Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commita648977

Browse files
committed
Merge branch 'main' into lilac/organization-member-level
2 parentsb8446de +be22c38 commita648977

File tree

463 files changed

+25717
-8596
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

463 files changed

+25717
-8596
lines changed

‎.github/dependabot.yaml‎

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -80,6 +80,9 @@ updates:
8080
mui:
8181
patterns:
8282
-"@mui*"
83+
radix:
84+
patterns:
85+
-"@radix-ui/*"
8386
react:
8487
patterns:
8588
-"react"
@@ -104,6 +107,7 @@ updates:
104107
-dependency-name:"*"
105108
update-types:
106109
-version-update:semver-major
110+
-dependency-name:"@playwright/test"
107111
open-pull-requests-limit:15
108112

109113
-package-ecosystem:"terraform"

‎.github/workflows/ci.yaml‎

Lines changed: 39 additions & 115 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@ on:
44
push:
55
branches:
66
-main
7+
-release/*
78

89
pull_request:
910
workflow_dispatch:
@@ -919,6 +920,7 @@ jobs:
919920
required:
920921
runs-on:ubuntu-latest
921922
needs:
923+
-changes
922924
-fmt
923925
-lint
924926
-gen
@@ -942,6 +944,7 @@ jobs:
942944
-name:Ensure required checks
943945
run:|# zizmor: ignore[template-injection] We're just reading needs.x.result here, no risk of injection
944946
echo "Checking required checks"
947+
echo "- changes: ${{ needs.changes.result }}"
945948
echo "- fmt: ${{ needs.fmt.result }}"
946949
echo "- lint: ${{ needs.lint.result }}"
947950
echo "- gen: ${{ needs.gen.result }}"
@@ -967,7 +970,7 @@ jobs:
967970
needs:changes
968971
# We always build the dylibs on Go changes to verify we're not merging unbuildable code,
969972
# but they need only be signed and uploaded on coder/coder main.
970-
if:needs.changes.outputs.go == 'true' || needs.changes.outputs.ci == 'true' || github.ref == 'refs/heads/main'
973+
if:needs.changes.outputs.go == 'true' || needs.changes.outputs.ci == 'true' || github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/release/')
971974
runs-on:${{ github.repository_owner == 'coder' && 'depot-macos-latest' || 'macos-latest' }}
972975
steps:
973976
# Harden Runner doesn't work on macOS
@@ -995,7 +998,7 @@ jobs:
995998
uses:./.github/actions/setup-go
996999

9971000
-name:Install rcodesign
998-
if:${{ github.repository_owner == 'coder' && github.ref == 'refs/heads/main' }}
1001+
if:${{ github.repository_owner == 'coder' &&(github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/release/')) }}
9991002
run:|
10001003
set -euo pipefail
10011004
wget -O /tmp/rcodesign.tar.gz https://github.com/indygreg/apple-platform-rs/releases/download/apple-codesign%2F0.22.0/apple-codesign-0.22.0-macos-universal.tar.gz
@@ -1006,7 +1009,7 @@ jobs:
10061009
rm /tmp/rcodesign.tar.gz
10071010
10081011
-name:Setup Apple Developer certificate and API key
1009-
if:${{ github.repository_owner == 'coder' && github.ref == 'refs/heads/main' }}
1012+
if:${{ github.repository_owner == 'coder' &&(github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/release/')) }}
10101013
run:|
10111014
set -euo pipefail
10121015
touch /tmp/{apple_cert.p12,apple_cert_password.txt,apple_apikey.p8}
@@ -1027,12 +1030,12 @@ jobs:
10271030
make gen/mark-fresh
10281031
make build/coder-dylib
10291032
env:
1030-
CODER_SIGN_DARWIN:${{ github.ref == 'refs/heads/main' && '1' || '0' }}
1033+
CODER_SIGN_DARWIN:${{(github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/release/')) && '1' || '0' }}
10311034
AC_CERTIFICATE_FILE:/tmp/apple_cert.p12
10321035
AC_CERTIFICATE_PASSWORD_FILE:/tmp/apple_cert_password.txt
10331036

