fix: install Alpine runtime dependencies (#434 )

## Summary - Install `libstdc++` and `libgcc` before verifying CLI versions from apk archives - Keep non-apk archive installs unchanged - Rebuild the v1 bundled action artifact ## Testing - `npm run package` - `npm run format:check` - `npm run lint` - `npm run test` - Verified `supabase_2.100.0_linux_arm64.apk` fails on plain Alpine without `libstdc++`/`libgcc` and reports `2.100.0` after installing them
fix: v1 setup on Linux musl (#432 )
2026-06-29 18:37:04 +00:00 · 2026-05-21 09:31:24 +02:00 · 2026-05-20 16:22:46 +02:00 · 2026-05-18 13:19:23 +02:00
54 changed files with 75115 additions and 169915 deletions
--- a/.bun-version
+++ b/.bun-version
@@ -1 +0,0 @@
 1.3.10
--- a/.gitattributes
+++ b/.gitattributes
@@ -0,0 +1,3 @@
 * text=auto eol=lf
 dist/** -diff linguist-generated=true
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -1 +1 @@
-* @supabase/cli
+* @supabase/dev-workflows
--- a/.github/codeql/codeql-config.yml
+++ b/.github/codeql/codeql-config.yml
@@ -0,0 +1,5 @@
 name: JavaScript CodeQL Configuration
 paths-ignore:
  - node_modules
  - dist
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -4,33 +4,28 @@ updates:
    directory: /
    schedule:
      interval: weekly
      day: tuesday
      time: "09:00"
      timezone: Europe/Paris
    open-pull-requests-limit: 1
    groups:
-      actions-minor-patch:
+      actions-minor:
        patterns:
          - "*"
        update-types:
          - minor
          - patch
-  - package-ecosystem: bun
+  - package-ecosystem: npm
    directory: /
    schedule:
-      interval: weekly
+      interval: daily
      day: tuesday
      time: "09:00"
      timezone: Europe/Paris
    open-pull-requests-limit: 1
    cooldown:
      semver-minor-days: 7
      semver-patch-days: 2
    groups:
-      bun-minor-patch:
+      npm-development:
-        patterns:
+        dependency-type: development
          - "*"
        update-types:
          - minor
          - patch
      npm-production:
        dependency-type: production
        update-types:
          - patch
    ignore:
      # nodejs types is pinned to runtime version
      - dependency-name: '@types/node'
        update-types:
          - version-update:semver-major
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -1,68 +0,0 @@
 name: CI
 on:
  pull_request:
    types:
      - opened
      - synchronize
      - reopened
      - ready_for_review
      - converted_to_draft
  push:
    branches:
      - main
 concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
 permissions:
  contents: read
 defaults:
  run:
    shell: bash
 jobs:
  validate:
    if: ${{ github.event_name != 'pull_request' || !github.event.pull_request.draft }}
    runs-on: ubuntu-latest
    timeout-minutes: 15
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          persist-credentials: false
      - uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2.2.0
        with:
          bun-version-file: .bun-version
      - run: bun install --frozen-lockfile
      - run: bun run ci
  test:
    if: ${{ github.event_name != 'pull_request' || !github.event.pull_request.draft }}
    runs-on: ${{ matrix.os }}
    timeout-minutes: 20
    strategy:
      fail-fast: false
      matrix:
        os: [macos-latest, windows-latest, ubuntu-latest]
        version: [1.0.0, latest]
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      - uses: ./
        with:
          version: ${{ matrix.version }}
      - run: supabase -h
  ci:
    if: ${{ always() && github.event_name == 'pull_request' }}
    name: CI
    runs-on: ubuntu-latest
    needs: [validate, test]
    timeout-minutes: 5
    steps:
      - run: |
          validate_result="${{ needs.validate.result }}"
          test_result="${{ needs.test.result }}"
          [[ "$validate_result" == "success" || "$validate_result" == "skipped" ]]
          [[ "$test_result" == "success" || "$test_result" == "skipped" ]]
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -0,0 +1,46 @@
 name: CodeQL
 on:
  push:
    branches:
      - main
  schedule:
    - cron: '31 7 * * 3'
 permissions:
  actions: read
  checks: write
  contents: read
  security-events: write
 jobs:
  analyze:
    name: Analyze
    runs-on: ubuntu-latest
    strategy:
      fail-fast: false
      matrix:
        language:
          - typescript
    steps:
      - name: Checkout
        id: checkout
        uses: actions/checkout@v4
      - name: Initialize CodeQL
        id: initialize
        uses: github/codeql-action/init@v3
        with:
          config-file: .github/codeql/codeql-config.yml
          languages: ${{ matrix.language }}
          source-root: src
      - name: Autobuild
        id: autobuild
        uses: github/codeql-action/autobuild@v3
      - name: Perform CodeQL Analysis
        id: analyze
        uses: github/codeql-action/analyze@v3
--- a/.github/workflows/dependabot.yml
+++ b/.github/workflows/dependabot.yml
@@ -3,10 +3,6 @@ name: Dependabot auto-merge
 on: pull_request
 concurrency:
  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
  cancel-in-progress: true
 permissions:
  pull-requests: write
  contents: write
@@ -14,33 +10,29 @@ permissions:
 jobs:
  dependabot:
    runs-on: ubuntu-latest
-    timeout-minutes: 10
+    # Checking the actor will prevent your Action run failing on non-Dependabot
-    # Only act on PRs opened by Dependabot from branches in this repository.
+    # PRs but also ensures that it only does work for Dependabot PRs.
-    if: github.actor == 'dependabot[bot]' && github.repository == github.event.pull_request.head.repo.full_name
+    if: ${{ github.actor == 'dependabot[bot]' }}
    steps:
-      # Metadata drives the non-major gating used for approval and auto-merge.
+      # This first step will fail if there's no metadata and so the approval
      # will not occur.
      - id: meta
-        uses: dependabot/fetch-metadata@ffa630c65fa7e0ecfa0625b5ceda64399aea1b36 # v3.0.0
+        uses: dependabot/fetch-metadata@v2
        with:
-          github-token: "${{ secrets.GITHUB_TOKEN }}"
+          github-token: '${{ secrets.GITHUB_TOKEN }}'
      - name: Generate token
        id: app-token
        if: ${{ steps.meta.outputs.update-type == null || steps.meta.outputs.update-type == 'version-update:semver-patch' || steps.meta.outputs.update-type == 'version-update:semver-minor' }}
        uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0
        with:
          app-id: ${{ secrets.APP_ID }}
          private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
      # Here the PR gets approved.
      - name: Approve a PR
-        if: ${{ steps.meta.outputs.update-type == null || steps.meta.outputs.update-type == 'version-update:semver-patch' || steps.meta.outputs.update-type == 'version-update:semver-minor' }}
+        if: ${{steps.meta.outputs.update-type != 'version-update:semver-major'}}
        run: gh pr review --approve "$PR_URL"
        env:
          PR_URL: ${{ github.event.pull_request.html_url }}
-          GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
      # Finally, this sets the PR to allow auto-merging for patch and minor
      # updates if all checks pass
      - name: Enable auto-merge for Dependabot PRs
-        if: ${{ steps.meta.outputs.update-type == null || steps.meta.outputs.update-type == 'version-update:semver-patch' || steps.meta.outputs.update-type == 'version-update:semver-minor' }}
+        if: ${{steps.meta.outputs.update-type != 'version-update:semver-major'}}
        run: gh pr merge --auto --squash "$PR_URL"
        env:
          PR_URL: ${{ github.event.pull_request.html_url }}
--- a/.github/workflows/e2e.yml
+++ b/.github/workflows/e2e.yml
@@ -1,71 +0,0 @@
 name: E2E
 on:
  pull_request:
    types:
      - opened
      - synchronize
      - reopened
      - ready_for_review
      - converted_to_draft
  push:
    branches:
      - main
    tags:
      - "v[0-9]+.[0-9]+.[0-9]+"
  schedule:
    # * is a special character in YAML so you have to quote this string
    - cron: "30 1,9 * * *"
  workflow_dispatch:
 concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
 defaults:
  run:
    shell: bash
 permissions:
  contents: read
 jobs:
  e2e: # make sure the action works on a clean machine without building
    if: ${{ github.event_name != 'pull_request' || !github.event.pull_request.draft }}
    runs-on: ubuntu-latest
    timeout-minutes: 45
    strategy:
      fail-fast: false
      matrix:
        version:
          - 1.178.2
          - 2.33.0
          - latest
        pg_major:
          - 14
          - 15
          - 17
        exclude:
          - version: 1.178.2
            pg_major: 17
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
        with:
          persist-credentials: false
      - uses: ./
        with:
          version: ${{ matrix.version }}
      - run: supabase init
      - run: |
          sed -i -E "s|^(major_version) .*|\\1 = ${{ matrix.pg_major }}|" supabase/config.toml
      - run: supabase start
  e2e-check:
    if: ${{ always() && github.event_name == 'pull_request' }}
    name: E2E
    runs-on: ubuntu-latest
    needs: [e2e]
    timeout-minutes: 5
    steps:
      - run: |
          e2e_result="${{ needs.e2e.result }}"
          [[ "$e2e_result" == "success" || "$e2e_result" == "skipped" ]]
--- a/.github/workflows/licensed.yml
+++ b/.github/workflows/licensed.yml
@@ -9,134 +9,61 @@ on:
  push:
    branches:
      - main
    paths:
      - .github/workflows/licensed.yml
      - .licensed.yml
      - .licenses/**
      - bun.lock
      - package.json
  workflow_dispatch:
 concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
 jobs:
  check-licenses:
    if: ${{ github.event_name != 'workflow_dispatch' }}
    name: Licensed
    runs-on: ubuntu-latest
    timeout-minutes: 15
    permissions:
      contents: read
      pull-requests: read
    steps:
      - name: Detect license inputs
        id: license-inputs
        env:
          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          PR_NUMBER: ${{ github.event.pull_request.number }}
          REPOSITORY: ${{ github.repository }}
        run: |
          if [[ "${{ github.event_name }}" != "pull_request" ]]; then
            echo "changed=true" >> "$GITHUB_OUTPUT"
            exit 0
          fi
          gh api "repos/${REPOSITORY}/pulls/${PR_NUMBER}/files" --paginate --jq '.[].filename' > changed-files.txt
          if grep -Eq '^(\.github/workflows/licensed\.yml|\.licensed\.yml|\.licenses/.*|bun\.lock|package\.json)$' changed-files.txt; then
            echo "changed=true" >> "$GITHUB_OUTPUT"
          else
            echo "changed=false" >> "$GITHUB_OUTPUT"
          fi
      - name: Checkout
        id: checkout
        if: steps.license-inputs.outputs.changed == 'true'
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      - name: Setup Bun
        id: setup-bun
        if: steps.license-inputs.outputs.changed == 'true'
        uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2.2.0
        with:
          bun-version-file: .bun-version
      - name: Install Dependencies
        id: bun-install
        if: steps.license-inputs.outputs.changed == 'true'
        run: bun install --frozen-lockfile
      - name: Setup Ruby
        id: setup-ruby
        if: steps.license-inputs.outputs.changed == 'true'
        uses: ruby/setup-ruby@e65c17d16e57e481586a6a5a0282698790062f92 # v1.300.0
        with:
          ruby-version: ruby
      - uses: licensee/setup-licensed@0d52e575b3258417672be0dff2f115d7db8771d8 # v1.3.2
        if: steps.license-inputs.outputs.changed == 'true'
        with:
          version: 4.x
          github_token: ${{ secrets.GITHUB_TOKEN }}
      - name: Check Licenses
        id: check-licenses
        if: steps.license-inputs.outputs.changed == 'true'
        run: licensed status
  update-licenses:
    if: ${{ github.event_name == 'workflow_dispatch' }}
    name: Update Licenses
    runs-on: ubuntu-latest
    timeout-minutes: 15
 permissions:
  contents: write
 jobs:
  licensed:
    name: Check Licenses
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        id: checkout
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        uses: actions/checkout@v4
-      - name: Setup Bun
+      - name: Setup Node.js
-        id: setup-bun
+        id: setup-node
-        uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2.2.0
+        uses: actions/setup-node@v4
        with:
-          bun-version-file: .bun-version
+          node-version-file: .node-version
          cache: npm
      - name: Install Dependencies
-        id: bun-install
+        id: npm-ci
-        run: bun install --frozen-lockfile
+        run: npm ci
      - name: Setup Ruby
        id: setup-ruby
-        uses: ruby/setup-ruby@e65c17d16e57e481586a6a5a0282698790062f92 # v1.300.0
+        uses: ruby/setup-ruby@v1
        with:
          ruby-version: ruby
-      - uses: licensee/setup-licensed@0d52e575b3258417672be0dff2f115d7db8771d8 # v1.3.2
+      - uses: licensee/setup-licensed@v1.3.2
        with:
          version: 4.x
          github_token: ${{ secrets.GITHUB_TOKEN }}
-      - name: Update License Cache
+      # If this is a workflow_dispatch event, update the cached licenses.
      - if: ${{ github.event_name == 'workflow_dispatch' }}
        name: Update Licenses
        id: update-licenses
        run: licensed cache
-      - name: Format License Files
+      # Then, commit the updated licenses to the repository.
-        id: format-licenses
+      - if: ${{ github.event_name == 'workflow_dispatch' }}
-        run: bun x oxfmt --write .licensed.yml .licenses
+        name: Commit Licenses
      - name: Commit Licenses
        id: commit-licenses
        run: |
          git config --local user.email "licensed-ci@users.noreply.github.com"
          git config --local user.name "licensed-ci"
-          git add .licenses .licensed.yml
+          git add .
          if git diff --cached --quiet; then
            echo "No license cache changes to commit."
            exit 0
          fi
          git commit -m "Auto-update license files"
          git push
      # Last, check the status of the cached licenses.
      - name: Check Licenses
        id: check-licenses
        run: licensed status
--- a/.github/workflows/linter.yml
+++ b/.github/workflows/linter.yml
@@ -0,0 +1,58 @@
 # This workflow will lint the entire codebase using the
 # `super-linter/super-linter` action.
 #
 # For more information, see the super-linter repository:
 #     https://github.com/super-linter/super-linter
 name: Lint Codebase
 on:
  pull_request:
  push:
    branches:
      - main
 permissions:
  contents: read
  packages: read
  statuses: write
 jobs:
  lint:
    name: Lint Codebase
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        id: checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - name: Setup Node.js
        id: setup-node
        uses: actions/setup-node@v4
        with:
          node-version-file: .node-version
          cache: npm
      - name: Install Dependencies
        id: install
        run: npm ci
      - name: Lint Codebase
        id: super-linter
        uses: super-linter/super-linter/slim@v8
        env:
          DEFAULT_BRANCH: main
          FILTER_REGEX_EXCLUDE: dist/**/*
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          LINTER_RULES_PATH: ${{ github.workspace }}
          VALIDATE_ALL_CODEBASE: true
          VALIDATE_BIOME_FORMAT: false
          VALIDATE_JAVASCRIPT_ES: false
          VALIDATE_JAVASCRIPT_STANDARD: false
          VALIDATE_JSCPD: false
          VALIDATE_TYPESCRIPT_ES: false
          VALIDATE_JSON: false
          VALIDATE_GITHUB_ACTIONS_ZIZMOR: false
          VALIDATE_TYPESCRIPT_STANDARD: false
--- a/.github/workflows/start.yml
+++ b/.github/workflows/start.yml
@@ -0,0 +1,46 @@
 name: CLI Start
 on:
  push:
    branches:
      - main
    tags:
      - 'v[0-9]+.[0-9]+.[0-9]+'
  schedule:
    # * is a special character in YAML so you have to quote this string
    - cron: '30 1,9 * * *'
  workflow_dispatch:
 defaults:
  run:
    shell: bash
 permissions:
  contents: read
 jobs:
  e2e: # make sure the action works on a clean machine without building
    runs-on: ubuntu-latest
    strategy:
      matrix:
        version:
          - 1.178.2
          - 2.33.0
          - latest
        pg_major:
          - 14
          - 15
          - 17
        exclude:
          - version: 1.178.2
            pg_major: 17
    steps:
      - uses: actions/checkout@v4
      - uses: ./
        with:
          version: ${{ matrix.version }}
          github-token: ${{ github.token }}
      - run: supabase init
      - run:
          sed -i -E "s|^(major_version) .*|\1 = ${{ matrix.pg_major }}|"
          supabase/config.toml
      - run: supabase start
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -0,0 +1,69 @@
 name: 'build-test'
 on:
  pull_request:
  push:
    branches:
      - main
 permissions:
  contents: read
 defaults:
  run:
    shell: bash
 jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with:
          node-version-file: .node-version
          cache: npm
      - run: npm ci
      - run: npm run all
      - id: diff
        run: |
          if [ ! -d dist/ ]; then
            echo "Expected dist/ directory does not exist.  See status below:"
            ls -la ./
            exit 1
          fi
          if [ "$(git diff --ignore-space-at-eol --text dist/ | wc -l)" -gt "0" ]; then
            echo "Detected uncommitted changes after build. See status below:"
            git diff --ignore-space-at-eol --text dist/
            exit 1
          fi
      # Upload the mismatched version as a workflow artifact.
      - if: ${{ failure() && steps.diff.outcome == 'failure' }}
        uses: actions/upload-artifact@v4
        with:
          name: dist
          path: dist/
  test:
    runs-on: ${{ matrix.os }}
    strategy:
      matrix:
        os: [macos-latest, windows-latest, ubuntu-latest]
        version: [1.0.0, latest]
    steps:
      - uses: actions/checkout@v4
      - uses: ./
        with:
          version: ${{ matrix.version }}
          github-token: ${{ github.token }}
      - run: supabase -h
  check:
    if: ${{ always() && github.event.pull_request }}
    runs-on: ubuntu-latest
    needs: [test]
    steps:
      - run: |
          result="${{ needs.test.result }}"
          [[ $result == "success" || $result == "skipped" ]]
--- a/.gitignore
+++ b/.gitignore
@@ -1,6 +1,7 @@
 # Dependency directory
 node_modules
-bun.lockb
+
 # Rest pulled from https://github.com/github/gitignore/blob/master/Node.gitignore
 # Logs
 logs
 *.log
--- a/.licensed.yml
+++ b/.licensed.yml
@@ -13,4 +13,6 @@ allowed:
  - other
 ignored:
-  npm: []
+  npm:
    # Used by Rollup.js when building in GitHub Actions
    - '@rollup/rollup-linux-x64-gnu'
--- a/.licenses/npm/@actions/core.dep.yml
+++ b/.licenses/npm/@actions/core.dep.yml
@@ -1,6 +1,6 @@
 ---
 name: "@actions/core"
-version: 3.0.0
+version: 3.0.1
 type: npm
 summary: Actions core lib
 homepage: https://github.com/actions/toolkit/tree/main/packages/core
--- a/.licenses/npm/@actions/http-client.dep.yml
+++ b/.licenses/npm/@actions/http-client.dep.yml
@@ -1,6 +1,6 @@
 ---
 name: "@actions/http-client"
-version: 4.0.0
+version: 4.0.1
 type: npm
 summary: Actions Http Client
 homepage: https://github.com/actions/toolkit/tree/main/packages/http-client
--- a/.licenses/npm/semver.dep.yml
+++ b/.licenses/npm/semver.dep.yml
@@ -1,6 +1,6 @@
 ---
 name: semver
-version: 7.7.4
+version: 7.8.0
 type: npm
 summary: The semantic version parser used by npm.
