Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: version control branch configs with terraform (#23299)
- Loading branch information
1 parent
94c906b
commit 9360b94
Showing
6 changed files
with
193 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,63 @@ | ||
name: Config (Preview) | ||
|
||
on: | ||
pull_request: | ||
types: | ||
- opened | ||
- reopened | ||
- synchronize | ||
branches: | ||
- master | ||
paths: | ||
- "supabase/**" | ||
workflow_dispatch: | ||
|
||
jobs: | ||
wait: | ||
runs-on: ubuntu-latest | ||
outputs: | ||
status: ${{ steps.check.outputs.conclusion }} | ||
steps: | ||
- uses: fountainhead/action-wait-for-check@v1.2.0 | ||
id: check | ||
with: | ||
checkName: Supabase | ||
ref: ${{ github.event.pull_request.head.sha }} | ||
token: ${{ secrets.GITHUB_TOKEN }} | ||
|
||
apply: | ||
needs: | ||
- wait | ||
if: ${{ needs.wait.outputs.status == 'success' }} | ||
runs-on: ubuntu-latest | ||
env: | ||
SUPABASE_ACCESS_TOKEN: ${{ secrets.SUPABASE_ACCESS_TOKEN }} | ||
TF_VAR_linked_project: xguihxuzqibwxjnimxev | ||
TF_VAR_git_branch: ${{ github.head_ref }} | ||
TF_CLI_ARGS_apply: -target=supabase_settings.preview | ||
defaults: | ||
run: | ||
working-directory: supabase/remotes | ||
outputs: | ||
db_user: ${{ steps.branch.outputs.user }} | ||
db_pass: ${{ steps.branch.outputs.password }} | ||
db_host: ${{ steps.branch.outputs.host }} | ||
db_port: ${{ steps.branch.outputs.port }} | ||
jwt_secret: ${{ steps.branch.outputs.jwt_secret }} | ||
ref: ${{ steps.branch.outputs.id }} | ||
status: ${{ steps.branch.outputs.status }} | ||
version: ${{ steps.branch.outputs.version }} | ||
|
||
steps: | ||
- uses: actions/checkout@v4 | ||
- uses: hashicorp/setup-terraform@v3 | ||
with: | ||
terraform_wrapper: false | ||
|
||
- run: terraform init | ||
- run: terraform apply -auto-approve -no-color | ||
- id: branch | ||
run: | | ||
terraform output -json branch_database \ | ||
| jq -r "to_entries|map(\"\(.key)=\(.value|tostring)\")|.[]" \ | ||
>> "$GITHUB_OUTPUT" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
name: Config (Production) | ||
|
||
on: | ||
push: | ||
branches: | ||
- master | ||
paths: | ||
- "supabase/remotes/**" | ||
workflow_dispatch: | ||
|
||
jobs: | ||
apply: | ||
runs-on: ubuntu-latest | ||
env: | ||
SUPABASE_ACCESS_TOKEN: ${{ secrets.SUPABASE_ACCESS_TOKEN }} | ||
TF_VAR_linked_project: xguihxuzqibwxjnimxev | ||
defaults: | ||
run: | ||
working-directory: supabase/remotes | ||
|
||
steps: | ||
- uses: actions/checkout@v4 | ||
- uses: hashicorp/setup-terraform@v3 | ||
with: | ||
terraform_wrapper: false | ||
|
||
- run: terraform init | ||
- run: terraform apply -auto-approve -no-color |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
# Local .terraform directories | ||
**/.terraform/* | ||
|
||
# .tfstate files | ||
*.tfstate | ||
*.tfstate.* | ||
|
||
# Crash log files | ||
crash.log | ||
crash.*.log | ||
|
||
# Exclude all .tfvars files, which are likely to contain sensitive data, such as | ||
# password, private keys, and other secrets. These should not be part of version | ||
# control as they are data points which are potentially sensitive and subject | ||
# to change depending on the environment. | ||
*.tfvars | ||
*.tfvars.json | ||
|
||
# Ignore override files as they are usually used to override resources locally and so | ||
# are not checked in | ||
override.tf | ||
override.tf.json | ||
*_override.tf | ||
*_override.tf.json | ||
|
||
# Include override files you do wish to add to version control using negated pattern | ||
# !example_override.tf | ||
|
||
# Include tfplan files to ignore the plan output of command: terraform plan -out=tfplan | ||
# example: *tfplan* | ||
|
||
# Ignore CLI configuration files | ||
.terraformrc | ||
terraform.rc |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
variable "git_branch" { | ||
type = string | ||
default = null | ||
} | ||
|
||
# Fetch all branches of a linked project | ||
data "supabase_branch" "all" { | ||
parent_project_ref = var.linked_project | ||
} | ||
|
||
# Import an existing branch database | ||
import { | ||
for_each = { | ||
for b in data.supabase_branch.all.branches : | ||
b.git_branch => b | ||
if b.git_branch == var.git_branch | ||
} | ||
to = supabase_branch.imported[0] | ||
id = each.value.id | ||
} | ||
|
||
resource "supabase_branch" "imported" { | ||
count = length(var.git_branch[*]) | ||
parent_project_ref = var.linked_project | ||
git_branch = var.git_branch | ||
} | ||
|
||
# Override auth settings for the current branch | ||
resource "supabase_settings" "preview" { | ||
count = length(var.git_branch[*]) | ||
project_ref = supabase_branch.imported[0].database.id | ||
|
||
auth = jsonencode({ | ||
site_url = "http://localhost:3001" | ||
}) | ||
} | ||
|
||
output "branch_database" { | ||
value = one(supabase_branch.imported[*].database) | ||
sensitive = true | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
# Define a linked project variable as user input | ||
variable "linked_project" { | ||
type = string | ||
} | ||
|
||
# Configure api settings for the linked project | ||
resource "supabase_settings" "production" { | ||
project_ref = var.linked_project | ||
|
||
database = jsonencode({}) | ||
|
||
api = jsonencode({ | ||
db_schema = "public, storage, graphql_public" | ||
db_extra_search_path = "public, extensions" | ||
max_rows = 1000 | ||
}) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
terraform { | ||
required_providers { | ||
supabase = { | ||
source = "supabase/supabase" | ||
version = "~> 1.0" | ||
} | ||
} | ||
} | ||
|
||
provider "supabase" {} |