feat: bump default cli version to 1.136.3

chore: update check-dist.yml for node20 (#257 )
chore: update docs for updating action v1
2025-12-08 16:16:25 +00:00 · 2024-01-31 12:44:59 +08:00 · 2024-01-29 00:20:23 +08:00 · 2024-01-29 00:12:30 +08:00 · 2024-01-26 17:39:55 +08:00 · 2024-01-17 15:21:50 +08:00
16 changed files with 2528 additions and 945 deletions
--- a/.github/workflows/check-dist.yml
+++ b/.github/workflows/check-dist.yml
@@ -21,12 +21,13 @@ jobs:
    runs-on: ubuntu-latest

    steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4

-      - name: Set Node.js 16.x
-        uses: actions/setup-node@v3.5.1
+      - name: Set Node.js 20.x
+        uses: actions/setup-node@v4.0.1
        with:
-          node-version: 16.x
+          node-version: 20.x
+          cache: npm

      - name: Install dependencies
        run: npm ci
@@ -46,7 +47,7 @@ jobs:
        id: diff

      # If index.js was different than expected, upload the expected version as an artifact
-      - uses: actions/upload-artifact@v3
+      - uses: actions/upload-artifact@v4
        if: ${{ failure() && steps.diff.conclusion == 'failure' }}
        with:
          name: dist
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -38,11 +38,11 @@ jobs:

    steps:
    - name: Checkout repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4

    # Initializes the CodeQL tools for scanning.
    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@v3
      with:
        languages: ${{ matrix.language }}
        source-root: src
@@ -54,7 +54,7 @@ jobs:
    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
    # If this step fails, then you should remove it and run the build manually (see below)
    - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
+      uses: github/codeql-action/autobuild@v3

    # ℹ️ Command-line programs to run using the OS shell.
    # 📚 https://git.io/JvXDl
@@ -68,4 +68,4 @@ jobs:
    #   make release

    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@v3
--- a/.github/workflows/dependabot.yml
+++ b/.github/workflows/dependabot.yml
@@ -1,7 +1,7 @@
-# Adapted from https://blog.somewhatabstract.com/2021/10/11/setting-up-dependabot-with-github-actions-to-approve-and-merge/
+# Adapted from https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions#enable-auto-merge-on-a-pull-request
 name: Dependabot auto-merge

-on: pull_request_target
+on: pull_request

 permissions:
  pull-requests: write
@@ -18,7 +18,7 @@ jobs:
      # will not occur.
      - name: Dependabot metadata
        id: dependabot-metadata
-        uses: dependabot/fetch-metadata@v1.3.4
+        uses: dependabot/fetch-metadata@v1.6.0
        with:
          github-token: '${{ secrets.GITHUB_TOKEN }}'

--- a/.github/workflows/start.yml
+++ b/.github/workflows/start.yml
@@ -4,30 +4,32 @@ on:
    branches:
      - main
    tags:
-      - 'v*'
+      - 'v[0-9]+.[0-9]+.[0-9]+'
  schedule:
    # * is a special character in YAML so you have to quote this string
    - cron: '30 1,9 * * *'
+  workflow_dispatch:

 defaults:
  run:
    shell: bash

-env:
-  GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
 jobs:
  e2e: # make sure the action works on a clean machine without building
    runs-on: ubuntu-latest
    strategy:
      matrix:
        version:
-          - 1.0.0
+          - 1.136.3
          - latest
+        pg_major:
+          - 14
+          - 15
    steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
      - uses: ./
        with:
          version: ${{ matrix.version }}
      - run: supabase init
+      - run: sed -i -E "s|^(major_version) .*|\1 = ${{ matrix.pg_major }}|" supabase/config.toml
      - run: supabase start
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -9,14 +9,11 @@ defaults:
  run:
    shell: bash

-env:
-  GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
 jobs:
  build: # make sure build/ci work properly
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
      - run: npm install
      - run: npm run all
  test: # make sure the action works on a clean machine without building
@@ -26,7 +23,7 @@ jobs:
        os: [macos-latest, windows-latest, ubuntu-latest]
        version: [1.0.0, latest]
    steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
      - uses: ./
        with:
          version: ${{ matrix.version }}
--- a/README.md
+++ b/README.md
@@ -5,7 +5,7 @@

 ## About

-This action sets up the Supabase CLI, [`supabase`](https://github.com/supabase/cli), on GitHub's hosted Actions runners.
+This action sets up the Supabase CLI, [`supabase`](https://github.com/supabase/cli), on GitHub's hosted Actions runners. Other CI runners like [BitBucket](https://bitbucket.org/supabase-cli/setup-cli/src/master/bitbucket-pipelines.yml) and [GitLab](https://gitlab.com/sweatybridge/setup-cli/-/blob/main/.gitlab-ci.yml) are supported via their respective pipelines.

 This action can be run on `ubuntu-latest`, `windows-latest`, and `macos-latest` GitHub Actions runners, and will install and expose a specified version of the `supabase` CLI on the runner environment.

