shishantbiswas/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2026-06-02 20:48:20 +00:00
Code Issues Packages Projects Releases Wiki Activity
14,557 Commits 1,133 Branches 344 Tags
ee4126e913402ca1d450d82f1f35396b83691a2e
Commit Graph

503 Commits

Author SHA1 Message Date
Thomas Kosiewski e32be68687 fix(dogfood/coder): verify Homebrew installer (#25721) 2026-05-27 10:45:21 +02:00
Thomas Kosiewski bfa17c315e fix(dogfood/coder): persist mise user installs (#25720) 2026-05-27 09:54:09 +02:00
Thomas Kosiewski e9f0f81d76 fix(dogfood/coder): override mise oci build MISE_CONFIG_DIR bake (#25684) 
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Signed-off-by: Thomas Kosiewski <tk@coder.com>
 2026-05-26 18:44:54 +02:00
Thomas Kosiewski 8a2f28fa6a fix(dogfood/coder): fix install-deps heredoc and /opt/mise ownership (#25678) 
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Signed-off-by: Thomas Kosiewski <tk@coder.com>
 2026-05-26 15:57:48 +02:00
Thomas Kosiewski 51836e681e refactor: build dogfood image as base + mise oci layers (#25448) 
Splits the dogfood image into two artifacts:

- `ghcr.io/coder/oss-dogfood-base:<distro>-<base-sha>`: Ubuntu base with
apt packages, chrome, rustup, brew, gh, and the mise binary. The
base-sha is a cache key over `Dockerfile.base` and `files/`, so commits
that don't touch those inputs reuse the previous build.
- `codercom/oss-dogfood:<final-sha>-<distro>` and rolling tags
(`:22.04`, `:26.04`, `:latest`, `:<branch>`): produced by `mise oci
build` on top of the base, with one content-addressed OCI layer per mise
tool. The rolling tag scheme is unchanged, so the workspace template
doesn't need updating.

Single-tool version bumps now invalidate only that tool's OCI layer, so
workspaces re-pull just what changed instead of the entire 5-6 GB image
on every recreate.

Also:

- Drops the build-time `pnpm dlx playwright@1.47.0 install --with-deps
chromium` step (~400 MB) and the equivalent `playwright-driver.browsers`
install from `flake.nix`. `@playwright/mcp` (used by the claude-code and
codex MCP servers in `dogfood/coder/main.tf`) does NOT auto-install
browsers, so the existing `install-deps` `coder_script` now runs two
installs on workspace start: `pnpm exec playwright install chromium` for
the site's pinned `@playwright/test`, and `npx
--package=@playwright/mcp@latest playwright-core install --no-shell
chromium` so the MCP servers find their matching browser revision.
Browser revisions coexist under
`~/.cache/ms-playwright/chromium-<rev>/`, which lives on the home volume
so both downloads happen once per workspace recreate and persist across
restarts. Net effect: same MCP behavior as before, +~1-2 min on first
workspace start. Nix devshell users running site e2e tests locally now
need `pnpm exec playwright install` once (instead of getting browsers
via nixpkgs).
- Bumps the pinned mise binary to v2026.5.12 (matching main after
#25521) and adds top-level `min_version = "2026.5.12"` to `mise.toml` so
every consumer (devs, CI, the embedded mise inside the dogfood image,
mise oci builds) fails fast on an older mise.
- Adds bison, flex, libicu-dev, libreadline-dev, uuid-dev, and
zlib1g-dev to both Ubuntu base images for source-build use cases (e.g.,
building Postgres from source).
- Replaces skopeo with crane as the registry client `mise oci push`
shells out to: crane is added to `mise.toml`, the workflow drops its
`apt-get install skopeo` and forces `--tool crane`, and the local
wrapper image stops bundling skopeo. One source of truth for tool
versions, no apt drift, smaller wrapper image, and workspace users get a
registry client on PATH for free via mise oci's tool layers.
- Removes `nix.hash`/`mise.hash` and their Makefile rules. The registry
digest already captures every effective change since CI rebuilds when
any baked-in input moves; the per-file `filesha1()` entries in
`pull_triggers` are redundant.

Supersedes #25400 (the `mise.hash` pull trigger landed there in
`2b612abe7b`; this PR removes it as part of the broader simplification).

> [!NOTE]
> `mise oci build` is experimental and requires `MISE_EXPERIMENTAL=1`
(set at job level in the workflow). The local-only
`scripts/dogfood/mise-oci-wrapper.sh` builds a tiny
`coderdev/mise-oci-wrapper:<version>` Debian image with curl-installed
mise on first invocation (cached by version tag thereafter); we don't
reuse `jdxcode/mise:latest` because that tag lags upstream GitHub
releases by days and would defeat the `min_version` enforcement above.

> [!NOTE]
> `compute-base-sha.sh` and `compute-final-sha.sh` are cache keys, not
strict content addresses: the base Dockerfile still pulls dynamic
resources at build time (gh/buildx `releases/latest`, chrome
`stable_current_amd64.deb`, apt mirror state). Two runs with identical
checked-in files can produce slightly different bytes, which is
acceptable here because the cache-hit savings on irrelevant commits
outweigh that drift.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

---------

Signed-off-by: Thomas Kosiewski <tk@coder.com>
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-26 14:52:21 +02:00
Thomas Kosiewski 70ab2b9940 chore: switch helm to aqua backend and bump dogfood mise (#25521) 
mise's aqua plugin now templates `{{.Version}}` with the leading `v`, so
the official `get.helm.sh` URLs resolve without the hand-rolled `http:`
workaround that was added when the version-prefix templating was broken.

Drops the templated URL block (and its explanatory comment) in favor of
plain `helm = "3.21.0"`. The regenerated lockfile picks up windows-amd64
(which the old workaround intentionally omitted) and replaces the
locally-computed blake3 checksum with the upstream sha256 sums.

Follow-up to #25520, which bumped the pinned version to 3.21.

---------

Signed-off-by: Thomas Kosiewski <tk@coder.com>
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-20 11:34:30 +02:00
dependabot[bot] 0e36c78cc6 chore: bump the coder-modules group across 2 directories with 2 updates (#25480) 
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-19 11:00:34 +00:00
Thomas Kosiewski 7a985f8830 fix(dogfood): chown /etc/mise to coder so mise can update lockfile (#25431) 
Mise writes a temp file like `/etc/mise/.mise.lock.XXXXXX` and renames
it onto `mise.lock` for atomic updates, which requires write access to
the parent directory. `/etc/mise` was previously root-owned (`install
--directory --mode=0755` and `COPY` without `--chown` default to root),
so any mise command that updated the lockfile failed for the coder user:

```
mise ERROR failed to update lockfiles
mise ERROR Permission denied (os error 13) at path "/etc/mise/.mise.lock.HbuLAN"
```

Chown `/etc/mise` and the baked `config.toml` / `mise.lock` to
`coder:coder`, matching how `/opt/mise` is already set up. The dogfood
image is single-user, and mise is expected to update its own lockfile
when the coder user installs new tools.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Signed-off-by: Thomas Kosiewski <tk@coder.com>
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-18 12:26:30 +02:00
Thomas Kosiewski 2b612abe7b feat: trigger image pull on mise.toml or mise.lock changes (#25400) 
The dogfood Dockerfiles consume the repo-root `mise.toml` and
`mise.lock` at build time (see `.dockerignore` allowlist), but the
template's `pull_triggers` list ignored them, so mise-only changes (tool
bumps, new tools) didn't roll out to existing workspaces.

Mirror the `nix.hash` pattern: a Makefile rule writes the sha256 of both
files into `dogfood/coder/mise.hash`, and `main.tf` hashes that
in-module file via `filesha1`. Run `make dogfood/coder/mise.hash` after
editing `mise.toml`/`mise.lock`.

Signed-off-by: Thomas Kosiewski <tk@coder.com>
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-15 16:27:39 +00:00
Thomas Kosiewski 6d7fb07f4c feat: bake mise tools into a shared dir on dogfood image (#25387) 
Three changes to make mise-managed tooling reach every dogfood workspace
cleanly, with the upstream `devcontainers-cli` module fix as the
original trigger.

## Why the module breaks

The upstream [`devcontainers-cli` coder
module](https://github.com/coder/registry/blob/main/registry/coder/modules/devcontainers-cli/run.sh)
does `npm install -g @devcontainers/cli` and then verifies the binary is
on `PATH`. With mise-managed Node (introduced in #25282), `npm install
-g` lands the binary at `$MISE_DATA_DIR/installs/node/<ver>/bin/`, which
is *not* on `PATH` and which `mise reshim` does not surface as a shim.
The post-install check fails:

```
Installing @devcontainers/cli using npm...
changed 1 package in 661ms
Reshimming mise 26...
Installation completed but 'devcontainer' command not found in PATH
```

Even though nothing the user does is actually broken.

## What this PR does

1. **`mise.toml`** — pre-install `@devcontainers/cli` via mise's `npm:`
backend (`npm:@devcontainers/cli = "0.87.0"`). The mise shim lands at
`$MISE_DATA_DIR/shims/devcontainer`, on `PATH`. The upstream module's
`run.sh` short-circuits on its `command -v devcontainer` check and exits
0 without ever running the broken npm-install path. Strictly redundant
after fix the second point makes `npm i -g` work natively, but kept for
build-time pre-install and pinned-version reasons matching the other
mise-pinned CLIs.

2. **`dogfood/coder/ubuntu-*.04/Dockerfile`** — set
`NPM_CONFIG_PREFIX=/home/coder/.npm-global` and prepend
`/home/coder/.npm-global/bin` to `PATH`. With this, generic `npm install
-g <pkg>` (prettier, biome, anything frontend folks reach for) lands in
a stable home-volume dir that is already on `PATH`, survives node
version bumps, and needs no `mise reshim`. The mise `npm:` backend keeps
using its own `--prefix` internally so the `npm:@devcontainers/cli` pin
still installs under `$MISE_DATA_DIR` as before.

3. **`dogfood/coder/ubuntu-*.04/Dockerfile`** — install image tools into
`/opt/mise/data` at build time (owned by `coder`) and expose them at
runtime via `MISE_SHARED_INSTALL_DIRS=/opt/mise/data/installs`, keeping
`MISE_DATA_DIR=/home/coder/.local/share/mise` for the user's own
installs. This decouples baked tool versions from the home volume's
copy-on-first-mount: fresh and existing workspaces both immediately see
the image's tool set without a `mise install` step, and the user's own
`mise install <tool>` / `mise use --global` still lands on the home
volume. The `/opt/mise/data/shims` dir trails the user shim dir on
`PATH` so a user-installed version wins when both exist.

Pinned to `0.87.0` (current latest) so Renovate/Dependabot can bump
deliberately, matching the policy applied to the other floating tools
during the mise migration (`lazygit`, `doctl`, `jj`, `typos`,
`watchexec`).

---------

Signed-off-by: Thomas Kosiewski <tk@coder.com>
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-15 16:43:12 +02:00
Thomas Kosiewski 5f9b3220b5 chore: install dogfood image tooling via mise.toml (#25282) 
This PR replaces the hand-rolled `curl | tar | go install | cargo
install` chains in the dogfood Ubuntu 22.04 and 26.04 Dockerfiles with a
single `mise install` driven by a new repo-root `mise.toml`.

The previous Dockerfiles installed ~25 CLIs across three multi-stage
builds with versions hardcoded inline. Version bumps were scattered
across the Dockerfiles, the root `mise.toml` (added in #24618 but
otherwise unused at runtime), and CI's setup actions; build-time network
failures came from a dozen distinct endpoints; and `mise` itself sat in
the image with no manifest to install from.

The new flow:

- The repo's `mise.toml` is the single source of truth for image tool
versions. The Dockerfiles `COPY` it to `/etc/mise/config.toml` and run a
single `mise install` as the `coder` user.
- Tools are installed into `/opt/mise/data` rather than the default
`/home/coder/.local/share/mise`, so they live in the image (not on the
persistent home volume) and reach every workspace on recreate.
- Build context moves to the repo root so the Dockerfile can `COPY
mise.toml`; an allowlist `.dockerignore` keeps the transferred context
to ~24 kB.
- Optional `--secret id=github_token` plumbing through the Makefile and
`.github/workflows/dogfood.yaml` lifts aqua's GitHub API quota from
60/hr unauthenticated to 1000/hr with `secrets.GITHUB_TOKEN`.
- `MISE_TRUSTED_CONFIG_PATHS=/home/coder:/etc/mise` is set as an ENV so
users who clone the coder repo into their workspace home aren't prompted
to `mise trust`.

Net diff for the two Ubuntu Dockerfiles: -399 / +244 lines (~200 lines
shorter each). The `FROM rust-utils`, `FROM go`, and `FROM proto`
multi-stage builds are gone; so are the NVM/Node block, the bulk
binary-install block (golangci-lint, helm, kubectx, syft, cosign, bun),
the gh `.deb`/lazygit/doctl tarball installs, the gofmt
`update-alternatives` line, and the `yq`→`yq4` rename
(`scripts/lib.sh:267-275` already auto-detects either name).

Both images were built and smoke-tested with Apple's `container` CLI on
macOS — every migrated tool resolves to the expected pinned version
including outside the cloned coder repo (e.g. `gh` from `/home/coder`,
matching the workspace startup script in `dogfood/coder/main.tf`),
`sqlc` runs (proving `CGO_ENABLED=1` was honoured at install), `yq
--version` reports v4 for `scripts/lib.sh`'s detection, and `gofmt`
resolves via the mise shim.

Follow-ups (out of scope here):

- Commit a multi-platform `mise.lock` so `gh = "latest"` and the other
floating versions resolve deterministically across rebuilds and dev
machines.
- Migrate CI's `setup-go` / `setup-node` actions to consume `mise.toml`
so image and CI versions stop being able to drift.

---------

Signed-off-by: Thomas Kosiewski <tk@coder.com>
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-05-15 11:36:22 +02:00
Mathias Fredriksson 07be354683 feat(dogfood/coder): restart container unless stopped (#25382) 
Add `restart = "unless-stopped"` to the dogfood workspace container so
it automatically recovers from crashes, daemon restarts or server
reboots without requiring manual intervention.
 2026-05-15 12:35:52 +03:00
Kayla はな df5e16ed6d fix(dogfood): install rust-src component (#25349) 2026-05-14 12:06:00 -06:00
Ethan 8955599bd0 fix: bump sqlc fork to v1.31.1 merge, strip pg_dump meta-commands (#25105) 
Closes https://github.com/coder/internal/issues/965

Recent `pg_dump` patch releases (13.22+ / 14.19+ / 15.14+ / 16.10+ /
17.6+) emit `\restrict` / `\unrestrict` psql meta-commands at the head
and tail of schema dumps. These broke both `sqlc` and our
`scripts/migrate-test` schema-equality check. PR #19696 worked around it
by pinning `pg_dump` to a Docker image.

This change unpins the workaround now that `sqlc` handles the
meta-commands:

* Bumps the coder/sqlc fork pin to [`337309b` on
coder/sqlc:main](https://github.com/coder/sqlc/commit/337309bfb9524f38466a5090e310040fc7af0203),
the merge of upstream v1.31.1 (coder/sqlc#6). v1.31.1 includes
[sqlc-dev/sqlc#4390](https://github.com/sqlc-dev/sqlc/pull/4390), the
upstream `\restrict` / `\unrestrict` parser fix. Updated in three places
that pin the fork SHA: `flake.nix` (`sqlc-custom`),
`.github/actions/setup-sqlc/action.yaml`, and the
`dogfood/coder/ubuntu-{22,26}.04` Dockerfiles. The flake's `sha256` /
`vendorHash` are reset to `pkgs.lib.fakeSha256`; Nix will surface the
real hashes on first build, per the existing comment block.
* Reverts #19696's Docker pin in `coderd/database/dbtestutil/db.go`.
Local `pg_dump` (13+) and the `postgres:13` Docker fallback both work
again.
* Strips `\restrict` / `\unrestrict` lines in `normalizeDump` so
`scripts/migrate-test`'s schema comparison is stable across `pg_dump`
versions (the token in those lines is randomized per run).
`TestNormalizeDumpStripsRestrict` locks the behavior in.
* Regenerates with v1.31.1, picking up the version stamp and one
upstream correctness fix in `DeleteLicense`
([sqlc-dev/sqlc#4383](https://github.com/sqlc-dev/sqlc/pull/4383): don't
shadow the input parameter when scanning a single-column return).
 2026-05-13 18:55:24 +10:00
Kayla はな d8ca626aec chore(dogfood): use default rustup profile (#25165) 2026-05-11 19:47:49 -06:00
Jon Ayers eef09f3d98 chore: update terraform to v1.15.2 (#25045) 2026-05-07 11:07:19 -05:00
Dean Sheather 1564f2d745 chore: pin Docker 27 on dogfood Ubuntu 26.04 image (#25028) 
## Summary

- switch the Ubuntu 26.04 dogfood image to Docker's jammy apt repository
so Docker 27 remains available
- pin `docker-ce` and `docker-ce-cli` to the Docker 27 line and keep
`containerd.io` pinned to `1.7.23-1`
- fold the containerd pin into the Docker preferences file, remove the
duplicate containerd preferences file, and hold the installed Docker
packages in the image

## Notes

Docker 28+ requires `containerd.io >= 1.7.27`, but sysbox /
Docker-in-Docker currently requires `containerd.io=1.7.23-1`, so the
image needs the older Docker 27 packages from the jammy repo.

