coder
diff --git a/‎.github/actions/setup-go/action.yaml
Lines changed: 45 additions & 16 deletions b/‎.github/actions/setup-go/action.yaml
Lines changed: 45 additions & 16 deletions
diff --git a/‎.github/workflows/ci.yaml
Lines changed: 48 additions & 62 deletions b/‎.github/workflows/ci.yaml
Lines changed: 48 additions & 62 deletions
diff --git a/‎.github/workflows/security.yaml
Lines changed: 10 additions & 2 deletions b/‎.github/workflows/security.yaml
Lines changed: 10 additions & 2 deletions
diff --git a/‎.golangci.yaml
Lines changed: 1 addition & 2 deletions b/‎.golangci.yaml
Lines changed: 1 addition & 2 deletions
diff --git a/‎.vscode/settings.json
Lines changed: 1 addition & 7 deletions b/‎.vscode/settings.json
Lines changed: 1 addition & 7 deletions
@@ -1,36 +1,65 @@
 name: "Setup Go"
 description: |
   Sets up the Go environment for tests, builds, etc.
+inputs:
+  version:
+    description: "The Go version to use."
+    default: "1.20.5"
 runs:
   using: "composite"
   steps:
+    - name: Cache go toolchain
+      uses: buildjet/cache@v3
+      with:
+        path: |
+          ${{ runner.tool_cache }}/go/${{ inputs.version }}
+        key: gotoolchain-${{ runner.os }}-${{ inputs.version }}
+        restore-keys: |
+          gotoolchain-${{ runner.os }}-
+
     - uses: buildjet/setup-go@v4
       with:
-        cache: true
-        go-version: "1.20.5"
+        # We do our own caching for implementation clarity.
+        cache: false
+        go-version: ${{ inputs.version }}
+
+    - name: Get cache dirs
+      shell: bash
+      run: |
+        set -x
+        echo "GOMODCACHE=$(go env GOMODCACHE)" >> $GITHUB_ENV
+        echo "GOCACHE=$(go env GOCACHE)" >> $GITHUB_ENV
+
+    # We split up GOMODCACHE from GOCACHE because the latter must be invalidated
+    # on code change, but the former can be kept.
+    - name: Cache $GOMODCACHE
+      uses: buildjet/cache@v3
+      with:
+        path: |
+          ${{ env.GOMODCACHE }}
+        key: gomodcache-${{ runner.os }}-${{ hashFiles('**/go.sum') }}-${{ github.job }}
+        restore-keys: |
+          gomodcache-${{ runner.os }}-${{ hashFiles('**/go.sum') }}-
+          gomodcache-${{ runner.os }}-
 
-    - name: Cache go
+    - name: Cache $GOCACHE
       uses: buildjet/cache@v3
       with:
-        # ~/go/pkg is the same across operating systems.
         path: |
-          ~/go/pkg
-          ~/.cache/go-build
-          ~/AppData/Local/go-build
-          ~/Library/Caches/go-build
+          ${{ env.GOCACHE }}
         # Job name must be included in the key for effective
         # test cache reuse.
-        key: go-${{ runner.os }}-${{ github.job }}-${{ hashFiles('**/*.go', 'go.**') }}
+        # The key format is intentionally different than GOMODCACHE, because any
+        # time a Go file changes we invalidate this cache, whereas GOMODCACHE
+        # is only invalidated when go.sum changes.
+        key: gocache-${{ runner.os }}-${{ github.job }}-${{ hashFiles('**/*.go', 'go.**') }}
         restore-keys: |
-          go-${{ runner.os }}-${{ github.job }}-
-          go-${{ runner.os }}-
-          go-
+          gocache-${{ runner.os }}-${{ github.job }}-
+          gocache-${{ runner.os }}-
 
     - name: Install gotestsum
-      uses: jaxxstorm/action-install-gh-release@v1.10.0
-      with:
-        repo: gotestyourself/gotestsum
-        tag: v1.9.0
+      shell: bash
+      run: go install gotest.tools/gotestsum@latest
 
     # It isn't necessary that we ever do this, but it helps
     # separate the "setup" from the "run" times.
 
@@ -100,49 +100,45 @@ jobs:
 
