Skip to content

Feature/supabase 2025 #131

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
luizfelmach wants to merge 5 commits into
base: main
Choose a base branch
from
+410 −242
Open

Feature/supabase 2025 #131

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
95199e5
refactor: migrate project to Supabase 2025 updates
luizfelmach Nov 22, 2025
a58aad1
fix: broken ssl on realtime and probe on studio
luizfelmach Nov 22, 2025
688d09b
build
luizfelmach Nov 24, 2025
0906d72
fix: fix too few spaces before comment
luizfelmach Dec 20, 2025
d03ceb6
fix: remove unused DB_USER from test connection db
luizfelmach Dec 20, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Binary file added build/supabase-0.2.0.tgz
View file
Open in desktop
Binary file not shown.
2 changes: 1 addition & 1 deletion charts/supabase/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.1.3
version: 0.2.0

# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
Expand Down
44 changes: 17 additions & 27 deletions charts/supabase/templates/analytics/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,21 +40,13 @@ spec:
value: {{ .Values.analytics.environment.DB_HOST | quote }}
{{- end }}
- name: DB_USER
valueFrom:
secretKeyRef:
{{- if .Values.secret.db.secretRef }}
name: {{ .Values.secret.db.secretRef }}
key: {{ .Values.secret.db.secretRefKey.username | default "username" }}
{{- else }}
name: {{ include "supabase.secret.db" . }}
key: username
{{- end }}
value: $(DB_USERNAME)
- name: DB_PORT
value: {{ .Values.analytics.environment.DB_PORT | quote }}
command: ["/bin/sh", "-c"]
args:
- |
until pg_isready -h $(DB_HOST) -p $(DB_PORT) -U $(DB_USER); do
until pg_isready -h $(DB_HOST) -p $(DB_PORT) -U postgres; do
echo "Waiting for database to start..."
sleep 2
done
Expand All @@ -70,10 +62,12 @@ spec:
- name: {{ $key }}
value: {{ $value | quote }}
{{- end }}
{{- if .Values.db.enabled }}
- name: DB_HOSTNAME
value: {{ include "supabase.db.fullname" . }}
{{- end }}
{{- if .Values.db.enabled }}
value: {{ include "supabase.db.fullname" . | quote }}
{{- else }}
value: {{ .Values.auth.environment.DB_HOST | quote }}
{{- end }}
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
Expand All @@ -94,25 +88,25 @@ spec:
name: {{ include "supabase.secret.db" . }}
key: password_encoded
{{- end }}
- name: DB_DATABASE
- name: LOGFLARE_PUBLIC_ACCESS_TOKEN
valueFrom:
secretKeyRef:
{{- if .Values.secret.db.secretRef }}
name: {{ .Values.secret.db.secretRef }}
key: {{ .Values.secret.db.secretRefKey.database | default "database" }}
{{- if .Values.secret.analytics.secretRef }}
name: {{ .Values.secret.analytics.secretRef }}
key: {{ .Values.secret.analytics.secretRefKey.publicAccessToken | default "apiKey" }}
{{- else }}
name: {{ include "supabase.secret.db" . }}
key: database
name: {{ include "supabase.secret.analytics" . }}
key: publicAccessToken
{{- end }}
- name: LOGFLARE_API_KEY
- name: LOGFLARE_PRIVATE_ACCESS_TOKEN
valueFrom:
secretKeyRef:
{{- if .Values.secret.analytics.secretRef }}
name: {{ .Values.secret.analytics.secretRef }}
key: {{ .Values.secret.analytics.secretRefKey.apiKey | default "apiKey" }}
key: {{ .Values.secret.analytics.secretRefKey.privateAccessToken | default "apiKey" }}
{{- else }}
name: {{ include "supabase.secret.analytics" . }}
key: apiKey
key: privateAccessToken
{{- end }}
{{- if .Values.analytics.bigQuery.enabled }}
- name: GOOGLE_PROJECT_ID
Expand All @@ -122,10 +116,6 @@ spec:
{{- else }}
- name: POSTGRES_BACKEND_URL
value: $(DB_DRIVER)://$(DB_USERNAME):$(DB_PASSWORD_ENC)@$(DB_HOSTNAME):$(DB_PORT)/$(DB_DATABASE)
- name: POSTGRES_BACKEND_SCHEMA
value: $(DB_SCHEMA)
- name: LOGFLARE_FEATURE_FLAG_OVERRIDE
value: $(FEATURE_FLAG_OVERRIDE)
{{- end }}
{{- with .Values.analytics.livenessProbe }}
livenessProbe:
Expand Down Expand Up @@ -176,4 +166,4 @@ spec:
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
{{- end }}
14 changes: 2 additions & 12 deletions charts/supabase/templates/auth/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,22 +39,12 @@ spec:
{{- else }}
value: {{ .Values.auth.environment.DB_HOST | quote }}
{{- end }}
- name: DB_USER
valueFrom:
secretKeyRef:
{{- if .Values.secret.db.secretRef }}
name: {{ .Values.secret.db.secretRef }}
key: {{ .Values.secret.db.secretRefKey.username | default "username" }}
{{- else }}
name: {{ include "supabase.secret.db" . }}
key: username
{{- end }}
- name: DB_PORT
value: {{ .Values.auth.environment.DB_PORT | quote }}
command: ["/bin/sh", "-c"]
args:
- |
until pg_isready -h $(DB_HOST) -p $(DB_PORT) -U $(DB_USER); do
until pg_isready -h $(DB_HOST) -p $(DB_PORT) -U postgres; do
echo "Waiting for database to start..."
sleep 2
done
Expand Down Expand Up @@ -178,4 +168,4 @@ spec:
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
{{- end }}
36 changes: 24 additions & 12 deletions charts/supabase/templates/db/initdb.config.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,13 +10,21 @@ data:
\set jwt_secret `echo "$JWT_SECRET"`
\set jwt_exp `echo "$JWT_EXP"`

ALTER DATABASE postgres SET "app.settings.jwt_secret" TO :jwt_secret;
ALTER DATABASE postgres SET "app.settings.jwt_exp" TO :jwt_exp;
99-logs.sql: |
ALTER DATABASE postgres SET "app.settings.jwt_secret" TO :'jwt_secret';
ALTER DATABASE postgres SET "app.settings.jwt_exp" TO :'jwt_exp';
99-pooler.sql: |
\set pguser `echo "$POSTGRES_USER"`

\c _supabase
create schema if not exists _supavisor;
alter schema _supavisor owner to :pguser;
\c postgres
99-logs.sql: |
\set pguser `echo "$POSTGRES_USER"`
\c _supabase
create schema if not exists _analytics;
alter schema _analytics owner to :pguser;
\c postgres
99-realtime.sql: |
\set pguser `echo "$POSTGRES_USER"`

Expand All @@ -31,6 +39,10 @@ data:
ALTER USER supabase_auth_admin WITH PASSWORD :'pgpass';
ALTER USER supabase_functions_admin WITH PASSWORD :'pgpass';
ALTER USER supabase_storage_admin WITH PASSWORD :'pgpass';
97-_supabase.sql: |
\set pguser `echo "$POSTGRES_USER"`

CREATE DATABASE _supabase WITH OWNER :pguser;
98-webhooks.sql: |
BEGIN;
-- Create pg_net extension
Expand Down Expand Up @@ -75,29 +87,29 @@ data:
IF url IS NULL OR url = 'null' THEN
RAISE EXCEPTION 'url argument is missing';
END IF;

IF method IS NULL OR method = 'null' THEN
RAISE EXCEPTION 'method argument is missing';
END IF;

IF TG_ARGV[2] IS NULL OR TG_ARGV[2] = 'null' THEN
headers = '{"Content-Type": "application/json"}'::jsonb;
ELSE
headers = TG_ARGV[2]::jsonb;
END IF;

IF TG_ARGV[3] IS NULL OR TG_ARGV[3] = 'null' THEN
params = '{}'::jsonb;
ELSE
params = TG_ARGV[3]::jsonb;
END IF;

IF TG_ARGV[4] IS NULL OR TG_ARGV[4] = 'null' THEN
timeout_ms = 1000;
ELSE
timeout_ms = TG_ARGV[4]::integer;
END IF;

CASE
WHEN method = 'GET' THEN
SELECT http_get INTO request_id FROM net.http_get(
Expand All @@ -114,7 +126,7 @@ data:
'table', TG_TABLE_NAME,
'schema', TG_TABLE_SCHEMA
);

SELECT http_post INTO request_id FROM net.http_post(
url,
payload,
Expand All @@ -125,12 +137,12 @@ data:
ELSE
RAISE EXCEPTION 'method argument % is invalid', method;
END CASE;

INSERT INTO supabase_functions.hooks
(hook_table_id, hook_name, request_id)
VALUES
(TG_RELID, TG_NAME, request_id);

