Commit Graph

140 Commits

Author SHA1 Message Date
Joe Previte
60dd8ab374
chore: configure git globally for brew publish (#5173) 2022-05-06 22:31:03 +00:00
Asher
6cf607eab9
fix: Docker push (#5175)
The action actually does not support wildcards but it does support * for
downloading all artifacts.
2022-05-06 16:57:22 -05:00
Joe Previte
7027ec7d60
chore: upgrade Code to 1.66 (#5135)
* chore: upgrade Code to 1.66

* docs: update docs for Code upgrades

* fixup!: docs

* chore: update vscode submodule

* chore: update integration patch

* chore: update node-version patch

* chore: update github-auth patch

They completely changed how auth is handled for GitHub in
https://github.com/microsoft/vscode/pull/145424 so our patch may not
work. Will need to test and revisit.

* refactor: remove postinstall patch

It appears they renamed postinstall.js to postinstall.mjs and removed
the use of `rimraf` which means our patch is no longer needed! 🎉

b0e8554cce

* chore: refresh local-storage patch

* chore: refresh service-worker patch

* chore: bulk refresh patches

* fixup!: docs formatting

* refactor: remove unused last-opened patch

* fixup!: formatting docs

* fixup!: formatting docs

* refactor: remove rsync postinstall

* Revert "refactor: remove rsync postinstall"

This reverts commit 8d6b613e9d779ba18d0297710614516cde108bcf.

* refactor: update postinstall.js to .mjs

* feat(patches): add parent-origin bypass

* docs(patches): add notes for testing store-socket

* docs(patches): update testing info for node-version

* refactor(patches): delete github-auth.diff patch

* docs(patches): add notes for testing connection-type

* fixup!: delete github-auth patch

* fixup!: update connection type testing

* docs(patches): add notes to insecure-notification.diff

* docs(patches): add nots for update-check.diff

* fixup!: remove comma in integration patch

* fix(e2e): disable workspace trust

* refactor: add --no-default-rc for yarn install

* feat(patches): remove yarnrc in presinstall

* fixup!: silly mistake

* docs: add note about KEEP_MODULES=1

* docs(patches): add testing notes for node-version

* refactor(patches): remove node-version

It appears this is no longer needed due to the `remote/package.json` now which
targets node rather than electron.

* fixup!: add cd ../.. to code upgrade instructions

* fixup!: add note to yarn --production flag

* fixup!: make parent-origin easier to upstream

* Revert "refactor(patches): delete github-auth.diff patch"

This reverts commit 31a354a34345309fadc475491b392d7601e51a32.

* Revert "fixup!: delete github-auth patch"

This reverts commit bdeb5212e8c7be6cadd109941b486a4bcdae69fa.

* Merge webview origin patch into webview patch

* Remove unused post-install patch

* Prevent builtin extensions from updating

* Refresh sourcemaps patch

* Update Node to v16

This matches the version in ./lib/vscode/remote/.yarnrc.

I changed the engine to exactly 16 since if you use any different
version it will just not work since the modules will have been built for
16 (due to the .yarnrc).

* Replace fs.rmdir with fs.rm

Node is showing a deprecation warning about it.

* Update github-auth patch

The local credentials provider is no longer used when there is a remote
so this code moved into the backend web credential provider.

* Prevent fs.rm from erroring about non-existent files

We were using fs.rmdir which presumably did not have the same behavior
in v14 (in v16 fs.rmdir also errors).

* Install Python 3 in CentOS CI container

Co-authored-by: Asher <ash@coder.com>
2022-05-04 21:58:49 +00:00
renovate[bot]
fc75db6edc
chore(deps): update azure/setup-helm action to v2 (#5088)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: Joe Previte <jjprevite@gmail.com>
2022-04-26 21:48:39 +00:00
renovate[bot]
ed7bd2e65b
chore(deps): update github/codeql-action action to v2 (#5129)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-04-25 15:39:32 -07:00
renovate[bot]
7780a13cce
chore(deps): update aquasecurity/trivy-action digest to 2b30463 (#5098)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-04-19 11:37:47 -07:00
Joe Previte
dea6a40ea8
chore: attempt to fix docker (#5106)
* chore: attempt to fix docker

* Update .github/workflows/docker.yaml

Co-authored-by: Asher <ash@coder.com>

* chore: add publish:docker to scripts

Co-authored-by: Asher <ash@coder.com>
2022-04-15 00:02:03 +00:00
renovate[bot]
c05b727c61
chore(deps): update minor dependency updates (#5060)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: Joe Previte <jjprevite@gmail.com>
2022-04-12 16:39:58 -07:00
neilnaveen
f4569f0b48
Set permissions for GitHub actions (#5090)
- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)

 Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.

