refactor: remove extra step in release-prep.sh

fix(ci): update brew-bump.sh to update remote first

.github/ISSUE_TEMPLATE/release.md

@@ -0,0 +1,16 @@
+---
+name: Release
+about: "*For maintainers only*"
+title: "release: 0.0.0"
+labels: ""
+assignees: "@cdr/code-server-reviewers"
+---
+
+<!-- Maintainer: fill out the checklist -->
+
+## Checklist
+
+- [ ] Assign to next release manager
+- [ ] Close previous release milestone
+- [ ] Create next release milestone
+- [ ] Associate issue with next release milestone

.github/PULL_REQUEST_TEMPLATE.md

@@ -2,7 +2,7 @@
 Please link to the issue this PR solves.
 If there is no existing issue, please first create one unless the fix is minor.
 
-Please make sure the base of your PR is the master branch!
+Please make sure the base of your PR is the default branch!
 -->
 
 ## Checklist

.github/PULL_REQUEST_TEMPLATE/release_template.md

@@ -8,11 +8,9 @@ TODO
 
 ## TODOs
 
-- [ ] test locally
-- [ ] upload assets to draft release
-- [ ] test one of the release packages locally
-- [ ] double-check github release tag is the commit with artifacts (_note gets messed up after uploading assets_)
-- [ ] publish release
-- [ ] merge PR
-- [ ] update the homebrew package
+Follow "Publishing a release" steps in `ci/README.md`
+
+<!-- Note some of these steps below are redundant since they're listed in the "Publishing a release" docs -->
+
+- [ ] publish release and merge PR
 - [ ] update the AUR package

.github/dependabot.yml

@@ -10,6 +10,7 @@ updates:
       # release tag, so handle updates manually
       - dependency-name: "actions/*"
       - dependency-name: "github/codeql-action/*"
+      - dependency-name: "microsoft/playwright-github-action"
 
   - package-ecosystem: "npm"
     directory: "/"
@@ -25,3 +26,7 @@ updates:
         # We can't use it until we switch to ESM across the project
         # See release notes: https://github.com/sindresorhus/xdg-basedir/releases/tag/v5.0.0
         versions: ["5.x"]
+      - dependency-name: "limiter"
+        # 2.0.0 has breaking changes
+        # so we can't update yet.
+        versions: ["2.x"]

.github/workflows/ci.yaml

@@ -446,8 +446,8 @@ jobs:
           path: ./release-images
 
       - name: Run Trivy vulnerability scanner in image mode
-        # Commit SHA for v0.0.14
-        uses: aquasecurity/trivy-action@341f810bd602419f966a081da3f4debedc3e5c8e
+        # Commit SHA for v0.0.17
+        uses: aquasecurity/trivy-action@dba83feec810c70bacbc4bead308ae1e466c572b
         with:
           input: "./release-images/code-server-amd64-*.tar"
           scan-type: "image"
@@ -461,20 +461,17 @@ jobs:
         uses: github/codeql-action/upload-sarif@v1
         with:
           sarif_file: "trivy-image-results.sarif"
-
   # We have to use two trivy jobs
   # because GitHub only allows
   # codeql/upload-sarif action per job
   trivy-scan-repo:
     runs-on: ubuntu-20.04
-
     steps:
       - name: Checkout code
         uses: actions/checkout@v2
-
       - name: Run Trivy vulnerability scanner in repo mode
-        # Commit SHA for v0.0.14
-        uses: aquasecurity/trivy-action@341f810bd602419f966a081da3f4debedc3e5c8e
+        #Commit SHA for v0.0.17
+        uses: aquasecurity/trivy-action@dba83feec810c70bacbc4bead308ae1e466c572b
         with:
           scan-type: "fs"
           scan-ref: "."
@@ -483,7 +480,6 @@ jobs:
           template: "@/contrib/sarif.tpl"
           output: "trivy-repo-results.sarif"
           severity: "HIGH,CRITICAL"
-
       - name: Upload Trivy scan results to GitHub Security tab
         uses: github/codeql-action/upload-sarif@v1
         with:

CHANGELOG.md

@@ -3,11 +3,19 @@
 # Changelog
 
 - [Changelog](#changelog)
-  - [3.10.0](#3100)
+  - [3.10.2](#3102)
     - [New Features](#new-features)
     - [Bug Fixes](#bug-fixes)
-  - [Documentation](#documentation)
-  - [Development](#development)
+    - [Development](#development)
+  - [3.10.1](#3101)
+    - [Bug Fixes](#bug-fixes-1)
+    - [Documentation](#documentation)
+    - [Development](#development-1)
+  - [3.10.0](#3100)
+    - [New Features](#new-features-1)
+    - [Bug Fixes](#bug-fixes-2)
+    - [Documentation](#documentation-1)
+    - [Development](#development-2)
   - [Previous versions](#previous-versions)
 
 <!-- END doctoc generated TOC please keep comment here to allow auto update -->
@@ -25,7 +33,7 @@ We copy from here into the release notes.
 <!--
 Add next version above previous version but below this line using the template
 
-## 0.0.0
+## Next Version
 
 VS Code v0.00.0
 
@@ -37,19 +45,60 @@ VS Code v0.00.0
 
 - fix(socket): did this thing #321 @githubuser
 
-## Documentation
+### Documentation
 
 - item
 
-## Development
+### Development
 
 - item
 
 -->
 
+## 3.10.2
+
+VS Code v1.56.1
+
+### New Features
+
+- feat: support `extraInitContainers` in helm chart values #3393 @strowk
+- feat: change `extraContainers` to support templating in helm chart #3393 @strowk
+
+### Bug Fixes
+
+- fix: use correct command to Open Folder on Welcome page #3437 @jsjoeio
+
+### Development
+
+- fix(ci): update brew-bump.sh to update remote first #3438 @jsjoeio
+
+## 3.10.1
+
+VS Code v1.56.1
+
+### Bug Fixes
+
+- fix: Check the logged user instead of $USER #3330 @videlanicolas
+- fix: Fix broken node_modules.asar symlink in npm package #3355 @code-asher
+- fix: Update cloud agent to fix version issue #3342 @oxy
+
+### Documentation
+
+- docs(install): add raspberry pi section #3376 @jsjoeio
+- docs(maintaining): add pull requests section #3378 @jsjoeio
+- docs(maintaining): add merge strategies section #3379 @jsjoeio
+- refactor: move default PR template #3375 @jsjoeio
+- docs(contributing): add commits section #3377 @jsjoeio
+
+### Development
+
+- chore: ignore updates to microsoft/playwright-github-action
+- fix(socket): use xdgBasedir.runtime instead of tmp #3304 @jsjoeio
+- fix(ci): re-enable trivy-scan-repo #3368 @jsjoeio
+
 ## 3.10.0
 
-VS Code v1.56
+VS Code v1.56.0
 
 ### New Features
 
@@ -69,7 +118,7 @@ VS Code v1.56
 - fix: add flag for toggling permessage-deflate #3286 @code-asher
 - fix: make sure directories exist #3309 @code-asher
 
-## Documentation
+### Documentation
 
 - docs(FAQ): add mention of sysbox #3087 @bpmct
 - docs: add security policy #3148 @jsjoeio
@@ -84,7 +133,7 @@ VS Code v1.56
 - docs(maintaining): add versioning #3288 @jsjoeio
 - docs: add changelog #3337 @jsjoeio
 
-## Development
+### Development
 
 - fix(update-vscode): add check/docs for git-subtree #3129 @oxy
 - refactor(testing): migrate to playwright-test from jest-playwright #3133 @jsjoeio

README.md

@@ -1,7 +1,7 @@
 # code-server · [!["GitHub Discussions"](https://img.shields.io/badge/%20GitHub-%20Discussions-gray.svg?longCache=true&logo=github&colorB=purple)](https://github.com/cdr/code-server/discussions) [!["Join us on Slack"](https://img.shields.io/badge/join-us%20on%20slack-gray.svg?longCache=true&logo=slack&colorB=brightgreen)](https://cdr.co/join-community) [![Twitter Follow](https://img.shields.io/twitter/follow/CoderHQ?label=%40CoderHQ&style=social)](https://twitter.com/coderhq)
 
 [![codecov](https://codecov.io/gh/cdr/code-server/branch/main/graph/badge.svg?token=5iM9farjnC)](https://codecov.io/gh/cdr/code-server)
-[![See latest docs](https://img.shields.io/static/v1?label=Docs&message=see%20latest%20&color=blue)](https://github.com/cdr/code-server/tree/v3.10.0/docs)
+[![See latest docs](https://img.shields.io/static/v1?label=Docs&message=see%20latest%20&color=blue)](https://github.com/cdr/code-server/tree/v3.10.2/docs)
 
 Run [VS Code](https://github.com/Microsoft/vscode) on any machine anywhere and access it in the browser.
 

ci/README.md

@@ -24,17 +24,13 @@ Any file or directory in this subdirectory should be documented here.
    - It will upload them to the draft release.
 6. Run some basic sanity tests on one of the released packages.
    - Especially make sure the terminal works fine.
-7. Make sure the github release tag is the commit with the artifacts.
-8. Publish the release and merge the PR.
+7. Publish the release and merge the PR.
    1. CI will automatically grab the artifacts and then:
       1. Publish the NPM package from `npm-package`.
       2. Publish the Docker Hub image from `release-images`.
-9. Update the AUR package.
+8. Update the AUR package.
    - Instructions on updating the AUR package are at [cdr/code-server-aur](https://github.com/cdr/code-server-aur).
-10. Wait for the npm package to be published.
-11. Update the [homebrew package](https://github.com/Homebrew/homebrew-core/blob/master/Formula/code-server.rb).
-    1. Install [homebrew](https://brew.sh/)
-    2. Run `brew bump-formula-pr --version=3.8.1 code-server` and update the version accordingly. This will bump the version and open a PR. Note: this will only work once the version is published on npm.
+9. Wait for the npm package to be published.
 
 ## dev
 

ci/build/npm-postinstall.sh

@@ -56,18 +56,21 @@ main() {
   fi
 }
 
+# This is a copy of symlink_asar in ../lib.sh. Look there for details.
+symlink_asar() {
+  rm -f node_modules.asar
+  if [ "${WINDIR-}" ]; then
+    mklink /J node_modules.asar node_modules
+  else
+    ln -s node_modules node_modules.asar
+  fi
+}
+
 vscode_yarn() {
   cd lib/vscode
   yarn --production --frozen-lockfile
 
-  # This is a copy of symlink_asar in ../lib.sh. Look there for details.
-  if [ ! -e node_modules.asar ]; then
-    if [ "${WINDIR-}" ]; then
-      mklink /J node_modules.asar node_modules
-    else
-      ln -s node_modules node_modules.asar
-    fi
-  fi
+  symlink_asar
 
   cd extensions
   yarn --production --frozen-lockfile

ci/build/release-prep.sh

@@ -81,11 +81,7 @@ main() {
   read -r -p "What version of code-server do you want to update to?"$'\n' CODE_SERVER_VERSION_TO_UPDATE
 
   echo -e "Great! We'll prep a PR for updating to $CODE_SERVER_VERSION_TO_UPDATE\n"
-  $CMD rg -g '!yarn.lock' -g '!*.svg' --files-with-matches --fixed-strings "${CODE_SERVER_CURRENT_VERSION}" | $CMD xargs sd "$CODE_SERVER_CURRENT_VERSION" "$CODE_SERVER_VERSION_TO_UPDATE"
-
-  # Ensure the tests are passing and code coverage is up-to-date
-  echo -e "Running unit tests and updating code coverage...\n"
-  $CMD yarn test:unit
+  $CMD rg -g '!yarn.lock' -g '!*.svg' -g '!CHANGELOG.md' --files-with-matches --fixed-strings "${CODE_SERVER_CURRENT_VERSION}" | $CMD xargs sd "$CODE_SERVER_CURRENT_VERSION" "$CODE_SERVER_VERSION_TO_UPDATE"
 
