Local docker-compose dev stack with PostgREST, Postgres, and Azurite

Commit `56cadfe6` adds a self-contained local dev environment: Postgres 16, PostgREST v12.2.3, and Azurite wired together in `docker-compose.dev.yml`, with helper scripts for role setup, JWT minting, and a smoke check. No hosted dependency required to run the backend locally.

infrastructure

Maintained by Allen Morgan · verified on MikeWatch

The compose file mirrors the fork's production topology at development scale. Postgres 16 gets the web_anon / authenticated / service_role role topology seeded via scripts/local-stack/00-init-roles.sql - the same three roles that migration 0005_postgres_roles creates in production. PostgREST v12.2.3 (pinned to match the fork's Azure Container Registry image) points at the local Postgres, with the anon role defaulting to service_role to match entra-mode behavior.

scripts/local-stack/forge-jwt.mjs generates HS256 JWTs against JWT_SECRET for both the service-role and authenticated-role personas. The quick-start in the compose file comment shows the pattern: generate a random secret, spin up the stack, run migrations, mint a JWT, and the backend is talking to a fully functional PostgREST instance.

scripts/dev-infra-check.ps1 does a human-readable status report: checks Docker is present, inspects container health, probes Postgres reachability, verifies the PostgREST schema cache endpoint responds, and checks Azurite blob/queue/table ports. It's PowerShell, so it runs on Windows or Linux with pwsh.

The whole thing is coupled to this fork's role naming and auth-provider abstraction. Pulling just the compose file without the surrounding migration runner and AUTH_PROVIDER logic would need adjustment.

So what Useful if you're adopting the fork's auth-provider abstraction and migration runner - the stack is the local counterpart to their Bicep production deployment. The `forge-jwt.mjs` JWT minting script is a generic pattern worth knowing about regardless. Skip if you're staying on hosted Supabase.

View this fork on GitHub →

Spotted something wrong? Or know the PR text has fresher detail than the writeup above?

Commits in this thread

1 commit from Altien/mikeOssAzure, oldest first. Source extracted verbatim from the harvested git log.

SHA Subject Author Date
56cadfe6 feat(local-stack): docker-compose dev stack + helper scripts Allen Morgan 2026-05-08 ↗ GitHub
commit body
End-to-end developer experience without any hosted dependency.

  * docker-compose.dev.yml         - Postgres 16, PostgREST 12.2.3,
                                     and Azurite (Azure Blob emulator)
                                     wired together for AUTH_PROVIDER=local
                                     development.  Plays the role our
                                     Bicep stack plays in production.

  * scripts/local-stack/00-init-roles.sql
                                   - recreates the PostgREST role
                                     topology (web_anon / authenticated
                                     / service_role) on the freshly
                                     provisioned local Postgres.  This
                                     is the same role topology that the
                                     0005_postgres_roles migration
                                     applies to non-Supabase Azure
                                     Postgres deployments.

  * scripts/local-stack/forge-jwt.mjs
                                   - mints HS256 service-role and
                                     authenticated-role JWTs against
                                     JWT_SECRET so the local backend
                                     and tests can sign in without
                                     standing up a real IdP.

  * scripts/dev-infra-check.ps1     - smoke check: validates Postgres
                                     reachability, the role topology,
                                     PostgREST schema cache, and
                                     Azurite blob endpoints.  Prints a
                                     human-readable status report so a
                                     fresh clone can confirm the stack
                                     is wired up correctly.

Capture this thread into my fork

Download a single Markdown prompt that tells Claude how to port every commit above into your working tree — adapting paths and structure to match your repo. Run it via claude -p < capture-thread-201.md from inside the repo you want the changes in.

⬇ Download capture-thread-201.md