fix(seed): require service role key, remove silent fallback

[roshanraj9136]

Problem

seed.ts line 7:

const supabaseServiceKey = process.env.SUPABASE_SERVICE_ROLE_KEY || process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!;

If SUPABASE_SERVICE_ROLE_KEY is unset, the script silently uses the anon key. With RLS policies restricting INSERT/UPDATE on courses and professors to admin, seeding with the anon key fails with confusing permission errors.

Fix

Throw immediately with a clear error message if the key is missing.

File changed (1)

src/lib/seed.ts — 4 lines changed

Summary by CodeRabbit

• Bug Fixes
  • Improved database initialization reliability by enforcing required configuration at startup. The system now fails immediately with a clear error message when necessary credentials are missing, preventing silent failures with incorrect authentication.

[vercel]

@roshanraj9136 is attempting to deploy a commit to the OpenLake_Website Team on Vercel.

A member of the Team first needs to authorize it.

[coderabbitai]

Walkthrough

The seed script now requires both NEXT_PUBLIC_SUPABASE_URL and SUPABASE_SERVICE_ROLE_KEY environment variables to be set at runtime. The change removes the previous fallback that used the anonymous key and adds explicit validation that throws an error if either required variable is missing.

Changes

Supabase Environment Variable Requirements

Layer / File(s)	Summary
Environment variable requirement enforcement src/lib/seed.ts	Seed script validates that both NEXT_PUBLIC_SUPABASE_URL and SUPABASE_SERVICE_ROLE_KEY are present before creating the Supabase client, removing the fallback to the anonymous key and hard-failing with a descriptive error if either is missing.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 A seed now demands the keys be real,
No fallback tricks, just truth to seal,
Environment guards stand firm and tall,
Required, explicit, catching all! 🌱

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: requiring the service role key and removing the silent fallback to the anon key in the seed script.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

src/lib/seed.ts (1)

6-11: 📐 Maintainability & Code Quality | 💤 Low value

Remove the misleading non-null assertion on line 6.

The ! on process.env.NEXT_PUBLIC_SUPABASE_URL! tells TypeScript to assume the value is defined, but line 9 immediately validates that it may be undefined. This creates an inconsistency with supabaseServiceKey (line 7), which correctly omits the assertion since both variables undergo the same runtime check.

♻️ Suggested fix for consistency

-const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL!;
+const supabaseUrl = process.env.NEXT_PUBLIC_SUPABASE_URL;
 const supabaseServiceKey = process.env.SUPABASE_SERVICE_ROLE_KEY;
 
 if (!supabaseUrl || !supabaseServiceKey) {
   throw new Error('NEXT_PUBLIC_SUPABASE_URL and SUPABASE_SERVICE_ROLE_KEY must be set to run seed');
 }

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/lib/seed.ts` around lines 6 - 11, Remove the misleading non-null
assertion on the supabaseUrl declaration: change the const supabaseUrl
assignment so it reads without the trailing "!" (i.e., use
process.env.NEXT_PUBLIC_SUPABASE_URL) to match how supabaseServiceKey is
declared; keep the existing runtime check that throws an Error if either
supabaseUrl or supabaseServiceKey is falsy so TypeScript and runtime behavior
remain consistent for the variables supabaseUrl and supabaseServiceKey.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@src/lib/seed.ts`:
- Around line 6-11: Remove the misleading non-null assertion on the supabaseUrl
declaration: change the const supabaseUrl assignment so it reads without the
trailing "!" (i.e., use process.env.NEXT_PUBLIC_SUPABASE_URL) to match how
supabaseServiceKey is declared; keep the existing runtime check that throws an
Error if either supabaseUrl or supabaseServiceKey is falsy so TypeScript and
runtime behavior remain consistent for the variables supabaseUrl and
supabaseServiceKey.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: a598a9e3-2363-4336-99de-6888037c5522

📥 Commits

Reviewing files that changed from the base of the PR and between cd02e34 and bc61120.

📒 Files selected for processing (1)

• src/lib/seed.ts