-- Set tradein_fdw_reader password from env. -- Applied by .forgejo/workflows/deploy.yml after main DB migrations: -- psql -v pw="$GENDESIGN_FDW_PASSWORD" -f ops/db-bootstrap/set_tradein_fdw_password.sql -- -- Idempotent: ALTER if role exists, NOTICE and continue if missing -- (migration 100_tradein_fdw_role.sql might not have applied yet on first deploy). -- Password is NEVER stored in this file or in git — only the variable name. -- -- Format %L escapes the password as a SQL string literal — safe even with quotes. -- Combined with the regex whitelist on the backend side (fdw.py _PASSWORD_RE) -- this gives defense-in-depth. -- -- Extracted from deploy.yml inline DO block (PR #493 deploy/1156 incident). -- The original block used multi-line backslash continuations inside a double-quoted -- bash string with $$-dollar-quoting + psql variable substitution — fragile escaping -- that likely caused the bootstrap step to fail before `compose up -d` ran. -- Using `-f ` with psql-native variable substitution via `-v pw=` is safe. DO $$ BEGIN IF EXISTS (SELECT 1 FROM pg_roles WHERE rolname = 'tradein_fdw_reader') THEN EXECUTE format('ALTER ROLE tradein_fdw_reader WITH PASSWORD %L', :'pw'); RAISE NOTICE 'tradein_fdw_reader password set'; ELSE RAISE NOTICE 'tradein_fdw_reader role missing — migration 100_tradein_fdw_role.sql not applied yet'; END IF; END $$;