coder
diff --git a/‎.github/workflows/ci.yaml
Lines changed: 7 additions & 3 deletions b/‎.github/workflows/ci.yaml
Lines changed: 7 additions & 3 deletions
diff --git a/‎.github/workflows/contrib.yaml
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/contrib.yaml
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/docker-base.yaml
Lines changed: 30 additions & 0 deletions b/‎.github/workflows/docker-base.yaml
Lines changed: 30 additions & 0 deletions
diff --git a/‎.github/workflows/pr-auto-assign.yaml
Lines changed: 16 additions & 0 deletions b/‎.github/workflows/pr-auto-assign.yaml
Lines changed: 16 additions & 0 deletions
diff --git a/‎.github/workflows/release.yaml
Lines changed: 31 additions & 1 deletion b/‎.github/workflows/release.yaml
Lines changed: 31 additions & 1 deletion
diff --git a/‎.github/workflows/security.yaml
Lines changed: 2 additions & 2 deletions b/‎.github/workflows/security.yaml
Lines changed: 2 additions & 2 deletions
diff --git a/‎.vscode/settings.json
Lines changed: 2 additions & 0 deletions b/‎.vscode/settings.json
Lines changed: 2 additions & 0 deletions
diff --git a/‎Makefile
Lines changed: 13 additions & 6 deletions b/‎Makefile
Lines changed: 13 additions & 6 deletions
diff --git a/‎agent/agent.go
Lines changed: 18 additions & 17 deletions b/‎agent/agent.go
Lines changed: 18 additions & 17 deletions
@@ -41,7 +41,7 @@ jobs:
 
       # Check for any typos!
       - name: Check for typos
-        uses: crate-ci/typos@v1.13.9
+        uses: crate-ci/typos@v1.13.14
         with:
           config: .github/workflows/typos.toml
       - name: Fix the typos
@@ -506,7 +506,7 @@ jobs:
 
       - uses: actions/setup-node@v3
         with:
-          node-version: "14"
+          node-version: "16.16.0"
 
       - name: Install node_modules
         run: ./scripts/yarn_install.sh
@@ -555,7 +555,7 @@ jobs:
 
       - uses: actions/setup-node@v3
         with:
-          node-version: "14"
+          node-version: "16.16.0"
 
       - name: Echo Go Cache Paths
         id: go-cache-paths
@@ -609,6 +609,10 @@ jobs:
           # only get 1 commit on shallow checkout.
           fetch-depth: 0
 
+      - uses: actions/setup-node@v3
+        with:
+          node-version: "16.16.0"
+
       - name: Install dependencies
         run: cd site && yarn
 
 
@@ -33,7 +33,7 @@ jobs:
     steps:
       - name: cla
         if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request_target'
-        uses: contributor-assistant/github-action@v2.2.1
+        uses: contributor-assistant/github-action@v2.3.0
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           # the below token should have repo scope and must be manually added by you in the repository's secret
 
