From 0f00e25e6f0e29a89b47f7a7247de9a0a4056068 Mon Sep 17 00:00:00 2001
From: Muhammad Atif Ali <me@matifali.dev>
Date: Thu, 27 Jul 2023 18:34:49 +0300
Subject: [PATCH 01/26] wip

---
 .github/workflows/pr-cleanup.yaml |  7 +++++++
 .github/workflows/pr-deploy.yaml  | 13 ++++++++++++-
 2 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/pr-cleanup.yaml b/.github/workflows/pr-cleanup.yaml
index 5029943371161..858ffde21a385 100644
--- a/.github/workflows/pr-cleanup.yaml
+++ b/.github/workflows/pr-cleanup.yaml
@@ -48,3 +48,10 @@ jobs:
       - name: "Remove PR namespace"
         run: |
           kubectl delete namespace "pr${{ steps.pr_number.outputs.PR_NUMBER }}" || echo "namespace not found"
+
+      - name: "Remove DNS record"
+        run: |
+          curl -X DELETE "https://api.cloudflare.com/client/v4/zones/${{ secrets.PR_DEPLOYMENTS_ZONE_ID }}/dns_records" \
+          -H "Authorization: Bearer ${{ secrets.PR_DEPLOYMENTS_CLOUDFLARE_API_TOKEN }}" \
+          -H "Content-Type:application/json" \
+          --data '{"type":"A","name":"*.pr${{ env.PR_NUMBER }}.${{ secrets.PR_DEPLOYMENTS_DOMAIN }}","content":"${{ secrets.PR_DEPLOYMENTS_CLUSTER_IP_1 }}","ttl":1,"proxied":false}'
diff --git a/.github/workflows/pr-deploy.yaml b/.github/workflows/pr-deploy.yaml
index e3edb374148a1..10273ae6f83f7 100644
--- a/.github/workflows/pr-deploy.yaml
+++ b/.github/workflows/pr-deploy.yaml
@@ -145,10 +145,21 @@ jobs:
           if [ -z "$foundTag" ]; then
             echo "Image not found"
             echo "${{ env.CODER_IMAGE_TAG }} not found in ghcr.io/coder/coder-preview"
-            echo "Please remove --skip-build from the comment or ./scripts/deploy-pr.sh"
+            echo "Please remove --skip-build from the comment and try again"
             exit 1
           fi
 
+      - name: Add DNS record to Cloudflare
+        run: |
+          curl -X POST "https://api.cloudflare.com/client/v4/zones/${{ secrets.PR_DEPLOYMENTS_ZONE_ID }}/dns_records" \
+          -H "Authorization: Bearer ${{ secrets.PR_DEPLOYMENTS_CLOUDFLARE_API_TOKEN }}" \
+          -H "Content-Type:application/json" \
+          --data '{"type":"A","name":"*.pr${{ env.PR_NUMBER }}.${{ secrets.PR_DEPLOYMENTS_DOMAIN }}","content":"${{ secrets.PR_DEPLOYMENTS_CLUSTER_IP_1 }}","ttl":1,"proxied":false}'
+          curl -X POST "https://api.cloudflare.com/client/v4/zones/${{ secrets.PR_DEPLOYMENTS_ZONE_ID }}/dns_records" \
+          -H "Authorization: Bearer ${{ secrets.PR_DEPLOYMENTS_CLOUDFLARE_API_TOKEN }}" \
+          -H "Content-Type:application/json" \
+          --data '{"type":"A","name":"*.pr${{ env.PR_NUMBER }}.${{ secrets.PR_DEPLOYMENTS_DOMAIN }}","content":"${{ secrets.PR_DEPLOYMENTS_CLUSTER_IP_2 }}","ttl":1,"proxied":false}'
+
       - name: Checkout
         uses: actions/checkout@v3
         with:

From 0093621e9654d177177820e5a651c81eca056507 Mon Sep 17 00:00:00 2001
From: Atif Ali <atif@coder.com>
Date: Sun, 30 Jul 2023 05:28:28 +0000
Subject: [PATCH 02/26] fmt

---
 .github/workflows/pr-cleanup.yaml | 18 +++++++++----
 .github/workflows/pr-deploy.yaml  | 43 ++++++++++++++++++-------------
 2 files changed, 38 insertions(+), 23 deletions(-)

diff --git a/.github/workflows/pr-cleanup.yaml b/.github/workflows/pr-cleanup.yaml
index 858ffde21a385..bc31548995065 100644
--- a/.github/workflows/pr-cleanup.yaml
+++ b/.github/workflows/pr-cleanup.yaml
@@ -37,7 +37,7 @@ jobs:
         run: |
           set -euxo pipefail
           mkdir -p ~/.kube
-          echo "${{ secrets.DELIVERYBOT_KUBECONFIG }}" > ~/.kube/config
+          echo "${{ secrets.PR_DEPLOYMENTS_KUBECONFIG }}" > ~/.kube/config
           export KUBECONFIG=~/.kube/config
 
       - name: Delete helm release
@@ -49,9 +49,17 @@ jobs:
         run: |
           kubectl delete namespace "pr${{ steps.pr_number.outputs.PR_NUMBER }}" || echo "namespace not found"
 
