Skip to content

feat(backend): supabase hackathons table, RLS read policy, and seed#67

Open
henryng15 wants to merge 4 commits into
mainfrom
feat/supabase-hackathons-sync
Open

feat(backend): supabase hackathons table, RLS read policy, and seed#67
henryng15 wants to merge 4 commits into
mainfrom
feat/supabase-hackathons-sync

Conversation

@henryng15

Copy link
Copy Markdown
Collaborator

Closes #11.

Stands up the Supabase hackathons read replica that the globe reads from, plus the one-off seed that proves the shape works. The table itself is dashboard state; this PR carries the mapping code, the tests, and the env hygiene that goes with it.

Acceptance

  • Table created with the columns from the issue
  • RLS on: anon can select visible rows, anon cannot write
  • SUPABASE_URL + SUPABASE_SERVICE_KEY added as repo secrets
  • Verified a manual seed of current listings loads — 32 rows

Schema deviation — please read before #13

listings.json gained two fields after this issue was written, and the issue's DDL has no columns for them:

Seeding against the literal DDL would have made PostgREST reject the payload, and the workaround would have been to silently drop both fields — which is exactly the data #17's detail card and #18's filters will want. So the table has two extra columns:

alter table public.hackathons
  add column if not exists deadline date,
  add column if not exists featured boolean default false;

deadline is date, not text, so #18 can do range queries.

@vickmahi — write #13's sync against this shape, not the DDL in the issue body. build_row() and upsert() in seed_supabase.py are importable for exactly that reason; please reuse them rather than reimplementing the company_namehost mapping.

Verification

RLS was checked against the live project with the anon key:

  • select on visible rows → 200, content-range: 0-31/32
  • insert401, 42501: new row violates row-level security policy, no row written

RLS is default-deny and public read is the only policy, so update/delete are refused for the same reason. All 32 rows have lat/lng/geo_status null, waiting on the geocoder in #12.

Notes

henryng15 added 4 commits July 9, 2026 14:02
Root .gitignore did not cover .env, so a key pasted anywhere outside web/ would have been tracked. Negate .env.example so templates stay committed.
Anon key only. Flags the service key as never belonging here.
Maps company_name to host and upserts on the id primary key with
Prefer: resolution=merge-duplicates, so re-runs are idempotent.

Carries deadline and featured, which listings.json gained after issue
#11 was written; the table needs both columns added. Geo columns are
left unset for the geocoder in #12.

build_row and upsert are importable so the sync Action in #13 does not
reimplement the mapping.
@henryng15 henryng15 added the backend Server / data / Supabase label Jul 9, 2026
@henryng15 henryng15 self-assigned this Jul 9, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

backend Server / data / Supabase

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Backend: Supabase hackathons table + RLS read policy

1 participant