From 0224f6e6692659e3fec2e460ee26bc5663403f62 Mon Sep 17 00:00:00 2001 From: Ethan Dickson Date: Thu, 21 Aug 2025 01:27:39 +0000 Subject: [PATCH 1/4] ci: send slack notif on main build failures --- .github/workflows/ci.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 0a30bf97cce22..bf8e8b8addf63 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -1541,6 +1541,7 @@ jobs: notify-slack-on-failure: needs: + - build - required runs-on: ubuntu-latest if: failure() && github.ref == 'refs/heads/main' From 99bde5ab608d3a542566c776a55c0d76b66225dc Mon Sep 17 00:00:00 2001 From: Ethan Dickson Date: Thu, 21 Aug 2025 01:43:32 +0000 Subject: [PATCH 2/4] new check-build job --- .github/workflows/ci.yaml | 41 ++++++++++++++++++++++++++++++++++++++- 1 file changed, 40 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index bf8e8b8addf63..97972b9c9ab62 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -916,6 +916,7 @@ jobs: - test-e2e - offlinedocs - sqlc-vet + - check-build # Allow this job to run even if the needed jobs fail, are skipped or # cancelled. if: always() @@ -936,6 +937,7 @@ jobs: echo "- test-js: ${{ needs.test-js.result }}" echo "- test-e2e: ${{ needs.test-e2e.result }}" echo "- offlinedocs: ${{ needs.offlinedocs.result }}" + echo "- check-build: ${{ needs.check-build.result }}" echo # We allow skipped jobs to pass, but not failed or cancelled jobs. @@ -1026,6 +1028,44 @@ jobs: if: ${{ github.repository_owner == 'coder' && github.ref == 'refs/heads/main' }} run: rm -f /tmp/{apple_cert.p12,apple_cert_password.txt,apple_apikey.p8} + check-build: + # This job runs make build to verify compilation on PRs + needs: changes + if: needs.changes.outputs.go == 'true' && github.ref != 'refs/heads/main' + runs-on: ${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-8' || 'ubuntu-latest' }} + steps: + - name: Harden Runner + uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 + with: + egress-policy: audit + + - name: Checkout + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + with: + fetch-depth: 0 + + - name: Setup Node + uses: ./.github/actions/setup-node + + - name: Setup Go + uses: ./.github/actions/setup-go + + - name: Install go-winres + run: go install github.com/tc-hib/go-winres@d743268d7ea168077ddd443c4240562d4f5e8c3e # v0.3.3 + + - name: Install nfpm + run: go install github.com/goreleaser/nfpm/v2/cmd/nfpm@v2.35.1 + + - name: Install zstd + run: sudo apt-get install -y zstd + + - name: Build + run: | + set -euxo pipefail + go mod download + make gen/mark-fresh + make build + build: # This builds and publishes ghcr.io/coder/coder-preview:main for each commit # to main branch. @@ -1541,7 +1581,6 @@ jobs: notify-slack-on-failure: needs: - - build - required runs-on: ubuntu-latest if: failure() && github.ref == 'refs/heads/main' From d201304d6804cf4773a2990b48abc1905b3d570d Mon Sep 17 00:00:00 2001 From: Ethan Dickson Date: Thu, 21 Aug 2025 01:45:34 +0000 Subject: [PATCH 3/4] go change to trigger workflow --- coderd/workspaces_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/coderd/workspaces_test.go b/coderd/workspaces_test.go index 4df83114c68a1..6613ce6b72bea 100644 --- a/coderd/workspaces_test.go +++ b/coderd/workspaces_test.go @@ -2564,7 +2564,7 @@ func TestWorkspaceUpdateAutostart(t *testing.T) { }, { name: "invalid schedule", - schedule: ptr.Ref("asdf asdf asdf "), + schedule: ptr.Ref("asdfa asdf asdf "), expectedError: `validate weekly schedule: expected schedule to consist of 5 fields with an optional CRON_TZ= prefix`, }, { From 225cc19282149e54716bee984486ee8cec248167 Mon Sep 17 00:00:00 2001 From: Ethan Dickson Date: Thu, 21 Aug 2025 01:55:36 +0000 Subject: [PATCH 4/4] undo --- .github/workflows/ci.yaml | 4 +++- coderd/workspaces_test.go | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 97972b9c9ab62..1d9f1ac0eff77 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -1029,7 +1029,9 @@ jobs: run: rm -f /tmp/{apple_cert.p12,apple_cert_password.txt,apple_apikey.p8} check-build: - # This job runs make build to verify compilation on PRs + # This job runs make build to verify compilation on PRs. + # The build doesn't get signed, and is not suitable for usage, unlike the + # `build` job that runs on main. needs: changes if: needs.changes.outputs.go == 'true' && github.ref != 'refs/heads/main' runs-on: ${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-8' || 'ubuntu-latest' }} diff --git a/coderd/workspaces_test.go b/coderd/workspaces_test.go index 6613ce6b72bea..4df83114c68a1 100644 --- a/coderd/workspaces_test.go +++ b/coderd/workspaces_test.go @@ -2564,7 +2564,7 @@ func TestWorkspaceUpdateAutostart(t *testing.T) { }, { name: "invalid schedule", - schedule: ptr.Ref("asdfa asdf asdf "), + schedule: ptr.Ref("asdf asdf asdf "), expectedError: `validate weekly schedule: expected schedule to consist of 5 fields with an optional CRON_TZ= prefix`, }, {