shishantbiswas/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2026-06-02 20:48:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
6ecf804896f41e25344d263abd8955a5918f5b05
coder/mise.toml
T
blinkagent[bot] 1bfc1ce2c4 chore: update terraform to v1.15.5 (#25746) 
Bumps bundled Terraform from `1.15.2` to `1.15.5` across all pinned
locations:

- `.github/actions/setup-tf/action.yaml`
- `scripts/Dockerfile.base`
- `install.sh`
- `flake.nix` (+ updated SRI hash for the linux_amd64 zip)
- `mise.toml`
- `mise.lock` (+ updated per-platform SHA256 checksums)
- `provisioner/terraform/testdata/version.txt`
-
`provisioner/terraform/testdata/resources/ai-tasks-disabled/ai-tasks-disabled.tfplan.json`

## Why

Terraform 1.15.5 is built with Go 1.25.10, while the 1.15.2 we currently
ship was built with Go 1.25.8. The newer Go runtime addresses recent
stdlib CVEs flagged by security scanners.

Releases included: 1.15.3 (provider install crash fix, nested-module
stack migration fix), 1.15.4 (Linux s390x builds, symlinked provider dir
fix), 1.15.5.

Release notes:
https://github.com/hashicorp/terraform/releases/tag/v1.15.5

## Cherry-pick

#25747 mirrors this PR against `release/2.34`.

Created on behalf of @Shelnutt2

Co-authored-by: blink-so[bot] <211532188+blink-so[bot]@users.noreply.github.com>
2026-05-27 16:46:25 -04:00

85 lines
3.1 KiB
TOML
Raw Blame History

# Keep in lockstep with MISE_VERSION in dogfood/coder/ubuntu-*/Dockerfile.base,
# .github/workflows/dogfood.yaml, and scripts/dogfood/mise-oci-wrapper.sh.
min_version = "2026.5.12"
[settings]
lockfile = true
[tools]
# Languages and runtimes.
bun = "1.2.15"
go = "1.26.2"
node = "22.19.0"
pnpm = "10.33.2"
# Codegen and proto toolchain.
"go:go.uber.org/mock/mockgen" = "v0.6.0"
"go:storj.io/drpc/cmd/protoc-gen-go-drpc" = "v0.0.34"
protoc = "23.4"
protoc-gen-go = "1.30.0"
# Go development tools.
"go:github.com/golang-migrate/migrate/v4/cmd/migrate" = "v4.19.0"
"go:github.com/goreleaser/nfpm/v2/cmd/nfpm" = "v2.35.1"
"go:github.com/mikefarah/yq/v4" = "v4.44.3"
"go:github.com/quasilyte/go-ruleguard/cmd/ruleguard" = "v0.3.13"
"go:github.com/swaggo/swag/cmd/swag" = "v1.16.2"
"go:golang.org/x/tools/cmd/goimports" = "v0.41.0"
"go:golang.org/x/tools/gopls" = "v0.21.0"
"go:gotest.tools/gotestsum" = "v1.9.0"
"go:mvdan.cc/sh/v3/cmd/shfmt" = "v3.12.0"
# Infrastructure, release, and lint CLIs.
"aqua:ahmetb/kubectx/kubens" = "0.9.4"
cosign = "2.4.3"
# crane is the registry client `mise oci push` shells out to. Sourced
# here so it travels with the rest of the mise toolset (one source of
# truth, deterministic version, no apt drift across CI / wrapper).
crane = "0.21.6"
golangci-lint = "1.64.8"
helm = "3.21.0"
kubectx = "0.9.4"
syft = "1.20.0"
terraform = "1.15.5"
# Developer-environment niceties for the dogfood image. Non-dogfood
# users who run `mise install` here will pull these too; they are
# small, optional conveniences, and mise does nothing without the
# user's explicit `mise install` invocation.
#
# `gh` is intentionally absent from this manifest: the dogfood
# image ships a wrapper at /usr/local/bin/gh that bridges
# `coder external-auth` into `gh`, and a mise shim earlier in
# PATH would bypass it.
"aqua:crate-ci/typos" = "1.46.1"
"aqua:jj-vcs/jj" = "0.41.0"
"aqua:watchexec/watchexec" = "2.5.1"
doctl = "1.158.0"
lazygit = "0.61.1"
# Pre-installs the binary so the upstream devcontainers-cli coder
# module's `command -v devcontainer` short-circuit fires
"npm:@devcontainers/cli" = "0.87.0"
# sqlc (coder fork) bundles sqlite via cgo, so the `go install` build
# needs CGO_ENABLED=1. Scope it with `install_env` so it only applies
# during install. A top-level `[env]` would re-export CGO_ENABLED=1
# through every mise shim at runtime and break cross-compilation of
# coderd (scripts/build_go.sh expects cgo=0 for slim builds).
[tools."go:github.com/coder/sqlc/cmd/sqlc"]
version = "337309bfb9524f38466a5090e310040fc7af0203"
install_env = { CGO_ENABLED = "1" }
# Consumed by `mise oci build` to produce the dogfood image on top of
# ghcr.io/coder/oss-dogfood-base. The `from` and `--tag` fields are
# overridden by CLI args at build time per distro; `mount_point`,
# `user`, and `workdir` always apply.
#
# mount_point MUST match the path the base image reserves and exposes
# via `MISE_SHARED_INSTALL_DIRS`. Both Dockerfile.base files hardcode
# /opt/mise/data in their `install --directory`, ENV, and PATH lines.
[oci]
mount_point = "/opt/mise/data"
user = "coder"
workdir = "/home/coder"
Reference in New Issue View Git Blame Copy Permalink