Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
25 commits
Select commit Hold shift + click to select a range
f647df5
Added run script for testing encrypted private ingredients.
mitchell-as Jul 8, 2026
f3b6e76
Merge pull request #3833 from ActiveState/mitchell/eng-1632-2
mitchell-as Jul 9, 2026
c090685
Updated version.txt.
mitchell-as Jul 9, 2026
fd78f3e
Run script for testing encrypted private ingredients should not be st…
mitchell-as Jul 10, 2026
590dd89
Merge pull request #3834 from ActiveState/mitchell/eng-1632-3
mitchell-as Jul 10, 2026
ae0a1e5
No need to remove existing SSL certs.
mitchell-as Jul 10, 2026
487eb9b
Merge pull request #3835 from ActiveState/mitchell/eng-1632-4
mitchell-as Jul 10, 2026
ca3d767
Update to Go 1.26.5 to remediate a CVE.
mitchell-as Jul 10, 2026
29dcff5
Merge pull request #3836 from ActiveState/mitchell/eng-1929
mitchell-as Jul 10, 2026
7354c4b
ENG-1461: State Tool graceful degradation on build-log WebSocket denial
mitchell-as Jul 13, 2026
b105686
ENG-1979: Fail cleanly when the state publish --build directory is mi…
mitchell-as Jul 14, 2026
d1a559d
Merge pull request #3838 from ActiveState/mitchell/eng-1979
mitchell-as Jul 14, 2026
3198fbe
Update activestate.yaml
mitchell-as Jul 14, 2026
cfd7679
ENG-1984: Fetch the organization key lazily, only when an encrypted a…
mitchell-as Jul 14, 2026
d741564
Merge pull request #3840 from ActiveState/mitchell/eng-1981
mitchell-as Jul 14, 2026
89dfe0e
serve-org-keys: run under cmd (Windows) without bash or openssl (#3839)
icanhasmath Jul 14, 2026
b424df4
Merge pull request #3837 from ActiveState/mitchell/eng-1461
mitchell-as Jul 15, 2026
48ea438
ENG-1984: Surface the key-fetch failure reason in the skipped-artifac…
mitchell-as Jul 15, 2026
a8097b8
ENG-1940: Finish an in-progress build when the build-log stream is un…
mitchell-as Jul 16, 2026
a1843c3
ENG-2005-Environment-variable overrides for all config options (#3843)
icanhasmath Jul 16, 2026
802f778
Merge pull request #3841 from ActiveState/mitchell/eng-1984
mitchell-as Jul 17, 2026
ddcc331
Merge remote-tracking branch 'origin/version/0-48-1-RC3' into mitchel…
mitchell-as Jul 17, 2026
8eaa944
Merge pull request #3844 from ActiveState/mitchell/eng-1940
mitchell-as Jul 17, 2026
11216d8
Merge pull request #3845 from ActiveState/marcg/CS-2357-remote-instal…
mitchell-as Jul 17, 2026
75c93f5
Update changelog.md
mitchell-as Jul 17, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ jobs:
strategy:
matrix:
go-version:
- 1.26.4
- 1.26.5
sys:
- { os: ubuntu-latest }
- { os: macos-15-intel, shell: zsh }
Expand Down
7 changes: 7 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -19,3 +19,10 @@ cmd/state/versioninfo.json
cmd/state/resource.syso
cmd/state-svc/versioninfo.json
cmd/state-svc/resource.syso
cmd/state-installer/versioninfo.json
cmd/state-installer/resource.syso
cmd/state-exec/versioninfo.json
cmd/state-exec/resource.syso
cmd/state-mcp/versioninfo.json
cmd/state-mcp/resource.syso
test/ssl/
74 changes: 73 additions & 1 deletion activestate.yaml
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
project: https://platform.activestate.com/ActiveState/cli?branch=main&commitID=9eee7512-b2ab-4600-b78b-ab0cf2e817d8
project: https://platform.activestate.com/ActiveState/cli?branch=main&commitID=ce30761b-3c98-4d7a-b737-bcb1beeef87c
constants:
- name: CLI_BUILDFLAGS
value: -ldflags="-s -w"
Expand Down Expand Up @@ -94,6 +94,9 @@ scripts:
if [[ "$GOOS" == "windows" || "$OS" == "Windows_NT" ]]; then
go run scripts/versioninfo-generator/main.go version.txt cmd/state/versioninfo.json "State Tool"
go run scripts/versioninfo-generator/main.go version.txt cmd/state-svc/versioninfo.json "State Service"
go run scripts/versioninfo-generator/main.go version.txt cmd/state-installer/versioninfo.json "State Installer"
go run scripts/versioninfo-generator/main.go version.txt cmd/state-exec/versioninfo.json "State Executor"
go run scripts/versioninfo-generator/main.go version.txt cmd/state-mcp/versioninfo.json "State MCP"
fi
- name: build
language: bash
Expand Down Expand Up @@ -136,6 +139,13 @@ scripts:
value: |
set -e
$constants.SET_ENV

