fix(code-server,vscode-web): parse JSONC in extensions.json with sed#3
Draft
rodmk wants to merge 93 commits into
Draft
fix(code-server,vscode-web): parse JSONC in extensions.json with sed#3rodmk wants to merge 93 commits into
rodmk wants to merge 93 commits into
Conversation
72ad552 to
9cb56ab
Compare
055bb5c to
e95ad81
Compare
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
e95ad81 to
a231800
Compare
## Summary - add optional mux auto-restarts with delay, lock cleanup, and restart-attempt caps - restart mux after any exit when enabled, including intentional exits and signals - require `max_restart_attempts` to be a non-negative whole number and update docs/tests for the new restart semantics ## Validation - `bash -n registry/coder/modules/mux/run.sh` - `cd registry/coder/modules/mux && terraform validate` - `cd registry/coder/modules/mux && terraform test -verbose` - `cd registry/coder/modules/mux && bun test main.test.ts` Generated with OpenAI using Mux
…zation (coder#803) ## Description - This lead to a bug where if the folder name is in the form `a.b.c`: - we check for: `-home-coder-ai.coder.com/cd32e253-ca16-4fd3-9825-d837e74ae3c2.jsonl` - But the actual file path for claude-session is: `-home-coder-ai-coder-com/cd32e253-ca16-4fd3-9825-d837e74ae3c2.jsonl` - The above bug might also occur in the case of `a_b_c` - update workdir normalization to handle dot in path ## Type of Change - [ ] New module - [ ] New template - [x] Bug fix - [ ] Feature/enhancement - [ ] Documentation - [ ] Other ## Module Information <!-- Delete this section if not applicable --> **Path:** `registry/coder/modules/claude-code` **New version:** `v4.8.1` **Breaking change:** [ ] Yes [x] No ## Testing & Validation - [x] Tests pass (`bun test`) - [x] Code formatted (`bun fmt`) - [x] Changes tested locally ## Related Issues <!-- Link related issues or write "None" if not applicable -->
Bumps the github-actions group with 3 updates: [dorny/paths-filter](https://github.com/dorny/paths-filter), [coder/coder](https://github.com/coder/coder) and [oven-sh/setup-bun](https://github.com/oven-sh/setup-bun). Updates `dorny/paths-filter` from 3.0.2 to 4.0.1 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/dorny/paths-filter/releases">dorny/paths-filter's releases</a>.</em></p> <blockquote> <h2>v4.0.0</h2> <h2>What's Changed</h2> <ul> <li>feat: update action runtime to node24 by <a href="https://github.com/saschabratton"><code>@saschabratton</code></a> in <a href="https://redirect.github.com/dorny/paths-filter/pull/294">dorny/paths-filter#294</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/saschabratton"><code>@saschabratton</code></a> made their first contribution in <a href="https://redirect.github.com/dorny/paths-filter/pull/294">dorny/paths-filter#294</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/dorny/paths-filter/compare/v3.0.3...v4.0.0">https://github.com/dorny/paths-filter/compare/v3.0.3...v4.0.0</a></p> <h2>v3.0.3</h2> <h2>What's Changed</h2> <ul> <li>Add missing predicate-quantifier by <a href="https://github.com/wardpeet"><code>@wardpeet</code></a> in <a href="https://redirect.github.com/dorny/paths-filter/pull/279">dorny/paths-filter#279</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/wardpeet"><code>@wardpeet</code></a> made their first contribution in <a href="https://redirect.github.com/dorny/paths-filter/pull/279">dorny/paths-filter#279</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/dorny/paths-filter/compare/v3...v3.0.3">https://github.com/dorny/paths-filter/compare/v3...v3.0.3</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/dorny/paths-filter/blob/master/CHANGELOG.md">dorny/paths-filter's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h2>v4.0.0</h2> <ul> <li><a href="https://redirect.github.com/dorny/paths-filter/pull/294">Update action runtime to node24</a></li> </ul> <h2>v3.0.3</h2> <ul> <li><a href="https://redirect.github.com/dorny/paths-filter/pull/279">Add missing predicate-quantifier</a></li> </ul> <h2>v3.0.2</h2> <ul> <li><a href="https://redirect.github.com/dorny/paths-filter/pull/224">Add config parameter for predicate quantifier</a></li> </ul> <h2>v3.0.1</h2> <ul> <li><a href="https://redirect.github.com/dorny/paths-filter/pull/133">Compare base and ref when token is empty</a></li> </ul> <h2>v3.0.0</h2> <ul> <li><a href="https://redirect.github.com/dorny/paths-filter/pull/210">Update to Node.js 20</a></li> <li><a href="https://redirect.github.com/dorny/paths-filter/pull/215">Update all dependencies</a></li> </ul> <h2>v2.11.1</h2> <ul> <li><a href="https://redirect.github.com/dorny/paths-filter/pull/167">Update <code>@actions/core</code> to v1.10.0 - Fixes warning about deprecated set-output</a></li> <li><a href="https://redirect.github.com/dorny/paths-filter/pull/168">Document need for pull-requests: read permission</a></li> <li><a href="https://redirect.github.com/dorny/paths-filter/pull/164">Updating to actions/checkout@v3</a></li> </ul> <h2>v2.11.0</h2> <ul> <li><a href="https://redirect.github.com/dorny/paths-filter/pull/157">Set list-files input parameter as not required</a></li> <li><a href="https://redirect.github.com/dorny/paths-filter/pull/161">Update Node.js</a></li> <li><a href="https://redirect.github.com/dorny/paths-filter/pull/162">Fix incorrect handling of Unicode characters in exec()</a></li> <li><a href="https://redirect.github.com/dorny/paths-filter/pull/163">Use Octokit pagination</a></li> <li><a href="https://redirect.github.com/dorny/paths-filter/pull/160">Updates real world links</a></li> </ul> <h2>v2.10.2</h2> <ul> <li><a href="https://redirect.github.com/dorny/paths-filter/pull/91">Fix getLocalRef() returns wrong ref</a></li> </ul> <h2>v2.10.1</h2> <ul> <li><a href="https://redirect.github.com/dorny/paths-filter/pull/85">Improve robustness of change detection</a></li> </ul> <h2>v2.10.0</h2> <ul> <li><a href="https://redirect.github.com/dorny/paths-filter/pull/82">Add ref input parameter</a></li> <li><a href="https://redirect.github.com/dorny/paths-filter/pull/83">Fix change detection in PR when pullRequest.changed_files is incorrect</a></li> </ul> <h2>v2.9.3</h2> <ul> <li><a href="https://redirect.github.com/dorny/paths-filter/pull/78">Fix change detection when base is a tag</a></li> </ul> <h2>v2.9.2</h2> <ul> <li><a href="https://redirect.github.com/dorny/paths-filter/pull/75">Fix fetching git history</a></li> </ul> <h2>v2.9.1</h2> <ul> <li><a href="https://redirect.github.com/dorny/paths-filter/pull/74">Fix fetching git history + fallback to unshallow repo</a></li> </ul> <h2>v2.9.0</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/dorny/paths-filter/commit/fbd0ab8f3e69293af611ebaee6363fc25e6d187d"><code>fbd0ab8</code></a> feat: add merge_group event support</li> <li><a href="https://github.com/dorny/paths-filter/commit/efb1da7ce8d89bbc261191e5a2dc1453c3837339"><code>efb1da7</code></a> feat: add dist/ freshness check to PR workflow</li> <li><a href="https://github.com/dorny/paths-filter/commit/d8f7b061b24c30a325ff314b76c37adb05b041ce"><code>d8f7b06</code></a> Merge pull request <a href="https://redirect.github.com/dorny/paths-filter/issues/302">#302</a> from dorny/issue-299</li> <li><a href="https://github.com/dorny/paths-filter/commit/addbc147a95845176e1bc013a012fbf1d366389a"><code>addbc14</code></a> Update README for v4</li> <li><a href="https://github.com/dorny/paths-filter/commit/9d7afb8d214ad99e78fbd4247752c4caed2b6e4c"><code>9d7afb8</code></a> Update CHANGELOG for v4.0.0</li> <li><a href="https://github.com/dorny/paths-filter/commit/782470c5d953cae2693d643172b14e01bacb71f3"><code>782470c</code></a> Merge branch 'releases/v3'</li> <li><a href="https://github.com/dorny/paths-filter/commit/d1c1ffe0248fe513906c8e24db8ea791d46f8590"><code>d1c1ffe</code></a> Update CHANGELOG for v3.0.3</li> <li><a href="https://github.com/dorny/paths-filter/commit/ce10459c8b92cd8901166c0a222fbb033ef39365"><code>ce10459</code></a> Merge pull request <a href="https://redirect.github.com/dorny/paths-filter/issues/294">#294</a> from saschabratton/master</li> <li><a href="https://github.com/dorny/paths-filter/commit/5f40380c5482e806c81cec080f5192e7234d8fe9"><code>5f40380</code></a> feat: update action runtime to node24</li> <li><a href="https://github.com/dorny/paths-filter/commit/668c092af3649c4b664c54e4b704aa46782f6f7c"><code>668c092</code></a> Merge pull request <a href="https://redirect.github.com/dorny/paths-filter/issues/279">#279</a> from wardpeet/patch-1</li> <li>Additional commits viewable in <a href="https://github.com/dorny/paths-filter/compare/de90cc6fb38fc0963ad72b210f1f284cd68cea36...fbd0ab8f3e69293af611ebaee6363fc25e6d187d">compare view</a></li> </ul> </details> <br /> Updates `coder/coder` from 2.31.3 to 2.31.5 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/coder/coder/releases">coder/coder's releases</a>.</em></p> <blockquote> <h2>v2.31.5</h2> <h2>Changelog</h2> <blockquote> <p>[!NOTE] This is a mainline Coder release. We advise enterprise customers without a staging environment to install our <a href="https://github.com/coder/coder/releases/latest">latest stable release</a> while we refine this version. Learn more about our <a href="https://coder.com/docs/install/releases">Release Schedule</a>.</p> </blockquote> <h3>Bug fixes</h3> <ul> <li>Prevent emitting build duration metric for devcontainer subagents (<a href="https://redirect.github.com/coder/coder/issues/22930">#22930</a>, 2cd4e03f1)</li> <li>Prevent ui error when last org member is removed (<a href="https://redirect.github.com/coder/coder/issues/23019">#23019</a>, 581e956b4)</li> <li>Networking: Retry after transport dial timeouts (<a href="https://redirect.github.com/coder/coder/issues/22977">#22977</a>, 1a774ab7c)</li> </ul> <p>Compare: <a href="https://github.com/coder/coder/compare/v2.31.4...v2.31.5"><code>v2.31.4...v2.31.5</code></a></p> <h2>Container image</h2> <ul> <li><code>docker pull ghcr.io/coder/coder:2.31.5</code></li> </ul> <h2>Install/upgrade</h2> <p>Refer to our docs to <a href="https://coder.com/docs/install">install</a> or <a href="https://coder.com/docs/install/upgrade">upgrade</a> Coder, or use a release asset below.</p> <h2>v2.31.4</h2> <h2>Changelog</h2> <blockquote> <p>[!NOTE] This is a mainline Coder release. We advise enterprise customers without a staging environment to install our <a href="https://github.com/coder/coder/releases/latest">latest stable release</a> while we refine this version. Learn more about our <a href="https://coder.com/docs/install/releases">Release Schedule</a>.</p> </blockquote> <h3>Features</h3> <ul> <li>Add Prometheus collector for DERP server expvar metrics (<a href="https://redirect.github.com/coder/coder/issues/22583">#22583</a>, a3792153d)</li> </ul> <h3>Bug fixes</h3> <ul> <li>Filter sub-agents from build duration metric (<a href="https://redirect.github.com/coder/coder/issues/22732">#22732</a>, 757634c72)</li> <li>Bump aibridge to v1.0.9 to forward Anthropic-Beta header (<a href="https://redirect.github.com/coder/coder/issues/22842">#22842</a>, 61b513e58)</li> </ul> <p>Compare: <a href="https://github.com/coder/coder/compare/v2.31.3...v2.31.4"><code>v2.31.3...v2.31.4</code></a></p> <h2>Container image</h2> <ul> <li><code>docker pull ghcr.io/coder/coder:2.31.4</code></li> </ul> <h2>Install/upgrade</h2> <p>Refer to our docs to <a href="https://coder.com/docs/install">install</a> or <a href="https://coder.com/docs/install/upgrade">upgrade</a> Coder, or use a release asset below.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/coder/coder/commit/1a774ab7ce99063a2e01beb94de3fcbccaf84dbe"><code>1a774ab</code></a> fix(tailnet): retry after transport dial timeouts (<a href="https://redirect.github.com/coder/coder/issues/22977">#22977</a>) (cherry-pick/v2.31...</li> <li><a href="https://github.com/coder/coder/commit/581e956b49bf34bc0145188aa7e15f3e7f8e71c4"><code>581e956</code></a> fix: prevent ui error when last org member is removed (<a href="https://redirect.github.com/coder/coder/issues/23019">#23019</a>)</li> <li><a href="https://github.com/coder/coder/commit/2cd4e03f11dcf732f06af2899c0e896b2c2ee766"><code>2cd4e03</code></a> fix: prevent emitting build duration metric for devcontainer subagents (<a href="https://redirect.github.com/coder/coder/issues/22930">#22930</a>)</li> <li><a href="https://github.com/coder/coder/commit/61b513e586d7dd6ded81beaa6766689988427bad"><code>61b513e</code></a> fix: bump aibridge to v1.0.9 to forward Anthropic-Beta header (<a href="https://redirect.github.com/coder/coder/issues/22842">#22842</a>)</li> <li><a href="https://github.com/coder/coder/commit/757634c720b03eea3c821add9784cb395ae76a9b"><code>757634c</code></a> fix: filter sub-agents from build duration metric (<a href="https://redirect.github.com/coder/coder/issues/22732">#22732</a>) (<a href="https://redirect.github.com/coder/coder/issues/22919">#22919</a>)</li> <li><a href="https://github.com/coder/coder/commit/a3792153dea7efbd6dde31bd41159e4c79b985c7"><code>a379215</code></a> feat: add Prometheus collector for DERP server expvar metrics (<a href="https://redirect.github.com/coder/coder/issues/22583">#22583</a>) (<a href="https://redirect.github.com/coder/coder/issues/22917">#22917</a>)</li> <li>See full diff in <a href="https://github.com/coder/coder/compare/deaacff8437e3f4ee84bc51c4e5162f6dd7d190e...1a774ab7ce99063a2e01beb94de3fcbccaf84dbe">compare view</a></li> </ul> </details> <br /> Updates `oven-sh/setup-bun` from 2.1.3 to 2.2.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/oven-sh/setup-bun/releases">oven-sh/setup-bun's releases</a>.</em></p> <blockquote> <h2>v2.2.0</h2> <p><code>oven-sh/setup-bun</code> is the github action for setting up Bun.