mirror of
https://github.com/supabase/setup-cli.git
synced 2026-05-13 03:16:57 +00:00
2df3f5f50e
Bumps the actions-minor-patch group with 3 updates in the / directory: [dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata), [actions/create-github-app-token](https://github.com/actions/create-github-app-token) and [ruby/setup-ruby](https://github.com/ruby/setup-ruby). Updates `dependabot/fetch-metadata` from 3.0.0 to 3.1.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/dependabot/fetch-metadata/releases">dependabot/fetch-metadata's releases</a>.</em></p> <blockquote> <h2>v3.1.0</h2> <h2>What's Changed</h2> <ul> <li>Add permissions to all workflows by <a href="https://github.com/truggeri"><code>@truggeri</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/687">dependabot/fetch-metadata#687</a></li> <li>build(deps-dev): bump globals from 16.0.0 to 17.4.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/690">dependabot/fetch-metadata#690</a></li> <li>build(deps-dev): bump esbuild from 0.27.4 to 0.28.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/693">dependabot/fetch-metadata#693</a></li> <li>build(deps-dev): bump <code>@hono/node-server</code> from 1.19.10 to 1.19.13 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/694">dependabot/fetch-metadata#694</a></li> <li>build(deps-dev): bump hono from 4.12.7 to 4.12.12 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/695">dependabot/fetch-metadata#695</a></li> <li>Dynamically update the tracking tag in action by <a href="https://github.com/truggeri"><code>@truggeri</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/696">dependabot/fetch-metadata#696</a></li> <li>fix: handle duplicate dependency names in parseMetadataLinks by <a href="https://github.com/devantler"><code>@devantler</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/700">dependabot/fetch-metadata#700</a></li> <li>fix: remove $ anchor from updateFragment regex to handle pip directory suffixes by <a href="https://github.com/devantler"><code>@devantler</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/698">dependabot/fetch-metadata#698</a></li> <li>Updates to README for permissions clarification by <a href="https://github.com/truggeri"><code>@truggeri</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/697">dependabot/fetch-metadata#697</a></li> <li>fix: resolve update-type null for Python, Composer, and Terraform PRs by <a href="https://github.com/vitorsdcs"><code>@vitorsdcs</code></a> in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/704">dependabot/fetch-metadata#704</a></li> <li>build(deps-dev): bump globals from 17.4.0 to 17.5.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/703">dependabot/fetch-metadata#703</a></li> <li>build(deps): bump actions/create-github-app-token from 3.0.0 to 3.1.1 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/701">dependabot/fetch-metadata#701</a></li> <li>build(deps): bump <code>@actions/github</code> from 9.0.0 to 9.1.0 in the dependencies group across 1 directory by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/702">dependabot/fetch-metadata#702</a></li> <li>build(deps-dev): bump hono from 4.12.12 to 4.12.14 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/705">dependabot/fetch-metadata#705</a></li> <li>v3.1.0 by <a href="https://github.com/fetch-metadata-action-automation"><code>@fetch-metadata-action-automation</code></a>[bot] in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/692">dependabot/fetch-metadata#692</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/devantler"><code>@devantler</code></a> made their first contribution in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/700">dependabot/fetch-metadata#700</a></li> <li><a href="https://github.com/vitorsdcs"><code>@vitorsdcs</code></a> made their first contribution in <a href="https://redirect.github.com/dependabot/fetch-metadata/pull/704">dependabot/fetch-metadata#704</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/dependabot/fetch-metadata/compare/v3...v3.1.0">https://github.com/dependabot/fetch-metadata/compare/v3...v3.1.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="25dd0e34f4"><code>25dd0e3</code></a> v3.1.0 (<a href="https://redirect.github.com/dependabot/fetch-metadata/issues/692">#692</a>)</li> <li><a href="e073f50d73"><code>e073f50</code></a> Merge pull request <a href="https://redirect.github.com/dependabot/fetch-metadata/issues/705">#705</a> from dependabot/dependabot/npm_and_yarn/hono-4.12.14</li> <li><a href="0670e167df"><code>0670e16</code></a> build(deps-dev): bump hono from 4.12.12 to 4.12.14</li> <li><a href="7a7fe10a42"><code>7a7fe10</code></a> Merge pull request <a href="https://redirect.github.com/dependabot/fetch-metadata/issues/702">#702</a> from dependabot/dependabot/npm_and_yarn/dependencies-...</li> <li><a href="5168191cea"><code>5168191</code></a> Updating dist build</li> <li><a href="23882e175b"><code>23882e1</code></a> build(deps): bump <code>@actions/github</code> in the dependencies group</li> <li><a href="1072469591"><code>1072469</code></a> Merge pull request <a href="https://redirect.github.com/dependabot/fetch-metadata/issues/701">#701</a> from dependabot/dependabot/github_actions/actions/cre...</li> <li><a href="43f8a0055c"><code>43f8a00</code></a> build(deps): bump actions/create-github-app-token from 3.0.0 to 3.1.1</li> <li><a href="b4d904a509"><code>b4d904a</code></a> Merge pull request <a href="https://redirect.github.com/dependabot/fetch-metadata/issues/703">#703</a> from dependabot/dependabot/npm_and_yarn/globals-17.5.0</li> <li><a href="c8046bb877"><code>c8046bb</code></a> build(deps-dev): bump globals from 17.4.0 to 17.5.0</li> <li>Additional commits viewable in <a href="ffa630c65f...25dd0e34f4">compare view</a></li> </ul> </details> <br /> Updates `actions/create-github-app-token` from 3.0.0 to 3.1.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/create-github-app-token/releases">actions/create-github-app-token's releases</a>.</em></p> <blockquote> <h2>v3.1.1</h2> <h2><a href="https://github.com/actions/create-github-app-token/compare/v3.1.0...v3.1.1">3.1.1</a> (2026-04-11)</h2> <h3>Bug Fixes</h3> <ul> <li>improve error message when app identifier is empty (<a href="https://redirect.github.com/actions/create-github-app-token/issues/362">#362</a>) (<a href="07e2b76066">07e2b76</a>), closes <a href="https://redirect.github.com/actions/create-github-app-token/issues/249">#249</a></li> </ul> <h2>v3.1.0</h2> <h1><a href="https://github.com/actions/create-github-app-token/compare/v3.0.0...v3.1.0">3.1.0</a> (2026-04-11)</h1> <h3>Bug Fixes</h3> <ul> <li><strong>deps:</strong> bump p-retry from 7.1.1 to 8.0.0 (<a href="https://redirect.github.com/actions/create-github-app-token/issues/357">#357</a>) (<a href="3bbe07d928">3bbe07d</a>)</li> </ul> <h3>Features</h3> <ul> <li>add <code>client-id</code> input and deprecate <code>app-id</code> (<a href="https://redirect.github.com/actions/create-github-app-token/issues/353">#353</a>) (<a href="e6bd4e6970">e6bd4e6</a>)</li> <li>update permission inputs (<a href="https://redirect.github.com/actions/create-github-app-token/issues/358">#358</a>) (<a