coder
diff --git a/‎.devcontainer/devcontainer.json
Lines changed: 32 additions & 10 deletions b/‎.devcontainer/devcontainer.json
Lines changed: 32 additions & 10 deletions
diff --git a/‎.devcontainer/filebrowser/devcontainer-feature.json
Lines changed: 9 additions & 13 deletions b/‎.devcontainer/filebrowser/devcontainer-feature.json
Lines changed: 9 additions & 13 deletions
diff --git a/‎.devcontainer/filebrowser/install.sh
Lines changed: 13 additions & 23 deletions b/‎.devcontainer/filebrowser/install.sh
Lines changed: 13 additions & 23 deletions
diff --git a/‎.devcontainer/postCreateCommand.sh renamed to ‎.devcontainer/scripts/post_create.sh
Lines changed: 5 additions & 0 deletions b/‎.devcontainer/postCreateCommand.sh renamed to ‎.devcontainer/scripts/post_create.sh
Lines changed: 5 additions & 0 deletions
diff --git a/‎.devcontainer/scripts/post_start.sh
Lines changed: 4 additions & 0 deletions b/‎.devcontainer/scripts/post_start.sh
Lines changed: 4 additions & 0 deletions
diff --git a/‎.github/workflows/ci.yaml
Lines changed: 20 additions & 20 deletions b/‎.github/workflows/ci.yaml
Lines changed: 20 additions & 20 deletions
diff --git a/‎.github/workflows/docker-base.yaml
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/docker-base.yaml
Lines changed: 1 addition & 1 deletion
@@ -2,25 +2,22 @@
 	"name": "Development environments on your infrastructure",
 	"image": "codercom/oss-dogfood:latest",
 	"features": {
-		// See all possible options here https://github.com/devcontainers/features/tree/main/src/docker-in-docker
 		"ghcr.io/devcontainers/features/docker-in-docker:2": {
 			"moby": "false"
 		},
 		"ghcr.io/coder/devcontainer-features/code-server:1": {
 			"auth": "none",
 			"port": 13337
 		},
-		"./filebrowser": {}
+		"./filebrowser": {
+			"folder": "${containerWorkspaceFolder}"
+		}
 	},
 	// SYS_PTRACE to enable go debugging
-	"runArgs": [
-		"--cap-add=SYS_PTRACE"
-	],
+	"runArgs": ["--cap-add=SYS_PTRACE"],
 	"customizations": {
 		"vscode": {
-			"extensions": [
-				"biomejs.biome"
-			]
+			"extensions": ["biomejs.biome"]
 		},
 		"coder": {
 			"apps": [
@@ -43,18 +40,43 @@
 				{
 					"slug": "zed",
 					"displayName": "Zed Editor",
-					"url": "zed://ssh/${localEnv:CODER_WORKSPACE_AGENT_NAME}.${localEnv:CODER_WORKSPACE_NAME}.${localEnv:CODER_WORKSPACE_OWNER_NAME}.coder/${containerWorkspaceFolder}",
+					"url": "zed://ssh/${localEnv:CODER_WORKSPACE_AGENT_NAME}.${localEnv:CODER_WORKSPACE_NAME}.${localEnv:CODER_WORKSPACE_OWNER_NAME}.coder${containerWorkspaceFolder}",
 					"external": true,
 					"icon": "/icon/zed.svg",
 					"order": 5
+				},
+				// Reproduce `code-server` app here from the code-server
+				// feature so that we can set the correct folder and order.
+				// Currently, the order cannot be specified via option because
+				// we parse it as a number whereas variable interpolation
+				// results in a string. Additionally we set health check which
+				// is not yet set in the feature.
+				{
+					"slug": "code-server",
+					"displayName": "code-server",
+					"url": "http://${localEnv:FEATURE_CODE_SERVER_OPTION_HOST:127.0.0.1}:${localEnv:FEATURE_CODE_SERVER_OPTION_PORT:8080}/?folder=${containerWorkspaceFolder}",
+					"openIn": "${localEnv:FEATURE_CODE_SERVER_OPTION_APPOPENIN:slim-window}",
+					"share": "${localEnv:FEATURE_CODE_SERVER_OPTION_APPSHARE:owner}",
+					"icon": "/icon/code.svg",
+					"group": "${localEnv:FEATURE_CODE_SERVER_OPTION_APPGROUP:Web Editors}",
+					"order": 3,
+					"healthCheck": {
+						"url": "http://${localEnv:FEATURE_CODE_SERVER_OPTION_HOST:127.0.0.1}:${localEnv:FEATURE_CODE_SERVER_OPTION_PORT:8080}/healthz",
+						"interval": 5,
+						"threshold": 2
+					}
 				}
 			]
 		}
 	},
 	"mounts": [
+		// Add a volume for the Coder home directory to persist shell history,
+		// and speed up dotfiles init and/or personalization.
+		"source=coder-coder-devcontainer-home,target=/home/coder,type=volume",
 		// Mount the entire home because conditional mounts are not supported.
 		// See: https://github.com/devcontainers/spec/issues/132
 		"source=${localEnv:HOME},target=/mnt/home/coder,type=bind,readonly"
 	],
-	"postCreateCommand": "./.devcontainer/postCreateCommand.sh"
+	"postCreateCommand": ["./.devcontainer/scripts/post_create.sh"],
+	"postStartCommand": ["./.devcontainer/scripts/post_start.sh"]
 }
@@ -9,19 +9,15 @@
 			"default": "13339",
 			"description": "The port to run filebrowser on"
 		},
-		// "folder": {
-		// 	"type": "string",
-		// 	"default": "${containerWorkspaceFolder}",
-		// 	"description": "The root directory for filebrowser to serve"
-		// },
-		"auth": {
+		"folder": {
 			"type": "string",
-			"enum": [
-				"none",
-				"password"
-			],
-			"default": "none",
-			"description": "Authentication method (none or password)"
+			"default": "",
+			"description": "The root directory for filebrowser to serve"
+		},
+		"baseUrl": {
+			"type": "string",
+			"default": "",
+			"description": "The base URL for filebrowser (e.g., /filebrowser)"
 		}
 	},
 	"entrypoint": "/usr/local/bin/filebrowser-entrypoint",
@@ -41,7 +37,7 @@
 					"healthcheck": {
 						"url": "http://localhost:${localEnv:FEATURE_FILEBROWSER_OPTION_PORT:13339}/health",
 						"interval": 5,
-						"threshold": 6
+						"threshold": 2
 					}
 				}
 			]
 
@@ -11,38 +11,29 @@ if ! command -v filebrowser &>/dev/null; then
 	curl -fsSL https://raw.githubusercontent.com/filebrowser/get/master/get.sh | bash
 fi
 
-printf "🥳 Installation complete!\n\n"
-
-# Create run script.
+# Create entrypoint.
 cat >/usr/local/bin/filebrowser-entrypoint <<EOF
-#!/bin/bash
-
-printf "🛠️ Configuring filebrowser\n\n"
+#!/usr/bin/env bash
 
-AUTH="${AUTH}"
 PORT="${PORT}"
-FOLDER="$(pwd)"
+FOLDER="${FOLDER:-}"
+FOLDER="\${FOLDER:-\$(pwd)}"
+BASEURL="${BASEURL:-}"
 LOG_PATH=/tmp/filebrowser.log
-export FB_DATABASE="/tmp/filebrowser.db"
+export FB_DATABASE="\${HOME}/.filebrowser.db"
+
+printf "🛠️ Configuring filebrowser\n\n"
 
 # Check if filebrowser db exists.
 if [[ ! -f "\${FB_DATABASE}" ]]; then
-	filebrowser config init
-	if [[ "\$AUTH" == "password" ]]; then
-		filebrowser users add admin admin --perm.admin=true --viewMode=mosaic
-	fi
-fi
-
-# Configure filebrowser.
-if [[ "\$AUTH" == "none" ]]; then
-	filebrowser config set --port="\${PORT}" --auth.method=noauth --root="\${FOLDER}"
-else
-	filebrowser config set --port="\${PORT}" --auth.method=json --root="\${FOLDER}"
+	filebrowser config init >>\${LOG_PATH} 2>&1
+	filebrowser users add admin "" --perm.admin=true --viewMode=mosaic >>\${LOG_PATH} 2>&1
 fi
 
-set -euo pipefail
+filebrowser config set --baseurl=\${BASEURL} --port=\${PORT} --auth.method=noauth --root=\${FOLDER} >>\${LOG_PATH} 2>&1
 
 printf "👷 Starting filebrowser...\n\n"
+
 printf "📂 Serving \${FOLDER} at http://localhost:\${PORT}\n\n"
 
 filebrowser >>\${LOG_PATH} 2>&1 &
@@ -52,5 +43,4 @@ EOF
 
 chmod +x /usr/local/bin/filebrowser-entrypoint
 
-printf "✅ File Browser installed!\n\n"
-printf "🚀 Run 'filebrowser-entrypoint' to start the service\n\n"
+printf "🥳 Installation complete!\n\n"
@@ -1,5 +1,9 @@
 #!/bin/sh
 
+install_devcontainer_cli() {
+	npm install -g @devcontainers/cli
+}
+
 install_ssh_config() {
 	echo "🔑 Installing SSH configuration..."
 	rsync -a /mnt/home/coder/.ssh/ ~/.ssh/
@@ -49,6 +53,7 @@ personalize() {
 	fi
 }
 
+install_devcontainer_cli
 install_ssh_config
 install_dotfiles
 personalize
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+# Start Docker service if not already running.
+sudo service docker start
@@ -34,7 +34,7 @@ jobs:
       tailnet-integration: ${{ steps.filter.outputs.tailnet-integration }}
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
+        uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
         with:
           egress-policy: audit
 
@@ -154,7 +154,7 @@ jobs:
     runs-on: ${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-8' || 'ubuntu-latest' }}
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
+        uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
         with:
           egress-policy: audit
 
@@ -226,7 +226,7 @@ jobs:
     if: ${{ !cancelled() }}
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
+        uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
         with:
           egress-policy: audit
 
@@ -281,7 +281,7 @@ jobs:
     timeout-minutes: 7
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
+        uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
         with:
           egress-policy: audit
 
@@ -327,7 +327,7 @@ jobs:
       - name: Harden Runner
         # Harden Runner is only supported on Ubuntu runners.
         if: runner.os == 'Linux'
-        uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
+        uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
         with:
           egress-policy: audit
 
@@ -418,7 +418,7 @@ jobs:
           - windows-2022
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
+        uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
         with:
           egress-policy: audit
 
@@ -613,7 +613,7 @@ jobs:
     timeout-minutes: 25
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
+        uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
         with:
           egress-policy: audit
 
@@ -662,7 +662,7 @@ jobs:
     timeout-minutes: 25
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
+        uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
         with:
           egress-policy: audit
 
@@ -711,7 +711,7 @@ jobs:
     timeout-minutes: 25
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
+        uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
         with:
           egress-policy: audit
 
@@ -770,7 +770,7 @@ jobs:
     timeout-minutes: 20
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
+        uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
         with:
           egress-policy: audit
 
@@ -796,7 +796,7 @@ jobs:
     timeout-minutes: 20
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
+        uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
         with:
           egress-policy: audit
 
@@ -828,7 +828,7 @@ jobs:
     name: ${{ matrix.variant.name }}
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
+        uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
         with:
           egress-policy: audit
 
@@ -901,7 +901,7 @@ jobs:
     if: needs.changes.outputs.site == 'true' || needs.changes.outputs.ci == 'true'
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
+        uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
         with:
           egress-policy: audit
 
@@ -981,7 +981,7 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
+        uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
         with:
           egress-policy: audit
 
@@ -1050,7 +1050,7 @@ jobs:
     if: always()
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
+        uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
         with:
           egress-policy: audit
 
@@ -1180,7 +1180,7 @@ jobs:
       IMAGE: ghcr.io/coder/coder-preview:${{ steps.build-docker.outputs.tag }}
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
+        uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
         with:
           egress-policy: audit
 
@@ -1526,7 +1526,7 @@ jobs:
       id-token: write
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
+        uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
         with:
           egress-policy: audit
 
@@ -1545,7 +1545,7 @@ jobs:
         uses: google-github-actions/setup-gcloud@77e7a554d41e2ee56fc945c52dfd3f33d12def9a # v2.1.4
 
       - name: Set up Flux CLI
-        uses: fluxcd/flux2/action@a48f81a66c4ca9fbd993233ab99dd03a7cfbe09a # v2.6.2
+        uses: fluxcd/flux2/action@bda4c8187e436462be0d072e728b67afa215c593 # v2.6.3
         with:
           # Keep this and the github action up to date with the version of flux installed in dogfood cluster
           version: "2.5.1"
@@ -1590,7 +1590,7 @@ jobs:
     if: github.ref == 'refs/heads/main' && !github.event.pull_request.head.repo.fork
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
+        uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
         with:
           egress-policy: audit
 
@@ -1625,7 +1625,7 @@ jobs:
     if: needs.changes.outputs.db == 'true' || needs.changes.outputs.ci == 'true' || github.ref == 'refs/heads/main'
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
+        uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
         with:
           egress-policy: audit
 
 
@@ -38,7 +38,7 @@ jobs:
     if: github.repository_owner == 'coder'
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
+        uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
         with:
           egress-policy: audit