chore(deps)!: upgrade sqitch to v7

README.md

@@ -74,27 +74,27 @@ This project is deployed in accordance to the [DargStack template](https://githu
 
     The database's password.
 
- - ### `postgres_role_grafana_password`
+ - ### `postgres_role_service_grafana_password`
 
     The password of the observation dashboard's database role.
 
- - ### `postgres_role_grafana_username`
+ - ### `postgres_role_service_grafana_username`
 
     The username of the observation dashboard's database role.
 
- - ### `postgres_role_postgraphile_password`
+ - ### `postgres_role_service_postgraphile_password`
 
     The password of the GraphQL API database wrapper's database role.
 
- - ### `postgres_role_postgraphile_username`
+ - ### `postgres_role_service_postgraphile_username`
 
     The username of the GraphQL API database wrapper's database role.
 
- - ### `postgres_role_vibetype_password`
+ - ### `postgres_role_service_vibetype_password`
 
     The `tusd` database role's password.
 
- - ### `postgres_role_vibetype_username`
+ - ### `postgres_role_service_vibetype_username`
 
     The `tusd` database role's password.
 

src/development/configurations/grafana/grafana.ini

@@ -1,8 +1,8 @@
 [database]
 host = postgres:5432
-password = $__file{/run/secrets/postgres_role_grafana_password}
+password = $__file{/run/secrets/postgres_role_service_grafana_password}
 type = postgres
-user = $__file{/run/secrets/postgres_role_grafana_username}
+user = $__file{/run/secrets/postgres_role_service_grafana_username}
 
 [security]
 admin_email = admin@localhost

src/development/stack.yml

@@ -34,24 +34,24 @@ secrets:
   postgres_password:
     # The database's password.
     file: ./secrets/postgres/password.secret
-  postgres_role_grafana_password:
+  postgres_role_service_grafana_password:
     # The password of the observation dashboard's database role.
-    file: ./secrets/postgres/role_grafana_password.secret
-  postgres_role_grafana_username:
+    file: ./secrets/postgres/role_service_grafana_password.secret
+  postgres_role_service_grafana_username:
     # The username of the observation dashboard's database role.
-    file: ./secrets/postgres/role_grafana_username.secret
-  postgres_role_postgraphile_password:
+    file: ./secrets/postgres/role_service_grafana_username.secret
+  postgres_role_service_postgraphile_password:
     # The password of the GraphQL API database wrapper's database role.
-    file: ./secrets/postgres/role_postgraphile_password.secret
-  postgres_role_postgraphile_username:
+    file: ./secrets/postgres/role_service_postgraphile_password.secret
+  postgres_role_service_postgraphile_username:
     # The username of the GraphQL API database wrapper's database role.
-    file: ./secrets/postgres/role_postgraphile_username.secret
-  postgres_role_vibetype_password:
+    file: ./secrets/postgres/role_service_postgraphile_username.secret
+  postgres_role_service_vibetype_password:
     # The `tusd` database role's password.
-    file: ./secrets/postgres/role_vibetype_password.secret
-  postgres_role_vibetype_username:
+    file: ./secrets/postgres/role_service_vibetype_password.secret
+  postgres_role_service_vibetype_username:
     # The `tusd` database role's password.
-    file: ./secrets/postgres/role_vibetype_username.secret
+    file: ./secrets/postgres/role_service_vibetype_username.secret
   postgres_user:
     # The database's default user.
     file: ./secrets/postgres/user.secret
@@ -146,8 +146,8 @@ services:
     image: grafana/grafana:11.6.0
     secrets:
       - postgres_db
-      - postgres_role_grafana_password
-      - postgres_role_grafana_username
+      - postgres_role_service_grafana_password
+      - postgres_role_service_grafana_username
     volumes:
       - ./configurations/grafana/grafana.ini:/etc/grafana/grafana.ini:ro
       - ../production/configurations/grafana/dashboards:/var/lib/grafana/dashboards:ro
@@ -273,22 +273,20 @@ services:
       POSTGRES_PASSWORD_FILE: /run/secrets/postgres_password
       POSTGRES_USER_FILE: /run/secrets/postgres_user
     image: postgis/postgis:17-3.5-alpine
-    # # Expose ports (only) e.g. to generate a database graph image or similar.
-    # ports:
-    #   - 5432:5432
+    ports: #DARGSTACK-REMOVE
+      - 5432:5432 #DARGSTACK-REMOVE
     secrets:
       - postgres_db
       - postgres_password
-      - postgres_role_grafana_password
-      - postgres_role_grafana_username
+      - postgres_role_service_grafana_password
+      - postgres_role_service_grafana_username
       - postgres_user
     # sysctls:
     #   # Prevent Docker Swarm from killing connections (https://github.com/moby/moby/issues/31208)
     #   - net.ipv4.tcp_keepalive_time=600
     #   - net.ipv4.tcp_keepalive_intvl=30
     #   - net.ipv4.tcp_keepalive_probes=10
     volumes:
-      - /run/:/run/ # make PGSQL socket available # #DARGSTACK-REMOVE
       - postgres_data:/var/lib/postgresql/data/
       - ../production/configurations/postgres/docker-entrypoint-initdb.d/additional-databases.sh:/docker-entrypoint-initdb.d/additional-databases.sh:ro
   prometheus:
@@ -360,14 +358,13 @@ services:
     # You cannot access the database migrations directly.
     image: maevsi/sqitch:dev
     secrets:
-      - postgres_role_postgraphile_password
-      - postgres_role_postgraphile_username
-      - postgres_role_vibetype_password
-      - postgres_role_vibetype_username
+      - postgres_role_service_postgraphile_password
+      - postgres_role_service_postgraphile_username
+      - postgres_role_service_vibetype_password
+      - postgres_role_service_vibetype_username
       - sqitch_target
     volumes:
       - ../../../sqitch/:/srv/app/
-      - /run/postgresql/:/run/postgresql/
   traefik:
     # You can access the reverse proxy's dashboard at [traefik.localhost](https://traefik.localhost/).
     command:
@@ -469,9 +466,9 @@ services:
         target: /run/environment-variables/NUXT_TURNSTILE_SECRET_KEY
       - source: postgres_db
         target: /run/environment-variables/PGDATABASE
-      - source: postgres_role_vibetype_password
+      - source: postgres_role_service_vibetype_password
         target: /run/environment-variables/PGPASSWORD
-      - source: postgres_role_vibetype_username
+      - source: postgres_role_service_vibetype_username
         target: /run/environment-variables/PGUSER
     user: node:node # files created inside a docker container, like node_modules by pnpm, gain correct permissions by setting the user to `node`
     volumes:

src/production/configurations/grafana/grafana.ini

@@ -1,8 +1,8 @@
 [database]
 host = postgres:5432
-password = $__file{/run/secrets/postgres_role_grafana_password}
+password = $__file{/run/secrets/postgres_role_service_grafana_password}
 type = postgres
-user = $__file{/run/secrets/postgres_role_grafana_username}
+user = $__file{/run/secrets/postgres_role_service_grafana_username}
 
 [paths]
 provisioning = /etc/configurations/provisioning

src/production/configurations/grafana/provisioning/datasources/postgres.yaml

@@ -8,7 +8,7 @@ datasources:
       sslmode: 'disable'
     name: PostgreSQL
     secureJsonData:
-      password: $__file{/run/secrets/postgres_role_grafana_password}
+      password: $__file{/run/secrets/postgres_role_service_grafana_password}
     type: grafana-postgresql-datasource
     url: postgres:5432
-    user: $__file{/run/secrets/postgres_role_grafana_username}
+    user: $__file{/run/secrets/postgres_role_service_grafana_username}

src/production/production.yml

@@ -81,7 +81,7 @@ services:
     image: ghcr.io/maevsi/reccoom:0.1.0
     volumes: (( prune ))
   sqitch:
-    image: ghcr.io/maevsi/sqitch:6.2.0
+    image: ghcr.io/maevsi/sqitch:7.0.0
     volumes: (( prune ))
   traefik:
     command:
@@ -127,7 +127,7 @@ services:
         - (( append ))
         - traefik.http.routers.vibetype.middlewares=vibetype_cors,vibetype_redirectregex
         - traefik.http.routers.vibetype_secure.tls.certresolver=default
-    image: ghcr.io/maevsi/vibetype:9.11.1
+    image: ghcr.io/maevsi/vibetype:10.0.0
     user: (( prune ))
   vibetype_beta:
     # You can access the main project frontend's beta version at [beta.localhost](https://beta.localhost/).
@@ -151,7 +151,7 @@ services:
       NUXT_PUBLIC_VIBETYPE_EMAIL_LIMIT24H: ${VIBETYPE_NUXT_PUBLIC_VIBETYPE_EMAIL_LIMIT24H}
       NUXT_PUBLIC_VIO_ENVIRONMENT: beta
       PGHOST: ${VIBETYPE_PGHOST}
-    image: ghcr.io/maevsi/vibetype:9.11.1
+    image: ghcr.io/maevsi/vibetype:10.0.0
     secrets:
       - source: vibetype_api-notification-secret
         target: /run/environment-variables/NUXT_PRIVATE_API_NOTIFICATION_SECRET
@@ -165,9 +165,9 @@ services:
         target: /run/environment-variables/NUXT_TURNSTILE_SECRET_KEY
       - source: postgres_db
         target: /run/environment-variables/PGDATABASE
-      - source: postgres_role_vibetype_password
+      - source: postgres_role_service_vibetype_password
         target: /run/environment-variables/PGPASSWORD
-      - source: postgres_role_vibetype_username
+      - source: postgres_role_service_vibetype_username
         target: /run/environment-variables/PGUSER
     volumes:
       - ./configurations/postgraphile/jwtRS256.key.pub:/run/environment-variables/NUXT_PUBLIC_VIO_AUTH_JWT_PUBLIC_KEY:ro