release-github-draft.sh: Remove incorrect assets reference

I think at some point this script created the release and attached
assets but that's not the case anymore.

For some reason this would error with undefined variable reference for
joe but bash doesn't complain for me or Asher.

Not sure what the difference is.

.dockerignore

@@ -1,10 +1,3 @@
-Dockerfile
-# Docs
-doc/
-# GitHub stuff
-.github
-.gitignore
-.travis.yml
-LICENSE
-README.md
-node_modules
+**
+!release-packages
+!ci

.editorconfig

@@ -0,0 +1,6 @@
+root = true
+
+[*]
+indent_style = space
+trim_trailing_whitespace = true
+indent_size = 2

.eslintrc.yaml

@@ -0,0 +1,44 @@
+parser: "@typescript-eslint/parser"
+env:
+  browser: true
+  es6: true # Map, etc.
+  jest: true
+  node: true
+
+parserOptions:
+  ecmaVersion: 2018
+  sourceType: module
+
+extends:
+  - eslint:recommended
+  - plugin:@typescript-eslint/recommended
+  - plugin:import/recommended
+  - plugin:import/typescript
+  - plugin:prettier/recommended
+  - prettier # Removes eslint rules that conflict with prettier.
+  - prettier/@typescript-eslint # Remove conflicts again.
+
+rules:
+  # Sometimes you need to add args to implement a function signature even
+  # if they are unused.
+  "@typescript-eslint/no-unused-vars": ["error", { "args": "none" }]
+  # For overloads.
+  no-dupe-class-members: off
+  "@typescript-eslint/no-use-before-define": off
+  "@typescript-eslint/no-non-null-assertion": off
+  "@typescript-eslint/ban-types": off
+  "@typescript-eslint/no-var-requires": off
+  "@typescript-eslint/explicit-module-boundary-types": off
+  "@typescript-eslint/no-explicit-any": off
+  eqeqeq: error
+  import/order:
+    [error, { alphabetize: { order: "asc" }, groups: [["builtin", "external", "internal"], "parent", "sibling"] }]
+  no-async-promise-executor: off
+  # This isn't a real module, just types, which apparently doesn't resolve.
+  import/no-unresolved: [error, { ignore: ["express-serve-static-core"] }]
+
+settings:
+  # Does not work with CommonJS unfortunately.
+  import/ignore:
+    - env-paths
+    - xdg-basedir

.gitattributes

@@ -0,0 +1 @@
+*.afdesign filter=lfs diff=lfs merge=lfs -text

.github/CODEOWNERS

@@ -1,2 +1 @@
-* @code-asher @kylecarbs
-Dockerfile @nhooyr
+ci/helm-chart @Matthew-Beckett @alexgorbatchev

.github/ISSUE_TEMPLATE/bug-report.md

@@ -0,0 +1,28 @@
+---
+name: Bug report
+about: Report a bug and help us improve
+title: ""
+labels: ""
+assignees: ""
+---
+
+<!--
+Please see https://github.com/cdr/code-server/blob/master/docs/FAQ.md#how-do-i-debug-issues-with-code-server
+and include any logging information relevant to the issue.
+
+Please search for existing issues before filing.
+
+If you can reproduce the issue on vanilla VS Code,
+please file the issue at the VS Code repository instead.
+
+Provide screenshots if applicable.
+
+Please fill in the issue template and try to be as detailed
+and clear as possible!
+-->
+
+- Web Browser:
+- Local OS:
+- Remote OS:
+- Remote Architecture:
+- `code-server --version`:

.github/ISSUE_TEMPLATE/bug_report.md

@@ -1,22 +0,0 @@
----
-name: Bug Report
-about: Report problems and unexpected behavior.
-title: ''
-labels: 'bug'
-assignees: ''
----
-
-<!-- Please search existing issues to avoid creating duplicates. -->
-<!-- All extension-specific issues should be created with the `Extension Bug` template. -->
-
-- `code-server` version: <!-- The version of code-server -->
-- OS Version: <!-- OS version, cloud provider,  -->
-
-## Description
-
-<!-- Describes the problem here -->
-
-## Steps to Reproduce
-
-1. <!-- step 1: click ... -->
-1. <!-- step 2: ... -->

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,8 @@
+blank_issues_enabled: false
+contact_links:
+  - name: Question
+    url: https://github.com/cdr/code-server/discussions/new?category_id=22503114
+    about: Ask the community for help on our GitHub Discussions board
+  - name: Chat
+    about: Need immediate help or just want to talk? Hop in our Slack
+    url: https://cdr.co/join-community

.github/ISSUE_TEMPLATE/doc.md

@@ -0,0 +1,7 @@
+---
+name: Documentation improvement
+about: Suggest a documentation improvement
+title: ""
+labels: "docs"
+assignees: ""
+---

.github/ISSUE_TEMPLATE/extension-request.md

@@ -0,0 +1,18 @@
+---
+name: Extension request
+about: Request an extension missing from the code-server marketplace
+title: ""
+labels: extension-request
+assignees: ""
+---
+
+<!--
+Details on the code-server extension marketplace are at
+
+https://github.com/cdr/code-server/blob/master/docs/FAQ.md#whats-the-deal-with-extensions
+
+Please fill in the issue template!
+-->
+
+- [ ] Extension name:
+- [ ] Extension GitHub or homepage:

.github/ISSUE_TEMPLATE/extension_bug.md

@@ -1,22 +0,0 @@
----
-name: Extension Bug
-about: Report problems and unexpected behavior with extensions.
-title: ''
-labels: 'extension-specific'
-assignees: ''
----
-
-<!-- Please search existing issues to avoid creating duplicates. -->
-
-- `code-server` version: <!-- The version of code-server -->
-- OS Version: <!-- OS version, cloud provider,  -->
-- Extension: <!-- Link to extension -->
-
-## Description
-
-<!-- Describes the problem here -->
-
-## Steps to Reproduce
-
-1. <!-- step 1: click ... -->
-1. <!-- step 2: ... -->

.github/ISSUE_TEMPLATE/feature-request.md

@@ -0,0 +1,13 @@
+---
+name: Feature request
+about: Suggest an idea
+title: ""
+labels: feature
+assignees: ""
+---
+
+<!--
+Please search for existing issues before filing.
+
+Please describe the feature as clearly as possible!
+-->

.github/ISSUE_TEMPLATE/feature_request.md

@@ -1,11 +0,0 @@
----
-name: Feature Request
-about: Suggest an idea for this project.
-title: ''
-labels: 'feature'
-assignees: ''
----
-
-<!-- Please search existing issues to avoid creating duplicates. -->
-
-<!-- Describe the feature you'd like. -->

.github/ISSUE_TEMPLATE/question.md

@@ -1,17 +0,0 @@
----
-name: Question
-about: Ask a question.
-title: ''
-labels: 'question'
-assignees: ''
----
-
-<!-- Please search existing issues to avoid creating duplicates. -->
-
-## Description
-
-<!-- A description of the the question. -->
-
-## Related Issues
-
-<!-- Any issues related to your question. -->

.github/lock.yml

@@ -0,0 +1,37 @@
+# Configuration for Lock Threads - https://github.com/dessant/lock-threads-app
+
+# Number of days of inactivity before a closed issue or pull request is locked
+daysUntilLock: 90
+
+# Skip issues and pull requests created before a given timestamp. Timestamp must
+# follow ISO 8601 (`YYYY-MM-DD`). Set to `false` to disable
+skipCreatedBefore: false
+
+# Issues and pull requests with these labels will be ignored. Set to `[]` to disable
+exemptLabels: []
+
+# Label to add before locking, such as `outdated`. Set to `false` to disable
+lockLabel: false
+
+# Comment to post before locking. Set to `false` to disable
+lockComment: >
+  This thread has been automatically locked since there has not been
+  any recent activity after it was closed. Please open a new issue for
+  related bugs.
+
+# Assign `resolved` as the reason for locking. Set to `false` to disable
+setLockReason: true
+# Limit to only `issues` or `pulls`
+# only: issues
+
+# Optionally, specify configuration settings just for `issues` or `pulls`
+# issues:
+#   exemptLabels:
+#     - help-wanted
+#   lockLabel: outdated
+
+# pulls:
+#   daysUntilLock: 30
+
+# Repository to extend settings from
+# _extends: repo

.github/pull_request_template.md

@@ -1,6 +1,6 @@
-<!-- Please answer these questions before submitting your PR. Thanks! -->
-
-### Describe in detail the problem you had and how this PR fixes it
-
-### Is there an open issue you can link to?
+<!--
+Please link to the issue this PR solves.
+If there is no existing issue, please first create one unless the fix is minor.
 
+Please make sure the base of your PR is the master branch!
+-->

.github/workflows/ci.yaml

@@ -0,0 +1,157 @@
+name: ci
+
+on: [push]
+
+jobs:
+  fmt:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - name: Run ./ci/steps/fmt.sh
+        uses: ./ci/images/debian10
+        with:
+          args: ./ci/steps/fmt.sh
+
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - name: Run ./ci/steps/lint.sh
+        uses: ./ci/images/debian10
+        with:
+          args: ./ci/steps/lint.sh
+
+  test:
+    needs: linux-amd64
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - name: Download release packages
+        uses: actions/download-artifact@v2
+        with:
+          name: release-packages
+          path: ./release-packages
+      - name: Untar code-server file
+        run: |
+          cd release-packages && tar -xzf code-server*-linux-amd64.tar.gz
+      - uses: microsoft/playwright-github-action@v1
+      - name: Install dependencies and run tests
+        run: |
+          node ./release-packages/code-server*-linux-amd64 &
+          yarn --frozen-lockfile
+          yarn test
+
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - name: Run ./ci/steps/release.sh
+        uses: ./ci/images/debian10
+        with:
+          args: ./ci/steps/release.sh
+      - name: Upload npm package artifact
+        uses: actions/upload-artifact@v2
+        with:
+          name: npm-package
+          path: ./release-npm-package
+
+  linux-amd64:
+    needs: release
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - name: Download npm package
+        uses: actions/download-artifact@v2
+        with:
+          name: npm-package
+          path: ./release-npm-package
+      - name: Run ./ci/steps/release-packages.sh
+        uses: ./ci/images/centos7
+        with:
+          args: ./ci/steps/release-packages.sh
+      - name: Upload release artifacts
+        uses: actions/upload-artifact@v2
+        with:
+          name: release-packages
+          path: ./release-packages
+
+  linux-arm64:
+    needs: release
+    runs-on: ubuntu-arm64-latest
+    steps:
+      - uses: actions/checkout@v1
+      - name: Download npm package
+        uses: actions/download-artifact@v2
+        with:
+          name: npm-package
+          path: ./release-npm-package
+      - name: Run ./ci/steps/release-packages.sh
+        uses: ./ci/images/centos7
+        with:
+          args: ./ci/steps/release-packages.sh
+      - name: Upload release artifacts
+        uses: actions/upload-artifact@v2
+        with:
+          name: release-packages
+          path: ./release-packages
+
+  macos-amd64:
+    needs: release
+    runs-on: macos-latest
+    steps:
+      - uses: actions/checkout@v1
+      - name: Download npm package
+        uses: actions/download-artifact@v2
+        with:
+          name: npm-package
+          path: ./release-npm-package
+      - run: ./ci/steps/release-packages.sh
+        env:
+          # Otherwise we get rate limited when fetching the ripgrep binary.
+          # For whatever reason only MacOS needs it.
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - name: Upload release artifacts
+        uses: actions/upload-artifact@v2
+        with:
+          name: release-packages
+          path: ./release-packages
+
+  docker-amd64:
+    runs-on: ubuntu-latest
+    needs: linux-amd64
+    steps:
+      - uses: actions/checkout@v1
+      - name: Download release package
+        uses: actions/download-artifact@v2
+        with:
+          name: release-packages
+          path: ./release-packages
+      - name: Run ./ci/steps/build-docker-image.sh
+        uses: ./ci/images/debian10
+        with:
+          args: ./ci/steps/build-docker-image.sh
+      - name: Upload release image
+        uses: actions/upload-artifact@v2
+        with:
+          name: release-images
+          path: ./release-images
+
+  docker-arm64:
+    runs-on: ubuntu-arm64-latest
+    needs: linux-arm64
+    steps:
+      - uses: actions/checkout@v1
+      - name: Download release package
+        uses: actions/download-artifact@v2
+        with:
+          name: release-packages
+          path: ./release-packages
+      - name: Run ./ci/steps/build-docker-image.sh
+        uses: ./ci/images/centos7
+        with:
+          args: ./ci/steps/build-docker-image.sh
+      - name: Upload release image
+        uses: actions/upload-artifact@v2
+        with:
+          name: release-images
+          path: ./release-images

.github/workflows/publish.yaml

@@ -0,0 +1,31 @@
+name: publish
+
+on:
+  release:
+    types: [published]
+
+jobs:
+  npm:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - name: Run ./ci/steps/publish-npm.sh
+        uses: ./ci/images/debian10
+        with:
+          args: ./ci/steps/publish-npm.sh
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+
+  docker:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - name: Run ./ci/steps/push-docker-manifest.sh
+        uses: ./ci/images/debian10
+        with:
+          args: ./ci/steps/push-docker-manifest.sh
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
+          DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}

.gitignore

@@ -1,8 +1,18 @@
-/lib
-node_modules
-dist
-out
-.DS_Store
-release
-.vscode
+.tsbuildinfo
 .cache
+dist*
+out*
+release/
+release-npm-package/
+release-standalone/
+release-packages/
+release-gcp/
+release-images/
+node_modules
+/lib/vscode/node_modules.asar
+node-*
+/plugins
+/lib/coder-cloud-agent
+.home
+coverage
+**/.DS_Store

.ignore

@@ -0,0 +1 @@
+lib

.node-version

@@ -1 +0,0 @@
-10.15.1

.prettierrc.yaml

@@ -0,0 +1,4 @@
+printWidth: 120
+semi: false
+trailingComma: all
+arrowParens: always

