diff --git a/.claude/docs/DATABASE.md b/.claude/docs/DATABASE.md new file mode 100644 index 0000000000000..fe977297f8670 --- /dev/null +++ b/.claude/docs/DATABASE.md @@ -0,0 +1,218 @@ +# Database Development Patterns + +## Database Work Overview + +### Database Generation Process + +1. Modify SQL files in `coderd/database/queries/` +2. Run `make gen` +3. If errors about audit table, update `enterprise/audit/table.go` +4. Run `make gen` again +5. Run `make lint` to catch any remaining issues + +## Migration Guidelines + +### Creating Migration Files + +**Location**: `coderd/database/migrations/` +**Format**: `{number}_{description}.{up|down}.sql` + +- Number must be unique and sequential +- Always include both up and down migrations + +### Helper Scripts + +| Script | Purpose | +|---------------------------------------------------------------------|-----------------------------------------| +| `./coderd/database/migrations/create_migration.sh "migration name"` | Creates new migration files | +| `./coderd/database/migrations/fix_migration_numbers.sh` | Renumbers migrations to avoid conflicts | +| `./coderd/database/migrations/create_fixture.sh "fixture name"` | Creates test fixtures for migrations | + +### Database Query Organization + +- **MUST DO**: Any changes to database - adding queries, modifying queries should be done in the `coderd/database/queries/*.sql` files +- **MUST DO**: Queries are grouped in files relating to context - e.g. `prebuilds.sql`, `users.sql`, `oauth2.sql` +- After making changes to any `coderd/database/queries/*.sql` files you must run `make gen` to generate respective ORM changes + +## Handling Nullable Fields + +Use `sql.NullString`, `sql.NullBool`, etc. for optional database fields: + +```go +CodeChallenge: sql.NullString{ + String: params.codeChallenge, + Valid: params.codeChallenge != "", +} +``` + +Set `.Valid = true` when providing values. + +## Audit Table Updates + +If adding fields to auditable types: + +1. Update `enterprise/audit/table.go` +2. Add each new field with appropriate action: + - `ActionTrack`: Field should be tracked in audit logs + - `ActionIgnore`: Field should be ignored in audit logs + - `ActionSecret`: Field contains sensitive data +3. Run `make gen` to verify no audit errors + +## Database Architecture + +### Core Components + +- **PostgreSQL 13+** recommended for production +- **Migrations** managed with `migrate` +- **Database authorization** through `dbauthz` package + +### Authorization Patterns + +```go +// Public endpoints needing system access (OAuth2 registration) +app, err := api.Database.GetOAuth2ProviderAppByClientID(dbauthz.AsSystemRestricted(ctx), clientID) + +// Authenticated endpoints with user context +app, err := api.Database.GetOAuth2ProviderAppByClientID(ctx, clientID) + +// System operations in middleware +roles, err := db.GetAuthorizationUserRoles(dbauthz.AsSystemRestricted(ctx), userID) +``` + +## Common Database Issues + +### Migration Issues + +1. **Migration conflicts**: Use `fix_migration_numbers.sh` to renumber +2. **Missing down migration**: Always create both up and down files +3. **Schema inconsistencies**: Verify against existing schema + +### Field Handling Issues + +1. **Nullable field errors**: Use `sql.Null*` types consistently +2. **Missing audit entries**: Update `enterprise/audit/table.go` + +### Query Issues + +1. **Query organization**: Group related queries in appropriate files +2. **Generated code errors**: Run `make gen` after query changes +3. **Performance issues**: Add appropriate indexes in migrations + +## Database Testing + +### Test Database Setup + +```go +func TestDatabaseFunction(t *testing.T) { + db := dbtestutil.NewDB(t) + + // Test with real database + result, err := db.GetSomething(ctx, param) + require.NoError(t, err) + require.Equal(t, expected, result) +} +``` + +## Best Practices + +### Schema Design + +1. **Use appropriate data types**: VARCHAR for strings, TIMESTAMP for times +2. **Add constraints**: NOT NULL, UNIQUE, FOREIGN KEY as appropriate +3. **Create indexes**: For frequently queried columns +4. **Consider performance**: Normalize appropriately but avoid over-normalization + +### Query Writing + +1. **Use parameterized queries**: Prevent SQL injection +2. **Handle errors appropriately**: Check for specific error types +3. **Use transactions**: For related operations that must succeed together +4. **Optimize queries**: Use EXPLAIN to understand query performance + +### Migration Writing + +1. **Make migrations reversible**: Always include down migration +2. **Test migrations**: On copy of production data if possible +3. **Keep migrations small**: One logical change per migration +4. **Document complex changes**: Add comments explaining rationale + +## Advanced Patterns + +### Complex Queries + +```sql +-- Example: Complex join with aggregation +SELECT + u.id, + u.username, + COUNT(w.id) as workspace_count +FROM users u +LEFT JOIN workspaces w ON u.id = w.owner_id +WHERE u.created_at > $1 +GROUP BY u.id, u.username +ORDER BY workspace_count DESC; +``` + +### Conditional Queries + +```sql +-- Example: Dynamic filtering +SELECT * FROM oauth2_provider_apps +WHERE + ($1::text IS NULL OR name ILIKE '%' || $1 || '%') + AND ($2::uuid IS NULL OR organization_id = $2) +ORDER BY created_at DESC; +``` + +### Audit Patterns + +```go +// Example: Auditable database operation +func (q *sqlQuerier) UpdateUser(ctx context.Context, arg UpdateUserParams) (User, error) { + // Implementation here + + // Audit the change + if auditor := audit.FromContext(ctx); auditor != nil { + auditor.Record(audit.UserUpdate{ + UserID: arg.ID, + Old: oldUser, + New: newUser, + }) + } + + return newUser, nil +} +``` + +## Debugging Database Issues + +### Common Debug Commands + +```bash +# Check database connection +make test-postgres + +# Run specific database tests +go test ./coderd/database/... -run TestSpecificFunction + +# Check query generation +make gen + +# Verify audit table +make lint +``` + +### Debug Techniques + +1. **Enable query logging**: Set appropriate log levels +2. **Use database tools**: pgAdmin, psql for direct inspection +3. **Check constraints**: UNIQUE, FOREIGN KEY violations +4. **Analyze performance**: Use EXPLAIN ANALYZE for slow queries + +### Troubleshooting Checklist + +- [ ] Migration files exist (both up and down) +- [ ] `make gen` run after query changes +- [ ] Audit table updated for new fields +- [ ] Nullable fields use `sql.Null*` types +- [ ] Authorization context appropriate for endpoint type diff --git a/.claude/docs/OAUTH2.md b/.claude/docs/OAUTH2.md new file mode 100644 index 0000000000000..4716fc672a1e3 --- /dev/null +++ b/.claude/docs/OAUTH2.md @@ -0,0 +1,157 @@ +# OAuth2 Development Guide + +## RFC Compliance Development + +### Implementing Standard Protocols + +When implementing standard protocols (OAuth2, OpenID Connect, etc.): + +1. **Fetch and Analyze Official RFCs**: + - Always read the actual RFC specifications before implementation + - Use WebFetch tool to get current RFC content for compliance verification + - Document RFC requirements in code comments + +2. **Default Values Matter**: + - Pay close attention to RFC-specified default values + - Example: RFC 7591 specifies `client_secret_basic` as default, not `client_secret_post` + - Ensure consistency between database migrations and application code + +3. **Security Requirements**: + - Follow RFC security considerations precisely + - Example: RFC 7592 prohibits returning registration access tokens in GET responses + - Implement proper error responses per protocol specifications + +4. **Validation Compliance**: + - Implement comprehensive validation per RFC requirements + - Support protocol-specific features (e.g., custom schemes for native OAuth2 apps) + - Test edge cases defined in specifications + +## OAuth2 Provider Implementation + +### OAuth2 Spec Compliance + +1. **Follow RFC 6749 for token responses** + - Use `expires_in` (seconds) not `expiry` (timestamp) in token responses + - Return proper OAuth2 error format: `{"error": "code", "error_description": "details"}` + +2. **Error Response Format** + - Create OAuth2-compliant error responses for token endpoint + - Use standard error codes: `invalid_client`, `invalid_grant`, `invalid_request` + - Avoid generic error responses for OAuth2 endpoints + +### PKCE Implementation + +- Support both with and without PKCE for backward compatibility +- Use S256 method for code challenge +- Properly validate code_verifier against stored code_challenge + +### UI Authorization Flow + +- Use POST requests for consent, not GET with links +- Avoid dependency on referer headers for security decisions +- Support proper state parameter validation + +### RFC 8707 Resource Indicators + +- Store resource parameters in database for server-side validation (opaque tokens) +- Validate resource consistency between authorization and token requests +- Support audience validation in refresh token flows +- Resource parameter is optional but must be consistent when provided + +## OAuth2 Error Handling Pattern + +```go +// Define specific OAuth2 errors +var ( + errInvalidPKCE = xerrors.New("invalid code_verifier") +) + +// Use OAuth2-compliant error responses +type OAuth2Error struct { + Error string `json:"error"` + ErrorDescription string `json:"error_description,omitempty"` +} + +// Return proper OAuth2 errors +if errors.Is(err, errInvalidPKCE) { + writeOAuth2Error(ctx, rw, http.StatusBadRequest, "invalid_grant", "The PKCE code verifier is invalid") + return +} +``` + +## Testing OAuth2 Features + +### Test Scripts + +Located in `./scripts/oauth2/`: + +- `test-mcp-oauth2.sh` - Full automated test suite +- `setup-test-app.sh` - Create test OAuth2 app +- `cleanup-test-app.sh` - Remove test app +- `generate-pkce.sh` - Generate PKCE parameters +- `test-manual-flow.sh` - Manual browser testing + +Always run the full test suite after OAuth2 changes: + +```bash +./scripts/oauth2/test-mcp-oauth2.sh +``` + +### RFC Protocol Testing + +1. **Compliance Test Coverage**: + - Test all RFC-defined error codes and responses + - Validate proper HTTP status codes for different scenarios + - Test protocol-specific edge cases (URI formats, token formats, etc.) + +2. **Security Boundary Testing**: + - Test client isolation and privilege separation + - Verify information disclosure protections + - Test token security and proper invalidation + +## Common OAuth2 Issues + +1. **OAuth2 endpoints returning wrong error format** - Ensure OAuth2 endpoints return RFC 6749 compliant errors +2. **Resource indicator validation failing** - Ensure database stores and retrieves resource parameters correctly +3. **PKCE tests failing** - Verify both authorization code storage and token exchange handle PKCE fields +4. **RFC compliance failures** - Verify against actual RFC specifications, not assumptions +5. **Authorization context errors in public endpoints** - Use `dbauthz.AsSystemRestricted(ctx)` pattern +6. **Default value mismatches** - Ensure database migrations match application code defaults +7. **Bearer token authentication issues** - Check token extraction precedence and format validation +8. **URI validation failures** - Support both standard schemes and custom schemes per protocol requirements + +## Authorization Context Patterns + +```go +// Public endpoints needing system access (OAuth2 registration) +app, err := api.Database.GetOAuth2ProviderAppByClientID(dbauthz.AsSystemRestricted(ctx), clientID) + +// Authenticated endpoints with user context +app, err := api.Database.GetOAuth2ProviderAppByClientID(ctx, clientID) + +// System operations in middleware +roles, err := db.GetAuthorizationUserRoles(dbauthz.AsSystemRestricted(ctx), userID) +``` + +## OAuth2/Authentication Work Patterns + +- Types go in `codersdk/oauth2.go` or similar +- Handlers go in `coderd/oauth2.go` or `coderd/identityprovider/` +- Database fields need migration + audit table updates +- Always support backward compatibility + +## Protocol Implementation Checklist + +Before completing OAuth2 or authentication feature work: + +- [ ] Verify RFC compliance by reading actual specifications +- [ ] Implement proper error response formats per protocol +- [ ] Add comprehensive validation for all protocol fields +- [ ] Test security boundaries and token handling +- [ ] Update RBAC permissions for new resources +- [ ] Add audit logging support if applicable +- [ ] Create database migrations with proper defaults +- [ ] Add comprehensive test coverage including edge cases +- [ ] Verify linting compliance +- [ ] Test both positive and negative scenarios +- [ ] Document protocol-specific patterns and requirements diff --git a/.claude/docs/TESTING.md b/.claude/docs/TESTING.md new file mode 100644 index 0000000000000..eff655b0acadc --- /dev/null +++ b/.claude/docs/TESTING.md @@ -0,0 +1,212 @@ +# Testing Patterns and Best Practices + +## Testing Best Practices + +### Avoiding Race Conditions + +1. **Unique Test Identifiers**: + - Never use hardcoded names in concurrent tests + - Use `time.Now().UnixNano()` or similar for unique identifiers + - Example: `fmt.Sprintf("test-client-%s-%d", t.Name(), time.Now().UnixNano())` + +2. **Database Constraint Awareness**: + - Understand unique constraints that can cause test conflicts + - Generate unique values for all constrained fields + - Test name isolation prevents cross-test interference + +### Testing Patterns + +- Use table-driven tests for comprehensive coverage +- Mock external dependencies +- Test both positive and negative cases +- Use `testutil.WaitLong` for timeouts in tests + +### Test Package Naming + +- **Test packages**: Use `package_test` naming (e.g., `identityprovider_test`) for black-box testing + +## RFC Protocol Testing + +### Compliance Test Coverage + +1. **Test all RFC-defined error codes and responses** +2. **Validate proper HTTP status codes for different scenarios** +3. **Test protocol-specific edge cases** (URI formats, token formats, etc.) + +### Security Boundary Testing + +1. **Test client isolation and privilege separation** +2. **Verify information disclosure protections** +3. **Test token security and proper invalidation** + +## Test Organization + +### Test File Structure + +``` +coderd/ +├── oauth2.go # Implementation +├── oauth2_test.go # Main tests +├── oauth2_test_helpers.go # Test utilities +└── oauth2_validation.go # Validation logic +``` + +### Test Categories + +1. **Unit Tests**: Test individual functions in isolation +2. **Integration Tests**: Test API endpoints with database +3. **End-to-End Tests**: Full workflow testing +4. **Race Tests**: Concurrent access testing + +## Test Commands + +### Running Tests + +| Command | Purpose | +|---------|---------| +| `make test` | Run all Go tests | +| `make test RUN=TestFunctionName` | Run specific test | +| `go test -v ./path/to/package -run TestFunctionName` | Run test with verbose output | +| `make test-postgres` | Run tests with Postgres database | +| `make test-race` | Run tests with Go race detector | +| `make test-e2e` | Run end-to-end tests | + +### Frontend Testing + +| Command | Purpose | +|---------|---------| +| `pnpm test` | Run frontend tests | +| `pnpm check` | Run code checks | + +## Common Testing Issues + +### Database-Related + +1. **SQL type errors** - Use `sql.Null*` types for nullable fields +2. **Race conditions in tests** - Use unique identifiers instead of hardcoded names + +### OAuth2 Testing + +1. **PKCE tests failing** - Verify both authorization code storage and token exchange handle PKCE fields +2. **Resource indicator validation failing** - Ensure database stores and retrieves resource parameters correctly + +### General Issues + +1. **Missing newlines** - Ensure files end with newline character +2. **Package naming errors** - Use `package_test` naming for test files +3. **Log message formatting errors** - Use lowercase, descriptive messages without special characters + +## Systematic Testing Approach + +### Multi-Issue Problem Solving + +When facing multiple failing tests or complex integration issues: + +1. **Identify Root Causes**: + - Run failing tests individually to isolate issues + - Use LSP tools to trace through call chains + - Check both compilation and runtime errors + +2. **Fix in Logical Order**: + - Address compilation issues first (imports, syntax) + - Fix authorization and RBAC issues next + - Resolve business logic and validation issues + - Handle edge cases and race conditions last + +3. **Verification Strategy**: + - Test each fix individually before moving to next issue + - Use `make lint` and `make gen` after database changes + - Verify RFC compliance with actual specifications + - Run comprehensive test suites before considering complete + +## Test Data Management + +### Unique Test Data + +```go +// Good: Unique identifiers prevent conflicts +clientName := fmt.Sprintf("test-client-%s-%d", t.Name(), time.Now().UnixNano()) + +// Bad: Hardcoded names cause race conditions +clientName := "test-client" +``` + +### Test Cleanup + +```go +func TestSomething(t *testing.T) { + // Setup + client := coderdtest.New(t, nil) + + // Test code here + + // Cleanup happens automatically via t.Cleanup() in coderdtest +} +``` + +## Test Utilities + +### Common Test Patterns + +```go +// Table-driven tests +tests := []struct { + name string + input InputType + expected OutputType + wantErr bool +}{ + { + name: "valid input", + input: validInput, + expected: expectedOutput, + wantErr: false, + }, + // ... more test cases +} + +for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + result, err := functionUnderTest(tt.input) + if tt.wantErr { + require.Error(t, err) + return + } + require.NoError(t, err) + require.Equal(t, tt.expected, result) + }) +} +``` + +### Test Assertions + +```go +// Use testify/require for assertions +require.NoError(t, err) +require.Equal(t, expected, actual) +require.NotNil(t, result) +require.True(t, condition) +``` + +## Performance Testing + +### Load Testing + +- Use `scaletest/` directory for load testing scenarios +- Run `./scaletest/scaletest.sh` for performance testing + +### Benchmarking + +```go +func BenchmarkFunction(b *testing.B) { + for i := 0; i < b.N; i++ { + // Function call to benchmark + _ = functionUnderTest(input) + } +} +``` + +Run benchmarks with: +```bash +go test -bench=. -benchmem ./package/path +``` diff --git a/.claude/docs/TROUBLESHOOTING.md b/.claude/docs/TROUBLESHOOTING.md new file mode 100644 index 0000000000000..28851b5b640f0 --- /dev/null +++ b/.claude/docs/TROUBLESHOOTING.md @@ -0,0 +1,231 @@ +# Troubleshooting Guide + +## Common Issues + +### Database Issues + +1. **"Audit table entry missing action"** + - **Solution**: Update `enterprise/audit/table.go` + - Add each new field with appropriate action (ActionTrack, ActionIgnore, ActionSecret) + - Run `make gen` to verify no audit errors + +2. **SQL type errors** + - **Solution**: Use `sql.Null*` types for nullable fields + - Set `.Valid = true` when providing values + - Example: + + ```go + CodeChallenge: sql.NullString{ + String: params.codeChallenge, + Valid: params.codeChallenge != "", + } + ``` + +### Testing Issues + +3. **"package should be X_test"** + - **Solution**: Use `package_test` naming for test files + - Example: `identityprovider_test` for black-box testing + +4. **Race conditions in tests** + - **Solution**: Use unique identifiers instead of hardcoded names + - Example: `fmt.Sprintf("test-client-%s-%d", t.Name(), time.Now().UnixNano())` + - Never use hardcoded names in concurrent tests + +5. **Missing newlines** + - **Solution**: Ensure files end with newline character + - Most editors can be configured to add this automatically + +### OAuth2 Issues + +6. **OAuth2 endpoints returning wrong error format** + - **Solution**: Ensure OAuth2 endpoints return RFC 6749 compliant errors + - Use standard error codes: `invalid_client`, `invalid_grant`, `invalid_request` + - Format: `{"error": "code", "error_description": "details"}` + +7. **Resource indicator validation failing** + - **Solution**: Ensure database stores and retrieves resource parameters correctly + - Check both authorization code storage and token exchange handling + +8. **PKCE tests failing** + - **Solution**: Verify both authorization code storage and token exchange handle PKCE fields + - Check `CodeChallenge` and `CodeChallengeMethod` field handling + +### RFC Compliance Issues + +9. **RFC compliance failures** + - **Solution**: Verify against actual RFC specifications, not assumptions + - Use WebFetch tool to get current RFC content for compliance verification + - Read the actual RFC specifications before implementation + +10. **Default value mismatches** + - **Solution**: Ensure database migrations match application code defaults + - Example: RFC 7591 specifies `client_secret_basic` as default, not `client_secret_post` + +### Authorization Issues + +11. **Authorization context errors in public endpoints** + - **Solution**: Use `dbauthz.AsSystemRestricted(ctx)` pattern + - Example: + + ```go + // Public endpoints needing system access + app, err := api.Database.GetOAuth2ProviderAppByClientID(dbauthz.AsSystemRestricted(ctx), clientID) + ``` + +### Authentication Issues + +12. **Bearer token authentication issues** + - **Solution**: Check token extraction precedence and format validation + - Ensure proper RFC 6750 Bearer Token Support implementation + +13. **URI validation failures** + - **Solution**: Support both standard schemes and custom schemes per protocol requirements + - Native OAuth2 apps may use custom schemes + +### General Development Issues + +14. **Log message formatting errors** + - **Solution**: Use lowercase, descriptive messages without special characters + - Follow Go logging conventions + +## Systematic Debugging Approach + +### Multi-Issue Problem Solving + +When facing multiple failing tests or complex integration issues: + +1. **Identify Root Causes**: + - Run failing tests individually to isolate issues + - Use LSP tools to trace through call chains + - Check both compilation and runtime errors + +2. **Fix in Logical Order**: + - Address compilation issues first (imports, syntax) + - Fix authorization and RBAC issues next + - Resolve business logic and validation issues + - Handle edge cases and race conditions last + +3. **Verification Strategy**: + - Test each fix individually before moving to next issue + - Use `make lint` and `make gen` after database changes + - Verify RFC compliance with actual specifications + - Run comprehensive test suites before considering complete + +## Debug Commands + +### Useful Debug Commands + +| Command | Purpose | +|----------------------------------------------|---------------------------------------| +| `make lint` | Run all linters | +| `make gen` | Generate mocks, database queries | +| `go test -v ./path/to/package -run TestName` | Run specific test with verbose output | +| `go test -race ./...` | Run tests with race detector | + +### LSP Debugging + +#### Go LSP (Backend) + +| Command | Purpose | +|----------------------------------------------------|------------------------------| +| `mcp__go-language-server__definition symbolName` | Find function definition | +| `mcp__go-language-server__references symbolName` | Find all references | +| `mcp__go-language-server__diagnostics filePath` | Check for compilation errors | +| `mcp__go-language-server__hover filePath line col` | Get type information | + +#### TypeScript LSP (Frontend) + +| Command | Purpose | +|----------------------------------------------------------------------------|------------------------------------| +| `mcp__typescript-language-server__definition symbolName` | Find component/function definition | +| `mcp__typescript-language-server__references symbolName` | Find all component/type usages | +| `mcp__typescript-language-server__diagnostics filePath` | Check for TypeScript errors | +| `mcp__typescript-language-server__hover filePath line col` | Get type information | +| `mcp__typescript-language-server__rename_symbol filePath line col newName` | Rename across codebase | + +## Common Error Messages + +### Database Errors + +**Error**: `pq: relation "oauth2_provider_app_codes" does not exist` + +- **Cause**: Missing database migration +- **Solution**: Run database migrations, check migration files + +**Error**: `audit table entry missing action for field X` + +- **Cause**: New field added without audit table update +- **Solution**: Update `enterprise/audit/table.go` + +### Go Compilation Errors + +**Error**: `package should be identityprovider_test` + +- **Cause**: Test package naming convention violation +- **Solution**: Use `package_test` naming for black-box tests + +**Error**: `cannot use X (type Y) as type Z` + +- **Cause**: Type mismatch, often with nullable fields +- **Solution**: Use appropriate `sql.Null*` types + +### OAuth2 Errors + +**Error**: `invalid_client` but client exists + +- **Cause**: Authorization context issue +- **Solution**: Use `dbauthz.AsSystemRestricted(ctx)` for public endpoints + +**Error**: PKCE validation failing + +- **Cause**: Missing PKCE fields in database operations +- **Solution**: Ensure `CodeChallenge` and `CodeChallengeMethod` are handled + +## Prevention Strategies + +### Before Making Changes + +1. **Read the relevant documentation** +2. **Check if similar patterns exist in codebase** +3. **Understand the authorization context requirements** +4. **Plan database changes carefully** + +### During Development + +1. **Run tests frequently**: `make test` +2. **Use LSP tools for navigation**: Avoid manual searching +3. **Follow RFC specifications precisely** +4. **Update audit tables when adding database fields** + +### Before Committing + +1. **Run full test suite**: `make test` +2. **Check linting**: `make lint` +3. **Test with race detector**: `make test-race` + +## Getting Help + +### Internal Resources + +- Check existing similar implementations in codebase +- Use LSP tools to understand code relationships + - For Go code: Use `mcp__go-language-server__*` commands + - For TypeScript/React code: Use `mcp__typescript-language-server__*` commands +- Read related test files for expected behavior + +### External Resources + +- Official RFC specifications for protocol compliance +- Go documentation for language features +- PostgreSQL documentation for database issues + +### Debug Information Collection + +When reporting issues, include: + +1. **Exact error message** +2. **Steps to reproduce** +3. **Relevant code snippets** +4. **Test output (if applicable)** +5. **Environment information** (OS, Go version, etc.) diff --git a/.claude/docs/WORKFLOWS.md b/.claude/docs/WORKFLOWS.md new file mode 100644 index 0000000000000..8fc43002bba7d --- /dev/null +++ b/.claude/docs/WORKFLOWS.md @@ -0,0 +1,223 @@ +# Development Workflows and Guidelines + +## Quick Start Checklist for New Features + +### Before Starting + +- [ ] Run `git pull` to ensure you're on latest code +- [ ] Check if feature touches database - you'll need migrations +- [ ] Check if feature touches audit logs - update `enterprise/audit/table.go` + +## Development Server + +### Starting Development Mode + +- **Use `./scripts/develop.sh` to start Coder in development mode** +- This automatically builds and runs with `--dev` flag and proper access URL +- **⚠️ Do NOT manually run `make build && ./coder server --dev` - use the script instead** + +### Development Workflow + +1. **Always start with the development script**: `./scripts/develop.sh` +2. **Make changes** to your code +3. **The script will automatically rebuild** and restart as needed +4. **Access the development server** at the URL provided by the script + +## Code Style Guidelines + +### Go Style + +- Follow [Effective Go](https://go.dev/doc/effective_go) and [Go's Code Review Comments](https://github.com/golang/go/wiki/CodeReviewComments) +- Create packages when used during implementation +- Validate abstractions against implementations +- **Test packages**: Use `package_test` naming (e.g., `identityprovider_test`) for black-box testing + +### Error Handling + +- Use descriptive error messages +- Wrap errors with context +- Propagate errors appropriately +- Use proper error types +- Pattern: `xerrors.Errorf("failed to X: %w", err)` + +### Naming Conventions + +- Use clear, descriptive names +- Abbreviate only when obvious +- Follow Go and TypeScript naming conventions + +### Comments + +- Document exported functions, types, and non-obvious logic +- Follow JSDoc format for TypeScript +- Use godoc format for Go code + +## Database Migration Workflows + +### Migration Guidelines + +1. **Create migration files**: + - Location: `coderd/database/migrations/` + - Format: `{number}_{description}.{up|down}.sql` + - Number must be unique and sequential + - Always include both up and down migrations + +2. **Use helper scripts**: + - `./coderd/database/migrations/create_migration.sh "migration name"` - Creates new migration files + - `./coderd/database/migrations/fix_migration_numbers.sh` - Renumbers migrations to avoid conflicts + - `./coderd/database/migrations/create_fixture.sh "fixture name"` - Creates test fixtures for migrations + +3. **Update database queries**: + - **MUST DO**: Any changes to database - adding queries, modifying queries should be done in the `coderd/database/queries/*.sql` files + - **MUST DO**: Queries are grouped in files relating to context - e.g. `prebuilds.sql`, `users.sql`, `oauth2.sql` + - After making changes to any `coderd/database/queries/*.sql` files you must run `make gen` to generate respective ORM changes + +4. **Handle nullable fields**: + - Use `sql.NullString`, `sql.NullBool`, etc. for optional database fields + - Set `.Valid = true` when providing values + +5. **Audit table updates**: + - If adding fields to auditable types, update `enterprise/audit/table.go` + - Add each new field with appropriate action (ActionTrack, ActionIgnore, ActionSecret) + - Run `make gen` to verify no audit errors + +### Database Generation Process + +1. Modify SQL files in `coderd/database/queries/` +2. Run `make gen` +3. If errors about audit table, update `enterprise/audit/table.go` +4. Run `make gen` again +5. Run `make lint` to catch any remaining issues + +## API Development Workflow + +### Adding New API Endpoints + +1. **Define types** in `codersdk/` package +2. **Add handler** in appropriate `coderd/` file +3. **Register route** in `coderd/coderd.go` +4. **Add tests** in `coderd/*_test.go` files +5. **Update OpenAPI** by running `make gen` + +## Testing Workflows + +### Test Execution + +- Run full test suite: `make test` +- Run specific test: `make test RUN=TestFunctionName` +- Run with Postgres: `make test-postgres` +- Run with race detector: `make test-race` +- Run end-to-end tests: `make test-e2e` + +### Test Development + +- Use table-driven tests for comprehensive coverage +- Mock external dependencies +- Test both positive and negative cases +- Use `testutil.WaitLong` for timeouts in tests +- Always use `t.Parallel()` in tests + +## Commit Style + +- Follow [Conventional Commits 1.0.0](https://www.conventionalcommits.org/en/v1.0.0/) +- Format: `type(scope): message` +- Types: `feat`, `fix`, `docs`, `style`, `refactor`, `test`, `chore` +- Keep message titles concise (~70 characters) +- Use imperative, present tense in commit titles + +## Code Navigation and Investigation + +### Using LSP Tools (STRONGLY RECOMMENDED) + +**IMPORTANT**: Always use LSP tools for code navigation and understanding. These tools provide accurate, real-time analysis of the codebase and should be your first choice for code investigation. + +#### Go LSP Tools (for backend code) + +1. **Find function definitions** (USE THIS FREQUENTLY): + - `mcp__go-language-server__definition symbolName` + - Example: `mcp__go-language-server__definition getOAuth2ProviderAppAuthorize` + - Quickly jump to function implementations across packages + +2. **Find symbol references** (ESSENTIAL FOR UNDERSTANDING IMPACT): + - `mcp__go-language-server__references symbolName` + - Locate all usages of functions, types, or variables + - Critical for refactoring and understanding data flow + +3. **Get symbol information**: + - `mcp__go-language-server__hover filePath line column` + - Get type information and documentation at specific positions + +#### TypeScript LSP Tools (for frontend code in site/) + +1. **Find component/function definitions** (USE THIS FREQUENTLY): + - `mcp__typescript-language-server__definition symbolName` + - Example: `mcp__typescript-language-server__definition LoginPage` + - Quickly navigate to React components, hooks, and utility functions + +2. **Find symbol references** (ESSENTIAL FOR UNDERSTANDING IMPACT): + - `mcp__typescript-language-server__references symbolName` + - Locate all usages of components, types, or functions + - Critical for refactoring React components and understanding prop usage + +3. **Get type information**: + - `mcp__typescript-language-server__hover filePath line column` + - Get TypeScript type information and JSDoc documentation + +4. **Rename symbols safely**: + - `mcp__typescript-language-server__rename_symbol filePath line column newName` + - Rename components, props, or functions across the entire codebase + +5. **Check for TypeScript errors**: + - `mcp__typescript-language-server__diagnostics filePath` + - Get compilation errors and warnings for a specific file + +### Investigation Strategy (LSP-First Approach) + +#### Backend Investigation (Go) + +1. **Start with route registration** in `coderd/coderd.go` to understand API endpoints +2. **Use Go LSP `definition` lookup** to trace from route handlers to actual implementations +3. **Use Go LSP `references`** to understand how functions are called throughout the codebase +4. **Follow the middleware chain** using LSP tools to understand request processing flow +5. **Check test files** for expected behavior and error patterns + +#### Frontend Investigation (TypeScript/React) + +1. **Start with route definitions** in `site/src/App.tsx` or router configuration +2. **Use TypeScript LSP `definition`** to navigate to React components and hooks +3. **Use TypeScript LSP `references`** to find all component usages and prop drilling +4. **Follow the component hierarchy** using LSP tools to understand data flow +5. **Check for TypeScript errors** with `diagnostics` before making changes +6. **Examine test files** (`.test.tsx`) for component behavior and expected props + +## Troubleshooting Development Issues + +### Common Issues + +1. **Development server won't start** - Use `./scripts/develop.sh` instead of manual commands +2. **Database migration errors** - Check migration file format and use helper scripts +3. **Audit table errors** - Update `enterprise/audit/table.go` with new fields +4. **OAuth2 compliance issues** - Ensure RFC-compliant error responses + +### Debug Commands + +- Check linting: `make lint` +- Generate code: `make gen` +- Clean build: `make clean` + +## Development Environment Setup + +### Prerequisites + +- Go (version specified in go.mod) +- Node.js and pnpm for frontend development +- PostgreSQL for database testing +- Docker for containerized testing + +### First Time Setup + +1. Clone the repository +2. Run `./scripts/develop.sh` to start development server +3. Access the development URL provided +4. Create admin user as prompted +5. Begin development diff --git a/.claude/scripts/format.sh b/.claude/scripts/format.sh new file mode 100755 index 0000000000000..4d57c8cf17368 --- /dev/null +++ b/.claude/scripts/format.sh @@ -0,0 +1,133 @@ +#!/bin/bash + +# Claude Code hook script for file formatting +# This script integrates with the centralized Makefile formatting targets +# and supports the Claude Code hooks system for automatic file formatting. + +set -euo pipefail + +# A variable to memoize the command for canonicalizing paths. +_CANONICALIZE_CMD="" + +# canonicalize_path resolves a path to its absolute, canonical form. +# It tries 'realpath' and 'readlink -f' in order. +# The chosen command is memoized to avoid repeated checks. +# If none of these are available, it returns an empty string. +canonicalize_path() { + local path_to_resolve="$1" + + # If we haven't determined a command yet, find one. + if [[ -z "$_CANONICALIZE_CMD" ]]; then + if command -v realpath >/dev/null 2>&1; then + _CANONICALIZE_CMD="realpath" + elif command -v readlink >/dev/null 2>&1 && readlink -f . >/dev/null 2>&1; then + _CANONICALIZE_CMD="readlink" + else + # No command found, so we can't resolve. + # We set a "none" value to prevent re-checking. + _CANONICALIZE_CMD="none" + fi + fi + + # Now, execute the command. + case "$_CANONICALIZE_CMD" in + realpath) + realpath "$path_to_resolve" 2>/dev/null + ;; + readlink) + readlink -f "$path_to_resolve" 2>/dev/null + ;; + *) + # This handles the "none" case or any unexpected error. + echo "" + ;; + esac +} + +# Read JSON input from stdin +input=$(cat) + +# Extract the file path from the JSON input +# Expected format: {"tool_input": {"file_path": "/absolute/path/to/file"}} or {"tool_response": {"filePath": "/absolute/path/to/file"}} +file_path=$(echo "$input" | jq -r '.tool_input.file_path // .tool_response.filePath // empty') + +# Secure path canonicalization to prevent path traversal attacks +# Resolve repo root to an absolute, canonical path. +repo_root_raw="$(cd "$(dirname "$0")/../.." && pwd)" +repo_root="$(canonicalize_path "$repo_root_raw")" +if [[ -z "$repo_root" ]]; then + # Fallback if canonicalization fails + repo_root="$repo_root_raw" +fi + +# Resolve the input path to an absolute path +if [[ "$file_path" = /* ]]; then + # Already absolute + abs_file_path="$file_path" +else + # Make relative paths absolute from repo root + abs_file_path="$repo_root/$file_path" +fi + +# Canonicalize the path (resolve symlinks and ".." segments) +canonical_file_path="$(canonicalize_path "$abs_file_path")" + +# Check if canonicalization failed or if the resolved path is outside the repo +if [[ -z "$canonical_file_path" ]] || { [[ "$canonical_file_path" != "$repo_root" ]] && [[ "$canonical_file_path" != "$repo_root"/* ]]; }; then + echo "Error: File path is outside repository or invalid: $file_path" >&2 + exit 1 +fi + +# Handle the case where the file path is the repository root itself. +if [[ "$canonical_file_path" == "$repo_root" ]]; then + echo "Warning: Formatting the repository root is not a supported operation. Skipping." >&2 + exit 0 +fi + +# Convert back to relative path from repo root for consistency +file_path="${canonical_file_path#"$repo_root"/}" + +if [[ -z "$file_path" ]]; then + echo "Error: No file path provided in input" >&2 + exit 1 +fi + +# Check if file exists +if [[ ! -f "$file_path" ]]; then + echo "Error: File does not exist: $file_path" >&2 + exit 1 +fi + +# Get the file extension to determine the appropriate formatter +file_ext="${file_path##*.}" + +# Change to the project root directory (where the Makefile is located) +cd "$(dirname "$0")/../.." + +# Call the appropriate Makefile target based on file extension +case "$file_ext" in +go) + make fmt/go FILE="$file_path" + echo "✓ Formatted Go file: $file_path" + ;; +js | jsx | ts | tsx) + make fmt/ts FILE="$file_path" + echo "✓ Formatted TypeScript/JavaScript file: $file_path" + ;; +tf | tfvars) + make fmt/terraform FILE="$file_path" + echo "✓ Formatted Terraform file: $file_path" + ;; +sh) + make fmt/shfmt FILE="$file_path" + echo "✓ Formatted shell script: $file_path" + ;; +md) + make fmt/markdown FILE="$file_path" + echo "✓ Formatted Markdown file: $file_path" + ;; +*) + echo "No formatter available for file extension: $file_ext" + exit 0 + ;; +esac diff --git a/.claude/settings.json b/.claude/settings.json new file mode 100644 index 0000000000000..a0753e0c11cd6 --- /dev/null +++ b/.claude/settings.json @@ -0,0 +1,15 @@ +{ + "hooks": { + "PostToolUse": [ + { + "matcher": "Edit|Write|MultiEdit", + "hooks": [ + { + "type": "command", + "command": ".claude/scripts/format.sh" + } + ] + } + ] + } +} diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index 907287634c2c4..591848bfb09dd 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -1,11 +1,16 @@ { "name": "Development environments on your infrastructure", "image": "codercom/oss-dogfood:latest", - "features": { - // See all possible options here https://github.com/devcontainers/features/tree/main/src/docker-in-docker "ghcr.io/devcontainers/features/docker-in-docker:2": { "moby": "false" + }, + "ghcr.io/coder/devcontainer-features/code-server:1": { + "auth": "none", + "port": 13337 + }, + "./filebrowser": { + "folder": "${containerWorkspaceFolder}" } }, // SYS_PTRACE to enable go debugging @@ -13,6 +18,65 @@ "customizations": { "vscode": { "extensions": ["biomejs.biome"] + }, + "coder": { + "apps": [ + { + "slug": "cursor", + "displayName": "Cursor Desktop", + "url": "cursor://coder.coder-remote/openDevContainer?owner=${localEnv:CODER_WORKSPACE_OWNER_NAME}&workspace=${localEnv:CODER_WORKSPACE_NAME}&agent=${localEnv:CODER_WORKSPACE_PARENT_AGENT_NAME}&url=${localEnv:CODER_URL}&token=$SESSION_TOKEN&devContainerName=${localEnv:CONTAINER_ID}&devContainerFolder=${containerWorkspaceFolder}&localWorkspaceFolder=${localWorkspaceFolder}", + "external": true, + "icon": "/icon/cursor.svg", + "order": 1 + }, + { + "slug": "windsurf", + "displayName": "Windsurf Editor", + "url": "windsurf://coder.coder-remote/openDevContainer?owner=${localEnv:CODER_WORKSPACE_OWNER_NAME}&workspace=${localEnv:CODER_WORKSPACE_NAME}&agent=${localEnv:CODER_WORKSPACE_PARENT_AGENT_NAME}&url=${localEnv:CODER_URL}&token=$SESSION_TOKEN&devContainerName=${localEnv:CONTAINER_ID}&devContainerFolder=${containerWorkspaceFolder}&localWorkspaceFolder=${localWorkspaceFolder}", + "external": true, + "icon": "/icon/windsurf.svg", + "order": 4 + }, + { + "slug": "zed", + "displayName": "Zed Editor", + "url": "zed://ssh/${localEnv:CODER_WORKSPACE_AGENT_NAME}.${localEnv:CODER_WORKSPACE_NAME}.${localEnv:CODER_WORKSPACE_OWNER_NAME}.coder${containerWorkspaceFolder}", + "external": true, + "icon": "/icon/zed.svg", + "order": 5 + }, + // Reproduce `code-server` app here from the code-server + // feature so that we can set the correct folder and order. + // Currently, the order cannot be specified via option because + // we parse it as a number whereas variable interpolation + // results in a string. Additionally we set health check which + // is not yet set in the feature. + { + "slug": "code-server", + "displayName": "code-server", + "url": "http://${localEnv:FEATURE_CODE_SERVER_OPTION_HOST:127.0.0.1}:${localEnv:FEATURE_CODE_SERVER_OPTION_PORT:8080}/?folder=${containerWorkspaceFolder}", + "openIn": "${localEnv:FEATURE_CODE_SERVER_OPTION_APPOPENIN:slim-window}", + "share": "${localEnv:FEATURE_CODE_SERVER_OPTION_APPSHARE:owner}", + "icon": "/icon/code.svg", + "group": "${localEnv:FEATURE_CODE_SERVER_OPTION_APPGROUP:Web Editors}", + "order": 3, + "healthCheck": { + "url": "http://${localEnv:FEATURE_CODE_SERVER_OPTION_HOST:127.0.0.1}:${localEnv:FEATURE_CODE_SERVER_OPTION_PORT:8080}/healthz", + "interval": 5, + "threshold": 2 + } + } + ] } - } + }, + "mounts": [ + // Add a volume for the Coder home directory to persist shell history, + // and speed up dotfiles init and/or personalization. + "source=coder-coder-devcontainer-home,target=/home/coder,type=volume", + // Mount the entire home because conditional mounts are not supported. + // See: https://github.com/devcontainers/spec/issues/132 + "source=${localEnv:HOME},target=/mnt/home/coder,type=bind,readonly" + ], + "postCreateCommand": ["./.devcontainer/scripts/post_create.sh"], + "postStartCommand": ["./.devcontainer/scripts/post_start.sh"] } diff --git a/.devcontainer/filebrowser/devcontainer-feature.json b/.devcontainer/filebrowser/devcontainer-feature.json new file mode 100644 index 0000000000000..c7a55a0d8a14e --- /dev/null +++ b/.devcontainer/filebrowser/devcontainer-feature.json @@ -0,0 +1,46 @@ +{ + "id": "filebrowser", + "version": "0.0.1", + "name": "File Browser", + "description": "A web-based file browser for your development container", + "options": { + "port": { + "type": "string", + "default": "13339", + "description": "The port to run filebrowser on" + }, + "folder": { + "type": "string", + "default": "", + "description": "The root directory for filebrowser to serve" + }, + "baseUrl": { + "type": "string", + "default": "", + "description": "The base URL for filebrowser (e.g., /filebrowser)" + } + }, + "entrypoint": "/usr/local/bin/filebrowser-entrypoint", + "dependsOn": { + "ghcr.io/devcontainers/features/common-utils:2": {} + }, + "customizations": { + "coder": { + "apps": [ + { + "slug": "filebrowser", + "displayName": "File Browser", + "url": "http://localhost:${localEnv:FEATURE_FILEBROWSER_OPTION_PORT:13339}", + "icon": "/icon/filebrowser.svg", + "order": 3, + "subdomain": true, + "healthcheck": { + "url": "http://localhost:${localEnv:FEATURE_FILEBROWSER_OPTION_PORT:13339}/health", + "interval": 5, + "threshold": 2 + } + } + ] + } + } +} diff --git a/.devcontainer/filebrowser/install.sh b/.devcontainer/filebrowser/install.sh new file mode 100755 index 0000000000000..6e8d58a14bf80 --- /dev/null +++ b/.devcontainer/filebrowser/install.sh @@ -0,0 +1,54 @@ +#!/usr/bin/env bash + +set -euo pipefail + +BOLD='\033[0;1m' + +printf "%sInstalling filebrowser\n\n" "${BOLD}" + +# Check if filebrowser is installed. +if ! command -v filebrowser &>/dev/null; then + VERSION="v2.42.1" + EXPECTED_HASH="7d83c0f077df10a8ec9bfd9bf6e745da5d172c3c768a322b0e50583a6bc1d3cc" + + curl -fsSL "https://github.com/filebrowser/filebrowser/releases/download/${VERSION}/linux-amd64-filebrowser.tar.gz" -o /tmp/filebrowser.tar.gz + echo "${EXPECTED_HASH} /tmp/filebrowser.tar.gz" | sha256sum -c + tar -xzf /tmp/filebrowser.tar.gz -C /tmp + sudo mv /tmp/filebrowser /usr/local/bin/ + sudo chmod +x /usr/local/bin/filebrowser + rm /tmp/filebrowser.tar.gz +fi + +# Create entrypoint. +cat >/usr/local/bin/filebrowser-entrypoint <>\${LOG_PATH} 2>&1 + filebrowser users add admin "" --perm.admin=true --viewMode=mosaic >>\${LOG_PATH} 2>&1 +fi + +filebrowser config set --baseurl=\${BASEURL} --port=\${PORT} --auth.method=noauth --root=\${FOLDER} >>\${LOG_PATH} 2>&1 + +printf "👷 Starting filebrowser...\n\n" + +printf "📂 Serving \${FOLDER} at http://localhost:\${PORT}\n\n" + +filebrowser >>\${LOG_PATH} 2>&1 & + +printf "📝 Logs at \${LOG_PATH}\n\n" +EOF + +chmod +x /usr/local/bin/filebrowser-entrypoint + +printf "🥳 Installation complete!\n\n" diff --git a/.devcontainer/scripts/post_create.sh b/.devcontainer/scripts/post_create.sh new file mode 100755 index 0000000000000..a1b774f98d2ca --- /dev/null +++ b/.devcontainer/scripts/post_create.sh @@ -0,0 +1,63 @@ +#!/bin/sh + +install_devcontainer_cli() { + set -e + echo "🔧 Installing DevContainer CLI..." + cd "$(dirname "$0")/../tools/devcontainer-cli" + npm ci --omit=dev + ln -sf "$(pwd)/node_modules/.bin/devcontainer" "$(npm config get prefix)/bin/devcontainer" +} + +install_ssh_config() { + echo "🔑 Installing SSH configuration..." + rsync -a /mnt/home/coder/.ssh/ ~/.ssh/ + chmod 0700 ~/.ssh +} + +install_git_config() { + echo "📂 Installing Git configuration..." + if [ -f /mnt/home/coder/git/config ]; then + rsync -a /mnt/home/coder/git/ ~/.config/git/ + elif [ -d /mnt/home/coder/.gitconfig ]; then + rsync -a /mnt/home/coder/.gitconfig ~/.gitconfig + else + echo "⚠️ Git configuration directory not found." + fi +} + +install_dotfiles() { + if [ ! -d /mnt/home/coder/.config/coderv2/dotfiles ]; then + echo "⚠️ Dotfiles directory not found." + return + fi + + cd /mnt/home/coder/.config/coderv2/dotfiles || return + for script in install.sh install bootstrap.sh bootstrap script/bootstrap setup.sh setup script/setup; do + if [ -x $script ]; then + echo "📦 Installing dotfiles..." + ./$script || { + echo "❌ Error running $script. Please check the script for issues." + return + } + echo "✅ Dotfiles installed successfully." + return + fi + done + echo "⚠️ No install script found in dotfiles directory." +} + +personalize() { + # Allow script to continue as Coder dogfood utilizes a hack to + # synchronize startup script execution. + touch /tmp/.coder-startup-script.done + + if [ -x /mnt/home/coder/personalize ]; then + echo "🎨 Personalizing environment..." + /mnt/home/coder/personalize + fi +} + +install_devcontainer_cli +install_ssh_config +install_dotfiles +personalize diff --git a/.devcontainer/scripts/post_start.sh b/.devcontainer/scripts/post_start.sh new file mode 100755 index 0000000000000..c98674037d353 --- /dev/null +++ b/.devcontainer/scripts/post_start.sh @@ -0,0 +1,4 @@ +#!/bin/sh + +# Start Docker service if not already running. +sudo service docker start diff --git a/.devcontainer/tools/devcontainer-cli/package-lock.json b/.devcontainer/tools/devcontainer-cli/package-lock.json new file mode 100644 index 0000000000000..2fee536abeb07 --- /dev/null +++ b/.devcontainer/tools/devcontainer-cli/package-lock.json @@ -0,0 +1,26 @@ +{ + "name": "devcontainer-cli", + "version": "1.0.0", + "lockfileVersion": 3, + "requires": true, + "packages": { + "": { + "name": "devcontainer-cli", + "version": "1.0.0", + "dependencies": { + "@devcontainers/cli": "^0.80.0" + } + }, + "node_modules/@devcontainers/cli": { + "version": "0.80.0", + "resolved": "https://registry.npmjs.org/@devcontainers/cli/-/cli-0.80.0.tgz", + "integrity": "sha512-w2EaxgjyeVGyzfA/KUEZBhyXqu/5PyWNXcnrXsZOBrt3aN2zyGiHrXoG54TF6K0b5DSCF01Rt5fnIyrCeFzFKw==", + "bin": { + "devcontainer": "devcontainer.js" + }, + "engines": { + "node": "^16.13.0 || >=18.0.0" + } + } + } +} diff --git a/.devcontainer/tools/devcontainer-cli/package.json b/.devcontainer/tools/devcontainer-cli/package.json new file mode 100644 index 0000000000000..b474c8615592d --- /dev/null +++ b/.devcontainer/tools/devcontainer-cli/package.json @@ -0,0 +1,8 @@ +{ + "name": "devcontainer-cli", + "private": true, + "version": "1.0.0", + "dependencies": { + "@devcontainers/cli": "^0.80.0" + } +} diff --git a/.editorconfig b/.editorconfig index 9415469de3c00..554e8a73ffeda 100644 --- a/.editorconfig +++ b/.editorconfig @@ -7,7 +7,7 @@ trim_trailing_whitespace = true insert_final_newline = true indent_style = tab -[*.{yaml,yml,tf,tfvars,nix}] +[*.{yaml,yml,tf,tftpl,tfvars,nix}] indent_style = space indent_size = 2 @@ -18,3 +18,11 @@ indent_size = 2 [coderd/database/dump.sql] indent_style = space indent_size = 4 + +[coderd/database/queries/*.sql] +indent_style = tab +indent_size = 4 + +[coderd/database/migrations/*.sql] +indent_style = tab +indent_size = 4 diff --git a/.gitattributes b/.gitattributes index 1da452829a70a..ed396ce0044eb 100644 --- a/.gitattributes +++ b/.gitattributes @@ -15,6 +15,8 @@ provisionersdk/proto/*.go linguist-generated=true *.tfstate.json linguist-generated=true *.tfstate.dot linguist-generated=true *.tfplan.dot linguist-generated=true +site/e2e/google/protobuf/timestampGenerated.ts site/e2e/provisionerGenerated.ts linguist-generated=true +site/src/api/countriesGenerated.tsx linguist-generated=true +site/src/api/rbacresourcesGenerated.tsx linguist-generated=true site/src/api/typesGenerated.ts linguist-generated=true -site/src/pages/SetupPage/countries.tsx linguist-generated=true diff --git a/.github/.linkspector.yml b/.github/.linkspector.yml index 6cbd17c3c0816..f5f99caf57708 100644 --- a/.github/.linkspector.yml +++ b/.github/.linkspector.yml @@ -24,5 +24,7 @@ ignorePatterns: - pattern: "mutagen.io" - pattern: "docs.github.com" - pattern: "claude.ai" + - pattern: "splunk.com" + - pattern: "stackoverflow.com/questions" aliveStatusCodes: - 200 diff --git a/.github/actions/embedded-pg-cache/download/action.yml b/.github/actions/embedded-pg-cache/download/action.yml new file mode 100644 index 0000000000000..854e5045c2dda --- /dev/null +++ b/.github/actions/embedded-pg-cache/download/action.yml @@ -0,0 +1,49 @@ +name: "Download Embedded Postgres Cache" +description: | + Downloads the embedded postgres cache and outputs today's cache key. + A PR job can use a cache if it was created by its base branch, its current + branch, or the default branch. + https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/caching-dependencies-to-speed-up-workflows#restrictions-for-accessing-a-cache +outputs: + cache-key: + description: "Today's cache key" + value: ${{ steps.vars.outputs.cache-key }} +inputs: + key-prefix: + description: "Prefix for the cache key" + required: true + cache-path: + description: "Path to the cache directory" + required: true +runs: + using: "composite" + steps: + - name: Get date values and cache key + id: vars + shell: bash + run: | + export YEAR_MONTH=$(date +'%Y-%m') + export PREV_YEAR_MONTH=$(date -d 'last month' +'%Y-%m') + export DAY=$(date +'%d') + echo "year-month=$YEAR_MONTH" >> "$GITHUB_OUTPUT" + echo "prev-year-month=$PREV_YEAR_MONTH" >> "$GITHUB_OUTPUT" + echo "cache-key=${INPUTS_KEY_PREFIX}-${YEAR_MONTH}-${DAY}" >> "$GITHUB_OUTPUT" + env: + INPUTS_KEY_PREFIX: ${{ inputs.key-prefix }} + + # By default, depot keeps caches for 14 days. This is plenty for embedded + # postgres, which changes infrequently. + # https://depot.dev/docs/github-actions/overview#cache-retention-policy + - name: Download embedded Postgres cache + uses: actions/cache/restore@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 + with: + path: ${{ inputs.cache-path }} + key: ${{ steps.vars.outputs.cache-key }} + # > If there are multiple partial matches for a restore key, the action returns the most recently created cache. + # https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/caching-dependencies-to-speed-up-workflows#matching-a-cache-key + # The second restore key allows non-main branches to use the cache from the previous month. + # This prevents PRs from rebuilding the cache on the first day of the month. + # It also makes sure that once a month, the cache is fully reset. + restore-keys: | + ${{ inputs.key-prefix }}-${{ steps.vars.outputs.year-month }}- + ${{ github.ref != 'refs/heads/main' && format('{0}-{1}-', inputs.key-prefix, steps.vars.outputs.prev-year-month) || '' }} diff --git a/.github/actions/embedded-pg-cache/upload/action.yml b/.github/actions/embedded-pg-cache/upload/action.yml new file mode 100644 index 0000000000000..19b37bb65665b --- /dev/null +++ b/.github/actions/embedded-pg-cache/upload/action.yml @@ -0,0 +1,18 @@ +name: "Upload Embedded Postgres Cache" +description: Uploads the embedded Postgres cache. This only runs on the main branch. +inputs: + cache-key: + description: "Cache key" + required: true + cache-path: + description: "Path to the cache directory" + required: true +runs: + using: "composite" + steps: + - name: Upload Embedded Postgres cache + if: ${{ github.ref == 'refs/heads/main' }} + uses: actions/cache/save@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 + with: + path: ${{ inputs.cache-path }} + key: ${{ inputs.cache-key }} diff --git a/.github/actions/setup-embedded-pg-cache-paths/action.yml b/.github/actions/setup-embedded-pg-cache-paths/action.yml new file mode 100644 index 0000000000000..019ff4e6dc746 --- /dev/null +++ b/.github/actions/setup-embedded-pg-cache-paths/action.yml @@ -0,0 +1,33 @@ +name: "Setup Embedded Postgres Cache Paths" +description: Sets up a path for cached embedded postgres binaries. +outputs: + embedded-pg-cache: + description: "Value of EMBEDDED_PG_CACHE_DIR" + value: ${{ steps.paths.outputs.embedded-pg-cache }} + cached-dirs: + description: "directories that should be cached between CI runs" + value: ${{ steps.paths.outputs.cached-dirs }} +runs: + using: "composite" + steps: + - name: Override Go paths + id: paths + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7 + with: + script: | + const path = require('path'); + + // RUNNER_TEMP should be backed by a RAM disk on Windows if + // coder/setup-ramdisk-action was used + const runnerTemp = process.env.RUNNER_TEMP; + const embeddedPgCacheDir = path.join(runnerTemp, 'embedded-pg-cache'); + core.exportVariable('EMBEDDED_PG_CACHE_DIR', embeddedPgCacheDir); + core.setOutput('embedded-pg-cache', embeddedPgCacheDir); + const cachedDirs = `${embeddedPgCacheDir}`; + core.setOutput('cached-dirs', cachedDirs); + + - name: Create directories + shell: bash + run: | + set -e + mkdir -p "$EMBEDDED_PG_CACHE_DIR" diff --git a/.github/actions/setup-go/action.yaml b/.github/actions/setup-go/action.yaml index a8a88621dda18..097a1b6cfd119 100644 --- a/.github/actions/setup-go/action.yaml +++ b/.github/actions/setup-go/action.yaml @@ -4,7 +4,7 @@ description: | inputs: version: description: "The Go version to use." - default: "1.24.4" + default: "1.24.6" use-preinstalled-go: description: "Whether to use preinstalled Go." default: "false" diff --git a/.github/actions/setup-node/action.yaml b/.github/actions/setup-node/action.yaml index 02ffa14312ffe..6ed9985185746 100644 --- a/.github/actions/setup-node/action.yaml +++ b/.github/actions/setup-node/action.yaml @@ -16,7 +16,7 @@ runs: - name: Setup Node uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4 with: - node-version: 20.16.0 + node-version: 20.19.4 # See https://github.com/actions/setup-node#caching-global-packages-data cache: "pnpm" cache-dependency-path: ${{ inputs.directory }}/pnpm-lock.yaml diff --git a/.github/actions/setup-tf/action.yaml b/.github/actions/setup-tf/action.yaml index 0e19b657656be..6f8c8c32cf38c 100644 --- a/.github/actions/setup-tf/action.yaml +++ b/.github/actions/setup-tf/action.yaml @@ -7,5 +7,5 @@ runs: - name: Install Terraform uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2 with: - terraform_version: 1.12.2 + terraform_version: 1.13.0 terraform_wrapper: false diff --git a/.github/actions/test-cache/download/action.yml b/.github/actions/test-cache/download/action.yml index 06a87fee06d4b..623bb61e11c52 100644 --- a/.github/actions/test-cache/download/action.yml +++ b/.github/actions/test-cache/download/action.yml @@ -27,9 +27,11 @@ runs: export YEAR_MONTH=$(date +'%Y-%m') export PREV_YEAR_MONTH=$(date -d 'last month' +'%Y-%m') export DAY=$(date +'%d') - echo "year-month=$YEAR_MONTH" >> $GITHUB_OUTPUT - echo "prev-year-month=$PREV_YEAR_MONTH" >> $GITHUB_OUTPUT - echo "cache-key=${{ inputs.key-prefix }}-${YEAR_MONTH}-${DAY}" >> $GITHUB_OUTPUT + echo "year-month=$YEAR_MONTH" >> "$GITHUB_OUTPUT" + echo "prev-year-month=$PREV_YEAR_MONTH" >> "$GITHUB_OUTPUT" + echo "cache-key=${INPUTS_KEY_PREFIX}-${YEAR_MONTH}-${DAY}" >> "$GITHUB_OUTPUT" + env: + INPUTS_KEY_PREFIX: ${{ inputs.key-prefix }} # TODO: As a cost optimization, we could remove caches that are older than # a day or two. By default, depot keeps caches for 14 days, which isn't diff --git a/.github/actions/upload-datadog/action.yaml b/.github/actions/upload-datadog/action.yaml index a2df93ab14b28..274ff3df6493a 100644 --- a/.github/actions/upload-datadog/action.yaml +++ b/.github/actions/upload-datadog/action.yaml @@ -12,13 +12,12 @@ runs: run: | set -e - owner=${{ github.repository_owner }} - echo "owner: $owner" - if [[ $owner != "coder" ]]; then + echo "owner: $REPO_OWNER" + if [[ "$REPO_OWNER" != "coder" ]]; then echo "Not a pull request from the main repo, skipping..." exit 0 fi - if [[ -z "${{ inputs.api-key }}" ]]; then + if [[ -z "${DATADOG_API_KEY}" ]]; then # This can happen for dependabot. echo "No API key provided, skipping..." exit 0 @@ -31,37 +30,38 @@ runs: TMP_DIR=$(mktemp -d) - if [[ "${{ runner.os }}" == "Windows" ]]; then + if [[ "${RUNNER_OS}" == "Windows" ]]; then BINARY_PATH="${TMP_DIR}/datadog-ci.exe" BINARY_URL="https://github.com/DataDog/datadog-ci/releases/download/${BINARY_VERSION}/datadog-ci_win-x64" - elif [[ "${{ runner.os }}" == "macOS" ]]; then + elif [[ "${RUNNER_OS}" == "macOS" ]]; then BINARY_PATH="${TMP_DIR}/datadog-ci" BINARY_URL="https://github.com/DataDog/datadog-ci/releases/download/${BINARY_VERSION}/datadog-ci_darwin-arm64" - elif [[ "${{ runner.os }}" == "Linux" ]]; then + elif [[ "${RUNNER_OS}" == "Linux" ]]; then BINARY_PATH="${TMP_DIR}/datadog-ci" BINARY_URL="https://github.com/DataDog/datadog-ci/releases/download/${BINARY_VERSION}/datadog-ci_linux-x64" else - echo "Unsupported OS: ${{ runner.os }}" + echo "Unsupported OS: $RUNNER_OS" exit 1 fi - echo "Downloading DataDog CI binary version ${BINARY_VERSION} for ${{ runner.os }}..." + echo "Downloading DataDog CI binary version ${BINARY_VERSION} for $RUNNER_OS..." curl -sSL "$BINARY_URL" -o "$BINARY_PATH" - if [[ "${{ runner.os }}" == "Windows" ]]; then + if [[ "${RUNNER_OS}" == "Windows" ]]; then echo "$BINARY_HASH_WINDOWS $BINARY_PATH" | sha256sum --check - elif [[ "${{ runner.os }}" == "macOS" ]]; then + elif [[ "${RUNNER_OS}" == "macOS" ]]; then echo "$BINARY_HASH_MACOS $BINARY_PATH" | shasum -a 256 --check - elif [[ "${{ runner.os }}" == "Linux" ]]; then + elif [[ "${RUNNER_OS}" == "Linux" ]]; then echo "$BINARY_HASH_LINUX $BINARY_PATH" | sha256sum --check fi # Make binary executable (not needed for Windows) - if [[ "${{ runner.os }}" != "Windows" ]]; then + if [[ "${RUNNER_OS}" != "Windows" ]]; then chmod +x "$BINARY_PATH" fi "$BINARY_PATH" junit upload --service coder ./gotests.xml \ - --tags os:${{runner.os}} --tags runner_name:${{runner.name}} + --tags "os:${RUNNER_OS}" --tags "runner_name:${RUNNER_NAME}" env: + REPO_OWNER: ${{ github.repository_owner }} DATADOG_API_KEY: ${{ inputs.api-key }} diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml index 9cdca1f03d72c..67d1f1342dcaf 100644 --- a/.github/dependabot.yaml +++ b/.github/dependabot.yaml @@ -33,6 +33,7 @@ updates: - dependency-name: "*" update-types: - version-update:semver-patch + - dependency-name: "github.com/mark3labs/mcp-go" # Update our Dockerfile. - package-ecosystem: "docker" diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md new file mode 100644 index 0000000000000..66deeefbc1d47 --- /dev/null +++ b/.github/pull_request_template.md @@ -0,0 +1 @@ +If you have used AI to produce some or all of this PR, please ensure you have read our [AI Contribution guidelines](https://coder.com/docs/about/contributing/AI_CONTRIBUTING) before submitting. diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 0537cc16b7f0c..747f158e28a9e 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -34,15 +34,15 @@ jobs: tailnet-integration: ${{ steps.filter.outputs.tailnet-integration }} steps: - name: Harden Runner - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 with: egress-policy: audit - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: fetch-depth: 1 - # For pull requests it's not necessary to checkout the code + persist-credentials: false - name: check changed files uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 id: filter @@ -111,7 +111,9 @@ jobs: - id: debug run: | - echo "${{ toJSON(steps.filter )}}" + echo "$FILTER_JSON" + env: + FILTER_JSON: ${{ toJSON(steps.filter.outputs) }} # Disabled due to instability. See: https://github.com/coder/coder/issues/14553 # Re-enable once the flake hash calculation is stable. @@ -121,7 +123,7 @@ jobs: # runs-on: ${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-8' || 'ubuntu-latest' }} # steps: # - name: Checkout - # uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + # uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 # with: # fetch-depth: 1 # # See: https://github.com/stefanzweifel/git-auto-commit-action?tab=readme-ov-file#commits-made-by-this-action-do-not-trigger-new-workflow-runs @@ -154,14 +156,15 @@ jobs: runs-on: ${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-8' || 'ubuntu-latest' }} steps: - name: Harden Runner - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 with: egress-policy: audit - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: fetch-depth: 1 + persist-credentials: false - name: Setup Node uses: ./.github/actions/setup-node @@ -171,13 +174,13 @@ jobs: - name: Get golangci-lint cache dir run: | - linter_ver=$(egrep -o 'GOLANGCI_LINT_VERSION=\S+' dogfood/coder/Dockerfile | cut -d '=' -f 2) - go install github.com/golangci/golangci-lint/cmd/golangci-lint@v$linter_ver + linter_ver=$(grep -Eo 'GOLANGCI_LINT_VERSION=\S+' dogfood/coder/Dockerfile | cut -d '=' -f 2) + go install "github.com/golangci/golangci-lint/cmd/golangci-lint@v$linter_ver" dir=$(golangci-lint cache status | awk '/Dir/ { print $2 }') - echo "LINT_CACHE_DIR=$dir" >> $GITHUB_ENV + echo "LINT_CACHE_DIR=$dir" >> "$GITHUB_ENV" - name: golangci-lint cache - uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 + uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 with: path: | ${{ env.LINT_CACHE_DIR }} @@ -187,7 +190,7 @@ jobs: # Check for any typos - name: Check for typos - uses: crate-ci/typos@b1ae8d918b6e85bd611117d3d9a3be4f903ee5e4 # v1.33.1 + uses: crate-ci/typos@52bd719c2c91f9d676e2aa359fc8e0db8925e6d8 # v1.35.3 with: config: .github/workflows/typos.toml @@ -206,7 +209,12 @@ jobs: - name: make lint run: | - make --output-sync=line -j lint + # zizmor isn't included in the lint target because it takes a while, + # but we explicitly want to run it in CI. + make --output-sync=line -j lint lint/actions/zizmor + env: + # Used by zizmor to lint third-party GitHub actions. + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Check workflow files run: | @@ -226,14 +234,15 @@ jobs: if: ${{ !cancelled() }} steps: - name: Harden Runner - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 with: egress-policy: audit - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: fetch-depth: 1 + persist-credentials: false - name: Setup Node uses: ./.github/actions/setup-node @@ -256,8 +265,8 @@ jobs: pushd /tmp/proto curl -L -o protoc.zip https://github.com/protocolbuffers/protobuf/releases/download/v23.4/protoc-23.4-linux-x86_64.zip unzip protoc.zip - cp -r ./bin/* /usr/local/bin - cp -r ./include /usr/local/bin/include + sudo cp -r ./bin/* /usr/local/bin + sudo cp -r ./include /usr/local/bin/include popd - name: make gen @@ -281,14 +290,15 @@ jobs: timeout-minutes: 7 steps: - name: Harden Runner - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 with: egress-policy: audit - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: fetch-depth: 1 + persist-credentials: false - name: Setup Node uses: ./.github/actions/setup-node @@ -305,100 +315,12 @@ jobs: - name: make fmt run: | - export PATH=${PATH}:$(go env GOPATH)/bin - make --output-sync -j -B fmt + PATH="${PATH}:$(go env GOPATH)/bin" \ + make --output-sync -j -B fmt - name: Check for unstaged files run: ./scripts/check_unstaged.sh - test-go: - runs-on: ${{ matrix.os == 'ubuntu-latest' && github.repository_owner == 'coder' && 'depot-ubuntu-22.04-4' || matrix.os == 'macos-latest' && github.repository_owner == 'coder' && 'depot-macos-latest' || matrix.os == 'windows-2022' && github.repository_owner == 'coder' && 'depot-windows-2022-16' || matrix.os }} - needs: changes - if: needs.changes.outputs.go == 'true' || needs.changes.outputs.ci == 'true' || github.ref == 'refs/heads/main' - timeout-minutes: 20 - strategy: - fail-fast: false - matrix: - os: - - ubuntu-latest - - macos-latest - - windows-2022 - steps: - - name: Harden Runner - # Harden Runner is only supported on Ubuntu runners. - if: runner.os == 'Linux' - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 - with: - egress-policy: audit - - # Set up RAM disks to speed up the rest of the job. This action is in - # a separate repository to allow its use before actions/checkout. - - name: Setup RAM Disks - if: runner.os == 'Windows' - uses: coder/setup-ramdisk-action@e1100847ab2d7bcd9d14bcda8f2d1b0f07b36f1b - - - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - fetch-depth: 1 - - - name: Setup Go Paths - uses: ./.github/actions/setup-go-paths - - - name: Setup Go - uses: ./.github/actions/setup-go - with: - # Runners have Go baked-in and Go will automatically - # download the toolchain configured in go.mod, so we don't - # need to reinstall it. It's faster on Windows runners. - use-preinstalled-go: ${{ runner.os == 'Windows' }} - - - name: Setup Terraform - uses: ./.github/actions/setup-tf - - - name: Download Test Cache - id: download-cache - uses: ./.github/actions/test-cache/download - with: - key-prefix: test-go-${{ runner.os }}-${{ runner.arch }} - - - name: Test with Mock Database - id: test - shell: bash - run: | - # if macOS, install google-chrome for scaletests. As another concern, - # should we really have this kind of external dependency requirement - # on standard CI? - if [ "${{ matrix.os }}" == "macos-latest" ]; then - brew install google-chrome - fi - - # By default Go will use the number of logical CPUs, which - # is a fine default. - PARALLEL_FLAG="" - - # macOS will output "The default interactive shell is now zsh" - # intermittently in CI... - if [ "${{ matrix.os }}" == "macos-latest" ]; then - touch ~/.bash_profile && echo "export BASH_SILENCE_DEPRECATION_WARNING=1" >> ~/.bash_profile - fi - export TS_DEBUG_DISCO=true - gotestsum --junitfile="gotests.xml" --jsonfile="gotests.json" --rerun-fails=2 \ - --packages="./..." -- $PARALLEL_FLAG -short - - - name: Upload Test Cache - uses: ./.github/actions/test-cache/upload - with: - cache-key: ${{ steps.download-cache.outputs.cache-key }} - - - name: Upload test stats to Datadog - timeout-minutes: 1 - continue-on-error: true - uses: ./.github/actions/upload-datadog - if: success() || failure() - with: - api-key: ${{ secrets.DATADOG_API_KEY }} - test-go-pg: # make sure to adjust NUM_PARALLEL_PACKAGES and NUM_PARALLEL_TESTS below # when changing runner sizes @@ -418,7 +340,7 @@ jobs: - windows-2022 steps: - name: Harden Runner - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 with: egress-policy: audit @@ -428,6 +350,11 @@ jobs: - name: Disable Spotlight Indexing if: runner.os == 'macOS' run: | + enabled=$(sudo mdutil -a -s | { grep -Fc "Indexing enabled" || true; }) + if [ "$enabled" -eq 0 ]; then + echo "Spotlight indexing is already disabled" + exit 0 + fi sudo mdutil -a -i off sudo mdutil -X / sudo launchctl bootout system /System/Library/LaunchDaemons/com.apple.metadata.mds.plist @@ -436,12 +363,13 @@ jobs: # a separate repository to allow its use before actions/checkout. - name: Setup RAM Disks if: runner.os == 'Windows' - uses: coder/setup-ramdisk-action@e1100847ab2d7bcd9d14bcda8f2d1b0f07b36f1b + uses: coder/setup-ramdisk-action@e1100847ab2d7bcd9d14bcda8f2d1b0f07b36f1b # v0.1.0 - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: fetch-depth: 1 + persist-credentials: false - name: Setup Go Paths id: go-paths @@ -473,6 +401,17 @@ jobs: with: key-prefix: test-go-pg-${{ runner.os }}-${{ runner.arch }} + - name: Setup Embedded Postgres Cache Paths + id: embedded-pg-cache + uses: ./.github/actions/setup-embedded-pg-cache-paths + + - name: Download Embedded Postgres Cache + id: download-embedded-pg-cache + uses: ./.github/actions/embedded-pg-cache/download + with: + key-prefix: embedded-pg-${{ runner.os }}-${{ runner.arch }} + cache-path: ${{ steps.embedded-pg-cache.outputs.cached-dirs }} + - name: Normalize File and Directory Timestamps shell: bash # Normalize file modification timestamps so that go test can use the @@ -493,58 +432,61 @@ jobs: set -o errexit set -o pipefail - if [ "${{ runner.os }}" == "Windows" ]; then + if [ "$RUNNER_OS" == "Windows" ]; then # Create a temp dir on the R: ramdisk drive for Windows. The default # C: drive is extremely slow: https://github.com/actions/runner-images/issues/8755 mkdir -p "R:/temp/embedded-pg" - go run scripts/embedded-pg/main.go -path "R:/temp/embedded-pg" - elif [ "${{ runner.os }}" == "macOS" ]; then + go run scripts/embedded-pg/main.go -path "R:/temp/embedded-pg" -cache "${EMBEDDED_PG_CACHE_DIR}" + elif [ "$RUNNER_OS" == "macOS" ]; then # Postgres runs faster on a ramdisk on macOS too mkdir -p /tmp/tmpfs sudo mount_tmpfs -o noowners -s 8g /tmp/tmpfs - go run scripts/embedded-pg/main.go -path /tmp/tmpfs/embedded-pg - elif [ "${{ runner.os }}" == "Linux" ]; then + go run scripts/embedded-pg/main.go -path /tmp/tmpfs/embedded-pg -cache "${EMBEDDED_PG_CACHE_DIR}" + elif [ "$RUNNER_OS" == "Linux" ]; then make test-postgres-docker fi # if macOS, install google-chrome for scaletests # As another concern, should we really have this kind of external dependency # requirement on standard CI? - if [ "${{ matrix.os }}" == "macos-latest" ]; then + if [ "${RUNNER_OS}" == "macOS" ]; then brew install google-chrome fi # macOS will output "The default interactive shell is now zsh" # intermittently in CI... - if [ "${{ matrix.os }}" == "macos-latest" ]; then + if [ "${RUNNER_OS}" == "macOS" ]; then touch ~/.bash_profile && echo "export BASH_SILENCE_DEPRECATION_WARNING=1" >> ~/.bash_profile fi - if [ "${{ runner.os }}" == "Windows" ]; then + if [ "${RUNNER_OS}" == "Windows" ]; then # Our Windows runners have 16 cores. # On Windows Postgres chokes up when we have 16x16=256 tests # running in parallel, and dbtestutil.NewDB starts to take more than # 10s to complete sometimes causing test timeouts. With 16x8=128 tests # Postgres tends not to choke. - NUM_PARALLEL_PACKAGES=8 - NUM_PARALLEL_TESTS=16 - elif [ "${{ runner.os }}" == "macOS" ]; then + export TEST_NUM_PARALLEL_PACKAGES=8 + export TEST_NUM_PARALLEL_TESTS=16 + # Only the CLI and Agent are officially supported on Windows and the rest are too flaky + export TEST_PACKAGES="./cli/... ./enterprise/cli/... ./agent/..." + elif [ "${RUNNER_OS}" == "macOS" ]; then # Our macOS runners have 8 cores. We set NUM_PARALLEL_TESTS to 16 # because the tests complete faster and Postgres doesn't choke. It seems # that macOS's tmpfs is faster than the one on Windows. - NUM_PARALLEL_PACKAGES=8 - NUM_PARALLEL_TESTS=16 - elif [ "${{ runner.os }}" == "Linux" ]; then + export TEST_NUM_PARALLEL_PACKAGES=8 + export TEST_NUM_PARALLEL_TESTS=16 + # Only the CLI and Agent are officially supported on macOS and the rest are too flaky + export TEST_PACKAGES="./cli/... ./enterprise/cli/... ./agent/..." + elif [ "${RUNNER_OS}" == "Linux" ]; then # Our Linux runners have 8 cores. - NUM_PARALLEL_PACKAGES=8 - NUM_PARALLEL_TESTS=8 + export TEST_NUM_PARALLEL_PACKAGES=8 + export TEST_NUM_PARALLEL_TESTS=8 fi # by default, run tests with cache - TESTCOUNT="" - if [ "${{ github.ref }}" == "refs/heads/main" ]; then + if [ "${GITHUB_REF}" == "refs/heads/main" ]; then # on main, run tests without cache - TESTCOUNT="-count=1" + export TEST_COUNT="1" fi mkdir -p "$RUNNER_TEMP/sym" @@ -552,13 +494,15 @@ jobs: # terraform gets installed in a random directory, so we need to normalize # the path to the terraform binary or a bunch of cached tests will be # invalidated. See scripts/normalize_path.sh for more details. - normalize_path_with_symlinks "$RUNNER_TEMP/sym" "$(dirname $(which terraform))" + normalize_path_with_symlinks "$RUNNER_TEMP/sym" "$(dirname "$(which terraform)")" - # We rerun failing tests to counteract flakiness coming from Postgres - # choking on macOS and Windows sometimes. - DB=ci gotestsum --rerun-fails=2 --rerun-fails-max-failures=50 \ - --format standard-quiet --packages "./..." \ - -- -timeout=20m -v -p $NUM_PARALLEL_PACKAGES -parallel=$NUM_PARALLEL_TESTS $TESTCOUNT + make test + + - name: Upload failed test db dumps + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + with: + name: failed-test-db-dump-${{matrix.os}} + path: "**/*.test.sql" - name: Upload Go Build Cache uses: ./.github/actions/test-cache/upload @@ -571,6 +515,14 @@ jobs: with: cache-key: ${{ steps.download-cache.outputs.cache-key }} + - name: Upload Embedded Postgres Cache + uses: ./.github/actions/embedded-pg-cache/upload + # We only use the embedded Postgres cache on macOS and Windows runners. + if: runner.OS == 'macOS' || runner.OS == 'Windows' + with: + cache-key: ${{ steps.download-embedded-pg-cache.outputs.cache-key }} + cache-path: "${{ steps.embedded-pg-cache.outputs.embedded-pg-cache }}" + - name: Upload test stats to Datadog timeout-minutes: 1 continue-on-error: true @@ -594,14 +546,15 @@ jobs: timeout-minutes: 25 steps: - name: Harden Runner - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 with: egress-policy: audit - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: fetch-depth: 1 + persist-credentials: false - name: Setup Go uses: ./.github/actions/setup-go @@ -619,7 +572,6 @@ jobs: env: POSTGRES_VERSION: "17" TS_DEBUG_DISCO: "true" - TEST_RETRIES: 2 run: | make test-postgres @@ -636,55 +588,6 @@ jobs: with: api-key: ${{ secrets.DATADOG_API_KEY }} - test-go-race: - runs-on: ${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-16' || 'ubuntu-latest' }} - needs: changes - if: needs.changes.outputs.go == 'true' || needs.changes.outputs.ci == 'true' || github.ref == 'refs/heads/main' - timeout-minutes: 25 - steps: - - name: Harden Runner - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 - with: - egress-policy: audit - - - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - fetch-depth: 1 - - - name: Setup Go - uses: ./.github/actions/setup-go - - - name: Setup Terraform - uses: ./.github/actions/setup-tf - - - name: Download Test Cache - id: download-cache - uses: ./.github/actions/test-cache/download - with: - key-prefix: test-go-race-${{ runner.os }}-${{ runner.arch }} - - # We run race tests with reduced parallelism because they use more CPU and we were finding - # instances where tests appear to hang for multiple seconds, resulting in flaky tests when - # short timeouts are used. - # c.f. discussion on https://github.com/coder/coder/pull/15106 - - name: Run Tests - run: | - gotestsum --junitfile="gotests.xml" --packages="./..." --rerun-fails=2 --rerun-fails-abort-on-data-race -- -race -parallel 4 -p 4 - - - name: Upload Test Cache - uses: ./.github/actions/test-cache/upload - with: - cache-key: ${{ steps.download-cache.outputs.cache-key }} - - - name: Upload test stats to Datadog - timeout-minutes: 1 - continue-on-error: true - uses: ./.github/actions/upload-datadog - if: always() - with: - api-key: ${{ secrets.DATADOG_API_KEY }} - test-go-race-pg: runs-on: ${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-16' || 'ubuntu-latest' }} needs: changes @@ -692,14 +595,15 @@ jobs: timeout-minutes: 25 steps: - name: Harden Runner - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 with: egress-policy: audit - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: fetch-depth: 1 + persist-credentials: false - name: Setup Go uses: ./.github/actions/setup-go @@ -722,7 +626,7 @@ jobs: POSTGRES_VERSION: "17" run: | make test-postgres-docker - DB=ci gotestsum --junitfile="gotests.xml" --packages="./..." --rerun-fails=2 --rerun-fails-abort-on-data-race -- -race -parallel 4 -p 4 + gotestsum --junitfile="gotests.xml" --packages="./..." -- -race -parallel 4 -p 4 - name: Upload Test Cache uses: ./.github/actions/test-cache/upload @@ -751,14 +655,15 @@ jobs: timeout-minutes: 20 steps: - name: Harden Runner - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 with: egress-policy: audit - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: fetch-depth: 1 + persist-credentials: false - name: Setup Go uses: ./.github/actions/setup-go @@ -777,19 +682,20 @@ jobs: timeout-minutes: 20 steps: - name: Harden Runner - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 with: egress-policy: audit - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: fetch-depth: 1 + persist-credentials: false - name: Setup Node uses: ./.github/actions/setup-node - - run: pnpm test:ci --max-workers $(nproc) + - run: pnpm test:ci --max-workers "$(nproc)" working-directory: site test-e2e: @@ -809,14 +715,15 @@ jobs: name: ${{ matrix.variant.name }} steps: - name: Harden Runner - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 with: egress-policy: audit - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: fetch-depth: 1 + persist-credentials: false - name: Setup Node uses: ./.github/actions/setup-node @@ -844,7 +751,6 @@ jobs: if: ${{ !matrix.variant.premium }} env: DEBUG: pw:api - CODER_E2E_TEST_RETRIES: 2 working-directory: site # Run all of the tests with a premium license @@ -854,7 +760,6 @@ jobs: DEBUG: pw:api CODER_E2E_LICENSE: ${{ secrets.CODER_E2E_LICENSE }} CODER_E2E_REQUIRE_PREMIUM_TESTS: "1" - CODER_E2E_TEST_RETRIES: 2 working-directory: site - name: Upload Playwright Failed Tests @@ -882,17 +787,18 @@ jobs: if: needs.changes.outputs.site == 'true' || needs.changes.outputs.ci == 'true' steps: - name: Harden Runner - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 with: egress-policy: audit - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: # 👇 Ensures Chromatic can read your full git history fetch-depth: 0 # 👇 Tells the checkout which commit hash to reference ref: ${{ github.event.pull_request.head.ref }} + persist-credentials: false - name: Setup Node uses: ./.github/actions/setup-node @@ -902,7 +808,7 @@ jobs: # the check to pass. This is desired in PRs, but not in mainline. - name: Publish to Chromatic (non-mainline) if: github.ref != 'refs/heads/main' && github.repository_owner == 'coder' - uses: chromaui/action@c50adf8eaa8c2878af3263499a73077854de39d4 # v12.2.0 + uses: chromaui/action@58d9ffb36c90c97a02d061544ecc849cc4a242a9 # v13.1.3 env: NODE_OPTIONS: "--max_old_space_size=4096" STORYBOOK: true @@ -934,7 +840,7 @@ jobs: # infinitely "in progress" in mainline unless we re-review each build. - name: Publish to Chromatic (mainline) if: github.ref == 'refs/heads/main' && github.repository_owner == 'coder' - uses: chromaui/action@c50adf8eaa8c2878af3263499a73077854de39d4 # v12.2.0 + uses: chromaui/action@58d9ffb36c90c97a02d061544ecc849cc4a242a9 # v13.1.3 env: NODE_OPTIONS: "--max_old_space_size=4096" STORYBOOK: true @@ -962,15 +868,16 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 with: egress-policy: audit - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: # 0 is required here for version.sh to work. fetch-depth: 0 + persist-credentials: false - name: Setup Node uses: ./.github/actions/setup-node @@ -983,8 +890,8 @@ jobs: pushd /tmp/proto curl -L -o protoc.zip https://github.com/protocolbuffers/protobuf/releases/download/v23.4/protoc-23.4-linux-x86_64.zip unzip protoc.zip - cp -r ./bin/* /usr/local/bin - cp -r ./include /usr/local/bin/include + sudo cp -r ./bin/* /usr/local/bin + sudo cp -r ./include /usr/local/bin/include popd - name: Setup Go @@ -1018,36 +925,34 @@ jobs: - fmt - lint - gen - - test-go - test-go-pg - - test-go-race - test-go-race-pg - test-js - test-e2e - offlinedocs - sqlc-vet + - check-build # Allow this job to run even if the needed jobs fail, are skipped or # cancelled. if: always() steps: - name: Harden Runner - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 with: egress-policy: audit - name: Ensure required checks - run: | + run: | # zizmor: ignore[template-injection] We're just reading needs.x.result here, no risk of injection echo "Checking required checks" echo "- fmt: ${{ needs.fmt.result }}" echo "- lint: ${{ needs.lint.result }}" echo "- gen: ${{ needs.gen.result }}" - echo "- test-go: ${{ needs.test-go.result }}" echo "- test-go-pg: ${{ needs.test-go-pg.result }}" - echo "- test-go-race: ${{ needs.test-go-race.result }}" echo "- test-go-race-pg: ${{ needs.test-go-race-pg.result }}" echo "- test-js: ${{ needs.test-js.result }}" echo "- test-e2e: ${{ needs.test-e2e.result }}" echo "- offlinedocs: ${{ needs.offlinedocs.result }}" + echo "- check-build: ${{ needs.check-build.result }}" echo # We allow skipped jobs to pass, but not failed or cancelled jobs. @@ -1068,21 +973,24 @@ jobs: steps: # Harden Runner doesn't work on macOS - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: fetch-depth: 0 + persist-credentials: false - name: Setup build tools run: | brew install bash gnu-getopt make - echo "$(brew --prefix bash)/bin" >> $GITHUB_PATH - echo "$(brew --prefix gnu-getopt)/bin" >> $GITHUB_PATH - echo "$(brew --prefix make)/libexec/gnubin" >> $GITHUB_PATH + { + echo "$(brew --prefix bash)/bin" + echo "$(brew --prefix gnu-getopt)/bin" + echo "$(brew --prefix make)/libexec/gnubin" + } >> "$GITHUB_PATH" - name: Switch XCode Version uses: maxim-lobanov/setup-xcode@60606e260d2fc5762a71e64e74b2174e8ea3c8bd # v1.6.0 with: - xcode-version: "16.0.0" + xcode-version: "16.1.0" - name: Setup Go uses: ./.github/actions/setup-go @@ -1138,6 +1046,47 @@ jobs: if: ${{ github.repository_owner == 'coder' && github.ref == 'refs/heads/main' }} run: rm -f /tmp/{apple_cert.p12,apple_cert_password.txt,apple_apikey.p8} + check-build: + # This job runs make build to verify compilation on PRs. + # The build doesn't get signed, and is not suitable for usage, unlike the + # `build` job that runs on main. + needs: changes + if: needs.changes.outputs.go == 'true' && github.ref != 'refs/heads/main' + runs-on: ${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-8' || 'ubuntu-latest' }} + steps: + - name: Harden Runner + uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 + with: + egress-policy: audit + + - name: Checkout + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + with: + fetch-depth: 0 + persist-credentials: false + + - name: Setup Node + uses: ./.github/actions/setup-node + + - name: Setup Go + uses: ./.github/actions/setup-go + + - name: Install go-winres + run: go install github.com/tc-hib/go-winres@d743268d7ea168077ddd443c4240562d4f5e8c3e # v0.3.3 + + - name: Install nfpm + run: go install github.com/goreleaser/nfpm/v2/cmd/nfpm@v2.35.1 + + - name: Install zstd + run: sudo apt-get install -y zstd + + - name: Build + run: | + set -euxo pipefail + go mod download + make gen/mark-fresh + make build + build: # This builds and publishes ghcr.io/coder/coder-preview:main for each commit # to main branch. @@ -1161,17 +1110,18 @@ jobs: IMAGE: ghcr.io/coder/coder-preview:${{ steps.build-docker.outputs.tag }} steps: - name: Harden Runner - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 with: egress-policy: audit - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: fetch-depth: 0 + persist-credentials: false - name: GHCR Login - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 with: registry: ghcr.io username: ${{ github.actor }} @@ -1183,6 +1133,27 @@ jobs: - name: Setup Go uses: ./.github/actions/setup-go + - name: Install rcodesign + run: | + set -euo pipefail + wget -O /tmp/rcodesign.tar.gz https://github.com/indygreg/apple-platform-rs/releases/download/apple-codesign%2F0.22.0/apple-codesign-0.22.0-x86_64-unknown-linux-musl.tar.gz + sudo tar -xzf /tmp/rcodesign.tar.gz \ + -C /usr/bin \ + --strip-components=1 \ + apple-codesign-0.22.0-x86_64-unknown-linux-musl/rcodesign + rm /tmp/rcodesign.tar.gz + + - name: Setup Apple Developer certificate + run: | + set -euo pipefail + touch /tmp/{apple_cert.p12,apple_cert_password.txt} + chmod 600 /tmp/{apple_cert.p12,apple_cert_password.txt} + echo "$AC_CERTIFICATE_P12_BASE64" | base64 -d > /tmp/apple_cert.p12 + echo "$AC_CERTIFICATE_PASSWORD" > /tmp/apple_cert_password.txt + env: + AC_CERTIFICATE_P12_BASE64: ${{ secrets.AC_CERTIFICATE_P12_BASE64 }} + AC_CERTIFICATE_PASSWORD: ${{ secrets.AC_CERTIFICATE_PASSWORD }} + # Necessary for signing Windows binaries. - name: Setup Java uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1 @@ -1218,17 +1189,17 @@ jobs: # Setup GCloud for signing Windows binaries. - name: Authenticate to Google Cloud id: gcloud_auth - uses: google-github-actions/auth@ba79af03959ebeac9769e648f473a284504d9193 # v2.1.10 + uses: google-github-actions/auth@b7593ed2efd1c1617e1b0254da33b86225adb2a5 # v2.1.12 with: - workload_identity_provider: ${{ secrets.GCP_CODE_SIGNING_WORKLOAD_ID_PROVIDER }} - service_account: ${{ secrets.GCP_CODE_SIGNING_SERVICE_ACCOUNT }} + workload_identity_provider: ${{ vars.GCP_CODE_SIGNING_WORKLOAD_ID_PROVIDER }} + service_account: ${{ vars.GCP_CODE_SIGNING_SERVICE_ACCOUNT }} token_format: "access_token" - name: Setup GCloud SDK - uses: google-github-actions/setup-gcloud@77e7a554d41e2ee56fc945c52dfd3f33d12def9a # v2.1.4 + uses: google-github-actions/setup-gcloud@cb1e50a9932213ecece00a606661ae9ca44f3397 # v2.2.0 - name: Download dylibs - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 with: name: dylibs path: ./build @@ -1245,8 +1216,8 @@ jobs: go mod download version="$(./scripts/version.sh)" - tag="main-$(echo "$version" | sed 's/+/-/g')" - echo "tag=$tag" >> $GITHUB_OUTPUT + tag="main-${version//+/-}" + echo "tag=$tag" >> "$GITHUB_OUTPUT" make gen/mark-fresh make -j \ @@ -1259,6 +1230,11 @@ jobs: # do (see above). CODER_SIGN_WINDOWS: "1" CODER_WINDOWS_RESOURCES: "1" + CODER_SIGN_GPG: "1" + CODER_GPG_RELEASE_KEY_BASE64: ${{ secrets.GPG_RELEASE_KEY_BASE64 }} + CODER_SIGN_DARWIN: "1" + AC_CERTIFICATE_FILE: /tmp/apple_cert.p12 + AC_CERTIFICATE_PASSWORD_FILE: /tmp/apple_cert_password.txt EV_KEY: ${{ secrets.EV_KEY }} EV_KEYSTORE: ${{ secrets.EV_KEYSTORE }} EV_TSA_URL: ${{ secrets.EV_TSA_URL }} @@ -1277,15 +1253,15 @@ jobs: # build Docker images for each architecture version="$(./scripts/version.sh)" - tag="main-$(echo "$version" | sed 's/+/-/g')" - echo "tag=$tag" >> $GITHUB_OUTPUT + tag="main-${version//+/-}" + echo "tag=$tag" >> "$GITHUB_OUTPUT" # build images for each architecture # note: omitting the -j argument to avoid race conditions when pushing make build/coder_"$version"_linux_{amd64,arm64,armv7}.tag # only push if we are on main branch - if [ "${{ github.ref }}" == "refs/heads/main" ]; then + if [ "${GITHUB_REF}" == "refs/heads/main" ]; then # build and push multi-arch manifest, this depends on the other images # being pushed so will automatically push them # note: omitting the -j argument to avoid race conditions when pushing @@ -1298,10 +1274,11 @@ jobs: # we are adding `latest` tag and keeping `main` for backward # compatibality for t in "${tags[@]}"; do + # shellcheck disable=SC2046 ./scripts/build_docker_multiarch.sh \ --push \ --target "ghcr.io/coder/coder-preview:$t" \ - --version $version \ + --version "$version" \ $(cat build/coder_"$version"_linux_{amd64,arm64,armv7}.tag) done fi @@ -1311,12 +1288,13 @@ jobs: continue-on-error: true env: COSIGN_EXPERIMENTAL: 1 + BUILD_TAG: ${{ steps.build-docker.outputs.tag }} run: | set -euxo pipefail # Define image base and tags IMAGE_BASE="ghcr.io/coder/coder-preview" - TAGS=("${{ steps.build-docker.outputs.tag }}" "main" "latest") + TAGS=("${BUILD_TAG}" "main" "latest") # Generate and attest SBOM for each tag for tag in "${TAGS[@]}"; do @@ -1455,7 +1433,7 @@ jobs: # Report attestation failures but don't fail the workflow - name: Check attestation status if: github.ref == 'refs/heads/main' - run: | + run: | # zizmor: ignore[template-injection] We're just reading steps.attest_x.outcome here, no risk of injection if [[ "${{ steps.attest_main.outcome }}" == "failure" ]]; then echo "::warning::GitHub attestation for main tag failed" fi @@ -1507,32 +1485,33 @@ jobs: id-token: write steps: - name: Harden Runner - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 with: egress-policy: audit - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: fetch-depth: 0 + persist-credentials: false - name: Authenticate to Google Cloud - uses: google-github-actions/auth@ba79af03959ebeac9769e648f473a284504d9193 # v2.1.10 + uses: google-github-actions/auth@b7593ed2efd1c1617e1b0254da33b86225adb2a5 # v2.1.12 with: - workload_identity_provider: projects/573722524737/locations/global/workloadIdentityPools/github/providers/github - service_account: coder-ci@coder-dogfood.iam.gserviceaccount.com + workload_identity_provider: ${{ vars.GCP_WORKLOAD_ID_PROVIDER }} + service_account: ${{ vars.GCP_SERVICE_ACCOUNT }} - name: Set up Google Cloud SDK - uses: google-github-actions/setup-gcloud@77e7a554d41e2ee56fc945c52dfd3f33d12def9a # v2.1.4 + uses: google-github-actions/setup-gcloud@cb1e50a9932213ecece00a606661ae9ca44f3397 # v2.2.0 - name: Set up Flux CLI - uses: fluxcd/flux2/action@a48f81a66c4ca9fbd993233ab99dd03a7cfbe09a # v2.6.2 + uses: fluxcd/flux2/action@6bf37f6a560fd84982d67f853162e4b3c2235edb # v2.6.4 with: # Keep this and the github action up to date with the version of flux installed in dogfood cluster version: "2.5.1" - name: Get Cluster Credentials - uses: google-github-actions/get-gke-credentials@d0cee45012069b163a631894b98904a9e6723729 # v2.3.3 + uses: google-github-actions/get-gke-credentials@8e574c49425fa7efed1e74650a449bfa6a23308a # v2.3.4 with: cluster_name: dogfood-v2 location: us-central1-a @@ -1571,14 +1550,15 @@ jobs: if: github.ref == 'refs/heads/main' && !github.event.pull_request.head.repo.fork steps: - name: Harden Runner - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 with: egress-policy: audit - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: fetch-depth: 0 + persist-credentials: false - name: Setup flyctl uses: superfly/flyctl-actions/setup-flyctl@fc53c09e1bc3be6f54706524e3b82c4f462f77be # v1.5 @@ -1606,15 +1586,15 @@ jobs: if: needs.changes.outputs.db == 'true' || needs.changes.outputs.ci == 'true' || github.ref == 'refs/heads/main' steps: - name: Harden Runner - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 with: egress-policy: audit - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: fetch-depth: 1 - # We need golang to run the migration main.go + persist-credentials: false - name: Setup Go uses: ./.github/actions/setup-go @@ -1650,15 +1630,15 @@ jobs: "fields": [ { "type": "mrkdwn", - "text": "*Workflow:*\n${{ github.workflow }}" + "text": "*Workflow:*\n'"${GITHUB_WORKFLOW}"'" }, { "type": "mrkdwn", - "text": "*Committer:*\n${{ github.actor }}" + "text": "*Committer:*\n'"${GITHUB_ACTOR}"'" }, { "type": "mrkdwn", - "text": "*Commit:*\n${{ github.sha }}" + "text": "*Commit:*\n'"${GITHUB_SHA}"'" } ] }, @@ -1666,8 +1646,18 @@ jobs: "type": "section", "text": { "type": "mrkdwn", - "text": "*View failure:* <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|Click here>" + "text": "*View failure:* <'"${RUN_URL}"'|Click here>" + } + }, + { + "type": "section", + "text": { + "type": "mrkdwn", + "text": "<@U08TJ4YNCA3> investigate this CI failure. Check logs, search for existing issues, use git blame to find who last modified failing tests, create issue in coder/internal (not public repo), use title format \"flake: TestName\" for flaky tests, and assign to the person from git blame." } } ] - }' ${{ secrets.CI_FAILURE_SLACK_WEBHOOK }} + }' "${SLACK_WEBHOOK}" + env: + SLACK_WEBHOOK: ${{ secrets.CI_FAILURE_SLACK_WEBHOOK }} + RUN_URL: "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" diff --git a/.github/workflows/contrib.yaml b/.github/workflows/contrib.yaml index 27dffe94f4000..e9c5c9ec2afd8 100644 --- a/.github/workflows/contrib.yaml +++ b/.github/workflows/contrib.yaml @@ -3,6 +3,7 @@ name: contrib on: issue_comment: types: [created, edited] + # zizmor: ignore[dangerous-triggers] We explicitly want to run on pull_request_target. pull_request_target: types: - opened diff --git a/.github/workflows/dependabot.yaml b/.github/workflows/dependabot.yaml index f86601096ae96..f95ae3fa810e6 100644 --- a/.github/workflows/dependabot.yaml +++ b/.github/workflows/dependabot.yaml @@ -15,7 +15,7 @@ jobs: github.event_name == 'pull_request' && github.event.action == 'opened' && github.event.pull_request.user.login == 'dependabot[bot]' && - github.actor_id == 49699333 && + github.event.pull_request.user.id == 49699333 && github.repository == 'coder/coder' permissions: pull-requests: write @@ -44,10 +44,6 @@ jobs: GH_TOKEN: ${{secrets.GITHUB_TOKEN}} - name: Send Slack notification - env: - PR_URL: ${{github.event.pull_request.html_url}} - PR_TITLE: ${{github.event.pull_request.title}} - PR_NUMBER: ${{github.event.pull_request.number}} run: | curl -X POST -H 'Content-type: application/json' \ --data '{ @@ -58,7 +54,7 @@ jobs: "type": "header", "text": { "type": "plain_text", - "text": ":pr-merged: Auto merge enabled for Dependabot PR #${{ env.PR_NUMBER }}", + "text": ":pr-merged: Auto merge enabled for Dependabot PR #'"${PR_NUMBER}"'", "emoji": true } }, @@ -67,7 +63,7 @@ jobs: "fields": [ { "type": "mrkdwn", - "text": "${{ env.PR_TITLE }}" + "text": "'"${PR_TITLE}"'" } ] }, @@ -80,9 +76,14 @@ jobs: "type": "plain_text", "text": "View PR" }, - "url": "${{ env.PR_URL }}" + "url": "'"${PR_URL}"'" } ] } ] - }' ${{ secrets.DEPENDABOT_PRS_SLACK_WEBHOOK }} + }' "${{ secrets.DEPENDABOT_PRS_SLACK_WEBHOOK }}" + env: + SLACK_WEBHOOK: ${{ secrets.DEPENDABOT_PRS_SLACK_WEBHOOK }} + PR_NUMBER: ${{ github.event.pull_request.number }} + PR_TITLE: ${{ github.event.pull_request.title }} + PR_URL: ${{ github.event.pull_request.html_url }} diff --git a/.github/workflows/docker-base.yaml b/.github/workflows/docker-base.yaml index 01e24c62d9bf7..5c8fa142450bb 100644 --- a/.github/workflows/docker-base.yaml +++ b/.github/workflows/docker-base.yaml @@ -38,15 +38,17 @@ jobs: if: github.repository_owner == 'coder' steps: - name: Harden Runner - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 with: egress-policy: audit - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + with: + persist-credentials: false - name: Docker login - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 with: registry: ghcr.io username: ${{ github.actor }} @@ -60,7 +62,7 @@ jobs: # This uses OIDC authentication, so no auth variables are required. - name: Build base Docker image via depot.dev - uses: depot/build-push-action@636daae76684e38c301daa0c5eca1c095b24e780 # v1.14.0 + uses: depot/build-push-action@2583627a84956d07561420dcc1d0eb1f2af3fac0 # v1.15.0 with: project: wl5hnrrkns context: base-build-context diff --git a/.github/workflows/docs-ci.yaml b/.github/workflows/docs-ci.yaml index 3994f8e69d24c..887db40660caf 100644 --- a/.github/workflows/docs-ci.yaml +++ b/.github/workflows/docs-ci.yaml @@ -23,12 +23,14 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + with: + persist-credentials: false - name: Setup Node uses: ./.github/actions/setup-node - - uses: tj-actions/changed-files@d52d20fa3f981cb852b861fd8f55308b5fe29637 # v45.0.7 + - uses: tj-actions/changed-files@f963b3f3562b00b6d2dd25efc390eb04e51ef6c6 # v45.0.7 id: changed-files with: files: | @@ -39,10 +41,16 @@ jobs: - name: lint if: steps.changed-files.outputs.any_changed == 'true' run: | - pnpm exec markdownlint-cli2 ${{ steps.changed-files.outputs.all_changed_files }} + # shellcheck disable=SC2086 + pnpm exec markdownlint-cli2 $ALL_CHANGED_FILES + env: + ALL_CHANGED_FILES: ${{ steps.changed-files.outputs.all_changed_files }} - name: fmt if: steps.changed-files.outputs.any_changed == 'true' run: | # markdown-table-formatter requires a space separated list of files - echo ${{ steps.changed-files.outputs.all_changed_files }} | tr ',' '\n' | pnpm exec markdown-table-formatter --check + # shellcheck disable=SC2086 + echo $ALL_CHANGED_FILES | tr ',' '\n' | pnpm exec markdown-table-formatter --check + env: + ALL_CHANGED_FILES: ${{ steps.changed-files.outputs.all_changed_files }} diff --git a/.github/workflows/dogfood.yaml b/.github/workflows/dogfood.yaml index df73479994516..119cd4fe85244 100644 --- a/.github/workflows/dogfood.yaml +++ b/.github/workflows/dogfood.yaml @@ -18,8 +18,7 @@ on: workflow_dispatch: permissions: - # Necessary for GCP authentication (https://github.com/google-github-actions/setup-gcloud#usage) - id-token: write + contents: read jobs: build_image: @@ -27,15 +26,21 @@ jobs: runs-on: ${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-4' || 'ubuntu-latest' }} steps: - name: Harden Runner - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 with: egress-policy: audit - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + with: + persist-credentials: false - name: Setup Nix - uses: nixbuild/nix-quick-install-action@5bb6a3b3abe66fd09bbf250dce8ada94f856a703 # v30 + uses: nixbuild/nix-quick-install-action@63ca48f939ee3b8d835f4126562537df0fee5b91 # v32 + with: + # Pinning to 2.28 here, as Nix gets a "error: [json.exception.type_error.302] type must be array, but is string" + # on version 2.29 and above. + nix_version: "2.28.4" - uses: nix-community/cache-nix-action@135667ec418502fa5a3598af6fb9eb733888ce6a # v6.1.3 with: @@ -58,31 +63,32 @@ jobs: - name: Get branch name id: branch-name - uses: tj-actions/branch-names@dde14ac574a8b9b1cedc59a1cf312788af43d8d8 # v8.2.1 + uses: tj-actions/branch-names@5250492686b253f06fa55861556d1027b067aeb5 # v9.0.2 - name: "Branch name to Docker tag name" id: docker-tag-name run: | - tag=${{ steps.branch-name.outputs.current_branch }} # Replace / with --, e.g. user/feature => user--feature. - tag=${tag//\//--} - echo "tag=${tag}" >> $GITHUB_OUTPUT + tag=${BRANCH_NAME//\//--} + echo "tag=${tag}" >> "$GITHUB_OUTPUT" + env: + BRANCH_NAME: ${{ steps.branch-name.outputs.current_branch }} - name: Set up Depot CLI uses: depot/setup-action@b0b1ea4f69e92ebf5dea3f8713a1b0c37b2126a5 # v1.6.0 - name: Set up Docker Buildx - uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0 + uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 - name: Login to DockerHub if: github.ref == 'refs/heads/main' - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_PASSWORD }} - name: Build and push Non-Nix image - uses: depot/build-push-action@636daae76684e38c301daa0c5eca1c095b24e780 # v1.14.0 + uses: depot/build-push-action@2583627a84956d07561420dcc1d0eb1f2af3fac0 # v1.15.0 with: project: b4q6ltmpzh token: ${{ secrets.DEPOT_TOKEN }} @@ -103,32 +109,39 @@ jobs: CURRENT_SYSTEM=$(nix eval --impure --raw --expr 'builtins.currentSystem') - docker image tag codercom/oss-dogfood-nix:latest-$CURRENT_SYSTEM codercom/oss-dogfood-nix:${{ steps.docker-tag-name.outputs.tag }} - docker image push codercom/oss-dogfood-nix:${{ steps.docker-tag-name.outputs.tag }} + docker image tag "codercom/oss-dogfood-nix:latest-$CURRENT_SYSTEM" "codercom/oss-dogfood-nix:${DOCKER_TAG}" + docker image push "codercom/oss-dogfood-nix:${DOCKER_TAG}" - docker image tag codercom/oss-dogfood-nix:latest-$CURRENT_SYSTEM codercom/oss-dogfood-nix:latest - docker image push codercom/oss-dogfood-nix:latest + docker image tag "codercom/oss-dogfood-nix:latest-$CURRENT_SYSTEM" "codercom/oss-dogfood-nix:latest" + docker image push "codercom/oss-dogfood-nix:latest" + env: + DOCKER_TAG: ${{ steps.docker-tag-name.outputs.tag }} deploy_template: needs: build_image runs-on: ubuntu-latest + permissions: + # Necessary for GCP authentication (https://github.com/google-github-actions/setup-gcloud#usage) + id-token: write steps: - name: Harden Runner - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 with: egress-policy: audit - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + with: + persist-credentials: false - name: Setup Terraform uses: ./.github/actions/setup-tf - name: Authenticate to Google Cloud - uses: google-github-actions/auth@ba79af03959ebeac9769e648f473a284504d9193 # v2.1.10 + uses: google-github-actions/auth@b7593ed2efd1c1617e1b0254da33b86225adb2a5 # v2.1.12 with: - workload_identity_provider: projects/573722524737/locations/global/workloadIdentityPools/github/providers/github - service_account: coder-ci@coder-dogfood.iam.gserviceaccount.com + workload_identity_provider: ${{ vars.GCP_WORKLOAD_ID_PROVIDER }} + service_account: ${{ vars.GCP_SERVICE_ACCOUNT }} - name: Terraform init and validate run: | @@ -148,12 +161,12 @@ jobs: - name: Get short commit SHA if: github.ref == 'refs/heads/main' id: vars - run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT + run: echo "sha_short=$(git rev-parse --short HEAD)" >> "$GITHUB_OUTPUT" - name: Get latest commit title if: github.ref == 'refs/heads/main' id: message - run: echo "pr_title=$(git log --format=%s -n 1 ${{ github.sha }})" >> $GITHUB_OUTPUT + run: echo "pr_title=$(git log --format=%s -n 1 ${{ github.sha }})" >> "$GITHUB_OUTPUT" - name: "Push template" if: github.ref == 'refs/heads/main' @@ -165,6 +178,7 @@ jobs: CODER_URL: https://dev.coder.com CODER_SESSION_TOKEN: ${{ secrets.CODER_SESSION_TOKEN }} # Template source & details + TF_VAR_CODER_DOGFOOD_ANTHROPIC_API_KEY: ${{ secrets.CODER_DOGFOOD_ANTHROPIC_API_KEY }} TF_VAR_CODER_TEMPLATE_NAME: ${{ secrets.CODER_TEMPLATE_NAME }} TF_VAR_CODER_TEMPLATE_VERSION: ${{ steps.vars.outputs.sha_short }} TF_VAR_CODER_TEMPLATE_DIR: ./coder diff --git a/.github/workflows/nightly-gauntlet.yaml b/.github/workflows/nightly-gauntlet.yaml new file mode 100644 index 0000000000000..5769b3b652c44 --- /dev/null +++ b/.github/workflows/nightly-gauntlet.yaml @@ -0,0 +1,219 @@ +# The nightly-gauntlet runs tests that are either too flaky or too slow to block +# every PR. +name: nightly-gauntlet +on: + schedule: + # Every day at 4AM + - cron: "0 4 * * 1-5" + workflow_dispatch: + +permissions: + contents: read + +jobs: + test-go-pg: + # make sure to adjust NUM_PARALLEL_PACKAGES and NUM_PARALLEL_TESTS below + # when changing runner sizes + runs-on: ${{ matrix.os == 'macos-latest' && github.repository_owner == 'coder' && 'depot-macos-latest' || matrix.os == 'windows-2022' && github.repository_owner == 'coder' && 'depot-windows-2022-16' || matrix.os }} + # This timeout must be greater than the timeout set by `go test` in + # `make test-postgres` to ensure we receive a trace of running + # goroutines. Setting this to the timeout +5m should work quite well + # even if some of the preceding steps are slow. + timeout-minutes: 25 + strategy: + matrix: + os: + - macos-latest + - windows-2022 + steps: + - name: Harden Runner + uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 + with: + egress-policy: audit + + # macOS indexes all new files in the background. Our Postgres tests + # create and destroy thousands of databases on disk, and Spotlight + # tries to index all of them, seriously slowing down the tests. + - name: Disable Spotlight Indexing + if: runner.os == 'macOS' + run: | + enabled=$(sudo mdutil -a -s | { grep -Fc "Indexing enabled" || true; }) + if [ "$enabled" -eq 0 ]; then + echo "Spotlight indexing is already disabled" + exit 0 + fi + sudo mdutil -a -i off + sudo mdutil -X / + sudo launchctl bootout system /System/Library/LaunchDaemons/com.apple.metadata.mds.plist + + # Set up RAM disks to speed up the rest of the job. This action is in + # a separate repository to allow its use before actions/checkout. + - name: Setup RAM Disks + if: runner.os == 'Windows' + uses: coder/setup-ramdisk-action@e1100847ab2d7bcd9d14bcda8f2d1b0f07b36f1b # v0.1.0 + + - name: Checkout + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + with: + fetch-depth: 1 + persist-credentials: false + + - name: Setup Go + uses: ./.github/actions/setup-go + with: + # Runners have Go baked-in and Go will automatically + # download the toolchain configured in go.mod, so we don't + # need to reinstall it. It's faster on Windows runners. + use-preinstalled-go: ${{ runner.os == 'Windows' }} + + - name: Setup Terraform + uses: ./.github/actions/setup-tf + + - name: Setup Embedded Postgres Cache Paths + id: embedded-pg-cache + uses: ./.github/actions/setup-embedded-pg-cache-paths + + - name: Download Embedded Postgres Cache + id: download-embedded-pg-cache + uses: ./.github/actions/embedded-pg-cache/download + with: + key-prefix: embedded-pg-${{ runner.os }}-${{ runner.arch }} + cache-path: ${{ steps.embedded-pg-cache.outputs.cached-dirs }} + + - name: Test with PostgreSQL Database + env: + POSTGRES_VERSION: "13" + TS_DEBUG_DISCO: "true" + LC_CTYPE: "en_US.UTF-8" + LC_ALL: "en_US.UTF-8" + shell: bash + run: | + set -o errexit + set -o pipefail + + if [ "${{ runner.os }}" == "Windows" ]; then + # Create a temp dir on the R: ramdisk drive for Windows. The default + # C: drive is extremely slow: https://github.com/actions/runner-images/issues/8755 + mkdir -p "R:/temp/embedded-pg" + go run scripts/embedded-pg/main.go -path "R:/temp/embedded-pg" -cache "${EMBEDDED_PG_CACHE_DIR}" + elif [ "${{ runner.os }}" == "macOS" ]; then + # Postgres runs faster on a ramdisk on macOS too + mkdir -p /tmp/tmpfs + sudo mount_tmpfs -o noowners -s 8g /tmp/tmpfs + go run scripts/embedded-pg/main.go -path /tmp/tmpfs/embedded-pg -cache "${EMBEDDED_PG_CACHE_DIR}" + elif [ "${{ runner.os }}" == "Linux" ]; then + make test-postgres-docker + fi + + # if macOS, install google-chrome for scaletests + # As another concern, should we really have this kind of external dependency + # requirement on standard CI? + if [ "${{ matrix.os }}" == "macos-latest" ]; then + brew install google-chrome + fi + + # macOS will output "The default interactive shell is now zsh" + # intermittently in CI... + if [ "${{ matrix.os }}" == "macos-latest" ]; then + touch ~/.bash_profile && echo "export BASH_SILENCE_DEPRECATION_WARNING=1" >> ~/.bash_profile + fi + + if [ "${{ runner.os }}" == "Windows" ]; then + # Our Windows runners have 16 cores. + # On Windows Postgres chokes up when we have 16x16=256 tests + # running in parallel, and dbtestutil.NewDB starts to take more than + # 10s to complete sometimes causing test timeouts. With 16x8=128 tests + # Postgres tends not to choke. + NUM_PARALLEL_PACKAGES=8 + NUM_PARALLEL_TESTS=16 + elif [ "${{ runner.os }}" == "macOS" ]; then + # Our macOS runners have 8 cores. We set NUM_PARALLEL_TESTS to 16 + # because the tests complete faster and Postgres doesn't choke. It seems + # that macOS's tmpfs is faster than the one on Windows. + NUM_PARALLEL_PACKAGES=8 + NUM_PARALLEL_TESTS=16 + elif [ "${{ runner.os }}" == "Linux" ]; then + # Our Linux runners have 8 cores. + NUM_PARALLEL_PACKAGES=8 + NUM_PARALLEL_TESTS=8 + fi + + # run tests without cache + TESTCOUNT="-count=1" + + DB=ci gotestsum \ + --format standard-quiet --packages "./..." \ + -- -timeout=20m -v -p $NUM_PARALLEL_PACKAGES -parallel=$NUM_PARALLEL_TESTS $TESTCOUNT + + - name: Upload Embedded Postgres Cache + uses: ./.github/actions/embedded-pg-cache/upload + # We only use the embedded Postgres cache on macOS and Windows runners. + if: runner.OS == 'macOS' || runner.OS == 'Windows' + with: + cache-key: ${{ steps.download-embedded-pg-cache.outputs.cache-key }} + cache-path: "${{ steps.embedded-pg-cache.outputs.embedded-pg-cache }}" + + - name: Upload test stats to Datadog + timeout-minutes: 1 + continue-on-error: true + uses: ./.github/actions/upload-datadog + if: success() || failure() + with: + api-key: ${{ secrets.DATADOG_API_KEY }} + + notify-slack-on-failure: + needs: + - test-go-pg + runs-on: ubuntu-latest + if: failure() && github.ref == 'refs/heads/main' + + steps: + - name: Send Slack notification + run: | + curl -X POST -H 'Content-type: application/json' \ + --data '{ + "blocks": [ + { + "type": "header", + "text": { + "type": "plain_text", + "text": "❌ Nightly gauntlet failed", + "emoji": true + } + }, + { + "type": "section", + "fields": [ + { + "type": "mrkdwn", + "text": "*Workflow:*\n'"${GITHUB_WORKFLOW}"'" + }, + { + "type": "mrkdwn", + "text": "*Committer:*\n'"${GITHUB_ACTOR}"'" + }, + { + "type": "mrkdwn", + "text": "*Commit:*\n'"${GITHUB_SHA}"'" + } + ] + }, + { + "type": "section", + "text": { + "type": "mrkdwn", + "text": "*View failure:* <'"${RUN_URL}"'|Click here>" + } + }, + { + "type": "section", + "text": { + "type": "mrkdwn", + "text": "<@U08TJ4YNCA3> investigate this CI failure. Check logs, search for existing issues, use git blame to find who last modified failing tests, create issue in coder/internal (not public repo), use title format \"flake: TestName\" for flaky tests, and assign to the person from git blame." + } + } + ] + }' "${SLACK_WEBHOOK}" + env: + SLACK_WEBHOOK: ${{ secrets.CI_FAILURE_SLACK_WEBHOOK }} + RUN_URL: "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" diff --git a/.github/workflows/pr-auto-assign.yaml b/.github/workflows/pr-auto-assign.yaml index 28935d74507e5..7e2f6441de383 100644 --- a/.github/workflows/pr-auto-assign.yaml +++ b/.github/workflows/pr-auto-assign.yaml @@ -3,6 +3,7 @@ name: PR Auto Assign on: + # zizmor: ignore[dangerous-triggers] We explicitly want to run on pull_request_target. pull_request_target: types: [opened] @@ -14,7 +15,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 with: egress-policy: audit diff --git a/.github/workflows/pr-cleanup.yaml b/.github/workflows/pr-cleanup.yaml index 184486a711fbb..32e260b112dea 100644 --- a/.github/workflows/pr-cleanup.yaml +++ b/.github/workflows/pr-cleanup.yaml @@ -19,7 +19,7 @@ jobs: packages: write steps: - name: Harden Runner - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 with: egress-policy: audit @@ -27,10 +27,12 @@ jobs: id: pr_number run: | if [ -n "${{ github.event.pull_request.number }}" ]; then - echo "PR_NUMBER=${{ github.event.pull_request.number }}" >> $GITHUB_OUTPUT + echo "PR_NUMBER=${{ github.event.pull_request.number }}" >> "$GITHUB_OUTPUT" else - echo "PR_NUMBER=${{ github.event.inputs.pr_number }}" >> $GITHUB_OUTPUT + echo "PR_NUMBER=${PR_NUMBER}" >> "$GITHUB_OUTPUT" fi + env: + PR_NUMBER: ${{ github.event.inputs.pr_number }} - name: Delete image continue-on-error: true @@ -51,17 +53,21 @@ jobs: - name: Delete helm release run: | set -euo pipefail - helm delete --namespace "pr${{ steps.pr_number.outputs.PR_NUMBER }}" "pr${{ steps.pr_number.outputs.PR_NUMBER }}" || echo "helm release not found" + helm delete --namespace "pr${PR_NUMBER}" "pr${PR_NUMBER}" || echo "helm release not found" + env: + PR_NUMBER: ${{ steps.pr_number.outputs.PR_NUMBER }} - name: "Remove PR namespace" run: | - kubectl delete namespace "pr${{ steps.pr_number.outputs.PR_NUMBER }}" || echo "namespace not found" + kubectl delete namespace "pr${PR_NUMBER}" || echo "namespace not found" + env: + PR_NUMBER: ${{ steps.pr_number.outputs.PR_NUMBER }} - name: "Remove DNS records" run: | set -euo pipefail # Get identifier for the record - record_id=$(curl -X GET "https://api.cloudflare.com/client/v4/zones/${{ secrets.PR_DEPLOYMENTS_ZONE_ID }}/dns_records?name=%2A.pr${{ steps.pr_number.outputs.PR_NUMBER }}.${{ secrets.PR_DEPLOYMENTS_DOMAIN }}" \ + record_id=$(curl -X GET "https://api.cloudflare.com/client/v4/zones/${{ secrets.PR_DEPLOYMENTS_ZONE_ID }}/dns_records?name=%2A.pr${PR_NUMBER}.${{ secrets.PR_DEPLOYMENTS_DOMAIN }}" \ -H "Authorization: Bearer ${{ secrets.PR_DEPLOYMENTS_CLOUDFLARE_API_TOKEN }}" \ -H "Content-Type:application/json" | jq -r '.result[0].id') || echo "DNS record not found" @@ -73,9 +79,13 @@ jobs: -H "Authorization: Bearer ${{ secrets.PR_DEPLOYMENTS_CLOUDFLARE_API_TOKEN }}" \ -H "Content-Type:application/json" | jq -r '.success' ) || echo "DNS record not found" + env: + PR_NUMBER: ${{ steps.pr_number.outputs.PR_NUMBER }} - name: "Delete certificate" if: ${{ github.event.pull_request.merged == true }} run: | set -euxo pipefail - kubectl delete certificate "pr${{ steps.pr_number.outputs.PR_NUMBER }}-tls" -n pr-deployment-certs || echo "certificate not found" + kubectl delete certificate "pr${PR_NUMBER}-tls" -n pr-deployment-certs || echo "certificate not found" + env: + PR_NUMBER: ${{ steps.pr_number.outputs.PR_NUMBER }} diff --git a/.github/workflows/pr-deploy.yaml b/.github/workflows/pr-deploy.yaml index fe64c47aebc6e..ccf7511eafc78 100644 --- a/.github/workflows/pr-deploy.yaml +++ b/.github/workflows/pr-deploy.yaml @@ -39,12 +39,14 @@ jobs: PR_OPEN: ${{ steps.check_pr.outputs.pr_open }} steps: - name: Harden Runner - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 with: egress-policy: audit - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + with: + persist-credentials: false - name: Check if PR is open id: check_pr @@ -55,7 +57,7 @@ jobs: echo "PR doesn't exist or is closed." pr_open=false fi - echo "pr_open=$pr_open" >> $GITHUB_OUTPUT + echo "pr_open=$pr_open" >> "$GITHUB_OUTPUT" env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} @@ -74,14 +76,15 @@ jobs: runs-on: "ubuntu-latest" steps: - name: Harden Runner - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 with: egress-policy: audit - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: fetch-depth: 0 + persist-credentials: false - name: Get PR number, title, and branch name id: pr_info @@ -90,9 +93,11 @@ jobs: PR_NUMBER=$(gh pr view --json number | jq -r '.number') PR_TITLE=$(gh pr view --json title | jq -r '.title') PR_URL=$(gh pr view --json url | jq -r '.url') - echo "PR_URL=$PR_URL" >> $GITHUB_OUTPUT - echo "PR_NUMBER=$PR_NUMBER" >> $GITHUB_OUTPUT - echo "PR_TITLE=$PR_TITLE" >> $GITHUB_OUTPUT + { + echo "PR_URL=$PR_URL" + echo "PR_NUMBER=$PR_NUMBER" + echo "PR_TITLE=$PR_TITLE" + } >> "$GITHUB_OUTPUT" env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} @@ -100,8 +105,8 @@ jobs: id: set_tags run: | set -euo pipefail - echo "CODER_BASE_IMAGE_TAG=$CODER_BASE_IMAGE_TAG" >> $GITHUB_OUTPUT - echo "CODER_IMAGE_TAG=$CODER_IMAGE_TAG" >> $GITHUB_OUTPUT + echo "CODER_BASE_IMAGE_TAG=$CODER_BASE_IMAGE_TAG" >> "$GITHUB_OUTPUT" + echo "CODER_IMAGE_TAG=$CODER_IMAGE_TAG" >> "$GITHUB_OUTPUT" env: CODER_BASE_IMAGE_TAG: ghcr.io/coder/coder-preview-base:pr${{ steps.pr_info.outputs.PR_NUMBER }} CODER_IMAGE_TAG: ghcr.io/coder/coder-preview:pr${{ steps.pr_info.outputs.PR_NUMBER }} @@ -118,14 +123,16 @@ jobs: id: check_deployment run: | set -euo pipefail - if helm status "pr${{ steps.pr_info.outputs.PR_NUMBER }}" --namespace "pr${{ steps.pr_info.outputs.PR_NUMBER }}" > /dev/null 2>&1; then + if helm status "pr${PR_NUMBER}" --namespace "pr${PR_NUMBER}" > /dev/null 2>&1; then echo "Deployment already exists. Skipping deployment." NEW=false else echo "Deployment doesn't exist." NEW=true fi - echo "NEW=$NEW" >> $GITHUB_OUTPUT + echo "NEW=$NEW" >> "$GITHUB_OUTPUT" + env: + PR_NUMBER: ${{ steps.pr_info.outputs.PR_NUMBER }} - name: Check changed files uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 @@ -154,17 +161,20 @@ jobs: - name: Print number of changed files run: | set -euo pipefail - echo "Total number of changed files: ${{ steps.filter.outputs.all_count }}" - echo "Number of ignored files: ${{ steps.filter.outputs.ignored_count }}" + echo "Total number of changed files: ${ALL_COUNT}" + echo "Number of ignored files: ${IGNORED_COUNT}" + env: + ALL_COUNT: ${{ steps.filter.outputs.all_count }} + IGNORED_COUNT: ${{ steps.filter.outputs.ignored_count }} - name: Build conditionals id: build_conditionals run: | set -euo pipefail # build if the workflow is manually triggered and the deployment doesn't exist (first build or force rebuild) - echo "first_or_force_build=${{ (github.event_name == 'workflow_dispatch' && steps.check_deployment.outputs.NEW == 'true') || github.event.inputs.build == 'true' }}" >> $GITHUB_OUTPUT + echo "first_or_force_build=${{ (github.event_name == 'workflow_dispatch' && steps.check_deployment.outputs.NEW == 'true') || github.event.inputs.build == 'true' }}" >> "$GITHUB_OUTPUT" # build if the deployment already exist and there are changes in the files that we care about (automatic updates) - echo "automatic_rebuild=${{ steps.check_deployment.outputs.NEW == 'false' && steps.filter.outputs.all_count > steps.filter.outputs.ignored_count }}" >> $GITHUB_OUTPUT + echo "automatic_rebuild=${{ steps.check_deployment.outputs.NEW == 'false' && steps.filter.outputs.all_count > steps.filter.outputs.ignored_count }}" >> "$GITHUB_OUTPUT" comment-pr: needs: get_info @@ -174,7 +184,7 @@ jobs: pull-requests: write # needed for commenting on PRs steps: - name: Harden Runner - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 with: egress-policy: audit @@ -218,14 +228,15 @@ jobs: CODER_IMAGE_TAG: ${{ needs.get_info.outputs.CODER_IMAGE_TAG }} steps: - name: Harden Runner - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 with: egress-policy: audit - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: fetch-depth: 0 + persist-credentials: false - name: Setup Node uses: ./.github/actions/setup-node @@ -237,7 +248,7 @@ jobs: uses: ./.github/actions/setup-sqlc - name: GHCR Login - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 with: registry: ghcr.io username: ${{ github.actor }} @@ -250,12 +261,13 @@ jobs: make gen/mark-fresh export DOCKER_IMAGE_NO_PREREQUISITES=true version="$(./scripts/version.sh)" - export CODER_IMAGE_BUILD_BASE_TAG="$(CODER_IMAGE_BASE=coder-base ./scripts/image_tag.sh --version "$version")" + CODER_IMAGE_BUILD_BASE_TAG="$(CODER_IMAGE_BASE=coder-base ./scripts/image_tag.sh --version "$version")" + export CODER_IMAGE_BUILD_BASE_TAG make -j build/coder_linux_amd64 ./scripts/build_docker.sh \ --arch amd64 \ - --target ${{ env.CODER_IMAGE_TAG }} \ - --version $version \ + --target "${CODER_IMAGE_TAG}" \ + --version "$version" \ --push \ build/coder_linux_amd64 @@ -276,7 +288,7 @@ jobs: PR_HOSTNAME: "pr${{ needs.get_info.outputs.PR_NUMBER }}.${{ secrets.PR_DEPLOYMENTS_DOMAIN }}" steps: - name: Harden Runner - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 with: egress-policy: audit @@ -293,13 +305,13 @@ jobs: set -euo pipefail foundTag=$( gh api /orgs/coder/packages/container/coder-preview/versions | - jq -r --arg tag "pr${{ env.PR_NUMBER }}" '.[] | + jq -r --arg tag "pr${PR_NUMBER}" '.[] | select(.metadata.container.tags == [$tag]) | .metadata.container.tags[0]' ) if [ -z "$foundTag" ]; then echo "Image not found" - echo "${{ env.CODER_IMAGE_TAG }} not found in ghcr.io/coder/coder-preview" + echo "${CODER_IMAGE_TAG} not found in ghcr.io/coder/coder-preview" exit 1 else echo "Image found" @@ -314,40 +326,42 @@ jobs: curl -X POST "https://api.cloudflare.com/client/v4/zones/${{ secrets.PR_DEPLOYMENTS_ZONE_ID }}/dns_records" \ -H "Authorization: Bearer ${{ secrets.PR_DEPLOYMENTS_CLOUDFLARE_API_TOKEN }}" \ -H "Content-Type:application/json" \ - --data '{"type":"CNAME","name":"*.${{ env.PR_HOSTNAME }}","content":"${{ env.PR_HOSTNAME }}","ttl":1,"proxied":false}' + --data '{"type":"CNAME","name":"*.'"${PR_HOSTNAME}"'","content":"'"${PR_HOSTNAME}"'","ttl":1,"proxied":false}' - name: Create PR namespace if: needs.get_info.outputs.NEW == 'true' || github.event.inputs.deploy == 'true' run: | set -euo pipefail # try to delete the namespace, but don't fail if it doesn't exist - kubectl delete namespace "pr${{ env.PR_NUMBER }}" || true - kubectl create namespace "pr${{ env.PR_NUMBER }}" + kubectl delete namespace "pr${PR_NUMBER}" || true + kubectl create namespace "pr${PR_NUMBER}" - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + with: + persist-credentials: false - name: Check and Create Certificate if: needs.get_info.outputs.NEW == 'true' || github.event.inputs.deploy == 'true' run: | # Using kubectl to check if a Certificate resource already exists # we are doing this to avoid letsenrypt rate limits - if ! kubectl get certificate pr${{ env.PR_NUMBER }}-tls -n pr-deployment-certs > /dev/null 2>&1; then + if ! kubectl get certificate "pr${PR_NUMBER}-tls" -n pr-deployment-certs > /dev/null 2>&1; then echo "Certificate doesn't exist. Creating a new one." envsubst < ./.github/pr-deployments/certificate.yaml | kubectl apply -f - else echo "Certificate exists. Skipping certificate creation." fi - echo "Copy certificate from pr-deployment-certs to pr${{ env.PR_NUMBER }} namespace" - until kubectl get secret pr${{ env.PR_NUMBER }}-tls -n pr-deployment-certs &> /dev/null + echo "Copy certificate from pr-deployment-certs to pr${PR_NUMBER} namespace" + until kubectl get secret "pr${PR_NUMBER}-tls" -n pr-deployment-certs &> /dev/null do - echo "Waiting for secret pr${{ env.PR_NUMBER }}-tls to be created..." + echo "Waiting for secret pr${PR_NUMBER}-tls to be created..." sleep 5 done ( - kubectl get secret pr${{ env.PR_NUMBER }}-tls -n pr-deployment-certs -o json | + kubectl get secret "pr${PR_NUMBER}-tls" -n pr-deployment-certs -o json | jq 'del(.metadata.namespace,.metadata.creationTimestamp,.metadata.resourceVersion,.metadata.selfLink,.metadata.uid,.metadata.managedFields)' | - kubectl -n pr${{ env.PR_NUMBER }} apply -f - + kubectl -n "pr${PR_NUMBER}" apply -f - ) - name: Set up PostgreSQL database @@ -355,13 +369,13 @@ jobs: run: | helm repo add bitnami https://charts.bitnami.com/bitnami helm install coder-db bitnami/postgresql \ - --namespace pr${{ env.PR_NUMBER }} \ + --namespace "pr${PR_NUMBER}" \ --set auth.username=coder \ --set auth.password=coder \ --set auth.database=coder \ --set persistence.size=10Gi - kubectl create secret generic coder-db-url -n pr${{ env.PR_NUMBER }} \ - --from-literal=url="postgres://coder:coder@coder-db-postgresql.pr${{ env.PR_NUMBER }}.svc.cluster.local:5432/coder?sslmode=disable" + kubectl create secret generic coder-db-url -n "pr${PR_NUMBER}" \ + --from-literal=url="postgres://coder:coder@coder-db-postgresql.pr${PR_NUMBER}.svc.cluster.local:5432/coder?sslmode=disable" - name: Create a service account, role, and rolebinding for the PR namespace if: needs.get_info.outputs.NEW == 'true' || github.event.inputs.deploy == 'true' @@ -383,8 +397,8 @@ jobs: run: | set -euo pipefail helm dependency update --skip-refresh ./helm/coder - helm upgrade --install "pr${{ env.PR_NUMBER }}" ./helm/coder \ - --namespace "pr${{ env.PR_NUMBER }}" \ + helm upgrade --install "pr${PR_NUMBER}" ./helm/coder \ + --namespace "pr${PR_NUMBER}" \ --values ./pr-deploy-values.yaml \ --force @@ -393,8 +407,8 @@ jobs: run: | helm repo add coder-logstream-kube https://helm.coder.com/logstream-kube helm upgrade --install coder-logstream-kube coder-logstream-kube/coder-logstream-kube \ - --namespace "pr${{ env.PR_NUMBER }}" \ - --set url="https://${{ env.PR_HOSTNAME }}" + --namespace "pr${PR_NUMBER}" \ + --set url="https://${PR_HOSTNAME}" - name: Get Coder binary if: needs.get_info.outputs.NEW == 'true' || github.event.inputs.deploy == 'true' @@ -402,16 +416,16 @@ jobs: set -euo pipefail DEST="${HOME}/coder" - URL="https://${{ env.PR_HOSTNAME }}/bin/coder-linux-amd64" + URL="https://${PR_HOSTNAME}/bin/coder-linux-amd64" - mkdir -p "$(dirname ${DEST})" + mkdir -p "$(dirname "$DEST")" COUNT=0 - until $(curl --output /dev/null --silent --head --fail "$URL"); do + until curl --output /dev/null --silent --head --fail "$URL"; do printf '.' sleep 5 COUNT=$((COUNT+1)) - if [ $COUNT -ge 60 ]; then + if [ "$COUNT" -ge 60 ]; then echo "Timed out waiting for URL to be available" exit 1 fi @@ -420,7 +434,7 @@ jobs: curl -fsSL "$URL" -o "${DEST}" chmod +x "${DEST}" "${DEST}" version - mv "${DEST}" /usr/local/bin/coder + sudo mv "${DEST}" /usr/local/bin/coder - name: Create first user if: needs.get_info.outputs.NEW == 'true' || github.event.inputs.deploy == 'true' @@ -435,24 +449,24 @@ jobs: # add mask so that the password is not printed to the logs echo "::add-mask::$password" - echo "password=$password" >> $GITHUB_OUTPUT + echo "password=$password" >> "$GITHUB_OUTPUT" coder login \ - --first-user-username pr${{ env.PR_NUMBER }}-admin \ - --first-user-email pr${{ env.PR_NUMBER }}@coder.com \ - --first-user-password $password \ + --first-user-username "pr${PR_NUMBER}-admin" \ + --first-user-email "pr${PR_NUMBER}@coder.com" \ + --first-user-password "$password" \ --first-user-trial=false \ --use-token-as-session \ - https://${{ env.PR_HOSTNAME }} + "https://${PR_HOSTNAME}" # Create a user for the github.actor # TODO: update once https://github.com/coder/coder/issues/15466 is resolved # coder users create \ - # --username ${{ github.actor }} \ + # --username ${GITHUB_ACTOR} \ # --login-type github # promote the user to admin role - # coder org members edit-role ${{ github.actor }} organization-admin + # coder org members edit-role ${GITHUB_ACTOR} organization-admin # TODO: update once https://github.com/coder/internal/issues/207 is resolved - name: Send Slack notification @@ -461,17 +475,19 @@ jobs: curl -s -o /dev/null -X POST -H 'Content-type: application/json' \ -d \ '{ - "pr_number": "'"${{ env.PR_NUMBER }}"'", - "pr_url": "'"${{ env.PR_URL }}"'", - "pr_title": "'"${{ env.PR_TITLE }}"'", - "pr_access_url": "'"https://${{ env.PR_HOSTNAME }}"'", - "pr_username": "'"pr${{ env.PR_NUMBER }}-admin"'", - "pr_email": "'"pr${{ env.PR_NUMBER }}@coder.com"'", - "pr_password": "'"${{ steps.setup_deployment.outputs.password }}"'", - "pr_actor": "'"${{ github.actor }}"'" + "pr_number": "'"${PR_NUMBER}"'", + "pr_url": "'"${PR_URL}"'", + "pr_title": "'"${PR_TITLE}"'", + "pr_access_url": "'"https://${PR_HOSTNAME}"'", + "pr_username": "'"pr${PR_NUMBER}-admin"'", + "pr_email": "'"pr${PR_NUMBER}@coder.com"'", + "pr_password": "'"${PASSWORD}"'", + "pr_actor": "'"${GITHUB_ACTOR}"'" }' \ ${{ secrets.PR_DEPLOYMENTS_SLACK_WEBHOOK }} echo "Slack notification sent" + env: + PASSWORD: ${{ steps.setup_deployment.outputs.password }} - name: Find Comment uses: peter-evans/find-comment@3eae4d37986fb5a8592848f6a574fdf654e61f9e # v3.1.0 @@ -504,7 +520,7 @@ jobs: run: | set -euo pipefail cd .github/pr-deployments/template - coder templates push -y --variable namespace=pr${{ env.PR_NUMBER }} kubernetes + coder templates push -y --variable "namespace=pr${PR_NUMBER}" kubernetes # Create workspace coder create --template="kubernetes" kube --parameter cpu=2 --parameter memory=4 --parameter home_disk_size=2 -y diff --git a/.github/workflows/release-validation.yaml b/.github/workflows/release-validation.yaml index 1e4e928f32f73..3555e2a8fc50d 100644 --- a/.github/workflows/release-validation.yaml +++ b/.github/workflows/release-validation.yaml @@ -14,7 +14,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 with: egress-policy: audit diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 032961dd2e5c5..ecd2e2ac39be9 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -32,15 +32,43 @@ env: CODER_RELEASE_NOTES: ${{ inputs.release_notes }} jobs: + # Only allow maintainers/admins to release. + check-perms: + runs-on: ${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-8' || 'ubuntu-latest' }} + steps: + - name: Allow only maintainers/admins + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + script: | + const {data} = await github.rest.repos.getCollaboratorPermissionLevel({ + owner: context.repo.owner, + repo: context.repo.repo, + username: context.actor + }); + const role = data.role_name || data.user?.role_name || data.permission; + const perms = data.user?.permissions || {}; + core.info(`Actor ${context.actor} permission=${data.permission}, role_name=${role}`); + + const allowed = + role === 'admin' || + role === 'maintain' || + perms.admin === true || + perms.maintain === true; + + if (!allowed) core.setFailed('Denied: requires maintain or admin'); + # build-dylib is a separate job to build the dylib on macOS. build-dylib: runs-on: ${{ github.repository_owner == 'coder' && 'depot-macos-latest' || 'macos-latest' }} + needs: check-perms steps: # Harden Runner doesn't work on macOS. - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: fetch-depth: 0 + persist-credentials: false # If the event that triggered the build was an annotated tag (which our # tags are supposed to be), actions/checkout has a bug where the tag in @@ -53,14 +81,16 @@ jobs: - name: Setup build tools run: | brew install bash gnu-getopt make - echo "$(brew --prefix bash)/bin" >> $GITHUB_PATH - echo "$(brew --prefix gnu-getopt)/bin" >> $GITHUB_PATH - echo "$(brew --prefix make)/libexec/gnubin" >> $GITHUB_PATH + { + echo "$(brew --prefix bash)/bin" + echo "$(brew --prefix gnu-getopt)/bin" + echo "$(brew --prefix make)/libexec/gnubin" + } >> "$GITHUB_PATH" - name: Switch XCode Version uses: maxim-lobanov/setup-xcode@60606e260d2fc5762a71e64e74b2174e8ea3c8bd # v1.6.0 with: - xcode-version: "16.0.0" + xcode-version: "16.1.0" - name: Setup Go uses: ./.github/actions/setup-go @@ -114,7 +144,7 @@ jobs: release: name: Build and publish - needs: build-dylib + needs: [build-dylib, check-perms] runs-on: ${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-8' || 'ubuntu-latest' }} permissions: # Required to publish a release @@ -134,14 +164,15 @@ jobs: version: ${{ steps.version.outputs.version }} steps: - name: Harden Runner - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 with: egress-policy: audit - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: fetch-depth: 0 + persist-credentials: false # If the event that triggered the build was an annotated tag (which our # tags are supposed to be), actions/checkout has a bug where the tag in @@ -156,9 +187,9 @@ jobs: run: | set -euo pipefail version="$(./scripts/version.sh)" - echo "version=$version" >> $GITHUB_OUTPUT + echo "version=$version" >> "$GITHUB_OUTPUT" # Speed up future version.sh calls. - echo "CODER_FORCE_VERSION=$version" >> $GITHUB_ENV + echo "CODER_FORCE_VERSION=$version" >> "$GITHUB_ENV" echo "$version" # Verify that all expectations for a release are met. @@ -200,7 +231,7 @@ jobs: release_notes_file="$(mktemp -t release_notes.XXXXXX)" echo "$CODER_RELEASE_NOTES" > "$release_notes_file" - echo CODER_RELEASE_NOTES_FILE="$release_notes_file" >> $GITHUB_ENV + echo CODER_RELEASE_NOTES_FILE="$release_notes_file" >> "$GITHUB_ENV" - name: Show release notes run: | @@ -208,7 +239,7 @@ jobs: cat "$CODER_RELEASE_NOTES_FILE" - name: Docker Login - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 + uses: docker/login-action@184bdaa0721073962dff0199f1fb9940f07167d1 # v3.5.0 with: registry: ghcr.io username: ${{ github.actor }} @@ -286,17 +317,17 @@ jobs: # Setup GCloud for signing Windows binaries. - name: Authenticate to Google Cloud id: gcloud_auth - uses: google-github-actions/auth@ba79af03959ebeac9769e648f473a284504d9193 # v2.1.10 + uses: google-github-actions/auth@b7593ed2efd1c1617e1b0254da33b86225adb2a5 # v2.1.12 with: - workload_identity_provider: ${{ secrets.GCP_CODE_SIGNING_WORKLOAD_ID_PROVIDER }} - service_account: ${{ secrets.GCP_CODE_SIGNING_SERVICE_ACCOUNT }} + workload_identity_provider: ${{ vars.GCP_CODE_SIGNING_WORKLOAD_ID_PROVIDER }} + service_account: ${{ vars.GCP_CODE_SIGNING_SERVICE_ACCOUNT }} token_format: "access_token" - name: Setup GCloud SDK - uses: google-github-actions/setup-gcloud@77e7a554d41e2ee56fc945c52dfd3f33d12def9a # v2.1.4 + uses: google-github-actions/setup-gcloud@cb1e50a9932213ecece00a606661ae9ca44f3397 # v2.2.0 - name: Download dylibs - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 with: name: dylibs path: ./build @@ -323,6 +354,8 @@ jobs: env: CODER_SIGN_WINDOWS: "1" CODER_SIGN_DARWIN: "1" + CODER_SIGN_GPG: "1" + CODER_GPG_RELEASE_KEY_BASE64: ${{ secrets.GPG_RELEASE_KEY_BASE64 }} CODER_WINDOWS_RESOURCES: "1" AC_CERTIFICATE_FILE: /tmp/apple_cert.p12 AC_CERTIFICATE_PASSWORD_FILE: /tmp/apple_cert_password.txt @@ -348,9 +381,9 @@ jobs: set -euo pipefail if [[ "${CODER_RELEASE:-}" != *t* ]] || [[ "${CODER_DRY_RUN:-}" == *t* ]]; then # Empty value means use the default and avoid building a fresh one. - echo "tag=" >> $GITHUB_OUTPUT + echo "tag=" >> "$GITHUB_OUTPUT" else - echo "tag=$(CODER_IMAGE_BASE=ghcr.io/coder/coder-base ./scripts/image_tag.sh)" >> $GITHUB_OUTPUT + echo "tag=$(CODER_IMAGE_BASE=ghcr.io/coder/coder-base ./scripts/image_tag.sh)" >> "$GITHUB_OUTPUT" fi - name: Create empty base-build-context directory @@ -364,7 +397,7 @@ jobs: # This uses OIDC authentication, so no auth variables are required. - name: Build base Docker image via depot.dev if: steps.image-base-tag.outputs.tag != '' - uses: depot/build-push-action@636daae76684e38c301daa0c5eca1c095b24e780 # v1.14.0 + uses: depot/build-push-action@2583627a84956d07561420dcc1d0eb1f2af3fac0 # v1.15.0 with: project: wl5hnrrkns context: base-build-context @@ -385,7 +418,7 @@ jobs: # available immediately for i in {1..10}; do rc=0 - raw_manifests=$(docker buildx imagetools inspect --raw "${{ steps.image-base-tag.outputs.tag }}") || rc=$? + raw_manifests=$(docker buildx imagetools inspect --raw "${IMAGE_TAG}") || rc=$? if [[ "$rc" -eq 0 ]]; then break fi @@ -407,6 +440,8 @@ jobs: echo "$manifests" | grep -q linux/amd64 echo "$manifests" | grep -q linux/arm64 echo "$manifests" | grep -q linux/arm/v7 + env: + IMAGE_TAG: ${{ steps.image-base-tag.outputs.tag }} # GitHub attestation provides SLSA provenance for Docker images, establishing a verifiable # record that these images were built in GitHub Actions with specific inputs and environment. @@ -474,7 +509,7 @@ jobs: # Save multiarch image tag for attestation multiarch_image="$(./scripts/image_tag.sh)" - echo "multiarch_image=${multiarch_image}" >> $GITHUB_OUTPUT + echo "multiarch_image=${multiarch_image}" >> "$GITHUB_OUTPUT" # For debugging, print all docker image tags docker images @@ -482,16 +517,15 @@ jobs: # if the current version is equal to the highest (according to semver) # version in the repo, also create a multi-arch image as ":latest" and # push it - created_latest_tag=false if [[ "$(git tag | grep '^v' | grep -vE '(rc|dev|-|\+|\/)' | sort -r --version-sort | head -n1)" == "v$(./scripts/version.sh)" ]]; then + # shellcheck disable=SC2046 ./scripts/build_docker_multiarch.sh \ --push \ --target "$(./scripts/image_tag.sh --version latest)" \ $(cat build/coder_"$version"_linux_{amd64,arm64,armv7}.tag) - created_latest_tag=true - echo "created_latest_tag=true" >> $GITHUB_OUTPUT + echo "created_latest_tag=true" >> "$GITHUB_OUTPUT" else - echo "created_latest_tag=false" >> $GITHUB_OUTPUT + echo "created_latest_tag=false" >> "$GITHUB_OUTPUT" fi env: CODER_BASE_IMAGE_TAG: ${{ steps.image-base-tag.outputs.tag }} @@ -499,24 +533,27 @@ jobs: - name: SBOM Generation and Attestation if: ${{ !inputs.dry_run }} env: - COSIGN_EXPERIMENTAL: "1" + COSIGN_EXPERIMENTAL: '1' + MULTIARCH_IMAGE: ${{ steps.build_docker.outputs.multiarch_image }} + VERSION: ${{ steps.version.outputs.version }} + CREATED_LATEST_TAG: ${{ steps.build_docker.outputs.created_latest_tag }} run: | set -euxo pipefail # Generate SBOM for multi-arch image with version in filename - echo "Generating SBOM for multi-arch image: ${{ steps.build_docker.outputs.multiarch_image }}" - syft "${{ steps.build_docker.outputs.multiarch_image }}" -o spdx-json > coder_${{ steps.version.outputs.version }}_sbom.spdx.json + echo "Generating SBOM for multi-arch image: ${MULTIARCH_IMAGE}" + syft "${MULTIARCH_IMAGE}" -o spdx-json > "coder_${VERSION}_sbom.spdx.json" # Attest SBOM to multi-arch image - echo "Attesting SBOM to multi-arch image: ${{ steps.build_docker.outputs.multiarch_image }}" - cosign clean --force=true "${{ steps.build_docker.outputs.multiarch_image }}" + echo "Attesting SBOM to multi-arch image: ${MULTIARCH_IMAGE}" + cosign clean --force=true "${MULTIARCH_IMAGE}" cosign attest --type spdxjson \ - --predicate coder_${{ steps.version.outputs.version }}_sbom.spdx.json \ + --predicate "coder_${VERSION}_sbom.spdx.json" \ --yes \ - "${{ steps.build_docker.outputs.multiarch_image }}" + "${MULTIARCH_IMAGE}" # If latest tag was created, also attest it - if [[ "${{ steps.build_docker.outputs.created_latest_tag }}" == "true" ]]; then + if [[ "${CREATED_LATEST_TAG}" == "true" ]]; then latest_tag="$(./scripts/image_tag.sh --version latest)" echo "Generating SBOM for latest image: ${latest_tag}" syft "${latest_tag}" -o spdx-json > coder_latest_sbom.spdx.json @@ -570,7 +607,7 @@ jobs: - name: Get latest tag name id: latest_tag if: ${{ !inputs.dry_run && steps.build_docker.outputs.created_latest_tag == 'true' }} - run: echo "tag=$(./scripts/image_tag.sh --version latest)" >> $GITHUB_OUTPUT + run: echo "tag=$(./scripts/image_tag.sh --version latest)" >> "$GITHUB_OUTPUT" # If this is the highest version according to semver, also attest the "latest" tag - name: GitHub Attestation for "latest" Docker image @@ -613,7 +650,7 @@ jobs: # Report attestation failures but don't fail the workflow - name: Check attestation status if: ${{ !inputs.dry_run }} - run: | + run: | # zizmor: ignore[template-injection] We're just reading steps.attest_x.outcome here, no risk of injection if [[ "${{ steps.attest_base.outcome }}" == "failure" && "${{ steps.attest_base.conclusion }}" != "skipped" ]]; then echo "::warning::GitHub attestation for base image failed" fi @@ -632,6 +669,30 @@ jobs: - name: ls build run: ls -lh build + - name: Publish Coder CLI binaries and detached signatures to GCS + if: ${{ !inputs.dry_run }} + run: | + set -euxo pipefail + + version="$(./scripts/version.sh)" + + # Source array of slim binaries + declare -A binaries + binaries["coder-darwin-amd64"]="coder-slim_${version}_darwin_amd64" + binaries["coder-darwin-arm64"]="coder-slim_${version}_darwin_arm64" + binaries["coder-linux-amd64"]="coder-slim_${version}_linux_amd64" + binaries["coder-linux-arm64"]="coder-slim_${version}_linux_arm64" + binaries["coder-linux-armv7"]="coder-slim_${version}_linux_armv7" + binaries["coder-windows-amd64.exe"]="coder-slim_${version}_windows_amd64.exe" + binaries["coder-windows-arm64.exe"]="coder-slim_${version}_windows_arm64.exe" + + for cli_name in "${!binaries[@]}"; do + slim_binary="${binaries[$cli_name]}" + detached_signature="${slim_binary}.asc" + gcloud storage cp "./build/${slim_binary}" "gs://releases.coder.com/coder-cli/${version}/${cli_name}" + gcloud storage cp "./build/${detached_signature}" "gs://releases.coder.com/coder-cli/${version}/${cli_name}.asc" + done + - name: Publish release run: | set -euo pipefail @@ -654,11 +715,11 @@ jobs: ./build/*.apk ./build/*.deb ./build/*.rpm - ./coder_${{ steps.version.outputs.version }}_sbom.spdx.json + "./coder_${VERSION}_sbom.spdx.json" ) # Only include the latest SBOM file if it was created - if [[ "${{ steps.build_docker.outputs.created_latest_tag }}" == "true" ]]; then + if [[ "${CREATED_LATEST_TAG}" == "true" ]]; then files+=(./coder_latest_sbom.spdx.json) fi @@ -669,15 +730,17 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} CODER_GPG_RELEASE_KEY_BASE64: ${{ secrets.GPG_RELEASE_KEY_BASE64 }} + VERSION: ${{ steps.version.outputs.version }} + CREATED_LATEST_TAG: ${{ steps.build_docker.outputs.created_latest_tag }} - name: Authenticate to Google Cloud - uses: google-github-actions/auth@ba79af03959ebeac9769e648f473a284504d9193 # v2.1.10 + uses: google-github-actions/auth@b7593ed2efd1c1617e1b0254da33b86225adb2a5 # v2.1.12 with: - workload_identity_provider: ${{ secrets.GCP_WORKLOAD_ID_PROVIDER }} - service_account: ${{ secrets.GCP_SERVICE_ACCOUNT }} + workload_identity_provider: ${{ vars.GCP_WORKLOAD_ID_PROVIDER }} + service_account: ${{ vars.GCP_SERVICE_ACCOUNT }} - name: Setup GCloud SDK - uses: google-github-actions/setup-gcloud@77e7a554d41e2ee56fc945c52dfd3f33d12def9a # 2.1.4 + uses: google-github-actions/setup-gcloud@cb1e50a9932213ecece00a606661ae9ca44f3397 # 2.2.0 - name: Publish Helm Chart if: ${{ !inputs.dry_run }} @@ -689,10 +752,12 @@ jobs: cp "build/provisioner_helm_${version}.tgz" build/helm gsutil cp gs://helm.coder.com/v2/index.yaml build/helm/index.yaml helm repo index build/helm --url https://helm.coder.com/v2 --merge build/helm/index.yaml - gsutil -h "Cache-Control:no-cache,max-age=0" cp build/helm/coder_helm_${version}.tgz gs://helm.coder.com/v2 - gsutil -h "Cache-Control:no-cache,max-age=0" cp build/helm/provisioner_helm_${version}.tgz gs://helm.coder.com/v2 - gsutil -h "Cache-Control:no-cache,max-age=0" cp build/helm/index.yaml gs://helm.coder.com/v2 - gsutil -h "Cache-Control:no-cache,max-age=0" cp helm/artifacthub-repo.yml gs://helm.coder.com/v2 + gsutil -h "Cache-Control:no-cache,max-age=0" cp "build/helm/coder_helm_${version}.tgz" gs://helm.coder.com/v2 + gsutil -h "Cache-Control:no-cache,max-age=0" cp "build/helm/provisioner_helm_${version}.tgz" gs://helm.coder.com/v2 + gsutil -h "Cache-Control:no-cache,max-age=0" cp "build/helm/index.yaml" gs://helm.coder.com/v2 + gsutil -h "Cache-Control:no-cache,max-age=0" cp "helm/artifacthub-repo.yml" gs://helm.coder.com/v2 + helm push "build/coder_helm_${version}.tgz" oci://ghcr.io/coder/chart + helm push "build/provisioner_helm_${version}.tgz" oci://ghcr.io/coder/chart - name: Upload artifacts to actions (if dry-run) if: ${{ inputs.dry_run }} @@ -737,18 +802,18 @@ jobs: # TODO: skip this if it's not a new release (i.e. a backport). This is # fine right now because it just makes a PR that we can close. - name: Harden Runner - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 with: egress-policy: audit - name: Update homebrew env: - # Variables used by the `gh` command GH_REPO: coder/homebrew-coder GH_TOKEN: ${{ secrets.CDRCI_GITHUB_TOKEN }} + VERSION: ${{ needs.release.outputs.version }} run: | # Keep version number around for reference, removing any potential leading v - coder_version="$(echo "${{ needs.release.outputs.version }}" | tr -d v)" + coder_version="$(echo "${VERSION}" | tr -d v)" set -euxo pipefail @@ -767,9 +832,9 @@ jobs: wget "$checksums_url" -O checksums.txt # Get the SHAs - darwin_arm_sha="$(cat checksums.txt | grep "darwin_arm64.zip" | awk '{ print $1 }')" - darwin_intel_sha="$(cat checksums.txt | grep "darwin_amd64.zip" | awk '{ print $1 }')" - linux_sha="$(cat checksums.txt | grep "linux_amd64.tar.gz" | awk '{ print $1 }')" + darwin_arm_sha="$(grep "darwin_arm64.zip" checksums.txt | awk '{ print $1 }')" + darwin_intel_sha="$(grep "darwin_amd64.zip" checksums.txt | awk '{ print $1 }')" + linux_sha="$(grep "linux_amd64.tar.gz" checksums.txt | awk '{ print $1 }')" echo "macOS arm64: $darwin_arm_sha" echo "macOS amd64: $darwin_intel_sha" @@ -782,7 +847,7 @@ jobs: # Check if a PR already exists. pr_count="$(gh pr list --search "head:$brew_branch" --json id,closed | jq -r ".[] | select(.closed == false) | .id" | wc -l)" - if [[ "$pr_count" > 0 ]]; then + if [ "$pr_count" -gt 0 ]; then echo "Bailing out as PR already exists" 2>&1 exit 0 fi @@ -801,8 +866,8 @@ jobs: -B master -H "$brew_branch" \ -t "coder $coder_version" \ -b "" \ - -r "${{ github.actor }}" \ - -a "${{ github.actor }}" \ + -r "${GITHUB_ACTOR}" \ + -a "${GITHUB_ACTOR}" \ -b "This automatic PR was triggered by the release of Coder v$coder_version" publish-winget: @@ -813,7 +878,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 with: egress-policy: audit @@ -823,9 +888,10 @@ jobs: GH_TOKEN: ${{ secrets.CDRCI_GITHUB_TOKEN }} - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: fetch-depth: 0 + persist-credentials: false # If the event that triggered the build was an annotated tag (which our # tags are supposed to be), actions/checkout has a bug where the tag in @@ -844,7 +910,7 @@ jobs: # The package version is the same as the tag minus the leading "v". # The version in this output already has the leading "v" removed but # we do it again to be safe. - $version = "${{ needs.release.outputs.version }}".Trim('v') + $version = $env:VERSION.Trim('v') $release_assets = gh release view --repo coder/coder "v${version}" --json assets | ` ConvertFrom-Json @@ -876,13 +942,14 @@ jobs: # For wingetcreate. We need a real token since we're pushing a commit # to GitHub and then making a PR in a different repo. WINGET_GH_TOKEN: ${{ secrets.CDRCI_GITHUB_TOKEN }} + VERSION: ${{ needs.release.outputs.version }} - name: Comment on PR run: | # wait 30 seconds Start-Sleep -Seconds 30.0 # Find the PR that wingetcreate just made. - $version = "${{ needs.release.outputs.version }}".Trim('v') + $version = $env:VERSION.Trim('v') $pr_list = gh pr list --repo microsoft/winget-pkgs --search "author:cdrci Coder.Coder version ${version}" --limit 1 --json number | ` ConvertFrom-Json $pr_number = $pr_list[0].number @@ -893,6 +960,7 @@ jobs: # For gh CLI. We need a real token since we're commenting on a PR in a # different repo. GH_TOKEN: ${{ secrets.CDRCI_GITHUB_TOKEN }} + VERSION: ${{ needs.release.outputs.version }} # publish-sqlc pushes the latest schema to sqlc cloud. # At present these pushes cannot be tagged, so the last push is always the latest. @@ -903,14 +971,15 @@ jobs: if: ${{ !inputs.dry_run }} steps: - name: Harden Runner - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 with: egress-policy: audit - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: fetch-depth: 1 + persist-credentials: false # We need golang to run the migration main.go - name: Setup Go diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index d773ad74e5adc..87e9e6271c6ac 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -20,12 +20,12 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 with: egress-policy: audit - name: "Checkout code" - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: persist-credentials: false @@ -47,6 +47,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@ce28f5bb42b7a9f2c824e633a3f6ee835bab6858 # v3.29.0 + uses: github/codeql-action/upload-sarif@76621b61decf072c1cee8dd1ce2d2a82d33c17ed # v3.29.5 with: sarif_file: results.sarif diff --git a/.github/workflows/security.yaml b/.github/workflows/security.yaml index be4811e05e813..e7fde82bf1dce 100644 --- a/.github/workflows/security.yaml +++ b/.github/workflows/security.yaml @@ -27,18 +27,20 @@ jobs: runs-on: ${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-8' || 'ubuntu-latest' }} steps: - name: Harden Runner - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 with: egress-policy: audit - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + with: + persist-credentials: false - name: Setup Go uses: ./.github/actions/setup-go - name: Initialize CodeQL - uses: github/codeql-action/init@ce28f5bb42b7a9f2c824e633a3f6ee835bab6858 # v3.29.0 + uses: github/codeql-action/init@76621b61decf072c1cee8dd1ce2d2a82d33c17ed # v3.29.5 with: languages: go, javascript @@ -48,7 +50,7 @@ jobs: rm Makefile - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@ce28f5bb42b7a9f2c824e633a3f6ee835bab6858 # v3.29.0 + uses: github/codeql-action/analyze@76621b61decf072c1cee8dd1ce2d2a82d33c17ed # v3.29.5 - name: Send Slack notification on failure if: ${{ failure() }} @@ -67,14 +69,15 @@ jobs: runs-on: ${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-8' || 'ubuntu-latest' }} steps: - name: Harden Runner - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 with: egress-policy: audit - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 with: fetch-depth: 0 + persist-credentials: false - name: Setup Go uses: ./.github/actions/setup-go @@ -134,15 +137,16 @@ jobs: # This environment variables forces scripts/build_docker.sh to build # the base image tag locally instead of using the cached version from # the registry. - export CODER_IMAGE_BUILD_BASE_TAG="$(CODER_IMAGE_BASE=coder-base ./scripts/image_tag.sh --version "$version")" + CODER_IMAGE_BUILD_BASE_TAG="$(CODER_IMAGE_BASE=coder-base ./scripts/image_tag.sh --version "$version")" + export CODER_IMAGE_BUILD_BASE_TAG # We would like to use make -j here, but it doesn't work with the some recent additions # to our code generation. make "$image_job" - echo "image=$(cat "$image_job")" >> $GITHUB_OUTPUT + echo "image=$(cat "$image_job")" >> "$GITHUB_OUTPUT" - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@76071ef0d7ec797419534a183b498b4d6366cf37 + uses: aquasecurity/trivy-action@dc5a429b52fcf669ce959baa2c2dd26090d2a6c4 with: image-ref: ${{ steps.build.outputs.image }} format: sarif @@ -150,7 +154,7 @@ jobs: severity: "CRITICAL,HIGH" - name: Upload Trivy scan results to GitHub Security tab - uses: github/codeql-action/upload-sarif@ce28f5bb42b7a9f2c824e633a3f6ee835bab6858 # v3.29.0 + uses: github/codeql-action/upload-sarif@76621b61decf072c1cee8dd1ce2d2a82d33c17ed # v3.29.5 with: sarif_file: trivy-results.sarif category: "Trivy" diff --git a/.github/workflows/stale.yaml b/.github/workflows/stale.yaml index 2563367d840e2..27ec157fa0f3f 100644 --- a/.github/workflows/stale.yaml +++ b/.github/workflows/stale.yaml @@ -18,7 +18,7 @@ jobs: pull-requests: write steps: - name: Harden Runner - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 with: egress-policy: audit @@ -96,12 +96,14 @@ jobs: contents: write steps: - name: Harden Runner - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 with: egress-policy: audit - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + with: + persist-credentials: false - name: Run delete-old-branches-action uses: beatlabs/delete-old-branches-action@4eeeb8740ff8b3cb310296ddd6b43c3387734588 # v0.0.11 with: @@ -118,7 +120,7 @@ jobs: actions: write steps: - name: Harden Runner - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 with: egress-policy: audit diff --git a/.github/workflows/start-workspace.yaml b/.github/workflows/start-workspace.yaml index 975acd7e1d939..9c1106a040a0e 100644 --- a/.github/workflows/start-workspace.yaml +++ b/.github/workflows/start-workspace.yaml @@ -19,7 +19,7 @@ jobs: timeout-minutes: 5 steps: - name: Start Coder workspace - uses: coder/start-workspace-action@35a4608cefc7e8cc56573cae7c3b85304575cb72 + uses: coder/start-workspace-action@f97a681b4cc7985c9eef9963750c7cc6ebc93a19 with: github-token: ${{ secrets.GITHUB_TOKEN }} github-username: >- diff --git a/.github/workflows/typos.toml b/.github/workflows/typos.toml index 6a9b07b475111..6f475668118c9 100644 --- a/.github/workflows/typos.toml +++ b/.github/workflows/typos.toml @@ -28,6 +28,7 @@ HELO = "HELO" LKE = "LKE" byt = "byt" typ = "typ" +Inferrable = "Inferrable" [files] extend-exclude = [ @@ -47,5 +48,5 @@ extend-exclude = [ "provisioner/terraform/testdata/**", # notifications' golden files confuse the detector because of quoted-printable encoding "coderd/notifications/testdata/**", - "agent/agentcontainers/testdata/devcontainercli/**" + "agent/agentcontainers/testdata/devcontainercli/**", ] diff --git a/.github/workflows/weekly-docs.yaml b/.github/workflows/weekly-docs.yaml index c4b2a33361657..56f5e799305e8 100644 --- a/.github/workflows/weekly-docs.yaml +++ b/.github/workflows/weekly-docs.yaml @@ -21,15 +21,17 @@ jobs: pull-requests: write # required to post PR review comments by the action steps: - name: Harden Runner - uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1 + uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 with: egress-policy: audit - name: Checkout - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0 + with: + persist-credentials: false - name: Check Markdown links - uses: umbrelladocs/action-linkspector@e2ccef58c4b9eb89cd71ee23a8629744bba75aa6 # v1.3.5 + uses: umbrelladocs/action-linkspector@874d01cae9fd488e3077b08952093235bd626977 # v1.3.7 id: markdown-link-check # checks all markdown files from /docs including all subfolders with: @@ -41,7 +43,10 @@ jobs: - name: Send Slack notification if: failure() && github.event_name == 'schedule' run: | - curl -X POST -H 'Content-type: application/json' -d '{"msg":"Broken links found in the documentation. Please check the logs at ${{ env.LOGS_URL }}"}' ${{ secrets.DOCS_LINK_SLACK_WEBHOOK }} + curl \ + -X POST \ + -H 'Content-type: application/json' \ + -d '{"msg":"Broken links found in the documentation. Please check the logs at '"${LOGS_URL}"'"}' "${{ secrets.DOCS_LINK_SLACK_WEBHOOK }}" echo "Sent Slack notification" env: LOGS_URL: https://github.com/coder/coder/actions/runs/${{ github.run_id }} diff --git a/.golangci.yaml b/.golangci.yaml index 2e1e853a0425a..aeebaf47e29a6 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -181,7 +181,6 @@ linters-settings: issues: exclude-dirs: - - coderd/database/dbmem - node_modules - .git diff --git a/.mcp.json b/.mcp.json new file mode 100644 index 0000000000000..3f3734e4fef14 --- /dev/null +++ b/.mcp.json @@ -0,0 +1,36 @@ +{ + "mcpServers": { + "go-language-server": { + "type": "stdio", + "command": "go", + "args": [ + "run", + "github.com/isaacphi/mcp-language-server@latest", + "-workspace", + "./", + "-lsp", + "go", + "--", + "run", + "golang.org/x/tools/gopls@latest" + ], + "env": {} + }, + "typescript-language-server": { + "type": "stdio", + "command": "go", + "args": [ + "run", + "github.com/isaacphi/mcp-language-server@latest", + "-workspace", + "./site/", + "-lsp", + "pnpx", + "--", + "typescript-language-server", + "--stdio" + ], + "env": {} + } + } +} \ No newline at end of file diff --git a/.vscode/settings.json b/.vscode/settings.json index f2cf72b7d8ae0..7fef4af975bc2 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -49,7 +49,7 @@ "[javascript][javascriptreact][json][jsonc][typescript][typescriptreact]": { "editor.defaultFormatter": "biomejs.biome", "editor.codeActionsOnSave": { - "quickfix.biome": "explicit" + "source.fixAll.biome": "explicit" // "source.organizeImports.biome": "explicit" } }, diff --git a/AGENTS.md b/AGENTS.md new file mode 120000 index 0000000000000..681311eb9cf45 --- /dev/null +++ b/AGENTS.md @@ -0,0 +1 @@ +CLAUDE.md \ No newline at end of file diff --git a/CLAUDE.md b/CLAUDE.md index 8f0f5a8a99a4e..3de33a5466054 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -1,21 +1,25 @@ # Coder Development Guidelines -Read [cursor rules](.cursorrules). - -## Build/Test/Lint Commands - -### Main Commands - -- `make build` or `make build-fat` - Build all "fat" binaries (includes "server" functionality) -- `make build-slim` - Build "slim" binaries -- `make test` - Run Go tests -- `make test RUN=TestFunctionName` or `go test -v ./path/to/package -run TestFunctionName` - Test single -- `make test-postgres` - Run tests with Postgres database -- `make test-race` - Run tests with Go race detector -- `make test-e2e` - Run end-to-end tests -- `make lint` - Run all linters -- `make fmt` - Format all code -- `make gen` - Generates mocks, database queries and other auto-generated files +@.claude/docs/WORKFLOWS.md +@.cursorrules +@README.md +@package.json + +## 🚀 Essential Commands + +| Task | Command | Notes | +|-------------------|--------------------------|----------------------------------| +| **Development** | `./scripts/develop.sh` | ⚠️ Don't use manual build | +| **Build** | `make build` | Fat binaries (includes server) | +| **Build Slim** | `make build-slim` | Slim binaries | +| **Test** | `make test` | Full test suite | +| **Test Single** | `make test RUN=TestName` | Faster than full suite | +| **Test Postgres** | `make test-postgres` | Run tests with Postgres database | +| **Test Race** | `make test-race` | Run tests with Go race detector | +| **Lint** | `make lint` | Always run after changes | +| **Generate** | `make gen` | After database changes | +| **Format** | `make fmt` | Auto-format code | +| **Clean** | `make clean` | Clean build artifacts | ### Frontend Commands (site directory) @@ -26,82 +30,109 @@ Read [cursor rules](.cursorrules). - `pnpm lint` - Lint frontend code - `pnpm test` - Run frontend tests -## Code Style Guidelines +### Documentation Commands + +- `pnpm run format-docs` - Format markdown tables in docs +- `pnpm run lint-docs` - Lint and fix markdown files +- `pnpm run storybook` - Run Storybook (from site directory) + +## 🔧 Critical Patterns + +### Database Changes (ALWAYS FOLLOW) + +1. Modify `coderd/database/queries/*.sql` files +2. Run `make gen` +3. If audit errors: update `enterprise/audit/table.go` +4. Run `make gen` again + +### LSP Navigation (USE FIRST) + +#### Go LSP (for backend code) + +- **Find definitions**: `mcp__go-language-server__definition symbolName` +- **Find references**: `mcp__go-language-server__references symbolName` +- **Get type info**: `mcp__go-language-server__hover filePath line column` +- **Rename symbol**: `mcp__go-language-server__rename_symbol filePath line column newName` + +#### TypeScript LSP (for frontend code in site/) + +- **Find definitions**: `mcp__typescript-language-server__definition symbolName` +- **Find references**: `mcp__typescript-language-server__references symbolName` +- **Get type info**: `mcp__typescript-language-server__hover filePath line column` +- **Rename symbol**: `mcp__typescript-language-server__rename_symbol filePath line column newName` + +### OAuth2 Error Handling + +```go +// OAuth2-compliant error responses +writeOAuth2Error(ctx, rw, http.StatusBadRequest, "invalid_grant", "description") +``` -### Go +### Authorization Context -- Follow [Effective Go](https://go.dev/doc/effective_go) and [Go's Code Review Comments](https://github.com/golang/go/wiki/CodeReviewComments) -- Use `gofumpt` for formatting -- Create packages when used during implementation -- Validate abstractions against implementations +```go +// Public endpoints needing system access +app, err := api.Database.GetOAuth2ProviderAppByClientID(dbauthz.AsSystemRestricted(ctx), clientID) -### Error Handling +// Authenticated endpoints with user context +app, err := api.Database.GetOAuth2ProviderAppByClientID(ctx, clientID) +``` -- Use descriptive error messages -- Wrap errors with context -- Propagate errors appropriately -- Use proper error types -- (`xerrors.Errorf("failed to X: %w", err)`) +## 📋 Quick Reference -### Naming +### Full workflows available in imported WORKFLOWS.md -- Use clear, descriptive names -- Abbreviate only when obvious -- Follow Go and TypeScript naming conventions +### New Feature Checklist -### Comments +- [ ] Run `git pull` to ensure latest code +- [ ] Check if feature touches database - you'll need migrations +- [ ] Check if feature touches audit logs - update `enterprise/audit/table.go` -- Document exported functions, types, and non-obvious logic -- Follow JSDoc format for TypeScript -- Use godoc format for Go code +## 🏗️ Architecture -## Commit Style +- **coderd**: Main API service +- **provisionerd**: Infrastructure provisioning +- **Agents**: Workspace services (SSH, port forwarding) +- **Database**: PostgreSQL with `dbauthz` authorization -- Follow [Conventional Commits 1.0.0](https://www.conventionalcommits.org/en/v1.0.0/) -- Format: `type(scope): message` -- Types: `feat`, `fix`, `docs`, `style`, `refactor`, `test`, `chore` -- Keep message titles concise (~70 characters) -- Use imperative, present tense in commit titles +## 🧪 Testing -## Database queries +### Race Condition Prevention -- MUST DO! Any changes to database - adding queries, modifying queries should be done in the `coderd\database\queries\*.sql` files. Use `make gen` to generate necessary changes after. -- MUST DO! Queries are grouped in files relating to context - e.g. `prebuilds.sql`, `users.sql`, `provisionerjobs.sql`. -- After making changes to any `coderd\database\queries\*.sql` files you must run `make gen` to generate respective ORM changes. +- Use unique identifiers: `fmt.Sprintf("test-client-%s-%d", t.Name(), time.Now().UnixNano())` +- Never use hardcoded names in concurrent tests -## Architecture +### OAuth2 Testing -### Core Components +- Full suite: `./scripts/oauth2/test-mcp-oauth2.sh` +- Manual testing: `./scripts/oauth2/test-manual-flow.sh` -- **coderd**: Main API service connecting workspaces, provisioners, and users -- **provisionerd**: Execution context for infrastructure-modifying providers -- **Agents**: Services in remote workspaces providing features like SSH and port forwarding -- **Workspaces**: Cloud resources defined by Terraform +### Timing Issues -## Sub-modules +NEVER use `time.Sleep` to mitigate timing issues. If an issue +seems like it should use `time.Sleep`, read through https://github.com/coder/quartz and specifically the [README](https://github.com/coder/quartz/blob/main/README.md) to better understand how to handle timing issues. -### Template System +## 🎯 Code Style -- Templates define infrastructure for workspaces using Terraform -- Environment variables pass context between Coder and templates -- Official modules extend development environments +### Detailed guidelines in imported WORKFLOWS.md -### RBAC System +- Follow [Uber Go Style Guide](https://github.com/uber-go/guide/blob/master/style.md) +- Commit format: `type(scope): message` -- Permissions defined at site, organization, and user levels -- Object-Action model protects resources -- Built-in roles: owner, member, auditor, templateAdmin -- Permission format: `?...` +## 📚 Detailed Development Guides -### Database +@.claude/docs/OAUTH2.md +@.claude/docs/TESTING.md +@.claude/docs/TROUBLESHOOTING.md +@.claude/docs/DATABASE.md -- PostgreSQL 13+ recommended for production -- Migrations managed with `migrate` -- Database authorization through `dbauthz` package +## 🚨 Common Pitfalls -## Frontend +1. **Audit table errors** → Update `enterprise/audit/table.go` +2. **OAuth2 errors** → Return RFC-compliant format +3. **Race conditions** → Use unique test identifiers +4. **Missing newlines** → Ensure files end with newline -The frontend is contained in the site folder. +--- -For building Frontend refer to [this document](docs/contributing/frontend.md) -For building Frontend refer to [this document](docs/about/contributing/frontend.md) +*This file stays lean and actionable. Detailed workflows and explanations are imported automatically.* diff --git a/CODEOWNERS b/CODEOWNERS index 327c43dd3bb81..fde24a9d874ed 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -1,8 +1,41 @@ -# These APIs are versioned, so any changes need to be carefully reviewed for whether -# to bump API major or minor versions. +# These APIs are versioned, so any changes need to be carefully reviewed for +# whether to bump API major or minor versions. agent/proto/ @spikecurtis @johnstcn +provisionerd/proto/ @spikecurtis @johnstcn +provisionersdk/proto/ @spikecurtis @johnstcn tailnet/proto/ @spikecurtis @johnstcn vpn/vpn.proto @spikecurtis @johnstcn vpn/version.go @spikecurtis @johnstcn -provisionerd/proto/ @spikecurtis @johnstcn -provisionersdk/proto/ @spikecurtis @johnstcn + +# This caching code is particularly tricky, and one must be very careful when +# altering it. +coderd/files/ @aslilac + +coderd/dynamicparameters/ @Emyrk +coderd/rbac/ @Emyrk + +# Mainly dependent on coder/guts, which is maintained by @Emyrk +scripts/apitypings/ @Emyrk +scripts/gensite/ @aslilac + +site/ @aslilac @Parkreiner +site/src/hooks/ @Parkreiner +# These rules intentionally do not specify any owners. More specific rules +# override less specific rules, so these files are "ignored" by the site/ rule. +site/e2e/google/protobuf/timestampGenerated.ts +site/e2e/provisionerGenerated.ts +site/src/api/countriesGenerated.ts +site/src/api/rbacresourcesGenerated.ts +site/src/api/typesGenerated.ts +site/src/testHelpers/entities.ts +site/CLAUDE.md + +# The blood and guts of the autostop algorithm, which is quite complex and +# requires elite ball knowledge of most of the scheduling code to make changes +# without inadvertently affecting other parts of the codebase. +coderd/schedule/autostop.go @deansheather @DanielleMaywood + +# Usage tracking code requires intimate knowledge of Tallyman and Metronome, as +# well as guidance from revenue. +coderd/usage/ @deansheather @spikecurtis +enterprise/coderd/usage/ @deansheather @spikecurtis diff --git a/Makefile b/Makefile index b6e69ac28f223..3974966836881 100644 --- a/Makefile +++ b/Makefile @@ -252,6 +252,10 @@ $(CODER_ALL_BINARIES): go.mod go.sum \ fi cp "$@" "./site/out/bin/coder-$$os-$$arch$$dot_ext" + + if [[ "$${CODER_SIGN_GPG:-0}" == "1" ]]; then + cp "$@.asc" "./site/out/bin/coder-$$os-$$arch$$dot_ext.asc" + fi fi # This task builds Coder Desktop dylibs @@ -456,16 +460,31 @@ fmt: fmt/ts fmt/go fmt/terraform fmt/shfmt fmt/biome fmt/markdown .PHONY: fmt fmt/go: +ifdef FILE + # Format single file + if [[ -f "$(FILE)" ]] && [[ "$(FILE)" == *.go ]] && ! grep -q "DO NOT EDIT" "$(FILE)"; then \ + echo "$(GREEN)==>$(RESET) $(BOLD)fmt/go$(RESET) $(FILE)"; \ + go run mvdan.cc/gofumpt@v0.8.0 -w -l "$(FILE)"; \ + fi +else go mod tidy echo "$(GREEN)==>$(RESET) $(BOLD)fmt/go$(RESET)" # VS Code users should check out # https://github.com/mvdan/gofumpt#visual-studio-code find . $(FIND_EXCLUSIONS) -type f -name '*.go' -print0 | \ - xargs -0 grep --null -L "DO NOT EDIT" | \ - xargs -0 go run mvdan.cc/gofumpt@v0.4.0 -w -l + xargs -0 grep -E --null -L '^// Code generated .* DO NOT EDIT\.$$' | \ + xargs -0 go run mvdan.cc/gofumpt@v0.8.0 -w -l +endif .PHONY: fmt/go fmt/ts: site/node_modules/.installed +ifdef FILE + # Format single TypeScript/JavaScript file + if [[ -f "$(FILE)" ]] && [[ "$(FILE)" == *.ts ]] || [[ "$(FILE)" == *.tsx ]] || [[ "$(FILE)" == *.js ]] || [[ "$(FILE)" == *.jsx ]]; then \ + echo "$(GREEN)==>$(RESET) $(BOLD)fmt/ts$(RESET) $(FILE)"; \ + (cd site/ && pnpm exec biome format --write "../$(FILE)"); \ + fi +else echo "$(GREEN)==>$(RESET) $(BOLD)fmt/ts$(RESET)" cd site # Avoid writing files in CI to reduce file write activity @@ -474,9 +493,17 @@ ifdef CI else pnpm run check:fix endif +endif .PHONY: fmt/ts fmt/biome: site/node_modules/.installed +ifdef FILE + # Format single file with biome + if [[ -f "$(FILE)" ]] && [[ "$(FILE)" == *.ts ]] || [[ "$(FILE)" == *.tsx ]] || [[ "$(FILE)" == *.js ]] || [[ "$(FILE)" == *.jsx ]]; then \ + echo "$(GREEN)==>$(RESET) $(BOLD)fmt/biome$(RESET) $(FILE)"; \ + (cd site/ && pnpm exec biome format --write "../$(FILE)"); \ + fi +else echo "$(GREEN)==>$(RESET) $(BOLD)fmt/biome$(RESET)" cd site/ # Avoid writing files in CI to reduce file write activity @@ -485,14 +512,30 @@ ifdef CI else pnpm run format endif +endif .PHONY: fmt/biome fmt/terraform: $(wildcard *.tf) +ifdef FILE + # Format single Terraform file + if [[ -f "$(FILE)" ]] && [[ "$(FILE)" == *.tf ]] || [[ "$(FILE)" == *.tfvars ]]; then \ + echo "$(GREEN)==>$(RESET) $(BOLD)fmt/terraform$(RESET) $(FILE)"; \ + terraform fmt "$(FILE)"; \ + fi +else echo "$(GREEN)==>$(RESET) $(BOLD)fmt/terraform$(RESET)" terraform fmt -recursive +endif .PHONY: fmt/terraform fmt/shfmt: $(SHELL_SRC_FILES) +ifdef FILE + # Format single shell script + if [[ -f "$(FILE)" ]] && [[ "$(FILE)" == *.sh ]]; then \ + echo "$(GREEN)==>$(RESET) $(BOLD)fmt/shfmt$(RESET) $(FILE)"; \ + shfmt -w "$(FILE)"; \ + fi +else echo "$(GREEN)==>$(RESET) $(BOLD)fmt/shfmt$(RESET)" # Only do diff check in CI, errors on diff. ifdef CI @@ -500,14 +543,25 @@ ifdef CI else shfmt -w $(SHELL_SRC_FILES) endif +endif .PHONY: fmt/shfmt fmt/markdown: node_modules/.installed +ifdef FILE + # Format single markdown file + if [[ -f "$(FILE)" ]] && [[ "$(FILE)" == *.md ]]; then \ + echo "$(GREEN)==>$(RESET) $(BOLD)fmt/markdown$(RESET) $(FILE)"; \ + pnpm exec markdown-table-formatter "$(FILE)"; \ + fi +else echo "$(GREEN)==>$(RESET) $(BOLD)fmt/markdown$(RESET)" pnpm format-docs +endif .PHONY: fmt/markdown -lint: lint/shellcheck lint/go lint/ts lint/examples lint/helm lint/site-icons lint/markdown +# Note: we don't run zizmor in the lint target because it takes a while. CI +# runs it explicitly. +lint: lint/shellcheck lint/go lint/ts lint/examples lint/helm lint/site-icons lint/markdown lint/actions/actionlint .PHONY: lint lint/site-icons: @@ -524,6 +578,7 @@ lint/go: ./scripts/check_codersdk_imports.sh linter_ver=$(shell egrep -o 'GOLANGCI_LINT_VERSION=\S+' dogfood/coder/Dockerfile | cut -d '=' -f 2) go run github.com/golangci/golangci-lint/cmd/golangci-lint@v$$linter_ver run + go run github.com/coder/paralleltestctx/cmd/paralleltestctx@v0.0.1 -custom-funcs="testutil.Context" ./... .PHONY: lint/go lint/examples: @@ -545,13 +600,26 @@ lint/markdown: node_modules/.installed pnpm lint-docs .PHONY: lint/markdown +lint/actions: lint/actions/actionlint lint/actions/zizmor +.PHONY: lint/actions + +lint/actions/actionlint: + go run github.com/rhysd/actionlint/cmd/actionlint@v1.7.7 +.PHONY: lint/actions/actionlint + +lint/actions/zizmor: + ./scripts/zizmor.sh \ + --strict-collection \ + --persona=regular \ + . +.PHONY: lint/actions/zizmor + # All files generated by the database should be added here, and this can be used # as a target for jobs that need to run after the database is generated. DB_GEN_FILES := \ coderd/database/dump.sql \ coderd/database/querier.go \ coderd/database/unique_constraint.go \ - coderd/database/dbmem/dbmem.go \ coderd/database/dbmetrics/dbmetrics.go \ coderd/database/dbauthz/dbauthz.go \ coderd/database/dbmock/dbmock.go @@ -584,7 +652,8 @@ GEN_FILES := \ coderd/database/pubsub/psmock/psmock.go \ agent/agentcontainers/acmock/acmock.go \ agent/agentcontainers/dcspec/dcspec_gen.go \ - coderd/httpmw/loggermw/loggermock/loggermock.go + coderd/httpmw/loggermw/loggermock/loggermock.go \ + codersdk/workspacesdk/agentconnmock/agentconnmock.go # all gen targets should be added here and to gen/mark-fresh gen: gen/db gen/golden-files $(GEN_FILES) @@ -634,6 +703,7 @@ gen/mark-fresh: agent/agentcontainers/acmock/acmock.go \ agent/agentcontainers/dcspec/dcspec_gen.go \ coderd/httpmw/loggermw/loggermock/loggermock.go \ + codersdk/workspacesdk/agentconnmock/agentconnmock.go \ " for file in $$files; do @@ -677,6 +747,10 @@ coderd/httpmw/loggermw/loggermock/loggermock.go: coderd/httpmw/loggermw/logger.g go generate ./coderd/httpmw/loggermw/loggermock/ touch "$@" +codersdk/workspacesdk/agentconnmock/agentconnmock.go: codersdk/workspacesdk/agentconn.go + go generate ./codersdk/workspacesdk/agentconnmock/ + touch "$@" + agent/agentcontainers/dcspec/dcspec_gen.go: \ node_modules/.installed \ agent/agentcontainers/dcspec/devContainer.base.schema.json \ @@ -884,12 +958,31 @@ else GOTESTSUM_RETRY_FLAGS := endif +# default to 8x8 parallelism to avoid overwhelming our workspaces. Hopefully we can remove these defaults +# when we get our test suite's resource utilization under control. +GOTEST_FLAGS := -v -p $(or $(TEST_NUM_PARALLEL_PACKAGES),"8") -parallel=$(or $(TEST_NUM_PARALLEL_TESTS),"8") + +# The most common use is to set TEST_COUNT=1 to avoid Go's test cache. +ifdef TEST_COUNT +GOTEST_FLAGS += -count=$(TEST_COUNT) +endif + +ifdef TEST_SHORT +GOTEST_FLAGS += -short +endif + +ifdef RUN +GOTEST_FLAGS += -run $(RUN) +endif + +TEST_PACKAGES ?= ./... + test: - $(GIT_FLAGS) gotestsum --format standard-quiet $(GOTESTSUM_RETRY_FLAGS) --packages="./..." -- -v -short -count=1 $(if $(RUN),-run $(RUN)) + $(GIT_FLAGS) gotestsum --format standard-quiet $(GOTESTSUM_RETRY_FLAGS) --packages="$(TEST_PACKAGES)" -- $(GOTEST_FLAGS) .PHONY: test test-cli: - $(GIT_FLAGS) gotestsum --format standard-quiet $(GOTESTSUM_RETRY_FLAGS) --packages="./cli/..." -- -v -short -count=1 + $(MAKE) test TEST_PACKAGES="./cli..." .PHONY: test-cli # sqlc-cloud-is-setup will fail if no SQLc auth token is set. Use this as a @@ -925,7 +1018,7 @@ sqlc-vet: test-postgres-docker test-postgres: test-postgres-docker # The postgres test is prone to failure, so we limit parallelism for # more consistent execution. - $(GIT_FLAGS) DB=ci gotestsum \ + $(GIT_FLAGS) gotestsum \ --junitfile="gotests.xml" \ --jsonfile="gotests.json" \ $(GOTESTSUM_RETRY_FLAGS) \ diff --git a/agent/agent.go b/agent/agent.go index e142f8662f641..e4d7ab60e076b 100644 --- a/agent/agent.go +++ b/agent/agent.go @@ -89,16 +89,16 @@ type Options struct { ServiceBannerRefreshInterval time.Duration BlockFileTransfer bool Execer agentexec.Execer - - ExperimentalDevcontainersEnabled bool - ContainerAPIOptions []agentcontainers.Option // Enable ExperimentalDevcontainersEnabled for these to be effective. + Devcontainers bool + DevcontainerAPIOptions []agentcontainers.Option // Enable Devcontainers for these to be effective. + Clock quartz.Clock } type Client interface { ConnectRPC26(ctx context.Context) ( proto.DRPCAgentClient26, tailnetproto.DRPCTailnetClient26, error, ) - RewriteDERPMap(derpMap *tailcfg.DERPMap) + tailnet.DERPMapRewriter } type Agent interface { @@ -145,6 +145,9 @@ func New(options Options) Agent { if options.PortCacheDuration == 0 { options.PortCacheDuration = 1 * time.Second } + if options.Clock == nil { + options.Clock = quartz.NewReal() + } prometheusRegistry := options.PrometheusRegistry if prometheusRegistry == nil { @@ -158,6 +161,7 @@ func New(options Options) Agent { hardCtx, hardCancel := context.WithCancel(context.Background()) gracefulCtx, gracefulCancel := context.WithCancel(hardCtx) a := &agent{ + clock: options.Clock, tailnetListenPort: options.TailnetListenPort, reconnectingPTYTimeout: options.ReconnectingPTYTimeout, logger: options.Logger, @@ -190,8 +194,8 @@ func New(options Options) Agent { metrics: newAgentMetrics(prometheusRegistry), execer: options.Execer, - experimentalDevcontainersEnabled: options.ExperimentalDevcontainersEnabled, - containerAPIOptions: options.ContainerAPIOptions, + devcontainers: options.Devcontainers, + containerAPIOptions: options.DevcontainerAPIOptions, } // Initially, we have a closed channel, reflecting the fact that we are not initially connected. // Each time we connect we replace the channel (while holding the closeMutex) with a new one @@ -205,6 +209,7 @@ func New(options Options) Agent { } type agent struct { + clock quartz.Clock logger slog.Logger client Client exchangeToken func(ctx context.Context) (string, error) @@ -272,9 +277,9 @@ type agent struct { metrics *agentMetrics execer agentexec.Execer - experimentalDevcontainersEnabled bool - containerAPIOptions []agentcontainers.Option - containerAPI atomic.Pointer[agentcontainers.API] // Set by apiHandler. + devcontainers bool + containerAPIOptions []agentcontainers.Option + containerAPI *agentcontainers.API } func (a *agent) TailnetConn() *tailnet.Conn { @@ -311,7 +316,7 @@ func (a *agent) init() { return a.reportConnection(id, connectionType, ip) }, - ExperimentalDevContainersEnabled: a.experimentalDevcontainersEnabled, + ExperimentalContainers: a.devcontainers, }) if err != nil { panic(err) @@ -331,6 +336,17 @@ func (a *agent) init() { // will not report anywhere. a.scriptRunner.RegisterMetrics(a.prometheusRegistry) + containerAPIOpts := []agentcontainers.Option{ + agentcontainers.WithExecer(a.execer), + agentcontainers.WithCommandEnv(a.sshServer.CommandEnv), + agentcontainers.WithScriptLogger(func(logSourceID uuid.UUID) agentcontainers.ScriptLogger { + return a.logSender.GetScriptLogger(logSourceID) + }), + } + containerAPIOpts = append(containerAPIOpts, a.containerAPIOptions...) + + a.containerAPI = agentcontainers.NewAPI(a.logger.Named("containers"), containerAPIOpts...) + a.reconnectingPTYServer = reconnectingpty.NewServer( a.logger.Named("reconnecting-pty"), a.sshServer, @@ -340,7 +356,7 @@ func (a *agent) init() { a.metrics.connectionsTotal, a.metrics.reconnectingPTYErrors, a.reconnectingPTYTimeout, func(s *reconnectingpty.Server) { - s.ExperimentalDevcontainersEnabled = a.experimentalDevcontainersEnabled + s.ExperimentalContainers = a.devcontainers }, ) go a.runLoop() @@ -547,7 +563,6 @@ func (a *agent) reportMetadata(ctx context.Context, aAPI proto.DRPCAgentClient26 // channel to synchronize the results and avoid both messy // mutex logic and overloading the API. for _, md := range manifest.Metadata { - md := md // We send the result to the channel in the goroutine to avoid // sending the same result multiple times. So, we don't care about // the return values. @@ -1087,9 +1102,9 @@ func (a *agent) handleManifest(manifestOK *checkpoint) func(ctx context.Context, slog.F("parent_id", manifest.ParentID), slog.F("agent_id", manifest.AgentID), ) - if a.experimentalDevcontainersEnabled { + if a.devcontainers { a.logger.Info(ctx, "devcontainers are not supported on sub agents, disabling feature") - a.experimentalDevcontainersEnabled = false + a.devcontainers = false } } a.client.RewriteDERPMap(manifest.DERPMap) @@ -1142,17 +1157,27 @@ func (a *agent) handleManifest(manifestOK *checkpoint) func(ctx context.Context, } var ( - scripts = manifest.Scripts - scriptRunnerOpts []agentscripts.InitOption + scripts = manifest.Scripts + devcontainerScripts map[uuid.UUID]codersdk.WorkspaceAgentScript ) - if a.experimentalDevcontainersEnabled { - var dcScripts []codersdk.WorkspaceAgentScript - scripts, dcScripts = agentcontainers.ExtractAndInitializeDevcontainerScripts(manifest.Devcontainers, scripts) - // See ExtractAndInitializeDevcontainerScripts for motivation - // behind running dcScripts as post start scripts. - scriptRunnerOpts = append(scriptRunnerOpts, agentscripts.WithPostStartScripts(dcScripts...)) + if a.devcontainers { + // Init the container API with the manifest and client so that + // we can start accepting requests. The final start of the API + // happens after the startup scripts have been executed to + // ensure the presence of required tools. This means we can + // return existing devcontainers but actual container detection + // and creation will be deferred. + a.containerAPI.Init( + agentcontainers.WithManifestInfo(manifest.OwnerName, manifest.WorkspaceName, manifest.AgentName, manifest.Directory), + agentcontainers.WithDevcontainers(manifest.Devcontainers, manifest.Scripts), + agentcontainers.WithSubAgentClient(agentcontainers.NewSubAgentClientFromAPI(a.logger, aAPI)), + ) + + // Since devcontainer are enabled, remove devcontainer scripts + // from the main scripts list to avoid showing an error. + scripts, devcontainerScripts = agentcontainers.ExtractDevcontainerScripts(manifest.Devcontainers, scripts) } - err = a.scriptRunner.Init(scripts, aAPI.ScriptCompleted, scriptRunnerOpts...) + err = a.scriptRunner.Init(scripts, aAPI.ScriptCompleted) if err != nil { return xerrors.Errorf("init script runner: %w", err) } @@ -1169,7 +1194,18 @@ func (a *agent) handleManifest(manifestOK *checkpoint) func(ctx context.Context, // finished (both start and post start). For instance, an // autostarted devcontainer will be included in this time. err := a.scriptRunner.Execute(a.gracefulCtx, agentscripts.ExecuteStartScripts) - err = errors.Join(err, a.scriptRunner.Execute(a.gracefulCtx, agentscripts.ExecutePostStartScripts)) + + if a.devcontainers { + // Start the container API after the startup scripts have + // been executed to ensure that the required tools can be + // installed. + a.containerAPI.Start() + for _, dc := range manifest.Devcontainers { + cErr := a.createDevcontainer(ctx, aAPI, dc, devcontainerScripts[dc.ID]) + err = errors.Join(err, cErr) + } + } + dur := time.Since(start).Seconds() if err != nil { a.logger.Warn(ctx, "startup script(s) failed", slog.Error(err)) @@ -1188,14 +1224,6 @@ func (a *agent) handleManifest(manifestOK *checkpoint) func(ctx context.Context, } a.metrics.startupScriptSeconds.WithLabelValues(label).Set(dur) a.scriptRunner.StartCron() - - // If the container API is enabled, trigger an immediate refresh - // for quick sub agent injection. - if cAPI := a.containerAPI.Load(); cAPI != nil { - if err := cAPI.RefreshContainers(ctx); err != nil { - a.logger.Error(ctx, "failed to refresh containers", slog.Error(err)) - } - } }) if err != nil { return xerrors.Errorf("track conn goroutine: %w", err) @@ -1205,6 +1233,38 @@ func (a *agent) handleManifest(manifestOK *checkpoint) func(ctx context.Context, } } +func (a *agent) createDevcontainer( + ctx context.Context, + aAPI proto.DRPCAgentClient26, + dc codersdk.WorkspaceAgentDevcontainer, + script codersdk.WorkspaceAgentScript, +) (err error) { + var ( + exitCode = int32(0) + startTime = a.clock.Now() + status = proto.Timing_OK + ) + if err = a.containerAPI.CreateDevcontainer(dc.WorkspaceFolder, dc.ConfigPath); err != nil { + exitCode = 1 + status = proto.Timing_EXIT_FAILURE + } + endTime := a.clock.Now() + + if _, scriptErr := aAPI.ScriptCompleted(ctx, &proto.WorkspaceAgentScriptCompletedRequest{ + Timing: &proto.Timing{ + ScriptId: script.ID[:], + Start: timestamppb.New(startTime), + End: timestamppb.New(endTime), + ExitCode: exitCode, + Stage: proto.Timing_START, + Status: status, + }, + }); scriptErr != nil { + a.logger.Warn(ctx, "reporting script completed failed", slog.Error(scriptErr)) + } + return err +} + // createOrUpdateNetwork waits for the manifest to be set using manifestOK, then creates or updates // the tailnet using the information in the manifest func (a *agent) createOrUpdateNetwork(manifestOK, networkOK *checkpoint) func(context.Context, proto.DRPCAgentClient26) error { @@ -1228,7 +1288,6 @@ func (a *agent) createOrUpdateNetwork(manifestOK, networkOK *checkpoint) func(co // agent API. network, err = a.createTailnet( a.gracefulCtx, - aAPI, manifest.AgentID, manifest.DERPMap, manifest.DERPForceWebSockets, @@ -1263,9 +1322,9 @@ func (a *agent) createOrUpdateNetwork(manifestOK, networkOK *checkpoint) func(co network.SetBlockEndpoints(manifest.DisableDirectConnections) // Update the subagent client if the container API is available. - if cAPI := a.containerAPI.Load(); cAPI != nil { + if a.containerAPI != nil { client := agentcontainers.NewSubAgentClientFromAPI(a.logger, aAPI) - cAPI.UpdateSubAgentClient(client) + a.containerAPI.UpdateSubAgentClient(client) } } return nil @@ -1383,7 +1442,6 @@ func (a *agent) trackGoroutine(fn func()) error { func (a *agent) createTailnet( ctx context.Context, - aAPI proto.DRPCAgentClient26, agentID uuid.UUID, derpMap *tailcfg.DERPMap, derpForceWebSockets, disableDirectConnections bool, @@ -1516,10 +1574,7 @@ func (a *agent) createTailnet( }() if err = a.trackGoroutine(func() { defer apiListener.Close() - apiHandler, closeAPIHAndler := a.apiHandler(aAPI) - defer func() { - _ = closeAPIHAndler() - }() + apiHandler := a.apiHandler() server := &http.Server{ BaseContext: func(net.Listener) context.Context { return ctx }, Handler: apiHandler, @@ -1533,7 +1588,6 @@ func (a *agent) createTailnet( case <-ctx.Done(): case <-a.hardCtx.Done(): } - _ = closeAPIHAndler() _ = server.Close() }() @@ -1872,6 +1926,10 @@ func (a *agent) Close() error { a.logger.Error(a.hardCtx, "script runner close", slog.Error(err)) } + if err := a.containerAPI.Close(); err != nil { + a.logger.Error(a.hardCtx, "container API close", slog.Error(err)) + } + // Wait for the graceful shutdown to complete, but don't wait forever so // that we don't break user expectations. go func() { diff --git a/agent/agent_test.go b/agent/agent_test.go index 8ee15e563f3ce..d80f5d1982b74 100644 --- a/agent/agent_test.go +++ b/agent/agent_test.go @@ -456,8 +456,6 @@ func TestAgent_GitSSH(t *testing.T) { func TestAgent_SessionTTYShell(t *testing.T) { t.Parallel() - ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong) - t.Cleanup(cancel) if runtime.GOOS == "windows" { // This might be our implementation, or ConPTY itself. // It's difficult to find extensive tests for it, so @@ -468,6 +466,7 @@ func TestAgent_SessionTTYShell(t *testing.T) { for _, port := range sshPorts { t.Run(fmt.Sprintf("(%d)", port), func(t *testing.T) { t.Parallel() + ctx := testutil.Context(t, testutil.WaitShort) session := setupSSHSessionOnPort(t, agentsdk.Manifest{}, codersdk.ServiceBannerConfig{}, nil, port) command := "sh" @@ -1954,8 +1953,8 @@ func TestAgent_ReconnectingPTYContainer(t *testing.T) { // nolint: dogsled conn, _, _, _, _ := setupAgent(t, agentsdk.Manifest{}, 0, func(_ *agenttest.Client, o *agent.Options) { - o.ExperimentalDevcontainersEnabled = true - o.ContainerAPIOptions = append(o.ContainerAPIOptions, + o.Devcontainers = true + o.DevcontainerAPIOptions = append(o.DevcontainerAPIOptions, agentcontainers.WithContainerLabelIncludeFilter("this.label.does.not.exist.ignore.devcontainers", "true"), ) }) @@ -2130,7 +2129,7 @@ func TestAgent_DevcontainerAutostart(t *testing.T) { "name": "mywork", "image": "ubuntu:latest", "cmd": ["sleep", "infinity"], - "runArgs": ["--network=host"] + "runArgs": ["--network=host", "--label=`+agentcontainers.DevcontainerIsTestRunLabel+`=true"] }`), 0o600) require.NoError(t, err, "write devcontainer.json") @@ -2161,12 +2160,13 @@ func TestAgent_DevcontainerAutostart(t *testing.T) { //nolint:dogsled _, agentClient, _, _, _ := setupAgent(t, manifest, 0, func(_ *agenttest.Client, o *agent.Options) { - o.ExperimentalDevcontainersEnabled = true - o.ContainerAPIOptions = append( - o.ContainerAPIOptions, + o.Devcontainers = true + o.DevcontainerAPIOptions = append( + o.DevcontainerAPIOptions, // Only match this specific dev container. agentcontainers.WithClock(mClock), agentcontainers.WithContainerLabelIncludeFilter("devcontainer.local_folder", tempWorkspaceFolder), + agentcontainers.WithContainerLabelIncludeFilter(agentcontainers.DevcontainerIsTestRunLabel, "true"), agentcontainers.WithSubAgentURL(srv.URL), // The agent will copy "itself", but in the case of this test, the // agent is actually this test binary. So we'll tell the test binary @@ -2288,7 +2288,8 @@ func TestAgent_DevcontainerRecreate(t *testing.T) { err = os.WriteFile(devcontainerFile, []byte(`{ "name": "mywork", "image": "busybox:latest", - "cmd": ["sleep", "infinity"] + "cmd": ["sleep", "infinity"], + "runArgs": ["--label=`+agentcontainers.DevcontainerIsTestRunLabel+`=true"] }`), 0o600) require.NoError(t, err, "write devcontainer.json") @@ -2312,9 +2313,10 @@ func TestAgent_DevcontainerRecreate(t *testing.T) { //nolint:dogsled conn, client, _, _, _ := setupAgent(t, manifest, 0, func(_ *agenttest.Client, o *agent.Options) { - o.ExperimentalDevcontainersEnabled = true - o.ContainerAPIOptions = append(o.ContainerAPIOptions, + o.Devcontainers = true + o.DevcontainerAPIOptions = append(o.DevcontainerAPIOptions, agentcontainers.WithContainerLabelIncludeFilter("devcontainer.local_folder", workspaceFolder), + agentcontainers.WithContainerLabelIncludeFilter(agentcontainers.DevcontainerIsTestRunLabel, "true"), ) }) @@ -2369,7 +2371,7 @@ func TestAgent_DevcontainerRecreate(t *testing.T) { // devcontainer, we do it in a goroutine so we can process logs // concurrently. go func(container codersdk.WorkspaceAgentContainer) { - _, err := conn.RecreateDevcontainer(ctx, container.ID) + _, err := conn.RecreateDevcontainer(ctx, devcontainerID.String()) assert.NoError(t, err, "recreate devcontainer should succeed") }(container) @@ -2439,7 +2441,7 @@ func TestAgent_DevcontainersDisabledForSubAgent(t *testing.T) { // Setup the agent with devcontainers enabled initially. //nolint:dogsled conn, _, _, _, _ := setupAgent(t, manifest, 0, func(_ *agenttest.Client, o *agent.Options) { - o.ExperimentalDevcontainersEnabled = true + o.Devcontainers = true }) // Query the containers API endpoint. This should fail because @@ -2451,8 +2453,214 @@ func TestAgent_DevcontainersDisabledForSubAgent(t *testing.T) { require.Error(t, err) // Verify the error message contains the expected text. - require.Contains(t, err.Error(), "The agent dev containers feature is experimental and not enabled by default.") - require.Contains(t, err.Error(), "To enable this feature, set CODER_AGENT_DEVCONTAINERS_ENABLE=true in your template.") + require.Contains(t, err.Error(), "Dev Container feature not supported.") + require.Contains(t, err.Error(), "Dev Container integration inside other Dev Containers is explicitly not supported.") +} + +// TestAgent_DevcontainerPrebuildClaim tests that we correctly handle +// the claiming process for running devcontainers. +// +// You can run it manually as follows: +// +// CODER_TEST_USE_DOCKER=1 go test -count=1 ./agent -run TestAgent_DevcontainerPrebuildClaim +// +//nolint:paralleltest // This test sets an environment variable. +func TestAgent_DevcontainerPrebuildClaim(t *testing.T) { + if os.Getenv("CODER_TEST_USE_DOCKER") != "1" { + t.Skip("Set CODER_TEST_USE_DOCKER=1 to run this test") + } + if _, err := exec.LookPath("devcontainer"); err != nil { + t.Skip("This test requires the devcontainer CLI: npm install -g @devcontainers/cli") + } + + pool, err := dockertest.NewPool("") + require.NoError(t, err, "Could not connect to docker") + + var ( + ctx = testutil.Context(t, testutil.WaitShort) + + devcontainerID = uuid.New() + devcontainerLogSourceID = uuid.New() + + workspaceFolder = filepath.Join(t.TempDir(), "project") + devcontainerPath = filepath.Join(workspaceFolder, ".devcontainer") + devcontainerConfig = filepath.Join(devcontainerPath, "devcontainer.json") + ) + + // Given: A devcontainer project. + t.Logf("Workspace folder: %s", workspaceFolder) + + err = os.MkdirAll(devcontainerPath, 0o755) + require.NoError(t, err, "create dev container directory") + + // Given: This devcontainer project specifies an app that uses the owner name and workspace name. + err = os.WriteFile(devcontainerConfig, []byte(`{ + "name": "project", + "image": "busybox:latest", + "cmd": ["sleep", "infinity"], + "runArgs": ["--label=`+agentcontainers.DevcontainerIsTestRunLabel+`=true"], + "customizations": { + "coder": { + "apps": [{ + "slug": "zed", + "url": "zed://ssh/${localEnv:CODER_WORKSPACE_AGENT_NAME}.${localEnv:CODER_WORKSPACE_NAME}.${localEnv:CODER_WORKSPACE_OWNER_NAME}.coder${containerWorkspaceFolder}" + }] + } + } + }`), 0o600) + require.NoError(t, err, "write devcontainer config") + + // Given: A manifest with a prebuild username and workspace name. + manifest := agentsdk.Manifest{ + OwnerName: "prebuilds", + WorkspaceName: "prebuilds-xyz-123", + + Devcontainers: []codersdk.WorkspaceAgentDevcontainer{ + {ID: devcontainerID, Name: "test", WorkspaceFolder: workspaceFolder}, + }, + Scripts: []codersdk.WorkspaceAgentScript{ + {ID: devcontainerID, LogSourceID: devcontainerLogSourceID}, + }, + } + + // When: We create an agent with devcontainers enabled. + //nolint:dogsled + conn, client, _, _, _ := setupAgent(t, manifest, 0, func(_ *agenttest.Client, o *agent.Options) { + o.Devcontainers = true + o.DevcontainerAPIOptions = append(o.DevcontainerAPIOptions, + agentcontainers.WithContainerLabelIncludeFilter(agentcontainers.DevcontainerLocalFolderLabel, workspaceFolder), + agentcontainers.WithContainerLabelIncludeFilter(agentcontainers.DevcontainerIsTestRunLabel, "true"), + ) + }) + + testutil.Eventually(ctx, t, func(ctx context.Context) bool { + return slices.Contains(client.GetLifecycleStates(), codersdk.WorkspaceAgentLifecycleReady) + }, testutil.IntervalMedium, "agent not ready") + + var dcPrebuild codersdk.WorkspaceAgentDevcontainer + testutil.Eventually(ctx, t, func(ctx context.Context) bool { + resp, err := conn.ListContainers(ctx) + require.NoError(t, err) + + for _, dc := range resp.Devcontainers { + if dc.Container == nil { + continue + } + + v, ok := dc.Container.Labels[agentcontainers.DevcontainerLocalFolderLabel] + if ok && v == workspaceFolder { + dcPrebuild = dc + return true + } + } + + return false + }, testutil.IntervalMedium, "devcontainer not found") + defer func() { + pool.Client.RemoveContainer(docker.RemoveContainerOptions{ + ID: dcPrebuild.Container.ID, + RemoveVolumes: true, + Force: true, + }) + }() + + // Then: We expect a sub agent to have been created. + subAgents := client.GetSubAgents() + require.Len(t, subAgents, 1) + + subAgent := subAgents[0] + subAgentID, err := uuid.FromBytes(subAgent.GetId()) + require.NoError(t, err) + + // And: We expect there to be 1 app. + subAgentApps, err := client.GetSubAgentApps(subAgentID) + require.NoError(t, err) + require.Len(t, subAgentApps, 1) + + // And: This app should contain the prebuild workspace name and owner name. + subAgentApp := subAgentApps[0] + require.Equal(t, "zed://ssh/project.prebuilds-xyz-123.prebuilds.coder/workspaces/project", subAgentApp.GetUrl()) + + // Given: We close the client and connection + client.Close() + conn.Close() + + // Given: A new manifest with a regular user owner name and workspace name. + manifest = agentsdk.Manifest{ + OwnerName: "user", + WorkspaceName: "user-workspace", + + Devcontainers: []codersdk.WorkspaceAgentDevcontainer{ + {ID: devcontainerID, Name: "test", WorkspaceFolder: workspaceFolder}, + }, + Scripts: []codersdk.WorkspaceAgentScript{ + {ID: devcontainerID, LogSourceID: devcontainerLogSourceID}, + }, + } + + // When: We create an agent with devcontainers enabled. + //nolint:dogsled + conn, client, _, _, _ = setupAgent(t, manifest, 0, func(_ *agenttest.Client, o *agent.Options) { + o.Devcontainers = true + o.DevcontainerAPIOptions = append(o.DevcontainerAPIOptions, + agentcontainers.WithContainerLabelIncludeFilter(agentcontainers.DevcontainerLocalFolderLabel, workspaceFolder), + agentcontainers.WithContainerLabelIncludeFilter(agentcontainers.DevcontainerIsTestRunLabel, "true"), + ) + }) + + testutil.Eventually(ctx, t, func(ctx context.Context) bool { + return slices.Contains(client.GetLifecycleStates(), codersdk.WorkspaceAgentLifecycleReady) + }, testutil.IntervalMedium, "agent not ready") + + var dcClaimed codersdk.WorkspaceAgentDevcontainer + testutil.Eventually(ctx, t, func(ctx context.Context) bool { + resp, err := conn.ListContainers(ctx) + require.NoError(t, err) + + for _, dc := range resp.Devcontainers { + if dc.Container == nil { + continue + } + + v, ok := dc.Container.Labels[agentcontainers.DevcontainerLocalFolderLabel] + if ok && v == workspaceFolder { + dcClaimed = dc + return true + } + } + + return false + }, testutil.IntervalMedium, "devcontainer not found") + defer func() { + if dcClaimed.Container.ID != dcPrebuild.Container.ID { + pool.Client.RemoveContainer(docker.RemoveContainerOptions{ + ID: dcClaimed.Container.ID, + RemoveVolumes: true, + Force: true, + }) + } + }() + + // Then: We expect the claimed devcontainer and prebuild devcontainer + // to be using the same underlying container. + require.Equal(t, dcPrebuild.Container.ID, dcClaimed.Container.ID) + + // And: We expect there to be a sub agent created. + subAgents = client.GetSubAgents() + require.Len(t, subAgents, 1) + + subAgent = subAgents[0] + subAgentID, err = uuid.FromBytes(subAgent.GetId()) + require.NoError(t, err) + + // And: We expect there to be an app. + subAgentApps, err = client.GetSubAgentApps(subAgentID) + require.NoError(t, err) + require.Len(t, subAgentApps, 1) + + // And: We expect this app to have the user's owner name and workspace name. + subAgentApp = subAgentApps[0] + require.Equal(t, "zed://ssh/project.user-workspace.user.coder/workspaces/project", subAgentApp.GetUrl()) } func TestAgent_Dial(t *testing.T) { @@ -2460,11 +2668,11 @@ func TestAgent_Dial(t *testing.T) { cases := []struct { name string - setup func(t *testing.T) net.Listener + setup func(t testing.TB) net.Listener }{ { name: "TCP", - setup: func(t *testing.T) net.Listener { + setup: func(t testing.TB) net.Listener { l, err := net.Listen("tcp", "127.0.0.1:0") require.NoError(t, err, "create TCP listener") return l @@ -2472,7 +2680,7 @@ func TestAgent_Dial(t *testing.T) { }, { name: "UDP", - setup: func(t *testing.T) net.Listener { + setup: func(t testing.TB) net.Listener { addr := net.UDPAddr{ IP: net.ParseIP("127.0.0.1"), Port: 0, @@ -2490,57 +2698,69 @@ func TestAgent_Dial(t *testing.T) { // The purpose of this test is to ensure that a client can dial a // listener in the workspace over tailnet. - l := c.setup(t) - done := make(chan struct{}) - defer func() { - l.Close() - <-done - }() - - ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong) - defer cancel() - - go func() { - defer close(done) - for range 2 { - c, err := l.Accept() - if assert.NoError(t, err, "accept connection") { - testAccept(ctx, t, c) - _ = c.Close() + // + // The OS sometimes drops packets if the system can't keep up with + // them. For TCP packets, it's typically fine due to + // retransmissions, but for UDP packets, it can fail this test. + // + // The OS gets involved for the Wireguard traffic (either via DERP + // or direct UDP), and also for the traffic between the agent and + // the listener in the "workspace". + // + // To avoid this, we'll retry this test up to 3 times. + //nolint:gocritic // This test is flaky due to uncontrollable OS packet drops under heavy load. + testutil.RunRetry(t, 3, func(t testing.TB) { + ctx := testutil.Context(t, testutil.WaitLong) + + l := c.setup(t) + done := make(chan struct{}) + defer func() { + l.Close() + <-done + }() + + go func() { + defer close(done) + for range 2 { + c, err := l.Accept() + if assert.NoError(t, err, "accept connection") { + testAccept(ctx, t, c) + _ = c.Close() + } } - } - }() + }() - agentID := uuid.UUID{0, 0, 0, 0, 0, 1, 2, 3, 4, 5, 6, 7, 8} - //nolint:dogsled - agentConn, _, _, _, _ := setupAgent(t, agentsdk.Manifest{ - AgentID: agentID, - }, 0) - require.True(t, agentConn.AwaitReachable(ctx)) - conn, err := agentConn.DialContext(ctx, l.Addr().Network(), l.Addr().String()) - require.NoError(t, err) - testDial(ctx, t, conn) - err = conn.Close() - require.NoError(t, err) + agentID := uuid.UUID{0, 0, 0, 0, 0, 1, 2, 3, 4, 5, 6, 7, 8} + //nolint:dogsled + agentConn, _, _, _, _ := setupAgent(t, agentsdk.Manifest{ + AgentID: agentID, + }, 0) + require.True(t, agentConn.AwaitReachable(ctx)) + conn, err := agentConn.DialContext(ctx, l.Addr().Network(), l.Addr().String()) + require.NoError(t, err) + testDial(ctx, t, conn) + err = conn.Close() + require.NoError(t, err) - // also connect via the CoderServicePrefix, to test that we can reach the agent on this - // IP. This will be required for CoderVPN. - _, rawPort, _ := net.SplitHostPort(l.Addr().String()) - port, _ := strconv.ParseUint(rawPort, 10, 16) - ipp := netip.AddrPortFrom(tailnet.CoderServicePrefix.AddrFromUUID(agentID), uint16(port)) - - switch l.Addr().Network() { - case "tcp": - conn, err = agentConn.Conn.DialContextTCP(ctx, ipp) - case "udp": - conn, err = agentConn.Conn.DialContextUDP(ctx, ipp) - default: - t.Fatalf("unknown network: %s", l.Addr().Network()) - } - require.NoError(t, err) - testDial(ctx, t, conn) - err = conn.Close() - require.NoError(t, err) + // also connect via the CoderServicePrefix, to test that we can reach the agent on this + // IP. This will be required for CoderVPN. + _, rawPort, _ := net.SplitHostPort(l.Addr().String()) + port, _ := strconv.ParseUint(rawPort, 10, 16) + ipp := netip.AddrPortFrom(tailnet.CoderServicePrefix.AddrFromUUID(agentID), uint16(port)) + + switch l.Addr().Network() { + case "tcp": + conn, err = agentConn.TailnetConn().DialContextTCP(ctx, ipp) + case "udp": + conn, err = agentConn.TailnetConn().DialContextUDP(ctx, ipp) + default: + t.Fatalf("unknown network: %s", l.Addr().Network()) + } + require.NoError(t, err) + testDial(ctx, t, conn) + err = conn.Close() + require.NoError(t, err) + }) }) } } @@ -2591,7 +2811,7 @@ func TestAgent_UpdatedDERP(t *testing.T) { }) // Setup a client connection. - newClientConn := func(derpMap *tailcfg.DERPMap, name string) *workspacesdk.AgentConn { + newClientConn := func(derpMap *tailcfg.DERPMap, name string) workspacesdk.AgentConn { conn, err := tailnet.NewConn(&tailnet.Options{ Addresses: []netip.Prefix{tailnet.TailscaleServicePrefix.RandomPrefix()}, DERPMap: derpMap, @@ -2671,13 +2891,13 @@ func TestAgent_UpdatedDERP(t *testing.T) { // Connect from a second client and make sure it uses the new DERP map. conn2 := newClientConn(newDerpMap, "client2") - require.Equal(t, []int{2}, conn2.DERPMap().RegionIDs()) + require.Equal(t, []int{2}, conn2.TailnetConn().DERPMap().RegionIDs()) t.Log("conn2 got the new DERPMap") // If the first client gets a DERP map update, it should be able to // reconnect just fine. - conn1.SetDERPMap(newDerpMap) - require.Equal(t, []int{2}, conn1.DERPMap().RegionIDs()) + conn1.TailnetConn().SetDERPMap(newDerpMap) + require.Equal(t, []int{2}, conn1.TailnetConn().DERPMap().RegionIDs()) t.Log("set the new DERPMap on conn1") ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong) defer cancel() @@ -3043,8 +3263,8 @@ func setupSSHSessionOnPort( return session } -func setupAgent(t *testing.T, metadata agentsdk.Manifest, ptyTimeout time.Duration, opts ...func(*agenttest.Client, *agent.Options)) ( - *workspacesdk.AgentConn, +func setupAgent(t testing.TB, metadata agentsdk.Manifest, ptyTimeout time.Duration, opts ...func(*agenttest.Client, *agent.Options)) ( + workspacesdk.AgentConn, *agenttest.Client, <-chan *proto.Stats, afero.Fs, @@ -3141,7 +3361,7 @@ func setupAgent(t *testing.T, metadata agentsdk.Manifest, ptyTimeout time.Durati var dialTestPayload = []byte("dean-was-here123") -func testDial(ctx context.Context, t *testing.T, c net.Conn) { +func testDial(ctx context.Context, t testing.TB, c net.Conn) { t.Helper() if deadline, ok := ctx.Deadline(); ok { @@ -3157,7 +3377,7 @@ func testDial(ctx context.Context, t *testing.T, c net.Conn) { assertReadPayload(t, c, dialTestPayload) } -func testAccept(ctx context.Context, t *testing.T, c net.Conn) { +func testAccept(ctx context.Context, t testing.TB, c net.Conn) { t.Helper() defer c.Close() @@ -3174,7 +3394,7 @@ func testAccept(ctx context.Context, t *testing.T, c net.Conn) { assertWritePayload(t, c, dialTestPayload) } -func assertReadPayload(t *testing.T, r io.Reader, payload []byte) { +func assertReadPayload(t testing.TB, r io.Reader, payload []byte) { t.Helper() b := make([]byte, len(payload)+16) n, err := r.Read(b) @@ -3183,11 +3403,11 @@ func assertReadPayload(t *testing.T, r io.Reader, payload []byte) { assert.Equal(t, payload, b[:n]) } -func assertWritePayload(t *testing.T, w io.Writer, payload []byte) { +func assertWritePayload(t testing.TB, w io.Writer, payload []byte) { t.Helper() n, err := w.Write(payload) assert.NoError(t, err, "write payload") - assert.Equal(t, len(payload), n, "payload length does not match") + assert.Equal(t, len(payload), n, "written payload length does not match") } func testSessionOutput(t *testing.T, session *ssh.Session, expected, unexpected []string, expectedRe *regexp.Regexp) { @@ -3250,7 +3470,11 @@ func TestAgent_Metrics_SSH(t *testing.T) { registry := prometheus.NewRegistry() //nolint:dogsled - conn, _, _, _, _ := setupAgent(t, agentsdk.Manifest{}, 0, func(_ *agenttest.Client, o *agent.Options) { + conn, _, _, _, _ := setupAgent(t, agentsdk.Manifest{ + // Make sure we always get a DERP connection for + // currently_reachable_peers. + DisableDirectConnections: true, + }, 0, func(_ *agenttest.Client, o *agent.Options) { o.PrometheusRegistry = registry }) @@ -3304,7 +3528,7 @@ func TestAgent_Metrics_SSH(t *testing.T) { { Name: "coderd_agentstats_currently_reachable_peers", Type: proto.Stats_Metric_GAUGE, - Value: 0, + Value: 1, Labels: []*proto.Stats_Metric_Label{ { Name: "connection_type", @@ -3315,7 +3539,7 @@ func TestAgent_Metrics_SSH(t *testing.T) { { Name: "coderd_agentstats_currently_reachable_peers", Type: proto.Stats_Metric_GAUGE, - Value: 1, + Value: 0, Labels: []*proto.Stats_Metric_Label{ { Name: "connection_type", diff --git a/agent/agentcontainers/api.go b/agent/agentcontainers/api.go index ef2b7aa7ebcd2..d77d4209cb245 100644 --- a/agent/agentcontainers/api.go +++ b/agent/agentcontainers/api.go @@ -2,12 +2,16 @@ package agentcontainers import ( "context" + "encoding/json" "errors" "fmt" + "io/fs" + "maps" "net/http" "os" "path" "path/filepath" + "regexp" "runtime" "slices" "strings" @@ -17,17 +21,22 @@ import ( "github.com/fsnotify/fsnotify" "github.com/go-chi/chi/v5" + "github.com/go-git/go-git/v5/plumbing/format/gitignore" "github.com/google/uuid" + "github.com/spf13/afero" "golang.org/x/xerrors" "cdr.dev/slog" + "github.com/coder/coder/v2/agent/agentcontainers/ignore" "github.com/coder/coder/v2/agent/agentcontainers/watcher" "github.com/coder/coder/v2/agent/agentexec" + "github.com/coder/coder/v2/agent/usershell" "github.com/coder/coder/v2/coderd/httpapi" "github.com/coder/coder/v2/codersdk" "github.com/coder/coder/v2/codersdk/agentsdk" "github.com/coder/coder/v2/provisioner" "github.com/coder/quartz" + "github.com/coder/websocket" ) const ( @@ -39,6 +48,9 @@ const ( // by tmpfs or other mounts. This assumes the container root filesystem is // read-write, which seems sensible for devcontainers. coderPathInsideContainer = "/.coder-agent/coder" + + maxAgentNameLength = 64 + maxAttemptsToNameAgent = 5 ) // API is responsible for container-related operations in the agent. @@ -48,12 +60,14 @@ type API struct { cancel context.CancelFunc watcherDone chan struct{} updaterDone chan struct{} - initialUpdateDone chan struct{} // Closed after first update in updaterLoop. + discoverDone chan struct{} updateTrigger chan chan error // Channel to trigger manual refresh. updateInterval time.Duration // Interval for periodic container updates. logger slog.Logger watcher watcher.Watcher + fs afero.Fs execer agentexec.Execer + commandEnv CommandEnv ccli ContainerCLI containerLabelIncludeFilter map[string]string // Labels to filter containers by. dccli DevcontainerCLI @@ -63,22 +77,30 @@ type API struct { subAgentURL string subAgentEnv []string - ownerName string - workspaceName string - - mu sync.RWMutex - closed bool - containers codersdk.WorkspaceAgentListContainersResponse // Output from the last list operation. - containersErr error // Error from the last list operation. - devcontainerNames map[string]bool // By devcontainer name. - knownDevcontainers map[string]codersdk.WorkspaceAgentDevcontainer // By workspace folder. - configFileModifiedTimes map[string]time.Time // By config file path. - recreateSuccessTimes map[string]time.Time // By workspace folder. - recreateErrorTimes map[string]time.Time // By workspace folder. - injectedSubAgentProcs map[string]subAgentProcess // By workspace folder. - asyncWg sync.WaitGroup - - devcontainerLogSourceIDs map[string]uuid.UUID // By workspace folder. + projectDiscovery bool // If we should perform project discovery or not. + discoveryAutostart bool // If we should autostart discovered projects. + + ownerName string + workspaceName string + parentAgent string + agentDirectory string + + mu sync.RWMutex // Protects the following fields. + initDone chan struct{} // Closed by Init. + updateChans []chan struct{} + closed bool + containers codersdk.WorkspaceAgentListContainersResponse // Output from the last list operation. + containersErr error // Error from the last list operation. + devcontainerNames map[string]bool // By devcontainer name. + knownDevcontainers map[string]codersdk.WorkspaceAgentDevcontainer // By workspace folder. + devcontainerLogSourceIDs map[string]uuid.UUID // By workspace folder. + configFileModifiedTimes map[string]time.Time // By config file path. + recreateSuccessTimes map[string]time.Time // By workspace folder. + recreateErrorTimes map[string]time.Time // By workspace folder. + injectedSubAgentProcs map[string]subAgentProcess // By workspace folder. + usingWorkspaceFolderName map[string]bool // By workspace folder. + ignoredDevcontainers map[string]bool // By workspace folder. Tracks three states (true, false and not checked). + asyncWg sync.WaitGroup } type subAgentProcess struct { @@ -106,6 +128,31 @@ func WithExecer(execer agentexec.Execer) Option { } } +// WithCommandEnv sets the CommandEnv implementation to use. +func WithCommandEnv(ce CommandEnv) Option { + return func(api *API) { + api.commandEnv = func(ei usershell.EnvInfoer, preEnv []string) (string, string, []string, error) { + shell, dir, env, err := ce(ei, preEnv) + if err != nil { + return shell, dir, env, err + } + env = slices.DeleteFunc(env, func(s string) bool { + // Ensure we filter out environment variables that come + // from the parent agent and are incorrect or not + // relevant for the devcontainer. + return strings.HasPrefix(s, "CODER_WORKSPACE_AGENT_NAME=") || + strings.HasPrefix(s, "CODER_WORKSPACE_AGENT_URL=") || + strings.HasPrefix(s, "CODER_AGENT_TOKEN=") || + strings.HasPrefix(s, "CODER_AGENT_AUTH=") || + strings.HasPrefix(s, "CODER_AGENT_DEVCONTAINERS_ENABLE=") || + strings.HasPrefix(s, "CODER_AGENT_DEVCONTAINERS_PROJECT_DISCOVERY_ENABLE=") || + strings.HasPrefix(s, "CODER_AGENT_DEVCONTAINERS_DISCOVERY_AUTOSTART_ENABLE=") + }) + return shell, dir, env, nil + } + } +} + // WithContainerCLI sets the agentcontainers.ContainerCLI implementation // to use. The default implementation uses the Docker CLI. func WithContainerCLI(ccli ContainerCLI) Option { @@ -116,8 +163,8 @@ func WithContainerCLI(ccli ContainerCLI) Option { // WithContainerLabelIncludeFilter sets a label filter for containers. // This option can be given multiple times to filter by multiple labels. -// The behavior is such that only containers matching one or more of the -// provided labels will be included. +// The behavior is such that only containers matching all of the provided +// labels will be included. func WithContainerLabelIncludeFilter(label, value string) Option { return func(api *API) { api.containerLabelIncludeFilter[label] = value @@ -148,7 +195,7 @@ func WithSubAgentURL(url string) Option { } } -// WithSubAgent sets the environment variables for the sub-agent. +// WithSubAgentEnv sets the environment variables for the sub-agent. func WithSubAgentEnv(env ...string) Option { return func(api *API) { api.subAgentEnv = env @@ -157,10 +204,12 @@ func WithSubAgentEnv(env ...string) Option { // WithManifestInfo sets the owner name, and workspace name // for the sub-agent. -func WithManifestInfo(owner, workspace string) Option { +func WithManifestInfo(owner, workspace, parentAgent, agentDirectory string) Option { return func(api *API) { api.ownerName = owner api.workspaceName = workspace + api.parentAgent = parentAgent + api.agentDirectory = agentDirectory } } @@ -176,6 +225,29 @@ func WithDevcontainers(devcontainers []codersdk.WorkspaceAgentDevcontainer, scri api.devcontainerNames = make(map[string]bool, len(devcontainers)) api.devcontainerLogSourceIDs = make(map[string]uuid.UUID) for _, dc := range devcontainers { + if dc.Status == "" { + dc.Status = codersdk.WorkspaceAgentDevcontainerStatusStarting + } + logger := api.logger.With( + slog.F("devcontainer_id", dc.ID), + slog.F("devcontainer_name", dc.Name), + slog.F("workspace_folder", dc.WorkspaceFolder), + slog.F("config_path", dc.ConfigPath), + ) + + // Devcontainers have a name originating from Terraform, but + // we need to ensure that the name is unique. We will use + // the workspace folder name to generate a unique agent name, + // and if that fails, we will fall back to the devcontainers + // original name. + name, usingWorkspaceFolder := api.makeAgentName(dc.WorkspaceFolder, dc.Name) + if name != dc.Name { + logger = logger.With(slog.F("devcontainer_name", name)) + logger.Debug(api.ctx, "updating devcontainer name", slog.F("devcontainer_old_name", dc.Name)) + dc.Name = name + api.usingWorkspaceFolderName[dc.WorkspaceFolder] = usingWorkspaceFolder + } + api.knownDevcontainers[dc.WorkspaceFolder] = dc api.devcontainerNames[dc.Name] = true for _, script := range scripts { @@ -187,12 +259,7 @@ func WithDevcontainers(devcontainers []codersdk.WorkspaceAgentDevcontainer, scri } } if api.devcontainerLogSourceIDs[dc.WorkspaceFolder] == uuid.Nil { - api.logger.Error(api.ctx, "devcontainer log source ID not found for devcontainer", - slog.F("devcontainer_id", dc.ID), - slog.F("devcontainer_name", dc.Name), - slog.F("workspace_folder", dc.WorkspaceFolder), - slog.F("config_path", dc.ConfigPath), - ) + logger.Error(api.ctx, "devcontainer log source ID not found for devcontainer") } } } @@ -207,6 +274,29 @@ func WithWatcher(w watcher.Watcher) Option { } } +// WithFileSystem sets the file system used for discovering projects. +func WithFileSystem(fileSystem afero.Fs) Option { + return func(api *API) { + api.fs = fileSystem + } +} + +// WithProjectDiscovery sets if the API should attempt to discover +// projects on the filesystem. +func WithProjectDiscovery(projectDiscovery bool) Option { + return func(api *API) { + api.projectDiscovery = projectDiscovery + } +} + +// WithDiscoveryAutostart sets if the API should attempt to autostart +// projects that have been discovered +func WithDiscoveryAutostart(discoveryAutostart bool) Option { + return func(api *API) { + api.discoveryAutostart = discoveryAutostart + } +} + // ScriptLogger is an interface for sending devcontainer logs to the // controlplane. type ScriptLogger interface { @@ -234,9 +324,7 @@ func NewAPI(logger slog.Logger, options ...Option) *API { api := &API{ ctx: ctx, cancel: cancel, - watcherDone: make(chan struct{}), - updaterDone: make(chan struct{}), - initialUpdateDone: make(chan struct{}), + initDone: make(chan struct{}), updateTrigger: make(chan chan error), updateInterval: defaultUpdateInterval, logger: logger, @@ -246,16 +334,25 @@ func NewAPI(logger slog.Logger, options ...Option) *API { devcontainerNames: make(map[string]bool), knownDevcontainers: make(map[string]codersdk.WorkspaceAgentDevcontainer), configFileModifiedTimes: make(map[string]time.Time), + ignoredDevcontainers: make(map[string]bool), recreateSuccessTimes: make(map[string]time.Time), recreateErrorTimes: make(map[string]time.Time), scriptLogger: func(uuid.UUID) ScriptLogger { return noopScriptLogger{} }, injectedSubAgentProcs: make(map[string]subAgentProcess), + usingWorkspaceFolderName: make(map[string]bool), } // The ctx and logger must be set before applying options to avoid // nil pointer dereference. for _, opt := range options { opt(api) } + if api.commandEnv != nil { + api.execer = newCommandEnvExecer( + api.logger, + api.commandEnv, + api.execer, + ) + } if api.ccli == nil { api.ccli = NewDockerCLI(api.execer) } @@ -270,15 +367,217 @@ func NewAPI(logger slog.Logger, options ...Option) *API { api.watcher = watcher.NewNoop() } } + if api.fs == nil { + api.fs = afero.NewOsFs() + } if api.subAgentClient.Load() == nil { var c SubAgentClient = noopSubAgentClient{} api.subAgentClient.Store(&c) } + return api +} + +// Init applies a final set of options to the API and then +// closes initDone. This method can only be called once. +func (api *API) Init(opts ...Option) { + api.mu.Lock() + defer api.mu.Unlock() + if api.closed { + return + } + select { + case <-api.initDone: + return + default: + } + defer close(api.initDone) + + for _, opt := range opts { + opt(api) + } +} + +// Start starts the API by initializing the watcher and updater loops. +// This method calls Init, if it is desired to apply options after +// the API has been created, it should be done by calling Init before +// Start. This method must only be called once. +func (api *API) Start() { + api.Init() + + api.mu.Lock() + defer api.mu.Unlock() + if api.closed { + return + } + + if api.projectDiscovery && api.agentDirectory != "" { + api.discoverDone = make(chan struct{}) + + go api.discover() + } + + api.watcherDone = make(chan struct{}) + api.updaterDone = make(chan struct{}) + go api.watcherLoop() go api.updaterLoop() +} - return api +func (api *API) discover() { + defer close(api.discoverDone) + defer api.logger.Debug(api.ctx, "project discovery finished") + api.logger.Debug(api.ctx, "project discovery started") + + if err := api.discoverDevcontainerProjects(); err != nil { + api.logger.Error(api.ctx, "discovering dev container projects", slog.Error(err)) + } + + if err := api.RefreshContainers(api.ctx); err != nil { + api.logger.Error(api.ctx, "refreshing containers after discovery", slog.Error(err)) + } +} + +func (api *API) discoverDevcontainerProjects() error { + isGitProject, err := afero.DirExists(api.fs, filepath.Join(api.agentDirectory, ".git")) + if err != nil { + return xerrors.Errorf(".git dir exists: %w", err) + } + + // If the agent directory is a git project, we'll search + // the project for any `.devcontainer/devcontainer.json` + // files. + if isGitProject { + return api.discoverDevcontainersInProject(api.agentDirectory) + } + + // The agent directory is _not_ a git project, so we'll + // search the top level of the agent directory for any + // git projects, and search those. + entries, err := afero.ReadDir(api.fs, api.agentDirectory) + if err != nil { + return xerrors.Errorf("read agent directory: %w", err) + } + + for _, entry := range entries { + if !entry.IsDir() { + continue + } + + isGitProject, err = afero.DirExists(api.fs, filepath.Join(api.agentDirectory, entry.Name(), ".git")) + if err != nil { + return xerrors.Errorf(".git dir exists: %w", err) + } + + // If this directory is a git project, we'll search + // it for any `.devcontainer/devcontainer.json` files. + if isGitProject { + if err := api.discoverDevcontainersInProject(filepath.Join(api.agentDirectory, entry.Name())); err != nil { + return err + } + } + } + + return nil +} + +func (api *API) discoverDevcontainersInProject(projectPath string) error { + logger := api.logger. + Named("project-discovery"). + With(slog.F("project_path", projectPath)) + + globalPatterns, err := ignore.LoadGlobalPatterns(api.fs) + if err != nil { + return xerrors.Errorf("read global git ignore patterns: %w", err) + } + + patterns, err := ignore.ReadPatterns(api.ctx, logger, api.fs, projectPath) + if err != nil { + return xerrors.Errorf("read git ignore patterns: %w", err) + } + + matcher := gitignore.NewMatcher(append(globalPatterns, patterns...)) + + devcontainerConfigPaths := []string{ + "/.devcontainer/devcontainer.json", + "/.devcontainer.json", + } + + return afero.Walk(api.fs, projectPath, func(path string, info fs.FileInfo, err error) error { + if err != nil { + logger.Error(api.ctx, "encountered error while walking for dev container projects", + slog.F("path", path), + slog.Error(err)) + return nil + } + + pathParts := ignore.FilePathToParts(path) + + // We know that a directory entry cannot be a `devcontainer.json` file, so we + // always skip processing directories. If the directory happens to be ignored + // by git then we'll make sure to ignore all of the children of that directory. + if info.IsDir() { + if matcher.Match(pathParts, true) { + return fs.SkipDir + } + + return nil + } + + if matcher.Match(pathParts, false) { + return nil + } + + for _, relativeConfigPath := range devcontainerConfigPaths { + if !strings.HasSuffix(path, relativeConfigPath) { + continue + } + + workspaceFolder := strings.TrimSuffix(path, relativeConfigPath) + + logger := logger.With(slog.F("workspace_folder", workspaceFolder)) + logger.Debug(api.ctx, "discovered dev container project") + + api.mu.Lock() + if _, found := api.knownDevcontainers[workspaceFolder]; !found { + logger.Debug(api.ctx, "adding dev container project") + + dc := codersdk.WorkspaceAgentDevcontainer{ + ID: uuid.New(), + Name: "", // Updated later based on container state. + WorkspaceFolder: workspaceFolder, + ConfigPath: path, + Status: codersdk.WorkspaceAgentDevcontainerStatusStopped, + Dirty: false, // Updated later based on config file changes. + Container: nil, + } + + if api.discoveryAutostart { + config, err := api.dccli.ReadConfig(api.ctx, workspaceFolder, path, []string{}) + if err != nil { + logger.Error(api.ctx, "read project configuration", slog.Error(err)) + } else if config.Configuration.Customizations.Coder.AutoStart { + dc.Status = codersdk.WorkspaceAgentDevcontainerStatusStarting + } + } + + api.knownDevcontainers[workspaceFolder] = dc + api.broadcastUpdatesLocked() + + if dc.Status == codersdk.WorkspaceAgentDevcontainerStatusStarting { + api.asyncWg.Add(1) + go func() { + defer api.asyncWg.Done() + + _ = api.CreateDevcontainer(dc.WorkspaceFolder, dc.ConfigPath) + }() + } + } + api.mu.Unlock() + } + + return nil + }) } func (api *API) watcherLoop() { @@ -343,28 +642,45 @@ func (api *API) updaterLoop() { // and anyone looking to interact with the API. api.logger.Debug(api.ctx, "performing initial containers update") if err := api.updateContainers(api.ctx); err != nil { - api.logger.Error(api.ctx, "initial containers update failed", slog.Error(err)) + if errors.Is(err, context.Canceled) { + api.logger.Warn(api.ctx, "initial containers update canceled", slog.Error(err)) + } else { + api.logger.Error(api.ctx, "initial containers update failed", slog.Error(err)) + } } else { api.logger.Debug(api.ctx, "initial containers update complete") } - // Signal that the initial update attempt (successful or not) is done. - // Other services can wait on this if they need the first data to be available. - close(api.initialUpdateDone) // We utilize a TickerFunc here instead of a regular Ticker so that // we can guarantee execution of the updateContainers method after // advancing the clock. + var prevErr error ticker := api.clock.TickerFunc(api.ctx, api.updateInterval, func() error { done := make(chan error, 1) - defer close(done) - + var sent bool + defer func() { + if !sent { + close(done) + } + }() select { case <-api.ctx.Done(): return api.ctx.Err() case api.updateTrigger <- done: + sent = true err := <-done if err != nil { - api.logger.Error(api.ctx, "updater loop ticker failed", slog.Error(err)) + if errors.Is(err, context.Canceled) { + api.logger.Warn(api.ctx, "updater loop ticker canceled", slog.Error(err)) + return nil + } + // Avoid excessive logging of the same error. + if prevErr == nil || prevErr.Error() != err.Error() { + api.logger.Error(api.ctx, "updater loop ticker failed", slog.Error(err)) + } + prevErr = err + } else { + prevErr = nil } default: api.logger.Debug(api.ctx, "updater loop ticker skipped, update in progress") @@ -386,6 +702,7 @@ func (api *API) updaterLoop() { // Note that although we pass api.ctx here, updateContainers // has an internal timeout to prevent long blocking calls. done <- api.updateContainers(api.ctx) + close(done) } } } @@ -399,7 +716,7 @@ func (api *API) UpdateSubAgentClient(client SubAgentClient) { func (api *API) Routes() http.Handler { r := chi.NewRouter() - ensureInitialUpdateDoneMW := func(next http.Handler) http.Handler { + ensureInitDoneMW := func(next http.Handler) http.Handler { return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) { select { case <-api.ctx.Done(): @@ -410,9 +727,8 @@ func (api *API) Routes() http.Handler { return case <-r.Context().Done(): return - case <-api.initialUpdateDone: - // Initial update is done, we can start processing - // requests. + case <-api.initDone: + // API init is done, we can start processing requests. } next.ServeHTTP(rw, r) }) @@ -421,18 +737,105 @@ func (api *API) Routes() http.Handler { // For now, all endpoints require the initial update to be done. // If we want to allow some endpoints to be available before // the initial update, we can enable this per-route. - r.Use(ensureInitialUpdateDoneMW) + r.Use(ensureInitDoneMW) r.Get("/", api.handleList) + r.Get("/watch", api.watchContainers) // TODO(mafredri): Simplify this route as the previous /devcontainers // /-route was dropped. We can drop the /devcontainers prefix here too. - r.Route("/devcontainers", func(r chi.Router) { - r.Post("/container/{container}/recreate", api.handleDevcontainerRecreate) + r.Route("/devcontainers/{devcontainer}", func(r chi.Router) { + r.Post("/recreate", api.handleDevcontainerRecreate) }) return r } +func (api *API) broadcastUpdatesLocked() { + // Broadcast state changes to WebSocket listeners. + for _, ch := range api.updateChans { + select { + case ch <- struct{}{}: + default: + } + } +} + +func (api *API) watchContainers(rw http.ResponseWriter, r *http.Request) { + ctx := r.Context() + + conn, err := websocket.Accept(rw, r, &websocket.AcceptOptions{ + // We want `NoContextTakeover` compression to balance improving + // bandwidth cost/latency with minimal memory usage overhead. + CompressionMode: websocket.CompressionNoContextTakeover, + }) + if err != nil { + httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{ + Message: "Failed to upgrade connection to websocket.", + Detail: err.Error(), + }) + return + } + + // Here we close the websocket for reading, so that the websocket library will handle pings and + // close frames. + _ = conn.CloseRead(context.Background()) + + ctx, wsNetConn := codersdk.WebsocketNetConn(ctx, conn, websocket.MessageText) + defer wsNetConn.Close() + + go httpapi.Heartbeat(ctx, conn) + + updateCh := make(chan struct{}, 1) + + api.mu.Lock() + api.updateChans = append(api.updateChans, updateCh) + api.mu.Unlock() + + defer func() { + api.mu.Lock() + api.updateChans = slices.DeleteFunc(api.updateChans, func(ch chan struct{}) bool { + return ch == updateCh + }) + close(updateCh) + api.mu.Unlock() + }() + + encoder := json.NewEncoder(wsNetConn) + + ct, err := api.getContainers() + if err != nil { + api.logger.Error(ctx, "unable to get containers", slog.Error(err)) + return + } + + if err := encoder.Encode(ct); err != nil { + api.logger.Error(ctx, "encode container list", slog.Error(err)) + return + } + + for { + select { + case <-api.ctx.Done(): + return + + case <-ctx.Done(): + return + + case <-updateCh: + ct, err := api.getContainers() + if err != nil { + api.logger.Error(ctx, "unable to get containers", slog.Error(err)) + continue + } + + if err := encoder.Encode(ct); err != nil { + api.logger.Error(ctx, "encode container list", slog.Error(err)) + return + } + } + } +} + // handleList handles the HTTP request to list containers. func (api *API) handleList(rw http.ResponseWriter, r *http.Request) { ct, err := api.getContainers() @@ -460,7 +863,6 @@ func (api *API) updateContainers(ctx context.Context) error { // will clear up on the next update. if !errors.Is(err, context.Canceled) { api.mu.Lock() - api.containers = codersdk.WorkspaceAgentListContainersResponse{} api.containersErr = err api.mu.Unlock() } @@ -473,8 +875,26 @@ func (api *API) updateContainers(ctx context.Context) error { api.mu.Lock() defer api.mu.Unlock() + var previouslyKnownDevcontainers map[string]codersdk.WorkspaceAgentDevcontainer + if len(api.updateChans) > 0 { + previouslyKnownDevcontainers = maps.Clone(api.knownDevcontainers) + } + api.processUpdatedContainersLocked(ctx, updated) + if len(api.updateChans) > 0 { + statesAreEqual := maps.EqualFunc( + previouslyKnownDevcontainers, + api.knownDevcontainers, + func(dc1, dc2 codersdk.WorkspaceAgentDevcontainer) bool { + return dc1.Equals(dc2) + }) + + if !statesAreEqual { + api.broadcastUpdatesLocked() + } + } + api.logger.Debug(ctx, "containers updated successfully", slog.F("container_count", len(api.containers.Containers)), slog.F("warning_count", len(api.containers.Warnings)), slog.F("devcontainer_count", len(api.knownDevcontainers))) return nil @@ -523,16 +943,22 @@ func (api *API) processUpdatedContainersLocked(ctx context.Context, updated code slog.F("config_file", configFile), ) + // If we haven't set any include filters, we should explicitly ignore test devcontainers. + if len(api.containerLabelIncludeFilter) == 0 && container.Labels[DevcontainerIsTestRunLabel] == "true" { + continue + } + + // Filter out devcontainer tests, unless explicitly set in include filters. if len(api.containerLabelIncludeFilter) > 0 { - var ok bool + includeContainer := true for label, value := range api.containerLabelIncludeFilter { - if v, found := container.Labels[label]; found && v == value { - ok = true - } + v, found := container.Labels[label] + + includeContainer = includeContainer && (found && v == value) } // Verbose debug logging is fine here since typically filters // are only used in development or testing environments. - if !ok { + if !includeContainer { logger.Debug(ctx, "container does not match include filter, ignoring devcontainer", slog.F("container_labels", container.Labels), slog.F("include_filter", api.containerLabelIncludeFilter)) continue } @@ -583,10 +1009,11 @@ func (api *API) processUpdatedContainersLocked(ctx context.Context, updated code if dc.Container != nil { if !api.devcontainerNames[dc.Name] { // If the devcontainer name wasn't set via terraform, we - // use the containers friendly name as a fallback which - // will keep changing as the devcontainer is recreated. - // TODO(mafredri): Parse the container label (i.e. devcontainer.json) for customization. - dc.Name = safeFriendlyName(dc.Container.FriendlyName) + // will attempt to create an agent name based on the workspace + // folder's name. If it is not possible to generate a valid + // agent name based off of the folder name (i.e. no valid characters), + // we will instead fall back to using the container's friendly name. + dc.Name, api.usingWorkspaceFolderName[dc.WorkspaceFolder] = api.makeAgentName(dc.WorkspaceFolder, dc.Container.FriendlyName) } } @@ -612,6 +1039,9 @@ func (api *API) processUpdatedContainersLocked(ctx context.Context, updated code err := api.maybeInjectSubAgentIntoContainerLocked(ctx, dc) if err != nil { logger.Error(ctx, "inject subagent into container failed", slog.Error(err)) + dc.Error = err.Error() + } else { + dc.Error = "" } } @@ -631,6 +1061,40 @@ func (api *API) processUpdatedContainersLocked(ctx context.Context, updated code api.containersErr = nil } +var consecutiveHyphenRegex = regexp.MustCompile("-+") + +// `safeAgentName` returns a safe agent name derived from a folder name, +// falling back to the container’s friendly name if needed. The second +// return value will be `true` if it succeeded and `false` if it had +// to fallback to the friendly name. +func safeAgentName(name string, friendlyName string) (string, bool) { + // Keep only ASCII letters and digits, replacing everything + // else with a hyphen. + var sb strings.Builder + for _, r := range strings.ToLower(name) { + if (r >= 'a' && r <= 'z') || (r >= '0' && r <= '9') { + _, _ = sb.WriteRune(r) + } else { + _, _ = sb.WriteRune('-') + } + } + + // Remove any consecutive hyphens, and then trim any leading + // and trailing hyphens. + name = consecutiveHyphenRegex.ReplaceAllString(sb.String(), "-") + name = strings.Trim(name, "-") + + // Ensure the name of the agent doesn't exceed the maximum agent + // name length. + name = name[:min(len(name), maxAgentNameLength)] + + if provisioner.AgentNameRegex.Match([]byte(name)) { + return name, true + } + + return safeFriendlyName(friendlyName), false +} + // safeFriendlyName returns a API safe version of the container's // friendly name. // @@ -643,6 +1107,47 @@ func safeFriendlyName(name string) string { return name } +// expandedAgentName creates an agent name by including parent directories +// from the workspace folder path to avoid name collisions. Like `safeAgentName`, +// the second returned value will be true if using the workspace folder name, +// and false if it fell back to the friendly name. +func expandedAgentName(workspaceFolder string, friendlyName string, depth int) (string, bool) { + var parts []string + for part := range strings.SplitSeq(filepath.ToSlash(workspaceFolder), "/") { + if part = strings.TrimSpace(part); part != "" { + parts = append(parts, part) + } + } + if len(parts) == 0 { + return safeFriendlyName(friendlyName), false + } + + components := parts[max(0, len(parts)-depth-1):] + expanded := strings.Join(components, "-") + + return safeAgentName(expanded, friendlyName) +} + +// makeAgentName attempts to create an agent name. It will first attempt to create an +// agent name based off of the workspace folder, and will eventually fallback to a +// friendly name. Like `safeAgentName`, the second returned value will be true if the +// agent name utilizes the workspace folder, and false if it falls back to the +// friendly name. +func (api *API) makeAgentName(workspaceFolder string, friendlyName string) (string, bool) { + for attempt := 0; attempt <= maxAttemptsToNameAgent; attempt++ { + agentName, usingWorkspaceFolder := expandedAgentName(workspaceFolder, friendlyName, attempt) + if !usingWorkspaceFolder { + return agentName, false + } + + if !api.devcontainerNames[agentName] { + return agentName, true + } + } + + return safeFriendlyName(friendlyName), false +} + // RefreshContainers triggers an immediate update of the container list // and waits for it to complete. func (api *API) RefreshContainers(ctx context.Context) (err error) { @@ -653,12 +1158,19 @@ func (api *API) RefreshContainers(ctx context.Context) (err error) { }() done := make(chan error, 1) + var sent bool + defer func() { + if !sent { + close(done) + } + }() select { case <-api.ctx.Done(): return xerrors.Errorf("API closed: %w", api.ctx.Err()) case <-ctx.Done(): return ctx.Err() case api.updateTrigger <- done: + sent = true select { case <-api.ctx.Done(): return xerrors.Errorf("API closed: %w", api.ctx.Err()) @@ -682,6 +1194,10 @@ func (api *API) getContainers() (codersdk.WorkspaceAgentListContainersResponse, if len(api.knownDevcontainers) > 0 { devcontainers = make([]codersdk.WorkspaceAgentDevcontainer, 0, len(api.knownDevcontainers)) for _, dc := range api.knownDevcontainers { + if api.ignoredDevcontainers[dc.WorkspaceFolder] { + continue + } + // Include the agent if it's running (we're iterating over // copies, so mutating is fine). if proc := api.injectedSubAgentProcs[dc.WorkspaceFolder]; proc.agent.ID != uuid.Nil { @@ -695,7 +1211,7 @@ func (api *API) getContainers() (codersdk.WorkspaceAgentListContainersResponse, devcontainers = append(devcontainers, dc) } slices.SortFunc(devcontainers, func(a, b codersdk.WorkspaceAgentDevcontainer) int { - return strings.Compare(a.Name, b.Name) + return strings.Compare(a.WorkspaceFolder, b.WorkspaceFolder) }) } @@ -710,68 +1226,40 @@ func (api *API) getContainers() (codersdk.WorkspaceAgentListContainersResponse, // devcontainer by referencing the container. func (api *API) handleDevcontainerRecreate(w http.ResponseWriter, r *http.Request) { ctx := r.Context() - containerID := chi.URLParam(r, "container") + devcontainerID := chi.URLParam(r, "devcontainer") - if containerID == "" { + if devcontainerID == "" { httpapi.Write(ctx, w, http.StatusBadRequest, codersdk.Response{ - Message: "Missing container ID or name", - Detail: "Container ID or name is required to recreate a devcontainer.", - }) - return - } - - containers, err := api.getContainers() - if err != nil { - httpapi.Write(ctx, w, http.StatusInternalServerError, codersdk.Response{ - Message: "Could not list containers", - Detail: err.Error(), - }) - return - } - - containerIdx := slices.IndexFunc(containers.Containers, func(c codersdk.WorkspaceAgentContainer) bool { return c.Match(containerID) }) - if containerIdx == -1 { - httpapi.Write(ctx, w, http.StatusNotFound, codersdk.Response{ - Message: "Container not found", - Detail: "Container ID or name not found in the list of containers.", - }) - return - } - - container := containers.Containers[containerIdx] - workspaceFolder := container.Labels[DevcontainerLocalFolderLabel] - configPath := container.Labels[DevcontainerConfigFileLabel] - - // Workspace folder is required to recreate a container, we don't verify - // the config path here because it's optional. - if workspaceFolder == "" { - httpapi.Write(ctx, w, http.StatusBadRequest, codersdk.Response{ - Message: "Missing workspace folder label", - Detail: "The container is not a devcontainer, the container must have the workspace folder label to support recreation.", + Message: "Missing devcontainer ID", + Detail: "Devcontainer ID is required to recreate a devcontainer.", }) return } api.mu.Lock() - dc, ok := api.knownDevcontainers[workspaceFolder] - switch { - case !ok: + var dc codersdk.WorkspaceAgentDevcontainer + for _, knownDC := range api.knownDevcontainers { + if knownDC.ID.String() == devcontainerID { + dc = knownDC + break + } + } + if dc.ID == uuid.Nil { api.mu.Unlock() - // This case should not happen if the container is a valid devcontainer. - api.logger.Error(ctx, "devcontainer not found for workspace folder", slog.F("workspace_folder", workspaceFolder)) - httpapi.Write(ctx, w, http.StatusInternalServerError, codersdk.Response{ + httpapi.Write(ctx, w, http.StatusNotFound, codersdk.Response{ Message: "Devcontainer not found.", - Detail: fmt.Sprintf("Could not find devcontainer for workspace folder: %q", workspaceFolder), + Detail: fmt.Sprintf("Could not find devcontainer with ID: %q", devcontainerID), }) return - case dc.Status == codersdk.WorkspaceAgentDevcontainerStatusStarting: + } + if dc.Status == codersdk.WorkspaceAgentDevcontainerStatusStarting { api.mu.Unlock() httpapi.Write(ctx, w, http.StatusConflict, codersdk.Response{ Message: "Devcontainer recreation already in progress", - Detail: fmt.Sprintf("Recreation for workspace folder %q is already underway.", dc.WorkspaceFolder), + Detail: fmt.Sprintf("Recreation for devcontainer %q is already underway.", dc.Name), }) return } @@ -780,52 +1268,69 @@ func (api *API) handleDevcontainerRecreate(w http.ResponseWriter, r *http.Reques // devcontainer multiple times in parallel. dc.Status = codersdk.WorkspaceAgentDevcontainerStatusStarting dc.Container = nil + dc.Error = "" api.knownDevcontainers[dc.WorkspaceFolder] = dc - api.asyncWg.Add(1) - go api.recreateDevcontainer(dc, configPath) + api.broadcastUpdatesLocked() + + go func() { + _ = api.CreateDevcontainer(dc.WorkspaceFolder, dc.ConfigPath, WithRemoveExistingContainer()) + }() api.mu.Unlock() httpapi.Write(ctx, w, http.StatusAccepted, codersdk.Response{ Message: "Devcontainer recreation initiated", - Detail: fmt.Sprintf("Recreation process for workspace folder %q has started.", dc.WorkspaceFolder), + Detail: fmt.Sprintf("Recreation process for devcontainer %q has started.", dc.Name), }) } -// recreateDevcontainer should run in its own goroutine and is responsible for +// createDevcontainer should run in its own goroutine and is responsible for // recreating a devcontainer based on the provided devcontainer configuration. // It updates the devcontainer status and logs the process. The configPath is // passed as a parameter for the odd chance that the container being recreated // has a different config file than the one stored in the devcontainer state. // The devcontainer state must be set to starting and the asyncWg must be // incremented before calling this function. -func (api *API) recreateDevcontainer(dc codersdk.WorkspaceAgentDevcontainer, configPath string) { - defer api.asyncWg.Done() +func (api *API) CreateDevcontainer(workspaceFolder, configPath string, opts ...DevcontainerCLIUpOptions) error { + api.mu.Lock() + if api.closed { + api.mu.Unlock() + return nil + } + + dc, found := api.knownDevcontainers[workspaceFolder] + if !found { + api.mu.Unlock() + return xerrors.Errorf("devcontainer not found") + } var ( - err error ctx = api.ctx logger = api.logger.With( slog.F("devcontainer_id", dc.ID), slog.F("devcontainer_name", dc.Name), slog.F("workspace_folder", dc.WorkspaceFolder), - slog.F("config_path", configPath), + slog.F("config_path", dc.ConfigPath), ) ) - if dc.ConfigPath != configPath { - logger.Warn(ctx, "devcontainer config path mismatch", - slog.F("config_path_param", configPath), - ) - } - // Send logs via agent logging facilities. logSourceID := api.devcontainerLogSourceIDs[dc.WorkspaceFolder] if logSourceID == uuid.Nil { - // Fallback to the external log source ID if not found. + api.logger.Debug(api.ctx, "devcontainer log source ID not found, falling back to external log source ID") logSourceID = agentsdk.ExternalLogSourceID } + api.asyncWg.Add(1) + defer api.asyncWg.Done() + api.mu.Unlock() + + if dc.ConfigPath != configPath { + logger.Warn(ctx, "devcontainer config path mismatch", + slog.F("config_path_param", configPath), + ) + } + scriptLogger := api.scriptLogger(logSourceID) defer func() { flushCtx, cancel := context.WithTimeout(api.ctx, 5*time.Second) @@ -841,24 +1346,29 @@ func (api *API) recreateDevcontainer(dc codersdk.WorkspaceAgentDevcontainer, con logger.Debug(ctx, "starting devcontainer recreation") - _, err = api.dccli.Up(ctx, dc.WorkspaceFolder, configPath, WithUpOutput(infoW, errW), WithRemoveExistingContainer()) + upOptions := []DevcontainerCLIUpOptions{WithUpOutput(infoW, errW)} + upOptions = append(upOptions, opts...) + + _, err := api.dccli.Up(ctx, dc.WorkspaceFolder, configPath, upOptions...) if err != nil { // No need to log if the API is closing (context canceled), as this // is expected behavior when the API is shutting down. if !errors.Is(err, context.Canceled) { - logger.Error(ctx, "devcontainer recreation failed", slog.Error(err)) + logger.Error(ctx, "devcontainer creation failed", slog.Error(err)) } api.mu.Lock() dc = api.knownDevcontainers[dc.WorkspaceFolder] dc.Status = codersdk.WorkspaceAgentDevcontainerStatusError + dc.Error = err.Error() api.knownDevcontainers[dc.WorkspaceFolder] = dc api.recreateErrorTimes[dc.WorkspaceFolder] = api.clock.Now("agentcontainers", "recreate", "errorTimes") api.mu.Unlock() - return + + return xerrors.Errorf("start devcontainer: %w", err) } - logger.Info(ctx, "devcontainer recreated successfully") + logger.Info(ctx, "devcontainer created successfully") api.mu.Lock() dc = api.knownDevcontainers[dc.WorkspaceFolder] @@ -874,15 +1384,20 @@ func (api *API) recreateDevcontainer(dc codersdk.WorkspaceAgentDevcontainer, con } } dc.Dirty = false + dc.Error = "" api.recreateSuccessTimes[dc.WorkspaceFolder] = api.clock.Now("agentcontainers", "recreate", "successTimes") api.knownDevcontainers[dc.WorkspaceFolder] = dc + api.broadcastUpdatesLocked() api.mu.Unlock() // Ensure an immediate refresh to accurately reflect the // devcontainer state after recreation. if err := api.RefreshContainers(ctx); err != nil { - logger.Error(ctx, "failed to trigger immediate refresh after devcontainer recreation", slog.Error(err)) + logger.Error(ctx, "failed to trigger immediate refresh after devcontainer creation", slog.Error(err)) + return xerrors.Errorf("refresh containers: %w", err) } + + return nil } // markDevcontainerDirty finds the devcontainer with the given config file path @@ -914,6 +1429,10 @@ func (api *API) markDevcontainerDirty(configPath string, modifiedAt time.Time) { logger.Info(api.ctx, "marking devcontainer as dirty") dc.Dirty = true } + if _, ok := api.ignoredDevcontainers[dc.WorkspaceFolder]; ok { + logger.Debug(api.ctx, "clearing devcontainer ignored state") + delete(api.ignoredDevcontainers, dc.WorkspaceFolder) // Allow re-reading config. + } api.knownDevcontainers[dc.WorkspaceFolder] = dc } @@ -970,6 +1489,10 @@ func (api *API) cleanupSubAgents(ctx context.Context) error { // This method uses an internal timeout to prevent blocking indefinitely // if something goes wrong with the injection. func (api *API) maybeInjectSubAgentIntoContainerLocked(ctx context.Context, dc codersdk.WorkspaceAgentDevcontainer) (err error) { + if api.ignoredDevcontainers[dc.WorkspaceFolder] { + return nil + } + ctx, cancel := context.WithTimeout(ctx, defaultOperationTimeout) defer cancel() @@ -991,6 +1514,42 @@ func (api *API) maybeInjectSubAgentIntoContainerLocked(ctx context.Context, dc c maybeRecreateSubAgent := false proc, injected := api.injectedSubAgentProcs[dc.WorkspaceFolder] if injected { + if _, ignoreChecked := api.ignoredDevcontainers[dc.WorkspaceFolder]; !ignoreChecked { + // If ignore status has not yet been checked, or cleared by + // modifications to the devcontainer.json, we must read it + // to determine the current status. This can happen while + // the devcontainer subagent is already running or before + // we've had a chance to inject it. + // + // Note, for simplicity, we do not try to optimize to reduce + // ReadConfig calls here. + config, err := api.dccli.ReadConfig(ctx, dc.WorkspaceFolder, dc.ConfigPath, nil) + if err != nil { + return xerrors.Errorf("read devcontainer config: %w", err) + } + + dcIgnored := config.Configuration.Customizations.Coder.Ignore + if dcIgnored { + proc.stop() + if proc.agent.ID != uuid.Nil { + // Unlock while doing the delete operation. + api.mu.Unlock() + client := *api.subAgentClient.Load() + if err := client.Delete(ctx, proc.agent.ID); err != nil { + api.mu.Lock() + return xerrors.Errorf("delete subagent: %w", err) + } + api.mu.Lock() + } + // Reset agent and containerID to force config re-reading if ignore is toggled. + proc.agent = SubAgent{} + proc.containerID = "" + api.injectedSubAgentProcs[dc.WorkspaceFolder] = proc + api.ignoredDevcontainers[dc.WorkspaceFolder] = dcIgnored + return nil + } + } + if proc.containerID == container.ID && proc.ctx.Err() == nil { // Same container and running, no need to reinject. return nil @@ -1009,7 +1568,8 @@ func (api *API) maybeInjectSubAgentIntoContainerLocked(ctx context.Context, dc c // Container ID changed or the subagent process is not running, // stop the existing subagent context to replace it. proc.stop() - } else { + } + if proc.agent.OperatingSystem == "" { // Set SubAgent defaults. proc.agent.OperatingSystem = "linux" // Assuming Linux for devcontainers. } @@ -1028,7 +1588,11 @@ func (api *API) maybeInjectSubAgentIntoContainerLocked(ctx context.Context, dc c ranSubAgent := false // Clean up if injection fails. + var dcIgnored, setDCIgnored bool defer func() { + if setDCIgnored { + api.ignoredDevcontainers[dc.WorkspaceFolder] = dcIgnored + } if !ranSubAgent { proc.stop() if !api.closed { @@ -1066,48 +1630,6 @@ func (api *API) maybeInjectSubAgentIntoContainerLocked(ctx context.Context, dc c proc.agent.Architecture = arch } - agentBinaryPath, err := os.Executable() - if err != nil { - return xerrors.Errorf("get agent binary path: %w", err) - } - agentBinaryPath, err = filepath.EvalSymlinks(agentBinaryPath) - if err != nil { - return xerrors.Errorf("resolve agent binary path: %w", err) - } - - // If we scripted this as a `/bin/sh` script, we could reduce these - // steps to one instruction, speeding up the injection process. - // - // Note: We use `path` instead of `filepath` here because we are - // working with Unix-style paths inside the container. - if _, err := api.ccli.ExecAs(ctx, container.ID, "root", "mkdir", "-p", path.Dir(coderPathInsideContainer)); err != nil { - return xerrors.Errorf("create agent directory in container: %w", err) - } - - if err := api.ccli.Copy(ctx, container.ID, agentBinaryPath, coderPathInsideContainer); err != nil { - return xerrors.Errorf("copy agent binary: %w", err) - } - - logger.Info(ctx, "copied agent binary to container") - - // Make sure the agent binary is executable so we can run it (the - // user doesn't matter since we're making it executable for all). - if _, err := api.ccli.ExecAs(ctx, container.ID, "root", "chmod", "0755", path.Dir(coderPathInsideContainer), coderPathInsideContainer); err != nil { - return xerrors.Errorf("set agent binary executable: %w", err) - } - - // Attempt to add CAP_NET_ADMIN to the binary to improve network - // performance (optional, allow to fail). See `bootstrap_linux.sh`. - // TODO(mafredri): Disable for now until we can figure out why this - // causes the following error on some images: - // - // Image: mcr.microsoft.com/devcontainers/base:ubuntu - // Error: /.coder-agent/coder: Operation not permitted - // - // if _, err := api.ccli.ExecAs(ctx, container.ID, "root", "setcap", "cap_net_admin+ep", coderPathInsideContainer); err != nil { - // logger.Warn(ctx, "set CAP_NET_ADMIN on agent binary failed", slog.Error(err)) - // } - subAgentConfig := proc.agent.CloneConfig(dc) if proc.agent.ID == uuid.Nil || maybeRecreateSubAgent { subAgentConfig.Architecture = arch @@ -1124,6 +1646,7 @@ func (api *API) maybeInjectSubAgentIntoContainerLocked(ctx context.Context, dc c } var ( + featureOptionsAsEnvs []string appsWithPossibleDuplicates []SubAgentApp workspaceFolder = DevcontainerDefaultContainerWorkspaceFolder ) @@ -1135,20 +1658,36 @@ func (api *API) maybeInjectSubAgentIntoContainerLocked(ctx context.Context, dc c ) readConfig := func() (DevcontainerConfig, error) { - return api.dccli.ReadConfig(ctx, dc.WorkspaceFolder, dc.ConfigPath, []string{ - fmt.Sprintf("CODER_WORKSPACE_AGENT_NAME=%s", subAgentConfig.Name), - fmt.Sprintf("CODER_WORKSPACE_OWNER_NAME=%s", api.ownerName), - fmt.Sprintf("CODER_WORKSPACE_NAME=%s", api.workspaceName), - fmt.Sprintf("CODER_URL=%s", api.subAgentURL), - }) + return api.dccli.ReadConfig(ctx, dc.WorkspaceFolder, dc.ConfigPath, + append(featureOptionsAsEnvs, []string{ + fmt.Sprintf("CODER_WORKSPACE_AGENT_NAME=%s", subAgentConfig.Name), + fmt.Sprintf("CODER_WORKSPACE_OWNER_NAME=%s", api.ownerName), + fmt.Sprintf("CODER_WORKSPACE_NAME=%s", api.workspaceName), + fmt.Sprintf("CODER_WORKSPACE_PARENT_AGENT_NAME=%s", api.parentAgent), + fmt.Sprintf("CODER_URL=%s", api.subAgentURL), + fmt.Sprintf("CONTAINER_ID=%s", container.ID), + }...), + ) } if config, err = readConfig(); err != nil { return err } + // We only allow ignore to be set in the root customization layer to + // prevent weird interactions with devcontainer features. + dcIgnored, setDCIgnored = config.Configuration.Customizations.Coder.Ignore, true + if dcIgnored { + return nil + } + workspaceFolder = config.Workspace.WorkspaceFolder + featureOptionsAsEnvs = config.MergedConfiguration.Features.OptionsAsEnvs() + if len(featureOptionsAsEnvs) > 0 { + configOutdated = true + } + // NOTE(DanielleMaywood): // We only want to take an agent name specified in the root customization layer. // This restricts the ability for a feature to specify the agent name. We may revisit @@ -1158,6 +1697,7 @@ func (api *API) maybeInjectSubAgentIntoContainerLocked(ctx context.Context, dc c if provisioner.AgentNameRegex.Match([]byte(name)) { subAgentConfig.Name = name configOutdated = true + delete(api.usingWorkspaceFolderName, dc.WorkspaceFolder) } else { logger.Warn(ctx, "invalid name in devcontainer customization, ignoring", slog.F("name", name), @@ -1194,6 +1734,22 @@ func (api *API) maybeInjectSubAgentIntoContainerLocked(ctx context.Context, dc c api.logger.Error(ctx, "unable to read devcontainer config", slog.Error(err)) } + if dcIgnored { + proc.stop() + if proc.agent.ID != uuid.Nil { + // If we stop the subagent, we also need to delete it. + client := *api.subAgentClient.Load() + if err := client.Delete(ctx, proc.agent.ID); err != nil { + return xerrors.Errorf("delete subagent: %w", err) + } + } + // Reset agent and containerID to force config re-reading if + // ignore is toggled. + proc.agent = SubAgent{} + proc.containerID = "" + return nil + } + displayApps := make([]codersdk.DisplayApp, 0, len(displayAppsMap)) for app, enabled := range displayAppsMap { if enabled { @@ -1226,6 +1782,53 @@ func (api *API) maybeInjectSubAgentIntoContainerLocked(ctx context.Context, dc c subAgentConfig.Directory = workspaceFolder } + agentBinaryPath, err := os.Executable() + if err != nil { + return xerrors.Errorf("get agent binary path: %w", err) + } + agentBinaryPath, err = filepath.EvalSymlinks(agentBinaryPath) + if err != nil { + return xerrors.Errorf("resolve agent binary path: %w", err) + } + + // If we scripted this as a `/bin/sh` script, we could reduce these + // steps to one instruction, speeding up the injection process. + // + // Note: We use `path` instead of `filepath` here because we are + // working with Unix-style paths inside the container. + if _, err := api.ccli.ExecAs(ctx, container.ID, "root", "mkdir", "-p", path.Dir(coderPathInsideContainer)); err != nil { + return xerrors.Errorf("create agent directory in container: %w", err) + } + + if err := api.ccli.Copy(ctx, container.ID, agentBinaryPath, coderPathInsideContainer); err != nil { + return xerrors.Errorf("copy agent binary: %w", err) + } + + logger.Info(ctx, "copied agent binary to container") + + // Make sure the agent binary is executable so we can run it (the + // user doesn't matter since we're making it executable for all). + if _, err := api.ccli.ExecAs(ctx, container.ID, "root", "chmod", "0755", path.Dir(coderPathInsideContainer), coderPathInsideContainer); err != nil { + return xerrors.Errorf("set agent binary executable: %w", err) + } + + // Make sure the agent binary is owned by a valid user so we can run it. + if _, err := api.ccli.ExecAs(ctx, container.ID, "root", "/bin/sh", "-c", fmt.Sprintf("chown $(id -u):$(id -g) %s", coderPathInsideContainer)); err != nil { + return xerrors.Errorf("set agent binary ownership: %w", err) + } + + // Attempt to add CAP_NET_ADMIN to the binary to improve network + // performance (optional, allow to fail). See `bootstrap_linux.sh`. + // TODO(mafredri): Disable for now until we can figure out why this + // causes the following error on some images: + // + // Image: mcr.microsoft.com/devcontainers/base:ubuntu + // Error: /.coder-agent/coder: Operation not permitted + // + // if _, err := api.ccli.ExecAs(ctx, container.ID, "root", "setcap", "cap_net_admin+ep", coderPathInsideContainer); err != nil { + // logger.Warn(ctx, "set CAP_NET_ADMIN on agent binary failed", slog.Error(err)) + // } + deleteSubAgent := proc.agent.ID != uuid.Nil && maybeRecreateSubAgent && !proc.agent.EqualConfig(subAgentConfig) if deleteSubAgent { logger.Debug(ctx, "deleting existing subagent for recreation", slog.F("agent_id", proc.agent.ID)) @@ -1244,12 +1847,56 @@ func (api *API) maybeInjectSubAgentIntoContainerLocked(ctx context.Context, dc c ) // Create new subagent record in the database to receive the auth token. + // If we get a unique constraint violation, try with expanded names that + // include parent directories to avoid collisions. client := *api.subAgentClient.Load() - newSubAgent, err := client.Create(ctx, subAgentConfig) - if err != nil { - return xerrors.Errorf("create subagent failed: %w", err) + + originalName := subAgentConfig.Name + + for attempt := 1; attempt <= maxAttemptsToNameAgent; attempt++ { + agent, err := client.Create(ctx, subAgentConfig) + if err == nil { + proc.agent = agent // Only reassign on success. + if api.usingWorkspaceFolderName[dc.WorkspaceFolder] { + api.devcontainerNames[dc.Name] = true + delete(api.usingWorkspaceFolderName, dc.WorkspaceFolder) + } + + break + } + // NOTE(DanielleMaywood): + // Ordinarily we'd use `errors.As` here, but it didn't appear to work. Not + // sure if this is because of the communication protocol? Instead I've opted + // for a slightly more janky string contains approach. + // + // We only care if sub agent creation has failed due to a unique constraint + // violation on the agent name, as we can _possibly_ rectify this. + if !strings.Contains(err.Error(), "workspace agent name") { + return xerrors.Errorf("create subagent failed: %w", err) + } + + // If there has been a unique constraint violation but the user is *not* + // using an auto-generated name, then we should error. This is because + // we do not want to surprise the user with a name they did not ask for. + if usingFolderName := api.usingWorkspaceFolderName[dc.WorkspaceFolder]; !usingFolderName { + return xerrors.Errorf("create subagent failed: %w", err) + } + + if attempt == maxAttemptsToNameAgent { + return xerrors.Errorf("create subagent failed after %d attempts: %w", attempt, err) + } + + // We increase how much of the workspace folder is used for generating + // the agent name. With each iteration there is greater chance of this + // being successful. + subAgentConfig.Name, api.usingWorkspaceFolderName[dc.WorkspaceFolder] = expandedAgentName(dc.WorkspaceFolder, dc.Container.FriendlyName, attempt) + + logger.Debug(ctx, "retrying subagent creation with expanded name", + slog.F("original_name", originalName), + slog.F("expanded_name", subAgentConfig.Name), + slog.F("attempt", attempt+1), + ) } - proc.agent = newSubAgent logger.Info(ctx, "created new subagent", slog.F("agent_id", proc.agent.ID)) } else { @@ -1365,8 +2012,15 @@ func (api *API) Close() error { err := api.watcher.Close() // Wait for loops to finish. - <-api.watcherDone - <-api.updaterDone + if api.watcherDone != nil { + <-api.watcherDone + } + if api.updaterDone != nil { + <-api.updaterDone + } + if api.discoverDone != nil { + <-api.discoverDone + } // Wait for all async tasks to complete. api.asyncWg.Wait() diff --git a/agent/agentcontainers/api_internal_test.go b/agent/agentcontainers/api_internal_test.go new file mode 100644 index 0000000000000..2e049640d74b8 --- /dev/null +++ b/agent/agentcontainers/api_internal_test.go @@ -0,0 +1,358 @@ +package agentcontainers + +import ( + "testing" + + "github.com/stretchr/testify/assert" + + "github.com/coder/coder/v2/provisioner" +) + +func TestSafeAgentName(t *testing.T) { + t.Parallel() + + tests := []struct { + name string + folderName string + expected string + fallback bool + }{ + // Basic valid names + { + folderName: "simple", + expected: "simple", + }, + { + folderName: "with-hyphens", + expected: "with-hyphens", + }, + { + folderName: "123numbers", + expected: "123numbers", + }, + { + folderName: "mixed123", + expected: "mixed123", + }, + + // Names that need transformation + { + folderName: "With_Underscores", + expected: "with-underscores", + }, + { + folderName: "With Spaces", + expected: "with-spaces", + }, + { + folderName: "UPPERCASE", + expected: "uppercase", + }, + { + folderName: "Mixed_Case-Name", + expected: "mixed-case-name", + }, + + // Names with special characters that get replaced + { + folderName: "special@#$chars", + expected: "special-chars", + }, + { + folderName: "dots.and.more", + expected: "dots-and-more", + }, + { + folderName: "multiple___underscores", + expected: "multiple-underscores", + }, + { + folderName: "multiple---hyphens", + expected: "multiple-hyphens", + }, + + // Edge cases with leading/trailing special chars + { + folderName: "-leading-hyphen", + expected: "leading-hyphen", + }, + { + folderName: "trailing-hyphen-", + expected: "trailing-hyphen", + }, + { + folderName: "_leading_underscore", + expected: "leading-underscore", + }, + { + folderName: "trailing_underscore_", + expected: "trailing-underscore", + }, + { + folderName: "---multiple-leading", + expected: "multiple-leading", + }, + { + folderName: "trailing-multiple---", + expected: "trailing-multiple", + }, + + // Complex transformation cases + { + folderName: "___very---complex@@@name___", + expected: "very-complex-name", + }, + { + folderName: "my.project-folder_v2", + expected: "my-project-folder-v2", + }, + + // Empty and fallback cases - now correctly uses friendlyName fallback + { + folderName: "", + expected: "friendly-fallback", + fallback: true, + }, + { + folderName: "---", + expected: "friendly-fallback", + fallback: true, + }, + { + folderName: "___", + expected: "friendly-fallback", + fallback: true, + }, + { + folderName: "@#$", + expected: "friendly-fallback", + fallback: true, + }, + + // Additional edge cases + { + folderName: "a", + expected: "a", + }, + { + folderName: "1", + expected: "1", + }, + { + folderName: "a1b2c3", + expected: "a1b2c3", + }, + { + folderName: "CamelCase", + expected: "camelcase", + }, + { + folderName: "snake_case_name", + expected: "snake-case-name", + }, + { + folderName: "kebab-case-name", + expected: "kebab-case-name", + }, + { + folderName: "mix3d_C4s3-N4m3", + expected: "mix3d-c4s3-n4m3", + }, + { + folderName: "123-456-789", + expected: "123-456-789", + }, + { + folderName: "abc123def456", + expected: "abc123def456", + }, + { + folderName: " spaces everywhere ", + expected: "spaces-everywhere", + }, + { + folderName: "unicode-café-naïve", + expected: "unicode-caf-na-ve", + }, + { + folderName: "path/with/slashes", + expected: "path-with-slashes", + }, + { + folderName: "file.tar.gz", + expected: "file-tar-gz", + }, + { + folderName: "version-1.2.3-alpha", + expected: "version-1-2-3-alpha", + }, + + // Truncation test for names exceeding 64 characters + { + folderName: "this-is-a-very-long-folder-name-that-exceeds-sixty-four-characters-limit-and-should-be-truncated", + expected: "this-is-a-very-long-folder-name-that-exceeds-sixty-four-characte", + }, + } + + for _, tt := range tests { + t.Run(tt.folderName, func(t *testing.T) { + t.Parallel() + name, usingWorkspaceFolder := safeAgentName(tt.folderName, "friendly-fallback") + + assert.Equal(t, tt.expected, name) + assert.True(t, provisioner.AgentNameRegex.Match([]byte(name))) + assert.Equal(t, tt.fallback, !usingWorkspaceFolder) + }) + } +} + +func TestExpandedAgentName(t *testing.T) { + t.Parallel() + + tests := []struct { + name string + workspaceFolder string + friendlyName string + depth int + expected string + fallback bool + }{ + { + name: "simple path depth 1", + workspaceFolder: "/home/coder/project", + friendlyName: "friendly-fallback", + depth: 0, + expected: "project", + }, + { + name: "simple path depth 2", + workspaceFolder: "/home/coder/project", + friendlyName: "friendly-fallback", + depth: 1, + expected: "coder-project", + }, + { + name: "simple path depth 3", + workspaceFolder: "/home/coder/project", + friendlyName: "friendly-fallback", + depth: 2, + expected: "home-coder-project", + }, + { + name: "simple path depth exceeds available", + workspaceFolder: "/home/coder/project", + friendlyName: "friendly-fallback", + depth: 9, + expected: "home-coder-project", + }, + // Cases with special characters that need sanitization + { + name: "path with spaces and special chars", + workspaceFolder: "/home/coder/My Project_v2", + friendlyName: "friendly-fallback", + depth: 1, + expected: "coder-my-project-v2", + }, + { + name: "path with dots and underscores", + workspaceFolder: "/home/user.name/project_folder.git", + friendlyName: "friendly-fallback", + depth: 1, + expected: "user-name-project-folder-git", + }, + // Edge cases + { + name: "empty path", + workspaceFolder: "", + friendlyName: "friendly-fallback", + depth: 0, + expected: "friendly-fallback", + fallback: true, + }, + { + name: "root path", + workspaceFolder: "/", + friendlyName: "friendly-fallback", + depth: 0, + expected: "friendly-fallback", + fallback: true, + }, + { + name: "single component", + workspaceFolder: "project", + friendlyName: "friendly-fallback", + depth: 0, + expected: "project", + }, + { + name: "single component with depth 2", + workspaceFolder: "project", + friendlyName: "friendly-fallback", + depth: 1, + expected: "project", + }, + // Collision simulation cases + { + name: "foo/project depth 1", + workspaceFolder: "/home/coder/foo/project", + friendlyName: "friendly-fallback", + depth: 0, + expected: "project", + }, + { + name: "foo/project depth 2", + workspaceFolder: "/home/coder/foo/project", + friendlyName: "friendly-fallback", + depth: 1, + expected: "foo-project", + }, + { + name: "bar/project depth 1", + workspaceFolder: "/home/coder/bar/project", + friendlyName: "friendly-fallback", + depth: 0, + expected: "project", + }, + { + name: "bar/project depth 2", + workspaceFolder: "/home/coder/bar/project", + friendlyName: "friendly-fallback", + depth: 1, + expected: "bar-project", + }, + // Path with trailing slashes + { + name: "path with trailing slash", + workspaceFolder: "/home/coder/project/", + friendlyName: "friendly-fallback", + depth: 1, + expected: "coder-project", + }, + { + name: "path with multiple trailing slashes", + workspaceFolder: "/home/coder/project///", + friendlyName: "friendly-fallback", + depth: 1, + expected: "coder-project", + }, + // Path with leading slashes + { + name: "path with multiple leading slashes", + workspaceFolder: "///home/coder/project", + friendlyName: "friendly-fallback", + depth: 1, + expected: "coder-project", + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + name, usingWorkspaceFolder := expandedAgentName(tt.workspaceFolder, tt.friendlyName, tt.depth) + + assert.Equal(t, tt.expected, name) + assert.True(t, provisioner.AgentNameRegex.Match([]byte(name))) + assert.Equal(t, tt.fallback, !usingWorkspaceFolder) + }) + } +} diff --git a/agent/agentcontainers/api_test.go b/agent/agentcontainers/api_test.go index 4e3e9e4077cd7..263f1698a7117 100644 --- a/agent/agentcontainers/api_test.go +++ b/agent/agentcontainers/api_test.go @@ -3,11 +3,15 @@ package agentcontainers_test import ( "context" "encoding/json" + "fmt" "math/rand" "net/http" "net/http/httptest" "os" + "os/exec" + "path/filepath" "runtime" + "slices" "strings" "sync" "testing" @@ -16,19 +20,25 @@ import ( "github.com/fsnotify/fsnotify" "github.com/go-chi/chi/v5" "github.com/google/uuid" + "github.com/lib/pq" + "github.com/spf13/afero" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "go.uber.org/mock/gomock" "golang.org/x/xerrors" "cdr.dev/slog" + "cdr.dev/slog/sloggers/sloghuman" "cdr.dev/slog/sloggers/slogtest" "github.com/coder/coder/v2/agent/agentcontainers" "github.com/coder/coder/v2/agent/agentcontainers/acmock" "github.com/coder/coder/v2/agent/agentcontainers/watcher" + "github.com/coder/coder/v2/agent/usershell" "github.com/coder/coder/v2/codersdk" + "github.com/coder/coder/v2/pty" "github.com/coder/coder/v2/testutil" "github.com/coder/quartz" + "github.com/coder/websocket" ) // fakeContainerCLI implements the agentcontainers.ContainerCLI interface for @@ -61,24 +71,30 @@ func (f *fakeContainerCLI) ExecAs(ctx context.Context, name, user string, args . // fakeDevcontainerCLI implements the agentcontainers.DevcontainerCLI // interface for testing. type fakeDevcontainerCLI struct { + up func(workspaceFolder, configPath string) (string, error) upID string upErr error - upErrC chan error // If set, send to return err, close to return upErr. + upErrC chan func() error // If set, send to return err, close to return upErr. execErr error execErrC chan func(cmd string, args ...string) error // If set, send fn to return err, nil or close to return execErr. readConfig agentcontainers.DevcontainerConfig readConfigErr error readConfigErrC chan func(envs []string) error + + configMap map[string]agentcontainers.DevcontainerConfig // By config path } -func (f *fakeDevcontainerCLI) Up(ctx context.Context, _, _ string, _ ...agentcontainers.DevcontainerCLIUpOptions) (string, error) { +func (f *fakeDevcontainerCLI) Up(ctx context.Context, workspaceFolder, configPath string, _ ...agentcontainers.DevcontainerCLIUpOptions) (string, error) { + if f.up != nil { + return f.up(workspaceFolder, configPath) + } if f.upErrC != nil { select { case <-ctx.Done(): return "", ctx.Err() - case err, ok := <-f.upErrC: + case fn, ok := <-f.upErrC: if ok { - return f.upID, err + return f.upID, fn() } } } @@ -99,7 +115,12 @@ func (f *fakeDevcontainerCLI) Exec(ctx context.Context, _, _ string, cmd string, return f.execErr } -func (f *fakeDevcontainerCLI) ReadConfig(ctx context.Context, _, _ string, envs []string, _ ...agentcontainers.DevcontainerCLIReadConfigOptions) (agentcontainers.DevcontainerConfig, error) { +func (f *fakeDevcontainerCLI) ReadConfig(ctx context.Context, _, configPath string, envs []string, _ ...agentcontainers.DevcontainerCLIReadConfigOptions) (agentcontainers.DevcontainerConfig, error) { + if f.configMap != nil { + if v, found := f.configMap[configPath]; found { + return v, f.readConfigErr + } + } if f.readConfigErrC != nil { select { case <-ctx.Done(): @@ -261,6 +282,16 @@ func (m *fakeSubAgentClient) Create(ctx context.Context, agent agentcontainers.S if agent.OperatingSystem == "" { return agentcontainers.SubAgent{}, xerrors.New("operating system must be set") } + + for _, a := range m.agents { + if a.Name == agent.Name { + return agentcontainers.SubAgent{}, &pq.Error{ + Code: "23505", + Message: fmt.Sprintf("workspace agent name %q already exists in this workspace build", agent.Name), + } + } + } + agent.ID = uuid.New() agent.AuthToken = uuid.New() if m.agents == nil { @@ -291,9 +322,318 @@ func (m *fakeSubAgentClient) Delete(ctx context.Context, id uuid.UUID) error { return nil } +// fakeExecer implements agentexec.Execer for testing and tracks execution details. +type fakeExecer struct { + commands [][]string + createdCommands []*exec.Cmd +} + +func (f *fakeExecer) CommandContext(ctx context.Context, cmd string, args ...string) *exec.Cmd { + f.commands = append(f.commands, append([]string{cmd}, args...)) + // Create a command that returns empty JSON for docker commands. + c := exec.CommandContext(ctx, "echo", "[]") + f.createdCommands = append(f.createdCommands, c) + return c +} + +func (f *fakeExecer) PTYCommandContext(ctx context.Context, cmd string, args ...string) *pty.Cmd { + f.commands = append(f.commands, append([]string{cmd}, args...)) + return &pty.Cmd{ + Context: ctx, + Path: cmd, + Args: append([]string{cmd}, args...), + Env: []string{}, + Dir: "", + } +} + +func (f *fakeExecer) getLastCommand() *exec.Cmd { + if len(f.createdCommands) == 0 { + return nil + } + return f.createdCommands[len(f.createdCommands)-1] +} + func TestAPI(t *testing.T) { t.Parallel() + t.Run("NoUpdaterLoopLogspam", func(t *testing.T) { + t.Parallel() + + var ( + ctx = testutil.Context(t, testutil.WaitShort) + logbuf strings.Builder + logger = slogtest.Make(t, &slogtest.Options{IgnoreErrors: true}).Leveled(slog.LevelDebug).AppendSinks(sloghuman.Sink(&logbuf)) + mClock = quartz.NewMock(t) + tickerTrap = mClock.Trap().TickerFunc("updaterLoop") + firstErr = xerrors.New("first error") + secondErr = xerrors.New("second error") + fakeCLI = &fakeContainerCLI{ + listErr: firstErr, + } + fWatcher = newFakeWatcher(t) + ) + + api := agentcontainers.NewAPI(logger, + agentcontainers.WithWatcher(fWatcher), + agentcontainers.WithClock(mClock), + agentcontainers.WithContainerCLI(fakeCLI), + ) + api.Start() + defer api.Close() + + // The watcherLoop writes a log when it is initialized. + // We want to ensure this has happened before we start + // the test so that it does not intefere. + fWatcher.waitNext(ctx) + + // Make sure the ticker function has been registered + // before advancing the clock. + tickerTrap.MustWait(ctx).MustRelease(ctx) + tickerTrap.Close() + + logbuf.Reset() + + // First tick should handle the error. + _, aw := mClock.AdvanceNext() + aw.MustWait(ctx) + + // Verify first error is logged. + got := logbuf.String() + t.Logf("got log: %q", got) + require.Contains(t, got, "updater loop ticker failed", "first error should be logged") + require.Contains(t, got, "first error", "should contain first error message") + logbuf.Reset() + + // Second tick should handle the same error without logging it again. + _, aw = mClock.AdvanceNext() + aw.MustWait(ctx) + + // Verify same error is not logged again. + got = logbuf.String() + t.Logf("got log: %q", got) + require.Empty(t, got, "same error should not be logged again") + + // Change to a different error. + fakeCLI.listErr = secondErr + + // Third tick should handle the different error and log it. + _, aw = mClock.AdvanceNext() + aw.MustWait(ctx) + + // Verify different error is logged. + got = logbuf.String() + t.Logf("got log: %q", got) + require.Contains(t, got, "updater loop ticker failed", "different error should be logged") + require.Contains(t, got, "second error", "should contain second error message") + logbuf.Reset() + + // Clear the error to simulate success. + fakeCLI.listErr = nil + + // Fourth tick should succeed. + _, aw = mClock.AdvanceNext() + aw.MustWait(ctx) + + // Fifth tick should continue to succeed. + _, aw = mClock.AdvanceNext() + aw.MustWait(ctx) + + // Verify successful operations are logged properly. + got = logbuf.String() + t.Logf("got log: %q", got) + gotSuccessCount := strings.Count(got, "containers updated successfully") + require.GreaterOrEqual(t, gotSuccessCount, 2, "should have successful update got") + require.NotContains(t, got, "updater loop ticker failed", "no errors should be logged during success") + logbuf.Reset() + + // Reintroduce the original error. + fakeCLI.listErr = firstErr + + // Sixth tick should handle the error after success and log it. + _, aw = mClock.AdvanceNext() + aw.MustWait(ctx) + + // Verify error after success is logged. + got = logbuf.String() + t.Logf("got log: %q", got) + require.Contains(t, got, "updater loop ticker failed", "error after success should be logged") + require.Contains(t, got, "first error", "should contain first error message") + logbuf.Reset() + }) + + t.Run("Watch", func(t *testing.T) { + t.Parallel() + + fakeContainer1 := fakeContainer(t, func(c *codersdk.WorkspaceAgentContainer) { + c.ID = "container1" + c.FriendlyName = "devcontainer1" + c.Image = "busybox:latest" + c.Labels = map[string]string{ + agentcontainers.DevcontainerLocalFolderLabel: "/home/coder/project1", + agentcontainers.DevcontainerConfigFileLabel: "/home/coder/project1/.devcontainer/devcontainer.json", + } + }) + + fakeContainer2 := fakeContainer(t, func(c *codersdk.WorkspaceAgentContainer) { + c.ID = "container2" + c.FriendlyName = "devcontainer2" + c.Image = "ubuntu:latest" + c.Labels = map[string]string{ + agentcontainers.DevcontainerLocalFolderLabel: "/home/coder/project2", + agentcontainers.DevcontainerConfigFileLabel: "/home/coder/project2/.devcontainer/devcontainer.json", + } + }) + + stages := []struct { + containers []codersdk.WorkspaceAgentContainer + expected codersdk.WorkspaceAgentListContainersResponse + }{ + { + containers: []codersdk.WorkspaceAgentContainer{fakeContainer1}, + expected: codersdk.WorkspaceAgentListContainersResponse{ + Containers: []codersdk.WorkspaceAgentContainer{fakeContainer1}, + Devcontainers: []codersdk.WorkspaceAgentDevcontainer{ + { + Name: "project1", + WorkspaceFolder: fakeContainer1.Labels[agentcontainers.DevcontainerLocalFolderLabel], + ConfigPath: fakeContainer1.Labels[agentcontainers.DevcontainerConfigFileLabel], + Status: "running", + Container: &fakeContainer1, + }, + }, + }, + }, + { + containers: []codersdk.WorkspaceAgentContainer{fakeContainer1, fakeContainer2}, + expected: codersdk.WorkspaceAgentListContainersResponse{ + Containers: []codersdk.WorkspaceAgentContainer{fakeContainer1, fakeContainer2}, + Devcontainers: []codersdk.WorkspaceAgentDevcontainer{ + { + Name: "project1", + WorkspaceFolder: fakeContainer1.Labels[agentcontainers.DevcontainerLocalFolderLabel], + ConfigPath: fakeContainer1.Labels[agentcontainers.DevcontainerConfigFileLabel], + Status: "running", + Container: &fakeContainer1, + }, + { + Name: "project2", + WorkspaceFolder: fakeContainer2.Labels[agentcontainers.DevcontainerLocalFolderLabel], + ConfigPath: fakeContainer2.Labels[agentcontainers.DevcontainerConfigFileLabel], + Status: "running", + Container: &fakeContainer2, + }, + }, + }, + }, + { + containers: []codersdk.WorkspaceAgentContainer{fakeContainer2}, + expected: codersdk.WorkspaceAgentListContainersResponse{ + Containers: []codersdk.WorkspaceAgentContainer{fakeContainer2}, + Devcontainers: []codersdk.WorkspaceAgentDevcontainer{ + { + Name: "", + WorkspaceFolder: fakeContainer1.Labels[agentcontainers.DevcontainerLocalFolderLabel], + ConfigPath: fakeContainer1.Labels[agentcontainers.DevcontainerConfigFileLabel], + Status: "stopped", + Container: nil, + }, + { + Name: "project2", + WorkspaceFolder: fakeContainer2.Labels[agentcontainers.DevcontainerLocalFolderLabel], + ConfigPath: fakeContainer2.Labels[agentcontainers.DevcontainerConfigFileLabel], + Status: "running", + Container: &fakeContainer2, + }, + }, + }, + }, + } + + var ( + ctx = testutil.Context(t, testutil.WaitShort) + mClock = quartz.NewMock(t) + updaterTickerTrap = mClock.Trap().TickerFunc("updaterLoop") + mCtrl = gomock.NewController(t) + mLister = acmock.NewMockContainerCLI(mCtrl) + logger = slogtest.Make(t, &slogtest.Options{IgnoreErrors: true}).Leveled(slog.LevelDebug) + ) + + // Set up initial state for immediate send on connection + mLister.EXPECT().List(gomock.Any()).Return(codersdk.WorkspaceAgentListContainersResponse{Containers: stages[0].containers}, nil) + mLister.EXPECT().DetectArchitecture(gomock.Any(), gomock.Any()).Return("", nil).AnyTimes() + + api := agentcontainers.NewAPI(logger, + agentcontainers.WithClock(mClock), + agentcontainers.WithContainerCLI(mLister), + agentcontainers.WithWatcher(watcher.NewNoop()), + ) + api.Start() + defer api.Close() + + srv := httptest.NewServer(api.Routes()) + defer srv.Close() + + updaterTickerTrap.MustWait(ctx).MustRelease(ctx) + defer updaterTickerTrap.Close() + + client, res, err := websocket.Dial(ctx, srv.URL+"/watch", nil) + require.NoError(t, err) + if res != nil && res.Body != nil { + defer res.Body.Close() + } + + // Read initial state sent immediately on connection + mt, msg, err := client.Read(ctx) + require.NoError(t, err) + require.Equal(t, websocket.MessageText, mt) + + var got codersdk.WorkspaceAgentListContainersResponse + err = json.Unmarshal(msg, &got) + require.NoError(t, err) + + require.Equal(t, stages[0].expected.Containers, got.Containers) + require.Len(t, got.Devcontainers, len(stages[0].expected.Devcontainers)) + for j, expectedDev := range stages[0].expected.Devcontainers { + gotDev := got.Devcontainers[j] + require.Equal(t, expectedDev.Name, gotDev.Name) + require.Equal(t, expectedDev.WorkspaceFolder, gotDev.WorkspaceFolder) + require.Equal(t, expectedDev.ConfigPath, gotDev.ConfigPath) + require.Equal(t, expectedDev.Status, gotDev.Status) + require.Equal(t, expectedDev.Container, gotDev.Container) + } + + // Process remaining stages through updater loop + for i, stage := range stages[1:] { + mLister.EXPECT().List(gomock.Any()).Return(codersdk.WorkspaceAgentListContainersResponse{Containers: stage.containers}, nil) + + // Given: We allow the update loop to progress + _, aw := mClock.AdvanceNext() + aw.MustWait(ctx) + + // When: We attempt to read a message from the socket. + mt, msg, err := client.Read(ctx) + require.NoError(t, err) + require.Equal(t, websocket.MessageText, mt) + + // Then: We expect the receieved message matches the expected response. + var got codersdk.WorkspaceAgentListContainersResponse + err = json.Unmarshal(msg, &got) + require.NoError(t, err) + + require.Equal(t, stages[i+1].expected.Containers, got.Containers) + require.Len(t, got.Devcontainers, len(stages[i+1].expected.Devcontainers)) + for j, expectedDev := range stages[i+1].expected.Devcontainers { + gotDev := got.Devcontainers[j] + require.Equal(t, expectedDev.Name, gotDev.Name) + require.Equal(t, expectedDev.WorkspaceFolder, gotDev.WorkspaceFolder) + require.Equal(t, expectedDev.ConfigPath, gotDev.ConfigPath) + require.Equal(t, expectedDev.Status, gotDev.Status) + require.Equal(t, expectedDev.Container, gotDev.Container) + } + } + }) + // List tests the API.getContainers method using a mock // implementation. It specifically tests caching behavior. t.Run("List", func(t *testing.T) { @@ -389,6 +729,7 @@ func TestAPI(t *testing.T) { agentcontainers.WithContainerCLI(mLister), agentcontainers.WithContainerLabelIncludeFilter("this.label.does.not.exist.ignore.devcontainers", "true"), ) + api.Start() defer api.Close() r.Mount("/", api.Routes()) @@ -444,78 +785,77 @@ func TestAPI(t *testing.T) { t.Run("Recreate", func(t *testing.T) { t.Parallel() - validContainer := codersdk.WorkspaceAgentContainer{ - ID: "container-id", - FriendlyName: "container-name", + devcontainerID1 := uuid.New() + devcontainerID2 := uuid.New() + workspaceFolder1 := "/workspace/test1" + workspaceFolder2 := "/workspace/test2" + configPath1 := "/workspace/test1/.devcontainer/devcontainer.json" + configPath2 := "/workspace/test2/.devcontainer/devcontainer.json" + + // Create a container that represents an existing devcontainer + devContainer1 := codersdk.WorkspaceAgentContainer{ + ID: "container-1", + FriendlyName: "test-container-1", Running: true, Labels: map[string]string{ - agentcontainers.DevcontainerLocalFolderLabel: "/workspaces", - agentcontainers.DevcontainerConfigFileLabel: "/workspace/.devcontainer/devcontainer.json", + agentcontainers.DevcontainerLocalFolderLabel: workspaceFolder1, + agentcontainers.DevcontainerConfigFileLabel: configPath1, }, } - missingFolderContainer := codersdk.WorkspaceAgentContainer{ - ID: "missing-folder-container", - FriendlyName: "missing-folder-container", - Labels: map[string]string{}, + devContainer2 := codersdk.WorkspaceAgentContainer{ + ID: "container-2", + FriendlyName: "test-container-2", + Running: true, + Labels: map[string]string{ + agentcontainers.DevcontainerLocalFolderLabel: workspaceFolder2, + agentcontainers.DevcontainerConfigFileLabel: configPath2, + }, } tests := []struct { - name string - containerID string - lister *fakeContainerCLI - devcontainerCLI *fakeDevcontainerCLI - wantStatus []int - wantBody []string + name string + devcontainerID string + setupDevcontainers []codersdk.WorkspaceAgentDevcontainer + lister *fakeContainerCLI + devcontainerCLI *fakeDevcontainerCLI + wantStatus []int + wantBody []string }{ { - name: "Missing container ID", - containerID: "", + name: "Missing devcontainer ID", + devcontainerID: "", lister: &fakeContainerCLI{}, devcontainerCLI: &fakeDevcontainerCLI{}, wantStatus: []int{http.StatusBadRequest}, - wantBody: []string{"Missing container ID or name"}, - }, - { - name: "List error", - containerID: "container-id", - lister: &fakeContainerCLI{ - listErr: xerrors.New("list error"), - }, - devcontainerCLI: &fakeDevcontainerCLI{}, - wantStatus: []int{http.StatusInternalServerError}, - wantBody: []string{"Could not list containers"}, + wantBody: []string{"Missing devcontainer ID"}, }, { - name: "Container not found", - containerID: "nonexistent-container", + name: "Devcontainer not found", + devcontainerID: uuid.NewString(), lister: &fakeContainerCLI{ - containers: codersdk.WorkspaceAgentListContainersResponse{ - Containers: []codersdk.WorkspaceAgentContainer{validContainer}, - }, + arch: "", // Unsupported architecture, don't inject subagent. }, devcontainerCLI: &fakeDevcontainerCLI{}, wantStatus: []int{http.StatusNotFound}, - wantBody: []string{"Container not found"}, + wantBody: []string{"Devcontainer not found"}, }, { - name: "Missing workspace folder label", - containerID: "missing-folder-container", - lister: &fakeContainerCLI{ - containers: codersdk.WorkspaceAgentListContainersResponse{ - Containers: []codersdk.WorkspaceAgentContainer{missingFolderContainer}, + name: "Devcontainer CLI error", + devcontainerID: devcontainerID1.String(), + setupDevcontainers: []codersdk.WorkspaceAgentDevcontainer{ + { + ID: devcontainerID1, + Name: "test-devcontainer-1", + WorkspaceFolder: workspaceFolder1, + ConfigPath: configPath1, + Status: codersdk.WorkspaceAgentDevcontainerStatusRunning, + Container: &devContainer1, }, }, - devcontainerCLI: &fakeDevcontainerCLI{}, - wantStatus: []int{http.StatusBadRequest}, - wantBody: []string{"Missing workspace folder label"}, - }, - { - name: "Devcontainer CLI error", - containerID: "container-id", lister: &fakeContainerCLI{ containers: codersdk.WorkspaceAgentListContainersResponse{ - Containers: []codersdk.WorkspaceAgentContainer{validContainer}, + Containers: []codersdk.WorkspaceAgentContainer{devContainer1}, }, arch: "", // Unsupported architecture, don't inject subagent. }, @@ -526,11 +866,21 @@ func TestAPI(t *testing.T) { wantBody: []string{"Devcontainer recreation initiated", "Devcontainer recreation already in progress"}, }, { - name: "OK", - containerID: "container-id", + name: "OK", + devcontainerID: devcontainerID2.String(), + setupDevcontainers: []codersdk.WorkspaceAgentDevcontainer{ + { + ID: devcontainerID2, + Name: "test-devcontainer-2", + WorkspaceFolder: workspaceFolder2, + ConfigPath: configPath2, + Status: codersdk.WorkspaceAgentDevcontainerStatusRunning, + Container: &devContainer2, + }, + }, lister: &fakeContainerCLI{ containers: codersdk.WorkspaceAgentListContainersResponse{ - Containers: []codersdk.WorkspaceAgentContainer{validContainer}, + Containers: []codersdk.WorkspaceAgentContainer{devContainer2}, }, arch: "", // Unsupported architecture, don't inject subagent. }, @@ -555,17 +905,21 @@ func TestAPI(t *testing.T) { nowRecreateErrorTrap := mClock.Trap().Now("recreate", "errorTimes") nowRecreateSuccessTrap := mClock.Trap().Now("recreate", "successTimes") - tt.devcontainerCLI.upErrC = make(chan error) + tt.devcontainerCLI.upErrC = make(chan func() error) // Setup router with the handler under test. r := chi.NewRouter() + api := agentcontainers.NewAPI( logger, agentcontainers.WithClock(mClock), agentcontainers.WithContainerCLI(tt.lister), agentcontainers.WithDevcontainerCLI(tt.devcontainerCLI), agentcontainers.WithWatcher(watcher.NewNoop()), + agentcontainers.WithDevcontainers(tt.setupDevcontainers, nil), ) + + api.Start() defer api.Close() r.Mount("/", api.Routes()) @@ -576,7 +930,7 @@ func TestAPI(t *testing.T) { for i := range tt.wantStatus { // Simulate HTTP request to the recreate endpoint. - req := httptest.NewRequest(http.MethodPost, "/devcontainers/container/"+tt.containerID+"/recreate", nil). + req := httptest.NewRequest(http.MethodPost, "/devcontainers/"+tt.devcontainerID+"/recreate", nil). WithContext(ctx) rec := httptest.NewRecorder() r.ServeHTTP(rec, req) @@ -699,6 +1053,7 @@ func TestAPI(t *testing.T) { knownDevcontainers []codersdk.WorkspaceAgentDevcontainer wantStatus int wantCount int + wantTestContainer bool verify func(t *testing.T, devcontainers []codersdk.WorkspaceAgentDevcontainer) }{ { @@ -897,8 +1252,8 @@ func TestAPI(t *testing.T) { FriendlyName: "project1-container", Running: true, Labels: map[string]string{ - agentcontainers.DevcontainerLocalFolderLabel: "/workspace/project", - agentcontainers.DevcontainerConfigFileLabel: "/workspace/project/.devcontainer/devcontainer.json", + agentcontainers.DevcontainerLocalFolderLabel: "/workspace/project1", + agentcontainers.DevcontainerConfigFileLabel: "/workspace/project1/.devcontainer/devcontainer.json", }, }, { @@ -906,8 +1261,8 @@ func TestAPI(t *testing.T) { FriendlyName: "project2-container", Running: true, Labels: map[string]string{ - agentcontainers.DevcontainerLocalFolderLabel: "/home/user/project", - agentcontainers.DevcontainerConfigFileLabel: "/home/user/project/.devcontainer/devcontainer.json", + agentcontainers.DevcontainerLocalFolderLabel: "/home/user/project2", + agentcontainers.DevcontainerConfigFileLabel: "/home/user/project2/.devcontainer/devcontainer.json", }, }, { @@ -915,8 +1270,8 @@ func TestAPI(t *testing.T) { FriendlyName: "project3-container", Running: true, Labels: map[string]string{ - agentcontainers.DevcontainerLocalFolderLabel: "/var/lib/project", - agentcontainers.DevcontainerConfigFileLabel: "/var/lib/project/.devcontainer/devcontainer.json", + agentcontainers.DevcontainerLocalFolderLabel: "/var/lib/project3", + agentcontainers.DevcontainerConfigFileLabel: "/var/lib/project3/.devcontainer/devcontainer.json", }, }, }, @@ -945,6 +1300,13 @@ func TestAPI(t *testing.T) { assert.Len(t, names, 4, "should have four unique devcontainer names") }, }, + { + name: "Include test containers", + lister: &fakeContainerCLI{}, + wantStatus: http.StatusOK, + wantTestContainer: true, + wantCount: 1, // Will be appended. + }, } for _, tt := range tests { @@ -957,14 +1319,33 @@ func TestAPI(t *testing.T) { mClock.Set(time.Now()).MustWait(testutil.Context(t, testutil.WaitShort)) tickerTrap := mClock.Trap().TickerFunc("updaterLoop") + // This container should be ignored unless explicitly included. + tt.lister.containers.Containers = append(tt.lister.containers.Containers, codersdk.WorkspaceAgentContainer{ + ID: "test-container-1", + FriendlyName: "test-container-1", + Running: true, + Labels: map[string]string{ + agentcontainers.DevcontainerLocalFolderLabel: "/workspace/test1", + agentcontainers.DevcontainerConfigFileLabel: "/workspace/test1/.devcontainer/devcontainer.json", + agentcontainers.DevcontainerIsTestRunLabel: "true", + }, + }) + // Setup router with the handler under test. r := chi.NewRouter() apiOptions := []agentcontainers.Option{ agentcontainers.WithClock(mClock), agentcontainers.WithContainerCLI(tt.lister), + agentcontainers.WithDevcontainerCLI(&fakeDevcontainerCLI{}), agentcontainers.WithWatcher(watcher.NewNoop()), } + if tt.wantTestContainer { + apiOptions = append(apiOptions, agentcontainers.WithContainerLabelIncludeFilter( + agentcontainers.DevcontainerIsTestRunLabel, "true", + )) + } + // Generate matching scripts for the known devcontainers // (required to extract log source ID). var scripts []codersdk.WorkspaceAgentScript @@ -979,6 +1360,7 @@ func TestAPI(t *testing.T) { } api := agentcontainers.NewAPI(logger, apiOptions...) + api.Start() defer api.Close() r.Mount("/", api.Routes()) @@ -990,6 +1372,11 @@ func TestAPI(t *testing.T) { tickerTrap.MustWait(ctx).MustRelease(ctx) tickerTrap.Close() + for _, dc := range tt.knownDevcontainers { + err := api.CreateDevcontainer(dc.WorkspaceFolder, dc.ConfigPath) + require.NoError(t, err) + } + // Advance the clock to run the updater loop. _, aw := mClock.AdvanceNext() aw.MustWait(ctx) @@ -1063,6 +1450,7 @@ func TestAPI(t *testing.T) { []codersdk.WorkspaceAgentScript{{LogSourceID: uuid.New(), ID: dc.ID}}, ), ) + api.Start() defer api.Close() // Make sure the ticker function has been registered @@ -1158,6 +1546,7 @@ func TestAPI(t *testing.T) { agentcontainers.WithWatcher(fWatcher), agentcontainers.WithClock(mClock), ) + api.Start() defer api.Close() r := chi.NewRouter() @@ -1286,6 +1675,8 @@ func TestAPI(t *testing.T) { coderBin, err := os.Executable() require.NoError(t, err) + coderBin, err = filepath.EvalSymlinks(coderBin) + require.NoError(t, err) mCCLI.EXPECT().List(gomock.Any()).Return(codersdk.WorkspaceAgentListContainersResponse{ Containers: []codersdk.WorkspaceAgentContainer{testContainer}, @@ -1295,6 +1686,7 @@ func TestAPI(t *testing.T) { mCCLI.EXPECT().ExecAs(gomock.Any(), "test-container-id", "root", "mkdir", "-p", "/.coder-agent").Return(nil, nil), mCCLI.EXPECT().Copy(gomock.Any(), "test-container-id", coderBin, "/.coder-agent/coder").Return(nil), mCCLI.EXPECT().ExecAs(gomock.Any(), "test-container-id", "root", "chmod", "0755", "/.coder-agent", "/.coder-agent/coder").Return(nil, nil), + mCCLI.EXPECT().ExecAs(gomock.Any(), "test-container-id", "root", "/bin/sh", "-c", "chown $(id -u):$(id -g) /.coder-agent/coder").Return(nil, nil), ) mClock.Set(time.Now()).MustWait(ctx) @@ -1308,8 +1700,9 @@ func TestAPI(t *testing.T) { agentcontainers.WithSubAgentClient(fakeSAC), agentcontainers.WithSubAgentURL("test-subagent-url"), agentcontainers.WithDevcontainerCLI(fakeDCCLI), - agentcontainers.WithManifestInfo("test-user", "test-workspace"), + agentcontainers.WithManifestInfo("test-user", "test-workspace", "test-parent-agent", "/parent-agent"), ) + api.Start() apiClose := func() { closeOnce.Do(func() { // Close before api.Close() defer to avoid deadlock after test. @@ -1326,10 +1719,12 @@ func TestAPI(t *testing.T) { // Allow initial agent creation and injection to succeed. testutil.RequireSend(ctx, t, fakeSAC.createErrC, nil) testutil.RequireSend(ctx, t, fakeDCCLI.readConfigErrC, func(envs []string) error { - assert.Contains(t, envs, "CODER_WORKSPACE_AGENT_NAME=test-container") + assert.Contains(t, envs, "CODER_WORKSPACE_AGENT_NAME=coder") assert.Contains(t, envs, "CODER_WORKSPACE_NAME=test-workspace") assert.Contains(t, envs, "CODER_WORKSPACE_OWNER_NAME=test-user") + assert.Contains(t, envs, "CODER_WORKSPACE_PARENT_AGENT_NAME=test-parent-agent") assert.Contains(t, envs, "CODER_URL=test-subagent-url") + assert.Contains(t, envs, "CONTAINER_ID=test-container-id") return nil }) @@ -1349,7 +1744,7 @@ func TestAPI(t *testing.T) { // Verify agent was created. require.Len(t, fakeSAC.created, 1) - assert.Equal(t, "test-container", fakeSAC.created[0].Name) + assert.Equal(t, "coder", fakeSAC.created[0].Name) assert.Equal(t, "/workspaces/coder", fakeSAC.created[0].Directory) assert.Len(t, fakeSAC.deleted, 0) @@ -1380,6 +1775,7 @@ func TestAPI(t *testing.T) { mCCLI.EXPECT().ExecAs(gomock.Any(), "test-container-id", "root", "mkdir", "-p", "/.coder-agent").Return(nil, nil), mCCLI.EXPECT().Copy(gomock.Any(), "test-container-id", coderBin, "/.coder-agent/coder").Return(nil), mCCLI.EXPECT().ExecAs(gomock.Any(), "test-container-id", "root", "chmod", "0755", "/.coder-agent", "/.coder-agent/coder").Return(nil, nil), + mCCLI.EXPECT().ExecAs(gomock.Any(), "test-container-id", "root", "/bin/sh", "-c", "chown $(id -u):$(id -g) /.coder-agent/coder").Return(nil, nil), ) // Verify that the agent has started. @@ -1405,7 +1801,7 @@ func TestAPI(t *testing.T) { WaitStartLoop: for { // Agent reinjection will succeed and we will not re-create the - // agent, nor re-probe pwd. + // agent. mCCLI.EXPECT().List(gomock.Any()).Return(codersdk.WorkspaceAgentListContainersResponse{ Containers: []codersdk.WorkspaceAgentContainer{testContainer}, }, nil).Times(1) // 1 update. @@ -1440,6 +1836,7 @@ func TestAPI(t *testing.T) { mCCLI.EXPECT().ExecAs(gomock.Any(), "new-test-container-id", "root", "mkdir", "-p", "/.coder-agent").Return(nil, nil), mCCLI.EXPECT().Copy(gomock.Any(), "new-test-container-id", coderBin, "/.coder-agent/coder").Return(nil), mCCLI.EXPECT().ExecAs(gomock.Any(), "new-test-container-id", "root", "chmod", "0755", "/.coder-agent", "/.coder-agent/coder").Return(nil, nil), + mCCLI.EXPECT().ExecAs(gomock.Any(), "new-test-container-id", "root", "/bin/sh", "-c", "chown $(id -u):$(id -g) /.coder-agent/coder").Return(nil, nil), ) fakeDCCLI.readConfig.MergedConfiguration.Customizations.Coder = []agentcontainers.CoderCustomization{ @@ -1468,10 +1865,12 @@ func TestAPI(t *testing.T) { // Expect the agent to be recreated. testutil.RequireSend(ctx, t, fakeSAC.createErrC, nil) testutil.RequireSend(ctx, t, fakeDCCLI.readConfigErrC, func(envs []string) error { - assert.Contains(t, envs, "CODER_WORKSPACE_AGENT_NAME=test-container") + assert.Contains(t, envs, "CODER_WORKSPACE_AGENT_NAME=coder") assert.Contains(t, envs, "CODER_WORKSPACE_NAME=test-workspace") assert.Contains(t, envs, "CODER_WORKSPACE_OWNER_NAME=test-user") + assert.Contains(t, envs, "CODER_WORKSPACE_PARENT_AGENT_NAME=test-parent-agent") assert.Contains(t, envs, "CODER_URL=test-subagent-url") + assert.NotContains(t, envs, "CONTAINER_ID=test-container-id") return nil }) @@ -1530,6 +1929,7 @@ func TestAPI(t *testing.T) { agentcontainers.WithSubAgentClient(fakeSAC), agentcontainers.WithDevcontainerCLI(&fakeDevcontainerCLI{}), ) + api.Start() defer api.Close() tickerTrap.MustWait(ctx).MustRelease(ctx) @@ -1543,6 +1943,237 @@ func TestAPI(t *testing.T) { assert.Empty(t, fakeSAC.agents) }) + t.Run("Error", func(t *testing.T) { + t.Parallel() + + if runtime.GOOS == "windows" { + t.Skip("Dev Container tests are not supported on Windows (this test uses mocks but fails due to Windows paths)") + } + + t.Run("DuringUp", func(t *testing.T) { + t.Parallel() + + var ( + ctx = testutil.Context(t, testutil.WaitMedium) + logger = slogtest.Make(t, &slogtest.Options{IgnoreErrors: true}).Leveled(slog.LevelDebug) + mClock = quartz.NewMock(t) + fCCLI = &fakeContainerCLI{arch: ""} + fDCCLI = &fakeDevcontainerCLI{ + upErrC: make(chan func() error, 1), + } + fSAC = &fakeSubAgentClient{ + logger: logger.Named("fakeSubAgentClient"), + } + + testDevcontainer = codersdk.WorkspaceAgentDevcontainer{ + ID: uuid.New(), + Name: "test-devcontainer", + WorkspaceFolder: "/workspaces/project", + ConfigPath: "/workspaces/project/.devcontainer/devcontainer.json", + Status: codersdk.WorkspaceAgentDevcontainerStatusStopped, + } + ) + + mClock.Set(time.Now()).MustWait(ctx) + tickerTrap := mClock.Trap().TickerFunc("updaterLoop") + nowRecreateErrorTrap := mClock.Trap().Now("recreate", "errorTimes") + nowRecreateSuccessTrap := mClock.Trap().Now("recreate", "successTimes") + + api := agentcontainers.NewAPI(logger, + agentcontainers.WithClock(mClock), + agentcontainers.WithContainerCLI(fCCLI), + agentcontainers.WithDevcontainerCLI(fDCCLI), + agentcontainers.WithDevcontainers( + []codersdk.WorkspaceAgentDevcontainer{testDevcontainer}, + []codersdk.WorkspaceAgentScript{{ID: testDevcontainer.ID, LogSourceID: uuid.New()}}, + ), + agentcontainers.WithSubAgentClient(fSAC), + agentcontainers.WithSubAgentURL("test-subagent-url"), + agentcontainers.WithWatcher(watcher.NewNoop()), + ) + api.Start() + defer func() { + close(fDCCLI.upErrC) + api.Close() + }() + + r := chi.NewRouter() + r.Mount("/", api.Routes()) + + tickerTrap.MustWait(ctx).MustRelease(ctx) + tickerTrap.Close() + + // Given: We send a 'recreate' request. + req := httptest.NewRequest(http.MethodPost, "/devcontainers/"+testDevcontainer.ID.String()+"/recreate", nil) + rec := httptest.NewRecorder() + r.ServeHTTP(rec, req) + require.Equal(t, http.StatusAccepted, rec.Code) + + // Given: We simulate an error running `devcontainer up` + simulatedError := xerrors.New("simulated error") + testutil.RequireSend(ctx, t, fDCCLI.upErrC, func() error { return simulatedError }) + + nowRecreateErrorTrap.MustWait(ctx).MustRelease(ctx) + nowRecreateErrorTrap.Close() + + req = httptest.NewRequest(http.MethodGet, "/", nil) + rec = httptest.NewRecorder() + r.ServeHTTP(rec, req) + require.Equal(t, http.StatusOK, rec.Code) + + var response codersdk.WorkspaceAgentListContainersResponse + err := json.NewDecoder(rec.Body).Decode(&response) + require.NoError(t, err) + + // Then: We expect that there will be an error associated with the devcontainer. + require.Len(t, response.Devcontainers, 1) + require.Equal(t, "simulated error", response.Devcontainers[0].Error) + + // Given: We send another 'recreate' request. + req = httptest.NewRequest(http.MethodPost, "/devcontainers/"+testDevcontainer.ID.String()+"/recreate", nil) + rec = httptest.NewRecorder() + r.ServeHTTP(rec, req) + require.Equal(t, http.StatusAccepted, rec.Code) + + // Given: We allow `devcontainer up` to succeed. + testutil.RequireSend(ctx, t, fDCCLI.upErrC, func() error { + req = httptest.NewRequest(http.MethodGet, "/", nil) + rec = httptest.NewRecorder() + r.ServeHTTP(rec, req) + require.Equal(t, http.StatusOK, rec.Code) + + response = codersdk.WorkspaceAgentListContainersResponse{} + err = json.NewDecoder(rec.Body).Decode(&response) + require.NoError(t, err) + + // Then: We make sure that the error has been cleared before running up. + require.Len(t, response.Devcontainers, 1) + require.Equal(t, "", response.Devcontainers[0].Error) + + return nil + }) + + nowRecreateSuccessTrap.MustWait(ctx).MustRelease(ctx) + nowRecreateSuccessTrap.Close() + + req = httptest.NewRequest(http.MethodGet, "/", nil) + rec = httptest.NewRecorder() + r.ServeHTTP(rec, req) + require.Equal(t, http.StatusOK, rec.Code) + + response = codersdk.WorkspaceAgentListContainersResponse{} + err = json.NewDecoder(rec.Body).Decode(&response) + require.NoError(t, err) + + // Then: We also expect no error after running up.. + require.Len(t, response.Devcontainers, 1) + require.Equal(t, "", response.Devcontainers[0].Error) + }) + + t.Run("DuringInjection", func(t *testing.T) { + t.Parallel() + + var ( + ctx = testutil.Context(t, testutil.WaitMedium) + logger = slogtest.Make(t, &slogtest.Options{IgnoreErrors: true}).Leveled(slog.LevelDebug) + mClock = quartz.NewMock(t) + mCCLI = acmock.NewMockContainerCLI(gomock.NewController(t)) + fDCCLI = &fakeDevcontainerCLI{} + fSAC = &fakeSubAgentClient{ + logger: logger.Named("fakeSubAgentClient"), + createErrC: make(chan error, 1), + } + + containerCreatedAt = time.Now() + testContainer = codersdk.WorkspaceAgentContainer{ + ID: "test-container-id", + FriendlyName: "test-container", + Image: "test-image", + Running: true, + CreatedAt: containerCreatedAt, + Labels: map[string]string{ + agentcontainers.DevcontainerLocalFolderLabel: "/workspaces", + agentcontainers.DevcontainerConfigFileLabel: "/workspace/.devcontainer/devcontainer.json", + }, + } + ) + + // Mock the `List` function to always return the test container. + mCCLI.EXPECT().List(gomock.Any()).Return(codersdk.WorkspaceAgentListContainersResponse{ + Containers: []codersdk.WorkspaceAgentContainer{testContainer}, + }, nil).AnyTimes() + + // We're going to force the container CLI to fail, which will allow us to test the + // error handling. + simulatedError := xerrors.New("simulated error") + mCCLI.EXPECT().DetectArchitecture(gomock.Any(), testContainer.ID).Return("", simulatedError).Times(1) + + mClock.Set(containerCreatedAt).MustWait(ctx) + tickerTrap := mClock.Trap().TickerFunc("updaterLoop") + + api := agentcontainers.NewAPI(logger, + agentcontainers.WithClock(mClock), + agentcontainers.WithContainerCLI(mCCLI), + agentcontainers.WithDevcontainerCLI(fDCCLI), + agentcontainers.WithSubAgentClient(fSAC), + agentcontainers.WithSubAgentURL("test-subagent-url"), + agentcontainers.WithWatcher(watcher.NewNoop()), + ) + api.Start() + defer func() { + close(fSAC.createErrC) + api.Close() + }() + + r := chi.NewRouter() + r.Mount("/", api.Routes()) + + // Given: We allow an attempt at creation to occur. + tickerTrap.MustWait(ctx).MustRelease(ctx) + tickerTrap.Close() + + req := httptest.NewRequest(http.MethodGet, "/", nil) + rec := httptest.NewRecorder() + r.ServeHTTP(rec, req) + require.Equal(t, http.StatusOK, rec.Code) + + var response codersdk.WorkspaceAgentListContainersResponse + err := json.NewDecoder(rec.Body).Decode(&response) + require.NoError(t, err) + + // Then: We expect that there will be an error associated with the devcontainer. + require.Len(t, response.Devcontainers, 1) + require.Equal(t, "detect architecture: simulated error", response.Devcontainers[0].Error) + + gomock.InOrder( + mCCLI.EXPECT().DetectArchitecture(gomock.Any(), testContainer.ID).Return(runtime.GOARCH, nil), + mCCLI.EXPECT().ExecAs(gomock.Any(), testContainer.ID, "root", "mkdir", "-p", "/.coder-agent").Return(nil, nil), + mCCLI.EXPECT().Copy(gomock.Any(), testContainer.ID, gomock.Any(), "/.coder-agent/coder").Return(nil), + mCCLI.EXPECT().ExecAs(gomock.Any(), testContainer.ID, "root", "chmod", "0755", "/.coder-agent", "/.coder-agent/coder").Return(nil, nil), + mCCLI.EXPECT().ExecAs(gomock.Any(), testContainer.ID, "root", "/bin/sh", "-c", "chown $(id -u):$(id -g) /.coder-agent/coder").Return(nil, nil), + ) + + // Given: We allow creation to succeed. + testutil.RequireSend(ctx, t, fSAC.createErrC, nil) + + err = api.RefreshContainers(ctx) + require.NoError(t, err) + + req = httptest.NewRequest(http.MethodGet, "/", nil) + rec = httptest.NewRecorder() + r.ServeHTTP(rec, req) + require.Equal(t, http.StatusOK, rec.Code) + + response = codersdk.WorkspaceAgentListContainersResponse{} + err = json.NewDecoder(rec.Body).Decode(&response) + require.NoError(t, err) + + // Then: We expect that the error will be gone + require.Len(t, response.Devcontainers, 1) + require.Equal(t, "", response.Devcontainers[0].Error) + }) + }) + t.Run("Create", func(t *testing.T) { t.Parallel() @@ -1826,6 +2457,8 @@ func TestAPI(t *testing.T) { coderBin, err := os.Executable() require.NoError(t, err) + coderBin, err = filepath.EvalSymlinks(coderBin) + require.NoError(t, err) // Mock the `List` function to always return out test container. mCCLI.EXPECT().List(gomock.Any()).Return(codersdk.WorkspaceAgentListContainersResponse{ @@ -1838,6 +2471,7 @@ func TestAPI(t *testing.T) { mCCLI.EXPECT().ExecAs(gomock.Any(), testContainer.ID, "root", "mkdir", "-p", "/.coder-agent").Return(nil, nil), mCCLI.EXPECT().Copy(gomock.Any(), testContainer.ID, coderBin, "/.coder-agent/coder").Return(nil), mCCLI.EXPECT().ExecAs(gomock.Any(), testContainer.ID, "root", "chmod", "0755", "/.coder-agent", "/.coder-agent/coder").Return(nil, nil), + mCCLI.EXPECT().ExecAs(gomock.Any(), testContainer.ID, "root", "/bin/sh", "-c", "chown $(id -u):$(id -g) /.coder-agent/coder").Return(nil, nil), ) mClock.Set(time.Now()).MustWait(ctx) @@ -1851,6 +2485,7 @@ func TestAPI(t *testing.T) { agentcontainers.WithSubAgentURL("test-subagent-url"), agentcontainers.WithWatcher(watcher.NewNoop()), ) + api.Start() defer api.Close() // Close before api.Close() defer to avoid deadlock after test. @@ -1910,14 +2545,16 @@ func TestAPI(t *testing.T) { Running: true, CreatedAt: time.Now(), Labels: map[string]string{ - agentcontainers.DevcontainerLocalFolderLabel: "/workspaces", - agentcontainers.DevcontainerConfigFileLabel: "/workspace/.devcontainer/devcontainer.json", + agentcontainers.DevcontainerLocalFolderLabel: "/workspaces/coder", + agentcontainers.DevcontainerConfigFileLabel: "/workspaces/coder/.devcontainer/devcontainer.json", }, } ) coderBin, err := os.Executable() require.NoError(t, err) + coderBin, err = filepath.EvalSymlinks(coderBin) + require.NoError(t, err) // Mock the `List` function to always return out test container. mCCLI.EXPECT().List(gomock.Any()).Return(codersdk.WorkspaceAgentListContainersResponse{ @@ -1930,6 +2567,7 @@ func TestAPI(t *testing.T) { mCCLI.EXPECT().ExecAs(gomock.Any(), testContainer.ID, "root", "mkdir", "-p", "/.coder-agent").Return(nil, nil), mCCLI.EXPECT().Copy(gomock.Any(), testContainer.ID, coderBin, "/.coder-agent/coder").Return(nil), mCCLI.EXPECT().ExecAs(gomock.Any(), testContainer.ID, "root", "chmod", "0755", "/.coder-agent", "/.coder-agent/coder").Return(nil, nil), + mCCLI.EXPECT().ExecAs(gomock.Any(), testContainer.ID, "root", "/bin/sh", "-c", "chown $(id -u):$(id -g) /.coder-agent/coder").Return(nil, nil), ) mClock.Set(time.Now()).MustWait(ctx) @@ -1943,6 +2581,7 @@ func TestAPI(t *testing.T) { agentcontainers.WithSubAgentURL("test-subagent-url"), agentcontainers.WithWatcher(watcher.NewNoop()), ) + api.Start() defer api.Close() // Close before api.Close() defer to avoid deadlock after test. @@ -1953,13 +2592,13 @@ func TestAPI(t *testing.T) { testutil.RequireSend(ctx, t, fSAC.createErrC, nil) testutil.RequireSend(ctx, t, fDCCLI.readConfigErrC, func(env []string) error { // We expect the wrong workspace agent name passed in first. - assert.Contains(t, env, "CODER_WORKSPACE_AGENT_NAME=test-container") + assert.Contains(t, env, "CODER_WORKSPACE_AGENT_NAME=coder") return nil }) testutil.RequireSend(ctx, t, fDCCLI.readConfigErrC, func(env []string) error { // We then expect the agent name passed here to have been read from the config. assert.Contains(t, env, "CODER_WORKSPACE_AGENT_NAME=custom-name") - assert.NotContains(t, env, "CODER_WORKSPACE_AGENT_NAME=test-container") + assert.NotContains(t, env, "CODER_WORKSPACE_AGENT_NAME=coder") return nil }) @@ -1970,48 +2609,1426 @@ func TestAPI(t *testing.T) { // Then: We expected it to succeed require.Len(t, fSAC.created, 1) }) -} -// mustFindDevcontainerByPath returns the devcontainer with the given workspace -// folder path. It fails the test if no matching devcontainer is found. -func mustFindDevcontainerByPath(t *testing.T, devcontainers []codersdk.WorkspaceAgentDevcontainer, path string) codersdk.WorkspaceAgentDevcontainer { - t.Helper() + t.Run("ReadConfigWithFeatureOptions", func(t *testing.T) { + t.Parallel() - for i := range devcontainers { - if devcontainers[i].WorkspaceFolder == path { - return devcontainers[i] + if runtime.GOOS == "windows" { + t.Skip("Dev Container tests are not supported on Windows (this test uses mocks but fails due to Windows paths)") } - } - require.Failf(t, "no devcontainer found with workspace folder %q", path) - return codersdk.WorkspaceAgentDevcontainer{} // Unreachable, but required for compilation -} + var ( + ctx = testutil.Context(t, testutil.WaitMedium) + logger = testutil.Logger(t) + mClock = quartz.NewMock(t) + mCCLI = acmock.NewMockContainerCLI(gomock.NewController(t)) + fSAC = &fakeSubAgentClient{ + logger: logger.Named("fakeSubAgentClient"), + createErrC: make(chan error, 1), + } + fDCCLI = &fakeDevcontainerCLI{ + readConfig: agentcontainers.DevcontainerConfig{ + MergedConfiguration: agentcontainers.DevcontainerMergedConfiguration{ + Features: agentcontainers.DevcontainerFeatures{ + "./code-server": map[string]any{ + "port": 9090, + }, + "ghcr.io/devcontainers/features/docker-in-docker:2": map[string]any{ + "moby": "false", + }, + }, + }, + Workspace: agentcontainers.DevcontainerWorkspace{ + WorkspaceFolder: "/workspaces/coder", + }, + }, + readConfigErrC: make(chan func(envs []string) error, 2), + } -func fakeContainer(t *testing.T, mut ...func(*codersdk.WorkspaceAgentContainer)) codersdk.WorkspaceAgentContainer { - t.Helper() - ct := codersdk.WorkspaceAgentContainer{ - CreatedAt: time.Now().UTC(), - ID: uuid.New().String(), - FriendlyName: testutil.GetRandomName(t), - Image: testutil.GetRandomName(t) + ":" + strings.Split(uuid.New().String(), "-")[0], - Labels: map[string]string{ - testutil.GetRandomName(t): testutil.GetRandomName(t), - }, - Running: true, - Ports: []codersdk.WorkspaceAgentContainerPort{ - { - Network: "tcp", - Port: testutil.RandomPortNoListen(t), - HostPort: testutil.RandomPortNoListen(t), - //nolint:gosec // this is a test - HostIP: []string{"127.0.0.1", "[::1]", "localhost", "0.0.0.0", "[::]", testutil.GetRandomName(t)}[rand.Intn(6)], - }, - }, - Status: testutil.MustRandString(t, 10), - Volumes: map[string]string{testutil.GetRandomName(t): testutil.GetRandomName(t)}, + testContainer = codersdk.WorkspaceAgentContainer{ + ID: "test-container-id", + FriendlyName: "test-container", + Image: "test-image", + Running: true, + CreatedAt: time.Now(), + Labels: map[string]string{ + agentcontainers.DevcontainerLocalFolderLabel: "/workspaces/coder", + agentcontainers.DevcontainerConfigFileLabel: "/workspaces/coder/.devcontainer/devcontainer.json", + }, + } + ) + + coderBin, err := os.Executable() + require.NoError(t, err) + coderBin, err = filepath.EvalSymlinks(coderBin) + require.NoError(t, err) + + // Mock the `List` function to always return our test container. + mCCLI.EXPECT().List(gomock.Any()).Return(codersdk.WorkspaceAgentListContainersResponse{ + Containers: []codersdk.WorkspaceAgentContainer{testContainer}, + }, nil).AnyTimes() + + // Mock the steps used for injecting the coder agent. + gomock.InOrder( + mCCLI.EXPECT().DetectArchitecture(gomock.Any(), testContainer.ID).Return(runtime.GOARCH, nil), + mCCLI.EXPECT().ExecAs(gomock.Any(), testContainer.ID, "root", "mkdir", "-p", "/.coder-agent").Return(nil, nil), + mCCLI.EXPECT().Copy(gomock.Any(), testContainer.ID, coderBin, "/.coder-agent/coder").Return(nil), + mCCLI.EXPECT().ExecAs(gomock.Any(), testContainer.ID, "root", "chmod", "0755", "/.coder-agent", "/.coder-agent/coder").Return(nil, nil), + mCCLI.EXPECT().ExecAs(gomock.Any(), testContainer.ID, "root", "/bin/sh", "-c", "chown $(id -u):$(id -g) /.coder-agent/coder").Return(nil, nil), + ) + + mClock.Set(time.Now()).MustWait(ctx) + tickerTrap := mClock.Trap().TickerFunc("updaterLoop") + + api := agentcontainers.NewAPI(logger, + agentcontainers.WithClock(mClock), + agentcontainers.WithContainerCLI(mCCLI), + agentcontainers.WithDevcontainerCLI(fDCCLI), + agentcontainers.WithSubAgentClient(fSAC), + agentcontainers.WithSubAgentURL("test-subagent-url"), + agentcontainers.WithWatcher(watcher.NewNoop()), + agentcontainers.WithManifestInfo("test-user", "test-workspace", "test-parent-agent", "/parent-agent"), + ) + api.Start() + defer api.Close() + + // Close before api.Close() defer to avoid deadlock after test. + defer close(fSAC.createErrC) + defer close(fDCCLI.readConfigErrC) + + // Allow agent creation and injection to succeed. + testutil.RequireSend(ctx, t, fSAC.createErrC, nil) + + testutil.RequireSend(ctx, t, fDCCLI.readConfigErrC, func(envs []string) error { + assert.Contains(t, envs, "CODER_WORKSPACE_AGENT_NAME=coder") + assert.Contains(t, envs, "CODER_WORKSPACE_NAME=test-workspace") + assert.Contains(t, envs, "CODER_WORKSPACE_OWNER_NAME=test-user") + assert.Contains(t, envs, "CODER_WORKSPACE_PARENT_AGENT_NAME=test-parent-agent") + assert.Contains(t, envs, "CODER_URL=test-subagent-url") + assert.Contains(t, envs, "CONTAINER_ID=test-container-id") + // First call should not have feature envs. + assert.NotContains(t, envs, "FEATURE_CODE_SERVER_OPTION_PORT=9090") + assert.NotContains(t, envs, "FEATURE_DOCKER_IN_DOCKER_OPTION_MOBY=false") + return nil + }) + + testutil.RequireSend(ctx, t, fDCCLI.readConfigErrC, func(envs []string) error { + assert.Contains(t, envs, "CODER_WORKSPACE_AGENT_NAME=coder") + assert.Contains(t, envs, "CODER_WORKSPACE_NAME=test-workspace") + assert.Contains(t, envs, "CODER_WORKSPACE_OWNER_NAME=test-user") + assert.Contains(t, envs, "CODER_WORKSPACE_PARENT_AGENT_NAME=test-parent-agent") + assert.Contains(t, envs, "CODER_URL=test-subagent-url") + assert.Contains(t, envs, "CONTAINER_ID=test-container-id") + // Second call should have feature envs from the first config read. + assert.Contains(t, envs, "FEATURE_CODE_SERVER_OPTION_PORT=9090") + assert.Contains(t, envs, "FEATURE_DOCKER_IN_DOCKER_OPTION_MOBY=false") + return nil + }) + + // Wait until the ticker has been registered. + tickerTrap.MustWait(ctx).MustRelease(ctx) + tickerTrap.Close() + + // Verify agent was created successfully + require.Len(t, fSAC.created, 1) + }) + + t.Run("CommandEnv", func(t *testing.T) { + t.Parallel() + + ctx := testutil.Context(t, testutil.WaitShort) + logger := slogtest.Make(t, &slogtest.Options{IgnoreErrors: true}).Leveled(slog.LevelDebug) + + // Create fake execer to track execution details. + fakeExec := &fakeExecer{} + + // Custom CommandEnv that returns specific values. + testShell := "/bin/custom-shell" + testDir := t.TempDir() + testEnv := []string{"CUSTOM_VAR=test_value", "PATH=/custom/path"} + + commandEnv := func(ei usershell.EnvInfoer, addEnv []string) (shell, dir string, env []string, err error) { + return testShell, testDir, testEnv, nil + } + + mClock := quartz.NewMock(t) // Stop time. + + // Create API with CommandEnv. + api := agentcontainers.NewAPI(logger, + agentcontainers.WithClock(mClock), + agentcontainers.WithExecer(fakeExec), + agentcontainers.WithCommandEnv(commandEnv), + ) + api.Start() + defer api.Close() + + // Call RefreshContainers directly to trigger CommandEnv usage. + _ = api.RefreshContainers(ctx) // Ignore error since docker commands will fail. + + // Verify commands were executed through the custom shell and environment. + require.NotEmpty(t, fakeExec.commands, "commands should be executed") + + // Want: /bin/custom-shell -c '"docker" "ps" "--all" "--quiet" "--no-trunc"' + require.Equal(t, testShell, fakeExec.commands[0][0], "custom shell should be used") + if runtime.GOOS == "windows" { + require.Equal(t, "/c", fakeExec.commands[0][1], "shell should be called with /c on Windows") + } else { + require.Equal(t, "-c", fakeExec.commands[0][1], "shell should be called with -c") + } + require.Len(t, fakeExec.commands[0], 3, "command should have 3 arguments") + require.GreaterOrEqual(t, strings.Count(fakeExec.commands[0][2], " "), 2, "command/script should have multiple arguments") + require.True(t, strings.HasPrefix(fakeExec.commands[0][2], `"docker" "ps"`), "command should start with \"docker\" \"ps\"") + + // Verify the environment was set on the command. + lastCmd := fakeExec.getLastCommand() + require.NotNil(t, lastCmd, "command should be created") + require.Equal(t, testDir, lastCmd.Dir, "custom directory should be used") + require.Equal(t, testEnv, lastCmd.Env, "custom environment should be used") + }) + + t.Run("IgnoreCustomization", func(t *testing.T) { + t.Parallel() + + if runtime.GOOS == "windows" { + t.Skip("Dev Container tests are not supported on Windows (this test uses mocks but fails due to Windows paths)") + } + + ctx := testutil.Context(t, testutil.WaitShort) + + startTime := time.Date(2025, 1, 1, 12, 0, 0, 0, time.UTC) + configPath := "/workspace/project/.devcontainer/devcontainer.json" + + container := codersdk.WorkspaceAgentContainer{ + ID: "container-id", + FriendlyName: "container-name", + Running: true, + CreatedAt: startTime.Add(-1 * time.Hour), + Labels: map[string]string{ + agentcontainers.DevcontainerLocalFolderLabel: "/workspace/project", + agentcontainers.DevcontainerConfigFileLabel: configPath, + }, + } + + fLister := &fakeContainerCLI{ + containers: codersdk.WorkspaceAgentListContainersResponse{ + Containers: []codersdk.WorkspaceAgentContainer{container}, + }, + arch: runtime.GOARCH, + } + + // Start with ignore=true + fDCCLI := &fakeDevcontainerCLI{ + execErrC: make(chan func(string, ...string) error, 1), + readConfig: agentcontainers.DevcontainerConfig{ + Configuration: agentcontainers.DevcontainerConfiguration{ + Customizations: agentcontainers.DevcontainerCustomizations{ + Coder: agentcontainers.CoderCustomization{Ignore: true}, + }, + }, + Workspace: agentcontainers.DevcontainerWorkspace{WorkspaceFolder: "/workspace/project"}, + }, + } + + fakeSAC := &fakeSubAgentClient{ + logger: slogtest.Make(t, nil).Named("fakeSubAgentClient"), + agents: make(map[uuid.UUID]agentcontainers.SubAgent), + createErrC: make(chan error, 1), + deleteErrC: make(chan error, 1), + } + + mClock := quartz.NewMock(t) + mClock.Set(startTime) + fWatcher := newFakeWatcher(t) + + logger := slogtest.Make(t, nil).Leveled(slog.LevelDebug) + api := agentcontainers.NewAPI( + logger, + agentcontainers.WithDevcontainerCLI(fDCCLI), + agentcontainers.WithContainerCLI(fLister), + agentcontainers.WithSubAgentClient(fakeSAC), + agentcontainers.WithWatcher(fWatcher), + agentcontainers.WithClock(mClock), + ) + api.Start() + defer func() { + close(fakeSAC.createErrC) + close(fakeSAC.deleteErrC) + api.Close() + }() + + err := api.RefreshContainers(ctx) + require.NoError(t, err, "RefreshContainers should not error") + + r := chi.NewRouter() + r.Mount("/", api.Routes()) + + t.Log("Phase 1: Test ignore=true filters out devcontainer") + req := httptest.NewRequest(http.MethodGet, "/", nil).WithContext(ctx) + rec := httptest.NewRecorder() + r.ServeHTTP(rec, req) + require.Equal(t, http.StatusOK, rec.Code) + + var response codersdk.WorkspaceAgentListContainersResponse + err = json.NewDecoder(rec.Body).Decode(&response) + require.NoError(t, err) + + assert.Empty(t, response.Devcontainers, "ignored devcontainer should not be in response when ignore=true") + assert.Len(t, response.Containers, 1, "regular container should still be listed") + + t.Log("Phase 2: Change to ignore=false") + fDCCLI.readConfig.Configuration.Customizations.Coder.Ignore = false + var ( + exitSubAgent = make(chan struct{}) + subAgentExited = make(chan struct{}) + exitSubAgentOnce sync.Once + ) + defer func() { + exitSubAgentOnce.Do(func() { + close(exitSubAgent) + }) + }() + execSubAgent := func(cmd string, args ...string) error { + if len(args) != 1 || args[0] != "agent" { + t.Log("execSubAgent called with unexpected arguments", cmd, args) + return nil + } + defer close(subAgentExited) + select { + case <-exitSubAgent: + case <-ctx.Done(): + return ctx.Err() + } + return nil + } + testutil.RequireSend(ctx, t, fDCCLI.execErrC, execSubAgent) + testutil.RequireSend(ctx, t, fakeSAC.createErrC, nil) + + fWatcher.sendEventWaitNextCalled(ctx, fsnotify.Event{ + Name: configPath, + Op: fsnotify.Write, + }) + + require.Eventuallyf(t, func() bool { + err = api.RefreshContainers(ctx) + require.NoError(t, err) + + return len(fakeSAC.agents) == 1 + }, testutil.WaitShort, testutil.IntervalFast, "subagent should be created after config change") + + t.Log("Phase 2: Cont, waiting for sub agent to exit") + exitSubAgentOnce.Do(func() { + close(exitSubAgent) + }) + select { + case <-subAgentExited: + case <-ctx.Done(): + t.Fatal("timeout waiting for sub agent to exit") + } + + req = httptest.NewRequest(http.MethodGet, "/", nil).WithContext(ctx) + rec = httptest.NewRecorder() + r.ServeHTTP(rec, req) + require.Equal(t, http.StatusOK, rec.Code) + + err = json.NewDecoder(rec.Body).Decode(&response) + require.NoError(t, err) + + assert.Len(t, response.Devcontainers, 1, "devcontainer should be in response when ignore=false") + assert.Len(t, response.Containers, 1, "regular container should still be listed") + assert.Equal(t, "/workspace/project", response.Devcontainers[0].WorkspaceFolder) + require.Len(t, fakeSAC.created, 1, "sub agent should be created when ignore=false") + createdAgentID := fakeSAC.created[0].ID + + t.Log("Phase 3: Change back to ignore=true and test sub agent deletion") + fDCCLI.readConfig.Configuration.Customizations.Coder.Ignore = true + testutil.RequireSend(ctx, t, fakeSAC.deleteErrC, nil) + + fWatcher.sendEventWaitNextCalled(ctx, fsnotify.Event{ + Name: configPath, + Op: fsnotify.Write, + }) + + require.Eventuallyf(t, func() bool { + err = api.RefreshContainers(ctx) + require.NoError(t, err) + + return len(fakeSAC.agents) == 0 + }, testutil.WaitShort, testutil.IntervalFast, "subagent should be deleted after config change") + + req = httptest.NewRequest(http.MethodGet, "/", nil).WithContext(ctx) + rec = httptest.NewRecorder() + r.ServeHTTP(rec, req) + require.Equal(t, http.StatusOK, rec.Code) + + err = json.NewDecoder(rec.Body).Decode(&response) + require.NoError(t, err) + + assert.Empty(t, response.Devcontainers, "devcontainer should be filtered out when ignore=true again") + assert.Len(t, response.Containers, 1, "regular container should still be listed") + require.Len(t, fakeSAC.deleted, 1, "sub agent should be deleted when ignore=true") + assert.Equal(t, createdAgentID, fakeSAC.deleted[0], "the same sub agent that was created should be deleted") + }) +} + +// mustFindDevcontainerByPath returns the devcontainer with the given workspace +// folder path. It fails the test if no matching devcontainer is found. +func mustFindDevcontainerByPath(t *testing.T, devcontainers []codersdk.WorkspaceAgentDevcontainer, path string) codersdk.WorkspaceAgentDevcontainer { + t.Helper() + + for i := range devcontainers { + if devcontainers[i].WorkspaceFolder == path { + return devcontainers[i] + } + } + + require.Failf(t, "no devcontainer found with workspace folder %q", path) + return codersdk.WorkspaceAgentDevcontainer{} // Unreachable, but required for compilation +} + +// TestSubAgentCreationWithNameRetry tests the retry logic when unique constraint violations occur +func TestSubAgentCreationWithNameRetry(t *testing.T) { + t.Parallel() + + if runtime.GOOS == "windows" { + t.Skip("Dev Container tests are not supported on Windows") + } + + tests := []struct { + name string + workspaceFolders []string + expectedNames []string + takenNames []string + }{ + { + name: "SingleCollision", + workspaceFolders: []string{ + "/home/coder/foo/project", + "/home/coder/bar/project", + }, + expectedNames: []string{ + "project", + "bar-project", + }, + }, + { + name: "MultipleCollisions", + workspaceFolders: []string{ + "/home/coder/foo/x/project", + "/home/coder/bar/x/project", + "/home/coder/baz/x/project", + }, + expectedNames: []string{ + "project", + "x-project", + "baz-x-project", + }, + }, + { + name: "NameAlreadyTaken", + takenNames: []string{"project", "x-project"}, + workspaceFolders: []string{ + "/home/coder/foo/x/project", + }, + expectedNames: []string{ + "foo-x-project", + }, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + + var ( + ctx = testutil.Context(t, testutil.WaitMedium) + logger = testutil.Logger(t) + mClock = quartz.NewMock(t) + fSAC = &fakeSubAgentClient{logger: logger, agents: make(map[uuid.UUID]agentcontainers.SubAgent)} + ccli = &fakeContainerCLI{arch: runtime.GOARCH} + ) + + for _, name := range tt.takenNames { + fSAC.agents[uuid.New()] = agentcontainers.SubAgent{Name: name} + } + + mClock.Set(time.Now()).MustWait(ctx) + tickerTrap := mClock.Trap().TickerFunc("updaterLoop") + + api := agentcontainers.NewAPI(logger, + agentcontainers.WithClock(mClock), + agentcontainers.WithContainerCLI(ccli), + agentcontainers.WithDevcontainerCLI(&fakeDevcontainerCLI{}), + agentcontainers.WithSubAgentClient(fSAC), + agentcontainers.WithWatcher(watcher.NewNoop()), + ) + api.Start() + defer api.Close() + + tickerTrap.MustWait(ctx).MustRelease(ctx) + tickerTrap.Close() + + for i, workspaceFolder := range tt.workspaceFolders { + ccli.containers.Containers = append(ccli.containers.Containers, newFakeContainer( + fmt.Sprintf("container%d", i+1), + fmt.Sprintf("/.devcontainer/devcontainer%d.json", i+1), + workspaceFolder, + )) + + err := api.RefreshContainers(ctx) + require.NoError(t, err) + } + + // Verify that both agents were created with expected names + require.Len(t, fSAC.created, len(tt.workspaceFolders)) + + actualNames := make([]string, len(fSAC.created)) + for i, agent := range fSAC.created { + actualNames[i] = agent.Name + } + + slices.Sort(tt.expectedNames) + slices.Sort(actualNames) + + assert.Equal(t, tt.expectedNames, actualNames) + }) + } +} + +func newFakeContainer(id, configPath, workspaceFolder string) codersdk.WorkspaceAgentContainer { + return codersdk.WorkspaceAgentContainer{ + ID: id, + FriendlyName: "test-friendly", + Image: "test-image:latest", + Labels: map[string]string{ + agentcontainers.DevcontainerLocalFolderLabel: workspaceFolder, + agentcontainers.DevcontainerConfigFileLabel: configPath, + }, + Running: true, + } +} + +func fakeContainer(t *testing.T, mut ...func(*codersdk.WorkspaceAgentContainer)) codersdk.WorkspaceAgentContainer { + t.Helper() + ct := codersdk.WorkspaceAgentContainer{ + CreatedAt: time.Now().UTC(), + ID: uuid.New().String(), + FriendlyName: testutil.GetRandomName(t), + Image: testutil.GetRandomName(t) + ":" + strings.Split(uuid.New().String(), "-")[0], + Labels: map[string]string{ + testutil.GetRandomName(t): testutil.GetRandomName(t), + }, + Running: true, + Ports: []codersdk.WorkspaceAgentContainerPort{ + { + Network: "tcp", + Port: testutil.RandomPortNoListen(t), + HostPort: testutil.RandomPortNoListen(t), + //nolint:gosec // this is a test + HostIP: []string{"127.0.0.1", "[::1]", "localhost", "0.0.0.0", "[::]", testutil.GetRandomName(t)}[rand.Intn(6)], + }, + }, + Status: testutil.MustRandString(t, 10), + Volumes: map[string]string{testutil.GetRandomName(t): testutil.GetRandomName(t)}, } for _, m := range mut { m(&ct) } return ct } + +func TestWithDevcontainersNameGeneration(t *testing.T) { + t.Parallel() + + if runtime.GOOS == "windows" { + t.Skip("Dev Container tests are not supported on Windows") + } + + devcontainers := []codersdk.WorkspaceAgentDevcontainer{ + { + ID: uuid.New(), + Name: "original-name", + WorkspaceFolder: "/home/coder/foo/project", + ConfigPath: "/home/coder/foo/project/.devcontainer/devcontainer.json", + }, + { + ID: uuid.New(), + Name: "another-name", + WorkspaceFolder: "/home/coder/bar/project", + ConfigPath: "/home/coder/bar/project/.devcontainer/devcontainer.json", + }, + } + + scripts := []codersdk.WorkspaceAgentScript{ + {ID: devcontainers[0].ID, LogSourceID: uuid.New()}, + {ID: devcontainers[1].ID, LogSourceID: uuid.New()}, + } + + logger := testutil.Logger(t) + + // This should trigger the WithDevcontainers code path where names are generated + api := agentcontainers.NewAPI(logger, + agentcontainers.WithDevcontainers(devcontainers, scripts), + agentcontainers.WithContainerCLI(&fakeContainerCLI{ + containers: codersdk.WorkspaceAgentListContainersResponse{ + Containers: []codersdk.WorkspaceAgentContainer{ + fakeContainer(t, func(c *codersdk.WorkspaceAgentContainer) { + c.ID = "some-container-id-1" + c.FriendlyName = "container-name-1" + c.Labels[agentcontainers.DevcontainerLocalFolderLabel] = "/home/coder/baz/project" + c.Labels[agentcontainers.DevcontainerConfigFileLabel] = "/home/coder/baz/project/.devcontainer/devcontainer.json" + }), + }, + }, + }), + agentcontainers.WithDevcontainerCLI(&fakeDevcontainerCLI{}), + agentcontainers.WithSubAgentClient(&fakeSubAgentClient{}), + agentcontainers.WithWatcher(watcher.NewNoop()), + ) + defer api.Close() + api.Start() + + r := chi.NewRouter() + r.Mount("/", api.Routes()) + + ctx := context.Background() + + err := api.RefreshContainers(ctx) + require.NoError(t, err, "RefreshContainers should not error") + + // Initial request returns the initial data. + req := httptest.NewRequest(http.MethodGet, "/", nil). + WithContext(ctx) + rec := httptest.NewRecorder() + r.ServeHTTP(rec, req) + + require.Equal(t, http.StatusOK, rec.Code) + var response codersdk.WorkspaceAgentListContainersResponse + err = json.NewDecoder(rec.Body).Decode(&response) + require.NoError(t, err) + + // Verify the devcontainers have the expected names. + require.Len(t, response.Devcontainers, 3, "should have two devcontainers") + assert.NotEqual(t, "original-name", response.Devcontainers[2].Name, "first devcontainer should not keep original name") + assert.Equal(t, "project", response.Devcontainers[2].Name, "first devcontainer should use the project folder name") + assert.NotEqual(t, "another-name", response.Devcontainers[0].Name, "second devcontainer should not keep original name") + assert.Equal(t, "bar-project", response.Devcontainers[0].Name, "second devcontainer should has a collision and uses the folder name with a prefix") + assert.Equal(t, "baz-project", response.Devcontainers[1].Name, "third devcontainer should use the folder name with a prefix since it collides with the first two") +} + +func TestDevcontainerDiscovery(t *testing.T) { + t.Parallel() + + if runtime.GOOS == "windows" { + t.Skip("Dev Container tests are not supported on Windows") + } + + // We discover dev container projects by searching + // for git repositories at the agent's directory, + // and then recursively walking through these git + // repositories to find any `.devcontainer/devcontainer.json` + // files. These tests are to validate that behavior. + + homeDir, err := os.UserHomeDir() + require.NoError(t, err) + + tests := []struct { + name string + agentDir string + fs map[string]string + expected []codersdk.WorkspaceAgentDevcontainer + }{ + { + name: "GitProjectInRootDir/SingleProject", + agentDir: "/home/coder", + fs: map[string]string{ + "/home/coder/.git/HEAD": "", + "/home/coder/.devcontainer/devcontainer.json": "", + }, + expected: []codersdk.WorkspaceAgentDevcontainer{ + { + WorkspaceFolder: "/home/coder", + ConfigPath: "/home/coder/.devcontainer/devcontainer.json", + Status: codersdk.WorkspaceAgentDevcontainerStatusStopped, + }, + }, + }, + { + name: "GitProjectInRootDir/MultipleProjects", + agentDir: "/home/coder", + fs: map[string]string{ + "/home/coder/.git/HEAD": "", + "/home/coder/.devcontainer/devcontainer.json": "", + "/home/coder/site/.devcontainer/devcontainer.json": "", + }, + expected: []codersdk.WorkspaceAgentDevcontainer{ + { + WorkspaceFolder: "/home/coder", + ConfigPath: "/home/coder/.devcontainer/devcontainer.json", + Status: codersdk.WorkspaceAgentDevcontainerStatusStopped, + }, + { + WorkspaceFolder: "/home/coder/site", + ConfigPath: "/home/coder/site/.devcontainer/devcontainer.json", + Status: codersdk.WorkspaceAgentDevcontainerStatusStopped, + }, + }, + }, + { + name: "GitProjectInChildDir/SingleProject", + agentDir: "/home/coder", + fs: map[string]string{ + "/home/coder/coder/.git/HEAD": "", + "/home/coder/coder/.devcontainer/devcontainer.json": "", + }, + expected: []codersdk.WorkspaceAgentDevcontainer{ + { + WorkspaceFolder: "/home/coder/coder", + ConfigPath: "/home/coder/coder/.devcontainer/devcontainer.json", + Status: codersdk.WorkspaceAgentDevcontainerStatusStopped, + }, + }, + }, + { + name: "GitProjectInChildDir/MultipleProjects", + agentDir: "/home/coder", + fs: map[string]string{ + "/home/coder/coder/.git/HEAD": "", + "/home/coder/coder/.devcontainer/devcontainer.json": "", + "/home/coder/coder/site/.devcontainer/devcontainer.json": "", + }, + expected: []codersdk.WorkspaceAgentDevcontainer{ + { + WorkspaceFolder: "/home/coder/coder", + ConfigPath: "/home/coder/coder/.devcontainer/devcontainer.json", + Status: codersdk.WorkspaceAgentDevcontainerStatusStopped, + }, + { + WorkspaceFolder: "/home/coder/coder/site", + ConfigPath: "/home/coder/coder/site/.devcontainer/devcontainer.json", + Status: codersdk.WorkspaceAgentDevcontainerStatusStopped, + }, + }, + }, + { + name: "GitProjectInMultipleChildDirs/SingleProjectEach", + agentDir: "/home/coder", + fs: map[string]string{ + "/home/coder/coder/.git/HEAD": "", + "/home/coder/coder/.devcontainer/devcontainer.json": "", + "/home/coder/envbuilder/.git/HEAD": "", + "/home/coder/envbuilder/.devcontainer/devcontainer.json": "", + }, + expected: []codersdk.WorkspaceAgentDevcontainer{ + { + WorkspaceFolder: "/home/coder/coder", + ConfigPath: "/home/coder/coder/.devcontainer/devcontainer.json", + Status: codersdk.WorkspaceAgentDevcontainerStatusStopped, + }, + { + WorkspaceFolder: "/home/coder/envbuilder", + ConfigPath: "/home/coder/envbuilder/.devcontainer/devcontainer.json", + Status: codersdk.WorkspaceAgentDevcontainerStatusStopped, + }, + }, + }, + { + name: "GitProjectInMultipleChildDirs/MultipleProjectEach", + agentDir: "/home/coder", + fs: map[string]string{ + "/home/coder/coder/.git/HEAD": "", + "/home/coder/coder/.devcontainer/devcontainer.json": "", + "/home/coder/coder/site/.devcontainer/devcontainer.json": "", + "/home/coder/envbuilder/.git/HEAD": "", + "/home/coder/envbuilder/.devcontainer/devcontainer.json": "", + "/home/coder/envbuilder/x/.devcontainer/devcontainer.json": "", + }, + expected: []codersdk.WorkspaceAgentDevcontainer{ + { + WorkspaceFolder: "/home/coder/coder", + ConfigPath: "/home/coder/coder/.devcontainer/devcontainer.json", + Status: codersdk.WorkspaceAgentDevcontainerStatusStopped, + }, + { + WorkspaceFolder: "/home/coder/coder/site", + ConfigPath: "/home/coder/coder/site/.devcontainer/devcontainer.json", + Status: codersdk.WorkspaceAgentDevcontainerStatusStopped, + }, + { + WorkspaceFolder: "/home/coder/envbuilder", + ConfigPath: "/home/coder/envbuilder/.devcontainer/devcontainer.json", + Status: codersdk.WorkspaceAgentDevcontainerStatusStopped, + }, + { + WorkspaceFolder: "/home/coder/envbuilder/x", + ConfigPath: "/home/coder/envbuilder/x/.devcontainer/devcontainer.json", + Status: codersdk.WorkspaceAgentDevcontainerStatusStopped, + }, + }, + }, + { + name: "RespectGitIgnore", + agentDir: "/home/coder", + fs: map[string]string{ + "/home/coder/coder/.git/HEAD": "", + "/home/coder/coder/.gitignore": "y/", + "/home/coder/coder/.devcontainer.json": "", + "/home/coder/coder/x/y/.devcontainer.json": "", + }, + expected: []codersdk.WorkspaceAgentDevcontainer{ + { + WorkspaceFolder: "/home/coder/coder", + ConfigPath: "/home/coder/coder/.devcontainer.json", + Status: codersdk.WorkspaceAgentDevcontainerStatusStopped, + }, + }, + }, + { + name: "RespectNestedGitIgnore", + agentDir: "/home/coder", + fs: map[string]string{ + "/home/coder/coder/.git/HEAD": "", + "/home/coder/coder/.devcontainer.json": "", + "/home/coder/coder/y/.devcontainer.json": "", + "/home/coder/coder/x/.gitignore": "y/", + "/home/coder/coder/x/y/.devcontainer.json": "", + }, + expected: []codersdk.WorkspaceAgentDevcontainer{ + { + WorkspaceFolder: "/home/coder/coder", + ConfigPath: "/home/coder/coder/.devcontainer.json", + Status: codersdk.WorkspaceAgentDevcontainerStatusStopped, + }, + { + WorkspaceFolder: "/home/coder/coder/y", + ConfigPath: "/home/coder/coder/y/.devcontainer.json", + Status: codersdk.WorkspaceAgentDevcontainerStatusStopped, + }, + }, + }, + { + name: "RespectGitInfoExclude", + agentDir: "/home/coder", + fs: map[string]string{ + "/home/coder/coder/.git/HEAD": "", + "/home/coder/coder/.git/info/exclude": "y/", + "/home/coder/coder/.devcontainer.json": "", + "/home/coder/coder/x/y/.devcontainer.json": "", + }, + expected: []codersdk.WorkspaceAgentDevcontainer{ + { + WorkspaceFolder: "/home/coder/coder", + ConfigPath: "/home/coder/coder/.devcontainer.json", + Status: codersdk.WorkspaceAgentDevcontainerStatusStopped, + }, + }, + }, + { + name: "RespectHomeGitConfig", + agentDir: homeDir, + fs: map[string]string{ + "/tmp/.gitignore": "node_modules/", + filepath.Join(homeDir, ".gitconfig"): ` + [core] + excludesFile = /tmp/.gitignore + `, + + filepath.Join(homeDir, ".git/HEAD"): "", + filepath.Join(homeDir, ".devcontainer.json"): "", + filepath.Join(homeDir, "node_modules/y/.devcontainer.json"): "", + }, + expected: []codersdk.WorkspaceAgentDevcontainer{ + { + WorkspaceFolder: homeDir, + ConfigPath: filepath.Join(homeDir, ".devcontainer.json"), + Status: codersdk.WorkspaceAgentDevcontainerStatusStopped, + }, + }, + }, + { + name: "IgnoreNonsenseDevcontainerNames", + agentDir: "/home/coder", + fs: map[string]string{ + "/home/coder/.git/HEAD": "", + + "/home/coder/.devcontainer/devcontainer.json.bak": "", + "/home/coder/.devcontainer/devcontainer.json.old": "", + "/home/coder/.devcontainer/devcontainer.json~": "", + "/home/coder/.devcontainer/notdevcontainer.json": "", + "/home/coder/.devcontainer/devcontainer.json.swp": "", + + "/home/coder/foo/.devcontainer.json.bak": "", + "/home/coder/foo/.devcontainer.json.old": "", + "/home/coder/foo/.devcontainer.json~": "", + "/home/coder/foo/.notdevcontainer.json": "", + "/home/coder/foo/.devcontainer.json.swp": "", + + "/home/coder/bar/.devcontainer.json": "", + }, + expected: []codersdk.WorkspaceAgentDevcontainer{ + { + WorkspaceFolder: "/home/coder/bar", + ConfigPath: "/home/coder/bar/.devcontainer.json", + Status: codersdk.WorkspaceAgentDevcontainerStatusStopped, + }, + }, + }, + } + + initFS := func(t *testing.T, files map[string]string) afero.Fs { + t.Helper() + + fs := afero.NewMemMapFs() + for name, content := range files { + err := afero.WriteFile(fs, name, []byte(content+"\n"), 0o600) + require.NoError(t, err) + } + return fs + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + + var ( + ctx = testutil.Context(t, testutil.WaitShort) + logger = testutil.Logger(t) + mClock = quartz.NewMock(t) + tickerTrap = mClock.Trap().TickerFunc("updaterLoop") + + r = chi.NewRouter() + ) + + api := agentcontainers.NewAPI(logger, + agentcontainers.WithClock(mClock), + agentcontainers.WithWatcher(watcher.NewNoop()), + agentcontainers.WithFileSystem(initFS(t, tt.fs)), + agentcontainers.WithManifestInfo("owner", "workspace", "parent-agent", tt.agentDir), + agentcontainers.WithContainerCLI(&fakeContainerCLI{}), + agentcontainers.WithDevcontainerCLI(&fakeDevcontainerCLI{}), + agentcontainers.WithProjectDiscovery(true), + ) + api.Start() + defer api.Close() + r.Mount("/", api.Routes()) + + tickerTrap.MustWait(ctx).MustRelease(ctx) + tickerTrap.Close() + + // Wait until all projects have been discovered + require.Eventuallyf(t, func() bool { + req := httptest.NewRequest(http.MethodGet, "/", nil).WithContext(ctx) + rec := httptest.NewRecorder() + r.ServeHTTP(rec, req) + + got := codersdk.WorkspaceAgentListContainersResponse{} + err := json.NewDecoder(rec.Body).Decode(&got) + require.NoError(t, err) + + return len(got.Devcontainers) >= len(tt.expected) + }, testutil.WaitShort, testutil.IntervalFast, "dev containers never found") + + // Now projects have been discovered, we'll allow the updater loop + // to set the appropriate status for these containers. + _, aw := mClock.AdvanceNext() + aw.MustWait(ctx) + + // Now we'll fetch the list of dev containers + req := httptest.NewRequest(http.MethodGet, "/", nil).WithContext(ctx) + rec := httptest.NewRecorder() + r.ServeHTTP(rec, req) + + got := codersdk.WorkspaceAgentListContainersResponse{} + err := json.NewDecoder(rec.Body).Decode(&got) + require.NoError(t, err) + + // We will set the IDs of each dev container to uuid.Nil to simplify + // this check. + for idx := range got.Devcontainers { + got.Devcontainers[idx].ID = uuid.Nil + } + + // Sort the expected dev containers and got dev containers by their workspace folder. + // This helps ensure a deterministic test. + slices.SortFunc(tt.expected, func(a, b codersdk.WorkspaceAgentDevcontainer) int { + return strings.Compare(a.WorkspaceFolder, b.WorkspaceFolder) + }) + slices.SortFunc(got.Devcontainers, func(a, b codersdk.WorkspaceAgentDevcontainer) int { + return strings.Compare(a.WorkspaceFolder, b.WorkspaceFolder) + }) + + require.Equal(t, tt.expected, got.Devcontainers) + }) + } + + t.Run("NoErrorWhenAgentDirAbsent", func(t *testing.T) { + t.Parallel() + + logger := testutil.Logger(t) + + // Given: We have an empty agent directory + agentDir := "" + + api := agentcontainers.NewAPI(logger, + agentcontainers.WithWatcher(watcher.NewNoop()), + agentcontainers.WithManifestInfo("owner", "workspace", "parent-agent", agentDir), + agentcontainers.WithContainerCLI(&fakeContainerCLI{}), + agentcontainers.WithDevcontainerCLI(&fakeDevcontainerCLI{}), + agentcontainers.WithProjectDiscovery(true), + ) + + // When: We start and close the API + api.Start() + api.Close() + + // Then: We expect there to have been no errors. + // This is implicitly handled by `testutil.Logger` failing when it + // detects an error has been logged. + }) + + t.Run("AutoStart", func(t *testing.T) { + t.Parallel() + + tests := []struct { + name string + agentDir string + fs map[string]string + configMap map[string]agentcontainers.DevcontainerConfig + expectDevcontainerCount int + expectUpCalledCount int + }{ + { + name: "SingleEnabled", + agentDir: "/home/coder", + expectDevcontainerCount: 1, + expectUpCalledCount: 1, + fs: map[string]string{ + "/home/coder/.git/HEAD": "", + "/home/coder/.devcontainer/devcontainer.json": "", + }, + configMap: map[string]agentcontainers.DevcontainerConfig{ + "/home/coder/.devcontainer/devcontainer.json": { + Configuration: agentcontainers.DevcontainerConfiguration{ + Customizations: agentcontainers.DevcontainerCustomizations{ + Coder: agentcontainers.CoderCustomization{ + AutoStart: true, + }, + }, + }, + }, + }, + }, + { + name: "SingleDisabled", + agentDir: "/home/coder", + expectDevcontainerCount: 1, + expectUpCalledCount: 0, + fs: map[string]string{ + "/home/coder/.git/HEAD": "", + "/home/coder/.devcontainer/devcontainer.json": "", + }, + configMap: map[string]agentcontainers.DevcontainerConfig{ + "/home/coder/.devcontainer/devcontainer.json": { + Configuration: agentcontainers.DevcontainerConfiguration{ + Customizations: agentcontainers.DevcontainerCustomizations{ + Coder: agentcontainers.CoderCustomization{ + AutoStart: false, + }, + }, + }, + }, + }, + }, + { + name: "OneEnabledOneDisabled", + agentDir: "/home/coder", + expectDevcontainerCount: 2, + expectUpCalledCount: 1, + fs: map[string]string{ + "/home/coder/.git/HEAD": "", + "/home/coder/.devcontainer/devcontainer.json": "", + "/home/coder/project/.devcontainer.json": "", + }, + configMap: map[string]agentcontainers.DevcontainerConfig{ + "/home/coder/.devcontainer/devcontainer.json": { + Configuration: agentcontainers.DevcontainerConfiguration{ + Customizations: agentcontainers.DevcontainerCustomizations{ + Coder: agentcontainers.CoderCustomization{ + AutoStart: true, + }, + }, + }, + }, + "/home/coder/project/.devcontainer.json": { + Configuration: agentcontainers.DevcontainerConfiguration{ + Customizations: agentcontainers.DevcontainerCustomizations{ + Coder: agentcontainers.CoderCustomization{ + AutoStart: false, + }, + }, + }, + }, + }, + }, + { + name: "MultipleEnabled", + agentDir: "/home/coder", + expectDevcontainerCount: 2, + expectUpCalledCount: 2, + fs: map[string]string{ + "/home/coder/.git/HEAD": "", + "/home/coder/.devcontainer/devcontainer.json": "", + "/home/coder/project/.devcontainer.json": "", + }, + configMap: map[string]agentcontainers.DevcontainerConfig{ + "/home/coder/.devcontainer/devcontainer.json": { + Configuration: agentcontainers.DevcontainerConfiguration{ + Customizations: agentcontainers.DevcontainerCustomizations{ + Coder: agentcontainers.CoderCustomization{ + AutoStart: true, + }, + }, + }, + }, + "/home/coder/project/.devcontainer.json": { + Configuration: agentcontainers.DevcontainerConfiguration{ + Customizations: agentcontainers.DevcontainerCustomizations{ + Coder: agentcontainers.CoderCustomization{ + AutoStart: true, + }, + }, + }, + }, + }, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + + var ( + ctx = testutil.Context(t, testutil.WaitShort) + logger = testutil.Logger(t) + mClock = quartz.NewMock(t) + + upCalledMu sync.Mutex + upCalledFor = map[string]bool{} + + fCCLI = &fakeContainerCLI{} + fDCCLI = &fakeDevcontainerCLI{ + configMap: tt.configMap, + up: func(_, configPath string) (string, error) { + upCalledMu.Lock() + upCalledFor[configPath] = true + upCalledMu.Unlock() + return "", nil + }, + } + + r = chi.NewRouter() + ) + + api := agentcontainers.NewAPI(logger, + agentcontainers.WithClock(mClock), + agentcontainers.WithWatcher(watcher.NewNoop()), + agentcontainers.WithFileSystem(initFS(t, tt.fs)), + agentcontainers.WithManifestInfo("owner", "workspace", "parent-agent", "/home/coder"), + agentcontainers.WithContainerCLI(fCCLI), + agentcontainers.WithDevcontainerCLI(fDCCLI), + agentcontainers.WithProjectDiscovery(true), + agentcontainers.WithDiscoveryAutostart(true), + ) + api.Start() + r.Mount("/", api.Routes()) + + // Given: We allow the discover routing to progress + var got codersdk.WorkspaceAgentListContainersResponse + require.Eventuallyf(t, func() bool { + req := httptest.NewRequest(http.MethodGet, "/", nil).WithContext(ctx) + rec := httptest.NewRecorder() + r.ServeHTTP(rec, req) + + got = codersdk.WorkspaceAgentListContainersResponse{} + err := json.NewDecoder(rec.Body).Decode(&got) + require.NoError(t, err) + + upCalledMu.Lock() + upCalledCount := len(upCalledFor) + upCalledMu.Unlock() + + return len(got.Devcontainers) >= tt.expectDevcontainerCount && upCalledCount >= tt.expectUpCalledCount + }, testutil.WaitShort, testutil.IntervalFast, "dev containers never found") + + // Close the API. We expect this not to fail because we should have finished + // at this point. + err := api.Close() + require.NoError(t, err) + + // Then: We expect to find the expected devcontainers + assert.Len(t, got.Devcontainers, tt.expectDevcontainerCount) + + // And: We expect `up` to have been called the expected amount of times. + assert.Len(t, upCalledFor, tt.expectUpCalledCount) + + // And: `up` was called on the correct containers + for configPath, config := range tt.configMap { + autoStart := config.Configuration.Customizations.Coder.AutoStart + wasUpCalled := upCalledFor[configPath] + + require.Equal(t, autoStart, wasUpCalled) + } + }) + } + + t.Run("Disabled", func(t *testing.T) { + t.Parallel() + var ( + ctx = testutil.Context(t, testutil.WaitShort) + logger = testutil.Logger(t) + mClock = quartz.NewMock(t) + mDCCLI = acmock.NewMockDevcontainerCLI(gomock.NewController(t)) + + fs = map[string]string{ + "/home/coder/.git/HEAD": "", + "/home/coder/.devcontainer/devcontainer.json": "", + } + + r = chi.NewRouter() + ) + + // We expect that neither `ReadConfig`, nor `Up` are called as we + // have explicitly disabled the agentcontainers API from attempting + // to autostart devcontainers that it discovers. + mDCCLI.EXPECT().ReadConfig(gomock.Any(), + "/home/coder", + "/home/coder/.devcontainer/devcontainer.json", + []string{}, + ).Return(agentcontainers.DevcontainerConfig{ + Configuration: agentcontainers.DevcontainerConfiguration{ + Customizations: agentcontainers.DevcontainerCustomizations{ + Coder: agentcontainers.CoderCustomization{ + AutoStart: true, + }, + }, + }, + }, nil).Times(0) + + mDCCLI.EXPECT().Up(gomock.Any(), + "/home/coder", + "/home/coder/.devcontainer/devcontainer.json", + gomock.Any(), + ).Return("", nil).Times(0) + + api := agentcontainers.NewAPI(logger, + agentcontainers.WithClock(mClock), + agentcontainers.WithWatcher(watcher.NewNoop()), + agentcontainers.WithFileSystem(initFS(t, fs)), + agentcontainers.WithManifestInfo("owner", "workspace", "parent-agent", "/home/coder"), + agentcontainers.WithContainerCLI(&fakeContainerCLI{}), + agentcontainers.WithDevcontainerCLI(mDCCLI), + agentcontainers.WithProjectDiscovery(true), + agentcontainers.WithDiscoveryAutostart(false), + ) + api.Start() + defer api.Close() + r.Mount("/", api.Routes()) + + // When: All expected dev containers have been found. + require.Eventuallyf(t, func() bool { + req := httptest.NewRequest(http.MethodGet, "/", nil).WithContext(ctx) + rec := httptest.NewRecorder() + r.ServeHTTP(rec, req) + + got := codersdk.WorkspaceAgentListContainersResponse{} + err := json.NewDecoder(rec.Body).Decode(&got) + require.NoError(t, err) + + return len(got.Devcontainers) >= 1 + }, testutil.WaitShort, testutil.IntervalFast, "dev containers never found") + + // Then: We expect the mock infra to not fail. + }) + }) +} + +// TestDevcontainerPrebuildSupport validates that devcontainers survive the transition +// from prebuild to claimed workspace, ensuring the existing container is reused +// with updated configuration rather than being recreated. +func TestDevcontainerPrebuildSupport(t *testing.T) { + t.Parallel() + + if runtime.GOOS == "windows" { + t.Skip("Dev Container tests are not supported on Windows") + } + + var ( + ctx = testutil.Context(t, testutil.WaitShort) + logger = testutil.Logger(t) + + fDCCLI = &fakeDevcontainerCLI{readConfigErrC: make(chan func(envs []string) error, 1)} + fCCLI = &fakeContainerCLI{arch: runtime.GOARCH} + fSAC = &fakeSubAgentClient{} + + testDC = codersdk.WorkspaceAgentDevcontainer{ + ID: uuid.New(), + WorkspaceFolder: "/home/coder/coder", + ConfigPath: "/home/coder/coder/.devcontainer/devcontainer.json", + } + + testContainer = newFakeContainer("test-container-id", testDC.ConfigPath, testDC.WorkspaceFolder) + + prebuildOwner = "prebuilds" + prebuildWorkspace = "prebuilds-xyz-123" + prebuildAppURL = "prebuilds.zed" + + userOwner = "user" + userWorkspace = "user-workspace" + userAppURL = "user.zed" + ) + + // ================================================== + // PHASE 1: Prebuild workspace creates devcontainer + // ================================================== + + // Given: There are no containers initially. + fCCLI.containers = codersdk.WorkspaceAgentListContainersResponse{} + + api := agentcontainers.NewAPI(logger, + // We want this first `agentcontainers.API` to have a manifest info + // that is consistent with what a prebuild workspace would have. + agentcontainers.WithManifestInfo(prebuildOwner, prebuildWorkspace, "dev", "/home/coder"), + // Given: We start with a single dev container resource. + agentcontainers.WithDevcontainers( + []codersdk.WorkspaceAgentDevcontainer{testDC}, + []codersdk.WorkspaceAgentScript{{ID: testDC.ID, LogSourceID: uuid.New()}}, + ), + agentcontainers.WithSubAgentClient(fSAC), + agentcontainers.WithContainerCLI(fCCLI), + agentcontainers.WithDevcontainerCLI(fDCCLI), + agentcontainers.WithWatcher(watcher.NewNoop()), + ) + api.Start() + + fCCLI.containers = codersdk.WorkspaceAgentListContainersResponse{ + Containers: []codersdk.WorkspaceAgentContainer{testContainer}, + } + + // Given: We allow the dev container to be created. + fDCCLI.upID = testContainer.ID + fDCCLI.readConfig = agentcontainers.DevcontainerConfig{ + MergedConfiguration: agentcontainers.DevcontainerMergedConfiguration{ + Customizations: agentcontainers.DevcontainerMergedCustomizations{ + Coder: []agentcontainers.CoderCustomization{{ + Apps: []agentcontainers.SubAgentApp{ + {Slug: "zed", URL: prebuildAppURL}, + }, + }}, + }, + }, + } + + var readConfigEnvVars []string + testutil.RequireSend(ctx, t, fDCCLI.readConfigErrC, func(env []string) error { + readConfigEnvVars = env + return nil + }) + + // When: We create the dev container resource + err := api.CreateDevcontainer(testDC.WorkspaceFolder, testDC.ConfigPath) + require.NoError(t, err) + + require.Contains(t, readConfigEnvVars, "CODER_WORKSPACE_OWNER_NAME="+prebuildOwner) + require.Contains(t, readConfigEnvVars, "CODER_WORKSPACE_NAME="+prebuildWorkspace) + + // Then: We there to be only 1 agent. + require.Len(t, fSAC.agents, 1) + + // And: We expect only 1 agent to have been created. + require.Len(t, fSAC.created, 1) + firstAgent := fSAC.created[0] + + // And: We expect this agent to be the current agent. + _, found := fSAC.agents[firstAgent.ID] + require.True(t, found, "first agent expected to be current agent") + + // And: We expect there to be a single app. + require.Len(t, firstAgent.Apps, 1) + firstApp := firstAgent.Apps[0] + + // And: We expect this app to have the pre-claim URL. + require.Equal(t, prebuildAppURL, firstApp.URL) + + // Given: We now close the API + api.Close() + + // ============================================================= + // PHASE 2: User claims workspace, devcontainer should be reused + // ============================================================= + + // Given: We create a new claimed API + api = agentcontainers.NewAPI(logger, + // We want this second `agentcontainers.API` to have a manifest info + // that is consistent with what a claimed workspace would have. + agentcontainers.WithManifestInfo(userOwner, userWorkspace, "dev", "/home/coder"), + // Given: We start with a single dev container resource. + agentcontainers.WithDevcontainers( + []codersdk.WorkspaceAgentDevcontainer{testDC}, + []codersdk.WorkspaceAgentScript{{ID: testDC.ID, LogSourceID: uuid.New()}}, + ), + agentcontainers.WithSubAgentClient(fSAC), + agentcontainers.WithContainerCLI(fCCLI), + agentcontainers.WithDevcontainerCLI(fDCCLI), + agentcontainers.WithWatcher(watcher.NewNoop()), + ) + api.Start() + defer func() { + close(fDCCLI.readConfigErrC) + + api.Close() + }() + + // Given: We allow the dev container to be created. + fDCCLI.upID = testContainer.ID + fDCCLI.readConfig = agentcontainers.DevcontainerConfig{ + MergedConfiguration: agentcontainers.DevcontainerMergedConfiguration{ + Customizations: agentcontainers.DevcontainerMergedCustomizations{ + Coder: []agentcontainers.CoderCustomization{{ + Apps: []agentcontainers.SubAgentApp{ + {Slug: "zed", URL: userAppURL}, + }, + }}, + }, + }, + } + + testutil.RequireSend(ctx, t, fDCCLI.readConfigErrC, func(env []string) error { + readConfigEnvVars = env + return nil + }) + + // When: We create the dev container resource. + err = api.CreateDevcontainer(testDC.WorkspaceFolder, testDC.ConfigPath) + require.NoError(t, err) + + // Then: We expect the environment variables were passed correctly. + require.Contains(t, readConfigEnvVars, "CODER_WORKSPACE_OWNER_NAME="+userOwner) + require.Contains(t, readConfigEnvVars, "CODER_WORKSPACE_NAME="+userWorkspace) + + // And: We expect there to be only 1 agent. + require.Len(t, fSAC.agents, 1) + + // And: We expect _a separate agent_ to have been created. + require.Len(t, fSAC.created, 2) + secondAgent := fSAC.created[1] + + // And: We expect this new agent to be the current agent. + _, found = fSAC.agents[secondAgent.ID] + require.True(t, found, "second agent expected to be current agent") + + // And: We expect there to be a single app. + require.Len(t, secondAgent.Apps, 1) + secondApp := secondAgent.Apps[0] + + // And: We expect this app to have the post-claim URL. + require.Equal(t, userAppURL, secondApp.URL) +} diff --git a/agent/agentcontainers/containers_dockercli.go b/agent/agentcontainers/containers_dockercli.go index 83463481c97f7..58ca3901e2f23 100644 --- a/agent/agentcontainers/containers_dockercli.go +++ b/agent/agentcontainers/containers_dockercli.go @@ -311,6 +311,10 @@ func (dcli *dockerCLI) List(ctx context.Context) (codersdk.WorkspaceAgentListCon // container IDs and returns the parsed output. // The stderr output is also returned for logging purposes. func runDockerInspect(ctx context.Context, execer agentexec.Execer, ids ...string) (stdout, stderr []byte, err error) { + if ctx.Err() != nil { + // If the context is done, we don't want to run the command. + return []byte{}, []byte{}, ctx.Err() + } var stdoutBuf, stderrBuf bytes.Buffer cmd := execer.CommandContext(ctx, "docker", append([]string{"inspect"}, ids...)