 homepage:
--- a/.licenses/npm/undici.dep.yml
+++ b/.licenses/npm/undici.dep.yml
@@ -1,6 +1,6 @@
 ---
 name: undici
-version: 6.24.1
+version: 6.25.0
 type: npm
 summary: An HTTP/1.1 client, written from scratch for Node.js
 homepage: https://undici.nodejs.org
--- a/.markdown-lint.yml
+++ b/.markdown-lint.yml
@@ -0,0 +1,24 @@
 # See: https://github.com/DavidAnson/markdownlint
 # Unordered list style
 MD004:
  style: dash
 # Disable line length for tables
 MD013:
  tables: false
 # Ordered list item prefix
 MD029:
  style: one
 # Spaces after list markers
 MD030:
  ul_single: 1
  ol_single: 1
  ul_multi: 1
  ol_multi: 1
 # Code block style
 MD046:
  style: fenced
--- a/.node-version
+++ b/.node-version
@@ -0,0 +1 @@
 20.19.4
--- a/.prettierignore
+++ b/.prettierignore
@@ -0,0 +1,5 @@
 .DS_Store
 .licenses/
 dist/
 node_modules/
 coverage/
--- a/.prettierrc.yml
+++ b/.prettierrc.yml
@@ -0,0 +1,16 @@
 # See: https://prettier.io/docs/en/configuration
 printWidth: 80
 tabWidth: 2
 useTabs: false
 semi: false
 singleQuote: true
 quoteProps: as-needed
 jsxSingleQuote: false
 trailingComma: none
 bracketSpacing: true
 bracketSameLine: true
 arrowParens: always
 proseWrap: always
 htmlWhitespaceSensitivity: css
 endOfLine: lf
--- a/.yaml-lint.yml
+++ b/.yaml-lint.yml
@@ -0,0 +1,14 @@
 # See: https://yamllint.readthedocs.io/en/stable/
 rules:
  document-end: disable
  document-start:
    level: warning
    present: false
  line-length:
    level: warning
    max: 80
    allow-non-breakable-words: true
    allow-non-breakable-inline-mappings: true
 ignore:
  - .licenses/
--- a/1
+++ b/1
@@ -0,0 +1 @@
 * @sweatybridge
--- a/README.md
+++ b/README.md
@@ -1,12 +1,13 @@
 # :gear: Supabase CLI Action
-[![CI](https://github.com/supabase/setup-cli/actions/workflows/ci.yml/badge.svg)](https://github.com/supabase/setup-cli/actions/workflows/ci.yml)
+[![CI](https://github.com/supabase/setup-cli/actions/workflows/start.yml/badge.svg)](https://github.com/supabase/setup-cli/actions/workflows/start.yml)
-[![E2E](https://github.com/supabase/setup-cli/actions/workflows/e2e.yml/badge.svg)](https://github.com/supabase/setup-cli/actions/workflows/e2e.yml)
+[![Linter](https://github.com/supabase/setup-cli/actions/workflows/linter.yml/badge.svg)](https://github.com/supabase/setup-cli/actions/workflows/linter.yml)
 [![CodeQL](https://github.com/supabase/setup-cli/actions/workflows/codeql-analysis.yml/badge.svg)](https://github.com/supabase/setup-cli/actions/workflows/codeql-analysis.yml)
 [![Coverage](./badges/coverage.svg)](https://github.com/supabase/setup-cli/actions/workflows/test.yml)
 ## About
-This composite action sets up the Supabase CLI,
+This action sets up the Supabase CLI,
 [`supabase`](https://github.com/supabase/cli), on GitHub's hosted Actions
 runners. Other CI runners like
 [Bitbucket](https://bitbucket.org/supabase-cli/setup-cli/src/master/bitbucket-pipelines.yml)
@@ -24,45 +25,26 @@ Setup the `supabase` CLI:
 ```yaml
 steps:
-  - uses: supabase/setup-cli@v2
+  - uses: supabase/setup-cli@v1
 ```
 If `version` is omitted, the action checks the repository root for `bun.lock`,
 `pnpm-lock.yaml`, or `package-lock.json` and uses the declared `supabase`
 version. If no supported lockfile is present, it falls back to `latest`.
 A specific version of the `supabase` CLI can be installed:
 ```yaml
 steps:
-  - uses: supabase/setup-cli@v2
+  - uses: supabase/setup-cli@v1
    with:
-      version: 2.84.2
+      version: 2.20.3
 ```
 Cache Docker images used by `supabase start` across workflow runs:
 ```yaml
 steps:
  - uses: actions/checkout@v6
  - uses: supabase/setup-cli@v2
    with:
      version: 2.84.2
      cache: true
  - run: supabase start
 ```
 The first run still pulls images from the registry. Later runs can restore the
 same image set from the GitHub Actions cache before `supabase start` runs, and
 the action saves newly pulled Supabase images at the end of a successful job.
 Run `supabase db start` to execute all migrations on a fresh database:
 ```yaml
 steps:
-  - uses: supabase/setup-cli@v2
+  - uses: supabase/setup-cli@v1
    with:
      version: latest
      github-token: ${{ github.token }}
  - run: supabase init
  - run: supabase db start
 ```
@@ -72,20 +54,12 @@ on Windows and macOS runners.
 ## Inputs
-The action supports the following inputs:
+The actions supports the following inputs:
 | Name           | Type   | Description                                                                | Default  | Required |
-| ----------- | ------- | ------------------------------------------------------ | --------------------------------- | -------- |
+| -------------- | ------ | -------------------------------------------------------------------------- | -------- | -------- |
-| `version`   | String  | Supabase CLI version (or `latest`)                     | Root lockfile version or `latest` | false    |
+| `version`      | String | Supabase CLI version (or `latest`)                                         | `2.20.3` | false    |
-| `cache`     | Boolean | Cache Docker images used by Supabase local development | `false`                           | false    |
+| `github-token` | String | GitHub token used to resolve `latest` without unauthenticated API limiting |          | false    |
 | `cache-key` | String  | Explicit cache key for Supabase Docker images          | Generated from runner and config  | false    |
 The action exposes these outputs:
 | Name        | Description                                            |
 | ----------- | ------------------------------------------------------ |
 | `version`   | Version of installed Supabase CLI                      |
 | `cache-hit` | Whether an exact Supabase Docker image cache was found |
 ## Advanced Usage
@@ -93,7 +67,7 @@ Check generated TypeScript types are up-to-date with Postgres schema:
 ```yaml
 steps:
-  - uses: supabase/setup-cli@v2
+  - uses: supabase/setup-cli@v1
  - run: supabase init
  - run: supabase db start
  - name: Verify generated types match Postgres schema
@@ -116,85 +90,58 @@ env:
  PROJECT_ID: <project-id>
 steps:
-  - uses: supabase/setup-cli@v2
+   - uses: supabase/setup-cli@v1
   - run: supabase link --project-ref $PROJECT_ID
   - run: supabase db push
 ```
 Export local Supabase env vars for app tests:
 ```yaml
 steps:
  - uses: supabase/setup-cli@v2
    with:
      cache: true
  - run: supabase init
  - run: supabase start
  - name: Export local Supabase env vars
    run: |
      # Customize the variable names as needed for your app.
      supabase status -o env \
        --override-name api.url=SUPABASE_URL \
        --override-name auth.service_role_key=SUPABASE_SERVICE_ROLE_KEY \
        >> .env.test
  - run: bun test
 ```
 Customize the Docker image cache key when the image set depends on your workflow
 flags, generated config, or monorepo layout:
 ```yaml
 steps:
  - uses: actions/checkout@v6
  - uses: supabase/setup-cli@v2
    with:
      cache: true
      cache-key: supabase-${{ runner.os }}-${{ runner.arch }}-${{ hashFiles('supabase/config.toml') }}-start-all
  - run: supabase start
 ```
 Avoid running `docker system prune -a` before the job ends if you want the
 post-action cache save to include images pulled by `supabase start`.
 ## Develop
 After you've cloned the repository to your local machine or codespace, you'll
-need to perform a few setup steps before you can work on the action.
+need to perform some initial setup steps before you can develop your action.
 > [!NOTE]
 >
-> You'll need a recent version of [Bun](https://bun.sh) for local development.
+> You'll need to have a reasonably modern version of
-> This repository includes a `.bun-version` file for tools that can auto-switch
+> [Node.js](https://nodejs.org) handy (20.x or later should work!). If you are
-> Bun versions.
+> using a version manager like [`nodenv`](https://github.com/nodenv/nodenv) or
 > [`fnm`](https://github.com/Schniz/fnm), this template has a `.node-version`
 > file at the root of the repository that can be used to automatically switch to
 > the correct version when you `cd` into the repository. Additionally, this
 > `.node-version` file is used by GitHub Actions in any `actions/setup-node`
 > actions.
 1. :hammer_and_wrench: Install the dependencies
   ```bash
-   bun install
+   npm ci
   ```
 1. :building_construction: Package the TypeScript for distribution
   ```bash
   npm run bundle
   ```
 1. :white_check_mark: Run the tests
   ```bash
-   bun test
+   $ npm test
   PASS  ./index.test.js
     ✓ gets download url to binary (3 ms)
     ✓ runs main action (891 ms)
   ...
   ```
-1. :package: Build the bundled action entrypoints
+## Publish to a distribution branch
-   ```bash
+Actions are run from this GitHub repository so we will check in the packed
-   bun run build
+`dist` folder.
   ```
 1. :mag: Run the full local CI suite
   ```bash
   bun run ci
   ```
 ## Publish
 1. Create a new GitHub release
-2. Rebase `v2` branch on `main`
+2. Rebase `v1` branch on `main`
 Your action is now published! :rocket:
@@ -203,17 +150,15 @@ See the
 ## Validate
-Validate changes by exercising the action from a workflow in this repository
+You can now validate the action by referencing `./` in a workflow in your
-(see [ci.yml](.github/workflows/ci.yml) and [e2e.yml](.github/workflows/e2e.yml)).
+repository (see [test.yml](.github/workflows/test.yml))
 ```yaml
-steps:
+uses: ./
  - uses: ./
 with:
  version: latest
  github-token: ${{ github.token }}
 ```
-The CI workflow provides fast smoke coverage across GitHub-hosted runners, and
+See the [actions tab](https://github.com/supabase/setup-cli/actions) for runs of
-the E2E workflow verifies `supabase init` and `supabase start` against supported
+this action! :rocket:
 Postgres versions. See the [actions tab](https://github.com/supabase/setup-cli/actions)
 for recent runs.
--- a/tests/main.test.ts
+++ b/tests/main.test.ts
@@ -0,0 +1,163 @@
 import { getCliPath, getDownloadArchive, getDownloadUrl } from '../src/utils'
 import { CLI_CONFIG_REGISTRY } from '../src/main'
 import * as os from 'os'
 import * as process from 'process'
 import * as cp from 'child_process'
 import * as path from 'path'
 import * as fs from 'fs'
 import * as yaml from 'js-yaml'
 import * as url from 'url'
 import { afterEach, expect, jest, test } from '@jest/globals'
 afterEach(() => {
  jest.restoreAllMocks()
 })
 test('gets download url to binary', async () => {
  const url = await getDownloadUrl('1.28.0')
  expect(
    url.startsWith(
      'https://github.com/supabase/cli/releases/download/v1.28.0/supabase_'
    )
  ).toBeTruthy()
  expect(url.endsWith('.tar.gz')).toBeTruthy()
  expect(url).not.toContain('_1.28.0_')
 })
 test('gets legacy download url to binary', async () => {
  const url = await getDownloadUrl('0.1.0')
  expect(
    url.startsWith(
      `https://github.com/supabase/cli/releases/download/v0.1.0/supabase_0.1.0_`
    )
  ).toBeTruthy()
  expect(url.endsWith('.tar.gz')).toBeTruthy()
 })
 test('gets download url to latest version', async () => {
  jest.spyOn(globalThis, 'fetch').mockResolvedValue(
    new Response(JSON.stringify({ tag_name: 'v2.99.0' }), {
      status: 200,
      statusText: 'OK'
    })
  )
  const url = await getDownloadUrl('latest')
  expect(url).toContain('/download/v2.99.0/supabase_2.99.0_')
  expect(url).toMatch(/\.tar\.gz$|\.zip$/)
 })
 test('authenticates latest version lookup when a GitHub token is provided', async () => {
  const fetchMock = jest.spyOn(globalThis, 'fetch').mockResolvedValue(
    new Response(JSON.stringify({ tag_name: 'v2.99.0' }), {
      status: 200,
      statusText: 'OK'
    })
  )
  await getDownloadUrl('latest', 'github-token')
  expect(fetchMock).toHaveBeenCalledWith(
    'https://api.github.com/repos/supabase/cli/releases/latest',
    expect.objectContaining({
      headers: expect.objectContaining({
        Accept: 'application/vnd.github+json',
        Authorization: 'Bearer github-token',
        'X-GitHub-Api-Version': '2022-11-28'
      })
    })
  )
 })
 test('omits authorization from latest version lookup without a GitHub token', async () => {
  const fetchMock = jest.spyOn(globalThis, 'fetch').mockResolvedValue(
    new Response(JSON.stringify({ tag_name: 'v2.99.0' }), {
      status: 200,
      statusText: 'OK'
    })
  )
  await getDownloadUrl('latest')
  expect(fetchMock).toHaveBeenCalledWith(
    'https://api.github.com/repos/supabase/cli/releases/latest',
    expect.objectContaining({
      headers: expect.not.objectContaining({
        Authorization: expect.any(String)
      })
    })
  )
 })
 test('gets versioned archive url to binary from Supabase CLI v2.99.0', async () => {
  const archive = await getDownloadArchive('2.99.0', 'linux', 'x64')
  expect(archive).toEqual({
    url: 'https://github.com/supabase/cli/releases/download/v2.99.0/supabase_2.99.0_linux_amd64.tar.gz',
    format: 'tar'
  })
 })
 test('gets apk archive url on Linux musl from Supabase CLI v2.99.0', async () => {
  const archive = await getDownloadArchive('2.99.0', 'linux', 'x64', true)
  expect(archive).toEqual({
    url: 'https://github.com/supabase/cli/releases/download/v2.99.0/supabase_2.99.0_linux_amd64.apk',
    format: 'apk'
  })
 })
 test('keeps tar archives before Supabase CLI v2.99.0 on Linux musl', async () => {
  const archive = await getDownloadArchive('2.98.2', 'linux', 'x64', true)
  expect(archive).toEqual({
    url: 'https://github.com/supabase/cli/releases/download/v2.98.2/supabase_linux_amd64.tar.gz',
    format: 'tar'
  })
 })
 test('uses usr/bin as the CLI path for apk archives', () => {
  expect(getCliPath('/tmp/extracted', 'apk')).toBe('/tmp/extracted/usr/bin')
  expect(getCliPath('/tmp/extracted', 'tar')).toBe('/tmp/extracted')
  expect(getCliPath('/tmp/extracted', 'zip')).toBe('/tmp/extracted')
 })
 test('gets versioned zip archive url on Windows from Supabase CLI v2.99.0', async () => {
  const archive = await getDownloadArchive('2.99.0', 'win32', 'x64')
  expect(archive).toEqual({
    url: 'https://github.com/supabase/cli/releases/download/v2.99.0/supabase_2.99.0_windows_amd64.zip',
    format: 'zip'
  })
 })
 test('keeps unversioned archive url to binary before Supabase CLI v2.99.0', async () => {
  const url = await getDownloadUrl('2.98.2')
  expect(url).toContain('/download/v2.98.2/supabase_')
  expect(url).not.toContain('supabase_2.98.2_')
  expect(url).toMatch(/\.tar\.gz$/)
 })
 // shows how the runner will run a javascript action with env / stdout protocol
 test('runs main action', () => {
  const { env, execPath } = process
  const repo = path.dirname(path.dirname(url.fileURLToPath(import.meta.url)))
  const config = path.join(repo, 'action.yml')
  const action = yaml.load(fs.readFileSync(config, 'utf8')) as {
    inputs: { version: { default: string } }
  }
  const ip = path.join(repo, 'dist', 'index.js')
  const stdout = cp
    .execFileSync(execPath, [ip], {
      env: {
        ...env,
        RUNNER_TEMP: os.tmpdir(),
        INPUT_VERSION: action.inputs.version.default
      }
    })
    .toString()
  expect
    .stringContaining(`::set-env name=${CLI_CONFIG_REGISTRY}::`)
    .asymmetricMatch(stdout)
 })
--- a/action.yml
+++ b/action.yml
@@ -3,22 +3,17 @@ description: Setup Supabase CLI, supabase, on GitHub Actions runners
 author: Supabase
 inputs:
  version:
-    description: Version of Supabase CLI to install. If omitted, detect from the root lockfile and otherwise use latest.
+    description: Version of Supabase CLI to install
    required: false
-  cache:
+    default: 2.20.3
-    description: Cache Docker images used by Supabase local development commands.
