coder
diff --git a/‎.github/.linkspector.yml
Lines changed: 1 addition & 0 deletions b/‎.github/.linkspector.yml
Lines changed: 1 addition & 0 deletions
diff --git a/‎.github/workflows/ci.yaml
Lines changed: 3 additions & 3 deletions b/‎.github/workflows/ci.yaml
Lines changed: 3 additions & 3 deletions
diff --git a/‎.github/workflows/contrib.yaml
Lines changed: 2 additions & 0 deletions b/‎.github/workflows/contrib.yaml
Lines changed: 2 additions & 0 deletions
diff --git a/‎.github/workflows/dogfood.yaml
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/dogfood.yaml
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/scorecard.yml
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/scorecard.yml
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/security.yaml
Lines changed: 3 additions & 3 deletions b/‎.github/workflows/security.yaml
Lines changed: 3 additions & 3 deletions
diff --git a/‎.github/workflows/weekly-docs.yaml
Lines changed: 2 additions & 1 deletion b/‎.github/workflows/weekly-docs.yaml
Lines changed: 2 additions & 1 deletion
diff --git a/‎.vscode/markdown.code-snippets
Lines changed: 8 additions & 0 deletions b/‎.vscode/markdown.code-snippets
Lines changed: 8 additions & 0 deletions
diff --git a/‎Makefile
Lines changed: 2 additions & 2 deletions b/‎Makefile
Lines changed: 2 additions & 2 deletions
diff --git a/‎cli/testdata/coder_list_--output_json.golden
Lines changed: 6 additions & 1 deletion b/‎cli/testdata/coder_list_--output_json.golden
Lines changed: 6 additions & 1 deletion
diff --git a/‎cmd/coder/main.go
Lines changed: 5 additions & 0 deletions b/‎cmd/coder/main.go
Lines changed: 5 additions & 0 deletions
diff --git a/‎coderd/apidoc/docs.go
Lines changed: 43 additions & 0 deletions b/‎coderd/apidoc/docs.go
Lines changed: 43 additions & 0 deletions
diff --git a/‎coderd/apidoc/swagger.json
Lines changed: 39 additions & 0 deletions b/‎coderd/apidoc/swagger.json
Lines changed: 39 additions & 0 deletions
diff --git a/‎coderd/autobuild/lifecycle_executor.go
Lines changed: 11 additions & 1 deletion b/‎coderd/autobuild/lifecycle_executor.go
Lines changed: 11 additions & 1 deletion
diff --git a/‎coderd/autobuild/lifecycle_executor_test.go
Lines changed: 71 additions & 0 deletions b/‎coderd/autobuild/lifecycle_executor_test.go
Lines changed: 71 additions & 0 deletions
diff --git a/‎coderd/database/dbauthz/dbauthz.go
Lines changed: 4 additions & 0 deletions b/‎coderd/database/dbauthz/dbauthz.go
Lines changed: 4 additions & 0 deletions
@@ -18,5 +18,6 @@ ignorePatterns:
   - pattern: "i.imgur.com"
   - pattern: "code.visualstudio.com"
   - pattern: "www.emacswiki.org"
+  - pattern: "linux.die.net/man"
 aliveStatusCodes:
   - 200
@@ -188,7 +188,7 @@ jobs:
 
       # Check for any typos
       - name: Check for typos
-        uses: crate-ci/typos@2872c382bb9668d4baa5eade234dcbc0048ca2cf # v1.28.2
+        uses: crate-ci/typos@d1c850b2b5d502763520c25fb4a6a1128ad99bd9 # v1.28.3
         with:
           config: .github/workflows/typos.toml
 
@@ -895,7 +895,7 @@ jobs:
     needs: changes
     # We always build the dylibs on Go changes to verify we're not merging unbuildable code,
     # but they need only be signed and uploaded on coder/coder main.
-    if: needs.changes.outputs.docs-only == 'false' || github.ref == 'refs/heads/main'
+    if: needs.changes.outputs.go == 'true' || needs.changes.outputs.ci == 'true' || github.ref == 'refs/heads/main'
     runs-on: ${{ github.repository_owner == 'coder' && 'depot-macos-latest' || 'macos-latest' }}
     steps:
       - name: Harden Runner
@@ -976,7 +976,7 @@ jobs:
       - changes
       - build-dylib
     if: github.ref == 'refs/heads/main' && needs.changes.outputs.docs-only == 'false' && !github.event.pull_request.head.repo.fork
-    runs-on: ${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-8' || 'ubuntu-latest' }}
+    runs-on: ${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-8' || 'ubuntu-22.04' }}
     permissions:
       packages: write # Needed to push images to ghcr.io
     env:
 
@@ -41,6 +41,8 @@ jobs:
 
   cla:
     runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
     steps:
       - name: Harden Runner
         uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
 
@@ -50,7 +50,7 @@ jobs:
         uses: depot/setup-action@b0b1ea4f69e92ebf5dea3f8713a1b0c37b2126a5 # v1.6.0
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1
+        uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0
 
       - name: Login to DockerHub
         if: github.ref == 'refs/heads/main'
 
@@ -47,6 +47,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@aa578102511db1f4524ed59b8cc2bae4f6e88195 # v3.27.6
+        uses: github/codeql-action/upload-sarif@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9
         with:
           sarif_file: results.sarif
@@ -38,7 +38,7 @@ jobs:
         uses: ./.github/actions/setup-go
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@aa578102511db1f4524ed59b8cc2bae4f6e88195 # v3.27.6
+        uses: github/codeql-action/init@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9
         with:
           languages: go, javascript
 
@@ -48,7 +48,7 @@ jobs:
           rm Makefile
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@aa578102511db1f4524ed59b8cc2bae4f6e88195 # v3.27.6
+        uses: github/codeql-action/analyze@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9
 
       - name: Send Slack notification on failure
         if: ${{ failure() }}
@@ -144,7 +144,7 @@ jobs:
           severity: "CRITICAL,HIGH"
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@aa578102511db1f4524ed59b8cc2bae4f6e88195 # v3.27.6
+        uses: github/codeql-action/upload-sarif@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9
         with:
           sarif_file: trivy-results.sarif
           category: "Trivy"
 
@@ -15,7 +15,8 @@ permissions:
 
 jobs:
   check-docs:
-    runs-on: ubuntu-latest
+    # later versions of Ubuntu have disabled unprivileged user namespaces, which are required by the action
+    runs-on: ubuntu-22.04
     permissions:
       pull-requests: write # required to post PR review comments by the action
     steps:
 
@@ -20,6 +20,14 @@
 		"body": "![${TM_SELECTED_TEXT:${1:alt}}](${2:url})$0",
 		"description": "image"
 	},
+	"premium-feature": {
+		"prefix": "#premium-feature",
+		"body": [
+			"<blockquote class=\"info\">\n",
+			"${1:feature} ${2|is,are|} an Enterprise and Premium feature. [Learn more](https://coder.com/pricing#compare-plans).\n",
+			"</blockquote>"
+		]
+	},
 	"tabs": {
 		"prefix": "#tabs",
 		"body": [
 
@@ -640,8 +640,8 @@ vpn/vpn.pb.go: vpn/vpn.proto
 		./vpn/vpn.proto
 
 site/src/api/typesGenerated.ts: $(wildcard scripts/apitypings/*) $(shell find ./codersdk $(FIND_EXCLUSIONS) -type f -name '*.go')
-	go run ./scripts/apitypings/ > $@
-	./scripts/pnpm_install.sh
+	# -C sets the directory for the go run command
+	go run -C ./scripts/apitypings main.go > $@
 
 site/e2e/provisionerGenerated.ts: provisionerd/proto/provisionerd.pb.go provisionersdk/proto/provisioner.pb.go
 	cd site
 
@@ -50,7 +50,12 @@
       "deadline": "[timestamp]",
       "max_deadline": null,
       "status": "running",
-      "daily_cost": 0
+      "daily_cost": 0,
+      "matched_provisioners": {
+        "count": 0,
+        "available": 0,
+        "most_recently_seen": null
+      }
     },
     "outdated": false,
     "name": "test-workspace",
 
@@ -5,6 +5,8 @@ import (
 	"os"
 	_ "time/tzdata"
 
+	tea "github.com/charmbracelet/bubbletea"
+
 	"github.com/coder/coder/v2/agent/agentexec"
 	"github.com/coder/coder/v2/cli"
 )
@@ -15,6 +17,9 @@ func main() {
 		_, _ = fmt.Fprintln(os.Stderr, err)
 		os.Exit(1)
 	}
+	// This preserves backwards compatibility with an init function that is causing grief for
+	// web terminals using agent-exec + screen. See https://github.com/coder/coder/pull/15817
+	tea.InitTerminal()
 	var rootCmd cli.RootCmd
 	rootCmd.RunWithSubcommands(rootCmd.AGPL())
 }
@@ -3,6 +3,7 @@ package autobuild
 import (
 	"context"
 	"database/sql"
+	"fmt"
 	"net/http"
 	"sync"
 	"sync/atomic"
@@ -177,6 +178,15 @@ func (e *Executor) runOnce(t time.Time) Stats {
 				err := e.db.InTx(func(tx database.Store) error {
 					var err error
 
+					ok, err := tx.TryAcquireLock(e.ctx, database.GenLockID(fmt.Sprintf("lifecycle-executor:%s", wsID)))
+					if err != nil {
+						return xerrors.Errorf("try acquire lifecycle executor lock: %w", err)
+					}
+					if !ok {
+						log.Debug(e.ctx, "unable to acquire lock for workspace, skipping")
+						return nil
+					}
+
 					// Re-check eligibility since the first check was outside the
 					// transaction and the workspace settings may have changed.
 					ws, err = tx.GetWorkspaceByID(e.ctx, wsID)
@@ -389,7 +399,7 @@ func (e *Executor) runOnce(t time.Time) Stats {
 				}
 				return nil
 			}()
-			if err != nil {
+			if err != nil && !xerrors.Is(err, context.Canceled) {
 				log.Error(e.ctx, "failed to transition workspace", slog.Error(err))
 				statsMu.Lock()
 				stats.Errors[wsID] = err
 
@@ -18,6 +18,7 @@ import (
 	"github.com/coder/coder/v2/coderd/coderdtest"
 	"github.com/coder/coder/v2/coderd/database"
 	"github.com/coder/coder/v2/coderd/database/dbauthz"
+	"github.com/coder/coder/v2/coderd/database/dbtestutil"
 	"github.com/coder/coder/v2/coderd/notifications"
 	"github.com/coder/coder/v2/coderd/notifications/notificationstest"
 	"github.com/coder/coder/v2/coderd/schedule"
@@ -72,6 +73,76 @@ func TestExecutorAutostartOK(t *testing.T) {
 	require.Equal(t, template.AutostartRequirement.DaysOfWeek, []string{"monday", "tuesday", "wednesday", "thursday", "friday", "saturday", "sunday"})
 }
 
+func TestMultipleLifecycleExecutors(t *testing.T) {
+	t.Parallel()
+
+	db, ps := dbtestutil.NewDB(t)
+
+	var (
+		sched = mustSchedule(t, "CRON_TZ=UTC 0 * * * *")
+		// Create our first client
+		tickCh   = make(chan time.Time, 2)
+		statsChA = make(chan autobuild.Stats)
+		clientA  = coderdtest.New(t, &coderdtest.Options{
+			IncludeProvisionerDaemon: true,
+			AutobuildTicker:          tickCh,
+			AutobuildStats:           statsChA,
+			Database:                 db,
+			Pubsub:                   ps,
+		})
+		// ... And then our second client
+		statsChB = make(chan autobuild.Stats)
+		_        = coderdtest.New(t, &coderdtest.Options{
+			IncludeProvisionerDaemon: true,
+			AutobuildTicker:          tickCh,
+			AutobuildStats:           statsChB,
+			Database:                 db,
+			Pubsub:                   ps,
+		})
+		// Now create a workspace (we can use either client, it doesn't matter)
+		workspace = mustProvisionWorkspace(t, clientA, func(cwr *codersdk.CreateWorkspaceRequest) {
+			cwr.AutostartSchedule = ptr.Ref(sched.String())
+		})
+	)
+
+	// Have the workspace stopped so we can perform an autostart
+	workspace = coderdtest.MustTransitionWorkspace(t, clientA, workspace.ID, database.WorkspaceTransitionStart, database.WorkspaceTransitionStop)
+
+	// Get both clients to perform a lifecycle execution tick
+	next := sched.Next(workspace.LatestBuild.CreatedAt)
+
+	startCh := make(chan struct{})
+	go func() {
+		<-startCh
+		tickCh <- next
+	}()
+	go func() {
+		<-startCh
+		tickCh <- next
+	}()
+	close(startCh)
+
+	// Now we want to check the stats for both clients
+	statsA := <-statsChA
+	statsB := <-statsChB
+
+	// We expect there to be no errors
+	assert.Len(t, statsA.Errors, 0)
+	assert.Len(t, statsB.Errors, 0)
+
+	// We also expect there to have been only one transition
+	require.Equal(t, 1, len(statsA.Transitions)+len(statsB.Transitions))
+
+	stats := statsA
+	if len(statsB.Transitions) == 1 {
+		stats = statsB
+	}
+
+	// And we expect this transition to have been a start transition
+	assert.Contains(t, stats.Transitions, workspace.ID)
+	assert.Equal(t, database.WorkspaceTransitionStart, stats.Transitions[workspace.ID])
+}
+
 func TestExecutorAutostartTemplateUpdated(t *testing.T) {
 	t.Parallel()
 
 
@@ -1568,6 +1568,10 @@ func (q *querier) GetDeploymentWorkspaceStats(ctx context.Context) (database.Get
 	return q.db.GetDeploymentWorkspaceStats(ctx)
 }
 
+func (q *querier) GetEligibleProvisionerDaemonsByProvisionerJobIDs(ctx context.Context, provisionerJobIds []uuid.UUID) ([]database.GetEligibleProvisionerDaemonsByProvisionerJobIDsRow, error) {
+	return fetchWithPostFilter(q.auth, policy.ActionRead, q.db.GetEligibleProvisionerDaemonsByProvisionerJobIDs)(ctx, provisionerJobIds)
+}
+
 func (q *querier) GetExternalAuthLink(ctx context.Context, arg database.GetExternalAuthLinkParams) (database.ExternalAuthLink, error) {
 	return fetchWithAction(q.log, q.auth, policy.ActionReadPersonal, q.db.GetExternalAuthLink)(ctx, arg)
 }
Original file line number	Diff line number	Diff line change
`@@ -5,6 +5,8 @@ import (`
`5`	`5`	`"os"`
`6`	`6`	`_ "time/tzdata"`
`7`	`7`
	`8`	`+ tea "github.com/charmbracelet/bubbletea"`
	`9`	`+`
`8`	`10`	`"github.com/coder/coder/v2/agent/agentexec"`
`9`	`11`	`"github.com/coder/coder/v2/cli"`
`10`	`12`	`)`
`@@ -15,6 +17,9 @@ func main() {`
`15`	`17`	`_, _ = fmt.Fprintln(os.Stderr, err)`
`16`	`18`	`os.Exit(1)`
`17`	`19`	`}`
	`20`	`+ // This preserves backwards compatibility with an init function that is causing grief for`
	`21`	`+ // web terminals using agent-exec + screen. See https://github.com/coder/coder/pull/15817`
	`22`	`+ tea.InitTerminal()`
`18`	`23`	`var rootCmd cli.RootCmd`
`19`	`24`	`rootCmd.RunWithSubcommands(rootCmd.AGPL())`
`20`	`25`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1568,6 +1568,10 @@ func (q *querier) GetDeploymentWorkspaceStats(ctx context.Context) (database.Get`
`1568`	`1568`	`return q.db.GetDeploymentWorkspaceStats(ctx)`
`1569`	`1569`	`}`
`1570`	`1570`
	`1571`	`+func (q *querier) GetEligibleProvisionerDaemonsByProvisionerJobIDs(ctx context.Context, provisionerJobIds []uuid.UUID) ([]database.GetEligibleProvisionerDaemonsByProvisionerJobIDsRow, error) {`
	`1572`	`+ return fetchWithPostFilter(q.auth, policy.ActionRead, q.db.GetEligibleProvisionerDaemonsByProvisionerJobIDs)(ctx, provisionerJobIds)`
	`1573`	`+}`
	`1574`	`+`
`1571`	`1575`	`func (q *querier) GetExternalAuthLink(ctx context.Context, arg database.GetExternalAuthLinkParams) (database.ExternalAuthLink, error) {`
`1572`	`1576`	`return fetchWithAction(q.log, q.auth, policy.ActionReadPersonal, q.db.GetExternalAuthLink)(ctx, arg)`
`1573`	`1577`	`}`