# Generate resource.syso for Windows
if [[ "$GOOS" == "windows" || "$OS" == "Windows_NT" ]]; then
pushd cmd/state-exec > /dev/null
go generate
popd > /dev/null
fi
TARGET=$BUILD_TARGET_DIR/$constants.BUILD_EXEC_TARGET
echo "Building $TARGET"
go build -tags "$GO_BUILD_TAGS" -o $TARGET $constants.CLI_BUILDFLAGS $constants.EXECUTOR_PKGS
Expand All @@ -146,6 +156,13 @@ scripts:
value: |
set -e
$constants.SET_ENV

# Generate resource.syso for Windows
if [[ "$GOOS" == "windows" || "$OS" == "Windows_NT" ]]; then
pushd cmd/state-mcp > /dev/null
go generate
popd > /dev/null
fi
TARGET=$BUILD_TARGET_DIR/$constants.BUILD_MCP_TARGET
echo "Building $TARGET"
go build -tags "$GO_BUILD_TAGS" -o $TARGET $constants.CLI_BUILDFLAGS $constants.MCP_PKGS
Expand Down Expand Up @@ -175,6 +192,12 @@ scripts:
set -e
$constants.SET_ENV

# Generate resource.syso for Windows
if [[ "$GOOS" == "windows" || "$OS" == "Windows_NT" ]]; then
pushd cmd/state-installer > /dev/null
go generate
popd > /dev/null
fi
go build -tags "$GO_BUILD_TAGS" -o $BUILD_TARGET_DIR/$constants.BUILD_INSTALLER_TARGET $constants.INSTALLER_PKGS
- name: build-remote-installer
language: bash
Expand Down Expand Up @@ -459,6 +482,55 @@ scripts:
language: bash
standalone: true
value: go run $project.path()/scripts/to-buildexpression/main.go $@
- name: serve-org-keys
language: bash
if: ne .Shell "cmd"
description: Runs a server that serves org keys for testing encrypted private ingredients
value: |
org="$1"
if [ -z "$org" ]; then
echo "Usage: state run serve-org-keys <org-name> [<key>]"
echo "Error: missing organization name"
exit 1
fi
key="$2"

echo "Starting org key server."
if [ -z "$key" ]; then
echo "Using random encryption key (see below)"
python3 -- scripts/orgkeyserver.py --org "$org"
else
python3 -- scripts/orgkeyserver.py --org "$org" --key "$key"
fi
- name: serve-org-keys
language: batch
if: eq .Shell "cmd"
description: Runs a server that serves org keys for testing encrypted private ingredients
value: |
set "org=%~1"
if "%org%"=="" (
echo Usage: state run serve-org-keys ^<org-name^> [^<key^>]
echo Error: missing organization name
exit /b 1
)
set "key=%~2"

set "PY="
where python >nul 2>nul && set "PY=python"
if not defined PY (where py >nul 2>nul && set "PY=py -3")
if not defined PY (where python3 >nul 2>nul && set "PY=python3")
if not defined PY (
echo Error: no Python interpreter found on PATH ^(tried python, py, python3^).
exit /b 1
)

echo Starting org key server.
if "%key%"=="" (
echo Using random encryption key ^(see below^)
%PY% scripts\orgkeyserver.py --org "%org%"
) else (
%PY% scripts\orgkeyserver.py --org "%org%" --key "%key%"
)

events:
- name: activate
Expand Down
5 changes: 5 additions & 0 deletions changelog.md
Original file line number Diff line number Diff line change
Expand Up @@ -24,11 +24,16 @@ and this project adheres to
- `privateingredient.bearer_token_env`: name of an environment variable to read a bearer token from.
- `privateingredient.bearer_token_file`: path to a file to read a bearer token from.
- `privateingredient.cache_key_on_disk`: whether to cache the fetched key on disk for headless or offline reuse.
- `state config` now shows where a configured value comes from (set locally, set by environment variable, or the default).
- All configuration keys can be overridden by a corresponding `ACTIVESTATE_CONFIG_*` environment variable, where all
characters are in upper-case, and '.' is replaced with '_'. For example, the "security.prompt.level" key is
controlled using `ACTIVESTATE_CONFIG_SECURITY_PROMPT_LEVEL`.

### Fixed

- Fixed occasional panic due to a concurrent map read/write during runtime setup.
- Fixed `state clean cache` from accidentally deleting State Tool binaries on Windows.
- Fixed unnecessary Windows installer UAC elevation prompt.

### Security

Expand Down
3 changes: 3 additions & 0 deletions cmd/state-exec/main_windows.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
//go:generate goversioninfo

package main
3 changes: 3 additions & 0 deletions cmd/state-installer/main_windows.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
//go:generate goversioninfo

package main
3 changes: 3 additions & 0 deletions cmd/state-mcp/main_windows.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
//go:generate goversioninfo

package main
2 changes: 1 addition & 1 deletion cmd/state-remote-installer/versioninfo.json
Original file line number Diff line number Diff line change
Expand Up @@ -39,5 +39,5 @@
}
},
"IconPath": "../../internal/assets/contents/icon.ico",
"ManifestPath": ""
"ManifestPath": "../../internal/assets/contents/asInvoker.manifest"
}
2 changes: 1 addition & 1 deletion cmd/state-svc/internal/notifications/notifications.go
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ import (
)

func init() {
configMediator.RegisterOption(constants.NotificationsURLConfig, configMediator.String, "")
configMediator.RegisterOption(constants.NotificationsURLConfig, configMediator.String, "", constants.NotificationsOverrideEnvVarName)
}

const ConfigKeyLastReport = "notifications.last_reported"
Expand Down
2 changes: 1 addition & 1 deletion cmd/state/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -97,7 +97,7 @@ func main() {
// Configuration options
// This should only be used if the config option is not exclusive to one package.
configMediator.RegisterOption(constants.OptinBuildscriptsConfig, configMediator.Bool, false)
configMediator.RegisterOption(constants.NotificationsURLConfig, configMediator.String, "")
configMediator.RegisterOption(constants.NotificationsURLConfig, configMediator.String, "", constants.NotificationsOverrideEnvVarName)

// Set up our output formatter/writer
outFlags := parseOutputFlags(os.Args)
Expand Down
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
module github.com/ActiveState/cli

go 1.26.4
go 1.26.5

require (
github.com/99designs/gqlgen v0.17.54
Expand Down
2 changes: 1 addition & 1 deletion internal/analytics/analytics.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ import (
)

func init() {
configMediator.RegisterOption(constants.AnalyticsPixelOverrideConfig, configMediator.String, "")
configMediator.RegisterOption(constants.AnalyticsPixelOverrideConfig, configMediator.String, "", constants.AnalyticsPixelOverrideEnv)
}

// Dispatcher describes a struct that can send analytics event in the background
Expand Down
25 changes: 25 additions & 0 deletions internal/assets/contents/asInvoker.manifest
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<!--
Shared Windows application manifest for all State Tool executables.

Declaring an explicit requestedExecutionLevel of asInvoker opts every
binary out of Windows' legacy UAC "installer detection" heuristic, which
otherwise auto-flags executables (especially ones whose filename contains
"install") for elevation. Without this, state-remote-installer.exe was
triggering a UAC prompt; authenticating it installed the State Tool under
the admin account instead of the invoking user. asInvoker makes every
binary run with the token of the user that launched it.

Note: a user/helpdesk "Run as administrator" choice cached under
AppCompatFlags\Layers (RUNASADMIN) overrides this manifest and must be
cleared separately.
-->
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false" />
</requestedPrivileges>
</security>
</trustInfo>
</assembly>
2 changes: 1 addition & 1 deletion internal/assets/contents/versioninfo.json
Original file line number Diff line number Diff line change
Expand Up @@ -37,5 +37,5 @@
}
},
"IconPath": "../../internal/assets/contents/icon.ico",
"ManifestPath": ""
"ManifestPath": "../../internal/assets/contents/asInvoker.manifest"
}
11 changes: 10 additions & 1 deletion internal/config/instance.go
Original file line number Diff line number Diff line change
Expand Up @@ -178,11 +178,20 @@ func (i *Instance) rawGet(key string) interface{} {
}

func (i *Instance) Get(key string) interface{} {
opt := mediator.GetOption(key)

// An environment variable override takes precedence over any stored or default value.
if mediator.KnownOption(opt) {
if value, _, ok := mediator.EnvOverride(opt); ok {
return value
}
}

result := i.rawGet(key)
if result != nil {
return result
}
if opt := mediator.GetOption(key); mediator.KnownOption(opt) {
if mediator.KnownOption(opt) {
return mediator.GetDefault(opt)
}
return nil
Expand Down
6 changes: 6 additions & 0 deletions internal/locale/locales/en-us.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -1545,6 +1545,12 @@ value:
other: Value
default:
other: Default
source:
other: Source
config_source_local:
other: local
config_source_default:
other: default
vulnerabilities:
other: Vulnerabilities (CVEs)
dependency_row:
Expand Down
Loading
Loading