From 0127f004a6bea5abe02507958eb0ac3c57f22e97 Mon Sep 17 00:00:00 2001 From: Lachlan Donald Date: Thu, 19 Mar 2026 17:10:48 +1100 Subject: [PATCH 01/12] ci: switch Buildkite builds to mise --- .buildkite/Dockerfile | 5 --- .buildkite/docker-compose.yaml | 21 ------------ .buildkite/pipeline.release.yml | 61 ++++++++++----------------------- .buildkite/pipeline.yml | 51 +++++++++++++-------------- CONTRIBUTING.md | 1 - README.md | 5 +-- mise.lock | 35 +++++++++++++++++++ mise.toml | 9 +++-- 8 files changed, 86 insertions(+), 102 deletions(-) delete mode 100644 .buildkite/Dockerfile delete mode 100644 .buildkite/docker-compose.yaml create mode 100644 mise.lock diff --git a/.buildkite/Dockerfile b/.buildkite/Dockerfile deleted file mode 100644 index d2ba209e..00000000 --- a/.buildkite/Dockerfile +++ /dev/null @@ -1,5 +0,0 @@ -FROM golang:1.26.1@sha256:c42e4d75186af6a44eb4159dcfac758ef1c05a7011a0052fe8a8df016d8e8fb9 - -COPY --from=goreleaser/goreleaser-pro:v2.14.3@sha256:086a121392cc9995517316ad6502a75c7b5a55d95a521938a556c7d3c352ec7e /usr/bin/goreleaser /usr/local/bin/goreleaser -COPY --from=golangci/golangci-lint:v2.11.3@sha256:e838e8ab68aaefe83e2408691510867ade9329c0e0b895a3fb35eb93d1c2a4ba /usr/bin/golangci-lint /usr/local/bin/golangci-lint -COPY --from=ghcr.io/ko-build/ko:fc0e4c0582f0801600929b5aaf6981aabdf47148 /ko-app/ko /usr/local/bin/ko diff --git a/.buildkite/docker-compose.yaml b/.buildkite/docker-compose.yaml deleted file mode 100644 index 7226559f..00000000 --- a/.buildkite/docker-compose.yaml +++ /dev/null @@ -1,21 +0,0 @@ -services: - golangci-lint: - image: golangci/golangci-lint:v2.11.3 - working_dir: /app - volumes: - - ..:/app - - ~/.cache/golangci-lint/v1.54.1:/root/.cache - goreleaser: - build: - context: . - environment: - - BUILDKITE_AGENT_JOB_API_SOCKET - - BUILDKITE_AGENT_JOB_API_TOKEN - - POSTHOG_API_KEY - - DOCKERHUB_USER - - DOCKERHUB_PASSWORD - working_dir: /go/src/github.com/buildkite/cli - volumes: - - ..:/go/src/github.com/buildkite/cli - - ${BUILDKITE_AGENT_JOB_API_SOCKET}:${BUILDKITE_AGENT_JOB_API_SOCKET} - - /var/run/docker.sock:/var/run/docker.sock diff --git a/.buildkite/pipeline.release.yml b/.buildkite/pipeline.release.yml index 3e958fd3..06bb94d5 100644 --- a/.buildkite/pipeline.release.yml +++ b/.buildkite/pipeline.release.yml @@ -1,6 +1,15 @@ agents: queue: hosted +x-cache-env: &cache_env + GOCACHE: .buildkite/cache-volume/go/build + GOMODCACHE: .buildkite/cache-volume/go/pkg/mod + +x-mise-plugin: &mise_plugin + buildkite-plugins/mise#v1.1.0: ~ + +cache: ".buildkite/cache-volume" + steps: - label: ":terminal: build ({{matrix}})" matrix: @@ -12,23 +21,12 @@ steps: secrets: - POSTHOG_API_KEY - OAUTH_CLIENT_ID + env: + <<: *cache_env + GOOS: "{{matrix}}" + command: ".buildkite/release.sh release --clean --split" plugins: - - docker-compose#v5.12.1: - command: - - .buildkite/release.sh - - release - - --clean - - --split - config: .buildkite/docker-compose.yaml - entrypoint: /bin/sh - env: - - GOOS={{matrix}} - - POSTHOG_API_KEY - - OAUTH_CLIENT_ID - mount-buildkite-agent: true - run: goreleaser - shell: false - tty: true + - *mise_plugin - wait @@ -36,25 +34,17 @@ steps: matrix: - "deb" - "rpm" + command: '.buildkite/upload-packages.sh "{{matrix}}"' plugins: - artifacts#v1.9.4: download: - dist/linux/* - - docker-compose#v5.12.1: - command: - - .buildkite/upload-packages.sh - - "{{matrix}}" - config: .buildkite/docker-compose.yaml - entrypoint: /bin/sh - mount-buildkite-agent: true - run: goreleaser - shell: false - tty: true - label: ":rocket: :github: release" artifact_paths: - dist/**/* env: + <<: *cache_env AWS_REGION: us-east-1 secrets: - POSTHOG_API_KEY @@ -74,20 +64,5 @@ steps: - artifacts#v1.9.4: download: - dist/**/* - - docker-compose#v5.12.1: - command: - - .buildkite/release.sh - - continue - - --merge - config: .buildkite/docker-compose.yaml - entrypoint: /bin/sh - env: - - GITHUB_TOKEN - - DOCKERHUB_USER - - DOCKERHUB_PASSWORD - - POSTHOG_API_KEY - - OAUTH_CLIENT_ID - mount-buildkite-agent: true - run: goreleaser - shell: false - tty: true + - *mise_plugin + command: ".buildkite/release.sh continue --merge" diff --git a/.buildkite/pipeline.yml b/.buildkite/pipeline.yml index cd74397c..535ae532 100644 --- a/.buildkite/pipeline.yml +++ b/.buildkite/pipeline.yml @@ -1,28 +1,35 @@ agents: queue: hosted +x-cache-env: &cache_env + GOCACHE: .buildkite/cache-volume/go/build + GOMODCACHE: .buildkite/cache-volume/go/pkg/mod + GOLANGCI_LINT_CACHE: .buildkite/cache-volume/golangci-lint + +x-mise-plugin: &mise_plugin + buildkite-plugins/mise#v1.1.0: ~ + +cache: ".buildkite/cache-volume" + steps: - name: ":golangci-lint: lint" - command: golangci-lint run --verbose --timeout 3m + command: mise run lint + env: + <<: *cache_env plugins: - - docker-compose#v5.12.1: - config: .buildkite/docker-compose.yaml - run: golangci-lint - tty: true + - *mise_plugin - name: ":go: test" artifact_paths: - cover-tree.svg + env: + <<: *cache_env commands: - go test -coverprofile cover.out ./... - - go run github.com/nikolaydubina/go-cover-treemap@latest -coverprofile cover.out > cover-tree.svg + - go run github.com/nikolaydubina/go-cover-treemap@v1.5.1 -coverprofile cover.out > cover-tree.svg - echo '
Coverage tree mapTest coverage tree map
' | buildkite-agent annotate --style "info" plugins: - - docker-compose#v5.12.1: - config: .buildkite/docker-compose.yaml - run: golangci-lint - tty: true - mount-buildkite-agent: true + - *mise_plugin - wait @@ -36,24 +43,12 @@ steps: secrets: - POSTHOG_API_KEY - OAUTH_CLIENT_ID + env: + <<: *cache_env + GOOS: "{{matrix}}" + command: ".buildkite/release.sh release --clean --snapshot --split" plugins: - - docker-compose#v5.12.1: - command: - - .buildkite/release.sh - - release - - --clean - - --snapshot - - --split - config: .buildkite/docker-compose.yaml - entrypoint: /bin/sh - env: - - GOOS={{matrix}} - - POSTHOG_API_KEY - - OAUTH_CLIENT_ID - mount-buildkite-agent: true - run: goreleaser - shell: false - tty: true + - *mise_plugin - input: ":package: Create a release?" prompt: "Select the release type" diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 3f3eb2b7..9d1cbec8 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -16,7 +16,6 @@ To get started with contributing, please follow these steps: * Lint with `mise run lint`. * Make sure the tests pass with `mise run test`. * Run `mise run generate` after GraphQL changes. If you need to refresh `schema.graphql`, set `BUILDKITE_GRAPHQL_TOKEN` first. - * If you prefer the containerized lint setup, `docker-compose -f .buildkite/docker-compose.yaml run golangci-lint golangci-lint run` still works. 7. Commit your changes and push them to your forked repository. 8. Submit a pull request with a detailed description of your changes and links to any relevant issues. diff --git a/README.md b/README.md index 3088d05f..1a73fd2a 100644 --- a/README.md +++ b/README.md @@ -43,5 +43,6 @@ mise run generate go run main.go --help ``` -`mise.toml` pins Go `1.26.1` to match the current release build image. The -module itself remains compatible with Go `1.25.0` as declared in `go.mod`. +`mise.toml` pins the shared toolchain, including the release helpers used in +CI. The module itself remains compatible with Go `1.25.0` as declared in +`go.mod`. diff --git a/mise.lock b/mise.lock new file mode 100644 index 00000000..ce7859a5 --- /dev/null +++ b/mise.lock @@ -0,0 +1,35 @@ +[[tools."aqua:mvdan/gofumpt"]] +version = "0.9.2" +backend = "aqua:mvdan/gofumpt" +"platforms.linux-x64" = { checksum = "sha256:72cf61b12fef91eab6df6db4a4284f30616b5ead330112e28a1fa1cb15e57339", url = "https://github.com/mvdan/gofumpt/releases/download/v0.9.2/gofumpt_v0.9.2_linux_amd64"} +"platforms.macos-arm64" = { checksum = "sha256:c241fb742599a6cb0563d7377f59def65d451b23dd718dbc6ddf4ab5e695e8f1", url = "https://github.com/mvdan/gofumpt/releases/download/v0.9.2/gofumpt_v0.9.2_darwin_arm64"} + +[[tools."github:goreleaser/goreleaser-pro"]] +version = "2.14.3" +backend = "github:goreleaser/goreleaser-pro" +"platforms.linux-x64" = { checksum = "sha256:a6a7ba86950db98b1e7d18ac189bf43237645f9ef5ca89a66a56308c45f29b73", url = "https://github.com/goreleaser/goreleaser-pro/releases/download/v2.14.3/goreleaser-pro_Linux_x86_64.tar.gz", url_api = "https://api.github.com/repos/goreleaser/goreleaser-pro/releases/assets/370146679"} +"platforms.macos-arm64" = { checksum = "sha256:c616cb4dd73c1d49f41dd23160a7b5a8092e45e40735f98fc02173611a8dfcbb", url = "https://github.com/goreleaser/goreleaser-pro/releases/download/v2.14.3/goreleaser-pro_Darwin_arm64.tar.gz", url_api = "https://api.github.com/repos/goreleaser/goreleaser-pro/releases/assets/370146635"} + +[[tools.go]] +version = "1.26.1" +backend = "core:go" +"platforms.linux-x64" = { checksum = "sha256:031f088e5d955bab8657ede27ad4e3bc5b7c1ba281f05f245bcc304f327c987a", url = "https://dl.google.com/go/go1.26.1.linux-amd64.tar.gz"} +"platforms.macos-arm64" = { checksum = "sha256:353df43a7811ce284c8938b5f3c7df40b7bfb6f56cb165b150bc40b5e2dd541f", url = "https://dl.google.com/go/go1.26.1.darwin-arm64.tar.gz"} + +[[tools.golangci-lint]] +version = "2.11.3" +backend = "aqua:golangci/golangci-lint" +"platforms.linux-x64" = { checksum = "sha256:87bb8cddbcc825d5778b64e8a91b46c0526b247f4e2f2904dea74ec7450475d1", url = "https://github.com/golangci/golangci-lint/releases/download/v2.11.3/golangci-lint-2.11.3-linux-amd64.tar.gz"} +"platforms.macos-arm64" = { checksum = "sha256:30ee39979c516b9d1adca289a3f93429d130c4c0fda5e57d637850894221f6cc", url = "https://github.com/golangci/golangci-lint/releases/download/v2.11.3/golangci-lint-2.11.3-darwin-arm64.tar.gz"} + +[[tools.ko]] +version = "0.18.1" +backend = "aqua:ko-build/ko" +"platforms.linux-x64" = { checksum = "sha256:048ab11818089a43b7b74bc554494a79a3fd0d9822c061142e5cd3cf8b30cb27", url = "https://github.com/ko-build/ko/releases/download/v0.18.1/ko_0.18.1_Linux_x86_64.tar.gz"} +"platforms.macos-arm64" = { checksum = "sha256:752a639e0fbc013a35a43974b5ed87e7008bc2aee4952dfd2cc19f0013205492", url = "https://github.com/ko-build/ko/releases/download/v0.18.1/ko_0.18.1_Darwin_arm64.tar.gz"} + +[[tools.lefthook]] +version = "2.1.4" +backend = "aqua:evilmartians/lefthook" +"platforms.linux-x64" = { checksum = "sha256:991a11fb98c853dbecf7de3fe7f4b5648872f4279ac2b50ef3302f0a058c99bd", url = "https://github.com/evilmartians/lefthook/releases/download/v2.1.4/lefthook_2.1.4_Linux_x86_64.gz"} +"platforms.macos-arm64" = { checksum = "sha256:41fa330710344f66683edb2ee19dfd531e9469bebf7c89ef8e201263565c12ad", url = "https://github.com/evilmartians/lefthook/releases/download/v2.1.4/lefthook_2.1.4_MacOS_arm64.gz"} diff --git a/mise.toml b/mise.toml index b626bf3c..05cdae2a 100644 --- a/mise.toml +++ b/mise.toml @@ -1,11 +1,16 @@ # Pinned local toolchain for contributors. The Go version matches the -# repository's current release build image; the module minimum stays in go.mod. +# CI and release toolchain; the module minimum stays in go.mod. +[settings] +experimental = true +lockfile = true + [tools] go = "1.26.1" golangci-lint = "2.11.3" lefthook = "2.1.4" "aqua:mvdan/gofumpt" = "0.9.2" -"aqua:goreleaser/goreleaser" = "2.14.3" +"github:goreleaser/goreleaser-pro" = "2.14.3" +ko = "0.18.1" [tasks.format] description = "Format Go files with gofumpt" From c7c06dffaae1c87584a5840cb7816408aaf6b224 Mon Sep 17 00:00:00 2001 From: Lachlan Donald Date: Thu, 19 Mar 2026 17:17:36 +1100 Subject: [PATCH 02/12] ci: call lint tools directly in Buildkite --- .buildkite/pipeline.