publisher-dashboard/scripts/db-dump

#!/usr/bin/env bash
# Wrapper for dbmate dump that strips PostgreSQL's \restrict lines.
# PostgreSQL 17.6+ adds random \restrict/\unrestrict tokens to pg_dump output
# (CVE-2025-8714 security fix), causing schema.sql to change on every dump.

set -euo pipefail

SCHEMA_FILE="${DBMATE_SCHEMA_FILE:-./db/schema.sql}"

dbmate dump "$@"

# Strip \restrict and \unrestrict lines (they start with backslash)
if [[ -f "$SCHEMA_FILE" ]]; then
  grep -v '^\\' "$SCHEMA_FILE" > "${SCHEMA_FILE}.tmp"
  mv "${SCHEMA_FILE}.tmp" "$SCHEMA_FILE"
fi