7979 version : ${{ inputs.version }}
8080 shell : ${{ inputs.shell }}
8181 runner : large-linux-x86
82- artifact_name_suffix : -github
82+ cache_key_suffix : -github
8383 timeout_minutes : 45
8484 build_timeout_minutes : 20
8585 secrets :
@@ -113,10 +113,15 @@ jobs:
113113 with :
114114 dependency-firewall-token : ${{ secrets.DF_FIREWALL_TOKEN }}
115115
116- - name : Download build artifacts
117- uses : actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
116+ - name : Restore build artifacts cache
117+ uses : actions/cache/restore@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v6.1.0
118118 with :
119- name : cli-build-${{ inputs.shell }}-${{ inputs.version }}
119+ path : |
120+ packages/cli-*/bin/
121+ dist/
122+ key : cli-build-${{ github.run_id }}-${{ inputs.shell }}-${{ inputs.version }}-v1
123+ enableCrossOsArchive : true
124+ fail-on-cache-miss : true
120125
121126 # Docker's classic image store keeps a single platform manifest per
122127 # tag, so pulling `alpine:3.21` for amd64 and again for arm64 leaves
@@ -244,10 +249,15 @@ jobs:
244249 with :
245250 dependency-firewall-token : ${{ secrets.DF_FIREWALL_TOKEN }}
246251
247- - name : Download build artifacts
248- uses : actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
252+ - name : Restore build artifacts cache
253+ uses : actions/cache/restore@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v6.1.0
249254 with :
250- name : cli-build-${{ inputs.shell }}-${{ inputs.version }}-github
255+ path : |
256+ packages/cli-*/bin/
257+ dist/
258+ key : cli-build-${{ github.run_id }}-${{ inputs.shell }}-${{ inputs.version }}-github-v1
259+ enableCrossOsArchive : true
260+ fail-on-cache-miss : true
251261
252262 - name : Fix binary permissions
253263 run : chmod +x packages/cli-*/bin/supabase || true
@@ -301,17 +311,15 @@ jobs:
301311 with :
302312 dependency-firewall-token : ${{ secrets.DF_FIREWALL_TOKEN }}
303313
304- - name : Download build artifacts
305- uses : actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
314+ - name : Restore build artifacts cache
315+ uses : actions/cache/restore@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v6.1.0
306316 with :
307- name : cli-build-${{ inputs.shell }}-${{ inputs.version }}-github
308-
309- # Artifacts are zipped and do not carry Unix permissions, so the compiled
310- # binaries arrive without the executable bit. publish.ts ships
311- # packages/cli-*/bin/supabase to npm verbatim, so restore +x before
312- # publishing or the installed CLI would not be runnable.
313- - name : Fix binary permissions
314- run : chmod +x packages/cli-*/bin/supabase || true
317+ path : |
318+ packages/cli-*/bin/
319+ dist/
320+ key : cli-build-${{ github.run_id }}-${{ inputs.shell }}-${{ inputs.version }}-github-v1
321+ enableCrossOsArchive : true
322+ fail-on-cache-miss : true
315323
316324 - name : Sync versions
317325 run : pnpm exec bun apps/cli/scripts/sync-versions.ts --version "${VERSION}"
@@ -471,6 +479,8 @@ jobs:
471479 publish-homebrew :
472480 needs : publish
473481 if : ${{ !inputs.dry_run && inputs.publish_brew_scoop }}
482+ # github-hosted to share a cache store with build-github/publish, whose
483+ # -github-v1 artifacts this job's checksums must match.
474484 runs-on : ubuntu-latest
475485 timeout-minutes : 30
476486 env :
@@ -487,16 +497,21 @@ jobs:
487497 with :
488498 dependency-firewall-token : ${{ secrets.DF_FIREWALL_TOKEN }}
489499
490- # Must download the github-hosted build (-github), the same artifacts the
491- # publish job uploads to the GitHub Release. The Bun-compiled binaries are
492- # not byte-for-byte reproducible across the blacksmith and github builds,
493- # so the blacksmith dist/checksums.txt does not match the released
500+ # Must restore the github-hosted build (-github-v1 ), the same artifacts
501+ # the publish job uploads to the GitHub Release. The Bun-compiled binaries
502+ # are not byte-for-byte reproducible across the blacksmith and github
503+ # builds, so the blacksmith dist/checksums.txt does not match the released
494504 # tarballs. Reading it here produced a formula whose sha256 rejected the
495505 # downloaded archive ("Formula reports different checksum").
496- - name : Download build artifacts
497- uses : actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
506+ - name : Restore build artifacts cache
507+ uses : actions/cache/restore@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v6.1.0
498508 with :
499- name : cli-build-${{ inputs.shell }}-${{ inputs.version }}-github
509+ path : |
510+ packages/cli-*/bin/
511+ dist/
512+ key : cli-build-${{ github.run_id }}-${{ inputs.shell }}-${{ inputs.version }}-github-v1
513+ enableCrossOsArchive : true
514+ fail-on-cache-miss : true
500515
501516 - name : Generate Homebrew tap token
502517 id : app-token
@@ -527,6 +542,8 @@ jobs:
527542 publish-scoop :
528543 needs : publish
529544 if : ${{ !inputs.dry_run && inputs.publish_brew_scoop }}
545+ # github-hosted to share a cache store with build-github/publish, whose
546+ # -github-v1 artifacts this job's checksums must match.
530547 runs-on : ubuntu-latest
531548 timeout-minutes : 30
532549 env :
@@ -543,16 +560,21 @@ jobs:
543560 with :
544561 dependency-firewall-token : ${{ secrets.DF_FIREWALL_TOKEN }}
545562
546- # Must download the github-hosted build (-github), the same artifacts the
547- # publish job uploads to the GitHub Release. The Bun-compiled binaries are
548- # not byte-for-byte reproducible across the blacksmith and github builds,
549- # so the blacksmith dist/checksums.txt does not match the released
563+ # Must restore the github-hosted build (-github-v1 ), the same artifacts
564+ # the publish job uploads to the GitHub Release. The Bun-compiled binaries
565+ # are not byte-for-byte reproducible across the blacksmith and github
566+ # builds, so the blacksmith dist/checksums.txt does not match the released
550567 # tarballs. Reading it here would produce a manifest whose hash rejects the
551568 # downloaded archive.
552- - name : Download build artifacts
553- uses : actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
569+ - name : Restore build artifacts cache
570+ uses : actions/cache/restore@55cc8345863c7cc4c66a329aec7e433d2d1c52a9 # v6.1.0
554571 with :
555- name : cli-build-${{ inputs.shell }}-${{ inputs.version }}-github
572+ path : |
573+ packages/cli-*/bin/
574+ dist/
575+ key : cli-build-${{ github.run_id }}-${{ inputs.shell }}-${{ inputs.version }}-github-v1
576+ enableCrossOsArchive : true
577+ fail-on-cache-miss : true
556578
557579 - name : Generate Scoop bucket token
558580 id : app-token
0 commit comments