Skip to content

chore(ci): pin supabase cli version explicitly#142

Open
chiptus wants to merge 20 commits into
mainfrom
claude/supabase-cli-pin-33
Open

chore(ci): pin supabase cli version explicitly#142
chiptus wants to merge 20 commits into
mainfrom
claude/supabase-cli-pin-33

Conversation

@chiptus

@chiptus chiptus commented Jul 10, 2026

Copy link
Copy Markdown
Owner

Bumps the pinned Supabase CLI version to 2.109.1 in package.json and the two deploy workflows, since the previous ^2.58.5 pin combined with the action's auto-detect resolved unreliably (observed resolving v2.20.3 instead).

Verification

  • Run the db_migrate workflow via workflow_dispatch on staging; confirm supabase/setup-cli resolves 2.109.1.
  • Run the deploy_edge_functions workflow via workflow_dispatch; confirm functions deploy successfully.

Closes #33


Generated by Claude Code

Bump supabase devDependency to 2.109.1 and pin the same version
explicitly in the setup-cli step of both the db-migrate and
deploy-edge-functions workflows, since the action's auto-detect from
package.json has proven unreliable.

Closes #33
Copilot AI review requested due to automatic review settings July 10, 2026 13:12
@qodo-code-review

Copy link
Copy Markdown

Qodo reviews are paused for this user.

Troubleshooting steps vary by plan Learn more →

On a Teams plan?
Reviews resume once this user has a paid seat and their Git account is linked in Qodo.
Link Git account →

Using GitHub Enterprise Server, GitLab Self-Managed, or Bitbucket Data Center?
These require an Enterprise plan - Contact us
Contact us →

@vercel

vercel Bot commented Jul 10, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
upline Ready Ready Preview, Comment Jul 10, 2026 3:43pm

@github-actions

github-actions Bot commented Jul 10, 2026

Copy link
Copy Markdown

Deploy → stagingworkflow run
Last updated: 2026-07-10 15:42:54 UTC

  • ⏭️ DB migrations skipped (no changes)
  • ⏭️ Edge functions skipped (no changes)

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the project’s Supabase CLI version and ensures GitHub Actions deploy workflows use a deterministic CLI install, avoiding the previously observed unreliable “auto-detect” resolution behavior.

Changes:

  • Bump the supabase npm dependency from 2.58.5 to 2.109.1 (and update pnpm-lock.yaml accordingly).
  • Pin supabase/setup-cli@v2 to install Supabase CLI 2.109.1 explicitly in the DB migrate and edge function deploy workflows.

Reviewed changes

Copilot reviewed 3 out of 4 changed files in this pull request and generated 1 comment.

File Description
package.json Updates the Supabase CLI dependency version.
pnpm-lock.yaml Locks the dependency graph to Supabase CLI 2.109.1 and related transitive updates.
.github/workflows/_db_migrate.yml Pins supabase/setup-cli to install CLI 2.109.1 for migrations.
.github/workflows/_deploy_edge_functions.yml Pins supabase/setup-cli to install CLI 2.109.1 for function deploys.
Files not reviewed (1)
  • pnpm-lock.yaml: Generated file

Comment thread package.json Outdated
^2.109.1 still let local installs drift across the 2.x range, defeating
the point of an explicit pin. Match the exact version used in CI.
Comment thread .github/workflows/_db_migrate.yml Outdated
v3 reads the supabase package version from pnpm-lock.yaml directly, so
the explicit version input (which had to be kept in sync by hand) is no
longer needed - one source of truth instead of two.
…ests

CLI 2.109.1 now issues new sb_publishable_.../sb_secret_... format keys
instead of the old fixed demo JWT anon key, so the hardcoded
VITE_SUPABASE_PUBLISHABLE_KEY/TEST_SUPABASE_ANON_KEY literals no longer
match what the local instance actually expects - every request from the
app's Supabase client fails auth, which is why the e2e auth spec started
timing out waiting for the sign-in button after the version bump.

Read it from `supabase status -o env` after startup instead of hardcoding
a literal, so this doesn't silently break again on the next CLI bump.
Visiting "/" chains through festival -> edition -> sets redirects before
the header mounts; the default 5s toBeVisible timeout was tipping over
under CI's parallel load. Wait for the final URL first instead of
inflating the assertion timeout blindly.
claude added 5 commits July 10, 2026 14:38
2.109.1 defaults local `supabase start` to sb_publishable_/sb_secret_
keys, and the anon-role auth path for those keys against this repo's
local Postgrest/RLS setup doesn't work (every client request hangs/
fails, which is why the e2e auth spec timed out waiting on the header).
2.58.5 is the last version confirmed working against this stack; keep
the setup-cli@v3 lockfile-based version detection and the dynamic
`supabase status -o env` key export from the rest of this PR so this
doesn't hand-drift out of sync again.
Unneeded now that the CLI is pinned back to 2.58.5 - that version works
fine with the original hardcoded demo JWT anon key, so there's no need
for the extra `supabase status -o env` parsing step this PR had added
to work around 2.109.1's new key format.
Comment thread package.json Outdated
2.58.5 confirmed the JWT-key regression was CLI-version-specific, not
this repo's setup. 2.71.1 flipped the default local JWT signing
algorithm from HS256 to ES256 with no opt-out (supabase/cli#4726),
which breaks the hardcoded demo anon key's signature - so 2.70.0 is the
newest version that stays on the working HS256 default while still
picking up ~150 patch releases of fixes over 2.58.5.
Deliberately bumping to the exact version that switched local JWT
signing from HS256 to ES256 by default, to confirm this is the version
where e2e breaks (as expected from supabase/cli#4726). Diagnostic only.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

chore(ci): upgrade supabase CLI version pin

3 participants