memo/.github/workflows/deploy-migrations.yml at 8513c206a2797a91121f20977aac9238c155a708 · gitpod-io/memo · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
name: Deploy Migrations

on:
  push:
    branches: [main]
  pull_request:
    branches: [main]
  workflow_dispatch:

env:
  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true

jobs:
  dry-run:
    if: github.event_name == 'pull_request'
    runs-on: ubuntu-latest

    env:
      SUPABASE_ACCESS_TOKEN: ${{ secrets.SUPABASE_ACCESS_TOKEN }}
      SUPABASE_DB_PASSWORD: ${{ secrets.SUPABASE_DB_PASSWORD }}
      SUPABASE_PROJECT_ID: ${{ secrets.SUPABASE_PROJECT_ID }}

    steps:
      - uses: actions/checkout@v6

      # supabase/setup-cli@v1 still targets node20; keep FORCE_JAVASCRIPT_ACTIONS_TO_NODE24 until they ship a node24 version
      - uses: supabase/setup-cli@v1
        with:
          version: latest

      - name: Link Supabase project
        run: supabase link --project-ref $SUPABASE_PROJECT_ID

      - name: Dry-run migrations
        run: supabase db push --dry-run

  deploy:
    if: github.event_name == 'push' || github.event_name == 'workflow_dispatch'
    runs-on: ubuntu-latest

    env:
      SUPABASE_ACCESS_TOKEN: ${{ secrets.SUPABASE_ACCESS_TOKEN }}
      SUPABASE_DB_PASSWORD: ${{ secrets.SUPABASE_DB_PASSWORD }}
      SUPABASE_PROJECT_ID: ${{ secrets.SUPABASE_PROJECT_ID }}

    steps:
      - uses: actions/checkout@v6

      # supabase/setup-cli@v1 still targets node20; keep FORCE_JAVASCRIPT_ACTIONS_TO_NODE24 until they ship a node24 version
      - uses: supabase/setup-cli@v1
        with:
          version: latest

      - name: Link Supabase project
        run: supabase link --project-ref $SUPABASE_PROJECT_ID

      - name: Deploy migrations
        run: supabase db push

      - name: Verify critical tables exist
        env:
          SUPABASE_URL: ${{ secrets.NEXT_PUBLIC_SUPABASE_URL }}
          SUPABASE_KEY: ${{ secrets.NEXT_PUBLIC_SUPABASE_PUBLISHABLE_KEY }}
        run: |
          tables=(page_versions collections collection_views collection_rows comments)
          failed=()
          for table in "${tables[@]}"; do
            body=$(curl -s \
              "${SUPABASE_URL}/rest/v1/${table}?limit=1" \
              -H "apikey: ${SUPABASE_KEY}" \
              -H "Authorization: Bearer ${SUPABASE_KEY}" 2>&1)
            if echo "$body" | grep -q "PGRST205"; then
              echo "MISSING: $table — $body"
              failed+=("$table")
            else
              echo "OK: $table"
            fi
          done

          # Verify critical columns exist by selecting them explicitly.
          # PGRST204 means the column is absent from the schema cache.
          columns=(
            "pages:is_private"
            "pages:cover"
            "pages:share_token"
          )
          for entry in "${columns[@]}"; do
            table="${entry%%:*}"
            column="${entry##*:}"
            body=$(curl -s \
              "${SUPABASE_URL}/rest/v1/${table}?select=${column}&limit=1" \
              -H "apikey: ${SUPABASE_KEY}" \
              -H "Authorization: Bearer ${SUPABASE_KEY}" 2>&1)
            if echo "$body" | grep -qE "PGRST(204|205)"; then
              echo "MISSING COLUMN: ${table}.${column} — $body"
              failed+=("${table}.${column}}")
            else
              echo "OK: ${table}.${column}"
            fi
          done

          if [ ${#failed[@]} -gt 0 ]; then
            echo "Missing from schema cache: ${failed[*]}"
            exit 1
          fi