From c2dd6868f970c5726fe328e4172a5809f3557d06 Mon Sep 17 00:00:00 2001
From: William Bezuidenhout <william.bezuidenhout@sourcegraph.com>
Date: Wed, 4 Jun 2025 15:01:45 +0200
Subject: [PATCH 1/9] login with docker

---
 test/Vagrantfile   | 2 ++
 test/smoke-test.sh | 3 +++
 2 files changed, 5 insertions(+)

diff --git a/test/Vagrantfile b/test/Vagrantfile
index 5630cdfb9..34db323a6 100644
--- a/test/Vagrantfile
+++ b/test/Vagrantfile
@@ -62,6 +62,8 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
         cat << EOF >> /root/.profile
 export GIT_BRANCH=#{ENV['BUILDKITE_BRANCH']}
 export TEST_TYPE=#{ENV['TEST_TYPE']}
+export DOCKER_USERNAME=#{ENV['DOCKER_USERNAME']}
+export DOCKER_PASSWORD=#{ENV['DOCKER_PASSWORD']}
 EOF
         SHELL
 
diff --git a/test/smoke-test.sh b/test/smoke-test.sh
index b8621e34d..6526aa8e1 100755
--- a/test/smoke-test.sh
+++ b/test/smoke-test.sh
@@ -2,6 +2,9 @@
 set -euxfo pipefail
 
 configure_docker() {
+  if [ -n "${DOCKER_USERNAME}" ] && [ -n "${DOCKER_PASSWORD}" ]; then
+    docker login -u "${DOCKER_USERNAME}" --password-stdin <<<"$DOCKER_PASSWORD"
+  fi
   gcloud auth configure-docker
   gcloud auth configure-docker us-central1-docker.pkg.dev
 }

From 559c928df264e7c10e5fdb7931c3c05b63a6b78d Mon Sep 17 00:00:00 2001
From: William Bezuidenhout <william.bezuidenhout@sourcegraph.com>
Date: Thu, 5 Jun 2025 15:34:55 +0200
Subject: [PATCH 2/9] use mise

---
 .buildkite/hooks/pre-command | 7 ++++++-
 .use_mise                    | 6 ++++++
 2 files changed, 12 insertions(+), 1 deletion(-)
 create mode 100644 .use_mise

diff --git a/.buildkite/hooks/pre-command b/.buildkite/hooks/pre-command
index cbdcbd37c..7f4a682ec 100755
--- a/.buildkite/hooks/pre-command
+++ b/.buildkite/hooks/pre-command
@@ -27,4 +27,9 @@ trap remove_pidfile EXIT
 echo $$ > "$PIDFILE"
 
 echo "Installing asdf dependencies as defined in '${WORKDIR}/.tool-versions':"
-asdf install
+if [ ! -f ".use_mise" ]; then
+  asdf install
+else
+  mise install
+  eval "$(mise activate)"
+fi
diff --git a/.use_mise b/.use_mise
new file mode 100644
index 000000000..a4d863b6a
--- /dev/null
+++ b/.use_mise
@@ -0,0 +1,6 @@
+Buildkite Agent CI use the presence of this file to determine whether it should install tools with mise or install them with ASDF.
+Thus if you delete this file, CI will use ASDF to install tools and not mise.
+
+The file is only meant to be here while we transition to using mise completely.
+
+For more information you can reach out to the dev-infra team on #discuss-dev-infra.

From 95ed7689bd0025a4ae2b2123dcaa57a7bef1c35f Mon Sep 17 00:00:00 2001
From: William Bezuidenhout <william.bezuidenhout@sourcegraph.com>
Date: Thu, 5 Jun 2025 17:41:17 +0200
Subject: [PATCH 3/9] fix plugin

