chore(deps): update postgres docker digest to 65f70a1

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
postgres	service	digest	0027bef → 65f70a1

---

Configuration

📅 Schedule: (in timezone Asia/Tokyo)

• Branch creation
  • "before 9am on monday"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[cloudflare-workers-and-pages]

Deploying koyori with    Cloudflare Pages

Latest commit:	49840f6
Status:	⚡️  Build in progress...

View logs

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

Walkthrough

.github/workflows/backend-test.yml の test ジョブで使用する PostgreSQL サービスのコンテナイメージが別の SHA 固定値のイメージに更新されました。CI が起動する Postgres コンテナ実体が切り替わります。

Changes

CI設定の更新

Layer / File(s)	Summary
PostgreSQL サービスイメージ更新 .github/workflows/backend-test.yml	test ジョブの services.postgres.image が旧SHA固定値から新SHA固定値へ置き換えられました。

推定レビュー工数

🎯 2 (Simple) | ⏱️ ~10 minutes

詩

🐰 新しいSHAでぴょんと跳ねる
CIの朝に小さな風が吹く
コンテナ変わりてテストが巡る
ログは控えめに微笑むよ
さあ、また走ろうね

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Title check	✅ Passed	PRのタイトル「chore(deps): update postgres docker digest to 65f70a1」は、.github/workflows/backend-test.yml内のPostgres DockerイメージダイジェストをSHA値で更新する変更内容と一致しており、変更の主要な目的を正確に表現しています。
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch renovate/postgres

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/backend-test.yml:
- Line 28: The workflow currently pins the container image using only the digest
(image: postgres@sha256:8ff36f3...), which reduces readability and omits the
PostgreSQL tag; update the image to include the tag (e.g., use
postgres:18.4@sha256:8ff36f3... or add an inline comment stating 18.4) to make
the version explicit, and if/when the project requires pg_bigm support add a CI
setup step that runs SQL to enable it (e.g., run psql with "CREATE EXTENSION IF
NOT EXISTS pg_bigm;") during the test DB initialization so the workflow will
create pg_bigm/ gin_bigm_ops/ tsvector before migrations; also note the repo
currently has no uses of pg_bigm in apps/backend so apply the pg_bigm enablement
only when migrations or SQL reference it.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: fffa1b0b-29b2-4fcb-94a4-c9c52117132d

📥 Commits

Reviewing files that changed from the base of the PR and between b3341ab and b9fe291.

📒 Files selected for processing (1)

• .github/workflows/backend-test.yml

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

🧩 Analysis chain

🌐 Web query:

postgres docker image sha256:8ff36f3c66371cba71d20ceedccfc3de9669a68737607888c4ef0af93abe8e39 version

💡 Result:

The Docker image with the digest sha256:8ff36f3c66371cba71d20ceedccfc3de9669a68737607888c4ef0af93abe8e39 corresponds to the postgres:18.4 version [1]. It has also been referenced in some contexts as a digest associated with the postgres:latest tag [2][3].

Citations:

• 1: https://artifacthub.io/packages/helm/cloudpirates-postgres/postgres
• 2: https://github.com/docker-library/repo-info/blob/master/repos/postgres/remote/latest.md
• 3: https://github.com/thelabnyc/django-oscar-bluelight/blob/master/docker-compose.yml

---

🌐 Web query:

postgres pg_bigm extension compatibility latest versions

💡 Result:

As of June 2026, the pg_bigm extension is compatible with PostgreSQL versions up to 18 and later [1][2]. The current version, pg_bigm 1.2 (specifically releases updated in late 2025), includes explicit support for PostgreSQL 18 [3][4][5]. According to the official documentation and release history: - Compatibility: pg_bigm 1.2 is confirmed to support PostgreSQL 9.1 through 18 [1][2]. - Required Version for Modern PostgreSQL: Users of PostgreSQL 12 or later are advised to use pg_bigm 1.2, as earlier versions (such as 1.1) lack support for newer PostgreSQL features, including parallel queries and recent architectural changes [3]. - Configuration: As with earlier versions, pg_bigm 1.2 requires the extension to be loaded in the PostgreSQL configuration via shared_preload_libraries or session_preload_libraries [1][2]. You can track the latest releases and specific build compatibility directly via the official pg_bigm GitHub repository [3].

