Skip to content

[Internal] Revert main to v1.113.0 and update next release as v1.114.1#5671

Closed
tanmay-db wants to merge 15 commits into
mainfrom
revert-to-v1.113.0
Closed

[Internal] Revert main to v1.113.0 and update next release as v1.114.1#5671
tanmay-db wants to merge 15 commits into
mainfrom
revert-to-v1.113.0

Conversation

@tanmay-db

@tanmay-db tanmay-db commented Apr 29, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Changes

Rolls main back to v1.113.0 as the stable release, then re-applies a small set of post-v1.113.0 commits we want to retain (CI/release infra, a Go-toolchain security bump, and
a test fix for an API that no longer permits the disable path). All other changes merged after v1.113.0 — including the v1.114.0 release — are reverted.

Retained commits:

  • #5606 — [Internal] Replace release workflow with package workflow
  • #5615 — [Internal] Bump Go toolchain from 1.24 to 1.25.7
  • #5619 — [Internal] Bump github.com/hashicorp/hc-install to v0.9.4
  • #5630 — Remove legacy tag-triggered release workflow
  • #5609 — Route integration-tests trigger through emu-access runner
  • #5635 — [Internal] Remove obsolete disable step from TestAccSQLGlobalConfigServerless (the API no longer
    permits disabling serverless)

Partially retained — only the .github/workflows/ and/or tagging.py portions of these commits are kept (other changes reverted):

  • #5570 — workspace_id support for Autogenerated Plugin Framework resources (only next-changelog.yml
    changes kept)
  • #5621 — Update SDK API to 11ae6f9d (only next-changelog.yml, tagging.yml, and tagging.py changes
    kept)
  • #5656 — Update SDK API to c5aab29c (only tagging.yml and tagging.py changes kept)
  • #5665 — Update SDK API to c5aab29c (only tagging.yml changes kept)

Tests

  • CI

@tanmay-db
Revert main to v1.113.0
dfa3912 
Resets the tree to match the v1.113.0 release tag, undoing all changes
merged since then (including the v1.114.0 release).
@tanmay-db tanmay-db requested review from a team as code owners April 29, 2026 17:41
@tanmay-db tanmay-db requested review from Divyansh-db and removed request for a team April 29, 2026 17:41
@tanmay-db tanmay-db temporarily deployed to test-trigger-is April 29, 2026 17:41 — with GitHub Actions Inactive
@tanmay-db tanmay-db changed the title Revert main to v1.113.0 [Internal] Revert main to v1.113.0 Apr 29, 2026
@tanmay-db tanmay-db temporarily deployed to test-trigger-is April 29, 2026 17:42 — with GitHub Actions Inactive
@tanmay-db tanmay-db changed the title [Internal] Revert main to v1.113.0 [Internal] Revert main to v1.113.0 and update next release as v1.114.1 Apr 29, 2026
@tanmay-db tanmay-db temporarily deployed to test-trigger-is April 29, 2026 17:50 — with GitHub Actions Inactive
@tanmay-db tanmay-db temporarily deployed to test-trigger-is April 29, 2026 17:52 — with GitHub Actions Inactive
@tanmay-db tanmay-db force-pushed the revert-to-v1.113.0 branch from abaf4c3 to ca14a86 Compare April 29, 2026 17:56
@tanmay-db tanmay-db temporarily deployed to test-trigger-is April 29, 2026 17:56 — with GitHub Actions Inactive
@tanmay-db tanmay-db requested review from chrisst and renaudhartert-db and removed request for a team, Divyansh-db, chrisst and renaudhartert-db April 29, 2026 17:59
@tanmay-db tanmay-db changed the title [Internal] Revert main to v1.113.0 and update next release as v1.114.1 [WIP] [Internal] Revert main to v1.113.0 and update next release as v1.114.1 Apr 29, 2026
hectorcast-db and others added 4 commits April 29, 2026 20:23
@hectorcast-db @tanmay-db
[Internal] Replace release workflow with package workflow (#5606)
4cbafa7 
## Summary
- Remove legacy `.github/workflows/release.yml`.
- Add `.github/workflows/package.yml`, a manually-triggered workflow
that builds and GPG-signs release artifacts (per-platform zips,
`SHA256SUMS`, GPG signature) and release notes for a given version tag,
and uploads them as artifacts.
- The packaged artifacts are intended to be consumed by the release
workflow in `secure-public-registry-releases-eng`.

## Test plan
- [x] Test run against `v1.113.0`:
https://github.com/databricks/terraform-provider-databricks/actions/runs/24665102001/job/72120615714
- [x] Verified the staged artifact set matches the assets attached to
prior releases.

NO_CHANGELOG=true

This pull request and its description were written by Isaac.
@renaudhartert-db @tanmay-db
[Internal] Bump Go toolchain from 1.24 to 1.25.7 (#5615)
3dec711 
Bumps the provider's minimum Go toolchain from 1.24.0 to 1.25.7.

Go 1.24 is affected by a `crypto/tls` vulnerability in TLS 1.3 session
resumption: when `Config.ClientCAs` or `Config.RootCAs` are mutated
between an initial handshake and a resumed handshake, the resumed
session can succeed against the stale CA set when it should have failed.
In practice a previously trusted client or server identity may continue
to be accepted after the trust material has been revoked, which weakens
the TLS guarantees the provider relies on for workspace and account API
calls. The fix was backported to Go 1.24.13, Go 1.25.7, and Go 1.26 GA.

Pinning the `go` directive to 1.25.7 (rather than a bare `1.25`) is
deliberate: the `go` directive is the floor for the compiler that builds
the released binary, and `go 1.25` would still permit 1.25.0 through
1.25.6, which carry the unpatched `crypto/tls`. Pinning the patch
version guarantees every released provider binary carries the fix.

- `go.mod`: `go 1.24.0` -> `go 1.25.7`. No other changes; `go.sum` is
unaffected since the `go` directive bump doesn't touch module hashes.
- `NEXT_CHANGELOG.md`: Internal Changes entry noting the bump.

No source changes. Every workflow in `.github/workflows/` already
resolves the Go version via `go-version-file: go.mod`, so CI, release,
CodeQL, and packaging jobs pick up the new toolchain automatically.

- [ ] CI green against the new toolchain.
- [ ] The Setup Go step in the build workflow log reports installing a
Go 1.25.7+ toolchain.
@hectorcast-db @github-actions @tanmay-db
[Internal] Bump github.com/hashicorp/hc-install to v0.9.4 (#5619)
4bf6878 
## Summary
- Bumps `github.com/hashicorp/hc-install` from v0.9.3 to v0.9.4 to pick
up critical fixes.
- Transitively bumps the `go` directive from 1.25.7 to 1.25.8, since
hc-install v0.9.4's module graph requires `go >= 1.25.8`.
- Picks up the indirect dep floor that hc-install v0.9.4 requires (MVS —
can't hold these at older versions while using v0.9.4):
  - `ProtonMail/go-crypto` 1.3.0 → 1.4.1
  - `hashicorp/go-version` 1.8.0 → 1.9.0
  - `go-git/go-billy/v5` 5.6.2 → 5.8.0
  - `go-git/go-git/v5` 5.16.5 → 5.18.0
  - `golang.org/x/crypto` 0.48.0 → 0.49.0
  - `golang.org/x/mod` 0.33.0 → 0.35.0
  - `golang.org/x/net` 0.49.0 → 0.52.0
  - `golang.org/x/sync` 0.19.0 → 0.20.0
  - `golang.org/x/sys` 0.41.0 → 0.42.0
  - `golang.org/x/term` 0.40.0 → 0.41.0
  - `golang.org/x/text` 0.34.0 → 0.35.0
  - `golang.org/x/tools` 0.41.0 → 0.43.0
  - `golang.org/x/telemetry` (timestamp bump)

## Test plan
- [ ] `build`, `fmt`, and `schema` jobs pass — confirms all new versions
resolve through the JFrog `db-golang` mirror and nothing in the provider
breaks against the new transitive floors.
- [ ] `make diff-schema` shows no Terraform schema changes.

NO_CHANGELOG=true

---------

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
@hectorcast-db @tanmay-db
Remove legacy tag-triggered release workflow (#5630)
7ae79cd 
NO_CHANGELOG=true

## Summary
The legacy tag-triggered release workflow is superseded by the secure
release pipeline in
`databricks/secure-public-registry-releases-eng`, which dispatches
`tagging.yml` and
`package.yml` here and handles the GitHub release (with zips +
SHA256SUMS) externally.
This PR removes the obsolete tag-trigger path while preserving the
`merge_group` snapshot build that runs as a build-breakage check in the
merge queue.

## What changed
- `.github/workflows/release-legacy.yml`: dropped `push.tags` trigger,
removed the strictly tag-gated steps (release-notes extraction and the
non-snapshot `goreleaser release` run), and removed the now-redundant
`if: ! startsWith(github.ref, 'refs/tags/v')` guard on the snapshot
step. The `merge_group` trigger and the `goreleaser release --clean
--snapshot` build-check step are preserved.

## What's preserved
- `tagging.yml` (auto-tag entry point dispatched by the secure release
pipeline)
- `package.yml` (GPG-signed GoReleaser build dispatched by the secure
release workflow)
- `release-legacy.yml`'s `merge_group` GoReleaser snapshot run (catches
build breakage in the merge queue)

## Blast radius
Terraform Registry polls the GH Release assets. The secure release
pipeline now produces
the exact asset set (`*.zip`, `*_SHA256SUMS`, `*_SHA256SUMS.sig`) that
it produced before.
@tanmay-db tanmay-db temporarily deployed to test-trigger-is April 29, 2026 18:24 — with GitHub Actions Inactive
@tanmay-db tanmay-db temporarily deployed to test-trigger-is April 29, 2026 18:32 — with GitHub Actions Inactive
@tanmay-db tanmay-db temporarily deployed to test-trigger-is April 29, 2026 18:33 — with GitHub Actions Inactive
@tanmay-db
Sync .github/workflows/next-changelog.yml and tagging.yml to main
0ec72ff 
These two workflow files are auto-generated (# Generated file. DO NOT EDIT.).
Restoring them to match origin/main so the revert PR introduces no workflow
drift versus main.

Changes since v1.113.0 that produced the divergence (now discarded):

next-changelog.yml:
  - #5570 (5ea18ac): added pull_request_target types filter, dependabot
    skip, bumped actions/checkout v3.6.0 -> v6.0.2
  - #5621 (ba1223c): runner-group switch deco-testing -> protected-runner

tagging.yml:
  - #5621 (ba1223c): runner-group switch + Upload created tags artifact step
  - #5656 (5dc7b31): added packages workflow input + conditional tagging.py call
  - #5665 (eebe29b): removed duplicate '# Generated file' comment
@tanmay-db tanmay-db temporarily deployed to test-trigger-is April 29, 2026 18:36 — with GitHub Actions Inactive
@tanmay-db tanmay-db temporarily deployed to test-trigger-is April 29, 2026 18:36 — with GitHub Actions Inactive
tanmay-db and others added 2 commits April 29, 2026 21:00
@tanmay-db
[Internal] Remove obsolete disable step from TestAccSQLGlobalConfigSe…
65d3fdb 
…rverless (#5635)

## Summary

Remove the third step of `TestAccSQLGlobalConfigServerless` which
asserts `enable_serverless_compute = false` can be applied successfully.
The underlying API (`/api/2.0/sql/config/warehouses`) no longer permits
disabling serverless on most workspaces — it returns
`INVALID_PARAMETER_VALUE`. The `enable_serverless_compute` attribute on
`databricks_sql_global_config` is already marked Deprecated for the same
reason.

The first two steps (enabling serverless, and applying a default empty
configuration) remain valid coverage.

  ## Changes

* `sql/sql_global_config_test.go` — drop the disable step
(`enable_serverless_compute = false` +
  `checkServerlessEnabled(false)`)

NO_CHANGELOG=true
@tanmay-db
Sync tagging.py to main
ec0c2c8 
tagging.py is part of the release infrastructure. Restoring it to match
origin/main so the revert PR introduces no drift versus main on release
tooling.

Changes since v1.113.0 that produced the divergence (now picked up):

  - #5621 (ba1223c): minor +23/-2 update bundled with SDK API auto-bump
  - #5656 (5dc7b31): +156/-37 — added Version dataclass, CREATED_TAGS_FILE_NAME
    constant, and the broader tagging-script rework
@tanmay-db tanmay-db temporarily deployed to test-trigger-is April 29, 2026 19:01 — with GitHub Actions Inactive
@tanmay-db tanmay-db temporarily deployed to test-trigger-is April 29, 2026 19:02 — with GitHub Actions Inactive
@tanmay-db tanmay-db temporarily deployed to test-trigger-is April 29, 2026 19:06 — with GitHub Actions Inactive
@tanmay-db tanmay-db temporarily deployed to test-trigger-is April 29, 2026 19:07 — with GitHub Actions Inactive
@tanmay-db tanmay-db changed the title [WIP] [Internal] Revert main to v1.113.0 and update next release as v1.114.1 [Internal] Revert main to v1.113.0 and update next release as v1.114.1 Apr 29, 2026
@tanmay-db tanmay-db temporarily deployed to test-trigger-is April 29, 2026 19:08 — with GitHub Actions Inactive
@tanmay-db tanmay-db temporarily deployed to test-trigger-is April 29, 2026 19:35 — with GitHub Actions Inactive
@tanmay-db tanmay-db temporarily deployed to test-trigger-is April 29, 2026 19:35 — with GitHub Actions Inactive
@tanmay-db
Sync CHANGELOG.md to main
f03d493 
v1.114.1 is a patch release of v1.114.0, not a fresh rollback. Keep the
v1.114.0 release entry on the branch so the published CHANGELOG.md after
v1.114.1 ships reads:

  v1.114.1 (rollback patch) -> v1.114.0 -> v1.113.0
@tanmay-db tanmay-db temporarily deployed to test-trigger-is April 29, 2026 19:37 — with GitHub Actions Inactive
@github-actions

github-actions Bot commented Apr 29, 2026

Copy link
Copy Markdown
Contributor

If integration tests don't run automatically, an authorized user can run them manually by following the instructions below:

Trigger:
go/deco-tests-run/terraform

Inputs:

  • PR number: 5671
  • Commit SHA: f03d4931b7102db3e80f51406dab6dd661a02ce4

Checks will be approved automatically on success.

@tanmay-db tanmay-db temporarily deployed to test-trigger-is April 29, 2026 19:37 — with GitHub Actions Inactive
@tanmay-db tanmay-db closed this Apr 29, 2026
@tanmay-db

tanmay-db commented Apr 29, 2026

Copy link
Copy Markdown
Contributor Author

Released: https://registry.terraform.io/providers/databricks/databricks/latest/docs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@alexott alexott alexott approved these changes
@Divyansh-db Divyansh-db Divyansh-db approved these changes
@chrisst chrisst Awaiting requested review from chrisst
@renaudhartert-db renaudhartert-db Awaiting requested review from renaudhartert-db

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@tanmay-db @alexott @Divyansh-db @hectorcast-db @renaudhartert-db @mihaimitrea-db