Replace the bitnami-era pgvector:pg17 db + hand-rolled pg_upgrade entrypoint
with discourse/postgres:pg18 (pgvector + discourse's auto-upgrade layer, as
suggested on coop-cloud/discourse#16). The image does the heavy lifting
(installs old binaries, runs pg_upgrade into the versioned PGDATA); a thin
cc-db-entrypoint.sh wrapper fills the two gaps it leaves:
- secrets: inject DB_PASSWORD/POSTGRES_PASSWORD from the docker secret (the
image reads them from env, no *_FILE support);
- install user: detect the old cluster's bootstrap superuser (oid 10) and
export POSTGRES_USER so pg_upgrade + the new cluster's initdb match it. Real
deployments differ (bitnami-origin clusters install as 'postgres' + a
'discourse' app role; others as 'discourse'). The image hardcodes
--username=$POSTGRES_USER and never detects this, so the adapter is required;
- checksums: pg18's initdb enables data checksums by default but pg13-17
clusters here have them off, and pg_upgrade requires a match -> initdb the new
cluster with --no-data-checksums unless the old one reports them on.
Other changes:
- mount postgresql_data at /var/lib/postgresql (versioned PGDATA .../18/docker)
- pg_backup.sh: detect the superuser at runtime; fix paths for the new layout
- bump DB_ENTRYPOINT_VERSION v6, PG_BACKUP_VERSION v3 (immutable swarm configs)
- drop entrypoint.postgres.sh.tmpl
Verified on cctest: upgrade from an existing pg17 cluster (install user
'postgres') -> pg18, all data preserved, serves over HTTPS via Traefik.
Replaces the paywalled bitnamilegacy app with the official discourse/discourse
image behind Traefik. DB is reused as-is; uploads migrate from the legacy
bitnami volume idempotently. The wrapper entrypoint injects the db_password and
smtp_password secrets (the official image has no *_FILE support). SMTP env vars
are renamed to the official names; release notes cover the migration.
Recipe 0.8.1+3.5.0 -> 1.0.0+3.5.3 (major: new image, env/volume/port changes).
