• Home
  • Features
  • Pricing
  • Docs
  • Announcements
  • Sign In

supabase / cli / 18301951761

07 Oct 2025 04:22AM UTC coverage: 54.651% (-0.03%) from 54.677%
18301951761

Pull #4259

github

web-flow
Merge c65e74af5 into bb968ebfe
Pull Request #4259: chore(deps): bump supabase/postgres from 17.6.1.013 to 17.6.1.015 in /pkg/config/templates

6404 of 11718 relevant lines covered (54.65%)

6.09 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

12.9
/internal/gen/keys/keys.go
1
package keys
2

3
import (
4
        "context"
5
        "crypto/sha256"
6
        "encoding/hex"
7
        "fmt"
8
        "os"
9
        "strings"
10

11
        "github.com/go-errors/errors"
12
        "github.com/go-git/go-git/v5"
13
        "github.com/spf13/afero"
14
        "github.com/supabase/cli/internal/utils"
15
        "github.com/supabase/cli/pkg/config"
16
)
17

18
type CustomName struct {
19
        DbHost         string `env:"db.host,default=NEXT_PUBLIC_SUPABASE_URL"`
20
        DbPassword     string `env:"db.password,default=SUPABASE_DB_PASSWORD"`
21
        JWTSecret      string `env:"db.password,default=SUPABASE_AUTH_JWT_SECRET"`
22
        AnonKey        string `env:"auth.anon_key,default=SUPABASE_AUTH_ANON_KEY"`
23
        ServiceRoleKey string `env:"auth.service_role_key,default=SUPABASE_AUTH_SERVICE_ROLE_KEY"`
24
}
25

26
func Run(ctx context.Context, projectRef, format string, names CustomName, fsys afero.Fs) error {
×
27
        branch := GetGitBranch(fsys)
×
28
        if err := GenerateSecrets(ctx, projectRef, branch, fsys); err != nil {
×
29
                return err
×
30
        }
×
31
        return utils.EncodeOutput(format, os.Stdout, map[string]string{
×
32
                names.DbHost:         fmt.Sprintf("%s-%s.fly.dev", projectRef, branch),
×
33
                names.DbPassword:     utils.Config.Db.Password,
×
34
                names.JWTSecret:      utils.Config.Auth.JwtSecret.Value,
×
35
                names.AnonKey:        utils.Config.Auth.AnonKey.Value,
×
36
                names.ServiceRoleKey: utils.Config.Auth.ServiceRoleKey.Value,
×
37
        })
×
38
}
39

40
func GenerateSecrets(ctx context.Context, projectRef, branch string, fsys afero.Fs) error {
×
41
        // Load JWT secret from api
×
42
        resp, err := utils.GetSupabase().V1GetPostgrestServiceConfigWithResponse(ctx, projectRef)
×
43
        if err != nil {
×
44
                return errors.Errorf("failed to get postgrest config: %w", err)
×
45
        }
×
46
        if resp.JSON200 == nil {
×
47
                return errors.New("Unexpected error retrieving JWT secret: " + string(resp.Body))
×
48
        }
×
49
        utils.Config.Auth.JwtSecret.Value = *resp.JSON200.JwtSecret
×
50
        // Generate database password
×
51
        key := strings.Join([]string{
×
52
                projectRef,
×
53
                utils.Config.Auth.JwtSecret.Value,
×
54
                branch,
×
55
        }, ":")
×
56
        hash := sha256.Sum256([]byte(key))
×
57
        utils.Config.Db.Password = hex.EncodeToString(hash[:])
×
58
        // Generate JWT tokens
×
59
        anonToken := config.CustomClaims{
×
60
                Issuer: "supabase",
×
61
                Ref:    projectRef,
×
62
                Role:   "anon",
×
63
        }.NewToken()
×
64
        if utils.Config.Auth.AnonKey.Value, err = anonToken.SignedString([]byte(utils.Config.Auth.JwtSecret.Value)); err != nil {
×
65
                return errors.Errorf("failed to sign anon key: %w", err)
×
66
        }
×
67
        serviceToken := config.CustomClaims{
×
68
                Issuer: "supabase",
×
69
                Ref:    projectRef,
×
70
                Role:   "service_role",
×
71
        }.NewToken()
×
72
        if utils.Config.Auth.ServiceRoleKey.Value, err = serviceToken.SignedString([]byte(utils.Config.Auth.JwtSecret.Value)); err != nil {
×
73
                return errors.Errorf("failed to sign service_role key: %w", err)
×
74
        }
×
75
        return nil
×
76
}
77

78
func GetGitBranch(fsys afero.Fs) string {
2✔
79
        return GetGitBranchOrDefault("main", fsys)
2✔
80
}
2✔
81

82
func GetGitBranchOrDefault(def string, fsys afero.Fs) string {
5✔
83
        head := os.Getenv("GITHUB_HEAD_REF")
5✔
84
        if len(head) > 0 {
10✔
85
                return head
5✔
86
        }
5✔
87
        opts := &git.PlainOpenOptions{DetectDotGit: true}
×
88
        if repo, err := git.PlainOpenWithOptions(".", opts); err == nil {
×
89
                if ref, err := repo.Head(); err == nil {
×
90
                        return ref.Name().Short()
×
91
                }
×
92
        }
93
        return def
×
94
}
STATUS · Troubleshooting · Open an Issue · Sales · Support · CAREERS · ENTERPRISE · START FREE · SCHEDULE DEMO
ANNOUNCEMENTS · TWITTER · TOS & SLA · Supported CI Services · What's a CI service? · Automated Testing

© 2025 Coveralls, Inc