-      - name: "Remove DNS record"
+      - name: "Remove DNS records"
         run: |
-          curl -X DELETE "https://api.cloudflare.com/client/v4/zones/${{ secrets.PR_DEPLOYMENTS_ZONE_ID }}/dns_records" \
+          set -euxo pipefail
+          # Get identifier for the record
+          record_id=$(curl -X GET "https://api.cloudflare.com/client/v4/zones/${{ secrets.PR_DEPLOYMENTS_ZONE_ID }}/dns_records?name=*.pr${{ steps.pr_number.outputs.PR_NUMBER }}.${{ secrets.PR_DEPLOYMENTS_DOMAIN }}" \
+          -H "Authorization: Bearer ${{ secrets.PR_DEPLOYMENTS_CLOUDFLARE_API_TOKEN }}" \
+          -H "Content-Type:application/json" | jq -r '.result[0].id')
+
+          set::add-mask $record_id
+
+          # Delete the record
+          curl -X DELETE "https://api.cloudflare.com/client/v4/zones/${{ secrets.PR_DEPLOYMENTS_ZONE_ID }}/dns_records/$recrd_id" \
           -H "Authorization: Bearer ${{ secrets.PR_DEPLOYMENTS_CLOUDFLARE_API_TOKEN }}" \
-          -H "Content-Type:application/json" \
-          --data '{"type":"A","name":"*.pr${{ env.PR_NUMBER }}.${{ secrets.PR_DEPLOYMENTS_DOMAIN }}","content":"${{ secrets.PR_DEPLOYMENTS_CLUSTER_IP_1 }}","ttl":1,"proxied":false}'
+          -H "Content-Type:application/json"
diff --git a/.github/workflows/pr-deploy.yaml b/.github/workflows/pr-deploy.yaml
index 10273ae6f83f7..f30bf8570b12e 100644
--- a/.github/workflows/pr-deploy.yaml
+++ b/.github/workflows/pr-deploy.yaml
@@ -136,7 +136,7 @@ jobs:
       PR_TITLE: ${{ needs.pr_commented.outputs.PR_TITLE }}
       PR_URL: ${{ needs.pr_commented.outputs.PR_URL }}
       PR_BRANCH: ${{ needs.pr_commented.outputs.PR_BRANCH }}
-      PR_DEPLOYMENT_ACCESS_URL: "https://pr${{ needs.pr_commented.outputs.PR_NUMBER }}.${{ secrets.PR_DEPLOYMENTS_DOMAIN }}"
+      PR_DEPLOYMENT_ACCESS_URL: "pr${{ needs.pr_commented.outputs.PR_NUMBER }}.${{ secrets.PR_DEPLOYMENTS_DOMAIN }}"
     steps:
       - name: Check if image exists
         run: |
@@ -154,11 +154,7 @@ jobs:
           curl -X POST "https://api.cloudflare.com/client/v4/zones/${{ secrets.PR_DEPLOYMENTS_ZONE_ID }}/dns_records" \
           -H "Authorization: Bearer ${{ secrets.PR_DEPLOYMENTS_CLOUDFLARE_API_TOKEN }}" \
           -H "Content-Type:application/json" \
-          --data '{"type":"A","name":"*.pr${{ env.PR_NUMBER }}.${{ secrets.PR_DEPLOYMENTS_DOMAIN }}","content":"${{ secrets.PR_DEPLOYMENTS_CLUSTER_IP_1 }}","ttl":1,"proxied":false}'
-          curl -X POST "https://api.cloudflare.com/client/v4/zones/${{ secrets.PR_DEPLOYMENTS_ZONE_ID }}/dns_records" \
-          -H "Authorization: Bearer ${{ secrets.PR_DEPLOYMENTS_CLOUDFLARE_API_TOKEN }}" \
-          -H "Content-Type:application/json" \
-          --data '{"type":"A","name":"*.pr${{ env.PR_NUMBER }}.${{ secrets.PR_DEPLOYMENTS_DOMAIN }}","content":"${{ secrets.PR_DEPLOYMENTS_CLUSTER_IP_2 }}","ttl":1,"proxied":false}'
+          --data '{"type":"CNAME","name":"*.${{ env.PR_DEPLOYMENT_ACCESS_URL }}","content":"${{ env.PR_DEPLOYMENT_ACCESS_URL }}","ttl":1,"proxied":false}'
 
       - name: Checkout
         uses: actions/checkout@v3
@@ -192,11 +188,21 @@ jobs:
           spec:
             tls:
             - hosts:
-              - "${{ secrets.PR_DEPLOYMENTS_DOMAIN }}"
-              - "*.${{ secrets.PR_DEPLOYMENTS_DOMAIN }}"
+              - "${{ env.PR_DEPLOYMENT_ACCESS_URL }}"
+              - "*.${{ env.PR_DEPLOYMENT_ACCESS_URL }}"
               secretName: pr${{ env.PR_NUMBER }}-tls
             rules:
-            - host: "pr${{ env.PR_NUMBER }}.${{ secrets.PR_DEPLOYMENTS_DOMAIN }}"
+            - host: "${{ env.PR_DEPLOYMENT_ACCESS_URL }}"
+              http:
+                paths:
+                - pathType: Prefix
+                  path: "/"
+                  backend:
+                    service:
+                      name: coder
+                      port:
+                        number: 80
+            - host: "*.${{ env.PR_DEPLOYMENT_ACCESS_URL }}"
               http:
                 paths:
                 - pathType: Prefix
@@ -233,9 +239,9 @@ jobs:
               type: ClusterIP
             env:
               - name: "CODER_ACCESS_URL"
-                value: "https://pr${{ env.PR_NUMBER }}.${{ secrets.PR_DEPLOYMENTS_DOMAIN }}"
+                value: "https://${{ env.PR_DEPLOYMENT_ACCESS_URL }}"
               - name: "CODER_WILDCARD_ACCESS_URL"
-                value: "*--pr${{ env.PR_NUMBER }}.${{ secrets.PR_DEPLOYMENTS_DOMAIN }}"
+                value: "*.${{ env.PR_DEPLOYMENT_ACCESS_URL }}"
               - name: "CODER_EXPERIMENTS"
                 value: "*"
               - name: CODER_PG_CONNECTION_URL
@@ -272,7 +278,7 @@ jobs:
           set -euxo pipefail
 
           DEST="${HOME}/coder"
-          URL="${{ env.PR_DEPLOYMENT_ACCESS_URL }}/bin/coder-linux-amd64"
+          URL="https://${{ env.PR_DEPLOYMENT_ACCESS_URL }}/bin/coder-linux-amd64"
 
           mkdir -p "$(dirname ${DEST})"
 
@@ -290,6 +296,7 @@ jobs:
           curl -fsSL "$URL" -o "${DEST}"
           chmod +x "${DEST}"
           "${DEST}" version
+          mv "${DEST}" /home/usr/bin/coder
 
       - name: Create first user, template and workspace
         id: setup_deployment
@@ -305,16 +312,16 @@ jobs:
           echo "::add-mask::$password"
           echo "password=$password" >> $GITHUB_OUTPUT
 
-          /home/runner/coder login \
+          coder login \
             --first-user-username pr${{ env.PR_NUMBER }} \
-            --first-user-email ${{ env.PR_NUMBER }}@coder.com \
+            --first-user-email pr${{ env.PR_NUMBER }}@coder.com \
             --first-user-password $password \
             --first-user-trial \
             --use-token-as-session \
-            ${{ env.PR_DEPLOYMENT_ACCESS_URL }}
+            https://${{ env.PR_DEPLOYMENT_ACCESS_URL }}
 
           # Create template
-          /home/runner/coder templates init --id kubernetes && cd ./kubernetes/ && /home/runner/coder templates create -y --variable namespace=pr${{ env.PR_NUMBER }}
+          coder templates init --id kubernetes && cd ./kubernetes/ && /home/runner/coder templates create -y --variable namespace=pr${{ env.PR_NUMBER }}
 
