search

mansueli / Supa-Backup

Github Action for Supabase Backups
Apache License 2.0
16 stars 4 forks source link

Not possible to use this action with secrets #1

Closed mansueli closed 1 year ago

mansueli commented 1 year ago

Right now it is only possible to use secrets when using the full workflow directly i.e:

name: Supa-backup
# Controls when the workflow will run
on:
  # Allows you to run this workflow manually from the Actions tab
  push:
    branches: [ main ]
  pull_request:
    branches: [ main ]
  workflow_dispatch:
  schedule:
    - cron: '0 0 * * *' # Runs every day at midnight

# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:   
 run_db_backup:
  runs-on: ubuntu-latest
  permissions:
      # Give the default GITHUB_TOKEN write permission to commit and push the changed files back to the repository.
      contents: write
  steps:
     - uses: actions/checkout@v3
       with:
         ref: ${{ github.head_ref }}
     - name: Postgres15 
       run: |
         sudo apt-get remove postgresql-client-common
         sudo sh -c 'echo "deb http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list'
         wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo tee /etc/apt/trusted.gpg.d/pgdg.asc &>/dev/null
         sudo apt update
         sudo apt install postgresql-15 postgresql-client-15 -y
         /usr/lib/postgresql/15/bin/pg_dump --clean --if-exists --quote-all-identifiers --schema '*' --exclude-schema 'extensions|graphql|graphql_public|net|pgbouncer|pgsodium|pgsodium_masks|realtime|supabase_functions|storage|pg_*|information_schema' -d postgres://postgres:${{ secrets.SUPABASE_PASSWORD }}@${{ secrets.SUPABASE_URL }}:6543/postgres > dump.sql

     - name: Tweaking the dump file    
       run: |
         sed -i -e 's/^DROP SCHEMA IF EXISTS "auth";$/-- DROP SCHEMA IF EXISTS "auth";/' dump.sql
         sed -i -e 's/^DROP SCHEMA IF EXISTS "storage";$/-- DROP SCHEMA IF EXISTS "storage";/' dump.sql
         sed -i -e 's/^CREATE SCHEMA "auth";$/-- CREATE SCHEMA "auth";/' dump.sql
         sed -i -e 's/^CREATE SCHEMA "storage";$/-- CREATE SCHEMA "storage";/' dump.sql
         sed -i -e 's/^ALTER DEFAULT PRIVILEGES FOR ROLE "supabase_admin"/-- ALTER DEFAULT PRIVILEGES FOR ROLE "supabase_admin"/' dump.sql
       shell: bash   

     - uses: stefanzweifel/git-auto-commit-action@v4
       with:
         commit_message: Supabase backup

If you try to use it just with the GitHub actions, then it fails:

name: Supa-Backup
on:
  # Allows you to run this workflow manually from the Actions tab
  push:
    branches: [ main ]
  pull_request:
    branches: [ main ]
  workflow_dispatch:
  schedule:
    - cron: '0 0 * * *' # Runs every day at midnight
jobs:
  backup:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v3
      - name: Supa-Backup
        uses: mansueli/supa-backup@v0.0.6
        with:
          supabase_url: {{secrets.SUPABASE_URL}}
          supabase_password: {{secrets.SUPABASE_PASSWORD}}
      - uses: stefanzweifel/git-auto-commit-action@v4
        with:
          commit_message: Supabase backup

Error:

pg_dump: error: could not translate host name "***" to address: Temporary failure in name resolution Error: Process completed with exit code 1.

reorx commented 1 year ago

This is most likely because you put inputs in the wrong order postgres://postgres:${{ inputs.supabase_url }}@${{ inputs.supabase_password }}, password should be ahead of url 😂. It's correct in the full workflow, which is why it works correctly.

reorx commented 1 year ago

Additionally, we should use supabase_url as the whole argument for -d, previously it was actually used as supabase_host, not the database url that contains the full information to connect to the database. This aligns the naming and functionality, and also solves the problem if someone uses a port other than the hard-coded 6543.