Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
48 commits
Select commit Hold shift + click to select a range
fc7c0b9
chore(ci): bump the actions-major group with 2 updates (#5744)
dependabot[bot] Jul 1, 2026
61bd84a
fix(docker): bump the docker-minor group in /apps/cli-go/pkg/config/t…
dependabot[bot] Jul 1, 2026
11e59d2
fix(docker): bump supabase/postgres from 17.6.1.140 to 17.6.1.141 in …
dependabot[bot] Jul 1, 2026
03e0f9d
chore(stack): sync service versions from Dockerfile (#5716)
jgoux Jul 1, 2026
78f9554
fix(cli): eszip error (#5747)
7ttp Jul 1, 2026
25d5f32
chore(cli): define hotfix release workflow (#5738)
jgoux Jul 1, 2026
1e33f0b
chore(deps): bump the npm-major group with 9 updates (#5743)
dependabot[bot] Jul 1, 2026
b83f2e0
ci(cli): sync releases to Linear (#5727)
jgoux Jul 1, 2026
bc2f17e
ci(release): restore action/cache release handoff (#5748)
jgoux Jul 1, 2026
38d2f7c
fix(cli): stop declarative sync hanging on edge-runtime container exi…
avallete Jul 1, 2026
9fed499
ci: change live e2e schedule from hourly to daily (#5750)
avallete Jul 1, 2026
39b3b8c
fix(cli): suggest subcommand placement for misplaced flags (#5751)
jgoux Jul 1, 2026
c328749
fix(cli): align services version sources (#5754)
jgoux Jul 1, 2026
c8e2994
chore: sync API types from infrastructure (#5753)
supabase-cli-releaser[bot] Jul 1, 2026
77e9079
chore(deps): bump github.com/posthog/posthog-go from 1.16.1 to 1.16.2…
dependabot[bot] Jul 2, 2026
4c6ff8a
chore(deps): bump the npm-major group with 9 updates (#5760)
dependabot[bot] Jul 2, 2026
edbc8cd
fix(cli): query output (#5763)
7ttp Jul 2, 2026
2060d72
fix(cli): function deploy paths (#5755)
7ttp Jul 2, 2026
1fe9b81
ci: auto approve API sync PRs (#5756)
jgoux Jul 2, 2026
957566d
fix(cli): CSV-split sso and postgres-config StringSlice flags (#5764)
Coly010 Jul 2, 2026
3587412
fix(cli): port db pull initial pull to native pg_dump; fix non-intera…
Coly010 Jul 2, 2026
9bcbec5
chore(deps): bump effect to 4.0.0-beta.93 and update effect submodule…
Coly010 Jul 2, 2026
f9ced97
chore(deps-dev): bump @anthropic-ai/claude-agent-sdk from 0.3.191 to …
dependabot[bot] Jul 3, 2026
5e9e1e9
chore(ci): bump the actions-major group with 2 updates (#5774)
dependabot[bot] Jul 3, 2026
4c4f6b6
fix(docker): bump supabase/postgres from 17.6.1.141 to 17.6.1.142 in …
dependabot[bot] Jul 3, 2026
09d13d9
chore(api): sync Management API OpenAPI spec (#5752)
supabase-cli-releaser[bot] Jul 3, 2026
7f2002e
fix(docker): bump the docker-minor group in /apps/cli-go/pkg/config/t…
dependabot[bot] Jul 3, 2026
9bb97be
fix(db): respect schema_paths order in diff (#5706)
pjpjq Jul 3, 2026
