File tree Expand file tree Collapse file tree 2 files changed +56
-0
lines changed
Expand file tree Collapse file tree 2 files changed +56
-0
lines changed Original file line number Diff line number Diff line change 6767 - name : Build
6868 run : pnpm -r build
6969
70+ - name : Create roles
71+ run : psql -f roles.sql
72+ env :
73+ PGHOST : pg_db
74+ PGPORT : 5432
75+ PGUSER : postgres
76+ PGPASSWORD : password
77+
7078 - name : Seed app_user
7179 run : |
7280 lql admin-users bootstrap --yes
@@ -150,6 +158,9 @@ jobs:
150158 - name : Build
151159 run : pnpm -r build
152160
161+ - name : Create roles
162+ run : psql -f roles.sql
163+
153164 - name : Seed app_user
154165 run : |
155166 lql admin-users bootstrap --yes
Original file line number Diff line number Diff line change 1+ -- anon
2+ CREATE ROLE IF NOT EXISTS anon;
3+
4+ ALTER USER anon WITH NOCREATEDB;
5+
6+ ALTER USER anon WITH NOSUPERUSER;
7+
8+ ALTER USER anon WITH NOCREATEROLE;
9+
10+ ALTER USER anon WITH NOLOGIN;
11+
12+ ALTER USER anon WITH NOREPLICATION;
13+
14+ ALTER USER anon WITH NOBYPASSRLS;
15+
16+ -- authenticated
17+ CREATE ROLE IF NOT EXISTS authenticated;
18+
19+ ALTER USER authenticated WITH NOCREATEDB;
20+
21+ ALTER USER authenticated WITH NOSUPERUSER;
22+
23+ ALTER USER authenticated WITH NOCREATEROLE;
24+
25+ ALTER USER authenticated WITH NOLOGIN;
26+
27+ ALTER USER authenticated WITH NOREPLICATION;
28+
29+ ALTER USER authenticated WITH NOBYPASSRLS;
30+
31+ -- service_role
32+ CREATE ROLE IF NOT EXISTS service_role;
33+
34+ ALTER USER service_role WITH NOCREATEDB;
35+
36+ ALTER USER service_role WITH NOSUPERUSER;
37+
38+ ALTER USER service_role WITH NOCREATEROLE;
39+
40+ ALTER USER service_role WITH NOLOGIN;
41+
42+ ALTER USER service_role WITH NOREPLICATION;
43+
44+ -- they CAN bypass RLS
45+ ALTER USER service_role WITH BYPASSRLS;
You can’t perform that action at this time.
0 commit comments