Skip to content

chore: production deploy #5519

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
supabase-cli-releaser merged 49 commits into from
Jun 11, 2026
Merged

chore: production deploy #5519

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
49 commits
Select commit Hold shift + click to select a range
3c78680
fix(deps): bump github.com/posthog/posthog-go from 1.13.0 to 1.13.1 i…
dependabot[bot] Jun 5, 2026
efa6df7
feat(cli): port services (#5468)
7ttp Jun 5, 2026
94b0db1
feat(cli): port bootstrap command to native TypeScript (#5470)
Coly010 Jun 5, 2026
618912c
fix(cli): tolerate missing SSO SAML IDs (#5485)
jgoux Jun 5, 2026
17f03f3
ci(deps): auto-merge all Dependabot updates (#5486)
jgoux Jun 5, 2026
b2d5dbd
test(stack): stabilize e2e warmup tests (#5487)
jgoux Jun 5, 2026
0c6c4c9
test(cli): remove Docker manifest alignment check (#5488)
jgoux Jun 5, 2026
d7956aa
fix(docker): bump the docker-minor group in /apps/cli-go/pkg/config/t…
dependabot[bot] Jun 5, 2026
0d046f3
fix(deps-dev): bump the npm-major group across 1 directory with 3 upd…
dependabot[bot] Jun 5, 2026
dd8e1b7
chore(cli): align scoop manifest with Main bucket conventions (#5490)
avallete Jun 5, 2026
7c490a4
fix(docker): bump supabase/storage-api from v1.60.4 to v1.60.8 in /ap…
dependabot[bot] Jun 6, 2026
56d617c
fix(deps): bump github.com/go-playground/validator/v10 from 10.30.2 t…
dependabot[bot] Jun 7, 2026
cd0ca38
chore(ci): bump aws-actions/configure-aws-credentials from 6.1.3 to 6…
dependabot[bot] Jun 8, 2026
1db29f3
chore: sync API types from infrastructure (#5504)
supabase-cli-releaser[bot] Jun 8, 2026
142e6a1
feat(cli): add --git-branch flag to branches create command (#5250)
avallete Jun 8, 2026
9fdbf04
fix(cli): warn when vector buckets are unavailable (#5508)
jgoux Jun 8, 2026
dc2ba5d
feat(cli): port gen signing-key (#5501)
7ttp Jun 8, 2026
8a05105
feat(cli): port config push (#5489)
Coly010 Jun 8, 2026
ec23369
fix(deps): bump the npm-major group across 1 directory with 9 updates…
dependabot[bot] Jun 8, 2026
48218f3
fix(cli): skip pg_dump in db pull when using pg-delta diff engine (#5…
avallete Jun 8, 2026
ff3482b
chore(ci): bump the actions-major group with 2 updates (#5516)
dependabot[bot] Jun 9, 2026
9eebd54
chore(cli): track output_format and fix is_agent CI parity (#5513)
pamelachia Jun 9, 2026
4260821
fix(deps): bump the npm-major group with 16 updates (#5518)
dependabot[bot] Jun 9, 2026
27b6af1
feat(cli): port gen types (#5514)
7ttp Jun 9, 2026
0e06255
feat(cli): set up platform baseline before declarative apply (#5515)
avallete Jun 9, 2026
f54aba0
fix(docker): bump the docker-minor group in /apps/cli-go/pkg/config/t…
dependabot[bot] Jun 9, 2026
82e6d06
fix(cli): provision platform baseline in declarative baseline catalog…
avallete Jun 9, 2026
879d44e
chore(ci): add API package sync workflow (#5523)
jgoux Jun 9, 2026
3334354
fix(deps): bump the npm-major group with 4 updates (#5529)
dependabot[bot] Jun 10, 2026
fb145af
fix(docker): bump the docker-minor group in /apps/cli-go/pkg/config/t…
dependabot[bot] Jun 10, 2026
178b882
fix(deps): bump github.com/posthog/posthog-go from 1.13.1 to 1.13.2 i…
dependabot[bot] Jun 10, 2026
2bb1173
fix(docker): bump supabase/postgres from 17.6.1.132 to 17.6.1.134 in …
dependabot[bot] Jun 10, 2026
8c577d8
chore(ci): support merge queues (#5526)
jgoux Jun 10, 2026
2f86caa
chore(api): sync Management API OpenAPI spec (#5525)
supabase-cli-releaser[bot] Jun 10, 2026
3b517e7
feat(cli): default output to JSON for coding agents (#5532)
pamelachia Jun 10, 2026
6a82246
fix(cli): retry rate-limited function deployments (#5534)
jgoux Jun 10, 2026
ceea5cb
chore(ci): skip post-merge test run (#5533)
jgoux Jun 10, 2026
5b12151
feat(api): flip auto_expose_new_tables default to false (#5524)
avallete Jun 10, 2026
f9d07c7
chore(ci): bump github/codeql-action from 4.36.1 to 4.36.2 in the act…
dependabot[bot] Jun 11, 2026
6b17630
fix(deps): bump github.com/posthog/posthog-go from 1.13.2 to 1.14.0 i…
dependabot[bot] Jun 11, 2026
9e6d13e
fix(deps): bump the npm-major group with 8 updates (#5539)
dependabot[bot] Jun 11, 2026
3b4fc98
ci(release): harden release publishing workflow (#5536)
jgoux Jun 11, 2026
c94310f
ci(cli): use buildx for image mirroring (#5542)
jgoux Jun 11, 2026
8680611
fix(cli): skip unavailable local vector storage (#5535)
jgoux Jun 11, 2026
f3ff9fd
fix(docker): bump the docker-minor group in /apps/cli-go/pkg/config/t…
dependabot[bot] Jun 11, 2026
09a5a92
fix(api): allow missing custom hostname validation records (#5543)
jgoux Jun 11, 2026
2064429
feat(cli): port functions delete & download (#5527)
7ttp Jun 11, 2026
9f4047d
chore(ci): ignore Docker Compose Go module updates (#5544)
jgoux Jun 11, 2026
bd39bcf
fix(cli): preserve flag/env channel when delegating to the Go proxy (…
Coly010 Jun 11, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions .github/dependabot.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,10 @@ updates:
- patch
exclude-patterns:
- github.com/compose-spec/compose-go/v2
ignore:
- dependency-name: "github.com/compose-spec/compose-go/v2"
- dependency-name: "github.com/docker/cli"
- dependency-name: "github.com/docker/docker"
cooldown:
default-days: 7
- package-ecosystem: "npm"
Expand Down
118 changes: 118 additions & 0 deletions .github/workflows/api-package-sync.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,118 @@
name: API Package Sync

