Add denoland setup step to testing.md (#320)

* fix: indentation in docs page

* fix: indentation in docs page

* fix: indentation in docs page

.github/workflows/check-dist.yml

@@ -24,9 +24,10 @@ jobs:
       - uses: actions/checkout@v3
 
       - name: Set Node.js 16.x
-        uses: actions/setup-node@v3.5.1
+        uses: actions/setup-node@v3.7.0
         with:
           node-version: 16.x
+          cache: npm
 
       - name: Install dependencies
         run: npm ci

.github/workflows/dependabot.yml

@@ -18,7 +18,7 @@ jobs:
       # will not occur.
       - name: Dependabot metadata
         id: dependabot-metadata
-        uses: dependabot/fetch-metadata@v1.3.4
+        uses: dependabot/fetch-metadata@v1.6.0
         with:
           github-token: '${{ secrets.GITHUB_TOKEN }}'
 

.github/workflows/start.yml

@@ -4,7 +4,7 @@ on:
     branches:
       - main
     tags:
-      - 'v*'
+      - 'v[0-9]+.[0-9]+.[0-9]+'
   schedule:
     # * is a special character in YAML so you have to quote this string
     - cron: '30 1,9 * * *'
@@ -13,9 +13,6 @@ defaults:
   run:
     shell: bash
 
-env:
-  GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
 jobs:
   e2e: # make sure the action works on a clean machine without building
     runs-on: ubuntu-latest

.github/workflows/test.yml

@@ -9,9 +9,6 @@ defaults:
   run:
     shell: bash
 
-env:
-  GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
 jobs:
   build: # make sure build/ci work properly
     runs-on: ubuntu-latest

README.md

@@ -24,18 +24,18 @@ A specific version of the `supabase` CLI can be installed:
 steps:
   - uses: supabase/setup-cli@v1
     with:
-      version: 1.0.0
+      version: 1.28.3
 ```
 
-Run `supabase start` to execute all migrations on a fresh database:
+Run `supabase db start` to execute all migrations on a fresh database:
 
 ```yaml
 steps:
   - uses: supabase/setup-cli@v1
     with:
-      version: 1.0.0
+      version: latest
   - run: supabase init
-  - run: supabase start
+  - run: supabase db start
 ```
 
 Since Supabase CLI relies on Docker Engine API, additional setup may be required on Windows and macOS runners.
@@ -44,7 +44,9 @@ Since Supabase CLI relies on Docker Engine API, additional setup may be required
 
 The actions supports the following inputs:
 
-- `version`: The version of `supabase` to install, defaulting to `1.0.0`. You can also specify `latest` to use the latest version.
+| Name      | Type   | Description                        | Default  | Required |
+| --------- | ------ | ---------------------------------- | -------- | -------- |
+| `version` | String | Supabase CLI version (or `latest`) | `1.28.3` | false    |
 
 ## Advanced Usage
 
@@ -54,7 +56,7 @@ Check generated TypeScript types are up-to-date with Postgres schema:
 steps:
   - uses: supabase/setup-cli@v1
   - run: supabase init
-  - run: supabase start
+  - run: supabase db start
   - name: Verify generated types match Postgres schema
     run: |
       supabase gen types typescript --local > schema.gen.ts
@@ -115,10 +117,11 @@ Actions are run from GitHub repos so we will checkin the packed dist folder.
 Then run [ncc](https://github.com/zeit/ncc) and push the results:
 
