Update Code to 1.104.3 (#7515)

Open VSX uses a non-standard format for the `/latest` URL which must be added to the gallery config.

.eslintrc.yaml

@@ -1,43 +0,0 @@
-parser: "@typescript-eslint/parser"
-env:
-  browser: true
-  es6: true # Map, etc.
-  jest: true
-  node: true
-
-parserOptions:
-  ecmaVersion: 2018
-  sourceType: module
-
-extends:
-  - eslint:recommended
-  - plugin:@typescript-eslint/recommended
-  - plugin:import/recommended
-  - plugin:import/typescript
-  - plugin:prettier/recommended
-  # Prettier should always be last
-  # Removes eslint rules that conflict with prettier.
-  - prettier
-
-rules:
-  # Sometimes you need to add args to implement a function signature even
-  # if they are unused.
-  "@typescript-eslint/no-unused-vars": ["error", { "args": "none" }]
-  # For overloads.
-  no-dupe-class-members: off
-  "@typescript-eslint/no-use-before-define": off
-  "@typescript-eslint/no-non-null-assertion": off
-  "@typescript-eslint/ban-types": off
-  "@typescript-eslint/no-var-requires": off
-  "@typescript-eslint/explicit-module-boundary-types": off
-  "@typescript-eslint/no-explicit-any": off
-  "@typescript-eslint/no-extra-semi": off
-  eqeqeq: error
-  import/order:
-    [error, { alphabetize: { order: "asc" }, groups: [["builtin", "external", "internal"], "parent", "sibling"] }]
-  no-async-promise-executor: off
-
-settings:
-  import/resolver:
-    typescript:
-      alwaysTryTypes: true

.git-blame-ignore-revs

@@ -0,0 +1,2 @@
+# Prettier 3.4.2
+9b0340a09276f93c054d705d1b9a5f24cc5dbc97

.github/ISSUE_TEMPLATE/bug-report.yml

@@ -1,6 +1,5 @@
 name: Bug report
 description: File a bug report
-title: "[Bug]: "
 labels: ["bug", "triage"]
 body:
   - type: checkboxes
@@ -10,6 +9,7 @@ body:
       options:
         - label: I have searched the existing issues
           required: true
+
   - type: textarea
     attributes:
       label: OS/Web Information
@@ -20,6 +20,8 @@ body:
           - **Remote OS**: Ubuntu
           - **Remote Architecture**: amd64
           - **`code-server --version`**: 4.0.1
+
+        Please do not just put "latest" for the version.
       value: |
         - Web Browser:
         - Local OS:
@@ -28,55 +30,74 @@ body:
         - `code-server --version`:
     validations:
       required: true
+
   - type: textarea
     attributes:
       label: Steps to Reproduce
       description: |
-        1. open code-server
-        2. install extension
-        3. run command
+        Please describe exactly how to reproduce the bug. For example:
+        1. Open code-server in Firefox
+        2. Install extension `foo.bar` from the extensions sidebar
+        3. Run command `foo.bar.baz`
       value: |
         1.
         2.
         3.
     validations:
       required: true
+
   - type: textarea
     attributes:
       label: Expected
       description: What should happen?
     validations:
       required: true
+
   - type: textarea
     attributes:
       label: Actual
       description: What actually happens?
     validations:
       required: true
+
   - type: textarea
     id: logs
     attributes:
       label: Logs
-      description: Run code-server with the --verbose flag and then paste any relevant logs from the server, from the browser console and/or the browser network tab. For issues with installation, include installation logs (i.e. output of `yarn global add code-server`).
+      description: Run code-server with the --verbose flag and then paste any relevant logs from the server, from the browser console and/or the browser network tab. For issues with installation, include installation logs (i.e. output of `npm install -g code-server`).
+      render: shell
+
   - type: textarea
     attributes:
       label: Screenshot/Video
       description: Please include a screenshot, gif or screen recording of your issue.
     validations:
       required: false
-  - type: checkboxes
+
+  - type: dropdown
     attributes:
-      label: Does this issue happen in VS Code or GitHub Codespaces?
-      description: Please try reproducing this issue in VS Code and GitHub Codespaces. If the bug reproduces in either VS Code or GitHub Codespaces, please submit the issue upstream instead (https://github.com/microsoft/vscode).
+      label: Does this bug reproduce in native VS Code?
+      description: If the bug reproduces in native VS Code, submit the issue upstream instead (https://github.com/microsoft/vscode).
       options:
-        - label: I tested this in native VS Code.
-          required: false
-        - label: This does not happen in native VS Code.
-          required: false
-        - label: I tested this in GitHub Codespaces.
-          required: false
-        - label: This does not happen in GitHub Codespaces.
-          required: false
+        - Yes, this is also broken in native VS Code
+        - No, this works as expected in native VS Code
+        - This cannot be tested in native VS Code
+        - I did not test native VS Code
+    validations:
+      required: true
+
+  - type: dropdown
+    attributes:
+      label: Does this bug reproduce in GitHub Codespaces?
+      description: If the bug reproduces in GitHub Codespaces, submit the issue upstream instead (https://github.com/microsoft/vscode).
+      options:
+        - Yes, this is also broken in GitHub Codespaces
+        - No, this works as expected in GitHub Codespaces
+        - This cannot be tested in GitHub Codespaces
+        - I did not test GitHub Codespaces
+    validations:
+      required: true
+
   - type: checkboxes
     attributes:
       label: Are you accessing code-server over a secure context?
@@ -84,6 +105,7 @@ body:
       options:
         - label: I am using a secure context.
           required: false
+
   - type: textarea
     attributes:
       label: Notes

.github/ISSUE_TEMPLATE/doc.md

@@ -1,9 +1,7 @@
 ---
 name: Documentation improvement
 about: Suggest a documentation improvement
-title: "[Docs]: "
 labels: "docs"
-assignees: "@jsjoeio"
 ---
 
 ## What is your suggestion?

.github/ISSUE_TEMPLATE/feature-request.md

@@ -1,9 +1,7 @@
 ---
 name: Feature request
 about: Suggest an idea to improve code-server
-title: "[Feat]: "
 labels: enhancement
-assignees: ""
 ---
 
 ## What is your suggestion?

.github/PULL_REQUEST_TEMPLATE/release_template.md

@@ -1,17 +0,0 @@
-<!-- Note: this variable $CODE_SERVER_VERSION_TO_UPDATE will be set when you run the release-prep.sh script with `yarn release:prep` -->
-
-This PR is to generate a new release of `code-server` at `$CODE_SERVER_VERSION_TO_UPDATE`
-
-## Screenshot
-
-TODO
-
-## TODOs
-
-Follow "Publishing a release" steps in `ci/README.md`
-
-<!-- Note some of these steps below are redundant since they're listed in the "Publishing a release" docs -->
-
-- [ ] update `CHANGELOG.md`
-- [ ] manually run "Draft release" workflow after merging this PR
-- [ ] merge PR opened in [code-server-aur](https://github.com/coder/code-server-aur)

.github/ranger.yml

@@ -1,29 +0,0 @@
-# Configuration for the repo ranger bot
-# See docs: https://www.notion.so/Documentation-8d7627bb1f3c42b7b1820e8d6f157a57#9879d1374fab4d1f9c607c230fd5123d
-default:
-  close:
-    # Default time to wait before closing the label. Can either be a number in milliseconds
-    # or a string specified by the `ms` package (https://www.npmjs.com/package/ms)
-    delay: "2 days"
-
-    # Default comment to post when an issue is first marked with a closing label
-    comment: "⚠️ This issue has been marked $LABEL and will be closed in $DELAY."
-
-labels:
-  duplicate: close
-  wontfix: close
-  "squash when passing": merge
-  "rebase when passing": merge
-  "merge when passing": merge
-  "new contributor":
-    action: comment
-    delay: 5s
-    message: "Thanks for making your first contribution! :slightly_smiling_face:"
-  "upstream:vscode":
-    action: close
-    delay: 5s
-    comment: >
-      This issue has been marked as 'upstream:vscode'.
-      Please file this upstream: [link to open issue](https://github.com/microsoft/vscode/issues/new/choose)
-
-      This issue will automatically close in $DELAY.

.github/workflows/build.yaml

@@ -19,240 +19,181 @@ concurrency:
 # this ensures that it only executes if all previous jobs succeeded.
 
 # if: steps.cache-node-modules.outputs.cache-hit != 'true'
-# will skip running `yarn install` if it successfully fetched from cache
+# will skip running `npm install` if it successfully fetched from cache
 
 jobs:
-  prettier:
-    name: Format with Prettier
-    runs-on: ubuntu-20.04
-    timeout-minutes: 5
+  changes:
+    runs-on: ubuntu-latest
+    outputs:
+      ci: ${{ steps.filter.outputs.ci }}
+      code: ${{ steps.filter.outputs.code }}
+      deps: ${{ steps.filter.outputs.deps }}
+      docs: ${{ steps.filter.outputs.docs }}
+      helm: ${{ steps.filter.outputs.helm }}
     steps:
       - name: Checkout repo
         uses: actions/checkout@v4
-
-      - name: Run prettier with actionsx/prettier
-        uses: actionsx/prettier@v3
+      - name: Check changed files
+        uses: dorny/paths-filter@v3
+        id: filter
         with:
-          args: --check --loglevel=warn .
+          filters: |
+            ci:
+              - ".github/**"
+              - "ci/**"
+            docs:
+              - "docs/**"
+              - "README.md"
+              - "CHANGELOG.md"
+            helm:
+              - "ci/helm-chart/**"
+            code:
+              - "src/**"
+              - "test/**"
+            deps:
+              - "lib/**"
+              - "patches/**"
+              - "package-lock.json"
+              - "test/package-lock.json"
+      - id: debug
+        run: |
+          echo "${{ toJSON(steps.filter )}}"
+
+  prettier:
+    name: Run prettier check
+    runs-on: ubuntu-22.04
+    timeout-minutes: 5
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version-file: .node-version
+          cache: npm
+          cache-dependency-path: |
+            package-lock.json
+            test/package-lock.json
+      - run: SKIP_SUBMODULE_DEPS=1 npm ci
+      - run: npx prettier --check .
 
