Skip to content

chore: adds db migrations to ci/cd #5563

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore: adds db migrations to ci/cd #5563

wants to merge 1 commit into from

Conversation

@ravenac95
Copy link
Member

@ravenac95 ravenac95 commented Oct 30, 2025
edited
Loading

TODO:

  • Update secrets
  • Check needed secrets

This is slightly cleaner AI slop

@vercel
Copy link

vercel bot commented Oct 30, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Preview Comments Updated (UTC)
kariba-network Ready Ready Preview Comment Oct 30, 2025 5:04am
oso-www Ready Ready Preview Comment Oct 30, 2025 5:04am

github-advanced-security[bot]
github-advanced-security bot found potential problems Oct 30, 2025
View reviewed changes
.github/workflows/db-migration.yml
Comment on lines +10 to +35
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3

- name: Setup pnpm
uses: pnpm/action-setup@v4
with:
version: 10
run_install: |
- recursive: true
args: [--frozen-lockfile, --strict-peer-dependencies]

- name: Set up Node.js
uses: actions/setup-node@v4
with:
node-version: "20.x"
cache: "pnpm"

- name: Push Supabase migrations
working-directory: apps/frontend
run: |
pnpm supabase db push
env:
SUPABASE_ACCESS_TOKEN: ${{ secrets.SUPABASE_ACCESS_TOKEN }}
SUPABASE_DB_PASSWORD: ${{ secrets.SUPABASE_DB_PASSWORD }}
NEXT_PUBLIC_SUPABASE_URL: ${{ secrets.NEXT_PUBLIC_SUPABASE_URL }}

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Copilot Autofix

AI 21 days ago

To address the problem, add an explicit permissions block to the workflow or job with the least required privileges. In most cases where the workflow only needs access to check out the code (read-only), the correct minimal permissions are:

permissions:
  contents: read

This can be added at the root of the workflow (applies to all jobs) or at the job level. Since the example includes one job, the simplest and best method is to add the following directly below the workflow name: field, before the on: field (to make it clear and to cover future jobs). No imports, methods, or further changes are required.

Suggested changeset 1
.github/workflows/db-migration.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/db-migration.yml b/.github/workflows/db-migration.yml
--- a/.github/workflows/db-migration.yml
+++ b/.github/workflows/db-migration.yml
@@ -1,4 +1,6 @@
 name: Supabase DB Migration
+permissions:
+  contents: read
 
 on:
   merge_group:
EOF
@@ -1,4 +1,6 @@
name: Supabase DB Migration
permissions:
contents: read

on:
merge_group:
Copilot is powered by AI and may make mistakes. Always verify output.
ravenac95
ravenac95 commented Oct 30, 2025
View reviewed changes
.github/workflows/db-migration.yml
- name: Set up Node.js
uses: actions/setup-node@v4
with:
node-version: "20.x"
Copy link
Member Author

@ravenac95 ravenac95 Oct 30, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just copied this from default but I realize we should update the node version

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ravenac95