Conversation
built with Refined Cloudflare Pages Action⚡ Cloudflare Pages Deployment
|
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
blueprints/supabase/template.toml
Outdated
| logflare_api_key = "${password:32}" | ||
| logflare_public = "${password:32}, |
There was a problem hiding this comment.
Missing closing quotes causing TOML syntax error
| logflare_api_key = "${password:32}" | |
| logflare_public = "${password:32}, | |
| logflare_public = "${password:32}" | |
| logflare_private = "${password:32}" |
blueprints/supabase/template.toml
Outdated
| - name: realtime-v1-ws | ||
| _comment: 'Realtime: /realtime/v1/* -> ws://realtime:4000/socket/*' | ||
| url: http://realtime-dev.${CONTAINER_PREFIX}-realtime:4000/socket | ||
| url: http://realtime:4000/socket |
There was a problem hiding this comment.
The realtime URL no longer matches the container name in docker-compose.yml. The container was renamed from realtime-dev.${CONTAINER_PREFIX}-realtime to ${CONTAINER_PREFIX}-realtime, so Kong cannot route to the service.
| url: http://realtime:4000/socket | |
| url: http://${CONTAINER_PREFIX}-realtime:4000/socket |
blueprints/supabase/template.toml
Outdated
| - name: realtime-v1-rest | ||
| _comment: 'Realtime: /realtime/v1/* -> ws://realtime:4000/socket/*' | ||
| url: http://realtime-dev.${CONTAINER_PREFIX}-realtime:4000/api | ||
| url: http://realtime:4000/api |
There was a problem hiding this comment.
Same issue - the realtime REST URL needs to match the new container name.
| url: http://realtime:4000/api | |
| url: http://${CONTAINER_PREFIX}-realtime:4000/api |
blueprints/supabase/template.toml
Outdated
| type: docker_logs | ||
| exclude_containers: | ||
| - ${container_name_prefix}-vector | ||
| - supabase-vector |
There was a problem hiding this comment.
Hardcoded container name breaks multi-instance support. Should use the ${CONTAINER_PREFIX} variable to match other instances.
| - supabase-vector | |
| - ${CONTAINER_PREFIX}-vector |
…nd logflare_private keys
There was a problem hiding this comment.
Pull request overview
Updates the Supabase Dokploy blueprint to the 1.26.01 upstream stack and adjusts configuration intended to better support running multiple instances (container naming, logging/vector routing, and new env/config knobs).
Changes:
- Bump Supabase version string in
meta.json. - Update Supabase blueprint
docker-compose.ymlimages/config and introduce additional env/volume settings. - Update
template.tomlvariables/env, Kong routes, Edge Functions handler, and Vector log processing/sinks.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 5 comments.
| File | Description |
|---|---|
meta.json |
Updates the Supabase template version string to 1.26.01. |
blueprints/supabase/template.toml |
Adds new variables/env and updates mounts (Edge Functions + Vector/Kong/logging). |
blueprints/supabase/docker-compose.yml |
Updates images and wiring for services to match the newer Supabase self-hosting setup and multi-instance intent. |
Comments suppressed due to low confidence (3)
blueprints/supabase/docker-compose.yml:56
- Studio mounts Edge Functions sources from
./volumes/functions, but the runtime container (functions) mounts them from../files/volumes/functions. With different host paths, edits made via Studio won’t be reflected in the Edge Runtime (and vice versa); mount the same directory in both services.
SNIPPETS_MANAGEMENT_FOLDER: /app/snippets
EDGE_FUNCTIONS_MANAGEMENT_FOLDER: /app/edge-functions
volumes:
- ./volumes/snippets:/app/snippets:Z
- ./volumes/functions:/app/edge-functions:Z
blueprints/supabase/docker-compose.yml:283
- Storage/imgproxy volumes were switched from the template-managed
../files/volumes/...layout to./volumes/storage. This is a breaking change for upgrades/backups and is inconsistent with the rest of this template’s mounts (db/functions/vector still use../files/volumes/...). Consider keeping storage under the same base path or documenting the migration impact.
volumes:
- ./volumes/storage:/var/lib/storage:z
imgproxy:
container_name: ${CONTAINER_PREFIX}-imgproxy
image: darthsim/imgproxy:v3.30.1
restart: unless-stopped
volumes:
- ./volumes/storage:/var/lib/storage:z
healthcheck:
blueprints/supabase/docker-compose.yml:8
name: ${CONTAINER_PREFIX}-supabasewill double-append-supabasebecauseCONTAINER_PREFIXis already set to${APP_NAME}-supabasein template.toml. This produces project names like<app>-supabase-supabaseand likely isn’t intended; use either${CONTAINER_PREFIX}or drop the extra suffix.
name: ${CONTAINER_PREFIX}-supabase
blueprints/supabase/template.toml
Outdated
| type: docker_logs | ||
| exclude_containers: | ||
| - ${container_name_prefix}-vector | ||
| - supabase-vector |
There was a problem hiding this comment.
Vector is configured to exclude logs from supabase-vector, but the actual container name is ${CONTAINER_PREFIX}-vector. This will cause Vector to ingest its own logs (feedback loop) and increase noise/CPU; update exclude_containers to match the configured container name/prefix.
| - supabase-vector | |
| - "${CONTAINER_PREFIX}-vector" |
| ports: # expose supavisor to the host to enable db pooler connection | ||
| - ${POSTGRES_PORT}:5432 | ||
| - ${POOLER_PROXY_PORT_TRANSACTION}:6543 | ||
| expose: # expose supavisor to the host to enable db pooler connection |
There was a problem hiding this comment.
expose does not publish ports to the host, but the comment says it does (“expose supavisor to the host”). If external clients are expected to reach the pooler, this needs ports (or Dokploy-specific TCP exposure) rather than expose; otherwise, adjust the comment and any docs/env defaults accordingly.
| expose: # expose supavisor to the host to enable db pooler connection | |
| expose: # expose supavisor ports to other services (internal network) for db pooler connections |
| if parsed.level != null { | ||
| .metadata.parsed.error_severity = parsed.level |
There was a problem hiding this comment.
In the db_logs transform, parsed can be null (you explicitly check parsed == null above), but the next condition dereferences parsed.level. This will error when the regex doesn’t match; guard with parsed != null before accessing .level (or combine the checks).
| if parsed.level != null { | |
| .metadata.parsed.error_severity = parsed.level | |
| if parsed != null && parsed.level != null { | |
| .metadata.parsed.error_severity = parsed.level |
| main_domain = "${domain}" | ||
| postgres_password = "${password:32}" | ||
| dashboard_password = "${password:32}" | ||
| logflare_api_key = "${password:32}" |
There was a problem hiding this comment.
logflare_public and logflare_private definitions are syntactically invalid TOML (missing closing quote/brace), which will break template parsing. Also logflare_api_key is now unused after switching to public/private access tokens—consider removing it to avoid confusion.
| logflare_api_key = "${password:32}" |
| # This container name looks inconsistent but is correct because realtime constructs tenant id by parsing the subdomain | ||
| container_name: realtime-dev.${CONTAINER_PREFIX}-realtime | ||
| image: supabase/realtime:v2.34.47 | ||
| container_name: ${CONTAINER_PREFIX}-realtime |
There was a problem hiding this comment.
The comment says the Realtime container name must include the realtime-dev. prefix because Realtime derives the tenant id from the subdomain, but container_name was changed to ${CONTAINER_PREFIX}-realtime. This no longer matches the healthcheck tenant (/api/tenants/realtime-dev/health) and may break tenant discovery; keep the realtime-dev. prefix (or set an explicit hostname) so the tenant id remains consistent.
| container_name: ${CONTAINER_PREFIX}-realtime | |
| container_name: realtime-dev.${CONTAINER_PREFIX}-realtime |
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.
Comments suppressed due to low confidence (2)
blueprints/supabase/template.toml:15
- Inconsistent spacing around equals signs. Lines 13-15 are missing spaces around
=, while all other variable assignments in this file use spaces (e.g., line 3:postgres_password = "${password:32}"). This inconsistency should be fixed for code style uniformity.
s3_protocol_id="${password:32}"
s3_protocol_secret="${password:64}"
minio_password="${password:32}"
blueprints/supabase/docker-compose.yml:205
- The healthcheck URL uses the hardcoded tenant ID
realtime-dev, but according to the comment on line 184, "realtime constructs tenant id by parsing the subdomain". With the new container naming scheme (${CONTAINER_PREFIX}-realtime), the tenant ID should match the expected format. Verify thatrealtime-devis still the correct tenant ID to use in the healthcheck, or if it should be updated to match the new naming convention.
