Fix Github CI failures

Not specifying alpine version causes libssl version
to change, which in turn cause error in downgrade tests
as well as ABI tests.
This commit also fixes shellcheck failures.
Some failing windows tests are addd to ignore list.

Co-authored-by: Lakshmi Narayanan Sreethar <lakshmi@timescale.com>
Co-authored-by: Alexander Kuzmenkov <akuzmenkov@timescale.com>
Signed-off-by: Sachin <sachin@timescale.com>

.github/workflows/abi.yaml

@@ -75,6 +75,12 @@ jobs:
     - name: Build extension
       run: |
         BUILDER_IMAGE="postgres:${{matrix.builder}}-alpine"
+        if [[ "${{matrix.test}}" == *backward ]]; then
+          # Alpine v3.17 updated its default libssl version to 3.0 but the older
+          # images use 1.0. Ensure that the builder image uses the same libssl version
+          # as the one used by the older test image by using Alpine 3.16.
+          BUILDER_IMAGE+="3.16"
+        fi
 
         docker run -i --rm -v $(pwd):/mnt ${BUILDER_IMAGE} bash <<"EOF"
           apk add cmake gcc make build-base krb5-dev openssl-dev git > /dev/null
@@ -90,6 +96,12 @@ jobs:
     - name: Run tests
       run: |
         TEST_IMAGE="postgres:${{ matrix.tester }}-alpine"
+        if [[ "${{matrix.test}}" == *forward ]]; then
+          # Alpine v3.17 updated its default libssl version to 3.0 but the older
+          # images use 1.0. Ensure that the test image uses the same libssl version
+          # as the one used by the older build image by using Alpine 3.16.
+          TEST_IMAGE+="3.16"
+        fi
 
         docker run -i --rm -v $(pwd):/mnt ${TEST_IMAGE} bash <<"EOF"
           apk add cmake gcc make build-base krb5-dev openssl-dev sudo > /dev/null

.github/workflows/update-test.yaml

@@ -79,7 +79,9 @@ jobs:
         PG_MAJOR=$(echo "${{ matrix.pg }}" | sed -e 's![.].*!!')
         UPDATE_FROM_TAG=${DOWNGRADE_TO}-pg${PG_MAJOR}
         export UPDATE_FROM_TAG
-        scripts/test_downgrade_from_tag.sh
+        # We need to use same libssl version used in the latest official TimescaleDB container images.
+        # So we will use the fixed alpine version, this will guarantee that libssl version wont change.
+        PG_IMAGE_TAG="${PG_VERSION}-alpine3.16" scripts/test_downgrade_from_tag.sh
 
     - name: Downgrade diff
       if: failure()

.github/workflows/windows-build-and-test.yaml

@@ -56,7 +56,7 @@ jobs:
             tsl_skips_version: dist_grant-13 dist_partial_agg-13
           - pg: 14
             pkg_version: ${{ fromJson(needs.config.outputs.pg14_latest) }}.1
-            tsl_skips_version: dist_partial_agg-14
+            tsl_skips_version: dist_partial_agg-14 dist_grant-14
     env:
       # PostgreSQL configuration
       PGPORT: 55432

scripts/docker-run-restore-points-test.sh

@@ -3,7 +3,7 @@
 set -e
 set -o pipefail
 
-SCRIPT_DIR=$(dirname $0)
+SCRIPT_DIR=$(dirname "$0")
 BASE_DIR=${PWD}/${SCRIPT_DIR}/..
 DO_CLEANUP=true
 
@@ -24,7 +24,7 @@ done
 
 shift $((OPTIND-1))
 
-if "$DO_CLEANUP" = "true"; then
+if [ "$DO_CLEANUP" == "true" ] ; then
     trap cleanup EXIT
 fi
 
@@ -42,16 +42,16 @@ cleanup() {
 docker_exec() {
     # Echo to stderr
     >&2 echo -e "\033[1m$1\033[0m: $2"
-    docker exec $1 /bin/bash -c "$2"
+    docker exec "$1" /bin/bash -c "$2"
 }
 
 docker rm -f timescaledb-rp 2>/dev/null || true
-IMAGE_NAME=rp_test TAG_NAME=latest bash ${SCRIPT_DIR}/docker-build.sh
+IMAGE_NAME=rp_test TAG_NAME=latest bash "${SCRIPT_DIR}/docker-build.sh"
 
 # The odd contortion with the BASE_DIR is necessary since SCRIPT_DIR
 # is relative and --volume requires an absolute path.
 docker run --env TIMESCALEDB_TELEMETRY=off -d \
- --volume ${BASE_DIR}/scripts:/mnt/scripts \
+ --volume "${BASE_DIR}/scripts":/mnt/scripts \
  --name timescaledb-rp rp_test:latest
 
 echo "**** Testing ****"

scripts/test_sanitizers.sh

@@ -4,7 +4,7 @@ set -e
 set -o pipefail
 
 DO_CLEANUP=true
-SCRIPT_DIR=${SCRIPT_DIR:-$(dirname $0)}
+SCRIPT_DIR=${SCRIPT_DIR:-$(dirname "$0")}
 EXCLUDE_PATTERN=${EXCLUDE_PATTERN:-'^$'} # tests matching regex pattern will be excluded
 INCLUDE_PATTERN=${INCLUDE_PATTERN:-'.*'} # tests matching regex pattern will be included
 TEST_MAX=${TEST_MAX:-$((2**16))}
@@ -33,7 +33,7 @@ done
 
 shift $((OPTIND-1))
 
-if "$DO_CLEANUP" = "true"; then
+if [ "$DO_CLEANUP" == "true" ] ; then
     trap cleanup EXIT
 fi
 
@@ -61,12 +61,12 @@ cleanup() {
 docker_exec() {
     # Echo to stderr
     >&2 echo -e "\033[1m$1\033[0m: $2"
-    docker exec $1 /bin/bash -c "$2"
+    docker exec "$1" /bin/bash -c "$2"
 }
 
 docker rm -f timescaledb-san 2>/dev/null || true
 
-docker run -d --privileged --name timescaledb-san --env POSTGRES_HOST_AUTH_METHOD=trust -v ${TIMESCALE_DIR}:/timescaledb ${REMOTE_ORG}/${REMOTE_NAME}:${REMOTE_TAG}
+docker run -d --privileged --name timescaledb-san --env POSTGRES_HOST_AUTH_METHOD=trust -v "${TIMESCALE_DIR}":/timescaledb "${REMOTE_ORG}/${REMOTE_NAME}":"${REMOTE_TAG}"
 
 # Run these commands as root to copy the source into the
 # container. Make sure that all files in the copy is owned by user