Merge upstream#3
Open
odormond wants to merge 304 commits into
Open
Conversation
See cashapp#709 but I couldn't update that PR so I made a new one. --------- Co-authored-by: Tony Robalik <trobalik@squareup.com>
auto-versioner is not working right now.
A graph-aware Terraform/OpenTofu CLI with parallel execution and SQL-queryable state. stategraph.com
…wscli.hcl bazel.hcl beads.hcl block-goose.hcl cloudflared.hcl cmake.hcl coder.hcl comrak.hcl corretto.hcl crystal.hcl datadog-ci.hcl dgctl.hcl docker-buildx.hcl docker-compose.hcl doctl.hcl dolt.hcl flux-operator.hcl flyctl.hcl gh.hcl git-cliff.hcl gomplate.hcl helm.hcl hookdeck.hcl istioctl.hcl jfrog-cli.hcl jpm.hcl jsonschema.hcl kubebuilder.hcl kubectl.hcl loki-logcli.hcl loki-promtail.hcl meilisearch.hcl nsc.hcl opentofu.hcl prek.hcl protoc-gen-grpc-gateway.hcl protoc-gen-openapiv2.hcl rust-src.hcl rust.hcl rv.hcl snyk.hcl stategraph.hcl talosctl.hcl terragrunt.hcl tilt.hcl tuist.hcl ty.hcl v.hcl vespa.hcl watchexec.hcl zola.hcl
…radle-guard.hcl ruff.hcl rv.hcl
…cl geesefs.hcl gradle-guard.hcl jpm.hcl jsonschema.hcl mirrord.hcl nature.hcl railway.hcl
…ask.hcl tuist.hcl
… crip.hcl docker-cli.hcl duckdb.hcl encore.hcl flyctl.hcl meilisearch.hcl nfpm.hcl pnpm.hcl pulumi.hcl railway.hcl setup-envtest.hcl stategraph.hcl task.hcl terragrunt.hcl ty.hcl typos.hcl uv.hcl v.hcl
…ake.hcl cue.hcl doppler.hcl flutter.hcl flyctl.hcl gcloud.hcl grype.hcl jsonschema.hcl kubebuilder.hcl kyverno-cli.hcl lefthook.hcl meilisearch.hcl nats-server.hcl pulumi.hcl railway.hcl stategraph.hcl swc.hcl syft.hcl t.hcl typos.hcl
…cl cargo-binstall.hcl databricks.hcl knative.hcl meilisearch.hcl mirrord.hcl myks.hcl nats.hcl nsc.hcl protoc-gen-grpc-gateway.hcl protoc-gen-openapiv2.hcl stripe.hcl t.hcl terraform.hcl
…t.hcl corretto.hcl deno.hcl docker-buildx.hcl dolt.hcl firebase.hcl flutter.hcl fossa.hcl gradle.hcl grog.hcl grype.hcl minikube.hcl neonctl.hcl opa.hcl pivit.hcl protoc-gen-grpc-gateway.hcl protoc-gen-openapiv2.hcl protoc.hcl pulumi.hcl railway.hcl stategraph.hcl syft.hcl terragrunt.hcl uv.hcl vendir.hcl
…uildozer.hcl datadog-ci.hcl dolt.hcl encore.hcl frizbee.hcl godel.hcl jfrog-cli.hcl nsc.hcl rclone.hcl rustfs.hcl sq.hcl stategraph.hcl tilt.hcl trivy.hcl vacuum.hcl
…indgen.hcl yq.hcl
Adds the two most recent Gradle 8.14.x patch releases to the gradle manifest: - **8.14.4** (Jan 23, 2026) - **8.14.5** (May 07, 2026) ### Why The manifest's `auto-version` block tracks the *latest overall* Gradle release (currently the 9.x line), so the 8.14.x patch line stopped at 8.14.3 — 8.14.4 and 8.14.5 were never backfilled. Anyone pinned to the 8.14.x line can't `hermit install` them today. This matters for Kotlin tooling in particular: **Kotlin Gradle Plugin 2.4.0 deprecates Gradle versions below 8.14.4** and makes 8.14.4 the minimum in Kotlin 2.5.0, so projects on the 8.14 line need 8.14.4+ to stay on a supported, non-deprecated Gradle. ### Checksums Official values from https://gradle.org/release-checksums/, verified against the `*-bin.zip.sha256` sidecars: | version | sha256 | |---|---| | gradle-8.14.4-bin.zip | `f1771298a70f6db5a29daf62378c4e18a17fc33c9ba6b14362e0cdf40610380d` | | gradle-8.14.5-bin.zip | `6f74b601422d6d6fc4e1f9a1ab6522f642c2fdcbc15ae33ebd30ba3d7198e854` | ### Validation `hermit install gradle-8.14.5` against this manifest resolves, downloads from `services.gradle.org`, and passes checksum verification locally. Signed-off-by: Sam Edwards <samedwards@squareup.com>
….hcl chrome-for-testing.hcl chromedriver.hcl coder.hcl crane.hcl dagger.hcl databricks.hcl datadog-ci.hcl docker-buildx.hcl dolt.hcl duckdb.hcl firebase.hcl gauge.hcl gcrane.hcl gh.hcl helm.hcl jfrog-cli.hcl mysqldef.hcl nsc.hcl psqldef.hcl spirit.hcl sqlite3def.hcl supabase.hcl tanka.hcl ty.hcl vault.hcl
…g.hcl chromedriver.hcl cloudflared.hcl docker-cli.hcl firebase.hcl gauge.hcl godel.hcl gradle.hcl kubeseal.hcl mirrord.hcl nsc.hcl opengrep.hcl opentofu.hcl pnpm.hcl pulumi.hcl ruff.hcl stripe.hcl trufflehog.hcl ty.hcl uv.hcl vacuum.hcl vespa.hcl
…nsul.hcl lima.hcl mirrord.hcl nelm.hcl nsc.hcl railway.hcl sccache.hcl sq.hcl trivy.hcl uv.hcl xh.hcl
….hcl chromedriver.hcl dasel.hcl git-sv.hcl jq.hcl myks.hcl nfpm.hcl railway.hcl spirit.hcl
…swiftlint.hcl vals.hcl
…nfluent.hcl copybara.hcl crossplane.hcl docker-scout.hcl dolt.hcl firebase.hcl flutter.hcl flyctl.hcl geesefs.hcl gqlgen.hcl gren.hcl grog.hcl meilisearch.hcl mirrord.hcl neonctl.hcl nsc.hcl stripe.hcl swc.hcl talosctl.hcl ty.hcl
v2.10.2 and higher has linux-arm64 versions
…medriver.hcl docker-compose.hcl elastic-package.hcl elixir.hcl gcloud.hcl just.hcl jx.hcl ktfmt.hcl mirrord.hcl mysqldef.hcl nsc.hcl pack.hcl pgschema.hcl pnpm.hcl psqldef.hcl railway.hcl ruff.hcl snyk.hcl sq.hcl sqlite3def.hcl swiftlint.hcl tanka.hcl uv.hcl
`github-release = "rhysd/actionlint/"` made Hermit build `https://api.github.com/repos/rhysd/actionlint//releases`, which 404s on the double slash. autoversion.yml runs with `--continue-on-error`, so the failure was swallowed and actionlint was silently frozen at 1.6.26 since it was added in cashapp#434 (Jan 2024), while upstream reached v1.7.12. Dropping the slash lets the releases API call resolve again; the daily auto-version bot will append the latest version and digests on its next run. Verified locally: with the slash removed, `hermit manifest auto-version --update-digests actionlint.hcl` resolves v1.7.12.
zizmor (https://github.com/zizmorcore/zizmor) is a static-analysis tool that audits GitHub Actions workflows and composite actions for security issues (template injection, unsafe GITHUB_ENV writes, over-broad permissions). It ships per-platform release tarballs, so it maps onto Hermit directly. Digests generated with `hermit manifest add-digests`; verified with `hermit manifest validate`.
…me-for-testing.hcl chromedriver.hcl databricks.hcl doltgresql.hcl eksctl.hcl firebase.hcl flutter.hcl istioctl.hcl loki-logcli.hcl meilisearch.hcl mirrord.hcl ntfy.hcl pulumi.hcl stripe.hcl terraform.hcl ty.hcl
…hcl chromedriver.hcl civo.hcl confluent.hcl deno.hcl doctl.hcl firebase.hcl flyctl.hcl fvm.hcl mirrord.hcl nsc.hcl opa.hcl railway.hcl ruff.hcl skeema.hcl supabase.hcl ty.hcl vacuum.hcl
…-cli.hcl dolt.hcl doltgresql.hcl encore.hcl go-swagger.hcl gqlgen.hcl gradle.hcl grype.hcl jfrog-cli.hcl jx.hcl ko.hcl operator-sdk.hcl podman.hcl sentry-cli.hcl skaffold.hcl syft.hcl ty.hcl uv.hcl velero.hcl
…el.hcl dprint.hcl jx.hcl swiftlint.hcl vacuum.hcl
…ng.hcl chromedriver.hcl depot.hcl dgctl.hcl dprint.hcl pocketbase.hcl tree-sitter.hcl
…der.hcl copybara.hcl cue.hcl datadog-ci.hcl flyctl.hcl just.hcl ko.hcl meilisearch.hcl mirrord.hcl nats-server.hcl nsc.hcl opa.hcl railway.hcl tailwindcss.hcl trufflehog.hcl vals.hcl
aliculPix4D
approved these changes
Jun 30, 2026
|
Why?
|
iAmoric
approved these changes
Jun 30, 2026
Author
No idea. I think it's a GH bug. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.