From 01193dc4750e3f2a022b4bc7de4e59bddc371a54 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 27 May 2025 15:00:36 +0500 Subject: [PATCH 1/6] build(deps): Bump goreleaser/goreleaser-action from 6.2.1 to 6.3.0 (#372) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 33f17b8d..82eb9562 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -91,7 +91,7 @@ jobs: passphrase: ${{ secrets.PASSPHRASE }} - name: Run GoReleaser - uses: goreleaser/goreleaser-action@v6.2.1 + uses: goreleaser/goreleaser-action@v6.3.0 with: version: '~> v2' args: release --clean From d0457a71ce7a7b47393ee34cb723a9fae18a0f90 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 27 May 2025 15:00:40 +0500 Subject: [PATCH 2/6] build(deps): Bump crazy-max/ghaction-import-gpg from 6.2.0 to 6.3.0 (#371) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 82eb9562..f731b412 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -84,7 +84,7 @@ jobs: - name: Import GPG key id: import_gpg - uses: crazy-max/ghaction-import-gpg@v6.2.0 + uses: crazy-max/ghaction-import-gpg@v6.3.0 with: # These secrets will need to be configured for the repository: gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }} From 442ff2abd9eb47cf7deb65a8d63c58de24b986de Mon Sep 17 00:00:00 2001 From: Susana Ferreira Date: Tue, 27 May 2025 11:04:35 +0100 Subject: [PATCH 3/6] chore: add minimum TTL value for expiration.policy.ttl (#406) * chore: add minimum TTL value for expiration.policy.ttl * chore: support 0 as a valid ttl value in expiration_policy to disable expiration --- provider/workspace_preset.go | 14 +++++++-- provider/workspace_preset_test.go | 48 +++++++++++++++++++++++++++++-- 2 files changed, 58 insertions(+), 4 deletions(-) diff --git a/provider/workspace_preset.go b/provider/workspace_preset.go index e9c697c7..e0f2276c 100644 --- a/provider/workspace_preset.go +++ b/provider/workspace_preset.go @@ -2,6 +2,7 @@ package provider import ( "context" + "fmt" "github.com/hashicorp/terraform-plugin-sdk/v2/diag" "github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema" @@ -103,8 +104,17 @@ func workspacePresetDataSource() *schema.Resource { Description: "Time in seconds after which an unclaimed prebuild is considered expired and eligible for cleanup.", Required: true, ForceNew: true, - // Ensure TTL is between 0 and 31536000 seconds (1 year) to prevent stale prebuilds - ValidateFunc: validation.IntBetween(0, 31536000), + // Ensure TTL is either 0 (to disable expiration) or between 3600 seconds (1 hour) and 31536000 seconds (1 year) + ValidateFunc: func(val interface{}, key string) ([]string, []error) { + v := val.(int) + if v == 0 { + return nil, nil + } + if v < 3600 || v > 31536000 { + return nil, []error{fmt.Errorf("%q must be 0 or between 3600 and 31536000, got %d", key, v)} + } + return nil, nil + }, }, }, }, diff --git a/provider/workspace_preset_test.go b/provider/workspace_preset_test.go index d9f7da46..b8e752ae 100644 --- a/provider/workspace_preset_test.go +++ b/provider/workspace_preset_test.go @@ -157,7 +157,7 @@ func TestWorkspacePreset(t *testing.T) { expiration_policy {} } }`, - ExpectError: regexp.MustCompile("The argument \"ttl\" is required, but no definition was found."), + ExpectError: regexp.MustCompile(`The argument "ttl" is required, but no definition was found.`), }, { Name: "Prebuilds is set with a expiration_policy field with its required fields", @@ -186,6 +186,50 @@ func TestWorkspacePreset(t *testing.T) { return nil }, }, + { + Name: "Prebuilds block with expiration_policy.ttl set to 0 seconds (disables expiration)", + Config: ` + data "coder_workspace_preset" "preset_1" { + name = "preset_1" + parameters = { + "region" = "us-east1-a" + } + prebuilds { + instances = 1 + expiration_policy { + ttl = 0 + } + } + }`, + ExpectError: nil, + Check: func(state *terraform.State) error { + require.Len(t, state.Modules, 1) + require.Len(t, state.Modules[0].Resources, 1) + resource := state.Modules[0].Resources["data.coder_workspace_preset.preset_1"] + require.NotNil(t, resource) + attrs := resource.Primary.Attributes + require.Equal(t, attrs["name"], "preset_1") + require.Equal(t, attrs["prebuilds.0.expiration_policy.0.ttl"], "0") + return nil + }, + }, + { + Name: "Prebuilds block with expiration_policy.ttl set to 30 minutes (below 1 hour limit)", + Config: ` + data "coder_workspace_preset" "preset_1" { + name = "preset_1" + parameters = { + "region" = "us-east1-a" + } + prebuilds { + instances = 1 + expiration_policy { + ttl = 1800 + } + } + }`, + ExpectError: regexp.MustCompile(`"prebuilds.0.expiration_policy.0.ttl" must be 0 or between 3600 and 31536000, got 1800`), + }, { Name: "Prebuilds block with expiration_policy.ttl set to 2 years (exceeds 1 year limit)", Config: ` @@ -201,7 +245,7 @@ func TestWorkspacePreset(t *testing.T) { } } }`, - ExpectError: regexp.MustCompile(`expected prebuilds.0.expiration_policy.0.ttl to be in the range \(0 - 31536000\), got 63072000`), + ExpectError: regexp.MustCompile(`"prebuilds.0.expiration_policy.0.ttl" must be 0 or between 3600 and 31536000, got 63072000`), }, { Name: "Prebuilds is set with a expiration_policy field with its required fields and an unexpected argument", From cfa101df4635e405e66094fa7779f9a89d92f400 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E3=82=B1=E3=82=A4=E3=83=A9?= Date: Tue, 27 May 2025 14:47:34 -0600 Subject: [PATCH 4/6] fix: limit app group length (#407) --- provider/app.go | 32 +++++++++++++++++++++++--------- 1 file changed, 23 insertions(+), 9 deletions(-) diff --git a/provider/app.go b/provider/app.go index fb686794..adbbf0e7 100644 --- a/provider/app.go +++ b/provider/app.go @@ -23,14 +23,17 @@ var ( appSlugRegex = regexp.MustCompile(`^[a-z0-9](-?[a-z0-9])*$`) ) -const appDisplayNameMaxLength = 64 // database column limit +const ( + appDisplayNameMaxLength = 64 // database column limit + appGroupNameMaxLength = 64 +) func appResource() *schema.Resource { return &schema.Resource{ SchemaVersion: 1, Description: "Use this resource to define shortcuts to access applications in a workspace.", - CreateContext: func(c context.Context, resourceData *schema.ResourceData, i interface{}) diag.Diagnostics { + CreateContext: func(c context.Context, resourceData *schema.ResourceData, i any) diag.Diagnostics { resourceData.SetId(uuid.NewString()) diags := diag.Diagnostics{} @@ -63,10 +66,10 @@ func appResource() *schema.Resource { return diags }, - ReadContext: func(c context.Context, resourceData *schema.ResourceData, i interface{}) diag.Diagnostics { + ReadContext: func(c context.Context, resourceData *schema.ResourceData, i any) diag.Diagnostics { return nil }, - DeleteContext: func(ctx context.Context, rd *schema.ResourceData, i interface{}) diag.Diagnostics { + DeleteContext: func(ctx context.Context, rd *schema.ResourceData, i any) diag.Diagnostics { return nil }, Schema: map[string]*schema.Schema{ @@ -92,7 +95,7 @@ func appResource() *schema.Resource { "built-in icon with `\"${data.coder_workspace.me.access_url}/icon/\"`.", ForceNew: true, Optional: true, - ValidateFunc: func(i interface{}, s string) ([]string, []error) { + ValidateFunc: func(i any, s string) ([]string, []error) { _, err := url.Parse(s) if err != nil { return nil, []error{err} @@ -108,7 +111,7 @@ func appResource() *schema.Resource { "hyphen or contain two consecutive hyphens.", ForceNew: true, Required: true, - ValidateDiagFunc: func(val interface{}, c cty.Path) diag.Diagnostics { + ValidateDiagFunc: func(val any, c cty.Path) diag.Diagnostics { valStr, ok := val.(string) if !ok { return diag.Errorf("expected string, got %T", val) @@ -126,7 +129,7 @@ func appResource() *schema.Resource { Description: "A display name to identify the app. Defaults to the slug.", ForceNew: true, Optional: true, - ValidateDiagFunc: func(val interface{}, c cty.Path) diag.Diagnostics { + ValidateDiagFunc: func(val any, c cty.Path) diag.Diagnostics { valStr, ok := val.(string) if !ok { return diag.Errorf("expected string, got %T", val) @@ -161,7 +164,7 @@ func appResource() *schema.Resource { ForceNew: true, Optional: true, Default: "owner", - ValidateDiagFunc: func(val interface{}, c cty.Path) diag.Diagnostics { + ValidateDiagFunc: func(val any, c cty.Path) diag.Diagnostics { valStr, ok := val.(string) if !ok { return diag.Errorf("expected string, got %T", val) @@ -228,6 +231,17 @@ func appResource() *schema.Resource { Description: "The name of a group that this app belongs to.", ForceNew: true, Optional: true, + ValidateDiagFunc: func(val any, c cty.Path) diag.Diagnostics { + valStr, ok := val.(string) + if !ok { + return diag.Errorf("expected string, got %T", val) + } + + if len(valStr) > appGroupNameMaxLength { + return diag.Errorf("group name is too long (max %d characters)", appGroupNameMaxLength) + } + return nil + }, }, "order": { Type: schema.TypeInt, @@ -250,7 +264,7 @@ func appResource() *schema.Resource { ForceNew: true, Optional: true, Default: "slim-window", - ValidateDiagFunc: func(val interface{}, c cty.Path) diag.Diagnostics { + ValidateDiagFunc: func(val any, c cty.Path) diag.Diagnostics { valStr, ok := val.(string) if !ok { return diag.Errorf("expected string, got %T", val) From c1c33f6d556532e75662c0ca373ed8fdea220eb5 Mon Sep 17 00:00:00 2001 From: Atif Ali Date: Wed, 4 Jun 2025 08:05:38 -0700 Subject: [PATCH 5/6] chore: add blink-so to CLA allowlist (#410) --- .github/workflows/cla.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cla.yaml b/.github/workflows/cla.yaml index 71c2e905..45f72487 100644 --- a/.github/workflows/cla.yaml +++ b/.github/workflows/cla.yaml @@ -23,4 +23,4 @@ jobs: path-to-document: 'https://github.com/coder/cla/blob/main/README.md' # branch should not be protected branch: 'main' - allowlist: dependabot* + allowlist: 'dependabot*,blink-so*' From eee4ed569976995dd0b0d8d453dbecbb79b6b5ad Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 13 Jun 2025 14:21:48 +0100 Subject: [PATCH 6/6] build(deps): Bump github.com/cloudflare/circl from 1.6.0 to 1.6.1 (#412) Bumps [github.com/cloudflare/circl](https://github.com/cloudflare/circl) from 1.6.0 to 1.6.1. - [Release notes](https://github.com/cloudflare/circl/releases) - [Commits](https://github.com/cloudflare/circl/compare/v1.6.0...v1.6.1) --- updated-dependencies: - dependency-name: github.com/cloudflare/circl dependency-version: 1.6.1 dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 7b0b437c..fcb25b13 100644 --- a/go.mod +++ b/go.mod @@ -23,7 +23,7 @@ require ( github.com/ProtonMail/go-crypto v1.1.6 // indirect github.com/agext/levenshtein v1.2.3 // indirect github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect - github.com/cloudflare/circl v1.6.0 // indirect + github.com/cloudflare/circl v1.6.1 // indirect github.com/containerd/log v0.1.0 // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/distribution/reference v0.6.0 // indirect diff --git a/go.sum b/go.sum index 0531c5e1..31e83346 100644 --- a/go.sum +++ b/go.sum @@ -17,8 +17,8 @@ github.com/bufbuild/protocompile v0.4.0 h1:LbFKd2XowZvQ/kajzguUp2DC9UEIQhIq77fZZ github.com/bufbuild/protocompile v0.4.0/go.mod h1:3v93+mbWn/v3xzN+31nwkJfrEpAUwp+BagBSZWx+TP8= github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8= github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= -github.com/cloudflare/circl v1.6.0 h1:cr5JKic4HI+LkINy2lg3W2jF8sHCVTBncJr5gIIq7qk= -github.com/cloudflare/circl v1.6.0/go.mod h1:uddAzsPgqdMAYatqJ0lsjX1oECcQLIlRpzZh3pJrofs= +github.com/cloudflare/circl v1.6.1 h1:zqIqSPIndyBh1bjLVVDHMPpVKqp8Su/V+6MeDzzQBQ0= +github.com/cloudflare/circl v1.6.1/go.mod h1:uddAzsPgqdMAYatqJ0lsjX1oECcQLIlRpzZh3pJrofs= github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I= github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo= github.com/cyphar/filepath-securejoin v0.4.1 h1:JyxxyPEaktOD+GAnqIqTf9A8tHyAG22rowi7HkoSU1s=