coder
diff --git a/‎.github/dependabot.yaml
Lines changed: 1 addition & 20 deletions b/‎.github/dependabot.yaml
Lines changed: 1 addition & 20 deletions
diff --git a/‎.github/workflows/ci.yaml
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/ci.yaml
Lines changed: 1 addition & 1 deletion
diff --git a/‎cli/templateplan.go
Lines changed: 0 additions & 18 deletions b/‎cli/templateplan.go
Lines changed: 0 additions & 18 deletions
diff --git a/‎cli/templates.go
Lines changed: 0 additions & 1 deletion b/‎cli/templates.go
Lines changed: 0 additions & 1 deletion
diff --git a/‎cli/testdata/coder_templates_--help.golden
Lines changed: 0 additions & 1 deletion b/‎cli/testdata/coder_templates_--help.golden
Lines changed: 0 additions & 1 deletion
diff --git a/‎coderd/httpapi/cookie.go
Lines changed: 3 additions & 2 deletions b/‎coderd/httpapi/cookie.go
Lines changed: 3 additions & 2 deletions
diff --git a/‎coderd/httpmw/apikey.go
Lines changed: 4 additions & 9 deletions b/‎coderd/httpmw/apikey.go
Lines changed: 4 additions & 9 deletions
diff --git a/‎coderd/workspaceagents.go
Lines changed: 32 additions & 9 deletions b/‎coderd/workspaceagents.go
Lines changed: 32 additions & 9 deletions
diff --git a/‎coderd/workspaceagents_test.go
Lines changed: 85 additions & 0 deletions b/‎coderd/workspaceagents_test.go
Lines changed: 85 additions & 0 deletions
@@ -8,7 +8,7 @@ updates:
       timezone: "America/Chicago"
     labels: []
     commit-message:
-      prefix: "chore"
+      prefix: "ci"
     ignore:
       # These actions deliver the latest versions by updating the major
       # release tag, so ignore minor and patch versions
@@ -117,11 +117,6 @@ updates:
           - "@eslint*"
           - "@typescript-eslint/eslint-plugin"
           - "@typescript-eslint/parser"
-      jest:
-        patterns:
-          - "jest*"
-          - "@swc/jest"
-          - "@types/jest"
 
   - package-ecosystem: "npm"
     directory: "/offlinedocs/"
@@ -146,20 +141,6 @@ updates:
           - version-update:semver-major
 
   # Update dogfood.
-  - package-ecosystem: "docker"
-    directory: "/dogfood/"
-    schedule:
-      interval: "weekly"
-      time: "06:00"
-      timezone: "America/Chicago"
-    commit-message:
-      prefix: "chore"
-    labels: []
-    groups:
-      dogfood-docker:
-        patterns:
-          - "*"
-
   - package-ecosystem: "terraform"
     directory: "/dogfood/"
     schedule:
 
@@ -137,7 +137,7 @@ jobs:
 
       # Check for any typos
       - name: Check for typos
-        uses: crate-ci/typos@v1.16.6
+        uses: crate-ci/typos@v1.16.8
         with:
           config: .github/workflows/typos.toml
 
 
@@ -37,7 +37,6 @@ func (r *RootCmd) templates() *clibase.Cmd {
 			r.templateEdit(),
 			r.templateInit(),
 			r.templateList(),
-			r.templatePlan(),
 			r.templatePush(),
 			r.templateVersions(),
 			r.templateDelete(),
 
@@ -24,7 +24,6 @@ Templates are written in standard Terraform and describe the infrastructure for
     edit        Edit the metadata of a template by name.
     init        Get started with a templated template.
     list        List all the templates available for the organization
-    plan        Plan a template push from the current directory
     pull        Download the latest version of a template to a path.
     push        Push a new template version from the current directory or as
                 specified by flag
 
@@ -23,8 +23,9 @@ func StripCoderCookies(header string) string {
 		if name == codersdk.SessionTokenCookie ||
 			name == codersdk.OAuth2StateCookie ||
 			name == codersdk.OAuth2RedirectCookie ||
-			name == codersdk.DevURLSessionTokenCookie ||
-			name == codersdk.DevURLSignedAppTokenCookie {
+			name == codersdk.PathAppSessionTokenCookie ||
+			name == codersdk.SubdomainAppSessionTokenCookie ||
+			name == codersdk.SignedAppTokenCookie {
 			continue
 		}
 		cookies = append(cookies, part)
 
