Update README.md

.github/workflows/codeql-analysis.yml

@@ -1,6 +1,7 @@
 name: CodeQL
 
 on:
+  pull_request:
   push:
     branches:
       - main

.github/workflows/linter.yml

@@ -48,11 +48,9 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           LINTER_RULES_PATH: ${{ github.workspace }}
           VALIDATE_ALL_CODEBASE: true
-          VALIDATE_BIOME_FORMAT: false
           VALIDATE_JAVASCRIPT_ES: false
           VALIDATE_JAVASCRIPT_STANDARD: false
           VALIDATE_JSCPD: false
           VALIDATE_TYPESCRIPT_ES: false
           VALIDATE_JSON: false
-          VALIDATE_GITHUB_ACTIONS_ZIZMOR: false
           VALIDATE_TYPESCRIPT_STANDARD: false

.github/workflows/start.yml

@@ -38,7 +38,6 @@ jobs:
       - uses: ./
         with:
           version: ${{ matrix.version }}
-          github-token: ${{ github.token }}
       - run: supabase init
       - run:
           sed -i -E "s|^(major_version) .*|\1 = ${{ matrix.pg_major }}|"

.github/workflows/test.yml

@@ -56,7 +56,6 @@ jobs:
       - uses: ./
         with:
           version: ${{ matrix.version }}
-          github-token: ${{ github.token }}
       - run: supabase -h
 
   check:

.licenses/npm/@actions/core.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@actions/core"
-version: 3.0.1
+version: 1.11.1
 type: npm
 summary: Actions core lib
 homepage: https://github.com/actions/toolkit/tree/main/packages/core

.licenses/npm/@actions/exec.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@actions/exec"
-version: 3.0.0
+version: 1.1.1
 type: npm
 summary: Actions exec lib
 homepage: https://github.com/actions/toolkit/tree/main/packages/exec

.licenses/npm/@actions/http-client.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@actions/http-client"
-version: 4.0.1
+version: 2.2.3
 type: npm
 summary: Actions Http Client
 homepage: https://github.com/actions/toolkit/tree/main/packages/http-client

.licenses/npm/@actions/io.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@actions/io"
-version: 3.0.2
+version: 1.1.3
 type: npm
 summary: Actions io lib
 homepage: https://github.com/actions/toolkit/tree/main/packages/io

.licenses/npm/@actions/tool-cache.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@actions/tool-cache"
-version: 4.0.0
+version: 2.0.2
 type: npm
 summary: Actions tool-cache lib
 homepage: https://github.com/actions/toolkit/tree/main/packages/tool-cache

.licenses/npm/@fastify/busboy.dep.yml

@@ -0,0 +1,30 @@
+---
+name: "@fastify/busboy"
+version: 2.1.1
+type: npm
+summary: A streaming parser for HTML form data for node.js
+homepage:
+license: mit
+licenses:
+- sources: LICENSE
+  text: |-
+    Copyright Brian White. All rights reserved.
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy
+    of this software and associated documentation files (the "Software"), to
+    deal in the Software without restriction, including without limitation the
+    rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+    sell copies of the Software, and to permit persons to whom the Software is
+    furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in
+    all copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+    FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+    IN THE SOFTWARE.
+notices: []

.licenses/npm/semver-6.3.1.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: semver
-version: 7.8.0
+version: 6.3.1
 type: npm
 summary: The semantic version parser used by npm.
 homepage:

.licenses/npm/semver-7.7.2.dep.yml

@@ -0,0 +1,26 @@
+---
+name: semver
+version: 7.7.2
+type: npm
+summary: The semantic version parser used by npm.
+homepage:
+license: isc
+licenses:
+- sources: LICENSE
+  text: |
+    The ISC License
+
+    Copyright (c) Isaac Z. Schlueter and Contributors
+
+    Permission to use, copy, modify, and/or distribute this software for any
+    purpose with or without fee is hereby granted, provided that the above
+    copyright notice and this permission notice appear in all copies.
+
+    THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+    WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+    MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+    ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
+    IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+notices: []

.licenses/npm/undici.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: undici
-version: 6.25.0
+version: 5.29.0
 type: npm
 summary: An HTTP/1.1 client, written from scratch for Node.js
 homepage: https://undici.nodejs.org

