feat: Upgrade docker compose Postgres + Redis

[kingston]

Summary by CodeRabbit

• New Features

  • Upgraded PostgreSQL and Redis to the latest Alpine versions in generated Docker Compose files.
  • Improved security by using environment variables for credentials, adding privilege restrictions, and requiring authentication for Redis health checks.
  • Introduced a custom internal bridge network for service isolation.
  • Added memory limits and eviction policy for Redis to support BullMQ.
  • Generated .env.example files to document environment variables for easier setup.
  • Enhanced logging configuration to prevent excessive disk usage.

• Bug Fixes

  • Corrected interface references for Redis configuration.

• Breaking Changes

  • Updated configuration parameters required for PostgreSQL and Redis generators. Existing projects may need to adjust settings.

[changeset-bot]

🦋 Changeset detected

Latest commit: 4bdac4c

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 17 packages

Name	Type
@baseplate-dev/core-generators	Patch
@baseplate-dev/fastify-generators	Patch
@baseplate-dev/project-builder-server	Patch
@baseplate-dev/react-generators	Patch
@baseplate-dev/plugin-auth	Patch
@baseplate-dev/plugin-storage	Patch
@baseplate-dev/project-builder-cli	Patch
@baseplate-dev/project-builder-common	Patch
@baseplate-dev/project-builder-test	Patch
@baseplate-dev/project-builder-web	Patch
@baseplate-dev/code-morph	Patch
@baseplate-dev/create-project	Patch
@baseplate-dev/project-builder-lib	Patch
@baseplate-dev/sync	Patch
@baseplate-dev/tools	Patch
@baseplate-dev/ui-components	Patch
@baseplate-dev/utils	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
baseplate-project-builder-web	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Jul 10, 2025 0:58am

[coderabbitai]

Walkthrough

This change enhances the Docker Compose generation in the core generators package by upgrading PostgreSQL and Redis versions, improving security and networking, refining environment variable management, and updating interfaces and generator signatures. It introduces new configuration parameters, custom network support, and generates both .env and .env.example files.

Changes

Files/Paths	Change Summary
.changeset/improve-docker-compose-security.md	Documents comprehensive Docker Compose improvements, security enhancements, interface updates, and breaking changes.
packages/core-generators/src/generators/docker/docker-compose/docker-compose.generator.ts	Adds custom network config, updates environment file generation, passes new config params, and generates .env.example.
packages/core-generators/src/generators/docker/docker-compose/postgres.ts	Updates Postgres image, adds database and projectName to config/interface, enhances security, logging, and healthcheck.
packages/core-generators/src/generators/docker/docker-compose/redis.ts	Renames interface to RedisConfig, adds projectName, updates Redis image, logging, security, and healthcheck.
packages/core-generators/src/generators/docker/docker-compose/types.ts	Extends DockerComposeOutput interface to include optional networks property.

Sequence Diagram(s)

sequenceDiagram
    participant User
    participant DockerComposeGenerator
    participant PostgresGenerator
    participant RedisGenerator
    participant FileSystem

    User->>DockerComposeGenerator: Invoke generator with config
    DockerComposeGenerator->>PostgresGenerator: Generate Postgres YAML (with database, projectName)
    DockerComposeGenerator->>RedisGenerator: Generate Redis YAML (with projectName)
    DockerComposeGenerator->>DockerComposeGenerator: Add custom network config
    DockerComposeGenerator->>DockerComposeGenerator: Prepare .env and .env.example files
    DockerComposeGenerator->>FileSystem: Write docker-compose.yaml, .env, .env.example
    FileSystem-->>User: Files generated

Loading

✨ Finishing Touches

• 📝 Generate Docstrings

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (2)

packages/core-generators/src/generators/docker/docker-compose/docker-compose.generator.ts (1)

100-100: Consider environment naming convention.

The current naming uses ${projectName}-dev for the compose project name. Based on the retrieved learnings about environment naming conventions, consider if this aligns with your project's environment naming standards.

If you follow different environment naming conventions, you might want to make this configurable:

-        const envVars = [`COMPOSE_PROJECT_NAME=${projectName}-dev`];
+        const envVars = [`COMPOSE_PROJECT_NAME=${projectName}-dev`]; // or make this configurable

.changeset/improve-docker-compose-security.md (1)

11-11: Fix markdown formatting for the URL.

The bare URL should be properly formatted to resolve the markdown lint issue.

