coder
diff --git a/‎.github/dependabot.yaml
Lines changed: 2 additions & 1 deletion b/‎.github/dependabot.yaml
Lines changed: 2 additions & 1 deletion
diff --git a/‎.github/workflows/ci.yaml
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/ci.yaml
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/dogfood.yaml
Lines changed: 32 additions & 7 deletions b/‎.github/workflows/dogfood.yaml
Lines changed: 32 additions & 7 deletions
diff --git a/‎.github/workflows/security.yaml
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/security.yaml
Lines changed: 1 addition & 1 deletion
diff --git a/‎.vscode/markdown.code-snippets
Lines changed: 8 additions & 9 deletions b/‎.vscode/markdown.code-snippets
Lines changed: 8 additions & 9 deletions
diff --git a/‎Makefile
Lines changed: 3 additions & 3 deletions b/‎Makefile
Lines changed: 3 additions & 3 deletions
diff --git a/‎agent/agent_test.go
Lines changed: 48 additions & 0 deletions b/‎agent/agent_test.go
Lines changed: 48 additions & 0 deletions
diff --git a/‎agent/agentssh/agentssh.go
Lines changed: 3 additions & 0 deletions b/‎agent/agentssh/agentssh.go
Lines changed: 3 additions & 0 deletions
diff --git a/‎docs/CONTRIBUTING.md
Lines changed: 5 additions & 6 deletions b/‎docs/CONTRIBUTING.md
Lines changed: 5 additions & 6 deletions
diff --git a/‎docs/admin/external-auth.md
Lines changed: 13 additions & 24 deletions b/‎docs/admin/external-auth.md
Lines changed: 13 additions & 24 deletions
diff --git a/‎docs/admin/infrastructure/scale-utility.md
Lines changed: 12 additions & 14 deletions b/‎docs/admin/infrastructure/scale-utility.md
Lines changed: 12 additions & 14 deletions
diff --git a/‎docs/admin/infrastructure/validated-architectures/index.md
Lines changed: 2 additions & 3 deletions b/‎docs/admin/infrastructure/validated-architectures/index.md
Lines changed: 2 additions & 3 deletions
diff --git a/‎docs/admin/integrations/jfrog-artifactory.md
Lines changed: 2 additions & 5 deletions b/‎docs/admin/integrations/jfrog-artifactory.md
Lines changed: 2 additions & 5 deletions
@@ -37,7 +37,8 @@ updates:
   # Update our Dockerfile.
   - package-ecosystem: "docker"
     directories:
-      - "/dogfood/contents"
+      - "/dogfood/coder"
+      - "/dogfood/coder-envbuilder"
       - "/scripts"
       - "/examples/templates/docker/build"
       - "/examples/parameters/build"
 
@@ -172,7 +172,7 @@ jobs:
 
       - name: Get golangci-lint cache dir
         run: |
-          linter_ver=$(egrep -o 'GOLANGCI_LINT_VERSION=\S+' dogfood/contents/Dockerfile | cut -d '=' -f 2)
+          linter_ver=$(egrep -o 'GOLANGCI_LINT_VERSION=\S+' dogfood/coder/Dockerfile | cut -d '=' -f 2)
           go install github.com/golangci/golangci-lint/cmd/golangci-lint@v$linter_ver
           dir=$(golangci-lint cache status | awk '/Dir/ { print $2 }')
           echo "LINT_CACHE_DIR=$dir" >> $GITHUB_ENV
 
@@ -35,7 +35,26 @@ jobs:
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       - name: Setup Nix
-        uses: DeterminateSystems/nix-installer-action@e50d5f73bfe71c2dd0aa4218de8f4afa59f8f81d # v16
+        uses: nixbuild/nix-quick-install-action@5bb6a3b3abe66fd09bbf250dce8ada94f856a703 # v30
+
+      - uses: nix-community/cache-nix-action@aee88ae5efbbeb38ac5d9862ecbebdb404a19e69 # v6.1.1
+        with:
+          # restore and save a cache using this key
+          primary-key: nix-${{ runner.os }}-${{ hashFiles('**/*.nix', '**/flake.lock') }}
+          # if there's no cache hit, restore a cache by this prefix
+          restore-prefixes-first-match: nix-${{ runner.os }}-
+          # collect garbage until Nix store size (in bytes) is at most this number
+          # before trying to save a new cache
+          # 1G = 1073741824
+          gc-max-store-size-linux: 5G
+          # do purge caches
+          purge: true
+          # purge all versions of the cache
+          purge-prefixes: nix-${{ runner.os }}-
+          # created more than this number of seconds ago relative to the start of the `Post Restore` phase
+          purge-created: 0
+          # except the version with the `primary-key`, if it exists
+          purge-primary-key: never
 
       - name: Get branch name
         id: branch-name
@@ -68,7 +87,7 @@ jobs:
           project: b4q6ltmpzh
           token: ${{ secrets.DEPOT_TOKEN }}
           buildx-fallback: true
-          context: "{{defaultContext}}:dogfood/contents"
+          context: "{{defaultContext}}:dogfood/coder"
           pull: true
           save: true
           push: ${{ github.ref == 'refs/heads/main' }}
@@ -113,12 +132,18 @@ jobs:
 
       - name: Terraform init and validate
         run: |
-          cd dogfood
-          terraform init -upgrade
+          pushd dogfood/
+          terraform init
+          terraform validate
+          popd
+          pushd dogfood/coder
+          terraform init
           terraform validate
-          cd contents
-          terraform init -upgrade
+          popd
+          pushd dogfood/coder-envbuilder
+          terraform init
           terraform validate
+          popd
 
       - name: Get short commit SHA
         if: github.ref == 'refs/heads/main'
@@ -142,6 +167,6 @@ jobs:
           # Template source & details
           TF_VAR_CODER_TEMPLATE_NAME: ${{ secrets.CODER_TEMPLATE_NAME }}
           TF_VAR_CODER_TEMPLATE_VERSION: ${{ steps.vars.outputs.sha_short }}
-          TF_VAR_CODER_TEMPLATE_DIR: ./contents
+          TF_VAR_CODER_TEMPLATE_DIR: ./coder
           TF_VAR_CODER_TEMPLATE_MESSAGE: ${{ steps.message.outputs.pr_title }}
           TF_LOG: info
@@ -99,7 +99,7 @@ jobs:
           # version in the comments will differ. This is also defined in
           # ci.yaml.
           set -euxo pipefail
-          cd dogfood/contents
+          cd dogfood/coder
           mkdir -p /usr/local/bin
           mkdir -p /usr/local/include
 
 
@@ -1,14 +1,14 @@
 {
 	// For info about snippets, visit https://code.visualstudio.com/docs/editor/userdefinedsnippets
+    // https://docs.github.com/en/get-started/writing-on-github/getting-started-with-writing-and-formatting-on-github/basic-writing-and-formatting-syntax#alerts
 
-    "admonition": {
-        "prefix": "#callout",
+	"alert": {
+        "prefix": "#alert",
         "body": [
-            "<blockquote class=\"admonition ${1|caution,important,note,tip,warning|}\">\n",
-            "${TM_SELECTED_TEXT:${2:add info here}}\n",
-            "</blockquote>\n"
+            "> [!${1|CAUTION,IMPORTANT,NOTE,TIP,WARNING|}]",
+            "> ${TM_SELECTED_TEXT:${2:add info here}}\n"
         ],
-        "description": "callout admonition caution info note tip warning"
+        "description": "callout admonition caution important note tip warning"
     },
 	"fenced code block": {
 		"prefix": "#codeblock",
@@ -23,9 +23,8 @@
 	"premium-feature": {
 		"prefix": "#premium-feature",
 		"body": [
-			"<blockquote class=\"info\">\n",
-			"${1:feature} ${2|is,are|} an Enterprise and Premium feature. [Learn more](https://coder.com/pricing#compare-plans).\n",
-			"</blockquote>"
+			"> [!NOTE]\n",
+			"> ${1:feature} ${2|is,are|} an Enterprise and Premium feature. [Learn more](https://coder.com/pricing#compare-plans).\n"
 		]
 	},
 	"tabs": {
 
