selfhosted
/
coder
mirror of https://github.com/coder/coder.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

chore: Improve project-wide prettier formatting and ignored files (#5505) 

* chore: Improve project-wide prettier formatting and ignored files

* chore: `Run make fmt/prettier`

* Fix gitignore for `.vscode` folder so that ! works

* Add comment in `.prettierrc.yaml` to explain `.editorconfig`

* Remove scripts/apidocgen/markdown-template/README.md

* Use `yq` for processing prettierrc, update lib.sh dependency check

* Add `yq` to Dockerfile and Nix
This commit is contained in:
Mathias Fredriksson 2023-01-03 15:11:13 +02:00 committed by GitHub
parent 5435bceaf0
commit 856f0ab6f5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
34 changed files with 784 additions and 567 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
.devcontainer/Dockerfile
View File

@ -6,27 +6,27 @@ ENV EDITOR=vim
RUN apt-get update && apt-get upgrade --yes
RUN apt-get install --yes \
ca-certificates \
bash-completion \
build-essential \
curl \
cmake \
direnv \
emacs-nox \
gnupg \
htop \
jq \
less \
lsb-release \
lsof \
man-db \
nano \
neovim \
ssl-cert \
sudo \
unzip \
xz-utils \
zip
ca-certificates \
bash-completion \
build-essential \
curl \
cmake \
direnv \
emacs-nox \
gnupg \
htop \
jq \
less \
lsb-release \
lsof \
man-db \
nano \
neovim \
ssl-cert \
sudo \
unzip \
xz-utils \
zip
# configure locales to UTF8
RUN apt-get install locales && locale-gen en_US.UTF-8
@ -39,22 +39,22 @@ RUN direnv hook bash >> $HOME/.bashrc
RUN sh <(curl -L https://nixos.org/nix/install) --daemon
RUN mkdir -p $HOME/.config/nix $HOME/.config/nixpkgs \
&& echo 'sandbox = false' >> $HOME/.config/nix/nix.conf \
&& echo '{ allowUnfree = true; }' >> $HOME/.config/nixpkgs/config.nix \
&& echo '. $HOME/.nix-profile/etc/profile.d/nix.sh' >> $HOME/.bashrc
&& echo 'sandbox = false' >> $HOME/.config/nix/nix.conf \
&& echo '{ allowUnfree = true; }' >> $HOME/.config/nixpkgs/config.nix \
&& echo '. $HOME/.nix-profile/etc/profile.d/nix.sh' >> $HOME/.bashrc
# install docker and configure daemon to use vfs as GitHub codespaces requires vfs
# https://github.com/moby/moby/issues/13742#issuecomment-725197223
RUN mkdir -p /etc/apt/keyrings \
&& curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg \
&& echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null \
&& apt-get update \
&& apt-get install --yes docker-ce docker-ce-cli containerd.io docker-compose-plugin \
&& mkdir -p /etc/docker \
&& echo '{"cgroup-parent":"/actions_job","storage-driver":"vfs"}' >> /etc/docker/daemon.json
&& curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg \
&& echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null \
&& apt-get update \
&& apt-get install --yes docker-ce docker-ce-cli containerd.io docker-compose-plugin \
&& mkdir -p /etc/docker \
&& echo '{"cgroup-parent":"/actions_job","storage-driver":"vfs"}' >> /etc/docker/daemon.json
# install golang and language tooling
ENV GO_VERSION=1.19
@ -67,6 +67,7 @@ RUN echo 'export PATH=$GOPATH/bin:$PATH' >> $HOME/.bashrc
RUN bash -c ". $HOME/.bashrc \
go install -v golang.org/x/tools/gopls@latest \
&& go install -v mvdan.cc/sh/v3/cmd/shfmt@latest \
&& go install -v github.com/mikefarah/yq/v4@v4.30.6 \
"
# install nodejs
@ -80,4 +81,3 @@ RUN bash -c "$(curl -fsSL https://raw.githubusercontent.com/horta/zstd.install/m
RUN echo 'deb [trusted=yes] https://repo.goreleaser.com/apt/ /' | sudo tee /etc/apt/sources.list.d/goreleaser.list \
&& apt update \
&& apt install nfpm

28
.devcontainer/devcontainer.json
View File

@ -1,18 +1,24 @@
// For format details, see https://aka.ms/devcontainer.json
{
"name": "Development environments on your infrastructure",
"name": "Development environments on your infrastructure",
// Sets the run context to one level up instead of the .devcontainer folder.
"context": ".",
// Sets the run context to one level up instead of the .devcontainer folder.
"context": ".",
// Update the 'dockerFile' property if you aren't using the standard 'Dockerfile' filename.
"dockerFile": "Dockerfile",
// Update the 'dockerFile' property if you aren't using the standard 'Dockerfile' filename.
"dockerFile": "Dockerfile",
// Use 'forwardPorts' to make a list of ports inside the container available locally.
// "forwardPorts": [],
"postStartCommand": "dockerd",
// Use 'forwardPorts' to make a list of ports inside the container available locally.
// "forwardPorts": [],
// privileged is required by GitHub codespaces - https://github.com/microsoft/vscode-dev-containers/issues/727
"runArgs": [ "--cap-add=SYS_PTRACE", "--security-opt", "seccomp=unconfined", "--privileged", "--init" ]
"postStartCommand": "dockerd",
// privileged is required by GitHub codespaces - https://github.com/microsoft/vscode-dev-containers/issues/727
"runArgs": [
"--cap-add=SYS_PTRACE",
"--security-opt",
"seccomp=unconfined",
"--privileged",
"--init"
]
}

2
.editorconfig
View File

@ -7,7 +7,7 @@ trim_trailing_whitespace = true
insert_final_newline = true
indent_style = tab
[*.{md,json,yaml,yml,tf,tfvars}]
[*.{md,json,yaml,yml,tf,tfvars,nix}]
indent_style = space
indent_size = 2

4
.github/dependabot.yaml vendored
View File

@ -38,7 +38,7 @@ updates:
# Ignore patch updates for all dependencies
- dependency-name: "*"
update-types:
- version-update:semver-patch
- version-update:semver-patch
- package-ecosystem: "npm"
directory: "/site/"
@ -53,7 +53,7 @@ updates:
# Ignore patch updates for all dependencies
- dependency-name: "*"
update-types:
- version-update:semver-patch
- version-update:semver-patch
# Ignore major updates to Node.js types, because they need to
# correspond to the Node.js engine version
- dependency-name: "@types/node"

14
.github/workflows/cla.yaml vendored
View File

@ -3,7 +3,7 @@ on:
issue_comment:
types: [created]
pull_request_target:
types: [opened,closed,synchronize]
types: [opened, closed, synchronize]
jobs:
CLAssistant:
@ -15,12 +15,12 @@ jobs:
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# the below token should have repo scope and must be manually added by you in the repository's secret
PERSONAL_ACCESS_TOKEN : ${{ secrets.CDRCOMMUNITY_GITHUB_TOKEN }}
PERSONAL_ACCESS_TOKEN: ${{ secrets.CDRCOMMUNITY_GITHUB_TOKEN }}
with:
remote-organization-name: 'coder'
remote-repository-name: 'cla'
path-to-signatures: 'v2022-09-04/signatures.json'
path-to-document: 'https://github.com/coder/cla/blob/main/README.md'
remote-organization-name: "coder"
remote-repository-name: "cla"
path-to-signatures: "v2022-09-04/signatures.json"
path-to-document: "https://github.com/coder/cla/blob/main/README.md"
# branch should not be protected
branch: 'main'
branch: "main"
allowlist: dependabot*

20
.github/workflows/coder.yaml vendored
View File

@ -222,6 +222,8 @@ jobs:
run: go install storj.io/drpc/cmd/protoc-gen-go-drpc@v0.0.26
- name: Install goimports
run: go install golang.org/x/tools/cmd/goimports@latest
- name: Install yq
run: go run github.com/mikefarah/yq/v4@v4.30.6
- name: Install Protoc
run: |
@ -736,18 +738,18 @@ jobs:
markdown-link-check:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@master
# For the main branch:
- if: github.ref == 'refs/heads/main' && !github.event.pull_request.head.repo.fork
uses: gaurav-nelson/github-action-markdown-link-check@v1
with:
- uses: actions/checkout@master
# For the main branch:
- if: github.ref == 'refs/heads/main' && !github.event.pull_request.head.repo.fork
uses: gaurav-nelson/github-action-markdown-link-check@v1
with:
use-quiet-mode: yes
use-verbose-mode: yes
config-file: .github/workflows/mlc_config.json
# For pull requests:
- if: github.ref != 'refs/heads/main' || github.event.pull_request.head.repo.fork
uses: gaurav-nelson/github-action-markdown-link-check@v1
with:
# For pull requests:
- if: github.ref != 'refs/heads/main' || github.event.pull_request.head.repo.fork
uses: gaurav-nelson/github-action-markdown-link-check@v1
with:
use-quiet-mode: yes
use-verbose-mode: yes
check-modified-files-only: yes

