coder
diff --git a/‎.github/workflows/ci.yaml
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/ci.yaml
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/dogfood.yaml
Lines changed: 10 additions & 1 deletion b/‎.github/workflows/dogfood.yaml
Lines changed: 10 additions & 1 deletion
diff --git a/‎.github/workflows/pr-deploy.yaml
Lines changed: 2 additions & 19 deletions b/‎.github/workflows/pr-deploy.yaml
Lines changed: 2 additions & 19 deletions
diff --git a/‎cli/cliui/resources.go
Lines changed: 12 additions & 3 deletions b/‎cli/cliui/resources.go
Lines changed: 12 additions & 3 deletions
diff --git a/‎cli/cliui/resources_test.go
Lines changed: 13 additions & 0 deletions b/‎cli/cliui/resources_test.go
Lines changed: 13 additions & 0 deletions
diff --git a/‎cli/list.go
Lines changed: 7 additions & 0 deletions b/‎cli/list.go
Lines changed: 7 additions & 0 deletions
diff --git a/‎cli/stat_test.go
Lines changed: 2 additions & 4 deletions b/‎cli/stat_test.go
Lines changed: 2 additions & 4 deletions
diff --git a/‎cli/testdata/coder_list_--help.golden
Lines changed: 3 additions & 2 deletions b/‎cli/testdata/coder_list_--help.golden
Lines changed: 3 additions & 2 deletions
diff --git a/‎coderd/coderd.go
Lines changed: 8 additions & 1 deletion b/‎coderd/coderd.go
Lines changed: 8 additions & 1 deletion
diff --git a/‎coderd/database/dbauthz/dbauthz.go
Lines changed: 11 additions & 39 deletions b/‎coderd/database/dbauthz/dbauthz.go
Lines changed: 11 additions & 39 deletions
@@ -126,7 +126,7 @@ jobs:
 
       # Check for any typos
       - name: Check for typos
-        uses: crate-ci/typos@v1.16.0
+        uses: crate-ci/typos@v1.16.1
         with:
           config: .github/workflows/typos.toml
 
 
@@ -51,22 +51,30 @@ jobs:
           tags: "codercom/oss-dogfood:${{ steps.docker-tag-name.outputs.tag }},codercom/oss-dogfood:latest"
           cache-from: type=registry,ref=codercom/oss-dogfood:latest
           cache-to: type=inline
+
   deploy_template:
     needs: deploy_image
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
         uses: actions/checkout@v3
+
       - name: Get short commit SHA
         id: vars
         run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
+
+      - name: Get latest commit title
+        id: message
+        run: echo "pr_title=$(git log --format=%s -n 1 ${{ github.sha }})" >> $GITHUB_OUTPUT
+
       - name: "Get latest Coder binary from the server"
         run: |
           curl -fsSL "https://dev.coder.com/bin/coder-linux-amd64" -o "./coder"
           chmod +x "./coder"
+
       - name: "Push template"
         run: |
-          ./coder templates push $CODER_TEMPLATE_NAME --directory $CODER_TEMPLATE_DIR --yes --name=$CODER_TEMPLATE_VERSION
+          ./coder templates push $CODER_TEMPLATE_NAME --directory $CODER_TEMPLATE_DIR --yes --name=$CODER_TEMPLATE_VERSION --message="$CODER_TEMPLATE_MESSAGE"
         env:
           # Consumed by Coder CLI
           CODER_URL: https://dev.coder.com
@@ -75,3 +83,4 @@ jobs:
           CODER_TEMPLATE_NAME: ${{ secrets.CODER_TEMPLATE_NAME }}
           CODER_TEMPLATE_VERSION: ${{ steps.vars.outputs.sha_short }}
           CODER_TEMPLATE_DIR: ./dogfood
+          CODER_TEMPLATE_MESSAGE: ${{ steps.message.outputs.pr_title }}
@@ -17,8 +17,8 @@ permissions:
   pull-requests: write
 
 concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
+  group: ${{ github.workflow }}-${{ github.event.issue.number || github.run_id }}
+  cancel-in-progress: false
 
 jobs:
   pr_commented:
@@ -58,23 +58,6 @@ jobs:
           CODER_BASE_IMAGE_TAG: ghcr.io/coder/coder-preview-base:pr${{ steps.pr_number.outputs.PR_NUMBER }}
           CODER_IMAGE_TAG: ghcr.io/coder/coder-preview:pr${{ steps.pr_number.outputs.PR_NUMBER }}
 
