diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile
index 9564a0f632..40cb654e6e 100644
--- a/.devcontainer/Dockerfile
+++ b/.devcontainer/Dockerfile
@@ -6,27 +6,27 @@ ENV EDITOR=vim
RUN apt-get update && apt-get upgrade --yes
RUN apt-get install --yes \
- ca-certificates \
- bash-completion \
- build-essential \
- curl \
- cmake \
- direnv \
- emacs-nox \
- gnupg \
- htop \
- jq \
- less \
- lsb-release \
- lsof \
- man-db \
- nano \
- neovim \
- ssl-cert \
- sudo \
- unzip \
- xz-utils \
- zip
+ ca-certificates \
+ bash-completion \
+ build-essential \
+ curl \
+ cmake \
+ direnv \
+ emacs-nox \
+ gnupg \
+ htop \
+ jq \
+ less \
+ lsb-release \
+ lsof \
+ man-db \
+ nano \
+ neovim \
+ ssl-cert \
+ sudo \
+ unzip \
+ xz-utils \
+ zip
# configure locales to UTF8
RUN apt-get install locales && locale-gen en_US.UTF-8
@@ -39,22 +39,22 @@ RUN direnv hook bash >> $HOME/.bashrc
RUN sh <(curl -L https://nixos.org/nix/install) --daemon
RUN mkdir -p $HOME/.config/nix $HOME/.config/nixpkgs \
- && echo 'sandbox = false' >> $HOME/.config/nix/nix.conf \
- && echo '{ allowUnfree = true; }' >> $HOME/.config/nixpkgs/config.nix \
- && echo '. $HOME/.nix-profile/etc/profile.d/nix.sh' >> $HOME/.bashrc
+ && echo 'sandbox = false' >> $HOME/.config/nix/nix.conf \
+ && echo '{ allowUnfree = true; }' >> $HOME/.config/nixpkgs/config.nix \
+ && echo '. $HOME/.nix-profile/etc/profile.d/nix.sh' >> $HOME/.bashrc
# install docker and configure daemon to use vfs as GitHub codespaces requires vfs
# https://github.com/moby/moby/issues/13742#issuecomment-725197223
RUN mkdir -p /etc/apt/keyrings \
- && curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg \
- && echo \
- "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
- $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null \
- && apt-get update \
- && apt-get install --yes docker-ce docker-ce-cli containerd.io docker-compose-plugin \
- && mkdir -p /etc/docker \
- && echo '{"cgroup-parent":"/actions_job","storage-driver":"vfs"}' >> /etc/docker/daemon.json
+ && curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg \
+ && echo \
+ "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
+ $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null \
+ && apt-get update \
+ && apt-get install --yes docker-ce docker-ce-cli containerd.io docker-compose-plugin \
+ && mkdir -p /etc/docker \
+ && echo '{"cgroup-parent":"/actions_job","storage-driver":"vfs"}' >> /etc/docker/daemon.json
# install golang and language tooling
ENV GO_VERSION=1.19
@@ -67,6 +67,7 @@ RUN echo 'export PATH=$GOPATH/bin:$PATH' >> $HOME/.bashrc
RUN bash -c ". $HOME/.bashrc \
go install -v golang.org/x/tools/gopls@latest \
&& go install -v mvdan.cc/sh/v3/cmd/shfmt@latest \
+ && go install -v github.com/mikefarah/yq/v4@v4.30.6 \
"
# install nodejs
@@ -80,4 +81,3 @@ RUN bash -c "$(curl -fsSL https://raw.githubusercontent.com/horta/zstd.install/m
RUN echo 'deb [trusted=yes] https://repo.goreleaser.com/apt/ /' | sudo tee /etc/apt/sources.list.d/goreleaser.list \
&& apt update \
&& apt install nfpm
-
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
index a2c558fb01..9e53188536 100644
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -1,18 +1,24 @@
// For format details, see https://aka.ms/devcontainer.json
{
- "name": "Development environments on your infrastructure",
+ "name": "Development environments on your infrastructure",
- // Sets the run context to one level up instead of the .devcontainer folder.
- "context": ".",
+ // Sets the run context to one level up instead of the .devcontainer folder.
+ "context": ".",
- // Update the 'dockerFile' property if you aren't using the standard 'Dockerfile' filename.
- "dockerFile": "Dockerfile",
+ // Update the 'dockerFile' property if you aren't using the standard 'Dockerfile' filename.
+ "dockerFile": "Dockerfile",
- // Use 'forwardPorts' to make a list of ports inside the container available locally.
- // "forwardPorts": [],
-
- "postStartCommand": "dockerd",
+ // Use 'forwardPorts' to make a list of ports inside the container available locally.
+ // "forwardPorts": [],
- // privileged is required by GitHub codespaces - https://github.com/microsoft/vscode-dev-containers/issues/727
- "runArgs": [ "--cap-add=SYS_PTRACE", "--security-opt", "seccomp=unconfined", "--privileged", "--init" ]
+ "postStartCommand": "dockerd",
+
+ // privileged is required by GitHub codespaces - https://github.com/microsoft/vscode-dev-containers/issues/727
+ "runArgs": [
+ "--cap-add=SYS_PTRACE",
+ "--security-opt",
+ "seccomp=unconfined",
+ "--privileged",
+ "--init"
+ ]
}
diff --git a/.editorconfig b/.editorconfig
index 227be2a6df..af95c56b29 100644
--- a/.editorconfig
+++ b/.editorconfig
@@ -7,7 +7,7 @@ trim_trailing_whitespace = true
insert_final_newline = true
indent_style = tab
-[*.{md,json,yaml,yml,tf,tfvars}]
+[*.{md,json,yaml,yml,tf,tfvars,nix}]
indent_style = space
indent_size = 2
diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml
index 9b28b85b11..e94fd88f7a 100644
--- a/.github/dependabot.yaml
+++ b/.github/dependabot.yaml
@@ -38,7 +38,7 @@ updates:
# Ignore patch updates for all dependencies
- dependency-name: "*"
update-types:
- - version-update:semver-patch
+ - version-update:semver-patch
- package-ecosystem: "npm"
directory: "/site/"
@@ -53,7 +53,7 @@ updates:
# Ignore patch updates for all dependencies
- dependency-name: "*"
update-types:
- - version-update:semver-patch
+ - version-update:semver-patch
# Ignore major updates to Node.js types, because they need to
# correspond to the Node.js engine version
- dependency-name: "@types/node"
diff --git a/.github/workflows/cla.yaml b/.github/workflows/cla.yaml
index 81aafca379..5893c9cdc6 100644
--- a/.github/workflows/cla.yaml
+++ b/.github/workflows/cla.yaml
@@ -3,7 +3,7 @@ on:
issue_comment:
types: [created]
pull_request_target:
- types: [opened,closed,synchronize]
+ types: [opened, closed, synchronize]
jobs:
CLAssistant:
@@ -15,12 +15,12 @@ jobs:
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# the below token should have repo scope and must be manually added by you in the repository's secret
- PERSONAL_ACCESS_TOKEN : ${{ secrets.CDRCOMMUNITY_GITHUB_TOKEN }}
+ PERSONAL_ACCESS_TOKEN: ${{ secrets.CDRCOMMUNITY_GITHUB_TOKEN }}
with:
- remote-organization-name: 'coder'
- remote-repository-name: 'cla'
- path-to-signatures: 'v2022-09-04/signatures.json'
- path-to-document: 'https://github.com/coder/cla/blob/main/README.md'
+ remote-organization-name: "coder"
+ remote-repository-name: "cla"
+ path-to-signatures: "v2022-09-04/signatures.json"
+ path-to-document: "https://github.com/coder/cla/blob/main/README.md"
# branch should not be protected
- branch: 'main'
+ branch: "main"
allowlist: dependabot*
diff --git a/.github/workflows/coder.yaml b/.github/workflows/coder.yaml
index ecc95000ff..1f83de2cee 100644
--- a/.github/workflows/coder.yaml
+++ b/.github/workflows/coder.yaml
@@ -222,6 +222,8 @@ jobs:
run: go install storj.io/drpc/cmd/protoc-gen-go-drpc@v0.0.26
- name: Install goimports
run: go install golang.org/x/tools/cmd/goimports@latest
+ - name: Install yq
+ run: go run github.com/mikefarah/yq/v4@v4.30.6
- name: Install Protoc
run: |
@@ -736,18 +738,18 @@ jobs:
markdown-link-check:
runs-on: ubuntu-latest
steps:
- - uses: actions/checkout@master
- # For the main branch:
- - if: github.ref == 'refs/heads/main' && !github.event.pull_request.head.repo.fork
- uses: gaurav-nelson/github-action-markdown-link-check@v1
- with:
+ - uses: actions/checkout@master
+ # For the main branch:
+ - if: github.ref == 'refs/heads/main' && !github.event.pull_request.head.repo.fork
+ uses: gaurav-nelson/github-action-markdown-link-check@v1
+ with:
use-quiet-mode: yes
use-verbose-mode: yes
config-file: .github/workflows/mlc_config.json
- # For pull requests:
- - if: github.ref != 'refs/heads/main' || github.event.pull_request.head.repo.fork
- uses: gaurav-nelson/github-action-markdown-link-check@v1
- with:
+ # For pull requests:
+ - if: github.ref != 'refs/heads/main' || github.event.pull_request.head.repo.fork
+ uses: gaurav-nelson/github-action-markdown-link-check@v1
+ with:
use-quiet-mode: yes
use-verbose-mode: yes
check-modified-files-only: yes
diff --git a/.github/workflows/mlc_config.json b/.github/workflows/mlc_config.json
index 2a0fdc7cbf..3eccca05e5 100644
--- a/.github/workflows/mlc_config.json
+++ b/.github/workflows/mlc_config.json
@@ -1,22 +1,22 @@
{
- "ignorePatterns": [
- {
- "pattern": ":\/\/localhost"
- },
- {
- "pattern": ":\/\/.*.?example\\.com"
- },
- {
- "pattern": "developer.github.com"
- },
- {
- "pattern": "docs.github.com"
- },
- {
- "pattern": "support.google.com"
- },
- {
- "pattern": "tailscale.com"
- }
- ]
+ "ignorePatterns": [
+ {
+ "pattern": "://localhost"
+ },
+ {
+ "pattern": "://.*.?example\\.com"
+ },
+ {
+ "pattern": "developer.github.com"
+ },
+ {
+ "pattern": "docs.github.com"
+ },
+ {
+ "pattern": "support.google.com"
+ },
+ {
+ "pattern": "tailscale.com"
+ }
+ ]
}
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index a64e0cebf0..3b5c1638da 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -176,7 +176,7 @@ jobs:
service_account: ${{ secrets.GCP_SERVICE_ACCOUNT }}
- name: Setup GCloud SDK
- uses: 'google-github-actions/setup-gcloud@v1'
+ uses: "google-github-actions/setup-gcloud@v1"
- name: Publish Helm Chart
run: |
diff --git a/.github/workflows/stale.yaml b/.github/workflows/stale.yaml
index 30ad3fc934..d174cc7921 100644
--- a/.github/workflows/stale.yaml
+++ b/.github/workflows/stale.yaml
@@ -15,8 +15,8 @@ jobs:
# https://github.com/actions/stale/pull/775
- uses: actions/stale@v6.0.0
with:
- stale-issue-label: 'stale'
- stale-pr-label: 'stale'
+ stale-issue-label: "stale"
+ stale-pr-label: "stale"
