coder
diff --git a/‎.github/workflows/coder.yaml
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/coder.yaml
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/dependabot.yaml
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/dependabot.yaml
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/dogfood.yaml
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/dogfood.yaml
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/release.yaml
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/release.yaml
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/stale.yaml
Lines changed: 0 additions & 2 deletions b/‎.github/workflows/stale.yaml
Lines changed: 0 additions & 2 deletions
diff --git a/‎buildinfo/buildinfo.go
Lines changed: 5 additions & 0 deletions b/‎buildinfo/buildinfo.go
Lines changed: 5 additions & 0 deletions
diff --git a/‎cli/deployment/config.go
Lines changed: 7 additions & 0 deletions b/‎cli/deployment/config.go
Lines changed: 7 additions & 0 deletions
diff --git a/‎cli/deployment/config_test.go
Lines changed: 2 additions & 0 deletions b/‎cli/deployment/config_test.go
Lines changed: 2 additions & 0 deletions
diff --git a/‎cli/server.go
Lines changed: 20 additions & 0 deletions b/‎cli/server.go
Lines changed: 20 additions & 0 deletions
diff --git a/‎cli/testdata/coder_server_--help.golden
Lines changed: 4 additions & 0 deletions b/‎cli/testdata/coder_server_--help.golden
Lines changed: 4 additions & 0 deletions
diff --git a/‎coderd/coderd.go
Lines changed: 19 additions & 9 deletions b/‎coderd/coderd.go
Lines changed: 19 additions & 9 deletions
diff --git a/‎coderd/coderdtest/authorize.go
Lines changed: 1 addition & 0 deletions b/‎coderd/coderdtest/authorize.go
Lines changed: 1 addition & 0 deletions
diff --git a/‎coderd/coderdtest/coderdtest.go
Lines changed: 5 additions & 0 deletions b/‎coderd/coderdtest/coderdtest.go
Lines changed: 5 additions & 0 deletions
diff --git a/‎coderd/database/databasefake/databasefake.go
Lines changed: 22 additions & 3 deletions b/‎coderd/database/databasefake/databasefake.go
Lines changed: 22 additions & 3 deletions
diff --git a/‎coderd/database/querier.go
Lines changed: 2 additions & 0 deletions b/‎coderd/database/querier.go
Lines changed: 2 additions & 0 deletions
diff --git a/‎coderd/database/queries.sql.go
Lines changed: 21 additions & 0 deletions b/‎coderd/database/queries.sql.go
Lines changed: 21 additions & 0 deletions
diff --git a/‎coderd/database/queries/siteconfig.sql
Lines changed: 7 additions & 0 deletions b/‎coderd/database/queries/siteconfig.sql
Lines changed: 7 additions & 0 deletions
@@ -428,7 +428,7 @@ jobs:
           fetch-depth: 0
 
       - name: Authenticate to Google Cloud
-        uses: google-github-actions/auth@v0
+        uses: google-github-actions/auth@v1
         with:
           workload_identity_provider: projects/573722524737/locations/global/workloadIdentityPools/github/providers/github
           service_account: coder-ci@coder-dogfood.iam.gserviceaccount.com
 
@@ -9,5 +9,5 @@ jobs:
     permissions:
       pull-requests: write
     steps:
-      - uses: hmarr/auto-approve-action@v2
+      - uses: hmarr/auto-approve-action@v3
         if: github.actor == 'dependabot[bot]'
@@ -17,7 +17,7 @@ jobs:
     steps:
       - name: Get branch name
         id: branch-name
-        uses: tj-actions/branch-names@v6.2
+        uses: tj-actions/branch-names@v6.3
 
       - name: "Branch name to Docker tag name"
         id: docker-tag-name
 
@@ -170,7 +170,7 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Authenticate to Google Cloud
-        uses: google-github-actions/auth@v0
+        uses: google-github-actions/auth@v1
         with:
           workload_identity_provider: ${{ secrets.GCP_WORKLOAD_ID_PROVIDER }}
           service_account: ${{ secrets.GCP_SERVICE_ACCOUNT }}
 
@@ -17,8 +17,6 @@ jobs:
         with:
           stale-issue-label: 'stale'
           stale-pr-label: 'stale'
-          exempt-issue-labels: 'never stale'
-          exempt-pr-labels: 'never stale'
           # Pull Requests become stale more quickly due to merge conflicts.
           # Also, we promote minimizing WIP.
           days-before-pr-stale: 7
 
@@ -68,6 +68,11 @@ func VersionsMatch(v1, v2 string) bool {
 	return semver.MajorMinor(v1) == semver.MajorMinor(v2)
 }
 
+// IsDev returns true if this is a development build.
+func IsDev() bool {
+	return strings.HasPrefix(Version(), develPrefix)
+}
+
 // ExternalURL returns a URL referencing the current Coder version.
 // For production builds, this will link directly to a release.
 // For development builds, this will link to a commit.
 
@@ -14,6 +14,7 @@ import (
 	"github.com/spf13/viper"
 	"golang.org/x/xerrors"
 
+	"github.com/coder/coder/buildinfo"
 	"github.com/coder/coder/cli/cliui"
 	"github.com/coder/coder/cli/config"
 	"github.com/coder/coder/codersdk"
@@ -405,6 +406,12 @@ func newConfig() *codersdk.DeploymentConfig {
 			Usage: "Enable experimental features. Experimental features are not ready for production.",
 			Flag:  "experimental",
 		},
+		UpdateCheck: &codersdk.DeploymentConfigField[bool]{
+			Name:    "Update Check",
+			Usage:   "Periodically check for new releases of Coder and inform the owner. The check is performed once per day.",
+			Flag:    "update-check",
+			Default: flag.Lookup("test.v") == nil && !buildinfo.IsDev(),
+		},
 	}
 }
 
 
@@ -38,6 +38,7 @@ func TestConfig(t *testing.T) {
 			"CODER_TELEMETRY":            "false",
 			"CODER_TELEMETRY_TRACE":      "false",
 			"CODER_WILDCARD_ACCESS_URL":  "something-wildcard.com",
+			"CODER_UPDATE_CHECK":         "false",
 		},
 		Valid: func(config *codersdk.DeploymentConfig) {
 			require.Equal(t, config.Address.Value, "0.0.0.0:8443")
@@ -53,6 +54,7 @@ func TestConfig(t *testing.T) {
 			require.Equal(t, config.Telemetry.Enable.Value, false)
 			require.Equal(t, config.Telemetry.Trace.Value, false)
 			require.Equal(t, config.WildcardAccessURL.Value, "something-wildcard.com")
+			require.Equal(t, config.UpdateCheck.Value, false)
 		},
 	}, {
 		Name: "DERP",
 
@@ -63,6 +63,7 @@ import (
 	"github.com/coder/coder/coderd/prometheusmetrics"
 	"github.com/coder/coder/coderd/telemetry"
 	"github.com/coder/coder/coderd/tracing"
+	"github.com/coder/coder/coderd/updatecheck"
 	"github.com/coder/coder/codersdk"
 	"github.com/coder/coder/cryptorand"
 	"github.com/coder/coder/provisioner/echo"
@@ -373,6 +374,25 @@ func Server(vip *viper.Viper, newAPI func(context.Context, *coderd.Options) (*co
 				options.TLSCertificates = tlsConfig.Certificates
 			}
 
+			if cfg.UpdateCheck.Value {
+				options.UpdateCheckOptions = &updatecheck.Options{
+					// Avoid spamming GitHub API checking for updates.
+					Interval: 24 * time.Hour,
+					// Inform server admins of new versions.
+					Notify: func(r updatecheck.Result) {
+						if semver.Compare(r.Version, buildinfo.Version()) > 0 {
+							options.Logger.Info(
+								context.Background(),
+								"new version of coder available",
+								slog.F("new_version", r.Version),
+								slog.F("url", r.URL),
+								slog.F("upgrade_instructions", "https://coder.com/docs/coder-oss/latest/admin/upgrade"),
+							)
+						}
+					},
+				}
+			}
+
 			if cfg.OAuth2.Github.ClientSecret.Value != "" {
 				options.GithubOAuth2Config, err = configureGithubOAuth2(accessURLParsed,
 					cfg.OAuth2.Github.ClientID.Value,
 
@@ -219,6 +219,10 @@ Flags:
                                                      verbose flag was supplied, debug-level
                                                      logs will be included.
                                                      Consumes $CODER_TRACE_CAPTURE_LOGS
+      --update-check                                 Periodically check for new releases of
+                                                     Coder and inform the owner. The check is
+                                                     performed once per day.
+                                                     Consumes $CODER_UPDATE_CHECK
       --wildcard-access-url string                   Specifies the wildcard hostname to use
                                                      for workspace applications in the form
                                                      "*.example.com".
 
@@ -47,6 +47,7 @@ import (
 	"github.com/coder/coder/coderd/rbac"
 	"github.com/coder/coder/coderd/telemetry"
 	"github.com/coder/coder/coderd/tracing"
+	"github.com/coder/coder/coderd/updatecheck"
 	"github.com/coder/coder/coderd/wsconncache"
 	"github.com/coder/coder/codersdk"
 	"github.com/coder/coder/provisionerd/proto"
@@ -105,6 +106,7 @@ type Options struct {
 	AgentStatsRefreshInterval   time.Duration
 	Experimental                bool
 	DeploymentConfig            *codersdk.DeploymentConfig
+	UpdateCheckOptions          *updatecheck.Options // Set non-nil to enable update checking.
 }
 
 // New constructs a Coder API handler.
@@ -123,20 +125,14 @@ func New(options *Options) *API {
 		options.AgentInactiveDisconnectTimeout = options.AgentConnectionUpdateFrequency * 2
 	}
 	if options.AgentStatsRefreshInterval == 0 {
-		options.AgentStatsRefreshInterval = 10 * time.Minute
+		options.AgentStatsRefreshInterval = 5 * time.Minute
 	}
 	if options.MetricsCacheRefreshInterval == 0 {
 		options.MetricsCacheRefreshInterval = time.Hour
 	}
 	if options.APIRateLimit == 0 {
 		options.APIRateLimit = 512
 	}
-	if options.AgentStatsRefreshInterval == 0 {
-		options.AgentStatsRefreshInterval = 5 * time.Minute
-	}
-	if options.MetricsCacheRefreshInterval == 0 {
-		options.MetricsCacheRefreshInterval = time.Hour
-	}
 	if options.Authorizer == nil {
 		options.Authorizer = rbac.NewAuthorizer()
 	}
@@ -181,6 +177,13 @@ func New(options *Options) *API {
 		metricsCache: metricsCache,
 		Auditor:      atomic.Pointer[audit.Auditor]{},
 	}
+	if options.UpdateCheckOptions != nil {
+		api.updateChecker = updatecheck.New(
+			options.Database,
+			options.Logger.Named("update_checker"),
+			*options.UpdateCheckOptions,
+		)
+	}
 	api.Auditor.Store(&options.Auditor)
 	api.workspaceAgentCache = wsconncache.New(api.dialWorkspaceAgentTailnet, 0)
 	api.TailnetCoordinator.Store(&options.TailnetCoordinator)
@@ -308,6 +311,9 @@ func New(options *Options) *API {
 				})
 			})
 		})
+		r.Route("/updatecheck", func(r chi.Router) {
+			r.Get("/", api.updateCheck)
+		})
 		r.Route("/config", func(r chi.Router) {
 			r.Use(apiKeyMiddleware)
 			r.Get("/deployment", api.deploymentConfig)
@@ -590,13 +596,14 @@ type API struct {
 	// RootHandler serves "/"
 	RootHandler chi.Router
 
-	metricsCache *metricscache.Cache
-	siteHandler  http.Handler
+	siteHandler http.Handler
 
 	WebsocketWaitMutex sync.Mutex
 	WebsocketWaitGroup sync.WaitGroup
 
+	metricsCache        *metricscache.Cache
 	workspaceAgentCache *wsconncache.Cache
+	updateChecker       *updatecheck.Checker
 }
 
 // Close waits for all WebSocket connections to drain before returning.
@@ -606,6 +613,9 @@ func (api *API) Close() error {
 	api.WebsocketWaitMutex.Unlock()
 
 	api.metricsCache.Close()
+	if api.updateChecker != nil {
+		api.updateChecker.Close()
+	}
 	coordinator := api.TailnetCoordinator.Load()
 	if coordinator != nil {
 		_ = (*coordinator).Close()
 