+  github-token:
-    required: false
+    description:
-    default: "false"
+      GitHub token used to resolve the latest Supabase CLI release without
-  cache-key:
+      hitting unauthenticated API limits.
    description: Optional explicit cache key for Supabase Docker images.
    required: false
 outputs:
  version:
    description: Version of installed Supabase CLI
  cache-hit:
    description: Whether an exact Supabase Docker image cache was restored.
 runs:
-  using: node24
+  using: node20
-  main: dist/main.js
+  main: dist/index.js
  post: dist/post.js
  post-if: success()
--- a/badges/coverage.svg
+++ b/badges/coverage.svg
@@ -0,0 +1 @@
 <svg xmlns="http://www.w3.org/2000/svg" width="116" height="20" role="img" aria-label="Coverage: 51.42%"><title>Coverage: 51.42%</title><linearGradient id="s" x2="0" y2="100%"><stop offset="0" stop-color="#bbb" stop-opacity=".1"/><stop offset="1" stop-opacity=".1"/></linearGradient><clipPath id="r"><rect width="116" height="20" rx="3" fill="#fff"/></clipPath><g clip-path="url(#r)"><rect width="63" height="20" fill="#555"/><rect x="63" width="53" height="20" fill="#e05d44"/><rect width="116" height="20" fill="url(#s)"/></g><g fill="#fff" text-anchor="middle" font-family="Verdana,Geneva,DejaVu Sans,sans-serif" text-rendering="geometricPrecision" font-size="110"><text aria-hidden="true" x="325" y="150" fill="#010101" fill-opacity=".3" transform="scale(.1)" textLength="530">Coverage</text><text x="325" y="140" transform="scale(.1)" fill="#fff" textLength="530">Coverage</text><text aria-hidden="true" x="885" y="150" fill="#010101" fill-opacity=".3" transform="scale(.1)" textLength="430">51.42%</text><text x="885" y="140" transform="scale(.1)" fill="#fff" textLength="430">51.42%</text></g></svg>
--- a/bun.lock
+++ b/bun.lock
@@ -1,244 +0,0 @@
 {
  "lockfileVersion": 1,
  "configVersion": 1,
  "workspaces": {
    "": {
      "name": "setup-cli",
      "dependencies": {
        "@actions/cache": "^6.0.0",
        "@actions/core": "^3.0.0",
        "@actions/tool-cache": "^4.0.0",
        "js-yaml": "^4.1.1",
        "semver": "^7.7.4",
      },
      "devDependencies": {
        "@tsconfig/bun": "^1.0.10",
        "@types/bun": "^1.3.11",
        "@types/js-yaml": "^4.0.9",
        "@types/node": "^24",
        "@types/semver": "^7.7.1",
        "@typescript/native-preview": "^7.0.0-dev.20260409.1",
        "oxfmt": "^0.44.0",
        "oxlint": "^1.59.0",
        "oxlint-tsgolint": "^0.20.0",
      },
    },
  },
  "packages": {
    "@actions/cache": ["@actions/cache@6.0.0", "", { "dependencies": { "@actions/core": "^3.0.0", "@actions/exec": "^3.0.0", "@actions/glob": "^0.6.1", "@actions/http-client": "^4.0.0", "@actions/io": "^3.0.0", "@azure/core-rest-pipeline": "^1.22.0", "@azure/storage-blob": "^12.30.0", "@protobuf-ts/runtime-rpc": "^2.11.1", "semver": "^7.7.3" } }, "sha512-+tCs634SyGBQJ3KU1rtAVabmN/gYiT9WgzTSJzWwdPCLmM3zWrdbysaErKv8HyI6OozClrxNvDgPjJimbHZZvw=="],
    "@actions/core": ["@actions/core@3.0.0", "", { "dependencies": { "@actions/exec": "^3.0.0", "@actions/http-client": "^4.0.0" } }, "sha512-zYt6cz+ivnTmiT/ksRVriMBOiuoUpDCJJlZ5KPl2/FRdvwU3f7MPh9qftvbkXJThragzUZieit2nyHUyw53Seg=="],
    "@actions/exec": ["@actions/exec@3.0.0", "", { "dependencies": { "@actions/io": "^3.0.2" } }, "sha512-6xH/puSoNBXb72VPlZVm7vQ+svQpFyA96qdDBvhB8eNZOE8LtPf9L4oAsfzK/crCL8YZ+19fKYVnM63Sl+Xzlw=="],
    "@actions/glob": ["@actions/glob@0.6.1", "", { "dependencies": { "@actions/core": "^3.0.0", "minimatch": "^3.0.4" } }, "sha512-K4+2Ac5ILcf2ySdJCha+Pop9NcKjxqCL4xL4zI50dgB2PbXgC0+AcP011xfH4Of6b4QEJJg8dyZYv7zl4byTsw=="],
    "@actions/http-client": ["@actions/http-client@4.0.0", "", { "dependencies": { "tunnel": "^0.0.6", "undici": "^6.23.0" } }, "sha512-QuwPsgVMsD6qaPD57GLZi9sqzAZCtiJT8kVBCDpLtxhL5MydQ4gS+DrejtZZPdIYyB1e95uCK9Luyds7ybHI3g=="],
    "@actions/io": ["@actions/io@3.0.2", "", {}, "sha512-nRBchcMM+QK1pdjO7/idu86rbJI5YHUKCvKs0KxnSYbVe3F51UfGxuZX4Qy/fWlp6l7gWFwIkrOzN+oUK03kfw=="],
    "@actions/tool-cache": ["@actions/tool-cache@4.0.0", "", { "dependencies": { "@actions/core": "^3.0.0", "@actions/exec": "^3.0.0", "@actions/http-client": "^4.0.0", "@actions/io": "^3.0.0", "semver": "^7.7.3" } }, "sha512-L8P9HbXvpvqjZDveb/fdsa55IVC0trfPgQ4ZwGo6r5af6YDVdM9vMGPZ7rgY2fAT9gGj4PSYd6bYlg3p3jD78A=="],
    "@azure/abort-controller": ["@azure/abort-controller@2.1.2", "", { "dependencies": { "tslib": "^2.6.2" } }, "sha512-nBrLsEWm4J2u5LpAPjxADTlq3trDgVZZXHNKabeXZtpq3d3AbN/KGO82R87rdDz5/lYB024rtEf10/q0urNgsA=="],
    "@azure/core-auth": ["@azure/core-auth@1.10.1", "", { "dependencies": { "@azure/abort-controller": "^2.1.2", "@azure/core-util": "^1.13.0", "tslib": "^2.6.2" } }, "sha512-ykRMW8PjVAn+RS6ww5cmK9U2CyH9p4Q88YJwvUslfuMmN98w/2rdGRLPqJYObapBCdzBVeDgYWdJnFPFb7qzpg=="],
    "@azure/core-client": ["@azure/core-client@1.10.1", "", { "dependencies": { "@azure/abort-controller": "^2.1.2", "@azure/core-auth": "^1.10.0", "@azure/core-rest-pipeline": "^1.22.0", "@azure/core-tracing": "^1.3.0", "@azure/core-util": "^1.13.0", "@azure/logger": "^1.3.0", "tslib": "^2.6.2" } }, "sha512-Nh5PhEOeY6PrnxNPsEHRr9eimxLwgLlpmguQaHKBinFYA/RU9+kOYVOQqOrTsCL+KSxrLLl1gD8Dk5BFW/7l/w=="],
    "@azure/core-http-compat": ["@azure/core-http-compat@2.4.0", "", { "dependencies": { "@azure/abort-controller": "^2.1.2" }, "peerDependencies": { "@azure/core-client": "^1.10.0", "@azure/core-rest-pipeline": "^1.22.0" } }, "sha512-f1P96IB399YiN2ARYHP7EpZi3Bf3wH4SN2lGzrw7JVwm7bbsVYtf2iKSBwTywD2P62NOPZGHFSZi+6jjb75JuA=="],
    "@azure/core-lro": ["@azure/core-lro@2.7.2", "", { "dependencies": { "@azure/abort-controller": "^2.0.0", "@azure/core-util": "^1.2.0", "@azure/logger": "^1.0.0", "tslib": "^2.6.2" } }, "sha512-0YIpccoX8m/k00O7mDDMdJpbr6mf1yWo2dfmxt5A8XVZVVMz2SSKaEbMCeJRvgQ0IaSlqhjT47p4hVIRRy90xw=="],
    "@azure/core-paging": ["@azure/core-paging@1.6.2", "", { "dependencies": { "tslib": "^2.6.2" } }, "sha512-YKWi9YuCU04B55h25cnOYZHxXYtEvQEbKST5vqRga7hWY9ydd3FZHdeQF8pyh+acWZvppw13M/LMGx0LABUVMA=="],
    "@azure/core-rest-pipeline": ["@azure/core-rest-pipeline@1.23.0", "", { "dependencies": { "@azure/abort-controller": "^2.1.2", "@azure/core-auth": "^1.10.0", "@azure/core-tracing": "^1.3.0", "@azure/core-util": "^1.13.0", "@azure/logger": "^1.3.0", "@typespec/ts-http-runtime": "^0.3.4", "tslib": "^2.6.2" } }, "sha512-Evs1INHo+jUjwHi1T6SG6Ua/LHOQBCLuKEEE6efIpt4ZOoNonaT1kP32GoOcdNDbfqsD2445CPri3MubBy5DEQ=="],
    "@azure/core-tracing": ["@azure/core-tracing@1.3.1", "", { "dependencies": { "tslib": "^2.6.2" } }, "sha512-9MWKevR7Hz8kNzzPLfX4EAtGM2b8mr50HPDBvio96bURP/9C+HjdH3sBlLSNNrvRAr5/k/svoH457gB5IKpmwQ=="],
    "@azure/core-util": ["@azure/core-util@1.13.1", "", { "dependencies": { "@azure/abort-controller": "^2.1.2", "@typespec/ts-http-runtime": "^0.3.0", "tslib": "^2.6.2" } }, "sha512-XPArKLzsvl0Hf0CaGyKHUyVgF7oDnhKoP85Xv6M4StF/1AhfORhZudHtOyf2s+FcbuQ9dPRAjB8J2KvRRMUK2A=="],
    "@azure/core-xml": ["@azure/core-xml@1.5.1", "", { "dependencies": { "fast-xml-parser": "^5.5.9", "tslib": "^2.8.1" } }, "sha512-xcNRHqCoSp4AunOALEae6A8f3qATb83gSrm31Iqb01OzblvC3/W/bfXozcq78EzIdzZzuH1bZ2NvRR0TdX709w=="],
    "@azure/logger": ["@azure/logger@1.3.0", "", { "dependencies": { "@typespec/ts-http-runtime": "^0.3.0", "tslib": "^2.6.2" } }, "sha512-fCqPIfOcLE+CGqGPd66c8bZpwAji98tZ4JI9i/mlTNTlsIWslCfpg48s/ypyLxZTump5sypjrKn2/kY7q8oAbA=="],
    "@azure/storage-blob": ["@azure/storage-blob@12.31.0", "", { "dependencies": { "@azure/abort-controller": "^2.1.2", "@azure/core-auth": "^1.9.0", "@azure/core-client": "^1.9.3", "@azure/core-http-compat": "^2.2.0", "@azure/core-lro": "^2.2.0", "@azure/core-paging": "^1.6.2", "@azure/core-rest-pipeline": "^1.19.1", "@azure/core-tracing": "^1.2.0", "@azure/core-util": "^1.11.0", "@azure/core-xml": "^1.4.5", "@azure/logger": "^1.1.4", "@azure/storage-common": "^12.3.0", "events": "^3.0.0", "tslib": "^2.8.1" } }, "sha512-DBgNv10aCSxopt92DkTDD0o9xScXeBqPKGmR50FPZQaEcH4JLQ+GEOGEDv19V5BMkB7kxr+m4h6il/cCDPvmHg=="],
    "@azure/storage-common": ["@azure/storage-common@12.3.0", "", { "dependencies": { "@azure/abort-controller": "^2.1.2", "@azure/core-auth": "^1.9.0", "@azure/core-http-compat": "^2.2.0", "@azure/core-rest-pipeline": "^1.19.1", "@azure/core-tracing": "^1.2.0", "@azure/core-util": "^1.11.0", "@azure/logger": "^1.1.4", "events": "^3.3.0", "tslib": "^2.8.1" } }, "sha512-/OFHhy86aG5Pe8dP5tsp+BuJ25JOAl9yaMU3WZbkeoiFMHFtJ7tu5ili7qEdBXNW9G5lDB19trwyI6V49F/8iQ=="],
    "@oxfmt/binding-android-arm-eabi": ["@oxfmt/binding-android-arm-eabi@0.44.0", "", { "os": "android", "cpu": "arm" }, "sha512-5UvghMd9SA/yvKTWCAxMAPXS1d2i054UeOf4iFjZjfayTwCINcC3oaSXjtbZfCaEpxgJod7XiOjTtby5yEv/BQ=="],
    "@oxfmt/binding-android-arm64": ["@oxfmt/binding-android-arm64@0.44.0", "", { "os": "android", "cpu": "arm64" }, "sha512-IVudM1BWfvrYO++Khtzr8q9n5Rxu7msUvoFMqzGJVdX7HfUXUDHwaH2zHZNB58svx2J56pmCUzophyaPFkcG/A=="],
    "@oxfmt/binding-darwin-arm64": ["@oxfmt/binding-darwin-arm64@0.44.0", "", { "os": "darwin", "cpu": "arm64" }, "sha512-eWCLAIKAHfx88EqEP1Ga2yz7qVcqDU5lemn4xck+07bH182hDdprOHjbogyk0In1Djys3T0/pO2JepFnRJ41Mg=="],
    "@oxfmt/binding-darwin-x64": ["@oxfmt/binding-darwin-x64@0.44.0", "", { "os": "darwin", "cpu": "x64" }, "sha512-eHTBznHLM49++dwz07MblQ2cOXyIgeedmE3Wgy4ptUESj38/qYZyRi1MPwC9olQJWssMeY6WI3UZ7YmU5ggvyQ=="],
    "@oxfmt/binding-freebsd-x64": ["@oxfmt/binding-freebsd-x64@0.44.0", "", { "os": "freebsd", "cpu": "x64" }, "sha512-jLMmbj0u0Ft43QpkUVr/0v1ZfQCGWAvU+WznEHcN3wZC/q6ox7XeSJtk9P36CCpiDSUf3sGnzbIuG1KdEMEDJQ=="],
    "@oxfmt/binding-linux-arm-gnueabihf": ["@oxfmt/binding-linux-arm-gnueabihf@0.44.0", "", { "os": "linux", "cpu": "arm" }, "sha512-n+A/u/ByK1qV8FVGOwyaSpw5NPNl0qlZfgTBqHeGIqr8Qzq1tyWZ4lAaxPoe5mZqE3w88vn3+jZtMxriHPE7tg=="],
    "@oxfmt/binding-linux-arm-musleabihf": ["@oxfmt/binding-linux-arm-musleabihf@0.44.0", "", { "os": "linux", "cpu": "arm" }, "sha512-5eax+FkxyCqAi3Rw0mrZFr7+KTt/XweFsbALR+B5ljWBLBl8nHe4ADrUnb1gLEfQCJLl+Ca5FIVD4xEt95AwIw=="],
    "@oxfmt/binding-linux-arm64-gnu": ["@oxfmt/binding-linux-arm64-gnu@0.44.0", "", { "os": "linux", "cpu": "arm64" }, "sha512-58l8JaHxSGOmOMOG2CIrNsnkRJAj0YcHQCmvNACniOa/vd1iRHhlPajczegzS5jwMENlqgreyiTR9iNlke8qCw=="],
    "@oxfmt/binding-linux-arm64-musl": ["@oxfmt/binding-linux-arm64-musl@0.44.0", "", { "os": "linux", "cpu": "arm64" }, "sha512-AlObQIXyVRZ96LbtVljtFq0JqH5B92NU+BQeDFrXWBUWlCKAM0wF5GLfIhCLT5kQ3Sl+U0YjRJ7Alqj5hGQaCg=="],
    "@oxfmt/binding-linux-ppc64-gnu": ["@oxfmt/binding-linux-ppc64-gnu@0.44.0", "", { "os": "linux", "cpu": "ppc64" }, "sha512-YcFE8/q/BbrCiIiM5piwbkA6GwJc5QqhMQp2yDrqQ2fuVkZ7CInb1aIijZ/k8EXc72qXMSwKpVlBv1w/MsGO/A=="],
    "@oxfmt/binding-linux-riscv64-gnu": ["@oxfmt/binding-linux-riscv64-gnu@0.44.0", "", { "os": "linux", "cpu": "none" }, "sha512-eOdzs6RqkRzuqNHUX5C8ISN5xfGh4xDww8OEd9YAmc3OWN8oAe5bmlIqQ+rrHLpv58/0BuU48bxkhnIGjA/ATQ=="],
    "@oxfmt/binding-linux-riscv64-musl": ["@oxfmt/binding-linux-riscv64-musl@0.44.0", "", { "os": "linux", "cpu": "none" }, "sha512-YBgNTxntD/QvlFUfgvh8bEdwOhXiquX8gaofZJAwYa/Xp1S1DQrFVZEeck7GFktr24DztsSp8N8WtWCBwxs0Hw=="],
    "@oxfmt/binding-linux-s390x-gnu": ["@oxfmt/binding-linux-s390x-gnu@0.44.0", "", { "os": "linux", "cpu": "s390x" }, "sha512-GLIh1R6WHWshl/i4QQDNgj0WtT25aRO4HNUWEoitxiywyRdhTFmFEYT2rXlcl9U6/26vhmOqG5cRlMLG3ocaIA=="],
    "@oxfmt/binding-linux-x64-gnu": ["@oxfmt/binding-linux-x64-gnu@0.44.0", "", { "os": "linux", "cpu": "x64" }, "sha512-gZOpgTlOsLcLfAF9qgpTr7FIIFSKnQN3hDf/0JvQ4CIwMY7h+eilNjxq/CorqvYcEOu+LRt1W4ZS7KccEHLOdA=="],
