fix(release): debug 3

Author: mandarini

.github/workflows/publish.yml

@@ -24,11 +24,18 @@ jobs:
       id-token: write
 
     steps:
+      - name: Generate GitHub App token (with org members:read)
+        id: app-token
+        uses: actions/create-github-app-token@v2
+        with:
+          app-id: ${{ secrets.APP_ID }}
+          private-key: ${{ secrets.PRIVATE_KEY }}
+
       - name: Check if actor is member of admin or client-libs team
         id: team-check
         uses: actions/github-script@v7
         with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
+          github-token: ${{ steps.app-token.outputs.token }}
           script: |
             const org = 'supabase'
             const { actor } = context
@@ -62,235 +69,6 @@ jobs:
           echo "You must be a member of @supabase/admin or @supabase/client-libs."
           exit 1
 
-      # - name: Generate token
-      #   id: app-token
-      #   uses: actions/create-github-app-token@v2
-      #   with:
-      #     app-id: ${{ secrets.APP_ID }}
-      #     private-key: ${{ secrets.PRIVATE_KEY }}
       # - uses: actions/checkout@v5
       #   with:
-      #     fetch-depth: 0
-
-      # - uses: actions/setup-node@v4
-      #   with:
-      #     node-version: ${{ env.NODE_VERSION }}
-      #     cache: 'npm'
-      #     registry-url: 'https://registry.npmjs.org'
-
-      # # Ensure npm 11.5.1 or later is installed for trusted publishing support
-      # - name: Update npm
-      #   run: npm install -g npm@latest
-      # - name: Install dependencies
-      #   run: npm ci --legacy-peer-deps
-      # - name: Configure git
-      #   run: |
-      #     git config --global user.name "supabase-releaser[bot]"
-      #     git config --global user.email "supabase-releaser[bot]@users.noreply.github.com"
-
-      # - name: Validate input
-      #   run: |
-      #     VS="${{ github.event.inputs.version_specifier }}"
-      #     echo "Validating: $VS"
-
-      #     if [[ "$VS" =~ ^(patch|minor|major|prepatch|preminor|premajor|prerelease)$ ]]; then
-      #       echo "✔ bump keyword"
-      #     elif [[ "$VS" =~ ^v?[0-9]+\.[0-9]+\.[0-9]+([.-][0-9A-Za-z.-]+)?$ ]]; then
-      #       echo "✔ explicit version"
-      #     else
-      #       echo "❌ Invalid version_specifier: '$VS'"
-      #       echo "   Use: patch|minor|major|pre*, or v1.2.3"
-      #       exit 1
-      #     fi
-
-      # - name: Release
-      #   env:
-      #     NPM_CONFIG_PROVENANCE: true
-      #     GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      #     RELEASE_GITHUB_TOKEN: ${{ steps.app-token.outputs.token }} # used for tags
-      #   run: |
-      #     npm run release-stable -- --versionSpecifier "${{ github.event.inputs.version_specifier }}"
-
-      # - name: Summary
-      #   if: ${{ success() }}
-      #   run: |
-      #     echo "## ✅ Stable Release" >> $GITHUB_STEP_SUMMARY
-      #     echo "- **Version specifier:** \`${{ github.event.inputs.version_specifier }}\`" >> $GITHUB_STEP_SUMMARY
-      #     echo "- **Source commit:** HEAD of the checked-out branch" >> $GITHUB_STEP_SUMMARY
-      #     echo "- **Dist-tag:** \`latest\`" >> $GITHUB_STEP_SUMMARY
-
-  # docs-after-stable-release:
-  #   name: Generate Documentation
-  #   needs: release-stable
-  #   if: ${{
-  #     github.event_name == 'workflow_dispatch' &&
-  #     needs.release-stable.result == 'success'
-  #     }}
-  #   uses: ./.github/workflows/docs.yml
-  #   permissions:
-  #     actions: read
-  #     contents: write
-
-  # trigger-update-js-libs:
-  #   name: Trigger Update JS Libs
-  #   runs-on: ubuntu-latest
-  #   needs: release-stable
-  #   if: ${{
-  #     github.event_name == 'workflow_dispatch' &&
-  #     needs.release-stable.result == 'success'
-  #     }}
-  #   steps:
-  #     - name: Generate token
-  #       id: app-token
-  #       uses: actions/create-github-app-token@v2
-  #       with:
-  #         app-id: ${{ secrets.APP_ID }}
-  #         private-key: ${{ secrets.PRIVATE_KEY }}
-  #     - name: Trigger supabase/supabase update-js-libs workflow
-  #       uses: actions/github-script@v7
-  #       with:
-  #         github-token: ${{ steps.app-token.outputs.token }}
-  #         script: |
-  #           await github.rest.actions.createWorkflowDispatch({
-  #             owner: 'supabase',
-  #             repo: 'supabase',
-  #             workflow_id: 'update-js-libs.yml',
-  #             ref: 'master',
-  #             inputs: {
-  #               version: '${{ github.event.inputs.version_specifier }}',
-  #               source: 'supabase-js-stable-release'
-  #             }
-  #           });
-
-  # trigger-supabase-docs-update:
-  #   name: Trigger Supabase Docs Update
-  #   runs-on: ubuntu-latest
-  #   needs: [release-stable, docs-after-stable-release]
-  #   if: ${{
-  #     github.event_name == 'workflow_dispatch' &&
-  #     needs.release-stable.result == 'success' &&
-  #     needs.docs-after-stable-release.result == 'success'
-  #     }}
-  #   steps:
-  #     - name: Generate token
-  #       id: app-token
-  #       uses: actions/create-github-app-token@v2
-  #       with:
-  #         app-id: ${{ secrets.APP_ID }}
-  #         private-key: ${{ secrets.PRIVATE_KEY }}
-
-  #     - name: Trigger supabase/supabase docs workflow
-  #       uses: actions/github-script@v7
-  #       with:
-  #         github-token: ${{ steps.app-token.outputs.token }}
-  #         script: |
-  #           await github.rest.actions.createWorkflowDispatch({
-  #             owner: 'supabase',
-  #             repo: 'supabase',
-  #             workflow_id: 'docs-js-libs-update.yml',
-  #             ref: 'master',
-  #             inputs: {
-  #               version: '${{ github.event.inputs.version_specifier }}',
-  #               source: 'supabase-js-stable-release'
-  #             }
-  #           });
-
-  # # preview jobs
-  # ci-core:
-  #   if: ${{ github.event_name == 'push' }}
-  #   name: Core Packages CI
-  #   uses: ./.github/workflows/ci-core.yml
-  #   permissions:
-  #     actions: read
-  #     contents: read
-
-  # ci-supabase-js:
-  #   if: ${{ github.event_name == 'push' }}
-  #   name: Supabase-JS Integration CI
-  #   uses: ./.github/workflows/ci-supabase-js.yml
-  #   permissions:
-  #     actions: read
-  #     contents: read
-
-  # ci-auth-js-node18:
-  #   if: ${{ github.event_name == 'push' }}
-  #   name: Auth-JS Node.js 18 Compatibility
-  #   uses: ./.github/workflows/ci-auth-js-node18.yml
-  #   permissions:
-  #     actions: read
-  #     contents: read
-
-  # # ==========================================
-  # # CANARY RELEASE (only on master, after all CI passes)
-  # # ==========================================
-
-  # release-canary:
-  #   name: Release Canary
-  #   runs-on: ubuntu-latest
-  #   needs: [ci-core, ci-supabase-js, ci-auth-js-node18]
-  #   permissions:
-  #     contents: read
-  #     id-token: write
-  #   # Only run on master branch pushes, and only if all CI jobs succeeded
-  #   if: |
-  #     github.ref == 'refs/heads/master' &&
-  #     github.event_name == 'push' &&
-  #     needs.ci-core.result == 'success' &&
-  #     needs.ci-supabase-js.result == 'success' &&
-  #     needs.ci-auth-js-node18.result == 'success'
-  #   steps:
-  #     - name: Generate token
-  #       id: app-token
-  #       uses: actions/create-github-app-token@v2
-  #       with:
-  #         app-id: ${{ secrets.APP_ID }}
-  #         private-key: ${{ secrets.PRIVATE_KEY }}
-
-  #     - name: Checkout code
-  #       uses: actions/checkout@v5
-  #       with:
-  #         fetch-depth: 0
-
-  #     - name: Setup Node.js
-  #       uses: actions/setup-node@v4
-  #       with:
-  #         node-version: ${{ env.NODE_VERSION }}
-  #         cache: 'npm'
-  #         registry-url: 'https://registry.npmjs.org'
-
-  #     # Ensure npm 11.5.1 or later is installed for trusted publishing support
-  #     - name: Update npm
-  #       run: npm install -g npm@latest
-  #     - name: Install dependencies
-  #       run: npm ci --legacy-peer-deps
-  #     - name: Configure git
-  #       run: |
-  #         git config --global user.name "supabase-releaser[bot]"
-  #         git config --global user.email "supabase-releaser[bot]@users.noreply.github.com"
-
-  #     - name: Release canary version
-  #       id: release
-  #       run: |
-  #         echo "Running nx release..."
-  #         npm run release-canary
-  #       env:
-  #         NPM_CONFIG_PROVENANCE: true
-  #         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-  #         RELEASE_GITHUB_TOKEN: ${{ steps.app-token.outputs.token }} # used for tags
-  # notify-stable-failure:
-  #   name: Notify Slack for Stable failure
-  #   needs: release-stable
-  #   if: ${{ always() && github.event_name == 'workflow_dispatch' && needs.release-stable.result == 'failure' }}
-  #   uses: ./.github/workflows/slack-notify.yml
-  #   secrets: inherit
-  #   with:
-  #     subject: 'Stable Release'
-
-  # notify-canary-failure:
-  #   name: Notify Slack for Canary failure
-  #   needs: release-canary
-  #   if: ${{ always() && github.event_name == 'push' && needs.release-canary.result == 'failure' }}
-  #   uses: ./.github/workflows/slack-notify.yml
-  #   secrets: inherit
-  #   with:
-  #     subject: 'Canary Release'
+      #     fetch-depth: 0