@@ -24,18 +24,18 @@ A specific version of the `supabase` CLI can be installed:
 steps:
  - uses: supabase/setup-cli@v1
    with:
-      version: 1.0.0
+      version: 1.136.3
 ```

-Run `supabase start` to execute all migrations on a fresh database:
+Run `supabase db start` to execute all migrations on a fresh database:

 ```yaml
 steps:
  - uses: supabase/setup-cli@v1
    with:
-      version: 1.0.0
+      version: latest
  - run: supabase init
-  - run: supabase start
+  - run: supabase db start
 ```

 Since Supabase CLI relies on Docker Engine API, additional setup may be required on Windows and macOS runners.
@@ -44,7 +44,9 @@ Since Supabase CLI relies on Docker Engine API, additional setup may be required

 The actions supports the following inputs:

- `version`: The version of `supabase` to install, defaulting to `1.0.0`. You can also specify `latest` to use the latest version.
+| Name      | Type   | Description                        | Default   | Required |
+| --------- | ------ | ---------------------------------- | --------- | -------- |
+| `version` | String | Supabase CLI version (or `latest`) | `1.136.3` | false    |

 ## Advanced Usage

@@ -54,7 +56,7 @@ Check generated TypeScript types are up-to-date with Postgres schema:
 steps:
  - uses: supabase/setup-cli@v1
  - run: supabase init
-  - run: supabase start
+  - run: supabase db start
  - name: Verify generated types match Postgres schema
    run: |
      supabase gen types typescript --local > schema.gen.ts
@@ -112,16 +114,8 @@ $ npm test

 Actions are run from GitHub repos so we will checkin the packed dist folder.

-Then run [ncc](https://github.com/zeit/ncc) and push the results:
-
-```bash
-$ npm run package
-$ git add dist
-$ git commit -a -m "Update dependencies"
-$ git push origin releases/v1
-```
-
-Note: We recommend using the `--license` option for ncc, which will create a license file for all of the production node modules used in your project.
+1. Create a new GitHub release
+2. Rebase `v1` branch on `main`

 Your action is now published! :rocket:

@@ -134,7 +128,7 @@ You can now validate the action by referencing `./` in a workflow in your repo (
 ```yaml
 uses: ./
 with:
-  version: 1.0.0
+  version: latest
 ```

 See the [actions tab](https://github.com/actions/typescript-action/actions) for runs of this action! :rocket:
--- a/tests/main.test.ts
+++ b/tests/main.test.ts
@@ -1,32 +1,55 @@
 import {getDownloadUrl} from '../src/utils'
+import {CLI_CONFIG_REGISTRY} from '../src/main'
 import * as os from 'os'
 import * as process from 'process'
 import * as cp from 'child_process'
 import * as path from 'path'
+import * as fs from 'fs'
+import * as yaml from 'js-yaml'
 import {expect, test} from '@jest/globals'

 test('gets download url to binary', async () => {
-  const url = await getDownloadUrl('0.1.0')
-  expect(url).toContain(
-    'https://github.com/supabase/cli/releases/download/v0.1.0/'
-  )
+  const url = await getDownloadUrl('1.28.0')
+  expect(
+    url.startsWith(
+      'https://github.com/supabase/cli/releases/download/v1.28.0/supabase_'
+    )
+  ).toBeTruthy()
+  expect(url.endsWith('.tar.gz')).toBeTruthy()
+  expect(url).not.toContain('_1.28.0_')
 })

-test('gets download url to binary with "latest" version', async () => {
+test('gets legacy download url to binary', async () => {
+  const url = await getDownloadUrl('0.1.0')
+  expect(
+    url.startsWith(
+      `https://github.com/supabase/cli/releases/download/v0.1.0/supabase_0.1.0_`
+    )
+  ).toBeTruthy()
+  expect(url.endsWith('.tar.gz')).toBeTruthy()
+})
+
+test('gets download url to latest version', async () => {
  const url = await getDownloadUrl('latest')
  expect(url).toMatch(
-    /^https:\/\/github.com\/supabase\/cli\/releases\/download\/v[0-9]+\.[0-9]+\.[0-9]+\/supabase_[0-9]+\.[0-9]+\.[0-9]+/
+    'https://github.com/supabase/cli/releases/latest/download/'
  )
 })

 // shows how the runner will run a javascript action with env / stdout protocol
 test('test runs', () => {
  process.env['RUNNER_TEMP'] = os.tmpdir()
-  process.env['INPUT_VERSION'] = '1.0.0'
+  const config = path.join(__dirname, '..', 'action.yml')
+  const action: any = yaml.load(fs.readFileSync(config, 'utf8'))
+  process.env['INPUT_VERSION'] = action.inputs.version.default
  const np = process.execPath
  const ip = path.join(__dirname, '..', 'lib', 'main.js')
  const options: cp.ExecFileSyncOptions = {
    env: process.env
  }
-  console.log(cp.execFileSync(np, [ip], options).toString())
+  const stdout = cp.execFileSync(np, [ip], options).toString()
+  console.log(stdout)
+  expect
+    .stringContaining(`::set-env name=${CLI_CONFIG_REGISTRY}::`)
+    .asymmetricMatch(stdout)
 })
--- a/action.yml
+++ b/action.yml
@@ -5,7 +5,10 @@ inputs:
  version:
    description: Version of Supabase CLI to install
    required: false
-    default: 1.0.0
+    default: 1.136.3
+outputs:
+  version:
+    description: Version of installed Supabase CLI
 runs:
-  using: node16
