From 8010a5bab33e66c49cff67be69f2064ba3a3c626 Mon Sep 17 00:00:00 2001
From: Francesco Canovai <francesco.canovai@enterprisedb.com>
Date: Mon, 12 May 2025 15:01:06 +0200
Subject: [PATCH] build: halt build if PG can have a minor upgrade (#187)

When building a system image, we start from a community postgres image.
There is the chance that newer postgres packages are released, and they
could be upgraded when installing the supported extensions. We want to
prevent this scenario, as it could lead to unexpected versions in the
container image.

Closes #186

Signed-off-by: Francesco Canovai <francesco.canovai@enterprisedb.com>
---
 Debian/Dockerfile.template | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/Debian/Dockerfile.template b/Debian/Dockerfile.template
index 7803c384..91304355 100644
--- a/Debian/Dockerfile.template
+++ b/Debian/Dockerfile.template
@@ -31,6 +31,11 @@ COPY requirements.txt /
 # Install additional extensions
 RUN set -xe; \
 	apt-get update; \
+	if apt list --upgradable 2>/dev/null | grep -q '^postgres'; then \
+		echo "ERROR: Upgradable postgres packages found!"; \
+		apt list --upgradable 2>/dev/null | grep '^postgres'; \
+		exit 1; \
+	fi; \
 	apt-get install -y --no-install-recommends \
 		"postgresql-${PG_MAJOR}-pgaudit" \
 		"postgresql-${PG_MAJOR}-pgvector" \