DEV Community: Faouzane BATIGA The latest articles on DEV Community by Faouzane BATIGA (@faouzane_batiga_d9d321705). https://dev.to/faouzane_batiga_d9d321705 https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3357701%2Fd463276b-8892-40a1-99ec-858301db534a.png DEV Community: Faouzane BATIGA https://dev.to/faouzane_batiga_d9d321705 en How to Keep Your Entire Supabase Database (policies, functions, triggers, cron) synced across envs Faouzane BATIGA Tue, 15 Jul 2025 19:51:57 +0000 https://dev.to/faouzane_batiga_d9d321705/how-to-keep-your-entire-supabase-database-state-in-your-repository-3468 https://dev.to/faouzane_batiga_d9d321705/how-to-keep-your-entire-supabase-database-state-in-your-repository-3468 <p>Following a conversation on the Supabase reddit i felt like i should share my setup to help some people.</p> <h2> The Problem </h2> <p>I was constantly running into issues where:</p> <ul> <li> <strong>RLS UI is annoying</strong> - managing policies through Supabase dashboard is clunky and error-prone</li> <li> <strong>RLS deployment bugs</strong> - policies weren't being deployed as part of go-live, or were named differently from what they actually do</li> <li>My local database was different from staging</li> <li>Staging was different from production</li> <li>Database functions, triggers, and policies were getting lost</li> <li>Cron jobs would disappear after deployments</li> <li>Team members had inconsistent database states</li> <li> <strong>Row Level Security policies would drift</strong> - manual changes in Supabase dashboard weren't in code</li> </ul> <h2> Why Create Your Own Migration Runner? </h2> <p>You might be thinking: "Supabase has its own migration system, why reinvent the wheel?"</p> <p>Here's why I built my own:</p> <ul> <li> <strong>I was tired of needing to diff the database every time</strong> I needed to create a table or add a column</li> <li> <strong>I'm fluent in SQL</strong>, so I don't want to use the Supabase UI for database changes</li> <li> <strong>Supabase migration system kept breaking</strong> and often required resetting the database state (#annoying #shittyDx)</li> </ul> <p>The Supabase migration system is great for simple use cases, but when you have complex database state (functions, triggers, policies, cron jobs) and need reliable deployments, you need something more robust.</p> <h2> The Solution: Database State as Code </h2> <p>I created a system that keeps your <strong>entire database state</strong> in your repository:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>supabase/ ├── run.js # Migration runner (the magic) ├── db-migrations/ # Schema changes ├── db-functions/ # PostgreSQL functions ├── policies.sql # Row Level Security ├── triggers.sql # Database triggers └── cron.sql # Scheduled jobs </code></pre> </div> <h2> How It Works </h2> <h3> 1. The Migration Runner (<code>run.js</code>) </h3> <p>This is the core of the system. It:</p> <ul> <li>Tracks which migrations have been applied in a <code>supabase_migrations</code> table</li> <li>Compares local files with applied migrations</li> <li>Runs pending migrations in order</li> <li>Handles rollbacks on errors</li> <li>Manages functions, triggers, policies, and cron jobs</li> </ul> <h3> 2. Package.json Commands </h3> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"scripts"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"migrate"</span><span class="p">:</span><span class="w"> </span><span class="s2">"node supabase/run.js"</span><span class="p">,</span><span class="w"> </span><span class="nl">"sync:db"</span><span class="p">:</span><span class="w"> </span><span class="s2">"node supabase/run.js --db"</span><span class="p">,</span><span class="w"> </span><span class="nl">"sync:policies"</span><span class="p">:</span><span class="w"> </span><span class="s2">"node supabase/run.js --policies"</span><span class="p">,</span><span class="w"> </span><span class="nl">"create:migration"</span><span class="p">:</span><span class="w"> </span><span class="s2">"yarn migration --create"</span><span class="p">,</span><span class="w"> </span><span class="nl">"create:function"</span><span class="p">:</span><span class="w"> </span><span class="s2">"yarn migration --create --func"</span><span class="p">,</span><span class="w"> </span><span class="nl">"list:migrations"</span><span class="p">:</span><span class="w"> </span><span class="s2">"yarn migration --list"</span><span class="p">,</span><span class="w"> </span><span class="nl">"revert:migration"</span><span class="p">:</span><span class="w"> </span><span class="s2">"yarn migration --revert"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <h3> 3. Complete CLI Reference </h3> <p>The migration runner