chore(deps): bump the actions-major group across 1 directory with 2 updates (#5002)

dependabot[bot] · Copilot · sweatybridge · web-flow · commit 7ee3f04c7ee5 · 2026-03-28T08:31:38.000+08:00
* chore(deps): bump the actions-major group across 1 directory with 2 updates Bumps the actions-major group with 2 updates in the / directory: [dependabot/fetch-metadata](https://github.com/dependabot/fetch-metadata) and [github/codeql-action](https://github.com/github/codeql-action). Updates `dependabot/fetch-metadata` from 2.5.0 to 3.0.0 - [Release notes](https://github.com/dependabot/fetch-metadata/releases) - [Commits](dependabot/fetch-metadata@21025c7...ffa630c) Updates `github/codeql-action` from 4.34.1 to 4.35.1 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@3869755...c10b806) --- updated-dependencies: - dependency-name: dependabot/fetch-metadata dependency-version: 3.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: actions-major - dependency-name: github/codeql-action dependency-version: 4.35.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-major ... Signed-off-by: dependabot[bot] <support@github.com> * feat: add workflow to create and push pkg Go module version tags (#5001) * Initial plan * feat: add workflow to create and push pkg version tags Agent-Logs-Url: https://github.com/supabase/cli/sessions/78b5dd93-1c78-4cdc-b6f0-c664080934b8 Co-authored-by: sweatybridge <1639722+sweatybridge@users.noreply.github.com> * feat: add version validation and tag existence check to tag-pkg workflow Agent-Logs-Url: https://github.com/supabase/cli/sessions/78b5dd93-1c78-4cdc-b6f0-c664080934b8 Co-authored-by: sweatybridge <1639722+sweatybridge@users.noreply.github.com> * Apply suggestion from @Copilot Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: sweatybridge <1639722+sweatybridge@users.noreply.github.com> Co-authored-by: Han Qiao <sweatybridge@gmail.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Copilot <198982749+Copilot@users.noreply.github.com> Co-authored-by: sweatybridge <1639722+sweatybridge@users.noreply.github.com> Co-authored-by: Han Qiao <sweatybridge@gmail.com> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
diff --git a/.github/workflows/automerge.yml b/.github/workflows/automerge.yml
@@ -18,7 +18,7 @@ jobs:
       # will not occur.
       - name: Dependabot metadata
         id: meta
-        uses: dependabot/fetch-metadata@21025c705c08248db411dc16f3619e6b5f9ea21a # v2.5.0
+        uses: dependabot/fetch-metadata@ffa630c65fa7e0ecfa0625b5ceda64399aea1b36 # v3.0.0
         with:
           github-token: "${{ secrets.GITHUB_TOKEN }}"
 
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -60,7 +60,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@38697555549f1db7851b81482ff19f1fa5c4fedc # v4.34.1
+        uses: github/codeql-action/init@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
         with:
           languages: ${{ matrix.language }}
           build-mode: ${{ matrix.build-mode }}
@@ -88,6 +88,6 @@ jobs:
           exit 1
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@38697555549f1db7851b81482ff19f1fa5c4fedc # v4.34.1
+        uses: github/codeql-action/analyze@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
         with:
           category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/tag-pkg.yml b/.github/workflows/tag-pkg.yml
@@ -0,0 +1,37 @@
+name: Tag pkg
+
+on:
+  workflow_dispatch:
+    inputs:
+      version:
+        description: "pkg version to tag (e.g. v1.2.2)"
+        required: true
+        type: string
+
+permissions:
+  contents: write
+
+jobs:
+  tag:
+    name: Create pkg tag
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          ref: develop
+          fetch-depth: 0
+
+      - name: Create and push pkg tag
+        run: |
+          VERSION="${{ inputs.version }}"
+          if ! [[ "$VERSION" =~ ^v(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)$ ]]; then
+            echo "Error: version '$VERSION' does not match semver format (e.g. v1.2.2)"
+            exit 1
+          fi
+          TAG="pkg/$VERSION"
+          if git rev-parse "$TAG" >/dev/null 2>&1; then
+            echo "Error: tag '$TAG' already exists"
+            exit 1
+          fi
+          git tag "$TAG"
+          git push origin "$TAG"
