feat: caching

## What changed

Remove the unsupported `cooldown.semver-minor-days` and
`cooldown.semver-patch-days` settings from the `github-actions`
Dependabot ecosystem.

The Bun ecosystem keeps its cooldown settings, and GitHub Actions
updates keep the weekly Tuesday schedule, PR limit, and minor/patch
grouping.

## Why

Dependabot rejects semver-specific cooldown properties for the
`github-actions` ecosystem with:

```
The property `#/updates/0/cooldown/semver-minor-days` is not supported for the package ecosystem `github-actions`.
The property `#/updates/0/cooldown/semver-patch-days` is not supported for the package ecosystem `github-actions`.
```

Removing those keys restores a valid Dependabot config while preserving
the grouped weekly update policy.

## Validation

- Parsed `.github/dependabot.yml` successfully as YAML

.bun-version

@@ -0,0 +1 @@
+1.3.10

.eslintignore

@@ -1,4 +0,0 @@
-dist/
-lib/
-node_modules/
-jest.config.js

.eslintrc.json

@@ -1,55 +0,0 @@
-{
-    "plugins": ["jest", "@typescript-eslint"],
-    "extends": ["plugin:github/recommended"],
-    "parser": "@typescript-eslint/parser",
-    "parserOptions": {
-      "ecmaVersion": 9,
-      "sourceType": "module",
-      "project": "./tsconfig.json"
-    },
-    "rules": {
-      "i18n-text/no-en": "off",
-      "eslint-comments/no-use": "off",
-      "import/no-namespace": "off",
-      "no-unused-vars": "off",
-      "@typescript-eslint/no-unused-vars": "error",
-      "@typescript-eslint/explicit-member-accessibility": ["error", {"accessibility": "no-public"}],
-      "@typescript-eslint/no-require-imports": "error",
-      "@typescript-eslint/array-type": "error",
-      "@typescript-eslint/await-thenable": "error",
-      "@typescript-eslint/ban-ts-comment": "error",
-      "camelcase": "off",
-      "@typescript-eslint/consistent-type-assertions": "error",
-      "@typescript-eslint/explicit-function-return-type": ["error", {"allowExpressions": true}],
-      "@typescript-eslint/func-call-spacing": ["error", "never"],
-      "@typescript-eslint/no-array-constructor": "error",
-      "@typescript-eslint/no-empty-interface": "error",
-      "@typescript-eslint/no-explicit-any": "error",
-      "@typescript-eslint/no-extraneous-class": "error",
-      "@typescript-eslint/no-for-in-array": "error",
-      "@typescript-eslint/no-inferrable-types": "error",
-      "@typescript-eslint/no-misused-new": "error",
-      "@typescript-eslint/no-namespace": "error",
-      "@typescript-eslint/no-non-null-assertion": "warn",
-      "@typescript-eslint/no-unnecessary-qualifier": "error",
-      "@typescript-eslint/no-unnecessary-type-assertion": "error",
-      "@typescript-eslint/no-useless-constructor": "error",
-      "@typescript-eslint/no-var-requires": "error",
-      "@typescript-eslint/prefer-for-of": "warn",
-      "@typescript-eslint/prefer-function-type": "warn",
-      "@typescript-eslint/prefer-includes": "error",
-      "@typescript-eslint/prefer-string-starts-ends-with": "error",
-      "@typescript-eslint/promise-function-async": "error",
-      "@typescript-eslint/require-array-sort-compare": "error",
-      "@typescript-eslint/restrict-plus-operands": "error",
-      "semi": "off",
-      "@typescript-eslint/semi": ["error", "never"],
-      "@typescript-eslint/type-annotation-spacing": "error",
-      "@typescript-eslint/unbound-method": "error"
-    },
-    "env": {
-      "node": true,
-      "es6": true,
-      "jest/globals": true
-    }
-  }

.gitattributes

@@ -1 +0,0 @@
-dist/** -diff linguist-generated=true 

.github/CODEOWNERS

@@ -0,0 +1 @@
+* @supabase/cli

.github/dependabot.yml

@@ -3,9 +3,34 @@ updates:
   - package-ecosystem: github-actions
     directory: /
     schedule:
-      interval: daily
+      interval: weekly
+      day: tuesday
+      time: "09:00"
+      timezone: Europe/Paris
+    open-pull-requests-limit: 1
+    groups:
+      actions-minor-patch:
+        patterns:
+          - "*"
+        update-types:
+          - minor
+          - patch
 
-  - package-ecosystem: npm
+  - package-ecosystem: bun
     directory: /
     schedule:
-      interval: daily
+      interval: weekly
+      day: tuesday
+      time: "09:00"
+      timezone: Europe/Paris
+    open-pull-requests-limit: 1
+    cooldown:
+      semver-minor-days: 7
+      semver-patch-days: 2
+    groups:
+      bun-minor-patch:
+        patterns:
+          - "*"
+        update-types:
+          - minor
+          - patch

.github/workflows/check-dist.yml

@@ -1,54 +0,0 @@
-# `dist/index.js` is a special file in Actions.
-# When you reference an action with `uses:` in a workflow,
-# `index.js` is the code that will run.
-# For our project, we generate this file through a build process from other source files.
-# We need to make sure the checked-in `index.js` actually matches what we expect it to be.
-name: Check dist/
-
-on:
-  push:
-    branches:
-      - main
-    paths-ignore:
-      - '**.md'
-  pull_request:
-    paths-ignore:
-      - '**.md'
-  workflow_dispatch:
-
-jobs:
-  check-dist:
-    runs-on: ubuntu-latest
-
-    steps:
-      - uses: actions/checkout@v3
-
-      - name: Set Node.js 16.x
-        uses: actions/setup-node@v3.6.0
-        with:
-          node-version: 16.x
-          cache: npm
-
-      - name: Install dependencies
-        run: npm ci
-
-      - name: Rebuild the dist/ directory
-        run: |
-          npm run build
-          npm run package
-
-      - name: Compare the expected and actual dist/ directories
-        run: |
-          if ! git diff --ignore-space-at-eol --exit-code --quiet dist/; then
-            echo "Detected uncommitted changes after build.  See status below:"
-            git diff
-            exit 1
-          fi
-        id: diff
-
-      # If index.js was different than expected, upload the expected version as an artifact
-      - uses: actions/upload-artifact@v3
-        if: ${{ failure() && steps.diff.conclusion == 'failure' }}
-        with:
-          name: dist
-          path: dist/

.github/workflows/ci.yml

@@ -0,0 +1,68 @@
+name: CI
+
+on:
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
+      - converted_to_draft
+  push:
+    branches:
+      - main
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+permissions:
+  contents: read
+
+defaults:
+  run:
+    shell: bash
+
+jobs:
+  validate:
+    if: ${{ github.event_name != 'pull_request' || !github.event.pull_request.draft }}
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
+      - uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2.2.0
+        with:
+          bun-version-file: .bun-version
+      - run: bun install --frozen-lockfile
+      - run: bun run ci
+
+  test:
+    if: ${{ github.event_name != 'pull_request' || !github.event.pull_request.draft }}
+    runs-on: ${{ matrix.os }}
+    timeout-minutes: 20
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [macos-latest, windows-latest, ubuntu-latest]
+        version: [1.0.0, latest]
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: ./
+        with:
+          version: ${{ matrix.version }}
+      - run: supabase -h
+
+  ci:
+    if: ${{ always() && github.event_name == 'pull_request' }}
+    name: CI
+    runs-on: ubuntu-latest
+    needs: [validate, test]
+    timeout-minutes: 5
+    steps:
+      - run: |
+          validate_result="${{ needs.validate.result }}"
+          test_result="${{ needs.test.result }}"
+          [[ "$validate_result" == "success" || "$validate_result" == "skipped" ]]
+          [[ "$test_result" == "success" || "$test_result" == "skipped" ]]

.github/workflows/codeql-analysis.yml

@@ -1,71 +0,0 @@
-# For most projects, this workflow file will not need changing; you simply need
-# to commit it to your repository.
-#
-# You may wish to alter this file to override the set of languages analyzed,
-# or to provide custom queries or build logic.
-#
-# ******** NOTE ********
-# We have attempted to detect the languages in your repository. Please check
-# the `language` matrix defined below to confirm you have the correct set of
-# supported CodeQL languages.
-#
-name: 'CodeQL'
-
-on:
-  push:
-    branches: [ main ]
-  pull_request:
-    # The branches below must be a subset of the branches above
-    branches: [ main ]
-  schedule:
-    - cron: '31 7 * * 3'
-
-jobs:
-  analyze:
-    name: Analyze
-    runs-on: ubuntu-latest
-    permissions:
-      actions: read
-      contents: read
-      security-events: write
-
-    strategy:
-      fail-fast: false
-      matrix:
-        language: [ 'TypeScript' ]
-        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
-        # Learn more about CodeQL language support at https://git.io/codeql-language-support
-
-    steps:
-    - name: Checkout repository
-      uses: actions/checkout@v3
-
-    # Initializes the CodeQL tools for scanning.
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
-      with:
-        languages: ${{ matrix.language }}
-        source-root: src
-        # If you wish to specify custom queries, you can do so here or in a config file.
-        # By default, queries listed here will override any specified in a config file.
-        # Prefix the list here with "+" to use these queries and those in the config file.
-        # queries: ./path/to/local/query, your-org/your-repo/queries@main
-
-    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
-    # If this step fails, then you should remove it and run the build manually (see below)
-    - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
-
-    # ℹ️ Command-line programs to run using the OS shell.
-    # 📚 https://git.io/JvXDl
-
-    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
-    #    and modify them (or add more) to build your code if your project
-    #    uses a compiled language
-
-    #- run: |
-    #   make bootstrap
-    #   make release
-
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2

.github/workflows/dependabot.yml

@@ -1,7 +1,11 @@
-# Adapted from https://blog.somewhatabstract.com/2021/10/11/setting-up-dependabot-with-github-actions-to-approve-and-merge/
+# Adapted from https://docs.github.com/en/code-security/dependabot/working-with-dependabot/automating-dependabot-with-github-actions#enable-auto-merge-on-a-pull-request
 name: Dependabot auto-merge
 
-on: pull_request_target
+on: pull_request
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
 
 permissions:
   pull-requests: write
@@ -10,30 +14,33 @@ permissions:
 jobs:
   dependabot:
     runs-on: ubuntu-latest
-    # Checking the actor will prevent your Action run failing on non-Dependabot
-    # PRs but also ensures that it only does work for Dependabot PRs.
-    if: ${{ github.actor == 'dependabot[bot]' }}
+    timeout-minutes: 10
+    # Only act on PRs opened by Dependabot from branches in this repository.
+    if: github.actor == 'dependabot[bot]' && github.repository == github.event.pull_request.head.repo.full_name
     steps:
-      # This first step will fail if there's no metadata and so the approval
-      # will not occur.
-      - name: Dependabot metadata
-        id: dependabot-metadata
-        uses: dependabot/fetch-metadata@v1.4.0
+      # Metadata drives the non-major gating used for approval and auto-merge.
+      - id: meta
+        uses: dependabot/fetch-metadata@ffa630c65fa7e0ecfa0625b5ceda64399aea1b36 # v3.0.0
         with:
-          github-token: '${{ secrets.GITHUB_TOKEN }}'
+          github-token: "${{ secrets.GITHUB_TOKEN }}"
+
+      - name: Generate token
+        id: app-token
+        if: ${{ steps.meta.outputs.update-type == null || steps.meta.outputs.update-type == 'version-update:semver-patch' || steps.meta.outputs.update-type == 'version-update:semver-minor' }}
+        uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0
+        with:
+          app-id: ${{ secrets.APP_ID }}
+          private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
 
-      # Here the PR gets approved.
       - name: Approve a PR
-        if: ${{ steps.dependabot-metadata.outputs.update-type != 'version-update:semver-major' }}
+        if: ${{ steps.meta.outputs.update-type == null || steps.meta.outputs.update-type == 'version-update:semver-patch' || steps.meta.outputs.update-type == 'version-update:semver-minor' }}
         run: gh pr review --approve "$PR_URL"
         env:
           PR_URL: ${{ github.event.pull_request.html_url }}
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
 
-      # Finally, this sets the PR to allow auto-merging for patch and minor
-      # updates if all checks pass
       - name: Enable auto-merge for Dependabot PRs
-        if: ${{ steps.dependabot-metadata.outputs.update-type != 'version-update:semver-major' }}
+        if: ${{ steps.meta.outputs.update-type == null || steps.meta.outputs.update-type == 'version-update:semver-patch' || steps.meta.outputs.update-type == 'version-update:semver-minor' }}
         run: gh pr merge --auto --squash "$PR_URL"
         env:
           PR_URL: ${{ github.event.pull_request.html_url }}

.github/workflows/e2e.yml

@@ -0,0 +1,71 @@
+name: E2E
+on:
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
+      - converted_to_draft
+  push:
+    branches:
+      - main
+    tags:
+      - "v[0-9]+.[0-9]+.[0-9]+"
+  schedule:
+    # * is a special character in YAML so you have to quote this string
+    - cron: "30 1,9 * * *"
+  workflow_dispatch:
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+defaults:
+  run:
+    shell: bash
+
+permissions:
+  contents: read
+
+jobs:
+  e2e: # make sure the action works on a clean machine without building
+    if: ${{ github.event_name != 'pull_request' || !github.event.pull_request.draft }}
+    runs-on: ubuntu-latest
+    timeout-minutes: 45
+    strategy:
+      fail-fast: false
+      matrix:
+        version:
+          - 1.178.2
+          - 2.33.0
+          - latest
+        pg_major:
+          - 14
+          - 15
+          - 17
+        exclude:
+          - version: 1.178.2
+            pg_major: 17
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
+      - uses: ./
+        with:
+          version: ${{ matrix.version }}
+      - run: supabase init
+      - run: |
+          sed -i -E "s|^(major_version) .*|\\1 = ${{ matrix.pg_major }}|" supabase/config.toml
+      - run: supabase start
+
+  e2e-check:
+    if: ${{ always() && github.event_name == 'pull_request' }}
+    name: E2E
+    runs-on: ubuntu-latest
+    needs: [e2e]
+    timeout-minutes: 5
+    steps:
+      - run: |
+          e2e_result="${{ needs.e2e.result }}"
+          [[ "$e2e_result" == "success" || "$e2e_result" == "skipped" ]]

.github/workflows/licensed.yml

@@ -0,0 +1,142 @@
+# This workflow checks the statuses of cached dependencies used in this action
+# with the help of the Licensed tool. If any licenses are invalid or missing,
+# this workflow will fail. See: https://github.com/licensee/licensed
+
+name: Licensed
+
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+    paths:
+      - .github/workflows/licensed.yml
+      - .licensed.yml
+      - .licenses/**
+      - bun.lock
+      - package.json
+  workflow_dispatch:
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  check-licenses:
+    if: ${{ github.event_name != 'workflow_dispatch' }}
+    name: Licensed
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    permissions:
+      contents: read
+      pull-requests: read
+
+    steps:
+      - name: Detect license inputs
+        id: license-inputs
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          PR_NUMBER: ${{ github.event.pull_request.number }}
+          REPOSITORY: ${{ github.repository }}
+        run: |
+          if [[ "${{ github.event_name }}" != "pull_request" ]]; then
+            echo "changed=true" >> "$GITHUB_OUTPUT"
+            exit 0
+          fi
+
+          gh api "repos/${REPOSITORY}/pulls/${PR_NUMBER}/files" --paginate --jq '.[].filename' > changed-files.txt
+          if grep -Eq '^(\.github/workflows/licensed\.yml|\.licensed\.yml|\.licenses/.*|bun\.lock|package\.json)$' changed-files.txt; then
+            echo "changed=true" >> "$GITHUB_OUTPUT"
+          else
+            echo "changed=false" >> "$GITHUB_OUTPUT"
+          fi
+
+      - name: Checkout
+        id: checkout
+        if: steps.license-inputs.outputs.changed == 'true'
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+
+      - name: Setup Bun
+        id: setup-bun
+        if: steps.license-inputs.outputs.changed == 'true'
+        uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2.2.0
+        with:
+          bun-version-file: .bun-version
+
+      - name: Install Dependencies
+        id: bun-install
+        if: steps.license-inputs.outputs.changed == 'true'
+        run: bun install --frozen-lockfile
+
+      - name: Setup Ruby
+        id: setup-ruby
+        if: steps.license-inputs.outputs.changed == 'true'
+        uses: ruby/setup-ruby@e65c17d16e57e481586a6a5a0282698790062f92 # v1.300.0
+        with:
+          ruby-version: ruby
+
+      - uses: licensee/setup-licensed@0d52e575b3258417672be0dff2f115d7db8771d8 # v1.3.2
+        if: steps.license-inputs.outputs.changed == 'true'
+        with:
+          version: 4.x
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Check Licenses
+        id: check-licenses
+        if: steps.license-inputs.outputs.changed == 'true'
+        run: licensed status
+
+  update-licenses:
+    if: ${{ github.event_name == 'workflow_dispatch' }}
+    name: Update Licenses
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    permissions:
+      contents: write
+
+    steps:
+      - name: Checkout
+        id: checkout
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+
+      - name: Setup Bun
+        id: setup-bun
+        uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2.2.0
+        with:
+          bun-version-file: .bun-version
+
+      - name: Install Dependencies
+        id: bun-install
+        run: bun install --frozen-lockfile
+
+      - name: Setup Ruby
+        id: setup-ruby
+        uses: ruby/setup-ruby@e65c17d16e57e481586a6a5a0282698790062f92 # v1.300.0
+        with:
+          ruby-version: ruby
+
+      - uses: licensee/setup-licensed@0d52e575b3258417672be0dff2f115d7db8771d8 # v1.3.2
+        with:
+          version: 4.x
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Update License Cache
+        id: update-licenses
+        run: licensed cache
+
+      - name: Format License Files
+        id: format-licenses
+        run: bun x oxfmt --write .licensed.yml .licenses
+
+      - name: Commit Licenses
+        id: commit-licenses
+        run: |
+          git config --local user.email "licensed-ci@users.noreply.github.com"
+          git config --local user.name "licensed-ci"
+          git add .licenses .licensed.yml
+          if git diff --cached --quiet; then
+            echo "No license cache changes to commit."
+            exit 0
+          fi
+          git commit -m "Auto-update license files"
+          git push