 ```bash
-$ npm run package
+$ npm run all
 $ git add dist
 $ git commit -a -m "Update dependencies"
-$ git push origin releases/v1
+$ git tag -f v1
+$ git push -f --tags
 ```
 
 Note: We recommend using the `--license` option for ncc, which will create a license file for all of the production node modules used in your project.
@@ -134,7 +137,7 @@ You can now validate the action by referencing `./` in a workflow in your repo (
 ```yaml
 uses: ./
 with:
-  version: 1.0.0
+  version: latest
 ```
 
 See the [actions tab](https://github.com/actions/typescript-action/actions) for runs of this action! :rocket:

__tests__/main.test.ts

@@ -1,32 +1,55 @@
 import {getDownloadUrl} from '../src/utils'
+import {CLI_CONFIG_REGISTRY} from '../src/main'
 import * as os from 'os'
 import * as process from 'process'
 import * as cp from 'child_process'
 import * as path from 'path'
+import * as fs from 'fs'
+import * as yaml from 'js-yaml'
 import {expect, test} from '@jest/globals'
 
 test('gets download url to binary', async () => {
-  const url = await getDownloadUrl('0.1.0')
-  expect(url).toContain(
-    'https://github.com/supabase/cli/releases/download/v0.1.0/'
-  )
+  const url = await getDownloadUrl('1.28.0')
+  expect(
+    url.startsWith(
+      'https://github.com/supabase/cli/releases/download/v1.28.0/supabase_'
+    )
+  ).toBeTruthy()
+  expect(url.endsWith('.tar.gz')).toBeTruthy()
+  expect(url).not.toContain('_1.28.0_')
 })
 
-test('gets download url to binary with "latest" version', async () => {
+test('gets legacy download url to binary', async () => {
+  const url = await getDownloadUrl('0.1.0')
+  expect(
+    url.startsWith(
+      `https://github.com/supabase/cli/releases/download/v0.1.0/supabase_0.1.0_`
+    )
+  ).toBeTruthy()
+  expect(url.endsWith('.tar.gz')).toBeTruthy()
+})
+
+test('gets download url to latest version', async () => {
   const url = await getDownloadUrl('latest')
   expect(url).toMatch(
-    /^https:\/\/github.com\/supabase\/cli\/releases\/download\/v[0-9]+\.[0-9]+\.[0-9]+\/supabase_[0-9]+\.[0-9]+\.[0-9]+/
+    'https://github.com/supabase/cli/releases/latest/download/'
   )
 })
 
 // shows how the runner will run a javascript action with env / stdout protocol
 test('test runs', () => {
   process.env['RUNNER_TEMP'] = os.tmpdir()
-  process.env['INPUT_VERSION'] = '1.0.0'
+  const config = path.join(__dirname, '..', 'action.yml')
+  const action: any = yaml.load(fs.readFileSync(config, 'utf8'))
+  process.env['INPUT_VERSION'] = action.inputs.version.default
   const np = process.execPath
   const ip = path.join(__dirname, '..', 'lib', 'main.js')
   const options: cp.ExecFileSyncOptions = {
     env: process.env
   }
-  console.log(cp.execFileSync(np, [ip], options).toString())
+  const stdout = cp.execFileSync(np, [ip], options).toString()
+  console.log(stdout)
+  expect
+    .stringContaining(`::set-env name=${CLI_CONFIG_REGISTRY}::`)
+    .asymmetricMatch(stdout)
 })

action.yml

@@ -5,7 +5,10 @@ inputs:
   version:
     description: Version of Supabase CLI to install
     required: false
-    default: 1.0.0
+    default: 1.28.3
+outputs:
+  version:
+    description: Version of installed Supabase CLI
 runs:
   using: node16
   main: dist/index.js

dist/index.js

@@ -38,10 +38,16 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
         step((generator = generator.apply(thisArg, _arguments || [])).next());
     });
 };
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
 Object.defineProperty(exports, "__esModule", ({ value: true }));
+exports.CLI_CONFIG_REGISTRY = void 0;
 const core = __importStar(__nccwpck_require__(2186));
 const tc = __importStar(__nccwpck_require__(7784));
+const gte_1 = __importDefault(__nccwpck_require__(5522));
 const utils_1 = __nccwpck_require__(918);
+exports.CLI_CONFIG_REGISTRY = 'SUPABASE_INTERNAL_IMAGE_REGISTRY';
 function run() {
     return __awaiter(this, void 0, void 0, function* () {
         try {
@@ -54,6 +60,13 @@ function run() {
             const pathToCLI = yield tc.extractTar(pathToTarball);
             // Expose the tool by adding it to the PATH
             core.addPath(pathToCLI);
+            // Expose installed tool version
+            const determinedVersion = yield (0, utils_1.determineInstalledVersion)();
+            core.setOutput('version', determinedVersion);
+            // Use GHCR mirror by default
+            if (version.toLowerCase() === 'latest' || (0, gte_1.default)(version, '1.28.0')) {
+                core.exportVariable(exports.CLI_CONFIG_REGISTRY, 'ghcr.io');
+            }
         }
         catch (error) {
             if (error instanceof Error)
@@ -84,10 +97,12 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", ({ value: true }));
-exports.getDownloadUrl = void 0;
+exports.determineInstalledVersion = exports.getDownloadUrl = void 0;
+const child_process_1 = __nccwpck_require__(2081);
 const os_1 = __importDefault(__nccwpck_require__(2037));
-const http_client_1 = __nccwpck_require__(6255);
-const auth_1 = __nccwpck_require__(5526);
+const lt_1 = __importDefault(__nccwpck_require__(194));
+const util_1 = __nccwpck_require__(3837);
+const doExec = (0, util_1.promisify)(child_process_1.exec);
 // arch in [arm, arm64, x64...] (https://nodejs.org/docs/latest-v16.x/api/os.html#osarch)
 // return value in [amd64, arm64, arm]
 const mapArch = (arch) => {
@@ -107,26 +122,25 @@ const mapOS = (platform) => {
 const getDownloadUrl = (version) => __awaiter(void 0, void 0, void 0, function* () {
     const platform = mapOS(os_1.default.platform());
     const arch = mapArch(os_1.default.arch());
-    const resolvedVersion = yield resolveVersion(version);
-    const filename = `supabase_${resolvedVersion}_${platform}_${arch}`;
