diff --git a/templates/compose/supabase.yaml b/templates/compose/supabase.yaml index 5eb707d93..1776c2119 100644 --- a/templates/compose/supabase.yaml +++ b/templates/compose/supabase.yaml @@ -14,7 +14,7 @@ services: supabase-analytics: condition: service_healthy environment: - - SERVICE_FQDN_SUPABASEKONG + - SERVICE_FQDN_SUPABASEKONG_8000 - JWT_SECRET=${SERVICE_PASSWORD_JWT} - KONG_DATABASE=off - KONG_DECLARATIVE_CONFIG=/home/kong/kong.yml @@ -278,7 +278,7 @@ services: config: hide_credentials: true supabase-studio: - image: supabase/studio:20240729-ce42139 + image: supabase/studio:20240923-2e3e90c healthcheck: test: [ @@ -301,7 +301,7 @@ services: - DEFAULT_ORGANIZATION_NAME=${STUDIO_DEFAULT_ORGANIZATION:-Default Organization} - DEFAULT_PROJECT_NAME=${STUDIO_DEFAULT_PROJECT:-Default Project} - - SUPABASE_URL=${SERVICE_FQDN_SUPABASEKONG} + - 'SUPABASE_URL=http://supabase-kong:8000' - SUPABASE_PUBLIC_URL=${SERVICE_FQDN_SUPABASEKONG} - SUPABASE_ANON_KEY=${SERVICE_SUPABASEANON_KEY} - SUPABASE_SERVICE_KEY=${SERVICE_SUPABASESERVICE_KEY} @@ -309,6 +309,7 @@ services: - LOGFLARE_API_KEY=${SERVICE_PASSWORD_LOGFLARE} - LOGFLARE_URL=http://supabase-analytics:4000 + - 'SUPABASE_PUBLIC_API=${SERVICE_FQDN_SUPABASEKONG}' - NEXT_PUBLIC_ENABLE_LOGS=true # Comment to use Big Query backend for analytics - NEXT_ANALYTICS_BACKEND_PROVIDER=postgres @@ -351,6 +352,14 @@ services: create schema if not exists _realtime; alter schema _realtime owner to :pguser; + - type: bind + source: ./volumes/db/supavisor.sql + target: /docker-entrypoint-initdb.d/init-scripts/99-supavisor.sql + content: | + \set pguser `echo "supabase_admin"` + + create schema if not exists _supavisor; + alter schema _supavisor owner to :pguser; - type: bind source: ./volumes/db/webhooks.sql target: /docker-entrypoint-initdb.d/init-scripts/98-webhooks.sql @@ -905,7 +914,7 @@ services: restart: unless-stopped environment: - PGRST_DB_URI=postgres://authenticator:${SERVICE_PASSWORD_POSTGRES}@${POSTGRES_HOSTNAME:-supabase-db}:${POSTGRES_PORT:-5432}/${POSTGRES_DB:-postgres} - - PGRST_DB_SCHEMAS=${PGRST_DB_SCHEMAS:-public} + - 'PGRST_DB_SCHEMAS=${PGRST_DB_SCHEMAS:-public,storage,graphql_public}' - PGRST_DB_ANON_ROLE=anon - PGRST_JWT_SECRET=${SERVICE_PASSWORD_JWT} - PGRST_DB_USE_LEGACY_GUCS=false @@ -914,7 +923,7 @@ services: command: "postgrest" exclude_from_hc: true supabase-auth: - image: supabase/gotrue:v2.151.0 + image: supabase/gotrue:v2.158.1 depends_on: supabase-db: # Disable this if you are using an external Postgres database @@ -992,7 +1001,7 @@ services: # GOTRUE_HOOK_PASSWORD_VERIFICATION_ATTEMPT_ENABLED="true" # GOTRUE_HOOK_PASSWORD_VERIFICATION_ATTEMPT_URI="pg-functions://postgres/public/password_verification_attempt" - + # Uncomment to enable common OAuth Variables #- 'GOTRUE_EXTERNAL_GITHUB_CLIENT_ID=${GOTRUE_EXTERNAL_GITHUB_CLIENT_ID}' #- 'GOTRUE_EXTERNAL_GITHUB_ENABLED=${GOTRUE_EXTERNAL_GITHUB_ENABLED}' @@ -1005,7 +1014,7 @@ services: realtime-dev: # This container name looks inconsistent but is correct because realtime constructs tenant id by parsing the subdomain - image: supabase/realtime:v2.30.23 + image: supabase/realtime:v2.30.34 container_name: realtime-dev.supabase-realtime depends_on: supabase-db: @@ -1085,7 +1094,7 @@ services: exit 0 supabase-storage: - image: supabase/storage-api:v1.0.6 + image: supabase/storage-api:v1.10.1 depends_on: supabase-db: # Disable this if you are using an external Postgres database @@ -1185,7 +1194,7 @@ services: - PG_META_DB_PASSWORD=${SERVICE_PASSWORD_POSTGRES} supabase-edge-functions: - image: supabase/edge-runtime:v1.53.3 + image: supabase/edge-runtime:v1.58.3 depends_on: supabase-analytics: condition: service_healthy @@ -1327,3 +1336,84 @@ services: - start - --main-service - /home/deno/functions/main + + supabase-supavisor: + image: 'supabase/supavisor:1.1.56' + healthcheck: + test: + - CMD + - curl + - "-sSfL" + - "-o" + - /dev/null + - "http://127.0.0.1:4000/api/health" + timeout: 5s + interval: 5s + retries: 10 + restart: unless-stopped + depends_on: + supabase-db: + condition: service_healthy + environment: + - PORT=4000 + - PROXY_PORT_SESSION=5432 + - PROXY_PORT_TRANSACTION=6543 + - 'POSTGRES_PORT=${POSTGRES_PORT:-5432}' + - 'POSTGRES_HOSTNAME=${POSTGRES_HOSTNAME:-supabase-db}' + - 'POSTGRES_DB=${POSTGRES_DB:-postgres}' + - 'POSTGRES_PASSWORD=${SERVICE_PASSWORD_POSTGRES}' + - 'DATABASE_URL=ecto://supabase_admin:${SERVICE_PASSWORD_POSTGRES}@${POSTGRES_HOSTNAME:-supabase-db}:${POSTGRES_PORT:-5432}/${POSTGRES_DB:-postgres}' + - CLUSTER_POSTGRES=true + - 'SECRET_KEY_BASE=${SERVICE_PASSWORD_SUPAVISORSECRET}' + - 'VAULT_ENC_KEY=${SERVICE_PASSWORD_VAULTENC}' + - 'API_JWT_SECRET=${SERVICE_PASSWORD_JWT}' + - 'METRICS_JWT_SECRET=${SERVICE_PASSWORD_JWT}' + - REGION=local + - 'ERL_AFLAGS=-proto_dist inet_tcp' + volumes: + - type: bind + source: ./volumes/supavisor/entrypoint.sh + target: /home/entrypoint.sh + content: | + #!/bin/bash + + /app/bin/supavisor eval ' + {:ok, _} = Application.ensure_all_started(:supavisor) + {:ok, version} = + case Supavisor.Repo.query!("select version()") do + %{rows: [[ver]]} -> Supavisor.Helpers.parse_pg_version(ver) + _ -> nil + end + params = %{ + "external_id" => "dev_tenant", + "db_host" => System.get_env("POSTGRES_HOSTNAME"), + "db_port" => System.get_env("POSTGRES_PORT") |> String.to_integer(), + "db_database" => System.get_env("POSTGRES_DB"), + "require_user" => false, + "auth_query" => "SELECT rolname, rolpassword FROM pg_authid WHERE rolname=$1", + "default_max_clients" => 100, + "default_pool_size" => 20, + "enforce_ssl" => false, + "default_parameter_status" => %{"server_version" => version}, + "users" => [%{ + "db_user" => "postgres", + "db_password" => System.get_env("POSTGRES_PASSWORD"), + "mode_type" => "transaction", + "pool_size" => 20, + "is_manager" => true + }] + } + + tenant = Supavisor.Tenants.get_tenant_by_external_id(params["external_id"]) + + if tenant do + {:ok, _} = Supavisor.Tenants.update_tenant(tenant, params) + else + {:ok, _} = Supavisor.Tenants.create_tenant(params) + end + ' + + command: + - sh + - "-c" + - "chmod +x /home/entrypoint.sh && /app/bin/migrate && /home/entrypoint.sh && /app/bin/server"