coder
diff --git a/‎.github/workflows/coder.yaml
Lines changed: 4 additions & 26 deletions b/‎.github/workflows/coder.yaml
Lines changed: 4 additions & 26 deletions
diff --git a/‎.gitignore
Lines changed: 2 additions & 0 deletions b/‎.gitignore
Lines changed: 2 additions & 0 deletions
diff --git a/‎Makefile
Lines changed: 18 additions & 8 deletions b/‎Makefile
Lines changed: 18 additions & 8 deletions
diff --git a/‎agent/agent.go
Lines changed: 39 additions & 9 deletions b/‎agent/agent.go
Lines changed: 39 additions & 9 deletions
diff --git a/‎agent/agent_test.go
Lines changed: 15 additions & 0 deletions b/‎agent/agent_test.go
Lines changed: 15 additions & 0 deletions
diff --git a/‎agent/reaper/reaper.go
Lines changed: 28 additions & 0 deletions b/‎agent/reaper/reaper.go
Lines changed: 28 additions & 0 deletions
diff --git a/‎agent/reaper/reaper_stub.go
Lines changed: 1 addition & 8 deletions b/‎agent/reaper/reaper_stub.go
Lines changed: 1 addition & 8 deletions
diff --git a/‎agent/reaper/reaper_test.go
Lines changed: 5 additions & 6 deletions b/‎agent/reaper/reaper_test.go
Lines changed: 5 additions & 6 deletions
@@ -197,7 +197,7 @@ jobs:
 
       - uses: hashicorp/setup-terraform@v2
         with:
-          terraform_version: 1.1.2
+          terraform_version: 1.1.9
           terraform_wrapper: false
 
       - name: Test with Mock Database
@@ -264,33 +264,11 @@ jobs:
 
       - uses: hashicorp/setup-terraform@v2
         with:
-          terraform_version: 1.1.2
+          terraform_version: 1.1.9
           terraform_wrapper: false
 
-      - name: Start PostgreSQL Database
-        env:
-          POSTGRES_PASSWORD: postgres
-          POSTGRES_USER: postgres
-          POSTGRES_DB: postgres
-          PGDATA: /tmp
-        run: |
-          docker run \
-            -e POSTGRES_PASSWORD=postgres \
-            -e POSTGRES_USER=postgres \
-            -e POSTGRES_DB=postgres \
-            -e PGDATA=/tmp \
-            -p 5432:5432 \
-            -d postgres:11 \
-            -c shared_buffers=1GB \
-            -c max_connections=1000
-          while ! pg_isready -h 127.0.0.1
-          do
-              echo "$(date) - waiting for database to start"
-              sleep 0.5
-          done
-
       - name: Test with PostgreSQL Database
-        run: "make test-postgres"
+        run: make test-postgres
 
       - name: Upload DataDog Trace
         if: always() && github.actor != 'dependabot[bot]' && !github.event.pull_request.head.repo.fork
@@ -494,7 +472,7 @@ jobs:
 
       - uses: hashicorp/setup-terraform@v2
         with:
-          terraform_version: 1.1.2
+          terraform_version: 1.1.9
           terraform_wrapper: false
 
       - uses: actions/setup-node@v3
 
@@ -13,6 +13,7 @@ node_modules
 vendor
 .eslintcache
 yarn-error.log
+gotests.coverage
 .idea
 .DS_Store
 
@@ -39,3 +40,4 @@ site/out/
 
 .vscode/*.log
 **/*.swp
+.coderv2/*
@@ -20,7 +20,9 @@ bin: $(shell find . -not -path './vendor/*' -type f -name '*.go') go.mod go.sum
 
 	mkdir -p ./dist
 	rm -rf ./dist/coder-slim_*
+	rm -f ./site/out/bin/coder*
 	./scripts/build_go_slim.sh \
+		--compress 6 \
 		--version "$(VERSION)" \
 		--output ./dist/ \
 		linux:amd64,armv7,arm64 \
@@ -31,6 +33,7 @@ bin: $(shell find . -not -path './vendor/*' -type f -name '*.go') go.mod go.sum
 build: site/out/index.html $(shell find . -not -path './vendor/*' -type f -name '*.go') go.mod go.sum $(shell find ./examples/templates)
 	rm -rf ./dist
 	mkdir -p ./dist
+	rm -f ./site/out/bin/coder*
 
 	# build slim artifacts and copy them to the site output directory
 	./scripts/build_go_slim.sh \
@@ -57,11 +60,12 @@ coderd/database/dump.sql: $(wildcard coderd/database/migrations/*.sql)
 	go run coderd/database/dump/main.go
 
 # Generates Go code for querying the database.
-coderd/database/querier.go: coderd/database/dump.sql $(wildcard coderd/database/queries/*.sql)
+coderd/database/querier.go: coderd/database/sqlc.yaml coderd/database/dump.sql $(wildcard coderd/database/queries/*.sql)
 	coderd/database/generate.sh
 