    "@oxfmt/binding-linux-x64-musl": ["@oxfmt/binding-linux-x64-musl@0.44.0", "", { "os": "linux", "cpu": "x64" }, "sha512-1CyS9JTB+pCUFYFI6pkQGGZaT/AY5gnhHVrQQLhFba6idP9AzVYm1xbdWfywoldTYvjxQJV6x4SuduCIfP3W+A=="],
    "@oxfmt/binding-openharmony-arm64": ["@oxfmt/binding-openharmony-arm64@0.44.0", "", { "os": "none", "cpu": "arm64" }, "sha512-bmEv70Ak6jLr1xotCbF5TxIKjsmQaiX+jFRtnGtfA03tJPf6VG3cKh96S21boAt3JZc+Vjx8PYcDuLj39vM2Pw=="],
    "@oxfmt/binding-win32-arm64-msvc": ["@oxfmt/binding-win32-arm64-msvc@0.44.0", "", { "os": "win32", "cpu": "arm64" }, "sha512-yWzB+oCpSnP/dmw85eFLAT5o35Ve5pkGS2uF/UCISpIwDqf1xa7OpmtomiqY/Vzg8VyvMbuf6vroF2khF/+1Vg=="],
    "@oxfmt/binding-win32-ia32-msvc": ["@oxfmt/binding-win32-ia32-msvc@0.44.0", "", { "os": "win32", "cpu": "ia32" }, "sha512-TcWpo18xEIE3AmIG2kpr3kz5IEhQgnx0lazl2+8L+3eTopOAUevQcmlr4nhguImNWz0OMeOZrYZOhJNCf16nlQ=="],
    "@oxfmt/binding-win32-x64-msvc": ["@oxfmt/binding-win32-x64-msvc@0.44.0", "", { "os": "win32", "cpu": "x64" }, "sha512-oj8aLkPJZppIM4CMQNsyir9ybM1Xw/CfGPTSsTnzpVGyljgfbdP0EVUlURiGM0BDrmw5psQ6ArmGCcUY/yABaQ=="],
    "@oxlint-tsgolint/darwin-arm64": ["@oxlint-tsgolint/darwin-arm64@0.20.0", "", { "os": "darwin", "cpu": "arm64" }, "sha512-KKQcIHZHMxqpHUA1VXIbOG6chNCFkUWbQy6M+AFVtPKkA/3xAeJkJ3njoV66bfzwPHRcWQO+kcj5XqtbkjakoA=="],
    "@oxlint-tsgolint/darwin-x64": ["@oxlint-tsgolint/darwin-x64@0.20.0", "", { "os": "darwin", "cpu": "x64" }, "sha512-7HeVMuclGfG+NLZi2ybY0T4fMI7/XxO/208rJk+zEIloKkVnlh11Wd241JMGwgNFXn+MLJbOqOfojDb2Dt4L1g=="],
    "@oxlint-tsgolint/linux-arm64": ["@oxlint-tsgolint/linux-arm64@0.20.0", "", { "os": "linux", "cpu": "arm64" }, "sha512-zxhUwz+WSxE6oWlZLK2z2ps9yC6ebmgoYmjAl0Oa48+GqkZ56NVgo+wb8DURNv6xrggzHStQxqQxe3mK51HZag=="],
    "@oxlint-tsgolint/linux-x64": ["@oxlint-tsgolint/linux-x64@0.20.0", "", { "os": "linux", "cpu": "x64" }, "sha512-/1l6FnahC9im8PK+Ekkx/V3yetO/PzZnJegE2FXcv/iXEhbeVxP/ouiTYcUQu9shT1FWJCSNti1VJHH+21Y1dg=="],
    "@oxlint-tsgolint/win32-arm64": ["@oxlint-tsgolint/win32-arm64@0.20.0", "", { "os": "win32", "cpu": "arm64" }, "sha512-oPZ5Yz8sVdo7P/5q+i3IKeix31eFZ55JAPa1+RGPoe9PoaYVsdMvR6Jvib6YtrqoJnFPlg3fjEjlEPL8VBKYJA=="],
    "@oxlint-tsgolint/win32-x64": ["@oxlint-tsgolint/win32-x64@0.20.0", "", { "os": "win32", "cpu": "x64" }, "sha512-4stx8RHj3SP9vQyRF/yZbz5igtPvYMEUR8CUoha4BVNZihi39DpCR8qkU7lpjB5Ga1DRMo2pHaA4bdTOMaY4mw=="],
    "@oxlint/binding-android-arm-eabi": ["@oxlint/binding-android-arm-eabi@1.59.0", "", { "os": "android", "cpu": "arm" }, "sha512-etYDw/UaEv936AQUd/CRMBVd+e+XuuU6wC+VzOv1STvsTyZenLChepLWqLtnyTTp4YMlM22ypzogDDwqYxv5cg=="],
    "@oxlint/binding-android-arm64": ["@oxlint/binding-android-arm64@1.59.0", "", { "os": "android", "cpu": "arm64" }, "sha512-TgLc7XVLKH2a4h8j3vn1MDjfK33i9MY60f/bKhRGWyVzbk5LCZ4X01VZG7iHrMmi5vYbAp8//Ponigx03CLsdw=="],
    "@oxlint/binding-darwin-arm64": ["@oxlint/binding-darwin-arm64@1.59.0", "", { "os": "darwin", "cpu": "arm64" }, "sha512-DXyFPf5ZKldMLloRHx/B9fsxsiTQomaw7cmEW3YIJko2HgCh+GUhp9gGYwHrqlLJPsEe3dYj9JebjX92D3j3AA=="],
    "@oxlint/binding-darwin-x64": ["@oxlint/binding-darwin-x64@1.59.0", "", { "os": "darwin", "cpu": "x64" }, "sha512-LgvrsdgVLX1qWqIEmNsSmMXJhpAWdtUQ0M+oR0CySwi+9IHWyOGuIL8w8+u/kbZNMyZr4WUyYB5i0+D+AKgkLg=="],
    "@oxlint/binding-freebsd-x64": ["@oxlint/binding-freebsd-x64@1.59.0", "", { "os": "freebsd", "cpu": "x64" }, "sha512-bOJhqX/ny4hrFuTPlyk8foSRx/vLRpxJh0jOOKN2NWW6FScXHPAA5rQbrwdQPcgGB5V8Ua51RS03fke8ssBcug=="],
    "@oxlint/binding-linux-arm-gnueabihf": ["@oxlint/binding-linux-arm-gnueabihf@1.59.0", "", { "os": "linux", "cpu": "arm" }, "sha512-vVUXxYMF9trXCsz4m9H6U0IjehosVHxBzVgJUxly1uz4W1PdDyicaBnpC0KRXsHYretLVe+uS9pJy8iM57Kujw=="],
    "@oxlint/binding-linux-arm-musleabihf": ["@oxlint/binding-linux-arm-musleabihf@1.59.0", "", { "os": "linux", "cpu": "arm" }, "sha512-TULQW8YBPGRWg5yZpFPL54HLOnJ3/HiX6VenDPi6YfxB/jlItwSMFh3/hCeSNbh+DAMaE1Py0j5MOaivHkI/9Q=="],
    "@oxlint/binding-linux-arm64-gnu": ["@oxlint/binding-linux-arm64-gnu@1.59.0", "", { "os": "linux", "cpu": "arm64" }, "sha512-Gt54Y4eqSgYJ90xipm24xeyaPV854706o/kiT8oZvUt3VDY7qqxdqyGqchMaujd87ib+/MXvnl9WkK8Cc1BExg=="],
    "@oxlint/binding-linux-arm64-musl": ["@oxlint/binding-linux-arm64-musl@1.59.0", "", { "os": "linux", "cpu": "arm64" }, "sha512-3CtsKp7NFB3OfqQzbuAecrY7GIZeiv7AD+xutU4tefVQzlfmTI7/ygWLrvkzsDEjTlMq41rYHxgsn6Yh8tybmA=="],
    "@oxlint/binding-linux-ppc64-gnu": ["@oxlint/binding-linux-ppc64-gnu@1.59.0", "", { "os": "linux", "cpu": "ppc64" }, "sha512-K0diOpT3ncDmOfl9I1HuvpEsAuTxkts0VYwIv/w6Xiy9CdwyPBVX88Ga9l8VlGgMrwBMnSY4xIvVlVY/fkQk7Q=="],
    "@oxlint/binding-linux-riscv64-gnu": ["@oxlint/binding-linux-riscv64-gnu@1.59.0", "", { "os": "linux", "cpu": "none" }, "sha512-xAU7+QDU6kTJJ7mJLOGgo7oOjtAtkKyFZ0Yjdb5cEo3DiCCPFLvyr08rWiQh6evZ7RiUTf+o65NY/bqttzJiQQ=="],
    "@oxlint/binding-linux-riscv64-musl": ["@oxlint/binding-linux-riscv64-musl@1.59.0", "", { "os": "linux", "cpu": "none" }, "sha512-KUmZmKlTTyauOnvUNVxK7G40sSSx0+w5l1UhaGsC6KPpOYHenx2oqJTnabmpLJicok7IC+3Y6fXAUOMyexaeJQ=="],
    "@oxlint/binding-linux-s390x-gnu": ["@oxlint/binding-linux-s390x-gnu@1.59.0", "", { "os": "linux", "cpu": "s390x" }, "sha512-4usRxC8gS0PGdkHnRmwJt/4zrQNZyk6vL0trCxwZSsAKM+OxhB8nKiR+mhjdBbl8lbMh2gc3bZpNN/ik8c4c2A=="],
    "@oxlint/binding-linux-x64-gnu": ["@oxlint/binding-linux-x64-gnu@1.59.0", "", { "os": "linux", "cpu": "x64" }, "sha512-s/rNE2gDmbwAOOP493xk2X7M8LZfI1LJFSSW1+yanz3vuQCFPiHkx4GY+O1HuLUDtkzGlhtMrIcxxzyYLv308w=="],
    "@oxlint/binding-linux-x64-musl": ["@oxlint/binding-linux-x64-musl@1.59.0", "", { "os": "linux", "cpu": "x64" }, "sha512-+yYj1udJa2UvvIUmEm0IcKgc0UlPMgz0nsSTvkPL2y6n0uU5LgIHSwVu4AHhrve6j9BpVSoRksnz8c9QcvITJA=="],
    "@oxlint/binding-openharmony-arm64": ["@oxlint/binding-openharmony-arm64@1.59.0", "", { "os": "none", "cpu": "arm64" }, "sha512-bUplUb48LYsB3hHlQXP2ZMOenpieWoOyppLAnnAhuPag3MGPnt+7caxE3w/Vl9wpQsTA3gzLntQi9rxWrs7Xqg=="],
    "@oxlint/binding-win32-arm64-msvc": ["@oxlint/binding-win32-arm64-msvc@1.59.0", "", { "os": "win32", "cpu": "arm64" }, "sha512-/HLsLuz42rWl7h7ePdmMTpHm2HIDmPtcEMYgm5BBEHiEiuNOrzMaUpd2z7UnNni5LGN9obJy2YoAYBLXQwazrA=="],
    "@oxlint/binding-win32-ia32-msvc": ["@oxlint/binding-win32-ia32-msvc@1.59.0", "", { "os": "win32", "cpu": "ia32" }, "sha512-rUPy+JnanpPwV/aJCPnxAD1fW50+XPI0VkWr7f0vEbqcdsS8NpB24Rw6RsS7SdpFv8Dw+8ugCwao5nCFbqOUSg=="],
    "@oxlint/binding-win32-x64-msvc": ["@oxlint/binding-win32-x64-msvc@1.59.0", "", { "os": "win32", "cpu": "x64" }, "sha512-xkE7puteDS/vUyRngLXW0t8WgdWoS/tfxXjhP/P7SMqPDx+hs44SpssO3h3qmTqECYEuXBUPzcAw5257Ka+ofA=="],
    "@protobuf-ts/runtime": ["@protobuf-ts/runtime@2.11.1", "", {}, "sha512-KuDaT1IfHkugM2pyz+FwiY80ejWrkH1pAtOBOZFuR6SXEFTsnb/jiQWQ1rCIrcKx2BtyxnxW6BWwsVSA/Ie+WQ=="],
    "@protobuf-ts/runtime-rpc": ["@protobuf-ts/runtime-rpc@2.11.1", "", { "dependencies": { "@protobuf-ts/runtime": "^2.11.1" } }, "sha512-4CqqUmNA+/uMz00+d3CYKgElXO9VrEbucjnBFEjqI4GuDrEQ32MaI3q+9qPBvIGOlL4PmHXrzM32vBPWRhQKWQ=="],
    "@tsconfig/bun": ["@tsconfig/bun@1.0.10", "", {}, "sha512-5AV5YknQjNyoYzZ/8NG0dawqew/wH+x7ANiCfCIn29qo0cdbd1EryvFD1k5NSZWLBMOI/fGqMIaxi58GPIP9Cg=="],
    "@types/bun": ["@types/bun@1.3.11", "", { "dependencies": { "bun-types": "1.3.11" } }, "sha512-5vPne5QvtpjGpsGYXiFyycfpDF2ECyPcTSsFBMa0fraoxiQyMJ3SmuQIGhzPg2WJuWxVBoxWJ2kClYTcw/4fAg=="],
    "@types/js-yaml": ["@types/js-yaml@4.0.9", "", {}, "sha512-k4MGaQl5TGo/iipqb2UDG2UwjXziSWkh0uysQelTlJpX1qGlpUZYm8PnO4DxG1qBomtJUdYJ6qR6xdIah10JLg=="],
    "@types/node": ["@types/node@24.12.2", "", { "dependencies": { "undici-types": "~7.16.0" } }, "sha512-A1sre26ke7HDIuY/M23nd9gfB+nrmhtYyMINbjI1zHJxYteKR6qSMX56FsmjMcDb3SMcjJg5BiRRgOCC/yBD0g=="],
    "@types/semver": ["@types/semver@7.7.1", "", {}, "sha512-FmgJfu+MOcQ370SD0ev7EI8TlCAfKYU+B4m5T3yXc1CiRN94g/SZPtsCkk506aUDtlMnFZvasDwHHUcZUEaYuA=="],
    "@typescript/native-preview": ["@typescript/native-preview@7.0.0-dev.20260409.1", "", { "optionalDependencies": { "@typescript/native-preview-darwin-arm64": "7.0.0-dev.20260409.1", "@typescript/native-preview-darwin-x64": "7.0.0-dev.20260409.1", "@typescript/native-preview-linux-arm": "7.0.0-dev.20260409.1", "@typescript/native-preview-linux-arm64": "7.0.0-dev.20260409.1", "@typescript/native-preview-linux-x64": "7.0.0-dev.20260409.1", "@typescript/native-preview-win32-arm64": "7.0.0-dev.20260409.1", "@typescript/native-preview-win32-x64": "7.0.0-dev.20260409.1" }, "bin": { "tsgo": "bin/tsgo.js" } }, "sha512-CV1HEMGo1xCySwUJbCQOF+mmrTue8KTJ1Od2kKWhcbOpu8fPBfaqIpbAM6tGLcNEykEjMMTYHc/VTLbMgxdScQ=="],
    "@typescript/native-preview-darwin-arm64": ["@typescript/native-preview-darwin-arm64@7.0.0-dev.20260409.1", "", { "os": "darwin", "cpu": "arm64" }, "sha512-GcRRnaoeZVrbC47woQ/2t3vPoQcTSjsWPEAQGtwNSdw7Z9TKxG4ES22ghJIQXd3ncTRCMJ+XELnnuqxVutkJ9w=="],
    "@typescript/native-preview-darwin-x64": ["@typescript/native-preview-darwin-x64@7.0.0-dev.20260409.1", "", { "os": "darwin", "cpu": "x64" }, "sha512-7s8DXAa0Xpu/8PEjYIc4I36Ju7eVpoz9k3E+3WQdOF8pIPWYohiOj+zi68m9XYQck+rnkjUFo26ThVKqVetoMA=="],
    "@typescript/native-preview-linux-arm": ["@typescript/native-preview-linux-arm@7.0.0-dev.20260409.1", "", { "os": "linux", "cpu": "arm" }, "sha512-fOa07JBUXQpEPq+024g346inYZ2xp63ELuoRq6J0jwDWQ/ftCCuvdQNMncwFhsm1qlMdKT3S68NrnSxX16hiaw=="],
    "@typescript/native-preview-linux-arm64": ["@typescript/native-preview-linux-arm64@7.0.0-dev.20260409.1", "", { "os": "linux", "cpu": "arm64" }, "sha512-cGTzTUqRGlIDwdtkDy6qTrvrqpe27W4CdgnFn0FpxpiWnaIi3wqjlzQ1grtqrqainw/yuPy5hn/I86sQgN6nvA=="],
    "@typescript/native-preview-linux-x64": ["@typescript/native-preview-linux-x64@7.0.0-dev.20260409.1", "", { "os": "linux", "cpu": "x64" }, "sha512-lQrbc/BJKBxQrR1ttBDU5sYY1Hb2moFQgHL20T6nbapNqGpK4pzy64p+NK39O93D4omiCSk04pkchBCVrMPSAg=="],
    "@typescript/native-preview-win32-arm64": ["@typescript/native-preview-win32-arm64@7.0.0-dev.20260409.1", "", { "os": "win32", "cpu": "arm64" }, "sha512-kmCafMo1xZlYx+9WnfpeZJ2tnB/CcJdR8QPX7j9vqcpe51D7b7Intmr921dD48KGpVh5YgjQ1MEFE5mjGqGMaA=="],
    "@typescript/native-preview-win32-x64": ["@typescript/native-preview-win32-x64@7.0.0-dev.20260409.1", "", { "os": "win32", "cpu": "x64" }, "sha512-WRd+JpQipTsE15QgYr3w7J0f1NKvGcq2QEgmcq8hB0WZA1X2WhQopNu+MpPQ3tdDD42VjMhm8ZoB8HpuOoXK5w=="],
    "@typespec/ts-http-runtime": ["@typespec/ts-http-runtime@0.3.5", "", { "dependencies": { "http-proxy-agent": "^7.0.0", "https-proxy-agent": "^7.0.0", "tslib": "^2.6.2" } }, "sha512-yURCknZhvywvQItHMMmFSo+fq5arCUIyz/CVk7jD89MSai7dkaX8ufjCWp3NttLojoTVbcE72ri+be/TnEbMHw=="],
    "agent-base": ["agent-base@7.1.4", "", {}, "sha512-MnA+YT8fwfJPgBx3m60MNqakm30XOkyIoH1y6huTQvC0PwZG7ki8NacLBcrPbNoo8vEZy7Jpuk7+jMO+CUovTQ=="],
    "argparse": ["argparse@2.0.1", "", {}, "sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q=="],
    "balanced-match": ["balanced-match@1.0.2", "", {}, "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw=="],
    "brace-expansion": ["brace-expansion@1.1.13", "", { "dependencies": { "balanced-match": "^1.0.0", "concat-map": "0.0.1" } }, "sha512-9ZLprWS6EENmhEOpjCYW2c8VkmOvckIJZfkr7rBW6dObmfgJ/L1GpSYW5Hpo9lDz4D1+n0Ckz8rU7FwHDQiG/w=="],
    "bun-types": ["bun-types@1.3.11", "", { "dependencies": { "@types/node": "*" } }, "sha512-1KGPpoxQWl9f6wcZh57LvrPIInQMn2TQ7jsgxqpRzg+l0QPOFvJVH7HmvHo/AiPgwXy+/Thf6Ov3EdVn1vOabg=="],
    "concat-map": ["concat-map@0.0.1", "", {}, "sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg=="],
