coder
diff --git a/‎.github/workflows/ci.yaml
Lines changed: 12 additions & 5 deletions b/‎.github/workflows/ci.yaml
Lines changed: 12 additions & 5 deletions
diff --git a/‎.github/workflows/pr-cleanup.yaml
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/pr-cleanup.yaml
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/pr-deploy.yaml
Lines changed: 4 additions & 4 deletions b/‎.github/workflows/pr-deploy.yaml
Lines changed: 4 additions & 4 deletions
diff --git a/‎.github/workflows/stale.yaml
Lines changed: 13 additions & 1 deletion b/‎.github/workflows/stale.yaml
Lines changed: 13 additions & 1 deletion
diff --git a/‎agent/agent.go
Lines changed: 19 additions & 153 deletions b/‎agent/agent.go
Lines changed: 19 additions & 153 deletions
diff --git a/‎cli/configssh.go
Lines changed: 46 additions & 8 deletions b/‎cli/configssh.go
Lines changed: 46 additions & 8 deletions
@@ -47,8 +47,10 @@ jobs:
             docs:
               - "docs/**"
               - "README.md"
-              # For testing:
-              # - ".github/**"
+              - "examples/templates/**"
+              - "examples/web-server/**"
+              - "examples/monitoring/**"
+              - "examples/lima/**"
             go:
               - "**.sql"
               - "**.go"
@@ -231,7 +233,7 @@ jobs:
 
       - uses: hashicorp/setup-terraform@v2
         with:
-          terraform_version: 1.1.9
+          terraform_version: 1.5.1
           terraform_wrapper: false
 
       - name: Test with Mock Database
@@ -296,7 +298,7 @@ jobs:
 
       - uses: hashicorp/setup-terraform@v2
         with:
-          terraform_version: 1.1.9
+          terraform_version: 1.5.1
           terraform_wrapper: false
 
       - name: Test with PostgreSQL Database
@@ -338,6 +340,11 @@ jobs:
 
       - uses: ./.github/actions/setup-go
 
+      - uses: hashicorp/setup-terraform@v2
+        with:
+          terraform_version: 1.5.1
+          terraform_wrapper: false
+
       - name: Run Tests
         run: |
           gotestsum --junitfile="gotests.xml" -- -race ./...
@@ -474,7 +481,7 @@ jobs:
 
       - uses: hashicorp/setup-terraform@v2
         with:
-          terraform_version: 1.1.9
+          terraform_version: 1.5.1
           terraform_wrapper: false
 
       - name: Build
 
@@ -19,7 +19,7 @@ jobs:
         id: pr_number
         run: |
           if [ -z "${{ github.event.pull_request.number }}" ]; then
-            echo "PR_NUMBER=${{ github.event.inputs.pr_number }}" >> $GITHUB_OUTPUT
+            echo "PR_NUMBER=${{ github.event.pull_request.number }}" >> $GITHUB_OUTPUT
           else
             echo "PR_NUMBER=${{ github.event.inputs.pr_number }}" >> $GITHUB_OUTPUT
           fi
 
@@ -22,7 +22,7 @@ concurrency:
 
 jobs:
   pr_commented:
-    if: ${{ github.event.issue.pull_request }} && contains(github.event.comment.body, '/deploy-pr') && github.event.comment.author_association == 'MEMBER' || github.event_name == 'workflow_dispatch'
+    if: github.event_name == 'issue_comment' && contains(github.event.comment.body, '/deploy-pr') && github.event.comment.author_association == 'MEMBER' || github.event_name == 'workflow_dispatch'
     outputs:
       PR_NUMBER: ${{ steps.pr_number.outputs.PR_NUMBER }}
       PR_TITLE: ${{ steps.pr_number.outputs.PR_TITLE }}
@@ -37,12 +37,12 @@ jobs:
         id: pr_number
         run: |
           set -euxo pipefail
-          if [[ ${{ github.event_name }} == 'workflow_dispatch' ]]; then
+          if [[ ${{ github.event_name }} == "workflow_dispatch" ]]; then
             PR_NUMBER=${{ github.event.inputs.pr_number }}
-            PR_TITLE=$(curl -sSL -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" https://api.github.com/repos/coder/coder/pulls/$PR_NUMBER | jq -r '.title')
+            PR_TITLE=$(curl -sSL -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" "https://api.github.com/repos/coder/coder/pulls/$PR_NUMBER" | jq -r '.title')
           else
             PR_NUMBER=${{ github.event.issue.number }}
-            PR_TITLE=${{ github.event.issue.title }}
+            PR_TITLE='${{ github.event.issue.title }}'
           fi
           echo "PR_URL=https://github.com/coder/coder/pull/$PR_NUMBER" >> $GITHUB_OUTPUT
           echo "PR_NUMBER=$PR_NUMBER" >> $GITHUB_OUTPUT
 
