⬆️ Bump library/postgres from 16-alpine to 18-alpine in /phantom

[dependabot]

Bumps library/postgres from 16-alpine to 18-alpine.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Summary by CodeRabbit

• Chores
  • Upgraded the database container to PostgreSQL 18 (from 16) using the latest Alpine-based image.
  • No user-facing features changed; normal operation is expected to continue.
  • A brief restart/redeployment may occur during the update.

[coderabbitai]

Walkthrough

Updated the Docker Compose configuration to use PostgreSQL 18 (alpine) for the authentik-postgres service, replacing PostgreSQL 16 (alpine).

Changes

Cohort / File(s)	Summary of changes
Compose image update phantom/authentik.compose.yaml	Changed authentik-postgres service image from docker.io/library/postgres:16-alpine to docker.io/library/postgres:18-alpine.

Sequence Diagram(s)

Pre-merge checks and finishing touches

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title starts with the prescribed emoji “⬆️” indicating an upgrade of dependencies and precisely describes bumping the library/postgres image from 16-alpine to 18-alpine in the /phantom directory, directly matching the PR’s changes.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.
Gitmoji Commits	✅ Passed	Reviewed the pull request’s single commit and confirmed that its message begins with the approved emoji “⬆️”, which corresponds to an allowed intent from the Gitmoji list, so the check passes with no violations found.(github.com)

✨ Finishing touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch dependabot/docker_compose/phantom/library/postgres-18-alpine

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 80b70d2 and ea923b0.

📒 Files selected for processing (1)

• phantom/authentik.compose.yaml (1 hunks)

🧰 Additional context used

📓 Path-based instructions (2)

**/{compose.yaml,*.compose.yaml}

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

**/{compose.yaml,*.compose.yaml}: New compose.yaml files must match the established style and structure of existing compose files
Services protected by Authentik must include depends_on: - authentik-server
Services behind Caddy must include depends_on: - caddy
Order keys within each service definition alphabetically using the prescribed order: build, cap_add, command, container_name, depends_on, devices, entrypoint, env_file, environment, extends, group_add, healthcheck, hostname, image, networks, ports, restart, secrets, volumes
All services must mount host timezone and localtime:
volumes:

• /etc/localtime:/etc/localtime:ro
• /etc/timezone:/etc/timezone:ro
  Follow existing image tag patterns (e.g., use implicit :latest if that is the established convention)
  Container names mirror the image name (image: namespace/name → container_name: name); exceptions allowed for private dependencies (service-dependency)
  In compose files, reference per-service env files via env_file; use environment only for public, stable values
  Define a network in the compose file of the service that needs to connect to another service; the peer service must not redefine it at the top level
  Name internal networks connecting a service to a private dependency as [service]-[dependency] (e.g., taskcafe-postgres)
  Persist data using named volumes rather than bind mounts

Files:

• phantom/authentik.compose.yaml

**/!(*caddy).compose.yaml

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

Service compose files for Caddy-exposed services must use the pre-declared caddy-{service} network without redeclaring it

Files:

• phantom/authentik.compose.yaml

🔍 Remote MCP context7, deepwiki, grep, tavily

Additional Context for PR #92 (Bump postgres:16-alpine → postgres:18-alpine)

• PGDATA & Volume‐mount path changed in v18 Docker image
  The official PostgreSQL Docker image for v18 and above sets the PGDATA environment variable to /var/lib/postgresql/18/docker (instead of /var/lib/postgresql/data) and changes its declared VOLUME to /var/lib/postgresql. As a result, mounting a volume at the old path (…:/var/lib/postgresql/data) will no longer populate the active data directory unless you explicitly override PGDATA or update your Compose file to the new path.

• Major‐upgrade improvements and caveats in PostgreSQL 18
  PostgreSQL 18 smooths major-version upgrades by preserving planner statistics (eliminating a full ANALYZE step), and enhances the pg_upgrade utility with --jobs (parallel checks) and --swap (fast directory swaps). It also enables page checksums by default, so upgrading clusters with previously disabled checksums may require using initdb --no-data-checksums or creating a new cluster and migrating data. Full-text search (e.g., pg_trgm) and ICU‐collation indexes may need to be reindexed post-upgrade.

• Alpine‐variant extension considerations
  Alpine-based PostgreSQL images include only the core server and postgres-contrib; any additional extensions your application relies on must be compiled into a custom image or added at build time.

• Prevalence of postgres:16-alpine in related Compose setups
  A broad grep across public repositories (Grafana, Authentik, PostHog, etc.) shows heavy use of docker.io/library/postgres:16-alpine with similar healthchecks and volume mounts, suggesting that testing your bump in an equivalent local development environment is prudent to catch Alpine-specific or behavioral regressions.

• Context7 library resolution
  The official PostgreSQL 18 documentation library was resolved at /websites/postgresql_18, which can be consulted for deeper code examples and API behaviors introduced in v18.

• DeepWiki lookup
  An attempt to fetch surface-level documentation for the NatoBoram/docker-compose repo via DeepWiki returned no indexed content.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}