Oct 14, 2024 · Oct 8, 2024 · Oct 8, 2024 · Oct 8, 2024 · Oct 9, 2024
diff --git a/.github/actions/setup-go/action.yaml b/.github/actions/setup-go/action.yaml
  using: "composite"
  steps:
    - name: Setup Go
      uses: actions/setup-go@v5
      uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
      with:
        go-version: ${{ inputs.version }}

diff --git a/.github/actions/setup-node/action.yaml b/.github/actions/setup-node/action.yaml
  using: "composite"
  steps:
    - name: Install pnpm
      uses: pnpm/action-setup@v3
      with:
        version: 9.6
      uses: pnpm/action-setup@fe02b34f77f8bc703788d5817da081398fad5dd2 # v4.0.0

    - name: Setup Node
      uses: actions/setup-node@v4.0.3
      uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 #v4.0.4
      with:
        node-version: 20.16.0
        # See https://github.com/actions/setup-node#caching-global-packages-data
        cache: "pnpm"
        cache-dependency-path: ${{ inputs.directory }}/pnpm-lock.yaml

    - name: Install root node_modules
      shell: bash
      run: ./scripts/pnpm_install.sh
diff --git a/.github/actions/setup-sqlc/action.yaml b/.github/actions/setup-sqlc/action.yaml
  using: "composite"
  steps:
    - name: Setup sqlc
      uses: sqlc-dev/setup-sqlc@v4
      uses: sqlc-dev/setup-sqlc@c0209b9199cd1cce6a14fc27cabcec491b651761 # v4.0.0
      with:
        sqlc-version: "1.25.0"
diff --git a/.github/actions/setup-tf/action.yaml b/.github/actions/setup-tf/action.yaml
  using: "composite"
  steps:
    - name: Install Terraform
      uses: hashicorp/setup-terraform@v3
      uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2
      with:
        terraform_version: 1.9.2
        terraform_wrapper: false
diff --git a/.github/actions/upload-datadog/action.yaml b/.github/actions/upload-datadog/action.yaml
 name: Upload tests to datadog
 if: always()
 description: |
  Uploads the test results to datadog.
 inputs:
  api-key:
    description: "Datadog API key"
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
      tailnet-integration: ${{ steps.filter.outputs.tailnet-integration }}
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
        with:
          fetch-depth: 1
      # For pull requests it's not necessary to checkout the code
      - name: check changed files
        uses: dorny/paths-filter@v3
        uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
        id: filter
        with:
          filters: |
  #   runs-on: ${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-8' || 'ubuntu-latest' }}
  #   steps:
  #     - name: Checkout
  #       uses: actions/checkout@v4
  #       uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
  #       with:
  #         fetch-depth: 1
  #         # See: https://github.com/stefanzweifel/git-auto-commit-action?tab=readme-ov-file#commits-made-by-this-action-do-not-trigger-new-workflow-runs
  #       run: ./scripts/update-flake.sh

  #     # auto update flake for dependabot
  #     - uses: stefanzweifel/git-auto-commit-action@v5
  #     - uses: stefanzweifel/git-auto-commit-action@8621497c8c39c72f3e2a999a26b4ca1b5058a842 # v5.0.1
  #       if: github.actor == 'dependabot[bot]'
  #       with:
  #         # Allows dependabot to still rebase!
    runs-on: ${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-8' || 'ubuntu-latest' }}
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
        with:
          fetch-depth: 1

          echo "LINT_CACHE_DIR=$dir" >> $GITHUB_ENV

      - name: golangci-lint cache
        uses: actions/cache@v4
        uses: actions/cache@2cdf405574d6ef1f33a1d12acccd3ae82f47b3f2 # v4.1.0
        with:
          path: |
            ${{ env.LINT_CACHE_DIR }}

      # Check for any typos
      - name: Check for typos
        uses: crate-ci/typos@v1.26.0
        uses: crate-ci/typos@6802cc60d4e7f78b9d5454f6cf3935c042d5e1e3 #v1.26.0
        with:
          config: .github/workflows/typos.toml


      # Needed for helm chart linting
      - name: Install helm
        uses: azure/setup-helm@v4
        uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0
        with:
          version: v3.9.2

    if: needs.changes.outputs.docs-only == 'false' || needs.changes.outputs.ci == 'true' || github.ref == 'refs/heads/main'
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
        with:
          fetch-depth: 1

    timeout-minutes: 7
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
        with:
          fetch-depth: 1

