coder
diff --git a/‎.github/actions/setup-go/action.yaml
Lines changed: 3 additions & 1 deletion b/‎.github/actions/setup-go/action.yaml
Lines changed: 3 additions & 1 deletion
diff --git a/‎.github/workflows/ci.yaml
Lines changed: 2 additions & 2 deletions b/‎.github/workflows/ci.yaml
Lines changed: 2 additions & 2 deletions
diff --git a/‎.github/workflows/dependabot.yaml
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/dependabot.yaml
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/docs-ci.yaml
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/docs-ci.yaml
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/nightly-gauntlet.yaml
Lines changed: 58 additions & 17 deletions b/‎.github/workflows/nightly-gauntlet.yaml
Lines changed: 58 additions & 17 deletions
diff --git a/‎.github/workflows/scorecard.yml
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/scorecard.yml
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/security.yaml
Lines changed: 3 additions & 3 deletions b/‎.github/workflows/security.yaml
Lines changed: 3 additions & 3 deletions
diff --git a/‎.gitignore
Lines changed: 1 addition & 0 deletions b/‎.gitignore
Lines changed: 1 addition & 0 deletions
diff --git a/‎agent/agent.go
Lines changed: 8 additions & 1 deletion b/‎agent/agent.go
Lines changed: 8 additions & 1 deletion
diff --git a/‎agent/agent_test.go
Lines changed: 11 additions & 6 deletions b/‎agent/agent_test.go
Lines changed: 11 additions & 6 deletions
diff --git a/‎agent/agentcontainers/devcontainer.go
Lines changed: 11 additions & 3 deletions b/‎agent/agentcontainers/devcontainer.go
Lines changed: 11 additions & 3 deletions
diff --git a/‎agent/agentcontainers/devcontainer_test.go
Lines changed: 1 addition & 3 deletions b/‎agent/agentcontainers/devcontainer_test.go
Lines changed: 1 addition & 3 deletions
diff --git a/‎agent/agenttest/client.go
Lines changed: 2 additions & 1 deletion b/‎agent/agenttest/client.go
Lines changed: 2 additions & 1 deletion
diff --git a/‎cli/agent.go
Lines changed: 13 additions & 0 deletions b/‎cli/agent.go
Lines changed: 13 additions & 0 deletions
@@ -26,13 +26,15 @@ runs:
         export GOCACHE_DIR="$RUNNER_TEMP""\go-cache"
         export GOMODCACHE_DIR="$RUNNER_TEMP""\go-mod-cache"
         export GOPATH_DIR="$RUNNER_TEMP""\go-path"
+        export GOTMP_DIR="$RUNNER_TEMP""\go-tmp"
         mkdir -p "$GOCACHE_DIR"
         mkdir -p "$GOMODCACHE_DIR"
         mkdir -p "$GOPATH_DIR"
+        mkdir -p "$GOTMP_DIR"
         go env -w GOCACHE="$GOCACHE_DIR"
         go env -w GOMODCACHE="$GOMODCACHE_DIR"
         go env -w GOPATH="$GOPATH_DIR"
-
+        go env -w GOTMPDIR="$GOTMP_DIR"
     - name: Setup Go
       uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
       with:
 
@@ -188,7 +188,7 @@ jobs:
 
       # Check for any typos
       - name: Check for typos
-        uses: crate-ci/typos@b1a1ef3893ff35ade0cfa71523852a49bfd05d19 # v1.31.1
+        uses: crate-ci/typos@0f0ccba9ed1df83948f0c15026e4f5ccfce46109 # v1.32.0
         with:
           config: .github/workflows/typos.toml
 
@@ -454,7 +454,7 @@ jobs:
           api-key: ${{ secrets.DATADOG_API_KEY }}
 
   test-go-pg:
-    runs-on: ${{ matrix.os == 'ubuntu-latest' && github.repository_owner == 'coder' && 'depot-ubuntu-22.04-4' || matrix.os }}
+    runs-on: ${{ matrix.os == 'ubuntu-latest' && github.repository_owner == 'coder' && 'depot-ubuntu-22.04-8' || matrix.os }}
     needs: changes
     if: needs.changes.outputs.go == 'true' || needs.changes.outputs.ci == 'true' || github.ref == 'refs/heads/main'
     # This timeout must be greater than the timeout set by `go test` in
 
@@ -23,7 +23,7 @@ jobs:
     steps:
       - name: Dependabot metadata
         id: metadata
-        uses: dependabot/fetch-metadata@d7267f607e9d3fb96fc2fbe83e0af444713e90b7 # v2.3.0
+        uses: dependabot/fetch-metadata@08eff52bf64351f401fb50d4972fa95b9f2c2d1b # v2.4.0
         with:
           github-token: "${{ secrets.GITHUB_TOKEN }}"
 
 
@@ -28,7 +28,7 @@ jobs:
       - name: Setup Node
         uses: ./.github/actions/setup-node
 
-      - uses: tj-actions/changed-files@5426ecc3f5c2b10effaefbd374f0abdc6a571b2f # v45.0.7
+      - uses: tj-actions/changed-files@480f49412651059a414a6a5c96887abb1877de8a # v45.0.7
         id: changed-files
         with:
           files: |
 
@@ -12,8 +12,9 @@ permissions:
 
 jobs:
   test-go-pg:
-    runs-on: ${{ matrix.os == 'macos-latest' && github.repository_owner == 'coder' && 'depot-macos-latest' || matrix.os == 'windows-2022' && github.repository_owner == 'coder' && 'windows-latest-16-cores' || matrix.os }}
-    if: github.ref == 'refs/heads/main'
+    # make sure to adjust NUM_PARALLEL_PACKAGES and NUM_PARALLEL_TESTS below
+    # when changing runner sizes
+    runs-on: ${{ matrix.os == 'macos-latest' && github.repository_owner == 'coder' && 'depot-macos-latest' || matrix.os == 'windows-2022' && github.repository_owner == 'coder' && 'depot-windows-2022-16' || matrix.os }}
     # This timeout must be greater than the timeout set by `go test` in
     # `make test-postgres` to ensure we receive a trace of running
     # goroutines. Setting this to the timeout +5m should work quite well
@@ -31,22 +32,39 @@ jobs:
         with:
           egress-policy: audit
 
+      # macOS indexes all new files in the background. Our Postgres tests
+      # create and destroy thousands of databases on disk, and Spotlight
+      # tries to index all of them, seriously slowing down the tests.
+      - name: Disable Spotlight Indexing
+        if: runner.os == 'macOS'
+        run: |
+          sudo mdutil -a -i off
+          sudo mdutil -X /
+          sudo launchctl bootout system /System/Library/LaunchDaemons/com.apple.metadata.mds.plist
+
+      # Set up RAM disks to speed up the rest of the job. This action is in
+      # a separate repository to allow its use before actions/checkout.
+      - name: Setup RAM Disks
+        if: runner.os == 'Windows'
+        uses: coder/setup-ramdisk-action@79dacfe70c47ad6d6c0dd7f45412368802641439
+
       - name: Checkout
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           fetch-depth: 1
 
       - name: Setup Go
         uses: ./.github/actions/setup-go
+        with:
+          # Runners have Go baked-in and Go will automatically
+          # download the toolchain configured in go.mod, so we don't
+          # need to reinstall it. It's faster on Windows runners.
+          use-preinstalled-go: ${{ runner.os == 'Windows' }}
+          use-temp-cache-dirs: ${{ runner.os == 'Windows' }}
 
       - name: Setup Terraform
         uses: ./.github/actions/setup-tf
 
-      # Sets up the ImDisk toolkit for Windows and creates a RAM disk on drive R:.
-      - name: Setup ImDisk
-        if: runner.os == 'Windows'
-        uses: ./.github/actions/setup-imdisk
-
       - name: Test with PostgreSQL Database
         env:
           POSTGRES_VERSION: "13"
@@ -55,6 +73,19 @@ jobs:
           LC_ALL: "en_US.UTF-8"
         shell: bash
         run: |
+          if [ "${{ runner.os }}" == "Windows" ]; then
+            # Create a temp dir on the R: ramdisk drive for Windows. The default
+            # C: drive is extremely slow: https://github.com/actions/runner-images/issues/8755
+            mkdir -p "R:/temp/embedded-pg"
+            go run scripts/embedded-pg/main.go -path "R:/temp/embedded-pg"
+          fi
+          if [ "${{ runner.os }}" == "macOS" ]; then
+            # Postgres runs faster on a ramdisk on macOS too
+            mkdir -p /tmp/tmpfs
+            sudo mount_tmpfs -o noowners -s 8g /tmp/tmpfs
+            go run scripts/embedded-pg/main.go -path /tmp/tmpfs/embedded-pg
+          fi
+
           # if macOS, install google-chrome for scaletests
           # As another concern, should we really have this kind of external dependency
           # requirement on standard CI?
@@ -72,19 +103,29 @@ jobs:
             touch ~/.bash_profile && echo "export BASH_SILENCE_DEPRECATION_WARNING=1" >> ~/.bash_profile
           fi
 
+          # Golang's default for these 2 variables is the number of logical CPUs.
+          # Our Windows and Linux runners have 16 cores, so they match up there.
+          NUM_PARALLEL_PACKAGES=16
+          NUM_PARALLEL_TESTS=16
           if [ "${{ runner.os }}" == "Windows" ]; then
-            # Create a temp dir on the R: ramdisk drive for Windows. The default
-            # C: drive is extremely slow: https://github.com/actions/runner-images/issues/8755
-            mkdir -p "R:/temp/embedded-pg"
-            go run scripts/embedded-pg/main.go -path "R:/temp/embedded-pg"
-          else
-            go run scripts/embedded-pg/main.go
+            # On Windows Postgres chokes up when we have 16x16=256 tests
+            # running in parallel, and dbtestutil.NewDB starts to take more than
+            # 10s to complete sometimes causing test timeouts. With 16x8=128 tests
+            # Postgres tends not to choke.
+            NUM_PARALLEL_PACKAGES=8
+          fi
+          if [ "${{ runner.os }}" == "macOS" ]; then
+            # Our macOS runners have 8 cores. We leave NUM_PARALLEL_TESTS at 16
+            # because the tests complete faster and Postgres doesn't choke. It seems
+            # that macOS's tmpfs is faster than the one on Windows.
+            NUM_PARALLEL_PACKAGES=8
           fi
 
-          # Reduce test parallelism, mirroring what we do for race tests.
-          # We'd been encountering issues with timing related flakes, and
-          # this seems to help.
-          DB=ci gotestsum --format standard-quiet -- -v -short -count=1 -parallel 4 -p 4 ./...
+          # We rerun failing tests to counteract flakiness coming from Postgres
+          # choking on macOS and Windows sometimes.
+          DB=ci gotestsum --rerun-fails=2 --rerun-fails-max-failures=1000 \
+            --format standard-quiet --packages "./..." \
+            -- -v -p $NUM_PARALLEL_PACKAGES -parallel=$NUM_PARALLEL_TESTS -count=1
 
       - name: Upload test stats to Datadog
         timeout-minutes: 1
 
@@ -47,6 +47,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
+        uses: github/codeql-action/upload-sarif@60168efe1c415ce0f5521ea06d5c2062adbeed1b # v3.28.17
         with:
           sarif_file: results.sarif
@@ -38,7 +38,7 @@ jobs:
         uses: ./.github/actions/setup-go
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
+        uses: github/codeql-action/init@60168efe1c415ce0f5521ea06d5c2062adbeed1b # v3.28.17
         with:
           languages: go, javascript
 
@@ -48,7 +48,7 @@ jobs:
           rm Makefile
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
+        uses: github/codeql-action/analyze@60168efe1c415ce0f5521ea06d5c2062adbeed1b # v3.28.17
 
       - name: Send Slack notification on failure
         if: ${{ failure() }}
@@ -150,7 +150,7 @@ jobs:
           severity: "CRITICAL,HIGH"
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16
+        uses: github/codeql-action/upload-sarif@60168efe1c415ce0f5521ea06d5c2062adbeed1b # v3.28.17
         with:
           sarif_file: trivy-results.sarif
           category: "Trivy"
 
@@ -50,6 +50,7 @@ site/stats/
 *.tfplan
 *.lock.hcl
 .terraform/
+!provisioner/terraform/testdata/modules-source-caching/.terraform/
 
 **/.coderv2/*
 **/__debug_bin
 
@@ -89,6 +89,7 @@ type Options struct {
 	ServiceBannerRefreshInterval time.Duration
 	BlockFileTransfer            bool
 	Execer                       agentexec.Execer
+	SubAgent                     bool
 
 	ExperimentalDevcontainersEnabled bool
 	ContainerAPIOptions              []agentcontainers.Option // Enable ExperimentalDevcontainersEnabled for these to be effective.
@@ -190,6 +191,8 @@ func New(options Options) Agent {
 		metrics:            newAgentMetrics(prometheusRegistry),
 		execer:             options.Execer,
 
+		subAgent: options.SubAgent,
+
 		experimentalDevcontainersEnabled: options.ExperimentalDevcontainersEnabled,
 		containerAPIOptions:              options.ContainerAPIOptions,
 	}
@@ -272,6 +275,8 @@ type agent struct {
 	metrics *agentMetrics
 	execer  agentexec.Execer
 
+	subAgent bool
+
 	experimentalDevcontainersEnabled bool
 	containerAPIOptions              []agentcontainers.Option
 	containerAPI                     atomic.Pointer[agentcontainers.API] // Set by apiHandler.
@@ -1085,6 +1090,8 @@ func (a *agent) handleManifest(manifestOK *checkpoint) func(ctx context.Context,
 		if err != nil {
 			return xerrors.Errorf("expand directory: %w", err)
 		}
+		// Normalize all devcontainer paths by making them absolute.
+		manifest.Devcontainers = agentcontainers.ExpandAllDevcontainerPaths(a.logger, expandPathToAbs, manifest.Devcontainers)
 		subsys, err := agentsdk.ProtoFromSubsystems(a.subsystems)
 		if err != nil {
 			a.logger.Critical(ctx, "failed to convert subsystems", slog.Error(err))
@@ -1127,7 +1134,7 @@ func (a *agent) handleManifest(manifestOK *checkpoint) func(ctx context.Context,
 			)
 			if a.experimentalDevcontainersEnabled {
 				var dcScripts []codersdk.WorkspaceAgentScript
-				scripts, dcScripts = agentcontainers.ExtractAndInitializeDevcontainerScripts(a.logger, expandPathToAbs, manifest.Devcontainers, scripts)
+				scripts, dcScripts = agentcontainers.ExtractAndInitializeDevcontainerScripts(manifest.Devcontainers, scripts)
 				// See ExtractAndInitializeDevcontainerScripts for motivation
 				// behind running dcScripts as post start scripts.
 				scriptRunnerOpts = append(scriptRunnerOpts, agentscripts.WithPostStartScripts(dcScripts...))
 
@@ -1998,8 +1998,9 @@ func TestAgent_ReconnectingPTYContainer(t *testing.T) {
 // You can run it manually as follows:
 //
 // CODER_TEST_USE_DOCKER=1 go test -count=1 ./agent -run TestAgent_DevcontainerAutostart
+//
+//nolint:paralleltest // This test sets an environment variable.
 func TestAgent_DevcontainerAutostart(t *testing.T) {
-	t.Parallel()
 	if os.Getenv("CODER_TEST_USE_DOCKER") != "1" {
 		t.Skip("Set CODER_TEST_USE_DOCKER=1 to run this test")
 	}
@@ -2012,9 +2013,12 @@ func TestAgent_DevcontainerAutostart(t *testing.T) {
 
 	// Prepare temporary devcontainer for test (mywork).
 	devcontainerID := uuid.New()
-	tempWorkspaceFolder := t.TempDir()
-	tempWorkspaceFolder = filepath.Join(tempWorkspaceFolder, "mywork")
+	tmpdir := t.TempDir()
+	t.Setenv("HOME", tmpdir)
+	tempWorkspaceFolder := filepath.Join(tmpdir, "mywork")
+	unexpandedWorkspaceFolder := filepath.Join("~", "mywork")
 	t.Logf("Workspace folder: %s", tempWorkspaceFolder)
+	t.Logf("Unexpanded workspace folder: %s", unexpandedWorkspaceFolder)
 	devcontainerPath := filepath.Join(tempWorkspaceFolder, ".devcontainer")
 	err = os.MkdirAll(devcontainerPath, 0o755)
 	require.NoError(t, err, "create devcontainer directory")
@@ -2031,9 +2035,10 @@ func TestAgent_DevcontainerAutostart(t *testing.T) {
 		// is expected to be prepared by the provisioner normally.
 		Devcontainers: []codersdk.WorkspaceAgentDevcontainer{
 			{
-				ID:              devcontainerID,
-				Name:            "test",
-				WorkspaceFolder: tempWorkspaceFolder,
+				ID:   devcontainerID,
+				Name: "test",
+				// Use an unexpanded path to test the expansion.
+				WorkspaceFolder: unexpandedWorkspaceFolder,
 			},
 		},
 		Scripts: []codersdk.WorkspaceAgentScript{
 
@@ -36,8 +36,6 @@ devcontainer up %s
 // initialize the workspace (e.g. git clone, npm install, etc). This is
 // important if e.g. a Coder module to install @devcontainer/cli is used.
 func ExtractAndInitializeDevcontainerScripts(
-	logger slog.Logger,
-	expandPath func(string) (string, error),
 	devcontainers []codersdk.WorkspaceAgentDevcontainer,
 	scripts []codersdk.WorkspaceAgentScript,
 ) (filteredScripts []codersdk.WorkspaceAgentScript, devcontainerScripts []codersdk.WorkspaceAgentScript) {
@@ -47,7 +45,6 @@ ScriptLoop:
 			// The devcontainer scripts match the devcontainer ID for
 			// identification.
 			if script.ID == dc.ID {
-				dc = expandDevcontainerPaths(logger, expandPath, dc)
 				devcontainerScripts = append(devcontainerScripts, devcontainerStartupScript(dc, script))
 				continue ScriptLoop
 			}
@@ -75,6 +72,17 @@ func devcontainerStartupScript(dc codersdk.WorkspaceAgentDevcontainer, script co
 	return script
 }
 
+// ExpandAllDevcontainerPaths expands all devcontainer paths in the given
+// devcontainers. This is required by the devcontainer CLI, which requires
+// absolute paths for the workspace folder and config path.
+func ExpandAllDevcontainerPaths(logger slog.Logger, expandPath func(string) (string, error), devcontainers []codersdk.WorkspaceAgentDevcontainer) []codersdk.WorkspaceAgentDevcontainer {
+	expanded := make([]codersdk.WorkspaceAgentDevcontainer, 0, len(devcontainers))
+	for _, dc := range devcontainers {
+		expanded = append(expanded, expandDevcontainerPaths(logger, expandPath, dc))
+	}
+	return expanded
+}
+
 func expandDevcontainerPaths(logger slog.Logger, expandPath func(string) (string, error), dc codersdk.WorkspaceAgentDevcontainer) codersdk.WorkspaceAgentDevcontainer {
 	logger = logger.With(slog.F("devcontainer", dc.Name), slog.F("workspace_folder", dc.WorkspaceFolder), slog.F("config_path", dc.ConfigPath))
 
 
@@ -242,9 +242,7 @@ func TestExtractAndInitializeDevcontainerScripts(t *testing.T) {
 				}
 			}
 			gotFilteredScripts, gotDevcontainerScripts := agentcontainers.ExtractAndInitializeDevcontainerScripts(
-				logger,
-				tt.args.expandPath,
-				tt.args.devcontainers,
+				agentcontainers.ExpandAllDevcontainerPaths(logger, tt.args.expandPath, tt.args.devcontainers),
 				tt.args.scripts,
 			)
 
 
@@ -24,7 +24,7 @@ import (
 	agentproto "github.com/coder/coder/v2/agent/proto"
 	"github.com/coder/coder/v2/codersdk"
 	"github.com/coder/coder/v2/codersdk/agentsdk"
-	drpcsdk "github.com/coder/coder/v2/codersdk/drpc"
+	"github.com/coder/coder/v2/codersdk/drpcsdk"
 	"github.com/coder/coder/v2/tailnet"
 	"github.com/coder/coder/v2/tailnet/proto"
 	"github.com/coder/coder/v2/testutil"
@@ -60,6 +60,7 @@ func NewClient(t testing.TB,
 	err = agentproto.DRPCRegisterAgent(mux, fakeAAPI)
 	require.NoError(t, err)
 	server := drpcserver.NewWithOptions(mux, drpcserver.Options{
+		Manager: drpcsdk.DefaultDRPCOptions(nil),
 		Log: func(err error) {
 			if xerrors.Is(err, io.EOF) {
 				return
 
@@ -53,6 +53,7 @@ func (r *RootCmd) workspaceAgent() *serpent.Command {
 		blockFileTransfer   bool
 		agentHeaderCommand  string
 		agentHeader         []string
+		subAgent            bool
 
 		experimentalDevcontainersEnabled bool
 	)
@@ -350,6 +351,7 @@ func (r *RootCmd) workspaceAgent() *serpent.Command {
 				PrometheusRegistry: prometheusRegistry,
 				BlockFileTransfer:  blockFileTransfer,
 				Execer:             execer,
+				SubAgent:           subAgent,
 
 				ExperimentalDevcontainersEnabled: experimentalDevcontainersEnabled,
 			})
@@ -481,6 +483,17 @@ func (r *RootCmd) workspaceAgent() *serpent.Command {
 			Description: "Allow the agent to automatically detect running devcontainers.",
 			Value:       serpent.BoolOf(&experimentalDevcontainersEnabled),
 		},
+		{
+			Flag:        "is-sub-agent",
+			Default:     "false",
+			Env:         "CODER_AGENT_IS_SUB_AGENT",
+			Description: "Specify whether this is a sub agent or not.",
+			Value:       serpent.BoolOf(&subAgent),
+			// As `coderd` handles the creation of sub-agents, it does not make
+			// sense for this to be exposed. We do not want people setting an
+			// agent as a sub-agent if it is not.
+			Hidden: true,
+		},
 	}
 
 	return cmd
Original file line number	Diff line number	Diff line change
`@@ -242,9 +242,7 @@ func TestExtractAndInitializeDevcontainerScripts(t *testing.T) {`
`242`	`242`	`}`
`243`	`243`	`}`
`244`	`244`	`gotFilteredScripts, gotDevcontainerScripts := agentcontainers.ExtractAndInitializeDevcontainerScripts(`
`245`		`- logger,`
`246`		`- tt.args.expandPath,`
`247`		`- tt.args.devcontainers,`
	`245`	`+ agentcontainers.ExpandAllDevcontainerPaths(logger, tt.args.expandPath, tt.args.devcontainers),`
`248`	`246`	`tt.args.scripts,`
`249`	`247`	`)`
`250`	`248`