## Testing

- Not run locally; verified the branch diff only.
 2026-05-07 20:21:41 +10:00
Thomas Kosiewski f605d6bcb4 feat(dogfood/coder): add brew and mise to ubuntu images (#24618) 
This adds Homebrew and mise to the Ubuntu dogfood images and makes mise
shims win
PATH resolution for the `coder` user. It installs Homebrew in
`/home/linuxbrew/.linuxbrew`, installs the latest mise release
(`v2026.4.19`) via
its verified GitHub release artifact, exposes mise at
`/usr/local/bin/mise`, wires
`HOMEBREW_*` and `MISE_DATA_DIR`, and adds build-time checks for both
tools. The
mise executable target lives in writable `/opt/mise/bin` so `mise
self-update`
can replace it as the `coder` user. This also adds `libc6-dev` to the Go
utility
stages so the existing CGO-backed tool installs keep building on newer
Ubuntu
bases.

The dogfood template now mounts a dedicated `/home/linuxbrew/` Docker
volume in
addition to `/home/coder/`. Fresh volumes are seeded from the
image-baked
Homebrew tree on first mount, while user-installed formulae persist
across
workspace container recreation.

I revalidated the bootstrap on jammy and resolute base images with fresh
mounted
`/home/coder` and `/home/linuxbrew` volumes. In those runs, `brew
install hello`
succeeded, `mise doctor` reported no PATH or activation problems, `mise
self-update --force --yes --no-plugins 2026.4.19` succeeded as `coder`,
and
`mise use --global github:BurntSushi/ripgrep@14.1.1` moved `rg`
resolution to
the mise shim after container recreation.

---

<details>
<summary>📋 Implementation Plan</summary>

# Plan: add `mise` and Homebrew to the dogfood Ubuntu images with
mise-first PATH

## Goal

- Make both dogfood Ubuntu images ship `brew` and `mise`.
- Ensure `mise doctor` does **not** complain about activation/PATH
ordering in the shell entrypoints we support.
- Keep the implementation robust against the persistent `/home/coder`
volume used by the dogfood template.

## Verified context

- The relevant image definitions are:
  - `dogfood/coder/ubuntu-22.04/Dockerfile`
  - `dogfood/coder/ubuntu-26.04/Dockerfile`
- The dogfood template mounts a persistent home volume at `/home/coder/`
in
`dogfood/coder/main.tf:840-843`, so required image-baked state should
not
  live only under `/home/coder`.
- Both Dockerfiles already manipulate PATH in multiple places:
  - Go appended early (`:26`)
- Cargo prepended (`ubuntu-26.04/Dockerfile:202-206`; mirrored in 22.04)
- Node via nvm prepended (`ubuntu-26.04/Dockerfile:245-255`; mirrored in
    22.04)
  - Final `coder` PATH prepends `/home/coder/go/bin`
    (`ubuntu-26.04/Dockerfile:348-358`; mirrored in 22.04)
- `COPY files /` is already present in both Dockerfiles, so adding new
global
  shell-init files is possible without Terraform changes.
- `scripts/lib.sh:94-124` uses `command -v` for dependency detection, so
PATH
  order is the practical repo-level behavior we need to control.
- `.github/workflows/dogfood.yaml:99-126` builds both Ubuntu variants,
and the
22.04 image is still tagged `latest`, so both Dockerfiles must be
updated in
  the same change.

## Recommended implementation

### Phase 1 — Bootstrap Homebrew and `mise` in both Ubuntu Dockerfiles

1. Update both Dockerfiles in parallel:
   - `dogfood/coder/ubuntu-22.04/Dockerfile`
   - `dogfood/coder/ubuntu-26.04/Dockerfile`
2. Add the minimum explicit Homebrew prerequisites that are missing from
the
   current apt package set.
- The images already install `build-essential`, `curl`, `file`, and
`git`.
- Audit whether `procps` must be added explicitly for Homebrew’s Linux
     requirements.
3. Install Homebrew in the supported Linux prefix:
   - Prefix: `/home/linuxbrew/.linuxbrew`
- Keep the install/build logic in the Dockerfile, before `USER coder`.
- Make the resulting prefix writable by `coder` before switching users.
Prefer the smallest-diff approach that leaves `brew install ...` usable
as
     `coder`.
4. Install `mise` to a stable image-owned path instead of relying on
   `~/.local/bin`:
   - Preferred binary path: `/usr/local/bin/mise`
- Use a pinned installation method that fits the current Dockerfile
style
(versioned release asset or otherwise explicitly pinned installer path).
5. Add defensive build-time sanity checks near the install steps so the
image
   fails early if assumptions are wrong:
   - `test -x /usr/local/bin/mise`
   - `test -x /home/linuxbrew/.linuxbrew/bin/brew`
   - `brew --version`
   - `mise --version`

**Quality gate:** both Dockerfiles build locally, and the resulting
container can
run `brew --version` and `mise --version` as `coder`.

### Phase 2 — Make `mise` win PATH resolution by default

1. After `USER coder` in both Dockerfiles, define stable environment
variables
   for the final shell/runtime behavior:
   - `HOMEBREW_PREFIX=/home/linuxbrew/.linuxbrew`
   - `MISE_DATA_DIR=/home/coder/.local/share/mise`
   - `MISE_ACTIVATE_AGGRESSIVE=1` only if later shell activation proves
     necessary
2. Replace the final PATH composition so it resolves in this order:
   1. `mise` shims
   2. Homebrew `bin`/`sbin`
   3. Existing `/home/coder/go/bin`
   4. Existing image/system PATH
3. Keep the current Go/Rust/Node setup intact aside from the final PATH
ordering. Add a short Dockerfile comment explaining that `mise` shims
must be
first so `mise doctor` and `command -v` resolve `mise`-managed tools
ahead of
   Homebrew/system binaries.
4. Do **not** rely on image-baked `mise` state under `/home/coder` for
the
   initial implementation. The goal here is binary availability and path
   precedence, not preinstalling shared `mise` toolchains.

**Quality gate:** in a fresh container as `coder`, `echo "$PATH"` shows
`mise` shims before Homebrew, and `mise doctor`/`mise doctor path` show
no PATH
or activation problem in the tested shell entrypoints.

### Phase 3 — Add shell-init hardening only if smoke tests prove it is
needed

1. Start with the Dockerfile `ENV PATH` solution as the default
behavior.
2. If dogfooding shows that supported login shells still need shell
integration
beyond the final `ENV PATH`, add minimal global shell-init files under:
   - `dogfood/coder/ubuntu-22.04/files/etc/profile.d/`
   - `dogfood/coder/ubuntu-26.04/files/etc/profile.d/`
3. If these files are needed, keep them narrowly scoped:
   - a Homebrew file that exports/evals `brew shellenv`
- a `mise` file that only reinforces the intended shims-first behavior
4. Avoid touching per-user dotfiles in `/home/coder`; they are the wrong
place
   for required image behavior because of the persistent home volume.

**Quality gate:** if profile.d files are added, login-shell smoke tests
pass and
we do not introduce new PATH-order regressions versus the
Dockerfile-only path.

## Acceptance criteria

- Both Ubuntu dogfood Dockerfiles are updated in one change and still
build.
- `brew` is installed in `/home/linuxbrew/.linuxbrew` and is usable as
`coder`.
- `mise` is installed at `/usr/local/bin/mise` and is usable as `coder`.
- `mise doctor` does not report an activation/PATH-ordering problem in
the
  shell entrypoints we verify.
- Final PATH precedence is:
  1. `mise` shims
  2. Homebrew `bin`/`sbin`
  3. existing user/tool paths
  4. system paths
- Existing dogfood workflows still work for Go/Rust/Node tooling after
the PATH
  change.
- The change passes the dogfood image CI path in
`.github/workflows/dogfood.yaml`.

