Add database init script for Supabase schemas and roles
Build and Push Docker Image / build (push) Successful in 1m43s
Details
Build and Push Docker Image / build (push) Successful in 1m43s
Details
- Create 00-init-schemas.sql that runs before Supabase init scripts - Creates required roles: anon, authenticated, service_role, supabase_admin, etc. - Creates required schemas: auth, storage, extensions, _realtime, graphql - Sets up proper grants and permissions for Supabase services - Mount init script to /docker-entrypoint-initdb.d/ in db container Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
parent
5bbf26e7a1
commit
cd60c8ba32
|
|
@ -19,7 +19,9 @@ services:
|
|||
JWT_EXP: ${JWT_EXPIRY:-3600}
|
||||
volumes:
|
||||
- db-data:/var/lib/postgresql/data
|
||||
# Migrations mounted separately - DO NOT use /docker-entrypoint-initdb.d (overwrites Supabase init)
|
||||
# Init script to create schemas (runs first due to 00- prefix)
|
||||
- ./supabase/docker/00-init-schemas.sql:/docker-entrypoint-initdb.d/00-init-schemas.sql:ro
|
||||
# Migrations mounted separately for manual execution
|
||||
- ./supabase/migrations:/migrations:ro
|
||||
healthcheck:
|
||||
test: ["CMD-SHELL", "pg_isready -U postgres"]
|
||||
|
|
|
|||
|
|
@ -0,0 +1,93 @@
|
|||
-- Initialize required schemas and roles for Supabase services
|
||||
-- This runs FIRST (00- prefix) before other init scripts
|
||||
|
||||
-- Create roles if they don't exist
|
||||
DO $$
|
||||
BEGIN
|
||||
-- Create anon role
|
||||
IF NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = 'anon') THEN
|
||||
CREATE ROLE anon NOLOGIN NOINHERIT;
|
||||
END IF;
|
||||
|
||||
-- Create authenticated role
|
||||
IF NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = 'authenticated') THEN
|
||||
CREATE ROLE authenticated NOLOGIN NOINHERIT;
|
||||
END IF;
|
||||
|
||||
-- Create service_role
|
||||
IF NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = 'service_role') THEN
|
||||
CREATE ROLE service_role NOLOGIN NOINHERIT BYPASSRLS;
|
||||
END IF;
|
||||
|
||||
-- Create supabase_admin role
|
||||
IF NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = 'supabase_admin') THEN
|
||||
CREATE ROLE supabase_admin LOGIN SUPERUSER CREATEDB CREATEROLE REPLICATION BYPASSRLS;
|
||||
END IF;
|
||||
|
||||
-- Create authenticator role
|
||||
IF NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = 'authenticator') THEN
|
||||
CREATE ROLE authenticator NOINHERIT LOGIN;
|
||||
END IF;
|
||||
|
||||
-- Create supabase_auth_admin role
|
||||
IF NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = 'supabase_auth_admin') THEN
|
||||
CREATE ROLE supabase_auth_admin NOLOGIN NOINHERIT;
|
||||
END IF;
|
||||
|
||||
-- Create supabase_storage_admin role
|
||||
IF NOT EXISTS (SELECT FROM pg_catalog.pg_roles WHERE rolname = 'supabase_storage_admin') THEN
|
||||
CREATE ROLE supabase_storage_admin NOLOGIN NOINHERIT;
|
||||
END IF;
|
||||
END
|
||||
$$;
|
||||
|
||||
-- Grant roles
|
||||
GRANT anon TO authenticator;
|
||||
GRANT authenticated TO authenticator;
|
||||
GRANT service_role TO authenticator;
|
||||
GRANT supabase_admin TO postgres;
|
||||
|
||||
-- Set passwords (use the same as postgres password from env)
|
||||
-- Note: These are set via ALTER ROLE since we can't use variables in CREATE ROLE
|
||||
ALTER ROLE supabase_admin WITH PASSWORD 'postgres';
|
||||
ALTER ROLE authenticator WITH PASSWORD 'postgres';
|
||||
|
||||
-- Create schemas
|
||||
CREATE SCHEMA IF NOT EXISTS auth AUTHORIZATION supabase_auth_admin;
|
||||
CREATE SCHEMA IF NOT EXISTS storage AUTHORIZATION supabase_storage_admin;
|
||||
CREATE SCHEMA IF NOT EXISTS extensions;
|
||||
CREATE SCHEMA IF NOT EXISTS _realtime;
|
||||
CREATE SCHEMA IF NOT EXISTS graphql;
|
||||
CREATE SCHEMA IF NOT EXISTS graphql_public;
|
||||
|
||||
-- Grant schema usage
|
||||
GRANT USAGE ON SCHEMA public TO anon, authenticated, service_role;
|
||||
GRANT USAGE ON SCHEMA auth TO anon, authenticated, service_role, supabase_auth_admin;
|
||||
GRANT USAGE ON SCHEMA storage TO anon, authenticated, service_role, supabase_storage_admin;
|
||||
GRANT USAGE ON SCHEMA extensions TO anon, authenticated, service_role;
|
||||
GRANT USAGE ON SCHEMA graphql_public TO anon, authenticated, service_role;
|
||||
|
||||
-- Grant auth schema to supabase_auth_admin
|
||||
GRANT ALL ON SCHEMA auth TO supabase_auth_admin;
|
||||
GRANT ALL ON ALL TABLES IN SCHEMA auth TO supabase_auth_admin;
|
||||
GRANT ALL ON ALL SEQUENCES IN SCHEMA auth TO supabase_auth_admin;
|
||||
GRANT ALL ON ALL ROUTINES IN SCHEMA auth TO supabase_auth_admin;
|
||||
|
||||
-- Grant storage schema to supabase_storage_admin
|
||||
GRANT ALL ON SCHEMA storage TO supabase_storage_admin;
|
||||
GRANT ALL ON ALL TABLES IN SCHEMA storage TO supabase_storage_admin;
|
||||
GRANT ALL ON ALL SEQUENCES IN SCHEMA storage TO supabase_storage_admin;
|
||||
GRANT ALL ON ALL ROUTINES IN SCHEMA storage TO supabase_storage_admin;
|
||||
|
||||
-- Set default privileges
|
||||
ALTER DEFAULT PRIVILEGES IN SCHEMA auth GRANT ALL ON TABLES TO supabase_auth_admin;
|
||||
ALTER DEFAULT PRIVILEGES IN SCHEMA auth GRANT ALL ON SEQUENCES TO supabase_auth_admin;
|
||||
ALTER DEFAULT PRIVILEGES IN SCHEMA storage GRANT ALL ON TABLES TO supabase_storage_admin;
|
||||
ALTER DEFAULT PRIVILEGES IN SCHEMA storage GRANT ALL ON SEQUENCES TO supabase_storage_admin;
|
||||
|
||||
-- Set search path
|
||||
ALTER DATABASE postgres SET search_path TO public, extensions;
|
||||
|
||||
-- Create extensions in extensions schema
|
||||
CREATE EXTENSION IF NOT EXISTS "uuid-ossp" WITH SCHEMA extensions;
|
||||
CREATE EXTENSION IF NOT EXISTS "pgcrypto" WITH SCHEMA extensions;
|
||||
Loading…
Reference in New Issue