@@ -48,6 +48,7 @@ func AGPLRoutes(a *AuthTester) (map[string]string, map[string]RouteCheck) {
 		"GET:/healthz":                  {NoAuthorize: true},
 		"GET:/api/v2":                   {NoAuthorize: true},
 		"GET:/api/v2/buildinfo":         {NoAuthorize: true},
+		"GET:/api/v2/updatecheck":       {NoAuthorize: true},
 		"GET:/api/v2/users/first":       {NoAuthorize: true},
 		"POST:/api/v2/users/first":      {NoAuthorize: true},
 		"POST:/api/v2/users/login":      {NoAuthorize: true},
 
@@ -64,6 +64,7 @@ import (
 	"github.com/coder/coder/coderd/httpmw"
 	"github.com/coder/coder/coderd/rbac"
 	"github.com/coder/coder/coderd/telemetry"
+	"github.com/coder/coder/coderd/updatecheck"
 	"github.com/coder/coder/coderd/util/ptr"
 	"github.com/coder/coder/codersdk"
 	"github.com/coder/coder/cryptorand"
@@ -102,6 +103,9 @@ type Options struct {
 	AgentStatsRefreshInterval   time.Duration
 	DeploymentConfig            *codersdk.DeploymentConfig
 
+	// Set update check options to enable update check.
+	UpdateCheckOptions *updatecheck.Options
+
 	// Overriding the database is heavily discouraged.
 	// It should only be used in cases where multiple Coder
 	// test instances are running against the same database.
@@ -283,6 +287,7 @@ func NewOptions(t *testing.T, options *Options) (func(http.Handler), context.Can
 			MetricsCacheRefreshInterval: options.MetricsCacheRefreshInterval,
 			AgentStatsRefreshInterval:   options.AgentStatsRefreshInterval,
 			DeploymentConfig:            options.DeploymentConfig,
+			UpdateCheckOptions:          options.UpdateCheckOptions,
 		}
 }
 
 
@@ -119,9 +119,10 @@ type data struct {
 	workspaceResources        []database.WorkspaceResource
 	workspaces                []database.Workspace
 
-	deploymentID  string
-	derpMeshKey   string
-	lastLicenseID int32
+	deploymentID    string
+	derpMeshKey     string
+	lastUpdateCheck []byte
+	lastLicenseID   int32
 }
 
 func (fakeQuerier) IsFakeDB() {}
@@ -3272,6 +3273,24 @@ func (q *fakeQuerier) GetDERPMeshKey(_ context.Context) (string, error) {
 	return q.derpMeshKey, nil
 }
 
+func (q *fakeQuerier) InsertOrUpdateLastUpdateCheck(_ context.Context, data string) error {
+	q.mutex.RLock()
+	defer q.mutex.RUnlock()
+
+	q.lastUpdateCheck = []byte(data)
+	return nil
+}
+
+func (q *fakeQuerier) GetLastUpdateCheck(_ context.Context) (string, error) {
+	q.mutex.RLock()
+	defer q.mutex.RUnlock()
+
+	if q.lastUpdateCheck == nil {
+		return "", sql.ErrNoRows
+	}
+	return string(q.lastUpdateCheck), nil
+}
+
 func (q *fakeQuerier) InsertLicense(
 	_ context.Context, arg database.InsertLicenseParams,
 ) (database.License, error) {
 
@@ -9,3 +9,10 @@ INSERT INTO site_configs (key, value) VALUES ('derp_mesh_key', $1);
 
 -- name: GetDERPMeshKey :one
 SELECT value FROM site_configs WHERE key = 'derp_mesh_key';
+
+-- name: InsertOrUpdateLastUpdateCheck :exec
+INSERT INTO site_configs (key, value) VALUES ('last_update_check', $1)
+ON CONFLICT (key) DO UPDATE SET value = $1 WHERE site_configs.key = 'last_update_check';
+
+-- name: GetLastUpdateCheck :one
+SELECT value FROM site_configs WHERE key = 'last_update_check';