROM x::interval)::int) AS size FROM (
    VALUES ('5m'), ('15m'), ('1h')
  ) AS t (x);
--- a/compute/etc/sql_exporter/lfc_cache_size_limit.libsonnet
+++ b/compute/etc/sql_exporter/lfc_cache_size_limit.libsonnet
@@ -1,10 +0,0 @@
 {
  metric_name: 'lfc_cache_size_limit',
  type: 'gauge',
  help: 'LFC cache size limit in bytes',
  key_labels: null,
  values: [
    'lfc_cache_size_limit',
  ],
  query: importstr 'sql_exporter/lfc_cache_size_limit.sql',
 }
--- a/compute/etc/sql_exporter/lfc_cache_size_limit.sql
+++ b/compute/etc/sql_exporter/lfc_cache_size_limit.sql
@@ -1 +0,0 @@
 SELECT pg_size_bytes(current_setting('neon.file_cache_size_limit')) AS lfc_cache_size_limit;
--- a/compute/etc/sql_exporter/lfc_hits.libsonnet
+++ b/compute/etc/sql_exporter/lfc_hits.libsonnet
@@ -1,10 +0,0 @@
 {
  metric_name: 'lfc_hits',
  type: 'gauge',
  help: 'lfc_hits',
  key_labels: null,
  values: [
    'lfc_hits',
  ],
  query: importstr 'sql_exporter/lfc_hits.sql',
 }
--- a/compute/etc/sql_exporter/lfc_hits.sql
+++ b/compute/etc/sql_exporter/lfc_hits.sql
@@ -1 +0,0 @@
 SELECT lfc_value AS lfc_hits FROM neon.neon_lfc_stats WHERE lfc_key = 'file_cache_hits';
--- a/compute/etc/sql_exporter/lfc_misses.libsonnet
+++ b/compute/etc/sql_exporter/lfc_misses.libsonnet
@@ -1,10 +0,0 @@
 {
  metric_name: 'lfc_misses',
  type: 'gauge',
  help: 'lfc_misses',
  key_labels: null,
  values: [
    'lfc_misses',
  ],
  query: importstr 'sql_exporter/lfc_misses.sql',
 }
--- a/compute/etc/sql_exporter/lfc_misses.sql
+++ b/compute/etc/sql_exporter/lfc_misses.sql
@@ -1 +0,0 @@
 SELECT lfc_value AS lfc_misses FROM neon.neon_lfc_stats WHERE lfc_key = 'file_cache_misses';
--- a/compute/etc/sql_exporter/lfc_used.libsonnet
+++ b/compute/etc/sql_exporter/lfc_used.libsonnet
@@ -1,10 +0,0 @@
 {
  metric_name: 'lfc_used',
  type: 'gauge',
  help: 'LFC chunks used (chunk = 1MB)',
  key_labels: null,
  values: [
    'lfc_used',
  ],
  query: importstr 'sql_exporter/lfc_used.sql',
 }
--- a/Show More
+++ b/Show More
		`@@ -1 +0,0 @@`
			`SELECT num_requested AS checkpoints_req FROM pg_stat_checkpointer;`
		`@@ -1 +0,0 @@`
			`SELECT checkpoints_req FROM pg_stat_bgwriter;`
		`@@ -1 +0,0 @@`
			`SELECT num_timed AS checkpoints_timed FROM pg_stat_checkpointer;`
		`@@ -1 +0,0 @@`
			`SELECT checkpoints_timed FROM pg_stat_bgwriter;`
		`@@ -1 +0,0 @@`
			`SELECT (neon.backpressure_throttling_time()::float8 / 1000000) AS throttled;`
		`@@ -1 +0,0 @@`
			`SELECT current_setting('max_connections') as max_connections;`
		`@@ -1 +0,0 @@`
			`SELECT subenabled::text AS enabled, count(*) AS subscriptions_count FROM pg_subscription GROUP BY subenabled;`
		`@@ -1 +0,0 @@`
			`SELECT datname, state, count(*) AS count FROM pg_stat_activity WHERE state <> '' GROUP BY datname, state;`
		`@@ -1 +0,0 @@`
			`SELECT sum(pg_database_size(datname)) AS total FROM pg_database;`
		`@@ -1 +0,0 @@`
			`SELECT bucket_le, value FROM neon.neon_perf_counters WHERE metric = 'file_cache_read_wait_seconds_bucket';`