README.md

@@ -34,7 +34,7 @@ A specific version of the `supabase` CLI can be installed:
 steps:
   - uses: supabase/setup-cli@v1
     with:
-      version: 2.20.3
+      version: 2.33.0
 ```
 
 Run `supabase db start` to execute all migrations on a fresh database:
@@ -44,9 +44,9 @@ steps:
   - uses: supabase/setup-cli@v1
     with:
       version: latest
-      github-token: ${{ github.token }}
-  - run: supabase init
   - run: supabase db start
+  # Optionally connect to the local database using psql
+  - run: psql 'postgres://postgres:postgres@localhost:54322/postgres' -c ''
 ```
 
 Since Supabase CLI relies on Docker Engine API, additional setup may be required
@@ -56,10 +56,9 @@ on Windows and macOS runners.
 
 The actions supports the following inputs:
 
-| Name           | Type   | Description                                                                | Default  | Required |
-| -------------- | ------ | -------------------------------------------------------------------------- | -------- | -------- |
-| `version`      | String | Supabase CLI version (or `latest`)                                         | `2.20.3` | false    |
-| `github-token` | String | GitHub token used to resolve `latest` without unauthenticated API limiting |          | false    |
+| Name      | Type   | Description                        | Default  | Required |
+| --------- | ------ | ---------------------------------- | -------- | -------- |
+| `version` | String | Supabase CLI version (or `latest`) | `2.33.0` | false    |
 
 ## Advanced Usage
 
@@ -68,11 +67,10 @@ Check generated TypeScript types are up-to-date with Postgres schema:
 ```yaml
 steps:
   - uses: supabase/setup-cli@v1
-  - run: supabase init
   - run: supabase db start
   - name: Verify generated types match Postgres schema
     run: |
-      supabase gen types typescript --local > schema.gen.ts
+      supabase gen types --local > schema.gen.ts
       if ! git diff --ignore-space-at-eol --exit-code --quiet schema.gen.ts; then
         echo "Detected uncommitted changes after build. See status below:"
         git diff
@@ -85,6 +83,7 @@ Release job to push schema changes to a Supabase project:
 ```yaml
 env:
   SUPABASE_ACCESS_TOKEN: ${{ secrets.ACCESS_TOKEN }}
+  # Optionally set the postgres password for linking project database
   SUPABASE_DB_PASSWORD: ${{ secrets.DB_PASSWORD }}
   # Retrieve <project-id> from dashboard url: https://app.supabase.com/project/<project-id>
   PROJECT_ID: <project-id>
@@ -137,8 +136,8 @@ need to perform some initial setup steps before you can develop your action.
 
 ## Publish to a distribution branch
 
-Actions are run from this GitHub repository so we will check in the packed
-`dist` folder.
+Actions are run from this GitHub repository so we will checkin the packed `dist`
+folder.
 