-    return `https://github.com/supabase/cli/releases/download/v${resolvedVersion}/${filename}.tar.gz`;
+    const filename = `supabase_${platform}_${arch}.tar.gz`;
+    if (version.toLowerCase() === 'latest') {
+        return `https://github.com/supabase/cli/releases/latest/download/${filename}`;
+    }
+    if ((0, lt_1.default)(version, '1.28.0')) {
+        return `https://github.com/supabase/cli/releases/download/v${version}/supabase_${version}_${platform}_${arch}.tar.gz`;
+    }
+    return `https://github.com/supabase/cli/releases/download/v${version}/${filename}`;
 });
 exports.getDownloadUrl = getDownloadUrl;
-// Authenticate with GH_TOKEN to avoid GitHub API rate limits
-const token = process.env['GH_TOKEN'];
-const http = new http_client_1.HttpClient('supabase/setup-cli', token ? [new auth_1.BearerCredentialHandler(token)] : undefined);
-const resolveVersion = (version) => __awaiter(void 0, void 0, void 0, function* () {
-    var _a;
-    if (version !== 'latest') {
-        return version;
+const determineInstalledVersion = () => __awaiter(void 0, void 0, void 0, function* () {
+    const { stdout } = yield doExec('supabase --version');
+    const version = stdout.trim();
+    if (!version) {
+        throw new Error('Could not determine installed Supabase CLI version');
     }
-    const url = 'https://api.github.com/repos/supabase/cli/releases/latest';
-    const tag = (_a = (yield http.getJson(url)).result) === null || _a === void 0 ? void 0 : _a.tag_name;
-    if (!tag) {
-        throw new Error('Cannot fetch tag info');
-    }
-    return tag.substring(1);
+    return version;
 });
+exports.determineInstalledVersion = determineInstalledVersion;
 
 
 /***/ }),
@@ -3840,7 +3854,7 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
 };
 Object.defineProperty(exports, "__esModule", ({ value: true }));
 exports._readLinuxVersionFile = exports._getOsVersion = exports._findMatch = void 0;
-const semver = __importStar(__nccwpck_require__(5911));
+const semver = __importStar(__nccwpck_require__(562));
 const core_1 = __nccwpck_require__(2186);
 // needs to be require for core node modules to be mocked
 /* eslint @typescript-eslint/no-require-imports: 0 */
@@ -4075,7 +4089,7 @@ const mm = __importStar(__nccwpck_require__(2473));
 const os = __importStar(__nccwpck_require__(2037));
 const path = __importStar(__nccwpck_require__(1017));
 const httpm = __importStar(__nccwpck_require__(6255));
-const semver = __importStar(__nccwpck_require__(5911));
+const semver = __importStar(__nccwpck_require__(562));
 const stream = __importStar(__nccwpck_require__(2781));
 const util = __importStar(__nccwpck_require__(3837));
 const assert_1 = __nccwpck_require__(9491);
@@ -4702,7 +4716,7 @@ function _unique(values) {
 
 /***/ }),
 
-/***/ 5911:
+/***/ 562:
 /***/ ((module, exports) => {
 
 exports = module.exports = SemVer
@@ -6303,6 +6317,609 @@ function coerce (version, options) {
 }
 
 
+/***/ }),
+
+/***/ 8088:
+/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => {
+
+const debug = __nccwpck_require__(106)
+const { MAX_LENGTH, MAX_SAFE_INTEGER } = __nccwpck_require__(2293)
+const { re, t } = __nccwpck_require__(9523)
+
+const parseOptions = __nccwpck_require__(785)
+const { compareIdentifiers } = __nccwpck_require__(2463)
+class SemVer {
+  constructor (version, options) {
+    options = parseOptions(options)
+
+    if (version instanceof SemVer) {
+      if (version.loose === !!options.loose &&
+          version.includePrerelease === !!options.includePrerelease) {
+        return version
+      } else {
+        version = version.version
+      }
+    } else if (typeof version !== 'string') {
+      throw new TypeError(`Invalid Version: ${version}`)
+    }
+
+    if (version.length > MAX_LENGTH) {
+      throw new TypeError(
+        `version is longer than ${MAX_LENGTH} characters`
+      )
+    }
+
+    debug('SemVer', version, options)
+    this.options = options
+    this.loose = !!options.loose
+    // this isn't actually relevant for versions, but keep it so that we
+    // don't run into trouble passing this.options around.
+    this.includePrerelease = !!options.includePrerelease
+
+    const m = version.trim().match(options.loose ? re[t.LOOSE] : re[t.FULL])
+
+    if (!m) {
+      throw new TypeError(`Invalid Version: ${version}`)
+    }
+
+    this.raw = version
+
+    // these are actually numbers
+    this.major = +m[1]
+    this.minor = +m[2]
+    this.patch = +m[3]
+
+    if (this.major > MAX_SAFE_INTEGER || this.major < 0) {
+      throw new TypeError('Invalid major version')
+    }
+
+    if (this.minor > MAX_SAFE_INTEGER || this.minor < 0) {
+      throw new TypeError('Invalid minor version')
+    }
+
+    if (this.patch > MAX_SAFE_INTEGER || this.patch < 0) {
+      throw new TypeError('Invalid patch version')
+    }
+
+    // numberify any prerelease numeric ids
+    if (!m[4]) {
+      this.prerelease = []
+    } else {
+      this.prerelease = m[4].split('.').map((id) => {
+        if (/^[0-9]+$/.test(id)) {
+          const num = +id
+          if (num >= 0 && num < MAX_SAFE_INTEGER) {
+            return num
+          }
+        }
+        return id
+      })
+    }
+
+    this.build = m[5] ? m[5].split('.') : []
+    this.format()
+  }
+
+  format () {
+    this.version = `${this.major}.${this.minor}.${this.patch}`
+    if (this.prerelease.length) {
+      this.version += `-${this.prerelease.join('.')}`
+    }
+    return this.version
+  }
+
+  toString () {
+    return this.version
+  }
+
+  compare (other) {
+    debug('SemVer.compare', this.version, this.options, other)
+    if (!(other instanceof SemVer)) {
+      if (typeof other === 'string' && other === this.version) {
