SupaForge
GUIDE

How to Set Up Automated Environment Scans

Detect drift early with scheduled scans and CI/CD integration.

Note: The SupaForge CLI is currently being prepared for public release. to be notified when it's available.

Why Automate Scans?

Manual scans catch drift — automated scans prevent it. By integrating SupaForge into your CI pipeline or running it on a cron schedule, you get notified the moment a change in one environment diverges from another.

This is especially important for teams where multiple developers make changes through the Supabase Dashboard, Studio, or Management API without going through a formal migration process.

Option 1 — GitHub Actions

Add a workflow that runs on every push to main or on a daily schedule. The scan command exits with a non-zero code when drift is detected, which fails the pipeline.

.github/workflows/drift-check.yml
name: Drift Check

on:
  push:
    branches: [main]
  schedule:
    - cron: '0 8 * * *'  # Daily at 08:00 UTC

jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - uses: actions/setup-node@v4
        with:
          node-version: 20

      - name: Install SupaForge
        run: npm i -g @akalforge/supaforge

      - name: Run drift scan
        env:
          SUPAFORGE_SOURCE: ${{ secrets.SUPAFORGE_SOURCE }}
          SUPAFORGE_TARGET: ${{ secrets.SUPAFORGE_TARGET }}
        run: supaforge scan

Store your connection strings as GitHub secrets — never commit credentials to the repository.

Option 2 — GitLab CI

.gitlab-ci.yml
drift-check:
  image: node:20
  script:
    - npm i -g @akalforge/supaforge
    - supaforge scan
  rules:
    - if: $CI_COMMIT_BRANCH == "main"
    - if: $CI_PIPELINE_SOURCE == "schedule"

Option 3 — Cron + Webhook

If you're not using CI/CD, run the scan on a server or local machine with cron and pipe the output to a Slack or Discord webhook:

crontab -e
# Run every 6 hours
0 */6 * * * cd /path/to/project && npx supaforge scan 2>&1 | curl -X POST -d @- https://hooks.slack.com/services/YOUR/WEBHOOK/URL

Reading Scan Results

The scan command outputs:

  • Drift score — 0 (identical) to 100 (completely diverged).
  • Per-check summary — number of issues per check.
  • Issue details — each drift finding with severity and fix SQL.
  • Exit code — 0 if environments match, 1 if drift was found.

Best Practices

  • Run against staging → production. The source should be the environment where changes are made first.
  • Start with a daily schedule and tighten to per-push once the team is comfortable with the workflow.
  • Filter checks in CI. If you only care about RLS and auth in the PR check, scope the scan to those checks to keep the step fast.
  • Pin the SupaForge version in CI to avoid unexpected changes from new releases.

Summary

Automated scans turn drift detection from a manual chore into a guardrail. Whether you use GitHub Actions, GitLab CI, or a simple cron job, the goal is the same: know about drift before your users do.

Ready to try SupaForge?

Detect drift across all your Supabase environments in seconds.

View on GitHub