 1. Create a new GitHub release
 2. Rebase `v1` branch on `main`
@@ -157,7 +156,6 @@ repository (see [test.yml](.github/workflows/test.yml))
 uses: ./
 with:
   version: latest
-  github-token: ${{ github.token }}
 ```
 
 See the [actions tab](https://github.com/supabase/setup-cli/actions) for runs of

__tests__/main.test.ts

@@ -1,4 +1,4 @@
-import { getCliPath, getDownloadArchive, getDownloadUrl } from '../src/utils'
+import { getDownloadUrl } from '../src/utils'
 import { CLI_CONFIG_REGISTRY } from '../src/main'
 import * as os from 'os'
 import * as process from 'process'
@@ -7,11 +7,7 @@ import * as path from 'path'
 import * as fs from 'fs'
 import * as yaml from 'js-yaml'
 import * as url from 'url'
-import { afterEach, expect, jest, test } from '@jest/globals'
-
-afterEach(() => {
-  jest.restoreAllMocks()
-})
+import { expect, test } from '@jest/globals'
 
 test('gets download url to binary', async () => {
   const url = await getDownloadUrl('1.28.0')
@@ -35,108 +31,10 @@ test('gets legacy download url to binary', async () => {
 })
 
 test('gets download url to latest version', async () => {
-  jest.spyOn(globalThis, 'fetch').mockResolvedValue(
-    new Response(JSON.stringify({ tag_name: 'v2.99.0' }), {
-      status: 200,
-      statusText: 'OK'
-    })
-  )
-
   const url = await getDownloadUrl('latest')
-  expect(url).toContain('/download/v2.99.0/supabase_2.99.0_')
-  expect(url).toMatch(/\.tar\.gz$|\.zip$/)
-})
-
-test('authenticates latest version lookup when a GitHub token is provided', async () => {
-  const fetchMock = jest.spyOn(globalThis, 'fetch').mockResolvedValue(
-    new Response(JSON.stringify({ tag_name: 'v2.99.0' }), {
-      status: 200,
-      statusText: 'OK'
-    })
+  expect(url).toMatch(
+    'https://github.com/supabase/cli/releases/latest/download/'
   )
-
-  await getDownloadUrl('latest', 'github-token')
-
-  expect(fetchMock).toHaveBeenCalledWith(
-    'https://api.github.com/repos/supabase/cli/releases/latest',
-    expect.objectContaining({
-      headers: expect.objectContaining({
-        Accept: 'application/vnd.github+json',
-        Authorization: 'Bearer github-token',
-        'X-GitHub-Api-Version': '2022-11-28'
-      })
-    })
-  )
-})
-
-test('omits authorization from latest version lookup without a GitHub token', async () => {
-  const fetchMock = jest.spyOn(globalThis, 'fetch').mockResolvedValue(
-    new Response(JSON.stringify({ tag_name: 'v2.99.0' }), {
-      status: 200,
-      statusText: 'OK'
-    })
-  )
-
-  await getDownloadUrl('latest')
-
-  expect(fetchMock).toHaveBeenCalledWith(
-    'https://api.github.com/repos/supabase/cli/releases/latest',
-    expect.objectContaining({
-      headers: expect.not.objectContaining({
-        Authorization: expect.any(String)
-      })
-    })
-  )
-})
-
-test('gets versioned archive url to binary from Supabase CLI v2.99.0', async () => {
-  const archive = await getDownloadArchive('2.99.0', 'linux', 'x64')
-
-  expect(archive).toEqual({
-    url: 'https://github.com/supabase/cli/releases/download/v2.99.0/supabase_2.99.0_linux_amd64.tar.gz',
-    format: 'tar'
-  })
-})
-
-test('gets apk archive url on Linux musl from Supabase CLI v2.99.0', async () => {
-  const archive = await getDownloadArchive('2.99.0', 'linux', 'x64', true)
-
-  expect(archive).toEqual({
-    url: 'https://github.com/supabase/cli/releases/download/v2.99.0/supabase_2.99.0_linux_amd64.apk',
-    format: 'apk'
-  })
-})
-
-test('keeps tar archives before Supabase CLI v2.99.0 on Linux musl', async () => {
-  const archive = await getDownloadArchive('2.98.2', 'linux', 'x64', true)
-
-  expect(archive).toEqual({