"http://localhost:4000/api/tenants/realtime-dev/health"
| '# Google Cloud Project details', | ||
| 'GOOGLE_PROJECT_ID=GOOGLE_PROJECT_ID', | ||
| 'GOOGLE_PROJECT_NUMBER=GOOGLE_PROJECT_NUMBER'] | ||
| 'GOOGLE_PROJECT_NUMBER=GOOGLE_PROJECT_NUMBER', |
There was a problem hiding this comment.
Missing comma after 'GOOGLE_PROJECT_NUMBER=GOOGLE_PROJECT_NUMBER' on line 180. The next line starts a new comment section, but since this is within the env array, line 180 needs a trailing comma to be valid TOML array syntax.
| image: supabase/edge-runtime:v1.70.3 | ||
| restart: unless-stopped | ||
| volumes: | ||
| - ../files/volumes/functions:/home/deno/functions:Z |
There was a problem hiding this comment.
Volume path mismatch for edge functions. The studio service mounts ./volumes/functions:/app/edge-functions:Z (line 56) but the functions service mounts ../files/volumes/functions:/home/deno/functions:Z (line 324). These are different paths on the host filesystem, which means studio and the functions runtime won't share the same edge functions. Both should reference the same directory - either both should use ./volumes/functions or both should use ../files/volumes/functions.
| - ../files/volumes/functions:/home/deno/functions:Z | |
| - ./volumes/functions:/home/deno/functions:Z |
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.
Comments suppressed due to low confidence (3)
blueprints/supabase/template.toml:173
logflare_api_key/LOGFLARE_API_KEYis still being generated and exported, but nothing in the updated compose config consumes it anymore (Studio now usesLOGFLARE_PUBLIC_ACCESS_TOKEN). Consider removing this variable/env entry or wiring it consistently to avoid confusion and stale secrets.
'LOGFLARE_API_KEY=${logflare_api_key}',
'',
'LOGFLARE_PUBLIC_ACCESS_TOKEN=${logflare_public}',
'LOGFLARE_PRIVATE_ACCESS_TOKEN=${logflare_private}',
blueprints/supabase/template.toml:193
- The env comment says these MinIO credentials are “Used in docker-compose.s3.yml for minio”, but this blueprint directory doesn’t include a
docker-compose.s3.yml. Either add the referenced compose file or update/remove the comment so the template doesn’t point users to a non-existent file.
'# Used in docker-compose.s3.yml for minio',
'MINIO_ROOT_USER=supa-storage',
'MINIO_ROOT_PASSWORD=${minio_password}']
blueprints/supabase/docker-compose.yml:23
- Studio’s healthcheck is targeting
http://${CONTAINER_PREFIX}-studio:3000/...(container name). Since the check runs inside the Studio container, usinghttp://localhost:3000/...avoids relying on Docker DNS/aliases and on compose-time variable interpolation for the hostname.
"-e",
"fetch('http://${CONTAINER_PREFIX}-studio:3000/api/platform/profile').then((r) => {if (r.status !== 200) throw new Error(r.status)})"
]
| .metadata.response.status_code = req.status | ||
| url, split_err = split(req.request, " ") | ||
| if split_err == null { | ||
| .metadata.request.method = url[0] | ||
| .metadata.request.path = url[1] | ||
| .metadata.request.protocol = url[2] |
There was a problem hiding this comment.
In Vector VRL, split() returns only an array (no (value, err) tuple). The url, split_err = split(req.request, " ") assignment will fail at runtime and break Kong access-log parsing. Assign the result to a single variable and validate its length/indexes before reading url[0..2].
| .metadata.parsed.error_severity = "info" | ||
| } | ||
| if parsed != null { | ||
| if parsed.level != null { |
There was a problem hiding this comment.
parsed can be null when parse_regex fails; referencing parsed.level without first checking parsed != null can error in VRL and break DB log processing. Keep the null guard (e.g., check parsed != null before accessing .level).
| if parsed.level != null { | |
| if parsed != null && parsed.level != null { |
What is this PR about?
New PR of Supabase is updated according to the original .yml and configured to allow multiple instances.
Checklist
Before submitting this PR, please make sure that:
Greptile Summary
Updates Supabase template from version 1.25.04 to 1.26.01 with multiple component version upgrades and configuration improvements. The PR includes changes to support multiple Supabase instances and aligns with the upstream Supabase docker-compose configuration.
Critical Issues Found:
Notable Changes:
../files/volumes/storageto./volumes/storagefor consistencyConfidence Score: 1/5
blueprints/supabase/template.tomlrequires immediate attention for syntax errors and configuration mismatchesLast reviewed commit: 6fd70d0
(5/5) You can turn off certain types of comments like style here!