Skip to content

Merge upstream#3

Open
odormond wants to merge 304 commits into
masterfrom
merge-upstream
Open

Merge upstream#3
odormond wants to merge 304 commits into
masterfrom
merge-upstream

Conversation

@odormond

Copy link
Copy Markdown

No description provided.

github-actions Bot and others added 30 commits January 21, 2026 03:07
See cashapp#709 but I couldn't
update that PR so I made a new one.

---------

Co-authored-by: Tony Robalik <trobalik@squareup.com>
auto-versioner is not working right now.
A graph-aware Terraform/OpenTofu CLI with parallel execution and
SQL-queryable state.

stategraph.com
…wscli.hcl bazel.hcl beads.hcl block-goose.hcl cloudflared.hcl cmake.hcl coder.hcl comrak.hcl corretto.hcl crystal.hcl datadog-ci.hcl dgctl.hcl docker-buildx.hcl docker-compose.hcl doctl.hcl dolt.hcl flux-operator.hcl flyctl.hcl gh.hcl git-cliff.hcl gomplate.hcl helm.hcl hookdeck.hcl istioctl.hcl jfrog-cli.hcl jpm.hcl jsonschema.hcl kubebuilder.hcl kubectl.hcl loki-logcli.hcl loki-promtail.hcl meilisearch.hcl nsc.hcl opentofu.hcl prek.hcl protoc-gen-grpc-gateway.hcl protoc-gen-openapiv2.hcl rust-src.hcl rust.hcl rv.hcl snyk.hcl stategraph.hcl talosctl.hcl terragrunt.hcl tilt.hcl tuist.hcl ty.hcl v.hcl vespa.hcl watchexec.hcl zola.hcl
…cl geesefs.hcl gradle-guard.hcl jpm.hcl jsonschema.hcl mirrord.hcl nature.hcl railway.hcl
… crip.hcl docker-cli.hcl duckdb.hcl encore.hcl flyctl.hcl meilisearch.hcl nfpm.hcl pnpm.hcl pulumi.hcl railway.hcl setup-envtest.hcl stategraph.hcl task.hcl terragrunt.hcl ty.hcl typos.hcl uv.hcl v.hcl
…ake.hcl cue.hcl doppler.hcl flutter.hcl flyctl.hcl gcloud.hcl grype.hcl jsonschema.hcl kubebuilder.hcl kyverno-cli.hcl lefthook.hcl meilisearch.hcl nats-server.hcl pulumi.hcl railway.hcl stategraph.hcl swc.hcl syft.hcl t.hcl typos.hcl
…cl cargo-binstall.hcl databricks.hcl knative.hcl meilisearch.hcl mirrord.hcl myks.hcl nats.hcl nsc.hcl protoc-gen-grpc-gateway.hcl protoc-gen-openapiv2.hcl stripe.hcl t.hcl terraform.hcl
…t.hcl corretto.hcl deno.hcl docker-buildx.hcl dolt.hcl firebase.hcl flutter.hcl fossa.hcl gradle.hcl grog.hcl grype.hcl minikube.hcl neonctl.hcl opa.hcl pivit.hcl protoc-gen-grpc-gateway.hcl protoc-gen-openapiv2.hcl protoc.hcl pulumi.hcl railway.hcl stategraph.hcl syft.hcl terragrunt.hcl uv.hcl vendir.hcl
…uildozer.hcl datadog-ci.hcl dolt.hcl encore.hcl frizbee.hcl godel.hcl jfrog-cli.hcl nsc.hcl rclone.hcl rustfs.hcl sq.hcl stategraph.hcl tilt.hcl trivy.hcl vacuum.hcl
handstandsam and others added 21 commits June 17, 2026 11:50
Adds the two most recent Gradle 8.14.x patch releases to the gradle
manifest:

- **8.14.4** (Jan 23, 2026)
- **8.14.5** (May 07, 2026)

### Why
The manifest's `auto-version` block tracks the *latest overall* Gradle
release (currently the 9.x line), so the 8.14.x patch line stopped at
8.14.3 — 8.14.4 and 8.14.5 were never backfilled. Anyone pinned to the
8.14.x line can't `hermit install` them today.

This matters for Kotlin tooling in particular: **Kotlin Gradle Plugin
2.4.0 deprecates Gradle versions below 8.14.4** and makes 8.14.4 the
minimum in Kotlin 2.5.0, so projects on the 8.14 line need 8.14.4+ to
stay on a supported, non-deprecated Gradle.

### Checksums
Official values from https://gradle.org/release-checksums/, verified
against the `*-bin.zip.sha256` sidecars:

| version | sha256 |
|---|---|
| gradle-8.14.4-bin.zip |
`f1771298a70f6db5a29daf62378c4e18a17fc33c9ba6b14362e0cdf40610380d` |
| gradle-8.14.5-bin.zip |
`6f74b601422d6d6fc4e1f9a1ab6522f642c2fdcbc15ae33ebd30ba3d7198e854` |

### Validation
`hermit install gradle-8.14.5` against this manifest resolves, downloads
from `services.gradle.org`, and passes checksum verification locally.

Signed-off-by: Sam Edwards <samedwards@squareup.com>
….hcl chrome-for-testing.hcl chromedriver.hcl coder.hcl crane.hcl dagger.hcl databricks.hcl datadog-ci.hcl docker-buildx.hcl dolt.hcl duckdb.hcl firebase.hcl gauge.hcl gcrane.hcl gh.hcl helm.hcl jfrog-cli.hcl mysqldef.hcl nsc.hcl psqldef.hcl spirit.hcl sqlite3def.hcl supabase.hcl tanka.hcl ty.hcl vault.hcl
…g.hcl chromedriver.hcl cloudflared.hcl docker-cli.hcl firebase.hcl gauge.hcl godel.hcl gradle.hcl kubeseal.hcl mirrord.hcl nsc.hcl opengrep.hcl opentofu.hcl pnpm.hcl pulumi.hcl ruff.hcl stripe.hcl trufflehog.hcl ty.hcl uv.hcl vacuum.hcl vespa.hcl
…nsul.hcl lima.hcl mirrord.hcl nelm.hcl nsc.hcl railway.hcl sccache.hcl sq.hcl trivy.hcl uv.hcl xh.hcl
….hcl chromedriver.hcl dasel.hcl git-sv.hcl jq.hcl myks.hcl nfpm.hcl railway.hcl spirit.hcl
…nfluent.hcl copybara.hcl crossplane.hcl docker-scout.hcl dolt.hcl firebase.hcl flutter.hcl flyctl.hcl geesefs.hcl gqlgen.hcl gren.hcl grog.hcl meilisearch.hcl mirrord.hcl neonctl.hcl nsc.hcl stripe.hcl swc.hcl talosctl.hcl ty.hcl
v2.10.2 and higher has linux-arm64 versions
…medriver.hcl docker-compose.hcl elastic-package.hcl elixir.hcl gcloud.hcl just.hcl jx.hcl ktfmt.hcl mirrord.hcl mysqldef.hcl nsc.hcl pack.hcl pgschema.hcl pnpm.hcl psqldef.hcl railway.hcl ruff.hcl snyk.hcl sq.hcl sqlite3def.hcl swiftlint.hcl tanka.hcl uv.hcl
`github-release = "rhysd/actionlint/"` made Hermit build
`https://api.github.com/repos/rhysd/actionlint//releases`, which 404s on
the double slash. autoversion.yml runs with `--continue-on-error`, so
the failure was swallowed and actionlint was silently frozen at 1.6.26
since it was added in cashapp#434 (Jan 2024), while upstream reached v1.7.12.

Dropping the slash lets the releases API call resolve again; the daily
auto-version bot will append the latest version and digests on its next
run. Verified locally: with the slash removed,
`hermit manifest auto-version --update-digests actionlint.hcl` resolves
v1.7.12.
zizmor (https://github.com/zizmorcore/zizmor) is a static-analysis tool
that audits GitHub Actions workflows and composite actions for security
issues (template injection, unsafe GITHUB_ENV writes, over-broad
permissions). It ships per-platform release tarballs, so it maps onto
Hermit directly.

Digests generated with `hermit manifest add-digests`; verified with
`hermit manifest validate`.
…me-for-testing.hcl chromedriver.hcl databricks.hcl doltgresql.hcl eksctl.hcl firebase.hcl flutter.hcl istioctl.hcl loki-logcli.hcl meilisearch.hcl mirrord.hcl ntfy.hcl pulumi.hcl stripe.hcl terraform.hcl ty.hcl
…hcl chromedriver.hcl civo.hcl confluent.hcl deno.hcl doctl.hcl firebase.hcl flyctl.hcl fvm.hcl mirrord.hcl nsc.hcl opa.hcl railway.hcl ruff.hcl skeema.hcl supabase.hcl ty.hcl vacuum.hcl
…-cli.hcl dolt.hcl doltgresql.hcl encore.hcl go-swagger.hcl gqlgen.hcl gradle.hcl grype.hcl jfrog-cli.hcl jx.hcl ko.hcl operator-sdk.hcl podman.hcl sentry-cli.hcl skaffold.hcl syft.hcl ty.hcl uv.hcl velero.hcl
…el.hcl dprint.hcl jx.hcl swiftlint.hcl vacuum.hcl
…ng.hcl chromedriver.hcl depot.hcl dgctl.hcl dprint.hcl pocketbase.hcl tree-sitter.hcl
…der.hcl copybara.hcl cue.hcl datadog-ci.hcl flyctl.hcl just.hcl ko.hcl meilisearch.hcl mirrord.hcl nats-server.hcl nsc.hcl opa.hcl railway.hcl tailwindcss.hcl trufflehog.hcl vals.hcl
@odormond odormond requested a review from a team as a code owner June 30, 2026 13:57
@aliculPix4D

Copy link
Copy Markdown

Why?

This branch is out-of-date with the base branch

@odormond

Copy link
Copy Markdown
Author

Why?

This branch is out-of-date with the base branch

No idea. I think it's a GH bug.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.