SEC-1714: Postgres 16

[Alexander-Cairns]

Upgrades the postgres client to 16

Summary by CodeRabbit

• Chores
  • Improved container build configuration for apt repository setup and key management.
  • Enhanced dynamic repository configuration to source OS codename for package repositories.
  • Updated PostgreSQL client to version 16 for compatibility.
  • Added PHP SOAP extension to the runtime package list.

[coderabbitai]

Walkthrough

The Dockerfile now configures APT repositories using the OS codename from /etc/os-release, adds PostgreSQL APT key files under /usr/share/postgresql-common/pgdg/, installs php${PHP_VERSION}-soap, and switches to the versioned package postgresql-client-16.

Changes

Cohort / File(s)	Summary
APT repository & package changes Dockerfile	Replaced lsb-release usage with /etc/os-release and $VERSION_CODENAME for PHP and PGDG APT sources; added /usr/share/postgresql-common/pgdg/apt.postgresql.org.asc key placement; added pgdg.list repository entry; replaced postgresql-client with postgresql-client-16; added php${PHP_VERSION}-soap.

Sequence Diagram(s)

sequenceDiagram
    autonumber
    participant Dockerfile
    participant HostFS as Container FS
    participant APT as apt-get
    rect rgba(135,206,235,0.12)
        Note right of Dockerfile: Prepare APT metadata and keys
        Dockerfile->>HostFS: mkdir -p /usr/share/postgresql-common/pgdg/
        Dockerfile->>HostFS: add apt.postgresql.org.asc
        Dockerfile->>HostFS: write pgdg.list using $VERSION_CODENAME
        Dockerfile->>HostFS: write PHP apt list using $VERSION_CODENAME
    end
    rect rgba(144,238,144,0.12)
        Note right of Dockerfile: Install packages
        Dockerfile->>APT: apt-get update
        Dockerfile->>APT: apt-get install php${PHP_VERSION}-soap, postgresql-client-16, ca-certificates, ...
    end
    APT-->>Dockerfile: packages installed / exit status

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• ISX-71: Update Php in Base image #10: Similar changes to Dockerfile PHP repository setup and package handling; related key/repo management edits.

Poem

🐰
I hopped into the Dockerfile today,
Placed keys and codenames in tidy array,
Soap for PHP and Postgres sixteen,
Containers hum smooth, all neat and clean,
A little rabbit nods — package ballet!

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	You can run @coderabbitai generate docstrings to improve docstring coverage.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The pull request title "SEC-1714: Postgres 16" is directly related to the primary change in the changeset, which is the upgrade of the PostgreSQL client from an unversioned package to postgresql-client-16. The title appropriately references the target version and ticket identifier, providing sufficient context for a teammate to understand the main focus of the change. While the title could be slightly more explicit (e.g., by including the word "upgrade"), it is specific and clear enough to convey the essential change, especially in combination with the ticket identifier that provides additional context.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch SEC-1714

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between e35801a and f8300da.

📒 Files selected for processing (1)

• Dockerfile (4 hunks)

🔇 Additional comments (4)

Dockerfile (4)

73-76: Solid migration to /etc/os-release for deterministic codename sourcing.

Using VERSION_CODENAME from /etc/os-release is more reliable than deprecated lsb_release tooling. Both PHP and PGDG repositories now use proper --signed-by directives, which aligns with modern Debian/Ubuntu APT practices.

---

121-121: Clarify necessity of php${PHP_VERSION}-soap extension.

The SOAP extension is a legitimate PHP module for web service integration. Confirm whether this was an existing requirement for Drupal/Islandora functionality or is a new dependency introduced by this upgrade.

---

94-95: No issues found — PGDG repository is properly configured.

The PGDG repository is correctly added (line 76 in context) with proper signing key configuration before the postgresql-client-16 package is installed. The package is available in the PGDG repository for Debian 12 (bookworm-pgdg), and the installation order is correct. The upgrade to explicit versioning maintains dependency on postgresql-client-common as expected.

---

60-63: Verify PostgreSQL APT key checksum is current.

The ACCC4CF8 key is the official PostgreSQL Global Development Group (PGDG) APT repository signing key, and the key file is available at the correct official URL https://www.postgresql.org/media/keys/ACCC4CF8.asc. The directory path /usr/share/postgresql-common/pgdg/ aligns with PostgreSQL APT wiki documentation.

However, manually verify that the SHA256 checksum 0144068502a1eddd2a0280ede10ef607d1ec592ce819940991203941564e8e76 matches the current key file to ensure it hasn't been rotated or updated.

Warning

Review ran into problems

🔥 Problems

Errors were encountered while retrieving linked issues.

Errors (1)

• JIRA integration encountered authorization issues. Please disconnect and reconnect the integration in the CodeRabbit UI.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}