diff --git a/.github/workflows/dogfood.yaml b/.github/workflows/dogfood.yaml new file mode 100644 index 0000000000000..0e0e294934c57 --- /dev/null +++ b/.github/workflows/dogfood.yaml @@ -0,0 +1,43 @@ +name: dogfood + +on: + push: + branches: + - main + tags: + - "*" + paths: + - "dogfood/**" + pull_request: + paths: + - "dogfood/**" + workflow_dispatch: + +jobs: + deploy: + runs-on: ubuntu-latest + steps: + - name: Get branch name + id: branch-name + uses: tj-actions/branch-names@v5.4 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: Login to DockerHub + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_PASSWORD }} + + - name: Build and push + uses: docker/build-push-action@v3 + with: + context: "{{defaultContext}}:dogfood" + push: true + tags: "codercom/oss-dogfood:${{ steps.branch-name.outputs.current_branch }},codercom/oss-dogfood:latest" + cache-from: type=registry,ref=codercom/oss-dogfood:latest + cache-to: type=inline diff --git a/dogfood/Dockerfile b/dogfood/Dockerfile new file mode 100644 index 0000000000000..d9e479e0f80e7 --- /dev/null +++ b/dogfood/Dockerfile @@ -0,0 +1,310 @@ +FROM rust:slim AS rust-utils +# Install rust helper programs +# ENV CARGO_NET_GIT_FETCH_WITH_CLI=true +env CARGO_INSTALL_ROOT=/tmp/ +RUN cargo install exa bat ripgrep typos-cli + +FROM ubuntu AS go + +RUN apt-get update && apt-get install --yes curl gcc +# Install Go manually, so that we can control the version +ARG GOBORING_VERSION=1.18b7 +RUN mkdir --parents /usr/local/go /usr/local/goboring + +# Boring Go is needed to build FIPS-compliant binaries. +RUN curl --silent --show-error --location \ + "https://storage.googleapis.com/go-boringcrypto/go${GOBORING_VERSION}.linux-amd64.tar.gz" \ + -o /usr/local/goboring.tar.gz + +RUN tar --extract --gzip --directory=/usr/local/goboring --file=/usr/local/goboring.tar.gz --strip-components=1 && \ + ln -s /usr/local/goboring/bin/go /usr/local/bin/go + +# Install Go utilities. +ARG GOPATH="/tmp/" +RUN mkdir --parents "$GOPATH" && \ + # moq for Go tests. + go install github.com/matryer/moq@v0.2.3 && \ + # swag for Swagger doc generation + go install github.com/swaggo/swag/cmd/swag@v1.7.4 && \ + # go-swagger tool to generate the go coder api client + go install github.com/go-swagger/go-swagger/cmd/swagger@v0.28.0 && \ + # goimports for updating imports + go install golang.org/x/tools/cmd/goimports@v0.1.7 && \ + # protoc-gen-go is needed to build sysbox from source + go install google.golang.org/protobuf/cmd/protoc-gen-go@v1.26 && \ + # drpc support for v2 + go install storj.io/drpc/cmd/protoc-gen-go-drpc@v0.0.26 && \ + # migrate for migration support for v2 + go install github.com/golang-migrate/migrate/v4/cmd/migrate@v4.15.1 && \ + # goreleaser for compiling v2 binaries + go install github.com/goreleaser/goreleaser@v1.6.1 && \ + # Install the latest version of gopls for editors that support + # the language server protocol + go install golang.org/x/tools/gopls@latest && \ + # gotestsum makes test output more readable + go install gotest.tools/gotestsum@v1.7.0 && \ + # goveralls collects code coverage metrics from tests + # and sends to Coveralls + go install github.com/mattn/goveralls@v0.0.11 && \ + # kind for running Kubernetes-in-Docker, needed for tests + go install sigs.k8s.io/kind@v0.10.0 && \ + # helm-docs generates our Helm README based on a template and the + # charts and values files + go install github.com/norwoodj/helm-docs/cmd/helm-docs@v1.5.0 && \ + # sqlc for Go code generation + go install github.com/kyleconroy/sqlc/cmd/sqlc@v1.10.0 && \ + # gcr-cleaner-cli used by CI to prune unused images + go install github.com/sethvargo/gcr-cleaner/cmd/gcr-cleaner-cli@v0.5.1 && \ + # ruleguard for checking custom rules, without needing to run all of + # golangci-lint. Check the go.mod in the release of golangci-lint that + # we're using for the version of go-critic that it embeds, then check + # the version of ruleguard in go-critic for that tag. + go install github.com/quasilyte/go-ruleguard/cmd/ruleguard@v0.3.13 && \ + # go-fuzz for fuzzy testing. they don't publish releases so we rely on latest. + go install github.com/dvyukov/go-fuzz/go-fuzz@latest && \ + go install github.com/dvyukov/go-fuzz/go-fuzz-build@latest && \ + # go-releaser for building 'fat binaries' that work cross-platform + go install github.com/goreleaser/goreleaser@v1.6.1 + +# Ubuntu 20.04 LTS (Focal Fossa) +FROM ubuntu:focal + +SHELL ["/bin/bash", "-c"] + +# Updated certificates are necessary to use the teraswitch mirror. +# This must be ran before copying in configuration since the config replaces +# the default mirror with teraswitch. +RUN apt-get update && apt-get install --yes ca-certificates + +COPY files / + +# Install packages from apt repositories +ARG DEBIAN_FRONTEND="noninteractive" + +RUN apt-get update --quiet && apt-get install --yes \ + apt-transport-https \ + apt-utils \ + bash \ + bash-completion \ + bats \ + bind9-dnsutils \ + build-essential \ + ca-certificates \ + crypto-policies \ + curl \ + fd-find \ + file \ + git \ + gnupg \ + graphviz \ + htop \ + httpie \ + inetutils-tools \ + iproute2 \ + iputils-ping \ + iputils-tracepath \ + jq \ + language-pack-en \ + less \ + lsb-release \ + man \ + meld \ + net-tools \ + openjdk-11-jdk-headless \ + openssh-server \ + openssl \ + pkg-config \ + protobuf-compiler \ + python3 \ + python3-pip \ + rsync \ + shellcheck \ + strace \ + sudo \ + tcptraceroute \ + termshark \ + traceroute \ + vim \ + wget \ + xauth \ + zip \ + ncdu \ + cargo \ + asciinema \ + zsh \ + ansible \ + neovim \ + google-cloud-sdk \ + google-cloud-sdk-datastore-emulator \ + kubectl \ + postgresql-11 \ + containerd.io \ + docker-ce \ + docker-ce-cli \ + packer \ + terraform \ + buildah \ + conmon \ + containernetworking-plugins \ + crun \ + podman \ + skopeo \ + gh && \ + # Delete package cache to avoid consuming space in layer + apt-get clean && \ + # Configure FIPS-compliant policies + update-crypto-policies --set FIPS + +# Install frontend utilities +RUN apt-get update && \ + # Node.js (from nodesource) and Yarn (from yarnpkg) + apt-get install --yes --quiet \ + nodejs yarn \ + # Install browsers for e2e testing + google-chrome-stable microsoft-edge-beta && \ + # Pre-install system dependencies that Playwright needs. npx doesn't work here + # for some reason. See https://github.com/microsoft/playwright-cli/issues/136 + npm i -g playwright@1.19.1 && playwright install-deps + +# Ensure PostgreSQL binaries are in the users $PATH. +RUN update-alternatives --install /usr/local/bin/initdb initdb /usr/lib/postgresql/11/bin/initdb 100 && \ + update-alternatives --install /usr/local/bin/postgres postgres /usr/lib/postgresql/11/bin/postgres 100 + +# Create links for injected dependencies +RUN ln --symbolic /var/tmp/coder/coder-cli/coder /usr/local/bin/coder && \ + ln --symbolic /var/tmp/coder/code-server/bin/code-server /usr/local/bin/code-server + +# Disable the PostgreSQL systemd service. +# Coder uses a custom timescale container to test the database instead. +RUN systemctl disable \ + postgresql + +# Configure systemd services for CVMs +RUN systemctl enable \ + docker \ + ssh + +# Install tools with published releases, where that is the +# preferred/recommended installation method. +ARG CLOUD_SQL_PROXY_VERSION=1.26.0 \ + DIVE_VERSION=0.10.0 \ + DOCKER_GCR_VERSION=2.1.0 \ + GOLANGCI_LINT_VERSION=1.44.2 \ + GRYPE_VERSION=0.24.0 \ + HELM_VERSION=3.8.0 \ + KUBE_LINTER_VERSION=0.2.5 \ + KUBECTX_VERSION=0.9.4 \ + STRIPE_VERSION=1.7.4 \ + TERRAGRUNT_VERSION=0.34.1 \ + TRIVY_VERSION=0.23.0 + +# cloud_sql_proxy, for connecting to cloudsql instances +# the upstream go.mod prevents this from being installed with go install +RUN curl --silent --show-error --location --output /usr/local/bin/cloud_sql_proxy "https://storage.googleapis.com/cloudsql-proxy/v${CLOUD_SQL_PROXY_VERSION}/cloud_sql_proxy.linux.amd64" && \ + chmod a=rx /usr/local/bin/cloud_sql_proxy && \ + # dive for scanning image layer utilization metrics in CI + curl --silent --show-error --location "https://github.com/wagoodman/dive/releases/download/v${DIVE_VERSION}/dive_${DIVE_VERSION}_linux_amd64.tar.gz" | \ + tar --extract --gzip --directory=/usr/local/bin --file=- dive && \ + # docker-credential-gcr is a Docker credential helper for pushing/pulling + # images from Google Container Registry and Artifact Registry + curl --silent --show-error --location "https://github.com/GoogleCloudPlatform/docker-credential-gcr/releases/download/v${DOCKER_GCR_VERSION}/docker-credential-gcr_linux_amd64-${DOCKER_GCR_VERSION}.tar.gz" | \ + tar --extract --gzip --directory=/usr/local/bin --file=- docker-credential-gcr && \ + # golangci-lint performs static code analysis for our Go code + curl --silent --show-error --location "https://github.com/golangci/golangci-lint/releases/download/v${GOLANGCI_LINT_VERSION}/golangci-lint-${GOLANGCI_LINT_VERSION}-linux-amd64.tar.gz" | \ + tar --extract --gzip --directory=/usr/local/bin --file=- --strip-components=1 "golangci-lint-${GOLANGCI_LINT_VERSION}-linux-amd64/golangci-lint" && \ + # Anchore Grype for scanning container images for security issues + curl --silent --show-error --location "https://github.com/anchore/grype/releases/download/v${GRYPE_VERSION}/grype_${GRYPE_VERSION}_linux_amd64.tar.gz" | \ + tar --extract --gzip --directory=/usr/local/bin --file=- grype && \ + # Helm is necessary for deploying Coder + curl --silent --show-error --location "https://get.helm.sh/helm-v${HELM_VERSION}-linux-amd64.tar.gz" | \ + tar --extract --gzip --directory=/usr/local/bin --file=- --strip-components=1 linux-amd64/helm && \ + # kube-linter for linting Kubernetes objects, including those + # that Helm generates from our charts + curl --silent --show-error --location "https://github.com/stackrox/kube-linter/releases/download/${KUBE_LINTER_VERSION}/kube-linter-linux.tar.gz" | \ + tar --extract --gzip --directory=/usr/local/bin --file=- kube-linter && \ + # kubens and kubectx for managing Kubernetes namespaces and contexts + curl --silent --show-error --location "https://github.com/ahmetb/kubectx/releases/download/v${KUBECTX_VERSION}/kubectx_v${KUBECTX_VERSION}_linux_x86_64.tar.gz" | \ + tar --extract --gzip --directory=/usr/local/bin --file=- kubectx && \ + curl --silent --show-error --location "https://github.com/ahmetb/kubectx/releases/download/v${KUBECTX_VERSION}/kubens_v${KUBECTX_VERSION}_linux_x86_64.tar.gz" | \ + tar --extract --gzip --directory=/usr/local/bin --file=- kubens && \ + # stripe for coder.com billing API + curl --silent --show-error --location "https://github.com/stripe/stripe-cli/releases/download/v${STRIPE_VERSION}/stripe_${STRIPE_VERSION}_linux_x86_64.tar.gz" | \ + tar --extract --gzip --directory=/usr/local/bin --file=- stripe && \ + # terragrunt for running Terraform and Terragrunt files + curl --silent --show-error --location --output /usr/local/bin/terragrunt "https://github.com/gruntwork-io/terragrunt/releases/download/v${TERRAGRUNT_VERSION}/terragrunt_linux_amd64" && \ + chmod a=rx /usr/local/bin/terragrunt && \ + # AquaSec Trivy for scanning container images for security issues + curl --silent --show-error --location "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz" | \ + tar --extract --gzip --directory=/usr/local/bin --file=- trivy + +# Add Vercel globally. We can't install it in packages.json, because it +# includes Go files which make golangci-lint unhappy. +RUN yarn global add --prefix=/usr/local \ + vercel \ + typescript \ + typescript-language-server && \ + yarn cache clean + +# We use yq during "make deploy" to manually substitute out fields in +# our helm values.yaml file. See https://github.com/helm/helm/issues/3141 +# +# TODO: update to 4.x, we can't do this now because it included breaking +# changes (yq w doesn't work anymore) +# RUN curl --silent --show-error --location "https://github.com/mikefarah/yq/releases/download/v4.9.0/yq_linux_amd64.tar.gz" | \ +# tar --extract --gzip --directory=/usr/local/bin --file=- ./yq_linux_amd64 && \ +# mv /usr/local/bin/yq_linux_amd64 /usr/local/bin/yq + +RUN curl --silent --show-error --location --output /usr/local/bin/yq "https://github.com/mikefarah/yq/releases/download/3.3.0/yq_linux_amd64" && \ + chmod a=rx /usr/local/bin/yq + +# Install GoLand. +RUN mkdir --parents /usr/local/goland && \ + curl --silent --show-error --location "https://download.jetbrains.com/go/goland-2021.2.tar.gz" | \ + tar --extract --gzip --directory=/usr/local/goland --file=- --strip-components=1 && \ + ln --symbolic /usr/local/goland/bin/goland.sh /usr/local/bin/goland + +# Install Antlrv4, needed to generate paramlang lexer/parser +RUN curl --silent --show-error --location --output /usr/local/lib/antlr-4.9.2-complete.jar "https://www.antlr.org/download/antlr-4.9.2-complete.jar" +ENV CLASSPATH="/usr/local/lib/antlr-4.9.2-complete.jar:${PATH}" + +# Add coder user and allow use of docker/sudo +RUN useradd coder \ + --create-home \ + --shell=/bin/bash \ + --groups=docker \ + --uid=1000 \ + --user-group + +# Adjust OpenSSH config +RUN echo "PermitUserEnvironment yes" >>/etc/ssh/sshd_config && \ + echo "X11Forwarding yes" >>/etc/ssh/sshd_config && \ + echo "X11UseLocalhost no" >>/etc/ssh/sshd_config + +# We avoid copying the extracted directory since COPY slows to minutes when there +# are a lot of small files. +COPY --from=go /usr/local/goboring.tar.gz /usr/local/goboring.tar.gz +RUN mkdir /usr/local/goboring && \ + tar --extract --gzip --directory=/usr/local/goboring --file=/usr/local/goboring.tar.gz --strip-components=1 && \ + ln -s /usr/local/goboring/bin/go /usr/local/bin/go +COPY --from=go /tmp/bin /usr/local/bin + +COPY --from=rust-utils /tmp/bin /usr/local/bin +RUN mv /usr/local/bin/exa /usr/local/bin/ls +RUN mv /usr/local/bin/bat /usr/local/bin/cat + +USER coder + +# Ensure go bins are in the 'coder' user's path. Note that no go bins are +# installed in this docker file, as they'd be mounted over by the persistent +# home volume. +ENV PATH="/home/coder/go/bin:${PATH}" + +# This setting prevents Go from using the public checksum database for +# our module path prefixes. It is required because these are in private +# repositories that require authentication. +# +# For details, see: https://golang.org/ref/mod#private-modules +ENV GOPRIVATE="coder.com,cdr.dev,go.coder.com,github.com/cdr,github.com/coder" + +# Increase memory allocation to NodeJS +ENV NODE_OPTIONS="--max-old-space-size=8192" diff --git a/dogfood/Makefile b/dogfood/Makefile new file mode 100644 index 0000000000000..ecf0ce5d6f346 --- /dev/null +++ b/dogfood/Makefile @@ -0,0 +1,10 @@ +.PHONY: docker-build docker-push + +branch=$(shell git rev-parse --abbrev-ref HEAD) +build_tag=codercom/oss-dogfood:${branch} + +docker-build: + DOCKER_BUILDKIT=1 docker build . -t ${build_tag} + +docker-push: docker-build + docker push ${build_tag} diff --git a/dogfood/files/etc/apt/apt.conf.d/80-no-recommends b/dogfood/files/etc/apt/apt.conf.d/80-no-recommends new file mode 100644 index 0000000000000..8cb79c96386c4 --- /dev/null +++ b/dogfood/files/etc/apt/apt.conf.d/80-no-recommends @@ -0,0 +1,6 @@ +// Do not install recommended packages by default +APT::Install-Recommends "0"; + +// Do not install suggested packages by default (this is already +// the Ubuntu default) +APT::Install-Suggests "0"; diff --git a/dogfood/files/etc/apt/apt.conf.d/80-retries b/dogfood/files/etc/apt/apt.conf.d/80-retries new file mode 100644 index 0000000000000..d7ee5185258ec --- /dev/null +++ b/dogfood/files/etc/apt/apt.conf.d/80-retries @@ -0,0 +1 @@ +APT::Acquire::Retries "3"; diff --git a/dogfood/files/etc/apt/preferences.d/docker b/dogfood/files/etc/apt/preferences.d/docker new file mode 100644 index 0000000000000..1569e645f5607 --- /dev/null +++ b/dogfood/files/etc/apt/preferences.d/docker @@ -0,0 +1,20 @@ +# Ignore all packages from this repository by default +Package: * +Pin: origin download.docker.com +Pin-Priority: 1 + +# Docker Community Edition +Package: docker-ce +Pin: origin download.docker.com +Pin-Priority: 500 + +# Docker command-line tool +Package: docker-ce-cli +Pin: origin download.docker.com +Pin-Priority: 500 + +# containerd runtime +Package: containerd.io +Pin: origin download.docker.com +Pin: version 1.5.11-1 +Pin-Priority: 500 diff --git a/dogfood/files/etc/apt/preferences.d/github-cli b/dogfood/files/etc/apt/preferences.d/github-cli new file mode 100644 index 0000000000000..d2dce9f5f3097 --- /dev/null +++ b/dogfood/files/etc/apt/preferences.d/github-cli @@ -0,0 +1,8 @@ +# Ignore all packages from this repository by default +Package: * +Pin: origin cli.github.com +Pin-Priority: 1 + +Package: gh +Pin: origin cli.github.com +Pin-Priority: 500 diff --git a/dogfood/files/etc/apt/preferences.d/google-chrome b/dogfood/files/etc/apt/preferences.d/google-chrome new file mode 100644 index 0000000000000..4551ec390ff20 --- /dev/null +++ b/dogfood/files/etc/apt/preferences.d/google-chrome @@ -0,0 +1,16 @@ +# Ignore all packages from this repository by default +Package: * +Pin: origin dl.google.com +Pin-Priority: 1 + +Package: google-chrome-stable +Pin: origin dl.google.com +Pin-Priority: 500 + +Package: google-chrome-beta +Pin: origin dl.google.com +Pin-Priority: 500 + +Package: google-chrome-unstable +Pin: origin dl.google.com +Pin-Priority: 500 diff --git a/dogfood/files/etc/apt/preferences.d/google-cloud b/dogfood/files/etc/apt/preferences.d/google-cloud new file mode 100644 index 0000000000000..637b0e9bb3c51 --- /dev/null +++ b/dogfood/files/etc/apt/preferences.d/google-cloud @@ -0,0 +1,19 @@ +# Ignore all packages from this repository by default +Package: * +Pin: origin packages.cloud.google.com +Pin-Priority: 1 + +# Google Cloud SDK for gcloud and gsutil CLI tools +Package: google-cloud-sdk +Pin: origin packages.cloud.google.com +Pin-Priority: 500 + +# Datastore emulator for working with the licensor +Package: google-cloud-sdk-datastore-emulator +Pin: origin packages.cloud.google.com +Pin-Priority: 500 + +# Kubectl for working with Kubernetes (GKE) +Package: kubectl +Pin: origin packages.cloud.google.com +Pin-Priority: 500 diff --git a/dogfood/files/etc/apt/preferences.d/hashicorp b/dogfood/files/etc/apt/preferences.d/hashicorp new file mode 100644 index 0000000000000..4323f331cc722 --- /dev/null +++ b/dogfood/files/etc/apt/preferences.d/hashicorp @@ -0,0 +1,14 @@ +# Ignore all packages from this repository by default +Package: * +Pin: origin apt.releases.hashicorp.com +Pin-Priority: 1 + +# Packer for creating virtual machine disk images +Package: packer +Pin: origin apt.releases.hashicorp.com +Pin-Priority: 500 + +# Terraform for managing infrastructure +Package: terraform +Pin: origin apt.releases.hashicorp.com +Pin-Priority: 500 diff --git a/dogfood/files/etc/apt/preferences.d/kubic b/dogfood/files/etc/apt/preferences.d/kubic new file mode 100644 index 0000000000000..e6cf704680eab --- /dev/null +++ b/dogfood/files/etc/apt/preferences.d/kubic @@ -0,0 +1,32 @@ +# Ignore all packages from this repository by default +Package: * +Pin: origin download.opensuse.org +Pin-Priority: 1 + +# Dependencies of podman and buildah +Package: conmon +Pin: origin download.opensuse.org +Pin-Priority: 500 + +Package: containernetworking-plugins +Pin: origin download.opensuse.org +Pin-Priority: 500 + +Package: crun +Pin: origin download.opensuse.org +Pin-Priority: 500 + +# Buildah for building container images +Package: buildah +Pin: origin download.opensuse.org +Pin-Priority: 500 + +# Podman as a Docker alternative for running containers +Package: podman +Pin: origin download.opensuse.org +Pin-Priority: 500 + +# Skopeo for viewing container configuration and copying images +Package: skopeo +Pin: origin download.opensuse.org +Pin-Priority: 500 diff --git a/dogfood/files/etc/apt/preferences.d/microsoft-edge b/dogfood/files/etc/apt/preferences.d/microsoft-edge new file mode 100644 index 0000000000000..2441961adac38 --- /dev/null +++ b/dogfood/files/etc/apt/preferences.d/microsoft-edge @@ -0,0 +1,12 @@ +# Ignore all packages from this repository by default +Package: * +Pin: origin packages.microsoft.com +Pin-Priority: 1 + +Package: microsoft-edge-beta +Pin: origin packages.microsoft.com +Pin-Priority: 500 + +Package: microsoft-edge-dev +Pin: origin packages.microsoft.com +Pin-Priority: 500 diff --git a/dogfood/files/etc/apt/preferences.d/nodesource b/dogfood/files/etc/apt/preferences.d/nodesource new file mode 100644 index 0000000000000..de55d5553411e --- /dev/null +++ b/dogfood/files/etc/apt/preferences.d/nodesource @@ -0,0 +1,9 @@ +# Ignore all packages from this repository by default +Package: * +Pin: origin deb.nodesource.com +Pin-Priority: 1 + +# Node.js for building the frontend +Package: nodejs +Pin: origin deb.nodesource.com +Pin-Priority: 500 diff --git a/dogfood/files/etc/apt/preferences.d/postgresql b/dogfood/files/etc/apt/preferences.d/postgresql new file mode 100644 index 0000000000000..5d3a76b0694ce --- /dev/null +++ b/dogfood/files/etc/apt/preferences.d/postgresql @@ -0,0 +1,14 @@ +# Ignore all packages from this repository by default +Package: * +Pin: origin apt.postgresql.org +Pin-Priority: 1 + +# PostgreSQL server for local development +Package: postgresql-11 +Pin: origin apt.postgresql.org +Pin-Priority: 500 + +# PostgreSQL client +Package: postgresql-client-11 +Pin: origin apt.postgresql.org +Pin-Priority: 500 diff --git a/dogfood/files/etc/apt/preferences.d/ppa b/dogfood/files/etc/apt/preferences.d/ppa new file mode 100644 index 0000000000000..1dc9da8f9fffc --- /dev/null +++ b/dogfood/files/etc/apt/preferences.d/ppa @@ -0,0 +1,19 @@ +# Ignore all packages from this repository by default +Package: * +Pin: origin ppa.launchpad.net +Pin-Priority: 1 + +# Ansible +Package: ansible-base +Pin: origin ppa.launchpad.net +Pin-Priority: 500 + +# Neovim +Package: neovim +Pin: origin ppa.launchpad.net +Pin-Priority: 500 + +# Neovim Runtime +Package: neovim-runtime +Pin: origin ppa.launchpad.net +Pin-Priority: 500 diff --git a/dogfood/files/etc/apt/preferences.d/yarnpkg b/dogfood/files/etc/apt/preferences.d/yarnpkg new file mode 100644 index 0000000000000..7237fcad5c356 --- /dev/null +++ b/dogfood/files/etc/apt/preferences.d/yarnpkg @@ -0,0 +1,9 @@ +# Ignore all packages from this repository by default +Package: * +Pin: origin dl.yarnpkg.com +Pin-Priority: 1 + +# Yarn for managing Node.js packages +Package: yarn +Pin: origin dl.yarnpkg.com +Pin-Priority: 500 diff --git a/dogfood/files/etc/apt/sources.list b/dogfood/files/etc/apt/sources.list new file mode 100644 index 0000000000000..f717d44b63489 --- /dev/null +++ b/dogfood/files/etc/apt/sources.list @@ -0,0 +1,3 @@ +deb http://mirror.pit.teraswitch.com/ubuntu/ focal main restricted universe +deb http://mirror.pit.teraswitch.com/ubuntu/ focal-updates main restricted universe +deb http://mirror.pit.teraswitch.com/ubuntu/ focal-backports main restricted universe diff --git a/dogfood/files/etc/apt/sources.list.d/docker.list b/dogfood/files/etc/apt/sources.list.d/docker.list new file mode 100644 index 0000000000000..256f965403842 --- /dev/null +++ b/dogfood/files/etc/apt/sources.list.d/docker.list @@ -0,0 +1 @@ +deb [signed-by=/usr/share/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu focal stable diff --git a/dogfood/files/etc/apt/sources.list.d/github-cli.list b/dogfood/files/etc/apt/sources.list.d/github-cli.list new file mode 100644 index 0000000000000..3d2c5ee43db37 --- /dev/null +++ b/dogfood/files/etc/apt/sources.list.d/github-cli.list @@ -0,0 +1 @@ +deb [signed-by=/usr/share/keyrings/github-cli.gpg] https://cli.github.com/packages stable main diff --git a/dogfood/files/etc/apt/sources.list.d/google-chrome.list b/dogfood/files/etc/apt/sources.list.d/google-chrome.list new file mode 100644 index 0000000000000..8dd71926f26df --- /dev/null +++ b/dogfood/files/etc/apt/sources.list.d/google-chrome.list @@ -0,0 +1 @@ +deb [signed-by=/usr/share/keyrings/google-chrome.gpg] https://dl.google.com/linux/chrome/deb/ stable main diff --git a/dogfood/files/etc/apt/sources.list.d/google-cloud.list b/dogfood/files/etc/apt/sources.list.d/google-cloud.list new file mode 100644 index 0000000000000..24df98effea28 --- /dev/null +++ b/dogfood/files/etc/apt/sources.list.d/google-cloud.list @@ -0,0 +1 @@ +deb [signed-by=/usr/share/keyrings/google-cloud.gpg] https://packages.cloud.google.com/apt cloud-sdk main diff --git a/dogfood/files/etc/apt/sources.list.d/hashicorp.list b/dogfood/files/etc/apt/sources.list.d/hashicorp.list new file mode 100644 index 0000000000000..b8f005e09f6bc --- /dev/null +++ b/dogfood/files/etc/apt/sources.list.d/hashicorp.list @@ -0,0 +1 @@ +deb [signed-by=/usr/share/keyrings/hashicorp.gpg] https://apt.releases.hashicorp.com focal main diff --git a/dogfood/files/etc/apt/sources.list.d/kubic.list b/dogfood/files/etc/apt/sources.list.d/kubic.list new file mode 100644 index 0000000000000..e91654220a178 --- /dev/null +++ b/dogfood/files/etc/apt/sources.list.d/kubic.list @@ -0,0 +1 @@ +deb [signed-by=/usr/share/keyrings/kubic.gpg] https://plug-mirror.rcac.purdue.edu/opensuse/repositories/devel%3A/kubic%3A/libcontainers%3A/stable/xUbuntu_20.04/ / diff --git a/dogfood/files/etc/apt/sources.list.d/microsoft-edge.list b/dogfood/files/etc/apt/sources.list.d/microsoft-edge.list new file mode 100644 index 0000000000000..f0c036f79a5c5 --- /dev/null +++ b/dogfood/files/etc/apt/sources.list.d/microsoft-edge.list @@ -0,0 +1 @@ +deb [signed-by=/usr/share/keyrings/microsoft.gpg] https://packages.microsoft.com/repos/edge stable main diff --git a/dogfood/files/etc/apt/sources.list.d/nodesource.list b/dogfood/files/etc/apt/sources.list.d/nodesource.list new file mode 100644 index 0000000000000..02b870094dd1e --- /dev/null +++ b/dogfood/files/etc/apt/sources.list.d/nodesource.list @@ -0,0 +1 @@ +deb [signed-by=/usr/share/keyrings/nodesource.gpg] https://deb.nodesource.com/node_14.x focal main diff --git a/dogfood/files/etc/apt/sources.list.d/postgresql.list b/dogfood/files/etc/apt/sources.list.d/postgresql.list new file mode 100644 index 0000000000000..ffa56625fac68 --- /dev/null +++ b/dogfood/files/etc/apt/sources.list.d/postgresql.list @@ -0,0 +1 @@ +deb [signed-by=/usr/share/keyrings/postgresql.gpg] https://apt.postgresql.org/pub/repos/apt focal-pgdg main diff --git a/dogfood/files/etc/apt/sources.list.d/ppa.list b/dogfood/files/etc/apt/sources.list.d/ppa.list new file mode 100644 index 0000000000000..e817c20915cb1 --- /dev/null +++ b/dogfood/files/etc/apt/sources.list.d/ppa.list @@ -0,0 +1,2 @@ +deb [signed-by=/usr/share/keyrings/ansible.gpg] https://ppa.launchpadcontent.net/ansible/ansible/ubuntu focal main +deb [signed-by=/usr/share/keyrings/neovim.gpg] https://ppa.launchpadcontent.net/neovim-ppa/stable/ubuntu focal main diff --git a/dogfood/files/etc/apt/sources.list.d/security.list b/dogfood/files/etc/apt/sources.list.d/security.list new file mode 100644 index 0000000000000..38a566b0932b4 --- /dev/null +++ b/dogfood/files/etc/apt/sources.list.d/security.list @@ -0,0 +1 @@ +deb http://security.ubuntu.com/ubuntu/ focal-security main restricted universe diff --git a/dogfood/files/etc/apt/sources.list.d/yarnpkg.list b/dogfood/files/etc/apt/sources.list.d/yarnpkg.list new file mode 100644 index 0000000000000..ada8a06f7b9b2 --- /dev/null +++ b/dogfood/files/etc/apt/sources.list.d/yarnpkg.list @@ -0,0 +1 @@ +deb [signed-by=/usr/share/keyrings/yarnpkg.gpg] https://dl.yarnpkg.com/debian/ stable main diff --git a/dogfood/files/etc/default/google-chrome b/dogfood/files/etc/default/google-chrome new file mode 100644 index 0000000000000..8620a6054380a --- /dev/null +++ b/dogfood/files/etc/default/google-chrome @@ -0,0 +1,4 @@ +# These settings are required to prevent the postinst script +# from modifying /etc/apt/sources.list.d +repo_add_once="false" +repo_reenable_on_distupgrade="false" diff --git a/dogfood/files/etc/default/microsoft-edge-beta b/dogfood/files/etc/default/microsoft-edge-beta new file mode 100644 index 0000000000000..8620a6054380a --- /dev/null +++ b/dogfood/files/etc/default/microsoft-edge-beta @@ -0,0 +1,4 @@ +# These settings are required to prevent the postinst script +# from modifying /etc/apt/sources.list.d +repo_add_once="false" +repo_reenable_on_distupgrade="false" diff --git a/dogfood/files/etc/docker/daemon.json b/dogfood/files/etc/docker/daemon.json new file mode 100644 index 0000000000000..8e19eeeec15b8 --- /dev/null +++ b/dogfood/files/etc/docker/daemon.json @@ -0,0 +1,3 @@ +{ + "registry-mirrors": ["https://mirror.gcr.io"] +} diff --git a/dogfood/files/etc/gitconfig b/dogfood/files/etc/gitconfig new file mode 100644 index 0000000000000..439b78690c5ca --- /dev/null +++ b/dogfood/files/etc/gitconfig @@ -0,0 +1,4 @@ +# This is required to force SSH authentication for go mod. +# See: https://golang.org/ref/mod#private-module-repo-auth +[url "git@github.com:"] + insteadOf = https://github.com/ diff --git a/dogfood/files/etc/sudoers.d/nopasswd b/dogfood/files/etc/sudoers.d/nopasswd new file mode 100644 index 0000000000000..3283f4455630c --- /dev/null +++ b/dogfood/files/etc/sudoers.d/nopasswd @@ -0,0 +1 @@ +coder ALL=(ALL) NOPASSWD:ALL diff --git a/dogfood/files/usr/share/keyrings/ansible.gpg b/dogfood/files/usr/share/keyrings/ansible.gpg new file mode 100644 index 0000000000000..1731dd2b2fbd7 Binary files /dev/null and b/dogfood/files/usr/share/keyrings/ansible.gpg differ diff --git a/dogfood/files/usr/share/keyrings/docker.gpg b/dogfood/files/usr/share/keyrings/docker.gpg new file mode 100644 index 0000000000000..e5dc8cfda8e5d Binary files /dev/null and b/dogfood/files/usr/share/keyrings/docker.gpg differ diff --git a/dogfood/files/usr/share/keyrings/github-cli.gpg b/dogfood/files/usr/share/keyrings/github-cli.gpg new file mode 100644 index 0000000000000..ce02b812e5c2d Binary files /dev/null and b/dogfood/files/usr/share/keyrings/github-cli.gpg differ diff --git a/dogfood/files/usr/share/keyrings/google-chrome.gpg b/dogfood/files/usr/share/keyrings/google-chrome.gpg new file mode 100644 index 0000000000000..acdb00db55c94 Binary files /dev/null and b/dogfood/files/usr/share/keyrings/google-chrome.gpg differ diff --git a/dogfood/files/usr/share/keyrings/google-cloud.gpg b/dogfood/files/usr/share/keyrings/google-cloud.gpg new file mode 100644 index 0000000000000..3f0b5a850ba73 Binary files /dev/null and b/dogfood/files/usr/share/keyrings/google-cloud.gpg differ diff --git a/dogfood/files/usr/share/keyrings/hashicorp.gpg b/dogfood/files/usr/share/keyrings/hashicorp.gpg new file mode 100644 index 0000000000000..0d3082b232e2b Binary files /dev/null and b/dogfood/files/usr/share/keyrings/hashicorp.gpg differ diff --git a/dogfood/files/usr/share/keyrings/kubic.gpg b/dogfood/files/usr/share/keyrings/kubic.gpg new file mode 100644 index 0000000000000..9b827ee868e34 Binary files /dev/null and b/dogfood/files/usr/share/keyrings/kubic.gpg differ diff --git a/dogfood/files/usr/share/keyrings/microsoft.gpg b/dogfood/files/usr/share/keyrings/microsoft.gpg new file mode 100644 index 0000000000000..0cffae08d061d Binary files /dev/null and b/dogfood/files/usr/share/keyrings/microsoft.gpg differ diff --git a/dogfood/files/usr/share/keyrings/neovim.gpg b/dogfood/files/usr/share/keyrings/neovim.gpg new file mode 100644 index 0000000000000..b88f69c53b482 Binary files /dev/null and b/dogfood/files/usr/share/keyrings/neovim.gpg differ diff --git a/dogfood/files/usr/share/keyrings/nodesource.gpg b/dogfood/files/usr/share/keyrings/nodesource.gpg new file mode 100644 index 0000000000000..4f3ec4ed793b3 Binary files /dev/null and b/dogfood/files/usr/share/keyrings/nodesource.gpg differ diff --git a/dogfood/files/usr/share/keyrings/postgresql.gpg b/dogfood/files/usr/share/keyrings/postgresql.gpg new file mode 100644 index 0000000000000..afa15cb1087de Binary files /dev/null and b/dogfood/files/usr/share/keyrings/postgresql.gpg differ diff --git a/dogfood/files/usr/share/keyrings/yarnpkg.gpg b/dogfood/files/usr/share/keyrings/yarnpkg.gpg new file mode 100644 index 0000000000000..686583c75c24a Binary files /dev/null and b/dogfood/files/usr/share/keyrings/yarnpkg.gpg differ diff --git a/dogfood/main.tf b/dogfood/main.tf index b8837ca71e415..df07b7f119fe0 100644 --- a/dogfood/main.tf +++ b/dogfood/main.tf @@ -23,7 +23,7 @@ provider "coder" { data "coder_workspace" "me" { } -resource "coder_agent" "main" { +resource "coder_agent" "dev" { arch = "amd64" os = "linux" startup_script = <