recipe-maintainers/cc-ci-orchestrator
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
03343ed3cfa0b94f8e0d5a00a4225b569cb270e2
cc-ci-orchestrator/cc-ci-plan/upstream/immich.md

3.8 KiB
Raw Blame History

Upstream sources — immich

service image source repo releases / changelog
app ghcr.io/immich-app/immich-server https://github.com/immich-app/immich https://github.com/immich-app/immich/releases
immich-machine-learning ghcr.io/immich-app/immich-machine-learning https://github.com/immich-app/immich https://github.com/immich-app/immich/releases
redis docker.io/valkey/valkey https://github.com/valkey-io/valkey https://github.com/valkey-io/valkey/releases
database ghcr.io/immich-app/postgres https://github.com/immich-app/base-images https://github.com/immich-app/immich/blob/main/docker/docker-compose.yml

Standing notes

  • DB image is pinned BY immich-server, not bumped independently. abra cannot survey/upgrade this recipe (FATA … Docker references with both a tag and digest are currently not supported) because database is pinned image:tag@sha256:…. Use the box-item-4 direct check: the authoritative source for the DB tag is immich's own docker/docker-compose.yml at the immich-server release tag (https://raw.githubusercontent.com/immich-app/immich/<vX.Y.Z>/docker/docker-compose.yml). Pin the recipe's database image to EXACTLY what that compose pins for the matching immich-server version — do NOT take the newest ghcr.io/immich-app/postgres tag. Newer tags (pg-15/16/17/18, vectorchord0.5.x, pgvectors0.3.0) exist but moving ahead of what immich-server ships forces a pg-major data migration and an unsupported extension combo.
  • immich-server v2.7.5 (latest, 2026-04-13) pins ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:bcf63357191b76a916ae5eb93464d65c07511da41e3bf7a8416db519b40b1c23 — verified against immich's v2.7.5 compose AND the live ghcr manifest (tag resolves to that exact digest). PR #2 (upgrade-1.7.0+v2.7.5, now at head d561baa 1.8.0+v2.7.5) bumps the database image to 14-vectorchord0.4.3-pgvectors0.3.0@sha256:87c050465fb969a68c7ac23e375e21f4c95cfacd0edce5fa1bc31e63b7891891 (same PG14 + VectorChord 0.4.3, newer pgvectors 0.2.0→0.3.0). Digest verified via docker buildx imagetools inspect on cc-ci (2026-06-12).
  • Concurrent app+database restart needs update_config: failure_action: continue on the app service. When the recipe version label changes (bumping coop-cloud.${STACK_NAME}.version) AND the database image changes in the same deploy, both services update simultaneously. The app container starts and immediately tries TypeORM migrations against a still-restarting database → TypeORM connection fails → app process crashes → task FAILED → Docker Swarm sets UpdateStatus='paused' (default failure_action: pause). Fix: set update_config: failure_action: continue on the app service. With continue, Docker Swarm records the update as completed and Docker's restart_policy retries the app container; the database finishes restarting in ~15-20s and the app connects successfully. This is also in the recipe as of PR #2.
  • VectorChord DB backup/restore needs the search_path sed. A plain pg_dump of the VectorChord/pgvecto.rs DB emits SELECT pg_catalog.set_config('search_path', '', false);. Importing that as-is leaves the vector/vchord type + operator references unresolvable, so the first such statement errors. immich's official restore (docs.immich.app/administration/backup-and-restore) pipes the dump through: sed "s/SELECT pg_catalog.set_config('search_path', '', false);/SELECT pg_catalog.set_config('search_path', 'public, pg_catalog', true);/g" before psql … --single-transaction --set ON_ERROR_STOP=on. Omitting that sed (immich PR #1's pg_backup.sh) is why the single-transaction import aborted wholesale and ci_marker was lost on restore — fixed in the upgrade PR's pg_backup.sh.