f6aff1c
chore(dev/onboarding): set up `mise`-based workflow for initial codeb…
kanadgupta Jul 3, 2026
c570971
chore(ci/mise): add lockfile, simplify caching behavior (#5778)
kanadgupta Jul 3, 2026
3f2b9a6
chore(deps): bump `golangci-lint` to latest (#5779)
kanadgupta Jul 3, 2026
5a0e4a9
fix(deps): bump the npm-major group with 3 updates (#5782)
dependabot[bot] Jul 4, 2026
31d6fb9
fix(cli): generate non-TypeScript types from project refs (#5622)
avallete Jul 4, 2026
c8c7b18
chore(ci): bump golangci/golangci-lint-action from 9.2.1 to 9.3.0 in …
dependabot[bot] Jul 6, 2026
9a9a83d
fix(deps): bump the npm-major group across 1 directory with 5 updates…
dependabot[bot] Jul 6, 2026
28cc844
fix(cli): wire --experimental gate into 7 ungated native leaves (#5766)
Coly010 Jul 6, 2026
c62b558
fix(cli): resolve network-bans project ref before validating --db-unb…
Coly010 Jul 6, 2026
4efa0df
fix(cli): add --no-descriptions flag to completion subcommands (#5771)
Coly010 Jul 6, 2026
f28efed
fix(cli): run --experimental gate before storage's mutex check (#5768)
Coly010 Jul 6, 2026
28b17f6
fix(cli): add hidden --exclude and --ignore-health-check flags to sta…
Coly010 Jul 6, 2026
cb38353
test: trim low-value unit coverage (#5792)
jgoux Jul 6, 2026
1439680
fix(cli): honor SUPABASE_INTERNAL_IMAGE_REGISTRY in gen types (#5786)
swiflyme Jul 6, 2026
12b7ed9
fix(docker): bump the docker-minor group in /apps/cli-go/pkg/config/t…
dependabot[bot] Jul 6, 2026
78acec5
chore: sync API types from infrastructure (#5795)
supabase-cli-releaser[bot] Jul 6, 2026
60c2d17
fix(deps): bump github.com/posthog/posthog-go from 1.16.2 to 1.17.2 i…
dependabot[bot] Jul 7, 2026
2b8eeea
fix(deps): bump the npm-major group with 8 updates (#5808)
dependabot[bot] Jul 7, 2026
1cbf45a
fix(docker): bump the docker-minor group in /apps/cli-go/pkg/config/t…
dependabot[bot] Jul 7, 2026
6d4c198
fix(docker): bump supabase/postgres from 17.6.1.142 to 17.6.1.143 in …
dependabot[bot] Jul 7, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .bun-version
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
1.3.13
63 changes: 30 additions & 33 deletions .github/actions/setup/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,56 +9,53 @@ inputs:
default: ""
dependency-cache:
description: >-
Whether to enable the pnpm dependency cache. Disable this when the job
deletes the pnpm store before exiting, otherwise the post-job cache save
Whether to enable dependency caches. Disable this when the job deletes a
cached dependency path before exiting, otherwise the post-job cache save
fails with a path validation error.
required: false
default: "true"

runs:
using: "composite"
steps:
- name: Resolve Bun version
shell: bash
run: echo "BUN_VERSION=1.3.13" >> "$GITHUB_ENV"

- name: Install Bun
id: install-bun
uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2.2.0
continue-on-error: true
with:
bun-version: ${{ env.BUN_VERSION }}

- name: Install Bun (fallback with retries)
if: steps.install-bun.outcome == 'failure'
uses: nick-fields/retry@ce71cc2ab81d554ebbe88c79ab5975992d79ba08 # v3.0.2
- name: Install toolchains
uses: jdx/mise-action@e6a8b3978addb5a52f2b4cd9d91eafa7f0ab959d # v4
with:
timeout_minutes: 3
max_attempts: 5
retry_wait_seconds: 30
command: |
curl -fsSL https://bun.sh/install | bash -s "bun-v${BUN_VERSION}"
echo "$HOME/.bun/bin" >> "$GITHUB_PATH"
version: 2026.7.0

- name: Verify Bun
- name: Resolve pnpm store path
if: inputs.dependency-cache == 'true'
id: pnpm-store
shell: bash
run: bun --version
run: echo "path=$(pnpm store path --silent)" >> "$GITHUB_OUTPUT"

- name: Install Node.js
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
- name: Configure pnpm dependency cache
if: inputs.dependency-cache == 'true'
uses: actions/cache@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v6.1.0
with:
node-version-file: .nvmrc
package-manager-cache: false
path: ${{ steps.pnpm-store.outputs.path }}
key: pnpm-store-${{ runner.os }}-${{ runner.arch }}-${{ hashFiles('pnpm-lock.yaml') }}
restore-keys: |
pnpm-store-${{ runner.os }}-${{ runner.arch }}-

- name: Enable Corepack
- name: Resolve Go cache paths
if: inputs.dependency-cache == 'true'
id: go-cache
shell: bash
run: npm install --global --force corepack && corepack enable
run: |
echo "mod=$(go env GOMODCACHE)" >> "$GITHUB_OUTPUT"
echo "build=$(go env GOCACHE)" >> "$GITHUB_OUTPUT"

- name: Configure dependency cache
- name: Configure Go dependency cache
if: inputs.dependency-cache == 'true'
uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
uses: actions/cache@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v6.1.0
with:
cache: pnpm
path: |
${{ steps.go-cache.outputs.mod }}
${{ steps.go-cache.outputs.build }}
key: go-cache-${{ runner.os }}-${{ runner.arch }}-${{ hashFiles('apps/cli-go/go.mod', 'apps/cli-go/go.sum') }}
restore-keys: |
go-cache-${{ runner.os }}-${{ runner.arch }}-

- name: Install dependencies
shell: bash
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/apply-release-notes.yml
Original file line number Diff line number Diff line change
Expand Up @@ -82,7 +82,7 @@ jobs:
# Checkout the PR head so any reviewer edits made in the GitHub UI before
# approval are captured. apply-release-notes.ts reads from the working
# tree.
- uses: useblacksmith/checkout@41cdeedae8edb2e684ba22896a5fd2a3cb85db6b # v1
- uses: useblacksmith/checkout@c9796daa2a4bdebdab5bd16be2c09a70cd4e1121 # v1
with:
ref: ${{ github.event.pull_request.head.sha }}
fetch-depth: 1
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/backfill-release-notes.yml
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ jobs:
TAG: ${{ inputs.tag }}
GH_TOKEN: ${{ github.token }}
steps:
- uses: useblacksmith/checkout@41cdeedae8edb2e684ba22896a5fd2a3cb85db6b # v1
- uses: useblacksmith/checkout@c9796daa2a4bdebdab5bd16be2c09a70cd4e1121 # v1
with:
fetch-depth: 0
persist-credentials: false
Expand Down
44 changes: 17 additions & 27 deletions .github/workflows/build-cli-artifacts.yml
Original file line number Diff line number Diff line change
Expand Up @@ -21,8 +21,8 @@ on:
required: false
type: string
default: blacksmith-32vcpu-ubuntu-2404
artifact_name_suffix:
description: Suffix to distinguish build artifact producers (e.g. -github)
cache_key_suffix:
description: Suffix to distinguish build artifact cache producers
required: false
type: string
default: ""
Expand Down Expand Up @@ -76,13 +76,6 @@ jobs:
with:
dependency-firewall-token: ${{ secrets.DF_FIREWALL_TOKEN }}

- name: Setup Go
uses: actions/setup-go@924ae3a1cded613372ab5595356fb5720e22ba16 # v6.5.0
with:
go-version-file: apps/cli-go/go.mod
cache: true
cache-dependency-path: apps/cli-go/go.sum

- name: Pre-download Go modules
working-directory: apps/cli-go
run: go mod download -x
Expand Down Expand Up @@ -123,26 +116,23 @@ jobs:
echo "Checking dist/..."
ls -la dist/