40
.github/workflows/mlc_config.json vendored
View File

@ -1,22 +1,22 @@
{
"ignorePatterns": [
{
"pattern": ":\/\/localhost"
},
{
"pattern": ":\/\/.*.?example\\.com"
},
{
"pattern": "developer.github.com"
},
{
"pattern": "docs.github.com"
},
{
"pattern": "support.google.com"
},
{
"pattern": "tailscale.com"
}
]
"ignorePatterns": [
{
"pattern": "://localhost"
},
{
"pattern": "://.*.?example\\.com"
},
{
"pattern": "developer.github.com"
},
{
"pattern": "docs.github.com"
},
{
"pattern": "support.google.com"
},
{
"pattern": "tailscale.com"
}
]
}

2
.github/workflows/release.yaml vendored
View File

@ -176,7 +176,7 @@ jobs:
service_account: ${{ secrets.GCP_SERVICE_ACCOUNT }}
- name: Setup GCloud SDK
uses: 'google-github-actions/setup-gcloud@v1'
uses: "google-github-actions/setup-gcloud@v1"
- name: Publish Helm Chart
run: |

4
.github/workflows/stale.yaml vendored
View File

@ -15,8 +15,8 @@ jobs:
# https://github.com/actions/stale/pull/775
- uses: actions/stale@v6.0.0
with:
stale-issue-label: 'stale'
stale-pr-label: 'stale'
stale-issue-label: "stale"
stale-pr-label: "stale"
# Pull Requests become stale more quickly due to merge conflicts.
# Also, we promote minimizing WIP.
days-before-pr-stale: 7

4
.github/workflows/welcome.yaml vendored
View File

@ -11,8 +11,8 @@ jobs:
- uses: wow-actions/welcome@v1
with:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
FIRST_PR_REACTIONS: '+1, hooray, rocket, heart'
FIRST_PR_REACTIONS: "+1, hooray, rocket, heart"
FIRST_PR_COMMENT: |
👋 Welcome @{{ author }} to Coder! Yo @coder/docs this is @{{ author }}'s first pull-request here!
👋 Welcome @{{ author }} to Coder! Yo @coder/docs this is @{{ author }}'s first pull-request here!
FIRST_PR_MERGED: |
🎉 Thanks for the contribution @{{ author }}! Yo @coder/docs @{{ author }}'s first contribution has been merged! 👀👀👀

56
.gitignore vendored
View File

@ -1,40 +1,33 @@
###############################################################################
# NOTICE #
# If you change this file, kindly copy-pasta your change into .prettierignore #
# and .eslintignore as well. See the following discussions to understand why #
# we have to resort to this duplication (at least for now): #
# #
# https://github.com/prettier/prettier/issues/8048 #
# https://github.com/prettier/prettier/issues/8506 #
# https://github.com/prettier/prettier/issues/8679 #
###############################################################################
node_modules
vendor
# Common ignore patterns, these rules applies in both root and subdirectories.
.DS_Store
.eslintcache
yarn-error.log
.gitpod.yml
.idea
**/*.swp
gotests.coverage
gotests.xml
gotestsum.json
.idea
.gitpod.yml
.DS_Store
node_modules/
vendor/
yarn-error.log
# VSCode settings.
**/.vscode/*
# Allow VSCode recommendations and default settings in project root.
!/.vscode/extensions.json
!/.vscode/settings.json
# Front-end ignore patterns.
.next/
site/**/*.typegen.ts
site/build-storybook.log
site/coverage/
site/storybook-static/
site/test-results/
# Make target for updating golden files.
cli/testdata/.gen-golden
# Front-end ignore
.next/
site/.eslintcache
site/.next/
site/node_modules/
site/storybook-static/
site/test-results/
site/yarn-error.log
coverage/
site/**/*.typegen.ts
site/build-storybook.log
# Build
/build/
/dist/
@ -46,10 +39,7 @@ site/out/
*.lock.hcl
.terraform/
.vscode/*.log
.vscode/launch.json
**/*.swp
.coderv2/*
/.coderv2/*
**/__debug_bin
# direnv

2
.golangci.yaml
View File

@ -103,7 +103,7 @@ linters-settings:
settings:
ruleguard:
failOn: all
rules: '${configDir}/scripts/rules.go'
rules: "${configDir}/scripts/rules.go"
staticcheck:
# https://staticcheck.io/docs/options#checks

60
.prettierignore Normal file
View File

@ -0,0 +1,60 @@
# Code generated by Makefile (.gitignore .prettierignore.include). DO NOT EDIT.
# .gitignore:
# Common ignore patterns, these rules applies in both root and subdirectories.
.DS_Store
.eslintcache
.gitpod.yml
.idea
**/*.swp
gotests.coverage
gotests.xml
gotestsum.json
node_modules/
vendor/
yarn-error.log
# VSCode settings.
**/.vscode/*
# Allow VSCode recommendations and default settings in project root.
!/.vscode/extensions.json
!/.vscode/settings.json
# Front-end ignore patterns.
.next/
site/**/*.typegen.ts
site/build-storybook.log
site/coverage/
site/storybook-static/
site/test-results/
# Make target for updating golden files.
cli/testdata/.gen-golden
# Build
/build/
/dist/
site/out/
*.tfstate
*.tfstate.backup
*.tfplan
*.lock.hcl
.terraform/
/.coderv2/*
**/__debug_bin
# direnv
.envrc
# .prettierignore.include:
# Helm templates contain variables that are invalid YAML and can't be formatted
# by Prettier.
helm/templates/*.yaml
# Terraform state files used in tests, these are automatically generated.
# Example: provisioner/terraform/testdata/instance-id/instance-id.tfstate.json
**/testdata/**/*.tf*.json
# Testdata shouldn't be formatted.
scripts/apitypings/testdata/**/*.ts

10
.prettierignore.include Normal file
View File

@ -0,0 +1,10 @@
# Helm templates contain variables that are invalid YAML and can't be formatted
# by Prettier.
helm/templates/*.yaml
# Terraform state files used in tests, these are automatically generated.
# Example: provisioner/terraform/testdata/instance-id/instance-id.tfstate.json
**/testdata/**/*.tf*.json
# Testdata shouldn't be formatted.
scripts/apitypings/testdata/**/*.ts

16
.prettierrc.yaml Normal file
View File

@ -0,0 +1,16 @@
# This config file is used in conjunction with `.editorconfig` to specify
# formatting for prettier-supported files. See `.editorconfig` and
# `site/.editorconfig`for whitespace formatting options.
printWidth: 80
semi: false
trailingComma: all
overrides:
- files:
- README.md
options:
proseWrap: preserve
- files:
- "site/**/*.yaml"
- "site/**/*.yml"
options:
proseWrap: always

91
Makefile
View File

@ -369,9 +369,9 @@ fmt/prettier:
cd site
# Avoid writing files in CI to reduce file write activity
ifdef CI
yarn run format:check . ../*.md ../docs
yarn run format:check
else
yarn run format:write . ../*.md ../docs
yarn run format:write
endif
.PHONY: fmt/prettier
@ -411,13 +411,31 @@ gen: \
provisionerd/proto/provisionerd.pb.go \
site/src/api/typesGenerated.ts \
docs/admin/prometheus.md \
coderd/apidoc/swagger.json
coderd/apidoc/swagger.json \
.prettierignore.include \
.prettierignore \
site/.prettierrc.yaml \
site/.prettierignore \
site/.eslintignore
.PHONY: gen
# Mark all generated files as fresh so make thinks they're up-to-date. This is
# used during releases so we don't run generation scripts.
gen/mark-fresh:
files="coderd/database/dump.sql coderd/database/querier.go provisionersdk/proto/provisioner.pb.go provisionerd/proto/provisionerd.pb.go site/src/api/typesGenerated.ts docs/admin/prometheus.md coderd/apidoc/swagger.json"
files="\
coderd/database/dump.sql \
coderd/database/querier.go \
provisionersdk/proto/provisioner.pb.go \
provisionerd/proto/provisionerd.pb.go \
site/src/api/typesGenerated.ts \
docs/admin/prometheus.md \
coderd/apidoc/swagger.json \
.prettierignore.include \
.prettierignore \
site/.prettierrc.yaml \
site/.prettierignore \
site/.eslintignore \
"
for file in $$files; do
echo "$$file"
if [ ! -f "$$file" ]; then
@ -463,21 +481,80 @@ site/src/api/typesGenerated.ts: scripts/apitypings/main.go $(shell find ./coders
docs/admin/prometheus.md: scripts/metricsdocgen/main.go scripts/metricsdocgen/metrics
go run scripts/metricsdocgen/main.go
cd site
yarn run format:write ../docs/admin/prometheus.md
yarn run format:write:only ../docs/admin/prometheus.md
coderd/apidoc/swagger.json: $(shell find ./scripts/apidocgen -not \( -path './scripts/apidocgen/node_modules' -prune \) -type f) $(wildcard coderd/*.go) $(wildcard codersdk/*.go)
./scripts/apidocgen/generate.sh
cd site
yarn run format:write ../docs/api ../docs/manifest.json ../coderd/apidoc/swagger.json
yarn run format:write:only ../docs/api ../docs/manifest.json ../coderd/apidoc/swagger.json
update-golden-files: cli/testdata/.gen-golden
.PHONY: update-golden-files
cli/testdata/.gen-golden: $(wildcard cli/testdata/*.golden) $(GO_SRC_FILES)
go test ./cli -run=TestCommandHelp -update
touch "$@"
# Generate a prettierrc for the site package that uses relative paths for
# overrides. This allows us to share the same prettier config between the
# site and the root of the repo.
site/.prettierrc.yaml: .prettierrc.yaml
. ./scripts/lib.sh
dependencies yq
echo "# Code generated by Makefile (../$<). DO NOT EDIT." > "$@"
echo "" >> "$@"
# Replace all listed override files with relative paths inside site/.
# - ./ -> ../
# - ./site -> ./
yq \
'.overrides[].files |= map(. | sub("^./"; "") | sub("^"; "../") | sub("../site/"; "./"))' \
"$<" >> "$@"
# Combine .gitignore with .prettierignore.include to generate .prettierignore.
.prettierignore: .gitignore .prettierignore.include
echo "# Code generated by Makefile ($^). DO NOT EDIT." > "$@"
echo "" >> "$@"
for f in $^; do
echo "# $${f}:" >> "$@"
cat "$$f" >> "$@"
done
# Generate ignore files based on gitignore into the site directory. We turn all
# rules into relative paths for the `site/` directory (where applicable),
# following the pattern format defined by git:
# https://git-scm.com/docs/gitignore#_pattern_format
#
# This is done for compatibility reasons, see:
# https://github.com/prettier/prettier/issues/8048
# https://github.com/prettier/prettier/issues/8506
# https://github.com/prettier/prettier/issues/8679
site/.eslintignore site/.prettierignore: .prettierignore Makefile
rm -f "$@"
touch "$@"
# Skip generated by header, inherit `.prettierignore` header as-is.
while read -r rule; do
# Remove leading ! if present to simplify rule, added back at the end.
tmp="$${rule#!}"
ignore="$${rule%"$$tmp"}"
rule="$$tmp"
case "$$rule" in
# Comments or empty lines (include).
\#*|'') ;;
# Generic rules (include).
\*\**) ;;
# Site prefixed rules (include).
site/*) rule="$${rule#site/}";;
./site/*) rule="$${rule#./site/}";;
# Rules that are non-generic and don't start with site (rewrite).
/*) rule=.."$$rule";;
*/?*) rule=../"$$rule";;
*) ;;
esac
echo "$${ignore}$${rule}" >> "$@"
done < "$<"
test: test-clean
gotestsum --debug -- -v -short ./...
.PHONY: test

2
cli/config/server.yaml
View File

@ -9,7 +9,7 @@ gitauth:
# Multiple providers are an Enterprise feature.
# Contact sales@coder.com for a license.
#
#
# If multiple providers are used, a unique "id"
# must be provided for each one.
# - id: example

36
coderd/rbac/README.md
View File

@ -5,7 +5,8 @@ Package `authz` implements AuthoriZation for Coder.
## Overview
Authorization defines what **permission** a **subject** has to perform **actions** to **objects**:
- **Permission** is binary: *yes* (allowed) or *no* (denied).
- **Permission** is binary: _yes_ (allowed) or _no_ (denied).
- **Subject** in this case is anything that implements interface `authz.Subject`.
- **Action** here is an enumerated list of actions, but we stick to `Create`, `Read`, `Update`, and `Delete` here.
- **Object** here is anything that implements `authz.Object`.
@ -22,6 +23,7 @@ A **permission** is always applied at a given **level**:
**Permissions** at a higher **level** always override permissions at a **lower** level.
The effect of a **permission** can be:
- **positive** (allows)
- **negative** (denies)
- **abstain** (neither allows or denies, not applicable)
@ -29,15 +31,14 @@ The effect of a **permission** can be:
**Negative** permissions **always** override **positive** permissions at the same level.
Both **negative** and **positive** permissions override **abstain** at the same level.
This can be represented by the following truth table, where Y represents *positive*, N represents *negative*, and _ represents *abstain*:
This can be represented by the following truth table, where Y represents _positive_, N represents _negative_, and \_ represents _abstain_:
| Action | Positive | Negative | Result |
|--------|----------|----------|--------|
| read | Y | _ | Y |
| ------ | -------- | -------- | ------ |
| read | Y | \_ | Y |
| read | Y | N | N |
| read | _ | _ | _ |
| read | _ | N | Y |
| read | \_ | \_ | \_ |
| read | \_ | N | Y |
## Permission Representation
@ -56,18 +57,17 @@ This can be represented by the following truth table, where Y represents *positi
## Roles
A *role* is a set of permissions. When evaluating a role's permission to form an action, all the relevant permissions for the role are combined at each level. Permissions at a higher level override permissions at a lower level.
A _role_ is a set of permissions. When evaluating a role's permission to form an action, all the relevant permissions for the role are combined at each level. Permissions at a higher level override permissions at a lower level.
The following table shows the per-level role evaluation.
Y indicates that the role provides positive permissions, N indicates the role provides negative permissions, and _ indicates the role does not provide positive or negative permissions. YN_ indicates that the value in the cell does not matter for the access result.
| Role (example) | Site | Org | User | Result |
|-----------------|------|-----|------|--------|
| site-admin | Y | YN_ | YN_ | Y |
| no-permission | N | YN_ | YN_ | N |
| org-admin | _ | Y | YN_ | Y |
| non-org-member | _ | N | YN_ | N |
| user | _ | _ | Y | Y |
| | _ | _ | N | N |
| unauthenticated | _ | _ | _ | N |
| Role (example) | Site | Org | User | Result |
| --------------- | ---- | ---- | ---- | ------ |
| site-admin | Y | YN\_ | YN\_ | Y |
| no-permission | N | YN\_ | YN\_ | N |
| org-admin | \_ | Y | YN\_ | Y |
| non-org-member | \_ | N | YN\_ | N |
| user | \_ | \_ | Y | Y |
| | \_ | \_ | N | N |
| unauthenticated | \_ | \_ | \_ | N |

