feat: use fully pinned versions for all components

Tags now use the format postgres-17.9-postgis-3-pgvector-0.8.2 with
exact patch versions for reproducible builds.

Author: naorpeled

.github/workflows/publish.yml

@@ -2,40 +2,38 @@ name: Publish
 
 on:
   push:
-    tags: ["v*.*.*"] # Trigger on version tags like v1.0.0
-  workflow_dispatch: # Allows manual triggering
+    tags: ["v*.*.*"]
+  workflow_dispatch:
 
 env:
   REGISTRY: ghcr.io
-  # IMAGE_NAME is constructed as owner/repository_name by default in metadata-action
-  # Example: ghcr.io/yourusername/yourrepositoryname
 
 jobs:
   build-and-push:
     runs-on: ubuntu-latest
     permissions:
       contents: read
-      packages: write # Required to publish to GHCR
+      packages: write
 
     strategy:
       matrix:
         include:
-          - pg_major_version: 17
-            postgis_major_version: 3
-            pgvector_tag: v0.8.0
-            latest_tag_suffix: true
-          - pg_major_version: 16
-            postgis_major_version: 3
-            pgvector_tag: v0.8.0
-            latest_tag_suffix: false
-          - pg_major_version: 15
-            postgis_major_version: 3
-            pgvector_tag: v0.8.0
-            latest_tag_suffix: false
-          - pg_major_version: 14
-            postgis_major_version: 3
-            pgvector_tag: v0.8.0
-            latest_tag_suffix: false
+          - pg_version: "17.9"
+            postgis_version: "3"
+            pgvector_version: "0.8.2"
+            latest: true
+          - pg_version: "16.13"
+            postgis_version: "3"
+            pgvector_version: "0.8.2"
+            latest: false
+          - pg_version: "15.17"
+            postgis_version: "3"
+            pgvector_version: "0.8.2"
+            latest: false
+          - pg_version: "14.22"
+            postgis_version: "3"
+            pgvector_version: "0.8.2"
+            latest: false
 
     steps:
       - name: Checkout repository
@@ -57,8 +55,8 @@ jobs:
         with:
           images: ${{ env.REGISTRY }}/${{ github.repository_owner }}/${{ github.event.repository.name }}
           tags: |
-            type=raw,value=pg${{ matrix.pg_major_version }}-postgis${{ matrix.postgis_major_version }}-pgvector${{ matrix.pgvector_tag }}
-            type=raw,value=latest,enable=${{ matrix.latest_tag_suffix }}
+            type=raw,value=postgres-${{ matrix.pg_version }}-postgis-${{ matrix.postgis_version }}-pgvector-${{ matrix.pgvector_version }}
+            type=raw,value=latest,enable=${{ matrix.latest }}
             type=ref,event=tag
 
       - name: Build and push Docker image
@@ -69,8 +67,8 @@ jobs:
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
           build-args: |
-            PG_MAJOR_VERSION=${{ matrix.pg_major_version }}
-            POSTGIS_MAJOR_VERSION=${{ matrix.postgis_major_version }}
-            PGVECTOR_TAG=${{ matrix.pgvector_tag }}
+            PG_VERSION=${{ matrix.pg_version }}
+            POSTGIS_VERSION=${{ matrix.postgis_version }}
+            PGVECTOR_VERSION=${{ matrix.pgvector_version }}
           cache-from: type=gha
           cache-to: type=gha,mode=max

