Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit3648021

Browse files
committed
Merge remote-tracking branch 'origin/main' into issue#15074
2 parents86e1b92 +7982ad7 commit3648021

File tree

388 files changed

+12537
-6544
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

388 files changed

+12537
-6544
lines changed

‎.github/actions/setup-go/action.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ description: |
44
inputs:
55
version:
66
description:"The Go version to use."
7-
default:"1.22.6"
7+
default:"1.22.8"
88
runs:
99
using:"composite"
1010
steps:

‎.github/actions/setup-tf/action.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,5 +7,5 @@ runs:
77
-name:Install Terraform
88
uses:hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd# v3.1.2
99
with:
10-
terraform_version:1.9.2
10+
terraform_version:1.9.8
1111
terraform_wrapper:false

‎.github/workflows/ci.yaml

Lines changed: 10 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -90,6 +90,7 @@ jobs:
9090
- "coderd/**"
9191
- "enterprise/**"
9292
- "examples/*"
93+
- "helm/**"
9394
- "provisioner/**"
9495
- "provisionerd/**"
9596
- "provisionersdk/**"
@@ -196,7 +197,7 @@ jobs:
196197
197198
# Check for any typos
198199
-name:Check for typos
199-
uses:crate-ci/typos@6802cc60d4e7f78b9d5454f6cf3935c042d5e1e3# v1.26.0
200+
uses:crate-ci/typos@0d9e0c2c1bd7f770f6eb90f87780848ca02fc12c# v1.26.8
200201
with:
201202
config:.github/workflows/typos.toml
202203

@@ -232,8 +233,7 @@ jobs:
232233
gen:
233234
timeout-minutes:8
234235
runs-on:${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-8' || 'ubuntu-latest' }}
235-
needs:changes
236-
if:needs.changes.outputs.docs-only == 'false' || needs.changes.outputs.ci == 'true' || github.ref == 'refs/heads/main'
236+
if:always()
237237
steps:
238238
-name:Harden Runner
239239
uses:step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7# v2.10.1
@@ -466,7 +466,7 @@ jobs:
466466
api-key:${{ secrets.DATADOG_API_KEY }}
467467

468468
test-go-race:
469-
runs-on:${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-8' || 'ubuntu-latest' }}
469+
runs-on:${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-16' || 'ubuntu-latest' }}
470470
needs:changes
471471
if:needs.changes.outputs.go == 'true' || needs.changes.outputs.ci == 'true' || github.ref == 'refs/heads/main'
472472
timeout-minutes:25
@@ -487,9 +487,13 @@ jobs:
487487
-name:Setup Terraform
488488
uses:./.github/actions/setup-tf
489489

490+
# We run race tests with reduced parallelism because they use more CPU and we were finding
491+
# instances where tests appear to hang for multiple seconds, resulting in flaky tests when
492+
# short timeouts are used.
493+
# c.f. discussion on https://github.com/coder/coder/pull/15106
490494
-name:Run Tests
491495
run:|
492-
gotestsum --junitfile="gotests.xml" -- -race ./...
496+
gotestsum --junitfile="gotests.xml" -- -race-parallel 4 -p 4./...
493497
494498
-name:Upload test stats to Datadog
495499
timeout-minutes:1
@@ -966,7 +970,7 @@ jobs:
966970
uses:google-github-actions/setup-gcloud@f0990588f1e5b5af6827153b93673613abdc6ec7# v2.1.1
967971

968972
-name:Set up Flux CLI
969-
uses:fluxcd/flux2/action@9b3958825a314eb79495c6993ef397ddbf87f32f# v2.2.1
973+
uses:fluxcd/flux2/action@5350425cdcd5fa015337e09fa502153c0275bd4b# v2.4.0
970974
with:
971975
# Keep this and the github action up to date with the version of flux installed in dogfood cluster
972976
version:"2.2.1"

‎.github/workflows/pr-deploy.yaml

Lines changed: 0 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -44,16 +44,6 @@ jobs:
4444
with:
4545
egress-policy:audit
4646

47-
-name:Harden Runner
48-
uses:step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7# v2.10.1
49-
with:
50-
egress-policy:audit
51-
52-
-name:Harden Runner
53-
uses:step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7# v2.10.1
54-
with:
55-
egress-policy:audit
56-
5747
-name:Checkout
5848
uses:actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871# v4.2.1
5949

‎.github/workflows/scorecard.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -47,6 +47,6 @@ jobs:
4747

4848
# Upload the results to GitHub's code scanning dashboard.
4949
-name:"Upload to code-scanning"
50-
uses:github/codeql-action/upload-sarif@c36620d31ac7c881962c3d9dd939c40ec9434f2b# v3.26.12
50+
uses:github/codeql-action/upload-sarif@662472033e021d55d94146f66f6058822b0b39fd# v3.27.0
5151
with:
5252
sarif_file:results.sarif

‎.github/workflows/security.yaml

Lines changed: 17 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,6 @@ name: "security"
33
permissions:
44
actions:read
55
contents:read
6-
security-events:write
76

