FROM postgres:17-alpine

LABEL maintainer="Mosaic Stack <dev@mosaic.local>"
LABEL description="PostgreSQL 17 with pgvector extension"

# Update Alpine packages to patch Go stdlib vulnerabilities (CVE-2025-58183, CVE-2025-61726, CVE-2025-61728, CVE-2025-61729)
RUN apk update && apk upgrade

# Install build dependencies for pgvector
RUN apk add --no-cache --virtual .build-deps \
    git \
    build-base

# Clone and build pgvector v0.7.4 (without LLVM bitcode compilation)
RUN git clone --branch v0.7.4 https://github.com/pgvector/pgvector.git /tmp/pgvector \
    && cd /tmp/pgvector \
    && make OPTFLAGS="" with_llvm=no \
    && make install with_llvm=no \
    && rm -rf /tmp/pgvector

# Clean up build dependencies to reduce image size
RUN apk del .build-deps

# Copy initialization scripts
COPY init-scripts/ /docker-entrypoint-initdb.d/

# Expose PostgreSQL port
EXPOSE 5432