fix(docker): ship libpq-oauth-18.so and libcurl for PostgreSQL 18 OAuth

[dpage]

Summary

• The dpage/pgadmin4 container image ships libpq.so.5.18 but not libpq-oauth-18.so, the SASL OAUTHBEARER flow plugin that libpq 18 dlopens when a server uses an oauth pg_hba.conf rule. The plugin's runtime dependency libcurl.so.4 is also missing.
• As a result any attempt to connect to a PostgreSQL 18 server requiring OAuth fails with no OAuth flows are available (try installing the libpq-oauth package) before the flow can begin.
• This change adds libpq-oauth-18.so to the existing COPY --from=pg18-builder line (it sits next to libpq.so.5.18 in /usr/local/lib in postgres:18-alpine, built for the same Alpine/musl ABI) and installs the libcurl apk package so libcurl.so.4 is present for the plugin to dlopen at runtime.

Scope is intentionally limited to the packaging gap that makes the plugin unloadable. libpq-oauth's only implemented flow is device-authorization (RFC 8628), and surfacing its Visit https://… and enter the code: XXX-YYY prompt to the pgAdmin web UI is a separate, larger piece of work (PQauthDataHook plus front-end changes) outside the scope of this fix.

Test plan

• check-container-build CI workflow builds the image successfully.
• Manual smoke (post-merge or in a local build): inside the resulting image, ctypes.CDLL("/usr/lib/libpq-oauth-18.so") succeeds, and connecting to a PostgreSQL 18 server with an oauth pg_hba.conf rule reaches the OAuth flow instead of failing with "no OAuth flows are available".

Closes #9951

Summary by CodeRabbit

• Chores
  • Updated runtime dependencies to include curl support
  • Added PostgreSQL OAuth library to runtime image

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: f54e98f5-e01e-4f1b-83a7-eceffe766255

📥 Commits

Reviewing files that changed from the base of the PR and between 86a8b16 and 18f0d51.

📒 Files selected for processing (1)

• Dockerfile

---

Walkthrough

The Dockerfile is updated to enable PostgreSQL 18 SASL OAUTHBEARER authentication support in the final runtime image by adding the libcurl runtime library and copying the libpq-oauth-18.so plugin from the PostgreSQL 18 builder stage.

Changes

Docker Runtime Dependencies for PostgreSQL 18 OAuth Support

Layer / File(s)	Summary
Runtime dependencies for PostgreSQL 18 OAuth authentication Dockerfile	Adds libcurl to the Alpine runtime packages and updates the PostgreSQL 18 builder stage copy to include libpq-oauth-18.so, enabling the libpq OAuth flow plugin to load and function in the final image.

🎯 1 (Trivial) | ⏱️ ~2 minutes

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main changes: adding libpq-oauth-18.so and libcurl to support PostgreSQL 18 OAuth authentication in the Docker image.
Linked Issues check	✅ Passed	The PR fully addresses the coding requirements from issue #9951: copying libpq-oauth-18.so from postgres:18-alpine and installing libcurl via apk to enable OAuth plugin functionality.
Out of Scope Changes check	✅ Passed	All changes are within scope; the Dockerfile modifications are limited to packaging the necessary OAuth dependencies without attempting UI-level integration work.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[asheshv]

LGTM