Lago/willhaben-tracker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: mount all migrations in compose, fix post-boot grants for new schema

Browse Source
This commit is contained in:
Jose Lago
2026-06-16 22:07:49 +02:00
parent 3136d55742
commit 0b19c3d8f2
2 changed files with 34 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docker-compose.yml
+2
View File
@@ -14,6 +14,8 @@ services:
- ./supabase/pg_hba.conf:/etc/postgresql/pg_hba.conf:ro - ./supabase/pg_hba.conf:/etc/postgresql/pg_hba.conf:ro
- ./supabase/migrations/00-run-init.sh:/docker-entrypoint-initdb.d/00-run-init.sh:ro - ./supabase/migrations/00-run-init.sh:/docker-entrypoint-initdb.d/00-run-init.sh:ro
- ./supabase/migrations/01-init.sql:/docker-entrypoint-initdb.d/01-init.sql:ro - ./supabase/migrations/01-init.sql:/docker-entrypoint-initdb.d/01-init.sql:ro
- ./supabase/migrations/02-image-and-pricing.sql:/docker-entrypoint-initdb.d/02-image-and-pricing.sql:ro
- ./supabase/migrations/03-global-keywords.sql:/docker-entrypoint-initdb.d/03-global-keywords.sql:ro
- ./supabase/migrations/post-boot.sql:/docker-entrypoint-initdb.d/post-boot.sql:ro - ./supabase/migrations/post-boot.sql:/docker-entrypoint-initdb.d/post-boot.sql:ro
command: > command: >
postgres postgres
supabase/migrations/post-boot.sql
+32 -4
View File
@@ -1,12 +1,40 @@
-- ============================================================ -- ============================================================
-- post-boot — runs after all migrations have been applied. -- post-boot — runs after all migrations have been applied.
-- Grants INSERT/UPDATE to authenticator on user-facing tables. -- Grants permissions to authenticator and supabase_admin,
-- Seeds initial admin user (telegram_id 298181113). -- then seeds initial admin user (telegram_id 298181113).
-- ============================================================ -- ============================================================
GRANT INSERT, UPDATE ON search_queries TO authenticator; -- -----------------------------------------------------------
GRANT INSERT, UPDATE ON notifications TO authenticator; -- supabase_admin — role for Supabase Studio / pg-meta
-- Uses explicit grants rather than SUPERUSER + hardcoded pass.
-- -----------------------------------------------------------
DO $$ BEGIN
IF NOT EXISTS (SELECT FROM pg_roles WHERE rolname = 'supabase_admin') THEN
CREATE ROLE supabase_admin WITH LOGIN;
END IF;
END $$;
GRANT USAGE ON SCHEMA public TO supabase_admin;
GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO supabase_admin;
GRANT USAGE, SELECT ON ALL SEQUENCES IN SCHEMA public TO supabase_admin;
ALTER DEFAULT PRIVILEGES IN SCHEMA public
GRANT SELECT, INSERT, UPDATE, DELETE ON TABLES TO supabase_admin;
ALTER DEFAULT PRIVILEGES IN SCHEMA public
GRANT USAGE, SELECT ON SEQUENCES TO supabase_admin;
-- -----------------------------------------------------------
-- authenticator — writes to user-facing tables (PostgREST)
-- -----------------------------------------------------------
GRANT SELECT, INSERT, UPDATE ON ALL TABLES IN SCHEMA public TO authenticator;
GRANT USAGE, SELECT ON ALL SEQUENCES IN SCHEMA public TO authenticator;
ALTER DEFAULT PRIVILEGES IN SCHEMA public
GRANT SELECT, INSERT, UPDATE ON TABLES TO authenticator;
ALTER DEFAULT PRIVILEGES IN SCHEMA public
GRANT USAGE, SELECT ON SEQUENCES TO authenticator;
-- -----------------------------------------------------------
-- Seed: initial admin user
-- -----------------------------------------------------------
INSERT INTO users (telegram_id, username, first_name, is_admin, is_active) INSERT INTO users (telegram_id, username, first_name, is_admin, is_active)
VALUES (298181113, NULL, 'Admin', true, true) VALUES (298181113, NULL, 'Admin', true, true)
ON CONFLICT (telegram_id) DO NOTHING; ON CONFLICT (telegram_id) DO NOTHING;