392
dogfood/Dockerfile
View File

@ -13,8 +13,8 @@ RUN mkdir --parents /usr/local/go
# Boring Go is needed to build FIPS-compliant binaries.
RUN curl --silent --show-error --location \
"https://go.dev/dl/go${GO_VERSION}.linux-amd64.tar.gz" \
-o /usr/local/go.tar.gz
"https://go.dev/dl/go${GO_VERSION}.linux-amd64.tar.gz" \
-o /usr/local/go.tar.gz
RUN tar --extract --gzip --directory=/usr/local/go --file=/usr/local/go.tar.gz --strip-components=1
@ -23,52 +23,56 @@ ENV PATH=$PATH:/usr/local/go/bin
# Install Go utilities.
ARG GOPATH="/tmp/"
RUN mkdir --parents "$GOPATH" && \
# moq for Go tests.
go install github.com/matryer/moq@v0.2.3 && \
# swag for Swagger doc generation
go install github.com/swaggo/swag/cmd/swag@v1.7.4 && \
# go-swagger tool to generate the go coder api client
go install github.com/go-swagger/go-swagger/cmd/swagger@v0.28.0 && \
# goimports for updating imports
go install golang.org/x/tools/cmd/goimports@v0.1.7 && \
# protoc-gen-go is needed to build sysbox from source
go install google.golang.org/protobuf/cmd/protoc-gen-go@v1.26 && \
# drpc support for v2
go install storj.io/drpc/cmd/protoc-gen-go-drpc@v0.0.26 && \
# migrate for migration support for v2
go install github.com/golang-migrate/migrate/v4/cmd/migrate@v4.15.1 && \
# goreleaser for compiling v2 binaries
go install github.com/goreleaser/goreleaser@v1.6.1 && \
# Install the latest version of gopls for editors that support
# the language server protocol
go install golang.org/x/tools/gopls@latest && \
# gotestsum makes test output more readable
go install gotest.tools/gotestsum@v1.7.0 && \
# goveralls collects code coverage metrics from tests
# and sends to Coveralls
go install github.com/mattn/goveralls@v0.0.11 && \
# kind for running Kubernetes-in-Docker, needed for tests
go install sigs.k8s.io/kind@v0.10.0 && \
# helm-docs generates our Helm README based on a template and the
# charts and values files
go install github.com/norwoodj/helm-docs/cmd/helm-docs@v1.5.0 && \
# sqlc for Go code generation
go install github.com/kyleconroy/sqlc/cmd/sqlc@v1.10.0 && \
# gcr-cleaner-cli used by CI to prune unused images
go install github.com/sethvargo/gcr-cleaner/cmd/gcr-cleaner-cli@v0.5.1 && \
# ruleguard for checking custom rules, without needing to run all of
# golangci-lint. Check the go.mod in the release of golangci-lint that
# we're using for the version of go-critic that it embeds, then check
# the version of ruleguard in go-critic for that tag.
go install github.com/quasilyte/go-ruleguard/cmd/ruleguard@v0.3.13 && \
# go-fuzz for fuzzy testing. they don't publish releases so we rely on latest.
go install github.com/dvyukov/go-fuzz/go-fuzz@latest && \
go install github.com/dvyukov/go-fuzz/go-fuzz-build@latest && \
# go-releaser for building 'fat binaries' that work cross-platform
go install github.com/goreleaser/goreleaser@v1.6.1 && \
go install mvdan.cc/sh/v3/cmd/shfmt@latest && \
# nfpm is used with `make build` to make release packages
go install github.com/goreleaser/nfpm/v2/cmd/nfpm@v2.16.0
# moq for Go tests.
go install github.com/matryer/moq@v0.2.3 && \
# swag for Swagger doc generation
go install github.com/swaggo/swag/cmd/swag@v1.7.4 && \
# go-swagger tool to generate the go coder api client
go install github.com/go-swagger/go-swagger/cmd/swagger@v0.28.0 && \
# goimports for updating imports
go install golang.org/x/tools/cmd/goimports@v0.1.7 && \
# protoc-gen-go is needed to build sysbox from source
go install google.golang.org/protobuf/cmd/protoc-gen-go@v1.26 && \
# drpc support for v2
go install storj.io/drpc/cmd/protoc-gen-go-drpc@v0.0.26 && \
# migrate for migration support for v2
go install github.com/golang-migrate/migrate/v4/cmd/migrate@v4.15.1 && \
# goreleaser for compiling v2 binaries
go install github.com/goreleaser/goreleaser@v1.6.1 && \
# Install the latest version of gopls for editors that support
# the language server protocol
go install golang.org/x/tools/gopls@latest && \
# gotestsum makes test output more readable
go install gotest.tools/gotestsum@v1.7.0 && \
# goveralls collects code coverage metrics from tests
# and sends to Coveralls
go install github.com/mattn/goveralls@v0.0.11 && \
# kind for running Kubernetes-in-Docker, needed for tests
go install sigs.k8s.io/kind@v0.10.0 && \
# helm-docs generates our Helm README based on a template and the
# charts and values files
go install github.com/norwoodj/helm-docs/cmd/helm-docs@v1.5.0 && \
# sqlc for Go code generation
go install github.com/kyleconroy/sqlc/cmd/sqlc@v1.10.0 && \
# gcr-cleaner-cli used by CI to prune unused images
go install github.com/sethvargo/gcr-cleaner/cmd/gcr-cleaner-cli@v0.5.1 && \
# ruleguard for checking custom rules, without needing to run all of
# golangci-lint. Check the go.mod in the release of golangci-lint that
# we're using for the version of go-critic that it embeds, then check
# the version of ruleguard in go-critic for that tag.
go install github.com/quasilyte/go-ruleguard/cmd/ruleguard@v0.3.13 && \
# go-fuzz for fuzzy testing. they don't publish releases so we rely on latest.
go install github.com/dvyukov/go-fuzz/go-fuzz@latest && \
go install github.com/dvyukov/go-fuzz/go-fuzz-build@latest && \
# go-releaser for building 'fat binaries' that work cross-platform
go install github.com/goreleaser/goreleaser@v1.6.1 && \
go install mvdan.cc/sh/v3/cmd/shfmt@latest && \
# nfpm is used with `make build` to make release packages
go install github.com/goreleaser/nfpm/v2/cmd/nfpm@v2.16.0 && \
# yq v4 is used to process yaml files in coder v2. Conflicts with
# yq v3 used in v1.
go install github.com/mikefarah/yq/v4@v4.30.6 && \
mv /tmp/bin/yq /tmp/bin/yq4
FROM alpine:3.16 as proto
WORKDIR /tmp
@ -92,176 +96,176 @@ COPY files /
ARG DEBIAN_FRONTEND="noninteractive"
RUN apt-get update --quiet && apt-get install --yes \
apt-transport-https \
apt-utils \
bash \
bash-completion \
bats \
bind9-dnsutils \
build-essential \
ca-certificates \
cmake \
crypto-policies \
curl \
fd-find \
file \
git \
gnupg \
graphviz \
htop \
httpie \
inetutils-tools \
iproute2 \
iputils-ping \
iputils-tracepath \
jq \
language-pack-en \
less \
lsb-release \
man \
meld \
net-tools \
openjdk-11-jdk-headless \
openssh-server \
openssl \
pkg-config \
python3 \
python3-pip \
rsync \
shellcheck \
strace \
sudo \
tcptraceroute \
termshark \
traceroute \
vim \
wget \
xauth \
zip \
ncdu \
cargo \
asciinema \
zsh \
ansible \
neovim \
google-cloud-sdk \
google-cloud-sdk-datastore-emulator \
kubectl \
postgresql-13 \
containerd.io \
docker-ce \
docker-ce-cli \
packer \
terraform \
fish \
unzip \
zstd && \
# Delete package cache to avoid consuming space in layer
apt-get clean && \
# Configure FIPS-compliant policies
update-crypto-policies --set FIPS
apt-transport-https \
apt-utils \
bash \
bash-completion \
bats \
bind9-dnsutils \
build-essential \
ca-certificates \
cmake \
crypto-policies \
curl \
fd-find \
file \
git \
gnupg \
graphviz \
htop \
httpie \
inetutils-tools \
iproute2 \
iputils-ping \
iputils-tracepath \
jq \
language-pack-en \
less \
lsb-release \
man \
meld \
net-tools \
openjdk-11-jdk-headless \
openssh-server \
openssl \
pkg-config \
python3 \
python3-pip \
rsync \
shellcheck \
strace \
sudo \
tcptraceroute \
termshark \
traceroute \
vim \
wget \
xauth \
zip \
ncdu \
cargo \
asciinema \
zsh \
ansible \
neovim \
google-cloud-sdk \
google-cloud-sdk-datastore-emulator \
kubectl \
postgresql-13 \
containerd.io \
docker-ce \
docker-ce-cli \
packer \
terraform \
fish \
unzip \
zstd && \
# Delete package cache to avoid consuming space in layer
apt-get clean && \
# Configure FIPS-compliant policies
update-crypto-policies --set FIPS
# See https://github.com/cli/cli/issues/6175#issuecomment-1235984381 for proof
# the apt repository is unreliable
RUN curl -L https://github.com/cli/cli/releases/download/v2.14.7/gh_2.14.7_linux_amd64.deb -o gh.deb && \
dpkg -i gh.deb
dpkg -i gh.deb
# Install Lazygit
# See https://github.com/jesseduffield/lazygit#ubuntu
RUN LAZYGIT_VERSION=$(curl -s "https://api.github.com/repos/jesseduffield/lazygit/releases/latest" | grep '"tag_name":' | sed -E 's/.*"v*([^"]+)".*/\1/') && \
curl -Lo lazygit.tar.gz "https://github.com/jesseduffield/lazygit/releases/latest/download/lazygit_${LAZYGIT_VERSION}_Linux_x86_64.tar.gz" && \
tar xf lazygit.tar.gz -C /usr/local/bin lazygit
curl -Lo lazygit.tar.gz "https://github.com/jesseduffield/lazygit/releases/latest/download/lazygit_${LAZYGIT_VERSION}_Linux_x86_64.tar.gz" && \
tar xf lazygit.tar.gz -C /usr/local/bin lazygit
# Install frontend utilities
RUN apt-get update && \
# Node.js (from nodesource) and Yarn (from yarnpkg)
apt-get install --yes --quiet \
nodejs yarn \
# Install browsers for e2e testing
google-chrome-stable microsoft-edge-beta && \
# Pre-install system dependencies that Playwright needs. npx doesn't work here
# for some reason. See https://github.com/microsoft/playwright-cli/issues/136
npm i -g playwright@1.19.1 && playwright install-deps
# Node.js (from nodesource) and Yarn (from yarnpkg)
apt-get install --yes --quiet \
nodejs yarn \
# Install browsers for e2e testing
google-chrome-stable microsoft-edge-beta && \
# Pre-install system dependencies that Playwright needs. npx doesn't work here
# for some reason. See https://github.com/microsoft/playwright-cli/issues/136
npm i -g playwright@1.19.1 && playwright install-deps
# Ensure PostgreSQL binaries are in the users $PATH.
RUN update-alternatives --install /usr/local/bin/initdb initdb /usr/lib/postgresql/13/bin/initdb 100 && \
update-alternatives --install /usr/local/bin/postgres postgres /usr/lib/postgresql/13/bin/postgres 100
update-alternatives --install /usr/local/bin/postgres postgres /usr/lib/postgresql/13/bin/postgres 100
# Create links for injected dependencies
RUN ln --symbolic /var/tmp/coder/coder-cli/coder /usr/local/bin/coder && \
ln --symbolic /var/tmp/coder/code-server/bin/code-server /usr/local/bin/code-server
ln --symbolic /var/tmp/coder/code-server/bin/code-server /usr/local/bin/code-server
# Disable the PostgreSQL systemd service.
# Coder uses a custom timescale container to test the database instead.
RUN systemctl disable \
postgresql
postgresql
# Configure systemd services for CVMs
RUN systemctl enable \
docker \
ssh
docker \
ssh