Signed-off-by: neilnaveen <42328488+neilnaveen@users.noreply.github.com>

Co-authored-by: Joe Previte <jjprevite@gmail.com>
2022-04-12 18:59:11 +00:00
Joe Previte
7f884203f0
chore(ci): disable docs-preview on forks (#5046) 2022-03-30 13:45:35 -07:00
Joe Previte
5341294d2d
fix(workflows): docs-preview and npm job (#5042)
* fix(ci): add GITHUB_TOKEN to docs-preview workflow

* feat(ci): comment npm dev build instructions on PR
2022-03-30 10:47:46 -07:00
Joe Previte
8316a27da4
refactor(brew-bump): fix homebrew bump script (#5025)
* fix: source lib.sh in docker-buildx-push for tagging version

* chore: use ubuntu and update git config homebrew job

* refactor: simplify brew-bump.sh script

* Revert "fix: source lib.sh in docker-buildx-push for tagging version"

This reverts commit 2f7a3610cb1efa6bca7794d8b265001ea347cccb.
2022-03-29 16:58:34 -07:00
Joe Previte
ba1ddbd181
fix: use -r with jq and add workflow for artifacts (#5016) 2022-03-22 16:45:59 -07:00
Asher
a1af9e2a56
chore: move to patches (#4997)
* Move integration types into code-server

This will be easier to maintain than to have it as a patch.

* Disable connection token

Using a flag means we will not need to patch it out.  I think this is
new from 1.64?

* Add product.json to build process

This way we do not have to patch it.

* Ship with remote agent package.json

Instead of the root one.  This contains fewer dependencies.

* Let Code handle errors

This way we will not have to patch Code to make this work and I think it
makes sense to let Code handle the request.

If we do want to handle errors we can do it cleanly by patching their
error handler to throw instead.

* Move manifest override into code-server

This way we will not have to patch it.

* Move to patches

- Switch submodule to track upstream
- Add quilt to the process
- Add patches

The node-* ignore was ignoring one of the diffs so I removed it.  This
was added when we were curling Node as node-v{version}-darwin-x64 for
the macOS build but this no longer happens (we use the Node action to
install a specific version now so we just use the system-wide Node).

* Use pre-packaged Code
2022-03-22 15:07:14 -05:00
Joe Previte
be727871f6
refactor: checkout homebrew-core in action instead of script (#4996)
* refactor: checkout homebrew-core in action instead of script

This moves the git clone step from the `brew-bump.sh` script into the
`npm-brew.yaml` as part of the job using actions/checkout instead.

* refactor: clean up brew-bump.sh script

* fixup

* fixup!: remove step to clean up homebrew repo

* fixup!: use correct ./ci path steps-lib.sh

* fixup!: add exit code 0 for duplicate PRs
2022-03-21 16:57:36 -07:00
renovate[bot]
815c4cf1f0
chore(deps): update actions/cache action to v3 (#5003)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-03-21 14:31:02 -07:00
Joe Previte
5afb26fb60
fix(ci): correctly download npm/docker artifacts (#4995)
* fix(ci): correctly download npm artifact

* fixup! fix(ci): correctly download npm artifact

* docs: update MAINTAINING

* fixup! docs: update MAINTAINING

* fixup! Merge branch 'main' into 4949-chore-fix-npm-workflow

* chore: get ci to run

* refactor: use vVERSION branch name instead of release

* refactor: use new download artifact in docker workflow

* refactor: clean up release-github-assets script

* fixup: remove extra v

* fixup! fixup: remove extra v
2022-03-17 11:52:39 -07:00
Asher
21c74802e8
chore: move Code to a submodule (#4990)
* Move Code to a submodule

Closes #4901.

* Base Code cache on hash and re-enable node_modules cache

The current setup appears to only rebuild VS Code if the dependencies
change but we need to rebuild it if anything changes.

I also re-enabled the commented out node_modules caches.  They look like
they should work to me with the submodule method.  I think the problem
occurred because Code itself was being installed in the yarn step.
2022-03-14 21:37:29 -05:00
Bruno Quaresma
52eaea9f7a
docs: update docs preview (#4968)
* docs: update docs preview

* Fix Ubuntu  deps

* Fix formatting
2022-03-10 13:44:27 -07:00
Joe Previte
03e0bdac03
chore: update vscode to 1.64 (#4902)
* chore: update vscode server files

* chore: update code to 1.64

* refactor: clean up code in constants.ts

* chore: keep package.json vscode cache

* fixup!: formatting

* feat(ci): add VSCODE_CACHE_VERSION

* fix(ci): add package.json for e2e tests

* fix: TS errors

* refactor: remove isConnected e2e tests
2022-03-09 14:28:52 -07:00
Joe Previte
3b93a86f25
chore: add permissions trivy-docker (#4957)
* chore: add permissions trivy-docker

