Merge branch 'main' into renovate/node-16.x

Author: code-asher

.github/CODEOWNERS

@@ -1,3 +1,5 @@
 * @coder/code-server-reviewers
 
 ci/helm-chart/ @Matthew-Beckett @alexgorbatchev
+
+docs/install.md @GNUxeava

.github/workflows/ci.yaml

@@ -39,7 +39,7 @@ jobs:
           node-version: "16"
 
       - name: Install helm
-        uses: azure/setup-helm@v2.1
+        uses: azure/setup-helm@v3.3
 
       - name: Fetch dependencies from cache
         id: cache-yarn
@@ -143,14 +143,20 @@ jobs:
         id: vscode-rev
         run: echo "::set-output name=rev::$(git rev-parse HEAD:./lib/vscode)"
 
-        # We need to rebuild when we have a new version of Code or when any of
-        # the patches changed.  Use VSCODE_CACHE_VERSION to force a rebuild.
+      - name: Get version
+        id: version
+        run: echo "::set-output name=version::$(jq -r .version package.json)"
+
+      # We need to rebuild when we have a new version of Code, when any of
+      # the patches changed, or when the code-server version changes (since
+      # it gets embedded into the code).  Use VSCODE_CACHE_VERSION to
+      # force a rebuild.
       - name: Fetch prebuilt Code package from cache
         id: cache-vscode
         uses: actions/cache@v3
         with:
           path: lib/vscode-reh-web-*
-          key: vscode-reh-package-${{ secrets.VSCODE_CACHE_VERSION }}-${{ steps.vscode-rev.outputs.rev }}-${{ hashFiles('patches/*.diff') }}
+          key: vscode-reh-package-${{ secrets.VSCODE_CACHE_VERSION }}-${{ steps.vscode-rev.outputs.rev }}-${{ steps.version.outputs.version }}-${{ hashFiles('patches/*.diff', 'ci/build/build-vscode.sh') }}
 
       - name: Build vscode
         if: steps.cache-vscode.outputs.cache-hit != 'true'
@@ -164,7 +170,9 @@ jobs:
         if: success()
 
       - name: Upload coverage report to Codecov
-        run: yarn coverage
+        uses: codecov/codecov-action@v3
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }}
         if: success()
 
       # The release package does not contain any native modules
@@ -190,9 +198,9 @@ jobs:
     # This environment "npm" requires someone from
     # coder/code-server-reviewers to approve the PR before this job runs.
     environment: npm
-    # Only run if PR comes from base repo
+    # Only run if PR comes from base repo or on merge request
     # Reason: forks cannot access secrets and this will always fail
-    if: github.event.pull_request.head.repo.full_name == github.repository
+    if: github.event.pull_request.head.repo.full_name == github.repository || github.event.pull_request.merged == true
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repo
@@ -288,8 +296,11 @@ jobs:
       - name: Build standalone release
         run: source scl_source enable devtoolset-9 && yarn release:standalone
 
-      - name: Sanity test standalone release
-        run: yarn test:standalone-release
+      - name: Install test dependencies
+        run: SKIP_SUBMODULE_DEPS=1 yarn install
+
+      - name: Run integration tests on standalone release
+        run: yarn test:integration
 
       - name: Build packages with nfpm
         run: yarn package
@@ -421,8 +432,11 @@ jobs:
       - name: Build standalone release
         run: yarn release:standalone
 
-      - name: Sanity test standalone release
-        run: yarn test:standalone-release
+      - name: Install test dependencies
+        run: SKIP_SUBMODULE_DEPS=1 yarn install
+
+      - name: Run integration tests on standalone release
+        run: yarn test:integration
 
       - name: Build packages with nfpm
         run: yarn package
@@ -447,7 +461,6 @@ jobs:
         uses: actions/checkout@v3
         with:
           fetch-depth: 0
-          submodules: true
 
       - name: Install Node.js v16
         uses: actions/setup-node@v3
@@ -477,15 +490,15 @@ jobs:
 
       - name: Install dependencies
         if: steps.cache-yarn.outputs.cache-hit != 'true'
-        run: yarn --frozen-lockfile
+        run: SKIP_SUBMODULE_DEPS=1 yarn --frozen-lockfile
 
       - name: Install Playwright OS dependencies
         run: |
           ./test/node_modules/.bin/playwright install-deps
           ./test/node_modules/.bin/playwright install
 
       - name: Run end-to-end tests
-        run: yarn test:e2e
+        run: yarn test:e2e --global-timeout 840000
 
       - name: Upload test artifacts
         if: always()
@@ -497,6 +510,93 @@ jobs:
       - name: Remove release packages and test artifacts
         run: rm -rf ./release-packages ./test/test-results
 
+  test-e2e-proxy:
+    name: End-to-end tests behind proxy
+    needs: package-linux-amd64
+    runs-on: ubuntu-latest
+    timeout-minutes: 25
+    env:
+      # Since we build code-server we might as well run tests from the release
+      # since VS Code will load faster due to the bundling.
+      CODE_SERVER_TEST_ENTRY: "./release-packages/code-server-linux-amd64"
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Install Node.js v16
+        uses: actions/setup-node@v3
+        with:
+          node-version: "16"
+
+      - name: Fetch dependencies from cache
+        id: cache-yarn
+        uses: actions/cache@v3
+        with:
+          path: "**/node_modules"
+          key: yarn-build-${{ hashFiles('**/yarn.lock') }}
+          restore-keys: |
+            yarn-build-
+
+      - name: Download release packages
+        uses: actions/download-artifact@v3
+        with:
+          name: release-packages
+          path: ./release-packages
+
+      - name: Untar code-server release
+        run: |
+          cd release-packages
+          tar -xzf code-server*-linux-amd64.tar.gz
+          mv code-server*-linux-amd64 code-server-linux-amd64
+
+      - name: Install dependencies
+        if: steps.cache-yarn.outputs.cache-hit != 'true'
+        run: SKIP_SUBMODULE_DEPS=1 yarn --frozen-lockfile
+
+      - name: Install Playwright OS dependencies
+        run: |
+          ./test/node_modules/.bin/playwright install-deps
+          ./test/node_modules/.bin/playwright install
+
+      - name: Cache Caddy
+        uses: actions/cache@v2
+        id: caddy-cache
+        with:
+          path: |
+            ~/.cache/caddy
+          key: cache-caddy-2.5.2
+
+      - name: Install Caddy
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        if: steps.caddy-cache.outputs.cache-hit != 'true'
+        run: |
+          gh release download v2.5.2 --repo caddyserver/caddy --pattern "caddy_2.5.2_linux_amd64.tar.gz"
+          mkdir -p ~/.cache/caddy 
+          tar -xzf caddy_2.5.2_linux_amd64.tar.gz --directory ~/.cache/caddy
+
+      - name: Start Caddy
+        run: sudo ~/.cache/caddy/caddy start --config ./ci/Caddyfile
+
+      - name: Run end-to-end tests
+        run: yarn test:e2e:proxy
+
+      - name: Stop Caddy
+        if: always()
+        run: sudo ~/.cache/caddy/caddy stop --config ./ci/Caddyfile
+
+      - name: Upload test artifacts
+        if: always()
+        uses: actions/upload-artifact@v3
+        with:
+          name: failed-test-videos-proxy
+          path: ./test/test-results
+
+      - name: Remove release packages and test artifacts
+        run: rm -rf ./release-packages ./test/test-results
+
   trivy-scan-repo:
     permissions:
       contents: read # for actions/checkout to fetch code
@@ -509,7 +609,7 @@ jobs:
           fetch-depth: 0
 
       - name: Run Trivy vulnerability scanner in repo mode
-        uses: aquasecurity/trivy-action@e27605859b9550f81ddd818eb816c8cb83cf9650
+        uses: aquasecurity/trivy-action@cb606dfdb0d2b3698ace62192088ef4f5360b24f
         with:
           scan-type: "fs"
           scan-ref: "."

.github/workflows/docker.yaml

@@ -47,11 +47,11 @@ jobs:
         run: echo "::set-output name=version::$(jq -r .version package.json)"
 
       - name: Download release artifacts
-        uses: robinraju/release-downloader@v1.3
+        uses: robinraju/release-downloader@v1.4
         with:
           repository: "coder/code-server"
           tag: v${{ steps.version.outputs.version }}
-          fileName: "*"
+          fileName: "*.deb"
           out-file-path: "release-packages"
 
       - name: Publish to Docker

.github/workflows/docs-preview.yaml

@@ -4,6 +4,8 @@ on:
   pull_request:
     branches:
       - main
+    paths:
+      - "docs/**"
 
 permissions:
   actions: none

.github/workflows/installer.yml

@@ -34,12 +34,12 @@ jobs:
         run: ./install.sh
 
       - name: Test code-server
-        run: yarn test:standalone-release code-server
+        run: CODE_SERVER_PATH="code-server" yarn test:integration
 
   alpine:
     name: Test installer on Alpine
     runs-on: ubuntu-latest
-    container: "alpine:3.14"
+    container: "alpine:3.16"
     steps:
       - name: Checkout repo
         uses: actions/checkout@v3
@@ -66,4 +66,4 @@ jobs:
         run: ./install.sh
 
       - name: Test code-server
-        run: yarn test:standalone-release code-server
+        run: CODE_SERVER_PATH="code-server" yarn test:integration

.github/workflows/npm-brew.yaml

@@ -31,7 +31,7 @@ jobs:
         uses: dawidd6/action-download-artifact@v2
         id: download
         with:
-          branch: v${{ steps.version.outputs.version }}
+          branch: release/v${{ steps.version.outputs.version }}
           workflow: ci.yaml
           workflow_conclusion: completed
           name: "npm-package"

.github/workflows/scripts.yml

@@ -38,7 +38,7 @@ jobs:
     name: Run script unit tests
     runs-on: ubuntu-latest
     # This runs on Alpine to make sure we're testing with actual sh.
-    container: "alpine:3.14"
+    container: "alpine:3.16"
     steps:
       - name: Checkout repo
         uses: actions/checkout@v3

.github/workflows/trivy-docker.yaml

@@ -51,7 +51,7 @@ jobs:
         uses: actions/checkout@v3
 
       - name: Run Trivy vulnerability scanner in image mode
-        uses: aquasecurity/trivy-action@e27605859b9550f81ddd818eb816c8cb83cf9650
+        uses: aquasecurity/trivy-action@cb606dfdb0d2b3698ace62192088ef4f5360b24f
         with:
           image-ref: "docker.io/codercom/code-server:latest"
           ignore-unfixed: true

.prettierignore

@@ -0,0 +1 @@
+lib/vscode

.prettierrc.yaml

@@ -4,14 +4,3 @@ trailingComma: all
 arrowParens: always
 singleQuote: false
 useTabs: false
-
-overrides:
-  # Attempt to keep VScode's existing code style intact.
-  - files: "lib/vscode/**/*.ts"
-    options:
-      # No limit defined upstream.
-      printWidth: 10000
-      semi: true
-      singleQuote: true
-      useTabs: true
-      arrowParens: avoid