.github/workflows/test.yml

@@ -12,10 +12,19 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        # Renaming for clarity in matrix, maps to Dockerfile ARGs
-        pg_version_matrix: [16, 15] # Corresponds to PG_MAJOR_VERSION
-        pgvector_tag_matrix: [v0.8.0, v0.7.2] # Corresponds to PGVECTOR_TAG
-        # POSTGIS_MAJOR_VERSION is set to 3 directly in build-args below
+        include:
+          - pg_version: "17.9"
+            postgis_version: "3"
+            pgvector_version: "0.8.2"
+          - pg_version: "16.13"
+            postgis_version: "3"
+            pgvector_version: "0.8.2"
+          - pg_version: "15.17"
+            postgis_version: "3"
+            pgvector_version: "0.8.2"
+          - pg_version: "14.22"
+            postgis_version: "3"
+            pgvector_version: "0.8.2"
 
     steps:
       - uses: actions/checkout@v6
@@ -28,27 +37,27 @@ jobs:
         uses: docker/build-push-action@v7
         with:
           context: .
-          load: true # Load image into local Docker daemon for testing
-          tags: postgres-postgis-pgvector:test-${{ matrix.pg_version_matrix }}-pgvector${{ matrix.pgvector_tag_matrix }}
+          load: true
+          tags: postgres-test:pg${{ matrix.pg_version }}
           build-args: |
-            PG_MAJOR_VERSION=${{ matrix.pg_version_matrix }}
-            POSTGIS_MAJOR_VERSION=3
-            PGVECTOR_TAG=${{ matrix.pgvector_tag_matrix }}
+            PG_VERSION=${{ matrix.pg_version }}
+            POSTGIS_VERSION=${{ matrix.postgis_version }}
+            PGVECTOR_VERSION=${{ matrix.pgvector_version }}
 
       - name: Start PostgreSQL container and test extensions
         run: |
-          IMAGE_TAG="postgres-postgis-pgvector:test-${{ matrix.pg_version_matrix }}-pgvector${{ matrix.pgvector_tag_matrix }}"
+          IMAGE_TAG="postgres-test:pg${{ matrix.pg_version }}"
           echo "Testing image: $IMAGE_TAG"
 
           docker run -d --name test-db \
             -e POSTGRES_PASSWORD=test \
             -e POSTGRES_USER=test \
             -e POSTGRES_DB=test \
             $IMAGE_TAG \
-            postgres -c shared_preload_libraries=vector # Ensure pgvector is preloaded
+            postgres -c shared_preload_libraries=vector
 
           echo "Waiting for PostgreSQL to start..."
-          sleep 15 # Allow time for PostgreSQL to initialize
+          sleep 15
 
           echo "PostgreSQL logs:"
           docker logs test-db
@@ -63,7 +72,7 @@ jobs:
           docker exec test-db psql -U test -d test -c "CREATE TABLE items (id bigserial PRIMARY KEY, embedding vector(3)); INSERT INTO items (embedding) VALUES ('[1,2,3]'), ('[4,5,6]'); SELECT COUNT(*) FROM items;"
 
       - name: Stop and remove container
-        if: always() # Ensure cleanup even if previous steps fail
+        if: always()
         run: |
           docker stop test-db || true
           docker rm test-db || true

Dockerfile

@@ -1,80 +1,65 @@
 # Default versions - can be overridden at build time using --build-arg
-ARG PG_MAJOR_VERSION=16
-ARG POSTGIS_MAJOR_VERSION=3
-ARG PGVECTOR_TAG=v0.8.0
+ARG PG_VERSION=17.9
+ARG POSTGIS_VERSION=3
+ARG PGVECTOR_VERSION=0.8.2
 
-FROM postgres:${PG_MAJOR_VERSION}
+FROM postgres:${PG_VERSION}
 
 # Re-declare ARGs after FROM to make them available in this build stage
-ARG PG_MAJOR_VERSION
-ARG POSTGIS_MAJOR_VERSION
-ARG PGVECTOR_TAG
+ARG POSTGIS_VERSION
+ARG PGVECTOR_VERSION
 
