coder
diff --git a/‎.gitattributes
+1 b/‎.gitattributes
+1
diff --git a/‎.github/actions/setup-tf/action.yaml
+1-1 b/‎.github/actions/setup-tf/action.yaml
+1-1
diff --git a/‎.github/workflows/typos.toml
+2-1 b/‎.github/workflows/typos.toml
+2-1
diff --git a/‎agent/agent.go
+30-19 b/‎agent/agent.go
+30-19
diff --git a/‎agent/agent_test.go
+48 b/‎agent/agent_test.go
+48
diff --git a/‎agent/agentcontainers/containers.go
+76-9 b/‎agent/agentcontainers/containers.go
+76-9
diff --git a/‎agent/agentcontainers/containers_internal_test.go
+1-1 b/‎agent/agentcontainers/containers_internal_test.go
+1-1
@@ -1,6 +1,7 @@
 # Generated files
 agent/agentcontainers/acmock/acmock.go linguist-generated=true
 agent/agentcontainers/dcspec/dcspec_gen.go linguist-generated=true
+agent/agentcontainers/testdata/devcontainercli/*/*.log linguist-generated=true
 coderd/apidoc/docs.go linguist-generated=true
 docs/reference/api/*.md linguist-generated=true
 docs/reference/cli/*.md linguist-generated=true
 
@@ -7,5 +7,5 @@ runs:
     - name: Install Terraform
       uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2
       with:
-        terraform_version: 1.11.3
+        terraform_version: 1.11.4
         terraform_wrapper: false
@@ -42,5 +42,6 @@ extend-exclude = [
 	"site/src/pages/SetupPage/countries.tsx",
 	"provisioner/terraform/testdata/**",
 	# notifications' golden files confuse the detector because of quoted-printable encoding
-	"coderd/notifications/testdata/**"
+	"coderd/notifications/testdata/**",
+	"agent/agentcontainers/testdata/devcontainercli/**"
 ]
@@ -229,13 +229,21 @@ type agent struct {
 	// we track 2 contexts and associated cancel functions: "graceful" which is Done when it is time
 	// to start gracefully shutting down and "hard" which is Done when it is time to close
 	// everything down (regardless of whether graceful shutdown completed).
-	gracefulCtx       context.Context
-	gracefulCancel    context.CancelFunc
-	hardCtx           context.Context
-	hardCancel        context.CancelFunc
-	closeWaitGroup    sync.WaitGroup
+	gracefulCtx    context.Context
+	gracefulCancel context.CancelFunc
+	hardCtx        context.Context
+	hardCancel     context.CancelFunc
+
+	// closeMutex protects the following:
 	closeMutex        sync.Mutex
+	closeWaitGroup    sync.WaitGroup
 	coordDisconnected chan struct{}
+	closing           bool
+	// note that once the network is set to non-nil, it is never modified, as with the statsReporter. So, routines
+	// that run after createOrUpdateNetwork and check the networkOK checkpoint do not need to hold the lock to use them.
+	network       *tailnet.Conn
+	statsReporter *statsReporter
+	// end fields protected by closeMutex
 
 	environmentVariables map[string]string
 
@@ -259,9 +267,7 @@ type agent struct {
 	reportConnectionsMu     sync.Mutex
 	reportConnections       []*proto.ReportConnectionRequest
 
-	network       *tailnet.Conn
-	statsReporter *statsReporter
-	logSender     *agentsdk.LogSender
+	logSender *agentsdk.LogSender
 
 	prometheusRegistry *prometheus.Registry
 	// metrics are prometheus registered metrics that will be collected and
@@ -274,6 +280,8 @@ type agent struct {
 }
 
 func (a *agent) TailnetConn() *tailnet.Conn {
+	a.closeMutex.Lock()
+	defer a.closeMutex.Unlock()
 	return a.network
 }
 
@@ -1205,15 +1213,15 @@ func (a *agent) createOrUpdateNetwork(manifestOK, networkOK *checkpoint) func(co
 			}
 			a.closeMutex.Lock()
 			// Re-check if agent was closed while initializing the network.
-			closed := a.isClosed()
-			if !closed {
+			closing := a.closing
+			if !closing {
 				a.network = network
 				a.statsReporter = newStatsReporter(a.logger, network, a)
 			}
 			a.closeMutex.Unlock()
-			if closed {
+			if closing {
 				_ = network.Close()
-				return xerrors.New("agent is closed")
+				return xerrors.New("agent is closing")
 			}
 		} else {
 			// Update the wireguard IPs if the agent ID changed.
@@ -1328,8 +1336,8 @@ func (*agent) wireguardAddresses(agentID uuid.UUID) []netip.Prefix {
 func (a *agent) trackGoroutine(fn func()) error {
 	a.closeMutex.Lock()
 	defer a.closeMutex.Unlock()
-	if a.isClosed() {
-		return xerrors.New("track conn goroutine: agent is closed")
+	if a.closing {
+		return xerrors.New("track conn goroutine: agent is closing")
 	}
 	a.closeWaitGroup.Add(1)
 	go func() {
@@ -1547,7 +1555,7 @@ func (a *agent) runCoordinator(ctx context.Context, tClient tailnetproto.DRPCTai
 func (a *agent) setCoordDisconnected() chan struct{} {
 	a.closeMutex.Lock()
 	defer a.closeMutex.Unlock()
-	if a.isClosed() {
+	if a.closing {
 		return nil
 	}
 	disconnected := make(chan struct{})
@@ -1772,7 +1780,10 @@ func (a *agent) HTTPDebug() http.Handler {
 
 func (a *agent) Close() error {
 	a.closeMutex.Lock()
-	defer a.closeMutex.Unlock()
+	network := a.network
+	coordDisconnected := a.coordDisconnected
+	a.closing = true
+	a.closeMutex.Unlock()
 	if a.isClosed() {
 		return nil
 	}
@@ -1849,7 +1860,7 @@ lifecycleWaitLoop:
 	select {
 	case <-a.hardCtx.Done():
 		a.logger.Warn(context.Background(), "timed out waiting for Coordinator RPC disconnect")
-	case <-a.coordDisconnected:
+	case <-coordDisconnected:
 		a.logger.Debug(context.Background(), "coordinator RPC disconnected")
 	}
 
@@ -1860,8 +1871,8 @@ lifecycleWaitLoop:
 	}
 
 	a.hardCancel()
-	if a.network != nil {
-		_ = a.network.Close()
+	if network != nil {
+		_ = network.Close()
 	}
 	a.closeWaitGroup.Wait()
 
 
@@ -68,6 +68,54 @@ func TestMain(m *testing.M) {
 
 var sshPorts = []uint16{workspacesdk.AgentSSHPort, workspacesdk.AgentStandardSSHPort}
 
+// TestAgent_CloseWhileStarting is a regression test for https://github.com/coder/coder/issues/17328
+func TestAgent_ImmediateClose(t *testing.T) {
+	t.Parallel()
+
+	ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
+	defer cancel()
+
+	logger := slogtest.Make(t, &slogtest.Options{
+		// Agent can drop errors when shutting down, and some, like the
+		// fasthttplistener connection closed error, are unexported.
+		IgnoreErrors: true,
+	}).Leveled(slog.LevelDebug)
+	manifest := agentsdk.Manifest{
+		AgentID:       uuid.New(),
+		AgentName:     "test-agent",
+		WorkspaceName: "test-workspace",
+		WorkspaceID:   uuid.New(),
+	}
+
+	coordinator := tailnet.NewCoordinator(logger)
+	t.Cleanup(func() {
+		_ = coordinator.Close()
+	})
+	statsCh := make(chan *proto.Stats, 50)
+	fs := afero.NewMemMapFs()
+	client := agenttest.NewClient(t, logger.Named("agenttest"), manifest.AgentID, manifest, statsCh, coordinator)
+	t.Cleanup(client.Close)
+
+	options := agent.Options{
+		Client:                 client,
+		Filesystem:             fs,
+		Logger:                 logger.Named("agent"),
+		ReconnectingPTYTimeout: 0,
+		EnvironmentVariables:   map[string]string{},
+	}
+
+	agentUnderTest := agent.New(options)
+	t.Cleanup(func() {
+		_ = agentUnderTest.Close()
+	})
+
+	// wait until the agent has connected and is starting to find races in the startup code
+	_ = testutil.RequireRecvCtx(ctx, t, client.GetStartup())
+	t.Log("Closing Agent")
+	err := agentUnderTest.Close()
+	require.NoError(t, err)
+}
+
 // NOTE: These tests only work when your default shell is bash for some reason.
 
 func TestAgent_Stats_SSH(t *testing.T) {
 
@@ -9,6 +9,8 @@ import (
 
 	"golang.org/x/xerrors"
 
+	"github.com/go-chi/chi/v5"
+
 	"github.com/coder/coder/v2/coderd/httpapi"
 	"github.com/coder/coder/v2/codersdk"
 	"github.com/coder/quartz"
@@ -20,9 +22,10 @@ const (
 	getContainersTimeout              = 5 * time.Second
 )
 
-type devcontainersHandler struct {
+type Handler struct {
 	cacheDuration time.Duration
 	cl            Lister
+	dccli         DevcontainerCLI
 	clock         quartz.Clock
 
 	// lockCh protects the below fields. We use a channel instead of a mutex so we
@@ -32,20 +35,26 @@ type devcontainersHandler struct {
 	mtime      time.Time
 }
 
-// Option is a functional option for devcontainersHandler.
-type Option func(*devcontainersHandler)
+// Option is a functional option for Handler.
+type Option func(*Handler)
 