+        return 0
+      }
+      other = new SemVer(other, this.options)
+    }
+
+    if (other.version === this.version) {
+      return 0
+    }
+
+    return this.compareMain(other) || this.comparePre(other)
+  }
+
+  compareMain (other) {
+    if (!(other instanceof SemVer)) {
+      other = new SemVer(other, this.options)
+    }
+
+    return (
+      compareIdentifiers(this.major, other.major) ||
+      compareIdentifiers(this.minor, other.minor) ||
+      compareIdentifiers(this.patch, other.patch)
+    )
+  }
+
+  comparePre (other) {
+    if (!(other instanceof SemVer)) {
+      other = new SemVer(other, this.options)
+    }
+
+    // NOT having a prerelease is > having one
+    if (this.prerelease.length && !other.prerelease.length) {
+      return -1
+    } else if (!this.prerelease.length && other.prerelease.length) {
+      return 1
+    } else if (!this.prerelease.length && !other.prerelease.length) {
+      return 0
+    }
+
+    let i = 0
+    do {
+      const a = this.prerelease[i]
+      const b = other.prerelease[i]
+      debug('prerelease compare', i, a, b)
+      if (a === undefined && b === undefined) {
+        return 0
+      } else if (b === undefined) {
+        return 1
+      } else if (a === undefined) {
+        return -1
+      } else if (a === b) {
+        continue
+      } else {
+        return compareIdentifiers(a, b)
+      }
+    } while (++i)
+  }
+
+  compareBuild (other) {
+    if (!(other instanceof SemVer)) {
+      other = new SemVer(other, this.options)
+    }
+
+    let i = 0
+    do {
+      const a = this.build[i]
+      const b = other.build[i]
+      debug('prerelease compare', i, a, b)
+      if (a === undefined && b === undefined) {
+        return 0
+      } else if (b === undefined) {
+        return 1
+      } else if (a === undefined) {
+        return -1
+      } else if (a === b) {
+        continue
+      } else {
+        return compareIdentifiers(a, b)
+      }
+    } while (++i)
+  }
+
+  // preminor will bump the version up to the next minor release, and immediately
+  // down to pre-release. premajor and prepatch work the same way.
+  inc (release, identifier) {
+    switch (release) {
+      case 'premajor':
+        this.prerelease.length = 0
+        this.patch = 0
+        this.minor = 0
+        this.major++
+        this.inc('pre', identifier)
+        break
+      case 'preminor':
+        this.prerelease.length = 0
+        this.patch = 0
+        this.minor++
+        this.inc('pre', identifier)
+        break
+      case 'prepatch':
+        // If this is already a prerelease, it will bump to the next version
+        // drop any prereleases that might already exist, since they are not
+        // relevant at this point.
+        this.prerelease.length = 0
+        this.inc('patch', identifier)
+        this.inc('pre', identifier)
+        break
+      // If the input is a non-prerelease version, this acts the same as
+      // prepatch.
+      case 'prerelease':
+        if (this.prerelease.length === 0) {
+          this.inc('patch', identifier)
+        }
+        this.inc('pre', identifier)
+        break
+
+      case 'major':
+        // If this is a pre-major version, bump up to the same major version.
+        // Otherwise increment major.
+        // 1.0.0-5 bumps to 1.0.0
+        // 1.1.0 bumps to 2.0.0
+        if (
+          this.minor !== 0 ||
+          this.patch !== 0 ||
+          this.prerelease.length === 0
+        ) {
+          this.major++
+        }
+        this.minor = 0
+        this.patch = 0
+        this.prerelease = []
+        break
+      case 'minor':
+        // If this is a pre-minor version, bump up to the same minor version.
+        // Otherwise increment minor.
+        // 1.2.0-5 bumps to 1.2.0
+        // 1.2.1 bumps to 1.3.0
+        if (this.patch !== 0 || this.prerelease.length === 0) {
+          this.minor++
+        }
+        this.patch = 0
+        this.prerelease = []
+        break
+      case 'patch':
+        // If this is not a pre-release version, it will increment the patch.
+        // If it is a pre-release it will bump up to the same patch version.
+        // 1.2.0-5 patches to 1.2.0
+        // 1.2.0 patches to 1.2.1
+        if (this.prerelease.length === 0) {
+          this.patch++
+        }
+        this.prerelease = []
+        break
+      // This probably shouldn't be used publicly.
+      // 1.0.0 'pre' would become 1.0.0-0 which is the wrong direction.
+      case 'pre':
+        if (this.prerelease.length === 0) {
+          this.prerelease = [0]
+        } else {
+          let i = this.prerelease.length
+          while (--i >= 0) {
+            if (typeof this.prerelease[i] === 'number') {
+              this.prerelease[i]++
+              i = -2
+            }
+          }
+          if (i === -1) {
+            // didn't increment anything
+            this.prerelease.push(0)
+          }
+        }
+        if (identifier) {
+          // 1.2.0-beta.1 bumps to 1.2.0-beta.2,
+          // 1.2.0-beta.fooblz or 1.2.0-beta bumps to 1.2.0-beta.0
+          if (compareIdentifiers(this.prerelease[0], identifier) === 0) {
+            if (isNaN(this.prerelease[1])) {
+              this.prerelease = [identifier, 0]
+            }
+          } else {
+            this.prerelease = [identifier, 0]
+          }
+        }
+        break
+
+      default:
+        throw new Error(`invalid increment argument: ${release}`)
+    }
+    this.format()
+    this.raw = this.version
+    return this
+  }
+}
+
+module.exports = SemVer
+
+
+/***/ }),
+
+/***/ 4309:
+/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => {
+
+const SemVer = __nccwpck_require__(8088)
+const compare = (a, b, loose) =>