provides comprehensive CLI options:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Run all pending migrations</span> yarn migrate <span class="c"># Run a specific migration</span> yarn migration &lt;migration-name&gt; <span class="c"># Skip a migration permanently</span> yarn migration &lt;migration-name&gt; <span class="nt">--skip</span> <span class="c"># Revert an already played migration</span> yarn migration &lt;migration-name&gt; <span class="nt">--revert</span> <span class="c"># List all migrations (applied and pending)</span> yarn migration <span class="nt">--list</span> <span class="c"># Create a new migration file</span> yarn migration <span class="nt">--create</span> &lt;name&gt; <span class="c"># Create a new function file</span> yarn migration <span class="nt">--create</span> &lt;name&gt; <span class="nt">--func</span> <span class="c"># Run in debug mode</span> yarn migration <span class="nt">--debug</span> <span class="c"># Sync database policies only</span> yarn migration <span class="nt">--policies</span> <span class="c"># Sync everything (functions, triggers, policies, cron)</span> yarn migration <span class="nt">--db</span> <span class="c"># Run without transactions (for statements that can't run in transactions)</span> yarn migration <span class="nt">--no-transaction</span> <span class="c"># Show help</span> yarn migration <span class="nt">--help</span> </code></pre> </div> <h3> 4. File Organization </h3> <p><strong>Migrations</strong> (<code>db-migrations/</code>):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="c1">-- 2024-01-01_00_00_00_000Z-initial-schema.sql</span> <span class="k">CREATE</span> <span class="k">TABLE</span> <span class="n">users</span> <span class="p">(</span> <span class="n">id</span> <span class="n">UUID</span> <span class="k">PRIMARY</span> <span class="k">KEY</span> <span class="k">DEFAULT</span> <span class="n">gen_random_uuid</span><span class="p">(),</span> <span class="n">email</span> <span class="nb">TEXT</span> <span class="k">UNIQUE</span> <span class="k">NOT</span> <span class="k">NULL</span> <span class="p">);</span> </code></pre> </div> <p><strong>Functions</strong> (<code>db-functions/</code>):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="c1">-- 2024-01-01_00_00_00_000Z-get-user-posts.sql</span> <span class="k">CREATE</span> <span class="k">OR</span> <span class="k">REPLACE</span> <span class="k">FUNCTION</span> <span class="n">get_user_posts</span><span class="p">(</span><span class="n">user_uuid</span> <span class="n">UUID</span><span class="p">)</span> <span class="k">RETURNS</span> <span class="k">TABLE</span> <span class="p">(</span><span class="n">id</span> <span class="n">UUID</span><span class="p">,</span> <span class="n">title</span> <span class="nb">TEXT</span><span class="p">)</span> <span class="k">AS</span> <span class="err">$$</span> <span class="k">BEGIN</span> <span class="k">RETURN</span> <span class="n">QUERY</span> <span class="k">SELECT</span> <span class="n">p</span><span class="p">.</span><span class="n">id</span><span class="p">,</span> <span class="n">p</span><span class="p">.</span><span class="n">title</span> <span class="k">FROM</span> <span class="n">posts</span> <span class="n">p</span> <span class="k">WHERE</span> <span class="n">p</span><span class="p">.</span><span class="n">user_id</span> <span class="o">=</span> <span class="n">user_uuid</span><span class="p">;</span> <span class="k">END</span><span class="p">;</span> <span class="err">$$</span> <span class="k">LANGUAGE</span> <span class="n">plpgsql</span><span class="p">;</span> </code></pre> </div> <p><strong>Policies</strong> (<code>policies.sql</code>):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="c1">-- CRITICAL: This function must be at the top</span> <span class="k">SELECT</span> <span class="n">supabase_migrations</span><span class="p">.</span><span class="n">drop_policies_in_transaction</span><span class="p">();</span> <span class="k">ALTER</span> <span class="k">TABLE</span> <span class="n">users</span> <span class="n">ENABLE</span> <span class="k">ROW</span> <span class="k">LEVEL</span> <span class="k">SECURITY</span><span class="p">;</span> <span class="k">CREATE</span> <span class="n">POLICY</span> <span class="nv">"Users can view own profile"</span> <span class="k">ON</span> <span class="n">users</span> <span class="k">FOR</span> <span class="k">SELECT</span> <span class="k">USING</span> <span class="p">(</span><span class="n">auth</span><span class="p">.