From 3b15234660954cfa8275143a33e42d23a22587d0 Mon Sep 17 00:00:00 2001
From: Dean Sheather <dean@deansheather.com>
Date: Mon, 1 May 2023 15:02:51 -0700
Subject: [PATCH] chore: add continuous deployment for workspace proxies
 (#7364)

---
 .github/workflows/ci.yaml                     | 27 +++++++++++-----
 codersdk/workspaceproxy.go                    |  4 +--
 enterprise/wsproxy/wsproxy.go                 |  2 +-
 .../linux-pkg/coder-workspace-proxy.service   | 31 +++++++++++++++++++
 .../linux-pkg/coder.service                   |  0
 scripts/{ => linux-pkg}/nfpm.yaml             |  2 ++
 .../linux-pkg/preinstall.sh                   |  0
 scripts/package.sh                            |  7 +++--
 site/src/api/typesGenerated.ts                |  4 +--
 9 files changed, 62 insertions(+), 15 deletions(-)
 create mode 100644 scripts/linux-pkg/coder-workspace-proxy.service
 rename coder.service => scripts/linux-pkg/coder.service (100%)
 rename scripts/{ => linux-pkg}/nfpm.yaml (87%)
 rename preinstall.sh => scripts/linux-pkg/preinstall.sh (100%)

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 40d6c599c3..d8c55c7a08 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -487,14 +487,27 @@ jobs:
 
       - name: Install Release
         run: |
-          gcloud config set project coder-dogfood
-          gcloud config set compute/zone us-central1-a
-          gcloud compute scp ./build/coder_*_linux_amd64.deb coder:/tmp/coder.deb
-          gcloud compute ssh coder -- sudo dpkg -i --force-confdef /tmp/coder.deb
-          gcloud compute ssh coder -- sudo systemctl daemon-reload
+          set -euo pipefail
 
-      - name: Start
-        run: gcloud compute ssh coder -- sudo service coder restart
+          regions=(
+            # gcp-region-id instance-name systemd-service-name
+            "us-central1-a coder coder"
+            "australia-southeast1-b coder-sydney coder-proxy"
+            "europe-west3-c coder-europe coder-proxy"
+            "southamerica-east1-b coder-brazil coder-proxy"
+          )
+
+          gcloud config set project coder-dogfood
+          for region in "${regions[@]}"; do
+            echo "::group::$region"
+            set -- $region
+
+            gcloud config set compute/zone "$1"
+            gcloud compute scp ./build/coder_*_linux_amd64.deb "$2":/tmp/coder.deb
+            gcloud compute ssh "$2" -- /bin/sh -c "set -eux; sudo dpkg -i --force-confdef /tmp/coder.deb; sudo systemctl daemon-reload; sudo service '$3' restart"
+
+            echo "::endgroup::"
+          done
 
       - uses: actions/upload-artifact@v3
         with:
diff --git a/codersdk/workspaceproxy.go b/codersdk/workspaceproxy.go
index 336d37e30b..23a275f53d 100644
--- a/codersdk/workspaceproxy.go
+++ b/codersdk/workspaceproxy.go
@@ -39,10 +39,10 @@ type WorkspaceProxyStatus struct {
 // A healthy report will have no errors. Warnings are not fatal.
 type ProxyHealthReport struct {
 	// Errors are problems that prevent the workspace proxy from being healthy
-	Errors []string
+	Errors []string `json:"errors"`
 	// Warnings do not prevent the workspace proxy from being healthy, but
 	// should be addressed.
-	Warnings []string
+	Warnings []string `json:"warnings"`
 }
 
 type WorkspaceProxy struct {
diff --git a/enterprise/wsproxy/wsproxy.go b/enterprise/wsproxy/wsproxy.go
index 706ec971d2..508167550d 100644
--- a/enterprise/wsproxy/wsproxy.go
+++ b/enterprise/wsproxy/wsproxy.go
@@ -229,7 +229,7 @@ func New(ctx context.Context, opts *Options) (*Server, error) {
 		s.AppServer.Attach(r)
 	})
 
-	r.Get("/buildinfo", s.buildInfo)
+	r.Get("/api/v2/buildinfo", s.buildInfo)
 	r.Get("/healthz", func(w http.ResponseWriter, r *http.Request) { _, _ = w.Write([]byte("OK")) })
 	// TODO: @emyrk should this be authenticated or debounced?
 	r.Get("/healthz-report", s.healthReport)
diff --git a/scripts/linux-pkg/coder-workspace-proxy.service b/scripts/linux-pkg/coder-workspace-proxy.service
new file mode 100644
index 0000000000..eb663233bb
--- /dev/null
+++ b/scripts/linux-pkg/coder-workspace-proxy.service
@@ -0,0 +1,31 @@
+[Unit]
+Description="Coder - external workspace proxy server"
+Documentation=https://coder.com/docs/coder-oss
+Requires=network-online.target
+After=network-online.target
+ConditionFileNotEmpty=/etc/coder.d/coder-proxy.env
+StartLimitIntervalSec=60
+StartLimitBurst=3
+
+[Service]
+Type=notify
+EnvironmentFile=/etc/coder.d/coder-proxy.env
+User=coder
+Group=coder
+ProtectSystem=full
+PrivateTmp=yes
+PrivateDevices=yes
+SecureBits=keep-caps
+AmbientCapabilities=CAP_IPC_LOCK CAP_NET_BIND_SERVICE
+CacheDirectory=coder
+CapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK CAP_NET_BIND_SERVICE
+KillSignal=SIGINT
+KillMode=mixed
+NoNewPrivileges=yes
+ExecStart=/usr/bin/coder proxy server
+Restart=on-failure
+RestartSec=5
+TimeoutStopSec=90
+
+[Install]
+WantedBy=multi-user.target
diff --git a/coder.service b/scripts/linux-pkg/coder.service
similarity index 100%
rename from coder.service
rename to scripts/linux-pkg/coder.service
diff --git a/scripts/nfpm.yaml b/scripts/linux-pkg/nfpm.yaml
similarity index 87%
rename from scripts/nfpm.yaml
rename to scripts/linux-pkg/nfpm.yaml
index 528dc817c3..c075b569e3 100644
--- a/scripts/nfpm.yaml
+++ b/scripts/linux-pkg/nfpm.yaml
@@ -25,3 +25,5 @@ contents:
     type: "config|noreplace"
   - src: coder.service
     dst: /usr/lib/systemd/system/coder.service
+  - src: coder-proxy.service
+    dst: /usr/lib/systemd/system/coder-proxy.service
diff --git a/preinstall.sh b/scripts/linux-pkg/preinstall.sh
similarity index 100%
rename from preinstall.sh
rename to scripts/linux-pkg/preinstall.sh
diff --git a/scripts/package.sh b/scripts/package.sh
index dcd5614ae1..8afbf5d608 100755
--- a/scripts/package.sh
+++ b/scripts/package.sh
@@ -84,9 +84,10 @@ cdroot
 temp_dir="$(TMPDIR="$(dirname "$input_file")" mktemp -d)"
 ln "$input_file" "$temp_dir/coder"
 ln "$(realpath coder.env)" "$temp_dir/"
-ln "$(realpath coder.service)" "$temp_dir/"
-ln "$(realpath preinstall.sh)" "$temp_dir/"
-ln "$(realpath scripts/nfpm.yaml)" "$temp_dir/"
+ln "$(realpath scripts/linux-pkg/coder-workspace-proxy.service)" "$temp_dir/"
+ln "$(realpath scripts/linux-pkg/coder.service)" "$temp_dir/"
+ln "$(realpath scripts/linux-pkg/nfpm.yaml)" "$temp_dir/"
+ln "$(realpath scripts/linux-pkg/preinstall.sh)" "$temp_dir/"
 
 pushd "$temp_dir"
 GOARCH="$arch" CODER_VERSION="$version" nfpm package \
diff --git a/site/src/api/typesGenerated.ts b/site/src/api/typesGenerated.ts
index 6c3e7f0cea..07d9030a1a 100644
--- a/site/src/api/typesGenerated.ts
+++ b/site/src/api/typesGenerated.ts
@@ -692,8 +692,8 @@ export interface ProvisionerJobLog {
 
 // From codersdk/workspaceproxy.go
 export interface ProxyHealthReport {
-  readonly Errors: string[]
-  readonly Warnings: string[]
+  readonly errors: string[]
+  readonly warnings: string[]
 }
 
 // From codersdk/workspaces.go