Archived
1
0
Commit Graph

132 Commits

Author SHA1 Message Date
neilnaveen
f4569f0b48
Set permissions for GitHub actions (#5090)
- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)

 Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.

Signed-off-by: neilnaveen <42328488+neilnaveen@users.noreply.github.com>

Co-authored-by: Joe Previte <jjprevite@gmail.com>
2022-04-12 18:59:11 +00:00
Joe Previte
7f884203f0
chore(ci): disable docs-preview on forks (#5046) 2022-03-30 13:45:35 -07:00
Joe Previte
5341294d2d
fix(workflows): docs-preview and npm job (#5042)
* fix(ci): add GITHUB_TOKEN to docs-preview workflow

* feat(ci): comment npm dev build instructions on PR
2022-03-30 10:47:46 -07:00
Joe Previte
8316a27da4
refactor(brew-bump): fix homebrew bump script (#5025)
* fix: source lib.sh in docker-buildx-push for tagging version

* chore: use ubuntu and update git config homebrew job

* refactor: simplify brew-bump.sh script

* Revert "fix: source lib.sh in docker-buildx-push for tagging version"

This reverts commit 2f7a3610cb.
2022-03-29 16:58:34 -07:00
Joe Previte
ba1ddbd181
fix: use -r with jq and add workflow for artifacts (#5016) 2022-03-22 16:45:59 -07:00
Asher
a1af9e2a56
chore: move to patches (#4997)
* Move integration types into code-server

This will be easier to maintain than to have it as a patch.

* Disable connection token

Using a flag means we will not need to patch it out.  I think this is
new from 1.64?

* Add product.json to build process

This way we do not have to patch it.

* Ship with remote agent package.json

Instead of the root one.  This contains fewer dependencies.

* Let Code handle errors

This way we will not have to patch Code to make this work and I think it
makes sense to let Code handle the request.

If we do want to handle errors we can do it cleanly by patching their
error handler to throw instead.

* Move manifest override into code-server

This way we will not have to patch it.

* Move to patches

- Switch submodule to track upstream
- Add quilt to the process
- Add patches

The node-* ignore was ignoring one of the diffs so I removed it.  This
was added when we were curling Node as node-v{version}-darwin-x64 for
the macOS build but this no longer happens (we use the Node action to
install a specific version now so we just use the system-wide Node).

* Use pre-packaged Code
2022-03-22 15:07:14 -05:00
Joe Previte
be727871f6
refactor: checkout homebrew-core in action instead of script (#4996)
* refactor: checkout homebrew-core in action instead of script

This moves the git clone step from the `brew-bump.sh` script into the
`npm-brew.yaml` as part of the job using actions/checkout instead.

* refactor: clean up brew-bump.sh script

* fixup

* fixup!: remove step to clean up homebrew repo

* fixup!: use correct ./ci path steps-lib.sh

* fixup!: add exit code 0 for duplicate PRs
2022-03-21 16:57:36 -07:00
renovate[bot]
815c4cf1f0
chore(deps): update actions/cache action to v3 (#5003)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-03-21 14:31:02 -07:00
Joe Previte
5afb26fb60
fix(ci): correctly download npm/docker artifacts (#4995)
* fix(ci): correctly download npm artifact

* fixup! fix(ci): correctly download npm artifact

* docs: update MAINTAINING

* fixup! docs: update MAINTAINING

* fixup! Merge branch 'main' into 4949-chore-fix-npm-workflow

* chore: get ci to run

* refactor: use vVERSION branch name instead of release

* refactor: use new download artifact in docker workflow

* refactor: clean up release-github-assets script

* fixup: remove extra v

* fixup! fixup: remove extra v
2022-03-17 11:52:39 -07:00
Asher
21c74802e8
chore: move Code to a submodule (#4990)
* Move Code to a submodule

Closes #4901.

* Base Code cache on hash and re-enable node_modules cache

The current setup appears to only rebuild VS Code if the dependencies
change but we need to rebuild it if anything changes.

I also re-enabled the commented out node_modules caches.  They look like
they should work to me with the submodule method.  I think the problem
occurred because Code itself was being installed in the yarn step.
2022-03-14 21:37:29 -05:00
Bruno Quaresma
52eaea9f7a
docs: update docs preview (#4968)
* docs: update docs preview

* Fix Ubuntu  deps

* Fix formatting
2022-03-10 13:44:27 -07:00
Joe Previte
03e0bdac03
chore: update vscode to 1.64 (#4902)
* chore: update vscode server files

* chore: update code to 1.64

* refactor: clean up code in constants.ts

* chore: keep package.json vscode cache

* fixup!: formatting

* feat(ci): add VSCODE_CACHE_VERSION

* fix(ci): add package.json for e2e tests

* fix: TS errors

* refactor: remove isConnected e2e tests
2022-03-09 14:28:52 -07:00
Joe Previte
3b93a86f25
chore: add permissions trivy-docker (#4957)
* chore: add permissions trivy-docker

