feat: add option to disable VS Code Web workspace trust protection (#131 )

for admins with certainty about what is installed in the environment, this is ideal. otherwise, it's best to get user trust --------- Co-authored-by: DevelopmentCats <christofer@coder.com> Co-authored-by: Atif Ali <atif@coder.com>
fix: clean up version-bump workflow script output handling (#153 )
2026-06-04 13:38:14 +00:00 · 2025-06-16 21:24:51 -05:00 · 2025-06-16 19:52:56 -05:00 · 2025-06-16 14:32:09 -05:00 · 2025-06-13 06:18:11 +00:00
6 changed files with 35 additions and 15 deletions
@@ -17,6 +17,7 @@ jobs:
    permissions:
      contents: read
      pull-requests: write
+      issues: write
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
@@ -46,7 +47,6 @@ jobs:
      - name: Check version bump requirements
        id: version-check
        run: |
-          # Run the script to check what versions should be
          output_file=$(mktemp)
          if ./.github/scripts/version-bump.sh "${{ steps.bump-type.outputs.type }}" origin/main > "$output_file" 2>&1; then
            echo "Script completed successfully"
@@ -56,17 +56,14 @@ jobs:
            exit 1
          fi

-          # Store output for PR comment
          {
            echo "output<<EOF"
            cat "$output_file"
            echo "EOF"
          } >> $GITHUB_OUTPUT

-          # Show output
          cat "$output_file"

-          # Check if any files would be modified by the script
          if git diff --quiet; then
            echo "versions_up_to_date=true" >> $GITHUB_OUTPUT
            echo "✅ All module versions are already up to date"
@@ -78,6 +75,10 @@ jobs:
            echo ""
            echo "Diff preview:"
            git diff
+            
+            git checkout .
+            git clean -fd
+            
            exit 1
          fi

@@ -85,6 +86,7 @@ jobs:
        if: failure() && steps.version-check.outputs.versions_up_to_date == 'false'
        uses: actions/github-script@v7
        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
          script: |
            const output = `${{ steps.version-check.outputs.output }}`;
            const bumpType = `${{ steps.bump-type.outputs.type }}`;
@@ -15,7 +15,7 @@ Automatically install [Visual Studio Code Server](https://code.visualstudio.com/
 module "vscode-web" {
  count          = data.coder_workspace.me.start_count
  source         = "registry.coder.com/coder/vscode-web/coder"
-  version        = "1.2.0"
+  version        = "1.3.0"
  agent_id       = coder_agent.example.id
  accept_license = true
 }
@@ -31,7 +31,7 @@ module "vscode-web" {
 module "vscode-web" {
  count          = data.coder_workspace.me.start_count
  source         = "registry.coder.com/coder/vscode-web/coder"
-  version        = "1.2.0"
+  version        = "1.3.0"
  agent_id       = coder_agent.example.id
  install_prefix = "/home/coder/.vscode-web"
  folder         = "/home/coder"
@@ -45,7 +45,7 @@ module "vscode-web" {
 module "vscode-web" {
  count          = data.coder_workspace.me.start_count
  source         = "registry.coder.com/coder/vscode-web/coder"
-  version        = "1.2.0"
+  version        = "1.3.0"
  agent_id       = coder_agent.example.id
  extensions     = ["github.copilot", "ms-python.python", "ms-toolsai.jupyter"]
  accept_license = true
@@ -60,7 +60,7 @@ Configure VS Code's [settings.json](https://code.visualstudio.com/docs/getstarte
 module "vscode-web" {
  count      = data.coder_workspace.me.start_count
  source     = "registry.coder.com/coder/vscode-web/coder"
-  version    = "1.2.0"
+  version    = "1.3.0"
  agent_id   = coder_agent.example.id
  extensions = ["dracula-theme.theme-dracula"]
  settings = {
@@ -78,7 +78,7 @@ By default, this module installs the latest. To pin a specific version, retrieve
 module "vscode-web" {
  count          = data.coder_workspace.me.start_count
  source         = "registry.coder.com/coder/vscode-web/coder"
-  version        = "1.2.0"
+  version        = "1.3.0"
  agent_id       = coder_agent.example.id
  commit_id      = "e54c774e0add60467559eb0d1e229c6452cf8447"
  accept_license = true
@@ -121,6 +121,12 @@ variable "use_cached" {
  default     = false
 }

+variable "disable_trust" {
+  type        = bool
+  description = "Disables workspace trust protection for VS Code Web."
+  default     = false
+}
+
 variable "extensions_dir" {
  type        = string
  description = "Override the directory to store extensions in."
@@ -169,6 +175,7 @@ resource "coder_script" "vscode-web" {
    SETTINGS : replace(jsonencode(var.settings), "\"", "\\\""),
    OFFLINE : var.offline,
    USE_CACHED : var.use_cached,
+    DISABLE_TRUST : var.disable_trust,
    EXTENSIONS_DIR : var.extensions_dir,
    FOLDER : var.folder,
    AUTO_INSTALL_EXTENSIONS : var.auto_install_extensions,
@@ -16,10 +16,16 @@ if [ -n "${SERVER_BASE_PATH}" ]; then
  SERVER_BASE_PATH_ARG="--server-base-path=${SERVER_BASE_PATH}"
 fi

+# Set disable workspace trust
+DISABLE_TRUST_ARG=""
+if [ "${DISABLE_TRUST}" = true ]; then
+  DISABLE_TRUST_ARG="--disable-workspace-trust"
+fi
+
 run_vscode_web() {
-  echo "👷 Running $VSCODE_WEB serve-local $EXTENSION_ARG $SERVER_BASE_PATH_ARG --port ${PORT} --host 127.0.0.1 --accept-server-license-terms --without-connection-token --telemetry-level ${TELEMETRY_LEVEL} in the background..."
+  echo "👷 Running $VSCODE_WEB serve-local $EXTENSION_ARG $SERVER_BASE_PATH_ARG $DISABLE_TRUST_ARG --port ${PORT} --host 127.0.0.1 --accept-server-license-terms --without-connection-token --telemetry-level ${TELEMETRY_LEVEL} in the background..."
  echo "Check logs at ${LOG_PATH}!"
-  "$VSCODE_WEB" serve-local "$EXTENSION_ARG" "$SERVER_BASE_PATH_ARG" --port "${PORT}" --host 127.0.0.1 --accept-server-license-terms --without-connection-token --telemetry-level "${TELEMETRY_LEVEL}" > "${LOG_PATH}" 2>&1 &
+  "$VSCODE_WEB" serve-local "$EXTENSION_ARG" "$SERVER_BASE_PATH_ARG" "$DISABLE_TRUST_ARG" --port "${PORT}" --host 127.0.0.1 --accept-server-license-terms --without-connection-token --telemetry-level "${TELEMETRY_LEVEL}" > "${LOG_PATH}" 2>&1 &
 }

 # Check if the settings file exists...
@@ -16,7 +16,7 @@ Enable Remote Desktop + a web based client on Windows workspaces, powered by [de
 module "windows_rdp" {
  count       = data.coder_workspace.me.start_count
  source      = "registry.coder.com/coder/windows-rdp/coder"
-  version     = "1.2.0"
+  version     = "1.2.1"
  agent_id    = resource.coder_agent.main.id
  resource_id = resource.aws_instance.dev.id
 }
@@ -34,7 +34,7 @@ module "windows_rdp" {
 module "windows_rdp" {
  count       = data.coder_workspace.me.start_count
  source      = "registry.coder.com/coder/windows-rdp/coder"
-  version     = "1.2.0"
+  version     = "1.2.1"
  agent_id    = resource.coder_agent.main.id
  resource_id = resource.aws_instance.dev.id
 }
@@ -46,7 +46,7 @@ module "windows_rdp" {
 module "windows_rdp" {
  count       = data.coder_workspace.me.start_count
  source      = "registry.coder.com/coder/windows-rdp/coder"
-  version     = "1.2.0"
+  version     = "1.2.1"
  agent_id    = resource.coder_agent.main.id
  resource_id = resource.google_compute_instance.dev[0].id
 }
@@ -58,7 +58,7 @@ module "windows_rdp" {
 module "windows_rdp" {
  count                       = data.coder_workspace.me.start_count
  source                      = "registry.coder.com/coder/windows-rdp/coder"
-  version                     = "1.2.0"
+  version                     = "1.2.1"
  agent_id                    = resource.coder_agent.main.id
  resource_id                 = resource.aws_instance.dev.id
  devolutions_gateway_version = "2025.1.6" # Specify a specific version
@@ -16,6 +16,11 @@ function Configure-RDP {
    New-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -Name "SecurityLayer" -Value 1 -PropertyType DWORD -Force
    # Enable RDP through Windows Firewall
    Enable-NetFirewallRule -DisplayGroup "Remote Desktop"
+
+    # Disable UDP. It doesn't work via `coder port-forward` and is broken due to MTU issues in Coder Connect.
+    # Requires a restart to take effect. c.f. https://github.com/coder/internal/issues/608#issuecomment-2965923672
+    New-ItemProperty -Path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services' -Name "SelectTransport" -Value 1 -PropertyType DWORD -Force
+    Restart-Service -Name "TermService" -Force
 }

 function Install-DevolutionsGateway {
Author	SHA1	Message	Date
Ben Potter	a8e23647c5	feat: add option to disable VS Code Web workspace trust protection (#131 ) for admins with certainty about what is installed in the environment, this is ideal. otherwise, it's best to get user trust --------- Co-authored-by: DevelopmentCats <christofer@coder.com> Co-authored-by: Atif Ali <atif@coder.com>	2025-06-16 21:24:51 -05:00
DevCats	960ec18d35	fix: clean up version-bump workflow script output handling (#153 ) ## Description Removed unnecessary comments and added commands to reset the working directory and clean untracked files in the version-bump workflow. This improves the script's reliability by ensuring a clean state after executing version checks. --- ## Type of Change - [ ] New module - [X] Bug fix - [ ] Feature/enhancement - [ ] Documentation - [ ] Other --- ## Related Issues None	2025-06-16 19:52:56 -05:00
DevCats	eae64160bd	fix: update GitHub Actions permissions in version-bump workflow (#152 ) ## Description update GitHub Actions permissions in version-bump workflow by adding issues permission for commenting on PR's --- ## Type of Change - [ ] New module - [X] Bug fix - [ ] Feature/enhancement - [ ] Documentation - [ ] Other --- ## Related Issues None	2025-06-16 14:32:09 -05:00
Spike Curtis	b58bfebcf3	fix: disable UDP connections on windows-rdp module (#149 ) ## Description Relates to Fixes an issue where RDP doesn't function properly over Coder Connect, by disabling UDP and relying only on TCP. c.f. https://github.com/coder/internal/issues/608#issuecomment-2965923672 for a detailed description of the problem. --- ## Type of Change - [ ] New module - [X] Bug fix - [ ] Feature/enhancement - [ ] Documentation - [ ] Other --- ## Module Information <!-- Delete this section if not applicable --> Path: `registry/coder/modules/windows-rdp` New version: `v1.0.19` Breaking change: [ ] Yes [x] No --- ## Testing & Validation - [x] Tests pass (`bun test`) - [x] Code formatted (`bun run fmt`) - [x] Changes tested locally --- ## Related Issues https://github.com/coder/internal/issues/608 Closes # --------- Signed-off-by: Spike Curtis <spike@coder.com>	2025-06-13 06:18:11 +00:00