From mise-toolkit
The `mise generate bootstrap -l -w` pattern for pinning mise in Dockerfiles and CI without `curl | sh`. Commit `./bin/mise` so builds are reproducible and network-free for the mise install step.
npx claudepluginhub ray-manaloto/claude-code-marketplace --plugin mise-toolkitThis skill uses the workspace's default tool permissions.
Every "quick start" guide says `curl https://mise.run | sh` in your Dockerfile. That works but it:
Searches, retrieves, and installs Agent Skills from prompts.chat registry using MCP tools like search_skills and get_skill. Activates for finding skills, browsing catalogs, or extending Claude.
Checks Next.js compilation errors using a running Turbopack dev server after code edits. Fixes actionable issues before reporting complete. Replaces `next build`.
Guides code writing, review, and refactoring with Karpathy-inspired rules to avoid overcomplication, ensure simplicity, surgical changes, and verifiable success criteria.
Share bugs, ideas, or general feedback.
curl | shEvery "quick start" guide says curl https://mise.run | sh in your Dockerfile. That works but it:
The mise generate bootstrap command solves all three by generating a small self-contained bootstrap script that downloads a specific pinned mise version, verifies its checksum, and installs it locally. You commit it to the repo and use it from the Dockerfile.
Run once, from any machine that has mise:
mise generate bootstrap --localize --write
# short form:
mise generate bootstrap -l -w
This:
./bin/mise — a shell script that downloads mise at the pinned version (the version currently on the generating host).-l/--localize, also writes a small helper so the script is usable via relative path.-w/--write writes to disk instead of printing to stdout.Commit ./bin/mise to the repo. It's a few KB.
# syntax=docker/dockerfile:1.7
FROM debian:12-slim AS builder
RUN apt-get update && apt-get install -y --no-install-recommends \
curl git ca-certificates \
&& rm -rf /var/lib/apt/lists/*
WORKDIR /workspace
# Copy the bootstrap first so it's cached aggressively
COPY bin/mise bin/mise
RUN ./bin/mise --version # installs pinned mise into ~/.local/share/mise
COPY mise.toml mise.lock ./
RUN --mount=type=cache,target=/root/.local/share/mise/installs \
./bin/mise trust && ./bin/mise install
COPY . .
RUN ./bin/mise exec -- <build command>
The same script works in GitHub Actions without the jdx/mise-action:
- run: ./bin/mise install
- run: ./bin/mise run test
This is useful when you need a version of mise that's newer/older than whatever jdx/mise-action@v3 defaults to, or when you don't want to depend on a third-party action.
When you want a new mise version:
mise up mise # or: mise self-update
mise generate bootstrap -l -w
git add bin/mise && git commit -m "chore: bump mise to $(mise --version)"
Now the Dockerfile / CI get the new version on the next build. No curl | sh in sight.
ENV MISE_VERSION=2026.4.5 and curl | sh -s -- --version $MISE_VERSION?You can, and it works, but:
mise.run being reachable at build time.mise generate bootstrap script handles platform detection, architecture fallback, and checksum verification in one place.For single-developer projects, the curl | sh form is fine. For anything shipping to production or running in CI at a shop with a security team, use the bootstrap.
If your build environment has no internet at all, the bootstrap script's download step will still fail. For airgapped cases:
~/.local/share/mise/mise./usr/local/bin/mise.But that's rare. The bootstrap pattern covers 95% of "I want reproducible mise installs".
mise-docker-patterns — where the bootstrap fits in the canonical Dockerfile.mise-lockfile — mise.lock is the other half of reproducibility (pins the tools; bootstrap pins mise itself).mise-ci-github-actions — when to use jdx/mise-action vs the bootstrap.mise.jdx.dev/cli/generate/bootstrap.html.