From 0cc70677506c6e05f0a96b0e73317b5d087603ab Mon Sep 17 00:00:00 2001 From: Scott Ames Date: Mon, 8 Jun 2026 10:21:30 -0700 Subject: [PATCH] ci: move from aqua to mise --- .aqua/aqua-checksums.json | 49 ------- .aqua/aqua.yaml | 15 -- .github/workflows/dagger-update.yaml | 63 ++++----- .github/workflows/pr_mise_lock.yaml | 81 +++++++++++ .../pull_request_aqua_update_checksum.yaml | 21 --- .mise/config.toml | 5 + .mise/mise.lock | 129 ++++++++++++++++++ 7 files changed, 240 insertions(+), 123 deletions(-) delete mode 100644 .aqua/aqua-checksums.json delete mode 100644 .aqua/aqua.yaml create mode 100644 .github/workflows/pr_mise_lock.yaml delete mode 100644 .github/workflows/pull_request_aqua_update_checksum.yaml create mode 100644 .mise/config.toml create mode 100644 .mise/mise.lock diff --git a/.aqua/aqua-checksums.json b/.aqua/aqua-checksums.json deleted file mode 100644 index f9b857a..0000000 --- a/.aqua/aqua-checksums.json +++ /dev/null @@ -1,49 +0,0 @@ -{ - "checksums": [ - { - "id": "github_release/github.com/casey/just/1.51.0/just-1.51.0-aarch64-unknown-linux-musl.tar.gz", - "checksum": "ED7EC466B77709198FD4AFED253DBA0270203BA5EB1C006BEE2B0139090284F5", - "algorithm": "sha256" - }, - { - "id": "github_release/github.com/casey/just/1.51.0/just-1.51.0-x86_64-unknown-linux-musl.tar.gz", - "checksum": "C8F085CA3E885723C341D06243FC291B5ABFDC8BBE3B2C076B117DE490387B59", - "algorithm": "sha256" - }, - { - "id": "github_release/github.com/dagger/dagger/v0.20.8/dagger_v0.20.8_linux_amd64.tar.gz", - "checksum": "C0A46536FDE641F6A4B45529382E1176220D22552C2F9AB0136DEAF005E646DB", - "algorithm": "sha256" - }, - { - "id": "github_release/github.com/dagger/dagger/v0.20.8/dagger_v0.20.8_linux_arm64.tar.gz", - "checksum": "E49F3AA146F3AF2C259F94BC335DFFE154664EDDFF4DB0ADF445D650345E0056", - "algorithm": "sha256" - }, - { - "id": "github_release/github.com/int128/ghcp/v1.15.3/ghcp_linux_amd64.zip", - "checksum": "537B71C1382FC95C73702D4BA0FC1A2465842A1C20F9987D75B5C7581BA115EA", - "algorithm": "sha256" - }, - { - "id": "github_release/github.com/int128/ghcp/v1.15.3/ghcp_linux_arm64.zip", - "checksum": "4E4A750EAE73F3C63084E9E4A97B93FFC44DD60B64FF587DF98F7BFA85199901", - "algorithm": "sha256" - }, - { - "id": "github_release/github.com/kevincobain2000/gobrew/v1.10.16/gobrew-linux-amd64", - "checksum": "DE0C8FA4BAE6F729D70FA7697E0AA2D66B07D2FB7CE911E04B1B7B6C211E073E", - "algorithm": "sha256" - }, - { - "id": "github_release/github.com/kevincobain2000/gobrew/v1.10.16/gobrew-linux-arm64", - "checksum": "A111067CAA90C8E218C8E17CB6741D64758547E892D0FA03841AD682DAB3C57F", - "algorithm": "sha256" - }, - { - "id": "registries/github_content/github.com/aquaproj/aqua-registry/v4.516.0/registry.yaml", - "checksum": "AD71FA0E960B2B280D31778ACF86E565924953216D436261954B6BC10AFADF15", - "algorithm": "sha256" - } - ] -} diff --git a/.aqua/aqua.yaml b/.aqua/aqua.yaml deleted file mode 100644 index 13688bc..0000000 --- a/.aqua/aqua.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -# https://aquaproj.github.io/ -checksum: # https://aquaproj.github.io/docs/reference/checksum/ - enabled: true - require_checksums: true - supported_envs: - - linux -registries: - - type: standard - ref: v4.516.0 # renovate: depName=aquaproj/aqua-registry -packages: - - name: int128/ghcp@v1.15.3 # required for aqua-checksums update - - name: kevincobain2000/gobrew@v1.10.16 - - name: casey/just@1.51.0 - - name: dagger/dagger@v0.20.8 diff --git a/.github/workflows/dagger-update.yaml b/.github/workflows/dagger-update.yaml index 4a35329..2253cda 100644 --- a/.github/workflows/dagger-update.yaml +++ b/.github/workflows/dagger-update.yaml @@ -32,52 +32,32 @@ jobs: # https://github.com/marketplace/actions/add-commit#working-with-prs repository: ${{ github.event.pull_request.head.repo.full_name }} ref: ${{ github.event.pull_request.head.ref }} - - name: generate app token - id: generate_app_token - if: "! github.event.pull_request.head.repo.fork" - # yamllint disable-line rule:line-length - uses: suzuki-shunsuke/github-token-action@350d7506222e3a0016491abe85b5c4dd475b67d1 # v0.2.1 - with: - github_app_id: ${{ secrets.GH_APP_ID }} - github_app_private_key: ${{ secrets.GH_APP_PRIVATE_KEY }} - github_app_permissions: >- - { "contents": "write" } - github_app_repositories: >- - ["${{github.event.repository.name}}"] - - name: install aquas (using default token) - # yamllint disable-line rule:line-length - uses: aquaproj/aqua-installer@11dd79b4e498d471a9385aa9fb7f62bb5f52a73c # v4.0.4 - if: | - steps.generate_app_token.outputs.token_type == 'empty' - && ! github.event.pull_request.head.repo.fork - with: - policy_allow: "true" - aqua_version: v2.59.0 # renovate: depName=aquaproj/aqua - github_token: ${{ github.token }} # yamllint disable-line rule:line-length - - name: install aquas (using generated app token) - # yamllint disable-line rule:line-length - uses: aquaproj/aqua-installer@11dd79b4e498d471a9385aa9fb7f62bb5f52a73c # v4.0.4 - if: | - steps.generate_app_token.outputs.token_type != 'empty' - && ! github.event.pull_request.head.repo.fork + - name: Generate GitHub token + # https://github.com/actions/create-github-app-token + uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0 + id: generate-token + if: "! github.event.pull_request.head.repo.fork" with: - policy_allow: "true" - aqua_version: v2.59.0 # renovate: depName=aquaproj/aqua - env: - AQUA_GITHUB_TOKEN: ${{ steps.generate_app_token.outputs.token }} - # yamllint disable-line rule:line-length - - uses: kevincobain2000/action-gobrew@aa328ee19c95750fa612256c0a3f9bad4810fc04 # v2 + client-id: ${{ vars.APP_CLIENT_ID }} + private-key: ${{ secrets.APP_PRIVATE_KEY }} + permission-contents: write # create releases + permission-pull-requests: write # create release pull requests + - name: install mise + uses: jdx/mise-action@1648a7812b9aeae629881980618f079932869151 # v4.0.1 with: - version: 1.23.1 # renovate: datasource=golang-version depName=go + install: true + cache: true + experimental: true + github_token: ${{ steps.generate-token.outputs.token }} - name: dagger develop run: | just goUpdates="${{ inputs.go-updates }}" develop - name: push changes with ghcp if: "! github.event.pull_request.head.repo.fork" env: - GITHUB_REPOSITORY: ${{ github.event.repository.name }} - GITHUB_TOKEN: ${{ steps.generate_app_token.outputs.token }} + GITHUB_REPOSITORY: ${{ github.repository }} + GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }} run: | set -eu @@ -86,18 +66,25 @@ jobs: exit 1 fi + if [ -z "$(git status --porcelain)" ]; then + echo "::notice ::No lockfile changes needed" + exit 0 + fi + branch=${GITHUB_HEAD_REF:-} # https://github.com/int128/ghcp if [ -z "${branch}" ]; then branch="${GITHUB_REF_NAME}" fi + GO_UPDATES_STR="" if [ "${{ inputs.go-updates }}" = "true" ]; then GO_UPDATES_STR=" + related golang updates" fi + # shellcheck disable=SC2046 # ^- we want it to split! ghcp commit -r "$GITHUB_REPOSITORY" -b "${branch}" \ -m "chore(dagger): develop${GO_UPDATES_STR}" \ $(git --no-pager diff --name-only) - echo "::notice ::changes pushed to branch, 'exit 1' to force checks" + echo "::notice ::changes pushed to branch, 'exit 1' to force checks" exit 1 diff --git a/.github/workflows/pr_mise_lock.yaml b/.github/workflows/pr_mise_lock.yaml new file mode 100644 index 0000000..9bc92d0 --- /dev/null +++ b/.github/workflows/pr_mise_lock.yaml @@ -0,0 +1,81 @@ +--- +name: mise +on: + pull_request: + paths: + - .mise/config.toml + - .mise/mise.lock +permissions: read-all +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true +env: + MISE_EXPERIMENTAL: true +jobs: + lock: + if: "! github.event.pull_request.head.repo.fork" + runs-on: ubuntu-latest + permissions: + contents: write + pull-requests: write + steps: + - name: checkout + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + # should be used for PRs only + # https://github.com/marketplace/actions/add-commit#working-with-prs + repository: ${{ github.event.pull_request.head.repo.full_name }} + ref: ${{ github.event.pull_request.head.ref }} + # yamllint disable-line rule:line-length + - name: Generate GitHub token + # https://github.com/actions/create-github-app-token + uses: actions/create-github-app-token@bcd2ba49218906704ab6c1aa796996da409d3eb1 # v3.2.0 + id: generate-token + if: "! github.event.pull_request.head.repo.fork" + with: + client-id: ${{ vars.APP_CLIENT_ID }} + private-key: ${{ secrets.APP_PRIVATE_KEY }} + permission-contents: write # create releases + permission-pull-requests: write # create release pull requests + - name: install mise + uses: jdx/mise-action@1648a7812b9aeae629881980618f079932869151 # v4.0.1 + env: + MISE_LOCKED: 0 # disable "locked=true" for update + with: + install: true + install_args: aqua:int128/ghcp + cache: true + experimental: true + github_token: ${{ steps.generate-token.outputs.token }} + - name: mise lock + env: + MISE_LOCKED: 0 # disable "locked=true" for update + run: rm -f mise/mise.lock && mise lock # rm to prune + - name: push changes with ghcp + env: + GITHUB_REPOSITORY: ${{ github.repository }} + GITHUB_TOKEN: ${{ steps.generate-token.outputs.token }} + run: | + set -eu + + if ! ghcp -v; then + echo "::error ::int128/ghcp not found - needed to push." + exit 1 + fi + + if [ -z "$(git status --porcelain)" ]; then + echo "::notice ::No lockfile changes needed" + exit 0 + fi + + branch=${GITHUB_HEAD_REF:-} # https://github.com/int128/ghcp + if [ -z "${branch}" ]; then + branch="${GITHUB_REF_NAME}" + fi + # shellcheck disable=SC2046 + # ^- we want it to split! + ghcp commit -r "$GITHUB_REPOSITORY" -b "${branch}" \ + -m "chore(mise): lock" \ + $(git --no-pager diff --name-only) + echo "::notice ::changes pushed to branch, 'exit 1' to force checks" + exit 1 diff --git a/.github/workflows/pull_request_aqua_update_checksum.yaml b/.github/workflows/pull_request_aqua_update_checksum.yaml deleted file mode 100644 index 66e37e4..0000000 --- a/.github/workflows/pull_request_aqua_update_checksum.yaml +++ /dev/null @@ -1,21 +0,0 @@ ---- -name: aqua-update-checksums -on: - pull_request: - paths: - - .aqua/aqua.yaml - - .aqua/aqua-checksums.json -permissions: - contents: read # required for actions/checkout -jobs: - aqua-update-checksums: - # yamllint disable-line rule:line-length - uses: aquaproj/update-checksum-workflow/.github/workflows/update-checksum.yaml@eba908314cdc3b2ab7fb7546950c05a666effbc0 # v1.0.5 # renovate: depName=aquaproj/update-checksum-workflow - permissions: - contents: read - with: - aqua_version: v2.59.0 # renovate: depName=aquaproj/aqua - prune: true - secrets: - gh_app_id: ${{ secrets.GH_APP_ID }} - gh_app_private_key: ${{ secrets.GH_APP_PRIVATE_KEY }} diff --git a/.mise/config.toml