          - windows-2022
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
        with:
          fetch-depth: 1

    timeout-minutes: 25
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
        with:
          fetch-depth: 1

    timeout-minutes: 25
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
        with:
          fetch-depth: 1

    timeout-minutes: 25
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
        with:
          fetch-depth: 1

    timeout-minutes: 20
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
        with:
          fetch-depth: 1

    timeout-minutes: 20
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
        with:
          fetch-depth: 1

    name: ${{ matrix.variant.name }}
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
        with:
          fetch-depth: 1


      - name: Upload Playwright Failed Tests
        if: always() && github.actor != 'dependabot[bot]' && runner.os == 'Linux' && !github.event.pull_request.head.repo.fork
        uses: actions/upload-artifact@v4
        uses: actions/upload-artifact@604373da6381bf24206979c74d06a550515601b9 # v4.4.1
        with:
          name: failed-test-videos${{ matrix.variant.enterprise && '-enterprise' || '-agpl' }}
          path: ./site/test-results/**/*.webm
          retention-days: 7

      - name: Upload pprof dumps
        if: always() && github.actor != 'dependabot[bot]' && runner.os == 'Linux' && !github.event.pull_request.head.repo.fork
        uses: actions/upload-artifact@v4
        uses: actions/upload-artifact@604373da6381bf24206979c74d06a550515601b9 # v4.4.1
        with:
          name: debug-pprof-dumps${{ matrix.variant.enterprise && '-enterprise' || '-agpl'  }}
          path: ./site/test-results/**/debug-pprof-*.txt
    if: needs.changes.outputs.ts == 'true' || needs.changes.outputs.ci == 'true'
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
        with:
          # Required by Chromatic for build-over-build history, otherwise we
          # only get 1 commit on shallow checkout.
      # the check to pass. This is desired in PRs, but not in mainline.
      - name: Publish to Chromatic (non-mainline)
        if: github.ref != 'refs/heads/main' && github.repository_owner == 'coder'
        uses: chromaui/action@v10
        uses: chromaui/action@30b6228aa809059d46219e0f556752e8672a7e26 # v11.11.0
        env:
          NODE_OPTIONS: "--max_old_space_size=4096"
          STORYBOOK: true
      # infinitely "in progress" in mainline unless we re-review each build.
      - name: Publish to Chromatic (mainline)
        if: github.ref == 'refs/heads/main' && github.repository_owner == 'coder'
        uses: chromaui/action@v10
        uses: chromaui/action@30b6228aa809059d46219e0f556752e8672a7e26 # v11.11.0
        env:
          NODE_OPTIONS: "--max_old_space_size=4096"
          STORYBOOK: true

    steps:
      - name: Checkout
        uses: actions/checkout@v4
        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
        with:
          # 0 is required here for version.sh to work.
          fetch-depth: 0
      IMAGE: ghcr.io/coder/coder-preview:${{ steps.build-docker.outputs.tag }}
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
        with:
          fetch-depth: 0

      - name: GHCR Login
        uses: docker/login-action@v3
        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
        with:
          registry: ghcr.io
          username: ${{ github.actor }}

      - name: Prune old images
        if: github.ref == 'refs/heads/main'
        uses: vlaurin/action-ghcr-prune@v0.6.0
        uses: vlaurin/action-ghcr-prune@0cf7d39f88546edd31965acba78cdcb0be14d641 #v0.6.0
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
          organization: coder

      - name: Upload build artifacts
        if: github.ref == 'refs/heads/main'
        uses: actions/upload-artifact@v4
        uses: actions/upload-artifact@604373da6381bf24206979c74d06a550515601b9 # v4.4.1
        with:
          name: coder
          path: |
      id-token: write
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
        with:
          fetch-depth: 0

      - name: Authenticate to Google Cloud
        uses: google-github-actions/auth@v2
        uses: google-github-actions/auth@8254fb75a33b976a221574d287e93919e6a36f70 # v2.1.6
        with:
          workload_identity_provider: projects/573722524737/locations/global/workloadIdentityPools/github/providers/github
          service_account: coder-ci@coder-dogfood.iam.gserviceaccount.com

      - name: Set up Google Cloud SDK
        uses: google-github-actions/setup-gcloud@v2
        uses: google-github-actions/setup-gcloud@f0990588f1e5b5af6827153b93673613abdc6ec7 # v2.1.1