href="076e9480ca">076e948</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="1b10c78c78"><code>1b10c78</code></a> build(release): 3.1.1 [skip ci]</li> <li><a href="07e2b76066"><code>07e2b76</code></a> fix: improve error message when app identifier is empty (<a href="https://redirect.github.com/actions/create-github-app-token/issues/362">#362</a>)</li> <li><a href="ea0121618b"><code>ea01216</code></a> ci: remove publish-immutable-action workflow (<a href="https://redirect.github.com/actions/create-github-app-token/issues/361">#361</a>)</li> <li><a href="7bd0371149"><code>7bd0371</code></a> build(release): 3.1.0 [skip ci]</li> <li><a href="e6bd4e6970"><code>e6bd4e6</code></a> feat: add <code>client-id</code> input and deprecate <code>app-id</code> (<a href="https://redirect.github.com/actions/create-github-app-token/issues/353">#353</a>)</li> <li><a href="076e9480ca"><code>076e948</code></a> feat: update permission inputs (<a href="https://redirect.github.com/actions/create-github-app-token/issues/358">#358</a>)</li> <li><a href="3bbe07d928"><code>3bbe07d</code></a> fix(deps): bump p-retry from 7.1.1 to 8.0.0 (<a href="https://redirect.github.com/actions/create-github-app-token/issues/357">#357</a>)</li> <li><a href="28a99e369c"><code>28a99e3</code></a> build(deps-dev): bump c8 from 10.1.3 to 11.0.0</li> <li><a href="4df50600ef"><code>4df5060</code></a> build(deps-dev): bump open-cli from 8.0.0 to 9.0.0</li> <li><a href="4843c538d9"><code>4843c53</code></a> build(deps-dev): bump the development-dependencies group with 3 updates</li> <li>See full diff in <a href="f8d387b68d...1b10c78c78">compare view</a></li> </ul> </details> <br /> Updates `ruby/setup-ruby` from 1.300.0 to 1.302.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/ruby/setup-ruby/releases">ruby/setup-ruby's releases</a>.</em></p> <blockquote> <h2>v1.302.0</h2> <p><strong>Full Changelog</strong>: <a href="https://github.com/ruby/setup-ruby/compare/v1.301.0...v1.302.0">https://github.com/ruby/setup-ruby/compare/v1.301.0...v1.302.0</a></p> <h2>v1.301.0</h2> <h2>What's Changed</h2> <ul> <li>Add truffleruby-34.0.0,truffleruby+graalvm-34.0.0 by <a href="https://github.com/ruby-builder-bot"><code>@ruby-builder-bot</code></a> in <a href="https://redirect.github.com/ruby/setup-ruby/pull/901">ruby/setup-ruby#901</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/ruby/setup-ruby/compare/v1.300.0...v1.301.0">https://github.com/ruby/setup-ruby/compare/v1.300.0...v1.301.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="7372622e62"><code>7372622</code></a> Give a better error for TruffleRuby 34+ on macOS Intel</li> <li><a href="4c56a21280"><code>4c56a21</code></a> Darwin-x86_64 is no longer supported on TruffleRuby 34+</li> <li><a href="5d9c71d71b"><code>5d9c71d</code></a> Add truffleruby-34.0.0,truffleruby+graalvm-34.0.0</li> <li>See full diff in <a href="e65c17d16e...7372622e62">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Julien Goux <hi@jgoux.dev>
143 lines
4.3 KiB
YAML
143 lines
4.3 KiB
YAML
# This workflow checks the statuses of cached dependencies used in this action
|
|
# with the help of the Licensed tool. If any licenses are invalid or missing,
|
|
# this workflow will fail. See: https://github.com/licensee/licensed
|
|
|
|
name: Licensed
|
|
|
|
on:
|
|
pull_request:
|
|
push:
|
|
branches:
|
|
- main
|
|
paths:
|
|
- .github/workflows/licensed.yml
|
|
- .licensed.yml
|
|
- .licenses/**
|
|
- bun.lock
|
|
- package.json
|
|
workflow_dispatch:
|
|
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.ref }}
|
|
cancel-in-progress: true
|
|
|
|
jobs:
|
|
check-licenses:
|
|
if: ${{ github.event_name != 'workflow_dispatch' }}
|
|
name: Licensed
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 15
|
|
permissions:
|
|
contents: read
|
|
pull-requests: read
|
|
|
|
steps:
|
|
- name: Detect license inputs
|
|
id: license-inputs
|
|
env:
|
|
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
PR_NUMBER: ${{ github.event.pull_request.number }}
|
|
REPOSITORY: ${{ github.repository }}
|
|
run: |
|
|
if [[ "${{ github.event_name }}" != "pull_request" ]]; then
|
|
echo "changed=true" >> "$GITHUB_OUTPUT"
|
|
exit 0
|
|
fi
|
|
|
|
gh api "repos/${REPOSITORY}/pulls/${PR_NUMBER}/files" --paginate --jq '.[].filename' > changed-files.txt
|
|
if grep -Eq '^(\.github/workflows/licensed\.yml|\.licensed\.yml|\.licenses/.*|bun\.lock|package\.json)$' changed-files.txt; then
|
|
echo "changed=true" >> "$GITHUB_OUTPUT"
|
|
else
|
|
echo "changed=false" >> "$GITHUB_OUTPUT"
|
|
fi
|
|
|
|
- name: Checkout
|
|
id: checkout
|
|
if: steps.license-inputs.outputs.changed == 'true'
|
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
|
|
|
- name: Setup Bun
|
|
id: setup-bun
|
|
if: steps.license-inputs.outputs.changed == 'true'
|
|
uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2.2.0
|
|
with:
|
|
bun-version-file: .bun-version
|
|
|
|
- name: Install Dependencies
|
|
id: bun-install
|
|
if: steps.license-inputs.outputs.changed == 'true'
|
|
run: bun install --frozen-lockfile
|
|
|
|
- name: Setup Ruby
|
|
id: setup-ruby
|
|
if: steps.license-inputs.outputs.changed == 'true'
|
|
uses: ruby/setup-ruby@7372622e62b60b3cb750dcd2b9e32c247ffec26a # v1.302.0
|
|
with:
|
|
ruby-version: ruby
|
|
|
|
- uses: licensee/setup-licensed@0d52e575b3258417672be0dff2f115d7db8771d8 # v1.3.2
|
|
if: steps.license-inputs.outputs.changed == 'true'
|
|
with:
|
|
version: 4.x
|
|
github_token: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
- name: Check Licenses
|
|
id: check-licenses
|
|
if: steps.license-inputs.outputs.changed == 'true'
|
|
run: licensed status
|
|
|
|
update-licenses:
|
|
if: ${{ github.event_name == 'workflow_dispatch' }}
|
|
name: Update Licenses
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 15
|
|
permissions:
|
|
contents: write
|
|
|
|
steps:
|
|
- name: Checkout
|
|
id: checkout
|
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
|
|
|
- name: Setup Bun
|
|
id: setup-bun
|
|
uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2.2.0
|
|
with:
|
|
bun-version-file: .bun-version
|
|
|
|
- name: Install Dependencies
|
|
id: bun-install
|
|
run: bun install --frozen-lockfile
|
|
|
|
- name: Setup Ruby
|
|
id: setup-ruby
|
|
uses: ruby/setup-ruby@7372622e62b60b3cb750dcd2b9e32c247ffec26a # v1.302.0
|
|
with:
|
|
ruby-version: ruby
|
|
|
|
- uses: licensee/setup-licensed@0d52e575b3258417672be0dff2f115d7db8771d8 # v1.3.2
|
|
with:
|
|
version: 4.x
|
|
github_token: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
- name: Update License Cache
|
|
id: update-licenses
|
|
run: licensed cache
|
|
|
|
- name: Format License Files
|
|
id: format-licenses
|
|
run: bun x oxfmt --write .licensed.yml .licenses
|
|
|
|
- name: Commit Licenses
|
|
id: commit-licenses
|
|
run: |
|
|
git config --local user.email "licensed-ci@users.noreply.github.com"
|
|
git config --local user.name "licensed-ci"
|
|
git add .licenses .licensed.yml
|
|
if git diff --cached --quiet; then
|
|
echo "No license cache changes to commit."
|
|
exit 0
|
|
fi
|
|
git commit -m "Auto-update license files"
|
|
git push
|