+  using: node20
  main: dist/index.js
--- a/dist/index.js
+++ b/dist/index.js
@@ -38,10 +38,16 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
        step((generator = generator.apply(thisArg, _arguments || [])).next());
    });
 };
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
 Object.defineProperty(exports, "__esModule", ({ value: true }));
+exports.CLI_CONFIG_REGISTRY = void 0;
 const core = __importStar(__nccwpck_require__(2186));
 const tc = __importStar(__nccwpck_require__(7784));
+const gte_1 = __importDefault(__nccwpck_require__(5522));
 const utils_1 = __nccwpck_require__(918);
+exports.CLI_CONFIG_REGISTRY = 'SUPABASE_INTERNAL_IMAGE_REGISTRY';
 function run() {
    return __awaiter(this, void 0, void 0, function* () {
        try {
@@ -54,6 +60,13 @@ function run() {
            const pathToCLI = yield tc.extractTar(pathToTarball);
            // Expose the tool by adding it to the PATH
            core.addPath(pathToCLI);
+            // Expose installed tool version
+            const determinedVersion = yield (0, utils_1.determineInstalledVersion)();
+            core.setOutput('version', determinedVersion);
+            // Use GHCR mirror by default
+            if (version.toLowerCase() === 'latest' || (0, gte_1.default)(version, '1.28.0')) {
+                core.exportVariable(exports.CLI_CONFIG_REGISTRY, 'ghcr.io');
+            }
        }
        catch (error) {
            if (error instanceof Error)
@@ -84,10 +97,12 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
    return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", ({ value: true }));
-exports.getDownloadUrl = void 0;
+exports.determineInstalledVersion = exports.getDownloadUrl = void 0;
+const child_process_1 = __nccwpck_require__(2081);
 const os_1 = __importDefault(__nccwpck_require__(2037));
-const http_client_1 = __nccwpck_require__(6255);
-const auth_1 = __nccwpck_require__(5526);
+const lt_1 = __importDefault(__nccwpck_require__(194));
+const util_1 = __nccwpck_require__(3837);
+const doExec = (0, util_1.promisify)(child_process_1.exec);
 // arch in [arm, arm64, x64...] (https://nodejs.org/docs/latest-v16.x/api/os.html#osarch)
 // return value in [amd64, arm64, arm]
 const mapArch = (arch) => {
@@ -107,26 +122,25 @@ const mapOS = (platform) => {
 const getDownloadUrl = (version) => __awaiter(void 0, void 0, void 0, function* () {
    const platform = mapOS(os_1.default.platform());
    const arch = mapArch(os_1.default.arch());
-    const resolvedVersion = yield resolveVersion(version);
-    const filename = `supabase_${resolvedVersion}_${platform}_${arch}`;
-    return `https://github.com/supabase/cli/releases/download/v${resolvedVersion}/${filename}.tar.gz`;
+    const filename = `supabase_${platform}_${arch}.tar.gz`;
+    if (version.toLowerCase() === 'latest') {
+        return `https://github.com/supabase/cli/releases/latest/download/${filename}`;
+    }
+    if ((0, lt_1.default)(version, '1.28.0')) {
+        return `https://github.com/supabase/cli/releases/download/v${version}/supabase_${version}_${platform}_${arch}.tar.gz`;
+    }
+    return `https://github.com/supabase/cli/releases/download/v${version}/${filename}`;
 });
 exports.getDownloadUrl = getDownloadUrl;
-// Authenticate with GH_TOKEN to avoid GitHub API rate limits
-const token = process.env['GH_TOKEN'];
-const http = new http_client_1.HttpClient('supabase/setup-cli', token ? [new auth_1.BearerCredentialHandler(token)] : undefined);
-const resolveVersion = (version) => __awaiter(void 0, void 0, void 0, function* () {
-    var _a;
-    if (version !== 'latest') {
-        return version;
+const determineInstalledVersion = () => __awaiter(void 0, void 0, void 0, function* () {
+    const { stdout } = yield doExec('supabase --version');
+    const version = stdout.trim();
+    if (!version) {
+        throw new Error('Could not determine installed Supabase CLI version');
    }
-    const url = 'https://api.github.com/repos/supabase/cli/releases/latest';
-    const tag = (_a = (yield http.getJson(url)).result) === null || _a === void 0 ? void 0 : _a.tag_name;
-    if (!tag) {
-        throw new Error('Cannot fetch tag info');
-    }
-    return tag.substring(1);
+    return version;
 });
+exports.determineInstalledVersion = determineInstalledVersion;


 /***/ }),
@@ -3840,7 +3854,7 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
 };
 Object.defineProperty(exports, "__esModule", ({ value: true }));
 exports._readLinuxVersionFile = exports._getOsVersion = exports._findMatch = void 0;
-const semver = __importStar(__nccwpck_require__(5911));
+const semver = __importStar(__nccwpck_require__(562));
 const core_1 = __nccwpck_require__(2186);
 // needs to be require for core node modules to be mocked
 /* eslint @typescript-eslint/no-require-imports: 0 */
@@ -4075,7 +4089,7 @@ const mm = __importStar(__nccwpck_require__(2473));
 const os = __importStar(__nccwpck_require__(2037));