</p> <h2>What's Changed</h2> <ul> <li>build: update action runtime to Node.js 24 by <a href="https://github.com/adam0white"><code>@adam0white</code></a> in <a href="https://redirect.github.com/oven-sh/setup-bun/pull/176">oven-sh/setup-bun#176</a></li> <li>ci: use <code>actions/checkout@v6.0.2</code> in the test workflow by <a href="https://github.com/tcely"><code>@tcely</code></a> in <a href="https://redirect.github.com/oven-sh/setup-bun/pull/173">oven-sh/setup-bun#173</a></li> <li>ci: update actions for the <code>autofix.ci</code> workflow by <a href="https://github.com/tcely"><code>@tcely</code></a> in <a href="https://redirect.github.com/oven-sh/setup-bun/pull/174">oven-sh/setup-bun#174</a></li> <li>ci: update actions for the <code>Release new action version</code> workflow by <a href="https://github.com/tcely"><code>@tcely</code></a> in <a href="https://redirect.github.com/oven-sh/setup-bun/pull/175">oven-sh/setup-bun#175</a></li> <li>release: v2.2.0 by <a href="https://github.com/xhyrom"><code>@xhyrom</code></a> in <a href="https://redirect.github.com/oven-sh/setup-bun/pull/177">oven-sh/setup-bun#177</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/adam0white"><code>@adam0white</code></a> made their first contribution in <a href="https://redirect.github.com/oven-sh/setup-bun/pull/176">oven-sh/setup-bun#176</a></li> <li><a href="https://github.com/tcely"><code>@tcely</code></a> made their first contribution in <a href="https://redirect.github.com/oven-sh/setup-bun/pull/173">oven-sh/setup-bun#173</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/oven-sh/setup-bun/compare/v2...v2.2.0">https://github.com/oven-sh/setup-bun/compare/v2...v2.2.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/oven-sh/setup-bun/commit/0c5077e51419868618aeaa5fe8019c62421857d6"><code>0c5077e</code></a> release: v2.2.0 (<a href="https://redirect.github.com/oven-sh/setup-bun/issues/177">#177</a>)</li> <li><a href="https://github.com/oven-sh/setup-bun/commit/1255e43b02f74b77bb39330ef756405951c3303a"><code>1255e43</code></a> ci: update actions for the <code>Release new action version</code> workflow (<a href="https://redirect.github.com/oven-sh/setup-bun/issues/175">#175</a>)</li> <li><a href="https://github.com/oven-sh/setup-bun/commit/61861d1f6a3acf561f12343ea89e2c71ff4af529"><code>61861d1</code></a> ci: update actions for the <code>autofix.ci</code> workflow (<a href="https://redirect.github.com/oven-sh/setup-bun/issues/174">#174</a>)</li> <li><a href="https://github.com/oven-sh/setup-bun/commit/6f5bd063f58cadd19ae42cca8bb41b191e9949bd"><code>6f5bd06</code></a> ci: use <code>actions/checkout@v6.0.2</code> in the test workflow (<a href="https://redirect.github.com/oven-sh/setup-bun/issues/173">#173</a>)</li> <li><a href="https://github.com/oven-sh/setup-bun/commit/e3914758a49697077f7bcd190d36582a61667aad"><code>e391475</code></a> build: update action runtime to Node.js 24 (<a href="https://redirect.github.com/oven-sh/setup-bun/issues/176">#176</a>)</li> <li>See full diff in <a href="https://github.com/oven-sh/setup-bun/compare/ecf28ddc73e819eb6fa29df6b34ef8921c743461...0c5077e51419868618aeaa5fe8019c62421857d6">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
## Description Add a module to install https://github.com/coder/portabledesktop in a workspace. This will be required for the virtual desktop feature in Coder Agents. ## Type of Change - [x] New module - [ ] New template - [ ] Bug fix - [ ] Feature/enhancement - [ ] Documentation - [ ] Other ## Module Information **Path:** `registry/coder/modules/portabledesktop` **New version:** `v1.0.0` **Breaking change:** [ ] Yes [x] No ## Testing & Validation - [x] Tests pass (`bun test`) - [x] Code formatted (`bun fmt`) - [x] Changes tested locally ## Related Issues None
…odel providers instead of profiles (coder#806) ## Description - update default configuration to use model providers instead of profiles ## Type of Change - [ ] New module - [ ] New template - [ ] Bug fix - [x] Feature/enhancement - [ ] Documentation - [ ] Other ## Module Information <!-- Delete this section if not applicable --> **Path:** `registry/coder-labs/modules/codex` **New version:** `v4.3.1` **Breaking change:** [ ] Yes [x] No ## Testing & Validation - [x] Tests pass (`bun test`) - [x] Code formatted (`bun fmt`) - [x] Changes tested locally ## Related Issues <!-- Link related issues or write "None" if not applicable -->
## Description The dotfiles module does not work when using non-POSIX shells i.e. Fish. ## Type of Change - [ ] New module - [ ] New template - [x] Bug fix - [x] Feature/enhancement - [ ] Documentation - [ ] Other ## Module Information **Path:** `registry/coder/modules/dotfiles` **New version:** `v1.4.1` **Breaking change:** [ ] Yes [ ] No ## Testing & Validation - [x] Tests pass (`bun test`) - [x] Code formatted (`bun fmt`) - [x] Changes tested locally ``` bun test v1.3.8 (b64edcb4) registry/coder/modules/dotfiles/main.test.ts: ✓ dotfiles > required variables [190.40ms] ✓ dotfiles > missing variable: agent_id [43.12ms] ✓ dotfiles > default output [150.15ms] ✓ dotfiles > set a default dotfiles_uri [159.14ms] ✓ dotfiles > command uses bash for fish shell compatibility [164.08ms] ✓ dotfiles > set custom order for coder_parameter [166.50ms] 6 pass 0 fail 7 expect() calls Ran 6 tests across 1 file. [1184.00ms] ``` I tested this with a new workspace on Coder v2.27.3 with fish, zsh, and bash. --------- Co-authored-by: DevCats <christofer@coder.com> Co-authored-by: blink-so[bot] <211532188+blink-so[bot]@users.noreply.github.com>
…e_api_key (coder#814) ## Description - update resource count logic for claude_api_key <!-- Briefly describe what this PR does and why --> ## Type of Change - [ ] New module - [ ] New template - [x] Bug fix - [ ] Feature/enhancement - [ ] Documentation - [ ] Other ## Module Information <!-- Delete this section if not applicable --> **Path:** `registry/coder/modules/claude-code` **New version:** `v4.8.2` **Breaking change:** [ ] Yes [ ] No ## Testing & Validation - [x] Tests pass (`bun test`) - [x] Code formatted (`bun fmt`) - [x] Changes tested locally ## Related Issues Closes: coder#812
…oder#815) ## Summary - Fix version pinning bug in the OpenCode install script (`registry/coder-labs/modules/opencode/scripts/install.sh`, line 42) **Bug:** The install command was: ```bash VERSION=$ARG_OPENCODE_VERSION curl -fsSL https://opencode.ai/install | bash ``` `VERSION` was set as an environment variable prefix to `curl` (the left side of the pipe), so the `bash` process on the right side of the pipe never received it. In a shell pipeline, each command runs in its own subprocess, so env var prefixes only apply to the immediately following command. This caused the installer script to always install the latest version instead of the pinned version specified by the user. **Fix:** Move `VERSION` to prefix `bash` instead of `curl`: ```bash curl -fsSL https://opencode.ai/install | VERSION=$ARG_OPENCODE_VERSION bash ``` Now the `VERSION` variable is correctly available to the install script executed by `bash`. ## Test plan - [x] Set `opencode_version` to a specific version (e.g., `0.1.0`) and verify that version is installed instead of latest - [x] Set `opencode_version` to `latest` and verify the latest version is still installed (this code path is unchanged) - [x] Verify `opencode --version` output matches the requested version after install --------- Co-authored-by: 35C4n0r <70096901+35C4n0r@users.noreply.github.com>
Bumps the github-actions group with 2 updates: [coder/coder](https://github.com/coder/coder) and [actions/setup-go](https://github.com/actions/setup-go). Updates `coder/coder` from 2.31.5 to 2.31.6 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/coder/coder/releases">coder/coder's releases</a>.</em></p> <blockquote> <h2>v2.31.6</h2> <h2>Changelog</h2> <blockquote> <p>[!NOTE] This is a mainline Coder release. We advise enterprise customers without a staging environment to install our <a href="https://github.com/coder/coder/releases/latest">latest stable release</a> while we refine this version. Learn more about our <a href="https://coder.com/docs/install/releases">Release Schedule</a>.</p> </blockquote> <h3>Bug fixes</h3> <ul> <li>Open coder_app links in new tab when open_in is tab (<a href="https://redirect.github.com/coder/coder/issues/23000">#23000</a>, e419eb310)</li> </ul> <h3>Chores</h3> <ul> <li>Switch agent gone response from 502 to 404 (backport <a href="https://redirect.github.com/coder/coder/issues/23090">#23090</a>) (<a href="https://redirect.github.com/coder/coder/issues/23635">#23635</a>, f7650296c)</li> </ul> <p>Compare: <a href="https://github.com/coder/coder/compare/v2.31.5...v2.31.6"><code>v2.31.5...v2.31.6</code></a></p> <h2>Container image</h2> <ul> <li><code>docker pull ghcr.io/coder/coder:2.31.6</code></li> </ul> <h2>Install/upgrade</h2> <p>Refer to our docs to <a href="https://coder.com/docs/install">install</a> or <a href="https://coder.com/docs/install/upgrade">upgrade</a> Coder, or use a release asset below.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/coder/coder/commit/f7650296ceb9b020c79cd525ac7bd3c7f252ae1d"><code>f765029</code></a> chore: switch agent gone response from 502 to 404 (backport <a href="https://redirect.github.com/coder/coder/issues/23090">#23090</a>) (<a href="https://redirect.github.com/coder/coder/issues/23635">#23635</a>)</li> <li><a href="https://github.com/coder/coder/commit/e419eb31019520018de8b643344faaf6b3af4be8"><code>e419eb3</code></a> fix: open coder_app links in new tab when open_in is tab (cherry-pick <a href="https://redirect.github.com/coder/coder/issues/23000">#23000</a>)...</li> <li>See full diff in <a href="https://github.com/coder/coder/compare/1a774ab7ce99063a2e01beb94de3fcbccaf84dbe...f7650296ceb9b020c79cd525ac7bd3c7f252ae1d">compare view</a></li> </ul> </details> <br /> Updates `actions/setup-go` from 6.3.0 to 6.4.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/setup-go/releases">actions/setup-go's releases</a>.</em></p> <blockquote> <h2>v6.4.0</h2> <h2>What's Changed</h2> <h3>Enhancement</h3> <ul> <li>Add go-download-base-url input for custom Go distributions by <a href="https://github.com/gdams"><code>@gdams</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/721">actions/setup-go#721</a></li> </ul> <h3>Dependency update</h3> <ul> <li>Upgrade minimatch from 3.1.2 to 3.1.5 by <a href="https://github.com/dependabot"><code>@dependabot</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/727">actions/setup-go#727</a></li> </ul> <h3>Documentation update</h3> <ul> <li>Rearrange README.md, add advanced-usage.md by <a href="https://github.com/priyagupta108"><code>@priyagupta108</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/724">actions/setup-go#724</a></li> <li>Fix Microsoft build of Go link by <a href="https://github.com/gdams"><code>@gdams</code></a> in <a href="https://redirect.github.com/actions/setup-go/pull/734">actions/setup-go#734</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/gdams"><code>@gdams</code></a> made their first contribution in <a href="https://redirect.github.com/actions/setup-go/pull/721">actions/setup-go#721</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/setup-go/compare/v6...v6.4.0">https://github.com/actions/setup-go/compare/v6...v6.4.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/setup-go/commit/4a3601121dd01d1626a1e23e37211e3254c1c06c"><code>4a36011</code></a> docs: fix Microsoft build of Go link (<a href="https://redirect.github.com/actions/setup-go/issues/734">#734</a>)</li> <li><a href="https://github.com/actions/setup-go/commit/8f19afcc704763637be6b1718da0af52ca05785d"><code>8f19afc</code></a> feat: add go-download-base-url input for custom Go distributions (<a href="https://redirect.github.com/actions/setup-go/issues/721">#721</a>)</li> <li><a href="https://github.com/actions/setup-go/commit/27fdb267c15a8835f1ead03dfa07f89be2bb741a"><code>27fdb26</code></a> Bump minimatch from 3.1.2 to 3.1.5 (<a href="https://redirect.github.com/actions/setup-go/issues/727">#727</a>)</li> <li><a href="https://github.com/actions/setup-go/commit/def8c394e3ad351a79bc93815e4a585520fe993b"><code>def8c39</code></a> Rearrange README.md, add advanced-usage.md (<a href="https://redirect.github.com/actions/setup-go/issues/724">#724</a>)</li> <li>See full diff in <a href="https://github.com/actions/setup-go/compare/4b73464bb391d4059bd26b0524d20df3927bd417...4a3601121dd01d1626a1e23e37211e3254c1c06c">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
… `code-server` module documentation (coder#817) ## Description Update incorrect documentation element for **Install multiple extensions** ## Type of Change - [ ] New module - [ ] New template - [ ] Bug fix - [ ] Feature/enhancement - [x] Documentation - [ ] Other ## Related Issues None
…#822) ## Problem The `data "http" "jetbrains_ide_versions"` resource fetches release info from `data.services.jetbrains.com` for **all configured IDE options** at plan time, regardless of what the user actually selected. When the API is unreachable (air-gapped environments, DNS failures, transient outages), this causes a fatal Terraform error that blocks the workspace build — even when no JetBrains IDEs were selected. ## Fix Changed the `for_each` on the HTTP data source (and all dependent locals) from iterating over `var.options`/`var.default` to `local.selected_ides` — the user's actual selection. | Scenario | Before | After | |---|---|---| | No IDEs selected (`[]`) | 9 HTTP requests | 0 HTTP requests | | 1 IDE selected (`["GO"]`) | 9 HTTP requests | 1 HTTP request | | All IDEs selected | 9 HTTP requests | 9 HTTP requests | ## Validation - All 17 existing `terraform test` cases pass - Tested end-to-end on [dev.coder.com](https://dev.coder.com) with Docker template: - `jetbrains_ides=[]` — zero HTTP requests, build succeeds - `jetbrains_ides=["GO"]` — single HTTP request for GoLand only, `coder_app.jetbrains["GO"]` created Closes coder#821 > 🤖 This PR was created with the help of Coder Agents, and needs a human review. 🧑💻
…r (1.4.0) (coder#823) PR coder#822 bumped the jetbrains module version from `1.3.0` to `1.4.0` (minor), but the change was a bugfix and should have been a patch bump. This corrects all 7 version references in the README from `1.4.0` to `1.3.1`. Co-authored-by: blink-so[bot] <211532188+blink-so[bot]@users.noreply.github.com>
…haracters (coder#907) Encodes the Gemini module's `task_prompt` before passing it into the start script and decodes it in `start.sh`, matching how `gemini_system_prompt` is already handled. Prompts containing single quotes or other shell metacharacters are now passed through correctly instead of breaking the start script. ## Type of Change - [x] Bug fix ## Module Information **Path:** `registry/coder-labs/modules/gemini` **New version:** `v3.0.2` **Breaking change:** No ## Testing & Validation - [x] Tests pass (`bun test main.test.ts`) — added a regression test for prompts containing special characters - [x] Code formatted (`bun fmt`) - [x] Changes tested locally ## Related Issues None --- <sub>Generated by Coder Agents on behalf of @jdomeracki-coder.</sub> Co-authored-by: DevCats <christofer@coder.com>
…ault_token (coder#889) ## Summary Replace `default = ""` with `default = null` for the `vault_token` variable in the vault-cli module, addressing part of coder#755. Using `null` instead of `""` is better Terraform practice — it semantically means "not provided" rather than "provided but empty". This also aligns `vault_token` with the existing `vault_namespace` variable in the same module, which already uses `default = null`. ## Changes - `vault_token` default: `""` → `null` - `templatefile` call: added null guard (`var.vault_token != null ? var.vault_token : ""`) to safely pass to shell template - `coder_env.vault_token` count: changed condition from `!= ""` to `!= null` ## Testing All 10 existing Terraform tests pass without modification: ``` $ terraform test -verbose run "test_vault_cli_without_token"... pass run "test_vault_cli_with_token"... pass run "test_vault_cli_custom_version"... pass run "test_vault_cli_custom_install_dir"... pass run "test_vault_cli_invalid_version"... pass run "test_vault_cli_valid_semver"... pass run "test_vault_cli_rejects_v_prefix"... pass run "test_vault_cli_with_namespace"... pass run "test_vault_cli_with_token_and_namespace"... pass run "test_vault_cli_enterprise"... pass Success! 10 passed, 0 failed. ``` ## Notes This is a scoped first step toward coder#755. If the approach is acceptable, I'm happy to submit follow-up PRs for other modules. --------- Co-authored-by: LUYI66DASHUN <875298444@qq.com> Co-authored-by: Cursor <cursoragent@cursor.com> Co-authored-by: DevCats <christofer@coder.com>
## Summary The cloud-dev template has `version = "~> 0.23"` for the coder provider, which is incompatible with modules requiring `>= 2.x` (e.g., code-server requires `>= 2.5.0`). This causes terraform init to fail: ``` Error: Failed to query available provider packages Could not retrieve the list of available versions for provider coder/coder: no available releases match the given constraints ~> 0.23, >= 2.5.0 ``` ## Changes Updated `registry/nboyers/templates/cloud-dev/main.tf` from `~> 0.23` to `>= 2.0`.
…oder#920) ## Description - migrate to gh release installation from official installation script, upstream bug in official install.sh ## Type of Change - [ ] New module - [ ] New template - [x] Bug fix - [ ] Feature/enhancement - [ ] Documentation - [ ] Other ## Module Information <!-- Delete this section if not applicable --> **Path:** `registry/coder-labs/modules/codex` **New version:** `v5.1.1` **Breaking change:** [ ] Yes [x] No ## Testing & Validation - [x] Tests pass (`bun test`) - [x] Code formatted (`bun fmt`) - [x] Changes tested locally ## Related Issues Closes: coder#917 --------- Co-authored-by: Jay Kumar <jay.kumar@coder.com> Co-authored-by: DevCats <christofer@coder.com>
…ions group (coder#924) Bumps the github-actions group with 1 update: [coder/coder](https://github.com/coder/coder). Updates `coder/coder` from 2.34.0 to 2.34.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/coder/coder/releases">coder/coder's releases</a>.</em></p> <blockquote> <h2>v2.34.2 [SECURITY]</h2> <blockquote> <p>[!IMPORTANT] <strong>Security hardening release.</strong><br /> This patch addresses vulnerabilities responsibly disclosed to Coder by <a href="https://red.anthropic.com/2026/cvd/about/">Anthropic's Project Glasswing</a> under their <a href="https://www.anthropic.com/coordinated-vulnerability-disclosure">coordinated vulnerability disclosure</a> program.<br /> We strongly recommend upgrading.<br /> See the <strong>Security patches</strong> section below for the fixed issues and their advisories.</p> </blockquote> <h2>Changelog</h2> <blockquote> <p>[!NOTE] This is a mainline Coder release. We advise enterprise customers without a staging environment to install our <a href="https://github.com/coder/coder/releases/latest">latest stable release</a> while we refine this version. Learn more about our <a href="https://coder.com/docs/install/releases">Release Schedule</a>.</p> </blockquote> <h3>BREAKING CHANGES</h3> <ul> <li>fix(coderd)!: restrict OIDC email fallback to first-time account linking (<a href="https://redirect.github.com/coder/coder/pull/25712">#25712</a>, <a href="https://github.com/coder/coder/commit/ffe764531a">ffe764531a</a>) (<a href="https://github.com/coder/coder/security/advisories/GHSA-9r87-mvcw-x35f">GHSA-9r87-mvcw-x35f</a>, <a href="https://github.com/coder/coder/security/advisories/GHSA-75vm-6w67-gwvp">GHSA-75vm-6w67-gwvp</a>)</li> <li>fix!: validate HostnameSuffix and SSHConfigOptions' (<a href="https://redirect.github.com/coder/coder/pull/26154">#26154</a>, <a href="https://github.com/coder/coder/commit/fb52711371">fb52711371</a>) (<a href="https://github.com/coder/coder/security/advisories/GHSA-mcqq-fqgf-rxwm">GHSA-mcqq-fqgf-rxwm</a>)</li> <li>fix!: reject OIDC login when email_verified claim is non-bool or absent (<a href="https://redirect.github.com/coder/coder/pull/25713">#25713</a>, <a href="https://github.com/coder/coder/commit/120b37a09d">120b37a09d</a>) (<a href="https://github.com/coder/coder/security/advisories/GHSA-9r87-mvcw-x35f">GHSA-9r87-mvcw-x35f</a>, <a href="https://github.com/coder/coder/security/advisories/GHSA-75vm-6w67-gwvp">GHSA-75vm-6w67-gwvp</a>)</li> </ul> <h3>Security patches</h3> <ul> <li>Escape agent log HTML (<a href="https://redirect.github.com/coder/coder/pull/25808">#25808</a>, <a href="https://github.com/coder/coder/commit/bf5a2205e9">bf5a2205e9</a>) (<a href="https://github.com/coder/coder/security/advisories/GHSA-7qw2-f75v-62f7">GHSA-7qw2-f75v-62f7</a>)</li> <li>Escape appearance values in HTML output (<a href="https://redirect.github.com/coder/coder/pull/25804">#25804</a>, <a href="https://github.com/coder/coder/commit/aba08538bb">aba08538bb</a>) (<a href="https://github.com/coder/coder/security/advisories/GHSA-h58c-xccx-75m3">GHSA-h58c-xccx-75m3</a>)</li> <li>Clamp template port sharing level in SubAgentAPI (<a href="https://redirect.github.com/coder/coder/pull/26061">#26061</a>, <a href="https://github.com/coder/coder/commit/b78ec312ed">b78ec312ed</a>) (<a href="https://github.com/coder/coder/security/advisories/GHSA-x9qq-2qh5-8rxf">GHSA-x9qq-2qh5-8rxf</a>)</li> <li>Use a random value for a simulated hash for built-in users (<a href="https://redirect.github.com/coder/coder/pull/26205">#26205</a>, <a href="https://github.com/coder/coder/commit/6879532f9d">6879532f9d</a>) (<a href="https://github.com/coder/coder/security/advisories/GHSA-8fxq-53rx-ph5f">GHSA-8fxq-53rx-ph5f</a>)</li> <li>Require update permission to recreate devcontainers (<a href="https://redirect.github.com/coder/coder/pull/25812">#25812</a>, <a href="https://github.com/coder/coder/commit/e822677bd2">e822677bd2</a>) (<a href="https://github.com/coder/coder/security/advisories/GHSA-jqj2-x4c5-jfxm">GHSA-jqj2-x4c5-jfxm</a>)</li> <li>Server: Verify workspace owner matches app username (<a href="https://redirect.github.com/coder/coder/pull/26085">#26085</a>, <a href="https://github.com/coder/coder/commit/3019613cd5">3019613cd5</a>) (<a href="https://github.com/coder/coder/security/advisories/GHSA-5wg6-jmq2-53pw">GHSA-5wg6-jmq2-53pw</a>)</li> <li>Always verify TLS on aibridgeproxyd upstream transport (<a href="https://redirect.github.com/coder/coder/pull/26131">#26131</a>, <a href="https://github.com/coder/coder/commit/6293c89895">6293c89895</a>) (<a href="https://github.com/coder/coder/security/advisories/GHSA-84rm-42xw-mx52">GHSA-84rm-42xw-mx52</a>)</li> <li>Check user user is active in aibridge auth (<a href="https://redirect.github.com/coder/coder/pull/26173">#26173</a>, <a href="https://github.com/coder/coder/commit/943b04f663">943b04f663</a>) (<a href="https://github.com/coder/coder/security/advisories/GHSA-wqxv-w64v-5wh6">GHSA-wqxv-w64v-5wh6</a>)</li> <li>Add max bytes request limit to aibridge (<a href="https://redirect.github.com/coder/coder/pull/26164">#26164</a>, <a href="https://github.com/coder/coder/commit/9fc2550fe1">9fc2550fe1</a>) (<a href="https://github.com/coder/coder/security/advisories/GHSA-f5vp-w269-392g">GHSA-f5vp-w269-392g</a>)</li> <li>Server: Prevent user-admin from resetting owner password (<a href="https://redirect.github.com/coder/coder/pull/25709">#25709</a>, <a href="https://github.com/coder/coder/commit/f15a934eec">f15a934eec</a>) (<a href="https://github.com/coder/coder/security/advisories/GHSA-29xf-69gq-m9jx">GHSA-29xf-69gq-m9jx</a>)</li> <li>Validate FileSize in NewDataBuilder to prevent OOM DoS (<a href="https://redirect.github.com/coder/coder/pull/25710">#25710</a>, <a href="https://github.com/coder/coder/commit/531ef5ecb3">531ef5ecb3</a>) (<a href="https://github.com/coder/coder/security/advisories/GHSA-f962-qm93-mj4c">GHSA-f962-qm93-mj4c</a>)</li> <li>Reject oversized and invalid zip uploads (<a href="https://redirect.github.com/coder/coder/pull/25877">#25877</a>, <a href="https://github.com/coder/coder/commit/430ba84ada">430ba84ada</a>) (<a href="https://github.com/coder/coder/security/advisories/GHSA-2mg2-p7r7-g27f">GHSA-2mg2-p7r7-g27f</a>)</li> <li>Server: Prevent cross-tenant workspace app rebinding (<a href="https://redirect.github.com/coder/coder/pull/26103">#26103</a>, <a href="https://github.com/coder/coder/commit/e4a765754a">e4a765754a</a>) (<a href="https://github.com/coder/coder/security/advisories/GHSA-9rjw-3gwp-f59v">GHSA-9rjw-3gwp-f59v</a>)</li> <li>Agent: Prevent command injection in shell execer (<a href="https://redirect.github.com/coder/coder/pull/26235">#26235</a>, <a href="https://github.com/coder/coder/commit/b949480248">b949480248</a>) (<a href="https://github.com/coder/coder/security/advisories/GHSA-359v-rvmf-m3g9">GHSA-359v-rvmf-m3g9</a>)</li> <li>Validate agent-supplied AllowedIPs in coordinator (<a href="https://redirect.github.com/coder/coder/pull/26144">#26144</a>, <a href="https://github.com/coder/coder/commit/c3e7e94a90">c3e7e94a90</a>) (<a href="https://github.com/coder/coder/security/advisories/GHSA-wrq8-fcv5-8hvp">GHSA-wrq8-fcv5-8hvp</a>)</li> <li>Only trust x-forwarded-host from configured trusted proxies (<a href="https://redirect.github.com/coder/coder/issues/2">#2</a>… (<a href="https://redirect.github.com/coder/coder/pull/26296">#26296</a>, <a href="https://github.com/coder/coder/commit/3c46473d53">3c46473d53</a>) (<a href="https://github.com/coder/coder/security/advisories/GHSA-5g4w-3vw9-478w">GHSA-5g4w-3vw9-478w</a>)</li> <li>Prevent session token exfiltration via external app URLs (<a href="https://redirect.github.com/coder/coder/pull/26146">#26146</a>, <a href="https://github.com/coder/coder/commit/d7774e5c4c">d7774e5c4c</a>) (<a href="https://github.com/coder/coder/security/advisories/GHSA-v54h-cp2w-9x4g">GHSA-v54h-cp2w-9x4g</a>)</li> </ul> <h3>Features</h3> <ul> <li>Cli: add support for supplying ephemeral parameters at workspac… (<a href="https://redirect.github.com/coder/coder/pull/26280">#26280</a>, <a href="https://github.com/coder/coder/commit/bd5666a46e">bd5666a46e</a>)</li> </ul> <h3>Bug fixes</h3> <ul> <li>Rename bundled rstudio.svg to rproject.svg, add real RStudio icon (<a href="https://redirect.github.com/coder/coder/pull/26216">#26216</a>, <a href="https://github.com/coder/coder/commit/f3839ebaa9">f3839ebaa9</a>)</li> <li>Server: Suppress AI Governance seat-count error for not-entitled licenses (<a href="https://redirect.github.com/coder/coder/pull/26276">#26276</a>, <a href="https://github.com/coder/coder/commit/6419f535dd">6419f535dd</a>)</li> <li>Preserve gemini thought signatures (<a href="https://redirect.github.com/coder/coder/pull/25933">#25933</a>, <a href="https://github.com/coder/coder/commit/9595e6cc73">9595e6cc73</a>)</li> <li>Allow lifecycle code path to retry failed stop jobs (<a href="https://redirect.github.com/coder/coder/pull/26278">#26278</a>, <a href="https://github.com/coder/coder/commit/05e50d10f4">05e50d10f4</a>)</li> </ul> <h3>Chores</h3> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/coder/coder/commit/d7774e5c4ca222ee89a8b6aa82b61c1f8bb81d1f"><code>d7774e5</code></a> fix: prevent session token exfiltration via external app URLs (<a href="https://redirect.github.com/coder/coder/issues/26146">#26146</a>) (<a href="https://redirect.github.com/coder/coder/issues/26302">#26302</a>)</li> <li><a href="https://github.com/coder/coder/commit/3c46473d5381428f91d4470b8523a012580e91f9"><code>3c46473</code></a> fix: only trust x-forwarded-host from configured trusted proxies (<a href="https://redirect.github.com/coder/coder/issues/2">#2</a>… (<a href="https://redirect.github.com/coder/coder/issues/26296">#26296</a>)</li> <li><a href="https://github.com/coder/coder/commit/c3e7e94a90c65b27fe17fd90ded8b7fb429a2a9f"><code>c3e7e94</code></a> fix: validate agent-supplied AllowedIPs in coordinator (<a href="https://redirect.github.com/coder/coder/issues/26144">#26144</a>) (<a href="https://redirect.github.com/coder/coder/issues/26293">#26293</a>)</li> <li><a href="https://github.com/coder/coder/commit/b9494802483b2aab93f2aad99f292598a9566e07"><code>b949480</code></a> fix(agent/agentcontainers): prevent command injection in shell execer (<a href="https://redirect.github.com/coder/coder/issues/26235">#26235</a>...</li> <li><a href="https://github.com/coder/coder/commit/e4a765754a10369ee4d6a7f4246ba8b36011f7f4"><code>e4a7657</code></a> fix(coderd): prevent cross-tenant workspace app rebinding (<a href="https://redirect.github.com/coder/coder/issues/26103">#26103</a>) (<a href="https://redirect.github.com/coder/coder/issues/26283">#26283</a>)</li> <li><a href="https://github.com/coder/coder/commit/120b37a09ddbfacddc23d93f163ae9ae48d91e6d"><code>120b37a</code></a> fix!: reject OIDC login when email_verified claim is non-bool or absent (<a href="https://redirect.github.com/coder/coder/issues/257">#257</a>...</li> <li><a href="https://github.com/coder/coder/commit/ffe764531a2efd86fc26e13b2fe128eb0a385ff1"><code>ffe7645</code></a> fix(coderd)!: restrict OIDC email fallback to first-time account linking (<a href="https://redirect.github.com/coder/coder/issues/25">#25</a>...</li> <li><a href="https://github.com/coder/coder/commit/bd5666a46e8a25612991c928c0724715d28c2307"><code>bd5666a</code></a> feat: cli: add support for supplying ephemeral parameters at workspac… (<a href="https://redirect.github.com/coder/coder/issues/26280">#26280</a>)</li> <li><a href="https://github.com/coder/coder/commit/05e50d10f40f5794afc5f503ef3ac5e54ee97f15"><code>05e50d1</code></a> fix: allow lifecycle code path to retry failed stop jobs (<a href="https://redirect.github.com/coder/coder/issues/26278">#26278</a>)</li> <li><a href="https://github.com/coder/coder/commit/430ba84ada5e7f7cf35af872cff7cb3f966b84fb"><code>430ba84</code></a> fix: reject oversized and invalid zip uploads (<a href="https://redirect.github.com/coder/coder/issues/25877">#25877</a>) (<a href="https://redirect.github.com/coder/coder/issues/26179">#26179</a>)</li> <li>Additional commits viewable in <a href="https://github.com/coder/coder/compare/3006da5ef7a9c27755aa5b2f3f5f05d2c8971a58...d7774e5c4ca222ee89a8b6aa82b61c1f8bb81d1f">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
## Description <!-- Briefly describe what this PR does and why --> ## Type of Change - [ ] New module - [ ] New template - [ ] Bug fix - [x] Feature/enhancement - [ ] Documentation - [ ] Other
## Summary Migrate the `docker-envbuilder` starter template from [coder/coder](https://github.com/coder/coder) to the registry under the `coder/` namespace. This enables coder/coder to source all starter templates from the registry at build time. See: coder/coder#22176 Related: coder/coder#19778 ## What's included ### `registry/coder/templates/docker-envbuilder/` - `README.md` — adapted from coder/coder with registry front matter format (icon path uses `../../../../.icons/`, no `maintainer_github`) - `main.tf` — copied from coder/coder as-is ## Notes - Replaces the previously closed coder#735, which also included `tasks-docker` (deprecated) - `docker-envbuilder` has `verified: true` (matching other `coder/` templates) - A separate PR can migrate `tasks-docker` if/when it's no longer deprecated Attribution: @DevelopmentCats --------- Co-authored-by: blink-so[bot] <211532188+blink-so[bot]@users.noreply.github.com> Co-authored-by: DevCats <chris@dualriver.com>
coder#737) ## Description The likes of JetBrains IDEs rely on git config rather than env variables and prompt users upon first commit/push attempts. ## Type of Change - [ ] New module - [ ] New template - [ ] Bug fix - [x] Feature/enhancement - [ ] Documentation - [ ] Other ## Module Information <!-- Delete this section if not applicable --> **Path:** `registry/coder/modules/git-config` **New version:** `v1.0.34` **Breaking change:** [ ] Yes [x] No ## Testing & Validation - [x] Tests pass (`bun test`) - [x] Code formatted (`bun fmt`) - [x] Changes tested locally ## Related Issues <!-- Link related issues or write "None" if not applicable --> None --------- Co-authored-by: DevCats <christofer@coder.com> Co-authored-by: DevCats <chris@dualriver.com>
coder#923) Co-authored-by: Atif Ali <atif@coder.com>
…rt (coder#896) ## Description Replace the destructive overwrite of `~/.codex/config.toml` with a marker-block merge. The module owns a fenced region of the file; everything outside the markers is user-owned and preserved across restarts. ```toml # >>> coder-managed: codex module >>> preferred_auth_method = "apikey" [mcp_servers.github] command = "npx" # <<< coder-managed: codex module <<< ``` Sample Template: https://dev.coder.com/templates/product/codex-pr-896/docs ## Type of Change - [ ] New module - [ ] New template - [x] Bug fix - [ ] Feature/enhancement - [ ] Documentation - [ ] Other ## Module Information Path: `registry/coder-labs/modules/codex` New version: v5.1.1 Breaking change: [ ] Yes [x] No ## Testing & Validation - [x] Tests pass (`bun test`) - [x] Code formatted (`bun fmt`) - [x] Changes tested locally Closes: [REG-11](https://linear.app/codercom/issue/REG-11) --------- Co-authored-by: DevCats <christofer@coder.com> Co-authored-by: Jay Kumar <jay.kumar@coder.com>
…ound note (coder#931) ## Description Documents the known upstream Codex CLI issue ([openai/codex#29124](openai/codex#29124)) where MCP stdio subprocesses lose the CA cert and proxy environment variables injected by agent-firewall, causing TLS verification failures on startup. Adds a `### With Codex` section under Examples with a warning block that describes the issue, links upstream, provides the per-server `env_vars` workaround, and tables all vars agent-firewall injects. > Generated by Coder Agents on behalf of @35C4n0r ## Type of Change - [ ] New module - [ ] New template - [ ] Bug fix - [ ] Feature/enhancement - [x] Documentation - [ ] Other ## Module Information **Path:** `registry/coder/modules/agent-firewall` **New version:** `0.0.2` **Breaking change:** [ ] Yes [x] No ## Template Information N/A — documentation-only change. ## Testing & Validation - [ ] Tests pass (`bun test`) - [ ] Code formatted (`bun fmt`) - [x] Changes tested locally ## Related Issues - [openai/codex#29124](openai/codex#29124) — upstream Codex issue tracking the root cause - [REG-15](https://linear.app/codercom/issue/REG-15)
Bumps the github-actions group with 3 updates: [actions/checkout](https://github.com/actions/checkout), [coder/coder](https://github.com/coder/coder) and [zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action). Updates `actions/checkout` from 6.0.3 to 7.0.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/releases">actions/checkout's releases</a>.</em></p> <blockquote> <h2>v7.0.0</h2> <h2>What's Changed</h2> <ul> <li>block checking out fork pr for pull_request_target and workflow_run by <a href="https://github.com/aiqiaoy"><code>@aiqiaoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2454">actions/checkout#2454</a></li> <li>Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the minor-actions-dependencies group across 1 directory by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/checkout/pull/2458">actions/checkout#2458</a></li> <li>Bump flatted from 3.3.1 to 3.4.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/checkout/pull/2460">actions/checkout#2460</a></li> <li>Bump js-yaml from 4.1.0 to 4.2.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/checkout/pull/2461">actions/checkout#2461</a></li> <li>Bump <code>@actions/core</code> and <code>@actions/tool-cache</code> and Remove uuid by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/checkout/pull/2459">actions/checkout#2459</a></li> <li>upgrade module to esm and update dependencies by <a href="https://github.com/aiqiaoy"><code>@aiqiaoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2463">actions/checkout#2463</a></li> <li>Bump the minor-npm-dependencies group across 1 directory with 3 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/checkout/pull/2462">actions/checkout#2462</a></li> <li>getting ready for checkout v7 release by <a href="https://github.com/aiqiaoy"><code>@aiqiaoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2464">actions/checkout#2464</a></li> <li>update error wording by <a href="https://github.com/aiqiaoy"><code>@aiqiaoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2467">actions/checkout#2467</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/aiqiaoy"><code>@aiqiaoy</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/2454">actions/checkout#2454</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v6.0.3...v7.0.0">https://github.com/actions/checkout/compare/v6.0.3...v7.0.0</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/blob/main/CHANGELOG.md">actions/checkout's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h2>v7.0.0</h2> <ul> <li>Block checking out fork PR for pull_request_target and workflow_run by <a href="https://github.com/aiqiaoy"><code>@aiqiaoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2454">actions/checkout#2454</a></li> <li>Bump actions/publish-immutable-action from 0.0.3 to 0.0.4 in the minor-actions-dependencies group across 1 directory by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/checkout/pull/2458">actions/checkout#2458</a></li> <li>Bump flatted from 3.3.1 to 3.4.2 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/checkout/pull/2460">actions/checkout#2460</a></li> <li>Bump js-yaml from 4.1.0 to 4.2.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/checkout/pull/2461">actions/checkout#2461</a></li> <li>Bump <code>@actions/core</code> and <code>@actions/tool-cache</code> and Remove uuid by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/checkout/pull/2459">actions/checkout#2459</a></li> <li>upgrade module to esm and update dependencies by <a href="https://github.com/aiqiaoy"><code>@aiqiaoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2463">actions/checkout#2463</a></li> <li>Bump the minor-npm-dependencies group across 1 directory with 3 updates by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/actions/checkout/pull/2462">actions/checkout#2462</a></li> </ul> <h2>v6.0.3</h2> <ul> <li>Fix checkout init for SHA-256 repositories by <a href="https://github.com/yaananth"><code>@yaananth</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2439">actions/checkout#2439</a></li> <li>fix: expand merge commit SHA regex and add SHA-256 test cases by <a href="https://github.com/yaananth"><code>@yaananth</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2414">actions/checkout#2414</a></li> </ul> <h2>v6.0.2</h2> <ul> <li>Fix tag handling: preserve annotations and explicit fetch-tags by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2356">actions/checkout#2356</a></li> </ul> <h2>v6.0.1</h2> <ul> <li>Add worktree support for persist-credentials includeIf by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2327">actions/checkout#2327</a></li> </ul> <h2>v6.0.0</h2> <ul> <li>Persist creds to a separate file by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2286">actions/checkout#2286</a></li> <li>Update README to include Node.js 24 support details and requirements by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2248">actions/checkout#2248</a></li> </ul> <h2>v5.0.1</h2> <ul> <li>Port v6 cleanup to v5 by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2301">actions/checkout#2301</a></li> </ul> <h2>v5.0.0</h2> <ul> <li>Update actions checkout to use node 24 by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2226">actions/checkout#2226</a></li> </ul> <h2>v4.3.1</h2> <ul> <li>Port v6 cleanup to v4 by <a href="https://github.com/ericsciple"><code>@ericsciple</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2305">actions/checkout#2305</a></li> </ul> <h2>v4.3.0</h2> <ul> <li>docs: update README.md by <a href="https://github.com/motss"><code>@motss</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1971">actions/checkout#1971</a></li> <li>Add internal repos for checking out multiple repositories by <a href="https://github.com/mouismail"><code>@mouismail</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1977">actions/checkout#1977</a></li> <li>Documentation update - add recommended permissions to Readme by <a href="https://github.com/benwells"><code>@benwells</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2043">actions/checkout#2043</a></li> <li>Adjust positioning of user email note and permissions heading by <a href="https://github.com/joshmgross"><code>@joshmgross</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2044">actions/checkout#2044</a></li> <li>Update README.md by <a href="https://github.com/nebuk89"><code>@nebuk89</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2194">actions/checkout#2194</a></li> <li>Update CODEOWNERS for actions by <a href="https://github.com/TingluoHuang"><code>@TingluoHuang</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2224">actions/checkout#2224</a></li> <li>Update package dependencies by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2236">actions/checkout#2236</a></li> </ul> <h2>v4.2.2</h2> <ul> <li><code>url-helper.ts</code> now leverages well-known environment variables by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1941">actions/checkout#1941</a></li> <li>Expand unit test coverage for <code>isGhes</code> by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1946">actions/checkout#1946</a></li> </ul> <h2>v4.2.1</h2> <ul> <li>Check out other refs/* by commit if provided, fall back to ref by <a href="https://github.com/orhantoy"><code>@orhantoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1924">actions/checkout#1924</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/actions/checkout/commit/9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0"><code>9c091bb</code></a> update error wording (<a href="https://redirect.github.com/actions/checkout/issues/2467">#2467</a>)</li> <li><a href="https://github.com/actions/checkout/commit/1044a6dea927916f2c38ba5aeffbc0a847b1221a"><code>1044a6d</code></a> getting ready for checkout v7 release (<a href="https://redirect.github.com/actions/checkout/issues/2464">#2464</a>)</li> <li><a href="https://github.com/actions/checkout/commit/f0282184c7ce73ab54c7e4ab5a617122602e575f"><code>f028218</code></a> Bump the minor-npm-dependencies group across 1 directory with 3 updates (<a href="https://redirect.github.com/actions/checkout/issues/2462">#2462</a>)</li> <li><a href="https://github.com/actions/checkout/commit/d914b262ffc244530a203ab40decab34c3abf34d"><code>d914b26</code></a> upgrade module to esm and update dependencies (<a href="https://redirect.github.com/actions/checkout/issues/2463">#2463</a>)</li> <li><a href="https://github.com/actions/checkout/commit/537c7ef99cef6e5ddb5e7ff5d16d14510503801d"><code>537c7ef</code></a> Bump <code>@actions/core</code> and <code>@actions/tool-cache</code> and Remove uuid (<a href="https://redirect.github.com/actions/checkout/issues/2459">#2459</a>)</li> <li><a href="https://github.com/actions/checkout/commit/130a169078a413d3a5246a393625e8e742f387f6"><code>130a169</code></a> Bump js-yaml from 4.1.0 to 4.2.0 (<a href="https://redirect.github.com/actions/checkout/issues/2461">#2461</a>)</li> <li><a href="https://github.com/actions/checkout/commit/7d09575332117a40b46e5e020664df234cd416f3"><code>7d09575</code></a> Bump flatted from 3.3.1 to 3.4.2 (<a href="https://redirect.github.com/actions/checkout/issues/2460">#2460</a>)</li> <li><a href="https://github.com/actions/checkout/commit/0f9f3aa320cb53abeb534aeb54048075d9697a0e"><code>0f9f3aa</code></a> Bump actions/publish-immutable-action (<a href="https://redirect.github.com/actions/checkout/issues/2458">#2458</a>)</li> <li><a href="https://github.com/actions/checkout/commit/f9e715a95fcd1f9253f77dd28f11e88d2d6460c7"><code>f9e715a</code></a> block checking out fork pr for pull_request_target and workflow_run (<a href="https://redirect.github.com/actions/checkout/issues/2454">#2454</a>)</li> <li>See full diff in <a href="https://github.com/actions/checkout/compare/df4cb1c069e1874edd31b4311f1884172cec0e10...9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0">compare view</a></li> </ul> </details> <br /> Updates `coder/coder` from 2.34.2 to 2.34.3 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/coder/coder/releases">coder/coder's releases</a>.</em></p> <blockquote> <h2>v2.34.3</h2> <h2>Changelog</h2> <blockquote> <p>[!NOTE] This is a mainline Coder release. We advise enterprise customers without a staging environment to install our <a href="https://github.com/coder/coder/releases/latest">latest stable release</a> while we refine this version. Learn more about our <a href="https://coder.com/docs/install/releases">Release Schedule</a>.</p> </blockquote> <h3>Features</h3> <ul> <li>Implement package and cli tool for repairing oidc links (<a href="https://redirect.github.com/coder/coder/issues/26418">#26418</a>, 404ecb1589)</li> <li>Deployment flag to auto handle changed oidc providers (<a href="https://redirect.github.com/coder/coder/issues/26419">#26419</a>, 1e4aabb178)</li> </ul> <h3>Bug fixes</h3> <ul> <li>Dashboard: Allow Bedrock IAM-role setup (<a href="https://redirect.github.com/coder/coder/issues/26400">#26400</a>, 33c5b8bc49)</li> <li>Server: Honor fixed lifetime for CLI API tokens (<a href="https://redirect.github.com/coder/coder/issues/26376">#26376</a>, bcb305753d)</li> <li>Backfill legacy Bedrock AI provider rows and stale model config strings (<a href="https://redirect.github.com/coder/coder/issues/26155">#26155</a>, da215b3b75)</li> <li>fix(scripts/check_emdash.sh): skip emdash check when no diff base is available (<a href="https://redirect.github.com/coder/coder/issues/26490">#26490</a>, 81654c67c7)</li> </ul> <h3>Documentation</h3> <ul> <li>Document VS Code local telemetry (<a href="https://redirect.github.com/coder/coder/issues/26215">#26215</a>, 4653f32eb4)</li> </ul> <h3>Chores</h3> <ul> <li>Provisioner: Preserve existing AWS_SDK_UA_APP_ID (<a href="https://redirect.github.com/coder/coder/issues/24606">#24606</a>, a8ff5b2e08)</li> </ul> <p>Compare: <a href="https://github.com/coder/coder/compare/v2.34.2...v2.34.3"><code>v2.34.2...v2.34.3</code></a></p> <h2>Container image</h2> <ul> <li><code>docker pull ghcr.io/coder/coder:2.34.3</code></li> </ul> <h2>Install/upgrade</h2> <p>Refer to our docs to <a href="https://coder.com/docs/install">install</a> or <a href="https://coder.com/docs/install/upgrade">upgrade</a> Coder, or use a release asset below.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/coder/coder/commit/4653f32eb4840de54e8dca04a069fb7e61664cf6"><code>4653f32</code></a> docs: document VS Code local telemetry (<a href="https://redirect.github.com/coder/coder/issues/26215">#26215</a>) (<a href="https://redirect.github.com/coder/coder/issues/26496">#26496</a>)</li> <li><a href="https://github.com/coder/coder/commit/1e4aabb178b9275294aaf5a52cf3a89b3058d6f2"><code>1e4aabb</code></a> feat: deployment flag to auto handle changed oidc providers (<a href="https://redirect.github.com/coder/coder/issues/26419">#26419</a>) (<a href="https://redirect.github.com/coder/coder/issues/26480">#26480</a>)</li> <li><a href="https://github.com/coder/coder/commit/81654c67c7d2c73a29105c85f03817b80ead283e"><code>81654c6</code></a> fix(scripts/check_emdash.sh): skip emdash check when no diff base is availabl...</li> <li><a href="https://github.com/coder/coder/commit/404ecb158970b2f37bbf277292ee199484a4a630"><code>404ecb1</code></a> feat: implement package and cli tool for repairing oidc links (<a href="https://redirect.github.com/coder/coder/issues/26418">#26418</a>) (<a href="https://redirect.github.com/coder/coder/issues/26479">#26479</a>)</li> <li><a href="https://github.com/coder/coder/commit/a8ff5b2e0829f5af9ffd522be77d41d0d3d2cb4a"><code>a8ff5b2</code></a> chore(provisioner/terraform): preserve existing AWS_SDK_UA_APP_ID (<a href="https://redirect.github.com/coder/coder/issues/24606">#24606</a>) (#...</li> <li><a href="https://github.com/coder/coder/commit/da215b3b75856a5e96960ef3631b09caca073dc9"><code>da215b3</code></a> fix: backfill legacy Bedrock AI provider rows and stale model config strings ...</li> <li><a href="https://github.com/coder/coder/commit/bcb305753d2bfe1a798f0b1c49c58341a8f0a16a"><code>bcb3057</code></a> fix(coderd/httpmw): honor fixed lifetime for CLI API tokens (<a href="https://redirect.github.com/coder/coder/issues/26376">#26376</a>) (<a href="https://redirect.github.com/coder/coder/issues/26381">#26381</a>)</li> <li><a href="https://github.com/coder/coder/commit/33c5b8bc49792afe0896dc9b2b01edd90c2723f6"><code>33c5b8b</code></a> fix(site/src/pages/AISettingsPage): allow Bedrock IAM-role setup (<a href="https://redirect.github.com/coder/coder/issues/26400">#26400</a>) (<a href="https://redirect.github.com/coder/coder/issues/2">#2</a>...</li> <li>See full diff in <a href="https://github.com/coder/coder/compare/d7774e5c4ca222ee89a8b6aa82b61c1f8bb81d1f...4653f32eb4840de54e8dca04a069fb7e61664cf6">compare view</a></li> </ul> </details> <br /> Updates `zizmorcore/zizmor-action` from 0.5.6 to 0.5.7 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/zizmorcore/zizmor-action/releases">zizmorcore/zizmor-action's releases</a>.</em></p> <blockquote> <h2>v0.5.7</h2> <p>1.26.1 is now available via the action 1.26.1 is now the default version of zizmor used by the action</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/zizmorcore/zizmor-action/commit/192e21d79ab29983730a13d1382995c2307fbcaa"><code>192e21d</code></a> Sync zizmor versions (<a href="https://redirect.github.com/zizmorcore/zizmor-action/issues/127">#127</a>)</li> <li><a href="https://github.com/zizmorcore/zizmor-action/commit/2720f2673c0b64a8656d08b009ac239b9383c0ae"><code>2720f26</code></a> Update README.md with new actions/checkout version (<a href="https://redirect.github.com/zizmorcore/zizmor-action/issues/126">#126</a>)</li> <li><a href="https://github.com/zizmorcore/zizmor-action/commit/40b41b824eab0ad9c19ddf9856be25550729e6d8"><code>40b41b8</code></a> chore(deps): bump the github-actions group with 2 updates (<a href="https://redirect.github.com/zizmorcore/zizmor-action/issues/123">#123</a>)</li> <li><a href="https://github.com/zizmorcore/zizmor-action/commit/a687b25bf3aa149153e80ed5f45292e47589888c"><code>a687b25</code></a> chore(deps): bump github/codeql-action from 4.35.5 to 4.36.0 in the github-ac...</li> <li><a href="https://github.com/zizmorcore/zizmor-action/commit/64a6900ea7f40fab0caa7dcfc77b392d28fe0cb1"><code>64a6900</code></a> add note to explain that the default value for <code>online-checks</code> is different t...</li> <li><a href="https://github.com/zizmorcore/zizmor-action/commit/14050abd109fcba34e6e2f31a723280997808e82"><code>14050ab</code></a> chore(deps): bump the github-actions group with 2 updates (<a href="https://redirect.github.com/zizmorcore/zizmor-action/issues/118">#118</a>)</li> <li><a href="https://github.com/zizmorcore/zizmor-action/commit/ee9b4194a74f093e38908dbcfcb078f63eeef002"><code>ee9b419</code></a> chore(deps): bump github/codeql-action in the github-actions group (<a href="https://redirect.github.com/zizmorcore/zizmor-action/issues/116">#116</a>)</li> <li><a href="https://github.com/zizmorcore/zizmor-action/commit/fddf2b4aa9bf29290c6bf9866e6d113b0cdf6f67"><code>fddf2b4</code></a> Bump pins in README (<a href="https://redirect.github.com/zizmorcore/zizmor-action/issues/115">#115</a>)</li> <li>See full diff in <a href="https://github.com/zizmorcore/zizmor-action/compare/5f14fd08f7cf1cb1609c1e344975f152c7ee938d...192e21d79ab29983730a13d1382995c2307fbcaa">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
… MCP server configurations (coder#894) ## Description - add mcp_config_remote_path for remote MCP server configurations ## Type of Change - [ ] New module - [ ] New template - [ ] Bug fix - [x] Feature/enhancement - [ ] Documentation - [ ] Other ## Module Information <!-- Delete this section if not applicable --> **Path:** `registry/coder-labs/modules/codex` **New version:** `v5.3.0` **Breaking change:** [ ] Yes [ ] No ## Testing & Validation - [x] Tests pass (`bun test`) - [x] Code formatted (`bun fmt`) - [x] Changes tested locally ## Related Issues Closes coder#886
Signed-off-by: dependabot[bot] <support@github.com>
## Description Adds a community CloudCLI module that installs the pinned npm package in an isolated per-module runtime and exposes the service through an owner-only Coder app. The module binds CloudCLI explicitly to `127.0.0.1:3001`, uses the `/health` endpoint for readiness, preserves existing coding-agent installations and authentication, and supports an optional validated `workspaces_root` to limit project discovery. Startup is idempotent and refuses occupied or non-loopback listeners without terminating unrelated processes. The start pipeline allows a slow first-time npm installation to complete before launching CloudCLI. The registry catalog uses the bundled CloudCLI icon. Coder deployments that do not provide `/icon/cloudcli.svg` may not render the in-workspace app and script icon; this does not affect module operation. ## Type of Change - [x] New module - [ ] New template - [ ] Bug fix - [x] Feature/enhancement - [x] Documentation - [ ] Other ## Module Information **Path:** `registry/edd88-pixel/modules/cloudcli` **New version:** `v1.0.0` **Breaking change:** [ ] Yes [x] No ## Testing & Validation - [x] Tests pass (`bun test`) - [x] Code formatted (`bun fmt`) - [x] Changes tested locally Executed successfully: - `bun install` - `bun run fmt` - `bun run shellcheck` - `bun run tftest` with explicit changed-module inputs - `bun run tstest` with explicit changed-module inputs: 10 passed, 127 assertions - `terraform init -upgrade` - `terraform validate` - `terraform test -verbose`: 9 passed - `bun test main.test.ts`: 10 passed, 127 assertions - `./scripts/terraform_validate.sh` with explicit `ALL_CHANGED_FILES` and `MODULE_CHANGED_FILES` - `go build ./cmd/readmevalidation && ./readmevalidation` - Fresh Coder v2.33.11 workspace E2E using the Docker template provider and a non-root agent: an eight-minute first installation completed, the agent reached `ready`, and the Coder app reached `healthy` - Runtime verification in the provisioned workspace: `@cloudcli-ai/cloudcli@1.35.0`, successful `/health`, live PID, listener `127.0.0.1:3001`, and no wildcard listener - Coder app-proxy browser E2E: created the single-user CloudCLI account, completed setup, and reached the CloudCLI v1.35.0 project dashboard ## Related Issues Closes coder#868 --------- Co-authored-by: DevCats <christofer@coder.com>
# Conflicts: # registry/coder/modules/code-server/README.md # registry/coder/modules/code-server/run.sh # registry/coder/modules/vscode-web/README.md
…ry to agent-firewall (coder#940) ## Description Rename internal `boundary` references to `agent-firewall` across the agent-firewall registry module, add `coder agent-firewall` subcommand detection with fallback to `coder boundary`, bump module version to `1.0.0`, and clone the boundary repo into an `agent-firewall/` directory. Preserves `coder/boundary` repo URLs, the `boundary` binary name (build artifact), and `coder boundary` CLI subcommand references where they are functionally required. ## Type of Change - [ ] New module - [ ] New template - [ ] Bug fix - [x] Feature/enhancement - [ ] Documentation - [ ] Other ## Module Information **Path:** `registry/coder/modules/agent-firewall` **New version:** `v1.0.0` **Breaking change:** [ ] Yes [x] No ## Testing & Validation - [x] Tests pass (`bun test`) - [x] Code formatted (`bun fmt`) - [x] Changes tested locally - [x] Terraform tests pass (`terraform test` - 8/8) - [x] TypeScript tests pass (`bun test` - 13/13, 70 expect() calls) ## Related Issues [REG-3: Update agent-firewall registry compatibility surfaces](https://linear.app/codercom/issue/REG-3/update-agent-firewall-registry-compatibility-surfaces) > [!NOTE] > This PR was authored by Coder Agents on behalf of @35C4n0r. <details> <summary>Changes summary</summary> ### Rename `boundary` to `agent-firewall` (all files) - Renamed all `boundary_*` / `BOUNDARY_*` Terraform locals and template variables to `agent_firewall_*` / `AGENT_FIREWALL_*` across `main.tf`, `config.yaml.tftpl`, and `install.sh.tftpl` - Renamed shell functions: `validate_boundary_subcommand` → `validate_agent_firewall_subcommand`, `install_boundary` → `install_agent_firewall`, `write_boundary_config` → `write_agent_firewall_config`, `setup_boundary` → `setup_agent_firewall` - Updated all log messages and comments to use `agent-firewall` - Updated test assertions in `main.test.ts` and test values in `agent-firewall.tftest.hcl` - Updated `coder-mock.sh` to handle both `agent-firewall` and `boundary` subcommands ### Subcommand detection with fallback - `validate_agent_firewall_subcommand()` now tries `coder agent-firewall --help` first, falls back to `coder boundary --help` - Detected subcommand stored in `CODER_SUBCOMMAND`, used for license check and embedded into wrapper script - Wrapper script generated via heredoc + `printf` to inject the detected subcommand ### Version bump - Bumped all README.md version references from `0.0.2` to `1.0.0` ### Clone directory - `git clone coder/boundary.git` now clones into `agent-firewall/` instead of `boundary/` </details>
…rror (coder#942) ## Description Fix SSH clone failures on new workspaces where `~/.ssh/known_hosts` is empty. When cloning over SSH, the SSH client exits with "Host key verification failed" because there is no trusted entry for the server. This change adds a host-key scan step in `run.sh` before `git clone` runs. **Behaviour added:** - Detects SSH clone URLs (`git@` or `ssh://`). - Runs `ssh-keyscan -H -t rsa,ecdsa,ed25519 <host>` and appends the result to `known_hosts` only when the host is not already present (idempotent). - Falls back to `GIT_SSH_COMMAND="ssh -o StrictHostKeyChecking=accept-new"` when `ssh-keyscan` is not installed; this accepts new keys but still rejects changed ones. - HTTPS URLs and subsequent workspace starts are unaffected. ## Type of Change - [ ] New module - [ ] New template - [x] Bug fix - [ ] Feature/enhancement - [ ] Documentation - [ ] Other ## Module Information **Path:** `registry/coder/modules/git-clone` **New version:** bump patch **Breaking change:** [ ] Yes [x] No ## Testing & Validation - [x] Tests pass (`bun test`) - [x] Code formatted (`bun fmt`) - [x] Changes tested locally Three new test cases in `main.test.ts`: 1. SSH URL with `ssh-keyscan` available: verifies the key is scanned and added. 2. SSH URL without `ssh-keyscan`: verifies the `StrictHostKeyChecking=accept-new` fallback. 3. SSH URL with host already in `known_hosts`: verifies the scan is skipped. ## Related Issues Fixes coder#60 --- > Generated by Coder Agents
…mp to patch (0.0.3) (coder#945) ## Description Reverts the agent-firewall module version from `1.0.0` to `0.0.3`. The major version bump in coder#940. ## Type of Change - [ ] New module - [ ] New template - [ ] Bug fix - [ ] Feature/enhancement - [ ] Documentation - [x] Other ## Module Information **Path:** `registry/coder/modules/agent-firewall` **New version:** `v0.0.3` **Breaking change:** [ ] Yes [x] No ## Testing & Validation - [x] Tests pass (`bun test`) - [x] Code formatted (`bun fmt`) - [x] Changes tested locally ## Related Issues [REG-3: Update agent-firewall registry compatibility surfaces](https://linear.app/codercom/issue/REG-3/update-agent-firewall-registry-compatibility-surfaces) > [!NOTE] > This PR was authored by Coder Agents on behalf of @35C4n0r.
## Problem Terraform **templates** (`registry/**/templates/**`) were never validated by `./scripts/terraform_validate.sh`. Only modules were detected and checked, so broken template configs could merge undetected. ## Changes - **`scripts/terraform_validate.sh`** - Consumes a new `TEMPLATE_CHANGED_FILES` env var alongside `MODULE_CHANGED_FILES`. - Changed-file parser now matches `(modules|templates)/`, so a changed file like `registry/coder/templates/docker/main.tf` resolves to its template directory and gets `terraform validate` + the snake_case variable-name check. - On a shared-infra change, the whole-registry glob now includes both `*/modules/*` and `*/templates/*`. - Skip logic only bails when *both* module and template change lists are empty. - Prunes `.terraform/` from the snake_case `find`. Validating templates runs `terraform init`, which downloads child modules into `.terraform/`; without the prune, the check flagged variables in third-party module source (e.g. `code-server`'s `machine-settings`). - **`.github/workflows/ci.yaml`** - Adds a `templates: registry/**/templates/**` paths-filter. - Passes `TEMPLATE_CHANGED_FILES` into the "Run Terraform Validate" step. ## Validation - `bash -n` and `shellcheck --severity=warning` (the level CI enforces) are clean. - Functionally tested detection for template-only, combined module+template, no-change, and shared-infra scenarios. - Ran `SHARED_CHANGED=true ./scripts/terraform_validate.sh` against the full registry to confirm templates are now exercised. This surfaced pre-existing template breakages (unrelated to this PR) — e.g. `agent_name` unsupported args and malformed `jetbrains` module source addresses across several `coder/*` templates — which are exactly the failures this validation is meant to catch going forward. > [!NOTE] > This PR only wires up validation; it does **not** fix the individual broken templates it now surfaces. Those can be addressed in follow-up PRs. Generated with [Mux](https://mux.coder.com/).
Bumps the github-actions group with 4 updates: [dorny/paths-filter](https://github.com/dorny/paths-filter), [coder/coder/.github/actions/setup-tf](https://github.com/coder/coder), [crate-ci/typos](https://github.com/crate-ci/typos) and [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action). Updates `dorny/paths-filter` from 4.0.1 to 4.0.2 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/dorny/paths-filter/releases">dorny/paths-filter's releases</a>.</em></p> <blockquote> <h2>v4.0.2</h2> <h2>What's Changed</h2> <ul> <li>fix warning message by <a href="https://github.com/cgundy"><code>@cgundy</code></a> in <a href="https://redirect.github.com/dorny/paths-filter/pull/282">dorny/paths-filter#282</a></li> <li>chore: fix GitHub spelling in logs by <a href="https://github.com/squat"><code>@squat</code></a> in <a href="https://redirect.github.com/dorny/paths-filter/pull/278">dorny/paths-filter#278</a></li> <li>fix: use rev-parse instead of branch --show-current for older git compat by <a href="https://github.com/saschabratton"><code>@saschabratton</code></a> in <a href="https://redirect.github.com/dorny/paths-filter/pull/303">dorny/paths-filter#303</a></li> <li>fix: work around git dubious ownership errors in container jobs by <a href="https://github.com/saschabratton"><code>@saschabratton</code></a> in <a href="https://redirect.github.com/dorny/paths-filter/pull/317">dorny/paths-filter#317</a></li> <li>docs: update changelog for v4.0.2 by <a href="https://github.com/saschabratton"><code>@saschabratton</code></a> in <a href="https://redirect.github.com/dorny/paths-filter/pull/318">dorny/paths-filter#318</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/cgundy"><code>@cgundy</code></a> made their first contribution in <a href="https://redirect.github.com/dorny/paths-filter/pull/282">dorny/paths-filter#282</a></li> <li><a href="https://github.com/squat"><code>@squat</code></a> made their first contribution in <a href="https://redirect.github.com/dorny/paths-filter/pull/278">dorny/paths-filter#278</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/dorny/paths-filter/compare/v4.0.1...v4.0.2">https://github.com/dorny/paths-filter/compare/v4.0.1...v4.0.2</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/dorny/paths-filter/blob/master/CHANGELOG.md">dorny/paths-filter's changelog</a>.</em></p> <blockquote> <h1>Changelog</h1> <h2>v4.0.2</h2> <ul> <li><a href="https://redirect.github.com/dorny/paths-filter/pull/317">Work around git dubious ownership errors in container jobs</a></li> <li><a href="https://redirect.github.com/dorny/paths-filter/pull/303">Use rev-parse instead of branch --show-current for older git compat</a></li> <li><a href="https://redirect.github.com/dorny/paths-filter/pull/282">Fix warning message</a></li> </ul> <h2>v4.0.1</h2> <ul> <li><a href="https://redirect.github.com/dorny/paths-filter/pull/255">Support merge queue</a></li> </ul> <h2>v4.0.0</h2> <ul> <li><a href="https://redirect.github.com/dorny/paths-filter/pull/294">Update action runtime to node24</a></li> </ul> <h2>v3.0.3</h2> <ul> <li><a href="https://redirect.github.com/dorny/paths-filter/pull/279">Add missing predicate-quantifier</a></li> </ul> <h2>v3.0.2</h2> <ul> <li><a href="https://redirect.github.com/dorny/paths-filter/pull/224">Add config parameter for predicate quantifier</a></li> </ul> <h2>v3.0.1</h2> <ul> <li><a href="https://redirect.github.com/dorny/paths-filter/pull/133">Compare base and ref when token is empty</a></li> </ul> <h2>v3.0.0</h2> <ul> <li><a href="https://redirect.github.com/dorny/paths-filter/pull/210">Update to Node.js 20</a></li> <li><a href="https://redirect.github.com/dorny/paths-filter/pull/215">Update all dependencies</a></li> </ul> <h2>v2.11.1</h2> <ul> <li><a href="https://redirect.github.com/dorny/paths-filter/pull/167">Update @actions/core to v1.10.0 - Fixes warning about deprecated set-output</a></li> <li><a href="https://redirect.github.com/dorny/paths-filter/pull/168">Document need for pull-requests: read permission</a></li> <li><a href="https://redirect.github.com/dorny/paths-filter/pull/164">Updating to actions/checkout@v3</a></li> </ul> <h2>v2.11.0</h2> <ul> <li><a href="https://redirect.github.com/dorny/paths-filter/pull/157">Set list-files input parameter as not required</a></li> <li><a href="https://redirect.github.com/dorny/paths-filter/pull/161">Update Node.js</a></li> <li><a href="https://redirect.github.com/dorny/paths-filter/pull/162">Fix incorrect handling of Unicode characters in exec()</a></li> <li><a href="https://redirect.github.com/dorny/paths-filter/pull/163">Use Octokit pagination</a></li> <li><a href="https://redirect.github.com/dorny/paths-filter/pull/160">Updates real world links</a></li> </ul> <h2>v2.10.2</h2> <ul> <li><a href="https://redirect.github.com/dorny/paths-filter/pull/91">Fix getLocalRef() returns wrong ref</a></li> </ul> <h2>v2.10.1</h2> <ul> <li><a href="https://redirect.github.com/dorny/paths-filter/pull/85">Improve robustness of change detection</a></li> </ul> <h2>v2.10.0</h2> <ul> <li><a href="https://redirect.github.com/dorny/paths-filter/pull/82">Add ref input parameter</a></li> <li><a href="https://redirect.github.com/dorny/paths-filter/pull/83">Fix change detection in PR when pullRequest.changed_files is incorrect</a></li> </ul> <h2>v2.9.3</h2> <ul> <li><a href="https://redirect.github.com/dorny/paths-filter/pull/78">Fix change detection when base is a tag</a></li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/dorny/paths-filter/commit/7b450fff21473bca461d4b92ce414b9d0420d706"><code>7b450ff</code></a> docs: update changelog for v4.0.2 (<a href="https://redirect.github.com/dorny/paths-filter/issues/318">#318</a>)</li> <li><a href="https://github.com/dorny/paths-filter/commit/928037783a71f24983ea250c6e55290c1b2de54f"><code>9280377</code></a> fix: work around git dubious ownership errors in container jobs (<a href="https://redirect.github.com/dorny/paths-filter/issues/317">#317</a>)</li> <li><a href="https://github.com/dorny/paths-filter/commit/f3ceefdc7ef57bc2d8560787d4b6c33e44044cec"><code>f3ceefd</code></a> fix: use rev-parse instead of branch --show-current for older git compat (<a href="https://redirect.github.com/dorny/paths-filter/issues/303">#303</a>)</li> <li><a href="https://github.com/dorny/paths-filter/commit/61f87a10cd2c304679af17bb73ef192addf33c1c"><code>61f87a1</code></a> chore: fix GitHub spelling in logs (<a href="https://redirect.github.com/dorny/paths-filter/issues/278">#278</a>)</li> <li><a href="https://github.com/dorny/paths-filter/commit/b82ff81ffbe6fb4b636bb5b47e37fd8d12b32632"><code>b82ff81</code></a> fix warning message (<a href="https://redirect.github.com/dorny/paths-filter/issues/282">#282</a>)</li> <li>See full diff in <a href="https://github.com/dorny/paths-filter/compare/fbd0ab8f3e69293af611ebaee6363fc25e6d187d...7b450fff21473bca461d4b92ce414b9d0420d706">compare view</a></li> </ul> </details> <br /> Updates `coder/coder/.github/actions/setup-tf` from 2.34.4 to 2.34.5 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/coder/coder/releases">coder/coder/.github/actions/setup-tf's releases</a>.</em></p> <blockquote> <h2>v2.34.5</h2> <h2>Changelog</h2> <blockquote> <p>[!NOTE] This is a mainline Coder release. We advise enterprise customers without a staging environment to install our <a href="https://github.com/coder/coder/releases/latest">latest stable release</a> while we refine this version. Learn more about our <a href="https://coder.com/docs/install/releases">Release Schedule</a>.</p> </blockquote> <h3>Features</h3> <ul> <li>Add INSECURE oidc email fallback flag for IdP brokers (<a href="https://redirect.github.com/coder/coder/issues/26751">#26751</a>, 8266eb0fc0)</li> </ul> <h3>Bug fixes</h3> <ul> <li>Server: Enforce required external auth on workspace create (<a href="https://redirect.github.com/coder/coder/issues/26314">#26314</a>, 98bca81318)</li> <li>Dashboard: Add a custom copy/paste menu to the web terminal (<a href="https://redirect.github.com/coder/coder/issues/26015">#26015</a>, 9513245d54)</li> <li>Examples: Remove vscode-desktop module from quickstart to avoid duplicate VS Code Desktop (<a href="https://redirect.github.com/coder/coder/issues/26789">#26789</a>, 210bb5eb3d) (<a href="https://github.com/bpmct"><code>@bpmct</code></a>)</li> <li>Dashboard: Show only parent agent apps in workspaces table (<a href="https://redirect.github.com/coder/coder/issues/26568">#26568</a>, c3dd41e1e8)</li> </ul> <h3>Documentation</h3> <ul> <li>Add GitLab read_api scope change to ESR upgrade guide (backport <a href="https://redirect.github.com/coder/coder/issues/26829">#26829</a>) (<a href="https://redirect.github.com/coder/coder/issues/26840">#26840</a>, 85d78373e9)</li> </ul> <p>Compare: <a href="https://github.com/coder/coder/compare/v2.34.4...v2.34.5"><code>v2.34.4...v2.34.5</code></a></p> <h2>Container image</h2> <ul> <li><code>docker pull ghcr.io/coder/coder:2.34.5</code></li> </ul> <h2>Install/upgrade</h2> <p>Refer to our docs to <a href="https://coder.com/docs/install">install</a> or <a href="https://coder.com/docs/install/upgrade">upgrade</a> Coder, or use a release asset below.</p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/coder/coder/commit/c3dd41e1e8c9d0a0860a9a81c3c050be55879dc2"><code>c3dd41e</code></a> fix(site/src/pages/WorkspacesPage): show only parent agent apps in workspaces...</li> <li><a href="https://github.com/coder/coder/commit/210bb5eb3d367a2e0d70a3d1edcdb44e9b2e56ba"><code>210bb5e</code></a> fix(examples): remove vscode-desktop module from quickstart to avoid duplicat...</li> <li><a href="https://github.com/coder/coder/commit/85d78373e9672c471f875dbb518c26873ec3512a"><code>85d7837</code></a> docs: add GitLab read_api scope change to ESR upgrade guide (backport <a href="https://redirect.github.com/coder/coder/issues/26829">#26829</a>)...</li> <li><a href="https://github.com/coder/coder/commit/8266eb0fc0cf458a191cb36f016d83d181ad4b65"><code>8266eb0</code></a> feat: add INSECURE oidc email fallback flag for IdP brokers (<a href="https://redirect.github.com/coder/coder/issues/26751">#26751</a>) (<a href="https://redirect.github.com/coder/coder/issues/26820">#26820</a>)</li> <li><a href="https://github.com/coder/coder/commit/9513245d549582e71e2b3be5b699ecbf2a100aa8"><code>9513245</code></a> fix(site): add a custom copy/paste menu to the web terminal (<a href="https://redirect.github.com/coder/coder/issues/26015">#26015</a>) (<a href="https://redirect.github.com/coder/coder/issues/26818">#26818</a>)</li> <li><a href="https://github.com/coder/coder/commit/98bca81318e9a2eecc4582ae9f12a1f4179e024c"><code>98bca81</code></a> fix(coderd): enforce required external auth on workspace create (<a href="https://redirect.github.com/coder/coder/issues/26314">#26314</a>) (<a href="https://redirect.github.com/coder/coder/issues/26">#26</a>...</li> <li>See full diff in <a href="https://github.com/coder/coder/compare/19d9274d2a5825fe4729095d51552e8f76531a50...c3dd41e1e8c9d0a0860a9a81c3c050be55879dc2">compare view</a></li> </ul> </details> <br /> Updates `crate-ci/typos` from 1.47.2 to 1.48.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/crate-ci/typos/releases">crate-ci/typos's releases</a>.</em></p> <blockquote> <h2>v1.48.0</h2> <h2>[1.48.0] - 2026-06-30</h2> <h3>Features</h3> <ul> <li>Updated the dictionary with the <a href="https://redirect.github.com/crate-ci/typos/issues/1562">June 2026</a> changes</li> </ul> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/crate-ci/typos/blob/master/CHANGELOG.md">crate-ci/typos's changelog</a>.</em></p> <blockquote> <h1>Change Log</h1> <p>All notable changes to this project will be documented in this file.</p> <p>The format is based on <a href="https://keepachangelog.com/">Keep a Changelog</a> and this project adheres to <a href="https://semver.org/">Semantic Versioning</a>.</p> <!-- raw HTML omitted --> <h2>[Unreleased] - ReleaseDate</h2> <h2>[1.48.0] - 2026-06-30</h2> <h3>Features</h3> <ul> <li>Updated the dictionary with the <a href="https://redirect.github.com/crate-ci/typos/issues/1562">June 2026</a> changes</li> </ul> <h2>[1.47.2] - 2026-06-04</h2> <h3>Fixes</h3> <ul> <li>Don't correct <code>inferrable</code></li> <li>Correct unused <code>inferible</code> variant</li> </ul> <h2>[1.47.1] - 2026-06-03</h2> <h3>Fixes</h3> <ul> <li>Don't correct <code>requestors</code></li> </ul> <h2>[1.47.0] - 2026-05-29</h2> <h3>Features</h3> <ul> <li>Updated the dictionary with the <a href="https://redirect.github.com/crate-ci/typos/issues/1545">May 2026</a> changes</li> </ul> <h2>[1.46.3] - 2026-05-23</h2> <h3>Fixes</h3> <ul> <li>Don't correct to <code>sequentials</code></li> <li>Don't correct to <code>subdolder</code></li> </ul> <h2>[1.46.2] - 2026-05-16</h2> <h3>Fixes</h3> <ul> <li>Don't correct to <code>criterias</code></li> <li>Don't correct to <code>replaceables</code></li> </ul> <h2>[1.46.1] - 2026-05-08</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/crate-ci/typos/commit/bee27e3a4fd1ea2111cf90ab89cd076c870fce14"><code>bee27e3</code></a> chore: Release</li> <li><a href="https://github.com/crate-ci/typos/commit/4939ca9c90a49d78125c35a3376bc5ee5c8aa489"><code>4939ca9</code></a> chore: Release</li> <li><a href="https://github.com/crate-ci/typos/commit/44b25bec760cf3e606f713cae5dd41978c1d8295"><code>44b25be</code></a> docs: Update changelog</li> <li><a href="https://github.com/crate-ci/typos/commit/22edab389daa634b04b0971b2ed8180c3aba0963"><code>22edab3</code></a> Merge pull request <a href="https://redirect.github.com/crate-ci/typos/issues/1574">#1574</a> from epage/june</li> <li><a href="https://github.com/crate-ci/typos/commit/a73679cf8e45a62643936f55f94bd8eb8c1662c8"><code>a73679c</code></a> feat(dict): June updates</li> <li>See full diff in <a href="https://github.com/crate-ci/typos/compare/37bb98842b0d8c4ffebdb75301a13db0267cef89...bee27e3a4fd1ea2111cf90ab89cd076c870fce14">compare view</a></li> </ul> </details> <br /> Updates `golangci/golangci-lint-action` from 9.2.1 to 9.3.0 <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/golangci/golangci-lint-action/releases">golangci/golangci-lint-action's releases</a>.</em></p> <blockquote> <h2>v9.3.0</h2> <!-- raw HTML omitted --> <h2>What's Changed</h2> <h3>Changes</h3> <ul> <li>feat: add no-run-logs-group as experimental option by <a href="https://github.com/ldez"><code>@ldez</code></a> in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/1403">golangci/golangci-lint-action#1403</a></li> </ul> <h3>Dependencies</h3> <ul> <li>build(deps): bump github/codeql-action from 4.35.4 to 4.35.5 in the github-actions group by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/1395">golangci/golangci-lint-action#1395</a></li> <li>build(deps): bump tmp from 0.2.5 to 0.2.6 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/1397">golangci/golangci-lint-action#1397</a></li> <li>build(deps): bump github/codeql-action from 4.35.5 to 4.36.0 in the github-actions group by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/1398">golangci/golangci-lint-action#1398</a></li> <li>build(deps): bump tmp from 0.2.6 to 0.2.7 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/1399">golangci/golangci-lint-action#1399</a></li> <li>build(deps-dev): bump js-yaml from 4.1.1 to 4.2.0 by <a href="https://github.com/dependabot"><code>@dependabot</code></a>[bot] in <a href="https://redirect.github.com/golangci/golangci-lint-action/pull/1400">golangci/golangci-lint-action#1400</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/golangci/golangci-lint-action/compare/v9.2.1...v9.3.0">https://github.com/golangci/golangci-lint-action/compare/v9.2.1...v9.3.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golangci/golangci-lint-action/commit/ba0d7d2ec06a0ea1cb5fa41b2e4a3ab91d21278a"><code>ba0d7d2</code></a> chore: prepare release v9.3.0</li> <li><a href="https://github.com/golangci/golangci-lint-action/commit/efd0857dc49487d73b2e08936ea47b04e894a2b1"><code>efd0857</code></a> feat: add no-run-logs-group as experimental option (<a href="https://redirect.github.com/golangci/golangci-lint-action/issues/1403">#1403</a>)</li> <li><a href="https://github.com/golangci/golangci-lint-action/commit/ed485de1ff3b974c764ba768d82dda2e035d091e"><code>ed485de</code></a> build(deps): bump undici from 6.24.0 to 6.27.0</li> <li><a href="https://github.com/golangci/golangci-lint-action/commit/8872e8d04c73fcdce3d942f99fbbe16ea722b6de"><code>8872e8d</code></a> build(deps-dev): bump js-yaml from 4.1.1 to 4.2.0 (<a href="https://redirect.github.com/golangci/golangci-lint-action/issues/1400">#1400</a>)</li> <li><a href="https://github.com/golangci/golangci-lint-action/commit/b163415b470349e75dbab89538e4165e7402f2b9"><code>b163415</code></a> build(deps): bump tmp from 0.2.6 to 0.2.7 (<a href="https://redirect.github.com/golangci/golangci-lint-action/issues/1399">#1399</a>)</li> <li><a href="https://github.com/golangci/golangci-lint-action/commit/e52a9f899623adbdb986c05b9a8f7a8cf4138fc3"><code>e52a9f8</code></a> build(deps): bump github/codeql-action from 4.35.5 to 4.36.0 in the github-ac...</li> <li><a href="https://github.com/golangci/golangci-lint-action/commit/8182aa34940a5c3d28dbb24ce802921d8aa7b434"><code>8182aa3</code></a> build(deps): bump tmp from 0.2.5 to 0.2.6 (<a href="https://redirect.github.com/golangci/golangci-lint-action/issues/1397">#1397</a>)</li> <li><a href="https://github.com/golangci/golangci-lint-action/commit/5403a413dee20909aad15f1ecb21377539fcc4df"><code>5403a41</code></a> build(deps): bump github/codeql-action from 4.35.4 to 4.35.5 in the github-ac...</li> <li>See full diff in <a href="https://github.com/golangci/golangci-lint-action/compare/82606bf257cbaff209d206a39f5134f0cfbfd2ee...ba0d7d2ec06a0ea1cb5fa41b2e4a3ab91d21278a">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: DevCats <christofer@coder.com>
## Problem Now that `scripts/terraform_validate.sh` validates templates (from coder#948), running `terraform validate` across the registry surfaces pre-existing breakages in **14 `coder/*` templates**. This PR fixes all of them so they pass validation. ## Fixes **Unsupported `agent_name` argument** (dominant issue) - Removed `agent_name` from `code-server` / `windows_rdp` module calls and from `coder_app` / `coder_env` / `coder_script` / `coder_agent_instance` resources. Only the `jetbrains` and `filebrowser` modules actually declare an `agent_name` variable, so those usages are left intact. **Invalid `jetbrains` module source** - `registry.coder.com/modules/coder/jetbrains/coder` (5 components — invalid) → `registry.coder.com/coder/jetbrains/coder`. **windows_rdp stray argument** - Removed `resource_id = null` (no longer a supported argument). **aws-devcontainer region module** - Replaced the raw `source = "https://registry.coder.com/modules/aws-region"` URL with the proper registry source `registry.coder.com/coder/aws-region/coder` + `version = "~> 1.0"`. **gcp-devcontainer agent reference** - Fixed module calls referencing the non-existent `coder_agent.main`; the agent in that template is `coder_agent.dev` (count-based), so they now use `coder_agent.dev[0].id`. **incus provider schema drift** - `incus_volume` → `incus_storage_volume` - `incus_cached_image` → `incus_image` (object-form `source_image = { remote, name }`) - Dropped the unsupported `incus_instance_file` resource; the agent token is now delivered via cloud-init `write_files` (consistent with how the init script and systemd units are already delivered). - Moved instance `limits` into `config` (`limits.cpu` / `limits.memory`) and updated `coder_metadata` references accordingly. ## Validation All 14 previously-failing templates now pass `terraform validate`: ``` aws-devcontainer, aws-linux, azure-linux, azure-windows, digitalocean-linux, docker, docker-devcontainer, gcp-devcontainer, gcp-linux, gcp-vm-container, kubernetes, nomad-docker, scratch, incus → all Success ``` `terraform fmt` / prettier applied. No `.terraform` artifacts or lockfiles committed. > [!NOTE] > Changes are confined to template `main.tf` files. The incus rework in particular adapts to the current `lxc/incus` provider schema; the token-via-cloud-init approach matches the sibling `bpmct/incus-*` templates. Generated with [Mux](https://mux.coder.com/).
…_modules group across 1 directory (coder#949) Bumps the go_modules group with 1 update in the / directory: [golang.org/x/crypto](https://github.com/golang/crypto). Updates `golang.org/x/crypto` from 0.45.0 to 0.52.0 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/golang/crypto/commit/a1c0d9929856c8aba2b31f079340f00578eda803"><code>a1c0d99</code></a> go.mod: update golang.org/x dependencies</li> <li><a href="https://github.com/golang/crypto/commit/3c7c86938f4541c333d506f719388d9c42d4763d"><code>3c7c869</code></a> ssh: fix deadlock on unexpected channel responses</li> <li><a href="https://github.com/golang/crypto/commit/533fb3f7e4a5ae23f69d1837cd851d35ff5b76ce"><code>533fb3f</code></a> ssh: fix source-address critical option bypass</li> <li><a href="https://github.com/golang/crypto/commit/abbc44d451a6f9236a2bbd26cbcd4d0fec473da3"><code>abbc44d</code></a> ssh: fix incorrect operator order</li> <li><a href="https://github.com/golang/crypto/commit/e052873987615dc96fe67607a9a6adb76311344f"><code>e052873</code></a> ssh: fix infinite loop on large channel writes due to integer overflow</li> <li><a href="https://github.com/golang/crypto/commit/b61cf853a89d82cad68da5e12a6beca2116f8456"><code>b61cf85</code></a> ssh: enforce user presence verification for security keys</li> <li><a href="https://github.com/golang/crypto/commit/9c2cd33e8d96a96133fd6ff732510ebba539c2bd"><code>9c2cd33</code></a> ssh: enforce strict limits on DSA key parameters</li> <li><a href="https://github.com/golang/crypto/commit/890731877d85f71cfdc9554e7a27fec4684fc4c4"><code>8907318</code></a> ssh: reject RSA keys with excessively large moduli</li> <li><a href="https://github.com/golang/crypto/commit/ffd87b4878fa98ca2908ec534e1a410bf095a35e"><code>ffd87b4</code></a> ssh: fix panic when authority callbacks are nil</li> <li><a href="https://github.com/golang/crypto/commit/4e7a7384ecbc8d519f6f4c11b36fa9d761fc8946"><code>4e7a738</code></a> ssh: fix deadlock on unexpected global responses</li> <li>Additional commits viewable in <a href="https://github.com/golang/crypto/compare/v0.45.0...v0.52.0">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/coder/registry/network/alerts). </details> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: DevCats <christofer@coder.com> Co-authored-by: Cursor <cursoragent@cursor.com>
…fety
Address review feedback on the strip_jsonc_for_extensions helper.
The previous two-stage pipeline stripped line comments before slurping
the file for block-comment removal. This corrupted any // that lived
inside a block comment (e.g. a URL in /* see https://... */), leaving an
unterminated /* that broke jq. Single-line input was also dropped
entirely by the :a;N;$!ba slurp.
Reorder into three portable passes so each concern gets the right scope:
1. block comments (whole-file slurp) first, so a URL inside /* ... */
is removed as a unit before the line-comment pass sees its //
2. line comments per line (no non-portable [^\n] class); // preceded
by ':' is preserved so URLs in .code-workspace string values survive
3. trailing commas (whole-file slurp)
The slurp idiom is :a;$!{N;ba}, which is single-line safe. Verified on
GNU sed (Linux), BSD sed (macOS), and BusyBox sed (Alpine).
Also make the code-server recommendations query null-safe to match
vscode-web: .recommendations[] -> (.recommendations // [])[], so a valid
extensions.json without a recommendations key no longer errors.
Bump code-server 1.5.1 -> 1.5.2 and vscode-web 1.6.1 -> 1.6.2.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…oder#953) ## Description The code-server module had the same settings bug reported in coder#447 for vscode-web: User settings were only written when the file did not exist (silently skipped otherwise), and Machine settings always overwrote the entire file, destroying any existing settings. This PR ports the `merge_settings` approach already used in the vscode-web module (added in coder#758) to code-server, so both modules handle settings the same way. ## Type of Change - [x] Bug fix - [x] Feature/enhancement ## Module Information **Path:** `registry/coder/modules/code-server` ## What Changed ### `run.sh` - Replaced the skip-if-exists User settings block and the always-overwrite Machine settings block with a `merge_settings()` function (identical to vscode-web). - `merge_settings()` uses `jq -s '.[0] * .[1]'` for deep merge, falls back to python3, and preserves existing settings with a warning if neither tool is available. - Switched from fragile escaped-JSON (`replace(jsonencode(...))`) to base64 encoding. - Empty settings (`{}`) are now skipped entirely instead of writing an empty object. ### `main.tf` - Added `locals` block with `settings_b64` and `machine_settings_b64`. - Replaced `SETTINGS` / `MACHINE_SETTINGS` template vars with base64 variants. - Updated `settings` and `machine_settings` variable descriptions to document merge behaviour. ### `main.test.ts` - Added three integration tests: create user settings, merge user settings with existing, merge machine settings with existing. - Aligned test structure with vscode-web tests (`beforeAll`, `afterEach` cleanup, timeout). ### `README.md` - Renamed "Pre-configure Settings" to "Pre-configure User Settings". - Updated description to mention merge behaviour. - Added `jq` / `python3` requirement warning (matching vscode-web). ## Testing & Validation - [x] Tests pass (`bun test`) - [x] Code formatted (`bun fmt`) - [x] Changes tested locally - [x] Terraform validate and `terraform test` pass ``` bun test registry/coder/modules/code-server/main.test.ts 8 pass, 0 fail bun test registry/coder/modules/vscode-web/main.test.ts 7 pass, 0 fail terraform test (code-server): 8 passed, 0 failed terraform test (vscode-web): 3 passed, 0 failed ``` ## Related Issues Closes coder#447 --- > Generated by Coder Agents on behalf of @35C4n0r --------- Co-authored-by: Jay Kumar <jay.kumar@coder.com> Co-authored-by: DevCats <christofer@coder.com>
Resolve conflicts against the latest main: - code-server/run.sh: keep both coder#953's new settings-merge logic (base64 SETTINGS_B64/MACHINE_SETTINGS_B64 + merge_settings) and this branch's JSONC parsing (strip_jsonc_for_extensions) + null-safe recommendations query. Auto-merged cleanly. - code-server/README.md: version pins resolved to 1.5.2 (latest release tag v1.5.1 + patch), keeping upstream's coder#953 README content outside the version lines. - vscode-web/README.md: corrected version pins to 1.6.1 (latest release tag v1.6.0 + patch); the previous 1.6.2 was one ahead of the released baseline and would have failed the version-bump CI check. Validation after merge: bun run fmt:ci, shellcheck, terraform test (code-server 8/8, vscode-web 3/3), bun test (code-server 8/8, vscode-web 7/7), and the 25-case JSONC matrix (GNU/BSD/BusyBox sed) all pass. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Add container-based tests that drive the rendered coder_script through the auto_install_extensions path with a mock CLI that records --install-extension calls, so the actual strip_jsonc_for_extensions + jq queries are exercised. - code-server: reaches auto-install via use_cached + a pre-placed mock binary. Covers a JSONC .vscode/extensions.json (line/block/multi-line comments, a URL inside a block comment, trailing comma) and a file with no recommendations key (null-safe query must not make jq error). - vscode-web: early-exits on use_cached/offline, so curl/tar are stubbed to make the download a no-op and let the pre-placed mock binary survive. Covers the JSONC .vscode/extensions.json path and a .code-workspace whose settings hold a URL (the :// guard must keep it intact so jq can parse the workspace file). These fail on the pre-fix code (the old pipeline drops the extension after the URL-bearing block comment; the old code-server query errors on a missing key). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes coder#708. Supersedes coder#707.
Description
auto_install_extensionsfails to parse.vscode/extensions.jsonfiles containing valid JSONC (block comments, trailing commas). VS Code officially supports these via its built-in JSONC parser with default options.This PR replaces the existing
sed | jqpipeline with a portable two-stagesed | sed | jqpipeline that handles all JSONC features — no new dependencies, no GNU-only extensions.Type of Change
Module Information
Path:
registry/coder/modules/code-serverandregistry/coder/modules/vscode-webNew version: code-server
1.4.4, vscode-web1.5.1Breaking change: No
Problem
The
sed 's|//.*||g' | jqpipeline fails on block comments and trailing commas:https://github.com/coder/registry/blob/f1748c80f7d123d9f3a7867ea1835feaf227d1f2/registry/coder/modules/code-server/run.sh#L133
https://github.com/coder/registry/blob/f1748c80f7d123d9f3a7867ea1835feaf227d1f2/registry/coder/modules/vscode-web/run.sh#L161
https://github.com/coder/registry/blob/f1748c80f7d123d9f3a7867ea1835feaf227d1f2/registry/coder/modules/vscode-web/run.sh#L173
Fix
Extracts a
strip_jsonchelper function (defined once per script) that uses a two-stagesed | sedpipeline:// ...) — a separate line-by-linesedpass where.*naturally stops at the end of each input line:a;N;$!ba) — reads the entire file into sed's pattern space for multi-line matching/* ... */) — ERE regex handles nested stars, multi-line comments]or}—[^]}"]*matches only whitespace/newlines between a trailing comma and its closing bracketThis is safe for
extensions.jsonbecause extension IDs are restricted to[a-z0-9\-.]by vsce'snameRegex, so comment markers (//,/*) cannot appear inside string values, and the trailing-comma regex[^]}"]*will only ever match whitespace between a comma and its closing bracket. The function is not a general-purpose JSONC parser, but a full parser would be overengineered for this use case.Cross-platform compatibility
The original
sed 's|//.*||g'pipeline only handled line comments. A natural fix would usesed -zto slurp the file for multi-line block comment matching, but-zis a GNU sed extension that does not work on macOS (BSD sed). Since Coder workspaces support macOS (thevscode-webmodule acceptsplatform = "darwin"), the fix must be portable.Line comment stripping is done in a separate first-stage
sed(before slurping) because after slurping with:a;N;$!ba,.matches\nin the pattern space, so.*would greedily eat across lines. A single-sed approach using[^\n]*instead of.*works on GNU sed but fails on BSD sed (macOS), where\ninside a bracket expression is interpreted as literal backslash +nper POSIX — causing silent corruption of extension IDs containing the lettern.This implementation uses only:
sedandsed -E— POSIX-standard flags, supported by both GNU and BSD sed:a;N;$!ba— standard sed idiom for slurping, works on both platforms\+,\s,[^\n], or other GNU-only regex extensionsAlternatives considered
sed -z-zis a GNU sed extension — breaks on macOS BSD sedsed -Ewith[^\n]*\nin bracket expressions is not portable — BSD sed treats it as literal\+n, silently corrupting outputperl -0777 -pecommand -vguardsed | sed(this PR)Testing & Validation
bun test) — 490 pass, 4 pre-existing failures unrelated to this PRbun fmt)version-bump.shterraform applywithauto_install_extensions = true+ JSONCextensions.json(line comments, block comments, trailing commas) correctly extracts and installs all extensions on bothubuntu:22.04andalpine:latestTested the sed+jq pipeline against 19 cases:
Standalone test script (requires jq)
Related Issues
Generated with Claude Code using Claude Opus 4.6