- Day-to-day PRs only touch the Dev environment.
- Promotions to live production are an explicit
prod → productionrelease PR. - Supabase Branching only spins up preview DBs in one Supabase project per PR (no more duplicated
Supabase Previewfailures from two competing projects, as seen on PR #123/#124).
docs/development/supabase/SUPABASE_MULTI_ENV_SETUP.md or any in-dashboard setting screenshot, this document wins. Update both together.
1. Canonical mapping
Naming gotcha. The GitHub default branch is namedFrontend pairing is enforced at build time inprod, but it is the dev tier. The branch literally namedproductionis the live production tier. This mismatch is intentional (preserves history) but easy to misread. Do not rename.
vite.config.ts via the platform-managed VERCEL_PROJECT_ID system variable. Do not add user-defined Vercel env vars for VITE_SUPABASE_URL / VITE_SUPABASE_PUBLISHABLE_KEY (CI guards this via npm run check:no-vercel-env-config).
CLI/migrations pairing is captured in supabase/config.toml:
2. PR / deployment lifecycle
2.1 Feature work (default)
- Branch off
prod:git checkout -b cursor/<task>-####. - Open a PR with base =
prod. - On open, the following side effects occur:
- Vercel
encoreos_devbuilds a Preview Deployment, statically pinned to Supabaseanuwknikgsijbameytzr. - Supabase
Encore OS(anuwknikgsijbameytzr) Branching creates a per-PR preview DB and replays migrations. TheSupabase PreviewGitHub check reports its status. - Vercel
encoreos_prodand Supabaseencore_os_prodare not touched (see §3 for how this is enforced).
- Vercel
- Merge to
prod⇒ Vercelencoreos_devdeploys to its production URL (the dev environment), and SupabaseEncore OSis updated by a successful Branching deploy run.
2.2 Promotion to live production
- Open a release PR with head =
prodand base =production. - On open, only the production tier is touched:
- Vercel
encoreos_prodbuilds a Preview Deployment. - Supabase
encore_os_prod(aximlomrwfuhctxjhrsf) Branching creates a per-PR preview DB.
- Vercel
- Merge ⇒ Vercel
encoreos_proddeploys to the live production URL; Supabaseencore_os_prodBranching applies migrations to the live production DB.
Production is a one-way door. Do not direct-commit to production.
2.3 Promotion order: Branching preview, GitHub merge, and db push
Canonical intent: The Supabase Preview check on a prod → production PR replays supabase/migrations against the production-tier preview database (aximlomrwfuhctxjhrsf). Treat that preview as the primary validation signal for “what will run in prod.”
Recommended sequence:
- Open the release PR (
prod→production) and wait until Supabase Preview (and your usual Vercel preview checks) are green. - GitHub branch protection: mark the Supabase GitHub check as a required status on
production, so merges are blocked when preview fails. - Merge the PR on GitHub. With Deploy to production enabled in the Supabase GitHub integration (see §3.2), Branching applies the same migration chain to the live production database.
- Deploy Supabase (production) workflow (
.github/workflows/supabase-deploy-prod.yml) still runssupabase db push --yeson push toproductionas a reconcile with the repo. Keep migration files identical to what Branching replays so both paths stay aligned. - Break-glass: if migrations were applied only via the Supabase Dashboard (or another one-off path) and
db pushwould be redundant or risky, run the same workflow manually withskip_db_pushenabled so Edge Functions and other steps can still run without a second push.
db push different content. One owner per promotion: repo migrations + Branching replay + optional CI db push, or documented break-glass only.
3. Supabase dashboard configuration (operator)
Both Supabase projects use the same GitHub repository (Encore-OS/encoreos) but must each declare a different Production Branch and have appropriate Branching scope so previews don’t collide.
For each project below, open Supabase Dashboard → Project Settings → Integrations → GitHub Integration → Manage.
3.1 Encore OS (anuwknikgsijbameytzr) — Dev tier
Effect: every PR opened against
prod gets exactly one preview DB inside this project. Today the Production Branch on this project is incorrectly prod already (verified via MCP list_branches: default branch row has git_branch: "prod"), so the only required change here is to confirm settings match the table.
3.2 encore_os_prod (aximlomrwfuhctxjhrsf) — Production tier
Effect: regular feature PRs targeting
prod will not create preview DBs in this project. Only the explicit prod → production release PR creates a preview DB here. This eliminates the duplicate Supabase Preview failure pattern observed on PR #123/#124, where a single feature PR triggered identical migration replay in both projects.
If “Automatic branching = OFF” turns out to be too restrictive (e.g. you want a smoke deploy on every release-candidate PR), set it to ON + “Supabase changes only = ON” so only PRs that touchsupabase/**and targetproductionconsume a production-tier preview DB.
3.3 Verification
After applying §3.1 and §3.2:Encore OS(anuwknikgsijbameytzr)list_branchesshould showdefault_branch_row.git_branch = "prod"and one row per PR targetingprod.encore_os_prod(aximlomrwfuhctxjhrsf)list_branchesshould showdefault_branch_row.git_branch = "production"and one row only when there is an openprod → productionrelease PR.
4. Vercel dashboard configuration (operator)
For each Vercel project, open Vercel → Project → Settings → Git.4.1 encoreos_dev (prj_iMHAljBMLDQXONzL9g7XUHH6CzrP)
4.2 encoreos_prod (prj_NZTWEPkUXJ3jM51uh91Ty8Np9K7c)
4.3 Optional: prevent both Vercel projects from previewing the same PR
By default Vercel will deploy a Preview for every PR on a connected repo, regardless of which branch the PR targets. To restrict each project so a single PR only produces a preview in the matching project:- In
encoreos_dev→ Settings → Git → “Ignored Build Step”, keep the in-repovercel.jsonignoreCommand(already set). It will short-circuit identical builds. - In
encoreos_prod→ Settings → Git → “Branch Tracking”, set “Only deploy preview branches matching pattern” toprod. That stops it from building previews for arbitrarycursor/*branches.
5. Repo-side guardrails
These already exist; the alignment relies on them staying in place.6. One-time cleanup actions
After §3 and §4 are applied, perform these once:- Close stale duplicate-tier PRs. PR #123 (
Gr-ux → production) and PR #124 (Gr-ux → prod) both exist for historical reasons. Once branching is realigned, decide which target is correct:- If the change is dev-bound, keep PR #124 (
→ prod) and close PR #123. - If it is also intended for live production, do not target
productiondirectly from a feature branch; merge toprodfirst, then open a release PRprod → production.
- If the change is dev-bound, keep PR #124 (
- Re-run the Supabase Preview check on the surviving PR after §3 is applied. It should now run against only one Supabase project.
- Optional but recommended: delete or repurpose the legacy GitHub branch named
productionif the team decides the dev/prod separation should beprod → mainordevelop → prodinstead. Keep this document in sync if you do.
7. Failure-mode reference
8. References
supabase/config.tomlvite.config.ts(SUPABASE_PROJECTS,VERCEL_PROJECT_TO_SUPABASE)docs/development/supabase/SUPABASE_MULTI_ENV_SETUP.mddocs/development/supabase/SUPABASE_RECONCILE_2026-04.mddocs/development/VERCEL_ENV_REMOVAL_EXECUTION_2026-04-20.md- Supabase Branching — GitHub Integration
- Supabase Branching — Working with branches
- Vercel for GitHub