+  new SemVer(a, loose).compare(new SemVer(b, loose))
+
+module.exports = compare
+
+
+/***/ }),
+
+/***/ 5522:
+/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => {
+
+const compare = __nccwpck_require__(4309)
+const gte = (a, b, loose) => compare(a, b, loose) >= 0
+module.exports = gte
+
+
+/***/ }),
+
+/***/ 194:
+/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => {
+
+const compare = __nccwpck_require__(4309)
+const lt = (a, b, loose) => compare(a, b, loose) < 0
+module.exports = lt
+
+
+/***/ }),
+
+/***/ 2293:
+/***/ ((module) => {
+
+// Note: this is the semver.org version of the spec that it implements
+// Not necessarily the package version of this code.
+const SEMVER_SPEC_VERSION = '2.0.0'
+
+const MAX_LENGTH = 256
+const MAX_SAFE_INTEGER = Number.MAX_SAFE_INTEGER ||
+/* istanbul ignore next */ 9007199254740991
+
+// Max safe segment length for coercion.
+const MAX_SAFE_COMPONENT_LENGTH = 16
+
+module.exports = {
+  SEMVER_SPEC_VERSION,
+  MAX_LENGTH,
+  MAX_SAFE_INTEGER,
+  MAX_SAFE_COMPONENT_LENGTH,
+}
+
+
+/***/ }),
+
+/***/ 106:
+/***/ ((module) => {
+
+const debug = (
+  typeof process === 'object' &&
+  process.env &&
+  process.env.NODE_DEBUG &&
+  /\bsemver\b/i.test(process.env.NODE_DEBUG)
+) ? (...args) => console.error('SEMVER', ...args)
+  : () => {}
+
+module.exports = debug
+
+
+/***/ }),
+
+/***/ 2463:
+/***/ ((module) => {
+
+const numeric = /^[0-9]+$/
+const compareIdentifiers = (a, b) => {
+  const anum = numeric.test(a)
+  const bnum = numeric.test(b)
+
+  if (anum && bnum) {
+    a = +a
+    b = +b
+  }
+
+  return a === b ? 0
+    : (anum && !bnum) ? -1
+    : (bnum && !anum) ? 1
+    : a < b ? -1
+    : 1
+}
+
+const rcompareIdentifiers = (a, b) => compareIdentifiers(b, a)
+
+module.exports = {
+  compareIdentifiers,
+  rcompareIdentifiers,
+}
+
+
+/***/ }),
+
+/***/ 785:
+/***/ ((module) => {
+
+// parse out just the options we care about so we always get a consistent
+// obj with keys in a consistent order.
+const opts = ['includePrerelease', 'loose', 'rtl']
+const parseOptions = options =>
+  !options ? {}
+  : typeof options !== 'object' ? { loose: true }
+  : opts.filter(k => options[k]).reduce((o, k) => {
+    o[k] = true
+    return o
+  }, {})
+module.exports = parseOptions
+
+
+/***/ }),
+
+/***/ 9523:
+/***/ ((module, exports, __nccwpck_require__) => {
+
+const { MAX_SAFE_COMPONENT_LENGTH } = __nccwpck_require__(2293)
+const debug = __nccwpck_require__(106)
+exports = module.exports = {}
+
+// The actual regexps go on exports.re
+const re = exports.re = []
+const src = exports.src = []
+const t = exports.t = {}
+let R = 0
+
+const createToken = (name, value, isGlobal) => {
+  const index = R++
+  debug(name, index, value)
+  t[name] = index
+  src[index] = value
+  re[index] = new RegExp(value, isGlobal ? 'g' : undefined)
+}
+
+// The following Regular Expressions can be used for tokenizing,
+// validating, and parsing SemVer version strings.
+
+// ## Numeric Identifier
+// A single `0`, or a non-zero digit followed by zero or more digits.
+
+createToken('NUMERICIDENTIFIER', '0|[1-9]\\d*')
+createToken('NUMERICIDENTIFIERLOOSE', '[0-9]+')
+
+// ## Non-numeric Identifier
+// Zero or more digits, followed by a letter or hyphen, and then zero or
+// more letters, digits, or hyphens.
+
+createToken('NONNUMERICIDENTIFIER', '\\d*[a-zA-Z-][a-zA-Z0-9-]*')
+
+// ## Main Version
+// Three dot-separated numeric identifiers.
+
+createToken('MAINVERSION', `(${src[t.NUMERICIDENTIFIER]})\\.` +
+                   `(${src[t.NUMERICIDENTIFIER]})\\.` +
+                   `(${src[t.NUMERICIDENTIFIER]})`)
+
+createToken('MAINVERSIONLOOSE', `(${src[t.NUMERICIDENTIFIERLOOSE]})\\.` +
+                        `(${src[t.NUMERICIDENTIFIERLOOSE]})\\.` +
+                        `(${src[t.NUMERICIDENTIFIERLOOSE]})`)
+
+// ## Pre-release Version Identifier
+// A numeric identifier, or a non-numeric identifier.
+
+createToken('PRERELEASEIDENTIFIER', `(?:${src[t.NUMERICIDENTIFIER]
+}|${src[t.NONNUMERICIDENTIFIER]})`)
+
+createToken('PRERELEASEIDENTIFIERLOOSE', `(?:${src[t.NUMERICIDENTIFIERLOOSE]
+}|${src[t.NONNUMERICIDENTIFIER]})`)
+
+// ## Pre-release Version
+// Hyphen, followed by one or more dot-separated pre-release version
+// identifiers.
+
+createToken('PRERELEASE', `(?:-(${src[t.PRERELEASEIDENTIFIER]
+}(?:\\.${src[t.PRERELEASEIDENTIFIER]})*))`)
+
+createToken('PRERELEASELOOSE', `(?:-?(${src[t.PRERELEASEIDENTIFIERLOOSE]
+}(?:\\.${src[t.PRERELEASEIDENTIFIERLOOSE]})*))`)
+
+// ## Build Metadata Identifier
+// Any combination of digits, letters, or hyphens.
+
+createToken('BUILDIDENTIFIER', '[0-9A-Za-z-]+')
+
+// ## Build Metadata
+// Plus sign, followed by one or more period-separated build metadata
+// identifiers.
+
+createToken('BUILD', `(?:\\+(${src[t.BUILDIDENTIFIER]
+}(?:\\.${src[t.BUILDIDENTIFIER]})*))`)
+
+// ## Full Version String
+// A main version, followed optionally by a pre-release version and
+// build metadata.
+
+// Note that the only major, minor, patch, and pre-release sections of
+// the version string are capturing groups.  The build metadata is not a
+// capturing group, because it should not ever be used in version
+// comparison.
+
+createToken('FULLPLAIN', `v?${src[t.MAINVERSION]
+}${src[t.PRERELEASE]}?${
+  src[t.BUILD]}?`)
+
+createToken('FULL', `^${src[t.FULLPLAIN]}$`)
+
+// like full, but allows v1.2.3 and =1.2.3, which people do sometimes.
+// also, 1.0.0alpha1 (prerelease without the hyphen) which is pretty
+// common in the npm registry.
+createToken('LOOSEPLAIN', `[v=\\s]*${src[t.MAINVERSIONLOOSE]
+}${src[t.PRERELEASELOOSE]}?${
+  src[t.BUILD]}?`)
+
+createToken('LOOSE', `^${src[t.LOOSEPLAIN]}$`)
+
+createToken('GTLT', '((?:<|>)?=?)')
+
+// Something like "2.*" or "1.2.x".
