1b60ef418c
* Flesh out fixes to align with upstream. * Update route handlers to better reflect fallback behavior. * Add platform to vscode-reh-web task Our strategy has been to build once and then recompile native modules for individual platforms. It looks like VS Code builds from scratch for each platform. But we can target any platform, grab the pre-packaged folder, then continue with own packaging. In the future we may want to rework to match upstream. * Fix issue where workspace args are not parsed. * Fix issues surrounding opening files within code-server's terminal. * Readd parent wrapper for hot reload. * Allow more errors. * Fix issues surrounding Coder link. * Add dir creation and fix cli It seems VS Code explodes when certain directories do not exist so import the reh agent instead of the server component since it creates the directories (require patching thus the VS Code update). Also the CLI (for installing extensions) did not seem to be working so point that to the same place since it also exports a function for running that part of the CLI. * Remove hardcoded VSCODE_DEV=1 This causes VS Code to use the development HTML file. Move this to the watch command instead. I deleted the other stuff before it as well since in the latest main.js they do not have this code so I figure we should be safe to omit it. * Fix mismatching commit between client and server * Mostly restore command-line parity Restore most everything and remove the added server arguments. This will let us add and remove options after later so we can contain the number of breaking changes. To accomplish this a hard separation is added between the CLI arguments and the server arguments. The separation between user-provided arguments and arguments with defaults is also made more clear. The extra directory flags have been left out as they were buggy and should be implemented upstream although I think there are better solutions anyway. locale and install-source are unsupported with the web remote and are left removed. It is unclear whether they were used before anyway. Some restored flags still need to have their behavior re-implemented. * Fix static endpoint not emitting 404s This fixes the last failing unit test. Fix a missing dependency, add some generic reverse proxy support for the protocol, and add back a missing nfpm fix. * Import missing logError * Fix 403 errors * Add code-server version to about dialog * Use user settings to disable welcome page The workspace setting seems to be recognized but if so it is having no effect. * Update VS Code cache step with new build directories Co-authored-by: Asher <ash@coder.com>
444 lines
14 KiB
YAML
444 lines
14 KiB
YAML
name: Build
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
pull_request:
|
|
branches:
|
|
- main
|
|
|
|
# Note: if: success() is used in several jobs -
|
|
# this ensures that it only executes if all previous jobs succeeded.
|
|
|
|
# if: steps.cache-yarn.outputs.cache-hit != 'true'
|
|
# will skip running `yarn install` if it successfully fetched from cache
|
|
|
|
jobs:
|
|
prebuild:
|
|
name: Pre-build checks
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 15
|
|
steps:
|
|
- name: Checkout repo
|
|
uses: actions/checkout@v2
|
|
|
|
- name: Install Node.js v14
|
|
uses: actions/setup-node@v2
|
|
with:
|
|
node-version: "14"
|
|
|
|
- name: Install helm
|
|
uses: azure/setup-helm@v1.1
|
|
|
|
# NOTE@jsjoeio
|
|
# disabling this until we can audit the build process
|
|
# and the usefulness of this step
|
|
# See: https://github.com/cdr/code-server/issues/4287
|
|
# - name: Fetch dependencies from cache
|
|
# id: cache-yarn
|
|
# uses: actions/cache@v2
|
|
# with:
|
|
# path: "**/node_modules"
|
|
# key: yarn-build-${{ hashFiles('**/yarn.lock') }}
|
|
# restore-keys: |
|
|
# yarn-build-
|
|
|
|
- name: Install dependencies
|
|
# if: steps.cache-yarn.outputs.cache-hit != 'true'
|
|
run: yarn --frozen-lockfile
|
|
|
|
- name: Run yarn fmt
|
|
run: yarn fmt
|
|
if: success()
|
|
|
|
- name: Run yarn lint
|
|
run: yarn lint
|
|
if: success()
|
|
|
|
audit-ci:
|
|
name: Run audit-ci
|
|
needs: prebuild
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 15
|
|
steps:
|
|
- name: Checkout repo
|
|
uses: actions/checkout@v2
|
|
|
|
- name: Install Node.js v14
|
|
uses: actions/setup-node@v2
|
|
with:
|
|
node-version: "14"
|
|
|
|
- name: Fetch dependencies from cache
|
|
id: cache-yarn
|
|
uses: actions/cache@v2
|
|
with:
|
|
path: "**/node_modules"
