Skip to content

Commit 2baa81e

Browse files
SasSwartSasSwart
committed
Merge remote-tracking branch 'origin/main' into jjs/15048-fe
2 parents e281d6b + a9195bf commit 2baa81e

File tree

144 files changed

+5212
-833
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

144 files changed

+5212
-833
lines changed

.github/workflows/ci.yaml

Lines changed: 112 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -34,7 +34,7 @@ jobs:
3434
tailnet-integration: ${{ steps.filter.outputs.tailnet-integration }}
3535
steps:
3636
- name: Harden Runner
37-
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
37+
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
3838
with:
3939
egress-policy: audit
4040

@@ -155,7 +155,7 @@ jobs:
155155
runs-on: ${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-8' || 'ubuntu-latest' }}
156156
steps:
157157
- name: Harden Runner
158-
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
158+
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
159159
with:
160160
egress-policy: audit
161161

@@ -227,7 +227,7 @@ jobs:
227227
if: always()
228228
steps:
229229
- name: Harden Runner
230-
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
230+
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
231231
with:
232232
egress-policy: audit
233233

@@ -281,7 +281,7 @@ jobs:
281281
timeout-minutes: 7
282282
steps:
283283
- name: Harden Runner
284-
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
284+
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
285285
with:
286286
egress-policy: audit
287287

@@ -322,7 +322,7 @@ jobs:
322322
- windows-2022
323323
steps:
324324
- name: Harden Runner
325-
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
325+
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
326326
with:
327327
egress-policy: audit
328328

@@ -381,7 +381,7 @@ jobs:
381381
timeout-minutes: 25
382382
steps:
383383
- name: Harden Runner
384-
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
384+
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
385385
with:
386386
egress-policy: audit
387387

@@ -426,7 +426,7 @@ jobs:
426426
timeout-minutes: 25
427427
steps:
428428
- name: Harden Runner
429-
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
429+
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
430430
with:
431431
egress-policy: audit
432432

@@ -463,7 +463,7 @@ jobs:
463463
timeout-minutes: 25
464464
steps:
465465
- name: Harden Runner
466-
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
466+
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
467467
with:
468468
egress-policy: audit
469469

@@ -508,7 +508,7 @@ jobs:
508508
timeout-minutes: 20
509509
steps:
510510
- name: Harden Runner
511-
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
511+
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
512512
with:
513513
egress-policy: audit
514514

@@ -534,7 +534,7 @@ jobs:
534534
timeout-minutes: 20
535535
steps:
536536
- name: Harden Runner
537-
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
537+
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
538538
with:
539539
egress-policy: audit
540540

@@ -566,7 +566,7 @@ jobs:
566566
name: ${{ matrix.variant.name }}
567567
steps:
568568
- name: Harden Runner
569-
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
569+
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
570570
with:
571571
egress-policy: audit
572572

@@ -630,7 +630,7 @@ jobs:
630630
if: needs.changes.outputs.ts == 'true' || needs.changes.outputs.ci == 'true'
631631
steps:
632632
- name: Harden Runner
633-
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
633+
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
634634
with:
635635
egress-policy: audit
636636

@@ -707,7 +707,7 @@ jobs:
707707

708708
steps:
709709
- name: Harden Runner
710-
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
710+
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
711711
with:
712712
egress-policy: audit
713713

@@ -780,7 +780,7 @@ jobs:
780780
if: always()
781781
steps:
782782
- name: Harden Runner
783-
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
783+
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
784784
with:
785785
egress-policy: audit
786786

@@ -806,10 +806,91 @@ jobs:
806806
807807
echo "Required checks have passed"
808808
809+
# Builds the dylibs and upload it as an artifact so it can be embedded in the main build
810+
build-dylib:
811+
needs: changes
812+
# We always build the dylibs on Go changes to verify we're not merging unbuildable code,
813+
# but they need only be signed and uploaded on coder/coder main.
814+
if: needs.changes.outputs.docs-only == 'false' || github.ref == 'refs/heads/main'
815+
runs-on: ${{ github.repository_owner == 'coder' && 'depot-macos-latest' || 'macos-latest' }}
816+
steps:
817+
- name: Harden Runner
818+
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
819+
with:
820+
egress-policy: audit
821+
822+
- name: Checkout
823+
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
824+
with:
825+
fetch-depth: 0
826+
827+
- name: Setup build tools
828+
run: |
829+
brew install bash gnu-getopt make
830+
echo "$(brew --prefix bash)/bin" >> $GITHUB_PATH
831+
echo "$(brew --prefix gnu-getopt)/bin" >> $GITHUB_PATH
832+
echo "$(brew --prefix make)/libexec/gnubin" >> $GITHUB_PATH
833+
834+
- name: Setup Go
835+
uses: ./.github/actions/setup-go
836+
837+
- name: Install rcodesign
838+
if: ${{ github.repository_owner == 'coder' && github.ref == 'refs/heads/main' }}
839+
run: |
840+
set -euo pipefail
841+
wget -O /tmp/rcodesign.tar.gz https://github.com/indygreg/apple-platform-rs/releases/download/apple-codesign%2F0.22.0/apple-codesign-0.22.0-macos-universal.tar.gz
842+
sudo tar -xzf /tmp/rcodesign.tar.gz \
843+
-C /usr/local/bin \
844+
--strip-components=1 \
845+
apple-codesign-0.22.0-macos-universal/rcodesign
846+
rm /tmp/rcodesign.tar.gz
847+
848+
- name: Setup Apple Developer certificate and API key
849+
if: ${{ github.repository_owner == 'coder' && github.ref == 'refs/heads/main' }}
850+
run: |
851+
set -euo pipefail
852+
touch /tmp/{apple_cert.p12,apple_cert_password.txt,apple_apikey.p8}
853+
chmod 600 /tmp/{apple_cert.p12,apple_cert_password.txt,apple_apikey.p8}
854+
echo "$AC_CERTIFICATE_P12_BASE64" | base64 -d > /tmp/apple_cert.p12
855+
echo "$AC_CERTIFICATE_PASSWORD" > /tmp/apple_cert_password.txt
856+
echo "$AC_APIKEY_P8_BASE64" | base64 -d > /tmp/apple_apikey.p8
857+
env:
858+
AC_CERTIFICATE_P12_BASE64: ${{ secrets.AC_CERTIFICATE_P12_BASE64 }}
859+
AC_CERTIFICATE_PASSWORD: ${{ secrets.AC_CERTIFICATE_PASSWORD }}
860+
AC_APIKEY_P8_BASE64: ${{ secrets.AC_APIKEY_P8_BASE64 }}
861+
862+
- name: Build dylibs
863+
run: |
864+
set -euxo pipefail
865+
go mod download
866+
867+
make gen/mark-fresh
868+
make build/coder-dylib
869+
env:
870+
CODER_SIGN_DARWIN: ${{ github.ref == 'refs/heads/main' && '1' || '0' }}
871+
AC_CERTIFICATE_FILE: /tmp/apple_cert.p12
872+
AC_CERTIFICATE_PASSWORD_FILE: /tmp/apple_cert_password.txt
873+
874+
- name: Upload build artifacts
875+
if: ${{ github.repository_owner == 'coder' && github.ref == 'refs/heads/main' }}
876+
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
877+
with:
878+
name: dylibs
879+
path: |
880+
./build/*.h
881+
./build/*.dylib
882+
retention-days: 7
883+
884+
- name: Delete Apple Developer certificate and API key
885+
if: ${{ github.repository_owner == 'coder' && github.ref == 'refs/heads/main' }}
886+
run: rm -f /tmp/{apple_cert.p12,apple_cert_password.txt,apple_apikey.p8}
887+
809888
build:
810889
# This builds and publishes ghcr.io/coder/coder-preview:main for each commit
811890
# to main branch.
812-
needs: changes
891+
needs:
892+
- changes
893+
- build-dylib
813894
if: github.ref == 'refs/heads/main' && needs.changes.outputs.docs-only == 'false' && !github.event.pull_request.head.repo.fork
814895
runs-on: ${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-8' || 'ubuntu-latest' }}
815896
permissions:
@@ -820,7 +901,7 @@ jobs:
820901
IMAGE: ghcr.io/coder/coder-preview:${{ steps.build-docker.outputs.tag }}
821902
steps:
822903
- name: Harden Runner
823-
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
904+
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
824905
with:
825906
egress-policy: audit
826907

@@ -848,6 +929,18 @@ jobs:
848929
- name: Install zstd
849930
run: sudo apt-get install -y zstd
850931

932+
- name: Download dylibs
933+
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
934+
with:
935+
name: dylibs
936+
path: ./build
937+
938+
- name: Insert dylibs
939+
run: |
940+
mv ./build/*amd64.dylib ./site/out/bin/coder-vpn-darwin-amd64.dylib
941+
mv ./build/*arm64.dylib ./site/out/bin/coder-vpn-darwin-arm64.dylib
942+
mv ./build/*arm64.h ./site/out/bin/coder-vpn-darwin-dylib.h
943+
851944
- name: Build
852945
run: |
853946
set -euxo pipefail
@@ -944,7 +1037,7 @@ jobs:
9441037
id-token: write
9451038
steps:
9461039
- name: Harden Runner
947-
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
1040+
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
9481041
with:
9491042
egress-policy: audit
9501043

@@ -1006,7 +1099,7 @@ jobs:
10061099
if: github.ref == 'refs/heads/main' && !github.event.pull_request.head.repo.fork
10071100
steps:
10081101
- name: Harden Runner
1009-
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
1102+
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
10101103
with:
10111104
egress-policy: audit
10121105

@@ -1041,7 +1134,7 @@ jobs:
10411134
if: needs.changes.outputs.db == 'true' || needs.changes.outputs.ci == 'true' || github.ref == 'refs/heads/main'
10421135
steps:
10431136
- name: Harden Runner
1044-
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
1137+
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
10451138
with:
10461139
egress-policy: audit
10471140

.github/workflows/contrib.yaml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -31,7 +31,7 @@ jobs:
3131
pull-requests: write
3232
steps:
3333
- name: Harden Runner
34-
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
34+
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
3535
with:
3636
egress-policy: audit
3737

@@ -43,7 +43,7 @@ jobs:
4343
runs-on: ubuntu-latest
4444
steps:
4545
- name: Harden Runner
46-
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
46+
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
4747
with:
4848
egress-policy: audit
4949

@@ -70,7 +70,7 @@ jobs:
7070
if: ${{ github.event_name == 'pull_request_target' && !github.event.pull_request.draft }}
7171
steps:
7272
- name: Harden Runner
73-
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
73+
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
7474
with:
7575
egress-policy: audit
7676

.github/workflows/docker-base.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -38,7 +38,7 @@ jobs:
3838
if: github.repository_owner == 'coder'
3939
steps:
4040
- name: Harden Runner
41-
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
41+
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
4242
with:
4343
egress-policy: audit
4444

.github/workflows/dogfood.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,7 @@ jobs:
2727
runs-on: ubuntu-latest
2828
steps:
2929
- name: Harden Runner
30-
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
30+
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
3131
with:
3232
egress-policy: audit
3333

@@ -89,7 +89,7 @@ jobs:
8989
runs-on: ubuntu-latest
9090
steps:
9191
- name: Harden Runner
92-
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
92+
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
9393
with:
9494
egress-policy: audit
9595

.github/workflows/nightly-gauntlet.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,7 @@ jobs:
2121
timeout-minutes: 240
2222
steps:
2323
- name: Harden Runner
24-
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
24+
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
2525
with:
2626
egress-policy: audit
2727

@@ -53,7 +53,7 @@ jobs:
5353
timeout-minutes: 10
5454
steps:
5555
- name: Harden Runner
56-
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
56+
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
5757
with:
5858
egress-policy: audit
5959

.github/workflows/pr-auto-assign.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,7 @@ jobs:
1414
runs-on: ubuntu-latest
1515
steps:
1616
- name: Harden Runner
17-
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
17+
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
1818
with:
1919
egress-policy: audit
2020

.github/workflows/pr-cleanup.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@ jobs:
1919
packages: write
2020
steps:
2121
- name: Harden Runner
22-
uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
22+
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
2323
with:
2424
egress-policy: audit
2525

0 commit comments

Comments
 (0)