-      - name: Find Deploy Comment
-        if: github.event_name == 'issue_comment'
-        uses: peter-evans/find-comment@v2
-        id: fco
-        with:
-          issue-number: ${{ steps.pr_number.outputs.PR_NUMBER }}
-          comment-author: "github-actions[bot]"
-          body-includes: /deploy-pr
-
-      - name: React with Rocket
-        if: github.event_name == 'issue_comment'
-        id: comment_ido
-        uses: peter-evans/create-or-update-comment@v3
-        with:
-          comment-id: ${{ steps.fco.outputs.comment-id }}
-          reactions: rocket
-
       - name: Find Comment
         uses: peter-evans/find-comment@v2
         id: fc
 
@@ -50,6 +50,7 @@ func WorkspaceResources(writer io.Writer, resources []codersdk.WorkspaceResource
 	row := table.Row{"Resource"}
 	if !options.HideAgentState {
 		row = append(row, "Status")
+		row = append(row, "Health")
 		row = append(row, "Version")
 	}
 	if !options.HideAccess {
@@ -81,6 +82,7 @@ func WorkspaceResources(writer io.Writer, resources []codersdk.WorkspaceResource
 			DefaultStyles.Bold.Render(resourceAddress),
 			"",
 			"",
+			"",
 		})
 		// Display all agents associated with the resource.
 		for index, agent := range resource.Agents {
@@ -93,13 +95,13 @@ func WorkspaceResources(writer io.Writer, resources []codersdk.WorkspaceResource
 				fmt.Sprintf("%s─ %s (%s, %s)", pipe, agent.Name, agent.OperatingSystem, agent.Architecture),
 			}
 			if !options.HideAgentState {
-				var agentStatus string
-				var agentVersion string
+				var agentStatus, agentHealth, agentVersion string
 				if !options.HideAgentState {
 					agentStatus = renderAgentStatus(agent)
+					agentHealth = renderAgentHealth(agent)
 					agentVersion = renderAgentVersion(agent.Version, options.ServerVersion)
 				}
-				row = append(row, agentStatus, agentVersion)
+				row = append(row, agentStatus, agentHealth, agentVersion)
 			}
 			if !options.HideAccess {
 				sshCommand := "coder ssh " + options.WorkspaceName
@@ -141,6 +143,13 @@ func renderAgentStatus(agent codersdk.WorkspaceAgent) string {
 	}
 }
 
+func renderAgentHealth(agent codersdk.WorkspaceAgent) string {
+	if agent.Health.Healthy {
+		return DefaultStyles.Keyword.Render("✔ healthy")
+	}
+	return DefaultStyles.Error.Render("✘ " + agent.Health.Reason)
+}
+
 func renderAgentVersion(agentVersion, serverVersion string) string {
 	if agentVersion == "" {
 		agentVersion = "(unknown)"
 
@@ -29,6 +29,7 @@ func TestWorkspaceResources(t *testing.T) {
 					LifecycleState:  codersdk.WorkspaceAgentLifecycleCreated,
 					Architecture:    "amd64",
 					OperatingSystem: "linux",
+					Health:          codersdk.WorkspaceAgentHealth{Healthy: true},
 				}},
 			}}, cliui.WorkspaceResourcesOptions{
 				WorkspaceName: "example",
@@ -65,6 +66,7 @@ func TestWorkspaceResources(t *testing.T) {
 					Name:            "dev",
 					OperatingSystem: "linux",
 					Architecture:    "amd64",
+					Health:          codersdk.WorkspaceAgentHealth{Healthy: true},
 				}},
 			}, {
 				Transition: codersdk.WorkspaceTransitionStart,
@@ -76,13 +78,18 @@ func TestWorkspaceResources(t *testing.T) {
 					Name:            "go",
 					Architecture:    "amd64",
 					OperatingSystem: "linux",
+					Health:          codersdk.WorkspaceAgentHealth{Healthy: true},
 				}, {
 					DisconnectedAt:  &disconnected,
 					Status:          codersdk.WorkspaceAgentDisconnected,
 					LifecycleState:  codersdk.WorkspaceAgentLifecycleReady,
 					Name:            "postgres",
 					Architecture:    "amd64",
 					OperatingSystem: "linux",
+					Health: codersdk.WorkspaceAgentHealth{
+						Healthy: false,
+						Reason:  "agent has lost connection",
+					},
 				}},
 			}}, cliui.WorkspaceResourcesOptions{
 				WorkspaceName:  "dev",
@@ -94,6 +101,12 @@ func TestWorkspaceResources(t *testing.T) {
 		}()
 		ptty.ExpectMatch("google_compute_disk.root")
 		ptty.ExpectMatch("google_compute_instance.dev")
+		ptty.ExpectMatch("healthy")
+		ptty.ExpectMatch("coder ssh dev.dev")
+		ptty.ExpectMatch("kubernetes_pod.dev")
+		ptty.ExpectMatch("healthy")
+		ptty.ExpectMatch("coder ssh dev.go")
+		ptty.ExpectMatch("agent has lost connection")
 		ptty.ExpectMatch("coder ssh dev.postgres")
 		<-done
 	})
 