...) cmd.Stdout = &stdoutBuf @@ -319,6 +323,12 @@ func runDockerInspect(ctx context.Context, execer agentexec.Execer, ids ...strin stdout = bytes.TrimSpace(stdoutBuf.Bytes()) stderr = bytes.TrimSpace(stderrBuf.Bytes()) if err != nil { + if ctx.Err() != nil { + // If the context was canceled while running the command, + // return the context error instead of the command error, + // which is likely to be "signal: killed". + return stdout, stderr, ctx.Err() + } if bytes.Contains(stderr, []byte("No such object:")) { // This can happen if a container is deleted between the time we check for its existence and the time we inspect it. return stdout, stderr, nil diff --git a/agent/agentcontainers/containers_dockercli_test.go b/agent/agentcontainers/containers_dockercli_test.go index c69110a757bc7..3c299e353858d 100644 --- a/agent/agentcontainers/containers_dockercli_test.go +++ b/agent/agentcontainers/containers_dockercli_test.go @@ -55,11 +55,11 @@ func TestIntegrationDockerCLI(t *testing.T) { }, testutil.WaitShort, testutil.IntervalSlow, "Container did not start in time") dcli := agentcontainers.NewDockerCLI(agentexec.DefaultExecer) - ctx := testutil.Context(t, testutil.WaitMedium) // Longer timeout for multiple subtests containerName := strings.TrimPrefix(ct.Container.Name, "/") t.Run("DetectArchitecture", func(t *testing.T) { t.Parallel() + ctx := testutil.Context(t, testutil.WaitShort) arch, err := dcli.DetectArchitecture(ctx, containerName) require.NoError(t, err, "DetectArchitecture failed") @@ -71,6 +71,7 @@ func TestIntegrationDockerCLI(t *testing.T) { t.Run("Copy", func(t *testing.T) { t.Parallel() + ctx := testutil.Context(t, testutil.WaitShort) want := "Help, I'm trapped!" tempFile := filepath.Join(t.TempDir(), "test-file.txt") @@ -90,6 +91,7 @@ func TestIntegrationDockerCLI(t *testing.T) { t.Run("ExecAs", func(t *testing.T) { t.Parallel() + ctx := testutil.Context(t, testutil.WaitShort) // Test ExecAs without specifying user (should use container's default). want := "root" diff --git a/agent/agentcontainers/dcspec/gen.sh b/agent/agentcontainers/dcspec/gen.sh index 276cb24cb4123..056fd218fd247 100755 --- a/agent/agentcontainers/dcspec/gen.sh +++ b/agent/agentcontainers/dcspec/gen.sh @@ -61,7 +61,7 @@ fi exec 3>&- # Format the generated code. -go run mvdan.cc/gofumpt@v0.4.0 -w -l "${TMPDIR}/${DEST_FILENAME}" +go run mvdan.cc/gofumpt@v0.8.0 -w -l "${TMPDIR}/${DEST_FILENAME}" # Add a header so that Go recognizes this as a generated file. if grep -q -- "\[-i extension\]" < <(sed -h 2>&1); then diff --git a/agent/agentcontainers/devcontainer.go b/agent/agentcontainers/devcontainer.go index f13963d7b63d7..555e406e0b52c 100644 --- a/agent/agentcontainers/devcontainer.go +++ b/agent/agentcontainers/devcontainer.go @@ -2,10 +2,10 @@ package agentcontainers import ( "context" - "fmt" "os" "path/filepath" - "strings" + + "github.com/google/uuid" "cdr.dev/slog" "github.com/coder/coder/v2/codersdk" @@ -18,37 +18,25 @@ const ( // DevcontainerConfigFileLabel is the label that contains the path to // the devcontainer.json configuration file. DevcontainerConfigFileLabel = "devcontainer.config_file" + // DevcontainerIsTestRunLabel is set if the devcontainer is part of a test + // and should be excluded. + DevcontainerIsTestRunLabel = "devcontainer.is_test_run" // The default workspace folder inside the devcontainer. DevcontainerDefaultContainerWorkspaceFolder = "/workspaces" ) -const devcontainerUpScriptTemplate = ` -if ! which devcontainer > /dev/null 2>&1; then - echo "ERROR: Unable to start devcontainer, @devcontainers/cli is not installed or not found in \$PATH." 1>&2 - echo "Please install @devcontainers/cli by running \"npm install -g @devcontainers/cli\" or by using the \"devcontainers-cli\" Coder module." 1>&2 - exit 1 -fi -devcontainer up %s -` - -// ExtractAndInitializeDevcontainerScripts extracts devcontainer scripts from -// the given scripts and devcontainers. The devcontainer scripts are removed -// from the returned scripts so that they can be run separately. -// -// Dev Containers have an inherent dependency on start scripts, since they -// initialize the workspace (e.g. git clone, npm install, etc). This is -// important if e.g. a Coder module to install @devcontainer/cli is used. -func ExtractAndInitializeDevcontainerScripts( +func ExtractDevcontainerScripts( devcontainers []codersdk.WorkspaceAgentDevcontainer, scripts []codersdk.WorkspaceAgentScript, -) (filteredScripts []codersdk.WorkspaceAgentScript, devcontainerScripts []codersdk.WorkspaceAgentScript) { +) (filteredScripts []codersdk.WorkspaceAgentScript, devcontainerScripts map[uuid.UUID]codersdk.WorkspaceAgentScript) { + devcontainerScripts = make(map[uuid.UUID]codersdk.WorkspaceAgentScript) ScriptLoop: for _, script := range scripts { for _, dc := range devcontainers { // The devcontainer scripts match the devcontainer ID for // identification. if script.ID == dc.ID { - devcontainerScripts = append(devcontainerScripts, devcontainerStartupScript(dc, script)) + devcontainerScripts[dc.ID] = script continue ScriptLoop } } @@ -59,24 +47,6 @@ ScriptLoop: return filteredScripts, devcontainerScripts } -func devcontainerStartupScript(dc codersdk.WorkspaceAgentDevcontainer, script codersdk.WorkspaceAgentScript) codersdk.WorkspaceAgentScript { - args := []string{ - "--log-format json", - fmt.Sprintf("--workspace-folder %q", dc.WorkspaceFolder), - } - if dc.ConfigPath != "" { - args = append(args, fmt.Sprintf("--config %q", dc.ConfigPath)) - } - cmd := fmt.Sprintf(devcontainerUpScriptTemplate, strings.Join(args, " ")) - // Force the script to run in /bin/sh, since some shells (e.g. fish) - // don't support the script. - script.Script = fmt.Sprintf("/bin/sh -c '%s'", cmd) - // Disable RunOnStart, scripts have this set so that when devcontainers - // have not been enabled, a warning will be surfaced in the agent logs. - script.RunOnStart = false - return script -} - // ExpandAllDevcontainerPaths expands all devcontainer paths in the given // devcontainers. This is required by the devcontainer CLI, which requires // absolute paths for the workspace folder and config path. diff --git a/agent/agentcontainers/devcontainer_test.go b/agent/agentcontainers/devcontainer_test.go deleted file mode 100644 index b20c943175821..0000000000000 --- a/agent/agentcontainers/devcontainer_test.go +++ /dev/null @@ -1,274 +0,0 @@ -package agentcontainers_test - -import ( - "path/filepath" - "strings" - "testing" - - "github.com/google/go-cmp/cmp" - "github.com/google/go-cmp/cmp/cmpopts" - "github.com/google/uuid" - "github.com/stretchr/testify/require" - - "cdr.dev/slog/sloggers/slogtest" - "github.com/coder/coder/v2/agent/agentcontainers" - "github.com/coder/coder/v2/codersdk" -) - -func TestExtractAndInitializeDevcontainerScripts(t *testing.T) { - t.Parallel() - - scriptIDs := []uuid.UUID{uuid.New(), uuid.New()} - devcontainerIDs := []uuid.UUID{uuid.New(), uuid.New()} - - type args struct { - expandPath func(string) (string, error) - devcontainers []codersdk.WorkspaceAgentDevcontainer - scripts []codersdk.WorkspaceAgentScript - } - tests := []struct { - name string - args args - wantFilteredScripts []codersdk.WorkspaceAgentScript - wantDevcontainerScripts []codersdk.WorkspaceAgentScript - - skipOnWindowsDueToPathSeparator bool - }{ - { - name: "no scripts", - args: args{ - expandPath: nil, - devcontainers: nil, - scripts: nil, - }, - wantFilteredScripts: nil, - wantDevcontainerScripts: nil, - }, - { - name: "no devcontainers", - args: args{ - expandPath: nil, - devcontainers: nil, - scripts: []codersdk.WorkspaceAgentScript{ - {ID: scriptIDs[0]}, - {ID: scriptIDs[1]}, - }, - }, - wantFilteredScripts: []codersdk.WorkspaceAgentScript{ - {ID: scriptIDs[0]}, - {ID: scriptIDs[1]}, - }, - wantDevcontainerScripts: nil, - }, - { - name: "no scripts match devcontainers", - args: args{ - expandPath: nil, - devcontainers: []codersdk.WorkspaceAgentDevcontainer{ - {ID: devcontainerIDs[0]}, - {ID: devcontainerIDs[1]}, - }, - scripts: []codersdk.WorkspaceAgentScript{ - {ID: scriptIDs[0]}, - {ID: scriptIDs[1]}, - }, - }, - wantFilteredScripts: []codersdk.WorkspaceAgentScript{ - {ID: scriptIDs[0]}, - {ID: scriptIDs[1]}, - }, - wantDevcontainerScripts: nil, - }, - { - name: "scripts match devcontainers and sets RunOnStart=false", - args: args{ - expandPath: nil, - devcontainers: []codersdk.WorkspaceAgentDevcontainer{ - {ID: devcontainerIDs[0], WorkspaceFolder: "workspace1"}, - {ID: devcontainerIDs[1], WorkspaceFolder: "workspace2"}, - }, - scripts: []codersdk.WorkspaceAgentScript{ - {ID: scriptIDs[0], RunOnStart: true}, - {ID: scriptIDs[1], RunOnStart: true}, - {ID: devcontainerIDs[0], RunOnStart: true}, - {ID: devcontainerIDs[1], RunOnStart: true}, - }, - }, - wantFilteredScripts: []codersdk.WorkspaceAgentScript{ - {ID: scriptIDs[0], RunOnStart: true}, - {ID: scriptIDs[1], RunOnStart: true}, - }, - wantDevcontainerScripts: []codersdk.WorkspaceAgentScript{ - { - ID: devcontainerIDs[0], - Script: "devcontainer up --log-format json --workspace-folder \"workspace1\"", - RunOnStart: false, - }, - { - ID: devcontainerIDs[1], - Script: "devcontainer up --log-format json --workspace-folder \"workspace2\"", - RunOnStart: false, - }, - }, - }, - { - name: "scripts match devcontainers with config path", - args: args{ - expandPath: nil, - devcontainers: []codersdk.WorkspaceAgentDevcontainer{ - { - ID: devcontainerIDs[0], - WorkspaceFolder: "workspace1", - ConfigPath: "config1", - }, - { - ID: devcontainerIDs[1], - WorkspaceFolder: "workspace2", - ConfigPath: "config2", - }, - }, - scripts: []codersdk.WorkspaceAgentScript{ - {ID: devcontainerIDs[0]}, - {ID: devcontainerIDs[1]}, - }, - }, - wantFilteredScripts: []codersdk.WorkspaceAgentScript{}, - wantDevcontainerScripts: []codersdk.WorkspaceAgentScript{ - { - ID: devcontainerIDs[0], - Script: "devcontainer up --log-format json --workspace-folder \"workspace1\" --config \"workspace1/config1\"", - RunOnStart: false, - }, - { - ID: devcontainerIDs[1], - Script: "devcontainer up --log-format json --workspace-folder \"workspace2\" --config \"workspace2/config2\"", - RunOnStart: false, - }, - }, - skipOnWindowsDueToPathSeparator: true, - }, - { - name: "scripts match devcontainers with expand path", - args: args{ - expandPath: func(s string) (string, error) { - return "/home/" + s, nil - }, - devcontainers: []codersdk.WorkspaceAgentDevcontainer{ - { - ID: devcontainerIDs[0], - WorkspaceFolder: "workspace1", - ConfigPath: "config1", - }, - { - ID: devcontainerIDs[1], - WorkspaceFolder: "workspace2", - ConfigPath: "config2", - }, - }, - scripts: []codersdk.WorkspaceAgentScript{ - {ID: devcontainerIDs[0], RunOnStart: true}, - {ID: devcontainerIDs[1], RunOnStart: true}, - }, - }, - wantFilteredScripts: []codersdk.WorkspaceAgentScript{}, - wantDevcontainerScripts: []codersdk.WorkspaceAgentScript{ - { - ID: devcontainerIDs[0], - Script: "devcontainer up --log-format json --workspace-folder \"/home/workspace1\" --config \"/home/workspace1/config1\"", - RunOnStart: false, - }, - { - ID: devcontainerIDs[1], - Script: "devcontainer up --log-format json --workspace-folder \"/home/workspace2\" --config \"/home/workspace2/config2\"", - RunOnStart: false, - }, - }, - skipOnWindowsDueToPathSeparator: true, - }, - { - name: "expand config path when ~", - args: args{ - expandPath: func(s string) (string, error) { - s = strings.Replace(s, "~/", "", 1) - if filepath.IsAbs(s) { - return s, nil - } - return "/home/" + s, nil - }, - devcontainers: []codersdk.WorkspaceAgentDevcontainer{ - { - ID: devcontainerIDs[0], - WorkspaceFolder: "workspace1", - ConfigPath: "~/config1", - }, - { - ID: devcontainerIDs[1], - WorkspaceFolder: "workspace2", - ConfigPath: "/config2", - }, - }, - scripts: []codersdk.WorkspaceAgentScript{ - {ID: devcontainerIDs[0], RunOnStart: true}, - {ID: devcontainerIDs[1], RunOnStart: true}, - }, - }, - wantFilteredScripts: []codersdk.WorkspaceAgentScript{}, - wantDevcontainerScripts: []codersdk.WorkspaceAgentScript{ - { - ID: devcontainerIDs[0], - Script: "devcontainer up --log-format json --workspace-folder \"/home/workspace1\" --config \"/home/config1\"", - RunOnStart: false, - }, - { - ID: devcontainerIDs[1], - Script: "devcontainer up --log-format json --workspace-folder \"/home/workspace2\" --config \"/config2\"", - RunOnStart: false, - }, - }, - skipOnWindowsDueToPathSeparator: true, - }, - } - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - t.Parallel() - if tt.skipOnWindowsDueToPathSeparator && filepath.Separator == '\\' { - t.Skip("Skipping test on Windows due to path separator difference.") - } - - logger := slogtest.Make(t, nil) - if tt.args.expandPath == nil { - tt.args.expandPath = func(s string) (string, error) { - return s, nil - } - } - gotFilteredScripts, gotDevcontainerScripts := agentcontainers.ExtractAndInitializeDevcontainerScripts( - agentcontainers.ExpandAllDevcontainerPaths(logger, tt.args.expandPath, tt.args.devcontainers), - tt.args.scripts, - ) - - if diff := cmp.Diff(tt.wantFilteredScripts, gotFilteredScripts, cmpopts.EquateEmpty()); diff != "" { - t.Errorf("ExtractAndInitializeDevcontainerScripts() gotFilteredScripts mismatch (-want +got):\n%s", diff) - } - - // Preprocess the devcontainer scripts to remove scripting part. - for i := range gotDevcontainerScripts { - gotDevcontainerScripts[i].Script = textGrep("devcontainer up", gotDevcontainerScripts[i].Script) - require.NotEmpty(t, gotDevcontainerScripts[i].Script, "devcontainer up script not found") - } - if diff := cmp.Diff(tt.wantDevcontainerScripts, gotDevcontainerScripts); diff != "" { - t.Errorf("ExtractAndInitializeDevcontainerScripts() gotDevcontainerScripts mismatch (-want +got):\n%s", diff) - } - }) - } -} - -// textGrep returns matching lines from multiline string. -func textGrep(want, got string) (filtered string) { - var lines []string - for _, line := range strings.Split(got, "\n") { - if strings.Contains(line, want) { - lines = append(lines, line) - } - } - return strings.Join(lines, "\n") -} diff --git a/agent/agentcontainers/devcontainercli.go b/agent/agentcontainers/devcontainercli.go index e87c3362c6e54..2242e62f602e8 100644 --- a/agent/agentcontainers/devcontainercli.go +++ b/agent/agentcontainers/devcontainercli.go @@ -6,8 +6,10 @@ import ( "context" "encoding/json" "errors" + "fmt" "io" - "os" + "slices" + "strings" "golang.org/x/xerrors" @@ -27,12 +29,55 @@ type DevcontainerConfig struct { type DevcontainerMergedConfiguration struct { Customizations DevcontainerMergedCustomizations `json:"customizations,omitempty"` + Features DevcontainerFeatures `json:"features,omitempty"` } type DevcontainerMergedCustomizations struct { Coder []CoderCustomization `json:"coder,omitempty"` } +type DevcontainerFeatures map[string]any + +// OptionsAsEnvs converts the DevcontainerFeatures into a list of +// environment variables that can be used to set feature options. +// The format is FEATURE__OPTION_=. +// For example, if the feature is: +// +// "ghcr.io/coder/devcontainer-features/code-server:1": { +// "port": 9090, +// } +// +// It will produce: +// +// FEATURE_CODE_SERVER_OPTION_PORT=9090 +// +// Note that the feature name is derived from the last part of the key, +// so "ghcr.io/coder/devcontainer-features/code-server:1" becomes +// "CODE_SERVER". The version part (e.g. ":1") is removed, and dashes in +// the feature and option names are replaced with underscores. +func (f DevcontainerFeatures) OptionsAsEnvs() []string { + var env []string + for k, v := range f { + vv, ok := v.(map[string]any) + if !ok { + continue + } + // Take the last part of the key as the feature name/path. + k = k[strings.LastIndex(k, "/")+1:] + // Remove ":" and anything following it. + if idx := strings.Index(k, ":"); idx != -1 { + k = k[:idx] + } + k = strings.ReplaceAll(k, "-", "_") + for k2, v2 := range vv { + k2 = strings.ReplaceAll(k2, "-", "_") + env = append(env, fmt.Sprintf("FEATURE_%s_OPTION_%s=%s", strings.ToUpper(k), strings.ToUpper(k2), fmt.Sprintf("%v", v2))) + } + } + slices.Sort(env) + return env +} + type DevcontainerConfiguration struct { Customizations DevcontainerCustomizations `json:"customizations,omitempty"` } @@ -45,6 +90,8 @@ type CoderCustomization struct { DisplayApps map[codersdk.DisplayApp]bool `json:"displayApps,omitempty"` Apps []SubAgentApp `json:"apps,omitempty"` Name string `json:"name,omitempty"` + Ignore bool `json:"ignore,omitempty"` + AutoStart bool `json:"autoStart,omitempty"` } type DevcontainerWorkspace struct { @@ -60,63 +107,63 @@ type DevcontainerCLI interface { // DevcontainerCLIUpOptions are options for the devcontainer CLI Up // command. -type DevcontainerCLIUpOptions func(*devcontainerCLIUpConfig) +type DevcontainerCLIUpOptions func(*DevcontainerCLIUpConfig) -type devcontainerCLIUpConfig struct { - args []string // Additional arguments for the Up command. - stdout io.Writer - stderr io.Writer +type DevcontainerCLIUpConfig struct { + Args []string // Additional arguments for the Up command. + Stdout io.Writer + Stderr io.Writer } // WithRemoveExistingContainer is an option to remove the existing // container. func WithRemoveExistingContainer() DevcontainerCLIUpOptions { - return func(o *devcontainerCLIUpConfig) { - o.args = append(o.args, "--remove-existing-container") + return func(o *DevcontainerCLIUpConfig) { + o.Args = append(o.Args, "--remove-existing-container") } } // WithUpOutput sets additional stdout and stderr writers for logs // during Up operations. func WithUpOutput(stdout, stderr io.Writer) DevcontainerCLIUpOptions { - return func(o *devcontainerCLIUpConfig) { - o.stdout = stdout - o.stderr = stderr + return func(o *DevcontainerCLIUpConfig) { + o.Stdout = stdout + o.Stderr = stderr } } // DevcontainerCLIExecOptions are options for the devcontainer CLI Exec // command. -type DevcontainerCLIExecOptions func(*devcontainerCLIExecConfig) +type DevcontainerCLIExecOptions func(*DevcontainerCLIExecConfig) -type devcontainerCLIExecConfig struct { - args []string // Additional arguments for the Exec command. - stdout io.Writer - stderr io.Writer +type DevcontainerCLIExecConfig struct { + Args []string // Additional arguments for the Exec command. + Stdout io.Writer + Stderr io.Writer } // WithExecOutput sets additional stdout and stderr writers for logs // during Exec operations. func WithExecOutput(stdout, stderr io.Writer) DevcontainerCLIExecOptions { - return func(o *devcontainerCLIExecConfig) { - o.stdout = stdout - o.stderr = stderr + return func(o *DevcontainerCLIExecConfig) { + o.Stdout = stdout + o.Stderr = stderr } } // WithExecContainerID sets the container ID to target a specific // container. func WithExecContainerID(id string) DevcontainerCLIExecOptions { - return func(o *devcontainerCLIExecConfig) { - o.args = append(o.args, "--container-id", id) + return func(o *DevcontainerCLIExecConfig) { + o.Args = append(o.Args, "--container-id", id) } } // WithRemoteEnv sets environment variables for the Exec command. func WithRemoteEnv(env ...string) DevcontainerCLIExecOptions { - return func(o *devcontainerCLIExecConfig) { + return func(o *DevcontainerCLIExecConfig) { for _, e := range env { - o.args = append(o.args, "--remote-env", e) + o.Args = append(o.Args, "--remote-env", e) } } } @@ -139,8 +186,8 @@ func WithReadConfigOutput(stdout, stderr io.Writer) DevcontainerCLIReadConfigOpt } } -func applyDevcontainerCLIUpOptions(opts []DevcontainerCLIUpOptions) devcontainerCLIUpConfig { - conf := devcontainerCLIUpConfig{} +func applyDevcontainerCLIUpOptions(opts []DevcontainerCLIUpOptions) DevcontainerCLIUpConfig { + conf := DevcontainerCLIUpConfig{Stdout: io.Discard, Stderr: io.Discard} for _, opt := range opts { if opt != nil { opt(&conf) @@ -149,8 +196,8 @@ func applyDevcontainerCLIUpOptions(opts []DevcontainerCLIUpOptions) devcontainer return conf } -func applyDevcontainerCLIExecOptions(opts []DevcontainerCLIExecOptions) devcontainerCLIExecConfig { - conf := devcontainerCLIExecConfig{} +func applyDevcontainerCLIExecOptions(opts []DevcontainerCLIExecOptions) DevcontainerCLIExecConfig { + conf := DevcontainerCLIExecConfig{Stdout: io.Discard, Stderr: io.Discard} for _, opt := range opts { if opt != nil { opt(&conf) @@ -160,7 +207,7 @@ func applyDevcontainerCLIExecOptions(opts []DevcontainerCLIExecOptions) devconta } func applyDevcontainerCLIReadConfigOptions(opts []DevcontainerCLIReadConfigOptions) devcontainerCLIReadConfigConfig { - conf := devcontainerCLIReadConfigConfig{} + conf := devcontainerCLIReadConfigConfig{stdout: io.Discard, stderr: io.Discard} for _, opt := range opts { if opt != nil { opt(&conf) @@ -195,22 +242,25 @@ func (d *devcontainerCLI) Up(ctx context.Context, workspaceFolder, configPath st if configPath != "" { args = append(args, "--config", configPath) } - args = append(args, conf.args...) + args = append(args, conf.Args...) cmd := d.execer.CommandContext(ctx, "devcontainer", args...) // Capture stdout for parsing and stream logs for both default and provided writers. var stdoutBuf bytes.Buffer - stdoutWriters := []io.Writer{&stdoutBuf, &devcontainerCLILogWriter{ctx: ctx, logger: logger.With(slog.F("stdout", true))}} - if conf.stdout != nil { - stdoutWriters = append(stdoutWriters, conf.stdout) - } - cmd.Stdout = io.MultiWriter(stdoutWriters...) + cmd.Stdout = io.MultiWriter( + &stdoutBuf, + &devcontainerCLILogWriter{ + ctx: ctx, + logger: logger.With(slog.F("stdout", true)), + writer: conf.Stdout, + }, + ) // Stream stderr logs and provided writer if any. - stderrWriters := []io.Writer{&devcontainerCLILogWriter{ctx: ctx, logger: logger.With(slog.F("stderr", true))}} - if conf.stderr != nil { - stderrWriters = append(stderrWriters, conf.stderr) + cmd.Stderr = &devcontainerCLILogWriter{ + ctx: ctx, + logger: logger.With(slog.F("stderr", true)), + writer: conf.Stderr, } - cmd.Stderr = io.MultiWriter(stderrWriters...) if err := cmd.Run(); err != nil { _, err2 := parseDevcontainerCLILastLine[devcontainerCLIResult](ctx, logger, stdoutBuf.Bytes()) @@ -244,21 +294,21 @@ func (d *devcontainerCLI) Exec(ctx context.Context, workspaceFolder, configPath if configPath != "" { args = append(args, "--config", configPath) } - args = append(args, conf.args...) + args = append(args, conf.Args...) args = append(args, cmd) args = append(args, cmdArgs...) c := d.execer.CommandContext(ctx, "devcontainer", args...) - stdoutWriters := []io.Writer{&devcontainerCLILogWriter{ctx: ctx, logger: logger.With(slog.F("stdout", true))}} - if conf.stdout != nil { - stdoutWriters = append(stdoutWriters, conf.stdout) - } - c.Stdout = io.MultiWriter(stdoutWriters...) - stderrWriters := []io.Writer{&devcontainerCLILogWriter{ctx: ctx, logger: logger.With(slog.F("stderr", true))}} - if conf.stderr != nil { - stderrWriters = append(stderrWriters, conf.stderr) - } - c.Stderr = io.MultiWriter(stderrWriters...) + c.Stdout = io.MultiWriter(conf.Stdout, &devcontainerCLILogWriter{ + ctx: ctx, + logger: logger.With(slog.F("stdout", true)), + writer: io.Discard, + }) + c.Stderr = io.MultiWriter(conf.Stderr, &devcontainerCLILogWriter{ + ctx: ctx, + logger: logger.With(slog.F("stderr", true)), + writer: io.Discard, + }) if err := c.Run(); err != nil { return xerrors.Errorf("devcontainer exec failed: %w", err) @@ -280,20 +330,22 @@ func (d *devcontainerCLI) ReadConfig(ctx context.Context, workspaceFolder, confi } c := d.execer.CommandContext(ctx, "devcontainer", args...) - c.Env = append(c.Env, "PATH="+os.Getenv("PATH")) c.Env = append(c.Env, env...) var stdoutBuf bytes.Buffer - stdoutWriters := []io.Writer{&stdoutBuf, &devcontainerCLILogWriter{ctx: ctx, logger: logger.With(slog.F("stdout", true))}} - if conf.stdout != nil { - stdoutWriters = append(stdoutWriters, conf.stdout) + c.Stdout = io.MultiWriter( + &stdoutBuf, + &devcontainerCLILogWriter{ + ctx: ctx, + logger: logger.With(slog.F("stdout", true)), + writer: conf.stdout, + }, + ) + c.Stderr = &devcontainerCLILogWriter{ + ctx: ctx, + logger: logger.With(slog.F("stderr", true)), + writer: conf.stderr, } - c.Stdout = io.MultiWriter(stdoutWriters...) - stderrWriters := []io.Writer{&devcontainerCLILogWriter{ctx: ctx, logger: logger.With(slog.F("stderr", true))}} - if conf.stderr != nil { - stderrWriters = append(stderrWriters, conf.stderr) - } - c.Stderr = io.MultiWriter(stderrWriters...) if err := c.Run(); err != nil { return DevcontainerConfig{}, xerrors.Errorf("devcontainer read-configuration failed: %w", err) @@ -386,6 +438,7 @@ type devcontainerCLIJSONLogLine struct { type devcontainerCLILogWriter struct { ctx context.Context logger slog.Logger + writer io.Writer } func (l *devcontainerCLILogWriter) Write(p []byte) (n int, err error) { @@ -406,8 +459,20 @@ func (l *devcontainerCLILogWriter) Write(p []byte) (n int, err error) { } if logLine.Level >= 3 { l.logger.Info(l.ctx, "@devcontainer/cli", slog.F("line", string(line))) + _, _ = l.writer.Write([]byte(strings.TrimSpace(logLine.Text) + "\n")) continue } + // If we've successfully parsed the final log line, it will successfully parse + // but will not fill out any of the fields for `logLine`. In this scenario we + // assume it is the final log line, unmarshal it as that, and check if the + // outcome is a non-empty string. + if logLine.Level == 0 { + var lastLine devcontainerCLIResult + if err := json.Unmarshal(line, &lastLine); err == nil && lastLine.Outcome != "" { + _, _ = l.writer.Write(line) + _, _ = l.writer.Write([]byte{'\n'}) + } + } l.logger.Debug(l.ctx, "@devcontainer/cli", slog.F("line", string(line))) } if err := s.Err(); err != nil { diff --git a/agent/agentcontainers/devcontainercli_test.go b/agent/agentcontainers/devcontainercli_test.go index 821e6e8f95e76..e3f0445751eb7 100644 --- a/agent/agentcontainers/devcontainercli_test.go +++ b/agent/agentcontainers/devcontainercli_test.go @@ -3,6 +3,7 @@ package agentcontainers_test import ( "bytes" "context" + "encoding/json" "errors" "flag" "fmt" @@ -10,9 +11,11 @@ import ( "os" "os/exec" "path/filepath" + "runtime" "strings" "testing" + "github.com/google/go-cmp/cmp" "github.com/ory/dockertest/v3" "github.com/ory/dockertest/v3/docker" "github.com/stretchr/testify/assert" @@ -341,6 +344,10 @@ func TestDevcontainerCLI_WithOutput(t *testing.T) { t.Run("Up", func(t *testing.T) { t.Parallel() + if runtime.GOOS == "windows" { + t.Skip("Windows uses CRLF line endings, golden file is LF") + } + // Buffers to capture stdout and stderr. outBuf := &bytes.Buffer{} errBuf := &bytes.Buffer{} @@ -363,7 +370,7 @@ func TestDevcontainerCLI_WithOutput(t *testing.T) { require.NotEmpty(t, containerID, "expected non-empty container ID") // Read expected log content. - expLog, err := os.ReadFile(filepath.Join("testdata", "devcontainercli", "parse", "up.log")) + expLog, err := os.ReadFile(filepath.Join("testdata", "devcontainercli", "parse", "up.golden")) require.NoError(t, err, "reading expected log file") // Verify stdout buffer contains the CLI logs and stderr is empty. @@ -586,7 +593,7 @@ func setupDevcontainerWorkspace(t *testing.T, workspaceFolder string) string { "containerEnv": { "TEST_CONTAINER": "true" }, - "runArgs": ["--label", "com.coder.test=devcontainercli"] + "runArgs": ["--label=com.coder.test=devcontainercli", "--label=` + agentcontainers.DevcontainerIsTestRunLabel + `=true"] }` err = os.WriteFile(configPath, []byte(content), 0o600) require.NoError(t, err, "create devcontainer.json file") @@ -637,3 +644,107 @@ func removeDevcontainerByID(t *testing.T, pool *dockertest.Pool, id string) { assert.NoError(t, err, "remove container failed") } } + +func TestDevcontainerFeatures_OptionsAsEnvs(t *testing.T) { + t.Parallel() + + realConfigJSON := `{ + "mergedConfiguration": { + "features": { + "./code-server": { + "port": 9090 + }, + "ghcr.io/devcontainers/features/docker-in-docker:2": { + "moby": "false" + } + } + } + }` + var realConfig agentcontainers.DevcontainerConfig + err := json.Unmarshal([]byte(realConfigJSON), &realConfig) + require.NoError(t, err, "unmarshal JSON payload") + + tests := []struct { + name string + features agentcontainers.DevcontainerFeatures + want []string + }{ + { + name: "code-server feature", + features: agentcontainers.DevcontainerFeatures{ + "./code-server": map[string]any{ + "port": 9090, + }, + }, + want: []string{ + "FEATURE_CODE_SERVER_OPTION_PORT=9090", + }, + }, + { + name: "docker-in-docker feature", + features: agentcontainers.DevcontainerFeatures{ + "ghcr.io/devcontainers/features/docker-in-docker:2": map[string]any{ + "moby": "false", + }, + }, + want: []string{ + "FEATURE_DOCKER_IN_DOCKER_OPTION_MOBY=false", + }, + }, + { + name: "multiple features with multiple options", + features: agentcontainers.DevcontainerFeatures{ + "./code-server": map[string]any{ + "port": 9090, + "password": "secret", + }, + "ghcr.io/devcontainers/features/docker-in-docker:2": map[string]any{ + "moby": "false", + "docker-dash-compose-version": "v2", + }, + }, + want: []string{ + "FEATURE_CODE_SERVER_OPTION_PASSWORD=secret", + "FEATURE_CODE_SERVER_OPTION_PORT=9090", + "FEATURE_DOCKER_IN_DOCKER_OPTION_DOCKER_DASH_COMPOSE_VERSION=v2", + "FEATURE_DOCKER_IN_DOCKER_OPTION_MOBY=false", + }, + }, + { + name: "feature with non-map value (should be ignored)", + features: agentcontainers.DevcontainerFeatures{ + "./code-server": map[string]any{ + "port": 9090, + }, + "./invalid-feature": "not-a-map", + }, + want: []string{ + "FEATURE_CODE_SERVER_OPTION_PORT=9090", + }, + }, + { + name: "real config example", + features: realConfig.MergedConfiguration.Features, + want: []string{ + "FEATURE_CODE_SERVER_OPTION_PORT=9090", + "FEATURE_DOCKER_IN_DOCKER_OPTION_MOBY=false", + }, + }, + { + name: "empty features", + features: agentcontainers.DevcontainerFeatures{}, + want: nil, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + + got := tt.features.OptionsAsEnvs() + if diff := cmp.Diff(tt.want, got); diff != "" { + require.Failf(t, "OptionsAsEnvs() mismatch (-want +got):\n%s", diff) + } + }) + } +} diff --git a/agent/agentcontainers/execer.go b/agent/agentcontainers/execer.go new file mode 100644 index 0000000000000..323401f34ca81 --- /dev/null +++ b/agent/agentcontainers/execer.go @@ -0,0 +1,80 @@ +package agentcontainers + +import ( + "context" + "fmt" + "os/exec" + "runtime" + "strings" + + "cdr.dev/slog" + "github.com/coder/coder/v2/agent/agentexec" + "github.com/coder/coder/v2/agent/usershell" + "github.com/coder/coder/v2/pty" +) + +// CommandEnv is a function that returns the shell, working directory, +// and environment variables to use when executing a command. It takes +// an EnvInfoer and a pre-existing environment slice as arguments. +// This signature matches agentssh.Server.CommandEnv. +type CommandEnv func(ei usershell.EnvInfoer, addEnv []string) (shell, dir string, env []string, err error) + +// commandEnvExecer is an agentexec.Execer that uses a CommandEnv to +// determine the shell, working directory, and environment variables +// for commands. It wraps another agentexec.Execer to provide the +// necessary context. +type commandEnvExecer struct { + logger slog.Logger + commandEnv CommandEnv + execer agentexec.Execer +} + +func newCommandEnvExecer( + logger slog.Logger, + commandEnv CommandEnv, + execer agentexec.Execer, +) *commandEnvExecer { + return &commandEnvExecer{ + logger: logger, + commandEnv: commandEnv, + execer: execer, + } +} + +// Ensure commandEnvExecer implements agentexec.Execer. +var _ agentexec.Execer = (*commandEnvExecer)(nil) + +func (e *commandEnvExecer) prepare(ctx context.Context, inName string, inArgs ...string) (name string, args []string, dir string, env []string) { + shell, dir, env, err := e.commandEnv(nil, nil) + if err != nil { + e.logger.Error(ctx, "get command environment failed", slog.Error(err)) + return inName, inArgs, "", nil + } + + caller := "-c" + if runtime.GOOS == "windows" { + caller = "/c" + } + name = shell + for _, arg := range append([]string{inName}, inArgs...) { + args = append(args, fmt.Sprintf("%q", arg)) + } + args = []string{caller, strings.Join(args, " ")} + return name, args, dir, env +} + +func (e *commandEnvExecer) CommandContext(ctx context.Context, cmd string, args ...string) *exec.Cmd { + name, args, dir, env := e.prepare(ctx, cmd, args...) + c := e.execer.CommandContext(ctx, name, args...) + c.Dir = dir + c.Env = env + return c +} + +func (e *commandEnvExecer) PTYCommandContext(ctx context.Context, cmd string, args ...string) *pty.Cmd { + name, args, dir, env := e.prepare(ctx, cmd, args...) + c := e.execer.PTYCommandContext(ctx, name, args...) + c.Dir = dir + c.Env = env + return c +} diff --git a/agent/agentcontainers/ignore/dir.go b/agent/agentcontainers/ignore/dir.go new file mode 100644 index 0000000000000..d97e2ef2235a3 --- /dev/null +++ b/agent/agentcontainers/ignore/dir.go @@ -0,0 +1,124 @@ +package ignore + +import ( + "bytes" + "context" + "errors" + "io/fs" + "os" + "path/filepath" + "strings" + + "github.com/go-git/go-git/v5/plumbing/format/config" + "github.com/go-git/go-git/v5/plumbing/format/gitignore" + "github.com/spf13/afero" + "golang.org/x/xerrors" + + "cdr.dev/slog" +) + +const ( + gitconfigFile = ".gitconfig" + gitignoreFile = ".gitignore" + gitInfoExcludeFile = ".git/info/exclude" +) + +func FilePathToParts(path string) []string { + components := []string{} + + if path == "" { + return components + } + + for segment := range strings.SplitSeq(filepath.Clean(path), string(filepath.Separator)) { + if segment != "" { + components = append(components, segment) + } + } + + return components +} + +func readIgnoreFile(fileSystem afero.Fs, path, ignore string) ([]gitignore.Pattern, error) { + var ps []gitignore.Pattern + + data, err := afero.ReadFile(fileSystem, filepath.Join(path, ignore)) + if err != nil && !errors.Is(err, os.ErrNotExist) { + return nil, err + } + + for s := range strings.SplitSeq(string(data), "\n") { + if !strings.HasPrefix(s, "#") && len(strings.TrimSpace(s)) > 0 { + ps = append(ps, gitignore.ParsePattern(s, FilePathToParts(path))) + } + } + + return ps, nil +} + +func ReadPatterns(ctx context.Context, logger slog.Logger, fileSystem afero.Fs, path string) ([]gitignore.Pattern, error) { + var ps []gitignore.Pattern + + subPs, err := readIgnoreFile(fileSystem, path, gitInfoExcludeFile) + if err != nil { + return nil, err + } + + ps = append(ps, subPs...) + + if err := afero.Walk(fileSystem, path, func(path string, info fs.FileInfo, err error) error { + if err != nil { + logger.Error(ctx, "encountered error while walking for git ignore files", + slog.F("path", path), + slog.Error(err)) + return nil + } + + if !info.IsDir() { + return nil + } + + subPs, err := readIgnoreFile(fileSystem, path, gitignoreFile) + if err != nil { + return err + } + + ps = append(ps, subPs...) + + return nil + }); err != nil { + return nil, err + } + + return ps, nil +} + +func loadPatterns(fileSystem afero.Fs, path string) ([]gitignore.Pattern, error) { + data, err := afero.ReadFile(fileSystem, path) + if err != nil && !errors.Is(err, os.ErrNotExist) { + return nil, err + } + + decoder := config.NewDecoder(bytes.NewBuffer(data)) + + conf := config.New() + if err := decoder.Decode(conf); err != nil { + return nil, xerrors.Errorf("decode config: %w", err) + } + + excludes := conf.Section("core").Options.Get("excludesfile") + if excludes == "" { + return nil, nil + } + + return readIgnoreFile(fileSystem, "", excludes) +} + +func LoadGlobalPatterns(fileSystem afero.Fs) ([]gitignore.Pattern, error) { + home, err := os.UserHomeDir() + if err != nil { + return nil, err + } + + return loadPatterns(fileSystem, filepath.Join(home, gitconfigFile)) +} diff --git a/agent/agentcontainers/ignore/dir_test.go b/agent/agentcontainers/ignore/dir_test.go new file mode 100644 index 0000000000000..2af54cf63930d --- /dev/null +++ b/agent/agentcontainers/ignore/dir_test.go @@ -0,0 +1,38 @@ +package ignore_test + +import ( + "fmt" + "testing" + + "github.com/stretchr/testify/require" + + "github.com/coder/coder/v2/agent/agentcontainers/ignore" +) + +func TestFilePathToParts(t *testing.T) { + t.Parallel() + + tests := []struct { + path string + expected []string + }{ + {"", []string{}}, + {"/", []string{}}, + {"foo", []string{"foo"}}, + {"/foo", []string{"foo"}}, + {"./foo/bar", []string{"foo", "bar"}}, + {"../foo/bar", []string{"..", "foo", "bar"}}, + {"foo/bar/baz", []string{"foo", "bar", "baz"}}, + {"/foo/bar/baz", []string{"foo", "bar", "baz"}}, + {"foo/../bar", []string{"bar"}}, + } + + for _, tt := range tests { + t.Run(fmt.Sprintf("`%s`", tt.path), func(t *testing.T) { + t.Parallel() + + parts := ignore.FilePathToParts(tt.path) + require.Equal(t, tt.expected, parts) + }) + } +} diff --git a/agent/agentcontainers/subagent.go b/agent/agentcontainers/subagent.go index 42df7080a890a..7d7603feef21d 100644 --- a/agent/agentcontainers/subagent.go +++ b/agent/agentcontainers/subagent.go @@ -188,7 +188,7 @@ func (a *subAgentAPIClient) List(ctx context.Context) ([]SubAgent, error) { return agents, nil } -func (a *subAgentAPIClient) Create(ctx context.Context, agent SubAgent) (SubAgent, error) { +func (a *subAgentAPIClient) Create(ctx context.Context, agent SubAgent) (_ SubAgent, err error) { a.logger.Debug(ctx, "creating sub agent", slog.F("name", agent.Name), slog.F("directory", agent.Directory)) displayApps := make([]agentproto.CreateSubAgentRequest_DisplayApp, 0, len(agent.DisplayApps)) @@ -233,19 +233,27 @@ func (a *subAgentAPIClient) Create(ctx context.Context, agent SubAgent) (SubAgen if err != nil { return SubAgent{}, err } + defer func() { + if err != nil { + // Best effort. + _, _ = a.api.DeleteSubAgent(ctx, &agentproto.DeleteSubAgentRequest{ + Id: resp.GetAgent().GetId(), + }) + } + }() - agent.Name = resp.Agent.Name - agent.ID, err = uuid.FromBytes(resp.Agent.Id) + agent.Name = resp.GetAgent().GetName() + agent.ID, err = uuid.FromBytes(resp.GetAgent().GetId()) if err != nil { - return agent, err + return SubAgent{}, err } - agent.AuthToken, err = uuid.FromBytes(resp.Agent.AuthToken) + agent.AuthToken, err = uuid.FromBytes(resp.GetAgent().GetAuthToken()) if err != nil { - return agent, err + return SubAgent{}, err } - for _, appError := range resp.AppCreationErrors { - app := apps[appError.Index] + for _, appError := range resp.GetAppCreationErrors() { + app := apps[appError.GetIndex()] a.logger.Warn(ctx, "unable to create app", slog.F("agent_name", agent.Name), diff --git a/agent/agentcontainers/testdata/devcontainercli/parse/up.golden b/agent/agentcontainers/testdata/devcontainercli/parse/up.golden new file mode 100644 index 0000000000000..022869052cf4b --- /dev/null +++ b/agent/agentcontainers/testdata/devcontainercli/parse/up.golden @@ -0,0 +1,64 @@ +@devcontainers/cli 0.75.0. Node.js v23.9.0. darwin 24.4.0 arm64. +Resolving Feature dependencies for 'ghcr.io/devcontainers/features/docker-in-docker:2'... +Soft-dependency 'ghcr.io/devcontainers/features/common-utils' is not required. Removing from installation order... +Files to omit: '' +Run: docker buildx build --load --build-context dev_containers_feature_content_source=/var/folders/1y/cm8mblxd7_x9cljwl_jvfprh0000gn/T/devcontainercli/container-features/0.75.0-1744102171193 --build-arg _DEV_CONTAINERS_BASE_IMAGE=mcr.microsoft.com/devcontainers/javascript-node:1-18-bullseye --build-arg _DEV_CONTAINERS_IMAGE_USER=root --build-arg _DEV_CONTAINERS_FEATURE_CONTENT_SOURCE=dev_container_feature_content_temp --target dev_containers_target_stage -f /var/folders/1y/cm8mblxd7_x9cljwl_jvfprh0000gn/T/devcontainercli/container-features/0.75.0-1744102171193/Dockerfile.extended -t vsc-devcontainers-template-starter-81d8f17e32abef6d434cbb5a37fe05e5c8a6f8ccede47a61197f002dcbf60566-features /var/folders/1y/cm8mblxd7_x9cljwl_jvfprh0000gn/T/devcontainercli/empty-folder +#0 building with "orbstack" instance using docker driver + +#1 [internal] load build definition from Dockerfile.extended +#1 transferring dockerfile: 3.09kB done +#1 DONE 0.0s + +#2 resolve image config for docker-image://docker.io/docker/dockerfile:1.4 +#2 DONE 1.3s +#3 docker-image://docker.io/docker/dockerfile:1.4@sha256:9ba7531bd80fb0a858632727cf7a112fbfd19b17e94c4e84ced81e24ef1a0dbc +#3 CACHED + +#4 [internal] load .dockerignore +#4 transferring context: 2B done +#4 DONE 0.0s + +#5 [internal] load metadata for mcr.microsoft.com/devcontainers/javascript-node:1-18-bullseye +#5 DONE 0.0s + +#6 [context dev_containers_feature_content_source] load .dockerignore +#6 transferring dev_containers_feature_content_source: 2B done +#6 DONE 0.0s + +#7 [dev_containers_feature_content_normalize 1/3] FROM mcr.microsoft.com/devcontainers/javascript-node:1-18-bullseye +#7 DONE 0.0s + +#8 [context dev_containers_feature_content_source] load from client +#8 transferring dev_containers_feature_content_source: 82.11kB 0.0s done +#8 DONE 0.0s + +#9 [dev_containers_feature_content_normalize 2/3] COPY --from=dev_containers_feature_content_source devcontainer-features.builtin.env /tmp/build-features/ +#9 CACHED + +#10 [dev_containers_target_stage 2/5] RUN mkdir -p /tmp/dev-container-features +#10 CACHED + +#11 [dev_containers_target_stage 3/5] COPY --from=dev_containers_feature_content_normalize /tmp/build-features/ /tmp/dev-container-features +#11 CACHED + +#12 [dev_containers_target_stage 4/5] RUN echo "_CONTAINER_USER_HOME=$( (command -v getent >/dev/null 2>&1 && getent passwd 'root' || grep -E '^root|^[^:]*:[^:]*:root:' /etc/passwd || true) | cut -d: -f6)" >> /tmp/dev-container-features/devcontainer-features.builtin.env && echo "_REMOTE_USER_HOME=$( (command -v getent >/dev/null 2>&1 && getent passwd 'node' || grep -E '^node|^[^:]*:[^:]*:node:' /etc/passwd || true) | cut -d: -f6)" >> /tmp/dev-container-features/devcontainer-features.builtin.env +#12 CACHED + +#13 [dev_containers_feature_content_normalize 3/3] RUN chmod -R 0755 /tmp/build-features/ +#13 CACHED + +#14 [dev_containers_target_stage 5/5] RUN --mount=type=bind,from=dev_containers_feature_content_source,source=docker-in-docker_0,target=/tmp/build-features-src/docker-in-docker_0 cp -ar /tmp/build-features-src/docker-in-docker_0 /tmp/dev-container-features && chmod -R 0755 /tmp/dev-container-features/docker-in-docker_0 && cd /tmp/dev-container-features/docker-in-docker_0 && chmod +x ./devcontainer-features-install.sh && ./devcontainer-features-install.sh && rm -rf /tmp/dev-container-features/docker-in-docker_0 +#14 CACHED + +#15 exporting to image +#15 exporting layers done +#15 writing image sha256:275dc193c905d448ef3945e3fc86220cc315fe0cb41013988d6ff9f8d6ef2357 done +#15 naming to docker.io/library/vsc-devcontainers-template-starter-81d8f17e32abef6d434cbb5a37fe05e5c8a6f8ccede47a61197f002dcbf60566-features done +#15 DONE 0.0s +Run: docker buildx build --load --build-context dev_containers_feature_content_source=/var/folders/1y/cm8mblxd7_x9cljwl_jvfprh0000gn/T/devcontainercli/container-features/0.75.0-1744102171193 --build-arg _DEV_CONTAINERS_BASE_IMAGE=mcr.microsoft.com/devcontainers/javascript-node:1-18-bullseye --build-arg _DEV_CONTAINERS_IMAGE_USER=root --build-arg _DEV_CONTAINERS_FEATURE_CONTENT_SOURCE=dev_container_feature_content_temp --target dev_containers_target_stage -f /var/folders/1y/cm8mblxd7_x9cljwl_jvfprh0000gn/T/devcontainercli/container-features/0.75.0-1744102171193/Dockerfile.extended -t vsc-devcontainers-template-starter-81d8f17e32abef6d434cbb5a37fe05e5c8a6f8ccede47a61197f002dcbf60566-features /var/folders/1y/cm8mblxd7_x9cljwl_jvfprh0000gn/T/devcontainercli/empty-folder +Run: docker run --sig-proxy=false -a STDOUT -a STDERR --mount type=bind,source=/code/devcontainers-template-starter,target=/workspaces/devcontainers-template-starter,consistency=cached --mount type=volume,src=dind-var-lib-docker-0pctifo8bbg3pd06g3j5s9ae8j7lp5qfcd67m25kuahurel7v7jm,dst=/var/lib/docker -l devcontainer.local_folder=/code/devcontainers-template-starter -l devcontainer.config_file=/code/devcontainers-template-starter/.devcontainer/devcontainer.json --privileged --entrypoint /bin/sh vsc-devcontainers-template-starter-81d8f17e32abef6d434cbb5a37fe05e5c8a6f8ccede47a61197f002dcbf60566-features -c echo Container started +Container started +Not setting dockerd DNS manually. +Running the postCreateCommand from devcontainer.json... +added 1 package in 784ms +{"outcome":"success","containerId":"bc72db8d0c4c4e941bd9ffc341aee64a18d3397fd45b87cd93d4746150967ba8","remoteUser":"node","remoteWorkspaceFolder":"/workspaces/devcontainers-template-starter"} diff --git a/agent/agentcontainers/watcher/watcher_test.go b/agent/agentcontainers/watcher/watcher_test.go index 6cddfbdcee276..08222357d5fd0 100644 --- a/agent/agentcontainers/watcher/watcher_test.go +++ b/agent/agentcontainers/watcher/watcher_test.go @@ -4,6 +4,7 @@ import ( "context" "os" "path/filepath" + "runtime" "testing" "github.com/fsnotify/fsnotify" @@ -88,24 +89,34 @@ func TestFSNotifyWatcher(t *testing.T) { break } - err = os.WriteFile(testFile+".atomic", []byte(`{"test": "atomic"}`), 0o600) - require.NoError(t, err, "write new atomic test file failed") - - err = os.Rename(testFile+".atomic", testFile) - require.NoError(t, err, "rename atomic test file failed") - - // Verify that we receive the event we want. - for { - event, err := wut.Next(ctx) - require.NoError(t, err, "next event failed") - require.NotNil(t, event, "want non-nil event") - if !event.Has(fsnotify.Create) { - t.Logf("Ignoring event: %s", event) - continue + // TODO(DanielleMaywood): + // Unfortunately it appears this atomic-rename phase of the test is flakey on macOS. + // + // This test flake could be indicative of an issue that may present itself + // in a running environment. Fortunately, we only use this (as of 2025-07-29) + // for our dev container integration. We do not expect the host workspace + // (where this is used), to ever be run on macOS, as containers are a linux + // paradigm. + if runtime.GOOS != "darwin" { + err = os.WriteFile(testFile+".atomic", []byte(`{"test": "atomic"}`), 0o600) + require.NoError(t, err, "write new atomic test file failed") + + err = os.Rename(testFile+".atomic", testFile) + require.NoError(t, err, "rename atomic test file failed") + + // Verify that we receive the event we want. + for { + event, err := wut.Next(ctx) + require.NoError(t, err, "next event failed") + require.NotNil(t, event, "want non-nil event") + if !event.Has(fsnotify.Create) { + t.Logf("Ignoring event: %s", event) + continue + } + require.Truef(t, event.Has(fsnotify.Create), "want create event: %s", event.String()) + require.Equal(t, event.Name, testFile, "want event for test file") + break } - require.Truef(t, event.Has(fsnotify.Create), "want create event: %s", event.String()) - require.Equal(t, event.Name, testFile, "want event for test file") - break } // Test removing the file from the watcher. diff --git a/agent/agentscripts/agentscripts.go b/agent/agentscripts/agentscripts.go index 79606a80233b9..bde3305b15415 100644 --- a/agent/agentscripts/agentscripts.go +++ b/agent/agentscripts/agentscripts.go @@ -79,21 +79,6 @@ func New(opts Options) *Runner { type ScriptCompletedFunc func(context.Context, *proto.WorkspaceAgentScriptCompletedRequest) (*proto.WorkspaceAgentScriptCompletedResponse, error) -type runnerScript struct { - runOnPostStart bool - codersdk.WorkspaceAgentScript -} - -func toRunnerScript(scripts ...codersdk.WorkspaceAgentScript) []runnerScript { - var rs []runnerScript - for _, s := range scripts { - rs = append(rs, runnerScript{ - WorkspaceAgentScript: s, - }) - } - return rs -} - type Runner struct { Options @@ -103,7 +88,7 @@ type Runner struct { closed chan struct{} closeMutex sync.Mutex cron *cron.Cron - scripts []runnerScript + scripts []codersdk.WorkspaceAgentScript dataDir string scriptCompleted ScriptCompletedFunc @@ -138,19 +123,6 @@ func (r *Runner) RegisterMetrics(reg prometheus.Registerer) { // InitOption describes an option for the runner initialization. type InitOption func(*Runner) -// WithPostStartScripts adds scripts that should be run after the workspace -// start scripts but before the workspace is marked as started. -func WithPostStartScripts(scripts ...codersdk.WorkspaceAgentScript) InitOption { - return func(r *Runner) { - for _, s := range scripts { - r.scripts = append(r.scripts, runnerScript{ - runOnPostStart: true, - WorkspaceAgentScript: s, - }) - } - } -} - // Init initializes the runner with the provided scripts. // It also schedules any scripts that have a schedule. // This function must be called before Execute. @@ -161,7 +133,7 @@ func (r *Runner) Init(scripts []codersdk.WorkspaceAgentScript, scriptCompleted S return xerrors.New("init: already initialized") } r.initialized = true - r.scripts = toRunnerScript(scripts...) + r.scripts = scripts r.scriptCompleted = scriptCompleted for _, opt := range opts { opt(r) @@ -177,9 +149,8 @@ func (r *Runner) Init(scripts []codersdk.WorkspaceAgentScript, scriptCompleted S if script.Cron == "" { continue } - script := script _, err := r.cron.AddFunc(script.Cron, func() { - err := r.trackRun(r.cronCtx, script.WorkspaceAgentScript, ExecuteCronScripts) + err := r.trackRun(r.cronCtx, script, ExecuteCronScripts) if err != nil { r.Logger.Warn(context.Background(), "run agent script on schedule", slog.Error(err)) } @@ -223,7 +194,6 @@ type ExecuteOption int const ( ExecuteAllScripts ExecuteOption = iota ExecuteStartScripts - ExecutePostStartScripts ExecuteStopScripts ExecuteCronScripts ) @@ -246,7 +216,6 @@ func (r *Runner) Execute(ctx context.Context, option ExecuteOption) error { for _, script := range r.scripts { runScript := (option == ExecuteStartScripts && script.RunOnStart) || (option == ExecuteStopScripts && script.RunOnStop) || - (option == ExecutePostStartScripts && script.runOnPostStart) || (option == ExecuteCronScripts && script.Cron != "") || option == ExecuteAllScripts @@ -254,9 +223,8 @@ func (r *Runner) Execute(ctx context.Context, option ExecuteOption) error { continue } - script := script eg.Go(func() error { - err := r.trackRun(ctx, script.WorkspaceAgentScript, option) + err := r.trackRun(ctx, script, option) if err != nil { return xerrors.Errorf("run agent script %q: %w", script.LogSourceID, err) } diff --git a/agent/agentscripts/agentscripts_test.go b/agent/agentscripts/agentscripts_test.go index f50a0cc065138..c032ea1f83a1a 100644 --- a/agent/agentscripts/agentscripts_test.go +++ b/agent/agentscripts/agentscripts_test.go @@ -4,7 +4,6 @@ import ( "context" "path/filepath" "runtime" - "slices" "sync" "testing" "time" @@ -177,11 +176,6 @@ func TestExecuteOptions(t *testing.T) { Script: "echo stop", RunOnStop: true, } - postStartScript := codersdk.WorkspaceAgentScript{ - ID: uuid.New(), - LogSourceID: uuid.New(), - Script: "echo poststart", - } regularScript := codersdk.WorkspaceAgentScript{ ID: uuid.New(), LogSourceID: uuid.New(), @@ -193,10 +187,9 @@ func TestExecuteOptions(t *testing.T) { stopScript, regularScript, } - allScripts := append(slices.Clone(scripts), postStartScript) scriptByID := func(t *testing.T, id uuid.UUID) codersdk.WorkspaceAgentScript { - for _, script := range allScripts { + for _, script := range scripts { if script.ID == id { return script } @@ -206,10 +199,9 @@ func TestExecuteOptions(t *testing.T) { } wantOutput := map[uuid.UUID]string{ - startScript.ID: "start", - stopScript.ID: "stop", - postStartScript.ID: "poststart", - regularScript.ID: "regular", + startScript.ID: "start", + stopScript.ID: "stop", + regularScript.ID: "regular", } testCases := []struct { @@ -220,18 +212,13 @@ func TestExecuteOptions(t *testing.T) { { name: "ExecuteAllScripts", option: agentscripts.ExecuteAllScripts, - wantRun: []uuid.UUID{startScript.ID, stopScript.ID, regularScript.ID, postStartScript.ID}, + wantRun: []uuid.UUID{startScript.ID, stopScript.ID, regularScript.ID}, }, { name: "ExecuteStartScripts", option: agentscripts.ExecuteStartScripts, wantRun: []uuid.UUID{startScript.ID}, }, - { - name: "ExecutePostStartScripts", - option: agentscripts.ExecutePostStartScripts, - wantRun: []uuid.UUID{postStartScript.ID}, - }, { name: "ExecuteStopScripts", option: agentscripts.ExecuteStopScripts, @@ -260,7 +247,6 @@ func TestExecuteOptions(t *testing.T) { err := runner.Init( scripts, aAPI.ScriptCompleted, - agentscripts.WithPostStartScripts(postStartScript), ) require.NoError(t, err) @@ -274,7 +260,7 @@ func TestExecuteOptions(t *testing.T) { "script %s should have run when using filter %s", scriptByID(t, id).Script, tc.name) } - for _, script := range allScripts { + for _, script := range scripts { if _, ok := gotRun[script.ID]; ok { continue } diff --git a/agent/agentssh/agentssh.go b/agent/agentssh/agentssh.go index a2fec79debcf1..f9c28a3e6ee25 100644 --- a/agent/agentssh/agentssh.go +++ b/agent/agentssh/agentssh.go @@ -46,6 +46,8 @@ const ( // MagicProcessCmdlineJetBrains is a string in a process's command line that // uniquely identifies it as JetBrains software. MagicProcessCmdlineJetBrains = "idea.vendor.name=JetBrains" + MagicProcessCmdlineToolbox = "com.jetbrains.toolbox" + MagicProcessCmdlineGateway = "remote-dev-server" // BlockedFileTransferErrorCode indicates that SSH server restricted the raw command from performing // the file transfer. @@ -113,9 +115,14 @@ type Config struct { BlockFileTransfer bool // ReportConnection. ReportConnection reportConnectionFunc - // Experimental: allow connecting to running containers if - // CODER_AGENT_DEVCONTAINERS_ENABLE=true. - ExperimentalDevContainersEnabled bool + // Experimental: allow connecting to running containers via Docker exec. + // Note that this is different from the devcontainers feature, which uses + // subagents. + ExperimentalContainers bool + // X11Net allows overriding the networking implementation used for X11 + // forwarding listeners. When nil, a default implementation backed by the + // standard library networking package is used. + X11Net X11Network } type Server struct { @@ -124,14 +131,16 @@ type Server struct { listeners map[net.Listener]struct{} conns map[net.Conn]struct{} sessions map[ssh.Session]struct{} + processes map[*os.Process]struct{} closing chan struct{} // Wait for goroutines to exit, waited without // a lock on mu but protected by closing. wg sync.WaitGroup - Execer agentexec.Execer - logger slog.Logger - srv *ssh.Server + Execer agentexec.Execer + logger slog.Logger + srv *ssh.Server + x11Forwarder *x11Forwarder config *Config @@ -182,11 +191,26 @@ func NewServer(ctx context.Context, logger slog.Logger, prometheusRegistry *prom fs: fs, conns: make(map[net.Conn]struct{}), sessions: make(map[ssh.Session]struct{}), + processes: make(map[*os.Process]struct{}), logger: logger, config: config, metrics: metrics, + x11Forwarder: &x11Forwarder{ + logger: logger, + x11HandlerErrors: metrics.x11HandlerErrors, + fs: fs, + displayOffset: *config.X11DisplayOffset, + sessions: make(map[*x11Session]struct{}), + connections: make(map[net.Conn]struct{}), + network: func() X11Network { + if config.X11Net != nil { + return config.X11Net + } + return osNet{} + }(), + }, } srv := &ssh.Server{ @@ -435,7 +459,7 @@ func (s *Server) sessionHandler(session ssh.Session) { switch ss := session.Subsystem(); ss { case "": case "sftp": - if s.config.ExperimentalDevContainersEnabled && container != "" { + if s.config.ExperimentalContainers && container != "" { closeCause("sftp not yet supported with containers") _ = session.Exit(1) return @@ -454,7 +478,7 @@ func (s *Server) sessionHandler(session ssh.Session) { x11, hasX11 := session.X11() if hasX11 { - display, handled := s.x11Handler(ctx, x11) + display, handled := s.x11Forwarder.x11Handler(ctx, session) if !handled { logger.Error(ctx, "x11 handler failed") closeCause("x11 handler failed") @@ -549,7 +573,7 @@ func (s *Server) sessionStart(logger slog.Logger, session ssh.Session, env []str var ei usershell.EnvInfoer var err error - if s.config.ExperimentalDevContainersEnabled && container != "" { + if s.config.ExperimentalContainers && container != "" { ei, err = agentcontainers.EnvInfo(ctx, s.Execer, container, containerUser) if err != nil { s.metrics.sessionErrors.WithLabelValues(magicTypeLabel, ptyLabel, "container_env_info").Add(1) @@ -586,7 +610,12 @@ func (s *Server) startNonPTYSession(logger slog.Logger, session ssh.Session, mag // otherwise context cancellation will not propagate properly // and SSH server close may be delayed. cmd.SysProcAttr = cmdSysProcAttr() - cmd.Cancel = cmdCancel(session.Context(), logger, cmd) + + // to match OpenSSH, we don't actually tear a non-TTY command down, even if the session ends. OpenSSH closes the + // pipes to the process when the session ends; which is what happens here since we wire the command up to the + // session for I/O. + // c.f. https://github.com/coder/coder/issues/18519#issuecomment-3019118271 + cmd.Cancel = nil cmd.Stdout = session cmd.Stderr = session.Stderr() @@ -609,6 +638,16 @@ func (s *Server) startNonPTYSession(logger slog.Logger, session ssh.Session, mag s.metrics.sessionErrors.WithLabelValues(magicTypeLabel, "no", "start_command").Add(1) return xerrors.Errorf("start: %w", err) } + + // Since we don't cancel the process when the session stops, we still need to tear it down if we are closing. So + // track it here. + if !s.trackProcess(cmd.Process, true) { + // must be closing + err = cmdCancel(logger, cmd.Process) + return xerrors.Errorf("failed to track process: %w", err) + } + defer s.trackProcess(cmd.Process, false) + sigs := make(chan ssh.Signal, 1) session.Signals(sigs) defer func() { @@ -816,6 +855,49 @@ func (s *Server) sftpHandler(logger slog.Logger, session ssh.Session) error { return xerrors.Errorf("sftp server closed with error: %w", err) } +func (s *Server) CommandEnv(ei usershell.EnvInfoer, addEnv []string) (shell, dir string, env []string, err error) { + if ei == nil { + ei = &usershell.SystemEnvInfo{} + } + + currentUser, err := ei.User() + if err != nil { + return "", "", nil, xerrors.Errorf("get current user: %w", err) + } + username := currentUser.Username + + shell, err = ei.Shell(username) + if err != nil { + return "", "", nil, xerrors.Errorf("get user shell: %w", err) + } + + dir = s.config.WorkingDirectory() + + // If the metadata directory doesn't exist, we run the command + // in the users home directory. + _, err = os.Stat(dir) + if dir == "" || err != nil { + // Default to user home if a directory is not set. + homedir, err := ei.HomeDir() + if err != nil { + return "", "", nil, xerrors.Errorf("get home dir: %w", err) + } + dir = homedir + } + env = append(ei.Environ(), addEnv...) + // Set login variables (see `man login`). + env = append(env, fmt.Sprintf("USER=%s", username)) + env = append(env, fmt.Sprintf("LOGNAME=%s", username)) + env = append(env, fmt.Sprintf("SHELL=%s", shell)) + + env, err = s.config.UpdateEnv(env) + if err != nil { + return "", "", nil, xerrors.Errorf("apply env: %w", err) + } + + return shell, dir, env, nil +} + // CreateCommand processes raw command input with OpenSSH-like behavior. // If the script provided is empty, it will default to the users shell. // This injects environment variables specified by the user at launch too. @@ -827,15 +909,10 @@ func (s *Server) CreateCommand(ctx context.Context, script string, env []string, if ei == nil { ei = &usershell.SystemEnvInfo{} } - currentUser, err := ei.User() - if err != nil { - return nil, xerrors.Errorf("get current user: %w", err) - } - username := currentUser.Username - shell, err := ei.Shell(username) + shell, dir, env, err := s.CommandEnv(ei, env) if err != nil { - return nil, xerrors.Errorf("get user shell: %w", err) + return nil, xerrors.Errorf("prepare command env: %w", err) } // OpenSSH executes all commands with the users current shell. @@ -893,24 +970,8 @@ func (s *Server) CreateCommand(ctx context.Context, script string, env []string, ) } cmd := s.Execer.PTYCommandContext(ctx, modifiedName, modifiedArgs...) - cmd.Dir = s.config.WorkingDirectory() - - // If the metadata directory doesn't exist, we run the command - // in the users home directory. - _, err = os.Stat(cmd.Dir) - if cmd.Dir == "" || err != nil { - // Default to user home if a directory is not set. - homedir, err := ei.HomeDir() - if err != nil { - return nil, xerrors.Errorf("get home dir: %w", err) - } - cmd.Dir = homedir - } - cmd.Env = append(ei.Environ(), env...) - // Set login variables (see `man login`). - cmd.Env = append(cmd.Env, fmt.Sprintf("USER=%s", username)) - cmd.Env = append(cmd.Env, fmt.Sprintf("LOGNAME=%s", username)) - cmd.Env = append(cmd.Env, fmt.Sprintf("SHELL=%s", shell)) + cmd.Dir = dir + cmd.Env = env // Set SSH connection environment variables (these are also set by OpenSSH // and thus expected to be present by SSH clients). Since the agent does @@ -921,11 +982,6 @@ func (s *Server) CreateCommand(ctx context.Context, script string, env []string, cmd.Env = append(cmd.Env, fmt.Sprintf("SSH_CLIENT=%s %s %s", srcAddr, srcPort, dstPort)) cmd.Env = append(cmd.Env, fmt.Sprintf("SSH_CONNECTION=%s %s %s %s", srcAddr, srcPort, dstAddr, dstPort)) - cmd.Env, err = s.config.UpdateEnv(cmd.Env) - if err != nil { - return nil, xerrors.Errorf("apply env: %w", err) - } - return cmd, nil } @@ -1052,6 +1108,27 @@ func (s *Server) trackSession(ss ssh.Session, add bool) (ok bool) { return true } +// trackCommand registers the process with the server. If the server is +// closing, the process is not registered and should be closed. +// +//nolint:revive +func (s *Server) trackProcess(p *os.Process, add bool) (ok bool) { + s.mu.Lock() + defer s.mu.Unlock() + if add { + if s.closing != nil { + // Server closed. + return false + } + s.wg.Add(1) + s.processes[p] = struct{}{} + return true + } + s.wg.Done() + delete(s.processes, p) + return true +} + // Close the server and all active connections. Server can be re-used // after Close is done. func (s *Server) Close() error { @@ -1091,11 +1168,18 @@ func (s *Server) Close() error { _ = c.Close() } + for p := range s.processes { + _ = cmdCancel(s.logger, p) + } + s.logger.Debug(ctx, "closing SSH server") err := s.srv.Close() s.mu.Unlock() + s.logger.Debug(ctx, "closing X11 forwarding") + _ = s.x11Forwarder.Close() + s.logger.Debug(ctx, "waiting for all goroutines to exit") s.wg.Wait() // Wait for all goroutines to exit. diff --git a/agent/agentssh/agentssh_test.go b/agent/agentssh/agentssh_test.go index 23d9dcc7da3b7..7bf91123d5852 100644 --- a/agent/agentssh/agentssh_test.go +++ b/agent/agentssh/agentssh_test.go @@ -8,7 +8,9 @@ import ( "context" "fmt" "net" + "os" "os/user" + "path/filepath" "runtime" "strings" "sync" @@ -403,6 +405,92 @@ func TestNewServer_Signal(t *testing.T) { }) } +func TestSSHServer_ClosesStdin(t *testing.T) { + t.Parallel() + if runtime.GOOS == "windows" { + t.Skip("bash doesn't exist on Windows") + } + + ctx := testutil.Context(t, testutil.WaitMedium) + logger := testutil.Logger(t) + s, err := agentssh.NewServer(ctx, logger.Named("ssh-server"), prometheus.NewRegistry(), afero.NewMemMapFs(), agentexec.DefaultExecer, nil) + require.NoError(t, err) + logger = logger.Named("test") + defer s.Close() + err = s.UpdateHostSigner(42) + assert.NoError(t, err) + + ln, err := net.Listen("tcp", "127.0.0.1:0") + require.NoError(t, err) + + done := make(chan struct{}) + go func() { + defer close(done) + err := s.Serve(ln) + assert.Error(t, err) // Server is closed. + }() + defer func() { + err := s.Close() + require.NoError(t, err) + <-done + }() + + c := sshClient(t, ln.Addr().String()) + + sess, err := c.NewSession() + require.NoError(t, err) + stdout, err := sess.StdoutPipe() + require.NoError(t, err) + stdin, err := sess.StdinPipe() + require.NoError(t, err) + defer stdin.Close() + + dir := t.TempDir() + err = os.MkdirAll(dir, 0o755) + require.NoError(t, err) + filePath := filepath.Join(dir, "result.txt") + + // the shell command `read` will block until data is written to stdin, or closed. It will return + // exit code 1 if it hits EOF, which is what we want to test. + cmdErrCh := make(chan error, 1) + go func() { + cmdErrCh <- sess.Start(fmt.Sprintf(`echo started; echo "read exit code: $(read && echo 0 || echo 1)" > %s`, filePath)) + }() + + cmdErr := testutil.RequireReceive(ctx, t, cmdErrCh) + require.NoError(t, cmdErr) + + readCh := make(chan error, 1) + go func() { + buf := make([]byte, 8) + _, err := stdout.Read(buf) + assert.Equal(t, "started\n", string(buf)) + readCh <- err + }() + err = testutil.RequireReceive(ctx, t, readCh) + require.NoError(t, err) + + err = sess.Close() + require.NoError(t, err) + + var content []byte + expected := []byte("read exit code: 1\n") + testutil.Eventually(ctx, t, func(_ context.Context) bool { + content, err = os.ReadFile(filePath) + if err != nil { + logger.Debug(ctx, "failed to read file; will retry", slog.Error(err)) + return false + } + if len(content) != len(expected) { + logger.Debug(ctx, "file is partially written", slog.F("content", content)) + return false + } + return true + }, testutil.IntervalFast) + require.NoError(t, err) + require.Equal(t, string(expected), string(content)) +} + func sshClient(t *testing.T, addr string) *ssh.Client { conn, err := net.Dial("tcp", addr) require.NoError(t, err) diff --git a/agent/agentssh/exec_other.go b/agent/agentssh/exec_other.go index 54dfd50899412..aef496a1ef775 100644 --- a/agent/agentssh/exec_other.go +++ b/agent/agentssh/exec_other.go @@ -4,7 +4,7 @@ package agentssh import ( "context" - "os/exec" + "os" "syscall" "cdr.dev/slog" @@ -16,9 +16,7 @@ func cmdSysProcAttr() *syscall.SysProcAttr { } } -func cmdCancel(ctx context.Context, logger slog.Logger, cmd *exec.Cmd) func() error { - return func() error { - logger.Debug(ctx, "cmdCancel: sending SIGHUP to process and children", slog.F("pid", cmd.Process.Pid)) - return syscall.Kill(-cmd.Process.Pid, syscall.SIGHUP) - } +func cmdCancel(logger slog.Logger, p *os.Process) error { + logger.Debug(context.Background(), "cmdCancel: sending SIGHUP to process and children", slog.F("pid", p.Pid)) + return syscall.Kill(-p.Pid, syscall.SIGHUP) } diff --git a/agent/agentssh/exec_windows.go b/agent/agentssh/exec_windows.go index 39f0f97198479..0dafa67958a67 100644 --- a/agent/agentssh/exec_windows.go +++ b/agent/agentssh/exec_windows.go @@ -2,7 +2,7 @@ package agentssh import ( "context" - "os/exec" + "os" "syscall" "cdr.dev/slog" @@ -12,14 +12,12 @@ func cmdSysProcAttr() *syscall.SysProcAttr { return &syscall.SysProcAttr{} } -func cmdCancel(ctx context.Context, logger slog.Logger, cmd *exec.Cmd) func() error { - return func() error { - logger.Debug(ctx, "cmdCancel: killing process", slog.F("pid", cmd.Process.Pid)) - // Windows doesn't support sending signals to process groups, so we - // have to kill the process directly. In the future, we may want to - // implement a more sophisticated solution for process groups on - // Windows, but for now, this is a simple way to ensure that the - // process is terminated when the context is cancelled. - return cmd.Process.Kill() - } +func cmdCancel(logger slog.Logger, p *os.Process) error { + logger.Debug(context.Background(), "cmdCancel: killing process", slog.F("pid", p.Pid)) + // Windows doesn't support sending signals to process groups, so we + // have to kill the process directly. In the future, we may want to + // implement a more sophisticated solution for process groups on + // Windows, but for now, this is a simple way to ensure that the + // process is terminated when the context is cancelled. + return p.Kill() } diff --git a/agent/agentssh/jetbrainstrack.go b/agent/agentssh/jetbrainstrack.go index 9b2fdf83b21d0..874f4c278ce79 100644 --- a/agent/agentssh/jetbrainstrack.go +++ b/agent/agentssh/jetbrainstrack.go @@ -53,7 +53,7 @@ func NewJetbrainsChannelWatcher(ctx ssh.Context, logger slog.Logger, reportConne // If this is not JetBrains, then we do not need to do anything special. We // attempt to match on something that appears unique to JetBrains software. - if !strings.Contains(strings.ToLower(cmdline), strings.ToLower(MagicProcessCmdlineJetBrains)) { + if !isJetbrainsProcess(cmdline) { return newChannel } @@ -104,3 +104,18 @@ func (c *ChannelOnClose) Close() error { c.once.Do(c.done) return c.Channel.Close() } + +func isJetbrainsProcess(cmdline string) bool { + opts := []string{ + MagicProcessCmdlineJetBrains, + MagicProcessCmdlineToolbox, + MagicProcessCmdlineGateway, + } + + for _, opt := range opts { + if strings.Contains(strings.ToLower(cmdline), strings.ToLower(opt)) { + return true + } + } + return false +} diff --git a/agent/agentssh/x11.go b/agent/agentssh/x11.go index 439f2c3021791..b02de0dcf003a 100644 --- a/agent/agentssh/x11.go +++ b/agent/agentssh/x11.go @@ -7,15 +7,16 @@ import ( "errors" "fmt" "io" - "math" "net" "os" "path/filepath" "strconv" + "sync" "time" "github.com/gliderlabs/ssh" "github.com/gofrs/flock" + "github.com/prometheus/client_golang/prometheus" "github.com/spf13/afero" gossh "golang.org/x/crypto/ssh" "golang.org/x/xerrors" @@ -29,8 +30,51 @@ const ( X11StartPort = 6000 // X11DefaultDisplayOffset is the default offset for X11 forwarding. X11DefaultDisplayOffset = 10 + X11MaxDisplays = 200 + // X11MaxPort is the highest port we will ever use for X11 forwarding. This limits the total number of TCP sockets + // we will create. It seems more useful to have a maximum port number than a direct limit on sockets with no max + // port because we'd like to be able to tell users the exact range of ports the Agent might use. + X11MaxPort = X11StartPort + X11MaxDisplays ) +// X11Network abstracts the creation of network listeners for X11 forwarding. +// It is intended mainly for testing; production code uses the default +// implementation backed by the operating system networking stack. +type X11Network interface { + Listen(network, address string) (net.Listener, error) +} + +// osNet is the default X11Network implementation that uses the standard +// library network stack. +type osNet struct{} + +func (osNet) Listen(network, address string) (net.Listener, error) { + return net.Listen(network, address) +} + +type x11Forwarder struct { + logger slog.Logger + x11HandlerErrors *prometheus.CounterVec + fs afero.Fs + displayOffset int + + // network creates X11 listener sockets. Defaults to osNet{}. + network X11Network + + mu sync.Mutex + sessions map[*x11Session]struct{} + connections map[net.Conn]struct{} + closing bool + wg sync.WaitGroup +} + +type x11Session struct { + session ssh.Session + display int + listener net.Listener + usedAt time.Time +} + // x11Callback is called when the client requests X11 forwarding. func (*Server) x11Callback(_ ssh.Context, _ ssh.X11) bool { // Always allow. @@ -39,115 +83,243 @@ func (*Server) x11Callback(_ ssh.Context, _ ssh.X11) bool { // x11Handler is called when a session has requested X11 forwarding. // It listens for X11 connections and forwards them to the client. -func (s *Server) x11Handler(ctx ssh.Context, x11 ssh.X11) (displayNumber int, handled bool) { - serverConn, valid := ctx.Value(ssh.ContextKeyConn).(*gossh.ServerConn) +func (x *x11Forwarder) x11Handler(sshCtx ssh.Context, sshSession ssh.Session) (displayNumber int, handled bool) { + x11, hasX11 := sshSession.X11() + if !hasX11 { + return -1, false + } + serverConn, valid := sshCtx.Value(ssh.ContextKeyConn).(*gossh.ServerConn) if !valid { - s.logger.Warn(ctx, "failed to get server connection") + x.logger.Warn(sshCtx, "failed to get server connection") return -1, false } + ctx := slog.With(sshCtx, slog.F("session_id", fmt.Sprintf("%x", serverConn.SessionID()))) hostname, err := os.Hostname() if err != nil { - s.logger.Warn(ctx, "failed to get hostname", slog.Error(err)) - s.metrics.x11HandlerErrors.WithLabelValues("hostname").Add(1) + x.logger.Warn(ctx, "failed to get hostname", slog.Error(err)) + x.x11HandlerErrors.WithLabelValues("hostname").Add(1) return -1, false } - ln, display, err := createX11Listener(ctx, *s.config.X11DisplayOffset) + x11session, err := x.createX11Session(ctx, sshSession) if err != nil { - s.logger.Warn(ctx, "failed to create X11 listener", slog.Error(err)) - s.metrics.x11HandlerErrors.WithLabelValues("listen").Add(1) + x.logger.Warn(ctx, "failed to create X11 listener", slog.Error(err)) + x.x11HandlerErrors.WithLabelValues("listen").Add(1) return -1, false } - s.trackListener(ln, true) defer func() { if !handled { - s.trackListener(ln, false) - _ = ln.Close() + x.closeAndRemoveSession(x11session) } }() - err = addXauthEntry(ctx, s.fs, hostname, strconv.Itoa(display), x11.AuthProtocol, x11.AuthCookie) + err = addXauthEntry(ctx, x.fs, hostname, strconv.Itoa(x11session.display), x11.AuthProtocol, x11.AuthCookie) if err != nil { - s.logger.Warn(ctx, "failed to add Xauthority entry", slog.Error(err)) - s.metrics.x11HandlerErrors.WithLabelValues("xauthority").Add(1) + x.logger.Warn(ctx, "failed to add Xauthority entry", slog.Error(err)) + x.x11HandlerErrors.WithLabelValues("xauthority").Add(1) return -1, false } + // clean up the X11 session if the SSH session completes. go func() { - // Don't leave the listener open after the session is gone. <-ctx.Done() - _ = ln.Close() + x.closeAndRemoveSession(x11session) }() - go func() { - defer ln.Close() - defer s.trackListener(ln, false) - - for { - conn, err := ln.Accept() - if err != nil { - if errors.Is(err, net.ErrClosed) { - return - } - s.logger.Warn(ctx, "failed to accept X11 connection", slog.Error(err)) + go x.listenForConnections(ctx, x11session, serverConn, x11) + x.logger.Debug(ctx, "X11 forwarding started", slog.F("display", x11session.display)) + + return x11session.display, true +} + +func (x *x11Forwarder) trackGoroutine() (closing bool, done func()) { + x.mu.Lock() + defer x.mu.Unlock() + if !x.closing { + x.wg.Add(1) + return false, func() { x.wg.Done() } + } + return true, func() {} +} + +func (x *x11Forwarder) listenForConnections( + ctx context.Context, session *x11Session, serverConn *gossh.ServerConn, x11 ssh.X11, +) { + defer x.closeAndRemoveSession(session) + if closing, done := x.trackGoroutine(); closing { + return + } else { // nolint: revive + defer done() + } + + for { + conn, err := session.listener.Accept() + if err != nil { + if errors.Is(err, net.ErrClosed) { return } - if x11.SingleConnection { - s.logger.Debug(ctx, "single connection requested, closing X11 listener") - _ = ln.Close() - } + x.logger.Warn(ctx, "failed to accept X11 connection", slog.Error(err)) + return + } - tcpConn, ok := conn.(*net.TCPConn) - if !ok { - s.logger.Warn(ctx, fmt.Sprintf("failed to cast connection to TCPConn. got: %T", conn)) - _ = conn.Close() - continue - } - tcpAddr, ok := tcpConn.LocalAddr().(*net.TCPAddr) - if !ok { - s.logger.Warn(ctx, fmt.Sprintf("failed to cast local address to TCPAddr. got: %T", tcpConn.LocalAddr())) - _ = conn.Close() - continue - } + // Update session usage time since a new X11 connection was forwarded. + x.mu.Lock() + session.usedAt = time.Now() + x.mu.Unlock() + if x11.SingleConnection { + x.logger.Debug(ctx, "single connection requested, closing X11 listener") + x.closeAndRemoveSession(session) + } - channel, reqs, err := serverConn.OpenChannel("x11", gossh.Marshal(struct { - OriginatorAddress string - OriginatorPort uint32 - }{ - OriginatorAddress: tcpAddr.IP.String(), + var originAddr string + var originPort uint32 + + if tcpConn, ok := conn.(*net.TCPConn); ok { + if tcpAddr, ok := tcpConn.LocalAddr().(*net.TCPAddr); ok { + originAddr = tcpAddr.IP.String() // #nosec G115 - Safe conversion as TCP port numbers are within uint32 range (0-65535) - OriginatorPort: uint32(tcpAddr.Port), - })) - if err != nil { - s.logger.Warn(ctx, "failed to open X11 channel", slog.Error(err)) - _ = conn.Close() - continue + originPort = uint32(tcpAddr.Port) } - go gossh.DiscardRequests(reqs) + } + // Fallback values for in-memory or non-TCP connections. + if originAddr == "" { + originAddr = "127.0.0.1" + } - if !s.trackConn(ln, conn, true) { - s.logger.Warn(ctx, "failed to track X11 connection") - _ = conn.Close() - continue - } - go func() { - defer s.trackConn(ln, conn, false) - Bicopy(ctx, conn, channel) - }() + channel, reqs, err := serverConn.OpenChannel("x11", gossh.Marshal(struct { + OriginatorAddress string + OriginatorPort uint32 + }{ + OriginatorAddress: originAddr, + OriginatorPort: originPort, + })) + if err != nil { + x.logger.Warn(ctx, "failed to open X11 channel", slog.Error(err)) + _ = conn.Close() + continue } - }() + go gossh.DiscardRequests(reqs) + + if !x.trackConn(conn, true) { + x.logger.Warn(ctx, "failed to track X11 connection") + _ = conn.Close() + continue + } + go func() { + defer x.trackConn(conn, false) + Bicopy(ctx, conn, channel) + }() + } +} + +// closeAndRemoveSession closes and removes the session. +func (x *x11Forwarder) closeAndRemoveSession(x11session *x11Session) { + _ = x11session.listener.Close() + x.mu.Lock() + delete(x.sessions, x11session) + x.mu.Unlock() +} + +// createX11Session creates an X11 forwarding session. +func (x *x11Forwarder) createX11Session(ctx context.Context, sshSession ssh.Session) (*x11Session, error) { + var ( + ln net.Listener + display int + err error + ) + // retry listener creation after evictions. Limit to 10 retries to prevent pathological cases looping forever. + const maxRetries = 10 + for try := range maxRetries { + ln, display, err = x.createX11Listener(ctx) + if err == nil { + break + } + if try == maxRetries-1 { + return nil, xerrors.New("max retries exceeded while creating X11 session") + } + x.logger.Warn(ctx, "failed to create X11 listener; will evict an X11 forwarding session", + slog.F("num_current_sessions", x.numSessions()), + slog.Error(err)) + x.evictLeastRecentlyUsedSession() + } + x.mu.Lock() + defer x.mu.Unlock() + if x.closing { + closeErr := ln.Close() + if closeErr != nil { + x.logger.Error(ctx, "error closing X11 listener", slog.Error(closeErr)) + } + return nil, xerrors.New("server is closing") + } + x11Sess := &x11Session{ + session: sshSession, + display: display, + listener: ln, + usedAt: time.Now(), + } + x.sessions[x11Sess] = struct{}{} + return x11Sess, nil +} + +func (x *x11Forwarder) numSessions() int { + x.mu.Lock() + defer x.mu.Unlock() + return len(x.sessions) +} + +func (x *x11Forwarder) popLeastRecentlyUsedSession() *x11Session { + x.mu.Lock() + defer x.mu.Unlock() + var lru *x11Session + for s := range x.sessions { + if lru == nil { + lru = s + continue + } + if s.usedAt.Before(lru.usedAt) { + lru = s + continue + } + } + if lru == nil { + x.logger.Debug(context.Background(), "tried to pop from empty set of X11 sessions") + return nil + } + delete(x.sessions, lru) + return lru +} - return display, true +func (x *x11Forwarder) evictLeastRecentlyUsedSession() { + lru := x.popLeastRecentlyUsedSession() + if lru == nil { + return + } + err := lru.listener.Close() + if err != nil { + x.logger.Error(context.Background(), "failed to close evicted X11 session listener", slog.Error(err)) + } + // when we evict, we also want to force the SSH session to be closed as well. This is because we intend to reuse + // the X11 TCP listener port for a new X11 forwarding session. If we left the SSH session up, then graphical apps + // started in that session could potentially connect to an unintended X11 Server (i.e. the display on a different + // computer than the one that started the SSH session). Most likely, this session is a zombie anyway if we've + // reached the maximum number of X11 forwarding sessions. + err = lru.session.Close() + if err != nil { + x.logger.Error(context.Background(), "failed to close evicted X11 SSH session", slog.Error(err)) + } } // createX11Listener creates a listener for X11 forwarding, it will use // the next available port starting from X11StartPort and displayOffset. -func createX11Listener(ctx context.Context, displayOffset int) (ln net.Listener, display int, err error) { - var lc net.ListenConfig +func (x *x11Forwarder) createX11Listener(ctx context.Context) (ln net.Listener, display int, err error) { // Look for an open port to listen on. - for port := X11StartPort + displayOffset; port < math.MaxUint16; port++ { - ln, err = lc.Listen(ctx, "tcp", fmt.Sprintf("localhost:%d", port)) + for port := X11StartPort + x.displayOffset; port <= X11MaxPort; port++ { + if ctx.Err() != nil { + return nil, -1, ctx.Err() + } + + ln, err = x.network.Listen("tcp", fmt.Sprintf("localhost:%d", port)) if err == nil { display = port - X11StartPort return ln, display, nil @@ -156,6 +328,49 @@ func createX11Listener(ctx context.Context, displayOffset int) (ln net.Listener, return nil, -1, xerrors.Errorf("failed to find open port for X11 listener: %w", err) } +// trackConn registers the connection with the x11Forwarder. If the server is +// closed, the connection is not registered and should be closed. +// +//nolint:revive +func (x *x11Forwarder) trackConn(c net.Conn, add bool) (ok bool) { + x.mu.Lock() + defer x.mu.Unlock() + if add { + if x.closing { + // Server or listener closed. + return false + } + x.wg.Add(1) + x.connections[c] = struct{}{} + return true + } + x.wg.Done() + delete(x.connections, c) + return true +} + +func (x *x11Forwarder) Close() error { + x.mu.Lock() + x.closing = true + + for s := range x.sessions { + sErr := s.listener.Close() + if sErr != nil { + x.logger.Debug(context.Background(), "failed to close X11 listener", slog.Error(sErr)) + } + } + for c := range x.connections { + cErr := c.Close() + if cErr != nil { + x.logger.Debug(context.Background(), "failed to close X11 connection", slog.Error(cErr)) + } + } + + x.mu.Unlock() + x.wg.Wait() + return nil +} + // addXauthEntry adds an Xauthority entry to the Xauthority file. // The Xauthority file is located at ~/.Xauthority. func addXauthEntry(ctx context.Context, fs afero.Fs, host string, display string, authProtocol string, authCookie string) error { diff --git a/agent/agentssh/x11_test.go b/agent/agentssh/x11_test.go index 2ccbbfe69ca5c..2f2c657f65036 100644 --- a/agent/agentssh/x11_test.go +++ b/agent/agentssh/x11_test.go @@ -3,9 +3,9 @@ package agentssh_test import ( "bufio" "bytes" - "context" "encoding/hex" "fmt" + "io" "net" "os" "path/filepath" @@ -32,10 +32,19 @@ func TestServer_X11(t *testing.T) { t.Skip("X11 forwarding is only supported on Linux") } - ctx := context.Background() + ctx := testutil.Context(t, testutil.WaitShort) logger := testutil.Logger(t) - fs := afero.NewOsFs() - s, err := agentssh.NewServer(ctx, logger, prometheus.NewRegistry(), fs, agentexec.DefaultExecer, &agentssh.Config{}) + fs := afero.NewMemMapFs() + + // Use in-process networking for X11 forwarding. + inproc := testutil.NewInProcNet() + + // Create server config with custom X11 listener. + cfg := &agentssh.Config{ + X11Net: inproc, + } + + s, err := agentssh.NewServer(ctx, logger, prometheus.NewRegistry(), fs, agentexec.DefaultExecer, cfg) require.NoError(t, err) defer s.Close() err = s.UpdateHostSigner(42) @@ -93,17 +102,15 @@ func TestServer_X11(t *testing.T) { x11Chans := c.HandleChannelOpen("x11") payload := "hello world" - require.Eventually(t, func() bool { - conn, err := net.Dial("tcp", fmt.Sprintf("localhost:%d", agentssh.X11StartPort+displayNumber)) - if err == nil { - _, err = conn.Write([]byte(payload)) - assert.NoError(t, err) - _ = conn.Close() - } - return err == nil - }, testutil.WaitShort, testutil.IntervalFast) + go func() { + conn, err := inproc.Dial(ctx, testutil.NewAddr("tcp", fmt.Sprintf("localhost:%d", agentssh.X11StartPort+displayNumber))) + assert.NoError(t, err) + _, err = conn.Write([]byte(payload)) + assert.NoError(t, err) + _ = conn.Close() + }() - x11 := <-x11Chans + x11 := testutil.RequireReceive(ctx, t, x11Chans) ch, reqs, err := x11.Accept() require.NoError(t, err) go gossh.DiscardRequests(reqs) @@ -121,3 +128,211 @@ func TestServer_X11(t *testing.T) { _, err = fs.Stat(filepath.Join(home, ".Xauthority")) require.NoError(t, err) } + +func TestServer_X11_EvictionLRU(t *testing.T) { + t.Parallel() + if runtime.GOOS != "linux" { + t.Skip("X11 forwarding is only supported on Linux") + } + + ctx := testutil.Context(t, testutil.WaitSuperLong) + logger := testutil.Logger(t) + fs := afero.NewMemMapFs() + + // Use in-process networking for X11 forwarding. + inproc := testutil.NewInProcNet() + + cfg := &agentssh.Config{ + X11Net: inproc, + } + + s, err := agentssh.NewServer(ctx, logger, prometheus.NewRegistry(), fs, agentexec.DefaultExecer, cfg) + require.NoError(t, err) + defer s.Close() + err = s.UpdateHostSigner(42) + require.NoError(t, err) + + ln, err := net.Listen("tcp", "127.0.0.1:0") + require.NoError(t, err) + + done := testutil.Go(t, func() { + err := s.Serve(ln) + assert.Error(t, err) + }) + + c := sshClient(t, ln.Addr().String()) + + // block off one port to test x11Forwarder evicts at highest port, not number of listeners. + externalListener, err := inproc.Listen("tcp", + fmt.Sprintf("localhost:%d", agentssh.X11StartPort+agentssh.X11DefaultDisplayOffset+1)) + require.NoError(t, err) + defer externalListener.Close() + + // Calculate how many simultaneous X11 sessions we can create given the + // configured port range. + + startPort := agentssh.X11StartPort + agentssh.X11DefaultDisplayOffset + maxSessions := agentssh.X11MaxPort - startPort + 1 - 1 // -1 for the blocked port + require.Greater(t, maxSessions, 0, "expected a positive maxSessions value") + + // shellSession holds references to the session and its standard streams so + // that the test can keep them open (and optionally interact with them) for + // the lifetime of the test. If we don't start the Shell with pipes in place, + // the session will be torn down asynchronously during the test. + type shellSession struct { + sess *gossh.Session + stdin io.WriteCloser + stdout io.Reader + stderr io.Reader + // scanner is used to read the output of the session, line by line. + scanner *bufio.Scanner + } + + sessions := make([]shellSession, 0, maxSessions) + for i := 0; i < maxSessions; i++ { + sess, err := c.NewSession() + require.NoError(t, err) + + _, err = sess.SendRequest("x11-req", true, gossh.Marshal(ssh.X11{ + AuthProtocol: "MIT-MAGIC-COOKIE-1", + AuthCookie: hex.EncodeToString([]byte(fmt.Sprintf("cookie%d", i))), + ScreenNumber: uint32(0), + })) + require.NoError(t, err) + + stdin, err := sess.StdinPipe() + require.NoError(t, err) + stdout, err := sess.StdoutPipe() + require.NoError(t, err) + stderr, err := sess.StderrPipe() + require.NoError(t, err) + require.NoError(t, sess.Shell()) + + // The SSH server lazily starts the session. We need to write a command + // and read back to ensure the X11 forwarding is started. + scanner := bufio.NewScanner(stdout) + msg := fmt.Sprintf("ready-%d", i) + _, err = stdin.Write([]byte("echo " + msg + "\n")) + require.NoError(t, err) + // Read until we get the message (first token may be empty due to shell prompt) + for scanner.Scan() { + line := strings.TrimSpace(scanner.Text()) + if strings.Contains(line, msg) { + break + } + } + require.NoError(t, scanner.Err()) + + sessions = append(sessions, shellSession{ + sess: sess, + stdin: stdin, + stdout: stdout, + stderr: stderr, + scanner: scanner, + }) + } + + // Connect X11 forwarding to the first session. This is used to test that + // connecting counts as a use of the display. + x11Chans := c.HandleChannelOpen("x11") + payload := "hello world" + go func() { + conn, err := inproc.Dial(ctx, testutil.NewAddr("tcp", fmt.Sprintf("localhost:%d", agentssh.X11StartPort+agentssh.X11DefaultDisplayOffset))) + if !assert.NoError(t, err) { + return + } + _, err = conn.Write([]byte(payload)) + assert.NoError(t, err) + _ = conn.Close() + }() + + x11 := testutil.RequireReceive(ctx, t, x11Chans) + ch, reqs, err := x11.Accept() + require.NoError(t, err) + go gossh.DiscardRequests(reqs) + got := make([]byte, len(payload)) + _, err = ch.Read(got) + require.NoError(t, err) + assert.Equal(t, payload, string(got)) + _ = ch.Close() + + // Create one more session which should evict a session and reuse the display. + // The first session was used to connect X11 forwarding, so it should not be evicted. + // Therefore, the second session should be evicted and its display reused. + extraSess, err := c.NewSession() + require.NoError(t, err) + + _, err = extraSess.SendRequest("x11-req", true, gossh.Marshal(ssh.X11{ + AuthProtocol: "MIT-MAGIC-COOKIE-1", + AuthCookie: hex.EncodeToString([]byte("extra")), + ScreenNumber: uint32(0), + })) + require.NoError(t, err) + + // Ask the remote side for the DISPLAY value so we can extract the display + // number that was assigned to this session. + out, err := extraSess.Output("echo DISPLAY=$DISPLAY") + require.NoError(t, err) + + // Example output line: "DISPLAY=localhost:10.0". + var newDisplayNumber int + { + sc := bufio.NewScanner(bytes.NewReader(out)) + for sc.Scan() { + line := strings.TrimSpace(sc.Text()) + if strings.HasPrefix(line, "DISPLAY=") { + parts := strings.SplitN(line, ":", 2) + require.Len(t, parts, 2) + displayPart := parts[1] + if strings.Contains(displayPart, ".") { + displayPart = strings.SplitN(displayPart, ".", 2)[0] + } + var convErr error + newDisplayNumber, convErr = strconv.Atoi(displayPart) + require.NoError(t, convErr) + break + } + } + require.NoError(t, sc.Err()) + } + + // The display number reused should correspond to the SECOND session (display offset 12) + expectedDisplay := agentssh.X11DefaultDisplayOffset + 2 // +1 was blocked port + assert.Equal(t, expectedDisplay, newDisplayNumber, "second session should have been evicted and its display reused") + + // First session should still be alive: send cmd and read output. + msgFirst := "still-alive" + _, err = sessions[0].stdin.Write([]byte("echo " + msgFirst + "\n")) + require.NoError(t, err) + for sessions[0].scanner.Scan() { + line := strings.TrimSpace(sessions[0].scanner.Text()) + if strings.Contains(line, msgFirst) { + break + } + } + require.NoError(t, sessions[0].scanner.Err()) + + // Second session should now be closed. + _, err = sessions[1].stdin.Write([]byte("echo dead\n")) + require.ErrorIs(t, err, io.EOF) + err = sessions[1].sess.Wait() + require.Error(t, err) + + // Cleanup. + for i, sh := range sessions { + if i == 1 { + // already closed + continue + } + err = sh.stdin.Close() + require.NoError(t, err) + err = sh.sess.Wait() + require.NoError(t, err) + } + err = extraSess.Close() + require.ErrorIs(t, err, io.EOF) + + err = s.Close() + require.NoError(t, err) + _ = testutil.TryReceive(ctx, t, done) +} diff --git a/agent/api.go b/agent/api.go index 464c5fc5dab30..ca0760e130ffe 100644 --- a/agent/api.go +++ b/agent/api.go @@ -6,16 +6,13 @@ import ( "time" "github.com/go-chi/chi/v5" - "github.com/google/uuid" - "github.com/coder/coder/v2/agent/agentcontainers" - "github.com/coder/coder/v2/agent/proto" "github.com/coder/coder/v2/coderd/httpapi" "github.com/coder/coder/v2/codersdk" ) -func (a *agent) apiHandler(aAPI proto.DRPCAgentClient26) (http.Handler, func() error) { +func (a *agent) apiHandler() http.Handler { r := chi.NewRouter() r.Get("/", func(rw http.ResponseWriter, r *http.Request) { httpapi.Write(r.Context(), rw, http.StatusOK, codersdk.Response{ @@ -40,38 +37,19 @@ func (a *agent) apiHandler(aAPI proto.DRPCAgentClient26) (http.Handler, func() e cacheDuration: cacheDuration, } - if a.experimentalDevcontainersEnabled { - containerAPIOpts := []agentcontainers.Option{ - agentcontainers.WithExecer(a.execer), - agentcontainers.WithScriptLogger(func(logSourceID uuid.UUID) agentcontainers.ScriptLogger { - return a.logSender.GetScriptLogger(logSourceID) - }), - agentcontainers.WithSubAgentClient(agentcontainers.NewSubAgentClientFromAPI(a.logger, aAPI)), - } - manifest := a.manifest.Load() - if manifest != nil { - containerAPIOpts = append(containerAPIOpts, - agentcontainers.WithManifestInfo(manifest.OwnerName, manifest.WorkspaceName), - ) - - if len(manifest.Devcontainers) > 0 { - containerAPIOpts = append( - containerAPIOpts, - agentcontainers.WithDevcontainers(manifest.Devcontainers, manifest.Scripts), - ) - } - } - - // Append after to allow the agent options to override the default options. - containerAPIOpts = append(containerAPIOpts, a.containerAPIOptions...) - - containerAPI := agentcontainers.NewAPI(a.logger.Named("containers"), containerAPIOpts...) - r.Mount("/api/v0/containers", containerAPI.Routes()) - a.containerAPI.Store(containerAPI) + if a.devcontainers { + r.Mount("/api/v0/containers", a.containerAPI.Routes()) + } else if manifest := a.manifest.Load(); manifest != nil && manifest.ParentID != uuid.Nil { + r.HandleFunc("/api/v0/containers", func(w http.ResponseWriter, r *http.Request) { + httpapi.Write(r.Context(), w, http.StatusForbidden, codersdk.Response{ + Message: "Dev Container feature not supported.", + Detail: "Dev Container integration inside other Dev Containers is explicitly not supported.", + }) + }) } else { r.HandleFunc("/api/v0/containers", func(w http.ResponseWriter, r *http.Request) { httpapi.Write(r.Context(), w, http.StatusForbidden, codersdk.Response{ - Message: "The agent dev containers feature is experimental and not enabled by default.", + Message: "Dev Container feature not enabled.", Detail: "To enable this feature, set CODER_AGENT_DEVCONTAINERS_ENABLE=true in your template.", }) }) @@ -88,12 +66,7 @@ func (a *agent) apiHandler(aAPI proto.DRPCAgentClient26) (http.Handler, func() e r.Get("/debug/manifest", a.HandleHTTPDebugManifest) r.Get("/debug/prometheus", promHandler.ServeHTTP) - return r, func() error { - if containerAPI := a.containerAPI.Load(); containerAPI != nil { - return containerAPI.Close() - } - return nil - } + return r } type listeningPortsHandler struct { diff --git a/agent/reconnectingpty/server.go b/agent/reconnectingpty/server.go index 04bbdc7efb7b2..19a2853c9d47f 100644 --- a/agent/reconnectingpty/server.go +++ b/agent/reconnectingpty/server.go @@ -31,8 +31,10 @@ type Server struct { connCount atomic.Int64 reconnectingPTYs sync.Map timeout time.Duration - - ExperimentalDevcontainersEnabled bool + // Experimental: allow connecting to running containers via Docker exec. + // Note that this is different from the devcontainers feature, which uses + // subagents. + ExperimentalContainers bool } // NewServer returns a new ReconnectingPTY server @@ -187,7 +189,7 @@ func (s *Server) handleConn(ctx context.Context, logger slog.Logger, conn net.Co }() var ei usershell.EnvInfoer - if s.ExperimentalDevcontainersEnabled && msg.Container != "" { + if s.ExperimentalContainers && msg.Container != "" { dei, err := agentcontainers.EnvInfo(ctx, s.commandCreator.Execer, msg.Container, msg.ContainerUser) if err != nil { return xerrors.Errorf("get container env info: %w", err) diff --git a/archive/fs/zip.go b/archive/fs/zip.go new file mode 100644 index 0000000000000..81f72d18bdf46 --- /dev/null +++ b/archive/fs/zip.go @@ -0,0 +1,19 @@ +package archivefs + +import ( + "archive/zip" + "io" + "io/fs" + + "github.com/spf13/afero" + "github.com/spf13/afero/zipfs" +) + +// FromZipReader creates a read-only in-memory FS +func FromZipReader(r io.ReaderAt, size int64) (fs.FS, error) { + zr, err := zip.NewReader(r, size) + if err != nil { + return nil, err + } + return afero.NewIOFS(zipfs.New(zr)), nil +} diff --git a/biome.jsonc b/biome.jsonc new file mode 100644 index 0000000000000..ae81184cdca0c --- /dev/null +++ b/biome.jsonc @@ -0,0 +1,86 @@ +{ + "vcs": { + "enabled": true, + "clientKind": "git", + "useIgnoreFile": true, + "defaultBranch": "main" + }, + "files": { + "includes": [ + "**", + "!**/pnpm-lock.yaml" + ], + "ignoreUnknown": true + }, + "linter": { + "rules": { + "a11y": { + "noSvgWithoutTitle": "off", + "useButtonType": "off", + "useSemanticElements": "off", + "noStaticElementInteractions": "off" + }, + "correctness": { + "noUnusedImports": "warn", + "useUniqueElementIds": "off", // TODO: This is new but we want to fix it + "noNestedComponentDefinitions": "off", // TODO: Investigate, since it is used by shadcn components + "noUnusedVariables": { + "level": "warn", + "options": { + "ignoreRestSiblings": true + } + } + }, + "style": { + "noNonNullAssertion": "off", + "noParameterAssign": "off", + "useDefaultParameterLast": "off", + "useSelfClosingElements": "off", + "useAsConstAssertion": "error", + "useEnumInitializers": "error", + "useSingleVarDeclarator": "error", + "noUnusedTemplateLiteral": "error", + "useNumberNamespace": "error", + "noInferrableTypes": "error", + "noUselessElse": "error", + "noRestrictedImports": { + "level": "error", + "options": { + "paths": { + "@mui/material": "Use @mui/material/ instead. See: https://material-ui.com/guides/minimizing-bundle-size/.", + "@mui/icons-material": "Use @mui/icons-material/ instead. See: https://material-ui.com/guides/minimizing-bundle-size/.", + "@mui/material/Avatar": "Use components/Avatar/Avatar instead.", + "@mui/material/Alert": "Use components/Alert/Alert instead.", + "@mui/material/Popover": "Use components/Popover/Popover instead.", + "@mui/material/Typography": "Use native HTML elements instead. Eg: ,

