diff --git a/.github/workflows/validate-workflow.yml b/.github/workflows/validate-workflow.yml index 921512be..d35204fc 100644 --- a/.github/workflows/validate-workflow.yml +++ b/.github/workflows/validate-workflow.yml @@ -73,7 +73,7 @@ jobs: # TODO: Figure out a pattern to make environment variables parsed / required on demand rather than on startup time # Ideally have a way to switch between the two... Where we can also choose proactive parsing for sanity checking... - name: Run health check - run: JWT_SECRET_OR_PUBLIC_KEY=NOOP POSTGRES_OR_WEBHOOK_URL=noop NEXT_PUBLIC_SUPABASE_URL=noop NEXT_PUBLIC_SUPABASE_ANON_KEY=noop node --loader tsx ./bin/venice.ts health + run: JWT_SECRET_OR_PUBLIC_KEY=NOOP POSTGRES_OR_WEBHOOK_URL=noop NEXT_PUBLIC_SUPABASE_URL=noop NEXT_PUBLIC_SUPABASE_ANON_KEY=noop NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY=noop CLERK_SECRET_KEY=noop node --loader tsx ./bin/venice.ts health - name: Run migration check run: POSTGRES_OR_WEBHOOK_URL=postgres://postgres:test@localhost:5432/test pnpm migration up diff --git a/apps/app-config/commonConfig.ts b/apps/app-config/commonConfig.ts index 64842729..62d74586 100644 --- a/apps/app-config/commonConfig.ts +++ b/apps/app-config/commonConfig.ts @@ -19,6 +19,10 @@ export const commonEnv = zParser(zCommonEnv).parse({ NEXT_PUBLIC_SUPABASE_ANON_KEY: process.env['NEXT_PUBLIC_SUPABASE_ANON_KEY']!, NEXT_PUBLIC_SENTRY_DSN: process.env['NEXT_PUBLIC_SENTRY_DSN']!, NEXT_PUBLIC_POSTHOG_WRITEKEY: process.env['NEXT_PUBLIC_POSTHOG_WRITEKEY']!, + NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY: + process.env['NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY']!, + NEXT_PUBLIC_CLERK_SUPABASE_JWT_TEMPLATE_NAME: + process.env['NEXT_PUBLIC_CLERK_SUPABASE_JWT_TEMPLATE_NAME']!, DEFAULT_CONNECT_ENV: ( { production: 'production', diff --git a/apps/app-config/env.ts b/apps/app-config/env.ts index 253232dd..15d17154 100644 --- a/apps/app-config/env.ts +++ b/apps/app-config/env.ts @@ -11,11 +11,14 @@ export const zCommonEnv = zEnvVars({ NEXT_PUBLIC_SUPABASE_ANON_KEY: z.string(), NEXT_PUBLIC_SENTRY_DSN: z.string().optional(), NEXT_PUBLIC_POSTHOG_WRITEKEY: z.string().optional(), + NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY: z.string(), + NEXT_PUBLIC_CLERK_SUPABASE_JWT_TEMPLATE_NAME: z.string().default('supabase'), - // TODO: Deprecate me? + // Deprecated + // TODO: Deprecate me? prefix with NEXT_PUBLIC please DEFAULT_CONNECT_ENV: zEnvName.default('sandbox'), - // TODO: Make use of me... + // TODO: Make use of me... prefix with NEXT_PUBLIC please NODE_ENV: z .string() .optional() @@ -31,6 +34,8 @@ export const zBackendEnv = zEnvVars({ .trim() .describe('Used for validating authenticity of accessToken'), + CLERK_SECRET_KEY: z.string(), + SENTRY_CRON_MONITOR_ID: z .string() .optional() diff --git a/apps/web/contexts/ClientRoot.tsx b/apps/web/contexts/ClientRoot.tsx index d205fb7c..165e9fbe 100644 --- a/apps/web/contexts/ClientRoot.tsx +++ b/apps/web/contexts/ClientRoot.tsx @@ -5,6 +5,7 @@ import type {RealtimeClient} from '@supabase/realtime-js' import {QueryClientProvider} from '@tanstack/react-query' import React, {useEffect, useRef} from 'react' +import {commonEnv} from '@usevenice/app-config/commonConfig' import {getViewerId, zViewerFromUnverifiedJwtToken} from '@usevenice/cdk-core' import {TRPCProvider, trpcReact} from '@usevenice/engine-frontend' import {Toaster} from '@usevenice/ui/new-components' @@ -23,7 +24,10 @@ export function ClientRootWithClerk(props: { const auth = useAuth() const status: AsyncStatus = auth.isLoaded ? 'loading' : 'success' useEffect(() => { - void auth.getToken({template: 'supabase'}).then((t) => setAccessToken(t)) + // TODO: Are we better off signing ourselves server side and avoid needing a round-trip to Clerk? + // Access token is needed because we need to connect to supabase-realtime + const template = commonEnv.NEXT_PUBLIC_CLERK_SUPABASE_JWT_TEMPLATE_NAME + void auth.getToken({template}).then((t) => setAccessToken(t)) }, [auth]) // eslint-disable-next-line @typescript-eslint/no-unsafe-member-access, @typescript-eslint/no-explicit-any