mirror of
https://github.com/supabase/setup-cli.git
synced 2026-05-13 11:26:59 +00:00
dependabot/github_actions/actions-minor-patch-4a0b9de8bd
9 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
dependabot[bot]
|
233ca324e9 |
chore(deps): bump ruby/setup-ruby
Bumps the actions-minor-patch group with 1 update in the / directory: [ruby/setup-ruby](https://github.com/ruby/setup-ruby).
Updates `ruby/setup-ruby` from 1.302.0 to 1.307.0
- [Release notes](https://github.com/ruby/setup-ruby/releases)
- [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb)
- [Commits](
|
||
|
Julien Goux
|
f55616e35e |
fix: cache licensed action (#422)
## Summary Automate license cache refreshes during the Licensed CI check. ## Details The Licensed workflow previously ran `licensed status` directly against the committed `.licenses` cache. Dependabot dependency bumps could fail when the cache was stale or missing records, even when the new dependency licenses were allowed. This updates the check job to run `licensed cache` before `licensed status`, so CI refreshes dependency records in the ephemeral checkout before enforcing the license policy. ## Expected behavior The Licensed workflow should now only fail when Licensed detects an invalid, missing, or disallowed license, not merely because committed cache records are stale. |
||
|
dependabot[bot]
|
2df3f5f50e |
chore(deps): bump the actions-minor-patch group across 1 directory with 3 updates (#418)
Bumps the actions-minor-patch group with 3 updates in the / directory: [dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata), [actions/create-github-app-token](https://github.com/actions/create-github-app-token) and [ruby/setup-ruby](https://github.com/ruby/setup-ruby). Updates `dependabot/fetch-metadata` from 3.0.0 to 3.1.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/dependabot/fetch-metadata/releases">dependabot/fetch-metadata's releases</a>.</em></p> <blockquote> <h2>v3.1.0</h2> <h2>What's Changed</h2> <ul> <li>Add permissions to all workflows by <a href="https://github.com/truggeri"><code>@truggeri</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/687">dependabot/fetch-metadata#687</a></li> <li>build(deps-dev): bump globals from 16.0.0 to 17.4.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/690">dependabot/fetch-metadata#690</a></li> <li>build(deps-dev): bump esbuild from 0.27.4 to 0.28.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/693">dependabot/fetch-metadata#693</a></li> <li>build(deps-dev): bump <code>@hono/node-server</code> from 1.19.10 to 1.19.13 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/694">dependabot/fetch-metadata#694</a></li> <li>build(deps-dev): bump hono from 4.12.7 to 4.12.12 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/695">dependabot/fetch-metadata#695</a></li> <li>Dynamically update the tracking tag in action by <a href="https://github.com/truggeri"><code>@truggeri</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/696">dependabot/fetch-metadata#696</a></li> <li>fix: handle duplicate dependency names in parseMetadataLinks by <a href="https://github.com/devantler"><code>@devantler</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/700">dependabot/fetch-metadata#700</a></li> <li>fix: remove $ anchor from updateFragment regex to handle pip directory suffixes by <a href="https://github.com/devantler"><code>@devantler</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/698">dependabot/fetch-metadata#698</a></li> <li>Updates to README for permissions clarification by <a href="https://github.com/truggeri"><code>@truggeri</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/697">dependabot/fetch-metadata#697</a></li> <li>fix: resolve update-type null for Python, Composer, and Terraform PRs by <a href="https://github.com/vitorsdcs"><code>@vitorsdcs</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/704">dependabot/fetch-metadata#704</a></li> <li>build(deps-dev): bump globals from 17.4.0 to 17.5.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/703">dependabot/fetch-metadata#703</a></li> <li>build(deps): bump actions/create-github-app-token from 3.0.0 to 3.1.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/701">dependabot/fetch-metadata#701</a></li> <li>build(deps): bump <code>@actions/github</code> from 9.0.0 to 9.1.0 in the dependencies group across 1 directory by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/702">dependabot/fetch-metadata#702</a></li> <li>build(deps-dev): bump hono from 4.12.12 to 4.12.14 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/705">dependabot/fetch-metadata#705</a></li> <li>v3.1.0 by <a href="https://github.com/fetch-metadata-action-automation"><code>@fetch-metadata-action-automation</code></a>[bot] in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/692">dependabot/fetch-metadata#692</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/devantler"><code>@devantler</code></a> made their first contribution in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/700">dependabot/fetch-metadata#700</a></li> <li><a href="https://github.com/vitorsdcs"><code>@vitorsdcs</code></a> made their first contribution in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/704">dependabot/fetch-metadata#704</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/dependabot/fetch-metadata/compare/v3...v3.1.0">https://github.com/dependabot/fetch-metadata/compare/v3...v3.1.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Julien Goux
