coder
diff --git a/‎.github/workflows/pr-auto-assign.yaml
+16 b/‎.github/workflows/pr-auto-assign.yaml
+16
diff --git a/‎Makefile
+3-3 b/‎Makefile
+3-3
diff --git a/‎agent/agent.go
+18-17 b/‎agent/agent.go
+18-17
diff --git a/‎agent/agent_test.go
+14-5 b/‎agent/agent_test.go
+14-5
diff --git a/‎cli/cliui/gitauth.go
+72 b/‎cli/cliui/gitauth.go
+72
diff --git a/‎cli/cliui/gitauth_test.go
+55 b/‎cli/cliui/gitauth_test.go
+55
diff --git a/‎cli/create.go
+10 b/‎cli/create.go
+10
@@ -0,0 +1,16 @@
+# Filtering pull requests is much easier when we can reliably guarantee
+# that the "Assignee" field is populated.
+name: PR Auto Assign
+
+on:
+  pull_request_target:
+    types: [opened]
+
+permissions:
+  pull-requests: write
+
+jobs:
+  assign-author:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: toshimaru/auto-author-assign@v1.6.2
@@ -424,7 +424,7 @@ gen: \
 	provisionerd/proto/provisionerd.pb.go \
 	site/src/api/typesGenerated.ts \
 	docs/admin/prometheus.md \
-	docs/cli/coder.md \
+	docs/cli.md \
 	docs/admin/audit-logs.md \
 	coderd/apidoc/swagger.json \
 	.prettierignore.include \
@@ -444,7 +444,7 @@ gen/mark-fresh:
 		provisionerd/proto/provisionerd.pb.go \
 		site/src/api/typesGenerated.ts \
 		docs/admin/prometheus.md \
-		docs/cli/coder.md \
+		docs/cli.md \
 		docs/admin/audit-logs.md \
 		coderd/apidoc/swagger.json \
 		.prettierignore.include \
@@ -500,7 +500,7 @@ docs/admin/prometheus.md: scripts/metricsdocgen/main.go scripts/metricsdocgen/me
 	cd site
 	yarn run format:write:only ../docs/admin/prometheus.md
 
-docs/cli/coder.md: scripts/clidocgen/main.go $(GO_SRC_FILES) docs/manifest.json
+docs/cli.md: scripts/clidocgen/main.go $(GO_SRC_FILES) docs/manifest.json
 	rm -rf ./docs/cli/*.md
 	BASE_PATH="." go run ./scripts/clidocgen
 	cd site
 
@@ -156,7 +156,7 @@ func (a *agent) runLoop(ctx context.Context) {
 	go a.reportLifecycleLoop(ctx)
 
 	for retrier := retry.New(100*time.Millisecond, 10*time.Second); retrier.Wait(ctx); {
-		a.logger.Info(ctx, "running loop")
+		a.logger.Info(ctx, "connecting to coderd")
 		err := a.run(ctx)
 		// Cancel after the run is complete to clean up any leaked resources!
 		if err == nil {
@@ -169,7 +169,7 @@ func (a *agent) runLoop(ctx context.Context) {
 			return
 		}
 		if errors.Is(err, io.EOF) {
-			a.logger.Info(ctx, "likely disconnected from coder", slog.Error(err))
+			a.logger.Info(ctx, "disconnected from coderd")
 			continue
 		}
 		a.logger.Warn(ctx, "run exited with error", slog.Error(err))
@@ -197,7 +197,7 @@ func (a *agent) reportLifecycleLoop(ctx context.Context) {
 				break
 			}
 
-			a.logger.Debug(ctx, "post lifecycle state", slog.F("state", state))
+			a.logger.Debug(ctx, "reporting lifecycle state", slog.F("state", state))
 
 			err := a.client.PostLifecycle(ctx, agentsdk.PostLifecycleRequest{
 				State: state,
@@ -242,7 +242,7 @@ func (a *agent) run(ctx context.Context) error {
 	if err != nil {
 		return xerrors.Errorf("fetch metadata: %w", err)
 	}
-	a.logger.Info(ctx, "fetched metadata")
+	a.logger.Info(ctx, "fetched metadata", slog.F("metadata", metadata))
 
