dependabot[bot]
1d8c0ffab0
chore(deps): bump ruby/setup-ruby
...
Bumps the actions-minor-patch group with 1 update in the / directory: [ruby/setup-ruby](https://github.com/ruby/setup-ruby ).
Updates `ruby/setup-ruby` from 1.308.0 to 1.314.0
- [Release notes](https://github.com/ruby/setup-ruby/releases )
- [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb )
- [Commits](97ecb7b512...9eb537ca03support@github.com >
2026-06-23 07:02:55 +00:00
dependabot[bot]
e0099b2bdb
chore(deps): bump the actions-minor-patch group across 1 directory with 2 updates ( #428 )
...
Bumps the actions-minor-patch group with 2 updates in the / directory:
[actions/create-github-app-token](https://github.com/actions/create-github-app-token )
and [ruby/setup-ruby](https://github.com/ruby/setup-ruby ).
Updates `actions/create-github-app-token` from 3.1.1 to 3.2.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/actions/create-github-app-token/releases ">actions/create-github-app-token's
releases</a>.</em></p>
<blockquote>
<h2>v3.2.0</h2>
<h2><a
href="https://github.com/actions/create-github-app-token/compare/v3.1.1...v3.2.0 ">3.2.0</a>
(2026-05-12)</h2>
<h3>Features</h3>
<ul>
<li>add support for enterprise-level GitHub Apps (<a
href="https://redirect.github.com/actions/create-github-app-token/issues/263 ">#263</a>)
(<a
href="952a2a7073https://redirect.github.com/actions/create-github-app-token/issues/372 ">#372</a>)
(<a
href="85eb8dd414https://redirect.github.com/actions/create-github-app-token/issues/364 ">#364</a>)
(<a
href="43e5c345bfhttps://redirect.github.com/actions/create-github-app-token/issues/376 ">#376</a>)
(<a
href="f24bbd8964https://github.com/actions/create-github-app-token/blob/main/CHANGELOG.md ">actions/create-github-app-token's
changelog</a>.</em></p>
<blockquote>
<h1>Changelog</h1>
<h2><a
href="https://github.com/actions/create-github-app-token/compare/v3.1.1...v3.2.0 ">3.2.0</a>
(2026-05-12)</h2>
<h3>Features</h3>
<ul>
<li>add support for enterprise-level GitHub Apps (<a
href="https://redirect.github.com/actions/create-github-app-token/issues/263 ">#263</a>)
(<a
href="952a2a7073https://redirect.github.com/actions/create-github-app-token/issues/372 ">#372</a>)
(<a
href="85eb8dd414https://redirect.github.com/actions/create-github-app-token/issues/364 ">#364</a>)
(<a
href="43e5c345bfhttps://redirect.github.com/actions/create-github-app-token/issues/376 ">#376</a>)
(<a
href="f24bbd8964bcd2ba4921https://redirect.github.com/actions/create-github-app-token/issues/370 ">#370</a>)</li>
<li><a
href="f24bbd8964https://redirect.github.com/actions/create-github-app-token/issues/376 ">#376</a>)</li>
<li><a
href="363531b6d9https://redirect.github.com/actions/create-github-app-token/issues/374 ">#374</a>)</li>
<li><a
href="fd2801133ehttps://redirect.github.com/actions/create-github-app-token/issues/287 ">#287</a>)</li>
<li><a
href="85eb8dd414https://redirect.github.com/actions/create-github-app-token/issues/372 ">#372</a>)</li>
<li><a
href="c9aabb8372e02e816e55https://redirect.github.com/actions/create-github-app-token/issues/366 ">#366</a>)</li>
<li><a
href="8d835bfd37952a2a7073https://redirect.github.com/actions/create-github-app-token/issues/263 ">#263</a>)</li>
<li><a
href="43e5c345bf1b10c78c78...bcd2ba4921https://github.com/ruby/setup-ruby/releases ">ruby/setup-ruby's
releases</a>.</em></p>
<blockquote>
<h2>v1.308.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Update CRuby releases on Windows by <a
href="https://github.com/ruby-builder-bot "><code>@ruby-builder-bot</code></a>
in <a
href="https://redirect.github.com/ruby/setup-ruby/pull/912 ">ruby/setup-ruby#912</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/ruby/setup-ruby/compare/v1.307.0...v1.308.0 ">https://github.com/ruby/setup-ruby/compare/v1.307.0...v1.308.0 </a></p>
<h2>v1.307.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Update README: fix outdated URLs and Ruby version examples by <a
href="https://github.com/fkmy "><code>@fkmy</code></a> in <a
href="https://redirect.github.com/ruby/setup-ruby/pull/910 ">ruby/setup-ruby#910</a></li>
<li>Add ruby-4.0.4 by <a
href="https://github.com/ruby-builder-bot "><code>@ruby-builder-bot</code></a>
in <a
href="https://redirect.github.com/ruby/setup-ruby/pull/911 ">ruby/setup-ruby#911</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/ruby/setup-ruby/compare/v1.306.0...v1.307.0 ">https://github.com/ruby/setup-ruby/compare/v1.306.0...v1.307.0 </a></p>
<h2>v1.306.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Add truffleruby-34.0.1,truffleruby+graalvm-34.0.1 by <a
href="https://github.com/ruby-builder-bot "><code>@ruby-builder-bot</code></a>
in <a
href="https://redirect.github.com/ruby/setup-ruby/pull/909 ">ruby/setup-ruby#909</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/ruby/setup-ruby/compare/v1.305.0...v1.306.0 ">https://github.com/ruby/setup-ruby/compare/v1.305.0...v1.306.0 </a></p>
<h2>v1.305.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Update CRuby releases on Windows by <a
href="https://github.com/ruby-builder-bot "><code>@ruby-builder-bot</code></a>
in <a
href="https://redirect.github.com/ruby/setup-ruby/pull/908 ">ruby/setup-ruby#908</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/ruby/setup-ruby/compare/v1.304.0...v1.305.0 ">https://github.com/ruby/setup-ruby/compare/v1.304.0...v1.305.0 </a></p>
<h2>v1.304.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Add jruby-10.1.0.0 by <a
href="https://github.com/ruby-builder-bot "><code>@ruby-builder-bot</code></a>
in <a
href="https://redirect.github.com/ruby/setup-ruby/pull/906 ">ruby/setup-ruby#906</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/ruby/setup-ruby/compare/v1.303.0...v1.304.0 ">https://github.com/ruby/setup-ruby/compare/v1.303.0...v1.304.0 </a></p>
<h2>v1.303.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Add ruby-4.0.3 by <a
href="https://github.com/ruby-builder-bot "><code>@ruby-builder-bot</code></a>
in <a
href="https://redirect.github.com/ruby/setup-ruby/pull/903 ">ruby/setup-ruby#903</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/ruby/setup-ruby/compare/v1.302.0...v1.303.0 ">https://github.com/ruby/setup-ruby/compare/v1.302.0...v1.303.0 </a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="97ecb7b5126aaa311d81f02c00913298bfeb124459a7680cc66459287fd0c4e5b131610cb964fd5494e4d89d3e60ecfba8757372622e62...97ecb7b512support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-05-20 16:58:39 +02:00
Julien Goux
f55616e35e
fix: cache licensed action ( #422 )
...
## Summary
Automate license cache refreshes during the Licensed CI check.
## Details
The Licensed workflow previously ran `licensed status` directly against
the committed `.licenses` cache. Dependabot dependency bumps could fail
when the cache was stale or missing records, even when the new
dependency licenses were allowed.
This updates the check job to run `licensed cache` before `licensed
status`, so CI refreshes dependency records in the ephemeral checkout
before enforcing the license policy.
## Expected behavior
The Licensed workflow should now only fail when Licensed detects an
invalid, missing, or disallowed license, not merely because committed
cache records are stale.
2026-05-06 16:52:27 +00:00
dependabot[bot]
2df3f5f50e
chore(deps): bump the actions-minor-patch group across 1 directory with 3 updates ( #418 )
...
Bumps the actions-minor-patch group with 3 updates in the / directory:
[dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata ),
[actions/create-github-app-token](https://github.com/actions/create-github-app-token )
and [ruby/setup-ruby](https://github.com/ruby/setup-ruby ).