@@ -2,6 +2,7 @@ package cli
 
 import (
 	"fmt"
+	"strconv"
 	"time"
 
 	"github.com/google/uuid"
@@ -24,6 +25,7 @@ type workspaceListRow struct {
 	WorkspaceName string `json:"-" table:"workspace,default_sort"`
 	Template      string `json:"-" table:"template"`
 	Status        string `json:"-" table:"status"`
+	Healthy       string `json:"-" table:"healthy"`
 	LastBuilt     string `json:"-" table:"last built"`
 	Outdated      bool   `json:"-" table:"outdated"`
 	StartsAt      string `json:"-" table:"starts at"`
@@ -51,12 +53,17 @@ func workspaceListRowFromWorkspace(now time.Time, usersByID map[uuid.UUID]coders
 		}
 	}
 
+	healthy := ""
+	if status == "Starting" || status == "Started" {
+		healthy = strconv.FormatBool(workspace.Health.Healthy)
+	}
 	user := usersByID[workspace.OwnerID]
 	return workspaceListRow{
 		Workspace:     workspace,
 		WorkspaceName: user.Username + "/" + workspace.Name,
 		Template:      workspace.TemplateName,
 		Status:        status,
+		Healthy:       healthy,
 		LastBuilt:     durationDisplay(lastBuilt),
 		Outdated:      workspace.Outdated,
 		StartsAt:      autostartDisplay,
 
@@ -85,8 +85,6 @@ func TestStatCPUCmd(t *testing.T) {
 
 	t.Run("JSON", func(t *testing.T) {
 		t.Parallel()
-		t.Skip("https://github.com/coder/coder/issues/8091")
-
 		ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitShort)
 		t.Cleanup(cancel)
 		inv, _ := clitest.New(t, "stat", "cpu", "--output=json")
@@ -111,7 +109,7 @@ func TestStatMemCmd(t *testing.T) {
 		t.Parallel()
 		ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitShort)
 		t.Cleanup(cancel)
-		inv, _ := clitest.New(t, "stat", "mem", "--output=text")
+		inv, _ := clitest.New(t, "stat", "mem", "--output=text", "--host")
 		buf := new(bytes.Buffer)
 		inv.Stdout = buf
 		err := inv.WithContext(ctx).Run()
@@ -124,7 +122,7 @@ func TestStatMemCmd(t *testing.T) {
 		t.Parallel()
 		ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitShort)
 		t.Cleanup(cancel)
-		inv, _ := clitest.New(t, "stat", "mem", "--output=json")
+		inv, _ := clitest.New(t, "stat", "mem", "--output=json", "--host")
 		buf := new(bytes.Buffer)
 		inv.Stdout = buf
 		err := inv.WithContext(ctx).Run()
 
@@ -8,9 +8,10 @@ Aliases: ls
   -a, --all bool
           Specifies whether all workspaces will be listed or not.
 
-  -c, --column string-array (default: workspace,template,status,last built,outdated,starts at,stops after)
+  -c, --column string-array (default: workspace,template,status,healthy,last built,outdated,starts at,stops after)
           Columns to display in table output. Available columns: workspace,
-          template, status, last built, outdated, starts at, stops after.
+          template, status, healthy, last built, outdated, starts at, stops
+          after.
 
   -o, --output string (default: table)
           Output format. Available formats: table, json.
 
