Replace the bitnami-era pgvector:pg17 db + hand-rolled pg_upgrade entrypoint
with discourse/postgres:pg18 (pgvector + discourse's auto-upgrade layer, as
suggested on coop-cloud/discourse#16). The image runs the in-place major-version
pg_upgrade itself on boot, so the recipe just configures it via env:
- the db password secret is read into $DB_PASSWORD by a small inline entrypoint
(the image expects it in the env, no *_FILE support; the base image's
POSTGRES_PASSWORD_FILE can't be used because run-postgres.sh pre-generates
POSTGRES_PASSWORD). No separate entrypoint file/config any more.
- POSTGRES_USER (the install user pg_upgrade must match) defaults to the image's
'postgres' -- correct for fresh installs and bitnami-origin clusters -- and is
overridable from the app .env for a cluster bootstrapped with another superuser.
- POSTGRES_INITDB_ARGS=--no-data-checksums so the new pg18 cluster matches the
pre-18 clusters (pg18 initdb enables checksums by default; pg_upgrade needs a
match).
- mount postgresql_data at /var/lib/postgresql (versioned PGDATA .../18/docker)
- pg_backup.sh: detect the superuser at runtime; fix paths for the new layout
- document POSTGRES_USER override in .env.sample and README
- bump PG_BACKUP_VERSION v3; drop DB_ENTRYPOINT_VERSION + entrypoint.postgres.sh.tmpl
Verified on cctest: pg17->pg18 upgrade (install user 'postgres', checksums off)
preserves data and serves over HTTPS; fresh install also works.
Replaces the paywalled bitnamilegacy app with the official discourse/discourse
image behind Traefik. DB is reused as-is; uploads migrate from the legacy
bitnami volume idempotently. The wrapper entrypoint injects the db_password and
smtp_password secrets (the official image has no *_FILE support). SMTP env vars
are renamed to the official names; release notes cover the migration.
Recipe 0.8.1+3.5.0 -> 1.0.0+3.5.3 (major: new image, env/volume/port changes).
