From d90bf31d3c3cac70bc65e925d2619b81760cd644 Mon Sep 17 00:00:00 2001
From: Muhammad Atif Ali <me@matifali.dev>
Date: Fri, 5 Jan 2024 15:11:53 +0000
Subject: [PATCH 1/2] chore(dogfood): update to use artifactory

---
 dogfood/main.tf | 57 ++++++++++++++++++++++++++++++++++++-------------
 1 file changed, 42 insertions(+), 15 deletions(-)

diff --git a/dogfood/main.tf b/dogfood/main.tf
index 034be9006b697..65ea639c5f7b9 100644
--- a/dogfood/main.tf
+++ b/dogfood/main.tf
@@ -10,6 +10,16 @@ terraform {
   }
 }
 
+variable "jfrog_url" {
+  type        = string
+  description = "Artifactory URL. e.g. https://myartifactory.example.com"
+  # ensue the URL is HTTPS or HTTP
+  validation {
+    condition     = can(regex("^(https|http)://", var.jfrog_url))
+    error_message = "jfrog_url must be a valid URL starting with either 'https://' or 'http://'"
+  }
+}
+
 locals {
   // These are cluster service addresses mapped to Tailscale nodes. Ask Dean or
   // Kyle for help.
@@ -21,7 +31,10 @@ locals {
     "sa-saopaulo"   = "tcp://oberstein-sao-cdr-dev.tailscale.svc.cluster.local:2375"
   }
 
-  repo_dir = replace(data.coder_parameter.repo_dir.value, "/^~\\//", "/home/coder/")
+  repo_dir       = replace(data.coder_parameter.repo_dir.value, "/^~\\//", "/home/coder/")
+  container_name = "coder-${data.coder_workspace.me.owner}-${lower(data.coder_workspace.me.name)}"
+  registry_name  = "codercom/oss-dogfood"
+  jfrog_host     = replace(var.jfrog_url, "https://", "")
 }
 
 data "coder_parameter" "repo_dir" {
@@ -61,6 +74,11 @@ data "coder_parameter" "region" {
 
 provider "docker" {
   host = lookup(local.docker_host, data.coder_parameter.region.value)
+  registry_auth {
+    address  = var.jfrog_url
+    username = module.jfrog.username
+    password = module.jfrog.access_token
+  }
 }
 
 provider "coder" {}
@@ -125,6 +143,20 @@ module "coder-login" {
   agent_id = coder_agent.dev.id
 }
 
+module "jfrog" {
+  source                = "https://registry.coder.com/modules/jfrog-oauth"
+  agent_id              = coder_agent.dev.id
+  jfrog_url             = var.jfrog_url
+  configure_code_server = true
+  username_field        = "username"
+  package_managers = {
+    "npm" : "npm",
+    "go" : "go",
+    "pypi" : "pypi",
+    "docker" : "docker"
+  }
+}
+
 resource "coder_agent" "dev" {
   arch = "amd64"
   os   = "linux"
@@ -219,8 +251,9 @@ resource "coder_agent" "dev" {
   startup_script_timeout = 60
   startup_script         = <<-EOT
     set -eux -o pipefail
+    # Start Docker service
     sudo service docker start
-  EOT
+EOT
 }
 
 resource "docker_volume" "home_volume" {
@@ -250,22 +283,16 @@ resource "docker_volume" "home_volume" {
   }
 }
 
-locals {
-  container_name = "coder-${data.coder_workspace.me.owner}-${lower(data.coder_workspace.me.name)}"
-  registry_name  = "codercom/oss-dogfood"
-}
-data "docker_registry_image" "dogfood" {
-  name = "${local.registry_name}:latest"
+resource "null_resource" "update_trigger" {
+  triggers = {
+    always_run = "${timestamp()}"
+  }
 }
 
 resource "docker_image" "dogfood" {
-  name = "${local.registry_name}@${data.docker_registry_image.dogfood.sha256_digest}"
-  pull_triggers = [
-    data.docker_registry_image.dogfood.sha256_digest,
-    sha1(join("", [for f in fileset(path.module, "files/*") : filesha1(f)])),
-    filesha1("Dockerfile"),
-  ]
-  keep_locally = true
+  name          = "${local.jfrog_host}/docker/${local.registry_name}:latest"
+  pull_triggers = [null_resource.update_trigger.id]
+  keep_locally  = true
 }
 
 resource "docker_container" "workspace" {

From 7f2b357e90059d84ce6eed0d4359afca5df627a0 Mon Sep 17 00:00:00 2001
From: Muhammad Atif Ali <atif@coder.com>
Date: Fri, 5 Jan 2024 22:31:17 +0300
Subject: [PATCH 2/2] Update main.tf

---
 dogfood/main.tf | 21 +++++++++------------
 1 file changed, 9 insertions(+), 12 deletions(-)

diff --git a/dogfood/main.tf b/dogfood/main.tf
index 65ea639c5f7b9..4154070329e58 100644
--- a/dogfood/main.tf
+++ b/dogfood/main.tf
@@ -74,11 +74,6 @@ data "coder_parameter" "region" {
 
 provider "docker" {
   host = lookup(local.docker_host, data.coder_parameter.region.value)
-  registry_auth {
-    address  = var.jfrog_url
-    username = module.jfrog.username
-    password = module.jfrog.access_token
-  }
 }
 
 provider "coder" {}
@@ -283,16 +278,18 @@ resource "docker_volume" "home_volume" {
   }
 }
 
-resource "null_resource" "update_trigger" {
-  triggers = {
-    always_run = "${timestamp()}"
-  }
+data "docker_registry_image" "dogfood" {
+  name = "${local.registry_name}:latest"
 }
 
 resource "docker_image" "dogfood" {
-  name          = "${local.jfrog_host}/docker/${local.registry_name}:latest"
-  pull_triggers = [null_resource.update_trigger.id]
-  keep_locally  = true
+  name = "${local.registry_name}@${data.docker_registry_image.dogfood.sha256_digest}"
+  pull_triggers = [
+    data.docker_registry_image.dogfood.sha256_digest,
+    sha1(join("", [for f in fileset(path.module, "files/*") : filesha1(f)])),
+    filesha1("Dockerfile"),
+  ]
+  keep_locally = true
 }
 
 resource "docker_container" "workspace" {