Citations:

• 1: https://pgbigm.github.io/pg_bigm/pg_bigm_en.html
• 2: https://github.com/pgbigm/pg_bigm/blob/REL1_2_STABLE/docs/pg_bigm_en.md
• 3: https://github.com/pgbigm/pg_bigm/releases
• 4: Build error against PostgreSQL 18 pgbigm/pg_bigm#28
• 5: https://newreleases.io/project/github/pgbigm/pg_bigm/release/v1.2-20250903

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

# Show workflow around the postgres image reference
echo "=== backend-test.yml: lines ~1-120 ==="
sed -n '1,120p' .github/workflows/backend-test.yml | nl -ba | sed -n '1,140p'

echo
echo "=== backend-test.yml: lines 20-60 (focused) ==="
sed -n '20,60p' .github/workflows/backend-test.yml | nl -ba

# Show the extensions doc around pg_bigm mention
echo
echo "=== docs/features/tasks/7.extensions.md (search for pg_bigm) ==="
if [ -f "docs/features/tasks/7.extensions.md" ]; then
  rg -n "pg_bigm|CREATE EXTENSION|extensions" docs/features/tasks/7.extensions.md || true
  echo
  sed -n '1,200p' docs/features/tasks/7.extensions.md | nl -ba | sed -n '1,200p'
else
  echo "File docs/features/tasks/7.extensions.md not found"
fi

Repository: koyori-app/task

Length of output: 159

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "=== Find workflow files matching backend-test.yml ==="
fd -a "backend-test\.yml$" .github/workflows || true

echo
echo "=== Find docs/features/tasks/7.extensions.md ==="
fd -a "7\.extensions\.md$" docs || true

WF_FILE="$(fd -a "backend-test\.yml$" .github/workflows | head -n 1 || true)"
DOC_FILE="$(fd -a "7\.extensions\.md$" docs | head -n 1 || true)"

if [ -n "${WF_FILE:-}" ]; then
  echo
  echo "=== backend-test.yml: show lines around postgres image reference ==="
  # Print a window that should include the digest line
  # (line numbers may vary; this searches and prints some context around "postgres@sha256:")
  rg -n "postgres@sha256:" "$WF_FILE" || true
  echo
  rg -n -C 20 "postgres@sha256:" "$WF_FILE" || true
fi

if [ -n "${DOC_FILE:-}" ]; then
  echo
  echo "=== 7.extensions.md: extract pg_bigm-related lines ==="
  rg -n "pg_bigm|CREATE EXTENSION" "$DOC_FILE" || true
  echo
  # Show a small region around the first occurrence
  FIRST_MATCH_LINE="$(rg -n "pg_bigm|CREATE EXTENSION" "$DOC_FILE" | head -n 1 | cut -d: -f1 || true)"
  if [ -n "${FIRST_MATCH_LINE:-}" ]; then
    START=$((FIRST_MATCH_LINE > 40 ? FIRST_MATCH_LINE-40 : 1))
    END=$((FIRST_MATCH_LINE+80))
    sed -n "${START},${END}p" "$DOC_FILE" | cat -n
  else
    # Fallback: print beginning
    sed -n '1,200p' "$DOC_FILE" | cat -n
  fi
fi

Repository: koyori-app/task

Length of output: 4837

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "=== backend-test.yml: full (or key) content for pg_bigm setup ==="
# Print with line numbers using cat -n (nl unavailable)
cat -n .github/workflows/backend-test.yml | sed -n '1,220p'

Repository: koyori-app/task

Length of output: 3217

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "=== Search for pg_bigm usage ==="
rg -n --hidden --no-ignore-vcs "pg_bigm" . || true

echo
echo "=== Search for gin_bigm_ops ==="
rg -n --hidden --no-ignore-vcs "gin_bigm_ops" . || true

echo
echo "=== Search for CREATE EXTENSION (pg_bigm) ==="
rg -n --hidden --no-ignore-vcs "CREATE\s+EXTENSION\s+IF\s+NOT\s+EXISTS\s+pg_bigm" . || true
rg -n --hidden --no-ignore-vcs "CREATE\s+EXTENSION\s+.*pg_bigm" . || true

Repository: koyori-app/task

Length of output: 2160

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "=== Search only in apps/backend for pg_bigm ==="
rg -n "pg_bigm" apps/backend || true

echo
echo "=== Search only in apps/backend for gin_bigm_ops ==="
rg -n "gin_bigm_ops" apps/backend || true

echo
echo "=== Search only in apps/backend for CREATE EXTENSION ==="
rg -n "CREATE\s+EXTENSION" apps/backend || true

Repository: koyori-app/task

Length of output: 219

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "=== List likely DB/migration directories under apps/backend ==="
fd -t d -a "migrations|migration|db|database|sql" apps/backend | head -n 50 || true

echo
echo "=== Search for gin_bigm_ops / pg_bigm across repository (excluding old_docs) ==="
rg -n --hidden --no-ignore-vcs "gin_bigm_ops|pg_bigm" . \
  --glob "!old_docs/**" --glob "!.git/**" || true

echo
echo "=== Search for tsvector usage in apps/backend ==="
rg -n --hidden --no-ignore-vcs "tsvector|to_tsvector|ts_headline" apps/backend || true

