chore: add continuous deployment for workspace proxies (#7364)

.github/workflows/ci.yaml

@@ -487,14 +487,27 @@ jobs:
 
       - name: Install Release
         run: |
-          gcloud config set project coder-dogfood
-          gcloud config set compute/zone us-central1-a
-          gcloud compute scp ./build/coder_*_linux_amd64.deb coder:/tmp/coder.deb
-          gcloud compute ssh coder -- sudo dpkg -i --force-confdef /tmp/coder.deb
-          gcloud compute ssh coder -- sudo systemctl daemon-reload
+          set -euo pipefail
 
-      - name: Start
-        run: gcloud compute ssh coder -- sudo service coder restart
+          regions=(
+            # gcp-region-id instance-name systemd-service-name
+            "us-central1-a coder coder"
+            "australia-southeast1-b coder-sydney coder-proxy"
+            "europe-west3-c coder-europe coder-proxy"
+            "southamerica-east1-b coder-brazil coder-proxy"
+          )
+
+          gcloud config set project coder-dogfood
+          for region in "${regions[@]}"; do
+            echo "::group::$region"
+            set -- $region
+
+            gcloud config set compute/zone "$1"
+            gcloud compute scp ./build/coder_*_linux_amd64.deb "$2":/tmp/coder.deb
+            gcloud compute ssh "$2" -- /bin/sh -c "set -eux; sudo dpkg -i --force-confdef /tmp/coder.deb; sudo systemctl daemon-reload; sudo service '$3' restart"
+
+            echo "::endgroup::"
+          done
 
       - uses: actions/upload-artifact@v3
         with:

codersdk/workspaceproxy.go

@@ -39,10 +39,10 @@ type WorkspaceProxyStatus struct {
 // A healthy report will have no errors. Warnings are not fatal.
 type ProxyHealthReport struct {
 	// Errors are problems that prevent the workspace proxy from being healthy
-	Errors []string
+	Errors []string `json:"errors"`
 	// Warnings do not prevent the workspace proxy from being healthy, but
 	// should be addressed.
-	Warnings []string
+	Warnings []string `json:"warnings"`
 }
 
 type WorkspaceProxy struct {

enterprise/wsproxy/wsproxy.go

@@ -229,7 +229,7 @@ func New(ctx context.Context, opts *Options) (*Server, error) {
 		s.AppServer.Attach(r)
 	})
 
-	r.Get("/buildinfo", s.buildInfo)
+	r.Get("/api/v2/buildinfo", s.buildInfo)
 	r.Get("/healthz", func(w http.ResponseWriter, r *http.Request) { _, _ = w.Write([]byte("OK")) })
 	// TODO: @emyrk should this be authenticated or debounced?
 	r.Get("/healthz-report", s.healthReport)

scripts/linux-pkg/coder-workspace-proxy.service

@@ -0,0 +1,31 @@
+[Unit]
+Description="Coder - external workspace proxy server"
+Documentation=https://coder.com/docs/coder-oss
+Requires=network-online.target
+After=network-online.target
+ConditionFileNotEmpty=/etc/coder.d/coder-proxy.env
+StartLimitIntervalSec=60
+StartLimitBurst=3
+
+[Service]
+Type=notify
+EnvironmentFile=/etc/coder.d/coder-proxy.env
+User=coder
+Group=coder
+ProtectSystem=full
+PrivateTmp=yes
+PrivateDevices=yes
+SecureBits=keep-caps
+AmbientCapabilities=CAP_IPC_LOCK CAP_NET_BIND_SERVICE
+CacheDirectory=coder
+CapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK CAP_NET_BIND_SERVICE
+KillSignal=SIGINT
+KillMode=mixed
+NoNewPrivileges=yes
+ExecStart=/usr/bin/coder proxy server
+Restart=on-failure
+RestartSec=5
+TimeoutStopSec=90
+
+[Install]
+WantedBy=multi-user.target

scripts/linux-pkg/nfpm.yaml

@@ -25,3 +25,5 @@ contents:
     type: "config|noreplace"
   - src: coder.service
     dst: /usr/lib/systemd/system/coder.service
+  - src: coder-proxy.service
+    dst: /usr/lib/systemd/system/coder-proxy.service

scripts/package.sh

@@ -84,9 +84,10 @@ cdroot
 temp_dir="$(TMPDIR="$(dirname "$input_file")" mktemp -d)"
 ln "$input_file" "$temp_dir/coder"
 ln "$(realpath coder.env)" "$temp_dir/"
-ln "$(realpath coder.service)" "$temp_dir/"
-ln "$(realpath preinstall.sh)" "$temp_dir/"
-ln "$(realpath scripts/nfpm.yaml)" "$temp_dir/"
+ln "$(realpath scripts/linux-pkg/coder-workspace-proxy.service)" "$temp_dir/"
+ln "$(realpath scripts/linux-pkg/coder.service)" "$temp_dir/"
+ln "$(realpath scripts/linux-pkg/nfpm.yaml)" "$temp_dir/"
+ln "$(realpath scripts/linux-pkg/preinstall.sh)" "$temp_dir/"
 
 pushd "$temp_dir"
 GOARCH="$arch" CODER_VERSION="$version" nfpm package \

site/src/api/typesGenerated.ts

@@ -692,8 +692,8 @@ export interface ProvisionerJobLog {
 
 // From codersdk/workspaceproxy.go
 export interface ProxyHealthReport {
-  readonly Errors: string[]
-  readonly Warnings: string[]
+  readonly errors: string[]
+  readonly warnings: string[]
 }
 
 // From codersdk/workspaces.go