 const path = __importStar(__nccwpck_require__(1017));
 const httpm = __importStar(__nccwpck_require__(6255));
-const semver = __importStar(__nccwpck_require__(5911));
+const semver = __importStar(__nccwpck_require__(562));
 const stream = __importStar(__nccwpck_require__(2781));
 const util = __importStar(__nccwpck_require__(3837));
 const assert_1 = __nccwpck_require__(9491);
@@ -4702,7 +4716,7 @@ function _unique(values) {

 /***/ }),

-/***/ 5911:
+/***/ 562:
 /***/ ((module, exports) => {

 exports = module.exports = SemVer
@@ -6303,6 +6317,609 @@ function coerce (version, options) {
 }


+/***/ }),
+
+/***/ 8088:
+/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => {
+
+const debug = __nccwpck_require__(106)
+const { MAX_LENGTH, MAX_SAFE_INTEGER } = __nccwpck_require__(2293)
+const { re, t } = __nccwpck_require__(9523)
+
+const parseOptions = __nccwpck_require__(785)
+const { compareIdentifiers } = __nccwpck_require__(2463)
+class SemVer {
+  constructor (version, options) {
+    options = parseOptions(options)
+
+    if (version instanceof SemVer) {
+      if (version.loose === !!options.loose &&
+          version.includePrerelease === !!options.includePrerelease) {
+        return version
+      } else {
+        version = version.version
+      }
+    } else if (typeof version !== 'string') {
+      throw new TypeError(`Invalid Version: ${version}`)
+    }
+
+    if (version.length > MAX_LENGTH) {
+      throw new TypeError(
+        `version is longer than ${MAX_LENGTH} characters`
+      )
+    }
+
+    debug('SemVer', version, options)
+    this.options = options
+    this.loose = !!options.loose
+    // this isn't actually relevant for versions, but keep it so that we
+    // don't run into trouble passing this.options around.
+    this.includePrerelease = !!options.includePrerelease
+
+    const m = version.trim().match(options.loose ? re[t.LOOSE] : re[t.FULL])
+
+    if (!m) {
+      throw new TypeError(`Invalid Version: ${version}`)
+    }
+
+    this.raw = version
+
+    // these are actually numbers
+    this.major = +m[1]
+    this.minor = +m[2]
+    this.patch = +m[3]
+
+    if (this.major > MAX_SAFE_INTEGER || this.major < 0) {
+      throw new TypeError('Invalid major version')
+    }
+
+    if (this.minor > MAX_SAFE_INTEGER || this.minor < 0) {
+      throw new TypeError('Invalid minor version')
+    }
+
+    if (this.patch > MAX_SAFE_INTEGER || this.patch < 0) {
+      throw new TypeError('Invalid patch version')
+    }
+
+    // numberify any prerelease numeric ids
+    if (!m[4]) {
+      this.prerelease = []
+    } else {
+      this.prerelease = m[4].split('.').map((id) => {
+        if (/^[0-9]+$/.test(id)) {
+          const num = +id
+          if (num >= 0 && num < MAX_SAFE_INTEGER) {
+            return num
+          }
+        }
+        return id
+      })
+    }
+
+    this.build = m[5] ? m[5].split('.') : []
+    this.format()
+  }
+
+  format () {
+    this.version = `${this.major}.${this.minor}.${this.patch}`
+    if (this.prerelease.length) {
+      this.version += `-${this.prerelease.join('.')}`
+    }
+    return this.version
+  }
+
+  toString () {
+    return this.version
+  }
+
+  compare (other) {
+    debug('SemVer.compare', this.version, this.options, other)
+    if (!(other instanceof SemVer)) {
+      if (typeof other === 'string' && other === this.version) {
+        return 0
+      }
+      other = new SemVer(other, this.options)
+    }
+
+    if (other.version === this.version) {
+      return 0
+    }
+
+    return this.compareMain(other) || this.comparePre(other)
+  }
+
+  compareMain (other) {
+    if (!(other instanceof SemVer)) {
+      other = new SemVer(other, this.options)
+    }
+
+    return (
+      compareIdentifiers(this.major, other.major) ||
+      compareIdentifiers(this.minor, other.minor) ||
+      compareIdentifiers(this.patch, other.patch)
+    )
+  }
+
+  comparePre (other) {
+    if (!(other instanceof SemVer)) {
+      other = new SemVer(other, this.options)
+    }
+
+    // NOT having a prerelease is > having one
+    if (this.prerelease.length && !other.prerelease.length) {
+      return -1
+    } else if (!this.prerelease.length && other.prerelease.length) {
+      return 1
+    } else if (!this.prerelease.length && !other.prerelease.length) {
+      return 0
+    }
+
+    let i = 0
+    do {
+      const a = this.prerelease[i]
+      const b = other.prerelease[i]
+      debug('prerelease compare', i, a, b)
+      if (a === undefined && b === undefined) {
+        return 0
+      } else if (b === undefined) {
+        return 1
+      } else if (a === undefined) {
+        return -1
+      } else if (a === b) {
+        continue
+      } else {
+        return compareIdentifiers(a, b)
+      }
+    } while (++i)
+  }
+
+  compareBuild (other) {
+    if (!(other instanceof SemVer)) {
+      other = new SemVer(other, this.options)
+    }
+
+    let i = 0
+    do {
+      const a = this.build[i]
+      const b = other.build[i]