 	// Expand the directory and send it back to coderd so external
 	// applications that rely on the directory can use it.
@@ -330,13 +330,10 @@ func (a *agent) run(ctx context.Context) error {
 	go NewWorkspaceAppHealthReporter(
 		a.logger, metadata.Apps, a.client.PostAppHealth)(appReporterCtx)
 
-	a.logger.Debug(ctx, "running tailnet with derpmap", slog.F("derpmap", metadata.DERPMap))
-
 	a.closeMutex.Lock()
 	network := a.network
 	a.closeMutex.Unlock()
 	if network == nil {
-		a.logger.Debug(ctx, "creating tailnet")
 		network, err = a.createTailnet(ctx, metadata.DERPMap)
 		if err != nil {
 			return xerrors.Errorf("create tailnet: %w", err)
@@ -385,10 +382,9 @@ func (a *agent) run(ctx context.Context) error {
 		network.SetDERPMap(metadata.DERPMap)
 	}
 
-	a.logger.Debug(ctx, "running coordinator")
+	a.logger.Debug(ctx, "running tailnet connection coordinator")
 	err = a.runCoordinator(ctx, network)
 	if err != nil {
-		a.logger.Debug(ctx, "coordinator exited", slog.Error(err))
 		return xerrors.Errorf("run coordinator: %w", err)
 	}
 	return nil
@@ -474,7 +470,9 @@ func (a *agent) createTailnet(ctx context.Context, derpMap *tailcfg.DERPMap) (_
 		for {
 			conn, err := reconnectingPTYListener.Accept()
 			if err != nil {
-				logger.Debug(ctx, "accept pty failed", slog.Error(err))
+				if !a.isClosed() {
+					logger.Debug(ctx, "accept pty failed", slog.Error(err))
+				}
 				break
 			}
 			wg.Add(1)
@@ -529,7 +527,9 @@ func (a *agent) createTailnet(ctx context.Context, derpMap *tailcfg.DERPMap) (_
 		for {
 			conn, err := speedtestListener.Accept()
 			if err != nil {
-				a.logger.Debug(ctx, "speedtest listener failed", slog.Error(err))
+				if !a.isClosed() {
+					a.logger.Debug(ctx, "speedtest listener failed", slog.Error(err))
+				}
 				break
 			}
 			wg.Add(1)
@@ -600,8 +600,10 @@ func (a *agent) runCoordinator(ctx context.Context, network *tailnet.Conn) error
 		return err
 	}
 	defer coordinator.Close()
-	a.logger.Info(ctx, "connected to coordination server")
-	sendNodes, errChan := tailnet.ServeCoordinator(coordinator, network.UpdateNodes)
+	a.logger.Info(ctx, "connected to coordination endpoint")
+	sendNodes, errChan := tailnet.ServeCoordinator(coordinator, func(nodes []*tailnet.Node) error {
+		return network.UpdateNodes(nodes, false)
+	})
 	network.SetNodeCallback(sendNodes)
 	select {
 	case <-ctx.Done():
@@ -644,7 +646,6 @@ func (a *agent) runStartupScript(ctx context.Context, script string) error {
 }
 
 func (a *agent) init(ctx context.Context) {
-	a.logger.Info(ctx, "generating host key")
 	// Clients' should ignore the host key when connecting.
 	// The agent needs to authenticate with coderd to SSH,
 	// so SSH authentication doesn't improve security.
@@ -766,12 +767,12 @@ func (a *agent) init(ctx context.Context) {
 
 func convertAgentStats(counts map[netlogtype.Connection]netlogtype.Counts) *agentsdk.Stats {
 	stats := &agentsdk.Stats{
-		ConnsByProto: map[string]int64{},
-		NumConns:     int64(len(counts)),
+		ConnectionsByProto: map[string]int64{},
+		ConnectionCount:    int64(len(counts)),
 	}
 
 	for conn, count := range counts {
-		stats.ConnsByProto[conn.Proto.String()]++
+		stats.ConnectionsByProto[conn.Proto.String()]++
 		stats.RxPackets += int64(count.RxPackets)
 		stats.RxBytes += int64(count.RxBytes)
 		stats.TxPackets += int64(count.TxPackets)
 