Repository: koyori-app/task

Length of output: 1075

---

Postgresダイジェストとpg_bigm前提を整理

• .github/workflows/backend-test.yml の postgres@sha256:8ff36f3... は postgres:18.4 に対応するため、PostgreSQLバージョン不整合の懸念は低い。
• pg_bigm は PostgreSQL 18 まで対応しているため、CREATE EXTENSION IF NOT EXISTS pg_bigm; という前提自体は整合。
• ただし、当該CIワークフローには pg_bigm を有効化する処理がなく、リポジトリ内（apps/backend）でも pg_bigm/gin_bigm_ops/tsvector を使う記載は見当たらないため、現状CI失敗要因になる確度は高くない。将来マイグレーション/SQLで必要になったらCI側で拡張導入方針を明示してほしい。
• ダイジェストのみ参照だと可読性が下がるので、可能なら postgres:18.4@sha256:... 形式（または 18.4 明記コメント）を推奨。

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/backend-test.yml at line 28, The workflow currently pins
the container image using only the digest (image: postgres@sha256:8ff36f3...),
which reduces readability and omits the PostgreSQL tag; update the image to
include the tag (e.g., use postgres:18.4@sha256:8ff36f3... or add an inline
comment stating 18.4) to make the version explicit, and if/when the project
requires pg_bigm support add a CI setup step that runs SQL to enable it (e.g.,
run psql with "CREATE EXTENSION IF NOT EXISTS pg_bigm;") during the test DB
initialization so the workflow will create pg_bigm/ gin_bigm_ops/ tsvector
before migrations; also note the repo currently has no uses of pg_bigm in
apps/backend so apply the pg_bigm enablement only when migrations or SQL
reference it.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/backend-test.yml:
- Line 28: backend-test.yml currently pins the Postgres container by digest only
("image: postgres@sha256:fd03421...") which hides the actual Postgres version;
update that image reference to include the major/minor tag (e.g.
"postgres:<VERSION>`@sha256`:...") or add a clear comment stating the Postgres
version next to the "image:
postgres@sha256:fd03421d521b789274856f57ba64914f8271255ef1415ac307cbc907121c8c7b"
line so the exact version is explicitly recorded for reproducibility and
debugging.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 37701e89-3b42-4e0d-94b3-3b9e25379e1f

📥 Commits

Reviewing files that changed from the base of the PR and between b9fe291 and 83fcc51.

📒 Files selected for processing (1)

• .github/workflows/backend-test.yml

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🌐 Web query:

postgres docker image sha256:fd03421d521b789274856f57ba64914f8271255ef1415ac307cbc907121c8c7b version

💡 Result:

The specific SHA256 digest provided (sha256:fd03421d521b789274856f57ba64914f8271255ef1415ac307cbc907121c8c7b) does not correspond to a known official PostgreSQL Docker image [1][2]. The Docker Official Image for PostgreSQL is updated frequently, and its image manifests are tracked publicly [3][4]. Because Docker image digests are content-addressable and immutable—changing whenever the image layers or base configuration change—they are highly specific to the exact build environment and time of creation [5][6]. If you are trying to verify or identify an image, it is recommended to use the official Docker Hub repository to check the latest digests for specific tags (e.g., postgres:17, postgres:16) [1][7], or inspect the image locally using the following command to retrieve its digest: docker inspect --format='{{index.RepoDigests 0}}' <image_name_or_id> If this digest was encountered in an environment or configuration file, it may be a private build, a custom derivative, or an outdated/invalid reference [8][9].

Citations:

• 1: https://hub.docker.com/_/postgres/tags
• 2: https://hub.docker.com/_/postgres
• 3: https://github.com/docker-library/repo-info/blob/master/repos/postgres/remote/latest.md
• 4: https://raw.githubusercontent.com/docker-library/official-images/master/library/postgres
• 5: https://hub.docker.com/_/postgres/tags/?name=latest
• 6: https://github.com/RemkoMolier/docker-hash
• 7: https://hub.docker.com/_/postgres?ordering=last_updated&page=1&tab=description
• 8: https://deepwiki.com/docker-library/postgres/2-version-management-system
• 9: https://github.com/philips-software/docker-ci-scripts/blob/main/container_digest.sh

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

# 1) Inspect the workflow snippet around the reported line
echo "=== backend-test.yml (around line 20-40) ==="
sed -n '1,80p' .github/workflows/backend-test.yml | nl -ba | sed -n '15,45p'

# 2) Show any other postgres image references in workflows
echo "=== postgres image references in .github/workflows ==="
rg -n --hidden "image:\s*postgres" .github/workflows -S || true