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.buildkite/pipeline.yml b/.buildkite/pipeline.yml index 535ae532..204e6518 100644 --- a/.buildkite/pipeline.yml +++ b/.buildkite/pipeline.yml @@ -13,7 +13,7 @@ cache: ".buildkite/cache-volume" steps: - name: ":golangci-lint: lint" - command: mise run lint + command: golangci-lint run --verbose --timeout 3m env: <<: *cache_env plugins: From a697d80c6fada6451ec51bf2f376bc04d9b3a218 Mon Sep 17 00:00:00 2001 From: Lachlan Donald Date: Thu, 19 Mar 2026 17:21:23 +1100 Subject: [PATCH 03/12] ci: source mise environment in Buildkite steps --- .buildkite/pipeline.release.yml | 8 ++++++-- .buildkite/pipeline.yml | 9 +++++++-- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/.buildkite/pipeline.release.yml b/.buildkite/pipeline.release.yml index 06bb94d5..3b72f3a6 100644 --- a/.buildkite/pipeline.release.yml +++ b/.buildkite/pipeline.release.yml @@ -24,7 +24,9 @@ steps: env: <<: *cache_env GOOS: "{{matrix}}" - command: ".buildkite/release.sh release --clean --split" + commands: + - '. "${BUILDKITE_ENV_FILE}"' + - .buildkite/release.sh release --clean --split plugins: - *mise_plugin @@ -65,4 +67,6 @@ steps: download: - dist/**/* - *mise_plugin - command: ".buildkite/release.sh continue --merge" + commands: + - '. "${BUILDKITE_ENV_FILE}"' + - .buildkite/release.sh continue --merge diff --git a/.buildkite/pipeline.yml b/.buildkite/pipeline.yml index 204e6518..99095296 100644 --- a/.buildkite/pipeline.yml +++ b/.buildkite/pipeline.yml @@ -13,7 +13,9 @@ cache: ".buildkite/cache-volume" steps: - name: ":golangci-lint: lint" - command: golangci-lint run --verbose --timeout 3m + commands: + - '. "${BUILDKITE_ENV_FILE}"' + - golangci-lint run --verbose --timeout 3m env: <<: *cache_env plugins: @@ -25,6 +27,7 @@ steps: env: <<: *cache_env commands: + - '. "${BUILDKITE_ENV_FILE}"' - go test -coverprofile cover.out ./... - go run github.com/nikolaydubina/go-cover-treemap@v1.5.1 -coverprofile cover.out > cover-tree.svg - echo '
Coverage tree mapTest coverage tree map
' | buildkite-agent annotate --style "info" @@ -46,7 +49,9 @@ steps: env: <<: *cache_env GOOS: "{{matrix}}" - command: ".buildkite/release.sh release --clean --snapshot --split" + commands: + - '. "${BUILDKITE_ENV_FILE}"' + - .buildkite/release.sh release --clean --snapshot --split plugins: - *mise_plugin From a145530dc72be818cbd1997a12d1c96bc74eb2cf Mon Sep 17 00:00:00 2001 From: Lachlan Donald Date: Thu, 19 Mar 2026 18:03:28 +1100 Subject: [PATCH 04/12] ci: use mise plugin v1.1.1 --- .buildkite/pipeline.release.yml | 10 +++------- .buildkite/pipeline.yml | 11 +++-------- 2 files changed, 6 insertions(+), 15 deletions(-) diff --git a/.buildkite/pipeline.release.yml b/.buildkite/pipeline.release.yml index 3b72f3a6..c19d39c6 100644 --- a/.buildkite/pipeline.release.yml +++ b/.buildkite/pipeline.release.yml @@ -6,7 +6,7 @@ x-cache-env: &cache_env GOMODCACHE: .buildkite/cache-volume/go/pkg/mod x-mise-plugin: &mise_plugin - buildkite-plugins/mise#v1.1.0: ~ + buildkite-plugins/mise#v1.1.1: ~ cache: ".buildkite/cache-volume" @@ -24,9 +24,7 @@ steps: env: <<: *cache_env GOOS: "{{matrix}}" - commands: - - '. "${BUILDKITE_ENV_FILE}"' - - .buildkite/release.sh release --clean --split + command: ".buildkite/release.sh release --clean --split" plugins: - *mise_plugin @@ -67,6 +65,4 @@ steps: download: - dist/**/* - *mise_plugin - commands: - - '. "${BUILDKITE_ENV_FILE}"' - - .buildkite/release.sh continue --merge + command: ".buildkite/release.sh continue --merge" diff --git a/.buildkite/pipeline.yml b/.buildkite/pipeline.yml index 99095296..ead46b74 100644 --- a/.buildkite/pipeline.yml +++ b/.buildkite/pipeline.yml @@ -7,15 +7,13 @@ x-cache-env: &cache_env GOLANGCI_LINT_CACHE: .buildkite/cache-volume/golangci-lint x-mise-plugin: &mise_plugin - buildkite-plugins/mise#v1.1.0: ~ + buildkite-plugins/mise#v1.1.1: ~ cache: ".buildkite/cache-volume" steps: - name: ":golangci-lint: lint" - commands: - - '. "${BUILDKITE_ENV_FILE}"' - - golangci-lint run --verbose --timeout 3m + command: golangci-lint run --verbose --timeout 3m env: <<: *cache_env plugins: @@ -27,7 +25,6 @@ steps: env: <<: *cache_env commands: - - '. "${BUILDKITE_ENV_FILE}"' - go test -coverprofile cover.out ./... - go run github.com/nikolaydubina/go-cover-treemap@v1.5.1 -coverprofile cover.out > cover-tree.svg - echo '
Coverage tree mapTest coverage tree map
' | buildkite-agent annotate --style "info" @@ -49,9 +46,7 @@ steps: env: <<: *cache_env GOOS: "{{matrix}}" - commands: - - '. "${BUILDKITE_ENV_FILE}"' - - .buildkite/release.sh release --clean --snapshot --split + command: ".buildkite/release.sh release --clean --snapshot --split" plugins: - *mise_plugin From b376e2b7d39383304c9728dbac2f07cb5005ccc9 Mon Sep 17 00:00:00 2001 From: Lachlan Donald Date: Thu, 19 Mar 2026 18:06:58 +1100 Subject: [PATCH 05/12] ci: use absolute cache paths in Buildkite --- .buildkite/cache-env.sh | 15 +++++++++++++++ .buildkite/pipeline.release.yml | 10 ++-------- .buildkite/pipeline.yml | 15 +++------------ 3 files changed, 20 insertions(+), 20 deletions(-) create mode 100644 .buildkite/cache-env.sh diff --git a/.buildkite/cache-env.sh b/.buildkite/cache-env.sh new file mode 100644 index 00000000..5470a68c --- /dev/null +++ b/.buildkite/cache-env.sh @@ -0,0 +1,15 @@ +#!/usr/bin/env bash + +set -euo pipefail + +checkout_path="${BUILDKITE_BUILD_CHECKOUT_PATH:-$(pwd)}" +cache_root="${checkout_path}/.buildkite/cache-volume" + +mkdir -p \ + "${cache_root}/go/build" \ + "${cache_root}/go/pkg/mod" \ + "${cache_root}/golangci-lint" + +export GOCACHE="${cache_root}/go/build" +export GOMODCACHE="${cache_root}/go/pkg/mod" +export GOLANGCI_LINT_CACHE="${cache_root}/golangci-lint" diff --git a/.buildkite/pipeline.release.yml b/.buildkite/pipeline.release.yml index c19d39c6..33ada552 100644 --- a/.buildkite/pipeline.release.yml +++ b/.buildkite/pipeline.release.yml @@ -1,10 +1,6 @@ agents: queue: hosted -x-cache-env: &cache_env - GOCACHE: .buildkite/cache-volume/go/build - GOMODCACHE: .buildkite/cache-volume/go/pkg/mod - x-mise-plugin: &mise_plugin buildkite-plugins/mise#v1.1.1: ~ @@ -22,9 +18,8 @@ steps: - POSTHOG_API_KEY - OAUTH_CLIENT_ID env: - <<: *cache_env GOOS: "{{matrix}}" - command: ".buildkite/release.sh release --clean --split" + command: '. .buildkite/cache-env.sh && .buildkite/release.sh release --clean --split' plugins: - *mise_plugin @@ -44,7 +39,6 @@ steps: artifact_paths: - dist/**/* env: - <<: *cache_env AWS_REGION: us-east-1 secrets: - POSTHOG_API_KEY @@ -65,4 +59,4 @@ steps: download: - dist/**/* - *mise_plugin - command: ".buildkite/release.sh continue --merge" + command: '. .buildkite/cache-env.sh && .buildkite/release.sh continue --merge' diff --git a/.buildkite/pipeline.yml b/.buildkite/pipeline.yml index ead46b74..d3da66c6 100644 --- a/.buildkite/pipeline.yml +++ b/.buildkite/pipeline.yml @@ -1,11 +1,6 @@ agents: queue: hosted -x-cache-env: &cache_env - GOCACHE: .buildkite/cache-volume/go/build - GOMODCACHE: .buildkite/cache-volume/go/pkg/mod - GOLANGCI_LINT_CACHE: .buildkite/cache-volume/golangci-lint - x-mise-plugin: &mise_plugin buildkite-plugins/mise#v1.1.1: ~ @@ -13,18 +8,15 @@ cache: ".buildkite/cache-volume" steps: - name: ":golangci-lint: lint" - command: golangci-lint run --verbose --timeout 3m - env: - <<: *cache_env + command: '. .buildkite/cache-env.sh && golangci-lint run --verbose --timeout 3m' plugins: - *mise_plugin - name: ":go: test" artifact_paths: - cover-tree.svg - env: - <<: *cache_env commands: + - . .buildkite/cache-env.sh - go test -coverprofile cover.out ./... - go run github.com/nikolaydubina/go-cover-treemap@v1.5.1 -coverprofile cover.out > cover-tree.svg - echo '
Coverage tree mapTest coverage tree map
' | buildkite-agent annotate --style "info" @@ -44,9 +36,8 @@ steps: - POSTHOG_API_KEY - OAUTH_CLIENT_ID env: - <<: *cache_env GOOS: "{{matrix}}" - command: ".buildkite/release.sh release --clean --snapshot --split" + command: '. .buildkite/cache-env.sh && .buildkite/release.sh release --clean --snapshot --split' plugins: - *mise_plugin From 3acff56283f307f80eb558f998c3bf586046125a Mon Sep 17 00:00:00 2001 From: Lachlan Donald Date: Thu, 19 Mar 2026 18:38:01 +1100 Subject: [PATCH 06/12] ci: isolate tests from hosted agent env --- .buildkite/pipeline.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.buildkite/pipeline.yml b/.buildkite/pipeline.yml index d3da66c6..8d9f4bfb 100644 --- a/.buildkite/pipeline.yml +++ b/.buildkite/pipeline.yml @@ -17,6 +17,7 @@ steps: - cover-tree.svg commands: - . .buildkite/cache-env.sh + - unset BUILDKITE_ORGANIZATION_SLUG BUILDKITE_API_TOKEN - go test -coverprofile cover.out ./... - go run github.com/nikolaydubina/go-cover-treemap@v1.5.1 -coverprofile cover.out > cover-tree.svg - echo '
Coverage tree mapTest coverage tree map
' | buildkite-agent annotate --style "info" From f71da3a844c7a2909d657f47d1fa6d1d21792e6a Mon Sep 17 00:00:00 2001 From: Lachlan Donald Date: Thu, 19 Mar 2026 18:43:39 +1100 Subject: [PATCH 07/12] ci: move Buildkite cache setup into pre-command hook --- .buildkite/{cache-env.sh => hooks/pre-command} | 1 - .buildkite/pipeline.release.yml | 4 ++-- .buildkite/pipeline.yml | 9 +++++---- 3 files changed, 7 insertions(+), 7 deletions(-) rename .buildkite/{cache-env.sh => hooks/pre-command} (99%) mode change 100644 => 100755 diff --git a/.buildkite/cache-env.sh b/.buildkite/hooks/pre-command old mode 100644 new mode 100755 similarity index 99% rename from .buildkite/cache-env.sh rename to .buildkite/hooks/pre-command index 5470a68c..eadcc5ce --- a/.buildkite/cache-env.sh +++ b/.buildkite/hooks/pre-command @@ -1,5 +1,4 @@ #!/usr/bin/env bash - set -euo pipefail checkout_path="${BUILDKITE_BUILD_CHECKOUT_PATH:-$(pwd)}" diff --git a/.buildkite/pipeline.release.yml b/.buildkite/pipeline.release.yml index 33ada552..dae3b8e8 100644 --- a/.buildkite/pipeline.release.yml +++ b/.buildkite/pipeline.release.yml @@ -19,7 +19,7 @@ steps: - OAUTH_CLIENT_ID env: GOOS: "{{matrix}}" - command: '. .buildkite/cache-env.sh && .buildkite/release.sh release --clean --split' + command: '.buildkite/release.sh release --clean --split' plugins: - *mise_plugin @@ -59,4 +59,4 @@ steps: download: - dist/**/* - *mise_plugin - command: '. .buildkite/cache-env.sh && .buildkite/release.sh continue --merge' + command: '.buildkite/release.sh continue --merge' diff --git a/.buildkite/pipeline.yml b/.buildkite/pipeline.yml index 8d9f4bfb..7d29e322 100644 --- a/.buildkite/pipeline.yml +++ b/.buildkite/pipeline.yml @@ -8,16 +8,17 @@ cache: ".buildkite/cache-volume" steps: - name: ":golangci-lint: lint" - command: '. .buildkite/cache-env.sh && golangci-lint run --verbose --timeout 3m' + command: 'golangci-lint run --verbose --timeout 3m' plugins: - *mise_plugin - name: ":go: test" artifact_paths: - cover-tree.svg + env: + BUILDKITE_API_TOKEN: "" + BUILDKITE_ORGANIZATION_SLUG: "" commands: - - . .buildkite/cache-env.sh - - unset BUILDKITE_ORGANIZATION_SLUG BUILDKITE_API_TOKEN - go test -coverprofile cover.out ./... - go run github.com/nikolaydubina/go-cover-treemap@v1.5.1 -coverprofile cover.out > cover-tree.svg - echo '
Coverage tree mapTest coverage tree map
' | buildkite-agent annotate --style "info" @@ -38,7 +39,7 @@ steps: - OAUTH_CLIENT_ID env: GOOS: "{{matrix}}" - command: '. .buildkite/cache-env.sh && .buildkite/release.sh release --clean --snapshot --split' + command: '.buildkite/release.sh release --clean --snapshot --split' plugins: - *mise_plugin From 8ecd246ea5904fcc83fa649936f48e0914f7e638 Mon Sep 17 00:00:00 2001 From: Lachlan Donald Date: Thu, 19 Mar 2026 18:44:37 +1100 Subject: [PATCH 08/12] ci: document test env cleanup in hook --- .buildkite/hooks/pre-command | 8 ++++++++ .buildkite/pipeline.yml | 4 +--- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/.buildkite/hooks/pre-command b/.buildkite/hooks/pre-command index eadcc5ce..0fe59fc7 100755 --- a/.buildkite/hooks/pre-command +++ b/.buildkite/hooks/pre-command @@ -12,3 +12,11 @@ mkdir -p \ export GOCACHE="${cache_root}/go/build" export GOMODCACHE="${cache_root}/go/pkg/mod" export GOLANGCI_LINT_CACHE="${cache_root}/golangci-lint" + +if [[ "${BUILDKITE_STEP_KEY:-}" == "test" ]]; then + # Hosted agents inject the pipeline org and API token into the step + # environment. A subset of CLI tests exercise config precedence and must not + # inherit those ambient overrides, or they resolve the live Buildkite org + # instead of the fixture-backed test config. + unset BUILDKITE_API_TOKEN BUILDKITE_ORGANIZATION_SLUG +fi diff --git a/.buildkite/pipeline.yml b/.buildkite/pipeline.yml index 7d29e322..1a2dd640 100644 --- a/.buildkite/pipeline.yml +++ b/.buildkite/pipeline.yml @@ -13,11 +13,9 @@ steps: - *mise_plugin - name: ":go: test" + key: test artifact_paths: - cover-tree.svg - env: - BUILDKITE_API_TOKEN: "" - BUILDKITE_ORGANIZATION_SLUG: "" commands: - go test -coverprofile cover.out ./... - go run github.com/nikolaydubina/go-cover-treemap@v1.5.1 -coverprofile cover.out > cover-tree.svg From a634697799bd69b2f8ef96d77ee74519c7a7f52c Mon Sep 17 00:00:00 2001 From: Lachlan Donald Date: Thu, 19 Mar 2026 21:42:34 +1100 Subject: [PATCH 09/12] ci: unset hosted env in test step --- .buildkite/hooks/pre-command | 8 -------- .buildkite/pipeline.yml | 3 +++ 2 files changed, 3 insertions(+), 8 deletions(-) diff --git a/.buildkite/hooks/pre-command b/.buildkite/hooks/pre-command index 0fe59fc7..eadcc5ce 100755 --- a/.buildkite/hooks/pre-command +++ b/.buildkite/hooks/pre-command @@ -12,11 +12,3 @@ mkdir -p \ export GOCACHE="${cache_root}/go/build" export GOMODCACHE="${cache_root}/go/pkg/mod" export GOLANGCI_LINT_CACHE="${cache_root}/golangci-lint" - -if [[ "${BUILDKITE_STEP_KEY:-}" == "test" ]]; then - # Hosted agents inject the pipeline org and API token into the step - # environment. A subset of CLI tests exercise config precedence and must not - # inherit those ambient overrides, or they resolve the live Buildkite org - # instead of the fixture-backed test config. - unset BUILDKITE_API_TOKEN BUILDKITE_ORGANIZATION_SLUG -fi diff --git a/.buildkite/pipeline.yml b/.buildkite/pipeline.yml index 1a2dd640..545a96d6 100644 --- a/.buildkite/pipeline.yml +++ b/.buildkite/pipeline.yml @@ -17,6 +17,9 @@ steps: artifact_paths: - cover-tree.svg commands: + # Hosted agents inject org/token env that breaks config-precedence tests, + # so clear those variables in the command shell right before go test. + - unset BUILDKITE_ORGANIZATION_SLUG BUILDKITE_API_TOKEN - go test -coverprofile cover.out ./... - go run github.com/nikolaydubina/go-cover-treemap@v1.5.1 -coverprofile cover.out > cover-tree.svg - echo '
Coverage tree mapTest coverage tree map
' | buildkite-agent annotate --style "info" From 98ad59e73829595e7f045c3bb9e9eb84b688c847 Mon Sep 17 00:00:00 2001 From: Lachlan Donald Date: Thu, 19 Mar 2026 21:59:55 +1100 Subject: [PATCH 10/12] ci: manage go-cover-treemap with mise --- .buildkite/pipeline.yml | 2 +- mise.lock | 4 ++++ mise.toml | 1 + 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/.buildkite/pipeline.yml b/.buildkite/pipeline.yml index 545a96d6..4eebd131 100644 --- a/.buildkite/pipeline.yml +++ b/.buildkite/pipeline.yml @@ -21,7 +21,7 @@ steps: # so clear those variables in the command shell right before go test. - unset BUILDKITE_ORGANIZATION_SLUG BUILDKITE_API_TOKEN - go test -coverprofile cover.out ./... - - go run github.com/nikolaydubina/go-cover-treemap@v1.5.1 -coverprofile cover.out > cover-tree.svg + - go-cover-treemap -coverprofile cover.out > cover-tree.svg - echo '
Coverage tree mapTest coverage tree map
' | buildkite-agent annotate --style "info" plugins: - *mise_plugin diff --git a/mise.lock b/mise.lock index ce7859a5..05f1cc17 100644 --- a/mise.lock +++ b/mise.lock @@ -16,6 +16,10 @@ backend = "core:go" "platforms.linux-x64" = { checksum = "sha256:031f088e5d955bab8657ede27ad4e3bc5b7c1ba281f05f245bcc304f327c987a", url = "https://dl.google.com/go/go1.26.1.linux-amd64.tar.gz"} "platforms.macos-arm64" = { checksum = "sha256:353df43a7811ce284c8938b5f3c7df40b7bfb6f56cb165b150bc40b5e2dd541f", url = "https://dl.google.com/go/go1.26.1.darwin-arm64.tar.gz"} +[[tools."go:github.com/nikolaydubina/go-cover-treemap"]] +version = "1.5.1" +backend = "go:github.com/nikolaydubina/go-cover-treemap" + [[tools.golangci-lint]] version = "2.11.3" backend = "aqua:golangci/golangci-lint" diff --git a/mise.toml b/mise.toml index 05cdae2a..3b8169eb 100644 --- a/mise.toml +++ b/mise.toml @@ -9,6 +9,7 @@ go = "1.26.1" golangci-lint = "2.11.3" lefthook = "2.1.4" "aqua:mvdan/gofumpt" = "0.9.2" +"go:github.com/nikolaydubina/go-cover-treemap" = "1.5.1" "github:goreleaser/goreleaser-pro" = "2.14.3" ko = "0.18.1" From 477bda355c3ec96ba49ca58d1841f447ed21ba77 Mon Sep 17 00:00:00 2001 From: Lachlan Donald Date: Thu, 19 Mar 2026 22:36:44 +1100 Subject: [PATCH 11/12] ci: keep GOOS out of mise install --- .buildkite/pipeline.release.yml | 4 +--- .buildkite/pipeline.yml | 4 +--- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/.buildkite/pipeline.release.yml b/.buildkite/pipeline.release.yml index dae3b8e8..f2c8de86 100644 --- a/.buildkite/pipeline.release.yml +++ b/.buildkite/pipeline.release.yml @@ -17,9 +17,7 @@ steps: secrets: - POSTHOG_API_KEY - OAUTH_CLIENT_ID - env: - GOOS: "{{matrix}}" - command: '.buildkite/release.sh release --clean --split' + command: 'GOOS="{{matrix}}" .buildkite/release.sh release --clean --split' plugins: - *mise_plugin diff --git a/.buildkite/pipeline.yml b/.buildkite/pipeline.yml index 4eebd131..3dd34f6f 100644 --- a/.buildkite/pipeline.yml +++ b/.buildkite/pipeline.yml @@ -38,9 +38,7 @@ steps: secrets: - POSTHOG_API_KEY - OAUTH_CLIENT_ID - env: - GOOS: "{{matrix}}" - command: '.buildkite/release.sh release --clean --snapshot --split' + command: 'GOOS="{{matrix}}" .buildkite/release.sh release --clean --snapshot --split' plugins: - *mise_plugin From 01b6062c1be9b95d87af01eb70cfecf1abb77da0 Mon Sep 17 00:00:00 2001 From: Lachlan Donald Date: Fri, 20 Mar 2026 06:57:28 +1100 Subject: [PATCH 12/12] ci: avoid flaky mise API verification --- .buildkite/hooks/pre-command | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/.buildkite/hooks/pre-command b/.buildkite/hooks/pre-command index eadcc5ce..79a6dc20 100755 --- a/.buildkite/hooks/pre-command +++ b/.buildkite/hooks/pre-command @@ -12,3 +12,14 @@ mkdir -p \ export GOCACHE="${cache_root}/go/build" export GOMODCACHE="${cache_root}/go/pkg/mod" export GOLANGCI_LINT_CACHE="${cache_root}/golangci-lint" + +# CI pins tool versions in mise.toml/mise.lock, but the go: backend used for +# go-cover-treemap does not support locked-mode URLs. Skip the GitHub API-backed +# attestation/SLSA checks instead so reruns do not fail on unauthenticated rate +# limits inside the mise plugin. +export MISE_AQUA_GITHUB_ATTESTATIONS=false +export MISE_AQUA_SLSA=false +export MISE_GITHUB_ATTESTATIONS=false +export MISE_GITHUB_GITHUB_ATTESTATIONS=false +export MISE_GITHUB_SLSA=false +export MISE_SLSA=false