    "debug": ["debug@4.4.3", "", { "dependencies": { "ms": "^2.1.3" } }, "sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA=="],
    "events": ["events@3.3.0", "", {}, "sha512-mQw+2fkQbALzQ7V0MY0IqdnXNOeTtP4r0lN9z7AAawCXgqea7bDii20AYrIBrFd/Hx0M2Ocz6S111CaFkUcb0Q=="],
    "fast-xml-builder": ["fast-xml-builder@1.1.4", "", { "dependencies": { "path-expression-matcher": "^1.1.3" } }, "sha512-f2jhpN4Eccy0/Uz9csxh3Nu6q4ErKxf0XIsasomfOihuSUa3/xw6w8dnOtCDgEItQFJG8KyXPzQXzcODDrrbOg=="],
    "fast-xml-parser": ["fast-xml-parser@5.5.11", "", { "dependencies": { "fast-xml-builder": "^1.1.4", "path-expression-matcher": "^1.4.0", "strnum": "^2.2.3" }, "bin": { "fxparser": "src/cli/cli.js" } }, "sha512-QL0eb0YbSTVWF6tTf1+LEMSgtCEjBYPpnAjoLC8SscESlAjXEIRJ7cHtLG0pLeDFaZLa4VKZLArtA/60ZS7vyA=="],
    "http-proxy-agent": ["http-proxy-agent@7.0.2", "", { "dependencies": { "agent-base": "^7.1.0", "debug": "^4.3.4" } }, "sha512-T1gkAiYYDWYx3V5Bmyu7HcfcvL7mUrTWiM6yOfa3PIphViJ/gFPbvidQ+veqSOHci/PxBcDabeUNCzpOODJZig=="],
    "https-proxy-agent": ["https-proxy-agent@7.0.6", "", { "dependencies": { "agent-base": "^7.1.2", "debug": "4" } }, "sha512-vK9P5/iUfdl95AI+JVyUuIcVtd4ofvtrOr3HNtM2yxC9bnMbEdp3x01OhQNnjb8IJYi38VlTE3mBXwcfvywuSw=="],
    "js-yaml": ["js-yaml@4.1.1", "", { "dependencies": { "argparse": "^2.0.1" }, "bin": { "js-yaml": "bin/js-yaml.js" } }, "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA=="],
    "minimatch": ["minimatch@3.1.5", "", { "dependencies": { "brace-expansion": "^1.1.7" } }, "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w=="],
    "ms": ["ms@2.1.3", "", {}, "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA=="],
    "oxfmt": ["oxfmt@0.44.0", "", { "dependencies": { "tinypool": "2.1.0" }, "optionalDependencies": { "@oxfmt/binding-android-arm-eabi": "0.44.0", "@oxfmt/binding-android-arm64": "0.44.0", "@oxfmt/binding-darwin-arm64": "0.44.0", "@oxfmt/binding-darwin-x64": "0.44.0", "@oxfmt/binding-freebsd-x64": "0.44.0", "@oxfmt/binding-linux-arm-gnueabihf": "0.44.0", "@oxfmt/binding-linux-arm-musleabihf": "0.44.0", "@oxfmt/binding-linux-arm64-gnu": "0.44.0", "@oxfmt/binding-linux-arm64-musl": "0.44.0", "@oxfmt/binding-linux-ppc64-gnu": "0.44.0", "@oxfmt/binding-linux-riscv64-gnu": "0.44.0", "@oxfmt/binding-linux-riscv64-musl": "0.44.0", "@oxfmt/binding-linux-s390x-gnu": "0.44.0", "@oxfmt/binding-linux-x64-gnu": "0.44.0", "@oxfmt/binding-linux-x64-musl": "0.44.0", "@oxfmt/binding-openharmony-arm64": "0.44.0", "@oxfmt/binding-win32-arm64-msvc": "0.44.0", "@oxfmt/binding-win32-ia32-msvc": "0.44.0", "@oxfmt/binding-win32-x64-msvc": "0.44.0" }, "bin": { "oxfmt": "bin/oxfmt" } }, "sha512-lnncqvHewyRvaqdrnntVIrZV2tEddz8lbvPsQzG/zlkfvgZkwy0HP1p/2u1aCDToeg1jb9zBpbJdfkV73Itw+w=="],
    "oxlint": ["oxlint@1.59.0", "", { "optionalDependencies": { "@oxlint/binding-android-arm-eabi": "1.59.0", "@oxlint/binding-android-arm64": "1.59.0", "@oxlint/binding-darwin-arm64": "1.59.0", "@oxlint/binding-darwin-x64": "1.59.0", "@oxlint/binding-freebsd-x64": "1.59.0", "@oxlint/binding-linux-arm-gnueabihf": "1.59.0", "@oxlint/binding-linux-arm-musleabihf": "1.59.0", "@oxlint/binding-linux-arm64-gnu": "1.59.0", "@oxlint/binding-linux-arm64-musl": "1.59.0", "@oxlint/binding-linux-ppc64-gnu": "1.59.0", "@oxlint/binding-linux-riscv64-gnu": "1.59.0", "@oxlint/binding-linux-riscv64-musl": "1.59.0", "@oxlint/binding-linux-s390x-gnu": "1.59.0", "@oxlint/binding-linux-x64-gnu": "1.59.0", "@oxlint/binding-linux-x64-musl": "1.59.0", "@oxlint/binding-openharmony-arm64": "1.59.0", "@oxlint/binding-win32-arm64-msvc": "1.59.0", "@oxlint/binding-win32-ia32-msvc": "1.59.0", "@oxlint/binding-win32-x64-msvc": "1.59.0" }, "peerDependencies": { "oxlint-tsgolint": ">=0.18.0" }, "optionalPeers": ["oxlint-tsgolint"], "bin": { "oxlint": "bin/oxlint" } }, "sha512-0xBLeGGjP4vD9pygRo8iuOkOzEU1MqOnfiOl7KYezL/QvWL8NUg6n03zXc7ZVqltiOpUxBk2zgHI3PnRIEdAvw=="],
    "oxlint-tsgolint": ["oxlint-tsgolint@0.20.0", "", { "optionalDependencies": { "@oxlint-tsgolint/darwin-arm64": "0.20.0", "@oxlint-tsgolint/darwin-x64": "0.20.0", "@oxlint-tsgolint/linux-arm64": "0.20.0", "@oxlint-tsgolint/linux-x64": "0.20.0", "@oxlint-tsgolint/win32-arm64": "0.20.0", "@oxlint-tsgolint/win32-x64": "0.20.0" }, "bin": { "tsgolint": "bin/tsgolint.js" } }, "sha512-/Uc9TQyN1l8w9QNvXtVHYtz+SzDJHKpb5X0UnHodl0BVzijUPk0LPlDOHAvogd1UI+iy9ZSF6gQxEqfzUxCULQ=="],
    "path-expression-matcher": ["path-expression-matcher@1.5.0", "", {}, "sha512-cbrerZV+6rvdQrrD+iGMcZFEiiSrbv9Tfdkvnusy6y0x0GKBXREFg/Y65GhIfm0tnLntThhzCnfKwp1WRjeCyQ=="],
    "semver": ["semver@7.7.4", "", { "bin": { "semver": "bin/semver.js" } }, "sha512-vFKC2IEtQnVhpT78h1Yp8wzwrf8CM+MzKMHGJZfBtzhZNycRFnXsHk6E5TxIkkMsgNS7mdX3AGB7x2QM2di4lA=="],
    "strnum": ["strnum@2.2.3", "", {}, "sha512-oKx6RUCuHfT3oyVjtnrmn19H1SiCqgJSg+54XqURKp5aCMbrXrhLjRN9TjuwMjiYstZ0MzDrHqkGZ5dFTKd+zg=="],
    "tinypool": ["tinypool@2.1.0", "", {}, "sha512-Pugqs6M0m7Lv1I7FtxN4aoyToKg1C4tu+/381vH35y8oENM/Ai7f7C4StcoK4/+BSw9ebcS8jRiVrORFKCALLw=="],
    "tslib": ["tslib@2.8.1", "", {}, "sha512-oJFu94HQb+KVduSUQL7wnpmqnfmLsOA/nAh6b6EH0wCEoK0/mPeXU6c3wKDV83MkOuHPRHtSXKKU99IBazS/2w=="],
    "tunnel": ["tunnel@0.0.6", "", {}, "sha512-1h/Lnq9yajKY2PEbBadPXj3VxsDDu844OnaAo52UVmIzIvwwtBPIuNvkjuzBlTWpfJyUbG3ez0KSBibQkj4ojg=="],
    "undici": ["undici@6.24.1", "", {}, "sha512-sC+b0tB1whOCzbtlx20fx3WgCXwkW627p4EA9uM+/tNNPkSS+eSEld6pAs9nDv7WbY1UUljBMYPtu9BCOrCWKA=="],
    "undici-types": ["undici-types@7.16.0", "", {}, "sha512-Zz+aZWSj8LE6zoxD+xrjh4VfkIG8Ya6LvYkZqtUQGJPZjYl53ypCaUwWqo7eI0x66KBGeRo+mlBEkMSeSZ38Nw=="],
    "bun-types/@types/node": ["@types/node@20.19.37", "", { "dependencies": { "undici-types": "~6.21.0" } }, "sha512-8kzdPJ3FsNsVIurqBs7oodNnCEVbni9yUEkaHbgptDACOPW04jimGagZ51E6+lXUwJjgnBw+hyko/lkFWCldqw=="],
    "bun-types/@types/node/undici-types": ["undici-types@6.21.0", "", {}, "sha512-iwDZqg0QAGrg9Rav5H4n0M64c3mkR59cJ6wQp+7C4nI0gsmExaedaYLNO44eT4AtBBwjbTiGPMlt2Md0T9H9JQ=="],
  }
 }
--- a/dist/index.js
+++ b/dist/index.js
--- a/dist/index.js.map
+++ b/dist/index.js.map
--- a/dist/main.js
+++ b/dist/main.js
--- a/dist/post.js
+++ b/dist/post.js
--- a/docs/index.md
+++ b/docs/index.md
@@ -1,58 +1,42 @@
-# `supabase/setup-cli`
+# `supabase-github-action`
-The Supabase CLI Action provides an easy way to install the
+The Supabase GitHub Action provides an easy way to use the Supabase CLI on
-[Supabase CLI](https://github.com/supabase/cli) on GitHub Actions runners.
+GitHub's hosted Actions runners.
-The action supports `ubuntu-latest`, `windows-latest`, and `macos-latest`, and
+The action can be run on `ubuntu-latest`, `windows-latest`, and `macos-latest`
-adds the requested `supabase` version to `PATH` for the rest of the job.
+GitHub Actions runners, and will install and expose a specified version of the
 Supabase CLI on the runner environment.
-If `version` is omitted, the action checks the repository root for `bun.lock`,
+## Quick start
 `pnpm-lock.yaml`, or `package-lock.json` and otherwise falls back to `latest`.
-## Quick Start
+This example shows how you can use the Supabase GitHub Action to test your
 migrations on every Pull Request.
-This example runs Supabase migrations on every pull request:
+Inside your repository, create a new file inside the `.github/workflows` folder
 called `test-migrations.yml`.
 Copy this snippet inside the file, and the action will run whenever a new PR is
 created:
 ```yaml
-name: test-migrations
+name: 'test-migrations'
 on:
  pull_request:
 jobs:
-  test-migrations:
+  build:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v6
+        - uses: supabase/setup-cli@v1
-      - uses: supabase/setup-cli@v2
+            with:
            version: latest
        - run: supabase init
        - run: supabase db start
 ```
 To pin a specific CLI version:
 ```yaml
 - uses: supabase/setup-cli@v2
  with:
    version: 2.84.2
 ```
 To cache the Docker images pulled by `supabase start`:
 ```yaml
 - uses: supabase/setup-cli@v2
  with:
    version: 2.84.2
    cache: true
 - run: supabase start
 ```
 The first run pulls the images from the registry. Later runs can restore the
 same image archive from the GitHub Actions cache before `supabase start` runs.
 Use `cache-key` when your workflow flags or generated config change the image
 set.
 ## Resources
- **Source Code**: <https://github.com/supabase/setup-cli>
+- **Source Code**:
- **CLI Documentation**: <https://supabase.com/docs/guides/cli>
+  <a href="https://github.com/supabase/supabase-github-action" target="_blank">github.com/supabase/supabase-github-action</a>
 - **CLI Documentation**:
  <a href="https://supabase.com/docs/guides/cli" target="_blank">supabase.com/docs/guides/cli</a>
--- a/eslint.config.mjs
+++ b/eslint.config.mjs
@@ -0,0 +1,81 @@
 // See: https://eslint.org/docs/latest/use/configure/configuration-files
 import { fixupPluginRules } from '@eslint/compat'
 import { FlatCompat } from '@eslint/eslintrc'
 import js from '@eslint/js'
 import typescriptEslint from '@typescript-eslint/eslint-plugin'
 import tsParser from '@typescript-eslint/parser'
 import _import from 'eslint-plugin-import'
 import jest from 'eslint-plugin-jest'
 import prettier from 'eslint-plugin-prettier'
 import globals from 'globals'
 import path from 'node:path'
 import { fileURLToPath } from 'node:url'
 const __filename = fileURLToPath(import.meta.url)
 const __dirname = path.dirname(__filename)
 const compat = new FlatCompat({
  baseDirectory: __dirname,
  recommendedConfig: js.configs.recommended,
  allConfig: js.configs.all
 })
 export default [
  {
    ignores: ['**/coverage', '**/dist', '**/linter', '**/node_modules']
  },
  ...compat.extends(
    'eslint:recommended',
    'plugin:@typescript-eslint/eslint-recommended',
    'plugin:@typescript-eslint/recommended',
    'plugin:jest/recommended',
    'plugin:prettier/recommended'
  ),
  {
    plugins: {
      import: fixupPluginRules(_import),
      jest,
      prettier,
      '@typescript-eslint': typescriptEslint
    },
    languageOptions: {
      globals: {
        ...globals.node,
        ...globals.jest,
        Atomics: 'readonly',
        SharedArrayBuffer: 'readonly'
      },
      parser: tsParser,
      ecmaVersion: 2023,
      sourceType: 'module',
      parserOptions: {
        project: ['tsconfig.eslint.json'],
        tsconfigRootDir: '.'
      }
    },
    settings: {
      'import/resolver': {
        typescript: {
          alwaysTryTypes: true,
          project: 'tsconfig.eslint.json'
        }
      }
    },
    rules: {
      camelcase: 'off',
      'eslint-comments/no-use': 'off',
      'eslint-comments/no-unused-disable': 'off',
      'i18n-text/no-en': 'off',
      'import/no-namespace': 'off',
      'no-console': 'off',
      'no-shadow': 'off',
      'no-unused-vars': 'off',
      'prettier/prettier': 'error'
    }
  }
 ]
--- a/jest.config.js
+++ b/jest.config.js
@@ -0,0 +1,40 @@
 // See: https://jestjs.io/docs/configuration
 /** @type {import('ts-jest').JestConfigWithTsJest} **/
 export default {
  clearMocks: true,
  collectCoverage: true,
  collectCoverageFrom: ['./src/**'],
  coverageDirectory: './coverage',
  coveragePathIgnorePatterns: ['/node_modules/', '/dist/'],
  coverageReporters: ['json-summary', 'text', 'lcov'],
  // Uncomment the below lines if you would like to enforce a coverage threshold
  // for your action. This will fail the build if the coverage is below the
  // specified thresholds.
  // coverageThreshold: {
  //   global: {
  //     branches: 100,
  //     functions: 100,
  //     lines: 100,
  //     statements: 100
  //   }
  // },
  extensionsToTreatAsEsm: ['.ts'],
  moduleFileExtensions: ['ts', 'js'],
  preset: 'ts-jest',
  reporters: ['default'],
  resolver: 'ts-jest-resolver',
  testEnvironment: 'node',
  testMatch: ['**/*.test.ts'],
  testPathIgnorePatterns: ['/dist/', '/node_modules/'],
  transform: {
    '^.+\\.ts$': [
      'ts-jest',
      {
        tsconfig: 'tsconfig.eslint.json',
        useESM: true
      }
    ]
  },
  verbose: true
 }
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@@ -1,48 +1,72 @@
 {
  "name": "setup-cli",
  "version": "2.0.0",
  "private": true,
  "description": "Supabase CLI GitHub Action",
-  "keywords": [
+  "version": "1.6.0",
    "actions"
  ],
  "license": "MIT",
  "author": "",
  "type": "module",
  "private": true,
  "repository": {
    "type": "git",
    "url": "git+https://github.com/supabase/setup-cli.git"
  },
-  "type": "module",
+  "keywords": [
-  "scripts": {
+    "actions"
-    "all": "bun run format && bun run lint && bun run coverage && bun run build",
+  ],
-    "build": "bun build src/main.ts src/post.ts --target=node --format=esm --outdir=dist",
+  "exports": {
-    "ci": "bun run format:check && bun run lint && bun run coverage && bun run build",
+    ".": "./dist/index.js"
    "coverage": "bun test --coverage --coverage-reporter=text --coverage-reporter=lcov",
    "format": "bun x oxfmt --write . '!coverage/**' '!dist/**'",
    "format:check": "bun x oxfmt --check . '!coverage/**' '!dist/**'",
    "lint": "bun x oxlint --deny-warnings --type-aware --type-check --tsconfig tsconfig.json src",
    "test": "bun test",
    "typecheck": "bun x tsgo -p tsconfig.json --noEmit"
  },
  "dependencies": {
    "@actions/cache": "^6.0.0",
    "@actions/core": "^3.0.0",
    "@actions/tool-cache": "^4.0.0",
    "js-yaml": "^4.1.1",
    "semver": "^7.7.4"
  },
  "devDependencies": {
    "@tsconfig/bun": "^1.0.10",
    "@types/bun": "^1.3.11",
    "@types/js-yaml": "^4.0.9",
    "@types/node": "^24",
    "@types/semver": "^7.7.1",
    "@typescript/native-preview": "^7.0.0-dev.20260409.1",
    "oxfmt": "^0.44.0",
    "oxlint": "^1.59.0",
    "oxlint-tsgolint": "^0.20.0"
  },
  "engines": {
-    "bun": ">=1.3.10"
+    "node": ">=20"
  },
  "scripts": {
    "bundle": "npm run format:write && npm run package",
    "ci-test": "NODE_OPTIONS=--experimental-vm-modules NODE_NO_WARNINGS=1 npx jest",
    "coverage": "npx make-coverage-badge --output-path ./badges/coverage.svg",
    "format:write": "npx prettier --write .",
    "format:check": "npx prettier --check .",
    "lint": "npx eslint .",
    "local-action": "npx @github/local-action . src/main.ts .env",
    "package": "npx rollup --config rollup.config.ts --configPlugin @rollup/plugin-typescript",
    "package:watch": "npm run package -- --watch",
    "test": "NODE_OPTIONS=--experimental-vm-modules NODE_NO_WARNINGS=1 npx jest",
    "all": "npm run format:write && npm run lint && npm run package && npm run test && npm run coverage"
  },
  "license": "MIT",
  "dependencies": {
    "@actions/core": "^3.0.1",
    "@actions/tool-cache": "^4.0.0",
    "semver": "^7.7.2"
  },
  "devDependencies": {
    "@eslint/compat": "^1.3.1",
    "@github/local-action": "^5.1.0",
    "@jest/globals": "^30.0.5",
    "@rollup/plugin-commonjs": "^28.0.6",
    "@rollup/plugin-node-resolve": "^16.0.1",
    "@rollup/plugin-typescript": "^12.1.4",
    "@types/jest": "^30.0.0",
    "@types/js-yaml": "^4.0.9",
    "@types/node": "^20.19.9",
    "@types/semver": "^7.7.0",
    "@typescript-eslint/eslint-plugin": "^8.38.0",
    "@typescript-eslint/parser": "^8.38.0",
    "eslint": "^9.31.0",
    "eslint-config-prettier": "^10.1.8",
    "eslint-import-resolver-typescript": "^4.4.4",
    "eslint-plugin-import": "^2.32.0",
    "eslint-plugin-jest": "^29.0.1",
    "eslint-plugin-prettier": "^5.5.3",
    "jest": "^30.0.5",
    "js-yaml": "^4.1.0",
    "make-coverage-badge": "^1.2.0",
    "prettier": "^3.6.2",
    "prettier-eslint": "^16.4.2",
    "rollup": "^4.45.1",
    "ts-jest": "^29.4.0",
    "ts-jest-resolver": "^2.0.1",
    "typescript": "^5.8.3"
  },
  "optionalDependencies": {
    "@rollup/rollup-linux-x64-gnu": "*"
  }
 }
--- a/rollup.config.ts
+++ b/rollup.config.ts
@@ -0,0 +1,18 @@
 // See: https://rollupjs.org/introduction/
 import commonjs from '@rollup/plugin-commonjs'
 import nodeResolve from '@rollup/plugin-node-resolve'
 import typescript from '@rollup/plugin-typescript'
 const config = {
  input: 'src/index.ts',
  output: {
    esModule: true,
    file: 'dist/index.js',
    format: 'es',
    sourcemap: true
  },
  plugins: [typescript(), nodeResolve({ preferBuiltins: true }), commonjs()]
 }
 export default config
--- a/src/cache.test.ts
+++ b/src/cache.test.ts
@@ -1,168 +0,0 @@
 import { mkdirSync, mkdtempSync, rmSync, writeFileSync } from "node:fs";
 import os from "node:os";
 import path from "node:path";
 import { afterEach, expect, mock, spyOn, test } from "bun:test";
 import * as cacheAction from "@actions/cache";
 import * as core from "@actions/core";
 import {
  collectDockerImageRefs,
  createDockerImageCacheKey,
  restoreDockerImageCache,
  saveDockerImageCache,
 } from "./cache";
 const originalRunnerTemp = process.env.RUNNER_TEMP;
 const originalWorkspace = process.env.GITHUB_WORKSPACE;
 const tempDirs = new Set<string>();
 afterEach(() => {
  mock.restore();
  process.env.RUNNER_TEMP = originalRunnerTemp;
  process.env.GITHUB_WORKSPACE = originalWorkspace;
  for (const dir of tempDirs) {
    rmSync(dir, { force: true, recursive: true });
  }
  tempDirs.clear();
 });
 function createTempDir(prefix: string): string {
  const dir = mkdtempSync(path.join(os.tmpdir(), prefix));
  tempDirs.add(dir);
  return dir;
 }
 test("creates a docker image cache key from runner, version, registry, and config", () => {
  const workspace = createTempDir("setup-cli-workspace-");
  mkdirSync(path.join(workspace, "supabase"), { recursive: true });
  writeFileSync(path.join(workspace, "supabase", "config.toml"), 'project_id = "test"\n');
  process.env.GITHUB_WORKSPACE = workspace;
  const key = createDockerImageCacheKey("supabase 2.84.2", "ghcr.io");
  expect(key).toStartWith(`supabase-cli-containers-v1-${process.platform}-${process.arch}-`);
  expect(key).toContain("supabase-2.84.2-ghcr.io-");
 });
 test("collects images from labeled containers and Supabase image repositories", async () => {
  const run = mock(async (_file: string, args: string[]) => {
    if (args[0] === "ps") {
      return {
        stdout: "ghcr.io/supabase/postgres:15.8.1\ncustom/image:latest\n",
        stderr: "",
      };
    }
    return {
      stdout:
        "ghcr.io/supabase/studio:2026.04.08\npublic.ecr.aws/supabase/kong:2.8.1\nlibrary/postgres:16\n<none>:<none>\n",
      stderr: "",
    };
  });
  expect(await collectDockerImageRefs(run)).toEqual([
    "custom/image:latest",
    "ghcr.io/supabase/postgres:15.8.1",
    "ghcr.io/supabase/studio:2026.04.08",
    "public.ecr.aws/supabase/kong:2.8.1",
  ]);
 });
 test("restore skips docker and cache calls when cache input is disabled", async () => {
  const run = mock(async () => ({ stdout: "", stderr: "" }));
  const restoreCache = spyOn(cacheAction, "restoreCache").mockImplementation(async () => undefined);
  const spies = {
    getBooleanInput: spyOn(core, "getBooleanInput").mockImplementation(() => false),
    getInput: spyOn(core, "getInput").mockImplementation(() => ""),
    setOutput: spyOn(core, "setOutput").mockImplementation(() => {}),
    saveState: spyOn(core, "saveState").mockImplementation(() => {}),
  };
  await restoreDockerImageCache("supabase 2.84.2", "ghcr.io", run);
  expect(spies.setOutput).toHaveBeenCalledWith("cache-hit", "false");
  expect(spies.saveState).toHaveBeenCalledWith("cache-enabled", "false");
  expect(run).not.toHaveBeenCalled();
  expect(restoreCache).not.toHaveBeenCalled();
 });
 test("restore loads a docker archive on exact cache hit", async () => {
  const temp = createTempDir("setup-cli-runner-");
  process.env.RUNNER_TEMP = temp;
  const calls: string[][] = [];
  const run = mock(async (_file: string, args: string[]) => {
    calls.push(args);
    return { stdout: "ok\n", stderr: "" };
  });
  const restoreCache = spyOn(cacheAction, "restoreCache").mockImplementation(
    async (paths: string[], key: string) => {
      writeFileSync(paths[0]!, "archive");
      return key;
    },
  );
  const spies = {
    getBooleanInput: spyOn(core, "getBooleanInput").mockImplementation(() => true),
    getInput: spyOn(core, "getInput").mockImplementation((name: string) =>
      name === "cache-key" ? "cache-key" : "",
    ),
    setOutput: spyOn(core, "setOutput").mockImplementation(() => {}),
    saveState: spyOn(core, "saveState").mockImplementation(() => {}),
    info: spyOn(core, "info").mockImplementation(() => {}),
    warning: spyOn(core, "warning").mockImplementation(() => {}),
  };
  await restoreDockerImageCache("supabase 2.84.2", "ghcr.io", run);
  expect(restoreCache).toHaveBeenCalledWith(
    [path.join(temp, "setup-supabase-cli", "supabase-cli-docker-images.tar")],
    "cache-key",
  );
  expect(spies.setOutput).toHaveBeenCalledWith("cache-hit", "true");
  expect(spies.saveState).toHaveBeenCalledWith("cache-hit", "true");
  expect(calls).toContainEqual([
    "load",
    "-i",
    path.join(temp, "setup-supabase-cli", "supabase-cli-docker-images.tar"),
  ]);
  expect(spies.warning).not.toHaveBeenCalled();
 });
 test("post saves collected Supabase docker images", async () => {
  const temp = createTempDir("setup-cli-runner-");
  process.env.RUNNER_TEMP = temp;
  const calls: string[][] = [];
  const run = mock(async (_file: string, args: string[]) => {
    calls.push(args);
    if (args[0] === "ps") {
      return { stdout: "ghcr.io/supabase/postgres:15.8.1\n", stderr: "" };
    }
    if (args[0] === "image") {
      return { stdout: "ghcr.io/supabase/studio:2026.04.08\n", stderr: "" };
    }
    return { stdout: "ok\n", stderr: "" };
  });
  const saveCache = spyOn(cacheAction, "saveCache").mockImplementation(async () => 1);
  const state = new Map([
    ["cache-enabled", "true"],
    ["cache-hit", "false"],
    ["cache-primary-key", "cache-key"],
    ["cache-archive-path", path.join(temp, "setup-supabase-cli", "supabase-cli-docker-images.tar")],
  ]);
  spyOn(core, "getState").mockImplementation((name: string) => state.get(name) ?? "");
  spyOn(core, "info").mockImplementation(() => {});
  spyOn(core, "warning").mockImplementation(() => {});
  await saveDockerImageCache(run);
  expect(calls).toContainEqual([
    "save",
    "-o",
    path.join(temp, "setup-supabase-cli", "supabase-cli-docker-images.tar"),
    "ghcr.io/supabase/postgres:15.8.1",
    "ghcr.io/supabase/studio:2026.04.08",
  ]);
  expect(saveCache).toHaveBeenCalledWith(
    [path.join(temp, "setup-supabase-cli", "supabase-cli-docker-images.tar")],
    "cache-key",
  );
 });
--- a/src/cache.ts
+++ b/src/cache.ts
@@ -1,254 +0,0 @@
 import * as cache from "@actions/cache";
 import * as core from "@actions/core";
 import { execFile as execFileCallback } from "node:child_process";
 import { createHash } from "node:crypto";
 import { existsSync, mkdirSync, readFileSync } from "node:fs";
 import os from "node:os";
 import path from "node:path";
 import { promisify } from "node:util";
 const CLI_CONFIG_REGISTRY = "SUPABASE_INTERNAL_IMAGE_REGISTRY";
 const CACHE_ARCHIVE = "supabase-cli-docker-images.tar";
 const CACHE_DIR = "setup-supabase-cli";
 const CACHE_KEY_VERSION = "v1";
 const DEFAULT_REGISTRY = "public.ecr.aws";
 const GHCR_REGISTRY = "ghcr.io";
 const CACHE_INPUT = "cache";
 const CACHE_KEY_INPUT = "cache-key";
 const CACHE_HIT_OUTPUT = "cache-hit";
 const STATE_ENABLED = "cache-enabled";
 const STATE_PRIMARY_KEY = "cache-primary-key";
 const STATE_ARCHIVE_PATH = "cache-archive-path";
 const STATE_CACHE_HIT = "cache-hit";
 const CLI_PROJECT_LABEL = "com.supabase.cli.project";
 const SUPABASE_IMAGE_PREFIXES = ["ghcr.io/supabase/", "public.ecr.aws/supabase/", "supabase/"];
 type ExecFile = (
  file: string,
  args: string[],
  options?: { maxBuffer?: number },
 ) => Promise<{ stdout: string; stderr: string }>;
 const execFile = promisify(execFileCallback) as ExecFile;
 function sanitizeCacheKeyPart(value: string): string {
  return value.replace(/[^A-Za-z0-9_.-]/g, "-").replace(/-+/g, "-");
 }
 function hashFile(filePath: string): string | null {
  if (!existsSync(filePath)) {
    return null;
  }
  try {
    return createHash("sha256").update(readFileSync(filePath)).digest("hex");
  } catch {
    return null;
  }
 }
 function getConfigHash(): string {
  const workspaceRoot = process.env.GITHUB_WORKSPACE?.trim();
  if (!workspaceRoot) {
    return "no-config";
  }
  return hashFile(path.join(workspaceRoot, "supabase", "config.toml")) ?? "no-config";
 }
 function getCacheArchivePath(): string {
  const runnerTemp = process.env.RUNNER_TEMP?.trim() || os.tmpdir();
  return path.join(runnerTemp, CACHE_DIR, CACHE_ARCHIVE);
 }
 export function getImageRegistry(): string {
  return process.env[CLI_CONFIG_REGISTRY]?.trim() || DEFAULT_REGISTRY;
 }
 export function getGhcrImageRegistry(): string {
  return GHCR_REGISTRY;
 }
 export function createDockerImageCacheKey(installedVersion: string, registry: string): string {
  return [
    "supabase-cli-containers",
    CACHE_KEY_VERSION,
    sanitizeCacheKeyPart(process.platform),
    sanitizeCacheKeyPart(process.arch),
    sanitizeCacheKeyPart(installedVersion),
    sanitizeCacheKeyPart(registry),
    getConfigHash(),
  ].join("-");
 }
 function getPrimaryCacheKey(installedVersion: string, registry: string): string {
  const cacheKeyInput = core.getInput(CACHE_KEY_INPUT).trim();
  if (cacheKeyInput) {
    return cacheKeyInput;
  }
  return createDockerImageCacheKey(installedVersion, registry);
 }
 async function isDockerAvailable(run: ExecFile = execFile): Promise<boolean> {
  try {
    await run("docker", ["version"]);
    return true;
  } catch {
    return false;
  }
 }
 async function runDocker(args: string[], run: ExecFile = execFile): Promise<string> {
  const { stdout } = await run("docker", args, { maxBuffer: 1024 * 1024 * 16 });
  return stdout;
 }
 function normalizeImageRefs(output: string): string[] {
  return output
    .split(/\r?\n/)
    .map((line) => line.trim())
    .filter((line) => line.length > 0 && !line.includes("<none>"));
 }
 function isSupabaseImageRef(ref: string): boolean {
  return SUPABASE_IMAGE_PREFIXES.some((prefix) => ref.startsWith(prefix));
 }
 export async function collectDockerImageRefs(run: ExecFile = execFile): Promise<string[]> {
  const refs = new Set<string>();
  try {
    const output = await runDocker(
      ["ps", "-a", "--filter", `label=${CLI_PROJECT_LABEL}`, "--format", "{{.Image}}"],
      run,
    );
    for (const ref of normalizeImageRefs(output)) {
      refs.add(ref);
    }
  } catch (error) {
    core.warning(
      `Could not list Supabase CLI containers for Docker image cache: ${error instanceof Error ? error.message : String(error)}`,
    );
  }
  try {
    const output = await runDocker(["image", "ls", "--format", "{{.Repository}}:{{.Tag}}"], run);
    for (const ref of normalizeImageRefs(output).filter(isSupabaseImageRef)) {
      refs.add(ref);
    }
  } catch (error) {
    core.warning(
      `Could not list Docker images for Supabase image cache: ${error instanceof Error ? error.message : String(error)}`,
    );
  }
  return [...refs].sort();
 }
 export async function restoreDockerImageCache(
  installedVersion: string,
  registry: string,
  run: ExecFile = execFile,
 ): Promise<void> {
  const enabled = core.getBooleanInput(CACHE_INPUT);
  core.setOutput(CACHE_HIT_OUTPUT, "false");
  core.saveState(STATE_ENABLED, String(enabled));
  if (!enabled) {
    return;
  }
  const archivePath = getCacheArchivePath();
  const primaryKey = getPrimaryCacheKey(installedVersion, registry);
  mkdirSync(path.dirname(archivePath), { recursive: true });
  core.saveState(STATE_PRIMARY_KEY, primaryKey);
  core.saveState(STATE_ARCHIVE_PATH, archivePath);
  core.saveState(STATE_CACHE_HIT, "false");
  if (!(await isDockerAvailable(run))) {
    core.warning("Docker is not available. Skipping Supabase Docker image cache restore.");
    return;
  }
  let matchedKey: string | undefined;
  try {
    matchedKey = await cache.restoreCache([archivePath], primaryKey);
  } catch (error) {
    core.warning(
      `Could not restore Supabase Docker image cache: ${error instanceof Error ? error.message : String(error)}`,
    );
    return;
  }
  if (!matchedKey) {
    core.info("No Supabase Docker image cache found.");
    return;
  }
  const cacheHit = matchedKey === primaryKey;
  core.setOutput(CACHE_HIT_OUTPUT, String(cacheHit));
  core.saveState(STATE_CACHE_HIT, String(cacheHit));
  if (!existsSync(archivePath)) {
    core.warning("Supabase Docker image cache was restored, but the archive is missing.");
    return;
  }
  try {
    await runDocker(["load", "-i", archivePath], run);
    core.info("Loaded Supabase Docker images from cache.");
  } catch (error) {
    core.warning(
      `Could not load Supabase Docker image cache: ${error instanceof Error ? error.message : String(error)}`,
    );
  }
 }
 export async function saveDockerImageCache(run: ExecFile = execFile): Promise<void> {
  if (core.getState(STATE_ENABLED) !== "true") {
    return;
  }
  if (core.getState(STATE_CACHE_HIT) === "true") {
    core.info("Supabase Docker image cache hit. Skipping cache save.");
    return;
  }
  const primaryKey = core.getState(STATE_PRIMARY_KEY);
  const archivePath = core.getState(STATE_ARCHIVE_PATH) || getCacheArchivePath();
  if (!primaryKey) {
    core.warning("Supabase Docker image cache key is missing. Skipping cache save.");
    return;
  }
  if (!(await isDockerAvailable(run))) {
    core.warning("Docker is not available. Skipping Supabase Docker image cache save.");
    return;
  }
  const imageRefs = await collectDockerImageRefs(run);
  if (imageRefs.length === 0) {
    core.warning("No Supabase Docker images found to cache.");
    return;
  }
  mkdirSync(path.dirname(archivePath), { recursive: true });
  try {
    await runDocker(["save", "-o", archivePath, ...imageRefs], run);
  } catch (error) {
    core.warning(
      `Could not create Supabase Docker image archive: ${error instanceof Error ? error.message : String(error)}`,
    );
    return;
  }
  try {
    await cache.saveCache([archivePath], primaryKey);
    core.info(`Saved ${imageRefs.length} Supabase Docker image(s) to cache.`);
  } catch (error) {
    core.warning(
      `Could not save Supabase Docker image cache: ${error instanceof Error ? error.message : String(error)}`,
    );
  }
 }
--- a/src/index.ts
+++ b/src/index.ts
@@ -0,0 +1,8 @@
 /**
 * The entrypoint for the action. This file simply imports and runs the action's
 * main logic.