b/.mise/config.toml new file mode 100644 index 0000000..df38ee5 --- /dev/null +++ b/.mise/config.toml @@ -0,0 +1,5 @@ +[tools] +go = "1.26.3" +"aqua:casey/just" = "1.51.0" +"aqua:dagger/dagger" = "0.21.4" +"aqua:int128/ghcp" = "1.15.3" diff --git a/.mise/mise.lock b/.mise/mise.lock new file mode 100644 index 0000000..05ef9e9 --- /dev/null +++ b/.mise/mise.lock @@ -0,0 +1,129 @@ +# @generated - this file is auto-generated by `mise lock` https://mise.en.dev/dev-tools/mise-lock.html + +[[tools."aqua:casey/just"]] +version = "1.51.0" +backend = "aqua:casey/just" + +[tools."aqua:casey/just"."platforms.linux-arm64"] +checksum = "sha256:ed7ec466b77709198fd4afed253dba0270203ba5eb1c006bee2b0139090284f5" +url = "https://github.com/casey/just/releases/download/1.51.0/just-1.51.0-aarch64-unknown-linux-musl.tar.gz" + +[tools."aqua:casey/just"."platforms.linux-arm64-musl"] +checksum = "sha256:ed7ec466b77709198fd4afed253dba0270203ba5eb1c006bee2b0139090284f5" +url = "https://github.com/casey/just/releases/download/1.51.0/just-1.51.0-aarch64-unknown-linux-musl.tar.gz" + +[tools."aqua:casey/just"."platforms.linux-x64"] +checksum = "sha256:c8f085ca3e885723c341d06243fc291b5abfdc8bbe3b2c076b117de490387b59" +url = "https://github.com/casey/just/releases/download/1.51.0/just-1.51.0-x86_64-unknown-linux-musl.tar.gz" + +[tools."aqua:casey/just"."platforms.linux-x64-musl"] +checksum = "sha256:c8f085ca3e885723c341d06243fc291b5abfdc8bbe3b2c076b117de490387b59" +url = "https://github.com/casey/just/releases/download/1.51.0/just-1.51.0-x86_64-unknown-linux-musl.tar.gz" + +[tools."aqua:casey/just"."platforms.macos-arm64"] +checksum = "sha256:61e3f1b8a545ff064b091eab4b6e14f8cc743ff15549be293b1e92f5b1467002" +url = "https://github.com/casey/just/releases/download/1.51.0/just-1.51.0-aarch64-apple-darwin.tar.gz" + +[tools."aqua:casey/just"."platforms.macos-x64"] +checksum = "sha256:d583e45f1f9fcdd26069ad2fe3bb9dea414756d8d0752eb9093974cb5c0246f0" +url = "https://github.com/casey/just/releases/download/1.51.0/just-1.51.0-x86_64-apple-darwin.tar.gz" + +[tools."aqua:casey/just"."platforms.windows-x64"] +checksum = "sha256:09d1138b6845e73f04bff5e26be3f57663bddca25e36fe6241d28a5aa310b64e" +url = "https://github.com/casey/just/releases/download/1.51.0/just-1.51.0-x86_64-pc-windows-msvc.zip" + +[[tools."aqua:dagger/dagger"]] +version = "0.21.4" +backend = "aqua:dagger/dagger" + +[tools."aqua:dagger/dagger"."platforms.linux-arm64"] +checksum = "sha256:d4610ec53c77eef7a5610b732b9e9b0d26c3f1c5911ef99e5e8e5c9e7cf6880e" +url = "https://github.com/dagger/dagger/releases/download/v0.21.4/dagger_v0.21.4_linux_arm64.tar.gz" + +[tools."aqua:dagger/dagger"."platforms.linux-arm64-musl"] +checksum = "sha256:d4610ec53c77eef7a5610b732b9e9b0d26c3f1c5911ef99e5e8e5c9e7cf6880e" +url = "https://github.com/dagger/dagger/releases/download/v0.21.4/dagger_v0.21.4_linux_arm64.tar.gz" + +[tools."aqua:dagger/dagger"."platforms.linux-x64"] +checksum = "sha256:4db2f807b67e3160fb110bb1e088b14c516594b8d287114a39c980f2485e9672" +url = "https://github.com/dagger/dagger/releases/download/v0.21.4/dagger_v0.21.4_linux_amd64.tar.gz" + +[tools."aqua:dagger/dagger"."platforms.linux-x64-musl"] +checksum = "sha256:4db2f807b67e3160fb110bb1e088b14c516594b8d287114a39c980f2485e9672" +url = "https://github.com/dagger/dagger/releases/download/v0.21.4/dagger_v0.21.4_linux_amd64.tar.gz" + +[tools."aqua:dagger/dagger"."platforms.macos-arm64"] +checksum = "sha256:91bda59ac41a230c2d95e4cde08a24c6842a00347e49769068892254f584bb25" +url = "https://github.com/dagger/dagger/releases/download/v0.21.4/dagger_v0.21.4_darwin_arm64.tar.gz" + +[tools."aqua:dagger/dagger"."platforms.macos-x64"] +checksum = "sha256:4219176bd0bc8e10aca717e91d826c1e64bbff9184d772846b5ea627558ff6e2" +url = "https://github.com/dagger/dagger/releases/download/v0.21.4/dagger_v0.21.4_darwin_amd64.tar.gz" + +[tools."aqua:dagger/dagger"."platforms.windows-x64"] +checksum = "sha256:42e1b082509356794f51a368df9d2b8e23a3c17f6243e71ab878ed1274ae8394" +url = "https://github.com/dagger/dagger/releases/download/v0.21.4/dagger_v0.21.4_windows_amd64.zip" + +[[tools."aqua:int128/ghcp"]] +version = "1.15.3" +backend = "aqua:int128/ghcp" + +[tools."aqua:int128/ghcp"."platforms.linux-arm64"] +checksum = "sha256:4e4a750eae73f3c63084e9e4a97b93ffc44dd60b64ff587df98f7bfa85199901" +url = "https://github.com/int128/ghcp/releases/download/v1.15.3/ghcp_linux_arm64.zip" + +[tools."aqua:int128/ghcp"."platforms.linux-arm64-musl"] +checksum = "sha256:4e4a750eae73f3c63084e9e4a97b93ffc44dd60b64ff587df98f7bfa85199901" +url = "https://github.com/int128/ghcp/releases/download/v1.15.3/ghcp_linux_arm64.zip" + +[tools."aqua:int128/ghcp"."platforms.linux-x64"] +checksum = "sha256:537b71c1382fc95c73702d4ba0fc1a2465842a1c20f9987d75b5c7581ba115ea" +url = "https://github.com/int128/ghcp/releases/download/v1.15.3/ghcp_linux_amd64.zip" + +[tools."aqua:int128/ghcp"."platforms.linux-x64-musl"] +checksum = "sha256:537b71c1382fc95c73702d4ba0fc1a2465842a1c20f9987d75b5c7581ba115ea" +url = "https://github.com/int128/ghcp/releases/download/v1.15.3/ghcp_linux_amd64.zip" + +[tools."aqua:int128/ghcp"."platforms.macos-arm64"] +checksum = "sha256:83c8fb1e167adbfbe767288e9679d1a34b8a59241e56f84379ff9b9e1ae709f2" +url = "https://github.com/int128/ghcp/releases/download/v1.15.3/ghcp_darwin_arm64.zip" + +[tools."aqua:int128/ghcp"."platforms.macos-x64"] +checksum = "sha256:5553fba0e479ec6ae55a479399e64fe78a1b0242e85b8be2c65e2ba6a1d4aef9" +url = "https://github.com/int128/ghcp/releases/download/v1.15.3/ghcp_darwin_amd64.zip" + +[tools."aqua:int128/ghcp"."platforms.windows-x64"] +checksum = "sha256:42b101dfaa7e7a66585ecbf262c2c2111bbd00e7cdb063b554bc7df467744cb1" +url = "https://github.com/int128/ghcp/releases/download/v1.15.3/ghcp_windows_amd64.zip" + +[[tools.go]] +version = "1.26.3" +backend = "core:go" + +[tools.go."platforms.linux-arm64"] +checksum = "sha256:9d89a3ea57d141c2b22d70083f2c8459ba3890f2d9e818e7e933b75614936565" +url = "https://dl.google.com/go/go1.26.3.linux-arm64.tar.gz" + +[tools.go."platforms.linux-arm64-musl"] +checksum = "sha256:9d89a3ea57d141c2b22d70083f2c8459ba3890f2d9e818e7e933b75614936565" +url = "https://dl.google.com/go/go1.26.3.linux-arm64.tar.gz" + +[tools.go."platforms.linux-x64"] +checksum = "sha256:2b2cfc7148493da5e73981bffbf3353af381d5f93e789c82c79aff64962eb556" +url = "https://dl.google.com/go/go1.26.3.linux-amd64.tar.gz" + +[tools.go."platforms.linux-x64-musl"] +checksum = "sha256:2b2cfc7148493da5e73981bffbf3353af381d5f93e789c82c79aff64962eb556" +url = "https://dl.google.com/go/go1.26.3.linux-amd64.tar.gz" + +[tools.go."platforms.macos-arm64"] +checksum = "sha256:875cf54a15311eee2c99b9dd67c68c4a49351d489ab622bf2cfd28c8f2078d3c" +url = "https://dl.google.com/go/go1.26.3.darwin-arm64.tar.gz" + +[tools.go."platforms.macos-x64"] +checksum = "sha256:278d580b32e299fe4a9c990fcf2d02acfe538c7e551a6ee18f9c7164573d2c63" +url = "https://dl.google.com/go/go1.26.3.darwin-amd64.tar.gz" + +[tools.go."platforms.windows-x64"] +checksum = "sha256:20d2ceafb4ed41b96b879010927b28bc92a5be57a7c1801ce365a9ca51d3224a" +url = "https://dl.google.com/go/go1.26.3.windows-amd64.zip"