-    url: 'https://github.com/supabase/cli/releases/download/v2.98.2/supabase_linux_amd64.tar.gz',
-    format: 'tar'
-  })
-})
-
-test('uses usr/bin as the CLI path for apk archives', () => {
-  expect(getCliPath('/tmp/extracted', 'apk')).toBe('/tmp/extracted/usr/bin')
-  expect(getCliPath('/tmp/extracted', 'tar')).toBe('/tmp/extracted')
-  expect(getCliPath('/tmp/extracted', 'zip')).toBe('/tmp/extracted')
-})
-
-test('gets versioned zip archive url on Windows from Supabase CLI v2.99.0', async () => {
-  const archive = await getDownloadArchive('2.99.0', 'win32', 'x64')
-
-  expect(archive).toEqual({
-    url: 'https://github.com/supabase/cli/releases/download/v2.99.0/supabase_2.99.0_windows_amd64.zip',
-    format: 'zip'
-  })
-})
-
-test('keeps unversioned archive url to binary before Supabase CLI v2.99.0', async () => {
-  const url = await getDownloadUrl('2.98.2')
-
-  expect(url).toContain('/download/v2.98.2/supabase_')
-  expect(url).not.toContain('supabase_2.98.2_')
-  expect(url).toMatch(/\.tar\.gz$/)
 })
 
 // shows how the runner will run a javascript action with env / stdout protocol

action.yml

@@ -5,12 +5,7 @@ inputs:
   version:
     description: Version of Supabase CLI to install
     required: false
-    default: 2.20.3
-  github-token:
-    description:
-      GitHub token used to resolve the latest Supabase CLI release without
-      hitting unauthenticated API limits.
-    required: false
+    default: 2.33.0
 outputs:
   version:
     description: Version of installed Supabase CLI

package-lock.json

@@ -9,8 +9,8 @@
       "version": "1.6.0",
       "license": "MIT",
       "dependencies": {
-        "@actions/core": "^3.0.1",
-        "@actions/tool-cache": "^4.0.0",
+        "@actions/core": "^1.11.1",
+        "@actions/tool-cache": "^2.0.2",
         "semver": "^7.7.2"
       },
       "devDependencies": {
@@ -70,17 +70,6 @@
         "unzip-stream": "^0.3.1"
       }
     },
-    "node_modules/@actions/artifact/node_modules/@actions/core": {
-      "version": "1.11.1",
-      "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.11.1.tgz",
-      "integrity": "sha512-hXJCSrkwfA46Vd9Z3q4cpEpHB1rL5NG04+/rbqW9d3+CSvtB1tYe8UTpAlixa1vj0m/ULglfEK2UKxMGxCxv5A==",
-      "dev": true,
-      "license": "MIT",
-      "dependencies": {
-        "@actions/exec": "^1.1.1",
-        "@actions/http-client": "^2.0.1"
-      }
-    },
     "node_modules/@actions/artifact/node_modules/@actions/github": {
       "version": "5.1.1",
       "resolved": "https://registry.npmjs.org/@actions/github/-/github-5.1.1.tgz",
@@ -263,54 +252,19 @@
       "license": "ISC"
     },
     "node_modules/@actions/core": {
-      "version": "3.0.1",
-      "resolved": "https://registry.npmjs.org/@actions/core/-/core-3.0.1.tgz",
-      "integrity": "sha512-a6d/Nwahm9fliVGRhdhofo40HjHQasUPusmc7vBfyky+7Z+P2A1J68zyFVaNcEclc/Se+eO595oAr5nwEIoIUA==",
+      "version": "1.11.1",
+      "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.11.1.tgz",
+      "integrity": "sha512-hXJCSrkwfA46Vd9Z3q4cpEpHB1rL5NG04+/rbqW9d3+CSvtB1tYe8UTpAlixa1vj0m/ULglfEK2UKxMGxCxv5A==",
       "license": "MIT",
       "dependencies": {
-        "@actions/exec": "^3.0.0",
-        "@actions/http-client": "^4.0.0"
-      }
-    },
-    "node_modules/@actions/core/node_modules/@actions/exec": {
-      "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/@actions/exec/-/exec-3.0.0.tgz",
-      "integrity": "sha512-6xH/puSoNBXb72VPlZVm7vQ+svQpFyA96qdDBvhB8eNZOE8LtPf9L4oAsfzK/crCL8YZ+19fKYVnM63Sl+Xzlw==",
-      "license": "MIT",
-      "dependencies": {
-        "@actions/io": "^3.0.2"
-      }
-    },
-    "node_modules/@actions/core/node_modules/@actions/http-client": {