@@ -53,8 +53,38 @@ jobs:
           project: wl5hnrrkns
           context: base-build-context
           file: scripts/Dockerfile.base
+          platforms: linux/amd64,linux/arm64,linux/arm/v7
           pull: true
           no-cache: true
           push: true
           tags: |
             ghcr.io/coder/coder-base:latest
+
+      - name: Verify that images are pushed properly
+        run: |
+          # retry 10 times with a 5 second delay as the images may not be
+          # available immediately
+          for i in {1..10}; do
+            rc=0
+            raw_manifests=$(docker buildx imagetools inspect --raw ghcr.io/coder/coder-base:latest) || rc=$?
+            if [[ "$rc" -eq 0 ]]; then
+              break
+            fi
+            if [[ "$i" -eq 10 ]]; then
+              echo "Failed to pull manifests after 10 retries"
+              exit 1
+            fi
+            echo "Failed to pull manifests, retrying in 5 seconds"
+            sleep 5
+          done
+
+          manifests=$(
+            echo "$raw_manifests" | \
+              jq -r '.manifests[].platform | .os + "/" + .architecture + (if .variant then "/" + .variant else "" end)'
+          )
+
+          # Verify all 3 platforms are present.
+          set -euxo pipefail
+          echo "$manifests" | grep -q linux/amd64
+          echo "$manifests" | grep -q linux/arm64
+          echo "$manifests" | grep -q linux/arm/v7
@@ -0,0 +1,16 @@
+# Filtering pull requests is much easier when we can reliably guarantee
+# that the "Assignee" field is populated.
+name: PR Auto Assign
+
+on:
+  pull_request_target:
+    types: [opened]
+
+permissions:
+  pull-requests: write
+
+jobs:
+  assign-author:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: toshimaru/auto-author-assign@v1.6.2
@@ -188,12 +188,42 @@ jobs:
           project: wl5hnrrkns
           context: base-build-context
           file: scripts/Dockerfile.base
+          platforms: linux/amd64,linux/arm64,linux/arm/v7
           pull: true
           no-cache: true
           push: true
           tags: |
             ${{ steps.image-base-tag.outputs.tag }}
 
+      - name: Verify that images are pushed properly
+        run: |
+          # retry 10 times with a 5 second delay as the images may not be
+          # available immediately
+          for i in {1..10}; do
+            rc=0
+            raw_manifests=$(docker buildx imagetools inspect --raw "${{ steps.image-base-tag.outputs.tag }}") || rc=$?
+            if [[ "$rc" -eq 0 ]]; then
+              break
+            fi
+            if [[ "$i" -eq 10 ]]; then
+              echo "Failed to pull manifests after 10 retries"
+              exit 1
+            fi
+            echo "Failed to pull manifests, retrying in 5 seconds"
+            sleep 5
+          done
+
+          manifests=$(
+            echo "$raw_manifests" | \
+              jq -r '.manifests[].platform | .os + "/" + .architecture + (if .variant then "/" + .variant else "" end)'
+          )
+
+          # Verify all 3 platforms are present.
+          set -euxo pipefail
+          echo "$manifests" | grep -q linux/amd64
+          echo "$manifests" | grep -q linux/arm64
+          echo "$manifests" | grep -q linux/arm/v7
+
       - name: Build Linux Docker images
         run: |
           set -euxo pipefail
@@ -275,7 +305,7 @@ jobs:
 
       - name: Upload artifacts to actions (if dry-run)
         if: ${{ inputs.dry_run }}
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v3
         with:
           name: release-artifacts
           path: |
 
@@ -116,7 +116,7 @@ jobs:
           echo "image=$(cat "$image_job")" >> $GITHUB_OUTPUT
 
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@9ab158e8597f3b310480b9a69402b419bc03dbd5
+        uses: aquasecurity/trivy-action@8bd2f9fbda2109502356ff8a6a89da55b1ead252
         with:
           image-ref: ${{ steps.build.outputs.image }}
           format: sarif
@@ -130,7 +130,7 @@ jobs:
           category: "Trivy"
 
       - name: Upload Trivy scan results as an artifact
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v3
         with:
           name: trivy
           path: trivy-results.sarif
 
@@ -4,6 +4,7 @@
     "agentsdk",
     "apps",
     "ASKPASS",
+    "authcheck",
     "autostop",
     "awsidentity",
     "bodyclose",
@@ -113,6 +114,7 @@
     "stretchr",
     "STTY",
     "stuntest",
+    "tanstack",
     "tailbroker",
     "tailcfg",
     "tailexchange",
 
@@ -368,9 +368,15 @@ install: build/coder_$(VERSION)_$(GOOS)_$(GOARCH)$(GOOS_BIN_EXT)
 	cp "$<" "$$output_file"
 .PHONY: install
 
-fmt: fmt/prettier fmt/terraform fmt/shfmt
+fmt: fmt/prettier fmt/terraform fmt/shfmt fmt/go
 .PHONY: fmt
 
+fmt/go:
+	# VS Code users should check out
+	# https://github.com/mvdan/gofumpt#visual-studio-code
+	go run mvdan.cc/gofumpt@v0.4.0 -w -l .
+.PHONY: fmt/go
+
 fmt/prettier:
 	echo "--- prettier"
 	cd site
@@ -418,7 +424,7 @@ gen: \
 	provisionerd/proto/provisionerd.pb.go \
 	site/src/api/typesGenerated.ts \
 	docs/admin/prometheus.md \
-	docs/cli/coder.md \
+	docs/cli.md \
 	docs/admin/audit-logs.md \
 	coderd/apidoc/swagger.json \
 	.prettierignore.include \
@@ -438,7 +444,7 @@ gen/mark-fresh:
 		provisionerd/proto/provisionerd.pb.go \
 		site/src/api/typesGenerated.ts \
 		docs/admin/prometheus.md \
-		docs/cli/coder.md \
+		docs/cli.md \
 		docs/admin/audit-logs.md \
 		coderd/apidoc/swagger.json \
 		.prettierignore.include \
@@ -494,10 +500,11 @@ docs/admin/prometheus.md: scripts/metricsdocgen/main.go scripts/metricsdocgen/me
 	cd site
 	yarn run format:write:only ../docs/admin/prometheus.md
 
-docs/cli/coder.md: scripts/clidocgen/main.go $(GO_SRC_FILES) docs/manifest.json
-	BASE_PATH="." go run scripts/clidocgen/main.go
+docs/cli.md: scripts/clidocgen/main.go $(GO_SRC_FILES) docs/manifest.json
+	rm -rf ./docs/cli/*.md
+	BASE_PATH="." go run ./scripts/clidocgen
 	cd site
-	yarn run format:write:only ../docs/cli/*.md ../docs/manifest.json
+	yarn run format:write:only ../docs/cli.md ../docs/cli/*.md ../docs/manifest.json
 
 docs/admin/audit-logs.md: scripts/auditdocgen/main.go enterprise/audit/table.go
 	go run scripts/auditdocgen/main.go
 
@@ -156,7 +156,7 @@ func (a *agent) runLoop(ctx context.Context) {
 	go a.reportLifecycleLoop(ctx)
 
 	for retrier := retry.New(100*time.Millisecond, 10*time.Second); retrier.Wait(ctx); {
-		a.logger.Info(ctx, "running loop")
+		a.logger.Info(ctx, "connecting to coderd")
 		err := a.run(ctx)
 		// Cancel after the run is complete to clean up any leaked resources!
 		if err == nil {
@@ -169,7 +169,7 @@ func (a *agent) runLoop(ctx context.Context) {
 			return
 		}
 		if errors.Is(err, io.EOF) {
-			a.logger.Info(ctx, "likely disconnected from coder", slog.Error(err))
+			a.logger.Info(ctx, "disconnected from coderd")
 			continue
 		}
 		a.logger.Warn(ctx, "run exited with error", slog.Error(err))
@@ -197,7 +197,7 @@ func (a *agent) reportLifecycleLoop(ctx context.Context) {
 				break
 			}
 
-			a.logger.Debug(ctx, "post lifecycle state", slog.F("state", state))
+			a.logger.Debug(ctx, "reporting lifecycle state", slog.F("state", state))
 
 			err := a.client.PostLifecycle(ctx, agentsdk.PostLifecycleRequest{
 				State: state,
@@ -242,7 +242,7 @@ func (a *agent) run(ctx context.Context) error {
 	if err != nil {
 		return xerrors.Errorf("fetch metadata: %w", err)
 	}
-	a.logger.Info(ctx, "fetched metadata")
+	a.logger.Info(ctx, "fetched metadata", slog.F("metadata", metadata))
 
 	// Expand the directory and send it back to coderd so external
 	// applications that rely on the directory can use it.
@@ -330,13 +330,10 @@ func (a *agent) run(ctx context.Context) error {
 	go NewWorkspaceAppHealthReporter(
 		a.logger, metadata.Apps, a.client.PostAppHealth)(appReporterCtx)
 
-	a.logger.Debug(ctx, "running tailnet with derpmap", slog.F("derpmap", metadata.DERPMap))
-
 	a.closeMutex.Lock()
 	network := a.network
 	a.closeMutex.Unlock()
 	if network == nil {
-		a.logger.Debug(ctx, "creating tailnet")
 		network, err = a.createTailnet(ctx, metadata.DERPMap)
 		if err != nil {
 			return xerrors.Errorf("create tailnet: %w", err)
@@ -385,10 +382,9 @@ func (a *agent) run(ctx context.Context) error {
 		network.SetDERPMap(metadata.DERPMap)
 	}
 
-	a.logger.Debug(ctx, "running coordinator")
+	a.logger.Debug(ctx, "running tailnet connection coordinator")
 	err = a.runCoordinator(ctx, network)
 	if err != nil {
-		a.logger.Debug(ctx, "coordinator exited", slog.Error(err))
 		return xerrors.Errorf("run coordinator: %w", err)
 	}
 	return nil
@@ -474,7 +470,9 @@ func (a *agent) createTailnet(ctx context.Context, derpMap *tailcfg.DERPMap) (_
 		for {
 			conn, err := reconnectingPTYListener.Accept()
 			if err != nil {
-				logger.Debug(ctx, "accept pty failed", slog.Error(err))
+				if !a.isClosed() {
+					logger.Debug(ctx, "accept pty failed", slog.Error(err))
+				}
 				break
 			}
 			wg.Add(1)
@@ -529,7 +527,9 @@ func (a *agent) createTailnet(ctx context.Context, derpMap *tailcfg.DERPMap) (_
 		for {
 			conn, err := speedtestListener.Accept()
 			if err != nil {
-				a.logger.Debug(ctx, "speedtest listener failed", slog.Error(err))
+				if !a.isClosed() {
+					a.logger.Debug(ctx, "speedtest listener failed", slog.Error(err))
+				}
 				break
 			}
 			wg.Add(1)
@@ -600,8 +600,10 @@ func (a *agent) runCoordinator(ctx context.Context, network *tailnet.Conn) error
 		return err
 	}
 	defer coordinator.Close()
-	a.logger.Info(ctx, "connected to coordination server")
-	sendNodes, errChan := tailnet.ServeCoordinator(coordinator, network.UpdateNodes)
+	a.logger.Info(ctx, "connected to coordination endpoint")
+	sendNodes, errChan := tailnet.ServeCoordinator(coordinator, func(nodes []*tailnet.Node) error {
+		return network.UpdateNodes(nodes, false)
+	})
 	network.SetNodeCallback(sendNodes)
 	select {
 	case <-ctx.Done():
@@ -644,7 +646,6 @@ func (a *agent) runStartupScript(ctx context.Context, script string) error {
 }
 
 func (a *agent) init(ctx context.Context) {
-	a.logger.Info(ctx, "generating host key")
 	// Clients' should ignore the host key when connecting.
 	// The agent needs to authenticate with coderd to SSH,
 	// so SSH authentication doesn't improve security.
@@ -766,12 +767,12 @@ func (a *agent) init(ctx context.Context) {
 
 func convertAgentStats(counts map[netlogtype.Connection]netlogtype.Counts) *agentsdk.Stats {
 	stats := &agentsdk.Stats{
-		ConnsByProto: map[string]int64{},
-		NumConns:     int64(len(counts)),
+		ConnectionsByProto: map[string]int64{},
+		ConnectionCount:    int64(len(counts)),
 	}
 
 	for conn, count := range counts {
-		stats.ConnsByProto[conn.Proto.String()]++
+		stats.ConnectionsByProto[conn.Proto.String()]++
 		stats.RxPackets += int64(count.RxPackets)
 		stats.RxBytes += int64(count.RxBytes)
 		stats.TxPackets += int64(count.TxPackets)