⬆️ Bump postgres from 17 to 18 in /phantom

[dependabot]

Bumps postgres from 17 to 18.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Summary by CodeRabbit

• Chores
  • Upgraded the Nextcloud backend database engine to PostgreSQL 18, delivering the latest security patches and stability improvements.
  • Enhances compatibility with modern extensions and ecosystems, with potential performance gains on supported environments.
  • No changes to the user interface or workflows; existing data and integrations are expected to continue functioning as before.

[coderabbitai]

Walkthrough

Updated Docker Compose to use PostgreSQL image version 18 for the nextcloud-postgres service, replacing version 17. No other changes.

Changes

Cohort / File(s)	Summary
Docker Compose image bump phantom/nextcloud.compose.yaml	Update nextcloud-postgres service image from postgres:17 to postgres:18.

Pre-merge checks and finishing touches

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title begins with the correct emoji “⬆️” to denote an upgrade of dependencies and precisely summarises the core change of bumping the Postgres image from version 17 to 18 within the phantom directory.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.
Gitmoji Commits	✅ Passed	I reviewed the sole commit in this pull request—SHA 7847193 authored on October 1, 2025—and confirmed its message starts with the allowed emoji ⬆️, correctly signalling an upgrade dependency change, so it satisfies the Gitmoji commit convention without any deviations.(github.com)

✨ Finishing touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch dependabot/docker_compose/phantom/postgres-18

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 80b70d2 and 7847193.

📒 Files selected for processing (1)

• phantom/nextcloud.compose.yaml (1 hunks)

🧰 Additional context used

📓 Path-based instructions (2)

**/{compose.yaml,*.compose.yaml}

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

**/{compose.yaml,*.compose.yaml}: New compose.yaml files must match the established style and structure of existing compose files
Services protected by Authentik must include depends_on: - authentik-server
Services behind Caddy must include depends_on: - caddy
Order keys within each service definition alphabetically using the prescribed order: build, cap_add, command, container_name, depends_on, devices, entrypoint, env_file, environment, extends, group_add, healthcheck, hostname, image, networks, ports, restart, secrets, volumes
All services must mount host timezone and localtime:
volumes:

• /etc/localtime:/etc/localtime:ro
• /etc/timezone:/etc/timezone:ro
  Follow existing image tag patterns (e.g., use implicit :latest if that is the established convention)
  Container names mirror the image name (image: namespace/name → container_name: name); exceptions allowed for private dependencies (service-dependency)
  In compose files, reference per-service env files via env_file; use environment only for public, stable values
  Define a network in the compose file of the service that needs to connect to another service; the peer service must not redefine it at the top level
  Name internal networks connecting a service to a private dependency as [service]-[dependency] (e.g., taskcafe-postgres)
  Persist data using named volumes rather than bind mounts

Files:

• phantom/nextcloud.compose.yaml

**/!(*caddy).compose.yaml

📄 CodeRabbit inference engine (.github/copilot-instructions.md)

Service compose files for Caddy-exposed services must use the pre-declared caddy-{service} network without redeclaring it

Files:

• phantom/nextcloud.compose.yaml

🔍 Remote MCP grep, tavily

Relevant Context for Reviewing Pull Request #93

• The Docker Compose service nextcloud-postgres in phantom/nextcloud.compose.yaml was originally configured to use image: postgres:17. This change updates it to image: postgres:18, and no other service configuration, networks, volumes, or environment variables were modified.

• PostgreSQL 18 was officially released on September 25, 2025. Key new features include:

  • An asynchronous I/O subsystem yielding up to 3× better performance for sequential scans, bitmap heap scans, and vacuums.
  • Support for virtual generated columns that compute values on read.
  • The new uuidv7() function for timestamp-ordered UUIDs.
  • Built-in OAuth 2.0 authentication support.
  • Enhancements to pg_upgrade, including retention of optimizer statistics.
  • Many optimizer, index, monitoring, and replication improvements.

• Migration to PostgreSQL 18 is a major-version upgrade requiring one of:

  • A dump/restore via pg_dumpall.
  • In-place upgrade with pg_upgrade (now preserving statistics by default).
  • Logical replication.

  Notable compatibility considerations:

  • initdb now enables data checksums by default (can be disabled with --no-data-checksums).
  • MD5 password authentication is deprecated and will emit warnings.
  • Time zone abbreviation handling has changed.
  • CSV COPY FROM no longer treats \. as an end-of-file marker.
  • Clusters using nondeterministic collations may need to reindex full-text search and trigram indexes after upgrade.

• No other occurrences of postgres:18 were found in the repository beyond this one image tag update, indicating the upgrade is narrowly scoped to the nextcloud-postgres service.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Major-version bump will brick existing data volume.

Jumping straight from postgres:17 to postgres:18 while keeping the same persisted data directory will make the 18 server refuse to start (“database files are incompatible with server”); you must run pg_upgrade, pg_dumpall/restore, or otherwise migrate the cluster first. Please hold this change (or provide the migration tooling) before merging.

🤖 Prompt for AI Agents

In phantom/nextcloud.compose.yaml around line 77, the image was changed from
postgres:17 to postgres:18 which will break existing on-disk databases; either
revert the image back to postgres:17 to avoid automatic upgrade, or implement an
explicit migration path: add a one-shot migration service or script that runs
pg_upgrade (or pg_dumpall + restore) between the old data directory and a new
cluster, ensure the compose mounts separate data paths for pre- and post-upgrade
clusters, and document the exact steps and backup/rollback procedure; do not
merge the version bump without including the migration tooling and instructions.