</span><span class="n">uid</span><span class="p">()</span> <span class="o">=</span> <span class="n">id</span><span class="p">);</span> </code></pre> </div> <p><strong>Triggers</strong> (<code>triggers.sql</code>):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">CREATE</span> <span class="k">OR</span> <span class="k">REPLACE</span> <span class="k">FUNCTION</span> <span class="n">update_updated_at_column</span><span class="p">()</span> <span class="k">RETURNS</span> <span class="k">TRIGGER</span> <span class="k">AS</span> <span class="err">$$</span> <span class="k">BEGIN</span> <span class="k">NEW</span><span class="p">.</span><span class="n">updated_at</span> <span class="o">=</span> <span class="n">NOW</span><span class="p">();</span> <span class="k">RETURN</span> <span class="k">NEW</span><span class="p">;</span> <span class="k">END</span><span class="p">;</span> <span class="err">$$</span> <span class="k">language</span> <span class="s1">'plpgsql'</span><span class="p">;</span> </code></pre> </div> <p><strong>Cron Jobs</strong> (<code>cron.sql</code>):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="k">SELECT</span> <span class="n">cron</span><span class="p">.</span><span class="n">schedule</span><span class="p">(</span> <span class="s1">'cleanup-old-data'</span><span class="p">,</span> <span class="s1">'0 2 * * *'</span><span class="p">,</span> <span class="s1">'DELETE FROM posts WHERE created_at &lt; NOW() - INTERVAL </span><span class="se">''</span><span class="s1">1 year</span><span class="se">''</span><span class="s1">;'</span> <span class="p">);</span> </code></pre> </div> <h2> 🚨 Critical: Policy Synchronization </h2> <p>The <code>drop_policies_in_transaction()</code> function is <strong>essential</strong> for keeping RLS policies in sync:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight sql"><code><span class="c1">-- This function drops all existing policies before applying new ones</span> <span class="k">CREATE</span> <span class="k">OR</span> <span class="k">REPLACE</span> <span class="k">FUNCTION</span> <span class="n">supabase_migrations</span><span class="p">.</span><span class="n">drop_policies_in_transaction</span> <span class="p">()</span> <span class="k">RETURNS</span> <span class="n">void</span> <span class="k">LANGUAGE</span> <span class="n">plpgsql</span> <span class="k">AS</span> <span class="err">$</span><span class="k">function</span><span class="err">$</span> <span class="k">DECLARE</span> <span class="n">policy_record</span> <span class="n">RECORD</span><span class="p">;</span> <span class="k">BEGIN</span> <span class="c1">-- Create a temporary table to store the policies</span> <span class="k">CREATE</span> <span class="k">TEMPORARY</span> <span class="k">TABLE</span> <span class="n">temp_policies</span> <span class="k">AS</span> <span class="k">SELECT</span> <span class="o">*</span> <span class="k">FROM</span> <span class="n">pg_policies</span> <span class="k">WHERE</span> <span class="n">schemaname</span> <span class="o">=</span> <span class="s1">'public'</span><span class="p">;</span> <span class="c1">-- Loop through the policies and drop each one</span> <span class="k">FOR</span> <span class="n">policy_record</span> <span class="k">IN</span> <span class="p">(</span> <span class="k">SELECT</span> <span class="o">*</span> <span class="k">FROM</span> <span class="n">temp_policies</span> <span class="p">)</span> <span class="n">LOOP</span> <span class="k">BEGIN</span> <span class="k">EXECUTE</span> <span class="s1">'DROP POLICY IF EXISTS "'</span> <span class="o">||</span> <span class="n">policy_record</span><span class="p">.</span><span class="n">policyname</span> <span class="o">||</span> <span class="s1">'" ON "'</span> <span class="o">||</span> <span class="n">policy_record</span><span class="p">.</span><span class="n">tablename</span> <span class="o">||</span> <span class="s1">'"'</span><span class="p">;</span> <span class="n">EXCEPTION</span> <span class="k">WHEN</span> <span class="n">OTHERS</span> <span class="k">THEN</span> <span class="c1">-- Log the exception or take appropriate action</span> <span class="n">RAISE</span> <span class="n">NOTICE</span> <span class="s1">'Error dropping policy % on table %: %'</span><span class="p">,</span> <span class="n">policy_record</span><span class="p">.</span><span class="n">policyname</span><span class="p">,</span> <span class="n">policy_record</span><span class="p">.