# Pull Requests become stale more quickly due to merge conflicts.
# Also, we promote minimizing WIP.
days-before-pr-stale: 7
diff --git a/.github/workflows/welcome.yaml b/.github/workflows/welcome.yaml
index 93973880fe..80493eb6f6 100644
--- a/.github/workflows/welcome.yaml
+++ b/.github/workflows/welcome.yaml
@@ -11,8 +11,8 @@ jobs:
- uses: wow-actions/welcome@v1
with:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- FIRST_PR_REACTIONS: '+1, hooray, rocket, heart'
+ FIRST_PR_REACTIONS: "+1, hooray, rocket, heart"
FIRST_PR_COMMENT: |
- π Welcome @{{ author }} to Coder! Yo @coder/docs this is @{{ author }}'s first pull-request here!
+ π Welcome @{{ author }} to Coder! Yo @coder/docs this is @{{ author }}'s first pull-request here!
FIRST_PR_MERGED: |
π Thanks for the contribution @{{ author }}! Yo @coder/docs @{{ author }}'s first contribution has been merged! πππ
diff --git a/.gitignore b/.gitignore
index 4d6bf0772a..40fd51d164 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,40 +1,33 @@
-###############################################################################
-# NOTICE #
-# If you change this file, kindly copy-pasta your change into .prettierignore #
-# and .eslintignore as well. See the following discussions to understand why #
-# we have to resort to this duplication (at least for now): #
-# #
-# https://github.com/prettier/prettier/issues/8048 #
-# https://github.com/prettier/prettier/issues/8506 #
-# https://github.com/prettier/prettier/issues/8679 #
-###############################################################################
-
-node_modules
-vendor
+# Common ignore patterns, these rules applies in both root and subdirectories.
+.DS_Store
.eslintcache
-yarn-error.log
+.gitpod.yml
+.idea
+**/*.swp
gotests.coverage
gotests.xml
gotestsum.json
-.idea
-.gitpod.yml
-.DS_Store
+node_modules/
+vendor/
+yarn-error.log
+
+# VSCode settings.
+**/.vscode/*
+# Allow VSCode recommendations and default settings in project root.
+!/.vscode/extensions.json
+!/.vscode/settings.json
+
+# Front-end ignore patterns.
+.next/
+site/**/*.typegen.ts
+site/build-storybook.log
+site/coverage/
+site/storybook-static/
+site/test-results/
# Make target for updating golden files.
cli/testdata/.gen-golden
-# Front-end ignore
-.next/
-site/.eslintcache
-site/.next/
-site/node_modules/
-site/storybook-static/
-site/test-results/
-site/yarn-error.log
-coverage/
-site/**/*.typegen.ts
-site/build-storybook.log
-
# Build
/build/
/dist/
@@ -46,10 +39,7 @@ site/out/
*.lock.hcl
.terraform/
-.vscode/*.log
-.vscode/launch.json
-**/*.swp
-.coderv2/*
+/.coderv2/*
**/__debug_bin
# direnv
diff --git a/.golangci.yaml b/.golangci.yaml
index 4181eb8319..658dab717f 100644
--- a/.golangci.yaml
+++ b/.golangci.yaml
@@ -103,7 +103,7 @@ linters-settings:
settings:
ruleguard:
failOn: all
- rules: '${configDir}/scripts/rules.go'
+ rules: "${configDir}/scripts/rules.go"
staticcheck:
# https://staticcheck.io/docs/options#checks
diff --git a/.prettierignore b/.prettierignore
new file mode 100644
index 0000000000..59afc5922b
--- /dev/null
+++ b/.prettierignore
@@ -0,0 +1,60 @@
+# Code generated by Makefile (.gitignore .prettierignore.include). DO NOT EDIT.
+
+# .gitignore:
+# Common ignore patterns, these rules applies in both root and subdirectories.
+.DS_Store
+.eslintcache
+.gitpod.yml
+.idea
+**/*.swp
+gotests.coverage
+gotests.xml
+gotestsum.json
+node_modules/
+vendor/
+yarn-error.log
+
+# VSCode settings.
+**/.vscode/*
+# Allow VSCode recommendations and default settings in project root.
+!/.vscode/extensions.json
+!/.vscode/settings.json
+
+# Front-end ignore patterns.
+.next/
+site/**/*.typegen.ts
+site/build-storybook.log
+site/coverage/
+site/storybook-static/
+site/test-results/
+
+# Make target for updating golden files.
+cli/testdata/.gen-golden
+
+# Build
+/build/
+/dist/
+site/out/
+
+*.tfstate
+*.tfstate.backup
+*.tfplan
+*.lock.hcl
+.terraform/
+
+/.coderv2/*
+**/__debug_bin
+
+# direnv
+.envrc
+# .prettierignore.include:
+# Helm templates contain variables that are invalid YAML and can't be formatted
+# by Prettier.
+helm/templates/*.yaml
+
+# Terraform state files used in tests, these are automatically generated.
+# Example: provisioner/terraform/testdata/instance-id/instance-id.tfstate.json
+**/testdata/**/*.tf*.json
+
+# Testdata shouldn't be formatted.
+scripts/apitypings/testdata/**/*.ts
diff --git a/.prettierignore.include b/.prettierignore.include
new file mode 100644
index 0000000000..74e477479c
--- /dev/null
+++ b/.prettierignore.include
@@ -0,0 +1,10 @@
+# Helm templates contain variables that are invalid YAML and can't be formatted
+# by Prettier.
+helm/templates/*.yaml
+
+# Terraform state files used in tests, these are automatically generated.
+# Example: provisioner/terraform/testdata/instance-id/instance-id.tfstate.json
+**/testdata/**/*.tf*.json
+
+# Testdata shouldn't be formatted.
+scripts/apitypings/testdata/**/*.ts
diff --git a/.prettierrc.yaml b/.prettierrc.yaml
new file mode 100644
index 0000000000..49ac825443
--- /dev/null
+++ b/.prettierrc.yaml
@@ -0,0 +1,16 @@
+# This config file is used in conjunction with `.editorconfig` to specify
+# formatting for prettier-supported files. See `.editorconfig` and
+# `site/.editorconfig`for whitespace formatting options.
+printWidth: 80
+semi: false
+trailingComma: all
+overrides:
+ - files:
+ - README.md
+ options:
+ proseWrap: preserve
+ - files:
+ - "site/**/*.yaml"
+ - "site/**/*.yml"
+ options:
+ proseWrap: always
diff --git a/Makefile b/Makefile
index 69ad7e23dd..547787c1d5 100644
--- a/Makefile
+++ b/Makefile
@@ -369,9 +369,9 @@ fmt/prettier:
cd site
# Avoid writing files in CI to reduce file write activity
ifdef CI
- yarn run format:check . ../*.md ../docs
+ yarn run format:check
else
- yarn run format:write . ../*.md ../docs
+ yarn run format:write
endif
.PHONY: fmt/prettier
@@ -411,13 +411,31 @@ gen: \
provisionerd/proto/provisionerd.pb.go \
site/src/api/typesGenerated.ts \
docs/admin/prometheus.md \
- coderd/apidoc/swagger.json
+ coderd/apidoc/swagger.json \
+ .prettierignore.include \
+ .prettierignore \
+ site/.prettierrc.yaml \
+ site/.prettierignore \
+ site/.eslintignore
.PHONY: gen
# Mark all generated files as fresh so make thinks they're up-to-date. This is
# used during releases so we don't run generation scripts.
gen/mark-fresh:
- files="coderd/database/dump.sql coderd/database/querier.go provisionersdk/proto/provisioner.pb.go provisionerd/proto/provisionerd.pb.go site/src/api/typesGenerated.ts docs/admin/prometheus.md coderd/apidoc/swagger.json"
+ files="\
+ coderd/database/dump.sql \
+ coderd/database/querier.go \
+ provisionersdk/proto/provisioner.pb.go \
+ provisionerd/proto/provisionerd.pb.go \
+ site/src/api/typesGenerated.ts \
+ docs/admin/prometheus.md \
+ coderd/apidoc/swagger.json \
+ .prettierignore.include \
+ .prettierignore \
+ site/.prettierrc.yaml \
+ site/.prettierignore \
+ site/.eslintignore \
+ "
for file in $$files; do
echo "$$file"
if [ ! -f "$$file" ]; then
@@ -463,21 +481,80 @@ site/src/api/typesGenerated.ts: scripts/apitypings/main.go $(shell find ./coders
docs/admin/prometheus.md: scripts/metricsdocgen/main.go scripts/metricsdocgen/metrics
go run scripts/metricsdocgen/main.go
cd site
- yarn run format:write ../docs/admin/prometheus.md
+ yarn run format:write:only ../docs/admin/prometheus.md
coderd/apidoc/swagger.json: $(shell find ./scripts/apidocgen -not \( -path './scripts/apidocgen/node_modules' -prune \) -type f) $(wildcard coderd/*.go) $(wildcard codersdk/*.go)
./scripts/apidocgen/generate.sh
cd site
- yarn run format:write ../docs/api ../docs/manifest.json ../coderd/apidoc/swagger.json
+ yarn run format:write:only ../docs/api ../docs/manifest.json ../coderd/apidoc/swagger.json
update-golden-files: cli/testdata/.gen-golden
.PHONY: update-golden-files
cli/testdata/.gen-golden: $(wildcard cli/testdata/*.golden) $(GO_SRC_FILES)
-
go test ./cli -run=TestCommandHelp -update
touch "$@"
+# Generate a prettierrc for the site package that uses relative paths for
+# overrides. This allows us to share the same prettier config between the
+# site and the root of the repo.