# Install tools with published releases, where that is the
# preferred/recommended installation method.
ARG CLOUD_SQL_PROXY_VERSION=1.26.0 \
DIVE_VERSION=0.10.0 \
DOCKER_GCR_VERSION=2.1.0 \
GOLANGCI_LINT_VERSION=1.48.0 \
GRYPE_VERSION=0.24.0 \
HELM_VERSION=3.8.0 \
KUBE_LINTER_VERSION=0.2.5 \
KUBECTX_VERSION=0.9.4 \
STRIPE_VERSION=1.7.4 \
TERRAGRUNT_VERSION=0.34.1 \
TRIVY_VERSION=0.23.0
DIVE_VERSION=0.10.0 \
DOCKER_GCR_VERSION=2.1.0 \
GOLANGCI_LINT_VERSION=1.48.0 \
GRYPE_VERSION=0.24.0 \
HELM_VERSION=3.8.0 \
KUBE_LINTER_VERSION=0.2.5 \
KUBECTX_VERSION=0.9.4 \
STRIPE_VERSION=1.7.4 \
TERRAGRUNT_VERSION=0.34.1 \
TRIVY_VERSION=0.23.0
# cloud_sql_proxy, for connecting to cloudsql instances
# the upstream go.mod prevents this from being installed with go install
RUN curl --silent --show-error --location --output /usr/local/bin/cloud_sql_proxy "https://storage.googleapis.com/cloudsql-proxy/v${CLOUD_SQL_PROXY_VERSION}/cloud_sql_proxy.linux.amd64" && \
chmod a=rx /usr/local/bin/cloud_sql_proxy && \
# dive for scanning image layer utilization metrics in CI
curl --silent --show-error --location "https://github.com/wagoodman/dive/releases/download/v${DIVE_VERSION}/dive_${DIVE_VERSION}_linux_amd64.tar.gz" | \
tar --extract --gzip --directory=/usr/local/bin --file=- dive && \
# docker-credential-gcr is a Docker credential helper for pushing/pulling
# images from Google Container Registry and Artifact Registry
curl --silent --show-error --location "https://github.com/GoogleCloudPlatform/docker-credential-gcr/releases/download/v${DOCKER_GCR_VERSION}/docker-credential-gcr_linux_amd64-${DOCKER_GCR_VERSION}.tar.gz" | \
tar --extract --gzip --directory=/usr/local/bin --file=- docker-credential-gcr && \
# golangci-lint performs static code analysis for our Go code
curl --silent --show-error --location "https://github.com/golangci/golangci-lint/releases/download/v${GOLANGCI_LINT_VERSION}/golangci-lint-${GOLANGCI_LINT_VERSION}-linux-amd64.tar.gz" | \
tar --extract --gzip --directory=/usr/local/bin --file=- --strip-components=1 "golangci-lint-${GOLANGCI_LINT_VERSION}-linux-amd64/golangci-lint" && \
# Anchore Grype for scanning container images for security issues
curl --silent --show-error --location "https://github.com/anchore/grype/releases/download/v${GRYPE_VERSION}/grype_${GRYPE_VERSION}_linux_amd64.tar.gz" | \
tar --extract --gzip --directory=/usr/local/bin --file=- grype && \
# Helm is necessary for deploying Coder
curl --silent --show-error --location "https://get.helm.sh/helm-v${HELM_VERSION}-linux-amd64.tar.gz" | \
tar --extract --gzip --directory=/usr/local/bin --file=- --strip-components=1 linux-amd64/helm && \
# kube-linter for linting Kubernetes objects, including those
# that Helm generates from our charts
curl --silent --show-error --location "https://github.com/stackrox/kube-linter/releases/download/${KUBE_LINTER_VERSION}/kube-linter-linux.tar.gz" | \
tar --extract --gzip --directory=/usr/local/bin --file=- kube-linter && \
# kubens and kubectx for managing Kubernetes namespaces and contexts
curl --silent --show-error --location "https://github.com/ahmetb/kubectx/releases/download/v${KUBECTX_VERSION}/kubectx_v${KUBECTX_VERSION}_linux_x86_64.tar.gz" | \
tar --extract --gzip --directory=/usr/local/bin --file=- kubectx && \
curl --silent --show-error --location "https://github.com/ahmetb/kubectx/releases/download/v${KUBECTX_VERSION}/kubens_v${KUBECTX_VERSION}_linux_x86_64.tar.gz" | \
tar --extract --gzip --directory=/usr/local/bin --file=- kubens && \
# stripe for coder.com billing API
curl --silent --show-error --location "https://github.com/stripe/stripe-cli/releases/download/v${STRIPE_VERSION}/stripe_${STRIPE_VERSION}_linux_x86_64.tar.gz" | \
tar --extract --gzip --directory=/usr/local/bin --file=- stripe && \
# terragrunt for running Terraform and Terragrunt files
curl --silent --show-error --location --output /usr/local/bin/terragrunt "https://github.com/gruntwork-io/terragrunt/releases/download/v${TERRAGRUNT_VERSION}/terragrunt_linux_amd64" && \
chmod a=rx /usr/local/bin/terragrunt && \
# AquaSec Trivy for scanning container images for security issues
curl --silent --show-error --location "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" | \
tar --extract --gzip --directory=/usr/local/bin --file=- trivy
chmod a=rx /usr/local/bin/cloud_sql_proxy && \
# dive for scanning image layer utilization metrics in CI
curl --silent --show-error --location "https://github.com/wagoodman/dive/releases/download/v${DIVE_VERSION}/dive_${DIVE_VERSION}_linux_amd64.tar.gz" | \
tar --extract --gzip --directory=/usr/local/bin --file=- dive && \
# docker-credential-gcr is a Docker credential helper for pushing/pulling
# images from Google Container Registry and Artifact Registry
curl --silent --show-error --location "https://github.com/GoogleCloudPlatform/docker-credential-gcr/releases/download/v${DOCKER_GCR_VERSION}/docker-credential-gcr_linux_amd64-${DOCKER_GCR_VERSION}.tar.gz" | \
tar --extract --gzip --directory=/usr/local/bin --file=- docker-credential-gcr && \
# golangci-lint performs static code analysis for our Go code
curl --silent --show-error --location "https://github.com/golangci/golangci-lint/releases/download/v${GOLANGCI_LINT_VERSION}/golangci-lint-${GOLANGCI_LINT_VERSION}-linux-amd64.tar.gz" | \
tar --extract --gzip --directory=/usr/local/bin --file=- --strip-components=1 "golangci-lint-${GOLANGCI_LINT_VERSION}-linux-amd64/golangci-lint" && \
# Anchore Grype for scanning container images for security issues
curl --silent --show-error --location "https://github.com/anchore/grype/releases/download/v${GRYPE_VERSION}/grype_${GRYPE_VERSION}_linux_amd64.tar.gz" | \
tar --extract --gzip --directory=/usr/local/bin --file=- grype && \
# Helm is necessary for deploying Coder
curl --silent --show-error --location "https://get.helm.sh/helm-v${HELM_VERSION}-linux-amd64.tar.gz" | \
tar --extract --gzip --directory=/usr/local/bin --file=- --strip-components=1 linux-amd64/helm && \
# kube-linter for linting Kubernetes objects, including those
# that Helm generates from our charts
curl --silent --show-error --location "https://github.com/stackrox/kube-linter/releases/download/${KUBE_LINTER_VERSION}/kube-linter-linux.tar.gz" | \
tar --extract --gzip --directory=/usr/local/bin --file=- kube-linter && \
# kubens and kubectx for managing Kubernetes namespaces and contexts
curl --silent --show-error --location "https://github.com/ahmetb/kubectx/releases/download/v${KUBECTX_VERSION}/kubectx_v${KUBECTX_VERSION}_linux_x86_64.tar.gz" | \
tar --extract --gzip --directory=/usr/local/bin --file=- kubectx && \
curl --silent --show-error --location "https://github.com/ahmetb/kubectx/releases/download/v${KUBECTX_VERSION}/kubens_v${KUBECTX_VERSION}_linux_x86_64.tar.gz" | \
tar --extract --gzip --directory=/usr/local/bin --file=- kubens && \
# stripe for coder.com billing API
curl --silent --show-error --location "https://github.com/stripe/stripe-cli/releases/download/v${STRIPE_VERSION}/stripe_${STRIPE_VERSION}_linux_x86_64.tar.gz" | \
tar --extract --gzip --directory=/usr/local/bin --file=- stripe && \
# terragrunt for running Terraform and Terragrunt files
curl --silent --show-error --location --output /usr/local/bin/terragrunt "https://github.com/gruntwork-io/terragrunt/releases/download/v${TERRAGRUNT_VERSION}/terragrunt_linux_amd64" && \
chmod a=rx /usr/local/bin/terragrunt && \
# AquaSec Trivy for scanning container images for security issues
curl --silent --show-error --location "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" | \
tar --extract --gzip --directory=/usr/local/bin --file=- trivy
# Add Vercel globally. We can't install it in packages.json, because it
# includes Go files which make golangci-lint unhappy.
RUN yarn global add --prefix=/usr/local \
vercel \
typescript \
typescript-language-server \
prettier && \
yarn cache clean
vercel \
typescript \
typescript-language-server \
prettier && \
yarn cache clean
# We use yq during "make deploy" to manually substitute out fields in
# our helm values.yaml file. See https://github.com/helm/helm/issues/3141
@ -273,13 +277,13 @@ RUN yarn global add --prefix=/usr/local \
# mv /usr/local/bin/yq_linux_amd64 /usr/local/bin/yq
RUN curl --silent --show-error --location --output /usr/local/bin/yq "https://github.com/mikefarah/yq/releases/download/3.3.0/yq_linux_amd64" && \
chmod a=rx /usr/local/bin/yq
chmod a=rx /usr/local/bin/yq
# Install GoLand.
RUN mkdir --parents /usr/local/goland && \
curl --silent --show-error --location "https://download.jetbrains.com/go/goland-2021.2.tar.gz" | \
tar --extract --gzip --directory=/usr/local/goland --file=- --strip-components=1 && \
ln --symbolic /usr/local/goland/bin/goland.sh /usr/local/bin/goland
curl --silent --show-error --location "https://download.jetbrains.com/go/goland-2021.2.tar.gz" | \
tar --extract --gzip --directory=/usr/local/goland --file=- --strip-components=1 && \
ln --symbolic /usr/local/goland/bin/goland.sh /usr/local/bin/goland
# Install Antlrv4, needed to generate paramlang lexer/parser
RUN curl --silent --show-error --location --output /usr/local/lib/antlr-4.9.2-complete.jar "https://www.antlr.org/download/antlr-4.9.2-complete.jar"
@ -287,22 +291,22 @@ ENV CLASSPATH="/usr/local/lib/antlr-4.9.2-complete.jar:${PATH}"
# Add coder user and allow use of docker/sudo
RUN useradd coder \
--create-home \
--shell=/bin/bash \
--groups=docker \
--uid=1000 \
--user-group
--create-home \
--shell=/bin/bash \
--groups=docker \
--uid=1000 \
--user-group
# Adjust OpenSSH config
RUN echo "PermitUserEnvironment yes" >>/etc/ssh/sshd_config && \
echo "X11Forwarding yes" >>/etc/ssh/sshd_config && \
echo "X11UseLocalhost no" >>/etc/ssh/sshd_config
echo "X11Forwarding yes" >>/etc/ssh/sshd_config && \
echo "X11UseLocalhost no" >>/etc/ssh/sshd_config
# We avoid copying the extracted directory since COPY slows to minutes when there
# are a lot of small files.
COPY --from=go /usr/local/go.tar.gz /usr/local/go.tar.gz
RUN mkdir /usr/local/go && \
tar --extract --gzip --directory=/usr/local/go --file=/usr/local/go.tar.gz --strip-components=1
tar --extract --gzip --directory=/usr/local/go --file=/usr/local/go.tar.gz --strip-components=1
ENV PATH=$PATH:/usr/local/go/bin