87
on:
98
workflow_dispatch:
@@ -23,6 +22,8 @@ concurrency:
2322

2423
jobs:
2524
codeql:
25+
permissions:
26+
security-events:write
2627
runs-on:${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-8' || 'ubuntu-latest' }}
2728
steps:
2829
-name:Harden Runner
@@ -37,7 +38,7 @@ jobs:
3738
uses:./.github/actions/setup-go
3839

3940
-name:Initialize CodeQL
40-
uses:github/codeql-action/init@c36620d31ac7c881962c3d9dd939c40ec9434f2b# v3.26.12
41+
uses:github/codeql-action/init@662472033e021d55d94146f66f6058822b0b39fd# v3.27.0
4142
with:
4243
languages:go, javascript
4344

@@ -47,7 +48,7 @@ jobs:
4748
rm Makefile
4849
4950
-name:Perform CodeQL Analysis
50-
uses:github/codeql-action/analyze@c36620d31ac7c881962c3d9dd939c40ec9434f2b# v3.26.12
51+
uses:github/codeql-action/analyze@662472033e021d55d94146f66f6058822b0b39fd# v3.27.0
5152

5253
-name:Send Slack notification on failure
5354
if:${{ failure() }}
@@ -61,6 +62,8 @@ jobs:
6162
"${{ secrets.SLACK_SECURITY_FAILURE_WEBHOOK_URL }}"
6263
6364
trivy:
65+
permissions:
66+
security-events:write
6467
runs-on:${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-8' || 'ubuntu-latest' }}
6568
steps:
6669
-name:Harden Runner
@@ -95,13 +98,20 @@ jobs:
9598
# protoc must be in lockstep with our dogfood Dockerfile or the
9699
# version in the comments will differ. This is also defined in
97100
# ci.yaml.
98-
set -x
99-
cd dogfood
101+
set -euxo pipefail
102+
cd dogfood/contents
103+
mkdir -p /usr/local/bin
104+
mkdir -p /usr/local/include
105+
100106
DOCKER_BUILDKIT=1 docker build . --target proto -t protoc
101107
protoc_path=/usr/local/bin/protoc
102108
docker run --rm --entrypoint cat protoc /tmp/bin/protoc > $protoc_path
103109
chmod +x $protoc_path
104110
protoc --version
111+
# Copy the generated files to the include directory.
112+
docker run --rm -v /usr/local/include:/target protoc cp -r /tmp/include/google /target/
113+
ls -la /usr/local/include/google/protobuf/
114+
stat /usr/local/include/google/protobuf/timestamp.proto
105115
106116
-name:Build Coder linux amd64 Docker image
107117
id:build
@@ -124,15 +134,15 @@ jobs:
124134
echo "image=$(cat "$image_job")" >> $GITHUB_OUTPUT
125135
126136
-name:Run Trivy vulnerability scanner
127-
uses:aquasecurity/trivy-action@5681af892cd0f4997658e2bacc62bd0a894cf564
137+
uses:aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2
128138
with:
129139
image-ref:${{ steps.build.outputs.image }}
130140
format:sarif
131141
output:trivy-results.sarif
132142
severity:"CRITICAL,HIGH"
133143

134144
-name:Upload Trivy scan results to GitHub Security tab
135-
uses:github/codeql-action/upload-sarif@c36620d31ac7c881962c3d9dd939c40ec9434f2b# v3.26.12
145+
uses:github/codeql-action/upload-sarif@662472033e021d55d94146f66f6058822b0b39fd# v3.27.0
136146
with:
137147
sarif_file:trivy-results.sarif
138148
category:"Trivy"
@@ -144,16 +154,6 @@ jobs:
144154
path:trivy-results.sarif
145155
retention-days:7
146156

147-
# Prisma cloud scan runs last because it fails the entire job if it
148-
# detects vulnerabilities. :|
149-
-name:Run Prisma Cloud image scan
150-
uses:PaloAltoNetworks/prisma-cloud-scan@1f38c94d789ff9b01a4e80070b442294ebd3e362# v1.4.0
151-
with:
152-
pcc_console_url:${{ secrets.PRISMA_CLOUD_URL }}
153-
pcc_user:${{ secrets.PRISMA_CLOUD_ACCESS_KEY }}
154-
pcc_pass:${{ secrets.PRISMA_CLOUD_SECRET_KEY }}
155-
image_name:${{ steps.build.outputs.image }}
156-
157157
-name:Send Slack notification on failure
158158
if:${{ failure() }}
159159
run:|

‎.vscode/settings.json

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -175,6 +175,7 @@
175175
"unauthenticate",
176176
"unconvert",
177177
"untar",
178+
"userauth",
178179
"userspace",
179180
"VMID",
180181
"walkthrough",

‎Makefile

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -817,7 +817,7 @@ test-postgres-docker:
817817

818818
# Make sure to keep this in sync with test-go-race from .github/workflows/ci.yaml.
819819
test-race:
820-
$(GIT_FLAGS) gotestsum --junitfile="gotests.xml" -- -race -count=1 ./...
820+
$(GIT_FLAGS) gotestsum --junitfile="gotests.xml" -- -race -count=1-parallel 4 -p 4./...
821821
.PHONY: test-race
822822