+site/.prettierrc.yaml: .prettierrc.yaml
+ . ./scripts/lib.sh
+ dependencies yq
+
+ echo "# Code generated by Makefile (../$<). DO NOT EDIT." > "$@"
+ echo "" >> "$@"
+
+ # Replace all listed override files with relative paths inside site/.
+ # - ./ -> ../
+ # - ./site -> ./
+ yq \
+ '.overrides[].files |= map(. | sub("^./"; "") | sub("^"; "../") | sub("../site/"; "./"))' \
+ "$<" >> "$@"
+
+# Combine .gitignore with .prettierignore.include to generate .prettierignore.
+.prettierignore: .gitignore .prettierignore.include
+ echo "# Code generated by Makefile ($^). DO NOT EDIT." > "$@"
+ echo "" >> "$@"
+ for f in $^; do
+ echo "# $${f}:" >> "$@"
+ cat "$$f" >> "$@"
+ done
+
+# Generate ignore files based on gitignore into the site directory. We turn all
+# rules into relative paths for the `site/` directory (where applicable),
+# following the pattern format defined by git:
+# https://git-scm.com/docs/gitignore#_pattern_format
+#
+# This is done for compatibility reasons, see:
+# https://github.com/prettier/prettier/issues/8048
+# https://github.com/prettier/prettier/issues/8506
+# https://github.com/prettier/prettier/issues/8679
+site/.eslintignore site/.prettierignore: .prettierignore Makefile
+ rm -f "$@"
+ touch "$@"
+ # Skip generated by header, inherit `.prettierignore` header as-is.
+ while read -r rule; do
+ # Remove leading ! if present to simplify rule, added back at the end.
+ tmp="$${rule#!}"
+ ignore="$${rule%"$$tmp"}"
+ rule="$$tmp"
+ case "$$rule" in
+ # Comments or empty lines (include).
+ \#*|'') ;;
+ # Generic rules (include).
+ \*\**) ;;
+ # Site prefixed rules (include).
+ site/*) rule="$${rule#site/}";;
+ ./site/*) rule="$${rule#./site/}";;
+ # Rules that are non-generic and don't start with site (rewrite).
+ /*) rule=.."$$rule";;
+ */?*) rule=../"$$rule";;
+ *) ;;
+ esac
+ echo "$${ignore}$${rule}" >> "$@"
+ done < "$<"
+
test: test-clean
gotestsum --debug -- -v -short ./...
.PHONY: test
diff --git a/cli/config/server.yaml b/cli/config/server.yaml
index 8dcee73a0b..a15bedfdd8 100644
--- a/cli/config/server.yaml
+++ b/cli/config/server.yaml
@@ -9,7 +9,7 @@ gitauth:
# Multiple providers are an Enterprise feature.
# Contact sales@coder.com for a license.
-#
+#
# If multiple providers are used, a unique "id"
# must be provided for each one.
# - id: example
diff --git a/coderd/rbac/README.md b/coderd/rbac/README.md
index f2e1283206..9a6f1fb40f 100644
--- a/coderd/rbac/README.md
+++ b/coderd/rbac/README.md
@@ -5,7 +5,8 @@ Package `authz` implements AuthoriZation for Coder.
## Overview
Authorization defines what **permission** a **subject** has to perform **actions** to **objects**:
-- **Permission** is binary: *yes* (allowed) or *no* (denied).
+
+- **Permission** is binary: _yes_ (allowed) or _no_ (denied).
- **Subject** in this case is anything that implements interface `authz.Subject`.
- **Action** here is an enumerated list of actions, but we stick to `Create`, `Read`, `Update`, and `Delete` here.
- **Object** here is anything that implements `authz.Object`.
@@ -22,6 +23,7 @@ A **permission** is always applied at a given **level**:
**Permissions** at a higher **level** always override permissions at a **lower** level.
The effect of a **permission** can be:
+
- **positive** (allows)
- **negative** (denies)
- **abstain** (neither allows or denies, not applicable)
@@ -29,15 +31,14 @@ The effect of a **permission** can be:
**Negative** permissions **always** override **positive** permissions at the same level.
Both **negative** and **positive** permissions override **abstain** at the same level.
-This can be represented by the following truth table, where Y represents *positive*, N represents *negative*, and _ represents *abstain*:
+This can be represented by the following truth table, where Y represents _positive_, N represents _negative_, and \_ represents _abstain_:
| Action | Positive | Negative | Result |
-|--------|----------|----------|--------|
-| read | Y | _ | Y |
+| ------ | -------- | -------- | ------ |
+| read | Y | \_ | Y |
| read | Y | N | N |
-| read | _ | _ | _ |
-| read | _ | N | Y |
-
+| read | \_ | \_ | \_ |
+| read | \_ | N | Y |
## Permission Representation
@@ -56,18 +57,17 @@ This can be represented by the following truth table, where Y represents *positi
## Roles
-A *role* is a set of permissions. When evaluating a role's permission to form an action, all the relevant permissions for the role are combined at each level. Permissions at a higher level override permissions at a lower level.
+A _role_ is a set of permissions. When evaluating a role's permission to form an action, all the relevant permissions for the role are combined at each level. Permissions at a higher level override permissions at a lower level.
The following table shows the per-level role evaluation.
Y indicates that the role provides positive permissions, N indicates the role provides negative permissions, and _ indicates the role does not provide positive or negative permissions. YN_ indicates that the value in the cell does not matter for the access result.
-| Role (example) | Site | Org | User | Result |
-|-----------------|------|-----|------|--------|
-| site-admin | Y | YN_ | YN_ | Y |
-| no-permission | N | YN_ | YN_ | N |
-| org-admin | _ | Y | YN_ | Y |
-| non-org-member | _ | N | YN_ | N |
-| user | _ | _ | Y | Y |
-| | _ | _ | N | N |
-| unauthenticated | _ | _ | _ | N |
-
+| Role (example) | Site | Org | User | Result |
+| --------------- | ---- | ---- | ---- | ------ |
+| site-admin | Y | YN\_ | YN\_ | Y |
+| no-permission | N | YN\_ | YN\_ | N |
+| org-admin | \_ | Y | YN\_ | Y |
+| non-org-member | \_ | N | YN\_ | N |
+| user | \_ | \_ | Y | Y |
+| | \_ | \_ | N | N |
+| unauthenticated | \_ | \_ | \_ | N |
diff --git a/dogfood/Dockerfile b/dogfood/Dockerfile
index c96ee1fd2d..34c53d761b 100644
--- a/dogfood/Dockerfile
+++ b/dogfood/Dockerfile
@@ -13,8 +13,8 @@ RUN mkdir --parents /usr/local/go
# Boring Go is needed to build FIPS-compliant binaries.
RUN curl --silent --show-error --location \
- "https://go.dev/dl/go${GO_VERSION}.linux-amd64.tar.gz" \
- -o /usr/local/go.tar.gz
+ "https://go.dev/dl/go${GO_VERSION}.linux-amd64.tar.gz" \
+ -o /usr/local/go.tar.gz
RUN tar --extract --gzip --directory=/usr/local/go --file=/usr/local/go.tar.gz --strip-components=1
@@ -23,52 +23,56 @@ ENV PATH=$PATH:/usr/local/go/bin
# Install Go utilities.
ARG GOPATH="/tmp/"
RUN mkdir --parents "$GOPATH" && \
- # moq for Go tests.
- go install github.com/matryer/moq@v0.2.3 && \
- # swag for Swagger doc generation
- go install github.com/swaggo/swag/cmd/swag@v1.7.4 && \
- # go-swagger tool to generate the go coder api client
- go install github.com/go-swagger/go-swagger/cmd/swagger@v0.28.0 && \
- # goimports for updating imports
- go install golang.org/x/tools/cmd/goimports@v0.1.7 && \
- # protoc-gen-go is needed to build sysbox from source
- go install google.golang.org/protobuf/cmd/protoc-gen-go@v1.26 && \
- # drpc support for v2
- go install storj.io/drpc/cmd/protoc-gen-go-drpc@v0.0.26 && \
- # migrate for migration support for v2
- go install github.com/golang-migrate/migrate/v4/cmd/migrate@v4.15.1 && \
- # goreleaser for compiling v2 binaries
- go install github.com/goreleaser/goreleaser@v1.6.1 && \
- # Install the latest version of gopls for editors that support
- # the language server protocol
- go install golang.org/x/tools/gopls@latest && \
- # gotestsum makes test output more readable
- go install gotest.tools/gotestsum@v1.7.0 && \
- # goveralls collects code coverage metrics from tests
- # and sends to Coveralls
- go install github.com/mattn/goveralls@v0.0.11 && \
- # kind for running Kubernetes-in-Docker, needed for tests
- go install sigs.k8s.io/kind@v0.10.0 && \
- # helm-docs generates our Helm README based on a template and the
- # charts and values files
- go install github.com/norwoodj/helm-docs/cmd/helm-docs@v1.5.0 && \
- # sqlc for Go code generation
- go install github.com/kyleconroy/sqlc/cmd/sqlc@v1.10.0 && \
- # gcr-cleaner-cli used by CI to prune unused images
- go install github.com/sethvargo/gcr-cleaner/cmd/gcr-cleaner-cli@v0.5.1 && \
- # ruleguard for checking custom rules, without needing to run all of
- # golangci-lint. Check the go.mod in the release of golangci-lint that
- # we're using for the version of go-critic that it embeds, then check
- # the version of ruleguard in go-critic for that tag.
- go install github.com/quasilyte/go-ruleguard/cmd/ruleguard@v0.3.13 && \
- # go-fuzz for fuzzy testing. they don't publish releases so we rely on latest.
- go install github.com/dvyukov/go-fuzz/go-fuzz@latest && \
- go install github.com/dvyukov/go-fuzz/go-fuzz-build@latest && \
- # go-releaser for building 'fat binaries' that work cross-platform
- go install github.com/goreleaser/goreleaser@v1.6.1 && \
- go install mvdan.cc/sh/v3/cmd/shfmt@latest && \
- # nfpm is used with `make build` to make release packages
- go install github.com/goreleaser/nfpm/v2/cmd/nfpm@v2.16.0
+ # moq for Go tests.
+ go install github.com/matryer/moq@v0.2.3 && \
+ # swag for Swagger doc generation
+ go install github.com/swaggo/swag/cmd/swag@v1.7.4 && \
+ # go-swagger tool to generate the go coder api client
+ go install github.com/go-swagger/go-swagger/cmd/swagger@v0.28.0 && \
+ # goimports for updating imports
+ go install golang.org/x/tools/cmd/goimports@v0.1.7 && \
+ # protoc-gen-go is needed to build sysbox from source
+ go install google.golang.org/protobuf/cmd/protoc-gen-go@v1.26 && \
+ # drpc support for v2
+ go install storj.io/drpc/cmd/protoc-gen-go-drpc@v0.0.26 && \
+ # migrate for migration support for v2
+ go install github.com/golang-migrate/migrate/v4/cmd/migrate@v4.15.1 && \
+ # goreleaser for compiling v2 binaries
+ go install github.com/goreleaser/goreleaser@v1.6.1 && \
+ # Install the latest version of gopls for editors that support
+ # the language server protocol
+ go install golang.org/x/tools/gopls@latest && \
+ # gotestsum makes test output more readable
+ go install gotest.tools/gotestsum@v1.7.0 && \
+ # goveralls collects code coverage metrics from tests
+ # and sends to Coveralls
+ go install github.com/mattn/goveralls@v0.0.11 && \
+ # kind for running Kubernetes-in-Docker, needed for tests
+ go install sigs.k8s.io/kind@v0.10.0 && \
+ # helm-docs generates our Helm README based on a template and the
+ # charts and values files
+ go install github.com/norwoodj/helm-docs/cmd/helm-docs@v1.5.0 && \
+ # sqlc for Go code generation
+ go install github.com/kyleconroy/sqlc/cmd/sqlc@v1.10.0 && \
+ # gcr-cleaner-cli used by CI to prune unused images
+ go install github.com/sethvargo/gcr-cleaner/cmd/gcr-cleaner-cli@v0.5.1 && \
+ # ruleguard for checking custom rules, without needing to run all of
+ # golangci-lint. Check the go.mod in the release of golangci-lint that
+ # we're using for the version of go-critic that it embeds, then check
+ # the version of ruleguard in go-critic for that tag.
+ go install github.com/quasilyte/go-ruleguard/cmd/ruleguard@v0.3.13 && \
+ # go-fuzz for fuzzy testing. they don't publish releases so we rely on latest.
+ go install github.com/dvyukov/go-fuzz/go-fuzz@latest && \
+ go install github.com/dvyukov/go-fuzz/go-fuzz-build@latest && \
+ # go-releaser for building 'fat binaries' that work cross-platform
+ go install github.com/goreleaser/goreleaser@v1.6.1 && \
+ go install mvdan.cc/sh/v3/cmd/shfmt@latest && \
+ # nfpm is used with `make build` to make release packages
+ go install github.com/goreleaser/nfpm/v2/cmd/nfpm@v2.16.0 && \
+ # yq v4 is used to process yaml files in coder v2. Conflicts with
+ # yq v3 used in v1.
+ go install github.com/mikefarah/yq/v4@v4.30.6 && \
+ mv /tmp/bin/yq /tmp/bin/yq4
FROM alpine:3.16 as proto
WORKDIR /tmp
@@ -92,176 +96,176 @@ COPY files /
ARG DEBIAN_FRONTEND="noninteractive"
RUN apt-get update --quiet && apt-get install --yes \
- apt-transport-https \
- apt-utils \
- bash \
- bash-completion \
- bats \
- bind9-dnsutils \
- build-essential \
- ca-certificates \
- cmake \
- crypto-policies \
- curl \
- fd-find \
- file \
- git \
- gnupg \
- graphviz \
- htop \
- httpie \
- inetutils-tools \
- iproute2 \
- iputils-ping \
- iputils-tracepath \
- jq \
- language-pack-en \
- less \
- lsb-release \
- man \
- meld \
- net-tools \
- openjdk-11-jdk-headless \
- openssh-server \
- openssl \
- pkg-config \
- python3 \
- python3-pip \
- rsync \
- shellcheck \
- strace \
- sudo \
- tcptraceroute \
- termshark \
- traceroute \
- vim \
- wget \
- xauth \
- zip \
- ncdu \
- cargo \
- asciinema \
- zsh \
- ansible \
- neovim \
- google-cloud-sdk \
- google-cloud-sdk-datastore-emulator \
- kubectl \
- postgresql-13 \
- containerd.io \
- docker-ce \
- docker-ce-cli \
- packer \
- terraform \
- fish \
- unzip \
- zstd && \
- # Delete package cache to avoid consuming space in layer
- apt-get clean && \
- # Configure FIPS-compliant policies
- update-crypto-policies --set FIPS
+ apt-transport-https \
+ apt-utils \
+ bash \
+ bash-completion \
+ bats \
+ bind9-dnsutils \
+ build-essential \
+ ca-certificates \
+ cmake \
+ crypto-policies \
+ curl \
+ fd-find \
+ file \
+ git \
+ gnupg \
+ graphviz \
+ htop \
+ httpie \
+ inetutils-tools \
+ iproute2 \
+ iputils-ping \
+ iputils-tracepath \
+ jq \
+ language-pack-en \
+ less \
+ lsb-release \
+ man \
+ meld \
+ net-tools \
+ openjdk-11-jdk-headless \
+ openssh-server \
+ openssl \
+ pkg-config \
+ python3 \
+ python3-pip \
+ rsync \
+ shellcheck \
+ strace \
+ sudo \
+ tcptraceroute \
+ termshark \
+ traceroute \
+ vim \
+ wget \
+ xauth \
+ zip \
+ ncdu \
+ cargo \
+ asciinema \
+ zsh \
+ ansible \
+ neovim \
+ google-cloud-sdk \
+ google-cloud-sdk-datastore-emulator \
+ kubectl \
+ postgresql-13 \
+ containerd.io \
+ docker-ce \
+ docker-ce-cli \
+ packer \
+ terraform \
+ fish \
+ unzip \
+ zstd && \
+ # Delete package cache to avoid consuming space in layer
+ apt-get clean && \
+ # Configure FIPS-compliant policies
+ update-crypto-policies --set FIPS
# See https://github.com/cli/cli/issues/6175#issuecomment-1235984381 for proof
# the apt repository is unreliable
RUN curl -L https://github.com/cli/cli/releases/download/v2.14.7/gh_2.14.7_linux_amd64.deb -o gh.deb && \
- dpkg -i gh.deb
+ dpkg -i gh.deb
# Install Lazygit
# See https://github.com/jesseduffield/lazygit#ubuntu
RUN LAZYGIT_VERSION=$(curl -s "https://api.github.com/repos/jesseduffield/lazygit/releases/latest" | grep '"tag_name":' | sed -E 's/.*"v*([^"]+)".*/\1/') && \
- curl -Lo lazygit.tar.gz "https://github.com/jesseduffield/lazygit/releases/latest/download/lazygit_${LAZYGIT_VERSION}_Linux_x86_64.tar.gz" && \
- tar xf lazygit.tar.gz -C /usr/local/bin lazygit
+ curl -Lo lazygit.tar.gz "https://github.com/jesseduffield/lazygit/releases/latest/download/lazygit_${LAZYGIT_VERSION}_Linux_x86_64.tar.gz" && \
+ tar xf lazygit.tar.gz -C /usr/local/bin lazygit
# Install frontend utilities
RUN apt-get update && \
- # Node.js (from nodesource) and Yarn (from yarnpkg)
- apt-get install --yes --quiet \
- nodejs yarn \
- # Install browsers for e2e testing
- google-chrome-stable microsoft-edge-beta && \
- # Pre-install system dependencies that Playwright needs. npx doesn't work here
- # for some reason. See https://github.com/microsoft/playwright-cli/issues/136
- npm i -g playwright@1.19.1 && playwright install-deps
+ # Node.js (from nodesource) and Yarn (from yarnpkg)
+ apt-get install --yes --quiet \
+ nodejs yarn \
+ # Install browsers for e2e testing
+ google-chrome-stable microsoft-edge-beta && \
+ # Pre-install system dependencies that Playwright needs. npx doesn't work here
+ # for some reason. See https://github.com/microsoft/playwright-cli/issues/136
+ npm i -g playwright@1.19.1 && playwright install-deps
# Ensure PostgreSQL binaries are in the users $PATH.
RUN update-alternatives --install /usr/local/bin/initdb initdb /usr/lib/postgresql/13/bin/initdb 100 && \
- update-alternatives --install /usr/local/bin/postgres postgres /usr/lib/postgresql/13/bin/postgres 100
+ update-alternatives --install /usr/local/bin/postgres postgres /usr/lib/postgresql/13/bin/postgres 100
# Create links for injected dependencies
RUN ln --symbolic /var/tmp/coder/coder-cli/coder /usr/local/bin/coder && \
- ln --symbolic /var/tmp/coder/code-server/bin/code-server /usr/local/bin/code-server
+ ln --symbolic /var/tmp/coder/code-server/bin/code-server /usr/local/bin/code-server
