coder
diff --git a/‎.github/workflows/packages.yaml
+16-5 b/‎.github/workflows/packages.yaml
+16-5
diff --git a/‎.github/workflows/stale.yaml
+1-1 b/‎.github/workflows/stale.yaml
+1-1
diff --git a/‎cli/deployment/config.go
+6-6 b/‎cli/deployment/config.go
+6-6
diff --git a/‎cli/server.go
+3-24 b/‎cli/server.go
+3-24
diff --git a/‎cli/testdata/coder_server_--help.golden
+3 b/‎cli/testdata/coder_server_--help.golden
+3
diff --git a/‎coderd/apidoc/docs.go
+3-3 b/‎coderd/apidoc/docs.go
+3-3
diff --git a/‎coderd/apidoc/swagger.json
+3-3 b/‎coderd/apidoc/swagger.json
+3-3
diff --git a/‎coderd/audit/request.go
+14-6 b/‎coderd/audit/request.go
+14-6
diff --git a/‎coderd/coderd.go
-1 b/‎coderd/coderd.go
-1
diff --git a/‎coderd/coderdtest/coderdtest.go
+1-2 b/‎coderd/coderdtest/coderdtest.go
+1-2
diff --git a/‎coderd/database/databasefake/databasefake.go
+20 b/‎coderd/database/databasefake/databasefake.go
+20
diff --git a/‎coderd/database/querier.go
+2 b/‎coderd/database/querier.go
+2
diff --git a/‎coderd/database/queries.sql.go
+21 b/‎coderd/database/queries.sql.go
+21
diff --git a/‎coderd/database/queries/siteconfig.sql
+7 b/‎coderd/database/queries/siteconfig.sql
+7
@@ -15,13 +15,11 @@ jobs:
         run: |
           Invoke-WebRequest https://aka.ms/wingetcreate/latest -OutFile wingetcreate.exe
 
-      # the package version is the same as the release tag without the leading
-      # "v", and with a trailing ".0" (e.g. "v1.2.3" -> "1.2.3.0")
+      # The package version is the same as the tag minus the leading "v".
       - name: Calculate package version
         id: version
         run: |
           $version = $env:CODER_VERSION -replace "^v", ""
-          $version += ".0"
           echo "::set-output name=version::$version"
 
       - name: Submit updated manifest to winget-pkgs
@@ -35,17 +33,30 @@ jobs:
 
           echo "Installer URL: $installer_url"
 
+          # The URL "|X64" suffix forces the architecture as it cannot be
+          # sniffed properly from the URL. wingetcreate checks both the URL and
+          # binary magic bytes for the architecture and they need to both match,
+          # but they only check for `x64`, `win64` and `_64` in the URL. Our URL
+          # contains `amd64` which doesn't match sadly.
+          #
+          # wingetcreate will still do the binary magic bytes check, so if we
+          # accidentally change the architecture of the installer, it will fail
+          # submission.
           .\wingetcreate.exe update Coder.Coder `
             --submit `
             --version "${{ steps.version.outputs.version }}" `
-            --urls "$installer_url" `
+            --urls "${installer_url}|X64" `
             --token "${{ secrets.CDRCI_GITHUB_TOKEN }}"
 
+        env:
+          # For gh CLI:
+          GH_TOKEN: ${{ github.token }}
+
       - name: Comment on PR
         run: |
           # find the PR that wingetcreate just made
           $pr_list = gh pr list --repo microsoft/winget-pkgs --search "author:cdrci Coder.Coder version ${{ steps.version.outputs.version }}" --limit 1 --json number | `
             ConvertFrom-Json`
           $pr_number = $pr_list[0].number
 