-      "version": "4.0.1",
-      "resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-4.0.1.tgz",
-      "integrity": "sha512-+Nvd1ImaOZBSoPbsUtEhv+1z99H12xzncCkz0a3RuehINE81FZSe2QTj3uvAPTcJX/SCzUQHQ0D1GrPMbrPitg==",
-      "license": "MIT",
-      "dependencies": {
-        "tunnel": "^0.0.6",
-        "undici": "^6.23.0"
-      }
-    },
-    "node_modules/@actions/core/node_modules/@actions/io": {
-      "version": "3.0.2",
-      "resolved": "https://registry.npmjs.org/@actions/io/-/io-3.0.2.tgz",
-      "integrity": "sha512-nRBchcMM+QK1pdjO7/idu86rbJI5YHUKCvKs0KxnSYbVe3F51UfGxuZX4Qy/fWlp6l7gWFwIkrOzN+oUK03kfw==",
-      "license": "MIT"
-    },
-    "node_modules/@actions/core/node_modules/undici": {
-      "version": "6.25.0",
-      "resolved": "https://registry.npmjs.org/undici/-/undici-6.25.0.tgz",
-      "integrity": "sha512-ZgpWDC5gmNiuY9CnLVXEH8rl50xhRCuLNA97fAUnKi8RRuV4E6KG31pDTsLVUKnohJE0I3XDrTeEydAXRw47xg==",
-      "license": "MIT",
-      "engines": {
-        "node": ">=18.17"
+        "@actions/exec": "^1.1.1",
+        "@actions/http-client": "^2.0.1"
       }
     },
     "node_modules/@actions/exec": {
       "version": "1.1.1",
       "resolved": "https://registry.npmjs.org/@actions/exec/-/exec-1.1.1.tgz",
       "integrity": "sha512-+sCcHHbVdk93a0XT19ECtO/gIXoxvdsgQLzb2fE2/5sIZmWQuluYyjPQtrtTHdU1YzTZ7bAPN4sITq2xi1679w==",
-      "dev": true,
       "license": "MIT",
       "dependencies": {
         "@actions/io": "^1.0.1"
@@ -477,7 +431,6 @@
       "version": "2.2.3",
       "resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-2.2.3.tgz",
       "integrity": "sha512-mx8hyJi/hjFvbPokCg4uRd4ZX78t+YyRPtnKWwIl+RzNaVuFpQHfmlGVfsKEJN8LwTCvL+DfVgAM04XaHkm6bA==",
-      "dev": true,
       "license": "MIT",
       "dependencies": {
         "tunnel": "^0.0.6",
@@ -488,54 +441,28 @@
       "version": "1.1.3",
       "resolved": "https://registry.npmjs.org/@actions/io/-/io-1.1.3.tgz",
       "integrity": "sha512-wi9JjgKLYS7U/z8PPbco+PvTb/nRWjeoFlJ1Qer83k/3C5PHQi28hiVdeE2kHXmIL99mQFawx8qt/JPjZilJ8Q==",
-      "dev": true,
       "license": "MIT"
     },
     "node_modules/@actions/tool-cache": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/@actions/tool-cache/-/tool-cache-4.0.0.tgz",
-      "integrity": "sha512-L8P9HbXvpvqjZDveb/fdsa55IVC0trfPgQ4ZwGo6r5af6YDVdM9vMGPZ7rgY2fAT9gGj4PSYd6bYlg3p3jD78A==",
+      "version": "2.0.2",
+      "resolved": "https://registry.npmjs.org/@actions/tool-cache/-/tool-cache-2.0.2.tgz",
+      "integrity": "sha512-fBhNNOWxuoLxztQebpOaWu6WeVmuwa77Z+DxIZ1B+OYvGkGQon6kTVg6Z32Cb13WCuw0szqonK+hh03mJV7Z6w==",
       "license": "MIT",
       "dependencies": {
-        "@actions/core": "^3.0.0",
-        "@actions/exec": "^3.0.0",
-        "@actions/http-client": "^4.0.0",
-        "@actions/io": "^3.0.0",
-        "semver": "^7.7.3"
+        "@actions/core": "^1.11.1",
+        "@actions/exec": "^1.0.0",
+        "@actions/http-client": "^2.0.1",
+        "@actions/io": "^1.1.1",
+        "semver": "^6.1.0"
       }
     },
-    "node_modules/@actions/tool-cache/node_modules/@actions/exec": {
-      "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/@actions/exec/-/exec-3.0.0.tgz",
-      "integrity": "sha512-6xH/puSoNBXb72VPlZVm7vQ+svQpFyA96qdDBvhB8eNZOE8LtPf9L4oAsfzK/crCL8YZ+19fKYVnM63Sl+Xzlw==",
-      "license": "MIT",
-      "dependencies": {
-        "@actions/io": "^3.0.2"
-      }
-    },
-    "node_modules/@actions/tool-cache/node_modules/@actions/http-client": {
-      "version": "4.0.1",
-      "resolved": "https://registry.npmjs.org/@actions/http-client/-/http-client-4.0.1.tgz",
-      "integrity": "sha512-+Nvd1ImaOZBSoPbsUtEhv+1z99H12xzncCkz0a3RuehINE81FZSe2QTj3uvAPTcJX/SCzUQHQ0D1GrPMbrPitg==",
-      "license": "MIT",
-      "dependencies": {
-        "tunnel": "^0.0.6",
-        "undici": "^6.23.0"
-      }
-    },
-    "node_modules/@actions/tool-cache/node_modules/@actions/io": {
-      "version": "3.0.2",
-      "resolved": "https://registry.npmjs.org/@actions/io/-/io-3.0.2.tgz",
-      "integrity": "sha512-nRBchcMM+QK1pdjO7/idu86rbJI5YHUKCvKs0KxnSYbVe3F51UfGxuZX4Qy/fWlp6l7gWFwIkrOzN+oUK03kfw==",
-      "license": "MIT"
-    },
-    "node_modules/@actions/tool-cache/node_modules/undici": {
-      "version": "6.25.0",
-      "resolved": "https://registry.npmjs.org/undici/-/undici-6.25.0.tgz",
-      "integrity": "sha512-ZgpWDC5gmNiuY9CnLVXEH8rl50xhRCuLNA97fAUnKi8RRuV4E6KG31pDTsLVUKnohJE0I3XDrTeEydAXRw47xg==",
-      "license": "MIT",
-      "engines": {
-        "node": ">=18.17"
+    "node_modules/@actions/tool-cache/node_modules/semver": {
+      "version": "6.3.1",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.1.tgz",
+      "integrity": "sha512-BR7VvDCVHO+q2xBEWskxS6DJE1qRnb7DxzUrogb71CWoSficBxYsiAGd+Kl0mmq/MprG9yArRkyrQxTO6XjMzA==",
+      "license": "ISC",
+      "bin": {
+        "semver": "bin/semver.js"
       }
     },
     "node_modules/@ampproject/remapping": {
@@ -1976,7 +1903,6 @@
       "version": "2.1.1",
       "resolved": "https://registry.npmjs.org/@fastify/busboy/-/busboy-2.1.1.tgz",
       "integrity": "sha512-vBZP4NlzfOlerQTnba4aqZoMhE/a9HY7HRqoOPaETQcSQuWEIyZMHGfVu6w9wGtGK5fED5qRs2DteVCjOH60sA==",
-      "dev": true,
       "license": "MIT",
       "engines": {
         "node": ">=14"
@@ -2022,17 +1948,6 @@
         "node": "^20 || ^22"
       }
     },
-    "node_modules/@github/local-action/node_modules/@actions/core": {
-      "version": "1.11.1",
-      "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.11.1.tgz",
-      "integrity": "sha512-hXJCSrkwfA46Vd9Z3q4cpEpHB1rL5NG04+/rbqW9d3+CSvtB1tYe8UTpAlixa1vj0m/ULglfEK2UKxMGxCxv5A==",
-      "dev": true,
-      "license": "MIT",
-      "dependencies": {
-        "@actions/exec": "^1.1.1",
-        "@actions/http-client": "^2.0.1"
-      }
-    },
     "node_modules/@github/local-action/node_modules/undici": {
       "version": "7.12.0",
       "resolved": "https://registry.npmjs.org/undici/-/undici-7.12.0.tgz",
@@ -11401,9 +11316,9 @@
       }
     },
     "node_modules/semver": {
-      "version": "7.8.0",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-7.8.0.tgz",
-      "integrity": "sha512-AcM7dV/5ul4EekoQ29Agm5vri8JNqRyj39o0qpX6vDF2GZrtutZl5RwgD1XnZjiTAfncsJhMI48QQH3sN87YNA==",
+      "version": "7.7.2",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.2.tgz",
+      "integrity": "sha512-RF0Fw+rO5AMf9MAyaRXI4AV0Ulj5lMHqVxxdSgiVbixSCXoEmmX/jk0CuJw4+3SqroYO9VoUh+HcuJivvtJemA==",
       "license": "ISC",
       "bin": {
         "semver": "bin/semver.js"
@@ -12681,7 +12596,6 @@
       "version": "5.29.0",
       "resolved": "https://registry.npmjs.org/undici/-/undici-5.29.0.tgz",
       "integrity": "sha512-raqeBD6NQK4SkWhQzeYKd1KmIG6dllBOTt55Rmkt4HtI9mwdWtJljnrXjAFUBLTSN67HWrOIZ3EPF4kjUw80Bg==",
-      "dev": true,
       "license": "MIT",
       "dependencies": {
         "@fastify/busboy": "^2.0.0"

package.json

@@ -33,8 +33,8 @@
   },
   "license": "MIT",
   "dependencies": {
-    "@actions/core": "^3.0.1",
-    "@actions/tool-cache": "^4.0.0",
+    "@actions/core": "^1.11.1",
+    "@actions/tool-cache": "^2.0.2",
     "semver": "^7.7.2"
   },
   "devDependencies": {

src/main.ts

@@ -1,12 +1,7 @@
 import * as core from '@actions/core'
 import * as tc from '@actions/tool-cache'
 import { gte } from 'semver'
-import {
-  getDownloadArchive,
-  determineInstalledVersion,
-  getCliPath,
-  installAlpineRuntimeDependencies
-} from './utils.js'
+import { getDownloadUrl, determineInstalledVersion } from './utils.js'
 
 export const CLI_CONFIG_REGISTRY = 'SUPABASE_INTERNAL_IMAGE_REGISTRY'
 
@@ -19,26 +14,13 @@ export async function run(): Promise<void> {
   try {
     // Get version of tool to be installed
     const version = core.getInput('version')
-    const githubToken = core.getInput('github-token')
 
     // Download the specific version of the tool, e.g. as a tarball/zipball
-    const download = await getDownloadArchive(
-      version,
-      undefined,
-      undefined,
-      undefined,
-      githubToken
-    )
-    const pathToArchive = await tc.downloadTool(download.url)
+    const download = await getDownloadUrl(version)
+    const pathToTarball = await tc.downloadTool(download)
 
     // Extract the tarball/zipball onto host runner
-    const extractedPath =
-      download.format === 'zip'
-        ? await tc.extractZip(pathToArchive)
-        : await tc.extractTar(pathToArchive)
-    const pathToCLI = getCliPath(extractedPath, download.format)
-
-    await installAlpineRuntimeDependencies(download.format)
+    const pathToCLI = await tc.extractTar(pathToTarball)
 
     // Expose the tool by adding it to the PATH
     core.addPath(pathToCLI)

src/utils.ts

@@ -1,20 +1,9 @@
 import { exec } from 'child_process'
-import { existsSync } from 'fs'
 import os from 'os'
-import { gte, lt } from 'semver'
+import { lt } from 'semver'
 import { promisify } from 'util'
 
 const doExec = promisify(exec)
-const VERSIONED_ARCHIVE_VERSION = '2.99.0'
-const LATEST_RELEASE_URL =
-  'https://api.github.com/repos/supabase/cli/releases/latest'
-
-export type ArchiveFormat = 'apk' | 'tar' | 'zip'
-
-export type DownloadArchive = {
-  url: string
-  format: ArchiveFormat
-}
 
 // arch in [arm, arm64, x64...] (https://nodejs.org/docs/latest-v16.x/api/os.html#osarch)
 // return value in [amd64, arm64, arm]
@@ -34,172 +23,17 @@ const mapOS = (platform: string): string => {
   return mappings[platform] || platform
 }
 
-const normalizeVersion = (version: string): string => version.replace(/^v/i, '')
-
-const resolveLatestVersion = async (githubToken?: string): Promise<string> => {
-  const headers: Record<string, string> = {
-    Accept: 'application/vnd.github+json',
-    'X-GitHub-Api-Version': '2022-11-28'
+export const getDownloadUrl = async (version: string): Promise<string> => {
+  const platform = mapOS(os.platform())
+  const arch = mapArch(os.arch())
+  const filename = `supabase_${platform}_${arch}.tar.gz`
+  if (version.toLowerCase() === 'latest') {
+    return `https://github.com/supabase/cli/releases/latest/download/${filename}`
   }
-  const token = githubToken?.trim()
-
-  if (token) {
-    headers.Authorization = `Bearer ${token}`
-  }
-
-  const response = await fetch(LATEST_RELEASE_URL, { headers })
-  if (!response.ok) {
-    throw new Error(
-      `Failed to resolve latest Supabase CLI release: ${response.statusText}`
-    )
-  }
-
-  const release = (await response.json()) as { tag_name?: unknown }
-  if (typeof release.tag_name !== 'string') {
-    throw new Error(
-      'Failed to resolve latest Supabase CLI release: missing tag name'
-    )
-  }
-
-  return normalizeVersion(release.tag_name)
-}
-
-const detectMuslLinux = async (platform = os.platform()): Promise<boolean> => {
-  if (platform !== 'linux') {
-    return false
-  }
-
-  if (existsSync('/etc/alpine-release')) {
-    return true
-  }
-
-  try {
-    const { stdout, stderr } = await doExec('ldd --version')
-    return `${stdout}\n${stderr}`.toLowerCase().includes('musl')
-  } catch (error) {
-    const output = error instanceof Error ? error.message : String(error)
-    return output.toLowerCase().includes('musl')
-  }
-}
-
-const getArchiveFormat = (
-  version: string,
-  platform: string,
-  isMuslLinux: boolean
-): ArchiveFormat => {
-  if (
-    platform === 'linux' &&
-    isMuslLinux &&
-    gte(version, VERSIONED_ARCHIVE_VERSION)
-  ) {
-    return 'apk'
-  }
-
-  if (platform === 'win32' && gte(version, VERSIONED_ARCHIVE_VERSION)) {
-    return 'zip'
-  }
-
-  return 'tar'
-}
-
-const getArchiveFilename = (
-  version: string,
-  platform: string,
-  arch: string,
-  format: ArchiveFormat
-): string => {
-  const archivePlatform = mapOS(platform)
-  const archiveArch = mapArch(arch)
   if (lt(version, '1.28.0')) {
-    return `supabase_${version}_${archivePlatform}_${archiveArch}.tar.gz`
+    return `https://github.com/supabase/cli/releases/download/v${version}/supabase_${version}_${platform}_${arch}.tar.gz`
   }
-
-  if (platform === 'linux' && format === 'apk') {
-    return `supabase_${version}_${archivePlatform}_${archiveArch}.apk`
-  }
-
-  if (gte(version, VERSIONED_ARCHIVE_VERSION)) {
-    const extension = platform === 'win32' ? 'zip' : 'tar.gz'
-    return `supabase_${version}_${archivePlatform}_${archiveArch}.${extension}`
-  }
-
-  return `supabase_${archivePlatform}_${archiveArch}.tar.gz`
-}
-
-export const getDownloadArchive = async (
-  version: string,
-  platform = os.platform(),
-  arch = os.arch(),
-  isMuslLinux?: boolean,
-  githubToken?: string
-): Promise<DownloadArchive> => {
-  const resolvedVersion =
-    version.toLowerCase() === 'latest'
-      ? await resolveLatestVersion(githubToken)
-      : normalizeVersion(version)
-  const format = getArchiveFormat(
-    resolvedVersion,
-    platform,
-    isMuslLinux ?? (await detectMuslLinux(platform))
-  )
-  const filename = getArchiveFilename(resolvedVersion, platform, arch, format)
-
-  return {
-    url: `https://github.com/supabase/cli/releases/download/v${resolvedVersion}/${filename}`,
-    format
-  }
-}
-
-export const getCliPath = (
-  extractedPath: string,
-  archiveFormat: ArchiveFormat
-): string => {
-  return archiveFormat === 'apk' ? `${extractedPath}/usr/bin` : extractedPath
-}
-
-export const installAlpineRuntimeDependencies = async (
-  archiveFormat: ArchiveFormat
-): Promise<void> => {
-  if (archiveFormat !== 'apk') {
-    return
-  }
-
-  try {
-    await doExec('command -v apk')
-  } catch {
-    throw new Error(
-      'Linux musl containers need libstdc++ and libgcc to run Supabase CLI. Install them before supabase/setup-cli.'
-    )
-  }
-
-  try {
-    await doExec('apk info -e libstdc++ libgcc')
-    return
-  } catch {
-    const { stdout } = await doExec('id -u')
-    if (stdout.trim() !== '0') {
-      throw new Error(
-        "Alpine/musl containers need libstdc++ and libgcc to run Supabase CLI. Add 'apk add --no-cache libstdc++ libgcc' before supabase/setup-cli, or run this job container as root."
-      )
-    }
-  }
-
-  // The Supabase CLI shim in the apk dynamically links these Alpine runtime libraries.
-  await doExec('apk add --no-cache libstdc++ libgcc')
-}
-
-export const getDownloadUrl = async (
-  version: string,
-  githubToken?: string
-): Promise<string> => {
-  const archive = await getDownloadArchive(
-    version,
-    os.platform(),
-    os.arch(),
-    undefined,
-    githubToken
-  )
-  return archive.url
+  return `https://github.com/supabase/cli/releases/download/v${version}/${filename}`
 }
 
 export const determineInstalledVersion = async (): Promise<string> => {