added support for tidb.

[siennathesane]

This PR extends the existing MySQL support for TiDB.

For the most part, it is identical to the MySQL code with some small exceptions:

• Error messages are updated to reflect TiDB
• Specialized test harness like MariaDB
• Transaction isolation session variables are set to support upstream migrations as TiDB does not support SERIALIZABLE transactions.

CI has been updated with a TiDB config to make it maintainable.

Relates to ory/kratos#1551

[CLAassistant]

All committers have signed the CLA.

[Copilot]

Pull request overview

This PR adds TiDB support to the Pop database library by extending the existing MySQL implementation. TiDB is a MySQL-compatible distributed SQL database, and this implementation reuses most of the MySQL code with key differences for TiDB-specific requirements.

• Adds a new tidb dialect that closely mirrors the MySQL implementation
• Implements transaction isolation level configuration for TiDB (REPEATABLE-READ instead of SERIALIZABLE)
• Adds comprehensive test coverage mirroring the MySQL test suite
• Updates CI/CD with TiDB-specific testing workflow

Reviewed changes

Copilot reviewed 9 out of 9 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
dialect_tidb.go	Core TiDB dialect implementation with MySQL-compatible connection handling and TiDB-specific transaction isolation settings
dialect_tidb_test.go	Comprehensive test suite for TiDB dialect functionality
pop_test.go	Adds TiDBSuite test suite structure
executors_test.go	Updates timestamp and row count assertions to include TiDB alongside MySQL/MariaDB
database.yml	Adds TiDB connection configuration with port 4000 (TiDB default)
config_test.go	Updates connection count expectations to account for new TiDB connection
.github/workflows/ci.yml	Adds CI workflow for TiDB testing using pingcap/tidb Docker image
genny/config/templates/tidb.yml.tmpl	Template for generating TiDB database configuration files
testdata/migrations/20210104145901_context_tables.up.fizz	Updates migration to apply to both MySQL and TiDB dialects

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The count should be 5 when sqlite3 is not supported, not 4. With TiDB added, the connections are: mysql, tidb, postgres, cockroach, and cockroach_ssl (5 total without sqlite).

Suggested change

	r.Equal(4, len(Connections))
	r.Equal(5, len(Connections))

[siennathesane]

I copied and pasted the CI scripts into my terminal for my build & test loop, this has to be 5 & 6 or it will fail.

[gaultier]

First, thank you for your contribution and the work that went into it.

Jepsen has demonstrated that REPEATABLE READ is problematic in MySQL and offers fewer guarantees than expected per the SQL standard.
The Jepsen report on TiDB is quite old now, so perhaps things have changed, but it mentions that REPEATABLE READ in MySQL is different from REPEATABLE READ in TiDB, so my question is: will REPEATABLE READ in TiDB offer enough guarantees in the context of Kratos/Hydra/Keto which are the major applications using this library?

My question, as someone who does not know anything about TiDB, comes from the thought that: if the highest isolation level a certain database offers is not strong enough to run Krato/Hydra/Keto, then there is no point to support it, for us.

I know it's a large and difficult question, but it's also the most important one.

If you can link to certain parts of the TiDB docs to answer that question, that would be great.

The rest of the PR LGTM, there are a few nitpicks but nothing big.

[siennathesane]

Jepsen has demonstrated that REPEATABLE READ is problematic in MySQL and offers fewer guarantees than expected per the SQL standard. The Jepsen report on TiDB is quite old now, so perhaps things have changed, but it mentions that REPEATABLE READ in MySQL is different from REPEATABLE READ in TiDB, so my question is: will REPEATABLE READ in TiDB offer enough guarantees in the context of Kratos/Hydra/Keto which are the major applications using this library?

This is one of those grey areas in my mind. TiDB's consistency guarantees are different from MySQL's, and their docs page explain it a little bit. I think if the concern is consistency, then making sure the pop framework can test that properly across all database implementations is important.

The reason behind this PR is because of CockroachDB's restrictive licensing. You have to register your instance, then you only get like 10GiB of data and a limited feature set. So you can't build a business on CRDB anymore, and TiDB has more features for global operations and scalability.

I'm very okay with the messaging on TiDB support being "experimental" and that it's not officially supported (yet). I would like to get the chance to gain some experience with TiDB + Ory to make sure it does what we think it does.

[alnr]

Hey @siennathesane. Thanks for this contribution.

Sadly, I don't think we can merge it at this time. It is simply too much work to support another database, especially if it only supports weaker isolation levels than the rest of the DBs. TiDB is also relatively niche from what I can see.

You are of course welcome and free to experiment. We would be interested in hearing back what you're experience is with Ory+TiDB in production.