 */
 import { run } from './main.js'
 /* istanbul ignore next */
 run()
--- a/src/main.test.ts
+++ b/src/main.test.ts
@@ -1,432 +0,0 @@
 import { mkdirSync, mkdtempSync, rmSync, writeFileSync } from "node:fs";
 import os from "node:os";
 import path from "node:path";
 import process from "node:process";
 import { fileURLToPath } from "node:url";
 import { afterEach, expect, mock, spyOn, test } from "bun:test";
 import * as core from "@actions/core";
 import * as tc from "@actions/tool-cache";
 const repo = path.dirname(path.dirname(fileURLToPath(import.meta.url)));
 const defaultEntrypoint = fileURLToPath(new URL("./main.ts", import.meta.url));
 const CLI_CONFIG_REGISTRY = "SUPABASE_INTERNAL_IMAGE_REGISTRY";
 const originalWorkspace = process.env.GITHUB_WORKSPACE;
 const tempDirs = new Set<string>();
 let mainModule: typeof import("./main.ts") | null = null;
 afterEach(() => {
  mock.restore();
  process.env.GITHUB_WORKSPACE = originalWorkspace;
  for (const dir of tempDirs) {
    rmSync(dir, { force: true, recursive: true });
  }
  tempDirs.clear();
 });
 function createFakeCli(versionOutput: string): string {
  const dir = mkdtempSync(path.join(os.tmpdir(), "setup-cli-"));
  tempDirs.add(dir);
  if (process.platform === "win32") {
    writeFileSync(
      path.join(dir, "supabase.cmd"),
      versionOutput ? `@echo off\r\necho ${versionOutput}\r\n` : "@echo off\r\n",
    );
    return dir;
  }
  const escapedOutput = versionOutput.replaceAll("'", "'\"'\"'");
  writeFileSync(
    path.join(dir, "supabase"),
    versionOutput
      ? `#!/usr/bin/env bash\nprintf '%s\\n' '${escapedOutput}'\n`
      : "#!/usr/bin/env bash\n",
  );
  Bun.spawnSync(["chmod", "+x", path.join(dir, "supabase")]);
  return dir;
 }
 function createWorkspace(files: Record<string, string>): string {
  const dir = mkdtempSync(path.join(os.tmpdir(), "setup-cli-workspace-"));
  tempDirs.add(dir);
  for (const [relativePath, content] of Object.entries(files)) {
    const filePath = path.join(dir, relativePath);
    mkdirSync(path.dirname(filePath), { recursive: true });
    writeFileSync(filePath, content);
  }
  return dir;
 }
 function createBunLock(
  version: string,
  options: {
    includeDependency?: boolean;
    includePackageEntry?: boolean;
    useDevDependency?: boolean;
  } = {},
 ): string {
  const includeDependency = options.includeDependency ?? true;
  const includePackageEntry = options.includePackageEntry ?? true;
  const dependencyKey = options.useDevDependency ? "devDependencies" : "dependencies";
  return `{
  "lockfileVersion": 1,
  "configVersion": 1,
  "workspaces": {
    "": {
      "name": "app",
      "${dependencyKey}": {
 ${includeDependency ? `        "supabase": "^${version}"` : ""}
      }
    }
  },
  "packages": {
 ${
  includePackageEntry
    ? `    "supabase": [
      "supabase@${version}",
      "",
      {},
      "sha512-test"
    ]`
    : ""
 }
  }
 }
 `;
 }
 function createPnpmLock(
  version: string,
  options: { asString?: boolean; includeVersion?: boolean; useDevDependency?: boolean } = {},
 ): string {
  const dependencyKey = options.useDevDependency ? "devDependencies" : "dependencies";
  return `lockfileVersion: "9.0"
 importers:
  .:
    ${dependencyKey}:
 ${
  options.asString
    ? `      supabase: ${version}`
    : `      supabase:
        specifier: ^${version}
 ${options.includeVersion === false ? "" : `        version: ${version}`}`
 }
 packages:
  supabase@${version}:
    resolution:
      integrity: sha512-test
 `;
 }
 function createPackageLock(version: string): string {
  return JSON.stringify(
    {
      name: "app",
      lockfileVersion: 3,
      packages: {
        "": {
          dependencies: {
            supabase: `^${version}`,
          },
        },
        "node_modules/supabase": {
          version,
        },
      },
    },
    null,
    2,
  );
 }
 function createActionSpies(inputVersion: string, cliDir: string, expectedUrlFragment: string) {
  return {
    getInput: spyOn(core, "getInput").mockImplementation((name: string) =>
      name === "version" ? inputVersion : "",
    ),
    getBooleanInput: spyOn(core, "getBooleanInput").mockImplementation(() => false),
    setOutput: spyOn(core, "setOutput").mockImplementation(() => {}),
    addPath: spyOn(core, "addPath").mockImplementation(() => {}),
    exportVariable: spyOn(core, "exportVariable").mockImplementation(() => {}),
    saveState: spyOn(core, "saveState").mockImplementation(() => {}),
    info: spyOn(core, "info").mockImplementation(() => {}),
    warning: spyOn(core, "warning").mockImplementation(() => {}),
    setFailed: spyOn(core, "setFailed").mockImplementation(() => {}),
    downloadTool: spyOn(tc, "downloadTool").mockImplementation(async (url: string) => {
      expect(url).toContain(expectedUrlFragment);
      return path.join(os.tmpdir(), "supabase-cli.tar.gz");
    }),
    extractTar: spyOn(tc, "extractTar").mockImplementation(async () => cliDir),
  };
 }
 async function getMainModule(): Promise<typeof import("./main.ts")> {
  if (!mainModule) {
    mainModule = await import("./main.ts");
  }
  return mainModule;
 }
 test("awaits the action entrypoint with omitted version and latest fallback", async () => {
  process.env.GITHUB_WORKSPACE = repo;
  const cliDir = createFakeCli("supabase 2.84.2");
  let startDownload!: () => void;
  let finishDownload!: () => void;
  const downloadStarted = new Promise<void>((resolve) => {
    startDownload = resolve;
  });
  const downloadFinished = new Promise<string>((resolve) => {
    finishDownload = () => resolve(path.join(os.tmpdir(), "supabase-cli.tar.gz"));
  });
  const spies = {
    getInput: spyOn(core, "getInput").mockImplementation((name: string) =>
      name === "version" ? "" : "",
    ),
    getBooleanInput: spyOn(core, "getBooleanInput").mockImplementation(() => false),
    setOutput: spyOn(core, "setOutput").mockImplementation(() => {}),
    addPath: spyOn(core, "addPath").mockImplementation(() => {}),
    exportVariable: spyOn(core, "exportVariable").mockImplementation(() => {}),
    saveState: spyOn(core, "saveState").mockImplementation(() => {}),
    info: spyOn(core, "info").mockImplementation(() => {}),
    warning: spyOn(core, "warning").mockImplementation(() => {}),
    setFailed: spyOn(core, "setFailed").mockImplementation(() => {}),
    downloadTool: spyOn(tc, "downloadTool").mockImplementation(async (url: string) => {
      expect(url).toContain("/latest/download/");
      startDownload();
      return downloadFinished;
    }),
    extractTar: spyOn(tc, "extractTar").mockImplementation(async () => cliDir),
  };
  const originalArgv1 = process.argv[1];
  process.argv[1] = defaultEntrypoint;
  try {
    let importSettled = false;
    const entrypoint = import(`./main.ts?entrypoint=${Date.now()}`).finally(() => {
      importSettled = true;
    });
    await downloadStarted;
    await Bun.sleep(0);
    expect(importSettled).toBe(false);
    finishDownload();
    await entrypoint;
  } finally {
    process.argv[1] = originalArgv1 ?? "";
  }
  expect(spies.setOutput).toHaveBeenCalledWith("version", "supabase 2.84.2");
  expect(spies.addPath).toHaveBeenCalledWith(cliDir);
  expect(spies.exportVariable).toHaveBeenCalledWith(CLI_CONFIG_REGISTRY, "ghcr.io");
  expect(spies.setFailed).not.toHaveBeenCalled();
 });
 test("uses the root bun.lock version when version is omitted", async () => {
  process.env.GITHUB_WORKSPACE = createWorkspace({
    "bun.lock": createBunLock("2.41.0"),
  });
  const cliDir = createFakeCli("supabase 2.41.0");
  const spies = createActionSpies("", cliDir, "/download/v2.41.0/supabase_");
  const { run } = await getMainModule();
  await run();
  expect(spies.downloadTool).not.toHaveBeenCalledWith(expect.stringContaining("/latest/download/"));
  expect(spies.setOutput).toHaveBeenCalledWith("version", "supabase 2.41.0");
  expect(spies.exportVariable).toHaveBeenCalledWith(CLI_CONFIG_REGISTRY, "ghcr.io");
  expect(spies.setFailed).not.toHaveBeenCalled();
 });
 test("uses the root pnpm-lock.yaml version when version is omitted", async () => {
  process.env.GITHUB_WORKSPACE = createWorkspace({
    "pnpm-lock.yaml": createPnpmLock("2.42.0"),
  });
  const cliDir = createFakeCli("supabase 2.42.0");
  const spies = createActionSpies("", cliDir, "/download/v2.42.0/supabase_");
  const { run } = await getMainModule();
  await run();
  expect(spies.setOutput).toHaveBeenCalledWith("version", "supabase 2.42.0");
  expect(spies.exportVariable).toHaveBeenCalledWith(CLI_CONFIG_REGISTRY, "ghcr.io");
  expect(spies.setFailed).not.toHaveBeenCalled();
 });
 test("uses the root package-lock.json version when version is omitted", async () => {
  process.env.GITHUB_WORKSPACE = createWorkspace({
    "package-lock.json": createPackageLock("2.43.0"),
  });
  const cliDir = createFakeCli("supabase 2.43.0");
  const spies = createActionSpies("", cliDir, "/download/v2.43.0/supabase_");
  const { run } = await getMainModule();
  await run();
  expect(spies.setOutput).toHaveBeenCalledWith("version", "supabase 2.43.0");
  expect(spies.exportVariable).toHaveBeenCalledWith(CLI_CONFIG_REGISTRY, "ghcr.io");
  expect(spies.setFailed).not.toHaveBeenCalled();
 });
 test("falls through malformed lockfiles and uses the next supported root lockfile", async () => {
  process.env.GITHUB_WORKSPACE = createWorkspace({
    "bun.lock": "{ not valid",
    "package-lock.json": createPackageLock("2.44.0"),
  });
  const cliDir = createFakeCli("supabase 2.44.0");
  const spies = createActionSpies("", cliDir, "/download/v2.44.0/supabase_");
  const { run } = await getMainModule();
  await run();
  expect(spies.setOutput).toHaveBeenCalledWith("version", "supabase 2.44.0");
  expect(spies.exportVariable).toHaveBeenCalledWith(CLI_CONFIG_REGISTRY, "ghcr.io");
  expect(spies.setFailed).not.toHaveBeenCalled();
 });
 test("falls back to latest when version is omitted and no supported root lockfile is present", async () => {
  process.env.GITHUB_WORKSPACE = createWorkspace({
    "README.md": "# app\n",
  });
  const cliDir = createFakeCli("supabase 2.84.2");
  const spies = createActionSpies("", cliDir, "/latest/download/");
  const { run } = await getMainModule();
  await run();
  expect(spies.setOutput).toHaveBeenCalledWith("version", "supabase 2.84.2");
  expect(spies.exportVariable).toHaveBeenCalledWith(CLI_CONFIG_REGISTRY, "ghcr.io");
  expect(spies.setFailed).not.toHaveBeenCalled();
 });
 test("falls back to latest when version is omitted and no workspace is available", async () => {
  delete process.env.GITHUB_WORKSPACE;
  const cliDir = createFakeCli("supabase 2.84.2");
  const spies = createActionSpies("", cliDir, "/latest/download/");
  const { run } = await getMainModule();
  await run();
  expect(spies.setOutput).toHaveBeenCalledWith("version", "supabase 2.84.2");
  expect(spies.exportVariable).toHaveBeenCalledWith(CLI_CONFIG_REGISTRY, "ghcr.io");
  expect(spies.setFailed).not.toHaveBeenCalled();
 });
 test("uses the declared bun.lock version when the resolved package entry is missing", async () => {
  process.env.GITHUB_WORKSPACE = createWorkspace({
    "bun.lock": createBunLock("2.44.1", { includePackageEntry: false, useDevDependency: true }),
  });
  const cliDir = createFakeCli("supabase 2.44.1");
  const spies = createActionSpies("", cliDir, "/download/v2.44.1/supabase_");
  const { run } = await getMainModule();
  await run();
  expect(spies.setOutput).toHaveBeenCalledWith("version", "supabase 2.44.1");
  expect(spies.exportVariable).toHaveBeenCalledWith(CLI_CONFIG_REGISTRY, "ghcr.io");
  expect(spies.setFailed).not.toHaveBeenCalled();
 });
 test("falls through bun.lock without supabase and uses a pnpm string dependency version", async () => {
  process.env.GITHUB_WORKSPACE = createWorkspace({
    "bun.lock": createBunLock("2.47.0", { includeDependency: false }),
    "pnpm-lock.yaml": createPnpmLock("2.47.0", { asString: true }),
  });
  const cliDir = createFakeCli("supabase 2.47.0");
  const spies = createActionSpies("", cliDir, "/download/v2.47.0/supabase_");
  const { run } = await getMainModule();
  await run();
  expect(spies.setOutput).toHaveBeenCalledWith("version", "supabase 2.47.0");
  expect(spies.exportVariable).toHaveBeenCalledWith(CLI_CONFIG_REGISTRY, "ghcr.io");
  expect(spies.setFailed).not.toHaveBeenCalled();
 });
 test("falls through malformed pnpm lockfiles and uses the next supported root lockfile", async () => {
  process.env.GITHUB_WORKSPACE = createWorkspace({
    "pnpm-lock.yaml": "not: [valid",
    "package-lock.json": createPackageLock("2.48.0"),
  });
  const cliDir = createFakeCli("supabase 2.48.0");
  const spies = createActionSpies("", cliDir, "/download/v2.48.0/supabase_");
  const { run } = await getMainModule();
  await run();
  expect(spies.setOutput).toHaveBeenCalledWith("version", "supabase 2.48.0");
  expect(spies.exportVariable).toHaveBeenCalledWith(CLI_CONFIG_REGISTRY, "ghcr.io");
  expect(spies.setFailed).not.toHaveBeenCalled();
 });
 test("falls through unreadable bun.lock paths and malformed package-lock files to latest", async () => {
  const workspace = createWorkspace({
    "package-lock.json": "{ invalid",
  });
  mkdirSync(path.join(workspace, "bun.lock"), { recursive: true });
  process.env.GITHUB_WORKSPACE = workspace;
  const cliDir = createFakeCli("supabase 2.84.2");
  const spies = createActionSpies("", cliDir, "/latest/download/");
  const { run } = await getMainModule();
  await run();
  expect(spies.setOutput).toHaveBeenCalledWith("version", "supabase 2.84.2");
  expect(spies.exportVariable).toHaveBeenCalledWith(CLI_CONFIG_REGISTRY, "ghcr.io");
  expect(spies.setFailed).not.toHaveBeenCalled();
 });
 test("falls back to latest when a pnpm dependency entry has no concrete version", async () => {
  process.env.GITHUB_WORKSPACE = createWorkspace({
    "pnpm-lock.yaml": createPnpmLock("2.49.0", { includeVersion: false }),
  });
  const cliDir = createFakeCli("supabase 2.84.2");
  const spies = createActionSpies("", cliDir, "/latest/download/");
  const { run } = await getMainModule();
  await run();
  expect(spies.setOutput).toHaveBeenCalledWith("version", "supabase 2.84.2");
  expect(spies.exportVariable).toHaveBeenCalledWith(CLI_CONFIG_REGISTRY, "ghcr.io");
  expect(spies.setFailed).not.toHaveBeenCalled();
 });
 test("explicit version overrides detected root lockfiles", async () => {
  process.env.GITHUB_WORKSPACE = createWorkspace({
    "bun.lock": createBunLock("2.45.0"),
  });
  const cliDir = createFakeCli("supabase 1.0.0");
  const spies = createActionSpies("1.0.0", cliDir, "/download/v1.0.0/supabase_1.0.0_");
  const { run } = await getMainModule();
  await run();
  expect(spies.setOutput).toHaveBeenCalledWith("version", "supabase 1.0.0");
  expect(spies.exportVariable).not.toHaveBeenCalled();
  expect(spies.setFailed).not.toHaveBeenCalled();
 });
 test("fails when the installed CLI does not report a version", async () => {
  process.env.GITHUB_WORKSPACE = createWorkspace({
    "package-lock.json": createPackageLock("2.46.0"),
  });
  const cliDir = createFakeCli("");
  const spies = createActionSpies("", cliDir, "/download/v2.46.0/supabase_");
  const { run } = await getMainModule();
  await run();
  expect(spies.setFailed).toHaveBeenCalledWith(
    "Could not determine installed Supabase CLI version",
  );
  expect(spies.setOutput).not.toHaveBeenCalled();
  expect(spies.addPath).not.toHaveBeenCalled();
  expect(spies.exportVariable).not.toHaveBeenCalled();
 });
--- a/src/main.ts
+++ b/src/main.ts
@@ -1,230 +1,57 @@
-import * as core from "@actions/core";
+import * as core from '@actions/core'
-import * as tc from "@actions/tool-cache";
+import * as tc from '@actions/tool-cache'
-import { load as loadYaml } from "js-yaml";
+import { gte } from 'semver'
-import * as semver from "semver";
+import {
-import { execFile as execFileCallback } from "node:child_process";
+  getDownloadArchive,
-import { existsSync, readFileSync } from "node:fs";
+  determineInstalledVersion,
-import path from "node:path";
+  getCliPath,
-import { fileURLToPath } from "node:url";
+  installAlpineRuntimeDependencies
-import { promisify } from "node:util";
+} from './utils.js'
 import { getGhcrImageRegistry, getImageRegistry, restoreDockerImageCache } from "./cache";
-export const CLI_CONFIG_REGISTRY = "SUPABASE_INTERNAL_IMAGE_REGISTRY";
+export const CLI_CONFIG_REGISTRY = 'SUPABASE_INTERNAL_IMAGE_REGISTRY'
 const REGISTRY_VERSION = "1.28.0";
 const DEFAULT_VERSION = "latest";
 const execFile = promisify(execFileCallback);
 type BunLock = {
  workspaces?: {
    "": {
      dependencies?: Record<string, string>;
      devDependencies?: Record<string, string>;
    };
  };
  packages?: Record<string, unknown>;
 };
 type PnpmDependency =
  | string
  | {
      version?: string;
    };
 type PnpmLock = {
  importers?: {
    ".": {
      dependencies?: Record<string, PnpmDependency>;
      devDependencies?: Record<string, PnpmDependency>;
    };
  };
 };
 type PackageLock = {
  packages?: Record<string, { version?: string }>;
  dependencies?: Record<string, { version?: string }>;
 };
 function getArchivePlatform(platform: NodeJS.Platform): string {
  return platform === "win32" ? "windows" : platform;
 }
 function getArchiveArch(arch: NodeJS.Architecture): string {
  return arch === "x64" ? "amd64" : arch;
 }
 function extractConcreteVersion(raw: string | undefined): string | null {
  if (!raw) {
    return null;
  }
  const match = raw.match(/\d+\.\d+\.\d+(?:-[0-9A-Za-z.-]+)?(?:\+[0-9A-Za-z.-]+)?/);
  return match?.[0] ?? null;
 }
 function readWorkspaceLockfile(workspaceRoot: string, filename: string): string | null {
  const filePath = path.join(workspaceRoot, filename);
  if (!existsSync(filePath)) {
    return null;
  }
  try {
    return readFileSync(filePath, "utf8");
  } catch {
    return null;
  }
 }
 function detectVersionFromBunLock(workspaceRoot: string): string | null {
  const text = readWorkspaceLockfile(workspaceRoot, "bun.lock");
  if (!text) {
    return null;
  }
  try {
    const lockfile = JSON.parse(text.replace(/,\s*([}\]])/g, "$1")) as BunLock;
    const rootWorkspace = lockfile.workspaces?.[""];
    const declaredVersion =
      rootWorkspace?.dependencies?.supabase ?? rootWorkspace?.devDependencies?.supabase;
    if (!declaredVersion) {
      return null;
    }
    const resolvedPackage = lockfile.packages?.supabase;
    if (Array.isArray(resolvedPackage) && typeof resolvedPackage[0] === "string") {
      return extractConcreteVersion(resolvedPackage[0]);
    }
    return extractConcreteVersion(declaredVersion);
  } catch {
    return null;
  }
 }
 function detectVersionFromPnpmLock(workspaceRoot: string): string | null {
  const text = readWorkspaceLockfile(workspaceRoot, "pnpm-lock.yaml");
  if (!text) {
    return null;
  }
  try {
    const lockfile = loadYaml(text) as PnpmLock;
    const rootImporter = lockfile.importers?.["."];
    const dependency =
      rootImporter?.dependencies?.supabase ?? rootImporter?.devDependencies?.supabase;
    if (typeof dependency === "string") {
      return extractConcreteVersion(dependency);
    }
    return extractConcreteVersion(dependency?.version);
  } catch {
    return null;
  }
 }
 function detectVersionFromPackageLock(workspaceRoot: string): string | null {
  const text = readWorkspaceLockfile(workspaceRoot, "package-lock.json");
  if (!text) {
    return null;
  }
  try {
    const lockfile = JSON.parse(text) as PackageLock;
    return (
      extractConcreteVersion(lockfile.packages?.["node_modules/supabase"]?.version) ??
