diff --git a/.github/workflows/deploy-to-prod.yml b/.github/workflows/deploy-to-prod.yml new file mode 100644 index 0000000..51fccbf --- /dev/null +++ b/.github/workflows/deploy-to-prod.yml @@ -0,0 +1,25 @@ +name: Deploy migrations to production + +on: + pull_request: + branches: [ main ] + types: [ closed ] + +jobs: + deploy: + runs-on: ubuntu-latest + + env: + SUPABASE_ACCESS_TOKEN: ${{ secrets.SUPABASE_ACCESS_TOKEN }} + SUPABASE_DB_PASSWORD: ${{ secrets.PRODUCTION_DB_PASSWORD }} + SUPABASE_PROJECT_ID: ${{ secrets.PRODUCTION_PROJECT_ID }} + + steps: + - uses: actions/checkout@v3 + + - uses: supabase/setup-cli@v1 + with: + version: latest + + - run: supabase link --project-ref $SUPABASE_PROJECT_ID + - run: supabase db push diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..e69de29 diff --git a/supabase/.gitignore b/supabase/.gitignore new file mode 100644 index 0000000..a3ad880 --- /dev/null +++ b/supabase/.gitignore @@ -0,0 +1,4 @@ +# Supabase +.branches +.temp +.env diff --git a/supabase/config.toml b/supabase/config.toml new file mode 100644 index 0000000..1f71442 --- /dev/null +++ b/supabase/config.toml @@ -0,0 +1,151 @@ +# A string used to distinguish different Supabase projects on the same host. Defaults to the +# working directory name when running `supabase init`. +project_id = "shaka-opensource" + +[api] +enabled = true +# Port to use for the API URL. +port = 54321 +# Schemas to expose in your API. Tables, views and stored procedures in this schema will get API +# endpoints. public and storage are always included. +schemas = ["public", "storage", "graphql_public"] +# Extra schemas to add to the search_path of every request. public is always included. +extra_search_path = ["public", "extensions"] +# The maximum number of rows returns from a view, table, or stored procedure. Limits payload size +# for accidental or malicious requests. +max_rows = 1000 + +[db] +# Port to use for the local database URL. +port = 54322 +# Port used by db diff command to initialize the shadow database. +shadow_port = 54320 +# The database major version to use. This has to be the same as your remote database's. Run `SHOW +# server_version;` on the remote database to check. +major_version = 15 + +[db.pooler] +enabled = false +# Port to use for the local connection pooler. +port = 54329 +# Specifies when a server connection can be reused by other clients. +# Configure one of the supported pooler modes: `transaction`, `session`. +pool_mode = "transaction" +# How many server connections to allow per user/database pair. +default_pool_size = 20 +# Maximum number of client connections allowed. +max_client_conn = 100 + +[realtime] +enabled = true +# Bind realtime via either IPv4 or IPv6. (default: IPv6) +# ip_version = "IPv6" +# The maximum length in bytes of HTTP request headers. (default: 4096) +# max_header_length = 4096 + +[studio] +enabled = true +# Port to use for Supabase Studio. +port = 54323 +# External URL of the API server that frontend connects to. +api_url = "http://127.0.0.1" + +# Email testing server. Emails sent with the local dev setup are not actually sent - rather, they +# are monitored, and you can view the emails that would have been sent from the web interface. +[inbucket] +enabled = true +# Port to use for the email testing server web interface. +port = 54324 +# Uncomment to expose additional ports for testing user applications that send emails. +# smtp_port = 54325 +# pop3_port = 54326 + +[storage] +enabled = true +# The maximum file size allowed (e.g. "5MB", "500KB"). +file_size_limit = "50MiB" + +[auth] +enabled = true +# The base URL of your website. Used as an allow-list for redirects and for constructing URLs used +# in emails. +site_url = "http://127.0.0.1:3000" +# A list of *exact* URLs that auth providers are permitted to redirect to post authentication. +additional_redirect_urls = ["https://127.0.0.1:3000"] +# How long tokens are valid for, in seconds. Defaults to 3600 (1 hour), maximum 604,800 (1 week). +jwt_expiry = 3600 +# If disabled, the refresh token will never expire. +enable_refresh_token_rotation = true +# Allows refresh tokens to be reused after expiry, up to the specified interval in seconds. +# Requires enable_refresh_token_rotation = true. +refresh_token_reuse_interval = 10 +# Allow/disallow new user signups to your project. +enable_signup = true + +[auth.email] +# Allow/disallow new user signups via email to your project. +enable_signup = true +# If enabled, a user will be required to confirm any email change on both the old, and new email +# addresses. If disabled, only the new email is required to confirm. +double_confirm_changes = true +# If enabled, users need to confirm their email address before signing in. +enable_confirmations = false + +# Uncomment to customize email template +# [auth.email.template.invite] +# subject = "You have been invited" +# content_path = "./supabase/templates/invite.html" + +[auth.sms] +# Allow/disallow new user signups via SMS to your project. +enable_signup = true +# If enabled, users need to confirm their phone number before signing in. +enable_confirmations = false +# Template for sending OTP to users +template = "Your code is {{ .Code }} ." + +# Use pre-defined map of phone number to OTP for testing. +[auth.sms.test_otp] +# 4152127777 = "123456" + +# Configure one of the supported SMS providers: `twilio`, `twilio_verify`, `messagebird`, `textlocal`, `vonage`. +[auth.sms.twilio] +enabled = false +account_sid = "" +message_service_sid = "" +# DO NOT commit your Twilio auth token to git. Use environment variable substitution instead: +auth_token = "env(SUPABASE_AUTH_SMS_TWILIO_AUTH_TOKEN)" + +# Use an external OAuth provider. The full list of providers are: `apple`, `azure`, `bitbucket`, +# `discord`, `facebook`, `github`, `gitlab`, `google`, `keycloak`, `linkedin`, `notion`, `twitch`, +# `twitter`, `slack`, `spotify`, `workos`, `zoom`. +[auth.external.apple] +enabled = false +client_id = "" +# DO NOT commit your OAuth provider secret to git. Use environment variable substitution instead: +secret = "env(SUPABASE_AUTH_EXTERNAL_APPLE_SECRET)" +# Overrides the default auth redirectUrl. +redirect_uri = "" +# Overrides the default auth provider URL. Used to support self-hosted gitlab, single-tenant Azure, +# or any other third-party OIDC providers. +url = "" + +[analytics] +enabled = false +port = 54327 +vector_port = 54328 +# Configure one of the supported backends: `postgres`, `bigquery`. +backend = "postgres" + +# Experimental features may be deprecated any time +[experimental] +# Configures Postgres storage engine to use OrioleDB (S3) +orioledb_version = "" +# Configures S3 bucket URL, eg. .s3-.amazonaws.com +s3_host = "env(S3_HOST)" +# Configures S3 bucket region, eg. us-east-1 +s3_region = "env(S3_REGION)" +# Configures AWS_ACCESS_KEY_ID for S3 bucket +s3_access_key = "env(S3_ACCESS_KEY)" +# Configures AWS_SECRET_ACCESS_KEY for S3 bucket +s3_secret_key = "env(S3_SECRET_KEY)" diff --git a/supabase/migrations/20240110231549_organization.sql b/supabase/migrations/20240110231549_organization.sql new file mode 100644 index 0000000..870ade5 --- /dev/null +++ b/supabase/migrations/20240110231549_organization.sql @@ -0,0 +1,63 @@ +create type "public"."organization_type" as enum ('free', 'pay', 'enterprise'); + +create sequence "public"."organization_id_seq"; + +create table "public"."organization" ( + "id" integer not null default nextval('organization_id_seq'::regclass), + "name" text, + "type" organization_type, + "created_at" timestamp without time zone default now() +); + + +alter table "public"."organization" enable row level security; + +alter sequence "public"."organization_id_seq" owned by "public"."organization"."id"; + +CREATE UNIQUE INDEX organization_pkey ON public.organization USING btree (id); + +alter table "public"."organization" add constraint "organization_pkey" PRIMARY KEY using index "organization_pkey"; + +grant delete on table "public"."organization" to "anon"; + +grant insert on table "public"."organization" to "anon"; + +grant references on table "public"."organization" to "anon"; + +grant select on table "public"."organization" to "anon"; + +grant trigger on table "public"."organization" to "anon"; + +grant truncate on table "public"."organization" to "anon"; + +grant update on table "public"."organization" to "anon"; + +grant delete on table "public"."organization" to "authenticated"; + +grant insert on table "public"."organization" to "authenticated"; + +grant references on table "public"."organization" to "authenticated"; + +grant select on table "public"."organization" to "authenticated"; + +grant trigger on table "public"."organization" to "authenticated"; + +grant truncate on table "public"."organization" to "authenticated"; + +grant update on table "public"."organization" to "authenticated"; + +grant delete on table "public"."organization" to "service_role"; + +grant insert on table "public"."organization" to "service_role"; + +grant references on table "public"."organization" to "service_role"; + +grant select on table "public"."organization" to "service_role"; + +grant trigger on table "public"."organization" to "service_role"; + +grant truncate on table "public"."organization" to "service_role"; + +grant update on table "public"."organization" to "service_role"; + + diff --git a/supabase/migrations/20240201221317_users_table.sql b/supabase/migrations/20240201221317_users_table.sql new file mode 100644 index 0000000..2cdbfb5 --- /dev/null +++ b/supabase/migrations/20240201221317_users_table.sql @@ -0,0 +1,71 @@ +create type "public"."user_role" as enum ('admin'); + +create sequence "public"."user_id_seq"; + +create table "public"."user" ( + "id" integer not null default nextval('user_id_seq'::regclass), + "name" character varying not null, + "email" character varying not null, + "role" user_role not null, + "organization_id" integer not null, + "created_at" timestamp without time zone default now() +); + + +alter sequence "public"."user_id_seq" owned by "public"."user"."id"; + +CREATE UNIQUE INDEX user_email_key ON public."user" USING btree (email); + +CREATE UNIQUE INDEX user_pkey ON public."user" USING btree (id); + +alter table "public"."user" add constraint "user_pkey" PRIMARY KEY using index "user_pkey"; + +alter table "public"."user" add constraint "user_email_key" UNIQUE using index "user_email_key"; + +alter table "public"."user" add constraint "user_organization_id_fkey" FOREIGN KEY (organization_id) REFERENCES organization(id) not valid; + +alter table "public"."user" validate constraint "user_organization_id_fkey"; + +grant delete on table "public"."user" to "anon"; + +grant insert on table "public"."user" to "anon"; + +grant references on table "public"."user" to "anon"; + +grant select on table "public"."user" to "anon"; + +grant trigger on table "public"."user" to "anon"; + +grant truncate on table "public"."user" to "anon"; + +grant update on table "public"."user" to "anon"; + +grant delete on table "public"."user" to "authenticated"; + +grant insert on table "public"."user" to "authenticated"; + +grant references on table "public"."user" to "authenticated"; + +grant select on table "public"."user" to "authenticated"; + +grant trigger on table "public"."user" to "authenticated"; + +grant truncate on table "public"."user" to "authenticated"; + +grant update on table "public"."user" to "authenticated"; + +grant delete on table "public"."user" to "service_role"; + +grant insert on table "public"."user" to "service_role"; + +grant references on table "public"."user" to "service_role"; + +grant select on table "public"."user" to "service_role"; + +grant trigger on table "public"."user" to "service_role"; + +grant truncate on table "public"."user" to "service_role"; + +grant update on table "public"."user" to "service_role"; + + diff --git a/supabase/seed.sql b/supabase/seed.sql new file mode 100644 index 0000000..e69de29