coder
diff --git a/‎.github/workflows/coder.yaml
Lines changed: 2 additions & 2 deletions b/‎.github/workflows/coder.yaml
Lines changed: 2 additions & 2 deletions
diff --git a/‎.vscode/settings.json
Lines changed: 2 additions & 0 deletions b/‎.vscode/settings.json
Lines changed: 2 additions & 0 deletions
diff --git a/‎agent/agent_test.go
Lines changed: 5 additions & 0 deletions b/‎agent/agent_test.go
Lines changed: 5 additions & 0 deletions
diff --git a/‎cli/agent.go
Lines changed: 4 additions & 0 deletions b/‎cli/agent.go
Lines changed: 4 additions & 0 deletions
diff --git a/‎cli/cliflag/cliflag.go
Lines changed: 9 additions & 0 deletions b/‎cli/cliflag/cliflag.go
Lines changed: 9 additions & 0 deletions
diff --git a/‎cli/cliflag/cliflag_test.go
Lines changed: 20 additions & 0 deletions b/‎cli/cliflag/cliflag_test.go
Lines changed: 20 additions & 0 deletions
diff --git a/‎cli/gitssh.go
Lines changed: 28 additions & 5 deletions b/‎cli/gitssh.go
Lines changed: 28 additions & 5 deletions
diff --git a/‎cli/publickey.go
Lines changed: 15 additions & 2 deletions b/‎cli/publickey.go
Lines changed: 15 additions & 2 deletions
diff --git a/‎cli/root.go
Lines changed: 2 additions & 2 deletions b/‎cli/root.go
Lines changed: 2 additions & 2 deletions
diff --git a/‎cli/start.go renamed to ‎cli/server.go
Lines changed: 86 additions & 15 deletions b/‎cli/start.go renamed to ‎cli/server.go
Lines changed: 86 additions & 15 deletions
@@ -172,7 +172,7 @@ jobs:
           key: ${{ runner.os }}-go-mod-${{ hashFiles('**/go.sum') }}
 
       - name: Install goreleaser
-        uses: jaxxstorm/action-install-gh-release@v1.4.0
+        uses: jaxxstorm/action-install-gh-release@v1.5.0
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
@@ -241,7 +241,7 @@ jobs:
           key: ${{ runner.os }}-go-mod-${{ hashFiles('**/go.sum') }}
 
       - name: Install goreleaser
-        uses: jaxxstorm/action-install-gh-release@v1.4.0
+        uses: jaxxstorm/action-install-gh-release@v1.5.0
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
 
@@ -35,6 +35,7 @@
     "nolint",
     "nosec",
     "ntqry",
+    "OIDC",
     "oneof",
     "parameterscopeid",
     "pqtype",
@@ -46,6 +47,7 @@
     "ptytest",
     "retrier",
     "sdkproto",
+    "Signup",
     "stretchr",
     "TCGETS",
     "tcpip",
 
@@ -76,6 +76,11 @@ func TestAgent(t *testing.T) {
 		session.Stdin = ptty.Input()
 		err = session.Start(command)
 		require.NoError(t, err)
+		caret := "$"
+		if runtime.GOOS == "windows" {
+			caret = ">"
+		}
+		ptty.ExpectMatch(caret)
 		ptty.WriteLine("echo test")
 		ptty.ExpectMatch("test")
 		ptty.WriteLine("exit")
 
@@ -120,6 +120,10 @@ func workspaceAgent() *cobra.Command {
 			if err != nil {
 				return xerrors.Errorf("writing agent session token to config: %w", err)
 			}
+			err = cfg.URL().Write(client.URL.String())
+			if err != nil {
+				return xerrors.Errorf("writing agent url to config: %w", err)
+			}
 
 			closer := agent.New(client.ListenWorkspaceAgent, logger)
 			<-cmd.Context().Done()
 
@@ -14,6 +14,7 @@ import (
 	"fmt"
 	"os"
 	"strconv"
+	"strings"
 
 	"github.com/spf13/pflag"
 )
@@ -27,6 +28,14 @@ func StringVarP(flagset *pflag.FlagSet, p *string, name string, shorthand string
 	flagset.StringVarP(p, name, shorthand, v, fmtUsage(usage, env))
 }
 