 // WithLister sets the agentcontainers.Lister implementation to use.
 // The default implementation uses the Docker CLI to list containers.
 func WithLister(cl Lister) Option {
-	return func(ch *devcontainersHandler) {
+	return func(ch *Handler) {
 		ch.cl = cl
 	}
 }
 
-// New returns a new devcontainersHandler with the given options applied.
-func New(options ...Option) http.Handler {
-	ch := &devcontainersHandler{
+func WithDevcontainerCLI(dccli DevcontainerCLI) Option {
+	return func(ch *Handler) {
+		ch.dccli = dccli
+	}
+}
+
+// New returns a new Handler with the given options applied.
+func New(options ...Option) *Handler {
+	ch := &Handler{
 		lockCh: make(chan struct{}, 1),
 	}
 	for _, opt := range options {
@@ -54,7 +63,7 @@ func New(options ...Option) http.Handler {
 	return ch
 }
 
-func (ch *devcontainersHandler) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
+func (ch *Handler) List(rw http.ResponseWriter, r *http.Request) {
 	select {
 	case <-r.Context().Done():
 		// Client went away.
@@ -80,7 +89,7 @@ func (ch *devcontainersHandler) ServeHTTP(rw http.ResponseWriter, r *http.Reques
 	}
 }
 
-func (ch *devcontainersHandler) getContainers(ctx context.Context) (codersdk.WorkspaceAgentListContainersResponse, error) {
+func (ch *Handler) getContainers(ctx context.Context) (codersdk.WorkspaceAgentListContainersResponse, error) {
 	select {
 	case <-ctx.Done():
 		return codersdk.WorkspaceAgentListContainersResponse{}, ctx.Err()
@@ -149,3 +158,61 @@ var _ Lister = NoopLister{}
 func (NoopLister) List(_ context.Context) (codersdk.WorkspaceAgentListContainersResponse, error) {
 	return codersdk.WorkspaceAgentListContainersResponse{}, nil
 }
+
+func (ch *Handler) Recreate(w http.ResponseWriter, r *http.Request) {
+	ctx := r.Context()
+	id := chi.URLParam(r, "id")
+
+	if id == "" {
+		httpapi.Write(ctx, w, http.StatusBadRequest, codersdk.Response{
+			Message: "Missing container ID or name",
+			Detail:  "Container ID or name is required to recreate a devcontainer.",
+		})
+		return
+	}
+
+	containers, err := ch.cl.List(ctx)
+	if err != nil {
+		httpapi.Write(ctx, w, http.StatusInternalServerError, codersdk.Response{
+			Message: "Could not list containers",
+			Detail:  err.Error(),
+		})
+		return
+	}
+
+	containerIdx := slices.IndexFunc(containers.Containers, func(c codersdk.WorkspaceAgentContainer) bool {
+		return c.Match(id)
+	})
+	if containerIdx == -1 {
+		httpapi.Write(ctx, w, http.StatusNotFound, codersdk.Response{
+			Message: "Container not found",
+			Detail:  "Container ID or name not found in the list of containers.",
+		})
+		return
+	}
+
+	container := containers.Containers[containerIdx]
+	workspaceFolder := container.Labels[DevcontainerLocalFolderLabel]
+	configPath := container.Labels[DevcontainerConfigFileLabel]
+
+	// Workspace folder is required to recreate a container, we don't verify
+	// the config path here because it's optional.
+	if workspaceFolder == "" {
+		httpapi.Write(ctx, w, http.StatusBadRequest, codersdk.Response{
+			Message: "Missing workspace folder label",
+			Detail:  "The workspace folder label is required to recreate a devcontainer.",
+		})
+		return
+	}
+
+	_, err = ch.dccli.Up(ctx, workspaceFolder, configPath, WithRemoveExistingContainer())
+	if err != nil {
+		httpapi.Write(ctx, w, http.StatusInternalServerError, codersdk.Response{
+			Message: "Could not recreate devcontainer",
+			Detail:  err.Error(),
+		})
+		return
+	}
+
+	w.WriteHeader(http.StatusNoContent)
+}
@@ -277,7 +277,7 @@ func TestContainersHandler(t *testing.T) {
 					ctrl       = gomock.NewController(t)
 					mockLister = acmock.NewMockLister(ctrl)
 					now        = time.Now().UTC()
-					ch         = devcontainersHandler{
+					ch         = Handler{
 						cacheDuration: tc.cacheDur,
 						cl:            mockLister,
 						clock:         clk,
Original file line number	Diff line number	Diff line change
`@@ -42,5 +42,6 @@ extend-exclude = [`
`42`	`42`	`"site/src/pages/SetupPage/countries.tsx",`
`43`	`43`	`"provisioner/terraform/testdata/**",`
`44`	`44`	`# notifications' golden files confuse the detector because of quoted-printable encoding`
`45`		`- "coderd/notifications/testdata/**"`
	`45`	`+ "coderd/notifications/testdata/**",`
	`46`	`+ "agent/agentcontainers/testdata/devcontainercli/**"`
`46`	`47`	`]`