@@ -505,7 +505,7 @@ lint/ts: site/node_modules/.installed
 lint/go:
 	./scripts/check_enterprise_imports.sh
 	./scripts/check_codersdk_imports.sh
-	linter_ver=$(shell egrep -o 'GOLANGCI_LINT_VERSION=\S+' dogfood/contents/Dockerfile | cut -d '=' -f 2)
+	linter_ver=$(shell egrep -o 'GOLANGCI_LINT_VERSION=\S+' dogfood/coder/Dockerfile | cut -d '=' -f 2)
 	go run github.com/golangci/golangci-lint/cmd/golangci-lint@v$$linter_ver run
 .PHONY: lint/go
 
@@ -963,5 +963,5 @@ else
 endif
 .PHONY: test-e2e
 
-dogfood/contents/nix.hash: flake.nix flake.lock
-	sha256sum flake.nix flake.lock >./dogfood/contents/nix.hash
+dogfood/coder/nix.hash: flake.nix flake.lock
+	sha256sum flake.nix flake.lock >./dogfood/coder/nix.hash
@@ -51,6 +51,7 @@ import (
 	"github.com/coder/coder/v2/agent/agentssh"
 	"github.com/coder/coder/v2/agent/agenttest"
 	"github.com/coder/coder/v2/agent/proto"
+	"github.com/coder/coder/v2/agent/usershell"
 	"github.com/coder/coder/v2/codersdk"
 	"github.com/coder/coder/v2/codersdk/agentsdk"
 	"github.com/coder/coder/v2/codersdk/workspacesdk"
@@ -1193,6 +1194,53 @@ func TestAgent_SSHConnectionEnvVars(t *testing.T) {
 	}
 }
 
+func TestAgent_SSHConnectionLoginVars(t *testing.T) {
+	t.Parallel()
+
+	envInfo := usershell.SystemEnvInfo{}
+	u, err := envInfo.User()
+	require.NoError(t, err, "get current user")
+	shell, err := envInfo.Shell(u.Username)
+	require.NoError(t, err, "get current shell")
+
+	tests := []struct {
+		key  string
+		want string
+	}{
+		{
+			key:  "USER",
+			want: u.Username,
+		},
+		{
+			key:  "LOGNAME",
+			want: u.Username,
+		},
+		{
+			key:  "HOME",
+			want: u.HomeDir,
+		},
+		{
+			key:  "SHELL",
+			want: shell,
+		},
+	}
+	for _, tt := range tests {
+		tt := tt
+		t.Run(tt.key, func(t *testing.T) {
+			t.Parallel()
+
+			session := setupSSHSession(t, agentsdk.Manifest{}, codersdk.ServiceBannerConfig{}, nil)
+			command := "sh -c 'echo $" + tt.key + "'"
+			if runtime.GOOS == "windows" {
+				command = "cmd.exe /c echo %" + tt.key + "%"
+			}
+			output, err := session.Output(command)
+			require.NoError(t, err)
+			require.Equal(t, tt.want, strings.TrimSpace(string(output)))
+		})
+	}
+}
+
 func TestAgent_Metadata(t *testing.T) {
 	t.Parallel()
 
 
@@ -900,7 +900,10 @@ func (s *Server) CreateCommand(ctx context.Context, script string, env []string,
 		cmd.Dir = homedir
 	}
 	cmd.Env = append(ei.Environ(), env...)
+	// Set login variables (see `man login`).
 	cmd.Env = append(cmd.Env, fmt.Sprintf("USER=%s", username))
+	cmd.Env = append(cmd.Env, fmt.Sprintf("LOGNAME=%s", username))
+	cmd.Env = append(cmd.Env, fmt.Sprintf("SHELL=%s", shell))
 
 	// Set SSH connection environment variables (these are also set by OpenSSH
 	// and thus expected to be present by SSH clients). Since the agent does
 
@@ -117,9 +117,7 @@ This mode is useful for testing HA or validating more complex setups.
 
 ### Deploying a PR
 
-> You need to be a member or collaborator of the of
-> [coder](https://github.com/coder) GitHub organization to be able to deploy a
-> PR.
+You need to be a member or collaborator of the [coder](https://github.com/coder) GitHub organization to be able to deploy a PR.
 
 You can test your changes by creating a PR deployment. There are two ways to do
 this:
@@ -142,7 +140,8 @@ this:
   name and PR number, etc.
 - `-y` or `--yes`, will skip the CLI confirmation prompt.
 
-> Note: PR deployment will be re-deployed automatically when the PR is updated.
+> [!NOTE]
+> PR deployment will be re-deployed automatically when the PR is updated.
 > It will use the last values automatically for redeployment.
 
 Once the deployment is finished, a unique link and credentials will be posted in
@@ -256,8 +255,7 @@ Our frontend guide can be found [here](./contributing/frontend.md).
 
 ## Reviews
 
-> The following information has been borrowed from
-> [Go's review philosophy](https://go.dev/doc/contribute#reviews).
+The following information has been borrowed from [Go's review philosophy](https://go.dev/doc/contribute#reviews).
 
 Coder values thorough reviews. For each review comment that you receive, please
 "close" it by implementing the suggestion or providing an explanation on why the
@@ -345,6 +343,7 @@ Breaking changes can be triggered in two ways:
 
 ### Security
 
+> [!CAUTION]
 > If you find a vulnerability, **DO NOT FILE AN ISSUE**. Instead, send an email
 > to <security@coder.com>.
 
 
@@ -90,7 +90,8 @@ CODER_EXTERNAL_AUTH_0_CLIENT_SECRET=xxxxxxx
 CODER_EXTERNAL_AUTH_0_AUTH_URL="https://login.microsoftonline.com/<TENANT ID>/oauth2/authorize"
 ```
 
-> Note: Your app registration in Entra ID requires the `vso.code_write` scope
+> [!NOTE]
+> Your app registration in Entra ID requires the `vso.code_write` scope
 
 ### Bitbucket Server
 
@@ -120,11 +121,8 @@ The Redirect URI for Gitea should be
 
 ### GitHub
 
-<blockquote class="admonition tip">
-
-If you don't require fine-grained access control, it's easier to [configure a GitHub OAuth app](#configure-a-github-oauth-app).
-
-</blockquote>
+> [!TIP]
+> If you don't require fine-grained access control, it's easier to [configure a GitHub OAuth app](#configure-a-github-oauth-app).
 
 ```env
 CODER_EXTERNAL_AUTH_0_ID="USER_DEFINED_ID"
@@ -179,7 +177,8 @@ CODER_EXTERNAL_AUTH_0_VALIDATE_URL="https://your-domain.com/oauth/token/info"
 CODER_EXTERNAL_AUTH_0_REGEX=github\.company\.org
 ```
 
-> Note: The `REGEX` variable must be set if using a custom git domain.
+> [!NOTE]
+> The `REGEX` variable must be set if using a custom git domain.
 
 ## Custom scopes
 
@@ -222,26 +221,16 @@ CODER_EXTERNAL_AUTH_0_SCOPES="repo:read repo:write write:gpg_key"
 
    ![Install GitHub App](../images/admin/github-app-install.png)
 
-## Multiple External Providers
-
-<blockquote class="info">
-
-Multiple providers is an Enterprise and Premium feature.
-[Learn more](https://coder.com/pricing#compare-plans).
-
-</blockquote>
+## Multiple External Providers (Enterprise)(Premium)
 
 Below is an example configuration with multiple providers:
 
-<blockquote class="admonition warning">
-
-**Note:** To support regex matching for paths like `github\.com/org`, add the following `git config` line to the [Coder agent startup script](https://registry.terraform.io/providers/coder/coder/latest/docs/resources/agent#startup_script):
-
-```shell
-git config --global credential.useHttpPath true
-```
-
-</blockquote>
+> [!IMPORTANT]
+> To support regex matching for paths like `github\.com/org`, add the following `git config` line to the [Coder agent startup script](https://registry.terraform.io/providers/coder/coder/latest/docs/resources/agent#startup_script):
+>
+> ```shell
+> git config --global credential.useHttpPath true
+> ```
 