RETURN NEW;
END
$function$;
Expand Down Expand Up @@ -240,4 +252,4 @@ data:
REVOKE ALL ON FUNCTION supabase_functions.http_request() FROM PUBLIC;
GRANT EXECUTE ON FUNCTION supabase_functions.http_request() TO postgres, anon, authenticated, service_role;
COMMIT;
{{- end }}
{{- end }}
2 changes: 1 addition & 1 deletion charts/supabase/templates/db/migration.config.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,4 +7,4 @@ metadata:
{{- include "supabase.labels" . | nindent 4 }}
data:
{{- toYaml .Values.db.config | nindent 2 }}
{{- end }}
{{- end }}
2 changes: 1 addition & 1 deletion charts/supabase/templates/db/service.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,4 +14,4 @@ spec:
name: http
selector:
{{- include "supabase.db.selectorLabels" . | nindent 4 }}
{{- end }}
{{- end }}
2 changes: 1 addition & 1 deletion charts/supabase/templates/db/serviceaccount.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,4 +11,4 @@ metadata:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
34 changes: 21 additions & 13 deletions charts/supabase/templates/db/deployment.yaml → ...ts/supabase/templates/db/statefulset.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{{- if .Values.db.enabled -}}
apiVersion: apps/v1
kind: Deployment
kind: StatefulSet
metadata:
name: {{ include "supabase.db.fullname" . }}
labels:
Expand Down Expand Up @@ -39,8 +39,12 @@ spec:
cp -r /docker-entrypoint-initdb.d/* /initdb.d/
cp /custom-init-scripts/98-webhooks.sql /initdb.d/init-scripts/
cp /custom-init-scripts/99-roles.sql /initdb.d/init-scripts/
cp /custom-init-scripts/99-jwt.sql /initdb.d/init-scripts/

cp /custom-init-scripts/99-logs.sql /initdb.d/migrations/
cp /custom-init-scripts/99-realtime.sql /initdb.d/migrations/
cp /custom-init-scripts/97-_supabase.sql /initdb.d/migrations/
cp /custom-init-scripts/99-pooler.sql /initdb.d/migrations/

echo "Copying user-defined migration scripts..."
cp /custom-migrations/* /initdb.d/migrations/ || echo "Skip migrations"
Expand All @@ -58,21 +62,15 @@ spec:
{{- toYaml .Values.db.securityContext | nindent 12 }}
image: "{{ .Values.db.image.repository }}:{{ .Values.db.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.db.image.pullPolicy }}
lifecycle:
preStop:
exec:
command: ["/bin/sh", "-c", "pg_ctl -D /var/lib/postgres/data -w -t 60 -m fast stop"]
env:
{{- range $key, $value := .Values.db.environment }}
- name: {{ $key }}
value: {{ $value | quote }}
{{- end }}
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
{{- if .Values.secret.db.secretRef }}
name: {{ .Values.secret.db.secretRef }}
key: {{ .Values.secret.db.secretRefKey.username | default "username" }}
{{- else }}
name: {{ include "supabase.secret.db" . }}
key: username
{{- end }}
- name: PGPASSWORD
valueFrom:
secretKeyRef:
Expand Down Expand Up @@ -113,6 +111,16 @@ spec:
name: {{ include "supabase.secret.db" . }}
key: database
{{- end }}
- name: JWT_SECRET
valueFrom:
secretKeyRef:
{{- if .Values.secret.jwt.secretRef }}
name: {{ .Values.secret.jwt.secretRef }}
key: {{ .Values.secret.jwt.secretRefKey.secret | default "database" }}
{{- else }}
name: {{ include "supabase.secret.jwt" . }}
key: secret
{{- end }}
{{- with .Values.db.livenessProbe }}
livenessProbe:
{{- toYaml . | nindent 12 }}
Expand All @@ -123,7 +131,7 @@ spec:
{{- end }}
ports:
- name: http
containerPort: 9999
containerPort: 5432
protocol: TCP
volumeMounts:
- mountPath: /docker-entrypoint-initdb.d
Expand Down Expand Up @@ -170,4 +178,4 @@ spec:
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
{{- end }}
14 changes: 12 additions & 2 deletions charts/supabase/templates/functions/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,11 +38,21 @@ spec:
{{- toYaml .Values.functions.securityContext | nindent 12 }}
image: "{{ .Values.functions.image.repository }}:{{ .Values.functions.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.functions.image.pullPolicy }}
{{- if .Values.functions.envFrom }}
envFrom:
{{- toYaml .Values.functions.envFrom | nindent 12 }}
{{- end }}
env:
{{- range $key, $value := .Values.functions.environment }}
- name: {{ $key }}
value: {{ $value | quote }}
{{- end }}

{{- if .Values.kong.enabled }}
- name: SUPABASE_URL
value: http://{{ include "supabase.kong.fullname" . }}:{{ .Values.kong.service.port }}
{{- end }}

- name: DB_HOSTNAME
{{- if .Values.db.enabled }}
value: {{ include "supabase.db.fullname" . }}
Expand Down Expand Up @@ -109,7 +119,7 @@ spec:
name: {{ include "supabase.secret.jwt" . }}
key: serviceKey
{{- end }}
- name: POSTGRES_BACKEND_URL
- name: SUPABASE_DB_URL
value: $(DB_DRIVER)://$(DB_USERNAME):$(DB_PASSWORD_ENC)@$(DB_HOSTNAME):$(DB_PORT)/$(DB_DATABASE)?search_path=auth&sslmode=$(DB_SSL)
{{- with .Values.functions.livenessProbe }}
livenessProbe:
Expand Down Expand Up @@ -148,4 +158,4 @@ spec:
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
{{- end }}
Loading