coder
diff --git a/‎.github/actions/setup-go/action.yaml
Lines changed: 1 addition & 1 deletion b/‎.github/actions/setup-go/action.yaml
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/actions/setup-tf/action.yaml
Lines changed: 1 addition & 1 deletion b/‎.github/actions/setup-tf/action.yaml
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/ci.yaml
Lines changed: 5 additions & 3 deletions b/‎.github/workflows/ci.yaml
Lines changed: 5 additions & 3 deletions
diff --git a/‎.github/workflows/release.yaml
Lines changed: 3 additions & 3 deletions b/‎.github/workflows/release.yaml
Lines changed: 3 additions & 3 deletions
diff --git a/‎.github/workflows/security.yaml
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/security.yaml
Lines changed: 1 addition & 1 deletion
diff --git a/‎.vscode/settings.json
Lines changed: 0 additions & 1 deletion b/‎.vscode/settings.json
Lines changed: 0 additions & 1 deletion
diff --git a/‎Makefile
Lines changed: 15 additions & 2 deletions b/‎Makefile
Lines changed: 15 additions & 2 deletions
diff --git a/‎README.md
Lines changed: 4 additions & 0 deletions b/‎README.md
Lines changed: 4 additions & 0 deletions
diff --git a/‎cli/cliui/externalauth.go
Lines changed: 3 additions & 0 deletions b/‎cli/cliui/externalauth.go
Lines changed: 3 additions & 0 deletions
diff --git a/‎cli/configssh.go
Lines changed: 3 additions & 3 deletions b/‎cli/configssh.go
Lines changed: 3 additions & 3 deletions
diff --git a/‎cli/create.go
Lines changed: 2 additions & 2 deletions b/‎cli/create.go
Lines changed: 2 additions & 2 deletions
diff --git a/‎cli/dotfiles.go
Lines changed: 2 additions & 2 deletions b/‎cli/dotfiles.go
Lines changed: 2 additions & 2 deletions
diff --git a/‎cli/externalauth.go
Lines changed: 3 additions & 3 deletions b/‎cli/externalauth.go
Lines changed: 3 additions & 3 deletions
diff --git a/‎cli/organization.go
Lines changed: 4 additions & 3 deletions b/‎cli/organization.go
Lines changed: 4 additions & 3 deletions
diff --git a/‎cli/organizationroles.go
Lines changed: 113 additions & 0 deletions b/‎cli/organizationroles.go
Lines changed: 113 additions & 0 deletions
diff --git a/‎cli/organizationroles_test.go
Lines changed: 51 additions & 0 deletions b/‎cli/organizationroles_test.go
Lines changed: 51 additions & 0 deletions
@@ -4,7 +4,7 @@ description: |
 inputs:
   version:
     description: "The Go version to use."
-    default: "1.21.9"
+    default: "1.22.3"
 runs:
   using: "composite"
   steps:
 
@@ -7,5 +7,5 @@ runs:
     - name: Install Terraform
       uses: hashicorp/setup-terraform@v3
       with:
-        terraform_version: 1.6.6
+        terraform_version: 1.7.5
         terraform_wrapper: false
@@ -211,6 +211,9 @@ jobs:
       - name: Setup sqlc
         uses: ./.github/actions/setup-sqlc
 
+      - name: Setup Terraform
+        uses: ./.github/actions/setup-tf
+
       - name: go install tools
         run: |
           go install google.golang.org/protobuf/cmd/protoc-gen-go@v1.30
@@ -916,11 +919,10 @@ jobs:
         uses: actions/checkout@v4
       - name: "Dependency Review"
         id: review
-        # TODO: Replace this with the latest release once https://github.com/actions/dependency-review-action/pull/761 is merged.
-        uses: actions/dependency-review-action@82ab8f69c78827a746628706b5d2c3f87231fd4c
+        uses: actions/dependency-review-action@v4.3.2
         with:
           allow-licenses: Apache-2.0, BSD-2-Clause, BSD-3-Clause, CC0-1.0, ISC, MIT, MIT-0, MPL-2.0
-          allow-dependencies-licenses: "pkg:golang/github.com/pelletier/go-toml/v2"
+          allow-dependencies-licenses: "pkg:golang/github.com/coder/wgtunnel@0.1.13-0.20240522110300-ade90dfb2da0"
           license-check: true
           vulnerability-check: false
       - name: "Report"
 
