digital-identity-platform-docs
digital-identity-platform-docs / supabase/functions/provision_sgtm_container
supabase/functions/provision_sgtm_container
Provisions a new Server-side GTM container with infrastructure setup.
Cloudflare Architecture Context
| Attribute | Value |
|---|---|
| Classification | 🟡 TRANSITIONAL |
| Position | App Backend (internal orchestration) |
| Receives Public Traffic | No (called by sgtm-containers internally) |
| Latency Sensitive | No (async provisioning) |
| Safe to Retry | No (creates resources) |
| Failure Behavior | Marks container as error |
⚠️ TRANSITION NOTE
This function is called internally by sgtm-containers and duplicates much of its logic. Consider consolidating into a single provisioning endpoint.
Planned Consolidation: Merge into sgtm-containers to reduce code duplication.
Overview
This Edge Function handles the complete provisioning workflow for a new SGTM container: port reservation, database record creation, optional first site setup, and infrastructure provisioning via external service.
Endpoint
POST /functions/v1/provision_sgtm_container
Authentication
Service role (internal) - uses SUPABASE_SERVICE_ROLE_KEY. Infrastructure calls authenticated via INFRA_SECRET.
Behavior
- Reserves ports from
port_pooltable - Creates container record with "provisioning" status
- Marks ports as used and links to container
- Optionally creates first site with domain
- Calls infrastructure provisioner (Hetzner: Caddy + Docker)
- Updates container status to "active" or "error"
Tables Touched
port_pool(read/write)sgtm_containers(write)sites(write, optional)site_domains(write, optional)
External Services
- Infrastructure Provisioner (Hetzner) via
INFRA_PROVISIONER_URL
Notes
- Multi-step operation with partial rollback on infra failure
- Container marked as "error" if infrastructure provisioning fails
- Generates hostnames based on slugified container name