on:
schedule:
- cron: "17 * * * *"
workflow_dispatch:

permissions:
contents: read

jobs:
detect:
name: Detect OpenAPI changes
runs-on: blacksmith-8vcpu-ubuntu-2404
outputs:
has_changes: ${{ steps.compare.outputs.has_changes }}
steps:
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
with:
persist-credentials: false

- name: Compare upstream OpenAPI spec
id: compare
shell: bash
run: |
set -euo pipefail

remote_spec="$RUNNER_TEMP/openapi.remote.json"
remote_normalized="$RUNNER_TEMP/openapi.remote.normalized.json"
tracked_normalized="$RUNNER_TEMP/openapi.tracked.normalized.json"
normalize_filter="$RUNNER_TEMP/normalize-openapi.jq"

curl -fsS https://api.supabase.com/api/v1-json -o "$remote_spec"

cat > "$normalize_filter" <<'JQ'
def pointer_path($p): $p | split("/")[1:] | map(gsub("~1"; "/") | gsub("~0"; "~"));
reduce ($overrides[0] // [])[] as $op (.;
if $op.op == "test" then
if getpath(pointer_path($op.path)) == $op.value then
.
else
error("OpenAPI override test failed at \($op.path)")
end
elif $op.op == "replace" then
setpath(pointer_path($op.path); $op.value)
else
error("Unsupported OpenAPI override op \($op.op)")
end
)
JQ