+// Note that "x.x" is a valid xRange identifer, meaning "any version"
+// Only the first item is strictly required.
+createToken('XRANGEIDENTIFIERLOOSE', `${src[t.NUMERICIDENTIFIERLOOSE]}|x|X|\\*`)
+createToken('XRANGEIDENTIFIER', `${src[t.NUMERICIDENTIFIER]}|x|X|\\*`)
+
+createToken('XRANGEPLAIN', `[v=\\s]*(${src[t.XRANGEIDENTIFIER]})` +
+                   `(?:\\.(${src[t.XRANGEIDENTIFIER]})` +
+                   `(?:\\.(${src[t.XRANGEIDENTIFIER]})` +
+                   `(?:${src[t.PRERELEASE]})?${
+                     src[t.BUILD]}?` +
+                   `)?)?`)
+
+createToken('XRANGEPLAINLOOSE', `[v=\\s]*(${src[t.XRANGEIDENTIFIERLOOSE]})` +
+                        `(?:\\.(${src[t.XRANGEIDENTIFIERLOOSE]})` +
+                        `(?:\\.(${src[t.XRANGEIDENTIFIERLOOSE]})` +
+                        `(?:${src[t.PRERELEASELOOSE]})?${
+                          src[t.BUILD]}?` +
+                        `)?)?`)
+
+createToken('XRANGE', `^${src[t.GTLT]}\\s*${src[t.XRANGEPLAIN]}$`)
+createToken('XRANGELOOSE', `^${src[t.GTLT]}\\s*${src[t.XRANGEPLAINLOOSE]}$`)
+
+// Coercion.
+// Extract anything that could conceivably be a part of a valid semver
+createToken('COERCE', `${'(^|[^\\d])' +
+              '(\\d{1,'}${MAX_SAFE_COMPONENT_LENGTH}})` +
+              `(?:\\.(\\d{1,${MAX_SAFE_COMPONENT_LENGTH}}))?` +
+              `(?:\\.(\\d{1,${MAX_SAFE_COMPONENT_LENGTH}}))?` +
+              `(?:$|[^\\d])`)
+createToken('COERCERTL', src[t.COERCE], true)
+
+// Tilde ranges.
+// Meaning is "reasonably at or greater than"
+createToken('LONETILDE', '(?:~>?)')
+
+createToken('TILDETRIM', `(\\s*)${src[t.LONETILDE]}\\s+`, true)
+exports.tildeTrimReplace = '$1~'
+
+createToken('TILDE', `^${src[t.LONETILDE]}${src[t.XRANGEPLAIN]}$`)
+createToken('TILDELOOSE', `^${src[t.LONETILDE]}${src[t.XRANGEPLAINLOOSE]}$`)
+
+// Caret ranges.
+// Meaning is "at least and backwards compatible with"
+createToken('LONECARET', '(?:\\^)')
+
+createToken('CARETTRIM', `(\\s*)${src[t.LONECARET]}\\s+`, true)
+exports.caretTrimReplace = '$1^'
+
+createToken('CARET', `^${src[t.LONECARET]}${src[t.XRANGEPLAIN]}$`)
+createToken('CARETLOOSE', `^${src[t.LONECARET]}${src[t.XRANGEPLAINLOOSE]}$`)
+
+// A simple gt/lt/eq thing, or just "" to indicate "any version"
+createToken('COMPARATORLOOSE', `^${src[t.GTLT]}\\s*(${src[t.LOOSEPLAIN]})$|^$`)
+createToken('COMPARATOR', `^${src[t.GTLT]}\\s*(${src[t.FULLPLAIN]})$|^$`)
+
+// An expression to strip any whitespace between the gtlt and the thing
+// it modifies, so that `> 1.2.3` ==> `>1.2.3`
+createToken('COMPARATORTRIM', `(\\s*)${src[t.GTLT]
+}\\s*(${src[t.LOOSEPLAIN]}|${src[t.XRANGEPLAIN]})`, true)
+exports.comparatorTrimReplace = '$1$2$3'
+
+// Something like `1.2.3 - 1.2.4`
+// Note that these all use the loose form, because they'll be
+// checked against either the strict or loose comparator form
+// later.
+createToken('HYPHENRANGE', `^\\s*(${src[t.XRANGEPLAIN]})` +
+                   `\\s+-\\s+` +
+                   `(${src[t.XRANGEPLAIN]})` +
+                   `\\s*$`)
+
+createToken('HYPHENRANGELOOSE', `^\\s*(${src[t.XRANGEPLAINLOOSE]})` +
+                        `\\s+-\\s+` +
+                        `(${src[t.XRANGEPLAINLOOSE]})` +
+                        `\\s*$`)
+
+// Star ranges basically just allow anything at all.
+createToken('STAR', '(<|>)?=?\\s*\\*')
+// >=0.0.0 is like a star
+createToken('GTE0', '^\\s*>=\\s*0\\.0\\.0\\s*$')
+createToken('GTE0PRE', '^\\s*>=\\s*0\\.0\\.0-0\\s*$')
+
+
 /***/ }),
 
 /***/ 4294:

docs/backups.md

@@ -0,0 +1,83 @@
+# Backup your database
+
+You can use the Supabase CLI to backup your Postgres database. The steps involve running a series of commands to dump roles, schema, and data separately.
+Inside your repository, create a new file inside the `.github/workflows` folder called `backup.yml`. Copy the following snippet inside the file, and the action will run whenever a new PR is created.
+
+!!! note
+
+    Never backup your data to a public repository. 
+
+## Backup action
+
+```yaml
+name: 'backup-database'
+on:
+  pull_request:
+jobs:
+  build: 
+    runs-on: ubuntu-latest
+    env:
+      supabase_db_url: ${{ secrets.SUPABASE_DB_URL }}   # For example: postgresql://postgres:[YOUR-PASSWORD]@db.<ref>.supabase.co:5432/postgres
+    steps:
+      - uses: actions/checkout@v2
+      - uses: supabase/setup-cli@v1
+        with:
+          version: latest
+      - name: Backup roles
+        run: supabase db dump --db-url "$supabase_db_url" -f roles.sql --role-only
+      - name: Backup schema
+        run: supabase db dump --db-url "$supabase_db_url" -f schema.sql
+      - name: Backup data
+        run: supabase db dump --db-url "$supabase_db_url" -f data.sql --data-only --use-copy
+```
+## Periodic Backups Workflow
+
+You can use the GitHub Action to run periodic backups of your database. In this example, the Action workflow is triggered by `push` and `pull_request` events on the `main` branch, manually via `workflow_dispatch`, and automatically at midnight every day due to the `schedule` event with a `cron` expression.
+The workflow runs on the latest Ubuntu runner and requires write permissions to the repository's contents. It uses the Supabase CLI to dump the roles, schema, and data from your Supabase database, utilizing the `SUPABASE_DB_URL` environment variable that is securely stored in the GitHub secrets.
+After the backup is complete, it auto-commits the changes to the repository using the `git-auto-commit-action`. This ensures that the latest backup is always available in your repository. The commit message for these automated commits is "Supabase backup".