10341037
-name:Upload build artifacts
1035-
if:${{ github.repository_owner == 'coder' && github.ref == 'refs/heads/main' }}
1038+
if:${{ github.repository_owner == 'coder' &&(github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/release/')) }}
10361039
uses:actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02# v4.6.2
10371040
with:
10381041
name:dylibs
@@ -1042,7 +1045,7 @@ jobs:
10421045
retention-days:7
10431046

10441047
-name:Delete Apple Developer certificate and API key
1045-
if:${{ github.repository_owner == 'coder' && github.ref == 'refs/heads/main' }}
1048+
if:${{ github.repository_owner == 'coder' &&(github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/release/')) }}
10461049
run:rm -f /tmp/{apple_cert.p12,apple_cert_password.txt,apple_apikey.p8}
10471050

10481051
check-build:
@@ -1092,7 +1095,7 @@ jobs:
10921095
needs:
10931096
-changes
10941097
-build-dylib
1095-
if:github.ref == 'refs/heads/main' && needs.changes.outputs.docs-only == 'false' && !github.event.pull_request.head.repo.fork
1098+
if:(github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/release/')) && needs.changes.outputs.docs-only == 'false' && !github.event.pull_request.head.repo.fork
10961099
runs-on:${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-8' || 'ubuntu-22.04' }}
10971100
permissions:
10981101
# Necessary to push docker images to ghcr.io.
@@ -1245,40 +1248,45 @@ jobs:
12451248
id:build-docker
12461249
env:
12471250
CODER_IMAGE_BASE:ghcr.io/coder/coder-preview
1248-
CODER_IMAGE_TAG_PREFIX:main
12491251
DOCKER_CLI_EXPERIMENTAL:"enabled"
12501252
run:|
12511253
set -euxo pipefail
12521254
12531255
# build Docker images for each architecture
12541256
version="$(./scripts/version.sh)"
1255-
tag="main-${version//+/-}"
1257+
tag="${version//+/-}"
12561258
echo "tag=$tag" >> "$GITHUB_OUTPUT"
12571259
12581260
# build images for each architecture
12591261
# note: omitting the -j argument to avoid race conditions when pushing
12601262
make build/coder_"$version"_linux_{amd64,arm64,armv7}.tag
12611263
1262-
# only push if we are on main branch
1263-
if [ "${GITHUB_REF}" == "refs/heads/main" ]; then
1264+
# only push if we are on main branch or release branch
1265+
if [[ "${GITHUB_REF}" == "refs/heads/main"|| "${GITHUB_REF}" == refs/heads/release/* ]]; then
12641266
# build and push multi-arch manifest, this depends on the other images
12651267
# being pushed so will automatically push them
12661268
# note: omitting the -j argument to avoid race conditions when pushing
12671269
make push/build/coder_"$version"_linux_{amd64,arm64,armv7}.tag
12681270
12691271
# Define specific tags
1270-
tags=("$tag" "main" "latest")
1272+
tags=("$tag")
1273+
if [ "${GITHUB_REF}" == "refs/heads/main" ]; then
1274+
tags+=("main" "latest")
1275+
elif [[ "${GITHUB_REF}" == refs/heads/release/* ]]; then
1276+
tags+=("release-${GITHUB_REF#refs/heads/release/}")
1277+
fi
12711278
12721279
# Create and push a multi-arch manifest for each tag
12731280
# we are adding `latest` tag and keeping `main` for backward
12741281
# compatibality
12751282
for t in "${tags[@]}"; do
1276-
# shellcheck disable=SC2046
1277-
./scripts/build_docker_multiarch.sh \
1278-
--push \
1279-
--target "ghcr.io/coder/coder-preview:$t" \
1280-
--version "$version" \
1281-
$(cat build/coder_"$version"_linux_{amd64,arm64,armv7}.tag)
1283+
echo "Pushing multi-arch manifest for tag: $t"
1284+
# shellcheck disable=SC2046
1285+
./scripts/build_docker_multiarch.sh \
1286+
--push \
1287+
--target "ghcr.io/coder/coder-preview:$t" \
1288+
--version "$version" \
1289+
$(cat build/coder_"$version"_linux_{amd64,arm64,armv7}.tag)
12821290
done
12831291
fi
12841292
@@ -1469,112 +1477,28 @@ jobs:
14691477
./build/*.deb
14701478
retention-days:7
14711479

