chore: add continuous deployment for workspace proxies (#7364)

deansheather · web-flow · commit 3b1523466095 · 2023-05-02T08:02:51.000+10:00
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -487,14 +487,27 @@ jobs:
 
       - name: Install Release
         run: |
+          set -euo pipefail
+
+          regions=(
+            # gcp-region-id instance-name systemd-service-name
+            "us-central1-a coder coder"
+            "australia-southeast1-b coder-sydney coder-proxy"
+            "europe-west3-c coder-europe coder-proxy"
+            "southamerica-east1-b coder-brazil coder-proxy"
+          )
+
           gcloud config set project coder-dogfood
-          gcloud config set compute/zone us-central1-a
-          gcloud compute scp ./build/coder_*_linux_amd64.deb coder:/tmp/coder.deb
-          gcloud compute ssh coder -- sudo dpkg -i --force-confdef /tmp/coder.deb
-          gcloud compute ssh coder -- sudo systemctl daemon-reload
+          for region in "${regions[@]}"; do
+            echo "::group::$region"
+            set -- $region
+
+            gcloud config set compute/zone "$1"
+            gcloud compute scp ./build/coder_*_linux_amd64.deb "$2":/tmp/coder.deb
+            gcloud compute ssh "$2" -- /bin/sh -c "set -eux; sudo dpkg -i --force-confdef /tmp/coder.deb; sudo systemctl daemon-reload; sudo service '$3' restart"
 
-      - name: Start
-        run: gcloud compute ssh coder -- sudo service coder restart
+            echo "::endgroup::"
+          done
 
       - uses: actions/upload-artifact@v3
         with:
diff --git a/codersdk/workspaceproxy.go b/codersdk/workspaceproxy.go
@@ -39,10 +39,10 @@ type WorkspaceProxyStatus struct {
 // A healthy report will have no errors. Warnings are not fatal.
 type ProxyHealthReport struct {
 	// Errors are problems that prevent the workspace proxy from being healthy
-	Errors []string
+	Errors []string `json:"errors"`
 	// Warnings do not prevent the workspace proxy from being healthy, but
 	// should be addressed.
-	Warnings []string
+	Warnings []string `json:"warnings"`
 }
 
 type WorkspaceProxy struct {
diff --git a/enterprise/wsproxy/wsproxy.go b/enterprise/wsproxy/wsproxy.go
@@ -229,7 +229,7 @@ func New(ctx context.Context, opts *Options) (*Server, error) {
 		s.AppServer.Attach(r)
 	})
 
-	r.Get("/buildinfo", s.buildInfo)
+	r.Get("/api/v2/buildinfo", s.buildInfo)
 	r.Get("/healthz", func(w http.ResponseWriter, r *http.Request) { _, _ = w.Write([]byte("OK")) })
 	// TODO: @emyrk should this be authenticated or debounced?
 	r.Get("/healthz-report", s.healthReport)
diff --git a/scripts/linux-pkg/coder-workspace-proxy.service b/scripts/linux-pkg/coder-workspace-proxy.service
@@ -0,0 +1,31 @@
+[Unit]
+Description="Coder - external workspace proxy server"
+Documentation=https://coder.com/docs/coder-oss
+Requires=network-online.target
+After=network-online.target
+ConditionFileNotEmpty=/etc/coder.d/coder-proxy.env
+StartLimitIntervalSec=60
+StartLimitBurst=3
+
+[Service]
+Type=notify
+EnvironmentFile=/etc/coder.d/coder-proxy.env
+User=coder
+Group=coder
+ProtectSystem=full
+PrivateTmp=yes
+PrivateDevices=yes
+SecureBits=keep-caps
+AmbientCapabilities=CAP_IPC_LOCK CAP_NET_BIND_SERVICE
+CacheDirectory=coder
+CapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK CAP_NET_BIND_SERVICE
+KillSignal=SIGINT
+KillMode=mixed
+NoNewPrivileges=yes
+ExecStart=/usr/bin/coder proxy server
+Restart=on-failure
+RestartSec=5
+TimeoutStopSec=90
+
+[Install]
+WantedBy=multi-user.target
diff --git a/scripts/linux-pkg/coder.service b/scripts/linux-pkg/coder.service
diff --git a/scripts/linux-pkg/nfpm.yaml b/scripts/linux-pkg/nfpm.yaml
@@ -25,3 +25,5 @@ contents:
     type: "config|noreplace"
   - src: coder.service
     dst: /usr/lib/systemd/system/coder.service
+  - src: coder-proxy.service
+    dst: /usr/lib/systemd/system/coder-proxy.service
diff --git a/scripts/linux-pkg/preinstall.sh b/scripts/linux-pkg/preinstall.sh
diff --git a/scripts/package.sh b/scripts/package.sh
@@ -84,9 +84,10 @@ cdroot
 temp_dir="$(TMPDIR="$(dirname "$input_file")" mktemp -d)"
 ln "$input_file" "$temp_dir/coder"
 ln "$(realpath coder.env)" "$temp_dir/"
-ln "$(realpath coder.service)" "$temp_dir/"
-ln "$(realpath preinstall.sh)" "$temp_dir/"
-ln "$(realpath scripts/nfpm.yaml)" "$temp_dir/"
+ln "$(realpath scripts/linux-pkg/coder-workspace-proxy.service)" "$temp_dir/"
+ln "$(realpath scripts/linux-pkg/coder.service)" "$temp_dir/"
+ln "$(realpath scripts/linux-pkg/nfpm.yaml)" "$temp_dir/"
+ln "$(realpath scripts/linux-pkg/preinstall.sh)" "$temp_dir/"
 
 pushd "$temp_dir"
 GOARCH="$arch" CODER_VERSION="$version" nfpm package \
diff --git a/site/src/api/typesGenerated.ts b/site/src/api/typesGenerated.ts
@@ -692,8 +692,8 @@ export interface ProvisionerJobLog {
 
 // From codersdk/workspaceproxy.go
 export interface ProxyHealthReport {
-  readonly Errors: string[]
-  readonly Warnings: string[]
+  readonly errors: string[]
+  readonly warnings: string[]
 }
 
 // From codersdk/workspaces.go

Original file line number	Diff line number	Diff line change
`@@ -692,8 +692,8 @@ export interface ProvisionerJobLog {`
`692`	`692`
`693`	`693`	`// From codersdk/workspaceproxy.go`
`694`	`694`	`export interface ProxyHealthReport {`
`695`		`- readonly Errors: string[]`
`696`		`- readonly Warnings: string[]`
	`695`	`+ readonly errors: string[]`
	`696`	`+ readonly warnings: string[]`
`697`	`697`	`}`
`698`	`698`
`699`	`699`	`// From codersdk/workspaces.go`