Skip to content

ci(deps): bump supabase/setup-cli from 1.7.1 to 3.0.0#91

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/supabase/setup-cli-3.0.0
Open

ci(deps): bump supabase/setup-cli from 1.7.1 to 3.0.0#91
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/github_actions/supabase/setup-cli-3.0.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 13, 2026

Copy link
Copy Markdown

Bumps supabase/setup-cli from 1.7.1 to 3.0.0.

Release notes

Sourced from supabase/setup-cli's releases.

v3.0.0

Summary

  • Install the Supabase CLI from the npm package instead of GitHub releases.
  • Support latest, beta, and fixed npm package versions.
  • Remove the github-token input; npm is now the source of truth for CLI resolution and install.
  • Preserve caller npm configuration by running npm from the workspace while keeping the action-owned install isolated.
  • Improve musl/Alpine runtime handling for existing node and npm binaries.

Validation

  • CI and E2E passed on main before tagging.
  • All open pull requests were cleared before release.

v3 is the moving major-version alias for this release.

v2.1.1

Fix Alpine/Linux musl containers that do not already include the C++ runtime libraries required by Bun and the Supabase CLI shim.

  • Install missing libstdc++ and libgcc before running oven-sh/setup-bun in Alpine/musl containers.
  • Keep non-Linux and non-musl runners as no-ops.
  • Fail with a clear setup message when a musl container cannot install the required packages.

Validation: https://github.com/jgoux/setup-cli-testing/actions/runs/26172791463

v2.1.0

Fix setup-cli on Linux musl/Alpine containers.

  • Authenticate the latest Supabase CLI release lookup with the optional github-token input.
  • Use Bun musl builds on Linux musl containers.
  • Download Supabase CLI .apk assets for Linux musl and CLI versions v2.99.0+.

v2.0.1

Fix latest Supabase CLI archive resolution for v2.99.0+.

v2.0.0

This major release refreshes the action internals, CI coverage, and release pipeline while keeping usage straightforward with uses: supabase/setup-cli@v2.

Highlights

  • Switched the action implementation to a composite action flow and modernized runtime/dependency setup.
  • Improved CLI version resolution: when version is omitted, the action now detects it from root lockfiles (bun.lock, pnpm-lock.yaml, package-lock.json) and falls back to latest.
  • Expanded validation with dedicated CI + E2E workflows and updated docs/examples around @v2.
  • Hardened repository automation and supply-chain posture (pinned actions, Dependabot workflow/policy updates, licensed workflow fixes).
  • Migrated away from old bundled distribution/test setup to a cleaner Bun-based project structure.

Maintenance updates

  • Dependency refreshes across Bun/TypeScript and GitHub Actions tooling.
  • Documentation and workflow cleanup for long-term maintainability.

... (truncated)

Commits
  • 46f7f98 chore(deps-dev): bump the bun-minor-patch group across 1 directory with 3 upd...
  • 00444ee chore(deps): bump ruby/setup-ruby from 1.308.0 to 1.316.0 in the actions-mino...
  • 4c16bf7 Honor workspace npm config for CLI installs (#443)
  • 23ef4b0 Install Supabase CLI from npm (#442)
  • 3c2f5e2 fix: install Alpine runtime dependencies (#433)
  • 365cb46 chore(deps-dev): bump the bun-minor-patch group across 1 directory with 4 upd...
  • e0099b2 chore(deps): bump the actions-minor-patch group across 1 directory with 2 upd...
  • 52a4467 fix: setup-cli on Linux musl containers (#431)
  • 3095b00 fix: authenticate latest release lookup (#430)
  • a4d563a fix: handle Supabase CLI v2.99 archives (#425)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [supabase/setup-cli](https://github.com/supabase/setup-cli) from 1.7.1 to 3.0.0.
- [Release notes](https://github.com/supabase/setup-cli/releases)
- [Commits](supabase/setup-cli@ab05898...46f7f98)

---
updated-dependencies:
- dependency-name: supabase/setup-cli
  dependency-version: 3.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code labels Jul 13, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file github_actions Pull requests that update GitHub Actions code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants