coder
diff --git a/‎.github/pull_request_template.md
Lines changed: 0 additions & 3 deletions b/‎.github/pull_request_template.md
Lines changed: 0 additions & 3 deletions
diff --git a/‎.github/workflows/ci.yaml
Lines changed: 4 additions & 3 deletions b/‎.github/workflows/ci.yaml
Lines changed: 4 additions & 3 deletions
diff --git a/‎.github/workflows/contrib.yaml
Lines changed: 0 additions & 14 deletions b/‎.github/workflows/contrib.yaml
Lines changed: 0 additions & 14 deletions
diff --git a/‎.github/workflows/security.yaml
Lines changed: 16 additions & 0 deletions b/‎.github/workflows/security.yaml
Lines changed: 16 additions & 0 deletions
diff --git a/‎.gitignore
Lines changed: 2 additions & 0 deletions b/‎.gitignore
Lines changed: 2 additions & 0 deletions
diff --git a/‎.golangci.yaml
Lines changed: 0 additions & 2 deletions b/‎.golangci.yaml
Lines changed: 0 additions & 2 deletions
diff --git a/‎.prettierignore
Lines changed: 2 additions & 0 deletions b/‎.prettierignore
Lines changed: 2 additions & 0 deletions
diff --git a/‎Makefile
Lines changed: 7 additions & 2 deletions b/‎Makefile
Lines changed: 7 additions & 2 deletions
diff --git a/‎agent/agent.go
Lines changed: 27 additions & 18 deletions b/‎agent/agent.go
Lines changed: 27 additions & 18 deletions
diff --git a/‎agent/agent_test.go
Lines changed: 69 additions & 37 deletions b/‎agent/agent_test.go
Lines changed: 69 additions & 37 deletions
@@ -186,8 +186,9 @@ jobs:
 
       - name: Install Protoc
         run: |
-          # protoc must be in lockstep with our dogfood Dockerfile
-          # or the version in the comments will differ.
+          # protoc must be in lockstep with our dogfood Dockerfile or the
+          # version in the comments will differ. This is also defined in
+          # security.yaml
           set -x
           cd dogfood
           DOCKER_BUILDKIT=1 docker build . --target proto -t protoc
@@ -511,7 +512,7 @@ jobs:
       - name: Install node_modules
         run: ./scripts/yarn_install.sh
 
-      - run: yarn test:ci
+      - run: yarn test:ci --max-workers ${{ steps.cpu-cores.outputs.count }}
         working-directory: site
 
       - uses: codecov/codecov-action@v3
 
@@ -27,20 +27,6 @@ jobs:
     steps:
       - uses: hmarr/auto-approve-action@v3
         if: github.actor == 'dependabot[bot]'
-  auto-approve-docs:
-    runs-on: ubuntu-latest
-    if: github.event_name == 'pull_request_target'
-    permissions:
-      pull-requests: write
-    steps:
-      - uses: actions/checkout@v3
-      - name: Get changed files in the docs folder
-        id: changed-files
-        uses: tj-actions/changed-files@v35
-        with:
-          files: docs/*
-      - uses: hmarr/auto-approve-action@v3
-        if: github.actor == 'bpmct' && steps.changed-files.outputs.only_changed == 'true'
 
   cla:
     runs-on: ubuntu-latest
 
@@ -99,6 +99,22 @@ jobs:
 
       - name: Install yq
         run: go run github.com/mikefarah/yq/v4@v4.30.6
+      - name: Install protoc-gen-go
+        run: go install google.golang.org/protobuf/cmd/protoc-gen-go@v1.26
+      - name: Install protoc-gen-go-drpc
+        run: go install storj.io/drpc/cmd/protoc-gen-go-drpc@v0.0.26
+      - name: Install Protoc
+        run: |
+          # protoc must be in lockstep with our dogfood Dockerfile or the
+          # version in the comments will differ. This is also defined in
+          # ci.yaml.
+          set -x
+          cd dogfood
+          DOCKER_BUILDKIT=1 docker build . --target proto -t protoc
+          protoc_path=/usr/local/bin/protoc
+          docker run --rm --entrypoint cat protoc /tmp/bin/protoc > $protoc_path
+          chmod +x $protoc_path
+          protoc --version
 
       - name: Build Coder linux amd64 Docker image
         id: build
 
@@ -27,9 +27,11 @@ site/test-results/*
 site/e2e/test-results/*
 site/e2e/states/*.json
 site/playwright-report/*
+site/.swc
 
 # Make target for updating golden files.
 cli/testdata/.gen-golden
+helm/tests/testdata/.gen-golden
 
 # Build
 /build/
 
@@ -215,7 +215,6 @@ linters:
     - asciicheck
     - bidichk
     - bodyclose
-    - deadcode
     - dogsled
     - errcheck
     - errname
@@ -259,4 +258,3 @@ linters:
     - typecheck
     - unconvert
     - unused
-    - varcheck
@@ -30,9 +30,11 @@ site/test-results/*
 site/e2e/test-results/*
 site/e2e/states/*.json
 site/playwright-report/*
+site/.swc
 
 # Make target for updating golden files.
 cli/testdata/.gen-golden
+helm/tests/testdata/.gen-golden
 
 # Build
 /build/
 
@@ -501,7 +501,8 @@ docs/admin/prometheus.md: scripts/metricsdocgen/main.go scripts/metricsdocgen/me
 	yarn run format:write:only ../docs/admin/prometheus.md
 
 docs/cli.md: scripts/clidocgen/main.go $(GO_SRC_FILES) docs/manifest.json
-	rm -rf ./docs/cli/*.md
+	# TODO(@ammario): re-enable server.md once we finish clibase migration.
+	ls ./docs/cli/*.md | grep -vP "\/coder_server" | xargs rm
 	BASE_PATH="." go run ./scripts/clidocgen
 	cd site
 	yarn run format:write:only ../docs/cli.md ../docs/cli/*.md ../docs/manifest.json
@@ -515,13 +516,17 @@ coderd/apidoc/swagger.json: $(shell find ./scripts/apidocgen $(FIND_EXCLUSIONS)
 	./scripts/apidocgen/generate.sh
 	yarn run --cwd=site format:write:only ../docs/api ../docs/manifest.json ../coderd/apidoc/swagger.json
 
-update-golden-files: cli/testdata/.gen-golden
+update-golden-files: cli/testdata/.gen-golden helm/tests/testdata/.gen-golden
 .PHONY: update-golden-files
 
 cli/testdata/.gen-golden: $(wildcard cli/testdata/*.golden) $(GO_SRC_FILES)
 	go test ./cli -run=TestCommandHelp -update
 	touch "$@"
 
+helm/tests/testdata/.gen-golden: $(wildcard helm/tests/testdata/*.golden) $(GO_SRC_FILES)
+	go test ./helm/tests -run=TestUpdateGoldenFiles -update
+	touch "$@"
+
 # Generate a prettierrc for the site package that uses relative paths for
 # overrides. This allows us to share the same prettier config between the
 # site and the root of the repo.
 
@@ -17,6 +17,7 @@ import (
 	"os/exec"
 	"os/user"
 	"path/filepath"
+	"reflect"
 	"runtime"
 	"sort"
 	"strconv"
@@ -60,7 +61,7 @@ const (
 
 	// MagicSSHSessionTypeEnvironmentVariable is used to track the purpose behind an SSH connection.
 	// This is stripped from any commands being executed, and is counted towards connection stats.
-	MagicSSHSessionTypeEnvironmentVariable = "__CODER_SSH_SESSION_TYPE"
+	MagicSSHSessionTypeEnvironmentVariable = "CODER_SSH_SESSION_TYPE"
 	// MagicSSHSessionTypeVSCode is set in the SSH config by the VS Code extension to identify itself.
 	MagicSSHSessionTypeVSCode = "vscode"
 	// MagicSSHSessionTypeJetBrains is set in the SSH config by the JetBrains extension to identify itself.
@@ -76,6 +77,7 @@ type Options struct {
 	ReconnectingPTYTimeout time.Duration
 	EnvironmentVariables   map[string]string
 	Logger                 slog.Logger
+	AgentPorts             map[int]string
 }
 
 type Client interface {
@@ -122,9 +124,8 @@ func New(options Options) io.Closer {
 		tempDir:                options.TempDir,
 		lifecycleUpdate:        make(chan struct{}, 1),
 		lifecycleReported:      make(chan codersdk.WorkspaceAgentLifecycle, 1),
-		// TODO: This is a temporary hack to make tests not flake.
-		// @kylecarbs has a better solution in here: https://github.com/coder/coder/pull/6469
-		connStatsChan: make(chan *agentsdk.Stats, 8),
+		ignorePorts:            options.AgentPorts,
+		connStatsChan:          make(chan *agentsdk.Stats, 1),
 	}
 	a.init(ctx)
 	return a
@@ -137,6 +138,10 @@ type agent struct {
 	filesystem    afero.Fs
 	logDir        string
 	tempDir       string
+	// ignorePorts tells the api handler which ports to ignore when
+	// listing all listening ports. This is helpful to hide ports that
+	// are used by the agent, that the user does not care about.
+	ignorePorts map[int]string
 
 	reconnectingPTYs       sync.Map
 	reconnectingPTYTimeout time.Duration
@@ -159,11 +164,8 @@ type agent struct {
 
 	network       *tailnet.Conn
 	connStatsChan chan *agentsdk.Stats
+	latestStat    atomic.Pointer[agentsdk.Stats]
 
-	statRxPackets            atomic.Int64
-	statRxBytes              atomic.Int64
-	statTxPackets            atomic.Int64
-	statTxBytes              atomic.Int64
 	connCountVSCode          atomic.Int64
 	connCountJetBrains       atomic.Int64
 	connCountReconnectingPTY atomic.Int64
@@ -905,10 +907,13 @@ func (a *agent) handleSSHSession(session ssh.Session) (retErr error) {
 	switch magicType {
 	case MagicSSHSessionTypeVSCode:
 		a.connCountVSCode.Add(1)
+		defer a.connCountVSCode.Add(-1)
 	case MagicSSHSessionTypeJetBrains:
 		a.connCountJetBrains.Add(1)
+		defer a.connCountJetBrains.Add(-1)
 	case "":
 		a.connCountSSHSession.Add(1)
+		defer a.connCountSSHSession.Add(-1)
 	default:
 		a.logger.Warn(ctx, "invalid magic ssh session type specified", slog.F("type", magicType))
 	}
@@ -1012,6 +1017,7 @@ func (a *agent) handleReconnectingPTY(ctx context.Context, logger slog.Logger, m
 	defer conn.Close()
 
 	a.connCountReconnectingPTY.Add(1)
+	defer a.connCountReconnectingPTY.Add(-1)
 
 	connectionID := uuid.NewString()
 	logger = logger.With(slog.F("id", msg.ID), slog.F("connection_id", connectionID))
@@ -1210,18 +1216,15 @@ func (a *agent) startReportingConnectionStats(ctx context.Context) {
 			ConnectionCount:    int64(len(networkStats)),
 			ConnectionsByProto: map[string]int64{},
 		}
-		// Tailscale resets counts on every report!
-		// We'd rather have these compound, like Linux does!
 		for conn, counts := range networkStats {
 			stats.ConnectionsByProto[conn.Proto.String()]++
-			stats.RxBytes = a.statRxBytes.Add(int64(counts.RxBytes))
-			stats.RxPackets = a.statRxPackets.Add(int64(counts.RxPackets))
-			stats.TxBytes = a.statTxBytes.Add(int64(counts.TxBytes))
-			stats.TxPackets = a.statTxPackets.Add(int64(counts.TxPackets))
+			stats.RxBytes += int64(counts.RxBytes)
+			stats.RxPackets += int64(counts.RxPackets)
+			stats.TxBytes += int64(counts.TxBytes)
+			stats.TxPackets += int64(counts.TxPackets)
 		}
 
-		// Tailscale's connection stats are not cumulative, but it makes no sense to make
-		// ours temporary.
+		// The count of active sessions.
 		stats.SessionCountSSH = a.connCountSSHSession.Load()
 		stats.SessionCountVSCode = a.connCountVSCode.Load()
 		stats.SessionCountJetBrains = a.connCountJetBrains.Load()
@@ -1270,10 +1273,16 @@ func (a *agent) startReportingConnectionStats(ctx context.Context) {
 		// Convert from microseconds to milliseconds.
 		stats.ConnectionMedianLatencyMS /= 1000
 
+		lastStat := a.latestStat.Load()
+		if lastStat != nil && reflect.DeepEqual(lastStat, stats) {
+			a.logger.Info(ctx, "skipping stat because nothing changed")
+			return
+		}
+		a.latestStat.Store(stats)
+
 		select {
 		case a.connStatsChan <- stats:
-		default:
-			a.logger.Warn(ctx, "network stat dropped")
+		case <-a.closed:
 		}
 	}
 
 
@@ -68,7 +68,10 @@ func TestAgent_Stats_SSH(t *testing.T) {
 	session, err := sshClient.NewSession()
 	require.NoError(t, err)
 	defer session.Close()
-	require.NoError(t, session.Run("echo test"))
+	stdin, err := session.StdinPipe()
+	require.NoError(t, err)
+	err = session.Shell()
+	require.NoError(t, err)
 
 	var s *agentsdk.Stats
 	require.Eventuallyf(t, func() bool {
@@ -78,6 +81,9 @@ func TestAgent_Stats_SSH(t *testing.T) {
 	}, testutil.WaitLong, testutil.IntervalFast,
 		"never saw stats: %+v", s,
 	)
+	_ = stdin.Close()
+	err = session.Wait()
+	require.NoError(t, err)
 }
 
 func TestAgent_Stats_ReconnectingPTY(t *testing.T) {
@@ -112,43 +118,69 @@ func TestAgent_Stats_ReconnectingPTY(t *testing.T) {
 
 func TestAgent_Stats_Magic(t *testing.T) {
 	t.Parallel()
+	t.Run("StripsEnvironmentVariable", func(t *testing.T) {
+		t.Parallel()
+		ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
+		defer cancel()
+		//nolint:dogsled
+		conn, _, _, _, _ := setupAgent(t, agentsdk.Metadata{}, 0)
+		sshClient, err := conn.SSHClient(ctx)
+		require.NoError(t, err)
+		defer sshClient.Close()
+		session, err := sshClient.NewSession()
+		require.NoError(t, err)
+		session.Setenv(agent.MagicSSHSessionTypeEnvironmentVariable, agent.MagicSSHSessionTypeVSCode)
+		defer session.Close()
 
-	ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
-	defer cancel()
-
-	//nolint:dogsled
-	conn, _, stats, _, _ := setupAgent(t, agentsdk.Metadata{}, 0)
-	sshClient, err := conn.SSHClient(ctx)
-	require.NoError(t, err)
-	defer sshClient.Close()
-	session, err := sshClient.NewSession()
-	require.NoError(t, err)
-	session.Setenv(agent.MagicSSHSessionTypeEnvironmentVariable, agent.MagicSSHSessionTypeVSCode)
-	defer session.Close()
-
-	command := "sh -c 'echo $" + agent.MagicSSHSessionTypeEnvironmentVariable + "'"
-	expected := ""
-	if runtime.GOOS == "windows" {
-		expected = "%" + agent.MagicSSHSessionTypeEnvironmentVariable + "%"
-		command = "cmd.exe /c echo " + expected
-	}
-	output, err := session.Output(command)
-	require.NoError(t, err)
-	require.Equal(t, expected, strings.TrimSpace(string(output)))
-	var s *agentsdk.Stats
-	require.Eventuallyf(t, func() bool {
-		var ok bool
-		s, ok = <-stats
-		return ok && s.ConnectionCount > 0 && s.RxBytes > 0 && s.TxBytes > 0 &&
-			// Ensure that the connection didn't count as a "normal" SSH session.
-			// This was a special one, so it should be labeled specially in the stats!
-			s.SessionCountVSCode == 1 &&
-			// Ensure that connection latency is being counted!
-			// If it isn't, it's set to -1.
-			s.ConnectionMedianLatencyMS >= 0
-	}, testutil.WaitLong, testutil.IntervalFast,
-		"never saw stats: %+v", s,
-	)
+		command := "sh -c 'echo $" + agent.MagicSSHSessionTypeEnvironmentVariable + "'"
+		expected := ""
+		if runtime.GOOS == "windows" {
+			expected = "%" + agent.MagicSSHSessionTypeEnvironmentVariable + "%"
+			command = "cmd.exe /c echo " + expected
+		}
+		output, err := session.Output(command)
+		require.NoError(t, err)
+		require.Equal(t, expected, strings.TrimSpace(string(output)))
+	})
+	t.Run("Tracks", func(t *testing.T) {
+		t.Parallel()
+		if runtime.GOOS == "window" {
+			t.Skip("Sleeping for infinity doesn't work on Windows")
+		}
+		ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
+		defer cancel()
+		//nolint:dogsled
+		conn, _, stats, _, _ := setupAgent(t, agentsdk.Metadata{}, 0)
+		sshClient, err := conn.SSHClient(ctx)
+		require.NoError(t, err)
+		defer sshClient.Close()
+		session, err := sshClient.NewSession()
+		require.NoError(t, err)
+		session.Setenv(agent.MagicSSHSessionTypeEnvironmentVariable, agent.MagicSSHSessionTypeVSCode)
+		defer session.Close()
+		stdin, err := session.StdinPipe()
+		require.NoError(t, err)
+		err = session.Shell()
+		require.NoError(t, err)
+		var s *agentsdk.Stats
+		require.Eventuallyf(t, func() bool {
+			var ok bool
+			s, ok = <-stats
+			return ok && s.ConnectionCount > 0 && s.RxBytes > 0 && s.TxBytes > 0 &&
+				// Ensure that the connection didn't count as a "normal" SSH session.
+				// This was a special one, so it should be labeled specially in the stats!
+				s.SessionCountVSCode == 1 &&
+				// Ensure that connection latency is being counted!
+				// If it isn't, it's set to -1.
+				s.ConnectionMedianLatencyMS >= 0
+		}, testutil.WaitLong, testutil.IntervalFast,
+			"never saw stats: %+v", s,
+		)
+		// The shell will automatically exit if there is no stdin!
+		_ = stdin.Close()
+		err = session.Wait()
+		require.NoError(t, err)
+	})
 }
 
 func TestAgent_SessionExec(t *testing.T) {