# 3) Search for explicit postgres version hints in repo (optional)
echo "=== postgres version hints in repo ==="
rg -n --hidden "(postgres|PG_VERSION|PG_VERSION|DATABASE_URL)" . -S || true

# 4) Show SeaORM migration tooling references (lightweight: search only)
echo "=== seaorm migration references (search) ==="
rg -n --hidden "sea-orm|SeaORM|migration|migrat" apps/backend -S || true

Repository: koyori-app/task

Length of output: 165

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

# 1) Inspect workflow snippet around the reported line (line ~28)
echo "=== backend-test.yml (lines 20-40) ==="
awk 'NR>=20 && NR<=40 {printf "%4d\t%s\n", NR, $0}' .github/workflows/backend-test.yml

# 2) Show any postgres image references in workflows
echo "=== postgres image references in .github/workflows ==="
rg -n --hidden "image:\s*postgres" .github/workflows -S || true

# 3) Search for explicit postgres version hints in repo
echo "=== postgres version hints in repo ==="
rg -n --hidden "(postgres|PG_VERSION|PGVERSION|PG_VERSION|DATABASE_URL|POSTGRES|PGHOST|PGPORT|PGUSER)" . -S || true

# 4) Show SeaORM / migration references (search only)
echo "=== sea-orm / migration references (search) ==="
rg -n --hidden "(sea-orm|SeaORM|migration|migrat)" apps/backend -S || true

Repository: koyori-app/task

Length of output: 12547

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

# 1) Inspect workflow snippet around the reported line (line ~28)
echo "=== backend-test.yml (lines 20-40) ==="
awk 'NR>=20 && NR<=40 {printf "%4d\t%s\n", NR, $0}' .github/workflows/backend-test.yml

# 2) Show any postgres image references in workflows
echo "=== postgres image references in .github/workflows ==="
rg -n --hidden "image:\s*postgres" .github/workflows -S || true

# 3) Search for explicit postgres version hints in repo
echo "=== postgres version hints in repo ==="
rg -n --hidden "(postgres|PG_VERSION|PGVERSION|PG_VERSION|DATABASE_URL|POSTGRES|PGHOST|PGPORT|PGUSER)" . -S || true

# 4) Show SeaORM / migration references (search only)
echo "=== sea-orm / migration references (search) ==="
rg -n --hidden "(sea-orm|SeaORM|migration|migrat)" apps/backend -S || true

Repository: koyori-app/task

Length of output: 12547

---

🏁 Script executed:

#!/bin/bash
set -euo pipefail

echo "=== backend-test.yml file info ==="
wc -l .github/workflows/backend-test.yml
echo

echo "=== backend-test.yml (full, if <=200 lines) ==="
if [ "$(wc -l < .github/workflows/backend-test.yml)" -le 200 ]; then
  cat .github/workflows/backend-test.yml
else
  echo "File too large; showing head/tail"
  head -n 120 .github/workflows/backend-test.yml
  echo "..."
  tail -n 80 .github/workflows/backend-test.yml
fi

echo
echo "=== find any secrets usage in backend-test.yml ==="
rg -n --hidden "secrets\." .github/workflows/backend-test.yml -S || true

echo
echo "=== find any permissions/cache usage in backend-test.yml ==="
rg -n --hidden "(permissions:|cache|actions/cache|GITHUB_TOKEN|concurrency|if:|continue-on-error)" .github/workflows/backend-test.yml -S || true

Repository: koyori-app/task

Length of output: 2890

---

PostgreSQLのバージョン（少なくともメジャー）を明示してください（ダイジェストのみだと追跡不能）
backend-test.yml の Postgres はダイジェストのみで参照されています。

image: postgres@sha256:fd03421d521b789274856f57ba64914f8271255ef1415ac307cbc907121c8c7b

ダイジェストだけだと実際に使っている PostgreSQL のバージョンが読み取れず、挙動差の調査・再現性が落ちます（当該SHA256を公式タグに紐づけできない情報もあり）。postgres:VERSION@sha256:... のようにバージョンを明記するか、少なくとも該当バージョンをコメントで追記してください。

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.github/workflows/backend-test.yml at line 28, backend-test.yml currently
pins the Postgres container by digest only ("image: postgres@sha256:fd03421...")
which hides the actual Postgres version; update that image reference to include
the major/minor tag (e.g. "postgres:<VERSION>`@sha256`:...") or add a clear
comment stating the Postgres version next to the "image:
postgres@sha256:fd03421d521b789274856f57ba64914f8271255ef1415ac307cbc907121c8c7b"
line so the exact version is explicitly recorded for reproducibility and
debugging.

Source: Coding guidelines