## Dogfooding and verification

1. Build both images locally:
   - `dogfood/coder/ubuntu-22.04`
   - `dogfood/coder/ubuntu-26.04`
2. Run each image with an empty mounted home volume at `/home/coder` to
mimic
the actual dogfood runtime constraint instead of only testing the
image’s
   baked filesystem.
3. Capture a short terminal recording and screenshots for each variant
showing:
   - `brew --prefix`
   - `brew --version`
   - `mise --version`
   - `echo "$PATH"`
   - `mise doctor`
   - `mise doctor path`
4. Verify at least one login-shell path and one non-login-shell path, so
we can
tell whether Dockerfile `ENV PATH` is sufficient or whether
`/etc/profile.d`
   hardening is required.
5. Add one tool-resolution smoke test that proves `mise` wins when
configured:
   - install/use a small `mise`-managed runtime as `coder`
   - run `which -a <tool>`
   - run `<tool> --version`
6. Verify existing image behavior did not regress:
   - `go version`
   - `node --version`
   - any other must-have image tools that were already on PATH
7. Preserve the artifacts from dogfooding for review:
   - screenshots attached to the change summary
- a short screen recording (or terminal recording) covering the smoke
test

## Risks and decision points

- **Homebrew ownership model:** installing Homebrew during `docker
build` is not
  enough by itself; the prefix must end up writable for `coder`.
- **Scope control:** the initial change should solve `mise doctor` by
fixing PATH
  precedence, not by introducing a larger `mise`-managed tool bootstrap.
- **Shell-init uncertainty:** if the dogfood terminal entrypoints do not
source
`/etc/profile`, a Dockerfile `ENV PATH` fix may be sufficient and
profile.d
may be unnecessary. This should be decided by smoke tests, not by
assumption.
- **Persistent home behavior:** avoid any required implementation detail
that
  only works if fresh volumes copy image-baked `/home/coder` contents.

<details>
<summary>Why this is the lowest-risk path</summary>

This plan keeps the initial implementation focused on the user’s stated
goal:
install Homebrew and `mise`, then guarantee that `mise`-controlled paths
win so
`mise doctor` stays quiet.

The main repo-specific constraint is the persistent `/home/coder`
volume. That
pushes required binaries and ownership-sensitive state out of
`/home/coder`
where possible, and it argues against relying on user dotfiles for
required
image behavior.

Starting with Dockerfile-level install steps plus a final PATH reorder
keeps the
diff small, makes behavior consistent across shells, and gives us a
clean place
to add shell-init hardening only if the smoke tests prove it is
necessary.
</details>

</details>

---
_Generated with [`mux`](https://github.com/coder/mux) • Model:
`openai:gpt-5.5` • Thinking: `xhigh`_
 2026-05-07 09:24:08 +02:00
Mathias Fredriksson 1e5f1d3206 fix(dogfood/coder): set CODER_AGENT_EXP_MCP_CONFIG_FILES on container, not agent env (#24998) 2026-05-06 15:02:09 +00:00
Atif Ali 3d03c393d2 chore: bump Go toolchain version to 1.26.2 (#24975) 
## Summary
Bumps the repository Go toolchain from 1.25.9 to 1.26.2 across local
development, CI, dogfood Docker images, and Nix builds.

## Changes
- Update `go.mod` and the shared setup-go action to Go 1.26.2.
- Update dogfood Ubuntu image Go versions and the official linux-amd64
tarball checksum.
- Move Nix Go module builds from `buildGo125Module` to
`buildGo126Module`.
- Regenerate API docs affected by Go 1.26 stdlib URL documentation
changes.

## Validation
- `./scripts/check_go_versions.sh`
- `make fmt`
- `make lint`
- `make build-slim`
- `make test TEST_SHORT=1`
- `make pre-commit`

> 🤖 This PR was created with the help of Coder Agents, and needs a human
review. 🧑💻
 2026-05-06 17:06:07 +05:00
Atif Ali 4385cabf6d chore: bump to refactored Claude and Codex modules (#24981) 
Bumps the dogfood template to the refactored Claude Code and Codex
modules and removes the Coder Tasks integration.

Claude and Codex now use slim-window app buttons that launch each tool
in its own tmux session. This replaces the task-specific `develop.sh`
and `preview` apps that were only created for Coder Tasks workspaces.

The PR also wires the OpenAI dogfood secret through the deployment
template so Codex can fall back to template configured BYOK when AI
Gateway is disabled.

Tested with this template version:
[https://dev.coder.com/templates/coder/coder/versions/outstanding_hermann97](<https://dev.coder.com/templates/coder/coder/versions/outstanding_hermann97>)
 2026-05-06 17:05:34 +05:00
dependabot[bot] e8e9e51036 chore: bump the coder-modules group across 3 directories with 1 update (#24953) 
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-05-05 03:18:23 +00:00
Kayla はな 12e9f5bb61 chore: upgrade to pnpm 10.33 (#24746) 2026-04-28 12:12:13 -06:00
Mathias Fredriksson 7e29a67b50 chore(dogfood): add CODER_AGENT_EXP_MCP_CONFIG_FILES env var (#24664) 
Set CODER_AGENT_EXP_MCP_CONFIG_FILES to ~/.mcp.json,.mcp.json so the
Coder agent reads both the harness-managed global MCP config and any
project-local .mcp.json. The agent resolves .mcp.json relative to its
manifest Directory (~/coder), so without this env var, a ~/.mcp.json
written by a user harness would be invisible to the agent.

Multiple files are merged by Manager.Connect; first file wins on name
conflicts. Missing files are silently skipped.
 2026-04-23 13:07:20 +03:00
Ehab Younes ee563636ed fix(dogfood): update display name and add README (#24487) 
Update the `vscode-coder` dogfood template with better naming,
documentation, and agent testing instructions.
 2026-04-17 19:06:44 +03:00
Ehab Younes a41c8d73b1 fix(dogfood): fix capitalization typo and extra blank line (#24481) 2026-04-17 13:42:39 +00:00
Dean Sheather c0abf8f7e3 chore: add import block for vscode-coder template in dogfood (#24472) 
<!--

If you have used AI to produce some or all of this PR, please ensure you
have read our [AI Contribution
guidelines](https://coder.com/docs/about/contributing/AI_CONTRIBUTING)
before submitting.

-->
 2026-04-17 22:51:57 +10:00
Ehab Younes 890c610e08 chore: add dogfood template for coder/vscode-coder development (#24306) 
Add a new template to dev.coder.com for developing the coder/vscode-coder
VS Code extension.

The Docker image is based on node:24-slim (pinned by digest) with git, gh
CLI, dbus, and sudo. Electron system libraries are installed at workspace
startup via playwright install-deps so they stay in sync with the project's
Electron version without Dockerfile changes.

The template includes IDE selection (VS Code Desktop, code-server, Cursor,
etc.), filebrowser, dotfiles, and Claude Code for AI tasks.
 2026-04-17 14:00:39 +03:00
Kayla はな fded2cb5c9 fix: fix image_type options (#24411) 2026-04-15 20:07:19 -06:00
Kayla はな fda05938bb fix: fix dogfood template presets (#24406) 2026-04-15 16:18:04 -06:00
Kayla はな d23a6959fc chore: upgrade to ubuntu 26.04 (#24267) 2026-04-15 15:02:47 -06:00
Lukasz 03d662a06c build: bump Go toolchain to 1.25.9 (#24293) 
Bumps the Go toolchain from 1.25.8 to 1.25.9 across `go.mod`, the shared
setup-go action, and the dogfood image.
This keeps local builds, CI, and containerized workflows aligned on the
latest patch release, including the updated Go tarball checksum in the
Dockerfile.
 2026-04-14 12:15:31 +02:00
dependabot[bot] 3e25cc9238 chore: bump the coder-modules group across 2 directories with 2 updates (#24258) 
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-10 20:17:18 +00:00
dependabot[bot] bb64cab8a5 chore: bump rust from a08d20a to cf09adf in /dogfood/coder (#24257) 
Bumps rust from `a08d20a` to `cf09adf`.


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=rust&package-manager=docker&previous-version=slim&new-version=slim)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-10 20:08:56 +00:00
dependabot[bot] 99da498679 chore: bump rust from 1d0000a to a08d20a in /dogfood/coder (#24083) 
Bumps rust from `1d0000a` to `a08d20a`.


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=rust&package-manager=docker&previous-version=slim&new-version=slim)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-07 11:10:47 +00:00
dependabot[bot] a20b817c28 chore: bump ubuntu from 5e5b128 to eb29ed2 in /dogfood/coder (#24082) 
Bumps ubuntu from `5e5b128` to `eb29ed2`.


