-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdocker-compose.yml
More file actions
48 lines (46 loc) · 2.13 KB
/
Copy pathdocker-compose.yml
File metadata and controls
48 lines (46 loc) · 2.13 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
# ⚠️ LOCAL DEVELOPMENT ONLY — не використовуйте ці credentials у production.
# Локальний PostgreSQL для розробки (pnpm dev:server + pnpm dev:web).
# Запуск: docker compose up -d (або pnpm db:up)
# Зупинка: docker compose down (або pnpm db:down)
# DATABASE_URL у .env: postgresql://hub:hub@localhost:5432/hub
#
# PostgreSQL 17 upgrade (2026-06-05):
# - pgvector/pgvector:pg17 image
# - See docs/02-engineering/development/local-postgres-setup.md § "Bumping the SHA"
# - Renovate will auto-PR the new digest on monthly cadence
services:
postgres:
# pgvector image is SHA-pinned to match CI exactly
# (.github/workflows/{ci,extended-e2e,visual-regression,db-backup-verify}.yml).
# Migration 025_ai_memories_pgvector.sql runs `CREATE EXTENSION vector;`,
# which the stock postgres:17-alpine image does not ship.
#
# Why @sha256 instead of :pg17 floating tag (PR-37 / L10):
# - Reproducibility — bug reports older than the next pgvector push
# would otherwise be impossible to reproduce locally bit-for-bit.
# - CVE-trap safety — a freshly broken upstream layer cannot be
# auto-pulled at `docker compose up`.
# - Local dev ↔ CI parity — CI pins `@sha256:...` (4 workflows);
# a floating local tag drifts and makes "works on CI / fails locally"
# reports impossible to triage.
# How to bump: see docs/02-engineering/development/local-postgres-setup.md § "Bumping the SHA".
# Renovate (renovate.json `pgvector pinDigests`) auto-PR's the new digest
# on a monthly cadence; manually verify migration tests pass on the bump-PR.
image: pgvector/pgvector:pg17@sha256:feb68f4f15446397d8cac7f4fe48fe4586de83160d1fc48b46283312d1a33966
container_name: hub-postgres
restart: unless-stopped
environment:
POSTGRES_USER: hub
POSTGRES_PASSWORD: hub
POSTGRES_DB: hub
ports:
- "5432:5432"
volumes:
- hub_pgdata:/var/lib/postgresql/data
healthcheck:
test: ["CMD-SHELL", "pg_isready -U hub -d hub"]
interval: 5s
timeout: 5s
retries: 5
volumes:
hub_pgdata: