Merge branch 'main' into chromatic-playwright

2024-04-30 18:08:36 +00:00 · 2024-04-30 18:08:36 +00:00 · 6ae522927f
parent 105482b839 3ff9cef498
commit 6ae522927f
15 changed files with 202 additions and 35 deletions
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@ -924,7 +924,8 @@ jobs:
        uses: actions/checkout@v4
      - name: "Dependency Review"
        id: review
-        uses: actions/dependency-review-action@v4
+        # TODO: Replace this with the latest release once https://github.com/actions/dependency-review-action/pull/761 is merged.
+        uses: actions/dependency-review-action@49fbbe0acb033b7824f26d00b005d7d598d76301
        with:
          allow-licenses: Apache-2.0, BSD-2-Clause, BSD-3-Clause, CC0-1.0, ISC, MIT, MIT-0, MPL-2.0
          allow-dependencies-licenses: "pkg:golang/github.com/pelletier/go-toml/v2"
--- a/coderd/coderd.go
+++ b/coderd/coderd.go
@ -436,6 +436,15 @@ func New(options *Options) *API {

 	api.AppearanceFetcher.Store(&appearance.DefaultFetcher)
 	api.PortSharer.Store(&portsharing.DefaultPortSharer)
+	buildInfo := codersdk.BuildInfoResponse{
+		ExternalURL:     buildinfo.ExternalURL(),
+		Version:         buildinfo.Version(),
+		AgentAPIVersion: AgentAPIVersionREST,
+		DashboardURL:    api.AccessURL.String(),
+		WorkspaceProxy:  false,
+		UpgradeMessage:  api.DeploymentValues.CLIUpgradeMessage.String(),
+		DeploymentID:    api.DeploymentID,
+	}
 	api.SiteHandler = site.New(&site.Options{
 		BinFS:             binFS,
 		BinHashes:         binHashes,
@ -444,6 +453,7 @@ func New(options *Options) *API {
 		OAuth2Configs:     oauthConfigs,
 		DocsURL:           options.DeploymentValues.DocsURL.String(),
 		AppearanceFetcher: &api.AppearanceFetcher,
+		BuildInfo:         buildInfo,
 	})
 	api.SiteHandler.Experiments.Store(&experiments)

@ -735,7 +745,7 @@ func New(options *Options) *API {
 		// All CSP errors will be logged
 		r.Post("/csp/reports", api.logReportCSPViolations)

-		r.Get("/buildinfo", buildInfo(api.AccessURL, api.DeploymentValues.CLIUpgradeMessage.String(), api.DeploymentID))
+		r.Get("/buildinfo", buildInfoHandler(buildInfo))
 		// /regions is overridden in the enterprise version
 		r.Group(func(r chi.Router) {
 			r.Use(apiKeyMiddleware)
--- a/coderd/deployment.go
+++ b/coderd/deployment.go
@ -2,9 +2,7 @@ package coderd

 import (
 	"net/http"
-	"net/url"

-	"github.com/coder/coder/v2/buildinfo"
 	"github.com/coder/coder/v2/coderd/httpapi"
 	"github.com/coder/coder/v2/coderd/rbac"
 	"github.com/coder/coder/v2/codersdk"
@ -68,17 +66,10 @@ func (api *API) deploymentStats(rw http.ResponseWriter, r *http.Request) {
 // @Tags General
 // @Success 200 {object} codersdk.BuildInfoResponse
 // @Router /buildinfo [get]
-func buildInfo(accessURL *url.URL, upgradeMessage, deploymentID string) http.HandlerFunc {
+func buildInfoHandler(resp codersdk.BuildInfoResponse) http.HandlerFunc {
+	// This is in a handler so that we can generate API docs info.
 	return func(rw http.ResponseWriter, r *http.Request) {
-		httpapi.Write(r.Context(), rw, http.StatusOK, codersdk.BuildInfoResponse{
-			ExternalURL:     buildinfo.ExternalURL(),
-			Version:         buildinfo.Version(),
-			AgentAPIVersion: AgentAPIVersionREST,
-			DashboardURL:    accessURL.String(),
-			WorkspaceProxy:  false,
-			UpgradeMessage:  upgradeMessage,
-			DeploymentID:    deploymentID,
-		})
+		httpapi.Write(r.Context(), rw, http.StatusOK, resp)
 	}
 }

--- a/coderd/externalauth/externalauth.go
+++ b/coderd/externalauth/externalauth.go
@ -563,6 +563,9 @@ func applyDefaultsToConfig(config *codersdk.ExternalAuthConfig) {

 	// Dynamic defaults
 	switch codersdk.EnhancedExternalAuthProvider(config.Type) {
+	case codersdk.EnhancedExternalAuthProviderGitLab:
+		copyDefaultSettings(config, gitlabDefaults(config))
+		return
 	case codersdk.EnhancedExternalAuthProviderBitBucketServer:
 		copyDefaultSettings(config, bitbucketServerDefaults(config))
 		return
@ -667,6 +670,44 @@ func bitbucketServerDefaults(config *codersdk.ExternalAuthConfig) codersdk.Exter
 	return defaults
 }

+// gitlabDefaults returns a static config if using the gitlab cloud offering.
+// The values are dynamic if using a self-hosted gitlab.
+// When the decision is not obvious, just defer to the cloud defaults.
+// Any user specific fields will override this if provided.
+func gitlabDefaults(config *codersdk.ExternalAuthConfig) codersdk.ExternalAuthConfig {
+	cloud := codersdk.ExternalAuthConfig{
+		AuthURL:     "https://gitlab.com/oauth/authorize",
+		TokenURL:    "https://gitlab.com/oauth/token",
+		ValidateURL: "https://gitlab.com/oauth/token/info",
+		DisplayName: "GitLab",
+		DisplayIcon: "/icon/gitlab.svg",
+		Regex:       `^(https?://)?gitlab\.com(/.*)?$`,
+		Scopes:      []string{"write_repository"},
+	}
+
+	if config.AuthURL == "" || config.AuthURL == cloud.AuthURL {
+		return cloud
+	}
+
+	au, err := url.Parse(config.AuthURL)
+	if err != nil || au.Host == "gitlab.com" {
+		// If the AuthURL is not a valid URL or is using the cloud,
+		// use the cloud static defaults.
+		return cloud
+	}
+
+	// At this point, assume it is self-hosted and use the AuthURL
+	return codersdk.ExternalAuthConfig{
+		DisplayName: cloud.DisplayName,
+		Scopes:      cloud.Scopes,
+		DisplayIcon: cloud.DisplayIcon,
+		AuthURL:     au.ResolveReference(&url.URL{Path: "/oauth/authorize"}).String(),
+		TokenURL:    au.ResolveReference(&url.URL{Path: "/oauth/token"}).String(),
+		ValidateURL: au.ResolveReference(&url.URL{Path: "/oauth/token/info"}).String(),
+		Regex:       fmt.Sprintf(`^(https?://)?%s(/.*)?$`, strings.ReplaceAll(au.Host, ".", `\.`)),
+	}
+}
+
 func jfrogArtifactoryDefaults(config *codersdk.ExternalAuthConfig) codersdk.ExternalAuthConfig {
 	defaults := codersdk.ExternalAuthConfig{
 		DisplayName: "JFrog Artifactory",
@ -789,15 +830,6 @@ var staticDefaults = map[codersdk.EnhancedExternalAuthProvider]codersdk.External
 		Regex:       `^(https?://)?bitbucket\.org(/.*)?$`,
 		Scopes:      []string{"account", "repository:write"},
 	},
-	codersdk.EnhancedExternalAuthProviderGitLab: {
-		AuthURL:     "https://gitlab.com/oauth/authorize",
-		TokenURL:    "https://gitlab.com/oauth/token",
-		ValidateURL: "https://gitlab.com/oauth/token/info",
-		DisplayName: "GitLab",
-		DisplayIcon: "/icon/gitlab.svg",
-		Regex:       `^(https?://)?gitlab\.com(/.*)?$`,
-		Scopes:      []string{"write_repository"},
-	},
 	codersdk.EnhancedExternalAuthProviderGitHub: {
 		AuthURL:     xgithub.Endpoint.AuthURL,
 		TokenURL:    xgithub.Endpoint.TokenURL,
--- a/coderd/externalauth/externalauth_internal_test.go
+++ b/coderd/externalauth/externalauth_internal_test.go
@ -8,6 +8,112 @@ import (
 	"github.com/coder/coder/v2/codersdk"
 )

+func TestGitlabDefaults(t *testing.T) {
+	t.Parallel()
+
+	// The default cloud setup. Copying this here as hard coded
+	// values.
+	cloud := codersdk.ExternalAuthConfig{
+		Type:        string(codersdk.EnhancedExternalAuthProviderGitLab),
+		ID:          string(codersdk.EnhancedExternalAuthProviderGitLab),
+		AuthURL:     "https://gitlab.com/oauth/authorize",
+		TokenURL:    "https://gitlab.com/oauth/token",
+		ValidateURL: "https://gitlab.com/oauth/token/info",
+		DisplayName: "GitLab",
+		DisplayIcon: "/icon/gitlab.svg",
+		Regex:       `^(https?://)?gitlab\.com(/.*)?$`,
+		Scopes:      []string{"write_repository"},
+	}
+
+	tests := []struct {
+		name           string
+		input          codersdk.ExternalAuthConfig
+		expected       codersdk.ExternalAuthConfig
+		mutateExpected func(*codersdk.ExternalAuthConfig)
+	}{
+		// Cloud
+		{
+			name: "OnlyType",
+			input: codersdk.ExternalAuthConfig{
+				Type: string(codersdk.EnhancedExternalAuthProviderGitLab),
+			},
+			expected: cloud,
+		},
+		{
+			// If someone was to manually configure the gitlab cli.
+			name: "CloudByConfig",
+			input: codersdk.ExternalAuthConfig{
+				Type:    string(codersdk.EnhancedExternalAuthProviderGitLab),
+				AuthURL: "https://gitlab.com/oauth/authorize",
+			},
+			expected: cloud,
+		},
+		{
+			// Changing some of the defaults of the cloud option
+			name: "CloudWithChanges",
+			input: codersdk.ExternalAuthConfig{
+				Type: string(codersdk.EnhancedExternalAuthProviderGitLab),
+				// Adding an extra query param intentionally to break simple
+				// string comparisons.
+				AuthURL:     "https://gitlab.com/oauth/authorize?foo=bar",
+				DisplayName: "custom",
+				Regex:       ".*",
+			},
+			expected: cloud,
+			mutateExpected: func(config *codersdk.ExternalAuthConfig) {
+				config.AuthURL = "https://gitlab.com/oauth/authorize?foo=bar"
+				config.DisplayName = "custom"
+				config.Regex = ".*"
+			},
+		},
+		// Self-hosted
+		{
+			// Dynamically figures out the Validate, Token, and Regex fields.
+			name: "SelfHostedOnlyAuthURL",
+			input: codersdk.ExternalAuthConfig{
+				Type:    string(codersdk.EnhancedExternalAuthProviderGitLab),
+				AuthURL: "https://gitlab.company.org/oauth/authorize?foo=bar",
+			},
+			expected: cloud,
+			mutateExpected: func(config *codersdk.ExternalAuthConfig) {
+				config.AuthURL = "https://gitlab.company.org/oauth/authorize?foo=bar"
+				config.ValidateURL = "https://gitlab.company.org/oauth/token/info"
+				config.TokenURL = "https://gitlab.company.org/oauth/token"
+				config.Regex = `^(https?://)?gitlab\.company\.org(/.*)?$`
+			},
+		},
+		{
+			// Strange values
+			name: "RandomValues",
+			input: codersdk.ExternalAuthConfig{
+				Type:        string(codersdk.EnhancedExternalAuthProviderGitLab),
+				AuthURL:     "https://auth.com/auth",
+				ValidateURL: "https://validate.com/validate",
+				TokenURL:    "https://token.com/token",
+				Regex:       "random",
+			},
+			expected: cloud,
+			mutateExpected: func(config *codersdk.ExternalAuthConfig) {
+				config.AuthURL = "https://auth.com/auth"
+				config.ValidateURL = "https://validate.com/validate"
+				config.TokenURL = "https://token.com/token"
+				config.Regex = `random`
+			},
+		},
+	}
+	for _, c := range tests {
+		c := c
+		t.Run(c.name, func(t *testing.T) {
+			t.Parallel()
+			applyDefaultsToConfig(&c.input)
+			if c.mutateExpected != nil {
+				c.mutateExpected(&c.expected)
+			}
+			require.Equal(t, c.input, c.expected)
+		})
+	}
+}
+
 func Test_bitbucketServerConfigDefaults(t *testing.T) {
 	t.Parallel()

--- a/dogfood/main.tf
+++ b/dogfood/main.tf
@ -157,7 +157,6 @@ resource "coder_agent" "dev" {
  os   = "linux"
  dir  = local.repo_dir
  env = {
-    GITHUB_TOKEN : data.coder_external_auth.github.access_token,
    OIDC_TOKEN : data.coder_workspace.me.owner_oidc_access_token,
  }
  startup_script_behavior = "blocking"
--- a/go.mod
+++ b/go.mod
@ -42,7 +42,7 @@ replace github.com/dlclark/regexp2 => github.com/dlclark/regexp2 v1.7.0

 // There are a few minor changes we make to Tailscale that we're slowly upstreaming. Compare here:
 // https://github.com/tailscale/tailscale/compare/main...coder:tailscale:main
-replace tailscale.com => github.com/coder/tailscale v1.1.1-0.20240401202854-d329bbdb530d
+replace tailscale.com => github.com/coder/tailscale v1.1.1-0.20240430122706-f586aa40c0c1

 // Fixes a race-condition in coder/wgtunnel.
 // Upstream PR: https://github.com/WireGuard/wireguard-go/pull/85
--- a/go.sum
+++ b/go.sum
@ -217,8 +217,8 @@ github.com/coder/serpent v0.7.0 h1:zGpD2GlF3lKIVkMjNGKbkip88qzd5r/TRcc30X/SrT0=
 github.com/coder/serpent v0.7.0/go.mod h1:REkJ5ZFHQUWFTPLExhXYZ1CaHFjxvGNRlLXLdsI08YA=
 github.com/coder/ssh v0.0.0-20231128192721-70855dedb788 h1:YoUSJ19E8AtuUFVYBpXuOD6a/zVP3rcxezNsoDseTUw=
 github.com/coder/ssh v0.0.0-20231128192721-70855dedb788/go.mod h1:aGQbuCLyhRLMzZF067xc84Lh7JDs1FKwCmF1Crl9dxQ=
-github.com/coder/tailscale v1.1.1-0.20240401202854-d329bbdb530d h1:IMvBC1GrCIiZFxpOYRQacZtdjnmsdWNAMilPz+kvdG4=
-github.com/coder/tailscale v1.1.1-0.20240401202854-d329bbdb530d/go.mod h1:L8tPrwSi31RAMEMV8rjb0vYTGs7rXt8rAHbqY/p41j4=
+github.com/coder/tailscale v1.1.1-0.20240430122706-f586aa40c0c1 h1:cu5YyztCk8FAOvP1sR3b/2D96EfvBAzKUu0B/Cqhg8U=
+github.com/coder/tailscale v1.1.1-0.20240430122706-f586aa40c0c1/go.mod h1:L8tPrwSi31RAMEMV8rjb0vYTGs7rXt8rAHbqY/p41j4=
 github.com/coder/terraform-provider-coder v0.21.0 h1:aoDmFJULYZpS66EIAZuNY4IxElaDkdRaWMWp9ScD2R8=
 github.com/coder/terraform-provider-coder v0.21.0/go.mod h1:hqxd15PJeftFBOnGBBPN6WfNQutZtnahwwPeV8U6TyA=
 github.com/coder/wgtunnel v0.1.13-0.20231127054351-578bfff9b92a h1:KhR9LUVllMZ+e9lhubZ1HNrtJDgH5YLoTvpKwmrGag4=
--- a/scripts/deploy-pr.sh
+++ b/scripts/deploy-pr.sh
@ -4,6 +4,9 @@
 # [#pr-deployments](https://codercom.slack.com/archives/C05DNE982E8) Slack channel

 set -euo pipefail
+# shellcheck source=scripts/lib.sh
+source "$(dirname "${BASH_SOURCE[0]}")/lib.sh"
+cdroot

 # default settings
 dryRun=false
@ -64,6 +67,9 @@ if $confirm; then
 	fi
 fi

+# Authenticate gh CLI
+gh_auth
+
 # get branch name and pr number
 branchName=$(gh pr view --json headRefName | jq -r .headRefName)
 prNumber=$(gh pr view --json number | jq -r .number)
--- a/scripts/lib.sh
+++ b/scripts/lib.sh
@ -130,6 +130,22 @@ requiredenvs() {
 	fi
 }

+gh_auth() {
+	local fail=0
+	if [[ "${CODER:-}" == "true" ]]; then
+		if ! output=$(coder external-auth access-token github 2>&1); then
+			log "ERROR: Could not authenticate with GitHub."
+			log "$output"
+			fail=1
+		else
+			GITHUB_TOKEN=$(coder external-auth access-token github)
+			export GITHUB_TOKEN
+		fi
+	else
+		log "Please authenticate gh CLI by running 'gh auth login'"
+	fi
+}
+
 # maybedryrun prints the given program and flags, and then, if the first
 # argument is 0, executes it. The reason the first argument should be 0 is that
 # it is expected that you have a dry_run variable in your script that is set to
--- a/scripts/release.sh
+++ b/scripts/release.sh
@ -113,6 +113,9 @@ done
 # Check dependencies.
 dependencies gh jq sort

+# Authenticate gh CLI
+gh_auth
+
 if [[ -z $increment ]]; then
 	# Default to patch versions.
 	increment="patch"
--- a/scripts/release/check_commit_metadata.sh
+++ b/scripts/release/check_commit_metadata.sh
@ -31,6 +31,9 @@ range="${from_ref}..${to_ref}"
 # Check dependencies.
 dependencies gh

+# Authenticate gh CLI
+gh_auth
+
 COMMIT_METADATA_BREAKING=0
 declare -a COMMIT_METADATA_COMMITS
 declare -A COMMIT_METADATA_TITLE COMMIT_METADATA_HUMAN_TITLE COMMIT_METADATA_CATEGORY COMMIT_METADATA_AUTHORS
@ -145,7 +148,6 @@ main() {
 			done
 		} | sort -t- -n | head -n 1
 	)
-
 	# Get the labels for all PRs merged since the last release, this is
 	# inexact based on date, so a few PRs part of the previous release may
 	# be included.
--- a/scripts/release/generate_release_notes.sh
+++ b/scripts/release/generate_release_notes.sh
@ -57,6 +57,9 @@ done
 # Check dependencies.
 dependencies gh sort

+# Authticate gh CLI
+gh_auth
+
 if [[ -z ${old_version} ]]; then
 	error "No old version specified"
 fi
--- a/scripts/release/publish.sh
+++ b/scripts/release/publish.sh
@ -71,6 +71,9 @@ done
 # Check dependencies
 dependencies gh

+# Authenticate gh CLI
+gh_auth
+
 # Remove the "v" prefix.
 version="${version#v}"
 if [[ "$version" == "" ]]; then
--- a/site/site.go
+++ b/site/site.go
@ -34,7 +34,6 @@ import (
 	"golang.org/x/sync/singleflight"
 	"golang.org/x/xerrors"

-	"github.com/coder/coder/v2/buildinfo"
 	"github.com/coder/coder/v2/coderd/appearance"
 	"github.com/coder/coder/v2/coderd/database"
 	"github.com/coder/coder/v2/coderd/database/db2sdk"
@ -78,6 +77,7 @@ type Options struct {
 	SiteFS            fs.FS
 	OAuth2Configs     *httpmw.OAuth2Configs
 	DocsURL           string
+	BuildInfo         codersdk.BuildInfoResponse
 	AppearanceFetcher *atomic.Pointer[appearance.Fetcher]
 }

@ -149,12 +149,7 @@ func New(opts *Options) *Handler {
 			// static files.
 			OnlyFiles(opts.SiteFS))),
 	)
-
-	buildInfo := codersdk.BuildInfoResponse{
-		ExternalURL: buildinfo.ExternalURL(),
-		Version:     buildinfo.Version(),
-	}
-	buildInfoResponse, err := json.Marshal(buildInfo)
+	buildInfoResponse, err := json.Marshal(opts.BuildInfo)
 	if err != nil {
 		panic("failed to marshal build info: " + err.Error())
 	}