|
7fef86c665 |
fix: licensed workflow trigger (#413)
As a required action, the Licensed workflow wasn't always firing which blocks PR from being merged. |
||
|
dependabot[bot]
|
24d47d8ec3 |
chore(deps): bump ruby/setup-ruby from 1.299.0 to 1.300.0 in the actions-minor group (#407)
Bumps the actions-minor group with 1 update: [ruby/setup-ruby](https://github.com/ruby/setup-ruby). Updates `ruby/setup-ruby` from 1.299.0 to 1.300.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/ruby/setup-ruby/releases">ruby/setup-ruby's releases</a>.</em></p> <blockquote> <h2>v1.300.0</h2> <h2>What's Changed</h2> <ul> <li>Refactor matrix script by <a href="https://github.com/ntkme"><code>@ntkme</code></a> in <a href="https://redirect.github.com/ruby/setup-ruby/pull/897">ruby/setup-ruby#897</a></li> <li>Add jruby-10.0.5.0 by <a href="https://github.com/ruby-builder-bot"><code>@ruby-builder-bot</code></a> in <a href="https://redirect.github.com/ruby/setup-ruby/pull/900">ruby/setup-ruby#900</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/ruby/setup-ruby/compare/v1.299.0...v1.300.0">https://github.com/ruby/setup-ruby/compare/v1.299.0...v1.300.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href=" |
||
|
Julien Goux
|
2eca1b4d35 |
chore: prepare for v2.0.0 (#405)
## Summary This PR prepares `supabase/setup-cli` for `v2.0.0`. The main goal of this release is to simplify the action and modernize the repo/tooling around a Bun-based implementation, while tightening workflows, tests, and documentation. ## What Changed ### Action runtime - switched the action from a Node/compiled `dist` runtime to a Bun-based composite action - removed the checked-in `dist/` output entirely - simplified the action source down to a single runtime file in `src/main.ts` - kept the public action interface the same: - `with.version` - `outputs.version` ### Tooling - switched package management and local tooling from npm to Bun - removed Rollup and the build step - replaced Jest with Bun’s native test runner - replaced Prettier with `oxfmt` - replaced ESLint with `oxlint` - enabled type-aware/type-check linting with `oxlint-tsgolint` - simplified TypeScript config to a single `tsconfig.json` extending `@tsconfig/bun` ### Tests - moved tests next to the runtime source - rewrote tests to focus on meaningful user-facing action behavior - added coverage for: - default entrypoint execution - latest version installs - legacy version installs - modern pinned version installs - failure when the installed CLI cannot report a version - action code coverage is now `100%` ### Workflows - renamed workflow files for clarity: - `test.yml` -> `ci.yml` - `start.yml` -> `e2e.yml` - updated workflow/job naming so required checks are clean and stable: - `CI` - `E2E` - `CodeQL` - `Licensed` - added aggregate PR-facing checks so branch protection does not need matrix legs - made CI and E2E skip heavy jobs on draft PRs - made E2E run automatically on ready PRs and new commits - simplified CodeQL config by removing the separate config file - updated action pins to current releases using commit SHAs - refined Dependabot for Bun-era updates and non-major auto-merge ### Docs - refreshed `README.md` and `docs/index.md` for the new v2 behavior - updated examples to use `@v2` - added a practical example for exporting local Supabase env vars after `supabase start` - removed stale references to old local/dev flows ## Breaking / Notable Changes - the action now runs as a Bun-based composite action instead of a prebuilt JavaScript action - no checked-in `dist/` artifacts anymore - self-hosted runners now need the prerequisites expected by the composite action path: - `bash` - network access to install Bun/dependencies and download the Supabase CLI ## Validation Verified locally with: - `bun run format:check` - `bun run lint` - `bun test` - `bun run ci` Also updated workflows and branch-protection-friendly check names so PR validation is cleaner going forward. ## Follow-up After merge, branch protection should require only: - `CI` - `E2E` - `CodeQL` - `Licensed` --------- Co-authored-by: licensed-ci <licensed-ci@users.noreply.github.com> |
||
|
Etienne Stalmans
|
60645042c4 | chore: pin actions to sha (#402) | ||
|
dependabot[bot]
|
378c226754 |
chore(deps): bump actions/checkout from 4 to 5 (#342)
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v4...v5) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
||
|
Han Qiao
|
b60b5899c7 |
chore: migrate to esm (#334)
* chore: update unit tests * fix: follow latest action template * chore: add licenses and workflows * chore: remove bloat * chore: fix linter |