@@ -178,9 +178,9 @@ jobs:
         env:
           EV_SIGNING_CERT: ${{ secrets.EV_SIGNING_CERT }}
 
-      # - name: Test migrations from current ref to main
-      #   run: |
-      #     make test-migrations
+      - name: Test migrations from current ref to main
+        run: |
+          make test-migrations
 
       # Setup GCloud for signing Windows binaries.
       - name: Authenticate to Google Cloud
 
@@ -114,7 +114,7 @@ jobs:
           echo "image=$(cat "$image_job")" >> $GITHUB_OUTPUT
 
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@b2933f565dbc598b29947660e66259e3c7bc8561
+        uses: aquasecurity/trivy-action@fd25fed6972e341ff0007ddb61f77e88103953c2
         with:
           image-ref: ${{ steps.build.outputs.image }}
           format: sarif
 
@@ -195,7 +195,6 @@
     "**.pb.go": true,
     "**/*.gen.json": true,
     "**/testdata/*": true,
-    "**Generated.ts": true,
     "coderd/apidoc/**": true,
     "docs/api/*.md": true,
     "docs/templates/*.md": true,
 
@@ -493,6 +493,7 @@ gen: \
 	coderd/apidoc/swagger.json \
 	.prettierignore.include \
 	.prettierignore \
+	provisioner/terraform/testdata/version \
 	site/.prettierrc.yaml \
 	site/.prettierignore \
 	site/.eslintignore \
@@ -558,6 +559,9 @@ coderd/database/querier.go: coderd/database/sqlc.yaml coderd/database/dump.sql $
 coderd/database/dbmock/dbmock.go: coderd/database/db.go coderd/database/querier.go
 	go generate ./coderd/database/dbmock/
 
+coderd/database/pubsub/psmock/psmock.go: coderd/database/pubsub/pubsub.go
+	go generate ./coderd/database/pubsub/psmock
+
 tailnet/tailnettest/coordinatormock.go tailnet/tailnettest/multiagentmock.go tailnet/tailnettest/coordinateemock.go: tailnet/coordinator.go tailnet/multiagent.go
 	go generate ./tailnet/tailnettest/
 
@@ -681,6 +685,12 @@ provisioner/terraform/testdata/.gen-golden: $(wildcard provisioner/terraform/tes
 	go test ./provisioner/terraform -run="Test.*Golden$$" -update
 	touch "$@"
 
+provisioner/terraform/testdata/version:
+	if [[ "$(shell cat provisioner/terraform/testdata/version.txt)" != "$(shell terraform version -json | jq -r '.terraform_version')" ]]; then
+		./provisioner/terraform/testdata/generate.sh
+	fi
+.PHONY: provisioner/terraform/testdata/version
+
 scripts/ci-report/testdata/.gen-golden: $(wildcard scripts/ci-report/testdata/*) $(wildcard scripts/ci-report/*.go)
 	go test ./scripts/ci-report -run=TestOutputMatchesGoldenFile -update
 	touch "$@"
@@ -794,8 +804,11 @@ test-postgres: test-postgres-docker
 test-migrations: test-postgres-docker
 	echo "--- test migrations"
 	set -euo pipefail
-	COMMIT_FROM=$(shell git rev-parse --short HEAD)
-	COMMIT_TO=$(shell git rev-parse --short main)
+	COMMIT_FROM=$(shell git log -1 --format='%h' HEAD)
+	echo "COMMIT_FROM=$${COMMIT_FROM}"
+	COMMIT_TO=$(shell git log -1 --format='%h' origin/main)
+	echo "COMMIT_TO=$${COMMIT_TO}"
+	if [[ "$${COMMIT_FROM}" == "$${COMMIT_TO}" ]]; then echo "Nothing to do!"; exit 0; fi
 	echo "DROP DATABASE IF EXISTS migrate_test_$${COMMIT_FROM}; CREATE DATABASE migrate_test_$${COMMIT_FROM};" | psql 'postgresql://postgres:postgres@localhost:5432/postgres?sslmode=disable'
 	go run ./scripts/migrate-test/main.go --from="$$COMMIT_FROM" --to="$$COMMIT_TO" --postgres-url="postgresql://postgres:postgres@localhost:5432/migrate_test_$${COMMIT_FROM}?sslmode=disable"
 
 
@@ -122,3 +122,7 @@ We are always working on new integrations. Feel free to open an issue to request
 We are always happy to see new contributors to Coder. If you are new to the Coder codebase, we have
 [a guide on how to get started](https://coder.com/docs/v2/latest/CONTRIBUTING). We'd love to see your
 contributions!
+
+## Hiring
+
+Apply [here](https://cdr.co/github-apply) if you're interested in joining our team.
@@ -37,6 +37,9 @@ func ExternalAuth(ctx context.Context, writer io.Writer, opts ExternalAuthOption
 		if auth.Authenticated {
 			return nil
 		}
+		if auth.Optional {
+			continue
+		}
 
 		_, _ = fmt.Fprintf(writer, "You must authenticate with %s to create a workspace with this template. Visit:\n\n\t%s\n\n", auth.DisplayName, auth.AuthenticateURL)
 
 
@@ -230,12 +230,12 @@ func (r *RootCmd) configSSH() *serpent.Command {
 		Annotations: workspaceCommand,
 		Use:         "config-ssh",
 		Short:       "Add an SSH Host entry for your workspaces \"ssh coder.workspace\"",
-		Long: formatExamples(
-			example{
+		Long: FormatExamples(
+			Example{
 				Description: "You can use -o (or --ssh-option) so set SSH options to be used for all your workspaces",
 				Command:     "coder config-ssh -o ForwardAgent=yes",
 			},
-			example{
+			Example{
 				Description: "You can use --dry-run (or -n) to see the changes that would be made",
 				Command:     "coder config-ssh --dry-run",
 			},
 
@@ -35,8 +35,8 @@ func (r *RootCmd) create() *serpent.Command {
 		Annotations: workspaceCommand,
 		Use:         "create [name]",
 		Short:       "Create a workspace",
-		Long: formatExamples(
-			example{
+		Long: FormatExamples(
+			Example{
 				Description: "Create a workspace for another user (if you have permission)",
 				Command:     "coder create <username>/<workspace_name>",
 			},
 
@@ -28,8 +28,8 @@ func (r *RootCmd) dotfiles() *serpent.Command {
 		Use:        "dotfiles <git_repo_url>",
 		Middleware: serpent.RequireNArgs(1),
 		Short:      "Personalize your workspace by applying a canonical dotfiles repository",
-		Long: formatExamples(
-			example{
+		Long: FormatExamples(
+			Example{
 				Description: "Check out and install a dotfiles repository without prompts",
 				Command:     "coder dotfiles --yes git@github.com:example/dotfiles.git",
 			},
 
@@ -35,8 +35,8 @@ func (r *RootCmd) externalAuthAccessToken() *serpent.Command {
 		Short: "Print auth for an external provider",
 		Long: "Print an access-token for an external auth provider. " +
 			"The access-token will be validated and sent to stdout with exit code 0. " +
-			"If a valid access-token cannot be obtained, the URL to authenticate will be sent to stdout with exit code 1\n" + formatExamples(
-			example{
+			"If a valid access-token cannot be obtained, the URL to authenticate will be sent to stdout with exit code 1\n" + FormatExamples(
+			Example{
 				Description: "Ensure that the user is authenticated with GitHub before cloning.",
 				Command: `#!/usr/bin/env sh
 
@@ -49,7 +49,7 @@ else
 fi
 `,
 			},
-			example{
+			Example{
 				Description: "Obtain an extra property of an access token for additional metadata.",
 				Command:     "coder external-auth access-token slack --extra \"authed_user.id\"",
 			},
 
@@ -30,6 +30,7 @@ func (r *RootCmd) organizations() *serpent.Command {
 			r.currentOrganization(),
 			r.switchOrganization(),
 			r.createOrganization(),
+			r.organizationRoles(),
 		},
 	}
 
@@ -43,12 +44,12 @@ func (r *RootCmd) switchOrganization() *serpent.Command {
 	cmd := &serpent.Command{
 		Use:   "set <organization name | ID>",
 		Short: "set the organization used by the CLI. Pass an empty string to reset to the default organization.",
-		Long: "set the organization used by the CLI. Pass an empty string to reset to the default organization.\n" + formatExamples(
-			example{
+		Long: "set the organization used by the CLI. Pass an empty string to reset to the default organization.\n" + FormatExamples(
+			Example{
 				Description: "Remove the current organization and defer to the default.",
 				Command:     "coder organizations set ''",
 			},
-			example{
+			Example{
 				Description: "Switch to a custom organization.",
 				Command:     "coder organizations set my-org",
 			},
 
@@ -0,0 +1,113 @@
+package cli
+
+import (
+	"fmt"
+	"slices"
+	"strings"
+
+	"golang.org/x/xerrors"
+
+	"github.com/coder/coder/v2/cli/cliui"
+	"github.com/coder/coder/v2/codersdk"
+	"github.com/coder/serpent"
+)
+
+func (r *RootCmd) organizationRoles() *serpent.Command {
+	cmd := &serpent.Command{
+		Use:     "roles",
+		Short:   "Manage organization roles.",
+		Aliases: []string{"role"},
+		Handler: func(inv *serpent.Invocation) error {
+			return inv.Command.HelpHandler(inv)
+		},
+		Hidden: true,
+		Children: []*serpent.Command{
+			r.showOrganizationRoles(),
+		},
+	}
+	return cmd
+}
+
+func (r *RootCmd) showOrganizationRoles() *serpent.Command {
+	formatter := cliui.NewOutputFormatter(
+		cliui.ChangeFormatterData(
+			cliui.TableFormat([]assignableRolesTableRow{}, []string{"name", "display_name", "built_in", "site_permissions", "org_permissions", "user_permissions"}),
+			func(data any) (any, error) {
+				input, ok := data.([]codersdk.AssignableRoles)
+				if !ok {
+					return nil, xerrors.Errorf("expected []codersdk.AssignableRoles got %T", data)
+				}
+				rows := make([]assignableRolesTableRow, 0, len(input))
+				for _, role := range input {
+					rows = append(rows, assignableRolesTableRow{
+						Name:                    role.Name,
+						DisplayName:             role.DisplayName,
+						SitePermissions:         fmt.Sprintf("%d permissions", len(role.SitePermissions)),
+						OrganizationPermissions: fmt.Sprintf("%d organizations", len(role.OrganizationPermissions)),
+						UserPermissions:         fmt.Sprintf("%d permissions", len(role.UserPermissions)),
+						Assignable:              role.Assignable,
+						BuiltIn:                 role.BuiltIn,
+					})
+				}
+				return rows, nil
+			},
+		),
+		cliui.JSONFormat(),
+	)
+
+	client := new(codersdk.Client)
+	cmd := &serpent.Command{
+		Use:   "show [role_names ...]",
+		Short: "Show role(s)",
+		Middleware: serpent.Chain(
+			r.InitClient(client),
+		),
+		Handler: func(inv *serpent.Invocation) error {
+			ctx := inv.Context()
+			org, err := CurrentOrganization(r, inv, client)
+			if err != nil {
+				return err
+			}
+
+			roles, err := client.ListOrganizationRoles(ctx, org.ID)
+			if err != nil {
+				return xerrors.Errorf("listing roles: %w", err)
+			}
+
+			if len(inv.Args) > 0 {
+				// filter roles
+				filtered := make([]codersdk.AssignableRoles, 0)
+				for _, role := range roles {
+					if slices.ContainsFunc(inv.Args, func(s string) bool {
+						return strings.EqualFold(s, role.Name)
+					}) {
+						filtered = append(filtered, role)
+					}
+				}
+				roles = filtered
+			}
+
+			out, err := formatter.Format(inv.Context(), roles)
+			if err != nil {
+				return err
+			}
+
+			_, err = fmt.Fprintln(inv.Stdout, out)
+			return err
+		},
+	}
+	formatter.AttachOptions(&cmd.Options)
+
+	return cmd
+}
+
+type assignableRolesTableRow struct {
+	Name            string `table:"name,default_sort"`
+	DisplayName     string `table:"display_name"`
+	SitePermissions string ` table:"site_permissions"`
+	// map[<org_id>] -> Permissions
+	OrganizationPermissions string `table:"org_permissions"`
+	UserPermissions         string `table:"user_permissions"`
+	Assignable              bool   `table:"assignable"`
+	BuiltIn                 bool   `table:"built_in"`
+}
@@ -0,0 +1,51 @@
+package cli_test
+
+import (
+	"bytes"
+	"testing"
+
+	"github.com/google/uuid"
+	"github.com/stretchr/testify/require"
+
+	"github.com/coder/coder/v2/cli/clitest"
+	"github.com/coder/coder/v2/coderd/coderdtest"
+	"github.com/coder/coder/v2/coderd/database"
+	"github.com/coder/coder/v2/coderd/database/dbgen"
+	"github.com/coder/coder/v2/coderd/rbac"
+	"github.com/coder/coder/v2/testutil"
+)
+
+func TestShowOrganizationRoles(t *testing.T) {
+	t.Parallel()
+
+	t.Run("OK", func(t *testing.T) {
+		t.Parallel()
+
+		ownerClient, db := coderdtest.NewWithDatabase(t, &coderdtest.Options{})
+		owner := coderdtest.CreateFirstUser(t, ownerClient)
+		client, _ := coderdtest.CreateAnotherUser(t, ownerClient, owner.OrganizationID, rbac.RoleUserAdmin())
+
+		const expectedRole = "test-role"
+		dbgen.CustomRole(t, db, database.CustomRole{
+			Name:            expectedRole,
+			DisplayName:     "Expected",
+			SitePermissions: nil,
+			OrgPermissions:  nil,
+			UserPermissions: nil,
+			OrganizationID: uuid.NullUUID{
+				UUID:  owner.OrganizationID,
+				Valid: true,
+			},
+		})
+
+		ctx := testutil.Context(t, testutil.WaitMedium)
+		inv, root := clitest.New(t, "organization", "roles", "show")
+		clitest.SetupConfig(t, client, root)
+
+		buf := new(bytes.Buffer)
+		inv.Stdout = buf
+		err := inv.WithContext(ctx).Run()
+		require.NoError(t, err)
+		require.Contains(t, buf.String(), expectedRole)
+	})
+}
Original file line number	Diff line number	Diff line change
`@@ -37,6 +37,9 @@ func ExternalAuth(ctx context.Context, writer io.Writer, opts ExternalAuthOption`
`37`	`37`	`if auth.Authenticated {`
`38`	`38`	`return nil`
`39`	`39`	`}`
	`40`	`+ if auth.Optional {`
	`41`	`+ continue`
	`42`	`+ }`
`40`	`43`
`41`	`44`	`_, _ = fmt.Fprintf(writer, "You must authenticate with %s to create a workspace with this template. Visit:\n\n\t%s\n\n", auth.DisplayName, auth.AuthenticateURL)`
`42`	`45`