Merge branch 'main' into sigusr2

Author: jsjoeio

.github/ISSUE_TEMPLATE/bug-report.yml

@@ -57,7 +57,7 @@ body:
     id: logs
     attributes:
       label: Logs
-      description: Run code-server with the --verbose flag and then paste any relevant logs from the server, from the browser console and/or the browser network tab. For issues with installation, include installation logs (i.e. output of `npm install -g code-server`).
+      description: Run code-server with the --verbose flag and then paste any relevant logs from the server, from the browser console and/or the browser network tab. For issues with installation, include installation logs (i.e. output of `yarn global add code-server`).
   - type: textarea
     attributes:
       label: Screenshot/Video

.github/workflows/ci.yaml

@@ -39,7 +39,7 @@ jobs:
           node-version: "14"
 
       - name: Install helm
-        uses: azure/setup-helm@v1.1
+        uses: azure/setup-helm@v2.1
 
       - name: Fetch dependencies from cache
         id: cache-yarn
@@ -217,6 +217,26 @@ jobs:
           # Instead, itis determined in publish-npm.sh script
           # using GITHUB environment variables
 
+      - name: Comment npm information
+        uses: marocchino/sticky-pull-request-comment@v2
+        with:
+          GITHUB_TOKEN: ${{ github.token }}
+          header: npm-dev-build
+          message: |
+            ✨ code-server dev build published to npm for PR #${{ github.event.number }}!
+            * _Last publish status_: success
+            * _Commit_: ${{ github.event.pull_request.head.sha }}
+
+            To install in a local project, run:
+            ```shell-session
+            npm install @coder/code-server-pr@${{ github.event.number }}
+            ```
+
+            To install globally, run:
+            ```shell-session
+            npm install -g @coder/code-server-pr@${{ github.event.number }}
+            ```
+
   # TODO: cache building yarn --production
   # possibly 2m30s of savings(?)
   # this requires refactoring our release scripts
@@ -475,6 +495,9 @@ jobs:
         run: rm -rf ./release-packages ./test/test-results
 
   trivy-scan-repo:
+    permissions:
+      contents: read # for actions/checkout to fetch code
+      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
     runs-on: ubuntu-20.04
     steps:
       - name: Checkout repo
@@ -483,7 +506,7 @@ jobs:
           fetch-depth: 0
 
       - name: Run Trivy vulnerability scanner in repo mode
-        uses: aquasecurity/trivy-action@296212627a1e693efa09c00adc3e03b2ba8edf18
+        uses: aquasecurity/trivy-action@2b30463ddb3d11724a04e760e020c7d9af24d8b3
         with:
           scan-type: "fs"
           scan-ref: "."
@@ -494,6 +517,6 @@ jobs:
           severity: "HIGH,CRITICAL"
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v1
+        uses: github/codeql-action/upload-sarif@v2
         with:
           sarif_file: "trivy-repo-results.sarif"

.github/workflows/codeql-analysis.yml

@@ -17,8 +17,15 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: ${{ github.event_name == 'pull_request' }}
 
+permissions:
+  contents: read
+
 jobs:
   analyze:
+    permissions:
+      actions: read # for github/codeql-action/init to get workflow details
+      contents: read # for actions/checkout to fetch code
+      security-events: write # for github/codeql-action/autobuild to send a status report
     name: Analyze
     runs-on: ubuntu-20.04
 
@@ -28,13 +35,13 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v1
+        uses: github/codeql-action/init@v2
         with:
           config-file: ./.github/codeql-config.yml
           languages: javascript
 
       - name: Autobuild
-        uses: github/codeql-action/autobuild@v1
+        uses: github/codeql-action/autobuild@v2
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v1
+        uses: github/codeql-action/analyze@v2

.github/workflows/docker.yaml

@@ -39,17 +39,15 @@ jobs:
         id: version
         run: echo "::set-output name=version::$(jq -r .version package.json)"
 
-      - name: Download artifact
-        uses: dawidd6/action-download-artifact@v2
-        id: download
+      - name: Download release artifacts
+        uses: robinraju/[email protected]
         with:
-          branch: v${{ steps.version.outputs.version }}
-          workflow: ci.yaml
-          workflow_conclusion: completed
-          name: "release-packages"
-          path: release-packages
-
-      - name: Run ./ci/steps/docker-buildx-push.sh
-        run: ./ci/steps/docker-buildx-push.sh
+          repository: "coder/code-server"
+          tag: v${{ steps.version.outputs.version }}
+          fileName: "*.deb"
+          out-file-path: "release-packages"
+
+      - name: Publish to Docker
+        run: yarn publish:docker
         env:
           GITHUB_TOKEN: ${{ github.token }}

.github/workflows/docs-preview.yaml

@@ -30,7 +30,11 @@ jobs:
 
       - name: Comment Credentials
         uses: marocchino/sticky-pull-request-comment@v2
+        # Only run if PR comes from base repo
+        # Reason: forks cannot access secrets and this will always fail
+        if: github.event.pull_request.head.repo.full_name == github.repository
         with:
+          GITHUB_TOKEN: ${{ github.token }}
           header: codercom-preview-docs
           message: |
             ✨ code-server docs for PR #${{ github.event.number }} is ready! It will be updated on every commit.

.github/workflows/installer.yml

@@ -19,6 +19,9 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: ${{ github.event_name == 'pull_request' }}
 
+permissions:
+  contents: read
+
 jobs:
   ubuntu:
     name: Test installer on Ubuntu

.github/workflows/npm-brew.yaml

@@ -45,10 +45,8 @@ jobs:
           NPM_ENVIRONMENT: "production"
 
   homebrew:
-    # The newest version of code-server needs to be available on npm when this runs
-    # otherwise, it will 404 and won't open a PR to bump version on homebrew/homebrew-core
     needs: npm
-    runs-on: macos-latest
+    runs-on: ubuntu-latest
     steps:
       # Ensure things are up to date
       # Suggested by homebrew maintainers
@@ -60,16 +58,10 @@ jobs:
       - name: Checkout code-server
         uses: actions/checkout@v3
 
-      - name: Checkout cdrci/homebrew-core
-        uses: actions/checkout@v3
-        with:
-          repository: cdrci/homebrew-core
-          path: homebrew-core
-
       - name: Configure git
         run: |
-          git config user.name github-actions
-          git config user.email github-actions@github.com
+          git config user.name cdrci
+          git config user.email opensource@coder.com
 
       - name: Bump code-server homebrew version
         env:

.github/workflows/trivy-docker.yaml

@@ -51,7 +51,7 @@ jobs:
         uses: actions/checkout@v3
 
       - name: Run Trivy vulnerability scanner in image mode
-        uses: aquasecurity/trivy-action@296212627a1e693efa09c00adc3e03b2ba8edf18
+        uses: aquasecurity/trivy-action@2b30463ddb3d11724a04e760e020c7d9af24d8b3
         with:
           image-ref: "docker.io/codercom/code-server:latest"
           ignore-unfixed: true
@@ -60,6 +60,6 @@ jobs:
           severity: "HIGH,CRITICAL"
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v1
+        uses: github/codeql-action/upload-sarif@v2
         with:
           sarif_file: "trivy-image-results.sarif"

.gitignore

@@ -22,3 +22,4 @@ test/test-results
 
 # Quilt's internal data.
 /.pc
+/patches/*.diff~

CHANGELOG.md

@@ -9,17 +9,43 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [9.99.999] - 9090-09-09
 
-VS Code v99.99.999
+Code v99.99.999
 
-### Changed
 ### Added
+### Changed
 ### Deprecated
 ### Removed
 ### Fixed
 ### Security
 