* Update .github/workflows/trivy-docker.yaml
2022-03-08 13:19:57 -07:00
Joe Previte
3c6f85c282
fix: re-enable trivvy docker scan (#4943)
* fix: re-enable trivvy docker scan

* wip

* fixup

* fixup

* fixup
2022-03-04 15:59:29 -07:00
renovate[bot]
f0faa22ee9
chore(deps): update actions/upload-artifact action to v3 (#4944)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-03-04 09:25:12 -07:00
renovate[bot]
b0181120d4
chore(deps): update actions/download-artifact action to v3 (#4937)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-03-02 14:31:21 -07:00
renovate[bot]
3f3a489f33
chore(deps): update actions/checkout action to v3 (#4931)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: Jonathan Yu <jonathan@coder.com>
2022-03-01 16:31:32 -07:00
Jonathan Yu
83269ba658
chore: limit concurrency for build jobs (#4929)
* Configure build jobs to cancel previous builds when new changes
  are pushed to a pull request branch, and serialize builds when
  running in a branch from a push event
* Reduce privileges of GitHub token for scripts workflow
2022-03-01 15:03:39 -08:00
renovate[bot]
a989e0c387
chore(deps): update aquasecurity/trivy-action commit hash to 2962126 (#4907)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-02-25 13:53:58 -07:00
renovate[bot]
769aceacc3
chore(deps): update actions/setup-node action to v3 (#4908)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-02-25 09:09:09 -07:00
Joe Previte
23734d356a
fix: skip docs/npm workflows on forks (#4875)
Co-authored-by: Asher <ash@coder.com>
2022-02-22 10:13:20 -07:00
Jonathan Yu
8135d2ecc3
chore: update Docker image publish workflow (#4847)
* Use official action to log in to Docker Hub
* Run using pinned ubuntu-20.04 environment
2022-02-10 17:40:41 -08:00
Joe Previte
fd643dcbc3
refactor(ci): fix npm workflows (#4797)
* feat: refactor npm workflows to use download-artifact

This refactors the npm workflows to use the download-artifact GitHub Action. We
had problems in the past with our download_artifact custom bash function. This
also fixes an issue where we weren't downloading the correct artifacts when
publishing beta and dev tags to npm.

* fixup: remove unused env var

* fixup! add download-artifcat to npm-brew"

* fixup! remove unnecessary code comment

* fixup! move NPM_ENVIRONMENT logic to script
2022-02-03 13:54:36 -07:00
renovate[bot]
79412eb137
chore(deps): update aquasecurity/trivy-action commit hash to a7a829a (#4821)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-02-03 12:43:31 -07:00
LG
10f57bac65
docs: Update some more links (#4806)
* Update links in package.json

I will try checking the docs too

* docs: Update links in triage.md

* docs: Update links in npm.md

* docs: Update links in whatever files that have `cdr`

* Replace globally, thanks @bpmct!

* fix: coderer instead of coder
I should've used all three toggles in the Search/Replace tab in the GItHub.dev editor.

* Code Formatting
2022-02-01 09:45:19 -07:00
Joe Previte
9954a88d3a
refactor(ci): clean up npm workflows (#4786)
This extracst the publish on npm workflow from ci.yaml and adds a new workflow
called `npm-beta.yaml`.

Now we have three workflows that publish to npm.
- `npm-beta.yaml` only runs on pushes and merges into `main`
- `npm-dev.yaml` only runs on PRs into `main` with approval from
  code-server-reviewers team
- `npm-brew.yaml` only runs on releases

This should fix problems we had previously where anyone could open a PR and
publish under the code-server namespace. It also separates out the workflows
based on environment and when they should run.
2022-01-24 15:33:42 -07:00
Joe Previte
8816ab93fe
fix: update npm-dev.yaml (#4781) 2022-01-22 08:48:57 -07:00
Joe Previte
a2f530161f
feat: publish beta and development tags on npm (#4769)
* feat: add logic to publish beta/dev npm

This adds new log to publish the npm package both while working on PRs and when
PRs are merged into main, allowing us to easily test changes in a
production-like setting.

Co-authored-by: Asher <ash@coder.com>
2022-01-21 16:28:56 -07:00
renovate[bot]
2752d95ff6
chore(deps): update minor dependency updates (#4722)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-01-14 21:48:52 +00:00
Joe Previte
7695de2831
fix(ci): add environment to docs-preview (#4677) 2022-01-04 11:05:04 -07:00
renovate[bot]
047a4f01f2
chore(deps): update aquasecurity/trivy-action commit hash to 8f4c716 (#4650)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-12-27 10:38:13 -07:00
Jonathan Yu
b990dabed1
chore: use readonly deploy key for preview (#4645) 2021-12-17 10:27:22 -07:00
Kyle Carberry
ec3d9974b3
fix: Update install.sh to use "coder" GitHub organization (#4638)
* fix: Update install.sh to use "coder" GitHub organization

* Update docs preview
2021-12-16 10:49:16 -06:00
renovate[bot]
7561fc4306
chore(deps): update aquasecurity/trivy-action commit hash to 81cc8cd (#4601)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: Joe Previte <jjprevite@gmail.com>
2021-12-15 10:38:18 -07:00
renovate[bot]
3d4660491a
chore(deps): update minor dependency updates (#4531)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-11-29 11:31:35 -07:00
renovate[bot]
5fe16be62d
chore(deps): update aquasecurity/trivy-action commit hash to 2a2157e (#4493)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: Joe Previte <jjprevite@gmail.com>
2021-11-19 12:04:08 -05:00
Teffen
1b60ef418c
Use upstream server (#4414)
* Flesh out fixes to align with upstream.

* Update route handlers to better reflect fallback behavior.

* Add platform to vscode-reh-web task

Our strategy has been to build once and then recompile native modules
for individual platforms.  It looks like VS Code builds from scratch for
each platform.

But we can target any platform, grab the pre-packaged folder, then
continue with own packaging.

In the future we may want to rework to match upstream.

* Fix issue where workspace args are not parsed.

* Fix issues surrounding opening files within code-server's terminal.

* Readd parent wrapper for hot reload.

* Allow more errors.

* Fix issues surrounding Coder link.

* Add dir creation and fix cli

It seems VS Code explodes when certain directories do not exist so
import the reh agent instead of the server component since it creates
the directories (require patching thus the VS Code update).

Also the CLI (for installing extensions) did not seem to be working so
point that to the same place since it also exports a function for
running that part of the CLI.

* Remove hardcoded VSCODE_DEV=1

This causes VS Code to use the development HTML file.  Move this to the
watch command instead.

I deleted the other stuff before it as well since in the latest main.js
they do not have this code so I figure we should be safe to omit it.

* Fix mismatching commit between client and server

* Mostly restore command-line parity

Restore most everything and remove the added server arguments.  This
will let us add and remove options after later so we can contain the
number of breaking changes.

To accomplish this a hard separation is added between the CLI arguments
and the server arguments.

The separation between user-provided arguments and arguments with
defaults is also made more clear.

The extra directory flags have been left out as they were buggy and
should be implemented upstream although I think there are better
solutions anyway.  locale and install-source are unsupported with the
web remote and are left removed.  It is unclear whether they were used
before anyway.

Some restored flags still need to have their behavior re-implemented.

* Fix static endpoint not emitting 404s

This fixes the last failing unit test.

Fix a missing dependency, add some generic reverse proxy support for the
protocol, and add back a missing nfpm fix.

* Import missing logError

* Fix 403 errors

* Add code-server version to about dialog

* Use user settings to disable welcome page

The workspace setting seems to be recognized but if so it is having no
effect.

* Update VS Code cache step with new build directories

Co-authored-by: Asher <ash@coder.com>
2021-11-09 23:28:31 -06:00
Asher
03651e5e0b
Use frozen lockfile for test dependencies in CI (#4442)
* Use frozen lockfile for test dependencies in CI

This might be causing more Playwright issues.

* Bump Playwright

Mostly just to trigger a reinstall of dependencies since it is cached
and still failing.

Once updated it errors saying install needs to run so add that too.
2021-11-04 11:39:27 -05:00
Asher
dcc9cf3dd2
Avoid npx for Playwright dependencies (#4437)
It was causing version mismatch errors.

It might make more sense to have this in the postinstall but for now I
have foregone that as it would be installed in every step including
those that do not run e2e tests.
2021-11-03 16:17:43 -05:00
Joe Previte
13404df267
chore(deps): fix issues identified by audit-ci (#4438)
* fix(deps): ansi-regex issue

* fix(deps): upgrade tar to safe version

* chore(deps): fix vm2 issue

* fix(ci): increase timeout for audit-ci to 15
2021-11-03 14:09:31 -07:00
Joe Previte
743bab09cd
refactor(ci): only run release workflows on released event (#4288) 2021-11-01 10:06:10 -07:00
Joe Previte
946e4e8843
feat(cli): add test for readSocketPath (#4284)
* fix: update isNodeJSErrnoException

* refactor(cli): export and purify readSocketPath

* feat: add tests for readSocketPath

* fix(ci): temporarily disable install deps from cache
2021-10-29 16:03:57 -07:00