resolvescoder/internal#205
The goal is to create a new page located in deployment settings to allow
users to create and update organization IDP sync settings.
- [x] Use shadcn button for export policy button
- [x] Disable save button if form is not dirty
- [x] Disable "Add IdP organization" button if idp org name or coder
orgs are empty
- [x] Add footnote label below organization sync field input
- [x] Add button to Delete rows in mapping table
- [x] Create Multi-select combox box component to select coder org to
map to idp org
- [x] Storybook tests
- [x] Tooltip for assign default org switch
- [x] Display success/error toast on form submission
<img width="1181" alt="Screenshot 2024-12-02 at 20 33 07"
src="https://github.com/user-attachments/assets/86877d3b-82ec-4ed2-b239-bf8497352a9e">
Addresses https://github.com/coder/coder/issues/15663.
This PR saves the entire coder home directory in a Docker volume to make
the dev tunnel URL persistent across container restarts.
I initially wanted to persist only the config directory, but Docker
Compose cannot set permissions on a named volume unless the directory
it’s mounted on already exists within the container. The
`/home/coder/.config` directory, however, is not created by default in
the Dockerfile. When I attempt to mount it, [Docker creates it with root
permissions](https://github.com/moby/moby/issues/2259#issue-21132999),
and Coder cannot write to it. I encounter the following error:
```
coder-1 | Started HTTP listener at http://0.0.0.0:7080
coder-1 | Opening tunnel so workspaces can connect to your deployment. For production scenarios, specify an external access URL
coder-1 | Encountered an error running "coder server", see "coder server --help" for more information
coder-1 | error: create tunnel: read or generate config: get config path: mkdirall config dir "/home/coder/.config/coderv2": mkdir /home/coder/.config/coderv2: permission denied
```
Creating the directory in the Dockerfile would resolve the issue for new
images but would break `docker-compose.yml` for all existing Coder
images. Mounting the entire home directory avoids this problem, but it
makes it less clear to admins which files need to be persisted. It’s a
trade-off - I believe keeping Docker Compose backwards-compatible is
more important, and I hope the added comment clarifies the purpose of
the volume for new users.
Changes the RPC header format from `codervpn <version> <role>` to
`codervpn <role> <version1,version2,...>`.
The versions list is a list of the maximum supported minor version for
each major version, sorted by major versions.
E.g. `1.0,2.3,3.1` means `1.0, 2.0, 2.1, 2.2, 2.3, 3.0, 3.1` are
supported.
When we eventually support multiple versions, the peer's version list
will be compared against the current supported versions list to
determine the maximum major and minor version supported by both peers.
Closes#15601
The release action [ran into an
issue](https://github.com/coder/coder/actions/runs/12147281426) building
the dylib today, as the version script that's run during the build job
was unable to find an annotated tag. This is a step it skips during
dry-runs.
```
ERROR: version.sh: the current commit is not tagged with an annotated tag
```
This was almost certainly caused by omitting the `git fetch --tags
--force` that's present on each other release action job, as the
workflow passes on a release dry-run when run against a regular branch,
that's not an annotated tag.
From an existing comment:
> If the event that triggered the build was an annotated tag (which our
tags are supposed to be), actions/checkout has a bug where the tag in
question is only a lightweight tag and not a full annotated tag.
https://github.com/coder/coder/pull/15608 introduced a buggy behaviour
with dbcrypt enabled.
When clearing an oauth refresh token, we had been setting the value to
the empty string.
The database encryption package considers decrypting an empty string to
be an error, as an empty encrypted string value will still have a nonce
associated with it and thus not actually be empty when stored at rest.
Instead of 'deleting' the refresh token, 'update' it to be the empty
string.
This plays nicely with dbcrypt.
It also adds a 'utility test' in the dbcrypt package to help encrypt a
value. This was useful when manually fixing users affected by this bug
on our dogfood instance.