+# This target is deprecated, as GNU make has issues passing signals to subprocesses.
 dev:
-	./scripts/develop.sh
+	@echo Please run ./scripts/develop.sh manually.
 .PHONY: dev
 
 fmt/prettier:
@@ -167,14 +171,15 @@ test: test-clean
 	gotestsum -- -v -short ./...
 .PHONY: test
 
-test-postgres: test-clean
-	DB=ci gotestsum --junitfile="gotests.xml" --packages="./..." -- \
-          -covermode=atomic -coverprofile="gotests.coverage" -timeout=30m \
-          -coverpkg=./...,github.com/coder/coder/codersdk \
-          -count=1 -race -failfast
+test-postgres: test-clean test-postgres-docker
+	DB=ci DB_FROM=$(shell go run scripts/migrate-ci/main.go) gotestsum --junitfile="gotests.xml" --packages="./..." -- \
+		-covermode=atomic -coverprofile="gotests.coverage" -timeout=30m \
+		-coverpkg=./...,github.com/coder/coder/codersdk \
+		-count=2 -race -failfast
 .PHONY: test-postgres
 
 test-postgres-docker:
+	docker rm -f test-postgres-docker || true
 	docker run \
 		--env POSTGRES_PASSWORD=postgres \
 		--env POSTGRES_USER=postgres \
@@ -185,12 +190,17 @@ test-postgres-docker:
 		--name test-postgres-docker \
 		--restart no \
 		--detach \
-		postgres:11 \
+		postgres:13 \
 		-c shared_buffers=1GB \
 		-c max_connections=1000 \
 		-c fsync=off \
 		-c synchronous_commit=off \
 		-c full_page_writes=off
+	while ! pg_isready -h 127.0.0.1
+	do
+		echo "$(date) - waiting for database to start"
+		sleep 0.5
+	done
 .PHONY: test-postgres-docker
 
 test-clean:
 
@@ -27,10 +27,13 @@ import (
 	"go.uber.org/atomic"
 	gossh "golang.org/x/crypto/ssh"
 	"golang.org/x/xerrors"
+	"inet.af/netaddr"
+	"tailscale.com/types/key"
 
 	"cdr.dev/slog"
 	"github.com/coder/coder/agent/usershell"
 	"github.com/coder/coder/peer"
+	"github.com/coder/coder/peer/peerwg"
 	"github.com/coder/coder/peerbroker"
 	"github.com/coder/coder/pty"
 	"github.com/coder/retry"
@@ -43,20 +46,31 @@ const (
 )
 
 type Options struct {
+	EnableWireguard        bool
+	UploadWireguardKeys    UploadWireguardKeys
+	ListenWireguardPeers   ListenWireguardPeers
 	ReconnectingPTYTimeout time.Duration
 	EnvironmentVariables   map[string]string
 	Logger                 slog.Logger
 }
 
 type Metadata struct {
-	OwnerEmail           string            `json:"owner_email"`
-	OwnerUsername        string            `json:"owner_username"`
-	EnvironmentVariables map[string]string `json:"environment_variables"`
-	StartupScript        string            `json:"startup_script"`
-	Directory            string            `json:"directory"`
+	WireguardAddresses   []netaddr.IPPrefix `json:"addresses"`
+	OwnerEmail           string             `json:"owner_email"`
+	OwnerUsername        string             `json:"owner_username"`
+	EnvironmentVariables map[string]string  `json:"environment_variables"`
+	StartupScript        string             `json:"startup_script"`
+	Directory            string             `json:"directory"`
+}
+
+type WireguardPublicKeys struct {
+	Public key.NodePublic  `json:"public"`
+	Disco  key.DiscoPublic `json:"disco"`
 }
 
 type Dialer func(ctx context.Context, logger slog.Logger) (Metadata, *peerbroker.Listener, error)
+type UploadWireguardKeys func(ctx context.Context, keys WireguardPublicKeys) error
+type ListenWireguardPeers func(ctx context.Context, logger slog.Logger) (<-chan peerwg.Handshake, func(), error)
 
 func New(dialer Dialer, options *Options) io.Closer {
 	if options == nil {
@@ -73,6 +87,9 @@ func New(dialer Dialer, options *Options) io.Closer {
 		closeCancel:            cancelFunc,
 		closed:                 make(chan struct{}),
 		envVars:                options.EnvironmentVariables,
+		enableWireguard:        options.EnableWireguard,
+		postKeys:               options.UploadWireguardKeys,
+		listenWireguardPeers:   options.ListenWireguardPeers,
 	}
 	server.init(ctx)
 	return server
@@ -95,6 +112,11 @@ type agent struct {
 	metadata      atomic.Value
 	startupScript atomic.Bool
 	sshServer     *ssh.Server
+
+	enableWireguard      bool
+	network              *peerwg.Network
+	postKeys             UploadWireguardKeys
+	listenWireguardPeers ListenWireguardPeers
 }
 
 func (a *agent) run(ctx context.Context) {
@@ -138,6 +160,13 @@ func (a *agent) run(ctx context.Context) {
 		}()
 	}
 
