From 1b28ea573dc12d7314daa05e0d8e947588f1cefc Mon Sep 17 00:00:00 2001
From: asonix <asonix@asonix.dog>
Date: Wed, 17 Jan 2024 15:46:56 -0500
Subject: [PATCH] Add documentation around 0.5.2 release

---
 pict-rs.toml      | 10 ++++++++
 releases/0.5.2.md | 64 +++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 74 insertions(+)
 create mode 100644 releases/0.5.2.md

diff --git a/pict-rs.toml b/pict-rs.toml
index 1a5bf9f..189036a 100644
--- a/pict-rs.toml
+++ b/pict-rs.toml
@@ -574,6 +574,16 @@ type = 'postgres'
 # default: empty
 url = 'postgres://user:password@host:5432/db'
 
+## Optional: Whether to use TLS when connecting to postgres
+# environment variable: PICTRS__REPO__USE_TLS
+# default: false
+use_tls = false
+
+## Optional: The CA Certificate used to verify the postgres TLS certificate
+# environment variable: PICTRS__REPO__CERTIFICATE_FILE
+# default: empty
+certificate_file = '/etc/ca-certificate.crt'
+
 
 ### Media storage configuration
 
diff --git a/releases/0.5.2.md b/releases/0.5.2.md
new file mode 100644
index 0000000..6ed81aa
--- /dev/null
+++ b/releases/0.5.2.md
@@ -0,0 +1,64 @@
+# pict-rs 0.5.2
+
+## Overview
+
+A quick release to improve postgres support.
+
+### Changes
+
+- [Support TLS in Postgres Connections](#support-tls-in-postgres-connections)
+- [Compiler Version Requirements](#compiler-version-requirements)
+
+
+## Upgrade Notes
+
+There's no significant changes from 0.5.1, so upgrading should be as simple as pulling a new version
+of pict-rs.
+
+
+## Descriptions
+
+### Support TLS in Postgres Connections
+
+The postgres repo now supports some new options to enable connecting via TLS. If the postgres
+server's certificate is not generally trusted, a CA certificate can be provided to pict-rs to allow
+it to trust the postgres connection.
+
+If the postgres endpoint uses TLS and has a publicly trusted certificate, the configuration can be
+updated to simply add `use_tls = true`
+```toml
+[repo]
+type = 'postgres'
+url = 'postgres://pictrs:1234@localhost:5432/pictrs'
+use_tls = true
+```
+or with environment variables
+```bash
+PICTRS__REPO__TYPE=postgres
+PICTRS__REPO__URL=postgres://pictrs:1234@localhost:5432/pictrs
+PICTRS__REPO__USE_TLS=true
+```
+
+If the server uses a self-signed certificate, the CA's certificate can be added to pict-rs' trusted
+CAs.
+```toml
+[repo]
+type = 'postgres'
+url = 'postgres://pictrs:1234@localhost:5432/pictrs'
+use_tls = true
+certificate_file = '/path/to/ca/certificate.crt'
+```
+or with environment variables
+```bash
+PICTRS__REPO__TYPE=postgres
+PICTRS__REPO__URL=postgres://pictrs:1234@localhost:5432/pictrs
+PICTRS__REPO__USE_TLS=true
+PICTRS__REPO__CERTIFICATE_FILE=/path/to/ca/certificate.crt
+```
+
+### Compiler Version Requirements
+
+pict-rs 0.5.2 now takes advantage of rust's native support for AFIT (Async Fn In Trait) for the
+store trait. This trait already was not object-safe, so using AFIT does not come with any downsides.
+This does mean that the minimum supported rust version for building pict-rs is now 1.75, which
+released in December 2023.