           # Create workspace
           cat <<EOF > workspace.yaml
@@ -323,8 +330,8 @@ jobs:
           home_disk_size: "2"
           EOF
 
-          /home/runner/coder create --template="kubernetes" pr${{ env.PR_NUMBER }} --rich-parameter-file ./workspace.yaml -y
-          /home/runner/coder stop pr${{ env.PR_NUMBER }} -y
+          coder create --template="kubernetes" pr${{ env.PR_NUMBER }} --rich-parameter-file ./workspace.yaml -y
+          coder stop pr${{ env.PR_NUMBER }} -y
 
       - name: Send Slack notification
         run: |

From f3f6669a6be8ebba4efd4ccc2cd81afacb883827 Mon Sep 17 00:00:00 2001
From: Atif Ali <atif@coder.com>
Date: Sun, 30 Jul 2023 05:43:55 +0000
Subject: [PATCH 03/26] fix binary path

---
 .github/workflows/pr-deploy.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/pr-deploy.yaml b/.github/workflows/pr-deploy.yaml
index f30bf8570b12e..93044d8e0be6f 100644
--- a/.github/workflows/pr-deploy.yaml
+++ b/.github/workflows/pr-deploy.yaml
@@ -296,7 +296,7 @@ jobs:
           curl -fsSL "$URL" -o "${DEST}"
           chmod +x "${DEST}"
           "${DEST}" version
-          mv "${DEST}" /home/usr/bin/coder
+          mv "${DEST}" /usr/local/bin/coder
 
       - name: Create first user, template and workspace
         id: setup_deployment

From 198c429d43b4a3b2d5d7d3ff81e10e57b7ef3c4f Mon Sep 17 00:00:00 2001
From: Atif Ali <atif@coder.com>
Date: Sun, 30 Jul 2023 05:46:30 +0000
Subject: [PATCH 04/26] fix

---
 .github/workflows/pr-deploy.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/pr-deploy.yaml b/.github/workflows/pr-deploy.yaml
index 93044d8e0be6f..2c07f680f2597 100644
--- a/.github/workflows/pr-deploy.yaml
+++ b/.github/workflows/pr-deploy.yaml
@@ -321,7 +321,7 @@ jobs:
             https://${{ env.PR_DEPLOYMENT_ACCESS_URL }}
 
           # Create template
-          coder templates init --id kubernetes && cd ./kubernetes/ && /home/runner/coder templates create -y --variable namespace=pr${{ env.PR_NUMBER }}
+          coder templates init --id kubernetes && cd ./kubernetes/ && coder templates create -y --variable namespace=pr${{ env.PR_NUMBER }}
 
           # Create workspace
           cat <<EOF > workspace.yaml

From 6bd5c80d7afd5b516d4515a46d9b6fcc877ee5da Mon Sep 17 00:00:00 2001
From: Atif Ali <atif@coder.com>
Date: Sun, 30 Jul 2023 05:49:31 +0000
Subject: [PATCH 05/26] fix info in slack notification

---
 .github/workflows/pr-deploy.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/pr-deploy.yaml b/.github/workflows/pr-deploy.yaml
index 2c07f680f2597..d881bbf5c5971 100644
--- a/.github/workflows/pr-deploy.yaml
+++ b/.github/workflows/pr-deploy.yaml
@@ -343,7 +343,7 @@ jobs:
               "pr_title": "'"${{ env.PR_TITLE }}"'",
               "pr_access_url": "'"${{ env.PR_DEPLOYMENT_ACCESS_URL }}"'",
               "pr_username": "'"pr${{ env.PR_NUMBER }}"'",
-              "pr_email": "'"${{ env.PR_NUMBER }}@coder.com"'",
+              "pr_email": "'"pr${{ env.PR_NUMBER }}@coder.com"'",
               "pr_password": "'"${{ steps.setup_deployment.outputs.password }}"'",
               "pr_actor": "'"${{ github.actor }}"'"
             }' \

From 27f37cee77518f39d3d5fd811a6425812971cb0f Mon Sep 17 00:00:00 2001
From: Atif Ali <atif@coder.com>
Date: Sun, 30 Jul 2023 05:51:45 +0000
Subject: [PATCH 06/26] run in subshell

---
 .github/workflows/pr-deploy.yaml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/pr-deploy.yaml b/.github/workflows/pr-deploy.yaml
index d881bbf5c5971..a6942b4f3d81c 100644
--- a/.github/workflows/pr-deploy.yaml
+++ b/.github/workflows/pr-deploy.yaml
@@ -151,10 +151,12 @@ jobs:
 
       - name: Add DNS record to Cloudflare
         run: |
-          curl -X POST "https://api.cloudflare.com/client/v4/zones/${{ secrets.PR_DEPLOYMENTS_ZONE_ID }}/dns_records" \
+          (
+            curl -X POST "https://api.cloudflare.com/client/v4/zones/${{ secrets.PR_DEPLOYMENTS_ZONE_ID }}/dns_records" \
           -H "Authorization: Bearer ${{ secrets.PR_DEPLOYMENTS_CLOUDFLARE_API_TOKEN }}" \
           -H "Content-Type:application/json" \
           --data '{"type":"CNAME","name":"*.${{ env.PR_DEPLOYMENT_ACCESS_URL }}","content":"${{ env.PR_DEPLOYMENT_ACCESS_URL }}","ttl":1,"proxied":false}'
+          )
 
       - name: Checkout
         uses: actions/checkout@v3

From 41c9d706f1656fa5bb963da7b39de5fcf7afda92 Mon Sep 17 00:00:00 2001
From: Atif Ali <atif@coder.com>
Date: Sun, 30 Jul 2023 05:53:58 +0000
Subject: [PATCH 07/26] fix credentials output