1480+
# Deploy is handled in deploy.yaml so we can apply concurrency limits.
14721481
deploy:
1473-
name:"deploy"
1474-
runs-on:ubuntu-latest
1475-
timeout-minutes:30
14761482
needs:
14771483
-changes
14781484
-build
14791485
if:|
1480-
github.ref == 'refs/heads/main'&& !github.event.pull_request.head.repo.fork
1486+
(github.ref == 'refs/heads/main'|| startsWith(github.ref, 'refs/heads/release/'))
14811487
&& needs.changes.outputs.docs-only == 'false'
1488+
&& !github.event.pull_request.head.repo.fork
1489+
uses:./.github/workflows/deploy.yaml
1490+
with:
1491+
image:${{ needs.build.outputs.IMAGE }}
14821492
permissions:
14831493
contents:read
14841494
id-token:write
1485-
steps:
1486-
-name:Harden Runner
1487-
uses:step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a# v2.13.1
1488-
with:
1489-
egress-policy:audit
1490-
1491-
-name:Checkout
1492-
uses:actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8# v5.0.0
1493-
with:
1494-
fetch-depth:0
1495-
persist-credentials:false
1496-
1497-
-name:Authenticate to Google Cloud
1498-
uses:google-github-actions/auth@7c6bc770dae815cd3e89ee6cdf493a5fab2cc093# v3.0.0
1499-
with:
1500-
workload_identity_provider:${{ vars.GCP_WORKLOAD_ID_PROVIDER }}
1501-
service_account:${{ vars.GCP_SERVICE_ACCOUNT }}
1502-
1503-
-name:Set up Google Cloud SDK
1504-
uses:google-github-actions/setup-gcloud@aa5489c8933f4cc7a4f7d45035b3b1440c9c10db# v3.0.1
1505-
1506-
-name:Set up Flux CLI
1507-
uses:fluxcd/flux2/action@6bf37f6a560fd84982d67f853162e4b3c2235edb# v2.6.4
1508-
with:
1509-
# Keep this and the github action up to date with the version of flux installed in dogfood cluster
1510-
version:"2.5.1"
1511-
1512-
-name:Get Cluster Credentials
1513-
uses:google-github-actions/get-gke-credentials@3da1e46a907576cefaa90c484278bb5b259dd395# v3.0.0
1514-
with:
1515-
cluster_name:dogfood-v2
1516-
location:us-central1-a
1517-
project_id:coder-dogfood-v2
1518-
1519-
-name:Reconcile Flux
1520-
run:|
1521-
set -euxo pipefail
1522-
flux --namespace flux-system reconcile source git flux-system
1523-
flux --namespace flux-system reconcile source git coder-main
1524-
flux --namespace flux-system reconcile kustomization flux-system
1525-
flux --namespace flux-system reconcile kustomization coder
1526-
flux --namespace flux-system reconcile source chart coder-coder
1527-
flux --namespace flux-system reconcile source chart coder-coder-provisioner
1528-
flux --namespace coder reconcile helmrelease coder
1529-
flux --namespace coder reconcile helmrelease coder-provisioner
1530-
1531-
# Just updating Flux is usually not enough. The Helm release may get
1532-
# redeployed, but unless something causes the Deployment to update the
1533-
# pods won't be recreated. It's important that the pods get recreated,
1534-
# since we use `imagePullPolicy: Always` to ensure we're running the
1535-
# latest image.
1536-
-name:Rollout Deployment
1537-
