From 0d79764cd5986b3f234df35f675aadde51c68338 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 3 Apr 2026 16:47:34 +0000 Subject: [PATCH 1/7] Bump docker/setup-qemu-action from 3 to 4 Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 3 to 4. - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](https://github.com/docker/setup-qemu-action/compare/v3...v4) --- updated-dependencies: - dependency-name: docker/setup-qemu-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/ci.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index fbf62c3..cb08d24 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -31,7 +31,7 @@ jobs: registry: ghcr.io username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - uses: docker/setup-qemu-action@v3 + - uses: docker/setup-qemu-action@v4 - uses: docker/setup-buildx-action@v3 - name: "Is a release or a feature version needed?" id: define-changelog-validation From 088953956b3e06082dcb9cf6f259077393dbadd9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 3 Apr 2026 16:25:57 +0000 Subject: [PATCH 2/7] Bump actions/checkout from 5 to 6 Bumps [actions/checkout](https://github.com/actions/checkout) from 5 to 6. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v5...v6) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/ci.yaml | 2 +- CHANGELOG.md | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index cb08d24..6a39051 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -17,7 +17,7 @@ jobs: contents: write packages: write steps: - - uses: actions/checkout@v5 + - uses: actions/checkout@v6 - name: "Configure git client" shell: bash run: | diff --git a/CHANGELOG.md b/CHANGELOG.md index a50e02c..70adbec 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -18,6 +18,12 @@ Categories, defined in [changemap.json](.github/clq/changemap.json): - `Fixed` for any bugfixes. - `Security` in case of vulnerabilities. +## [2.3.1] - 2026-04-03 + +### Fixed + +- Bump `actions/checkout` from 5 to 6 + ## [2.3.0] - 2026-01-22 ### Added From 37079a23286215371f8c8c658e0edb6875c2da2a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 3 Apr 2026 16:47:45 +0000 Subject: [PATCH 3/7] Bump docker/build-push-action from 6 to 7 Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6 to 7. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](https://github.com/docker/build-push-action/compare/v6...v7) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-version: '7' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/ci.yaml | 4 ++-- CHANGELOG.md | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 6a39051..e956df6 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -130,7 +130,7 @@ jobs: echo "tag=${tag}" >>"${GITHUB_OUTPUT}" fi - id: build - uses: docker/build-push-action@v6 + uses: docker/build-push-action@v7 with: context: src/main/docker load: true @@ -158,7 +158,7 @@ jobs: fi - name: Build and push if: steps.define-build.outputs.kind == 'publish' - uses: docker/build-push-action@v6 + uses: docker/build-push-action@v7 with: context: src/main/docker platforms: linux/amd64,linux/arm64 diff --git a/CHANGELOG.md b/CHANGELOG.md index 70adbec..ba641fd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -23,6 +23,7 @@ Categories, defined in [changemap.json](.github/clq/changemap.json): ### Fixed - Bump `actions/checkout` from 5 to 6 +- Bump `docker/build-push-action` from 6 to 7 ## [2.3.0] - 2026-01-22 From 9af7e1a41a79feee1f91925239af1d8811b2c2db Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 3 Apr 2026 16:47:37 +0000 Subject: [PATCH 4/7] Bump docker/login-action from 3 to 4 Bumps [docker/login-action](https://github.com/docker/login-action) from 3 to 4. - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/v3...v4) --- updated-dependencies: - dependency-name: docker/login-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/ci.yaml | 2 +- CHANGELOG.md | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index e956df6..ff9b153 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -26,7 +26,7 @@ jobs: git config user.name "${{ github.actor }}" git config user.email "${{ github.actor }}@users.noreply.github.com" - - uses: docker/login-action@v3 + - uses: docker/login-action@v4 with: registry: ghcr.io username: ${{ github.actor }} diff --git a/CHANGELOG.md b/CHANGELOG.md index ba641fd..5d59a53 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -24,6 +24,7 @@ Categories, defined in [changemap.json](.github/clq/changemap.json): - Bump `actions/checkout` from 5 to 6 - Bump `docker/build-push-action` from 6 to 7 +- Bump `docker/login-action` from 3 to 4 ## [2.3.0] - 2026-01-22 From ad83ee99345c0fab9edbb81c6b6df4b2521bd154 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 3 Apr 2026 16:47:41 +0000 Subject: [PATCH 5/7] 114: Bump docker/setup-buildx-action from 3 to 4 Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3 to 4. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/v3...v4) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/ci.yaml | 2 +- CHANGELOG.md | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index ff9b153..63b446e 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -32,7 +32,7 @@ jobs: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - uses: docker/setup-qemu-action@v4 - - uses: docker/setup-buildx-action@v3 + - uses: docker/setup-buildx-action@v4 - name: "Is a release or a feature version needed?" id: define-changelog-validation shell: bash diff --git a/CHANGELOG.md b/CHANGELOG.md index 5d59a53..0964ac9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -25,6 +25,7 @@ Categories, defined in [changemap.json](.github/clq/changemap.json): - Bump `actions/checkout` from 5 to 6 - Bump `docker/build-push-action` from 6 to 7 - Bump `docker/login-action` from 3 to 4 +- Bump `docker/setup-buildx-action` from 3 to 4 ## [2.3.0] - 2026-01-22 From 22347f86a82a44beb100116d040fd3a1c993fb5f Mon Sep 17 00:00:00 2001 From: "Denis N. Antonioli" <1205618+denisa@users.noreply.github.com> Date: Fri, 3 Apr 2026 18:26:03 +0200 Subject: [PATCH 6/7] 114: Optional `extensions` --- CHANGELOG.md | 8 +++++++- README.md | 22 +++++++++++++--------- src/main/docker/Dockerfile | 2 +- src/main/docker/create.sql | 8 ++++---- src/main/docker/entrypoint.sh | 23 ++++++++++++++++++++--- src/test/docker/test_all.sql | 14 ++++++++++++++ src/test/docker/values_all.properties | 1 + 7 files changed, 60 insertions(+), 18 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0964ac9..b541ef4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -18,7 +18,12 @@ Categories, defined in [changemap.json](.github/clq/changemap.json): - `Fixed` for any bugfixes. - `Security` in case of vulnerabilities. -## [2.3.1] - 2026-04-03 +## [2.4.0] - 2026-04-03 + +### Added + +- Introduce an optional `extensions` configuration in the `values.properties` file to specify additional Postgres extensions to be created. + The `pg_trgm` and `btree_gin` extensions are always included by default. ### Fixed @@ -26,6 +31,7 @@ Categories, defined in [changemap.json](.github/clq/changemap.json): - Bump `docker/build-push-action` from 6 to 7 - Bump `docker/login-action` from 3 to 4 - Bump `docker/setup-buildx-action` from 3 to 4 +- Bump `alpine` from 3.20 to 3.23 ## [2.3.0] - 2026-01-22 diff --git a/README.md b/README.md index e6153f4..0c4d91d 100644 --- a/README.md +++ b/README.md @@ -24,12 +24,13 @@ A property file, it contains un-escaped values to define the database to be crea Keys and values are separated with a `=`. Comment lines, starting with a `#`, are ignored. -| Property | Required | Description | -| ---------------------- | -------- | ---------------------------------------------- | -| database_name | yes | Name of the database | -| database_owner | yes | Name of the database owner | -| database_owner_passwor | yes | Password for the database owner | -| connection_limit | no | Initial connection cout limit, defaults to 100 | +| Property | Required | Description | +|-------------------------|----------|------------------------------------------------------------------------------------------------------| +| database_name | yes | Name of the database | +| database_owner | yes | Name of the database owner | +| database_owner_password | yes | Password for the database owner | +| connection_limit | no | Initial connection count limit, defaults to 100 | +| extensions | no | Comma-separated names of Postgres extension to create; `pg_trgm` and `btree_gin` are always included | Mount the file at `/home/values.properties`. @@ -40,9 +41,8 @@ A property file, it contains un-escaped values for the master user name and pass Keys and values are separated with a `=`. Comment lines, starting with a `#`, are ignored. - | Property | Required | Description | -| ---------- | -------- | ---------------------------- | +|------------|----------|------------------------------| | PGUSER | yes | Name of the master user | | PGPASSWORD | yes | Password for the master user | @@ -61,12 +61,13 @@ Mount the file at `/home/.pgpass`. ```shell docker buildx build src/main/docker --tag arda-cards/postgres-database-initializer ``` + Alternative: + ```shell make build ``` - # How to test ```shell @@ -74,6 +75,7 @@ docker compose -f src/test/docker/compose.yaml up --renew-anon-volumes ``` Alternative: + ```shell make test ``` @@ -85,9 +87,11 @@ Then inspect the log. The script `tests.sh` runs all the integration tests. The *clean build* command is + ```shell docker system prune --volumes --force; ./tests.sh ``` + The command purges the local docker installation from any temporary images, volumes, ... # How to use diff --git a/src/main/docker/Dockerfile b/src/main/docker/Dockerfile index ebea737..ba89fcf 100644 --- a/src/main/docker/Dockerfile +++ b/src/main/docker/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:3.20 +FROM alpine:3.23 RUN apk add --update --no-cache postgresql16-client diff --git a/src/main/docker/create.sql b/src/main/docker/create.sql index b3ad9c7..5c4e0d8 100644 --- a/src/main/docker/create.sql +++ b/src/main/docker/create.sql @@ -58,10 +58,10 @@ GRANT ALL PRIVILEGES ON ALL FUNCTIONS IN SCHEMA public TO :"database_role"; -- Create extensions as the current psql user (typically a superuser) after connecting to the database. -- This is done here because creating these extensions requires superuser privileges that the application roles do not have. --- Enable pg_trgm extension for fuzzy string matching -CREATE EXTENSION IF NOT EXISTS pg_trgm; --- Enable btree_gin extension for types other than Strings. -CREATE EXTENSION IF NOT EXISTS btree_gin; +SELECT format('CREATE EXTENSION IF NOT EXISTS %I', btrim(extension_name)) +FROM regexp_split_to_table(:'extensions', ',') AS extension_name +WHERE btrim(extension_name) <> ''; +\gexec -- Revoke the ability to drop the database or create new users REVOKE CREATE ON DATABASE :"database_name" FROM :"database_owner"; diff --git a/src/main/docker/entrypoint.sh b/src/main/docker/entrypoint.sh index cf3037d..f7f2152 100755 --- a/src/main/docker/entrypoint.sh +++ b/src/main/docker/entrypoint.sh @@ -26,20 +26,37 @@ else # Handle escaped colons (\:) and backslashes (\\) in .pgpass bs_ph="" cl_ph="" - pg_user="$(grep -v -e '^#' ${PGPASSFILE} | \ - sed -e "s/\\\\\\\\/${bs_ph}/g" -e "s/\\\\:/${cl_ph}/g" | \ - cut -d : -f 4 | \ + pg_user="$(grep -v -e '^#' ${PGPASSFILE} | + sed -e "s/\\\\\\\\/${bs_ph}/g" -e "s/\\\\:/${cl_ph}/g" | + cut -d : -f 4 | sed -e "s/${cl_ph}/:/g" -e "s/${bs_ph}/\\\\/g")" fi chmod -f 0600 ${PGPASSFILE} readonly values=/home/values.properties +normalized_extensions= +for extension in $( + echo "pg_trgm,btree_gin,$(sed -n -e 's/^extensions=//p' "${values}")" | + awk -F',' '{ for (i = 1; i <= NF; i++) { gsub(/^[[:space:]]+|[[:space:]]+$/, "", $i); if ($i != "") print $i } }' | + sort -u \ + ); do + if ! printf '%s' "${extension}" | grep -Eq '^[A-Za-z_][A-Za-z0-9_]*$'; then + echo "Invalid extension name: ${extension}" + exit 1 + fi + if [ -n "${normalized_extensions}" ]; then + normalized_extensions="${normalized_extensions},${extension}" + else + normalized_extensions="${extension}" + fi +done { echo "\set database_name '$(sed -n -e 's/^database_name=//p' "${values}")'" echo "\set database_owner '$(sed -n -e 's/^database_owner=//p' "${values}")'" echo "\set database_owner_password '$(sed -n -e 's/^database_owner_password=//p' "${values}")'" connection_limit=$(sed -n -e 's/^connection_limit=//p' "${values}" | cut -d = -f 2) echo "\set connection_limit ${connection_limit:-100}" + echo "\set extensions '${normalized_extensions}'" } >/home/values.sql command=/home/create.sql diff --git a/src/test/docker/test_all.sql b/src/test/docker/test_all.sql index 32c1f7f..2639145 100644 --- a/src/test/docker/test_all.sql +++ b/src/test/docker/test_all.sql @@ -15,3 +15,17 @@ BEGIN END IF; END; $$; + +DO $$ +BEGIN + IF NOT EXISTS (SELECT 1 FROM pg_extension WHERE extname = 'pg_trgm') THEN + RAISE EXCEPTION 'Extension pg_trgm was not created'; + END IF; + IF NOT EXISTS (SELECT 1 FROM pg_extension WHERE extname = 'btree_gin') THEN + RAISE EXCEPTION 'Extension btree_gin was not created'; + END IF; + IF NOT EXISTS (SELECT 1 FROM pg_extension WHERE extname = 'btree_gist') THEN + RAISE EXCEPTION 'Extension btree_gist was not created'; + END IF; +END; +$$; diff --git a/src/test/docker/values_all.properties b/src/test/docker/values_all.properties index 005d58d..19b385a 100644 --- a/src/test/docker/values_all.properties +++ b/src/test/docker/values_all.properties @@ -2,3 +2,4 @@ database_name=test_db_all database_owner=test_db_all_owner database_owner_password=test_db_all_owner_pwd connection_limit=25 +extensions=pg_trgm, btree_gist From 16e89303ade8cc9094fad2458bbc167e5803b6a1 Mon Sep 17 00:00:00 2001 From: "Denis N. Antonioli" <1205618+denisa@users.noreply.github.com> Date: Fri, 3 Apr 2026 19:23:08 +0200 Subject: [PATCH 7/7] 114: Copilot --- README.md | 14 +++++++------- src/main/docker/create.sql | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 0c4d91d..89a2e7b 100644 --- a/README.md +++ b/README.md @@ -24,13 +24,13 @@ A property file, it contains un-escaped values to define the database to be crea Keys and values are separated with a `=`. Comment lines, starting with a `#`, are ignored. -| Property | Required | Description | -|-------------------------|----------|------------------------------------------------------------------------------------------------------| -| database_name | yes | Name of the database | -| database_owner | yes | Name of the database owner | -| database_owner_password | yes | Password for the database owner | -| connection_limit | no | Initial connection count limit, defaults to 100 | -| extensions | no | Comma-separated names of Postgres extension to create; `pg_trgm` and `btree_gin` are always included | +| Property | Required | Description | +|-------------------------|----------|-------------------------------------------------------------------------------------------------------| +| database_name | yes | Name of the database | +| database_owner | yes | Name of the database owner | +| database_owner_password | yes | Password for the database owner | +| connection_limit | no | Initial connection count limit, defaults to 100 | +| extensions | no | Comma-separated names of Postgres extensions to create; `pg_trgm` and `btree_gin` are always included | Mount the file at `/home/values.properties`. diff --git a/src/main/docker/create.sql b/src/main/docker/create.sql index 5c4e0d8..acc8ff0 100644 --- a/src/main/docker/create.sql +++ b/src/main/docker/create.sql @@ -60,7 +60,7 @@ GRANT ALL PRIVILEGES ON ALL FUNCTIONS IN SCHEMA public TO :"database_role"; -- This is done here because creating these extensions requires superuser privileges that the application roles do not have. SELECT format('CREATE EXTENSION IF NOT EXISTS %I', btrim(extension_name)) FROM regexp_split_to_table(:'extensions', ',') AS extension_name -WHERE btrim(extension_name) <> ''; +WHERE btrim(extension_name) <> '' \gexec -- Revoke the ability to drop the database or create new users