From 620be10c5ea5b1945aa97fe03c27068fbdd07c35 Mon Sep 17 00:00:00 2001
From: Francesco Canovai <francesco.canovai@enterprisedb.com>
Date: Mon, 12 May 2025 11:41:57 +0200
Subject: [PATCH] build: halt build if PG can have a minor upgrade

When building a system image, we start from a community postgres image.
There is the chance that newer postgres packages are released, and they
could be upgraded when installing the supported extensions. We want to
prevent this scenario, as it could lead to unexpected versions in the
container image.

Closes #186

Signed-off-by: Francesco Canovai <francesco.canovai@enterprisedb.com>
---
 Debian/Dockerfile.template | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/Debian/Dockerfile.template b/Debian/Dockerfile.template
index 7803c384..91304355 100644
--- a/Debian/Dockerfile.template
+++ b/Debian/Dockerfile.template
@@ -31,6 +31,11 @@ COPY requirements.txt /
 # Install additional extensions
 RUN set -xe; \
 	apt-get update; \
+	if apt list --upgradable 2>/dev/null | grep -q '^postgres'; then \
+		echo "ERROR: Upgradable postgres packages found!"; \
+		apt list --upgradable 2>/dev/null | grep '^postgres'; \
+		exit 1; \
+	fi; \
 	apt-get install -y --no-install-recommends \
 		"postgresql-${PG_MAJOR}-pgaudit" \
 		"postgresql-${PG_MAJOR}-pgvector" \