Documentation
Supabase Deployment Guide
Project-Agent-trust-merge / SUPABASE_DEPLOYMENT_GUIDE.md
Prerequisites
- Supabase CLI installed:
npm install -g @supabase/cli - OR access to Supabase Dashboard
- Project linked:
supabase link --project-ref <project-ref>
Step 1: Deploy Migrations
All SQL migrations in arxsec-api/migrations/ must be applied to your Supabase instance.
Option A: Using Supabase Dashboard
- Go to https://app.supabase.com
- Select your project
- Navigate to SQL Editor
- For each migration file (in order):
- Click "New Query"
- Copy entire contents of migration file
- Click "Run"
Option B: Using Supabase CLI
``bash cd arxsec-api supabase db push --linked ``
Migration Order (IMPORTANT):
- 001_initial_schema.sql
- 002_connector_credentials.sql
- 002_sso_providers.sql
- 003_enterprise_features.sql
- 003_scim.sql
- 004_ip_allowlist_rate_limits.sql
- 004_slack_approval_fields.sql
- 005_framework_mappings.sql
- 005_mcp_tokens.sql
- 005_siem_integrations.sql
- 006_cmek_notifications.sql
- 007_connector_discoveries.sql
- 008_onboarding.sql
- 009_geordie_integration.sql
- 010_agents_geordie_columns.sql
- 011_llm_provider_ha.sql
- 012_enforcement_audit.sql
- 013_approval_escalation_chain.sql
- approval_mitl_schema.sql
- inventory_schema.sql
Step 2: Deploy Edge Functions
Option A: Using Supabase Dashboard
- Go to https://app.supabase.com
- Select your project
- Navigate to Edge Functions
- For each function:
- Click "Create new function"
- Copy contents of index.ts
- Deploy
Option B: Using Supabase CLI
``bash cd arxsec-api/supabase supabase functions deploy drift-check --linked supabase functions deploy approval-notify --linked supabase functions deploy on-signup --linked ``
Step 3: Configure Webhooks & Triggers
For approval-notify function:
- Go to Database → Webhooks
- Create webhook:
- Table:
approval_requests - Events: INSERT
- URL:
https://<project>.supabase.co/functions/v1/approval-notify - Headers:
Authorization: Bearer <anon-key>
For on-signup function:
- Go to Auth → Webhooks
- Create webhook:
- Event: User signed up
- URL:
https://<project>.supabase.co/functions/v1/on-signup
For drift-check function (Scheduled):
Option A: Using Supabase Enterprise Scheduled Functions
- Go to Edge Functions → drift-check
- Enable scheduled function
- Set schedule:
0 * * * *(hourly)
Option B: Using External Cron Service ```bash
Call every hour
curl -X POST https://<project>.supabase.co/functions/v1/drift-check \ -H "Authorization: Bearer <anon-key>" \ -H "Content-Type: application/json" ```
Step 4: Set Environment Variables
In Supabase Dashboard → Project Settings → Environment Variables:
`` SUPABASE_URL=https://<project>.supabase.co SUPABASE_SERVICE_ROLE_KEY=<service-role-key> SLACK_WEBHOOK_URL=https://hooks.slack.com/services/... (optional, for approvals) ``
Verification
Check Migrations
``bash supabase status --linked ``
Check Edge Functions
``bash supabase functions list --linked supabase functions logs drift-check --linked ``
Test drift-check
``bash curl https://<project>.supabase.co/functions/v1/drift-check \ -H "Authorization: Bearer <anon-key>" \ -H "Content-Type: application/json" ``
Troubleshooting
Migration fails: Check for syntax errors and ensure migrations run in order Function deployment fails: Verify function has valid TypeScript and imports Webhook not triggering: Check webhook logs in Supabase dashboard Scheduled function not running: Verify cron schedule and function logs
Support
Check Supabase logs:
- Dashboard → Function Details → Logs
- Dashboard → Database → Webhooks → Logs
- CLI:
supabase functions logs <function-name> --linked -n 100