ci(e2e): trigger e2e from supabase/cli beta releases

Adds a workflow_dispatch input and a `cli-released` repository_dispatch
listener so supabase/cli can run this e2e against a freshly published
beta build before the same bytes flow to the stable channel. The CLI
v2.99 archive layout change (CLI-1475) was only caught after the stable
release; with this in place a packaging-incompatibility regression on
develop fails this workflow and surfaces in the cli release run that
dispatched it.

When a version is supplied, the matrix narrows to that single CLI
version across all supported Postgres majors instead of the default
multi-version sweep.

.bun-version

@@ -0,0 +1 @@
+1.3.10

.gitattributes

@@ -1,3 +0,0 @@
-* text=auto eol=lf
-
-dist/** -diff linguist-generated=true

.github/CODEOWNERS

@@ -1 +1 @@
-* @supabase/dev-workflows
+* @supabase/cli

.github/codeql/codeql-config.yml

@@ -1,5 +0,0 @@
-name: JavaScript CodeQL Configuration
-
-paths-ignore:
-  - node_modules
-  - dist

.github/dependabot.yml

@@ -4,28 +4,33 @@ updates:
     directory: /
     schedule:
       interval: weekly
+      day: tuesday
+      time: "09:00"
+      timezone: Europe/Paris
+    open-pull-requests-limit: 1
     groups:
-      actions-minor:
+      actions-minor-patch:
+        patterns:
+          - "*"
         update-types:
           - minor
           - patch
 
-  - package-ecosystem: npm
+  - package-ecosystem: bun
     directory: /
     schedule:
-      interval: daily
+      interval: weekly
+      day: tuesday
+      time: "09:00"
+      timezone: Europe/Paris
+    open-pull-requests-limit: 1
+    cooldown:
+      semver-minor-days: 7
+      semver-patch-days: 2
     groups:
-      npm-development:
-        dependency-type: development
+      bun-minor-patch:
+        patterns:
+          - "*"
         update-types:
           - minor
           - patch
-      npm-production:
-        dependency-type: production
-        update-types:
-          - patch
-    ignore:
-      # nodejs types is pinned to runtime version
-      - dependency-name: '@types/node'
-        update-types:
-          - version-update:semver-major

.github/workflows/ci.yml

@@ -0,0 +1,68 @@
+name: CI
+
+on:
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
+      - converted_to_draft
+  push:
+    branches:
+      - main
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+permissions:
+  contents: read
+
+defaults:
+  run:
+    shell: bash
+
+jobs:
+  validate:
+    if: ${{ github.event_name != 'pull_request' || !github.event.pull_request.draft }}
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
+      - uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2.2.0
+        with:
+          bun-version-file: .bun-version
+      - run: bun install --frozen-lockfile
+      - run: bun run ci
+
+  test:
+    if: ${{ github.event_name != 'pull_request' || !github.event.pull_request.draft }}
+    runs-on: ${{ matrix.os }}
+    timeout-minutes: 20
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [macos-latest, windows-latest, ubuntu-latest]
+        version: [1.0.0, latest]
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: ./
+        with:
+          version: ${{ matrix.version }}
+      - run: supabase -h
+
+  ci:
+    if: ${{ always() && github.event_name == 'pull_request' }}
+    name: CI
+    runs-on: ubuntu-latest
+    needs: [validate, test]
+    timeout-minutes: 5
+    steps:
+      - run: |
+          validate_result="${{ needs.validate.result }}"
+          test_result="${{ needs.test.result }}"
+          [[ "$validate_result" == "success" || "$validate_result" == "skipped" ]]
+          [[ "$test_result" == "success" || "$test_result" == "skipped" ]]

.github/workflows/codeql-analysis.yml

@@ -1,47 +0,0 @@
-name: CodeQL
-
-on:
-  pull_request:
-  push:
-    branches:
-      - main
-  schedule:
-    - cron: '31 7 * * 3'
-
-permissions:
-  actions: read
-  checks: write
-  contents: read
-  security-events: write
-
-jobs:
-  analyze:
-    name: Analyze
-    runs-on: ubuntu-latest
-
-    strategy:
-      fail-fast: false
-      matrix:
-        language:
-          - typescript
-
-    steps:
-      - name: Checkout
-        id: checkout
-        uses: actions/checkout@v4
-
-      - name: Initialize CodeQL
-        id: initialize
-        uses: github/codeql-action/init@v3
-        with:
-          config-file: .github/codeql/codeql-config.yml
-          languages: ${{ matrix.language }}
-          source-root: src
-
-      - name: Autobuild
-        id: autobuild
-        uses: github/codeql-action/autobuild@v3
-
-      - name: Perform CodeQL Analysis
-        id: analyze
-        uses: github/codeql-action/analyze@v3

.github/workflows/dependabot.yml

@@ -3,6 +3,10 @@ name: Dependabot auto-merge
 
 on: pull_request
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
 permissions:
   pull-requests: write
   contents: write
@@ -10,29 +14,33 @@ permissions:
 jobs:
   dependabot:
     runs-on: ubuntu-latest
-    # Checking the actor will prevent your Action run failing on non-Dependabot
-    # PRs but also ensures that it only does work for Dependabot PRs.
-    if: ${{ github.actor == 'dependabot[bot]' }}
+    timeout-minutes: 10
+    # Only act on PRs opened by Dependabot from branches in this repository.
+    if: github.actor == 'dependabot[bot]' && github.repository == github.event.pull_request.head.repo.full_name
     steps:
-      # This first step will fail if there's no metadata and so the approval
-      # will not occur.
+      # Metadata drives the non-major gating used for approval and auto-merge.
       - id: meta
-        uses: dependabot/fetch-metadata@v2
+        uses: dependabot/fetch-metadata@25dd0e34f4fe68f24cc83900b1fe3fe149efef98 # v3.1.0
         with:
-          github-token: '${{ secrets.GITHUB_TOKEN }}'
+          github-token: "${{ secrets.GITHUB_TOKEN }}"
+
+      - name: Generate token
+        id: app-token
+        if: ${{ steps.meta.outputs.update-type == null || steps.meta.outputs.update-type == 'version-update:semver-patch' || steps.meta.outputs.update-type == 'version-update:semver-minor' }}
+        uses: actions/create-github-app-token@1b10c78c7865c340bc4f6099eb2f838309f1e8c3 # v3.1.1
+        with:
+          app-id: ${{ secrets.APP_ID }}
+          private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
 
-      # Here the PR gets approved.
       - name: Approve a PR
-        if: ${{steps.meta.outputs.update-type != 'version-update:semver-major'}}
+        if: ${{ steps.meta.outputs.update-type == null || steps.meta.outputs.update-type == 'version-update:semver-patch' || steps.meta.outputs.update-type == 'version-update:semver-minor' }}
         run: gh pr review --approve "$PR_URL"
         env:
           PR_URL: ${{ github.event.pull_request.html_url }}
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
 
-      # Finally, this sets the PR to allow auto-merging for patch and minor
-      # updates if all checks pass
       - name: Enable auto-merge for Dependabot PRs
-        if: ${{steps.meta.outputs.update-type != 'version-update:semver-major'}}
+        if: ${{ steps.meta.outputs.update-type == null || steps.meta.outputs.update-type == 'version-update:semver-patch' || steps.meta.outputs.update-type == 'version-update:semver-minor' }}
         run: gh pr merge --auto --squash "$PR_URL"
         env:
           PR_URL: ${{ github.event.pull_request.html_url }}

.github/workflows/e2e.yml

@@ -0,0 +1,110 @@
+name: E2E
+on:
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
+      - converted_to_draft
+  push:
+    branches:
+      - main
+    tags:
+      - "v[0-9]+.[0-9]+.[0-9]+"
+  schedule:
+    # * is a special character in YAML so you have to quote this string
+    - cron: "30 1,9 * * *"
+  workflow_dispatch:
+    inputs:
+      cli_version:
+        description: Specific Supabase CLI version to test. When set, the matrix runs only this version across all supported Postgres majors. Leave empty to run the full version matrix.
+        required: false
+        type: string
+        default: ""
+  # Triggered from supabase/cli after a successful beta release so the
+  # symmetric e2e runs before a stale archive layout (or any other
+  # packaging change) reaches the stable channel. The dispatcher sends
+  # `client_payload.version` (e.g. "2.99.0") and `client_payload.channel`.
+  repository_dispatch:
+    types:
+      - cli-released
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}-${{ github.event.inputs.cli_version || github.event.client_payload.version }}
+  cancel-in-progress: true
+
+defaults:
+  run:
+    shell: bash
+
+permissions:
+  contents: read
+
+jobs:
+  plan:
+    if: ${{ github.event_name != 'pull_request' || !github.event.pull_request.draft }}
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+    outputs:
+      matrix: ${{ steps.compute.outputs.matrix }}
+      cli_version: ${{ steps.compute.outputs.cli_version }}
+      source: ${{ steps.compute.outputs.source }}
+    steps:
+      - id: compute
+        env:
+          DISPATCH_VERSION: ${{ github.event.inputs.cli_version }}
+          PAYLOAD_VERSION: ${{ github.event.client_payload.version }}
+          PAYLOAD_CHANNEL: ${{ github.event.client_payload.channel }}
+          EVENT_NAME: ${{ github.event_name }}
+        run: |
+          set -euo pipefail
+          version=""
+          source="default"
+          if [[ "$EVENT_NAME" == "repository_dispatch" && -n "$PAYLOAD_VERSION" ]]; then
+            version="${PAYLOAD_VERSION#v}"
+            source="cli-${PAYLOAD_CHANNEL:-release}"
+          elif [[ -n "$DISPATCH_VERSION" ]]; then
+            version="${DISPATCH_VERSION#v}"
+            source="workflow_dispatch"
+          fi
+          if [[ -n "$version" ]]; then
+            matrix='{"version":["'"$version"'"],"pg_major":[14,15,17]}'
+          else
+            matrix='{"version":["1.178.2","2.33.0","latest"],"pg_major":[14,15,17],"exclude":[{"version":"1.178.2","pg_major":17}]}'
+          fi
+          {
+            echo "cli_version=$version"
+            echo "source=$source"
+            echo "matrix=$matrix"
+          } >> "$GITHUB_OUTPUT"
+
+  e2e: # make sure the action works on a clean machine without building
+    needs: plan
+    runs-on: ubuntu-latest
+    timeout-minutes: 45
+    strategy:
+      fail-fast: false
+      matrix: ${{ fromJSON(needs.plan.outputs.matrix) }}
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
+      - uses: ./
+        with:
+          version: ${{ matrix.version }}
+      - run: supabase init
+      - run: |
+          sed -i -E "s|^(major_version) .*|\\1 = ${{ matrix.pg_major }}|" supabase/config.toml
+      - run: supabase start
+
+  e2e-check:
+    if: ${{ always() && github.event_name == 'pull_request' }}
+    name: E2E
+    runs-on: ubuntu-latest
+    needs: [e2e]
+    timeout-minutes: 5
+    steps:
+      - run: |
+          e2e_result="${{ needs.e2e.result }}"
+          [[ "$e2e_result" == "success" || "$e2e_result" == "skipped" ]]

.github/workflows/licensed.yml

@@ -1,6 +1,6 @@
-# This workflow checks the statuses of cached dependencies used in this action
-# with the help of the Licensed tool. If any licenses are invalid or missing,
-# this workflow will fail. See: https://github.com/licensee/licensed
+# This workflow refreshes and checks dependency license records used in this
+# action with the help of the Licensed tool. If any licenses are invalid or
+# missing, this workflow will fail. See: https://github.com/licensee/licensed
 
 name: Licensed
 
@@ -9,61 +9,139 @@ on:
   push:
     branches:
       - main
+    paths:
+      - .github/workflows/licensed.yml
+      - .licensed.yml
+      - .licenses/**
+      - bun.lock
+      - package.json
   workflow_dispatch:
 
-permissions:
-  contents: write
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
 
 jobs:
-  licensed:
-    name: Check Licenses
+  check-licenses:
+    if: ${{ github.event_name != 'workflow_dispatch' }}
+    name: Licensed
     runs-on: ubuntu-latest
+    timeout-minutes: 15
+    permissions:
+      contents: read
+      pull-requests: read
 
     steps:
+      - name: Detect license inputs
+        id: license-inputs
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          PR_NUMBER: ${{ github.event.pull_request.number }}
+          REPOSITORY: ${{ github.repository }}
+        run: |
+          if [[ "${{ github.event_name }}" != "pull_request" ]]; then
+            echo "changed=true" >> "$GITHUB_OUTPUT"
+            exit 0
+          fi
+
+          gh api "repos/${REPOSITORY}/pulls/${PR_NUMBER}/files" --paginate --jq '.[].filename' > changed-files.txt
+          if grep -Eq '^(\.github/workflows/licensed\.yml|\.licensed\.yml|\.licenses/.*|bun\.lock|package\.json)$' changed-files.txt; then
+            echo "changed=true" >> "$GITHUB_OUTPUT"
+          else
+            echo "changed=false" >> "$GITHUB_OUTPUT"
+          fi
+
       - name: Checkout
         id: checkout
-        uses: actions/checkout@v4
+        if: steps.license-inputs.outputs.changed == 'true'
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
 
-      - name: Setup Node.js
-        id: setup-node
-        uses: actions/setup-node@v4
+      - name: Setup Bun
+        id: setup-bun
+        if: steps.license-inputs.outputs.changed == 'true'
+        uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2.2.0
         with:
-          node-version-file: .node-version
-          cache: npm
+          bun-version-file: .bun-version
 
       - name: Install Dependencies
-        id: npm-ci
-        run: npm ci
+        id: bun-install
+        if: steps.license-inputs.outputs.changed == 'true'
+        run: bun install --frozen-lockfile
 
       - name: Setup Ruby
         id: setup-ruby
-        uses: ruby/setup-ruby@v1
+        if: steps.license-inputs.outputs.changed == 'true'
+        uses: ruby/setup-ruby@7372622e62b60b3cb750dcd2b9e32c247ffec26a # v1.302.0
         with:
           ruby-version: ruby
 
-      - uses: licensee/setup-licensed@v1.3.2
+      - uses: licensee/setup-licensed@0d52e575b3258417672be0dff2f115d7db8771d8 # v1.3.2
+        if: steps.license-inputs.outputs.changed == 'true'
         with:
           version: 4.x
           github_token: ${{ secrets.GITHUB_TOKEN }}
 
-      # If this is a workflow_dispatch event, update the cached licenses.
-      - if: ${{ github.event_name == 'workflow_dispatch' }}
+      - name: Refresh License Cache
+        id: refresh-license-cache
+        if: steps.license-inputs.outputs.changed == 'true'
+        run: licensed cache
+
+      - name: Check Licenses
+        id: check-licenses
+        if: steps.license-inputs.outputs.changed == 'true'
+        run: licensed status
+
+  update-licenses:
+    if: ${{ github.event_name == 'workflow_dispatch' }}
     name: Update Licenses
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    permissions:
+      contents: write
+
+    steps:
+      - name: Checkout
+        id: checkout
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+
+      - name: Setup Bun
+        id: setup-bun
+        uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2.2.0
+        with:
+          bun-version-file: .bun-version
+
+      - name: Install Dependencies
+        id: bun-install
+        run: bun install --frozen-lockfile
+
+      - name: Setup Ruby
+        id: setup-ruby
+        uses: ruby/setup-ruby@7372622e62b60b3cb750dcd2b9e32c247ffec26a # v1.302.0
+        with:
+          ruby-version: ruby
+
+      - uses: licensee/setup-licensed@0d52e575b3258417672be0dff2f115d7db8771d8 # v1.3.2
+        with:
+          version: 4.x
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Update License Cache
         id: update-licenses
         run: licensed cache
 
-      # Then, commit the updated licenses to the repository.
-      - if: ${{ github.event_name == 'workflow_dispatch' }}
-        name: Commit Licenses
+      - name: Format License Files
+        id: format-licenses
+        run: bun x oxfmt --write .licensed.yml .licenses
+
+      - name: Commit Licenses
         id: commit-licenses
         run: |
           git config --local user.email "licensed-ci@users.noreply.github.com"
           git config --local user.name "licensed-ci"
-          git add .
+          git add .licenses .licensed.yml
+          if git diff --cached --quiet; then
+            echo "No license cache changes to commit."
+            exit 0
+          fi
           git commit -m "Auto-update license files"
           git push
-
-      # Last, check the status of the cached licenses.
-      - name: Check Licenses
-        id: check-licenses
-        run: licensed status

.github/workflows/linter.yml

@@ -1,56 +0,0 @@
-# This workflow will lint the entire codebase using the
-# `super-linter/super-linter` action.
-#
-# For more information, see the super-linter repository:
-#     https://github.com/super-linter/super-linter
-name: Lint Codebase
-
-on:
-  pull_request:
-  push:
-    branches:
-      - main
-
-permissions:
-  contents: read
-  packages: read
-  statuses: write
-
-jobs:
-  lint:
-    name: Lint Codebase
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Checkout
-        id: checkout
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-
-      - name: Setup Node.js
-        id: setup-node
-        uses: actions/setup-node@v4
-        with:
-          node-version-file: .node-version
-          cache: npm
-
-      - name: Install Dependencies
-        id: install
-        run: npm ci
-
-      - name: Lint Codebase
-        id: super-linter
-        uses: super-linter/super-linter/slim@v8
-        env:
-          DEFAULT_BRANCH: main
-          FILTER_REGEX_EXCLUDE: dist/**/*
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          LINTER_RULES_PATH: ${{ github.workspace }}
-          VALIDATE_ALL_CODEBASE: true
-          VALIDATE_JAVASCRIPT_ES: false
-          VALIDATE_JAVASCRIPT_STANDARD: false
-          VALIDATE_JSCPD: false
-          VALIDATE_TYPESCRIPT_ES: false
-          VALIDATE_JSON: false
-          VALIDATE_TYPESCRIPT_STANDARD: false

.github/workflows/start.yml

@@ -1,45 +0,0 @@
-name: CLI Start
-on:
-  push:
-    branches:
-      - main
-    tags:
-      - 'v[0-9]+.[0-9]+.[0-9]+'
-  schedule:
-    # * is a special character in YAML so you have to quote this string
-    - cron: '30 1,9 * * *'
-  workflow_dispatch:
-
-defaults:
-  run:
-    shell: bash
-
-permissions:
-  contents: read
-
-jobs:
-  e2e: # make sure the action works on a clean machine without building
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        version:
-          - 1.178.2
-          - 2.33.0
-          - latest
-        pg_major:
-          - 14
-          - 15
-          - 17
-        exclude:
-          - version: 1.178.2
-            pg_major: 17
-    steps:
-      - uses: actions/checkout@v4
-      - uses: ./
-        with:
-          version: ${{ matrix.version }}
-      - run: supabase init
-      - run:
-          sed -i -E "s|^(major_version) .*|\1 = ${{ matrix.pg_major }}|"
-          supabase/config.toml
-      - run: supabase start

.github/workflows/test.yml

@@ -1,68 +0,0 @@
-name: 'build-test'
-
-on:
-  pull_request:
-  push:
-    branches:
-      - main
-
-permissions:
-  contents: read
-
-defaults:
-  run:
-    shell: bash
-
-jobs:
-  build:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-node@v4
-        with:
-          node-version-file: .node-version
-          cache: npm
-      - run: npm ci
-      - run: npm run all
-
-      - id: diff
-        run: |
-          if [ ! -d dist/ ]; then
-            echo "Expected dist/ directory does not exist.  See status below:"
-            ls -la ./
-            exit 1
-          fi
-          if [ "$(git diff --ignore-space-at-eol --text dist/ | wc -l)" -gt "0" ]; then
-            echo "Detected uncommitted changes after build. See status below:"
-            git diff --ignore-space-at-eol --text dist/
-            exit 1
-          fi
-
-      # Upload the mismatched version as a workflow artifact.
-      - if: ${{ failure() && steps.diff.outcome == 'failure' }}
-        uses: actions/upload-artifact@v4
-        with:
-          name: dist
-          path: dist/
-
-  test:
-    runs-on: ${{ matrix.os }}
-    strategy:
-      matrix:
-        os: [macos-latest, windows-latest, ubuntu-latest]
-        version: [1.0.0, latest]
-    steps:
-      - uses: actions/checkout@v4
-      - uses: ./
-        with:
-          version: ${{ matrix.version }}
-      - run: supabase -h
-
-  check:
-    if: ${{ always() && github.event.pull_request }}
-    runs-on: ubuntu-latest
-    needs: [test]
-    steps:
-      - run: |
-          result="${{ needs.test.result }}"
-          [[ $result == "success" || $result == "skipped" ]]

.gitignore

@@ -1,7 +1,6 @@
 # Dependency directory
 node_modules
-
-# Rest pulled from https://github.com/github/gitignore/blob/master/Node.gitignore
+bun.lockb
 # Logs
 logs
 *.log

.licensed.yml

@@ -13,6 +13,4 @@ allowed:
   - other
 
 ignored:
-  npm:
-    # Used by Rollup.js when building in GitHub Actions
-    - '@rollup/rollup-linux-x64-gnu'
+  npm: []

.licenses/npm/@actions/core.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@actions/core"
-version: 1.11.1
+version: 3.0.0
 type: npm
 summary: Actions core lib
 homepage: https://github.com/actions/toolkit/tree/main/packages/core

.licenses/npm/@actions/exec.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@actions/exec"
-version: 1.1.1
+version: 3.0.0
 type: npm
 summary: Actions exec lib
 homepage: https://github.com/actions/toolkit/tree/main/packages/exec

.licenses/npm/@actions/http-client.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@actions/http-client"
-version: 2.2.3
+version: 4.0.0
 type: npm
 summary: Actions Http Client
 homepage: https://github.com/actions/toolkit/tree/main/packages/http-client

.licenses/npm/@actions/io.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@actions/io"
-version: 1.1.3
+version: 3.0.2
 type: npm
 summary: Actions io lib
 homepage: https://github.com/actions/toolkit/tree/main/packages/io

.licenses/npm/@actions/tool-cache.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: "@actions/tool-cache"
-version: 2.0.2
+version: 4.0.0
 type: npm
 summary: Actions tool-cache lib
 homepage: https://github.com/actions/toolkit/tree/main/packages/tool-cache

.licenses/npm/@fastify/busboy.dep.yml

@@ -1,30 +0,0 @@
----
-name: "@fastify/busboy"
-version: 2.1.1
-type: npm
-summary: A streaming parser for HTML form data for node.js
-homepage:
-license: mit
-licenses:
-- sources: LICENSE
-  text: |-
-    Copyright Brian White. All rights reserved.
-
-    Permission is hereby granted, free of charge, to any person obtaining a copy
-    of this software and associated documentation files (the "Software"), to
-    deal in the Software without restriction, including without limitation the
-    rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
-    sell copies of the Software, and to permit persons to whom the Software is
-    furnished to do so, subject to the following conditions:
-
-    The above copyright notice and this permission notice shall be included in
-    all copies or substantial portions of the Software.
-
-    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
-    FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
-    IN THE SOFTWARE.
-notices: []

.licenses/npm/semver-6.3.1.dep.yml

@@ -1,26 +0,0 @@
----
-name: semver
-version: 6.3.1
-type: npm
-summary: The semantic version parser used by npm.
-homepage:
-license: isc
-licenses:
-- sources: LICENSE
-  text: |
-    The ISC License
-
-    Copyright (c) Isaac Z. Schlueter and Contributors
-
-    Permission to use, copy, modify, and/or distribute this software for any
-    purpose with or without fee is hereby granted, provided that the above
-    copyright notice and this permission notice appear in all copies.
-
-    THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-    WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-    MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-    ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
-    IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-notices: []

.licenses/npm/semver-7.7.2.dep.yml

@@ -1,26 +0,0 @@
----
-name: semver
-version: 7.7.2
-type: npm
-summary: The semantic version parser used by npm.
-homepage:
-license: isc
-licenses:
-- sources: LICENSE
-  text: |
-    The ISC License
-
-    Copyright (c) Isaac Z. Schlueter and Contributors
-
-    Permission to use, copy, modify, and/or distribute this software for any
-    purpose with or without fee is hereby granted, provided that the above
-    copyright notice and this permission notice appear in all copies.
-
-    THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-    WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-    MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-    ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-    WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-    ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
-    IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-notices: []

.licenses/npm/semver.dep.yml

@@ -0,0 +1,26 @@
+---
+name: semver
+version: 7.7.4
+type: npm
+summary: The semantic version parser used by npm.
+homepage:
+license: isc
+licenses:
+  - sources: LICENSE
+    text: |
+      The ISC License
+
+      Copyright (c) Isaac Z. Schlueter and Contributors
+
+      Permission to use, copy, modify, and/or distribute this software for any
+      purpose with or without fee is hereby granted, provided that the above
+      copyright notice and this permission notice appear in all copies.
+
+      THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+      WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+      MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+      ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+      WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+      ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
+      IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+notices: []

.licenses/npm/undici.dep.yml

@@ -1,6 +1,6 @@
 ---
 name: undici
-version: 5.29.0
+version: 6.24.1
 type: npm
 summary: An HTTP/1.1 client, written from scratch for Node.js
 homepage: https://undici.nodejs.org

.markdown-lint.yml

@@ -1,24 +0,0 @@
-# See: https://github.com/DavidAnson/markdownlint
-
-# Unordered list style
-MD004:
-  style: dash
-
-# Disable line length for tables
-MD013:
-  tables: false
-
-# Ordered list item prefix
-MD029:
-  style: one
-
-# Spaces after list markers
-MD030:
-  ul_single: 1
-  ol_single: 1
-  ul_multi: 1
-  ol_multi: 1
-
-# Code block style
-MD046:
-  style: fenced

.node-version

@@ -1 +0,0 @@
-20.19.4

.prettierignore

@@ -1,5 +0,0 @@
-.DS_Store
-.licenses/
-dist/
-node_modules/
-coverage/

.prettierrc.yml

@@ -1,16 +0,0 @@
-# See: https://prettier.io/docs/en/configuration
-
-printWidth: 80
-tabWidth: 2
-useTabs: false
-semi: false
-singleQuote: true
-quoteProps: as-needed
-jsxSingleQuote: false
-trailingComma: none
-bracketSpacing: true
-bracketSameLine: true
-arrowParens: always
-proseWrap: always
-htmlWhitespaceSensitivity: css
-endOfLine: lf

.yaml-lint.yml

@@ -1,14 +0,0 @@
-# See: https://yamllint.readthedocs.io/en/stable/
-
-rules:
-  document-end: disable
-  document-start:
-    level: warning
-    present: false
-  line-length:
-    level: warning
-    max: 80
-    allow-non-breakable-words: true
-    allow-non-breakable-inline-mappings: true
-ignore:
-  - .licenses/

CODEOWNERS

@@ -1 +0,0 @@
-* @sweatybridge

README.md

@@ -1,13 +1,12 @@
 # :gear: Supabase CLI Action
 
-[![CI](https://github.com/supabase/setup-cli/actions/workflows/start.yml/badge.svg)](https://github.com/supabase/setup-cli/actions/workflows/start.yml)
-[![Linter](https://github.com/supabase/setup-cli/actions/workflows/linter.yml/badge.svg)](https://github.com/supabase/setup-cli/actions/workflows/linter.yml)
+[![CI](https://github.com/supabase/setup-cli/actions/workflows/ci.yml/badge.svg)](https://github.com/supabase/setup-cli/actions/workflows/ci.yml)
+[![E2E](https://github.com/supabase/setup-cli/actions/workflows/e2e.yml/badge.svg)](https://github.com/supabase/setup-cli/actions/workflows/e2e.yml)
 [![CodeQL](https://github.com/supabase/setup-cli/actions/workflows/codeql-analysis.yml/badge.svg)](https://github.com/supabase/setup-cli/actions/workflows/codeql-analysis.yml)
-[![Coverage](./badges/coverage.svg)](https://github.com/supabase/setup-cli/actions/workflows/test.yml)
 
 ## About
 
-This action sets up the Supabase CLI,
+This composite action sets up the Supabase CLI,
 [`supabase`](https://github.com/supabase/cli), on GitHub's hosted Actions
 runners. Other CI runners like
 [Bitbucket](https://bitbucket.org/supabase-cli/setup-cli/src/master/bitbucket-pipelines.yml)
@@ -25,23 +24,27 @@ Setup the `supabase` CLI:
 
 ```yaml
 steps:
-  - uses: supabase/setup-cli@v1
+  - uses: supabase/setup-cli@v2
 ```
 
