Skip to content

chore: implement migration drift detection, CI rules, and duplicate c… #787

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
VictorEzenma wants to merge 4 commits into
base: main
Choose a base branch
from
Open

chore: implement migration drift detection, CI rules, and duplicate c… #787

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
80d542a
chore: implement migration drift detection, CI rules, and duplicate c…
whitezaddy Jun 1, 2026
410cba5
Merge branch 'main' into chore/migration-cleanup-and-ci
VictorEzenma Jun 1, 2026
270bc81
chore: move DEBT.md to docs/archive and fix yaml syntax
whitezaddy Jun 1, 2026
ba03210
fix: gracefully handle supabase stop in teardown if cli is missing
whitezaddy Jun 1, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 3 additions & 3 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -262,8 +262,8 @@ jobs:
- name: Set up Node.js
uses: actions/setup-node@v6
with:
node-version: '20'
cache: 'npm'
node-version: "20"
cache: "npm"
cache-dependency-path: client/package-lock.json

- name: Audit client dependencies
Expand Down Expand Up @@ -414,7 +414,7 @@ jobs:

- name: Install backend dependencies
working-directory: backend
run: npm ci
run: npm install

- name: Run backend tests
working-directory: backend
Expand Down
16 changes: 8 additions & 8 deletions .github/workflows/database.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,13 +4,13 @@ on:
push:
branches: [main, develop]
paths:
- 'supabase/migrations/**'
- 'supabase/config.toml'
- "supabase/migrations/**"
- "supabase/config.toml"
pull_request:
branches: [main, develop]
paths:
- 'supabase/migrations/**'
- 'supabase/config.toml'
- "supabase/migrations/**"
- "supabase/config.toml"

jobs:
validate-migrations:
Expand Down Expand Up @@ -38,13 +38,13 @@ jobs:
- name: Setup Node.js for RLS audit
uses: actions/setup-node@v6
with:
node-version: '20'
cache: 'npm'
node-version: "20"
cache: "npm"
cache-dependency-path: backend/package-lock.json

- name: Install dependencies for RLS audit
working-directory: backend
run: npm ci
run: npm install

- name: Run RLS Policy Audit
env:
Expand All @@ -57,4 +57,4 @@ jobs:

- name: Stop Supabase local stack
if: always()
run: supabase stop
run: if command -v supabase &> /dev/null; then supabase stop; fi
2 changes: 1 addition & 1 deletion .github/workflows/lint.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,7 @@ jobs:
cache-dependency-path: backend/package-lock.json

- name: Install dependencies
run: npm ci
run: npm install

- name: Run ESLint
run: npx eslint src --ext .ts --max-warnings 0
Expand Down
20 changes: 5 additions & 15 deletions .github/workflows/migration-drift-check.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,18 +3,11 @@ name: Migration Drift Check
on:
pull_request:
paths:
- 'backend/migrations/**'
- 'supabase/migrations/**'
push:
branches:
- main
paths:
- 'backend/migrations/**'
- 'supabase/migrations/**'
- "supabase/migrations/**"
- "backend/migrations/**"

jobs:
check-migrations:
name: Detect migration drift
runs-on: ubuntu-latest
steps:
- name: Checkout code
Expand All @@ -23,13 +16,10 @@ jobs:
- name: Setup Node.js
uses: actions/setup-node@v6
with:
node-version: '20'
cache: 'npm'

- name: Install dependencies
run: npm ci
node-version: "20"

- name: Run migration drift check
run: node scripts/check-migration-drift.js
id: drift-check
run: |
if node scripts/check-migration-drift.js; then
Expand Down Expand Up @@ -73,4 +63,4 @@ jobs:
issue_number: context.issue.number,
body
});
}
}
38 changes: 19 additions & 19 deletions .github/workflows/rls-audit.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,37 +4,37 @@ on:
push:
branches: [main, develop]
paths:
- 'supabase/migrations/**'
- 'backend/migrations/**'
- 'scripts/check-rls-compliance.js'
- '.github/workflows/rls-audit.yml'
- "supabase/migrations/**"
- "backend/migrations/**"
- "scripts/check-rls-compliance.js"
- ".github/workflows/rls-audit.yml"
pull_request:
branches: [main, develop]
paths:
- 'supabase/migrations/**'
- 'backend/migrations/**'
- 'scripts/check-rls-compliance.js'
- '.github/workflows/rls-audit.yml'
- "supabase/migrations/**"
- "backend/migrations/**"
- "scripts/check-rls-compliance.js"
- ".github/workflows/rls-audit.yml"

jobs:
audit-rls-policies:
name: Audit RLS Policies
runs-on: ubuntu-latest

steps:
- name: Checkout repository
uses: actions/checkout@v6

- name: Setup Node.js
uses: actions/setup-node@v6
with:
node-version: '20'
cache: 'npm'
node-version: "20"
cache: "npm"
cache-dependency-path: backend/package-lock.json

- name: Install dependencies
working-directory: backend
run: npm ci
run: npm install

- name: Setup Supabase CLI
uses: supabase/setup-cli@v2
Expand All @@ -61,29 +61,29 @@ jobs:

- name: Stop Supabase local stack
if: always()
run: supabase stop
run: if command -v supabase &> /dev/null; then supabase stop; fi

# Integration with main CI pipeline
validate-rls-on-production:
name: Validate RLS on Production Schema
runs-on: ubuntu-latest
if: github.ref == 'refs/heads/main' && github.event_name == 'push'
needs: audit-rls-policies

steps:
- name: Checkout repository
uses: actions/checkout@v6

- name: Setup Node.js
uses: actions/setup-node@v6
with:
node-version: '20'
cache: 'npm'
node-version: "20"
cache: "npm"
cache-dependency-path: backend/package-lock.json

- name: Install dependencies
working-directory: backend
run: npm ci
run: npm install

- name: Validate RLS on Production Database
env:
Expand All @@ -100,7 +100,7 @@ jobs:
runs-on: ubuntu-latest
if: github.event_name == 'pull_request'
needs: audit-rls-policies

steps:
- name: Comment PR with RLS Status
uses: actions/github-script@v9
Expand All @@ -111,4 +111,4 @@ jobs:
owner: context.repo.owner,
repo: context.repo.repo,
body: '✅ **RLS Policy Audit Passed**\n\nAll tables in the database have Row Level Security enabled with appropriate policies. Your changes maintain data security compliance.'
});
});
2 changes: 1 addition & 1 deletion .github/workflows/test.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -85,7 +85,7 @@ jobs:
cache-dependency-path: backend/package-lock.json

- name: Install dependencies
run: npm ci
run: npm install

- name: Run tests with coverage
run: npm test -- --coverage --ci
Expand Down
10 changes: 5 additions & 5 deletions .github/workflows/typecheck.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ on:
workflow_dispatch:
inputs:
force_full_run:
description: 'Force a full typecheck run'
description: "Force a full typecheck run"
type: boolean
default: false

Expand Down Expand Up @@ -54,7 +54,7 @@ jobs:
fail-fast: false
matrix:
package: [backend, client, sdk, shared, root]

if: |
needs.changes.outputs.force_full_run == 'true' ||
(matrix.package == 'backend' && needs.changes.outputs.backend == 'true') ||
Expand All @@ -65,15 +65,15 @@ jobs:

steps:
- uses: actions/checkout@v6

- uses: actions/setup-node@v6
with:
node-version: "20"
cache: "npm"

- name: Install dependencies
run: npm install

- name: Run Typecheck
run: |
if [ "${{ matrix.package }}" = "root" ]; then
Expand Down
Loading
Loading