Description:
This PR updates the bundled Terraform binary and related version pins
from 1.14.1 to 1.14.5 (base image, installer fallback, and CI/test
fixtures). Terraform is statically built with an embedded Go runtime.
Moving to 1.14.5 updates the embedded toolchain and is intended to
address Go stdlib CVEs reported by security scanning.
Notes:
- Change is version-only; no functional Coder logic changes.
- Backport-friendly: intended to be cherry-picked to release branches
after merge.
Updates Terraform from 1.11.4 to 1.12.2 across all relevant files.
Changes include:
- GitHub Actions setup-tf configuration
- Dockerfile configurations (dogfood and base)
- Install script
- Provisioner install.go with version constants
- Test data files (tfstate.json, tfplan.json, version.txt)
Follows the same pattern as PR #17323 which updated to 1.11.4.
Co-authored-by: blink-so[bot] <211532188+blink-so[bot]@users.noreply.github.com>
Co-authored-by: sreya <4856196+sreya@users.noreply.github.com>
Closes https://github.com/coder/coder/issues/15851
This fails the installation when the version cannot be retrieved, and
prints useful debug info.
`install.sh` could use with more error-handling in general, but this at
least ameliorates the linked issue.
Signed-off-by: Danny Kopping <danny@coder.com>
* - Added a `--install-terraform` argument
- Added a unzip command check to the standalone function
- Cleaner error and help redirect the user to a solution
- Added help info for `--install-terraform` argument
- Fixed standalone install typo (ard64 -> arm64)
* - Corrected formatting errors, and renamed functions
* - Fixed typos
- Added recommend changes for consistency
* Removed unzip check in standalone function
* Fixed styling
* Moved the TERRAFORM_VERSION Var up
* feat: add doas support
Some people may have some reason to drop sudo and switch to doas
* chore: doas at the end
Just because it is relatively cold :-(
Co-authored-by: Kyle Carberry <kyle@carberry.com>
* chore(CI): add doas to pass CI
* fix syntax error
Co-authored-by: Kyle Carberry <kyle@carberry.com>
Co-authored-by: Ben <me@bpmct.net>
* feat: Add tunnel by default
If an access URL is not specified, we will always tunnel.
This is from community-member feedback who exclaimed that
it's confusing having the default for `coder server` display
a warning message, and I agree.
There is very little (maybe none) in running `coder server`
without tunnel and without an access URL, so this seems like
overall a much better UX.
* Update install.sh
Co-authored-by: Ben Potter <ben@coder.com>
* Update docs/install/packages.md
Co-authored-by: Ben Potter <ben@coder.com>
* Fix reset pass test
* Fix e2e test
Co-authored-by: Ben Potter <ben@coder.com>
Lukasz