+func StringArrayVarP(flagset *pflag.FlagSet, ptr *[]string, name string, shorthand string, env string, def []string, usage string) {
+	val, ok := os.LookupEnv(env)
+	if ok {
+		def = strings.Split(val, ",")
+	}
+	flagset.StringArrayVarP(ptr, name, shorthand, def, usage)
+}
+
 // Uint8VarP sets a uint8 flag on the given flag set.
 func Uint8VarP(flagset *pflag.FlagSet, ptr *uint8, name string, shorthand string, env string, def uint8, usage string) {
 	val, ok := os.LookupEnv(env)
 
@@ -54,6 +54,26 @@ func TestCliflag(t *testing.T) {
 		require.NotContains(t, flagset.FlagUsages(), " - consumes")
 	})
 
+	t.Run("StringArrayDefault", func(t *testing.T) {
+		var ptr []string
+		flagset, name, shorthand, env, usage := randomFlag()
+		def := []string{"hello"}
+		cliflag.StringArrayVarP(flagset, &ptr, name, shorthand, env, def, usage)
+		got, err := flagset.GetStringArray(name)
+		require.NoError(t, err)
+		require.Equal(t, def, got)
+	})
+
+	t.Run("StringArrayEnvVar", func(t *testing.T) {
+		var ptr []string
+		flagset, name, shorthand, env, usage := randomFlag()
+		t.Setenv(env, "wow,test")
+		cliflag.StringArrayVarP(flagset, &ptr, name, shorthand, env, nil, usage)
+		got, err := flagset.GetStringArray(name)
+		require.NoError(t, err)
+		require.Equal(t, []string{"wow", "test"}, got)
+	})
+
 	t.Run("IntDefault", func(t *testing.T) {
 		var ptr uint8
 		flagset, name, shorthand, env, usage := randomFlag()
 
@@ -1,9 +1,14 @@
 package cli
 
 import (
+	"fmt"
+	"net/url"
 	"os"
 	"os/exec"
+	"strings"
 
+	"github.com/coder/coder/cli/cliui"
+	"github.com/coder/coder/codersdk"
 	"github.com/spf13/cobra"
 	"golang.org/x/xerrors"
 )
@@ -14,15 +19,20 @@ func gitssh() *cobra.Command {
 		Hidden: true,
 		Short:  `Wraps the "ssh" command and uses the coder gitssh key for authentication`,
 		RunE: func(cmd *cobra.Command, args []string) error {
-			client, err := createClient(cmd)
+			cfg := createConfig(cmd)
+			rawURL, err := cfg.URL().Read()
 			if err != nil {
-				return xerrors.Errorf("create codersdk client: %w", err)
+				return xerrors.Errorf("read agent url from config: %w", err)
+			}
+			parsedURL, err := url.Parse(rawURL)
+			if err != nil {
+				return xerrors.Errorf("parse agent url from config: %w", err)
 			}
-			cfg := createConfig(cmd)
 			session, err := cfg.AgentSession().Read()
 			if err != nil {
 				return xerrors.Errorf("read agent session from config: %w", err)
 			}
+			client := codersdk.New(parsedURL)
 			client.SessionToken = session
 
 			key, err := client.AgentGitSSHKey(cmd.Context())
@@ -47,12 +57,25 @@ func gitssh() *cobra.Command {
 				return xerrors.Errorf("close temp gitsshkey file: %w", err)
 			}
 
-			a := append([]string{"-i", privateKeyFile.Name()}, args...)
-			c := exec.CommandContext(cmd.Context(), "ssh", a...)
+			args = append([]string{"-i", privateKeyFile.Name()}, args...)
+			c := exec.CommandContext(cmd.Context(), "ssh", args...)
+			c.Stderr = cmd.ErrOrStderr()
 			c.Stdout = cmd.OutOrStdout()
 			c.Stdin = cmd.InOrStdin()
 			err = c.Run()
 			if err != nil {
+				exitErr := &exec.ExitError{}
+				if xerrors.As(err, &exitErr) && exitErr.ExitCode() == 255 {
+					_, _ = fmt.Fprintln(cmd.ErrOrStderr(),
+						"\n"+cliui.Styles.Wrap.Render("Coder authenticates with "+cliui.Styles.Field.Render("git")+
+							" using the public key below. All clones with SSH are authenticated automatically 🪄.")+"\n")
+					_, _ = fmt.Fprintln(cmd.ErrOrStderr(), cliui.Styles.Code.Render(strings.TrimSpace(key.PublicKey))+"\n")
+					_, _ = fmt.Fprintln(cmd.ErrOrStderr(), "Add to GitHub and GitLab:")
+					_, _ = fmt.Fprintln(cmd.ErrOrStderr(), cliui.Styles.Prompt.String()+"https://github.com/settings/ssh/new")
+					_, _ = fmt.Fprintln(cmd.ErrOrStderr(), cliui.Styles.Prompt.String()+"https://gitlab.com/-/profile/keys")
+					_, _ = fmt.Fprintln(cmd.ErrOrStderr())
+					return err
+				}
 				return xerrors.Errorf("run ssh command: %w", err)
 			}
 
 
@@ -1,15 +1,19 @@
 package cli
 
 import (
+	"strings"
+
 	"github.com/spf13/cobra"
 	"golang.org/x/xerrors"
 
+	"github.com/coder/coder/cli/cliui"
 	"github.com/coder/coder/codersdk"
 )
 
 func publickey() *cobra.Command {
 	return &cobra.Command{
-		Use: "publickey",
+		Use:     "publickey",
+		Aliases: []string{"pubkey"},
 		RunE: func(cmd *cobra.Command, args []string) error {
 			client, err := createClient(cmd)
 			if err != nil {
@@ -21,7 +25,16 @@ func publickey() *cobra.Command {
 				return xerrors.Errorf("create codersdk client: %w", err)
 			}
 
-			cmd.Println(key.PublicKey)
+			cmd.Println(cliui.Styles.Wrap.Render(
+				"This is your public key for using " + cliui.Styles.Field.Render("git") + " in " +
+					"Coder. All clones with SSH will be authenticated automatically 🪄.",
+			))
+			cmd.Println()
+			cmd.Println(cliui.Styles.Code.Render(strings.TrimSpace(key.PublicKey)))
+			cmd.Println()
+			cmd.Println("Add to GitHub and GitLab:")
+			cmd.Println(cliui.Styles.Prompt.String() + "https://github.com/settings/ssh/new")
+			cmd.Println(cliui.Styles.Prompt.String() + "https://gitlab.com/-/profile/keys")
 
 			return nil
 		},
 
@@ -43,7 +43,7 @@ func Root() *cobra.Command {
 `,
 		Example: cliui.Styles.Paragraph.Render(`Start Coder in "dev" mode. This dev-mode requires no further setup, and your local `+cliui.Styles.Code.Render("coder")+` CLI will be authenticated to talk to it. This makes it easy to experiment with Coder.`) + `
 
-    ` + cliui.Styles.Code.Render("$ coder start --dev") + `
+    ` + cliui.Styles.Code.Render("$ coder server --dev") + `
 	` + cliui.Styles.Paragraph.Render("Get started by creating a template from an example.") + `
 
     ` + cliui.Styles.Code.Render("$ coder templates init"),
@@ -63,7 +63,7 @@ func Root() *cobra.Command {
 
 	cmd.AddCommand(
 		configSSH(),
-		start(),
+		server(),
 		login(),
 		parameters(),
 		templates(),
 
@@ -18,8 +18,12 @@ import (
 
 	"github.com/briandowns/spinner"
 	"github.com/coreos/go-systemd/daemon"
+	"github.com/google/go-github/v43/github"
 	"github.com/pion/turn/v2"
+	"github.com/pion/webrtc/v3"
 	"github.com/spf13/cobra"
+	"golang.org/x/oauth2"
+	xgithub "golang.org/x/oauth2/github"
 	"golang.org/x/xerrors"
 	"google.golang.org/api/idtoken"
 	"google.golang.org/api/option"
@@ -43,31 +47,37 @@ import (
 	"github.com/coder/coder/provisionersdk/proto"
 )
 