Apply this fix:

-- For existing projects, follow the upgrade guide at https://docs.baseplate.dev/guides/upgrading-postgres/
+- For existing projects, follow the upgrade guide at <https://docs.baseplate.dev/guides/upgrading-postgres/>

📜 Review details

Configuration used: .coderabbit.yaml
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between f3bd169 and 4bdac4c.

📒 Files selected for processing (5)

• .changeset/improve-docker-compose-security.md (1 hunks)
• packages/core-generators/src/generators/docker/docker-compose/docker-compose.generator.ts (5 hunks)
• packages/core-generators/src/generators/docker/docker-compose/postgres.ts (2 hunks)
• packages/core-generators/src/generators/docker/docker-compose/redis.ts (1 hunks)
• packages/core-generators/src/generators/docker/docker-compose/types.ts (1 hunks)

🧰 Additional context used

📓 Path-based instructions (4)

`**/*.{ts,tsx}`: TypeScript with strict type checking Node 16 module resolution ...

**/*.{ts,tsx}: TypeScript with strict type checking
Node 16 module resolution - include file extensions in imports (.js)
Sort imports by group: external libs first, then local imports
Use camelCase for variables/functions, PascalCase for types/classes
Always include return types on top-level functions including React components (React.ReactElement)
Include absolute paths in import statements via tsconfig paths (@src/ is the alias for src/)
Order functions such that functions are placed below the variables/functions they use
If a particular interface or type is not exported, change the file so it is exported
Prefer using nullish coalescing operator (??) instead of logical or (||)
Use console.info/warn/error instead of console.log
Always use .js extensions in imports, even for TypeScript files
Specify explicit return types on all functions

📄 Source: CodeRabbit Inference Engine (CLAUDE.md)

List of files the instruction was applied to:

• packages/core-generators/src/generators/docker/docker-compose/types.ts
• packages/core-generators/src/generators/docker/docker-compose/postgres.ts
• packages/core-generators/src/generators/docker/docker-compose/redis.ts
• packages/core-generators/src/generators/docker/docker-compose/docker-compose.generator.ts

`**/*`: Use kebab-case for file names

**/*: Use kebab-case for file names

📄 Source: CodeRabbit Inference Engine (CLAUDE.md)

List of files the instruction was applied to:

• packages/core-generators/src/generators/docker/docker-compose/types.ts
• packages/core-generators/src/generators/docker/docker-compose/postgres.ts
• packages/core-generators/src/generators/docker/docker-compose/redis.ts
• packages/core-generators/src/generators/docker/docker-compose/docker-compose.generator.ts

`{packages,plugins}/**/*.{ts,tsx}`: Use TypeScript with strict type checking ena...

{packages,plugins}/**/*.{ts,tsx}: Use TypeScript with strict type checking enabled
All functions (excluding one-liner arrow functions) require explicit return types
Use camelCase for variables and functions
Use PascalCase for types and classes
Prefer functional programming patterns
Extract repeated components into distinct functions or components where applicable

📄 Source: CodeRabbit Inference Engine (.cursor/rules/code-style.mdc)

List of files the instruction was applied to:

• packages/core-generators/src/generators/docker/docker-compose/types.ts
• packages/core-generators/src/generators/docker/docker-compose/postgres.ts
• packages/core-generators/src/generators/docker/docker-compose/redis.ts
• packages/core-generators/src/generators/docker/docker-compose/docker-compose.generator.ts

`.changeset/*.md`: If you are adding a new feature or changing an existing feature, add a new Changeset in the `.changeset/` directory

.changeset/*.md: If you are adding a new feature or changing an existing feature, add a new Changeset in the .changeset/ directory

📄 Source: CodeRabbit Inference Engine (CLAUDE.md)

List of files the instruction was applied to:

• .changeset/improve-docker-compose-security.md

🧠 Learnings (1)

packages/core-generators/src/generators/docker/docker-compose/docker-compose.generator.ts (1)

Learnt from: kingston
PR: halfdomelabs/baseplate#598
File: packages/fastify-generators/src/generators/yoga/yoga-plugin/templates/src/plugins/graphql/index.ts:18-18
Timestamp: 2025-07-10T06:49:07.704Z
Learning: In React projects using Vite, keep the .env file naming convention as .env.development, .env.production, etc. even when internal application environment values use shorter abbreviations like 'dev', 'stage', 'prod'. This follows Vite's mode conventions.

🪛 markdownlint-cli2 (0.17.2)

.changeset/improve-docker-compose-security.md

11-11: Bare URL used

(MD034, no-bare-urls)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: test
• GitHub Check: Test E2E
• GitHub Check: Lint

🔇 Additional comments (11)

packages/core-generators/src/generators/docker/docker-compose/types.ts (1)

4-4: LGTM! Clean interface extension for network support.

The addition of the optional networks property properly supports the new custom bridge network feature introduced in this PR.

packages/core-generators/src/generators/docker/docker-compose/redis.ts (2)

3-7: Good interface name fix and configuration extension.

The interface rename from PostgresConfig to RedisConfig correctly fixes the bug mentioned in the changeset. The addition of projectName aligns with the new container naming strategy.

---

22-22: Verify Redis CLI options in Docker Compose

Please confirm the following before merging:

• The template string \${REDIS_PASSWORD:-${config.password}} is escaped correctly in the generated docker-compose.yml so that Docker Compose sees ${REDIS_PASSWORD:-default} as intended.
• A 256 MB --maxmemory limit with --maxmemory-policy noeviction won’t cause unexpected failures under our BullMQ workload—once Redis hits the cap, writes will error out.
• The --save 20 1 RDB snapshot policy fits our durability vs. performance requirements (or consider disabling RDB or using AOF if we need different persistence guarantees).

packages/core-generators/src/generators/docker/docker-compose/postgres.ts (3)

6-8: Good interface extension for database configuration.

The addition of database and projectName fields properly supports the enhanced configuration requirements and aligns with the Redis interface changes.

---

16-25: Excellent PostgreSQL configuration updates.

The version upgrade to 17.5-alpine, security options, and environment variable configuration are well-implemented. The POSTGRES_INITDB_ARGS with UTF8 encoding is a good practice for consistent database initialization.

---

37-41: Well-configured PostgreSQL healthcheck.

The healthcheck correctly specifies the database and includes appropriate timing parameters with the start period. This ensures reliable container health monitoring.

packages/core-generators/src/generators/docker/docker-compose/docker-compose.generator.ts (4)

18-18: Good schema extension for database configuration.

The addition of the optional database field to the postgres schema aligns with the PostgreSQL interface updates and provides flexibility for database naming.

---

53-55: Correct parameter passing for updated interfaces.

The function calls are properly updated to include the new database and projectName parameters, maintaining consistency with the interface changes.

---

84-93: Well-implemented network configuration.

The custom bridge network generation is correctly implemented and only added when services exist. This provides proper network isolation for the services.

---

99-134: Excellent environment variable management.

The comprehensive environment variable generation for both .env and .env.example files with proper documentation comments significantly improves the developer experience.

.changeset/improve-docker-compose-security.md (1)

1-49: Comprehensive and well-documented changeset.

The changeset thoroughly documents all the improvements including version upgrades, security enhancements, networking improvements, and developer experience features. This provides excellent visibility into the changes for users.

[coderabbitai]

⚠️ Potential issue

Fix Redis healthcheck to include authentication.

The healthcheck command redis-cli ping will fail when a password is required. When Redis has authentication enabled, the ping command needs to authenticate.

Apply this fix to make the healthcheck work with password authentication:

-      test: ["CMD", "redis-cli", "ping"]
+      test: ["CMD", "redis-cli", "--no-auth-warning", "ping"]

Or alternatively, use a more robust approach:

-      test: ["CMD", "redis-cli", "ping"]
+      test: ["CMD", "redis-cli", "-a", "${REDIS_PASSWORD}", "ping"]

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	test: ["CMD", "redis-cli", "ping"]
	interval: 5s
	timeout: 2s
	retries: 2`,
	retries: 2
	start_period: 10s`,
	test: ["CMD", "redis-cli", "-a", "${REDIS_PASSWORD}", "ping"]
	interval: 5s
	timeout: 2s
	retries: 2
	start_period: 10s`,

🤖 Prompt for AI Agents

In packages/core-generators/src/generators/docker/docker-compose/redis.ts around
lines 33 to 37, the Redis healthcheck command uses `redis-cli ping` which fails
if Redis requires authentication. Update the healthcheck command to include the
password by adding the `-a <password>` option to the `redis-cli` command,
ensuring it authenticates before sending the ping. Replace the existing test
command with one that includes authentication or use a more robust approach that
handles password securely.