   doctoc:
     name: Doctoc markdown files
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     timeout-minutes: 5
+    needs: changes
+    if: needs.changes.outputs.docs == 'true'
     steps:
-      - name: Checkout repo
-        uses: actions/checkout@v4
-
-      - name: Get changed files
-        id: changed-files
-        uses: tj-actions/changed-files@v42
-        with:
-          files: |
-            docs/**
-
-      - name: Install Node.js
-        if: steps.changed-files.outputs.any_changed == 'true'
-        uses: actions/setup-node@v4
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
         with:
           node-version-file: .node-version
-          cache: "yarn"
-
-      - name: Install doctoc
-        run: yarn global add doctoc@2.2.1
-
-      - name: Run doctoc
-        if: steps.changed-files.outputs.any_changed == 'true'
-        run: yarn doctoc
+          cache: npm
+          cache-dependency-path: |
+            package-lock.json
+            test/package-lock.json
+      - run: SKIP_SUBMODULE_DEPS=1 npm ci
+      - run: npm run doctoc
 
   lint-helm:
     name: Lint Helm chart
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     timeout-minutes: 5
+    needs: changes
+    if: needs.changes.outputs.helm == 'true'
     steps:
-      - name: Checkout repo
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 2
-
-      - name: Get changed files
-        id: changed-files
-        uses: tj-actions/changed-files@v42
-        with:
-          files: |
-            ci/helm-chart/**
-
-      - name: Install helm
-        if: steps.changed-files.outputs.any_changed == 'true'
-        uses: azure/setup-helm@v3.5
+      - uses: actions/checkout@v4
+      - uses: azure/setup-helm@v4
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Install helm kubeval plugin
-        if: steps.changed-files.outputs.any_changed == 'true'
-        run: helm plugin install https://github.com/instrumenta/helm-kubeval
-
-      - name: Lint Helm chart
-        if: steps.changed-files.outputs.any_changed == 'true'
-        run: helm kubeval ci/helm-chart
+      - run: helm plugin install https://github.com/instrumenta/helm-kubeval
+      - run: helm kubeval ci/helm-chart
 
   lint-ts:
     name: Lint TypeScript files
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     timeout-minutes: 5
+    needs: changes
+    if: needs.changes.outputs.code == 'true'
     steps:
-      - name: Checkout repo
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 2
-
-      - name: Get changed files
-        id: changed-files
-        uses: tj-actions/changed-files@v42
-        with:
-          files: |
-            **/*.ts
-            **/*.js
-          files_ignore: |
-            lib/vscode/**
-
-      - name: Install Node.js
-        if: steps.changed-files.outputs.any_changed == 'true'
-        uses: actions/setup-node@v4
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
         with:
           node-version-file: .node-version
-
-      - name: Fetch dependencies from cache
-        if: steps.changed-files.outputs.any_changed == 'true'
-        id: cache-node-modules
-        uses: actions/cache@v4
-        with:
-          path: "**/node_modules"
-          key: yarn-build-${{ hashFiles('**/yarn.lock') }}
-          restore-keys: |
-            yarn-build-
-
-      - name: Install dependencies
-        if: steps.changed-files.outputs.any_changed == 'true' && steps.cache-node-modules.outputs.cache-hit != 'true'
-        run: SKIP_SUBMODULE_DEPS=1 yarn --frozen-lockfile
-
-      - name: Lint TypeScript files
-        if: steps.changed-files.outputs.any_changed == 'true'
-        run: yarn lint:ts
+          cache: npm
+          cache-dependency-path: |
+            package-lock.json
+            test/package-lock.json
+      - run: SKIP_SUBMODULE_DEPS=1 npm ci
+      - run: npm run lint:ts
 
   lint-actions:
     name: Lint GitHub Actions
     runs-on: ubuntu-latest
+    needs: changes
+    if: needs.changes.outputs.ci == 'true'
     steps:
       - name: Checkout repo
         uses: actions/checkout@v4
       - name: Check workflow files
         run: |
-          bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/7fdc9630cc360ea1a469eed64ac6d78caeda1234/scripts/download-actionlint.bash)
+          bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash) 1.7.1
           ./actionlint -color -shellcheck= -ignore "set-output"
         shell: bash
 
   test-unit:
     name: Run unit tests
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     timeout-minutes: 5
+    needs: changes
+    if: needs.changes.outputs.code == 'true'
     steps:
-      - name: Checkout repo
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 2
-
-      - name: Get changed files
-        id: changed-files
-        uses: tj-actions/changed-files@v42
-        with:
-          files: |
-            **/*.ts
-          files_ignore: |
-            lib/vscode/**
-
-      - name: Install Node.js
-        if: steps.changed-files.outputs.any_changed == 'true'
-        uses: actions/setup-node@v4
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
         with:
           node-version-file: .node-version
-
-      - name: Fetch dependencies from cache
-        if: steps.changed-files.outputs.any_changed == 'true'
-        id: cache-node-modules
-        uses: actions/cache@v4
-        with:
-          path: "**/node_modules"
-          key: yarn-build-${{ hashFiles('**/yarn.lock') }}
-          restore-keys: |
-            yarn-build-
-
-      - name: Install dependencies
-        if: steps.changed-files.outputs.any_changed == 'true' && steps.cache-node-modules.outputs.cache-hit != 'true'
-        run: SKIP_SUBMODULE_DEPS=1 yarn --frozen-lockfile
-
-      - name: Run unit tests
-        if: steps.changed-files.outputs.any_changed == 'true'
-        run: yarn test:unit
-
-      - name: Upload coverage report to Codecov
-        uses: codecov/codecov-action@v4
+          cache: npm
+          cache-dependency-path: |
+            package-lock.json
+            test/package-lock.json
+      - run: SKIP_SUBMODULE_DEPS=1 npm ci
+      - run: npm run test:unit
+      - uses: codecov/codecov-action@v5
+        if: success()
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
-        if: success()
 
