coder
diff --git a/‎.github/workflows/ci.yaml
Lines changed: 41 additions & 0 deletions b/‎.github/workflows/ci.yaml
Lines changed: 41 additions & 0 deletions
diff --git a/‎cli/support.go
Lines changed: 10 additions & 0 deletions b/‎cli/support.go
Lines changed: 10 additions & 0 deletions
diff --git a/‎coderd/apidoc/docs.go
Lines changed: 22 additions & 3 deletions b/‎coderd/apidoc/docs.go
Lines changed: 22 additions & 3 deletions
diff --git a/‎coderd/apidoc/swagger.json
Lines changed: 14 additions & 3 deletions b/‎coderd/apidoc/swagger.json
Lines changed: 14 additions & 3 deletions
diff --git a/‎coderd/azureidentity/azureidentity_test.go
Lines changed: 6 additions & 0 deletions b/‎coderd/azureidentity/azureidentity_test.go
Lines changed: 6 additions & 0 deletions
diff --git a/‎coderd/database/db.go
Lines changed: 1 addition & 1 deletion b/‎coderd/database/db.go
Lines changed: 1 addition & 1 deletion
diff --git a/‎coderd/database/dbmem/dbmem.go
Lines changed: 0 additions & 4 deletions b/‎coderd/database/dbmem/dbmem.go
Lines changed: 0 additions & 4 deletions
diff --git a/‎coderd/database/dbmetrics/dbmetrics.go
Lines changed: 24 additions & 16 deletions b/‎coderd/database/dbmetrics/dbmetrics.go
Lines changed: 24 additions & 16 deletions
diff --git a/‎coderd/healthcheck/derphealth/derp.go
Lines changed: 1 addition & 1 deletion b/‎coderd/healthcheck/derphealth/derp.go
Lines changed: 1 addition & 1 deletion
diff --git a/‎coderd/healthcheck/health/model.go
Lines changed: 30 additions & 0 deletions b/‎coderd/healthcheck/health/model.go
Lines changed: 30 additions & 0 deletions
diff --git a/‎coderd/healthcheck/health/model_test.go
Lines changed: 32 additions & 0 deletions b/‎coderd/healthcheck/health/model_test.go
Lines changed: 32 additions & 0 deletions
@@ -640,6 +640,7 @@ jobs:
       - test-e2e
       - offlinedocs
       - sqlc-vet
+      - dependency-license-review
     # Allow this job to run even if the needed jobs fail, are skipped or
     # cancelled.
     if: always()
@@ -656,6 +657,7 @@ jobs:
           echo "- test-js: ${{ needs.test-js.result }}"
           echo "- test-e2e: ${{ needs.test-e2e.result }}"
           echo "- offlinedocs: ${{ needs.offlinedocs.result }}"
+          echo "- dependency-license-review: ${{ needs.dependency-license-review.result }}"
           echo
 
