coder
diff --git a/‎.github/actions/setup-go/action.yaml
Lines changed: 1 addition & 1 deletion b/‎.github/actions/setup-go/action.yaml
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/actions/setup-sqlc/action.yaml
Lines changed: 1 addition & 1 deletion b/‎.github/actions/setup-sqlc/action.yaml
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/dependabot.yaml
Lines changed: 0 additions & 4 deletions b/‎.github/dependabot.yaml
Lines changed: 0 additions & 4 deletions
diff --git a/‎.github/fly-wsproxies/paris-coder.toml
Lines changed: 4 additions & 3 deletions b/‎.github/fly-wsproxies/paris-coder.toml
Lines changed: 4 additions & 3 deletions
diff --git a/‎.github/fly-wsproxies/sao-paulo-coder.toml
Lines changed: 5 additions & 4 deletions b/‎.github/fly-wsproxies/sao-paulo-coder.toml
Lines changed: 5 additions & 4 deletions
diff --git a/‎.github/fly-wsproxies/sydney-coder.toml
Lines changed: 4 additions & 3 deletions b/‎.github/fly-wsproxies/sydney-coder.toml
Lines changed: 4 additions & 3 deletions
diff --git a/‎.github/workflows/ci.yaml
Lines changed: 66 additions & 45 deletions b/‎.github/workflows/ci.yaml
Lines changed: 66 additions & 45 deletions
diff --git a/‎.github/workflows/dogfood.yaml
Lines changed: 3 additions & 3 deletions b/‎.github/workflows/dogfood.yaml
Lines changed: 3 additions & 3 deletions
diff --git a/‎.github/workflows/release.yaml
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/release.yaml
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/security.yaml
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/security.yaml
Lines changed: 1 addition & 1 deletion
@@ -4,7 +4,7 @@ description: |
 inputs:
   version:
     description: "The Go version to use."
-    default: "1.20.11"
+    default: "1.21.5"
 runs:
   using: "composite"
   steps:
 
@@ -7,4 +7,4 @@ runs:
     - name: Setup sqlc
       uses: sqlc-dev/setup-sqlc@v4
       with:
-        sqlc-version: "1.20.0"
+        sqlc-version: "1.24.0"
@@ -62,10 +62,6 @@ updates:
       # We need to coordinate terraform updates with the version hardcoded in
       # our Go code.
       - dependency-name: "terraform"
-    groups:
-      scripts-docker:
-        patterns:
-          - "*"
 
   - package-ecosystem: "npm"
     directory: "/site/"
 
@@ -2,16 +2,17 @@ app = "paris-coder"
 primary_region = "cdg"
 
 [experimental]
-  entrypoint = ["/opt/coder", "wsproxy", "server"]
+  entrypoint = ["/bin/sh", "-c", "CODER_DERP_SERVER_RELAY_URL=\"http://[${FLY_PRIVATE_IP}]:3000\" /opt/coder wsproxy server"]
   auto_rollback = true
 
 [build]
   image = "ghcr.io/coder/coder-preview:main"
 
 [env]
-  CODER_ACCESS_URL = "https://paris-coder.fly.dev"
+  CODER_ACCESS_URL = "https://paris.fly.dev.coder.com"
   CODER_HTTP_ADDRESS = "0.0.0.0:3000"
   CODER_PRIMARY_ACCESS_URL = "https://dev.coder.com"
+  CODER_WILDCARD_ACCESS_URL = "*--apps.paris.fly.dev.coder.com"
 
 [http_service]
   internal_port = 3000
@@ -22,5 +23,5 @@ primary_region = "cdg"
 
 [[vm]]
   cpu_kind = "shared"
-  cpus = 1
+  cpus = 2
   memory_mb = 512
@@ -2,17 +2,18 @@ app = "sao-paulo-coder"
 primary_region = "gru"
 
