Merge branch 'main' into jsjoeio/nfpm-fix

* refactor: remove keytar dep in cross-compile

* refactor: try other keytar package

* refactor: remove keytar step in cross-compile

* fix: manually remove keytar

* try this first

* I think this is it

* Revert "I think this is it"

This reverts commit 5c566b0c01.

* okay this is it

* fixup

* try legacy peer

* remove keytar before standalone

* wrong path

* maybe

* revert: change *npm* back to npm*

* revert: don't uninstall keytar

* fix: use npm run standalone-release

* fixup formatting

* Revert "refactor: remove yarn.lock steps (#5850)"

This reverts commit 907747d394.

* fixup: remove the --exclude

* refactor: remove yarn.lock check

* try ddd in postinstall

* refactor: cache before release:standalone

* refactor: add os to cache key in release

* chore: formatting

* Update ci/build/npm-postinstall.sh

* fixup: formatting

.github/workflows/build.yaml

@@ -324,7 +324,7 @@ jobs:
         run: tar -xzf package.tar.gz
 
       - name: Install release package dependencies
-        run: cd release && yarn install
+        run: cd release && npm install --unsafe-perm --omit=dev
 
       - name: Install dependencies
         if: steps.cache-node-modules.outputs.cache-hit != 'true'
@@ -380,7 +380,7 @@ jobs:
         run: tar -xzf package.tar.gz
 
       - name: Install release package dependencies
-        run: cd release && yarn install
+        run: cd release && npm install --unsafe-perm --omit=dev
 
       - name: Install dependencies
         if: steps.cache-node-modules.outputs.cache-hit != 'true'

.github/workflows/publish.yaml

@@ -127,6 +127,8 @@ jobs:
 
       - name: Validate package
         uses: hapakaien/archlinux-package-action@v2
+        env:
+          VERSION: ${{ env.VERSION }}
         with:
           pkgver: ${{ env.VERSION }}
           updpkgsums: true

.github/workflows/release.yaml

@@ -44,11 +44,13 @@ jobs:
         run: |
           yum install -y epel-release centos-release-scl make
           yum install -y devtoolset-9-{make,gcc,gcc-c++} jq rsync python3
+          # for keytar
+          yum install -y libsecret-devel
 
       - name: Install nfpm and envsubst
         run: |
           mkdir -p ~/.local/bin
-          curl -sSfL https://github.com/goreleaser/nfpm/releases/download/v2.3.1/nfpm_2.3.1_`uname -s`_`uname -m`.tar.gz | tar -C ~/.local/bin -zxv nfpm
+          curl -sSfL https://github.com/goreleaser/nfpm/releases/download/v2.22.2/nfpm_2.22.2_`uname -s`_`uname -m`.tar.gz | tar -C ~/.local/bin -zxv nfpm
           curl -sSfL https://github.com/a8m/envsubst/releases/download/v1.1.0/envsubst-`uname -s`-`uname -m` -o envsubst
           chmod +x envsubst
           mv envsubst ~/.local/bin
@@ -68,19 +70,9 @@ jobs:
       # NOTE: && here is deliberate - GitHub puts each line in its own `.sh`
       # file when running inside a docker container.
       - name: Build standalone release
-        run: source scl_source enable devtoolset-9 && yarn release:standalone
+        run: source scl_source enable devtoolset-9 && npm run release:standalone
-
-      - name: Fetch dependencies from cache
-        id: cache-node-modules
-        uses: actions/cache@v3
-        with:
-          path: "**/node_modules"
-          key: yarn-build-${{ hashFiles('**/yarn.lock') }}
-          restore-keys: |
-            yarn-build-
 
       - name: Install test dependencies
-        if: steps.cache-node-modules.outputs.cache-hit != 'true'
         run: SKIP_SUBMODULE_DEPS=1 yarn --frozen-lockfile
 
       - name: Run integration tests on standalone release
@@ -127,11 +119,11 @@ jobs:
   # but this means we don't need to maintain a self-hosted runner!
 
   # NOTE@jsjoeio:
-  # We used to use 16.04 until GitHub deprecated it on September 20, 2021
+  # We used to use 18.04 until GitHub browned it out on December 15, 2022
-  # See here: https://github.com/actions/virtual-environments/pull/3862/files
+  # See here: https://github.com/actions/runner-images/issues/6002
   package-linux-cross:
     name: Linux cross-compile builds
-    runs-on: ubuntu-18.04
+    runs-on: ubuntu-20.04
     timeout-minutes: 15
     needs: npm-version
     strategy:
@@ -178,6 +170,8 @@ jobs:
       - name: Decompress npm package
         run: tar -xzf package.tar.gz
 
+      # NOTE@jsjoeio - npm fails here
+      # so use yarn
       - name: Build standalone release
         run: yarn release:standalone
 
@@ -234,19 +228,9 @@ jobs:
         run: tar -xzf package.tar.gz
 
       - name: Build standalone release
-        run: yarn release:standalone
+        run: npm run release:standalone
-
-      - name: Fetch dependencies from cache
-        id: cache-node-modules
-        uses: actions/cache@v3
-        with:
-          path: "**/node_modules"
-          key: yarn-build-${{ hashFiles('**/yarn.lock') }}
-          restore-keys: |
-            yarn-build-
 