---
 .github/workflows/pr-deploy.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/pr-deploy.yaml b/.github/workflows/pr-deploy.yaml
index a6942b4f3d81c..b118bd2ca0b8b 100644
--- a/.github/workflows/pr-deploy.yaml
+++ b/.github/workflows/pr-deploy.yaml
@@ -343,7 +343,7 @@ jobs:
               "pr_number": "'"${{ env.PR_NUMBER }}"'",
               "pr_url": "'"${{ env.PR_URL }}"'",
               "pr_title": "'"${{ env.PR_TITLE }}"'",
-              "pr_access_url": "'"${{ env.PR_DEPLOYMENT_ACCESS_URL }}"'",
+              "pr_access_url": "'"https://${{ env.PR_DEPLOYMENT_ACCESS_URL }}"'",
               "pr_username": "'"pr${{ env.PR_NUMBER }}"'",
               "pr_email": "'"pr${{ env.PR_NUMBER }}@coder.com"'",
               "pr_password": "'"${{ steps.setup_deployment.outputs.password }}"'",
@@ -371,6 +371,6 @@ jobs:
           comment-id: ${{ steps.fc.outputs.comment-id }}
           body: |
             :heavy_check_mark: Deployed PR ${{ env.PR_NUMBER }} successfully.
-            :rocket: Access the deployment link [here](${{ env.PR_DEPLOYMENT_ACCESS_URL }}).
+            :rocket: Access the deployment link [here](https://${{ env.PR_DEPLOYMENT_ACCESS_URL }}).
             :warning: This deployment will be deleted when the PR is closed.
           reactions: rocket

From e76c683f34f251f513cda3137db7b7749e1ca552 Mon Sep 17 00:00:00 2001
From: Atif Ali <atif@coder.com>
Date: Sun, 30 Jul 2023 06:04:15 +0000
Subject: [PATCH 08/26] change username

---
 .github/workflows/pr-deploy.yaml | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/pr-deploy.yaml b/.github/workflows/pr-deploy.yaml
index b118bd2ca0b8b..d49739fa689c0 100644
--- a/.github/workflows/pr-deploy.yaml
+++ b/.github/workflows/pr-deploy.yaml
@@ -315,7 +315,7 @@ jobs:
           echo "password=$password" >> $GITHUB_OUTPUT
 
           coder login \
-            --first-user-username pr${{ env.PR_NUMBER }} \
+            --first-user-username test \
             --first-user-email pr${{ env.PR_NUMBER }}@coder.com \
             --first-user-password $password \
             --first-user-trial \
@@ -332,8 +332,8 @@ jobs:
           home_disk_size: "2"
           EOF
 
-          coder create --template="kubernetes" pr${{ env.PR_NUMBER }} --rich-parameter-file ./workspace.yaml -y
-          coder stop pr${{ env.PR_NUMBER }} -y
+          coder create --template="kubernetes" test --rich-parameter-file ./workspace.yaml -y
+          coder stop test -y
 
       - name: Send Slack notification
         run: |
@@ -344,7 +344,7 @@ jobs:
               "pr_url": "'"${{ env.PR_URL }}"'",
               "pr_title": "'"${{ env.PR_TITLE }}"'",
               "pr_access_url": "'"https://${{ env.PR_DEPLOYMENT_ACCESS_URL }}"'",
-              "pr_username": "'"pr${{ env.PR_NUMBER }}"'",
+              "pr_username": "'"test"'",
               "pr_email": "'"pr${{ env.PR_NUMBER }}@coder.com"'",
               "pr_password": "'"${{ steps.setup_deployment.outputs.password }}"'",
               "pr_actor": "'"${{ github.actor }}"'"

From 67858e4004b2ce6b79d322b7f39147da95298ad9 Mon Sep 17 00:00:00 2001
From: Muhammad Atif Ali <atif@coder.com>
Date: Sun, 30 Jul 2023 13:41:33 +0300
Subject: [PATCH 09/26] Update pr-cleanup.yaml

---
 .github/workflows/pr-cleanup.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/pr-cleanup.yaml b/.github/workflows/pr-cleanup.yaml
index bc31548995065..e1e4b314cc73a 100644
--- a/.github/workflows/pr-cleanup.yaml
+++ b/.github/workflows/pr-cleanup.yaml
@@ -57,7 +57,7 @@ jobs:
           -H "Authorization: Bearer ${{ secrets.PR_DEPLOYMENTS_CLOUDFLARE_API_TOKEN }}" \
           -H "Content-Type:application/json" | jq -r '.result[0].id')
 
-          set::add-mask $record_id
+          echo "::add-mask:$record_id"
 
           # Delete the record
           curl -X DELETE "https://api.cloudflare.com/client/v4/zones/${{ secrets.PR_DEPLOYMENTS_ZONE_ID }}/dns_records/$recrd_id" \

From e526434df0b7592f89520d51e0b9420c6a8d4d9e Mon Sep 17 00:00:00 2001
From: Muhammad Atif Ali <atif@coder.com>
Date: Sun, 30 Jul 2023 13:44:12 +0300
Subject: [PATCH 10/26] Typo

---
 .github/workflows/pr-cleanup.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/pr-cleanup.yaml b/.github/workflows/pr-cleanup.yaml
index e1e4b314cc73a..31fc52fb2891b 100644
--- a/.github/workflows/pr-cleanup.yaml
+++ b/.github/workflows/pr-cleanup.yaml
@@ -60,6 +60,6 @@ jobs:
           echo "::add-mask:$record_id"
 
           # Delete the record
-          curl -X DELETE "https://api.cloudflare.com/client/v4/zones/${{ secrets.PR_DEPLOYMENTS_ZONE_ID }}/dns_records/$recrd_id" \
+          curl -X DELETE "https://api.cloudflare.com/client/v4/zones/${{ secrets.PR_DEPLOYMENTS_ZONE_ID }}/dns_records/$record_id" \
           -H "Authorization: Bearer ${{ secrets.PR_DEPLOYMENTS_CLOUDFLARE_API_TOKEN }}" \
           -H "Content-Type:application/json"

From 1fbf9ffb8497229594f54c225aa65bc4358bc9a2 Mon Sep 17 00:00:00 2001
From: Atif Ali <atif@coder.com>
Date: Sun, 30 Jul 2023 10:51:52 +0000
Subject: [PATCH 11/26] use subshells

---
 .github/workflows/pr-cleanup.yaml | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/pr-cleanup.yaml b/.github/workflows/pr-cleanup.yaml
index 31fc52fb2891b..1e8f476e462ee 100644
--- a/.github/workflows/pr-cleanup.yaml
+++ b/.github/workflows/pr-cleanup.yaml
@@ -55,11 +55,13 @@ jobs:
           # Get identifier for the record
           record_id=$(curl -X GET "https://api.cloudflare.com/client/v4/zones/${{ secrets.PR_DEPLOYMENTS_ZONE_ID }}/dns_records?name=*.pr${{ steps.pr_number.outputs.PR_NUMBER }}.${{ secrets.PR_DEPLOYMENTS_DOMAIN }}" \
           -H "Authorization: Bearer ${{ secrets.PR_DEPLOYMENTS_CLOUDFLARE_API_TOKEN }}" \
-          -H "Content-Type:application/json" | jq -r '.result[0].id')
+          -H "Content-Type:application/json" | jq -r '.result[0].id') || echo "DNS record not found"
 
