shishantbiswas/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2026-06-02 20:48:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore: add lint/migrations to detect hardcoded public schema (#21496)

Browse Source 
## Problem

Migration 000401 introduced a hardcoded `public.` schema qualifier which
broke deployments using non-public schemas (see #21493). We need to
prevent this from happening again.

## Solution

Adds a new `lint/migrations` Make target that validates database
migrations do not hardcode the `public` schema qualifier. Migrations
should rely on `search_path` instead to support deployments using
non-public schemas.

## Changes

- Added `scripts/check_migrations_schema.sh` - a linter script that
checks for `public.` references in migration files (excluding test
fixtures)
- Added `lint/migrations` target to the Makefile
- Added `lint/migrations` to the main `lint` target so it runs in CI

## Testing

- Verified the linter **fails** on current `main` (which has the
hardcoded `public.` in migration 000401)
- Verified the linter **passes** after applying the fix from #21493

```bash
# On main (fails)
$ make lint/migrations
ERROR: Migrations must not hardcode the 'public' schema. Use unqualified table names instead.

# After fix (passes)
$ make lint/migrations
Migration schema references OK
```

## Depends on

- #21493 must be merged first (or this PR will fail CI until it is)

---------

Signed-off-by: Danny Kopping <danny@coder.com>
Co-authored-by: blink-so[bot] <211532188+blink-so[bot]@users.noreply.github.com>
Co-authored-by: Danny Kopping <danny@coder.com>
This commit is contained in:
blinkagent[bot]
2026-01-15 14:17:16 +02:00
committed by GitHub
parent 5073493850
commit d5296a4855
9 changed files with 766 additions and 712 deletions
Download Patch File Download Diff File Expand all files Collapse all files
scripts/check_pg_schema.sh
Executable
+45
View File
@@ -0,0 +1,45 @@
#!/usr/bin/env bash
# This script checks that SQL files do not hardcode the "public" schema;
# they should rely on search_path instead to support deployments using
# non-public schemas.
#
# Usage: check_pg_schema.sh <label> [files...]
# Example: check_pg_schema.sh "Migrations" file1.sql file2.sql
set -euo pipefail
# shellcheck source=scripts/lib.sh
source "$(dirname "${BASH_SOURCE[0]}")/lib.sh"
cdroot
if [[ $# -lt 1 ]]; then
error "Usage: check_pg_schema.sh <label> [files...]"
exit 1
fi
label=$1
shift
# No files provided, nothing to check.
if [[ $# -eq 0 ]]; then
log "$label schema references OK (no files to check)"
exit 0
fi
files=("$@")
set +e
matches=$(grep -l 'public\.' "${files[@]}" 2>/dev/null)
set -e
if [[ -n "$matches" ]]; then
log "ERROR: $label must not hardcode the 'public' schema. Use unqualified table names instead."
echo "The following files contain 'public.' references:" >&2
while read -r file; do
echo " $file" >&2
grep -n 'public\.' "$file" | head -5 | sed 's/^/ /' >&2
done <<<"$matches"
exit 1
fi
log "$label schema references OK"