-func start() *cobra.Command {
+// nolint:gocyclo
+func server() *cobra.Command {
 	var (
 		accessURL   string
 		address     string
 		cacheDir    string
 		dev         bool
 		postgresURL string
 		// provisionerDaemonCount is a uint8 to ensure a number > 0.
-		provisionerDaemonCount uint8
-		tlsCertFile            string
-		tlsClientCAFile        string
-		tlsClientAuth          string
-		tlsEnable              bool
-		tlsKeyFile             string
-		tlsMinVersion          string
-		turnRelayAddress       string
-		skipTunnel             bool
-		traceDatadog           bool
-		secureAuthCookie       bool
-		sshKeygenAlgorithmRaw  string
-		spooky                 bool
+		provisionerDaemonCount           uint8
+		oauth2GithubClientID             string
+		oauth2GithubClientSecret         string
+		oauth2GithubAllowedOrganizations []string
+		oauth2GithubAllowSignups         bool
+		tlsCertFile                      string
+		tlsClientCAFile                  string
+		tlsClientAuth                    string
+		tlsEnable                        bool
+		tlsKeyFile                       string
+		tlsMinVersion                    string
+		turnRelayAddress                 string
+		skipTunnel                       bool
+		stunServers                      []string
+		traceDatadog                     bool
+		secureAuthCookie                 bool
+		sshKeygenAlgorithmRaw            string
+		spooky                           bool
 	)
 
 	root := &cobra.Command{
-		Use: "start",
+		Use: "server",
 		RunE: func(cmd *cobra.Command, args []string) error {
 			logger := slog.Make(sloghuman.Sink(os.Stderr))
 			if traceDatadog {
@@ -169,8 +179,15 @@ func start() *cobra.Command {
 				return xerrors.Errorf("create turn server: %w", err)
 			}
 
+			iceServers := make([]webrtc.ICEServer, 0)
+			for _, stunServer := range stunServers {
+				iceServers = append(iceServers, webrtc.ICEServer{
+					URLs: []string{stunServer},
+				})
+			}
 			options := &coderd.Options{
 				AccessURL:            accessURLParsed,
+				ICEServers:           iceServers,
 				Logger:               logger.Named("coderd"),
 				Database:             databasefake.New(),
 				Pubsub:               database.NewPubsubInMemory(),
@@ -180,6 +197,13 @@ func start() *cobra.Command {
 				TURNServer:           turnServer,
 			}
 
+			if oauth2GithubClientSecret != "" {
+				options.GithubOAuth2Config, err = configureGithubOAuth2(accessURLParsed, oauth2GithubClientID, oauth2GithubClientSecret, oauth2GithubAllowSignups, oauth2GithubAllowedOrganizations)
+				if err != nil {
+					return xerrors.Errorf("configure github oauth2: %w", err)
+				}
+			}
+
 			_, _ = fmt.Fprintf(cmd.ErrOrStderr(), "access-url: %s\n", accessURL)
 			_, _ = fmt.Fprintf(cmd.ErrOrStderr(), "provisioner-daemons: %d\n", provisionerDaemonCount)
 			_, _ = fmt.Fprintln(cmd.ErrOrStderr())
@@ -377,6 +401,14 @@ func start() *cobra.Command {
 	cliflag.BoolVarP(root.Flags(), &dev, "dev", "", "CODER_DEV_MODE", false, "Serve Coder in dev mode for tinkering")
 	cliflag.StringVarP(root.Flags(), &postgresURL, "postgres-url", "", "CODER_PG_CONNECTION_URL", "", "URL of a PostgreSQL database to connect to")
 	cliflag.Uint8VarP(root.Flags(), &provisionerDaemonCount, "provisioner-daemons", "", "CODER_PROVISIONER_DAEMONS", 1, "The amount of provisioner daemons to create on start.")
+	cliflag.StringVarP(root.Flags(), &oauth2GithubClientID, "oauth2-github-client-id", "", "CODER_OAUTH2_GITHUB_CLIENT_ID", "",
+		"Specifies a client ID to use for oauth2 with GitHub.")
+	cliflag.StringVarP(root.Flags(), &oauth2GithubClientSecret, "oauth2-github-client-secret", "", "CODER_OAUTH2_GITHUB_CLIENT_SECRET", "",
+		"Specifies a client secret to use for oauth2 with GitHub.")
+	cliflag.StringArrayVarP(root.Flags(), &oauth2GithubAllowedOrganizations, "oauth2-github-allowed-orgs", "", "CODER_OAUTH2_GITHUB_ALLOWED_ORGS", nil,
+		"Specifies organizations the user must be a member of to authenticate with GitHub.")
+	cliflag.BoolVarP(root.Flags(), &oauth2GithubAllowSignups, "oauth2-github-allow-signups", "", "CODER_OAUTH2_GITHUB_ALLOW_SIGNUPS", false,
+		"Specifies whether new users can sign up with GitHub.")
 	cliflag.BoolVarP(root.Flags(), &tlsEnable, "tls-enable", "", "CODER_TLS_ENABLE", false, "Specifies if TLS will be enabled")
 	cliflag.StringVarP(root.Flags(), &tlsCertFile, "tls-cert-file", "", "CODER_TLS_CERT_FILE", "",
 		"Specifies the path to the certificate for TLS. It requires a PEM-encoded file. "+
@@ -393,6 +425,9 @@ func start() *cobra.Command {
 		`Specifies the minimum supported version of TLS. Accepted values are "tls10", "tls11", "tls12" or "tls13"`)
 	cliflag.BoolVarP(root.Flags(), &skipTunnel, "skip-tunnel", "", "CODER_DEV_SKIP_TUNNEL", false, "Skip serving dev mode through an exposed tunnel for simple setup.")
 	_ = root.Flags().MarkHidden("skip-tunnel")
+	cliflag.StringArrayVarP(root.Flags(), &stunServers, "stun-server", "", "CODER_STUN_SERVERS", []string{
+		"stun:stun.l.google.com:19302",
+	}, "Specify URLs for STUN servers to enable P2P connections.")
 	cliflag.BoolVarP(root.Flags(), &traceDatadog, "trace-datadog", "", "CODER_TRACE_DATADOG", false, "Send tracing data to a datadog agent")
 	cliflag.StringVarP(root.Flags(), &turnRelayAddress, "turn-relay-address", "", "CODER_TURN_RELAY_ADDRESS", "127.0.0.1",
 		"Specifies the address to bind TURN connections.")
@@ -576,6 +611,42 @@ func configureTLS(listener net.Listener, tlsMinVersion, tlsClientAuth, tlsCertFi
 	return tls.NewListener(listener, tlsConfig), nil
 }
 
+func configureGithubOAuth2(accessURL *url.URL, clientID, clientSecret string, allowSignups bool, allowOrgs []string) (*coderd.GithubOAuth2Config, error) {
+	redirectURL, err := accessURL.Parse("/api/v2/users/oauth2/github/callback")
+	if err != nil {
+		return nil, xerrors.Errorf("parse github oauth callback url: %w", err)
+	}
+	return &coderd.GithubOAuth2Config{
+		OAuth2Config: &oauth2.Config{
+			ClientID:     clientID,
+			ClientSecret: clientSecret,
+			Endpoint:     xgithub.Endpoint,
+			RedirectURL:  redirectURL.String(),
+			Scopes: []string{
+				"read:user",
+				"read:org",
+				"user:email",
+			},
+		},
+		AllowSignups:       allowSignups,
+		AllowOrganizations: allowOrgs,
+		AuthenticatedUser: func(ctx context.Context, client *http.Client) (*github.User, error) {
+			user, _, err := github.NewClient(client).Users.Get(ctx, "")
+			return user, err
+		},
+		ListEmails: func(ctx context.Context, client *http.Client) ([]*github.UserEmail, error) {
+			emails, _, err := github.NewClient(client).Users.ListEmails(ctx, &github.ListOptions{})
+			return emails, err
+		},
+		ListOrganizationMemberships: func(ctx context.Context, client *http.Client) ([]*github.Membership, error) {
+			memberships, _, err := github.NewClient(client).Organizations.ListOrgMemberships(ctx, &github.ListOrgMembershipsOptions{
+				State: "active",
+			})
+			return memberships, err
+		},
+	}, nil
+}
+
 type datadogLogger struct {
 	logger slog.Logger
 }