• Home
  • Features
  • Pricing
  • Docs
  • Announcements
  • Sign In

supabase / cli / 28456825464
65%
develop: 65%

Build:
Build:
LAST BUILD BRANCH: julien/cli-1560-define-cli-error-actionability-taxonomy
DEFAULT BRANCH: develop
Ran 30 Jun 2026 03:42PM UTC
Jobs 1
Files 229
Run time 1min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst

30 Jun 2026 03:40PM UTC coverage: 65.001%. Remained the same
28456825464

push

github

web-flow
ci: auto-mirror template image updates to registries (#5739)

Automatically backfills the image mirror when the CLI template
Dockerfile changes, so a dependabot image bump no longer leaves develop
(and PRs rebased on it) failing the ghcr.io-pinned `Start` check with
`manifest unknown`.

## Background

The `Start` job in `cli-go-ci.yml` pins
`SUPABASE_INTERNAL_IMAGE_REGISTRY=ghcr.io`, so it only goes green once a
bumped tag exists on the mirror. Dependabot bumps the Dockerfile before
the new tag is mirrored, and the mirror previously only ran via manual
`workflow_dispatch` — so the bump merged red and every subsequent PR
touching `apps/cli-go/**` inherited the same failure until someone
mirrored by hand. This was the catch-22 already noted in
`cli-go-mirror.yml`.

## Changes

- **New workflow `mirror-template-images.yml`** — runs on `push` to
develop when `apps/cli-go/pkg/config/templates/Dockerfile` changes (plus
`workflow_dispatch`). It detects any image tag missing from the mirror
and backfills it by reusing the existing `cli-go-mirror-image.yml`
reusable workflow. It runs on push rather than the PR on purpose:
mirroring needs the AWS role + `packages:write`, which a
dependabot-triggered `pull_request` run cannot be granted, and this
avoids `pull_request_target`. The backfill runs as soon as the bump
lands on develop, repopulating the mirror so develop and rebased PRs
pass `Start`.

- **New script `apps/cli/scripts/detect-unmirrored-images.ts`** — parses
the template Dockerfile, checks each image against the mirror with
`docker buildx imagetools inspect`, and writes the missing tags as JSON
to `$GITHUB_OUTPUT` for the workflow matrix. The detection helpers
(`mirrorImageTarget`, `mirrorImageTargets`, `partitionUnmirroredImages`)
are exported and unit-tested; the executable entry is guarded by
`import.meta.main`.
- Checks **every** image, not just third-party ones, and an image counts
as mirrored only when present on **all** mirror registries
(`public... (continued)

10982 of 16895 relevant lines covered (65.0%)

10.44 hits per line

Coverage Regressions

Lines Coverage ∆ File
2
82.41
0.0% internal/storage/rm/rm.go
Jobs
ID Job ID Ran Files Coverage
1 28456825464.1 30 Jun 2026 03:42PM UTC 229
65.0
GitHub Action Run
Source Files on build 28456825464
  • Tree
  • List 229
  • Changed 1
  • Source Changed 0
  • Coverage Changed 1
Coverage ∆ File Lines Relevant Covered Missed Hits/Line
  • Back to Repo
  • Github Actions Build #28456825464
  • 25a9aaed on github
  • Prev Build on gh-readonly-queue/develop/pr-5671-fc6dd9c87b9c0b6fdd27aa0203dab096d564d307 (#28441593894)
STATUS · Troubleshooting · Open an Issue · Sales · Support · CAREERS · ENTERPRISE · START FREE · SCHEDULE DEMO
ANNOUNCEMENTS · TWITTER · TOS & SLA · Supported CI Services · What's a CI service? · Automated Testing

© 2026 Coveralls, Inc