|
|
key: yarn-build-${{ hashFiles('**/yarn.lock') }}
|
|
restore-keys: |
|
|
yarn-build-
|
|
|
|
- name: Install dependencies
|
|
if: steps.cache-yarn.outputs.cache-hit != 'true'
|
|
run: yarn --frozen-lockfile
|
|
|
|
- name: Audit for vulnerabilities
|
|
run: yarn _audit
|
|
if: success()
|
|
|
|
build:
|
|
name: Build
|
|
needs: prebuild
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 30
|
|
env:
|
|
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
|
|
steps:
|
|
- uses: actions/checkout@v2
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Install Node.js v14
|
|
uses: actions/setup-node@v2
|
|
with:
|
|
node-version: "14"
|
|
|
|
# TODO@Teffen investigate why this omits code-oss-dev/node_modules
|
|
# - name: Fetch dependencies from cache
|
|
# id: cache-yarn
|
|
# uses: actions/cache@v2
|
|
# with:
|
|
# path: |
|
|
# "**/node_modules"
|
|
# "**/vendor/modules"
|
|
# "**/vendor/modules/code-oss-dev/node_modules"
|
|
# key: yarn-build-${{ hashFiles('**/yarn.lock') }}-${{ hashFiles('**/vendor/yarn.lock') }}
|
|
# restore-keys: |
|
|
# yarn-build-
|
|
|
|
- name: Install dependencies
|
|
# if: steps.cache-yarn.outputs.cache-hit != 'true'
|
|
run: yarn --frozen-lockfile
|
|
|
|
- name: Build code-server
|
|
run: yarn build
|
|
|
|
# Parse the hash of the latest commit inside vendor/modules/code-oss-dev
|
|
# use this to avoid rebuilding it if nothing changed
|
|
# How it works: the `git log` command fetches the hash of the last commit
|
|
# that changed a file inside `vendor/modules/code-oss-dev`. If a commit changes any file in there,
|
|
# the hash returned will change, and we rebuild vscode. If the hash did not change,
|
|
# (for example, a change to `src/` or `docs/`), we reuse the same build as last time.
|
|
# This saves a lot of time in CI, as compiling VSCode can take anywhere from 5-10 minutes.
|
|
- name: Get latest vendor/modules/code-oss-dev rev
|
|
id: vscode-rev
|
|
run: echo "::set-output name=rev::$(jq -r '.devDependencies["code-oss-dev"]' vendor/package.json | sed -r 's|.*#(.*)$|\1|')"
|
|
|
|
- name: Attempt to fetch vscode build from cache
|
|
id: cache-vscode
|
|
uses: actions/cache@v2
|
|
with:
|
|
path: |
|
|
vendor/modules/code-oss-dev/.build
|
|
vendor/modules/code-oss-dev/out-build
|
|
vendor/modules/code-oss-dev/out-vscode-reh-web
|
|
vendor/modules/code-oss-dev/out-vscode-reh-web-min
|
|
key: vscode-reh-build-${{ steps.vscode-rev.outputs.rev }}
|
|
|
|
- name: Build vscode
|
|
if: steps.cache-vscode.outputs.cache-hit != 'true'
|
|
run: yarn build:vscode
|
|
|
|
# Our code imports code from VS Code's `out` directory meaning VS Code
|
|
# must be built before running these tests.
|
|
# TODO: Move to its own step?
|
|
- name: Run code-server unit tests
|
|
run: yarn test:unit
|
|
if: success()
|
|
|
|
- name: Upload coverage report to Codecov
|
|
run: yarn coverage
|
|
if: success()
|
|
|
|
# The release package does not contain any native modules
|
|
# and is neutral to architecture/os/libc version.
|
|
- name: Create release package
|
|
run: yarn release
|
|
if: success()
|
|
|
|
# https://github.com/actions/upload-artifact/issues/38
|
|
- name: Compress release package
|
|
run: tar -czf package.tar.gz release
|
|
|
|
- name: Upload npm package artifact
|
|
uses: actions/upload-artifact@v2
|
|
with:
|
|
name: npm-package
|
|
path: ./package.tar.gz
|
|
|
|
# TODO: cache building yarn --production
|
|
# possibly 2m30s of savings(?)
|
|
# this requires refactoring our release scripts
|
|
package-linux-amd64:
|
|
name: x86-64 Linux build
|
|
needs: build
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 15
|
|
container: "centos:7"
|
|
|
|
steps:
|
|
- uses: actions/checkout@v2
|
|
|
|
- name: Install Node.js v14
|
|
uses: actions/setup-node@v2
|
|
with:
|
|
node-version: "14"
|
|
|
|
- name: Install development tools
|
|
run: |
|
|
yum install -y epel-release centos-release-scl
|
|
yum install -y devtoolset-9-{make,gcc,gcc-c++} jq rsync
|
|
|
|
- name: Install nfpm and envsubst
|
|
run: |
|
|
curl -sfL https://install.goreleaser.com/github.com/goreleaser/nfpm.sh | sh -s -- -b ~/.local/bin v2.3.1
|
|
curl -L https://github.com/a8m/envsubst/releases/download/v1.1.0/envsubst-`uname -s`-`uname -m` -o envsubst
|
|
chmod +x envsubst
|
|
mv envsubst ~/.local/bin
|
|
echo "$HOME/.local/bin" >> $GITHUB_PATH
|
|
|
|
- name: Install yarn
|
|
run: npm install -g yarn
|
|
|
|
- name: Download npm package
|
|
uses: actions/download-artifact@v2
|
|
with:
|
|
name: npm-package
|
|
|
|
- name: Decompress npm package
|
|
run: tar -xzf package.tar.gz
|
|
|
|
# NOTE: && here is deliberate - GitHub puts each line in its own `.sh`
|
|
# file when running inside a docker container.
|
|
- name: Build standalone release
|
|
run: source scl_source enable devtoolset-9 && yarn release:standalone
|
|
|
|
- name: Sanity test standalone release
|
|
run: yarn test:standalone-release
|
|
|
|
- name: Build packages with nfpm
|
|
run: yarn package
|
|
|
|
- name: Upload release artifacts
|
|
uses: actions/upload-artifact@v2
|
|
with:
|
|
name: release-packages
|
|
path: ./release-packages
|
|
|
|
# NOTE@oxy:
|
|
# We use Ubuntu 16.04 here, so that our build is more compatible
|
|
# with older libc versions. We used to (Q1'20) use CentOS 7 here,
|
|
# but it has a full update EOL of Q4'20 and a 'critical security'
|
|
# update EOL of 2024. We're dropping full support a few years before
|
|
# the final EOL, but I don't believe CentOS 7 has a large arm64 userbase.
|
|
# It is not feasible to cross-compile with CentOS.
|
|
|
|
# Cross-compile notes: To compile native dependencies for arm64,
|
|
# we install the aarch64/armv7l cross toolchain and then set it as the default
|
|
# compiler/linker/etc. with the AR/CC/CXX/LINK environment variables.
|
|
# qemu-user-static on ubuntu-16.04 currently doesn't run Node correctly,
|
|
# so we just build with "native"/x86_64 node, then download arm64/armv7l node
|
|
# and then put it in our release. We can't smoke test the cross build this way,
|
|
# but this means we don't need to maintain a self-hosted runner!
|
|
|
|
# NOTE@jsjoeio:
|
|
# We used to use 16.04 until GitHub deprecated it on September 20, 2021
|
|
# See here: https://github.com/actions/virtual-environments/pull/3862/files
|
|
package-linux-cross:
|
|
name: Linux cross-compile builds
|
|
needs: build
|
|
runs-on: ubuntu-18.04
|
|
timeout-minutes: 15
|
|
strategy:
|
|
matrix:
|
|
include:
|
|
- prefix: aarch64-linux-gnu
|
|
arch: arm64
|
|
- prefix: arm-linux-gnueabihf
|
|
arch: armv7l
|
|
|
|
env:
|
|
AR: ${{ format('{0}-ar', matrix.prefix) }}
|
|
CC: ${{ format('{0}-gcc', matrix.prefix) }}
|
|
CXX: ${{ format('{0}-g++', matrix.prefix) }}
|
|
LINK: ${{ format('{0}-g++', matrix.prefix) }}
|
|
NPM_CONFIG_ARCH: ${{ matrix.arch }}
|
|
NODE_VERSION: v14.17.4
|
|
|
|
steps:
|
|
- uses: actions/checkout@v2
|
|
|
|
- name: Install Node.js v14
|
|
uses: actions/setup-node@v2
|
|
with:
|
|
node-version: "14"
|
|
|
|
- name: Install nfpm
|
|
run: |
|
|
curl -sfL https://install.goreleaser.com/github.com/goreleaser/nfpm.sh | sh -s -- -b ~/.local/bin v2.3.1
|
|
echo "$HOME/.local/bin" >> $GITHUB_PATH
|
|
|
|
- name: Install cross-compiler
|
|
run: sudo apt update && sudo apt install $PACKAGE
|
|
env:
|
|
PACKAGE: ${{ format('g++-{0}', matrix.prefix) }}
|
|
|
|
- name: Download npm package
|
|
uses: actions/download-artifact@v2
|
|
with:
|
|
name: npm-package
|
|
|
|
- name: Decompress npm package
|
|
run: tar -xzf package.tar.gz
|
|
|
|
- name: Build standalone release
|
|
run: yarn release:standalone
|
|
|
|
- name: Replace node with cross-compile equivalent
|
|
run: |
|
|
wget https://nodejs.org/dist/${NODE_VERSION}/node-${NODE_VERSION}-linux-${NPM_CONFIG_ARCH}.tar.xz
|
|
tar -xf node-${NODE_VERSION}-linux-${NPM_CONFIG_ARCH}.tar.xz node-${NODE_VERSION}-linux-${NPM_CONFIG_ARCH}/bin/node --strip-components=2
|
|
mv ./node ./release-standalone/lib/node
|
|
|
|
- name: Build packages with nfpm
|
