Install Supabase CLI from npm#442
Conversation
7cc9c39 to
d383628
Compare
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: d3836289fb
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
d383628 to
b1369a8
Compare
b1369a8 to
46f1990
Compare
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 46f19906ea
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
## Summary - Run npm commands from the caller workspace so npm remains the source of truth for `.npmrc` parsing, auth, delegated config files, env expansion, quoting, and precedence. - Keep the CLI install isolated with `--prefix`, while explicitly overriding action-owned npm policy such as `offline=false`, `bin-links=true`, and no package lock. - Treat existing `node` and `npm` commands on musl as sufficient only when they actually run, probing Alpine `/usr/bin` binaries with `/usr/bin` first on PATH. - Prefer Alpine `/usr/bin` runtime binaries when an earlier PATH entry shadows them, and keep apk installation for missing runtime libraries or missing commands. ## Validation - `bun run ci` - Real npm sanity check for workspace `.npmrc` with quoted/env delegated config, `globalconfig`, relative `cafile`, mTLS path keys, `offline=true`, `bin-links=false`, and package-lock policy - Fixture workflow: https://github.com/jgoux/setup-cli-testing/actions/runs/28663875606 Addresses #442 (comment) Addresses #442 (comment)
Summary
supabasenpm package instead of GitHub release archiveslatest,beta, and fixed published versions, with root lockfile detection preservedgithub-tokeninput and use Node.js/npm without clobbering an already configured Node.js 20+ runtimeAddresses CLI-1480: https://linear.app/supabase/issue/CLI-1480/source-cli-install-from-npm-registry
No earlier pull request found to supersede.
Validation
bun run cisupabase@latest,supabase@beta,supabase@1.178.2,supabase@2.33.0, and legacysupabase@1.15.1preinstall handlinglatest,beta,1.178.2, and2.33.0supabase@2.108.0supabase@1.15.1latest,beta, and2.100.0, including Node.js 20+ and runtime dependency checks