Closes https://github.com/coder/internal/issues/850
This PR has the scaletest infrastructure retrieve and use TLS certificates from the persistent observability cluster.
To support creating multiple instances of the infrastructure simultaneously, `var.name` can be set to `alpha`, `bravo` or `charlie`, which retrieves the corresponding certificates.
Also:
- Adds support for wildcard apps.
- Retrieves the Cloudflare token from GCP secrets.
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Depends on: https://github.com/coder/coder/pull/19377
Closes https://github.com/coder/coder/issues/19323
**Screenshot:**
<img width="1511" height="777" alt="Screenshot 2025-08-21 at 11 52 21"
src="https://github.com/user-attachments/assets/be04e507-bf04-47d0-8748-2f71b93b5685"
/>
**Screen recording:**
https://github.com/user-attachments/assets/f70b34fe-952b-427b-9bc9-71961ca23201
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
- New Features
- Added a Tasks navigation item showing a badge with the number of idle
tasks and a tooltip: “You have X tasks waiting for input.”
- Improvements
- Fetches per-user tasks with periodic refresh for up-to-date counts.
- Updated active styling for the Tasks link for clearer navigation
state.
- User menu now always appears on medium+ screens.
- Tests
- Expanded Storybook with preloaded, user-filtered task scenarios to
showcase idle/task states.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
closes#18806
- [x] scheduling limitation
- [x] dev containers limitation
- [x] edit intro
[preview](https://coder.com/docs/@18806-prebuilds-known-limits/admin/templates/extending-templates/prebuilt-workspaces)
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Documentation**
* Clarified the introduction and administrator responsibilities for
prebuilt workspaces.
* Integrated compatibility information about DevContainers and workspace
scheduling more contextually.
* Added explicit notes on limitations with dev containers integration
and workspace autostart/autostop features.
* Improved configuration examples and clarified scheduling instructions.
* Enhanced explanations of scheduling behavior and lifecycle steps for
better understanding.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: EdwardAngert <17991901+EdwardAngert@users.noreply.github.com>
Co-authored-by: Sas Swart <sas.swart.cdk@gmail.com>
Co-authored-by: Susana Ferreira <susana@coder.com>
Note: this commit was partially authored by AI.
- Replaces coderdtest.CreateTemplate/TemplateVersion() with direct dbgen
calls. We do not need a fully functional template for these tests.
- Removes provisioner daemon creation/cleanup. We do not need a running
provisioner daemon here; this functionality is tested elsewhere.
- Simplifies provisioner job creation test helpers.
This reduces the test runtime by over 50%:
Old:
```
time go test -count=100 ./cli -test.run=TestProvisionerJobs
ok github.com/coder/coder/v2/cli 50.149s
```
New:
```
time go test -count=100 ./cli -test.run=TestProvisionerJobs
ok github.com/coder/coder/v2/cli 21.898
```
- Adds `usagetypes.UnknownEventTypeError` type, which is returned by
`ParseEventWithType`
- Changes `ParseEvent` to not be a generic function since it doesn't
really need it
- Adds `User-Agent` to tallyman requests
Removes the requirement to obtain a Cloudflare DNS token from our scaletest/terraform/action builds. Instead, by default, we pull the token from Google Secrets Manager and use the `scaletest.dev` DNS domain.
Removes cloudflare_email as this was unneeded.
Removes the cloudflare_zone_id and instead pulls it from a data source via the Cloudflare API.
closes https://github.com/coder/internal/issues/839
Fixes flakes like the following:
```
workspaces_test.go:4938:
Error Trace: /home/runner/work/coder/coder/coderd/coderdtest/coderdtest.go:1279
/home/runner/work/coder/coder/coderd/workspaces_test.go:4938
/home/runner/work/coder/coder/coderd/workspaces_test.go:5044
Error: Received unexpected error:
POST http://127.0.0.1:42597/api/v2/users/me/workspaces: unexpected status code 409: Workspace "romantic-mcclintock" already exists.
name: This value is already in use and should be unique.
Test: TestWorkspaceCreateWithImplicitPreset/SinglePresetWithParameters
```
https://github.com/coder/coder/actions/runs/17142665868/job/48633017007?pr=19464
Which are caused by insufficient randomness when creating multiple
workspaces with random names. Two words is not enough to avoid flakes.
We have a `testutil.GetRandomName` function that appends a monotonically
increasing integer, but this alternative function that uses hyphens
doesn't add that integer. This PR fixes that by just
`testutil.GetRandomName`
## Summary
In this pull request we're adding support for additional filtering
options to the `provisioners list` CLI command and the
`/provisionerdaemons` API endpoint.
Resolves: https://github.com/coder/coder/issues/18783
### Changes
#### Added CLI Options
- `--show-offline`: When this option is provided, all provisioner
daemons will be returned. This means that when `--show-offline` is not
provided only `idle` and `busy` provisioner daemons will be returned.
- `--status=<list_of_statuses>`: When this option is provided with a
comma-separated list of valid statuses (`idle`, `busy`, or `offline`)
only provisioner daemons that have these statuses will be returned.
- `--max-age=<duration>`: When this option is provided with a valid
duration value (e.g., `24h`, `30s`) only provisioner daemons with a
`last_seen_at` timestamp within the provided max age will be returned.
#### Query Params
- `?offline=true`: Include offline provisioner daemons in the results.
Offline provisioner daemons will be excluded if `?offline=false` or if
offline is not provided.
- `?status=<list_of_statuses>`: Include provisioner daemons with the
specified statuses.
- `?max_age=<duration>`: Include provisioner daemons with a
`last_seen_at` timestamp within the max age duration.