|
run: yarn package ${NPM_CONFIG_ARCH}
|
|
|
|
- name: Upload release artifacts
|
|
uses: actions/upload-artifact@v2
|
|
with:
|
|
name: release-packages
|
|
path: ./release-packages
|
|
|
|
package-macos-amd64:
|
|
name: x86-64 macOS build
|
|
needs: build
|
|
runs-on: macos-latest
|
|
timeout-minutes: 15
|
|
steps:
|
|
- uses: actions/checkout@v2
|
|
|
|
- name: Install Node.js v14
|
|
uses: actions/setup-node@v2
|
|
with:
|
|
node-version: "14"
|
|
|
|
- name: Install nfpm
|
|
run: |
|
|
curl -sfL https://install.goreleaser.com/github.com/goreleaser/nfpm.sh | sh -s -- -b ~/.local/bin v2.3.1
|
|
echo "$HOME/.local/bin" >> $GITHUB_PATH
|
|
|
|
- name: Download npm package
|
|
uses: actions/download-artifact@v2
|
|
with:
|
|
name: npm-package
|
|
|
|
- name: Decompress npm package
|
|
run: tar -xzf package.tar.gz
|
|
|
|
- name: Build standalone release
|
|
run: yarn release:standalone
|
|
|
|
- name: Sanity test standalone release
|
|
run: yarn test:standalone-release
|
|
|
|
- name: Build packages with nfpm
|
|
run: yarn package
|
|
|
|
- name: Upload release artifacts
|
|
uses: actions/upload-artifact@v2
|
|
with:
|
|
name: release-packages
|
|
path: ./release-packages
|
|
|
|
test-e2e:
|
|
name: End-to-end tests
|
|
needs: package-linux-amd64
|
|
runs-on: ubuntu-latest
|
|
timeout-minutes: 15
|
|
env:
|
|
# Since we build code-server we might as well run tests from the release
|
|
# since VS Code will load faster due to the bundling.
|
|
CODE_SERVER_TEST_ENTRY: "./release-packages/code-server-linux-amd64"
|
|
steps:
|
|
- uses: actions/checkout@v2
|
|
|
|
- name: Install Node.js v14
|
|
uses: actions/setup-node@v2
|
|
with:
|
|
node-version: "14"
|
|
|
|
- name: Fetch dependencies from cache
|
|
id: cache-yarn
|
|
uses: actions/cache@v2
|
|
with:
|
|
path: "**/node_modules"
|
|
key: yarn-build-${{ hashFiles('**/yarn.lock') }}
|
|
restore-keys: |
|
|
yarn-build-
|
|
|
|
- name: Download release packages
|
|
uses: actions/download-artifact@v2
|
|
with:
|
|
name: release-packages
|
|
path: ./release-packages
|
|
|
|
- name: Untar code-server release
|
|
run: |
|
|
cd release-packages
|
|
tar -xzf code-server*-linux-amd64.tar.gz
|
|
mv code-server*-linux-amd64 code-server-linux-amd64
|
|
|
|
- name: Install dependencies
|
|
if: steps.cache-yarn.outputs.cache-hit != 'true'
|
|
run: yarn --frozen-lockfile
|
|
|
|
- name: Install Playwright OS dependencies
|
|
run: |
|
|
./test/node_modules/.bin/playwright install-deps
|
|
./test/node_modules/.bin/playwright install
|
|
|
|
- name: Run end-to-end tests
|
|
run: yarn test:e2e
|
|
|
|
- name: Upload test artifacts
|
|
if: always()
|
|
uses: actions/upload-artifact@v2
|
|
with:
|
|
name: failed-test-videos
|
|
path: ./test/test-results
|
|
|
|
- name: Remove release packages and test artifacts
|
|
run: rm -rf ./release-packages ./test/test-results
|
|
|
|
trivy-scan-repo:
|
|
runs-on: ubuntu-20.04
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v2
|
|
- name: Run Trivy vulnerability scanner in repo mode
|
|
#Commit SHA for v0.0.17
|
|
uses: aquasecurity/trivy-action@1ccef265f594a7555a720f623a461a3d69b45bf7
|
|
with:
|
|
scan-type: "fs"
|
|
scan-ref: "."
|
|
ignore-unfixed: true
|
|
format: "template"
|
|
template: "@/contrib/sarif.tpl"
|
|
output: "trivy-repo-results.sarif"
|
|
severity: "HIGH,CRITICAL"
|
|
- name: Upload Trivy scan results to GitHub Security tab
|
|
uses: github/codeql-action/upload-sarif@v1
|
|
with:
|
|
sarif_file: "trivy-repo-results.sarif"
|