   build:
     name: Build code-server
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     timeout-minutes: 60
     env:
       CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
+      DISABLE_V8_COMPILE_CACHE: 1
     steps:
-      - name: Checkout repo
-        uses: actions/checkout@v4
+      - uses: actions/checkout@v4
         with:
           submodules: true
-
-      - name: Install system dependencies
-        run: sudo apt update && sudo apt install -y libkrb5-dev
-
-      - name: Install quilt
-        uses: awalsh128/cache-apt-pkgs-action@latest
+      - run: sudo apt update && sudo apt install -y libkrb5-dev
+      - uses: awalsh128/cache-apt-pkgs-action@latest
         with:
           packages: quilt
           version: 1.0
-
-      - name: Patch Code
-        run: quilt push -a
-
-      - name: Install Node.js
-        uses: actions/setup-node@v4
+      - run: quilt push -a
+      - uses: actions/setup-node@v4
         with:
           node-version-file: .node-version
-
-      - name: Fetch dependencies from cache
-        id: cache-node-modules
-        uses: actions/cache@v4
-        with:
-          path: "**/node_modules"
-          key: yarn-build-code-server-${{ hashFiles('**/yarn.lock') }}
-          restore-keys: |
-            yarn-build-code-server-
-
-      - name: Install dependencies
-        if: steps.cache-node-modules.outputs.cache-hit != 'true'
-        run: yarn --frozen-lockfile
-
-      - name: Build code-server
+          cache: npm
+          cache-dependency-path: |
+            package-lock.json
+            test/package-lock.json
+      - run: SKIP_SUBMODULE_DEPS=1 npm ci
+      - run: npm run build
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: yarn build
-
       # Get Code's git hash.  When this changes it means the content is
       # different and we need to rebuild.
       - name: Get latest lib/vscode rev
         id: vscode-rev
         run: echo "rev=$(git rev-parse HEAD:./lib/vscode)" >> $GITHUB_OUTPUT
-
       # We need to rebuild when we have a new version of Code, when any of
       # the patches changed, or when the code-server version changes (since
       # it gets embedded into the code).  Use VSCODE_CACHE_VERSION to
@@ -263,134 +204,86 @@ jobs:
         with:
           path: lib/vscode-reh-web-*
           key: vscode-reh-package-${{ secrets.VSCODE_CACHE_VERSION }}-${{ steps.vscode-rev.outputs.rev }}-${{ hashFiles('patches/*.diff', 'ci/build/build-vscode.sh') }}
-
       - name: Build vscode
         env:
           VERSION: "0.0.0"
         if: steps.cache-vscode.outputs.cache-hit != 'true'
-        run: yarn build:vscode
-
+        run: |
+          pushd lib/vscode
+          npm ci
+          popd
+          npm run build:vscode
       # The release package does not contain any native modules
       # and is neutral to architecture/os/libc version.
-      - name: Create release package
-        run: yarn release
+      - run: npm run release
         if: success()
-
       # https://github.com/actions/upload-artifact/issues/38
-      - name: Compress release package
-        run: tar -czf package.tar.gz release
-
-      - name: Upload npm package artifact
-        uses: actions/upload-artifact@v4
+      - run: tar -czf package.tar.gz release
+      - uses: actions/upload-artifact@v4
         with:
           name: npm-package
           path: ./package.tar.gz
 
   test-e2e:
     name: Run e2e tests
-    needs: build
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     timeout-minutes: 25
+    needs: [changes, build]
+    if: needs.changes.outputs.code == 'true' || needs.changes.outputs.deps == 'true'
     steps:
-      - name: Checkout repo
-        uses: actions/checkout@v4
-
-      - name: Install system dependencies
-        run: sudo apt update && sudo apt install -y libkrb5-dev
-
-      - name: Install Node.js
-        uses: actions/setup-node@v4
+      - uses: actions/checkout@v4
+      - run: sudo apt update && sudo apt install -y libkrb5-dev
+      - uses: actions/setup-node@v4
         with:
           node-version-file: .node-version
-
-      - name: Fetch dependencies from cache
-        id: cache-node-modules
-        uses: actions/cache@v4
-        with:
-          path: "**/node_modules"
-          key: yarn-build-${{ hashFiles('**/yarn.lock') }}
-          restore-keys: |
-            yarn-build-
-
-      - name: Download npm package
-        uses: actions/download-artifact@v4
+          cache: npm
+          cache-dependency-path: |
+            package-lock.json
+            test/package-lock.json
+      - run: SKIP_SUBMODULE_DEPS=1 npm ci
+      - uses: actions/download-artifact@v4
         with:
           name: npm-package
-
-      - name: Decompress npm package
-        run: tar -xzf package.tar.gz
-
-      - name: Install release package dependencies
-        run: cd release && npm install --unsafe-perm --omit=dev
-
-      - name: Install dependencies
-        if: steps.cache-node-modules.outputs.cache-hit != 'true'
-        run: SKIP_SUBMODULE_DEPS=1 yarn --frozen-lockfile
-
+      - run: tar -xzf package.tar.gz
+      - run: cd release && npm install --unsafe-perm --omit=dev
       - name: Install Playwright OS dependencies
         run: |
           ./test/node_modules/.bin/playwright install-deps
           ./test/node_modules/.bin/playwright install
-
-      - name: Run end-to-end tests
-        run: CODE_SERVER_TEST_ENTRY=./release yarn test:e2e
-
-      - name: Upload test artifacts
+      - run: CODE_SERVER_TEST_ENTRY=./release npm run test:e2e
+      - uses: actions/upload-artifact@v4
         if: always()
-        uses: actions/upload-artifact@v4
         with:
           name: failed-test-videos
           path: ./test/test-results
-
-      - name: Remove release packages and test artifacts
-        run: rm -rf ./release ./test/test-results
+      - run: rm -rf ./release ./test/test-results
 