,

, etc.", + "@mui/material/Box": "Use a
instead.", + "@mui/material/styles": "Import from @emotion/react instead.", + "lodash": "Use lodash/ instead." + } + } + } + }, + "suspicious": { + "noArrayIndexKey": "off", + "noThenProperty": "off", + "noTemplateCurlyInString": "off", + "useIterableCallbackReturn": "off", + "noUnknownAtRules": "off", // Allow Tailwind directives + "noConsole": { + "level": "error", + "options": { + "allow": [ + "error", + "info", + "warn" + ] + } + } + }, + "complexity": { + "noImportantStyles": "off" // TODO: check and fix !important styles + } + } + }, + "$schema": "https://biomejs.dev/schemas/2.2.0/schema.json" +} diff --git a/catalog-info.yaml b/catalog-info.yaml new file mode 100644 index 0000000000000..91f59872a89ae --- /dev/null +++ b/catalog-info.yaml @@ -0,0 +1,10 @@ +apiVersion: backstage.io/v1alpha1 +kind: Component +metadata: + name: coder + annotations: + github.com/project-slug: 'coder/coder' +spec: + type: service + lifecycle: production + owner: rd diff --git a/cli/agent.go b/cli/agent.go index 5d6037f9930ec..c192d4429ccaf 100644 --- a/cli/agent.go +++ b/cli/agent.go @@ -40,23 +40,24 @@ import ( func (r *RootCmd) workspaceAgent() *serpent.Command { var ( - auth string - logDir string - scriptDataDir string - pprofAddress string - noReap bool - sshMaxTimeout time.Duration - tailnetListenPort int64 - prometheusAddress string - debugAddress string - slogHumanPath string - slogJSONPath string - slogStackdriverPath string - blockFileTransfer bool - agentHeaderCommand string - agentHeader []string - - experimentalDevcontainersEnabled bool + auth string + logDir string + scriptDataDir string + pprofAddress string + noReap bool + sshMaxTimeout time.Duration + tailnetListenPort int64 + prometheusAddress string + debugAddress string + slogHumanPath string + slogJSONPath string + slogStackdriverPath string + blockFileTransfer bool + agentHeaderCommand string + agentHeader []string + devcontainers bool + devcontainerProjectDiscovery bool + devcontainerDiscoveryAutostart bool ) cmd := &serpent.Command{ Use: "agent", @@ -321,7 +322,7 @@ func (r *RootCmd) workspaceAgent() *serpent.Command { return xerrors.Errorf("create agent execer: %w", err) } - if experimentalDevcontainersEnabled { + if devcontainers { logger.Info(ctx, "agent devcontainer detection enabled") } else { logger.Info(ctx, "agent devcontainer detection not enabled") @@ -359,12 +360,14 @@ func (r *RootCmd) workspaceAgent() *serpent.Command { SSHMaxTimeout: sshMaxTimeout, Subsystems: subsystems, - PrometheusRegistry: prometheusRegistry, - BlockFileTransfer: blockFileTransfer, - Execer: execer, - ExperimentalDevcontainersEnabled: experimentalDevcontainersEnabled, - ContainerAPIOptions: []agentcontainers.Option{ + PrometheusRegistry: prometheusRegistry, + BlockFileTransfer: blockFileTransfer, + Execer: execer, + Devcontainers: devcontainers, + DevcontainerAPIOptions: []agentcontainers.Option{ agentcontainers.WithSubAgentURL(r.agentURL.String()), + agentcontainers.WithProjectDiscovery(devcontainerProjectDiscovery), + agentcontainers.WithDiscoveryAutostart(devcontainerDiscoveryAutostart), }, }) @@ -506,10 +509,24 @@ func (r *RootCmd) workspaceAgent() *serpent.Command { }, { Flag: "devcontainers-enable", - Default: "false", + Default: "true", Env: "CODER_AGENT_DEVCONTAINERS_ENABLE", Description: "Allow the agent to automatically detect running devcontainers.", - Value: serpent.BoolOf(&experimentalDevcontainersEnabled), + Value: serpent.BoolOf(&devcontainers), + }, + { + Flag: "devcontainers-project-discovery-enable", + Default: "true", + Env: "CODER_AGENT_DEVCONTAINERS_PROJECT_DISCOVERY_ENABLE", + Description: "Allow the agent to search the filesystem for devcontainer projects.", + Value: serpent.BoolOf(&devcontainerProjectDiscovery), + }, + { + Flag: "devcontainers-discovery-autostart-enable", + Default: "false", + Env: "CODER_AGENT_DEVCONTAINERS_DISCOVERY_AUTOSTART_ENABLE", + Description: "Allow the agent to autostart devcontainer projects it discovers based on their configuration.", + Value: serpent.BoolOf(&devcontainerDiscoveryAutostart), }, } diff --git a/cli/agent_test.go b/cli/agent_test.go index 0a948c0c84e9a..1592235babaef 100644 --- a/cli/agent_test.go +++ b/cli/agent_test.go @@ -21,6 +21,7 @@ import ( "github.com/coder/coder/v2/coderd/coderdtest" "github.com/coder/coder/v2/coderd/database" "github.com/coder/coder/v2/coderd/database/dbfake" + "github.com/coder/coder/v2/coderd/database/dbtestutil" "github.com/coder/coder/v2/codersdk" "github.com/coder/coder/v2/codersdk/workspacesdk" "github.com/coder/coder/v2/provisionersdk/proto" @@ -67,7 +68,12 @@ func TestWorkspaceAgent(t *testing.T) { t.Parallel() instanceID := "instanceidentifier" certificates, metadataClient := coderdtest.NewAzureInstanceIdentity(t, instanceID) - client, db := coderdtest.NewWithDatabase(t, &coderdtest.Options{ + db, ps := dbtestutil.NewDB(t, + dbtestutil.WithDumpOnFailure(), + ) + client := coderdtest.New(t, &coderdtest.Options{ + Database: db, + Pubsub: ps, AzureCertificates: certificates, }) user := coderdtest.CreateFirstUser(t, client) @@ -106,7 +112,12 @@ func TestWorkspaceAgent(t *testing.T) { t.Parallel() instanceID := "instanceidentifier" certificates, metadataClient := coderdtest.NewAWSInstanceIdentity(t, instanceID) - client, db := coderdtest.NewWithDatabase(t, &coderdtest.Options{ + db, ps := dbtestutil.NewDB(t, + dbtestutil.WithDumpOnFailure(), + ) + client := coderdtest.New(t, &coderdtest.Options{ + Database: db, + Pubsub: ps, AWSCertificates: certificates, }) user := coderdtest.CreateFirstUser(t, client) @@ -146,7 +157,12 @@ func TestWorkspaceAgent(t *testing.T) { t.Parallel() instanceID := "instanceidentifier" validator, metadataClient := coderdtest.NewGoogleInstanceIdentity(t, instanceID, false) - client, db := coderdtest.NewWithDatabase(t, &coderdtest.Options{ + db, ps := dbtestutil.NewDB(t, + dbtestutil.WithDumpOnFailure(), + ) + client := coderdtest.New(t, &coderdtest.Options{ + Database: db, + Pubsub: ps, GoogleTokenValidator: validator, }) owner := coderdtest.CreateFirstUser(t, client) diff --git a/cli/cliui/parameter.go b/cli/cliui/parameter.go index 2e639f8dfa425..d972e346bf196 100644 --- a/cli/cliui/parameter.go +++ b/cli/cliui/parameter.go @@ -38,15 +38,16 @@ func RichParameter(inv *serpent.Invocation, templateVersionParameter codersdk.Te // Move the cursor up a single line for nicer display! _, _ = fmt.Fprint(inv.Stdout, "\033[1A") - var options []string - err = json.Unmarshal([]byte(templateVersionParameter.DefaultValue), &options) + var defaults []string + err = json.Unmarshal([]byte(templateVersionParameter.DefaultValue), &defaults) if err != nil { return "", err } - values, err := MultiSelect(inv, MultiSelectOptions{ - Options: options, - Defaults: options, + values, err := RichMultiSelect(inv, RichMultiSelectOptions{ + Options: templateVersionParameter.Options, + Defaults: defaults, + EnableCustomInput: templateVersionParameter.FormType == "tag-select", }) if err == nil { v, err := json.Marshal(&values) diff --git a/cli/cliui/resources.go b/cli/cliui/resources.go index be112ea177200..36ce4194d72c8 100644 --- a/cli/cliui/resources.go +++ b/cli/cliui/resources.go @@ -12,6 +12,7 @@ import ( "golang.org/x/mod/semver" "github.com/coder/coder/v2/coderd/database/dbtime" + "github.com/coder/coder/v2/coderd/util/slice" "github.com/coder/coder/v2/codersdk" "github.com/coder/pretty" ) @@ -29,6 +30,7 @@ type WorkspaceResourcesOptions struct { ServerVersion string ListeningPorts map[uuid.UUID]codersdk.WorkspaceAgentListeningPortsResponse Devcontainers map[uuid.UUID]codersdk.WorkspaceAgentListContainersResponse + ShowDetails bool } // WorkspaceResources displays the connection status and tree-view of provided resources. @@ -69,7 +71,11 @@ func WorkspaceResources(writer io.Writer, resources []codersdk.WorkspaceResource totalAgents := 0 for _, resource := range resources { - totalAgents += len(resource.Agents) + for _, agent := range resource.Agents { + if !agent.ParentID.Valid { + totalAgents++ + } + } } for _, resource := range resources { @@ -94,12 +100,15 @@ func WorkspaceResources(writer io.Writer, resources []codersdk.WorkspaceResource "", }) // Display all agents associated with the resource. - for index, agent := range resource.Agents { + agents := slice.Filter(resource.Agents, func(agent codersdk.WorkspaceAgent) bool { + return !agent.ParentID.Valid + }) + for index, agent := range agents { tableWriter.AppendRow(renderAgentRow(agent, index, totalAgents, options)) for _, row := range renderListeningPorts(options, agent.ID, index, totalAgents) { tableWriter.AppendRow(row) } - for _, row := range renderDevcontainers(options, agent.ID, index, totalAgents) { + for _, row := range renderDevcontainers(resources, options, agent.ID, index, totalAgents) { tableWriter.AppendRow(row) } } @@ -125,7 +134,7 @@ func renderAgentRow(agent codersdk.WorkspaceAgent, index, totalAgents int, optio } if !options.HideAccess { sshCommand := "coder ssh " + options.WorkspaceName - if totalAgents > 1 { + if totalAgents > 1 || len(options.Devcontainers) > 0 { sshCommand += "." + agent.Name } sshCommand = pretty.Sprint(DefaultStyles.Code, sshCommand) @@ -164,45 +173,129 @@ func renderPortRow(port codersdk.WorkspaceAgentListeningPort, idx, total int) ta return table.Row{sb.String()} } -func renderDevcontainers(wro WorkspaceResourcesOptions, agentID uuid.UUID, index, totalAgents int) []table.Row { +func renderDevcontainers(resources []codersdk.WorkspaceResource, wro WorkspaceResourcesOptions, agentID uuid.UUID, index, totalAgents int) []table.Row { var rows []table.Row if wro.Devcontainers == nil { return []table.Row{} } dc, ok := wro.Devcontainers[agentID] - if !ok || len(dc.Containers) == 0 { + if !ok || len(dc.Devcontainers) == 0 { return []table.Row{} } rows = append(rows, table.Row{ fmt.Sprintf(" %s─ %s", renderPipe(index, totalAgents), "Devcontainers"), }) - for idx, container := range dc.Containers { - rows = append(rows, renderDevcontainerRow(container, idx, len(dc.Containers))) + for idx, devcontainer := range dc.Devcontainers { + rows = append(rows, renderDevcontainerRow(resources, devcontainer, idx, len(dc.Devcontainers), wro)...) } return rows } -func renderDevcontainerRow(container codersdk.WorkspaceAgentContainer, index, total int) table.Row { - var row table.Row - var sb strings.Builder - _, _ = sb.WriteString(" ") - _, _ = sb.WriteString(renderPipe(index, total)) - _, _ = sb.WriteString("─ ") - _, _ = sb.WriteString(pretty.Sprintf(DefaultStyles.Code, "%s", container.FriendlyName)) - row = append(row, sb.String()) - sb.Reset() - if container.Running { - _, _ = sb.WriteString(pretty.Sprintf(DefaultStyles.Keyword, "(%s)", container.Status)) - } else { - _, _ = sb.WriteString(pretty.Sprintf(DefaultStyles.Error, "(%s)", container.Status)) +func renderDevcontainerRow(resources []codersdk.WorkspaceResource, devcontainer codersdk.WorkspaceAgentDevcontainer, index, total int, wro WorkspaceResourcesOptions) []table.Row { + var rows []table.Row + + // If the devcontainer is running and has an associated agent, we want to + // display the agent's details. Otherwise, we just display the devcontainer + // name and status. + var subAgent *codersdk.WorkspaceAgent + displayName := devcontainer.Name + if devcontainer.Agent != nil && devcontainer.Status == codersdk.WorkspaceAgentDevcontainerStatusRunning { + for _, resource := range resources { + if agent, found := slice.Find(resource.Agents, func(agent codersdk.WorkspaceAgent) bool { + return agent.ID == devcontainer.Agent.ID + }); found { + subAgent = &agent + break + } + } + if subAgent != nil { + displayName = subAgent.Name + displayName += fmt.Sprintf(" (%s, %s)", subAgent.OperatingSystem, subAgent.Architecture) + } + } + + if devcontainer.Container != nil { + displayName += " " + pretty.Sprint(DefaultStyles.Keyword, "["+devcontainer.Container.FriendlyName+"]") + } + + // Build the main row. + row := table.Row{ + fmt.Sprintf(" %s─ %s", renderPipe(index, total), displayName), + } + + // Add status, health, and version columns. + if !wro.HideAgentState { + if subAgent != nil { + row = append(row, renderAgentStatus(*subAgent)) + row = append(row, renderAgentHealth(*subAgent)) + row = append(row, renderAgentVersion(subAgent.Version, wro.ServerVersion)) + } else { + row = append(row, renderDevcontainerStatus(devcontainer.Status)) + row = append(row, "") // No health for devcontainer without agent. + row = append(row, "") // No version for devcontainer without agent. + } + } + + // Add access column. + if !wro.HideAccess { + if subAgent != nil { + accessString := fmt.Sprintf("coder ssh %s.%s", wro.WorkspaceName, subAgent.Name) + row = append(row, pretty.Sprint(DefaultStyles.Code, accessString)) + } else { + row = append(row, "") // No access for devcontainers without agent. + } + } + + rows = append(rows, row) + + // Add error message if present. + if errorMessage := devcontainer.Error; errorMessage != "" { + // Cap error message length for display. + if !wro.ShowDetails && len(errorMessage) > 80 { + errorMessage = errorMessage[:79] + "…" + } + errorRow := table.Row{ + " × " + pretty.Sprint(DefaultStyles.Error, errorMessage), + "", + "", + "", + } + if !wro.HideAccess { + errorRow = append(errorRow, "") + } + rows = append(rows, errorRow) + } + + // Add listening ports for the devcontainer agent. + if subAgent != nil { + portRows := renderListeningPorts(wro, subAgent.ID, index, total) + for _, portRow := range portRows { + // Adjust indentation for ports under devcontainer agent. + if len(portRow) > 0 { + if str, ok := portRow[0].(string); ok { + portRow[0] = " " + str // Add extra indentation. + } + } + rows = append(rows, portRow) + } + } + + return rows +} + +func renderDevcontainerStatus(status codersdk.WorkspaceAgentDevcontainerStatus) string { + switch status { + case codersdk.WorkspaceAgentDevcontainerStatusRunning: + return pretty.Sprint(DefaultStyles.Keyword, "▶ running") + case codersdk.WorkspaceAgentDevcontainerStatusStopped: + return pretty.Sprint(DefaultStyles.Placeholder, "⏹ stopped") + case codersdk.WorkspaceAgentDevcontainerStatusStarting: + return pretty.Sprint(DefaultStyles.Warn, "⧗ starting") + case codersdk.WorkspaceAgentDevcontainerStatusError: + return pretty.Sprint(DefaultStyles.Error, "✘ error") + default: + return pretty.Sprint(DefaultStyles.Placeholder, "○ "+string(status)) } - row = append(row, sb.String()) - sb.Reset() - // "health" is not applicable here. - row = append(row, sb.String()) - _, _ = sb.WriteString(container.Image) - row = append(row, sb.String()) - return row } func renderAgentStatus(agent codersdk.WorkspaceAgent) string { diff --git a/cli/cliui/select.go b/cli/cliui/select.go index 40f63d92e279d..f609ca81c3e26 100644 --- a/cli/cliui/select.go +++ b/cli/cliui/select.go @@ -5,6 +5,7 @@ import ( "fmt" "os" "os/signal" + "slices" "strings" "syscall" @@ -299,6 +300,77 @@ func (m selectModel) filteredOptions() []string { return options } +type RichMultiSelectOptions struct { + Message string + Options []codersdk.TemplateVersionParameterOption + Defaults []string + EnableCustomInput bool +} + +func RichMultiSelect(inv *serpent.Invocation, richOptions RichMultiSelectOptions) ([]string, error) { + var opts []string + var defaultOpts []string + + asLine := func(option codersdk.TemplateVersionParameterOption) string { + line := option.Name + if len(option.Description) > 0 { + line += ": " + option.Description + } + return line + } + + var predefinedOpts []string + for i, option := range richOptions.Options { + opts = append(opts, asLine(option)) // Some options may have description defined. + + // Check if option is selected by default + if slices.Contains(richOptions.Defaults, option.Value) { + defaultOpts = append(defaultOpts, opts[i]) + predefinedOpts = append(predefinedOpts, option.Value) + } + } + + // Check if "defaults" contains extra/custom options, user could select them. + for _, def := range richOptions.Defaults { + if !slices.Contains(predefinedOpts, def) { + opts = append(opts, def) + defaultOpts = append(defaultOpts, def) + } + } + + selected, err := MultiSelect(inv, MultiSelectOptions{ + Message: richOptions.Message, + Options: opts, + Defaults: defaultOpts, + EnableCustomInput: richOptions.EnableCustomInput, + }) + if err != nil { + return nil, err + } + + // Check selected option, convert descriptions (line) to values + // + // The function must return an initialized empty array, since it is later marshaled + // into JSON. Otherwise, `var results []string` would be marshaled to "null". + // See: https://github.com/golang/go/issues/27589 + results := []string{} + for _, sel := range selected { + custom := true + for i, option := range richOptions.Options { + if asLine(option) == sel { + results = append(results, richOptions.Options[i].Value) + custom = false + break + } + } + + if custom { + results = append(results, sel) + } + } + return results, nil +} + type MultiSelectOptions struct { Message string Options []string diff --git a/cli/cliui/select_test.go b/cli/cliui/select_test.go index c7630ac4f2460..55ab81f50f01b 100644 --- a/cli/cliui/select_test.go +++ b/cli/cliui/select_test.go @@ -52,15 +52,8 @@ func TestRichSelect(t *testing.T) { go func() { resp, err := newRichSelect(ptty, cliui.RichSelectOptions{ Options: []codersdk.TemplateVersionParameterOption{ - { - Name: "A-Name", - Value: "A-Value", - Description: "A-Description.", - }, { - Name: "B-Name", - Value: "B-Value", - Description: "B-Description.", - }, + {Name: "A-Name", Value: "A-Value", Description: "A-Description."}, + {Name: "B-Name", Value: "B-Value", Description: "B-Description."}, }, }) assert.NoError(t, err) @@ -86,63 +79,130 @@ func newRichSelect(ptty *ptytest.PTY, opts cliui.RichSelectOptions) (string, err return value, inv.Run() } -func TestMultiSelect(t *testing.T) { +func TestRichMultiSelect(t *testing.T) { t.Parallel() - t.Run("MultiSelect", func(t *testing.T) { - items := []string{"aaa", "bbb", "ccc"} - t.Parallel() - ptty := ptytest.New(t) - msgChan := make(chan []string) - go func() { - resp, err := newMultiSelect(ptty, items) - assert.NoError(t, err) - msgChan <- resp - }() - require.Equal(t, items, <-msgChan) - }) + tests := []struct { + name string + options []codersdk.TemplateVersionParameterOption + defaults []string + allowCustom bool + want []string + }{ + { + name: "Predefined", + options: []codersdk.TemplateVersionParameterOption{ + {Name: "AAA", Description: "This is AAA", Value: "aaa"}, + {Name: "BBB", Description: "This is BBB", Value: "bbb"}, + {Name: "CCC", Description: "This is CCC", Value: "ccc"}, + }, + defaults: []string{"bbb", "ccc"}, + allowCustom: false, + want: []string{"bbb", "ccc"}, + }, + { + name: "Custom", + options: []codersdk.TemplateVersionParameterOption{ + {Name: "AAA", Description: "This is AAA", Value: "aaa"}, + {Name: "BBB", Description: "This is BBB", Value: "bbb"}, + {Name: "CCC", Description: "This is CCC", Value: "ccc"}, + }, + defaults: []string{"aaa", "bbb"}, + allowCustom: true, + want: []string{"aaa", "bbb"}, + }, + { + name: "NoOptionSelected", + options: []codersdk.TemplateVersionParameterOption{ + {Name: "AAA", Description: "This is AAA", Value: "aaa"}, + {Name: "BBB", Description: "This is BBB", Value: "bbb"}, + {Name: "CCC", Description: "This is CCC", Value: "ccc"}, + }, + defaults: []string{}, + allowCustom: false, + want: []string{}, + }, + } - t.Run("MultiSelectWithCustomInput", func(t *testing.T) { - t.Parallel() - items := []string{"Code", "Chairs", "Whale", "Diamond", "Carrot"} - ptty := ptytest.New(t) - msgChan := make(chan []string) - go func() { - resp, err := newMultiSelectWithCustomInput(ptty, items) - assert.NoError(t, err) - msgChan <- resp - }() - require.Equal(t, items, <-msgChan) - }) -} + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + t.Parallel() -func newMultiSelectWithCustomInput(ptty *ptytest.PTY, items []string) ([]string, error) { - var values []string - cmd := &serpent.Command{ - Handler: func(inv *serpent.Invocation) error { - selectedItems, err := cliui.MultiSelect(inv, cliui.MultiSelectOptions{ - Options: items, - Defaults: items, - EnableCustomInput: true, - }) - if err == nil { - values = selectedItems + var selectedItems []string + var err error + cmd := &serpent.Command{ + Handler: func(inv *serpent.Invocation) error { + selectedItems, err = cliui.RichMultiSelect(inv, cliui.RichMultiSelectOptions{ + Options: tt.options, + Defaults: tt.defaults, + EnableCustomInput: tt.allowCustom, + }) + return err + }, } - return err + + doneChan := make(chan struct{}) + go func() { + defer close(doneChan) + err := cmd.Invoke().Run() + assert.NoError(t, err) + }() + <-doneChan + + require.Equal(t, tt.want, selectedItems) + }) + } +} + +func TestMultiSelect(t *testing.T) { + t.Parallel() + + tests := []struct { + name string + items []string + allowCustom bool + want []string + }{ + { + name: "MultiSelect", + items: []string{"aaa", "bbb", "ccc"}, + allowCustom: false, + want: []string{"aaa", "bbb", "ccc"}, + }, + { + name: "MultiSelectWithCustomInput", + items: []string{"Code", "Chairs", "Whale", "Diamond", "Carrot"}, + allowCustom: true, + want: []string{"Code", "Chairs", "Whale", "Diamond", "Carrot"}, }, } - inv := cmd.Invoke() - ptty.Attach(inv) - return values, inv.Run() + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + + ptty := ptytest.New(t) + msgChan := make(chan []string) + + go func() { + resp, err := newMultiSelect(ptty, tt.items, tt.allowCustom) + assert.NoError(t, err) + msgChan <- resp + }() + + require.Equal(t, tt.want, <-msgChan) + }) + } } -func newMultiSelect(ptty *ptytest.PTY, items []string) ([]string, error) { +func newMultiSelect(pty *ptytest.PTY, items []string, custom bool) ([]string, error) { var values []string cmd := &serpent.Command{ Handler: func(inv *serpent.Invocation) error { selectedItems, err := cliui.MultiSelect(inv, cliui.MultiSelectOptions{ - Options: items, - Defaults: items, + Options: items, + Defaults: items, + EnableCustomInput: custom, }) if err == nil { values = selectedItems @@ -151,6 +211,6 @@ func newMultiSelect(ptty *ptytest.PTY, items []string) ([]string, error) { }, } inv := cmd.Invoke() - ptty.Attach(inv) + pty.Attach(inv) return values, inv.Run() } diff --git a/cli/cliutil/license.go b/cli/cliutil/license.go new file mode 100644 index 0000000000000..f4012ba665845 --- /dev/null +++ b/cli/cliutil/license.go @@ -0,0 +1,87 @@ +package cliutil + +import ( + "fmt" + "strings" + "time" + + "github.com/google/uuid" + "golang.org/x/xerrors" + + "github.com/coder/coder/v2/cli/cliui" + "github.com/coder/coder/v2/codersdk" +) + +// NewLicenseFormatter returns a new license formatter. +// The formatter will return a table and JSON output. +func NewLicenseFormatter() *cliui.OutputFormatter { + type tableLicense struct { + ID int32 `table:"id,default_sort"` + UUID uuid.UUID `table:"uuid" format:"uuid"` + UploadedAt time.Time `table:"uploaded at" format:"date-time"` + // Features is the formatted string for the license claims. + // Used for the table view. + Features string `table:"features"` + ExpiresAt time.Time `table:"expires at" format:"date-time"` + Trial bool `table:"trial"` + } + + return cliui.NewOutputFormatter( + cliui.ChangeFormatterData( + cliui.TableFormat([]tableLicense{}, []string{"ID", "UUID", "Expires At", "Uploaded At", "Features"}), + func(data any) (any, error) { + list, ok := data.([]codersdk.License) + if !ok { + return nil, xerrors.Errorf("invalid data type %T", data) + } + out := make([]tableLicense, 0, len(list)) + for _, lic := range list { + var formattedFeatures string + features, err := lic.FeaturesClaims() + if err != nil { + formattedFeatures = xerrors.Errorf("invalid license: %w", err).Error() + } else { + var strs []string + if lic.AllFeaturesClaim() { + // If all features are enabled, just include that + strs = append(strs, "all features") + } else { + for k, v := range features { + if v > 0 { + // Only include claims > 0 + strs = append(strs, fmt.Sprintf("%s=%v", k, v)) + } + } + } + formattedFeatures = strings.Join(strs, ", ") + } + // If this returns an error, a zero time is returned. + exp, _ := lic.ExpiresAt() + + out = append(out, tableLicense{ + ID: lic.ID, + UUID: lic.UUID, + UploadedAt: lic.UploadedAt, + Features: formattedFeatures, + ExpiresAt: exp, + Trial: lic.Trial(), + }) + } + return out, nil + }), + cliui.ChangeFormatterData(cliui.JSONFormat(), func(data any) (any, error) { + list, ok := data.([]codersdk.License) + if !ok { + return nil, xerrors.Errorf("invalid data type %T", data) + } + for i := range list { + humanExp, err := list[i].ExpiresAt() + if err == nil { + list[i].Claims[codersdk.LicenseExpiryClaim+"_human"] = humanExp.Format(time.RFC3339) + } + } + + return list, nil + }), + ) +} diff --git a/cli/configssh.go b/cli/configssh.go index c1be60b604a9e..b12b9d5c3d5cd 100644 --- a/cli/configssh.go +++ b/cli/configssh.go @@ -446,7 +446,7 @@ func (r *RootCmd) configSSH() *serpent.Command { if !bytes.Equal(configRaw, configModified) { sshDir := filepath.Dir(sshConfigFile) - if err := os.MkdirAll(sshDir, 0700); err != nil { + if err := os.MkdirAll(sshDir, 0o700); err != nil { return xerrors.Errorf("failed to create directory %q: %w", sshDir, err) } diff --git a/cli/configssh_test.go b/cli/configssh_test.go index 1ffe93a7b838c..7e42bfe81a799 100644 --- a/cli/configssh_test.go +++ b/cli/configssh_test.go @@ -204,10 +204,11 @@ func TestConfigSSH_MissingDirectory(t *testing.T) { _, err = os.Stat(sshConfigPath) require.NoError(t, err, "config file should exist") - // Check that the directory has proper permissions (0700) + // Check that the directory has proper permissions (rwx for owner, none for + // group and everyone) sshDirInfo, err := os.Stat(sshDir) require.NoError(t, err) - require.Equal(t, os.FileMode(0700), sshDirInfo.Mode().Perm(), "directory should have 0700 permissions") + require.Equal(t, os.FileMode(0o700), sshDirInfo.Mode().Perm(), "directory should have rwx------ permissions") } func TestConfigSSH_FileWriteAndOptionsFlow(t *testing.T) { @@ -358,7 +359,8 @@ func TestConfigSSH_FileWriteAndOptionsFlow(t *testing.T) { strings.Join([]string{ headerEnd, "", - }, "\n")}, + }, "\n"), + }, }, args: []string{"--ssh-option", "ForwardAgent=yes"}, matches: []match{ @@ -383,7 +385,8 @@ func TestConfigSSH_FileWriteAndOptionsFlow(t *testing.T) { strings.Join([]string{ headerEnd, "", - }, "\n")}, + }, "\n"), + }, }, args: []string{"--ssh-option", "ForwardAgent=yes"}, matches: []match{ diff --git a/cli/create.go b/cli/create.go index fbf26349b3b95..59ab0ba0fa6d7 100644 --- a/cli/create.go +++ b/cli/create.go @@ -2,6 +2,7 @@ package cli import ( "context" + "errors" "fmt" "io" "slices" @@ -21,10 +22,23 @@ import ( "github.com/coder/serpent" ) -func (r *RootCmd) create() *serpent.Command { +// PresetNone represents the special preset value "none". +// It is used when a user runs `create --preset none`, +// indicating that the CLI should not apply any preset. +const PresetNone = "none" + +var ErrNoPresetFound = xerrors.New("no preset found") + +type CreateOptions struct { + BeforeCreate func(ctx context.Context, client *codersdk.Client, template codersdk.Template, templateVersionID uuid.UUID) error + AfterCreate func(ctx context.Context, inv *serpent.Invocation, client *codersdk.Client, workspace codersdk.Workspace) error +} + +func (r *RootCmd) Create(opts CreateOptions) *serpent.Command { var ( templateName string templateVersion string + presetName string startAt string stopAfter time.Duration workspaceName string @@ -263,11 +277,52 @@ func (r *RootCmd) create() *serpent.Command { } } + // Get presets for the template version + tvPresets, err := client.TemplateVersionPresets(inv.Context(), templateVersionID) + if err != nil { + return xerrors.Errorf("failed to get presets: %w", err) + } + + var preset *codersdk.Preset + var presetParameters []codersdk.WorkspaceBuildParameter + + // If the template has no presets, or the user explicitly used --preset none, + // skip applying a preset + if len(tvPresets) > 0 && strings.ToLower(presetName) != PresetNone { + // Attempt to resolve which preset to use + preset, err = resolvePreset(tvPresets, presetName) + if err != nil { + if !errors.Is(err, ErrNoPresetFound) { + return xerrors.Errorf("unable to resolve preset: %w", err) + } + // If no preset found, prompt the user to choose a preset + if preset, err = promptPresetSelection(inv, tvPresets); err != nil { + return xerrors.Errorf("unable to prompt user for preset: %w", err) + } + } + + // Convert preset parameters into workspace build parameters + presetParameters = presetParameterAsWorkspaceBuildParameters(preset.Parameters) + // Inform the user which preset was applied and its parameters + displayAppliedPreset(inv, preset, presetParameters) + } else { + // Inform the user that no preset was applied + _, _ = fmt.Fprintf(inv.Stdout, "%s", cliui.Bold("No preset applied.")) + } + + if opts.BeforeCreate != nil { + err = opts.BeforeCreate(inv.Context(), client, template, templateVersionID) + if err != nil { + return xerrors.Errorf("before create: %w", err) + } + } + richParameters, err := prepWorkspaceBuild(inv, client, prepWorkspaceBuildArgs{ Action: WorkspaceCreate, TemplateVersionID: templateVersionID, NewWorkspaceName: workspaceName, + PresetParameters: presetParameters, RichParameterFile: parameterFlags.richParameterFile, RichParameters: cliBuildParameters, RichParameterDefaults: cliBuildParameterDefaults, @@ -291,14 +346,21 @@ func (r *RootCmd) create() *serpent.Command { ttlMillis = ptr.Ref(stopAfter.Milliseconds()) } - workspace, err := client.CreateUserWorkspace(inv.Context(), workspaceOwner, codersdk.CreateWorkspaceRequest{ + req := codersdk.CreateWorkspaceRequest{ TemplateVersionID: templateVersionID, Name: workspaceName, AutostartSchedule: schedSpec, TTLMillis: ttlMillis, RichParameterValues: richParameters, AutomaticUpdates: codersdk.AutomaticUpdates(autoUpdates), - }) + } + + // If a preset exists, update the create workspace request's preset ID + if preset != nil { + req.TemplateVersionPresetID = preset.ID + } + + workspace, err := client.CreateUserWorkspace(inv.Context(), workspaceOwner, req) if err != nil { return xerrors.Errorf("create workspace: %w", err) } @@ -316,6 +378,14 @@ func (r *RootCmd) create() *serpent.Command { cliui.Keyword(workspace.Name), cliui.Timestamp(time.Now()), ) + + if opts.AfterCreate != nil { + err = opts.AfterCreate(inv.Context(), inv, client, workspace) + if err != nil { + return err + } + } + return nil }, } @@ -333,6 +403,12 @@ func (r *RootCmd) create() *serpent.Command { Description: "Specify a template version name.", Value: serpent.StringOf(&templateVersion), }, + serpent.Option{ + Flag: "preset", + Env: "CODER_PRESET_NAME", + Description: "Specify the name of a template version preset. Use 'none' to explicitly indicate that no preset should be used.", + Value: serpent.StringOf(&presetName), + }, serpent.Option{ Flag: "start-at", Env: "CODER_WORKSPACE_START_AT", @@ -377,12 +453,81 @@ type prepWorkspaceBuildArgs struct { PromptEphemeralParameters bool EphemeralParameters []codersdk.WorkspaceBuildParameter + PresetParameters []codersdk.WorkspaceBuildParameter PromptRichParameters bool RichParameters []codersdk.WorkspaceBuildParameter RichParameterFile string RichParameterDefaults []codersdk.WorkspaceBuildParameter } +// resolvePreset returns the preset matching the given presetName (if specified), +// or the default preset (if any). +// Returns ErrNoPresetFound if no matching or default preset is found. +func resolvePreset(presets []codersdk.Preset, presetName string) (*codersdk.Preset, error) { + // If preset name is specified, find it + if presetName != "" { + for _, p := range presets { + if p.Name == presetName { + return &p, nil + } + } + return nil, xerrors.Errorf("preset %q not found", presetName) + } + + // No preset name specified, search for the default preset + for _, p := range presets { + if p.Default { + return &p, nil + } + } + + // No preset found + return nil, ErrNoPresetFound +} + +// promptPresetSelection shows a CLI selection menu of the presets defined in the template version. +// Returns the selected preset +func promptPresetSelection(inv *serpent.Invocation, presets []codersdk.Preset) (*codersdk.Preset, error) { + presetMap := make(map[string]*codersdk.Preset) + var presetOptions []string + + for _, preset := range presets { + var option string + if preset.Description == "" { + option = preset.Name + } else { + option = fmt.Sprintf("%s: %s", preset.Name, preset.Description) + } + presetOptions = append(presetOptions, option) + presetMap[option] = &preset + } + + // Show selection UI + _, _ = fmt.Fprintln(inv.Stdout, pretty.Sprint(cliui.DefaultStyles.Wrap, "Select a preset below:")) + selected, err := cliui.Select(inv, cliui.SelectOptions{ + Options: presetOptions, + HideSearch: true, + }) + if err != nil { + return nil, xerrors.Errorf("failed to select preset: %w", err) + } + + return presetMap[selected], nil +} + +// displayAppliedPreset shows the user which preset was applied and its parameters +func displayAppliedPreset(inv *serpent.Invocation, preset *codersdk.Preset, parameters []codersdk.WorkspaceBuildParameter) { + label := fmt.Sprintf("Preset '%s'", preset.Name) + if preset.Default { + label += " (default)" + } + + _, _ = fmt.Fprintf(inv.Stdout, "%s applied:\n", cliui.Bold(label)) + for _, param := range parameters { + _, _ = fmt.Fprintf(inv.Stdout, " %s: '%s'\n", cliui.Bold(param.Name), param.Value) + } +} + // prepWorkspaceBuild will ensure a workspace build will succeed on the latest template version. // Any missing params will be prompted to the user. It supports rich parameters. func prepWorkspaceBuild(inv *serpent.Invocation, client *codersdk.Client, args prepWorkspaceBuildArgs) ([]codersdk.WorkspaceBuildParameter, error) { @@ -411,6 +556,7 @@ func prepWorkspaceBuild(inv *serpent.Invocation, client *codersdk.Client, args p WithSourceWorkspaceParameters(args.SourceWorkspaceParameters). WithPromptEphemeralParameters(args.PromptEphemeralParameters). WithEphemeralParameters(args.EphemeralParameters). + WithPresetParameters(args.PresetParameters). WithPromptRichParameters(args.PromptRichParameters). WithRichParameters(args.RichParameters). WithRichParametersFile(parameterFile). diff --git a/cli/create_test.go b/cli/create_test.go index 668fd466d605c..dd26e450d3916 100644 --- a/cli/create_test.go +++ b/cli/create_test.go @@ -12,6 +12,7 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + "github.com/coder/coder/v2/cli" "github.com/coder/coder/v2/cli/clitest" "github.com/coder/coder/v2/coderd/coderdtest" "github.com/coder/coder/v2/coderd/externalauth" @@ -298,7 +299,7 @@ func TestCreate(t *testing.T) { }) } -func prepareEchoResponses(parameters []*proto.RichParameter) *echo.Responses { +func prepareEchoResponses(parameters []*proto.RichParameter, presets ...*proto.Preset) *echo.Responses { return &echo.Responses{ Parse: echo.ParseComplete, ProvisionPlan: []*proto.Response{ @@ -306,6 +307,7 @@ func prepareEchoResponses(parameters []*proto.RichParameter) *echo.Responses { Type: &proto.Response_Plan{ Plan: &proto.PlanComplete{ Parameters: parameters, + Presets: presets, }, }, }, @@ -663,6 +665,642 @@ func TestCreateWithRichParameters(t *testing.T) { }) } +func TestCreateWithPreset(t *testing.T) { + t.Parallel() + + const ( + firstParameterName = "first_parameter" + firstParameterDisplayName = "First Parameter" + firstParameterDescription = "This is the first parameter" + firstParameterValue = "1" + + firstOptionalParameterName = "first_optional_parameter" + firstOptionalParameterDescription = "This is the first optional parameter" + firstOptionalParameterValue = "1" + secondOptionalParameterName = "second_optional_parameter" + secondOptionalParameterDescription = "This is the second optional parameter" + secondOptionalParameterValue = "2" + + thirdParameterName = "third_parameter" + thirdParameterDescription = "This is the third parameter" + thirdParameterValue = "3" + ) + + echoResponses := func(presets ...*proto.Preset) *echo.Responses { + return prepareEchoResponses([]*proto.RichParameter{ + { + Name: firstParameterName, + DisplayName: firstParameterDisplayName, + Description: firstParameterDescription, + Mutable: true, + DefaultValue: firstParameterValue, + Options: []*proto.RichParameterOption{ + { + Name: firstOptionalParameterName, + Description: firstOptionalParameterDescription, + Value: firstOptionalParameterValue, + }, + { + Name: secondOptionalParameterName, + Description: secondOptionalParameterDescription, + Value: secondOptionalParameterValue, + }, + }, + }, + { + Name: thirdParameterName, + Description: thirdParameterDescription, + DefaultValue: thirdParameterValue, + Mutable: true, + }, + }, presets...) + } + + // This test verifies that when a template has presets, + // including a default preset, and the user specifies a `--preset` flag, + // the CLI uses the specified preset instead of the default + t.Run("PresetFlag", func(t *testing.T) { + t.Parallel() + + client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) + owner := coderdtest.CreateFirstUser(t, client) + member, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID) + + // Given: a template and a template version with two presets, including a default + defaultPreset := proto.Preset{ + Name: "preset-default", + Default: true, + Parameters: []*proto.PresetParameter{ + {Name: thirdParameterName, Value: thirdParameterValue}, + }, + } + preset := proto.Preset{ + Name: "preset-test", + Parameters: []*proto.PresetParameter{ + {Name: firstParameterName, Value: secondOptionalParameterValue}, + {Name: thirdParameterName, Value: thirdParameterValue}, + }, + } + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, echoResponses(&defaultPreset, &preset)) + coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) + + // When: running the create command with the specified preset + workspaceName := "my-workspace" + inv, root := clitest.New(t, "create", workspaceName, "--template", template.Name, "-y", "--preset", preset.Name) + clitest.SetupConfig(t, member, root) + pty := ptytest.New(t).Attach(inv) + inv.Stdout = pty.Output() + inv.Stderr = pty.Output() + err := inv.Run() + require.NoError(t, err) + + // Should: display the selected preset as well as its parameters + presetName := fmt.Sprintf("Preset '%s' applied:", preset.Name) + pty.ExpectMatch(presetName) + pty.ExpectMatch(fmt.Sprintf("%s: '%s'", firstParameterName, secondOptionalParameterValue)) + pty.ExpectMatch(fmt.Sprintf("%s: '%s'", thirdParameterName, thirdParameterValue)) + + // Verify if the new workspace uses expected parameters. + ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitShort) + defer cancel() + + tvPresets, err := client.TemplateVersionPresets(ctx, version.ID) + require.NoError(t, err) + require.Len(t, tvPresets, 2) + var selectedPreset *codersdk.Preset + for _, tvPreset := range tvPresets { + if tvPreset.Name == preset.Name { + selectedPreset = &tvPreset + } + } + require.NotNil(t, selectedPreset) + + workspaces, err := client.Workspaces(ctx, codersdk.WorkspaceFilter{ + Name: workspaceName, + }) + require.NoError(t, err) + require.Len(t, workspaces.Workspaces, 1) + + // Should: create a workspace using the expected template version and the preset-defined parameters + workspaceLatestBuild := workspaces.Workspaces[0].LatestBuild + require.Equal(t, version.ID, workspaceLatestBuild.TemplateVersionID) + require.Equal(t, selectedPreset.ID, *workspaceLatestBuild.TemplateVersionPresetID) + buildParameters, err := client.WorkspaceBuildParameters(ctx, workspaceLatestBuild.ID) + require.NoError(t, err) + require.Len(t, buildParameters, 2) + require.Contains(t, buildParameters, codersdk.WorkspaceBuildParameter{Name: firstParameterName, Value: secondOptionalParameterValue}) + require.Contains(t, buildParameters, codersdk.WorkspaceBuildParameter{Name: thirdParameterName, Value: thirdParameterValue}) + }) + + // This test verifies that when a template has presets, + // including a default preset, and the user does not specify the `--preset` flag, + // the CLI automatically uses the default preset to create the workspace + t.Run("DefaultPreset", func(t *testing.T) { + t.Parallel() + + client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) + owner := coderdtest.CreateFirstUser(t, client) + member, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID) + + // Given: a template and a template version with two presets, including a default + defaultPreset := proto.Preset{ + Name: "preset-default", + Default: true, + Parameters: []*proto.PresetParameter{ + {Name: firstParameterName, Value: secondOptionalParameterValue}, + {Name: thirdParameterName, Value: thirdParameterValue}, + }, + } + preset := proto.Preset{ + Name: "preset-test", + Parameters: []*proto.PresetParameter{ + {Name: thirdParameterName, Value: thirdParameterValue}, + }, + } + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, echoResponses(&defaultPreset, &preset)) + coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) + + // When: running the create command without a preset + workspaceName := "my-workspace" + inv, root := clitest.New(t, "create", workspaceName, "--template", template.Name, "-y") + clitest.SetupConfig(t, member, root) + pty := ptytest.New(t).Attach(inv) + inv.Stdout = pty.Output() + inv.Stderr = pty.Output() + err := inv.Run() + require.NoError(t, err) + + // Should: display the default preset as well as its parameters + presetName := fmt.Sprintf("Preset '%s' (default) applied:", defaultPreset.Name) + pty.ExpectMatch(presetName) + pty.ExpectMatch(fmt.Sprintf("%s: '%s'", firstParameterName, secondOptionalParameterValue)) + pty.ExpectMatch(fmt.Sprintf("%s: '%s'", thirdParameterName, thirdParameterValue)) + + // Verify if the new workspace uses expected parameters. + ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitShort) + defer cancel() + + tvPresets, err := client.TemplateVersionPresets(ctx, version.ID) + require.NoError(t, err) + require.Len(t, tvPresets, 2) + var selectedPreset *codersdk.Preset + for _, tvPreset := range tvPresets { + if tvPreset.Default { + selectedPreset = &tvPreset + } + } + require.NotNil(t, selectedPreset) + + workspaces, err := client.Workspaces(ctx, codersdk.WorkspaceFilter{ + Name: workspaceName, + }) + require.NoError(t, err) + require.Len(t, workspaces.Workspaces, 1) + + // Should: create a workspace using the expected template version and the default preset parameters + workspaceLatestBuild := workspaces.Workspaces[0].LatestBuild + require.Equal(t, version.ID, workspaceLatestBuild.TemplateVersionID) + require.Equal(t, selectedPreset.ID, *workspaceLatestBuild.TemplateVersionPresetID) + buildParameters, err := client.WorkspaceBuildParameters(ctx, workspaceLatestBuild.ID) + require.NoError(t, err) + require.Len(t, buildParameters, 2) + require.Contains(t, buildParameters, codersdk.WorkspaceBuildParameter{Name: firstParameterName, Value: secondOptionalParameterValue}) + require.Contains(t, buildParameters, codersdk.WorkspaceBuildParameter{Name: thirdParameterName, Value: thirdParameterValue}) + }) + + // This test verifies that when a template has presets but no default preset, + // and the user does not provide the `--preset` flag, + // the CLI prompts the user to select a preset. + t.Run("NoDefaultPresetPromptUser", func(t *testing.T) { + t.Parallel() + + client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) + owner := coderdtest.CreateFirstUser(t, client) + member, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID) + + // Given: a template and a template version with two presets + preset := proto.Preset{ + Name: "preset-test", + Description: "Preset Test.", + Parameters: []*proto.PresetParameter{ + {Name: firstParameterName, Value: secondOptionalParameterValue}, + {Name: thirdParameterName, Value: thirdParameterValue}, + }, + } + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, echoResponses(&preset)) + coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) + + // When: running the create command without specifying a preset + workspaceName := "my-workspace" + inv, root := clitest.New(t, "create", workspaceName, "--template", template.Name, + "--parameter", fmt.Sprintf("%s=%s", firstParameterName, firstOptionalParameterValue), + "--parameter", fmt.Sprintf("%s=%s", thirdParameterName, thirdParameterValue)) + clitest.SetupConfig(t, member, root) + doneChan := make(chan struct{}) + pty := ptytest.New(t).Attach(inv) + go func() { + defer close(doneChan) + err := inv.Run() + assert.NoError(t, err) + }() + + // Should: prompt the user for the preset + pty.ExpectMatch("Select a preset below:") + pty.WriteLine("\n") + pty.ExpectMatch("Preset 'preset-test' applied") + pty.ExpectMatch("Confirm create?") + pty.WriteLine("yes") + + <-doneChan + + // Verify if the new workspace uses expected parameters. + ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitShort) + defer cancel() + + tvPresets, err := client.TemplateVersionPresets(ctx, version.ID) + require.NoError(t, err) + require.Len(t, tvPresets, 1) + + workspaces, err := client.Workspaces(ctx, codersdk.WorkspaceFilter{ + Name: workspaceName, + }) + require.NoError(t, err) + require.Len(t, workspaces.Workspaces, 1) + + // Should: create a workspace using the expected template version and the preset-defined parameters + workspaceLatestBuild := workspaces.Workspaces[0].LatestBuild + require.Equal(t, version.ID, workspaceLatestBuild.TemplateVersionID) + require.Equal(t, tvPresets[0].ID, *workspaceLatestBuild.TemplateVersionPresetID) + buildParameters, err := client.WorkspaceBuildParameters(ctx, workspaceLatestBuild.ID) + require.NoError(t, err) + require.Len(t, buildParameters, 2) + require.Contains(t, buildParameters, codersdk.WorkspaceBuildParameter{Name: firstParameterName, Value: secondOptionalParameterValue}) + require.Contains(t, buildParameters, codersdk.WorkspaceBuildParameter{Name: thirdParameterName, Value: thirdParameterValue}) + }) + + // This test verifies that when a template version has no presets, + // the CLI does not prompt the user to select a preset and proceeds + // with workspace creation without applying any preset. + t.Run("TemplateVersionWithoutPresets", func(t *testing.T) { + t.Parallel() + + client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) + owner := coderdtest.CreateFirstUser(t, client) + member, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID) + + // Given: a template and a template version without presets + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, echoResponses()) + coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) + + // When: running the create command without a preset + workspaceName := "my-workspace" + inv, root := clitest.New(t, "create", workspaceName, "--template", template.Name, "-y", + "--parameter", fmt.Sprintf("%s=%s", firstParameterName, firstOptionalParameterValue), + "--parameter", fmt.Sprintf("%s=%s", thirdParameterName, thirdParameterValue)) + clitest.SetupConfig(t, member, root) + pty := ptytest.New(t).Attach(inv) + inv.Stdout = pty.Output() + inv.Stderr = pty.Output() + err := inv.Run() + require.NoError(t, err) + pty.ExpectMatch("No preset applied.") + + // Verify if the new workspace uses expected parameters. + ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitShort) + defer cancel() + + workspaces, err := client.Workspaces(ctx, codersdk.WorkspaceFilter{ + Name: workspaceName, + }) + require.NoError(t, err) + require.Len(t, workspaces.Workspaces, 1) + + // Should: create a workspace using the expected template version and no preset + workspaceLatestBuild := workspaces.Workspaces[0].LatestBuild + require.Equal(t, version.ID, workspaceLatestBuild.TemplateVersionID) + require.Nil(t, workspaceLatestBuild.TemplateVersionPresetID) + buildParameters, err := client.WorkspaceBuildParameters(ctx, workspaceLatestBuild.ID) + require.NoError(t, err) + require.Len(t, buildParameters, 2) + require.Contains(t, buildParameters, codersdk.WorkspaceBuildParameter{Name: firstParameterName, Value: firstOptionalParameterValue}) + require.Contains(t, buildParameters, codersdk.WorkspaceBuildParameter{Name: thirdParameterName, Value: thirdParameterValue}) + }) + + // This test verifies that when the user provides `--preset none`, + // the CLI skips applying any preset, even if the template version has a default preset. + // The workspace should be created without using any preset-defined parameters. + t.Run("PresetFlagNone", func(t *testing.T) { + t.Parallel() + + client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) + owner := coderdtest.CreateFirstUser(t, client) + member, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID) + + // Given: a template and a template version with a default preset + preset := proto.Preset{ + Name: "preset-test", + Default: true, + Parameters: []*proto.PresetParameter{ + {Name: firstParameterName, Value: secondOptionalParameterValue}, + {Name: thirdParameterName, Value: thirdParameterValue}, + }, + } + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, echoResponses(&preset)) + coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) + + // When: running the create command with flag '--preset none' + workspaceName := "my-workspace" + inv, root := clitest.New(t, "create", workspaceName, "--template", template.Name, "-y", "--preset", cli.PresetNone, + "--parameter", fmt.Sprintf("%s=%s", firstParameterName, firstOptionalParameterValue), + "--parameter", fmt.Sprintf("%s=%s", thirdParameterName, thirdParameterValue)) + clitest.SetupConfig(t, member, root) + pty := ptytest.New(t).Attach(inv) + inv.Stdout = pty.Output() + inv.Stderr = pty.Output() + err := inv.Run() + require.NoError(t, err) + pty.ExpectMatch("No preset applied.") + + // Verify that the new workspace doesn't use the preset parameters. + ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitShort) + defer cancel() + + tvPresets, err := client.TemplateVersionPresets(ctx, version.ID) + require.NoError(t, err) + require.Len(t, tvPresets, 1) + + workspaces, err := client.Workspaces(ctx, codersdk.WorkspaceFilter{ + Name: workspaceName, + }) + require.NoError(t, err) + require.Len(t, workspaces.Workspaces, 1) + + // Should: create a workspace using the expected template version and no preset + workspaceLatestBuild := workspaces.Workspaces[0].LatestBuild + require.Equal(t, version.ID, workspaceLatestBuild.TemplateVersionID) + require.Nil(t, workspaceLatestBuild.TemplateVersionPresetID) + buildParameters, err := client.WorkspaceBuildParameters(ctx, workspaceLatestBuild.ID) + require.NoError(t, err) + require.Len(t, buildParameters, 2) + require.Contains(t, buildParameters, codersdk.WorkspaceBuildParameter{Name: firstParameterName, Value: firstOptionalParameterValue}) + require.Contains(t, buildParameters, codersdk.WorkspaceBuildParameter{Name: thirdParameterName, Value: thirdParameterValue}) + }) + + // This test verifies that the CLI returns an appropriate error + // when a user provides a `--preset` value that does not correspond + // to any existing preset in the template version. + t.Run("FailsWhenPresetDoesNotExist", func(t *testing.T) { + t.Parallel() + + client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) + owner := coderdtest.CreateFirstUser(t, client) + member, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID) + + // Given: a template and a template version where the preset defines values for all required parameters + preset := proto.Preset{ + Name: "preset-test", + Parameters: []*proto.PresetParameter{ + {Name: firstParameterName, Value: secondOptionalParameterValue}, + {Name: thirdParameterName, Value: thirdParameterValue}, + }, + } + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, echoResponses(&preset)) + coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) + + // When: running the create command with a non-existent preset + workspaceName := "my-workspace" + inv, root := clitest.New(t, "create", workspaceName, "--template", template.Name, "-y", "--preset", "invalid-preset") + clitest.SetupConfig(t, member, root) + pty := ptytest.New(t).Attach(inv) + inv.Stdout = pty.Output() + inv.Stderr = pty.Output() + err := inv.Run() + + // Should: fail with an error indicating the preset was not found + require.Contains(t, err.Error(), "preset \"invalid-preset\" not found") + }) + + // This test verifies that when both a preset and a user-provided + // `--parameter` flag define a value for the same parameter, + // the preset's value takes precedence over the user's. + // + // The preset defines one parameter (A), and two `--parameter` flags provide A and B. + // The workspace should be created using: + // - the value of parameter A from the preset (overriding the parameter flag's value), + // - and the value of parameter B from the parameter flag. + t.Run("PresetOverridesParameterFlagValues", func(t *testing.T) { + t.Parallel() + + client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) + owner := coderdtest.CreateFirstUser(t, client) + member, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID) + + // Given: a template version with a preset that defines one parameter + preset := proto.Preset{ + Name: "preset-test", + Parameters: []*proto.PresetParameter{ + {Name: firstParameterName, Value: secondOptionalParameterValue}, + }, + } + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, echoResponses(&preset)) + coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) + + // When: creating a workspace with a preset and passing overlapping and additional parameters via `--parameter` + workspaceName := "my-workspace" + inv, root := clitest.New(t, "create", workspaceName, "--template", template.Name, "-y", + "--preset", preset.Name, + "--parameter", fmt.Sprintf("%s=%s", firstParameterName, firstOptionalParameterValue), + "--parameter", fmt.Sprintf("%s=%s", thirdParameterName, thirdParameterValue)) + clitest.SetupConfig(t, member, root) + pty := ptytest.New(t).Attach(inv) + inv.Stdout = pty.Output() + inv.Stderr = pty.Output() + err := inv.Run() + require.NoError(t, err) + + // Should: display the selected preset as well as its parameter + presetName := fmt.Sprintf("Preset '%s' applied:", preset.Name) + pty.ExpectMatch(presetName) + pty.ExpectMatch(fmt.Sprintf("%s: '%s'", firstParameterName, secondOptionalParameterValue)) + + // Verify if the new workspace uses expected parameters. + ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitShort) + defer cancel() + + tvPresets, err := client.TemplateVersionPresets(ctx, version.ID) + require.NoError(t, err) + require.Len(t, tvPresets, 1) + + workspaces, err := client.Workspaces(ctx, codersdk.WorkspaceFilter{ + Name: workspaceName, + }) + require.NoError(t, err) + require.Len(t, workspaces.Workspaces, 1) + + // Should: include both parameters, one from the preset and one from the `--parameter` flag + workspaceLatestBuild := workspaces.Workspaces[0].LatestBuild + require.Equal(t, version.ID, workspaceLatestBuild.TemplateVersionID) + require.Equal(t, tvPresets[0].ID, *workspaceLatestBuild.TemplateVersionPresetID) + buildParameters, err := client.WorkspaceBuildParameters(ctx, workspaceLatestBuild.ID) + require.NoError(t, err) + require.Len(t, buildParameters, 2) + require.Contains(t, buildParameters, codersdk.WorkspaceBuildParameter{Name: firstParameterName, Value: secondOptionalParameterValue}) + require.Contains(t, buildParameters, codersdk.WorkspaceBuildParameter{Name: thirdParameterName, Value: thirdParameterValue}) + }) + + // This test verifies that when both a preset and a user-provided + // `--rich-parameter-file` define a value for the same parameter, + // the preset's value takes precedence over the one in the file. + // + // The preset defines one parameter (A), and the parameter file provides two parameters (A and B). + // The workspace should be created using: + // - the value of parameter A from the preset (overriding the file's value), + // - and the value of parameter B from the file. + t.Run("PresetOverridesParameterFileValues", func(t *testing.T) { + t.Parallel() + + client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) + owner := coderdtest.CreateFirstUser(t, client) + member, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID) + + // Given: a template version with a preset that defines one parameter + preset := proto.Preset{ + Name: "preset-test", + Parameters: []*proto.PresetParameter{ + {Name: firstParameterName, Value: secondOptionalParameterValue}, + }, + } + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, echoResponses(&preset)) + coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) + + // When: creating a workspace with the preset and passing the second required parameter via `--rich-parameter-file` + workspaceName := "my-workspace" + tempDir := t.TempDir() + removeTmpDirUntilSuccessAfterTest(t, tempDir) + parameterFile, _ := os.CreateTemp(tempDir, "testParameterFile*.yaml") + _, _ = parameterFile.WriteString( + firstParameterName + ": " + firstOptionalParameterValue + "\n" + + thirdParameterName + ": " + thirdParameterValue) + inv, root := clitest.New(t, "create", workspaceName, "--template", template.Name, "-y", + "--preset", preset.Name, + "--rich-parameter-file", parameterFile.Name()) + clitest.SetupConfig(t, member, root) + pty := ptytest.New(t).Attach(inv) + inv.Stdout = pty.Output() + inv.Stderr = pty.Output() + err := inv.Run() + require.NoError(t, err) + + // Should: display the selected preset as well as its parameter + presetName := fmt.Sprintf("Preset '%s' applied:", preset.Name) + pty.ExpectMatch(presetName) + pty.ExpectMatch(fmt.Sprintf("%s: '%s'", firstParameterName, secondOptionalParameterValue)) + + // Verify if the new workspace uses expected parameters. + ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitShort) + defer cancel() + + tvPresets, err := client.TemplateVersionPresets(ctx, version.ID) + require.NoError(t, err) + require.Len(t, tvPresets, 1) + + workspaces, err := client.Workspaces(ctx, codersdk.WorkspaceFilter{ + Name: workspaceName, + }) + require.NoError(t, err) + require.Len(t, workspaces.Workspaces, 1) + + // Should: include both parameters, one from the preset and one from the `--rich-parameter-file` flag + workspaceLatestBuild := workspaces.Workspaces[0].LatestBuild + require.Equal(t, version.ID, workspaceLatestBuild.TemplateVersionID) + require.Equal(t, tvPresets[0].ID, *workspaceLatestBuild.TemplateVersionPresetID) + buildParameters, err := client.WorkspaceBuildParameters(ctx, workspaceLatestBuild.ID) + require.NoError(t, err) + require.Len(t, buildParameters, 2) + require.Contains(t, buildParameters, codersdk.WorkspaceBuildParameter{Name: firstParameterName, Value: secondOptionalParameterValue}) + require.Contains(t, buildParameters, codersdk.WorkspaceBuildParameter{Name: thirdParameterName, Value: thirdParameterValue}) + }) + + // This test verifies that when a preset provides only some parameters, + // and the remaining ones are not provided via flags, + // the CLI prompts the user for input to fill in the missing parameters. + t.Run("PromptsForMissingParametersWhenPresetIsIncomplete", func(t *testing.T) { + t.Parallel() + + client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) + owner := coderdtest.CreateFirstUser(t, client) + member, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID) + + // Given: a template version with a preset that defines one parameter + preset := proto.Preset{ + Name: "preset-test", + Parameters: []*proto.PresetParameter{ + {Name: firstParameterName, Value: secondOptionalParameterValue}, + }, + } + version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, echoResponses(&preset)) + coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) + + // When: running the create command with the specified preset + workspaceName := "my-workspace" + inv, root := clitest.New(t, "create", workspaceName, "--template", template.Name, "--preset", preset.Name) + clitest.SetupConfig(t, member, root) + doneChan := make(chan struct{}) + pty := ptytest.New(t).Attach(inv) + go func() { + defer close(doneChan) + err := inv.Run() + assert.NoError(t, err) + }() + + // Should: display the selected preset as well as its parameters + presetName := fmt.Sprintf("Preset '%s' applied:", preset.Name) + pty.ExpectMatch(presetName) + pty.ExpectMatch(fmt.Sprintf("%s: '%s'", firstParameterName, secondOptionalParameterValue)) + + // Should: prompt for the missing parameter + pty.ExpectMatch(thirdParameterDescription) + pty.WriteLine(thirdParameterValue) + pty.ExpectMatch("Confirm create?") + pty.WriteLine("yes") + + <-doneChan + + // Verify if the new workspace uses expected parameters. + ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong) + defer cancel() + + tvPresets, err := client.TemplateVersionPresets(ctx, version.ID) + require.NoError(t, err) + require.Len(t, tvPresets, 1) + + workspaces, err := client.Workspaces(ctx, codersdk.WorkspaceFilter{ + Name: workspaceName, + }) + require.NoError(t, err) + require.Len(t, workspaces.Workspaces, 1) + + // Should: create a workspace using the expected template version and the preset-defined parameters + workspaceLatestBuild := workspaces.Workspaces[0].LatestBuild + require.Equal(t, version.ID, workspaceLatestBuild.TemplateVersionID) + require.Equal(t, tvPresets[0].ID, *workspaceLatestBuild.TemplateVersionPresetID) + buildParameters, err := client.WorkspaceBuildParameters(ctx, workspaceLatestBuild.ID) + require.NoError(t, err) + require.Len(t, buildParameters, 2) + require.Contains(t, buildParameters, codersdk.WorkspaceBuildParameter{Name: firstParameterName, Value: secondOptionalParameterValue}) + require.Contains(t, buildParameters, codersdk.WorkspaceBuildParameter{Name: thirdParameterName, Value: thirdParameterValue}) + }) +} + func TestCreateValidateRichParameters(t *testing.T) { t.Parallel() diff --git a/cli/delete_test.go b/cli/delete_test.go index ecd1c6996df1d..2e550d74849ab 100644 --- a/cli/delete_test.go +++ b/cli/delete_test.go @@ -5,6 +5,7 @@ import ( "database/sql" "fmt" "io" + "net/http" "testing" "time" @@ -60,28 +61,35 @@ func TestDelete(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) owner := coderdtest.CreateFirstUser(t, client) - version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, nil) - coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) - template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) - workspace := coderdtest.CreateWorkspace(t, client, template.ID) - coderdtest.AwaitWorkspaceBuildJobCompleted(t, client, workspace.LatestBuild.ID) + templateAdmin, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID, rbac.RoleTemplateAdmin()) + version := coderdtest.CreateTemplateVersion(t, templateAdmin, owner.OrganizationID, nil) + coderdtest.AwaitTemplateVersionJobCompleted(t, templateAdmin, version.ID) + template := coderdtest.CreateTemplate(t, templateAdmin, owner.OrganizationID, version.ID) + workspace := coderdtest.CreateWorkspace(t, templateAdmin, template.ID) + coderdtest.AwaitWorkspaceBuildJobCompleted(t, templateAdmin, workspace.LatestBuild.ID) + + ctx := testutil.Context(t, testutil.WaitShort) inv, root := clitest.New(t, "delete", workspace.Name, "-y", "--orphan") + clitest.SetupConfig(t, templateAdmin, root) - //nolint:gocritic // Deleting orphaned workspaces requires an admin. - clitest.SetupConfig(t, client, root) doneChan := make(chan struct{}) pty := ptytest.New(t).Attach(inv) inv.Stderr = pty.Output() go func() { defer close(doneChan) - err := inv.Run() + err := inv.WithContext(ctx).Run() // When running with the race detector on, we sometimes get an EOF. if err != nil { assert.ErrorIs(t, err, io.EOF) } }() pty.ExpectMatch("has been deleted") - <-doneChan + testutil.TryReceive(ctx, t, doneChan) + + _, err := client.Workspace(ctx, workspace.ID) + require.Error(t, err) + cerr := coderdtest.SDKError(t, err) + require.Equal(t, http.StatusGone, cerr.StatusCode()) }) // Super orphaned, as the workspace doesn't even have a user. @@ -103,7 +111,6 @@ func TestDelete(t *testing.T) { // The API checks if the user has any workspaces, so we cannot delete a user // this way. ctx := testutil.Context(t, testutil.WaitShort) - // nolint:gocritic // Unit test err := api.Database.UpdateUserDeletedByID(dbauthz.AsSystemRestricted(ctx), deleteMeUser.ID) require.NoError(t, err) @@ -225,9 +232,6 @@ func TestDelete(t *testing.T) { t.Skip("this test requires postgres") } - clock := quartz.NewMock(t) - ctx := testutil.Context(t, testutil.WaitSuperLong) - // Setup db, pb := dbtestutil.NewDB(t, dbtestutil.WithDumpOnFailure()) client, _ := coderdtest.NewWithProvisionerCloser(t, &coderdtest.Options{ @@ -293,6 +297,9 @@ func TestDelete(t *testing.T) { t.Run(tc.name, func(t *testing.T) { t.Parallel() + clock := quartz.NewMock(t) + ctx := testutil.Context(t, testutil.WaitSuperLong) + // Create one prebuilt workspace (owned by system user) and one normal workspace (owned by a user) // Each workspace is persisted in the DB along with associated workspace jobs and builds. dbPrebuiltWorkspace := setupTestDBWorkspace(t, clock, db, pb, orgID, database.PrebuildsSystemUserID, template.ID, version.ID, preset.ID) diff --git a/cli/exp.go b/cli/exp.go index dafd85402663e..e20d1e28d5ffe 100644 --- a/cli/exp.go +++ b/cli/exp.go @@ -16,6 +16,7 @@ func (r *RootCmd) expCmd() *serpent.Command { r.mcpCommand(), r.promptExample(), r.rptyCommand(), + r.tasksCommand(), }, } return cmd diff --git a/cli/exp_mcp.go b/cli/exp_mcp.go index d487af5691bca..d5ea26739085b 100644 --- a/cli/exp_mcp.go +++ b/cli/exp_mcp.go @@ -127,6 +127,7 @@ func (r *RootCmd) mcpConfigureClaudeCode() *serpent.Command { appStatusSlug string testBinaryName string aiAgentAPIURL url.URL + claudeUseBedrock string deprecatedCoderMCPClaudeAPIKey string ) @@ -154,14 +155,15 @@ func (r *RootCmd) mcpConfigureClaudeCode() *serpent.Command { configureClaudeEnv[envAgentURL] = agentClient.SDK.URL.String() configureClaudeEnv[envAgentToken] = agentClient.SDK.SessionToken() } - if claudeAPIKey == "" { - if deprecatedCoderMCPClaudeAPIKey == "" { - cliui.Warnf(inv.Stderr, "CLAUDE_API_KEY is not set.") - } else { - cliui.Warnf(inv.Stderr, "CODER_MCP_CLAUDE_API_KEY is deprecated, use CLAUDE_API_KEY instead") - claudeAPIKey = deprecatedCoderMCPClaudeAPIKey - } + + if deprecatedCoderMCPClaudeAPIKey != "" { + cliui.Warnf(inv.Stderr, "CODER_MCP_CLAUDE_API_KEY is deprecated, use CLAUDE_API_KEY instead") + claudeAPIKey = deprecatedCoderMCPClaudeAPIKey + } + if claudeAPIKey == "" && claudeUseBedrock != "1" { + cliui.Warnf(inv.Stderr, "CLAUDE_API_KEY is not set.") } + if appStatusSlug != "" { configureClaudeEnv[envAppStatusSlug] = appStatusSlug } @@ -280,6 +282,14 @@ func (r *RootCmd) mcpConfigureClaudeCode() *serpent.Command { Value: serpent.StringOf(&testBinaryName), Hidden: true, }, + { + Name: "claude-code-use-bedrock", + Description: "Use Amazon Bedrock.", + Env: "CLAUDE_CODE_USE_BEDROCK", + Flag: "claude-code-use-bedrock", + Value: serpent.StringOf(&claudeUseBedrock), + Hidden: true, + }, }, } return cmd @@ -362,11 +372,19 @@ func (*RootCmd) mcpConfigureCursor() *serpent.Command { } type taskReport struct { - link string - messageID int64 + // link is optional. + link string + // messageID must be set if this update is from a *user* message. A user + // message only happens when interacting via the AI AgentAPI (as opposed to + // interacting with the terminal directly). + messageID *int64 + // selfReported must be set if the update is directly from the AI agent + // (as opposed to the screen watcher). selfReported bool - state codersdk.WorkspaceAppStatusState - summary string + // state must always be set. + state codersdk.WorkspaceAppStatusState + // summary is optional. + summary string } type mcpServer struct { @@ -388,31 +406,48 @@ func (r *RootCmd) mcpServer() *serpent.Command { return &serpent.Command{ Use: "server", Handler: func(inv *serpent.Invocation) error { - // lastUserMessageID is the ID of the last *user* message that we saw. A - // user message only happens when interacting via the AI AgentAPI (as - // opposed to interacting with the terminal directly). - var lastUserMessageID int64 var lastReport taskReport // Create a queue that skips duplicates and preserves summaries. queue := cliutil.NewQueue[taskReport](512).WithPredicate(func(report taskReport) (taskReport, bool) { - // Use "working" status if this is a new user message. If this is not a - // new user message, and the status is "working" and not self-reported - // (meaning it came from the screen watcher), then it means one of two - // things: - // 1. The AI agent is still working, so there is nothing to update. - // 2. The AI agent stopped working, then the user has interacted with - // the terminal directly. For now, we are ignoring these updates. - // This risks missing cases where the user manually submits a new - // prompt and the AI agent becomes active and does not update itself, - // but it avoids spamming useless status updates as the user is - // typing, so the tradeoff is worth it. In the future, if we can - // reliably distinguish between user and AI agent activity, we can - // change this. - if report.messageID > lastUserMessageID { - report.state = codersdk.WorkspaceAppStatusStateWorking - } else if report.state == codersdk.WorkspaceAppStatusStateWorking && !report.selfReported { + // Avoid queuing empty statuses (this would probably indicate a + // developer error) + if report.state == "" { + return report, false + } + // If this is a user message, discard if it is not new. + if report.messageID != nil && lastReport.messageID != nil && + *lastReport.messageID >= *report.messageID { return report, false } + // If this is not a user message, and the status is "working" and not + // self-reported (meaning it came from the screen watcher), then it + // means one of two things: + // + // 1. The AI agent is not working; the user is interacting with the + // terminal directly. + // 2. The AI agent is working. + // + // At the moment, we have no way to tell the difference between these + // two states. In the future, if we can reliably distinguish between + // user and AI agent activity, we can change this. + // + // If this is our first update, we assume it is the AI agent working and + // accept the update. + // + // Otherwise we discard the update. This risks missing cases where the + // user manually submits a new prompt and the AI agent becomes active + // (and does not update itself), but it avoids spamming useless status + // updates as the user is typing, so the tradeoff is worth it. + if report.messageID == nil && + report.state == codersdk.WorkspaceAppStatusStateWorking && + !report.selfReported && lastReport.state != "" { + return report, false + } + // Keep track of the last message ID so we can tell when a message is + // new or if it has been re-emitted. + if report.messageID == nil { + report.messageID = lastReport.messageID + } // Preserve previous message and URI if there was no message. if report.summary == "" { report.summary = lastReport.summary @@ -585,10 +620,10 @@ func (s *mcpServer) startWatcher(ctx context.Context, inv *serpent.Invocation) { case event := <-eventsCh: switch ev := event.(type) { case agentapi.EventStatusChange: - // If the screen is stable, assume complete. + // If the screen is stable, report idle. state := codersdk.WorkspaceAppStatusStateWorking if ev.Status == agentapi.StatusStable { - state = codersdk.WorkspaceAppStatusStateComplete + state = codersdk.WorkspaceAppStatusStateIdle } err := s.queue.Push(taskReport{ state: state, @@ -600,7 +635,8 @@ func (s *mcpServer) startWatcher(ctx context.Context, inv *serpent.Invocation) { case agentapi.EventMessageUpdate: if ev.Role == agentapi.RoleUser { err := s.queue.Push(taskReport{ - messageID: ev.Id, + messageID: &ev.Id, + state: codersdk.WorkspaceAppStatusStateWorking, }) if err != nil { cliui.Warnf(inv.Stderr, "Failed to queue update: %s", err) @@ -650,10 +686,18 @@ func (s *mcpServer) startServer(ctx context.Context, inv *serpent.Invocation, in // Add tool dependencies. toolOpts := []func(*toolsdk.Deps){ toolsdk.WithTaskReporter(func(args toolsdk.ReportTaskArgs) error { + // The agent does not reliably report its status correctly. If AgentAPI + // is enabled, we will always set the status to "working" when we get an + // MCP message, and rely on the screen watcher to eventually catch the + // idle state. + state := codersdk.WorkspaceAppStatusStateWorking + if s.aiAgentAPIClient == nil { + state = codersdk.WorkspaceAppStatusState(args.State) + } return s.queue.Push(taskReport{ link: args.Link, selfReported: true, - state: codersdk.WorkspaceAppStatusState(args.State), + state: state, summary: args.Summary, }) }), diff --git a/cli/exp_mcp_test.go b/cli/exp_mcp_test.go index 08d6fbc4e2ce6..0a50a41e99ccc 100644 --- a/cli/exp_mcp_test.go +++ b/cli/exp_mcp_test.go @@ -763,220 +763,351 @@ func TestExpMcpReporter(t *testing.T) { <-cmdDone }) - t.Run("OK", func(t *testing.T) { - t.Parallel() + makeStatusEvent := func(status agentapi.AgentStatus) *codersdk.ServerSentEvent { + return &codersdk.ServerSentEvent{ + Type: ServerSentEventTypeStatusChange, + Data: agentapi.EventStatusChange{ + Status: status, + }, + } + } - // Create a test deployment and workspace. - client, db := coderdtest.NewWithDatabase(t, nil) - user := coderdtest.CreateFirstUser(t, client) - client, user2 := coderdtest.CreateAnotherUser(t, client, user.OrganizationID) + makeMessageEvent := func(id int64, role agentapi.ConversationRole) *codersdk.ServerSentEvent { + return &codersdk.ServerSentEvent{ + Type: ServerSentEventTypeMessageUpdate, + Data: agentapi.EventMessageUpdate{ + Id: id, + Role: role, + }, + } + } + + type test struct { + // event simulates an event from the screen watcher. + event *codersdk.ServerSentEvent + // state, summary, and uri simulate a tool call from the AI agent. + state codersdk.WorkspaceAppStatusState + summary string + uri string + expected *codersdk.WorkspaceAppStatus + } - r := dbfake.WorkspaceBuild(t, db, database.WorkspaceTable{ - OrganizationID: user.OrganizationID, - OwnerID: user2.ID, - }).WithAgent(func(a []*proto.Agent) []*proto.Agent { - a[0].Apps = []*proto.App{ + runs := []struct { + name string + tests []test + disableAgentAPI bool + }{ + // In this run the AI agent starts with a state change but forgets to update + // that it finished. + { + name: "Active", + tests: []test{ + // First the AI agent updates with a state change. { - Slug: "vscode", + state: codersdk.WorkspaceAppStatusStateWorking, + summary: "doing work", + uri: "https://dev.coder.com", + expected: &codersdk.WorkspaceAppStatus{ + State: codersdk.WorkspaceAppStatusStateWorking, + Message: "doing work", + URI: "https://dev.coder.com", + }, }, - } - return a - }).Do() - - makeStatusEvent := func(status agentapi.AgentStatus) *codersdk.ServerSentEvent { - return &codersdk.ServerSentEvent{ - Type: ServerSentEventTypeStatusChange, - Data: agentapi.EventStatusChange{ - Status: status, + // Terminal goes quiet but the AI agent forgot the update, and it is + // caught by the screen watcher. Message and URI are preserved. + { + event: makeStatusEvent(agentapi.StatusStable), + expected: &codersdk.WorkspaceAppStatus{ + State: codersdk.WorkspaceAppStatusStateIdle, + Message: "doing work", + URI: "https://dev.coder.com", + }, }, - } - } - - makeMessageEvent := func(id int64, role agentapi.ConversationRole) *codersdk.ServerSentEvent { - return &codersdk.ServerSentEvent{ - Type: ServerSentEventTypeMessageUpdate, - Data: agentapi.EventMessageUpdate{ - Id: id, - Role: role, + // A stable update now from the watcher should be discarded, as it is a + // duplicate. + { + event: makeStatusEvent(agentapi.StatusStable), }, - } - } - - ctx, cancel := context.WithCancel(testutil.Context(t, testutil.WaitShort)) - - // Mock the AI AgentAPI server. - listening := make(chan func(sse codersdk.ServerSentEvent) error) - srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - send, closed, err := httpapi.ServerSentEventSender(w, r) - if err != nil { - httpapi.Write(ctx, w, http.StatusInternalServerError, codersdk.Response{ - Message: "Internal error setting up server-sent events.", - Detail: err.Error(), - }) - return - } - // Send initial message. - send(*makeMessageEvent(0, agentapi.RoleAgent)) - listening <- send - <-closed - })) - t.Cleanup(srv.Close) - aiAgentAPIURL := srv.URL - - // Watch the workspace for changes. - watcher, err := client.WatchWorkspace(ctx, r.Workspace.ID) - require.NoError(t, err) - var lastAppStatus codersdk.WorkspaceAppStatus - nextUpdate := func() codersdk.WorkspaceAppStatus { - for { - select { - case <-ctx.Done(): - require.FailNow(t, "timed out waiting for status update") - case w, ok := <-watcher: - require.True(t, ok, "watch channel closed") - if w.LatestAppStatus != nil && w.LatestAppStatus.ID != lastAppStatus.ID { - lastAppStatus = *w.LatestAppStatus - return lastAppStatus - } - } - } - } - - inv, _ := clitest.New(t, - "exp", "mcp", "server", - // We need the agent credentials, AI AgentAPI url, and a slug for reporting. - "--agent-url", client.URL.String(), - "--agent-token", r.AgentToken, - "--app-status-slug", "vscode", - "--ai-agentapi-url", aiAgentAPIURL, - "--allowed-tools=coder_report_task", - ) - inv = inv.WithContext(ctx) - - pty := ptytest.New(t) - inv.Stdin = pty.Input() - inv.Stdout = pty.Output() - stderr := ptytest.New(t) - inv.Stderr = stderr.Output() - - // Run the MCP server. - cmdDone := make(chan struct{}) - go func() { - defer close(cmdDone) - err := inv.Run() - assert.NoError(t, err) - }() - - // Initialize. - payload := `{"jsonrpc":"2.0","id":1,"method":"initialize"}` - pty.WriteLine(payload) - _ = pty.ReadLine(ctx) // ignore echo - _ = pty.ReadLine(ctx) // ignore init response - - sender := <-listening - - tests := []struct { - // event simulates an event from the screen watcher. - event *codersdk.ServerSentEvent - // state, summary, and uri simulate a tool call from the AI agent. - state codersdk.WorkspaceAppStatusState - summary string - uri string - expected *codersdk.WorkspaceAppStatus - }{ - // First the AI agent updates with a state change. - { - state: codersdk.WorkspaceAppStatusStateWorking, - summary: "doing work", - uri: "https://dev.coder.com", - expected: &codersdk.WorkspaceAppStatus{ - State: codersdk.WorkspaceAppStatusStateWorking, - Message: "doing work", - URI: "https://dev.coder.com", + // Terminal becomes active again according to the screen watcher, but no + // new user message. This could be the AI agent being active again, but + // it could also be the user messing around. We will prefer not updating + // the status so the "working" update here should be skipped. + // + // TODO: How do we test the no-op updates? This update is skipped + // because of the logic mentioned above, but how do we prove this update + // was skipped because of that and not that the next update was skipped + // because it is a duplicate state? We could mock the queue? + { + event: makeStatusEvent(agentapi.StatusRunning), }, - }, - // Terminal goes quiet but the AI agent forgot the update, and it is - // caught by the screen watcher. Message and URI are preserved. - { - event: makeStatusEvent(agentapi.StatusStable), - expected: &codersdk.WorkspaceAppStatus{ - State: codersdk.WorkspaceAppStatusStateComplete, - Message: "doing work", - URI: "https://dev.coder.com", + // Agent messages are ignored. + { + event: makeMessageEvent(0, agentapi.RoleAgent), }, - }, - // A completed update at this point from the watcher should be discarded. - { - event: makeStatusEvent(agentapi.StatusStable), - }, - // Terminal becomes active again according to the screen watcher, but no - // new user message. This could be the AI agent being active again, but - // it could also be the user messing around. We will prefer not updating - // the status so the "working" update here should be skipped. - { - event: makeStatusEvent(agentapi.StatusRunning), - }, - // Agent messages are ignored. - { - event: makeMessageEvent(1, agentapi.RoleAgent), - }, - // AI agent reports that it failed and URI is blank. - { - state: codersdk.WorkspaceAppStatusStateFailure, - summary: "oops", - expected: &codersdk.WorkspaceAppStatus{ - State: codersdk.WorkspaceAppStatusStateFailure, - Message: "oops", - URI: "", + // The watcher reports the screen is active again... + { + event: makeStatusEvent(agentapi.StatusRunning), + }, + // ... but this time we have a new user message so we know there is AI + // agent activity. This time the "working" update will not be skipped. + { + event: makeMessageEvent(1, agentapi.RoleUser), + expected: &codersdk.WorkspaceAppStatus{ + State: codersdk.WorkspaceAppStatusStateWorking, + Message: "doing work", + URI: "https://dev.coder.com", + }, + }, + // Watcher reports stable again. + { + event: makeStatusEvent(agentapi.StatusStable), + expected: &codersdk.WorkspaceAppStatus{ + State: codersdk.WorkspaceAppStatusStateIdle, + Message: "doing work", + URI: "https://dev.coder.com", + }, }, }, - // The watcher reports the screen is active again... - { - event: makeStatusEvent(agentapi.StatusRunning), + }, + // In this run the AI agent never sends any state changes. + { + name: "Inactive", + tests: []test{ + // The "working" status from the watcher should be accepted, even though + // there is no new user message, because it is the first update. + { + event: makeStatusEvent(agentapi.StatusRunning), + expected: &codersdk.WorkspaceAppStatus{ + State: codersdk.WorkspaceAppStatusStateWorking, + Message: "", + URI: "", + }, + }, + // Stable update should be accepted. + { + event: makeStatusEvent(agentapi.StatusStable), + expected: &codersdk.WorkspaceAppStatus{ + State: codersdk.WorkspaceAppStatusStateIdle, + Message: "", + URI: "", + }, + }, + // Zero ID should be accepted. + { + event: makeMessageEvent(0, agentapi.RoleUser), + expected: &codersdk.WorkspaceAppStatus{ + State: codersdk.WorkspaceAppStatusStateWorking, + Message: "", + URI: "", + }, + }, + // Stable again. + { + event: makeStatusEvent(agentapi.StatusStable), + expected: &codersdk.WorkspaceAppStatus{ + State: codersdk.WorkspaceAppStatusStateIdle, + Message: "", + URI: "", + }, + }, + // Next ID. + { + event: makeMessageEvent(1, agentapi.RoleUser), + expected: &codersdk.WorkspaceAppStatus{ + State: codersdk.WorkspaceAppStatusStateWorking, + Message: "", + URI: "", + }, + }, }, - // ... but this time we have a new user message so we know there is AI - // agent activity. This time the "working" update will not be skipped. - { - event: makeMessageEvent(2, agentapi.RoleUser), - expected: &codersdk.WorkspaceAppStatus{ - State: codersdk.WorkspaceAppStatusStateWorking, - Message: "oops", - URI: "", + }, + // We ignore the state from the agent and assume "working". + { + name: "IgnoreAgentState", + // AI agent reports that it is finished but the summary says it is doing + // work. + tests: []test{ + { + state: codersdk.WorkspaceAppStatusStateIdle, + summary: "doing work", + expected: &codersdk.WorkspaceAppStatus{ + State: codersdk.WorkspaceAppStatusStateWorking, + Message: "doing work", + }, + }, + // AI agent reports finished again, with a matching summary. We still + // assume it is working. + { + state: codersdk.WorkspaceAppStatusStateIdle, + summary: "finished", + expected: &codersdk.WorkspaceAppStatus{ + State: codersdk.WorkspaceAppStatusStateWorking, + Message: "finished", + }, + }, + // Once the watcher reports stable, then we record idle. + { + event: makeStatusEvent(agentapi.StatusStable), + expected: &codersdk.WorkspaceAppStatus{ + State: codersdk.WorkspaceAppStatusStateIdle, + Message: "finished", + }, }, }, - // Watcher reports stable again. - { - event: makeStatusEvent(agentapi.StatusStable), - expected: &codersdk.WorkspaceAppStatus{ - State: codersdk.WorkspaceAppStatusStateComplete, - Message: "oops", - URI: "", + }, + // When AgentAPI is not being used, we accept agent state updates as-is. + { + name: "KeepAgentState", + tests: []test{ + { + state: codersdk.WorkspaceAppStatusStateWorking, + summary: "doing work", + expected: &codersdk.WorkspaceAppStatus{ + State: codersdk.WorkspaceAppStatusStateWorking, + Message: "doing work", + }, + }, + { + state: codersdk.WorkspaceAppStatusStateIdle, + summary: "finished", + expected: &codersdk.WorkspaceAppStatus{ + State: codersdk.WorkspaceAppStatusStateIdle, + Message: "finished", + }, }, }, - } - for _, test := range tests { - if test.event != nil { - err := sender(*test.event) - require.NoError(t, err) - } else { - // Call the tool and ensure it works. - payload := fmt.Sprintf(`{"jsonrpc":"2.0","id":3,"method":"tools/call", "params": {"name": "coder_report_task", "arguments": {"state": %q, "summary": %q, "link": %q}}}`, test.state, test.summary, test.uri) - pty.WriteLine(payload) - _ = pty.ReadLine(ctx) // ignore echo - output := pty.ReadLine(ctx) - require.NotEmpty(t, output, "did not receive a response from coder_report_task") - // Ensure it is valid JSON. - _, err = json.Marshal(output) - require.NoError(t, err, "did not receive valid JSON from coder_report_task") + disableAgentAPI: true, + }, + } + + for _, run := range runs { + run := run + t.Run(run.name, func(t *testing.T) { + t.Parallel() + + ctx, cancel := context.WithCancel(testutil.Context(t, testutil.WaitShort)) + + // Create a test deployment and workspace. + client, db := coderdtest.NewWithDatabase(t, nil) + user := coderdtest.CreateFirstUser(t, client) + client, user2 := coderdtest.CreateAnotherUser(t, client, user.OrganizationID) + + r := dbfake.WorkspaceBuild(t, db, database.WorkspaceTable{ + OrganizationID: user.OrganizationID, + OwnerID: user2.ID, + }).WithAgent(func(a []*proto.Agent) []*proto.Agent { + a[0].Apps = []*proto.App{ + { + Slug: "vscode", + }, + } + return a + }).Do() + + // Watch the workspace for changes. + watcher, err := client.WatchWorkspace(ctx, r.Workspace.ID) + require.NoError(t, err) + var lastAppStatus codersdk.WorkspaceAppStatus + nextUpdate := func() codersdk.WorkspaceAppStatus { + for { + select { + case <-ctx.Done(): + require.FailNow(t, "timed out waiting for status update") + case w, ok := <-watcher: + require.True(t, ok, "watch channel closed") + if w.LatestAppStatus != nil && w.LatestAppStatus.ID != lastAppStatus.ID { + t.Logf("Got status update: %s > %s", lastAppStatus.State, w.LatestAppStatus.State) + lastAppStatus = *w.LatestAppStatus + return lastAppStatus + } + } + } } - if test.expected != nil { - got := nextUpdate() - require.Equal(t, got.State, test.expected.State) - require.Equal(t, got.Message, test.expected.Message) - require.Equal(t, got.URI, test.expected.URI) + + args := []string{ + "exp", "mcp", "server", + // We need the agent credentials, AI AgentAPI url (if not + // disabled), and a slug for reporting. + "--agent-url", client.URL.String(), + "--agent-token", r.AgentToken, + "--app-status-slug", "vscode", + "--allowed-tools=coder_report_task", } - } - cancel() - <-cmdDone - }) + + // Mock the AI AgentAPI server. + listening := make(chan func(sse codersdk.ServerSentEvent) error) + if !run.disableAgentAPI { + srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + send, closed, err := httpapi.ServerSentEventSender(w, r) + if err != nil { + httpapi.Write(ctx, w, http.StatusInternalServerError, codersdk.Response{ + Message: "Internal error setting up server-sent events.", + Detail: err.Error(), + }) + return + } + // Send initial message. + send(*makeMessageEvent(0, agentapi.RoleAgent)) + listening <- send + <-closed + })) + t.Cleanup(srv.Close) + aiAgentAPIURL := srv.URL + args = append(args, "--ai-agentapi-url", aiAgentAPIURL) + } + + inv, _ := clitest.New(t, args...) + inv = inv.WithContext(ctx) + + pty := ptytest.New(t) + inv.Stdin = pty.Input() + inv.Stdout = pty.Output() + stderr := ptytest.New(t) + inv.Stderr = stderr.Output() + + // Run the MCP server. + cmdDone := make(chan struct{}) + go func() { + defer close(cmdDone) + err := inv.Run() + assert.NoError(t, err) + }() + + // Initialize. + payload := `{"jsonrpc":"2.0","id":1,"method":"initialize"}` + pty.WriteLine(payload) + _ = pty.ReadLine(ctx) // ignore echo + _ = pty.ReadLine(ctx) // ignore init response + + var sender func(sse codersdk.ServerSentEvent) error + if !run.disableAgentAPI { + sender = <-listening + } + + for _, test := range run.tests { + if test.event != nil { + err := sender(*test.event) + require.NoError(t, err) + } else { + // Call the tool and ensure it works. + payload := fmt.Sprintf(`{"jsonrpc":"2.0","id":3,"method":"tools/call", "params": {"name": "coder_report_task", "arguments": {"state": %q, "summary": %q, "link": %q}}}`, test.state, test.summary, test.uri) + pty.WriteLine(payload) + _ = pty.ReadLine(ctx) // ignore echo + output := pty.ReadLine(ctx) + require.NotEmpty(t, output, "did not receive a response from coder_report_task") + // Ensure it is valid JSON. + _, err = json.Marshal(output) + require.NoError(t, err, "did not receive valid JSON from coder_report_task") + } + if test.expected != nil { + got := nextUpdate() + require.Equal(t, got.State, test.expected.State) + require.Equal(t, got.Message, test.expected.Message) + require.Equal(t, got.URI, test.expected.URI) + } + } + cancel() + <-cmdDone + }) + } } diff --git a/cli/exp_prompts.go b/cli/exp_prompts.go index 225685a0c375a..ef51a1ce04398 100644 --- a/cli/exp_prompts.go +++ b/cli/exp_prompts.go @@ -174,6 +174,20 @@ func (RootCmd) promptExample() *serpent.Command { _, _ = fmt.Fprintf(inv.Stdout, "%q are nice choices.\n", strings.Join(multiSelectValues, ", ")) return multiSelectError }, useThingsOption, enableCustomInputOption), + promptCmd("rich-multi-select", func(inv *serpent.Invocation) error { + if len(multiSelectValues) == 0 { + multiSelectValues, multiSelectError = cliui.MultiSelect(inv, cliui.MultiSelectOptions{ + Message: "Select some things:", + Options: []string{ + "Apples", "Plums", "Grapes", "Oranges", "Bananas", + }, + Defaults: []string{"Grapes", "Plums"}, + EnableCustomInput: enableCustomInput, + }) + } + _, _ = fmt.Fprintf(inv.Stdout, "%q are nice choices.\n", strings.Join(multiSelectValues, ", ")) + return multiSelectError + }, useThingsOption, enableCustomInputOption), promptCmd("rich-parameter", func(inv *serpent.Invocation) error { value, err := cliui.RichSelect(inv, cliui.RichSelectOptions{ Options: []codersdk.TemplateVersionParameterOption{ diff --git a/cli/exp_rpty.go b/cli/exp_rpty.go index 48074c7ef5fb9..196328b64732c 100644 --- a/cli/exp_rpty.go +++ b/cli/exp_rpty.go @@ -97,7 +97,7 @@ func handleRPTY(inv *serpent.Invocation, client *codersdk.Client, args handleRPT reconnectID = uuid.New() } - ws, agt, err := getWorkspaceAndAgent(ctx, inv, client, true, args.NamedWorkspace) + ws, agt, _, err := GetWorkspaceAndAgent(ctx, inv, client, true, args.NamedWorkspace) if err != nil { return err } diff --git a/cli/exp_rpty_test.go b/cli/exp_rpty_test.go index 923bf09bb0e15..c7a0c47d18908 100644 --- a/cli/exp_rpty_test.go +++ b/cli/exp_rpty_test.go @@ -87,6 +87,8 @@ func TestExpRpty(t *testing.T) { t.Skip("Skipping test on non-Linux platform") } + wantLabel := "coder.devcontainers.TestExpRpty.Container" + client, workspace, agentToken := setupWorkspaceForAgent(t) ctx := testutil.Context(t, testutil.WaitLong) pool, err := dockertest.NewPool("") @@ -94,7 +96,10 @@ func TestExpRpty(t *testing.T) { ct, err := pool.RunWithOptions(&dockertest.RunOptions{ Repository: "busybox", Tag: "latest", - Cmd: []string{"sleep", "infnity"}, + Cmd: []string{"sleep", "infinity"}, + Labels: map[string]string{ + wantLabel: "true", + }, }, func(config *docker.HostConfig) { config.AutoRemove = true config.RestartPolicy = docker.RestartPolicy{Name: "no"} @@ -111,9 +116,10 @@ func TestExpRpty(t *testing.T) { }) _ = agenttest.New(t, client.URL, agentToken, func(o *agent.Options) { - o.ExperimentalDevcontainersEnabled = true - o.ContainerAPIOptions = append(o.ContainerAPIOptions, - agentcontainers.WithContainerLabelIncludeFilter("this.label.does.not.exist.ignore.devcontainers", "true"), + o.Devcontainers = true + o.DevcontainerAPIOptions = append(o.DevcontainerAPIOptions, + agentcontainers.WithProjectDiscovery(false), + agentcontainers.WithContainerLabelIncludeFilter(wantLabel, "true"), ) }) _ = coderdtest.NewWorkspaceAgentWaiter(t, client, workspace.ID).Wait() diff --git a/cli/exp_scaletest.go b/cli/exp_scaletest.go index a844a7e8c6258..4580ff3e1bc8a 100644 --- a/cli/exp_scaletest.go +++ b/cli/exp_scaletest.go @@ -864,6 +864,7 @@ func (r *RootCmd) scaletestWorkspaceTraffic() *serpent.Command { tickInterval time.Duration bytesPerTick int64 ssh bool + disableDirect bool useHostLogin bool app string template string @@ -1023,15 +1024,16 @@ func (r *RootCmd) scaletestWorkspaceTraffic() *serpent.Command { // Setup our workspace agent connection. config := workspacetraffic.Config{ - AgentID: agent.ID, - BytesPerTick: bytesPerTick, - Duration: strategy.timeout, - TickInterval: tickInterval, - ReadMetrics: metrics.ReadMetrics(ws.OwnerName, ws.Name, agent.Name), - WriteMetrics: metrics.WriteMetrics(ws.OwnerName, ws.Name, agent.Name), - SSH: ssh, - Echo: ssh, - App: appConfig, + AgentID: agent.ID, + BytesPerTick: bytesPerTick, + Duration: strategy.timeout, + TickInterval: tickInterval, + ReadMetrics: metrics.ReadMetrics(ws.OwnerName, ws.Name, agent.Name), + WriteMetrics: metrics.WriteMetrics(ws.OwnerName, ws.Name, agent.Name), + SSH: ssh, + DisableDirect: disableDirect, + Echo: ssh, + App: appConfig, } if webClient != nil { @@ -1117,6 +1119,13 @@ func (r *RootCmd) scaletestWorkspaceTraffic() *serpent.Command { Description: "Send traffic over SSH, cannot be used with --app.", Value: serpent.BoolOf(&ssh), }, + { + Flag: "disable-direct", + Env: "CODER_SCALETEST_WORKSPACE_TRAFFIC_DISABLE_DIRECT_CONNECTIONS", + Default: "false", + Description: "Disable direct connections for SSH traffic to workspaces. Does nothing if `--ssh` is not also set.", + Value: serpent.BoolOf(&disableDirect), + }, { Flag: "app", Env: "CODER_SCALETEST_WORKSPACE_TRAFFIC_APP", diff --git a/cli/exp_task.go b/cli/exp_task.go new file mode 100644 index 0000000000000..005138050b2eb --- /dev/null +++ b/cli/exp_task.go @@ -0,0 +1,22 @@ +package cli + +import ( + "github.com/coder/serpent" +) + +func (r *RootCmd) tasksCommand() *serpent.Command { + cmd := &serpent.Command{ + Use: "task", + Aliases: []string{"tasks"}, + Short: "Experimental task commands.", + Handler: func(i *serpent.Invocation) error { + return i.Command.HelpHandler(i) + }, + Children: []*serpent.Command{ + r.taskList(), + r.taskCreate(), + r.taskStatus(), + }, + } + return cmd +} diff --git a/cli/exp_task_status.go b/cli/exp_task_status.go new file mode 100644 index 0000000000000..7b4b75c1a8ef9 --- /dev/null +++ b/cli/exp_task_status.go @@ -0,0 +1,171 @@ +package cli + +import ( + "fmt" + "strings" + "time" + + "github.com/google/uuid" + "golang.org/x/xerrors" + + "github.com/coder/coder/v2/cli/cliui" + "github.com/coder/coder/v2/codersdk" + "github.com/coder/serpent" +) + +func (r *RootCmd) taskStatus() *serpent.Command { + var ( + client = new(codersdk.Client) + formatter = cliui.NewOutputFormatter( + cliui.TableFormat( + []taskStatusRow{}, + []string{ + "state changed", + "status", + "state", + "message", + }, + ), + cliui.ChangeFormatterData( + cliui.JSONFormat(), + func(data any) (any, error) { + rows, ok := data.([]taskStatusRow) + if !ok { + return nil, xerrors.Errorf("expected []taskStatusRow, got %T", data) + } + if len(rows) != 1 { + return nil, xerrors.Errorf("expected exactly 1 row, got %d", len(rows)) + } + return rows[0], nil + }, + ), + ) + watchArg bool + watchIntervalArg time.Duration + ) + cmd := &serpent.Command{ + Short: "Show the status of a task.", + Use: "status", + Aliases: []string{"stat"}, + Options: serpent.OptionSet{ + { + Default: "false", + Description: "Watch the task status output. This will stream updates to the terminal until the underlying workspace is stopped.", + Flag: "watch", + Name: "watch", + Value: serpent.BoolOf(&watchArg), + }, + { + Default: "1s", + Description: "Interval to poll the task for updates. Only used in tests.", + Hidden: true, + Flag: "watch-interval", + Name: "watch-interval", + Value: serpent.DurationOf(&watchIntervalArg), + }, + }, + Middleware: serpent.Chain( + serpent.RequireNArgs(1), + r.InitClient(client), + ), + Handler: func(i *serpent.Invocation) error { + ctx := i.Context() + ec := codersdk.NewExperimentalClient(client) + identifier := i.Args[0] + + taskID, err := uuid.Parse(identifier) + if err != nil { + // Try to resolve the task as a named workspace + // TODO: right now tasks are still "workspaces" under the hood. + // We should update this once we have a proper task model. + ws, err := namedWorkspace(ctx, client, identifier) + if err != nil { + return err + } + taskID = ws.ID + } + task, err := ec.TaskByID(ctx, taskID) + if err != nil { + return err + } + + out, err := formatter.Format(ctx, toStatusRow(task)) + if err != nil { + return xerrors.Errorf("format task status: %w", err) + } + _, _ = fmt.Fprintln(i.Stdout, out) + + if !watchArg { + return nil + } + + lastStatus := task.Status + lastState := task.CurrentState + t := time.NewTicker(watchIntervalArg) + defer t.Stop() + // TODO: implement streaming updates instead of polling + for range t.C { + task, err := ec.TaskByID(ctx, taskID) + if err != nil { + return err + } + if lastStatus == task.Status && taskStatusEqual(lastState, task.CurrentState) { + continue + } + out, err := formatter.Format(ctx, toStatusRow(task)) + if err != nil { + return xerrors.Errorf("format task status: %w", err) + } + // hack: skip the extra column header from formatter + if formatter.FormatID() != cliui.JSONFormat().ID() { + out = strings.SplitN(out, "\n", 2)[1] + } + _, _ = fmt.Fprintln(i.Stdout, out) + + if task.Status == codersdk.WorkspaceStatusStopped { + return nil + } + lastStatus = task.Status + lastState = task.CurrentState + } + return nil + }, + } + formatter.AttachOptions(&cmd.Options) + return cmd +} + +func taskStatusEqual(s1, s2 *codersdk.TaskStateEntry) bool { + if s1 == nil && s2 == nil { + return true + } + if s1 == nil || s2 == nil { + return false + } + return s1.State == s2.State +} + +type taskStatusRow struct { + codersdk.Task `table:"-"` + ChangedAgo string `json:"-" table:"state changed,default_sort"` + Timestamp time.Time `json:"-" table:"-"` + TaskStatus string `json:"-" table:"status"` + TaskState string `json:"-" table:"state"` + Message string `json:"-" table:"message"` +} + +func toStatusRow(task codersdk.Task) []taskStatusRow { + tsr := taskStatusRow{ + Task: task, + ChangedAgo: time.Since(task.UpdatedAt).Truncate(time.Second).String() + " ago", + Timestamp: task.UpdatedAt, + TaskStatus: string(task.Status), + } + if task.CurrentState != nil { + tsr.ChangedAgo = time.Since(task.CurrentState.Timestamp).Truncate(time.Second).String() + " ago" + tsr.Timestamp = task.CurrentState.Timestamp + tsr.TaskState = string(task.CurrentState.State) + tsr.Message = task.CurrentState.Message + } + return []taskStatusRow{tsr} +} diff --git a/cli/exp_task_status_test.go b/cli/exp_task_status_test.go new file mode 100644 index 0000000000000..b520d2728804e --- /dev/null +++ b/cli/exp_task_status_test.go @@ -0,0 +1,276 @@ +package cli_test + +import ( + "context" + "net/http" + "net/http/httptest" + "strings" + "sync/atomic" + "testing" + "time" + + "github.com/google/go-cmp/cmp" + "github.com/google/uuid" + "github.com/stretchr/testify/assert" + "golang.org/x/xerrors" + + "github.com/coder/coder/v2/cli/clitest" + "github.com/coder/coder/v2/coderd/httpapi" + "github.com/coder/coder/v2/codersdk" + "github.com/coder/coder/v2/testutil" +) + +func Test_TaskStatus(t *testing.T) { + t.Parallel() + + for _, tc := range []struct { + args []string + expectOutput string + expectError string + hf func(context.Context, time.Time) func(http.ResponseWriter, *http.Request) + }{ + { + args: []string{"doesnotexist"}, + expectError: httpapi.ResourceNotFoundResponse.Message, + hf: func(ctx context.Context, _ time.Time) func(w http.ResponseWriter, r *http.Request) { + return func(w http.ResponseWriter, r *http.Request) { + switch r.URL.Path { + case "/api/v2/users/me/workspace/doesnotexist": + httpapi.ResourceNotFound(w) + default: + t.Errorf("unexpected path: %s", r.URL.Path) + } + } + }, + }, + { + args: []string{"err-fetching-workspace"}, + expectError: assert.AnError.Error(), + hf: func(ctx context.Context, _ time.Time) func(w http.ResponseWriter, r *http.Request) { + return func(w http.ResponseWriter, r *http.Request) { + switch r.URL.Path { + case "/api/v2/users/me/workspace/err-fetching-workspace": + httpapi.Write(ctx, w, http.StatusOK, codersdk.Workspace{ + ID: uuid.MustParse("11111111-1111-1111-1111-111111111111"), + }) + case "/api/experimental/tasks/me/11111111-1111-1111-1111-111111111111": + httpapi.InternalServerError(w, assert.AnError) + default: + t.Errorf("unexpected path: %s", r.URL.Path) + } + } + }, + }, + { + args: []string{"exists"}, + expectOutput: `STATE CHANGED STATUS STATE MESSAGE +0s ago running working Thinking furiously...`, + hf: func(ctx context.Context, now time.Time) func(w http.ResponseWriter, r *http.Request) { + return func(w http.ResponseWriter, r *http.Request) { + switch r.URL.Path { + case "/api/v2/users/me/workspace/exists": + httpapi.Write(ctx, w, http.StatusOK, codersdk.Workspace{ + ID: uuid.MustParse("11111111-1111-1111-1111-111111111111"), + }) + case "/api/experimental/tasks/me/11111111-1111-1111-1111-111111111111": + httpapi.Write(ctx, w, http.StatusOK, codersdk.Task{ + ID: uuid.MustParse("11111111-1111-1111-1111-111111111111"), + Status: codersdk.WorkspaceStatusRunning, + CreatedAt: now, + UpdatedAt: now, + CurrentState: &codersdk.TaskStateEntry{ + State: codersdk.TaskStateWorking, + Timestamp: now, + Message: "Thinking furiously...", + }, + }) + default: + t.Errorf("unexpected path: %s", r.URL.Path) + } + } + }, + }, + { + args: []string{"exists", "--watch"}, + expectOutput: ` +STATE CHANGED STATUS STATE MESSAGE +4s ago running +3s ago running working Reticulating splines... +2s ago running completed Splines reticulated successfully! +2s ago stopping completed Splines reticulated successfully! +2s ago stopped completed Splines reticulated successfully!`, + hf: func(ctx context.Context, now time.Time) func(http.ResponseWriter, *http.Request) { + var calls atomic.Int64 + return func(w http.ResponseWriter, r *http.Request) { + defer calls.Add(1) + switch r.URL.Path { + case "/api/v2/users/me/workspace/exists": + httpapi.Write(ctx, w, http.StatusOK, codersdk.Workspace{ + ID: uuid.MustParse("11111111-1111-1111-1111-111111111111"), + }) + case "/api/experimental/tasks/me/11111111-1111-1111-1111-111111111111": + switch calls.Load() { + case 0: + httpapi.Write(ctx, w, http.StatusOK, codersdk.Task{ + ID: uuid.MustParse("11111111-1111-1111-1111-111111111111"), + Status: codersdk.WorkspaceStatusPending, + CreatedAt: now.Add(-5 * time.Second), + UpdatedAt: now.Add(-5 * time.Second), + }) + case 1: + httpapi.Write(ctx, w, http.StatusOK, codersdk.Task{ + ID: uuid.MustParse("11111111-1111-1111-1111-111111111111"), + Status: codersdk.WorkspaceStatusRunning, + CreatedAt: now.Add(-5 * time.Second), + UpdatedAt: now.Add(-4 * time.Second), + }) + case 2: + httpapi.Write(ctx, w, http.StatusOK, codersdk.Task{ + ID: uuid.MustParse("11111111-1111-1111-1111-111111111111"), + Status: codersdk.WorkspaceStatusRunning, + CreatedAt: now.Add(-5 * time.Second), + UpdatedAt: now.Add(-4 * time.Second), + CurrentState: &codersdk.TaskStateEntry{ + State: codersdk.TaskStateWorking, + Timestamp: now.Add(-3 * time.Second), + Message: "Reticulating splines...", + }, + }) + case 3: + httpapi.Write(ctx, w, http.StatusOK, codersdk.Task{ + ID: uuid.MustParse("11111111-1111-1111-1111-111111111111"), + Status: codersdk.WorkspaceStatusRunning, + CreatedAt: now.Add(-5 * time.Second), + UpdatedAt: now.Add(-4 * time.Second), + CurrentState: &codersdk.TaskStateEntry{ + State: codersdk.TaskStateCompleted, + Timestamp: now.Add(-2 * time.Second), + Message: "Splines reticulated successfully!", + }, + }) + case 4: + httpapi.Write(ctx, w, http.StatusOK, codersdk.Task{ + ID: uuid.MustParse("11111111-1111-1111-1111-111111111111"), + Status: codersdk.WorkspaceStatusStopping, + CreatedAt: now.Add(-5 * time.Second), + UpdatedAt: now.Add(-1 * time.Second), + CurrentState: &codersdk.TaskStateEntry{ + State: codersdk.TaskStateCompleted, + Timestamp: now.Add(-2 * time.Second), + Message: "Splines reticulated successfully!", + }, + }) + case 5: + httpapi.Write(ctx, w, http.StatusOK, codersdk.Task{ + ID: uuid.MustParse("11111111-1111-1111-1111-111111111111"), + Status: codersdk.WorkspaceStatusStopped, + CreatedAt: now.Add(-5 * time.Second), + UpdatedAt: now, + CurrentState: &codersdk.TaskStateEntry{ + State: codersdk.TaskStateCompleted, + Timestamp: now.Add(-2 * time.Second), + Message: "Splines reticulated successfully!", + }, + }) + default: + httpapi.InternalServerError(w, xerrors.New("too many calls!")) + return + } + default: + httpapi.InternalServerError(w, xerrors.Errorf("unexpected path: %q", r.URL.Path)) + } + } + }, + }, + { + args: []string{"exists", "--output", "json"}, + expectOutput: `{ + "id": "11111111-1111-1111-1111-111111111111", + "organization_id": "00000000-0000-0000-0000-000000000000", + "owner_id": "00000000-0000-0000-0000-000000000000", + "owner_name": "", + "name": "", + "template_id": "00000000-0000-0000-0000-000000000000", + "template_name": "", + "template_display_name": "", + "template_icon": "", + "workspace_id": null, + "workspace_agent_id": null, + "workspace_agent_lifecycle": null, + "workspace_agent_health": null, + "initial_prompt": "", + "status": "running", + "current_state": { + "timestamp": "2025-08-26T12:34:57Z", + "state": "working", + "message": "Thinking furiously...", + "uri": "" + }, + "created_at": "2025-08-26T12:34:56Z", + "updated_at": "2025-08-26T12:34:56Z" +}`, + hf: func(ctx context.Context, _ time.Time) func(w http.ResponseWriter, r *http.Request) { + ts := time.Date(2025, 8, 26, 12, 34, 56, 0, time.UTC) + return func(w http.ResponseWriter, r *http.Request) { + switch r.URL.Path { + case "/api/v2/users/me/workspace/exists": + httpapi.Write(ctx, w, http.StatusOK, codersdk.Workspace{ + ID: uuid.MustParse("11111111-1111-1111-1111-111111111111"), + }) + case "/api/experimental/tasks/me/11111111-1111-1111-1111-111111111111": + httpapi.Write(ctx, w, http.StatusOK, codersdk.Task{ + ID: uuid.MustParse("11111111-1111-1111-1111-111111111111"), + Status: codersdk.WorkspaceStatusRunning, + CreatedAt: ts, + UpdatedAt: ts, + CurrentState: &codersdk.TaskStateEntry{ + State: codersdk.TaskStateWorking, + Timestamp: ts.Add(time.Second), + Message: "Thinking furiously...", + }, + }) + default: + t.Errorf("unexpected path: %s", r.URL.Path) + } + } + }, + }, + } { + t.Run(strings.Join(tc.args, ","), func(t *testing.T) { + t.Parallel() + + var ( + ctx = testutil.Context(t, testutil.WaitShort) + now = time.Now().UTC() // TODO: replace with quartz + srv = httptest.NewServer(http.HandlerFunc(tc.hf(ctx, now))) + client = codersdk.New(testutil.MustURL(t, srv.URL)) + sb = strings.Builder{} + args = []string{"exp", "task", "status", "--watch-interval", testutil.IntervalFast.String()} + ) + + t.Cleanup(srv.Close) + args = append(args, tc.args...) + inv, root := clitest.New(t, args...) + inv.Stdout = &sb + inv.Stderr = &sb + clitest.SetupConfig(t, client, root) + err := inv.WithContext(ctx).Run() + if tc.expectError == "" { + assert.NoError(t, err) + } else { + assert.ErrorContains(t, err, tc.expectError) + } + if diff := tableDiff(tc.expectOutput, sb.String()); diff != "" { + t.Errorf("unexpected output diff (-want +got):\n%s", diff) + } + }) + } +} + +func tableDiff(want, got string) string { + var gotTrimmed strings.Builder + for _, line := range strings.Split(got, "\n") { + _, _ = gotTrimmed.WriteString(strings.TrimRight(line, " ") + "\n") + } + return cmp.Diff(strings.TrimSpace(want), strings.TrimSpace(gotTrimmed.String())) +} diff --git a/cli/exp_taskcreate.go b/cli/exp_taskcreate.go new file mode 100644 index 0000000000000..24f0955ea8d78 --- /dev/null +++ b/cli/exp_taskcreate.go @@ -0,0 +1,128 @@ +package cli + +import ( + "fmt" + "strings" + + "github.com/google/uuid" + "golang.org/x/xerrors" + + "github.com/coder/coder/v2/cli/cliui" + "github.com/coder/coder/v2/codersdk" + "github.com/coder/serpent" +) + +func (r *RootCmd) taskCreate() *serpent.Command { + var ( + orgContext = NewOrganizationContext() + client = new(codersdk.Client) + + templateName string + templateVersionName string + presetName string + taskInput string + ) + + cmd := &serpent.Command{ + Use: "create [template]", + Short: "Create an experimental task", + Middleware: serpent.Chain( + serpent.RequireRangeArgs(0, 1), + r.InitClient(client), + ), + Options: serpent.OptionSet{ + { + Flag: "input", + Env: "CODER_TASK_INPUT", + Value: serpent.StringOf(&taskInput), + Required: true, + }, + { + Env: "CODER_TASK_TEMPLATE_NAME", + Value: serpent.StringOf(&templateName), + }, + { + Env: "CODER_TASK_TEMPLATE_VERSION", + Value: serpent.StringOf(&templateVersionName), + }, + { + Flag: "preset", + Env: "CODER_TASK_PRESET_NAME", + Value: serpent.StringOf(&presetName), + Default: PresetNone, + }, + }, + Handler: func(inv *serpent.Invocation) error { + var ( + ctx = inv.Context() + expClient = codersdk.NewExperimentalClient(client) + + templateVersionID uuid.UUID + templateVersionPresetID uuid.UUID + ) + + organization, err := orgContext.Selected(inv, client) + if err != nil { + return xerrors.Errorf("get current organization: %w", err) + } + + if len(inv.Args) > 0 { + templateName, templateVersionName, _ = strings.Cut(inv.Args[0], "@") + } + + if templateName == "" { + return xerrors.Errorf("template name not provided") + } + + if templateVersionName != "" { + templateVersion, err := client.TemplateVersionByOrganizationAndName(ctx, organization.ID, templateName, templateVersionName) + if err != nil { + return xerrors.Errorf("get template version: %w", err) + } + + templateVersionID = templateVersion.ID + } else { + template, err := client.TemplateByName(ctx, organization.ID, templateName) + if err != nil { + return xerrors.Errorf("get template: %w", err) + } + + templateVersionID = template.ActiveVersionID + } + + if presetName != PresetNone { + templatePresets, err := client.TemplateVersionPresets(ctx, templateVersionID) + if err != nil { + return xerrors.Errorf("get template presets: %w", err) + } + + preset, err := resolvePreset(templatePresets, presetName) + if err != nil { + return xerrors.Errorf("resolve preset: %w", err) + } + + templateVersionPresetID = preset.ID + } + + task, err := expClient.CreateTask(ctx, codersdk.Me, codersdk.CreateTaskRequest{ + TemplateVersionID: templateVersionID, + TemplateVersionPresetID: templateVersionPresetID, + Prompt: taskInput, + }) + if err != nil { + return xerrors.Errorf("create task: %w", err) + } + + _, _ = fmt.Fprintf( + inv.Stdout, + "The task %s has been created at %s!\n", + cliui.Keyword(task.Name), + cliui.Timestamp(task.CreatedAt), + ) + + return nil + }, + } + orgContext.AttachOptions(cmd) + return cmd +} diff --git a/cli/exp_taskcreate_test.go b/cli/exp_taskcreate_test.go new file mode 100644 index 0000000000000..f49c2fee1194a --- /dev/null +++ b/cli/exp_taskcreate_test.go @@ -0,0 +1,261 @@ +package cli_test + +import ( + "context" + "fmt" + "net/http" + "net/http/httptest" + "strings" + "testing" + "time" + + "github.com/google/uuid" + "github.com/stretchr/testify/assert" + + "github.com/coder/coder/v2/cli/clitest" + "github.com/coder/coder/v2/cli/cliui" + "github.com/coder/coder/v2/coderd/httpapi" + "github.com/coder/coder/v2/codersdk" + "github.com/coder/coder/v2/testutil" + "github.com/coder/serpent" +) + +func TestTaskCreate(t *testing.T) { + t.Parallel() + + var ( + taskCreatedAt = time.Now() + + organizationID = uuid.New() + anotherOrganizationID = uuid.New() + templateID = uuid.New() + templateVersionID = uuid.New() + templateVersionPresetID = uuid.New() + ) + + templateAndVersionFoundHandler := func(t *testing.T, ctx context.Context, orgID uuid.UUID, templateName, templateVersionName, presetName, prompt string) http.HandlerFunc { + t.Helper() + + return func(w http.ResponseWriter, r *http.Request) { + switch r.URL.Path { + case "/api/v2/users/me/organizations": + httpapi.Write(ctx, w, http.StatusOK, []codersdk.Organization{ + {MinimalOrganization: codersdk.MinimalOrganization{ + ID: orgID, + }}, + }) + case fmt.Sprintf("/api/v2/organizations/%s/templates/my-template/versions/my-template-version", orgID): + httpapi.Write(ctx, w, http.StatusOK, codersdk.TemplateVersion{ + ID: templateVersionID, + }) + case fmt.Sprintf("/api/v2/organizations/%s/templates/my-template", orgID): + httpapi.Write(ctx, w, http.StatusOK, codersdk.Template{ + ID: templateID, + ActiveVersionID: templateVersionID, + }) + case fmt.Sprintf("/api/v2/templateversions/%s/presets", templateVersionID): + httpapi.Write(ctx, w, http.StatusOK, []codersdk.Preset{ + { + ID: templateVersionPresetID, + Name: presetName, + }, + }) + case "/api/experimental/tasks/me": + var req codersdk.CreateTaskRequest + if !httpapi.Read(ctx, w, r, &req) { + return + } + + assert.Equal(t, prompt, req.Prompt, "prompt mismatch") + assert.Equal(t, templateVersionID, req.TemplateVersionID, "template version mismatch") + + if presetName == "" { + assert.Equal(t, uuid.Nil, req.TemplateVersionPresetID, "expected no template preset id") + } else { + assert.Equal(t, templateVersionPresetID, req.TemplateVersionPresetID, "template version preset id mismatch") + } + + httpapi.Write(ctx, w, http.StatusCreated, codersdk.Workspace{ + Name: "task-wild-goldfish-27", + CreatedAt: taskCreatedAt, + }) + default: + t.Errorf("unexpected path: %s", r.URL.Path) + } + } + } + + tests := []struct { + args []string + env []string + expectError string + expectOutput string + handler func(t *testing.T, ctx context.Context) http.HandlerFunc + }{ + { + args: []string{"my-template@my-template-version", "--input", "my custom prompt", "--org", organizationID.String()}, + expectOutput: fmt.Sprintf("The task %s has been created at %s!", cliui.Keyword("task-wild-goldfish-27"), cliui.Timestamp(taskCreatedAt)), + handler: func(t *testing.T, ctx context.Context) http.HandlerFunc { + return templateAndVersionFoundHandler(t, ctx, organizationID, "my-template", "my-template-version", "", "my custom prompt") + }, + }, + { + args: []string{"my-template", "--input", "my custom prompt", "--org", organizationID.String()}, + env: []string{"CODER_TASK_TEMPLATE_VERSION=my-template-version"}, + expectOutput: fmt.Sprintf("The task %s has been created at %s!", cliui.Keyword("task-wild-goldfish-27"), cliui.Timestamp(taskCreatedAt)), + handler: func(t *testing.T, ctx context.Context) http.HandlerFunc { + return templateAndVersionFoundHandler(t, ctx, organizationID, "my-template", "my-template-version", "", "my custom prompt") + }, + }, + { + args: []string{"--input", "my custom prompt", "--org", organizationID.String()}, + env: []string{"CODER_TASK_TEMPLATE_NAME=my-template", "CODER_TASK_TEMPLATE_VERSION=my-template-version"}, + expectOutput: fmt.Sprintf("The task %s has been created at %s!", cliui.Keyword("task-wild-goldfish-27"), cliui.Timestamp(taskCreatedAt)), + handler: func(t *testing.T, ctx context.Context) http.HandlerFunc { + return templateAndVersionFoundHandler(t, ctx, organizationID, "my-template", "my-template-version", "", "my custom prompt") + }, + }, + { + env: []string{"CODER_TASK_TEMPLATE_NAME=my-template", "CODER_TASK_TEMPLATE_VERSION=my-template-version", "CODER_TASK_INPUT=my custom prompt", "CODER_ORGANIZATION=" + organizationID.String()}, + expectOutput: fmt.Sprintf("The task %s has been created at %s!", cliui.Keyword("task-wild-goldfish-27"), cliui.Timestamp(taskCreatedAt)), + handler: func(t *testing.T, ctx context.Context) http.HandlerFunc { + return templateAndVersionFoundHandler(t, ctx, organizationID, "my-template", "my-template-version", "", "my custom prompt") + }, + }, + { + args: []string{"my-template", "--input", "my custom prompt", "--org", organizationID.String()}, + expectOutput: fmt.Sprintf("The task %s has been created at %s!", cliui.Keyword("task-wild-goldfish-27"), cliui.Timestamp(taskCreatedAt)), + handler: func(t *testing.T, ctx context.Context) http.HandlerFunc { + return templateAndVersionFoundHandler(t, ctx, organizationID, "my-template", "", "", "my custom prompt") + }, + }, + { + args: []string{"my-template", "--input", "my custom prompt", "--preset", "my-preset", "--org", organizationID.String()}, + expectOutput: fmt.Sprintf("The task %s has been created at %s!", cliui.Keyword("task-wild-goldfish-27"), cliui.Timestamp(taskCreatedAt)), + handler: func(t *testing.T, ctx context.Context) http.HandlerFunc { + return templateAndVersionFoundHandler(t, ctx, organizationID, "my-template", "", "my-preset", "my custom prompt") + }, + }, + { + args: []string{"my-template", "--input", "my custom prompt"}, + env: []string{"CODER_TASK_PRESET_NAME=my-preset"}, + expectOutput: fmt.Sprintf("The task %s has been created at %s!", cliui.Keyword("task-wild-goldfish-27"), cliui.Timestamp(taskCreatedAt)), + handler: func(t *testing.T, ctx context.Context) http.HandlerFunc { + return templateAndVersionFoundHandler(t, ctx, organizationID, "my-template", "", "my-preset", "my custom prompt") + }, + }, + { + args: []string{"my-template", "--input", "my custom prompt", "--preset", "not-real-preset"}, + expectError: `preset "not-real-preset" not found`, + handler: func(t *testing.T, ctx context.Context) http.HandlerFunc { + return templateAndVersionFoundHandler(t, ctx, organizationID, "my-template", "", "my-preset", "my custom prompt") + }, + }, + { + args: []string{"my-template@not-real-template-version", "--input", "my custom prompt"}, + expectError: httpapi.ResourceNotFoundResponse.Message, + handler: func(t *testing.T, ctx context.Context) http.HandlerFunc { + return func(w http.ResponseWriter, r *http.Request) { + switch r.URL.Path { + case "/api/v2/users/me/organizations": + httpapi.Write(ctx, w, http.StatusOK, []codersdk.Organization{ + {MinimalOrganization: codersdk.MinimalOrganization{ + ID: organizationID, + }}, + }) + case fmt.Sprintf("/api/v2/organizations/%s/templates/my-template/versions/not-real-template-version", organizationID): + httpapi.ResourceNotFound(w) + default: + t.Errorf("unexpected path: %s", r.URL.Path) + } + } + }, + }, + { + args: []string{"not-real-template", "--input", "my custom prompt", "--org", organizationID.String()}, + expectError: httpapi.ResourceNotFoundResponse.Message, + handler: func(t *testing.T, ctx context.Context) http.HandlerFunc { + return func(w http.ResponseWriter, r *http.Request) { + switch r.URL.Path { + case "/api/v2/users/me/organizations": + httpapi.Write(ctx, w, http.StatusOK, []codersdk.Organization{ + {MinimalOrganization: codersdk.MinimalOrganization{ + ID: organizationID, + }}, + }) + case fmt.Sprintf("/api/v2/organizations/%s/templates/not-real-template", organizationID): + httpapi.ResourceNotFound(w) + default: + t.Errorf("unexpected path: %s", r.URL.Path) + } + } + }, + }, + { + args: []string{"template-in-different-org", "--input", "my-custom-prompt", "--org", anotherOrganizationID.String()}, + expectError: httpapi.ResourceNotFoundResponse.Message, + handler: func(t *testing.T, ctx context.Context) http.HandlerFunc { + return func(w http.ResponseWriter, r *http.Request) { + switch r.URL.Path { + case "/api/v2/users/me/organizations": + httpapi.Write(ctx, w, http.StatusOK, []codersdk.Organization{ + {MinimalOrganization: codersdk.MinimalOrganization{ + ID: anotherOrganizationID, + }}, + }) + case fmt.Sprintf("/api/v2/organizations/%s/templates/template-in-different-org", anotherOrganizationID): + httpapi.ResourceNotFound(w) + default: + t.Errorf("unexpected path: %s", r.URL.Path) + } + } + }, + }, + { + args: []string{"no-org", "--input", "my-custom-prompt"}, + expectError: "Must select an organization with --org=", + handler: func(t *testing.T, ctx context.Context) http.HandlerFunc { + return func(w http.ResponseWriter, r *http.Request) { + switch r.URL.Path { + case "/api/v2/users/me/organizations": + httpapi.Write(ctx, w, http.StatusOK, []codersdk.Organization{}) + default: + t.Errorf("unexpected path: %s", r.URL.Path) + } + } + }, + }, + } + + for _, tt := range tests { + t.Run(strings.Join(tt.args, ","), func(t *testing.T) { + t.Parallel() + + var ( + ctx = testutil.Context(t, testutil.WaitShort) + srv = httptest.NewServer(tt.handler(t, ctx)) + client = codersdk.New(testutil.MustURL(t, srv.URL)) + args = []string{"exp", "task", "create"} + sb strings.Builder + err error + ) + + t.Cleanup(srv.Close) + + inv, root := clitest.New(t, append(args, tt.args...)...) + inv.Environ = serpent.ParseEnviron(tt.env, "") + inv.Stdout = &sb + inv.Stderr = &sb + clitest.SetupConfig(t, client, root) + + err = inv.WithContext(ctx).Run() + if tt.expectError == "" { + assert.NoError(t, err) + } else { + assert.ErrorContains(t, err, tt.expectError) + } + + assert.Contains(t, sb.String(), tt.expectOutput) + }) + } +} diff --git a/cli/exp_tasklist.go b/cli/exp_tasklist.go new file mode 100644 index 0000000000000..7f2b44d25aa4c --- /dev/null +++ b/cli/exp_tasklist.go @@ -0,0 +1,142 @@ +package cli + +import ( + "fmt" + "strings" + "time" + + "golang.org/x/xerrors" + + "github.com/coder/coder/v2/cli/cliui" + "github.com/coder/coder/v2/codersdk" + "github.com/coder/serpent" +) + +type taskListRow struct { + Task codersdk.Task `table:"t,recursive_inline"` + + StateChangedAgo string `table:"state changed"` +} + +func taskListRowFromTask(now time.Time, t codersdk.Task) taskListRow { + var stateAgo string + if t.CurrentState != nil { + stateAgo = now.UTC().Sub(t.CurrentState.Timestamp).Truncate(time.Second).String() + " ago" + } + + return taskListRow{ + Task: t, + + StateChangedAgo: stateAgo, + } +} + +func (r *RootCmd) taskList() *serpent.Command { + var ( + statusFilter string + all bool + user string + + client = new(codersdk.Client) + formatter = cliui.NewOutputFormatter( + cliui.TableFormat( + []taskListRow{}, + []string{ + "id", + "name", + "status", + "state", + "state changed", + "message", + }, + ), + cliui.ChangeFormatterData( + cliui.JSONFormat(), + func(data any) (any, error) { + rows, ok := data.([]taskListRow) + if !ok { + return nil, xerrors.Errorf("expected []taskListRow, got %T", data) + } + out := make([]codersdk.Task, len(rows)) + for i := range rows { + out[i] = rows[i].Task + } + return out, nil + }, + ), + ) + ) + + cmd := &serpent.Command{ + Use: "list", + Short: "List experimental tasks", + Aliases: []string{"ls"}, + Middleware: serpent.Chain( + serpent.RequireNArgs(0), + r.InitClient(client), + ), + Options: serpent.OptionSet{ + { + Name: "status", + Description: "Filter by task status (e.g. running, failed, etc).", + Flag: "status", + Default: "", + Value: serpent.StringOf(&statusFilter), + }, + { + Name: "all", + Description: "List tasks for all users you can view.", + Flag: "all", + FlagShorthand: "a", + Default: "false", + Value: serpent.BoolOf(&all), + }, + { + Name: "user", + Description: "List tasks for the specified user (username, \"me\").", + Flag: "user", + Default: "", + Value: serpent.StringOf(&user), + }, + }, + Handler: func(inv *serpent.Invocation) error { + ctx := inv.Context() + exp := codersdk.NewExperimentalClient(client) + + targetUser := strings.TrimSpace(user) + if targetUser == "" && !all { + targetUser = codersdk.Me + } + + tasks, err := exp.Tasks(ctx, &codersdk.TasksFilter{ + Owner: targetUser, + Status: statusFilter, + }) + if err != nil { + return xerrors.Errorf("list tasks: %w", err) + } + + // If no rows and not JSON, show a friendly message. + if len(tasks) == 0 && formatter.FormatID() != cliui.JSONFormat().ID() { + _, _ = fmt.Fprintln(inv.Stderr, "No tasks found.") + return nil + } + + rows := make([]taskListRow, len(tasks)) + now := time.Now() + for i := range tasks { + rows[i] = taskListRowFromTask(now, tasks[i]) + } + + out, err := formatter.Format(ctx, rows) + if err != nil { + return xerrors.Errorf("format tasks: %w", err) + } + _, _ = fmt.Fprintln(inv.Stdout, out) + return nil + }, + } + + formatter.AttachOptions(&cmd.Options) + return cmd +} diff --git a/cli/exp_tasklist_test.go b/cli/exp_tasklist_test.go new file mode 100644 index 0000000000000..1120a11c69e3c --- /dev/null +++ b/cli/exp_tasklist_test.go @@ -0,0 +1,278 @@ +package cli_test + +import ( + "bytes" + "context" + "database/sql" + "encoding/json" + "io" + "testing" + + "github.com/google/uuid" + "github.com/stretchr/testify/require" + + "cdr.dev/slog" + "cdr.dev/slog/sloggers/sloghuman" + + "github.com/coder/coder/v2/cli/clitest" + "github.com/coder/coder/v2/coderd/coderdtest" + "github.com/coder/coder/v2/coderd/database" + "github.com/coder/coder/v2/coderd/database/dbauthz" + "github.com/coder/coder/v2/coderd/database/dbfake" + "github.com/coder/coder/v2/coderd/database/dbgen" + "github.com/coder/coder/v2/coderd/util/slice" + "github.com/coder/coder/v2/codersdk" + "github.com/coder/coder/v2/pty/ptytest" + "github.com/coder/coder/v2/testutil" +) + +// makeAITask creates an AI-task workspace. +func makeAITask(t *testing.T, db database.Store, orgID, adminID, ownerID uuid.UUID, transition database.WorkspaceTransition, prompt string) (workspace database.WorkspaceTable) { + t.Helper() + + tv := dbfake.TemplateVersion(t, db). + Seed(database.TemplateVersion{ + OrganizationID: orgID, + CreatedBy: adminID, + HasAITask: sql.NullBool{ + Bool: true, + Valid: true, + }, + }).Do() + + ws := database.WorkspaceTable{ + OrganizationID: orgID, + OwnerID: ownerID, + TemplateID: tv.Template.ID, + } + build := dbfake.WorkspaceBuild(t, db, ws). + Seed(database.WorkspaceBuild{ + TemplateVersionID: tv.TemplateVersion.ID, + Transition: transition, + }).WithAgent().Do() + dbgen.WorkspaceBuildParameters(t, db, []database.WorkspaceBuildParameter{ + { + WorkspaceBuildID: build.Build.ID, + Name: codersdk.AITaskPromptParameterName, + Value: prompt, + }, + }) + agents, err := db.GetWorkspaceAgentsByWorkspaceAndBuildNumber( + dbauthz.AsSystemRestricted(context.Background()), + database.GetWorkspaceAgentsByWorkspaceAndBuildNumberParams{ + WorkspaceID: build.Workspace.ID, + BuildNumber: build.Build.BuildNumber, + }, + ) + require.NoError(t, err) + require.NotEmpty(t, agents) + agentID := agents[0].ID + + // Create a workspace app and set it as the sidebar app. + app := dbgen.WorkspaceApp(t, db, database.WorkspaceApp{ + AgentID: agentID, + Slug: "task-sidebar", + DisplayName: "Task Sidebar", + External: false, + }) + + // Update build flags to reference the sidebar app and HasAITask=true. + err = db.UpdateWorkspaceBuildFlagsByID( + dbauthz.AsSystemRestricted(context.Background()), + database.UpdateWorkspaceBuildFlagsByIDParams{ + ID: build.Build.ID, + HasAITask: sql.NullBool{Bool: true, Valid: true}, + HasExternalAgent: sql.NullBool{Bool: false, Valid: false}, + SidebarAppID: uuid.NullUUID{UUID: app.ID, Valid: true}, + UpdatedAt: build.Build.UpdatedAt, + }, + ) + require.NoError(t, err) + + return build.Workspace +} + +func TestExpTaskList(t *testing.T) { + t.Parallel() + + t.Run("NoTasks_Table", func(t *testing.T) { + t.Parallel() + + // Quiet logger to reduce noise. + quiet := slog.Make(sloghuman.Sink(io.Discard)) + client, _ := coderdtest.NewWithDatabase(t, &coderdtest.Options{Logger: &quiet}) + owner := coderdtest.CreateFirstUser(t, client) + memberClient, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID) + + inv, root := clitest.New(t, "exp", "task", "list") + clitest.SetupConfig(t, memberClient, root) + + pty := ptytest.New(t).Attach(inv) + ctx := testutil.Context(t, testutil.WaitShort) + + err := inv.WithContext(ctx).Run() + require.NoError(t, err) + + pty.ExpectMatch("No tasks found.") + }) + + t.Run("Single_Table", func(t *testing.T) { + t.Parallel() + + // Quiet logger to reduce noise. + quiet := slog.Make(sloghuman.Sink(io.Discard)) + client, db := coderdtest.NewWithDatabase(t, &coderdtest.Options{Logger: &quiet}) + owner := coderdtest.CreateFirstUser(t, client) + memberClient, memberUser := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID) + + wantPrompt := "build me a web app" + ws := makeAITask(t, db, owner.OrganizationID, owner.UserID, memberUser.ID, database.WorkspaceTransitionStart, wantPrompt) + + inv, root := clitest.New(t, "exp", "task", "list", "--column", "id,name,status,initial prompt") + clitest.SetupConfig(t, memberClient, root) + + pty := ptytest.New(t).Attach(inv) + ctx := testutil.Context(t, testutil.WaitShort) + + err := inv.WithContext(ctx).Run() + require.NoError(t, err) + + // Validate the table includes the task and status. + pty.ExpectMatch(ws.Name) + pty.ExpectMatch("running") + pty.ExpectMatch(wantPrompt) + }) + + t.Run("StatusFilter_JSON", func(t *testing.T) { + t.Parallel() + + // Quiet logger to reduce noise. + quiet := slog.Make(sloghuman.Sink(io.Discard)) + client, db := coderdtest.NewWithDatabase(t, &coderdtest.Options{Logger: &quiet}) + owner := coderdtest.CreateFirstUser(t, client) + memberClient, memberUser := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID) + + // Create two AI tasks: one running, one stopped. + running := makeAITask(t, db, owner.OrganizationID, owner.UserID, memberUser.ID, database.WorkspaceTransitionStart, "keep me running") + stopped := makeAITask(t, db, owner.OrganizationID, owner.UserID, memberUser.ID, database.WorkspaceTransitionStop, "stop me please") + + // Use JSON output to reliably validate filtering. + inv, root := clitest.New(t, "exp", "task", "list", "--status=stopped", "--output=json") + clitest.SetupConfig(t, memberClient, root) + + ctx := testutil.Context(t, testutil.WaitShort) + var stdout bytes.Buffer + inv.Stdout = &stdout + inv.Stderr = &stdout + + err := inv.WithContext(ctx).Run() + require.NoError(t, err) + + var tasks []codersdk.Task + require.NoError(t, json.Unmarshal(stdout.Bytes(), &tasks)) + + // Only the stopped task is returned. + require.Len(t, tasks, 1, "expected one task after filtering") + require.Equal(t, stopped.ID, tasks[0].ID) + require.NotEqual(t, running.ID, tasks[0].ID) + }) + + t.Run("UserFlag_Me_Table", func(t *testing.T) { + t.Parallel() + + quiet := slog.Make(sloghuman.Sink(io.Discard)) + client, db := coderdtest.NewWithDatabase(t, &coderdtest.Options{Logger: &quiet}) + owner := coderdtest.CreateFirstUser(t, client) + _, memberUser := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID) + + _ = makeAITask(t, db, owner.OrganizationID, owner.UserID, memberUser.ID, database.WorkspaceTransitionStart, "other-task") + ws := makeAITask(t, db, owner.OrganizationID, owner.UserID, owner.UserID, database.WorkspaceTransitionStart, "me-task") + + inv, root := clitest.New(t, "exp", "task", "list", "--user", "me") + //nolint:gocritic // Owner client is intended here smoke test the member task not showing up. + clitest.SetupConfig(t, client, root) + + pty := ptytest.New(t).Attach(inv) + ctx := testutil.Context(t, testutil.WaitShort) + + err := inv.WithContext(ctx).Run() + require.NoError(t, err) + + pty.ExpectMatch(ws.Name) + }) +} + +func TestExpTaskList_OwnerCanListOthers(t *testing.T) { + t.Parallel() + + // Quiet logger to reduce noise. + quiet := slog.Make(sloghuman.Sink(io.Discard)) + ownerClient, db := coderdtest.NewWithDatabase(t, &coderdtest.Options{Logger: &quiet}) + owner := coderdtest.CreateFirstUser(t, ownerClient) + + // Create two additional members in the owner's organization. + _, memberAUser := coderdtest.CreateAnotherUser(t, ownerClient, owner.OrganizationID) + _, memberBUser := coderdtest.CreateAnotherUser(t, ownerClient, owner.OrganizationID) + + // Seed an AI task for member A and B. + _ = makeAITask(t, db, owner.OrganizationID, owner.UserID, memberAUser.ID, database.WorkspaceTransitionStart, "member-A-task") + _ = makeAITask(t, db, owner.OrganizationID, owner.UserID, memberBUser.ID, database.WorkspaceTransitionStart, "member-B-task") + + t.Run("OwnerListsSpecificUserWithUserFlag_JSON", func(t *testing.T) { + t.Parallel() + + // As the owner, list only member A tasks. + inv, root := clitest.New(t, "exp", "task", "list", "--user", memberAUser.Username, "--output=json") + //nolint:gocritic // Owner client is intended here to allow member tasks to be listed. + clitest.SetupConfig(t, ownerClient, root) + + var stdout bytes.Buffer + inv.Stdout = &stdout + + ctx := testutil.Context(t, testutil.WaitShort) + + err := inv.WithContext(ctx).Run() + require.NoError(t, err) + + var tasks []codersdk.Task + require.NoError(t, json.Unmarshal(stdout.Bytes(), &tasks)) + + // At least one task to belong to member A. + require.NotEmpty(t, tasks, "expected at least one task for member A") + // All tasks should belong to member A. + for _, task := range tasks { + require.Equal(t, memberAUser.ID, task.OwnerID, "expected only member A tasks") + } + }) + + t.Run("OwnerListsAllWithAllFlag_JSON", func(t *testing.T) { + t.Parallel() + + // As the owner, list all tasks to verify both member tasks are present. + // Use JSON output to reliably validate filtering. + inv, root := clitest.New(t, "exp", "task", "list", "--all", "--output=json") + //nolint:gocritic // Owner client is intended here to allow all tasks to be listed. + clitest.SetupConfig(t, ownerClient, root) + + var stdout bytes.Buffer + inv.Stdout = &stdout + + ctx := testutil.Context(t, testutil.WaitShort) + + err := inv.WithContext(ctx).Run() + require.NoError(t, err) + + var tasks []codersdk.Task + require.NoError(t, json.Unmarshal(stdout.Bytes(), &tasks)) + + // Expect at least two tasks and ensure both owners (member A and member B) are represented. + require.GreaterOrEqual(t, len(tasks), 2, "expected two or more tasks in --all listing") + + // Use slice.Find for concise existence checks. + _, foundA := slice.Find(tasks, func(t codersdk.Task) bool { return t.OwnerID == memberAUser.ID }) + _, foundB := slice.Find(tasks, func(t codersdk.Task) bool { return t.OwnerID == memberBUser.ID }) + + require.True(t, foundA, "expected at least one task for member A in --all listing") + require.True(t, foundB, "expected at least one task for member B in --all listing") + }) +} diff --git a/cli/list.go b/cli/list.go index 083d32c6e8fa1..278895dfd7218 100644 --- a/cli/list.go +++ b/cli/list.go @@ -18,7 +18,7 @@ import ( // workspaceListRow is the type provided to the OutputFormatter. This is a bit // dodgy but it's the only way to do complex display code for one format vs. the // other. -type workspaceListRow struct { +type WorkspaceListRow struct { // For JSON format: codersdk.Workspace `table:"-"` @@ -40,7 +40,7 @@ type workspaceListRow struct { DailyCost string `json:"-" table:"daily cost"` } -func workspaceListRowFromWorkspace(now time.Time, workspace codersdk.Workspace) workspaceListRow { +func WorkspaceListRowFromWorkspace(now time.Time, workspace codersdk.Workspace) WorkspaceListRow { status := codersdk.WorkspaceDisplayStatus(workspace.LatestBuild.Job.Status, workspace.LatestBuild.Transition) lastBuilt := now.UTC().Sub(workspace.LatestBuild.Job.CreatedAt).Truncate(time.Second) @@ -55,7 +55,7 @@ func workspaceListRowFromWorkspace(now time.Time, workspace codersdk.Workspace) favIco = "★" } workspaceName := favIco + " " + workspace.OwnerName + "/" + workspace.Name - return workspaceListRow{ + return WorkspaceListRow{ Favorite: workspace.Favorite, Workspace: workspace, WorkspaceName: workspaceName, @@ -80,7 +80,7 @@ func (r *RootCmd) list() *serpent.Command { filter cliui.WorkspaceFilter formatter = cliui.NewOutputFormatter( cliui.TableFormat( - []workspaceListRow{}, + []WorkspaceListRow{}, []string{ "workspace", "template", @@ -107,7 +107,7 @@ func (r *RootCmd) list() *serpent.Command { r.InitClient(client), ), Handler: func(inv *serpent.Invocation) error { - res, err := queryConvertWorkspaces(inv.Context(), client, filter.Filter(), workspaceListRowFromWorkspace) + res, err := QueryConvertWorkspaces(inv.Context(), client, filter.Filter(), WorkspaceListRowFromWorkspace) if err != nil { return err } @@ -137,9 +137,9 @@ func (r *RootCmd) list() *serpent.Command { // queryConvertWorkspaces is a helper function for converting // codersdk.Workspaces to a different type. // It's used by the list command to convert workspaces to -// workspaceListRow, and by the schedule command to +// WorkspaceListRow, and by the schedule command to // convert workspaces to scheduleListRow. -func queryConvertWorkspaces[T any](ctx context.Context, client *codersdk.Client, filter codersdk.WorkspaceFilter, convertF func(time.Time, codersdk.Workspace) T) ([]T, error) { +func QueryConvertWorkspaces[T any](ctx context.Context, client *codersdk.Client, filter codersdk.WorkspaceFilter, convertF func(time.Time, codersdk.Workspace) T) ([]T, error) { var empty []T workspaces, err := client.Workspaces(ctx, filter) if err != nil { diff --git a/cli/open.go b/cli/open.go index ff950b552a853..83569e87e241a 100644 --- a/cli/open.go +++ b/cli/open.go @@ -11,7 +11,9 @@ import ( "runtime" "slices" "strings" + "time" + "github.com/google/uuid" "github.com/skratchdot/open-golang/open" "golang.org/x/xerrors" @@ -42,7 +44,6 @@ func (r *RootCmd) openVSCode() *serpent.Command { generateToken bool testOpenError bool appearanceConfig codersdk.AppearanceConfig - containerName string ) client := new(codersdk.Client) @@ -71,7 +72,7 @@ func (r *RootCmd) openVSCode() *serpent.Command { // need to wait for the agent to start. workspaceQuery := inv.Args[0] autostart := true - workspace, workspaceAgent, err := getWorkspaceAndAgent(ctx, inv, client, autostart, workspaceQuery) + workspace, workspaceAgent, otherWorkspaceAgents, err := GetWorkspaceAndAgent(ctx, inv, client, autostart, workspaceQuery) if err != nil { return xerrors.Errorf("get workspace and agent: %w", err) } @@ -79,6 +80,70 @@ func (r *RootCmd) openVSCode() *serpent.Command { workspaceName := workspace.Name + "." + workspaceAgent.Name insideThisWorkspace := insideAWorkspace && inWorkspaceName == workspaceName + // To properly work with devcontainers, VS Code has to connect to + // parent workspace agent. It will then proceed to enter the + // container given the correct parameters. There is inherently no + // dependency on the devcontainer agent in this scenario, but + // relying on it simplifies the logic and ensures the devcontainer + // is ready. To eliminate the dependency we would need to know that + // a sub-agent that hasn't been created yet may be a devcontainer, + // and thus will be created at a later time as well as expose the + // container folder on the API response. + var parentWorkspaceAgent codersdk.WorkspaceAgent + var devcontainer codersdk.WorkspaceAgentDevcontainer + if workspaceAgent.ParentID.Valid { + // This is likely a devcontainer agent, so we need to find the + // parent workspace agent as well as the devcontainer. + for _, otherAgent := range otherWorkspaceAgents { + if otherAgent.ID == workspaceAgent.ParentID.UUID { + parentWorkspaceAgent = otherAgent + break + } + } + if parentWorkspaceAgent.ID == uuid.Nil { + return xerrors.Errorf("parent workspace agent %s not found", workspaceAgent.ParentID.UUID) + } + + printedWaiting := false + for { + resp, err := client.WorkspaceAgentListContainers(ctx, parentWorkspaceAgent.ID, nil) + if err != nil { + return xerrors.Errorf("list parent workspace agent containers: %w", err) + } + + for _, dc := range resp.Devcontainers { + if dc.Agent.ID == workspaceAgent.ID { + devcontainer = dc + break + } + } + if devcontainer.ID == uuid.Nil { + cliui.Warnf(inv.Stderr, "Devcontainer %q not found, opening as a regular workspace...", workspaceAgent.Name) + parentWorkspaceAgent = codersdk.WorkspaceAgent{} // Reset to empty, so we don't use it later. + break + } + + // Precondition, the devcontainer must be running to enter + // it. Once running, devcontainer.Container will be set. + if devcontainer.Status == codersdk.WorkspaceAgentDevcontainerStatusRunning { + break + } + if devcontainer.Status != codersdk.WorkspaceAgentDevcontainerStatusStarting { + return xerrors.Errorf("devcontainer %q is in unexpected status %q, expected %q or %q", + devcontainer.Name, devcontainer.Status, + codersdk.WorkspaceAgentDevcontainerStatusRunning, + codersdk.WorkspaceAgentDevcontainerStatusStarting, + ) + } + + if !printedWaiting { + _, _ = fmt.Fprintf(inv.Stderr, "Waiting for devcontainer %q status to change from %q to %q...\n", devcontainer.Name, devcontainer.Status, codersdk.WorkspaceAgentDevcontainerStatusRunning) + printedWaiting = true + } + time.Sleep(5 * time.Second) // Wait a bit before retrying. + } + } + if !insideThisWorkspace { // Wait for the agent to connect, we don't care about readiness // otherwise (e.g. wait). @@ -99,6 +164,9 @@ func (r *RootCmd) openVSCode() *serpent.Command { // the created state, so we need to wait for that to happen. // However, if no directory is set, the expanded directory will // not be set either. + // + // Note that this is irrelevant for devcontainer sub agents, as + // they always have a directory set. if workspaceAgent.Directory != "" { workspace, workspaceAgent, err = waitForAgentCond(ctx, client, workspace, workspaceAgent, func(_ codersdk.WorkspaceAgent) bool { return workspaceAgent.LifecycleState != codersdk.WorkspaceAgentLifecycleCreated @@ -114,41 +182,6 @@ func (r *RootCmd) openVSCode() *serpent.Command { directory = inv.Args[1] } - if containerName != "" { - containers, err := client.WorkspaceAgentListContainers(ctx, workspaceAgent.ID, map[string]string{"devcontainer.local_folder": ""}) - if err != nil { - return xerrors.Errorf("list workspace agent containers: %w", err) - } - - var foundContainer bool - - for _, container := range containers.Containers { - if container.FriendlyName != containerName { - continue - } - - foundContainer = true - - if directory == "" { - localFolder, ok := container.Labels["devcontainer.local_folder"] - if !ok { - return xerrors.New("container missing `devcontainer.local_folder` label") - } - - directory, ok = container.Volumes[localFolder] - if !ok { - return xerrors.New("container missing volume for `devcontainer.local_folder`") - } - } - - break - } - - if !foundContainer { - return xerrors.New("no container found") - } - } - directory, err = resolveAgentAbsPath(workspaceAgent.ExpandedDirectory, directory, workspaceAgent.OperatingSystem, insideThisWorkspace) if err != nil { return xerrors.Errorf("resolve agent path: %w", err) @@ -174,14 +207,16 @@ func (r *RootCmd) openVSCode() *serpent.Command { u *url.URL qp url.Values ) - if containerName != "" { + if devcontainer.ID != uuid.Nil { u, qp = buildVSCodeWorkspaceDevContainerLink( token, client.URL.String(), workspace, - workspaceAgent, - containerName, + parentWorkspaceAgent, + devcontainer.Container.FriendlyName, directory, + devcontainer.WorkspaceFolder, + devcontainer.ConfigPath, ) } else { u, qp = buildVSCodeWorkspaceLink( @@ -247,13 +282,6 @@ func (r *RootCmd) openVSCode() *serpent.Command { ), Value: serpent.BoolOf(&generateToken), }, - { - Flag: "container", - FlagShorthand: "c", - Description: "Container name to connect to in the workspace.", - Value: serpent.StringOf(&containerName), - Hidden: true, // Hidden until this features is at least in beta. - }, { Flag: "test.open-error", Description: "Don't run the open command.", @@ -288,7 +316,7 @@ func (r *RootCmd) openApp() *serpent.Command { } workspaceName := inv.Args[0] - ws, agt, err := getWorkspaceAndAgent(ctx, inv, client, false, workspaceName) + ws, agt, _, err := GetWorkspaceAndAgent(ctx, inv, client, false, workspaceName) if err != nil { var sdkErr *codersdk.Error if errors.As(err, &sdkErr) && sdkErr.StatusCode() == http.StatusNotFound { @@ -430,8 +458,14 @@ func buildVSCodeWorkspaceDevContainerLink( workspaceAgent codersdk.WorkspaceAgent, containerName string, containerFolder string, + localWorkspaceFolder string, + localConfigFile string, ) (*url.URL, url.Values) { containerFolder = filepath.ToSlash(containerFolder) + localWorkspaceFolder = filepath.ToSlash(localWorkspaceFolder) + if localConfigFile != "" { + localConfigFile = filepath.ToSlash(localConfigFile) + } qp := url.Values{} qp.Add("url", clientURL) @@ -440,6 +474,8 @@ func buildVSCodeWorkspaceDevContainerLink( qp.Add("agent", workspaceAgent.Name) qp.Add("devContainerName", containerName) qp.Add("devContainerFolder", containerFolder) + qp.Add("localWorkspaceFolder", localWorkspaceFolder) + qp.Add("localConfigFile", localConfigFile) if token != "" { qp.Add("token", token) @@ -469,7 +505,7 @@ func waitForAgentCond(ctx context.Context, client *codersdk.Client, workspace co } for workspace = range wc { - workspaceAgent, err = getWorkspaceAgent(workspace, workspaceAgent.Name) + workspaceAgent, _, err = getWorkspaceAgent(workspace, workspaceAgent.Name) if err != nil { return workspace, workspaceAgent, xerrors.Errorf("get workspace agent: %w", err) } diff --git a/cli/open_test.go b/cli/open_test.go index 698a4d777984b..688fc24b5e84d 100644 --- a/cli/open_test.go +++ b/cli/open_test.go @@ -1,8 +1,10 @@ package cli_test import ( + "context" "net/url" "os" + "path" "path/filepath" "runtime" "strings" @@ -11,11 +13,11 @@ import ( "github.com/google/uuid" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - "go.uber.org/mock/gomock" + "golang.org/x/xerrors" "github.com/coder/coder/v2/agent" "github.com/coder/coder/v2/agent/agentcontainers" - "github.com/coder/coder/v2/agent/agentcontainers/acmock" + "github.com/coder/coder/v2/agent/agentcontainers/watcher" "github.com/coder/coder/v2/agent/agenttest" "github.com/coder/coder/v2/cli/clitest" "github.com/coder/coder/v2/coderd/coderdtest" @@ -289,238 +291,146 @@ func TestOpenVSCode_NoAgentDirectory(t *testing.T) { } } -func TestOpenVSCodeDevContainer(t *testing.T) { - t.Parallel() +type fakeContainerCLI struct { + resp codersdk.WorkspaceAgentListContainersResponse +} - if runtime.GOOS != "linux" { - t.Skip("DevContainers are only supported for agents on Linux") - } +func (f *fakeContainerCLI) List(ctx context.Context) (codersdk.WorkspaceAgentListContainersResponse, error) { + return f.resp, nil +} - agentName := "agent1" - agentDir, err := filepath.Abs(filepath.FromSlash("/tmp")) - require.NoError(t, err) +func (*fakeContainerCLI) DetectArchitecture(ctx context.Context, containerID string) (string, error) { + return runtime.GOARCH, nil +} - containerName := testutil.GetRandomName(t) - containerFolder := "/workspace/coder" +func (*fakeContainerCLI) Copy(ctx context.Context, containerID, src, dst string) error { + return nil +} - ctrl := gomock.NewController(t) - mccli := acmock.NewMockContainerCLI(ctrl) - mccli.EXPECT().List(gomock.Any()).Return( - codersdk.WorkspaceAgentListContainersResponse{ - Containers: []codersdk.WorkspaceAgentContainer{ - { - ID: uuid.NewString(), - CreatedAt: dbtime.Now(), - FriendlyName: containerName, - Image: "busybox:latest", - Labels: map[string]string{ - "devcontainer.local_folder": "/home/coder/coder", - }, - Running: true, - Status: "running", - Volumes: map[string]string{ - "/home/coder/coder": containerFolder, - }, - }, - }, - }, nil, - ).AnyTimes() +func (*fakeContainerCLI) ExecAs(ctx context.Context, containerID, user string, args ...string) ([]byte, error) { + return nil, nil +} - client, workspace, agentToken := setupWorkspaceForAgent(t, func(agents []*proto.Agent) []*proto.Agent { - agents[0].Directory = agentDir - agents[0].Name = agentName - agents[0].OperatingSystem = runtime.GOOS - return agents - }) +type fakeDevcontainerCLI struct { + config agentcontainers.DevcontainerConfig + execAgent func(ctx context.Context, token string) error +} - _ = agenttest.New(t, client.URL, agentToken, func(o *agent.Options) { - o.ExperimentalDevcontainersEnabled = true - o.ContainerAPIOptions = append(o.ContainerAPIOptions, - agentcontainers.WithContainerCLI(mccli), - agentcontainers.WithContainerLabelIncludeFilter("this.label.does.not.exist.ignore.devcontainers", "true"), - ) - }) - _ = coderdtest.NewWorkspaceAgentWaiter(t, client, workspace.ID).Wait() +func (f *fakeDevcontainerCLI) ReadConfig(ctx context.Context, workspaceFolder, configFile string, env []string, opts ...agentcontainers.DevcontainerCLIReadConfigOptions) (agentcontainers.DevcontainerConfig, error) { + return f.config, nil +} - insideWorkspaceEnv := map[string]string{ - "CODER": "true", - "CODER_WORKSPACE_NAME": workspace.Name, - "CODER_WORKSPACE_AGENT_NAME": agentName, +func (f *fakeDevcontainerCLI) Exec(ctx context.Context, workspaceFolder, configFile string, name string, args []string, opts ...agentcontainers.DevcontainerCLIExecOptions) error { + var opt agentcontainers.DevcontainerCLIExecConfig + for _, o := range opts { + o(&opt) } - - wd, err := os.Getwd() - require.NoError(t, err) - - tests := []struct { - name string - env map[string]string - args []string - wantDir string - wantError bool - wantToken bool - }{ - { - name: "nonexistent container", - args: []string{"--test.open-error", workspace.Name, "--container", containerName + "bad"}, - wantError: true, - }, - { - name: "ok", - args: []string{"--test.open-error", workspace.Name, "--container", containerName}, - wantDir: containerFolder, - wantError: false, - }, - { - name: "ok with absolute path", - args: []string{"--test.open-error", workspace.Name, "--container", containerName, containerFolder}, - wantDir: containerFolder, - wantError: false, - }, - { - name: "ok with relative path", - args: []string{"--test.open-error", workspace.Name, "--container", containerName, "my/relative/path"}, - wantDir: filepath.Join(agentDir, filepath.FromSlash("my/relative/path")), - wantError: false, - }, - { - name: "ok with token", - args: []string{"--test.open-error", workspace.Name, "--container", containerName, "--generate-token"}, - wantDir: containerFolder, - wantError: false, - wantToken: true, - }, - // Inside workspace, does not require --test.open-error - { - name: "ok inside workspace", - env: insideWorkspaceEnv, - args: []string{workspace.Name, "--container", containerName}, - wantDir: containerFolder, - }, - { - name: "ok inside workspace relative path", - env: insideWorkspaceEnv, - args: []string{workspace.Name, "--container", containerName, "foo"}, - wantDir: filepath.Join(wd, "foo"), - }, - { - name: "ok inside workspace token", - env: insideWorkspaceEnv, - args: []string{workspace.Name, "--container", containerName, "--generate-token"}, - wantDir: containerFolder, - wantToken: true, - }, + var token string + for _, arg := range opt.Args { + if strings.HasPrefix(arg, "CODER_AGENT_TOKEN=") { + token = strings.TrimPrefix(arg, "CODER_AGENT_TOKEN=") + break + } } - - for _, tt := range tests { - t.Run(tt.name, func(t *testing.T) { - t.Parallel() - - inv, root := clitest.New(t, append([]string{"open", "vscode"}, tt.args...)...) - clitest.SetupConfig(t, client, root) - - pty := ptytest.New(t) - inv.Stdin = pty.Input() - inv.Stdout = pty.Output() - - ctx := testutil.Context(t, testutil.WaitLong) - inv = inv.WithContext(ctx) - - for k, v := range tt.env { - inv.Environ.Set(k, v) - } - - w := clitest.StartWithWaiter(t, inv) - - if tt.wantError { - w.RequireError() - return - } - - me, err := client.User(ctx, codersdk.Me) - require.NoError(t, err) - - line := pty.ReadLine(ctx) - u, err := url.ParseRequestURI(line) - require.NoError(t, err, "line: %q", line) - - qp := u.Query() - assert.Equal(t, client.URL.String(), qp.Get("url")) - assert.Equal(t, me.Username, qp.Get("owner")) - assert.Equal(t, workspace.Name, qp.Get("workspace")) - assert.Equal(t, agentName, qp.Get("agent")) - assert.Equal(t, containerName, qp.Get("devContainerName")) - - if tt.wantDir != "" { - assert.Equal(t, tt.wantDir, qp.Get("devContainerFolder")) - } else { - assert.Equal(t, containerFolder, qp.Get("devContainerFolder")) - } - - if tt.wantToken { - assert.NotEmpty(t, qp.Get("token")) - } else { - assert.Empty(t, qp.Get("token")) - } - - w.RequireSuccess() - }) + if token == "" { + return xerrors.New("no agent token provided in args") + } + if f.execAgent == nil { + return nil } + return f.execAgent(ctx, token) +} + +func (*fakeDevcontainerCLI) Up(ctx context.Context, workspaceFolder, configFile string, opts ...agentcontainers.DevcontainerCLIUpOptions) (string, error) { + return "", nil } -func TestOpenVSCodeDevContainer_NoAgentDirectory(t *testing.T) { +func TestOpenVSCodeDevContainer(t *testing.T) { t.Parallel() if runtime.GOOS != "linux" { t.Skip("DevContainers are only supported for agents on Linux") } - agentName := "agent1" + parentAgentName := "agent1" + devcontainerID := uuid.New() + devcontainerName := "wilson" + workspaceFolder := "/home/coder/wilson" + configFile := path.Join(workspaceFolder, ".devcontainer", "devcontainer.json") + + containerID := uuid.NewString() containerName := testutil.GetRandomName(t) - containerFolder := "/workspace/coder" + containerFolder := "/workspaces/wilson" + + client, workspace, agentToken := setupWorkspaceForAgent(t, func(agents []*proto.Agent) []*proto.Agent { + agents[0].Name = parentAgentName + agents[0].OperatingSystem = runtime.GOOS + return agents + }) - ctrl := gomock.NewController(t) - mccli := acmock.NewMockContainerCLI(ctrl) - mccli.EXPECT().List(gomock.Any()).Return( - codersdk.WorkspaceAgentListContainersResponse{ + fCCLI := &fakeContainerCLI{ + resp: codersdk.WorkspaceAgentListContainersResponse{ Containers: []codersdk.WorkspaceAgentContainer{ { - ID: uuid.NewString(), + ID: containerID, CreatedAt: dbtime.Now(), FriendlyName: containerName, Image: "busybox:latest", Labels: map[string]string{ - "devcontainer.local_folder": "/home/coder/coder", + agentcontainers.DevcontainerLocalFolderLabel: workspaceFolder, + agentcontainers.DevcontainerConfigFileLabel: configFile, + agentcontainers.DevcontainerIsTestRunLabel: "true", + "coder.test": t.Name(), }, Running: true, Status: "running", - Volumes: map[string]string{ - "/home/coder/coder": containerFolder, - }, }, }, - }, nil, - ).AnyTimes() - - client, workspace, agentToken := setupWorkspaceForAgent(t, func(agents []*proto.Agent) []*proto.Agent { - agents[0].Name = agentName - agents[0].OperatingSystem = runtime.GOOS - return agents - }) + }, + } + fDCCLI := &fakeDevcontainerCLI{ + config: agentcontainers.DevcontainerConfig{ + Workspace: agentcontainers.DevcontainerWorkspace{ + WorkspaceFolder: containerFolder, + }, + }, + execAgent: func(ctx context.Context, token string) error { + t.Logf("Starting devcontainer subagent with token: %s", token) + _ = agenttest.New(t, client.URL, token) + <-ctx.Done() + return ctx.Err() + }, + } _ = agenttest.New(t, client.URL, agentToken, func(o *agent.Options) { - o.ExperimentalDevcontainersEnabled = true - o.ContainerAPIOptions = append(o.ContainerAPIOptions, - agentcontainers.WithContainerCLI(mccli), - agentcontainers.WithContainerLabelIncludeFilter("this.label.does.not.exist.ignore.devcontainers", "true"), + o.Devcontainers = true + o.DevcontainerAPIOptions = append(o.DevcontainerAPIOptions, + agentcontainers.WithProjectDiscovery(false), + agentcontainers.WithContainerCLI(fCCLI), + agentcontainers.WithDevcontainerCLI(fDCCLI), + agentcontainers.WithWatcher(watcher.NewNoop()), + agentcontainers.WithDevcontainers( + []codersdk.WorkspaceAgentDevcontainer{{ + ID: devcontainerID, + Name: devcontainerName, + WorkspaceFolder: workspaceFolder, + Status: codersdk.WorkspaceAgentDevcontainerStatusStopped, + }}, + []codersdk.WorkspaceAgentScript{{ + ID: devcontainerID, + LogSourceID: uuid.New(), + }}, + ), + agentcontainers.WithContainerLabelIncludeFilter("coder.test", t.Name()), ) }) - _ = coderdtest.NewWorkspaceAgentWaiter(t, client, workspace.ID).Wait() + coderdtest.NewWorkspaceAgentWaiter(t, client, workspace.ID).AgentNames([]string{parentAgentName, devcontainerName}).Wait() insideWorkspaceEnv := map[string]string{ "CODER": "true", "CODER_WORKSPACE_NAME": workspace.Name, - "CODER_WORKSPACE_AGENT_NAME": agentName, + "CODER_WORKSPACE_AGENT_NAME": devcontainerName, } wd, err := os.Getwd() @@ -535,41 +445,48 @@ func TestOpenVSCodeDevContainer_NoAgentDirectory(t *testing.T) { wantToken bool }{ { - name: "ok", - args: []string{"--test.open-error", workspace.Name, "--container", containerName}, + name: "nonexistent container", + args: []string{"--test.open-error", workspace.Name + "." + devcontainerName + "bad"}, + wantError: true, }, { - name: "no agent dir error relative path", - args: []string{"--test.open-error", workspace.Name, "--container", containerName, "my/relative/path"}, - wantDir: filepath.FromSlash("my/relative/path"), - wantError: true, + name: "ok", + args: []string{"--test.open-error", workspace.Name + "." + devcontainerName}, + wantError: false, }, { - name: "ok with absolute path", - args: []string{"--test.open-error", workspace.Name, "--container", containerName, "/home/coder"}, - wantDir: "/home/coder", + name: "ok with absolute path", + args: []string{"--test.open-error", workspace.Name + "." + devcontainerName, containerFolder}, + wantError: false, + }, + { + name: "ok with relative path", + args: []string{"--test.open-error", workspace.Name + "." + devcontainerName, "my/relative/path"}, + wantDir: path.Join(containerFolder, "my/relative/path"), + wantError: false, }, { name: "ok with token", - args: []string{"--test.open-error", workspace.Name, "--container", containerName, "--generate-token"}, + args: []string{"--test.open-error", workspace.Name + "." + devcontainerName, "--generate-token"}, + wantError: false, wantToken: true, }, // Inside workspace, does not require --test.open-error { name: "ok inside workspace", env: insideWorkspaceEnv, - args: []string{workspace.Name, "--container", containerName}, + args: []string{workspace.Name + "." + devcontainerName}, }, { name: "ok inside workspace relative path", env: insideWorkspaceEnv, - args: []string{workspace.Name, "--container", containerName, "foo"}, + args: []string{workspace.Name + "." + devcontainerName, "foo"}, wantDir: filepath.Join(wd, "foo"), }, { name: "ok inside workspace token", env: insideWorkspaceEnv, - args: []string{workspace.Name, "--container", containerName, "--generate-token"}, + args: []string{workspace.Name + "." + devcontainerName, "--generate-token"}, wantToken: true, }, } @@ -610,8 +527,10 @@ func TestOpenVSCodeDevContainer_NoAgentDirectory(t *testing.T) { assert.Equal(t, client.URL.String(), qp.Get("url")) assert.Equal(t, me.Username, qp.Get("owner")) assert.Equal(t, workspace.Name, qp.Get("workspace")) - assert.Equal(t, agentName, qp.Get("agent")) + assert.Equal(t, parentAgentName, qp.Get("agent")) assert.Equal(t, containerName, qp.Get("devContainerName")) + assert.Equal(t, workspaceFolder, qp.Get("localWorkspaceFolder")) + assert.Equal(t, configFile, qp.Get("localConfigFile")) if tt.wantDir != "" { assert.Equal(t, tt.wantDir, qp.Get("devContainerFolder")) diff --git a/cli/organizationroles.go b/cli/organizationroles.go index 4d68ab02ae78d..3651baea88d2f 100644 --- a/cli/organizationroles.go +++ b/cli/organizationroles.go @@ -435,7 +435,6 @@ func applyOrgResourceActions(role *codersdk.Role, resource string, actions []str // Construct new site perms with only new perms for the resource keep := make([]codersdk.Permission, 0) for _, perm := range role.OrganizationPermissions { - perm := perm if string(perm.ResourceType) != resource { keep = append(keep, perm) } diff --git a/cli/organizationsettings.go b/cli/organizationsettings.go index 920ae41ebe1fc..391a4f72e27fd 100644 --- a/cli/organizationsettings.go +++ b/cli/organizationsettings.go @@ -116,7 +116,6 @@ func (r *RootCmd) setOrganizationSettings(orgContext *OrganizationContext, setti } for _, set := range settings { - set := set patch := set.Patch cmd.Children = append(cmd.Children, &serpent.Command{ Use: set.Name, @@ -192,7 +191,6 @@ func (r *RootCmd) printOrganizationSetting(orgContext *OrganizationContext, sett } for _, set := range settings { - set := set fetch := set.Fetch cmd.Children = append(cmd.Children, &serpent.Command{ Use: set.Name, diff --git a/cli/parameter.go b/cli/parameter.go index 02ff4e11f63e4..2b56c364faf23 100644 --- a/cli/parameter.go +++ b/cli/parameter.go @@ -100,6 +100,14 @@ func (wpf *workspaceParameterFlags) alwaysPrompt() serpent.Option { } } +func presetParameterAsWorkspaceBuildParameters(presetParameters []codersdk.PresetParameter) []codersdk.WorkspaceBuildParameter { + var params []codersdk.WorkspaceBuildParameter + for _, parameter := range presetParameters { + params = append(params, codersdk.WorkspaceBuildParameter(parameter)) + } + return params +} + func asWorkspaceBuildParameters(nameValuePairs []string) ([]codersdk.WorkspaceBuildParameter, error) { var params []codersdk.WorkspaceBuildParameter for _, nameValue := range nameValuePairs { @@ -145,9 +153,11 @@ func parseParameterMapFile(parameterFile string) (map[string]string, error) { return parameterMap, nil } -// buildFlags contains options relating to troubleshooting provisioner jobs. +// buildFlags contains options relating to troubleshooting provisioner jobs +// and setting the reason for the workspace build. type buildFlags struct { provisionerLogDebug bool + reason string } func (bf *buildFlags) cliOptions() []serpent.Option { @@ -160,5 +170,17 @@ This is useful for troubleshooting build issues.`, Value: serpent.BoolOf(&bf.provisionerLogDebug), Hidden: true, }, + { + Flag: "reason", + Description: `Sets the reason for the workspace build (cli, vscode_connection, jetbrains_connection).