@@ -453,10 +453,10 @@ func ExtractAPIKey(rw http.ResponseWriter, r *http.Request, cfg ExtractAPIKeyCon
 // APITokenFromRequest returns the api token from the request.
 // Find the session token from:
 // 1: The cookie
-// 1: The devurl cookie
-// 3: The old cookie
-// 4. The coder_session_token query parameter
-// 5. The custom auth header
+// 2. The coder_session_token query parameter
+// 3. The custom auth header
+//
+// API tokens for apps are read from workspaceapps/cookies.go.
 func APITokenFromRequest(r *http.Request) string {
 	cookie, err := r.Cookie(codersdk.SessionTokenCookie)
 	if err == nil && cookie.Value != "" {
@@ -473,11 +473,6 @@ func APITokenFromRequest(r *http.Request) string {
 		return headerValue
 	}
 
-	cookie, err = r.Cookie(codersdk.DevURLSessionTokenCookie)
-	if err == nil && cookie.Value != "" {
-		return cookie.Value
-	}
-
 	return ""
 }
 
 
@@ -23,6 +23,7 @@ import (
 	"github.com/go-chi/chi/v5"
 	"github.com/google/uuid"
 	"golang.org/x/exp/maps"
+	"golang.org/x/exp/slices"
 	"golang.org/x/mod/semver"
 	"golang.org/x/sync/errgroup"
 	"golang.org/x/xerrors"
@@ -481,6 +482,15 @@ func (api *API) workspaceAgentLogs(rw http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	workspace, err := api.Database.GetWorkspaceByAgentID(ctx, workspaceAgent.ID)
+	if err != nil {
+		httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{
+			Message: "Internal error fetching workspace by agent id.",
+			Detail:  err.Error(),
+		})
+		return
+	}
+
 	api.WebsocketWaitMutex.Lock()
 	api.WebsocketWaitGroup.Add(1)
 	api.WebsocketWaitMutex.Unlock()
@@ -556,7 +566,8 @@ func (api *API) workspaceAgentLogs(rw http.ResponseWriter, r *http.Request) {
 	go func() {
 		defer close(bufferedLogs)
 
-		for {
+		keepGoing := true
+		for keepGoing {
 			select {
 			case <-ctx.Done():
 				return
@@ -565,6 +576,18 @@ func (api *API) workspaceAgentLogs(rw http.ResponseWriter, r *http.Request) {
 				t.Reset(recheckInterval)
 			}
 
+			agents, err := api.Database.GetWorkspaceAgentsInLatestBuildByWorkspaceID(ctx, workspace.ID)
+			if err != nil {
+				if xerrors.Is(err, context.Canceled) {
+					return
+				}
+				logger.Warn(ctx, "failed to get workspace agents in latest build", slog.Error(err))
+				continue
+			}
+			// If the agent is no longer in the latest build, we can stop after
+			// checking once.
+			keepGoing = slices.ContainsFunc(agents, func(agent database.WorkspaceAgent) bool { return agent.ID == workspaceAgent.ID })
+
 			logs, err := api.Database.GetWorkspaceAgentLogsAfter(ctx, database.GetWorkspaceAgentLogsAfterParams{
 				AgentID:      workspaceAgent.ID,
 				CreatedAfter: lastSentLogID,
@@ -878,13 +901,15 @@ func (api *API) derpMapUpdates(rw http.ResponseWriter, r *http.Request) {
 		})
 		return
 	}
-	nconn := websocket.NetConn(ctx, ws, websocket.MessageBinary)
+	ctx, nconn := websocketNetConn(ctx, ws, websocket.MessageBinary)
 	defer nconn.Close()
 
 	// Slurp all packets from the connection into io.Discard so pongs get sent
-	// by the websocket package.
+	// by the websocket package. We don't do any reads ourselves so this is
+	// necessary.
 	go func() {
 		_, _ = io.Copy(io.Discard, nconn)
+		_ = nconn.Close()
 	}()
 
 	go func(ctx context.Context) {
@@ -899,13 +924,11 @@ func (api *API) derpMapUpdates(rw http.ResponseWriter, r *http.Request) {
 				return
 			}
 
-			// We don't need a context that times out here because the ping will
-			// eventually go through. If the context times out, then other
-			// websocket read operations will receive an error, obfuscating the
-			// actual problem.
+			ctx, cancel := context.WithTimeout(ctx, 30*time.Second)
 			err := ws.Ping(ctx)
+			cancel()
 			if err != nil {
-				_ = ws.Close(websocket.StatusInternalError, err.Error())
+				_ = nconn.Close()
 				return
 			}
 		}
@@ -920,7 +943,7 @@ func (api *API) derpMapUpdates(rw http.ResponseWriter, r *http.Request) {
 		if lastDERPMap == nil || !tailnet.CompareDERPMaps(lastDERPMap, derpMap) {
 			err := json.NewEncoder(nconn).Encode(derpMap)
 			if err != nil {
-				_ = ws.Close(websocket.StatusInternalError, err.Error())
+				_ = nconn.Close()
 				return
 			}
 			lastDERPMap = derpMap
 
@@ -242,6 +242,91 @@ func TestWorkspaceAgentStartupLogs(t *testing.T) {
 		require.Equal(t, "testing", logChunk[0].Output)
 		require.Equal(t, "testing2", logChunk[1].Output)
 	})
+	t.Run("Close logs on outdated build", func(t *testing.T) {
+		t.Parallel()
+		ctx := testutil.Context(t, testutil.WaitMedium)
+		client := coderdtest.New(t, &coderdtest.Options{
+			IncludeProvisionerDaemon: true,
+		})
+		user := coderdtest.CreateFirstUser(t, client)
+		authToken := uuid.NewString()
+		version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, &echo.Responses{
+			Parse:         echo.ParseComplete,
+			ProvisionPlan: echo.PlanComplete,
+			ProvisionApply: []*proto.Response{{
+				Type: &proto.Response_Apply{
+					Apply: &proto.ApplyComplete{
+						Resources: []*proto.Resource{{
+							Name: "example",
+							Type: "aws_instance",
+							Agents: []*proto.Agent{{
+								Id: uuid.NewString(),
+								Auth: &proto.Agent_Token{
+									Token: authToken,
+								},
+							}},
+						}},
+					},
+				},
+			}},
+		})
+		template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID)
+		coderdtest.AwaitTemplateVersionJob(t, client, version.ID)
+		workspace := coderdtest.CreateWorkspace(t, client, user.OrganizationID, template.ID)
+		build := coderdtest.AwaitWorkspaceBuildJob(t, client, workspace.LatestBuild.ID)
+
+		agentClient := agentsdk.New(client.URL)
+		agentClient.SetSessionToken(authToken)
+		err := agentClient.PatchLogs(ctx, agentsdk.PatchLogs{
+			Logs: []agentsdk.Log{
+				{
+					CreatedAt: database.Now(),
+					Output:    "testing",
+				},
+			},
+		})
+		require.NoError(t, err)
+
+		logs, closer, err := client.WorkspaceAgentLogsAfter(ctx, build.Resources[0].Agents[0].ID, 0, true)
+		require.NoError(t, err)
+		defer func() {
+			_ = closer.Close()
+		}()
+
+		first := make(chan struct{})
+		go func() {
+			select {
+			case <-ctx.Done():
+				assert.Fail(t, "context done while waiting in goroutine")
+			case <-logs:
+				close(first)
+			}
+		}()
+		select {
+		case <-ctx.Done():
+			require.FailNow(t, "context done while waiting for first log")
+		case <-first:
+		}
+
+		_ = coderdtest.CreateWorkspaceBuild(t, client, workspace, database.WorkspaceTransitionStart)
+
+		// Send a new log message to trigger a re-check.
+		err = agentClient.PatchLogs(ctx, agentsdk.PatchLogs{
+			Logs: []agentsdk.Log{
+				{
+					CreatedAt: database.Now(),
+					Output:    "testing2",
+				},
+			},
+		})
+		require.NoError(t, err)
+
+		select {
+		case <-ctx.Done():
+			require.FailNow(t, "context done while waiting for logs close")
+		case <-logs:
+		}
+	})
 	t.Run("PublishesOnOverflow", func(t *testing.T) {
 		t.Parallel()
 		ctx := testutil.Context(t, testutil.WaitMedium)