   test-e2e-proxy:
     name: Run e2e tests behind proxy
-    needs: build
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     timeout-minutes: 25
+    needs: [changes, build]
+    if: needs.changes.outputs.code == 'true' || needs.changes.outputs.deps == 'true'
     steps:
-      - name: Checkout repo
-        uses: actions/checkout@v4
-
-      - name: Install system dependencies
-        run: sudo apt update && sudo apt install -y libkrb5-dev
-
-      - name: Install Node.js
-        uses: actions/setup-node@v4
+      - uses: actions/checkout@v4
+      - run: sudo apt update && sudo apt install -y libkrb5-dev
+      - uses: actions/setup-node@v4
         with:
           node-version-file: .node-version
-
-      - name: Fetch dependencies from cache
-        id: cache-node-modules
-        uses: actions/cache@v4
-        with:
-          path: "**/node_modules"
-          key: yarn-build-${{ hashFiles('**/yarn.lock') }}
-          restore-keys: |
-            yarn-build-
-
-      - name: Download npm package
-        uses: actions/download-artifact@v4
+          cache: npm
+          cache-dependency-path: |
+            package-lock.json
+            test/package-lock.json
+      - run: SKIP_SUBMODULE_DEPS=1 npm ci
+      - uses: actions/download-artifact@v4
         with:
           name: npm-package
-
-      - name: Decompress npm package
-        run: tar -xzf package.tar.gz
-
-      - name: Install release package dependencies
-        run: cd release && npm install --unsafe-perm --omit=dev
-
-      - name: Install dependencies
-        if: steps.cache-node-modules.outputs.cache-hit != 'true'
-        run: SKIP_SUBMODULE_DEPS=1 yarn --frozen-lockfile
-
+      - run: tar -xzf package.tar.gz
+      - run: cd release && npm install --unsafe-perm --omit=dev
       - name: Install Playwright OS dependencies
         run: |
           ./test/node_modules/.bin/playwright install-deps
           ./test/node_modules/.bin/playwright install
-
       - name: Cache Caddy
         uses: actions/cache@v4
         id: caddy-cache
@@ -398,7 +291,6 @@ jobs:
           path: |
             ~/.cache/caddy
           key: cache-caddy-2.5.2
-
       - name: Install Caddy
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -407,23 +299,13 @@ jobs:
           gh release download v2.5.2 --repo caddyserver/caddy --pattern "caddy_2.5.2_linux_amd64.tar.gz"
           mkdir -p ~/.cache/caddy
           tar -xzf caddy_2.5.2_linux_amd64.tar.gz --directory ~/.cache/caddy
-
-      - name: Start Caddy
-        run: sudo ~/.cache/caddy/caddy start --config ./ci/Caddyfile
-
-      - name: Run end-to-end tests
-        run: CODE_SERVER_TEST_ENTRY=./release yarn test:e2e:proxy --global-timeout 840000
-
-      - name: Stop Caddy
+      - run: ~/.cache/caddy/caddy start --config ./ci/Caddyfile
+      - run: CODE_SERVER_TEST_ENTRY=./release npm run test:e2e:proxy
+      - run: ~/.cache/caddy/caddy stop --config ./ci/Caddyfile
         if: always()
-        run: sudo ~/.cache/caddy/caddy stop --config ./ci/Caddyfile
 
-      - name: Upload test artifacts
+      - uses: actions/upload-artifact@v4
         if: always()
-        uses: actions/upload-artifact@v4
         with:
           name: failed-test-videos-proxy
           path: ./test/test-results
-
-      - name: Remove release packages and test artifacts
-        run: rm -rf ./release ./test/test-results

.github/workflows/publish.yaml

@@ -21,8 +21,6 @@ concurrency:
   cancel-in-progress: ${{ github.event_name == 'pull_request' }}
 
 jobs:
-  # NOTE: this job requires curl, jq and yarn
-  # All of them are included in ubuntu-latest.
   npm:
     runs-on: ubuntu-latest
     steps:
@@ -33,25 +31,22 @@ jobs:
         uses: actions/setup-node@v4
         with:
           node-version-file: .node-version
-          cache: "yarn"
 
       - name: Download npm package from release artifacts
-        uses: robinraju/release-downloader@v1.9
+        uses: robinraju/release-downloader@v1.12
         with:
           repository: "coder/code-server"
           tag: ${{ github.event.inputs.version || github.ref_name }}
           fileName: "package.tar.gz"
           out-file-path: "release-npm-package"
 
-      # NOTE@jsjoeio - we do this so we can strip out the v
-      # i.e. v4.9.1 -> 4.9.1
+      # Strip out the v (v4.9.1 -> 4.9.1).
       - name: Get and set VERSION
         run: |
           TAG="${{ github.event.inputs.version || github.ref_name }}"
           echo "VERSION=${TAG#v}" >> $GITHUB_ENV
 