       - uses: ./.github/actions/setup-go
 
-      # Check for any typos!
+      - uses: ./.github/actions/setup-node
+
+      - name: Get golangci-lint cache dir
+        run: |
+          go install github.com/golangci/golangci-lint/cmd/golangci-lint@v1.53.2
+          dir=$(golangci-lint cache status | awk '/Dir/ { print $2 }')
+          echo "LINT_CACHE_DIR=$dir" >> $GITHUB_ENV
+
+      - name: golangci-lint cache
+        uses: buildjet/cache@v3
+        with:
+          path: |
+            ${{ env.LINT_CACHE_DIR }}
+          key: golangci-lint-${{ runner.os }}-${{ hashFiles('**/*.go') }}
+          restore-keys: |
+            golangci-lint-${{ runner.os }}-
+
+      # Check for any typos
       - name: Check for typos
         uses: crate-ci/typos@v1.14.12
         with:
           config: .github/workflows/typos.toml
+
       - name: Fix the typos
         if: ${{ failure() }}
         run: |
           echo "::notice:: you can automatically fix typos from your CLI:
           cargo install typos-cli
           typos -c .github/workflows/typos.toml -w"
 
-      # Check for Go linting errors!
-      - name: Lint Go
-        uses: golangci/golangci-lint-action@v3.5.0
-        with:
-          version: v1.52.2
-
-      - name: Lint shell scripts
-        uses: ludeeus/action-shellcheck@2.0.0
-        env:
-          SHELLCHECK_OPTS: --external-sources
-        with:
-          ignore: node_modules
-
-      - uses: ./.github/actions/setup-node
-      - name: Lint TypeScript
-        run: yarn lint
-        working-directory: site
-
-      # Make sure the Helm chart is linted!
+      # Needed for helm chart linting
       - name: Install helm
         uses: azure/setup-helm@v3
         with:
           version: v3.9.2
-      - name: Lint Helm chart
-        run: |
-          cd helm
-          make lint
 
-      # Ensure AGPL and Enterprise are separated!
-      - name: Check for AGPL code importing Enterprise...
-        run: ./scripts/check_enterprise_imports.sh
+      - name: make lint
+        run: |
+          make --output-sync=line -j lint
 
   gen:
     timeout-minutes: 8
@@ -158,16 +154,14 @@ jobs:
       - name: Install sqlc
         run: |
           curl -sSL https://github.com/kyleconroy/sqlc/releases/download/v1.17.2/sqlc_1.17.2_linux_amd64.tar.gz | sudo tar -C /usr/bin -xz sqlc
-      - name: Install protoc-gen-go
-        run: go install google.golang.org/protobuf/cmd/protoc-gen-go@v1.30
-      - name: Install protoc-gen-go-drpc
-        run: go install storj.io/drpc/cmd/protoc-gen-go-drpc@v0.0.33
-      - name: Install goimports
-        run: go install golang.org/x/tools/cmd/goimports@latest
-      - name: Install yq
-        run: go run github.com/mikefarah/yq/v4@v4.30.6
-      - name: Install mockgen
-        run: go install github.com/golang/mock/mockgen@v1.6.0
+
+      - name: go install tools
+        run: |
+          go install google.golang.org/protobuf/cmd/protoc-gen-go@v1.30
+          go install storj.io/drpc/cmd/protoc-gen-go-drpc@v0.0.33
+          go install golang.org/x/tools/cmd/goimports@latest
+          go install github.com/mikefarah/yq/v4@v4.30.6
+          go install github.com/golang/mock/mockgen@v1.6.0
 
       - name: Install Protoc
         run: |
@@ -189,17 +183,24 @@ jobs:
         run: ./scripts/check_unstaged.sh
 
   fmt:
-    runs-on: ubuntu-latest
+    runs-on: ${{ github.repository_owner == 'coder' && 'buildjet-8vcpu-ubuntu-2204' || 'ubuntu-latest' }}
     timeout-minutes: 5
     steps:
       - name: Checkout
         uses: actions/checkout@v3
+
+      - uses: buildjet/setup-node@v3
         with:
-          fetch-depth: 0
-          submodules: true
+          node-version: 16.16.0
 
-      - uses: ./.github/actions/setup-node
-      - uses: ./.github/actions/setup-go
+      - uses: buildjet/setup-go@v4
+        with:
+          # This doesn't need caching. It's super fast anyways!
+          cache: false
+          go-version: 1.20.5
+
+      - name: Install prettier
+        run: npm install -g prettier
 