-          echo "::add-mask:$record_id"
+          echo "::add-mask::$record_id"
 
           # Delete the record
-          curl -X DELETE "https://api.cloudflare.com/client/v4/zones/${{ secrets.PR_DEPLOYMENTS_ZONE_ID }}/dns_records/$record_id" \
-          -H "Authorization: Bearer ${{ secrets.PR_DEPLOYMENTS_CLOUDFLARE_API_TOKEN }}" \
-          -H "Content-Type:application/json"
+          (
+            curl -X DELETE "https://api.cloudflare.com/client/v4/zones/${{ secrets.PR_DEPLOYMENTS_ZONE_ID }}/dns_records/$record_id" \
+            -H "Authorization: Bearer ${{ secrets.PR_DEPLOYMENTS_CLOUDFLARE_API_TOKEN }}" \
+            -H "Content-Type:application/json"
+          ) || echo "DNS record not found"

From 5ed660e5bc5b1078f2d66e271ade130f4209a22f Mon Sep 17 00:00:00 2001
From: Atif Ali <atif@coder.com>
Date: Sun, 30 Jul 2023 12:45:30 +0000
Subject: [PATCH 12/26] allow custom experiments

---
 .github/workflows/pr-deploy.yaml | 23 ++++++++++++++++++++++-
 scripts/deploy-pr.sh             | 32 ++++++++++++++++++++++++++------
 2 files changed, 48 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/pr-deploy.yaml b/.github/workflows/pr-deploy.yaml
index d49739fa689c0..dfceafa008ce9 100644
--- a/.github/workflows/pr-deploy.yaml
+++ b/.github/workflows/pr-deploy.yaml
@@ -7,11 +7,18 @@ on:
     inputs:
       pr_number:
         description: "PR number"
+        type: number
         required: true
       skip_build:
         description: "Skip build job"
         required: false
+        type: boolean
         default: false
+      experiments:
+        description: "Experiments to enable"
+        required: false
+        type: string
+        default: "*"
 
 env:
   REPO: ghcr.io/coder/coder-preview
@@ -229,6 +236,20 @@ jobs:
           kubectl create secret generic coder-db-url -n pr${{ env.PR_NUMBER }} \
             --from-literal=url="postgres://coder:coder@coder-db-postgresql.pr${{ env.PR_NUMBER }}.svc.cluster.local:5432/coder?sslmode=disable"
 
+      - name: Get experiments
+        id: get_experiments
+        run: |
+          set -euxo pipefail
+          if [[ ${{ github.event_name }} == "workflow_dispatch" ]]; then
+            experiments=${{ github.event.inputs.experiments }}
+          else
+            experiments=$(echo "${{ github.event.comment.body }}" | grep -oP '(?<=--experiments ).*')
+            if [ -z "$experiments" ]; then
+              experiments="*"
+            fi
+          fi
+          echo "experiments=$experiments" >> $GITHUB_OUTPUT
+
       - name: Create values.yaml
         run: |
           cat <<EOF > pr-deploy-values.yaml
@@ -245,7 +266,7 @@ jobs:
               - name: "CODER_WILDCARD_ACCESS_URL"
                 value: "*.${{ env.PR_DEPLOYMENT_ACCESS_URL }}"
               - name: "CODER_EXPERIMENTS"
-                value: "*"
+                value: "${{ steps.get_experiments.outputs.experiments }}"
               - name: CODER_PG_CONNECTION_URL
                 valueFrom:
                   secretKeyRef:
diff --git a/scripts/deploy-pr.sh b/scripts/deploy-pr.sh
index 411963af4bd3d..4d9d45f45393e 100755
--- a/scripts/deploy-pr.sh
+++ b/scripts/deploy-pr.sh
@@ -9,24 +9,43 @@ set -euo pipefail
 skipBuild=false
 dryRun=false
 confirm=true
+experiments=""
 
 # parse arguments
-for arg in "$@"; do
-	case $arg in
+while (("$#")); do
+	case "$1" in
 	-s | --skip-build)
 		skipBuild=true
-		shift # Remove --skip-build from processing
+		shift
 		;;
 	-n | --dry-run)
 		dryRun=true
-		shift # Remove --dry-run from processing
+		shift
+		;;
+	-e | --experiments)
+		if [ -n "$2" ] && [ ${2:0:1} != "-" ]; then
+			experiments="$2"
+			shift
+		else
+			echo "Error: Argument for $1 is missing" >&2
+			exit 1
+		fi
+		shift
 		;;
 	-y | --yes)
 		confirm=false
-		shift # Remove --yes from processing
+		shift
+		;;
+	--)
+		shift
+		break
+		;;
+	-* | --*)
+		echo "Error: Unsupported flag $1" >&2
+		exit 1
 		;;
 	*)
-		shift # Remove generic argument from processing
+		shift
 		;;
 	esac
 done
@@ -61,6 +80,7 @@ if $dryRun; then
 	echo "branchName: ${branchName}"
 	echo "prNumber: ${prNumber}"
 	echo "skipBuild: ${skipBuild}"
+	echo "experiments: ${experiments}"
 	exit 0
 fi
 

From b1e966338357b73f9ae7eb97885685720e740e66 Mon Sep 17 00:00:00 2001
From: Atif Ali <atif@coder.com>
Date: Sun, 30 Jul 2023 13:24:13 +0000
Subject: [PATCH 13/26] handle extra experiments

---
 .github/workflows/pr-deploy.yaml | 7 ++-----
 scripts/deploy-pr.sh             | 5 +++++
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/pr-deploy.yaml b/.github/workflows/pr-deploy.yaml
index dfceafa008ce9..920ba4fc49fdf 100644
--- a/.github/workflows/pr-deploy.yaml
+++ b/.github/workflows/pr-deploy.yaml
@@ -243,10 +243,7 @@ jobs:
           if [[ ${{ github.event_name }} == "workflow_dispatch" ]]; then
             experiments=${{ github.event.inputs.experiments }}
           else
-            experiments=$(echo "${{ github.event.comment.body }}" | grep -oP '(?<=--experiments ).*')
-            if [ -z "$experiments" ]; then
-              experiments="*"
-            fi
+            experiments=$(echo "${{ github.event.comment.body }}" | grep -oP '(?<=--experiments )[^ ]+')
           fi
           echo "experiments=$experiments" >> $GITHUB_OUTPUT
 
@@ -266,7 +263,7 @@ jobs:
               - name: "CODER_WILDCARD_ACCESS_URL"
                 value: "*.${{ env.PR_DEPLOYMENT_ACCESS_URL }}"
               - name: "CODER_EXPERIMENTS"
-                value: "${{ steps.get_experiments.outputs.experiments }}"
+                value: "*,${{ steps.get_experiments.outputs.experiments }}"
               - name: CODER_PG_CONNECTION_URL
                 valueFrom:
                   secretKeyRef:
diff --git a/scripts/deploy-pr.sh b/scripts/deploy-pr.sh
index 4d9d45f45393e..dd4a5af613aec 100755
--- a/scripts/deploy-pr.sh
+++ b/scripts/deploy-pr.sh
@@ -84,4 +84,9 @@ if $dryRun; then
 	exit 0
 fi
 
+echo "branchName: ${branchName}"
+echo "prNumber: ${prNumber}"
+echo "skipBuild: ${skipBuild}"
+echo "experiments: ${experiments}"
+
 gh workflow run pr-deploy.yaml --ref "${branchName}" -f "pr_number=${prNumber}" -f "skip_build=${skipBuild}"

From 382ecca837e81697337f23b12854b601e5722570 Mon Sep 17 00:00:00 2001
From: Atif Ali <atif@coder.com>
Date: Sun, 30 Jul 2023 13:28:19 +0000
Subject: [PATCH 14/26] handle concurrency

---
 .github/workflows/pr-deploy.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/pr-deploy.yaml b/.github/workflows/pr-deploy.yaml
index 920ba4fc49fdf..1eeefe2d10aff 100644
--- a/.github/workflows/pr-deploy.yaml
+++ b/.github/workflows/pr-deploy.yaml
@@ -30,7 +30,7 @@ permissions:
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.event.issue.number || github.run_id }}
-  cancel-in-progress: false
+  cancel-in-progress: true
 
 jobs:
   pr_commented:

From 7ad2857119f65d0fb7d7a7553d41d8fafaf40ca0 Mon Sep 17 00:00:00 2001
From: Atif Ali <atif@coder.com>
Date: Sun, 30 Jul 2023 13:31:17 +0000
Subject: [PATCH 15/26] update

---
 .github/workflows/pr-deploy.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/pr-deploy.yaml b/.github/workflows/pr-deploy.yaml
index 1eeefe2d10aff..5b1448071e712 100644
--- a/.github/workflows/pr-deploy.yaml
+++ b/.github/workflows/pr-deploy.yaml
@@ -29,7 +29,7 @@ permissions:
   pull-requests: write
 
 concurrency:
-  group: ${{ github.workflow }}-${{ github.event.issue.number || github.run_id }}
+  group: ${{ github.workflow }}-${{ github.event.issue.number || github.event.inputs.pr_number }}
   cancel-in-progress: true
 
 jobs:

From 81cf4c36952d74ea6cfb896d6de7e52befa5b1b5 Mon Sep 17 00:00:00 2001
From: Atif Ali <atif@coder.com>
Date: Sun, 30 Jul 2023 13:42:51 +0000
Subject: [PATCH 16/26] fixup

---
 .github/workflows/pr-deploy.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/pr-deploy.yaml b/.github/workflows/pr-deploy.yaml
index 5b1448071e712..6fd9ee3f71d49 100644
--- a/.github/workflows/pr-deploy.yaml
+++ b/.github/workflows/pr-deploy.yaml
@@ -29,7 +29,7 @@ permissions:
   pull-requests: write
 
 concurrency:
-  group: ${{ github.workflow }}-${{ github.event.issue.number || github.event.inputs.pr_number }}
+  group: ${{ github.workflow }}-${{ github.repository }}-${{ github.ref }}
   cancel-in-progress: true
 
 jobs:

From 48d8871a38e98de3d50cad6bbf4a723e989d459e Mon Sep 17 00:00:00 2001
From: Atif Ali <atif@coder.com>
Date: Sun, 30 Jul 2023 13:56:31 +0000
Subject: [PATCH 17/26] add experiments flag

---
 scripts/deploy-pr.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/deploy-pr.sh b/scripts/deploy-pr.sh
index dd4a5af613aec..50ca4af91cc08 100755
--- a/scripts/deploy-pr.sh
+++ b/scripts/deploy-pr.sh
@@ -89,4 +89,4 @@ echo "prNumber: ${prNumber}"
 echo "skipBuild: ${skipBuild}"
 echo "experiments: ${experiments}"
 
-gh workflow run pr-deploy.yaml --ref "${branchName}" -f "pr_number=${prNumber}" -f "skip_build=${skipBuild}"
+gh workflow run pr-deploy.yaml --ref "${branchName}" -f "pr_number=${prNumber}" -f "skip_build=${skipBuild}" -f "experiments=${experiments}"

From af9b588d4bd20370bcaf4cafebf5f8e8f90b5a09 Mon Sep 17 00:00:00 2001
From: Atif Ali <atif@coder.com>
Date: Sun, 30 Jul 2023 14:26:53 +0000
Subject: [PATCH 18/26] wip

---
 .github/workflows/pr-deploy.yaml | 39 ++++++++++++++++++++++++++++----
 1 file changed, 35 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/pr-deploy.yaml b/.github/workflows/pr-deploy.yaml
index 6fd9ee3f71d49..604ab6918ec87 100644
--- a/.github/workflows/pr-deploy.yaml
+++ b/.github/workflows/pr-deploy.yaml
@@ -184,16 +184,39 @@ jobs:
           kubectl delete namespace "pr${{ env.PR_NUMBER }}" || true
           kubectl create namespace "pr${{ env.PR_NUMBER }}"
 
