chore: prepare for v2.0.0

Author: jgoux

.bun-version

@@ -0,0 +1 @@
+1.3.10

.gitattributes

@@ -4,30 +4,26 @@ updates:
     directory: /
     schedule:
       interval: weekly
-    cooldown:
-      default-days: 7
+    open-pull-requests-limit: 2
     groups:
       actions-minor:
         update-types:
           - minor
           - patch
 
-  - package-ecosystem: npm
+  - package-ecosystem: bun
     directory: /
     schedule:
-      interval: daily
+      interval: weekly
+    open-pull-requests-limit: 2
     groups:
-      npm-development:
+      bun-development:
         dependency-type: development
         update-types:
           - minor
           - patch
-      npm-production:
+      bun-production:
         dependency-type: production
         update-types:
+          - minor
           - patch
-    ignore:
-      # nodejs types is pinned to runtime version
-      - dependency-name: '@types/node'
-        update-types:
-          - version-update:semver-major

.github/codeql/codeql-config.yml

@@ -0,0 +1,59 @@
+name: CI
+
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+permissions:
+  contents: read
+
+defaults:
+  run:
+    shell: bash
+
+jobs:
+  validate:
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
+      - uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2.2.0
+        with:
+          bun-version-file: .bun-version
+      - run: bun install --frozen-lockfile
+      - run: bun run ci
+
+  test:
+    runs-on: ${{ matrix.os }}
+    timeout-minutes: 20
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [macos-latest, windows-latest, ubuntu-latest]
+        version: [1.0.0, latest]
+    steps:
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+      - uses: ./
+        with:
+          version: ${{ matrix.version }}
+      - run: supabase -h
+
+  check:
+    if: ${{ always() && github.event.pull_request }}
+    runs-on: ubuntu-latest
+    needs: [validate, test]
+    timeout-minutes: 5
+    steps:
+      - run: |
+          validate_result="${{ needs.validate.result }}"
+          test_result="${{ needs.test.result }}"
+          [[ "$validate_result" == "success" || "$validate_result" == "skipped" ]]
+          [[ "$test_result" == "success" || "$test_result" == "skipped" ]]

.github/dependabot.yml

@@ -6,7 +6,11 @@ on:
     branches:
       - main
   schedule:
-    - cron: '31 7 * * 3'
+    - cron: "31 7 * * 3"
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
 
 permissions:
   actions: read
@@ -18,12 +22,7 @@ jobs:
   analyze:
     name: Analyze
     runs-on: ubuntu-latest
-
-    strategy:
-      fail-fast: false
-      matrix:
-        language:
-          - typescript
+    timeout-minutes: 30
 
     steps:
       - name: Checkout
@@ -34,16 +33,11 @@ jobs:
 
       - name: Initialize CodeQL
         id: initialize
-        uses: github/codeql-action/init@ebcb5b36ded6beda4ceefea6a8bc4cc885255bb3 # v3.34.1
+        uses: github/codeql-action/init@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
         with:
-          config-file: .github/codeql/codeql-config.yml
-          languages: ${{ matrix.language }}
+          languages: javascript-typescript
           source-root: src
 
-      - name: Autobuild
-        id: autobuild
-        uses: github/codeql-action/autobuild@ebcb5b36ded6beda4ceefea6a8bc4cc885255bb3 # v3.34.1
-
       - name: Perform CodeQL Analysis
         id: analyze
-        uses: github/codeql-action/analyze@ebcb5b36ded6beda4ceefea6a8bc4cc885255bb3 # v3.34.1
+        uses: github/codeql-action/analyze@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1

.github/workflows/ci.yml

@@ -3,36 +3,36 @@ name: Dependabot auto-merge
 
 on: pull_request
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
 permissions:
   pull-requests: write
   contents: write
 
 jobs:
   dependabot:
     runs-on: ubuntu-latest
-    # Checking the actor will prevent your Action run failing on non-Dependabot
-    # PRs but also ensures that it only does work for Dependabot PRs.
+    timeout-minutes: 10
+    # Only act on PRs opened by Dependabot from branches in this repository.
     if: github.actor == 'dependabot[bot]' && github.repository == github.event.pull_request.head.repo.full_name
     steps:
-      # This first step will fail if there's no metadata and so the approval
-      # will not occur.
+      # Metadata drives the non-major gating used for approval and auto-merge.
       - id: meta
         uses: dependabot/fetch-metadata@ffa630c65fa7e0ecfa0625b5ceda64399aea1b36 # v3.0.0
         with:
-          github-token: '${{ secrets.GITHUB_TOKEN }}'
+          github-token: "${{ secrets.GITHUB_TOKEN }}"
 
-      # Here the PR gets approved.
       - name: Approve a PR
-        if: ${{steps.meta.outputs.update-type != 'version-update:semver-major'}}
+        if: ${{ steps.meta.outputs.update-type != 'version-update:semver-major' }}
         run: gh pr review --approve "$PR_URL"
         env:
           PR_URL: ${{ github.event.pull_request.html_url }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
-      # Finally, this sets the PR to allow auto-merging for patch and minor
-      # updates if all checks pass
       - name: Enable auto-merge for Dependabot PRs
-        if: ${{steps.meta.outputs.update-type != 'version-update:semver-major'}}
+        if: ${{ steps.meta.outputs.update-type != 'version-update:semver-major' }}
         run: gh pr merge --auto --squash "$PR_URL"
         env:
           PR_URL: ${{ github.event.pull_request.html_url }}

