Skip to content

feat(pull): add debug logs for ssl check#4894

Open
avallete wants to merge 3 commits intodevelopfrom
fix/certificate-unknown-authority
Open

feat(pull): add debug logs for ssl check#4894
avallete wants to merge 3 commits intodevelopfrom
fix/certificate-unknown-authority

Conversation

@avallete
Copy link
Member

@avallete avallete commented Feb 25, 2026

What kind of change does this PR introduce?

When SUPABASE_CA_SKIP_VERIFY is set to true, also skip peer cert check and verify connection.

Add a SUPABASE_SSL_DEBUG flag to allow to debug only SSL related issue while filtering out the noise of the generic --debug flag.

@avallete avallete requested a review from a team as a code owner February 25, 2026 10:02
github-advanced-security[bot]
github-advanced-security bot found potential problems Feb 25, 2026
View reviewed changes
@coderabbitai
Copy link

coderabbitai bot commented Feb 25, 2026
edited
Loading

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

Configuration used: Central YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Pro

Cache: Disabled due to Reviews > Disable Cache setting

Disabled knowledge base sources:

  • Linear integration is disabled

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 4c759e2 and b699082.

⛔ Files ignored due to path filters (1)
  • internal/gen/types/types.go is excluded by !**/gen/**
📒 Files selected for processing (5)
  • internal/db/diff/diff.go
  • internal/db/diff/migra.go
  • internal/db/diff/pgdelta.go
  • internal/db/diff/templates/migra.sh
  • internal/db/diff/templates/migra.ts
💤 Files with no reviewable changes (1)
  • internal/db/diff/pgdelta.go
📝 Walkthrough

Summary by CodeRabbit

  • New Features

    • Added SSL debugging capability via SUPABASE_SSL_DEBUG environment variable for enhanced troubleshooting of database connections and schema diffs.

  • Improvements

    • Enhanced error logging with structured diagnostic details for better debugging.
    • Added URL redaction to mask sensitive credentials in debug output for improved security.
    • Improved schema diff reliability with better error handling and diagnostic information.

Walkthrough

The pull request refactors and extends the schema diffing infrastructure with enhanced SSL/TLS debugging capabilities. It relocates the diffWithStream helper function from pgdelta.go to diff.go, updates the environment construction in migra.go to include INCLUDED_SCHEMAS or EXCLUDED_SCHEMAS, and adds support for the SUPABASE_SSL_DEBUG environment variable throughout the diff pipeline. When debug mode is enabled, diagnostic information is logged at multiple layers: in the Go code (migra.go), shell script (migra.sh), and TypeScript template (migra.ts). The TypeScript layer introduces a URL redaction utility to mask passwords in debug output, and the shell script conditionally logs per-schema execution status and environment details.

Comment @coderabbitai help to get the list of available commands and usage tips.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@avallete