Make initial migrations idempotent

Author: steve-chavez

migrations/db/migrations/00000000000000-initial-schema.sql

@@ -1,17 +1,51 @@
 -- migrate:up
 
 -- Set up realtime
--- defaults to empty publication
-create publication supabase_realtime;
+-- 1. Create publication supabase_realtime if it doesn't already exist
+do $$
+begin
+  if not exists (
+    select 1 from pg_catalog.pg_publication
+    where pubname = 'supabase_realtime'
+  )
+  then
+    create publication supabase_realtime;
+  end if;
+end
+$$;
 
 -- Supabase super admin
-alter user  supabase_admin with superuser createdb createrole replication bypassrls;
+alter user supabase_admin with superuser createdb createrole replication bypassrls;
 
 -- Supabase replication user
-create user supabase_replication_admin with login replication;
+do $$
+begin
+  if not exists (
+    select 1 from pg_roles
+    where rolname = 'supabase_replication_admin'
+  )
+  then
+    create user supabase_replication_admin with
+      login
+      replication;
+  end if;
+end
+$$;
 
 -- Supabase read-only user
-create role supabase_read_only_user with login bypassrls;
+do $$
+begin
+  if not exists (
+    select 1 from pg_roles
+    where rolname = 'supabase_read_only_user'
+  )
+  then
+    create role supabase_read_only_user with
+      login
+      bypassrls;
+  end if;
+end
+$$;
 grant pg_read_all_data to supabase_read_only_user;
 
 -- Extension namespacing
@@ -21,11 +55,57 @@ create extension if not exists pgcrypto         with schema extensions;
 create extension if not exists pgjwt            with schema extensions;
 
 -- Set up auth roles for the developer
-create role anon                nologin noinherit;
-create role authenticated       nologin noinherit; -- "logged in" user: web_user, app_user, etc
-create role service_role        nologin noinherit bypassrls; -- allow developers to create JWT's that bypass their policies
+do $$
+begin
+  if not exists (
+    select 1 from pg_roles
+    where rolname = 'anon'
+  )
+  then
+    create role anon nologin noinherit;
+  end if;
+end
+$$;
+
+-- "logged in" user: web_user, app_user, etc
+do $$
+begin
+  if not exists (
+    select 1 from pg_roles
+    where rolname = 'authenticated'
+  )
+  then
+    create role authenticated nologin noinherit;
+  end if;
+end
+$$;
+
+ -- allow developers to create JWT's that bypass their policies
+do $$
+begin
+  if not exists (
+    select 1 from pg_roles
+    where rolname = 'service_role'
+  )
+  then
+    create role service_role nologin noinherit bypassrls;
+  end if;
+end
+$$;
+
+do $$
+begin
+  if not exists (
+    select 1 from pg_roles
+    where rolname = 'authenticator'
+  )
+  then
+    create role authenticator login noinherit;
+  end if;
+end
+$$;
+
 
-create user authenticator noinherit;
 grant anon              to authenticator;
 grant authenticated     to authenticator;
 grant service_role      to authenticator;

migrations/db/migrations/00000000000001-auth-schema.sql

@@ -4,7 +4,7 @@ CREATE SCHEMA IF NOT EXISTS auth AUTHORIZATION supabase_admin;
 
 -- auth.users definition
 
-CREATE TABLE auth.users (
+CREATE TABLE IF NOT EXISTS auth.users (
     instance_id uuid NULL,
     id uuid NOT NULL UNIQUE,
     aud varchar(255) NULL,
@@ -28,13 +28,13 @@ CREATE TABLE auth.users (
     updated_at timestamptz NULL,
     CONSTRAINT users_pkey PRIMARY KEY (id)
 );
-CREATE INDEX users_instance_id_email_idx ON auth.users USING btree (instance_id, email);
-CREATE INDEX users_instance_id_idx ON auth.users USING btree (instance_id);
+CREATE INDEX IF NOT EXISTS users_instance_id_email_idx ON auth.users USING btree (instance_id, email);
+CREATE INDEX IF NOT EXISTS users_instance_id_idx ON auth.users USING btree (instance_id);
 comment on table auth.users is 'Auth: Stores user login data within a secure schema.';
 
