From 23323dc1ccbc22d9e08cc688b900a6bc1155b808 Mon Sep 17 00:00:00 2001 From: Leandro Pereira Date: Tue, 26 May 2026 12:42:40 -0400 Subject: [PATCH 1/2] chore(ci): allow to dispatch deploy from realtime repo --- .github/workflows/dispatch_deploy.yml | 40 +++++++++++++++++++++++++++ .github/workflows/prod_build.yml | 27 ++++-------------- 2 files changed, 45 insertions(+), 22 deletions(-) create mode 100644 .github/workflows/dispatch_deploy.yml diff --git a/.github/workflows/dispatch_deploy.yml b/.github/workflows/dispatch_deploy.yml new file mode 100644 index 000000000..e63771b6d --- /dev/null +++ b/.github/workflows/dispatch_deploy.yml @@ -0,0 +1,40 @@ +name: Dispatch Deploy + +on: + workflow_dispatch: + inputs: + version: + description: 'Version to deploy (no leading v). Leave blank to let the downstream pick the latest release. Example: 2.94.1' + required: false + type: string + workflow_call: + inputs: + version: + description: 'Version to deploy (no leading v).' + required: true + type: string + +jobs: + dispatch: + runs-on: blacksmith-2vcpu-ubuntu-2404 + steps: + - name: Generate GitHub App token + id: app-token + uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1 + with: + app-id: ${{ secrets.GH_APP_LIBS_PR_MANAGER_ID }} + private-key: ${{ secrets.GH_APP_LIBS_PR_MANAGER_PRIVATE_KEY }} + owner: supabase + + - name: Dispatch version update + env: + GH_TOKEN: ${{ steps.app-token.outputs.token }} + TARGET_REPO: ${{ secrets.DEPLOY_TARGET_REPO }} + VERSION: ${{ inputs.version }} + SOURCE: ${{ github.event_name == 'workflow_dispatch' && 'manual-dispatch' || 'realtime-release' }} + run: | + gh api "repos/${TARGET_REPO}/dispatches" \ + --method POST \ + --field event_type=realtime-release \ + --field "client_payload[version]=${VERSION}" \ + --field "client_payload[source]=${SOURCE}" diff --git a/.github/workflows/prod_build.yml b/.github/workflows/prod_build.yml index e09d56527..dc8e08fc5 100644 --- a/.github/workflows/prod_build.yml +++ b/.github/workflows/prod_build.yml @@ -175,30 +175,13 @@ jobs: public.ecr.aws/supabase/realtime:v${{ needs.release.outputs.version }} ghcr.io/supabase/realtime:v${{ needs.release.outputs.version }} - notify-platform: + dispatch-deploy: needs: [release, merge_manifest] - runs-on: blacksmith-2vcpu-ubuntu-2404 if: needs.release.outputs.published == 'true' - steps: - - name: Generate GitHub App token - id: app-token - uses: actions/create-github-app-token@29824e69f54612133e76f7eaac726eef6c875baf # v2.2.1 - with: - app-id: ${{ secrets.GH_APP_LIBS_PR_MANAGER_ID }} - private-key: ${{ secrets.GH_APP_LIBS_PR_MANAGER_PRIVATE_KEY }} - owner: supabase - - - name: Dispatch platform version update - env: - GH_TOKEN: ${{ steps.app-token.outputs.token }} - PLATFORM_REPO: ${{ secrets.PLATFORM_REPO }} - VERSION: ${{ needs.release.outputs.version }} - run: | - gh api "repos/${PLATFORM_REPO}/dispatches" \ - --method POST \ - --field event_type=realtime-release \ - --field "client_payload[version]=${VERSION}" \ - --field "client_payload[source]=realtime-release" + uses: ./.github/workflows/dispatch_deploy.yml + secrets: inherit + with: + version: ${{ needs.release.outputs.version }} update-branch-name: needs: [release, docker_x86_release, docker_arm_release, merge_manifest] From c622606d8a55fd2ea0d0bd5ab13db69ce5963da6 Mon Sep 17 00:00:00 2001 From: Leandro Pereira Date: Tue, 26 May 2026 12:45:42 -0400 Subject: [PATCH 2/2] Potential fix for pull request finding 'CodeQL / Workflow does not contain permissions' Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- .github/workflows/dispatch_deploy.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/dispatch_deploy.yml b/.github/workflows/dispatch_deploy.yml index e63771b6d..5aaa48fd3 100644 --- a/.github/workflows/dispatch_deploy.yml +++ b/.github/workflows/dispatch_deploy.yml @@ -14,6 +14,8 @@ on: required: true type: string +permissions: {} + jobs: dispatch: runs-on: blacksmith-2vcpu-ubuntu-2404