+	if a.enableWireguard {
+		err = a.startWireguard(ctx, metadata.WireguardAddresses)
+		if err != nil {
+			a.logger.Error(ctx, "start wireguard", slog.Error(err))
+		}
+	}
+
 	for {
 		conn, err := peerListener.Accept()
 		if err != nil {
@@ -366,17 +395,17 @@ func (a *agent) createCommand(ctx context.Context, rawCommand string, env []stri
 
 	// Load environment variables passed via the agent.
 	// These should override all variables we manually specify.
-	for key, value := range metadata.EnvironmentVariables {
+	for envKey, value := range metadata.EnvironmentVariables {
 		// Expanding environment variables allows for customization
 		// of the $PATH, among other variables. Customers can prepand
 		// or append to the $PATH, so allowing expand is required!
-		cmd.Env = append(cmd.Env, fmt.Sprintf("%s=%s", key, os.ExpandEnv(value)))
+		cmd.Env = append(cmd.Env, fmt.Sprintf("%s=%s", envKey, os.ExpandEnv(value)))
 	}
 
 	// Agent-level environment variables should take over all!
 	// This is used for setting agent-specific variables like "CODER_AGENT_TOKEN".
-	for key, value := range a.envVars {
-		cmd.Env = append(cmd.Env, fmt.Sprintf("%s=%s", key, value))
+	for envKey, value := range a.envVars {
+		cmd.Env = append(cmd.Env, fmt.Sprintf("%s=%s", envKey, value))
 	}
 
 	return cmd, nil
@@ -438,6 +467,7 @@ func (a *agent) handleSSHSession(session ssh.Session) error {
 	}
 	go func() {
 		_, _ = io.Copy(stdinPipe, session)
+		_ = stdinPipe.Close()
 	}()
 	err = cmd.Start()
 	if err != nil {
 
@@ -16,6 +16,7 @@ import (
 	"testing"
 	"time"
 
+	scp "github.com/bramvdbogaerde/go-scp"
 	"github.com/google/uuid"
 	"github.com/pion/udp"
 	"github.com/pion/webrtc/v3"
@@ -149,6 +150,20 @@ func TestAgent(t *testing.T) {
 		require.NoError(t, err)
 	})
 
+	t.Run("SCP", func(t *testing.T) {
+		t.Parallel()
+		sshClient, err := setupAgent(t, agent.Metadata{}, 0).SSHClient()
+		require.NoError(t, err)
+		scpClient, err := scp.NewClientBySSH(sshClient)
+		require.NoError(t, err)
+		tempFile := filepath.Join(t.TempDir(), "scp")
+		content := "hello world"
+		err = scpClient.CopyFile(context.Background(), strings.NewReader(content), tempFile, "0755")
+		require.NoError(t, err)
+		_, err = os.Stat(tempFile)
+		require.NoError(t, err)
+	})
+
 	t.Run("EnvironmentVariables", func(t *testing.T) {
 		t.Parallel()
 		key := "EXAMPLE"
 
@@ -0,0 +1,28 @@
+package reaper
+
+import "github.com/hashicorp/go-reap"
+
+type Option func(o *options)
+
+// WithExecArgs specifies the exec arguments for the fork exec call.
+// By default the same arguments as the parent are used as dictated by
+// os.Args. Since ForkReap calls a fork-exec it is the responsibility of
+// the caller to avoid fork-bombing oneself.
+func WithExecArgs(args ...string) Option {
+	return func(o *options) {
+		o.ExecArgs = args
+	}
+}
+
+// WithPIDCallback sets the channel that reaped child process PIDs are pushed
+// onto.
+func WithPIDCallback(ch reap.PidCh) Option {
+	return func(o *options) {
+		o.PIDs = ch
+	}
+}
+
+type options struct {
+	ExecArgs []string
+	PIDs     reap.PidCh
+}
@@ -2,18 +2,11 @@
 
 package reaper
 
-import "github.com/hashicorp/go-reap"
-
-// IsChild returns true if we're the forked process.
-func IsChild() bool {
-	return false
-}
-
 // IsInitProcess returns true if the current process's PID is 1.
 func IsInitProcess() bool {
 	return false
 }
 
-func ForkReap(_ reap.PidCh) error {
+func ForkReap(opt ...Option) error {
 	return nil
 }
@@ -24,17 +24,16 @@ func TestReap(t *testing.T) {
 		t.Skip("Detected CI, skipping reaper tests")
 	}
 
-	// Because we're forkexecing these tests will try to run twice...
-	if reaper.IsChild() {
-		t.Skip("I'm a child!")
-	}
-
 	// OK checks that's the reaper is successfully reaping
 	// exited processes and passing the PIDs through the shared
 	// channel.
 	t.Run("OK", func(t *testing.T) {
 		pids := make(reap.PidCh, 1)
-		err := reaper.ForkReap(pids)
+		err := reaper.ForkReap(
+			reaper.WithPIDCallback(pids),
+			// Provide some argument that immediately exits.
+			reaper.WithExecArgs("/bin/sh", "-c", "exit 0"),
+		)
 		require.NoError(t, err)
 
 		cmd := exec.Command("tail", "-f", "/dev/null")