+      debug('prerelease compare', i, a, b)
+      if (a === undefined && b === undefined) {
+        return 0
+      } else if (b === undefined) {
+        return 1
+      } else if (a === undefined) {
+        return -1
+      } else if (a === b) {
+        continue
+      } else {
+        return compareIdentifiers(a, b)
+      }
+    } while (++i)
+  }
+
+  // preminor will bump the version up to the next minor release, and immediately
+  // down to pre-release. premajor and prepatch work the same way.
+  inc (release, identifier) {
+    switch (release) {
+      case 'premajor':
+        this.prerelease.length = 0
+        this.patch = 0
+        this.minor = 0
+        this.major++
+        this.inc('pre', identifier)
+        break
+      case 'preminor':
+        this.prerelease.length = 0
+        this.patch = 0
+        this.minor++
+        this.inc('pre', identifier)
+        break
+      case 'prepatch':
+        // If this is already a prerelease, it will bump to the next version
+        // drop any prereleases that might already exist, since they are not
+        // relevant at this point.
+        this.prerelease.length = 0
+        this.inc('patch', identifier)
+        this.inc('pre', identifier)
+        break
+      // If the input is a non-prerelease version, this acts the same as
+      // prepatch.
+      case 'prerelease':
+        if (this.prerelease.length === 0) {
+          this.inc('patch', identifier)
+        }
+        this.inc('pre', identifier)
+        break
+
+      case 'major':
+        // If this is a pre-major version, bump up to the same major version.
+        // Otherwise increment major.
+        // 1.0.0-5 bumps to 1.0.0
+        // 1.1.0 bumps to 2.0.0
+        if (
+          this.minor !== 0 ||
+          this.patch !== 0 ||
+          this.prerelease.length === 0
+        ) {
+          this.major++
+        }
+        this.minor = 0
+        this.patch = 0
+        this.prerelease = []
+        break
+      case 'minor':
+        // If this is a pre-minor version, bump up to the same minor version.
+        // Otherwise increment minor.
+        // 1.2.0-5 bumps to 1.2.0
+        // 1.2.1 bumps to 1.3.0
+        if (this.patch !== 0 || this.prerelease.length === 0) {
+          this.minor++
+        }
+        this.patch = 0
+        this.prerelease = []
+        break
+      case 'patch':
+        // If this is not a pre-release version, it will increment the patch.
+        // If it is a pre-release it will bump up to the same patch version.
+        // 1.2.0-5 patches to 1.2.0
+        // 1.2.0 patches to 1.2.1
+        if (this.prerelease.length === 0) {
+          this.patch++
+        }
+        this.prerelease = []
+        break
+      // This probably shouldn't be used publicly.
+      // 1.0.0 'pre' would become 1.0.0-0 which is the wrong direction.
+      case 'pre':
+        if (this.prerelease.length === 0) {
+          this.prerelease = [0]
+        } else {
+          let i = this.prerelease.length
+          while (--i >= 0) {
+            if (typeof this.prerelease[i] === 'number') {
+              this.prerelease[i]++
+              i = -2
+            }
+          }
+          if (i === -1) {
+            // didn't increment anything
+            this.prerelease.push(0)
+          }
+        }
+        if (identifier) {
+          // 1.2.0-beta.1 bumps to 1.2.0-beta.2,
+          // 1.2.0-beta.fooblz or 1.2.0-beta bumps to 1.2.0-beta.0
+          if (compareIdentifiers(this.prerelease[0], identifier) === 0) {
+            if (isNaN(this.prerelease[1])) {
+              this.prerelease = [identifier, 0]
+            }
+          } else {
+            this.prerelease = [identifier, 0]
+          }
+        }
+        break
+
+      default:
+        throw new Error(`invalid increment argument: ${release}`)
+    }
+    this.format()
+    this.raw = this.version
+    return this
+  }
+}
+
+module.exports = SemVer
+
+
+/***/ }),
+
+/***/ 4309:
+/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => {
+
+const SemVer = __nccwpck_require__(8088)
+const compare = (a, b, loose) =>
+  new SemVer(a, loose).compare(new SemVer(b, loose))
+
+module.exports = compare
+
+
+/***/ }),
+
+/***/ 5522:
+/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => {
+
+const compare = __nccwpck_require__(4309)
+const gte = (a, b, loose) => compare(a, b, loose) >= 0
+module.exports = gte
+
+
+/***/ }),
+
+/***/ 194:
+/***/ ((module, __unused_webpack_exports, __nccwpck_require__) => {
+
+const compare = __nccwpck_require__(4309)
+const lt = (a, b, loose) => compare(a, b, loose) < 0
+module.exports = lt
+
+
+/***/ }),
+
+/***/ 2293:
+/***/ ((module) => {
+
+// Note: this is the semver.org version of the spec that it implements
+// Not necessarily the package version of this code.
+const SEMVER_SPEC_VERSION = '2.0.0'
+
+const MAX_LENGTH = 256
+const MAX_SAFE_INTEGER = Number.MAX_SAFE_INTEGER ||
+/* istanbul ignore next */ 9007199254740991