-      - name: Publish npm package and tag with "latest"
-        run: yarn publish:npm
+      - run: npm run publish:npm
         env:
           VERSION: ${{ env.VERSION }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -77,8 +72,7 @@ jobs:
           git config --global user.name cdrci
           git config --global user.email opensource@coder.com
 
-      # NOTE@jsjoeio - we do this so we can strip out the v
-      # i.e. v4.9.1 -> 4.9.1
+      # Strip out the v (v4.9.1 -> 4.9.1).
       - name: Get and set VERSION
         run: |
           TAG="${{ github.event.inputs.version || github.ref_name }}"
@@ -92,7 +86,6 @@ jobs:
         run: ./ci/steps/brew-bump.sh
 
   aur:
-    needs: npm
     runs-on: ubuntu-latest
     timeout-minutes: 10
     env:
@@ -124,15 +117,14 @@ jobs:
           git config --global user.name cdrci
           git config --global user.email opensource@coder.com
 
-      # NOTE@jsjoeio - we do this so we can strip out the v
-      # i.e. v4.9.1 -> 4.9.1
+      # Strip out the v (v4.9.1 -> 4.9.1).
       - name: Get and set VERSION
         run: |
           TAG="${{ github.event.inputs.version || github.ref_name }}"
           echo "VERSION=${TAG#v}" >> $GITHUB_ENV
 
       - name: Validate package
-        uses: hapakaien/archlinux-package-action@v2
+        uses: heyhusen/archlinux-package-action@v2.4.0
         env:
           VERSION: ${{ env.VERSION }}
         with:
@@ -151,8 +143,9 @@ jobs:
           git commit -m "chore: updating version to ${{ env.VERSION }}"
           git push -u origin $(git branch --show)
           gh pr create --repo coder/code-server-aur --title "chore: bump version to ${{ env.VERSION }}" --body "PR opened by @$GITHUB_ACTOR" --assignee $GITHUB_ACTOR
+
   docker:
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-latest
     steps:
       - name: Checkout code-server
         uses: actions/checkout@v4
@@ -176,21 +169,28 @@ jobs:
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      # NOTE@jsjoeio - we do this so we can strip out the v
-      # i.e. v4.9.1 -> 4.9.1
+      # Strip out the v (v4.9.1 -> 4.9.1).
       - name: Get and set VERSION
         run: |
           TAG="${{ github.event.inputs.version || github.ref_name }}"
           echo "VERSION=${TAG#v}" >> $GITHUB_ENV
 
-      - name: Download release artifacts
-        uses: robinraju/release-downloader@v1.9
+      - name: Download deb artifacts
+        uses: robinraju/release-downloader@v1.12
         with:
           repository: "coder/code-server"
           tag: v${{ env.VERSION }}
           fileName: "*.deb"
           out-file-path: "release-packages"
 
+      - name: Download rpm artifacts
+        uses: robinraju/release-downloader@v1.12
+        with:
+          repository: "coder/code-server"
+          tag: v${{ env.VERSION }}
+          fileName: "*.rpm"
+          out-file-path: "release-packages"
+
       - name: Publish to Docker
         run: ./ci/steps/docker-buildx-push.sh
         env:

.github/workflows/release.yaml

@@ -19,102 +19,27 @@ concurrency:
   cancel-in-progress: ${{ github.event_name == 'pull_request' }}
 
 jobs:
-  # TODO: cache building yarn --production
-  # possibly 2m30s of savings(?)
-  # this requires refactoring our release scripts
-  package-linux-amd64:
-    name: x86-64 Linux build
-    runs-on: ubuntu-latest
-    timeout-minutes: 15
-    needs: npm-version
-    container: "centos:8"
-    env:
-      CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
-
-    steps:
-      - name: Checkout repo
-        uses: actions/checkout@v4
-
-      - name: Install Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version-file: .node-version
-
-      - name: Install development tools
-        run: |
-          cd /etc/yum.repos.d/
-          sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-*
-          sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-*
-          yum install -y gcc-c++ make jq rsync python3 libsecret-devel krb5-devel
-
-      - name: Install nfpm and envsubst
-        run: |
-          mkdir -p ~/.local/bin
-          curl -sSfL https://github.com/goreleaser/nfpm/releases/download/v2.22.2/nfpm_2.22.2_`uname -s`_`uname -m`.tar.gz | tar -C ~/.local/bin -zxv nfpm
-          curl -sSfL https://github.com/a8m/envsubst/releases/download/v1.1.0/envsubst-`uname -s`-`uname -m` -o envsubst
-          chmod +x envsubst
-          mv envsubst ~/.local/bin
-          echo "$HOME/.local/bin" >> $GITHUB_PATH
-
-      - name: Install yarn
-        run: npm install -g yarn
-
-      - name: Download npm package
-        uses: actions/download-artifact@v4
-        with:
-          name: npm-release-package
-
-      - name: Decompress npm package
-        run: tar -xzf package.tar.gz
-
-      - name: Build standalone release
-        run: npm run release:standalone
-
-      - name: Install test dependencies
-        run: SKIP_SUBMODULE_DEPS=1 yarn --frozen-lockfile
-
-      - name: Run integration tests on standalone release
-        run: yarn test:integration
-
-      - name: Upload coverage report to Codecov
-        uses: codecov/codecov-action@v4
-        with:
-          token: ${{ secrets.CODECOV_TOKEN }}
-        if: success()
-
-      # NOTE@jsjoeio - we do this so we can strip out the v
-      # i.e. v4.9.1 -> 4.9.1
-      - name: Get and set VERSION
-        run: |
-          TAG="${{ inputs.version || github.ref_name }}"
-          echo "VERSION=${TAG#v}" >> $GITHUB_ENV
-
-      - name: Build packages with nfpm
-        env:
-          VERSION: ${{ env.VERSION }}
-        run: yarn package
-
-      - uses: softprops/action-gh-release@v1
-        with:
-          draft: true
-          discussion_category_name: "📣 Announcements"
-          files: ./release-packages/*
-
   package-linux-cross:
-    name: Linux cross-compile builds
+    name: ${{ matrix.prefix }}
     runs-on: ubuntu-latest
     timeout-minutes: 15
     needs: npm-version
-    container: "debian:buster"
+    container: "python:3.8-slim-buster"
     strategy:
       matrix:
         include:
+          - prefix: x86_64-linux-gnu
+            npm_arch: x64
+            apt_arch: amd64
+            package_arch: amd64
           - prefix: aarch64-linux-gnu
             npm_arch: arm64
             apt_arch: arm64
+            package_arch: arm64
           - prefix: arm-linux-gnueabihf
             npm_arch: armv7l
             apt_arch: armhf
+            package_arch: armv7l
 
