From 2421e7614521eb07963386b539ee02232b277fcb Mon Sep 17 00:00:00 2001 From: Mark Lee Date: Mon, 16 Mar 2026 20:33:56 -0700 Subject: [PATCH 01/15] fix(ci): reduce network calls on machine workers --- mise.devbase.lock | 60 +++++++++++++++++++++++++-------------- mise.devbase.toml | 2 ++ shell/circleci/machine.sh | 14 ++++----- shell/lib/mise.sh | 14 ++++++--- 4 files changed, 58 insertions(+), 32 deletions(-) diff --git a/mise.devbase.lock b/mise.devbase.lock index c092c76f..020e9e6a 100644 --- a/mise.devbase.lock +++ b/mise.devbase.lock @@ -64,6 +64,45 @@ url = "https://github.com/bufbuild/buf/releases/download/v1.60.0/buf-Darwin-x86_ checksum = "sha256:b242cfa50230f56338bbe5bf18fc855d44907de3675ebdc01a98fbaad0f6f118" url = "https://github.com/bufbuild/buf/releases/download/v1.60.0/buf-Windows-x86_64.zip" +[[tools.cosign]] +version = "3.0.5" +backend = "aqua:sigstore/cosign" + +[tools.cosign."platforms.linux-arm64"] +checksum = "sha256:d098f3168ae4b3aa70b4ca78947329b953272b487727d1722cb3cb098a1a20ab" +url = "https://github.com/sigstore/cosign/releases/download/v3.0.5/cosign-linux-arm64" +provenance = "cosign" + +[tools.cosign."platforms.linux-arm64-musl"] +checksum = "sha256:d098f3168ae4b3aa70b4ca78947329b953272b487727d1722cb3cb098a1a20ab" +url = "https://github.com/sigstore/cosign/releases/download/v3.0.5/cosign-linux-arm64" +provenance = "cosign" + +[tools.cosign."platforms.linux-x64"] +checksum = "sha256:db15cc99e6e4837daabab023742aaddc3841ce57f193d11b7c3e06c8003642b2" +url = "https://github.com/sigstore/cosign/releases/download/v3.0.5/cosign-linux-amd64" +provenance = "cosign" + +[tools.cosign."platforms.linux-x64-musl"] +checksum = "sha256:db15cc99e6e4837daabab023742aaddc3841ce57f193d11b7c3e06c8003642b2" +url = "https://github.com/sigstore/cosign/releases/download/v3.0.5/cosign-linux-amd64" +provenance = "cosign" + +[tools.cosign."platforms.macos-arm64"] +checksum = "sha256:4888c898e2901521a6bd4cf4f0383c9465588a6a46ecd2465ad34faf13f09eb7" +url = "https://github.com/sigstore/cosign/releases/download/v3.0.5/cosign-darwin-arm64" +provenance = "cosign" + +[tools.cosign."platforms.macos-x64"] +checksum = "sha256:e032c44d3f7c247bbb2966b41239f88ffba002497a4516358d327ad5693c386f" +url = "https://github.com/sigstore/cosign/releases/download/v3.0.5/cosign-darwin-amd64" +provenance = "cosign" + +[tools.cosign."platforms.windows-x64"] +checksum = "sha256:44e9e44202b67ddfaaf5ea1234f5a265417960c4ae98c5b57c35bc40ba9dd714" +url = "https://github.com/sigstore/cosign/releases/download/v3.0.5/cosign-windows-amd64.exe" +provenance = "cosign" + [[tools.github-cli]] version = "2.83.2" backend = "aqua:cli/cli" @@ -342,27 +381,6 @@ url = "https://github.com/golangci/golangci-lint/releases/download/v2.9.0/golang version = "1.20.0" backend = "aqua:goreleaser/goreleaser" -[tools.goreleaser."platforms.linux-arm64"] -provenance = "cosign" - -[tools.goreleaser."platforms.linux-arm64-musl"] -provenance = "cosign" - -[tools.goreleaser."platforms.linux-x64"] -provenance = "cosign" - -[tools.goreleaser."platforms.linux-x64-musl"] -provenance = "cosign" - -[tools.goreleaser."platforms.macos-arm64"] -provenance = "cosign" - -[tools.goreleaser."platforms.macos-x64"] -provenance = "cosign" - -[tools.goreleaser."platforms.windows-x64"] -provenance = "cosign" - [[tools.gotestsum]] version = "1.13.0" backend = "aqua:gotestyourself/gotestsum" diff --git a/mise.devbase.toml b/mise.devbase.toml index e7c3c7c7..d2f24602 100644 --- a/mise.devbase.toml +++ b/mise.devbase.toml @@ -1,5 +1,7 @@ [tools] "aqua:fullstorydev/grpcui" = "1.3.1" +# For provenance verification +cosign = "3.0.5" github-cli = "2.83.2" "go:github.com/go-delve/delve/cmd/dlv" = "1.26.0" "go:github.com/mattn/goveralls" = "0.0.11" diff --git a/shell/circleci/machine.sh b/shell/circleci/machine.sh index d8a70b4b..7f55b128 100755 --- a/shell/circleci/machine.sh +++ b/shell/circleci/machine.sh @@ -31,21 +31,21 @@ fi ensure_mise_installed devbase_configure_global_tools -if ([[ $OSTYPE == "darwin"* ]] && ! mise_manages_tool_versions) || ! command_exists go; then - install_tool_with_mise go "$(grep ^golang "$ROOT_DIR/.tool-versions" | awk '{print $2}')" - install_tool_with_mise node "$(grep ^nodejs "$ROOT_DIR/.tool-versions" | awk '{print $2}')" -fi -run_mise trust --env devbase --cd "$ROOT_DIR" - if [[ -z $GITHUB_TOKEN ]]; then # Minimum amount of tools to install to bootstrap the GitHub token - run_mise install --cd "$HOME" github-cli github:getoutreach/ci gojq + devbase_mise install --yes github-cli github:getoutreach/ci gojq bootstrap_github_token if [[ -z $GITHUB_TOKEN ]]; then fatal "GitHub token not configured in environment, needed for installing tools via mise." fi + + if ([[ $OSTYPE == "darwin"* ]] && ! mise_manages_tool_versions) || ! command_exists go; then + install_tool_with_mise go "$(grep ^golang "$ROOT_DIR/.tool-versions" | awk '{print $2}')" + install_tool_with_mise node "$(grep ^nodejs "$ROOT_DIR/.tool-versions" | awk '{print $2}')" + fi + devbase_mise trust fi info "Installing tools via mise required in machine environment" diff --git a/shell/lib/mise.sh b/shell/lib/mise.sh index 62ea2302..da711998 100644 --- a/shell/lib/mise.sh +++ b/shell/lib/mise.sh @@ -366,12 +366,18 @@ devbase_tool_version_from_mise() { gojq --raw-output ".[\"$toolName\"][] | "'select(.source.path | endswith("mise.devbase.toml")).requested_version' } -# Copies mise.devbase.toml to a user-wide config so that shims in CI -# know what to run. +# Copies mise.devbase.toml and its lockfile to a user-wide config so +# that shims in CI know what to run, with limited network calls. devbase_configure_global_tools() { - local miseConfdDir="$HOME/.config/mise/conf.d" + local miseConfigDir="${MISE_CONFIG_DIR:-${XDG_CONFIG_HOME:-$HOME/.config}/mise}" + local miseConfdDir="$miseConfigDir/conf.d" + local userMiseLock="$miseConfigDir/mise.lock" + local devbaseDir + devbaseDir="$(get_devbase_directory)" mkdir -p "$miseConfdDir" - cp "$(get_devbase_directory)/mise.devbase.toml" "$miseConfdDir/devbase.toml" + cp "$devbaseDir/mise.devbase.toml" "$miseConfdDir/devbase.toml" + echo >>"$userMiseLock" # touch the lockfile to prevent errors about it not existing + cat "$devbaseDir/mise.devbase.lock" >>"$userMiseLock" } # Installs devbase specific tools if they're not already installed. From 03c8972e948199c9d5f062aac5782dadbce30759 Mon Sep 17 00:00:00 2001 From: Mark Lee Date: Mon, 16 Mar 2026 20:38:08 -0700 Subject: [PATCH 02/15] Trust the devbase env config as early as possible --- shell/circleci/machine.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/shell/circleci/machine.sh b/shell/circleci/machine.sh index 7f55b128..5a627676 100755 --- a/shell/circleci/machine.sh +++ b/shell/circleci/machine.sh @@ -30,6 +30,7 @@ fi ensure_mise_installed devbase_configure_global_tools +devbase_mise trust if [[ -z $GITHUB_TOKEN ]]; then # Minimum amount of tools to install to bootstrap the GitHub token @@ -45,7 +46,6 @@ if [[ -z $GITHUB_TOKEN ]]; then install_tool_with_mise go "$(grep ^golang "$ROOT_DIR/.tool-versions" | awk '{print $2}')" install_tool_with_mise node "$(grep ^nodejs "$ROOT_DIR/.tool-versions" | awk '{print $2}')" fi - devbase_mise trust fi info "Installing tools via mise required in machine environment" From aec25bd1b64500f90e380ff9d5143e03eae349a3 Mon Sep 17 00:00:00 2001 From: Mark Lee Date: Tue, 10 Feb 2026 11:22:07 -0800 Subject: [PATCH 03/15] fix(mise): auto-install minimum version configured in mise.toml --- shell/lib/mise.sh | 50 +++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 42 insertions(+), 8 deletions(-) diff --git a/shell/lib/mise.sh b/shell/lib/mise.sh index da711998..d5b447b5 100644 --- a/shell/lib/mise.sh +++ b/shell/lib/mise.sh @@ -18,7 +18,14 @@ ensure_mise_installed() { export PATH="$HOME/.local/bin:$PATH" fi - if ! command_exists mise; then + if command_exists mise; then + local minMiseVersion + minMiseVersion="$(mise config get min_version.hard 2>/dev/null || true)" + if [[ -n $minMiseVersion ]] && ! mise_version_compatible "$minMiseVersion"; then + info "Upgrading mise from $(mise_version) to meet minimum version requirement of $minMiseVersion" + install_mise "$minMiseVersion" + fi + else if [[ -n $is_root ]]; then export MISE_INSTALL_PATH=/usr/local/bin/mise fi @@ -56,28 +63,38 @@ ensure_mise_installed() { eval "$(mise activate bash --shims)" fi } - +# install_mise([version]) +# # Installs mise via the official install script (making sure that it is # signed via GPG). If that fails in CI and the CI worker is running # Ubuntu, install mise via the official apt repository. +# +# If a version is specified, installs that version, otherwise the +# latest version is installed. The apt fallback will always install +# the latest version. install_mise() { + local version="$1" local install_script=/tmp/mise-install.sh if [[ ! -f $install_script || "$(wc -c "$install_script" | awk '{print $1}')" -eq 0 ]]; then if ! retry 5 5 gpg --keyserver hkps://keys.openpgp.org --recv-keys 0x24853ec9f655ce80b48e6c3a8b81c9d17413a06d; then error "Could not import mise GPG release key" - install_mise_via_apt_if_ubuntu_in_ci + install_mise_via_apt_if_ubuntu_in_ci "$version" fi # ensure the install script is signed with the mise release key if ! download_mise_install_script | gpg --decrypt >"$install_script"; then error "Could not download or verify mise install script" - install_mise_via_apt_if_ubuntu_in_ci + install_mise_via_apt_if_ubuntu_in_ci "$version" fi fi + if [[ -n $MISE_VERSION ]]; then + warn "MISE_VERSION is already set to '$MISE_VERSION', it will be overridden to '$version' for the installation process" + fi ( set +e + export MISE_VERSION="$version" if ! retry 5 5 sh "$install_script"; then - install_mise_via_apt_if_ubuntu_in_ci + install_mise_via_apt_if_ubuntu_in_ci "$version" fi ) run_mise settings set http_retries 3 @@ -109,6 +126,7 @@ download_mise_install_script() { # Install mise via apt if running in CI on Ubuntu. install_mise_via_apt_if_ubuntu_in_ci() { + local version="$1" local distro if ! in_ci_environment; then warn "Falling back to apt installation of mise is only supported in CI environments" @@ -120,6 +138,9 @@ install_mise_via_apt_if_ubuntu_in_ci() { warn "Falling back to apt installation of mise is only supported on Ubuntu" return 1 fi + if [[ -n $version ]]; then + warn "Cannot install specific version of mise, installing latest version instead" + fi warn "Installing mise via apt, mise will be installed to /usr/bin/mise instead" install_mise_via_apt } @@ -384,14 +405,27 @@ devbase_configure_global_tools() { # Requires sourcing version.sh. devbase_install_mise_tools() { # experimental setting needed for Go backend - local miseVersion - miseVersion="$(mise version --json | gojq --raw-output .version | awk '{print $1}')" - if ! has_minimum_version "2025.10.11" "$miseVersion"; then + if ! mise_version_compatible "2025.10.11"; then mise settings set experimental true fi devbase_mise install --yes } +# The current version of mise. +mise_version() { + run_mise version --json | gojq --raw-output .version | awk '{print $1}' +} + +# mise_version_compatible(minVersion) +# +# Whether the current mise version is >= the minimum version specified. +mise_version_compatible() { + local minVersion miseVersion + minVersion="$1" + miseVersion="$(mise_version)" + has_minimum_version "$minVersion" "$miseVersion" +} + # Installs a given tool via `mise install`, assuming that it's defined # in the local `mise.toml` file and not already installed. mise_install_if_needed() { From 970e0adbac1cc848f9ee138723cc82c1730df025 Mon Sep 17 00:00:00 2001 From: Mark Lee Date: Wed, 11 Mar 2026 18:25:08 -0700 Subject: [PATCH 04/15] Better docs --- shell/lib/mise.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/shell/lib/mise.sh b/shell/lib/mise.sh index d5b447b5..4711d589 100644 --- a/shell/lib/mise.sh +++ b/shell/lib/mise.sh @@ -124,7 +124,11 @@ download_mise_install_script() { http_fetch "https://mise.jdx.dev/install.sh.sig" } +# install_mise_via_apt_if_ubuntu_in_ci([version]) +# # Install mise via apt if running in CI on Ubuntu. +# The `version` parameter is only used to warn the user that you can't +# install a custom version via apt. install_mise_via_apt_if_ubuntu_in_ci() { local version="$1" local distro From e4ed72849fb573516126d5e5bccf064a1ad8916e Mon Sep 17 00:00:00 2001 From: Mark Lee Date: Wed, 11 Mar 2026 18:45:23 -0700 Subject: [PATCH 05/15] Ensure mise at the very start of setup --- shell/circleci/setup.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/shell/circleci/setup.sh b/shell/circleci/setup.sh index c00c2f8e..5d6cf140 100755 --- a/shell/circleci/setup.sh +++ b/shell/circleci/setup.sh @@ -24,6 +24,9 @@ source "${LIB_DIR}/mise.sh" # shellcheck source=../lib/shell.sh source "${LIB_DIR}/shell.sh" +info "🔨 Setting up mise 🧑‍🍳" +ensure_mise_installed + if gh_installed; then # shellcheck disable=SC2119 # Why: no extra args needed to pass to ghaccesstoken in this case. @@ -36,9 +39,6 @@ if ! mise_manages_tool_versions; then "$CI_DIR/env/asdf.sh" fi -info "🔨 Setting up mise 🧑‍🍳" -ensure_mise_installed - "$CI_DIR/env/mise.sh" if circleci_pr_is_fork; then From 6654e84b153984c20a7896c63b61635a74e15655 Mon Sep 17 00:00:00 2001 From: Mark Lee Date: Wed, 11 Mar 2026 18:56:22 -0700 Subject: [PATCH 06/15] Source version.sh --- shell/circleci/setup.sh | 3 +++ shell/lib/mise.sh | 1 + 2 files changed, 4 insertions(+) diff --git a/shell/circleci/setup.sh b/shell/circleci/setup.sh index 5d6cf140..3daf6c2a 100755 --- a/shell/circleci/setup.sh +++ b/shell/circleci/setup.sh @@ -24,6 +24,9 @@ source "${LIB_DIR}/mise.sh" # shellcheck source=../lib/shell.sh source "${LIB_DIR}/shell.sh" +# shellcheck source=../lib/version.sh +source "${LIB_DIR}/version.sh" + info "🔨 Setting up mise 🧑‍🍳" ensure_mise_installed diff --git a/shell/lib/mise.sh b/shell/lib/mise.sh index 4711d589..befbbe99 100644 --- a/shell/lib/mise.sh +++ b/shell/lib/mise.sh @@ -423,6 +423,7 @@ mise_version() { # mise_version_compatible(minVersion) # # Whether the current mise version is >= the minimum version specified. +# Requires sourcing version.sh. mise_version_compatible() { local minVersion miseVersion minVersion="$1" From 8aaa2c218b2f90a8d53e8739d0a0531c091a8a9f Mon Sep 17 00:00:00 2001 From: Mark Lee Date: Wed, 11 Mar 2026 20:05:32 -0700 Subject: [PATCH 07/15] refactor(mise): use builtin tools to parse mise version --- shell/lib/mise.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/shell/lib/mise.sh b/shell/lib/mise.sh index befbbe99..3f5b4513 100644 --- a/shell/lib/mise.sh +++ b/shell/lib/mise.sh @@ -416,8 +416,10 @@ devbase_install_mise_tools() { } # The current version of mise. +# Does not use JSON+gojq as it's mise-installed and could possibly fail +# if the version is too old for the project mise config. mise_version() { - run_mise version --json | gojq --raw-output .version | awk '{print $1}' + run_mise version --quiet | tail -n 1 | awk '{print $1}' } # mise_version_compatible(minVersion) From a54e1d01f9e493b5f0965c1f56cbed31442f4219 Mon Sep 17 00:00:00 2001 From: Mark Lee Date: Fri, 13 Mar 2026 09:38:13 -0700 Subject: [PATCH 08/15] Source version.sh whereever ensure_mise_installed is called --- shell/ci/release/docker-authn.sh | 3 +++ shell/circleci/machine.sh | 3 +++ shell/mise.sh | 3 +++ 3 files changed, 9 insertions(+) diff --git a/shell/ci/release/docker-authn.sh b/shell/ci/release/docker-authn.sh index 3fe823c1..8f826775 100755 --- a/shell/ci/release/docker-authn.sh +++ b/shell/ci/release/docker-authn.sh @@ -29,6 +29,9 @@ source "${LIB_DIR}/mise.sh" # shellcheck source=../../lib/shell.sh source "${LIB_DIR}/shell.sh" +# shellcheck source=../../lib/version.sh +source "${LIB_DIR}/version.sh" + info "Ensuring that 'gh' is installed" ensure_mise_installed diff --git a/shell/circleci/machine.sh b/shell/circleci/machine.sh index 5a627676..dafd8d4f 100755 --- a/shell/circleci/machine.sh +++ b/shell/circleci/machine.sh @@ -22,6 +22,9 @@ source "$LIB_DIR"/mise.sh # shellcheck source=../lib/shell.sh source "$LIB_DIR"/shell.sh +# shellcheck source=../lib/version.sh +source "$LIB_DIR"/version.sh + if [[ $OSTYPE == "darwin"* ]]; then brew install bash docker gnupg gnu-sed # Rosetta is required for awscli installed by mise diff --git a/shell/mise.sh b/shell/mise.sh index 885aa8d9..489e4840 100755 --- a/shell/mise.sh +++ b/shell/mise.sh @@ -16,6 +16,9 @@ source "$DEVBASE_LIB_DIR/mise.sh" # shellcheck source=./lib/shell.sh source "$DEVBASE_LIB_DIR/shell.sh" +# shellcheck source=./lib/shell.sh +source "$DEVBASE_LIB_DIR/version.sh" + ensure_mise_installed 1>&2 misePath="$(find_mise)" From 799df92a9faab3ad943de5dead9c3a339b6cbf47 Mon Sep 17 00:00:00 2001 From: Mark Lee Date: Fri, 13 Mar 2026 09:47:05 -0700 Subject: [PATCH 09/15] Fix typo --- shell/mise.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/shell/mise.sh b/shell/mise.sh index 489e4840..bf1bc053 100755 --- a/shell/mise.sh +++ b/shell/mise.sh @@ -16,7 +16,7 @@ source "$DEVBASE_LIB_DIR/mise.sh" # shellcheck source=./lib/shell.sh source "$DEVBASE_LIB_DIR/shell.sh" -# shellcheck source=./lib/shell.sh +# shellcheck source=./lib/version.sh source "$DEVBASE_LIB_DIR/version.sh" ensure_mise_installed 1>&2 From 9f456cf4ed9fcf81fc97a671fc73aa703705697c Mon Sep 17 00:00:00 2001 From: Mark Lee Date: Mon, 16 Mar 2026 11:53:22 -0700 Subject: [PATCH 10/15] Whitespace --- shell/lib/mise.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/shell/lib/mise.sh b/shell/lib/mise.sh index 3f5b4513..ccdde7d9 100644 --- a/shell/lib/mise.sh +++ b/shell/lib/mise.sh @@ -63,6 +63,7 @@ ensure_mise_installed() { eval "$(mise activate bash --shims)" fi } + # install_mise([version]) # # Installs mise via the official install script (making sure that it is From 450586471a37437095eb6856b373960e295cf478 Mon Sep 17 00:00:00 2001 From: Mark Lee Date: Mon, 16 Mar 2026 11:58:46 -0700 Subject: [PATCH 11/15] Fix mise stub --- shell/lib/mise/stub.sh | 2 ++ shell/mise.sh | 15 +++------------ 2 files changed, 5 insertions(+), 12 deletions(-) diff --git a/shell/lib/mise/stub.sh b/shell/lib/mise/stub.sh index d821683c..96394318 100644 --- a/shell/lib/mise/stub.sh +++ b/shell/lib/mise/stub.sh @@ -15,3 +15,5 @@ source "$DEVBASE_LIB_DIR/logging.sh" source "$DEVBASE_LIB_DIR/mise.sh" # shellcheck source=../shell.sh source "$DEVBASE_LIB_DIR/shell.sh" +# shellcheck source=../version.sh +source "$DEVBASE_LIB_DIR/version.sh" diff --git a/shell/mise.sh b/shell/mise.sh index bf1bc053..38322270 100755 --- a/shell/mise.sh +++ b/shell/mise.sh @@ -7,22 +7,13 @@ set -euo pipefail DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" >/dev/null 2>&1 && pwd)" DEVBASE_LIB_DIR="$DIR/lib" -# shellcheck source=./lib/logging.sh -source "$DEVBASE_LIB_DIR/logging.sh" - -# shellcheck source=./lib/mise.sh -source "$DEVBASE_LIB_DIR/mise.sh" - -# shellcheck source=./lib/shell.sh -source "$DEVBASE_LIB_DIR/shell.sh" - -# shellcheck source=./lib/version.sh -source "$DEVBASE_LIB_DIR/version.sh" +# shellcheck source=./lib/mise/stub.sh +source "$DEVBASE_LIB_DIR/mise/stub.sh" ensure_mise_installed 1>&2 misePath="$(find_mise)" -ghToken="$(gh auth token)" +ghToken="$(run_gh auth token)" GITHUB_TOKEN="$ghToken" wait_for_gh_rate_limit MISE_GITHUB_TOKEN="$ghToken" exec "$misePath" "$@" From 52bead295803c45d217e7a52459ce444e327867f Mon Sep 17 00:00:00 2001 From: Mark Lee Date: Mon, 16 Mar 2026 11:59:12 -0700 Subject: [PATCH 12/15] Only set MISE_VERSION if version is nonempty --- shell/lib/mise.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/shell/lib/mise.sh b/shell/lib/mise.sh index ccdde7d9..a9e29f86 100644 --- a/shell/lib/mise.sh +++ b/shell/lib/mise.sh @@ -88,12 +88,14 @@ install_mise() { install_mise_via_apt_if_ubuntu_in_ci "$version" fi fi - if [[ -n $MISE_VERSION ]]; then + if [[ -n $MISE_VERSION && -n $version ]]; then warn "MISE_VERSION is already set to '$MISE_VERSION', it will be overridden to '$version' for the installation process" fi ( set +e - export MISE_VERSION="$version" + if [[ -n $version ]]; then + export MISE_VERSION="$version" + fi if ! retry 5 5 sh "$install_script"; then install_mise_via_apt_if_ubuntu_in_ci "$version" fi From 31f15146dc92f15dd48a4ac555700dae1f921c04 Mon Sep 17 00:00:00 2001 From: Mark Lee Date: Mon, 16 Mar 2026 14:59:09 -0700 Subject: [PATCH 13/15] Avoid unbound variables --- shell/lib/mise.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/shell/lib/mise.sh b/shell/lib/mise.sh index a9e29f86..52327ec2 100644 --- a/shell/lib/mise.sh +++ b/shell/lib/mise.sh @@ -74,7 +74,7 @@ ensure_mise_installed() { # latest version is installed. The apt fallback will always install # the latest version. install_mise() { - local version="$1" + local version="${1:-}" local install_script=/tmp/mise-install.sh if [[ ! -f $install_script || "$(wc -c "$install_script" | awk '{print $1}')" -eq 0 ]]; then @@ -88,7 +88,7 @@ install_mise() { install_mise_via_apt_if_ubuntu_in_ci "$version" fi fi - if [[ -n $MISE_VERSION && -n $version ]]; then + if [[ -n ${MISE_VERSION:-} && -n $version ]]; then warn "MISE_VERSION is already set to '$MISE_VERSION', it will be overridden to '$version' for the installation process" fi ( From 663d348401d4cc947aa4fd3fe924aec9b0d40e94 Mon Sep 17 00:00:00 2001 From: Mark Lee Date: Mon, 16 Mar 2026 15:14:59 -0700 Subject: [PATCH 14/15] More recommendations from AI --- shell/lib/mise.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/shell/lib/mise.sh b/shell/lib/mise.sh index 52327ec2..19aa8beb 100644 --- a/shell/lib/mise.sh +++ b/shell/lib/mise.sh @@ -24,6 +24,8 @@ ensure_mise_installed() { if [[ -n $minMiseVersion ]] && ! mise_version_compatible "$minMiseVersion"; then info "Upgrading mise from $(mise_version) to meet minimum version requirement of $minMiseVersion" install_mise "$minMiseVersion" + + mise --version fi else if [[ -n $is_root ]]; then @@ -133,7 +135,7 @@ download_mise_install_script() { # The `version` parameter is only used to warn the user that you can't # install a custom version via apt. install_mise_via_apt_if_ubuntu_in_ci() { - local version="$1" + local version="${1:-}" local distro if ! in_ci_environment; then warn "Falling back to apt installation of mise is only supported in CI environments" @@ -422,7 +424,7 @@ devbase_install_mise_tools() { # Does not use JSON+gojq as it's mise-installed and could possibly fail # if the version is too old for the project mise config. mise_version() { - run_mise version --quiet | tail -n 1 | awk '{print $1}' + "$(find_mise)" version --quiet | tail -n 1 | awk '{print $1}' } # mise_version_compatible(minVersion) From d10b0bd858a08d373d7cc744f723c89896ffb1e1 Mon Sep 17 00:00:00 2001 From: Mark Lee Date: Mon, 16 Mar 2026 17:13:41 -0700 Subject: [PATCH 15/15] More version.sh sourcing --- shell/ci/testing/setup-devenv.sh | 2 ++ shell/fmt.sh | 2 ++ shell/linters.sh | 2 ++ shell/test.sh | 3 +++ 4 files changed, 9 insertions(+) diff --git a/shell/ci/testing/setup-devenv.sh b/shell/ci/testing/setup-devenv.sh index 4d200099..6625e225 100755 --- a/shell/ci/testing/setup-devenv.sh +++ b/shell/ci/testing/setup-devenv.sh @@ -14,6 +14,8 @@ source "$DIR/../../lib/box.sh" source "$DIR/../../lib/mise.sh" # shellcheck source=../../lib/shell.sh source "$DIR/../../lib/shell.sh" +# shellcheck source=../../lib/version.sh +source "$DIR/../../lib/version.sh" # Arguments PROVISION="${PROVISION:-"false"}" diff --git a/shell/fmt.sh b/shell/fmt.sh index 1873dcf8..c58d58e3 100755 --- a/shell/fmt.sh +++ b/shell/fmt.sh @@ -16,6 +16,8 @@ source "$DIR/lib/logging.sh" source "$DIR/lib/mise.sh" # shellcheck source=./lib/shell.sh source "$DIR/lib/shell.sh" +# shellcheck source=./lib/version.sh +source "$DIR/lib/version.sh" # add extra (per project) linters linters=("$DIR/linters"/*.sh) diff --git a/shell/linters.sh b/shell/linters.sh index 9ba54d74..e20b5420 100755 --- a/shell/linters.sh +++ b/shell/linters.sh @@ -15,6 +15,8 @@ source "$DIR/lib/logging.sh" source "$DIR/lib/mise.sh" # shellcheck source=./lib/shell.sh source "$DIR/lib/shell.sh" +# shellcheck source=./lib/version.sh +source "$DIR/lib/version.sh" if [[ -n $SKIP_LINTERS ]] || [[ -n $SKIP_VALIDATE ]]; then info "Skipping linters" diff --git a/shell/test.sh b/shell/test.sh index 5560bd3b..abf8351e 100755 --- a/shell/test.sh +++ b/shell/test.sh @@ -23,6 +23,9 @@ source "$DIR/lib/mise.sh" # shellcheck source=./lib/shell.sh source "$DIR/lib/shell.sh" +# shellcheck source=./lib/version.sh +source "$DIR/lib/version.sh" + # TEST_FLAGS is an array of flags to pass to `go test`. TEST_FLAGS must # be a string value. It will be split on spaces. #