From 804b81f6cb21266d32c82324e48a734cc84cc44c Mon Sep 17 00:00:00 2001 From: Yury Kossakovsky Date: Mon, 23 Mar 2026 16:09:06 -0600 Subject: [PATCH 1/2] fix: resolve supabase-storage crash-loop by adding missing s3 config variables MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit supabase-storage crashes with "Region is missing" after upstream image update because @aws-sdk/client-s3vectors requires REGION env var. - add REGION, GLOBAL_S3_BUCKET, STORAGE_TENANT_ID to .env.example - auto-generate S3_PROTOCOL_ACCESS_KEY_ID/SECRET in secret generation - sync new env vars to existing supabase/docker/.env during updates (append-only, never overwrites existing values) - bump version 1.3.3 → 1.4.1 --- .env.example | 19 +++++++++++++++++++ CHANGELOG.md | 6 ++++++ VERSION | 2 +- scripts/03_generate_secrets.sh | 2 ++ start_services.py | 32 +++++++++++++++++++++++++++----- 5 files changed, 55 insertions(+), 6 deletions(-) diff --git a/.env.example b/.env.example index bf433d0e..1010714b 100644 --- a/.env.example +++ b/.env.example @@ -421,6 +421,25 @@ IMGPROXY_ENABLE_WEBP_DETECTION=true # Add your OpenAI API key to enable SQL Editor Assistant OPENAI_API_KEY= + +############ +# Storage - Configuration for S3 protocol endpoint +############ + +# S3 bucket when using S3 backend, directory name when using 'file' +GLOBAL_S3_BUCKET=stub + +# Used for S3 protocol endpoint configuration +REGION=stub + +# Equivalent to project_ref (S3 session token authentication) +STORAGE_TENANT_ID=stub + +# Access to Storage via S3 protocol endpoint +S3_PROTOCOL_ACCESS_KEY_ID= +S3_PROTOCOL_ACCESS_KEY_SECRET= + + # ============================================ # Cloudflare Tunnel Configuration (Optional) # ============================================ diff --git a/CHANGELOG.md b/CHANGELOG.md index df01140f..8ce53b01 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,12 @@ ## [Unreleased] +## [1.4.1] - 2026-03-23 + +### Fixed +- **Supabase Storage** - Fix crash-loop (`Region is missing`) by adding missing S3 storage configuration variables (`REGION`, `GLOBAL_S3_BUCKET`, `STORAGE_TENANT_ID`) from upstream Supabase +- **Supabase** - Sync new environment variables to existing `supabase/docker/.env` during updates (previously only populated on first install) + ## [1.4.0] - 2026-03-15 ### Added diff --git a/VERSION b/VERSION index 31e5c843..347f5833 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.3.3 +1.4.1 diff --git a/scripts/03_generate_secrets.sh b/scripts/03_generate_secrets.sh index aa02a219..d7b6e641 100755 --- a/scripts/03_generate_secrets.sh +++ b/scripts/03_generate_secrets.sh @@ -115,6 +115,8 @@ declare -A VARS_TO_GENERATE=( ["RAGFLOW_MINIO_ROOT_PASSWORD"]="password:32" ["RAGFLOW_MYSQL_ROOT_PASSWORD"]="password:32" ["RAGFLOW_REDIS_PASSWORD"]="password:32" + ["S3_PROTOCOL_ACCESS_KEY_ID"]="hex:32" + ["S3_PROTOCOL_ACCESS_KEY_SECRET"]="hex:64" ["SEARXNG_PASSWORD"]="password:32" # Added SearXNG admin password ["SECRET_KEY_BASE"]="base64:64" # 48 bytes -> 64 chars ["TEMPORAL_UI_PASSWORD"]="password:32" # Temporal UI basic auth password diff --git a/start_services.py b/start_services.py index 73de7c9b..1006b420 100755 --- a/start_services.py +++ b/start_services.py @@ -71,18 +71,40 @@ def clone_supabase_repo(): os.chdir("..") def prepare_supabase_env(): - """Copy .env to .env in supabase/docker.""" + """Copy .env to supabase/docker/.env, or sync new variables if it already exists.""" if not is_supabase_enabled(): print("Supabase is not enabled, skipping env preparation.") return env_path = os.path.join("supabase", "docker", ".env") - env_example_path = os.path.join(".env") - # Do not overwrite existing Supabase env to avoid credential drift + root_env_path = ".env" if os.path.exists(env_path): - print(f"Supabase env already exists at {env_path}, not overwriting.") + # Sync new variables from root .env that don't exist in supabase .env + print(f"Syncing new variables from root .env to {env_path}...") + root_env = dotenv_values(root_env_path) + supabase_env = dotenv_values(env_path) + new_vars = [] + for key, value in root_env.items(): + if key not in supabase_env and value is not None: + # Quote values to handle special characters safely + if '$' in value: + new_vars.append(f"{key}='{value}'") + else: + new_vars.append(f'{key}="{value}"') + if new_vars: + with open(env_path, 'r') as f: + existing_content = f.read() + sync_header = "# --- Variables synced from root .env ---" + with open(env_path, 'a') as f: + if sync_header not in existing_content: + f.write(f"\n{sync_header}\n") + for var in new_vars: + f.write(f"{var}\n") + print(f"Synced {len(new_vars)} new variable(s) to Supabase env.") + else: + print("Supabase env is up to date, no new variables to sync.") return print("Copying .env in root to .env in supabase/docker...") - shutil.copyfile(env_example_path, env_path) + shutil.copyfile(root_env_path, env_path) def clone_dify_repo(): """Clone the Dify repository using sparse checkout if not already present.""" From 6fe028d01be83e2894b80976e7d7475708a83573 Mon Sep 17 00:00:00 2001 From: Yury Kossakovsky Date: Mon, 23 Mar 2026 16:12:15 -0600 Subject: [PATCH 2/2] chore: remove claude code github actions workflows --- .github/workflows/claude-code-review.yml | 44 --------------------- .github/workflows/claude.yml | 50 ------------------------ 2 files changed, 94 deletions(-) delete mode 100644 .github/workflows/claude-code-review.yml delete mode 100644 .github/workflows/claude.yml diff --git a/.github/workflows/claude-code-review.yml b/.github/workflows/claude-code-review.yml deleted file mode 100644 index b5e8cfd4..00000000 --- a/.github/workflows/claude-code-review.yml +++ /dev/null @@ -1,44 +0,0 @@ -name: Claude Code Review - -on: - pull_request: - types: [opened, synchronize, ready_for_review, reopened] - # Optional: Only run on specific file changes - # paths: - # - "src/**/*.ts" - # - "src/**/*.tsx" - # - "src/**/*.js" - # - "src/**/*.jsx" - -jobs: - claude-review: - # Optional: Filter by PR author - # if: | - # github.event.pull_request.user.login == 'external-contributor' || - # github.event.pull_request.user.login == 'new-developer' || - # github.event.pull_request.author_association == 'FIRST_TIME_CONTRIBUTOR' - - runs-on: ubuntu-latest - permissions: - contents: read - pull-requests: read - issues: read - id-token: write - - steps: - - name: Checkout repository - uses: actions/checkout@v4 - with: - fetch-depth: 1 - - - name: Run Claude Code Review - id: claude-review - uses: anthropics/claude-code-action@v1 - with: - claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} - plugin_marketplaces: 'https://github.com/anthropics/claude-code.git' - plugins: 'code-review@claude-code-plugins' - prompt: '/code-review:code-review ${{ github.repository }}/pull/${{ github.event.pull_request.number }}' - # See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md - # or https://code.claude.com/docs/en/cli-reference for available options - diff --git a/.github/workflows/claude.yml b/.github/workflows/claude.yml deleted file mode 100644 index d300267f..00000000 --- a/.github/workflows/claude.yml +++ /dev/null @@ -1,50 +0,0 @@ -name: Claude Code - -on: - issue_comment: - types: [created] - pull_request_review_comment: - types: [created] - issues: - types: [opened, assigned] - pull_request_review: - types: [submitted] - -jobs: - claude: - if: | - (github.event_name == 'issue_comment' && contains(github.event.comment.body, '@claude')) || - (github.event_name == 'pull_request_review_comment' && contains(github.event.comment.body, '@claude')) || - (github.event_name == 'pull_request_review' && contains(github.event.review.body, '@claude')) || - (github.event_name == 'issues' && (contains(github.event.issue.body, '@claude') || contains(github.event.issue.title, '@claude'))) - runs-on: ubuntu-latest - permissions: - contents: read - pull-requests: read - issues: read - id-token: write - actions: read # Required for Claude to read CI results on PRs - steps: - - name: Checkout repository - uses: actions/checkout@v4 - with: - fetch-depth: 1 - - - name: Run Claude Code - id: claude - uses: anthropics/claude-code-action@v1 - with: - claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }} - - # This is an optional setting that allows Claude to read CI results on PRs - additional_permissions: | - actions: read - - # Optional: Give a custom prompt to Claude. If this is not specified, Claude will perform the instructions specified in the comment that tagged it. - # prompt: 'Update the pull request description to include a summary of changes.' - - # Optional: Add claude_args to customize behavior and configuration - # See https://github.com/anthropics/claude-code-action/blob/main/docs/usage.md - # or https://code.claude.com/docs/en/cli-reference for available options - # claude_args: '--allowed-tools Bash(gh pr:*)' -