823823
test-tailnet-integration:

‎agent/agent.go

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1134,11 +1134,19 @@ func (a *agent) trackGoroutine(fn func()) error {
11341134
}
11351135

11361136
func (a*agent)createTailnet(ctx context.Context,agentID uuid.UUID,derpMap*tailcfg.DERPMap,derpForceWebSockets,disableDirectConnectionsbool) (_*tailnet.Conn,errerror) {
1137+
// Inject `CODER_AGENT_HEADER` into the DERP header.
1138+
varheader http.Header
1139+
ifclient,ok:=a.client.(*agentsdk.Client);ok {
1140+
ifheaderTransport,ok:=client.SDK.HTTPClient.Transport.(*codersdk.HeaderTransport);ok {
1141+
header=headerTransport.Header
1142+
}
1143+
}
11371144
network,err:=tailnet.NewConn(&tailnet.Options{
11381145
ID:agentID,
11391146
Addresses:a.wireguardAddresses(agentID),
11401147
DERPMap:derpMap,
11411148
DERPForceWebSockets:derpForceWebSockets,
1149+
DERPHeader:&header,
11421150
Logger:a.logger.Named("net.tailnet"),
11431151
ListenPort:a.tailnetListenPort,
11441152
BlockEndpoints:disableDirectConnections,

‎coderd/fileszip.gorenamed to‎archive/archive.go

Lines changed: 14 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
packagecoderd
1+
packagearchive
22

33
import (
44
"archive/tar"
@@ -10,29 +10,30 @@ import (
1010
"strings"
1111
)
1212

13-
funcCreateTarFromZip(zipReader*zip.Reader) ([]byte,error) {
13+
// CreateTarFromZip converts the given zipReader to a tar archive.
14+
funcCreateTarFromZip(zipReader*zip.Reader,maxSizeint64) ([]byte,error) {
1415
vartarBuffer bytes.Buffer
15-
err:=writeTarArchive(&tarBuffer,zipReader)
16+
err:=writeTarArchive(&tarBuffer,zipReader,maxSize)
1617
iferr!=nil {
1718
returnnil,err
1819
}
1920
returntarBuffer.Bytes(),nil
2021
}
2122

22-
funcwriteTarArchive(w io.Writer,zipReader*zip.Reader)error {
23+
funcwriteTarArchive(w io.Writer,zipReader*zip.Reader,maxSizeint64)error {
2324
tarWriter:=tar.NewWriter(w)
2425
defertarWriter.Close()
2526

2627
for_,file:=rangezipReader.File {
27-
err:=processFileInZipArchive(file,tarWriter)
28+
err:=processFileInZipArchive(file,tarWriter,maxSize)
2829
iferr!=nil {
2930
returnerr
3031
}
3132
}
3233
returnnil
3334
}
3435

35-
funcprocessFileInZipArchive(file*zip.File,tarWriter*tar.Writer)error {
36+
funcprocessFileInZipArchive(file*zip.File,tarWriter*tar.Writer,maxSizeint64)error {
3637
fileReader,err:=file.Open()
3738
iferr!=nil {
3839
returnerr
@@ -52,24 +53,26 @@ func processFileInZipArchive(file *zip.File, tarWriter *tar.Writer) error {
5253
returnerr
5354
}
5455

55-
n,err:=io.CopyN(tarWriter,fileReader,httpFileMaxBytes)
56+
n,err:=io.CopyN(tarWriter,fileReader,maxSize)
5657
log.Println(file.Name,n,err)
5758
iferrors.Is(err,io.EOF) {
5859
err=nil
5960
}
6061
returnerr
6162
}
6263

63-
funcCreateZipFromTar(tarReader*tar.Reader) ([]byte,error) {
64+
// CreateZipFromTar converts the given tarReader to a zip archive.
65+
funcCreateZipFromTar(tarReader*tar.Reader,maxSizeint64) ([]byte,error) {
6466
varzipBuffer bytes.Buffer
65-
err:=WriteZipArchive(&zipBuffer,tarReader)
67+
err:=WriteZip(&zipBuffer,tarReader,maxSize)
6668
iferr!=nil {
6769
returnnil,err
6870
}
6971
returnzipBuffer.Bytes(),nil
7072
}
7173

72-
funcWriteZipArchive(w io.Writer,tarReader*tar.Reader)error {
74+
// WriteZip writes the given tarReader to w.
75+
funcWriteZip(w io.Writer,tarReader*tar.Reader,maxSizeint64)error {
7376
zipWriter:=zip.NewWriter(w)
7477
deferzipWriter.Close()
7578

@@ -100,7 +103,7 @@ func WriteZipArchive(w io.Writer, tarReader *tar.Reader) error {
100103
returnerr
101104
}
102105

103-
_,err=io.CopyN(zipEntry,tarReader,httpFileMaxBytes)
106+
_,err=io.CopyN(zipEntry,tarReader,maxSize)
104107
iferrors.Is(err,io.EOF) {
105108
err=nil
106109
}

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp