coder
diff --git a/‎.github/workflows/ci.yaml
Lines changed: 41 additions & 0 deletions b/‎.github/workflows/ci.yaml
Lines changed: 41 additions & 0 deletions
diff --git a/‎cli/ssh.go
Lines changed: 14 additions & 8 deletions b/‎cli/ssh.go
Lines changed: 14 additions & 8 deletions
diff --git a/‎cli/support.go
Lines changed: 13 additions & 2 deletions b/‎cli/support.go
Lines changed: 13 additions & 2 deletions
diff --git a/‎coderd/apidoc/docs.go
Lines changed: 22 additions & 3 deletions b/‎coderd/apidoc/docs.go
Lines changed: 22 additions & 3 deletions
diff --git a/‎coderd/apidoc/swagger.json
Lines changed: 14 additions & 3 deletions b/‎coderd/apidoc/swagger.json
Lines changed: 14 additions & 3 deletions
diff --git a/‎coderd/azureidentity/azureidentity_test.go
Lines changed: 6 additions & 0 deletions b/‎coderd/azureidentity/azureidentity_test.go
Lines changed: 6 additions & 0 deletions
diff --git a/‎coderd/database/db.go
Lines changed: 1 addition & 1 deletion b/‎coderd/database/db.go
Lines changed: 1 addition & 1 deletion
diff --git a/‎coderd/database/dbmem/dbmem.go
Lines changed: 0 additions & 4 deletions b/‎coderd/database/dbmem/dbmem.go
Lines changed: 0 additions & 4 deletions
diff --git a/‎coderd/database/dbmetrics/dbmetrics.go
Lines changed: 24 additions & 16 deletions b/‎coderd/database/dbmetrics/dbmetrics.go
Lines changed: 24 additions & 16 deletions
diff --git a/‎coderd/database/migrations/000196_external_auth_providers_jsonb.down.sql
Lines changed: 9 additions & 5 deletions b/‎coderd/database/migrations/000196_external_auth_providers_jsonb.down.sql
Lines changed: 9 additions & 5 deletions
@@ -640,6 +640,7 @@ jobs:
       - test-e2e
       - offlinedocs
       - sqlc-vet
+      - dependency-license-review
     # Allow this job to run even if the needed jobs fail, are skipped or
     # cancelled.
     if: always()
@@ -656,6 +657,7 @@ jobs:
           echo "- test-js: ${{ needs.test-js.result }}"
           echo "- test-e2e: ${{ needs.test-e2e.result }}"
           echo "- offlinedocs: ${{ needs.offlinedocs.result }}"
+          echo "- dependency-license-review: ${{ needs.dependency-license-review.result }}"
           echo
 
           # We allow skipped jobs to pass, but not failed or cancelled jobs.
@@ -896,3 +898,42 @@ jobs:
       - name: Setup and run sqlc vet
         run: |
           make sqlc-vet
+
+  # dependency-license-review checks that no license-incompatible dependencies have been introduced.
+  # This action is not intended to do a vulnerability check since that is handled by a separate action.
+  dependency-license-review:
+    runs-on: ubuntu-latest
+    if: github.ref != 'refs/heads/main'
+    steps:
+      - name: "Checkout Repository"
+        uses: actions/checkout@v4
+      - name: "Dependency Review"
+        id: review
+        uses: actions/dependency-review-action@v4
+        with:
+          allow-licenses: Apache-2.0, BSD-2-Clause, BSD-3-Clause, CC0-1.0, ISC, MIT, MIT-0, MPL-2.0
+          license-check: true
+          vulnerability-check: false
+      - name: "Report"
+        # make sure this step runs even if the previous failed
+        if: always()
+        shell: bash
+        env:
+          VULNERABLE_CHANGES: ${{ steps.review.outputs.invalid-license-changes }}
+        run: |
+          fields=( "unlicensed" "unresolved" "forbidden" )
+
+          # This is unfortunate that we have to do this but the action does not support failing on
+          # an unknown license. The unknown dependency could easily have a GPL license which
+          # would be problematic for us.
+          # Track https://github.com/actions/dependency-review-action/issues/672 for when
+          # we can remove this brittle workaround.
+          for field in "${fields[@]}"; do
+            # Use jq to check if the array is not empty
+            if [[ $(echo "$VULNERABLE_CHANGES" | jq ".${field} | length") -ne 0 ]]; then
+              echo "Invalid or unknown licenses detected, contact @sreya to ensure your added dependency falls under one of our allowed licenses."
+              echo "$VULNERABLE_CHANGES" | jq
+              exit 1
+            fi
+          done
+          echo "No incompatible licenses detected"
@@ -25,19 +25,18 @@ import (
 	"golang.org/x/xerrors"
 	"gvisor.dev/gvisor/pkg/tcpip/adapters/gonet"
 
-	"github.com/coder/retry"
-	"github.com/coder/serpent"
-
 	"cdr.dev/slog"
 	"cdr.dev/slog/sloggers/sloghuman"
-
 	"github.com/coder/coder/v2/cli/cliui"
 	"github.com/coder/coder/v2/cli/cliutil"
 	"github.com/coder/coder/v2/coderd/autobuild/notify"
 	"github.com/coder/coder/v2/coderd/util/ptr"
 	"github.com/coder/coder/v2/codersdk"
 	"github.com/coder/coder/v2/codersdk/workspacesdk"
 	"github.com/coder/coder/v2/cryptorand"
+	"github.com/coder/coder/v2/pty"
+	"github.com/coder/retry"
+	"github.com/coder/serpent"
 )
 
 var (
@@ -341,15 +340,22 @@ func (r *RootCmd) ssh() *serpent.Command {
 				}
 			}
 
-			stdoutFile, validOut := inv.Stdout.(*os.File)
 			stdinFile, validIn := inv.Stdin.(*os.File)
-			if validOut && validIn && isatty.IsTerminal(stdoutFile.Fd()) {
-				state, err := term.MakeRaw(int(stdinFile.Fd()))
+			stdoutFile, validOut := inv.Stdout.(*os.File)
+			if validIn && validOut && isatty.IsTerminal(stdinFile.Fd()) && isatty.IsTerminal(stdoutFile.Fd()) {
+				inState, err := pty.MakeInputRaw(stdinFile.Fd())
+				if err != nil {
+					return err
+				}
+				defer func() {
+					_ = pty.RestoreTerminal(stdinFile.Fd(), inState)
+				}()
+				outState, err := pty.MakeOutputRaw(stdoutFile.Fd())
 				if err != nil {
 					return err
 				}
 				defer func() {
-					_ = term.Restore(int(stdinFile.Fd()), state)
+					_ = pty.RestoreTerminal(stdoutFile.Fd(), outState)
 				}()
 
 				windowChange := listenWindowSize(ctx)
 
@@ -101,7 +101,7 @@ func (r *RootCmd) supportBundle() *serpent.Command {
 
 			// Check if we're running inside a workspace
 			if val, found := os.LookupEnv("CODER"); found && val == "true" {
-				_, _ = fmt.Fprintln(inv.Stderr, "Running inside Coder workspace; this can affect results!")
+				cliui.Warn(inv.Stderr, "Running inside Coder workspace; this can affect results!")
 				cliLog.Debug(inv.Context(), "running inside coder workspace")
 			}
 
@@ -122,7 +122,7 @@ func (r *RootCmd) supportBundle() *serpent.Command {
 
 			if len(inv.Args) == 0 {
 				cliLog.Warn(inv.Context(), "no workspace specified")
-				_, _ = fmt.Fprintln(inv.Stderr, "Warning: no workspace specified. This will result in incomplete information.")
+				cliui.Warn(inv.Stderr, "No workspace specified. This will result in incomplete information.")
 			} else {
 				ws, err := namedWorkspace(inv.Context(), client, inv.Args[0])
 				if err != nil {
@@ -184,13 +184,24 @@ func (r *RootCmd) supportBundle() *serpent.Command {
 				_ = os.Remove(outputPath) // best effort
 				return xerrors.Errorf("create support bundle: %w", err)
 			}
+			docsURL := bun.Deployment.Config.Values.DocsURL.String()
+			deployHealthSummary := bun.Deployment.HealthReport.Summarize(docsURL)
+			if len(deployHealthSummary) > 0 {
+				cliui.Warn(inv.Stdout, "Deployment health issues detected:", deployHealthSummary...)
+			}
+			clientNetcheckSummary := bun.Network.Netcheck.Summarize("Client netcheck:", docsURL)
+			if len(clientNetcheckSummary) > 0 {
+				cliui.Warn(inv.Stdout, "Networking issues detected:", deployHealthSummary...)
+			}
+
 			bun.CLILogs = cliLogBuf.Bytes()
 
 			if err := writeBundle(bun, zwr); err != nil {
 				_ = os.Remove(outputPath) // best effort
 				return xerrors.Errorf("write support bundle to %s: %w", outputPath, err)
 			}
 			_, _ = fmt.Fprintln(inv.Stderr, "Wrote support bundle to "+outputPath)
+
 			return nil
 		},
 	}
 
@@ -4,6 +4,7 @@ import (
 	"context"
 	"crypto/x509"
 	"encoding/pem"
+	"runtime"
 	"testing"
 	"time"
 
@@ -14,6 +15,11 @@ import (
 
 func TestValidate(t *testing.T) {
 	t.Parallel()
+	if runtime.GOOS == "darwin" {
+		// This test fails on MacOS for some reason. See https://github.com/coder/coder/issues/12978
+		t.Skip()
+	}
+
 	mustTime := func(layout string, value string) time.Time {
 		ti, err := time.Parse(layout, value)
 		require.NoError(t, err)
 
@@ -103,7 +103,7 @@ func (q *sqlQuerier) InTx(function func(Store) error, txOpts *sql.TxOptions) err
 				// Transaction succeeded.
 				return nil
 			}
-			if err != nil && !IsSerializedError(err) {
+			if !IsSerializedError(err) {
 				// We should only retry if the error is a serialization error.
 				return err
 			}
 
@@ -9089,7 +9089,6 @@ func (q *FakeQuerier) GetAuthorizedWorkspaces(ctx context.Context, arg database.
 				params = append(params, param)
 			}
 
-			var innerErr error
 			index := slices.IndexFunc(params, func(buildParam database.WorkspaceBuildParameter) bool {
 				// If hasParam matches, then we are done. This is a good match.
 				if slices.ContainsFunc(arg.HasParam, func(name string) bool {
@@ -9116,9 +9115,6 @@ func (q *FakeQuerier) GetAuthorizedWorkspaces(ctx context.Context, arg database.
 
 				return match
 			})
-			if innerErr != nil {
-				return nil, xerrors.Errorf("error searching workspace build params: %w", innerErr)
-			}
 			if index < 0 {
 				continue
 			}
 
@@ -11,11 +11,15 @@ CREATE OR REPLACE FUNCTION revert_migrate_external_auth_providers_to_jsonb(jsonb
 DECLARE
   result text[];
 BEGIN
-  SELECT
-    array_agg(id::text) INTO result
-  FROM (
-    SELECT
-      jsonb_array_elements($1) ->> 'id' AS id) AS external_auth_provider_ids;
+  IF jsonb_typeof($1) = 'null' THEN
+    result := '{}';
+  ELSE
+	  SELECT
+		  array_agg(id::text) INTO result
+	  FROM (
+		  SELECT
+		  jsonb_array_elements($1) ->> 'id' AS id) AS external_auth_provider_ids;
+  END IF;
   RETURN result;
 END;
 $$;
Original file line number	Diff line number	Diff line change
`@@ -103,7 +103,7 @@ func (q sqlQuerier) InTx(function func(Store) error, txOpts sql.TxOptions) err`
`103`	`103`	`// Transaction succeeded.`
`104`	`104`	`return nil`
`105`	`105`	`}`
`106`		`- if err != nil && !IsSerializedError(err) {`
	`106`	`+ if !IsSerializedError(err) {`
`107`	`107`	`// We should only retry if the error is a serialization error.`
`108`	`108`	`return err`
`109`	`109`	`}`