`, + Value: serpent.EnumOf( + &bf.reason, + string(codersdk.BuildReasonCLI), + string(codersdk.BuildReasonVSCodeConnection), + string(codersdk.BuildReasonJetbrainsConnection), + ), + Default: string(codersdk.BuildReasonCLI), + Hidden: true, + }, } } diff --git a/cli/parameterresolver.go b/cli/parameterresolver.go index 40625331fa6aa..cbd00fb59623e 100644 --- a/cli/parameterresolver.go +++ b/cli/parameterresolver.go @@ -26,6 +26,7 @@ type ParameterResolver struct { lastBuildParameters []codersdk.WorkspaceBuildParameter sourceWorkspaceParameters []codersdk.WorkspaceBuildParameter + presetParameters []codersdk.WorkspaceBuildParameter richParameters []codersdk.WorkspaceBuildParameter richParametersDefaults map[string]string richParametersFile map[string]string @@ -45,6 +46,11 @@ func (pr *ParameterResolver) WithSourceWorkspaceParameters(params []codersdk.Wor return pr } +func (pr *ParameterResolver) WithPresetParameters(params []codersdk.WorkspaceBuildParameter) *ParameterResolver { + pr.presetParameters = params + return pr +} + func (pr *ParameterResolver) WithRichParameters(params []codersdk.WorkspaceBuildParameter) *ParameterResolver { pr.richParameters = params return pr @@ -80,6 +86,8 @@ func (pr *ParameterResolver) WithPromptEphemeralParameters(promptEphemeralParame return pr } +// Resolve gathers workspace build parameters in a layered fashion, applying values from various sources +// in order of precedence: parameter file < CLI/ENV < source build < last build < preset < user input. func (pr *ParameterResolver) Resolve(inv *serpent.Invocation, action WorkspaceCLIAction, templateVersionParameters []codersdk.TemplateVersionParameter) ([]codersdk.WorkspaceBuildParameter, error) { var staged []codersdk.WorkspaceBuildParameter var err error @@ -88,6 +96,7 @@ func (pr *ParameterResolver) Resolve(inv *serpent.Invocation, action WorkspaceCL staged = pr.resolveWithCommandLineOrEnv(staged) staged = pr.resolveWithSourceBuildParameters(staged, templateVersionParameters) staged = pr.resolveWithLastBuildParameters(staged, templateVersionParameters) + staged = pr.resolveWithPreset(staged) // Preset parameters take precedence from all other parameters if err = pr.verifyConstraints(staged, action, templateVersionParameters); err != nil { return nil, err } @@ -97,6 +106,21 @@ func (pr *ParameterResolver) Resolve(inv *serpent.Invocation, action WorkspaceCL return staged, nil } +func (pr *ParameterResolver) resolveWithPreset(resolved []codersdk.WorkspaceBuildParameter) []codersdk.WorkspaceBuildParameter { +next: + for _, presetParameter := range pr.presetParameters { + for i, r := range resolved { + if r.Name == presetParameter.Name { + resolved[i].Value = presetParameter.Value + continue next + } + } + resolved = append(resolved, presetParameter) + } + + return resolved +} + func (pr *ParameterResolver) resolveWithParametersMapFile(resolved []codersdk.WorkspaceBuildParameter) []codersdk.WorkspaceBuildParameter { next: for name, value := range pr.richParametersFile { diff --git a/cli/ping.go b/cli/ping.go index f75ed42d26362..29af06affeaee 100644 --- a/cli/ping.go +++ b/cli/ping.go @@ -53,7 +53,7 @@ func (s *pingSummary) addResult(r *ipnstate.PingResult) { if s.Min == nil || r.LatencySeconds < s.Min.Seconds() { s.Min = ptr.Ref(time.Duration(r.LatencySeconds * float64(time.Second))) } - if s.Max == nil || r.LatencySeconds > s.Min.Seconds() { + if s.Max == nil || r.LatencySeconds > s.Max.Seconds() { s.Max = ptr.Ref(time.Duration(r.LatencySeconds * float64(time.Second))) } s.latencySum += r.LatencySeconds @@ -110,7 +110,7 @@ func (r *RootCmd) ping() *serpent.Command { defer notifyCancel() workspaceName := inv.Args[0] - _, workspaceAgent, err := getWorkspaceAndAgent( + _, workspaceAgent, _, err := GetWorkspaceAndAgent( ctx, inv, client, false, // Do not autostart for a ping. workspaceName, @@ -147,7 +147,7 @@ func (r *RootCmd) ping() *serpent.Command { } defer conn.Close() - derpMap := conn.DERPMap() + derpMap := conn.TailnetConn().DERPMap() diagCtx, diagCancel := context.WithTimeout(inv.Context(), 30*time.Second) defer diagCancel() @@ -156,7 +156,7 @@ func (r *RootCmd) ping() *serpent.Command { // Silent ping to determine whether we should show diags _, didP2p, _, _ := conn.Ping(ctx) - ni := conn.GetNetInfo() + ni := conn.TailnetConn().GetNetInfo() connDiags := cliui.ConnDiags{ DisableDirect: r.disableDirect, LocalNetInfo: ni, diff --git a/cli/ping_internal_test.go b/cli/ping_internal_test.go index 0c131fadfa52a..5448d29f32133 100644 --- a/cli/ping_internal_test.go +++ b/cli/ping_internal_test.go @@ -21,11 +21,11 @@ func TestBuildSummary(t *testing.T) { }, { Err: "", - LatencySeconds: 0.2, + LatencySeconds: 0.3, }, { Err: "", - LatencySeconds: 0.3, + LatencySeconds: 0.2, }, { Err: "ping error", diff --git a/cli/portforward.go b/cli/portforward.go index e6ef2eb11bca8..1b055d9e4362e 100644 --- a/cli/portforward.go +++ b/cli/portforward.go @@ -84,7 +84,7 @@ func (r *RootCmd) portForward() *serpent.Command { return xerrors.New("no port-forwards requested") } - workspace, workspaceAgent, err := getWorkspaceAndAgent(ctx, inv, client, !disableAutostart, inv.Args[0]) + workspace, workspaceAgent, _, err := GetWorkspaceAndAgent(ctx, inv, client, !disableAutostart, inv.Args[0]) if err != nil { return err } @@ -221,7 +221,7 @@ func (r *RootCmd) portForward() *serpent.Command { func listenAndPortForward( ctx context.Context, inv *serpent.Invocation, - conn *workspacesdk.AgentConn, + conn workspacesdk.AgentConn, wg *sync.WaitGroup, spec portForwardSpec, logger slog.Logger, diff --git a/cli/portforward_test.go b/cli/portforward_test.go index e995b31950314..9899bd28cccdf 100644 --- a/cli/portforward_test.go +++ b/cli/portforward_test.go @@ -13,7 +13,6 @@ import ( "github.com/pion/udp" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - "golang.org/x/xerrors" "github.com/coder/coder/v2/agent" "github.com/coder/coder/v2/agent/agenttest" @@ -161,7 +160,7 @@ func TestPortForward(t *testing.T) { inv.Stdout = pty.Output() inv.Stderr = pty.Output() - iNet := newInProcNet() + iNet := testutil.NewInProcNet() inv.Net = iNet ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong) defer cancel() @@ -177,10 +176,10 @@ func TestPortForward(t *testing.T) { // sync. dialCtx, dialCtxCancel := context.WithTimeout(ctx, testutil.WaitShort) defer dialCtxCancel() - c1, err := iNet.dial(dialCtx, addr{c.network, c.localAddress[0]}) + c1, err := iNet.Dial(dialCtx, testutil.NewAddr(c.network, c.localAddress[0])) require.NoError(t, err, "open connection 1 to 'local' listener") defer c1.Close() - c2, err := iNet.dial(dialCtx, addr{c.network, c.localAddress[0]}) + c2, err := iNet.Dial(dialCtx, testutil.NewAddr(c.network, c.localAddress[0])) require.NoError(t, err, "open connection 2 to 'local' listener") defer c2.Close() testDial(t, c2) @@ -218,7 +217,7 @@ func TestPortForward(t *testing.T) { inv.Stdout = pty.Output() inv.Stderr = pty.Output() - iNet := newInProcNet() + iNet := testutil.NewInProcNet() inv.Net = iNet ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong) defer cancel() @@ -232,10 +231,10 @@ func TestPortForward(t *testing.T) { // then test them out of order. dialCtx, dialCtxCancel := context.WithTimeout(ctx, testutil.WaitShort) defer dialCtxCancel() - c1, err := iNet.dial(dialCtx, addr{c.network, c.localAddress[0]}) + c1, err := iNet.Dial(dialCtx, testutil.NewAddr(c.network, c.localAddress[0])) require.NoError(t, err, "open connection 1 to 'local' listener 1") defer c1.Close() - c2, err := iNet.dial(dialCtx, addr{c.network, c.localAddress[1]}) + c2, err := iNet.Dial(dialCtx, testutil.NewAddr(c.network, c.localAddress[1])) require.NoError(t, err, "open connection 2 to 'local' listener 2") defer c2.Close() testDial(t, c2) @@ -257,7 +256,7 @@ func TestPortForward(t *testing.T) { t.Run("All", func(t *testing.T) { t.Parallel() var ( - dials = []addr{} + dials = []testutil.Addr{} flags = []string{} ) @@ -265,10 +264,7 @@ func TestPortForward(t *testing.T) { for _, c := range cases { p := setupTestListener(t, c.setupRemote(t)) - dials = append(dials, addr{ - network: c.network, - addr: c.localAddress[0], - }) + dials = append(dials, testutil.NewAddr(c.network, c.localAddress[0])) flags = append(flags, fmt.Sprintf(c.flag[0], p)) } @@ -279,7 +275,7 @@ func TestPortForward(t *testing.T) { pty := ptytest.New(t).Attach(inv) inv.Stderr = pty.Output() - iNet := newInProcNet() + iNet := testutil.NewInProcNet() inv.Net = iNet ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong) defer cancel() @@ -296,7 +292,7 @@ func TestPortForward(t *testing.T) { ) defer dialCtxCancel() for i, a := range dials { - c, err := iNet.dial(dialCtx, a) + c, err := iNet.Dial(dialCtx, a) require.NoErrorf(t, err, "open connection %v to 'local' listener %v", i+1, i+1) t.Cleanup(func() { _ = c.Close() @@ -340,7 +336,7 @@ func TestPortForward(t *testing.T) { inv.Stdout = pty.Output() inv.Stderr = pty.Output() - iNet := newInProcNet() + iNet := testutil.NewInProcNet() inv.Net = iNet // listen on port 5555 on IPv6 so it's busy when we try to port forward @@ -361,7 +357,7 @@ func TestPortForward(t *testing.T) { // Test IPv4 still works dialCtx, dialCtxCancel := context.WithTimeout(ctx, testutil.WaitShort) defer dialCtxCancel() - c1, err := iNet.dial(dialCtx, addr{"tcp", "127.0.0.1:5555"}) + c1, err := iNet.Dial(dialCtx, testutil.NewAddr("tcp", "127.0.0.1:5555")) require.NoError(t, err, "open connection 1 to 'local' listener") defer c1.Close() testDial(t, c1) @@ -473,95 +469,3 @@ func assertWritePayload(t *testing.T, w io.Writer, payload []byte) { assert.NoError(t, err, "write payload") assert.Equal(t, len(payload), n, "payload length does not match") } - -type addr struct { - network string - addr string -} - -func (a addr) Network() string { - return a.network -} - -func (a addr) Address() string { - return a.addr -} - -func (a addr) String() string { - return a.network + "|" + a.addr -} - -type inProcNet struct { - sync.Mutex - - listeners map[addr]*inProcListener -} - -type inProcListener struct { - c chan net.Conn - n *inProcNet - a addr - o sync.Once -} - -func newInProcNet() *inProcNet { - return &inProcNet{listeners: make(map[addr]*inProcListener)} -} - -func (n *inProcNet) Listen(network, address string) (net.Listener, error) { - a := addr{network, address} - n.Lock() - defer n.Unlock() - if _, ok := n.listeners[a]; ok { - return nil, xerrors.New("busy") - } - l := newInProcListener(n, a) - n.listeners[a] = l - return l, nil -} - -func (n *inProcNet) dial(ctx context.Context, a addr) (net.Conn, error) { - n.Lock() - defer n.Unlock() - l, ok := n.listeners[a] - if !ok { - return nil, xerrors.Errorf("nothing listening on %s", a) - } - x, y := net.Pipe() - select { - case <-ctx.Done(): - return nil, ctx.Err() - case l.c <- x: - return y, nil - } -} - -func newInProcListener(n *inProcNet, a addr) *inProcListener { - return &inProcListener{ - c: make(chan net.Conn), - n: n, - a: a, - } -} - -func (l *inProcListener) Accept() (net.Conn, error) { - c, ok := <-l.c - if !ok { - return nil, net.ErrClosed - } - return c, nil -} - -func (l *inProcListener) Close() error { - l.o.Do(func() { - l.n.Lock() - defer l.n.Unlock() - delete(l.n.listeners, l.a) - close(l.c) - }) - return nil -} - -func (l *inProcListener) Addr() net.Addr { - return l.a -} diff --git a/cli/provisionerjobs.go b/cli/provisionerjobs.go index c2b6b78658447..2ddd04c5b6a29 100644 --- a/cli/provisionerjobs.go +++ b/cli/provisionerjobs.go @@ -166,7 +166,7 @@ func (r *RootCmd) provisionerJobsCancel() *serpent.Command { err = client.CancelTemplateVersion(ctx, ptr.NilToEmpty(job.Input.TemplateVersionID)) case codersdk.ProvisionerJobTypeWorkspaceBuild: _, _ = fmt.Fprintf(inv.Stdout, "Canceling workspace build job %s...\n", job.ID) - err = client.CancelWorkspaceBuild(ctx, ptr.NilToEmpty(job.Input.WorkspaceBuildID)) + err = client.CancelWorkspaceBuild(ctx, ptr.NilToEmpty(job.Input.WorkspaceBuildID), codersdk.CancelWorkspaceBuildParams{}) } if err != nil { return xerrors.Errorf("cancel provisioner job: %w", err) diff --git a/cli/provisionerjobs_test.go b/cli/provisionerjobs_test.go index b33fd8b984dc7..4db42e8e3c9e7 100644 --- a/cli/provisionerjobs_test.go +++ b/cli/provisionerjobs_test.go @@ -8,7 +8,6 @@ import ( "testing" "time" - "github.com/aws/smithy-go/ptr" "github.com/google/uuid" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" @@ -20,6 +19,7 @@ import ( "github.com/coder/coder/v2/coderd/database/dbtestutil" "github.com/coder/coder/v2/coderd/rbac" "github.com/coder/coder/v2/codersdk" + "github.com/coder/coder/v2/provisionersdk" "github.com/coder/coder/v2/testutil" ) @@ -36,67 +36,43 @@ func TestProvisionerJobs(t *testing.T) { templateAdminClient, templateAdmin := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID, rbac.ScopedRoleOrgTemplateAdmin(owner.OrganizationID)) memberClient, member := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID) - // Create initial resources with a running provisioner. - firstProvisioner := coderdtest.NewTaggedProvisionerDaemon(t, coderdAPI, "default-provisioner", map[string]string{"owner": "", "scope": "organization"}) - t.Cleanup(func() { _ = firstProvisioner.Close() }) - version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, completeWithAgent()) - coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) - template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID, func(req *codersdk.CreateTemplateRequest) { - req.AllowUserCancelWorkspaceJobs = ptr.Bool(true) + // These CLI tests are related to provisioner job CRUD operations and as such + // do not require the overhead of starting a provisioner. Other provisioner job + // functionalities (acquisition etc.) are tested elsewhere. + template := dbgen.Template(t, db, database.Template{ + OrganizationID: owner.OrganizationID, + CreatedBy: owner.UserID, + AllowUserCancelWorkspaceJobs: true, + }) + version := dbgen.TemplateVersion(t, db, database.TemplateVersion{ + OrganizationID: owner.OrganizationID, + CreatedBy: owner.UserID, + TemplateID: uuid.NullUUID{UUID: template.ID, Valid: true}, }) - - // Stop the provisioner so it doesn't grab any more jobs. - firstProvisioner.Close() t.Run("Cancel", func(t *testing.T) { t.Parallel() - // Set up test helpers. - type jobInput struct { - WorkspaceBuildID string `json:"workspace_build_id,omitempty"` - TemplateVersionID string `json:"template_version_id,omitempty"` - DryRun bool `json:"dry_run,omitempty"` - } - prepareJob := func(t *testing.T, input jobInput) database.ProvisionerJob { + // Test helper to create a provisioner job of a given type with a given input. + prepareJob := func(t *testing.T, jobType database.ProvisionerJobType, input json.RawMessage) database.ProvisionerJob { t.Helper() - - inputBytes, err := json.Marshal(input) - require.NoError(t, err) - - var typ database.ProvisionerJobType - switch { - case input.WorkspaceBuildID != "": - typ = database.ProvisionerJobTypeWorkspaceBuild - case input.TemplateVersionID != "": - if input.DryRun { - typ = database.ProvisionerJobTypeTemplateVersionDryRun - } else { - typ = database.ProvisionerJobTypeTemplateVersionImport - } - default: - t.Fatal("invalid input") - } - - var ( - tags = database.StringMap{"owner": "", "scope": "organization", "foo": uuid.New().String()} - _ = dbgen.ProvisionerDaemon(t, db, database.ProvisionerDaemon{Tags: tags}) - job = dbgen.ProvisionerJob(t, db, coderdAPI.Pubsub, database.ProvisionerJob{ - InitiatorID: member.ID, - Input: json.RawMessage(inputBytes), - Type: typ, - Tags: tags, - StartedAt: sql.NullTime{Time: coderdAPI.Clock.Now().Add(-time.Minute), Valid: true}, - }) - ) - return job + return dbgen.ProvisionerJob(t, db, coderdAPI.Pubsub, database.ProvisionerJob{ + InitiatorID: member.ID, + Input: input, + Type: jobType, + StartedAt: sql.NullTime{Time: coderdAPI.Clock.Now().Add(-time.Minute), Valid: true}, + Tags: database.StringMap{provisionersdk.TagOwner: "", provisionersdk.TagScope: provisionersdk.ScopeOrganization, "foo": uuid.NewString()}, + }) } + // Test helper to create a workspace build job with a predefined input. prepareWorkspaceBuildJob := func(t *testing.T) database.ProvisionerJob { t.Helper() var ( - wbID = uuid.New() - job = prepareJob(t, jobInput{WorkspaceBuildID: wbID.String()}) - w = dbgen.Workspace(t, db, database.WorkspaceTable{ + wbID = uuid.New() + input, _ = json.Marshal(map[string]string{"workspace_build_id": wbID.String()}) + job = prepareJob(t, database.ProvisionerJobTypeWorkspaceBuild, input) + w = dbgen.Workspace(t, db, database.WorkspaceTable{ OrganizationID: owner.OrganizationID, OwnerID: member.ID, TemplateID: template.ID, @@ -112,12 +88,14 @@ func TestProvisionerJobs(t *testing.T) { return job } - prepareTemplateVersionImportJobBuilder := func(t *testing.T, dryRun bool) database.ProvisionerJob { + // Test helper to create a template version import job with a predefined input. + prepareTemplateVersionImportJob := func(t *testing.T) database.ProvisionerJob { t.Helper() var ( - tvID = uuid.New() - job = prepareJob(t, jobInput{TemplateVersionID: tvID.String(), DryRun: dryRun}) - _ = dbgen.TemplateVersion(t, db, database.TemplateVersion{ + tvID = uuid.New() + input, _ = json.Marshal(map[string]string{"template_version_id": tvID.String()}) + job = prepareJob(t, database.ProvisionerJobTypeTemplateVersionImport, input) + _ = dbgen.TemplateVersion(t, db, database.TemplateVersion{ OrganizationID: owner.OrganizationID, CreatedBy: templateAdmin.ID, ID: tvID, @@ -127,11 +105,26 @@ func TestProvisionerJobs(t *testing.T) { ) return job } - prepareTemplateVersionImportJob := func(t *testing.T) database.ProvisionerJob { - return prepareTemplateVersionImportJobBuilder(t, false) - } + + // Test helper to create a template version import dry run job with a predefined input. prepareTemplateVersionImportJobDryRun := func(t *testing.T) database.ProvisionerJob { - return prepareTemplateVersionImportJobBuilder(t, true) + t.Helper() + var ( + tvID = uuid.New() + input, _ = json.Marshal(map[string]interface{}{ + "template_version_id": tvID.String(), + "dry_run": true, + }) + job = prepareJob(t, database.ProvisionerJobTypeTemplateVersionDryRun, input) + _ = dbgen.TemplateVersion(t, db, database.TemplateVersion{ + OrganizationID: owner.OrganizationID, + CreatedBy: templateAdmin.ID, + ID: tvID, + TemplateID: uuid.NullUUID{UUID: template.ID, Valid: true}, + JobID: job.ID, + }) + ) + return job } // Run the cancellation test suite. diff --git a/cli/provisioners.go b/cli/provisioners.go index 8f90a52589939..77f5e7705edd5 100644 --- a/cli/provisioners.go +++ b/cli/provisioners.go @@ -2,10 +2,12 @@ package cli import ( "fmt" + "time" "golang.org/x/xerrors" "github.com/coder/coder/v2/cli/cliui" + "github.com/coder/coder/v2/coderd/util/slice" "github.com/coder/coder/v2/codersdk" "github.com/coder/serpent" ) @@ -39,7 +41,10 @@ func (r *RootCmd) provisionerList() *serpent.Command { cliui.TableFormat([]provisionerDaemonRow{}, []string{"created at", "last seen at", "key name", "name", "version", "status", "tags"}), cliui.JSONFormat(), ) - limit int64 + limit int64 + offline bool + status []string + maxAge time.Duration ) cmd := &serpent.Command{ @@ -59,7 +64,10 @@ func (r *RootCmd) provisionerList() *serpent.Command { } daemons, err := client.OrganizationProvisionerDaemons(ctx, org.ID, &codersdk.OrganizationProvisionerDaemonsOptions{ - Limit: int(limit), + Limit: int(limit), + Offline: offline, + Status: slice.StringEnums[codersdk.ProvisionerDaemonStatus](status), + MaxAge: maxAge, }) if err != nil { return xerrors.Errorf("list provisioner daemons: %w", err) @@ -98,6 +106,27 @@ func (r *RootCmd) provisionerList() *serpent.Command { Default: "50", Value: serpent.Int64Of(&limit), }, + { + Flag: "show-offline", + FlagShorthand: "f", + Env: "CODER_PROVISIONER_SHOW_OFFLINE", + Description: "Show offline provisioners.", + Value: serpent.BoolOf(&offline), + }, + { + Flag: "status", + FlagShorthand: "s", + Env: "CODER_PROVISIONER_LIST_STATUS", + Description: "Filter by provisioner status.", + Value: serpent.EnumArrayOf(&status, slice.ToStrings(codersdk.ProvisionerDaemonStatusEnums())...), + }, + { + Flag: "max-age", + FlagShorthand: "m", + Env: "CODER_PROVISIONER_LIST_MAX_AGE", + Description: "Filter provisioners by maximum age.", + Value: serpent.DurationOf(&maxAge), + }, }...) orgContext.AttachOptions(cmd) diff --git a/cli/provisioners_test.go b/cli/provisioners_test.go index 30a89714ff57f..f70029e7fa366 100644 --- a/cli/provisioners_test.go +++ b/cli/provisioners_test.go @@ -31,7 +31,6 @@ func TestProvisioners_Golden(t *testing.T) { // Replace UUIDs with predictable values for golden files. replace := make(map[string]string) updateReplaceUUIDs := func(coderdAPI *coderd.API) { - //nolint:gocritic // This is a test. systemCtx := dbauthz.AsSystemRestricted(context.Background()) provisioners, err := coderdAPI.Database.GetProvisionerDaemons(systemCtx) require.NoError(t, err) @@ -198,6 +197,74 @@ func TestProvisioners_Golden(t *testing.T) { clitest.TestGoldenFile(t, t.Name(), got.Bytes(), replace) }) + t.Run("list with offline provisioner daemons", func(t *testing.T) { + t.Parallel() + + var got bytes.Buffer + inv, root := clitest.New(t, + "provisioners", + "list", + "--show-offline", + ) + inv.Stdout = &got + clitest.SetupConfig(t, templateAdminClient, root) + err := inv.Run() + require.NoError(t, err) + + clitest.TestGoldenFile(t, t.Name(), got.Bytes(), replace) + }) + + t.Run("list provisioner daemons by status", func(t *testing.T) { + t.Parallel() + + var got bytes.Buffer + inv, root := clitest.New(t, + "provisioners", + "list", + "--status=idle,offline,busy", + ) + inv.Stdout = &got + clitest.SetupConfig(t, templateAdminClient, root) + err := inv.Run() + require.NoError(t, err) + + clitest.TestGoldenFile(t, t.Name(), got.Bytes(), replace) + }) + + t.Run("list provisioner daemons without offline", func(t *testing.T) { + t.Parallel() + + var got bytes.Buffer + inv, root := clitest.New(t, + "provisioners", + "list", + "--status=idle,busy", + ) + inv.Stdout = &got + clitest.SetupConfig(t, templateAdminClient, root) + err := inv.Run() + require.NoError(t, err) + + clitest.TestGoldenFile(t, t.Name(), got.Bytes(), replace) + }) + + t.Run("list provisioner daemons by max age", func(t *testing.T) { + t.Parallel() + + var got bytes.Buffer + inv, root := clitest.New(t, + "provisioners", + "list", + "--max-age=1h", + ) + inv.Stdout = &got + clitest.SetupConfig(t, templateAdminClient, root) + err := inv.Run() + require.NoError(t, err) + + clitest.TestGoldenFile(t, t.Name(), got.Bytes(), replace) + }) + // Test jobs list with template admin as members are currently // unable to access provisioner jobs. In the future (with RBAC // changes), we may allow them to view _their_ jobs. diff --git a/cli/restart.go b/cli/restart.go index 156f506105c5a..20ee0b9b9de9d 100644 --- a/cli/restart.go +++ b/cli/restart.go @@ -51,8 +51,17 @@ func (r *RootCmd) restart() *serpent.Command { return err } + stopParamValues, err := asWorkspaceBuildParameters(parameterFlags.ephemeralParameters) + if err != nil { + return xerrors.Errorf("parse ephemeral parameters: %w", err) + } wbr := codersdk.CreateWorkspaceBuildRequest{ Transition: codersdk.WorkspaceTransitionStop, + // Ephemeral parameters should be passed to both stop and start builds. + // TODO: maybe these values should be sourced from the previous build? + // It has to be manually sourced, as ephemeral parameters do not carry across + // builds. + RichParameterValues: stopParamValues, } if bflags.provisionerLogDebug { wbr.LogLevel = codersdk.ProvisionerLogLevelDebug diff --git a/cli/restart_test.go b/cli/restart_test.go index d69344435bf28..01be7e590cebf 100644 --- a/cli/restart_test.go +++ b/cli/restart_test.go @@ -10,6 +10,7 @@ import ( "github.com/coder/coder/v2/cli/clitest" "github.com/coder/coder/v2/coderd/coderdtest" + "github.com/coder/coder/v2/coderd/util/ptr" "github.com/coder/coder/v2/codersdk" "github.com/coder/coder/v2/provisioner/echo" "github.com/coder/coder/v2/provisionersdk/proto" @@ -70,8 +71,14 @@ func TestRestart(t *testing.T) { member, memberUser := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID) version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, echoResponses()) coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) - template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) - workspace := coderdtest.CreateWorkspace(t, member, template.ID) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID, func(request *codersdk.CreateTemplateRequest) { + request.UseClassicParameterFlow = ptr.Ref(true) // TODO: Remove when dynamic parameters prompt missing ephemeral parameters. + }) + workspace := coderdtest.CreateWorkspace(t, member, template.ID, func(request *codersdk.CreateWorkspaceRequest) { + request.RichParameterValues = []codersdk.WorkspaceBuildParameter{ + {Name: ephemeralParameterName, Value: "placeholder"}, + } + }) coderdtest.AwaitWorkspaceBuildJobCompleted(t, client, workspace.LatestBuild.ID) inv, root := clitest.New(t, "restart", workspace.Name, "--prompt-ephemeral-parameters") @@ -125,7 +132,11 @@ func TestRestart(t *testing.T) { version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, echoResponses()) coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) - workspace := coderdtest.CreateWorkspace(t, member, template.ID) + workspace := coderdtest.CreateWorkspace(t, member, template.ID, func(request *codersdk.CreateWorkspaceRequest) { + request.RichParameterValues = []codersdk.WorkspaceBuildParameter{ + {Name: ephemeralParameterName, Value: "placeholder"}, + } + }) coderdtest.AwaitWorkspaceBuildJobCompleted(t, client, workspace.LatestBuild.ID) inv, root := clitest.New(t, "restart", workspace.Name, @@ -178,8 +189,14 @@ func TestRestart(t *testing.T) { member, memberUser := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID) version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, echoResponses()) coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) - template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) - workspace := coderdtest.CreateWorkspace(t, member, template.ID) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID, func(request *codersdk.CreateTemplateRequest) { + request.UseClassicParameterFlow = ptr.Ref(true) // TODO: Remove when dynamic parameters prompts missing ephemeral parameters + }) + workspace := coderdtest.CreateWorkspace(t, member, template.ID, func(request *codersdk.CreateWorkspaceRequest) { + request.RichParameterValues = []codersdk.WorkspaceBuildParameter{ + {Name: ephemeralParameterName, Value: "placeholder"}, + } + }) coderdtest.AwaitWorkspaceBuildJobCompleted(t, client, workspace.LatestBuild.ID) inv, root := clitest.New(t, "restart", workspace.Name, "--build-options") @@ -233,7 +250,11 @@ func TestRestart(t *testing.T) { version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, echoResponses()) coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) - workspace := coderdtest.CreateWorkspace(t, member, template.ID) + workspace := coderdtest.CreateWorkspace(t, member, template.ID, func(request *codersdk.CreateWorkspaceRequest) { + request.RichParameterValues = []codersdk.WorkspaceBuildParameter{ + {Name: ephemeralParameterName, Value: "placeholder"}, + } + }) coderdtest.AwaitWorkspaceBuildJobCompleted(t, client, workspace.LatestBuild.ID) inv, root := clitest.New(t, "restart", workspace.Name, diff --git a/cli/root.go b/cli/root.go index 54215a67401dd..ed6869b6a1c49 100644 --- a/cli/root.go +++ b/cli/root.go @@ -108,7 +108,7 @@ func (r *RootCmd) CoreSubcommands() []*serpent.Command { // Workspace Commands r.autoupdate(), r.configSSH(), - r.create(), + r.Create(CreateOptions{}), r.deleteWorkspace(), r.favorite(), r.list(), @@ -635,6 +635,9 @@ func (r *RootCmd) HeaderTransport(ctx context.Context, serverURL *url.URL) (*cod } func (r *RootCmd) configureClient(ctx context.Context, client *codersdk.Client, serverURL *url.URL, inv *serpent.Invocation) error { + if client.SessionTokenProvider == nil { + client.SessionTokenProvider = codersdk.FixedSessionTokenProvider{} + } transport := http.DefaultTransport transport = wrapTransportWithTelemetryHeader(transport, inv) if !r.noVersionCheck { diff --git a/cli/schedule.go b/cli/schedule.go index 9ade82b9c4a36..b7d1ff9b1f2bf 100644 --- a/cli/schedule.go +++ b/cli/schedule.go @@ -46,7 +46,7 @@ When enabling scheduled stop, enter a duration in one of the following formats: * 2m (2 minutes) * 2 (2 minutes) ` - scheduleExtendDescriptionLong = ` + scheduleExtendDescriptionLong = `Extends the workspace deadline. * The new stop time is calculated from *now*. * The new stop time must be at least 30 minutes in the future. * The workspace template may restrict the maximum workspace runtime. @@ -117,7 +117,7 @@ func (r *RootCmd) scheduleShow() *serpent.Command { f.FilterQuery = fmt.Sprintf("owner:me name:%s", inv.Args[0]) } } - res, err := queryConvertWorkspaces(inv.Context(), client, f, scheduleListRowFromWorkspace) + res, err := QueryConvertWorkspaces(inv.Context(), client, f, scheduleListRowFromWorkspace) if err != nil { return err } @@ -157,6 +157,13 @@ func (r *RootCmd) scheduleStart() *serpent.Command { return err } + // Autostart configuration is not supported for prebuilt workspaces. + // Prebuild lifecycle is managed by the reconciliation loop, with scheduling behavior + // defined per preset at the template level, not per workspace. + if workspace.IsPrebuild { + return xerrors.Errorf("autostart configuration is not supported for prebuilt workspaces") + } + var schedStr *string if inv.Args[1] != "manual" { sched, err := parseCLISchedule(inv.Args[1:]...) @@ -205,6 +212,13 @@ func (r *RootCmd) scheduleStop() *serpent.Command { return err } + // Autostop configuration is not supported for prebuilt workspaces. + // Prebuild lifecycle is managed by the reconciliation loop, with scheduling behavior + // defined per preset at the template level, not per workspace. + if workspace.IsPrebuild { + return xerrors.Errorf("autostop configuration is not supported for prebuilt workspaces") + } + var durMillis *int64 if inv.Args[1] != "manual" { dur, err := parseDuration(inv.Args[1]) @@ -255,6 +269,13 @@ func (r *RootCmd) scheduleExtend() *serpent.Command { return xerrors.Errorf("get workspace: %w", err) } + // Deadline extensions are not supported for prebuilt workspaces. + // Prebuild lifecycle is managed by the reconciliation loop, with TTL behavior + // defined per preset at the template level, not per workspace. + if workspace.IsPrebuild { + return xerrors.Errorf("extend configuration is not supported for prebuilt workspaces") + } + loc, err := tz.TimezoneIANA() if err != nil { loc = time.UTC // best effort @@ -286,7 +307,7 @@ func (r *RootCmd) scheduleExtend() *serpent.Command { } func displaySchedule(ws codersdk.Workspace, out io.Writer) error { - rows := []workspaceListRow{workspaceListRowFromWorkspace(time.Now(), ws)} + rows := []WorkspaceListRow{WorkspaceListRowFromWorkspace(time.Now(), ws)} rendered, err := cliui.DisplayTable(rows, "workspace", []string{ "workspace", "starts at", "starts next", "stops after", "stops next", }) diff --git a/cli/schedule_test.go b/cli/schedule_test.go index 02997a9a4c40d..b161f41cbcebc 100644 --- a/cli/schedule_test.go +++ b/cli/schedule_test.go @@ -353,7 +353,7 @@ func TestScheduleOverride(t *testing.T) { ownerClient, _, _, ws := setupTestSchedule(t, sched) now := time.Now() // To avoid the likelihood of time-related flakes, only matching up to the hour. - expectedDeadline := time.Now().In(loc).Add(10 * time.Hour).Format("2006-01-02T15:") + expectedDeadline := now.In(loc).Add(10 * time.Hour).Format("2006-01-02T15:") // When: we override the stop schedule inv, root := clitest.New(t, diff --git a/cli/server.go b/cli/server.go index 7d587f5e1ae14..5018007e2b4e8 100644 --- a/cli/server.go +++ b/cli/server.go @@ -55,19 +55,13 @@ import ( "cdr.dev/slog" "cdr.dev/slog/sloggers/sloghuman" + "github.com/coder/coder/v2/coderd/pproflabel" "github.com/coder/pretty" "github.com/coder/quartz" "github.com/coder/retry" "github.com/coder/serpent" "github.com/coder/wgtunnel/tunnelsdk" - "github.com/coder/coder/v2/coderd/ai" - "github.com/coder/coder/v2/coderd/entitlements" - "github.com/coder/coder/v2/coderd/notifications/reports" - "github.com/coder/coder/v2/coderd/runtimeconfig" - "github.com/coder/coder/v2/coderd/webpush" - "github.com/coder/coder/v2/codersdk/drpcsdk" - "github.com/coder/coder/v2/buildinfo" "github.com/coder/coder/v2/cli/clilog" "github.com/coder/coder/v2/cli/cliui" @@ -78,21 +72,24 @@ import ( "github.com/coder/coder/v2/coderd/database" "github.com/coder/coder/v2/coderd/database/awsiamrds" "github.com/coder/coder/v2/coderd/database/dbauthz" - "github.com/coder/coder/v2/coderd/database/dbmem" "github.com/coder/coder/v2/coderd/database/dbmetrics" "github.com/coder/coder/v2/coderd/database/dbpurge" "github.com/coder/coder/v2/coderd/database/migrations" "github.com/coder/coder/v2/coderd/database/pubsub" "github.com/coder/coder/v2/coderd/devtunnel" + "github.com/coder/coder/v2/coderd/entitlements" "github.com/coder/coder/v2/coderd/externalauth" "github.com/coder/coder/v2/coderd/gitsshkey" "github.com/coder/coder/v2/coderd/httpmw" "github.com/coder/coder/v2/coderd/jobreaper" "github.com/coder/coder/v2/coderd/notifications" + "github.com/coder/coder/v2/coderd/notifications/reports" "github.com/coder/coder/v2/coderd/oauthpki" "github.com/coder/coder/v2/coderd/prometheusmetrics" "github.com/coder/coder/v2/coderd/prometheusmetrics/insights" "github.com/coder/coder/v2/coderd/promoauth" + "github.com/coder/coder/v2/coderd/provisionerdserver" + "github.com/coder/coder/v2/coderd/runtimeconfig" "github.com/coder/coder/v2/coderd/schedule" "github.com/coder/coder/v2/coderd/telemetry" "github.com/coder/coder/v2/coderd/tracing" @@ -100,9 +97,11 @@ import ( "github.com/coder/coder/v2/coderd/util/ptr" "github.com/coder/coder/v2/coderd/util/slice" stringutil "github.com/coder/coder/v2/coderd/util/strings" + "github.com/coder/coder/v2/coderd/webpush" "github.com/coder/coder/v2/coderd/workspaceapps/appurl" "github.com/coder/coder/v2/coderd/workspacestats" "github.com/coder/coder/v2/codersdk" + "github.com/coder/coder/v2/codersdk/drpcsdk" "github.com/coder/coder/v2/cryptorand" "github.com/coder/coder/v2/provisioner/echo" "github.com/coder/coder/v2/provisioner/terraform" @@ -281,6 +280,12 @@ func enablePrometheus( } } + provisionerdserverMetrics := provisionerdserver.NewMetrics(logger) + if err := provisionerdserverMetrics.Register(options.PrometheusRegistry); err != nil { + return nil, xerrors.Errorf("failed to register provisionerd_server metrics: %w", err) + } + options.ProvisionerdServerMetrics = provisionerdserverMetrics + //nolint:revive return ServeHandler( ctx, logger, promhttp.InstrumentMetricHandler( @@ -424,7 +429,7 @@ func (r *RootCmd) Server(newAPI func(context.Context, *coderd.Options) (*coderd. builtinPostgres := false // Only use built-in if PostgreSQL URL isn't specified! - if !vals.InMemoryDatabase && vals.PostgresURL == "" { + if vals.PostgresURL == "" { var closeFunc func() error cliui.Infof(inv.Stdout, "Using built-in PostgreSQL (%s)", config.PostgresPath()) customPostgresCacheDir := "" @@ -611,22 +616,6 @@ func (r *RootCmd) Server(newAPI func(context.Context, *coderd.Options) (*coderd. ) } - aiProviders, err := ReadAIProvidersFromEnv(os.Environ()) - if err != nil { - return xerrors.Errorf("read ai providers from env: %w", err) - } - vals.AI.Value.Providers = append(vals.AI.Value.Providers, aiProviders...) - for _, provider := range aiProviders { - logger.Debug( - ctx, "loaded ai provider", - slog.F("type", provider.Type), - ) - } - languageModels, err := ai.ModelsFromConfig(ctx, vals.AI.Value.Providers) - if err != nil { - return xerrors.Errorf("create language models: %w", err) - } - realIPConfig, err := httpmw.ParseRealIPConfig(vals.ProxyTrustedHeaders, vals.ProxyTrustedOrigins) if err != nil { return xerrors.Errorf("parse real ip config: %w", err) @@ -657,7 +646,6 @@ func (r *RootCmd) Server(newAPI func(context.Context, *coderd.Options) (*coderd. CacheDir: cacheDir, GoogleTokenValidator: googleTokenValidator, ExternalAuthConfigs: externalAuthConfigs, - LanguageModels: languageModels, RealIPConfig: realIPConfig, SSHKeygenAlgorithm: sshKeygenAlgorithm, TracerProvider: tracerProvider, @@ -744,43 +732,38 @@ func (r *RootCmd) Server(newAPI func(context.Context, *coderd.Options) (*coderd. // nil, that case of the select will just never fire, but it's important not to have a // "bare" read on this channel. var pubsubWatchdogTimeout <-chan struct{} - if vals.InMemoryDatabase { - // This is only used for testing. - options.Database = dbmem.New() - options.Pubsub = pubsub.NewInMemory() - } else { - sqlDB, dbURL, err := getAndMigratePostgresDB(ctx, logger, vals.PostgresURL.String(), codersdk.PostgresAuth(vals.PostgresAuth), sqlDriver) - if err != nil { - return xerrors.Errorf("connect to postgres: %w", err) - } - defer func() { - _ = sqlDB.Close() - }() - if options.DeploymentValues.Prometheus.Enable { - // At this stage we don't think the database name serves much purpose in these metrics. - // It requires parsing the DSN to determine it, which requires pulling in another dependency - // (i.e. https://github.com/jackc/pgx), but it's rather heavy. - // The conn string (https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING) can - // take different forms, which make parsing non-trivial. - options.PrometheusRegistry.MustRegister(collectors.NewDBStatsCollector(sqlDB, "")) - } + sqlDB, dbURL, err := getAndMigratePostgresDB(ctx, logger, vals.PostgresURL.String(), codersdk.PostgresAuth(vals.PostgresAuth), sqlDriver) + if err != nil { + return xerrors.Errorf("connect to postgres: %w", err) + } + defer func() { + _ = sqlDB.Close() + }() - options.Database = database.New(sqlDB) - ps, err := pubsub.New(ctx, logger.Named("pubsub"), sqlDB, dbURL) - if err != nil { - return xerrors.Errorf("create pubsub: %w", err) - } - options.Pubsub = ps - if options.DeploymentValues.Prometheus.Enable { - options.PrometheusRegistry.MustRegister(ps) - } - defer options.Pubsub.Close() - psWatchdog := pubsub.NewWatchdog(ctx, logger.Named("pswatch"), ps) - pubsubWatchdogTimeout = psWatchdog.Timeout() - defer psWatchdog.Close() + if options.DeploymentValues.Prometheus.Enable { + // At this stage we don't think the database name serves much purpose in these metrics. + // It requires parsing the DSN to determine it, which requires pulling in another dependency + // (i.e. https://github.com/jackc/pgx), but it's rather heavy. + // The conn string (https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING) can + // take different forms, which make parsing non-trivial. + options.PrometheusRegistry.MustRegister(collectors.NewDBStatsCollector(sqlDB, "")) } + options.Database = database.New(sqlDB) + ps, err := pubsub.New(ctx, logger.Named("pubsub"), sqlDB, dbURL) + if err != nil { + return xerrors.Errorf("create pubsub: %w", err) + } + options.Pubsub = ps + if options.DeploymentValues.Prometheus.Enable { + options.PrometheusRegistry.MustRegister(ps) + } + defer options.Pubsub.Close() + psWatchdog := pubsub.NewWatchdog(ctx, logger.Named("pswatch"), ps) + pubsubWatchdogTimeout = psWatchdog.Timeout() + defer psWatchdog.Close() + if options.DeploymentValues.Prometheus.Enable && options.DeploymentValues.Prometheus.CollectDBMetrics { options.Database = dbmetrics.NewQueryMetrics(options.Database, options.Logger, options.PrometheusRegistry) } else { @@ -1125,7 +1108,7 @@ func (r *RootCmd) Server(newAPI func(context.Context, *coderd.Options) (*coderd. autobuildTicker := time.NewTicker(vals.AutobuildPollInterval.Value()) defer autobuildTicker.Stop() autobuildExecutor := autobuild.NewExecutor( - ctx, options.Database, options.Pubsub, options.PrometheusRegistry, coderAPI.TemplateScheduleStore, &coderAPI.Auditor, coderAPI.AccessControlStore, logger, autobuildTicker.C, options.NotificationsEnqueuer, coderAPI.Experiments) + ctx, options.Database, options.Pubsub, coderAPI.FileCache, options.PrometheusRegistry, coderAPI.TemplateScheduleStore, &coderAPI.Auditor, coderAPI.AccessControlStore, coderAPI.BuildUsageChecker, logger, autobuildTicker.C, options.NotificationsEnqueuer, coderAPI.Experiments) autobuildExecutor.Run() jobReaperTicker := time.NewTicker(vals.JobReaperDetectorInterval.Value()) @@ -1202,7 +1185,6 @@ func (r *RootCmd) Server(newAPI func(context.Context, *coderd.Options) (*coderd. var wg sync.WaitGroup for i, provisionerDaemon := range provisionerDaemons { id := i + 1 - provisionerDaemon := provisionerDaemon wg.Add(1) go func() { defer wg.Done() @@ -1484,14 +1466,14 @@ func newProvisionerDaemon( tracer := coderAPI.TracerProvider.Tracer(tracing.TracerName) terraformClient, terraformServer := drpcsdk.MemTransportPipe() wg.Add(1) - go func() { + pproflabel.Go(ctx, pproflabel.Service(pproflabel.ServiceTerraformProvisioner), func(ctx context.Context) { defer wg.Done() <-ctx.Done() _ = terraformClient.Close() _ = terraformServer.Close() - }() + }) wg.Add(1) - go func() { + pproflabel.Go(ctx, pproflabel.Service(pproflabel.ServiceTerraformProvisioner), func(ctx context.Context) { defer wg.Done() defer cancel() @@ -1510,7 +1492,7 @@ func newProvisionerDaemon( default: } } - }() + }) connector[string(database.ProvisionerTypeTerraform)] = sdkproto.NewDRPCProvisionerClient(terraformClient) default: @@ -1680,7 +1662,6 @@ func configureServerTLS(ctx context.Context, logger slog.Logger, tlsMinVersion, // Expensively check which certificate matches the client hello. for _, cert := range certs { - cert := cert if err := hi.SupportsCertificate(&cert); err == nil { return &cert, nil } @@ -2642,77 +2623,6 @@ func redirectHTTPToHTTPSDeprecation(ctx context.Context, logger slog.Logger, inv } } -func ReadAIProvidersFromEnv(environ []string) ([]codersdk.AIProviderConfig, error) { - // The index numbers must be in-order. - sort.Strings(environ) - - var providers []codersdk.AIProviderConfig - for _, v := range serpent.ParseEnviron(environ, "CODER_AI_PROVIDER_") { - tokens := strings.SplitN(v.Name, "_", 2) - if len(tokens) != 2 { - return nil, xerrors.Errorf("invalid env var: %s", v.Name) - } - - providerNum, err := strconv.Atoi(tokens[0]) - if err != nil { - return nil, xerrors.Errorf("parse number: %s", v.Name) - } - - var provider codersdk.AIProviderConfig - switch { - case len(providers) < providerNum: - return nil, xerrors.Errorf( - "provider num %v skipped: %s", - len(providers), - v.Name, - ) - case len(providers) == providerNum: - // At the next next provider. - providers = append(providers, provider) - case len(providers) == providerNum+1: - // At the current provider. - provider = providers[providerNum] - } - - key := tokens[1] - switch key { - case "TYPE": - provider.Type = v.Value - case "API_KEY": - provider.APIKey = v.Value - case "BASE_URL": - provider.BaseURL = v.Value - case "MODELS": - provider.Models = strings.Split(v.Value, ",") - } - providers[providerNum] = provider - } - for _, envVar := range environ { - tokens := strings.SplitN(envVar, "=", 2) - if len(tokens) != 2 { - continue - } - switch tokens[0] { - case "OPENAI_API_KEY": - providers = append(providers, codersdk.AIProviderConfig{ - Type: "openai", - APIKey: tokens[1], - }) - case "ANTHROPIC_API_KEY": - providers = append(providers, codersdk.AIProviderConfig{ - Type: "anthropic", - APIKey: tokens[1], - }) - case "GOOGLE_API_KEY": - providers = append(providers, codersdk.AIProviderConfig{ - Type: "google", - APIKey: tokens[1], - }) - } - } - return providers, nil -} - // ReadExternalAuthProvidersFromEnv is provided for compatibility purposes with // the viper CLI. func ReadExternalAuthProvidersFromEnv(environ []string) ([]codersdk.ExternalAuthConfig, error) { diff --git a/cli/server_test.go b/cli/server_test.go index 2d0bbdd24e83b..435ed2879c9a3 100644 --- a/cli/server_test.go +++ b/cli/server_test.go @@ -59,9 +59,6 @@ import ( ) func dbArg(t *testing.T) string { - if !dbtestutil.WillUsePostgres() { - return "--in-memory" - } dbURL, err := dbtestutil.Open(t) require.NoError(t, err) return "--postgres-url=" + dbURL diff --git a/cli/show.go b/cli/show.go index f2d3df3ecc3c5..284e8581f5dda 100644 --- a/cli/show.go +++ b/cli/show.go @@ -8,6 +8,7 @@ import ( "github.com/google/uuid" + "github.com/coder/coder/v2/agent/agentcontainers" "github.com/coder/coder/v2/cli/cliui" "github.com/coder/coder/v2/codersdk" "github.com/coder/serpent" @@ -15,9 +16,18 @@ import ( func (r *RootCmd) show() *serpent.Command { client := new(codersdk.Client) + var details bool return &serpent.Command{ Use: "show ", Short: "Display details of a workspace's resources and agents", + Options: serpent.OptionSet{ + { + Flag: "details", + Description: "Show full error messages and additional details.", + Default: "false", + Value: serpent.BoolOf(&details), + }, + }, Middleware: serpent.Chain( serpent.RequireNArgs(1), r.InitClient(client), @@ -35,6 +45,7 @@ func (r *RootCmd) show() *serpent.Command { options := cliui.WorkspaceResourcesOptions{ WorkspaceName: workspace.Name, ServerVersion: buildInfo.Version, + ShowDetails: details, } if workspace.LatestBuild.Status == codersdk.WorkspaceStatusRunning { // Get listening ports for each agent. @@ -42,6 +53,7 @@ func (r *RootCmd) show() *serpent.Command { options.ListeningPorts = ports options.Devcontainers = devcontainers } + return cliui.WorkspaceResources(inv.Stdout, workspace.LatestBuild.Resources, options) }, } @@ -68,13 +80,17 @@ func fetchRuntimeResources(inv *serpent.Invocation, client *codersdk.Client, res ports[agent.ID] = lp mu.Unlock() }() + + if agent.ParentID.Valid { + continue + } wg.Add(1) go func() { defer wg.Done() dc, err := client.WorkspaceAgentListContainers(inv.Context(), agent.ID, map[string]string{ // Labels set by VSCode Remote Containers and @devcontainers/cli. - "devcontainer.config_file": "", - "devcontainer.local_folder": "", + agentcontainers.DevcontainerConfigFileLabel: "", + agentcontainers.DevcontainerLocalFolderLabel: "", }) if err != nil { cliui.Warnf(inv.Stderr, "Failed to get devcontainers for agent %s: %v", agent.Name, err) diff --git a/cli/show_test.go b/cli/show_test.go index 7191898f8c0ec..36a5824174fc4 100644 --- a/cli/show_test.go +++ b/cli/show_test.go @@ -1,12 +1,19 @@ package cli_test import ( + "bytes" "testing" + "time" + "github.com/google/uuid" "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + "github.com/coder/coder/v2/agent/agentcontainers" "github.com/coder/coder/v2/cli/clitest" + "github.com/coder/coder/v2/cli/cliui" "github.com/coder/coder/v2/coderd/coderdtest" + "github.com/coder/coder/v2/codersdk" "github.com/coder/coder/v2/pty/ptytest" ) @@ -53,3 +60,354 @@ func TestShow(t *testing.T) { <-doneChan }) } + +func TestShowDevcontainers_Golden(t *testing.T) { + t.Parallel() + + mainAgentID := uuid.MustParse("aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa") + agentID := mainAgentID + + testCases := []struct { + name string + showDetails bool + devcontainers []codersdk.WorkspaceAgentDevcontainer + listeningPorts map[uuid.UUID]codersdk.WorkspaceAgentListeningPortsResponse + }{ + { + name: "running_devcontainer_with_agent", + devcontainers: []codersdk.WorkspaceAgentDevcontainer{ + { + ID: uuid.MustParse("11111111-1111-1111-1111-111111111111"), + Name: "web-dev", + WorkspaceFolder: "/workspaces/web-dev", + ConfigPath: "/workspaces/web-dev/.devcontainer/devcontainer.json", + Status: codersdk.WorkspaceAgentDevcontainerStatusRunning, + Dirty: false, + Container: &codersdk.WorkspaceAgentContainer{ + ID: "container-web-dev", + FriendlyName: "quirky_lovelace", + Image: "mcr.microsoft.com/devcontainers/typescript-node:1.0.0", + Running: true, + Status: "running", + CreatedAt: time.Now().Add(-1 * time.Hour), + Labels: map[string]string{ + agentcontainers.DevcontainerConfigFileLabel: "/workspaces/web-dev/.devcontainer/devcontainer.json", + agentcontainers.DevcontainerLocalFolderLabel: "/workspaces/web-dev", + }, + }, + Agent: &codersdk.WorkspaceAgentDevcontainerAgent{ + ID: uuid.MustParse("22222222-2222-2222-2222-222222222222"), + Name: "web-dev", + Directory: "/workspaces/web-dev", + }, + }, + }, + listeningPorts: map[uuid.UUID]codersdk.WorkspaceAgentListeningPortsResponse{ + uuid.MustParse("22222222-2222-2222-2222-222222222222"): { + Ports: []codersdk.WorkspaceAgentListeningPort{ + { + ProcessName: "node", + Network: "tcp", + Port: 3000, + }, + { + ProcessName: "webpack-dev-server", + Network: "tcp", + Port: 8080, + }, + }, + }, + }, + }, + { + name: "running_devcontainer_without_agent", + devcontainers: []codersdk.WorkspaceAgentDevcontainer{ + { + ID: uuid.MustParse("33333333-3333-3333-3333-333333333333"), + Name: "web-server", + WorkspaceFolder: "/workspaces/web-server", + ConfigPath: "/workspaces/web-server/.devcontainer/devcontainer.json", + Status: codersdk.WorkspaceAgentDevcontainerStatusRunning, + Dirty: false, + Container: &codersdk.WorkspaceAgentContainer{ + ID: "container-web-server", + FriendlyName: "amazing_turing", + Image: "nginx:latest", + Running: true, + Status: "running", + CreatedAt: time.Now().Add(-30 * time.Minute), + Labels: map[string]string{ + agentcontainers.DevcontainerConfigFileLabel: "/workspaces/web-server/.devcontainer/devcontainer.json", + agentcontainers.DevcontainerLocalFolderLabel: "/workspaces/web-server", + }, + }, + Agent: nil, // No agent for this running container. + }, + }, + }, + { + name: "stopped_devcontainer", + devcontainers: []codersdk.WorkspaceAgentDevcontainer{ + { + ID: uuid.MustParse("44444444-4444-4444-4444-444444444444"), + Name: "api-dev", + WorkspaceFolder: "/workspaces/api-dev", + ConfigPath: "/workspaces/api-dev/.devcontainer/devcontainer.json", + Status: codersdk.WorkspaceAgentDevcontainerStatusStopped, + Dirty: false, + Container: &codersdk.WorkspaceAgentContainer{ + ID: "container-api-dev", + FriendlyName: "clever_darwin", + Image: "mcr.microsoft.com/devcontainers/go:1.0.0", + Running: false, + Status: "exited", + CreatedAt: time.Now().Add(-2 * time.Hour), + Labels: map[string]string{ + agentcontainers.DevcontainerConfigFileLabel: "/workspaces/api-dev/.devcontainer/devcontainer.json", + agentcontainers.DevcontainerLocalFolderLabel: "/workspaces/api-dev", + }, + }, + Agent: nil, // No agent for stopped container. + }, + }, + }, + { + name: "starting_devcontainer", + devcontainers: []codersdk.WorkspaceAgentDevcontainer{ + { + ID: uuid.MustParse("55555555-5555-5555-5555-555555555555"), + Name: "database-dev", + WorkspaceFolder: "/workspaces/database-dev", + ConfigPath: "/workspaces/database-dev/.devcontainer/devcontainer.json", + Status: codersdk.WorkspaceAgentDevcontainerStatusStarting, + Dirty: false, + Container: &codersdk.WorkspaceAgentContainer{ + ID: "container-database-dev", + FriendlyName: "nostalgic_hawking", + Image: "mcr.microsoft.com/devcontainers/postgres:1.0.0", + Running: false, + Status: "created", + CreatedAt: time.Now().Add(-5 * time.Minute), + Labels: map[string]string{ + agentcontainers.DevcontainerConfigFileLabel: "/workspaces/database-dev/.devcontainer/devcontainer.json", + agentcontainers.DevcontainerLocalFolderLabel: "/workspaces/database-dev", + }, + }, + Agent: nil, // No agent yet while starting. + }, + }, + }, + { + name: "error_devcontainer", + devcontainers: []codersdk.WorkspaceAgentDevcontainer{ + { + ID: uuid.MustParse("66666666-6666-6666-6666-666666666666"), + Name: "failed-dev", + WorkspaceFolder: "/workspaces/failed-dev", + ConfigPath: "/workspaces/failed-dev/.devcontainer/devcontainer.json", + Status: codersdk.WorkspaceAgentDevcontainerStatusError, + Dirty: false, + Error: "Failed to pull image mcr.microsoft.com/devcontainers/go:latest: timeout after 5m0s", + Container: nil, // No container due to error. + Agent: nil, // No agent due to error. + }, + }, + }, + + { + name: "mixed_devcontainer_states", + devcontainers: []codersdk.WorkspaceAgentDevcontainer{ + { + ID: uuid.MustParse("88888888-8888-8888-8888-888888888888"), + Name: "frontend", + WorkspaceFolder: "/workspaces/frontend", + Status: codersdk.WorkspaceAgentDevcontainerStatusRunning, + Container: &codersdk.WorkspaceAgentContainer{ + ID: "container-frontend", + FriendlyName: "vibrant_tesla", + Image: "node:18", + Running: true, + Status: "running", + CreatedAt: time.Now().Add(-30 * time.Minute), + }, + Agent: &codersdk.WorkspaceAgentDevcontainerAgent{ + ID: uuid.MustParse("99999999-9999-9999-9999-999999999999"), + Name: "frontend", + Directory: "/workspaces/frontend", + }, + }, + { + ID: uuid.MustParse("aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee"), + Name: "backend", + WorkspaceFolder: "/workspaces/backend", + Status: codersdk.WorkspaceAgentDevcontainerStatusStopped, + Container: &codersdk.WorkspaceAgentContainer{ + ID: "container-backend", + FriendlyName: "peaceful_curie", + Image: "python:3.11", + Running: false, + Status: "exited", + CreatedAt: time.Now().Add(-1 * time.Hour), + }, + Agent: nil, + }, + { + ID: uuid.MustParse("bbbbbbbb-cccc-dddd-eeee-ffffffffffff"), + Name: "error-container", + WorkspaceFolder: "/workspaces/error-container", + Status: codersdk.WorkspaceAgentDevcontainerStatusError, + Error: "Container build failed: dockerfile syntax error on line 15", + Container: nil, + Agent: nil, + }, + }, + listeningPorts: map[uuid.UUID]codersdk.WorkspaceAgentListeningPortsResponse{ + uuid.MustParse("99999999-9999-9999-9999-999999999999"): { + Ports: []codersdk.WorkspaceAgentListeningPort{ + { + ProcessName: "vite", + Network: "tcp", + Port: 5173, + }, + }, + }, + }, + }, + { + name: "running_devcontainer_with_agent_and_error", + devcontainers: []codersdk.WorkspaceAgentDevcontainer{ + { + ID: uuid.MustParse("cccccccc-dddd-eeee-ffff-000000000000"), + Name: "problematic-dev", + WorkspaceFolder: "/workspaces/problematic-dev", + ConfigPath: "/workspaces/problematic-dev/.devcontainer/devcontainer.json", + Status: codersdk.WorkspaceAgentDevcontainerStatusRunning, + Dirty: false, + Error: "Warning: Container started but healthcheck failed", + Container: &codersdk.WorkspaceAgentContainer{ + ID: "container-problematic", + FriendlyName: "cranky_mendel", + Image: "mcr.microsoft.com/devcontainers/python:1.0.0", + Running: true, + Status: "running", + CreatedAt: time.Now().Add(-15 * time.Minute), + Labels: map[string]string{ + agentcontainers.DevcontainerConfigFileLabel: "/workspaces/problematic-dev/.devcontainer/devcontainer.json", + agentcontainers.DevcontainerLocalFolderLabel: "/workspaces/problematic-dev", + }, + }, + Agent: &codersdk.WorkspaceAgentDevcontainerAgent{ + ID: uuid.MustParse("dddddddd-eeee-ffff-aaaa-111111111111"), + Name: "problematic-dev", + Directory: "/workspaces/problematic-dev", + }, + }, + }, + listeningPorts: map[uuid.UUID]codersdk.WorkspaceAgentListeningPortsResponse{ + uuid.MustParse("dddddddd-eeee-ffff-aaaa-111111111111"): { + Ports: []codersdk.WorkspaceAgentListeningPort{ + { + ProcessName: "python", + Network: "tcp", + Port: 8000, + }, + }, + }, + }, + }, + { + name: "long_error_message", + devcontainers: []codersdk.WorkspaceAgentDevcontainer{ + { + ID: uuid.MustParse("eeeeeeee-ffff-0000-1111-222222222222"), + Name: "long-error-dev", + WorkspaceFolder: "/workspaces/long-error-dev", + ConfigPath: "/workspaces/long-error-dev/.devcontainer/devcontainer.json", + Status: codersdk.WorkspaceAgentDevcontainerStatusError, + Dirty: false, + Error: "Failed to build devcontainer: dockerfile parse error at line 25: unknown instruction 'INSTALL', did you mean 'RUN apt-get install'? This is a very long error message that should be truncated when detail flag is not used", + Container: nil, + Agent: nil, + }, + }, + }, + { + name: "long_error_message_with_detail", + showDetails: true, + devcontainers: []codersdk.WorkspaceAgentDevcontainer{ + { + ID: uuid.MustParse("eeeeeeee-ffff-0000-1111-222222222222"), + Name: "long-error-dev", + WorkspaceFolder: "/workspaces/long-error-dev", + ConfigPath: "/workspaces/long-error-dev/.devcontainer/devcontainer.json", + Status: codersdk.WorkspaceAgentDevcontainerStatusError, + Dirty: false, + Error: "Failed to build devcontainer: dockerfile parse error at line 25: unknown instruction 'INSTALL', did you mean 'RUN apt-get install'? This is a very long error message that should be truncated when detail flag is not used", + Container: nil, + Agent: nil, + }, + }, + }, + } + + for _, tc := range testCases { + tc := tc + t.Run(tc.name, func(t *testing.T) { + t.Parallel() + + var allAgents []codersdk.WorkspaceAgent + mainAgent := codersdk.WorkspaceAgent{ + ID: mainAgentID, + Name: "main", + OperatingSystem: "linux", + Architecture: "amd64", + Status: codersdk.WorkspaceAgentConnected, + Health: codersdk.WorkspaceAgentHealth{Healthy: true}, + Version: "v2.15.0", + } + allAgents = append(allAgents, mainAgent) + + for _, dc := range tc.devcontainers { + if dc.Agent != nil { + devcontainerAgent := codersdk.WorkspaceAgent{ + ID: dc.Agent.ID, + ParentID: uuid.NullUUID{UUID: mainAgentID, Valid: true}, + Name: dc.Agent.Name, + OperatingSystem: "linux", + Architecture: "amd64", + Status: codersdk.WorkspaceAgentConnected, + Health: codersdk.WorkspaceAgentHealth{Healthy: true}, + Version: "v2.15.0", + } + allAgents = append(allAgents, devcontainerAgent) + } + } + + resources := []codersdk.WorkspaceResource{ + { + Type: "compute", + Name: "main", + Agents: allAgents, + }, + } + options := cliui.WorkspaceResourcesOptions{ + WorkspaceName: "test-workspace", + ServerVersion: "v2.15.0", + ShowDetails: tc.showDetails, + Devcontainers: map[uuid.UUID]codersdk.WorkspaceAgentListContainersResponse{ + agentID: { + Devcontainers: tc.devcontainers, + }, + }, + ListeningPorts: tc.listeningPorts, + } + + var buf bytes.Buffer + err := cliui.WorkspaceResources(&buf, resources, options) + require.NoError(t, err) + + replacements := map[string]string{} + clitest.TestGoldenFile(t, "TestShowDevcontainers_Golden/"+tc.name, buf.Bytes(), replacements) + }) + } +} diff --git a/cli/speedtest.go b/cli/speedtest.go index 0d9f839d6b458..86d0e6a9ee63c 100644 --- a/cli/speedtest.go +++ b/cli/speedtest.go @@ -83,7 +83,7 @@ func (r *RootCmd) speedtest() *serpent.Command { return xerrors.Errorf("--direct (-d) is incompatible with --%s", varDisableDirect) } - _, workspaceAgent, err := getWorkspaceAndAgent(ctx, inv, client, false, inv.Args[0]) + _, workspaceAgent, _, err := GetWorkspaceAndAgent(ctx, inv, client, false, inv.Args[0]) if err != nil { return err } @@ -139,7 +139,7 @@ func (r *RootCmd) speedtest() *serpent.Command { if err != nil { continue } - status := conn.Status() + status := conn.TailnetConn().Status() if len(status.Peers()) != 1 { continue } @@ -189,7 +189,7 @@ func (r *RootCmd) speedtest() *serpent.Command { outputResult.Intervals[i] = interval } } - conn.Conn.SendSpeedtestTelemetry(outputResult.Overall.ThroughputMbits) + conn.TailnetConn().SendSpeedtestTelemetry(outputResult.Overall.ThroughputMbits) out, err := formatter.Format(inv.Context(), outputResult) if err != nil { return err diff --git a/cli/ssh.go b/cli/ssh.go index 56ab0b2a0d3af..a2f0db7327bef 100644 --- a/cli/ssh.go +++ b/cli/ssh.go @@ -590,7 +590,7 @@ func (r *RootCmd) ssh() *serpent.Command { } err = sshSession.Wait() - conn.SendDisconnectedTelemetry() + conn.TailnetConn().SendDisconnectedTelemetry() if err != nil { if exitErr := (&gossh.ExitError{}); errors.As(err, &exitErr) { // Clear the error since it's not useful beyond @@ -754,7 +754,8 @@ func findWorkspaceAndAgentByHostname( hostname = strings.TrimSuffix(hostname, qualifiedSuffix) } hostname = normalizeWorkspaceInput(hostname) - return getWorkspaceAndAgent(ctx, inv, client, !disableAutostart, hostname) + ws, agent, _, err := GetWorkspaceAndAgent(ctx, inv, client, !disableAutostart, hostname) + return ws, agent, err } // watchAndClose ensures closer is called if the context is canceled or @@ -826,10 +827,11 @@ startWatchLoop: } } -// getWorkspaceAgent returns the workspace and agent selected using either the -// `[.]` syntax via `in`. +// GetWorkspaceAndAgent returns the workspace and agent selected using either the +// `[.]` syntax via `in`. It will also return any other agents +// in the workspace as a slice for use in child->parent lookups. // If autoStart is true, the workspace will be started if it is not already running. -func getWorkspaceAndAgent(ctx context.Context, inv *serpent.Invocation, client *codersdk.Client, autostart bool, input string) (codersdk.Workspace, codersdk.WorkspaceAgent, error) { //nolint:revive +func GetWorkspaceAndAgent(ctx context.Context, inv *serpent.Invocation, client *codersdk.Client, autostart bool, input string) (codersdk.Workspace, codersdk.WorkspaceAgent, []codersdk.WorkspaceAgent, error) { //nolint:revive var ( workspace codersdk.Workspace // The input will be `owner/name.agent` @@ -840,27 +842,27 @@ func getWorkspaceAndAgent(ctx context.Context, inv *serpent.Invocation, client * workspace, err = namedWorkspace(ctx, client, workspaceParts[0]) if err != nil { - return codersdk.Workspace{}, codersdk.WorkspaceAgent{}, err + return codersdk.Workspace{}, codersdk.WorkspaceAgent{}, nil, err } if workspace.LatestBuild.Transition != codersdk.WorkspaceTransitionStart { if !autostart { - return codersdk.Workspace{}, codersdk.WorkspaceAgent{}, xerrors.New("workspace must be started") + return codersdk.Workspace{}, codersdk.WorkspaceAgent{}, nil, xerrors.New("workspace must be started") } // Autostart the workspace for the user. // For some failure modes, return a better message. if workspace.LatestBuild.Transition == codersdk.WorkspaceTransitionDelete { // Any sort of deleting status, we should reject with a nicer error. - return codersdk.Workspace{}, codersdk.WorkspaceAgent{}, xerrors.Errorf("workspace %q is deleted", workspace.Name) + return codersdk.Workspace{}, codersdk.WorkspaceAgent{}, nil, xerrors.Errorf("workspace %q is deleted", workspace.Name) } if workspace.LatestBuild.Job.Status == codersdk.ProvisionerJobFailed { - return codersdk.Workspace{}, codersdk.WorkspaceAgent{}, + return codersdk.Workspace{}, codersdk.WorkspaceAgent{}, nil, xerrors.Errorf("workspace %q is in failed state, unable to autostart the workspace", workspace.Name) } // The workspace needs to be stopped before we can start it. // It cannot be in any pending or failed state. if workspace.LatestBuild.Status != codersdk.WorkspaceStatusStopped { - return codersdk.Workspace{}, codersdk.WorkspaceAgent{}, + return codersdk.Workspace{}, codersdk.WorkspaceAgent{}, nil, xerrors.Errorf("workspace must be started; was unable to autostart as the last build job is %q, expected %q", workspace.LatestBuild.Status, codersdk.WorkspaceStatusStopped, @@ -871,58 +873,60 @@ func getWorkspaceAndAgent(ctx context.Context, inv *serpent.Invocation, client * // It's possible for a workspace build to fail due to the template requiring starting // workspaces with the active version. _, _ = fmt.Fprintf(inv.Stderr, "Workspace was stopped, starting workspace to allow connecting to %q...\n", workspace.Name) - _, err = startWorkspace(inv, client, workspace, workspaceParameterFlags{}, buildFlags{}, WorkspaceStart) + _, err = startWorkspace(inv, client, workspace, workspaceParameterFlags{}, buildFlags{ + reason: string(codersdk.BuildReasonSSHConnection), + }, WorkspaceStart) if cerr, ok := codersdk.AsError(err); ok { switch cerr.StatusCode() { case http.StatusConflict: _, _ = fmt.Fprintln(inv.Stderr, "Unable to start the workspace due to conflict, the workspace may be starting, retrying without autostart...") - return getWorkspaceAndAgent(ctx, inv, client, false, input) + return GetWorkspaceAndAgent(ctx, inv, client, false, input) case http.StatusForbidden: _, err = startWorkspace(inv, client, workspace, workspaceParameterFlags{}, buildFlags{}, WorkspaceUpdate) if err != nil { - return codersdk.Workspace{}, codersdk.WorkspaceAgent{}, xerrors.Errorf("start workspace with active template version: %w", err) + return codersdk.Workspace{}, codersdk.WorkspaceAgent{}, nil, xerrors.Errorf("start workspace with active template version: %w", err) } _, _ = fmt.Fprintln(inv.Stdout, "Unable to start the workspace with template version from last build. Your workspace has been updated to the current active template version.") } } else if err != nil { - return codersdk.Workspace{}, codersdk.WorkspaceAgent{}, xerrors.Errorf("start workspace with current template version: %w", err) + return codersdk.Workspace{}, codersdk.WorkspaceAgent{}, nil, xerrors.Errorf("start workspace with current template version: %w", err) } // Refresh workspace state so that `outdated`, `build`,`template_*` fields are up-to-date. workspace, err = namedWorkspace(ctx, client, workspaceParts[0]) if err != nil { - return codersdk.Workspace{}, codersdk.WorkspaceAgent{}, err + return codersdk.Workspace{}, codersdk.WorkspaceAgent{}, nil, err } } if workspace.LatestBuild.Job.CompletedAt == nil { err := cliui.WorkspaceBuild(ctx, inv.Stderr, client, workspace.LatestBuild.ID) if err != nil { - return codersdk.Workspace{}, codersdk.WorkspaceAgent{}, err + return codersdk.Workspace{}, codersdk.WorkspaceAgent{}, nil, err } // Fetch up-to-date build information after completion. workspace.LatestBuild, err = client.WorkspaceBuild(ctx, workspace.LatestBuild.ID) if err != nil { - return codersdk.Workspace{}, codersdk.WorkspaceAgent{}, err + return codersdk.Workspace{}, codersdk.WorkspaceAgent{}, nil, err } } if workspace.LatestBuild.Transition == codersdk.WorkspaceTransitionDelete { - return codersdk.Workspace{}, codersdk.WorkspaceAgent{}, xerrors.Errorf("workspace %q is being deleted", workspace.Name) + return codersdk.Workspace{}, codersdk.WorkspaceAgent{}, nil, xerrors.Errorf("workspace %q is being deleted", workspace.Name) } var agentName string if len(workspaceParts) >= 2 { agentName = workspaceParts[1] } - workspaceAgent, err := getWorkspaceAgent(workspace, agentName) + workspaceAgent, otherWorkspaceAgents, err := getWorkspaceAgent(workspace, agentName) if err != nil { - return codersdk.Workspace{}, codersdk.WorkspaceAgent{}, err + return codersdk.Workspace{}, codersdk.WorkspaceAgent{}, nil, err } - return workspace, workspaceAgent, nil + return workspace, workspaceAgent, otherWorkspaceAgents, nil } -func getWorkspaceAgent(workspace codersdk.Workspace, agentName string) (workspaceAgent codersdk.WorkspaceAgent, err error) { +func getWorkspaceAgent(workspace codersdk.Workspace, agentName string) (workspaceAgent codersdk.WorkspaceAgent, otherAgents []codersdk.WorkspaceAgent, err error) { resources := workspace.LatestBuild.Resources var ( @@ -936,22 +940,23 @@ func getWorkspaceAgent(workspace codersdk.Workspace, agentName string) (workspac } } if len(agents) == 0 { - return codersdk.WorkspaceAgent{}, xerrors.Errorf("workspace %q has no agents", workspace.Name) + return codersdk.WorkspaceAgent{}, nil, xerrors.Errorf("workspace %q has no agents", workspace.Name) } slices.Sort(availableNames) if agentName != "" { - for _, otherAgent := range agents { - if otherAgent.Name != agentName { + for i, agent := range agents { + if agent.Name != agentName || agent.ID.String() == agentName { continue } - return otherAgent, nil + otherAgents := slices.Delete(agents, i, i+1) + return agent, otherAgents, nil } - return codersdk.WorkspaceAgent{}, xerrors.Errorf("agent not found by name %q, available agents: %v", agentName, availableNames) + return codersdk.WorkspaceAgent{}, nil, xerrors.Errorf("agent not found by name %q, available agents: %v", agentName, availableNames) } if len(agents) == 1 { - return agents[0], nil + return agents[0], nil, nil } - return codersdk.WorkspaceAgent{}, xerrors.Errorf("multiple agents found, please specify the agent name, available agents: %v", availableNames) + return codersdk.WorkspaceAgent{}, nil, xerrors.Errorf("multiple agents found, please specify the agent name, available agents: %v", availableNames) } // Attempt to poll workspace autostop. We write a per-workspace lockfile to @@ -1359,7 +1364,7 @@ func getUsageAppName(usageApp string) codersdk.UsageAppName { func setStatsCallback( ctx context.Context, - agentConn *workspacesdk.AgentConn, + agentConn workspacesdk.AgentConn, logger slog.Logger, networkInfoDir string, networkInfoInterval time.Duration, @@ -1432,7 +1437,7 @@ func setStatsCallback( now := time.Now() cb(now, now.Add(time.Nanosecond), map[netlogtype.Connection]netlogtype.Counts{}, map[netlogtype.Connection]netlogtype.Counts{}) - agentConn.SetConnStatsCallback(networkInfoInterval, 2048, cb) + agentConn.TailnetConn().SetConnStatsCallback(networkInfoInterval, 2048, cb) return errCh, nil } @@ -1446,13 +1451,13 @@ type sshNetworkStats struct { UsingCoderConnect bool `json:"using_coder_connect"` } -func collectNetworkStats(ctx context.Context, agentConn *workspacesdk.AgentConn, start, end time.Time, counts map[netlogtype.Connection]netlogtype.Counts) (*sshNetworkStats, error) { +func collectNetworkStats(ctx context.Context, agentConn workspacesdk.AgentConn, start, end time.Time, counts map[netlogtype.Connection]netlogtype.Counts) (*sshNetworkStats, error) { latency, p2p, pingResult, err := agentConn.Ping(ctx) if err != nil { return nil, err } - node := agentConn.Node() - derpMap := agentConn.DERPMap() + node := agentConn.TailnetConn().Node() + derpMap := agentConn.TailnetConn().DERPMap() totalRx := uint64(0) totalTx := uint64(0) diff --git a/cli/ssh_internal_test.go b/cli/ssh_internal_test.go index 0d956def68938..a7fac11c7254c 100644 --- a/cli/ssh_internal_test.go +++ b/cli/ssh_internal_test.go @@ -376,7 +376,7 @@ func Test_getWorkspaceAgent(t *testing.T) { agent := createAgent("main") workspace := createWorkspaceWithAgents([]codersdk.WorkspaceAgent{agent}) - result, err := getWorkspaceAgent(workspace, "") + result, _, err := getWorkspaceAgent(workspace, "") require.NoError(t, err) assert.Equal(t, agent.ID, result.ID) assert.Equal(t, "main", result.Name) @@ -388,7 +388,7 @@ func Test_getWorkspaceAgent(t *testing.T) { agent2 := createAgent("main2") workspace := createWorkspaceWithAgents([]codersdk.WorkspaceAgent{agent1, agent2}) - _, err := getWorkspaceAgent(workspace, "") + _, _, err := getWorkspaceAgent(workspace, "") require.Error(t, err) assert.Contains(t, err.Error(), "multiple agents found") assert.Contains(t, err.Error(), "available agents: [main1 main2]") @@ -400,10 +400,13 @@ func Test_getWorkspaceAgent(t *testing.T) { agent2 := createAgent("main2") workspace := createWorkspaceWithAgents([]codersdk.WorkspaceAgent{agent1, agent2}) - result, err := getWorkspaceAgent(workspace, "main1") + result, other, err := getWorkspaceAgent(workspace, "main1") require.NoError(t, err) assert.Equal(t, agent1.ID, result.ID) assert.Equal(t, "main1", result.Name) + assert.Len(t, other, 1) + assert.Equal(t, agent2.ID, other[0].ID) + assert.Equal(t, "main2", other[0].Name) }) t.Run("AgentNameSpecified_NotFound", func(t *testing.T) { @@ -412,7 +415,7 @@ func Test_getWorkspaceAgent(t *testing.T) { agent2 := createAgent("main2") workspace := createWorkspaceWithAgents([]codersdk.WorkspaceAgent{agent1, agent2}) - _, err := getWorkspaceAgent(workspace, "nonexistent") + _, _, err := getWorkspaceAgent(workspace, "nonexistent") require.Error(t, err) assert.Contains(t, err.Error(), `agent not found by name "nonexistent"`) assert.Contains(t, err.Error(), "available agents: [main1 main2]") @@ -422,7 +425,7 @@ func Test_getWorkspaceAgent(t *testing.T) { t.Parallel() workspace := createWorkspaceWithAgents([]codersdk.WorkspaceAgent{}) - _, err := getWorkspaceAgent(workspace, "") + _, _, err := getWorkspaceAgent(workspace, "") require.Error(t, err) assert.Contains(t, err.Error(), `workspace "test-workspace" has no agents`) }) @@ -435,7 +438,7 @@ func Test_getWorkspaceAgent(t *testing.T) { agent3 := createAgent("krypton") workspace := createWorkspaceWithAgents([]codersdk.WorkspaceAgent{agent2, agent1, agent3}) - _, err := getWorkspaceAgent(workspace, "nonexistent") + _, _, err := getWorkspaceAgent(workspace, "nonexistent") require.Error(t, err) // Available agents should be sorted alphabetically. assert.Contains(t, err.Error(), "available agents: [clark krypton zod]") diff --git a/cli/ssh_test.go b/cli/ssh_test.go index 127d57b22ae75..be3166cc4d32a 100644 --- a/cli/ssh_test.go +++ b/cli/ssh_test.go @@ -20,6 +20,7 @@ import ( "regexp" "runtime" "strings" + "sync" "testing" "time" @@ -1318,9 +1319,6 @@ func TestSSH(t *testing.T) { tmpdir := tempDirUnixSocket(t) localSock := filepath.Join(tmpdir, "local.sock") - l, err := net.Listen("unix", localSock) - require.NoError(t, err) - defer l.Close() remoteSock := filepath.Join(tmpdir, "remote.sock") inv, root := clitest.New(t, @@ -1332,23 +1330,62 @@ func TestSSH(t *testing.T) { clitest.SetupConfig(t, client, root) pty := ptytest.New(t).Attach(inv) inv.Stderr = pty.Output() - cmdDone := tGo(t, func() { - err := inv.WithContext(ctx).Run() - assert.NoError(t, err, "ssh command failed") - }) - // Wait for the prompt or any output really to indicate the command has - // started and accepting input on stdin. + w := clitest.StartWithWaiter(t, inv.WithContext(ctx)) + defer w.Wait() // We don't care about any exit error (exit code 255: SSH connection ended unexpectedly). + + // Since something was output, it should be safe to write input. + // This could show a prompt or "running startup scripts", so it's + // not indicative of the SSH connection being ready. _ = pty.Peek(ctx, 1) - // This needs to support most shells on Linux or macOS - // We can't include exactly what's expected in the input, as that will always be matched - pty.WriteLine(fmt.Sprintf(`echo "results: $(netstat -an | grep %s | wc -l | tr -d ' ')"`, remoteSock)) - pty.ExpectMatchContext(ctx, "results: 1") + // Ensure the SSH connection is ready by testing the shell + // input/output. + pty.WriteLine("echo ping' 'pong") + pty.ExpectMatchContext(ctx, "ping pong") + + // Start the listener on the "local machine". + l, err := net.Listen("unix", localSock) + require.NoError(t, err) + defer l.Close() + testutil.Go(t, func() { + var wg sync.WaitGroup + defer wg.Wait() + for { + fd, err := l.Accept() + if err != nil { + if !errors.Is(err, net.ErrClosed) { + assert.NoError(t, err, "listener accept failed") + } + return + } + + wg.Add(1) + go func() { + defer wg.Done() + defer fd.Close() + agentssh.Bicopy(ctx, fd, fd) + }() + } + }) + + // Dial the forwarded socket on the "remote machine". + d := &net.Dialer{} + fd, err := d.DialContext(ctx, "unix", remoteSock) + require.NoError(t, err) + defer fd.Close() + + // Ping / pong to ensure the socket is working. + _, err = fd.Write([]byte("hello world")) + require.NoError(t, err) + + buf := make([]byte, 11) + _, err = fd.Read(buf) + require.NoError(t, err) + require.Equal(t, "hello world", string(buf)) // And we're done. pty.WriteLine("exit") - <-cmdDone }) // Test that we can forward a local unix socket to a remote unix socket and @@ -1377,6 +1414,8 @@ func TestSSH(t *testing.T) { require.NoError(t, err) defer l.Close() testutil.Go(t, func() { + var wg sync.WaitGroup + defer wg.Wait() for { fd, err := l.Accept() if err != nil { @@ -1386,10 +1425,12 @@ func TestSSH(t *testing.T) { return } - testutil.Go(t, func() { + wg.Add(1) + go func() { + defer wg.Done() defer fd.Close() agentssh.Bicopy(ctx, fd, fd) - }) + }() } }) @@ -1522,6 +1563,8 @@ func TestSSH(t *testing.T) { require.NoError(t, err) defer l.Close() //nolint:revive // Defer is fine in this loop, we only run it twice. testutil.Go(t, func() { + var wg sync.WaitGroup + defer wg.Wait() for { fd, err := l.Accept() if err != nil { @@ -1531,10 +1574,12 @@ func TestSSH(t *testing.T) { return } - testutil.Go(t, func() { + wg.Add(1) + go func() { + defer wg.Done() defer fd.Close() agentssh.Bicopy(ctx, fd, fd) - }) + }() } }) @@ -2029,8 +2074,9 @@ func TestSSH_Container(t *testing.T) { }) _ = agenttest.New(t, client.URL, agentToken, func(o *agent.Options) { - o.ExperimentalDevcontainersEnabled = true - o.ContainerAPIOptions = append(o.ContainerAPIOptions, + o.Devcontainers = true + o.DevcontainerAPIOptions = append(o.DevcontainerAPIOptions, + agentcontainers.WithProjectDiscovery(false), agentcontainers.WithContainerLabelIncludeFilter("this.label.does.not.exist.ignore.devcontainers", "true"), ) }) @@ -2069,9 +2115,10 @@ func TestSSH_Container(t *testing.T) { Warnings: nil, }, nil).AnyTimes() _ = agenttest.New(t, client.URL, agentToken, func(o *agent.Options) { - o.ExperimentalDevcontainersEnabled = true - o.ContainerAPIOptions = append(o.ContainerAPIOptions, + o.Devcontainers = true + o.DevcontainerAPIOptions = append(o.DevcontainerAPIOptions, agentcontainers.WithContainerCLI(mLister), + agentcontainers.WithProjectDiscovery(false), agentcontainers.WithContainerLabelIncludeFilter("this.label.does.not.exist.ignore.devcontainers", "true"), ) }) @@ -2104,7 +2151,7 @@ func TestSSH_Container(t *testing.T) { clitest.SetupConfig(t, client, root) err := inv.WithContext(ctx).Run() - require.ErrorContains(t, err, "The agent dev containers feature is experimental and not enabled by default.") + require.ErrorContains(t, err, "Dev Container feature not enabled.") }) } diff --git a/cli/start.go b/cli/start.go index 94f1a42ef7ac4..66c96cc9c4d75 100644 --- a/cli/start.go +++ b/cli/start.go @@ -169,6 +169,9 @@ func buildWorkspaceStartRequest(inv *serpent.Invocation, client *codersdk.Client if buildFlags.provisionerLogDebug { wbr.LogLevel = codersdk.ProvisionerLogLevelDebug } + if buildFlags.reason != "" { + wbr.Reason = codersdk.CreateWorkspaceBuildReason(buildFlags.reason) + } return wbr, nil } diff --git a/cli/start_test.go b/cli/start_test.go index f64a3f0646303..6e58b40e30778 100644 --- a/cli/start_test.go +++ b/cli/start_test.go @@ -113,10 +113,18 @@ func TestStart(t *testing.T) { version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, echoResponses()) coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) - workspace := coderdtest.CreateWorkspace(t, member, template.ID) + workspace := coderdtest.CreateWorkspace(t, member, template.ID, func(request *codersdk.CreateWorkspaceRequest) { + request.RichParameterValues = []codersdk.WorkspaceBuildParameter{ + {Name: ephemeralParameterName, Value: "foo"}, // Value is required, set it to something + } + }) coderdtest.AwaitWorkspaceBuildJobCompleted(t, client, workspace.LatestBuild.ID) // Stop the workspace - workspaceBuild := coderdtest.CreateWorkspaceBuild(t, client, workspace, database.WorkspaceTransitionStop) + workspaceBuild := coderdtest.CreateWorkspaceBuild(t, client, workspace, database.WorkspaceTransitionStop, func(request *codersdk.CreateWorkspaceBuildRequest) { + request.RichParameterValues = []codersdk.WorkspaceBuildParameter{ + {Name: ephemeralParameterName, Value: "foo"}, // Value is required, set it to something + } + }) coderdtest.AwaitWorkspaceBuildJobCompleted(t, client, workspaceBuild.ID) inv, root := clitest.New(t, "start", workspace.Name, "--prompt-ephemeral-parameters") @@ -167,10 +175,18 @@ func TestStart(t *testing.T) { version := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, echoResponses()) coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version.ID) - workspace := coderdtest.CreateWorkspace(t, member, template.ID) + workspace := coderdtest.CreateWorkspace(t, member, template.ID, func(request *codersdk.CreateWorkspaceRequest) { + request.RichParameterValues = []codersdk.WorkspaceBuildParameter{ + {Name: ephemeralParameterName, Value: "foo"}, // Value is required, set it to something + } + }) coderdtest.AwaitWorkspaceBuildJobCompleted(t, client, workspace.LatestBuild.ID) // Stop the workspace - workspaceBuild := coderdtest.CreateWorkspaceBuild(t, client, workspace, database.WorkspaceTransitionStop) + workspaceBuild := coderdtest.CreateWorkspaceBuild(t, client, workspace, database.WorkspaceTransitionStop, func(request *codersdk.CreateWorkspaceBuildRequest) { + request.RichParameterValues = []codersdk.WorkspaceBuildParameter{ + {Name: ephemeralParameterName, Value: "foo"}, // Value is required, set it to something + } + }) coderdtest.AwaitWorkspaceBuildJobCompleted(t, client, workspaceBuild.ID) inv, root := clitest.New(t, "start", workspace.Name, @@ -358,7 +374,7 @@ func TestStartAutoUpdate(t *testing.T) { coderdtest.AwaitWorkspaceBuildJobCompleted(t, client, workspace.LatestBuild.ID) if c.Cmd == "start" { - coderdtest.MustTransitionWorkspace(t, member, workspace.ID, database.WorkspaceTransitionStart, database.WorkspaceTransitionStop) + coderdtest.MustTransitionWorkspace(t, member, workspace.ID, codersdk.WorkspaceTransitionStart, codersdk.WorkspaceTransitionStop) } version2 := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, prepareEchoResponses(stringRichParameters), func(ctvr *codersdk.CreateTemplateVersionRequest) { ctvr.TemplateID = template.ID @@ -477,3 +493,39 @@ func TestStart_NoWait(t *testing.T) { pty.ExpectMatch("workspace has been started in no-wait mode") _ = testutil.TryReceive(ctx, t, doneChan) } + +func TestStart_WithReason(t *testing.T) { + t.Parallel() + ctx := testutil.Context(t, testutil.WaitShort) + + // Prepare user, template, workspace + client := coderdtest.New(t, &coderdtest.Options{IncludeProvisionerDaemon: true}) + owner := coderdtest.CreateFirstUser(t, client) + member, _ := coderdtest.CreateAnotherUser(t, client, owner.OrganizationID) + version1 := coderdtest.CreateTemplateVersion(t, client, owner.OrganizationID, nil) + coderdtest.AwaitTemplateVersionJobCompleted(t, client, version1.ID) + template := coderdtest.CreateTemplate(t, client, owner.OrganizationID, version1.ID) + workspace := coderdtest.CreateWorkspace(t, member, template.ID) + coderdtest.AwaitWorkspaceBuildJobCompleted(t, client, workspace.LatestBuild.ID) + + // Stop the workspace + build := coderdtest.CreateWorkspaceBuild(t, member, workspace, database.WorkspaceTransitionStop) + coderdtest.AwaitWorkspaceBuildJobCompleted(t, client, build.ID) + + // Start the workspace with reason + inv, root := clitest.New(t, "start", workspace.Name, "--reason", "cli") + clitest.SetupConfig(t, member, root) + doneChan := make(chan struct{}) + pty := ptytest.New(t).Attach(inv) + go func() { + defer close(doneChan) + err := inv.Run() + assert.NoError(t, err) + }() + + pty.ExpectMatch("workspace has been started") + _ = testutil.TryReceive(ctx, t, doneChan) + + workspace = coderdtest.MustWorkspace(t, member, workspace.ID) + require.Equal(t, codersdk.BuildReasonCLI, workspace.LatestBuild.Reason) +} diff --git a/cli/stop.go b/cli/stop.go index 218c42061db10..ef4813ff0a1a0 100644 --- a/cli/stop.go +++ b/cli/stop.go @@ -37,32 +37,11 @@ func (r *RootCmd) stop() *serpent.Command { if err != nil { return err } - if workspace.LatestBuild.Job.Status == codersdk.ProvisionerJobPending { - // cliutil.WarnMatchedProvisioners also checks if the job is pending - // but we still want to avoid users spamming multiple builds that will - // not be picked up. - cliui.Warn(inv.Stderr, "The workspace is already stopping!") - cliutil.WarnMatchedProvisioners(inv.Stderr, workspace.LatestBuild.MatchedProvisioners, workspace.LatestBuild.Job) - if _, err := cliui.Prompt(inv, cliui.PromptOptions{ - Text: "Enqueue another stop?", - IsConfirm: true, - Default: cliui.ConfirmNo, - }); err != nil { - return err - } - } - wbr := codersdk.CreateWorkspaceBuildRequest{ - Transition: codersdk.WorkspaceTransitionStop, - } - if bflags.provisionerLogDebug { - wbr.LogLevel = codersdk.ProvisionerLogLevelDebug - } - build, err := client.CreateWorkspaceBuild(inv.Context(), workspace.ID, wbr) + build, err := stopWorkspace(inv, client, workspace, bflags) if err != nil { return err } - cliutil.WarnMatchedProvisioners(inv.Stderr, build.MatchedProvisioners, build.Job) err = cliui.WorkspaceBuild(inv.Context(), inv.Stdout, client, build.ID) if err != nil { @@ -71,8 +50,8 @@ func (r *RootCmd) stop() *serpent.Command { _, _ = fmt.Fprintf( inv.Stdout, - "\nThe %s workspace has been stopped at %s!\n", cliui.Keyword(workspace.Name), - + "\nThe %s workspace has been stopped at %s!\n", + cliui.Keyword(workspace.Name), cliui.Timestamp(time.Now()), ) return nil @@ -82,3 +61,27 @@ func (r *RootCmd) stop() *serpent.Command { return cmd } + +func stopWorkspace(inv *serpent.Invocation, client *codersdk.Client, workspace codersdk.Workspace, bflags buildFlags) (codersdk.WorkspaceBuild, error) { + if workspace.LatestBuild.Job.Status == codersdk.ProvisionerJobPending { + // cliutil.WarnMatchedProvisioners also checks if the job is pending + // but we still want to avoid users spamming multiple builds that will + // not be picked up. + cliui.Warn(inv.Stderr, "The workspace is already stopping!") + cliutil.WarnMatchedProvisioners(inv.Stderr, workspace.LatestBuild.MatchedProvisioners, workspace.LatestBuild.Job) + if _, err := cliui.Prompt(inv, cliui.PromptOptions{ + Text: "Enqueue another stop?", + IsConfirm: true, + Default: cliui.ConfirmNo, + }); err != nil { + return codersdk.WorkspaceBuild{}, err + } + } + wbr := codersdk.CreateWorkspaceBuildRequest{ + Transition: codersdk.WorkspaceTransitionStop, + } + if bflags.provisionerLogDebug { + wbr.LogLevel = codersdk.ProvisionerLogLevelDebug + } + return client.CreateWorkspaceBuild(inv.Context(), workspace.ID, wbr) +} diff --git a/cli/support.go b/cli/support.go index fa7c58261bd41..c55bab92cd6ff 100644 --- a/cli/support.go +++ b/cli/support.go @@ -3,6 +3,7 @@ package cli import ( "archive/zip" "bytes" + "context" "encoding/base64" "encoding/json" "fmt" @@ -13,6 +14,8 @@ import ( "text/tabwriter" "time" + "github.com/coder/coder/v2/cli/cliutil" + "github.com/google/uuid" "golang.org/x/xerrors" @@ -48,6 +51,7 @@ var supportBundleBlurb = cliui.Bold("This will collect the following information - Agent details (with environment variable sanitized) - Agent network diagnostics - Agent logs + - License status ` + cliui.Bold("Note: ") + cliui.Wrap("While we try to sanitize sensitive data from support bundles, we cannot guarantee that they do not contain information that you or your organization may consider sensitive.\n") + cliui.Bold("Please confirm that you will:\n") + @@ -247,7 +251,7 @@ func summarizeBundle(inv *serpent.Invocation, bun *support.Bundle) { clientNetcheckSummary := bun.Network.Netcheck.Summarize("Client netcheck:", docsURL) if len(clientNetcheckSummary) > 0 { - cliui.Warn(inv.Stdout, "Networking issues detected:", deployHealthSummary...) + cliui.Warn(inv.Stdout, "Networking issues detected:", clientNetcheckSummary...) } } @@ -302,6 +306,11 @@ func writeBundle(src *support.Bundle, dest *zip.Writer) error { return xerrors.Errorf("decode template zip from base64") } + licenseStatus, err := humanizeLicenses(src.Deployment.Licenses) + if err != nil { + return xerrors.Errorf("format license status: %w", err) + } + // The below we just write as we have them: for k, v := range map[string]string{ "agent/logs.txt": string(src.Agent.Logs), @@ -315,6 +324,7 @@ func writeBundle(src *support.Bundle, dest *zip.Writer) error { "network/tailnet_debug.html": src.Network.TailnetDebug, "workspace/build_logs.txt": humanizeBuildLogs(src.Workspace.BuildLogs), "workspace/template_file.zip": string(templateVersionBytes), + "license-status.txt": licenseStatus, } { f, err := dest.Create(k) if err != nil { @@ -359,3 +369,13 @@ func humanizeBuildLogs(ls []codersdk.ProvisionerJobLog) string { _ = tw.Flush() return buf.String() } + +func humanizeLicenses(licenses []codersdk.License) (string, error) { + formatter := cliutil.NewLicenseFormatter() + + if len(licenses) == 0 { + return "No licenses found", nil + } + + return formatter.Format(context.Background(), licenses) +} diff --git a/cli/support_test.go b/cli/support_test.go index e1ad7fca7b0a4..46be69caa3bfd 100644 --- a/cli/support_test.go +++ b/cli/support_test.go @@ -386,6 +386,9 @@ func assertBundleContents(t *testing.T, path string, wantWorkspace bool, wantAge case "cli_logs.txt": bs := readBytesFromZip(t, f) require.NotEmpty(t, bs, "CLI logs should not be empty") + case "license-status.txt": + bs := readBytesFromZip(t, f) + require.NotEmpty(t, bs, "license status should not be empty") default: require.Failf(t, "unexpected file in bundle", f.Name) } diff --git a/cli/templateedit.go b/cli/templateedit.go index b115350ab4437..fe0323449c9be 100644 --- a/cli/templateedit.go +++ b/cli/templateedit.go @@ -169,9 +169,9 @@ func (r *RootCmd) templateEdit() *serpent.Command { req := codersdk.UpdateTemplateMeta{ Name: name, - DisplayName: displayName, - Description: description, - Icon: icon, + DisplayName: &displayName, + Description: &description, + Icon: &icon, DefaultTTLMillis: defaultTTL.Milliseconds(), ActivityBumpMillis: activityBump.Milliseconds(), AutostopRequirement: &codersdk.TemplateAutostopRequirement{ diff --git a/cli/templatepresets.go b/cli/templatepresets.go new file mode 100644 index 0000000000000..240abec313a16 --- /dev/null +++ b/cli/templatepresets.go @@ -0,0 +1,177 @@ +package cli + +import ( + "fmt" + "strconv" + "strings" + + "golang.org/x/xerrors" + + "github.com/coder/coder/v2/cli/cliui" + "github.com/coder/coder/v2/codersdk" + "github.com/coder/serpent" +) + +func (r *RootCmd) templatePresets() *serpent.Command { + cmd := &serpent.Command{ + Use: "presets", + Short: "Manage presets of the specified template", + Aliases: []string{"preset"}, + Long: FormatExamples( + Example{ + Description: "List presets for the active version of a template", + Command: "coder templates presets list my-template", + }, + Example{ + Description: "List presets for a specific version of a template", + Command: "coder templates presets list my-template --template-version my-template-version", + }, + ), + Handler: func(inv *serpent.Invocation) error { + return inv.Command.HelpHandler(inv) + }, + Children: []*serpent.Command{ + r.templatePresetsList(), + }, + } + + return cmd +} + +func (r *RootCmd) templatePresetsList() *serpent.Command { + defaultColumns := []string{ + "name", + "description", + "parameters", + "default", + "desired prebuild instances", + } + formatter := cliui.NewOutputFormatter( + cliui.TableFormat([]TemplatePresetRow{}, defaultColumns), + cliui.JSONFormat(), + ) + client := new(codersdk.Client) + orgContext := NewOrganizationContext() + + var templateVersion string + + cmd := &serpent.Command{ + Use: "list