@@ -73,7 +73,7 @@ func TestAgent_Stats_SSH(t *testing.T) {
 	require.Eventuallyf(t, func() bool {
 		var ok bool
 		s, ok = <-stats
-		return ok && s.NumConns > 0 && s.RxBytes > 0 && s.TxBytes > 0
+		return ok && s.ConnectionCount > 0 && s.RxBytes > 0 && s.TxBytes > 0
 	}, testutil.WaitLong, testutil.IntervalFast,
 		"never saw stats: %+v", s,
 	)
@@ -102,7 +102,7 @@ func TestAgent_Stats_ReconnectingPTY(t *testing.T) {
 	require.Eventuallyf(t, func() bool {
 		var ok bool
 		s, ok = <-stats
-		return ok && s.NumConns > 0 && s.RxBytes > 0 && s.TxBytes > 0
+		return ok && s.ConnectionCount > 0 && s.RxBytes > 0 && s.TxBytes > 0
 	}, testutil.WaitLong, testutil.IntervalFast,
 		"never saw stats: %+v", s,
 	)
@@ -1179,12 +1179,21 @@ func setupAgent(t *testing.T, metadata agentsdk.Metadata, ptyTimeout time.Durati
 		coordinator.ServeClient(serverConn, uuid.New(), agentID)
 	}()
 	sendNode, _ := tailnet.ServeCoordinator(clientConn, func(node []*tailnet.Node) error {
-		return conn.UpdateNodes(node)
+		return conn.UpdateNodes(node, false)
 	})
 	conn.SetNodeCallback(sendNode)
-	return &codersdk.WorkspaceAgentConn{
+	agentConn := &codersdk.WorkspaceAgentConn{
 		Conn: conn,
-	}, c, statsCh, fs
+	}
+	t.Cleanup(func() {
+		_ = agentConn.Close()
+	})
+	ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitMedium)
+	defer cancel()
+	if !agentConn.AwaitReachable(ctx) {
+		t.Fatal("agent not reachable")
+	}
+	return agentConn, c, statsCh, fs
 }
 
 var dialTestPayload = []byte("dean-was-here123")
 
@@ -0,0 +1,72 @@
+package cliui
+
+import (
+	"context"
+	"fmt"
+	"io"
+	"time"
+
+	"github.com/briandowns/spinner"
+
+	"github.com/coder/coder/codersdk"
+)
+
+type GitAuthOptions struct {
+	Fetch         func(context.Context) ([]codersdk.TemplateVersionGitAuth, error)
+	FetchInterval time.Duration
+}
+
+func GitAuth(ctx context.Context, writer io.Writer, opts GitAuthOptions) error {
+	if opts.FetchInterval == 0 {
+		opts.FetchInterval = 500 * time.Millisecond
+	}
+	gitAuth, err := opts.Fetch(ctx)
+	if err != nil {
+		return err
+	}
+
+	spin := spinner.New(spinner.CharSets[78], 100*time.Millisecond, spinner.WithColor("fgHiGreen"))
+	spin.Writer = writer
+	spin.ForceOutput = true
+	spin.Suffix = " Waiting for Git authentication..."
+	defer spin.Stop()
+
+	ticker := time.NewTicker(opts.FetchInterval)
+	defer ticker.Stop()
+	for _, auth := range gitAuth {
+		if auth.Authenticated {
+			return nil
+		}
+
+		_, _ = fmt.Fprintf(writer, "You must authenticate with %s to create a workspace with this template. Visit:\n\n\t%s\n\n", auth.Type.Pretty(), auth.AuthenticateURL)
+
+		ticker.Reset(opts.FetchInterval)
+		spin.Start()
+		for {
+			select {
+			case <-ctx.Done():
+				return ctx.Err()
+			case <-ticker.C:
+			}
+			gitAuth, err := opts.Fetch(ctx)
+			if err != nil {
+				return err
+			}
+			var authed bool
+			for _, a := range gitAuth {
+				if !a.Authenticated || a.ID != auth.ID {
+					continue
+				}
+				authed = true
+				break
+			}
+			// The user authenticated with the provider!
+			if authed {
+				break
+			}
+		}
+		spin.Stop()
+		_, _ = fmt.Fprintf(writer, "Successfully authenticated with %s!\n\n", auth.Type.Pretty())
+	}
+	return nil
+}
@@ -0,0 +1,55 @@
+package cliui_test
+
+import (
+	"context"
+	"net/url"
+	"sync/atomic"
+	"testing"
+	"time"
+
+	"github.com/spf13/cobra"
+	"github.com/stretchr/testify/assert"
+
+	"github.com/coder/coder/cli/cliui"
+	"github.com/coder/coder/codersdk"
+	"github.com/coder/coder/pty/ptytest"
+	"github.com/coder/coder/testutil"
+)
+
+func TestGitAuth(t *testing.T) {
+	t.Parallel()
+
+	ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitShort)
+	defer cancel()
+
+	ptty := ptytest.New(t)
+	cmd := &cobra.Command{
+		RunE: func(cmd *cobra.Command, args []string) error {
+			var fetched atomic.Bool
+			return cliui.GitAuth(cmd.Context(), cmd.OutOrStdout(), cliui.GitAuthOptions{
+				Fetch: func(ctx context.Context) ([]codersdk.TemplateVersionGitAuth, error) {
+					defer fetched.Store(true)
+					return []codersdk.TemplateVersionGitAuth{{
+						ID:              "github",
+						Type:            codersdk.GitProviderGitHub,
+						Authenticated:   fetched.Load(),
+						AuthenticateURL: "https://example.com/gitauth/github?redirect=" + url.QueryEscape("/gitauth?notify"),
+					}}, nil
+				},
+				FetchInterval: time.Millisecond,
+			})
+		},
+	}
+	cmd.SetOutput(ptty.Output())
+	cmd.SetIn(ptty.Input())
+	done := make(chan struct{})
+	go func() {
+		defer close(done)
+		err := cmd.Execute()
+		assert.NoError(t, err)
+	}()
+	ptty.ExpectMatchContext(ctx, "You must authenticate with")
+	ptty.ExpectMatchContext(ctx, "https://example.com/gitauth/github")
+	ptty.ExpectMatchContext(ctx, "Successfully authenticated with GitHub")
+	<-done
+}
@@ -1,6 +1,7 @@
 package cli
 
 import (
+	"context"
 	"fmt"
 	"io"
 	"time"
@@ -324,6 +325,15 @@ PromptRichParamLoop:
 		_, _ = fmt.Fprintln(cmd.OutOrStdout())
 	}
 
+	err = cliui.GitAuth(ctx, cmd.OutOrStdout(), cliui.GitAuthOptions{
+		Fetch: func(ctx context.Context) ([]codersdk.TemplateVersionGitAuth, error) {
+			return client.TemplateVersionGitAuth(ctx, templateVersion.ID)
+		},
+	})
+	if err != nil {
+		return nil, xerrors.Errorf("template version git auth: %w", err)
+	}
+
 	// Run a dry-run with the given parameters to check correctness
 	dryRun, err := client.CreateTemplateVersionDryRun(cmd.Context(), templateVersion.ID, codersdk.CreateTemplateVersionDryRunRequest{
 		WorkspaceName:       args.NewWorkspaceName,