Merge branch 'main' into sigusr2

Author: jsjoeio

.github/ISSUE_TEMPLATE/bug-report.yml

@@ -57,7 +57,7 @@ body:
     id: logs
     attributes:
       label: Logs
-      description: Run code-server with the --verbose flag and then paste any relevant logs from the server, from the browser console and/or the browser network tab. For issues with installation, include installation logs (i.e. output of `npm install -g code-server`).
+      description: Run code-server with the --verbose flag and then paste any relevant logs from the server, from the browser console and/or the browser network tab. For issues with installation, include installation logs (i.e. output of `yarn global add code-server`).
   - type: textarea
     attributes:
       label: Screenshot/Video

.github/workflows/ci.yaml

@@ -39,7 +39,7 @@ jobs:
           node-version: "14"
 
       - name: Install helm
-        uses: azure/setup-helm@v1.1
+        uses: azure/setup-helm@v2.1
 
       - name: Fetch dependencies from cache
         id: cache-yarn
@@ -217,6 +217,26 @@ jobs:
           # Instead, itis determined in publish-npm.sh script
           # using GITHUB environment variables
 
+      - name: Comment npm information
+        uses: marocchino/sticky-pull-request-comment@v2
+        with:
+          GITHUB_TOKEN: ${{ github.token }}
+          header: npm-dev-build
+          message: |
+            ✨ code-server dev build published to npm for PR #${{ github.event.number }}!
+            * _Last publish status_: success
+            * _Commit_: ${{ github.event.pull_request.head.sha }}
+
+            To install in a local project, run:
+            ```shell-session
+            npm install @coder/code-server-pr@${{ github.event.number }}
+            ```
+
+            To install globally, run:
+            ```shell-session
+            npm install -g @coder/code-server-pr@${{ github.event.number }}
+            ```
+
   # TODO: cache building yarn --production
   # possibly 2m30s of savings(?)
   # this requires refactoring our release scripts
@@ -475,6 +495,9 @@ jobs:
         run: rm -rf ./release-packages ./test/test-results
 
   trivy-scan-repo:
+    permissions:
+      contents: read # for actions/checkout to fetch code
+      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
     runs-on: ubuntu-20.04
     steps:
       - name: Checkout repo
@@ -483,7 +506,7 @@ jobs:
           fetch-depth: 0
 
       - name: Run Trivy vulnerability scanner in repo mode
-        uses: aquasecurity/trivy-action@296212627a1e693efa09c00adc3e03b2ba8edf18
+        uses: aquasecurity/trivy-action@2b30463ddb3d11724a04e760e020c7d9af24d8b3
         with:
           scan-type: "fs"
           scan-ref: "."
@@ -494,6 +517,6 @@ jobs:
           severity: "HIGH,CRITICAL"
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v1
+        uses: github/codeql-action/upload-sarif@v2
         with:
           sarif_file: "trivy-repo-results.sarif"

.github/workflows/codeql-analysis.yml

@@ -17,8 +17,15 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: ${{ github.event_name == 'pull_request' }}
 
+permissions:
+  contents: read
+
 jobs:
   analyze:
+    permissions:
+      actions: read # for github/codeql-action/init to get workflow details
+      contents: read # for actions/checkout to fetch code
+      security-events: write # for github/codeql-action/autobuild to send a status report
     name: Analyze
     runs-on: ubuntu-20.04
 
@@ -28,13 +35,13 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v1
+        uses: github/codeql-action/init@v2
         with:
           config-file: ./.github/codeql-config.yml
           languages: javascript
 
       - name: Autobuild
-        uses: github/codeql-action/autobuild@v1
+        uses: github/codeql-action/autobuild@v2
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v1
+        uses: github/codeql-action/analyze@v2

.github/workflows/docker.yaml

@@ -39,17 +39,15 @@ jobs:
         id: version
         run: echo "::set-output name=version::$(jq -r .version package.json)"
 
-      - name: Download artifact
-        uses: dawidd6/action-download-artifact@v2
-        id: download
+      - name: Download release artifacts
+        uses: robinraju/[email protected]
         with:
-          branch: v${{ steps.version.outputs.version }}
-          workflow: ci.yaml
-          workflow_conclusion: completed
-          name: "release-packages"
-          path: release-packages
-
-      - name: Run ./ci/steps/docker-buildx-push.sh
-        run: ./ci/steps/docker-buildx-push.sh
+          repository: "coder/code-server"
+          tag: v${{ steps.version.outputs.version }}
+          fileName: "*.deb"
+          out-file-path: "release-packages"
+
+      - name: Publish to Docker
+        run: yarn publish:docker
         env:
           GITHUB_TOKEN: ${{ github.token }}