.github/workflows/start.yml

@@ -1,30 +0,0 @@
-name: CLI Start
-on:
-  push:
-    branches:
-      - main
-    tags:
-      - 'v[0-9]+.[0-9]+.[0-9]+'
-  schedule:
-    # * is a special character in YAML so you have to quote this string
-    - cron: '30 1,9 * * *'
-
-defaults:
-  run:
-    shell: bash
-
-jobs:
-  e2e: # make sure the action works on a clean machine without building
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        version:
-          - 1.0.0
-          - latest
-    steps:
-      - uses: actions/checkout@v3
-      - uses: ./
-        with:
-          version: ${{ matrix.version }}
-      - run: supabase init
-      - run: supabase start

.github/workflows/test.yml

@@ -1,38 +0,0 @@
-name: 'build-test'
-on: # rebuild any PRs and main branch changes
-  pull_request:
-  push:
-    branches:
-      - main
-
-defaults:
-  run:
-    shell: bash
-
-jobs:
-  build: # make sure build/ci work properly
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - run: npm install
-      - run: npm run all
-  test: # make sure the action works on a clean machine without building
-    runs-on: ${{ matrix.os }}
-    strategy:
-      matrix:
-        os: [macos-latest, windows-latest, ubuntu-latest]
-        version: [1.0.0, latest]
-    steps:
-      - uses: actions/checkout@v3
-      - uses: ./
-        with:
-          version: ${{ matrix.version }}
-      - run: supabase -h
-  check:
-    if: ${{ always() && github.event.pull_request }}
-    runs-on: ubuntu-latest
-    needs: [test]
-    steps:
-      - run: |
-          result="${{ needs.test.result }}"
-          [[ $result == "success" || $result == "skipped" ]]

.gitignore

@@ -1,7 +1,6 @@
 # Dependency directory
 node_modules
-
-# Rest pulled from https://github.com/github/gitignore/blob/master/Node.gitignore
+bun.lockb
 # Logs
 logs
 *.log
@@ -96,4 +95,7 @@ Thumbs.db
 
 # Ignore built ts files
 __tests__/runner/*
-lib/**/*
+
+# IDE files
+.idea
+*.code-workspace

.licensed.yml

@@ -0,0 +1,16 @@
+# See: https://github.com/licensee/licensed/blob/main/docs/configuration.md
+
+sources:
+  npm: true
+
+allowed:
+  - apache-2.0
+  - bsd-2-clause
+  - bsd-3-clause
+  - isc
+  - mit
+  - cc0-1.0
+  - other
+
+ignored:
+  npm: []

.licenses/npm/@actions/core.dep.yml

@@ -0,0 +1,20 @@
+---
+name: "@actions/core"
+version: 3.0.0
+type: npm
+summary: Actions core lib
+homepage: https://github.com/actions/toolkit/tree/main/packages/core
+license: mit
+licenses:
+  - sources: LICENSE.md
+    text: |-
+      The MIT License (MIT)
+
+      Copyright 2019 GitHub
+
+      Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+      The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+      THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+notices: []

.licenses/npm/@actions/exec.dep.yml

@@ -0,0 +1,20 @@
+---
+name: "@actions/exec"
+version: 3.0.0
+type: npm
+summary: Actions exec lib
+homepage: https://github.com/actions/toolkit/tree/main/packages/exec
+license: mit
+licenses:
+  - sources: LICENSE.md
+    text: |-
+      The MIT License (MIT)
+
+      Copyright 2019 GitHub
+
+      Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+      The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+      THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+notices: []

.licenses/npm/@actions/http-client.dep.yml

@@ -0,0 +1,32 @@
+---
+name: "@actions/http-client"
+version: 4.0.0
+type: npm
+summary: Actions Http Client
+homepage: https://github.com/actions/toolkit/tree/main/packages/http-client
+license: other
+licenses:
+  - sources: LICENSE
+    text: |
+      Actions Http Client for Node.js
+
+      Copyright (c) GitHub, Inc.
+
+      All rights reserved.
+
+      MIT License
+
+      Permission is hereby granted, free of charge, to any person obtaining a copy of this software and
+      associated documentation files (the "Software"), to deal in the Software without restriction,
+      including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense,
+      and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so,
+      subject to the following conditions:
+
+      The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+      THE SOFTWARE IS PROVIDED *AS IS*, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
+      LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
+      NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+      WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+      SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+notices: []

.licenses/npm/@actions/io.dep.yml

@@ -0,0 +1,20 @@
+---
+name: "@actions/io"
+version: 3.0.2
+type: npm
+summary: Actions io lib
+homepage: https://github.com/actions/toolkit/tree/main/packages/io
+license: mit
+licenses:
+  - sources: LICENSE.md
+    text: |-
+      The MIT License (MIT)
+
+      Copyright 2019 GitHub
+
+      Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+      The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+      THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+notices: []

.licenses/npm/@actions/tool-cache.dep.yml

@@ -0,0 +1,20 @@
+---
+name: "@actions/tool-cache"
+version: 4.0.0
+type: npm
+summary: Actions tool-cache lib
+homepage: https://github.com/actions/toolkit/tree/main/packages/tool-cache
+license: mit
+licenses:
+  - sources: LICENSE.md
+    text: |-
+      The MIT License (MIT)
+
+      Copyright 2019 GitHub
+
+      Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+      The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+      THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+notices: []

.licenses/npm/semver.dep.yml

@@ -0,0 +1,26 @@
+---
+name: semver
+version: 7.7.4
+type: npm
+summary: The semantic version parser used by npm.
+homepage:
+license: isc
+licenses:
+  - sources: LICENSE
+    text: |
+      The ISC License
+
+      Copyright (c) Isaac Z. Schlueter and Contributors
+
+      Permission to use, copy, modify, and/or distribute this software for any
+      purpose with or without fee is hereby granted, provided that the above
+      copyright notice and this permission notice appear in all copies.
+
+      THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+      WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+      MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+      ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+      WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+      ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
+      IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+notices: []

.licenses/npm/tunnel.dep.yml

@@ -0,0 +1,35 @@
+---
+name: tunnel
+version: 0.0.6
+type: npm
+summary: Node HTTP/HTTPS Agents for tunneling proxies
+homepage: https://github.com/koichik/node-tunnel/
+license: mit
+licenses:
+  - sources: LICENSE
+    text: |
+      The MIT License (MIT)
+
+      Copyright (c) 2012 Koichi Kobayashi
+
+      Permission is hereby granted, free of charge, to any person obtaining a copy
+      of this software and associated documentation files (the "Software"), to deal
+      in the Software without restriction, including without limitation the rights
+      to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+      copies of the Software, and to permit persons to whom the Software is
+      furnished to do so, subject to the following conditions:
+
+      The above copyright notice and this permission notice shall be included in
+      all copies or substantial portions of the Software.
+
+      THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+      IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+      FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+      AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+      LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+      OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+      THE SOFTWARE.
+  - sources: README.md
+    text: Licensed under the [MIT](https://github.com/koichik/node-tunnel/blob/master/LICENSE)
+      license.
+notices: []

.licenses/npm/undici.dep.yml

@@ -0,0 +1,34 @@
+---
+name: undici
+version: 6.24.1
+type: npm
+summary: An HTTP/1.1 client, written from scratch for Node.js
+homepage: https://undici.nodejs.org
+license: mit
+licenses:
+  - sources: LICENSE
+    text: |
+      MIT License
+
+      Copyright (c) Matteo Collina and Undici contributors
+
+      Permission is hereby granted, free of charge, to any person obtaining a copy
+      of this software and associated documentation files (the "Software"), to deal
+      in the Software without restriction, including without limitation the rights
+      to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+      copies of the Software, and to permit persons to whom the Software is
+      furnished to do so, subject to the following conditions:
+
+      The above copyright notice and this permission notice shall be included in all
+      copies or substantial portions of the Software.
+
+      THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+      IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+      FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+      AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+      LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+      OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+      SOFTWARE.
+  - sources: README.md
+    text: MIT
+notices: []

.prettierignore

@@ -1,3 +0,0 @@
-dist/
-lib/
-node_modules/

.prettierrc.json

@@ -1,10 +0,0 @@
-{
-  "printWidth": 80,
-  "tabWidth": 2,
-  "useTabs": false,
-  "semi": false,
-  "singleQuote": true,
-  "trailingComma": "none",
-  "bracketSpacing": false,
-  "arrowParens": "avoid"
-}

CODEOWNERS

@@ -1 +0,0 @@
-* @soedirgo @sweatybridge

README.md

@@ -1,13 +1,22 @@
 # :gear: Supabase CLI Action
 
-![](https://github.com/supabase/setup-cli/workflows/build-test/badge.svg)
-![](https://github.com/supabase/setup-cli/workflows/CodeQL/badge.svg)
+[![CI](https://github.com/supabase/setup-cli/actions/workflows/ci.yml/badge.svg)](https://github.com/supabase/setup-cli/actions/workflows/ci.yml)
+[![E2E](https://github.com/supabase/setup-cli/actions/workflows/e2e.yml/badge.svg)](https://github.com/supabase/setup-cli/actions/workflows/e2e.yml)
+[![CodeQL](https://github.com/supabase/setup-cli/actions/workflows/codeql-analysis.yml/badge.svg)](https://github.com/supabase/setup-cli/actions/workflows/codeql-analysis.yml)
 
 ## About
 
-This action sets up the Supabase CLI, [`supabase`](https://github.com/supabase/cli), on GitHub's hosted Actions runners.
+This composite action sets up the Supabase CLI,
+[`supabase`](https://github.com/supabase/cli), on GitHub's hosted Actions
+runners. Other CI runners like
+[Bitbucket](https://bitbucket.org/supabase-cli/setup-cli/src/master/bitbucket-pipelines.yml)
+and
+[GitLab](https://gitlab.com/sweatybridge/setup-cli/-/blob/main/.gitlab-ci.yml)
+are supported via their respective pipelines.
 
-This action can be run on `ubuntu-latest`, `windows-latest`, and `macos-latest` GitHub Actions runners, and will install and expose a specified version of the `supabase` CLI on the runner environment.
+This action can be run on `ubuntu-latest`, `windows-latest`, and `macos-latest`
+GitHub Actions runners, and will install and expose a specified version of the
+`supabase` CLI on the runner environment.
 
 ## Usage
 
@@ -15,38 +24,68 @@ Setup the `supabase` CLI:
 
 ```yaml
 steps:
-  - uses: supabase/setup-cli@v1
+  - uses: supabase/setup-cli@v2
 ```
 
+If `version` is omitted, the action checks the repository root for `bun.lock`,
+`pnpm-lock.yaml`, or `package-lock.json` and uses the declared `supabase`
+version. If no supported lockfile is present, it falls back to `latest`.
+
 A specific version of the `supabase` CLI can be installed:
 
 ```yaml
 steps:
-  - uses: supabase/setup-cli@v1
+  - uses: supabase/setup-cli@v2
     with:
-      version: 1.28.3
+      version: 2.84.2
 ```
 
+Cache Docker images used by `supabase start` across workflow runs:
+
+```yaml
+steps:
+  - uses: actions/checkout@v6
+  - uses: supabase/setup-cli@v2
+    with:
+      version: 2.84.2
+      cache: true
+  - run: supabase start
+```
+
+The first run still pulls images from the registry. Later runs can restore the
+same image set from the GitHub Actions cache before `supabase start` runs, and
+the action saves newly pulled Supabase images at the end of a successful job.
+
 Run `supabase db start` to execute all migrations on a fresh database:
 
 ```yaml
 steps:
-  - uses: supabase/setup-cli@v1
+  - uses: supabase/setup-cli@v2
     with:
       version: latest
   - run: supabase init
   - run: supabase db start
 ```
 
-Since Supabase CLI relies on Docker Engine API, additional setup may be required on Windows and macOS runners.
+Since Supabase CLI relies on Docker Engine API, additional setup may be required
+on Windows and macOS runners.
 
 ## Inputs
 
-The actions supports the following inputs:
+The action supports the following inputs:
 
-| Name      | Type   | Description                        | Default  | Required |
-| --------- | ------ | ---------------------------------- | -------- | -------- |
-| `version` | String | Supabase CLI version (or `latest`) | `1.28.3` | false    |
+| Name        | Type    | Description                                            | Default                           | Required |
+| ----------- | ------- | ------------------------------------------------------ | --------------------------------- | -------- |
+| `version`   | String  | Supabase CLI version (or `latest`)                     | Root lockfile version or `latest` | false    |
+| `cache`     | Boolean | Cache Docker images used by Supabase local development | `false`                           | false    |
+| `cache-key` | String  | Explicit cache key for Supabase Docker images          | Generated from runner and config  | false    |
+
+The action exposes these outputs:
+
+| Name        | Description                                            |
+| ----------- | ------------------------------------------------------ |
+| `version`   | Version of installed Supabase CLI                      |
+| `cache-hit` | Whether an exact Supabase Docker image cache was found |
 
 ## Advanced Usage
 
@@ -54,7 +93,7 @@ Check generated TypeScript types are up-to-date with Postgres schema:
 
 ```yaml
 steps:
-  - uses: supabase/setup-cli@v1
+  - uses: supabase/setup-cli@v2
   - run: supabase init
   - run: supabase db start
   - name: Verify generated types match Postgres schema
@@ -76,67 +115,105 @@ env:
   # Retrieve <project-id> from dashboard url: https://app.supabase.com/project/<project-id>
   PROJECT_ID: <project-id>
 
- steps:
-   - uses: supabase/setup-cli@v1
-   - run: supabase link --project-ref $PROJECT_ID
-   - run: supabase db push
+steps:
+  - uses: supabase/setup-cli@v2
+  - run: supabase link --project-ref $PROJECT_ID
+  - run: supabase db push
 ```
 
+Export local Supabase env vars for app tests:
+
+```yaml
+steps:
+  - uses: supabase/setup-cli@v2
+    with:
+      cache: true
+  - run: supabase init
+  - run: supabase start
+  - name: Export local Supabase env vars
+    run: |
+      # Customize the variable names as needed for your app.
+      supabase status -o env \
+        --override-name api.url=SUPABASE_URL \
+        --override-name auth.service_role_key=SUPABASE_SERVICE_ROLE_KEY \
+        >> .env.test
+  - run: bun test
+```
+
+Customize the Docker image cache key when the image set depends on your workflow
+flags, generated config, or monorepo layout:
+
+```yaml
+steps:
+  - uses: actions/checkout@v6
+  - uses: supabase/setup-cli@v2
+    with:
+      cache: true
+      cache-key: supabase-${{ runner.os }}-${{ runner.arch }}-${{ hashFiles('supabase/config.toml') }}-start-all
+  - run: supabase start
+```
+
+Avoid running `docker system prune -a` before the job ends if you want the
+post-action cache save to include images pulled by `supabase start`.
+
 ## Develop
 
-> Requires `node >= 16`
+After you've cloned the repository to your local machine or codespace, you'll
+need to perform a few setup steps before you can work on the action.
 
-Install the dependencies
+> [!NOTE]
+>
+> You'll need a recent version of [Bun](https://bun.sh) for local development.
+> This repository includes a `.bun-version` file for tools that can auto-switch
+> Bun versions.
 
-```bash
-$ npm install
-```
+1. :hammer_and_wrench: Install the dependencies
 
-Build the typescript and package it for distribution
+   ```bash
+   bun install
+   ```
 
-```bash
-$ npm run build && npm run package
-```
+1. :white_check_mark: Run the tests
 
-Run the tests :heavy_check_mark:
+   ```bash
+   bun test
+   ```
 
-```bash
-$ npm test
+1. :package: Build the bundled action entrypoints
 
- PASS  __tests__/main.test.ts
-  ✓ gets download url to binary (3 ms)
-  ✓ test runs (891 ms)
+   ```bash
+   bun run build
+   ```
 
-...
-```
+1. :mag: Run the full local CI suite
 
-## Publish to a distribution branch
+   ```bash
+   bun run ci
+   ```
 
-Actions are run from GitHub repos so we will checkin the packed dist folder.
+## Publish
 
-Then run [ncc](https://github.com/zeit/ncc) and push the results:
-
-```bash
-$ npm run all
-$ git add dist
-$ git commit -a -m "Update dependencies"
-$ git push origin releases/v1
-```
-
-Note: We recommend using the `--license` option for ncc, which will create a license file for all of the production node modules used in your project.
+1. Create a new GitHub release
+2. Rebase `v2` branch on `main`
 
 Your action is now published! :rocket:
 
-See the [versioning documentation](https://github.com/actions/toolkit/blob/master/docs/action-versioning.md)
+See the
+[versioning documentation](https://github.com/actions/toolkit/blob/master/docs/action-versioning.md)
 
 ## Validate
 
-You can now validate the action by referencing `./` in a workflow in your repo (see [test.yml](.github/workflows/test.yml))
+Validate changes by exercising the action from a workflow in this repository
+(see [ci.yml](.github/workflows/ci.yml) and [e2e.yml](.github/workflows/e2e.yml)).
 
 ```yaml
-uses: ./
-with:
-  version: latest
+steps:
+  - uses: ./
+    with:
+      version: latest
 ```
 
-See the [actions tab](https://github.com/actions/typescript-action/actions) for runs of this action! :rocket:
+The CI workflow provides fast smoke coverage across GitHub-hosted runners, and
+the E2E workflow verifies `supabase init` and `supabase start` against supported
+Postgres versions. See the [actions tab](https://github.com/supabase/setup-cli/actions)
+for recent runs.