-          gh pr comment --repo microsoft/winget-pkgs "$pr_number" --body "🤖 cc: @deansheather"
+          gh pr comment --repo microsoft/winget-pkgs "$pr_number" --body "🤖 cc: @deansheather @matifali"
@@ -13,7 +13,7 @@ jobs:
     steps:
       # v5.1.0 has a weird bug that makes stalebot add then remove its own label
       # https://github.com/actions/stale/pull/775
-      - uses: actions/stale@v6.0.0
+      - uses: actions/stale@v7.0.0
         with:
           stale-issue-label: "stale"
           stale-pr-label: "stale"
 
@@ -248,6 +248,12 @@ func newConfig() *codersdk.DeploymentConfig {
 				Flag:    "oidc-ignore-email-verified",
 				Default: false,
 			},
+			UsernameField: &codersdk.DeploymentConfigField[string]{
+				Name:    "OIDC Username Field",
+				Usage:   "OIDC claim field to use as the username.",
+				Flag:    "oidc-username-field",
+				Default: "preferred_username",
+			},
 		},
 
 		Telemetry: &codersdk.TelemetryConfig{
@@ -356,12 +362,6 @@ func newConfig() *codersdk.DeploymentConfig {
 			Flag:    "ssh-keygen-algorithm",
 			Default: "ed25519",
 		},
-		AutoImportTemplates: &codersdk.DeploymentConfigField[[]string]{
-			Name:   "Auto Import Templates",
-			Usage:  "Templates to auto-import. Available auto-importable templates are: kubernetes",
-			Flag:   "auto-import-template",
-			Hidden: true,
-		},
 		MetricsCacheRefreshInterval: &codersdk.DeploymentConfigField[time.Duration]{
 			Name:    "Metrics Cache Refresh Interval",
 			Usage:   "How frequently metrics are refreshed",
 
@@ -371,27 +371,6 @@ func Server(vip *viper.Viper, newAPI func(context.Context, *coderd.Options) (*co
 				return xerrors.Errorf("parse ssh keygen algorithm %s: %w", cfg.SSHKeygenAlgorithm.Value, err)
 			}
 
-			// Validate provided auto-import templates.
-			var (
-				validatedAutoImportTemplates     = make([]coderd.AutoImportTemplate, len(cfg.AutoImportTemplates.Value))
-				seenValidatedAutoImportTemplates = make(map[coderd.AutoImportTemplate]struct{}, len(cfg.AutoImportTemplates.Value))
-			)
-			for i, autoImportTemplate := range cfg.AutoImportTemplates.Value {
-				var v coderd.AutoImportTemplate
-				switch autoImportTemplate {
-				case "kubernetes":
-					v = coderd.AutoImportTemplateKubernetes
-				default:
-					return xerrors.Errorf("auto import template %q is not supported", autoImportTemplate)
-				}
-
-				if _, ok := seenValidatedAutoImportTemplates[v]; ok {
-					return xerrors.Errorf("auto import template %q is specified more than once", v)
-				}
-				seenValidatedAutoImportTemplates[v] = struct{}{}
-				validatedAutoImportTemplates[i] = v
-			}
-
 			defaultRegion := &tailcfg.DERPRegion{
 				EmbeddedRelay: true,
 				RegionID:      cfg.DERP.Server.RegionID.Value,
@@ -449,7 +428,6 @@ func Server(vip *viper.Viper, newAPI func(context.Context, *coderd.Options) (*co
 				SSHKeygenAlgorithm:          sshKeygenAlgorithm,
 				TracerProvider:              tracerProvider,
 				Telemetry:                   telemetry.NewNoop(),
-				AutoImportTemplates:         validatedAutoImportTemplates,
 				MetricsCacheRefreshInterval: cfg.MetricsCacheRefreshInterval.Value,
 				AgentStatsRefreshInterval:   cfg.AgentStatRefreshInterval.Value,
 				DeploymentConfig:            cfg,
@@ -526,8 +504,9 @@ func Server(vip *viper.Viper, newAPI func(context.Context, *coderd.Options) (*co
 					Verifier: oidcProvider.Verifier(&oidc.Config{
 						ClientID: cfg.OIDC.ClientID.Value,
 					}),
-					EmailDomain:  cfg.OIDC.EmailDomain.Value,
-					AllowSignups: cfg.OIDC.AllowSignups.Value,
+					EmailDomain:   cfg.OIDC.EmailDomain.Value,
+					AllowSignups:  cfg.OIDC.AllowSignups.Value,
+					UsernameField: cfg.OIDC.UsernameField.Value,
 				}
 			}
 
 
@@ -112,6 +112,9 @@ Flags:
                                                      OIDC.
                                                      Consumes $CODER_OIDC_SCOPES (default
                                                      [openid,profile,email])
+      --oidc-username-field string                   OIDC claim field to use as the username.
+                                                     Consumes $CODER_OIDC_USERNAME_FIELD
+                                                     (default "preferred_username")
       --postgres-url string                          URL of a PostgreSQL database. If empty,
                                                      PostgreSQL binaries will be downloaded
                                                      from Maven
 
@@ -2331,9 +2331,6 @@ const docTemplate = `{
                 "audit_logging": {
                     "$ref": "#/definitions/codersdk.DeploymentConfigField-bool"
                 },
-                "auto_import_templates": {
-                    "$ref": "#/definitions/codersdk.DeploymentConfigField-array_string"
-                },
                 "autobuild_poll_interval": {
                     "$ref": "#/definitions/codersdk.DeploymentConfigField-time_Duration"
                 },
@@ -2744,6 +2741,9 @@ const docTemplate = `{
                 },
                 "scopes": {
                     "$ref": "#/definitions/codersdk.DeploymentConfigField-array_string"
+                },
+                "username_field": {
+                    "$ref": "#/definitions/codersdk.DeploymentConfigField-string"
                 }
             }
         },
 
@@ -2064,9 +2064,6 @@
         "audit_logging": {
           "$ref": "#/definitions/codersdk.DeploymentConfigField-bool"
         },
-        "auto_import_templates": {
-          "$ref": "#/definitions/codersdk.DeploymentConfigField-array_string"
-        },
         "autobuild_poll_interval": {
           "$ref": "#/definitions/codersdk.DeploymentConfigField-time_Duration"
         },
@@ -2475,6 +2472,9 @@
         },
         "scopes": {
           "$ref": "#/definitions/codersdk.DeploymentConfigField-array_string"
+        },
+        "username_field": {
+          "$ref": "#/definitions/codersdk.DeploymentConfigField-string"
         }
       }
     },
 
@@ -157,7 +157,7 @@ func InitRequest[T Auditable](w http.ResponseWriter, p *RequestParams) (*Request
 		}
 
 		ip := parseIP(p.Request.RemoteAddr)
-		err := p.Audit.Export(ctx, database.AuditLog{
+		auditLog := database.AuditLog{
 			ID:               uuid.New(),
 			Time:             database.Now(),
 			UserID:           httpmw.APIKey(p.Request).UserID,
@@ -171,9 +171,13 @@ func InitRequest[T Auditable](w http.ResponseWriter, p *RequestParams) (*Request
 			StatusCode:       int32(sw.Status),
 			RequestID:        httpmw.RequestID(p.Request),
 			AdditionalFields: p.AdditionalFields,
-		})
+		}
+		err := p.Audit.Export(ctx, auditLog)
 		if err != nil {
-			p.Log.Error(logCtx, "export audit log", slog.Error(err))
+			p.Log.Error(logCtx, "export audit log",
+				slog.F("audit_log", auditLog),
+				slog.Error(err),
+			)
 			return
 		}
 	}
@@ -192,7 +196,7 @@ func BuildAudit[T Auditable](ctx context.Context, p *BuildAuditParams[T]) {
 		p.AdditionalFields = json.RawMessage("{}")
 	}
 
-	err := p.Audit.Export(ctx, database.AuditLog{
+	auditLog := database.AuditLog{
 		ID:               uuid.New(),
 		Time:             database.Now(),
 		UserID:           p.UserID,
@@ -206,9 +210,13 @@ func BuildAudit[T Auditable](ctx context.Context, p *BuildAuditParams[T]) {
 		StatusCode:       int32(p.Status),
 		RequestID:        p.JobID,
 		AdditionalFields: p.AdditionalFields,
-	})
+	}
+	err := p.Audit.Export(ctx, auditLog)
 	if err != nil {
-		p.Log.Error(ctx, "export audit log", slog.Error(err))
+		p.Log.Error(ctx, "export audit log",
+			slog.F("audit_log", auditLog),
+			slog.Error(err),
+		)
 		return
 	}
 }
 
@@ -97,7 +97,6 @@ type Options struct {
 	SSHKeygenAlgorithm   gitsshkey.Algorithm
 	Telemetry            telemetry.Reporter
 	TracerProvider       trace.TracerProvider
-	AutoImportTemplates  []AutoImportTemplate
 	GitAuthConfigs       []*gitauth.Config
 	RealIPConfig         *httpmw.RealIPConfig
 	TrialGenerator       func(ctx context.Context, email string) error
 
@@ -93,7 +93,6 @@ type Options struct {
 	GoogleTokenValidator *idtoken.Validator
 	SSHKeygenAlgorithm   gitsshkey.Algorithm
 	APIRateLimit         int
-	AutoImportTemplates  []coderd.AutoImportTemplate
 	AutobuildTicker      <-chan time.Time
 	AutobuildStats       chan<- executor.Stats
 	Auditor              audit.Auditor
@@ -294,7 +293,6 @@ func NewOptions(t *testing.T, options *Options) (func(http.Handler), context.Can
 					},
 				},
 			},
-			AutoImportTemplates:         options.AutoImportTemplates,
 			MetricsCacheRefreshInterval: options.MetricsCacheRefreshInterval,
 			AgentStatsRefreshInterval:   options.AgentStatsRefreshInterval,
 			DeploymentConfig:            options.DeploymentConfig,
@@ -880,6 +878,7 @@ func (o *OIDCConfig) OIDCConfig() *coderd.OIDCConfig {
 		}, &oidc.Config{
 			SkipClientIDCheck: true,
 		}),
+		UsernameField: "preferred_username",
 	}
 }
 
 
@@ -123,6 +123,7 @@ type data struct {
 	derpMeshKey     string
 	lastUpdateCheck []byte
 	serviceBanner   []byte
+	logoURL         string
 	lastLicenseID   int32
 }
 
@@ -3356,6 +3357,25 @@ func (q *fakeQuerier) GetServiceBanner(_ context.Context) (string, error) {
 	return string(q.serviceBanner), nil
 }
 
+func (q *fakeQuerier) InsertOrUpdateLogoURL(_ context.Context, data string) error {
+	q.mutex.RLock()
+	defer q.mutex.RUnlock()
+
+	q.logoURL = data
+	return nil
+}
+
+func (q *fakeQuerier) GetLogoURL(_ context.Context) (string, error) {
+	q.mutex.RLock()
+	defer q.mutex.RUnlock()
+
+	if q.logoURL == "" {
+		return "", sql.ErrNoRows
+	}
+
+	return q.logoURL, nil
+}
+
 func (q *fakeQuerier) InsertLicense(
 	_ context.Context, arg database.InsertLicenseParams,
 ) (database.License, error) {
 
@@ -23,3 +23,10 @@ ON CONFLICT (key) DO UPDATE SET value = $1 WHERE site_configs.key = 'service_ban
 
 -- name: GetServiceBanner :one
 SELECT value FROM site_configs WHERE key = 'service_banner';
+
+-- name: InsertOrUpdateLogoURL :exec
+INSERT INTO site_configs (key, value) VALUES ('logo_url', $1)
+ON CONFLICT (key) DO UPDATE SET value = $1 WHERE site_configs.key = 'logo_url';
+
+-- name: GetLogoURL :one
+SELECT value FROM site_configs WHERE key = 'logo_url';