feat(pull): add debug logs for ssl check

[avallete]

What kind of change does this PR introduce?

When SUPABASE_CA_SKIP_VERIFY is set to true, also skip peer cert check and verify connection.

Add a SUPABASE_SSL_DEBUG flag to allow to debug only SSL related issue while filtering out the noise of the generic --debug flag.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

Configuration used: Central YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Pro

Cache: Disabled due to Reviews > Disable Cache setting

Disabled knowledge base sources:

• Linear integration is disabled

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 4c759e2 and b699082.

⛔ Files ignored due to path filters (1)

• internal/gen/types/types.go is excluded by !**/gen/**

📒 Files selected for processing (5)

• internal/db/diff/diff.go
• internal/db/diff/migra.go
• internal/db/diff/pgdelta.go
• internal/db/diff/templates/migra.sh
• internal/db/diff/templates/migra.ts

💤 Files with no reviewable changes (1)

• internal/db/diff/pgdelta.go

---

📝 Walkthrough

Summary by CodeRabbit

• New Features

  • Added SSL debugging capability via SUPABASE_SSL_DEBUG environment variable for enhanced troubleshooting of database connections and schema diffs.

• Improvements

  • Enhanced error logging with structured diagnostic details for better debugging.
  • Added URL redaction to mask sensitive credentials in debug output for improved security.
  • Improved schema diff reliability with better error handling and diagnostic information.

Walkthrough

The pull request refactors and extends the schema diffing infrastructure with enhanced SSL/TLS debugging capabilities. It relocates the diffWithStream helper function from pgdelta.go to diff.go, updates the environment construction in migra.go to include INCLUDED_SCHEMAS or EXCLUDED_SCHEMAS, and adds support for the SUPABASE_SSL_DEBUG environment variable throughout the diff pipeline. When debug mode is enabled, diagnostic information is logged at multiple layers: in the Go code (migra.go), shell script (migra.sh), and TypeScript template (migra.ts). The TypeScript layer introduces a URL redaction utility to mask passwords in debug output, and the shell script conditionally logs per-schema execution status and environment details.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

Adds targeted SSL/TLS debugging and adjusts TLS probing behavior to better support environments where certificate verification is intentionally skipped (e.g., SUPABASE_CA_SKIP_VERIFY=true), while avoiding the noise of the general --debug flag.

Changes:

• Add SUPABASE_SSL_DEBUG-gated debug logs around root CA detection / TLS probing and in migra templates.
• When SUPABASE_CA_SKIP_VERIFY=true, disable additional TLS verification hooks during the TLS-capability probe.
• Refactor diffWithStream into internal/db/diff/diff.go (shared helper) and adjust shutdown-error filtering.

Reviewed changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated 4 comments.

Show a summary per file

File	Description
internal/gen/types/types.go	Adds SSL debug logging, URL redaction helper, and expands skip-verify behavior during TLS probe.
internal/db/diff/templates/migra.ts	Adds SSL-scoped debug logging and URL redaction for SOURCE/TARGET.
internal/db/diff/templates/migra.sh	Adds SSL-scoped debug logging for migra bash wrapper execution.
internal/db/diff/pgdelta.go	Removes duplicated diffWithStream helper (now centralized).
internal/db/diff/migra.go	Forwards SUPABASE_SSL_DEBUG into containers and logs key SSL-related context.
internal/db/diff/diff.go	Centralizes diffWithStream and adjusts filtering of a known edge-runtime shutdown message.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

[coveralls]

Pull Request Test Coverage Report for Build 23290441342

Details

• 72 of 142 (50.7%) changed or added relevant lines in 3 files are covered.
• 7 unchanged lines in 2 files lost coverage.
• Overall coverage decreased (-0.2%) to 61.676%

---

Changes Missing Coverage	Covered Lines	Changed/Added Lines	%
internal/db/diff/diff.go	30	32	93.75%
internal/db/diff/migra.go	2	18	11.11%
internal/gen/types/types.go	40	92	43.48%

Files with Coverage Reduction	New Missed Lines	%
internal/db/diff/migra.go	2	21.79%
internal/utils/git.go	5	57.14%

Totals
Change from base Build 23284159991:	-0.2%
Covered Lines:	8074
Relevant Lines:	13091

---

💛 - Coveralls