@@ -1,4 +1,4 @@
-name: Stale Issue and Branch Cleanup
+name: Stale Issue, Banch and Old Workflows Cleanup
 on:
   schedule:
     # Every day at midnight
@@ -10,6 +10,7 @@ jobs:
     permissions:
       issues: write
       pull-requests: write
+      actions: write
     steps:
       - uses: actions/stale@v8.0.0
         with:
@@ -42,3 +43,14 @@ jobs:
           delete_tags: false
           # extra_protected_branch_regex: ^(foo|bar)$
           exclude_open_pr_branches: true
+  del_runs:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Delete workflow runs
+        uses: Mattraks/delete-workflow-runs@v2
+        with:
+          token: ${{ github.token }}
+          repository: ${{ github.repository }}
+          retain_days: 1
+          keep_minimum_runs: 1
+          delete_workflow_pattern: pr-cleanup.yaml
@@ -1,7 +1,6 @@
 package agent
 
 import (
-	"bufio"
 	"bytes"
 	"context"
 	"encoding/binary"
@@ -863,26 +862,30 @@ func (a *agent) runScript(ctx context.Context, lifecycle, script string) (err er
 	}
 	cmd := cmdPty.AsExec()
 
-	var writer io.Writer = fileWriter
+	var stdout, stderr io.Writer = fileWriter, fileWriter
 	if lifecycle == "startup" {
-		// Create pipes for startup logs reader and writer
-		logsReader, logsWriter := io.Pipe()
+		send, flushAndClose := agentsdk.StartupLogsSender(a.client.PatchStartupLogs, logger)
+		// If ctx is canceled here (or in a writer below), we may be
+		// discarding logs, but that's okay because we're shutting down
+		// anyway. We could consider creating a new context here if we
+		// want better control over flush during shutdown.
 		defer func() {
-			_ = logsReader.Close()
-		}()
-		writer = io.MultiWriter(fileWriter, logsWriter)
-		flushedLogs, err := a.trackScriptLogs(ctx, logsReader)
-		if err != nil {
-			return xerrors.Errorf("track %s script logs: %w", lifecycle, err)
-		}
-		defer func() {
-			_ = logsWriter.Close()
-			<-flushedLogs
+			if err := flushAndClose(ctx); err != nil {
+				logger.Warn(ctx, "flush startup logs failed", slog.Error(err))
+			}
 		}()
+
+		infoW := agentsdk.StartupLogsWriter(ctx, send, codersdk.LogLevelInfo)
+		defer infoW.Close()
+		errW := agentsdk.StartupLogsWriter(ctx, send, codersdk.LogLevelError)
+		defer errW.Close()
+
+		stdout = io.MultiWriter(fileWriter, infoW)
+		stderr = io.MultiWriter(fileWriter, errW)
 	}
 
-	cmd.Stdout = writer
-	cmd.Stderr = writer
+	cmd.Stdout = stdout
+	cmd.Stderr = stderr
 
 	start := time.Now()
 	defer func() {
@@ -913,143 +916,6 @@ func (a *agent) runScript(ctx context.Context, lifecycle, script string) (err er
 	return nil
 }
 
-func (a *agent) trackScriptLogs(ctx context.Context, reader io.ReadCloser) (chan struct{}, error) {
-	// Synchronous sender, there can only be one outbound send at a time.
-	//
-	// It's important that we either flush or drop all logs before returning
-	// because the startup state is reported after flush.
-	sendDone := make(chan struct{})
-	send := make(chan []agentsdk.StartupLog, 1)
-	go func() {
-		// Set flushTimeout and backlogLimit so that logs are uploaded
-		// once every 250ms or when 100 logs have been added to the
-		// backlog, whichever comes first.
-		flushTimeout := 250 * time.Millisecond
-		backlogLimit := 100
-
-		flush := time.NewTicker(flushTimeout)
-
-		var backlog []agentsdk.StartupLog
-		defer func() {
-			flush.Stop()
-			_ = reader.Close() // Ensure read routine is closed.
-			if len(backlog) > 0 {
-				a.logger.Debug(ctx, "track script logs sender exiting, discarding logs", slog.F("discarded_logs_count", len(backlog)))
-			}
-			a.logger.Debug(ctx, "track script logs sender exited")
-			close(sendDone)
-		}()
-
-		done := false
-		for {
-			flushed := false
-			select {
-			case <-ctx.Done():
-				return
-			case <-a.closed:
-				return
-			// Close (!ok) can be triggered by the reader closing due to
-			// EOF or due to agent closing, when this happens we attempt
-			// a final flush. If the context is canceled this will be a
-			// no-op.
-			case logs, ok := <-send:
-				done = !ok
-				if ok {
-					backlog = append(backlog, logs...)
-					flushed = len(backlog) >= backlogLimit
-				}
-			case <-flush.C:
-				flushed = true
-			}
-
-			if (done || flushed) && len(backlog) > 0 {
-				flush.Stop() // Lower the chance of a double flush.
-
-				// Retry uploading logs until successful or a specific
-				// error occurs.
-				for r := retry.New(time.Second, 5*time.Second); r.Wait(ctx); {
-					err := a.client.PatchStartupLogs(ctx, agentsdk.PatchStartupLogs{
-						Logs: backlog,
-					})
-					if err == nil {
-						break
-					}
-
-					if errors.Is(err, context.Canceled) {
-						return
-					}
-					var sdkErr *codersdk.Error
-					if errors.As(err, &sdkErr) {
-						if sdkErr.StatusCode() == http.StatusRequestEntityTooLarge {
-							a.logger.Warn(ctx, "startup logs too large, dropping logs")
-							break
-						}
-					}
-					a.logger.Error(ctx, "upload startup logs failed", slog.Error(err), slog.F("to_send", backlog))
-				}
-				if ctx.Err() != nil {
-					return
-				}
-				backlog = nil
-
-				// Anchor flush to the last log upload.
-				flush.Reset(flushTimeout)
-			}
-			if done {
-				return
-			}
-		}
-	}()
-
-	// Forward read lines to the sender or queue them for when the
-	// sender is ready to process them.
-	//
-	// We only need to track this goroutine since it will ensure that
-	// the sender has closed before returning.
-	logsDone := make(chan struct{})
-	err := a.trackConnGoroutine(func() {
-		defer func() {
-			close(send)
-			<-sendDone
-			a.logger.Debug(ctx, "track script logs reader exited")
-			close(logsDone)
-		}()
-
-		var queue []agentsdk.StartupLog
-
-		s := bufio.NewScanner(reader)
-		for s.Scan() {
-			select {
-			case <-ctx.Done():
-				return
-			case <-a.closed:
-				return
-			case queue = <-send:
-				// Not captured by sender yet, re-use.
-			default:
-			}
-
-			queue = append(queue, agentsdk.StartupLog{
-				CreatedAt: database.Now(),
-				Output:    s.Text(),
-			})
-			send <- queue
-			queue = nil
-		}
-		if err := s.Err(); err != nil {
-			a.logger.Warn(ctx, "scan startup logs ended unexpectedly", slog.Error(err))
-		}
-	})
-	if err != nil {
-		close(send)
-		<-sendDone
-		close(logsDone)
-		return logsDone, err
-	}
-
-	return logsDone, nil
-}
-
 func (a *agent) handleReconnectingPTY(ctx context.Context, logger slog.Logger, msg codersdk.WorkspaceAgentReconnectingPTYInit, conn net.Conn) (retErr error) {
 	defer conn.Close()
 	a.metrics.connectionsTotal.Add(1)
 
@@ -192,11 +192,12 @@ func sshPrepareWorkspaceConfigs(ctx context.Context, client *codersdk.Client) (r
 //nolint:gocyclo
 func (r *RootCmd) configSSH() *clibase.Cmd {
 	var (
-		sshConfigFile    string
-		sshConfigOpts    sshConfigOptions
-		usePreviousOpts  bool
-		dryRun           bool
-		skipProxyCommand bool
+		sshConfigFile       string
+		sshConfigOpts       sshConfigOptions
+		usePreviousOpts     bool
+		dryRun              bool
+		skipProxyCommand    bool
+		forceUnixSeparators bool
 	)
 	client := new(codersdk.Client)
 	cmd := &clibase.Cmd{
@@ -236,13 +237,13 @@ func (r *RootCmd) configSSH() *clibase.Cmd {
 			if err != nil {
 				return err
 			}
-			escapedCoderBinary, err := sshConfigExecEscape(coderBinary)
+			escapedCoderBinary, err := sshConfigExecEscape(coderBinary, forceUnixSeparators)
 			if err != nil {
 				return xerrors.Errorf("escape coder binary for ssh failed: %w", err)
 			}
 
 			root := r.createConfig()
-			escapedGlobalConfig, err := sshConfigExecEscape(string(root))
+			escapedGlobalConfig, err := sshConfigExecEscape(string(root), forceUnixSeparators)
 			if err != nil {
 				return xerrors.Errorf("escape global config for ssh failed: %w", err)
 			}
@@ -540,6 +541,19 @@ func (r *RootCmd) configSSH() *clibase.Cmd {
 			Default:     "auto",
 			Value:       clibase.EnumOf(&sshConfigOpts.waitEnum, "yes", "no", "auto"),
 		},
+		{
+			Flag: "force-unix-filepaths",
+			Env:  "CODER_CONFIGSSH_UNIX_FILEPATHS",
+			Description: "By default, 'config-ssh' uses the os path separator when writing the ssh config. " +
+				"This might be an issue in Windows machine that use a unix-like shell. " +
+				"This flag forces the use of unix file paths (the forward slash '/').",
+			Value: clibase.BoolOf(&forceUnixSeparators),
+			// On non-windows showing this command is useless because it is a noop.
+			// Hide vs disable it though so if a command is copied from a Windows
+			// machine to a unix machine it will still work and not throw an
+			// "unknown flag" error.
+			Hidden: hideForceUnixSlashes,
+		},
 		cliui.SkipPromptOption(),
 	}
 
@@ -727,7 +741,31 @@ func writeWithTempFileAndMove(path string, r io.Reader) (err error) {
 //   - https://github.com/openssh/openssh-portable/blob/V_9_0_P1/sshconnect.c#L158-L167
 //   - https://github.com/PowerShell/openssh-portable/blob/v8.1.0.0/sshconnect.c#L231-L293
 //   - https://github.com/PowerShell/openssh-portable/blob/v8.1.0.0/contrib/win32/win32compat/w32fd.c#L1075-L1100
-func sshConfigExecEscape(path string) (string, error) {
+//
+// Additional Windows-specific notes:
+//
+// In some situations a Windows user could be using a unix-like shell such as
+// git bash. In these situations the coder.exe is using the windows filepath
+// separator (\), but the shell wants the unix filepath separator (/).
+// Trying to determine if the shell is unix-like is difficult, so this function
+// takes the argument 'forceUnixPath' to force the filepath to be unix-like.
+//
+// On actual unix machines, this is **always** a noop. Even if a windows
+// path is provided.
+//
+// Passing a "false" for forceUnixPath will result in the filepath separator
+// untouched from the original input.
+// ---
+// This is a control flag, and that is ok. It is a control flag
+// based on the OS of the user. Making this a different file is excessive.
+// nolint:revive
+func sshConfigExecEscape(path string, forceUnixPath bool) (string, error) {
+	if forceUnixPath {
+		// This is a workaround for #7639, where the filepath separator is
+		// incorrectly the Windows separator (\) instead of the unix separator (/).
+		path = filepath.ToSlash(path)
+	}
+
 	// This is unlikely to ever happen, but newlines are allowed on
 	// certain filesystems, but cannot be used inside ssh config.
 	if strings.ContainsAny(path, "\n") {