+      - name: Check and Create Certificate
+        run: |
+          # Using kubectl to check if a Certificate resource already exists
+          # we are doing this to avoid letsenrypt rate limits
+          if ! kubectl get certificate pr${{ env.PR_NUMBER }}-tls -n pr${{ env.PR_NUMBER }} > /dev/null 2>&1; then
+            echo "Certificate doesn't exist. Creating a new one."
+            cat <<EOF | kubectl apply -f -
+            apiVersion: cert-manager.io/v1
+            kind: Certificate
+            metadata:
+              name: pr${{ env.PR_NUMBER }}-tls
+              namespace: pr${{ env.PR_NUMBER }}
+            spec:
+              secretName: pr${{ env.PR_NUMBER }}-tls
+              issuerRef:
+                name: letsencrypt
+                kind: ClusterIssuer
+              dnsNames:
+              - "${{ env.PR_DEPLOYMENT_ACCESS_URL }}"
+              - "*.${{ env.PR_DEPLOYMENT_ACCESS_URL }}"
+            EOF
+          else
+            echo "Certificate exists."
+          fi
+
       - name: Setup ingress
         run: |
-          cat <<EOF > ingress.yaml
+          cat <<EOF > kubectl apply -f -
           apiVersion: networking.k8s.io/v1
           kind: Ingress
           metadata:
             name: pr${{ env.PR_NUMBER }}
             namespace: pr${{ env.PR_NUMBER }}
-            annotations:
-              cert-manager.io/cluster-issuer: letsencrypt
           spec:
             tls:
             - hosts:
@@ -222,7 +245,6 @@ jobs:
                       port:
                         number: 80
           EOF
-          kubectl apply -f ingress.yaml
 
       - name: Set up PostgreSQL database
         run: |
@@ -257,6 +279,15 @@ jobs:
               pullPolicy: Always
             service:
               type: ClusterIP
+            ingress:
+              enable: true
+              className: traefik
+              host: ${{ env.PR_DEPLOYMENT_ACCESS_URL }}
+              wildcardHost: "*.${{ env.PR_DEPLOYMENT_ACCESS_URL }}"
+              tls:
+                enable: true
+                secretName: pr${{ env.PR_NUMBER }}-tls
+                wildcardSecretName: pr${{ env.PR_NUMBER }}-tls
             env:
               - name: "CODER_ACCESS_URL"
                 value: "https://${{ env.PR_DEPLOYMENT_ACCESS_URL }}"

From bc881dcf0ec4116c818269be140d3479377d4578 Mon Sep 17 00:00:00 2001
From: Atif Ali <atif@coder.com>
Date: Mon, 31 Jul 2023 05:56:29 +0000
Subject: [PATCH 19/26] use coder ingress

---
 .github/workflows/pr-deploy.yaml | 37 --------------------------------
 1 file changed, 37 deletions(-)

diff --git a/.github/workflows/pr-deploy.yaml b/.github/workflows/pr-deploy.yaml
index 604ab6918ec87..9339a495fdbfa 100644
--- a/.github/workflows/pr-deploy.yaml
+++ b/.github/workflows/pr-deploy.yaml
@@ -209,43 +209,6 @@ jobs:
             echo "Certificate exists."
           fi
 
-      - name: Setup ingress
-        run: |
-          cat <<EOF > kubectl apply -f -
-          apiVersion: networking.k8s.io/v1
-          kind: Ingress
-          metadata:
-            name: pr${{ env.PR_NUMBER }}
-            namespace: pr${{ env.PR_NUMBER }}
-          spec:
-            tls:
-            - hosts:
-              - "${{ env.PR_DEPLOYMENT_ACCESS_URL }}"
-              - "*.${{ env.PR_DEPLOYMENT_ACCESS_URL }}"
-              secretName: pr${{ env.PR_NUMBER }}-tls
-            rules:
-            - host: "${{ env.PR_DEPLOYMENT_ACCESS_URL }}"
-              http:
-                paths:
-                - pathType: Prefix
-                  path: "/"
-                  backend:
-                    service:
-                      name: coder
-                      port:
-                        number: 80
-            - host: "*.${{ env.PR_DEPLOYMENT_ACCESS_URL }}"
-              http:
-                paths:
-                - pathType: Prefix
-                  path: "/"
-                  backend:
-                    service:
-                      name: coder
-                      port:
-                        number: 80
-          EOF
-
       - name: Set up PostgreSQL database
         run: |
           helm repo add bitnami https://charts.bitnami.com/bitnami

From dac899733c1b879678652670dc1e69c4892f64be Mon Sep 17 00:00:00 2001
From: Atif Ali <atif@coder.com>
Date: Mon, 31 Jul 2023 06:24:32 +0000
Subject: [PATCH 20/26] fix EOF

---
 .github/workflows/pr-deploy.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/pr-deploy.yaml b/.github/workflows/pr-deploy.yaml
index 9339a495fdbfa..294f553adb3c7 100644
--- a/.github/workflows/pr-deploy.yaml
+++ b/.github/workflows/pr-deploy.yaml
@@ -204,7 +204,7 @@ jobs:
               dnsNames:
               - "${{ env.PR_DEPLOYMENT_ACCESS_URL }}"
               - "*.${{ env.PR_DEPLOYMENT_ACCESS_URL }}"
-            EOF
+          EOF
           else
             echo "Certificate exists."
           fi

From c9daeafd5b52a4e87d3110367396688b0759bea2 Mon Sep 17 00:00:00 2001
From: Atif Ali <atif@coder.com>
Date: Mon, 31 Jul 2023 06:32:13 +0000
Subject: [PATCH 21/26] fix lint

---
 scripts/deploy-pr.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/deploy-pr.sh b/scripts/deploy-pr.sh
index 50ca4af91cc08..73ff796a6ebbe 100755
--- a/scripts/deploy-pr.sh
+++ b/scripts/deploy-pr.sh
@@ -40,7 +40,7 @@ while (("$#")); do
 		shift
 		break
 		;;
-	-* | --*)
+	--*)
 		echo "Error: Unsupported flag $1" >&2
 		exit 1
 		;;

From 8192128bab417242c6121d49db0a1c56798cabc7 Mon Sep 17 00:00:00 2001
From: Atif Ali <atif@coder.com>
Date: Mon, 31 Jul 2023 06:33:21 +0000
Subject: [PATCH 22/26] double quotes

---
 scripts/deploy-pr.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/deploy-pr.sh b/scripts/deploy-pr.sh
index 73ff796a6ebbe..84ee6ed6266f4 100755
--- a/scripts/deploy-pr.sh
+++ b/scripts/deploy-pr.sh
@@ -23,7 +23,7 @@ while (("$#")); do
 		shift
 		;;
 	-e | --experiments)
-		if [ -n "$2" ] && [ ${2:0:1} != "-" ]; then
+		if [ -n "$2" ] && [ "${2:0:1}" != "-" ]; then
 			experiments="$2"
 			shift
 		else

From 3e6d936c830eddbbdf1ad9296509f2b5981ae6e6 Mon Sep 17 00:00:00 2001
From: Atif Ali <atif@coder.com>
Date: Tue, 1 Aug 2023 08:17:52 +0000
Subject: [PATCH 23/26] store secret in a shared namespace

---
 .github/workflows/pr-deploy.yaml | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/pr-deploy.yaml b/.github/workflows/pr-deploy.yaml
index 294f553adb3c7..92221ba90fad8 100644
--- a/.github/workflows/pr-deploy.yaml
+++ b/.github/workflows/pr-deploy.yaml
@@ -188,14 +188,14 @@ jobs:
         run: |
           # Using kubectl to check if a Certificate resource already exists
           # we are doing this to avoid letsenrypt rate limits
-          if ! kubectl get certificate pr${{ env.PR_NUMBER }}-tls -n pr${{ env.PR_NUMBER }} > /dev/null 2>&1; then
+          if ! kubectl get certificate pr${{ env.PR_NUMBER }}-tls -n pr-deployment-certs > /dev/null 2>&1; then
             echo "Certificate doesn't exist. Creating a new one."
             cat <<EOF | kubectl apply -f -
             apiVersion: cert-manager.io/v1
             kind: Certificate
             metadata:
               name: pr${{ env.PR_NUMBER }}-tls
-              namespace: pr${{ env.PR_NUMBER }}
+              namespace: pr-deployment-certs
             spec:
               secretName: pr${{ env.PR_NUMBER }}-tls
               issuerRef:
@@ -206,7 +206,9 @@ jobs:
               - "*.${{ env.PR_DEPLOYMENT_ACCESS_URL }}"
           EOF
           else
-            echo "Certificate exists."
+            echo "Certificate exists. Skipping certificate creation."
+            echo "Copy certificate from pr-deployment-certs to pr${{ env.PR_NUMBER }} namespace"
+            kubectl get secret pr${{ env.PR_NUMBER }}-tls -n pr-deployment-certs -o yaml | sed 's/pr-deployment-certs/pr${{ env.PR_NUMBER }}/g' | kubectl apply -f -
           fi
 
       - name: Set up PostgreSQL database

From 5ade8b74589d71fec6c520c9a5934be7f13f4d53 Mon Sep 17 00:00:00 2001
From: Atif Ali <atif@coder.com>
Date: Tue, 1 Aug 2023 10:30:50 +0000
Subject: [PATCH 24/26] sanitize secret

---
 .github/workflows/pr-deploy.yaml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/pr-deploy.yaml b/.github/workflows/pr-deploy.yaml
index 92221ba90fad8..6f065fe78babc 100644
--- a/.github/workflows/pr-deploy.yaml
+++ b/.github/workflows/pr-deploy.yaml
@@ -208,7 +208,9 @@ jobs:
           else
             echo "Certificate exists. Skipping certificate creation."
             echo "Copy certificate from pr-deployment-certs to pr${{ env.PR_NUMBER }} namespace"
-            kubectl get secret pr${{ env.PR_NUMBER }}-tls -n pr-deployment-certs -o yaml | sed 's/pr-deployment-certs/pr${{ env.PR_NUMBER }}/g' | kubectl apply -f -
+            kubectl get secret pr${{ env.PR_NUMBER }}-tls -n pr-deployment-certs -o json |
+            jq 'del(.metadata.namespace,.metadata.creationTimestamp,.metadata.resourceVersion,.metadata.selfLink,.metadata.uid,.metadata.managedFields)' |
+            kubectl -n pr${{ env.PR_NUMBER }} apply -f -
           fi
 
       - name: Set up PostgreSQL database

From 176a78dee2e6ce1f7e35d81205ec115d829d16d2 Mon Sep 17 00:00:00 2001
From: Atif Ali <atif@coder.com>
Date: Tue, 1 Aug 2023 10:32:37 +0000
Subject: [PATCH 25/26] use subshell

---
 .github/workflows/pr-deploy.yaml | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/pr-deploy.yaml b/.github/workflows/pr-deploy.yaml
index 6f065fe78babc..8bbd7fcdb471b 100644
--- a/.github/workflows/pr-deploy.yaml
+++ b/.github/workflows/pr-deploy.yaml
@@ -208,9 +208,11 @@ jobs:
           else
             echo "Certificate exists. Skipping certificate creation."
             echo "Copy certificate from pr-deployment-certs to pr${{ env.PR_NUMBER }} namespace"
-            kubectl get secret pr${{ env.PR_NUMBER }}-tls -n pr-deployment-certs -o json |
-            jq 'del(.metadata.namespace,.metadata.creationTimestamp,.metadata.resourceVersion,.metadata.selfLink,.metadata.uid,.metadata.managedFields)' |
-            kubectl -n pr${{ env.PR_NUMBER }} apply -f -
+            (
+              kubectl get secret pr${{ env.PR_NUMBER }}-tls -n pr-deployment-certs -o json |
+              jq 'del(.metadata.namespace,.metadata.creationTimestamp,.metadata.resourceVersion,.metadata.selfLink,.metadata.uid,.metadata.managedFields)' |
+              kubectl -n pr${{ env.PR_NUMBER }} apply -f -
+            )
           fi
 
       - name: Set up PostgreSQL database

From 86f22d1f934630006fde451a3c221c0edc2d51b3 Mon Sep 17 00:00:00 2001
From: Atif Ali <atif@coder.com>
Date: Tue, 1 Aug 2023 10:36:53 +0000
Subject: [PATCH 26/26] url encoding

---
 .github/workflows/pr-cleanup.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/pr-cleanup.yaml b/.github/workflows/pr-cleanup.yaml
index 1e8f476e462ee..cb3e6429a2233 100644
--- a/.github/workflows/pr-cleanup.yaml
+++ b/.github/workflows/pr-cleanup.yaml
@@ -53,7 +53,7 @@ jobs:
         run: |
           set -euxo pipefail
           # Get identifier for the record
-          record_id=$(curl -X GET "https://api.cloudflare.com/client/v4/zones/${{ secrets.PR_DEPLOYMENTS_ZONE_ID }}/dns_records?name=*.pr${{ steps.pr_number.outputs.PR_NUMBER }}.${{ secrets.PR_DEPLOYMENTS_DOMAIN }}" \
+          record_id=$(curl -X GET "https://api.cloudflare.com/client/v4/zones/${{ secrets.PR_DEPLOYMENTS_ZONE_ID }}/dns_records?name=%2A.pr${{ steps.pr_number.outputs.PR_NUMBER }}.${{ secrets.PR_DEPLOYMENTS_DOMAIN }}" \
           -H "Authorization: Bearer ${{ secrets.PR_DEPLOYMENTS_CLOUDFLARE_API_TOKEN }}" \
           -H "Content-Type:application/json" | jq -r '.result[0].id') || echo "DNS record not found"