run:|
1538-
set -euxo pipefail
1539-
kubectl --namespace coder rollout restart deployment/coder
1540-
kubectl --namespace coder rollout status deployment/coder
1541-
kubectl --namespace coder rollout restart deployment/coder-provisioner
1542-
kubectl --namespace coder rollout status deployment/coder-provisioner
1543-
kubectl --namespace coder rollout restart deployment/coder-provisioner-tagged
1544-
kubectl --namespace coder rollout status deployment/coder-provisioner-tagged
1545-
1546-
deploy-wsproxies:
1547-
runs-on:ubuntu-latest
1548-
needs:build
1549-
if:github.ref == 'refs/heads/main' && !github.event.pull_request.head.repo.fork
1550-
steps:
1551-
-name:Harden Runner
1552-
uses:step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a# v2.13.1
1553-
with:
1554-
egress-policy:audit
1555-
1556-
-name:Checkout
1557-
uses:actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8# v5.0.0
1558-
with:
1559-
fetch-depth:0
1560-
persist-credentials:false
1561-
1562-
-name:Setup flyctl
1563-
uses:superfly/flyctl-actions/setup-flyctl@fc53c09e1bc3be6f54706524e3b82c4f462f77be# v1.5
1564-
1565-
-name:Deploy workspace proxies
1566-
run:|
1567-
flyctl deploy --image "$IMAGE" --app paris-coder --config ./.github/fly-wsproxies/paris-coder.toml --env "CODER_PROXY_SESSION_TOKEN=$TOKEN_PARIS" --yes
1568-
flyctl deploy --image "$IMAGE" --app sydney-coder --config ./.github/fly-wsproxies/sydney-coder.toml --env "CODER_PROXY_SESSION_TOKEN=$TOKEN_SYDNEY" --yes
1569-
flyctl deploy --image "$IMAGE" --app sao-paulo-coder --config ./.github/fly-wsproxies/sao-paulo-coder.toml --env "CODER_PROXY_SESSION_TOKEN=$TOKEN_SAO_PAULO" --yes
1570-
flyctl deploy --image "$IMAGE" --app jnb-coder --config ./.github/fly-wsproxies/jnb-coder.toml --env "CODER_PROXY_SESSION_TOKEN=$TOKEN_JNB" --yes
1571-
env:
1572-
FLY_API_TOKEN:${{ secrets.FLY_API_TOKEN }}
1573-
IMAGE:${{ needs.build.outputs.IMAGE }}
1574-
TOKEN_PARIS:${{ secrets.FLY_PARIS_CODER_PROXY_SESSION_TOKEN }}
1575-
TOKEN_SYDNEY:${{ secrets.FLY_SYDNEY_CODER_PROXY_SESSION_TOKEN }}
1576-
TOKEN_SAO_PAULO:${{ secrets.FLY_SAO_PAULO_CODER_PROXY_SESSION_TOKEN }}
1577-
TOKEN_JNB:${{ secrets.FLY_JNB_CODER_PROXY_SESSION_TOKEN }}
1495+
packages:write# to retag image as dogfood
1496+
secrets:
1497+
FLY_API_TOKEN:${{ secrets.FLY_API_TOKEN }}
1498+
FLY_PARIS_CODER_PROXY_SESSION_TOKEN:${{ secrets.FLY_PARIS_CODER_PROXY_SESSION_TOKEN }}
1499+
FLY_SYDNEY_CODER_PROXY_SESSION_TOKEN:${{ secrets.FLY_SYDNEY_CODER_PROXY_SESSION_TOKEN }}
1500+
FLY_SAO_PAULO_CODER_PROXY_SESSION_TOKEN:${{ secrets.FLY_SAO_PAULO_CODER_PROXY_SESSION_TOKEN }}
1501+
FLY_JNB_CODER_PROXY_SESSION_TOKEN:${{ secrets.FLY_JNB_CODER_PROXY_SESSION_TOKEN }}
15781502

15791503
# sqlc-vet runs a postgres docker container, runs Coder migrations, and then
15801504
# runs sqlc-vet to ensure all queries are valid. This catches any mistakes

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp