Merge branch 'main' into release/v4.9.0

2026-04-16 12:25:03 -05:00 · 2022-11-30 12:36:16 -07:00 · 2022-11-10 13:49:07 -07:00 · 2022-11-10 12:46:39 -07:00 · 2022-11-10 11:51:50 -07:00 · 2022-11-10 11:51:50 -07:00
17 changed files with 73 additions and 100 deletions
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -24,7 +24,7 @@ concurrency:
 jobs:
  prettier:
    name: Format with Prettier
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-latest
    timeout-minutes: 5
    steps:
      - name: Checkout repo
@@ -37,7 +37,7 @@ jobs:

  doctoc:
    name: Doctoc markdown files
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-latest
    timeout-minutes: 5
    steps:
      - name: Checkout repo
@@ -66,7 +66,7 @@ jobs:

  lint-helm:
    name: Lint Helm chart
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-latest
    timeout-minutes: 5
    steps:
      - name: Checkout repo
@@ -97,7 +97,7 @@ jobs:

  lint-ts:
    name: Lint TypeScript files
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-latest
    timeout-minutes: 5
    steps:
      - name: Checkout repo
@@ -141,7 +141,7 @@ jobs:

  build:
    name: Build code-server
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-latest
    timeout-minutes: 30
    env:
      CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
@@ -244,7 +244,7 @@ jobs:
    # Only run if PR comes from base repo or event is not a PR
    # Reason: forks cannot access secrets and this will always fail
    if: github.event.pull_request.head.repo.full_name == github.repository || github.event_name != 'pull_request'
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-latest
    steps:
      - name: Checkout repo
        uses: actions/checkout@v3
@@ -295,8 +295,8 @@ jobs:
  test-e2e:
    name: Run e2e tests
    needs: build
-    runs-on: ubuntu-20.04
-    timeout-minutes: 25
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
    steps:
      - name: Checkout repo
        uses: actions/checkout@v3
@@ -324,7 +324,7 @@ jobs:
        run: tar -xzf package.tar.gz

      - name: Install release package dependencies
-        run: cd release && npm install --unsafe-perm --omit=dev
+        run: cd release && yarn install

      - name: Install dependencies
        if: steps.cache-node-modules.outputs.cache-hit != 'true'
@@ -351,7 +351,7 @@ jobs:
  test-e2e-proxy:
    name: Run e2e tests behind proxy
    needs: build
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-latest
    timeout-minutes: 25
    steps:
      - name: Checkout repo
@@ -380,7 +380,7 @@ jobs:
        run: tar -xzf package.tar.gz

      - name: Install release package dependencies
-        run: cd release && npm install --unsafe-perm --omit=dev
+        run: cd release && yarn install

      - name: Install dependencies
        if: steps.cache-node-modules.outputs.cache-hit != 'true'
--- a/.github/workflows/publish.yaml
+++ b/.github/workflows/publish.yaml
@@ -127,8 +127,6 @@ jobs:

      - name: Validate package
        uses: hapakaien/archlinux-package-action@v2
-        env:
-          VERSION: ${{ env.VERSION }}
        with:
          pkgver: ${{ env.VERSION }}
          updpkgsums: true
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -44,13 +44,11 @@ jobs:
        run: |
          yum install -y epel-release centos-release-scl make
          yum install -y devtoolset-9-{make,gcc,gcc-c++} jq rsync python3
-          # for keytar
-          yum install -y libsecret-devel

      - name: Install nfpm and envsubst
        run: |
          mkdir -p ~/.local/bin
-          curl -sSfL https://github.com/goreleaser/nfpm/releases/download/v2.22.2/nfpm_2.22.2_`uname -s`_`uname -m`.tar.gz | tar -C ~/.local/bin -zxv nfpm
+          curl -sSfL https://github.com/goreleaser/nfpm/releases/download/v2.3.1/nfpm_2.3.1_`uname -s`_`uname -m`.tar.gz | tar -C ~/.local/bin -zxv nfpm
          curl -sSfL https://github.com/a8m/envsubst/releases/download/v1.1.0/envsubst-`uname -s`-`uname -m` -o envsubst
          chmod +x envsubst
          mv envsubst ~/.local/bin
@@ -70,9 +68,19 @@ jobs:
      # NOTE: && here is deliberate - GitHub puts each line in its own `.sh`
      # file when running inside a docker container.
      - name: Build standalone release
-        run: source scl_source enable devtoolset-9 && npm run release:standalone
+        run: source scl_source enable devtoolset-9 && yarn release:standalone
+
+      - name: Fetch dependencies from cache
+        id: cache-node-modules
+        uses: actions/cache@v3
+        with:
+          path: "**/node_modules"
+          key: yarn-build-${{ hashFiles('**/yarn.lock') }}
+          restore-keys: |
+            yarn-build-