+
+// Max safe segment length for coercion.
+const MAX_SAFE_COMPONENT_LENGTH = 16
+
+module.exports = {
+  SEMVER_SPEC_VERSION,
+  MAX_LENGTH,
+  MAX_SAFE_INTEGER,
+  MAX_SAFE_COMPONENT_LENGTH,
+}
+
+
+/***/ }),
+
+/***/ 106:
+/***/ ((module) => {
+
+const debug = (
+  typeof process === 'object' &&
+  process.env &&
+  process.env.NODE_DEBUG &&
+  /\bsemver\b/i.test(process.env.NODE_DEBUG)
+) ? (...args) => console.error('SEMVER', ...args)
+  : () => {}
+
+module.exports = debug
+
+
+/***/ }),
+
+/***/ 2463:
+/***/ ((module) => {
+
+const numeric = /^[0-9]+$/
+const compareIdentifiers = (a, b) => {
+  const anum = numeric.test(a)
+  const bnum = numeric.test(b)
+
+  if (anum && bnum) {
+    a = +a
+    b = +b
+  }
+
+  return a === b ? 0
+    : (anum && !bnum) ? -1
+    : (bnum && !anum) ? 1
+    : a < b ? -1
+    : 1
+}
+
+const rcompareIdentifiers = (a, b) => compareIdentifiers(b, a)
+
+module.exports = {
+  compareIdentifiers,
+  rcompareIdentifiers,
+}
+
+
+/***/ }),
+
+/***/ 785:
+/***/ ((module) => {
+
+// parse out just the options we care about so we always get a consistent
+// obj with keys in a consistent order.
+const opts = ['includePrerelease', 'loose', 'rtl']
+const parseOptions = options =>
+  !options ? {}
+  : typeof options !== 'object' ? { loose: true }
+  : opts.filter(k => options[k]).reduce((o, k) => {
+    o[k] = true
+    return o
+  }, {})
+module.exports = parseOptions
+
+
+/***/ }),
+
+/***/ 9523:
+/***/ ((module, exports, __nccwpck_require__) => {
+
+const { MAX_SAFE_COMPONENT_LENGTH } = __nccwpck_require__(2293)
+const debug = __nccwpck_require__(106)
+exports = module.exports = {}
+
+// The actual regexps go on exports.re
+const re = exports.re = []
+const src = exports.src = []
+const t = exports.t = {}
+let R = 0
+
+const createToken = (name, value, isGlobal) => {
+  const index = R++
+  debug(name, index, value)
+  t[name] = index
+  src[index] = value
+  re[index] = new RegExp(value, isGlobal ? 'g' : undefined)
+}
+
+// The following Regular Expressions can be used for tokenizing,
+// validating, and parsing SemVer version strings.
+
+// ## Numeric Identifier
+// A single `0`, or a non-zero digit followed by zero or more digits.
+
+createToken('NUMERICIDENTIFIER', '0|[1-9]\\d*')
+createToken('NUMERICIDENTIFIERLOOSE', '[0-9]+')
+
+// ## Non-numeric Identifier
+// Zero or more digits, followed by a letter or hyphen, and then zero or
+// more letters, digits, or hyphens.
+
+createToken('NONNUMERICIDENTIFIER', '\\d*[a-zA-Z-][a-zA-Z0-9-]*')
+
+// ## Main Version
+// Three dot-separated numeric identifiers.
+
+createToken('MAINVERSION', `(${src[t.NUMERICIDENTIFIER]})\\.` +
+                   `(${src[t.NUMERICIDENTIFIER]})\\.` +
+                   `(${src[t.NUMERICIDENTIFIER]})`)
+
+createToken('MAINVERSIONLOOSE', `(${src[t.NUMERICIDENTIFIERLOOSE]})\\.` +
+                        `(${src[t.NUMERICIDENTIFIERLOOSE]})\\.` +
+                        `(${src[t.NUMERICIDENTIFIERLOOSE]})`)
+
+// ## Pre-release Version Identifier
+// A numeric identifier, or a non-numeric identifier.
+
+createToken('PRERELEASEIDENTIFIER', `(?:${src[t.NUMERICIDENTIFIER]
+}|${src[t.NONNUMERICIDENTIFIER]})`)
+
+createToken('PRERELEASEIDENTIFIERLOOSE', `(?:${src[t.NUMERICIDENTIFIERLOOSE]
+}|${src[t.NONNUMERICIDENTIFIER]})`)
+
+// ## Pre-release Version
+// Hyphen, followed by one or more dot-separated pre-release version
+// identifiers.
+
+createToken('PRERELEASE', `(?:-(${src[t.PRERELEASEIDENTIFIER]
+}(?:\\.${src[t.PRERELEASEIDENTIFIER]})*))`)
+
+createToken('PRERELEASELOOSE', `(?:-?(${src[t.PRERELEASEIDENTIFIERLOOSE]
+}(?:\\.${src[t.PRERELEASEIDENTIFIERLOOSE]})*))`)
+
+// ## Build Metadata Identifier
+// Any combination of digits, letters, or hyphens.
+
+createToken('BUILDIDENTIFIER', '[0-9A-Za-z-]+')
+
+// ## Build Metadata
+// Plus sign, followed by one or more period-separated build metadata
+// identifiers.
+
+createToken('BUILD', `(?:\\+(${src[t.BUILDIDENTIFIER]
+}(?:\\.${src[t.BUILDIDENTIFIER]})*))`)
+
+// ## Full Version String
+// A main version, followed optionally by a pre-release version and
+// build metadata.
+
+// Note that the only major, minor, patch, and pre-release sections of
+// the version string are capturing groups.  The build metadata is not a
+// capturing group, because it should not ever be used in version
+// comparison.
+
+createToken('FULLPLAIN', `v?${src[t.MAINVERSION]
+}${src[t.PRERELEASE]}?${
+  src[t.BUILD]}?`)
+
+createToken('FULL', `^${src[t.FULLPLAIN]}$`)
+
+// like full, but allows v1.2.3 and =1.2.3, which people do sometimes.
+// also, 1.0.0alpha1 (prerelease without the hyphen) which is pretty
+// common in the npm registry.
+createToken('LOOSEPLAIN', `[v=\\s]*${src[t.MAINVERSIONLOOSE]
+}${src[t.PRERELEASELOOSE]}?${
+  src[t.BUILD]}?`)
+
+createToken('LOOSE', `^${src[t.LOOSEPLAIN]}$`)
+
+createToken('GTLT', '((?:<|>)?=?)')
+
+// Something like "2.*" or "1.2.x".
+// Note that "x.x" is a valid xRange identifer, meaning "any version"
