mirror of
https://github.com/coder/coder.git
synced 2026-06-02 20:48:20 +00:00
blinkagent[bot]
75f51532f3
Cherry-pick of #25746 to `release/2.34`.
Bumps bundled Terraform from `1.15.2` to `1.15.5`. Terraform 1.15.5 is
built with Go 1.25.10 (vs Go 1.25.8 in 1.15.2), addressing Go stdlib
CVEs flagged by security scanners.
Files changed:
- `.github/actions/setup-tf/action.yaml`
- `scripts/Dockerfile.base`
- `install.sh`
- `flake.nix` (+ updated SRI hash for the linux_amd64 zip)
- `mise.toml`
- `mise.lock` (+ updated per-platform SHA256 checksums)
- `provisioner/terraform/testdata/version.txt`
-
`provisioner/terraform/testdata/resources/ai-tasks-disabled/ai-tasks-disabled.tfplan.json`
Release notes:
https://github.com/hashicorp/terraform/releases/tag/v1.15.5
(cherry picked from commit bcc6cca040 —
will be updated to the merged SHA from #25746)
Created on behalf of @Shelnutt2
Co-authored-by: blink-so[bot] <211532188+blink-so[bot]@users.noreply.github.com>
85 lines
3.1 KiB
TOML
85 lines
3.1 KiB
TOML
# Keep in lockstep with MISE_VERSION in dogfood/coder/ubuntu-*/Dockerfile.base,
|
|
# .github/workflows/dogfood.yaml, and scripts/dogfood/mise-oci-wrapper.sh.
|
|
min_version = "2026.5.12"
|
|
|
|
[settings]
|
|
lockfile = true
|
|
|
|
[tools]
|
|
# Languages and runtimes.
|
|
bun = "1.2.15"
|
|
go = "1.26.2"
|
|
node = "22.19.0"
|
|
pnpm = "10.33.2"
|
|
|
|
# Codegen and proto toolchain.
|
|
"go:go.uber.org/mock/mockgen" = "v0.6.0"
|
|
"go:storj.io/drpc/cmd/protoc-gen-go-drpc" = "v0.0.34"
|
|
protoc = "23.4"
|
|
protoc-gen-go = "1.30.0"
|
|
|
|
# Go development tools.
|
|
"go:github.com/golang-migrate/migrate/v4/cmd/migrate" = "v4.19.0"
|
|
"go:github.com/goreleaser/nfpm/v2/cmd/nfpm" = "v2.35.1"
|
|
"go:github.com/mikefarah/yq/v4" = "v4.44.3"
|
|
"go:github.com/quasilyte/go-ruleguard/cmd/ruleguard" = "v0.3.13"
|
|
"go:github.com/swaggo/swag/cmd/swag" = "v1.16.2"
|
|
"go:golang.org/x/tools/cmd/goimports" = "v0.41.0"
|
|
"go:golang.org/x/tools/gopls" = "v0.21.0"
|
|
"go:gotest.tools/gotestsum" = "v1.9.0"
|
|
"go:mvdan.cc/sh/v3/cmd/shfmt" = "v3.12.0"
|
|
|
|
# Infrastructure, release, and lint CLIs.
|
|
"aqua:ahmetb/kubectx/kubens" = "0.9.4"
|
|
cosign = "2.4.3"
|
|
# crane is the registry client `mise oci push` shells out to. Sourced
|
|
# here so it travels with the rest of the mise toolset (one source of
|
|
# truth, deterministic version, no apt drift across CI / wrapper).
|
|
crane = "0.21.6"
|
|
golangci-lint = "1.64.8"
|
|
helm = "3.21.0"
|
|
kubectx = "0.9.4"
|
|
syft = "1.20.0"
|
|
terraform = "1.15.5"
|
|
|
|
# Developer-environment niceties for the dogfood image. Non-dogfood
|
|
# users who run `mise install` here will pull these too; they are
|
|
# small, optional conveniences, and mise does nothing without the
|
|
# user's explicit `mise install` invocation.
|
|
#
|
|
# `gh` is intentionally absent from this manifest: the dogfood
|
|
# image ships a wrapper at /usr/local/bin/gh that bridges
|
|
# `coder external-auth` into `gh`, and a mise shim earlier in
|
|
# PATH would bypass it.
|
|
"aqua:crate-ci/typos" = "1.46.1"
|
|
"aqua:jj-vcs/jj" = "0.41.0"
|
|
"aqua:watchexec/watchexec" = "2.5.1"
|
|
doctl = "1.158.0"
|
|
lazygit = "0.61.1"
|
|
|
|
# Pre-installs the binary so the upstream devcontainers-cli coder
|
|
# module's `command -v devcontainer` short-circuit fires
|
|
"npm:@devcontainers/cli" = "0.87.0"
|
|
|
|
# sqlc (coder fork) bundles sqlite via cgo, so the `go install` build
|
|
# needs CGO_ENABLED=1. Scope it with `install_env` so it only applies
|
|
# during install. A top-level `[env]` would re-export CGO_ENABLED=1
|
|
# through every mise shim at runtime and break cross-compilation of
|
|
# coderd (scripts/build_go.sh expects cgo=0 for slim builds).
|
|
[tools."go:github.com/coder/sqlc/cmd/sqlc"]
|
|
version = "337309bfb9524f38466a5090e310040fc7af0203"
|
|
install_env = { CGO_ENABLED = "1" }
|
|
|
|
# Consumed by `mise oci build` to produce the dogfood image on top of
|
|
# ghcr.io/coder/oss-dogfood-base. The `from` and `--tag` fields are
|
|
# overridden by CLI args at build time per distro; `mount_point`,
|
|
# `user`, and `workdir` always apply.
|
|
#
|
|
# mount_point MUST match the path the base image reserves and exposes
|
|
# via `MISE_SHARED_INSTALL_DIRS`. Both Dockerfile.base files hardcode
|
|
# /opt/mise/data in their `install --directory`, ENV, and PATH lines.
|
|
[oci]
|
|
mount_point = "/opt/mise/data"
|
|
user = "coder"
|
|
workdir = "/home/coder"
|