 -- auth.refresh_tokens definition
 
-CREATE TABLE auth.refresh_tokens (
+CREATE TABLE IF NOT EXISTS auth.refresh_tokens (
     instance_id uuid NULL,
     id bigserial NOT NULL,
     "token" varchar(255) NULL,
@@ -44,14 +44,14 @@ CREATE TABLE auth.refresh_tokens (
     updated_at timestamptz NULL,
     CONSTRAINT refresh_tokens_pkey PRIMARY KEY (id)
 );
-CREATE INDEX refresh_tokens_instance_id_idx ON auth.refresh_tokens USING btree (instance_id);
-CREATE INDEX refresh_tokens_instance_id_user_id_idx ON auth.refresh_tokens USING btree (instance_id, user_id);
-CREATE INDEX refresh_tokens_token_idx ON auth.refresh_tokens USING btree (token);
+CREATE INDEX IF NOT EXISTS refresh_tokens_instance_id_idx ON auth.refresh_tokens USING btree (instance_id);
+CREATE INDEX IF NOT EXISTS refresh_tokens_instance_id_user_id_idx ON auth.refresh_tokens USING btree (instance_id, user_id);
+CREATE INDEX IF NOT EXISTS refresh_tokens_token_idx ON auth.refresh_tokens USING btree (token);
 comment on table auth.refresh_tokens is 'Auth: Store of tokens used to refresh JWT tokens once they expire.';
 
 -- auth.instances definition
 
-CREATE TABLE auth.instances (
+CREATE TABLE IF NOT EXISTS auth.instances (
     id uuid NOT NULL,
     uuid uuid NULL,
     raw_base_config text NULL,
@@ -63,19 +63,19 @@ comment on table auth.instances is 'Auth: Manages users across multiple sites.';
 
 -- auth.audit_log_entries definition
 
-CREATE TABLE auth.audit_log_entries (
+CREATE TABLE IF NOT EXISTS auth.audit_log_entries (
     instance_id uuid NULL,
     id uuid NOT NULL,
     payload json NULL,
     created_at timestamptz NULL,
     CONSTRAINT audit_log_entries_pkey PRIMARY KEY (id)
 );
-CREATE INDEX audit_logs_instance_id_idx ON auth.audit_log_entries USING btree (instance_id);
+CREATE INDEX IF NOT EXISTS audit_logs_instance_id_idx ON auth.audit_log_entries USING btree (instance_id);
 comment on table auth.audit_log_entries is 'Auth: Audit trail for user actions.';
 
 -- auth.schema_migrations definition
 
-CREATE TABLE auth.schema_migrations (
+CREATE TABLE IF NOT EXISTS auth.schema_migrations (
     "version" varchar(255) NOT NULL,
     CONSTRAINT schema_migrations_pkey PRIMARY KEY ("version")
 );
@@ -109,8 +109,18 @@ $$ language sql stable;
 GRANT USAGE ON SCHEMA auth TO anon, authenticated, service_role;
 
 -- Supabase super admin
-CREATE USER supabase_auth_admin NOINHERIT CREATEROLE LOGIN NOREPLICATION;
-GRANT ALL PRIVILEGES ON SCHEMA auth TO supabase_auth_admin;
+do $$
+begin
+  if not exists (
+    select 1 from pg_roles
+    where rolname = 'supabase_auth_admin'
+  )
+  then
+    CREATE USER supabase_auth_admin NOINHERIT CREATEROLE LOGIN NOREPLICATION;
+  end if;
+end
+$$;
+
 GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA auth TO supabase_auth_admin;
 GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA auth TO supabase_auth_admin;
 ALTER USER supabase_auth_admin SET search_path = "auth";

migrations/db/migrations/00000000000002-storage-schema.sql

@@ -7,7 +7,7 @@ alter default privileges in schema storage grant all on tables to postgres, anon
 alter default privileges in schema storage grant all on functions to postgres, anon, authenticated, service_role;
 alter default privileges in schema storage grant all on sequences to postgres, anon, authenticated, service_role;
 
-CREATE TABLE "storage"."buckets" (
+CREATE TABLE IF NOT EXISTS "storage"."buckets" (
     "id" text not NULL,
     "name" text NOT NULL,
     "owner" uuid,
@@ -16,9 +16,9 @@ CREATE TABLE "storage"."buckets" (
     CONSTRAINT "buckets_owner_fkey" FOREIGN KEY ("owner") REFERENCES "auth"."users"("id"),
     PRIMARY KEY ("id")
 );
-CREATE UNIQUE INDEX "bname" ON "storage"."buckets" USING BTREE ("name");
+CREATE UNIQUE INDEX IF NOT EXISTS "bname" ON "storage"."buckets" USING BTREE ("name");
 
-CREATE TABLE "storage"."objects" (
+CREATE TABLE IF NOT EXISTS "storage"."objects" (
     "id" uuid NOT NULL DEFAULT extensions.uuid_generate_v4(),
     "bucket_id" text,
     "name" text,
@@ -31,12 +31,12 @@ CREATE TABLE "storage"."objects" (
     CONSTRAINT "objects_owner_fkey" FOREIGN KEY ("owner") REFERENCES "auth"."users"("id"),
     PRIMARY KEY ("id")
 );
-CREATE UNIQUE INDEX "bucketid_objname" ON "storage"."objects" USING BTREE ("bucket_id","name");
-CREATE INDEX name_prefix_search ON storage.objects(name text_pattern_ops);
+CREATE UNIQUE INDEX IF NOT EXISTS "bucketid_objname" ON "storage"."objects" USING BTREE ("bucket_id","name");
+CREATE INDEX IF NOT EXISTS name_prefix_search ON storage.objects(name text_pattern_ops);
 
 ALTER TABLE storage.objects ENABLE ROW LEVEL SECURITY;
 
-CREATE FUNCTION storage.foldername(name text)
+CREATE OR REPLACE FUNCTION storage.foldername(name text)
  RETURNS text[]
  LANGUAGE plpgsql
 AS $function$
@@ -48,7 +48,7 @@ BEGIN
 END
 $function$;
 
-CREATE FUNCTION storage.filename(name text)
+CREATE OR REPLACE FUNCTION storage.filename(name text)
  RETURNS text
  LANGUAGE plpgsql
 AS $function$
@@ -60,7 +60,7 @@ BEGIN
 END
 $function$;
 
-CREATE FUNCTION storage.extension(name text)
+CREATE OR REPLACE FUNCTION storage.extension(name text)
  RETURNS text
  LANGUAGE plpgsql
 AS $function$
@@ -75,7 +75,7 @@ BEGIN
 END
 $function$;
 
-CREATE FUNCTION storage.search(prefix text, bucketname text, limits int DEFAULT 100, levels int DEFAULT 1, offsets int DEFAULT 0)
+CREATE OR REPLACE FUNCTION storage.search(prefix text, bucketname text, limits int DEFAULT 100, levels int DEFAULT 1, offsets int DEFAULT 0)
  RETURNS TABLE (
     name text,
     id uuid,
@@ -104,7 +104,17 @@ CREATE TABLE IF NOT EXISTS storage.migrations (
   executed_at timestamp DEFAULT current_timestamp
 );
 
-CREATE USER supabase_storage_admin NOINHERIT CREATEROLE LOGIN NOREPLICATION;
+do $$
+begin
+  if not exists (
+    select 1 from pg_roles
+    where rolname = 'supabase_replication_admin'
+  )
+  then
+    CREATE USER supabase_storage_admin NOINHERIT CREATEROLE LOGIN NOREPLICATION;
+  end if;
+end
+$$;
 GRANT ALL PRIVILEGES ON SCHEMA storage TO supabase_storage_admin;
 GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA storage TO supabase_storage_admin;
 GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA storage TO supabase_storage_admin;