+// Only the first item is strictly required.
+createToken('XRANGEIDENTIFIERLOOSE', `${src[t.NUMERICIDENTIFIERLOOSE]}|x|X|\\*`)
+createToken('XRANGEIDENTIFIER', `${src[t.NUMERICIDENTIFIER]}|x|X|\\*`)
+
+createToken('XRANGEPLAIN', `[v=\\s]*(${src[t.XRANGEIDENTIFIER]})` +
+                   `(?:\\.(${src[t.XRANGEIDENTIFIER]})` +
+                   `(?:\\.(${src[t.XRANGEIDENTIFIER]})` +
+                   `(?:${src[t.PRERELEASE]})?${
+                     src[t.BUILD]}?` +
+                   `)?)?`)
+
+createToken('XRANGEPLAINLOOSE', `[v=\\s]*(${src[t.XRANGEIDENTIFIERLOOSE]})` +
+                        `(?:\\.(${src[t.XRANGEIDENTIFIERLOOSE]})` +
+                        `(?:\\.(${src[t.XRANGEIDENTIFIERLOOSE]})` +
+                        `(?:${src[t.PRERELEASELOOSE]})?${
+                          src[t.BUILD]}?` +
+                        `)?)?`)
+
+createToken('XRANGE', `^${src[t.GTLT]}\\s*${src[t.XRANGEPLAIN]}$`)
+createToken('XRANGELOOSE', `^${src[t.GTLT]}\\s*${src[t.XRANGEPLAINLOOSE]}$`)
+
+// Coercion.
+// Extract anything that could conceivably be a part of a valid semver
+createToken('COERCE', `${'(^|[^\\d])' +
+              '(\\d{1,'}${MAX_SAFE_COMPONENT_LENGTH}})` +
+              `(?:\\.(\\d{1,${MAX_SAFE_COMPONENT_LENGTH}}))?` +
+              `(?:\\.(\\d{1,${MAX_SAFE_COMPONENT_LENGTH}}))?` +
+              `(?:$|[^\\d])`)
+createToken('COERCERTL', src[t.COERCE], true)
+
+// Tilde ranges.
+// Meaning is "reasonably at or greater than"
+createToken('LONETILDE', '(?:~>?)')
+
+createToken('TILDETRIM', `(\\s*)${src[t.LONETILDE]}\\s+`, true)
+exports.tildeTrimReplace = '$1~'
+
+createToken('TILDE', `^${src[t.LONETILDE]}${src[t.XRANGEPLAIN]}$`)
+createToken('TILDELOOSE', `^${src[t.LONETILDE]}${src[t.XRANGEPLAINLOOSE]}$`)
+
+// Caret ranges.
+// Meaning is "at least and backwards compatible with"
+createToken('LONECARET', '(?:\\^)')
+
+createToken('CARETTRIM', `(\\s*)${src[t.LONECARET]}\\s+`, true)
+exports.caretTrimReplace = '$1^'
+
+createToken('CARET', `^${src[t.LONECARET]}${src[t.XRANGEPLAIN]}$`)
+createToken('CARETLOOSE', `^${src[t.LONECARET]}${src[t.XRANGEPLAINLOOSE]}$`)
+
+// A simple gt/lt/eq thing, or just "" to indicate "any version"
+createToken('COMPARATORLOOSE', `^${src[t.GTLT]}\\s*(${src[t.LOOSEPLAIN]})$|^$`)
+createToken('COMPARATOR', `^${src[t.GTLT]}\\s*(${src[t.FULLPLAIN]})$|^$`)
+
+// An expression to strip any whitespace between the gtlt and the thing
+// it modifies, so that `> 1.2.3` ==> `>1.2.3`
+createToken('COMPARATORTRIM', `(\\s*)${src[t.GTLT]
+}\\s*(${src[t.LOOSEPLAIN]}|${src[t.XRANGEPLAIN]})`, true)
+exports.comparatorTrimReplace = '$1$2$3'
+
+// Something like `1.2.3 - 1.2.4`
+// Note that these all use the loose form, because they'll be
+// checked against either the strict or loose comparator form
+// later.
+createToken('HYPHENRANGE', `^\\s*(${src[t.XRANGEPLAIN]})` +
+                   `\\s+-\\s+` +
+                   `(${src[t.XRANGEPLAIN]})` +
+                   `\\s*$`)
+
+createToken('HYPHENRANGELOOSE', `^\\s*(${src[t.XRANGEPLAINLOOSE]})` +
+                        `\\s+-\\s+` +
+                        `(${src[t.XRANGEPLAINLOOSE]})` +
+                        `\\s*$`)
+
+// Star ranges basically just allow anything at all.
+createToken('STAR', '(<|>)?=?\\s*\\*')
+// >=0.0.0 is like a star
+createToken('GTE0', '^\\s*>=\\s*0\\.0\\.0\\s*$')
+createToken('GTE0PRE', '^\\s*>=\\s*0\\.0\\.0-0\\s*$')
+
+
 /***/ }),

 /***/ 4294:
--- a/dist/index.js.map
+++ b/dist/index.js.map
--- a/docs/index.md
+++ b/docs/index.md
@@ -0,0 +1,35 @@
+# `supabase-github-action`
+
+The Supabase GitHub Action provides an easy way to use the Supabase CLI on GitHub's hosted Actions runners.
+
+The action can be run on `ubuntu-latest`, `windows-latest`, and `macos-latest` GitHub Actions runners, and will install and expose a specified version of the Supabase CLI on the runner environment.
+
+## Quick start
+
+This example shows how you can use the Supabase GitHub Action to test your migrations on every Pull Request.
+
+Inside your repository, create a new file inside the `.github/workflows` folder called `test-migrations.yml`.
+
+Copy this snippet inside the file, and the action will run whenever a new PR is created:
+
+```yaml
+name: 'test-migrations'
+on:
+  pull_request:
+
+jobs:
+  build: 
+    runs-on: ubuntu-latest
+    steps:
+        - uses: supabase/setup-cli@v1
+            with:
+            version: latest
+        - run: supabase init
+        - run: supabase db start
+```
+
+
+## Resources
+
+- **Source Code**: <a href="https://github.com/supabase/supabase-github-action" target="_blank">github.com/supabase/supabase-github-action</a>
+- **CLI Documentation**: <a href="https://supabase.com/docs/guides/cli" target="_blank">supabase.com/docs/guides/cli</a>
--- a/mkdocs.yaml
+++ b/mkdocs.yaml
@@ -0,0 +1,33 @@
+site_name: supabase-github-action
+site_url: https://supabase.github.io/supabase-github-action
