Closed ouvreboite closed 6 months ago
Instead of a bug fix, maybe a guide/recipee on how to use Supabase within Github Codespace would be enough.
Currently, a setup that seems to work (I will update once I finished following the user management tutorial).
SUPABASE_ACCESS_TOKEN
and SUPABASE_DB_PASSWORD
codespace secrets to your repositorymcr.microsoft.com/devcontainers/typescript-node:1-20-bullseye
for example)
npx supabase init
to create the supabase folder and config)mkdir supabase/migrations
.vscode/extensions.json
file)ghcr.io/devcontainers/features/docker-in-docker:2
)curl -fsSL https://deno.land/install.sh
)npx --yes supabase link --project-ref your-project-id
)npx supabase db pull
should work fine nowExample of devcontainer.json:
{
"name": "Node.js & TypeScript",
"image": "mcr.microsoft.com/devcontainers/typescript-node:1-20-bullseye",
"customizations": {
"vscode": {
"extensions": [
"denoland.vscode-deno"
]
}
},
"postCreateCommand": "curl -fsSL https://deno.land/install.sh | sh && npx --yes supabase link --project-ref your-project-id",
"features": {
"ghcr.io/devcontainers/features/docker-in-docker:2": {}
}
}
the exact same problem happens when you use the cli inside a github action
Thanks for the detailed report. I believe no. 2 and 3 can be fixed in code with better error handling.
I will ping our docs lead to check if we want to host the Codespaces setup docs on supabase domain.
I've pushed my Codespaces/Supabase/SvelteKit experiment a bit farther, following this Build a User Management App with SvelteKit tutorial. So I'll use this issue to log some info for future users.
First, we need to differentiate two scenarios:
localhost:PORT
is exposed as https://CODESPACENAME-PORT.app.github.dev
). This trigger CORS issues in the auth flow, for example. Maybe a workaround can be found, but I stopped there.🚫 localhost:PORT
in the Codespace is exposed as localhost:PORT
on your own computer by your local VSCode). So no problem with CORS.✅ Still, I've had to tweak some stuff to make everything work.
Making redirect work with Vite default port: the base port for Vite (and so SvelteKit) is not 3000, but 5173. So the auth block in config.toml must be updated
[auth]
# ...
site_url = "http://127.0.0.1:5173" # use Vite port
additional_redirect_urls = ["http://127.0.0.1:5173"] # use Vite port
Making the magic link auth work locally: the auth.email block in config.toml must be updated
[auth.email]
# ...
enable_confirmations = true
Exposing the Vite app through VSCode proxy: by default, npm run dev
expose the SvelteKit app as localhost. Strangely, the VSCode proxy does not work (at least for me) here. But exposing explicitly as 127.0.0.1 works. So I've updated my package.json
"scripts": {
"dev": "vite dev --host 127.0.0.1",
Making the delete_storage_object function work locally: the tutorial create a delete_storage_object function to remove the old avatars. One key problem for a local run, is the hardcoded project URL and service-role keys directly in the SQL function to access the storage API.
-- function delete_storage_object
declare
project_url text := '<YOURPROJECTURL>';
service_role_key text := '<YOURSERVICEROLEKEY>'; -- full access needed
url text := project_url||'/storage/v1/object/'||bucket||'/'||object;
In addition to the security risk, hard-coding the "production" values would prevent the function from working locally (url and key are different). So I'm using the Vault feature to use different values locally and in prod. In the local seed.sql file I'm adding the service-role key the CLI returns after starting. For the API URL, i'm using http://host.docker.internal:54321 (cf https://github.com/orgs/supabase/discussions/13789#discussioncomment-8727771)
select vault.create_secret('eyJhbGciOiJIUzI[...]', 'service-role-key');
select vault.create_secret('http://host.docker.internal:54321', 'storage-url-for-database');
Then I fetch the secrets in the delete_storage_object function
-- function delete_storage_object
declare
storage_url text;
service_role_key text;
url text;
begin
storage_url := (select decrypted_secret from vault.decrypted_secrets where name = 'storage-url-for-database');
service_role_key := (select decrypted_secret from vault.decrypted_secrets where name = 'service-role-key');
url := storage_url||'/storage/v1/object/'||bucket||'/'||object;
I just have to also add the secrets with the production values on my production app to have the function work both on local and production.
I don't know if this usage of Vault is best-practices. But if it is, I would suggest updating the various "Build a User Management App" tutorials to use it.
Describe the bug Hello Supabase devs :)
I'm trying to use the Supabase CLI inside a Github Codespace (to follow this guide), and I'm failing at various step.
I'm not very familiar with the Unix secret management, so I've tried to unblock myself and document my steps.
To Reproduce Create a codespace using the main image
mcr.microsoft.com/devcontainers/typescript-node:1-20-bullseye
andghcr.io/devcontainers/features/docker-in-docker:2
to enable docker within the Codespace. I've defined two env variables:Supabase init works well
I just need to manually install Deno (
curl -fsSL https://deno.land/install.sh
at the start of my container) for the Deno VSCode plugin to work.Supabase link fails (partially?)
Installing dbus-x11
Retrying
Installing keyring and libsecret
Retrying
Sudo (with -E to use my already defined env variables)
❓ I see that some work has been done to disable keyring for WSL, and I suppose we are in a similar situation (Codespace is essentially headless, except for the VSCode frontend). But the solution for WSL means that the token will be written to a file, which would be a problem for a Codespace (as we don't want passwords/tokens to be written in files, as they are stored in git)
❓ Is this related to the link secrets failure? Or something else? If I manually run create the migration folder
mkdir supabase/migrations
, the db pull succeeds❓Does it means the secret setting in the link operation is not required?
Expected behavior The Supabase CLI should work within a Github Codespace
Screenshots
System information Gihub Codespace
mcr.microsoft.com/devcontainers/typescript-node:1-20-bullseye
ghcr.io/devcontainers/features/docker-in-docker:2
to enable docker within the Codespace