jq -S --slurpfile overrides packages/api/scripts/openapi-overrides.json \
-f "$normalize_filter" "$remote_spec" > "$remote_normalized"
jq -S . packages/api/src/generated/openapi.json > "$tracked_normalized"

if cmp -s "$remote_normalized" "$tracked_normalized"; then
echo "No upstream OpenAPI changes detected."
echo "has_changes=false" >> "$GITHUB_OUTPUT"
else
echo "Upstream OpenAPI changes detected."
echo "has_changes=true" >> "$GITHUB_OUTPUT"
diff -u "$tracked_normalized" "$remote_normalized" | sed -n '1,160p' || true
fi

sync:
name: Sync API package
needs: detect
if: needs.detect.outputs.has_changes == 'true'
runs-on: blacksmith-8vcpu-ubuntu-2404
steps:
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
with:
persist-credentials: false

- name: Setup
uses: ./.github/actions/setup

- name: Regenerate API package
run: pnpm generate
working-directory: packages/api

- name: Format API package
run: pnpm exec nx run @supabase/api:fmt:fix

- name: Check for generated changes
id: check
run: |
if git diff --ignore-space-at-eol --exit-code --quiet packages/api/src/generated; then
echo "No generated changes detected."
echo "has_changes=false" >> "$GITHUB_OUTPUT"
else
echo "Generated changes detected."
echo "has_changes=true" >> "$GITHUB_OUTPUT"
fi

- name: Generate token
if: steps.check.outputs.has_changes == 'true'
id: app-token
uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
with:
client-id: ${{ vars.GH_APP_CLIENT_ID }}
private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
permission-pull-requests: write
permission-contents: write

- name: Create Pull Request
if: steps.check.outputs.has_changes == 'true'
uses: peter-evans/create-pull-request@5f6978faf089d4d20b00c7766989d076bb2fc7f1 # v8.1.1
with:
token: ${{ steps.app-token.outputs.token }}
commit-message: "chore(api): sync Management API OpenAPI spec"
title: "chore(api): sync Management API OpenAPI spec"
body: |
This PR was automatically created to sync the generated `@supabase/api` package with the latest Management API OpenAPI document.

Changes were detected in the upstream OpenAPI document exposed by `https://api.supabase.com/api/v1-json`.
branch: sync/api-package
base: develop
7 changes: 2 additions & 5 deletions .github/workflows/automerge.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,6 @@ jobs:

- name: Generate token
id: app-token
if: ${{ steps.meta.outputs.update-type == null || steps.meta.outputs.update-type == 'version-update:semver-patch' || (!startsWith(steps.meta.outputs.previous-version, '0.') && steps.meta.outputs.update-type == 'version-update:semver-minor') }}
uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0
with:
client-id: ${{ vars.GH_APP_CLIENT_ID }}
Expand All @@ -33,16 +32,14 @@ jobs:

# Here the PR gets approved.
- name: Approve a PR
if: ${{ steps.meta.outputs.update-type == null || steps.meta.outputs.update-type == 'version-update:semver-patch' || (!startsWith(steps.meta.outputs.previous-version, '0.') && steps.meta.outputs.update-type == 'version-update:semver-minor') }}
run: gh pr review --approve "${GITHUB_EVENT_PULL_REQUEST_HTML_URL}"
env:
GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
GITHUB_EVENT_PULL_REQUEST_HTML_URL: ${{ github.event.pull_request.html_url }}

# Finally, this sets the PR to allow auto-merging for patch and minor
# updates if all checks pass
# Finally, this sets the PR to allow auto-merging once all required
# checks pass.
- name: Enable auto-merge for Dependabot PRs
if: ${{ steps.meta.outputs.update-type == null || steps.meta.outputs.update-type == 'version-update:semver-patch' || (!startsWith(steps.meta.outputs.previous-version, '0.') && steps.meta.outputs.update-type == 'version-update:semver-minor') }}
run: gh pr merge --auto --squash "${GITHUB_EVENT_PULL_REQUEST_HTML_URL}"

@depthfirst-app depthfirst-app Bot Jun 11, 2026

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🟡 Severity: MEDIUM

The if: conditions that previously restricted auto-approval and auto-merge to semver-patch and stable semver-minor Dependabot updates were removed from this step (and the token generation/approval steps above). All Dependabot PRs — including major version bumps — now auto-merge without human review, weakening supply chain defenses if a dependency is compromised at a major version.
Helpful? Add 👍 / 👎

💡 Fix Suggestion

Suggestion: Restore the step-level if: conditions that were previously present on the Generate token (line 24), Approve a PR (line 34), and Enable auto-merge (line 42) steps to restrict automated approval and merging to non-major updates only. Add the following condition to each of those three steps:

if: steps.meta.outputs.update-type != 'version-update:semver-major'

For example, the "Enable auto-merge" step should become:

      - name: Enable auto-merge for Dependabot PRs
        if: steps.meta.outputs.update-type != 'version-update:semver-major'
        run: gh pr merge --auto --squash "${GITHUB_EVENT_PULL_REQUEST_HTML_URL}"
        env:
          GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
          GITHUB_EVENT_PULL_REQUEST_HTML_URL: ${{ github.event.pull_request.html_url }}

The same if: condition must also be added to the Generate token step (line 24) and the Approve a PR step (line 34) — otherwise major-version PRs will still be auto-approved by the app token even if the merge step is gated. Restricting all three steps ensures that major version bumps require a human to manually review and approve before merging, restoring the supply-chain review barrier.

env:
GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/build-cli-artifacts.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ jobs:
POSTHOG_ENDPOINT: ${{ secrets.POSTHOG_ENDPOINT }}
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
with:
ref: ${{ inputs.ref }}
persist-credentials: false
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/cli-go-api-sync.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ jobs:
name: Sync API Types
runs-on: blacksmith-2vcpu-ubuntu-2404
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
with:
persist-credentials: false

Expand Down
10 changes: 5 additions & 5 deletions .github/workflows/cli-go-ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ jobs:
name: Test
runs-on: blacksmith-8vcpu-ubuntu-2404
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
with:
persist-credentials: false

Expand Down Expand Up @@ -60,7 +60,7 @@ jobs:
name: Lint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
with:
persist-credentials: false

Expand All @@ -81,7 +81,7 @@ jobs:
name: Start
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
with:
persist-credentials: false
- uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6
Expand All @@ -107,7 +107,7 @@ jobs:
'pull_request' && !github.event.pull_request.head.repo.fork) }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
with:
persist-credentials: false
- uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6
Expand All @@ -124,7 +124,7 @@ jobs:
name: Codegen
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
with:
persist-credentials: false

Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/cli-go-codeql.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -63,13 +63,13 @@ jobs:
# your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages
steps:
- name: Checkout repository
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
with:
persist-credentials: false

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0
uses: github/codeql-action/init@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
with:
languages: ${{ matrix.language }}
build-mode: ${{ matrix.build-mode }}
Expand Down Expand Up @@ -97,7 +97,7 @@ jobs:
exit 1

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4.36.0
uses: github/codeql-action/analyze@8aad20d150bbac5944a9f9d289da16a4b0d87c1e # v4.36.2
with:
category: "/language:${{matrix.language}}"
defaults:
Expand Down
20 changes: 13 additions & 7 deletions .github/workflows/cli-go-mirror-image.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ jobs:
run: |
echo "image=${TAG##*/}" >> $GITHUB_OUTPUT
- name: configure aws credentials
uses: aws-actions/configure-aws-credentials@99214aa6889fcddfa57764031d71add364327e59 # v6.1.3
uses: aws-actions/configure-aws-credentials@e7f100cf4c008499ea8adda475de1042d6975c7b # v6.2.0
with:
role-to-assume: ${{ secrets.PROD_AWS_ROLE }}
aws-region: us-east-1
Expand All @@ -46,9 +46,15 @@ jobs:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- uses: akhilerm/tag-push-action@f35ff2cb99d407368b5c727adbcc14a2ed81d509 # v2.2.0
with:
src: docker.io/${{ github.event.client_payload.image || inputs.image }}
dst: |
public.ecr.aws/supabase/${{ steps.strip.outputs.image }}
ghcr.io/supabase/${{ steps.strip.outputs.image }}
- uses: docker/setup-buildx-action@d7f5e7f509e45cec5c76c4d5afdd7de93d0b3df5 # v4.1.0
- name: Mirror image
env:
SOURCE_IMAGE: docker.io/${{ github.event.client_payload.image || inputs.image }}
ECR_IMAGE: public.ecr.aws/supabase/${{ steps.strip.outputs.image }}
GHCR_IMAGE: ghcr.io/supabase/${{ steps.strip.outputs.image }}
run: |
docker buildx imagetools create \
--prefer-index=false \
-t "$ECR_IMAGE" \
-t "$GHCR_IMAGE" \
"$SOURCE_IMAGE"
2 changes: 1 addition & 1 deletion .github/workflows/cli-go-mirror.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ jobs:
tags: ${{ steps.list.outputs.tags }}
curr: ${{ steps.curr.outputs.tags }}
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
with:
persist-credentials: false
- uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/cli-go-tag-pkg.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ jobs:
name: Create pkg tag
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
with:
ref: develop
fetch-depth: 0
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/deploy.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ jobs:
deploy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
- uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6
with:
fetch-depth: 0
persist-credentials: false
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/lint-pull-request.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ on:
types:
- checks_requested
branches:
- main
- develop

permissions:
pull-requests: read
Expand All @@ -38,4 +38,4 @@ jobs:
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- if: github.event_name == 'merge_group'
run: echo "Merge queue entry does not have a pull request payload; reporting success for the required lint check."
run: echo "Merge queue entry does not have a pull request payload; reporting success for the required lint check."
2 changes: 1 addition & 1 deletion .github/workflows/publish-preview-cli-packages.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ jobs:
PR_NUMBER: ${{ github.event.pull_request.number }}
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
with:
persist-credentials: false

Expand Down
12 changes: 8 additions & 4 deletions .github/workflows/release-shared.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -82,7 +82,7 @@ jobs:
VERSION: ${{ inputs.version }}
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
with:
persist-credentials: false

Expand Down Expand Up @@ -198,7 +198,7 @@ jobs:
permission-workflows: write

- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
with:
persist-credentials: true
token: ${{ steps.app-token.outputs.token }}
Expand Down Expand Up @@ -350,7 +350,7 @@ jobs:
VERSION: ${{ inputs.version }}
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
with:
persist-credentials: false

Expand All @@ -375,6 +375,7 @@ jobs:

- name: Configure git for tap push
env:
GH_TOKEN: ${{ steps.app-token.outputs.token }}
GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
run: |
gh auth setup-git
Expand All @@ -384,6 +385,7 @@ jobs:
- name: Update Homebrew formula
run: pnpm exec bun apps/cli/scripts/update-homebrew.ts --version "${VERSION}" --name "${BREW_NAME}"
env:
GH_TOKEN: ${{ steps.app-token.outputs.token }}
GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}

publish-scoop:
Expand All @@ -395,7 +397,7 @@ jobs:
VERSION: ${{ inputs.version }}
steps:
- name: Checkout
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
with:
persist-credentials: false

Expand All @@ -420,6 +422,7 @@ jobs:

- name: Configure git for bucket push
env:
GH_TOKEN: ${{ steps.app-token.outputs.token }}
GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}
run: |
gh auth setup-git
Expand All @@ -429,6 +432,7 @@ jobs:
- name: Update Scoop manifest
run: pnpm exec bun apps/cli/scripts/update-scoop.ts --version "${VERSION}" --name "${SCOOP_NAME}"
env:
GH_TOKEN: ${{ steps.app-token.outputs.token }}
GITHUB_TOKEN: ${{ steps.app-token.outputs.token }}

# Post-publish smoke test for the `supabase/setup-cli` GitHub Action against
Expand Down
Loading
Loading