# Disable the PostgreSQL systemd service.
# Coder uses a custom timescale container to test the database instead.
RUN systemctl disable \
- postgresql
+ postgresql
# Configure systemd services for CVMs
RUN systemctl enable \
- docker \
- ssh
+ docker \
+ ssh
# Install tools with published releases, where that is the
# preferred/recommended installation method.
ARG CLOUD_SQL_PROXY_VERSION=1.26.0 \
- DIVE_VERSION=0.10.0 \
- DOCKER_GCR_VERSION=2.1.0 \
- GOLANGCI_LINT_VERSION=1.48.0 \
- GRYPE_VERSION=0.24.0 \
- HELM_VERSION=3.8.0 \
- KUBE_LINTER_VERSION=0.2.5 \
- KUBECTX_VERSION=0.9.4 \
- STRIPE_VERSION=1.7.4 \
- TERRAGRUNT_VERSION=0.34.1 \
- TRIVY_VERSION=0.23.0
+ DIVE_VERSION=0.10.0 \
+ DOCKER_GCR_VERSION=2.1.0 \
+ GOLANGCI_LINT_VERSION=1.48.0 \
+ GRYPE_VERSION=0.24.0 \
+ HELM_VERSION=3.8.0 \
+ KUBE_LINTER_VERSION=0.2.5 \
+ KUBECTX_VERSION=0.9.4 \
+ STRIPE_VERSION=1.7.4 \
+ TERRAGRUNT_VERSION=0.34.1 \
+ TRIVY_VERSION=0.23.0
# cloud_sql_proxy, for connecting to cloudsql instances
# the upstream go.mod prevents this from being installed with go install
RUN curl --silent --show-error --location --output /usr/local/bin/cloud_sql_proxy "https://storage.googleapis.com/cloudsql-proxy/v${CLOUD_SQL_PROXY_VERSION}/cloud_sql_proxy.linux.amd64" && \
- chmod a=rx /usr/local/bin/cloud_sql_proxy && \
- # dive for scanning image layer utilization metrics in CI
- curl --silent --show-error --location "https://github.com/wagoodman/dive/releases/download/v${DIVE_VERSION}/dive_${DIVE_VERSION}_linux_amd64.tar.gz" | \
- tar --extract --gzip --directory=/usr/local/bin --file=- dive && \
- # docker-credential-gcr is a Docker credential helper for pushing/pulling
- # images from Google Container Registry and Artifact Registry
- curl --silent --show-error --location "https://github.com/GoogleCloudPlatform/docker-credential-gcr/releases/download/v${DOCKER_GCR_VERSION}/docker-credential-gcr_linux_amd64-${DOCKER_GCR_VERSION}.tar.gz" | \
- tar --extract --gzip --directory=/usr/local/bin --file=- docker-credential-gcr && \
- # golangci-lint performs static code analysis for our Go code
- curl --silent --show-error --location "https://github.com/golangci/golangci-lint/releases/download/v${GOLANGCI_LINT_VERSION}/golangci-lint-${GOLANGCI_LINT_VERSION}-linux-amd64.tar.gz" | \
- tar --extract --gzip --directory=/usr/local/bin --file=- --strip-components=1 "golangci-lint-${GOLANGCI_LINT_VERSION}-linux-amd64/golangci-lint" && \
- # Anchore Grype for scanning container images for security issues
- curl --silent --show-error --location "https://github.com/anchore/grype/releases/download/v${GRYPE_VERSION}/grype_${GRYPE_VERSION}_linux_amd64.tar.gz" | \
- tar --extract --gzip --directory=/usr/local/bin --file=- grype && \
- # Helm is necessary for deploying Coder
- curl --silent --show-error --location "https://get.helm.sh/helm-v${HELM_VERSION}-linux-amd64.tar.gz" | \
- tar --extract --gzip --directory=/usr/local/bin --file=- --strip-components=1 linux-amd64/helm && \
- # kube-linter for linting Kubernetes objects, including those
- # that Helm generates from our charts
- curl --silent --show-error --location "https://github.com/stackrox/kube-linter/releases/download/${KUBE_LINTER_VERSION}/kube-linter-linux.tar.gz" | \
- tar --extract --gzip --directory=/usr/local/bin --file=- kube-linter && \
- # kubens and kubectx for managing Kubernetes namespaces and contexts
- curl --silent --show-error --location "https://github.com/ahmetb/kubectx/releases/download/v${KUBECTX_VERSION}/kubectx_v${KUBECTX_VERSION}_linux_x86_64.tar.gz" | \
- tar --extract --gzip --directory=/usr/local/bin --file=- kubectx && \
- curl --silent --show-error --location "https://github.com/ahmetb/kubectx/releases/download/v${KUBECTX_VERSION}/kubens_v${KUBECTX_VERSION}_linux_x86_64.tar.gz" | \
- tar --extract --gzip --directory=/usr/local/bin --file=- kubens && \
- # stripe for coder.com billing API
- curl --silent --show-error --location "https://github.com/stripe/stripe-cli/releases/download/v${STRIPE_VERSION}/stripe_${STRIPE_VERSION}_linux_x86_64.tar.gz" | \
- tar --extract --gzip --directory=/usr/local/bin --file=- stripe && \
- # terragrunt for running Terraform and Terragrunt files
- curl --silent --show-error --location --output /usr/local/bin/terragrunt "https://github.com/gruntwork-io/terragrunt/releases/download/v${TERRAGRUNT_VERSION}/terragrunt_linux_amd64" && \
- chmod a=rx /usr/local/bin/terragrunt && \
- # AquaSec Trivy for scanning container images for security issues
- curl --silent --show-error --location "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" | \
- tar --extract --gzip --directory=/usr/local/bin --file=- trivy
+ chmod a=rx /usr/local/bin/cloud_sql_proxy && \
+ # dive for scanning image layer utilization metrics in CI
+ curl --silent --show-error --location "https://github.com/wagoodman/dive/releases/download/v${DIVE_VERSION}/dive_${DIVE_VERSION}_linux_amd64.tar.gz" | \
+ tar --extract --gzip --directory=/usr/local/bin --file=- dive && \
+ # docker-credential-gcr is a Docker credential helper for pushing/pulling
+ # images from Google Container Registry and Artifact Registry
+ curl --silent --show-error --location "https://github.com/GoogleCloudPlatform/docker-credential-gcr/releases/download/v${DOCKER_GCR_VERSION}/docker-credential-gcr_linux_amd64-${DOCKER_GCR_VERSION}.tar.gz" | \
+ tar --extract --gzip --directory=/usr/local/bin --file=- docker-credential-gcr && \
+ # golangci-lint performs static code analysis for our Go code
+ curl --silent --show-error --location "https://github.com/golangci/golangci-lint/releases/download/v${GOLANGCI_LINT_VERSION}/golangci-lint-${GOLANGCI_LINT_VERSION}-linux-amd64.tar.gz" | \
+ tar --extract --gzip --directory=/usr/local/bin --file=- --strip-components=1 "golangci-lint-${GOLANGCI_LINT_VERSION}-linux-amd64/golangci-lint" && \
+ # Anchore Grype for scanning container images for security issues
+ curl --silent --show-error --location "https://github.com/anchore/grype/releases/download/v${GRYPE_VERSION}/grype_${GRYPE_VERSION}_linux_amd64.tar.gz" | \
+ tar --extract --gzip --directory=/usr/local/bin --file=- grype && \
+ # Helm is necessary for deploying Coder
+ curl --silent --show-error --location "https://get.helm.sh/helm-v${HELM_VERSION}-linux-amd64.tar.gz" | \
+ tar --extract --gzip --directory=/usr/local/bin --file=- --strip-components=1 linux-amd64/helm && \
+ # kube-linter for linting Kubernetes objects, including those
+ # that Helm generates from our charts
+ curl --silent --show-error --location "https://github.com/stackrox/kube-linter/releases/download/${KUBE_LINTER_VERSION}/kube-linter-linux.tar.gz" | \
+ tar --extract --gzip --directory=/usr/local/bin --file=- kube-linter && \
+ # kubens and kubectx for managing Kubernetes namespaces and contexts
+ curl --silent --show-error --location "https://github.com/ahmetb/kubectx/releases/download/v${KUBECTX_VERSION}/kubectx_v${KUBECTX_VERSION}_linux_x86_64.tar.gz" | \
+ tar --extract --gzip --directory=/usr/local/bin --file=- kubectx && \
+ curl --silent --show-error --location "https://github.com/ahmetb/kubectx/releases/download/v${KUBECTX_VERSION}/kubens_v${KUBECTX_VERSION}_linux_x86_64.tar.gz" | \
+ tar --extract --gzip --directory=/usr/local/bin --file=- kubens && \
+ # stripe for coder.com billing API
+ curl --silent --show-error --location "https://github.com/stripe/stripe-cli/releases/download/v${STRIPE_VERSION}/stripe_${STRIPE_VERSION}_linux_x86_64.tar.gz" | \
+ tar --extract --gzip --directory=/usr/local/bin --file=- stripe && \
+ # terragrunt for running Terraform and Terragrunt files
+ curl --silent --show-error --location --output /usr/local/bin/terragrunt "https://github.com/gruntwork-io/terragrunt/releases/download/v${TERRAGRUNT_VERSION}/terragrunt_linux_amd64" && \
+ chmod a=rx /usr/local/bin/terragrunt && \
+ # AquaSec Trivy for scanning container images for security issues
+ curl --silent --show-error --location "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" | \
+ tar --extract --gzip --directory=/usr/local/bin --file=- trivy
# Add Vercel globally. We can't install it in packages.json, because it
# includes Go files which make golangci-lint unhappy.
RUN yarn global add --prefix=/usr/local \
- vercel \
- typescript \
- typescript-language-server \
- prettier && \
- yarn cache clean
+ vercel \
+ typescript \
+ typescript-language-server \
+ prettier && \
+ yarn cache clean
# We use yq during "make deploy" to manually substitute out fields in
# our helm values.yaml file. See https://github.com/helm/helm/issues/3141
@@ -273,13 +277,13 @@ RUN yarn global add --prefix=/usr/local \
# mv /usr/local/bin/yq_linux_amd64 /usr/local/bin/yq
RUN curl --silent --show-error --location --output /usr/local/bin/yq "https://github.com/mikefarah/yq/releases/download/3.3.0/yq_linux_amd64" && \
- chmod a=rx /usr/local/bin/yq
+ chmod a=rx /usr/local/bin/yq
# Install GoLand.
RUN mkdir --parents /usr/local/goland && \
- curl --silent --show-error --location "https://download.jetbrains.com/go/goland-2021.2.tar.gz" | \
- tar --extract --gzip --directory=/usr/local/goland --file=- --strip-components=1 && \
- ln --symbolic /usr/local/goland/bin/goland.sh /usr/local/bin/goland
+ curl --silent --show-error --location "https://download.jetbrains.com/go/goland-2021.2.tar.gz" | \
+ tar --extract --gzip --directory=/usr/local/goland --file=- --strip-components=1 && \
+ ln --symbolic /usr/local/goland/bin/goland.sh /usr/local/bin/goland
# Install Antlrv4, needed to generate paramlang lexer/parser
RUN curl --silent --show-error --location --output /usr/local/lib/antlr-4.9.2-complete.jar "https://www.antlr.org/download/antlr-4.9.2-complete.jar"
@@ -287,22 +291,22 @@ ENV CLASSPATH="/usr/local/lib/antlr-4.9.2-complete.jar:${PATH}"
# Add coder user and allow use of docker/sudo
RUN useradd coder \
- --create-home \
- --shell=/bin/bash \
- --groups=docker \
- --uid=1000 \
- --user-group
+ --create-home \
+ --shell=/bin/bash \
+ --groups=docker \
+ --uid=1000 \
+ --user-group
# Adjust OpenSSH config
RUN echo "PermitUserEnvironment yes" >>/etc/ssh/sshd_config && \
- echo "X11Forwarding yes" >>/etc/ssh/sshd_config && \
- echo "X11UseLocalhost no" >>/etc/ssh/sshd_config
+ echo "X11Forwarding yes" >>/etc/ssh/sshd_config && \
+ echo "X11UseLocalhost no" >>/etc/ssh/sshd_config
# We avoid copying the extracted directory since COPY slows to minutes when there
# are a lot of small files.
COPY --from=go /usr/local/go.tar.gz /usr/local/go.tar.gz
RUN mkdir /usr/local/go && \
- tar --extract --gzip --directory=/usr/local/go --file=/usr/local/go.tar.gz --strip-components=1
+ tar --extract --gzip --directory=/usr/local/go --file=/usr/local/go.tar.gz --strip-components=1
ENV PATH=$PATH:/usr/local/go/bin
diff --git a/dogfood/guide.md b/dogfood/guide.md
index 07c275e54d..621cb69d2a 100644
--- a/dogfood/guide.md
+++ b/dogfood/guide.md
@@ -51,11 +51,11 @@ The following explains how to do certain things related to dogfooding.
7. To create your own template, you can do: `./scripts/coder-dev.sh templates init` and choose your preferred option.
For example, choosing βDevelop in Dockerβ will create a new folder `docker` that contains the bare bones for starting a Docker workspace template.
Then, enter the folder that was just created and customize as you wish.
-
+
## Troubleshooting
diff --git a/examples/lima/README.md b/examples/lima/README.md
index 67fd5a51bd..ade54e52a7 100644
--- a/examples/lima/README.md
+++ b/examples/lima/README.md
@@ -17,6 +17,7 @@ This lets you quickly test out Coder in a self-contained environment.
- You can use the configuration as-is, or edit it to your liking.
This will:
+
- Start an Ubuntu 22.04 VM
- Install Docker and Terraform from the official repos
- Install Coder using the [installation script](https://coder.com/docs/coder-oss/latest/install#installsh)
diff --git a/examples/lima/coder.yaml b/examples/lima/coder.yaml
index 58e36dd054..eff8260ccb 100644
--- a/examples/lima/coder.yaml
+++ b/examples/lima/coder.yaml
@@ -7,19 +7,19 @@
# This example requires Lima v0.8.3 or later.
images:
-# Try to use release-yyyyMMdd image if available. Note that release-yyyyMMdd will be removed after several months.
-- location: "https://cloud-images.ubuntu.com/releases/22.04/release-20220420/ubuntu-22.04-server-cloudimg-amd64.img"
- arch: "x86_64"
- digest: "sha256:de5e632e17b8965f2baf4ea6d2b824788e154d9a65df4fd419ec4019898e15cd"
-- location: "https://cloud-images.ubuntu.com/releases/22.04/release-20220420/ubuntu-22.04-server-cloudimg-arm64.img"
- arch: "aarch64"
- digest: "sha256:66224c7fed99ff5a5539eda406c87bbfefe8af6ff6b47d92df3187832b5b5d4f"
-# Fallback to the latest release image.
-# Hint: run `limactl prune` to invalidate the cache
-- location: "https://cloud-images.ubuntu.com/releases/22.04/release/ubuntu-22.04-server-cloudimg-amd64.img"
- arch: "x86_64"
-- location: "https://cloud-images.ubuntu.com/releases/22.04/release/ubuntu-22.04-server-cloudimg-arm64.img"
- arch: "aarch64"
+ # Try to use release-yyyyMMdd image if available. Note that release-yyyyMMdd will be removed after several months.
+ - location: "https://cloud-images.ubuntu.com/releases/22.04/release-20220420/ubuntu-22.04-server-cloudimg-amd64.img"
+ arch: "x86_64"
+ digest: "sha256:de5e632e17b8965f2baf4ea6d2b824788e154d9a65df4fd419ec4019898e15cd"
+ - location: "https://cloud-images.ubuntu.com/releases/22.04/release-20220420/ubuntu-22.04-server-cloudimg-arm64.img"
+ arch: "aarch64"
+ digest: "sha256:66224c7fed99ff5a5539eda406c87bbfefe8af6ff6b47d92df3187832b5b5d4f"
+ # Fallback to the latest release image.
+ # Hint: run `limactl prune` to invalidate the cache
+ - location: "https://cloud-images.ubuntu.com/releases/22.04/release/ubuntu-22.04-server-cloudimg-amd64.img"
+ arch: "x86_64"
+ - location: "https://cloud-images.ubuntu.com/releases/22.04/release/ubuntu-22.04-server-cloudimg-arm64.img"
+ arch: "aarch64"
# Your home directory is mounted read-only
mounts:
@@ -33,101 +33,101 @@ hostResolver:
hosts:
host.docker.internal: host.lima.internal
provision:
-- mode: system
- # This script defines the host.docker.internal hostname when hostResolver is disabled.
- # It is also needed for lima 0.8.2 and earlier, which does not support hostResolver.hosts.
- # Names defined in /etc/hosts inside the VM are not resolved inside containers when
- # using the hostResolver; use hostResolver.hosts instead (requires lima 0.8.3 or later).
- script: |
- #!/bin/sh
- set -eux -o pipefail
- sed -i 's/host.lima.internal.*/host.lima.internal host.docker.internal/' /etc/hosts
-- mode: system
- script: |
- #!/bin/bash
- set -eux -o pipefail
- command -v docker >/dev/null 2>&1 && exit 0
- export DEBIAN_FRONTEND=noninteractive
- curl -fsSL https://get.docker.com | sh
- # Ensure we have a decent logging driver set up for Docker, for debugging.
- cat > /etc/docker/daemon.json << EOF
- {
- "log-driver": "journald"
- }
- EOF
- systemctl restart docker
- # In case a user forgets to set the arch correctly, just install binfmt
- docker run --privileged --rm tonistiigi/binfmt --install all
-- mode: system
- script: |
- #!/bin/bash
- set -eux -o pipefail
- command -v terraform >/dev/null 2>&1 && exit 0
- DEBIAN_FRONTEND=noninteractive apt-get install -qqy unzip
- rm -fv /tmp/terraform.zip || true
- wget -qO /tmp/terraform.zip "https://releases.hashicorp.com/terraform/1.3.0/terraform_1.3.0_linux_$(dpkg --print-architecture).zip"
- unzip /tmp/terraform.zip -d /usr/local/bin/
- chmod +x /usr/local/bin/terraform
- rm -fv /tmp/terraform.zip || true
-- mode: system
- script: |
- #!/bin/bash
- set -eux -o pipefail
- command -v coder >/dev/null 2>&1 && exit 0
- export DEBIAN_FRONTEND=noninteractive
- export HOME=/root
- curl -fsSL https://coder.com/install.sh | sh
- # Ensure Coder has permissions on /var/run/docker.socket
- usermod -aG docker coder
- # Ensure coder listens on all interfaces
- sed -i 's/CODER_ADDRESS=.*/CODER_ADDRESS=0.0.0.0:3000/' /etc/coder.d/coder.env
- # Ensure coder starts on boot
- systemctl enable coder
- systemctl start coder
- # Wait for Coder to have downloaded Terraform
- timeout 60s bash -c 'until /var/cache/coder/terraform version >/dev/null 2>&1; do sleep 1; done'
- # Coder restarts after downloading Terraform, wait for it to become available
- timeout 60s bash -c 'until nc -z localhost 3000 > /dev/null 2>&1; do sleep 1; done'
-- mode: user
- script: |
- #!/bin/bash
- set -eux -o pipefail
- # If we are already logged in, nothing to do
- coder templates list >/dev/null 2>&1 && exit 0
- # Set up initial user
- [ ! -e ~/.config/coderv2/session ] && coder login http://localhost:3000 --first-user-username admin --first-user-email admin@coder.com --first-user-password $(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c8 | tee ${HOME}/.config/coderv2/password)
- # Create an initial template
- temp_template_dir=$(mktemp -d)
- echo code-server | coder templates init "${temp_template_dir}"
- DOCKER_ARCH="amd64"
- if [ "$(arch)" = "aarch64" ]; then
- DOCKER_ARCH="arm64"
- fi
- DOCKER_HOST=$(docker context inspect --format '{{.Endpoints.docker.Host}}')
- printf 'docker_arch: "%s"\ndocker_host: "%s"\n' "${DOCKER_ARCH}" "${DOCKER_HOST}" | tee "${temp_template_dir}/params.yaml"
- coder templates create "docker-code-server-${DOCKER_ARCH}" --directory "${temp_template_dir}" --parameter-file "${temp_template_dir}/params.yaml" --yes
- rm -rfv "${temp_template_dir}"
+ - mode: system
+ # This script defines the host.docker.internal hostname when hostResolver is disabled.