+If `version` is omitted, the action checks the repository root for `bun.lock`,
+`pnpm-lock.yaml`, or `package-lock.json` and uses the declared `supabase`
+version. If no supported lockfile is present, it falls back to `latest`.
+
 A specific version of the `supabase` CLI can be installed:
 
 ```yaml
 steps:
-  - uses: supabase/setup-cli@v1
+  - uses: supabase/setup-cli@v2
     with:
-      version: 2.20.3
+      version: 2.84.2
 ```
 
 Run `supabase db start` to execute all migrations on a fresh database:
 
 ```yaml
 steps:
-  - uses: supabase/setup-cli@v1
+  - uses: supabase/setup-cli@v2
     with:
       version: latest
   - run: supabase init
@@ -53,11 +56,11 @@ on Windows and macOS runners.
 
 ## Inputs
 
-The actions supports the following inputs:
+The action supports the following inputs:
 
 | Name      | Type   | Description                        | Default                           | Required |
-| --------- | ------ | ---------------------------------- | -------- | -------- |
-| `version` | String | Supabase CLI version (or `latest`) | `2.20.3` | false    |
+| --------- | ------ | ---------------------------------- | --------------------------------- | -------- |
+| `version` | String | Supabase CLI version (or `latest`) | Root lockfile version or `latest` | false    |
 
 ## Advanced Usage
 
@@ -65,7 +68,7 @@ Check generated TypeScript types are up-to-date with Postgres schema:
 
 ```yaml
 steps:
-  - uses: supabase/setup-cli@v1
+  - uses: supabase/setup-cli@v2
   - run: supabase init
   - run: supabase db start
   - name: Verify generated types match Postgres schema
@@ -88,58 +91,61 @@ env:
   PROJECT_ID: <project-id>
 
 steps:
-   - uses: supabase/setup-cli@v1
+  - uses: supabase/setup-cli@v2
   - run: supabase link --project-ref $PROJECT_ID
   - run: supabase db push
 ```
 
+Export local Supabase env vars for app tests:
+
+```yaml
+steps:
+  - uses: supabase/setup-cli@v2
+  - run: supabase init
+  - run: supabase start
+  - name: Export local Supabase env vars
+    run: |
+      # Customize the variable names as needed for your app.
+      supabase status -o env \
+        --override-name api.url=SUPABASE_URL \
+        --override-name auth.service_role_key=SUPABASE_SERVICE_ROLE_KEY \
+        >> .env.test
+  - run: bun test
+```
+
 ## Develop
 
 After you've cloned the repository to your local machine or codespace, you'll
-need to perform some initial setup steps before you can develop your action.
+need to perform a few setup steps before you can work on the action.
 
 > [!NOTE]
 >
-> You'll need to have a reasonably modern version of
-> [Node.js](https://nodejs.org) handy (20.x or later should work!). If you are
-> using a version manager like [`nodenv`](https://github.com/nodenv/nodenv) or
-> [`fnm`](https://github.com/Schniz/fnm), this template has a `.node-version`
-> file at the root of the repository that can be used to automatically switch to
-> the correct version when you `cd` into the repository. Additionally, this
-> `.node-version` file is used by GitHub Actions in any `actions/setup-node`
-> actions.
+> You'll need a recent version of [Bun](https://bun.sh) for local development.
+> This repository includes a `.bun-version` file for tools that can auto-switch
+> Bun versions.
 
 1. :hammer_and_wrench: Install the dependencies
 
    ```bash
-   npm ci
-   ```
-
-1. :building_construction: Package the TypeScript for distribution
-
-   ```bash
-   npm run bundle
+   bun install
    ```
 
 1. :white_check_mark: Run the tests
 
    ```bash
-   $ npm test
-
-   PASS  ./index.test.js
-     ✓ gets download url to binary (3 ms)
-     ✓ runs main action (891 ms)
-
-   ...
+   bun test
    ```
 
-## Publish to a distribution branch
+1. :mag: Run the full local CI suite
 
-Actions are run from this GitHub repository so we will checkin the packed `dist`
-folder.
+   ```bash
+   bun run ci
+   ```
+
+## Publish
 
 1. Create a new GitHub release
-2. Rebase `v1` branch on `main`
+2. Rebase `v2` branch on `main`
 
 Your action is now published! :rocket:
 
@@ -148,14 +154,17 @@ See the
 
 ## Validate
 
-You can now validate the action by referencing `./` in a workflow in your
-repository (see [test.yml](.github/workflows/test.yml))
+Validate changes by exercising the action from a workflow in this repository
+(see [ci.yml](.github/workflows/ci.yml) and [e2e.yml](.github/workflows/e2e.yml)).
 
 ```yaml
-uses: ./
+steps:
+  - uses: ./
     with:
       version: latest
 ```
 
-See the [actions tab](https://github.com/supabase/setup-cli/actions) for runs of
-this action! :rocket:
+The CI workflow provides fast smoke coverage across GitHub-hosted runners, and
+the E2E workflow verifies `supabase init` and `supabase start` against supported
+Postgres versions. See the [actions tab](https://github.com/supabase/setup-cli/actions)
+for recent runs.

__tests__/main.test.ts

@@ -1,61 +0,0 @@
-import { getDownloadUrl } from '../src/utils'
-import { CLI_CONFIG_REGISTRY } from '../src/main'
-import * as os from 'os'
-import * as process from 'process'
-import * as cp from 'child_process'
-import * as path from 'path'
-import * as fs from 'fs'
-import * as yaml from 'js-yaml'
-import * as url from 'url'
-import { expect, test } from '@jest/globals'
-
-test('gets download url to binary', async () => {
-  const url = await getDownloadUrl('1.28.0')
-  expect(
-    url.startsWith(
-      'https://github.com/supabase/cli/releases/download/v1.28.0/supabase_'
-    )
-  ).toBeTruthy()
-  expect(url.endsWith('.tar.gz')).toBeTruthy()
-  expect(url).not.toContain('_1.28.0_')
-})
-
-test('gets legacy download url to binary', async () => {
-  const url = await getDownloadUrl('0.1.0')
-  expect(
-    url.startsWith(
-      `https://github.com/supabase/cli/releases/download/v0.1.0/supabase_0.1.0_`
-    )
-  ).toBeTruthy()
-  expect(url.endsWith('.tar.gz')).toBeTruthy()
-})
-
-test('gets download url to latest version', async () => {
-  const url = await getDownloadUrl('latest')
-  expect(url).toMatch(
-    'https://github.com/supabase/cli/releases/latest/download/'
-  )
-})
-
-// shows how the runner will run a javascript action with env / stdout protocol
-test('runs main action', () => {
-  const { env, execPath } = process
-  const repo = path.dirname(path.dirname(url.fileURLToPath(import.meta.url)))
-  const config = path.join(repo, 'action.yml')
-  const action = yaml.load(fs.readFileSync(config, 'utf8')) as {
-    inputs: { version: { default: string } }
-  }
-  const ip = path.join(repo, 'dist', 'index.js')
-  const stdout = cp
-    .execFileSync(execPath, [ip], {
-      env: {
-        ...env,
-        RUNNER_TEMP: os.tmpdir(),
-        INPUT_VERSION: action.inputs.version.default
-      }
-    })
-    .toString()
-  expect
-    .stringContaining(`::set-env name=${CLI_CONFIG_REGISTRY}::`)
-    .asymmetricMatch(stdout)
-})

action.yml

@@ -3,12 +3,29 @@ description: Setup Supabase CLI, supabase, on GitHub Actions runners
 author: Supabase
 inputs:
   version:
-    description: Version of Supabase CLI to install
+    description: Version of Supabase CLI to install. If omitted, detect from the root lockfile and otherwise use latest.
     required: false
-    default: 2.20.3
 outputs:
   version:
     description: Version of installed Supabase CLI
+    value: ${{ steps.setup-cli.outputs.version }}
 runs:
-  using: node20
-  main: dist/index.js
+  using: composite
+  steps:
+    - name: Setup Bun
+      uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2.2.0
+      with:
+        bun-version-file: ${{ github.action_path }}/.bun-version
+
+    - name: Install Action Dependencies
+      shell: bash
+      working-directory: ${{ github.action_path }}
+      run: bun install --frozen-lockfile --production
+
+    - id: setup-cli
+      name: Setup Supabase CLI
+      shell: bash
+      working-directory: ${{ github.action_path }}
+      env:
+        INPUT_VERSION: ${{ inputs.version }}
+      run: bun src/main.ts

badges/coverage.svg

@@ -1 +0,0 @@
-<svg xmlns="http://www.w3.org/2000/svg" width="116" height="20" role="img" aria-label="Coverage: 51.42%"><title>Coverage: 51.42%</title><linearGradient id="s" x2="0" y2="100%"><stop offset="0" stop-color="#bbb" stop-opacity=".1"/><stop offset="1" stop-opacity=".1"/></linearGradient><clipPath id="r"><rect width="116" height="20" rx="3" fill="#fff"/></clipPath><g clip-path="url(#r)"><rect width="63" height="20" fill="#555"/><rect x="63" width="53" height="20" fill="#e05d44"/><rect width="116" height="20" fill="url(#s)"/></g><g fill="#fff" text-anchor="middle" font-family="Verdana,Geneva,DejaVu Sans,sans-serif" text-rendering="geometricPrecision" font-size="110"><text aria-hidden="true" x="325" y="150" fill="#010101" fill-opacity=".3" transform="scale(.1)" textLength="530">Coverage</text><text x="325" y="140" transform="scale(.1)" fill="#fff" textLength="530">Coverage</text><text aria-hidden="true" x="885" y="150" fill="#010101" fill-opacity=".3" transform="scale(.1)" textLength="430">51.42%</text><text x="885" y="140" transform="scale(.1)" fill="#fff" textLength="430">51.42%</text></g></svg>

bun.lock

@@ -0,0 +1,162 @@
+{
+  "lockfileVersion": 1,
+  "configVersion": 1,
+  "workspaces": {
+    "": {
+      "name": "setup-cli",
+      "dependencies": {
+        "@actions/core": "^3.0.1",
+        "@actions/tool-cache": "^4.0.0",
+      },
+      "devDependencies": {
+        "@tsconfig/bun": "^1.0.10",
+        "@types/bun": "^1.3.13",
+        "@typescript/native-preview": "^7.0.0-dev.20260410.1",
+        "oxfmt": "^0.46.0",
+        "oxlint": "^1.61.0",
+        "oxlint-tsgolint": "^0.21.1",
+      },
+    },
+  },
+  "packages": {
+    "@actions/core": ["@actions/core@3.0.1", "", { "dependencies": { "@actions/exec": "^3.0.0", "@actions/http-client": "^4.0.0" } }, "sha512-a6d/Nwahm9fliVGRhdhofo40HjHQasUPusmc7vBfyky+7Z+P2A1J68zyFVaNcEclc/Se+eO595oAr5nwEIoIUA=="],
+
+    "@actions/exec": ["@actions/exec@3.0.0", "", { "dependencies": { "@actions/io": "^3.0.2" } }, "sha512-6xH/puSoNBXb72VPlZVm7vQ+svQpFyA96qdDBvhB8eNZOE8LtPf9L4oAsfzK/crCL8YZ+19fKYVnM63Sl+Xzlw=="],
+
+    "@actions/http-client": ["@actions/http-client@4.0.0", "", { "dependencies": { "tunnel": "^0.0.6", "undici": "^6.23.0" } }, "sha512-QuwPsgVMsD6qaPD57GLZi9sqzAZCtiJT8kVBCDpLtxhL5MydQ4gS+DrejtZZPdIYyB1e95uCK9Luyds7ybHI3g=="],
+
+    "@actions/io": ["@actions/io@3.0.2", "", {}, "sha512-nRBchcMM+QK1pdjO7/idu86rbJI5YHUKCvKs0KxnSYbVe3F51UfGxuZX4Qy/fWlp6l7gWFwIkrOzN+oUK03kfw=="],
+
+    "@actions/tool-cache": ["@actions/tool-cache@4.0.0", "", { "dependencies": { "@actions/core": "^3.0.0", "@actions/exec": "^3.0.0", "@actions/http-client": "^4.0.0", "@actions/io": "^3.0.0", "semver": "^7.7.3" } }, "sha512-L8P9HbXvpvqjZDveb/fdsa55IVC0trfPgQ4ZwGo6r5af6YDVdM9vMGPZ7rgY2fAT9gGj4PSYd6bYlg3p3jD78A=="],
+
+    "@oxfmt/binding-android-arm-eabi": ["@oxfmt/binding-android-arm-eabi@0.46.0", "", { "os": "android", "cpu": "arm" }, "sha512-b1doV4WRcJU+BESSlCvCjV+5CEr/T6h0frArAdV26Nir+gGNFNaylvDiiMPfF1pxeV0txZEs38ojzJaxBYg+ng=="],
+
+    "@oxfmt/binding-android-arm64": ["@oxfmt/binding-android-arm64@0.46.0", "", { "os": "android", "cpu": "arm64" }, "sha512-v6+HhjsoV3GO0u2u9jLSAZrvWfTraDxKofUIQ7/ktS7tzS+epVsxdHmeM+XxuNcAY/nWxxU1Sg4JcGTNRXraBA=="],
+
+    "@oxfmt/binding-darwin-arm64": ["@oxfmt/binding-darwin-arm64@0.46.0", "", { "os": "darwin", "cpu": "arm64" }, "sha512-3eeooJGrqGIlI5MyryDZsAcKXSmKIgAD4yYtfRrRJzXZ0UTFZtiSveIur56YPrGMYZwT4XyVhHsMqrNwr1XeFA=="],
+
+    "@oxfmt/binding-darwin-x64": ["@oxfmt/binding-darwin-x64@0.46.0", "", { "os": "darwin", "cpu": "x64" }, "sha512-QG8BDM0CXWbu84k2SKmCqfEddPQPFiBicwtYnLqHRWZZl57HbtOLRMac/KTq2NO4AEc4ICCBpFxJIV9zcqYfkQ=="],
+
+    "@oxfmt/binding-freebsd-x64": ["@oxfmt/binding-freebsd-x64@0.46.0", "", { "os": "freebsd", "cpu": "x64" }, "sha512-9DdCqS/n2ncu/Chazvt3cpgAjAmIGQDz7hFKSrNItMApyV/Ja9mz3hD4JakIE3nS8PW9smEbPWnb389QLBY4nw=="],
+
+    "@oxfmt/binding-linux-arm-gnueabihf": ["@oxfmt/binding-linux-arm-gnueabihf@0.46.0", "", { "os": "linux", "cpu": "arm" }, "sha512-Dgs7VeE2jT0LHMhw6tPEt0xQYe54kBqHEovmWsv4FVQlegCOvlIJNx0S8n4vj8WUtpT+Z6BD2HhKJPLglLxvZg=="],
+
+    "@oxfmt/binding-linux-arm-musleabihf": ["@oxfmt/binding-linux-arm-musleabihf@0.46.0", "", { "os": "linux", "cpu": "arm" }, "sha512-Zxn3adhTH13JKnU4xXJj8FeEfF680XjXh3gSShKl57HCMBRde2tUJTgogV/1MSHA80PJEVrDa7r66TLVq3Ia7Q=="],
+
+    "@oxfmt/binding-linux-arm64-gnu": ["@oxfmt/binding-linux-arm64-gnu@0.46.0", "", { "os": "linux", "cpu": "arm64" }, "sha512-+TWipjrgVM8D7aIdDD0tlr3teLTTvQTn7QTE5BpT10H1Fj82gfdn9X6nn2sDgx/MepuSCfSnzFNJq2paLL0OiA=="],
+
+    "@oxfmt/binding-linux-arm64-musl": ["@oxfmt/binding-linux-arm64-musl@0.46.0", "", { "os": "linux", "cpu": "arm64" }, "sha512-aAUPBWJ1lGwwnxZUEDLJ94+Iy6MuwJwPxUgO4sCA5mEEyDk7b+cDQ+JpX1VR150Zoyd+D49gsrUzpUK5h587Eg=="],
+
+    "@oxfmt/binding-linux-ppc64-gnu": ["@oxfmt/binding-linux-ppc64-gnu@0.46.0", "", { "os": "linux", "cpu": "ppc64" }, "sha512-ufBCJukyFX/UDrokP/r6BGDoTInnsDs7bxyzKAgMiZlt2Qu8GPJSJ6Zm6whIiJzKk0naxA8ilwmbO1LMw6Htxw=="],
+
+    "@oxfmt/binding-linux-riscv64-gnu": ["@oxfmt/binding-linux-riscv64-gnu@0.46.0", "", { "os": "linux", "cpu": "none" }, "sha512-eqtlC2YmPqjun76R1gVfGLuKWx7NuEnLEAudZ7n6ipSKbCZTqIKSs1b5Y8K/JHZsRpLkeSmAAjig5HOIg8fQzQ=="],
+
+    "@oxfmt/binding-linux-riscv64-musl": ["@oxfmt/binding-linux-riscv64-musl@0.46.0", "", { "os": "linux", "cpu": "none" }, "sha512-yccVOO2nMXkQLGgy0He3EQEwKD7NF0zEk+/OWmroznkqXyJdN6bfK0LtNnr6/14Bh3FjpYq7bP33l/VloCnxpA=="],
+
+    "@oxfmt/binding-linux-s390x-gnu": ["@oxfmt/binding-linux-s390x-gnu@0.46.0", "", { "os": "linux", "cpu": "s390x" }, "sha512-aAf7fG23OQCey6VRPj9IeCraoYtpgtx0ZyJ1CXkPyT1wjzBE7c3xtuxHe/AdHaJfVVb/SXpSk8Gl1LzyQupSqw=="],
+
+    "@oxfmt/binding-linux-x64-gnu": ["@oxfmt/binding-linux-x64-gnu@0.46.0", "", { "os": "linux", "cpu": "x64" }, "sha512-q0JPsTMyJNjYrBvYFDz4WbVsafNZaPCZv4RnFypRotLqpKROtBZcEaXQW4eb9YmvLU3NckVemLJnzkSZSdmOxw=="],
+
+    "@oxfmt/binding-linux-x64-musl": ["@oxfmt/binding-linux-x64-musl@0.46.0", "", { "os": "linux", "cpu": "x64" }, "sha512-7LsLY9Cw57GPkhSR+duI3mt9baRczK/DtHYSldQ4BEU92da9igBQNl4z7Vq5U9NNPsh1FmpKvv1q9WDtiUQR1A=="],
+
+    "@oxfmt/binding-openharmony-arm64": ["@oxfmt/binding-openharmony-arm64@0.46.0", "", { "os": "none", "cpu": "arm64" }, "sha512-lHiBOz8Duaku7JtRNLlps3j++eOaICPZSd8FCVmTDM4DFOPT71Bjn7g6iar1z7StXlKRweUKxWUs4sA+zWGDXg=="],
+
+    "@oxfmt/binding-win32-arm64-msvc": ["@oxfmt/binding-win32-arm64-msvc@0.46.0", "", { "os": "win32", "cpu": "arm64" }, "sha512-/5ktYUliP89RhgC37DBH1x20U5zPSZMy3cMEcO0j3793rbHP9MWsknBwQB6eozRzWmYrh0IFM/p20EbPvDlYlg=="],
+
+    "@oxfmt/binding-win32-ia32-msvc": ["@oxfmt/binding-win32-ia32-msvc@0.46.0", "", { "os": "win32", "cpu": "ia32" }, "sha512-3WTnoiuIr8XvV0DIY7SN+1uJSwKf4sPpcbHfobcRT9JutGcLaef/miyBB87jxd3aqH+mS0+G5lsgHuXLUwjjpQ=="],
+
+    "@oxfmt/binding-win32-x64-msvc": ["@oxfmt/binding-win32-x64-msvc@0.46.0", "", { "os": "win32", "cpu": "x64" }, "sha512-IXxiQpkYnOwNfP23vzwSfhdpxJzyiPTY7eTn6dn3DsriKddESzM8i6kfq9R7CD/PUJwCvQT22NgtygBeug3KoA=="],
+
+    "@oxlint-tsgolint/darwin-arm64": ["@oxlint-tsgolint/darwin-arm64@0.21.1", "", { "os": "darwin", "cpu": "arm64" }, "sha512-7TLjyWe4wG9saJc992VWmaHq2hwKfOEEVTjheReXJXaDhavMZI4X9a6nKhbEng4IVkYtzjD2jw16vw2WFXLYLw=="],
+
+    "@oxlint-tsgolint/darwin-x64": ["@oxlint-tsgolint/darwin-x64@0.21.1", "", { "os": "darwin", "cpu": "x64" }, "sha512-7wf9Wf75nTzA7zpL9myhFe2RKvfuqGUOADNvUooCjEWvh7hmPz3lSEqTMh5Z/VQhzsG04mM9ACyghxhRzq7zFw=="],
+
+    "@oxlint-tsgolint/linux-arm64": ["@oxlint-tsgolint/linux-arm64@0.21.1", "", { "os": "linux", "cpu": "arm64" }, "sha512-IPuQN/Vd0Rjklg/cCGBbQyUuRBp2f6LQXpZYwk5ivOR6V/+CgiYsv8pn/PVY7gjeyoNvPQrXB7xMjHUO2YZbdw=="],
+
+    "@oxlint-tsgolint/linux-x64": ["@oxlint-tsgolint/linux-x64@0.21.1", "", { "os": "linux", "cpu": "x64" }, "sha512-d1niGuTbh2qiv7dR7tqkbOcM5cIR63of0lMBFdEQavL1KrJV8zuRdwdi68K7MNGdgoR+J5A9ajpGGvsHwp1bPg=="],
+
+    "@oxlint-tsgolint/win32-arm64": ["@oxlint-tsgolint/win32-arm64@0.21.1", "", { "os": "win32", "cpu": "arm64" }, "sha512-ICu9y2JLnFPvFqstnWPPNqBM8LK8BWw2OTeaR0UgEMm4hOSbrZAKv1/hwZYyiLqnCNjBL87AGSQIgTHCYlsipw=="],
+
+    "@oxlint-tsgolint/win32-x64": ["@oxlint-tsgolint/win32-x64@0.21.1", "", { "os": "win32", "cpu": "x64" }, "sha512-cTEFCFjCj6iXfrSHcvajSPNqhEA4TxSzU3gFxbdGSAUTNXGToU99IbdhWAPSbhcucoym0XE4Zl7E41NiSkNTug=="],
+
+    "@oxlint/binding-android-arm-eabi": ["@oxlint/binding-android-arm-eabi@1.61.0", "", { "os": "android", "cpu": "arm" }, "sha512-6eZBPgiigK5txqoVgRqxbaxiom4lM8AP8CyKPPvpzKnQ3iFRFOIDc+0AapF+qsUSwjOzr5SGk4SxQDpQhkSJMQ=="],
+
+    "@oxlint/binding-android-arm64": ["@oxlint/binding-android-arm64@1.61.0", "", { "os": "android", "cpu": "arm64" }, "sha512-CkwLR69MUnyv5wjzebvbbtTSUwqLxM35CXE79bHqDIK+NtKmPEUpStTcLQRZMCo4MP0qRT6TXIQVpK0ZVScnMA=="],
+
+    "@oxlint/binding-darwin-arm64": ["@oxlint/binding-darwin-arm64@1.61.0", "", { "os": "darwin", "cpu": "arm64" }, "sha512-8JbefTkbmvqkqWjmQrHke+MdpgT2UghhD/ktM4FOQSpGeCgbMToJEKdl9zwhr/YWTl92i4QI1KiTwVExpcUN8A=="],
+
+    "@oxlint/binding-darwin-x64": ["@oxlint/binding-darwin-x64@1.61.0", "", { "os": "darwin", "cpu": "x64" }, "sha512-uWpoxDT47hTnDLcdEh5jVbso8rlTTu5o0zuqa9J8E0JAKmIWn7kGFEIB03Pycn2hd2vKxybPGLhjURy/9We5FQ=="],
+
+    "@oxlint/binding-freebsd-x64": ["@oxlint/binding-freebsd-x64@1.61.0", "", { "os": "freebsd", "cpu": "x64" }, "sha512-K/o4hEyW7flfMel0iBVznmMBt7VIMHGdjADocHKpK1DUF9erpWnJ+BSSWd2W0c8K3mPtpph+CuHzRU6CI3l9jQ=="],
+
+    "@oxlint/binding-linux-arm-gnueabihf": ["@oxlint/binding-linux-arm-gnueabihf@1.61.0", "", { "os": "linux", "cpu": "arm" }, "sha512-P6040ZkcyweJ0Po9yEFqJCdvZnf3VNCGs1SIHgXDf8AAQNC6ID/heXQs9iSgo2FH7gKaKq32VWc59XZwL34C5Q=="],
+
+    "@oxlint/binding-linux-arm-musleabihf": ["@oxlint/binding-linux-arm-musleabihf@1.61.0", "", { "os": "linux", "cpu": "arm" }, "sha512-bwxrGCzTZkuB+THv2TQ1aTkVEfv5oz8sl+0XZZCpoYzErJD8OhPQOTA0ENPd1zJz8QsVdSzSrS2umKtPq4/JXg=="],
+
+    "@oxlint/binding-linux-arm64-gnu": ["@oxlint/binding-linux-arm64-gnu@1.61.0", "", { "os": "linux", "cpu": "arm64" }, "sha512-vkhb9/wKguMkLlrm3FoJW/Xmdv31GgYAE+x8lxxQ+7HeOxXUySI0q36a3NTVIuQUdLzxCI1zzMGsk1o37FOe3w=="],
+
+    "@oxlint/binding-linux-arm64-musl": ["@oxlint/binding-linux-arm64-musl@1.61.0", "", { "os": "linux", "cpu": "arm64" }, "sha512-bl1dQh8LnVqsj6oOQAcxwbuOmNJkwc4p6o//HTBZhNTzJy21TLDwAviMqUFNUxDHkPGpmdKTSN4tWTjLryP8xg=="],
+
+    "@oxlint/binding-linux-ppc64-gnu": ["@oxlint/binding-linux-ppc64-gnu@1.61.0", "", { "os": "linux", "cpu": "ppc64" }, "sha512-QoOX6KB2IiEpyOj/HKqaxi+NQHPnOgNgnr22n9N4ANJCzXkUlj1UmeAbFb4PpqdlHIzvGDM5xZ0OKtcLq9RhiQ=="],
+
+    "@oxlint/binding-linux-riscv64-gnu": ["@oxlint/binding-linux-riscv64-gnu@1.61.0", "", { "os": "linux", "cpu": "none" }, "sha512-1TGcTerjY6p152wCof3oKElccq3xHljS/Mucp04gV/4ATpP6nO7YNnp7opEg6SHkv2a57/b4b8Ndm9znJ1/qAw=="],
+
+    "@oxlint/binding-linux-riscv64-musl": ["@oxlint/binding-linux-riscv64-musl@1.61.0", "", { "os": "linux", "cpu": "none" }, "sha512-65wXEmZIrX2ADwC8i/qFL4EWLSbeuBpAm3suuX1vu4IQkKd+wLT/HU/BOl84kp91u2SxPkPDyQgu4yrqp8vwVA=="],
+
+    "@oxlint/binding-linux-s390x-gnu": ["@oxlint/binding-linux-s390x-gnu@1.61.0", "", { "os": "linux", "cpu": "s390x" }, "sha512-TVvhgMvor7Qa6COeXxCJ7ENOM+lcAOGsQ0iUdPSCv2hxb9qSHLQ4XF1h50S6RE1gBOJ0WV3rNukg4JJJP1LWRA=="],
+
+    "@oxlint/binding-linux-x64-gnu": ["@oxlint/binding-linux-x64-gnu@1.61.0", "", { "os": "linux", "cpu": "x64" }, "sha512-SjpS5uYuFoDnDdZPwZE59ndF95AsY47R5MliuneTWR1pDm2CxGJaYXbKULI71t5TVfLQUWmrHEGRL9xvuq6dnA=="],
+
+    "@oxlint/binding-linux-x64-musl": ["@oxlint/binding-linux-x64-musl@1.61.0", "", { "os": "linux", "cpu": "x64" }, "sha512-gGfAeGD4sNJGILZbc/yKcIimO9wQnPMoYp9swAaKeEtwsSQAbU+rsdQze5SBtIP6j0QDzeYd4XSSUCRCF+LIeQ=="],
+
+    "@oxlint/binding-openharmony-arm64": ["@oxlint/binding-openharmony-arm64@1.61.0", "", { "os": "none", "cpu": "arm64" }, "sha512-OlVT0LrG/ct33EVtWRyR+B/othwmDWeRxfi13wUdPeb3lAT5TgTcFDcfLfarZtzB4W1nWF/zICMgYdkggX2WmQ=="],
+
+    "@oxlint/binding-win32-arm64-msvc": ["@oxlint/binding-win32-arm64-msvc@1.61.0", "", { "os": "win32", "cpu": "arm64" }, "sha512-vI//NZPJk6DToiovPtaiwD4iQ7kO1r5ReWQD0sOOyKRtP3E2f6jxin4uvwi3OvDzHA2EFfd7DcZl5dtkQh7g1w=="],
+
+    "@oxlint/binding-win32-ia32-msvc": ["@oxlint/binding-win32-ia32-msvc@1.61.0", "", { "os": "win32", "cpu": "ia32" }, "sha512-0ySj4/4zd2XjePs3XAQq7IigIstN4LPQZgCyigX5/ERMLjdWAJfnxcTsrtxZxuij8guJW8foXuHmhGxW0H4dDA=="],
+
+    "@oxlint/binding-win32-x64-msvc": ["@oxlint/binding-win32-x64-msvc@1.61.0", "", { "os": "win32", "cpu": "x64" }, "sha512-0xgSiyeqDLDZxXoe9CVJrOx3TUVsfyoOY7cNi03JbItNcC9WCZqrSNdrAbHONxhSPaVh/lzfnDcON1RqSUMhHw=="],
+
+    "@tsconfig/bun": ["@tsconfig/bun@1.0.10", "", {}, "sha512-5AV5YknQjNyoYzZ/8NG0dawqew/wH+x7ANiCfCIn29qo0cdbd1EryvFD1k5NSZWLBMOI/fGqMIaxi58GPIP9Cg=="],
+
+    "@types/bun": ["@types/bun@1.3.13", "", { "dependencies": { "bun-types": "1.3.13" } }, "sha512-9fqXWk5YIHGGnUau9TEi+qdlTYDAnOj+xLCmSTwXfAIqXr2x4tytJb43E9uCvt09zJURKXwAtkoH4nLQfzeTXw=="],
+
+    "@types/node": ["@types/node@20.19.37", "", { "dependencies": { "undici-types": "~6.21.0" } }, "sha512-8kzdPJ3FsNsVIurqBs7oodNnCEVbni9yUEkaHbgptDACOPW04jimGagZ51E6+lXUwJjgnBw+hyko/lkFWCldqw=="],
+
+    "@typescript/native-preview": ["@typescript/native-preview@7.0.0-dev.20260410.1", "", { "optionalDependencies": { "@typescript/native-preview-darwin-arm64": "7.0.0-dev.20260410.1", "@typescript/native-preview-darwin-x64": "7.0.0-dev.20260410.1", "@typescript/native-preview-linux-arm": "7.0.0-dev.20260410.1", "@typescript/native-preview-linux-arm64": "7.0.0-dev.20260410.1", "@typescript/native-preview-linux-x64": "7.0.0-dev.20260410.1", "@typescript/native-preview-win32-arm64": "7.0.0-dev.20260410.1", "@typescript/native-preview-win32-x64": "7.0.0-dev.20260410.1" }, "bin": { "tsgo": "bin/tsgo.js" } }, "sha512-K3TIwBw4XGQM33wW8KUqRU7r6ZY1IqB8chk1u1kT+CDj4iu+eQ6jCXgU7EDxmpJ++gbNcIf8iBYgWgYNssrhZQ=="],
+
+    "@typescript/native-preview-darwin-arm64": ["@typescript/native-preview-darwin-arm64@7.0.0-dev.20260410.1", "", { "os": "darwin", "cpu": "arm64" }, "sha512-bpLYm6woXd8BECzV9AQvPqISVeohpekK1qwpRopvNIxydhRQ4fEjZsS7EtDYpqHAW4/u1uEv07P9/iS6TAL1fQ=="],
+
+    "@typescript/native-preview-darwin-x64": ["@typescript/native-preview-darwin-x64@7.0.0-dev.20260410.1", "", { "os": "darwin", "cpu": "x64" }, "sha512-V8bW8g5hgu+bAwGvTqF1kilkkoDgxhxi5egrdMUeWQkR+MIisoBQeaAupqMpLoSkqZsc/kKucM0zwBNC/KRU3Q=="],
+
+    "@typescript/native-preview-linux-arm": ["@typescript/native-preview-linux-arm@7.0.0-dev.20260410.1", "", { "os": "linux", "cpu": "arm" }, "sha512-NO6Ci65ADadOCr2ycTxOyCgC5kyk+Ryjl8k5c78mz9sKDxYqwEtryFFjLqitAG+rejtJbnUq897WRICjAOwslA=="],
+
+    "@typescript/native-preview-linux-arm64": ["@typescript/native-preview-linux-arm64@7.0.0-dev.20260410.1", "", { "os": "linux", "cpu": "arm64" }, "sha512-MOluRRAhv46s9ScFmePa0InMHmpZ/z0Evc11RrTKsg+bN8BR7sWoAtFq6IujEDK9WVP7YmEYtBRgEfMLuqVojw=="],
+
+    "@typescript/native-preview-linux-x64": ["@typescript/native-preview-linux-x64@7.0.0-dev.20260410.1", "", { "os": "linux", "cpu": "x64" }, "sha512-IofIUrMGjXmZKDEMaRgshzOne0EQZtx9vE/6URHfgmDnWLDKWzz9eQ2qWmvsFD2vOBbgc6GwVWEq6XTHMEfx2A=="],
+
+    "@typescript/native-preview-win32-arm64": ["@typescript/native-preview-win32-arm64@7.0.0-dev.20260410.1", "", { "os": "win32", "cpu": "arm64" }, "sha512-TXmE+wovQqRo+qAhaewB0MPB9esgayvSHr6vFlCpHykHqbDl3FUucuC4F8yU6zVOA3UqXTk4/GHeLsAvU7YEgQ=="],
+
+    "@typescript/native-preview-win32-x64": ["@typescript/native-preview-win32-x64@7.0.0-dev.20260410.1", "", { "os": "win32", "cpu": "x64" }, "sha512-dMFT4tdHBe2vVA2WPQMjorT+fzCURRtillevQzz8/bwCEz2uXSnpu4oLRLS5045ppGE0wCFELE+Hq5z2oRddDw=="],
+
+    "bun-types": ["bun-types@1.3.13", "", { "dependencies": { "@types/node": "*" } }, "sha512-QXKeHLlOLqQX9LgYaHJfzdBaV21T63HhFJnvuRCcjZiaUDpbs5ED1MgxbMra71CsryN/1dAoXuJJJwIv/2drVA=="],
+
+    "oxfmt": ["oxfmt@0.46.0", "", { "dependencies": { "tinypool": "2.1.0" }, "optionalDependencies": { "@oxfmt/binding-android-arm-eabi": "0.46.0", "@oxfmt/binding-android-arm64": "0.46.0", "@oxfmt/binding-darwin-arm64": "0.46.0", "@oxfmt/binding-darwin-x64": "0.46.0", "@oxfmt/binding-freebsd-x64": "0.46.0", "@oxfmt/binding-linux-arm-gnueabihf": "0.46.0", "@oxfmt/binding-linux-arm-musleabihf": "0.46.0", "@oxfmt/binding-linux-arm64-gnu": "0.46.0", "@oxfmt/binding-linux-arm64-musl": "0.46.0", "@oxfmt/binding-linux-ppc64-gnu": "0.46.0", "@oxfmt/binding-linux-riscv64-gnu": "0.46.0", "@oxfmt/binding-linux-riscv64-musl": "0.46.0", "@oxfmt/binding-linux-s390x-gnu": "0.46.0", "@oxfmt/binding-linux-x64-gnu": "0.46.0", "@oxfmt/binding-linux-x64-musl": "0.46.0", "@oxfmt/binding-openharmony-arm64": "0.46.0", "@oxfmt/binding-win32-arm64-msvc": "0.46.0", "@oxfmt/binding-win32-ia32-msvc": "0.46.0", "@oxfmt/binding-win32-x64-msvc": "0.46.0" }, "bin": { "oxfmt": "bin/oxfmt" } }, "sha512-CopwJOwPAjZ9p76fCvz+mSOJTw9/NY3cSksZK3VO/bUQ8UoEcketNgUuYS0UB3p+R9XnXe7wGGXUmyFxc7QxJA=="],
+
+    "oxlint": ["oxlint@1.61.0", "", { "optionalDependencies": { "@oxlint/binding-android-arm-eabi": "1.61.0", "@oxlint/binding-android-arm64": "1.61.0", "@oxlint/binding-darwin-arm64": "1.61.0", "@oxlint/binding-darwin-x64": "1.61.0", "@oxlint/binding-freebsd-x64": "1.61.0", "@oxlint/binding-linux-arm-gnueabihf": "1.61.0", "@oxlint/binding-linux-arm-musleabihf": "1.61.0", "@oxlint/binding-linux-arm64-gnu": "1.61.0", "@oxlint/binding-linux-arm64-musl": "1.61.0", "@oxlint/binding-linux-ppc64-gnu": "1.61.0", "@oxlint/binding-linux-riscv64-gnu": "1.61.0", "@oxlint/binding-linux-riscv64-musl": "1.61.0", "@oxlint/binding-linux-s390x-gnu": "1.61.0", "@oxlint/binding-linux-x64-gnu": "1.61.0", "@oxlint/binding-linux-x64-musl": "1.61.0", "@oxlint/binding-openharmony-arm64": "1.61.0", "@oxlint/binding-win32-arm64-msvc": "1.61.0", "@oxlint/binding-win32-ia32-msvc": "1.61.0", "@oxlint/binding-win32-x64-msvc": "1.61.0" }, "peerDependencies": { "oxlint-tsgolint": ">=0.18.0" }, "optionalPeers": ["oxlint-tsgolint"], "bin": { "oxlint": "bin/oxlint" } }, "sha512-ZC0ALuhDZ6ivOFG+sy0D0pEDN49EvsId98zVlmYdkcXHsEM14m/qTNUEsUpiFiCVbpIxYtVBmmLE87nsbUHohQ=="],
+
+    "oxlint-tsgolint": ["oxlint-tsgolint@0.21.1", "", { "optionalDependencies": { "@oxlint-tsgolint/darwin-arm64": "0.21.1", "@oxlint-tsgolint/darwin-x64": "0.21.1", "@oxlint-tsgolint/linux-arm64": "0.21.1", "@oxlint-tsgolint/linux-x64": "0.21.1", "@oxlint-tsgolint/win32-arm64": "0.21.1", "@oxlint-tsgolint/win32-x64": "0.21.1" }, "bin": { "tsgolint": "bin/tsgolint.js" } }, "sha512-O2hxiT14C2HJkwzBU6CQBFPoagSd/IcV+Tt3e3UUaXFwbW4BO5DSDPSSboc3UM5MIDY+MLyepvtQwBQafNxWdw=="],
+
+    "semver": ["semver@7.7.4", "", { "bin": { "semver": "bin/semver.js" } }, "sha512-vFKC2IEtQnVhpT78h1Yp8wzwrf8CM+MzKMHGJZfBtzhZNycRFnXsHk6E5TxIkkMsgNS7mdX3AGB7x2QM2di4lA=="],
+
+    "tinypool": ["tinypool@2.1.0", "", {}, "sha512-Pugqs6M0m7Lv1I7FtxN4aoyToKg1C4tu+/381vH35y8oENM/Ai7f7C4StcoK4/+BSw9ebcS8jRiVrORFKCALLw=="],
+
+    "tunnel": ["tunnel@0.0.6", "", {}, "sha512-1h/Lnq9yajKY2PEbBadPXj3VxsDDu844OnaAo52UVmIzIvwwtBPIuNvkjuzBlTWpfJyUbG3ez0KSBibQkj4ojg=="],
+
+    "undici": ["undici@6.24.1", "", {}, "sha512-sC+b0tB1whOCzbtlx20fx3WgCXwkW627p4EA9uM+/tNNPkSS+eSEld6pAs9nDv7WbY1UUljBMYPtu9BCOrCWKA=="],
+
+    "undici-types": ["undici-types@6.21.0", "", {}, "sha512-iwDZqg0QAGrg9Rav5H4n0M64c3mkR59cJ6wQp+7C4nI0gsmExaedaYLNO44eT4AtBBwjbTiGPMlt2Md0T9H9JQ=="],
+
+    "@actions/tool-cache/@actions/core": ["@actions/core@3.0.0", "", { "dependencies": { "@actions/exec": "^3.0.0", "@actions/http-client": "^4.0.0" } }, "sha512-zYt6cz+ivnTmiT/ksRVriMBOiuoUpDCJJlZ5KPl2/FRdvwU3f7MPh9qftvbkXJThragzUZieit2nyHUyw53Seg=="],
+  }
+}

docs/index.md

@@ -1,42 +1,43 @@
-# `supabase-github-action`
+# `supabase/setup-cli`
 
-The Supabase GitHub Action provides an easy way to use the Supabase CLI on
-GitHub's hosted Actions runners.
+The Supabase CLI Action provides an easy way to install the
+[Supabase CLI](https://github.com/supabase/cli) on GitHub Actions runners.
 
-The action can be run on `ubuntu-latest`, `windows-latest`, and `macos-latest`
-GitHub Actions runners, and will install and expose a specified version of the
-Supabase CLI on the runner environment.
+The action supports `ubuntu-latest`, `windows-latest`, and `macos-latest`, and
+adds the requested `supabase` version to `PATH` for the rest of the job.
 
-## Quick start
+If `version` is omitted, the action checks the repository root for `bun.lock`,
+`pnpm-lock.yaml`, or `package-lock.json` and otherwise falls back to `latest`.
 
-This example shows how you can use the Supabase GitHub Action to test your
-migrations on every Pull Request.
+## Quick Start
 
-Inside your repository, create a new file inside the `.github/workflows` folder
-called `test-migrations.yml`.
-
-Copy this snippet inside the file, and the action will run whenever a new PR is
-created:
+This example runs Supabase migrations on every pull request:
 
 ```yaml
-name: 'test-migrations'
+name: test-migrations
+
 on:
   pull_request:
 
 jobs:
-  build:
+  test-migrations:
     runs-on: ubuntu-latest
     steps:
-        - uses: supabase/setup-cli@v1
-            with:
-            version: latest
+      - uses: actions/checkout@v6
+      - uses: supabase/setup-cli@v2
       - run: supabase init
       - run: supabase db start
 ```
 
+To pin a specific CLI version:
+
+```yaml
+- uses: supabase/setup-cli@v2
+  with:
+    version: 2.84.2
+```
+
 ## Resources
 
-- **Source Code**:
-  <a href="https://github.com/supabase/supabase-github-action" target="_blank">github.com/supabase/supabase-github-action</a>
-- **CLI Documentation**:
-  <a href="https://supabase.com/docs/guides/cli" target="_blank">supabase.com/docs/guides/cli</a>
+- **Source Code**: <https://github.com/supabase/setup-cli>
+- **CLI Documentation**: <https://supabase.com/docs/guides/cli>

eslint.config.mjs

@@ -1,81 +0,0 @@
-// See: https://eslint.org/docs/latest/use/configure/configuration-files
-
-import { fixupPluginRules } from '@eslint/compat'
-import { FlatCompat } from '@eslint/eslintrc'
-import js from '@eslint/js'
-import typescriptEslint from '@typescript-eslint/eslint-plugin'
-import tsParser from '@typescript-eslint/parser'
-import _import from 'eslint-plugin-import'
-import jest from 'eslint-plugin-jest'
-import prettier from 'eslint-plugin-prettier'
-import globals from 'globals'
-import path from 'node:path'
-import { fileURLToPath } from 'node:url'
-
-const __filename = fileURLToPath(import.meta.url)
-const __dirname = path.dirname(__filename)
-const compat = new FlatCompat({
-  baseDirectory: __dirname,
-  recommendedConfig: js.configs.recommended,
-  allConfig: js.configs.all
-})
-
-export default [
-  {
-    ignores: ['**/coverage', '**/dist', '**/linter', '**/node_modules']
-  },
-  ...compat.extends(
-    'eslint:recommended',
-    'plugin:@typescript-eslint/eslint-recommended',
-    'plugin:@typescript-eslint/recommended',
-    'plugin:jest/recommended',
-    'plugin:prettier/recommended'
-  ),
-  {
-    plugins: {
-      import: fixupPluginRules(_import),
-      jest,
-      prettier,
-      '@typescript-eslint': typescriptEslint
-    },
-
-    languageOptions: {
-      globals: {
-        ...globals.node,
-        ...globals.jest,
-        Atomics: 'readonly',
-        SharedArrayBuffer: 'readonly'
-      },
-
-      parser: tsParser,
-      ecmaVersion: 2023,
-      sourceType: 'module',
-
-      parserOptions: {
-        project: ['tsconfig.eslint.json'],
-        tsconfigRootDir: '.'
-      }
-    },
-
-    settings: {
-      'import/resolver': {
-        typescript: {
-          alwaysTryTypes: true,
-          project: 'tsconfig.eslint.json'
-        }
-      }
-    },
-
-    rules: {
-      camelcase: 'off',
-      'eslint-comments/no-use': 'off',
-      'eslint-comments/no-unused-disable': 'off',
-      'i18n-text/no-en': 'off',
-      'import/no-namespace': 'off',
-      'no-console': 'off',
-      'no-shadow': 'off',
-      'no-unused-vars': 'off',
-      'prettier/prettier': 'error'
-    }
-  }
-]

jest.config.js

@@ -1,40 +0,0 @@
-// See: https://jestjs.io/docs/configuration
-
-/** @type {import('ts-jest').JestConfigWithTsJest} **/
-export default {
-  clearMocks: true,
-  collectCoverage: true,
-  collectCoverageFrom: ['./src/**'],
-  coverageDirectory: './coverage',
-  coveragePathIgnorePatterns: ['/node_modules/', '/dist/'],
-  coverageReporters: ['json-summary', 'text', 'lcov'],
-  // Uncomment the below lines if you would like to enforce a coverage threshold
-  // for your action. This will fail the build if the coverage is below the
-  // specified thresholds.
-  // coverageThreshold: {
-  //   global: {
-  //     branches: 100,
-  //     functions: 100,
-  //     lines: 100,
-  //     statements: 100
-  //   }
-  // },
-  extensionsToTreatAsEsm: ['.ts'],
-  moduleFileExtensions: ['ts', 'js'],
-  preset: 'ts-jest',
-  reporters: ['default'],
-  resolver: 'ts-jest-resolver',
-  testEnvironment: 'node',
-  testMatch: ['**/*.test.ts'],
-  testPathIgnorePatterns: ['/dist/', '/node_modules/'],
-  transform: {
-    '^.+\\.ts$': [
-      'ts-jest',
-      {
-        tsconfig: 'tsconfig.eslint.json',
-        useESM: true
-      }
-    ]
-  },
-  verbose: true
-}

package.json

@@ -1,72 +1,41 @@
 {
   "name": "setup-cli",
-  "description": "Supabase CLI GitHub Action",
-  "version": "1.6.0",
-  "author": "",
-  "type": "module",
+  "version": "2.0.0",
   "private": true,
+  "description": "Supabase CLI GitHub Action",
+  "keywords": [
+    "actions"
+  ],
+  "license": "MIT",
+  "author": "",
   "repository": {
     "type": "git",
     "url": "git+https://github.com/supabase/setup-cli.git"
   },
-  "keywords": [
-    "actions"
-  ],
-  "exports": {
-    ".": "./dist/index.js"
-  },
-  "engines": {
-    "node": ">=20"
-  },
+  "type": "module",
   "scripts": {
-    "bundle": "npm run format:write && npm run package",
-    "ci-test": "NODE_OPTIONS=--experimental-vm-modules NODE_NO_WARNINGS=1 npx jest",
-    "coverage": "npx make-coverage-badge --output-path ./badges/coverage.svg",
-    "format:write": "npx prettier --write .",
-    "format:check": "npx prettier --check .",
-    "lint": "npx eslint .",
-    "local-action": "npx @github/local-action . src/main.ts .env",
-    "package": "npx rollup --config rollup.config.ts --configPlugin @rollup/plugin-typescript",
-    "package:watch": "npm run package -- --watch",
-    "test": "NODE_OPTIONS=--experimental-vm-modules NODE_NO_WARNINGS=1 npx jest",
-    "all": "npm run format:write && npm run lint && npm run package && npm run test && npm run coverage"
+    "all": "bun run format && bun run lint && bun run coverage",
+    "ci": "bun run format:check && bun run lint && bun run coverage",
+    "coverage": "bun test --coverage --coverage-reporter=text --coverage-reporter=lcov",
+    "format": "bun x oxfmt --write . '!coverage/**'",
+    "format:check": "bun x oxfmt --check . '!coverage/**'",
+    "lint": "bun x oxlint --deny-warnings --type-aware --type-check --tsconfig tsconfig.json src",
+    "test": "bun test",
+    "typecheck": "bun x tsgo -p tsconfig.json --noEmit"
   },
-  "license": "MIT",
   "dependencies": {
-    "@actions/core": "^1.11.1",
-    "@actions/tool-cache": "^2.0.2",
-    "semver": "^7.7.2"
+    "@actions/core": "^3.0.1",
+    "@actions/tool-cache": "^4.0.0"
   },
   "devDependencies": {
-    "@eslint/compat": "^1.3.1",
-    "@github/local-action": "^5.1.0",
-    "@jest/globals": "^30.0.5",
-    "@rollup/plugin-commonjs": "^28.0.6",
-    "@rollup/plugin-node-resolve": "^16.0.1",
-    "@rollup/plugin-typescript": "^12.1.4",
-    "@types/jest": "^30.0.0",
-    "@types/js-yaml": "^4.0.9",
-    "@types/node": "^20.19.9",
-    "@types/semver": "^7.7.0",
-    "@typescript-eslint/eslint-plugin": "^8.38.0",
-    "@typescript-eslint/parser": "^8.38.0",
-    "eslint": "^9.31.0",
-    "eslint-config-prettier": "^10.1.8",
-    "eslint-import-resolver-typescript": "^4.4.4",
-    "eslint-plugin-import": "^2.32.0",
-    "eslint-plugin-jest": "^29.0.1",
-    "eslint-plugin-prettier": "^5.5.3",
-    "jest": "^30.0.5",
-    "js-yaml": "^4.1.0",
-    "make-coverage-badge": "^1.2.0",
-    "prettier": "^3.6.2",
-    "prettier-eslint": "^16.4.2",
-    "rollup": "^4.45.1",
-    "ts-jest": "^29.4.0",
-    "ts-jest-resolver": "^2.0.1",
-    "typescript": "^5.8.3"
+    "@tsconfig/bun": "^1.0.10",
+    "@types/bun": "^1.3.13",
+    "@typescript/native-preview": "^7.0.0-dev.20260410.1",
+    "oxfmt": "^0.46.0",
+    "oxlint": "^1.61.0",
+    "oxlint-tsgolint": "^0.21.1"
   },
-  "optionalDependencies": {
-    "@rollup/rollup-linux-x64-gnu": "*"
+  "engines": {
+    "bun": ">=1.3.10"
   }
 }

rollup.config.ts

@@ -1,18 +0,0 @@
-// See: https://rollupjs.org/introduction/
-
-import commonjs from '@rollup/plugin-commonjs'
-import nodeResolve from '@rollup/plugin-node-resolve'
-import typescript from '@rollup/plugin-typescript'
-
-const config = {
-  input: 'src/index.ts',
-  output: {
-    esModule: true,
-    file: 'dist/index.js',
-    format: 'es',
-    sourcemap: true
-  },
-  plugins: [typescript(), nodeResolve({ preferBuiltins: true }), commonjs()]
-}
-
-export default config

src/index.ts

@@ -1,8 +0,0 @@
-/**
- * The entrypoint for the action. This file simply imports and runs the action's
- * main logic.
- */
-import { run } from './main.js'
-
-/* istanbul ignore next */
-run()

src/main.test.ts

@@ -0,0 +1,481 @@
+import { mkdirSync, mkdtempSync, rmSync, writeFileSync } from "node:fs";
+import os from "node:os";
+import path from "node:path";
+import process from "node:process";
+import { fileURLToPath } from "node:url";
+import { afterEach, expect, mock, spyOn, test } from "bun:test";
+import * as core from "@actions/core";
+import * as tc from "@actions/tool-cache";
+
+const repo = path.dirname(path.dirname(fileURLToPath(import.meta.url)));
+const defaultEntrypoint = fileURLToPath(new URL("./main.ts", import.meta.url));
+const CLI_CONFIG_REGISTRY = "SUPABASE_INTERNAL_IMAGE_REGISTRY";
+const originalWorkspace = process.env.GITHUB_WORKSPACE;
+const tempDirs = new Set<string>();
+let mainModule: typeof import("./main.ts") | null = null;
+
+afterEach(() => {
+  mock.restore();
+  process.env.GITHUB_WORKSPACE = originalWorkspace;
+
+  for (const dir of tempDirs) {
+    rmSync(dir, { force: true, recursive: true });
+  }
+  tempDirs.clear();
+});
+
+function createFakeCli(versionOutput: string): string {
+  const dir = mkdtempSync(path.join(os.tmpdir(), "setup-cli-"));
+  tempDirs.add(dir);
+
+  if (process.platform === "win32") {
+    writeFileSync(
+      path.join(dir, "supabase.cmd"),
+      versionOutput ? `@echo off\r\necho ${versionOutput}\r\n` : "@echo off\r\n",
+    );
+    return dir;
+  }
+
+  const escapedOutput = versionOutput.replaceAll("'", "'\"'\"'");
+  writeFileSync(
+    path.join(dir, "supabase"),
+    versionOutput
+      ? `#!/usr/bin/env bash\nprintf '%s\\n' '${escapedOutput}'\n`
+      : "#!/usr/bin/env bash\n",
+  );
+  Bun.spawnSync(["chmod", "+x", path.join(dir, "supabase")]);
+  return dir;
+}
+
+function createWorkspace(files: Record<string, string>): string {
+  const dir = mkdtempSync(path.join(os.tmpdir(), "setup-cli-workspace-"));
+  tempDirs.add(dir);
+
+  for (const [relativePath, content] of Object.entries(files)) {
+    const filePath = path.join(dir, relativePath);
+    mkdirSync(path.dirname(filePath), { recursive: true });
+    writeFileSync(filePath, content);
+  }
+
+  return dir;
+}
+
+function createBunLock(
+  version: string,
+  options: {
+    includeDependency?: boolean;
+    includePackageEntry?: boolean;
+    useDevDependency?: boolean;
+  } = {},
+): string {
+  const includeDependency = options.includeDependency ?? true;
+  const includePackageEntry = options.includePackageEntry ?? true;
+  const dependencyKey = options.useDevDependency ? "devDependencies" : "dependencies";
+
+  return `{
+  "lockfileVersion": 1,
+  "configVersion": 1,
+  "workspaces": {
+    "": {
+      "name": "app",
+      "${dependencyKey}": {
+${includeDependency ? `        "supabase": "^${version}"` : ""}
+      }
+    }
+  },
+  "packages": {
+${
+  includePackageEntry
+    ? `    "supabase": [
+      "supabase@${version}",
+      "",
+      {},
+      "sha512-test"
+    ]`
+    : ""
+}
+  }
+}
+`;
+}
+
+function createPnpmLock(
+  version: string,
+  options: { asString?: boolean; includeVersion?: boolean; useDevDependency?: boolean } = {},
+): string {
+  const dependencyKey = options.useDevDependency ? "devDependencies" : "dependencies";
+
+  return `lockfileVersion: "9.0"
+importers:
+  .:
+    ${dependencyKey}:
+${
+  options.asString
+    ? `      supabase: ${version}`
+    : `      supabase:
+        specifier: ^${version}
+${options.includeVersion === false ? "" : `        version: ${version}`}`
+}
+packages:
+  supabase@${version}:
+    resolution:
+      integrity: sha512-test
+`;
+}
+
+function createPackageLock(version: string): string {
+  return JSON.stringify(
+    {
+      name: "app",
+      lockfileVersion: 3,
+      packages: {
+        "": {
+          dependencies: {
+            supabase: `^${version}`,
+          },
+        },
+        "node_modules/supabase": {
+          version,
+        },
+      },
+    },
+    null,
+    2,
+  );
+}
+
+function createActionSpies(inputVersion: string, cliDir: string, expectedUrlFragment: string) {
+  return {
+    getInput: spyOn(core, "getInput").mockReturnValue(inputVersion),
+    setOutput: spyOn(core, "setOutput").mockImplementation(() => {}),
+    addPath: spyOn(core, "addPath").mockImplementation(() => {}),
+    exportVariable: spyOn(core, "exportVariable").mockImplementation(() => {}),