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ubuntu&package-manager=docker&previous-version=jammy&new-version=jammy)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-07 11:10:33 +00:00
dependabot[bot] 5000f15021 chore: bump the coder-modules group across 2 directories with 1 update (#24061) 
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-07 00:36:48 +00:00
dependabot[bot] 44be5a0d1e chore: update kreuzwerker/docker requirement from ~> 3.6 to ~> 4.0 in /dogfood/coder (#24062) 
Updates the requirements on
[kreuzwerker/docker](https://github.com/kreuzwerker/terraform-provider-docker)
to permit the latest version.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/kreuzwerker/terraform-provider-docker/releases">kreuzwerker/docker's
releases</a>.</em></p>
<blockquote>
<h1>v4.0.0</h1>
<p><strong>Please read <a
href="https://github.com/kreuzwerker/terraform-provider-docker/blob/master/docs/v3_v4_migration.md">https://github.com/kreuzwerker/terraform-provider-docker/blob/master/docs/v3_v4_migration.md</a></strong></p>
<p>This is a major release with potential breaking changes. For most
users, however, no changes to terraform code are needed.</p>
<h2>What's Changed</h2>
<h3>New Features</h3>
<ul>
<li>feat: Add muxing to introduce new plugin framework by <a
href="https://github.com/Junkern"><code>@​Junkern</code></a> in <a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/pull/838">kreuzwerker/terraform-provider-docker#838</a></li>
<li>Feature: Multiple enhancements by <a
href="https://github.com/Junkern"><code>@​Junkern</code></a> in <a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/pull/854">kreuzwerker/terraform-provider-docker#854</a></li>
<li>Feat: Make buildx builder default by <a
href="https://github.com/Junkern"><code>@​Junkern</code></a> in <a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/pull/855">kreuzwerker/terraform-provider-docker#855</a></li>
<li>Feature: Add new docker container attributes by <a
href="https://github.com/Junkern"><code>@​Junkern</code></a> in <a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/pull/857">kreuzwerker/terraform-provider-docker#857</a></li>
<li>feat: add selinux_relabel attribute to docker_container volumes by
<a href="https://github.com/Junkern"><code>@​Junkern</code></a> in <a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/pull/883">kreuzwerker/terraform-provider-docker#883</a></li>
<li>feat: Add CDI device support by <a
href="https://github.com/jdon"><code>@​jdon</code></a> in <a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/pull/762">kreuzwerker/terraform-provider-docker#762</a></li>
<li>feat: Implement proper parsing of GPU device requests when using
gpus… by <a href="https://github.com/Junkern"><code>@​Junkern</code></a>
in <a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/pull/881">kreuzwerker/terraform-provider-docker#881</a></li>
</ul>
<h3>Fixes</h3>
<ul>
<li>fix(deps): update module golang.org/x/sync to v0.19.0 by <a
href="https://github.com/renovate"><code>@​renovate</code></a>[bot] in
<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/pull/828">kreuzwerker/terraform-provider-docker#828</a></li>
<li>fix(deps): update module github.com/hashicorp/terraform-plugin-log
to v0.10.0 by <a
href="https://github.com/renovate"><code>@​renovate</code></a>[bot] in
<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/pull/823">kreuzwerker/terraform-provider-docker#823</a></li>
<li>fix(deps): update module github.com/morikuni/aec to v1.1.0 by <a
href="https://github.com/renovate"><code>@​renovate</code></a>[bot] in
<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/pull/829">kreuzwerker/terraform-provider-docker#829</a></li>
<li>fix(deps): update module google.golang.org/protobuf to v1.36.11 by
<a href="https://github.com/renovate"><code>@​renovate</code></a>[bot]
in <a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/pull/830">kreuzwerker/terraform-provider-docker#830</a></li>
<li>fix(deps): update module github.com/sirupsen/logrus to v1.9.4 by <a
href="https://github.com/renovate"><code>@​renovate</code></a>[bot] in
<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/pull/836">kreuzwerker/terraform-provider-docker#836</a></li>
<li>chore: Add deprecation for docker_service.networks_advanced.name by
<a href="https://github.com/Junkern"><code>@​Junkern</code></a> in <a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/pull/837">kreuzwerker/terraform-provider-docker#837</a></li>
<li>fix: Refactor docker container state handling to properly restart
whe… by <a href="https://github.com/Junkern"><code>@​Junkern</code></a>
in <a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/pull/841">kreuzwerker/terraform-provider-docker#841</a></li>
<li>fix: docker container stopped ports by <a
href="https://github.com/Junkern"><code>@​Junkern</code></a> in <a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/pull/842">kreuzwerker/terraform-provider-docker#842</a></li>
<li>fix: correctly set docker_container devices by <a
href="https://github.com/Junkern"><code>@​Junkern</code></a> in <a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/pull/843">kreuzwerker/terraform-provider-docker#843</a></li>
<li>fix(deps): update module github.com/katbyte/terrafmt to v0.5.6 by <a
href="https://github.com/renovate"><code>@​renovate</code></a>[bot] in
<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/pull/844">kreuzwerker/terraform-provider-docker#844</a></li>
<li>fix(deps): update module
github.com/hashicorp/terraform-plugin-sdk/v2 to v2.38.2 by <a
href="https://github.com/renovate"><code>@​renovate</code></a>[bot] in
<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/pull/847">kreuzwerker/terraform-provider-docker#847</a></li>
<li>fix: Use DOCKER_CONFIG env same way as with docker cli by <a
href="https://github.com/Junkern"><code>@​Junkern</code></a> in <a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/pull/849">kreuzwerker/terraform-provider-docker#849</a></li>
<li>Fix: calculation of Dockerfile path in docker_image build by <a
href="https://github.com/Junkern"><code>@​Junkern</code></a> in <a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/pull/853">kreuzwerker/terraform-provider-docker#853</a></li>
<li>chore(deps): update actions/checkout action to v6 by <a
href="https://github.com/renovate"><code>@​renovate</code></a>[bot] in
<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/pull/825">kreuzwerker/terraform-provider-docker#825</a></li>
<li>chore(deps): update hashicorp/setup-terraform action to v4 by <a
href="https://github.com/renovate"><code>@​renovate</code></a>[bot] in
<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/pull/860">kreuzwerker/terraform-provider-docker#860</a></li>
<li>fix(deps): update module github.com/hashicorp/terraform-plugin-go to
v0.30.0 by <a
href="https://github.com/renovate"><code>@​renovate</code></a>[bot] in
<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/pull/861">kreuzwerker/terraform-provider-docker#861</a></li>
<li>fix(deps): update module
github.com/hashicorp/terraform-plugin-framework to v1.18.0 by <a
href="https://github.com/renovate"><code>@​renovate</code></a>[bot] in
<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/pull/862">kreuzwerker/terraform-provider-docker#862</a></li>
<li>fix(deps): update module github.com/hashicorp/terraform-plugin-mux
to v0.22.0 by <a
href="https://github.com/renovate"><code>@​renovate</code></a>[bot] in
<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/pull/863">kreuzwerker/terraform-provider-docker#863</a></li>
<li>fix(deps): update module
github.com/hashicorp/terraform-plugin-sdk/v2 to v2.39.0 by <a
href="https://github.com/renovate"><code>@​renovate</code></a>[bot] in
<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/pull/864">kreuzwerker/terraform-provider-docker#864</a></li>
<li>chore(deps): update docker/setup-docker-action action to v5 by <a
href="https://github.com/renovate"><code>@​renovate</code></a>[bot] in
<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/pull/866">kreuzwerker/terraform-provider-docker#866</a></li>
<li>chore(deps): update dependency golangci/golangci-lint to v2.10.1 by
<a href="https://github.com/renovate"><code>@​renovate</code></a>[bot]
in <a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/pull/869">kreuzwerker/terraform-provider-docker#869</a></li>
<li>fix(deps): update module golang.org/x/sync to v0.20.0 by <a
href="https://github.com/renovate"><code>@​renovate</code></a>[bot] in
<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/pull/872">kreuzwerker/terraform-provider-docker#872</a></li>
<li>Prevent <code>docker_registry_image</code> panic on registries
returning nil body without digest header by <a
href="https://github.com/Copilot"><code>@​Copilot</code></a> in <a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/pull/880">kreuzwerker/terraform-provider-docker#880</a></li>
<li>fix: Handle size_bytes in tmpfs_options in docker_service by <a
href="https://github.com/Junkern"><code>@​Junkern</code></a> in <a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/pull/882">kreuzwerker/terraform-provider-docker#882</a></li>
<li>chore(deps): update dependency golangci/golangci-lint to v2.11.4 by
<a href="https://github.com/renovate"><code>@​renovate</code></a>[bot]
in <a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/pull/871">kreuzwerker/terraform-provider-docker#871</a></li>
<li>fix: tests for healthcheck is not required for docker container
resource by <a
href="https://github.com/vnghia"><code>@​vnghia</code></a> in <a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/pull/834">kreuzwerker/terraform-provider-docker#834</a></li>
<li>chore: Prepare 4.0.0 release by <a
href="https://github.com/Junkern"><code>@​Junkern</code></a> in <a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/pull/884">kreuzwerker/terraform-provider-docker#884</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/kreuzwerker/terraform-provider-docker/blob/master/CHANGELOG.md">kreuzwerker/docker's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/kreuzwerker/terraform-provider-docker/compare/v3.9.0...v4.0.0">v4.0.0</a>
(2026-04-03)</h2>
<h3>Chore</h3>
<ul>
<li>Add deprecation for docker_service.networks_advanced.name (<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/issues/837">#837</a>)</li>
</ul>
<h3>Feat</h3>
<ul>
<li>add selinux_relabel attribute to docker_container volumes (<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/issues/883">#883</a>)</li>
<li>Implement proper parsing of GPU device requests when using gpus… (<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/issues/881">#881</a>)</li>
<li>Add CDI device support (<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/issues/762">#762</a>)</li>
<li>Add muxing to introduce new plugin framework (<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/issues/838">#838</a>)</li>
</ul>
<h3>Feat</h3>
<ul>
<li>Make buildx builder default (<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/issues/855">#855</a>)</li>
</ul>
<h3>Feature</h3>
<ul>
<li>Add new docker container attributes (<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/issues/857">#857</a>)</li>
<li>Multiple enhancements (<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/issues/854">#854</a>)</li>
</ul>
<h3>Fix</h3>
<ul>
<li>tests for healthcheck is not required for docker container resource
(<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/issues/834">#834</a>)</li>
<li>Handle size_bytes in tmpfs_options in docker_service (<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/issues/882">#882</a>)</li>
<li>Use DOCKER_CONFIG env same way as with docker cli (<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/issues/849">#849</a>)</li>
<li>correctly set docker_container devices (<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/issues/843">#843</a>)</li>
<li>docker container stopped ports (<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/issues/842">#842</a>)</li>
<li>Refactor docker container state handling to properly restart when
exited (<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/issues/841">#841</a>)</li>
</ul>
<h3>Fix</h3>
<ul>
<li>calculation of Dockerfile path in docker_image build (<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/issues/853">#853</a>)</li>
</ul>
<p><!-- raw HTML omitted --><!-- raw HTML omitted --></p>
<h2><a
href="https://github.com/kreuzwerker/terraform-provider-docker/compare/v3.8.0...v3.9.0">v3.9.0</a>
(2025-11-09)</h2>
<h3>Chore</h3>
<ul>
<li>Prepare release v3.9.0 (<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/issues/821">#821</a>)</li>
<li>Add file requested by hashicorp (<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/issues/813">#813</a>)</li>
<li>Prepare release v3.8.0 (<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/issues/806">#806</a>)</li>
</ul>
<h3>Feat</h3>
<ul>
<li>Implement caching of docker provider (<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/issues/808">#808</a>)</li>
</ul>
<h3>Fix</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/kreuzwerker/terraform-provider-docker/commit/b7296b7ec5af2f1c7516077d7056d563a1da774e"><code>b7296b7</code></a>
chore: Prepare 4.0.0 release (<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/issues/884">#884</a>)</li>
<li><a
href="https://github.com/kreuzwerker/terraform-provider-docker/commit/b25e44ac7b3ede532d307fc6abe6daf39c7d6d56"><code>b25e44a</code></a>
feat: add selinux_relabel attribute to docker_container volumes (<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/issues/883">#883</a>)</li>
<li><a
href="https://github.com/kreuzwerker/terraform-provider-docker/commit/83b9e13b64fb78923ef88a8baeeece4611f61930"><code>83b9e13</code></a>
fix: tests for healthcheck is not required for docker container resource
(<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/issues/834">#834</a>)</li>
<li><a
href="https://github.com/kreuzwerker/terraform-provider-docker/commit/5f4cbc5673699b01c31801ba6154e9f1243a6af0"><code>5f4cbc5</code></a>
chore(deps): update dependency golangci/golangci-lint to v2.11.4 (<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/issues/871">#871</a>)</li>
<li><a
href="https://github.com/kreuzwerker/terraform-provider-docker/commit/83a89ad5a139bb9bffe11cef3b14b98f28109b36"><code>83a89ad</code></a>
fix: Handle size_bytes in tmpfs_options in docker_service (<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/issues/882">#882</a>)</li>
<li><a
href="https://github.com/kreuzwerker/terraform-provider-docker/commit/57d8be485145db54678b2773d38f1dd7c9927cda"><code>57d8be4</code></a>
feat: Implement proper parsing of GPU device requests when using gpus…
(<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/issues/881">#881</a>)</li>
<li><a
href="https://github.com/kreuzwerker/terraform-provider-docker/commit/e63d18d450f11e3293fa14b52cb20ee3f11b2cba"><code>e63d18d</code></a>
Prevent <code>docker_registry_image</code> panic on registries returning
nil body withou...</li>
<li><a
href="https://github.com/kreuzwerker/terraform-provider-docker/commit/8bac991400ae971425d61be5c6e442a1b3f8515c"><code>8bac991</code></a>
feat: Add CDI device support (<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/issues/762">#762</a>)</li>
<li><a
href="https://github.com/kreuzwerker/terraform-provider-docker/commit/5c3c660fb54e52ccfd82b76ceb685bc82aed7885"><code>5c3c660</code></a>
fix(deps): update module golang.org/x/sync to v0.20.0 (<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/issues/872">#872</a>)</li>
<li><a
href="https://github.com/kreuzwerker/terraform-provider-docker/commit/75cba1d6ef1b76777443035f0f96c19b5c974553"><code>75cba1d</code></a>
chore(deps): update dependency golangci/golangci-lint to v2.10.1 (<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/issues/869">#869</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/kreuzwerker/terraform-provider-docker/compare/v3.6.0...v4.0.0">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-07 00:29:03 +00:00
dependabot[bot] 3ca2aae9ca chore: update kreuzwerker/docker requirement from ~> 3.0 to ~> 4.0 in /dogfood/coder-envbuilder (#24063) 
Updates the requirements on
[kreuzwerker/docker](https://github.com/kreuzwerker/terraform-provider-docker)
to permit the latest version.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/kreuzwerker/terraform-provider-docker/releases">kreuzwerker/docker's
releases</a>.</em></p>
<blockquote>
<h1>v4.0.0</h1>
<p><strong>Please read <a
href="https://github.com/kreuzwerker/terraform-provider-docker/blob/master/docs/v3_v4_migration.md">https://github.com/kreuzwerker/terraform-provider-docker/blob/master/docs/v3_v4_migration.md</a></strong></p>
<p>This is a major release with potential breaking changes. For most
users, however, no changes to terraform code are needed.</p>
<h2>What's Changed</h2>
<h3>New Features</h3>
<ul>
<li>feat: Add muxing to introduce new plugin framework by <a
href="https://github.com/Junkern"><code>@​Junkern</code></a> in <a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/pull/838">kreuzwerker/terraform-provider-docker#838</a></li>
<li>Feature: Multiple enhancements by <a
href="https://github.com/Junkern"><code>@​Junkern</code></a> in <a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/pull/854">kreuzwerker/terraform-provider-docker#854</a></li>
<li>Feat: Make buildx builder default by <a
href="https://github.com/Junkern"><code>@​Junkern</code></a> in <a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/pull/855">kreuzwerker/terraform-provider-docker#855</a></li>
<li>Feature: Add new docker container attributes by <a
href="https://github.com/Junkern"><code>@​Junkern</code></a> in <a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/pull/857">kreuzwerker/terraform-provider-docker#857</a></li>
<li>feat: add selinux_relabel attribute to docker_container volumes by
<a href="https://github.com/Junkern"><code>@​Junkern</code></a> in <a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/pull/883">kreuzwerker/terraform-provider-docker#883</a></li>
<li>feat: Add CDI device support by <a
href="https://github.com/jdon"><code>@​jdon</code></a> in <a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/pull/762">kreuzwerker/terraform-provider-docker#762</a></li>
<li>feat: Implement proper parsing of GPU device requests when using
gpus… by <a href="https://github.com/Junkern"><code>@​Junkern</code></a>
in <a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/pull/881">kreuzwerker/terraform-provider-docker#881</a></li>
</ul>
<h3>Fixes</h3>
<ul>
<li>fix(deps): update module golang.org/x/sync to v0.19.0 by <a
href="https://github.com/renovate"><code>@​renovate</code></a>[bot] in
<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/pull/828">kreuzwerker/terraform-provider-docker#828</a></li>
<li>fix(deps): update module github.com/hashicorp/terraform-plugin-log
to v0.10.0 by <a
href="https://github.com/renovate"><code>@​renovate</code></a>[bot] in
<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/pull/823">kreuzwerker/terraform-provider-docker#823</a></li>
<li>fix(deps): update module github.com/morikuni/aec to v1.1.0 by <a
href="https://github.com/renovate"><code>@​renovate</code></a>[bot] in
<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/pull/829">kreuzwerker/terraform-provider-docker#829</a></li>
<li>fix(deps): update module google.golang.org/protobuf to v1.36.11 by
<a href="https://github.com/renovate"><code>@​renovate</code></a>[bot]
in <a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/pull/830">kreuzwerker/terraform-provider-docker#830</a></li>
<li>fix(deps): update module github.com/sirupsen/logrus to v1.9.4 by <a
href="https://github.com/renovate"><code>@​renovate</code></a>[bot] in
<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/pull/836">kreuzwerker/terraform-provider-docker#836</a></li>
<li>chore: Add deprecation for docker_service.networks_advanced.name by
<a href="https://github.com/Junkern"><code>@​Junkern</code></a> in <a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/pull/837">kreuzwerker/terraform-provider-docker#837</a></li>
<li>fix: Refactor docker container state handling to properly restart
whe… by <a href="https://github.com/Junkern"><code>@​Junkern</code></a>
in <a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/pull/841">kreuzwerker/terraform-provider-docker#841</a></li>
<li>fix: docker container stopped ports by <a
href="https://github.com/Junkern"><code>@​Junkern</code></a> in <a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/pull/842">kreuzwerker/terraform-provider-docker#842</a></li>
<li>fix: correctly set docker_container devices by <a
href="https://github.com/Junkern"><code>@​Junkern</code></a> in <a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/pull/843">kreuzwerker/terraform-provider-docker#843</a></li>
<li>fix(deps): update module github.com/katbyte/terrafmt to v0.5.6 by <a
href="https://github.com/renovate"><code>@​renovate</code></a>[bot] in
<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/pull/844">kreuzwerker/terraform-provider-docker#844</a></li>
<li>fix(deps): update module
github.com/hashicorp/terraform-plugin-sdk/v2 to v2.38.2 by <a
href="https://github.com/renovate"><code>@​renovate</code></a>[bot] in
<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/pull/847">kreuzwerker/terraform-provider-docker#847</a></li>
<li>fix: Use DOCKER_CONFIG env same way as with docker cli by <a
href="https://github.com/Junkern"><code>@​Junkern</code></a> in <a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/pull/849">kreuzwerker/terraform-provider-docker#849</a></li>
<li>Fix: calculation of Dockerfile path in docker_image build by <a
href="https://github.com/Junkern"><code>@​Junkern</code></a> in <a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/pull/853">kreuzwerker/terraform-provider-docker#853</a></li>
<li>chore(deps): update actions/checkout action to v6 by <a
href="https://github.com/renovate"><code>@​renovate</code></a>[bot] in
<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/pull/825">kreuzwerker/terraform-provider-docker#825</a></li>
<li>chore(deps): update hashicorp/setup-terraform action to v4 by <a
href="https://github.com/renovate"><code>@​renovate</code></a>[bot] in
<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/pull/860">kreuzwerker/terraform-provider-docker#860</a></li>
<li>fix(deps): update module github.com/hashicorp/terraform-plugin-go to
v0.30.0 by <a
href="https://github.com/renovate"><code>@​renovate</code></a>[bot] in
<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/pull/861">kreuzwerker/terraform-provider-docker#861</a></li>
<li>fix(deps): update module
github.com/hashicorp/terraform-plugin-framework to v1.18.0 by <a
href="https://github.com/renovate"><code>@​renovate</code></a>[bot] in
<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/pull/862">kreuzwerker/terraform-provider-docker#862</a></li>
<li>fix(deps): update module github.com/hashicorp/terraform-plugin-mux
to v0.22.0 by <a
href="https://github.com/renovate"><code>@​renovate</code></a>[bot] in
<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/pull/863">kreuzwerker/terraform-provider-docker#863</a></li>
<li>fix(deps): update module
github.com/hashicorp/terraform-plugin-sdk/v2 to v2.39.0 by <a
href="https://github.com/renovate"><code>@​renovate</code></a>[bot] in
<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/pull/864">kreuzwerker/terraform-provider-docker#864</a></li>
<li>chore(deps): update docker/setup-docker-action action to v5 by <a
href="https://github.com/renovate"><code>@​renovate</code></a>[bot] in
<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/pull/866">kreuzwerker/terraform-provider-docker#866</a></li>
<li>chore(deps): update dependency golangci/golangci-lint to v2.10.1 by
<a href="https://github.com/renovate"><code>@​renovate</code></a>[bot]
in <a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/pull/869">kreuzwerker/terraform-provider-docker#869</a></li>
<li>fix(deps): update module golang.org/x/sync to v0.20.0 by <a
href="https://github.com/renovate"><code>@​renovate</code></a>[bot] in
<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/pull/872">kreuzwerker/terraform-provider-docker#872</a></li>
<li>Prevent <code>docker_registry_image</code> panic on registries
returning nil body without digest header by <a
href="https://github.com/Copilot"><code>@​Copilot</code></a> in <a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/pull/880">kreuzwerker/terraform-provider-docker#880</a></li>
<li>fix: Handle size_bytes in tmpfs_options in docker_service by <a
href="https://github.com/Junkern"><code>@​Junkern</code></a> in <a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/pull/882">kreuzwerker/terraform-provider-docker#882</a></li>
<li>chore(deps): update dependency golangci/golangci-lint to v2.11.4 by
<a href="https://github.com/renovate"><code>@​renovate</code></a>[bot]
in <a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/pull/871">kreuzwerker/terraform-provider-docker#871</a></li>
<li>fix: tests for healthcheck is not required for docker container
resource by <a
href="https://github.com/vnghia"><code>@​vnghia</code></a> in <a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/pull/834">kreuzwerker/terraform-provider-docker#834</a></li>
<li>chore: Prepare 4.0.0 release by <a
href="https://github.com/Junkern"><code>@​Junkern</code></a> in <a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/pull/884">kreuzwerker/terraform-provider-docker#884</a></li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/kreuzwerker/terraform-provider-docker/blob/master/CHANGELOG.md">kreuzwerker/docker's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/kreuzwerker/terraform-provider-docker/compare/v3.9.0...v4.0.0">v4.0.0</a>
(2026-04-03)</h2>
<h3>Chore</h3>
<ul>
<li>Add deprecation for docker_service.networks_advanced.name (<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/issues/837">#837</a>)</li>
</ul>
<h3>Feat</h3>
<ul>
<li>add selinux_relabel attribute to docker_container volumes (<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/issues/883">#883</a>)</li>
<li>Implement proper parsing of GPU device requests when using gpus… (<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/issues/881">#881</a>)</li>
<li>Add CDI device support (<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/issues/762">#762</a>)</li>
<li>Add muxing to introduce new plugin framework (<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/issues/838">#838</a>)</li>
</ul>
<h3>Feat</h3>
<ul>
<li>Make buildx builder default (<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/issues/855">#855</a>)</li>
</ul>
<h3>Feature</h3>
<ul>
<li>Add new docker container attributes (<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/issues/857">#857</a>)</li>
<li>Multiple enhancements (<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/issues/854">#854</a>)</li>
</ul>
<h3>Fix</h3>
<ul>
<li>tests for healthcheck is not required for docker container resource
(<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/issues/834">#834</a>)</li>
<li>Handle size_bytes in tmpfs_options in docker_service (<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/issues/882">#882</a>)</li>
<li>Use DOCKER_CONFIG env same way as with docker cli (<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/issues/849">#849</a>)</li>
<li>correctly set docker_container devices (<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/issues/843">#843</a>)</li>
<li>docker container stopped ports (<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/issues/842">#842</a>)</li>
<li>Refactor docker container state handling to properly restart when
exited (<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/issues/841">#841</a>)</li>
</ul>
<h3>Fix</h3>
<ul>
<li>calculation of Dockerfile path in docker_image build (<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/issues/853">#853</a>)</li>
</ul>
<p><!-- raw HTML omitted --><!-- raw HTML omitted --></p>
<h2><a
href="https://github.com/kreuzwerker/terraform-provider-docker/compare/v3.8.0...v3.9.0">v3.9.0</a>
(2025-11-09)</h2>
<h3>Chore</h3>
<ul>
<li>Prepare release v3.9.0 (<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/issues/821">#821</a>)</li>
<li>Add file requested by hashicorp (<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/issues/813">#813</a>)</li>
<li>Prepare release v3.8.0 (<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/issues/806">#806</a>)</li>
</ul>
<h3>Feat</h3>
<ul>
<li>Implement caching of docker provider (<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/issues/808">#808</a>)</li>
</ul>
<h3>Fix</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/kreuzwerker/terraform-provider-docker/commit/b7296b7ec5af2f1c7516077d7056d563a1da774e"><code>b7296b7</code></a>
chore: Prepare 4.0.0 release (<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/issues/884">#884</a>)</li>
<li><a
href="https://github.com/kreuzwerker/terraform-provider-docker/commit/b25e44ac7b3ede532d307fc6abe6daf39c7d6d56"><code>b25e44a</code></a>
feat: add selinux_relabel attribute to docker_container volumes (<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/issues/883">#883</a>)</li>
<li><a
href="https://github.com/kreuzwerker/terraform-provider-docker/commit/83b9e13b64fb78923ef88a8baeeece4611f61930"><code>83b9e13</code></a>
fix: tests for healthcheck is not required for docker container resource
(<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/issues/834">#834</a>)</li>
<li><a
href="https://github.com/kreuzwerker/terraform-provider-docker/commit/5f4cbc5673699b01c31801ba6154e9f1243a6af0"><code>5f4cbc5</code></a>
chore(deps): update dependency golangci/golangci-lint to v2.11.4 (<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/issues/871">#871</a>)</li>
<li><a
href="https://github.com/kreuzwerker/terraform-provider-docker/commit/83a89ad5a139bb9bffe11cef3b14b98f28109b36"><code>83a89ad</code></a>
fix: Handle size_bytes in tmpfs_options in docker_service (<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/issues/882">#882</a>)</li>
<li><a
href="https://github.com/kreuzwerker/terraform-provider-docker/commit/57d8be485145db54678b2773d38f1dd7c9927cda"><code>57d8be4</code></a>
feat: Implement proper parsing of GPU device requests when using gpus…
(<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/issues/881">#881</a>)</li>
<li><a
href="https://github.com/kreuzwerker/terraform-provider-docker/commit/e63d18d450f11e3293fa14b52cb20ee3f11b2cba"><code>e63d18d</code></a>
Prevent <code>docker_registry_image</code> panic on registries returning
nil body withou...</li>
<li><a
href="https://github.com/kreuzwerker/terraform-provider-docker/commit/8bac991400ae971425d61be5c6e442a1b3f8515c"><code>8bac991</code></a>
feat: Add CDI device support (<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/issues/762">#762</a>)</li>
<li><a
href="https://github.com/kreuzwerker/terraform-provider-docker/commit/5c3c660fb54e52ccfd82b76ceb685bc82aed7885"><code>5c3c660</code></a>
fix(deps): update module golang.org/x/sync to v0.20.0 (<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/issues/872">#872</a>)</li>
<li><a
href="https://github.com/kreuzwerker/terraform-provider-docker/commit/75cba1d6ef1b76777443035f0f96c19b5c974553"><code>75cba1d</code></a>
chore(deps): update dependency golangci/golangci-lint to v2.10.1 (<a
href="https://redirect.github.com/kreuzwerker/terraform-provider-docker/issues/869">#869</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/kreuzwerker/terraform-provider-docker/compare/v3.0.0...v4.0.0">compare
view</a></li>
</ul>
</details>
<br />


Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-07 00:28:48 +00:00
dependabot[bot] eb4860aac3 chore: bump the coder-modules group across 2 directories with 2 updates (#23955) 
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-02 07:54:01 +00:00
dependabot[bot] 07fbe8ca7d chore: bump ubuntu from ce4a593 to 5e5b128 in /dogfood/coder (#23954) 
Bumps ubuntu from `ce4a593` to `5e5b128`.


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ubuntu&package-manager=docker&previous-version=jammy&new-version=jammy)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-04-02 07:53:42 +00:00
Lukasz acd2ff63a7 chore: bump Go toolchain to 1.25.8 (#23772) 
Bump the repository Go toolchain from 1.25.7 to 1.25.8.

Updates `go.mod`, the shared `setup-go` action default, and the dogfood
image checksum so local, CI, and dogfood builds stay aligned.
 2026-03-31 14:04:58 +02:00
dependabot[bot] 9f51c44772 chore: bump rust from f7bf1c2 to 1d0000a in /dogfood/coder (#23787) 
Bumps rust from `f7bf1c2` to `1d0000a`.


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=rust&package-manager=docker&previous-version=slim&new-version=slim)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-30 11:47:12 +00:00
dependabot[bot] 4bf46c4435 chore: bump the coder-modules group across 2 directories with 1 update (#23757) 
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-30 00:37:51 +00:00
Ethan 411714cd73 fix(dogfood/coder): tolerate stale gh auth state (#23588) 
## Problem

The dogfood startup script uses `gh auth status` to decide whether to
re-authenticate the GitHub CLI. That command exits non-zero when **any**
stored credential is invalid—even if Coder external auth already injects
a working `GITHUB_TOKEN` into the environment and `gh` commands work
fine.

On workspaces with a persistent home volume, `~/.config/gh/hosts.yml`
retains OAuth tokens written by previous `gh auth login --with-token`
calls. These tokens are issued by Coder's external auth integration and
can be rotated or revoked between workspace starts, but the copy in
`hosts.yml` persists on the volume. When the stored token goes stale,
`gh auth status` reports two accounts:

```
✓ Logged in to github.com account user (GITHUB_TOKEN)           ← works fine
✗ Failed to log in to github.com account user (hosts.yml)       ← stale token
```

It exits 1 because of the stale entry, even though `gh` API calls
succeed via `GITHUB_TOKEN`. This makes the auth state **indeterminate**
from `gh auth status` alone—you can't tell whether `gh` actually works
or not.

When the script enters the login branch:

1. `gh auth login --with-token` **refuses** to accept piped input when
`GITHUB_TOKEN` is already set in the environment, and exits 1.
2. `set -e` kills the script before it reaches `sudo service docker
start`.

The result: Docker never starts, devcontainer health checks fail, and
the workspace reports a startup error—all because of a stale GitHub CLI
credential that has no bearing on workspace functionality.

## Fix

- Switch the auth guard from `gh auth status` to `gh api user --jq
.login`, which tests whether GitHub API access actually works regardless
of which credential provides it.
- Wrap the fallback `gh auth login` so a failure logs the indeterminate
state but does not abort the script.
 2026-03-26 17:25:42 +11:00
Cian Johnston 3b268c95d3 chore(dogfood): evict 22 freeloading tools from the Dockerfile (#23378) 
Removes unused tools from dogfood Dockerfile:
- Go tools `moq`, `go-swagger`, `goreleaser`, `goveralls`, `kind`,
`helm-docs`, `gcr-cleaner-cli`
- curl-installed `cloud_sql_proxy`, `dive`, `docker-credential-gcr`, `grype`,
`kube-linter`, `stripe` CLI, `terragrunt`, `yq` v3, GoLand 2021.2 , ANTLR v4 jar
- apt packages `cmake`, `google-cloud-sdk-datastore-emulator`, `graphviz`, `packer`

> 🤖 This PR was created with the help of Coder Agents, and was reviewed by my human. 🧑‍💻
 2026-03-23 18:25:58 +00:00
dependabot[bot] b73983e309 chore: bump ubuntu from 3ba65aa to ce4a593 in /dogfood/coder (#23434) 
Bumps ubuntu from `3ba65aa` to `ce4a593`.


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=ubuntu&package-manager=docker&previous-version=jammy&new-version=jammy)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-23 11:23:30 +00:00
dependabot[bot] c11cc0ba30 chore: bump rust from 7d37016 to f7bf1c2 in /dogfood/coder (#23433) 
Bumps rust from `7d37016` to `f7bf1c2`.


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=rust&package-manager=docker&previous-version=slim&new-version=slim)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-23 11:23:14 +00:00
dependabot[bot] 3729ff46fb chore: bump the coder-modules group across 2 directories with 1 update (#23413) 
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-03-23 00:28:19 +00:00
Cian Johnston 4c9041b270 chore: evict trivy from the dogfood Dockerfile (#23367) 
- Remove `TRIVY_VERSION` ARG and trivy CLI install block from
`dogfood/coder/Dockerfile`
- The `trivy` job in `.github/workflows/security.yaml` is kept — it uses
`aquasecurity/trivy-action` pinned to a known-good commit

> 🤖 This PR was created with the help of Coder Agents, and was reviewed
by my human. 🧑‍💻
 2026-03-20 14:52:11 +00:00