__tests__/main.test.ts

@@ -1,55 +0,0 @@
-import {getDownloadUrl} from '../src/utils'
-import {CLI_CONFIG_REGISTRY} from '../src/main'
-import * as os from 'os'
-import * as process from 'process'
-import * as cp from 'child_process'
-import * as path from 'path'
-import * as fs from 'fs'
-import * as yaml from 'js-yaml'
-import {expect, test} from '@jest/globals'
-
-test('gets download url to binary', async () => {
-  const url = await getDownloadUrl('1.28.0')
-  expect(
-    url.startsWith(
-      'https://github.com/supabase/cli/releases/download/v1.28.0/supabase_'
-    )
-  ).toBeTruthy()
-  expect(url.endsWith('.tar.gz')).toBeTruthy()
-  expect(url).not.toContain('_1.28.0_')
-})
-
-test('gets legacy download url to binary', async () => {
-  const url = await getDownloadUrl('0.1.0')
-  expect(
-    url.startsWith(
-      `https://github.com/supabase/cli/releases/download/v0.1.0/supabase_0.1.0_`
-    )
-  ).toBeTruthy()
-  expect(url.endsWith('.tar.gz')).toBeTruthy()
-})
-
-test('gets download url to latest version', async () => {
-  const url = await getDownloadUrl('latest')
-  expect(url).toMatch(
-    'https://github.com/supabase/cli/releases/latest/download/'
-  )
-})
-
-// shows how the runner will run a javascript action with env / stdout protocol
-test('test runs', () => {
-  process.env['RUNNER_TEMP'] = os.tmpdir()
-  const config = path.join(__dirname, '..', 'action.yml')
-  const action: any = yaml.load(fs.readFileSync(config, 'utf8'))
-  process.env['INPUT_VERSION'] = action.inputs.version.default
-  const np = process.execPath
-  const ip = path.join(__dirname, '..', 'lib', 'main.js')
-  const options: cp.ExecFileSyncOptions = {
-    env: process.env
-  }
-  const stdout = cp.execFileSync(np, [ip], options).toString()
-  console.log(stdout)
-  expect
-    .stringContaining(`::set-env name=${CLI_CONFIG_REGISTRY}::`)
-    .asymmetricMatch(stdout)
-})

action.yml

@@ -3,12 +3,22 @@ description: Setup Supabase CLI, supabase, on GitHub Actions runners
 author: Supabase
 inputs:
   version:
-    description: Version of Supabase CLI to install
+    description: Version of Supabase CLI to install. If omitted, detect from the root lockfile and otherwise use latest.
+    required: false
+  cache:
+    description: Cache Docker images used by Supabase local development commands.
+    required: false
+    default: "false"
+  cache-key:
+    description: Optional explicit cache key for Supabase Docker images.
     required: false
-    default: 1.28.3
 outputs:
   version:
     description: Version of installed Supabase CLI
+  cache-hit:
+    description: Whether an exact Supabase Docker image cache was restored.
 runs:
-  using: node16
-  main: dist/index.js
+  using: node24
+  main: dist/main.js
+  post: dist/post.js
+  post-if: success()

bun.lock

@@ -0,0 +1,244 @@
+{
+  "lockfileVersion": 1,
+  "configVersion": 1,
+  "workspaces": {
+    "": {
+      "name": "setup-cli",
+      "dependencies": {
+        "@actions/cache": "^6.0.0",
+        "@actions/core": "^3.0.0",
+        "@actions/tool-cache": "^4.0.0",
+        "js-yaml": "^4.1.1",
+        "semver": "^7.7.4",
+      },
+      "devDependencies": {
+        "@tsconfig/bun": "^1.0.10",
+        "@types/bun": "^1.3.11",
+        "@types/js-yaml": "^4.0.9",
+        "@types/node": "^24",
+        "@types/semver": "^7.7.1",
+        "@typescript/native-preview": "^7.0.0-dev.20260409.1",
+        "oxfmt": "^0.44.0",
+        "oxlint": "^1.59.0",
+        "oxlint-tsgolint": "^0.20.0",
+      },
+    },
+  },
+  "packages": {
+    "@actions/cache": ["@actions/cache@6.0.0", "", { "dependencies": { "@actions/core": "^3.0.0", "@actions/exec": "^3.0.0", "@actions/glob": "^0.6.1", "@actions/http-client": "^4.0.0", "@actions/io": "^3.0.0", "@azure/core-rest-pipeline": "^1.22.0", "@azure/storage-blob": "^12.30.0", "@protobuf-ts/runtime-rpc": "^2.11.1", "semver": "^7.7.3" } }, "sha512-+tCs634SyGBQJ3KU1rtAVabmN/gYiT9WgzTSJzWwdPCLmM3zWrdbysaErKv8HyI6OozClrxNvDgPjJimbHZZvw=="],
+
+    "@actions/core": ["@actions/core@3.0.0", "", { "dependencies": { "@actions/exec": "^3.0.0", "@actions/http-client": "^4.0.0" } }, "sha512-zYt6cz+ivnTmiT/ksRVriMBOiuoUpDCJJlZ5KPl2/FRdvwU3f7MPh9qftvbkXJThragzUZieit2nyHUyw53Seg=="],
+
+    "@actions/exec": ["@actions/exec@3.0.0", "", { "dependencies": { "@actions/io": "^3.0.2" } }, "sha512-6xH/puSoNBXb72VPlZVm7vQ+svQpFyA96qdDBvhB8eNZOE8LtPf9L4oAsfzK/crCL8YZ+19fKYVnM63Sl+Xzlw=="],
+
+    "@actions/glob": ["@actions/glob@0.6.1", "", { "dependencies": { "@actions/core": "^3.0.0", "minimatch": "^3.0.4" } }, "sha512-K4+2Ac5ILcf2ySdJCha+Pop9NcKjxqCL4xL4zI50dgB2PbXgC0+AcP011xfH4Of6b4QEJJg8dyZYv7zl4byTsw=="],
+
+    "@actions/http-client": ["@actions/http-client@4.0.0", "", { "dependencies": { "tunnel": "^0.0.6", "undici": "^6.23.0" } }, "sha512-QuwPsgVMsD6qaPD57GLZi9sqzAZCtiJT8kVBCDpLtxhL5MydQ4gS+DrejtZZPdIYyB1e95uCK9Luyds7ybHI3g=="],
+
+    "@actions/io": ["@actions/io@3.0.2", "", {}, "sha512-nRBchcMM+QK1pdjO7/idu86rbJI5YHUKCvKs0KxnSYbVe3F51UfGxuZX4Qy/fWlp6l7gWFwIkrOzN+oUK03kfw=="],
+
+    "@actions/tool-cache": ["@actions/tool-cache@4.0.0", "", { "dependencies": { "@actions/core": "^3.0.0", "@actions/exec": "^3.0.0", "@actions/http-client": "^4.0.0", "@actions/io": "^3.0.0", "semver": "^7.7.3" } }, "sha512-L8P9HbXvpvqjZDveb/fdsa55IVC0trfPgQ4ZwGo6r5af6YDVdM9vMGPZ7rgY2fAT9gGj4PSYd6bYlg3p3jD78A=="],
+
+    "@azure/abort-controller": ["@azure/abort-controller@2.1.2", "", { "dependencies": { "tslib": "^2.6.2" } }, "sha512-nBrLsEWm4J2u5LpAPjxADTlq3trDgVZZXHNKabeXZtpq3d3AbN/KGO82R87rdDz5/lYB024rtEf10/q0urNgsA=="],
+
+    "@azure/core-auth": ["@azure/core-auth@1.10.1", "", { "dependencies": { "@azure/abort-controller": "^2.1.2", "@azure/core-util": "^1.13.0", "tslib": "^2.6.2" } }, "sha512-ykRMW8PjVAn+RS6ww5cmK9U2CyH9p4Q88YJwvUslfuMmN98w/2rdGRLPqJYObapBCdzBVeDgYWdJnFPFb7qzpg=="],
+
+    "@azure/core-client": ["@azure/core-client@1.10.1", "", { "dependencies": { "@azure/abort-controller": "^2.1.2", "@azure/core-auth": "^1.10.0", "@azure/core-rest-pipeline": "^1.22.0", "@azure/core-tracing": "^1.3.0", "@azure/core-util": "^1.13.0", "@azure/logger": "^1.3.0", "tslib": "^2.6.2" } }, "sha512-Nh5PhEOeY6PrnxNPsEHRr9eimxLwgLlpmguQaHKBinFYA/RU9+kOYVOQqOrTsCL+KSxrLLl1gD8Dk5BFW/7l/w=="],
+
+    "@azure/core-http-compat": ["@azure/core-http-compat@2.4.0", "", { "dependencies": { "@azure/abort-controller": "^2.1.2" }, "peerDependencies": { "@azure/core-client": "^1.10.0", "@azure/core-rest-pipeline": "^1.22.0" } }, "sha512-f1P96IB399YiN2ARYHP7EpZi3Bf3wH4SN2lGzrw7JVwm7bbsVYtf2iKSBwTywD2P62NOPZGHFSZi+6jjb75JuA=="],
+
+    "@azure/core-lro": ["@azure/core-lro@2.7.2", "", { "dependencies": { "@azure/abort-controller": "^2.0.0", "@azure/core-util": "^1.2.0", "@azure/logger": "^1.0.0", "tslib": "^2.6.2" } }, "sha512-0YIpccoX8m/k00O7mDDMdJpbr6mf1yWo2dfmxt5A8XVZVVMz2SSKaEbMCeJRvgQ0IaSlqhjT47p4hVIRRy90xw=="],
+
+    "@azure/core-paging": ["@azure/core-paging@1.6.2", "", { "dependencies": { "tslib": "^2.6.2" } }, "sha512-YKWi9YuCU04B55h25cnOYZHxXYtEvQEbKST5vqRga7hWY9ydd3FZHdeQF8pyh+acWZvppw13M/LMGx0LABUVMA=="],
+
+    "@azure/core-rest-pipeline": ["@azure/core-rest-pipeline@1.23.0", "", { "dependencies": { "@azure/abort-controller": "^2.1.2", "@azure/core-auth": "^1.10.0", "@azure/core-tracing": "^1.3.0", "@azure/core-util": "^1.13.0", "@azure/logger": "^1.3.0", "@typespec/ts-http-runtime": "^0.3.4", "tslib": "^2.6.2" } }, "sha512-Evs1INHo+jUjwHi1T6SG6Ua/LHOQBCLuKEEE6efIpt4ZOoNonaT1kP32GoOcdNDbfqsD2445CPri3MubBy5DEQ=="],
+
+    "@azure/core-tracing": ["@azure/core-tracing@1.3.1", "", { "dependencies": { "tslib": "^2.6.2" } }, "sha512-9MWKevR7Hz8kNzzPLfX4EAtGM2b8mr50HPDBvio96bURP/9C+HjdH3sBlLSNNrvRAr5/k/svoH457gB5IKpmwQ=="],
+
+    "@azure/core-util": ["@azure/core-util@1.13.1", "", { "dependencies": { "@azure/abort-controller": "^2.1.2", "@typespec/ts-http-runtime": "^0.3.0", "tslib": "^2.6.2" } }, "sha512-XPArKLzsvl0Hf0CaGyKHUyVgF7oDnhKoP85Xv6M4StF/1AhfORhZudHtOyf2s+FcbuQ9dPRAjB8J2KvRRMUK2A=="],
+
+    "@azure/core-xml": ["@azure/core-xml@1.5.1", "", { "dependencies": { "fast-xml-parser": "^5.5.9", "tslib": "^2.8.1" } }, "sha512-xcNRHqCoSp4AunOALEae6A8f3qATb83gSrm31Iqb01OzblvC3/W/bfXozcq78EzIdzZzuH1bZ2NvRR0TdX709w=="],
+
+    "@azure/logger": ["@azure/logger@1.3.0", "", { "dependencies": { "@typespec/ts-http-runtime": "^0.3.0", "tslib": "^2.6.2" } }, "sha512-fCqPIfOcLE+CGqGPd66c8bZpwAji98tZ4JI9i/mlTNTlsIWslCfpg48s/ypyLxZTump5sypjrKn2/kY7q8oAbA=="],
+
+    "@azure/storage-blob": ["@azure/storage-blob@12.31.0", "", { "dependencies": { "@azure/abort-controller": "^2.1.2", "@azure/core-auth": "^1.9.0", "@azure/core-client": "^1.9.3", "@azure/core-http-compat": "^2.2.0", "@azure/core-lro": "^2.2.0", "@azure/core-paging": "^1.6.2", "@azure/core-rest-pipeline": "^1.19.1", "@azure/core-tracing": "^1.2.0", "@azure/core-util": "^1.11.0", "@azure/core-xml": "^1.4.5", "@azure/logger": "^1.1.4", "@azure/storage-common": "^12.3.0", "events": "^3.0.0", "tslib": "^2.8.1" } }, "sha512-DBgNv10aCSxopt92DkTDD0o9xScXeBqPKGmR50FPZQaEcH4JLQ+GEOGEDv19V5BMkB7kxr+m4h6il/cCDPvmHg=="],
+
+    "@azure/storage-common": ["@azure/storage-common@12.3.0", "", { "dependencies": { "@azure/abort-controller": "^2.1.2", "@azure/core-auth": "^1.9.0", "@azure/core-http-compat": "^2.2.0", "@azure/core-rest-pipeline": "^1.19.1", "@azure/core-tracing": "^1.2.0", "@azure/core-util": "^1.11.0", "@azure/logger": "^1.1.4", "events": "^3.3.0", "tslib": "^2.8.1" } }, "sha512-/OFHhy86aG5Pe8dP5tsp+BuJ25JOAl9yaMU3WZbkeoiFMHFtJ7tu5ili7qEdBXNW9G5lDB19trwyI6V49F/8iQ=="],
+
+    "@oxfmt/binding-android-arm-eabi": ["@oxfmt/binding-android-arm-eabi@0.44.0", "", { "os": "android", "cpu": "arm" }, "sha512-5UvghMd9SA/yvKTWCAxMAPXS1d2i054UeOf4iFjZjfayTwCINcC3oaSXjtbZfCaEpxgJod7XiOjTtby5yEv/BQ=="],
+
+    "@oxfmt/binding-android-arm64": ["@oxfmt/binding-android-arm64@0.44.0", "", { "os": "android", "cpu": "arm64" }, "sha512-IVudM1BWfvrYO++Khtzr8q9n5Rxu7msUvoFMqzGJVdX7HfUXUDHwaH2zHZNB58svx2J56pmCUzophyaPFkcG/A=="],
+
+    "@oxfmt/binding-darwin-arm64": ["@oxfmt/binding-darwin-arm64@0.44.0", "", { "os": "darwin", "cpu": "arm64" }, "sha512-eWCLAIKAHfx88EqEP1Ga2yz7qVcqDU5lemn4xck+07bH182hDdprOHjbogyk0In1Djys3T0/pO2JepFnRJ41Mg=="],
+
+    "@oxfmt/binding-darwin-x64": ["@oxfmt/binding-darwin-x64@0.44.0", "", { "os": "darwin", "cpu": "x64" }, "sha512-eHTBznHLM49++dwz07MblQ2cOXyIgeedmE3Wgy4ptUESj38/qYZyRi1MPwC9olQJWssMeY6WI3UZ7YmU5ggvyQ=="],
+
+    "@oxfmt/binding-freebsd-x64": ["@oxfmt/binding-freebsd-x64@0.44.0", "", { "os": "freebsd", "cpu": "x64" }, "sha512-jLMmbj0u0Ft43QpkUVr/0v1ZfQCGWAvU+WznEHcN3wZC/q6ox7XeSJtk9P36CCpiDSUf3sGnzbIuG1KdEMEDJQ=="],
+
+    "@oxfmt/binding-linux-arm-gnueabihf": ["@oxfmt/binding-linux-arm-gnueabihf@0.44.0", "", { "os": "linux", "cpu": "arm" }, "sha512-n+A/u/ByK1qV8FVGOwyaSpw5NPNl0qlZfgTBqHeGIqr8Qzq1tyWZ4lAaxPoe5mZqE3w88vn3+jZtMxriHPE7tg=="],
+
+    "@oxfmt/binding-linux-arm-musleabihf": ["@oxfmt/binding-linux-arm-musleabihf@0.44.0", "", { "os": "linux", "cpu": "arm" }, "sha512-5eax+FkxyCqAi3Rw0mrZFr7+KTt/XweFsbALR+B5ljWBLBl8nHe4ADrUnb1gLEfQCJLl+Ca5FIVD4xEt95AwIw=="],
+
+    "@oxfmt/binding-linux-arm64-gnu": ["@oxfmt/binding-linux-arm64-gnu@0.44.0", "", { "os": "linux", "cpu": "arm64" }, "sha512-58l8JaHxSGOmOMOG2CIrNsnkRJAj0YcHQCmvNACniOa/vd1iRHhlPajczegzS5jwMENlqgreyiTR9iNlke8qCw=="],
+
+    "@oxfmt/binding-linux-arm64-musl": ["@oxfmt/binding-linux-arm64-musl@0.44.0", "", { "os": "linux", "cpu": "arm64" }, "sha512-AlObQIXyVRZ96LbtVljtFq0JqH5B92NU+BQeDFrXWBUWlCKAM0wF5GLfIhCLT5kQ3Sl+U0YjRJ7Alqj5hGQaCg=="],
+
+    "@oxfmt/binding-linux-ppc64-gnu": ["@oxfmt/binding-linux-ppc64-gnu@0.44.0", "", { "os": "linux", "cpu": "ppc64" }, "sha512-YcFE8/q/BbrCiIiM5piwbkA6GwJc5QqhMQp2yDrqQ2fuVkZ7CInb1aIijZ/k8EXc72qXMSwKpVlBv1w/MsGO/A=="],
+
+    "@oxfmt/binding-linux-riscv64-gnu": ["@oxfmt/binding-linux-riscv64-gnu@0.44.0", "", { "os": "linux", "cpu": "none" }, "sha512-eOdzs6RqkRzuqNHUX5C8ISN5xfGh4xDww8OEd9YAmc3OWN8oAe5bmlIqQ+rrHLpv58/0BuU48bxkhnIGjA/ATQ=="],
+
+    "@oxfmt/binding-linux-riscv64-musl": ["@oxfmt/binding-linux-riscv64-musl@0.44.0", "", { "os": "linux", "cpu": "none" }, "sha512-YBgNTxntD/QvlFUfgvh8bEdwOhXiquX8gaofZJAwYa/Xp1S1DQrFVZEeck7GFktr24DztsSp8N8WtWCBwxs0Hw=="],
+
+    "@oxfmt/binding-linux-s390x-gnu": ["@oxfmt/binding-linux-s390x-gnu@0.44.0", "", { "os": "linux", "cpu": "s390x" }, "sha512-GLIh1R6WHWshl/i4QQDNgj0WtT25aRO4HNUWEoitxiywyRdhTFmFEYT2rXlcl9U6/26vhmOqG5cRlMLG3ocaIA=="],
+
+    "@oxfmt/binding-linux-x64-gnu": ["@oxfmt/binding-linux-x64-gnu@0.44.0", "", { "os": "linux", "cpu": "x64" }, "sha512-gZOpgTlOsLcLfAF9qgpTr7FIIFSKnQN3hDf/0JvQ4CIwMY7h+eilNjxq/CorqvYcEOu+LRt1W4ZS7KccEHLOdA=="],
+
+    "@oxfmt/binding-linux-x64-musl": ["@oxfmt/binding-linux-x64-musl@0.44.0", "", { "os": "linux", "cpu": "x64" }, "sha512-1CyS9JTB+pCUFYFI6pkQGGZaT/AY5gnhHVrQQLhFba6idP9AzVYm1xbdWfywoldTYvjxQJV6x4SuduCIfP3W+A=="],
+
+    "@oxfmt/binding-openharmony-arm64": ["@oxfmt/binding-openharmony-arm64@0.44.0", "", { "os": "none", "cpu": "arm64" }, "sha512-bmEv70Ak6jLr1xotCbF5TxIKjsmQaiX+jFRtnGtfA03tJPf6VG3cKh96S21boAt3JZc+Vjx8PYcDuLj39vM2Pw=="],
+
+    "@oxfmt/binding-win32-arm64-msvc": ["@oxfmt/binding-win32-arm64-msvc@0.44.0", "", { "os": "win32", "cpu": "arm64" }, "sha512-yWzB+oCpSnP/dmw85eFLAT5o35Ve5pkGS2uF/UCISpIwDqf1xa7OpmtomiqY/Vzg8VyvMbuf6vroF2khF/+1Vg=="],
+
+    "@oxfmt/binding-win32-ia32-msvc": ["@oxfmt/binding-win32-ia32-msvc@0.44.0", "", { "os": "win32", "cpu": "ia32" }, "sha512-TcWpo18xEIE3AmIG2kpr3kz5IEhQgnx0lazl2+8L+3eTopOAUevQcmlr4nhguImNWz0OMeOZrYZOhJNCf16nlQ=="],
+
+    "@oxfmt/binding-win32-x64-msvc": ["@oxfmt/binding-win32-x64-msvc@0.44.0", "", { "os": "win32", "cpu": "x64" }, "sha512-oj8aLkPJZppIM4CMQNsyir9ybM1Xw/CfGPTSsTnzpVGyljgfbdP0EVUlURiGM0BDrmw5psQ6ArmGCcUY/yABaQ=="],
+
+    "@oxlint-tsgolint/darwin-arm64": ["@oxlint-tsgolint/darwin-arm64@0.20.0", "", { "os": "darwin", "cpu": "arm64" }, "sha512-KKQcIHZHMxqpHUA1VXIbOG6chNCFkUWbQy6M+AFVtPKkA/3xAeJkJ3njoV66bfzwPHRcWQO+kcj5XqtbkjakoA=="],
+
+    "@oxlint-tsgolint/darwin-x64": ["@oxlint-tsgolint/darwin-x64@0.20.0", "", { "os": "darwin", "cpu": "x64" }, "sha512-7HeVMuclGfG+NLZi2ybY0T4fMI7/XxO/208rJk+zEIloKkVnlh11Wd241JMGwgNFXn+MLJbOqOfojDb2Dt4L1g=="],
+
+    "@oxlint-tsgolint/linux-arm64": ["@oxlint-tsgolint/linux-arm64@0.20.0", "", { "os": "linux", "cpu": "arm64" }, "sha512-zxhUwz+WSxE6oWlZLK2z2ps9yC6ebmgoYmjAl0Oa48+GqkZ56NVgo+wb8DURNv6xrggzHStQxqQxe3mK51HZag=="],
+
+    "@oxlint-tsgolint/linux-x64": ["@oxlint-tsgolint/linux-x64@0.20.0", "", { "os": "linux", "cpu": "x64" }, "sha512-/1l6FnahC9im8PK+Ekkx/V3yetO/PzZnJegE2FXcv/iXEhbeVxP/ouiTYcUQu9shT1FWJCSNti1VJHH+21Y1dg=="],
+
+    "@oxlint-tsgolint/win32-arm64": ["@oxlint-tsgolint/win32-arm64@0.20.0", "", { "os": "win32", "cpu": "arm64" }, "sha512-oPZ5Yz8sVdo7P/5q+i3IKeix31eFZ55JAPa1+RGPoe9PoaYVsdMvR6Jvib6YtrqoJnFPlg3fjEjlEPL8VBKYJA=="],
+
+    "@oxlint-tsgolint/win32-x64": ["@oxlint-tsgolint/win32-x64@0.20.0", "", { "os": "win32", "cpu": "x64" }, "sha512-4stx8RHj3SP9vQyRF/yZbz5igtPvYMEUR8CUoha4BVNZihi39DpCR8qkU7lpjB5Ga1DRMo2pHaA4bdTOMaY4mw=="],
+
+    "@oxlint/binding-android-arm-eabi": ["@oxlint/binding-android-arm-eabi@1.59.0", "", { "os": "android", "cpu": "arm" }, "sha512-etYDw/UaEv936AQUd/CRMBVd+e+XuuU6wC+VzOv1STvsTyZenLChepLWqLtnyTTp4YMlM22ypzogDDwqYxv5cg=="],
+
+    "@oxlint/binding-android-arm64": ["@oxlint/binding-android-arm64@1.59.0", "", { "os": "android", "cpu": "arm64" }, "sha512-TgLc7XVLKH2a4h8j3vn1MDjfK33i9MY60f/bKhRGWyVzbk5LCZ4X01VZG7iHrMmi5vYbAp8//Ponigx03CLsdw=="],
+
+    "@oxlint/binding-darwin-arm64": ["@oxlint/binding-darwin-arm64@1.59.0", "", { "os": "darwin", "cpu": "arm64" }, "sha512-DXyFPf5ZKldMLloRHx/B9fsxsiTQomaw7cmEW3YIJko2HgCh+GUhp9gGYwHrqlLJPsEe3dYj9JebjX92D3j3AA=="],
+
+    "@oxlint/binding-darwin-x64": ["@oxlint/binding-darwin-x64@1.59.0", "", { "os": "darwin", "cpu": "x64" }, "sha512-LgvrsdgVLX1qWqIEmNsSmMXJhpAWdtUQ0M+oR0CySwi+9IHWyOGuIL8w8+u/kbZNMyZr4WUyYB5i0+D+AKgkLg=="],
+
+    "@oxlint/binding-freebsd-x64": ["@oxlint/binding-freebsd-x64@1.59.0", "", { "os": "freebsd", "cpu": "x64" }, "sha512-bOJhqX/ny4hrFuTPlyk8foSRx/vLRpxJh0jOOKN2NWW6FScXHPAA5rQbrwdQPcgGB5V8Ua51RS03fke8ssBcug=="],
+
+    "@oxlint/binding-linux-arm-gnueabihf": ["@oxlint/binding-linux-arm-gnueabihf@1.59.0", "", { "os": "linux", "cpu": "arm" }, "sha512-vVUXxYMF9trXCsz4m9H6U0IjehosVHxBzVgJUxly1uz4W1PdDyicaBnpC0KRXsHYretLVe+uS9pJy8iM57Kujw=="],
+
+    "@oxlint/binding-linux-arm-musleabihf": ["@oxlint/binding-linux-arm-musleabihf@1.59.0", "", { "os": "linux", "cpu": "arm" }, "sha512-TULQW8YBPGRWg5yZpFPL54HLOnJ3/HiX6VenDPi6YfxB/jlItwSMFh3/hCeSNbh+DAMaE1Py0j5MOaivHkI/9Q=="],
+
+    "@oxlint/binding-linux-arm64-gnu": ["@oxlint/binding-linux-arm64-gnu@1.59.0", "", { "os": "linux", "cpu": "arm64" }, "sha512-Gt54Y4eqSgYJ90xipm24xeyaPV854706o/kiT8oZvUt3VDY7qqxdqyGqchMaujd87ib+/MXvnl9WkK8Cc1BExg=="],
+
+    "@oxlint/binding-linux-arm64-musl": ["@oxlint/binding-linux-arm64-musl@1.59.0", "", { "os": "linux", "cpu": "arm64" }, "sha512-3CtsKp7NFB3OfqQzbuAecrY7GIZeiv7AD+xutU4tefVQzlfmTI7/ygWLrvkzsDEjTlMq41rYHxgsn6Yh8tybmA=="],
+
+    "@oxlint/binding-linux-ppc64-gnu": ["@oxlint/binding-linux-ppc64-gnu@1.59.0", "", { "os": "linux", "cpu": "ppc64" }, "sha512-K0diOpT3ncDmOfl9I1HuvpEsAuTxkts0VYwIv/w6Xiy9CdwyPBVX88Ga9l8VlGgMrwBMnSY4xIvVlVY/fkQk7Q=="],
+
+    "@oxlint/binding-linux-riscv64-gnu": ["@oxlint/binding-linux-riscv64-gnu@1.59.0", "", { "os": "linux", "cpu": "none" }, "sha512-xAU7+QDU6kTJJ7mJLOGgo7oOjtAtkKyFZ0Yjdb5cEo3DiCCPFLvyr08rWiQh6evZ7RiUTf+o65NY/bqttzJiQQ=="],
+
+    "@oxlint/binding-linux-riscv64-musl": ["@oxlint/binding-linux-riscv64-musl@1.59.0", "", { "os": "linux", "cpu": "none" }, "sha512-KUmZmKlTTyauOnvUNVxK7G40sSSx0+w5l1UhaGsC6KPpOYHenx2oqJTnabmpLJicok7IC+3Y6fXAUOMyexaeJQ=="],
+
+    "@oxlint/binding-linux-s390x-gnu": ["@oxlint/binding-linux-s390x-gnu@1.59.0", "", { "os": "linux", "cpu": "s390x" }, "sha512-4usRxC8gS0PGdkHnRmwJt/4zrQNZyk6vL0trCxwZSsAKM+OxhB8nKiR+mhjdBbl8lbMh2gc3bZpNN/ik8c4c2A=="],
+
+    "@oxlint/binding-linux-x64-gnu": ["@oxlint/binding-linux-x64-gnu@1.59.0", "", { "os": "linux", "cpu": "x64" }, "sha512-s/rNE2gDmbwAOOP493xk2X7M8LZfI1LJFSSW1+yanz3vuQCFPiHkx4GY+O1HuLUDtkzGlhtMrIcxxzyYLv308w=="],
+
+    "@oxlint/binding-linux-x64-musl": ["@oxlint/binding-linux-x64-musl@1.59.0", "", { "os": "linux", "cpu": "x64" }, "sha512-+yYj1udJa2UvvIUmEm0IcKgc0UlPMgz0nsSTvkPL2y6n0uU5LgIHSwVu4AHhrve6j9BpVSoRksnz8c9QcvITJA=="],
+
+    "@oxlint/binding-openharmony-arm64": ["@oxlint/binding-openharmony-arm64@1.59.0", "", { "os": "none", "cpu": "arm64" }, "sha512-bUplUb48LYsB3hHlQXP2ZMOenpieWoOyppLAnnAhuPag3MGPnt+7caxE3w/Vl9wpQsTA3gzLntQi9rxWrs7Xqg=="],
+
+    "@oxlint/binding-win32-arm64-msvc": ["@oxlint/binding-win32-arm64-msvc@1.59.0", "", { "os": "win32", "cpu": "arm64" }, "sha512-/HLsLuz42rWl7h7ePdmMTpHm2HIDmPtcEMYgm5BBEHiEiuNOrzMaUpd2z7UnNni5LGN9obJy2YoAYBLXQwazrA=="],
+
+    "@oxlint/binding-win32-ia32-msvc": ["@oxlint/binding-win32-ia32-msvc@1.59.0", "", { "os": "win32", "cpu": "ia32" }, "sha512-rUPy+JnanpPwV/aJCPnxAD1fW50+XPI0VkWr7f0vEbqcdsS8NpB24Rw6RsS7SdpFv8Dw+8ugCwao5nCFbqOUSg=="],
+
+    "@oxlint/binding-win32-x64-msvc": ["@oxlint/binding-win32-x64-msvc@1.59.0", "", { "os": "win32", "cpu": "x64" }, "sha512-xkE7puteDS/vUyRngLXW0t8WgdWoS/tfxXjhP/P7SMqPDx+hs44SpssO3h3qmTqECYEuXBUPzcAw5257Ka+ofA=="],
+
+    "@protobuf-ts/runtime": ["@protobuf-ts/runtime@2.11.1", "", {}, "sha512-KuDaT1IfHkugM2pyz+FwiY80ejWrkH1pAtOBOZFuR6SXEFTsnb/jiQWQ1rCIrcKx2BtyxnxW6BWwsVSA/Ie+WQ=="],
+
+    "@protobuf-ts/runtime-rpc": ["@protobuf-ts/runtime-rpc@2.11.1", "", { "dependencies": { "@protobuf-ts/runtime": "^2.11.1" } }, "sha512-4CqqUmNA+/uMz00+d3CYKgElXO9VrEbucjnBFEjqI4GuDrEQ32MaI3q+9qPBvIGOlL4PmHXrzM32vBPWRhQKWQ=="],
+
+    "@tsconfig/bun": ["@tsconfig/bun@1.0.10", "", {}, "sha512-5AV5YknQjNyoYzZ/8NG0dawqew/wH+x7ANiCfCIn29qo0cdbd1EryvFD1k5NSZWLBMOI/fGqMIaxi58GPIP9Cg=="],
+
+    "@types/bun": ["@types/bun@1.3.11", "", { "dependencies": { "bun-types": "1.3.11" } }, "sha512-5vPne5QvtpjGpsGYXiFyycfpDF2ECyPcTSsFBMa0fraoxiQyMJ3SmuQIGhzPg2WJuWxVBoxWJ2kClYTcw/4fAg=="],
+
+    "@types/js-yaml": ["@types/js-yaml@4.0.9", "", {}, "sha512-k4MGaQl5TGo/iipqb2UDG2UwjXziSWkh0uysQelTlJpX1qGlpUZYm8PnO4DxG1qBomtJUdYJ6qR6xdIah10JLg=="],
+
+    "@types/node": ["@types/node@24.12.2", "", { "dependencies": { "undici-types": "~7.16.0" } }, "sha512-A1sre26ke7HDIuY/M23nd9gfB+nrmhtYyMINbjI1zHJxYteKR6qSMX56FsmjMcDb3SMcjJg5BiRRgOCC/yBD0g=="],
+
+    "@types/semver": ["@types/semver@7.7.1", "", {}, "sha512-FmgJfu+MOcQ370SD0ev7EI8TlCAfKYU+B4m5T3yXc1CiRN94g/SZPtsCkk506aUDtlMnFZvasDwHHUcZUEaYuA=="],
+
+    "@typescript/native-preview": ["@typescript/native-preview@7.0.0-dev.20260409.1", "", { "optionalDependencies": { "@typescript/native-preview-darwin-arm64": "7.0.0-dev.20260409.1", "@typescript/native-preview-darwin-x64": "7.0.0-dev.20260409.1", "@typescript/native-preview-linux-arm": "7.0.0-dev.20260409.1", "@typescript/native-preview-linux-arm64": "7.0.0-dev.20260409.1", "@typescript/native-preview-linux-x64": "7.0.0-dev.20260409.1", "@typescript/native-preview-win32-arm64": "7.0.0-dev.20260409.1", "@typescript/native-preview-win32-x64": "7.0.0-dev.20260409.1" }, "bin": { "tsgo": "bin/tsgo.js" } }, "sha512-CV1HEMGo1xCySwUJbCQOF+mmrTue8KTJ1Od2kKWhcbOpu8fPBfaqIpbAM6tGLcNEykEjMMTYHc/VTLbMgxdScQ=="],
+
+    "@typescript/native-preview-darwin-arm64": ["@typescript/native-preview-darwin-arm64@7.0.0-dev.20260409.1", "", { "os": "darwin", "cpu": "arm64" }, "sha512-GcRRnaoeZVrbC47woQ/2t3vPoQcTSjsWPEAQGtwNSdw7Z9TKxG4ES22ghJIQXd3ncTRCMJ+XELnnuqxVutkJ9w=="],
+
+    "@typescript/native-preview-darwin-x64": ["@typescript/native-preview-darwin-x64@7.0.0-dev.20260409.1", "", { "os": "darwin", "cpu": "x64" }, "sha512-7s8DXAa0Xpu/8PEjYIc4I36Ju7eVpoz9k3E+3WQdOF8pIPWYohiOj+zi68m9XYQck+rnkjUFo26ThVKqVetoMA=="],
+
+    "@typescript/native-preview-linux-arm": ["@typescript/native-preview-linux-arm@7.0.0-dev.20260409.1", "", { "os": "linux", "cpu": "arm" }, "sha512-fOa07JBUXQpEPq+024g346inYZ2xp63ELuoRq6J0jwDWQ/ftCCuvdQNMncwFhsm1qlMdKT3S68NrnSxX16hiaw=="],
+
+    "@typescript/native-preview-linux-arm64": ["@typescript/native-preview-linux-arm64@7.0.0-dev.20260409.1", "", { "os": "linux", "cpu": "arm64" }, "sha512-cGTzTUqRGlIDwdtkDy6qTrvrqpe27W4CdgnFn0FpxpiWnaIi3wqjlzQ1grtqrqainw/yuPy5hn/I86sQgN6nvA=="],
+
+    "@typescript/native-preview-linux-x64": ["@typescript/native-preview-linux-x64@7.0.0-dev.20260409.1", "", { "os": "linux", "cpu": "x64" }, "sha512-lQrbc/BJKBxQrR1ttBDU5sYY1Hb2moFQgHL20T6nbapNqGpK4pzy64p+NK39O93D4omiCSk04pkchBCVrMPSAg=="],
+
+    "@typescript/native-preview-win32-arm64": ["@typescript/native-preview-win32-arm64@7.0.0-dev.20260409.1", "", { "os": "win32", "cpu": "arm64" }, "sha512-kmCafMo1xZlYx+9WnfpeZJ2tnB/CcJdR8QPX7j9vqcpe51D7b7Intmr921dD48KGpVh5YgjQ1MEFE5mjGqGMaA=="],
+
+    "@typescript/native-preview-win32-x64": ["@typescript/native-preview-win32-x64@7.0.0-dev.20260409.1", "", { "os": "win32", "cpu": "x64" }, "sha512-WRd+JpQipTsE15QgYr3w7J0f1NKvGcq2QEgmcq8hB0WZA1X2WhQopNu+MpPQ3tdDD42VjMhm8ZoB8HpuOoXK5w=="],
+
+    "@typespec/ts-http-runtime": ["@typespec/ts-http-runtime@0.3.5", "", { "dependencies": { "http-proxy-agent": "^7.0.0", "https-proxy-agent": "^7.0.0", "tslib": "^2.6.2" } }, "sha512-yURCknZhvywvQItHMMmFSo+fq5arCUIyz/CVk7jD89MSai7dkaX8ufjCWp3NttLojoTVbcE72ri+be/TnEbMHw=="],
+
+    "agent-base": ["agent-base@7.1.4", "", {}, "sha512-MnA+YT8fwfJPgBx3m60MNqakm30XOkyIoH1y6huTQvC0PwZG7ki8NacLBcrPbNoo8vEZy7Jpuk7+jMO+CUovTQ=="],
+
+    "argparse": ["argparse@2.0.1", "", {}, "sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q=="],
+
+    "balanced-match": ["balanced-match@1.0.2", "", {}, "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw=="],
+
+    "brace-expansion": ["brace-expansion@1.1.13", "", { "dependencies": { "balanced-match": "^1.0.0", "concat-map": "0.0.1" } }, "sha512-9ZLprWS6EENmhEOpjCYW2c8VkmOvckIJZfkr7rBW6dObmfgJ/L1GpSYW5Hpo9lDz4D1+n0Ckz8rU7FwHDQiG/w=="],
+
+    "bun-types": ["bun-types@1.3.11", "", { "dependencies": { "@types/node": "*" } }, "sha512-1KGPpoxQWl9f6wcZh57LvrPIInQMn2TQ7jsgxqpRzg+l0QPOFvJVH7HmvHo/AiPgwXy+/Thf6Ov3EdVn1vOabg=="],
+
+    "concat-map": ["concat-map@0.0.1", "", {}, "sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg=="],
+
+    "debug": ["debug@4.4.3", "", { "dependencies": { "ms": "^2.1.3" } }, "sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA=="],
+
+    "events": ["events@3.3.0", "", {}, "sha512-mQw+2fkQbALzQ7V0MY0IqdnXNOeTtP4r0lN9z7AAawCXgqea7bDii20AYrIBrFd/Hx0M2Ocz6S111CaFkUcb0Q=="],
+
+    "fast-xml-builder": ["fast-xml-builder@1.1.4", "", { "dependencies": { "path-expression-matcher": "^1.1.3" } }, "sha512-f2jhpN4Eccy0/Uz9csxh3Nu6q4ErKxf0XIsasomfOihuSUa3/xw6w8dnOtCDgEItQFJG8KyXPzQXzcODDrrbOg=="],
+
+    "fast-xml-parser": ["fast-xml-parser@5.5.11", "", { "dependencies": { "fast-xml-builder": "^1.1.4", "path-expression-matcher": "^1.4.0", "strnum": "^2.2.3" }, "bin": { "fxparser": "src/cli/cli.js" } }, "sha512-QL0eb0YbSTVWF6tTf1+LEMSgtCEjBYPpnAjoLC8SscESlAjXEIRJ7cHtLG0pLeDFaZLa4VKZLArtA/60ZS7vyA=="],
+
+    "http-proxy-agent": ["http-proxy-agent@7.0.2", "", { "dependencies": { "agent-base": "^7.1.0", "debug": "^4.3.4" } }, "sha512-T1gkAiYYDWYx3V5Bmyu7HcfcvL7mUrTWiM6yOfa3PIphViJ/gFPbvidQ+veqSOHci/PxBcDabeUNCzpOODJZig=="],
+
+    "https-proxy-agent": ["https-proxy-agent@7.0.6", "", { "dependencies": { "agent-base": "^7.1.2", "debug": "4" } }, "sha512-vK9P5/iUfdl95AI+JVyUuIcVtd4ofvtrOr3HNtM2yxC9bnMbEdp3x01OhQNnjb8IJYi38VlTE3mBXwcfvywuSw=="],
+
+    "js-yaml": ["js-yaml@4.1.1", "", { "dependencies": { "argparse": "^2.0.1" }, "bin": { "js-yaml": "bin/js-yaml.js" } }, "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA=="],
+
+    "minimatch": ["minimatch@3.1.5", "", { "dependencies": { "brace-expansion": "^1.1.7" } }, "sha512-VgjWUsnnT6n+NUk6eZq77zeFdpW2LWDzP6zFGrCbHXiYNul5Dzqk2HHQ5uFH2DNW5Xbp8+jVzaeNt94ssEEl4w=="],
+
+    "ms": ["ms@2.1.3", "", {}, "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA=="],
+
+    "oxfmt": ["oxfmt@0.44.0", "", { "dependencies": { "tinypool": "2.1.0" }, "optionalDependencies": { "@oxfmt/binding-android-arm-eabi": "0.44.0", "@oxfmt/binding-android-arm64": "0.44.0", "@oxfmt/binding-darwin-arm64": "0.44.0", "@oxfmt/binding-darwin-x64": "0.44.0", "@oxfmt/binding-freebsd-x64": "0.44.0", "@oxfmt/binding-linux-arm-gnueabihf": "0.44.0", "@oxfmt/binding-linux-arm-musleabihf": "0.44.0", "@oxfmt/binding-linux-arm64-gnu": "0.44.0", "@oxfmt/binding-linux-arm64-musl": "0.44.0", "@oxfmt/binding-linux-ppc64-gnu": "0.44.0", "@oxfmt/binding-linux-riscv64-gnu": "0.44.0", "@oxfmt/binding-linux-riscv64-musl": "0.44.0", "@oxfmt/binding-linux-s390x-gnu": "0.44.0", "@oxfmt/binding-linux-x64-gnu": "0.44.0", "@oxfmt/binding-linux-x64-musl": "0.44.0", "@oxfmt/binding-openharmony-arm64": "0.44.0", "@oxfmt/binding-win32-arm64-msvc": "0.44.0", "@oxfmt/binding-win32-ia32-msvc": "0.44.0", "@oxfmt/binding-win32-x64-msvc": "0.44.0" }, "bin": { "oxfmt": "bin/oxfmt" } }, "sha512-lnncqvHewyRvaqdrnntVIrZV2tEddz8lbvPsQzG/zlkfvgZkwy0HP1p/2u1aCDToeg1jb9zBpbJdfkV73Itw+w=="],
+
+    "oxlint": ["oxlint@1.59.0", "", { "optionalDependencies": { "@oxlint/binding-android-arm-eabi": "1.59.0", "@oxlint/binding-android-arm64": "1.59.0", "@oxlint/binding-darwin-arm64": "1.59.0", "@oxlint/binding-darwin-x64": "1.59.0", "@oxlint/binding-freebsd-x64": "1.59.0", "@oxlint/binding-linux-arm-gnueabihf": "1.59.0", "@oxlint/binding-linux-arm-musleabihf": "1.59.0", "@oxlint/binding-linux-arm64-gnu": "1.59.0", "@oxlint/binding-linux-arm64-musl": "1.59.0", "@oxlint/binding-linux-ppc64-gnu": "1.59.0", "@oxlint/binding-linux-riscv64-gnu": "1.59.0", "@oxlint/binding-linux-riscv64-musl": "1.59.0", "@oxlint/binding-linux-s390x-gnu": "1.59.0", "@oxlint/binding-linux-x64-gnu": "1.59.0", "@oxlint/binding-linux-x64-musl": "1.59.0", "@oxlint/binding-openharmony-arm64": "1.59.0", "@oxlint/binding-win32-arm64-msvc": "1.59.0", "@oxlint/binding-win32-ia32-msvc": "1.59.0", "@oxlint/binding-win32-x64-msvc": "1.59.0" }, "peerDependencies": { "oxlint-tsgolint": ">=0.18.0" }, "optionalPeers": ["oxlint-tsgolint"], "bin": { "oxlint": "bin/oxlint" } }, "sha512-0xBLeGGjP4vD9pygRo8iuOkOzEU1MqOnfiOl7KYezL/QvWL8NUg6n03zXc7ZVqltiOpUxBk2zgHI3PnRIEdAvw=="],
+
+    "oxlint-tsgolint": ["oxlint-tsgolint@0.20.0", "", { "optionalDependencies": { "@oxlint-tsgolint/darwin-arm64": "0.20.0", "@oxlint-tsgolint/darwin-x64": "0.20.0", "@oxlint-tsgolint/linux-arm64": "0.20.0", "@oxlint-tsgolint/linux-x64": "0.20.0", "@oxlint-tsgolint/win32-arm64": "0.20.0", "@oxlint-tsgolint/win32-x64": "0.20.0" }, "bin": { "tsgolint": "bin/tsgolint.js" } }, "sha512-/Uc9TQyN1l8w9QNvXtVHYtz+SzDJHKpb5X0UnHodl0BVzijUPk0LPlDOHAvogd1UI+iy9ZSF6gQxEqfzUxCULQ=="],
+
+    "path-expression-matcher": ["path-expression-matcher@1.5.0", "", {}, "sha512-cbrerZV+6rvdQrrD+iGMcZFEiiSrbv9Tfdkvnusy6y0x0GKBXREFg/Y65GhIfm0tnLntThhzCnfKwp1WRjeCyQ=="],
+
+    "semver": ["semver@7.7.4", "", { "bin": { "semver": "bin/semver.js" } }, "sha512-vFKC2IEtQnVhpT78h1Yp8wzwrf8CM+MzKMHGJZfBtzhZNycRFnXsHk6E5TxIkkMsgNS7mdX3AGB7x2QM2di4lA=="],
+
+    "strnum": ["strnum@2.2.3", "", {}, "sha512-oKx6RUCuHfT3oyVjtnrmn19H1SiCqgJSg+54XqURKp5aCMbrXrhLjRN9TjuwMjiYstZ0MzDrHqkGZ5dFTKd+zg=="],
+
+    "tinypool": ["tinypool@2.1.0", "", {}, "sha512-Pugqs6M0m7Lv1I7FtxN4aoyToKg1C4tu+/381vH35y8oENM/Ai7f7C4StcoK4/+BSw9ebcS8jRiVrORFKCALLw=="],
+
+    "tslib": ["tslib@2.8.1", "", {}, "sha512-oJFu94HQb+KVduSUQL7wnpmqnfmLsOA/nAh6b6EH0wCEoK0/mPeXU6c3wKDV83MkOuHPRHtSXKKU99IBazS/2w=="],
+
+    "tunnel": ["tunnel@0.0.6", "", {}, "sha512-1h/Lnq9yajKY2PEbBadPXj3VxsDDu844OnaAo52UVmIzIvwwtBPIuNvkjuzBlTWpfJyUbG3ez0KSBibQkj4ojg=="],
+
+    "undici": ["undici@6.24.1", "", {}, "sha512-sC+b0tB1whOCzbtlx20fx3WgCXwkW627p4EA9uM+/tNNPkSS+eSEld6pAs9nDv7WbY1UUljBMYPtu9BCOrCWKA=="],
+
+    "undici-types": ["undici-types@7.16.0", "", {}, "sha512-Zz+aZWSj8LE6zoxD+xrjh4VfkIG8Ya6LvYkZqtUQGJPZjYl53ypCaUwWqo7eI0x66KBGeRo+mlBEkMSeSZ38Nw=="],
+
+    "bun-types/@types/node": ["@types/node@20.19.37", "", { "dependencies": { "undici-types": "~6.21.0" } }, "sha512-8kzdPJ3FsNsVIurqBs7oodNnCEVbni9yUEkaHbgptDACOPW04jimGagZ51E6+lXUwJjgnBw+hyko/lkFWCldqw=="],
+
+    "bun-types/@types/node/undici-types": ["undici-types@6.21.0", "", {}, "sha512-iwDZqg0QAGrg9Rav5H4n0M64c3mkR59cJ6wQp+7C4nI0gsmExaedaYLNO44eT4AtBBwjbTiGPMlt2Md0T9H9JQ=="],
+  }
+}