Updates `dependabot/fetch-metadata` from 3.0.0 to 3.1.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/dependabot/fetch-metadata/releases ">dependabot/fetch-metadata's
releases</a>.</em></p>
<blockquote>
<h2>v3.1.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Add permissions to all workflows by <a
href="https://github.com/truggeri "><code>@truggeri</code></a> in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/687 ">dependabot/fetch-metadata#687</a></li>
<li>build(deps-dev): bump globals from 16.0.0 to 17.4.0 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/690 ">dependabot/fetch-metadata#690</a></li>
<li>build(deps-dev): bump esbuild from 0.27.4 to 0.28.0 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/693 ">dependabot/fetch-metadata#693</a></li>
<li>build(deps-dev): bump <code>@hono/node-server</code> from 1.19.10
to 1.19.13 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/694 ">dependabot/fetch-metadata#694</a></li>
<li>build(deps-dev): bump hono from 4.12.7 to 4.12.12 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/695 ">dependabot/fetch-metadata#695</a></li>
<li>Dynamically update the tracking tag in action by <a
href="https://github.com/truggeri "><code>@truggeri</code></a> in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/696 ">dependabot/fetch-metadata#696</a></li>
<li>fix: handle duplicate dependency names in parseMetadataLinks by <a
href="https://github.com/devantler "><code>@devantler</code></a> in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/700 ">dependabot/fetch-metadata#700</a></li>
<li>fix: remove $ anchor from updateFragment regex to handle pip
directory suffixes by <a
href="https://github.com/devantler "><code>@devantler</code></a> in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/698 ">dependabot/fetch-metadata#698</a></li>
<li>Updates to README for permissions clarification by <a
href="https://github.com/truggeri "><code>@truggeri</code></a> in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/697 ">dependabot/fetch-metadata#697</a></li>
<li>fix: resolve update-type null for Python, Composer, and Terraform
PRs by <a
href="https://github.com/vitorsdcs "><code>@vitorsdcs</code></a> in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/704 ">dependabot/fetch-metadata#704</a></li>
<li>build(deps-dev): bump globals from 17.4.0 to 17.5.0 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/703 ">dependabot/fetch-metadata#703</a></li>
<li>build(deps): bump actions/create-github-app-token from 3.0.0 to
3.1.1 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/701 ">dependabot/fetch-metadata#701</a></li>
<li>build(deps): bump <code>@actions/github</code> from 9.0.0 to 9.1.0
in the dependencies group across 1 directory by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/702 ">dependabot/fetch-metadata#702</a></li>
<li>build(deps-dev): bump hono from 4.12.12 to 4.12.14 by <a
href="https://github.com/dependabot "><code>@dependabot</code></a>[bot]
in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/705 ">dependabot/fetch-metadata#705</a></li>
<li>v3.1.0 by <a
href="https://github.com/fetch-metadata-action-automation "><code>@fetch-metadata-action-automation</code></a>[bot]
in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/692 ">dependabot/fetch-metadata#692</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a href="https://github.com/devantler "><code>@devantler</code></a>
made their first contribution in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/700 ">dependabot/fetch-metadata#700</a></li>
<li><a href="https://github.com/vitorsdcs "><code>@vitorsdcs</code></a>
made their first contribution in <a
href="https://redirect.github.com/dependabot/fetch-metadata/pull/704 ">dependabot/fetch-metadata#704</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/dependabot/fetch-metadata/compare/v3...v3.1.0 ">https://github.com/dependabot/fetch-metadata/compare/v3...v3.1.0 </a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="25dd0e34f4https://redirect.github.com/dependabot/fetch-metadata/issues/692 ">#692</a>)</li>
