Skip to content

Prod deploy #4962

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
github-actions merged 33 commits into from
Mar 25, 2026
Merged

Prod deploy #4962

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
33 commits
Select commit Hold shift + click to select a range
49c1f7c
chore: sync API types from infrastructure (#4953)
supabase-cli-releaser[bot] Mar 13, 2026
111bf90
feat(db): add `supabase db query` command for executing SQL (#4955)
Rodriguespn Mar 16, 2026
0351926
feat: add global `--agent` flag with auto-detection for AI coding age…
Rodriguespn Mar 17, 2026
43ce0a6
feat(db): add `supabase db advisors` command for checking security an…
Rodriguespn Mar 15, 2026
d8e3ee9
feat(db): add --db-url flag to db advisors command
Rodriguespn Mar 17, 2026
a14e8fa
refactor(db): merge filterByLevel into filterLints
Rodriguespn Mar 17, 2026
1b568b5
feat(db): add `supabase db advisors` command for checking security an…
Rodriguespn Mar 17, 2026
a743a01
fix: add start command warning (#4963)
7ttp Mar 17, 2026
24b7304
fix: suggestion to use signing_keys.json (#4964)
7ttp Mar 17, 2026
bce7051
fix(db): split advisors session setup from lint query (#4967)
jsj Mar 18, 2026
3b50e7e
chore: sync API types from infrastructure (#4974)
supabase-cli-releaser[bot] Mar 19, 2026
17e02c8
feat(pull): add debug logs for ssl check (#4894)
avallete Mar 19, 2026
7fb9823
feat: add pg delta declarative sync command (#4966)
avallete Mar 20, 2026
6aecf76
chore(deps): bump the go-minor group across 2 directories with 2 upda…
dependabot[bot] Mar 20, 2026
58d1121
feat(functions): exposing JWKs as non internal env (#4985)
kallebysantos Mar 24, 2026
7360cf6
chore(deps): bump the npm-major group across 1 directory with 2 updates
dependabot[bot] Mar 25, 2026
7b7d930
chore: pin actions to sha
staaldraad Mar 25, 2026
86cdfb8
chore: pin actions to sha (#4987)
jgoux Mar 25, 2026
37aa22b
chore(deps): bump actions/create-github-app-token
dependabot[bot] Mar 25, 2026
bb60cc3
chore(deps): bump actions/create-github-app-token from 2 to 3 in the …
jgoux Mar 25, 2026
851318f
fix(docker): bump the docker-minor group across 1 directory with 7 up…
dependabot[bot] Mar 25, 2026
14db0db
Merge branch 'develop' into dependabot/npm_and_yarn/npm-major-64c132dcc1
jgoux Mar 25, 2026
3925a4d
chore(deps): bump the npm-major group across 1 directory with 2 updat…
jgoux Mar 25, 2026
e8ef41e
chore(deps): bump the go-minor group across 1 directory with 3 update…
dependabot[bot] Mar 25, 2026
d5c5aa6
fix(docker): bump vector from 0.28.1 to 0.53.0 for ARM page size support
okedeji Mar 25, 2026
d342eda
fix(analytics): wait for logflare before starting vector
okedeji Mar 25, 2026
ebc3bd7
fix(functions): reload kong after edge runtime restart
okedeji Mar 25, 2026
a0799e3
fix(docker): bump vector from 0.28.1 to 0.53.0 for ARM page size supp…
jgoux Mar 25, 2026
f289ae6
Merge branch 'develop' into fix/vector-logflare-startup-race
jgoux Mar 25, 2026
c641720
Merge branch 'develop' into fix/kong-dns-stale-edge-runtime
okedeji Mar 25, 2026
3ea701e
fix(analytics): wait for logflare before starting vector (#4989)
jgoux Mar 25, 2026
6352d9a
Merge branch 'develop' into fix/kong-dns-stale-edge-runtime
jgoux Mar 25, 2026
d03a45b
fix(functions): reload kong after edge runtime restart (#4990)
jgoux Mar 25, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions .github/workflows/api-sync.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,9 +16,9 @@ jobs:
name: Sync API Types
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

- uses: actions/setup-go@v6
- uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
with:
go-version-file: go.mod
cache: true
Expand All @@ -39,15 +39,15 @@ jobs:

- name: Generate token
id: app-token
uses: actions/create-github-app-token@v2
uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0
with:
app-id: ${{ secrets.APP_ID }}
private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}