dist/licenses.txt

@@ -1,128 +0,0 @@
-@actions/core
-MIT
-The MIT License (MIT)
-
-Copyright 2019 GitHub
-
-Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-@actions/exec
-MIT
-The MIT License (MIT)
-
-Copyright 2019 GitHub
-
-Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-@actions/http-client
-MIT
-Actions Http Client for Node.js
-
-Copyright (c) GitHub, Inc.
-
-All rights reserved.
-
-MIT License
-
-Permission is hereby granted, free of charge, to any person obtaining a copy of this software and
-associated documentation files (the "Software"), to deal in the Software without restriction,
-including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense,
-and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so,
-subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED *AS IS*, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
-LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
-NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
-WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
-SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-
-@actions/io
-MIT
-The MIT License (MIT)
-
-Copyright 2019 GitHub
-
-Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-@actions/tool-cache
-MIT
-The MIT License (MIT)
-
-Copyright 2019 GitHub
-
-Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
-semver
-ISC
-The ISC License
-
-Copyright (c) Isaac Z. Schlueter and Contributors
-
-Permission to use, copy, modify, and/or distribute this software for any
-purpose with or without fee is hereby granted, provided that the above
-copyright notice and this permission notice appear in all copies.
-
-THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
-IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-
-
-tunnel
-MIT
-The MIT License (MIT)
-
-Copyright (c) 2012 Koichi Kobayashi
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in
-all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-THE SOFTWARE.
-
-
-uuid
-MIT
-The MIT License (MIT)
-
-Copyright (c) 2010-2020 Robert Kieffer and other contributors
-
-Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

docs/index.md

@@ -0,0 +1,58 @@
+# `supabase/setup-cli`
+
+The Supabase CLI Action provides an easy way to install the
+[Supabase CLI](https://github.com/supabase/cli) on GitHub Actions runners.
+
+The action supports `ubuntu-latest`, `windows-latest`, and `macos-latest`, and
+adds the requested `supabase` version to `PATH` for the rest of the job.
+
+If `version` is omitted, the action checks the repository root for `bun.lock`,
+`pnpm-lock.yaml`, or `package-lock.json` and otherwise falls back to `latest`.
+
+## Quick Start
+
+This example runs Supabase migrations on every pull request:
+
+```yaml
+name: test-migrations
+
+on:
+  pull_request:
+
+jobs:
+  test-migrations:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+      - uses: supabase/setup-cli@v2
+      - run: supabase init
+      - run: supabase db start
+```
+
+To pin a specific CLI version:
+
+```yaml
+- uses: supabase/setup-cli@v2
+  with:
+    version: 2.84.2
+```
+
+To cache the Docker images pulled by `supabase start`:
+
+```yaml
+- uses: supabase/setup-cli@v2
+  with:
+    version: 2.84.2
+    cache: true
+- run: supabase start
+```
+
+The first run pulls the images from the registry. Later runs can restore the
+same image archive from the GitHub Actions cache before `supabase start` runs.
+Use `cache-key` when your workflow flags or generated config change the image
+set.
+
+## Resources
+
+- **Source Code**: <https://github.com/supabase/setup-cli>
+- **CLI Documentation**: <https://supabase.com/docs/guides/cli>

jest.config.js

@@ -1,9 +0,0 @@
-module.exports = {
-  clearMocks: true,
-  moduleFileExtensions: ['js', 'ts'],
-  testMatch: ['**/*.test.ts'],
-  transform: {
-    '^.+\\.ts$': 'ts-jest'
-  },
-  verbose: true
-}

package.json

@@ -1,47 +1,48 @@
 {
   "name": "setup-cli",
-  "version": "0.0.1",
+  "version": "2.0.0",
   "private": true,
   "description": "Supabase CLI GitHub Action",
-  "main": "lib/main.js",
-  "scripts": {
-    "build": "tsc",
-    "format": "prettier --write '**/*.ts'",
-    "format-check": "prettier --check '**/*.ts'",
-    "lint": "eslint src/**/*.ts",
-    "package": "ncc build --source-map --license licenses.txt",
-    "test": "jest",
-    "all": "npm run build && npm run format && npm run lint && npm run package && npm test"
-  },
+  "keywords": [
+    "actions"
+  ],
+  "license": "MIT",
+  "author": "",
   "repository": {
     "type": "git",
     "url": "git+https://github.com/supabase/setup-cli.git"
   },
-  "keywords": [
-    "actions",
-    "node",
-    "setup"
-  ],
-  "author": "",
-  "license": "MIT",
+  "type": "module",
+  "scripts": {
+    "all": "bun run format && bun run lint && bun run coverage && bun run build",
+    "build": "bun build src/main.ts src/post.ts --target=node --format=esm --outdir=dist",
+    "ci": "bun run format:check && bun run lint && bun run coverage && bun run build",
+    "coverage": "bun test --coverage --coverage-reporter=text --coverage-reporter=lcov",
+    "format": "bun x oxfmt --write . '!coverage/**' '!dist/**'",
+    "format:check": "bun x oxfmt --check . '!coverage/**' '!dist/**'",
+    "lint": "bun x oxlint --deny-warnings --type-aware --type-check --tsconfig tsconfig.json src",
+    "test": "bun test",
+    "typecheck": "bun x tsgo -p tsconfig.json --noEmit"
+  },
   "dependencies": {
-    "@actions/core": "^1.10.0",
-    "@actions/tool-cache": "^2.0.1",
-    "semver": "^7.5.1"
+    "@actions/cache": "^6.0.0",
+    "@actions/core": "^3.0.0",
+    "@actions/tool-cache": "^4.0.0",
+    "js-yaml": "^4.1.1",
+    "semver": "^7.7.4"
   },
   "devDependencies": {
-    "@types/js-yaml": "^4.0.5",
-    "@types/node": "^16.11.47",
-    "@types/semver": "^7.5.0",
-    "@typescript-eslint/parser": "^5.59.6",
-    "@vercel/ncc": "^0.36.1",
-    "eslint": "^8.40.0",
-    "eslint-plugin-github": "^4.7.0",
-    "eslint-plugin-jest": "^27.2.1",
-    "jest": "^28.1.3",
-    "js-yaml": "^4.1.0",
-    "prettier": "2.8.8",
-    "ts-jest": "^28.0.8",
-    "typescript": "^4.8.4"
+    "@tsconfig/bun": "^1.0.10",
+    "@types/bun": "^1.3.11",
+    "@types/js-yaml": "^4.0.9",
+    "@types/node": "^24",
+    "@types/semver": "^7.7.1",
+    "@typescript/native-preview": "^7.0.0-dev.20260409.1",
+    "oxfmt": "^0.44.0",
+    "oxlint": "^1.59.0",
+    "oxlint-tsgolint": "^0.20.0"
+  },
+  "engines": {
+    "bun": ">=1.3.10"
   }
 }

src/cache.test.ts

@@ -0,0 +1,168 @@
+import { mkdirSync, mkdtempSync, rmSync, writeFileSync } from "node:fs";
+import os from "node:os";
+import path from "node:path";
+import { afterEach, expect, mock, spyOn, test } from "bun:test";
+import * as cacheAction from "@actions/cache";
+import * as core from "@actions/core";
+import {
+  collectDockerImageRefs,
+  createDockerImageCacheKey,
+  restoreDockerImageCache,
+  saveDockerImageCache,
+} from "./cache";
+
+const originalRunnerTemp = process.env.RUNNER_TEMP;
+const originalWorkspace = process.env.GITHUB_WORKSPACE;
+const tempDirs = new Set<string>();
+
+afterEach(() => {
+  mock.restore();
+  process.env.RUNNER_TEMP = originalRunnerTemp;
+  process.env.GITHUB_WORKSPACE = originalWorkspace;
+
+  for (const dir of tempDirs) {
+    rmSync(dir, { force: true, recursive: true });
+  }
+  tempDirs.clear();
+});
+
+function createTempDir(prefix: string): string {
+  const dir = mkdtempSync(path.join(os.tmpdir(), prefix));
+  tempDirs.add(dir);
+  return dir;
+}
+
+test("creates a docker image cache key from runner, version, registry, and config", () => {
+  const workspace = createTempDir("setup-cli-workspace-");
+  mkdirSync(path.join(workspace, "supabase"), { recursive: true });
+  writeFileSync(path.join(workspace, "supabase", "config.toml"), 'project_id = "test"\n');
+  process.env.GITHUB_WORKSPACE = workspace;
+
+  const key = createDockerImageCacheKey("supabase 2.84.2", "ghcr.io");
+
+  expect(key).toStartWith(`supabase-cli-containers-v1-${process.platform}-${process.arch}-`);
+  expect(key).toContain("supabase-2.84.2-ghcr.io-");
+});
+
+test("collects images from labeled containers and Supabase image repositories", async () => {
+  const run = mock(async (_file: string, args: string[]) => {
+    if (args[0] === "ps") {
+      return {
+        stdout: "ghcr.io/supabase/postgres:15.8.1\ncustom/image:latest\n",
+        stderr: "",
+      };
+    }
+
+    return {
+      stdout:
+        "ghcr.io/supabase/studio:2026.04.08\npublic.ecr.aws/supabase/kong:2.8.1\nlibrary/postgres:16\n<none>:<none>\n",
+      stderr: "",
+    };
+  });
+
+  expect(await collectDockerImageRefs(run)).toEqual([
+    "custom/image:latest",
+    "ghcr.io/supabase/postgres:15.8.1",
+    "ghcr.io/supabase/studio:2026.04.08",
+    "public.ecr.aws/supabase/kong:2.8.1",
+  ]);
+});
+
+test("restore skips docker and cache calls when cache input is disabled", async () => {
+  const run = mock(async () => ({ stdout: "", stderr: "" }));
+  const restoreCache = spyOn(cacheAction, "restoreCache").mockImplementation(async () => undefined);
+  const spies = {
+    getBooleanInput: spyOn(core, "getBooleanInput").mockImplementation(() => false),
+    getInput: spyOn(core, "getInput").mockImplementation(() => ""),
+    setOutput: spyOn(core, "setOutput").mockImplementation(() => {}),
+    saveState: spyOn(core, "saveState").mockImplementation(() => {}),
+  };
+
+  await restoreDockerImageCache("supabase 2.84.2", "ghcr.io", run);
+
+  expect(spies.setOutput).toHaveBeenCalledWith("cache-hit", "false");
+  expect(spies.saveState).toHaveBeenCalledWith("cache-enabled", "false");
+  expect(run).not.toHaveBeenCalled();
+  expect(restoreCache).not.toHaveBeenCalled();
+});
+
+test("restore loads a docker archive on exact cache hit", async () => {
+  const temp = createTempDir("setup-cli-runner-");
+  process.env.RUNNER_TEMP = temp;
+  const calls: string[][] = [];
+  const run = mock(async (_file: string, args: string[]) => {
+    calls.push(args);
+    return { stdout: "ok\n", stderr: "" };
+  });
+  const restoreCache = spyOn(cacheAction, "restoreCache").mockImplementation(
+    async (paths: string[], key: string) => {
+      writeFileSync(paths[0]!, "archive");
+      return key;
+    },
+  );
+  const spies = {
+    getBooleanInput: spyOn(core, "getBooleanInput").mockImplementation(() => true),
+    getInput: spyOn(core, "getInput").mockImplementation((name: string) =>
+      name === "cache-key" ? "cache-key" : "",
+    ),
+    setOutput: spyOn(core, "setOutput").mockImplementation(() => {}),
+    saveState: spyOn(core, "saveState").mockImplementation(() => {}),
+    info: spyOn(core, "info").mockImplementation(() => {}),
+    warning: spyOn(core, "warning").mockImplementation(() => {}),
+  };
+
+  await restoreDockerImageCache("supabase 2.84.2", "ghcr.io", run);
+
+  expect(restoreCache).toHaveBeenCalledWith(
+    [path.join(temp, "setup-supabase-cli", "supabase-cli-docker-images.tar")],
+    "cache-key",
+  );
+  expect(spies.setOutput).toHaveBeenCalledWith("cache-hit", "true");
+  expect(spies.saveState).toHaveBeenCalledWith("cache-hit", "true");
+  expect(calls).toContainEqual([
+    "load",
+    "-i",
+    path.join(temp, "setup-supabase-cli", "supabase-cli-docker-images.tar"),
+  ]);
+  expect(spies.warning).not.toHaveBeenCalled();
+});
+
+test("post saves collected Supabase docker images", async () => {
+  const temp = createTempDir("setup-cli-runner-");
+  process.env.RUNNER_TEMP = temp;
+  const calls: string[][] = [];
+  const run = mock(async (_file: string, args: string[]) => {
+    calls.push(args);
+    if (args[0] === "ps") {
+      return { stdout: "ghcr.io/supabase/postgres:15.8.1\n", stderr: "" };
+    }
+    if (args[0] === "image") {
+      return { stdout: "ghcr.io/supabase/studio:2026.04.08\n", stderr: "" };
+    }
+    return { stdout: "ok\n", stderr: "" };
+  });
+  const saveCache = spyOn(cacheAction, "saveCache").mockImplementation(async () => 1);
+  const state = new Map([
+    ["cache-enabled", "true"],
+    ["cache-hit", "false"],
+    ["cache-primary-key", "cache-key"],
+    ["cache-archive-path", path.join(temp, "setup-supabase-cli", "supabase-cli-docker-images.tar")],
+  ]);
+  spyOn(core, "getState").mockImplementation((name: string) => state.get(name) ?? "");
+  spyOn(core, "info").mockImplementation(() => {});
+  spyOn(core, "warning").mockImplementation(() => {});
+
+  await saveDockerImageCache(run);
+
+  expect(calls).toContainEqual([
+    "save",
+    "-o",
+    path.join(temp, "setup-supabase-cli", "supabase-cli-docker-images.tar"),
+    "ghcr.io/supabase/postgres:15.8.1",
+    "ghcr.io/supabase/studio:2026.04.08",
+  ]);
+  expect(saveCache).toHaveBeenCalledWith(
+    [path.join(temp, "setup-supabase-cli", "supabase-cli-docker-images.tar")],
+    "cache-key",
+  );
+});

src/cache.ts

@@ -0,0 +1,254 @@
+import * as cache from "@actions/cache";
+import * as core from "@actions/core";
+import { execFile as execFileCallback } from "node:child_process";
+import { createHash } from "node:crypto";
+import { existsSync, mkdirSync, readFileSync } from "node:fs";
+import os from "node:os";
+import path from "node:path";
+import { promisify } from "node:util";
+
+const CLI_CONFIG_REGISTRY = "SUPABASE_INTERNAL_IMAGE_REGISTRY";
+const CACHE_ARCHIVE = "supabase-cli-docker-images.tar";
+const CACHE_DIR = "setup-supabase-cli";
+const CACHE_KEY_VERSION = "v1";
+const DEFAULT_REGISTRY = "public.ecr.aws";
+const GHCR_REGISTRY = "ghcr.io";
+const CACHE_INPUT = "cache";
+const CACHE_KEY_INPUT = "cache-key";
+const CACHE_HIT_OUTPUT = "cache-hit";
+const STATE_ENABLED = "cache-enabled";
+const STATE_PRIMARY_KEY = "cache-primary-key";
+const STATE_ARCHIVE_PATH = "cache-archive-path";
+const STATE_CACHE_HIT = "cache-hit";
+const CLI_PROJECT_LABEL = "com.supabase.cli.project";
+const SUPABASE_IMAGE_PREFIXES = ["ghcr.io/supabase/", "public.ecr.aws/supabase/", "supabase/"];
+
+type ExecFile = (
+  file: string,
+  args: string[],
+  options?: { maxBuffer?: number },
+) => Promise<{ stdout: string; stderr: string }>;
+
+const execFile = promisify(execFileCallback) as ExecFile;
+
+function sanitizeCacheKeyPart(value: string): string {
+  return value.replace(/[^A-Za-z0-9_.-]/g, "-").replace(/-+/g, "-");
+}
+
+function hashFile(filePath: string): string | null {
+  if (!existsSync(filePath)) {
+    return null;
+  }
+
+  try {
+    return createHash("sha256").update(readFileSync(filePath)).digest("hex");
+  } catch {
+    return null;
+  }
+}
+
+function getConfigHash(): string {
+  const workspaceRoot = process.env.GITHUB_WORKSPACE?.trim();
+  if (!workspaceRoot) {
+    return "no-config";
+  }
+
+  return hashFile(path.join(workspaceRoot, "supabase", "config.toml")) ?? "no-config";
+}
+
+function getCacheArchivePath(): string {
+  const runnerTemp = process.env.RUNNER_TEMP?.trim() || os.tmpdir();
+  return path.join(runnerTemp, CACHE_DIR, CACHE_ARCHIVE);
+}
+
+export function getImageRegistry(): string {
+  return process.env[CLI_CONFIG_REGISTRY]?.trim() || DEFAULT_REGISTRY;
+}
+
+export function getGhcrImageRegistry(): string {
+  return GHCR_REGISTRY;
+}
+
+export function createDockerImageCacheKey(installedVersion: string, registry: string): string {
+  return [
+    "supabase-cli-containers",
+    CACHE_KEY_VERSION,
+    sanitizeCacheKeyPart(process.platform),
+    sanitizeCacheKeyPart(process.arch),
+    sanitizeCacheKeyPart(installedVersion),
+    sanitizeCacheKeyPart(registry),
+    getConfigHash(),
+  ].join("-");
+}
+
+function getPrimaryCacheKey(installedVersion: string, registry: string): string {
+  const cacheKeyInput = core.getInput(CACHE_KEY_INPUT).trim();
+  if (cacheKeyInput) {
+    return cacheKeyInput;
+  }
+
+  return createDockerImageCacheKey(installedVersion, registry);
+}
+
+async function isDockerAvailable(run: ExecFile = execFile): Promise<boolean> {
+  try {
+    await run("docker", ["version"]);
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+async function runDocker(args: string[], run: ExecFile = execFile): Promise<string> {
+  const { stdout } = await run("docker", args, { maxBuffer: 1024 * 1024 * 16 });
+  return stdout;
+}
+
+function normalizeImageRefs(output: string): string[] {
+  return output
+    .split(/\r?\n/)
+    .map((line) => line.trim())
+    .filter((line) => line.length > 0 && !line.includes("<none>"));
+}
+
+function isSupabaseImageRef(ref: string): boolean {
+  return SUPABASE_IMAGE_PREFIXES.some((prefix) => ref.startsWith(prefix));
+}
+
+export async function collectDockerImageRefs(run: ExecFile = execFile): Promise<string[]> {
+  const refs = new Set<string>();
+
+  try {
+    const output = await runDocker(
+      ["ps", "-a", "--filter", `label=${CLI_PROJECT_LABEL}`, "--format", "{{.Image}}"],
+      run,
+    );
+    for (const ref of normalizeImageRefs(output)) {
+      refs.add(ref);
+    }
+  } catch (error) {
+    core.warning(
+      `Could not list Supabase CLI containers for Docker image cache: ${error instanceof Error ? error.message : String(error)}`,
+    );
+  }
+
+  try {
+    const output = await runDocker(["image", "ls", "--format", "{{.Repository}}:{{.Tag}}"], run);
+    for (const ref of normalizeImageRefs(output).filter(isSupabaseImageRef)) {
+      refs.add(ref);
+    }
+  } catch (error) {
+    core.warning(
+      `Could not list Docker images for Supabase image cache: ${error instanceof Error ? error.message : String(error)}`,
+    );
+  }
+
+  return [...refs].sort();
+}
+
+export async function restoreDockerImageCache(
+  installedVersion: string,
+  registry: string,
+  run: ExecFile = execFile,
+): Promise<void> {
+  const enabled = core.getBooleanInput(CACHE_INPUT);
+  core.setOutput(CACHE_HIT_OUTPUT, "false");
+  core.saveState(STATE_ENABLED, String(enabled));
+
+  if (!enabled) {
+    return;
+  }
+
+  const archivePath = getCacheArchivePath();
+  const primaryKey = getPrimaryCacheKey(installedVersion, registry);
+  mkdirSync(path.dirname(archivePath), { recursive: true });
+  core.saveState(STATE_PRIMARY_KEY, primaryKey);
+  core.saveState(STATE_ARCHIVE_PATH, archivePath);
+  core.saveState(STATE_CACHE_HIT, "false");
+
+  if (!(await isDockerAvailable(run))) {
+    core.warning("Docker is not available. Skipping Supabase Docker image cache restore.");
+    return;
+  }
+
+  let matchedKey: string | undefined;
+  try {
+    matchedKey = await cache.restoreCache([archivePath], primaryKey);
+  } catch (error) {
+    core.warning(
+      `Could not restore Supabase Docker image cache: ${error instanceof Error ? error.message : String(error)}`,
+    );
+    return;
+  }
+
+  if (!matchedKey) {
+    core.info("No Supabase Docker image cache found.");
+    return;
+  }
+
+  const cacheHit = matchedKey === primaryKey;
+  core.setOutput(CACHE_HIT_OUTPUT, String(cacheHit));
+  core.saveState(STATE_CACHE_HIT, String(cacheHit));
+
+  if (!existsSync(archivePath)) {
+    core.warning("Supabase Docker image cache was restored, but the archive is missing.");
+    return;
+  }
+
+  try {
+    await runDocker(["load", "-i", archivePath], run);
+    core.info("Loaded Supabase Docker images from cache.");
+  } catch (error) {
+    core.warning(
+      `Could not load Supabase Docker image cache: ${error instanceof Error ? error.message : String(error)}`,
+    );
+  }
+}
+
+export async function saveDockerImageCache(run: ExecFile = execFile): Promise<void> {
+  if (core.getState(STATE_ENABLED) !== "true") {
+    return;
+  }
+
+  if (core.getState(STATE_CACHE_HIT) === "true") {
+    core.info("Supabase Docker image cache hit. Skipping cache save.");
+    return;
+  }
+
+  const primaryKey = core.getState(STATE_PRIMARY_KEY);
+  const archivePath = core.getState(STATE_ARCHIVE_PATH) || getCacheArchivePath();
+  if (!primaryKey) {
+    core.warning("Supabase Docker image cache key is missing. Skipping cache save.");
+    return;
+  }
+
+  if (!(await isDockerAvailable(run))) {
+    core.warning("Docker is not available. Skipping Supabase Docker image cache save.");
+    return;
+  }
+
+  const imageRefs = await collectDockerImageRefs(run);
+  if (imageRefs.length === 0) {
+    core.warning("No Supabase Docker images found to cache.");
+    return;
+  }
+
+  mkdirSync(path.dirname(archivePath), { recursive: true });
+  try {
+    await runDocker(["save", "-o", archivePath, ...imageRefs], run);
+  } catch (error) {
+    core.warning(
+      `Could not create Supabase Docker image archive: ${error instanceof Error ? error.message : String(error)}`,
+    );
+    return;
+  }
+
+  try {
+    await cache.saveCache([archivePath], primaryKey);
+    core.info(`Saved ${imageRefs.length} Supabase Docker image(s) to cache.`);
+  } catch (error) {
+    core.warning(
+      `Could not save Supabase Docker image cache: ${error instanceof Error ? error.message : String(error)}`,
+    );
+  }
+}

src/main.test.ts

@@ -0,0 +1,432 @@
+import { mkdirSync, mkdtempSync, rmSync, writeFileSync } from "node:fs";
+import os from "node:os";
+import path from "node:path";
+import process from "node:process";
+import { fileURLToPath } from "node:url";
+import { afterEach, expect, mock, spyOn, test } from "bun:test";
+import * as core from "@actions/core";
+import * as tc from "@actions/tool-cache";
+
+const repo = path.dirname(path.dirname(fileURLToPath(import.meta.url)));
+const defaultEntrypoint = fileURLToPath(new URL("./main.ts", import.meta.url));
+const CLI_CONFIG_REGISTRY = "SUPABASE_INTERNAL_IMAGE_REGISTRY";
+const originalWorkspace = process.env.GITHUB_WORKSPACE;
+const tempDirs = new Set<string>();
+let mainModule: typeof import("./main.ts") | null = null;
+
+afterEach(() => {
+  mock.restore();
+  process.env.GITHUB_WORKSPACE = originalWorkspace;
+
+  for (const dir of tempDirs) {
+    rmSync(dir, { force: true, recursive: true });
+  }
+  tempDirs.clear();
+});
+
+function createFakeCli(versionOutput: string): string {
+  const dir = mkdtempSync(path.join(os.tmpdir(), "setup-cli-"));
+  tempDirs.add(dir);
+
+  if (process.platform === "win32") {
+    writeFileSync(
+      path.join(dir, "supabase.cmd"),
+      versionOutput ? `@echo off\r\necho ${versionOutput}\r\n` : "@echo off\r\n",
+    );
+    return dir;
+  }
+
+  const escapedOutput = versionOutput.replaceAll("'", "'\"'\"'");
+  writeFileSync(
+    path.join(dir, "supabase"),
+    versionOutput
+      ? `#!/usr/bin/env bash\nprintf '%s\\n' '${escapedOutput}'\n`
+      : "#!/usr/bin/env bash\n",
+  );
+  Bun.spawnSync(["chmod", "+x", path.join(dir, "supabase")]);
+  return dir;
+}
+
+function createWorkspace(files: Record<string, string>): string {
+  const dir = mkdtempSync(path.join(os.tmpdir(), "setup-cli-workspace-"));
+  tempDirs.add(dir);
+
+  for (const [relativePath, content] of Object.entries(files)) {
+    const filePath = path.join(dir, relativePath);
+    mkdirSync(path.dirname(filePath), { recursive: true });
+    writeFileSync(filePath, content);
+  }
+
+  return dir;
+}
+
+function createBunLock(
+  version: string,
+  options: {
+    includeDependency?: boolean;
+    includePackageEntry?: boolean;
+    useDevDependency?: boolean;
+  } = {},
+): string {
+  const includeDependency = options.includeDependency ?? true;
+  const includePackageEntry = options.includePackageEntry ?? true;
+  const dependencyKey = options.useDevDependency ? "devDependencies" : "dependencies";
+
+  return `{
+  "lockfileVersion": 1,
+  "configVersion": 1,
+  "workspaces": {
+    "": {
+      "name": "app",
+      "${dependencyKey}": {
+${includeDependency ? `        "supabase": "^${version}"` : ""}
+      }
+    }
+  },
+  "packages": {
+${
+  includePackageEntry
+    ? `    "supabase": [
+      "supabase@${version}",
+      "",
+      {},
+      "sha512-test"
+    ]`
+    : ""
+}
+  }
+}
+`;
+}
+
+function createPnpmLock(
+  version: string,
+  options: { asString?: boolean; includeVersion?: boolean; useDevDependency?: boolean } = {},
+): string {
+  const dependencyKey = options.useDevDependency ? "devDependencies" : "dependencies";
+
+  return `lockfileVersion: "9.0"
+importers:
+  .:
+    ${dependencyKey}:
+${
+  options.asString
+    ? `      supabase: ${version}`
+    : `      supabase:
+        specifier: ^${version}
+${options.includeVersion === false ? "" : `        version: ${version}`}`
+}
+packages:
+  supabase@${version}:
+    resolution:
+      integrity: sha512-test
+`;
+}
+
+function createPackageLock(version: string): string {
+  return JSON.stringify(
+    {
+      name: "app",
+      lockfileVersion: 3,
+      packages: {
+        "": {
+          dependencies: {
+            supabase: `^${version}`,
+          },
+        },
+        "node_modules/supabase": {
+          version,
+        },
+      },
+    },
+    null,
+    2,
+  );
+}
+
+function createActionSpies(inputVersion: string, cliDir: string, expectedUrlFragment: string) {
+  return {
+    getInput: spyOn(core, "getInput").mockImplementation((name: string) =>
+      name === "version" ? inputVersion : "",
+    ),
+    getBooleanInput: spyOn(core, "getBooleanInput").mockImplementation(() => false),
+    setOutput: spyOn(core, "setOutput").mockImplementation(() => {}),
+    addPath: spyOn(core, "addPath").mockImplementation(() => {}),
+    exportVariable: spyOn(core, "exportVariable").mockImplementation(() => {}),
+    saveState: spyOn(core, "saveState").mockImplementation(() => {}),
+    info: spyOn(core, "info").mockImplementation(() => {}),
+    warning: spyOn(core, "warning").mockImplementation(() => {}),
+    setFailed: spyOn(core, "setFailed").mockImplementation(() => {}),
+    downloadTool: spyOn(tc, "downloadTool").mockImplementation(async (url: string) => {
+      expect(url).toContain(expectedUrlFragment);
+      return path.join(os.tmpdir(), "supabase-cli.tar.gz");
+    }),
+    extractTar: spyOn(tc, "extractTar").mockImplementation(async () => cliDir),
+  };
+}
+
+async function getMainModule(): Promise<typeof import("./main.ts")> {
+  if (!mainModule) {
+    mainModule = await import("./main.ts");
+  }
+
+  return mainModule;
+}
+
+test("awaits the action entrypoint with omitted version and latest fallback", async () => {
+  process.env.GITHUB_WORKSPACE = repo;
+  const cliDir = createFakeCli("supabase 2.84.2");
+  let startDownload!: () => void;
+  let finishDownload!: () => void;
+  const downloadStarted = new Promise<void>((resolve) => {
+    startDownload = resolve;
+  });
+  const downloadFinished = new Promise<string>((resolve) => {
+    finishDownload = () => resolve(path.join(os.tmpdir(), "supabase-cli.tar.gz"));
+  });
+  const spies = {
+    getInput: spyOn(core, "getInput").mockImplementation((name: string) =>
+      name === "version" ? "" : "",
+    ),
+    getBooleanInput: spyOn(core, "getBooleanInput").mockImplementation(() => false),
+    setOutput: spyOn(core, "setOutput").mockImplementation(() => {}),
+    addPath: spyOn(core, "addPath").mockImplementation(() => {}),
+    exportVariable: spyOn(core, "exportVariable").mockImplementation(() => {}),
+    saveState: spyOn(core, "saveState").mockImplementation(() => {}),
+    info: spyOn(core, "info").mockImplementation(() => {}),
+    warning: spyOn(core, "warning").mockImplementation(() => {}),
+    setFailed: spyOn(core, "setFailed").mockImplementation(() => {}),
+    downloadTool: spyOn(tc, "downloadTool").mockImplementation(async (url: string) => {
+      expect(url).toContain("/latest/download/");
+      startDownload();
+      return downloadFinished;
+    }),
+    extractTar: spyOn(tc, "extractTar").mockImplementation(async () => cliDir),
+  };
+  const originalArgv1 = process.argv[1];
+  process.argv[1] = defaultEntrypoint;
+
+  try {
+    let importSettled = false;
+    const entrypoint = import(`./main.ts?entrypoint=${Date.now()}`).finally(() => {
+      importSettled = true;
+    });
+
+    await downloadStarted;
+    await Bun.sleep(0);
+
+    expect(importSettled).toBe(false);
+
+    finishDownload();
+    await entrypoint;
+  } finally {
+    process.argv[1] = originalArgv1 ?? "";
+  }
+
+  expect(spies.setOutput).toHaveBeenCalledWith("version", "supabase 2.84.2");
+  expect(spies.addPath).toHaveBeenCalledWith(cliDir);
+  expect(spies.exportVariable).toHaveBeenCalledWith(CLI_CONFIG_REGISTRY, "ghcr.io");
+  expect(spies.setFailed).not.toHaveBeenCalled();
+});
+
+test("uses the root bun.lock version when version is omitted", async () => {
+  process.env.GITHUB_WORKSPACE = createWorkspace({
+    "bun.lock": createBunLock("2.41.0"),
+  });
+  const cliDir = createFakeCli("supabase 2.41.0");
+  const spies = createActionSpies("", cliDir, "/download/v2.41.0/supabase_");
+  const { run } = await getMainModule();
+
+  await run();
+
+  expect(spies.downloadTool).not.toHaveBeenCalledWith(expect.stringContaining("/latest/download/"));
+  expect(spies.setOutput).toHaveBeenCalledWith("version", "supabase 2.41.0");
+  expect(spies.exportVariable).toHaveBeenCalledWith(CLI_CONFIG_REGISTRY, "ghcr.io");
+  expect(spies.setFailed).not.toHaveBeenCalled();
+});
+
+test("uses the root pnpm-lock.yaml version when version is omitted", async () => {
+  process.env.GITHUB_WORKSPACE = createWorkspace({
+    "pnpm-lock.yaml": createPnpmLock("2.42.0"),
+  });
+  const cliDir = createFakeCli("supabase 2.42.0");
+  const spies = createActionSpies("", cliDir, "/download/v2.42.0/supabase_");
+  const { run } = await getMainModule();
+
+  await run();
+
+  expect(spies.setOutput).toHaveBeenCalledWith("version", "supabase 2.42.0");
+  expect(spies.exportVariable).toHaveBeenCalledWith(CLI_CONFIG_REGISTRY, "ghcr.io");
+  expect(spies.setFailed).not.toHaveBeenCalled();
+});
+
+test("uses the root package-lock.json version when version is omitted", async () => {
+  process.env.GITHUB_WORKSPACE = createWorkspace({
+    "package-lock.json": createPackageLock("2.43.0"),
+  });
+  const cliDir = createFakeCli("supabase 2.43.0");
+  const spies = createActionSpies("", cliDir, "/download/v2.43.0/supabase_");
+  const { run } = await getMainModule();
+
+  await run();
+
+  expect(spies.setOutput).toHaveBeenCalledWith("version", "supabase 2.43.0");
+  expect(spies.exportVariable).toHaveBeenCalledWith(CLI_CONFIG_REGISTRY, "ghcr.io");
+  expect(spies.setFailed).not.toHaveBeenCalled();
+});
+
+test("falls through malformed lockfiles and uses the next supported root lockfile", async () => {
+  process.env.GITHUB_WORKSPACE = createWorkspace({
+    "bun.lock": "{ not valid",
+    "package-lock.json": createPackageLock("2.44.0"),
+  });
+  const cliDir = createFakeCli("supabase 2.44.0");
+  const spies = createActionSpies("", cliDir, "/download/v2.44.0/supabase_");
+  const { run } = await getMainModule();
+
+  await run();
+
+  expect(spies.setOutput).toHaveBeenCalledWith("version", "supabase 2.44.0");
+  expect(spies.exportVariable).toHaveBeenCalledWith(CLI_CONFIG_REGISTRY, "ghcr.io");
+  expect(spies.setFailed).not.toHaveBeenCalled();
+});
+
+test("falls back to latest when version is omitted and no supported root lockfile is present", async () => {
+  process.env.GITHUB_WORKSPACE = createWorkspace({
+    "README.md": "# app\n",
+  });
+  const cliDir = createFakeCli("supabase 2.84.2");
+  const spies = createActionSpies("", cliDir, "/latest/download/");
+  const { run } = await getMainModule();
+
+  await run();
+
+  expect(spies.setOutput).toHaveBeenCalledWith("version", "supabase 2.84.2");
+  expect(spies.exportVariable).toHaveBeenCalledWith(CLI_CONFIG_REGISTRY, "ghcr.io");
+  expect(spies.setFailed).not.toHaveBeenCalled();
+});
+
+test("falls back to latest when version is omitted and no workspace is available", async () => {
+  delete process.env.GITHUB_WORKSPACE;
+  const cliDir = createFakeCli("supabase 2.84.2");
+  const spies = createActionSpies("", cliDir, "/latest/download/");
+  const { run } = await getMainModule();
+
+  await run();
+
+  expect(spies.setOutput).toHaveBeenCalledWith("version", "supabase 2.84.2");
+  expect(spies.exportVariable).toHaveBeenCalledWith(CLI_CONFIG_REGISTRY, "ghcr.io");
+  expect(spies.setFailed).not.toHaveBeenCalled();
+});
+
+test("uses the declared bun.lock version when the resolved package entry is missing", async () => {
+  process.env.GITHUB_WORKSPACE = createWorkspace({
+    "bun.lock": createBunLock("2.44.1", { includePackageEntry: false, useDevDependency: true }),
+  });
+  const cliDir = createFakeCli("supabase 2.44.1");
+  const spies = createActionSpies("", cliDir, "/download/v2.44.1/supabase_");
+  const { run } = await getMainModule();
+
+  await run();
+
+  expect(spies.setOutput).toHaveBeenCalledWith("version", "supabase 2.44.1");
+  expect(spies.exportVariable).toHaveBeenCalledWith(CLI_CONFIG_REGISTRY, "ghcr.io");
+  expect(spies.setFailed).not.toHaveBeenCalled();
+});
+
+test("falls through bun.lock without supabase and uses a pnpm string dependency version", async () => {
+  process.env.GITHUB_WORKSPACE = createWorkspace({
+    "bun.lock": createBunLock("2.47.0", { includeDependency: false }),
+    "pnpm-lock.yaml": createPnpmLock("2.47.0", { asString: true }),
+  });
+  const cliDir = createFakeCli("supabase 2.47.0");
+  const spies = createActionSpies("", cliDir, "/download/v2.47.0/supabase_");
+  const { run } = await getMainModule();
+
+  await run();
+
+  expect(spies.setOutput).toHaveBeenCalledWith("version", "supabase 2.47.0");
+  expect(spies.exportVariable).toHaveBeenCalledWith(CLI_CONFIG_REGISTRY, "ghcr.io");
+  expect(spies.setFailed).not.toHaveBeenCalled();
+});
+
+test("falls through malformed pnpm lockfiles and uses the next supported root lockfile", async () => {
+  process.env.GITHUB_WORKSPACE = createWorkspace({
+    "pnpm-lock.yaml": "not: [valid",
+    "package-lock.json": createPackageLock("2.48.0"),
+  });
+  const cliDir = createFakeCli("supabase 2.48.0");
+  const spies = createActionSpies("", cliDir, "/download/v2.48.0/supabase_");
+  const { run } = await getMainModule();
+
+  await run();
+
+  expect(spies.setOutput).toHaveBeenCalledWith("version", "supabase 2.48.0");
+  expect(spies.exportVariable).toHaveBeenCalledWith(CLI_CONFIG_REGISTRY, "ghcr.io");
+  expect(spies.setFailed).not.toHaveBeenCalled();
+});
+
+test("falls through unreadable bun.lock paths and malformed package-lock files to latest", async () => {
+  const workspace = createWorkspace({
+    "package-lock.json": "{ invalid",
+  });
+  mkdirSync(path.join(workspace, "bun.lock"), { recursive: true });
+  process.env.GITHUB_WORKSPACE = workspace;
+  const cliDir = createFakeCli("supabase 2.84.2");
+  const spies = createActionSpies("", cliDir, "/latest/download/");
+  const { run } = await getMainModule();
+
+  await run();
+
+  expect(spies.setOutput).toHaveBeenCalledWith("version", "supabase 2.84.2");
+  expect(spies.exportVariable).toHaveBeenCalledWith(CLI_CONFIG_REGISTRY, "ghcr.io");
+  expect(spies.setFailed).not.toHaveBeenCalled();
+});
+
+test("falls back to latest when a pnpm dependency entry has no concrete version", async () => {
+  process.env.GITHUB_WORKSPACE = createWorkspace({
+    "pnpm-lock.yaml": createPnpmLock("2.49.0", { includeVersion: false }),
+  });
+  const cliDir = createFakeCli("supabase 2.84.2");
+  const spies = createActionSpies("", cliDir, "/latest/download/");
+  const { run } = await getMainModule();
+
+  await run();
+
+  expect(spies.setOutput).toHaveBeenCalledWith("version", "supabase 2.84.2");
+  expect(spies.exportVariable).toHaveBeenCalledWith(CLI_CONFIG_REGISTRY, "ghcr.io");
+  expect(spies.setFailed).not.toHaveBeenCalled();
+});
+
+test("explicit version overrides detected root lockfiles", async () => {
+  process.env.GITHUB_WORKSPACE = createWorkspace({
+    "bun.lock": createBunLock("2.45.0"),
+  });
+  const cliDir = createFakeCli("supabase 1.0.0");
+  const spies = createActionSpies("1.0.0", cliDir, "/download/v1.0.0/supabase_1.0.0_");
+  const { run } = await getMainModule();
+
+  await run();
+
+  expect(spies.setOutput).toHaveBeenCalledWith("version", "supabase 1.0.0");
+  expect(spies.exportVariable).not.toHaveBeenCalled();
+  expect(spies.setFailed).not.toHaveBeenCalled();
+});
+
+test("fails when the installed CLI does not report a version", async () => {
+  process.env.GITHUB_WORKSPACE = createWorkspace({
+    "package-lock.json": createPackageLock("2.46.0"),
+  });
+  const cliDir = createFakeCli("");
+  const spies = createActionSpies("", cliDir, "/download/v2.46.0/supabase_");
+  const { run } = await getMainModule();
+
+  await run();
+
+  expect(spies.setFailed).toHaveBeenCalledWith(
+    "Could not determine installed Supabase CLI version",
+  );
+  expect(spies.setOutput).not.toHaveBeenCalled();
+  expect(spies.addPath).not.toHaveBeenCalled();
+  expect(spies.exportVariable).not.toHaveBeenCalled();
+});