     env:
       AR: ${{ format('{0}-ar', matrix.prefix) }}
@@ -128,6 +53,7 @@ jobs:
       PKG_CONFIG_PATH: ${{ format('/usr/lib/{0}/pkgconfig', matrix.prefix) }}
       TARGET_ARCH: ${{ matrix.apt_arch }}
       npm_config_arch: ${{ matrix.npm_arch }}
+      PKG_ARCH: ${{ matrix.package_arch }}
       # Not building from source results in an x86_64 argon2, as if
       # npm_config_arch is being ignored.
       npm_config_build_from_source: true
@@ -140,11 +66,16 @@ jobs:
         uses: actions/setup-node@v4
         with:
           node-version-file: .node-version
+          cache: npm
+          cache-dependency-path: |
+            package-lock.json
+            test/package-lock.json
 
       - name: Install cross-compiler and system dependencies
         run: |
+          sed -i 's/deb\.debian\.org/archive.debian.org/g' /etc/apt/sources.list
           dpkg --add-architecture $TARGET_ARCH
-          apt-get update && apt-get install -y --no-install-recommends \
+          apt update && apt install -y --no-install-recommends \
             crossbuild-essential-$TARGET_ARCH \
             libx11-dev:$TARGET_ARCH \
             libx11-xcb-dev:$TARGET_ARCH \
@@ -154,6 +85,8 @@ jobs:
             ca-certificates \
             curl wget rsync gettext-base
 
+      - run: SKIP_SUBMODULE_DEPS=1 npm ci
+
       - name: Install nfpm
         run: |
           mkdir -p ~/.local/bin
@@ -165,11 +98,8 @@ jobs:
         with:
           name: npm-release-package
 
-      - name: Decompress npm package
-        run: tar -xzf package.tar.gz
-
-      - name: Build standalone release
-        run: npm run release:standalone
+      - run: tar -xzf package.tar.gz
+      - run: npm run release:standalone
 
       - name: Replace node with cross-compile equivalent
         run: |
@@ -178,17 +108,15 @@ jobs:
           tar -xf node-${node_version}-linux-${npm_config_arch}.tar.xz node-${node_version}-linux-${npm_config_arch}/bin/node --strip-components=2
           mv ./node ./release-standalone/lib/node
 
-      # NOTE@jsjoeio - we do this so we can strip out the v
-      # i.e. v4.9.1 -> 4.9.1
+      # Strip out the v (v4.9.1 -> 4.9.1).
       - name: Get and set VERSION
         run: |
           TAG="${{ inputs.version || github.ref_name }}"
           echo "VERSION=${TAG#v}" >> $GITHUB_ENV
 
-      - name: Build packages with nfpm
-        env:
+      - env:
           VERSION: ${{ env.VERSION }}
-        run: npm run package ${npm_config_arch}
+        run: npm run package $PKG_ARCH
 
       - uses: softprops/action-gh-release@v1
         with:
@@ -198,9 +126,12 @@ jobs:
 
   package-macos-amd64:
     name: x86-64 macOS build
-    runs-on: macos-latest
+    runs-on: macos-13
     timeout-minutes: 15
     needs: npm-version
+    env:
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
     steps:
       - name: Checkout repo
         uses: actions/checkout@v4
@@ -209,6 +140,12 @@ jobs:
         uses: actions/setup-node@v4
         with:
           node-version-file: .node-version
+          cache: npm
+          cache-dependency-path: |
+            package-lock.json
+            test/package-lock.json
+
+      - run: SKIP_SUBMODULE_DEPS=1 npm ci
 
       - name: Install nfpm
         run: |
@@ -220,28 +157,18 @@ jobs:
       # in Python 3.12.  It seems to be fixed in the latest node-gyp so when we
       # next update Node we can probably remove this.  For now, install
       # setuptools since it contains distutils.
-      - name: Install Python utilities
-        run: python3 -m pip install setuptools
+      - run: brew install python-setuptools
 
       - name: Download npm package
         uses: actions/download-artifact@v4
         with:
           name: npm-release-package
 
-      - name: Decompress npm package
-        run: tar -xzf package.tar.gz
+      - run: tar -xzf package.tar.gz
+      - run: npm run release:standalone
+      - run: npm run test:native
 