   $CMD git commit -am "chore(release): bump version to $CODE_SERVER_VERSION_TO_UPDATE"
 
@@ -94,7 +90,7 @@ main() {
 
   echo -e "\nOpening a draft PR on GitHub"
   # To read about these flags, visit the docs: https://cli.github.com/manual/gh_pr_create
-  $CMD gh pr create --base main --title "release: $CODE_SERVER_VERSION_TO_UPDATE" --body "$RELEASE_TEMPLATE_STRING" --reviewer @cdr/code-server-reviewers --repo cdr/code-server --draft
+  $CMD gh pr create --base main --title "release: $CODE_SERVER_VERSION_TO_UPDATE" --body "$RELEASE_TEMPLATE_STRING" --reviewer @cdr/code-server-reviewers --repo cdr/code-server --draft --assignee "@me"
 
   # Open PR in browser
   $CMD gh pr view --web

ci/helm-chart/Chart.yaml

@@ -20,4 +20,4 @@ version: 1.0.3
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: 3.10.0
+appVersion: 3.10.2

ci/helm-chart/README.md

@@ -1,6 +1,6 @@
 # code-server
 
-![Version: 1.0.0](https://img.shields.io/badge/Version-1.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 3.10.0](https://img.shields.io/badge/AppVersion-3.10.0-informational?style=flat-square)
+![Version: 1.0.0](https://img.shields.io/badge/Version-1.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 3.10.2](https://img.shields.io/badge/AppVersion-3.10.2-informational?style=flat-square)
 
 [code-server](https://github.com/cdr/code-server) code-server is VS Code running
 on a remote server, accessible through the browser.
@@ -65,6 +65,7 @@ and their default values.
 | extraArgs | list | `[]` |  |
 | extraConfigmapMounts | list | `[]` |  |
 | extraContainers | string | `""` |  |
+| extraInitContainers | string | `""` |  |
 | extraSecretMounts | list | `[]` |  |
 | extraVars | list | `[]` |  |
 | extraVolumeMounts | list | `[]` |  |
@@ -72,7 +73,7 @@ and their default values.
 | hostnameOverride | string | `""` |  |
 | image.pullPolicy | string | `"Always"` |  |
 | image.repository | string | `"codercom/code-server"` |  |
-| image.tag | string | `"3.10.0"` |  |
+| image.tag | string | `"3.10.2"` |  |
 | imagePullSecrets | list | `[]` |  |
 | ingress.enabled | bool | `false` |  |
 | nameOverride | string | `""` |  |
@@ -115,3 +116,47 @@ $ helm upgrade --install code-server ci/helm-chart -f values.yaml
 ```
 
 > **Tip**: You can use the default [values.yaml](values.yaml)
+
+# Extra Containers
+
+There are two parameters which allow to add more containers to pod.
+Use `extraContainers` to add regular containers 
+and `extraInitContainers` to add init containers. You can read more
+about init containers in [k8s documentation](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/).
+
+Both parameters accept strings and use them as a templates
+
+Example of using `extraInitContainers`:
+
+``` yaml
+extraInitContainers: |
+  - name: customization
+    image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
+    imagePullPolicy: IfNotPresent
+    env:
+      - name: SERVICE_URL
+        value: https://open-vsx.org/vscode/gallery
+      - name: ITEM_URL
+        value: https://open-vsx.org/vscode/item
+    command:
+      - sh
+      - -c
+      - |
+        code-server --install-extension ms-python.python
+        code-server --install-extension golang.Go
+    volumeMounts:
+      - name: data
+        mountPath: /home/coder
+
+```
+
+With this yaml in file `init.yaml`, you can execute 
+
+```console
+$ helm upgrade --install code-server \
+    ci/helm-chart \
+    --values init.yaml
+```
+
+to deploy code-server with python and golang extensions preinstalled
+before main container have started. 

ci/helm-chart/templates/deployment.yaml

@@ -43,10 +43,13 @@ spec:
         volumeMounts:
         - name: data
           mountPath: /home/coder
+{{- if .Values.extraInitContainers }}
+{{ tpl .Values.extraInitContainers . | indent 6}}
+{{- end }}
       {{- end }}
       containers:
 {{- if .Values.extraContainers }}
-{{ toYaml .Values.extraContainers | indent 8}}
+{{ tpl .Values.extraContainers . | indent 8}}
 {{- end }}
         - name: {{ .Chart.Name }}
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"

ci/helm-chart/values.yaml

@@ -6,7 +6,7 @@ replicaCount: 1
 
 image:
   repository: codercom/code-server
-  tag: '3.10.0'
+  tag: '3.10.2'
   pullPolicy: Always
 
 imagePullSecrets: []

ci/lib.sh

@@ -49,14 +49,15 @@ arch() {
   esac
 }
 
-# Grabs the most recent ci.yaml github workflow run that was successful and triggered from the same commit being pushd.
+# Grabs the most recent ci.yaml github workflow run that was triggered from the
+# pull request of the release branch for this version (regardless of whether
+# that run succeeded or failed). The release branch name must be in semver
+# format with a v prepended.
 # This will contain the artifacts we want.
 # https://developer.github.com/v3/actions/workflow-runs/#list-workflow-runs
 get_artifacts_url() {
   local artifacts_url
   local workflow_runs_url="repos/:owner/:repo/actions/workflows/ci.yaml/runs?event=pull_request"
-  # For releases, we look for run based on the branch name v$code_server_version
-  # example: v3.10.0
   local version_branch="v$VERSION"
   artifacts_url=$(gh api "$workflow_runs_url" | jq -r ".workflow_runs[] | select(.head_branch == \"$version_branch\") | .artifacts_url" | head -n 1)
   if [[ -z "$artifacts_url" ]]; then
@@ -112,13 +113,12 @@ RELEASE_PATH="${RELEASE_PATH-release}"
 # Code itself but also extensions will look specifically in this directory for
 # files (like the ripgrep binary or the oniguruma wasm).
 symlink_asar() {
-  if [ ! -L node_modules.asar ]; then
-    if [ "${WINDIR-}" ]; then
-      # mklink takes the link name first.
-      mklink /J node_modules.asar node_modules
-    else
-      # ln takes the link name second.
-      ln -s node_modules node_modules.asar
-    fi
+  rm -f node_modules.asar
+  if [ "${WINDIR-}" ]; then
+    # mklink takes the link name first.
+    mklink /J node_modules.asar node_modules
+  else
+    # ln takes the link name second.
+    ln -s node_modules node_modules.asar
   fi
 }

ci/release-image/entrypoint.sh

@@ -5,16 +5,17 @@ set -eu
 # Otherwise the current container UID may not exist in the passwd database.
 eval "$(fixuid -q)"
 
-if [ "${DOCKER_USER-}" ] && [ "$DOCKER_USER" != "$USER" ]; then
-  echo "$DOCKER_USER ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/nopasswd >/dev/null
-  # Unfortunately we cannot change $HOME as we cannot move any bind mounts
-  # nor can we bind mount $HOME into a new home as that requires a privileged container.
-  sudo usermod --login "$DOCKER_USER" coder
-  sudo groupmod -n "$DOCKER_USER" coder
-
+if [ "${DOCKER_USER-}" ]; then
   USER="$DOCKER_USER"
+  if [ "$DOCKER_USER" != "$(whoami)" ]; then
+    echo "$DOCKER_USER ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/nopasswd >/dev/null
+    # Unfortunately we cannot change $HOME as we cannot move any bind mounts
+    # nor can we bind mount $HOME into a new home as that requires a privileged container.
+    sudo usermod --login "$DOCKER_USER" coder
+    sudo groupmod -n "$DOCKER_USER" coder
 
-  sudo sed -i "/coder/d" /etc/sudoers.d/nopasswd
+    sudo sed -i "/coder/d" /etc/sudoers.d/nopasswd
+  fi
 fi
 
 dumb-init /usr/bin/code-server "$@"

ci/steps/brew-bump.sh

@@ -5,9 +5,36 @@ main() {
   cd "$(dirname "$0")/../.."
   # Only sourcing this so we get access to $VERSION
   source ./ci/lib.sh
+
+  # NOTE: we need to make sure cdrci/homebrew-core
+  # is up-to-date
+  # otherwise, brew bump-formula-pr will use an
+  # outdated base
+  echo "Cloning cdrci/homebrew-core"
+  git clone https://github.com/cdrci/homebrew-core.git
+
+  echo "Changing into homebrew-core directory"
+  cd homebrew-core && pwd
+
+  echo "Adding Homebrew/homebrew-core as $(upstream)"
+  git remote add upstream https://github.com/Homebrew/homebrew-core.git
+
+  echo "Fetching upstream commits..."
+  git fetch upstream
+
+  echo "Merging in latest changes"
+  git merge upstream/master
+
+  echo "Pushing changes to cdrci/homebrew-core fork on GitHub"
+  git push origin master
+
   # Find the docs for bump-formula-pr here
   # https://github.com/Homebrew/brew/blob/master/Library/Homebrew/dev-cmd/bump-formula-pr.rb#L18
   brew bump-formula-pr --force --version="${VERSION}" code-server --no-browse --no-audit
+
+  # Clean up and remove homebrew-core
+  cd ..
+  rm -rf homebrew-core
 }
 
 main "$@"

docs/CONTRIBUTING.md

@@ -3,6 +3,7 @@
 # Contributing
 
 - [Pull Requests](#pull-requests)
+  - [Commits](#commits)
 - [Requirements](#requirements)
 - [Development Workflow](#development-workflow)
   - [Updating VS Code](#updating-vs-code)
@@ -23,9 +24,11 @@ you'd like to address unless the proposed fix is minor.
 
 In your Pull Requests (PR), link to the issue that the PR solves.
 
-Please ensure that the base of your PR is the **master** branch. (Note: The default
-GitHub branch is the latest release branch, though you should point all of your changes to be merged into
-master).
+Please ensure that the base of your PR is the **main** branch.
+
+### Commits
+
+We prefer a clean commit history. This means you should squash all fixups and fixup-type commits before asking for review (cleanup, squash, force-push). If you need help with this, feel free to leave a comment in your PR and we'll guide you.
 
 ## Requirements
 
@@ -42,7 +45,7 @@ There are several differences, however. Here is what is needed:
 - [`jq`](https://stedolan.github.io/jq/)
   - used to build code-server releases
 - [`gnupg`](https://gnupg.org/index.html)
-  - all commits must be signed an verified
+  - all commits must be signed and verified
   - see GitHub's ["Managing commit signature verification"](https://docs.github.com/en/github/authenticating-to-github/managing-commit-signature-verification) or follow [this tutorial](https://joeprevite.com/verify-commits-on-github)
 - `build-essential` (Linux)
   - `apt-get install -y build-essential` - used by VS Code

docs/MAINTAINING.md

@@ -8,6 +8,10 @@
     - [Triage](#triage)
     - [Project Boards](#project-boards)
   - [Versioning](#versioning)
+  - [Pull Requests](#pull-requests)
+    - [Merge Strategies](#merge-strategies)
+  - [Release](#release)
+    - [Release Manager Rotation](#release-manager-rotation)
 
 <!-- END doctoc generated TOC please keep comment here to allow auto update -->
 
@@ -62,4 +66,27 @@ It also gives us a way to separate the issue triage from bigger-picture, long-te
 
 `<major.minor.patch>`
 
+The code-server project follows traditional [semantic versioning](https://semver.org/), with the objective of minimizing major changes that break backward compatibility. We increment the patch level for all releases, except when the upstream Visual Studio Code project increments its minor version or we change the plugin API in a backward-compatible manner. In those cases, we increment the minor version rather than the patch level.
+
+## Pull Requests
+
+Ideally, every PR should fix an issue. If it doesn't, make sure it's associated with a version milestone.
+
+If a PR does fix an issue, don't add it to the version milestone. Otherwise, the version milestone will have duplicate information: the issue & the PR fixing the issue.
+
+### Merge Strategies
+
+For most things, we recommend "Squash and Merge". If you're updating `lib/vscode`, we suggest using the "Rebase and Merge" strategy. There may be times where "Create a merge commit" makes sense as well. Use your best judgement. If you're unsure, you can always discuss in the PR with the team.
 The code-server project follows traditional [semantic versioning](ttps://semver.org/), with the objective of minimizing major changes that break backward compatibility. We increment the patch level for all releases, except when the upstream Visual Studio Code project increments its minor version or we change the plugin API in a backward-compatible manner. In those cases, we increment the minor version rather than the patch level.
+
+## Release
+
+### Release Manager Rotation
+
+With each release, we rotate the role of "release manager" to ensure every maintainer goes through the process. This helps us keep documentation up-to-date and encourages us to continually review and improve the flow with each set of eyes.
+
+If you're the current release manager, follow these steps:
+
+1. Create a [release issue](../.github/ISSUE_TEMPLATE/release.md)
+2. Fill out checklist
+3. After release is published, close release milestone

docs/install.md

@@ -10,6 +10,7 @@
 - [Fedora, CentOS, RHEL, SUSE](#fedora-centos-rhel-suse)
 - [Arch Linux](#arch-linux)
 - [Termux](#termux)
+- [Raspberry Pi](#raspberry-pi)
 - [yarn, npm](#yarn-npm)
 - [macOS](#macos)
 - [Standalone Releases](#standalone-releases)
@@ -68,7 +69,7 @@ commands presented in the rest of this document.
 
 ### Detection Reference
 
-- For Debian, Ubuntu and Raspbian it will install the latest deb package.
+- For Debian and Ubuntu it will install the latest deb package.
 - For Fedora, CentOS, RHEL and openSUSE it will install the latest rpm package.
 - For Arch Linux it will install the AUR package.
 - For any unrecognized Linux operating system it will install the latest standalone release into `~/.local`.
@@ -92,8 +93,8 @@ NOTE: The standalone arm64 .deb does not support Ubuntu <16.04.
 Please upgrade or [build with yarn](#yarn-npm).
 
 ```bash
-curl -fOL https://github.com/cdr/code-server/releases/download/v3.10.0/code-server_3.10.0_amd64.deb
-sudo dpkg -i code-server_3.10.0_amd64.deb
+curl -fOL https://github.com/cdr/code-server/releases/download/v$VERSION/code-server_$VERSION_amd64.deb
+sudo dpkg -i code-server_$VERSION_amd64.deb
 sudo systemctl enable --now code-server@$USER
 # Now visit http://127.0.0.1:8080. Your password is in ~/.config/code-server/config.yaml
 ```
@@ -104,8 +105,8 @@ NOTE: The standalone arm64 .rpm does not support CentOS 7.
 Please upgrade or [build with yarn](#yarn-npm).
 
 ```bash
-curl -fOL https://github.com/cdr/code-server/releases/download/v3.10.0/code-server-3.10.0-amd64.rpm
-sudo rpm -i code-server-3.10.0-amd64.rpm
+curl -fOL https://github.com/cdr/code-server/releases/download/v$VERSION/code-server-$VERSION-amd64.rpm
+sudo rpm -i code-server-$VERSION-amd64.rpm
 sudo systemctl enable --now code-server@$USER
 # Now visit http://127.0.0.1:8080. Your password is in ~/.config/code-server/config.yaml
 ```
@@ -132,6 +133,10 @@ sudo systemctl enable --now code-server@$USER
 
 Please see "Installation" in the [Termux docs](./termux.md#installation)
 
+## Raspberry Pi
+
+If you're running a Raspberry Pi, we recommend install code-server with `yarn` or `npm`. See [yarn-npm](#yarn-npm).
+
 ## yarn, npm
 
 We recommend installing with `yarn` or `npm` when:
@@ -179,10 +184,10 @@ Here is an example script for installing and using a standalone `code-server` re
 
 ```bash
 mkdir -p ~/.local/lib ~/.local/bin
-curl -fL https://github.com/cdr/code-server/releases/download/v3.10.0/code-server-3.10.0-linux-amd64.tar.gz \
+curl -fL https://github.com/cdr/code-server/releases/download/v$VERSION/code-server-$VERSION-linux-amd64.tar.gz \
   | tar -C ~/.local/lib -xz
-mv ~/.local/lib/code-server-3.10.0-linux-amd64 ~/.local/lib/code-server-3.10.0
-ln -s ~/.local/lib/code-server-3.10.0/bin/code-server ~/.local/bin/code-server
+mv ~/.local/lib/code-server-$VERSION-linux-amd64 ~/.local/lib/code-server-$VERSION
+ln -s ~/.local/lib/code-server-$VERSION/bin/code-server ~/.local/bin/code-server
 PATH="~/.local/bin:$PATH"
 code-server
 # Now visit http://127.0.0.1:8080. Your password is in ~/.config/code-server/config.yaml

docs/termux.md

@@ -17,7 +17,7 @@ Termux is an Android terminal application and Linux environment, which can also
 
 ## Installation
 
-1. Install Termux from the [Google Play Store](https://play.google.com/store/apps/details?id=com.termux)
+1. Install Termux from [F-Droid](https://f-droid.org/en/packages/com.termux/)
 2. Make sure it's up-to-date by running `apt update && apt upgrade`
 3. Install required packages: `apt install build-essential python git nodejs yarn`
 4. Install code-server: `yarn global add code-server`

install.sh

@@ -419,7 +419,7 @@ install_npm() {
   echoh
   echoerr "Please install npm or yarn to install code-server!"
   echoerr "You will need at least node v12 and a few C dependencies."
-  echoerr "See the docs https://github.com/cdr/code-server/blob/v3.10.0/docs/install.md#yarn-npm"
+  echoerr "See the docs https://github.com/cdr/code-server/blob/v3.10.2/docs/install.md#yarn-npm"
   exit 1
 }
 

lib/vscode/package.json

@@ -1,7 +1,7 @@
 {
   "name": "code-oss-dev",
-  "version": "1.56.0",
-  "distro": "3d76109d9437bda93a3f337625de2833149ca724",
+  "version": "1.56.1",
+  "distro": "278cafaa4343ba7b12773886685e04ece97fbdc1",
   "author": {
     "name": "Microsoft Corporation"
   },
@@ -76,6 +76,7 @@
     "nsfw": "2.1.2",
     "proxy-agent": "^4.0.1",
     "proxy-from-env": "^1.1.0",
+    "rimraf": "^3.0.2",
     "spdlog": "^0.11.1",
     "sudo-prompt": "9.2.1",
     "tas-client-umd": "0.1.4",
@@ -127,7 +128,8 @@
     "copy-webpack-plugin": "^6.0.3",
     "cson-parser": "^1.3.3",
     "css-loader": "^3.2.0",
-    "cssnano": "^4.1.11",
+    "cssnano": "^5.0.2",
+    "postcss": "^8.2.1",
     "debounce": "^1.0.0",
     "deemon": "^1.4.0",
     "eslint": "6.8.0",
@@ -185,7 +187,6 @@
     "queue": "3.0.6",
     "rcedit": "^1.1.0",
     "request": "^2.85.0",
-    "rimraf": "^3.0.2",
     "sinon": "^1.17.2",
     "source-map": "0.6.1",
     "source-map-support": "^0.3.2",
@@ -220,6 +221,7 @@
     "windows-process-tree": "0.3.0"
   },
   "resolutions": {
+    "postcss": "^8.2.1",
     "elliptic": "^6.5.3",
     "nwmatcher": "^1.4.4"
   }

lib/vscode/src/vs/platform/actions/browser/menuEntryActionViewItem.css

@@ -8,6 +8,7 @@
 	height: 16px;
 	background-repeat: no-repeat;
 	background-position: 50%;
+	background-size: 16px;
 }
 
 .monaco-action-bar .action-item.menu-entry .action-label {

lib/vscode/src/vs/platform/remote/common/remoteAgentConnection.ts

@@ -229,7 +229,9 @@ async function connectToRemoteExtensionHostAgent(options: ISimpleConnectionOptio
 
 	let socket: ISocket;
 	try {
-		socket = await createSocket(options.logService, options.socketFactory, options.host, options.port, `reconnectionToken=${options.reconnectionToken}&reconnection=${options.reconnectionProtocol ? 'true' : 'false'}`, timeoutCancellationToken);
+		// NOTE@coder: Add connection type to the socket. This is so they can be
+		// distinguished by the backend.
+		socket = await createSocket(options.logService, options.socketFactory, options.host, options.port, `type=${connectionTypeToString(connectionType)}&reconnectionToken=${options.reconnectionToken}&reconnection=${options.reconnectionProtocol ? 'true' : 'false'}`, timeoutCancellationToken);
 	} catch (error) {
 		options.logService.error(`${logPrefix} socketFactory.connect() failed or timed out. Error:`);
 		options.logService.error(error);

lib/vscode/src/vs/workbench/contrib/scm/browser/media/scm.css

@@ -83,12 +83,6 @@
 	display: flex;
 	align-items: center;
 	overflow: hidden;
-	min-width: 16px; /* for flex */
-	height: 100%;
-	margin: 0;
-	background-repeat: no-repeat;
-	background-position: center;
-	background-size: contain;
 }
 
 .scm-view .scm-provider > .actions > .monaco-toolbar > .monaco-action-bar > .actions-container  > .action-item > .action-label > .codicon {

lib/vscode/src/vs/workbench/contrib/welcome/page/browser/vs_code_welcome_page.ts

@@ -20,7 +20,7 @@ export default () => `
 					<h2 class="caption">${escape(localize('welcomePage.start', "Start"))}</h2>
 					<ul>
 						<li><a href="command:workbench.action.files.newUntitledFile">${escape(localize('welcomePage.newFile', "New file"))}</a></li>
-						<li class="mac-only"><a href="command:workbench.action.files.openFileFolder">${escape(localize('welcomePage.openFolder', "Open folder..."))}</a> or <a href="command:git.clone">${escape(localize('welcomePage.gitClone', "clone repository..."))}</a></li>
+						<li class="mac-only"><a href="command:workbench.action.files.openFolder">${escape(localize('welcomePage.openFolder', "Open folder..."))}</a> or <a href="command:git.clone">${escape(localize('welcomePage.gitClone', "clone repository..."))}</a></li>
 						<li class="windows-only linux-only"><a href="command:workbench.action.files.openFolder">${escape(localize('welcomePage.openFolder', "Open folder..."))}</a> or <a href="command:git.clone">${escape(localize('welcomePage.gitClone', "clone repository..."))}</a></li>
 					</ul>
 				</div>

package.json

@@ -1,7 +1,7 @@
 {
   "name": "code-server",
   "license": "MIT",
-  "version": "3.10.0",
+  "version": "3.10.2",
   "description": "Run VS Code on a remote server.",
   "homepage": "https://github.com/cdr/code-server",
   "bugs": {
@@ -77,6 +77,9 @@
   "resolutions": {
     "normalize-package-data": "^3.0.0",
     "doctoc/underscore": "^1.13.1",
+    "doctoc/**/trim": "^1.0.0",
+    "postcss": "^8.2.1",
+    "parcel-bundler/cssnano": "^5.0.2",
     "safe-buffer": "^5.1.1",
     "vfile-message": "^2.0.2"
   },

src/node/socket.ts

@@ -4,8 +4,7 @@ import * as path from "path"
 import * as tls from "tls"
 import { Emitter } from "../common/emitter"
 import { generateUuid } from "../common/util"
-import { tmpdir } from "./constants"
-import { canConnect } from "./util"
+import { canConnect, paths } from "./util"
 
 /**
  * Provides a way to proxy a TLS socket. Can be used when you need to pass a
@@ -13,7 +12,7 @@ import { canConnect } from "./util"
  */
 export class SocketProxyProvider {
   private readonly onProxyConnect = new Emitter<net.Socket>()
-  private proxyPipe = path.join(tmpdir, "tls-proxy")
+  private proxyPipe = path.join(paths.runtime, "tls-proxy")
   private _proxyServer?: Promise<net.Server>
   private readonly proxyTimeout = 5000
 
@@ -76,7 +75,10 @@ export class SocketProxyProvider {
       this._proxyServer = this.findFreeSocketPath(this.proxyPipe)
         .then((pipe) => {
           this.proxyPipe = pipe
-          return Promise.all([fs.mkdir(tmpdir, { recursive: true }), fs.rmdir(this.proxyPipe, { recursive: true })])
+          return Promise.all([
+            fs.mkdir(path.dirname(this.proxyPipe), { recursive: true }),
+            fs.rmdir(this.proxyPipe, { recursive: true }),
+          ])
         })
         .then(() => {
           return new Promise((resolve) => {

src/node/util.ts

@@ -8,9 +8,10 @@ import * as path from "path"
 import * as util from "util"
 import xdgBasedir from "xdg-basedir"
 
-interface Paths {
+export interface Paths {
   data: string
   config: string
+  runtime: string
 }
 
 export const paths = getEnvPaths()
@@ -20,23 +21,34 @@ export const paths = getEnvPaths()
  * On MacOS this function gets the standard XDG directories instead of using the native macOS
  * ones. Most CLIs do this as in practice only GUI apps use the standard macOS directories.
  */
-function getEnvPaths(): Paths {
-  let paths: Paths
-  if (process.platform === "win32") {
-    paths = envPaths("code-server", {
-      suffix: "",
-    })
-  } else {
-    if (xdgBasedir.data === undefined || xdgBasedir.config === undefined) {
-      throw new Error("No home folder?")
-    }
-    paths = {
-      data: path.join(xdgBasedir.data, "code-server"),
-      config: path.join(xdgBasedir.config, "code-server"),
-    }
+export function getEnvPaths(): Paths {
+  const paths = envPaths("code-server", { suffix: "" })
+  const append = (p: string): string => path.join(p, "code-server")
+  switch (process.platform) {
+    case "darwin":
+      return {
+        // envPaths uses native directories so force Darwin to use the XDG spec
+        // to align with other CLI tools.
+        data: xdgBasedir.data ? append(xdgBasedir.data) : paths.data,
+        config: xdgBasedir.config ? append(xdgBasedir.config) : paths.config,
+        // Fall back to temp if there is no runtime dir.
+        runtime: xdgBasedir.runtime ? append(xdgBasedir.runtime) : paths.temp,
+      }
+    case "win32":
+      return {
+        data: paths.data,
+        config: paths.config,
+        // Windows doesn't have a runtime dir.
+        runtime: paths.temp,
+      }
+    default:
+      return {
+        data: paths.data,
+        config: paths.config,
+        // Fall back to temp if there is no runtime dir.
+        runtime: xdgBasedir.runtime ? append(xdgBasedir.runtime) : paths.temp,
+      }
   }
-
-  return paths
 }
 
 /**

test/unit/node/util.test.ts

@@ -0,0 +1,147 @@
+describe("getEnvPaths", () => {
+  describe("on darwin", () => {
+    let ORIGINAL_PLATFORM = ""
+
+    beforeAll(() => {
+      ORIGINAL_PLATFORM = process.platform
+
+      Object.defineProperty(process, "platform", {
+        value: "darwin",
+      })
+    })
+
+    beforeEach(() => {
+      jest.resetModules()
+      jest.mock("env-paths", () => {
+        return () => ({
+          data: "/home/envPath/.local/share",
+          config: "/home/envPath/.config",
+          temp: "/tmp/envPath/runtime",
+        })
+      })
+    })
+
+    afterAll(() => {
+      // Restore old platform
+
+      Object.defineProperty(process, "platform", {
+        value: ORIGINAL_PLATFORM,
+      })
+    })
+
+    it("should return the env paths using xdgBasedir", () => {
+      jest.mock("xdg-basedir", () => ({
+        data: "/home/usr/.local/share",
+        config: "/home/usr/.config",
+        runtime: "/tmp/runtime",
+      }))
+      const getEnvPaths = require("../../../src/node/util").getEnvPaths
+      const envPaths = getEnvPaths()
+
+      expect(envPaths.data).toEqual("/home/usr/.local/share/code-server")
+      expect(envPaths.config).toEqual("/home/usr/.config/code-server")
+      expect(envPaths.runtime).toEqual("/tmp/runtime/code-server")
+    })
+
+    it("should return the env paths using envPaths when xdgBasedir is undefined", () => {
+      jest.mock("xdg-basedir", () => ({}))
+      const getEnvPaths = require("../../../src/node/util").getEnvPaths
+      const envPaths = getEnvPaths()
+
+      expect(envPaths.data).toEqual("/home/envPath/.local/share")
+      expect(envPaths.config).toEqual("/home/envPath/.config")
+      expect(envPaths.runtime).toEqual("/tmp/envPath/runtime")
+    })
+  })
+  describe("on win32", () => {
+    let ORIGINAL_PLATFORM = ""
+
+    beforeAll(() => {
+      ORIGINAL_PLATFORM = process.platform
+
+      Object.defineProperty(process, "platform", {
+        value: "win32",
+      })
+    })
+
+    beforeEach(() => {
+      jest.resetModules()
+      jest.mock("env-paths", () => {
+        return () => ({
+          data: "/windows/envPath/.local/share",
+          config: "/windows/envPath/.config",
+          temp: "/tmp/envPath/runtime",
+        })
+      })
+    })
+
+    afterAll(() => {
+      // Restore old platform
+
+      Object.defineProperty(process, "platform", {
+        value: ORIGINAL_PLATFORM,
+      })
+    })
+
+    it("should return the env paths using envPaths", () => {
+      const getEnvPaths = require("../../../src/node/util").getEnvPaths
+      const envPaths = getEnvPaths()
+
+      expect(envPaths.data).toEqual("/windows/envPath/.local/share")
+      expect(envPaths.config).toEqual("/windows/envPath/.config")
+      expect(envPaths.runtime).toEqual("/tmp/envPath/runtime")
+    })
+  })
+  describe("on other platforms", () => {
+    let ORIGINAL_PLATFORM = ""
+
+    beforeAll(() => {
+      ORIGINAL_PLATFORM = process.platform
+
+      Object.defineProperty(process, "platform", {
+        value: "linux",
+      })
+    })
+
+    beforeEach(() => {
+      jest.resetModules()
+      jest.mock("env-paths", () => {
+        return () => ({
+          data: "/linux/envPath/.local/share",
+          config: "/linux/envPath/.config",
+          temp: "/tmp/envPath/runtime",
+        })
+      })
+    })
+
+    afterAll(() => {
+      // Restore old platform
+
+      Object.defineProperty(process, "platform", {
+        value: ORIGINAL_PLATFORM,
+      })
+    })
+
+    it("should return the runtime using xdgBasedir if it exists", () => {
+      jest.mock("xdg-basedir", () => ({
+        runtime: "/tmp/runtime",
+      }))
+      const getEnvPaths = require("../../../src/node/util").getEnvPaths
+      const envPaths = getEnvPaths()
+
+      expect(envPaths.data).toEqual("/linux/envPath/.local/share")
+      expect(envPaths.config).toEqual("/linux/envPath/.config")
+      expect(envPaths.runtime).toEqual("/tmp/runtime/code-server")
+    })
+
+    it("should return the env paths using envPaths when xdgBasedir is undefined", () => {
+      jest.mock("xdg-basedir", () => ({}))
+      const getEnvPaths = require("../../../src/node/util").getEnvPaths
+      const envPaths = getEnvPaths()
+
+      expect(envPaths.data).toEqual("/linux/envPath/.local/share")
+      expect(envPaths.config).toEqual("/linux/envPath/.config")
+      expect(envPaths.runtime).toEqual("/tmp/envPath/runtime")
+    })
+  })
+})

test/unit/register.test.ts

@@ -9,7 +9,7 @@ describe("register", () => {
 
     beforeAll(() => {
       const { window } = new JSDOM()
-      global.window = (window as unknown) as Window & typeof globalThis
+      global.window = window as unknown as Window & typeof globalThis
       global.document = window.document
       global.navigator = window.navigator
       global.location = window.location
@@ -35,10 +35,10 @@ describe("register", () => {
       jest.restoreAllMocks()
 
       // We don't want these to stay around because it can affect other tests
-      global.window = (undefined as unknown) as Window & typeof globalThis
-      global.document = (undefined as unknown) as Document & typeof globalThis
-      global.navigator = (undefined as unknown) as Navigator & typeof globalThis
-      global.location = (undefined as unknown) as Location & typeof globalThis
+      global.window = undefined as unknown as Window & typeof globalThis
+      global.document = undefined as unknown as Document & typeof globalThis
+      global.navigator = undefined as unknown as Navigator & typeof globalThis
+      global.location = undefined as unknown as Location & typeof globalThis
     })
 
     it("test should have access to browser globals from beforeAll", () => {
@@ -110,7 +110,7 @@ describe("register", () => {
         origin: "http://localhost:8080",
       }
       const { window } = new JSDOM()
-      global.window = (window as unknown) as Window & typeof globalThis
+      global.window = window as unknown as Window & typeof globalThis
       global.document = window.document
       global.navigator = window.navigator
       global.location = location as Location
@@ -131,10 +131,10 @@ describe("register", () => {
       jest.restoreAllMocks()
 
       // We don't want these to stay around because it can affect other tests
-      global.window = (undefined as unknown) as Window & typeof globalThis
-      global.document = (undefined as unknown) as Document & typeof globalThis
-      global.navigator = (undefined as unknown) as Navigator & typeof globalThis
-      global.location = (undefined as unknown) as Location & typeof globalThis
+      global.window = undefined as unknown as Window & typeof globalThis
+      global.document = undefined as unknown as Document & typeof globalThis
+      global.navigator = undefined as unknown as Navigator & typeof globalThis
+      global.location = undefined as unknown as Location & typeof globalThis
     })
     it("should register when options.base is undefined", async () => {
       // Mock getElementById