---
 .buildkite/vagrant-run.sh | 5 +++++
 test/smoke-test.sh        | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/.buildkite/vagrant-run.sh b/.buildkite/vagrant-run.sh
index 13d2c8a2e..5ceab1bcc 100755
--- a/.buildkite/vagrant-run.sh
+++ b/.buildkite/vagrant-run.sh
@@ -21,6 +21,11 @@ for i in "${plugins[@]}"; do
 done
 
 trap cleanup EXIT
+
+echo --- ":bug: fixing dotenv"
+echo "see Fix plugin: https://github.com/hashicorp/vagrant/issues/13550"
+sed -i -e 's/exists?/exist?/g' /var/lib/buildkite-agent/.vagrant.d/gems/3.3.8/gems/dotenv-0.11.1/lib/dotenv.rb
+
 echo --- ":vagrant: starting box $box"
 vagrant up "$box" --provider=google || exit_code=$?
 
diff --git a/test/smoke-test.sh b/test/smoke-test.sh
index 6526aa8e1..132c096d0 100755
--- a/test/smoke-test.sh
+++ b/test/smoke-test.sh
@@ -17,7 +17,7 @@ deploy_sourcegraph() {
 		timeout 600s ./pure-docker/deploy.sh
 		expect_containers="23"
 	elif [[ "$TEST_TYPE" == "docker-compose-test" ]]; then
-		docker-compose --file docker-compose/docker-compose.yaml up -d -t 600
+    docker-compose --file docker-compose/docker-compose.yaml up -d -t 600
 		expect_containers="25"
 	fi
 

From d70d15057fa4abdef148a70c65ff6f804ff0f58b Mon Sep 17 00:00:00 2001
From: William Bezuidenhout <william.bezuidenhout@sourcegraph.com>
Date: Fri, 6 Jun 2025 12:50:21 +0200
Subject: [PATCH 4/9] debug

---
 .buildkite/vagrant-run.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.buildkite/vagrant-run.sh b/.buildkite/vagrant-run.sh
index 5ceab1bcc..3b016e4f7 100755
--- a/.buildkite/vagrant-run.sh
+++ b/.buildkite/vagrant-run.sh
@@ -15,6 +15,7 @@ cleanup() {
 echo --- ":vagrant: installing plugins"
 plugins=(vagrant-google vagrant-env vagrant-scp)
 for i in "${plugins[@]}"; do
+  vagrant plugin list --no-tty
 	if ! vagrant plugin list --no-tty | grep "$i"; then
 		vagrant plugin install "$i"
 	fi

From ccc45adaf9c82183ef5f22e59e73d7221a0ed8de Mon Sep 17 00:00:00 2001
From: William Bezuidenhout <william.bezuidenhout@sourcegraph.com>
Date: Mon, 9 Jun 2025 15:50:13 +0200
Subject: [PATCH 5/9] fetch builder key and set env var for vagrant provider

---
 .buildkite/vagrant-run.sh | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/.buildkite/vagrant-run.sh b/.buildkite/vagrant-run.sh
index 3b016e4f7..849d54eca 100755
--- a/.buildkite/vagrant-run.sh
+++ b/.buildkite/vagrant-run.sh
@@ -13,7 +13,7 @@ cleanup() {
 }
 
 echo --- ":vagrant: installing plugins"
-plugins=(vagrant-google vagrant-env vagrant-scp)
+plugins=("vagrant-google --plugin-version '2.7.0'" vagrant-env vagrant-scp)
 for i in "${plugins[@]}"; do
   vagrant plugin list --no-tty
 	if ! vagrant plugin list --no-tty | grep "$i"; then
@@ -24,9 +24,16 @@ done
 trap cleanup EXIT
 
 echo --- ":bug: fixing dotenv"
-echo "see Fix plugin: https://github.com/hashicorp/vagrant/issues/13550"
+echo "see fix: https://github.com/hashicorp/vagrant/issues/13550"
 sed -i -e 's/exists?/exist?/g' /var/lib/buildkite-agent/.vagrant.d/gems/3.3.8/gems/dotenv-0.11.1/lib/dotenv.rb
 
+echo --- ":lock: builder account key"
+KEY_PATH="/tmp/e2e-builder.json"
+if [ ! -f ${KEY_PATH} ];
+  gcloud secrets versions access latest --secret=e2e-builder-sa-key --quiet --project=sourcegraph-ci > "${KEY_PATH}"
+fi
+export GOOGLE_JSON_KEY_LOCATION="${KEY_PATH}"
+
 echo --- ":vagrant: starting box $box"
 vagrant up "$box" --provider=google || exit_code=$?
 

From e84504303e5589539eaa8f265409427714f30873 Mon Sep 17 00:00:00 2001
From: William Bezuidenhout <william.bezuidenhout@sourcegraph.com>
Date: Mon, 9 Jun 2025 15:57:14 +0200
Subject: [PATCH 6/9] Simplify Vagrant plugin installation in build script

---
 .buildkite/vagrant-run.sh | 19 ++++++++-----------
 1 file changed, 8 insertions(+), 11 deletions(-)

diff --git a/.buildkite/vagrant-run.sh b/.buildkite/vagrant-run.sh
index 849d54eca..caa5e8d50 100755
--- a/.buildkite/vagrant-run.sh
+++ b/.buildkite/vagrant-run.sh
@@ -13,23 +13,20 @@ cleanup() {
 }
 
 echo --- ":vagrant: installing plugins"
-plugins=("vagrant-google --plugin-version '2.7.0'" vagrant-env vagrant-scp)
-for i in "${plugins[@]}"; do
-  vagrant plugin list --no-tty
-	if ! vagrant plugin list --no-tty | grep "$i"; then
-		vagrant plugin install "$i"
-	fi
-done
+vagrant --version
+vagrant plugin install vagrant-google --plugin-version '2.7.0'
+vagrant plugin install vagrant-env
+vagrant plugin install vagrant-scp
 
 trap cleanup EXIT
 
-echo --- ":bug: fixing dotenv"
-echo "see fix: https://github.com/hashicorp/vagrant/issues/13550"
-sed -i -e 's/exists?/exist?/g' /var/lib/buildkite-agent/.vagrant.d/gems/3.3.8/gems/dotenv-0.11.1/lib/dotenv.rb
+# echo --- ":bug: fixing dotenv"
+# echo "see fix: https://github.com/hashicorp/vagrant/issues/13550"
+# sed -i -e 's/exists?/exist?/g' /var/lib/buildkite-agent/.vagrant.d/gems/3.3.8/gems/dotenv-0.11.1/lib/dotenv.rb
 
 echo --- ":lock: builder account key"
 KEY_PATH="/tmp/e2e-builder.json"
-if [ ! -f ${KEY_PATH} ];
+if [ ! -f ${KEY_PATH} ]; then
   gcloud secrets versions access latest --secret=e2e-builder-sa-key --quiet --project=sourcegraph-ci > "${KEY_PATH}"
 fi
 export GOOGLE_JSON_KEY_LOCATION="${KEY_PATH}"

From 18caed2fd5afb84eadc1021b84fbb8fce436f438 Mon Sep 17 00:00:00 2001
From: William Bezuidenhout <william.bezuidenhout@sourcegraph.com>
Date: Mon, 9 Jun 2025 19:39:56 +0200
Subject: [PATCH 7/9] run checkov

---
 .buildkite/ci-checkov.sh  | 8 ++------
 .buildkite/vagrant-run.sh | 4 ----
 .tool-versions            | 2 +-
 3 files changed, 3 insertions(+), 11 deletions(-)

diff --git a/.buildkite/ci-checkov.sh b/.buildkite/ci-checkov.sh
index a9ee4ebd8..a4d1a9372 100755
--- a/.buildkite/ci-checkov.sh
+++ b/.buildkite/ci-checkov.sh
@@ -1,11 +1,7 @@
 #!/usr/bin/env bash
-# Set this to fail on the install 
+# Set this to fail on the install
 set -euxo pipefail
 
-# Install and run the plugin for checkov
-# Use the full path to run pip3.10
-pip3 install checkov
-
 # List of checks we do not want to run here
 # This is a living list and will see additions and mostly removals over time.
 SKIP_CHECKS="CKV_GCP_22,CKV_GCP_66,CKV_GCP_13,CKV_GCP_71,CKV_GCP_61,CKV_GCP_21,CKV_GCP_65,CKV_GCP_67,CKV_GCP_20,CKV_GCP_69,CKV_GCP_12,CKV_GCP_24,CKV_GCP_25,CKV_GCP_64,CKV_GCP_68,CKV2_AWS_5,CKV2_GCP_3,CKV2_GCP_5,CKV_AWS_23,CKV_GCP_70,CKV_GCP_62,CKV_GCP_62,CKV_GCP_62,CKV_GCP_62,CKV_GCP_29,CKV_GCP_39"
@@ -19,7 +15,7 @@ echo "==========================================================================
 # Set not to fail on non-zero exit code
 set +e
 # Run checkov
-python3 -m checkov.main --skip-check $SKIP_CHECKS --quiet --framework terraform --compact -d .
+checkov --skip-check $SKIP_CHECKS --quiet --framework terraform --compact -d .
 
 # Options
 # --quiet: Only show failing tests
diff --git a/.buildkite/vagrant-run.sh b/.buildkite/vagrant-run.sh
index caa5e8d50..06355a430 100755
--- a/.buildkite/vagrant-run.sh
+++ b/.buildkite/vagrant-run.sh
@@ -20,10 +20,6 @@ vagrant plugin install vagrant-scp
 
 trap cleanup EXIT
 
-# echo --- ":bug: fixing dotenv"
-# echo "see fix: https://github.com/hashicorp/vagrant/issues/13550"
-# sed -i -e 's/exists?/exist?/g' /var/lib/buildkite-agent/.vagrant.d/gems/3.3.8/gems/dotenv-0.11.1/lib/dotenv.rb
-
 echo --- ":lock: builder account key"
 KEY_PATH="/tmp/e2e-builder.json"
 if [ ! -f ${KEY_PATH} ]; then
diff --git a/.tool-versions b/.tool-versions
index 0577dd159..6ad805347 100644
--- a/.tool-versions
+++ b/.tool-versions
@@ -3,4 +3,4 @@ yarn 1.22.4
 shellcheck 0.7.1
 golang 1.19.8
 github-cli 2.46.0
-python system
+checkov

From 3a05b9b2940a171abd9369060a584c9691e40553 Mon Sep 17 00:00:00 2001
From: William Bezuidenhout <william.bezuidenhout@sourcegraph.com>
Date: Mon, 9 Jun 2025 19:50:40 +0200
Subject: [PATCH 8/9] use asdf version of checkov in mise

---
 .tool-versions | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/.tool-versions b/.tool-versions
index 6ad805347..4df9eb887 100644
--- a/.tool-versions
+++ b/.tool-versions
@@ -1,6 +1,6 @@
-nodejs 16.7.0
-yarn 1.22.4
-shellcheck 0.7.1
-golang 1.19.8
-github-cli 2.46.0
-checkov
+nodejs                   16.7.0
+yarn                     1.22.4
+shellcheck               0.7.1
+golang                   1.19.8
+github-cli               2.46.0
+asdf:bosmak/asdf-checkov latest

From 3e95261f7e676374e74f6199392b6f69402bd160 Mon Sep 17 00:00:00 2001
From: William Bezuidenhout <william.bezuidenhout@sourcegraph.com>
Date: Mon, 9 Jun 2025 20:01:53 +0200
Subject: [PATCH 9/9] fix format in script

---
 test/smoke-test.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/smoke-test.sh b/test/smoke-test.sh
index 132c096d0..6526aa8e1 100755
--- a/test/smoke-test.sh
+++ b/test/smoke-test.sh
@@ -17,7 +17,7 @@ deploy_sourcegraph() {
 		timeout 600s ./pure-docker/deploy.sh
 		expect_containers="23"
 	elif [[ "$TEST_TYPE" == "docker-compose-test" ]]; then
-    docker-compose --file docker-compose/docker-compose.yaml up -d -t 600
+		docker-compose --file docker-compose/docker-compose.yaml up -d -t 600
 		expect_containers="25"
 	fi