      - name: Set up Flux CLI
        uses: fluxcd/flux2/action@main
        uses: fluxcd/flux2/action@9b3958825a314eb79495c6993ef397ddbf87f32f # v2.2.1
        with:
          # Keep this up to date with the version of flux installed in dogfood cluster
          # Keep thisand the github actionup to date with the version of flux installed in dogfood cluster
          version: "2.2.1"

      - name: Get Cluster Credentials
        uses:"google-github-actions/get-gke-credentials@v2"
        uses: google-github-actions/get-gke-credentials@6051de21ad50fbb1767bc93c11357a49082ad116 # v2.2.1
        with:
          cluster_name: dogfood-v2
          location: us-central1-a
    if: github.ref == 'refs/heads/main' && !github.event.pull_request.head.repo.fork
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
        with:
          fetch-depth: 0

      - name: Setup flyctl
        uses: superfly/flyctl-actions/setup-flyctl@master
        uses: superfly/flyctl-actions/setup-flyctl@fc53c09e1bc3be6f54706524e3b82c4f462f77be # v1.5

      - name: Deploy workspace proxies
        run: |
    if: needs.changes.outputs.db == 'true' || needs.changes.outputs.ci == 'true' || github.ref == 'refs/heads/main'
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
        with:
          fetch-depth: 1
      # We need golang to run the migration main.go
diff --git a/.github/workflows/contrib.yaml b/.github/workflows/contrib.yaml
      pull-requests: write
    steps:
      - name: auto-approve dependabot
        uses: hmarr/auto-approve-action@v4
        uses: hmarr/auto-approve-action@f0939ea97e9205ef24d872e76833fa908a770363 # v4.0.0
        if: github.actor == 'dependabot[bot]'

  cla:
    runs-on: ubuntu-latest
    steps:
      - name: cla
        if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request_target'
        uses: contributor-assistant/github-action@v2.6.1
        uses: contributor-assistant/github-action@ca4a40a7d1004f18d9960b404b97e5f30a505a08 #v2.6.1
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          # the below token should have repo scope and must be manually added by you in the repository's secret
    if: ${{ github.event_name == 'pull_request_target' && !github.event.pull_request.draft }}
    steps:
      - name: release-labels
        uses: actions/github-script@v7
        uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
        with:
          # This script ensures PR title and labels are in sync:
          #
Original file line number	Diff line number	Diff line change
Expand Up		@@ -9,7 +9,7 @@ runs:
		using: "composite"
		steps:
		- name: Setup Go
		uses: actions/setup-go@v5
		uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2
		with:
		go-version: ${{ inputs.version }}

Expand Down
Original file line number	Diff line number	Diff line change
Expand Up		@@ -11,16 +11,16 @@ runs:
		using: "composite"
		steps:
		- name: Install pnpm
		uses: pnpm/action-setup@v3
		with:
		version: 9.6
Comment on lines -15 to -16 Copy link MemberAuthor matifaliOct 8, 2024 Choose a reason for hiding this comment The reason will be displayed to describe this comment to others.Learn more. removed to use the version from`packages.json` Copy link MemberAuthor matifaliOct 9, 2024 Choose a reason for hiding this comment The reason will be displayed to describe this comment to others.Learn more. we specified`pnpm` version 9.7 in package.json and 9.6 here, which was conflicting. cc:@BrunoQuaresma @aslilac BrunoQuaresma reacted with thumbs up emoji
		uses: pnpm/action-setup@fe02b34f77f8bc703788d5817da081398fad5dd2 # v4.0.0

		- name: Setup Node
		uses: actions/setup-node@v4.0.3
		uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 #v4.0.4
		with:
		node-version: 20.16.0
		# See https://github.com/actions/setup-node#caching-global-packages-data
		cache: "pnpm"
		cache-dependency-path: ${{ inputs.directory }}/pnpm-lock.yaml