.github/workflows/codeql-analysis.yml

@@ -1,15 +1,19 @@
-name: CLI Start
+name: E2E
 on:
   push:
     branches:
       - main
     tags:
-      - 'v[0-9]+.[0-9]+.[0-9]+'
+      - "v[0-9]+.[0-9]+.[0-9]+"
   schedule:
     # * is a special character in YAML so you have to quote this string
-    - cron: '30 1,9 * * *'
+    - cron: "30 1,9 * * *"
   workflow_dispatch:
 
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 defaults:
   run:
     shell: bash
@@ -20,7 +24,9 @@ permissions:
 jobs:
   e2e: # make sure the action works on a clean machine without building
     runs-on: ubuntu-latest
+    timeout-minutes: 45
     strategy:
+      fail-fast: false
       matrix:
         version:
           - 1.178.2
@@ -41,7 +47,7 @@ jobs:
         with:
           version: ${{ matrix.version }}
       - run: supabase init
-      - run:
+      - run: |
           sed -i -E "s|^(major_version) .*|\1 = ${{ matrix.pg_major }}|"
           supabase/config.toml
       - run: supabase start

.github/workflows/dependabot.yml

@@ -6,39 +6,92 @@ name: Licensed
 
 on:
   pull_request:
+    paths:
+      - .github/workflows/licensed.yml
+      - .licensed.yml
+      - .licenses/**
+      - bun.lock
+      - package.json
   push:
     branches:
       - main
+    paths:
+      - .github/workflows/licensed.yml
+      - .licensed.yml
+      - .licenses/**
+      - bun.lock
+      - package.json
   workflow_dispatch:
 
-permissions:
-  contents: write
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
 
 jobs:
-  licensed:
+  check-licenses:
+    if: ${{ github.event_name != 'workflow_dispatch' }}
     name: Check Licenses
     runs-on: ubuntu-latest
+    timeout-minutes: 15
+    permissions:
+      contents: read
 
     steps:
       - name: Checkout
         id: checkout
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+
+      - name: Setup Bun
+        id: setup-bun
+        uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2.2.0
         with:
-          persist-credentials: false
-      - name: Setup Node.js
-        id: setup-node
-        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+          bun-version-file: .bun-version
+
+      - name: Install Dependencies
+        id: bun-install
+        run: bun install --frozen-lockfile
+
+      - name: Setup Ruby
+        id: setup-ruby
+        uses: ruby/setup-ruby@3ff19f5e2baf30647122352b96108b1fbe250c64 # v1.299.0
         with:
-          node-version-file: .node-version
-          cache: npm
+          ruby-version: ruby
+
+      - uses: licensee/setup-licensed@0d52e575b3258417672be0dff2f115d7db8771d8 # v1.3.2
+        with:
+          version: 4.x
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Check Licenses
+        id: check-licenses
+        run: licensed status
+
+  update-licenses:
+    if: ${{ github.event_name == 'workflow_dispatch' }}
+    name: Update Licenses
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    permissions:
+      contents: write
+
+    steps:
+      - name: Checkout
+        id: checkout
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+
+      - name: Setup Bun
+        id: setup-bun
+        uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2.2.0
+        with:
+          bun-version-file: .bun-version
 
       - name: Install Dependencies
-        id: npm-ci
-        run: npm ci
+        id: bun-install
+        run: bun install --frozen-lockfile
 
       - name: Setup Ruby
         id: setup-ruby
-        uses: ruby/setup-ruby@4dc28cf14d77b0afa6832d9765ac422dbf0dfedd # v1.298.0
+        uses: ruby/setup-ruby@3ff19f5e2baf30647122352b96108b1fbe250c64 # v1.299.0
         with:
           ruby-version: ruby
 
@@ -47,24 +100,19 @@ jobs:
           version: 4.x
           github_token: ${{ secrets.GITHUB_TOKEN }}
 
-      # If this is a workflow_dispatch event, update the cached licenses.
-      - if: ${{ github.event_name == 'workflow_dispatch' }}
-        name: Update Licenses
+      - name: Update License Cache
         id: update-licenses
         run: licensed cache
 
-      # Then, commit the updated licenses to the repository.
-      - if: ${{ github.event_name == 'workflow_dispatch' }}
-        name: Commit Licenses
+      - name: Commit Licenses
         id: commit-licenses
         run: |
           git config --local user.email "licensed-ci@users.noreply.github.com"
           git config --local user.name "licensed-ci"
-          git add .
+          git add .licenses .licensed.yml
+          if git diff --cached --quiet; then
+            echo "No license cache changes to commit."
+            exit 0
+          fi
           git commit -m "Auto-update license files"
           git push
-
-      # Last, check the status of the cached licenses.
-      - name: Check Licenses
-        id: check-licenses
-        run: licensed status