- name: Create Pull Request
if: steps.check.outputs.has_changes == 'true'
id: cpr
uses: peter-evans/create-pull-request@v8
uses: peter-evans/create-pull-request@c0f553fe549906ede9cf27b5156039d195d2ece0 # v8.1.0
with:
token: ${{ steps.app-token.outputs.token }}
commit-message: "chore: sync API types from infrastructure"
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/automerge.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,14 +18,14 @@ jobs:
# will not occur.
- name: Dependabot metadata
id: meta
uses: dependabot/fetch-metadata@v2
uses: dependabot/fetch-metadata@21025c705c08248db411dc16f3619e6b5f9ea21a # v2.5.0
with:
github-token: "${{ secrets.GITHUB_TOKEN }}"

- name: Generate token
id: app-token
if: ${{ steps.meta.outputs.update-type == null || steps.meta.outputs.update-type == 'version-update:semver-patch' || (!startsWith(steps.meta.outputs.previous-version, '0.') && steps.meta.outputs.update-type == 'version-update:semver-minor') }}
uses: actions/create-github-app-token@v2
uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0
with:
app-id: ${{ secrets.APP_ID }}
private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
Expand Down
30 changes: 15 additions & 15 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,21 +14,21 @@ jobs:
name: Test
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

- uses: actions/setup-go@v6
- uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
with:
go-version-file: go.mod
cache: true

# Required by: internal/utils/credentials/keyring_test.go
- uses: t1m0thyj/unlock-keyring@v1
- uses: t1m0thyj/unlock-keyring@728cc718a07b5e7b62c269fc89295e248b24cba7 # v1.1.0
- run: |
pkgs=$(go list ./pkg/... | grep -Ev 'pkg/api' | paste -sd ',' -)
go tool gotestsum -- -race -v -count=1 ./... \
-coverpkg="./cmd/...,./internal/...,${pkgs}" -coverprofile=coverage.out

- uses: actions/upload-artifact@v7
- uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
with:
name: code-coverage-report
path: coverage.out
Expand All @@ -39,10 +39,10 @@ jobs:
- test
runs-on: ubuntu-latest
steps:
- uses: actions/download-artifact@v8
- uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: code-coverage-report
- uses: coverallsapp/github-action@v2
- uses: coverallsapp/github-action@5cbfd81b66ca5d10c19b062c04de0199c215fb6e # v2.3.7
with:
file: coverage.out
format: golang
Expand All @@ -51,15 +51,15 @@ jobs:
name: Lint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

- uses: actions/setup-go@v6
- uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
with:
go-version-file: go.mod
# Linter requires no cache
cache: false

- uses: golangci/golangci-lint-action@v9
- uses: golangci/golangci-lint-action@1e7e51e771db61008b38414a730f564565cf7c20 # v9.2.0
with:
args: --timeout 3m --verbose
version: latest
Expand All @@ -69,8 +69,8 @@ jobs:
name: Start
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- uses: actions/setup-go@v6
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
with:
go-version-file: go.mod
cache: true
Expand All @@ -92,8 +92,8 @@ jobs:
if: ${{ !github.event.pull_request.head.repo.fork }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- uses: actions/setup-go@v6
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
with:
go-version-file: go.mod
cache: true
Expand All @@ -107,9 +107,9 @@ jobs:
name: Codegen
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

- uses: actions/setup-go@v6
- uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
with:
go-version-file: go.mod
cache: true
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/codeql-analysis.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -56,11 +56,11 @@ jobs:
# your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages
steps:
- name: Checkout repository
uses: actions/checkout@v6
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v4
uses: github/codeql-action/init@38697555549f1db7851b81482ff19f1fa5c4fedc # v4.34.1
with:
languages: ${{ matrix.language }}
build-mode: ${{ matrix.build-mode }}
Expand Down Expand Up @@ -88,6 +88,6 @@ jobs:
exit 1

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v4
uses: github/codeql-action/analyze@38697555549f1db7851b81482ff19f1fa5c4fedc # v4.34.1
with:
category: "/language:${{matrix.language}}"
4 changes: 2 additions & 2 deletions .github/workflows/deploy.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,11 +14,11 @@ jobs:
deploy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v6
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
fetch-depth: 0
- id: app-token
uses: actions/create-github-app-token@v2
uses: actions/create-github-app-token@f8d387b68d61c58ab83c6c016672934102569859 # v3.0.0
with:
app-id: ${{ secrets.APP_ID }}
private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
Expand Down
16 changes: 8 additions & 8 deletions .github/workflows/install.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,14 +23,14 @@ jobs:
permissions:
contents: read
steps:
- uses: actions/checkout@v6
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2

- run: |
jq -c '.version = "1.28.0"' package.json > tmp.$$.json
mv tmp.$$.json package.json
npm pack

- uses: actions/upload-artifact@v7
- uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
with:
name: installer
path: supabase-1.28.0.tgz
Expand All @@ -43,7 +43,7 @@ jobs:
os: [ubuntu-latest, macos-latest, windows-latest]
runs-on: ${{ matrix.os }}
steps:
- uses: actions/download-artifact@v8
- uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: installer

