coder
diff --git a/‎.github/workflows/release.yaml
Lines changed: 1 addition & 0 deletions b/‎.github/workflows/release.yaml
Lines changed: 1 addition & 0 deletions
diff --git a/‎cli/create_test.go
Lines changed: 1 addition & 32 deletions b/‎cli/create_test.go
Lines changed: 1 addition & 32 deletions
diff --git a/‎cli/server.go
Lines changed: 14 additions & 40 deletions b/‎cli/server.go
Lines changed: 14 additions & 40 deletions
diff --git a/‎coderd/apidoc/docs.go
Lines changed: 56 additions & 0 deletions b/‎coderd/apidoc/docs.go
Lines changed: 56 additions & 0 deletions
diff --git a/‎coderd/apidoc/swagger.json
Lines changed: 50 additions & 0 deletions b/‎coderd/apidoc/swagger.json
Lines changed: 50 additions & 0 deletions
diff --git a/‎coderd/audit/request.go
Lines changed: 7 additions & 4 deletions b/‎coderd/audit/request.go
Lines changed: 7 additions & 4 deletions
diff --git a/‎coderd/coderd.go
Lines changed: 2 additions & 5 deletions b/‎coderd/coderd.go
Lines changed: 2 additions & 5 deletions
@@ -302,6 +302,7 @@ jobs:
           helm repo index build/helm --url https://helm.coder.com/v2 --merge build/helm/index.yaml
           gsutil -h "Cache-Control:no-cache,max-age=0" cp build/helm/coder_helm_${version}.tgz gs://helm.coder.com/v2
           gsutil -h "Cache-Control:no-cache,max-age=0" cp build/helm/index.yaml gs://helm.coder.com/v2
+          gsutil -h "Cache-Control:no-cache,max-age=0" cp helm/artifacthub-repo.yml gs://helm.coder.com/v2
 
       - name: Upload artifacts to actions (if dry-run)
         if: ${{ inputs.dry_run }}
 
@@ -4,19 +4,16 @@ import (
 	"context"
 	"fmt"
 	"net/http"
-	"net/url"
 	"os"
 	"regexp"
 	"testing"
 	"time"
 
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
-	"golang.org/x/oauth2"
 
 	"github.com/coder/coder/cli/clitest"
 	"github.com/coder/coder/coderd/coderdtest"
-	"github.com/coder/coder/coderd/database"
 	"github.com/coder/coder/coderd/gitauth"
 	"github.com/coder/coder/codersdk"
 	"github.com/coder/coder/provisioner/echo"
@@ -768,7 +765,7 @@ func TestCreateWithGitAuth(t *testing.T) {
 
 	client := coderdtest.New(t, &coderdtest.Options{
 		GitAuthConfigs: []*gitauth.Config{{
-			OAuth2Config: &oauth2Config{},
+			OAuth2Config: &testutil.OAuth2Config{},
 			ID:           "github",
 			Regex:        regexp.MustCompile(`github\.com`),
 			Type:         codersdk.GitProviderGitHub,
@@ -836,31 +833,3 @@ func createTestParseResponseWithDefault(defaultValue string) []*proto.Parse_Resp
 		},
 	}}
 }
-
-type oauth2Config struct{}
-
-func (*oauth2Config) AuthCodeURL(state string, _ ...oauth2.AuthCodeOption) string {
-	return "/?state=" + url.QueryEscape(state)
-}
-
-func (*oauth2Config) Exchange(context.Context, string, ...oauth2.AuthCodeOption) (*oauth2.Token, error) {
-	return &oauth2.Token{
-		AccessToken:  "token",
-		RefreshToken: "refresh",
-		Expiry:       database.Now().Add(time.Hour),
-	}, nil
-}
-
-func (*oauth2Config) TokenSource(context.Context, *oauth2.Token) oauth2.TokenSource {
-	return &oauth2TokenSource{}
-}
-
-type oauth2TokenSource struct{}
-
-func (*oauth2TokenSource) Token() (*oauth2.Token, error) {
-	return &oauth2.Token{
-		AccessToken:  "token",
-		RefreshToken: "refresh",
-		Expiry:       database.Now().Add(time.Hour),
-	}, nil
-}
@@ -85,6 +85,7 @@ import (
 	"github.com/coder/coder/provisionersdk"
 	sdkproto "github.com/coder/coder/provisionersdk/proto"
 	"github.com/coder/coder/tailnet"
+	"github.com/coder/wgtunnel/tunnelsdk"
 )
 
 // ReadGitAuthProvidersFromEnv is provided for compatibility purposes with the
@@ -538,34 +539,25 @@ flags, and YAML configuration. The precedence is as follows:
 				return xerrors.Errorf("configure http client: %w", err)
 			}
 
-			var (
-				ctxTunnel, closeTunnel = context.WithCancel(ctx)
-				tunnel                 *devtunnel.Tunnel
-				tunnelErr              <-chan error
-			)
-			defer closeTunnel()
-
 			// If the access URL is empty, we attempt to run a reverse-proxy
 			// tunnel to make the initial setup really simple.
+			var (
+				tunnel     *tunnelsdk.Tunnel
+				tunnelDone <-chan struct{} = make(chan struct{}, 1)
+			)
 			if cfg.AccessURL.String() == "" {
 				cmd.Printf("Opening tunnel so workspaces can connect to your deployment. For production scenarios, specify an external access URL\n")
-				tunnel, tunnelErr, err = devtunnel.New(ctxTunnel, logger.Named("devtunnel"))
+				tunnel, err = devtunnel.New(ctx, logger.Named("devtunnel"), cfg.WgtunnelHost.String())
 				if err != nil {
 					return xerrors.Errorf("create tunnel: %w", err)
 				}
-				err = cfg.AccessURL.Set(tunnel.URL)
-				if err != nil {
-					return xerrors.Errorf("set access url: %w", err)
-				}
+				defer tunnel.Close()
+				tunnelDone = tunnel.Wait()
+				cfg.AccessURL = clibase.URL(*tunnel.URL)
 
 				if cfg.WildcardAccessURL.String() == "" {
-					u, err := parseURL(tunnel.URL)
-					if err != nil {
-						return xerrors.Errorf("parse tunnel url: %w", err)
-					}
-
 					// Suffixed wildcard access URL.
-					u, err = url.Parse(fmt.Sprintf("*--%s", u.Hostname()))
+					u, err := url.Parse(fmt.Sprintf("*--%s", tunnel.URL.Hostname()))
 					if err != nil {
 						return xerrors.Errorf("parse wildcard url: %w", err)
 					}
@@ -1090,10 +1082,8 @@ flags, and YAML configuration. The precedence is as follows:
 				_, _ = fmt.Fprintln(cmd.OutOrStdout(), cliui.Styles.Bold.Render(
 					"Interrupt caught, gracefully exiting. Use ctrl+\\ to force quit",
 				))
-			case exitErr = <-tunnelErr:
-				if exitErr == nil {
-					exitErr = xerrors.New("dev tunnel closed unexpectedly")
-				}
+			case <-tunnelDone:
+				exitErr = xerrors.New("dev tunnel closed unexpectedly")
 			case exitErr = <-errCh:
 			}
 			if exitErr != nil && !xerrors.Is(exitErr, context.Canceled) {
@@ -1162,8 +1152,8 @@ flags, and YAML configuration. The precedence is as follows:
 			// Close tunnel after we no longer have in-flight connections.
 			if tunnel != nil {
 				cmd.Println("Waiting for tunnel to close...")
-				closeTunnel()
-				<-tunnelErr
+				_ = tunnel.Close()
+				<-tunnel.Wait()
 				cmd.Println("Done waiting for tunnel")
 			}
 
@@ -1241,22 +1231,6 @@ flags, and YAML configuration. The precedence is as follows:
 	return root
 }
 
-// parseURL parses a string into a URL.
-func parseURL(u string) (*url.URL, error) {
-	hasScheme := strings.HasPrefix(u, "http:") || strings.HasPrefix(u, "https:")
-
-	if !hasScheme {
-		return nil, xerrors.Errorf("URL %q must have a scheme of either http or https", u)
-	}
-
-	parsed, err := url.Parse(u)
-	if err != nil {
-		return nil, err
-	}
-
-	return parsed, nil
-}
-
 // isLocalURL returns true if the hostname of the provided URL appears to
 // resolve to a loopback address.
 func isLocalURL(ctx context.Context, u *url.URL) (bool, error) {
 
@@ -154,9 +154,7 @@ func InitRequest[T Auditable](w http.ResponseWriter, p *RequestParams) (*Request
 		if ResourceID(req.Old) == uuid.Nil && ResourceID(req.New) == uuid.Nil {
 			// If the request action is a login or logout, we always want to audit it even if
 			// there is no diff. This is so we can capture events where an API Key is never created
-			// because an unknown user fails to login.
-			// TODO: introduce the concept of an anonymous user so we always have a userID even
-			// when dealing with a mystery user. https://github.com/coder/coder/issues/6054
+			// because a known user fails to login.
 			if req.params.Action != database.AuditActionLogin && req.params.Action != database.AuditActionLogout {
 				return
 			}
@@ -185,8 +183,13 @@ func InitRequest[T Auditable](w http.ResponseWriter, p *RequestParams) (*Request
 		key, ok := httpmw.APIKeyOptional(p.Request)
 		if ok {
 			userID = key.UserID
-		} else {
+		} else if req.UserID != uuid.Nil {
 			userID = req.UserID
+		} else {
+			// if we do not have a user associated with the audit action
+			// we do not want to audit
+			// (this pertains to logins; we don't want to capture non-user login attempts)
+			return
 		}
 
 		ip := parseIP(p.Request.RemoteAddr)
 
@@ -500,6 +500,7 @@ func New(options *Options) *API {
 				httpmw.ExtractTemplateVersionParam(options.Database),
 			)
 			r.Get("/", api.templateVersion)
+			r.Patch("/", api.patchTemplateVersion)
 			r.Patch("/cancel", api.patchCancelTemplateVersion)
 			r.Get("/schema", api.templateVersionSchema)
 			r.Get("/parameters", api.templateVersionParameters)
@@ -833,18 +834,14 @@ func (api *API) CreateInMemoryProvisionerDaemon(ctx context.Context, debounce ti
 
 	mux := drpcmux.New()
 
-	gitAuthProviders := make([]string, 0, len(api.GitAuthConfigs))
-	for _, cfg := range api.GitAuthConfigs {
-		gitAuthProviders = append(gitAuthProviders, cfg.ID)
-	}
 	err = proto.DRPCRegisterProvisionerDaemon(mux, &provisionerdserver.Server{
 		AccessURL:             api.AccessURL,
 		ID:                    daemon.ID,
 		OIDCConfig:            api.OIDCConfig,
 		Database:              api.Database,
 		Pubsub:                api.Pubsub,
 		Provisioners:          daemon.Provisioners,
-		GitAuthProviders:      gitAuthProviders,
+		GitAuthConfigs:        api.GitAuthConfigs,
 		Telemetry:             api.Telemetry,
 		Tags:                  tags,
 		QuotaCommitter:        &api.QuotaCommitter,