tighten Supabase read access #322
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Validate Supabase | |
| on: | |
| pull_request: | |
| push: | |
| branches: | |
| - main | |
| jobs: | |
| replay: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| pull-requests: read | |
| steps: | |
| - name: Check out repository | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Detect Supabase changes | |
| id: changes | |
| uses: dorny/paths-filter@v3 | |
| with: | |
| filters: | | |
| supabase: | |
| - "supabase/**" | |
| - name: Skip replay when Supabase files are unchanged | |
| if: steps.changes.outputs.supabase != 'true' | |
| run: echo "No Supabase changes detected; skipping replay." | |
| - name: Set up Supabase CLI | |
| if: steps.changes.outputs.supabase == 'true' | |
| uses: supabase/setup-cli@v1 | |
| with: | |
| version: latest | |
| - name: Start local Supabase stack | |
| if: steps.changes.outputs.supabase == 'true' | |
| run: supabase start | |
| - name: Replay migrations and seed data | |
| if: steps.changes.outputs.supabase == 'true' | |
| run: | | |
| supabase db reset || { | |
| echo "supabase db reset failed once; retrying after transient restart error..." | |
| supabase db reset --debug | |
| } |