+site_description: A GitHub action for interacting with your Supabase projects using the CLI. 
+
+repo_name: supabase/supabase-github-action
+repo_url: https://github.com/supabase/supabase-github-action
+
+nav:
+    - Welcome: 'index.md'
+
+theme:
+    name: 'material'
+    features:
+      - navigation.expand
+    favicon: 'assets/favicon.ico'
+    logo: 'assets/favicon.ico'
+    homepage: https://supabase.github.io/supabase-github-action
+    palette:
+        primary: black
+        accent: light green
+
+markdown_extensions:
+    - pymdownx.highlight:
+        linenums: true
+        guess_lang: false
+        use_pygments: true
+        pygments_style: default
+    - pymdownx.superfences
+    - pymdownx.tabbed:
+        alternate_style: true
+    - pymdownx.snippets
+    - pymdownx.tasklist
+    - admonition
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@@ -25,19 +25,22 @@
  "author": "",
  "license": "MIT",
  "dependencies": {
-    "@actions/core": "^1.10.0",
-    "@actions/http-client": "^2.0.1",
-    "@actions/tool-cache": "^2.0.1"
+    "@actions/core": "^1.10.1",
+    "@actions/tool-cache": "^2.0.1",
+    "semver": "^7.5.4"
  },
  "devDependencies": {
+    "@types/js-yaml": "^4.0.9",
    "@types/node": "^16.11.47",
-    "@typescript-eslint/parser": "^5.40.1",
-    "@vercel/ncc": "^0.34.0",
-    "eslint": "^8.25.0",
-    "eslint-plugin-github": "^4.4.0",
-    "eslint-plugin-jest": "^27.1.3",
+    "@types/semver": "^7.5.6",
+    "@typescript-eslint/parser": "^5.62.0",
+    "@vercel/ncc": "^0.38.1",
+    "eslint": "^8.56.0",
+    "eslint-plugin-github": "^4.9.0",
+    "eslint-plugin-jest": "^27.6.3",
    "jest": "^28.1.3",
-    "prettier": "2.7.1",
+    "js-yaml": "^4.1.0",
+    "prettier": "2.8.8",
    "ts-jest": "^28.0.8",
    "typescript": "^4.8.4"
  }
--- a/src/main.ts
+++ b/src/main.ts
@@ -1,6 +1,9 @@
 import * as core from '@actions/core'
 import * as tc from '@actions/tool-cache'
-import {getDownloadUrl} from './utils'
+import gte from 'semver/functions/gte'
+import {getDownloadUrl, determineInstalledVersion} from './utils'
+
+export const CLI_CONFIG_REGISTRY = 'SUPABASE_INTERNAL_IMAGE_REGISTRY'

 async function run(): Promise<void> {
  try {
@@ -16,6 +19,15 @@ async function run(): Promise<void> {

    // Expose the tool by adding it to the PATH
    core.addPath(pathToCLI)
+
+    // Expose installed tool version
+    const determinedVersion = await determineInstalledVersion()
+    core.setOutput('version', determinedVersion)
+
+    // Use GHCR mirror by default
+    if (version.toLowerCase() === 'latest' || gte(version, '1.28.0')) {
+      core.exportVariable(CLI_CONFIG_REGISTRY, 'ghcr.io')
+    }
  } catch (error) {
    if (error instanceof Error) core.setFailed(error.message)
  }
--- a/src/utils.ts
+++ b/src/utils.ts
@@ -1,10 +1,9 @@
+import {exec} from 'child_process'
 import os from 'os'
-import {HttpClient} from '@actions/http-client'
-import {BearerCredentialHandler} from '@actions/http-client/lib/auth'
+import lt from 'semver/functions/lt'
+import {promisify} from 'util'

-interface GitHubTag {
-  tag_name: string
-}
+const doExec = promisify(exec)

 // arch in [arm, arm64, x64...] (https://nodejs.org/docs/latest-v16.x/api/os.html#osarch)
 // return value in [amd64, arm64, arm]
@@ -27,29 +26,23 @@ const mapOS = (platform: string): string => {
 export const getDownloadUrl = async (version: string): Promise<string> => {
  const platform = mapOS(os.platform())
  const arch = mapArch(os.arch())
-  const resolvedVersion = await resolveVersion(version)
-  const filename = `supabase_${resolvedVersion}_${platform}_${arch}`
-
-  return `https://github.com/supabase/cli/releases/download/v${resolvedVersion}/${filename}.tar.gz`
+  const filename = `supabase_${platform}_${arch}.tar.gz`
+  if (version.toLowerCase() === 'latest') {
+    return `https://github.com/supabase/cli/releases/latest/download/${filename}`
+  }
+  if (lt(version, '1.28.0')) {
+    return `https://github.com/supabase/cli/releases/download/v${version}/supabase_${version}_${platform}_${arch}.tar.gz`
+  }
+  return `https://github.com/supabase/cli/releases/download/v${version}/${filename}`
 }

-// Authenticate with GH_TOKEN to avoid GitHub API rate limits
-const token = process.env['GH_TOKEN']
-const http = new HttpClient(
-  'supabase/setup-cli',
-  token ? [new BearerCredentialHandler(token)] : undefined
-)
+export const determineInstalledVersion = async (): Promise<string> => {
+  const {stdout} = await doExec('supabase --version')

-const resolveVersion = async (version: string): Promise<string> => {
-  if (version !== 'latest') {
-    return version
+  const version = stdout.trim()
+  if (!version) {
+    throw new Error('Could not determine installed Supabase CLI version')
  }

-  const url = 'https://api.github.com/repos/supabase/cli/releases/latest'
-  const tag = (await http.getJson<GitHubTag>(url)).result?.tag_name
-  if (!tag) {
-    throw new Error('Cannot fetch tag info')
-  }
-
-  return tag.substring(1)
+  return version
 }