CollabOps
CI/CDTemplatesSystem Templates

Supabase

Supabase DB migrations and Edge Functions deployment

collabops/supabase-migration@v1

On-Premise: ❌ — requires Supabase connectivity

Runs Supabase DB migrations. Validates schema with lint before applying.

InputRequiredDefaultDescription
access-tokenYES-Supabase Access Token. $\{\{ secrets.SUPABASE_ACCESS_TOKEN \}\} recommended
project-refYES-Supabase project reference ID
db-passwordYES-Supabase DB password. $\{\{ secrets.SUPABASE_DB_PASSWORD \}\} recommended
lint-levelNO"warning"Lint failure threshold (none, warning, error)
dry-runNO"false"Preview migration without applying

Examples

Basic — apply to staging

jobs:
  migrate:
    steps:
      - name: checkout
        uses: "collabops/checkout@v2"
        with:
          repo-url: "https://<collabops-host>/<workspace>/<repository>.git"
      - name: supabase-migrate
        uses: "collabops/supabase-migration@v1"
        with:
          access-token: ${{ secrets.SUPABASE_ACCESS_TOKEN }}
          project-ref: ${{ secrets.SUPABASE_PROJECT_REF_STAGING }}
          db-password: ${{ secrets.SUPABASE_DB_PASSWORD_STAGING }}

PR validation — dry-run + error level

# Change Request trigger — fires only when supabase/migrations/ changes.
triggers:
  change_request:
    branches: [main]
    paths: ["supabase/migrations/**"]

jobs:
  migrate-preview:
    steps:
      - name: checkout
        uses: "collabops/checkout@v2"
        with:
          repo-url: "https://<collabops-host>/<workspace>/<repository>.git"
      - name: supabase-dry-run
        uses: "collabops/supabase-migration@v1"
        with:
          access-token: ${{ secrets.SUPABASE_ACCESS_TOKEN }}
          project-ref: ${{ secrets.SUPABASE_PROJECT_REF_STAGING }}
          db-password: ${{ secrets.SUPABASE_DB_PASSWORD_STAGING }}
          # Block on error only — warnings do not stop the PR.
          lint-level: error
          # Validate without applying changes.
          dry-run: "true"

Key points — Keep project-ref + db-password per environment (prod/staging) as separate secrets. On PRs run dry-run: "true" for lint + plan; apply only after merging to main in a separate Job. Choose lint-level (warning|error) deliberately — pick the bar at which PRs must fail.

collabops/supabase-functions-deploy@v1

On-Premise: ❌ — requires Supabase connectivity

Deploys Supabase Edge Functions. Can deploy a specific function or all functions.

InputRequiredDefaultDescription
access-tokenYES-Supabase Access Token. $\{\{ secrets.SUPABASE_ACCESS_TOKEN \}\} recommended
project-refYES-Supabase project reference ID
function-nameNO""Function name to deploy (deploys all if empty)

Examples

Deploy every Edge Function

jobs:
  deploy-functions:
    steps:
      - name: checkout
        uses: "collabops/checkout@v2"
        with:
          repo-url: "https://<collabops-host>/<workspace>/<repository>.git"
      # Omit function-name → deploys everything under supabase/functions/.
      - name: deploy-edge-functions
        uses: "collabops/supabase-functions-deploy@v1"
        with:
          access-token: ${{ secrets.SUPABASE_ACCESS_TOKEN }}
          project-ref: ${{ secrets.SUPABASE_PROJECT_REF_PROD }}

Deploy a single function

jobs:
  deploy-one:
    steps:
      - name: checkout
        uses: "collabops/checkout@v2"
        with:
          repo-url: "https://<collabops-host>/<workspace>/<repository>.git"
      - name: deploy-single-fn
        uses: "collabops/supabase-functions-deploy@v1"
        with:
          access-token: ${{ secrets.SUPABASE_ACCESS_TOKEN }}
          project-ref: ${{ secrets.SUPABASE_PROJECT_REF_PROD }}
          # Useful for hot-fix style deploys of a single function.
          function-name: send-webhook

Key points — Without function-name the whole supabase/functions/ tree is deployed. Per-function environment variables live as Supabase secrets and are out of scope for this template. Keep large changes in a Job separate from the migration flow for safer rollouts.

Hosting

Deployment templates for Vercel, Firebase, Fly.io, Convex, and SSH

Utilities

npm package publishing and Slack notifications

Table of Contents

collabops/supabase-migration@v1ExamplesBasic — apply to stagingPR validation — dry-run + error levelcollabops/supabase-functions-deploy@v1ExamplesDeploy every Edge FunctionDeploy a single function