       - name: Install shfmt
         run: go install mvdan.cc/sh/v3/cmd/shfmt@v3.5.0
@@ -250,11 +251,6 @@ jobs:
           # By default Go will use the number of logical CPUs, which
           # is a fine default.
           PARALLEL_FLAG=""
-          if [ "${{ matrix.os }}" == "windows-2019" ]; then
-            # Windows appears more I/O bound, so we increase parallelism
-            # to make better use of CPU.
-            PARALLEL_FLAG="-parallel=16"
-          fi
 
           export TS_DEBUG_DISCO=true
           gotestsum --junitfile="gotests.xml" --jsonfile="gotests.json" \
@@ -268,7 +264,7 @@ jobs:
           go run ./scripts/ci-report/main.go gotests.json | tee gotests_stats.json
 
       - uses: ./.github/actions/upload-datadog
-        if: always()
+        if: success() || failure()
         with:
           api-key: ${{ secrets.DATADOG_API_KEY }}
 
@@ -315,15 +311,8 @@ jobs:
           # so we need to print the test stats to the log.
           go run ./scripts/ci-report/main.go gotests.json | tee gotests_stats.json
 
-      - uses: actions/upload-artifact@v3
-        if: success() || failure()
-        with:
-          name: gotests-postgres.xml
-          path: ./gotests.xml
-          retention-days: 30
-
       - uses: ./.github/actions/upload-datadog
-        if: always()
+        if: success() || failure()
         with:
           api-key: ${{ secrets.DATADOG_API_KEY }}
 
@@ -349,11 +338,6 @@ jobs:
 
       - uses: ./.github/actions/setup-go
 
-      - uses: hashicorp/setup-terraform@v2
-        with:
-          terraform_version: 1.1.9
-          terraform_wrapper: false
-
       - name: Run Tests
         run: |
           gotestsum --junitfile="gotests.xml" -- -race ./...
@@ -565,14 +549,16 @@ jobs:
 
   required:
     runs-on: ubuntu-latest
-    needs: [gen, test-go, test-go-pg, test-go-race, test-js]
+    needs: [fmt, lint, gen, test-go, test-go-pg, test-go-race, test-js]
     # Allow this job to run even if the needed jobs fail, are skipped or
     # cancelled.
     if: always()
     steps:
       - name: Ensure required checks
         run: |
           echo "Checking required checks"
+          echo "- fmt: ${{ needs.fmt.result }}"
+          echo "- lint: ${{ needs.lint.result }}"
           echo "- gen: ${{ needs.gen.result }}"
           echo "- test-go: ${{ needs.test-go.result }}"
           echo "- test-go-pg: ${{ needs.test-go-pg.result }}"
 
@@ -10,7 +10,7 @@ on:
 
   schedule:
     # Run every 6 hours Monday-Friday!
-    - cron: "0 0,6,12,18 * * 1-5"
+    - cron: "0 0/6 * * 1-5"
 
 # Cancel in-progress runs for pull requests when developers push
 # additional changes
@@ -117,8 +117,16 @@ jobs:
           make -j "$image_job"
           echo "image=$(cat "$image_job")" >> $GITHUB_OUTPUT
 
+      - name: Run Prisma Cloud image scan
+        uses: PaloAltoNetworks/prisma-cloud-scan@v1
+        with:
+          pcc_console_url: ${{ secrets.PRISMA_CLOUD_URL }}
+          pcc_user: ${{ secrets.PRISMA_CLOUD_ACCESS_KEY }}
+          pcc_pass: ${{ secrets.PRISMA_CLOUD_SECRET_KEY }}
+          image_name: ${{ steps.build.outputs.image }}
+
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@e5f43133f6e8736992c9f3c1b3296e24b37e17f2
+        uses: aquasecurity/trivy-action@41f05d9ecffa2ed3f1580af306000f734b733e54
         with:
           image-ref: ${{ steps.build.outputs.image }}
           format: sarif
 
@@ -200,12 +200,11 @@ issues:
   max-same-issues: 0
 
 run:
-  concurrency: 4
   skip-dirs:
     - node_modules
   skip-files:
     - scripts/rules.go
-  timeout: 5m
+  timeout: 10m
 
 # Over time, add more and more linters from
 # https://golangci-lint.run/usage/linters/ as the code improves.
 
@@ -212,11 +212,5 @@
   // We often use a version of TypeScript that's ahead of the version shipped
   // with VS Code.
   "typescript.tsdk": "./site/node_modules/typescript/lib",
-  "grammarly.selectors": [
-    {
-      "language": "markdown",
-      "scheme": "file",
-      "pattern": "docs/contributing/frontend.md"
-    }
-  ]
+  "prettier.prettierPath": "./node_modules/prettier"
 }