      - name: Install test dependencies
+        if: steps.cache-node-modules.outputs.cache-hit != 'true'
        run: SKIP_SUBMODULE_DEPS=1 yarn --frozen-lockfile

      - name: Run integration tests on standalone release
@@ -119,11 +127,11 @@ jobs:
  # but this means we don't need to maintain a self-hosted runner!

  # NOTE@jsjoeio:
-  # We used to use 18.04 until GitHub browned it out on December 15, 2022
-  # See here: https://github.com/actions/runner-images/issues/6002
+  # We used to use 16.04 until GitHub deprecated it on September 20, 2021
+  # See here: https://github.com/actions/virtual-environments/pull/3862/files
  package-linux-cross:
    name: Linux cross-compile builds
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-18.04
    timeout-minutes: 15
    needs: npm-version
    strategy:
@@ -170,8 +178,6 @@ jobs:
      - name: Decompress npm package
        run: tar -xzf package.tar.gz

-      # NOTE@jsjoeio - npm fails here
-      # so use yarn
      - name: Build standalone release
        run: yarn release:standalone

@@ -228,9 +234,19 @@ jobs:
        run: tar -xzf package.tar.gz

      - name: Build standalone release
-        run: npm run release:standalone
+        run: yarn release:standalone
+
+      - name: Fetch dependencies from cache
+        id: cache-node-modules
+        uses: actions/cache@v3
+        with:
+          path: "**/node_modules"
+          key: yarn-build-${{ hashFiles('**/yarn.lock') }}
+          restore-keys: |
+            yarn-build-

      - name: Install test dependencies
+        if: steps.cache-node-modules.outputs.cache-hit != 'true'
        run: SKIP_SUBMODULE_DEPS=1 yarn install

      - name: Run native module tests on standalone release
@@ -283,9 +299,8 @@ jobs:
          branch: ${{ github.ref }}
          workflow: build.yaml
          workflow_conclusion: completed
+          check_artifacts: true
          name: npm-package
-          check_artifacts: false
-          if_no_artifact_found: fail

      - name: Decompress npm package
        run: tar -xzf package.tar.gz
@@ -306,9 +321,7 @@ jobs:

          echo "Updating version in lib/vscode/product.json"
          tmp=$(mktemp) 
-          jq ".codeServerVersion = \"$VERSION\"" release/lib/vscode/product.json > "$tmp" && mv "$tmp" release/lib/vscode/product.json
-          # Ensure it has the same permissions as before
-          chmod 644 release/lib/vscode/product.json
+          jq '.codeServerVersion = "$VERSION"' release/lib/vscode/product.json > "$tmp" && mv "$tmp" release/lib/vscode/product.json

      - name: Compress release package
        run: tar -czf package.tar.gz release
--- a/.prettierignore
+++ b/.prettierignore
@@ -1,7 +1,6 @@
 lib/vscode
 lib/vscode-reh-web-linux-x64
 release-standalone
-release-packages
 release
 helm-chart
 test/scripts
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -20,27 +20,11 @@ Code v99.99.999

 -->

-## [4.9.0](https://github.com/coder/code-server/releases/tag/v4.9.0) - 2022-12-06
+## [4.9.0](https://github.com/coder/code-server/releases/tag/v4.9.0) - 2022-11-14

-Code v1.73.1
+Code v1.73.0

-### Changed
-
- Upgraded to Code 1.73.1
-
-### Added
-
- `/security.txt` added as a route with info on our security policy information thanks to @ghuntley
-
-### Fixed
-
- Installing on majaro images should now work thanks to @MrPeacockNLB for
-  adding the `--noconfirm` flag in `install.sh`
-
-### Known Issues
-
- `--cert` on Ubuntu 22.04: OpenSSL v3 is used which breaks `pem` meaning the
-  `--cert` feature will not work. [Reference](https://github.com/adobe/fetch/pull/318#issuecomment-1306070259)
+WIP

 ## [4.8.3](https://github.com/coder/code-server/releases/tag/v4.8.3) - 2022-11-07

--- a/ci/build/build-vscode.sh
+++ b/ci/build/build-vscode.sh
@@ -42,12 +42,6 @@ main() {

  pushd lib/vscode

-  if [[ ! ${VERSION-} ]]; then
-    echo "VERSION not set. Please set before running this script:"
-    echo "VERSION='0.0.0' yarn build:vscode"
-    exit 1
-  fi
-
  # Set the commit Code will embed into the product.json.  We need to do this
  # since Code tries to get the commit from the `.git` directory which will fail
  # as it is a submodule.
--- a/ci/build/nfpm.yaml
+++ b/ci/build/nfpm.yaml
@@ -22,4 +22,4 @@ contents:
    dst: /usr/lib/systemd/user/code-server.service

  - src: ./release-standalone/*
-    dst: /usr/lib/code-server
+    dst: /usr/lib/code-server/
--- a/ci/build/npm-postinstall.sh
+++ b/ci/build/npm-postinstall.sh
@@ -124,18 +124,27 @@ main() {
 }

 install_with_yarn_or_npm() {
-  echo "User agent: ${npm_config_user_agent-none}"
  # NOTE@edvincent: We want to keep using the package manager that the end-user was using to install the package.
  # This also ensures that when *we* run `yarn` in the development process, the yarn.lock file is used.
  case "${npm_config_user_agent-}" in
-    npm*)
-      # HACK: NPM's use of semver doesn't like resolving some peerDependencies that vscode (upstream) brings in the form of pre-releases.
-      # The legacy behavior doesn't complain about pre-releases being used, falling back to that for now.
-      # See https://github.com//pull/5071
-      npm install --unsafe-perm --legacy-peer-deps --omit=dev
-      ;;
    yarn*)
-      yarn --production --frozen-lockfile --no-default-rc
+      if [ -f "yarn.lock" ]; then
+        yarn --production --frozen-lockfile --no-default-rc
+      else
+        echo "yarn.lock file not present, not running in development mode. use npm to install code-server!"
+        exit 1
+      fi
+      ;;
+    npm*)
+      if [ -f "yarn.lock" ]; then
+        echo "yarn.lock file present, running in development mode. use yarn to install code-server!"
+        exit 1
+      else
+        # HACK: NPM's use of semver doesn't like resolving some peerDependencies that vscode (upstream) brings in the form of pre-releases.
+        # The legacy behavior doesn't complain about pre-releases being used, falling back to that for now.
+        # See https://github.com//pull/5071
+        npm install --unsafe-perm --legacy-peer-deps --omit=dev
+      fi
      ;;
    *)
      echo "Could not determine which package manager is being used to install code-server"
--- a/ci/helm-chart/Chart.yaml
+++ b/ci/helm-chart/Chart.yaml
@@ -15,9 +15,9 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 3.4.0
+version: 3.3.3

 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: 4.9.0
+appVersion: 4.8.3
--- a/ci/helm-chart/values.yaml
+++ b/ci/helm-chart/values.yaml
@@ -6,7 +6,7 @@ replicaCount: 1

 image:
  repository: codercom/code-server
-  tag: '4.9.0'
+  tag: '4.8.3'
  pullPolicy: Always

 # Specifies one or more secrets to be used when pulling images from a
--- a/install.sh
+++ b/install.sh
@@ -387,7 +387,7 @@ install_aur() {
  if [ ! "${DRY_RUN-}" ]; then
    cd "$CACHE_DIR/code-server-aur"
  fi
-  sh_c makepkg -si --noconfirm
+  sh_c makepkg -si

  echo_systemd_postinstall AUR
 }
--- a/package.json
+++ b/package.json
@@ -83,8 +83,7 @@
    "nanoid": "^3.1.31",
    "minimist": "npm:minimist-lite@2.2.1",
    "glob-parent": "^6.0.1",
-    "@types/node": "^16.0.0",
-    "qs": "^6.7.3"
+    "@types/node": "^16.0.0"
  },
  "dependencies": {
    "@coder/logger": "^3.0.0",
@@ -117,8 +116,7 @@
    "ide",
    "coder",
    "vscode-remote",
-    "browser-ide",
-    "remote-development"
+    "browser-ide"
  ],
  "engines": {
    "node": "16"
--- a/src/browser/security.txt
+++ b/src/browser/security.txt
@@ -1,6 +0,0 @@
-Contact: mailto:security@coder.com
-Acknowledgments: https://coder.com/security/thanks
-Preferred-Languages: en-US
-Canonical: https://coder.com/.well-known/security.txt
-Policy: https://coder.com/security/policy
-Hiring: https://coder.com/careers
--- a/src/node/routes/index.ts
+++ b/src/node/routes/index.ts
@@ -81,13 +81,6 @@ export const register = async (app: App, args: DefaultedArgs): Promise<Disposabl
      return res.redirect(`https://${req.headers.host}${req.originalUrl}`)
    }

-    // Return security.txt.
-    if (req.originalUrl === "/security.txt" || req.originalUrl === "/.well-known/security.txt") {
-      const resourcePath = path.resolve(rootPath, "src/browser/security.txt")
-      res.set("Content-Type", getMediaMime(resourcePath))
-      return res.send(await fs.readFile(resourcePath))
-    }
-
    // Return robots.txt.
    if (req.originalUrl === "/robots.txt") {
      const resourcePath = path.resolve(rootPath, "src/browser/robots.txt")
--- a/src/node/wrapper.ts
+++ b/src/node/wrapper.ts
@@ -147,7 +147,7 @@ abstract class Process {
 * Child process that will clean up after itself if the parent goes away and can
 * perform a handshake with the parent and ask it to relaunch.
 */
-export class ChildProcess extends Process {
+class ChildProcess extends Process {
  public logger = logger.named(`child:${process.pid}`)

  public constructor(private readonly parentPid: number) {
--- a/test/unit/node/wrapper.test.ts
+++ b/test/unit/node/wrapper.test.ts
@@ -1,14 +0,0 @@
-import { ChildProcess, ParentProcess, isChild } from "../../../src/node/wrapper"
-
-describe("wrapper", () => {
-  describe("isChild", () => {
-    it("should return false for parent process", () => {
-      const p = new ParentProcess("1")
-      expect(isChild(p)).toBe(false)
-    })
-  })
-  it("should return false for parent process", () => {
-    const childProc = new ChildProcess(1)
-    expect(isChild(childProc)).toBe(true)
-  })
-})
--- a/yarn.lock
+++ b/yarn.lock
@@ -2812,13 +2812,18 @@ punycode@^2.1.0:
  resolved "https://registry.yarnpkg.com/punycode/-/punycode-2.1.1.tgz#b58b010ac40c22c5657616c8d2c2c02c7bf479ec"
  integrity sha512-XRsRjdf+j5ml+y/6GKHPZbrF/8p2Yga0JPtdqTIY2Xe5ohJPD9saDJJLPvp9+NSBprVvevdXZybnj2cv8OEd0A==

-qs@6.11.0, qs@6.7.0, qs@^6.7.3:
+qs@6.11.0:
  version "6.11.0"
  resolved "https://registry.yarnpkg.com/qs/-/qs-6.11.0.tgz#fd0d963446f7a65e1367e01abd85429453f0c37a"
  integrity sha512-MvjoMCJwEarSbUYk5O+nmoSzSutSsTwF85zcHPQ9OrlFoZOYIjaqBAJIqIXjptyD5vThxGq52Xu/MaJzRkIk4Q==
  dependencies:
    side-channel "^1.0.4"

+qs@6.7.0:
+  version "6.7.0"
+  resolved "https://registry.yarnpkg.com/qs/-/qs-6.7.0.tgz#41dc1a015e3d581f1621776be31afb2876a9b1bc"
+  integrity sha512-VCdBRNFTX1fyE7Nb6FYoURo/SPe62QCaAyzJvUjwRaIsc+NePBEniHlvxFmmX56+HZphIGtV0XeCirBtpDrTyQ==
+
 queue-microtask@^1.2.2:
  version "1.2.2"
  resolved "https://registry.yarnpkg.com/queue-microtask/-/queue-microtask-1.2.2.tgz#abf64491e6ecf0f38a6502403d4cda04f372dfd3"
Author	SHA1	Message	Date
Joe Previte	9efbd2d59c	Merge branch 'main' into release/v4.9.0	2022-11-30 12:36:16 -07:00
Joe Previte	ccf882f830	Merge branch 'main' into release/v4.9.0	2022-11-10 13:49:07 -07:00
Joe Previte	96b3c3e024	Merge branch 'main' into release/v4.9.0	2022-11-10 12:46:39 -07:00
Joe Previte	17d41135f3	fixup	2022-11-10 11:51:50 -07:00
Joe Previte	9694242b2f	wip: changelog	2022-11-10 11:51:50 -07:00