 ```env
 # Provider 1) github.com
 
@@ -28,27 +28,25 @@ hardware sizing recommendations.
 | Kubernetes (GKE) | 4 cores   | 16 GB     | 2              | db-custom-8-30720 | 2000  | 50                | 2000 simulated                        | `v2.8.4`      | Feb 28, 2024 |
 | Kubernetes (GKE) | 2 cores   | 4 GB      | 2              | db-custom-2-7680  | 1000  | 50                | 1000 simulated                        | `v2.10.2`     | Apr 26, 2024 |
 
-> Note: A simulated connection reads and writes random data at 40KB/s per connection.
+> [!NOTE]
+> A simulated connection reads and writes random data at 40KB/s per connection.
 
 ## Scale testing utility
 
 Since Coder's performance is highly dependent on the templates and workflows you
 support, you may wish to use our internal scale testing utility against your own
 environments.
 
-<blockquote class="admonition important">
-
-This utility is experimental.
-
-It is not subject to any compatibility guarantees and may cause interruptions
-for your users.
-To avoid potential outages and orphaned resources, we recommend that you run
-scale tests on a secondary "staging" environment or a dedicated
-[Kubernetes playground cluster](https://github.com/coder/coder/tree/main/scaletest/terraform).
-
-Run it against a production environment at your own risk.
-
-</blockquote>
+> [!IMPORTANT]
+> This utility is experimental.
+>
+> It is not subject to any compatibility guarantees and may cause interruptions
+> for your users.
+> To avoid potential outages and orphaned resources, we recommend that you run
+> scale tests on a secondary "staging" environment or a dedicated
+> [Kubernetes playground cluster](https://github.com/coder/coder/tree/main/scaletest/terraform).
+>
+> Run it against a production environment at your own risk.
 
 ### Create workspaces
 
 
@@ -36,9 +36,8 @@ cloud/on-premise computing, containerization, and the Coder platform.
 | Reference architectures for up to 3,000 users  | An approval of your architecture; the CVA solely provides recommendations and guidelines |
 | Best practices for building a Coder deployment | Recommendations for every possible deployment scenario                                   |
 
-> For higher level design principles and architectural best practices, see
-> Coder's
-> [Well-Architected Framework](https://coder.com/blog/coder-well-architected-framework).
+For higher level design principles and architectural best practices, see Coder's
+[Well-Architected Framework](https://coder.com/blog/coder-well-architected-framework).
 
 ## General concepts
 
 
@@ -131,11 +131,8 @@ To set this up, follow these steps:
    }
    ```
 
-   <blockquote class="info">
-
-   The admin-level access token is used to provision user tokens and is never exposed to developers or stored in workspaces.
-
-   </blockquote>
+   > [!NOTE]
+   > The admin-level access token is used to provision user tokens and is never exposed to developers or stored in workspaces.
 
 If you don't want to use the official modules, you can read through the [example template](https://github.com/coder/coder/tree/main/examples/jfrog/docker), which uses Docker as the underlying compute. The
 same concepts apply to all compute types.