           # We allow skipped jobs to pass, but not failed or cancelled jobs.
@@ -896,3 +898,42 @@ jobs:
       - name: Setup and run sqlc vet
         run: |
           make sqlc-vet
+
+  # dependency-license-review checks that no license-incompatible dependencies have been introduced.
+  # This action is not intended to do a vulnerability check since that is handled by a separate action.
+  dependency-license-review:
+    runs-on: ubuntu-latest
+    if: github.ref != 'refs/heads/main'
+    steps:
+      - name: "Checkout Repository"
+        uses: actions/checkout@v4
+      - name: "Dependency Review"
+        id: review
+        uses: actions/dependency-review-action@v4
+        with:
+          allow-licenses: Apache-2.0, BSD-2-Clause, BSD-3-Clause, CC0-1.0, ISC, MIT, MIT-0, MPL-2.0
+          license-check: true
+          vulnerability-check: false
+      - name: "Report"
+        # make sure this step runs even if the previous failed
+        if: always()
+        shell: bash
+        env:
+          VULNERABLE_CHANGES: ${{ steps.review.outputs.invalid-license-changes }}
+        run: |
+          fields=( "unlicensed" "unresolved" "forbidden" )
+
+          # This is unfortunate that we have to do this but the action does not support failing on
+          # an unknown license. The unknown dependency could easily have a GPL license which
+          # would be problematic for us.
+          # Track https://github.com/actions/dependency-review-action/issues/672 for when
+          # we can remove this brittle workaround.
+          for field in "${fields[@]}"; do
+            # Use jq to check if the array is not empty
+            if [[ $(echo "$VULNERABLE_CHANGES" | jq ".${field} | length") -ne 0 ]]; then
+              echo "Invalid or unknown licenses detected, contact @sreya to ensure your added dependency falls under one of our allowed licenses."
+              echo "$VULNERABLE_CHANGES" | jq
+              exit 1
+            fi
+          done
+          echo "No incompatible licenses detected"
@@ -184,6 +184,16 @@ func (r *RootCmd) supportBundle() *serpent.Command {
 				_ = os.Remove(outputPath) // best effort
 				return xerrors.Errorf("create support bundle: %w", err)
 			}
+			docsURL := bun.Deployment.Config.Values.DocsURL.String()
+			deployHealthSummary := bun.Deployment.HealthReport.Summarize(docsURL)
+			if len(deployHealthSummary) > 0 {
+				cliui.Warn(inv.Stdout, "Deployment health issues detected:", deployHealthSummary...)
+			}
+			clientNetcheckSummary := bun.Network.Netcheck.Summarize("Client netcheck:", docsURL)
+			if len(clientNetcheckSummary) > 0 {
+				cliui.Warn(inv.Stdout, "Networking issues detected:", deployHealthSummary...)
+			}
+
 			bun.CLILogs = cliLogBuf.Bytes()
 
 			if err := writeBundle(bun, zwr); err != nil {
 
@@ -4,6 +4,7 @@ import (
 	"context"
 	"crypto/x509"
 	"encoding/pem"
+	"runtime"
 	"testing"
 	"time"
 
@@ -14,6 +15,11 @@ import (
 
 func TestValidate(t *testing.T) {
 	t.Parallel()
+	if runtime.GOOS == "darwin" {
+		// This test fails on MacOS for some reason. See https://github.com/coder/coder/issues/12978
+		t.Skip()
+	}
+
 	mustTime := func(layout string, value string) time.Time {
 		ti, err := time.Parse(layout, value)
 		require.NoError(t, err)
 
@@ -103,7 +103,7 @@ func (q *sqlQuerier) InTx(function func(Store) error, txOpts *sql.TxOptions) err
 				// Transaction succeeded.
 				return nil
 			}
-			if err != nil && !IsSerializedError(err) {
+			if !IsSerializedError(err) {
 				// We should only retry if the error is a serialization error.
 				return err
 			}
 
@@ -9089,7 +9089,6 @@ func (q *FakeQuerier) GetAuthorizedWorkspaces(ctx context.Context, arg database.
 				params = append(params, param)
 			}
 
-			var innerErr error
 			index := slices.IndexFunc(params, func(buildParam database.WorkspaceBuildParameter) bool {
 				// If hasParam matches, then we are done. This is a good match.
 				if slices.ContainsFunc(arg.HasParam, func(name string) bool {
@@ -9116,9 +9115,6 @@ func (q *FakeQuerier) GetAuthorizedWorkspaces(ctx context.Context, arg database.
 
 				return match
 			})
-			if innerErr != nil {
-				return nil, xerrors.Errorf("error searching workspace build params: %w", innerErr)
-			}
 			if index < 0 {
 				continue
 			}
 
@@ -156,8 +156,8 @@ func (r *RegionReport) Run(ctx context.Context) {
 			node       = node
 			nodeReport = NodeReport{
 				DERPNodeReport: healthsdk.DERPNodeReport{
-					Node:    node,
 					Healthy: true,
+					Node:    node,
 				},
 			}
 		)
 
