refactor: rename files

## Changes made
- Added back CI steps for validating the codebase for typos and formatting
- Updated README validation CI step to be dependent on typo-checking step
- Updated configuration files as needed to support the new CI step
- Updated all files that were previously getting skipped over from improperly-set-up CI logic

.env.example

@@ -0,0 +1,23 @@
+# ---
+# These are used for the site health script, run from GitHub Actions. They can
+# be set manually if you need to run the script locally.
+
+# Coder admins for Instatus can get this value from https://dashboard.instatus.com/developer
+export INSTATUS_API_KEY=
+
+# Can be obtained from calling the Instatus API with a valid token. This value
+# might not actually need to be private, but better safe than sorry
+# https://instatus.com/help/api/status-pages
+export INSTATUS_PAGE_ID=
+
+# Can be obtained from calling the Instatus API with a valid token. This value
+# might not actually need to be private, but better safe than sorry
+# https://instatus.com/help/api/components
+export INSTATUS_COMPONENT_ID=
+
+# Can be grabbed from https://vercel.com/codercom/registry/stores/integration/upstash/store_1YDPuBF4Jd0aNpuV/guides
+# Please make sure that the token you use is KV_REST_API_TOKEN; the script needs
+# to be able to queries and mutations
+export VERCEL_API_KEY=
+
+# ---

.github/scripts/check_registry_site_health.sh

@@ -4,23 +4,23 @@ set -u
 
 VERBOSE="${VERBOSE:-0}"
 if [[ "${VERBOSE}" -ne "0" ]]; then
-    set -x
+  set -x
 fi
 
 # List of required environment variables
 required_vars=(
-    "INSTATUS_API_KEY"
-    "INSTATUS_PAGE_ID"
-    "INSTATUS_COMPONENT_ID"
-    "VERCEL_API_KEY"
+  "INSTATUS_API_KEY"
+  "INSTATUS_PAGE_ID"
+  "INSTATUS_COMPONENT_ID"
+  "VERCEL_API_KEY"
 )
 
 # Check if each required variable is set
 for var in "${required_vars[@]}"; do
-    if [[ -z "${!var:-}" ]]; then
-        echo "Error: Environment variable '$var' is not set."
-        exit 1
-    fi
+  if [[ -z "${!var:-}" ]]; then
+    echo "Error: Environment variable '$var' is not set."
+    exit 1
+  fi
 done
 
 REGISTRY_BASE_URL="${REGISTRY_BASE_URL:-https://registry.coder.com}"
@@ -31,38 +31,38 @@ declare -a failures=()
 
 # Collect all module directories containing a main.tf file
 for path in $(find . -maxdepth 2 -not -path '*/.*' -type f -name main.tf | cut -d '/' -f 2 | sort -u); do
-    modules+=("${path}")
+  modules+=("${path}")
 done
 
 echo "Checking modules: ${modules[*]}"
 
 # Function to update the component status on Instatus
 update_component_status() {
-    local component_status=$1
-    # see https://instatus.com/help/api/components
-    (curl -X PUT "https://api.instatus.com/v1/$INSTATUS_PAGE_ID/components/$INSTATUS_COMPONENT_ID" \
-        -H "Authorization: Bearer $INSTATUS_API_KEY" \
-        -H "Content-Type: application/json" \
-        -d "{\"status\": \"$component_status\"}")
+  local component_status=$1
+  # see https://instatus.com/help/api/components
+  (curl -X PUT "https://api.instatus.com/v1/$INSTATUS_PAGE_ID/components/$INSTATUS_COMPONENT_ID" \
+    -H "Authorization: Bearer $INSTATUS_API_KEY" \
+    -H "Content-Type: application/json" \
+    -d "{\"status\": \"$component_status\"}")
 }
 
 # Function to create an incident
 create_incident() {
-    local incident_name="Degraded Service"
-    local message="The following modules are experiencing issues:\n"
-    for i in "${!failures[@]}"; do
-        message+="$((i + 1)). ${failures[$i]}\n"
-    done
+  local incident_name="Degraded Service"
+  local message="The following modules are experiencing issues:\n"
+  for i in "${!failures[@]}"; do
+    message+="$((i + 1)). ${failures[$i]}\n"
+  done
 
-    component_status="PARTIALOUTAGE"
-    if ((${#failures[@]} == ${#modules[@]})); then
-        component_status="MAJOROUTAGE"
-    fi
-    # see https://instatus.com/help/api/incidents
-    incident_id=$(curl -s -X POST "https://api.instatus.com/v1/$INSTATUS_PAGE_ID/incidents" \
-        -H "Authorization: Bearer $INSTATUS_API_KEY" \
-        -H "Content-Type: application/json" \
-        -d "{
+  component_status="PARTIALOUTAGE"
+  if ((${#failures[@]} == ${#modules[@]})); then
+    component_status="MAJOROUTAGE"
+  fi
+  # see https://instatus.com/help/api/incidents
+  incident_id=$(curl -s -X POST "https://api.instatus.com/v1/$INSTATUS_PAGE_ID/incidents" \
+    -H "Authorization: Bearer $INSTATUS_API_KEY" \
+    -H "Content-Type: application/json" \
+    -d "{
             \"name\": \"$incident_name\",
             \"message\": \"$message\",
             \"components\": [\"$INSTATUS_COMPONENT_ID\"],
@@ -76,129 +76,129 @@ create_incident() {
             ]
         }" | jq -r '.id')
 
-    echo "Created incident with ID: $incident_id"
+  echo "Created incident with ID: $incident_id"
 }
 
 # Function to check for existing unresolved incidents
 check_existing_incident() {
-    # Fetch the latest incidents with status not equal to "RESOLVED"
-    local unresolved_incidents=$(curl -s -X GET "https://api.instatus.com/v1/$INSTATUS_PAGE_ID/incidents" \
-        -H "Authorization: Bearer $INSTATUS_API_KEY" \
-        -H "Content-Type: application/json" | jq -r '.incidents[] | select(.status != "RESOLVED") | .id')
+  # Fetch the latest incidents with status not equal to "RESOLVED"
+  local unresolved_incidents=$(curl -s -X GET "https://api.instatus.com/v1/$INSTATUS_PAGE_ID/incidents" \
+    -H "Authorization: Bearer $INSTATUS_API_KEY" \
+    -H "Content-Type: application/json" | jq -r '.incidents[] | select(.status != "RESOLVED") | .id')
 
-    if [[ -n "$unresolved_incidents" ]]; then
-        echo "Unresolved incidents found: $unresolved_incidents"
-        return 0 # Indicate that there are unresolved incidents
-    else
-        echo "No unresolved incidents found."
-        return 1 # Indicate that no unresolved incidents exist
-    fi
+  if [[ -n "$unresolved_incidents" ]]; then
+    echo "Unresolved incidents found: $unresolved_incidents"
+    return 0 # Indicate that there are unresolved incidents
+  else
+    echo "No unresolved incidents found."
+    return 1 # Indicate that no unresolved incidents exist
+  fi
 }
 
 force_redeploy_registry() {
-    # These are not secret values; safe to just expose directly in script
-    local VERCEL_TEAM_SLUG="codercom"
-    local VERCEL_TEAM_ID="team_tGkWfhEGGelkkqUUm9nXq17r"
-    local VERCEL_APP="registry"
+  # These are not secret values; safe to just expose directly in script
+  local VERCEL_TEAM_SLUG="codercom"
+  local VERCEL_TEAM_ID="team_tGkWfhEGGelkkqUUm9nXq17r"
+  local VERCEL_APP="registry"
 
-    local latest_res
-    latest_res=$(
-        curl "https://api.vercel.com/v6/deployments?app=$VERCEL_APP&limit=1&slug=$VERCEL_TEAM_SLUG&teamId=$VERCEL_TEAM_ID&target=production&state=BUILDING,INITIALIZING,QUEUED,READY" \
-            --fail \
-            --silent \
-            --header "Authorization: Bearer $VERCEL_API_KEY" \
-            --header "Content-Type: application/json"
-    )
+  local latest_res
+  latest_res=$(
+    curl "https://api.vercel.com/v6/deployments?app=$VERCEL_APP&limit=1&slug=$VERCEL_TEAM_SLUG&teamId=$VERCEL_TEAM_ID&target=production&state=BUILDING,INITIALIZING,QUEUED,READY" \
+      --fail \
+      --silent \
+      --header "Authorization: Bearer $VERCEL_API_KEY" \
+      --header "Content-Type: application/json"
+  )
 