src/main.ts

@@ -1,36 +1,230 @@
-import * as core from '@actions/core'
-import * as tc from '@actions/tool-cache'
-import gte from 'semver/functions/gte'
-import {getDownloadUrl, determineInstalledVersion} from './utils'
+import * as core from "@actions/core";
+import * as tc from "@actions/tool-cache";
+import { load as loadYaml } from "js-yaml";
+import * as semver from "semver";
+import { execFile as execFileCallback } from "node:child_process";
+import { existsSync, readFileSync } from "node:fs";
+import path from "node:path";
+import { fileURLToPath } from "node:url";
+import { promisify } from "node:util";
+import { getGhcrImageRegistry, getImageRegistry, restoreDockerImageCache } from "./cache";
 
-export const CLI_CONFIG_REGISTRY = 'SUPABASE_INTERNAL_IMAGE_REGISTRY'
+export const CLI_CONFIG_REGISTRY = "SUPABASE_INTERNAL_IMAGE_REGISTRY";
+const REGISTRY_VERSION = "1.28.0";
+const DEFAULT_VERSION = "latest";
+const execFile = promisify(execFileCallback);
+
+type BunLock = {
+  workspaces?: {
+    "": {
+      dependencies?: Record<string, string>;
+      devDependencies?: Record<string, string>;
+    };
+  };
+  packages?: Record<string, unknown>;
+};
+
+type PnpmDependency =
+  | string
+  | {
+      version?: string;
+    };
+
+type PnpmLock = {
+  importers?: {
+    ".": {
+      dependencies?: Record<string, PnpmDependency>;
+      devDependencies?: Record<string, PnpmDependency>;
+    };
+  };
+};
+
+type PackageLock = {
+  packages?: Record<string, { version?: string }>;
+  dependencies?: Record<string, { version?: string }>;
+};
+
+function getArchivePlatform(platform: NodeJS.Platform): string {
+  return platform === "win32" ? "windows" : platform;
+}
+
+function getArchiveArch(arch: NodeJS.Architecture): string {
+  return arch === "x64" ? "amd64" : arch;
+}
+
+function extractConcreteVersion(raw: string | undefined): string | null {
+  if (!raw) {
+    return null;
+  }
+
+  const match = raw.match(/\d+\.\d+\.\d+(?:-[0-9A-Za-z.-]+)?(?:\+[0-9A-Za-z.-]+)?/);
+  return match?.[0] ?? null;
+}
+
+function readWorkspaceLockfile(workspaceRoot: string, filename: string): string | null {
+  const filePath = path.join(workspaceRoot, filename);
+
+  if (!existsSync(filePath)) {
+    return null;
+  }
 
-async function run(): Promise<void> {
   try {
-    // Get version of tool to be installed
-    const version = core.getInput('version')
-
-    // Download the specific version of the tool, e.g. as a tarball/zipball
-    const download = await getDownloadUrl(version)
-    const pathToTarball = await tc.downloadTool(download)
-
-    // Extract the tarball/zipball onto host runner
-    const pathToCLI = await tc.extractTar(pathToTarball)
-
-    // Expose the tool by adding it to the PATH
-    core.addPath(pathToCLI)
-
-    // Expose installed tool version
-    const determinedVersion = await determineInstalledVersion()
-    core.setOutput('version', determinedVersion)
-
-    // Use GHCR mirror by default
-    if (version.toLowerCase() === 'latest' || gte(version, '1.28.0')) {
-      core.exportVariable(CLI_CONFIG_REGISTRY, 'ghcr.io')
-    }
-  } catch (error) {
-    if (error instanceof Error) core.setFailed(error.message)
+    return readFileSync(filePath, "utf8");
+  } catch {
+    return null;
   }
 }
 
-run()
+function detectVersionFromBunLock(workspaceRoot: string): string | null {
+  const text = readWorkspaceLockfile(workspaceRoot, "bun.lock");
+
+  if (!text) {
+    return null;
+  }
+
+  try {
+    const lockfile = JSON.parse(text.replace(/,\s*([}\]])/g, "$1")) as BunLock;
+    const rootWorkspace = lockfile.workspaces?.[""];
+    const declaredVersion =
+      rootWorkspace?.dependencies?.supabase ?? rootWorkspace?.devDependencies?.supabase;
+
+    if (!declaredVersion) {
+      return null;
+    }
+
+    const resolvedPackage = lockfile.packages?.supabase;
+    if (Array.isArray(resolvedPackage) && typeof resolvedPackage[0] === "string") {
+      return extractConcreteVersion(resolvedPackage[0]);
+    }
+
+    return extractConcreteVersion(declaredVersion);
+  } catch {
+    return null;
+  }
+}
+
+function detectVersionFromPnpmLock(workspaceRoot: string): string | null {
+  const text = readWorkspaceLockfile(workspaceRoot, "pnpm-lock.yaml");
+
+  if (!text) {
+    return null;
+  }
+
+  try {
+    const lockfile = loadYaml(text) as PnpmLock;
+    const rootImporter = lockfile.importers?.["."];
+    const dependency =
+      rootImporter?.dependencies?.supabase ?? rootImporter?.devDependencies?.supabase;
+
+    if (typeof dependency === "string") {
+      return extractConcreteVersion(dependency);
+    }
+
+    return extractConcreteVersion(dependency?.version);
+  } catch {
+    return null;
+  }
+}
+
+function detectVersionFromPackageLock(workspaceRoot: string): string | null {
+  const text = readWorkspaceLockfile(workspaceRoot, "package-lock.json");
+
+  if (!text) {
+    return null;
+  }
+
+  try {
+    const lockfile = JSON.parse(text) as PackageLock;
+
+    return (
+      extractConcreteVersion(lockfile.packages?.["node_modules/supabase"]?.version) ??
+      extractConcreteVersion(lockfile.dependencies?.supabase?.version)
+    );
+  } catch {
+    return null;
+  }
+}
+
+function resolveVersion(inputVersion: string): string {
+  const requestedVersion = inputVersion.trim();
+
+  if (requestedVersion) {
+    return requestedVersion;
+  }
+
+  const workspaceRoot = process.env.GITHUB_WORKSPACE?.trim();
+
+  if (!workspaceRoot) {
+    return DEFAULT_VERSION;
+  }
+
+  return (
+    detectVersionFromBunLock(workspaceRoot) ??
+    detectVersionFromPnpmLock(workspaceRoot) ??
+    detectVersionFromPackageLock(workspaceRoot) ??
+    DEFAULT_VERSION
+  );
+}
+
+export function getDownloadUrl(version: string): string {
+  const platform = getArchivePlatform(process.platform);
+  const arch = getArchiveArch(process.arch);
+  const filename = `supabase_${platform}_${arch}.tar.gz`;
+
+  if (version.toLowerCase() === "latest") {
+    return `https://github.com/supabase/cli/releases/latest/download/${filename}`;
+  }
+
+  if (semver.compare(version, REGISTRY_VERSION) === -1) {
+    return `https://github.com/supabase/cli/releases/download/v${version}/supabase_${version}_${platform}_${arch}.tar.gz`;
+  }
+
+  return `https://github.com/supabase/cli/releases/download/v${version}/${filename}`;
+}
+
+function getSupabaseExecutable(cliPath: string): string {
+  const names =
+    process.platform === "win32" ? ["supabase.exe", "supabase.cmd", "supabase"] : ["supabase"];
+
+  for (const name of names) {
+    const executable = path.join(cliPath, name);
+    if (existsSync(executable)) {
+      return executable;
+    }
+  }
+
+  return path.join(cliPath, "supabase");
+}
+
+export async function determineInstalledVersion(cliPath: string): Promise<string> {
+  const { stdout } = await execFile(getSupabaseExecutable(cliPath), ["--version"]);
+  const version = stdout.trim();
+  if (!version) {
+    throw new Error("Could not determine installed Supabase CLI version");
+  }
+
+  return version;
+}
+
+export async function run(): Promise<void> {
+  try {
+    const version = resolveVersion(core.getInput("version"));
+    const tarball = await tc.downloadTool(getDownloadUrl(version));
+    const cliPath = await tc.extractTar(tarball);
+    const installedVersion = await determineInstalledVersion(cliPath);
+    core.setOutput("version", installedVersion);
+    core.addPath(cliPath);
+
+    if (version.toLowerCase() === "latest" || semver.compare(version, REGISTRY_VERSION) >= 0) {
+      core.exportVariable(CLI_CONFIG_REGISTRY, getGhcrImageRegistry());
+    }
+
+    await restoreDockerImageCache(installedVersion, getImageRegistry());
+  } catch (error) {
+    core.setFailed(error instanceof Error ? error.message : String(error));
+  }
+}
+
+if (process.argv[1] === fileURLToPath(import.meta.url)) {
+  await run();
+}

src/post.ts

@@ -0,0 +1,17 @@
+import * as core from "@actions/core";
+import { fileURLToPath } from "node:url";
+import { saveDockerImageCache } from "./cache";
+
+export async function run(): Promise<void> {
+  try {
+    await saveDockerImageCache();
+  } catch (error) {
+    core.warning(
+      `Supabase Docker image cache post step failed: ${error instanceof Error ? error.message : String(error)}`,
+    );
+  }
+}
+
+if (process.argv[1] === fileURLToPath(import.meta.url)) {
+  await run();
+}

src/utils.ts

@@ -1,48 +0,0 @@
-import {exec} from 'child_process'
-import os from 'os'
-import lt from 'semver/functions/lt'
-import {promisify} from 'util'
-
-const doExec = promisify(exec)
-
-// arch in [arm, arm64, x64...] (https://nodejs.org/docs/latest-v16.x/api/os.html#osarch)
-// return value in [amd64, arm64, arm]
-const mapArch = (arch: string): string => {
-  const mappings: Record<string, string> = {
-    x64: 'amd64'
-  }
-  return mappings[arch] || arch
-}
-
-// os in [darwin, linux, win32...] (https://nodejs.org/docs/latest-v16.x/api/os.html#osplatform)
-// return value in [darwin, linux, windows]
-const mapOS = (platform: string): string => {
-  const mappings: Record<string, string> = {
-    win32: 'windows'
-  }
-  return mappings[platform] || platform
-}
-
-export const getDownloadUrl = async (version: string): Promise<string> => {
-  const platform = mapOS(os.platform())
-  const arch = mapArch(os.arch())
-  const filename = `supabase_${platform}_${arch}.tar.gz`
-  if (version.toLowerCase() === 'latest') {
-    return `https://github.com/supabase/cli/releases/latest/download/${filename}`
-  }
-  if (lt(version, '1.28.0')) {
-    return `https://github.com/supabase/cli/releases/download/v${version}/supabase_${version}_${platform}_${arch}.tar.gz`
-  }
-  return `https://github.com/supabase/cli/releases/download/v${version}/${filename}`
-}
-
-export const determineInstalledVersion = async (): Promise<string> => {
-  const {stdout} = await doExec('supabase --version')
-
-  const version = stdout.trim()
-  if (!version) {
-    throw new Error('Could not determine installed Supabase CLI version')
-  }
-
-  return version
-}

tsconfig.json

@@ -1,12 +1,7 @@
 {
+  "extends": "@tsconfig/bun/tsconfig.json",
   "compilerOptions": {
-    "target": "es6",                          /* Specify ECMAScript target version: 'ES3' (default), 'ES5', 'ES2015', 'ES2016', 'ES2017', 'ES2018', 'ES2019' or 'ESNEXT'. */
-    "module": "commonjs",                     /* Specify module code generation: 'none', 'commonjs', 'amd', 'system', 'umd', 'es2015', or 'ESNext'. */
-    "outDir": "./lib",                        /* Redirect output structure to the directory. */
-    "rootDir": "./src",                       /* Specify the root directory of input files. Use to control the output directory structure with --outDir. */
-    "strict": true,                           /* Enable all strict type-checking options. */
-    "noImplicitAny": true,                    /* Raise error on expressions and declarations with an implied 'any' type. */
-    "esModuleInterop": true                   /* Enables emit interoperability between CommonJS and ES Modules via creation of namespace objects for all imports. Implies 'allowSyntheticDefaultImports'. */
+    "types": ["bun", "node"]
   },
-  "exclude": ["node_modules", "**/*.test.ts"]
+  "include": ["src"]
 }