</span><span class="n">tablename</span><span class="p">,</span> <span class="n">SQLERRM</span><span class="p">;</span> <span class="k">END</span><span class="p">;</span> <span class="k">END</span> <span class="n">LOOP</span><span class="p">;</span> <span class="c1">-- Drop the temporary table</span> <span class="k">DROP</span> <span class="k">TABLE</span> <span class="n">IF</span> <span class="k">EXISTS</span> <span class="n">temp_policies</span><span class="p">;</span> <span class="k">END</span><span class="p">;</span> <span class="err">$</span><span class="k">function</span><span class="err">$</span><span class="p">;</span> </code></pre> </div> <p><strong>Why this is crucial:</strong></p> <ul> <li>Policies can be created manually in Supabase dashboard</li> <li>These manual policies won't be in your code</li> <li>Without dropping them first, you'll have <strong>orphaned policies</strong> </li> <li>The function ensures only policies defined in your code exist</li> <li> <strong>Prevents security drift</strong> - your RLS rules are always exactly what you've defined</li> </ul> <h2> CI/CD Integration </h2> <p>Here's how to integrate it into your GitHub Actions:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="c1"># .github/workflows/deploy.yml</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">Deploy and migrate</span> <span class="na">env</span><span class="pi">:</span> <span class="na">DATABASE_URL</span><span class="pi">:</span> <span class="s">${{ secrets.DATABASE_URL }}</span> <span class="na">run</span><span class="pi">:</span> <span class="pi">|</span> <span class="s">yarn deploy</span> <span class="s">yarn migrate</span> <span class="s">yarn sync:db</span> </code></pre> </div> <p>The key steps:</p> <ol> <li> <strong>Deploy your app</strong> (Supabase functions, etc.)</li> <li> <strong>Run migrations</strong> (<code>yarn migrate</code>) - applies schema changes</li> <li> <strong>Sync database state</strong> (<code>yarn sync:db</code>) - applies functions, triggers, policies, cron</li> </ol> <h2> Benefits </h2> <p>✅ <strong>Consistent environments</strong> - Everyone has the same database state<br> ✅ <strong>Version controlled</strong> - All changes are tracked in git<br> ✅ <strong>Rollback support</strong> - Can revert specific migrations<br> ✅ <strong>Team collaboration</strong> - No more "works on my machine"<br> ✅ <strong>CI/CD ready</strong> - Automated database deployments<br> ✅ <strong>Comprehensive</strong> - Functions, triggers, policies, cron jobs included<br> ✅ <strong>Policy synchronization</strong> - No more orphaned RLS policies</p> <h2> Getting Started </h2> <ol> <li> <strong>Copy the structure</strong> from the example below</li> <li> <strong>Set up your database connection</strong>: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> <span class="nb">export </span><span class="nv">DATABASE_URL</span><span class="o">=</span><span class="s2">"postgresql://user:password@localhost:5432/dbname"</span> </code></pre> </div> <ol> <li> <strong>Run your first migration</strong>: </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> yarn migrate </code></pre> </div> <h2> Example Repository </h2> <p>I've created a minimal example showing the complete setup: <a href="https://github.com/enyosolutions/supabase-synced-database-example/blob/master/README.md" rel="noopener noreferrer">database-state-example</a></p> <p>The key files are:</p> <ul> <li> <code>package.json</code> - All the CLI commands</li> <li> <code>supabase/run.js</code> - The migration runner (this is the magic)</li> <li> <code>supabase/db-functions/drop-policies-function.sql</code> - Critical for policy sync</li> <li> <code>services/postgres.js</code> the service in charge of connecting the db.</li> </ul> <h2> Why This Works </h2> <p>Traditional migration systems only handle schema changes. This approach treats your <strong>entire database state</strong> as code:</p> <ul> <li> <strong>Schema</strong> → <code>db-migrations/</code> </li> <li> <strong>Functions</strong> → <code>db-functions/</code> </li> <li> <strong>Security</strong> → <code>policies.sql</code> (with automatic cleanup)</li> <li> <strong>Automation</strong> → <code>triggers.sql</code> </li> <li> <strong>Scheduling</strong> → <code>cron.sql</code> </li> </ul> <p>Everything is version controlled, everything is applied consistently, and everything can be rolled back.</p> <h2> Pro Tips </h2> <ol> <li> <strong>Use timestamps</strong> in migration names for ordering</li> <li> <strong>Keep functions separate</strong> from migrations for better organization</li> <li> <strong>Test locally first</strong> before pushing to staging/prod</li> <li> <strong>Use the <code>--no-transaction</code> flag</strong> for migrations that can't run in transactions</li> <li> <strong>Check <code>yarn migration --list</code></strong> to see what's pending</li> <li> <strong>Always include <code>drop_policies_in_transaction()</code></strong> at the top of policies.sql</li> </ol> <p>This approach has completely eliminated database drift issues for my team. No more "it works on my machine" - everyone's database is identical, including security policies.</p> <p>What do you think? Anyone else using a similar approach?</p>