* Update .github/workflows/trivy-docker.yaml
2022-03-08 13:19:57 -07:00
Joe Previte
3c6f85c282
fix: re-enable trivvy docker scan (#4943)
* fix: re-enable trivvy docker scan

* wip

* fixup

* fixup

* fixup
2022-03-04 15:59:29 -07:00
renovate[bot]
f0faa22ee9
chore(deps): update actions/upload-artifact action to v3 (#4944)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-03-04 09:25:12 -07:00
renovate[bot]
b0181120d4
chore(deps): update actions/download-artifact action to v3 (#4937)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-03-02 14:31:21 -07:00
renovate[bot]
3f3a489f33
chore(deps): update actions/checkout action to v3 (#4931)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: Jonathan Yu <jonathan@coder.com>
2022-03-01 16:31:32 -07:00
Jonathan Yu
83269ba658
chore: limit concurrency for build jobs (#4929)
* Configure build jobs to cancel previous builds when new changes
  are pushed to a pull request branch, and serialize builds when
  running in a branch from a push event
* Reduce privileges of GitHub token for scripts workflow
2022-03-01 15:03:39 -08:00
renovate[bot]
a989e0c387
chore(deps): update aquasecurity/trivy-action commit hash to 2962126 (#4907)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-02-25 13:53:58 -07:00
renovate[bot]
769aceacc3
chore(deps): update actions/setup-node action to v3 (#4908)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-02-25 09:09:09 -07:00
Joe Previte
23734d356a
fix: skip docs/npm workflows on forks (#4875)
Co-authored-by: Asher <ash@coder.com>
2022-02-22 10:13:20 -07:00
Jonathan Yu
8135d2ecc3
chore: update Docker image publish workflow (#4847)
* Use official action to log in to Docker Hub
* Run using pinned ubuntu-20.04 environment
2022-02-10 17:40:41 -08:00
Joe Previte
fd643dcbc3
refactor(ci): fix npm workflows (#4797)
* feat: refactor npm workflows to use download-artifact

This refactors the npm workflows to use the download-artifact GitHub Action. We
had problems in the past with our download_artifact custom bash function. This
also fixes an issue where we weren't downloading the correct artifacts when
publishing beta and dev tags to npm.

* fixup: remove unused env var

* fixup! add download-artifcat to npm-brew"

* fixup! remove unnecessary code comment

* fixup! move NPM_ENVIRONMENT logic to script
2022-02-03 13:54:36 -07:00
renovate[bot]
79412eb137
chore(deps): update aquasecurity/trivy-action commit hash to a7a829a (#4821)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-02-03 12:43:31 -07:00
LG
10f57bac65
docs: Update some more links (#4806)
* Update links in package.json

I will try checking the docs too

* docs: Update links in triage.md

* docs: Update links in npm.md

* docs: Update links in whatever files that have `cdr`

* Replace globally, thanks @bpmct!

* fix: coderer instead of coder
I should've used all three toggles in the Search/Replace tab in the GItHub.dev editor.

* Code Formatting
2022-02-01 09:45:19 -07:00
Joe Previte
9954a88d3a
refactor(ci): clean up npm workflows (#4786)
This extracst the publish on npm workflow from ci.yaml and adds a new workflow
called `npm-beta.yaml`.

Now we have three workflows that publish to npm.
- `npm-beta.yaml` only runs on pushes and merges into `main`
- `npm-dev.yaml` only runs on PRs into `main` with approval from
  code-server-reviewers team
- `npm-brew.yaml` only runs on releases

This should fix problems we had previously where anyone could open a PR and
publish under the code-server namespace. It also separates out the workflows
based on environment and when they should run.
2022-01-24 15:33:42 -07:00
Joe Previte
8816ab93fe
fix: update npm-dev.yaml (#4781) 2022-01-22 08:48:57 -07:00
Joe Previte
a2f530161f
feat: publish beta and development tags on npm (#4769)
* feat: add logic to publish beta/dev npm

This adds new log to publish the npm package both while working on PRs and when
PRs are merged into main, allowing us to easily test changes in a
production-like setting.