-    # If we have zero deployments, something is VERY wrong. Make the whole
-    # script exit with a non-zero status code
-    local latest_id
-    latest_id=$(echo "${latest_res}" | jq -r '.deployments[0].uid')
-    if [[ "${latest_id}" = "null" ]]; then
-        echo "Unable to pull any previous deployments for redeployment"
-        echo "Please redeploy the latest deployment manually in Vercel."
-        echo "https://vercel.com/codercom/registry/deployments"
-        exit 1
-    fi
+  # If we have zero deployments, something is VERY wrong. Make the whole
+  # script exit with a non-zero status code
+  local latest_id
+  latest_id=$(echo "${latest_res}" | jq -r '.deployments[0].uid')
+  if [[ "${latest_id}" = "null" ]]; then
+    echo "Unable to pull any previous deployments for redeployment"
+    echo "Please redeploy the latest deployment manually in Vercel."
+    echo "https://vercel.com/codercom/registry/deployments"
+    exit 1
+  fi
 
-    local latest_date_ts_seconds
-    latest_date_ts_seconds=$(echo "${latest_res}" | jq -r '.deployments[0].createdAt/1000|floor')
-    local current_date_ts_seconds
-    current_date_ts_seconds="$(date +%s)"
-    local max_redeploy_interval_seconds=7200 # 2 hours
-    if ((current_date_ts_seconds - latest_date_ts_seconds < max_redeploy_interval_seconds)); then
-        echo "The registry was deployed less than 2 hours ago."
-        echo "Not automatically re-deploying the regitstry."
-        echo "A human reading this message should decide if a redeployment is necessary."
-        echo "Please check the Vercel dashboard for more information."
-        echo "https://vercel.com/codercom/registry/deployments"
-        exit 1
-    fi
+  local latest_date_ts_seconds
+  latest_date_ts_seconds=$(echo "${latest_res}" | jq -r '.deployments[0].createdAt/1000|floor')
+  local current_date_ts_seconds
+  current_date_ts_seconds="$(date +%s)"
+  local max_redeploy_interval_seconds=7200 # 2 hours
+  if ((current_date_ts_seconds - latest_date_ts_seconds < max_redeploy_interval_seconds)); then
+    echo "The registry was deployed less than 2 hours ago."
+    echo "Not automatically re-deploying the regitstry."
+    echo "A human reading this message should decide if a redeployment is necessary."
+    echo "Please check the Vercel dashboard for more information."
+    echo "https://vercel.com/codercom/registry/deployments"
+    exit 1
+  fi
 
-    local latest_deployment_state
-    latest_deployment_state="$(echo "${latest_res}" | jq -r '.deployments[0].state')"
-    if [[ "${latest_deployment_state}" != "READY" ]]; then
-        echo "Last deployment was not in READY state. Skipping redeployment."
-        echo "A human reading this message should decide if a redeployment is necessary."
-        echo "Please check the Vercel dashboard for more information."
-        echo "https://vercel.com/codercom/registry/deployments"
-        exit 1
-    fi
+  local latest_deployment_state
+  latest_deployment_state="$(echo "${latest_res}" | jq -r '.deployments[0].state')"
+  if [[ "${latest_deployment_state}" != "READY" ]]; then
+    echo "Last deployment was not in READY state. Skipping redeployment."
+    echo "A human reading this message should decide if a redeployment is necessary."
+    echo "Please check the Vercel dashboard for more information."
+    echo "https://vercel.com/codercom/registry/deployments"
+    exit 1
+  fi
 
-    echo "============================================================="
-    echo "!!! Redeploying registry with deployment ID: ${latest_id} !!!"
-    echo "============================================================="
+  echo "============================================================="
+  echo "!!! Redeploying registry with deployment ID: ${latest_id} !!!"
+  echo "============================================================="
 
-    if ! curl -X POST "https://api.vercel.com/v13/deployments?forceNew=1&skipAutoDetectionConfirmation=1&slug=$VERCEL_TEAM_SLUG&teamId=$VERCEL_TEAM_ID" \
-        --fail \
-        --header "Authorization: Bearer $VERCEL_API_KEY" \
-        --header "Content-Type: application/json" \
-        --data-raw "{ \"deploymentId\": \"${latest_id}\", \"name\": \"${VERCEL_APP}\", \"target\": \"production\" }"; then
-        echo "DEPLOYMENT FAILED! Please check the Vercel dashboard for more information."
-        echo "https://vercel.com/codercom/registry/deployments"
-        exit 1
-    fi
+  if ! curl -X POST "https://api.vercel.com/v13/deployments?forceNew=1&skipAutoDetectionConfirmation=1&slug=$VERCEL_TEAM_SLUG&teamId=$VERCEL_TEAM_ID" \
+    --fail \
+    --header "Authorization: Bearer $VERCEL_API_KEY" \
+    --header "Content-Type: application/json" \
+    --data-raw "{ \"deploymentId\": \"${latest_id}\", \"name\": \"${VERCEL_APP}\", \"target\": \"production\" }"; then
+    echo "DEPLOYMENT FAILED! Please check the Vercel dashboard for more information."
+    echo "https://vercel.com/codercom/registry/deployments"
+    exit 1
+  fi
 }
 
 # Check each module's accessibility
 for module in "${modules[@]}"; do
-    # Trim leading/trailing whitespace from module name
-    module=$(echo "${module}" | xargs)
-    url="${REGISTRY_BASE_URL}/modules/${module}"
-    printf "=== Checking module %s at %s\n" "${module}" "${url}"
-    status_code=$(curl --output /dev/null --head --silent --fail --location "${url}" --retry 3 --write-out "%{http_code}")
-    if ((status_code != 200)); then
-        printf "==> FAIL(%s)\n" "${status_code}"
-        status=1
-        failures+=("${module}")
-    else
-        printf "==> OK(%s)\n" "${status_code}"
-    fi
+  # Trim leading/trailing whitespace from module name
+  module=$(echo "${module}" | xargs)
+  url="${REGISTRY_BASE_URL}/modules/${module}"
+  printf "=== Checking module %s at %s\n" "${module}" "${url}"
+  status_code=$(curl --output /dev/null --head --silent --fail --location "${url}" --retry 3 --write-out "%{http_code}")
+  if ((status_code != 200)); then
+    printf "==> FAIL(%s)\n" "${status_code}"
+    status=1
+    failures+=("${module}")
+  else
+    printf "==> OK(%s)\n" "${status_code}"
+  fi
 done
 
 # Determine overall status and update Instatus component
 if ((status == 0)); then
-    echo "All modules are operational."
-    # set to
-    update_component_status "OPERATIONAL"
+  echo "All modules are operational."
+  # set to
+  update_component_status "OPERATIONAL"
 else
-    echo "The following modules have issues: ${failures[*]}"
-    # check if all modules are down
-    if ((${#failures[@]} == ${#modules[@]})); then
-        update_component_status "MAJOROUTAGE"
-    else
-        update_component_status "PARTIALOUTAGE"
-    fi
+  echo "The following modules have issues: ${failures[*]}"
+  # check if all modules are down
+  if ((${#failures[@]} == ${#modules[@]})); then
+    update_component_status "MAJOROUTAGE"
+  else
+    update_component_status "PARTIALOUTAGE"
+  fi
 
-    # Check if there is an existing incident before creating a new one
-    if ! check_existing_incident; then
-        create_incident
-    fi
+  # Check if there is an existing incident before creating a new one
+  if ! check_existing_incident; then
+    create_incident
+  fi
 
-    # If a module is down, force a reployment to try getting things back online
-    # ASAP
-    # EDIT: registry.coder.com is no longer hosted on vercel
-    #force_redeploy_registry
+  # If a module is down, force a reployment to try getting things back online
+  # ASAP
+  # EDIT: registry.coder.com is no longer hosted on vercel
+  #force_redeploy_registry
 fi
 
 exit "${status}"

.github/typos.toml

@@ -0,0 +1,4 @@
+[default.extend-words]
+muc = "muc" # For Munich location code
+Hashi = "Hashi"
+HashiCorp = "HashiCorp"

.github/workflows/check_registry_site_health.yaml

@@ -0,0 +1,23 @@
+# Check modules health on registry.coder.com
+name: check-registry-site-health
+on:
+  schedule:
+    - cron: "0,15,30,45 * * * *" # Runs every 15 minutes
+  workflow_dispatch: # Allows manual triggering of the workflow if needed
+
+jobs:
+  run-script:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Run check.sh
+        run: |
+          ./.github/scripts/check_registry_site_health.sh
+        env:
+          INSTATUS_API_KEY: ${{ secrets.INSTATUS_API_KEY }}
+          INSTATUS_PAGE_ID: ${{ secrets.INSTATUS_PAGE_ID }}
+          INSTATUS_COMPONENT_ID: ${{ secrets.INSTATUS_COMPONENT_ID }}
+          VERCEL_API_KEY: ${{ secrets.VERCEL_API_KEY }}

.github/workflows/ci.yaml

@@ -7,20 +7,8 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
 jobs:
-  validate-readme-files:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Check out code
-        uses: actions/checkout@v4
-      - name: Set up Go
-        uses: actions/setup-go@v5
-        with:
-          go-version: "1.23.2"
-      - name: Validate contributors
-        run: go build ./scripts/contributors && ./contributors
-      - name: Remove build file artifact
-        run: rm ./contributors
   test-terraform:
+    name: Validate Terraform output
     runs-on: ubuntu-latest
     steps:
       - name: Check out code
@@ -38,5 +26,45 @@ jobs:
           bun-version: latest
       - name: Install dependencies
         run: bun install
-      - name: Run tests
+      - name: Run TypeScript tests
         run: bun test
+      - name: Run Terraform Validate
+        run: bun terraform-validate
+  validate-style:
+    name: Check for typos and unformatted code
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+      - name: Install Bun
+        uses: oven-sh/setup-bun@v2
+        with:
+          bun-version: latest
+      # Need Terraform for its formatter
+      - name: Install Terraform
+        uses: coder/coder/.github/actions/setup-tf@main
+      - name: Install dependencies
+        run: bun install
+      - name: Validate formatting
+        run: bun fmt:ci
+      - name: Check for typos
+        uses: crate-ci/typos@v1.31.1
+        with:
+          config: .github/typos.toml
+  validate-readme-files:
+    name: Validate README files
+    runs-on: ubuntu-latest
+    # We want to do some basic README checks first before we try analyzing the
+    # contents
+    needs: validate-style
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v4
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version: "1.23.2"
+      - name: Validate contributors
+        run: go build ./cmd/readmevalidation && ./readmevalidation
+      - name: Remove build file artifact
+        run: rm ./readmevalidation

.gitignore

@@ -135,8 +135,8 @@ dist
 .yarn/install-state.gz
 .pnp.*
 
-# Script output
-/contributors
+# Things needed for CI
+/readmevalidation
 
 # Terraform files generated during testing
 .terraform*

CONTRIBUTING.md

@@ -0,0 +1,200 @@
+# Contributing
+
+## Getting started
+
+This repo uses two main runtimes to verify the correctness of a module/template before it is published:
+
+- [Bun](https://bun.sh/) – Used to run tests for each module/template to validate overall functionality and correctness of Terraform output
+- [Go](https://go.dev/) – Used to validate all README files in the directory
+
+### Installing Bun
+
+To install Bun, you can run this command on Linux/MacOS:
+
+```shell
+curl -fsSL https://bun.sh/install | bash
+```
+
+Or this command on Windows:
+
+```shell
+powershell -c "irm bun.sh/install.ps1 | iex"
+```
+
+Follow the instructions to ensure that Bun is available globally. Once Bun is installed, install all necessary dependencies from the root of the repo:
+
+Via NPM:
+
+```shell
+npm i
+```
+
+Via PNPM:
+
+```shell
+pnpm i
+```
+
+This repo does not support Yarn.
+
+### Installing Go (optional)
+
+This step can be skipped if you are not working on any of the README validation logic. The validation will still run as part of CI.
+
+[Navigate to the official Go Installation page](https://go.dev/doc/install), and install the correct version for your operating system.
+
+Once Go has been installed, verify the installation via:
+
+```shell
+go version
+```
+
+### Adding a new module/template (coming soon)
+
+Once Bun (and possibly Go) have been installed, clone this repository. From there, you can run this script to make it easier to start contributing a new module or template:
+
+```shell
+./new.sh NAME_OF_NEW_MODULE
+```
+
+You can also create the correct module/template files manually.
+
+## Testing a Module
+
+> [!IMPORTANT]
+> It is the responsibility of the module author to implement tests for every new module they wish to contribute. It falls to the author to test the module locally before submitting a PR.
+
+All general-purpose test helpers for validating Terraform can be found in the top-level `/testing` directory. The helpers run `terraform apply` on modules that use variables, testing the script output against containers.
+
+> [!NOTE]
+> The testing suite must be able to run docker containers with the `--network=host` flag. This typically requires running the tests on Linux as this flag does not apply to Docker Desktop for MacOS and Windows. MacOS users can work around this by using something like [colima](https://github.com/abiosoft/colima) or [Orbstack](https://orbstack.dev/) instead of Docker Desktop.
+
+You can reference the existing `*.test.ts` files to get an idea for how to set up tests.
+
+You can run all tests by running this command:
+
+```shell
+bun test
+```
+
+Note that tests can take some time to run, so you probably don't want to be running this as part of your development loop.
+
+To run specific tests, you can use the `-t` flag, which accepts a filepath regex:
+
+```shell
+bun test -t '<regex_pattern>'
+```
+
+To ensure that the module runs predictably in local development, you can update the Terraform source as follows:
+
+```tf
+module "example" {
+  # You may need to remove the 'version' field, it is incompatible with some sources.
+  source = "git::https://github.com/<USERNAME>/<REPO>.git//<MODULE-NAME>?ref=<BRANCH-NAME>"
+}
+```
+
+## Adding/modifying README files
+
+This repo uses Go to do a quick validation of each README. If you are working with the README files at all, it is strongly recommended that you install Go, so that the files can be validated locally.
+
+### Validating all README files
+
+To validate all README files throughout the entire repo, you can run the following:
+
+```shell
+go build ./cmd/readmevalidation && ./readmevalidation
+```
+
+The resulting binary is already part of the `.gitignore` file, but you can quickly remove it with:
+
+```shell
+rm ./readmevalidation
+```
+
+### README validation criteria
+
+The following criteria exists for one of two reasons: (1) content accessibility, or (2) having content be designed in a way that's easy for the Registry site build step to use:
+
+#### General README requirements
+
+- There must be a frontmatter section.
+- There must be exactly one h1 header, and it must be at the very top
+- The README body (if it exists) must start with an h1 header. No other content (including GitHub-Flavored Markdown alerts) is allowed to be placed above it.
+- When increasing the level of a header, the header's level must be incremented by one each time.
+- Additional image/video assets can be placed in one of two places:
+  - In the same user namespace directory where that user's main content lives
+  - In the top-level `.icons` directory
+- Any `.hcl` code snippets must be labeled as `.tf` snippets instead
+
+  ```txt
+  \`\`\`tf
+  Content
+  \`\`\`
+  ```
+
+#### Contributor profiles
+
+- The README body is allowed to be empty, but if it isn't, it must follow all the rules above.
+- The frontmatter supports the following fields:
+  - `display_name` (required string) – The name to use when displaying your user profile in the Coder Registry site
+  - `bio` (optional string) – A short description of who you are
+  - `github` (required string) – Your GitHub handle
+  - `avatar_url` (optional string) – A relative/absolute URL pointing to your avatar
+  - `linkedin` (optional string) – A URL pointing to your LinkedIn page
+  - `support_email` (optional string) – An email for users to reach you at if they need help with a published module/template
+  - `employer_github` (optional string) – The name of another user namespace whom you'd like to have associated with your account. The namespace must also exist in the repo, or else the README validation will fail.
+  - `status` (optional string union) – If defined, must be one of "community", "partner", or "official". "Community" is treated as the default value if not specified, and should be used for the majority of external contributions. "Official" should be used for Coder and Coder satellite companies. "Partner" is for companies who have a formal business agreement with Coder.
+
+#### Modules and templates
+
+- The frontmatter supports the following fields:
+  - `description` (required string) A short description of what the module/template does.
+  - `icon` (required string) – A URL pointing to the icon to use for the module/template when viewing it on the Registry website.
+  - `display_name` (optional string) – A name to display instead of the name intuited from the module's/template's directory name
+  - `verified` (optional boolean) – A boolean indicated that the Coder team has officially tested and vouched for the functionality/reliability of a given module or template. This field should only be changed by Coder employees.
+  - `tags` (optional string array) – A list of tags to associate with the module/template. Users will be able to search for these tags from the Registry website.
+
+## Releases
+
+The release process is automated with these steps:
+
+### 1. Create and merge a new PR
+
+- Create a PR with your module changes
+- Get your PR reviewed, approved, and merged into the `main` branch
+
+### 2. Prepare Release (Maintainer Task)
+
+After merging to `main`, a maintainer will:
+
+- View all modules and their current versions:
+
+  ```shell
+  ./release.sh --list
+  ```
+
+- Determine the next version number based on changes:
+
+  - **Patch version** (1.2.3 → 1.2.4): Bug fixes
+  - **Minor version** (1.2.3 → 1.3.0): New features, adding inputs, deprecating inputs
+  - **Major version** (1.2.3 → 2.0.0): Breaking changes (removing inputs, changing input types)
+
+- Create and push an annotated tag:
+
+  ```shell
+  # Fetch latest changes
+  git fetch origin
+  
+  # Create and push tag
+  ./release.sh module-name 1.2.3 --push
+  ```
+
+  The tag format will be: `release/module-name/v1.2.3`
+
+### 3. Publishing to Coder Registry
+
+Our automated processes will handle publishing new data to [registry.coder.com](https://registry.coder.com).
+
+> [!NOTE]
+> Some data in registry.coder.com is fetched on demand from the [coder/modules](https://github.com/coder/modules) repo's `main` branch. This data should update almost immediately after a release, while other changes will take some time to propagate.

README.md

@@ -1,3 +1,3 @@
-# hub
+# Coder Registry
 
 Publish Coder modules and templates for other developers to use.

cmd/readmevalidation/contributors.go

@@ -0,0 +1,340 @@
+package main
+
+import (
+	"errors"
+	"fmt"
+	"log"
+	"net/url"
+	"os"
+	"path"
+	"slices"
+	"strings"
+
+	"gopkg.in/yaml.v3"
+)
+
+var validContributorStatuses = []string{"official", "partner", "community"}
+
+type contributorProfileFrontmatter struct {
+	DisplayName string `yaml:"display_name"`
+	Bio         string `yaml:"bio"`
+	// Script assumes that if value is nil, the Registry site build step will
+	// backfill the value with the user's GitHub avatar URL
+	AvatarURL         *string `yaml:"avatar"`
+	LinkedinURL       *string `yaml:"linkedin"`
+	WebsiteURL        *string `yaml:"website"`
+	SupportEmail      *string `yaml:"support_email"`
+	ContributorStatus *string `yaml:"status"`
+}
+
+type contributorProfile struct {
+	frontmatter contributorProfileFrontmatter
+	namespace   string
+	filePath    string
+}
+
+func validateContributorDisplayName(displayName string) error {
+	if displayName == "" {
+		return fmt.Errorf("missing display_name")
+	}
+
+	return nil
+}
+
+func validateContributorLinkedinURL(linkedinURL *string) error {
+	if linkedinURL == nil {
+		return nil
+	}
+
+	if _, err := url.ParseRequestURI(*linkedinURL); err != nil {
+		return fmt.Errorf("linkedIn URL %q is not valid: %v", *linkedinURL, err)
+	}
+
+	return nil
+}
+
+func validateContributorSupportEmail(email *string) []error {
+	if email == nil {
+		return nil
+	}
+
+	errs := []error{}
+
+	// Can't 100% validate that this is correct without actually sending
+	// an email, and especially with some contributors being individual
+	// developers, we don't want to do that on every single run of the CI
+	// pipeline. Best we can do is verify the general structure
+	username, server, ok := strings.Cut(*email, "@")
+	if !ok {
+		errs = append(errs, fmt.Errorf("email address %q is missing @ symbol", *email))
+		return errs
+	}
+
+	if username == "" {
+		errs = append(errs, fmt.Errorf("email address %q is missing username", *email))
+	}
+
+	domain, tld, ok := strings.Cut(server, ".")
+	if !ok {
+		errs = append(errs, fmt.Errorf("email address %q is missing period for server segment", *email))
+		return errs
+	}
+
+	if domain == "" {
+		errs = append(errs, fmt.Errorf("email address %q is missing domain", *email))
+	}
+	if tld == "" {
+		errs = append(errs, fmt.Errorf("email address %q is missing top-level domain", *email))
+	}
+	if strings.Contains(*email, "?") {
+		errs = append(errs, errors.New("email is not allowed to contain query parameters"))
+	}
+
+	return errs
+}
+
+func validateContributorWebsite(websiteURL *string) error {
+	if websiteURL == nil {
+		return nil
+	}
+
+	if _, err := url.ParseRequestURI(*websiteURL); err != nil {
+		return fmt.Errorf("linkedIn URL %q is not valid: %v", *websiteURL, err)
+	}
+
+	return nil
+}
+
+func validateContributorStatus(status *string) error {
+	if status == nil {
+		return nil
+	}
+
+	if !slices.Contains(validContributorStatuses, *status) {
+		return fmt.Errorf("contributor status %q is not valid", *status)
+	}
+
+	return nil
+}
+
+// Can't validate the image actually leads to a valid resource in a pure
+// function, but can at least catch obvious problems
+func validateContributorAvatarURL(avatarURL *string) []error {
+	if avatarURL == nil {
+		return nil
+	}
+
+	errs := []error{}
+	if *avatarURL == "" {
+		errs = append(errs, errors.New("avatar URL must be omitted or non-empty string"))
+		return errs
+	}
+
+	// Have to use .Parse instead of .ParseRequestURI because this is the
+	// one field that's allowed to be a relative URL
+	if _, err := url.Parse(*avatarURL); err != nil {
+		errs = append(errs, fmt.Errorf("URL %q is not a valid relative or absolute URL", *avatarURL))
+	}
+	if strings.Contains(*avatarURL, "?") {
+		errs = append(errs, errors.New("avatar URL is not allowed to contain search parameters"))
+	}
+
+	matched := false
+	for _, ff := range supportedAvatarFileFormats {
+		matched = strings.HasSuffix(*avatarURL, ff)
+		if matched {
+			break
+		}
+	}
+	if !matched {
+		segments := strings.Split(*avatarURL, ".")
+		fileExtension := segments[len(segments)-1]
+		errs = append(errs, fmt.Errorf("avatar URL '.%s' does not end in a supported file format: [%s]", fileExtension, strings.Join(supportedAvatarFileFormats, ", ")))
+	}
+
+	return errs
+}
+
+func validateContributorYaml(yml contributorProfile) []error {
+	allErrs := []error{}
+
+	if err := validateContributorDisplayName(yml.frontmatter.DisplayName); err != nil {
+		allErrs = append(allErrs, addFilePathToError(yml.filePath, err))
+	}
+	if err := validateContributorLinkedinURL(yml.frontmatter.LinkedinURL); err != nil {
+		allErrs = append(allErrs, addFilePathToError(yml.filePath, err))
+	}
+	if err := validateContributorWebsite(yml.frontmatter.WebsiteURL); err != nil {
+		allErrs = append(allErrs, addFilePathToError(yml.filePath, err))
+	}
+	if err := validateContributorStatus(yml.frontmatter.ContributorStatus); err != nil {
+		allErrs = append(allErrs, addFilePathToError(yml.filePath, err))
+	}
+
+	for _, err := range validateContributorSupportEmail(yml.frontmatter.SupportEmail) {
+		allErrs = append(allErrs, addFilePathToError(yml.filePath, err))
+	}
+	for _, err := range validateContributorAvatarURL(yml.frontmatter.AvatarURL) {
+		allErrs = append(allErrs, addFilePathToError(yml.filePath, err))
+	}
+
+	return allErrs
+}
+
+func parseContributorProfile(rm readme) (contributorProfile, error) {
+	fm, _, err := separateFrontmatter(rm.rawText)
+	if err != nil {
+		return contributorProfile{}, fmt.Errorf("%q: failed to parse frontmatter: %v", rm.filePath, err)
+	}
+
+	yml := contributorProfileFrontmatter{}
+	if err := yaml.Unmarshal([]byte(fm), &yml); err != nil {
+		return contributorProfile{}, fmt.Errorf("%q: failed to parse: %v", rm.filePath, err)
+	}
+
+	return contributorProfile{
+		filePath:    rm.filePath,
+		frontmatter: yml,
+		namespace:   strings.TrimSuffix(strings.TrimPrefix(rm.filePath, "registry/"), "/README.md"),
+	}, nil
+}
+
+func parseContributorFiles(readmeEntries []readme) (map[string]contributorProfile, error) {
+	profilesByNamespace := map[string]contributorProfile{}
+	yamlParsingErrors := []error{}
+	for _, rm := range readmeEntries {
+		p, err := parseContributorProfile(rm)
+		if err != nil {
+			yamlParsingErrors = append(yamlParsingErrors, err)
+			continue
+		}
+
+		if prev, alreadyExists := profilesByNamespace[p.namespace]; alreadyExists {
+			yamlParsingErrors = append(yamlParsingErrors, fmt.Errorf("%q: namespace %q conflicts with namespace from %q", p.filePath, p.namespace, prev.filePath))
+			continue
+		}
+		profilesByNamespace[p.namespace] = p
+	}
+	if len(yamlParsingErrors) != 0 {
+		return nil, validationPhaseError{
+			phase:  validationPhaseReadmeParsing,
+			errors: yamlParsingErrors,
+		}
+	}
+
+	yamlValidationErrors := []error{}
+	for _, p := range profilesByNamespace {
+		errors := validateContributorYaml(p)
+		if len(errors) > 0 {
+			yamlValidationErrors = append(yamlValidationErrors, errors...)
+			continue
+		}
+	}
+	if len(yamlValidationErrors) != 0 {
+		return nil, validationPhaseError{
+			phase:  validationPhaseReadmeParsing,
+			errors: yamlValidationErrors,
+		}
+	}
+
+	return profilesByNamespace, nil
+}
+
+func aggregateContributorReadmeFiles() ([]readme, error) {
+	dirEntries, err := os.ReadDir(rootRegistryPath)
+	if err != nil {
+		return nil, err
+	}
+
+	allReadmeFiles := []readme{}
+	errs := []error{}
+	for _, e := range dirEntries {
+		dirPath := path.Join(rootRegistryPath, e.Name())
+		if !e.IsDir() {
+			continue
+		}
+
+		readmePath := path.Join(dirPath, "README.md")
+		rmBytes, err := os.ReadFile(readmePath)
+		if err != nil {
+			errs = append(errs, err)
+			continue
+		}
+		allReadmeFiles = append(allReadmeFiles, readme{
+			filePath: readmePath,
+			rawText:  string(rmBytes),
+		})
+	}
+
+	if len(errs) != 0 {
+		return nil, validationPhaseError{
+			phase:  validationPhaseFileLoad,
+			errors: errs,
+		}
+	}
+
+	return allReadmeFiles, nil
+}
+
+func validateContributorRelativeUrls(contributors map[string]contributorProfile) error {
+	// This function only validates relative avatar URLs for now, but it can be
+	// beefed up to validate more in the future
+	errs := []error{}
+
+	for _, con := range contributors {
+		// If the avatar URL is missing, we'll just assume that the Registry
+		// site build step will take care of filling in the data properly
+		if con.frontmatter.AvatarURL == nil {
+			continue
+		}
+
+		isRelativeURL := strings.HasPrefix(*con.frontmatter.AvatarURL, ".") ||
+			strings.HasPrefix(*con.frontmatter.AvatarURL, "/")
+		if !isRelativeURL {
+			continue
+		}
+
+		if strings.HasPrefix(*con.frontmatter.AvatarURL, "..") {
+			errs = append(errs, fmt.Errorf("%q: relative avatar URLs cannot be placed outside a user's namespaced directory", con.filePath))
+			continue
+		}
+
+		absolutePath := strings.TrimSuffix(con.filePath, "README.md") +
+			*con.frontmatter.AvatarURL
+		_, err := os.ReadFile(absolutePath)
+		if err != nil {
+			errs = append(errs, fmt.Errorf("%q: relative avatar path %q does not point to image in file system", con.filePath, *con.frontmatter.AvatarURL))
+		}
+	}
+
+	if len(errs) == 0 {
+		return nil
+	}
+	return validationPhaseError{
+		phase:  validationPhaseAssetCrossReference,
+		errors: errs,
+	}
+}
+
+func validateAllContributorFiles() error {
+	allReadmeFiles, err := aggregateContributorReadmeFiles()
+	if err != nil {
+		return err
+	}
+
+	log.Printf("Processing %d README files\n", len(allReadmeFiles))
+	contributors, err := parseContributorFiles(allReadmeFiles)
+	if err != nil {
+		return err
+	}
+	log.Printf("Processed %d README files as valid contributor profiles", len(contributors))
+
+	err = validateContributorRelativeUrls(contributors)
+	if err != nil {
+		return err
+	}
+	log.Println("All relative URLs for READMEs are valid")
+
+	log.Printf("Processed all READMEs in the %q directory\n", rootRegistryPath)
+	return nil
+}

cmd/readmevalidation/errors.go

@@ -0,0 +1,28 @@
+package main
+
+import "fmt"
+
+// validationPhaseError represents an error that occurred during a specific
+// phase of README validation. It should be used to collect ALL validation
+// errors that happened during a specific phase, rather than the first one
+// encountered.
+type validationPhaseError struct {
+	phase  validationPhase
+	errors []error
+}
+
+var _ error = validationPhaseError{}
+
+func (vpe validationPhaseError) Error() string {
+	msg := fmt.Sprintf("Error during %q phase of README validation:", vpe.phase.String())
+	for _, e := range vpe.errors {
+		msg += fmt.Sprintf("\n- %v", e)
+	}
+	msg += "\n"
+
+	return msg
+}
+
+func addFilePathToError(filePath string, err error) error {
+	return fmt.Errorf("%q: %v", filePath, err)
+}

cmd/readmevalidation/main.go

@@ -0,0 +1,39 @@
+// This package is for validating all contributors within the main Registry
+// directory. It validates that it has nothing but sub-directories, and that
+// each sub-directory has a README.md file. Each of those files must then
+// describe a specific contributor. The contents of these files will be parsed
+// by the Registry site build step, to be displayed in the Registry site's UI.
+package main
+
+import (
+	"fmt"
+	"log"
+	"os"
+)
+
+func main() {
+	log.Println("Starting README validation")
+
+	// If there are fundamental problems with how the repo is structured, we
+	// can't make any guarantees that any further validations will be relevant
+	// or accurate
+	repoErr := validateRepoStructure()
+	if repoErr != nil {
+		log.Println(repoErr)
+		os.Exit(1)
+	}
+
+	errs := []error{}
+	err := validateAllContributorFiles()
+	if err != nil {
+		errs = append(errs, err)
+	}
+
+	if len(errs) == 0 {
+		os.Exit(0)
+	}
+	for _, err := range errs {
+		fmt.Println(err)
+	}
+	os.Exit(1)
+}

cmd/readmevalidation/readmefiles.go

@@ -0,0 +1,113 @@
+package main
+
+import (
+	"bufio"
+	"errors"
+	"fmt"
+	"strings"
+)
+
+const rootRegistryPath = "./registry"
+
+var supportedAvatarFileFormats = []string{".png", ".jpeg", ".jpg", ".gif", ".svg"}
+
+// readme represents a single README file within the repo (usually within the
+// top-level "/registry" directory).
+type readme struct {
+	filePath string
+	rawText  string
+}
+
+// separateFrontmatter attempts to separate a README file's frontmatter content
+// from the main README body, returning both values in that order. It does not
+// validate whether the structure of the frontmatter is valid (i.e., that it's
+// structured as YAML).
+func separateFrontmatter(readmeText string) (string, string, error) {
+	if readmeText == "" {
+		return "", "", errors.New("README is empty")
+	}
+
+	const fence = "---"
+	fm := ""
+	body := ""
+	fenceCount := 0
+	lineScanner := bufio.NewScanner(
+		strings.NewReader(strings.TrimSpace(readmeText)),
+	)
+	for lineScanner.Scan() {
+		nextLine := lineScanner.Text()
+		if fenceCount < 2 && nextLine == fence {
+			fenceCount++
+			continue
+		}
+		// Break early if the very first line wasn't a fence, because then we
+		// know for certain that the README has problems
+		if fenceCount == 0 {
+			break
+		}
+
+		// It should be safe to trim each line of the frontmatter on a per-line
+		// basis, because there shouldn't be any extra meaning attached to the
+		// indentation. The same does NOT apply to the README; best we can do is
+		// gather all the lines, and then trim around it
+		if inReadmeBody := fenceCount >= 2; inReadmeBody {
+			body += nextLine + "\n"
+		} else {
+			fm += strings.TrimSpace(nextLine) + "\n"
+		}
+	}
+	if fenceCount < 2 {
+		return "", "", errors.New("README does not have two sets of frontmatter fences")
+	}
+	if fm == "" {
+		return "", "", errors.New("readme has frontmatter fences but no frontmatter content")
+	}
+
+	return fm, strings.TrimSpace(body), nil
+}
+
+// validationPhase represents a specific phase during README validation. It is
+// expected that each phase is discrete, and errors during one will prevent a
+// future phase from starting.
+type validationPhase int
+
+const (
+	// validationPhaseFileStructureValidation indicates when the entire Registry
+	// directory is being verified for having all files be placed in the file
+	// system as expected.
+	validationPhaseFileStructureValidation validationPhase = iota
+
+	// validationPhaseFileLoad indicates when README files are being read from
+	// the file system
+	validationPhaseFileLoad
+
+	// validationPhaseReadmeParsing indicates when a README's frontmatter is
+	// being parsed as YAML. This phase does not include YAML validation.
+	validationPhaseReadmeParsing
+
+	// validationPhaseReadmeValidation indicates when a README's frontmatter is
+	// being validated as proper YAML with expected keys.
+	validationPhaseReadmeValidation
+
+	// validationPhaseAssetCrossReference indicates when a README's frontmatter
+	// is having all its relative URLs be validated for whether they point to
+	// valid resources.
+	validationPhaseAssetCrossReference
+)
+
+func (p validationPhase) String() string {
+	switch p {
+	case validationPhaseFileStructureValidation:
+		return "File structure validation"
+	case validationPhaseFileLoad:
+		return "Filesystem reading"
+	case validationPhaseReadmeParsing:
+		return "README parsing"
+	case validationPhaseReadmeValidation:
+		return "README validation"
+	case validationPhaseAssetCrossReference:
+		return "Cross-referencing relative asset URLs"
+	default:
+		return fmt.Sprintf("Unknown validation phase: %d", p)
+	}
+}