8
dogfood/guide.md
View File

@ -51,11 +51,11 @@ The following explains how to do certain things related to dogfooding.
7. To create your own template, you can do: `./scripts/coder-dev.sh templates init` and choose your preferred option.
For example, choosing “Develop in Docker” will create a new folder `docker` that contains the bare bones for starting a Docker workspace template.
Then, enter the folder that was just created and customize as you wish.
<aside>
💡 **For all Docker templates:**
This step depends on whether you are developing on a Coder v1 workspace, versus a Coder v2 workspace, versus a VM, versus locally. In any case, check the output of the command `docker context ls` to determine where your Docker daemon is listening. Then open `./docker/main.tf` and check inside the block `provider "docker"` that the variable `"host"` is set correctly.
</aside>
<aside>
💡 **For all Docker templates:**
This step depends on whether you are developing on a Coder v1 workspace, versus a Coder v2 workspace, versus a VM, versus locally. In any case, check the output of the command `docker context ls` to determine where your Docker daemon is listening. Then open `./docker/main.tf` and check inside the block `provider "docker"` that the variable `"host"` is set correctly.
</aside>
## Troubleshooting

1
examples/lima/README.md
View File

@ -17,6 +17,7 @@ This lets you quickly test out Coder in a self-contained environment.
- You can use the configuration as-is, or edit it to your liking.
This will:
- Start an Ubuntu 22.04 VM
- Install Docker and Terraform from the official repos
- Install Coder using the [installation script](https://coder.com/docs/coder-oss/latest/install#installsh)

215
examples/lima/coder.yaml
View File

@ -7,19 +7,19 @@
# This example requires Lima v0.8.3 or later.
images:
# Try to use release-yyyyMMdd image if available. Note that release-yyyyMMdd will be removed after several months.
- location: "https://cloud-images.ubuntu.com/releases/22.04/release-20220420/ubuntu-22.04-server-cloudimg-amd64.img"
arch: "x86_64"
digest: "sha256:de5e632e17b8965f2baf4ea6d2b824788e154d9a65df4fd419ec4019898e15cd"
- location: "https://cloud-images.ubuntu.com/releases/22.04/release-20220420/ubuntu-22.04-server-cloudimg-arm64.img"
arch: "aarch64"
digest: "sha256:66224c7fed99ff5a5539eda406c87bbfefe8af6ff6b47d92df3187832b5b5d4f"
# Fallback to the latest release image.
# Hint: run `limactl prune` to invalidate the cache
- location: "https://cloud-images.ubuntu.com/releases/22.04/release/ubuntu-22.04-server-cloudimg-amd64.img"
arch: "x86_64"
- location: "https://cloud-images.ubuntu.com/releases/22.04/release/ubuntu-22.04-server-cloudimg-arm64.img"
arch: "aarch64"
# Try to use release-yyyyMMdd image if available. Note that release-yyyyMMdd will be removed after several months.
- location: "https://cloud-images.ubuntu.com/releases/22.04/release-20220420/ubuntu-22.04-server-cloudimg-amd64.img"
arch: "x86_64"
digest: "sha256:de5e632e17b8965f2baf4ea6d2b824788e154d9a65df4fd419ec4019898e15cd"
- location: "https://cloud-images.ubuntu.com/releases/22.04/release-20220420/ubuntu-22.04-server-cloudimg-arm64.img"
arch: "aarch64"
digest: "sha256:66224c7fed99ff5a5539eda406c87bbfefe8af6ff6b47d92df3187832b5b5d4f"
# Fallback to the latest release image.
# Hint: run `limactl prune` to invalidate the cache
- location: "https://cloud-images.ubuntu.com/releases/22.04/release/ubuntu-22.04-server-cloudimg-amd64.img"
arch: "x86_64"
- location: "https://cloud-images.ubuntu.com/releases/22.04/release/ubuntu-22.04-server-cloudimg-arm64.img"
arch: "aarch64"
# Your home directory is mounted read-only
mounts:
@ -33,101 +33,101 @@ hostResolver:
hosts:
host.docker.internal: host.lima.internal
provision:
- mode: system
# This script defines the host.docker.internal hostname when hostResolver is disabled.
# It is also needed for lima 0.8.2 and earlier, which does not support hostResolver.hosts.
# Names defined in /etc/hosts inside the VM are not resolved inside containers when
# using the hostResolver; use hostResolver.hosts instead (requires lima 0.8.3 or later).
script: |
#!/bin/sh
set -eux -o pipefail
sed -i 's/host.lima.internal.*/host.lima.internal host.docker.internal/' /etc/hosts
- mode: system
script: |
#!/bin/bash
set -eux -o pipefail
command -v docker >/dev/null 2>&1 && exit 0
export DEBIAN_FRONTEND=noninteractive
curl -fsSL https://get.docker.com | sh
# Ensure we have a decent logging driver set up for Docker, for debugging.
cat > /etc/docker/daemon.json << EOF
{
"log-driver": "journald"
}
EOF
systemctl restart docker
# In case a user forgets to set the arch correctly, just install binfmt
docker run --privileged --rm tonistiigi/binfmt --install all
- mode: system
script: |
#!/bin/bash
set -eux -o pipefail
command -v terraform >/dev/null 2>&1 && exit 0
DEBIAN_FRONTEND=noninteractive apt-get install -qqy unzip
rm -fv /tmp/terraform.zip || true
wget -qO /tmp/terraform.zip "https://releases.hashicorp.com/terraform/1.3.0/terraform_1.3.0_linux_$(dpkg --print-architecture).zip"
unzip /tmp/terraform.zip -d /usr/local/bin/
chmod +x /usr/local/bin/terraform
rm -fv /tmp/terraform.zip || true
- mode: system
script: |
#!/bin/bash
set -eux -o pipefail
command -v coder >/dev/null 2>&1 && exit 0
export DEBIAN_FRONTEND=noninteractive
export HOME=/root
curl -fsSL https://coder.com/install.sh | sh
# Ensure Coder has permissions on /var/run/docker.socket
usermod -aG docker coder
# Ensure coder listens on all interfaces
sed -i 's/CODER_ADDRESS=.*/CODER_ADDRESS=0.0.0.0:3000/' /etc/coder.d/coder.env
# Ensure coder starts on boot
systemctl enable coder
systemctl start coder
# Wait for Coder to have downloaded Terraform
timeout 60s bash -c 'until /var/cache/coder/terraform version >/dev/null 2>&1; do sleep 1; done'
# Coder restarts after downloading Terraform, wait for it to become available
timeout 60s bash -c 'until nc -z localhost 3000 > /dev/null 2>&1; do sleep 1; done'
- mode: user
script: |
#!/bin/bash
set -eux -o pipefail
# If we are already logged in, nothing to do
coder templates list >/dev/null 2>&1 && exit 0
# Set up initial user
[ ! -e ~/.config/coderv2/session ] && coder login http://localhost:3000 --first-user-username admin --first-user-email admin@coder.com --first-user-password $(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c8 | tee ${HOME}/.config/coderv2/password)
# Create an initial template
temp_template_dir=$(mktemp -d)
echo code-server | coder templates init "${temp_template_dir}"
DOCKER_ARCH="amd64"
if [ "$(arch)" = "aarch64" ]; then
DOCKER_ARCH="arm64"
fi
DOCKER_HOST=$(docker context inspect --format '{{.Endpoints.docker.Host}}')
printf 'docker_arch: "%s"\ndocker_host: "%s"\n' "${DOCKER_ARCH}" "${DOCKER_HOST}" | tee "${temp_template_dir}/params.yaml"
coder templates create "docker-code-server-${DOCKER_ARCH}" --directory "${temp_template_dir}" --parameter-file "${temp_template_dir}/params.yaml" --yes
rm -rfv "${temp_template_dir}"
- mode: system
# This script defines the host.docker.internal hostname when hostResolver is disabled.
# It is also needed for lima 0.8.2 and earlier, which does not support hostResolver.hosts.
# Names defined in /etc/hosts inside the VM are not resolved inside containers when
# using the hostResolver; use hostResolver.hosts instead (requires lima 0.8.3 or later).
script: |
#!/bin/sh
set -eux -o pipefail
sed -i 's/host.lima.internal.*/host.lima.internal host.docker.internal/' /etc/hosts
- mode: system
script: |
#!/bin/bash
set -eux -o pipefail
command -v docker >/dev/null 2>&1 && exit 0
export DEBIAN_FRONTEND=noninteractive
curl -fsSL https://get.docker.com | sh
# Ensure we have a decent logging driver set up for Docker, for debugging.
cat > /etc/docker/daemon.json << EOF
{
"log-driver": "journald"
}
EOF
systemctl restart docker
# In case a user forgets to set the arch correctly, just install binfmt
docker run --privileged --rm tonistiigi/binfmt --install all
- mode: system
script: |
#!/bin/bash
set -eux -o pipefail
command -v terraform >/dev/null 2>&1 && exit 0
DEBIAN_FRONTEND=noninteractive apt-get install -qqy unzip
rm -fv /tmp/terraform.zip || true
wget -qO /tmp/terraform.zip "https://releases.hashicorp.com/terraform/1.3.0/terraform_1.3.0_linux_$(dpkg --print-architecture).zip"
unzip /tmp/terraform.zip -d /usr/local/bin/
chmod +x /usr/local/bin/terraform
rm -fv /tmp/terraform.zip || true
- mode: system
script: |
#!/bin/bash
set -eux -o pipefail
command -v coder >/dev/null 2>&1 && exit 0
export DEBIAN_FRONTEND=noninteractive
export HOME=/root
curl -fsSL https://coder.com/install.sh | sh
# Ensure Coder has permissions on /var/run/docker.socket
usermod -aG docker coder
# Ensure coder listens on all interfaces
sed -i 's/CODER_ADDRESS=.*/CODER_ADDRESS=0.0.0.0:3000/' /etc/coder.d/coder.env
# Ensure coder starts on boot
systemctl enable coder
systemctl start coder
# Wait for Coder to have downloaded Terraform
timeout 60s bash -c 'until /var/cache/coder/terraform version >/dev/null 2>&1; do sleep 1; done'
# Coder restarts after downloading Terraform, wait for it to become available
timeout 60s bash -c 'until nc -z localhost 3000 > /dev/null 2>&1; do sleep 1; done'
- mode: user
script: |
#!/bin/bash
set -eux -o pipefail
# If we are already logged in, nothing to do
coder templates list >/dev/null 2>&1 && exit 0
# Set up initial user
[ ! -e ~/.config/coderv2/session ] && coder login http://localhost:3000 --first-user-username admin --first-user-email admin@coder.com --first-user-password $(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c8 | tee ${HOME}/.config/coderv2/password)
# Create an initial template
temp_template_dir=$(mktemp -d)
echo code-server | coder templates init "${temp_template_dir}"
DOCKER_ARCH="amd64"
if [ "$(arch)" = "aarch64" ]; then
DOCKER_ARCH="arm64"
fi
DOCKER_HOST=$(docker context inspect --format '{{.Endpoints.docker.Host}}')
printf 'docker_arch: "%s"\ndocker_host: "%s"\n' "${DOCKER_ARCH}" "${DOCKER_HOST}" | tee "${temp_template_dir}/params.yaml"
coder templates create "docker-code-server-${DOCKER_ARCH}" --directory "${temp_template_dir}" --parameter-file "${temp_template_dir}/params.yaml" --yes
rm -rfv "${temp_template_dir}"
probes:
- description: "docker to be installed"
script: |
#!/bin/bash
set -eux -o pipefail
if ! timeout 30s bash -c "until command -v docker >/dev/null 2>&1; do sleep 3; done"; then
echo >&2 "docker is not installed yet"
exit 1
fi
hint: |
See "/var/log/cloud-init-output.log" in the guest.
- description: "coder to be installed"
script: |
#!/bin/bash
set -eux -o pipefail
if ! timeout 30s bash -c "until command -v coder >/dev/null 2>&1; do sleep 3; done"; then
echo >&2 "coder is not installed yet"
exit 1
fi
hint: |
See "/var/log/cloud-init-output.log" in the guest.
- description: "docker to be installed"
script: |
#!/bin/bash
set -eux -o pipefail
if ! timeout 30s bash -c "until command -v docker >/dev/null 2>&1; do sleep 3; done"; then
echo >&2 "docker is not installed yet"
exit 1
fi
hint: |
See "/var/log/cloud-init-output.log" in the guest.
- description: "coder to be installed"
script: |
#!/bin/bash
set -eux -o pipefail
if ! timeout 30s bash -c "until command -v coder >/dev/null 2>&1; do sleep 3; done"; then
echo >&2 "coder is not installed yet"
exit 1
fi
hint: |
See "/var/log/cloud-init-output.log" in the guest.
message: |
All Done! Your Coder instance is accessible at http://localhost:3000
@ -139,4 +139,3 @@ message: |
limactl shell coder
cd && coder templates init
------

2
examples/templates/community-templates.md
View File

@ -5,7 +5,7 @@ This is a list of templates and actions created by the community.
See [Getting Started](./README.md#getting-started) for how to use these templates.
> If you have created a template, see one that's missing or one that's no longer
maintained, please submit a pull request to improve this list. Thank you!
> maintained, please submit a pull request to improve this list. Thank you!
## Templates

1
flake.nix
View File

@ -47,6 +47,7 @@
terraform
typos
yarn
yq
zip
zstd
];

9
helm/values.yaml
View File

@ -65,7 +65,8 @@ coder:
# coder.resources -- The resources to request for Coder. These are optional
# and are not set by default.
resources: {}
resources:
{}
# limits:
# cpu: 100m
# memory: 128Mi
@ -81,7 +82,8 @@ coder:
#
# The given key in each secret is mounted at
# `/etc/ssl/certs/{secret_name}.crt`.
secrets: []
secrets:
[]
# - name: "my-ca-bundle"
# key: "ca-bundle.crt"
@ -103,7 +105,8 @@ coder:
# coder.tolerations -- Tolerations for tainted nodes.
# See: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
tolerations: {}
tolerations:
{}
# - key: "key"
# operator: "Equal"
# value: "value"

64
scripts/apidocgen/markdown-template/README.md
View File

@ -1,64 +0,0 @@
## Swagger / OpenAPI 2 and OpenAPI 3 template parameters
Note that properties of OpenAPI objects will be in OpenAPI 3.0 form, as
Swagger / OpenAPI 2.0 definitions are converted automatically.
### Code templates
* `method` - the HTTP method of the operation (in lower-case)
* `methodUpper` - the HTTP method of the operation (in upper-case)
* `url` - the full URL of the operation (including protocol and host)
* `consumes[]` - an array of MIME-types the operation consumes
* `produces[]` - an array of MIME-types the operation produces
* `operation` - the current operation object
* `operationId` - the current operation id
* `opName` - the operationId if set, otherwise the method + path
* `tags[]` - the full list of tags applying to the operation
* `security` - the security definitions applying to the operation
* `resource` - the current tag/path object
* `parameters[]` - an array of parameters for the operation (see below)
* `queryString` - an example queryString, urlEncoded
* `requiredQueryString` - an example queryString for `required:true` parameters
* `queryParameters[]` - a subset of `parameters` that are `in:query`
* `requiredParameters[]` - a subset of `queryParameters` that are `required:true`
* `headerParameters[]` - a subset of `parameters` that are `in:header`
* `allHeaders[]` - a concatenation of `headerParameters` and pseudo-parameters `Accept` and `Content-Type`, and optionally `Authorization` (the latter has an `isAuth` boolean property set true so it can be omitted in templates if desired
### Parameter template
* `parameters[]` - an array of [parameters](https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.0.md#parameterObject), including the following pseudo-properties
* `shortDesc` - a truncated version of the parameter description
* `safeType` - a computed version of the parameter type, including Body and schema names
* `originalType` - the original type of the parameter
* `exampleValues` - an object containing examples for use in code-templates
* `json` - example values in JSON compatible syntax
* `object` - example values in raw object form (unquoted strings etc)
* `depth` - a zero-based indicator of the depth of expanded request body parameters
* `enums[]` - an array of (parameter)name/value pairs
### Responses template
* `responses[]` - an array of [responses](https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.0.md#responseObject), including `status` and `meaning` properties
### Authentication template
* `authenticationStr` - a simple string of methods (and scopes where appropriate)
* `securityDefinitions[]` - an array of applicable [securityDefinitions](https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.0.md#securityRequirementObject)
### Schema Property template
* `schemaProperties[]` - an array of
* `name`
* `type`
* `required`
* `description`
* `enums[]` - an array of (schema property)name/value pairs
### Common to all templates
* `openapi` - the top-level OpenAPI / Swagger document
* `header` - the front-matter of the Slate/Shins markdown document
* `host` - the (computed) host of the API
* `protocol` - the default/first protocol of the API
* `baseUrl` - the (computed) baseUrl of the API (including protocol and host)
* `widdershins` - the contents of widdershins `package.json`

1
scripts/apitypings/README.md
View File

@ -13,7 +13,6 @@ This main.go generates typescript types from the codersdk types in Go.
- [ ] External Types (uses `any` atm)
- Some custom external types are hardcoded in (eg: time.Time)
## Type overrides
```golang

30
scripts/lib.sh
View File

@ -75,10 +75,22 @@ execrelative() {
return $rc
}
dependency_check() {
local dep=$1
# Special case for yq that can be yq or yq4.
if [[ $dep == yq ]]; then
[[ -n "${CODER_LIBSH_YQ:-}" ]]
return
fi
command -v "$dep" >/dev/null
}
dependencies() {
local fail=0
for dep in "$@"; do
if ! command -v "$dep" >/dev/null; then
if ! dependency_check "$dep"; then
log "ERROR: The '$dep' dependency is required, but is not available."
fail=1
fi
@ -200,9 +212,25 @@ if [[ "${CODER_LIBSH_NO_CHECK_DEPENDENCIES:-}" != *t* ]]; then
log
fi
# Allow for yq to be installed as yq4.
if command -v yq4 >/dev/null; then
export CODER_LIBSH_YQ=yq4
elif command -v yq >/dev/null; then
if [[ $(yq --version) == *" v4."* ]]; then
export CODER_LIBSH_YQ=yq
fi
fi
if [[ "$libsh_bad_dependencies" == 1 ]]; then
error "Invalid dependencies, see above for more details."
fi
export CODER_LIBSH_NO_CHECK_DEPENDENCIES=true
fi
# Alias yq to the version we want by shadowing with a function.
if [[ -n ${CODER_LIBSH_YQ:-} ]]; then
yq() {
command $CODER_LIBSH_YQ "$@"
}
fi

1
scripts/nfpm.yaml
View File

@ -11,7 +11,6 @@ maintainer: Coder <support@coder.com>
description: |
Provision development environments with infrastructure with code
license: AGPL-3.0
suggests:
- postgresql

70
site/.eslintignore
View File

@ -1,16 +1,60 @@
###############################################################################
# COPY PASTA OF .gitignore
###############################################################################
# Code generated by Makefile (.gitignore .prettierignore.include). DO NOT EDIT.
.idea
# .gitignore:
# Common ignore patterns, these rules applies in both root and subdirectories.
.DS_Store
.eslintcache
.gitpod.yml
node_modules
vendor
out
coverage
.next
storybook-static
test-results
**/*.typegen.ts
.idea
**/*.swp
.coderv2/*
gotests.coverage
gotests.xml
gotestsum.json
node_modules/
vendor/
yarn-error.log
# VSCode settings.
**/.vscode/*
# Allow VSCode recommendations and default settings in project root.
!../.vscode/extensions.json
!../.vscode/settings.json
# Front-end ignore patterns.
.next/
**/*.typegen.ts
build-storybook.log
coverage/
storybook-static/
test-results/
# Make target for updating golden files.
../cli/testdata/.gen-golden
# Build
../build/
../dist/
out/
*.tfstate
*.tfstate.backup
*.tfplan
*.lock.hcl
.terraform/
../.coderv2/*
**/__debug_bin
# direnv
.envrc
# .prettierignore.include:
# Helm templates contain variables that are invalid YAML and can't be formatted
# by Prettier.
../helm/templates/*.yaml
# Terraform state files used in tests, these are automatically generated.
# Example: provisioner/terraform/testdata/instance-id/instance-id.tfstate.json
**/testdata/**/*.tf*.json
# Testdata shouldn't be formatted.
../scripts/apitypings/testdata/**/*.ts

64
site/.prettierignore
View File

@ -1,24 +1,60 @@
###############################################################################
# COPY PASTA OF .gitignore
# https://github.com/prettier/prettier/issues/8048
# https://github.com/prettier/prettier/issues/8506
# https://github.com/prettier/prettier/issues/8679
###############################################################################
# Code generated by Makefile (.gitignore .prettierignore.include). DO NOT EDIT.
node_modules
vendor
# .gitignore:
# Common ignore patterns, these rules applies in both root and subdirectories.
.DS_Store
.eslintcache
yarn-error.log
.idea
.gitpod.yml
.idea
**/*.swp
gotests.coverage
gotests.xml
gotestsum.json
node_modules/
vendor/
yarn-error.log
# Front-end ignore
# VSCode settings.
**/.vscode/*
# Allow VSCode recommendations and default settings in project root.
!../.vscode/extensions.json
!../.vscode/settings.json
# Front-end ignore patterns.
.next/
**/*.typegen.ts
build-storybook.log
coverage/
out/
storybook-static/
test-results/
**/*.swp
.coderv2/*
# Make target for updating golden files.
../cli/testdata/.gen-golden
# Build
../build/
../dist/
out/
*.tfstate
*.tfstate.backup
*.tfplan
*.lock.hcl
.terraform/
../.coderv2/*
**/__debug_bin
# direnv
.envrc
# .prettierignore.include:
# Helm templates contain variables that are invalid YAML and can't be formatted
# by Prettier.
../helm/templates/*.yaml
# Terraform state files used in tests, these are automatically generated.
# Example: provisioner/terraform/testdata/instance-id/instance-id.tfstate.json
**/testdata/**/*.tf*.json
# Testdata shouldn't be formatted.
../scripts/apitypings/testdata/**/*.ts

13
site/.prettierrc
View File

@ -1,13 +0,0 @@
{
"printWidth": 80,
"semi": false,
"trailingComma": "all",
"overrides": [
{
"files": ["./README.md", "**/*.yaml"],
"options": {
"proseWrap": "always"
}
}
]
}

18
site/.prettierrc.yaml Normal file
View File

@ -0,0 +1,18 @@
# Code generated by Makefile (../.prettierrc.yaml). DO NOT EDIT.
# This config file is used in conjunction with `.editorconfig` to specify
# formatting for prettier-supported files. See `.editorconfig` and
# `site/.editorconfig`for whitespace formatting options.
printWidth: 80
semi: false
trailingComma: all
overrides:
- files:
- ../README.md
options:
proseWrap: preserve
- files:
- ./**/*.yaml
- ./**/*.yml
options:
proseWrap: always

5
site/package.json
View File

@ -9,9 +9,10 @@
"check:all": "yarn format:check && yarn lint && yarn test",
"chromatic": "chromatic",
"dev": "vite",
"format:check": "prettier --cache --check '**/*.{css,html,js,json,jsx,md,ts,tsx,yaml,yml}'",
"format:check": "prettier --cache --check '../**/*.{css,html,js,json,jsx,md,ts,tsx,yaml,yml}'",
"format:types": "prettier --write 'src/api/typesGenerated.ts'",
"format:write": "prettier --write '**/*.{css,html,js,json,jsx,md,ts,tsx,yaml,yml}'",
"format:write": "prettier --write '../**/*.{css,html,js,json,jsx,md,ts,tsx,yaml,yml}'",
"format:write:only": "prettier --write",
"lint": "jest --selectProjects lint",
"lint:fix": "FIX=true yarn lint",
"playwright:install": "playwright install",