@@ -4,6 +4,7 @@ import (
 	"fmt"
 	"strings"
 
+	"github.com/coder/coder/v2/buildinfo"
 	"github.com/coder/coder/v2/coderd/util/ptr"
 )
 
@@ -44,6 +45,11 @@ const (
 	CodeProvisionerDaemonAPIMajorVersionDeprecated Code = `EPD03`
 )
 
+// Default docs URL
+var (
+	docsURLDefault = "https://coder.com/docs/v2"
+)
+
 // @typescript-generate Severity
 type Severity string
 
@@ -72,6 +78,30 @@ func (m Message) String() string {
 	return sb.String()
 }
 
+// URL returns a link to the admin/healthcheck docs page for the given Message.
+// NOTE: if using a custom docs URL, specify base.
+func (m Message) URL(base string) string {
+	var codeAnchor string
+	if m.Code == "" {
+		codeAnchor = strings.ToLower(string(CodeUnknown))
+	} else {
+		codeAnchor = strings.ToLower(string(m.Code))
+	}
+
+	if base == "" {
+		base = docsURLDefault
+		versionPath := buildinfo.Version()
+		if buildinfo.IsDev() {
+			// for development versions, just use latest
+			versionPath = "latest"
+		}
+		return fmt.Sprintf("%s/%s/admin/healthcheck#%s", base, versionPath, codeAnchor)
+	}
+
+	// We don't assume that custom docs URLs are versioned.
+	return fmt.Sprintf("%s/admin/healthcheck#%s", base, codeAnchor)
+}
+
 // Code is a stable identifier used to link to documentation.
 // @typescript-generate Code
 type Code string
 
@@ -0,0 +1,32 @@
+package health_test
+
+import (
+	"testing"
+
+	"github.com/coder/coder/v2/coderd/healthcheck/health"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func Test_MessageURL(t *testing.T) {
+	t.Parallel()
+
+	for _, tt := range []struct {
+		name     string
+		code     health.Code
+		base     string
+		expected string
+	}{
+		{"empty", "", "", "https://coder.com/docs/v2/latest/admin/healthcheck#eunknown"},
+		{"default", health.CodeAccessURLFetch, "", "https://coder.com/docs/v2/latest/admin/healthcheck#eacs03"},
+		{"custom docs base", health.CodeAccessURLFetch, "https://example.com/docs", "https://example.com/docs/admin/healthcheck#eacs03"},
+	} {
+		tt := tt
+		t.Run(tt.name, func(t *testing.T) {
+			t.Parallel()
+			uut := health.Message{Code: tt.code}
+			actual := uut.URL(tt.base)
+			assert.Equal(t, tt.expected, actual)
+		})
+	}
+}
Original file line number	Diff line number	Diff line change
`@@ -103,7 +103,7 @@ func (q sqlQuerier) InTx(function func(Store) error, txOpts sql.TxOptions) err`
`103`	`103`	`// Transaction succeeded.`
`104`	`104`	`return nil`
`105`	`105`	`}`
`106`		`- if err != nil && !IsSerializedError(err) {`
	`106`	`+ if !IsSerializedError(err) {`
`107`	`107`	`// We should only retry if the error is a serialization error.`
`108`	`108`	`return err`
`109`	`109`	`}`
Original file line number	Diff line number	Diff line change
`@@ -156,8 +156,8 @@ func (r *RegionReport) Run(ctx context.Context) {`
`156`	`156`	`node = node`
`157`	`157`	`nodeReport = NodeReport{`
`158`	`158`	`DERPNodeReport: healthsdk.DERPNodeReport{`
`159`		`- Node: node,`
`160`	`159`	`Healthy: true,`
	`160`	`+ Node: node,`
`161`	`161`	`},`
`162`	`162`	`}`
`163`	`163`	`)`