coder
diff --git a/‎.github/actions/setup-go/action.yaml
Lines changed: 12 additions & 11 deletions b/‎.github/actions/setup-go/action.yaml
Lines changed: 12 additions & 11 deletions
diff --git a/‎.github/actions/setup-node/action.yaml
Lines changed: 11 additions & 3 deletions b/‎.github/actions/setup-node/action.yaml
Lines changed: 11 additions & 3 deletions
diff --git a/‎.github/workflows/ci.yaml
Lines changed: 92 additions & 31 deletions b/‎.github/workflows/ci.yaml
Lines changed: 92 additions & 31 deletions
diff --git a/‎.github/workflows/pr-cleanup.yaml
Lines changed: 15 additions & 2 deletions b/‎.github/workflows/pr-cleanup.yaml
Lines changed: 15 additions & 2 deletions
@@ -4,7 +4,7 @@ description: |
 inputs:
   version:
     description: "The Go version to use."
-    default: "1.20.6"
+    default: "1.20.7"
 runs:
   using: "composite"
   steps:
@@ -39,24 +39,25 @@ runs:
         path: |
           ${{ env.GOMODCACHE }}
         key: gomodcache-${{ runner.os }}-${{ hashFiles('**/go.sum') }}-${{ github.job }}
-        restore-keys: |
-          gomodcache-${{ runner.os }}-${{ hashFiles('**/go.sum') }}-
-          gomodcache-${{ runner.os }}-
+        # restore-keys aren't used because it causes the cache to grow
+        # infinitely. go.sum changes very infrequently, so rebuilding from
+        # scratch every now and then isn't terrible.
 
     - name: Cache $GOCACHE
       uses: buildjet/cache@v3
       with:
         path: |
           ${{ env.GOCACHE }}
-        # Job name must be included in the key for effective
-        # test cache reuse.
+        # Job name must be included in the key for effective test cache reuse.
         # The key format is intentionally different than GOMODCACHE, because any
-        # time a Go file changes we invalidate this cache, whereas GOMODCACHE
-        # is only invalidated when go.sum changes.
-        key: gocache-${{ runner.os }}-${{ github.job }}-${{ hashFiles('**/*.go', 'go.**') }}
+        # time a Go file changes we invalidate this cache, whereas GOMODCACHE is
+        # only invalidated when go.sum changes.
+        # The number in the key is incremented when the cache gets too large,
+        # since this technically grows without bound.
+        key: gocache2-${{ runner.os }}-${{ github.job }}-${{ hashFiles('**/*.go', 'go.**') }}
         restore-keys: |
-          gocache-${{ runner.os }}-${{ github.job }}-
-          gocache-${{ runner.os }}-
+          gocache2-${{ runner.os }}-${{ github.job }}-
+          gocache2-${{ runner.os }}-
 
     - name: Install gotestsum
       shell: bash
 
@@ -10,14 +10,22 @@ inputs:
 runs:
   using: "composite"
   steps:
+    - name: Install pnpm
+      uses: pnpm/action-setup@v2
+      with:
+        version: 8
     - name: Setup Node
       uses: buildjet/setup-node@v3
       with:
         node-version: 18.17.0
         # See https://github.com/actions/setup-node#caching-global-packages-data
-        cache: "yarn"
-        cache-dependency-path: ${{ inputs.directory }}/yarn.lock
+        cache: "pnpm"
+        cache-dependency-path: ${{ inputs.directory }}/pnpm-lock.yaml
+    - name: Install root node_modules
+      shell: bash
+      run: ./scripts/pnpm_install.sh
+
     - name: Install node_modules
       shell: bash
-      run: ../scripts/yarn_install.sh
+      run: ../scripts/pnpm_install.sh
       working-directory: ${{ inputs.directory }}
@@ -14,7 +14,7 @@ permissions:
   contents: read
   deployments: none
   issues: none
-  packages: none
+  packages: write
   pull-requests: none
   repository-projects: none
   security-events: none
@@ -40,6 +40,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v3
+        with:
+          fetch-depth: 1
       # For pull requests it's not necessary to checkout the code
       - name: check changed files
         uses: dorny/paths-filter@v2
@@ -109,6 +111,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v3
+        with:
+          fetch-depth: 1
 
       - name: Setup Node
         uses: ./.github/actions/setup-node
@@ -133,7 +137,7 @@ jobs:
 
       # Check for any typos
       - name: Check for typos
-        uses: crate-ci/typos@v1.16.1
+        uses: crate-ci/typos@v1.16.2
         with:
           config: .github/workflows/typos.toml
 
@@ -162,6 +166,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v3
+        with:
+          fetch-depth: 1
 
       - name: Setup Node
         uses: ./.github/actions/setup-node
@@ -207,6 +213,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v3
+        with:
+          fetch-depth: 1
 
       - name: Setup Node
         uses: ./.github/actions/setup-node
@@ -216,19 +224,7 @@ jobs:
         with:
           # This doesn't need caching. It's super fast anyways!
           cache: false
-          go-version: 1.20.6
-
-      - name: Install prettier
-        # We only need prettier for fmt, so do not install all dependencies.
-        # There is no way to install a single package with yarn, so we have to
-        # make a new package.json with only prettier listed as a dependency.
-        # Then running `yarn` will only install prettier.
-        run: |
-          cd site
-          mv package.json package.json.bak
-          jq '{dependencies: {prettier: .devDependencies.prettier}}' < package.json.bak > package.json
-          yarn --frozen-lockfile
-          mv package.json.bak package.json
+          go-version: 1.20.7
 
       - name: Install shfmt
         run: go install mvdan.cc/sh/v3/cmd/shfmt@v3.5.0
@@ -256,6 +252,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v3
+        with:
+          fetch-depth: 1
 
       - name: Setup Go
         uses: ./.github/actions/setup-go
@@ -323,6 +321,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v3
+        with:
+          fetch-depth: 1
 
       - name: Setup Go
         uses: ./.github/actions/setup-go
@@ -369,6 +369,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v3
+        with:
+          fetch-depth: 1
 
       - name: Setup Go
         uses: ./.github/actions/setup-go
@@ -488,11 +490,13 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v3
+        with:
+          fetch-depth: 1
 
       - name: Setup Node
         uses: ./.github/actions/setup-node
 
-      - run: yarn test:ci --max-workers $(nproc)
+      - run: pnpm test:ci --max-workers $(nproc)
         working-directory: site
 
       - name: Check code coverage
@@ -516,6 +520,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v3
+        with:
+          fetch-depth: 1
 
       - name: Setup Node
         uses: ./.github/actions/setup-node
@@ -528,13 +534,12 @@ jobs:
 
       - name: Build
         run: |
-          sudo npm install -g prettier
           make -B site/out/index.html
 
-      - run: yarn playwright:install
+      - run: pnpm playwright:install
         working-directory: site
 
-      - run: yarn playwright:test
+      - run: pnpm playwright:test
         env:
           DEBUG: pw:api
         working-directory: site
@@ -619,6 +624,7 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v3
         with:
+          # 0 is required here for version.sh to work.
           fetch-depth: 0
 
       - name: Setup Node
@@ -638,28 +644,19 @@ jobs:
         with:
           sqlc-version: "1.19.1"
 
-      - name: Install dependencies
-        run: |
-          cd offlinedocs
-          yarn
-          # Install prettier globally
-          prettier_version=$(jq -r '.devDependencies.prettier' < package.json)
-          yarn global add "prettier@${prettier_version}"
-
       - name: Format
         run: |
           cd offlinedocs
-          yarn format:check
+          pnpm format:check
 
       - name: Lint
         run: |
           cd offlinedocs
-          yarn lint
+          pnpm lint
 
       - name: Build
         run: |
-          version="$(./scripts/version.sh)"
-          make -j build/coder_docs_"$version".tgz
+          make -j build/coder_docs_"$(./scripts/version.sh)".tgz
 
   required:
     runs-on: ubuntu-latest
@@ -671,6 +668,7 @@ jobs:
       - test-go-pg
       - test-go-race
       - test-js
+      - test-e2e
       - offlinedocs
     # Allow this job to run even if the needed jobs fail, are skipped or
     # cancelled.
@@ -695,3 +693,66 @@ jobs:
           fi
 
           echo "Required checks have passed"
+
+  build-main-image:
+    # This build and publihes ghcr.io/coder/coder-preview:main for each merge commit to main branch.
+    # We are only building this for amd64 plateform. (>95% pulls are for amd64)
+    needs: changes
+    if: github.ref == 'refs/heads/main' && needs.changes.outputs.docs-only == 'false'
+    runs-on: ${{ github.repository_owner == 'coder' && 'buildjet-8vcpu-ubuntu-2204' || 'ubuntu-latest' }}
+    env:
+      DOCKER_CLI_EXPERIMENTAL: "enabled"
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Setup Node
+        uses: ./.github/actions/setup-node
+
+      - name: Setup Go
+        uses: ./.github/actions/setup-go
+
+      - name: Setup sqlc
+        uses: ./.github/actions/setup-sqlc
+
+      - name: GHCR Login
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and push Linux amd64 Docker image
+        id: build_and_push
+        run: |
+          set -euxo pipefail
+          go mod download
+          make gen/mark-fresh
+          export DOCKER_IMAGE_NO_PREREQUISITES=true
+          version="$(./scripts/version.sh)"
+          export CODER_IMAGE_BUILD_BASE_TAG="$(CODER_IMAGE_BASE=coder-base ./scripts/image_tag.sh --version "$version")"
+          make -j build/coder_linux_amd64
+          ./scripts/build_docker.sh \
+            --arch amd64 \
+            --target ghcr.io/coder/coder-preview:main \
+            --version $version \
+            --push \
+            build/coder_linux_amd64
+
+          # Tag image with new package tag and push
+          tag=$(echo "$version" | sed 's/+/-/g')
+          docker tag ghcr.io/coder/coder-preview:main ghcr.io/coder/coder-preview:main-$tag
+          docker push ghcr.io/coder/coder-preview:main-$tag
+
+      - name: Prune old images
+        uses: vlaurin/action-ghcr-prune@v0.5.0
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          organization: coder
+          container: coder-preview
+          keep-younger-than: 7 # days
+          keep-tags-regexes: ^pr
+          prune-tags-regexes: ^main-
+          prune-untagged: true
@@ -1,7 +1,7 @@
 name: Cleanup PR deployment and image
 on:
   pull_request:
-    types: [closed]
+    types: closed
   workflow_dispatch:
     inputs:
       pr_number:
@@ -63,5 +63,18 @@ jobs:
           (
             curl -X DELETE "https://api.cloudflare.com/client/v4/zones/${{ secrets.PR_DEPLOYMENTS_ZONE_ID }}/dns_records/$record_id" \
             -H "Authorization: Bearer ${{ secrets.PR_DEPLOYMENTS_CLOUDFLARE_API_TOKEN }}" \
-            -H "Content-Type:application/json"
+            -H "Content-Type:application/json" | jq -r '.success'
           ) || echo "DNS record not found"
+
+      - name: "Delete certificate"
+        if: ${{ github.event.pull_request.merged == true }}
+        run: |
+          set -euxo pipefail
+          kubectl delete certificate "pr${{ steps.pr_number.outputs.PR_NUMBER }}-tls" -n pr-deployment-certs || echo "certificate not found"
+
+      - name: Delete PR Comments
+        uses: izhangzhihao/delete-comment@master
+        with:
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          delete_user_name: github-actions[bot]
+          issue_number: ${{ github.event.number }}