		- name: Install root node_modules
		shell: bash
		run: ./scripts/pnpm_install.sh
Expand Down
Original file line number	Diff line number	Diff line change
Expand Up		@@ -5,6 +5,6 @@ runs:
		using: "composite"
		steps:
		- name: Setup sqlc
		uses: sqlc-dev/setup-sqlc@v4
		uses: sqlc-dev/setup-sqlc@c0209b9199cd1cce6a14fc27cabcec491b651761 # v4.0.0
		with:
		sqlc-version: "1.25.0"
Original file line number	Diff line number	Diff line change
Expand Up		@@ -5,7 +5,7 @@ runs:
		using: "composite"
		steps:
		- name: Install Terraform
		uses: hashicorp/setup-terraform@v3
		uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2
		with:
		terraform_version: 1.9.2
		terraform_wrapper: false
Original file line number	Diff line number	Diff line change
		@@ -1,5 +1,6 @@
		name: Upload tests to datadog
		if: always()
		description: \|
		Uploads the test results to datadog.
		inputs:
		api-key:
		description: "Datadog API key"
Expand Down
Original file line number	Diff line number	Diff line change
Expand Up		@@ -43,12 +43,12 @@ jobs:
		tailnet-integration: ${{ steps.filter.outputs.tailnet-integration }}
		steps:
		- name: Checkout
		uses: actions/checkout@v4
		uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
		with:
		fetch-depth: 1
		# For pull requests it's not necessary to checkout the code
		- name: check changed files
		uses: dorny/paths-filter@v3
		uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
		id: filter
		with:
		filters: \|
Expand DownExpand Up		@@ -125,7 +125,7 @@ jobs:
		# runs-on: ${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-8' \|\| 'ubuntu-latest' }}
		# steps:
		# - name: Checkout
		# uses: actions/checkout@v4
		# uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
		# with:
		# fetch-depth: 1
		# # See: https://github.com/stefanzweifel/git-auto-commit-action?tab=readme-ov-file#commits-made-by-this-action-do-not-trigger-new-workflow-runs
Expand All		@@ -138,7 +138,7 @@ jobs:
		# run: ./scripts/update-flake.sh

		# # auto update flake for dependabot
		# - uses: stefanzweifel/git-auto-commit-action@v5
		# - uses: stefanzweifel/git-auto-commit-action@8621497c8c39c72f3e2a999a26b4ca1b5058a842 # v5.0.1
		# if: github.actor == 'dependabot[bot]'
		# with:
		# # Allows dependabot to still rebase!
Expand All		@@ -158,7 +158,7 @@ jobs:
		runs-on: ${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-8' \|\| 'ubuntu-latest' }}
		steps:
		- name: Checkout
		uses: actions/checkout@v4
		uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
		with:
		fetch-depth: 1

Expand All		@@ -176,7 +176,7 @@ jobs:
		echo "LINT_CACHE_DIR=$dir" >> $GITHUB_ENV

		- name: golangci-lint cache
		uses: actions/cache@v4
		uses: actions/cache@2cdf405574d6ef1f33a1d12acccd3ae82f47b3f2 # v4.1.0
		with:
		path: \|
		${{ env.LINT_CACHE_DIR }}
Expand All		@@ -186,7 +186,7 @@ jobs:

		# Check for any typos
		- name: Check for typos
		uses: crate-ci/typos@v1.26.0
		uses: crate-ci/typos@6802cc60d4e7f78b9d5454f6cf3935c042d5e1e3 #v1.26.0
		with:
		config: .github/workflows/typos.toml

Expand All		@@ -199,7 +199,7 @@ jobs:

		# Needed for helm chart linting
		- name: Install helm
		uses: azure/setup-helm@v4
		uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0
		with:
		version: v3.9.2

Expand All		@@ -220,7 +220,7 @@ jobs:
		if: needs.changes.outputs.docs-only == 'false' \|\| needs.changes.outputs.ci == 'true' \|\| github.ref == 'refs/heads/main'
		steps:
		- name: Checkout
		uses: actions/checkout@v4
		uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
		with:
		fetch-depth: 1

Expand DownExpand Up		@@ -269,7 +269,7 @@ jobs:
		timeout-minutes: 7
		steps:
		- name: Checkout
		uses: actions/checkout@v4
		uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
		with:
		fetch-depth: 1

Expand DownExpand Up		@@ -305,7 +305,7 @@ jobs:
		- windows-2022
		steps:
		- name: Checkout
		uses: actions/checkout@v4
		uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
		with:
		fetch-depth: 1

Expand DownExpand Up		@@ -359,7 +359,7 @@ jobs:
		timeout-minutes: 25
		steps:
		- name: Checkout
		uses: actions/checkout@v4
		uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
		with:
		fetch-depth: 1

