[PR #907] Claude/update supabase latest x4r5n #12495

Open
opened 2026-06-13 14:16:12 -05:00 by GiteaMirror · 0 comments
Owner

📋 Pull Request Information

Original PR: https://github.com/Dokploy/templates/pull/907
Author: @mtalhazulf
Created: 5/23/2026
Status: 🔄 Open

Base: canaryHead: claude/update-supabase-latest-X4r5n


📝 Commits (10+)

  • 4902cbf New Version (#737)
  • 8815231 Add supabase-2026.04 blueprint with latest Supabase versions
  • 6244f33 Merge pull request #2 from Dokploy/canary
  • 63d95ee supabase-2026.04: drop container_name, route logs by service label
  • f0060ec supabase-2026.04: drop explicit networks, use kong upstream for realtime
  • d80d4c7 supabase-2026.04: fix vector healthcheck and self-log exclusion
  • 488f02f supabase-2026.04: make vector.yml compatible with Vector 0.53
  • ebbfa59 supabase-2026.04: render kong config to /tmp (non-root kong user)
  • 2d6a53f supabase-2026.04: use awk-based kong entrypoint script for kong 3.9
  • 03b20bb supabase-2026.04: align auth keys with self-hosted-auth-keys standard

📊 Changes

4 files changed (+1828 additions, -0 deletions)

View changed files

blueprints/supabase-2026.04/docker-compose.yml (+595 -0)
blueprints/supabase-2026.04/supabase.svg (+15 -0)
blueprints/supabase-2026.04/template.toml (+1200 -0)
📝 meta.json (+18 -0)

📄 Description

What is this PR about?

New PR of SupaBase (2026.04) — a refreshed self-hosted Supabase blueprint at blueprints/supabase-2026.04, added alongside the existing supabase blueprint (which is left untouched, so current users are unaffected and can migrate when ready).

It updates the whole stack to the latest upstream releases and brings the blueprint into full compliance with the Dokploy template validator.

Image updates (all 13 services)

Service Old New
studio 2025.04.21-sha-173cc56 2026.04.27-sha-5f60601
kong kong:2.8.1 kong/kong:3.9.1
auth (gotrue) v2.171.0 v2.186.0
rest (postgrest) v12.2.11 v14.8
realtime v2.34.47 v2.76.5
storage-api v1.22.7 v1.48.26
imgproxy v3.8.0 v3.30.1
postgres-meta v0.88.9 v0.96.3
edge-runtime v1.67.4 v1.71.2
logflare 1.12.0 1.36.1
postgres 15.8.1.060 15.8.1.085
vector 0.28.1-alpine 0.53.0-alpine
supavisor 2.5.1 2.7.4

Config changes synced from upstream Supabase

  • LOGFLARE_API_KEYLOGFLARE_PUBLIC_ACCESS_TOKEN + LOGFLARE_PRIVATE_ACCESS_TOKEN; vector.yml sinks moved to the x-api-key header format and the config is updated for Vector 0.53 (e.g. parse_timestamp! replaces the removed to_timestamp!).
  • IMGPROXY_ENABLE_WEBP_DETECTIONIMGPROXY_AUTO_WEBP; added IMGPROXY_MAX_SRC_RESOLUTION.
  • Added PG_META_CRYPTO_KEY and S3_PROTOCOL_ACCESS_KEY_ID/SECRET (auto-generated by Dokploy helpers).
  • Auth keys aligned with the [self-hosted auth keys guide](https://supabase.com/docs/guides/self-hosting/self-hosted-auth-keys): legacy HS256 keys (JWT_SECRET/ANON_KEY/SERVICE_ROLE_KEY) are generated with the standard {role, iss, iat, exp} payload; the optional asymmetric ES256 / opaque keys (JWT_KEYS, JWT_JWKS, SUPABASE_PUBLISHABLE_KEY, SUPABASE_SECRET_KEY, ANON_KEY_ASYMMETRIC, SERVICE_ROLE_KEY_ASYMMETRIC) are left empty by design (they require per-install EC keypair generation and must not be shared across deployments) with documented enable steps.
  • rest now uses PGRST_JWT_SECRET: ${JWT_JWKS:-${JWT_SECRET}}; auth/realtime/storage carry commented JWKS lines to enable after generating keys.
  • New Kong plugins (request-termination, ip-restriction, post-function), KONG_DNS_NOT_FOUND_TTL, KONG_PROXY_ACCESS_LOG; kong now uses an awk-based entrypoint script (the old eval/echo templating broke YAML quoting and kong/kong:3.9 runs as a non-root user with /entrypoint.sh).
  • Studio snippet/edge-function volumes + management-folder envs; new deno-cache named volume.