cmd/readmevalidation/repostructure.go

@@ -0,0 +1,145 @@
+package main
+
+import (
+	"errors"
+	"fmt"
+	"os"
+	"path"
+	"slices"
+	"strings"
+)
+
+var (
+	supportedResourceTypes            = []string{"modules", "templates"}
+	supportedUserNameSpaceDirectories = append(supportedResourceTypes[:], ".icons", ".images")
+)
+
+func validateCoderResourceSubdirectory(dirPath string) []error {
+	errs := []error{}
+
+	subDir, err := os.Stat(dirPath)
+	if err != nil {
+		// It's valid for a specific resource directory not to exist. It's just
+		// that if it does exist, it must follow specific rules
+		if !errors.Is(err, os.ErrNotExist) {
+			errs = append(errs, addFilePathToError(dirPath, err))
+		}
+		return errs
+	}
+
+	if !subDir.IsDir() {
+		errs = append(errs, fmt.Errorf("%q: path is not a directory", dirPath))
+		return errs
+	}
+
+	files, err := os.ReadDir(dirPath)
+	if err != nil {
+		errs = append(errs, addFilePathToError(dirPath, err))
+		return errs
+	}
+	for _, f := range files {
+		// The .coder subdirectories are sometimes generated as part of Bun
+		// tests. These subdirectories will never be committed to the repo, but
+		// in the off chance that they don't get cleaned up properly, we want to
+		// skip over them
+		if !f.IsDir() || f.Name() == ".coder" {
+			continue
+		}
+
+		resourceReadmePath := path.Join(dirPath, f.Name(), "README.md")
+		_, err := os.Stat(resourceReadmePath)
+		if err != nil {
+			if errors.Is(err, os.ErrNotExist) {
+				errs = append(errs, fmt.Errorf("%q: 'README.md' does not exist", resourceReadmePath))
+			} else {
+				errs = append(errs, addFilePathToError(resourceReadmePath, err))
+			}
+		}
+
+		mainTerraformPath := path.Join(dirPath, f.Name(), "main.tf")
+		_, err = os.Stat(mainTerraformPath)
+		if err != nil {
+			if errors.Is(err, os.ErrNotExist) {
+				errs = append(errs, fmt.Errorf("%q: 'main.tf' file does not exist", mainTerraformPath))
+			} else {
+				errs = append(errs, addFilePathToError(mainTerraformPath, err))
+			}
+		}
+
+	}
+
+	return errs
+}
+
+func validateRegistryDirectory() []error {
+	userDirs, err := os.ReadDir(rootRegistryPath)
+	if err != nil {
+		return []error{err}
+	}
+
+	allErrs := []error{}
+	for _, d := range userDirs {
+		dirPath := path.Join(rootRegistryPath, d.Name())
+		if !d.IsDir() {
+			allErrs = append(allErrs, fmt.Errorf("detected non-directory file %q at base of main Registry directory", dirPath))
+			continue
+		}
+
+		contributorReadmePath := path.Join(dirPath, "README.md")
+		_, err := os.Stat(contributorReadmePath)
+		if err != nil {
+			allErrs = append(allErrs, err)
+		}
+
+		files, err := os.ReadDir(dirPath)
+		if err != nil {
+			allErrs = append(allErrs, err)
+			continue
+		}
+
+		for _, f := range files {
+			// Todo: Decide if there's anything more formal that we want to
+			// ensure about non-directories scoped to user namespaces
+			if !f.IsDir() {
+				continue
+			}
+
+			segment := f.Name()
+			filePath := path.Join(dirPath, segment)
+
+			if !slices.Contains(supportedUserNameSpaceDirectories, segment) {
+				allErrs = append(allErrs, fmt.Errorf("%q: only these sub-directories are allowed at top of user namespace: [%s]", filePath, strings.Join(supportedUserNameSpaceDirectories, ", ")))
+				continue
+			}
+
+			if slices.Contains(supportedResourceTypes, segment) {
+				errs := validateCoderResourceSubdirectory(filePath)
+				if len(errs) != 0 {
+					allErrs = append(allErrs, errs...)
+				}
+			}
+		}
+	}
+
+	return allErrs
+}
+
+func validateRepoStructure() error {
+	var problems []error
+	if errs := validateRegistryDirectory(); len(errs) != 0 {
+		problems = append(problems, errs...)
+	}
+
+	_, err := os.Stat("./.icons")
+	if err != nil {
+		problems = append(problems, errors.New("missing top-level .icons directory (used for storing reusable Coder resource icons)"))
+	}
+
+	if len(problems) != 0 {
+		return validationPhaseError{
+			phase:  validationPhaseFileStructureValidation,
+			errors: problems,
+		}
+	}
+	return nil
+}

examples/modules/run.sh

@@ -11,10 +11,10 @@ BOLD='\033[0;1m'
 printf "$${BOLD}Installing MODULE_NAME ...\n\n"
 
 # Add code here
-# Use varibles from the templatefile function in main.tf
+# Use variables from the templatefile function in main.tf
 # e.g. LOG_PATH, PORT, etc.
 
-printf "🥳 Installation comlete!\n\n"
+printf "🥳 Installation complete!\n\n"
 
 printf "👷 Starting MODULE_NAME in background...\n\n"
 # Start the app in here

package.json

@@ -1,9 +1,10 @@
 {
   "name": "modules",
   "scripts": {
+    "fmt": "bun x prettier --write **/*.sh **/*.ts **/*.md *.md && terraform fmt -recursive -diff",
+    "fmt:ci": "bun x prettier --check **/*.sh **/*.ts **/*.md *.md && terraform fmt -check -recursive -diff",
+    "terraform-validate": "./scripts/terraform_validate.sh",
     "test": "bun test",
-    "fmt": "bun x prettier -w **/*.sh .sample/run.sh new.sh **/*.ts **/*.md *.md && terraform fmt **/*.tf .sample/main.tf",
-    "fmt:ci": "bun x prettier --check **/*.sh .sample/run.sh new.sh **/*.ts **/*.md *.md && terraform fmt -check **/*.tf .sample/main.tf",
     "update-version": "./update-version.sh"
   },
   "devDependencies": {

registry/hashicorp/README.md

@@ -1,8 +0,0 @@
----
-display_name: HashiCorp
-bio: HashiCorp, an IBM company, empowers organizations to automate and secure multi-cloud and hybrid environments with The Infrastructure Cloud™. Our suite of Infrastructure Lifecycle Management and Security Lifecycle Management solutions are built on projects with source code freely available at their core. The HashiCorp suite underpins the world's most critical applications, helping enterprises achieve efficiency, security, and scalability at any stage of their cloud journey.
-github: hashicorp
-linkedin: https://www.linkedin.com/company/hashicorp
-website: https://www.hashicorp.com/
-status: partner
----

registry/jfrog/README.md

@@ -1,8 +0,0 @@
----
-display_name: Jfrog
-bio: At JFrog, we are making endless software versions a thing of the past, with liquid software that flows continuously and automatically from build all the way through to production.
-github: jfrog
-linkedin: https://www.linkedin.com/company/jfrog-ltd
-website: https://jfrog.com/
-status: partner
----

registry/nataindata/README.md

@@ -3,5 +3,5 @@ display_name: Nataindata
 bio: Data engineer
 github: nataindata
 website: https://www.nataindata.com
-status: community
+status: partner
 ---

scripts/contributors/contributors.go

@@ -1,446 +0,0 @@
-package main
-
-import (
-	"bufio"
-	"errors"
-	"fmt"
-	"net/url"
-	"os"
-	"path"
-	"slices"
-	"strings"
-
-	"gopkg.in/yaml.v3"
-)
-
-const rootRegistryPath = "./registry"
-
-var (
-	validContributorStatuses   = []string{"official", "partner", "community"}
-	supportedAvatarFileFormats = []string{".png", ".jpeg", ".jpg", ".gif", ".svg"}
-)
-
-type readme struct {
-	filePath string
-	rawText  string
-}
-
-type contributorProfileFrontmatter struct {
-	DisplayName    string `yaml:"display_name"`
-	Bio            string `yaml:"bio"`
-	GithubUsername string `yaml:"github"`
-	// Script assumes that if value is nil, the Registry site build step will
-	// backfill the value with the user's GitHub avatar URL
-	AvatarURL              *string `yaml:"avatar"`
-	LinkedinURL            *string `yaml:"linkedin"`
-	WebsiteURL             *string `yaml:"website"`
-	SupportEmail           *string `yaml:"support_email"`
-	EmployerGithubUsername *string `yaml:"employer_github"`
-	ContributorStatus      *string `yaml:"status"`
-}
-
-type contributorProfile struct {
-	frontmatter contributorProfileFrontmatter
-	filePath    string
-}
-
-var _ error = validationPhaseError{}
-
-type validationPhaseError struct {
-	phase  string
-	errors []error
-}
-
-func (vpe validationPhaseError) Error() string {
-	validationStrs := []string{}
-	for _, e := range vpe.errors {
-		validationStrs = append(validationStrs, fmt.Sprintf("- %v", e))
-	}
-	slices.Sort(validationStrs)
-
-	msg := fmt.Sprintf("Error during %q phase of README validation:", vpe.phase)
-	msg += strings.Join(validationStrs, "\n")
-	msg += "\n"
-
-	return msg
-}
-
-func extractFrontmatter(readmeText string) (string, error) {
-	if readmeText == "" {
-		return "", errors.New("README is empty")
-	}
-
-	const fence = "---"
-	fm := ""
-	fenceCount := 0
-	lineScanner := bufio.NewScanner(
-		strings.NewReader(strings.TrimSpace(readmeText)),
-	)
-	for lineScanner.Scan() {
-		nextLine := lineScanner.Text()
-		if fenceCount == 0 && nextLine != fence {
-			return "", errors.New("README does not start with frontmatter fence")
-		}
-
-		if nextLine != fence {
-			fm += nextLine + "\n"
-			continue
-		}
-
-		fenceCount++
-		if fenceCount >= 2 {
-			break
-		}
-	}
-
-	if fenceCount == 1 {
-		return "", errors.New("README does not have two sets of frontmatter fences")
-	}
-	return fm, nil
-}
-
-func validateContributorGithubUsername(githubUsername string) error {
-	if githubUsername == "" {
-		return errors.New("missing GitHub username")
-	}
-
-	lower := strings.ToLower(githubUsername)
-	if uriSafe := url.PathEscape(lower); uriSafe != lower {
-		return fmt.Errorf("gitHub username %q is not a valid URL path segment", githubUsername)
-	}
-
-	return nil
-}
-
-func validateContributorEmployerGithubUsername(
-	employerGithubUsername *string,
-	githubUsername string,
-) []error {
-	if employerGithubUsername == nil {
-		return nil
-	}
-
-	problems := []error{}
-	if *employerGithubUsername == "" {
-		problems = append(problems, errors.New("company_github field is defined but has empty value"))
-		return problems
-	}
-
-	lower := strings.ToLower(*employerGithubUsername)
-	if uriSafe := url.PathEscape(lower); uriSafe != lower {
-		problems = append(problems, fmt.Errorf("gitHub company username %q is not a valid URL path segment", *employerGithubUsername))
-	}
-
-	if *employerGithubUsername == githubUsername {
-		problems = append(problems, fmt.Errorf("cannot list own GitHub name (%q) as employer", githubUsername))
-	}
-
-	return problems
-}
-
-func validateContributorDisplayName(displayName string) error {
-	if displayName == "" {
-		return fmt.Errorf("missing display_name")
-	}
-
-	return nil
-}
-
-func validateContributorLinkedinURL(linkedinURL *string) error {
-	if linkedinURL == nil {
-		return nil
-	}
-
-	if _, err := url.ParseRequestURI(*linkedinURL); err != nil {
-		return fmt.Errorf("linkedIn URL %q is not valid: %v", *linkedinURL, err)
-	}
-
-	return nil
-}
-
-func validateContributorSupportEmail(email *string) []error {
-	if email == nil {
-		return nil
-	}
-
-	problems := []error{}
-
-	// Can't 100% validate that this is correct without actually sending
-	// an email, and especially with some contributors being individual
-	// developers, we don't want to do that on every single run of the CI
-	// pipeline. Best we can do is verify the general structure
-	username, server, ok := strings.Cut(*email, "@")
-	if !ok {
-		problems = append(problems, fmt.Errorf("email address %q is missing @ symbol", *email))
-		return problems
-	}
-
-	if username == "" {
-		problems = append(problems, fmt.Errorf("email address %q is missing username", *email))
-	}
-
-	domain, tld, ok := strings.Cut(server, ".")
-	if !ok {
-		problems = append(problems, fmt.Errorf("email address %q is missing period for server segment", *email))
-		return problems
-	}
-
-	if domain == "" {
-		problems = append(problems, fmt.Errorf("email address %q is missing domain", *email))
-	}
-	if tld == "" {
-		problems = append(problems, fmt.Errorf("email address %q is missing top-level domain", *email))
-	}
-	if strings.Contains(*email, "?") {
-		problems = append(problems, errors.New("email is not allowed to contain query parameters"))
-	}
-
-	return problems
-}
-
-func validateContributorWebsite(websiteURL *string) error {
-	if websiteURL == nil {
-		return nil
-	}
-
-	if _, err := url.ParseRequestURI(*websiteURL); err != nil {
-		return fmt.Errorf("linkedIn URL %q is not valid: %v", *websiteURL, err)
-	}
-
-	return nil
-}
-
-func validateContributorStatus(status *string) error {
-	if status == nil {
-		return nil
-	}
-
-	if !slices.Contains(validContributorStatuses, *status) {
-		return fmt.Errorf("contributor status %q is not valid", *status)
-	}
-
-	return nil
-}
-
-// Can't validate the image actually leads to a valid resource in a pure
-// function, but can at least catch obvious problems
-func validateContributorAvatarURL(avatarURL *string) []error {
-	if avatarURL == nil {
-		return nil
-	}
-
-	problems := []error{}
-	if *avatarURL == "" {
-		problems = append(problems, errors.New("avatar URL must be omitted or non-empty string"))
-		return problems
-	}
-
-	// Have to use .Parse instead of .ParseRequestURI because this is the
-	// one field that's allowed to be a relative URL
-	if _, err := url.Parse(*avatarURL); err != nil {
-		problems = append(problems, fmt.Errorf("URL %q is not a valid relative or absolute URL", *avatarURL))
-	}
-	if strings.Contains(*avatarURL, "?") {
-		problems = append(problems, errors.New("avatar URL is not allowed to contain search parameters"))
-	}
-
-	matched := false
-	for _, ff := range supportedAvatarFileFormats {
-		matched = strings.HasSuffix(*avatarURL, ff)
-		if matched {
-			break
-		}
-	}
-	if !matched {
-		segments := strings.Split(*avatarURL, ".")
-		fileExtension := segments[len(segments)-1]
-		problems = append(problems, fmt.Errorf("avatar URL '.%s' does not end in a supported file format: [%s]", fileExtension, strings.Join(supportedAvatarFileFormats, ", ")))
-	}
-
-	return problems
-}
-
-func addFilePathToError(filePath string, err error) error {
-	return fmt.Errorf("%q: %v", filePath, err)
-}
-
-func validateContributorYaml(yml contributorProfile) []error {
-	allProblems := []error{}
-
-	if err := validateContributorGithubUsername(yml.frontmatter.GithubUsername); err != nil {
-		allProblems = append(allProblems, addFilePathToError(yml.filePath, err))
-	}
-	if err := validateContributorDisplayName(yml.frontmatter.DisplayName); err != nil {
-		allProblems = append(allProblems, addFilePathToError(yml.filePath, err))
-	}
-	if err := validateContributorLinkedinURL(yml.frontmatter.LinkedinURL); err != nil {
-		allProblems = append(allProblems, addFilePathToError(yml.filePath, err))
-	}
-	if err := validateContributorWebsite(yml.frontmatter.WebsiteURL); err != nil {
-		allProblems = append(allProblems, addFilePathToError(yml.filePath, err))
-	}
-	if err := validateContributorStatus(yml.frontmatter.ContributorStatus); err != nil {
-		allProblems = append(allProblems, addFilePathToError(yml.filePath, err))
-	}
-
-	for _, err := range validateContributorEmployerGithubUsername(yml.frontmatter.EmployerGithubUsername, yml.frontmatter.GithubUsername) {
-		allProblems = append(allProblems, addFilePathToError(yml.filePath, err))
-	}
-	for _, err := range validateContributorSupportEmail(yml.frontmatter.SupportEmail) {
-		allProblems = append(allProblems, addFilePathToError(yml.filePath, err))
-	}
-	for _, err := range validateContributorAvatarURL(yml.frontmatter.AvatarURL) {
-		allProblems = append(allProblems, addFilePathToError(yml.filePath, err))
-	}
-
-	return allProblems
-}
-
-func parseContributorProfile(rm readme) (contributorProfile, error) {
-	fm, err := extractFrontmatter(rm.rawText)
-	if err != nil {
-		return contributorProfile{}, fmt.Errorf("%q: failed to parse frontmatter: %v", rm.filePath, err)
-	}
-
-	yml := contributorProfileFrontmatter{}
-	if err := yaml.Unmarshal([]byte(fm), &yml); err != nil {
-		return contributorProfile{}, fmt.Errorf("%q: failed to parse: %v", rm.filePath, err)
-	}
-
-	return contributorProfile{
-		filePath:    rm.filePath,
-		frontmatter: yml,
-	}, nil
-}
-
-func parseContributorFiles(readmeEntries []readme) (map[string]contributorProfile, error) {
-	profilesByUsername := map[string]contributorProfile{}
-	yamlParsingErrors := []error{}
-	for _, rm := range readmeEntries {
-		p, err := parseContributorProfile(rm)
-		if err != nil {
-			yamlParsingErrors = append(yamlParsingErrors, err)
-			continue
-		}
-
-		if prev, alreadyExists := profilesByUsername[p.frontmatter.GithubUsername]; alreadyExists {
-			yamlParsingErrors = append(yamlParsingErrors, fmt.Errorf("%q: GitHub name %s conflicts with field defined in %q", p.filePath, p.frontmatter.GithubUsername, prev.filePath))
-			continue
-		}
-		profilesByUsername[p.frontmatter.GithubUsername] = p
-	}
-	if len(yamlParsingErrors) != 0 {
-		return nil, validationPhaseError{
-			phase:  "YAML parsing",
-			errors: yamlParsingErrors,
-		}
-	}
-
-	employeeGithubGroups := map[string][]string{}
-	yamlValidationErrors := []error{}
-	for _, p := range profilesByUsername {
-		errors := validateContributorYaml(p)
-		if len(errors) > 0 {
-			yamlValidationErrors = append(yamlValidationErrors, errors...)
-			continue
-		}
-
-		if p.frontmatter.EmployerGithubUsername != nil {
-			employeeGithubGroups[*p.frontmatter.EmployerGithubUsername] = append(
-				employeeGithubGroups[*p.frontmatter.EmployerGithubUsername],
-				p.frontmatter.GithubUsername,
-			)
-		}
-	}
-	for companyName, group := range employeeGithubGroups {
-		if _, found := profilesByUsername[companyName]; found {
-			continue
-		}
-		yamlValidationErrors = append(yamlValidationErrors, fmt.Errorf("company %q does not exist in %q directory but is referenced by these profiles: [%s]", companyName, rootRegistryPath, strings.Join(group, ", ")))
-	}
-	if len(yamlValidationErrors) != 0 {
-		return nil, validationPhaseError{
-			phase:  "Raw YAML Validation",
-			errors: yamlValidationErrors,
-		}
-	}
-
-	return profilesByUsername, nil
-}
-
-func aggregateContributorReadmeFiles() ([]readme, error) {
-	dirEntries, err := os.ReadDir(rootRegistryPath)
-	if err != nil {
-		return nil, err
-	}
-
-	allReadmeFiles := []readme{}
-	problems := []error{}
-	for _, e := range dirEntries {
-		dirPath := path.Join(rootRegistryPath, e.Name())
-		if !e.IsDir() {
-			problems = append(problems, fmt.Errorf("detected non-directory file %q at base of main Registry directory", dirPath))
-			continue
-		}
-
-		readmePath := path.Join(dirPath, "README.md")
-		rmBytes, err := os.ReadFile(readmePath)
-		if err != nil {
-			problems = append(problems, err)
-			continue
-		}
-		allReadmeFiles = append(allReadmeFiles, readme{
-			filePath: readmePath,
-			rawText:  string(rmBytes),
-		})
-	}
-
-	if len(problems) != 0 {
-		return nil, validationPhaseError{
-			phase:  "FileSystem reading",
-			errors: problems,
-		}
-	}
-
-	return allReadmeFiles, nil
-}
-
-func validateRelativeUrls(
-	contributors map[string]contributorProfile,
-) error {
-	// This function only validates relative avatar URLs for now, but it can be
-	// beefed up to validate more in the future
-	problems := []error{}
-
-	for _, con := range contributors {
-		// If the avatar URL is missing, we'll just assume that the Registry
-		// site build step will take care of filling in the data properly
-		if con.frontmatter.AvatarURL == nil {
-			continue
-		}
-		if isRelativeURL := strings.HasPrefix(*con.frontmatter.AvatarURL, ".") ||
-			strings.HasPrefix(*con.frontmatter.AvatarURL, "/"); !isRelativeURL {
-			continue
-		}
-
-		if strings.HasPrefix(*con.frontmatter.AvatarURL, "..") {
-			problems = append(problems, fmt.Errorf("%q: relative avatar URLs cannot be placed outside a user's namespaced directory", con.filePath))
-			continue
-		}
-
-		absolutePath := strings.TrimSuffix(con.filePath, "README.md") +
-			*con.frontmatter.AvatarURL
-		_, err := os.ReadFile(absolutePath)
-		if err != nil {
-			problems = append(problems, fmt.Errorf("%q: relative avatar path %q does not point to image in file system", con.filePath, *con.frontmatter.AvatarURL))
-		}
-	}
-
-	if len(problems) == 0 {
-		return nil
-	}
-	return validationPhaseError{
-		phase:  "Relative URL validation",
-		errors: problems,
-	}
-}

scripts/contributors/main.go

@@ -1,39 +0,0 @@
-// This package is for validating all contributors within the main Registry
-// directory. It validates that it has nothing but sub-directories, and that
-// each sub-directory has a README.md file. Each of those files must then
-// describe a specific contributor. The contents of these files will be parsed
-// by the Registry site build step, to be displayed in the Registry site's UI.
-package main
-
-import (
-	"log"
-)
-
-func main() {
-	log.Println("Starting README validation")
-	allReadmeFiles, err := aggregateContributorReadmeFiles()
-	if err != nil {
-		log.Panic(err)
-	}
-
-	log.Printf("Processing %d README files\n", len(allReadmeFiles))
-	contributors, err := parseContributorFiles(allReadmeFiles)
-	log.Printf(
-		"Processed %d README files as valid contributor profiles",
-		len(contributors),
-	)
-	if err != nil {
-		log.Panic(err)
-	}
-
-	err = validateRelativeUrls(contributors)
-	if err != nil {
-		log.Panic(err)
-	}
-	log.Println("All relative URLs for READMEs are valid")
-
-	log.Printf(
-		"Processed all READMEs in the %q directory\n",
-		rootRegistryPath,
-	)
-}

scripts/terraform_validate.sh

@@ -0,0 +1,37 @@
+#!/bin/bash
+
+set -euo pipefail
+
+validate_terraform_directory() {
+  local dir="$1"
+  echo "Running \`terraform validate\` in $dir"
+  pushd "$dir"
+  terraform init -upgrade
+  terraform validate
+  popd
+}
+
+main() {
+  # Get the directory of the script
+  local script_dir=$(dirname "$(readlink -f "$0")")
+
+  # Code assumes that registry directory will always be in same position
+  # relative to the main script directory
+  local registry_dir="$script_dir/../registry"
+
+  # Get all subdirectories in the registry directory. Code assumes that
+  # Terraform directories won't begin to appear until three levels deep into
+  # the registry (e.g., registry/coder/modules/coder-login, which will then
+  # have a main.tf file inside it)
+  local subdirs=$(find "$registry_dir" -mindepth 3 -type d | sort)
+
+  for dir in $subdirs; do
+    # Skip over any directories that obviously don't have the necessary
+    # files
+    if test -f "$dir/main.tf"; then
+      validate_terraform_directory "$dir"
+    fi
+  done
+}
+
+main