-      - name: Build standalone release
-        run: npm run release:standalone
-
-      - name: Install test dependencies
-        run: SKIP_SUBMODULE_DEPS=1 yarn install
-
-      - name: Run native module tests on standalone release
-        run: yarn test:native
-
-      # NOTE@jsjoeio - we do this so we can strip out the v
-      # i.e. v4.9.1 -> 4.9.1
+      # Strip out the v (v4.9.1 -> 4.9.1).
       - name: Get and set VERSION
         run: |
           TAG="${{ inputs.version || github.ref_name }}"
@@ -250,7 +177,68 @@ jobs:
       - name: Build packages with nfpm
         env:
           VERSION: ${{ env.VERSION }}
-        run: yarn package
+        run: npm run package
+
+      - uses: softprops/action-gh-release@v1
+        with:
+          draft: true
+          discussion_category_name: "📣 Announcements"
+          files: ./release-packages/*
+
+  package-macos-arm64:
+    name: arm64 macOS build
+    runs-on: macos-latest
+    timeout-minutes: 15
+    needs: npm-version
+    env:
+      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v4
+
+      - name: Install Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version-file: .node-version
+          cache: npm
+          cache-dependency-path: |
+            package-lock.json
+            test/package-lock.json
+
+      - run: SKIP_SUBMODULE_DEPS=1 npm ci
+
+      - name: Install nfpm
+        run: |
+          mkdir -p ~/.local/bin
+          curl -sSfL https://github.com/goreleaser/nfpm/releases/download/v2.3.1/nfpm_2.3.1_`uname -s`_`uname -m`.tar.gz | tar -C ~/.local/bin -zxv nfpm
+          echo "$HOME/.local/bin" >> $GITHUB_PATH
+
+      # The version of node-gyp we use depends on distutils but it was removed
+      # in Python 3.12.  It seems to be fixed in the latest node-gyp so when we
+      # next update Node we can probably remove this.  For now, install
+      # setuptools since it contains distutils.
+      - run: brew install python-setuptools
+
+      - name: Download npm package
+        uses: actions/download-artifact@v4
+        with:
+          name: npm-release-package
+
+      - run: tar -xzf package.tar.gz
+      - run: npm run release:standalone
+      - run: npm run test:native
+
+      # Strip out the v (v4.9.1 -> 4.9.1).
+      - name: Get and set VERSION
+        run: |
+          TAG="${{ inputs.version || github.ref_name }}"
+          echo "VERSION=${TAG#v}" >> $GITHUB_ENV
+
+      - name: Build packages with nfpm
+        env:
+          VERSION: ${{ env.VERSION }}
+        run: npm run package
 
       - uses: softprops/action-gh-release@v1
         with:
@@ -281,7 +269,7 @@ jobs:
     timeout-minutes: 15
     steps:
       - name: Download artifacts
-        uses: dawidd6/action-download-artifact@v3
+        uses: dawidd6/action-download-artifact@v11
         id: download
         with:
           branch: ${{ github.ref }}
@@ -291,11 +279,9 @@ jobs:
           check_artifacts: false
           if_no_artifact_found: fail
 
-      - name: Decompress npm package
-        run: tar -xzf package.tar.gz
+      - run: tar -xzf package.tar.gz
 
-      # NOTE@jsjoeio - we do this so we can strip out the v
-      # i.e. v4.9.1 -> 4.9.1
+      # Strip out the v (v4.9.1 -> 4.9.1).
       - name: Get and set VERSION
         run: |
           TAG="${{ inputs.version || github.ref_name }}"
@@ -314,8 +300,7 @@ jobs:
           # Ensure it has the same permissions as before
           chmod 644 release/lib/vscode/product.json
 
-      - name: Compress release package
-        run: tar -czf package.tar.gz release
+      - run: tar -czf package.tar.gz release
 
       - name: Upload npm package artifact
         uses: actions/upload-artifact@v4

.github/workflows/security.yaml

@@ -19,7 +19,7 @@ concurrency:
   cancel-in-progress: ${{ github.event_name == 'pull_request' }}
 
 jobs:
-  audit-ci:
+  audit:
     name: Audit node modules
     runs-on: ubuntu-latest
     timeout-minutes: 15
@@ -34,12 +34,8 @@ jobs:
         with:
           node-version-file: .node-version
 
-      - name: Audit yarn for vulnerabilities
-        run: yarn audit
-        if: success()
-
       - name: Audit npm for vulnerabilities
-        run: npm shrinkwrap && npm audit
+        run: npm audit
         if: success()
 
   trivy-scan-repo:
@@ -47,7 +43,7 @@ jobs:
     permissions:
       contents: read # for actions/checkout to fetch code
       security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-22.04
     steps:
       - name: Checkout repo
         uses: actions/checkout@v4
@@ -55,7 +51,7 @@ jobs:
           fetch-depth: 0
 
       - name: Run Trivy vulnerability scanner in repo mode
-        uses: aquasecurity/trivy-action@d43c1f16c00cfd3978dde6c07f4bbcf9eb6993ca
+        uses: aquasecurity/trivy-action@dc5a429b52fcf669ce959baa2c2dd26090d2a6c4
         with:
           scan-type: "fs"
           scan-ref: "."
@@ -76,7 +72,7 @@ jobs:
       contents: read # for actions/checkout to fetch code
       security-events: write # for github/codeql-action/autobuild to send a status report
     name: Analyze with CodeQL