This PR is the second in a series aimed at closing
https://github.com/coder/coder/issues/15109.
## Changes
- adds `scripts/embedded-pg/main.go`, which can start a native Postgres
database. This is used to set up PG on Windows and macOS, as these
platforms don't support Docker in Github Actions.
- runs the `test-go-pg` job on macOS and Windows too
- adds the `test-go-race-go` job, which runs race tests with Postgres on
Linux
Upgrades yamux to 0.1.2, which includes a couple bug fixes.
> Significant Changes
> * Fixed a case where Streams may continue to exist and block operations even after their Session has been closed. #127 ensures when a Session closes that blocking Stream operations exit as well.
> * Allow Reads on locally closed streams. Prior to #131 calling Close() and then Read() on a Stream would fail. Close should only indicate the Stream is done writing. The peer must call Close before Read considers the stream closed. See #131 for details.
> * Tests have been improved significantly. See below for details.
https://github.com/hashicorp/yamux/releases/tag/v0.1.2
fixes#14881
Our handlers for streaming logs don't read from the websocket. We don't allow the client to send us any data, but the websocket library we use requires reading from the websocket to properly handle pings and closing. Not doing so can [can cause the websocket to hang on write](https://github.com/coder/websocket/issues/405), leaking go routines which were noticed in #14881.
This fixes the issue, and in process refactors our log streaming to a encoder/decoder package which provides generic types for sending JSON over websocket.
I'd also like for us to upgrade to the latest https://github.com/coder/websocket but we should also upgrade our tailscale fork before doing so to avoid including two copies of the websocket library.
Relates to https://github.com/coder/coder/issues/15082
Further to https://github.com/coder/coder/pull/15429, this reduces the
amount of false-positives returned by the 'is eligible for autostart'
part of the query. We achieve this by calculating the 'next start at'
time of the workspace, storing it in the database, and using it in our
`GetWorkspacesEligibleForTransition` query.
The prior implementation of the 'is eligible for autostart' query would
return _all_ workspaces that at some point in the future _might_ be
eligible for autostart. This now ensures we only return workspaces that
_should_ be eligible for autostart.
We also now pass `currentTick` instead of `t` to the
`GetWorkspacesEligibleForTransition` query as otherwise we'll have one
round of workspaces that are skipped by `isEligibleForTransition` due to
`currentTick` being a truncated version of `t`.
- Refactors `checkProvisioners` into `db2sdk.MatchedProvisioners`
- Adds a separate RBAC subject just for reading provisioner daemons
- Adds matched provisioners information to additional endpoints relating to
workspace builds and templates
-Updates existing unit tests for above endpoints
-Adds API endpoint for matched provisioners of template dry-run job
-Updates CLI to show warning when creating/starting/stopping/deleting
workspaces for which no provisoners are available
---------
Co-authored-by: Danny Kopping <danny@coder.com>
This PR is the first iteration towards #15297
We cannot yet show license utilization over time, so we show current
license utilization.
This is because we don't track user states over time. We only track the
current user state. A graph over time filtering by active users would
therefore not account for day to day changes in user state and be
inaccurate.
DB schema migrations and related updates will follow that allow us to
show license utilization over time.

---------
Co-authored-by: ケイラ <mckayla@hey.com>
* Modifies `MatchedProvisioners` response of `codersdk.TemplateVersion`
to be a pointer
* CLI now checks for absence of `*MatchedProvisioners` before showing
warning regarding provisioners
* Extracts logic for warning about provisioners to a function
* Improves test coverage for CLI template push with
`coder_workspace_tags`.
Addresses https://github.com/coder/nexus/issues/99.
Changes:
- Save the id of the built-in example template used to create a template
version in the database
- Include the example id in telemetry
- Integrates the `agentexec` pkg into the agent and removes the
legacy system of iterating over the process tree. It adds some linting
rules to hopefully catch future improper uses of `exec.Command` in the package.