+ # It is also needed for lima 0.8.2 and earlier, which does not support hostResolver.hosts.
+ # Names defined in /etc/hosts inside the VM are not resolved inside containers when
+ # using the hostResolver; use hostResolver.hosts instead (requires lima 0.8.3 or later).
+ script: |
+ #!/bin/sh
+ set -eux -o pipefail
+ sed -i 's/host.lima.internal.*/host.lima.internal host.docker.internal/' /etc/hosts
+ - mode: system
+ script: |
+ #!/bin/bash
+ set -eux -o pipefail
+ command -v docker >/dev/null 2>&1 && exit 0
+ export DEBIAN_FRONTEND=noninteractive
+ curl -fsSL https://get.docker.com | sh
+ # Ensure we have a decent logging driver set up for Docker, for debugging.
+ cat > /etc/docker/daemon.json << EOF
+ {
+ "log-driver": "journald"
+ }
+ EOF
+ systemctl restart docker
+ # In case a user forgets to set the arch correctly, just install binfmt
+ docker run --privileged --rm tonistiigi/binfmt --install all
+ - mode: system
+ script: |
+ #!/bin/bash
+ set -eux -o pipefail
+ command -v terraform >/dev/null 2>&1 && exit 0
+ DEBIAN_FRONTEND=noninteractive apt-get install -qqy unzip
+ rm -fv /tmp/terraform.zip || true
+ wget -qO /tmp/terraform.zip "https://releases.hashicorp.com/terraform/1.3.0/terraform_1.3.0_linux_$(dpkg --print-architecture).zip"
+ unzip /tmp/terraform.zip -d /usr/local/bin/
+ chmod +x /usr/local/bin/terraform
+ rm -fv /tmp/terraform.zip || true
+ - mode: system
+ script: |
+ #!/bin/bash
+ set -eux -o pipefail
+ command -v coder >/dev/null 2>&1 && exit 0
+ export DEBIAN_FRONTEND=noninteractive
+ export HOME=/root
+ curl -fsSL https://coder.com/install.sh | sh
+ # Ensure Coder has permissions on /var/run/docker.socket
+ usermod -aG docker coder
+ # Ensure coder listens on all interfaces
+ sed -i 's/CODER_ADDRESS=.*/CODER_ADDRESS=0.0.0.0:3000/' /etc/coder.d/coder.env
+ # Ensure coder starts on boot
+ systemctl enable coder
+ systemctl start coder
+ # Wait for Coder to have downloaded Terraform
+ timeout 60s bash -c 'until /var/cache/coder/terraform version >/dev/null 2>&1; do sleep 1; done'
+ # Coder restarts after downloading Terraform, wait for it to become available
+ timeout 60s bash -c 'until nc -z localhost 3000 > /dev/null 2>&1; do sleep 1; done'
+ - mode: user
+ script: |
+ #!/bin/bash
+ set -eux -o pipefail
+ # If we are already logged in, nothing to do
+ coder templates list >/dev/null 2>&1 && exit 0
+ # Set up initial user
+ [ ! -e ~/.config/coderv2/session ] && coder login http://localhost:3000 --first-user-username admin --first-user-email admin@coder.com --first-user-password $(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c8 | tee ${HOME}/.config/coderv2/password)
+ # Create an initial template
+ temp_template_dir=$(mktemp -d)
+ echo code-server | coder templates init "${temp_template_dir}"
+ DOCKER_ARCH="amd64"
+ if [ "$(arch)" = "aarch64" ]; then
+ DOCKER_ARCH="arm64"
+ fi
+ DOCKER_HOST=$(docker context inspect --format '{{.Endpoints.docker.Host}}')
+ printf 'docker_arch: "%s"\ndocker_host: "%s"\n' "${DOCKER_ARCH}" "${DOCKER_HOST}" | tee "${temp_template_dir}/params.yaml"
+ coder templates create "docker-code-server-${DOCKER_ARCH}" --directory "${temp_template_dir}" --parameter-file "${temp_template_dir}/params.yaml" --yes
+ rm -rfv "${temp_template_dir}"
probes:
-- description: "docker to be installed"
- script: |
- #!/bin/bash
- set -eux -o pipefail
- if ! timeout 30s bash -c "until command -v docker >/dev/null 2>&1; do sleep 3; done"; then
- echo >&2 "docker is not installed yet"
- exit 1
- fi
- hint: |
- See "/var/log/cloud-init-output.log" in the guest.
-- description: "coder to be installed"
- script: |
- #!/bin/bash
- set -eux -o pipefail
- if ! timeout 30s bash -c "until command -v coder >/dev/null 2>&1; do sleep 3; done"; then
- echo >&2 "coder is not installed yet"
- exit 1
- fi
- hint: |
- See "/var/log/cloud-init-output.log" in the guest.
+ - description: "docker to be installed"
+ script: |
+ #!/bin/bash
+ set -eux -o pipefail
+ if ! timeout 30s bash -c "until command -v docker >/dev/null 2>&1; do sleep 3; done"; then
+ echo >&2 "docker is not installed yet"
+ exit 1
+ fi
+ hint: |
+ See "/var/log/cloud-init-output.log" in the guest.
+ - description: "coder to be installed"
+ script: |
+ #!/bin/bash
+ set -eux -o pipefail
+ if ! timeout 30s bash -c "until command -v coder >/dev/null 2>&1; do sleep 3; done"; then
+ echo >&2 "coder is not installed yet"
+ exit 1
+ fi
+ hint: |
+ See "/var/log/cloud-init-output.log" in the guest.
message: |
All Done! Your Coder instance is accessible at http://localhost:3000
@@ -139,4 +139,3 @@ message: |
limactl shell coder
cd && coder templates init
------
-
diff --git a/examples/templates/community-templates.md b/examples/templates/community-templates.md
index 2256be2d67..9cca79b37e 100644
--- a/examples/templates/community-templates.md
+++ b/examples/templates/community-templates.md
@@ -5,7 +5,7 @@ This is a list of templates and actions created by the community.
See [Getting Started](./README.md#getting-started) for how to use these templates.
> If you have created a template, see one that's missing or one that's no longer
-maintained, please submit a pull request to improve this list. Thank you!
+> maintained, please submit a pull request to improve this list. Thank you!
## Templates
diff --git a/flake.nix b/flake.nix
index 39ab42744a..881ee583c0 100644
--- a/flake.nix
+++ b/flake.nix
@@ -47,6 +47,7 @@
terraform
typos
yarn
+ yq
zip
zstd
];
diff --git a/helm/values.yaml b/helm/values.yaml
index eb67fe1d95..4e869d7eb8 100644
--- a/helm/values.yaml
+++ b/helm/values.yaml
@@ -65,7 +65,8 @@ coder:
# coder.resources -- The resources to request for Coder. These are optional
# and are not set by default.
- resources: {}
+ resources:
+ {}
# limits:
# cpu: 100m
# memory: 128Mi
@@ -81,7 +82,8 @@ coder:
#
# The given key in each secret is mounted at
# `/etc/ssl/certs/{secret_name}.crt`.
- secrets: []
+ secrets:
+ []
# - name: "my-ca-bundle"
# key: "ca-bundle.crt"
@@ -103,7 +105,8 @@ coder:
# coder.tolerations -- Tolerations for tainted nodes.
# See: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
- tolerations: {}
+ tolerations:
+ {}
# - key: "key"
# operator: "Equal"
# value: "value"
diff --git a/scripts/apidocgen/markdown-template/README.md b/scripts/apidocgen/markdown-template/README.md
deleted file mode 100644
index 4ce7c52801..0000000000
--- a/scripts/apidocgen/markdown-template/README.md
+++ /dev/null
@@ -1,64 +0,0 @@
-## Swagger / OpenAPI 2 and OpenAPI 3 template parameters
-
-Note that properties of OpenAPI objects will be in OpenAPI 3.0 form, as
-Swagger / OpenAPI 2.0 definitions are converted automatically.
-
-### Code templates
-
-* `method` - the HTTP method of the operation (in lower-case)
-* `methodUpper` - the HTTP method of the operation (in upper-case)
-* `url` - the full URL of the operation (including protocol and host)
-* `consumes[]` - an array of MIME-types the operation consumes
-* `produces[]` - an array of MIME-types the operation produces
-* `operation` - the current operation object
-* `operationId` - the current operation id
-* `opName` - the operationId if set, otherwise the method + path
-* `tags[]` - the full list of tags applying to the operation
-* `security` - the security definitions applying to the operation
-* `resource` - the current tag/path object
-* `parameters[]` - an array of parameters for the operation (see below)
-* `queryString` - an example queryString, urlEncoded
-* `requiredQueryString` - an example queryString for `required:true` parameters
-* `queryParameters[]` - a subset of `parameters` that are `in:query`
-* `requiredParameters[]` - a subset of `queryParameters` that are `required:true`
-* `headerParameters[]` - a subset of `parameters` that are `in:header`
-* `allHeaders[]` - a concatenation of `headerParameters` and pseudo-parameters `Accept` and `Content-Type`, and optionally `Authorization` (the latter has an `isAuth` boolean property set true so it can be omitted in templates if desired
-
-### Parameter template
-
-* `parameters[]` - an array of [parameters](https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.0.md#parameterObject), including the following pseudo-properties
- * `shortDesc` - a truncated version of the parameter description
- * `safeType` - a computed version of the parameter type, including Body and schema names
- * `originalType` - the original type of the parameter
- * `exampleValues` - an object containing examples for use in code-templates
- * `json` - example values in JSON compatible syntax
- * `object` - example values in raw object form (unquoted strings etc)
- * `depth` - a zero-based indicator of the depth of expanded request body parameters
-* `enums[]` - an array of (parameter)name/value pairs
-
-### Responses template
-
-* `responses[]` - an array of [responses](https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.0.md#responseObject), including `status` and `meaning` properties
-
-### Authentication template
-
-* `authenticationStr` - a simple string of methods (and scopes where appropriate)
-* `securityDefinitions[]` - an array of applicable [securityDefinitions](https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.0.md#securityRequirementObject)
-
-### Schema Property template
-
-* `schemaProperties[]` - an array of
- * `name`
- * `type`
- * `required`
- * `description`
-* `enums[]` - an array of (schema property)name/value pairs
-
-### Common to all templates
-
-* `openapi` - the top-level OpenAPI / Swagger document
-* `header` - the front-matter of the Slate/Shins markdown document
-* `host` - the (computed) host of the API
-* `protocol` - the default/first protocol of the API
-* `baseUrl` - the (computed) baseUrl of the API (including protocol and host)
-* `widdershins` - the contents of widdershins `package.json`
diff --git a/scripts/apitypings/README.md b/scripts/apitypings/README.md
index 079bf8c2c6..6fe9c06f35 100644
--- a/scripts/apitypings/README.md
+++ b/scripts/apitypings/README.md
@@ -13,7 +13,6 @@ This main.go generates typescript types from the codersdk types in Go.