Expand All @@ -59,7 +59,7 @@ jobs:
os: [ubuntu-latest, macos-latest, windows-latest]
runs-on: ${{ matrix.os }}
steps:
- uses: actions/download-artifact@v8
- uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: installer

Expand All @@ -75,7 +75,7 @@ jobs:
os: [ubuntu-latest, macos-latest, windows-latest]
runs-on: ${{ matrix.os }}
steps:
- uses: actions/download-artifact@v8
- uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: installer

Expand All @@ -98,7 +98,7 @@ jobs:
os: [ubuntu-latest, macos-latest, windows-latest]
runs-on: ${{ matrix.os }}
steps:
- uses: actions/download-artifact@v8
- uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: installer

Expand All @@ -117,11 +117,11 @@ jobs:
os: [ubuntu-latest, macos-latest]
runs-on: ${{ matrix.os }}
steps:
- uses: actions/download-artifact@v8
- uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
with:
name: installer

- uses: oven-sh/setup-bun@v2
- uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2.2.0
with:
bun-version: latest
- run: |
Expand Down
8 changes: 4 additions & 4 deletions .github/workflows/mirror-image.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,19 +30,19 @@ jobs:
TAG=${{ github.event.client_payload.image || inputs.image }}
echo "image=${TAG##*/}" >> $GITHUB_OUTPUT
- name: configure aws credentials
uses: aws-actions/configure-aws-credentials@v6.0.0
uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6.0.0
with:
role-to-assume: ${{ secrets.PROD_AWS_ROLE }}
aws-region: us-east-1
- uses: docker/login-action@v4
- uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
with:
registry: public.ecr.aws
- uses: docker/login-action@v4
- uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- uses: akhilerm/tag-push-action@v2.2.0
- uses: akhilerm/tag-push-action@f35ff2cb99d407368b5c727adbcc14a2ed81d509 # v2.2.0
with:
src: docker.io/${{ github.event.client_payload.image || inputs.image }}
dst: |
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/mirror.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,8 +26,8 @@ jobs:
tags: ${{ steps.list.outputs.tags }}
curr: ${{ steps.curr.outputs.tags }}
steps:
- uses: actions/checkout@v6
- uses: actions/setup-go@v6
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0
with:
go-version-file: go.mod
cache: true
Expand Down
14 changes: 7 additions & 7 deletions .github/workflows/pg-prove.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,8 +12,8 @@ jobs:
outputs:
image_tag: supabase/pg_prove:${{ steps.version.outputs.pg_prove }}
steps:
- uses: docker/setup-buildx-action@v4
- uses: docker/build-push-action@v7
- uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
- uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0
with:
load: true
context: https://github.com/horrendo/pg_prove.git
Expand Down Expand Up @@ -43,15 +43,15 @@ jobs:
image_digest: ${{ steps.build.outputs.digest }}
steps:
- run: docker context create builders
- uses: docker/setup-buildx-action@v4
- uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
with:
endpoint: builders
- uses: docker/login-action@v4
- uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- id: build
uses: docker/build-push-action@v7
uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0
with:
push: true
context: https://github.com/horrendo/pg_prove.git
Expand All @@ -66,8 +66,8 @@ jobs:
- build_image
runs-on: ubuntu-latest
steps:
- uses: docker/setup-buildx-action@v4
- uses: docker/login-action@v4
- uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
- uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
Expand Down
14 changes: 7 additions & 7 deletions .github/workflows/publish-migra.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,8 +12,8 @@ jobs:
outputs:
image_tag: supabase/migra:${{ steps.version.outputs.migra }}
steps:
- uses: docker/setup-buildx-action@v4
- uses: docker/build-push-action@v7
- uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
- uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0
with:
load: true
context: https://github.com/djrobstep/migra.git
Expand Down Expand Up @@ -43,15 +43,15 @@ jobs:
image_digest: ${{ steps.build.outputs.digest }}
steps:
- run: docker context create builders
- uses: docker/setup-buildx-action@v4
- uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
with:
endpoint: builders
- uses: docker/login-action@v4
- uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- id: build
uses: docker/build-push-action@v7
uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0
with:
push: true
context: https://github.com/djrobstep/migra.git
Expand All @@ -66,8 +66,8 @@ jobs:
- build_image
runs-on: ubuntu-latest
steps:
- uses: docker/setup-buildx-action@v4
- uses: docker/login-action@v4
- uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
- uses: docker/login-action@b45d80f862d83dbcd57f89517bcf500b2ab88fb2 # v4.0.0
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
Expand Down
Loading
Loading