#### Frontend
- Since offline provisioners will not be returned by default anymore
(`--show-offline` has to be provided to see them), a checkbox was added
to the provisioners list page to allow for offline provisioners to be
displayed
- A revamp of the provisioners page will be done in:
https://github.com/coder/coder/issues/17156, this checkbox change was
just added to maintain currently functionality with the backend updates
Current provisioners page (without checkbox)
<img width="1329" height="574" alt="Screenshot 2025-08-20 at 10 51
00 AM"
src="https://github.com/user-attachments/assets/77b73650-0b62-44f0-a77f-acbe5710809f"
/>
Provisioners page with checkbox (unchecked)
<img width="1314" height="626" alt="Screenshot 2025-08-20 at 10 48
40 AM"
src="https://github.com/user-attachments/assets/7ba164ad-6d3f-417b-bd39-338c0161b145"
/>
Provisioner page with checkbox (checked) and URL updated with query
parameters
<img width="1306" height="597" alt="Screenshot 2025-08-20 at 10 50
14 AM"
src="https://github.com/user-attachments/assets/e78d0986-bbf8-491b-9d56-b682973237a0"
/>
### Show Offline vs Offline Status
To list offline provisioner daemons, users can either:
1. Include the `--show-offline` option
OR
2. Include `offline` in the list of values provided to the `--status`
option
At the moment, the loop which retrieves and updates the values of the
agents metrics excessively calls `GetUserByID` (a DB query). First it
retrieves a list of all workspaces, filtering out inactive agents (not
entirely clear to me whether this is non-running workspaces, or just
dead agents), and then iterates over those workspaces to get the rest of
the relevant data for the metrics. The next call is `GetUserByID` for
`workspace.OwnerID`. This is unnecessary because the `workspaces_visible` view we pull workspaces from has already been joined with the users table to get the username/name/etc.
This should at least partially resolve
https://github.com/coder/internal/issues/726
---------
Signed-off-by: Callum Styan <callumstyan@gmail.com>
Username length and format, via regex, are already enforced at the
application layer, but we have some code paths with database queries
where we could optimize away many of the DB query calls if we could be
sure at the database level that the username is never an empty string.
For example: https://github.com/coder/coder/pull/19395
---------
Signed-off-by: Callum Styan <callumstyan@gmail.com>
In order to get `make test` to reliably pass again on our dogfood
workspaces, we're having to resort to setting parallelism.
It also reworks our CI to call the `make test` target, instead of
rolling a different command.
Behavior changes:
* sets 8 packages x 8 tests in parallel by default on `make test`
* by default, removes the `-short` flag. In my testing it makes only a
few seconds difference on ~200s, or 1-2%
* by default, removes the `-count=1` flag that busts Go's test cache.
With a fresh cache and no code changes, `make test` executes in ~15
seconds.
Signed-off-by: Spike Curtis <spike@coder.com>
We've had `build` fail on main one or two times, and it's easily
preventable by just running `make build` on PRs.
I didn't add `build` to required as it's already pretty complex, and
we'd be making it more complex by skipping half of it when not on
coder/coder main.
closes https://github.com/coder/internal/issues/921
Not sure what I was thinking when I wrote this test case, but it was
relying on the connection being p2p on every ping, which is technically
and evidently not always the case. Instead we'll require a DERP peer,
and block direct connections.
[As mentioned in the
issue](https://github.com/coder/coder/issues/12056#issuecomment-3206975879)
the problem here is the fact this endpoint is returning a 401 instead of
a 200 in this specific case.
Since we actually have enough information before performing this
mutation to know that it'll fail in the case of a bad auth token we'd
ideally re-work the code not to call the mutation on logout and just
perform the local clean up. Unfortunately it seems like the interactions
that this mutation is having with React Query at large is necessary for
our code to work as intended and thus it's not currently possible to
move the local clean up (the code inside of the `onSuccess`) outside of
the mutation. Shout out to @Parkreiner for helping me confirm this.
So until we can re-work the `AuthProvider` to be less brittle this PR
changes `onSuccess` to `onSettled` so that while the mutation still
fails with a 401, the local clean up still runs.
Closes#12056
fixes https://github.com/coder/internal/issues/559
This test is looking to see that after calling `coder schedule extend
<workspace> 10h`, the scheduled stop time of the workspace is updated
appropriately (or at least that the information printed to the terminal
indicates that).
By using two `time.Now()` calls for the current time and the expected
time, there was the possibility that the second call just barely crossed
over the hour mark. This is shown in the error message when the test
would flake: `wanted "2025-04-07T22:"; got " 2025-04-07T23:00:00+05:30
\r\n"` (the 00:00 letting us know we just barely crossed the hour).
Using the same time object to construct the expected time should fix the
issue.
## Summary
In this pull request we're adding support for OIDC allowed groups in the
OSS version as part of work for
https://github.com/coder/coder/issues/17027.
### Changes
- Restored support for parsing group allow list in OSS code
### Testing
- Added tests for OSS code
- Tested allowed/prohibited group OIDC flows in premium and OSS
Fixes https://github.com/coder/coder/issues/18350
I attempted the route of relying on just the session env vars, in hopes
that this issue was fixed in Toolbox and the process name matching was
no longer need, but it was not a fruitful endeavor and it seems to be
using the same connection logic as it did in gateway, just with new
binary and flag names.
## Description
This PR ensures that activity-based deadline extensions ("activity
bumping") are not applied to prebuilt workspaces. Prebuilds are managed
by the reconciliation loop and must not have `deadline` or
`max_deadline` values set or extended, as they are not part of the
regular lifecycle executor path.
## Changes
- Update `ActivityBumpWorkspace` SQL query to discard prebuilt
workspaces
- Update application layer to avoid calling activity bump logic on
prebuilt workspaces
Related with:
* Issue: https://github.com/coder/coder/issues/18898
* PR: https://github.com/coder/coder/pull/19252
Ethan