Expand DownExpand Up		@@ -399,7 +399,7 @@ jobs:
		timeout-minutes: 25
		steps:
		- name: Checkout
		uses: actions/checkout@v4
		uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
		with:
		fetch-depth: 1

Expand DownExpand Up		@@ -431,7 +431,7 @@ jobs:
		timeout-minutes: 25
		steps:
		- name: Checkout
		uses: actions/checkout@v4
		uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
		with:
		fetch-depth: 1

Expand DownExpand Up		@@ -467,7 +467,7 @@ jobs:
		timeout-minutes: 20
		steps:
		- name: Checkout
		uses: actions/checkout@v4
		uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
		with:
		fetch-depth: 1

Expand All		@@ -488,7 +488,7 @@ jobs:
		timeout-minutes: 20
		steps:
		- name: Checkout
		uses: actions/checkout@v4
		uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
		with:
		fetch-depth: 1

Expand All		@@ -514,7 +514,7 @@ jobs:
		name: ${{ matrix.variant.name }}
		steps:
		- name: Checkout
		uses: actions/checkout@v4
		uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
		with:
		fetch-depth: 1

Expand DownExpand Up		@@ -555,15 +555,15 @@ jobs:

		- name: Upload Playwright Failed Tests
		if: always() && github.actor != 'dependabot[bot]' && runner.os == 'Linux' && !github.event.pull_request.head.repo.fork
		uses: actions/upload-artifact@v4
		uses: actions/upload-artifact@604373da6381bf24206979c74d06a550515601b9 # v4.4.1
		with:
		name: failed-test-videos${{ matrix.variant.enterprise && '-enterprise' \|\| '-agpl' }}
		path: ./site/test-results/*/.webm
		retention-days: 7

		- name: Upload pprof dumps
		if: always() && github.actor != 'dependabot[bot]' && runner.os == 'Linux' && !github.event.pull_request.head.repo.fork
		uses: actions/upload-artifact@v4
		uses: actions/upload-artifact@604373da6381bf24206979c74d06a550515601b9 # v4.4.1
		with:
		name: debug-pprof-dumps${{ matrix.variant.enterprise && '-enterprise' \|\| '-agpl' }}
		path: ./site/test-results/*/debug-pprof-.txt
Expand All		@@ -576,7 +576,7 @@ jobs:
		if: needs.changes.outputs.ts == 'true' \|\| needs.changes.outputs.ci == 'true'
		steps:
		- name: Checkout
		uses: actions/checkout@v4
		uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
		with:
		# Required by Chromatic for build-over-build history, otherwise we
		# only get 1 commit on shallow checkout.
Expand All		@@ -590,7 +590,7 @@ jobs:
		# the check to pass. This is desired in PRs, but not in mainline.
		- name: Publish to Chromatic (non-mainline)
		if: github.ref != 'refs/heads/main' && github.repository_owner == 'coder'
		uses: chromaui/action@v10
		uses: chromaui/action@30b6228aa809059d46219e0f556752e8672a7e26 # v11.11.0
		env:
		NODE_OPTIONS: "--max_old_space_size=4096"
		STORYBOOK: true
Expand DownExpand Up		@@ -621,7 +621,7 @@ jobs:
		# infinitely "in progress" in mainline unless we re-review each build.
		- name: Publish to Chromatic (mainline)
		if: github.ref == 'refs/heads/main' && github.repository_owner == 'coder'
		uses: chromaui/action@v10
		uses: chromaui/action@30b6228aa809059d46219e0f556752e8672a7e26 # v11.11.0
		env:
		NODE_OPTIONS: "--max_old_space_size=4096"
		STORYBOOK: true
Expand All		@@ -648,7 +648,7 @@ jobs:

		steps:
		- name: Checkout
		uses: actions/checkout@v4
		uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
		with:
		# 0 is required here for version.sh to work.
		fetch-depth: 0
Expand DownExpand Up		@@ -749,12 +749,12 @@ jobs:
		IMAGE: ghcr.io/coder/coder-preview:${{ steps.build-docker.outputs.tag }}
		steps:
		- name: Checkout
		uses: actions/checkout@v4
		uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
		with:
		fetch-depth: 0

		- name: GHCR Login
		uses: docker/login-action@v3
		uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
		with:
		registry: ghcr.io
		username: ${{ github.actor }}
Expand DownExpand Up		@@ -829,7 +829,7 @@ jobs:

		- name: Prune old images
		if: github.ref == 'refs/heads/main'
		uses: vlaurin/action-ghcr-prune@v0.6.0
		uses: vlaurin/action-ghcr-prune@0cf7d39f88546edd31965acba78cdcb0be14d641 #v0.6.0
		with:
		token: ${{ secrets.GITHUB_TOKEN }}
		organization: coder
Expand All		@@ -844,7 +844,7 @@ jobs:

		- name: Upload build artifacts
		if: github.ref == 'refs/heads/main'
		uses: actions/upload-artifact@v4
		uses: actions/upload-artifact@604373da6381bf24206979c74d06a550515601b9 # v4.4.1
		with:
		name: coder
		path: \|
Expand All		@@ -868,27 +868,27 @@ jobs:
		id-token: write
		steps:
		- name: Checkout
		uses: actions/checkout@v4
		uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
		with:
		fetch-depth: 0

		- name: Authenticate to Google Cloud
		uses: google-github-actions/auth@v2
		uses: google-github-actions/auth@8254fb75a33b976a221574d287e93919e6a36f70 # v2.1.6
		with:
		workload_identity_provider: projects/573722524737/locations/global/workloadIdentityPools/github/providers/github
		service_account: coder-ci@coder-dogfood.iam.gserviceaccount.com

		- name: Set up Google Cloud SDK
		uses: google-github-actions/setup-gcloud@v2
		uses: google-github-actions/setup-gcloud@f0990588f1e5b5af6827153b93673613abdc6ec7 # v2.1.1

		- name: Set up Flux CLI
		uses: fluxcd/flux2/action@main
		uses: fluxcd/flux2/action@9b3958825a314eb79495c6993ef397ddbf87f32f # v2.2.1
		with:
		# Keep this up to date with the version of flux installed in dogfood cluster
		# Keep thisand the github actionup to date with the version of flux installed in dogfood cluster
		version: "2.2.1"

		- name: Get Cluster Credentials
		uses:"google-github-actions/get-gke-credentials@v2"
		uses: google-github-actions/get-gke-credentials@6051de21ad50fbb1767bc93c11357a49082ad116 # v2.2.1
		with:
		cluster_name: dogfood-v2
		location: us-central1-a
Expand DownExpand Up		@@ -925,12 +925,12 @@ jobs:
		if: github.ref == 'refs/heads/main' && !github.event.pull_request.head.repo.fork
		steps:
		- name: Checkout
		uses: actions/checkout@v4
		uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
		with:
		fetch-depth: 0

		- name: Setup flyctl
		uses: superfly/flyctl-actions/setup-flyctl@master
		uses: superfly/flyctl-actions/setup-flyctl@fc53c09e1bc3be6f54706524e3b82c4f462f77be # v1.5

		- name: Deploy workspace proxies
		run: \|
Expand All		@@ -955,7 +955,7 @@ jobs:
		if: needs.changes.outputs.db == 'true' \|\| needs.changes.outputs.ci == 'true' \|\| github.ref == 'refs/heads/main'
		steps:
		- name: Checkout
		uses: actions/checkout@v4
		uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
		with:
		fetch-depth: 1
		# We need golang to run the migration main.go
Expand Down
Original file line number	Diff line number	Diff line change
Expand Up		@@ -28,15 +28,15 @@ jobs:
		pull-requests: write
		steps:
		- name: auto-approve dependabot
		uses: hmarr/auto-approve-action@v4
		uses: hmarr/auto-approve-action@f0939ea97e9205ef24d872e76833fa908a770363 # v4.0.0
		if: github.actor == 'dependabot[bot]'

		cla:
		runs-on: ubuntu-latest
		steps:
		- name: cla
		if: (github.event.comment.body == 'recheck' \|\| github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') \|\| github.event_name == 'pull_request_target'
		uses: contributor-assistant/github-action@v2.6.1
		uses: contributor-assistant/github-action@ca4a40a7d1004f18d9960b404b97e5f30a505a08 #v2.6.1
		env:
		GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
		# the below token should have repo scope and must be manually added by you in the repository's secret
Expand All		@@ -57,7 +57,7 @@ jobs:
		if: ${{ github.event_name == 'pull_request_target' && !github.event.pull_request.draft }}
		steps:
		- name: release-labels
		uses: actions/github-script@v7
		uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
		with:
		# This script ensures PR title and labels are in sync:
		#
Expand Down