coder
diff --git a/‎.github/workflows/ci.yaml
Lines changed: 6 additions & 6 deletions b/‎.github/workflows/ci.yaml
Lines changed: 6 additions & 6 deletions
diff --git a/‎.github/workflows/pr-deploy.yaml
Lines changed: 0 additions & 4 deletions b/‎.github/workflows/pr-deploy.yaml
Lines changed: 0 additions & 4 deletions
diff --git a/‎.github/workflows/release.yaml
Lines changed: 1 addition & 64 deletions b/‎.github/workflows/release.yaml
Lines changed: 1 addition & 64 deletions
diff --git a/‎.github/workflows/security.yaml
Lines changed: 4 additions & 4 deletions b/‎.github/workflows/security.yaml
Lines changed: 4 additions & 4 deletions
diff --git a/‎.github/workflows/typos.toml
Lines changed: 1 addition & 0 deletions b/‎.github/workflows/typos.toml
Lines changed: 1 addition & 0 deletions
diff --git a/‎Makefile
Lines changed: 1 addition & 1 deletion b/‎Makefile
Lines changed: 1 addition & 1 deletion
diff --git a/‎agent/agentscripts/agentscripts.go
Lines changed: 13 additions & 1 deletion b/‎agent/agentscripts/agentscripts.go
Lines changed: 13 additions & 1 deletion
diff --git a/‎agent/agentscripts/agentscripts_test.go
Lines changed: 9 additions & 0 deletions b/‎agent/agentscripts/agentscripts_test.go
Lines changed: 9 additions & 0 deletions
diff --git a/‎agent/agenttest/client.go
Lines changed: 2 additions & 2 deletions b/‎agent/agenttest/client.go
Lines changed: 2 additions & 2 deletions
@@ -144,7 +144,7 @@ jobs:
 
       # Check for any typos
       - name: Check for typos
-        uses: crate-ci/typos@v1.16.24
+        uses: crate-ci/typos@v1.16.25
         with:
           config: .github/workflows/typos.toml
 
@@ -478,15 +478,15 @@ jobs:
 
       - name: Upload Playwright Failed Tests
         if: always() && github.actor != 'dependabot[bot]' && runner.os == 'Linux' && !github.event.pull_request.head.repo.fork
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: failed-test-videos
           path: ./site/test-results/**/*.webm
           retention-days: 7
 
       - name: Upload pprof dumps
         if: always() && github.actor != 'dependabot[bot]' && runner.os == 'Linux' && !github.event.pull_request.head.repo.fork
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: debug-pprof-dumps
           path: ./site/test-results/**/debug-pprof-*.txt
@@ -734,7 +734,7 @@ jobs:
           prune-untagged: true
 
       - name: Upload build artifacts
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: coder
           path: |
@@ -775,7 +775,7 @@ jobs:
         uses: fluxcd/flux2/action@main
         with:
           # Keep this up to date with the version of flux installed in dogfood cluster
-          version: "2.2.0"
+          version: "2.2.1"
 
       - name: Get Cluster Credentials
         uses: "google-github-actions/get-gke-credentials@v2"
@@ -853,7 +853,7 @@ jobs:
         uses: google-github-actions/setup-gcloud@v2
 
       - name: Download build artifacts
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
         with:
           name: coder
           path: ./build
 
@@ -9,10 +9,6 @@ on:
       - main
   workflow_dispatch:
     inputs:
-      pr_number:
-        description: "PR number"
-        type: number
-        required: true
       experiments:
         description: "Experiments to enable"
         required: false
 
@@ -306,7 +306,7 @@ jobs:
 
       - name: Upload artifacts to actions (if dry-run)
         if: ${{ inputs.dry_run }}
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: release-artifacts
           path: |
@@ -479,66 +479,3 @@ jobs:
           # For gh CLI. We need a real token since we're commenting on a PR in a
           # different repo.
           GH_TOKEN: ${{ secrets.CDRCI_GITHUB_TOKEN }}
-
-  publish-chocolatey:
-    name: Publish to Chocolatey
-    runs-on: windows-latest
-    needs: release
-    if: ${{ !inputs.dry_run }}
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-
-      # Same reason as for release.
-      - name: Fetch git tags
-        run: git fetch --tags --force
-
-      # From https://chocolatey.org
-      - name: Install Chocolatey
-        run: |
-          Set-ExecutionPolicy Bypass -Scope Process -Force
-          [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072
-
-          iex ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1'))
-
-      - name: Build chocolatey package
-        run: |
-          cd scripts/chocolatey
-
-          # The package version is the same as the tag minus the leading "v".
-          # The version in this output already has the leading "v" removed but
-          # we do it again to be safe.
-          $version = "${{ needs.release.outputs.version }}".Trim('v')
-
-          $release_assets = gh release view --repo coder/coder "v${version}" --json assets | `
-            ConvertFrom-Json
-
-          # Get the URL for the Windows ZIP from the release assets.
-          $zip_url = $release_assets.assets | `
-            Where-Object name -Match ".*_windows_amd64.zip$" | `
-            Select -ExpandProperty url
-
-          echo "ZIP URL: ${zip_url}"
-          echo "Package version: ${version}"
-
-          echo "Downloading ZIP..."
-          Invoke-WebRequest $zip_url -OutFile assets.zip
-
-          echo "Extracting ZIP..."
-          Expand-Archive assets.zip -DestinationPath assets/
-
-          # No need to specify nuspec if there's only one in the directory.
-          choco pack --version=$version binary_path=assets/coder.exe
-
-          choco apikey --api-key $env:CHOCO_API_KEY --source https://push.chocolatey.org/
-
-          # No need to specify nupkg if there's only one in the directory.
-          choco push --source https://push.chocolatey.org/
-
-        env:
-          CHOCO_API_KEY: ${{ secrets.CHOCO_API_KEY }}
-          # We need a GitHub token for the gh CLI to function under GitHub Actions
-          GH_TOKEN: ${{ secrets.CDRCI_GITHUB_TOKEN }}
@@ -29,7 +29,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v2
+        uses: github/codeql-action/init@v3
         with:
           languages: go, javascript
 
@@ -42,7 +42,7 @@ jobs:
           rm Makefile
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v2
+        uses: github/codeql-action/analyze@v3
 
       - name: Send Slack notification on failure
         if: ${{ failure() }}
@@ -130,13 +130,13 @@ jobs:
           severity: "CRITICAL,HIGH"
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: trivy-results.sarif
           category: "Trivy"
 
       - name: Upload Trivy scan results as an artifact
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: trivy
           path: trivy-results.sarif
 
@@ -30,4 +30,5 @@ extend-exclude = [
 	"**/*_test.go",
 	"**/*.test.tsx",
 	"**/pnpm-lock.yaml",
+	"tailnet/testdata/**",
 ]
@@ -588,7 +588,7 @@ docs/cli.md: scripts/clidocgen/main.go examples/examples.gen.json $(GO_SRC_FILES
 	CI=true BASE_PATH="." go run ./scripts/clidocgen
 	pnpm run format:write:only ./docs/cli.md ./docs/cli/*.md ./docs/manifest.json
 
-docs/admin/audit-logs.md: scripts/auditdocgen/main.go enterprise/audit/table.go coderd/rbac/object_gen.go
+docs/admin/audit-logs.md: coderd/database/querier.go scripts/auditdocgen/main.go enterprise/audit/table.go coderd/rbac/object_gen.go
 	go run scripts/auditdocgen/main.go
 	pnpm run format:write:only ./docs/admin/audit-logs.md
 
 
@@ -129,7 +129,18 @@ func (r *Runner) StartCron() {
 	// has exited by the time the `cron.Stop()` context returns, so we need to
 	// track it manually.
 	err := r.trackCommandGoroutine(func() {
-		r.cron.Run()
+		// Since this is run async, in quick unit tests, it is possible the
+		// Close() function gets called before we even start the cron.
+		// In these cases, the Run() will never end.
+		// So if we are closed, we just return, and skip the Run() entirely.
+		select {
+		case <-r.cronCtx.Done():
+			// The cronCtx is canceled before cron.Close() happens. So if the ctx is
+			// canceled, then Close() will be called, or it is about to be called.
+			// So do nothing!
+		default:
+			r.cron.Run()
+		}
 	})
 	if err != nil {
 		r.Logger.Warn(context.Background(), "start cron failed", slog.Error(err))
@@ -315,6 +326,7 @@ func (r *Runner) Close() error {
 		return nil
 	}
 	close(r.closed)
+	// Must cancel the cron ctx BEFORE stopping the cron.
 	r.cronCtxCancel()
 	<-r.cron.Stop().Done()
 	r.cmdCloseWait.Wait()
 
@@ -53,6 +53,15 @@ func TestTimeout(t *testing.T) {
 	require.ErrorIs(t, runner.Execute(context.Background(), nil), agentscripts.ErrTimeout)
 }
 
+// TestCronClose exists because cron.Run() can happen after cron.Close().
+// If this happens, there used to be a deadlock.
+func TestCronClose(t *testing.T) {
+	t.Parallel()
+	runner := agentscripts.New(agentscripts.Options{})
+	runner.StartCron()
+	require.NoError(t, runner.Close(), "close runner")
+}
+
 func setup(t *testing.T, patchLogs func(ctx context.Context, req agentsdk.PatchLogs) error) *agentscripts.Runner {
 	t.Helper()
 	if patchLogs == nil {
 
@@ -24,7 +24,7 @@ func NewClient(t testing.TB,
 	agentID uuid.UUID,
 	manifest agentsdk.Manifest,
 	statsChan chan *agentsdk.Stats,
-	coordinator tailnet.Coordinator,
+	coordinator tailnet.CoordinatorV1,
 ) *Client {
 	if manifest.AgentID == uuid.Nil {
 		manifest.AgentID = agentID
@@ -47,7 +47,7 @@ type Client struct {
 	manifest             agentsdk.Manifest
 	metadata             map[string]agentsdk.Metadata
 	statsChan            chan *agentsdk.Stats
-	coordinator          tailnet.Coordinator
+	coordinator          tailnet.CoordinatorV1
 	LastWorkspaceAgent   func()
 	PatchWorkspaceLogs   func() error
 	GetServiceBannerFunc func() (codersdk.ServiceBannerConfig, error)
Original file line number	Diff line number	Diff line change
`@@ -30,4 +30,5 @@ extend-exclude = [`
`30`	`30`	`"*/_test.go",`
`31`	`31`	`"*/.test.tsx",`
`32`	`32`	`"**/pnpm-lock.yaml",`
	`33`	`+ "tailnet/testdata/**",`
`33`	`34`	`]`