Skip to content

feat: revoke supabase_storage_admin from postgres #2267

feat: revoke supabase_storage_admin from postgres

feat: revoke supabase_storage_admin from postgres #2267

Workflow file for this run

name: Test Database
on:
push:
branches:
- develop
pull_request:
workflow_dispatch:
jobs:
build:
strategy:
matrix:
include:
- runner: [self-hosted, X64]
arch: amd64
- runner: arm-runner
arch: arm64
runs-on: ${{ matrix.runner }}
timeout-minutes: 180
env:
POSTGRES_PORT: 5478
POSTGRES_PASSWORD: password
steps:
- uses: actions/checkout@v3
- id: args
uses: mikefarah/yq@master
with:
cmd: yq 'to_entries | map(select(.value|type == "!!str")) | map(.key + "=" + .value) | join("\n")' 'ansible/vars.yml'
- run: docker context create builders
- uses: docker/setup-buildx-action@v3
with:
endpoint: builders
- uses: docker/build-push-action@v5
with:
load: true
context: .
target: production
build-args: |
${{ steps.args.outputs.result }}
tags: supabase/postgres:latest
cache-from: |
type=gha,scope=${{ github.ref_name }}-latest-${{ matrix.arch }}
type=gha,scope=${{ github.base_ref }}-latest-${{ matrix.arch }}
cache-to: type=gha,mode=max,scope=${{ github.ref_name }}-latest-${{ matrix.arch }}
- name: Start Postgres
run: |
docker run --rm --pull=never \
-e POSTGRES_PASSWORD=${{ env.POSTGRES_PASSWORD }} \
-p ${{ env.POSTGRES_PORT }}:5432 \
--name supabase_postgres \
-d supabase/postgres:latest
- name: Install psql
run: |
sudo apt update
sudo apt install -y --no-install-recommends postgresql-client
- name: Install pg_prove
run: sudo cpan -T TAP::Parser::SourceHandler::pgTAP
env:
SHELL: /bin/bash
- name: Wait for healthy database
run: |
count=0
until [ "$(docker inspect -f '{{.State.Health.Status}}' "$container")" == "healthy" ]; do
exit=$?
count=$((count + 1))
if [ $count -ge "$retries" ]; then
echo "Retry $count/$retries exited $exit, no more retries left."
docker stop -t 2 "$container"
return $exit
fi
sleep 1;
done;
echo "$container container is healthy"
env:
retries: 20
container: supabase_postgres
- name: Run tests
run: pg_prove migrations/tests/test.sql
env:
PGHOST: localhost
PGPORT: ${{ env.POSTGRES_PORT }}
PGDATABASE: postgres
PGUSER: supabase_admin
PGPASSWORD: ${{ env.POSTGRES_PASSWORD }}
- name: Check migrations are idempotent
run: |
for sql in ./migrations/db/migrations/*.sql; do
echo "$0: running $sql"
psql -v ON_ERROR_STOP=1 --no-password --no-psqlrc -f "$sql"
done
env:
PGHOST: localhost
PGPORT: ${{ env.POSTGRES_PORT }}
PGDATABASE: postgres
PGUSER: supabase_admin
PGPASSWORD: ${{ env.POSTGRES_PASSWORD }}
schema:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: verify schema.sql is committed
run: |
docker compose -f migrations/docker-compose.yaml up db dbmate --abort-on-container-exit
if ! git diff --ignore-space-at-eol --exit-code --quiet migrations/schema.sql; then
echo "Detected uncommitted changes after build. See status below:"
git diff
exit 1
fi