@@ -727,7 +727,14 @@ func New(options *Options) *API {
 			r.Post("/azure-instance-identity", api.postWorkspaceAuthAzureInstanceIdentity)
 			r.Post("/aws-instance-identity", api.postWorkspaceAuthAWSInstanceIdentity)
 			r.Post("/google-instance-identity", api.postWorkspaceAuthGoogleInstanceIdentity)
-			r.Get("/connection", api.workspaceAgentConnectionGeneric)
+			r.With(
+				apiKeyMiddlewareOptional,
+				httpmw.ExtractWorkspaceProxy(httpmw.ExtractWorkspaceProxyConfig{
+					DB:       options.Database,
+					Optional: true,
+				}),
+				httpmw.RequireAPIKeyOrWorkspaceProxyAuth(),
+			).Get("/connection", api.workspaceAgentConnectionGeneric)
 			r.Route("/me", func(r chi.Router) {
 				r.Use(httpmw.ExtractWorkspaceAgent(httpmw.ExtractWorkspaceAgentConfig{
 					DB:       options.Database,
 
@@ -586,32 +586,6 @@ func (q *querier) SoftDeleteTemplateByID(ctx context.Context, id uuid.UUID) erro
 	return deleteQ(q.log, q.auth, q.db.GetTemplateByID, deleteF)(ctx, id)
 }
 
-func (q *querier) GetUsersWithCount(ctx context.Context, arg database.GetUsersParams) ([]database.User, int64, error) {
-	// TODO Implement this with a SQL filter. The count is incorrect without it.
-	rowUsers, err := q.db.GetUsers(ctx, arg)
-	if err != nil {
-		return nil, -1, err
-	}
-
-	if len(rowUsers) == 0 {
-		return []database.User{}, 0, nil
-	}
-
-	act, ok := ActorFromContext(ctx)
-	if !ok {
-		return nil, -1, NoActorError
-	}
-
-	// TODO: Is this correct? Should we return a restricted user?
-	users := database.ConvertUserRows(rowUsers)
-	users, err = rbac.Filter(ctx, q.auth, act, rbac.ActionRead, users)
-	if err != nil {
-		return nil, -1, err
-	}
-
-	return users, rowUsers[0].Count, nil
-}
-
 func (q *querier) SoftDeleteUserByID(ctx context.Context, id uuid.UUID) error {
 	deleteF := func(ctx context.Context, id uuid.UUID) error {
 		return q.db.UpdateUserDeletedByID(ctx, database.UpdateUserDeletedByIDParams{
@@ -904,15 +878,6 @@ func (q *querier) GetFileTemplates(ctx context.Context, fileID uuid.UUID) ([]dat
 	return q.db.GetFileTemplates(ctx, fileID)
 }
 
-func (q *querier) GetFilteredUserCount(ctx context.Context, arg database.GetFilteredUserCountParams) (int64, error) {
-	prep, err := prepareSQLFilter(ctx, q.auth, rbac.ActionRead, rbac.ResourceUser.Type)
-	if err != nil {
-		return -1, xerrors.Errorf("(dev error) prepare sql filter: %w", err)
-	}
-	// TODO: This should be the only implementation.
-	return q.GetAuthorizedUserCount(ctx, arg, prep)
-}
-
 func (q *querier) GetGitAuthLink(ctx context.Context, arg database.GetGitAuthLinkParams) (database.GitAuthLink, error) {
 	return fetch(q.log, q.auth, q.db.GetGitAuthLink)(ctx, arg)
 }
@@ -1389,8 +1354,12 @@ func (q *querier) GetUserLinkByUserIDLoginType(ctx context.Context, arg database
 }
 
 func (q *querier) GetUsers(ctx context.Context, arg database.GetUsersParams) ([]database.GetUsersRow, error) {
-	// TODO: We should use GetUsersWithCount with a better method signature.
-	return fetchWithPostFilter(q.auth, q.db.GetUsers)(ctx, arg)
+	// This does the filtering in SQL.
+	prep, err := prepareSQLFilter(ctx, q.auth, rbac.ActionRead, rbac.ResourceUser.Type)
+	if err != nil {
+		return nil, xerrors.Errorf("(dev error) prepare sql filter: %w", err)
+	}
+	return q.db.GetAuthorizedUsers(ctx, arg, prep)
 }
 
 // GetUsersByIDs is only used for usernames on workspace return data.
@@ -2639,6 +2608,9 @@ func (q *querier) GetAuthorizedWorkspaces(ctx context.Context, arg database.GetW
 	return q.GetWorkspaces(ctx, arg)
 }
 
-func (q *querier) GetAuthorizedUserCount(ctx context.Context, arg database.GetFilteredUserCountParams, prepared rbac.PreparedAuthorized) (int64, error) {
-	return q.db.GetAuthorizedUserCount(ctx, arg, prepared)
+// GetAuthorizedUsers is not required for dbauthz since GetUsers is already
+// authenticated.
+func (q *querier) GetAuthorizedUsers(ctx context.Context, arg database.GetUsersParams, _ rbac.PreparedAuthorized) ([]database.GetUsersRow, error) {
+	// GetUsers is authenticated.
+	return q.GetUsers(ctx, arg)
 }