Sunset glucose notifications and 5-minute CGM polling #63
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Supabase Edge Function Tests | |
| on: | |
| push: | |
| branches: | |
| - main | |
| paths: | |
| - 'supabase/**' | |
| pull_request: | |
| branches: | |
| - main | |
| paths: | |
| - 'supabase/**' | |
| jobs: | |
| test-edge-functions: | |
| name: Test Function-to-Function Auth | |
| runs-on: ubuntu-latest | |
| # Only run if DATABASE_URL is configured | |
| if: vars.DATABASE_URL != '' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Install PostgreSQL client | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y postgresql-client | |
| - name: Verify get_service_role_key() RPC exists | |
| env: | |
| DATABASE_URL: ${{ secrets.DATABASE_URL }} | |
| run: | | |
| echo "🧪 Testing get_service_role_key() RPC function..." | |
| RESULT=$(psql "$DATABASE_URL" -t -c " | |
| SELECT CASE | |
| WHEN EXISTS ( | |
| SELECT 1 FROM pg_proc p | |
| JOIN pg_namespace n ON p.pronamespace = n.oid | |
| WHERE n.nspname = 'public' AND p.proname = 'get_service_role_key' | |
| ) THEN 'PASS' | |
| ELSE 'FAIL' | |
| END as result; | |
| " 2>&1) | |
| if echo "$RESULT" | grep -q "PASS"; then | |
| echo "✅ get_service_role_key() RPC function exists" | |
| else | |
| echo "❌ FAIL: get_service_role_key() RPC function missing!" | |
| echo "" | |
| echo "This function is CRITICAL for function-to-function authentication." | |
| echo "Apply the migration:" | |
| echo " psql \$DATABASE_URL -f supabase/migrations/20260203194800_add_get_service_role_key_function.sql" | |
| exit 1 | |
| fi | |
| - name: Verify sync-all-devices uses vault RPC | |
| run: | | |
| echo "🧪 Verifying sync-all-devices uses vault RPC..." | |
| if grep -q "supabase.rpc('get_service_role_key')" supabase/functions/sync-all-devices/index.ts; then | |
| echo "✅ sync-all-devices uses vault RPC (correct)" | |
| else | |
| if grep -q "Deno.env.get('SUPABASE_SERVICE_ROLE_KEY')" supabase/functions/sync-all-devices/index.ts; then | |
| echo "❌ FAIL: sync-all-devices uses env var instead of vault RPC!" | |
| echo "" | |
| echo "This will cause 401 'Invalid JWT' errors." | |
| echo "See: supabase/TROUBLESHOOTING.md" | |
| exit 1 | |
| else | |
| echo "⚠️ Could not verify auth method in sync-all-devices" | |
| exit 1 | |
| fi | |
| fi | |
| - name: Run full regression test suite | |
| env: | |
| DATABASE_URL: ${{ secrets.DATABASE_URL }} | |
| run: | | |
| echo "🧪 Running full function-to-function auth regression tests..." | |
| echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" | |
| psql "$DATABASE_URL" -f supabase/tests/function-to-function-auth.test.sql | |
| echo "" | |
| echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" | |
| echo "✅ All regression tests passed" | |
| - name: Test summary | |
| if: always() | |
| run: | | |
| echo "" | |
| echo "📊 Test Summary" | |
| echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━" | |
| echo "✅ RPC function verification" | |
| echo "✅ Code pattern verification" | |
| echo "✅ Full regression test suite" | |
| echo "" | |
| echo "💡 For local testing, see: supabase/TROUBLESHOOTING.md" |