Add missing storage-bucket creation to the migration chain (drift fix)#738
Conversation
The clinical-documents and clinical-images buckets were declared only in supabase/schema.sql. The migration chain created the storage.objects RLS policies that reference them (20260527000000_bulk_ingestion.sql) but never the buckets, so a database built by replaying migrations had policies for buckets that did not exist and uploads failed until the buckets were created out-of-band. Add a migration mirroring schema.sql's bucket inserts (idempotent, on conflict do update set public = false), so a migrated-from-scratch DB and the CI `supabase db reset` replay have the buckets. schema.sql and the drift manifest already declare them, so no reconciliation edit is needed. Verified offline: change-scope classifies it db_changed (so the CI migration replay runs), the inserts mirror schema.sql exactly, prettier skips .sql, and 79 drift/schema/storage unit tests pass. The replay itself (supabase db reset) runs in CI's db-reset-verify job; it is not runnable locally here (no Supabase Docker / provider boundary). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_019UQUcNriJUVSGRhWz794RQ
…heckout When a PR is opened before scripts/pr-policy.mjs existed on main, the pull_request_target workflow checked out the exact base.sha (fd79bc8) which predated the script, causing ERR_MODULE_NOT_FOUND. Fix: use github.base_ref (the branch name, e.g. "main") instead of github.event.pull_request.base.sha. This always checks out the current tip of the base branch, ensuring the policy script is always available. The pull_request_target security model is preserved: only base-branch code is checked out, never the PR head.
Fixed 1 file(s) based on 1 unresolved review comment. Co-authored-by: CodeRabbit <noreply@coderabbit.ai>
Re-export the storage-bucket migration branch for a PR with complete policy evidence (verification, risk/rollout, clinical governance). Co-Authored-By: Cursor Agent <cursoragent@cursor.com>
|
This pull request has been ignored for the connected project Preview Branches by Supabase. |
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Path: .coderabbit.yaml Review profile: CHILL Plan: Pro Plus Run ID: 📒 Files selected for processing (1)
🚧 Files skipped from review as they are similar to previous changes (1)
📝 WalkthroughWalkthroughThe PR updates trusted policy checkout to use the base branch reference and adds a replay-safe migration that creates or updates the ChangesTrusted policy checkout
Storage bucket migration
Estimated code review effort: 2 (Simple) | ~10 minutes Possibly related PRs
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@supabase/migrations/20260717139000_create_storage_buckets.sql`:
- Around line 10-11: Update the idempotency comment in the storage bucket
migration to state that existing buckets have their name, public setting, file
size limit, and allowed MIME types reconciled with the migration values,
matching the conflict branches for both buckets.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro Plus
Run ID: a86d2740-e376-4ad3-bf7d-6befa79eef42
📒 Files selected for processing (2)
.github/workflows/pr-policy.ymlsupabase/migrations/20260717139000_create_storage_buckets.sql
Co-authored-by: BigSimmo <BigSimmo@users.noreply.github.com>
Match the comment to the ON CONFLICT updates for name, size limit, and MIME types. Co-authored-by: BigSimmo <BigSimmo@users.noreply.github.com>
Summary
Adds the missing
clinical-documentsandclinical-imagesstorage bucket creation to the Supabase migration chain so databases built by replaying migrations matchschema.sqland CIdb-reset-verify.This supersedes PR #710 with the same migration content plus a complete PR-policy evidence body (the cloud token cannot edit existing PR descriptions).
Verification
npm run verify:pr-local(format + cheap gate; SQL-only change — no app/UI build path required)supabase/migrationsstorage-bucket SQL and an unrelated PR-policy checkout path fix from the source branch.supabase db reset) passed on PR Add missing storage-bucket creation to the migration chain (drift fix) #710 head carrying this migrationRisk and rollout
Clinical Governance Preflight
Clinical KB Database(sjrfecxgysukkwxsowpy)Notes
Summary by CodeRabbit