Co-authored-by: Asher <ash@coder.com>
2022-01-21 16:28:56 -07:00
renovate[bot]
2752d95ff6
chore(deps): update minor dependency updates (#4722)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2022-01-14 21:48:52 +00:00
Joe Previte
7695de2831
fix(ci): add environment to docs-preview (#4677) 2022-01-04 11:05:04 -07:00
renovate[bot]
047a4f01f2
chore(deps): update aquasecurity/trivy-action commit hash to 8f4c716 (#4650)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-12-27 10:38:13 -07:00
Jonathan Yu
b990dabed1
chore: use readonly deploy key for preview (#4645) 2021-12-17 10:27:22 -07:00
Kyle Carberry
ec3d9974b3
fix: Update install.sh to use "coder" GitHub organization (#4638)
* fix: Update install.sh to use "coder" GitHub organization

* Update docs preview
2021-12-16 10:49:16 -06:00
renovate[bot]
7561fc4306
chore(deps): update aquasecurity/trivy-action commit hash to 81cc8cd (#4601)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: Joe Previte <jjprevite@gmail.com>
2021-12-15 10:38:18 -07:00
renovate[bot]
3d4660491a
chore(deps): update minor dependency updates (#4531)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-11-29 11:31:35 -07:00
renovate[bot]
5fe16be62d
chore(deps): update aquasecurity/trivy-action commit hash to 2a2157e (#4493)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
Co-authored-by: Joe Previte <jjprevite@gmail.com>
2021-11-19 12:04:08 -05:00
Teffen
1b60ef418c
Use upstream server (#4414)
* Flesh out fixes to align with upstream.

* Update route handlers to better reflect fallback behavior.

* Add platform to vscode-reh-web task

Our strategy has been to build once and then recompile native modules
for individual platforms.  It looks like VS Code builds from scratch for
each platform.

But we can target any platform, grab the pre-packaged folder, then
continue with own packaging.

In the future we may want to rework to match upstream.

* Fix issue where workspace args are not parsed.

* Fix issues surrounding opening files within code-server's terminal.

* Readd parent wrapper for hot reload.

* Allow more errors.

* Fix issues surrounding Coder link.

* Add dir creation and fix cli

It seems VS Code explodes when certain directories do not exist so
import the reh agent instead of the server component since it creates
the directories (require patching thus the VS Code update).

Also the CLI (for installing extensions) did not seem to be working so
point that to the same place since it also exports a function for
running that part of the CLI.

* Remove hardcoded VSCODE_DEV=1

This causes VS Code to use the development HTML file.  Move this to the
watch command instead.

I deleted the other stuff before it as well since in the latest main.js
they do not have this code so I figure we should be safe to omit it.

* Fix mismatching commit between client and server

* Mostly restore command-line parity

Restore most everything and remove the added server arguments.  This
will let us add and remove options after later so we can contain the
number of breaking changes.

To accomplish this a hard separation is added between the CLI arguments
and the server arguments.

The separation between user-provided arguments and arguments with
defaults is also made more clear.

The extra directory flags have been left out as they were buggy and
should be implemented upstream although I think there are better
solutions anyway.  locale and install-source are unsupported with the
web remote and are left removed.  It is unclear whether they were used
before anyway.

Some restored flags still need to have their behavior re-implemented.

* Fix static endpoint not emitting 404s

This fixes the last failing unit test.

Fix a missing dependency, add some generic reverse proxy support for the
protocol, and add back a missing nfpm fix.

* Import missing logError

* Fix 403 errors

* Add code-server version to about dialog

* Use user settings to disable welcome page

The workspace setting seems to be recognized but if so it is having no
effect.

* Update VS Code cache step with new build directories

Co-authored-by: Asher <ash@coder.com>
2021-11-09 23:28:31 -06:00
Asher
03651e5e0b
Use frozen lockfile for test dependencies in CI (#4442)
* Use frozen lockfile for test dependencies in CI

This might be causing more Playwright issues.

* Bump Playwright

Mostly just to trigger a reinstall of dependencies since it is cached
and still failing.

Once updated it errors saying install needs to run so add that too.
2021-11-04 11:39:27 -05:00
Asher
dcc9cf3dd2
Avoid npx for Playwright dependencies (#4437)
It was causing version mismatch errors.

It might make more sense to have this in the postinstall but for now I
have foregone that as it would be installed in every step including
those that do not run e2e tests.
2021-11-03 16:17:43 -05:00
Joe Previte
13404df267
chore(deps): fix issues identified by audit-ci (#4438)
* fix(deps): ansi-regex issue

* fix(deps): upgrade tar to safe version

* chore(deps): fix vm2 issue

* fix(ci): increase timeout for audit-ci to 15
2021-11-03 14:09:31 -07:00
Joe Previte
743bab09cd
refactor(ci): only run release workflows on released event (#4288) 2021-11-01 10:06:10 -07:00
Joe Previte
946e4e8843
feat(cli): add test for readSocketPath (#4284)
* fix: update isNodeJSErrnoException

* refactor(cli): export and purify readSocketPath

* feat: add tests for readSocketPath

* fix(ci): temporarily disable install deps from cache
2021-10-29 16:03:57 -07:00
Asher
49c9c191b9
Fix script test workflow triggers (#4412) 2021-10-29 14:48:21 -05:00
renovate[bot]
0100d4c72a
chore(deps): update aquasecurity/trivy-action commit hash to 1ccef26 (#4401)
Co-authored-by: Renovate Bot <bot@renovateapp.com>
2021-10-29 02:12:26 +00:00
Asher
4abc525801
Update cross-build image apt before installing (#4411) 2021-10-28 15:36:21 -07:00
Joe Previte
705e821741
fix(testing): revert change & fix playwright tests (#4310)
* fix(testing): revert change & fix playwright tests

* fix(constants): add type to import statement

* refactor(e2e): delete browser test

This test was originally added to ensure playwright was working.

At this point, we know it works so removing this test because it doesn't help
with anything specific to code-server and only adds unnecessary code to the
codebase plus increases the e2e test job duration.

* chore(e2e): use 1 worker for e2e test

I don't know if it's a resources issue, playwright, or code-server but it seems
like the e2e tests choke when multiple workers are used.

This change is okay because our CI runner only has 2 cores so it would only use
1 worker anyway, but by specifying it in our playwright config, we ensure more
stability in our e2e tests working correctly.

See these PRs:
- https://github.com/cdr/code-server/pull/3263
- https://github.com/cdr/code-server/pull/4310

* revert(vscode): add missing route with redirect

* chore(vscode): update to latest fork

* Touch up compilation step.

* Bump vendor.

* Fix VS Code minification step

* Move ClientConfiguration to common

Common code must not import Node code as it is imported by the browser.

* Ensure lib directory exists before curling

cURL errors now because VS Code was moved and the directory does not
exist.

* Update incorrect e2e test help output

Revert workers change as well; this can be overridden when desired.

* Add back extension compilation step

* Include missing resources in release

This includes a favicon, for example.  I opted to include the entire
directory to make sure we do not miss anything.  Some of the other
stuff looks potentially useful (like completions).

* Set quality property in product configuration

When httpWebWorkerExtensionHostIframe.html is fetched it uses the web
endpoint template (in which we do not include the commit) but if the
quality is not set it prepends the commit to the web endpoint instead.
The new static endpoint does not use/handle commits so this 404s.

Long-term we might want to make the new static endpoint use commits like
the old one but we will also need to update the various other static
URLs to include the commit.

For now I just fixed this by adding the quality since:
  1. Probably faster than trying to find and update all static uses.
  2. VS Code probably expects it anyway.
  3. Gives us better control over the endpoint.

* Update VS Code

This fixes several build issues.

* Bump vscode.

* Bump.

* Bump.

* Use CLI directly.

* Update tests to reflect new upstream behavior.

* Move unit tests to after the build

Our code has new dependencies on VS Code that are pulled in when the
unit tests run.  Because of this we need to build VS Code before running
the unit tests (as it only pulls built code).

* Upgrade proxy-agent dependencies

This resolves a security report with one of its dependencies (vm2).

* Symlink VS Code output directory before unit tests

This is necessary now that we import from the out directory.

* Fix issues surrounding persistent processes between tests.

* Update VS Code cache directories

These were renamed so the cached paths need to be updated.  I changed
the key as well to force a rebuild.

* Move test symlink to script

This way it works for local testing as well.

I had to use out-build instead of out-vscode-server-min because Jest
throws some obscure error about a handlebars haste map.

* Fix listening on a socket

* Update VS Code

It contains fixes for missing files in the build.

* Standardize disposals

* Dispose HTTP server

Shares code with the test HTTP server.  For now it is a function but
maybe we should make it a class that is extended by tests.

* Dispose app on exit

* Fix logging link errors

Unfortunately the logger currently chokes when provided with error
objects.

Also for some reason the bracketed text was not displaying...

* Update regex used by e2e to extract address

The address was recently changed to use URL which seems to add a
trailing slash when using toString, causing the regex match to fail.

* Log browser console in e2e tests

* Add base back to login page

This is used to set cookies when using a base path.

* Remove login page test

The file this was testing no longer exists.

* Use path.posix for static base

Since this is a web path and not platform-dependent.

* Add test for invalid password

Co-authored-by: Teffen Ellis <teffen@nirri.us>
Co-authored-by: Asher <ash@coder.com>
2021-10-28 15:27:17 -05:00
Joe Previte
a8d873f9f8
refactor(ci): fix unit tests job 2021-10-04 12:07:45 -07:00
Joe Previte
f342c327f3
chore(vscode): update to latest commit of fork 2021-10-01 14:47:20 -07:00
Teffen Ellis
d8c344beda Refactor vscode endpoints to use fork directly. 2021-09-30 19:14:17 -04:00
Jonathan Yu
8f72481712
chore: upgrade preview Node.js from 12 to 14 (#4255) 2021-09-28 09:21:39 -07:00