 -->
 
+## [4.3.0](https://github.com/coder/code-server/releases/tag/v4.3.0) - 2022-04-14
+
+Code v1.65.2
+
+### Changed
+
+- Excluded .deb files from release Docker image which drops the compressed and
+  uncompressed size by 58% and 34%.
+- Upgraded to Code 1.65.2.
+
+### Added
+
+- Added a new CLI flag called `--disable-file-downloads` which allows you to
+  disable the "Download..." option that shows in the UI when right-clicking on a
+  file. This can also set by running `CS_DISABLE_FILE_DOWNLOADS=1`.
+- Aligned the dependencies for binary and npm release artifacts.
+
+### Fixed
+
+- Fixed the code-server version from not displaying in the Help > About dialog.
+- Fixed issues with the TypeScript and JavaScript Language Features Extension
+  failing to activate.
+- Fixed missing files in ipynb extension.
+- Fixed the homebrew release workflow.
+- Fixed the Docker release workflow from not always publishing version tags.
+
 ## [4.2.0](https://github.com/coder/code-server/releases/tag/v4.2.0) - 2022-03-22
 
 Code v1.64.2

LICENSE.txt renamed to LICENSE

@@ -24,7 +24,7 @@ main() {
   bundle_vscode
 
   rsync ./docs/README.md "$RELEASE_PATH"
-  rsync LICENSE.txt "$RELEASE_PATH"
+  rsync LICENSE "$RELEASE_PATH"
   rsync ./lib/vscode/ThirdPartyNotices.txt "$RELEASE_PATH"
 }
 
@@ -78,11 +78,25 @@ EOF
 bundle_vscode() {
   mkdir -p "$VSCODE_OUT_PATH"
 
-  # - Some extensions have a .gitignore which excludes their built source from
-  #   the npm package so exclude any .gitignore files.
-  # - Exclude Node as we will add it ourselves for the standalone and will not
-  #   need it for the npm package.
-  rsync -avh --exclude .gitignore --exclude /node ./lib/vscode-reh-web-*/ "$VSCODE_OUT_PATH"
+  local rsync_opts=()
+  if [[ ${DEBUG-} = 1 ]]; then
+    rsync_opts+=(-vh)
+  fi
+
+  # Some extensions have a .gitignore which excludes their built source from the
+  # npm package so exclude any .gitignore files.
+  rsync_opts+=(--exclude .gitignore)
+
+  # Exclude Node as we will add it ourselves for the standalone and will not
+  # need it for the npm package.
+  rsync_opts+=(--exclude /node)
+
+  # Exclude Node modules.
+  if [[ $KEEP_MODULES = 0 ]]; then
+    rsync_opts+=(--exclude node_modules)
+  fi
+
+  rsync "${rsync_opts[@]}" ./lib/vscode-reh-web-*/ "$VSCODE_OUT_PATH"
 
   # Add the commit, date, our name, links, and enable telemetry. This just makes
   # telemetry available; telemetry can still be disabled by flag or setting.
@@ -99,7 +113,7 @@ bundle_vscode() {
     "applicationName": "code-server",
     "dataFolderName": ".code-server",
     "win32MutexName": "codeserver",
-    "licenseUrl": "https://github.com/coder/code-server/blob/main/LICENSE.txt",
+    "licenseUrl": "https://github.com/coder/code-server/blob/main/LICENSE",
     "win32DirName": "code-server",
     "win32NameVersion": "code-server",
     "win32AppUserModelId": "coder.code-server",
@@ -122,19 +136,17 @@ EOF
   ) > "$VSCODE_OUT_PATH/product.json"
 
   # Use the package.json for the web/remote server.  It does not have the right
-  # version though so pull that from the main package.json.  Also remove keytar
-  # since the web does not rely on it and that removes the dependency on
-  # libsecret.
-  jq --slurp '.[0] * {version: .[1].version} | del(.dependencies.keytar)' \
+  # version though so pull that from the main package.json.
+  jq --slurp '.[0] * {version: .[1].version}' \
     "$VSCODE_SRC_PATH/remote/package.json" \
     "$VSCODE_SRC_PATH/package.json" > "$VSCODE_OUT_PATH/package.json"
 
   rsync "$VSCODE_SRC_PATH/remote/yarn.lock" "$VSCODE_OUT_PATH/yarn.lock"
 
-  if [ "$KEEP_MODULES" = 0 ]; then
-    rm -Rf "$VSCODE_OUT_PATH/extensions/node_modules"
-    rm -Rf "$VSCODE_OUT_PATH/node_modules"
-  fi
+  # Include global extension dependencies as well.
+  rsync "$VSCODE_SRC_PATH/extensions/package.json" "$VSCODE_OUT_PATH/extensions/package.json"
+  rsync "$VSCODE_SRC_PATH/extensions/yarn.lock" "$VSCODE_OUT_PATH/extensions/yarn.lock"
+  rsync "$VSCODE_SRC_PATH/extensions/postinstall.js" "$VSCODE_OUT_PATH/extensions/postinstall.js"
 
   pushd "$VSCODE_OUT_PATH"
   symlink_asar

ci/build/build-release.sh

@@ -98,14 +98,6 @@ vscode_yarn() {
 
   cd extensions
   yarn --production --frozen-lockfile
-
-  for ext in */; do
-    ext="${ext%/}"
-    echo "extensions/$ext: installing dependencies"
-    cd "$ext"
-    yarn --production --frozen-lockfile
-    cd "$OLDPWD"
-  done
 }
 
 main "$@"

ci/build/npm-postinstall.sh

@@ -81,7 +81,7 @@ main() {
   read -r -p "What version of code-server do you want to update to?"$'\n' CODE_SERVER_VERSION_TO_UPDATE
 
   echo -e "Great! We'll prep a PR for updating to $CODE_SERVER_VERSION_TO_UPDATE\n"
-  $CMD rg -g '!yarn.lock' -g '!*.svg' -g '!CHANGELOG.md' --files-with-matches --fixed-strings "${CODE_SERVER_CURRENT_VERSION}" | $CMD xargs sd "$CODE_SERVER_CURRENT_VERSION" "$CODE_SERVER_VERSION_TO_UPDATE"
+  $CMD rg -g '!yarn.lock' -g '!*.svg' -g '!CHANGELOG.md' -g '!lib/vscode/**' --files-with-matches --fixed-strings "${CODE_SERVER_CURRENT_VERSION}" | $CMD xargs sd "$CODE_SERVER_CURRENT_VERSION" "$CODE_SERVER_VERSION_TO_UPDATE"
 
   $CMD git commit --no-verify -am "chore(release): bump version to $CODE_SERVER_VERSION_TO_UPDATE"
 

ci/build/release-prep.sh

@@ -15,9 +15,9 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 2.3.0
+version: 2.4.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: 4.2.0
+appVersion: 4.3.0

ci/helm-chart/Chart.yaml

@@ -6,7 +6,7 @@ replicaCount: 1
 
 image:
   repository: codercom/code-server
-  tag: '4.2.0'
+  tag: '4.3.0'
   pullPolicy: Always
 
 # Specifies one or more secrets to be used when pulling images from a
@@ -70,6 +70,8 @@ extraArgs: []
 extraVars: []
 #  - name: DISABLE_TELEMETRY
 #    value: true
+#  - name: DOCKER_HOST
+#    value: "tcp://localhost:2375"
 
 ##
 ## Init containers parameters:
@@ -126,6 +128,7 @@ persistence:
 ## Enable an Specify container in extraContainers.
 ## This is meant to allow adding code-server dependencies, like docker-dind.
 extraContainers: |
+# If docker-dind is used, DOCKER_HOST env is mandatory to set in "extraVars"
 #- name: docker-dind
 #  image: docker:19.03-dind
 #  imagePullPolicy: IfNotPresent