chore: bump Kamal accessories versions

[github-actions]

This PR updates Kamal accessories to their latest available versions on Docker Hub.

Updates Applied

• arcadedb (deploy.yml): 25.12.1 → 26.1.1
• ollama (deploy.yml): 0.13.5 → 0.15.1

---

Automated by Kamal Accessories Updater

[mergify]

🧪 CI Insights

Here's what we observed from your CI run for 98f801e.

🟢 All jobs passed!

But CI Insights is watching 👀

[claude]

Pull Request Review: Kamal Accessories Version Updates

Overview

This PR updates Docker image versions for ArcadeDB and Ollama accessories used in both Kamal deployment configuration and docker-compose. The updates are:

• ArcadeDB: 25.12.1 → 26.1.1
• Ollama: 0.13.5 → 0.15.1 (deploy.yml) and 0.14.3 → 0.15.1 (docker-compose.yml)

✅ Strengths

1. Automated & Consistent Process: The PR is generated by the automated Kamal Accessories Updater workflow, ensuring regular dependency updates
2. SHA256 Pinning: All image references include SHA256 digests, providing immutable references and preventing supply chain attacks
3. Complete Coverage: Updates are applied consistently across both deployment configurations (Kamal and docker-compose)
4. Clear Documentation: The PR body clearly documents what was updated and by which automation tool

🔍 Code Quality & Best Practices

Good Practices:

• ✅ Using image digests (SHA256) for reproducible builds
• ✅ Automated dependency management reduces manual errors
• ✅ Consistent formatting across configuration files

Observations:

• The docker-compose.yml shows Ollama jumping from 0.14.3 to 0.15.1 (skipping intermediate version shown in deploy.yml history)
• Both ArcadeDB and Ollama are critical infrastructure components that directly impact core functionality (database and vector embeddings)

⚠️ Potential Issues & Concerns

1. Version Compatibility Testing

Concern: These are major/minor version bumps without explicit compatibility validation

• ArcadeDB: 25.12.1 → 26.1.1 (major version bump from 25 to 26)
• Ollama: 0.13.5 → 0.15.1 (two minor versions)

Recommendation:

• Verify ArcadeDB 26.x maintains backward compatibility with the existing database schema
• Check if migration scripts or schema updates are needed
• Review ArcadeDB changelog for breaking changes: https://docs.arcadedb.com/#Release-Notes

2. Missing Integration Test Coverage

Issue: The CI workflow (.github/workflows/ci.yml) runs tests with Testcontainers, but doesn't validate against the specific versions in this PR before deployment

Recommendation:

# Consider adding a step to the CI that validates with the exact versions
- name: Validate with updated dependencies
  run: |
    docker-compose up -d arcadedb ollama
    mvn test
    docker-compose down

3. Ollama Model Compatibility

Concern: The codebase uses all-minilm:l6-v2 model with 384 dimensions. Need to verify Ollama 0.15.1 still supports this model correctly

Recommendation:

• Test the embedding generation with the new Ollama version
• Verify embedding dimensions remain at 384 (as configured in LINKLIFT_OLLAMA_DIMENSIONS)

4. Database Migration Safety

Critical: ArcadeDB major version update (25→26) may require data migration

Recommendation:

• Check if existing databases from 25.x are compatible with 26.x
• Document any required migration steps
• Consider testing the upgrade path with a backup of production data
• Review: /home/runner/work/linklift/linklift/config/deploy.yml:44-46 - ensure volume mounts preserve data correctly

🔒 Security Considerations

Good:

• ✅ SHA256 digests prevent image substitution attacks
• ✅ Using official images from trusted registries (arcadedata, ollama)

Recommendations:

• Consider reviewing the vulnerability scan results from the CI workflow's Anchore scan for the new image versions
• The Postgres plugin enabled in ArcadeDB (config/deploy.yml:49) should be reviewed for security updates in version 26.1.1

⚡ Performance Considerations

ArcadeDB 26.1.1:

• Review release notes for performance improvements or regressions
• Monitor query performance after deployment, especially for vector search operations

Ollama 0.15.1:

• Check if embedding generation performance changed
• Monitor memory usage (Ollama container uses ollama_models volume)

🧪 Test Coverage Recommendations

Current Gap: No automated tests verify the application works with these specific dependency versions

Recommendations:

1. Add integration tests that run against the actual docker-compose stack
2. Include E2E tests for vector search functionality with real Ollama (mvn test -Pe2e-tests)
3. Consider adding the following test validation:

# Before merging, manually verify:
docker-compose up -d
# Wait for services to be healthy
curl http://localhost:7070/up  # Should return OK
curl http://localhost:2480/api/v1/ready  # ArcadeDB health
curl http://localhost:11434/  # Ollama health

# Test embedding generation
curl -X POST http://localhost:11434/api/embeddings \
  -H "Content-Type: application/json" \
  -d '{"model":"all-minilm:l6-v2","prompt":"test"}'

# Test link creation with vector embedding
curl -X PUT http://localhost:7070/api/v1/link \
  -H "Content-Type: application/json" \
  -d '{"url":"https://test.com","title":"Test","description":"Test description"}'

📋 Action Items Before Merge

High Priority:

1. Review ArcadeDB 26.x release notes and breaking changes
2. Verify database compatibility/migration requirements
3. Test Ollama 0.15.1 with all-minilm:l6-v2 model locally
4. Run integration tests against the updated docker-compose stack

Medium Priority:
5. [ ] Check Ollama changelog for embedding API changes
6. [ ] Verify PostgreSQL plugin compatibility in ArcadeDB 26.x
7. [ ] Monitor CI test results

Nice to Have:
8. [ ] Add automated integration test that validates docker-compose stack
9. [ ] Document upgrade testing procedure for future dependency updates

🎯 Overall Assessment

Quality: The PR follows good practices with SHA256 pinning and automated updates.

Risk Level: Medium-High due to ArcadeDB major version bump and lack of automated integration testing against the new versions.

Recommendation: Conditional Approval - Merge after verifying:

1. ArcadeDB 26.x compatibility
2. Ollama 0.15.1 works with the embedding model
3. Local testing with the updated docker-compose stack

The automated update process is excellent, but for major version bumps like ArcadeDB 25→26, consider adding a manual review gate or automated integration testing.

---

Review conducted with focus on hexagonal architecture principles and the project's emphasis on testability and maintainability.