fix(backup): back up the postgres database (was unprotected) #1

Closed

autonomic-bot wants to merge 1 commits from ci/pg-backup into main

pull from: ci/pg-backup

merge into: recipe-maintainers:main

recipe-maintainers:main

recipe-maintainers:upgrade-1.7.0+v2.7.5

Conversation 5 Commits 1 Files Changed 3 +49

autonomic-bot commented 2026-05-29 22:56:28 +00:00

Owner

Copy Link

The immich recipe backed up NO database. backupbot.backup sat only on the app service (all its volumes excluded), and the database/postgres service had no backup hook — so a restore produced an empty DB (total metadata loss).

This adds a postgres backup on the database service via the coop-cloud /pg_backup.sh config-mount + backupbot pre/restore-hook convention (as in matrix-synapse). Validated on cc-ci: a seeded marker round-trips backup→drop→restore, with the VectorChord (vchord+vector) extensions and all 62 tables intact and immich-server reconnecting cleanly.

Authored by the cc-ci recipe CI loop.

The immich recipe backed up NO database. `backupbot.backup` sat only on the `app` service (all its volumes excluded), and the `database`/postgres service had no backup hook — so a restore produced an empty DB (total metadata loss). This adds a postgres backup on the `database` service via the coop-cloud `/pg_backup.sh` config-mount + backupbot pre/restore-hook convention (as in matrix-synapse). Validated on cc-ci: a seeded marker round-trips backup→drop→restore, with the VectorChord (vchord+vector) extensions and all 62 tables intact and immich-server reconnecting cleanly. Authored by the cc-ci recipe CI loop.

autonomic-bot added 1 commit 2026-05-29 22:56:29 +00:00

fix(backup): back up the postgres database (was unprotected) ... a846cf38dc

The immich recipe declared backupbot.backup only on the app service (whose volumes
are all excluded), so the postgres database — all of immich users metadata, albums,
people, settings — was NOT backed up at all. Restoring a backup yielded an empty DB.

Add a database-service postgres backup mirroring the coop-cloud convention
(matrix-synapse, keycloak, ...): a /pg_backup.sh config-mounted hook driven by
backupbot pre/restore hooks. backup = pg_dump | gzip -> backup.sql in the postgres
volume; restore = terminate immich-server connections, FORCE-drop, recreate, reimport
(the VectorChord/pgvecto.rs extensions and all data round-trip cleanly).

autonomic-bot referenced this issue from a commit 2026-05-29 22:59:41 +00:00

status(2): immich P4 — mechanism validated, recipe-PR recipe-maintainers/immich#1 opened, full-lifecycle run in flight

autonomic-bot referenced this issue from a commit 2026-05-29 23:20:50 +00:00

claim(Q3.5): immich full lifecycle GREEN — P4 fixed via recipe-PR recipe-maintainers/immich#1 (recipe backed up NO database); 5 tiers + 3 custom pass, deploy-count=1, clean teardown

autonomic-bot commented 2026-06-02 00:07:51 +00:00

Author

Owner

Copy Link

@notplants — flagging this open PR from the cc-ci build for your review. Per the updated mirror workflow we no longer auto-close superseded/unrelated PRs, so it's left open for you to merge or close at your discretion.

@notplants — flagging this open PR from the cc-ci build for your review. Per the updated mirror workflow we no longer auto-close superseded/unrelated PRs, so it's left open for you to merge or close at your discretion.

autonomic-bot commented 2026-06-02 00:47:51 +00:00

Author

Owner

Copy Link

!testme

!testme

autonomic-bot commented 2026-06-02 00:48:06 +00:00

Author

Owner

Copy Link

🌻 cc-ci — immich @ a846cf38 ❌ failure

full logs · dashboard

<!-- cc-ci:testme --> 🌻 **cc-ci** — `immich` @ `a846cf38` ❌ **failure** [](https://drone.ci.commoninternet.net/recipe-maintainers/cc-ci/121) [](https://drone.ci.commoninternet.net/recipe-maintainers/cc-ci/121) [full logs](https://drone.ci.commoninternet.net/recipe-maintainers/cc-ci/121) · [dashboard](https://ci.commoninternet.net/)

autonomic-bot commented 2026-06-02 05:16:56 +00:00

Author

Owner

Copy Link

cc-ci upgrader — weekly run 2026-06-02 — upgrade survey skipped (abra limitation)

The weekly upgrade survey could not check immich for available upgrades this run.

Reason: abra v0.13.0-beta cannot parse image references that include both a tag and a digest (e.g. ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:bcf...). Error:

FATA failed to parse image ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:...: Docker references with both a tag and digest are currently not supported

This is an abra upstream limitation — immich uses pinned digest references for reproducibility. Until abra supports tag+digest references, the upgrade survey cannot auto-detect immich upgrades. Upgrade immich manually by checking ghcr.io/immich-app/immich-server for new releases.

**cc-ci upgrader — weekly run 2026-06-02 — upgrade survey skipped (abra limitation)** The weekly upgrade survey could not check immich for available upgrades this run. **Reason:** abra v0.13.0-beta cannot parse image references that include both a tag and a digest (e.g. `ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:bcf...`). Error: ``` FATA failed to parse image ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:...: Docker references with both a tag and digest are currently not supported ``` This is an abra upstream limitation — immich uses pinned digest references for reproducibility. Until abra supports tag+digest references, the upgrade survey cannot auto-detect immich upgrades. Upgrade immich manually by checking [ghcr.io/immich-app/immich-server](https://github.com/immich-app/immich/releases) for new releases.

autonomic-bot referenced this pull request 2026-06-09 15:58:28 +00:00

chore: upgrade to 1.7.0+v2.7.5 #2

autonomic-bot commented 2026-06-09 15:58:40 +00:00

Author

Owner

Copy Link

Superseded by #2 (upgrade-1.7.0+v2.7.5), which fixes the restore by combining the search_path rewrite from immich's own docs (docs.immich.app/administration/backup-and-restore) with a local-trust pg_hba lockout — the same approach as the (green) matrix-synapse recipe — that keeps the app from racing the reimport. Left open for you to close.

Superseded by #2 (`upgrade-1.7.0+v2.7.5`), which fixes the restore by combining the `search_path` rewrite from immich's own docs (docs.immich.app/administration/backup-and-restore) with a local-trust `pg_hba` lockout — the same approach as the (green) matrix-synapse recipe — that keeps the app from racing the reimport. Left open for you to close.

notplants closed this pull request 2026-06-09 18:08:33 +00:00

Some checks failed

Hide all checks

cc-ci/testme cc-ci: failure

Details

Pull request closed

Please reopen this pull request to perform a merge.

Sign in to join this conversation.

Reviewers

No Reviewers

Labels

No items

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

autonomic autonomic-bot notplants trav

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: recipe-maintainers/immich#1

No description provided.