 [experimental]
-  entrypoint = ["/opt/coder", "wsproxy", "server"]
+  entrypoint = ["/bin/sh", "-c", "CODER_DERP_SERVER_RELAY_URL=\"http://[${FLY_PRIVATE_IP}]:3000\" /opt/coder wsproxy server"]
   auto_rollback = true
 
 [build]
   image = "ghcr.io/coder/coder-preview:main"
 
 [env]
-  CODER_ACCESS_URL = "https://sao-paulo-coder.fly.dev"
+  CODER_ACCESS_URL = "https://sao-paulo.fly.dev.coder.com"
   CODER_HTTP_ADDRESS = "0.0.0.0:3000"
   CODER_PRIMARY_ACCESS_URL = "https://dev.coder.com"
-	
+  CODER_WILDCARD_ACCESS_URL = "*--apps.sao-paulo.fly.dev.coder.com"
+
 [http_service]
   internal_port = 3000
   force_https = true
@@ -22,5 +23,5 @@ primary_region = "gru"
 
 [[vm]]
   cpu_kind = "shared"
-  cpus = 1
+  cpus = 2
   memory_mb = 512
@@ -2,16 +2,17 @@ app = "sydney-coder"
 primary_region = "syd"
 
 [experimental]
-  entrypoint = ["/opt/coder", "wsproxy", "server"]
+  entrypoint = ["/bin/sh", "-c", "CODER_DERP_SERVER_RELAY_URL=\"http://[${FLY_PRIVATE_IP}]:3000\" /opt/coder wsproxy server"]
   auto_rollback = true
 
 [build]
   image = "ghcr.io/coder/coder-preview:main"
 
 [env]
-  CODER_ACCESS_URL = "https://sydney-coder.fly.dev"
+  CODER_ACCESS_URL = "https://sydney.fly.dev.coder.com"
   CODER_HTTP_ADDRESS = "0.0.0.0:3000"
   CODER_PRIMARY_ACCESS_URL = "https://dev.coder.com"
+  CODER_WILDCARD_ACCESS_URL = "*--apps.sydney.fly.dev.coder.com"
 
 [http_service]
   internal_port = 3000
@@ -22,5 +23,5 @@ primary_region = "syd"
 
 [[vm]]
   cpu_kind = "shared"
-  cpus = 1
+  cpus = 2
   memory_mb = 512
@@ -36,6 +36,7 @@ jobs:
       ts: ${{ steps.filter.outputs.ts }}
       k8s: ${{ steps.filter.outputs.k8s }}
       ci: ${{ steps.filter.outputs.ci }}
+      db: ${{ steps.filter.outputs.db }}
       offlinedocs-only: ${{ steps.filter.outputs.offlinedocs_count == steps.filter.outputs.all_count }}
       offlinedocs: ${{ steps.filter.outputs.offlinedocs }}
     steps:
@@ -57,6 +58,12 @@ jobs:
               - "examples/web-server/**"
               - "examples/monitoring/**"
               - "examples/lima/**"
+            db:
+              - "**.sql"
+              - "coderd/database/queries/**"
+              - "coderd/database/migrations"
+              - "coderd/database/sqlc.yaml"
+              - "coderd/database/dump.sql"
             go:
               - "**.sql"
               - "**.go"
@@ -137,7 +144,7 @@ jobs:
 
       # Check for any typos
       - name: Check for typos
-        uses: crate-ci/typos@v1.16.23
+        uses: crate-ci/typos@v1.16.24
         with:
           config: .github/workflows/typos.toml
 
@@ -221,7 +228,7 @@ jobs:
         with:
           # This doesn't need caching. It's super fast anyways!
           cache: false
-          go-version: 1.20.11
+          go-version: 1.21.5
 
       - name: Install shfmt
         run: go install mvdan.cc/sh/v3/cmd/shfmt@v3.7.0
@@ -568,6 +575,16 @@ jobs:
         with:
           directory: offlinedocs
 