Checklist

N/A

Screenshots or Videos

Deployed and verified end-to-end on a live Dokploy instance — all 13 services healthy, Studio dashboard reachable, API/Storage working.

Demo video: https://www.loom.com/share/55b3f1d2db9245dda5f533997b45debd


🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/Dokploy/templates/pull/907 **Author:** [@mtalhazulf](https://github.com/mtalhazulf) **Created:** 5/23/2026 **Status:** 🔄 Open **Base:** `canary` ← **Head:** `claude/update-supabase-latest-X4r5n` --- ### 📝 Commits (10+) - [`4902cbf`](https://github.com/Dokploy/templates/commit/4902cbf105d534a5c2d60c0351ec0e3609a338ed) New Version (#737) - [`8815231`](https://github.com/Dokploy/templates/commit/881523139000817d6ee4af79f3324d269a308a9a) Add supabase-2026.04 blueprint with latest Supabase versions - [`6244f33`](https://github.com/Dokploy/templates/commit/6244f334ecb45cfb521b80cb723217b71c831b0c) Merge pull request #2 from Dokploy/canary - [`63d95ee`](https://github.com/Dokploy/templates/commit/63d95eec3d9c4a50b3fdc77b30b69e107fa07906) supabase-2026.04: drop container_name, route logs by service label - [`f0060ec`](https://github.com/Dokploy/templates/commit/f0060ec128147219b0ba78bd560d0561bafd5e00) supabase-2026.04: drop explicit networks, use kong upstream for realtime - [`d80d4c7`](https://github.com/Dokploy/templates/commit/d80d4c705ca78785e0ac1c23013726c642096d0b) supabase-2026.04: fix vector healthcheck and self-log exclusion - [`488f02f`](https://github.com/Dokploy/templates/commit/488f02fc1d11c1c4e32db1adf64f9f73ea2c94f2) supabase-2026.04: make vector.yml compatible with Vector 0.53 - [`ebbfa59`](https://github.com/Dokploy/templates/commit/ebbfa5941c04b3a11c0e84ab0e757f430113ac1c) supabase-2026.04: render kong config to /tmp (non-root kong user) - [`2d6a53f`](https://github.com/Dokploy/templates/commit/2d6a53fde3d851b59569bd66e7900aa6e96f4ec9) supabase-2026.04: use awk-based kong entrypoint script for kong 3.9 - [`03b20bb`](https://github.com/Dokploy/templates/commit/03b20bbe59ec6185ddf677a1a94ccf6ca09b0d7a) supabase-2026.04: align auth keys with self-hosted-auth-keys standard ### 📊 Changes **4 files changed** (+1828 additions, -0 deletions) <details> <summary>View changed files</summary> ➕ `blueprints/supabase-2026.04/docker-compose.yml` (+595 -0) ➕ `blueprints/supabase-2026.04/supabase.svg` (+15 -0) ➕ `blueprints/supabase-2026.04/template.toml` (+1200 -0) 📝 `meta.json` (+18 -0) </details> ### 📄 Description ## What is this PR about? New PR of **SupaBase (2026.04)** — a refreshed self-hosted Supabase blueprint at `blueprints/supabase-2026.04`, added **alongside** the existing `supabase` blueprint (which is left untouched, so current users are unaffected and can migrate when ready). It updates the whole stack to the latest upstream releases and brings the blueprint into full compliance with the Dokploy template validator. ### Image updates (all 13 services) | Service | Old | New | |---|---|---| | studio | 2025.04.21-sha-173cc56 | 2026.04.27-sha-5f60601 | | kong | kong:2.8.1 | kong/kong:3.9.1 | | auth (gotrue) | v2.171.0 | v2.186.0 | | rest (postgrest) | v12.2.11 | v14.8 | | realtime | v2.34.47 | v2.76.5 | | storage-api | v1.22.7 | v1.48.26 | | imgproxy | v3.8.0 | v3.30.1 | | postgres-meta | v0.88.9 | v0.96.3 | | edge-runtime | v1.67.4 | v1.71.2 | | logflare | 1.12.0 | 1.36.1 | | postgres | 15.8.1.060 | 15.8.1.085 | | vector | 0.28.1-alpine | 0.53.0-alpine | | supavisor | 2.5.1 | 2.7.4 | ### Config changes synced from upstream Supabase - `LOGFLARE_API_KEY` → `LOGFLARE_PUBLIC_ACCESS_TOKEN` + `LOGFLARE_PRIVATE_ACCESS_TOKEN`; `vector.yml` sinks moved to the `x-api-key` header format and the config is updated for **Vector 0.53** (e.g. `parse_timestamp!` replaces the removed `to_timestamp!`). - `IMGPROXY_ENABLE_WEBP_DETECTION` → `IMGPROXY_AUTO_WEBP`; added `IMGPROXY_MAX_SRC_RESOLUTION`. - Added `PG_META_CRYPTO_KEY` and `S3_PROTOCOL_ACCESS_KEY_ID/SECRET` (auto-generated by Dokploy helpers). - Auth keys aligned with the [[self-hosted auth keys guide](https://supabase.com/docs/guides/self-hosting/self-hosted-auth-keys)](https://supabase.com/docs/guides/self-hosting/self-hosted-auth-keys): legacy HS256 keys (`JWT_SECRET`/`ANON_KEY`/`SERVICE_ROLE_KEY`) are generated with the standard `{role, iss, iat, exp}` payload; the optional asymmetric ES256 / opaque keys (`JWT_KEYS`, `JWT_JWKS`, `SUPABASE_PUBLISHABLE_KEY`, `SUPABASE_SECRET_KEY`, `ANON_KEY_ASYMMETRIC`, `SERVICE_ROLE_KEY_ASYMMETRIC`) are left empty by design (they require per-install EC keypair generation and must not be shared across deployments) with documented enable steps. - `rest` now uses `PGRST_JWT_SECRET: ${JWT_JWKS:-${JWT_SECRET}}`; `auth`/`realtime`/`storage` carry commented JWKS lines to enable after generating keys. - New Kong plugins (`request-termination`, `ip-restriction`, `post-function`), `KONG_DNS_NOT_FOUND_TTL`, `KONG_PROXY_ACCESS_LOG`; kong now uses an `awk`-based entrypoint script (the old `eval/echo` templating broke YAML quoting and `kong/kong:3.9` runs as a non-root user with `/entrypoint.sh`). - Studio snippet/edge-function volumes + management-folder envs; new `deno-cache` named volume. ## Checklist - [x] I have read the suggestions in the README.md file https://github.com/Dokploy/templates?tab=readme-ov-file#general-requirements-when-creating-a-template - [x] I have tested the template in my instance, so the maintainers don't spend time trying to figure out what's wrong. - [x] I have added tests that demonstrate that my correction works or that my new feature works. ## Issues related (if applicable) N/A ## Screenshots or Videos Deployed and verified end-to-end on a live Dokploy instance — all 13 services healthy, Studio dashboard reachable, API/Storage working. Demo video: https://www.loom.com/share/55b3f1d2db9245dda5f533997b45debd --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2026-06-13 14:16:13 -05:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/templates#12495