      extractConcreteVersion(lockfile.dependencies?.supabase?.version)
    );
  } catch {
    return null;
  }
 }
 function resolveVersion(inputVersion: string): string {
  const requestedVersion = inputVersion.trim();
  if (requestedVersion) {
    return requestedVersion;
  }
  const workspaceRoot = process.env.GITHUB_WORKSPACE?.trim();
  if (!workspaceRoot) {
    return DEFAULT_VERSION;
  }
  return (
    detectVersionFromBunLock(workspaceRoot) ??
    detectVersionFromPnpmLock(workspaceRoot) ??
    detectVersionFromPackageLock(workspaceRoot) ??
    DEFAULT_VERSION
  );
 }
 export function getDownloadUrl(version: string): string {
  const platform = getArchivePlatform(process.platform);
  const arch = getArchiveArch(process.arch);
  const filename = `supabase_${platform}_${arch}.tar.gz`;
  if (version.toLowerCase() === "latest") {
    return `https://github.com/supabase/cli/releases/latest/download/${filename}`;
  }
  if (semver.compare(version, REGISTRY_VERSION) === -1) {
    return `https://github.com/supabase/cli/releases/download/v${version}/supabase_${version}_${platform}_${arch}.tar.gz`;
  }
  return `https://github.com/supabase/cli/releases/download/v${version}/${filename}`;
 }
 function getSupabaseExecutable(cliPath: string): string {
  const names =
    process.platform === "win32" ? ["supabase.exe", "supabase.cmd", "supabase"] : ["supabase"];
  for (const name of names) {
    const executable = path.join(cliPath, name);
    if (existsSync(executable)) {
      return executable;
    }
  }
  return path.join(cliPath, "supabase");
 }
 export async function determineInstalledVersion(cliPath: string): Promise<string> {
  const { stdout } = await execFile(getSupabaseExecutable(cliPath), ["--version"]);
  const version = stdout.trim();
  if (!version) {
    throw new Error("Could not determine installed Supabase CLI version");
  }
  return version;
 }
 /**
 * The main function for the action.
 *
 * @returns Resolves when the action is complete.
 */
 export async function run(): Promise<void> {
  try {
-    const version = resolveVersion(core.getInput("version"));
+    // Get version of tool to be installed
-    const tarball = await tc.downloadTool(getDownloadUrl(version));
+    const version = core.getInput('version')
-    const cliPath = await tc.extractTar(tarball);
+    const githubToken = core.getInput('github-token')
    const installedVersion = await determineInstalledVersion(cliPath);
    core.setOutput("version", installedVersion);
    core.addPath(cliPath);
-    if (version.toLowerCase() === "latest" || semver.compare(version, REGISTRY_VERSION) >= 0) {
+    // Download the specific version of the tool, e.g. as a tarball/zipball
-      core.exportVariable(CLI_CONFIG_REGISTRY, getGhcrImageRegistry());
+    const download = await getDownloadArchive(
      version,
      undefined,
      undefined,
      undefined,
      githubToken
    )
    const pathToArchive = await tc.downloadTool(download.url)
    // Extract the tarball/zipball onto host runner
    const extractedPath =
      download.format === 'zip'
        ? await tc.extractZip(pathToArchive)
        : await tc.extractTar(pathToArchive)
    const pathToCLI = getCliPath(extractedPath, download.format)
    await installAlpineRuntimeDependencies(download.format)
    // Expose the tool by adding it to the PATH
    core.addPath(pathToCLI)
    // Expose installed tool version
    const determinedVersion = await determineInstalledVersion()
    core.setOutput('version', determinedVersion)
    // Use GHCR mirror by default
    if (version.toLowerCase() === 'latest' || gte(version, '1.28.0')) {
      core.exportVariable(CLI_CONFIG_REGISTRY, 'ghcr.io')
    }
    await restoreDockerImageCache(installedVersion, getImageRegistry());
  } catch (error) {
-    core.setFailed(error instanceof Error ? error.message : String(error));
+    if (error instanceof Error) core.setFailed(error.message)
  }
 }
 if (process.argv[1] === fileURLToPath(import.meta.url)) {
  await run();
 }
--- a/src/post.ts
+++ b/src/post.ts
@@ -1,17 +0,0 @@
 import * as core from "@actions/core";
 import { fileURLToPath } from "node:url";
 import { saveDockerImageCache } from "./cache";
 export async function run(): Promise<void> {
  try {
    await saveDockerImageCache();
  } catch (error) {
    core.warning(
      `Supabase Docker image cache post step failed: ${error instanceof Error ? error.message : String(error)}`,
    );
  }
 }
 if (process.argv[1] === fileURLToPath(import.meta.url)) {
  await run();
 }
--- a/src/utils.ts
+++ b/src/utils.ts
@@ -0,0 +1,214 @@
 import { exec } from 'child_process'
 import { existsSync } from 'fs'
 import os from 'os'
 import { gte, lt } from 'semver'
 import { promisify } from 'util'
 const doExec = promisify(exec)
 const VERSIONED_ARCHIVE_VERSION = '2.99.0'
 const LATEST_RELEASE_URL =
  'https://api.github.com/repos/supabase/cli/releases/latest'
 export type ArchiveFormat = 'apk' | 'tar' | 'zip'
 export type DownloadArchive = {
  url: string
  format: ArchiveFormat
 }
 // arch in [arm, arm64, x64...] (https://nodejs.org/docs/latest-v16.x/api/os.html#osarch)
 // return value in [amd64, arm64, arm]
 const mapArch = (arch: string): string => {
  const mappings: Record<string, string> = {
    x64: 'amd64'
  }
  return mappings[arch] || arch
 }
 // os in [darwin, linux, win32...] (https://nodejs.org/docs/latest-v16.x/api/os.html#osplatform)
 // return value in [darwin, linux, windows]
 const mapOS = (platform: string): string => {
  const mappings: Record<string, string> = {
    win32: 'windows'
  }
  return mappings[platform] || platform
 }
 const normalizeVersion = (version: string): string => version.replace(/^v/i, '')
 const resolveLatestVersion = async (githubToken?: string): Promise<string> => {
  const headers: Record<string, string> = {
    Accept: 'application/vnd.github+json',
    'X-GitHub-Api-Version': '2022-11-28'
  }
  const token = githubToken?.trim()
  if (token) {
    headers.Authorization = `Bearer ${token}`
  }
  const response = await fetch(LATEST_RELEASE_URL, { headers })
  if (!response.ok) {
    throw new Error(
      `Failed to resolve latest Supabase CLI release: ${response.statusText}`
    )
  }
  const release = (await response.json()) as { tag_name?: unknown }
  if (typeof release.tag_name !== 'string') {
    throw new Error(
      'Failed to resolve latest Supabase CLI release: missing tag name'
    )
  }
  return normalizeVersion(release.tag_name)
 }
 const detectMuslLinux = async (platform = os.platform()): Promise<boolean> => {
  if (platform !== 'linux') {
    return false
  }
  if (existsSync('/etc/alpine-release')) {
    return true
  }
  try {
    const { stdout, stderr } = await doExec('ldd --version')
    return `${stdout}\n${stderr}`.toLowerCase().includes('musl')
  } catch (error) {
    const output = error instanceof Error ? error.message : String(error)
    return output.toLowerCase().includes('musl')
  }
 }
 const getArchiveFormat = (
  version: string,
  platform: string,
  isMuslLinux: boolean
 ): ArchiveFormat => {
  if (
    platform === 'linux' &&
    isMuslLinux &&
    gte(version, VERSIONED_ARCHIVE_VERSION)
  ) {
    return 'apk'
  }
  if (platform === 'win32' && gte(version, VERSIONED_ARCHIVE_VERSION)) {
    return 'zip'
  }
  return 'tar'
 }
 const getArchiveFilename = (
  version: string,
  platform: string,
  arch: string,
  format: ArchiveFormat
 ): string => {
  const archivePlatform = mapOS(platform)
  const archiveArch = mapArch(arch)
  if (lt(version, '1.28.0')) {
    return `supabase_${version}_${archivePlatform}_${archiveArch}.tar.gz`
  }
  if (platform === 'linux' && format === 'apk') {
    return `supabase_${version}_${archivePlatform}_${archiveArch}.apk`
  }
  if (gte(version, VERSIONED_ARCHIVE_VERSION)) {
    const extension = platform === 'win32' ? 'zip' : 'tar.gz'
    return `supabase_${version}_${archivePlatform}_${archiveArch}.${extension}`
  }
  return `supabase_${archivePlatform}_${archiveArch}.tar.gz`
 }
 export const getDownloadArchive = async (
  version: string,
  platform = os.platform(),
  arch = os.arch(),
  isMuslLinux?: boolean,
  githubToken?: string
 ): Promise<DownloadArchive> => {
  const resolvedVersion =
    version.toLowerCase() === 'latest'
      ? await resolveLatestVersion(githubToken)
      : normalizeVersion(version)
  const format = getArchiveFormat(
    resolvedVersion,
    platform,
    isMuslLinux ?? (await detectMuslLinux(platform))
  )
  const filename = getArchiveFilename(resolvedVersion, platform, arch, format)
  return {
    url: `https://github.com/supabase/cli/releases/download/v${resolvedVersion}/${filename}`,
    format
  }
 }
 export const getCliPath = (
  extractedPath: string,
  archiveFormat: ArchiveFormat
 ): string => {
  return archiveFormat === 'apk' ? `${extractedPath}/usr/bin` : extractedPath
 }
 export const installAlpineRuntimeDependencies = async (
  archiveFormat: ArchiveFormat
 ): Promise<void> => {
  if (archiveFormat !== 'apk') {
    return
  }
  try {
    await doExec('command -v apk')
  } catch {
    throw new Error(
      'Linux musl containers need libstdc++ and libgcc to run Supabase CLI. Install them before supabase/setup-cli.'
    )
  }
  try {
    await doExec('apk info -e libstdc++ libgcc')
    return
  } catch {
    const { stdout } = await doExec('id -u')
    if (stdout.trim() !== '0') {
      throw new Error(
        "Alpine/musl containers need libstdc++ and libgcc to run Supabase CLI. Add 'apk add --no-cache libstdc++ libgcc' before supabase/setup-cli, or run this job container as root."
      )
    }
  }
  // The Supabase CLI shim in the apk dynamically links these Alpine runtime libraries.
  await doExec('apk add --no-cache libstdc++ libgcc')
 }
 export const getDownloadUrl = async (
  version: string,
  githubToken?: string
 ): Promise<string> => {
  const archive = await getDownloadArchive(
    version,
    os.platform(),
    os.arch(),
    undefined,
    githubToken
  )
  return archive.url
 }
 export const determineInstalledVersion = async (): Promise<string> => {
  const { stdout } = await doExec('supabase --version')
  const version = stdout.trim()
  if (!version) {
    throw new Error('Could not determine installed Supabase CLI version')
  }
  return version
 }
--- a/tsconfig.base.json
+++ b/tsconfig.base.json
@@ -0,0 +1,23 @@
 {
  "$schema": "https://json.schemastore.org/tsconfig",
  "compilerOptions": {
    "allowSyntheticDefaultImports": true,
    "declaration": false,
    "declarationMap": false,
    "esModuleInterop": true,
    "forceConsistentCasingInFileNames": true,
    "isolatedModules": true,
    "lib": ["ES2022"],
    "module": "NodeNext",
    "moduleResolution": "NodeNext",
    "newLine": "lf",
    "noImplicitAny": true,
    "noUnusedLocals": true,
    "noUnusedParameters": false,
    "pretty": true,
    "resolveJsonModule": true,
    "strict": true,
    "strictNullChecks": true,
    "target": "ES2022"
  }
 }
--- a/tsconfig.eslint.json
+++ b/tsconfig.eslint.json
@@ -0,0 +1,17 @@
 {
  "$schema": "https://json.schemastore.org/tsconfig",
  "extends": "./tsconfig.base.json",
  "compilerOptions": {
    "allowJs": true,
    "noEmit": true
  },
  "exclude": ["dist", "node_modules"],
  "include": [
    "__fixtures__",
    "__tests__",
    "src",
    "eslint.config.mjs",
    "jest.config.js",
    "rollup.config.ts"
  ]
 }
--- a/tsconfig.json
+++ b/tsconfig.json
@@ -1,7 +1,11 @@
 {
-  "extends": "@tsconfig/bun/tsconfig.json",
+  "$schema": "https://json.schemastore.org/tsconfig",
  "extends": "./tsconfig.base.json",
  "compilerOptions": {
-    "types": ["bun", "node"]
+    "module": "NodeNext",
    "moduleResolution": "NodeNext",
    "outDir": "./dist"
  },
  "exclude": ["__fixtures__", "__tests__", "coverage", "dist", "node_modules"],
  "include": ["src"]
 }
		`@@ -0,0 +1,3 @@`
							`* text=auto eol=lf`

							`dist/** -diff linguist-generated=true`
		`@@ -0,0 +1 @@`
							<svg xmlns="http://www.w3.org/2000/svg" width="116" height="20" role="img" aria-label="Coverage: 51.42%"><title>Coverage: 51.42%</title><linearGradient id="s" x2="0" y2="100%"><stop offset="0" stop-color="#bbb" stop-opacity=".1"/><stop offset="1" stop-opacity=".1"/></linearGradient><clipPath id="r"><rect width="116" height="20" rx="3" fill="#fff"/></clipPath><g clip-path="url(#r)"><rect width="63" height="20" fill="#555"/><rect x="63" width="53" height="20" fill="#e05d44"/><rect width="116" height="20" fill="url(#s)"/></g><g fill="#fff" text-anchor="middle" font-family="Verdana,Geneva,DejaVu Sans,sans-serif" text-rendering="geometricPrecision" font-size="110"><text aria-hidden="true" x="325" y="150" fill="#010101" fill-opacity=".3" transform="scale(.1)" textLength="530">Coverage</text><text x="325" y="140" transform="scale(.1)" fill="#fff" textLength="530">Coverage</text><text aria-hidden="true" x="885" y="150" fill="#010101" fill-opacity=".3" transform="scale(.1)" textLength="430">51.42%</text><text x="885" y="140" transform="scale(.1)" fill="#fff" textLength="430">51.42%</text></g></svg>