- [ ] External Types (uses `any` atm)
- Some custom external types are hardcoded in (eg: time.Time)
-
## Type overrides
```golang
diff --git a/scripts/lib.sh b/scripts/lib.sh
index 4e7e705342..04f55bff4e 100644
--- a/scripts/lib.sh
+++ b/scripts/lib.sh
@@ -75,10 +75,22 @@ execrelative() {
return $rc
}
+dependency_check() {
+ local dep=$1
+
+ # Special case for yq that can be yq or yq4.
+ if [[ $dep == yq ]]; then
+ [[ -n "${CODER_LIBSH_YQ:-}" ]]
+ return
+ fi
+
+ command -v "$dep" >/dev/null
+}
+
dependencies() {
local fail=0
for dep in "$@"; do
- if ! command -v "$dep" >/dev/null; then
+ if ! dependency_check "$dep"; then
log "ERROR: The '$dep' dependency is required, but is not available."
fail=1
fi
@@ -200,9 +212,25 @@ if [[ "${CODER_LIBSH_NO_CHECK_DEPENDENCIES:-}" != *t* ]]; then
log
fi
+ # Allow for yq to be installed as yq4.
+ if command -v yq4 >/dev/null; then
+ export CODER_LIBSH_YQ=yq4
+ elif command -v yq >/dev/null; then
+ if [[ $(yq --version) == *" v4."* ]]; then
+ export CODER_LIBSH_YQ=yq
+ fi
+ fi
+
if [[ "$libsh_bad_dependencies" == 1 ]]; then
error "Invalid dependencies, see above for more details."
fi
export CODER_LIBSH_NO_CHECK_DEPENDENCIES=true
fi
+
+# Alias yq to the version we want by shadowing with a function.
+if [[ -n ${CODER_LIBSH_YQ:-} ]]; then
+ yq() {
+ command $CODER_LIBSH_YQ "$@"
+ }
+fi
diff --git a/scripts/nfpm.yaml b/scripts/nfpm.yaml
index dc11e0aa3c..528dc817c3 100644
--- a/scripts/nfpm.yaml
+++ b/scripts/nfpm.yaml
@@ -11,7 +11,6 @@ maintainer: Coder
description: |
Provision development environments with infrastructure with code
license: AGPL-3.0
-
suggests:
- postgresql
diff --git a/site/.eslintignore b/site/.eslintignore
index 0b32569c3e..f76cd1a6d1 100644
--- a/site/.eslintignore
+++ b/site/.eslintignore
@@ -1,16 +1,60 @@
-###############################################################################
-# COPY PASTA OF .gitignore
-###############################################################################
+# Code generated by Makefile (.gitignore .prettierignore.include). DO NOT EDIT.
-.idea
+# .gitignore:
+# Common ignore patterns, these rules applies in both root and subdirectories.
+.DS_Store
+.eslintcache
.gitpod.yml
-node_modules
-vendor
-out
-coverage
-.next
-storybook-static
-test-results
-**/*.typegen.ts
+.idea
**/*.swp
-.coderv2/*
+gotests.coverage
+gotests.xml
+gotestsum.json
+node_modules/
+vendor/
+yarn-error.log
+
+# VSCode settings.
+**/.vscode/*
+# Allow VSCode recommendations and default settings in project root.
+!../.vscode/extensions.json
+!../.vscode/settings.json
+
+# Front-end ignore patterns.
+.next/
+**/*.typegen.ts
+build-storybook.log
+coverage/
+storybook-static/
+test-results/
+
+# Make target for updating golden files.
+../cli/testdata/.gen-golden
+
+# Build
+../build/
+../dist/
+out/
+
+*.tfstate
+*.tfstate.backup
+*.tfplan
+*.lock.hcl
+.terraform/
+
+../.coderv2/*
+**/__debug_bin
+
+# direnv
+.envrc
+# .prettierignore.include:
+# Helm templates contain variables that are invalid YAML and can't be formatted
+# by Prettier.
+../helm/templates/*.yaml
+
+# Terraform state files used in tests, these are automatically generated.
+# Example: provisioner/terraform/testdata/instance-id/instance-id.tfstate.json
+**/testdata/**/*.tf*.json
+
+# Testdata shouldn't be formatted.
+../scripts/apitypings/testdata/**/*.ts
diff --git a/site/.prettierignore b/site/.prettierignore
index 0becaea755..f76cd1a6d1 100644
--- a/site/.prettierignore
+++ b/site/.prettierignore
@@ -1,24 +1,60 @@
-###############################################################################
-# COPY PASTA OF .gitignore
-# https://github.com/prettier/prettier/issues/8048
-# https://github.com/prettier/prettier/issues/8506
-# https://github.com/prettier/prettier/issues/8679
-###############################################################################
+# Code generated by Makefile (.gitignore .prettierignore.include). DO NOT EDIT.
-node_modules
-vendor
+# .gitignore:
+# Common ignore patterns, these rules applies in both root and subdirectories.
+.DS_Store
.eslintcache
-yarn-error.log
-.idea
.gitpod.yml
+.idea
+**/*.swp
+gotests.coverage
+gotests.xml
+gotestsum.json
+node_modules/
+vendor/
+yarn-error.log
-# Front-end ignore
+# VSCode settings.
+**/.vscode/*
+# Allow VSCode recommendations and default settings in project root.
+!../.vscode/extensions.json
+!../.vscode/settings.json
+
+# Front-end ignore patterns.
.next/
+**/*.typegen.ts
+build-storybook.log
coverage/
-out/
storybook-static/
test-results/
-**/*.swp
-.coderv2/*
+# Make target for updating golden files.
+../cli/testdata/.gen-golden
+# Build
+../build/
+../dist/
+out/
+
+*.tfstate
+*.tfstate.backup
+*.tfplan
+*.lock.hcl
+.terraform/
+
+../.coderv2/*
+**/__debug_bin
+
+# direnv
+.envrc
+# .prettierignore.include:
+# Helm templates contain variables that are invalid YAML and can't be formatted
+# by Prettier.
+../helm/templates/*.yaml
+
+# Terraform state files used in tests, these are automatically generated.
+# Example: provisioner/terraform/testdata/instance-id/instance-id.tfstate.json
+**/testdata/**/*.tf*.json
+
+# Testdata shouldn't be formatted.
+../scripts/apitypings/testdata/**/*.ts
diff --git a/site/.prettierrc b/site/.prettierrc
deleted file mode 100644
index 974bed4da6..0000000000
--- a/site/.prettierrc
+++ /dev/null
@@ -1,13 +0,0 @@
-{
- "printWidth": 80,
- "semi": false,
- "trailingComma": "all",
- "overrides": [
- {
- "files": ["./README.md", "**/*.yaml"],
- "options": {
- "proseWrap": "always"
- }
- }
- ]
-}
diff --git a/site/.prettierrc.yaml b/site/.prettierrc.yaml
new file mode 100644
index 0000000000..153ca52e2f
--- /dev/null
+++ b/site/.prettierrc.yaml
@@ -0,0 +1,18 @@
+# Code generated by Makefile (../.prettierrc.yaml). DO NOT EDIT.
+
+# This config file is used in conjunction with `.editorconfig` to specify
+# formatting for prettier-supported files. See `.editorconfig` and
+# `site/.editorconfig`for whitespace formatting options.
+printWidth: 80
+semi: false
+trailingComma: all
+overrides:
+ - files:
+ - ../README.md
+ options:
+ proseWrap: preserve
+ - files:
+ - ./**/*.yaml
+ - ./**/*.yml
+ options:
+ proseWrap: always
diff --git a/site/package.json b/site/package.json
index 57f1487b36..a222cbfd98 100644
--- a/site/package.json
+++ b/site/package.json
@@ -9,9 +9,10 @@
"check:all": "yarn format:check && yarn lint && yarn test",
"chromatic": "chromatic",
"dev": "vite",
- "format:check": "prettier --cache --check '**/*.{css,html,js,json,jsx,md,ts,tsx,yaml,yml}'",
+ "format:check": "prettier --cache --check '../**/*.{css,html,js,json,jsx,md,ts,tsx,yaml,yml}'",
"format:types": "prettier --write 'src/api/typesGenerated.ts'",
- "format:write": "prettier --write '**/*.{css,html,js,json,jsx,md,ts,tsx,yaml,yml}'",
+ "format:write": "prettier --write '../**/*.{css,html,js,json,jsx,md,ts,tsx,yaml,yml}'",
+ "format:write:only": "prettier --write",
"lint": "jest --selectProjects lint",
"lint:fix": "FIX=true yarn lint",
"playwright:install": "playwright install",