fix(cli): generate non-TypeScript types from project refs#5622
fix(cli): generate non-TypeScript types from project refs#5622avallete wants to merge 17 commits into
Conversation
avallete
changed the title
…with-project-id-fails-and-db-url
…with-project-id-fails-and-db-url
Supabase CLI previewnpx --yes https://pkg.pr.new/supabase/cli/supabase@43144279a212bf0902aa0e2c034144f01d51f099Preview package for commit |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 6314b35001
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 864fdd786b
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
…with-project-id-fails-and-db-url
Non-TypeScript project-ref typegen probed GET /v1/projects/{ref} and only
fell back to the branch config endpoint when the 404 body contained the
literal "Preview branch not found". The Management API's 404 wording is
not guaranteed, so a differently-worded body would fail instead of
falling back. Match the link handler, which treats any 404 from that
endpoint as the preview-branch case.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_017iEY7hzWEw2bGaURyXJmAm
Non-TypeScript `gen types --project-id <ref>` resolved the database connection through the linked DB resolver with the linked-workdir contract, which imported two assumptions that do not hold for an explicit, possibly-unrelated ref: - it read the ambient SUPABASE_DB_PASSWORD (shell / .env*) and, when the direct host was reachable, handed pg-meta that password instead of minting a temporary login role — sending an unrelated workdir password to a remote project; and - on an IPv4-only network it only consulted the saved .temp/pooler-url (which belongs to the linked workdir) and otherwise failed with the IPv6 "run supabase link" suggestion, even though the command already holds a Management API token. Add an `adHocProjectRef` resolver flag, set only for the explicit `--project-id` path (not `--linked`). In that mode the resolver ignores the ambient password (always minting a temp role) and, when the direct host is unreachable, fetches the primary pooler config for the ref from the Management API while ignoring the workdir's saved pooler URL. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_017iEY7hzWEw2bGaURyXJmAm
…with-project-id-fails-and-db-url Resolve conflicts in functions/deploy realpath handling: adopt develop's `realpathIfExists` helper (deploy.ts) and `expectedDockerBind` test helper, which subsume this branch's equivalent `realpath`/`dockerBindSpec` changes. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_017iEY7hzWEw2bGaURyXJmAm
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: d23fac674e
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
# Conflicts: # apps/cli/src/legacy/commands/gen/types/types.integration.test.ts # apps/cli/src/legacy/shared/legacy-db-config.layer.ts
…with-project-id-fails-and-db-url
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 56f9b60d56
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 43144279a2
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| return yield* Effect.gen(function* () { | ||
| const projectRef = yield* LegacyProjectRefResolver; | ||
| const refOpt = yield* projectRef.resolveOptional(Option.none()); | ||
| const refOpt = yield* projectRef.resolveOptional(flags.linkedProjectRef ?? Option.none()); |
There was a problem hiding this comment.
For gen types --project-id <ref> --lang go|swift|python, this retry path now resolves the explicit ref, but it still ignores flags.adHocProjectRef when reading the password and pooler URL a few lines later. If the current workdir has SUPABASE_DB_PASSWORD or a saved .temp/pooler-url for a different linked project, the container IPv6 retry can either use the unrelated password or reject the saved pooler URL and never fetch the explicit ref's pooler config, so the new pooler fallback still fails in linked workdirs even though the initial resolver correctly isolated ad-hoc refs.
Useful? React with 👍 / 👎.
|
|
||
| function tokenlessEnv(profilePath: string) { | ||
| return { | ||
| SUPABASE_ACCESS_TOKEN: "", |
There was a problem hiding this comment.
When this local e2e runs from a developer/CI shell that already has SUPABASE_WORKDIR or SUPABASE_DB_PASSWORD, runSupabase inherits those variables before applying this env. SUPABASE_WORKDIR makes the CLI ignore cwd: project.dir, and SUPABASE_DB_PASSWORD is used by localDbPassword() while the test container is always started with POSTGRES_PASSWORD=postgres, so supabase gen types --local can fail or read the wrong project even though the test setup is correct.
Useful? React with 👍 / 👎.
| { | ||
| home: home.dir, | ||
| env: { SUPABASE_ACCESS_TOKEN: remoteAccessToken }, | ||
| entrypoint: "legacy", | ||
| exitTimeoutMs: TYPEGEN_TIMEOUT_MS, |
There was a problem hiding this comment.
When SUPABASE_TYPEGEN_E2E_REMOTE=1, these runSupabase calls inherit Vitest's cwd because no cwd or SUPABASE_WORKDIR is supplied. Fresh evidence after the cache-file removal: the current remote e2e still exercises the legacy --project-id path, whose linked-project cache finalizer writes supabase/.temp/linked-project.json under that cwd on a successful project response, dirtying the checkout and recording the real project ref/name/org from the test account.
Useful? React with 👍 / 👎.
3 participants
What changed
supabase gen types --project-idgenerate Go, Swift, and Python types by resolving a temporary database connection and running pg-meta.Why
Python type generation with
--project-idfailed before it could reach pg-meta, and the first fix used the preview-branch config endpoint. Production project refs return404 Preview branch not foundfrom that endpoint because/v1/branches/{ref}is branch-only.Non-TypeScript type generation is still pg-meta-based, so project-ref flows need to construct a live database connection instead of calling the TypeScript-only typegen endpoint or asking the user to provide
--db-url.Reviewer context
Non-TypeScript project-ref generation still requires Docker because it continues to use pg-meta. The change is limited to how the CLI resolves the database connection for project refs: it fetches the project database host and creates a temporary login role rather than reading or storing the project's database password.
The live remote e2e matrix is skipped unless
SUPABASE_TYPEGEN_E2E_REMOTE=1,SUPABASE_TEST_PROJECT_REF, andSUPABASE_ACCESS_TOKENare set. The local e2e matrix runs without a token and points the API profile at an unreachable local URL to catch accidental Management API usage on the--localpath.Closes CLI-1812