<li><a
href="e073f50d73https://redirect.github.com/dependabot/fetch-metadata/issues/705 ">#705</a>
from dependabot/dependabot/npm_and_yarn/hono-4.12.14</li>
<li><a
href="0670e167df7a7fe10a42https://redirect.github.com/dependabot/fetch-metadata/issues/702 ">#702</a>
from dependabot/dependabot/npm_and_yarn/dependencies-...</li>
<li><a
href="5168191cea23882e175b1072469591https://redirect.github.com/dependabot/fetch-metadata/issues/701 ">#701</a>
from dependabot/dependabot/github_actions/actions/cre...</li>
<li><a
href="43f8a0055cb4d904a509https://redirect.github.com/dependabot/fetch-metadata/issues/703 ">#703</a>
from dependabot/dependabot/npm_and_yarn/globals-17.5.0</li>
<li><a
href="c8046bb877ffa630c65f...25dd0e34f4https://github.com/actions/create-github-app-token/releases ">actions/create-github-app-token's
releases</a>.</em></p>
<blockquote>
<h2>v3.1.1</h2>
<h2><a
href="https://github.com/actions/create-github-app-token/compare/v3.1.0...v3.1.1 ">3.1.1</a>
(2026-04-11)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>improve error message when app identifier is empty (<a
href="https://redirect.github.com/actions/create-github-app-token/issues/362 ">#362</a>)
(<a
href="07e2b76066https://redirect.github.com/actions/create-github-app-token/issues/249 ">#249</a></li>
</ul>
<h2>v3.1.0</h2>
<h1><a
href="https://github.com/actions/create-github-app-token/compare/v3.0.0...v3.1.0 ">3.1.0</a>
(2026-04-11)</h1>
<h3>Bug Fixes</h3>
<ul>
<li><strong>deps:</strong> bump p-retry from 7.1.1 to 8.0.0 (<a
href="https://redirect.github.com/actions/create-github-app-token/issues/357 ">#357</a>)
(<a
href="3bbe07d928https://redirect.github.com/actions/create-github-app-token/issues/353 ">#353</a>)
(<a
href="e6bd4e6970https://redirect.github.com/actions/create-github-app-token/issues/358 ">#358</a>)
(<a
href="076e9480ca1b10c78c7807e2b76066https://redirect.github.com/actions/create-github-app-token/issues/362 ">#362</a>)</li>
<li><a
href="ea0121618bhttps://redirect.github.com/actions/create-github-app-token/issues/361 ">#361</a>)</li>
<li><a
href="7bd0371149e6bd4e6970https://redirect.github.com/actions/create-github-app-token/issues/353 ">#353</a>)</li>
<li><a
href="076e9480cahttps://redirect.github.com/actions/create-github-app-token/issues/358 ">#358</a>)</li>
<li><a
href="3bbe07d928https://redirect.github.com/actions/create-github-app-token/issues/357 ">#357</a>)</li>
<li><a
href="28a99e369c4df50600ef4843c538d9f8d387b68d...1b10c78c78https://github.com/ruby/setup-ruby/releases ">ruby/setup-ruby's
releases</a>.</em></p>
<blockquote>
<h2>v1.302.0</h2>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/ruby/setup-ruby/compare/v1.301.0...v1.302.0 ">https://github.com/ruby/setup-ruby/compare/v1.301.0...v1.302.0 </a></p>
<h2>v1.301.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Add truffleruby-34.0.0,truffleruby+graalvm-34.0.0 by <a
href="https://github.com/ruby-builder-bot "><code>@ruby-builder-bot</code></a>
in <a
href="https://redirect.github.com/ruby/setup-ruby/pull/901 ">ruby/setup-ruby#901</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/ruby/setup-ruby/compare/v1.300.0...v1.301.0 ">https://github.com/ruby/setup-ruby/compare/v1.300.0...v1.301.0 </a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="7372622e624c56a212805d9c71d71be65c17d16e...7372622e62support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Julien Goux <hi@jgoux.dev >
2026-04-21 13:36:29 +00:00
Julien Goux
7fef86c665
fix: licensed workflow trigger ( #413 )
...
As a required action, the Licensed workflow wasn't always firing which
blocks PR from being merged.
2026-04-10 10:08:57 +02:00
dependabot[bot]
24d47d8ec3
chore(deps): bump ruby/setup-ruby from 1.299.0 to 1.300.0 in the actions-minor group ( #407 )
...
Bumps the actions-minor group with 1 update:
[ruby/setup-ruby](https://github.com/ruby/setup-ruby ).
