From 3b268c95d359ffb037699ed15c91937e6affb218 Mon Sep 17 00:00:00 2001
From: Cian Johnston <cian@coder.com>
Date: Mon, 23 Mar 2026 18:25:58 +0000
Subject: [PATCH] chore(dogfood): evict 22 freeloading tools from the
 Dockerfile (#23378)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Removes unused tools from dogfood Dockerfile:
- Go tools `moq`, `go-swagger`, `goreleaser`, `goveralls`, `kind`,
`helm-docs`, `gcr-cleaner-cli`
- curl-installed `cloud_sql_proxy`, `dive`, `docker-credential-gcr`, `grype`,
`kube-linter`, `stripe` CLI, `terragrunt`, `yq` v3, GoLand 2021.2 , ANTLR v4 jar
- apt packages `cmake`, `google-cloud-sdk-datastore-emulator`, `graphviz`, `packer`

> 🤖 This PR was created with the help of Coder Agents, and was reviewed by my human. 🧑‍💻
---
 dogfood/coder/Dockerfile | 83 ++--------------------------------------
 1 file changed, 3 insertions(+), 80 deletions(-)

diff --git a/dogfood/coder/Dockerfile b/dogfood/coder/Dockerfile
index 26f7c18c9d..1b3891ad59 100644
--- a/dogfood/coder/Dockerfile
+++ b/dogfood/coder/Dockerfile
@@ -32,12 +32,8 @@ RUN apt-get update && \
 	tar --extract --gzip --directory=/usr/local/go --file=/usr/local/go.tar.gz --strip-components=1 && \
 	mkdir --parents "$GOPATH" && \
 	go env -w GOSUMDB=sum.golang.org && \
-	# moq for Go tests.
-	go install github.com/matryer/moq@v0.2.3 && \
 	# swag for Swagger doc generation
 	go install github.com/swaggo/swag/cmd/swag@v1.16.2 && \
-	# go-swagger tool to generate the go coder api client
-	go install github.com/go-swagger/go-swagger/cmd/swagger@v0.28.0 && \
 	# goimports for updating imports
 	go install golang.org/x/tools/cmd/goimports@v0.41.0 && \
 	# protoc-gen-go is needed to build sysbox from source
@@ -46,41 +42,26 @@ RUN apt-get update && \
 	go install storj.io/drpc/cmd/protoc-gen-go-drpc@v0.0.34 && \
 	# migrate for migration support for v2
 	go install github.com/golang-migrate/migrate/v4/cmd/migrate@v4.15.1 && \
-	# goreleaser for compiling v2 binaries
-	go install github.com/goreleaser/goreleaser@v1.6.1 && \
 	# Install the latest version of gopls for editors that support
 	# the language server protocol (v0.21.0+ required for Go 1.25)
 	go install golang.org/x/tools/gopls@v0.21.0 && \
 	# gotestsum makes test output more readable
 	go install gotest.tools/gotestsum@v1.9.0 && \
-	# goveralls collects code coverage metrics from tests
-	# and sends to Coveralls
-	go install github.com/mattn/goveralls@v0.0.11 && \
-	# kind for running Kubernetes-in-Docker, needed for tests
-	go install sigs.k8s.io/kind@v0.10.0 && \
-	# helm-docs generates our Helm README based on a template and the
-	# charts and values files
-	go install github.com/norwoodj/helm-docs/cmd/helm-docs@v1.5.0 && \
 	# sqlc for Go code generation
 	# Switched to coder/sqlc fork to fix ambiguous column bug, see:
 	# - https://github.com/coder/sqlc/pull/1
 	# - https://github.com/sqlc-dev/sqlc/pull/4159
 	(CGO_ENABLED=1 go install github.com/coder/sqlc/cmd/sqlc@aab4e865a51df0c43e1839f81a9d349b41d14f05) && \
-	# gcr-cleaner-cli used by CI to prune unused images
-	go install github.com/sethvargo/gcr-cleaner/cmd/gcr-cleaner-cli@v0.5.1 && \
 	# ruleguard for checking custom rules, without needing to run all of
 	# golangci-lint. Check the go.mod in the release of golangci-lint that
 	# we're using for the version of go-critic that it embeds, then check
 	# the version of ruleguard in go-critic for that tag.
 	go install github.com/quasilyte/go-ruleguard/cmd/ruleguard@v0.3.13 && \
-	# go-releaser for building 'fat binaries' that work cross-platform
-	go install github.com/goreleaser/goreleaser@v1.6.1 && \
 	# shfmt for shell script formatting
 	go install mvdan.cc/sh/v3/cmd/shfmt@v3.12.0 && \
 	# nfpm is used with `make build` to make release packages
 	go install github.com/goreleaser/nfpm/v2/cmd/nfpm@v2.35.1 && \
-	# yq v4 is used to process yaml files in coder v2. Conflicts with
-	# yq v3 used in v1.
+	# yq v4 for processing YAML files (renamed to yq4 for scripts/lib.sh).
 	go install github.com/mikefarah/yq/v4@v4.44.3 && \
 	mv /tmp/bin/yq /tmp/bin/yq4 && \
 	# mockgen for generating mocks (v0.6.0+ required for Go 1.25)
@@ -144,7 +125,6 @@ RUN sed -i 's|http://archive.ubuntu.com/ubuntu/|http://mirrors.edge.kernel.org/u
 	bind9-dnsutils \
 	build-essential \
 	ca-certificates \
-	cmake \
 	containerd.io \
 	crypto-policies \
 	curl \
@@ -159,8 +139,6 @@ RUN sed -i 's|http://archive.ubuntu.com/ubuntu/|http://mirrors.edge.kernel.org/u
 	git \
 	gnupg \
 	google-cloud-sdk \
-	google-cloud-sdk-datastore-emulator \
-	graphviz \
 	helix \
 	htop \
 	httpie \
@@ -184,7 +162,6 @@ RUN sed -i 's|http://archive.ubuntu.com/ubuntu/|http://mirrors.edge.kernel.org/u
 	openjdk-11-jdk-headless \
 	openssh-server \
 	openssl \
-	packer \
 	pkg-config \
 	postgresql-16 \
 	python3 \
@@ -306,54 +283,25 @@ RUN systemctl enable \
 
 # Install tools with published releases, where that is the
 # preferred/recommended installation method.
-ARG CLOUD_SQL_PROXY_VERSION=2.2.0 \
-	DIVE_VERSION=0.10.0 \
-	DOCKER_GCR_VERSION=2.1.8 \
-	GOLANGCI_LINT_VERSION=1.64.8 \
-	GRYPE_VERSION=0.61.1 \
+ARG GOLANGCI_LINT_VERSION=1.64.8 \
 	HELM_VERSION=3.12.0 \
-	KUBE_LINTER_VERSION=0.8.1 \
 	KUBECTX_VERSION=0.9.4 \
-	STRIPE_VERSION=1.14.5 \
-	TERRAGRUNT_VERSION=0.45.11 \
 	SYFT_VERSION=1.20.0 \
 	COSIGN_VERSION=2.4.3 \
 	BUN_VERSION=1.2.15
 
-# cloud_sql_proxy, for connecting to cloudsql instances
-# the upstream go.mod prevents this from being installed with go install
-RUN curl --silent --show-error --location --fail --output /usr/local/bin/cloud_sql_proxy "https://storage.googleapis.com/cloud-sql-connectors/cloud-sql-proxy/v${CLOUD_SQL_PROXY_VERSION}/cloud-sql-proxy.linux.amd64" && \
-	chmod a=rx /usr/local/bin/cloud_sql_proxy && \
-	# dive for scanning image layer utilization metrics in CI
-	curl --silent --show-error --location --fail "https://github.com/wagoodman/dive/releases/download/v${DIVE_VERSION}/dive_${DIVE_VERSION}_linux_amd64.tar.gz" | \
-	tar --extract --gzip --directory=/usr/local/bin --file=- dive && \
-	# docker-credential-gcr is a Docker credential helper for pushing/pulling
-	# images from Google Container Registry and Artifact Registry
-	curl --silent --show-error --location --fail "https://github.com/GoogleCloudPlatform/docker-credential-gcr/releases/download/v${DOCKER_GCR_VERSION}/docker-credential-gcr_linux_amd64-${DOCKER_GCR_VERSION}.tar.gz" | \
-	tar --extract --gzip --directory=/usr/local/bin --file=- docker-credential-gcr && \
+RUN \
 	# golangci-lint performs static code analysis for our Go code
 	curl --silent --show-error --location --fail "https://github.com/golangci/golangci-lint/releases/download/v${GOLANGCI_LINT_VERSION}/golangci-lint-${GOLANGCI_LINT_VERSION}-linux-amd64.tar.gz" | \
 	tar --extract --gzip --directory=/usr/local/bin --file=- --strip-components=1 "golangci-lint-${GOLANGCI_LINT_VERSION}-linux-amd64/golangci-lint" && \
-	# Anchore Grype for scanning container images for security issues
-	curl --silent --show-error --location --fail "https://github.com/anchore/grype/releases/download/v${GRYPE_VERSION}/grype_${GRYPE_VERSION}_linux_amd64.tar.gz" | \
-	tar --extract --gzip --directory=/usr/local/bin --file=- grype && \
 	# Helm is necessary for deploying Coder
 	curl --silent --show-error --location --fail "https://get.helm.sh/helm-v${HELM_VERSION}-linux-amd64.tar.gz" | \
 	tar --extract --gzip --directory=/usr/local/bin --file=- --strip-components=1 linux-amd64/helm && \
-	# kube-linter for linting Kubernetes objects, including those
-	# that Helm generates from our charts
-	curl --silent --show-error --location --fail "https://github.com/stackrox/kube-linter/releases/download/v${KUBE_LINTER_VERSION}/kube-linter-linux" --output /usr/local/bin/kube-linter && \
 	# kubens and kubectx for managing Kubernetes namespaces and contexts
 	curl --silent --show-error --location --fail "https://github.com/ahmetb/kubectx/releases/download/v${KUBECTX_VERSION}/kubectx_v${KUBECTX_VERSION}_linux_x86_64.tar.gz" | \
 	tar --extract --gzip --directory=/usr/local/bin --file=- kubectx && \
 	curl --silent --show-error --location --fail "https://github.com/ahmetb/kubectx/releases/download/v${KUBECTX_VERSION}/kubens_v${KUBECTX_VERSION}_linux_x86_64.tar.gz" | \
 	tar --extract --gzip --directory=/usr/local/bin --file=- kubens && \
-	# stripe for coder.com billing API
-	curl --silent --show-error --location --fail "https://github.com/stripe/stripe-cli/releases/download/v${STRIPE_VERSION}/stripe_${STRIPE_VERSION}_linux_x86_64.tar.gz" | \
-	tar --extract --gzip --directory=/usr/local/bin --file=- stripe && \
-	# terragrunt for running Terraform and Terragrunt files
-	curl --silent --show-error --location --fail --output /usr/local/bin/terragrunt "https://github.com/gruntwork-io/terragrunt/releases/download/v${TERRAGRUNT_VERSION}/terragrunt_linux_amd64" && \
-	chmod a=rx /usr/local/bin/terragrunt && \
 	# Anchore Syft for SBOM generation
 	curl --silent --show-error --location --fail "https://github.com/anchore/syft/releases/download/v${SYFT_VERSION}/syft_${SYFT_VERSION}_linux_amd64.tar.gz" | \
 	tar --extract --gzip --directory=/usr/local/bin --file=- syft && \
@@ -361,9 +309,6 @@ RUN curl --silent --show-error --location --fail --output /usr/local/bin/cloud_s
 	curl --silent --show-error --location --fail --output /usr/local/bin/cosign "https://github.com/sigstore/cosign/releases/download/v${COSIGN_VERSION}/cosign-linux-amd64" && \
 	chmod a=rx /usr/local/bin/cosign && \
 	# Install Bun JavaScript runtime to /usr/local/bin
-	# Ensure unzip is installed right before using it and use multiple mirrors for reliability
-	(apt-get update || (sed -i 's|http://archive.ubuntu.com/ubuntu/|http://mirrors.edge.kernel.org/ubuntu/|g' /etc/apt/sources.list && apt-get update)) && \
-	apt-get install -y unzip && \
 	curl --silent --show-error --location --fail "https://github.com/oven-sh/bun/releases/download/bun-v${BUN_VERSION}/bun-linux-x64.zip" --output /tmp/bun.zip && \
 	unzip -q /tmp/bun.zip -d /tmp && \
 	mv /tmp/bun-linux-x64/bun /usr/local/bin/ && \
@@ -371,28 +316,6 @@ RUN curl --silent --show-error --location --fail --output /usr/local/bin/cloud_s
 	rm -rf /tmp/bun.zip /tmp/bun-linux-x64 && \
 	apt-get clean && rm -rf /var/lib/apt/lists/*
 
-# We use yq during "make deploy" to manually substitute out fields in
-# our helm values.yaml file. See https://github.com/helm/helm/issues/3141
-#
-# TODO: update to 4.x, we can't do this now because it included breaking
-# changes (yq w doesn't work anymore)
-# RUN curl --silent --show-error --location "https://github.com/mikefarah/yq/releases/download/v4.9.0/yq_linux_amd64.tar.gz" | \
-#       tar --extract --gzip --directory=/usr/local/bin --file=- ./yq_linux_amd64 && \
-#     mv /usr/local/bin/yq_linux_amd64 /usr/local/bin/yq
-
-RUN curl --silent --show-error --location --output /usr/local/bin/yq "https://github.com/mikefarah/yq/releases/download/3.3.0/yq_linux_amd64" && \
-	chmod a=rx /usr/local/bin/yq
-
-# Install GoLand.
-RUN mkdir --parents /usr/local/goland && \
-	curl --silent --show-error --location "https://download.jetbrains.com/go/goland-2021.2.tar.gz" | \
-	tar --extract --gzip --directory=/usr/local/goland --file=- --strip-components=1 && \
-	ln --symbolic /usr/local/goland/bin/goland.sh /usr/local/bin/goland
-
-# Install Antlrv4, needed to generate paramlang lexer/parser
-RUN curl --silent --show-error --location --output /usr/local/lib/antlr-4.9.2-complete.jar "https://www.antlr.org/download/antlr-4.9.2-complete.jar"
-ENV CLASSPATH="/usr/local/lib/antlr-4.9.2-complete.jar:${PATH}"
-
 # Add coder user and allow use of docker/sudo
 RUN useradd coder \
 	--create-home \