fix(api): don't run migrations as moments_ro
The api connects as the read-only role and was failing on startup with `permission denied for schema public` because moments_ro lacks CREATE rights — moments_rw owns the database and runs migrations. Migrations are now owned exclusively by moments-worker. In deploy (step 7) systemd ordering ensures the worker runs at least once before the api unit starts, so the schema is in place by the time the api accepts traffic. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
@@ -36,8 +36,12 @@ async fn main() -> anyhow::Result<()> {
|
|||||||
init_tracing();
|
init_tracing();
|
||||||
let args = Args::parse();
|
let args = Args::parse();
|
||||||
|
|
||||||
|
// The api connects as moments_ro and never writes — migrations are owned
|
||||||
|
// by moments-worker, which is the database owner (moments_rw). Running
|
||||||
|
// migrations from here would fail with `permission denied for schema
|
||||||
|
// public`. The worker must have run at least once before the api accepts
|
||||||
|
// traffic; in deploy this is ordered via systemd dependencies (§3).
|
||||||
let store = PgStore::connect(&args.database_url).await?;
|
let store = PgStore::connect(&args.database_url).await?;
|
||||||
store.migrate().await?;
|
|
||||||
let state = AppState {
|
let state = AppState {
|
||||||
store: Arc::new(store),
|
store: Arc::new(store),
|
||||||
};
|
};
|
||||||
|
|||||||
Reference in New Issue
Block a user