+This workflow provides an automated solution for maintaining regular backups of your Supabase database. It helps keep your data safe and enables easy restoration in case of any accidental data loss or corruption.
+
+!!! note
+
+    Never backup your data to a public repository. 
+
+```yaml
+name: Supa-backup
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+  workflow_dispatch:
+  schedule:
+    - cron: '0 0 * * *' # Runs every day at midnight
+jobs:   
+  run_db_backup:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    env:
+      supabase_db_url: ${{ secrets.SUPABASE_DB_URL }}   # For example: postgresql://postgres:[YOUR-PASSWORD]@db.<ref>.supabase.co:5432/postgres
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          ref: ${{ github.head_ref }}
+      - uses: supabase/setup-cli@v1
+        with:
+          version: latest
+      - name: Backup roles
+        run: supabase db dump --db-url "$supabase_db_url" -f roles.sql --role-only
+      - name: Backup schema
+        run: supabase db dump --db-url "$supabase_db_url" -f schema.sql
+      - name: Backup data
+        run: supabase db dump --db-url "$supabase_db_url" -f data.sql --data-only --use-copy
+
+      - uses: stefanzweifel/git-auto-commit-action@v4
+        with:
+          commit_message: Supabase backup
+```
+
+## More resources
+
+- Backing up and migrating your project: [Migrating and Upgrading](https://supabase.com/docs/guides/platform/migrating-and-upgrading-projects)

docs/generating-types.md

@@ -0,0 +1,36 @@
+# Generating Types
+
+You can use the Supabase CLI to automatically generate Typescript definitions from your Postgres database. You can then pass these definitions to your `supabase-js` client and get end-to-end type safety across client, server, and database.
+
+Inside your repository, create a new file inside the `.github/workflows` folder called `generate-types.yml`. Copy this snippet inside the file, and the action will run whenever a new PR is created:
+
+## Verify types
+
+```yaml
+name: 'generate-types'
+on:
+  pull_request:
+
+jobs:
+  build: 
+    runs-on: ubuntu-latest
+    steps:
+        - uses: supabase/setup-cli@v1
+          with:
+            version: latest
+        - run: supabase init
+        - run: supabase db start
+        - name: Verify generated types match Postgres schema
+          run: |
+            supabase gen types typescript --local > schema.gen.ts
+            if ! git diff --ignore-space-at-eol --exit-code --quiet schema.gen.ts; then
+              echo "Detected uncommitted changes after build. See status below:"
+              git diff
+              exit 1
+            fi
+```
+
+
+## More resources
+
+- Using supabase-js with type definitions: [Typescript Support](https://supabase.com/docs/reference/javascript/typescript-support)

docs/index.md

@@ -0,0 +1,35 @@
+# `supabase-github-action`
+
+The Supabase GitHub Action provides an easy way to use the Supabase CLI on GitHub's hosted Actions runners.
+
+The action can be run on `ubuntu-latest`, `windows-latest`, and `macos-latest` GitHub Actions runners, and will install and expose a specified version of the Supabase CLI on the runner environment.
+
+## Quick start
+
+This example shows how you can use the Supabase GitHub Action to test your migrations on every Pull Request.
+
+Inside your repository, create a new file inside the `.github/workflows` folder called `test-migrations.yml`.
+
+Copy this snippet inside the file, and the action will run whenever a new PR is created:
+
+```yaml
+name: 'test-migrations'
+on:
+  pull_request:
+
+jobs:
+  build: 
+    runs-on: ubuntu-latest
+    steps:
+        - uses: supabase/setup-cli@v1
+          with:
+            version: latest
+        - run: supabase init
+        - run: supabase db start
+```
+
+
+## Resources
+
+- **Source Code**: <a href="https://github.com/supabase/supabase-github-action" target="_blank">github.com/supabase/supabase-github-action</a>
+- **CLI Documentation**: <a href="https://supabase.com/docs/guides/cli" target="_blank">supabase.com/docs/guides/cli</a>

docs/migrations.md

@@ -0,0 +1,25 @@
+# Managing database migrations
+
+Migrations are programmatic changes to your database. They are usually checked into Git.
+
+## Testing your migrations
+
+Inside your repository, create a new file inside the `.github/workflows` folder called `test-migrations.yml`.
+
+Copy this snippet inside the file, and the action will run whenever a new PR is created:
+
+```yaml
+name: 'test-migrations'
+on:
+  pull_request:
+
+jobs:
+  build: 
+    runs-on: ubuntu-latest
+    steps:
+        - uses: supabase/setup-cli@v1
+          with:
+            version: latest
+        - run: supabase init
+        - run: supabase db start
+```

docs/testing.md

@@ -0,0 +1,59 @@
+# Automated testing
+
+You can use the Supabase CLI to run automated tests. 
+
+## Testing your database
+
+After you have [created unit tests](https://supabase.com/docs/guides/database/testing) for your database, you can use the GitHub Action to run the tests.
+
+Inside your repository, create a new file inside the `.github/workflows` folder called `database-tests.yml`. Copy this snippet inside the file, and the action will run whenever a new PR is created:
+
+```yaml
+name: 'database-tests'
+on:
+  pull_request:
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: supabase/setup-cli@v1
+        with:
+          version: latest
+      - run: supabase db start
+      - run: supabase test db
+
+```
+
+## Testing your Edge Functions
+
+After you have [created unit tests](https://supabase.com/docs/guides/functions/unit-test) for your Edge Functions, you can use the GitHub Action to run the tests.
+
+Inside your repository, create a new file inside the `.github/workflows` folder called `functions-tests.yml`. Copy this snippet inside the file, and the action will run whenever a new PR is created:
