infra/postgres/init.sh

#!/bin/bash
# PostgreSQL initialization script for development environment
# Creates: workclub (application data), keycloak (Keycloak metadata)

set -e

# Create application database
psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
    CREATE USER workclub WITH PASSWORD 'dev_password_change_in_production';
    CREATE DATABASE workclub OWNER workclub;
    ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON TABLES TO workclub;
    ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON SEQUENCES TO workclub;
EOSQL

# Create app_admin role for RLS bypass (used by SeedDataService)
psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "workclub" <<-EOSQL
    CREATE ROLE app_admin;
    GRANT app_admin TO workclub WITH INHERIT FALSE, SET TRUE;
    ALTER DEFAULT PRIVILEGES FOR ROLE workclub IN SCHEMA public GRANT ALL ON TABLES TO app_admin;
    ALTER DEFAULT PRIVILEGES FOR ROLE workclub IN SCHEMA public GRANT ALL ON SEQUENCES TO app_admin;
EOSQL

# Create Keycloak database
psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL
    CREATE USER keycloak WITH PASSWORD 'keycloakpass';
    CREATE DATABASE keycloak OWNER keycloak;
EOSQL

# Grant privileges in keycloak database
psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "keycloak" <<-EOSQL
    GRANT ALL ON SCHEMA public TO keycloak;
    ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON TABLES TO keycloak;
    ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON SEQUENCES TO keycloak;
EOSQL

echo "PostgreSQL initialization complete: workclub and keycloak databases created"
infra(docker): add Docker Compose with PostgreSQL and Keycloak - Add docker-compose.yml (v3.9) with postgres:16-alpine and keycloak:26.1 services - Configure PostgreSQL with separate workclub and keycloak databases - Setup Keycloak with database backend, admin user, and realm import capability - Create PostgreSQL init script to provision development databases and users - Add placeholder realm-export.json for Keycloak realm configuration - Configure healthchecks and app-network bridge for service discovery - Document configuration and patterns in learnings.md 2026-03-03 14:07:29 +01:00			`#!/bin/bash`
			`# PostgreSQL initialization script for development environment`
			`# Creates: workclub (application data), keycloak (Keycloak metadata)`

			`set -e`

			`# Create application database`
			`psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL`
fix(keycloak): update user club attributes with real database UUIDs - Replaced placeholder UUIDs (club-1-uuid, club-2-uuid) with real database UUIDs - Updated all 5 test users via Keycloak database - Restarted Keycloak to clear caches and apply changes Impact: - JWT tokens now contain real UUIDs in clubs claim - API endpoints accept X-Tenant-Id with real UUIDs (returns 200 OK) - Unblocks 46 remaining QA scenarios Documentation: - Created update-keycloak-club-uuids.py script for automation - Added KEYCLOAK_UPDATE_GUIDE.md with step-by-step instructions - Recorded learnings in notepad Ref: .sisyphus/evidence/final-f3-manual-qa.md lines 465-512 2026-03-05 14:21:44 +01:00			`CREATE USER workclub WITH PASSWORD 'dev_password_change_in_production';`
			`CREATE DATABASE workclub OWNER workclub;`
			`ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON TABLES TO workclub;`
			`ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON SEQUENCES TO workclub;`
infra(docker): add Docker Compose with PostgreSQL and Keycloak - Add docker-compose.yml (v3.9) with postgres:16-alpine and keycloak:26.1 services - Configure PostgreSQL with separate workclub and keycloak databases - Setup Keycloak with database backend, admin user, and realm import capability - Create PostgreSQL init script to provision development databases and users - Add placeholder realm-export.json for Keycloak realm configuration - Configure healthchecks and app-network bridge for service discovery - Document configuration and patterns in learnings.md 2026-03-03 14:07:29 +01:00			`EOSQL`

fix(infra): add privileges and fix Keycloak configuration for auth Update realm-export.json with fixed UUID endianness, correct passwords, mappers, and SSL configuration. Add ALTER DEFAULT PRIVILEGES for app_admin in PostgreSQL init.sh to ensure proper role permissions. Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai> 2026-03-05 19:22:37 +01:00			`# Create app_admin role for RLS bypass (used by SeedDataService)`
			`psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "workclub" <<-EOSQL`
			`CREATE ROLE app_admin;`
			`GRANT app_admin TO workclub WITH INHERIT FALSE, SET TRUE;`
			`ALTER DEFAULT PRIVILEGES FOR ROLE workclub IN SCHEMA public GRANT ALL ON TABLES TO app_admin;`
			`ALTER DEFAULT PRIVILEGES FOR ROLE workclub IN SCHEMA public GRANT ALL ON SEQUENCES TO app_admin;`
			`EOSQL`

infra(docker): add Docker Compose with PostgreSQL and Keycloak - Add docker-compose.yml (v3.9) with postgres:16-alpine and keycloak:26.1 services - Configure PostgreSQL with separate workclub and keycloak databases - Setup Keycloak with database backend, admin user, and realm import capability - Create PostgreSQL init script to provision development databases and users - Add placeholder realm-export.json for Keycloak realm configuration - Configure healthchecks and app-network bridge for service discovery - Document configuration and patterns in learnings.md 2026-03-03 14:07:29 +01:00			`# Create Keycloak database`
			`psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" <<-EOSQL`
			`CREATE USER keycloak WITH PASSWORD 'keycloakpass';`
			`CREATE DATABASE keycloak OWNER keycloak;`
fix(infra): replace PostgreSQL init.sql with init.sh for correct schema initialization - Removed invalid init.sql with syntax error (ALTER DEFAULT PRIVILEGES IN DATABASE unsupported) - Added init.sh with corrected SQL using IN SCHEMA public - Fixes PostgreSQL initialization for RLS and permissions setup Ultraworked with Sisyphus <https://github.com/code-yeongyu/oh-my-opencode> Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai> 2026-03-05 11:07:12 +01:00			`EOSQL`

			`# Grant privileges in keycloak database`
			`psql -v ON_ERROR_STOP=1 --username "$POSTGRES_USER" --dbname "keycloak" <<-EOSQL`
			`GRANT ALL ON SCHEMA public TO keycloak;`
			`ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON TABLES TO keycloak;`
			`ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL ON SEQUENCES TO keycloak;`
infra(docker): add Docker Compose with PostgreSQL and Keycloak - Add docker-compose.yml (v3.9) with postgres:16-alpine and keycloak:26.1 services - Configure PostgreSQL with separate workclub and keycloak databases - Setup Keycloak with database backend, admin user, and realm import capability - Create PostgreSQL init script to provision development databases and users - Add placeholder realm-export.json for Keycloak realm configuration - Configure healthchecks and app-network bridge for service discovery - Document configuration and patterns in learnings.md 2026-03-03 14:07:29 +01:00			`EOSQL`

			`echo "PostgreSQL initialization complete: workclub and keycloak databases created"`