- name: Check existing build artifacts cache
id: build-artifacts-cache
uses: actions/cache/restore@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v6.1.0
with:
path: |
packages/cli-*/bin/
dist/
key: cli-build-${{ github.run_id }}-${{ inputs.shell }}-${{ inputs.version }}${{ inputs.cache_key_suffix }}-v1
enableCrossOsArchive: true
lookup-only: true

# Hand the build off to the smoke/publish/brew/scoop jobs via a run-scoped
# artifact rather than a cache. Caches share a 10 GB per-repo budget and
# are evicted LRU, so a large build cache could vanish mid-run between the
# producer and a later consumer (e.g. publish), failing the restore.
# Artifacts have their own deterministic retention and survive job re-runs
# within the run, which is exactly what this handoff needs.
- name: Upload build artifacts
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
- name: Save build artifacts cache
if: steps.build-artifacts-cache.outputs.cache-hit != 'true'
uses: actions/cache/save@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v6.1.0
with:
name: cli-build-${{ inputs.shell }}-${{ inputs.version }}${{ inputs.artifact_name_suffix }}
path: |
packages/cli-*/bin/
dist/
# Intra-run handoff, not a kept deliverable — expire it the next day.
retention-days: 1
# A full re-run of this job replaces its own artifact instead of
# failing on the duplicate name from the previous attempt.
overwrite: true
# dist/* is already compressed (tar.gz/zip/deb/rpm/apk); a light level
# trims the raw bin/ binaries without burning CPU re-packing the rest.
compression-level: 1
if-no-files-found: error
key: cli-build-${{ github.run_id }}-${{ inputs.shell }}-${{ inputs.version }}${{ inputs.cache_key_suffix }}-v1
enableCrossOsArchive: true
7 changes: 7 additions & 0 deletions .github/workflows/cli-go-api-sync.yml
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,13 @@ jobs:
branch: sync/api-types
base: develop

- name: Approve Pull Request
if: steps.check.outputs.has_changes == 'true'
run: gh pr review --approve --repo "${{ github.repository }}" "${STEPS_CPR_OUTPUTS_PULL_REQUEST_NUMBER}"
env:
GH_TOKEN: ${{ secrets.AUTO_APPROVE_PR_PAT }}
STEPS_CPR_OUTPUTS_PULL_REQUEST_NUMBER: ${{ steps.cpr.outputs.pull-request-number }}

- name: Enable Pull Request Automerge
if: steps.check.outputs.has_changes == 'true'
run: gh pr merge --auto --squash --repo "${{ github.repository }}" "${STEPS_CPR_OUTPUTS_PULL_REQUEST_NUMBER}"
Expand Down
14 changes: 8 additions & 6 deletions .github/workflows/cli-go-ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -78,16 +78,18 @@ jobs:
with:
persist-credentials: false

- uses: actions/setup-go@924ae3a1cded613372ab5595356fb5720e22ba16 # v6
- uses: jdx/mise-action@e6a8b3978addb5a52f2b4cd9d91eafa7f0ab959d # v4
with:
go-version-file: apps/cli-go/go.mod
# Linter requires no cache
cache: false
version: 2026.7.0
install: true
install_args: >-
go
golangci-lint

- uses: golangci/golangci-lint-action@82606bf257cbaff209d206a39f5134f0cfbfd2ee # v9.2.1
- uses: golangci/golangci-lint-action@ba0d7d2ec06a0ea1cb5fa41b2e4a3ab91d21278a # v9.3.0
with:
args: --timeout 5m --verbose
version: latest
install-mode: none
only-new-issues: true
working-directory: apps/cli-go

Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/cli-go-mirror-image.yml
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ jobs:
run: |
echo "image=${TAG##*/}" >> $GITHUB_OUTPUT
- name: configure aws credentials
uses: aws-actions/configure-aws-credentials@e7f100cf4c008499ea8adda475de1042d6975c7b # v6.2.0
uses: aws-actions/configure-aws-credentials@254c19bd240aabef8777f48595e9d2d7b972184b # v6.2.1
with:
role-to-assume: ${{ secrets.PROD_AWS_ROLE }}
aws-region: us-east-1
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/deploy-check.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,9 +15,9 @@ permissions:

jobs:
check:
if: github.head_ref != 'develop'
if: github.head_ref != 'develop' && !startsWith(github.head_ref, 'hotfix/')
runs-on: ubuntu-latest
steps:
- run: |
echo "Pull requests to main branch are only allowed from develop branch."
echo "Pull requests to main branch are only allowed from develop or hotfix/* branches."
exit 1
14 changes: 4 additions & 10 deletions .github/workflows/live-e2e.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ name: Live E2E
# ref (github.ref), always a same-repo branch. We deliberately take NO
# free-form `ref` input: that would let a manual run check out arbitrary
# (e.g. external PR) code while the staging token is in the job env.
# - schedule (hourly) — exercises the `@beta` channel. `develop` is the default
# - schedule (daily) — exercises the `@beta` channel. `develop` is the default
# branch AND the beta release source, so a scheduled run checks it out and
# builds from source. The `gate` job skips the run unless the published
# `supabase@beta` version changed since the last green run (an actions/cache
Expand All @@ -23,8 +23,8 @@ name: Live E2E
on:
workflow_dispatch:
schedule:
# Hourly, offset from other scheduled workflows. Cron timing is best-effort.
- cron: "23 * * * *"
# Daily, offset from other scheduled workflows. Cron timing is best-effort.
- cron: "23 6 * * *"

permissions:
contents: read
Expand Down Expand Up @@ -113,12 +113,6 @@ jobs:
- name: Setup
uses: ./.github/actions/setup

- name: Setup Go
uses: actions/setup-go@924ae3a1cded613372ab5595356fb5720e22ba16 # v6.5.0
with:
go-version-file: apps/cli-go/go.mod
cache-dependency-path: apps/cli-go/go.sum

# Build the Go binary for every target: `go` runs it directly and
# `ts-legacy` shells out to it for most commands.
- name: Build Go CLI
Expand Down Expand Up @@ -168,7 +162,7 @@ jobs:

# Record that this beta tested green so the next scheduled run skips it. Needs
# the whole matrix: the marker is saved only if BOTH go and ts-legacy passed
# (a red leg leaves no marker, so the next hour re-runs the same beta).
# (a red leg leaves no marker, so the next day re-runs the same beta).
finalize:
needs: [gate, live-e2e]
if: github.event_name == 'schedule' && needs.live-e2e.result == 'success'
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/propose-release-notes.yml
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@ jobs:
client-id: ${{ vars.GH_APP_CLIENT_ID }}
private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}

- uses: useblacksmith/checkout@41cdeedae8edb2e684ba22896a5fd2a3cb85db6b # v1
- uses: useblacksmith/checkout@c9796daa2a4bdebdab5bd16be2c09a70cd4e1121 # v1
with:
# Full history + tags so backfill-release-notes.ts can reach the
# commit graph it needs (semantic-release walks notes back to the
Expand Down
11 changes: 8 additions & 3 deletions .github/workflows/publish-preview-cli-packages.yml
Original file line number Diff line number Diff line change
Expand Up @@ -57,10 +57,15 @@ jobs:
with:
dependency-firewall-token: ${{ secrets.DF_FIREWALL_TOKEN }}

- name: Download preview build artifacts
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
- name: Restore preview build artifacts cache
uses: actions/cache/restore@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v6.1.0
with:
name: cli-build-legacy-${{ env.PREVIEW_VERSION }}
path: |
packages/cli-*/bin/
dist/
key: cli-build-${{ github.run_id }}-legacy-${{ env.PREVIEW_VERSION }}-v1
enableCrossOsArchive: true
fail-on-cache-miss: true

- name: Prepare package files
run: |
Expand Down
Loading
Loading