-LABEL maintainer="Naor Peled me@naor.dev"
+LABEL maintainer="TypeORM"
 LABEL description="PostgreSQL with PostGIS and pgvector extensions for TypeORM"
-LABEL org.opencontainers.image.source="https://github.com/naorpeled/typeorm-postgres-docker"
-
-# Set ENV vars from ARGs for runtime inspection and use within the container
-ENV PG_MAJOR_VERSION=${PG_MAJOR_VERSION} \
-    POSTGIS_MAJOR_VERSION=${POSTGIS_MAJOR_VERSION} \
-    PGVECTOR_TAG=${PGVECTOR_TAG}
+LABEL org.opencontainers.image.source="https://github.com/typeorm/postgres-test-images"
 
 # Install base dependencies, setup PGDG repository, and install build tools
+# Note: PG_MAJOR is provided by the official postgres base image
 RUN apt-get update \
     && apt-get install -y --no-install-recommends \
     lsb-release \
     gnupg \
     ca-certificates \
     wget \
-    # Add PostgreSQL official repository using signed-by (apt-key is removed in newer Debian)
     && wget --quiet -O /usr/share/keyrings/postgresql-archive-keyring.gpg https://www.postgresql.org/media/keys/ACCC4CF8.asc \
     && sh -c 'echo "deb [signed-by=/usr/share/keyrings/postgresql-archive-keyring.gpg] http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list' \
-    # Update package lists again after adding the new repository
     && apt-get update \
-    # Install build tools and PostgreSQL development packages from PGDG
     && apt-get install -y --no-install-recommends \
     build-essential \
     git \
     make \
     gcc \
-    "postgresql-server-dev-${PG_MAJOR_VERSION}"
+    "postgresql-server-dev-${PG_MAJOR}"
 
 # Install PostGIS
 RUN apt-get update \
     && apt-get install -y --no-install-recommends \
     postgis \
-    "postgresql-${PG_MAJOR_VERSION}-postgis-${POSTGIS_MAJOR_VERSION}" \
-    "postgresql-${PG_MAJOR_VERSION}-postgis-${POSTGIS_MAJOR_VERSION}-scripts"
+    "postgresql-${PG_MAJOR}-postgis-${POSTGIS_VERSION}" \
+    "postgresql-${PG_MAJOR}-postgis-${POSTGIS_VERSION}-scripts"
 
 # Build and install pgvector
 RUN apt-get update \
-    # Ensure build tools are available for this layer if they were aggressively purged before,
-    # or if previous RUN commands didn't include them and they are needed.
-    # For pgvector, we need git, make, gcc, and postgresql-server-dev.
-    && apt-get install -y --no-install-recommends git make gcc "postgresql-server-dev-${PG_MAJOR_VERSION}" \
+    && apt-get install -y --no-install-recommends git make gcc "postgresql-server-dev-${PG_MAJOR}" \
     && mkdir -p /usr/src/pgvector \
-    && git clone --branch "${PGVECTOR_TAG}" https://github.com/pgvector/pgvector.git /usr/src/pgvector \
+    && git clone --branch "v${PGVECTOR_VERSION}" https://github.com/pgvector/pgvector.git /usr/src/pgvector \
     && cd /usr/src/pgvector \
     && make \
     && make install
 
 # Cleanup build dependencies
 RUN apt-get purge -y --auto-remove \
     build-essential \
-    # git make gcc "postgresql-server-dev-${PG_MAJOR_VERSION}" were re-installed for pgvector, purge them too
     git \
     make \
     gcc \
-    "postgresql-server-dev-${PG_MAJOR_VERSION}" \
+    "postgresql-server-dev-${PG_MAJOR}" \
     wget \
-    # gnupg might be needed if other repositories are added later, but for now, we can remove it
-    # if it was only for the postgresql repo key. lsb-release and ca-certificates are generally kept.
     && apt-get clean \
     && rm -rf /var/lib/apt/lists/* \
     && rm -rf /usr/src/pgvector
 
 # Copy initialization scripts
 COPY docker-entrypoint-initdb.d/ /docker-entrypoint-initdb.d/
 
-# Default PostgreSQL port
-EXPOSE 5432 
+EXPOSE 5432