.stylelintrc.yaml

@@ -0,0 +1,2 @@
+extends:
+  - stylelint-config-recommended

.tours/contributing.tour

@@ -0,0 +1,151 @@
+{
+  "$schema": "https://aka.ms/codetour-schema",
+  "title": "Contributing",
+  "steps": [
+    {
+      "directory": "src",
+      "line": 1,
+      "description": "Hello world! code-server's source code lives here in `src` (see the explorer). It's broadly arranged into browser code, Node code, and code shared between both."
+    },
+    {
+      "file": "src/node/entry.ts",
+      "line": 157,
+      "description": "code-server begins execution here. CLI arguments are parsed, special flags like --help are handled, then the HTTP server is started."
+    },
+    {
+      "file": "src/node/cli.ts",
+      "line": 28,
+      "description": "This describes all of the code-server CLI options and how they will be parsed."
+    },
+    {
+      "file": "src/node/cli.ts",
+      "line": 233,
+      "description": "Here's the actual CLI parser."
+    },
+    {
+      "file": "src/node/settings.ts",
+      "line": 1,
+      "description": "code-server maintains a settings file that is read and written here."
+    },
+    {
+      "file": "src/node/app.ts",
+      "line": 11,
+      "description": "The core of code-server are HTTP and web socket servers which are created here. They provide authentication, file access, an API, and serve web-based applications like VS Code."
+    },
+    {
+      "file": "src/node/wsRouter.ts",
+      "line": 38,
+      "description": "This is an analog to Express's Router that handles web socket routes."
+    },
+    {
+      "file": "src/node/http.ts",
+      "line": 1,
+      "description": "This file provides various HTTP utility functions."
+    },
+    {
+      "file": "src/node/coder_cloud.ts",
+      "line": 9,
+      "description": "The cloud agent spawned here provides the --link functionality."
+    },
+    {
+      "file": "src/node/heart.ts",
+      "line": 7,
+      "description": "code-server's heart beats to indicate recent activity.\n\nAlso documented here: [https://github.com/cdr/code-server/blob/master/docs/FAQ.md#heartbeat-file](https://github.com/cdr/code-server/blob/master/docs/FAQ.md#heartbeat-file)"
+    },
+    {
+      "file": "src/node/socket.ts",
+      "line": 13,
+      "description": "We pass sockets to child processes, however we can't pass TLS sockets so when code-server is handling TLS (via --cert) we use this to create a proxy that can be passed to the child."
+    },
+    {
+      "directory": "src/node/routes",
+      "line": 1,
+      "description": "code-server's routes live here in `src/node/routes` (see the explorer)."
+    },
+    {
+      "file": "src/node/routes/index.ts",
+      "line": 123,
+      "description": "The architecture of code-server allows it to be extended with applications via plugins. Each application is registered at its own route and handles requests at and below that route. Currently we have only VS Code (although it is not yet actually split out into a plugin)."
+    },
+    {
+      "file": "src/node/plugin.ts",
+      "line": 103,
+      "description": "The previously mentioned plugins are loaded here."
+    },
+    {
+      "file": "src/node/routes/apps.ts",
+      "line": 12,
+      "description": "This provides a list of the applications registered with code-server."
+    },
+    {
+      "file": "src/node/routes/domainProxy.ts",
+      "line": 18,
+      "description": "code-server provides a built-in proxy to help in developing web-based applications. This is the code for the domain-based proxy.\n\nAlso documented here: [https://github.com/cdr/code-server/blob/master/docs/FAQ.md#how-do-i-securely-access-web-services](https://github.com/cdr/code-server/blob/master/docs/FAQ.md#how-do-i-securely-access-web-services)"
+    },
+    {
+      "file": "src/node/routes/pathProxy.ts",
+      "line": 19,
+      "description": "Here is the path-based version of the proxy.\n\nAlso documented here: [https://github.com/cdr/code-server/blob/master/docs/FAQ.md#how-do-i-securely-access-web-services](https://github.com/cdr/code-server/blob/master/docs/FAQ.md#how-do-i-securely-access-web-services)"
+    },
+    {
+      "file": "src/node/proxy.ts",
+      "line": 4,
+      "description": "Both the domain and path proxy use the single proxy instance created here."
+    },
+    {
+      "file": "src/node/routes/health.ts",
+      "line": 5,
+      "description": "A simple endpoint that lets you see if code-server is up.\n\nAlso documented here: [https://github.com/cdr/code-server/blob/master/docs/FAQ.md#healthz-endpoint](https://github.com/cdr/code-server/blob/master/docs/FAQ.md#healthz-endpoint)"
+    },
+    {
+      "file": "src/node/routes/login.ts",
+      "line": 46,
+      "description": "code-server supports a password-based login here."
+    },
+    {
+      "file": "src/node/routes/static.ts",
+      "line": 16,
+      "description": "This serves static assets. Anything under the code-server directory can be fetched. Anything outside requires authentication."
+    },
+    {
+      "file": "src/node/routes/update.ts",
+      "line": 10,
+      "description": "This endpoint lets you query for the latest code-server version. It's used to power the update popup you see in VS Code."
+    },
+    {
+      "file": "src/node/routes/vscode.ts",
+      "line": 15,
+      "description": "This is the endpoint that serves VS Code's HTML, handles VS Code's websockets, and handles a few VS Code-specific endpoints for fetching static files."
+    },
+    {
+      "file": "src/node/vscode.ts",
+      "line": 13,
+      "description": "The actual VS Code spawn and initialization is handled here. VS Code runs in a separate child process. We communicate via IPC and by passing it web sockets."
+    },
+    {
+      "file": "src/browser/serviceWorker.ts",
+      "line": 1,
+      "description": "The service worker only exists to provide PWA functionality."
+    },
+    {
+      "directory": "src/browser/pages",
+      "line": 1,
+      "description": "HTML, CSS, and JavaScript for each page lives in here `src/browser/pages` (see the explorer). Currently our HTML uses a simple search and replace template system with variables that {{LOOK_LIKE_THIS}}."
+    },
+    {
+      "file": "src/browser/pages/vscode.html",
+      "line": 1,
+      "description": "The VS Code HTML is based off VS Code's own `workbench.html`."
+    },
+    {
+      "directory": "src/browser/media",
+      "line": 1,
+      "description": "Static images and the manifest live here in `src/browser/media` (see the explorer)."
+    },
+    {
+      "directory": "lib/vscode",
+      "line": 1,
+      "description": "code-server makes use of VS Code's frontend web/remote support. Most of the modifications implement the remote server since that portion of the code is closed source and not released with VS Code.\n\nWe also have a few bug fixes and have added some features (like client-side extensions). See [https://github.com/cdr/code-server/blob/master/docs/CONTRIBUTING.md#modifications-to-vs-code](https://github.com/cdr/code-server/blob/master/docs/CONTRIBUTING.md#modifications-to-vs-code) for a list.\n\nWe make an effort to keep the modifications as few as possible."
+    }
+  ]
+}

.tours/start-development.tour

@@ -0,0 +1,26 @@
+{
+  "$schema": "https://aka.ms/codetour-schema",
+  "title": "Start Development",
+  "steps": [
+    {
+      "file": "package.json",
+      "line": 31,
+      "description": "## Commands\n\nTo start developing, make sure you have Node 12+ and the [required dependencies](https://github.com/Microsoft/vscode/wiki/How-to-Contribute#prerequisites) installed. Then, run the following commands:\n\n1. Install dependencies:\n>> yarn\n\n3. Start development mode (and watch for changes):\n>> yarn watch"
+    },
+    {
+      "file": "src/node/app.ts",
+      "line": 68,
+      "description": "## Visit the web server\n\nIf all goes well, you should see something like this in your terminal. code-server should be live in development mode.\n\n---\n```bash\n[2020-12-09T21:03:37.156Z] info  code-server 3.7.4 development\n[2020-12-09T21:03:37.157Z] info  Using user-data-dir ~/.local/share/code-server\n[2020-12-09T21:03:37.165Z] info  Using config file ~/.config/code-server/config.yaml\n[2020-12-09T21:03:37.165Z] info  HTTP server listening on http://127.0.0.1:8080 \n[2020-12-09T21:03:37.165Z] info    - Authentication is enabled\n[2020-12-09T21:03:37.165Z] info      - Using password from ~/.config/code-server/config.yaml\n[2020-12-09T21:03:37.165Z] info    - Not serving HTTPS\n```\n\n---\n\nIf you have the default configuration, you can access it at [http://localhost:8080](http://localhost:8080)."
+    },
+    {
+      "file": "src/browser/pages/login.html",
+      "line": 26,
+      "description": "## Make a change\n\nThis is the login page, let's make a change and see it update on our web server! Perhaps change the text :)\n\n```html\n<div class=\"sub\">Modifying the login page 👨🏼‍💻</div>\n```\n\nReminder, you can likely preview at [http://localhost:8080](http://localhost:8080)"
+    },
+    {
+      "file": "src/node/app.ts",
+      "line": 62,
+      "description": "## That's it!\n\n\nThat's all there is to it! When this tour ends, your terminal session may stop, but just use `yarn watch` to start developing from here on out!\n\n\nIf you haven't already, be sure to check out these resources:\n- [Tour: Contributing](command:codetour.startTourByTitle?[\"Contributing\")\n- [Docs: FAQ.md](https://github.com/cdr/code-server/blob/master/docs/FAQ.md)\n- [Docs: CONTRIBUTING.md](https://github.com/cdr/code-server/blob/master/docs/CONTRIBUTING.md)\n- [Community: GitHub Discussions](https://github.com/cdr/code-server/discussions)\n- [Community: Slack](https://community.coder.com)"
+    }
+  ]
+}

.travis.yml

@@ -1,51 +0,0 @@
-language: node_js
-node_js:
-- 10.15.1
-services:
-- docker
-matrix:
-  include:
-  - os: linux
-    dist: trusty
-    env:
-      - VSCODE_VERSION="1.33.1" MAJOR_VERSION="1" VERSION="$MAJOR_VERSION.$TRAVIS_BUILD_NUMBER-vsc$VSCODE_VERSION" TARGET="centos"
-  - os: linux
-    dist: trusty
-    env:
-      - VSCODE_VERSION="1.33.1" MAJOR_VERSION="1" VERSION="$MAJOR_VERSION.$TRAVIS_BUILD_NUMBER-vsc$VSCODE_VERSION" TARGET="alpine"
-  - os: osx
-    env:
-      - VSCODE_VERSION="1.33.1" MAJOR_VERSION="1" VERSION="$MAJOR_VERSION.$TRAVIS_BUILD_NUMBER-vsc$VSCODE_VERSION"
-before_install:
-- if [[ "$TRAVIS_OS_NAME" == "linux" ]]; then sudo apt-get install libxkbfile-dev
-  libsecret-1-dev; fi
-- npm install -g yarn@1.12.3
-script:
-- scripts/build.sh
-before_deploy:
-- echo "$VERSION" "$TRAVIS_COMMIT"
-- git config --local user.name "$USER_NAME"
-- git config --local user.email "$USER_EMAIL"
-- git tag "$VERSION" "$TRAVIS_COMMIT"
-- if [[ “$TRAVIS_OS_NAME” == “osx” ]]; then yarn task package $VERSION; fi
-deploy:
-  provider: releases
-  file_glob: true
-  draft: true
-  tag_name: "$VERSION"
-  target_commitish: "$TRAVIS_COMMIT"
-  name: "$VERSION"
-  skip_cleanup: true
-  api_key:
-    secure: YL/x24KjYjgYXPcJWk3FV7FGxI79Mh6gBECQEcdlf3fkLEoKFVgzHBoUNWrFPzyR4tgLyWNAgcpD9Lkme1TRWTom7UPjXcwMNyLcLa+uec7ciSAnYD9ntLTpiCuPDD1u0LtRGclSi/EHQ+F8YVq+HZJpXTsJeAmOmihma3GVbGKSZr+BRum+0YZSG4w+o4TOlYzw/4bLWS52MogZcwpjd+hemBbgXLuGU2ziKv2vEKCZFbEeA16II4x1WLI4mutDdCeh7+3aLzGLwDa49NxtsVYNjyNFF75JhCTCNA55e2YMiLz9Uq69IXe/mi5F7xUaFfhIqqLNyKBnKeEOzu3dYnc+8n3LjnQ+00PmkF05nx9kBn3UfV1kwQGh6QbyDmTtBP07rtUMyI14aeQqHjxsaVRdMnwj9Q2DjXRr8UDqESZF0rmK3pHCXS2fBhIzLE8tLVW5Heiba2pQRFMHMZW+KBE97FzcFh7is90Ait3T8enfcd/PWFPYoBejDAdjwxwOkezh5N5ZkYquEfDYuWrFi6zRFCktsruaAcA+xGtTf9oilBBzUqu8Ie+YFWH5me83xakcblJWdaW/D2rLJAJH3m6LFm8lBqyUgDX5t/etob6CpDuYHu5D1J3XINOj/+aLAcadq6qlh70PMZS3zYffUu3JlzaD2amlSHIT8b5YXFc=
-  file:
-    - release/*.tar.gz
-    - release/*.zip
-  on:
-    repo: cdr/code-server
-    branch: master
-cache:
-  yarn: true
-  timeout: 1000
-  directories:
-  - .cache

Dockerfile

@@ -1,53 +0,0 @@
-FROM node:10.15.1
-
-# Install VS Code's deps. These are the only two it seems we need.
-RUN apt-get update && apt-get install -y \
-	libxkbfile-dev \
-	libsecret-1-dev
-
-# Ensure latest yarn.
-RUN npm install -g yarn@1.13
-
-WORKDIR /src
-COPY . .
-
-# In the future, we can use https://github.com/yarnpkg/rfcs/pull/53 to make yarn use the node_modules
-# directly which should be fast as it is slow because it populates its own cache every time.
-RUN yarn && NODE_ENV=production yarn task build:server:binary
-
-# We deploy with ubuntu so that devs have a familiar environment.
-FROM ubuntu:18.04
-
-RUN apt-get update && apt-get install -y \
-	openssl \
-	net-tools \
-	git \
-	locales \
-	sudo \
-	dumb-init \
-	vim \
-	curl \
-	wget
-
-RUN locale-gen en_US.UTF-8
-# We unfortunately cannot use update-locale because docker will not use the env variables
-# configured in /etc/default/locale so we need to set it manually.
-ENV LC_ALL=en_US.UTF-8
-
-RUN adduser --gecos '' --disabled-password coder && \
-	echo "coder ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers.d/nopasswd
-
-USER coder
-# We create first instead of just using WORKDIR as when WORKDIR creates, the user is root.
-RUN mkdir -p /home/coder/project
-
-WORKDIR /home/coder/project
-
-# This assures we have a volume mounted even if the user forgot to do bind mount.
-# So that they do not lose their data if they delete the container.
-VOLUME [ "/home/coder/project" ]
-
-COPY --from=0 /src/packages/server/cli-linux-x64 /usr/local/bin/code-server
-EXPOSE 8443
-
-ENTRYPOINT ["dumb-init", "code-server"]

README.md

@@ -1,90 +1,72 @@
-# code-server
+# code-server · [!["GitHub Discussions"](https://img.shields.io/badge/%20GitHub-%20Discussions-gray.svg?longCache=true&logo=github&colorB=purple)](https://github.com/cdr/code-server/discussions) [!["Join us on Slack"](https://img.shields.io/badge/join-us%20on%20slack-gray.svg?longCache=true&logo=slack&colorB=brightgreen)](https://cdr.co/join-community) [![Twitter Follow](https://img.shields.io/twitter/follow/CoderHQ?label=%40CoderHQ&style=social)](https://twitter.com/coderhq)
 
-[!["Open Issues"](https://img.shields.io/github/issues-raw/cdr/code-server.svg)](https://github.com/cdr/code-server/issues)
-[!["Latest Release"](https://img.shields.io/github/release/cdr/code-server.svg)](https://github.com/cdr/code-server/releases/latest)
-[![MIT license](https://img.shields.io/badge/license-MIT-green.svg)](https://github.com/cdr/code-server/blob/master/LICENSE)
-[![Discord](https://img.shields.io/discord/463752820026376202.svg?label=&logo=discord&logoColor=ffffff&color=7389D8&labelColor=6A7EC2)](https://discord.gg/zxSwN8Z)
+![Lines](https://img.shields.io/badge/Coverage-40.7%25-green.svg)
 
-`code-server` is [VS Code](https://github.com/Microsoft/vscode) running on a remote server, accessible through the browser.
+Run [VS Code](https://github.com/Microsoft/vscode) on any machine anywhere and access it in the browser.
 
-Try it out:
-```bash
-docker run -it -p 127.0.0.1:8443:8443 -v "${PWD}:/home/coder/project" codercom/code-server --allow-http --no-auth
-```
+![Screenshot](./docs/assets/screenshot.png)
 
-- Code on your Chromebook, tablet, and laptop with a consistent dev environment.
-	- If you have a Windows or Mac workstation, more easily develop for Linux.
-- Take advantage of large cloud servers to speed up tests, compilations, downloads, and more.
-- Preserve battery life when you're on the go.
-	- All intensive computation runs on your server.
-	- You're no longer running excess instances of Chrome.
+## Highlights
 
-![Screenshot](/doc/assets/ide.png)
+- Code on any device with a consistent development environment
+- Use cloud servers to speed up tests, compilations, downloads, and more
+- Preserve battery life when you're on the go; all intensive tasks run on your server
 
 ## Getting Started
 
-### Run over SSH
+There are two ways to get started:
 
-Use [sshcode](https://github.com/codercom/sshcode) for a simple setup.
+1. Using the [install script](./install.sh), which automates most of the process. The script uses the system package manager (if possible)
+2. Manually installing code-server; see [Installation](./docs/install.md) for instructions applicable to most use cases
 
-### Docker
+If you choose to use the install script, you can preview what occurs during the install process:
 
-See docker oneliner mentioned above. Dockerfile is at [/Dockerfile](/Dockerfile).
+```bash
+curl -fsSL https://code-server.dev/install.sh | sh -s -- --dry-run
+```
 
-### Binaries
+To install, run:
 
-1.  [Download a binary](https://github.com/cdr/code-server/releases) (Linux and OS X supported. Windows coming soon)
-2.  Start the binary with the project directory as the first argument
+```bash
+curl -fsSL https://code-server.dev/install.sh | sh
+```
 
-    ```
-    code-server <initial directory to open>
-    ```
-	> You will be prompted to enter the password shown in the CLI
-	`code-server` should now be running at https://localhost:8443.
+When done, the install script prints out instructions for running and starting code-server.
 
-	> code-server uses a self-signed SSL certificate that may prompt your browser to ask you some additional questions before you proceed. Please [read here](doc/self-hosted/index.md) for more information.
+We also have an in-depth [setup and configuration](./docs/guide.md) guide.
 
-For detailed instructions and troubleshooting, see the [self-hosted quick start guide](doc/self-hosted/index.md).
+### Cloud Program ☁️
 
-Quickstart guides for [Google Cloud](doc/admin/install/google_cloud.md), [AWS](doc/admin/install/aws.md), and [DigitalOcean](doc/admin/install/digitalocean.md).
+We're working on a cloud platform that makes deploying and managing code-server easier.
+Consider running code-server with the beta flag `--link` if you don't want to worry about
 
-How to [secure your setup](/doc/security/ssl.md).
+- TLS
+- Authentication
+- Port Forwarding
 
-## Development
+```bash
+$ code-server --link
+Proxying code-server to Coder Cloud, you can access your IDE at https://valmar-jon.cdr.co
+```
 
-### Known Issues
+## FAQ
 
-- Creating custom VS Code extensions and debugging them doesn't work.
+See [./docs/FAQ.md](./docs/FAQ.md).
 
-### Future
-- **Stay up to date!** Get notified about new releases of code-server.
-  ![Screenshot](/doc/assets/release.gif)
-- Windows support.
-- Electron and Chrome OS applications to bridge the gap between local<->remote.
-- Run VS Code unit tests against our builds to ensure features work as expected.
+## Want to help?
 
-### Extensions
+See [CONTRIBUTING](./docs/CONTRIBUTING.md) for details.
 
-At the moment we can't use the official VSCode Marketplace. We've created a custom extension marketplace focused around open-sourced extensions. However, if you have access to the `.vsix` file, you can manually install the extension.
+## Hiring
 
-## Telemetry
+We ([@cdr](https://github.com/cdr)) are looking for engineers to help [maintain
+code-server](https://jobs.lever.co/coder/e40becde-2cbd-4885-9029-e5c7b0a734b8), innovate on open source, and streamline dev workflows.
 
-Use the `--disable-telemetry` flag or set `DISABLE_TELEMETRY=true` to disable tracking ENTIRELY.
+Our main office is in Austin, Texas. Remote is ok as long as
+you're in North America or Europe.
 
-We use data collected to improve code-server.
+Please get in [touch](mailto:jobs@coder.com) with your resume/GitHub if interested.
 
-## Contributing
+## For Organizations
 
-Development guides are coming soon.
-
-## License
-
-[MIT](LICENSE)
-
-## Enterprise
-
-Visit [our enterprise page](https://coder.com/enterprise) for more information about our enterprise offering.
-
-## Commercialization
-
-If you would like to commercialize code-server, please contact contact@coder.com.
+Visit [our website](https://coder.com) for more information about remote development for your organization or enterprise.

ThirdPartyNotices.txt

@@ -0,0 +1,22 @@
+code-server
+
+THIRD-PARTY SOFTWARE NOTICES AND INFORMATION
+Do Not Translate or Localize
+
+1.	Microsoft/vscode version 1.47.0 (https://github.com/Microsoft/vscode)
+
+%% Microsoft/vscode NOTICES AND INFORMATION BEGIN HERE
+=========================================
+MIT License 
+
+
+Copyright (c) 2015 - present Microsoft Corporation 
+
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: 
+
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. 
+
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.  

build/platform.ts

@@ -1,42 +0,0 @@
-/**
- * Script that detects platform name and arch.
- * Cannot use os.platform() as that won't detect libc version
- */
-import * as cp from "child_process";
-import * as fs from "fs";
-import * as os from "os";
-
-enum Lib {
-	GLIBC,
-	MUSL,
-}
-
-const CLIB: Lib | undefined = ((): Lib | undefined => {
-	if (os.platform() !== "linux") {
-		return;
-	}
-	const glibc = cp.spawnSync("getconf", ["GNU_LIBC_VERSION"]);
-	if (glibc.status === 0) {
-		return Lib.GLIBC;
-	}
-
-	const ldd = cp.spawnSync("ldd", ["--version"]);
-	if (ldd.stdout && ldd.stdout.indexOf("musl") !== -1) {
-		return Lib.MUSL;
-	}
-
-	const muslFile = fs.readdirSync("/lib").find((value) => value.startsWith("libc.musl"));
-	if (muslFile) {
-		return Lib.MUSL;
-	}
-
-	return Lib.GLIBC;
-})();
-
-export const platform = (): NodeJS.Platform | "musl" => {
-	if (CLIB === Lib.MUSL) {
-		return "musl";
-	}
-
-	return os.platform();
-};

build/tasks.ts

@@ -1,209 +0,0 @@
-import { register, run } from "@coder/runner";
-import { logger, field } from "@coder/logger";
-import * as fs from "fs";
-import * as fse from "fs-extra";
-import * as os from "os";
-import { platform } from "./platform";
-import * as path from "path";
-import * as zlib from "zlib";
-import * as https from "https";
-import * as tar from "tar";
-
-const isWin = os.platform() === "win32";
-const libPath = path.join(__dirname, "../lib");
-const vscodePath = path.join(libPath, "vscode");
-const defaultExtensionsPath = path.join(libPath, "extensions");
-const pkgsPath = path.join(__dirname, "../packages");
-const vscodeVersion = process.env.VSCODE_VERSION || "1.33.1";
-const vsSourceUrl = `https://codesrv-ci.cdr.sh/vstar-${vscodeVersion}.tar.gz`;
-
-const buildServerBinary = register("build:server:binary", async (runner) => {
-	logger.info("Building with environment", field("env", {
-		NODE_ENV: process.env.NODE_ENV,
-		VERSION: process.env.VERSION,
-	}));
-
-	await ensureInstalled();
-	await Promise.all([
-		buildBootstrapFork(),
-		buildWeb(),
-		buildServerBundle(),
-		buildAppBrowser(),
-	]);
-
-	await buildServerBinaryPackage();
-});
-
-const buildServerBinaryPackage = register("build:server:binary:package", async (runner) => {
-	const cliPath = path.join(pkgsPath, "server");
-	runner.cwd = cliPath;
-	if (!fs.existsSync(path.join(cliPath, "out"))) {
-		throw new Error("Cannot build binary without server bundle built");
-	}
-	await buildServerBinaryCopy();
-	const resp = await runner.execute(isWin ? "npm.cmd" : "npm", ["run", "build:binary"]);
-	if (resp.exitCode !== 0) {
-		throw new Error(`Failed to package binary: ${resp.stderr}`);
-	}
-});
-
-const buildServerBinaryCopy = register("build:server:binary:copy", async (runner) => {
-	const cliPath = path.join(pkgsPath, "server");
-	const cliBuildPath = path.join(cliPath, "build");
-	fse.removeSync(cliBuildPath);
-	fse.mkdirpSync(path.join(cliBuildPath, "extensions"));
-	const bootstrapForkPath = path.join(pkgsPath, "vscode", "out", "bootstrap-fork.js");
-	const webOutputPath = path.join(pkgsPath, "web", "out");
-	const browserAppOutputPath = path.join(pkgsPath, "app", "browser", "out");
-	let ripgrepPath = path.join(pkgsPath, "..", "lib", "vscode", "node_modules", "vscode-ripgrep", "bin", "rg");
-	if (isWin) {
-		ripgrepPath += ".exe";
-	}
-
-	if (!fs.existsSync(webOutputPath)) {
-		throw new Error("Web bundle must be built");
-	}
-	if (!fs.existsSync(defaultExtensionsPath)) {
-		throw new Error("Default extensions must be built");
-	}
-	if (!fs.existsSync(bootstrapForkPath)) {
-		throw new Error("Bootstrap fork must exist");
-	}
-	if (!fs.existsSync(ripgrepPath)) {
-		throw new Error("Ripgrep must exist");
-	}
-	fse.copySync(defaultExtensionsPath, path.join(cliBuildPath, "extensions"));
-	fs.writeFileSync(path.join(cliBuildPath, "bootstrap-fork.js.gz"), zlib.gzipSync(fs.readFileSync(bootstrapForkPath)));
-	const cpDir = (dir: string, rootPath: string, subdir?: "login"): void => {
-		const stat = fs.statSync(dir);
-		if (stat.isDirectory()) {
-			const paths = fs.readdirSync(dir);
-			paths.forEach((p) => cpDir(path.join(dir, p), rootPath, subdir));
-		} else if (stat.isFile()) {
-			const newPath = path.join(cliBuildPath, "web", subdir || "", path.relative(rootPath, dir));
-			fse.mkdirpSync(path.dirname(newPath));
-			fs.writeFileSync(newPath + ".gz", zlib.gzipSync(fs.readFileSync(dir)));
-		} else {
-			// Nothing
-		}
-	};
-	cpDir(webOutputPath, webOutputPath);
-	cpDir(browserAppOutputPath, browserAppOutputPath, "login");
-	fse.mkdirpSync(path.join(cliBuildPath, "dependencies"));
-	fse.copySync(ripgrepPath, path.join(cliBuildPath, "dependencies", "rg"));
-});
-
-const buildServerBundle = register("build:server:bundle", async (runner) => {
-	const cliPath = path.join(pkgsPath, "server");
-	runner.cwd = cliPath;
-	await runner.execute(isWin ? "npm.cmd" : "npm", ["run", "build"]);
-});
-
-const buildBootstrapFork = register("build:bootstrap-fork", async (runner) => {
-	await ensureInstalled();
-	await ensurePatched();
-
-	const vscodePkgPath = path.join(pkgsPath, "vscode");
-	runner.cwd = vscodePkgPath;
-	await runner.execute(isWin ? "npm.cmd" : "npm", ["run", "build:bootstrap-fork"]);
-});
-
-const buildAppBrowser = register("build:app:browser", async (runner) => {
-	await ensureInstalled();
-
-	const appPath = path.join(pkgsPath, "app/browser");
-	runner.cwd = appPath;
-	fse.removeSync(path.join(appPath, "out"));
-	await runner.execute(isWin ? "npm.cmd" : "npm", ["run", "build"]);
-});
-
-const buildWeb = register("build:web", async (runner) => {
-	await ensureInstalled();
-	await ensurePatched();
-
-	const webPath = path.join(pkgsPath, "web");
-	runner.cwd = webPath;
-	fse.removeSync(path.join(webPath, "out"));
-	await runner.execute(isWin ? "npm.cmd" : "npm", ["run", "build"]);
-});
-
-const ensureInstalled = register("vscode:install", async (runner) => {
-	runner.cwd = libPath;
-
-	if (fs.existsSync(vscodePath) && fs.existsSync(defaultExtensionsPath)) {
-		const pkgVersion = JSON.parse(fs.readFileSync(path.join(vscodePath, "package.json")).toString("utf8")).version;
-		if (pkgVersion === vscodeVersion) {
-			runner.cwd = vscodePath;
-
-			const reset = await runner.execute("git", ["reset", "--hard"]);
-			if (reset.exitCode !== 0) {
-				throw new Error(`Failed to clean git repository: ${reset.stderr}`);
-			}
-
-			return;
-		}
-	}
-
-	fse.removeSync(libPath);
-	fse.mkdirpSync(libPath);
-
-	await new Promise<void>((resolve, reject): void => {
-		https.get(vsSourceUrl, (res) => {
-			if (res.statusCode !== 200) {
-				return reject(res.statusMessage);
-			}
-
-			res.pipe(tar.x({
-				C: libPath,
-			}).on("finish", () => {
-				resolve();
-			}).on("error", (err: Error) => {
-				reject(err);
-			}));
-		}).on("error", (err) => {
-			reject(err);
-		});
-	});
-});
-
-const ensurePatched = register("vscode:patch", async (runner) => {
-	if (!fs.existsSync(vscodePath)) {
-		throw new Error("vscode must be cloned to patch");
-	}
-	await ensureInstalled();
-
-	runner.cwd = vscodePath;
-	const patchPath = path.join(__dirname, "../scripts/vscode.patch");
-	const apply = await runner.execute("git", ["apply", "--unidiff-zero", patchPath]);
-	if (apply.exitCode !== 0) {
-		throw new Error(`Failed to apply patches: ${apply.stderr}`);
-	}
-});
-
-register("package", async (runner, releaseTag) => {
-	if (!releaseTag) {
-		throw new Error("Please specify the release tag.");
-	}
-
-	const releasePath = path.resolve(__dirname, "../release");
-
-	const archiveName = `code-server${releaseTag}-${platform()}-${os.arch()}`;
-	const archiveDir = path.join(releasePath, archiveName);
-	fse.removeSync(archiveDir);
-	fse.mkdirpSync(archiveDir);
-
-	const binaryPath = path.join(__dirname, `../packages/server/cli-${platform()}-${os.arch()}`);
-	const binaryDestination = path.join(archiveDir, "code-server");
-	fse.copySync(binaryPath, binaryDestination);
-	fs.chmodSync(binaryDestination, "755");
-	["README.md", "LICENSE"].forEach((fileName) => {
-		fse.copySync(path.resolve(__dirname, `../${fileName}`), path.join(archiveDir, fileName));
-	});
-
-	runner.cwd = releasePath;
-	await (os.platform() === "linux"
-		? runner.execute("tar", ["-cvzf", `${archiveName}.tar.gz`, `${archiveName}`])
-		: runner.execute("zip", ["-r", `${archiveName}.zip`, `${archiveName}`]));
-});
-
-run();

ci/README.md

@@ -0,0 +1,159 @@
+# ci
+
+This directory contains scripts used for code-server's continuous integration infrastructure.
+
+Some of these scripts contain more detailed documentation and options
+in header comments.
+
+Any file or directory in this subdirectory should be documented here.
+
+- [./ci/lib.sh](./lib.sh)
+  - Contains code duplicated across these scripts.
+
+## Publishing a release
+
+Make sure you have `$GITHUB_TOKEN` set and [hub](https://github.com/github/hub) installed.
+
+1. Update the version of code-server and make a PR.
+   1. Update in `package.json`
+   2. Update in [./docs/install.md](../docs/install.md)
+   3. Update in [./ci/helm-chart/README.md](../ci/helm-chart/README.md)
+      - Remember to update the chart version as well on top of appVersion in `Chart.yaml`.
+      - Run `rg -g '!yarn.lock' -g '!*.svg' '3\.7\.5'` to ensure all values have been
+        changed. Replace the numbers as needed.
+        - You can install `rg` or `ripgrep` on macOS [here](https://formulae.brew.sh/formula/ripgrep).
+   4. Update the code coverage badge (see [here](#updating-code-coverage-in-readme) for instructions)
+2. GitHub actions will generate the `npm-package`, `release-packages` and `release-images` artifacts.
+   1. You do not have to wait for these.
+3. Run `yarn release:github-draft` to create a GitHub draft release from the template with
+   the updated version.
+   1. Summarize the major changes in the release notes and link to the relevant issues.
+4. Wait for the artifacts in step 2 to build.
+5. Run `yarn release:github-assets` to download the `release-packages` artifact.
+   - It will upload them to the draft release.
+6. Run some basic sanity tests on one of the released packages.
+   - Especially make sure the terminal works fine.
+7. Make sure the github release tag is the commit with the artifacts. This is a bug in
+   `hub` where uploading assets in step 5 will break the tag.
+8. Publish the release and merge the PR.
+   1. CI will automatically grab the artifacts and then:
+      1. Publish the NPM package from `npm-package`.
+      2. Publish the Docker Hub image from `release-images`.
+9. Update the AUR package.
+   - Instructions on updating the AUR package are at [cdr/code-server-aur](https://github.com/cdr/code-server-aur).
+10. Wait for the npm package to be published.
+11. Update the homebrew package.
+    - Send a pull request to [homebrew-core](https://github.com/Homebrew/homebrew-core) with the URL in the [formula](https://github.com/Homebrew/homebrew-core/blob/master/Formula/code-server.rb) updated.
+
+## Updating Code Coverage in README
+
+Currently, we run a command to manually generate the code coverage shield. Follow these steps:
+
+1. Run `yarn badges`
+2. Go into the README and change the color from `red` to `green` in this line:
+
+```
+![Lines](https://img.shields.io/badge/Coverage-46.71%25-red.svg)
+```
+
+NOTE: we have to manually change the color because the default is red if coverage is less than 80. See code [here](https://github.com/olavoparno/istanbul-badges-readme/blob/develop/src/editor.ts#L24-L33).
+
+## dev
+
+This directory contains scripts used for the development of code-server.
+
+- [./ci/dev/image](./dev/image)
+  - See [./docs/CONTRIBUTING.md](../docs/CONTRIBUTING.md) for docs on the development container.
+- [./ci/dev/fmt.sh](./dev/fmt.sh) (`yarn fmt`)
+  - Runs formatters.
+- [./ci/dev/lint.sh](./dev/lint.sh) (`yarn lint`)
+  - Runs linters.
+- [./ci/dev/test.sh](./dev/test.sh) (`yarn test`)
+  - Runs tests.
+- [./ci/dev/ci.sh](./dev/ci.sh) (`yarn ci`)
+  - Runs `yarn fmt`, `yarn lint` and `yarn test`.
+- [./ci/dev/watch.ts](./dev/watch.ts) (`yarn watch`)
+  - Starts a process to build and launch code-server and restart on any code changes.
+  - Example usage in [./docs/CONTRIBUTING.md](../docs/CONTRIBUTING.md).
+- [./ci/dev/gen_icons.sh](./ci/dev/gen_icons.sh) (`yarn icons`)
+  - Generates the various icons from a single `.svg` favicon in
+    `src/browser/media/favicon.svg`.
+  - Requires [imagemagick](https://imagemagick.org/index.php)
+
+## build
+
+This directory contains the scripts used to build and release code-server.
+You can disable minification by setting `MINIFY=`.
+
+- [./ci/build/build-code-server.sh](./build/build-code-server.sh) (`yarn build`)
+  - Builds code-server into `./out` and bundles the frontend into `./dist`.
+- [./ci/build/build-vscode.sh](./build/build-vscode.sh) (`yarn build:vscode`)
+  - Builds vscode into `./lib/vscode/out-vscode`.
+- [./ci/build/build-release.sh](./build/build-release.sh) (`yarn release`)
+  - Bundles the output of the above two scripts into a single node module at `./release`.
+- [./ci/build/build-standalone-release.sh](./build/build-standalone-release.sh) (`yarn release:standalone`)
+  - Requires a node module already built into `./release` with the above script.
+  - Will build a standalone release with node and node_modules bundled into `./release-standalone`.
+- [./ci/build/clean.sh](./build/clean.sh) (`yarn clean`)
+  - Removes all build artifacts.
+  - Useful to do a clean build.
+- [./ci/build/code-server.sh](./build/code-server.sh)
+  - Copied into standalone releases to run code-server with the bundled node binary.
+- [./ci/build/test-standalone-release.sh](./build/test-standalone-release.sh) (`yarn test:standalone-release`)
+  - Ensures code-server in the `./release-standalone` directory works by installing an extension.
+- [./ci/build/build-packages.sh](./build/build-packages.sh) (`yarn package`)
+  - Packages `./release-standalone` into a `.tar.gz` archive in `./release-packages`.
+  - If on linux, [nfpm](https://github.com/goreleaser/nfpm) is used to generate `.deb` and `.rpm`.
+- [./ci/build/nfpm.yaml](./build/nfpm.yaml)
+  - Used to configure [nfpm](https://github.com/goreleaser/nfpm) to generate `.deb` and `.rpm`.
+- [./ci/build/code-server-nfpm.sh](./build/code-server-nfpm.sh)
+  - Entrypoint script for code-server for `.deb` and `.rpm`.
+- [./ci/build/code-server.service](./build/code-server.service)
+  - systemd user service packaged into the `.deb` and `.rpm`.
+- [./ci/build/release-github-draft.sh](./build/release-github-draft.sh) (`yarn release:github-draft`)
+  - Uses [hub](https://github.com/github/hub) to create a draft release with a template description.
+- [./ci/build/release-github-assets.sh](./build/release-github-assets.sh) (`yarn release:github-assets`)
+  - Downloads the release-package artifacts for the current commit from CI.
+  - Uses [hub](https://github.com/github/hub) to upload the artifacts to the release
+    specified in `package.json`.
+- [./ci/build/npm-postinstall.sh](./build/npm-postinstall.sh)
+  - Post install script for the npm package.
+  - Bundled by`yarn release`.
+
+## release-image
+
+This directory contains the release docker container image.
+
+- [./release-image/build.sh](./release-image/build.sh)
+  - Builds the release container with the tag `codercom/code-server-$ARCH:$VERSION`.
+  - Assumes debian releases are ready in `./release-packages`.
+
+## images
+
+This directory contains the images for CI.
+
+## steps
+
+This directory contains the scripts used in CI.
+Helps avoid clobbering the CI configuration.
+
+- [./steps/fmt.sh](./steps/fmt.sh)
+  - Runs `yarn fmt` after ensuring VS Code is patched.
+- [./steps/lint.sh](./steps/lint.sh)
+  - Runs `yarn lint` after ensuring VS Code is patched.
+- [./steps/test.sh](./steps/test.sh)
+  - Runs `yarn test` after ensuring VS Code is patched.
+- [./steps/release.sh](./steps/release.sh)
+  - Runs the release process.
+  - Generates the npm package at `./release`.
+- [./steps/release-packages.sh](./steps/release-packages.sh)
+  - Takes the output of the previous script and generates a standalone release and
+    release packages into `./release-packages`.
+- [./steps/publish-npm.sh](./steps/publish-npm.sh)
+  - Grabs the `npm-package` release artifact for the current commit and publishes it on npm.
+- [./steps/build-docker-image.sh](./steps/build-docker-image.sh)
+  - Builds the docker image and then saves it into `./release-images/code-server-$ARCH-$VERSION.tar`.
+- [./steps/push-docker-manifest.sh](./steps/push-docker-manifest.sh)
+  - Loads all images in `./release-images` and then builds and pushes a multi architecture
+    docker manifest for the amd64 and arm64 images to `codercom/code-server:$VERSION` and
+    `codercom/code-server:latest`.

ci/build/build-code-server.sh

@@ -0,0 +1,39 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# Builds code-server into out and the frontend into dist.
+
+# MINIFY controls whether parcel minifies dist.
+MINIFY=${MINIFY-true}
+
+main() {
+  cd "$(dirname "${0}")/../.."
+
+  tsc
+
+  # If out/node/entry.js does not already have the shebang,
+  # we make sure to add it and make it executable.
+  if ! grep -q -m1 "^#!/usr/bin/env node" out/node/entry.js; then
+    sed -i.bak "1s;^;#!/usr/bin/env node\n;" out/node/entry.js && rm out/node/entry.js.bak
+    chmod +x out/node/entry.js
+  fi
+
+  if ! [ -f ./lib/coder-cloud-agent ]; then
+    OS="$(uname | tr '[:upper:]' '[:lower:]')"
+    set +e
+    curl -fsSL "https://storage.googleapis.com/coder-cloud-releases/agent/latest/$OS/cloud-agent" -o ./lib/coder-cloud-agent
+    chmod +x ./lib/coder-cloud-agent
+    set -e
+  fi
+
+  parcel build \
+    --public-url "." \
+    --out-dir dist \
+    $([[ $MINIFY ]] || echo --no-minify) \
+    src/browser/register.ts \
+    src/browser/serviceWorker.ts \
+    src/browser/pages/login.ts \
+    src/browser/pages/vscode.ts
+}
+
+main "$@"

ci/build/build-packages.sh

@@ -0,0 +1,50 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# Packages code-server for the current OS and architecture into ./release-packages.
+# This script assumes that a standalone release is built already into ./release-standalone
+
+main() {
+  cd "$(dirname "${0}")/../.."
+  source ./ci/lib.sh
+
+  mkdir -p release-packages
+
+  release_archive
+
+  if [[ $OS == "linux" ]]; then
+    release_nfpm
+  fi
+}
+
+release_archive() {
+  local release_name="code-server-$VERSION-$OS-$ARCH"
+  if [[ $OS == "linux" ]]; then
+    tar -czf "release-packages/$release_name.tar.gz" --transform "s/^\.\/release-standalone/$release_name/" ./release-standalone
+  else
+    tar -czf "release-packages/$release_name.tar.gz" -s "/^release-standalone/$release_name/" release-standalone
+  fi
+
+  echo "done (release-packages/$release_name)"
+
+  release_gcp
+}
+
+release_gcp() {
+  mkdir -p "release-gcp/$VERSION"
+  cp "release-packages/$release_name.tar.gz" "./release-gcp/$VERSION/$OS-$ARCH.tar.gz"
+  mkdir -p "release-gcp/latest"
+  cp "./release-packages/$release_name.tar.gz" "./release-gcp/latest/$OS-$ARCH.tar.gz"
+}
+
+# Generates deb and rpm packages.
+release_nfpm() {
+  local nfpm_config
+  nfpm_config="$(envsubst < ./ci/build/nfpm.yaml)"
+
+  # The underscores are convention for .deb.
+  nfpm pkg -f <(echo "$nfpm_config") --target "release-packages/code-server_${VERSION}_$ARCH.deb"
+  nfpm pkg -f <(echo "$nfpm_config") --target "release-packages/code-server-$VERSION-$ARCH.rpm"
+}
+
+main "$@"

ci/build/build-release.sh

@@ -0,0 +1,110 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# This script requires vscode to be built with matching MINIFY.
+
+# MINIFY controls whether minified vscode is bundled.
+MINIFY="${MINIFY-true}"
+
+# KEEP_MODULES controls whether the script cleans all node_modules requiring a yarn install
+# to run first.
+KEEP_MODULES="${KEEP_MODULES-0}"
+
+main() {
+  cd "$(dirname "${0}")/../.."
+  source ./ci/lib.sh
+
+  VSCODE_SRC_PATH="lib/vscode"
+  VSCODE_OUT_PATH="$RELEASE_PATH/lib/vscode"
+
+  mkdir -p "$RELEASE_PATH"
+
+  bundle_code_server
+  bundle_vscode
+
+  rsync README.md "$RELEASE_PATH"
+  rsync LICENSE.txt "$RELEASE_PATH"
+  rsync ./lib/vscode/ThirdPartyNotices.txt "$RELEASE_PATH"
+
+  # code-server exports types which can be imported and used by plugins. Those
+  # types import ipc.d.ts but it isn't included in the final vscode build so
+  # we'll copy it ourselves here.
+  mkdir -p "$RELEASE_PATH/lib/vscode/src/vs/server"
+  rsync ./lib/vscode/src/vs/server/ipc.d.ts "$RELEASE_PATH/lib/vscode/src/vs/server"
+}
+
+bundle_code_server() {
+  rsync out dist "$RELEASE_PATH"
+
+  # For source maps and images.
+  mkdir -p "$RELEASE_PATH/src/browser"
+  rsync src/browser/media/ "$RELEASE_PATH/src/browser/media"
+  mkdir -p "$RELEASE_PATH/src/browser/pages"
+  rsync src/browser/pages/*.html "$RELEASE_PATH/src/browser/pages"
+  rsync src/browser/robots.txt "$RELEASE_PATH/src/browser"
+
+  # Add typings for plugins
+  mkdir -p "$RELEASE_PATH/typings"
+  rsync typings/pluginapi.d.ts "$RELEASE_PATH/typings"
+
+  # Adds the commit to package.json
+  jq --slurp '.[0] * .[1]' package.json <(
+    cat << EOF
+  {
+    "commit": "$(git rev-parse HEAD)",
+    "scripts": {
+      "postinstall": "./postinstall.sh"
+    }
+  }
+EOF
+  ) > "$RELEASE_PATH/package.json"
+  rsync yarn.lock "$RELEASE_PATH"
+  rsync ci/build/npm-postinstall.sh "$RELEASE_PATH/postinstall.sh"
+
+  if [ "$KEEP_MODULES" = 1 ]; then
+    rsync node_modules/ "$RELEASE_PATH/node_modules"
+    mkdir -p "$RELEASE_PATH/lib"
+    rsync ./lib/coder-cloud-agent "$RELEASE_PATH/lib"
+  fi
+}
+
+bundle_vscode() {
+  mkdir -p "$VSCODE_OUT_PATH"
+  rsync "$VSCODE_SRC_PATH/yarn.lock" "$VSCODE_OUT_PATH"
+  rsync "$VSCODE_SRC_PATH/out-vscode${MINIFY:+-min}/" "$VSCODE_OUT_PATH/out"
+
+  rsync "$VSCODE_SRC_PATH/.build/extensions/" "$VSCODE_OUT_PATH/extensions"
+  if [ "$KEEP_MODULES" = 0 ]; then
+    rm -Rf "$VSCODE_OUT_PATH/extensions/node_modules"
+  else
+    rsync "$VSCODE_SRC_PATH/node_modules/" "$VSCODE_OUT_PATH/node_modules"
+  fi
+  rsync "$VSCODE_SRC_PATH/extensions/package.json" "$VSCODE_OUT_PATH/extensions"
+  rsync "$VSCODE_SRC_PATH/extensions/yarn.lock" "$VSCODE_OUT_PATH/extensions"
+  rsync "$VSCODE_SRC_PATH/extensions/postinstall.js" "$VSCODE_OUT_PATH/extensions"
+
+  mkdir -p "$VSCODE_OUT_PATH/resources/"{linux,web}
+  rsync "$VSCODE_SRC_PATH/resources/linux/code.png" "$VSCODE_OUT_PATH/resources/linux/code.png"
+  rsync "$VSCODE_SRC_PATH/resources/web/callback.html" "$VSCODE_OUT_PATH/resources/web/callback.html"
+
+  # Adds the commit and date to product.json
+  jq --slurp '.[0] * .[1]' "$VSCODE_SRC_PATH/product.json" <(
+    cat << EOF
+  {
+    "commit": "$(git rev-parse HEAD)",
+    "date": $(jq -n 'now | todate')
+  }
+EOF
+  ) > "$VSCODE_OUT_PATH/product.json"
+
+  # We remove the scripts field so that later on we can run
+  # yarn to fetch node_modules if necessary without build scripts running.
+  # We cannot use --no-scripts because we still want dependent package scripts to run.
+  jq 'del(.scripts)' < "$VSCODE_SRC_PATH/package.json" > "$VSCODE_OUT_PATH/package.json"
+
+  pushd "$VSCODE_OUT_PATH"
+  symlink_asar
+  popd
+}
+
+main "$@"

ci/build/build-standalone-release.sh

@@ -0,0 +1,28 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+main() {
+  cd "$(dirname "${0}")/../.."
+  source ./ci/lib.sh
+
+  rsync "$RELEASE_PATH/" "$RELEASE_PATH-standalone"
+  RELEASE_PATH+=-standalone
+
+  # We cannot find the path to node from $PATH because yarn shims a script to ensure
+  # we use the same version it's using so we instead run a script with yarn that
+  # will print the path to node.
+  local node_path
+  node_path="$(yarn -s node <<< 'console.info(process.execPath)')"
+
+  mkdir -p "$RELEASE_PATH/bin"
+  rsync ./ci/build/code-server.sh "$RELEASE_PATH/bin/code-server"
+  rsync "$node_path" "$RELEASE_PATH/lib/node"
+
+  ln -s "./bin/code-server" "$RELEASE_PATH/code-server"
+  ln -s "./lib/node" "$RELEASE_PATH/node"
+
+  cd "$RELEASE_PATH"
+  yarn --production --frozen-lockfile
+}
+
+main "$@"

ci/build/build-vscode.sh

@@ -0,0 +1,21 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# Builds vscode into lib/vscode/out-vscode.
+
+# MINIFY controls whether a minified version of vscode is built.
+MINIFY=${MINIFY-true}
+
+main() {
+  cd "$(dirname "${0}")/../.."
+  cd lib/vscode
+
+  yarn gulp compile-build
+  yarn gulp compile-extensions-build
+  yarn gulp optimize --gulpfile ./coder.js
+  if [[ $MINIFY ]]; then
+    yarn gulp minify --gulpfile ./coder.js
+  fi
+}
+
+main "$@"

ci/build/clean.sh

@@ -0,0 +1,15 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+main() {
+  cd "$(dirname "${0}")/../.."
+  source ./ci/lib.sh
+
+  git clean -Xffd
+
+  pushd lib/vscode
+  git clean -xffd
+  popd
+}
+
+main "$@"

ci/build/code-server-nfpm.sh

@@ -0,0 +1,3 @@
+#!/usr/bin/env sh
+
+exec /usr/lib/code-server/bin/code-server "$@"

ci/build/code-server-user.service

@@ -0,0 +1,11 @@
+[Unit]
+Description=code-server
+After=network.target
+
+[Service]
+Type=exec
+ExecStart=/usr/bin/code-server
+Restart=always
+
+[Install]
+WantedBy=default.target

ci/build/code-server.sh

@@ -0,0 +1,36 @@
+#!/bin/sh
+set -eu
+
+# This script is intended to be bundled into the standalone releases.
+# Runs code-server with the bundled node binary.
+
+_realpath() {
+  # See https://github.com/cdr/code-server/issues/1537 on why no realpath or readlink -f.
+
+  script="$1"
+  cd "$(dirname "$script")"
+
+  while [ -L "$(basename "$script")" ]; do
+    if [ -L "./node" ] && [ -L "./code-server" ] &&
+      [ -f "package.json" ] &&
+      cat package.json | grep -q '^  "name": "code-server",$'; then
+      echo "***** Please use the script in bin/code-server instead!" >&2
+      echo "***** This script will soon be removed!" >&2
+      echo "***** See the release notes at https://github.com/cdr/code-server/releases/tag/v3.4.0" >&2
+    fi
+
+    script="$(readlink "$(basename "$script")")"
+    cd "$(dirname "$script")"
+  done
+
+  echo "$PWD/$(basename "$script")"
+}
+
+root() {
+  script="$(_realpath "$0")"
+  bin_dir="$(dirname "$script")"
+  dirname "$bin_dir"
+}
+
+ROOT="$(root)"
+exec "$ROOT/lib/node" "$ROOT" "$@"

ci/build/code-server@.service

@@ -0,0 +1,12 @@
+[Unit]
+Description=code-server
+After=network.target
+
+[Service]
+Type=exec
+ExecStart=/usr/bin/code-server
+Restart=always
+User=%i
+
+[Install]
+WantedBy=default.target

ci/build/nfpm.yaml

@@ -0,0 +1,19 @@
+name: "code-server"
+arch: "${ARCH}"
+platform: "linux"
+version: "v${VERSION}"
+section: "devel"
+priority: "optional"
+maintainer: "Anmol Sethi <hi@nhooyr.io>"
+description: |
+  Run VS Code in the browser.
+vendor: "Coder"
+homepage: "https://github.com/cdr/code-server"
+license: "MIT"
+files:
+  ./ci/build/code-server-nfpm.sh: /usr/bin/code-server
+  ./ci/build/code-server@.service: /usr/lib/systemd/system/code-server@.service
+  # Only included for backwards compat with previous releases that shipped
+  # the user service. See #1997
+  ./ci/build/code-server-user.service: /usr/lib/systemd/user/code-server.service
+  ./release-standalone/**/*: "/usr/lib/code-server/"

ci/build/npm-postinstall.sh

@@ -0,0 +1,65 @@
+#!/usr/bin/env sh
+set -eu
+
+main() {
+  # Grabs the major version of node from $npm_config_user_agent which looks like
+  # yarn/1.21.1 npm/? node/v14.2.0 darwin x64
+  major_node_version=$(echo "$npm_config_user_agent" | sed -n 's/.*node\/v\([^.]*\).*/\1/p')
+  if [ "$major_node_version" -lt 12 ]; then
+    echo "code-server currently requires at least node v12"
+    echo "We have detected that you are on node v$major_node_version"
+    echo "See https://github.com/cdr/code-server/issues/1633"
+    exit 1
+  fi
+
+  case "${npm_config_user_agent-}" in npm*)
+    # We are running under npm.
+    if [ "${npm_config_unsafe_perm-}" != "true" ]; then
+      echo "Please pass --unsafe-perm to npm to install code-server"
+      echo "Otherwise the postinstall script does not have permissions to run"
+      echo "See https://docs.npmjs.com/misc/config#unsafe-perm"
+      echo "See https://stackoverflow.com/questions/49084929/npm-sudo-global-installation-unsafe-perm"
+      exit 1
+    fi
+    ;;
+  esac
+
+  OS="$(uname | tr '[:upper:]' '[:lower:]')"
+  if curl -fsSL "https://storage.googleapis.com/coder-cloud-releases/agent/latest/$OS/cloud-agent" -o ./lib/coder-cloud-agent; then
+    chmod +x ./lib/coder-cloud-agent
+  else
+    echo "Failed to download cloud agent; --link will not work"
+  fi
+
+  if ! vscode_yarn; then
+    echo "You may not have the required dependencies to build the native modules."
+    echo "Please see https://github.com/cdr/code-server/blob/master/docs/npm.md"
+    exit 1
+  fi
+}
+
+vscode_yarn() {
+  cd lib/vscode
+  yarn --production --frozen-lockfile
+
+  # This is a copy of symlink_asar in ../lib.sh. Look there for details.
+  if [ ! -e node_modules.asar ]; then
+    if [ "${WINDIR-}" ]; then
+      mklink /J node_modules.asar node_modules
+    else
+      ln -s node_modules node_modules.asar
+    fi
+  fi
+
+  cd extensions
+  yarn --production --frozen-lockfile
+  for ext in */; do
+    ext="${ext%/}"
+    echo "extensions/$ext: installing dependencies"
+    cd "$ext"
+    yarn --production --frozen-lockfile
+    cd "$OLDPWD"
+  done
+}
+
+main "$@"

ci/build/release-github-assets.sh

@@ -0,0 +1,21 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# Downloads the release artifacts from CI for the current
+# commit and then uploads them to the release with the version
+# in package.json.
+# You will need $GITHUB_TOKEN set.
+
+main() {
+  cd "$(dirname "$0")/../.."
+  source ./ci/lib.sh
+
+  download_artifact release-packages ./release-packages
+  local assets=(./release-packages/code-server*"$VERSION"*{.tar.gz,.deb,.rpm})
+  for i in "${!assets[@]}"; do
+    assets[$i]="--attach=${assets[$i]}"
+  done
+  EDITOR=true hub release edit --draft "${assets[@]}" "v$VERSION"
+}
+
+main "$@"

ci/build/release-github-draft.sh

@@ -0,0 +1,33 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# Creates a draft release with the template for the version in package.json
+
+main() {
+  cd "$(dirname "$0")/../.."
+  source ./ci/lib.sh
+
+  hub release create \
+    --file - \
+    -t "$(git rev-parse HEAD)" \
+    --draft "v$VERSION" << EOF
+v$VERSION
+
+VS Code v$(vscode_version)
+
+Upgrading is as easy as installing the new version over the old one. code-server
+maintains all user data in \`~/.local/share/code-server\` so that it is preserved in between
+installations.
+
+## New Features
+
+  - ⭐ Summarize new features here with references to issues
+
+## Bug Fixes
+  - ⭐ Summarize bug fixes here with references to issues
+
+Cheers! 🍻
+EOF
+}
+
+main "$@"

ci/build/test-standalone-release.sh

@@ -0,0 +1,28 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# Makes sure the release works.
+# This is to make sure we don't have Node version errors or any other
+# compilation-related errors.
+main() {
+  cd "$(dirname "${0}")/../.."
+
+  local EXTENSIONS_DIR
+  EXTENSIONS_DIR="$(mktemp -d)"
+
+  echo "Testing standalone release."
+
+  ./release-standalone/bin/code-server --extensions-dir "$EXTENSIONS_DIR" --install-extension ms-python.python
+  local installed_extensions
+  installed_extensions="$(./release-standalone/bin/code-server --extensions-dir "$EXTENSIONS_DIR" --list-extensions 2>&1)"
+  # We use grep as ms-python.python may have dependency extensions that change.
+  if ! echo "$installed_extensions" | grep -q "ms-python.python"; then
+    echo "Unexpected output from listing extensions:"
+    echo "$installed_extensions"
+    exit 1
+  fi
+
+  echo "Standalone release works correctly."
+}
+
+main "$@"

ci/dev/ci.sh

@@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+main() {
+  cd "$(dirname "$0")/../.."
+
+  yarn fmt
+  yarn lint
+  yarn test
+}
+
+main "$@"

ci/dev/fmt.sh

@@ -0,0 +1,43 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+main() {
+  cd "$(dirname "$0")/../.."
+
+  shfmt -i 2 -w -sr $(git ls-files "*.sh" | grep -v "lib/vscode")
+
+  local prettierExts
+  prettierExts=(
+    "*.js"
+    "*.ts"
+    "*.tsx"
+    "*.html"
+    "*.json"
+    "*.css"
+    "*.md"
+    "*.toml"
+    "*.yaml"
+    "*.yml"
+  )
+  prettier --write --loglevel=warn $(
+    git ls-files "${prettierExts[@]}" | grep -v "lib/vscode" | grep -v 'helm-chart'
+  )
+
+  doctoc --title '# FAQ' docs/FAQ.md > /dev/null
+  doctoc --title '# Setup Guide' docs/guide.md > /dev/null
+  doctoc --title '# Install' docs/install.md > /dev/null
+  doctoc --title '# npm Install Requirements' docs/npm.md > /dev/null
+  doctoc --title '# Contributing' docs/CONTRIBUTING.md > /dev/null
+  doctoc --title '# Contributor Covenant Code of Conduct' docs/CODE_OF_CONDUCT.md > /dev/null
+  doctoc --title '# iPad' docs/ipad.md > /dev/null
+
+  if [[ ${CI-} && $(git ls-files --other --modified --exclude-standard) ]]; then
+    echo "Files need generation or are formatted incorrectly:"
+    git -c color.ui=always status | grep --color=no '\[31m'
+    echo "Please run the following locally:"
+    echo "  yarn fmt"
+    exit 1
+  fi
+}
+
+main "$@"

ci/dev/gen_icons.sh

@@ -0,0 +1,44 @@
+#!/bin/sh
+set -eu
+
+main() {
+  cd src/browser/media
+
+  # We need .ico for backwards compatibility.
+  # The other two are the only icon sizes required by Chrome and
+  # we use them for stuff like apple-touch-icon as well.
+  # https://web.dev/add-manifest/
+  #
+  # This should be enough and we can always add more if there are problems.
+
+  # -background defaults to white but we want it transparent.
+  # https://imagemagick.org/script/command-line-options.php#background
+  convert -quiet -background transparent -resize 256x256 favicon.svg favicon.ico
+  # We do not generate the pwa-icon from the favicon as they are slightly different
+  # designs and sizes.
+  # See favicon.afdesign and #2401 for details on the differences.
+  convert -quiet -background transparent -resize 192x192 pwa-icon.png pwa-icon-192.png
+  convert -quiet -background transparent -resize 512x512 pwa-icon.png pwa-icon-512.png
+
+  # We use -quiet above to avoid https://github.com/ImageMagick/ImageMagick/issues/884
+
+  # The following adds dark mode support for the favicon as favicon-dark-support.svg
+  # There is no similar capability for pwas or .ico so we can only add support to the svg.
+  favicon_dark_style="<style>
+@media (prefers-color-scheme: dark) {
+  * {
+    fill: white;
+  }
+}
+</style>"
+  # See https://stackoverflow.com/a/22901380/4283659
+  # This escapes all newlines so that sed will accept them.
+  favicon_dark_style="$(printf "%s\n" "$favicon_dark_style" | sed -e ':a' -e 'N' -e '$!ba' -e 's/\n/\\n/g')"
+  sed "$(
+    cat -n << EOF
+s%<rect id="favicon"%$favicon_dark_style<rect id="favicon"%
+EOF
+  )" favicon.svg > favicon-dark-support.svg
+}
+
+main "$@"

ci/dev/image/run.sh

@@ -0,0 +1,31 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+main() {
+  cd "$(dirname "$0")/../../.."
+  source ./ci/lib.sh
+  mkdir -p .home
+
+  docker run \
+    -it \
+    --rm \
+    -v "$PWD:/src" \
+    -e HOME="/src/.home" \
+    -e USER="coder" \
+    -e GITHUB_TOKEN \
+    -e KEEP_MODULES \
+    -e MINIFY \
+    -w /src \
+    -p 127.0.0.1:8080:8080 \
+    -u "$(id -u):$(id -g)" \
+    -e CI \
+    "$(docker_build ./ci/images/"${IMAGE-debian10}")" \
+    "$@"
+}
+
+docker_build() {
+  docker build "$@" >&2
+  docker build -q "$@"
+}
+
+main "$@"

ci/dev/lint.sh

@@ -0,0 +1,21 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+main() {
+  cd "$(dirname "$0")/../.."
+
+  eslint --max-warnings=0 --fix $(git ls-files "*.ts" "*.tsx" "*.js" | grep -v "lib/vscode")
+  stylelint $(git ls-files "*.css" | grep -v "lib/vscode")
+  tsc --noEmit
+  shellcheck -e SC2046,SC2164,SC2154,SC1091,SC1090,SC2002 $(git ls-files "*.sh" | grep -v "lib/vscode")
+  if command -v helm && helm kubeval --help > /dev/null; then
+    helm kubeval ci/helm-chart
+  fi
+
+  cd lib/vscode
+  # Run this periodically in vanilla VS code to make sure we don't add any more warnings.
+  yarn -s eslint --max-warnings=3
+  cd "$OLDPWD"
+}
+
+main "$@"

ci/dev/postinstall.sh

@@ -0,0 +1,19 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+main() {
+  cd "$(dirname "$0")/../.."
+  source ./ci/lib.sh
+
+  # This installs the dependencies needed for testing
+  cd test
+  yarn
+  cd ..
+
+  cd lib/vscode
+  yarn ${CI+--frozen-lockfile}
+
+  symlink_asar
+}
+
+main "$@"

ci/dev/reset-vscode.sh

@@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+main() {
+  cd "$(dirname "$0")/../.."
+
+  cd ./lib/vscode
+  git add -A
+  git reset --hard
+}
+
+main "$@"

ci/dev/test.sh

@@ -0,0 +1,15 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+main() {
+  cd "$(dirname "$0")/../.."
+  cd test/test-plugin
+  make -s out/index.js
+  # We must keep jest in a sub-directory. See ../../test/package.json for more
+  # information. We must also run it from the root otherwise coverage will not
+  # include our source files.
+  cd "$OLDPWD"
+  ./test/node_modules/.bin/jest "$@"
+}
+
+main "$@"

ci/dev/watch.ts

@@ -0,0 +1,194 @@
+import * as cp from "child_process"
+import Bundler from "parcel-bundler"
+import * as path from "path"
+
+async function main(): Promise<void> {
+  try {
+    const watcher = new Watcher()
+    await watcher.watch()
+  } catch (error) {
+    console.error(error.message)
+    process.exit(1)
+  }
+}
+
+class Watcher {
+  private readonly rootPath = path.resolve(__dirname, "../..")
+  private readonly vscodeSourcePath = path.join(this.rootPath, "lib/vscode")
+
+  private static log(message: string, skipNewline = false): void {
+    process.stdout.write(message)
+    if (!skipNewline) {
+      process.stdout.write("\n")
+    }
+  }
+
+  public async watch(): Promise<void> {
+    let server: cp.ChildProcess | undefined
+    const restartServer = (): void => {
+      if (server) {
+        server.kill()
+      }
+      const s = cp.fork(path.join(this.rootPath, "out/node/entry.js"), process.argv.slice(2))
+      console.log(`[server] spawned process ${s.pid}`)
+      s.on("exit", () => console.log(`[server] process ${s.pid} exited`))
+      server = s
+    }
+
+    const vscode = cp.spawn("yarn", ["watch"], { cwd: this.vscodeSourcePath })
+    const tsc = cp.spawn("tsc", ["--watch", "--pretty", "--preserveWatchOutput"], { cwd: this.rootPath })
+    const plugin = process.env.PLUGIN_DIR
+      ? cp.spawn("yarn", ["build", "--watch"], { cwd: process.env.PLUGIN_DIR })
+      : undefined
+    const bundler = this.createBundler()
+
+    const cleanup = (code?: number | null): void => {
+      Watcher.log("killing vs code watcher")
+      vscode.removeAllListeners()
+      vscode.kill()
+
+      Watcher.log("killing tsc")
+      tsc.removeAllListeners()
+      tsc.kill()
+
+      if (plugin) {
+        Watcher.log("killing plugin")
+        plugin.removeAllListeners()
+        plugin.kill()
+      }
+
+      if (server) {
+        Watcher.log("killing server")
+        server.removeAllListeners()
+        server.kill()
+      }
+
+      Watcher.log("killing bundler")
+      process.exit(code || 0)
+    }
+
+    process.on("SIGINT", () => cleanup())
+    process.on("SIGTERM", () => cleanup())
+
+    vscode.on("exit", (code) => {
+      Watcher.log("vs code watcher terminated unexpectedly")
+      cleanup(code)
+    })
+    tsc.on("exit", (code) => {
+      Watcher.log("tsc terminated unexpectedly")
+      cleanup(code)
+    })
+    if (plugin) {
+      plugin.on("exit", (code) => {
+        Watcher.log("plugin terminated unexpectedly")
+        cleanup(code)
+      })
+    }
+    const bundle = bundler.bundle().catch(() => {
+      Watcher.log("parcel watcher terminated unexpectedly")
+      cleanup(1)
+    })
+    bundler.on("buildEnd", () => {
+      console.log("[parcel] bundled")
+    })
+    bundler.on("buildError", (error) => {
+      console.error("[parcel]", error)
+    })
+
+    vscode.stderr.on("data", (d) => process.stderr.write(d))
+    tsc.stderr.on("data", (d) => process.stderr.write(d))
+    if (plugin) {
+      plugin.stderr.on("data", (d) => process.stderr.write(d))
+    }
+
+    // From https://github.com/chalk/ansi-regex
+    const pattern = [
+      "[\\u001B\\u009B][[\\]()#;?]*(?:(?:(?:[a-zA-Z\\d]*(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]*)*)?\\u0007)",
+      "(?:(?:\\d{1,4}(?:;\\d{0,4})*)?[\\dA-PR-TZcf-ntqry=><~]))",
+    ].join("|")
+    const re = new RegExp(pattern, "g")
+
+    /**
+     * Split stdout on newlines and strip ANSI codes.
+     */
+    const onLine = (proc: cp.ChildProcess, callback: (strippedLine: string, originalLine: string) => void): void => {
+      let buffer = ""
+      if (!proc.stdout) {
+        throw new Error("no stdout")
+      }
+      proc.stdout.setEncoding("utf8")
+      proc.stdout.on("data", (d) => {
+        const data = buffer + d
+        const split = data.split("\n")
+        const last = split.length - 1
+
+        for (let i = 0; i < last; ++i) {
+          callback(split[i].replace(re, ""), split[i])
+        }
+
+        // The last item will either be an empty string (the data ended with a
+        // newline) or a partial line (did not end with a newline) and we must
+        // wait to parse it until we get a full line.
+        buffer = split[last]
+      })
+    }
+
+    let startingVscode = false
+    let startedVscode = false
+    onLine(vscode, (line, original) => {
+      console.log("[vscode]", original)
+      // Wait for watch-client since "Finished compilation" will appear multiple
+      // times before the client starts building.
+      if (!startingVscode && line.includes("Starting watch-client")) {
+        startingVscode = true
+      } else if (startingVscode && line.includes("Finished compilation")) {
+        if (startedVscode) {
+          bundle.then(restartServer)
+        }
+        startedVscode = true
+      }
+    })
+
+    onLine(tsc, (line, original) => {
+      // tsc outputs blank lines; skip them.
+      if (line !== "") {
+        console.log("[tsc]", original)
+      }
+      if (line.includes("Watching for file changes")) {
+        bundle.then(restartServer)
+      }
+    })
+
+    if (plugin) {
+      onLine(plugin, (line, original) => {
+        // tsc outputs blank lines; skip them.
+        if (line !== "") {
+          console.log("[plugin]", original)
+        }
+        if (line.includes("Watching for file changes")) {
+          bundle.then(restartServer)
+        }
+      })
+    }
+  }
+
+  private createBundler(out = "dist"): Bundler {
+    return new Bundler(
+      [
+        path.join(this.rootPath, "src/browser/register.ts"),
+        path.join(this.rootPath, "src/browser/serviceWorker.ts"),
+        path.join(this.rootPath, "src/browser/pages/login.ts"),
+        path.join(this.rootPath, "src/browser/pages/vscode.ts"),
+      ],
+      {
+        outDir: path.join(this.rootPath, out),
+        cacheDir: path.join(this.rootPath, ".cache"),
+        minify: !!process.env.MINIFY,
+        logLevel: 1,
+        publicUrl: ".",
+      },
+    )
+  }
+}
+
+main()

ci/helm-chart/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

ci/helm-chart/Chart.yaml

@@ -0,0 +1,23 @@
+apiVersion: v2
+name: code-server
+description: A Helm chart for cdr/code-server
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 1.0.3
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+appVersion: 3.8.1

ci/helm-chart/README.md

@@ -0,0 +1,117 @@
+# code-server
+
+![Version: 1.0.0](https://img.shields.io/badge/Version-1.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 3.8.1](https://img.shields.io/badge/AppVersion-3.8.1-informational?style=flat-square)
+
+[code-server](https://github.com/cdr/code-server) code-server is VS Code running
+on a remote server, accessible through the browser.
+
+This chart is community maintained by [@Matthew-Beckett](https://github.com/Matthew-Beckett) and [@alexgorbatchev](https://github.com/alexgorbatchev)
+
+## TL;DR;
+
+```console
+$ git clone https://github.com/cdr/code-server
+$ cd code-server
+$ helm upgrade --install code-server ci/helm-chart
+```
+
+## Introduction
+
+This chart bootstraps a code-server deployment on a
+[Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh)
+package manager.
+
+## Prerequisites
+
+  - Kubernetes 1.6+
+
+## Installing the Chart
+
+To install the chart with the release name `code-server`:
+
+```console
+$ git clone https://github.com/cdr/code-server
+$ cd code-server
+$ helm upgrade --install code-server ci/helm-chart
+```
+
+The command deploys code-server on the Kubernetes cluster in the default
+configuration. The [configuration](#configuration) section lists the parameters
+that can be configured during installation.
+
+> **Tip**: List all releases using `helm list`
+
+## Uninstalling the Chart
+
+To uninstall/delete the `code-server` deployment:
+
+```console
+$ helm delete code-server
+```
+
+The command removes all the Kubernetes components associated with the chart and
+deletes the release.
+
+## Configuration
+
+The following table lists the configurable parameters of the code-server chart
+and their default values.
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| affinity | object | `{}` |  |
+| extraArgs | list | `[]` |  |
+| extraConfigmapMounts | list | `[]` |  |
+| extraContainers | string | `""` |  |
+| extraSecretMounts | list | `[]` |  |
+| extraVars | list | `[]` |  |
+| extraVolumeMounts | list | `[]` |  |
+| fullnameOverride | string | `""` |  |
+| hostnameOverride | string | `""` |  |
+| image.pullPolicy | string | `"Always"` |  |
+| image.repository | string | `"codercom/code-server"` |  |
+| image.tag | string | `"3.8.1"` |  |
+| imagePullSecrets | list | `[]` |  |
+| ingress.enabled | bool | `false` |  |
+| nameOverride | string | `""` |  |
+| nodeSelector | object | `{}` |  |
+| persistence.accessMode | string | `"ReadWriteOnce"` |  |
+| persistence.annotations | object | `{}` |  |
+| persistence.enabled | bool | `true` |  |
+| persistence.size | string | `"1Gi"` |  |
+| podAnnotations | object | `{}` |  |
+| podSecurityContext | object | `{}` |  |
+| replicaCount | int | `1` |  |
+| resources | object | `{}` |  |
+| securityContext.enabled | bool | `true` |  |
+| securityContext.fsGroup | int | `1000` |  |
+| securityContext.runAsUser | int | `1000` |  |
+| service.port | int | `8443` |  |
+| service.type | string | `"ClusterIP"` |  |
+| serviceAccount.create | bool | `true` |  |
+| serviceAccount.name | string | `nil` |  |
+| tolerations | list | `[]` |  |
+| volumePermissions.enabled | bool | `true` |  |
+| volumePermissions.securityContext.runAsUser | int | `0` |  |
+
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm
+install`. For example,
+
+```console
+$ helm upgrade --install code-server \
+    ci/helm-chart \
+    --set persistence.enabled=false
+```
+
+The above command sets the the persistence storage to false.
+
+Alternatively, a YAML file that specifies the values for the above parameters
+can be provided while installing the chart. For example,
+
+```console
+$ helm upgrade --install code-server ci/helm-chart -f values.yaml
+```
+
+> **Tip**: You can use the default [values.yaml](values.yaml)

ci/helm-chart/templates/NOTES.txt

@@ -0,0 +1,25 @@
+1. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range $host := .Values.ingress.hosts }}
+  {{- range .paths }}
+  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }}
+  {{- end }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "code-server.fullname" . }})
+  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "code-server.fullname" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "code-server.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
+  echo http://$SERVICE_IP:{{ .Values.service.port }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "code-server.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  echo "Visit http://127.0.0.1:8080 to use your application"
+  kubectl port-forward $POD_NAME 8080:80
+{{- end }}
+
+Administrator credentials:
+
+  Password: echo $(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "code-server.fullname" . }} -o jsonpath="{.data.password}" | base64 --decode)

ci/helm-chart/templates/_helpers.tpl

@@ -0,0 +1,63 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "code-server.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "code-server.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "code-server.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Common labels
+*/}}
+{{- define "code-server.labels" -}}
+helm.sh/chart: {{ include "code-server.chart" . }}
+{{ include "code-server.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "code-server.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "code-server.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "code-server.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+    {{ default (include "code-server.fullname" .) .Values.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}

ci/helm-chart/templates/deployment.yaml

@@ -0,0 +1,152 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "code-server.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "code-server.name" . }}
+    helm.sh/chart: {{ include "code-server.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  replicas: 1
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "code-server.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ include "code-server.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+    spec:
+      {{- if .Values.hostnameOverride }}
+      hostname: {{ .Values.hostnameOverride }}
+      {{- end }}
+      {{- if .Values.securityContext.enabled }}
+      securityContext:
+        fsGroup: {{ .Values.securityContext.fsGroup }}
+      {{- end }}
+      {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }}
+      initContainers:
+      - name: init-chmod-data
+        image: busybox:latest
+        imagePullPolicy: IfNotPresent
+        command:
+          - sh
+          - -c
+          - |
+            chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} /home/coder
+        securityContext:
+          runAsUser: {{ .Values.volumePermissions.securityContext.runAsUser }}
+        volumeMounts:
+        - name: data
+          mountPath: /home/coder
+      {{- end }}
+      containers:
+{{- if .Values.extraContainers }}
+{{ toYaml .Values.extraContainers | indent 8}}
+{{- end }}
+        - name: {{ .Chart.Name }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          {{- if .Values.securityContext.enabled }}
+          securityContext:
+            runAsUser: {{ .Values.securityContext.runAsUser }}
+          {{- end }}
+          env:
+        {{- if .Values.extraVars }}
+{{ toYaml .Values.extraVars | indent 10 }}
+        {{- end }}
+          - name: PASSWORD
+            valueFrom:
+              secretKeyRef:
+              {{- if .Values.existingSecret }}
+                name: {{ .Values.existingSecret }}
+              {{- else }}
+                name: {{ template "code-server.fullname" . }}
+              {{- end }}
+                key: password
+        {{- if .Values.extraArgs }}
+          args:
+{{ toYaml .Values.extraArgs | indent 10 }}
+        {{- end }}
+          volumeMounts:
+          - name: data
+            mountPath: /home/coder
+          {{- range .Values.extraConfigmapMounts }}
+          - name: {{ .name }}
+            mountPath: {{ .mountPath }}
+            subPath: {{ .subPath | default "" }}
+            readOnly: {{ .readOnly }}
+          {{- end }}
+          {{- range .Values.extraSecretMounts }}
+          - name: {{ .name }}
+            mountPath: {{ .mountPath }}
+            readOnly: {{ .readOnly }}
+          {{- end }}
+          {{- range .Values.extraVolumeMounts }}
+          - name: {{ .name }}
+            mountPath: {{ .mountPath }}
+            subPath: {{ .subPath | default "" }}
+            readOnly: {{ .readOnly }}
+          {{- end }}
+          ports:
+            - name: http
+              containerPort: 8080
+              protocol: TCP
+          livenessProbe:
+            httpGet:
+              path: /
+              port: http
+          readinessProbe:
+            httpGet:
+              path: /
+              port: http
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+    {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+    {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+      serviceAccountName: {{ template "code-server.serviceAccountName" . }}
+      volumes:
+      - name: data
+      {{- if .Values.persistence.enabled }}
+        {{- if not .Values.persistence.hostPath }}
+        persistentVolumeClaim:
+          claimName: {{ .Values.persistence.existingClaim | default (include "code-server.fullname" .) }}
+        {{- else }}
+        hostPath:
+          path: {{ .Values.persistence.hostPath }}
+          type: Directory
+        {{- end -}}
+      {{- else }}
+        emptyDir: {}
+      {{- end -}}
+      {{- range .Values.extraSecretMounts }}
+      - name: {{ .name }}
+        secret:
+          secretName: {{ .secretName }}
+          defaultMode: {{ .defaultMode }}
+      {{- end }}
+      {{- range .Values.extraVolumeMounts }}
+      - name: {{ .name }}
+        {{- if .existingClaim }}
+        persistentVolumeClaim:
+          claimName: {{ .existingClaim }}
+        {{- else }}
+        hostPath:
+          path: {{ .hostPath }}
+          type: Directory
+        {{- end }}
+      {{- end }}

ci/helm-chart/templates/ingress.yaml

@@ -0,0 +1,41 @@
+{{- if .Values.ingress.enabled -}}
+{{- $fullName := include "code-server.fullname" . -}}
+{{- $svcPort := .Values.service.port -}}
+{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1beta1
+{{- else -}}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Ingress
+metadata:
+  name: {{ $fullName }}
+  labels:
+    {{- include "code-server.labels" . | nindent 4 }}
+  {{- with .Values.ingress.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if .Values.ingress.tls }}
+  tls:
+    {{- range .Values.ingress.tls }}
+    - hosts:
+        {{- range .hosts }}
+        - {{ . | quote }}
+        {{- end }}
+      secretName: {{ .secretName }}
+    {{- end }}
+  {{- end }}
+  rules:
+    {{- range .Values.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+          {{- range .paths }}
+          - path: {{ . }}
+            backend:
+              serviceName: {{ $fullName }}
+              servicePort: {{ $svcPort }}
+          {{- end }}
+    {{- end }}
+  {{- end }}

ci/helm-chart/templates/pvc.yaml

@@ -0,0 +1,29 @@
+{{- if and (and .Values.persistence.enabled (not .Values.persistence.existingClaim)) (not .Values.persistence.hostPath) }}
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: {{ include "code-server.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+{{- with .Values.persistence.annotations  }}
+  annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+  labels:
+    app.kubernetes.io/name: {{ include "code-server.name" . }}
+    helm.sh/chart: {{ include "code-server.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  accessModes:
+    - {{ .Values.persistence.accessMode | quote }}
+  resources:
+    requests:
+      storage: {{ .Values.persistence.size | quote }}
+{{- if .Values.persistence.storageClass }}
+{{- if (eq "-" .Values.persistence.storageClass) }}
+  storageClassName: ""
+{{- else }}
+  storageClassName: "{{ .Values.persistence.storageClass }}"
+{{- end }}
+{{- end }}
+{{- end }}

ci/helm-chart/templates/secrets.yaml

@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "code-server.fullname" . }}
+  annotations:
+    "helm.sh/hook": "pre-install"
+  labels:
+    app.kubernetes.io/name: {{ include "code-server.name" . }}
+    helm.sh/chart: {{ include "code-server.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+type: Opaque
+data:
+  {{ if .Values.password }}
+  password: "{{ .Values.password | b64enc }}"
+  {{ else }}
+  password: "{{ randAlphaNum 24 | b64enc }}"
+  {{ end }}

ci/helm-chart/templates/service.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "code-server.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "code-server.name" . }}
+    helm.sh/chart: {{ include "code-server.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.port }}
+      targetPort: http
+      protocol: TCP
+      name: http
+  selector:
+    app.kubernetes.io/name: {{ include "code-server.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}

ci/helm-chart/templates/serviceaccount.yaml

@@ -0,0 +1,11 @@
+{{- if or .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/name: {{ include "code-server.name" . }}
+    helm.sh/chart: {{ include "code-server.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  name: {{ template "code-server.serviceAccountName" . }}
+{{- end -}}

ci/helm-chart/templates/tests/test-connection.yaml

@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ include "code-server.fullname" . }}-test-connection"
+  labels:
+    app.kubernetes.io/name: {{ include "code-server.name" . }}
+    helm.sh/chart: {{ include "code-server.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+    "helm.sh/hook": test-success
+spec:
+  containers:
+    - name: wget
+      image: busybox
+      command: ['wget']
+      args:  ['{{ include "code-server.fullname" . }}:{{ .Values.service.port }}']
+  restartPolicy: Never

ci/helm-chart/values.yaml

@@ -0,0 +1,163 @@
+# Default values for code-server.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+replicaCount: 1
+
+image:
+  repository: codercom/code-server
+  tag: '3.8.1'
+  pullPolicy: Always
+
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
+hostnameOverride: ""
+
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: true
+  # Annotations to add to the service account
+  annotations: {}
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: ""
+
+podAnnotations: {}
+
+podSecurityContext: {}
+  # fsGroup: 2000
+
+securityContext: {}
+  # capabilities:
+  #   drop:
+  #   - ALL
+  # readOnlyRootFilesystem: true
+  # runAsNonRoot: true
+  # runAsUser: 1000
+
+service:
+  type: ClusterIP
+  port: 8080
+
+ingress:
+  enabled: false
+  #annotations:
+  #  kubernetes.io/ingress.class: nginx
+  #  kubernetes.io/tls-acme: "true"
+  #hosts:
+  #  - host: code-server.example.loc
+  #    paths:
+  #      - /
+
+  #tls:
+  #  - secretName: code-server
+  #    hosts:
+  #      - code-server.example.loc
+
+# Optional additional arguments
+extraArgs: []
+#  - --allow-http
+#  - --no-auth
+
+# Optional additional environment variables
+extraVars: []
+#  - name: DISABLE_TELEMETRY
+#    value: true
+
+##
+## Init containers parameters:
+## volumePermissions: Change the owner of the persist volume mountpoint to RunAsUser:fsGroup
+##
+volumePermissions:
+  enabled: true
+  securityContext:
+    runAsUser: 0
+
+## Pod Security Context
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+##
+securityContext:
+  enabled: true
+  fsGroup: 1000
+  runAsUser: 1000
+
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #  cpu: 100m
+  #  memory: 1000Mi
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
+
+## Persist data to a persistent volume
+persistence:
+  enabled: true
+  ## code-server data Persistent Volume Storage Class
+  ## If defined, storageClassName: <storageClass>
+  ## If set to "-", storageClassName: "", which disables dynamic provisioning
+  ## If undefined (the default) or set to null, no storageClassName spec is
+  ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
+  ##   GKE, AWS & OpenStack)
+  ##
+  # storageClass: "-"
+  accessMode: ReadWriteOnce
+  size: 10Gi
+  annotations: {}
+  # existingClaim: ""
+  # hostPath: /data
+
+serviceAccount:
+  create: true
+  name:
+
+## Enable an Specify container in extraContainers.
+## This is meant to allow adding code-server dependencies, like docker-dind.
+extraContainers: |
+#- name: docker-dind
+#  image: docker:19.03-dind
+#  imagePullPolicy: IfNotPresent
+#  resources:
+#    requests:
+#      cpu: 250m
+#      memory: 256M
+#  securityContext:
+#    privileged: true
+#    procMount: Default
+#  env:
+#  - name: DOCKER_TLS_CERTDIR
+#    value: ""
+#  - name: DOCKER_DRIVER
+#    value: "overlay2"
+
+## Additional code-server secret mounts
+extraSecretMounts: []
+  # - name: secret-files
+  #   mountPath: /etc/secrets
+  #   secretName: code-server-secret-files
+  #   readOnly: true
+
+## Additional code-server volume mounts
+extraVolumeMounts: []
+  # - name: extra-volume
+  #   mountPath: /mnt/volume
+  #   readOnly: true
+  #   existingClaim: volume-claim
+  #   hostPath: ""
+
+extraConfigmapMounts: []
+  # - name: certs-configmap
+  #   mountPath: /etc/code-server/ssl/
+  #   subPath: certificates.crt # (optional)
+  #   configMap: certs-configmap
+  #   readOnly: true

ci/images/centos7/Dockerfile

@@ -0,0 +1,32 @@
+FROM centos:7
+
+ARG NODE_VERSION=v12.18.4
+RUN ARCH="$(uname -m | sed 's/86_64/64/; s/aarch64/arm64/')" && \
+    curl -fsSL "https://nodejs.org/dist/$NODE_VERSION/node-$NODE_VERSION-linux-$ARCH.tar.xz" | tar -C /usr/local -xJ && \
+    mv "/usr/local/node-$NODE_VERSION-linux-$ARCH" "/usr/local/node-$NODE_VERSION"
+ENV PATH=/usr/local/node-$NODE_VERSION/bin:$PATH
+RUN npm install -g yarn
+
+RUN yum groupinstall -y 'Development Tools'
+RUN yum install -y python2 libsecret-devel libX11-devel libxkbfile-devel
+
+RUN npm config set python python2
+
+RUN yum install -y epel-release && yum install -y jq
+RUN yum install -y rsync
+
+# Copied from ../debian10/Dockerfile
+# Install Go.
+RUN ARCH="$(uname -m | sed 's/x86_64/amd64/; s/aarch64/arm64/')" && \
+    curl -fsSL "https://dl.google.com/go/go1.14.3.linux-$ARCH.tar.gz" | tar -C /usr/local -xz
+ENV GOPATH=/gopath
+# Ensures running this image as another user works.
+RUN mkdir -p $GOPATH && chmod -R 777 $GOPATH
+ENV PATH=/usr/local/go/bin:$GOPATH/bin:$PATH
+
+# Install Go dependencies
+ENV GO111MODULE=on
+RUN go get mvdan.cc/sh/v3/cmd/shfmt
+RUN go get github.com/goreleaser/nfpm/cmd/nfpm@v1.9.0
+
+RUN curl -fsSL https://get.docker.com | sh

ci/images/debian10/Dockerfile

@@ -0,0 +1,54 @@
+FROM debian:10
+
+RUN apt-get update
+
+# Needed for debian repositories added below.
+RUN apt-get install -y curl gnupg
+
+# Installs node.
+RUN curl -fsSL https://deb.nodesource.com/setup_12.x | bash - && \
+    apt-get install -y nodejs
+
+# Installs yarn.
+RUN curl -fsSL https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - && \
+    echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list && \
+    apt-get update && apt-get install -y yarn
+
+# Installs VS Code build deps.
+RUN apt-get install -y build-essential \
+                   libsecret-1-dev \
+                   libx11-dev \
+                   libxkbfile-dev
+
+# Installs envsubst.
+RUN apt-get install -y gettext-base
+
+# Misc build dependencies.
+RUN apt-get install -y git rsync unzip jq
+
+# Installs shellcheck.
+RUN curl -fsSL https://github.com/koalaman/shellcheck/releases/download/v0.7.1/shellcheck-v0.7.1.linux.$(uname -m).tar.xz | \
+    tar -xJ && \
+    mv shellcheck*/shellcheck /usr/local/bin && \
+    rm -R shellcheck*
+
+# Install Go.
+RUN ARCH="$(uname -m | sed 's/x86_64/amd64/; s/aarch64/arm64/')" && \
+    curl -fsSL "https://dl.google.com/go/go1.14.3.linux-$ARCH.tar.gz" | tar -C /usr/local -xz
+ENV GOPATH=/gopath
+# Ensures running this image as another user works.
+RUN mkdir -p $GOPATH && chmod -R 777 $GOPATH
+ENV PATH=/usr/local/go/bin:$GOPATH/bin:$PATH
+
+# Install Go dependencies
+ENV GO111MODULE=on
+RUN go get mvdan.cc/sh/v3/cmd/shfmt
+RUN go get github.com/goreleaser/nfpm/cmd/nfpm@v1.9.0
+
+RUN VERSION="$(curl -fsSL https://storage.googleapis.com/kubernetes-release/release/stable.txt)" && \
+    curl -fsSL "https://storage.googleapis.com/kubernetes-release/release/$VERSION/bin/linux/amd64/kubectl" > /usr/local/bin/kubectl \
+    && chmod +x /usr/local/bin/kubectl
+RUN curl -fsSL https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash
+RUN helm plugin install https://github.com/instrumenta/helm-kubeval
+
+RUN curl -fsSL https://get.docker.com | sh

ci/lib.sh

@@ -0,0 +1,115 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+pushd() {
+  builtin pushd "$@" > /dev/null
+}
+
+popd() {
+  builtin popd > /dev/null
+}
+
+pkg_json_version() {
+  jq -r .version package.json
+}
+
+vscode_version() {
+  jq -r .version lib/vscode/package.json
+}
+
+os() {
+  local os
+  os=$(uname | tr '[:upper:]' '[:lower:]')
+  if [[ $os == "linux" ]]; then
+    # Alpine's ldd doesn't have a version flag but if you use an invalid flag
+    # (like --version) it outputs the version to stderr and exits with 1.
+    local ldd_output
+    ldd_output=$(ldd --version 2>&1 || true)
+    if echo "$ldd_output" | grep -iq musl; then
+      os="alpine"
+    fi
+  elif [[ $os == "darwin" ]]; then
+    os="macos"
+  fi
+  echo "$os"
+}
+
+arch() {
+  case "$(uname -m)" in
+  aarch64)
+    echo arm64
+    ;;
+  x86_64 | amd64)
+    echo amd64
+    ;;
+  *)
+    echo "unknown architecture $(uname -a)"
+    exit 1
+    ;;
+  esac
+}
+
+curl() {
+  command curl -H "Authorization: token $GITHUB_TOKEN" "$@"
+}
+
+# Grabs the most recent ci.yaml github workflow run that was successful and triggered from the same commit being pushd.
+# This will contain the artifacts we want.
+# https://developer.github.com/v3/actions/workflow-runs/#list-workflow-runs
+get_artifacts_url() {
+  curl -fsSL 'https://api.github.com/repos/cdr/code-server/actions/workflows/ci.yaml/runs?status=success&event=push' | jq -r ".workflow_runs[] | select(.head_sha == \"$(git rev-parse HEAD)\") | .artifacts_url" | head -n 1
+}
+
+# Grabs the artifact's download url.
+# https://developer.github.com/v3/actions/artifacts/#list-workflow-run-artifacts
+get_artifact_url() {
+  local artifact_name="$1"
+  curl -fsSL "$(get_artifacts_url)" | jq -r ".artifacts[] | select(.name == \"$artifact_name\") | .archive_download_url" | head -n 1
+}
+
+# Uses the above two functions to download a artifact into a directory.
+download_artifact() {
+  local artifact_name="$1"
+  local dst="$2"
+
+  local tmp_file
+  tmp_file="$(mktemp)"
+
+  curl -fsSL "$(get_artifact_url "$artifact_name")" > "$tmp_file"
+  unzip -q -o "$tmp_file" -d "$dst"
+  rm "$tmp_file"
+}
+
+rsync() {
+  command rsync -a --del "$@"
+}
+
+VERSION="$(pkg_json_version)"
+export VERSION
+ARCH="$(arch)"
+export ARCH
+OS=$(os)
+export OS
+
+# RELEASE_PATH is the destination directory for the release from the root.
+# Defaults to release
+RELEASE_PATH="${RELEASE_PATH-release}"
+
+# VS Code bundles some modules into an asar which is an archive format that
+# works like tar. It then seems to get unpacked into node_modules.asar.
+#
+# I don't know why they do this but all the dependencies they bundle already
+# exist in node_modules so just symlink it. We have to do this since not only VS
+# Code itself but also extensions will look specifically in this directory for
+# files (like the ripgrep binary or the oniguruma wasm).
+symlink_asar() {
+  if [ ! -L node_modules.asar ]; then
+    if [ "${WINDIR-}" ]; then
+      # mklink takes the link name first.
+      mklink /J node_modules.asar node_modules
+    else
+      # ln takes the link name second.
+      ln -s node_modules node_modules.asar
+    fi
+  fi
+}

ci/release-image/Dockerfile

@@ -0,0 +1,45 @@
+FROM debian:10
+
+RUN apt-get update \
+ && apt-get install -y \
+    curl \
+    dumb-init \
+    htop \
+    locales \
+    man \
+    nano \
+    git \
+    procps \
+    openssh-client \
+    sudo \
+    vim.tiny \
+    lsb-release \
+  && rm -rf /var/lib/apt/lists/*
+
+# https://wiki.debian.org/Locale#Manually
+RUN sed -i "s/# en_US.UTF-8/en_US.UTF-8/" /etc/locale.gen \
+  && locale-gen
+ENV LANG=en_US.UTF-8
+
+RUN adduser --gecos '' --disabled-password coder && \
+  echo "coder ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers.d/nopasswd
+
+RUN ARCH="$(dpkg --print-architecture)" && \
+    curl -fsSL "https://github.com/boxboat/fixuid/releases/download/v0.4.1/fixuid-0.4.1-linux-$ARCH.tar.gz" | tar -C /usr/local/bin -xzf - && \
+    chown root:root /usr/local/bin/fixuid && \
+    chmod 4755 /usr/local/bin/fixuid && \
+    mkdir -p /etc/fixuid && \
+    printf "user: coder\ngroup: coder\n" > /etc/fixuid/config.yml
+
+COPY release-packages/code-server*.deb /tmp/
+COPY ci/release-image/entrypoint.sh /usr/bin/entrypoint.sh
+RUN dpkg -i /tmp/code-server*$(dpkg --print-architecture).deb && rm /tmp/code-server*.deb
+
+EXPOSE 8080
+# This way, if someone sets $DOCKER_USER, docker-exec will still work as
+# the uid will remain the same. note: only relevant if -u isn't passed to
+# docker-run.
+USER 1000
+ENV USER=coder
+WORKDIR /home/coder
+ENTRYPOINT ["/usr/bin/entrypoint.sh", "--bind-addr", "0.0.0.0:8080", "."]

ci/release-image/build.sh

@@ -0,0 +1,11 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+main() {
+  cd "$(dirname "$0")/../.."
+  source ./ci/lib.sh
+
+  docker build -t "codercom/code-server-$ARCH:$VERSION" -f ./ci/release-image/Dockerfile .
+}
+
+main "$@"

ci/release-image/entrypoint.sh

@@ -0,0 +1,20 @@
+#!/bin/sh
+set -eu
+
+# We do this first to ensure sudo works below when renaming the user.
+# Otherwise the current container UID may not exist in the passwd database.
+eval "$(fixuid -q)"
+
+if [ "${DOCKER_USER-}" ] && [ "$DOCKER_USER" != "$USER" ]; then
+  echo "$DOCKER_USER ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/nopasswd > /dev/null
+  # Unfortunately we cannot change $HOME as we cannot move any bind mounts
+  # nor can we bind mount $HOME into a new home as that requires a privileged container.
+  sudo usermod --login "$DOCKER_USER" coder
+  sudo groupmod -n "$DOCKER_USER" coder
+
+  USER="$DOCKER_USER"
+
+  sudo sed -i "/coder/d" /etc/sudoers.d/nopasswd
+fi
+
+dumb-init /usr/bin/code-server "$@"

ci/steps/build-docker-image.sh

@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+main() {
+  cd "$(dirname "$0")/../.."
+  source ./ci/lib.sh
+
+  ./ci/release-image/build.sh
+
+  mkdir -p release-images
+  docker save "codercom/code-server-$ARCH:$VERSION" > "release-images/code-server-$ARCH-$VERSION.tar"
+}
+
+main "$@"

ci/steps/fmt.sh

@@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+main() {
+  cd "$(dirname "$0")/../.."
+
+  yarn --frozen-lockfile
+
+  yarn fmt
+}
+
+main "$@"

ci/steps/lint.sh

@@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+main() {
+  cd "$(dirname "$0")/../.."
+
+  yarn --frozen-lockfile
+
+  yarn lint
+}
+
+main "$@"

ci/steps/publish-npm.sh

@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+main() {
+  cd "$(dirname "$0")/../.."
+  source ./ci/lib.sh
+
+  if [[ ${CI-} ]]; then
+    echo "//registry.npmjs.org/:_authToken=${NPM_TOKEN}" > ~/.npmrc
+  fi
+
+  download_artifact npm-package ./release-npm-package
+  # https://github.com/actions/upload-artifact/issues/38
+  tar -xzf release-npm-package/package.tar.gz
+  yarn publish --non-interactive release
+}
+
+main "$@"

ci/steps/push-docker-manifest.sh

@@ -0,0 +1,37 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+main() {
+  cd "$(dirname "$0")/../.."
+  source ./ci/lib.sh
+
+  download_artifact release-images ./release-images
+  if [[ ${CI-} ]]; then
+    echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
+  fi
+
+  for img in ./release-images/*; do
+    docker load -i "$img"
+  done
+
+  # We have to ensure the amd64 and arm64 images exist on the remote registry
+  # in order to build the manifest.
+  # We don't put the arch in the tag to avoid polluting the main repository.
+  # These other repositories are private so they don't pollute our organization namespace.
+  docker push "codercom/code-server-amd64:$VERSION"
+  docker push "codercom/code-server-arm64:$VERSION"
+
+  export DOCKER_CLI_EXPERIMENTAL=enabled
+
+  docker manifest create "codercom/code-server:$VERSION" \
+    "codercom/code-server-amd64:$VERSION" \
+    "codercom/code-server-arm64:$VERSION"
+  docker manifest push --purge "codercom/code-server:$VERSION"
+
+  docker manifest create "codercom/code-server:latest" \
+    "codercom/code-server-amd64:$VERSION" \
+    "codercom/code-server-arm64:$VERSION"
+  docker manifest push --purge "codercom/code-server:latest"
+}
+
+main "$@"

ci/steps/release-packages.sh

@@ -0,0 +1,26 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+main() {
+  cd "$(dirname "$0")/../.."
+
+  NODE_VERSION=v12.18.4
+  NODE_OS="$(uname | tr '[:upper:]' '[:lower:]')"
+  NODE_ARCH="$(uname -m | sed 's/86_64/64/; s/aarch64/arm64/')"
+  if [ "$NODE_OS" = "freebsd" ]; then
+    mkdir -p "$PWD/node-$NODE_VERSION-$NODE_OS-$NODE_ARCH/bin"
+    cp "$(which node)" "$PWD/node-$NODE_VERSION-$NODE_OS-$NODE_ARCH/bin"
+  else
+    curl -L "https://nodejs.org/dist/$NODE_VERSION/node-$NODE_VERSION-$NODE_OS-$NODE_ARCH.tar.gz" | tar -xz
+  fi
+  PATH="$PWD/node-$NODE_VERSION-$NODE_OS-$NODE_ARCH/bin:$PATH"
+
+  # https://github.com/actions/upload-artifact/issues/38
+  tar -xzf release-npm-package/package.tar.gz
+
+  yarn release:standalone
+  yarn test:standalone-release
+  yarn package
+}
+
+main "$@"

ci/steps/release.sh

@@ -0,0 +1,17 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+main() {
+  cd "$(dirname "$0")/../.."
+
+  yarn --frozen-lockfile
+  yarn build
+  yarn build:vscode
+  yarn release
+
+  # https://github.com/actions/upload-artifact/issues/38
+  mkdir -p release-npm-package
+  tar -czf release-npm-package/package.tar.gz release
+}
+
+main "$@"

ci/steps/test.sh

@@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+main() {
+  cd "$(dirname "$0")/../.."
+
+  yarn --frozen-lockfile
+
+  yarn test
+}
+
+main "$@"

deployment/aws/deployment.yaml

@@ -1,74 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: code-server
----
-apiVersion: v1
-kind: Service
-metadata:
- name: code-server
- namespace: code-server
-spec:
- ports:
- - port: 8443
-   name: https
-   protocol: TCP
- selector:
-   app: code-server
- type: ClusterIP
----
-kind: StorageClass
-apiVersion: storage.k8s.io/v1
-metadata:
-  name: gp2
-  annotations:
-    storageclass.kubernetes.io/is-default-class: "true"
-provisioner: kubernetes.io/aws-ebs
-parameters:
-  type: gp2
-  fsType: ext4
----
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
-  name: code-store
-  namespace: code-server
-spec:
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 60Gi
----
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
-  labels:
-    app: code-server
-  name: code-server
-  namespace: code-server
-spec:
-  selector:
-    matchLabels:
-      app: code-server
-  replicas: 1
-  template:
-    metadata:
-      labels:
-        app: code-server
-    spec:
-      containers:
-      - image: codercom/code-server
-        imagePullPolicy: Always
-        name: code-servery
-        ports:
-        - containerPort: 8443
-          name: https
-        volumeMounts:
-        - name: code-server-storage
-          mountPath: /go/src
-      volumes:
-      - name: code-server-storage
-        persistentVolumeClaim:
-          claimName: code-store
-

deployment/deployment.yaml

@@ -1,43 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: code-server
----
-apiVersion: v1
-kind: Service
-metadata:
- name: code-server
- namespace: code-server
-spec:
- ports:
- - port: 8443
-   name: https
-   protocol: TCP
- selector:
-   app: code-server
- type: ClusterIP
----
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
-  labels:
-    app: code-server
-  name: code-server
-  namespace: code-server
-spec:
-  selector:
-    matchLabels:
-      app: code-server
-  replicas: 1
-  template:
-    metadata:
-      labels:
-        app: code-server
-    spec:
-      containers:
-      - image: codercom/code-server
-        imagePullPolicy: Always
-        name: code-server
-        ports:
-        - containerPort: 8443
-          name: https

doc/admin/install/aws.md

@@ -1,69 +0,0 @@
-# Deploy on AWS
-
-This tutorial shows you how to deploy `code-server` on an EC2 AWS instance.
-
-If you're just starting out, we recommend [installing code-server locally](../../self-hosted/index.md). It takes only a few minutes and lets you try out all of the features.
-
----
-
-## Deploy to EC2
-
-### Use the AWS wizard
-
-- Click **Launch Instance** from your [EC2 dashboard](https://console.aws.amazon.com/ec2/v2/home).
-- Select the Ubuntu Server 16.04 LTS (HVM), SSD Volume Type (`ami-0f9cf087c1f27d9b1)` at this time of writing)
-- Select an appropriate instance size (we recommend t2.medium/large, depending on team size and number of repositories/languages enabled), then **Next: Configure Instance Details**
-- Select **Next: ...** until you get to the **Configure Security Group** page, then add the default **HTTP** rule (port range "80", source "0.0.0.0/0, ::/0")
-  > Rules with source of 0.0.0.0/0 allow all IP addresses to access your instance. We recommend setting [security group rules](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html?icmpid=docs_ec2_console) to allow access from known IP addresses only.
-- Click **Launch**
-- You will be prompted to create a key pair
-    > A key pair consists of a public key that AWS stores, and a private key file that you store. Together, they allow you to connect to your instance securely. For Windows AMIs, the private key file is required to obtain the password used to log into your instance. For Linux AMIs, the private key file allows you to securely SSH into your instance.
-- From the dropdown choose "create a new pair", give the key pair a name
-- Click **Download Key Pair**
-  > This is necessary before you proceed. A `.pem` file will be downloaded. make sure you store is in a safe location because it can't be retrieved once we move on.
-- Finally, click **Launch Instances**
----
-### SSH Into EC2 Instance
-- First head to your [EC2 dashboard](https://console.aws.amazon.com/ec2/v2/home) and choose instances from the left panel
-- In the description of your EC2 instance copy the public DNS (iPv4) address using the copy to clipboard button
-- Open a terminal on your computer and use the following command to SSH into your EC2 instance
-  ```
-  ssh -i "path/to/your/keypair.pem" ubuntu@(paste the public DNS here)
-  ```
-  >example: `ssh -i "/Users/John/Downloads/TestInstance.pem" ubuntu@ec2-3-45-678-910.compute-1.amazonaws.co`
-- You should see a prompt for your EC2 instance like so<img src="../../assets/aws_ubuntu.png">
-- At this point it is time to download the `code-server` binary. We will of course want the linux version.
-- Find the latest Linux release from this URL:
-  ```
-  https://github.com/cdr/code-server/releases/latest
-  ```
-- Replace {version} in the following command with the version found on the releases page and run it (or just copy the download URL from the releases page):
-  ```
-  wget https://github.com/cdr/code-server/releases/download/{version}/code-server-{version}-linux-x64.tar.gz
-  ```
-- Extract the downloaded tar.gz file with this command, for example:
-  ```
-  tar -xvzf code-server-{version}-linux-x64.tar.gz
-  ```
-- Navigate to extracted directory with this command:
-  ```
-  cd code-server-{version}-linux-x64
-  ```
-- If you run into any permission errors, make the binary executable by running:
-  ```
-  chmod +x code-server
-  ```
-  > To ensure the connection between you and your server is encrypted view our guide on [securing your setup](../../security/ssl.md)
-- Finally, run
-  ```
-  sudo ./code-server -p 80
-  ```
-- When you visit the public IP for your AWS instance, you will be greeted   with this page. Code-server is using a self-signed SSL certificate for easy setup. To proceed to the IDE, click **"Advanced"**<img src ="../../assets/chrome_warning.png">
-- Then click **"proceed anyway"**<img src="../../assets/chrome_confirm.png">
-
-  > For instructions on how to keep the server running after you end your SSH session please checkout [how to use systemd](https://www.linode.com/docs/quick-answers/linux/start-service-at-boot/) to start linux based services if they are killed
-
-  > The `-p 80` flag is necessary in order to make the IDE accessible from the public IP of your instance (also available from the description in the instances page.
-
-  ---
-> NOTE: If you get stuck or need help, [file an issue](https://github.com/cdr/code-server/issues/new?&title=Improve+self-hosted+quickstart+guide), [tweet (@coderhq)](https://twitter.com/coderhq) or [email](mailto:support@coder.com?subject=Self-hosted%20quickstart%20guide).

doc/admin/install/digitalocean.md

@@ -1,49 +0,0 @@
-# Deploy on DigitalOcean
-
-This tutorial shows you how to deploy `code-server` to a single node running on DigitalOcean.
-
-If you're just starting out, we recommend [installing code-server locally](../../self-hosted/index.md). It takes only a few minutes and lets you try out all of the features.
-
----
-
-## Use the "Create Droplets" wizard
-
-[Open your DigitalOcean dashboard](https://cloud.digitalocean.com/droplets/new) to create a new droplet
-
-- **Choose an image -** Select the **Distributions** tab and then choose Ubuntu
-- **Choose a size -** We recommend at least 4GB RAM and 2 CPU, more depending on team size and number of repositories/languages enabled.
-- Launch your instance
-- Open a terminal on your computer and SSH into your instance
-  > example: ssh root@203.0.113.0
-- Once in the SSH session, visit code-server [releases page](https://github.com/cdr/code-server/releases/) and copy the link to the download for the latest linux release
-- Find the latest Linux release from this URL:
-  ```
-  https://github.com/cdr/code-server/releases/latest
-  ```
-- Replace {version} in the following command with the version found on the releases page and run it (or just copy the download URL from the releases page):
-  ```
-  wget https://github.com/cdr/code-server/releases/download/{version}/code-server-{version}-linux-x64.tar.gz
-  ```
-- Extract the downloaded tar.gz file with this command, for example:
-  ```
-  tar -xvzf code-server-{version}-linux-x64.tar.gz
-  ```
-- Navigate to extracted directory with this command:
-  ```
-  cd code-server-{version}-linux-x64
-  ```
-- If you run into any permission errors when attempting to run the binary:
-  ```
-  chmod +x code-server
-  ```
-  > To ensure the connection between you and your server is encrypted view our guide on [securing your setup](../../security/ssl.md)
-- Finally start the code-server
-  ```
-  sudo ./code-server -p 80
-  ```
-    > For instructions on how to keep the server running after you end your SSH session please checkout [how to use systemd](https://www.linode.com/docs/quick-answers/linux/start-service-at-boot/) to start linux based services if they are killed
-- When you visit the public IP for your Digital Ocean instance, you will be greeted with this page. Code-server is using a self-signed SSL certificate for easy setup. To proceed to the IDE, click **"Advanced"**<img src ="../../assets/chrome_warning.png">
-- Then click **"proceed anyway"**<img src="../../assets/chrome_confirm.png">
-
----
-> NOTE: If you get stuck or need help, [file an issue](https://github.com/cdr/code-server/issues/new?&title=Improve+self-hosted+quickstart+guide), [tweet (@coderhq)](https://twitter.com/coderhq) or [email](mailto:support@coder.com?subject=Self-hosted%20quickstart%20guide).

doc/admin/install/google_cloud.md

@@ -1,71 +0,0 @@
-# Deploy on Google Cloud
-
-This tutorial shows you how to deploy `code-server` to a single node running on Google Cloud.
-
-If you're just starting out, we recommend [installing code-server locally](../../self-hosted/index.md). It takes only a few minutes and lets you try out all of the features.
-
----
-
-## Deploy to Google Cloud VM
-> Pre-requisite: Please [set up Google Cloud SDK](https://cloud.google.com/sdk/docs/) on your local machine
-
-- [Open your Google Cloud console](https://console.cloud.google.com/compute/instances) to create a new VM instance and click **Create Instance**
-- Choose an appropriate machine type (we recommend 2 vCPU and 7.5 GB RAM, more depending on team size and number of repositories/languages enabled)
-- Choose Ubuntu 16.04 LTS as your boot disk
-- Check the boxes for **Allow HTTP traffic** and **Allow HTTPS traffic** in the **Firewall** section
-- Create your VM, and **take note** of its public IP address.
-- Copy the link to download the latest Linux binary from our [releases page](https://github.com/cdr/code-server/releases)
-
----
-
-## Final Steps
-
-- SSH into your Google Cloud VM
-```
-gcloud compute ssh --zone [region] [instance name]
-```
-
-- Find the latest Linux release from this URL:
-```
-https://github.com/cdr/code-server/releases/latest
-```
-
-- Replace {version} in the following command with the version found on the releases page and run it (or just copy the download URL from the releases page):
-```
-wget https://github.com/cdr/code-server/releases/download/{version}/code-server-{version}-linux-x64.tar.gz
-```
-
-- Extract the downloaded tar.gz file with this command, for example:
-```
-tar -xvzf code-server-{version}-linux-x64.tar.gz
-```
-
-- Navigate to extracted directory with this command:
-```
-cd code-server-{version}-linux-x64
-```
-
-- Make the binary executable if you run into any errors regarding permission:
-```
-chmod +x code-server
-```
-
-> To ensure the connection between you and your server is encrypted view our guide on [securing your setup](../security/ssl.md)
-
-- Start the code-server
-```
-sudo ./code-server -p 80
-```
-
-> For instructions on how to keep the server running after you end your SSH session please checkout [how to use systemd](https://www.linode.com/docs/quick-answers/linux/start-service-at-boot/) to start linux based services if they are killed
-
-- Access code-server from the public IP of your Google Cloud instance we noted earlier in your browser.
-> example: 32.32.32.234
-
-- You will be greeted with this page. Code-server is using a self-signed SSL certificate for easy setup. To proceed to the IDE, click **"Advanced"**<img src ="../../assets/chrome_warning.png">
-
-- Then click **"proceed anyway"**<img src="../../assets/chrome_confirm.png">
-
----
-
-> NOTE: If you get stuck or need help, [file an issue](https://github.com/cdr/code-server/issues/new?&title=Improve+self-hosted+quickstart+guide), [tweet (@coderhq)](https://twitter.com/coderhq) or [email](mailto:support@coder.com?subject=Self-hosted%20quickstart%20guide).

doc/security/ssl.md

@@ -1,53 +0,0 @@
-# Generate a self-signed certificate 🔒
-
-code-server has the ability to secure your connection between client and server using SSL/TSL certificates. By default, the server will start with an unencrypted connection. We recommend Self-signed TLS/SSL certificates for personal use of code-server or within an organization.
-
-This guide will show you how to create a self-signed certificate and start code-server using your certificate/key.
-
-## TLS / HTTPS
-
-You can specify any location that you want to save the certificate and key. In this example, we will navigate to the root directory, create a folder called `certs` and cd into it.
-
-```shell
-mkdir ~/certs && cd ~/certs
-```
-
-If you don't already have a TLS certificate and key, you can generate them with the command below. They will be placed in `~/certs`
-
-```shell
-openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout ~/certs/MyKey.key -out ~/certs/MyCertificate.crt
-```
-
-You will be prompted to add some identifying information about your organization
-```shell
-You are about to be asked to enter information that will be incorporated
-into your certificate request.
-What you are about to enter is what is called a Distinguished Name or a DN.
-There are quite a few fields but you can leave some blank
-For some fields there will be a default value,
-If you enter '.', the field will be left blank.
------
-Country Name (2 letter code) [AU]:US
-State or Province Name (full name) [Some-State]:TX
-Locality Name (eg, city) []:Austin
-Organization Name (eg, company) [Coder Technologies]:Coder
-Organizational Unit Name (eg, section) []:Docs
-Common Name (e.g. server FQDN or YOUR name) []:hostname.example.com
-Email Address []:admin@example.com
-```
->If you already have a TLS certificate and key, you can simply reference them in the `--cert` and `--cert-key` flags when launching code-server
-
-
-## Starting code-server with certificate and key
-
-1. At the end of the path to your binary, add the following flags followed by the path to your certificate and key like so. Then press enter to run code-server.
-   ```shell
-    ./code-server --cert=~/certs/MyCertificate.crt --cert-key=~/certs/MyKey.key
-   ```
-2. After that you will be running a secure code-server.
-
-> You will know your connection is secure if the lines `WARN  No certificate specified. This could be insecure. WARN  Documentation on securing your setup: https://coder.com/docs` no longer appear.
-
-## Other options
-
-For larger organizations you may wish to rely on a Certificate Authority as opposed to a self-signed certificate. For more information on generating free and open certificates for your site, please check out EFF's [certbot](https://certbot.eff.org/). Certbot is a cli to generate certificates using [LetsEncrypt](https://letsencrypt.org/).

doc/self-hosted/cros-install.md

@@ -1,53 +0,0 @@
-# Installng code-server in your ChromiumOS/ChromeOS/CloudReady machine
-
-This guide will show you how to install code-server into your CrOS machine.
-
-## Using Crostini
-
-One of the easier ways to run code-server is via [Crostini](https://www.aboutchromebooks.com/tag/project-crostini/), the Linux apps support feature in CrOS. Make sure you have enough RAM, HDD space and your CPU has VT-x/ AMD-V support. If your chromebook has this, then you are qualified to use Crostini.
-
-If you are running R69, you might want to enable this on [Chrome Flags](chrome://flags/#enable-experimental-crostini-ui). If you run R72, however, this is already enabled for you.
-
-After checking your prerequisites, follow the steps in [the self-host install guide](index.md) on installing code-server. Once done, make sure code-server works by running it. After running it, simply go to `penguin.linux.test:8443` to access code-server. Now you should be greeted with this screen. If you did, congratulations, you have installed code-server in your Chromebook!
-
-![code-server on Chromebook](../assets/cros.png)
-
-Alternatively, if you ran code-server in another container and you need the IP for that specific container, simply go to Termina's shell via `crosh` and type `vsh termina`.
-
-```bash
-Loading extra module: /usr/share/crosh/dev.d/50-crosh.sh
-Welcome to crosh, the Chrome OS developer shell.
-
-If you got here by mistake, don't panic!  Just close this tab and carry on.
-
-Type 'help' for a list of commands.
-
-If you want to customize the look/behavior, you can use the options page.
-Load it by using the Ctrl+Shift+P keyboard shortcut.
-
-crosh> vsh termina
-(termina) chronos@localhost ~ $
-```
-While in termina, run `lxc list`. It should output the list of running containers.
-
-```bash
-(termina) chronos@localhost ~ $ lxc list
-+---------+---------+-----------------------+------+------------+-----------+
-|  NAME   |  STATE  |         IPV4          | IPV6 |    TYPE    | SNAPSHOTS |
-+---------+---------+-----------------------+------+------------+-----------+
-| penguin | RUNNING | 100.115.92.199 (eth0) |      | PERSISTENT | 0         |
-+---------+---------+-----------------------+------+------------+-----------+
-(termina) chronos@localhost ~ $ 
-```
-
-For this example, we show the default `penguin` container, which is exposed on `eth0` at 100.115.92.199. Simply enter the IP of the container where the code-server runs to Chrome.
-
-## Using Crouton
-
-[Crouton](https://github.com/dnschneid/crouton) is one of the old ways to get a running full Linux via `chroot` on a Chromebook. To use crouton, enable developer mode and go to `crosh`. This time, run `shell`, which should drop you to `bash`.
-
-Make sure you downloaded `crouton`, if so, go ahead and run it under `~/Downloads`. After installing your chroot container via crouton, go ahead and enter `enter-chroot` to enter your container.
-
-Follow the instructions set in [the self-host install guide](index.md) to install code-server. After that is done, run `code-server` and verify it works by going to `localhost:8443`.
-
-> At this point in writing, `localhost` seems to work in this method. However, the author is not sure if it applies still to newer Chromebooks.