Updates `ruby/setup-ruby` from 1.299.0 to 1.300.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/ruby/setup-ruby/releases ">ruby/setup-ruby's
releases</a>.</em></p>
<blockquote>
<h2>v1.300.0</h2>
<h2>What's Changed</h2>
<ul>
<li>Refactor matrix script by <a
href="https://github.com/ntkme "><code>@ntkme</code></a> in <a
href="https://redirect.github.com/ruby/setup-ruby/pull/897 ">ruby/setup-ruby#897</a></li>
<li>Add jruby-10.0.5.0 by <a
href="https://github.com/ruby-builder-bot "><code>@ruby-builder-bot</code></a>
in <a
href="https://redirect.github.com/ruby/setup-ruby/pull/900 ">ruby/setup-ruby#900</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/ruby/setup-ruby/compare/v1.299.0...v1.300.0 ">https://github.com/ruby/setup-ruby/compare/v1.299.0...v1.300.0 </a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="e65c17d16eba696adf552327de0bdc3ff19f5e2b...e65c17d16ehttps://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ruby/setup-ruby&package-manager=github_actions&previous-version=1.299.0&new-version=1.300.0 )](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores )
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
</details>
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-04-10 08:55:18 +02:00
Julien Goux
2eca1b4d35
chore: prepare for v2.0.0 ( #405 )
...
## Summary
This PR prepares `supabase/setup-cli` for `v2.0.0`.
The main goal of this release is to simplify the action and modernize
the repo/tooling around a Bun-based implementation, while tightening
workflows, tests, and documentation.
## What Changed
### Action runtime
- switched the action from a Node/compiled `dist` runtime to a Bun-based
composite action
- removed the checked-in `dist/` output entirely
- simplified the action source down to a single runtime file in
`src/main.ts`
- kept the public action interface the same:
- `with.version`
- `outputs.version`
### Tooling
- switched package management and local tooling from npm to Bun
- removed Rollup and the build step
- replaced Jest with Bun’s native test runner
- replaced Prettier with `oxfmt`
- replaced ESLint with `oxlint`
- enabled type-aware/type-check linting with `oxlint-tsgolint`
- simplified TypeScript config to a single `tsconfig.json` extending
`@tsconfig/bun`
### Tests
- moved tests next to the runtime source
- rewrote tests to focus on meaningful user-facing action behavior
- added coverage for:
- default entrypoint execution
- latest version installs
- legacy version installs
- modern pinned version installs
- failure when the installed CLI cannot report a version
- action code coverage is now `100%`
### Workflows
- renamed workflow files for clarity:
- `test.yml` -> `ci.yml`
- `start.yml` -> `e2e.yml`
- updated workflow/job naming so required checks are clean and stable:
- `CI`
- `E2E`
- `CodeQL`
- `Licensed`
- added aggregate PR-facing checks so branch protection does not need
matrix legs
- made CI and E2E skip heavy jobs on draft PRs
- made E2E run automatically on ready PRs and new commits
- simplified CodeQL config by removing the separate config file
- updated action pins to current releases using commit SHAs
- refined Dependabot for Bun-era updates and non-major auto-merge
### Docs
- refreshed `README.md` and `docs/index.md` for the new v2 behavior
- updated examples to use `@v2`
- added a practical example for exporting local Supabase env vars after
`supabase start`
- removed stale references to old local/dev flows
## Breaking / Notable Changes
- the action now runs as a Bun-based composite action instead of a
prebuilt JavaScript action
- no checked-in `dist/` artifacts anymore
- self-hosted runners now need the prerequisites expected by the
composite action path:
- `bash`
- network access to install Bun/dependencies and download the Supabase
CLI
## Validation
Verified locally with:
- `bun run format:check`
- `bun run lint`
- `bun test`
- `bun run ci`
Also updated workflows and branch-protection-friendly check names so PR
validation is cleaner going forward.
## Follow-up
After merge, branch protection should require only:
- `CI`
- `E2E`
- `CodeQL`
- `Licensed`
---------
Co-authored-by: licensed-ci <licensed-ci@users.noreply.github.com >
2026-04-03 17:51:37 +02:00
Etienne Stalmans
60645042c4
chore: pin actions to sha ( #402 )
2026-04-03 08:10:59 +02:00
dependabot[bot]
378c226754
chore(deps): bump actions/checkout from 4 to 5 ( #342 )
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4 to 5.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](https://github.com/actions/checkout/compare/v4...v5 )
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-version: '5'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2025-08-12 05:59:58 +00:00
Han Qiao
b60b5899c7
chore: migrate to esm ( #334 )
...
* chore: update unit tests
* fix: follow latest action template
* chore: add licenses and workflows
* chore: remove bloat
* chore: fix linter
2025-07-23 15:04:43 +08:00
dependabot[bot]