.github/workflows/docs-preview.yaml

@@ -30,7 +30,11 @@ jobs:
 
       - name: Comment Credentials
         uses: marocchino/sticky-pull-request-comment@v2
+        # Only run if PR comes from base repo
+        # Reason: forks cannot access secrets and this will always fail
+        if: github.event.pull_request.head.repo.full_name == github.repository
         with:
+          GITHUB_TOKEN: ${{ github.token }}
           header: codercom-preview-docs
           message: |
             ✨ code-server docs for PR #${{ github.event.number }} is ready! It will be updated on every commit.

.github/workflows/installer.yml

@@ -19,6 +19,9 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: ${{ github.event_name == 'pull_request' }}
 
+permissions:
+  contents: read
+
 jobs:
   ubuntu:
     name: Test installer on Ubuntu

.github/workflows/npm-brew.yaml

@@ -45,10 +45,8 @@ jobs:
           NPM_ENVIRONMENT: "production"
 
   homebrew:
-    # The newest version of code-server needs to be available on npm when this runs
-    # otherwise, it will 404 and won't open a PR to bump version on homebrew/homebrew-core
     needs: npm
-    runs-on: macos-latest
+    runs-on: ubuntu-latest
     steps:
       # Ensure things are up to date
       # Suggested by homebrew maintainers
@@ -60,16 +58,10 @@ jobs:
       - name: Checkout code-server
         uses: actions/checkout@v3
 
-      - name: Checkout cdrci/homebrew-core
-        uses: actions/checkout@v3
-        with:
-          repository: cdrci/homebrew-core
-          path: homebrew-core
-
       - name: Configure git
         run: |
-          git config user.name github-actions
-          git config user.email github-actions@github.com
+          git config user.name cdrci
+          git config user.email opensource@coder.com
 
       - name: Bump code-server homebrew version
         env:

.github/workflows/trivy-docker.yaml

@@ -51,7 +51,7 @@ jobs:
         uses: actions/checkout@v3
 
       - name: Run Trivy vulnerability scanner in image mode
-        uses: aquasecurity/trivy-action@296212627a1e693efa09c00adc3e03b2ba8edf18
+        uses: aquasecurity/trivy-action@2b30463ddb3d11724a04e760e020c7d9af24d8b3
         with:
           image-ref: "docker.io/codercom/code-server:latest"
           ignore-unfixed: true
@@ -60,6 +60,6 @@ jobs:
           severity: "HIGH,CRITICAL"
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v1
+        uses: github/codeql-action/upload-sarif@v2
         with:
           sarif_file: "trivy-image-results.sarif"

.gitignore

@@ -22,3 +22,4 @@ test/test-results
 
 # Quilt's internal data.
 /.pc
+/patches/*.diff~

CHANGELOG.md

@@ -9,17 +9,43 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [9.99.999] - 9090-09-09
 
-VS Code v99.99.999
+Code v99.99.999
 
-### Changed
 ### Added
+### Changed
 ### Deprecated
 ### Removed
 ### Fixed
 ### Security
 
 -->
 
+## [4.3.0](https://github.com/coder/code-server/releases/tag/v4.3.0) - 2022-04-14
+
+Code v1.65.2
+
+### Changed
+
+- Excluded .deb files from release Docker image which drops the compressed and
+  uncompressed size by 58% and 34%.
+- Upgraded to Code 1.65.2.
+
+### Added
+
+- Added a new CLI flag called `--disable-file-downloads` which allows you to
+  disable the "Download..." option that shows in the UI when right-clicking on a
+  file. This can also set by running `CS_DISABLE_FILE_DOWNLOADS=1`.
+- Aligned the dependencies for binary and npm release artifacts.
+
+### Fixed
+
+- Fixed the code-server version from not displaying in the Help > About dialog.
+- Fixed issues with the TypeScript and JavaScript Language Features Extension
+  failing to activate.
+- Fixed missing files in ipynb extension.
+- Fixed the homebrew release workflow.
+- Fixed the Docker release workflow from not always publishing version tags.
+
 ## [4.2.0](https://github.com/coder/code-server/releases/tag/v4.2.0) - 2022-03-22
 
 Code v1.64.2