+
+```yaml
+name: 'functions-tests'
+on:
+  pull_request:
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: supabase/setup-cli@v1
+        with:
+          version: latest
+      - uses: denoland/setup-deno@v2
+        with:
+          deno-version: latest
+      - run: supabase start
+      - run: deno test --allow-all deno-test.ts --env-file .env.local
+
+```
+
+## More resources
+
+- Learn more about the [pgTAP extension](https://supabase.com/docs/guides/database/extensions/pgtap) for database testing.
+- Official pgTAP Documentation: [pgtap.org](https://pgtap.org/)

mkdocs.yaml

@@ -0,0 +1,34 @@
+site_name: supabase-github-action
+site_url: https://supabase.github.io/supabase-github-action
+site_description: A GitHub action for interacting with your Supabase projects using the CLI. 
+
+repo_name: supabase/supabase-github-action
+repo_url: https://github.com/supabase/supabase-github-action
+
+nav:
+    - Welcome: 'index.md'
+    - Quickstart: 'migrations.md'
+
+theme:
+    name: 'material'
+    features:
+      - navigation.expand
+    favicon: 'assets/favicon.ico'
+    logo: 'assets/favicon.ico'
+    homepage: https://supabase.github.io/supabase-github-action
+    palette:
+        primary: black
+        accent: light green
+
+markdown_extensions:
+    - pymdownx.highlight:
+        linenums: true
+        guess_lang: false
+        use_pygments: true
+        pygments_style: default
+    - pymdownx.superfences
+    - pymdownx.tabbed:
+        alternate_style: true
+    - pymdownx.snippets
+    - pymdownx.tasklist
+    - admonition

package.json

@@ -26,18 +26,21 @@
   "license": "MIT",
   "dependencies": {
     "@actions/core": "^1.10.0",
-    "@actions/http-client": "^2.0.1",
-    "@actions/tool-cache": "^2.0.1"
+    "@actions/tool-cache": "^2.0.1",
+    "semver": "^7.5.4"
   },
   "devDependencies": {
+    "@types/js-yaml": "^4.0.5",
     "@types/node": "^16.11.47",
-    "@typescript-eslint/parser": "^5.40.1",
-    "@vercel/ncc": "^0.34.0",
-    "eslint": "^8.25.0",
-    "eslint-plugin-github": "^4.4.0",
-    "eslint-plugin-jest": "^27.1.3",
+    "@types/semver": "^7.5.0",
+    "@typescript-eslint/parser": "^5.62.0",
+    "@vercel/ncc": "^0.36.1",
+    "eslint": "^8.45.0",
+    "eslint-plugin-github": "^4.9.0",
+    "eslint-plugin-jest": "^27.2.3",
     "jest": "^28.1.3",
-    "prettier": "2.7.1",
+    "js-yaml": "^4.1.0",
+    "prettier": "2.8.8",
     "ts-jest": "^28.0.8",
     "typescript": "^4.8.4"
   }

src/main.ts

@@ -1,6 +1,9 @@
 import * as core from '@actions/core'
 import * as tc from '@actions/tool-cache'
-import {getDownloadUrl} from './utils'
+import gte from 'semver/functions/gte'
+import {getDownloadUrl, determineInstalledVersion} from './utils'
+
+export const CLI_CONFIG_REGISTRY = 'SUPABASE_INTERNAL_IMAGE_REGISTRY'
 
 async function run(): Promise<void> {
   try {
@@ -16,6 +19,15 @@ async function run(): Promise<void> {
 
     // Expose the tool by adding it to the PATH
     core.addPath(pathToCLI)
+
+    // Expose installed tool version
+    const determinedVersion = await determineInstalledVersion()
+    core.setOutput('version', determinedVersion)
+
+    // Use GHCR mirror by default
+    if (version.toLowerCase() === 'latest' || gte(version, '1.28.0')) {
+      core.exportVariable(CLI_CONFIG_REGISTRY, 'ghcr.io')
+    }
   } catch (error) {
     if (error instanceof Error) core.setFailed(error.message)
   }

src/utils.ts

@@ -1,10 +1,9 @@
+import {exec} from 'child_process'
 import os from 'os'
-import {HttpClient} from '@actions/http-client'
-import {BearerCredentialHandler} from '@actions/http-client/lib/auth'
+import lt from 'semver/functions/lt'
+import {promisify} from 'util'
 
-interface GitHubTag {
-  tag_name: string
-}
+const doExec = promisify(exec)
 
 // arch in [arm, arm64, x64...] (https://nodejs.org/docs/latest-v16.x/api/os.html#osarch)
 // return value in [amd64, arm64, arm]
@@ -27,29 +26,23 @@ const mapOS = (platform: string): string => {
 export const getDownloadUrl = async (version: string): Promise<string> => {
   const platform = mapOS(os.platform())
   const arch = mapArch(os.arch())
-  const resolvedVersion = await resolveVersion(version)
-  const filename = `supabase_${resolvedVersion}_${platform}_${arch}`
-
-  return `https://github.com/supabase/cli/releases/download/v${resolvedVersion}/${filename}.tar.gz`
+  const filename = `supabase_${platform}_${arch}.tar.gz`
+  if (version.toLowerCase() === 'latest') {
+    return `https://github.com/supabase/cli/releases/latest/download/${filename}`
+  }
+  if (lt(version, '1.28.0')) {
+    return `https://github.com/supabase/cli/releases/download/v${version}/supabase_${version}_${platform}_${arch}.tar.gz`
+  }
+  return `https://github.com/supabase/cli/releases/download/v${version}/${filename}`
 }
 
-// Authenticate with GH_TOKEN to avoid GitHub API rate limits
-const token = process.env['GH_TOKEN']
-const http = new HttpClient(
-  'supabase/setup-cli',
-  token ? [new BearerCredentialHandler(token)] : undefined
-)
+export const determineInstalledVersion = async (): Promise<string> => {
+  const {stdout} = await doExec('supabase --version')
 
-const resolveVersion = async (version: string): Promise<string> => {
-  if (version !== 'latest') {
-    return version
+  const version = stdout.trim()
+  if (!version) {
+    throw new Error('Could not determine installed Supabase CLI version')
   }
 
-  const url = 'https://api.github.com/repos/supabase/cli/releases/latest'
-  const tag = (await http.getJson<GitHubTag>(url)).result?.tag_name
-  if (!tag) {
-    throw new Error('Cannot fetch tag info')
-  }
-
-  return tag.substring(1)
+  return version
 }