v3.7.2

Update VS Code to 1.51.1

.dockerignore

@@ -1,12 +1,3 @@
-Dockerfile
-build
-deployment
-doc
-.github
-.gitignore
-.node-version
-.travis.yml
-LICENSE
-README.md
-node_modules
-release
+**
+!release-packages
+!ci

.editorconfig

@@ -0,0 +1,6 @@
+root = true
+
+[*]
+indent_style = space
+trim_trailing_whitespace = true
+indent_size = 2

.eslintrc.yaml

@@ -0,0 +1,44 @@
+parser: "@typescript-eslint/parser"
+env:
+  browser: true
+  es6: true # Map, etc.
+  mocha: true
+  node: true
+
+parserOptions:
+  ecmaVersion: 2018
+  sourceType: module
+
+extends:
+  - eslint:recommended
+  - plugin:@typescript-eslint/recommended
+  - plugin:import/recommended
+  - plugin:import/typescript
+  - plugin:prettier/recommended
+  - prettier # Removes eslint rules that conflict with prettier.
+  - prettier/@typescript-eslint # Remove conflicts again.
+
+rules:
+  # Sometimes you need to add args to implement a function signature even
+  # if they are unused.
+  "@typescript-eslint/no-unused-vars": ["error", { "args": "none" }]
+  # For overloads.
+  no-dupe-class-members: off
+  "@typescript-eslint/no-use-before-define": off
+  "@typescript-eslint/no-non-null-assertion": off
+  "@typescript-eslint/ban-types": off
+  "@typescript-eslint/no-var-requires": off
+  "@typescript-eslint/explicit-module-boundary-types": off
+  "@typescript-eslint/no-explicit-any": off
+  eqeqeq: error
+  import/order:
+    [error, { alphabetize: { order: "asc" }, groups: [["builtin", "external", "internal"], "parent", "sibling"] }]
+  no-async-promise-executor: off
+  # This isn't a real module, just types, which apparently doesn't resolve.
+  import/no-unresolved: [error, { ignore: ["express-serve-static-core"] }]
+
+settings:
+  # Does not work with CommonJS unfortunately.
+  import/ignore:
+    - env-paths
+    - xdg-basedir

.github/CODEOWNERS

@@ -1,2 +1,3 @@
-* @code-asher @kylecarbs
-Dockerfile @nhooyr
+* @code-asher @nhooyr
+
+ci/helm-chart @Matthew-Beckett @alexgorbatchev

.github/ISSUE_TEMPLATE/bug-report.md

@@ -0,0 +1,28 @@
+---
+name: Bug report
+about: Report a bug and help us improve
+title: ""
+labels: ""
+assignees: ""
+---
+
+<!--
+Please see https://github.com/cdr/code-server/blob/master/doc/FAQ.md#how-do-i-debug-issues-with-code-server
+and include any logging information relevant to the issue.
+
+Please search for existing issues before filing.
+
+If you can reproduce the issue on vanilla VS Code,
+please file the issue at the VS Code repository instead.
+
+Provide screenshots if applicable.
+
+Please fill in the issue template and try to be as detailed
+and clear as possible!
+-->
+
+- Web Browser:
+- Local OS:
+- Remote OS:
+- Remote Architecture:
+- `code-server --version`:

.github/ISSUE_TEMPLATE/bug_report.md

@@ -1,22 +0,0 @@
----
-name: Bug Report
-about: Report problems and unexpected behavior.
-title: ''
-labels: 'bug'
-assignees: ''
----
-
-<!-- Please search existing issues to avoid creating duplicates. -->
-<!-- All extension-specific issues should be created with the `Extension Bug` template. -->
-
-- `code-server` version: <!-- The version of code-server -->
-- OS Version: <!-- OS version, cloud provider,  -->
-
-## Description
-
-<!-- Describes the problem here -->
-
-## Steps to Reproduce
-
-1. <!-- step 1: click ... -->
-1. <!-- step 2: ... -->

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,8 @@
+blank_issues_enabled: false
+contact_links:
+  - name: Question
+    url: https://github.com/cdr/code-server/discussions/new?category_id=22503114
+    about: Ask the community for help on our GitHub Discussions board
+  - name: Chat
+    about: Need immediate help or just want to talk? Hop in our Slack
+    url: https://cdr.co/join-community

.github/ISSUE_TEMPLATE/doc.md

@@ -0,0 +1,7 @@
+---
+name: Documentation improvement
+about: Suggest a documentation improvement
+title: ""
+labels: "docs"
+assignees: ""
+---

.github/ISSUE_TEMPLATE/extension-request.md

@@ -0,0 +1,18 @@
+---
+name: Extension request
+about: Request an extension missing from the code-server marketplace
+title: ""
+labels: extension-request
+assignees: cmoog
+---
+
+<!--
+Details on the code-server extension marketplace are at
+
+https://github.com/cdr/code-server/blob/master/doc/FAQ.md#whats-the-deal-with-extensions
+
+Please fill in the issue template!
+-->
+
+- [ ] Extension name:
+- [ ] Extension GitHub or homepage:

.github/ISSUE_TEMPLATE/extension_bug.md

@@ -1,22 +0,0 @@
----
-name: Extension Bug
-about: Report problems and unexpected behavior with extensions.
-title: ''
-labels: 'extension-specific'
-assignees: ''
----
-
-<!-- Please search existing issues to avoid creating duplicates. -->
-
-- `code-server` version: <!-- The version of code-server -->
-- OS Version: <!-- OS version, cloud provider,  -->
-- Extension: <!-- Link to extension -->
-
-## Description
-
-<!-- Describes the problem here -->
-
-## Steps to Reproduce
-
-1. <!-- step 1: click ... -->
-1. <!-- step 2: ... -->

.github/ISSUE_TEMPLATE/feature-request.md

@@ -0,0 +1,13 @@
+---
+name: Feature request
+about: Suggest an idea
+title: ""
+labels: feature
+assignees: ""
+---
+
+<!--
+Please search for existing issues before filing.
+
+Please describe the feature as clearly as possible!
+-->

.github/ISSUE_TEMPLATE/feature_request.md

@@ -1,11 +0,0 @@
----
-name: Feature Request
-about: Suggest an idea for this project.
-title: ''
-labels: 'feature'
-assignees: ''
----
-
-<!-- Please search existing issues to avoid creating duplicates. -->
-
-<!-- Describe the feature you'd like. -->

.github/ISSUE_TEMPLATE/question.md

@@ -1,17 +0,0 @@
----
-name: Question
-about: Ask a question.
-title: ''
-labels: 'question'
-assignees: ''
----
-
-<!-- Please search existing issues to avoid creating duplicates. -->
-
-## Description
-
-<!-- A description of the the question. -->
-
-## Related Issues
-
-<!-- Any issues related to your question. -->

.github/lock.yml

@@ -0,0 +1,37 @@
+# Configuration for Lock Threads - https://github.com/dessant/lock-threads-app
+
+# Number of days of inactivity before a closed issue or pull request is locked
+daysUntilLock: 90
+
+# Skip issues and pull requests created before a given timestamp. Timestamp must
+# follow ISO 8601 (`YYYY-MM-DD`). Set to `false` to disable
+skipCreatedBefore: false
+
+# Issues and pull requests with these labels will be ignored. Set to `[]` to disable
+exemptLabels: []
+
+# Label to add before locking, such as `outdated`. Set to `false` to disable
+lockLabel: false
+
+# Comment to post before locking. Set to `false` to disable
+lockComment: >
+  This thread has been automatically locked since there has not been
+  any recent activity after it was closed. Please open a new issue for
+  related bugs.
+
+# Assign `resolved` as the reason for locking. Set to `false` to disable
+setLockReason: true
+# Limit to only `issues` or `pulls`
+# only: issues
+
+# Optionally, specify configuration settings just for `issues` or `pulls`
+# issues:
+#   exemptLabels:
+#     - help-wanted
+#   lockLabel: outdated
+
+# pulls:
+#   daysUntilLock: 30
+
+# Repository to extend settings from
+# _extends: repo

.github/pull_request_template.md

@@ -1,6 +1,6 @@
-<!-- Please answer these questions before submitting your PR. Thanks! -->
-
-### Describe in detail the problem you had and how this PR fixes it
-
-### Is there an open issue you can link to?
+<!--
+Please link to the issue this PR solves.
+If there is no existing issue, please first create one unless the fix is minor.
 
+Please make sure the base of your PR is the master branch!
+-->

.github/workflows/ci.yaml

@@ -0,0 +1,146 @@
+name: ci
+
+on: [push]
+
+jobs:
+  fmt:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - name: Run ./ci/steps/fmt.sh
+        uses: ./ci/images/debian10
+        with:
+          args: ./ci/steps/fmt.sh
+
+  lint:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - name: Run ./ci/steps/lint.sh
+        uses: ./ci/images/debian10
+        with:
+          args: ./ci/steps/lint.sh
+
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - name: Run ./ci/steps/test.sh
+        uses: ./ci/images/debian10
+        with:
+          args: ./ci/steps/test.sh
+
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - name: Run ./ci/steps/release.sh
+        uses: ./ci/images/debian10
+        with:
+          args: ./ci/steps/release.sh
+      - name: Upload npm package artifact
+        uses: actions/upload-artifact@v2
+        with:
+          name: npm-package
+          path: ./release-npm-package
+
+  linux-amd64:
+    needs: release
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - name: Download npm package
+        uses: actions/download-artifact@v2
+        with:
+          name: npm-package
+          path: ./release-npm-package
+      - name: Run ./ci/steps/release-packages.sh
+        uses: ./ci/images/centos7
+        with:
+          args: ./ci/steps/release-packages.sh
+      - name: Upload release artifacts
+        uses: actions/upload-artifact@v2
+        with:
+          name: release-packages
+          path: ./release-packages
+
+  linux-arm64:
+    needs: release
+    runs-on: ubuntu-arm64-latest
+    steps:
+      - uses: actions/checkout@v1
+      - name: Download npm package
+        uses: actions/download-artifact@v2
+        with:
+          name: npm-package
+          path: ./release-npm-package
+      - name: Run ./ci/steps/release-packages.sh
+        uses: ./ci/images/centos7
+        with:
+          args: ./ci/steps/release-packages.sh
+      - name: Upload release artifacts
+        uses: actions/upload-artifact@v2
+        with:
+          name: release-packages
+          path: ./release-packages
+
+  macos-amd64:
+    needs: release
+    runs-on: macos-latest
+    steps:
+      - uses: actions/checkout@v1
+      - name: Download npm package
+        uses: actions/download-artifact@v2
+        with:
+          name: npm-package
+          path: ./release-npm-package
+      - run: ./ci/steps/release-packages.sh
+        env:
+          # Otherwise we get rate limited when fetching the ripgrep binary.
+          # For whatever reason only MacOS needs it.
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - name: Upload release artifacts
+        uses: actions/upload-artifact@v2
+        with:
+          name: release-packages
+          path: ./release-packages
+
+  docker-amd64:
+    runs-on: ubuntu-latest
+    needs: linux-amd64
+    steps:
+      - uses: actions/checkout@v1
+      - name: Download release package
+        uses: actions/download-artifact@v2
+        with:
+          name: release-packages
+          path: ./release-packages
+      - name: Run ./ci/steps/build-docker-image.sh
+        uses: ./ci/images/debian10
+        with:
+          args: ./ci/steps/build-docker-image.sh
+      - name: Upload release image
+        uses: actions/upload-artifact@v2
+        with:
+          name: release-images
+          path: ./release-images
+
+  docker-arm64:
+    runs-on: ubuntu-arm64-latest
+    needs: linux-arm64
+    steps:
+      - uses: actions/checkout@v1
+      - name: Download release package
+        uses: actions/download-artifact@v2
+        with:
+          name: release-packages
+          path: ./release-packages
+      - name: Run ./ci/steps/build-docker-image.sh
+        uses: ./ci/images/centos7
+        with:
+          args: ./ci/steps/build-docker-image.sh
+      - name: Upload release image
+        uses: actions/upload-artifact@v2
+        with:
+          name: release-images
+          path: ./release-images

.github/workflows/publish.yaml

@@ -0,0 +1,31 @@
+name: publish
+
+on:
+  release:
+    types: [published]
+
+jobs:
+  npm:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - name: Run ./ci/steps/publish-npm.sh
+        uses: ./ci/images/debian10
+        with:
+          args: ./ci/steps/publish-npm.sh
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+
+  docker:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v1
+      - name: Run ./ci/steps/push-docker-manifest.sh
+        uses: ./ci/images/debian10
+        with:
+          args: ./ci/steps/push-docker-manifest.sh
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
+          DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}

.gitignore

@@ -1,3 +1,15 @@
+.tsbuildinfo
+.cache
+dist*
+out*
+release/
+release-npm-package/
+release-standalone/
+release-packages/
+release-gcp/
+release-images/
 node_modules
-build
-release
+node-*
+/plugins
+/lib/coder-cloud-agent
+.home

.gitmodules

@@ -0,0 +1,4 @@
+[submodule "lib/vscode"]
+	path = lib/vscode
+	url = https://github.com/microsoft/vscode
+	ignore = dirty

.ignore

@@ -0,0 +1 @@
+lib

.node-version

@@ -1 +0,0 @@
-10.16.0

.npmrc

@@ -1 +0,0 @@
-scripts-prepend-node-path=true

.prettierrc.yaml

@@ -0,0 +1,4 @@
+printWidth: 120
+semi: false
+trailingComma: all
+arrowParens: always

.stylelintrc.yaml

@@ -0,0 +1,2 @@
+extends:
+  - stylelint-config-recommended

.travis.yml

@@ -1,49 +0,0 @@
-language: node_js
-node_js:
-- 10.16.0
-services:
-- docker
-matrix:
-  include:
-  - os: linux
-    dist: trusty
-    env:
-      - VSCODE_VERSION="1.38.1" MAJOR_VERSION="2" VERSION="$MAJOR_VERSION.$TRAVIS_BUILD_NUMBER" TARGET="linux"
-  - os: linux
-    dist: trusty
-    env:
-      - VSCODE_VERSION="1.38.1" MAJOR_VERSION="2" VERSION="$MAJOR_VERSION.$TRAVIS_BUILD_NUMBER" TARGET="alpine"
-  - os: osx
-    env:
-      - VSCODE_VERSION="1.38.1" MAJOR_VERSION="2" VERSION="$MAJOR_VERSION.$TRAVIS_BUILD_NUMBER"
-before_install:
-- if [[ "$TRAVIS_BRANCH" == "master" ]]; then export MINIFY="true"; fi
-- if [[ "$TRAVIS_BRANCH" == "master" ]]; then export PACKAGE="true"; fi
-script:
-- travis_wait 30 scripts/ci.bash
-before_deploy:
-- echo "$VERSION-vsc$VSCODE_VERSION" "$TRAVIS_COMMIT"
-- git config --local user.name "$USER_NAME"
-- git config --local user.email "$USER_EMAIL"
-- git tag "$VERSION-vsc$VSCODE_VERSION" "$TRAVIS_COMMIT"
-deploy:
-  provider: releases
-  file_glob: true
-  draft: true
-  tag_name: "$VERSION-vsc$VSCODE_VERSION"
-  target_commitish: "$TRAVIS_COMMIT"
-  name: "$VERSION-vsc$VSCODE_VERSION"
-  skip_cleanup: true
-  api_key:
-    secure: YL/x24KjYjgYXPcJWk3FV7FGxI79Mh6gBECQEcdlf3fkLEoKFVgzHBoUNWrFPzyR4tgLyWNAgcpD9Lkme1TRWTom7UPjXcwMNyLcLa+uec7ciSAnYD9ntLTpiCuPDD1u0LtRGclSi/EHQ+F8YVq+HZJpXTsJeAmOmihma3GVbGKSZr+BRum+0YZSG4w+o4TOlYzw/4bLWS52MogZcwpjd+hemBbgXLuGU2ziKv2vEKCZFbEeA16II4x1WLI4mutDdCeh7+3aLzGLwDa49NxtsVYNjyNFF75JhCTCNA55e2YMiLz9Uq69IXe/mi5F7xUaFfhIqqLNyKBnKeEOzu3dYnc+8n3LjnQ+00PmkF05nx9kBn3UfV1kwQGh6QbyDmTtBP07rtUMyI14aeQqHjxsaVRdMnwj9Q2DjXRr8UDqESZF0rmK3pHCXS2fBhIzLE8tLVW5Heiba2pQRFMHMZW+KBE97FzcFh7is90Ait3T8enfcd/PWFPYoBejDAdjwxwOkezh5N5ZkYquEfDYuWrFi6zRFCktsruaAcA+xGtTf9oilBBzUqu8Ie+YFWH5me83xakcblJWdaW/D2rLJAJH3m6LFm8lBqyUgDX5t/etob6CpDuYHu5D1J3XINOj/+aLAcadq6qlh70PMZS3zYffUu3JlzaD2amlSHIT8b5YXFc=
-  file:
-    - release/*.tar.gz
-    - release/*.zip
-  on:
-    repo: cdr/code-server
-    branch: master
-cache:
-  yarn: true
-  timeout: 1000
-  directories:
-  - .cache

Dockerfile

@@ -1,59 +0,0 @@
-FROM node:10.16.0
-ARG codeServerVersion=docker
-ARG vscodeVersion
-
-# Install VS Code's deps. These are the only two it seems we need.
-RUN apt-get update && apt-get install -y \
-	libxkbfile-dev \
-	libsecret-1-dev
-
-# Ensure latest yarn.
-RUN npm install -g yarn@1.13
-
-WORKDIR /src
-COPY . .
-
-RUN yarn \
-	&& MINIFY=true yarn build "${vscodeVersion}" "${codeServerVersion}" \
-	&& yarn binary "${vscodeVersion}" "${codeServerVersion}" \
-	&& mv "/src/build/code-server${codeServerVersion}-vsc${vscodeVersion}-linux-x86_64-built/code-server${codeServerVersion}-vsc${vscodeVersion}-linux-x86_64" /src/build/code-server \
-	&& rm -r /src/build/vscode-* \
-	&& rm -r /src/build/code-server*-linux-*
-
-# We deploy with ubuntu so that devs have a familiar environment.
-FROM ubuntu:18.04
-
-RUN apt-get update && apt-get install -y \
-	openssl \
-	net-tools \
-	git \
-	locales \
-	sudo \
-	dumb-init \
-	vim \
-	curl \
-	wget
-
-RUN locale-gen en_US.UTF-8
-# We cannot use update-locale because docker will not use the env variables
-# configured in /etc/default/locale so we need to set it manually.
-ENV LC_ALL=en_US.UTF-8
-
-RUN adduser --gecos '' --disabled-password coder && \
-	echo "coder ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers.d/nopasswd
-
-USER coder
-# We create first instead of just using WORKDIR as when WORKDIR creates, the
-# user is root.
-RUN mkdir -p /home/coder/project
-
-WORKDIR /home/coder/project
-
-# This ensures we have a volume mounted even if the user forgot to do bind
-# mount. So that they do not lose their data if they delete the container.
-VOLUME [ "/home/coder/project" ]
-
-COPY --from=0 /src/build/code-server /usr/local/bin/code-server
-EXPOSE 8080
-
-ENTRYPOINT ["dumb-init", "code-server", "--host", "0.0.0.0"]

README.md

@@ -1,134 +1,70 @@
-# code-server · [![MIT license](https://img.shields.io/badge/license-MIT-blue.svg)](https://github.com/cdr/code-server/blob/master/LICENSE) [!["Latest Release"](https://img.shields.io/github/release/cdr/code-server.svg)](https://github.com/cdr/code-server/releases/latest) [![Build Status](https://img.shields.io/travis/com/cdr/code-server/master)](https://github.com/cdr/code-server)
+# code-server · [!["GitHub Discussions"](https://img.shields.io/badge/%20GitHub-%20Discussions-gray.svg?longCache=true&logo=github&colorB=purple)](https://github.com/cdr/code-server/discussions) [!["Join us on Slack"](https://img.shields.io/badge/join-us%20on%20slack-gray.svg?longCache=true&logo=slack&colorB=brightgreen)](https://cdr.co/join-community) [![Twitter Follow](https://img.shields.io/twitter/follow/CoderHQ?label=%40CoderHQ&style=social)](https://twitter.com/coderhq)
 
-`code-server` is [VS Code](https://github.com/Microsoft/vscode) running on a
-remote server, accessible through the browser.
+Run [VS Code](https://github.com/Microsoft/vscode) on any machine anywhere and access it in the browser.
 
-Try it out:
-```bash
-docker run -it -p 127.0.0.1:8080:8080 -v "${HOME}/.local/share/code-server:/home/coder/.local/share/code-server" -v "$PWD:/home/coder/project" codercom/code-server
-```
+![Screenshot](./doc/assets/screenshot.png)
 
-- **Consistent environment:** Code on your Chromebook, tablet, and laptop with a
-  consistent dev environment. develop more easily for Linux if you have a
-  Windows or Mac, and pick up where you left off when switching workstations.
-- **Server-powered:** Take advantage of large cloud servers to speed up tests,
-  compilations, downloads, and more. Preserve battery life when you're on the go
-  since all intensive computation runs on your server.
+## Highlights
 
-![Screenshot](/doc/assets/ide.gif)
+- Code on any device with a consistent development environment
+- Use cloud servers to speed up tests, compilations, downloads, and more
+- Preserve battery life when you're on the go; all intensive tasks run on your server
 
 ## Getting Started
-### Run over SSH
-Use [sshcode](https://github.com/codercom/sshcode) for a simple setup.
 
-### Docker
-See the Docker one-liner mentioned above. Dockerfile is at [/Dockerfile](/Dockerfile).
+There are two ways to get started:
 
-To debug Golang using the
-[ms-vscode-go extension](https://marketplace.visualstudio.com/items?itemName=ms-vscode.Go),
-you need to add `--security-opt seccomp=unconfined` to your `docker run`
-arguments when launching code-server with Docker. See
-[#725](https://github.com/cdr/code-server/issues/725) for details.
+1. Using the [install script](./install.sh), which automates most of the process. The script uses the system package manager (if possible)
+2. Manually installing code-server; see [Installation](./doc/install.md) for instructions applicable to most use cases
 
-### Digital Ocean
-[![Create a Droplet](./doc/assets/droplet.svg)](https://marketplace.digitalocean.com/apps/code-server?action=deploy)
+If you choose to use the install script, you can preview what occurs during the install process:
 
-### Binaries
-1. [Download a binary](https://github.com/cdr/code-server/releases). (Linux and
-    OS X supported. Windows coming soon)
-2. Unpack the downloaded file then run the binary.
-3. In your browser navigate to `localhost:8080`.
-
-- For self-hosting and other information see [doc/quickstart.md](doc/quickstart.md).
-- For hosting on cloud platforms see [doc/deploy.md](doc/deploy.md).
-
-### Build
-- If you also plan on developing, set the `OUT` environment variable. Otherwise
-  it will build in this directory which will cause issues because `yarn watch`
-  will try to compile the build directory as well.
-- Run `yarn build ${vscodeVersion} ${codeServerVersion}` in this directory (for
-  example: `yarn build 1.36.0 development`).
-- If you target the same VS Code version our Travis builds do everything will
-  work but if you target some other version it might not (we have to do some
-  patching to VS Code so different versions aren't always compatible).
-- You can run the built code with `node path/to/build/out/vs/server/main.js` or run
-  `yarn binary` with the same arguments in the previous step to package the
-  code into a single binary.
-
-## Known Issues
-- Creating custom VS Code extensions and debugging them doesn't work.
-- Extension profiling and tips are currently disabled.
-
-## Future
-- **Stay up to date!** Get notified about new releases of code-server.
-  ![Screenshot](/doc/assets/release.gif)
-- Windows support.
-- Electron and Chrome OS applications to bridge the gap between local<->remote.
-- Run VS Code unit tests against our builds to ensure features work as expected.
-
-## Extensions
-At the moment we can't use the official VS Code Marketplace. We've created a
-custom extension marketplace focused around open-sourced extensions. However,
-you can manually download the extension to your extensions directory. It's also
-possible to set your own marketplace URLs by setting the `SERVICE_URL` and
-`ITEM_URL` environment variables.
-
-## Telemetry
-Use the `--disable-telemetry` flag to completely disable telemetry. We use the
-data collected to improve code-server.
-
-## Contributing
-### Development
-```shell
-git clone https://github.com/microsoft/vscode
-cd vscode
-git checkout <see travis.yml for the VS Code version to use here>
-git clone https://github.com/cdr/code-server src/vs/server
-cd src/vs/server
-yarn patch:apply
-yarn
-yarn watch
-# Wait for the initial compilation to complete (it will say "Finished compilation").
-# Run the next command in another shell.
-yarn start
-# Visit http://localhost:8080
+```bash
+curl -fsSL https://code-server.dev/install.sh | sh -s -- --dry-run
 ```
 
-If you run into issues about a different version of Node being used, try running
-`npm rebuild` in the VS Code directory and ignore the error at the end from
-`vscode-ripgrep`.
+To install, run:
 
-### Upgrading VS Code
-We patch VS Code to provide and fix some functionality. As the web portion of VS
-Code matures, we'll be able to shrink and maybe even entirely eliminate our
-patch. In the meantime, however, upgrading the VS Code version requires ensuring
-that the patch still applies and has the intended effects.
+```bash
+curl -fsSL https://code-server.dev/install.sh | sh
+```
 
-To generate a new patch, **stage all the changes** you want to be included in
-the patch in the VS Code source, then run `yarn patch:generate` in this
-directory.
+When done, the install script prints out instructions for running and starting code-server.
 
-Our changes include:
-- Change the remote schema to `code-server`.
-- Allow multiple extension directories (both user and built-in).
-- Modify the loader, websocket, webview, service worker, and asset requests to
-  use the URL of the page as a base (and TLS if necessary for the websocket).
-- Send client-side telemetry through the server and get the initial log level
-  from the server.
-- Add an upload service for use in editor windows and the explorer along with a
-  file prefix to ignore for temporary files created during upload.
-- Make changing the display language work.
-- Make hiding or toggling the menu bar possible.
-- Make it possible for us to load code on the client.
-- Modify the build process to include our code.
+We also have an in-depth [setup and configuration](./doc/guide.md) guide.
 
-## License
-[MIT](LICENSE)
+### Alpha Program 🐣
 
-## Enterprise
-Visit [our enterprise page](https://coder.com/enterprise) for more information
-about our enterprise offering.
+We're working on a cloud platform that makes deploying and managing code-server easier.
+Consider updating to the latest version and running code-server with our experimental flag `--link` if you don't want to worry about
 
-## Commercialization
-If you would like to commercialize code-server, please contact
-contact@coder.com.
+- TLS
+- Authentication
+- Port Forwarding
+
+```bash
+$ code-server --link
+Proxying code-server to Coder Cloud, you can access your IDE at https://valmar-jon.cdr.co
+```
+
+## FAQ
+
+See [./doc/FAQ.md](./doc/FAQ.md).
+
+## Want to help?
+
+See [CONTRIBUTING](./doc/CONTRIBUTING.md) for details.
+
+## Hiring
+
+We ([@cdr](https://github.com/cdr)) are looking for engineers to help [maintain
+code-server](https://jobs.lever.co/coder/e40becde-2cbd-4885-9029-e5c7b0a734b8), innovate on open source, and streamline dev workflows.
+
+Our main office is in Austin, Texas. Remote is ok as long as
+you're in North America or Europe.
+
+Please get in [touch](mailto:jobs@coder.com) with your resume/GitHub if interested.
+
+## For Organizations
+
+Visit [our website](https://coder.com) for more information about remote development for your organization or enterprise.

ThirdPartyNotices.txt

@@ -0,0 +1,22 @@
+code-server
+
+THIRD-PARTY SOFTWARE NOTICES AND INFORMATION
+Do Not Translate or Localize
+
+1.	Microsoft/vscode version 1.47.0 (https://github.com/Microsoft/vscode)
+
+%% Microsoft/vscode NOTICES AND INFORMATION BEGIN HERE
+=========================================
+MIT License 
+
+
+Copyright (c) 2015 - present Microsoft Corporation 
+
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: 
+
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. 
+
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.  

ci/README.md

@@ -0,0 +1,148 @@
+# ci
+
+This directory contains scripts used for code-server's continuous integration infrastructure.
+
+Some of these scripts contain more detailed documentation and options
+in header comments.
+
+Any file or directory in this subdirectory should be documented here.
+
+- [./ci/lib.sh](./lib.sh)
+  - Contains code duplicated across these scripts.
+
+## Publishing a release
+
+Make sure you have `$GITHUB_TOKEN` set and [hub](https://github.com/github/hub) installed.
+
+1. Update the version of code-server and make a PR.
+   1. Update in `package.json`
+   2. Update in [./doc/install.md](../doc/install.md)
+   3. Update in [./ci/helm-chart/README.md](../ci/helm-chart/README.md)
+      - Remember to update the chart version as well on top of appVersion in `Chart.yaml`.
+2. GitHub actions will generate the `npm-package`, `release-packages` and `release-images` artifacts.
+   1. You do not have to wait for these.
+3. Run `yarn release:github-draft` to create a GitHub draft release from the template with
+   the updated version.
+   1. Summarize the major changes in the release notes and link to the relevant issues.
+4. Wait for the artifacts in step 2 to build.
+5. Run `yarn release:github-assets` to download the `release-packages` artifact.
+   - It will upload them to the draft release.
+6. Run some basic sanity tests on one of the released packages.
+   - Especially make sure the terminal works fine.
+7. Make sure the github release tag is the commit with the artifacts. This is a bug in
+   `hub` where uploading assets in step 5 will break the tag.
+8. Publish the release and merge the PR.
+   1. CI will automatically grab the artifacts and then:
+      1. Publish the NPM package from `npm-package`.
+      2. Publish the Docker Hub image from `release-images`.
+9. Update the AUR package.
+   - Instructions on updating the AUR package are at [cdr/code-server-aur](https://github.com/cdr/code-server-aur).
+10. Wait for the npm package to be published.
+11. Update the homebrew package.
+    - Send a pull request to [homebrew-core](https://github.com/Homebrew/homebrew-core) with the URL in the [formula](https://github.com/Homebrew/homebrew-core/blob/master/Formula/code-server.rb) updated.
+
+## dev
+
+This directory contains scripts used for the development of code-server.
+
+- [./ci/dev/image](./dev/image)
+  - See [./doc/CONTRIBUTING.md](../doc/CONTRIBUTING.md) for docs on the development container.
+- [./ci/dev/fmt.sh](./dev/fmt.sh) (`yarn fmt`)
+  - Runs formatters.
+- [./ci/dev/lint.sh](./dev/lint.sh) (`yarn lint`)
+  - Runs linters.
+- [./ci/dev/test.sh](./dev/test.sh) (`yarn test`)
+  - Runs tests.
+- [./ci/dev/ci.sh](./dev/ci.sh) (`yarn ci`)
+  - Runs `yarn fmt`, `yarn lint` and `yarn test`.
+- [./ci/dev/vscode.sh](./dev/vscode.sh) (`yarn vscode`)
+  - Ensures [./lib/vscode](../lib/vscode) is cloned, patched and dependencies are installed.
+- [./ci/dev/patch-vscode.sh](./dev/patch-vscode.sh) (`yarn vscode:patch`)
+  - Applies [./ci/dev/vscode.patch](./dev/vscode.patch) to [./lib/vscode](../lib/vscode).
+- [./ci/dev/diff-vscode.sh](./dev/diff-vscode.sh) (`yarn vscode:diff`)
+  - Diffs [./lib/vscode](../lib/vscode) into [./ci/dev/vscode.patch](./dev/vscode.patch).
+- [./ci/dev/vscode.patch](./dev/vscode.patch)
+  - Our patch of VS Code, see [./doc/CONTRIBUTING.md](../doc/CONTRIBUTING.md#vs-code-patch).
+  - Generate it with `yarn vscode:diff` and apply with `yarn vscode:patch`.
+- [./ci/dev/watch.ts](./dev/watch.ts) (`yarn watch`)
+  - Starts a process to build and launch code-server and restart on any code changes.
+  - Example usage in [./doc/CONTRIBUTING.md](../doc/CONTRIBUTING.md).
+
+## build
+
+This directory contains the scripts used to build and release code-server.
+You can disable minification by setting `MINIFY=`.
+
+- [./ci/build/build-code-server.sh](./build/build-code-server.sh) (`yarn build`)
+  - Builds code-server into `./out` and bundles the frontend into `./dist`.
+- [./ci/build/build-vscode.sh](./build/build-vscode.sh) (`yarn build:vscode`)
+  - Builds vscode into `./lib/vscode/out-vscode`.
+- [./ci/build/build-release.sh](./build/build-release.sh) (`yarn release`)
+  - Bundles the output of the above two scripts into a single node module at `./release`.
+- [./ci/build/build-standalone-release.sh](./build/build-standalone-release.sh) (`yarn release:standalone`)
+  - Requires a node module already built into `./release` with the above script.
+  - Will build a standalone release with node and node_modules bundled into `./release-standalone`.
+- [./ci/build/clean.sh](./build/clean.sh) (`yarn clean`)
+  - Removes all build artifacts.
+  - Will also `git reset --hard lib/vscode`.
+  - Useful to do a clean build.
+- [./ci/build/code-server.sh](./build/code-server.sh)
+  - Copied into standalone releases to run code-server with the bundled node binary.
+- [./ci/build/test-standalone-release.sh](./build/test-standalone-release.sh) (`yarn test:standalone-release`)
+  - Ensures code-server in the `./release-standalone` directory works by installing an extension.
+- [./ci/build/build-packages.sh](./build/build-packages.sh) (`yarn package`)
+  - Packages `./release-standalone` into a `.tar.gz` archive in `./release-packages`.
+  - If on linux, [nfpm](https://github.com/goreleaser/nfpm) is used to generate `.deb` and `.rpm`.
+- [./ci/build/nfpm.yaml](./build/nfpm.yaml)
+  - Used to configure [nfpm](https://github.com/goreleaser/nfpm) to generate `.deb` and `.rpm`.
+- [./ci/build/code-server-nfpm.sh](./build/code-server-nfpm.sh)
+  - Entrypoint script for code-server for `.deb` and `.rpm`.
+- [./ci/build/code-server.service](./build/code-server.service)
+  - systemd user service packaged into the `.deb` and `.rpm`.
+- [./ci/build/release-github-draft.sh](./build/release-github-draft.sh) (`yarn release:github-draft`)
+  - Uses [hub](https://github.com/github/hub) to create a draft release with a template description.
+- [./ci/build/release-github-assets.sh](./build/release-github-assets.sh) (`yarn release:github-assets`)
+  - Downloads the release-package artifacts for the current commit from CI.
+  - Uses [hub](https://github.com/github/hub) to upload the artifacts to the release
+    specified in `package.json`.
+- [./ci/build/npm-postinstall.sh](./build/npm-postinstall.sh)
+  - Post install script for the npm package.
+  - Bundled by`yarn release`.
+
+## release-image
+
+This directory contains the release docker container image.
+
+- [./release-image/build.sh](./release-image/build.sh)
+  - Builds the release container with the tag `codercom/code-server-$ARCH:$VERSION`.
+  - Assumes debian releases are ready in `./release-packages`.
+
+## images
+
+This directory contains the images for CI.
+
+## steps
+
+This directory contains the scripts used in CI.
+Helps avoid clobbering the CI configuration.
+
+- [./steps/fmt.sh](./steps/fmt.sh)
+  - Runs `yarn fmt` after ensuring VS Code is patched.
+- [./steps/lint.sh](./steps/lint.sh)
+  - Runs `yarn lint` after ensuring VS Code is patched.
+- [./steps/test.sh](./steps/test.sh)
+  - Runs `yarn test` after ensuring VS Code is patched.
+- [./steps/release.sh](./steps/release.sh)
+  - Runs the release process.
+  - Generates the npm package at `./release`.
+- [./steps/release-packages.sh](./steps/release-packages.sh)
+  - Takes the output of the previous script and generates a standalone release and
+    release packages into `./release-packages`.
+- [./steps/publish-npm.sh](./steps/publish-npm.sh)
+  - Grabs the `npm-package` release artifact for the current commit and publishes it on npm.
+- [./steps/build-docker-image.sh](./steps/build-docker-image.sh)
+  - Builds the docker image and then saves it into `./release-images/code-server-$ARCH-$VERSION.tar`.
+- [./steps/push-docker-manifest.sh](./steps/push-docker-manifest.sh)
+  - Loads all images in `./release-images` and then builds and pushes a multi architecture
+    docker manifest for the amd64 and arm64 images to `codercom/code-server:$VERSION` and
+    `codercom/code-server:latest`.

ci/build/build-code-server.sh

@@ -0,0 +1,37 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# Builds code-server into out and the frontend into dist.
+
+# MINIFY controls whether parcel minifies dist.
+MINIFY=${MINIFY-true}
+
+main() {
+  cd "$(dirname "${0}")/../.."
+
+  tsc
+
+  # If out/node/entry.js does not already have the shebang,
+  # we make sure to add it and make it executable.
+  if ! grep -q -m1 "^#!/usr/bin/env node" out/node/entry.js; then
+    sed -i.bak "1s;^;#!/usr/bin/env node\n;" out/node/entry.js && rm out/node/entry.js.bak
+    chmod +x out/node/entry.js
+  fi
+
+  if ! [ -f ./lib/coder-cloud-agent ]; then
+    OS="$(uname | tr '[:upper:]' '[:lower:]')"
+    curl -fsSL "https://storage.googleapis.com/coder-cloud-releases/agent/latest/$OS/cloud-agent" -o ./lib/coder-cloud-agent
+    chmod +x ./lib/coder-cloud-agent
+  fi
+
+  parcel build \
+    --public-url "." \
+    --out-dir dist \
+    $([[ $MINIFY ]] || echo --no-minify) \
+    src/browser/register.ts \
+    src/browser/serviceWorker.ts \
+    src/browser/pages/login.ts \
+    src/browser/pages/vscode.ts
+}
+
+main "$@"

ci/build/build-packages.sh

@@ -0,0 +1,50 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# Packages code-server for the current OS and architecture into ./release-packages.
+# This script assumes that a standalone release is built already into ./release-standalone
+
+main() {
+  cd "$(dirname "${0}")/../.."
+  source ./ci/lib.sh
+
+  mkdir -p release-packages
+
+  release_archive
+
+  if [[ $OS == "linux" ]]; then
+    release_nfpm
+  fi
+}
+
+release_archive() {
+  local release_name="code-server-$VERSION-$OS-$ARCH"
+  if [[ $OS == "linux" ]]; then
+    tar -czf "release-packages/$release_name.tar.gz" --transform "s/^\.\/release-standalone/$release_name/" ./release-standalone
+  else
+    tar -czf "release-packages/$release_name.tar.gz" -s "/^release-standalone/$release_name/" release-standalone
+  fi
+
+  echo "done (release-packages/$release_name)"
+
+  release_gcp
+}
+
+release_gcp() {
+  mkdir -p "release-gcp/$VERSION"
+  cp "release-packages/$release_name.tar.gz" "./release-gcp/$VERSION/$OS-$ARCH.tar.gz"
+  mkdir -p "release-gcp/latest"
+  cp "./release-packages/$release_name.tar.gz" "./release-gcp/latest/$OS-$ARCH.tar.gz"
+}
+
+# Generates deb and rpm packages.
+release_nfpm() {
+  local nfpm_config
+  nfpm_config="$(envsubst < ./ci/build/nfpm.yaml)"
+
+  # The underscores are convention for .deb.
+  nfpm pkg -f <(echo "$nfpm_config") --target "release-packages/code-server_${VERSION}_$ARCH.deb"
+  nfpm pkg -f <(echo "$nfpm_config") --target "release-packages/code-server-$VERSION-$ARCH.rpm"
+}
+
+main "$@"

ci/build/build-release.sh

@@ -0,0 +1,101 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# This script requires vscode to be built with matching MINIFY.
+
+# MINIFY controls whether minified vscode is bundled.
+MINIFY="${MINIFY-true}"
+
+# KEEP_MODULES controls whether the script cleans all node_modules requiring a yarn install
+# to run first.
+KEEP_MODULES="${KEEP_MODULES-0}"
+
+main() {
+  cd "$(dirname "${0}")/../.."
+  source ./ci/lib.sh
+
+  VSCODE_SRC_PATH="lib/vscode"
+  VSCODE_OUT_PATH="$RELEASE_PATH/lib/vscode"
+
+  mkdir -p "$RELEASE_PATH"
+
+  bundle_code_server
+  bundle_vscode
+
+  rsync README.md "$RELEASE_PATH"
+  rsync LICENSE.txt "$RELEASE_PATH"
+  rsync ./lib/vscode/ThirdPartyNotices.txt "$RELEASE_PATH"
+
+  # code-server exports types which can be imported and used by plugins. Those
+  # types import ipc.d.ts but it isn't included in the final vscode build so
+  # we'll copy it ourselves here.
+  mkdir -p "$RELEASE_PATH/lib/vscode/src/vs/server"
+  rsync ./lib/vscode/src/vs/server/ipc.d.ts "$RELEASE_PATH/lib/vscode/src/vs/server"
+}
+
+bundle_code_server() {
+  rsync out dist "$RELEASE_PATH"
+
+  # For source maps and images.
+  mkdir -p "$RELEASE_PATH/src/browser"
+  rsync src/browser/media/ "$RELEASE_PATH/src/browser/media"
+  mkdir -p "$RELEASE_PATH/src/browser/pages"
+  rsync src/browser/pages/*.html "$RELEASE_PATH/src/browser/pages"
+  rsync src/browser/robots.txt "$RELEASE_PATH/src/browser"
+
+  # Adds the commit to package.json
+  jq --slurp '.[0] * .[1]' package.json <(
+    cat << EOF
+  {
+    "commit": "$(git rev-parse HEAD)",
+    "scripts": {
+      "postinstall": "./postinstall.sh"
+    }
+  }
+EOF
+  ) > "$RELEASE_PATH/package.json"
+  rsync yarn.lock "$RELEASE_PATH"
+  rsync ci/build/npm-postinstall.sh "$RELEASE_PATH/postinstall.sh"
+
+  if [ "$KEEP_MODULES" = 1 ]; then
+    rsync node_modules/ "$RELEASE_PATH/node_modules"
+    mkdir -p "$RELEASE_PATH/lib"
+    rsync ./lib/coder-cloud-agent "$RELEASE_PATH/lib"
+  fi
+}
+
+bundle_vscode() {
+  mkdir -p "$VSCODE_OUT_PATH"
+  rsync "$VSCODE_SRC_PATH/yarn.lock" "$VSCODE_OUT_PATH"
+  rsync "$VSCODE_SRC_PATH/out-vscode${MINIFY:+-min}/" "$VSCODE_OUT_PATH/out"
+
+  rsync "$VSCODE_SRC_PATH/.build/extensions/" "$VSCODE_OUT_PATH/extensions"
+  if [ "$KEEP_MODULES" = 0 ]; then
+    rm -Rf "$VSCODE_OUT_PATH/extensions/node_modules"
+  else
+    rsync "$VSCODE_SRC_PATH/node_modules/" "$VSCODE_OUT_PATH/node_modules"
+  fi
+  rsync "$VSCODE_SRC_PATH/extensions/package.json" "$VSCODE_OUT_PATH/extensions"
+  rsync "$VSCODE_SRC_PATH/extensions/yarn.lock" "$VSCODE_OUT_PATH/extensions"
+  rsync "$VSCODE_SRC_PATH/extensions/postinstall.js" "$VSCODE_OUT_PATH/extensions"
+
+  mkdir -p "$VSCODE_OUT_PATH/resources/linux"
+  rsync "$VSCODE_SRC_PATH/resources/linux/code.png" "$VSCODE_OUT_PATH/resources/linux/code.png"
+
+  # Adds the commit and date to product.json
+  jq --slurp '.[0] * .[1]' "$VSCODE_SRC_PATH/product.json" <(
+    cat << EOF
+  {
+    "commit": "$(git rev-parse HEAD)",
+    "date": $(jq -n 'now | todate')
+  }
+EOF
+  ) > "$VSCODE_OUT_PATH/product.json"
+
+  # We remove the scripts field so that later on we can run
+  # yarn to fetch node_modules if necessary without build scripts running.
+  # We cannot use --no-scripts because we still want dependent package scripts to run.
+  jq 'del(.scripts)' < "$VSCODE_SRC_PATH/package.json" > "$VSCODE_OUT_PATH/package.json"
+}
+
+main "$@"

ci/build/build-standalone-release.sh

@@ -0,0 +1,28 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+main() {
+  cd "$(dirname "${0}")/../.."
+  source ./ci/lib.sh
+
+  rsync "$RELEASE_PATH/" "$RELEASE_PATH-standalone"
+  RELEASE_PATH+=-standalone
+
+  # We cannot find the path to node from $PATH because yarn shims a script to ensure
+  # we use the same version it's using so we instead run a script with yarn that
+  # will print the path to node.
+  local node_path
+  node_path="$(yarn -s node <<< 'console.info(process.execPath)')"
+
+  mkdir -p "$RELEASE_PATH/bin"
+  rsync ./ci/build/code-server.sh "$RELEASE_PATH/bin/code-server"
+  rsync "$node_path" "$RELEASE_PATH/lib/node"
+
+  ln -s "./bin/code-server" "$RELEASE_PATH/code-server"
+  ln -s "./lib/node" "$RELEASE_PATH/node"
+
+  cd "$RELEASE_PATH"
+  yarn --production --frozen-lockfile
+}
+
+main "$@"

ci/build/build-vscode.sh

@@ -0,0 +1,21 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# Builds vscode into lib/vscode/out-vscode.
+
+# MINIFY controls whether a minified version of vscode is built.
+MINIFY=${MINIFY-true}
+
+main() {
+  cd "$(dirname "${0}")/../.."
+  cd lib/vscode
+
+  yarn gulp compile-build
+  yarn gulp compile-extensions-build
+  yarn gulp optimize --gulpfile ./coder.js
+  if [[ $MINIFY ]]; then
+    yarn gulp minify --gulpfile ./coder.js
+  fi
+}
+
+main "$@"

ci/build/clean.sh

@@ -0,0 +1,16 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+main() {
+  cd "$(dirname "${0}")/../.."
+  source ./ci/lib.sh
+
+  git clean -Xffd
+
+  pushd lib/vscode
+  git clean -xffd
+  git reset --hard
+  popd
+}
+
+main "$@"

ci/build/code-server-nfpm.sh

@@ -0,0 +1,3 @@
+#!/usr/bin/env sh
+
+exec /usr/lib/code-server/bin/code-server "$@"

ci/build/code-server-user.service

@@ -0,0 +1,11 @@
+[Unit]
+Description=code-server
+After=network.target
+
+[Service]
+Type=exec
+ExecStart=/usr/bin/code-server
+Restart=always
+
+[Install]
+WantedBy=default.target

ci/build/code-server.sh

@@ -0,0 +1,36 @@
+#!/bin/sh
+set -eu
+
+# This script is intended to be bundled into the standalone releases.
+# Runs code-server with the bundled node binary.
+
+_realpath() {
+  # See https://github.com/cdr/code-server/issues/1537 on why no realpath or readlink -f.
+
+  script="$1"
+  cd "$(dirname "$script")"
+
+  while [ -L "$(basename "$script")" ]; do
+    if [ -L "./node" ] && [ -L "./code-server" ] &&
+      [ -f "package.json" ] &&
+      cat package.json | grep -q '^  "name": "code-server",$'; then
+      echo "***** Please use the script in bin/code-server instead!" >&2
+      echo "***** This script will soon be removed!" >&2
+      echo "***** See the release notes at https://github.com/cdr/code-server/releases/tag/v3.4.0" >&2
+    fi
+
+    script="$(readlink "$(basename "$script")")"
+    cd "$(dirname "$script")"
+  done
+
+  echo "$PWD/$(basename "$script")"
+}
+
+root() {
+  script="$(_realpath "$0")"
+  bin_dir="$(dirname "$script")"
+  dirname "$bin_dir"
+}
+
+ROOT="$(root)"
+exec "$ROOT/lib/node" "$ROOT" "$@"

ci/build/code-server@.service

@@ -0,0 +1,12 @@
+[Unit]
+Description=code-server
+After=network.target
+
+[Service]
+Type=exec
+ExecStart=/usr/bin/code-server
+Restart=always
+User=%i
+
+[Install]
+WantedBy=default.target

ci/build/nfpm.yaml

@@ -0,0 +1,19 @@
+name: "code-server"
+arch: "${ARCH}"
+platform: "linux"
+version: "v${VERSION}"
+section: "devel"
+priority: "optional"
+maintainer: "Anmol Sethi <hi@nhooyr.io>"
+description: |
+  Run VS Code in the browser.
+vendor: "Coder"
+homepage: "https://github.com/cdr/code-server"
+license: "MIT"
+files:
+  ./ci/build/code-server-nfpm.sh: /usr/bin/code-server
+  ./ci/build/code-server@.service: /usr/lib/systemd/system/code-server@.service
+  # Only included for backwards compat with previous releases that shipped
+  # the user service. See #1997
+  ./ci/build/code-server-user.service: /usr/lib/systemd/user/code-server.service
+  ./release-standalone/**/*: "/usr/lib/code-server/"

ci/build/npm-postinstall.sh

@@ -0,0 +1,55 @@
+#!/usr/bin/env sh
+set -eu
+
+main() {
+  # Grabs the major version of node from $npm_config_user_agent which looks like
+  # yarn/1.21.1 npm/? node/v14.2.0 darwin x64
+  major_node_version=$(echo "$npm_config_user_agent" | sed -n 's/.*node\/v\([^.]*\).*/\1/p')
+  if [ "$major_node_version" -lt 12 ]; then
+    echo "code-server currently requires at least node v12"
+    echo "We have detected that you are on node v$major_node_version"
+    echo "See https://github.com/cdr/code-server/issues/1633"
+    exit 1
+  fi
+
+  case "${npm_config_user_agent-}" in npm*)
+    # We are running under npm.
+    if [ "${npm_config_unsafe_perm-}" != "true" ]; then
+      echo "Please pass --unsafe-perm to npm to install code-server"
+      echo "Otherwise the postinstall script does not have permissions to run"
+      echo "See https://docs.npmjs.com/misc/config#unsafe-perm"
+      echo "See https://stackoverflow.com/questions/49084929/npm-sudo-global-installation-unsafe-perm"
+      exit 1
+    fi
+    ;;
+  esac
+
+  OS="$(uname | tr '[:upper:]' '[:lower:]')"
+  if curl -fsSL "https://storage.googleapis.com/coder-cloud-releases/agent/latest/$OS/cloud-agent" -o ./lib/coder-cloud-agent; then
+    chmod +x ./lib/coder-cloud-agent
+  else
+    echo "Failed to download cloud agent; --link will not work"
+  fi
+
+  if ! vscode_yarn; then
+    echo "You may not have the required dependencies to build the native modules."
+    echo "Please see https://github.com/cdr/code-server/blob/master/doc/npm.md"
+    exit 1
+  fi
+}
+
+vscode_yarn() {
+  cd lib/vscode
+  yarn --production --frozen-lockfile
+  cd extensions
+  yarn --production --frozen-lockfile
+  for ext in */; do
+    ext="${ext%/}"
+    echo "extensions/$ext: installing dependencies"
+    cd "$ext"
+    yarn --production --frozen-lockfile
+    cd "$OLDPWD"
+  done
+}
+
+main "$@"

ci/build/release-github-assets.sh

@@ -0,0 +1,21 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# Downloads the release artifacts from CI for the current
+# commit and then uploads them to the release with the version
+# in package.json.
+# You will need $GITHUB_TOKEN set.
+
+main() {
+  cd "$(dirname "$0")/../.."
+  source ./ci/lib.sh
+
+  download_artifact release-packages ./release-packages
+  local assets=(./release-packages/code-server*"$VERSION"*{.tar.gz,.deb,.rpm})
+  for i in "${!assets[@]}"; do
+    assets[$i]="--attach=${assets[$i]}"
+  done
+  EDITOR=true hub release edit --draft "${assets[@]}" "v$VERSION"
+}
+
+main "$@"

ci/build/release-github-draft.sh

@@ -0,0 +1,28 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# Creates a draft release with the template for the version in package.json
+
+main() {
+  cd "$(dirname "$0")/../.."
+  source ./ci/lib.sh
+
+  hub release create \
+    --file - \
+    -t "$(git rev-parse HEAD)" \
+    --draft "${assets[@]}" "v$VERSION" << EOF
+v$VERSION
+
+VS Code v$(vscode_version)
+
+# New Features
+  - ⭐ Summarize new features here with references to issues
+
+## Bug Fixes
+  - ⭐ Summarize bug fixes here with references to issues
+
+Cheers! 🍻
+EOF
+}
+
+main "$@"

ci/build/test-standalone-release.sh

@@ -0,0 +1,28 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# Makes sure the release works.
+# This is to make sure we don't have Node version errors or any other
+# compilation-related errors.
+main() {
+  cd "$(dirname "${0}")/../.."
+
+  local EXTENSIONS_DIR
+  EXTENSIONS_DIR="$(mktemp -d)"
+
+  echo "Testing standalone release."
+
+  ./release-standalone/bin/code-server --extensions-dir "$EXTENSIONS_DIR" --install-extension ms-python.python
+  local installed_extensions
+  installed_extensions="$(./release-standalone/bin/code-server --extensions-dir "$EXTENSIONS_DIR" --list-extensions 2>&1)"
+  # We use grep as ms-python.python may have dependency extensions that change.
+  if ! echo "$installed_extensions" | grep -q "ms-python.python"; then
+    echo "Unexpected output from listing extensions:"
+    echo "$installed_extensions"
+    exit 1
+  fi
+
+  echo "Standalone release works correctly."
+}
+
+main "$@"

ci/dev/ci.sh

@@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+main() {
+  cd "$(dirname "$0")/../.."
+
+  yarn fmt
+  yarn lint
+  yarn test
+}
+
+main "$@"

ci/dev/diff-vscode.sh

@@ -0,0 +1,12 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+main() {
+  cd "$(dirname "$0")/../.."
+
+  cd ./lib/vscode
+  git add -A
+  git diff HEAD --full-index > ../../ci/dev/vscode.patch
+}
+
+main "$@"

ci/dev/fmt.sh

@@ -0,0 +1,42 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+main() {
+  cd "$(dirname "$0")/../.."
+
+  shfmt -i 2 -w -sr $(git ls-files "*.sh")
+
+  local prettierExts
+  prettierExts=(
+    "*.js"
+    "*.ts"
+    "*.tsx"
+    "*.html"
+    "*.json"
+    "*.css"
+    "*.md"
+    "*.toml"
+    "*.yaml"
+    "*.yml"
+  )
+  prettier --write --loglevel=warn $(
+    git ls-files "${prettierExts[@]}" | grep -v 'helm-chart'
+  )
+
+  doctoc --title '# FAQ' doc/FAQ.md > /dev/null
+  doctoc --title '# Setup Guide' doc/guide.md > /dev/null
+  doctoc --title '# Install' doc/install.md > /dev/null
+  doctoc --title '# npm Install Requirements' doc/npm.md > /dev/null
+  doctoc --title '# Contributing' doc/CONTRIBUTING.md > /dev/null
+  doctoc --title '# iPad' doc/ipad.md > /dev/null
+
+  if [[ ${CI-} && $(git ls-files --other --modified --exclude-standard) ]]; then
+    echo "Files need generation or are formatted incorrectly:"
+    git -c color.ui=always status | grep --color=no '\[31m'
+    echo "Please run the following locally:"
+    echo "  yarn fmt"
+    exit 1
+  fi
+}
+
+main "$@"

ci/dev/image/run.sh

@@ -0,0 +1,31 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+main() {
+  cd "$(dirname "$0")/../../.."
+  source ./ci/lib.sh
+  mkdir -p .home
+
+  docker run \
+    -it \
+    --rm \
+    -v "$PWD:/src" \
+    -e HOME="/src/.home" \
+    -e USER="coder" \
+    -e GITHUB_TOKEN \
+    -e KEEP_MODULES \
+    -e MINIFY \
+    -w /src \
+    -p 127.0.0.1:8080:8080 \
+    -u "$(id -u):$(id -g)" \
+    -e CI \
+    "$(docker_build ./ci/images/"${IMAGE-debian10}")" \
+    "$@"
+}
+
+docker_build() {
+  docker build "$@" >&2
+  docker build -q "$@"
+}
+
+main "$@"

ci/dev/lint.sh

@@ -0,0 +1,16 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+main() {
+  cd "$(dirname "$0")/../.."
+
+  eslint --max-warnings=0 --fix $(git ls-files "*.ts" "*.tsx" "*.js")
+  stylelint $(git ls-files "*.css")
+  tsc --noEmit
+  shellcheck -e SC2046,SC2164,SC2154,SC1091,SC1090,SC2002 $(git ls-files "*.sh")
+  if command -v helm && helm kubeval --help > /dev/null; then
+    helm kubeval ci/helm-chart
+  fi
+}
+
+main "$@"

ci/dev/patch-vscode.sh

@@ -0,0 +1,11 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+main() {
+  cd "$(dirname "$0")/../.."
+
+  cd ./lib/vscode
+  git apply ../../ci/dev/vscode.patch
+}
+
+main "$@"

ci/dev/test.sh

@@ -0,0 +1,13 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+main() {
+  cd "$(dirname "$0")/../.."
+
+  cd test/test-plugin
+  make -s out/index.js
+  cd "$OLDPWD"
+  mocha -r ts-node/register ./test/*.test.ts "$@"
+}
+
+main "$@"

ci/dev/vscode.sh

@@ -0,0 +1,22 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# 1. Ensures VS Code is cloned.
+# 2. Patches it.
+# 3. Installs it.
+main() {
+  cd "$(dirname "$0")/../.."
+
+  git submodule update --init
+
+  # If the patch fails to apply, then it's likely already applied
+  yarn vscode:patch &> /dev/null || true
+
+  (
+    cd lib/vscode
+    # Install VS Code dependencies.
+    yarn ${CI+--frozen-lockfile}
+  )
+}
+
+main "$@"

ci/dev/watch.ts

@@ -0,0 +1,194 @@
+import * as cp from "child_process"
+import Bundler from "parcel-bundler"
+import * as path from "path"
+
+async function main(): Promise<void> {
+  try {
+    const watcher = new Watcher()
+    await watcher.watch()
+  } catch (error) {
+    console.error(error.message)
+    process.exit(1)
+  }
+}
+
+class Watcher {
+  private readonly rootPath = path.resolve(__dirname, "../..")
+  private readonly vscodeSourcePath = path.join(this.rootPath, "lib/vscode")
+
+  private static log(message: string, skipNewline = false): void {
+    process.stdout.write(message)
+    if (!skipNewline) {
+      process.stdout.write("\n")
+    }
+  }
+
+  public async watch(): Promise<void> {
+    let server: cp.ChildProcess | undefined
+    const restartServer = (): void => {
+      if (server) {
+        server.kill()
+      }
+      const s = cp.fork(path.join(this.rootPath, "out/node/entry.js"), process.argv.slice(2))
+      console.log(`[server] spawned process ${s.pid}`)
+      s.on("exit", () => console.log(`[server] process ${s.pid} exited`))
+      server = s
+    }
+
+    const vscode = cp.spawn("yarn", ["watch"], { cwd: this.vscodeSourcePath })
+    const tsc = cp.spawn("tsc", ["--watch", "--pretty", "--preserveWatchOutput"], { cwd: this.rootPath })
+    const plugin = process.env.PLUGIN_DIR
+      ? cp.spawn("yarn", ["build", "--watch"], { cwd: process.env.PLUGIN_DIR })
+      : undefined
+    const bundler = this.createBundler()
+
+    const cleanup = (code?: number | null): void => {
+      Watcher.log("killing vs code watcher")
+      vscode.removeAllListeners()
+      vscode.kill()
+
+      Watcher.log("killing tsc")
+      tsc.removeAllListeners()
+      tsc.kill()
+
+      if (plugin) {
+        Watcher.log("killing plugin")
+        plugin.removeAllListeners()
+        plugin.kill()
+      }
+
+      if (server) {
+        Watcher.log("killing server")
+        server.removeAllListeners()
+        server.kill()
+      }
+
+      Watcher.log("killing bundler")
+      process.exit(code || 0)
+    }
+
+    process.on("SIGINT", () => cleanup())
+    process.on("SIGTERM", () => cleanup())
+
+    vscode.on("exit", (code) => {
+      Watcher.log("vs code watcher terminated unexpectedly")
+      cleanup(code)
+    })
+    tsc.on("exit", (code) => {
+      Watcher.log("tsc terminated unexpectedly")
+      cleanup(code)
+    })
+    if (plugin) {
+      plugin.on("exit", (code) => {
+        Watcher.log("plugin terminated unexpectedly")
+        cleanup(code)
+      })
+    }
+    const bundle = bundler.bundle().catch(() => {
+      Watcher.log("parcel watcher terminated unexpectedly")
+      cleanup(1)
+    })
+    bundler.on("buildEnd", () => {
+      console.log("[parcel] bundled")
+    })
+    bundler.on("buildError", (error) => {
+      console.error("[parcel]", error)
+    })
+
+    vscode.stderr.on("data", (d) => process.stderr.write(d))
+    tsc.stderr.on("data", (d) => process.stderr.write(d))
+    if (plugin) {
+      plugin.stderr.on("data", (d) => process.stderr.write(d))
+    }
+
+    // From https://github.com/chalk/ansi-regex
+    const pattern = [
+      "[\\u001B\\u009B][[\\]()#;?]*(?:(?:(?:[a-zA-Z\\d]*(?:;[-a-zA-Z\\d\\/#&.:=?%@~_]*)*)?\\u0007)",
+      "(?:(?:\\d{1,4}(?:;\\d{0,4})*)?[\\dA-PR-TZcf-ntqry=><~]))",
+    ].join("|")
+    const re = new RegExp(pattern, "g")
+
+    /**
+     * Split stdout on newlines and strip ANSI codes.
+     */
+    const onLine = (proc: cp.ChildProcess, callback: (strippedLine: string, originalLine: string) => void): void => {
+      let buffer = ""
+      if (!proc.stdout) {
+        throw new Error("no stdout")
+      }
+      proc.stdout.setEncoding("utf8")
+      proc.stdout.on("data", (d) => {
+        const data = buffer + d
+        const split = data.split("\n")
+        const last = split.length - 1
+
+        for (let i = 0; i < last; ++i) {
+          callback(split[i].replace(re, ""), split[i])
+        }
+
+        // The last item will either be an empty string (the data ended with a
+        // newline) or a partial line (did not end with a newline) and we must
+        // wait to parse it until we get a full line.
+        buffer = split[last]
+      })
+    }
+
+    let startingVscode = false
+    let startedVscode = false
+    onLine(vscode, (line, original) => {
+      console.log("[vscode]", original)
+      // Wait for watch-client since "Finished compilation" will appear multiple
+      // times before the client starts building.
+      if (!startingVscode && line.includes("Starting watch-client")) {
+        startingVscode = true
+      } else if (startingVscode && line.includes("Finished compilation")) {
+        if (startedVscode) {
+          bundle.then(restartServer)
+        }
+        startedVscode = true
+      }
+    })
+
+    onLine(tsc, (line, original) => {
+      // tsc outputs blank lines; skip them.
+      if (line !== "") {
+        console.log("[tsc]", original)
+      }
+      if (line.includes("Watching for file changes")) {
+        bundle.then(restartServer)
+      }
+    })
+
+    if (plugin) {
+      onLine(plugin, (line, original) => {
+        // tsc outputs blank lines; skip them.
+        if (line !== "") {
+          console.log("[plugin]", original)
+        }
+        if (line.includes("Watching for file changes")) {
+          bundle.then(restartServer)
+        }
+      })
+    }
+  }
+
+  private createBundler(out = "dist"): Bundler {
+    return new Bundler(
+      [
+        path.join(this.rootPath, "src/browser/register.ts"),
+        path.join(this.rootPath, "src/browser/serviceWorker.ts"),
+        path.join(this.rootPath, "src/browser/pages/login.ts"),
+        path.join(this.rootPath, "src/browser/pages/vscode.ts"),
+      ],
+      {
+        outDir: path.join(this.rootPath, out),
+        cacheDir: path.join(this.rootPath, ".cache"),
+        minify: !!process.env.MINIFY,
+        logLevel: 1,
+        publicUrl: ".",
+      },
+    )
+  }
+}
+
+main()

ci/helm-chart/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

ci/helm-chart/Chart.yaml

@@ -0,0 +1,23 @@
+apiVersion: v2
+name: code-server
+description: A Helm chart for cdr/code-server
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 1.0.1
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+appVersion: 3.7.2

ci/helm-chart/README.md

@@ -0,0 +1,117 @@
+# code-server
+
+![Version: 1.0.0](https://img.shields.io/badge/Version-1.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 3.7.2](https://img.shields.io/badge/AppVersion-3.7.2-informational?style=flat-square)
+
+[code-server](https://github.com/cdr/code-server) code-server is VS Code running
+on a remote server, accessible through the browser.
+
+This chart is community maintained by [@Matthew-Beckett](https://github.com/Matthew-Beckett) and [@alexgorbatchev](https://github.com/alexgorbatchev)
+
+## TL;DR;
+
+```console
+$ git clone https://github.com/cdr/code-server
+$ cd code-server
+$ helm upgrade --install code-server ci/helm-chart
+```
+
+## Introduction
+
+This chart bootstraps a code-server deployment on a
+[Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh)
+package manager.
+
+## Prerequisites
+
+  - Kubernetes 1.6+
+
+## Installing the Chart
+
+To install the chart with the release name `code-server`:
+
+```console
+$ git clone https://github.com/cdr/code-server
+$ cd code-server
+$ helm upgrade --install code-server ci/helm-chart
+```
+
+The command deploys code-server on the Kubernetes cluster in the default
+configuration. The [configuration](#configuration) section lists the parameters
+that can be configured during installation.
+
+> **Tip**: List all releases using `helm list`
+
+## Uninstalling the Chart
+
+To uninstall/delete the `code-server` deployment:
+
+```console
+$ helm delete code-server
+```
+
+The command removes all the Kubernetes components associated with the chart and
+deletes the release.
+
+## Configuration
+
+The following table lists the configurable parameters of the code-server chart
+and their default values.
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| affinity | object | `{}` |  |
+| extraArgs | list | `[]` |  |
+| extraConfigmapMounts | list | `[]` |  |
+| extraContainers | string | `""` |  |
+| extraSecretMounts | list | `[]` |  |
+| extraVars | list | `[]` |  |
+| extraVolumeMounts | list | `[]` |  |
+| fullnameOverride | string | `""` |  |
+| hostnameOverride | string | `""` |  |
+| image.pullPolicy | string | `"Always"` |  |
+| image.repository | string | `"codercom/code-server"` |  |
+| image.tag | string | `"3.7.2"` |  |
+| imagePullSecrets | list | `[]` |  |
+| ingress.enabled | bool | `false` |  |
+| nameOverride | string | `""` |  |
+| nodeSelector | object | `{}` |  |
+| persistence.accessMode | string | `"ReadWriteOnce"` |  |
+| persistence.annotations | object | `{}` |  |
+| persistence.enabled | bool | `true` |  |
+| persistence.size | string | `"1Gi"` |  |
+| podAnnotations | object | `{}` |  |
+| podSecurityContext | object | `{}` |  |
+| replicaCount | int | `1` |  |
+| resources | object | `{}` |  |
+| securityContext.enabled | bool | `true` |  |
+| securityContext.fsGroup | int | `1000` |  |
+| securityContext.runAsUser | int | `1000` |  |
+| service.port | int | `8443` |  |
+| service.type | string | `"ClusterIP"` |  |
+| serviceAccount.create | bool | `true` |  |
+| serviceAccount.name | string | `nil` |  |
+| tolerations | list | `[]` |  |
+| volumePermissions.enabled | bool | `true` |  |
+| volumePermissions.securityContext.runAsUser | int | `0` |  |
+
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm
+install`. For example,
+
+```console
+$ helm upgrade --install code-server \
+    ci/helm-chart \
+    --set persistence.enabled=false
+```
+
+The above command sets the the persistence storage to false.
+
+Alternatively, a YAML file that specifies the values for the above parameters
+can be provided while installing the chart. For example,
+
+```console
+$ helm upgrade --install code-server ci/helm-chart -f values.yaml
+```
+
+> **Tip**: You can use the default [values.yaml](values.yaml)

ci/helm-chart/templates/NOTES.txt

@@ -0,0 +1,25 @@
+1. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range $host := .Values.ingress.hosts }}
+  {{- range .paths }}
+  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }}
+  {{- end }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "code-server.fullname" . }})
+  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "code-server.fullname" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "code-server.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
+  echo http://$SERVICE_IP:{{ .Values.service.port }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "code-server.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  echo "Visit http://127.0.0.1:8080 to use your application"
+  kubectl port-forward $POD_NAME 8080:80
+{{- end }}
+
+Administrator credentials:
+
+  Password: echo $(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "code-server.fullname" . }} -o jsonpath="{.data.password}" | base64 --decode)

ci/helm-chart/templates/_helpers.tpl

@@ -0,0 +1,63 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "code-server.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "code-server.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "code-server.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Common labels
+*/}}
+{{- define "code-server.labels" -}}
+helm.sh/chart: {{ include "code-server.chart" . }}
+{{ include "code-server.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "code-server.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "code-server.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "code-server.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+    {{ default (include "code-server.fullname" .) .Values.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}

ci/helm-chart/templates/deployment.yaml

@@ -0,0 +1,152 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "code-server.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "code-server.name" . }}
+    helm.sh/chart: {{ include "code-server.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  replicas: 1
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "code-server.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ include "code-server.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+    spec:
+      {{- if .Values.hostnameOverride }}
+      hostname: {{ .Values.hostnameOverride }}
+      {{- end }}
+      {{- if .Values.securityContext.enabled }}
+      securityContext:
+        fsGroup: {{ .Values.securityContext.fsGroup }}
+      {{- end }}
+      {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }}
+      initContainers:
+      - name: init-chmod-data
+        image: busybox:latest
+        imagePullPolicy: IfNotPresent
+        command:
+          - sh
+          - -c
+          - |
+            chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} /home/coder
+        securityContext:
+          runAsUser: {{ .Values.volumePermissions.securityContext.runAsUser }}
+        volumeMounts:
+        - name: data
+          mountPath: /home/coder
+      {{- end }}
+      containers:
+{{- if .Values.extraContainers }}
+{{ toYaml .Values.extraContainers | indent 8}}
+{{- end }}
+        - name: {{ .Chart.Name }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          {{- if .Values.securityContext.enabled }}
+          securityContext:
+            runAsUser: {{ .Values.securityContext.runAsUser }}
+          {{- end }}
+          env:
+        {{- if .Values.extraVars }}
+{{ toYaml .Values.extraVars | indent 10 }}
+        {{- end }}
+          - name: PASSWORD
+            valueFrom:
+              secretKeyRef:
+              {{- if .Values.existingSecret }}
+                name: {{ .Values.existingSecret }}
+              {{- else }}
+                name: {{ template "code-server.fullname" . }}
+              {{- end }}
+                key: password
+        {{- if .Values.extraArgs }}
+          args:
+{{ toYaml .Values.extraArgs | indent 10 }}
+        {{- end }}
+          volumeMounts:
+          - name: data
+            mountPath: /home/coder
+          {{- range .Values.extraConfigmapMounts }}
+          - name: {{ .name }}
+            mountPath: {{ .mountPath }}
+            subPath: {{ .subPath | default "" }}
+            readOnly: {{ .readOnly }}
+          {{- end }}
+          {{- range .Values.extraSecretMounts }}
+          - name: {{ .name }}
+            mountPath: {{ .mountPath }}
+            readOnly: {{ .readOnly }}
+          {{- end }}
+          {{- range .Values.extraVolumeMounts }}
+          - name: {{ .name }}
+            mountPath: {{ .mountPath }}
+            subPath: {{ .subPath | default "" }}
+            readOnly: {{ .readOnly }}
+          {{- end }}
+          ports:
+            - name: http
+              containerPort: 8080
+              protocol: TCP
+          livenessProbe:
+            httpGet:
+              path: /
+              port: http
+          readinessProbe:
+            httpGet:
+              path: /
+              port: http
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+    {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+    {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+      serviceAccountName: {{ template "code-server.serviceAccountName" . }}
+      volumes:
+      - name: data
+      {{- if .Values.persistence.enabled }}
+        {{- if not .Values.persistence.hostPath }}
+        persistentVolumeClaim:
+          claimName: {{ .Values.persistence.existingClaim | default (include "code-server.fullname" .) }}
+        {{- else }}
+        hostPath:
+          path: {{ .Values.persistence.hostPath }}
+          type: Directory
+        {{- end -}}
+      {{- else }}
+        emptyDir: {}
+      {{- end -}}
+      {{- range .Values.extraSecretMounts }}
+      - name: {{ .name }}
+        secret:
+          secretName: {{ .secretName }}
+          defaultMode: {{ .defaultMode }}
+      {{- end }}
+      {{- range .Values.extraVolumeMounts }}
+      - name: {{ .name }}
+        {{- if .existingClaim }}
+        persistentVolumeClaim:
+          claimName: {{ .existingClaim }}
+        {{- else }}
+        hostPath:
+          path: {{ .hostPath }}
+          type: Directory
+        {{- end }}
+      {{- end }}

ci/helm-chart/templates/ingress.yaml

@@ -0,0 +1,41 @@
+{{- if .Values.ingress.enabled -}}
+{{- $fullName := include "code-server.fullname" . -}}
+{{- $svcPort := .Values.service.port -}}
+{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1beta1
+{{- else -}}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Ingress
+metadata:
+  name: {{ $fullName }}
+  labels:
+    {{- include "code-server.labels" . | nindent 4 }}
+  {{- with .Values.ingress.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if .Values.ingress.tls }}
+  tls:
+    {{- range .Values.ingress.tls }}
+    - hosts:
+        {{- range .hosts }}
+        - {{ . | quote }}
+        {{- end }}
+      secretName: {{ .secretName }}
+    {{- end }}
+  {{- end }}
+  rules:
+    {{- range .Values.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+          {{- range .paths }}
+          - path: {{ . }}
+            backend:
+              serviceName: {{ $fullName }}
+              servicePort: {{ $svcPort }}
+          {{- end }}
+    {{- end }}
+  {{- end }}

ci/helm-chart/templates/pvc.yaml

@@ -0,0 +1,29 @@
+{{- if and (and .Values.persistence.enabled (not .Values.persistence.existingClaim)) (not .Values.persistence.hostPath) }}
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: {{ include "code-server.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+{{- with .Values.persistence.annotations  }}
+  annotations:
+{{ toYaml . | indent 4 }}
+{{- end }}
+  labels:
+    app.kubernetes.io/name: {{ include "code-server.name" . }}
+    helm.sh/chart: {{ include "code-server.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  accessModes:
+    - {{ .Values.persistence.accessMode | quote }}
+  resources:
+    requests:
+      storage: {{ .Values.persistence.size | quote }}
+{{- if .Values.persistence.storageClass }}
+{{- if (eq "-" .Values.persistence.storageClass) }}
+  storageClassName: ""
+{{- else }}
+  storageClassName: "{{ .Values.persistence.storageClass }}"
+{{- end }}
+{{- end }}
+{{- end }}

ci/helm-chart/templates/secrets.yaml

@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "code-server.fullname" . }}
+  annotations:
+    "helm.sh/hook": "pre-install"
+  labels:
+    app.kubernetes.io/name: {{ include "code-server.name" . }}
+    helm.sh/chart: {{ include "code-server.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+type: Opaque
+data:
+  {{ if .Values.password }}
+  password: "{{ .Values.password | b64enc }}"
+  {{ else }}
+  password: "{{ randAlphaNum 24 | b64enc }}"
+  {{ end }}

ci/helm-chart/templates/service.yaml

@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "code-server.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "code-server.name" . }}
+    helm.sh/chart: {{ include "code-server.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.port }}
+      targetPort: http
+      protocol: TCP
+      name: http
+  selector:
+    app.kubernetes.io/name: {{ include "code-server.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}

ci/helm-chart/templates/serviceaccount.yaml

@@ -0,0 +1,11 @@
+{{- if or .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels:
+    app.kubernetes.io/name: {{ include "code-server.name" . }}
+    helm.sh/chart: {{ include "code-server.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  name: {{ template "code-server.serviceAccountName" . }}
+{{- end -}}

ci/helm-chart/templates/tests/test-connection.yaml

@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ include "code-server.fullname" . }}-test-connection"
+  labels:
+    app.kubernetes.io/name: {{ include "code-server.name" . }}
+    helm.sh/chart: {{ include "code-server.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+    "helm.sh/hook": test-success
+spec:
+  containers:
+    - name: wget
+      image: busybox
+      command: ['wget']
+      args:  ['{{ include "code-server.fullname" . }}:{{ .Values.service.port }}']
+  restartPolicy: Never

ci/helm-chart/values.yaml

@@ -0,0 +1,163 @@
+# Default values for code-server.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+replicaCount: 1
+
+image:
+  repository: codercom/code-server
+  tag: '3.7.2'
+  pullPolicy: Always
+
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
+hostnameOverride: ""
+
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: true
+  # Annotations to add to the service account
+  annotations: {}
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: ""
+
+podAnnotations: {}
+
+podSecurityContext: {}
+  # fsGroup: 2000
+
+securityContext: {}
+  # capabilities:
+  #   drop:
+  #   - ALL
+  # readOnlyRootFilesystem: true
+  # runAsNonRoot: true
+  # runAsUser: 1000
+
+service:
+  type: ClusterIP
+  port: 8080
+
+ingress:
+  enabled: false
+  #annotations:
+  #  kubernetes.io/ingress.class: nginx
+  #  kubernetes.io/tls-acme: "true"
+  #hosts:
+  #  - host: code-server.example.loc
+  #    paths:
+  #      - /
+
+  #tls:
+  #  - secretName: code-server
+  #    hosts:
+  #      - code-server.example.loc
+
+# Optional additional arguments
+extraArgs: []
+#  - --allow-http
+#  - --no-auth
+
+# Optional additional environment variables
+extraVars: []
+#  - name: DISABLE_TELEMETRY
+#    value: true
+
+##
+## Init containers parameters:
+## volumePermissions: Change the owner of the persist volume mountpoint to RunAsUser:fsGroup
+##
+volumePermissions:
+  enabled: true
+  securityContext:
+    runAsUser: 0
+
+## Pod Security Context
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+##
+securityContext:
+  enabled: true
+  fsGroup: 1000
+  runAsUser: 1000
+
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #  cpu: 100m
+  #  memory: 1000Mi
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
+
+## Persist data to a persistent volume
+persistence:
+  enabled: true
+  ## code-server data Persistent Volume Storage Class
+  ## If defined, storageClassName: <storageClass>
+  ## If set to "-", storageClassName: "", which disables dynamic provisioning
+  ## If undefined (the default) or set to null, no storageClassName spec is
+  ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
+  ##   GKE, AWS & OpenStack)
+  ##
+  # storageClass: "-"
+  accessMode: ReadWriteOnce
+  size: 10Gi
+  annotations: {}
+  # existingClaim: ""
+  # hostPath: /data
+
+serviceAccount:
+  create: true
+  name:
+
+## Enable an Specify container in extraContainers.
+## This is meant to allow adding code-server dependencies, like docker-dind.
+extraContainers: |
+#- name: docker-dind
+#  image: docker:19.03-dind
+#  imagePullPolicy: IfNotPresent
+#  resources:
+#    requests:
+#      cpu: 250m
+#      memory: 256M
+#  securityContext:
+#    privileged: true
+#    procMount: Default
+#  env:
+#  - name: DOCKER_TLS_CERTDIR
+#    value: ""
+#  - name: DOCKER_DRIVER
+#    value: "overlay2"
+
+## Additional code-server secret mounts
+extraSecretMounts: []
+  # - name: secret-files
+  #   mountPath: /etc/secrets
+  #   secretName: code-server-secret-files
+  #   readOnly: true
+
+## Additional code-server volume mounts
+extraVolumeMounts: []
+  # - name: extra-volume
+  #   mountPath: /mnt/volume
+  #   readOnly: true
+  #   existingClaim: volume-claim
+  #   hostPath: ""
+
+extraConfigmapMounts: []
+  # - name: certs-configmap
+  #   mountPath: /etc/code-server/ssl/
+  #   subPath: certificates.crt # (optional)
+  #   configMap: certs-configmap
+  #   readOnly: true

ci/images/centos7/Dockerfile

@@ -0,0 +1,32 @@
+FROM centos:7
+
+ARG NODE_VERSION=v12.18.4
+RUN ARCH="$(uname -m | sed 's/86_64/64/; s/aarch64/arm64/')" && \
+    curl -fsSL "https://nodejs.org/dist/$NODE_VERSION/node-$NODE_VERSION-linux-$ARCH.tar.xz" | tar -C /usr/local -xJ && \
+    mv "/usr/local/node-$NODE_VERSION-linux-$ARCH" "/usr/local/node-$NODE_VERSION"
+ENV PATH=/usr/local/node-$NODE_VERSION/bin:$PATH
+RUN npm install -g yarn
+
+RUN yum groupinstall -y 'Development Tools'
+RUN yum install -y python2 libsecret-devel libX11-devel libxkbfile-devel
+
+RUN npm config set python python2
+
+RUN yum install -y epel-release && yum install -y jq
+RUN yum install -y rsync
+
+# Copied from ../debian10/Dockerfile
+# Install Go.
+RUN ARCH="$(uname -m | sed 's/x86_64/amd64/; s/aarch64/arm64/')" && \
+    curl -fsSL "https://dl.google.com/go/go1.14.3.linux-$ARCH.tar.gz" | tar -C /usr/local -xz
+ENV GOPATH=/gopath
+# Ensures running this image as another user works.
+RUN mkdir -p $GOPATH && chmod -R 777 $GOPATH
+ENV PATH=/usr/local/go/bin:$GOPATH/bin:$PATH
+
+# Install Go dependencies
+ENV GO111MODULE=on
+RUN go get mvdan.cc/sh/v3/cmd/shfmt
+RUN go get github.com/goreleaser/nfpm/cmd/nfpm@v1.9.0
+
+RUN curl -fsSL https://get.docker.com | sh

ci/images/debian10/Dockerfile

@@ -0,0 +1,54 @@
+FROM debian:10
+
+RUN apt-get update
+
+# Needed for debian repositories added below.
+RUN apt-get install -y curl gnupg
+
+# Installs node.
+RUN curl -fsSL https://deb.nodesource.com/setup_12.x | bash - && \
+    apt-get install -y nodejs
+
+# Installs yarn.
+RUN curl -fsSL https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - && \
+    echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list && \
+    apt-get update && apt-get install -y yarn
+
+# Installs VS Code build deps.
+RUN apt-get install -y build-essential \
+                   libsecret-1-dev \
+                   libx11-dev \
+                   libxkbfile-dev
+
+# Installs envsubst.
+RUN apt-get install -y gettext-base
+
+# Misc build dependencies.
+RUN apt-get install -y git rsync unzip jq
+
+# Installs shellcheck.
+RUN curl -fsSL https://github.com/koalaman/shellcheck/releases/download/v0.7.1/shellcheck-v0.7.1.linux.$(uname -m).tar.xz | \
+    tar -xJ && \
+    mv shellcheck*/shellcheck /usr/local/bin && \
+    rm -R shellcheck*
+
+# Install Go.
+RUN ARCH="$(uname -m | sed 's/x86_64/amd64/; s/aarch64/arm64/')" && \
+    curl -fsSL "https://dl.google.com/go/go1.14.3.linux-$ARCH.tar.gz" | tar -C /usr/local -xz
+ENV GOPATH=/gopath
+# Ensures running this image as another user works.
+RUN mkdir -p $GOPATH && chmod -R 777 $GOPATH
+ENV PATH=/usr/local/go/bin:$GOPATH/bin:$PATH
+
+# Install Go dependencies
+ENV GO111MODULE=on
+RUN go get mvdan.cc/sh/v3/cmd/shfmt
+RUN go get github.com/goreleaser/nfpm/cmd/nfpm@v1.9.0
+
+RUN VERSION="$(curl -fsSL https://storage.googleapis.com/kubernetes-release/release/stable.txt)" && \
+    curl -fsSL "https://storage.googleapis.com/kubernetes-release/release/$VERSION/bin/linux/amd64/kubectl" > /usr/local/bin/kubectl \
+    && chmod +x /usr/local/bin/kubectl
+RUN curl -fsSL https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash
+RUN helm plugin install https://github.com/instrumenta/helm-kubeval
+
+RUN curl -fsSL https://get.docker.com | sh

ci/lib.sh

@@ -0,0 +1,95 @@
+#!/usr/bin/env bash
+
+pushd() {
+  builtin pushd "$@" > /dev/null
+}
+
+popd() {
+  builtin popd > /dev/null
+}
+
+pkg_json_version() {
+  jq -r .version package.json
+}
+
+vscode_version() {
+  jq -r .version lib/vscode/package.json
+}
+
+os() {
+  local os
+  os=$(uname | tr '[:upper:]' '[:lower:]')
+  if [[ $os == "linux" ]]; then
+    # Alpine's ldd doesn't have a version flag but if you use an invalid flag
+    # (like --version) it outputs the version to stderr and exits with 1.
+    local ldd_output
+    ldd_output=$(ldd --version 2>&1 || true)
+    if echo "$ldd_output" | grep -iq musl; then
+      os="alpine"
+    fi
+  elif [[ $os == "darwin" ]]; then
+    os="macos"
+  fi
+  echo "$os"
+}
+
+arch() {
+  case "$(uname -m)" in
+  aarch64)
+    echo arm64
+    ;;
+  x86_64)
+    echo amd64
+    ;;
+  *)
+    echo "unknown architecture $(uname -a)"
+    exit 1
+    ;;
+  esac
+}
+
+curl() {
+  command curl -H "Authorization: token $GITHUB_TOKEN" "$@"
+}
+
+# Grabs the most recent ci.yaml github workflow run that was successful and triggered from the same commit being pushd.
+# This will contain the artifacts we want.
+# https://developer.github.com/v3/actions/workflow-runs/#list-workflow-runs
+get_artifacts_url() {
+  curl -fsSL 'https://api.github.com/repos/cdr/code-server/actions/workflows/ci.yaml/runs?status=success&event=push' | jq -r ".workflow_runs[] | select(.head_sha == \"$(git rev-parse HEAD)\") | .artifacts_url" | head -n 1
+}
+
+# Grabs the artifact's download url.
+# https://developer.github.com/v3/actions/artifacts/#list-workflow-run-artifacts
+get_artifact_url() {
+  local artifact_name="$1"
+  curl -fsSL "$(get_artifacts_url)" | jq -r ".artifacts[] | select(.name == \"$artifact_name\") | .archive_download_url" | head -n 1
+}
+
+# Uses the above two functions to download a artifact into a directory.
+download_artifact() {
+  local artifact_name="$1"
+  local dst="$2"
+
+  local tmp_file
+  tmp_file="$(mktemp)"
+
+  curl -fsSL "$(get_artifact_url "$artifact_name")" > "$tmp_file"
+  unzip -q -o "$tmp_file" -d "$dst"
+  rm "$tmp_file"
+}
+
+rsync() {
+  command rsync -a --del "$@"
+}
+
+VERSION="$(pkg_json_version)"
+export VERSION
+ARCH="$(arch)"
+export ARCH
+OS=$(os)
+export OS
+
+# RELEASE_PATH is the destination directory for the release from the root.
+# Defaults to release
+RELEASE_PATH="${RELEASE_PATH-release}"

ci/release-image/Dockerfile

@@ -0,0 +1,48 @@
+FROM debian:10
+
+RUN apt-get update \
+ && apt-get install -y \
+    curl \
+    dumb-init \
+    htop \
+    locales \
+    man \
+    nano \
+    git \
+    procps \
+    ssh \
+    sudo \
+    vim \
+    lsb-release \
+  && rm -rf /var/lib/apt/lists/*
+
+# https://wiki.debian.org/Locale#Manually
+RUN sed -i "s/# en_US.UTF-8/en_US.UTF-8/" /etc/locale.gen \
+  && locale-gen
+ENV LANG=en_US.UTF-8
+
+RUN chsh -s /bin/bash
+ENV SHELL=/bin/bash
+
+RUN adduser --gecos '' --disabled-password coder && \
+  echo "coder ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers.d/nopasswd
+
+RUN ARCH="$(dpkg --print-architecture)" && \
+    curl -fsSL "https://github.com/boxboat/fixuid/releases/download/v0.4.1/fixuid-0.4.1-linux-$ARCH.tar.gz" | tar -C /usr/local/bin -xzf - && \
+    chown root:root /usr/local/bin/fixuid && \
+    chmod 4755 /usr/local/bin/fixuid && \
+    mkdir -p /etc/fixuid && \
+    printf "user: coder\ngroup: coder\n" > /etc/fixuid/config.yml
+
+COPY release-packages/code-server*.deb /tmp/
+COPY ci/release-image/entrypoint.sh /usr/bin/entrypoint.sh
+RUN dpkg -i /tmp/code-server*$(dpkg --print-architecture).deb && rm /tmp/code-server*.deb
+
+EXPOSE 8080
+# This way, if someone sets $DOCKER_USER, docker-exec will still work as
+# the uid will remain the same. note: only relevant if -u isn't passed to
+# docker-run.
+USER 1000
+ENV USER=coder
+WORKDIR /home/coder
+ENTRYPOINT ["/usr/bin/entrypoint.sh", "--bind-addr", "0.0.0.0:8080", "."]

ci/release-image/build.sh

@@ -0,0 +1,11 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+main() {
+  cd "$(dirname "$0")/../.."
+  source ./ci/lib.sh
+
+  docker build -t "codercom/code-server-$ARCH:$VERSION" -f ./ci/release-image/Dockerfile .
+}
+
+main "$@"

ci/release-image/entrypoint.sh

@@ -0,0 +1,20 @@
+#!/bin/sh
+set -eu
+
+# We do this first to ensure sudo works below when renaming the user.
+# Otherwise the current container UID may not exist in the passwd database.
+eval "$(fixuid -q)"
+
+if [ "${DOCKER_USER-}" ]; then
+  echo "$DOCKER_USER ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/nopasswd > /dev/null
+  # Unfortunately we cannot change $HOME as we cannot move any bind mounts
+  # nor can we bind mount $HOME into a new home as that requires a privileged container.
+  sudo usermod --login "$DOCKER_USER" coder
+  sudo groupmod -n "$DOCKER_USER" coder
+
+  USER="$DOCKER_USER"
+
+  sudo sed -i "/coder/d" /etc/sudoers.d/nopasswd
+fi
+
+dumb-init /usr/bin/code-server "$@"

ci/steps/build-docker-image.sh

@@ -0,0 +1,14 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+main() {
+  cd "$(dirname "$0")/../.."
+  source ./ci/lib.sh
+
+  ./ci/release-image/build.sh
+
+  mkdir -p release-images
+  docker save "codercom/code-server-$ARCH:$VERSION" > "release-images/code-server-$ARCH-$VERSION.tar"
+}
+
+main "$@"

ci/steps/fmt.sh

@@ -0,0 +1,17 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+main() {
+  cd "$(dirname "$0")/../.."
+
+  yarn --frozen-lockfile
+
+  git submodule update --init
+  # We do not `yarn vscode` to make test.sh faster.
+  # If the patch fails to apply, then it's likely already applied
+  yarn vscode:patch &> /dev/null || true
+
+  yarn fmt
+}
+
+main "$@"

ci/steps/lint.sh

@@ -0,0 +1,17 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+main() {
+  cd "$(dirname "$0")/../.."
+
+  yarn --frozen-lockfile
+
+  git submodule update --init
+  # We do not `yarn vscode` to make test.sh faster.
+  # If the patch fails to apply, then it's likely already applied
+  yarn vscode:patch &> /dev/null || true
+
+  yarn lint
+}
+
+main "$@"

ci/steps/publish-npm.sh

@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+main() {
+  cd "$(dirname "$0")/../.."
+  source ./ci/lib.sh
+
+  if [[ ${CI-} ]]; then
+    echo "//registry.npmjs.org/:_authToken=${NPM_TOKEN}" > ~/.npmrc
+  fi
+
+  download_artifact npm-package ./release-npm-package
+  # https://github.com/actions/upload-artifact/issues/38
+  tar -xzf release-npm-package/package.tar.gz
+  yarn publish --non-interactive release
+}
+
+main "$@"

ci/steps/push-docker-manifest.sh

@@ -0,0 +1,37 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+main() {
+  cd "$(dirname "$0")/../.."
+  source ./ci/lib.sh
+
+  download_artifact release-images ./release-images
+  if [[ ${CI-} ]]; then
+    echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin
+  fi
+
+  for img in ./release-images/*; do
+    docker load -i "$img"
+  done
+
+  # We have to ensure the amd64 and arm64 images exist on the remote registry
+  # in order to build the manifest.
+  # We don't put the arch in the tag to avoid polluting the main repository.
+  # These other repositories are private so they don't pollute our organization namespace.
+  docker push "codercom/code-server-amd64:$VERSION"
+  docker push "codercom/code-server-arm64:$VERSION"
+
+  export DOCKER_CLI_EXPERIMENTAL=enabled
+
+  docker manifest create "codercom/code-server:$VERSION" \
+    "codercom/code-server-amd64:$VERSION" \
+    "codercom/code-server-arm64:$VERSION"
+  docker manifest push --purge "codercom/code-server:$VERSION"
+
+  docker manifest create "codercom/code-server:latest" \
+    "codercom/code-server-amd64:$VERSION" \
+    "codercom/code-server-arm64:$VERSION"
+  docker manifest push --purge "codercom/code-server:latest"
+}
+
+main "$@"

ci/steps/release-packages.sh

@@ -0,0 +1,21 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+main() {
+  cd "$(dirname "$0")/../.."
+
+  NODE_VERSION=v12.18.4
+  NODE_OS="$(uname | tr '[:upper:]' '[:lower:]')"
+  NODE_ARCH="$(uname -m | sed 's/86_64/64/; s/aarch64/arm64/')"
+  curl -L "https://nodejs.org/dist/$NODE_VERSION/node-$NODE_VERSION-$NODE_OS-$NODE_ARCH.tar.gz" | tar -xz
+  PATH="$PWD/node-$NODE_VERSION-$NODE_OS-$NODE_ARCH/bin:$PATH"
+
+  # https://github.com/actions/upload-artifact/issues/38
+  tar -xzf release-npm-package/package.tar.gz
+
+  yarn release:standalone
+  yarn test:standalone-release
+  yarn package
+}
+
+main "$@"

ci/steps/release.sh

@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+main() {
+  cd "$(dirname "$0")/../.."
+
+  yarn --frozen-lockfile
+  yarn vscode
+  yarn build
+  yarn build:vscode
+  yarn release
+
+  # https://github.com/actions/upload-artifact/issues/38
+  mkdir -p release-npm-package
+  tar -czf release-npm-package/package.tar.gz release
+}
+
+main "$@"

ci/steps/test.sh

@@ -0,0 +1,17 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+main() {
+  cd "$(dirname "$0")/../.."
+
+  yarn --frozen-lockfile
+
+  git submodule update --init
+  # We do not `yarn vscode` to make test.sh faster.
+  # If the patch fails to apply, then it's likely already applied
+  yarn vscode:patch &> /dev/null || true
+
+  yarn test
+}
+
+main "$@"

doc/CONTRIBUTING.md

@@ -0,0 +1,162 @@
+<!-- START doctoc generated TOC please keep comment here to allow auto update -->
+<!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
+# Contributing
+
+- [Pull Requests](#pull-requests)
+- [Requirements](#requirements)
+- [Development Workflow](#development-workflow)
+- [Build](#build)
+- [Structure](#structure)
+  - [VS Code Patch](#vs-code-patch)
+  - [Currently Known Issues](#currently-known-issues)
+
+<!-- END doctoc generated TOC please keep comment here to allow auto update -->
+
+- [Detailed CI and build process docs](../ci)
+
+## Pull Requests
+
+Please create a [GitHub Issue](https://github.com/cdr/code-server/issues) for each issue
+you'd like to address unless the proposed fix is minor.
+
+In your Pull Requests (PR), link to the issue that the PR solves.
+
+Please ensure that the base of your PR is the **master** branch. (Note: The default
+GitHub branch is the latest release branch, though you should point all of your changes to be merged into
+master).
+
+## Requirements
+
+The prerequisites for contributing to code-server are almost the same as those for
+[VS Code](https://github.com/Microsoft/vscode/wiki/How-to-Contribute#prerequisites).
+There are several differences, however. You must:
+
+- Use Node.js version 12.x (or greater)
+- Have [nfpm](https://github.com/goreleaser/nfpm) (which is used to build `.deb` and `.rpm` packages and [jq](https://stedolan.github.io/jq/) (used to build code-server releases) installed
+
+The [CI container](../ci/images/debian8/Dockerfile) is a useful reference for all
+of the dependencies code-server uses.
+
+## Development Workflow
+
+```shell
+yarn
+yarn vscode
+yarn watch
+# Visit http://localhost:8080 once the build is completed.
+```
+
+To develop inside an isolated Docker container:
+
+```shell
+./ci/dev/image/run.sh yarn
+./ci/dev/image/run.sh yarn vscode
+./ci/dev/image/run.sh yarn watch
+```
+
+`yarn watch` will live reload changes to the source.
+
+If you introduce changes to the patch and you've previously built, you
+must (1) manually reset VS Code and (2) run `yarn vscode:patch`.
+
+## Build
+
+You can build using:
+
+```shell
+./ci/dev/image/run.sh ./ci/steps/release.sh
+```
+
+Run your build with:
+
+```shell
+cd release
+yarn --production
+# Runs the built JavaScript with Node.
+node .
+```
+
+Build the release packages (make sure that you run `./ci/steps/release.sh` first):
+
+```shell
+IMAGE=centos7 ./ci/dev/image/run.sh ./ci/steps/release-packages.sh
+# The standalone release is in ./release-standalone
+# .deb, .rpm and the standalone archive are in ./release-packages
+```
+
+The `release.sh` script is equal to running:
+
+```shell
+yarn
+yarn vscode
+yarn build
+yarn build:vscode
+yarn release
+```
+
+And `release-packages.sh` is equal to:
+
+```shell
+yarn release:standalone
+yarn test:standalone-release
+yarn package
+```
+
+For a faster release build, you can run instead:
+
+```shell
+KEEP_MODULES=1 ./ci/steps/release.sh
+node ./release
+```
+
+## Structure
+
+The `code-server` script serves an HTTP API for login and starting a remote VS Code process.
+
+The CLI code is in [./src/node](./src/node) and the HTTP routes are implemented in
+[./src/node/app](./src/node/app).
+
+Most of the meaty parts are in the VS Code patch, which we described next.
+
+### VS Code Patch
+
+In v1 of code-server, we had a patch of VS Code that split the codebase into a front-end
+and a server. The front-end consisted of all UI code, while the server ran the extensions
+and exposed an API to the front-end for file access and all UI needs.
+
+Over time, Microsoft added support to VS Code to run it on the web. They have made
+the front-end open source, but not the server. As such, code-server v2 (and later) uses
+the VS Code front-end and implements the server. You can find this in
+[./ci/dev/vscode.patch](../ci/dev/vscode.patch) under the path `src/vs/server`.
+
+Other notable changes in our patch include:
+
+- Adding our build file, which includes our code and VS Code's web code
+- Allowing multiple extension directories (both user and built-in)
+- Modifying the loader, websocket, webview, service worker, and asset requests to
+  use the URL of the page as a base (and TLS, if necessary for the websocket)
+- Sending client-side telemetry through the server
+- Allowing modification of the display language
+- Making it possible for us to load code on the client
+- Making extensions work in the browser
+- Making it possible to install extensions of any kind
+- Fixing issue with getting disconnected when your machine sleeps or hibernates
+- Adding connection type to web socket query parameters
+
+As the web portion of VS Code matures, we'll be able to shrink and possibly
+eliminate our patch. In the meantime, upgrading the VS Code version requires
+us to ensure that the patch is applied and works as intended. In the future,
+we'd like to run VS Code unit tests against our builds to ensure that features
+work as expected.
+
+To generate a new patch, run `yarn vscode:diff`
+
+**Note**: We have [extension docs](../ci/README.md) on the CI and build system.
+
+If the functionality you're working on does NOT depend on code from VS Code, please
+move it out and into code-server.
+
+### Currently Known Issues
+
+- Creating custom VS Code extensions and debugging them doesn't work
+- Extension profiling and tips are currently disabled

doc/FAQ.md

@@ -0,0 +1,322 @@
+<!-- START doctoc generated TOC please keep comment here to allow auto update -->
+<!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
+# FAQ
+
+- [Questions?](#questions)
+- [iPad Status?](#ipad-status)
+- [How can I reuse my VS Code configuration?](#how-can-i-reuse-my-vs-code-configuration)
+- [Differences compared to VS Code?](#differences-compared-to-vs-code)
+- [How can I request a missing extension?](#how-can-i-request-a-missing-extension)
+- [How do I configure the marketplace URL?](#how-do-i-configure-the-marketplace-url)
+- [Where are extensions stored?](#where-are-extensions-stored)
+- [How is this different from VS Code Codespaces?](#how-is-this-different-from-vs-code-codespaces)
+- [How should I expose code-server to the internet?](#how-should-i-expose-code-server-to-the-internet)
+- [How do I securely access web services?](#how-do-i-securely-access-web-services)
+  - [Sub-paths](#sub-paths)
+  - [Sub-domains](#sub-domains)
+- [Multi-tenancy](#multi-tenancy)
+- [Docker in code-server container?](#docker-in-code-server-container)
+- [How can I disable telemetry?](#how-can-i-disable-telemetry)
+- [How does code-server decide what workspace or folder to open?](#how-does-code-server-decide-what-workspace-or-folder-to-open)
+- [How do I debug issues with code-server?](#how-do-i-debug-issues-with-code-server)
+- [Heartbeat File](#heartbeat-file)
+- [Healthz endpoint](#healthz-endpoint)
+- [How does the config file work?](#how-does-the-config-file-work)
+- [Isn't an install script piped into sh insecure?](#isnt-an-install-script-piped-into-sh-insecure)
+- [How do I make my keyboard shortcuts work?](#how-do-i-make-my-keyboard-shortcuts-work)
+- [Differences compared to Theia?](#differences-compared-to-theia)
+- [Enterprise](#enterprise)
+
+<!-- END doctoc generated TOC please keep comment here to allow auto update -->
+
+## Questions?
+
+Please file all questions and support requests at https://github.com/cdr/code-server/discussions.
+
+## iPad Status?
+
+Please see [./ipad.md](./ipad.md).
+
+## How can I reuse my VS Code configuration?
+
+The very popular [Settings Sync](https://marketplace.visualstudio.com/items?itemName=Shan.code-settings-sync) extension works.
+
+You can also pass `--user-data-dir ~/.vscode` to reuse your existing VS Code extensions and configuration.
+
+Or copy `~/.vscode` into `~/.local/share/code-server`.
+
+## Differences compared to VS Code?
+
+`code-server` takes the open source core of VS Code and allows you to run it in the browser.
+However, it is not entirely equivalent to Microsoft's VS Code.
+
+While the core of VS Code is open source, the marketplace and many published Microsoft extensions are not.
+
+Furthermore, Microsoft prohibits the use of any non-Microsoft VS Code from accessing their marketplace.
+
+See the [TOS](https://cdn.vsassets.io/v/M146_20190123.39/_content/Microsoft-Visual-Studio-Marketplace-Terms-of-Use.pdf).
+
+> Marketplace Offerings are intended for use only with Visual Studio Products and Services
+> and you may only install and use Marketplace Offerings with Visual Studio Products and Services.
+
+As a result, we cannot offer any extensions on the Microsoft marketplace. Instead,
+we have created our own marketplace for open source extensions.
+It works by scraping GitHub for VS Code extensions and building them. It's not perfect but getting
+better by the day with more and more extensions.
+
+These are the closed source extensions presently unavailable:
+
+1. [Live Share](https://visualstudio.microsoft.com/services/live-share)
+   - We may implement something similar, see [#33](https://github.com/cdr/code-server/issues/33)
+1. [Remote Extensions (SSH, Containers, WSL)](https://github.com/microsoft/vscode-remote-release)
+   - We may reimplement these at some point, see [#1315](https://github.com/cdr/code-server/issues/1315)
+
+For more about the closed source parts of VS Code, see [vscodium/vscodium](https://github.com/VSCodium/vscodium#why-does-this-exist).
+
+## How can I request a missing extension?
+
+Please open a new issue and select the `Extension request` template.
+
+If an extension is not available or does not work, you can grab its VSIX from its Github releases or
+build it yourself. Then run the `Extensions: Install from VSIX` command in the Command Palette and
+point to the .vsix file.
+
+See below for installing an extension from the cli.
+
+## How do I configure the marketplace URL?
+
+If you have your own marketplace that implements the VS Code Extension Gallery API, it is possible to
+point code-server to it by setting `$SERVICE_URL` and `$ITEM_URL`. These correspond directly
+to `serviceUrl` and `itemUrl` in VS Code's `product.json`.
+
+e.g. to use [open-vsx.org](https://open-vsx.org):
+
+```bash
+export SERVICE_URL=https://open-vsx.org/vscode/gallery
+export ITEM_URL=https://open-vsx.org/vscode/item
+```
+
+While you can technically use Microsoft's marketplace with these, please do not do so as it
+is against their terms of use. See [above](#differences-compared-to-vs-code) and this
+discussion regarding the use of the Microsoft URLs in forks:
+
+https://github.com/microsoft/vscode/issues/31168#issue-244533026
+
+These variables are most valuable to our enterprise customers for whom we have a self hosted marketplace product.
+
+## Where are extensions stored?
+
+Defaults to `~/.local/share/code-server/extensions`.
+
+If the `XDG_DATA_HOME` environment variable is set the data directory will be
+`$XDG_DATA_HOME/code-server/extensions`. In general we try to follow the XDG directory spec.
+
+You can install an extension on the CLI with:
+
+```bash
+# From the Coder extension marketplace
+code-server --install-extension ms-python.python
+
+# From a downloaded VSIX on the file system
+code-server --install-extension downloaded-ms-python.python.vsix
+```
+
+## How is this different from VS Code Codespaces?
+
+VS Code Codespaces is a closed source and paid service by Microsoft. It also allows you to access
+VS Code via the browser.
+
+However, code-server is free, open source and can be run on any machine without any limitations.
+
+While you can self host environments with VS Code Codespaces, you still need an Azure billing
+account and you have to access VS Code via the Codespaces web dashboard instead of directly
+connecting to your instance.
+
+## How should I expose code-server to the internet?
+
+Please follow [./guide.md](./guide.md) for our recommendations on setting up and using code-server.
+
+code-server only supports password authentication natively.
+
+**note**: code-server will rate limit password authentication attempts at 2 a minute and 12 an hour.
+
+If you want to use external authentication (i.e sign in with Google) you should handle this
+with a reverse proxy using something like [oauth2_proxy](https://github.com/pusher/oauth2_proxy)
+or [Cloudflare Access](https://teams.cloudflare.com/access).
+
+For HTTPS, you can use a self signed certificate by passing in just `--cert` or
+pass in an existing certificate by providing the path to `--cert` and the path to
+the key with `--cert-key`.
+
+The self signed certificate will be generated into
+`~/.local/share/code-server/self-signed.crt`.
+
+If `code-server` has been passed a certificate it will also respond to HTTPS
+requests and will redirect all HTTP requests to HTTPS.
+
+You can use [Let's Encrypt](https://letsencrypt.org/) to get a TLS certificate
+for free.
+
+Again, please follow [./guide.md](./guide.md) for our recommendations on setting up and using code-server.
+
+## How do I securely access web services?
+
+code-server is capable of proxying to any port using either a subdomain or a
+subpath which means you can securely access these services using code-server's
+built-in authentication.
+
+### Sub-paths
+
+Just browse to `/proxy/<port>/`.
+
+### Sub-domains
+
+You will need a DNS entry that points to your server for each port you want to
+access. You can either set up a wildcard DNS entry for `*.<domain>` if your domain
+name registrar supports it or you can create one for every port you want to
+access (`3000.<domain>`, `8080.<domain>`, etc).
+
+You should also set up TLS certificates for these subdomains, either using a
+wildcard certificate for `*.<domain>` or individual certificates for each port.
+
+Start code-server with the `--proxy-domain` flag set to your domain.
+
+```
+code-server --proxy-domain <domain>
+```
+
+Now you can browse to `<port>.<domain>`. Note that this uses the host header so
+ensure your reverse proxy forwards that information if you are using one.
+
+## Multi-tenancy
+
+If you want to run multiple code-servers on shared infrastructure, we recommend using virtual
+machines with a VM per user. This will easily allow users to run a docker daemon. If you want
+to use kubernetes, you'll definitely want to use [kubevirt](https://kubevirt.io) to give each
+user a virtual machine instead of just a container.
+
+## Docker in code-server container?
+
+If you'd like to access docker inside of code-server, mount the docker socket in from `/var/run/docker.sock`.
+Install the docker CLI in the code-server container and you should be able to access the daemon!
+
+You can even make volume mounts work. Lets say you want to run a container and mount in
+`/home/coder/myproject` into it from inside the `code-server` container. You need to make sure
+the docker daemon's `/home/coder/myproject` is the same as the one mounted inside the `code-server`
+container and the mount will just work.
+
+## How can I disable telemetry?
+
+Use the `--disable-telemetry` flag to completely disable telemetry. We use the
+data collected only to improve code-server.
+
+## How does code-server decide what workspace or folder to open?
+
+code-server tries the following in order:
+
+1. The `workspace` query parameter.
+2. The `folder` query parameter.
+3. The workspace or directory passed on the command line.
+4. The last opened workspace or directory.
+
+## How do I debug issues with code-server?
+
+First run code-server with at least `debug` logging (or `trace` to be really
+thorough) by setting the `--log` flag or the `LOG_LEVEL` environment variable.
+`-vvv` and `--verbose` are aliases for `--log trace`.
+
+```
+code-server --log debug
+```
+
+Once this is done, replicate the issue you're having then collect logging
+information from the following places:
+
+1. stdout
+2. The most recently created directory in the `~/.local/share/code-server/logs` directory.
+3. The browser console and network tabs.
+
+Additionally, collecting core dumps (you may need to enable them first) if
+code-server crashes can be helpful.
+
+## Heartbeat File
+
+`code-server` touches `~/.local/share/code-server/heartbeat` once a minute as long
+as there is an active browser connection.
+
+If you want to shutdown `code-server` if there hasn't been an active connection in X minutes
+you can do so by continuously checking the last modified time on the heartbeat file and if it is
+older than X minutes, kill `code-server`.
+
+[#1636](https://github.com/cdr/code-server/issues/1636) will make the experience here better.
+
+## Healthz endpoint
+
+`code-server` exposes an endpoint at `/healthz` which can be used to check
+whether `code-server` is up without triggering a heartbeat. The response will
+include a status (`alive` or `expired`) and a timestamp for the last heartbeat
+(defaults to `0`). This endpoint does not require authentication.
+
+```json
+{
+  "status": "alive",
+  "lastHeartbeat": 1599166210566
+}
+```
+
+## How does the config file work?
+
+When `code-server` starts up, it creates a default config file in `~/.config/code-server/config.yaml` that looks
+like this:
+
+```yaml
+bind-addr: 127.0.0.1:8080
+auth: password
+password: mewkmdasosafuio3422 # This is randomly generated for each config.yaml
+cert: false
+```
+
+Each key in the file maps directly to a `code-server` flag. Run `code-server --help` to see
+a listing of all the flags.
+
+The default config here says to listen on the loopback IP port 8080, enable password authorization
+and no TLS. Any flags passed to `code-server` will take priority over the config file.
+
+The `--config` flag or `$CODE_SERVER_CONFIG` can be used to change the config file's location.
+
+The default location also respects `$XDG_CONFIG_HOME`.
+
+## Isn't an install script piped into sh insecure?
+
+Please give
+[this wonderful blogpost](https://sandstorm.io/news/2015-09-24-is-curl-bash-insecure-pgp-verified-install) by
+[sandstorm.io](https://sandstorm.io) a read.
+
+## How do I make my keyboard shortcuts work?
+
+Many shortcuts will not work by default as they'll be caught by the browser.
+
+If you use Chrome you can get around this by installing the PWA.
+
+Once you've entered the editor, click the "plus" icon present in the URL toolbar area.
+This will install a Chrome PWA and now all keybindings will work!
+
+For other browsers you'll have to remap keybindings unfortunately.
+
+## Differences compared to Theia?
+
+[Theia](https://github.com/eclipse-theia/theia) is a browser IDE loosely based on VS Code. It uses the same
+text editor library named [Monaco](https://github.com/Microsoft/monaco-editor) and the same
+extension API but everything else is very different. It also uses [open-vsx.org](https://open-vsx.org)
+for extensions which has an order of magnitude less extensions than our marketplace.
+See [#1473](https://github.com/cdr/code-server/issues/1473).
+
+You can't just use your VS Code config in Theia like you can with code-server.
+
+To summarize, code-server is a patched fork of VS Code to run in the browser whereas
+Theia takes some parts of VS Code but is an entirely different editor.
+
+## Enterprise
+
+Visit [our enterprise page](https://coder.com) for more information about our
+enterprise offerings.

doc/assets/droplet.svg

@@ -1,24 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<svg width="200px" height="40px" viewBox="0 0 200 40" version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
-    <!-- Generator: Sketch 52.5 (67469) - http://www.bohemiancoding.com/sketch -->
-    <title>do-btn-blue-ghost</title>
-    <desc>Created with Sketch.</desc>
-    <g id="Page-1" stroke="none" stroke-width="1" fill="none" fill-rule="evenodd">
-        <g id="Partner-welcome-kit-Copy-3" transform="translate(-651.000000, -828.000000)">
-            <g id="do-btn-blue-ghost" transform="translate(651.000000, 828.000000)">
-                <rect id="Rectangle-Copy-4" stroke="#0069FF" x="0.5" y="0.5" width="199" height="39" rx="6"></rect>
-                <path d="M6,0 L47,0 L47,40 L6,40 C2.6862915,40 4.05812251e-16,37.3137085 0,34 L-8.8817842e-16,6 C-1.29399067e-15,2.6862915 2.6862915,6.08718376e-16 6,0 Z" id="Rectangle-Copy-5" fill="#0069FF"></path>
-                <g id="DO_Logo_horizontal_blue-Copy-3" transform="translate(13.000000, 10.000000)" fill="#FFFFFF">
-                    <path d="M10.0098493,20 L10.0098493,16.1262429 C14.12457,16.1262429 17.2897398,12.0548452 15.7269372,7.74627862 C15.1334679,6.14538921 13.8674,4.86072487 12.2650328,4.28756693 C7.952489,2.72620566 3.87733294,5.88845634 3.87733294,9.99938223 C3.87733294,9.99938223 3.87733294,9.99938223 3.87733294,9.99938223 L0,9.99938223 C0,3.45747613 6.3303395,-1.64165309 13.1948014,0.492866119 C16.2017127,1.42177726 18.57559,3.81322933 19.5053586,6.79760341 C21.6418482,13.6754986 16.5577943,20 10.0098493,20 Z" id="XMLID_49_"></path>
-                    <polygon id="XMLID_47_" points="9.52380952 16.1904762 5.71428571 16.1904762 5.71428571 12.3809524 5.71428571 12.3809524 9.52380952 12.3809524 9.52380952 12.3809524"></polygon>
-                    <polygon id="XMLID_46_" points="6.66666667 19.047619 3.80952381 19.047619 3.80952381 19.047619 3.80952381 16.1904762 6.66666667 16.1904762"></polygon>
-                    <polygon id="XMLID_45_" points="3.80952381 16.1904762 0.952380952 16.1904762 0.952380952 16.1904762 0.952380952 13.3333333 0.952380952 13.3333333 3.80952381 13.3333333 3.80952381 13.3333333"></polygon>
-                </g>
-                <!-- Modified to add GitHub font-family after DigitalOcean's font-family, otherwise it looks bad on GitHub -->
-                <text id="Create-a-Droplet-Copy-3" font-family="Sailec-Medium, Sailec, -apple-system, BlinkMacSystemFont, Segoe UI, Helvetica, Arial, sans-serif, Apple Color Emoji, Segoe UI Emoji, Segoe UI Symbol" font-size="16" font-weight="400" fill="#0069FF">
-                    <tspan x="58" y="26">Create a Droplet</tspan>
-                </text>
-            </g>
-        </g>
-    </g>
-</svg>

doc/cros-install.md

@@ -1,75 +0,0 @@
-# Installing code-server in your ChromiumOS/ChromeOS/CloudReady machine
-
-This guide will show you how to install code-server into your CrOS machine.
-
-## Using Crostini
-
-One of the easier ways to run code-server is via
-[Crostini](https://www.aboutchromebooks.com/tag/project-crostini/), the Linux
-apps support feature in CrOS. Make sure you have enough RAM, HDD space and your
-CPU has VT-x/ AMD-V support. If your chromebook has this, then you are
-qualified to use Crostini.
-
-If you are running R69, you might want to enable this on
-[Chrome Flags](chrome://flags/#enable-experimental-crostini-ui).
-If you run R72, however, this is already enabled for you.
-
-After checking your prerequisites, follow the steps in [the self-host install guide](index.md)
-on installing code-server. Once done, make sure code-server works by running
-it. After running it, simply go to `penguin.linux.test:8080` to access
-code-server. Now you should be greeted with this screen. If you did,
-congratulations, you have installed code-server in your Chromebook!
-
-![code-server on Chromebook](assets/cros.png)
-
-Alternatively, if you ran code-server in another container and you need the IP
-for that specific container, simply go to Termina's shell via `crosh` and type
-`vsh termina`.
-
-```bash
-Loading extra module: /usr/share/crosh/dev.d/50-crosh.sh
-Welcome to crosh, the Chrome OS developer shell.
-
-If you got here by mistake, don't panic!  Just close this tab and carry on.
-
-Type 'help' for a list of commands.
-
-If you want to customize the look/behavior, you can use the options page.
-Load it by using the Ctrl+Shift+P keyboard shortcut.
-
-crosh> vsh termina
-(termina) chronos@localhost ~ $
-```
-While in termina, run `lxc list`. It should output the list of running containers.
-
-```bash
-(termina) chronos@localhost ~ $ lxc list
-+---------|---------|-----------------------|------|------------|-----------+
-|  NAME   |  STATE  |         IPV4          | IPV6 |    TYPE    | SNAPSHOTS |
-+---------|---------|-----------------------|------|------------|-----------+
-| penguin | RUNNING | 100.115.92.199 (eth0) |      | PERSISTENT | 0         |
-+---------|---------|-----------------------|------|------------|-----------+
-(termina) chronos@localhost ~ $
-```
-
-For this example, we show the default `penguin` container, which is exposed on
-`eth0` at 100.115.92.199. Simply enter the IP of the container where the
-code-server runs to Chrome.
-
-## Using Crouton
-
-[Crouton](https://github.com/dnschneid/crouton) is one of the old ways to get a
-running full Linux via `chroot` on a Chromebook. To use crouton, enable
-developer mode and go to `crosh`. This time, run `shell`, which should drop you
-to `bash`.
-
-Make sure you downloaded `crouton`, if so, go ahead and run it under
-`~/Downloads`. After installing your chroot container via crouton, go ahead and
-enter `enter-chroot` to enter your container.
-
-Follow the instructions set in [the self-host install guide](index.md) to
-install code-server. After that is done, run `code-server` and verify it works
-by going to `localhost:8080`.
-
-> At this point in writing, `localhost` seems to work in this method. However,
-> the author is not sure if it applies still to newer Chromebooks.

doc/deploy.md

@@ -1,73 +0,0 @@
-# Set up instance
-## EC2 on AWS
-- Click **Launch Instance** from your [EC2 dashboard](https://console.aws.amazon.com/ec2/v2/home).
-- Select the Ubuntu Server 18.04 LTS (HVM), SSD Volume Type
-- Select an appropriate instance size (we recommend t2.medium/large, depending
-  on team size and number of repositories/languages enabled), then
-  **Next: Configure Instance Details**.
-- Select **Next: ...** until you get to the **Configure Security Group** page,
-  then add a **Custom TCP Rule** rule with port range set to `8080` and source
-  set to "Anywhere".
-  > Rules with source of 0.0.0.0/0 allow all IP addresses to access your
-  > instance. We recommend setting [security group rules](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html?icmpid=docs_ec2_console)
-  > to allow access from known IP addresses only.
-- Click **Launch**.
-- You will be prompted to create a key pair.
-- From the dropdown choose "create a new pair", give the key pair a name.
-- Click **Download Key Pair** and store the file in a safe place.
-- Click **Launch Instances**.
-- Head to your [EC2 dashboard](https://console.aws.amazon.com/ec2/v2/home)
-  and choose instances from the left panel.
-- In the description of your EC2 instance copy the public DNS (iPv4) address
-  using the copy to clipboard button.
-- Open a terminal on your computer and SSH into your instance:
-  ```
-  ssh -i ${path to key pair} ubuntu@${public address}
-  ```
-
-## DigitalOcean
-[Open your DigitalOcean dashboard](https://cloud.digitalocean.com/droplets/new)
-to create a new droplet
-
-- **Choose an image -** Select the **Distributions** tab and then choose Ubuntu.
-- **Choose a size -** We recommend at least 4GB RAM and 2 CPU, more depending
-  on team size and number of repositories/languages enabled.
-- Launch your instance.
-- Open a terminal on your computer and SSH into your instance:
-  ```
-  ssh root@${instance ip}
-  ```
-
-## Google Cloud
-> Pre-requisite: Set up the [Google Cloud SDK](https://cloud.google.com/sdk/docs/)
-> on your local machine
-
-- [Open your Google Cloud console](https://console.cloud.google.com/compute/instances)
-  to create a new VM instance and click **Create Instance**.
-- Choose an appropriate machine type (we recommend 2 vCPU and 7.5 GB RAM, more
-  depending on team size and number of repositories/languages enabled).
-- Choose Ubuntu 16.04 LTS as your boot disk.
-- Expand the "Management, security, disks, networking, sole tenancy" section,
-  go to the "Networking" tab, then under network tags add "code-server".
-- Create your VM, and **take note** of its public IP address.
-- Visit "VPC network" in the console and go to "Firewall rules". Create a new
-  firewall rule called "http-8080". Under "Target tags" add "code-server", and
-  under "Protocols and ports" tick "Specified protocols and ports" and "tcp".
-  Beside "tcp", add "8080", then create the rule.
-- Open a terminal on your computer and SSH into your Google Cloud VM:
-  ```
-  gcloud compute ssh --zone ${region} ${instance name}
-  ```
-# Run code-server
-- Download the latest code-server release from the
-  [releases page](https://github.com/cdr/code-server/releases/latest)
-  to the instance, extract the file, then run the code-server binary:
-  ```
-  wget https://github.com/cdr/code-server/releases/download/{version}/code-server{version}-linux-x64.tar.gz
-  tar -xvzf code-server{version}-linux-x64.tar.gz
-  cd code-server{version}-linux-x64
-  ./code-server
-  ```
-- Open your browser and visit http://$public_ip:8080/ where `$public_ip` is
-  your instance's public IP address.
-- For long-term use, set up a systemd service to run code-server.

doc/examples/fail2ban.conf

@@ -1,15 +0,0 @@
-# Fail2Ban filter for code-server
-
-[Definition]
-
-failregex = ^INFO\s+Failed login attempt\s+{\"password\":\"(\\.|[^"])*\",\"remoteAddress\":\"<HOST>\"
-
-# Use this instead for proxies (ensure the proxy is configured to send the
-# X-Forwarded-For header).
-# failregex = ^INFO\s+Failed login attempt\s+{\"password\":\"(\\.|[^"])*\",\"xForwardedFor\":\"<HOST>\"
-
-ignoreregex =
-
-datepattern = "timestamp":{EPOCH}}$
-
-# Author: Dean Sheather

doc/examples/kubernetes.aws.yaml

@@ -1,73 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: code-server
----
-apiVersion: v1
-kind: Service
-metadata:
- name: code-server
- namespace: code-server
-spec:
- ports:
- - port: 8080
-   name: https
-   protocol: TCP
- selector:
-   app: code-server
- type: ClusterIP
----
-kind: StorageClass
-apiVersion: storage.k8s.io/v1
-metadata:
-  name: gp2
-  annotations:
-    storageclass.kubernetes.io/is-default-class: "true"
-provisioner: kubernetes.io/aws-ebs
-parameters:
-  type: gp2
-  fsType: ext4
----
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
-  name: code-store
-  namespace: code-server
-spec:
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 60Gi
----
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
-  labels:
-    app: code-server
-  name: code-server
-  namespace: code-server
-spec:
-  selector:
-    matchLabels:
-      app: code-server
-  replicas: 1
-  template:
-    metadata:
-      labels:
-        app: code-server
-    spec:
-      containers:
-      - image: codercom/code-server
-        imagePullPolicy: Always
-        name: code-servery
-        ports:
-        - containerPort: 8080
-          name: https
-        volumeMounts:
-        - name: code-server-storage
-          mountPath: /go/src
-      volumes:
-      - name: code-server-storage
-        persistentVolumeClaim:
-          claimName: code-store

doc/examples/kubernetes.yaml

@@ -1,43 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
-  name: code-server
----
-apiVersion: v1
-kind: Service
-metadata:
- name: code-server
- namespace: code-server
-spec:
- ports:
- - port: 8080
-   name: https
-   protocol: TCP
- selector:
-   app: code-server
- type: ClusterIP
----
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
-  labels:
-    app: code-server
-  name: code-server
-  namespace: code-server
-spec:
-  selector:
-    matchLabels:
-      app: code-server
-  replicas: 1
-  template:
-    metadata:
-      labels:
-        app: code-server
-    spec:
-      containers:
-      - image: codercom/code-server
-        imagePullPolicy: Always
-        name: code-server
-        ports:
-        - containerPort: 8080
-          name: https

doc/fail2ban.md

@@ -1,35 +0,0 @@
-# Protecting code-server from bruteforce attempts
-code-server outputs all failed login attempts, along with the IP address,
-provided password, user agent and timestamp by default.
-
-When using a reverse proxy such as Nginx or Apache, the remote address may
-appear to be `127.0.0.1` or a similar address so `X-Forwarded-For` should be
-used instead. Ensure that you are setting this value in your reverse proxy:
-
-Nginx:
-```
-location / {
-  ...
-  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-  ...
-}
-```
-
-Apache:
-```
-<VirtualEnv>
-  ...
-  SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
-  ...
-</VirtualEnv>
-```
-
-It is extremely important that you ensure that your code-server instance is not
-accessible from the internet (use localhost or block it in your firewall).
-
-## Fail2Ban
-Fail2Ban allows for automatically banning and logging repeated failed
-authentication attempts for many applications through regex filters. A working
-filter for code-server can be found in `./code-server.fail2ban.conf`. Once this
-is installed and configured correctly, repeated failed login attempts should
-automatically be banned from connecting to your server.

doc/guide.md

@@ -0,0 +1,304 @@
+<!-- START doctoc generated TOC please keep comment here to allow auto update -->
+<!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
+# Setup Guide
+
+- [1. Acquire a remote machine](#1-acquire-a-remote-machine)
+  - [Requirements](#requirements)
+  - [Google Cloud](#google-cloud)
+- [2. Install code-server](#2-install-code-server)
+- [3. Expose code-server](#3-expose-code-server)
+  - [SSH forwarding](#ssh-forwarding)
+  - [Let's Encrypt](#lets-encrypt)
+    - [NGINX](#nginx)
+  - [Self Signed Certificate](#self-signed-certificate)
+  - [Change the password?](#change-the-password)
+  - [How do I securely access development web services?](#how-do-i-securely-access-development-web-services)
+
+<!-- END doctoc generated TOC please keep comment here to allow auto update -->
+
+This guide demonstrates how to setup and use `code-server`.
+To reiterate, `code-server` lets you run VS Code on a remote server and then access it via a browser.
+
+Further docs are at:
+
+- [README](../README.md) for a general overview
+- [INSTALL](../doc/install.md) for installation
+- [FAQ](./FAQ.md) for common questions.
+- [CONTRIBUTING](../doc/CONTRIBUTING.md) for development docs
+
+We highly recommend reading the [FAQ](./FAQ.md) on the [Differences compared to VS Code](./FAQ.md#differences-compared-to-vs-code) before beginning.
+
+We'll walk you through acquiring a remote machine to run `code-server` on
+and then exposing `code-server` so you can securely access it.
+
+## 1. Acquire a remote machine
+
+First, you need a machine to run `code-server` on. You can use a physical
+machine you have lying around or use a VM on GCP/AWS.
+
+### Requirements
+
+For a good experience, we recommend at least:
+
+- 1 GB of RAM
+- 2 cores
+
+You can use whatever linux distribution floats your boat but in this guide we assume Debian on Google Cloud.
+
+### Google Cloud
+
+For demonstration purposes, this guide assumes you're using a VM on GCP but you should be
+able to easily use any machine or VM provider.
+
+You can sign up at https://console.cloud.google.com/getting-started. You'll get a 12 month \$300
+free trial.
+
+Once you've signed up and created a GCP project, create a new Compute Engine VM Instance.
+
+1. Navigate to `Compute Engine -> VM Instances` on the sidebar.
+2. Now click `Create Instance` to create a new instance.
+3. Name it whatever you want.
+4. Choose the region closest to you based on [gcping.com](http://www.gcping.com).
+5. Any zone is fine.
+6. We'd recommend a `E2` series instance from the General-purpose family.
+   - Change the type to custom and set at least 2 cores and 2 GB of ram.
+   - Add more vCPUs and memory as you prefer, you can edit after creating the instance as well.
+   - https://cloud.google.com/compute/docs/machine-types#general_purpose
+7. We highly recommend switching the persistent disk to an SSD of at least 32 GB.
+   - Click `Change` under `Boot Disk` and change the type to `SSD Persistent Disk` and the size
+     to `32`.
+   - You can always grow your disk later.
+8. Navigate to `Networking -> Network interfaces` and edit the existing interface
+   to use a static external IP.
+   - Click done to save network interface changes.
+9. If you do not have a [project wide SSH key](https://cloud.google.com/compute/docs/instances/adding-removing-ssh-keys#project-wide), navigate to `Security -> SSH Keys` and add your public key there.
+10. Click create!
+
+Remember, you can shutdown your server when not in use to lower costs.
+
+We highly recommend learning to use the [`gcloud`](https://cloud.google.com/sdk/gcloud) cli
+to avoid the slow dashboard.
+
+## 2. Install code-server
+
+We have a [script](../install.sh) to install `code-server` for Linux, macOS and FreeBSD.
+
+It tries to use the system package manager if possible.
+
+First run to print out the install process:
+
+```bash
+curl -fsSL https://code-server.dev/install.sh | sh -s -- --dry-run
+```
+
+Now to actually install:
+
+```bash
+curl -fsSL https://code-server.dev/install.sh | sh
+```
+
+The install script will print out how to run and start using `code-server`.
+
+Docs on the install script, manual installation and docker image are at [./install.md](./install.md).
+
+## 3. Expose code-server
+
+**Never**, **ever** expose `code-server` directly to the internet without some form of authentication
+and encryption as someone can completely takeover your machine with the terminal.
+
+By default, `code-server` will enable password authentication which will require you to copy the
+password from the`code-server`config file to login. It will listen on`localhost` to avoid exposing
+itself to the world. This is fine for testing but will not work if you want to access `code-server`
+from a different machine.
+
+There are several approaches to securely operating and exposing `code-server`.
+
+**tip**: You can list the full set of `code-server` options with `code-server --help`
+
+### SSH forwarding
+
+We highly recommend this approach for not requiring any additional setup, you just need an
+SSH server on your remote machine. The downside is you won't be able to access `code-server`
+on any machine without an SSH client like on iPad. If that's important to you, skip to [Let's Encrypt](#lets-encrypt).
+
+First, ssh into your instance and edit your `code-server` config file to disable password authentication.
+
+```bash
+# Replaces "auth: password" with "auth: none" in the code-server config.
+sed -i.bak 's/auth: password/auth: none/' ~/.config/code-server/config.yaml
+```
+
+Restart `code-server` with (assuming you followed the guide):
+
+```bash
+sudo systemctl restart code-server@$USER
+```
+
+Now forward local port 8080 to `127.0.0.1:8080` on the remote instance by running the following command on your local machine.
+
+Recommended reading: https://help.ubuntu.com/community/SSH/OpenSSH/PortForwarding.
+
+```bash
+# -N disables executing a remote shell
+ssh -N -L 8080:127.0.0.1:8080 [user]@<instance-ip>
+```
+
+Now if you access http://127.0.0.1:8080 locally, you should see `code-server`!
+
+If you want to make the SSH port forwarding persistent we recommend using
+[mutagen](https://mutagen.io/documentation/introduction/installation).
+
+```
+# Same as the above SSH command but runs in the background continuously.
+# Add `mutagen daemon start` to your ~/.bashrc to start the mutagen daemon when you open a shell.
+mutagen forward create --name=code-server tcp:127.0.0.1:8080 <instance-ip>:tcp:127.0.0.1:8080
+```
+
+We also recommend adding the following lines to your `~/.ssh/config` to quickly detect bricked SSH connections:
+
+```bash
+Host *
+ServerAliveInterval 5
+ExitOnForwardFailure yes
+```
+
+You can also forward your SSH and GPG agent to the instance to securely access GitHub
+and sign commits without copying your keys.
+
+1. https://developer.github.com/v3/guides/using-ssh-agent-forwarding/
+2. https://wiki.gnupg.org/AgentForwarding
+
+### Let's Encrypt
+
+[Let's Encrypt](https://letsencrypt.org) is a great option if you want to access `code-server` on an iPad
+or do not want to use SSH forwarding. This does require that the remote machine be exposed to the internet.
+
+Assuming you have been following the guide, edit your instance and checkmark the allow HTTP/HTTPS traffic options.
+
+1. You'll need to buy a domain name. We recommend [Google Domains](https://domains.google.com).
+2. Add an A record to your domain with your instance's IP.
+3. Install caddy https://caddyserver.com/docs/download#debian-ubuntu-raspbian.
+
+```bash
+echo "deb [trusted=yes] https://apt.fury.io/caddy/ /" \
+    | sudo tee -a /etc/apt/sources.list.d/caddy-fury.list
+sudo apt update
+sudo apt install caddy
+```
+
+4. Replace `/etc/caddy/Caddyfile` with sudo to look like this:
+
+```
+mydomain.com
+
+reverse_proxy 127.0.0.1:8080
+```
+
+Remember to replace `mydomain.com` with your domain name!
+
+5. Reload caddy with:
+
+```bash
+sudo systemctl reload caddy
+```
+
+Visit `https://<your-domain-name>` to access `code-server`. Congratulations!
+
+In a future release we plan to integrate Let's Encrypt directly with `code-server` to avoid
+the dependency on caddy.
+
+#### NGINX
+
+If you prefer to use NGINX instead of Caddy then please follow steps 1-2 above and then:
+
+3. Install `nginx`:
+
+```bash
+sudo apt update
+sudo apt install -y nginx certbot python-certbot-nginx
+```
+
+4. Put the following config into `/etc/nginx/sites-available/code-server` with sudo:
+
+```nginx
+server {
+    listen 80;
+    listen [::]:80;
+    server_name mydomain.com;
+
+    location / {
+      proxy_pass http://localhost:8080/;
+      proxy_set_header Host $host;
+      proxy_set_header Upgrade $http_upgrade;
+      proxy_set_header Connection upgrade;
+      proxy_set_header Accept-Encoding gzip;
+    }
+}
+```
+
+Remember to replace `mydomain.com` with your domain name!
+
+5. Enable the config:
+
+```bash
+sudo ln -s ../sites-available/code-server /etc/nginx/sites-enabled/code-server
+sudo certbot --non-interactive --redirect --agree-tos --nginx -d mydomain.com -m me@example.com
+```
+
+Make sure to substitute `me@example.com` with your actual email.
+
+Visit `https://<your-domain-name>` to access `code-server`. Congratulations!
+
+### Self Signed Certificate
+
+**note:** Self signed certificates do not work with iPad normally. See [./ipad.md](./ipad.md) for details.
+
+Recommended reading: https://security.stackexchange.com/a/8112.
+
+We recommend this as a last resort because self signed certificates do not work with iPads and can
+cause other bizarre issues. Not to mention all the warnings when you access `code-server`.
+Only use this if:
+
+1. You do not want to buy a domain or you cannot expose the remote machine to the internet.
+2. You do not want to use SSH forwarding.
+
+ssh into your instance and edit your code-server config file to use a randomly generated self signed certificate:
+
+```bash
+# Replaces "cert: false" with "cert: true" in the code-server config.
+sed -i.bak 's/cert: false/cert: true/' ~/.config/code-server/config.yaml
+# Replaces "bind-addr: 127.0.0.1:8080" with "bind-addr: 0.0.0.0:443" in the code-server config.
+sed -i.bak 's/bind-addr: 127.0.0.1:8080/bind-addr: 0.0.0.0:443/' ~/.config/code-server/config.yaml
+# Allows code-server to listen on port 443.
+sudo setcap cap_net_bind_service=+ep /usr/lib/code-server/lib/node
+```
+
+Assuming you have been following the guide, restart `code-server` with:
+
+```bash
+sudo systemctl restart code-server@$USER
+```
+
+Edit your instance and checkmark the allow HTTPS traffic option.
+
+Visit `https://<your-instance-ip>` to access `code-server`.
+You'll get a warning when accessing but if you click through you should be good.
+
+To avoid the warnings, you can use [mkcert](https://mkcert.dev) to create a self signed certificate
+trusted by your OS and then pass it into `code-server` via the `cert` and `cert-key` config
+fields.
+
+### Change the password?
+
+Edit the `password` field in the `code-server` config file at `~/.config/code-server/config.yaml`
+and then restart `code-server` with:
+
+```bash
+sudo systemctl restart code-server@$USER
+```
+
+### How do I securely access development web services?
+
+If you're working on a web service and want to access it locally, `code-server` can proxy it for you.
+
+See the [FAQ](./FAQ.md#how-do-i-securely-access-web-services).

doc/install.md

@@ -0,0 +1,199 @@
+<!-- START doctoc generated TOC please keep comment here to allow auto update -->
+<!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
+# Install
+
+- [install.sh](#installsh)
+  - [Flags](#flags)
+  - [Detection Reference](#detection-reference)
+- [Debian, Ubuntu](#debian-ubuntu)
+- [Fedora, CentOS, RHEL, SUSE](#fedora-centos-rhel-suse)
+- [Arch Linux](#arch-linux)
+- [yarn, npm](#yarn-npm)
+- [macOS](#macos)
+- [Standalone Releases](#standalone-releases)
+- [Docker](#docker)
+- [helm](#helm)
+
+<!-- END doctoc generated TOC please keep comment here to allow auto update -->
+
+This document demonstrates how to install `code-server` on
+various distros and operating systems.
+
+## install.sh
+
+We have a [script](../install.sh) to install code-server for Linux, macOS and FreeBSD.
+
+It tries to use the system package manager if possible.
+
+First run to print out the install process:
+
+```bash
+curl -fsSL https://code-server.dev/install.sh | sh -s -- --dry-run
+```
+
+Now to actually install:
+
+```bash
+curl -fsSL https://code-server.dev/install.sh | sh
+```
+
+The script will print out how to run and start using code-server.
+
+If you believe an install script used with `curl | sh` is insecure, please give
+[this wonderful blogpost](https://sandstorm.io/news/2015-09-24-is-curl-bash-insecure-pgp-verified-install) by
+[sandstorm.io](https://sandstorm.io) a read.
+
+If you'd still prefer manual installation despite the below [detection reference](#detection-reference) and `--dry-run`
+then continue on for docs on manual installation. The [`install.sh`](../install.sh) script runs the _exact_ same
+commands presented in the rest of this document.
+
+### Flags
+
+- `--dry-run` to echo the commands for the install process without running them.
+- `--method` to choose the installation method.
+  - `--method=detect` to detect the package manager but fallback to `--method=standalone`.
+  - `--method=standalone` to install a standalone release archive into `~/.local`.
+- `--prefix=/usr/local` to install a standalone release archive system wide.
+- `--version=X.X.X` to install version `X.X.X` instead of latest.
+- `--help` to see full usage docs.
+
+### Detection Reference
+
+- For Debian, Ubuntu and Raspbian it will install the latest deb package.
+- For Fedora, CentOS, RHEL and openSUSE it will install the latest rpm package.
+- For Arch Linux it will install the AUR package.
+- For any unrecognized Linux operating system it will install the latest standalone release into `~/.local`.
+
+  - Add `~/.local/bin` to your `$PATH` to run code-server.
+
+- For macOS it will install the Homebrew package.
+
+  - If Homebrew is not installed it will install the latest standalone release into `~/.local`.
+  - Add `~/.local/bin` to your `$PATH` to run code-server.
+
+- For FreeBSD, it will install the [npm package](#yarn-npm) with `yarn` or `npm`.
+
+- If ran on an architecture with no releases, it will install the [npm package](#yarn-npm) with `yarn` or `npm`.
+  - We only have releases for amd64 and arm64 presently.
+  - The [npm package](#yarn-npm) builds the native modules on postinstall.
+
+## Debian, Ubuntu
+
+```bash
+curl -fOL https://github.com/cdr/code-server/releases/download/v3.7.2/code-server_3.7.2_amd64.deb
+sudo dpkg -i code-server_3.7.2_amd64.deb
+sudo systemctl enable --now code-server@$USER
+# Now visit http://127.0.0.1:8080. Your password is in ~/.config/code-server/config.yaml
+```
+
+## Fedora, CentOS, RHEL, SUSE
+
+```bash
+curl -fOL https://github.com/cdr/code-server/releases/download/v3.7.2/code-server-3.7.2-amd64.rpm
+sudo rpm -i code-server-3.7.2-amd64.rpm
+sudo systemctl enable --now code-server@$USER
+# Now visit http://127.0.0.1:8080. Your password is in ~/.config/code-server/config.yaml
+```
+
+## Arch Linux
+
+```bash
+# Installs code-server from the AUR using yay.
+yay -S code-server
+sudo systemctl enable --now code-server@$USER
+# Now visit http://127.0.0.1:8080. Your password is in ~/.config/code-server/config.yaml
+```
+
+```bash
+# Installs code-server from the AUR with plain makepkg.
+git clone https://aur.archlinux.org/code-server.git
+cd code-server
+makepkg -si
+sudo systemctl enable --now code-server@$USER
+# Now visit http://127.0.0.1:8080. Your password is in ~/.config/code-server/config.yaml
+```
+
+## yarn, npm
+
+We recommend installing with `yarn` or `npm` when:
+
+1. You aren't on `amd64` or `arm64`.
+2. If you're on Linux with glibc < v2.17 or glibcxx < v3.4.18
+
+**note:** Installing via `yarn` or `npm` builds native modules on install and so requires C dependencies.
+See [./npm.md](./npm.md) for installing these dependencies.
+
+You will need at least node v12 installed. See [#1633](https://github.com/cdr/code-server/issues/1633).
+
+```bash
+yarn global add code-server
+# Or: npm install -g code-server
+code-server
+# Now visit http://127.0.0.1:8080. Your password is in ~/.config/code-server/config.yaml
+```
+
+## macOS
+
+```bash
+brew install code-server
+brew services start code-server
+# Now visit http://127.0.0.1:8080. Your password is in ~/.config/code-server/config.yaml
+```
+
+## Standalone Releases
+
+We publish self contained `.tar.gz` archives for every release on [github](https://github.com/cdr/code-server/releases).
+They bundle the node binary and `node_modules`.
+
+These are created from the [npm package](#yarn-npm) and the rest of the releases are created from these.
+Only requirement is glibc >= 2.17 && glibcxx >= v3.4.18 on Linux and for macOS there is no minimum system requirement.
+
+1. Download the latest release archive for your system from [github](https://github.com/cdr/code-server/releases).
+2. Unpack the release.
+3. You can run code-server by executing `./bin/code-server`.
+
+You can add the code-server `bin` directory to your `$PATH` to easily execute `code-server`
+without the full path every time.
+
+Here is an example script for installing and using a standalone `code-server` release on Linux:
+
+```bash
+mkdir -p ~/.local/lib ~/.local/bin
+curl -fL https://github.com/cdr/code-server/releases/download/v3.7.2/code-server-3.7.2-linux-amd64.tar.gz \
+  | tar -C ~/.local/lib -xz
+mv ~/.local/lib/code-server-3.7.2-linux-amd64 ~/.local/lib/code-server-3.7.2
+ln -s ~/.local/lib/code-server-3.7.2/bin/code-server ~/.local/bin/code-server
+PATH="~/.local/bin:$PATH"
+code-server
+# Now visit http://127.0.0.1:8080. Your password is in ~/.config/code-server/config.yaml
+```
+
+## Docker
+
+```bash
+# This will start a code-server container and expose it at http://127.0.0.1:8080.
+# It will also mount your current directory into the container as `/home/coder/project`
+# and forward your UID/GID so that all file system operations occur as your user outside
+# the container.
+#
+# Your $HOME/.config is mounted at $HOME/.config within the container to ensure you can
+# easily access/modify your code-server config in $HOME/.config/code-server/config.json
+# outside the container.
+mkdir -p ~/.config
+docker run -it --name code-server -p 127.0.0.1:8080:8080 \
+  -v "$HOME/.config:/home/coder/.config" \
+  -v "$PWD:/home/coder/project" \
+  -u "$(id -u):$(id -g)" \
+  -e "DOCKER_USER=$USER" \
+  codercom/code-server:latest
+```
+
+Our official image supports `amd64` and `arm64`.
+
+For `arm32` support there is a popular community maintained alternative:
+
+https://hub.docker.com/r/linuxserver/code-server
+
+## helm
+
+See [the chart](../ci/helm-chart).

doc/ipad.md

@@ -0,0 +1,53 @@
+<!-- START doctoc generated TOC please keep comment here to allow auto update -->
+<!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
+# iPad
+
+- [Known Issues](#known-issues)
+- [How to access code-server with a self signed certificate on iPad?](#how-to-access-code-server-with-a-self-signed-certificate-on-ipad)
+
+<!-- END doctoc generated TOC please keep comment here to allow auto update -->
+
+## Known Issues
+
+- Getting self signed certificates certificates to work is involved, see below.
+- Keyboard may disappear sometimes [#1313](https://github.com/cdr/code-server/issues/1313), [#979](https://github.com/cdr/code-server/issues/979)
+- Trackpad scrolling does not work [#1455](https://github.com/cdr/code-server/issues/1455)
+- See [issues tagged with the iPad label](https://github.com/cdr/code-server/issues?q=is%3Aopen+is%3Aissue+label%3AiPad) for more.
+
+## How to access code-server with a self signed certificate on iPad?
+
+Accessing a self signed certificate on iPad isn't as easy as accepting through all
+the security warnings. Safari will prevent WebSocket connections unless the certificate
+is installed as a profile on the device.
+
+The below assumes you are using the self signed certificate that code-server
+generates for you. If not, that's fine but you'll have to make sure your certificate
+abides by the following guidelines from Apple: https://support.apple.com/en-us/HT210176
+
+**note**: Another undocumented requirement we noticed is that the certificate has to have `basicConstraints=CA:true`.
+
+The following instructions assume you have code-server installed and running
+with a self signed certificate. If not, please first go through [./guide.md](./guide.md)!
+
+**warning**: Your iPad must access code-server via a domain name. It could be local
+DNS like `mymacbookpro.local` but it must be a domain name. Otherwise Safari will
+refuse to allow WebSockets to connect.
+
+1. Your certificate **must** have a subject alt name that matches the hostname
+   at which you will access code-server from your iPad. You can pass this to code-server
+   so that it generates the certificate correctly with `--cert-host`.
+2. Share your self signed certificate with the iPad.
+   - code-server will print the location of the certificate it has generated in the logs.
+
+```
+[2020-10-30T08:55:45.139Z] info    - Using generated certificate and key for HTTPS: ~/.local/share/code-server/mymbp_local.crt
+```
+
+- You can mail it to yourself or if you have a Mac, it's easiest to just Airdrop to the iPad.
+
+3. When opening the `*.crt` file, you'll be prompted to go into settings to install.
+4. Go to `Settings -> General -> Profile`, select the profile and then hit `Install`.
+   - It should say the profile is verified.
+5. Go to `Settings -> About -> Certificate Trust Settings` and enable full trust for
+   the certificate.
+6. Now you can access code-server! 🍻

doc/npm.md

@@ -0,0 +1,44 @@
+<!-- START doctoc generated TOC please keep comment here to allow auto update -->
+<!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
+# npm Install Requirements
+
+- [Ubuntu, Debian](#ubuntu-debian)
+- [Fedora, CentOS, RHEL](#fedora-centos-rhel)
+- [macOS](#macos)
+
+<!-- END doctoc generated TOC please keep comment here to allow auto update -->
+
+If you're installing the npm module you'll need certain dependencies to build
+the native modules used by VS Code.
+
+You also need at least node v12 installed. See [#1633](https://github.com/cdr/code-server/issues/1633).
+
+## Ubuntu, Debian
+
+```bash
+sudo apt-get install -y \
+  build-essential \
+  pkg-config \
+  libx11-dev \
+  libxkbfile-dev \
+  libsecret-1-dev \
+  python3
+npm config set python python3
+```
+
+## Fedora, CentOS, RHEL
+
+```bash
+sudo yum groupinstall -y 'Development Tools'
+sudo yum config-manager --set-enabled PowerTools # unnecessary on CentOS 7
+sudo yum install -y python2 libsecret-devel libX11-devel libxkbfile-devel
+npm config set python python2
+```
+
+## macOS
+
+Install [Xcode](https://developer.apple.com/xcode/downloads/) and run:
+
+```bash
+xcode-select --install
+```

doc/quickstart.md

@@ -1,57 +0,0 @@
-# Quickstart Guide
-1. Visit the [releases page](https://github.com/cdr/code-server/releases) and
-   download the latest binary for your operating system.
-2. Unpack the downloaded file then run the binary.
-3. In your browser navigate to `localhost:8080`.
-
-## Usage
-Run `code-server --help` to view available options.
-
-### Encrypting traffic with HTTPS
-To encrypt the traffic between the browser and server use `code-server --cert`
-followed by the path to your certificate. Additionally, you can use certificate
-keys with `--cert-key` followed by the path to your key. If you pass `--cert`
-without any path code-server will generate a self-signed certificate.
-
-You can use [Let's Encrypt](https://letsencrypt.org/) to get an SSL certificate
-for free.
-
-### Nginx Reverse Proxy
-The trailing slashes are important.
-
-```
-server {
-  listen 80;
-  listen [::]:80;
-  server_name code.example.com code.example.org;
-  location /some/path/ { # Or / if hosting at the root.
-      proxy_pass http://localhost:8080/;
-      proxy_set_header Host $host;
-      proxy_set_header Upgrade $http_upgrade;
-      proxy_set_header Connection upgrade;
-      proxy_set_header Accept-Encoding gzip;
-  }
-}
-```
-
-### Apache Reverse Proxy
-```
-<VirtualHost *:80>
-  ServerName code.example.com
-
-  RewriteEngine On
-  RewriteCond %{HTTP:Upgrade} =websocket [NC]
-  RewriteRule /(.*)           ws://localhost:8080/$1 [P,L]
-  RewriteCond %{HTTP:Upgrade} !=websocket [NC]
-  RewriteRule /(.*)           http://localhost:8080/$1 [P,L]
-
-  ProxyRequests off
-
-  RequestHeader set X-Forwarded-Proto https
-  RequestHeader set X-Forwarded-Port 443
-
-  ProxyPass / http://localhost:8080/ nocanon
-  ProxyPassReverse / http://localhost:8080/
-
-</VirtualHost>
-```