Skip to content

feat(soa-postgres): CA-bundle ssl object + publish 0.1.2 (self-heal)#107

Merged
SethPaul merged 1 commit into
mainfrom
feat/soa-postgres-ssl-object
Jun 1, 2026
Merged

feat(soa-postgres): CA-bundle ssl object + publish 0.1.2 (self-heal)#107
SethPaul merged 1 commit into
mainfrom
feat/soa-postgres-ssl-object

Conversation

@SethPaul
Copy link
Copy Markdown
Contributor

@SethPaul SethPaul commented Jun 1, 2026

What

Two things, so @saga-ed/soa-postgres is ready for rostering iam-api (PR saga-ed/rostering#359) to consume:

  1. Widen ssl to accept a CA-bundle object. ssl goes from boolean to boolean | PostgresSslConfig across PostgresPoolConfig (loader output), PostgresProvider, and PostgresProviderSchema. pg forwards the object verbatim to tls.connect, so a consumer can pin the Amazon RDS CA bundle (which isn't in Node's default trust store) instead of a bare true. No behavior change for true / false.

  2. Bump 0.1.1 → 0.1.2. The push-to-main auto-publish (publish-all-packages.yml) only republishes when the version is new — it skips when the version already exists. 0.1.1 was published 2026-05-27, but d432357 (PostgresProvider self-heal: idle-client 'error' handler + keepAlive) and fa9ef25 (route the IAM/RDS path through the provider) landed afterward and kept the version at 0.1.1, so they never shipped. Bumping to 0.1.2 ships them — plus the ssl change above — on merge.

Why

iam-api #359 wires prod RDS auth through @saga-ed/soa-postgres. To route its three pools through PostgresProvider (and inherit the self-heal so an RDS failover can't crash the process as an uncaught exception), it needs (a) a published version that actually contains the self-heal, and (b) the provider to accept a CA-bundle ssl object so the existing RDS CA pinning survives the move off hand-rolled pg.Pools.

Verification

  • tsc --noEmit ✅, tsup build ✅
  • vitest30 tests (added 2: CA-bundle ssl object passes through to pg on both the PostgresPoolConfig and static-schema paths)
  • Type-checked end-to-end against iam-api #359 via a local link before publish.

After merge

Merging triggers the 0.1.2 publish; then rostering #359 repins to 0.1.2, regenerates its lockfile, and adopts PostgresProvider.

@SethPaul
feat(soa-postgres): accept a CA-bundle ssl object; bump to 0.1.2
c740ab9 
Widen `ssl` from `boolean` to `boolean | PostgresSslConfig` across
PostgresPoolConfig, PostgresProvider, and PostgresProviderSchema so a
consumer can pin a CA bundle (e.g. the Amazon RDS roots, which aren't in
Node's default trust store) instead of a bare `true`. pg forwards the
object verbatim to tls.connect; no behavior change for `true`/`false`.

Bumps 0.1.1 -> 0.1.2 so the push-to-main auto-publish ships this together
with the already-merged PostgresProvider self-heal (keepAlive +
idle-client error handler) that 0.1.1 predates.
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Jun 1, 2026

❌ Test Results

Status Suites Tests
✅ Passed 150 380
❌ Failed 0 9
⏭️ Skipped 0 0
Total 150 389

Package Results

Package Tests Passed Failed
✅ @saga-ed/soa-core 23 23 0
✅ @saga-ed/soa-node 273 273 0
✅ @saga-ed/soa-web 17 17 0

Commits

  • Branch: c740ab9 (feat/soa-postgres-ssl-object)
  • Merge: 84efd48

Links

Updated: 2026-06-01T22:06:17.729Z

@SethPaul SethPaul merged commit 6f3b93f into main Jun 1, 2026
32 checks passed
@SethPaul SethPaul mentioned this pull request Jun 1, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@SethPaul