+    setFailed: spyOn(core, "setFailed").mockImplementation(() => {}),
+    downloadTool: spyOn(tc, "downloadTool").mockImplementation(async (url: string) => {
+      expect(url).toContain(expectedUrlFragment);
+      return path.join(os.tmpdir(), "supabase-cli.tar.gz");
+    }),
+    extractTar: spyOn(tc, "extractTar").mockImplementation(async () => cliDir),
+    extractZip: spyOn(tc, "extractZip").mockImplementation(async () => cliDir),
+  };
+}
+
+function mockLatestRelease(version = "v2.99.0") {
+  return spyOn(globalThis, "fetch").mockResolvedValue(
+    new Response(JSON.stringify({ tag_name: version }), {
+      status: 200,
+      statusText: "OK",
+    }),
+  );
+}
+
+async function getMainModule(): Promise<typeof import("./main.ts")> {
+  if (!mainModule) {
+    mainModule = await import("./main.ts");
+  }
+
+  return mainModule;
+}
+
+test("uses versioned tar archives for Supabase CLI v2.99.0 and later", async () => {
+  const { getDownloadArchive } = await getMainModule();
+
+  const archive = await getDownloadArchive("2.99.0", "linux", "x64");
+
+  expect(archive).toEqual({
+    url: "https://github.com/supabase/cli/releases/download/v2.99.0/supabase_2.99.0_linux_amd64.tar.gz",
+    format: "tar",
+  });
+});
+
+test("keeps the unversioned tar archive layout before Supabase CLI v2.99.0", async () => {
+  const { getDownloadArchive } = await getMainModule();
+
+  const archive = await getDownloadArchive("2.98.2", "linux", "x64");
+
+  expect(archive).toEqual({
+    url: "https://github.com/supabase/cli/releases/download/v2.98.2/supabase_linux_amd64.tar.gz",
+    format: "tar",
+  });
+});
+
+test("uses versioned zip archives for Windows Supabase CLI v2.99.0 and later", async () => {
+  const { getDownloadArchive } = await getMainModule();
+
+  const archive = await getDownloadArchive("2.99.0", "win32", "x64");
+
+  expect(archive).toEqual({
+    url: "https://github.com/supabase/cli/releases/download/v2.99.0/supabase_2.99.0_windows_amd64.zip",
+    format: "zip",
+  });
+});
+
+test("resolves latest before choosing a versioned Supabase CLI archive", async () => {
+  mockLatestRelease("v2.99.0");
+  const { getDownloadArchive } = await getMainModule();
+
+  const archive = await getDownloadArchive("latest", "darwin", "arm64");
+
+  expect(archive).toEqual({
+    url: "https://github.com/supabase/cli/releases/download/v2.99.0/supabase_2.99.0_darwin_arm64.tar.gz",
+    format: "tar",
+  });
+});
+
+test("awaits the action entrypoint with omitted version and latest fallback", async () => {
+  process.env.GITHUB_WORKSPACE = repo;
+  mockLatestRelease();
+  const cliDir = createFakeCli("supabase 2.84.2");
+  let startDownload!: () => void;
+  let finishDownload!: () => void;
+  const downloadStarted = new Promise<void>((resolve) => {
+    startDownload = resolve;
+  });
+  const downloadFinished = new Promise<string>((resolve) => {
+    finishDownload = () => resolve(path.join(os.tmpdir(), "supabase-cli.tar.gz"));
+  });
+  const spies = {
+    getInput: spyOn(core, "getInput").mockReturnValue(""),
+    setOutput: spyOn(core, "setOutput").mockImplementation(() => {}),
+    addPath: spyOn(core, "addPath").mockImplementation(() => {}),
+    exportVariable: spyOn(core, "exportVariable").mockImplementation(() => {}),
+    setFailed: spyOn(core, "setFailed").mockImplementation(() => {}),
+    downloadTool: spyOn(tc, "downloadTool").mockImplementation(async (url: string) => {
+      expect(url).toContain("/download/v2.99.0/supabase_2.99.0_");
+      startDownload();
+      return downloadFinished;
+    }),
+    extractTar: spyOn(tc, "extractTar").mockImplementation(async () => cliDir),
+    extractZip: spyOn(tc, "extractZip").mockImplementation(async () => cliDir),
+  };
+  const originalArgv1 = process.argv[1];
+  process.argv[1] = defaultEntrypoint;
+
+  try {
+    let importSettled = false;
+    const entrypoint = import(`./main.ts?entrypoint=${Date.now()}`).finally(() => {
+      importSettled = true;
+    });
+
+    await downloadStarted;
+    await Bun.sleep(0);
+
+    expect(importSettled).toBe(false);
+
+    finishDownload();
+    await entrypoint;
+  } finally {
+    process.argv[1] = originalArgv1 ?? "";
+  }
+
+  expect(spies.setOutput).toHaveBeenCalledWith("version", "supabase 2.84.2");
+  expect(spies.addPath).toHaveBeenCalledWith(cliDir);
+  expect(spies.exportVariable).toHaveBeenCalledWith(CLI_CONFIG_REGISTRY, "ghcr.io");
+  expect(spies.setFailed).not.toHaveBeenCalled();
+});
+
+test("uses the root bun.lock version when version is omitted", async () => {
+  process.env.GITHUB_WORKSPACE = createWorkspace({
+    "bun.lock": createBunLock("2.41.0"),
+  });
+  const cliDir = createFakeCli("supabase 2.41.0");
+  const spies = createActionSpies("", cliDir, "/download/v2.41.0/supabase_");
+  const { run } = await getMainModule();
+
+  await run();
+
+  expect(spies.downloadTool).not.toHaveBeenCalledWith(expect.stringContaining("/latest/download/"));
+  expect(spies.setOutput).toHaveBeenCalledWith("version", "supabase 2.41.0");
+  expect(spies.exportVariable).toHaveBeenCalledWith(CLI_CONFIG_REGISTRY, "ghcr.io");
+  expect(spies.setFailed).not.toHaveBeenCalled();
+});
+
+test("uses the root pnpm-lock.yaml version when version is omitted", async () => {
+  process.env.GITHUB_WORKSPACE = createWorkspace({
+    "pnpm-lock.yaml": createPnpmLock("2.42.0"),
+  });
+  const cliDir = createFakeCli("supabase 2.42.0");
+  const spies = createActionSpies("", cliDir, "/download/v2.42.0/supabase_");
+  const { run } = await getMainModule();
+
+  await run();
+
+  expect(spies.setOutput).toHaveBeenCalledWith("version", "supabase 2.42.0");
+  expect(spies.exportVariable).toHaveBeenCalledWith(CLI_CONFIG_REGISTRY, "ghcr.io");
+  expect(spies.setFailed).not.toHaveBeenCalled();
+});
+
+test("uses the root package-lock.json version when version is omitted", async () => {
+  process.env.GITHUB_WORKSPACE = createWorkspace({
+    "package-lock.json": createPackageLock("2.43.0"),
+  });
+  const cliDir = createFakeCli("supabase 2.43.0");
+  const spies = createActionSpies("", cliDir, "/download/v2.43.0/supabase_");
+  const { run } = await getMainModule();
+
+  await run();
+
+  expect(spies.setOutput).toHaveBeenCalledWith("version", "supabase 2.43.0");
+  expect(spies.exportVariable).toHaveBeenCalledWith(CLI_CONFIG_REGISTRY, "ghcr.io");
+  expect(spies.setFailed).not.toHaveBeenCalled();
+});
+
+test("falls through malformed lockfiles and uses the next supported root lockfile", async () => {
+  process.env.GITHUB_WORKSPACE = createWorkspace({
+    "bun.lock": "{ not valid",
+    "package-lock.json": createPackageLock("2.44.0"),
+  });
+  const cliDir = createFakeCli("supabase 2.44.0");
+  const spies = createActionSpies("", cliDir, "/download/v2.44.0/supabase_");
+  const { run } = await getMainModule();
+
+  await run();
+
+  expect(spies.setOutput).toHaveBeenCalledWith("version", "supabase 2.44.0");
+  expect(spies.exportVariable).toHaveBeenCalledWith(CLI_CONFIG_REGISTRY, "ghcr.io");
+  expect(spies.setFailed).not.toHaveBeenCalled();
+});
+
+test("falls back to latest when version is omitted and no supported root lockfile is present", async () => {
+  process.env.GITHUB_WORKSPACE = createWorkspace({
+    "README.md": "# app\n",
+  });
+  mockLatestRelease();
+  const cliDir = createFakeCli("supabase 2.84.2");
+  const spies = createActionSpies("", cliDir, "/download/v2.99.0/supabase_2.99.0_");
+  const { run } = await getMainModule();
+
+  await run();
+
+  expect(spies.setOutput).toHaveBeenCalledWith("version", "supabase 2.84.2");
+  expect(spies.exportVariable).toHaveBeenCalledWith(CLI_CONFIG_REGISTRY, "ghcr.io");
+  expect(spies.setFailed).not.toHaveBeenCalled();
+});
+
+test("falls back to latest when version is omitted and no workspace is available", async () => {
+  delete process.env.GITHUB_WORKSPACE;
+  mockLatestRelease();
+  const cliDir = createFakeCli("supabase 2.84.2");
+  const spies = createActionSpies("", cliDir, "/download/v2.99.0/supabase_2.99.0_");
+  const { run } = await getMainModule();
+
+  await run();
+
+  expect(spies.setOutput).toHaveBeenCalledWith("version", "supabase 2.84.2");
+  expect(spies.exportVariable).toHaveBeenCalledWith(CLI_CONFIG_REGISTRY, "ghcr.io");
+  expect(spies.setFailed).not.toHaveBeenCalled();
+});
+
+test("uses the declared bun.lock version when the resolved package entry is missing", async () => {
+  process.env.GITHUB_WORKSPACE = createWorkspace({
+    "bun.lock": createBunLock("2.44.1", { includePackageEntry: false, useDevDependency: true }),
+  });
+  const cliDir = createFakeCli("supabase 2.44.1");
+  const spies = createActionSpies("", cliDir, "/download/v2.44.1/supabase_");
+  const { run } = await getMainModule();
+
+  await run();
+
+  expect(spies.setOutput).toHaveBeenCalledWith("version", "supabase 2.44.1");
+  expect(spies.exportVariable).toHaveBeenCalledWith(CLI_CONFIG_REGISTRY, "ghcr.io");
+  expect(spies.setFailed).not.toHaveBeenCalled();
+});
+
+test("falls through bun.lock without supabase and uses a pnpm string dependency version", async () => {
+  process.env.GITHUB_WORKSPACE = createWorkspace({
+    "bun.lock": createBunLock("2.47.0", { includeDependency: false }),
+    "pnpm-lock.yaml": createPnpmLock("2.47.0", { asString: true }),
+  });
+  const cliDir = createFakeCli("supabase 2.47.0");
+  const spies = createActionSpies("", cliDir, "/download/v2.47.0/supabase_");
+  const { run } = await getMainModule();
+
+  await run();
+
+  expect(spies.setOutput).toHaveBeenCalledWith("version", "supabase 2.47.0");
+  expect(spies.exportVariable).toHaveBeenCalledWith(CLI_CONFIG_REGISTRY, "ghcr.io");
+  expect(spies.setFailed).not.toHaveBeenCalled();
+});
+
+test("falls through malformed pnpm lockfiles and uses the next supported root lockfile", async () => {
+  process.env.GITHUB_WORKSPACE = createWorkspace({
+    "pnpm-lock.yaml": "not: [valid",
+    "package-lock.json": createPackageLock("2.48.0"),
+  });
+  const cliDir = createFakeCli("supabase 2.48.0");
+  const spies = createActionSpies("", cliDir, "/download/v2.48.0/supabase_");
+  const { run } = await getMainModule();
+
+  await run();
+
+  expect(spies.setOutput).toHaveBeenCalledWith("version", "supabase 2.48.0");
+  expect(spies.exportVariable).toHaveBeenCalledWith(CLI_CONFIG_REGISTRY, "ghcr.io");
+  expect(spies.setFailed).not.toHaveBeenCalled();
+});
+
+test("falls through unreadable bun.lock paths and malformed package-lock files to latest", async () => {
+  const workspace = createWorkspace({
+    "package-lock.json": "{ invalid",
+  });
+  mkdirSync(path.join(workspace, "bun.lock"), { recursive: true });
+  process.env.GITHUB_WORKSPACE = workspace;
+  mockLatestRelease();
+  const cliDir = createFakeCli("supabase 2.84.2");
+  const spies = createActionSpies("", cliDir, "/download/v2.99.0/supabase_2.99.0_");
+  const { run } = await getMainModule();
+
+  await run();
+
+  expect(spies.setOutput).toHaveBeenCalledWith("version", "supabase 2.84.2");
+  expect(spies.exportVariable).toHaveBeenCalledWith(CLI_CONFIG_REGISTRY, "ghcr.io");
+  expect(spies.setFailed).not.toHaveBeenCalled();
+});
+
+test("falls back to latest when a pnpm dependency entry has no concrete version", async () => {
+  process.env.GITHUB_WORKSPACE = createWorkspace({
+    "pnpm-lock.yaml": createPnpmLock("2.49.0", { includeVersion: false }),
+  });
+  mockLatestRelease();
+  const cliDir = createFakeCli("supabase 2.84.2");
+  const spies = createActionSpies("", cliDir, "/download/v2.99.0/supabase_2.99.0_");
+  const { run } = await getMainModule();
+
+  await run();
+
+  expect(spies.setOutput).toHaveBeenCalledWith("version", "supabase 2.84.2");
+  expect(spies.exportVariable).toHaveBeenCalledWith(CLI_CONFIG_REGISTRY, "ghcr.io");
+  expect(spies.setFailed).not.toHaveBeenCalled();
+});
+
+test("explicit version overrides detected root lockfiles", async () => {
+  process.env.GITHUB_WORKSPACE = createWorkspace({
+    "bun.lock": createBunLock("2.45.0"),
+  });
+  const cliDir = createFakeCli("supabase 1.0.0");
+  const spies = createActionSpies("1.0.0", cliDir, "/download/v1.0.0/supabase_1.0.0_");
+  const { run } = await getMainModule();
+
+  await run();
+
+  expect(spies.setOutput).toHaveBeenCalledWith("version", "supabase 1.0.0");
+  expect(spies.exportVariable).not.toHaveBeenCalled();
+  expect(spies.setFailed).not.toHaveBeenCalled();
+});
+
+test("fails when the installed CLI does not report a version", async () => {
+  process.env.GITHUB_WORKSPACE = createWorkspace({
+    "package-lock.json": createPackageLock("2.46.0"),
+  });
+  const cliDir = createFakeCli("");
+  const spies = createActionSpies("", cliDir, "/download/v2.46.0/supabase_");
+  const { run } = await getMainModule();
+
+  await run();
+
+  expect(spies.setFailed).toHaveBeenCalledWith(
+    "Could not determine installed Supabase CLI version",
+  );
+  expect(spies.setOutput).not.toHaveBeenCalled();
+  expect(spies.addPath).not.toHaveBeenCalled();
+  expect(spies.exportVariable).not.toHaveBeenCalled();
+});

src/main.ts

@@ -1,39 +1,284 @@
-import * as core from '@actions/core'
-import * as tc from '@actions/tool-cache'
-import { gte } from 'semver'
-import { getDownloadUrl, determineInstalledVersion } from './utils.js'
+import { $, semver } from "bun";
+import * as core from "@actions/core";
+import * as tc from "@actions/tool-cache";
+import { existsSync, readFileSync } from "node:fs";
+import path from "node:path";
+import { fileURLToPath } from "node:url";
 
-export const CLI_CONFIG_REGISTRY = 'SUPABASE_INTERNAL_IMAGE_REGISTRY'
+export const CLI_CONFIG_REGISTRY = "SUPABASE_INTERNAL_IMAGE_REGISTRY";
+const REGISTRY_VERSION = "1.28.0";
+const VERSIONED_ARCHIVE_VERSION = "2.99.0";
+const DEFAULT_VERSION = "latest";
+const GITHUB_RELEASES_API = "https://api.github.com/repos/supabase/cli/releases/latest";
+
+type ArchiveFormat = "tar" | "zip";
+
+type DownloadArchive = {
+  url: string;
+  format: ArchiveFormat;
+};
+
+type BunLock = {
+  workspaces?: {
+    "": {
+      dependencies?: Record<string, string>;
+      devDependencies?: Record<string, string>;
+    };
+  };
+  packages?: Record<string, unknown>;
+};
+
+type PnpmDependency =
+  | string
+  | {
+      version?: string;
+    };
+
+type PnpmLock = {
+  importers?: {
+    ".": {
+      dependencies?: Record<string, PnpmDependency>;
+      devDependencies?: Record<string, PnpmDependency>;
+    };
+  };
+};
+
+type PackageLock = {
+  packages?: Record<string, { version?: string }>;
+  dependencies?: Record<string, { version?: string }>;
+};
+
+function getArchivePlatform(platform: NodeJS.Platform): string {
+  return platform === "win32" ? "windows" : platform;
+}
+
+function getArchiveArch(arch: NodeJS.Architecture): string {
+  return arch === "x64" ? "amd64" : arch;
+}
+
+function extractConcreteVersion(raw: string | undefined): string | null {
+  if (!raw) {
+    return null;
+  }
+
+  const match = raw.match(/\d+\.\d+\.\d+(?:-[0-9A-Za-z.-]+)?(?:\+[0-9A-Za-z.-]+)?/);
+  return match?.[0] ?? null;
+}
+
+function normalizeVersion(version: string): string {
+  return version.replace(/^v/i, "");
+}
+
+function readWorkspaceLockfile(workspaceRoot: string, filename: string): string | null {
+  const filePath = path.join(workspaceRoot, filename);
+
+  if (!existsSync(filePath)) {
+    return null;
+  }
+
+  try {
+    return readFileSync(filePath, "utf8");
+  } catch {
+    return null;
+  }
+}
+
+function detectVersionFromBunLock(workspaceRoot: string): string | null {
+  const text = readWorkspaceLockfile(workspaceRoot, "bun.lock");
+
+  if (!text) {
+    return null;
+  }
+
+  try {
+    const lockfile = JSON.parse(text.replace(/,\s*([}\]])/g, "$1")) as BunLock;
+    const rootWorkspace = lockfile.workspaces?.[""];
+    const declaredVersion =
+      rootWorkspace?.dependencies?.supabase ?? rootWorkspace?.devDependencies?.supabase;
+
+    if (!declaredVersion) {
+      return null;
+    }
+
+    const resolvedPackage = lockfile.packages?.supabase;
+    if (Array.isArray(resolvedPackage) && typeof resolvedPackage[0] === "string") {
+      return extractConcreteVersion(resolvedPackage[0]);
+    }
+
+    return extractConcreteVersion(declaredVersion);
+  } catch {
+    return null;
+  }
+}
+
+function detectVersionFromPnpmLock(workspaceRoot: string): string | null {
+  const text = readWorkspaceLockfile(workspaceRoot, "pnpm-lock.yaml");
+
+  if (!text) {
+    return null;
+  }
+
+  try {
+    const lockfile = Bun.YAML.parse(text) as PnpmLock;
+    const rootImporter = lockfile.importers?.["."];
+    const dependency =
+      rootImporter?.dependencies?.supabase ?? rootImporter?.devDependencies?.supabase;
+
+    if (typeof dependency === "string") {
+      return extractConcreteVersion(dependency);
+    }
+
+    return extractConcreteVersion(dependency?.version);
+  } catch {
+    return null;
+  }
+}
+
+function detectVersionFromPackageLock(workspaceRoot: string): string | null {
+  const text = readWorkspaceLockfile(workspaceRoot, "package-lock.json");
+
+  if (!text) {
+    return null;
+  }
+
+  try {
+    const lockfile = JSON.parse(text) as PackageLock;
+
+    return (
+      extractConcreteVersion(lockfile.packages?.["node_modules/supabase"]?.version) ??
+      extractConcreteVersion(lockfile.dependencies?.supabase?.version)
+    );
+  } catch {
+    return null;
+  }
+}
+
+function resolveVersion(inputVersion: string): string {
+  const requestedVersion = inputVersion.trim();
+
+  if (requestedVersion) {
+    return requestedVersion;
+  }
+
+  const workspaceRoot = process.env.GITHUB_WORKSPACE?.trim();
+
+  if (!workspaceRoot) {
+    return DEFAULT_VERSION;
+  }
+
+  return (
+    detectVersionFromBunLock(workspaceRoot) ??
+    detectVersionFromPnpmLock(workspaceRoot) ??
+    detectVersionFromPackageLock(workspaceRoot) ??
+    DEFAULT_VERSION
+  );
+}
+
+async function resolveLatestVersion(): Promise<string> {
+  const response = await fetch(GITHUB_RELEASES_API);
+  if (!response.ok) {
+    throw new Error(`Failed to resolve latest Supabase CLI release: ${response.statusText}`);
+  }
+
+  const release = (await response.json()) as { tag_name?: unknown };
+  if (typeof release.tag_name !== "string") {
+    throw new Error("Failed to resolve latest Supabase CLI release: missing tag name");
+  }
+
+  return normalizeVersion(release.tag_name);
+}
+
+function getArchiveFormat(version: string, platform: NodeJS.Platform): ArchiveFormat {
+  if (platform === "win32" && semver.order(version, VERSIONED_ARCHIVE_VERSION) >= 0) {
+    return "zip";
+  }
+
+  return "tar";
+}
+
+function getArchiveFilename(
+  version: string,
+  platform: NodeJS.Platform,
+  arch: NodeJS.Architecture,
+): string {
+  const archivePlatform = getArchivePlatform(platform);
+  const archiveArch = getArchiveArch(arch);
+
+  if (semver.order(version, REGISTRY_VERSION) === -1) {
+    return `supabase_${version}_${archivePlatform}_${archiveArch}.tar.gz`;
+  }
+
+  if (semver.order(version, VERSIONED_ARCHIVE_VERSION) >= 0) {
+    const extension = platform === "win32" ? "zip" : "tar.gz";
+    return `supabase_${version}_${archivePlatform}_${archiveArch}.${extension}`;
+  }
+
+  return `supabase_${archivePlatform}_${archiveArch}.tar.gz`;
+}
+
+export async function getDownloadArchive(
+  version: string,
+  platform = process.platform,
+  arch = process.arch,
+): Promise<DownloadArchive> {
+  const resolvedVersion =
+    version.toLowerCase() === "latest" ? await resolveLatestVersion() : normalizeVersion(version);
+  const filename = getArchiveFilename(resolvedVersion, platform, arch);
+
+  return {
+    url: `https://github.com/supabase/cli/releases/download/v${resolvedVersion}/${filename}`,
+    format: getArchiveFormat(resolvedVersion, platform),
+  };
+}
+
+function getCliExecutablePath(cliPath: string): string {
+  if (process.platform !== "win32") {
+    return path.join(cliPath, "supabase");
+  }
+
+  const exePath = path.join(cliPath, "supabase.exe");
+  if (existsSync(exePath)) {
+    return exePath;
+  }
+
+  const cmdPath = path.join(cliPath, "supabase.cmd");
+  if (existsSync(cmdPath)) {
+    return cmdPath;
+  }
+
+  return path.join(cliPath, "supabase");
+}
+
+export async function determineInstalledVersion(cliPath: string): Promise<string> {
+  const version = (await $`${getCliExecutablePath(cliPath)} --version`.text()).trim();
+  if (!version) {
+    throw new Error("Could not determine installed Supabase CLI version");
+  }
+
+  return version;
+}
 
-/**
- * The main function for the action.
- *
- * @returns Resolves when the action is complete.
- */
 export async function run(): Promise<void> {
   try {
-    // Get version of tool to be installed
-    const version = core.getInput('version')
+    const version = resolveVersion(core.getInput("version"));
+    const archive = await getDownloadArchive(version);
+    const archivePath = await tc.downloadTool(archive.url);
+    const cliPath =
+      archive.format === "zip"
+        ? await tc.extractZip(archivePath)
+        : await tc.extractTar(archivePath);
+    const installedVersion = await determineInstalledVersion(cliPath);
+    core.setOutput("version", installedVersion);
+    core.addPath(cliPath);
 
-    // Download the specific version of the tool, e.g. as a tarball/zipball
-    const download = await getDownloadUrl(version)
-    const pathToTarball = await tc.downloadTool(download)
-
-    // Extract the tarball/zipball onto host runner
-    const pathToCLI = await tc.extractTar(pathToTarball)
-
-    // Expose the tool by adding it to the PATH
-    core.addPath(pathToCLI)
-
-    // Expose installed tool version
-    const determinedVersion = await determineInstalledVersion()
-    core.setOutput('version', determinedVersion)
-
-    // Use GHCR mirror by default
-    if (version.toLowerCase() === 'latest' || gte(version, '1.28.0')) {
-      core.exportVariable(CLI_CONFIG_REGISTRY, 'ghcr.io')
+    if (version.toLowerCase() === "latest" || semver.order(version, REGISTRY_VERSION) >= 0) {
+      core.exportVariable(CLI_CONFIG_REGISTRY, "ghcr.io");
     }
   } catch (error) {
-    if (error instanceof Error) core.setFailed(error.message)
+    core.setFailed(error instanceof Error ? error.message : String(error));
   }
 }
+
+if (process.argv[1] === fileURLToPath(import.meta.url)) {
+  await run();
+}

src/utils.ts

@@ -1,48 +0,0 @@
-import { exec } from 'child_process'
-import os from 'os'
-import { lt } from 'semver'
-import { promisify } from 'util'
-
-const doExec = promisify(exec)
-
-// arch in [arm, arm64, x64...] (https://nodejs.org/docs/latest-v16.x/api/os.html#osarch)
-// return value in [amd64, arm64, arm]
-const mapArch = (arch: string): string => {
-  const mappings: Record<string, string> = {
-    x64: 'amd64'
-  }
-  return mappings[arch] || arch
-}
-
-// os in [darwin, linux, win32...] (https://nodejs.org/docs/latest-v16.x/api/os.html#osplatform)
-// return value in [darwin, linux, windows]
-const mapOS = (platform: string): string => {
-  const mappings: Record<string, string> = {
-    win32: 'windows'
-  }
-  return mappings[platform] || platform
-}
-
-export const getDownloadUrl = async (version: string): Promise<string> => {
-  const platform = mapOS(os.platform())
-  const arch = mapArch(os.arch())
-  const filename = `supabase_${platform}_${arch}.tar.gz`
-  if (version.toLowerCase() === 'latest') {
-    return `https://github.com/supabase/cli/releases/latest/download/${filename}`
-  }
-  if (lt(version, '1.28.0')) {
-    return `https://github.com/supabase/cli/releases/download/v${version}/supabase_${version}_${platform}_${arch}.tar.gz`
-  }
-  return `https://github.com/supabase/cli/releases/download/v${version}/${filename}`
-}
-
-export const determineInstalledVersion = async (): Promise<string> => {
-  const { stdout } = await doExec('supabase --version')
-
-  const version = stdout.trim()
-  if (!version) {
-    throw new Error('Could not determine installed Supabase CLI version')
-  }
-
-  return version
-}

tsconfig.base.json

@@ -1,23 +0,0 @@
-{
-  "$schema": "https://json.schemastore.org/tsconfig",
-  "compilerOptions": {
-    "allowSyntheticDefaultImports": true,
-    "declaration": false,
-    "declarationMap": false,
-    "esModuleInterop": true,
-    "forceConsistentCasingInFileNames": true,
-    "isolatedModules": true,
-    "lib": ["ES2022"],
-    "module": "NodeNext",
-    "moduleResolution": "NodeNext",
-    "newLine": "lf",
-    "noImplicitAny": true,
-    "noUnusedLocals": true,
-    "noUnusedParameters": false,
-    "pretty": true,
-    "resolveJsonModule": true,
-    "strict": true,
-    "strictNullChecks": true,
-    "target": "ES2022"
-  }
-}

tsconfig.eslint.json

@@ -1,17 +0,0 @@
-{
-  "$schema": "https://json.schemastore.org/tsconfig",
-  "extends": "./tsconfig.base.json",
-  "compilerOptions": {
-    "allowJs": true,
-    "noEmit": true
-  },
-  "exclude": ["dist", "node_modules"],
-  "include": [
-    "__fixtures__",
-    "__tests__",
-    "src",
-    "eslint.config.mjs",
-    "jest.config.js",
-    "rollup.config.ts"
-  ]
-}

tsconfig.json

@@ -1,11 +1,4 @@
 {
-  "$schema": "https://json.schemastore.org/tsconfig",
-  "extends": "./tsconfig.base.json",
-  "compilerOptions": {
-    "module": "NodeNext",
-    "moduleResolution": "NodeNext",
-    "outDir": "./dist"
-  },
-  "exclude": ["__fixtures__", "__tests__", "coverage", "dist", "node_modules"],
+  "extends": "@tsconfig/bun/tsconfig.json",
   "include": ["src"]
 }