+      - name: Install Protoc
+        run: |
+          mkdir -p /tmp/proto
+          pushd /tmp/proto
+          curl -L -o protoc.zip https://github.com/protocolbuffers/protobuf/releases/download/v23.3/protoc-23.3-linux-x86_64.zip
+          unzip protoc.zip
+          cp -r ./bin/* /usr/local/bin
+          cp -r ./include /usr/local/bin/include
+          popd
+
       - name: Setup Go
         uses: ./.github/actions/setup-go
 
@@ -608,6 +625,7 @@ jobs:
       - test-js
       - test-e2e
       - offlinedocs
+      - sqlc-vet
     # Allow this job to run even if the needed jobs fail, are skipped or
     # cancelled.
     if: always()
@@ -751,13 +769,16 @@ jobs:
           service_account: coder-ci@coder-dogfood.iam.gserviceaccount.com
 
       - name: Set up Google Cloud SDK
-        uses: google-github-actions/setup-gcloud@v1
+        uses: google-github-actions/setup-gcloud@v2
 
       - name: Set up Flux CLI
         uses: fluxcd/flux2/action@main
+        with:
+          # Keep this up to date with the version of flux installed in dogfood cluster
+          version: "2.2.0"
 
       - name: Get Cluster Credentials
-        uses: "google-github-actions/get-gke-credentials@v1"
+        uses: "google-github-actions/get-gke-credentials@v2"
         with:
           cluster_name: dogfood-v2
           location: us-central1-a
@@ -771,7 +792,9 @@ jobs:
           flux --namespace flux-system reconcile kustomization flux-system
           flux --namespace flux-system reconcile kustomization coder
           flux --namespace flux-system reconcile source chart coder-coder
+          flux --namespace flux-system reconcile source chart coder-coder-provisioner
           flux --namespace coder reconcile helmrelease coder
+          flux --namespace coder reconcile helmrelease coder-provisioner
 
       # Just updating Flux is usually not enough. The Helm release may get
       # redeployed, but unless something causes the Deployment to update the
@@ -783,6 +806,8 @@ jobs:
           set -euxo pipefail
           kubectl --namespace coder rollout restart deployment/coder
           kubectl --namespace coder rollout status deployment/coder
+          kubectl --namespace coder rollout restart deployment/coder-provisioner
+          kubectl --namespace coder rollout status deployment/coder-provisioner
 
   deploy-wsproxies:
     runs-on: ubuntu-latest
@@ -810,55 +835,28 @@ jobs:
           TOKEN_SAO_PAULO: ${{ secrets.FLY_SAO_PAULO_CODER_PROXY_SESSION_TOKEN }}
 
   deploy-legacy-proxies:
-    name: "deploy-legacy-proxies"
-    runs-on: ${{ github.repository_owner == 'coder' && 'buildjet-16vcpu-ubuntu-2204' || 'ubuntu-latest' }}
+    runs-on: ubuntu-latest
     timeout-minutes: 30
-    needs: changes
-    if: |
-      github.ref == 'refs/heads/main' && !github.event.pull_request.head.repo.fork
-      && needs.changes.outputs.docs-only == 'false'
+    needs: build
+    if: github.ref == 'refs/heads/main' && !github.event.pull_request.head.repo.fork
     permissions:
       contents: read
       id-token: write
     steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-
       - name: Authenticate to Google Cloud
         uses: google-github-actions/auth@v2
         with:
           workload_identity_provider: projects/573722524737/locations/global/workloadIdentityPools/github/providers/github
           service_account: coder-ci@coder-dogfood.iam.gserviceaccount.com
 
       - name: Set up Google Cloud SDK
-        uses: google-github-actions/setup-gcloud@v1
-
-      - name: Setup Node
-        uses: ./.github/actions/setup-node
-
-      - name: Setup Go
-        uses: ./.github/actions/setup-go
-
-      - name: Install goimports
-        run: go install golang.org/x/tools/cmd/goimports@latest
-      - name: Install nfpm
-        run: go install github.com/goreleaser/nfpm/v2/cmd/nfpm@v2.16.0
-
-      - name: Install zstd
-        run: sudo apt-get install -y zstd
-
-      - name: Build Release
-        run: |
-          set -euo pipefail
-          go mod download
+        uses: google-github-actions/setup-gcloud@v2
 
-          version="$(./scripts/version.sh)"
-          make gen/mark-fresh
-          make -j \
-            build/coder_"$version"_windows_amd64.zip \
-            build/coder_"$version"_linux_amd64.{tar.gz,deb}
+      - name: Download build artifacts
+        uses: actions/download-artifact@v3
+        with:
+          name: coder
+          path: ./build
 
       - name: Install Release
         run: |
@@ -871,11 +869,11 @@ jobs:
             "southamerica-east1-b coder-brazil coder-workspace-proxy"
           )
 
-          deb_pkg="./build/coder_$(./scripts/version.sh)_linux_amd64.deb"
-          if [ ! -f "$deb_pkg" ]; then
-            echo "deb package not found: $deb_pkg"
-            ls -l ./build
-            exit 1
+          deb_pkg=$(find ./build -name "coder_*_linux_amd64.deb" -print -quit)
+          if [ -z "$deb_pkg" ]; then
+              echo "deb package $deb_pkg not found"
+              ls -l ./build
+              exit 1
           fi
 
           gcloud config set project coder-dogfood
@@ -891,3 +889,26 @@ jobs:
 
             echo "::endgroup::"
           done
+
+  # sqlc-vet runs a postgres docker container, runs Coder migrations, and then
+  # runs sqlc-vet to ensure all queries are valid. This catches any mistakes
+  # in migrations or sqlc queries that makes a query unable to be prepared.
+  sqlc-vet:
+    runs-on: ${{ github.repository_owner == 'coder' && 'buildjet-8vcpu-ubuntu-2204' || 'ubuntu-latest' }}
+    needs: changes
+    if: needs.changes.outputs.db == 'true' || github.ref == 'refs/heads/main'
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+      # We need golang to run the migration main.go
+      - name: Setup Go
+        uses: ./.github/actions/setup-go
+
+      - name: Setup sqlc
+        uses: ./.github/actions/setup-sqlc
+
+      - name: Setup and run sqlc vet
+        run: |
+          make sqlc-vet
@@ -23,7 +23,7 @@ jobs:
 
       - name: Get branch name
         id: branch-name
-        uses: tj-actions/branch-names@v6.5
+        uses: tj-actions/branch-names@v8
 
       - name: "Branch name to Docker tag name"
         id: docker-tag-name
@@ -34,7 +34,7 @@ jobs:
           echo "tag=${tag}" >> $GITHUB_OUTPUT
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
 
       - name: Login to DockerHub
         uses: docker/login-action@v3
@@ -43,7 +43,7 @@ jobs:
           password: ${{ secrets.DOCKERHUB_PASSWORD }}
 
       - name: Build and push
-        uses: docker/build-push-action@v4
+        uses: docker/build-push-action@v5
         with:
           context: "{{defaultContext}}:dogfood"
           pull: true
 
@@ -287,7 +287,7 @@ jobs:
           service_account: ${{ secrets.GCP_SERVICE_ACCOUNT }}
 
       - name: Setup GCloud SDK
-        uses: "google-github-actions/setup-gcloud@v1"
+        uses: "google-github-actions/setup-gcloud@v2"
 
       - name: Publish Helm Chart
         if: ${{ !inputs.dry_run }}
 
@@ -122,7 +122,7 @@ jobs:
           image_name: ${{ steps.build.outputs.image }}
 
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@2b6a709cf9c4025c5438138008beaddbb02086f0
+        uses: aquasecurity/trivy-action@91713af97dc80187565512baba96e4364e983601
         with:
           image-ref: ${{ steps.build.outputs.image }}
           format: sarif