       - name: Install test dependencies
-        if: steps.cache-node-modules.outputs.cache-hit != 'true'
         run: SKIP_SUBMODULE_DEPS=1 yarn install
 
       - name: Run native module tests on standalone release
@@ -299,8 +283,9 @@ jobs:
           branch: ${{ github.ref }}
           workflow: build.yaml
           workflow_conclusion: completed
-          check_artifacts: true
           name: npm-package
+          check_artifacts: false
+          if_no_artifact_found: fail
 
       - name: Decompress npm package
         run: tar -xzf package.tar.gz
@@ -321,7 +306,7 @@ jobs:
 
           echo "Updating version in lib/vscode/product.json"
           tmp=$(mktemp) 
-          jq '.codeServerVersion = "$VERSION"' release/lib/vscode/product.json > "$tmp" && mv "$tmp" release/lib/vscode/product.json
+          jq ".codeServerVersion = \"$VERSION\"" release/lib/vscode/product.json > "$tmp" && mv "$tmp" release/lib/vscode/product.json
           # Ensure it has the same permissions as before
           chmod 644 release/lib/vscode/product.json
 

CHANGELOG.md

@@ -20,14 +20,27 @@ Code v99.99.999
 
 -->
 
-## [4.9.0](https://github.com/coder/code-server/releases/tag/v4.9.0) - 2022-11-14
+## [4.9.0](https://github.com/coder/code-server/releases/tag/v4.9.0) - 2022-12-06
 
-Code v1.73.0
+Code v1.73.1
 
-WIP
+### Changed
 
-known issues: https://github.com/adobe/fetch/pull/318#issuecomment-1306070259
+- Upgraded to Code 1.73.1
-cert won't work for anyone using Ubuntu 22.04
+
+### Added
+
+- `/security.txt` added as a route with info on our security policy information thanks to @ghuntley
+
+### Fixed
+
+- Installing on majaro images should now work thanks to @MrPeacockNLB for
+  adding the `--noconfirm` flag in `install.sh`
+
+### Known Issues
+
+- `--cert` on Ubuntu 22.04: OpenSSL v3 is used which breaks `pem` meaning the
+  `--cert` feature will not work. [Reference](https://github.com/adobe/fetch/pull/318#issuecomment-1306070259)
 
 ## [4.8.3](https://github.com/coder/code-server/releases/tag/v4.8.3) - 2022-11-07
 

ci/build/nfpm.yaml

@@ -22,4 +22,4 @@ contents:
     dst: /usr/lib/systemd/user/code-server.service
 
   - src: ./release-standalone/*
-    dst: /usr/lib/code-server/
+    dst: /usr/lib/code-server

ci/build/npm-postinstall.sh

@@ -124,27 +124,18 @@ main() {
 }
 
 install_with_yarn_or_npm() {
+  echo "User agent: ${npm_config_user_agent-none}"
   # NOTE@edvincent: We want to keep using the package manager that the end-user was using to install the package.
   # This also ensures that when *we* run `yarn` in the development process, the yarn.lock file is used.
   case "${npm_config_user_agent-}" in
-    yarn*)
-      if [ -f "yarn.lock" ]; then
-        yarn --production --frozen-lockfile --no-default-rc
-      else
-        echo "yarn.lock file not present, not running in development mode. use npm to install code-server!"
-        exit 1
-      fi
-      ;;
     npm*)
-      if [ -f "yarn.lock" ]; then
+      # HACK: NPM's use of semver doesn't like resolving some peerDependencies that vscode (upstream) brings in the form of pre-releases.
-        echo "yarn.lock file present, running in development mode. use yarn to install code-server!"
+      # The legacy behavior doesn't complain about pre-releases being used, falling back to that for now.
-        exit 1
+      # See https://github.com//pull/5071
-      else
+      npm install --unsafe-perm --legacy-peer-deps --omit=dev
-        # HACK: NPM's use of semver doesn't like resolving some peerDependencies that vscode (upstream) brings in the form of pre-releases.
+      ;;
-        # The legacy behavior doesn't complain about pre-releases being used, falling back to that for now.
+    yarn*)
-        # See https://github.com//pull/5071
+      yarn --production --frozen-lockfile --no-default-rc
-        npm install --unsafe-perm --legacy-peer-deps --omit=dev
-      fi
       ;;
     *)
       echo "Could not determine which package manager is being used to install code-server"

ci/helm-chart/Chart.yaml

@@ -15,9 +15,9 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 3.3.3
+version: 3.4.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: 4.8.3
+appVersion: 4.9.0

ci/helm-chart/values.yaml

@@ -6,7 +6,7 @@ replicaCount: 1
 
 image:
   repository: codercom/code-server
-  tag: '4.8.3'
+  tag: '4.9.0'
   pullPolicy: Always
 
 # Specifies one or more secrets to be used when pulling images from a

package.json

@@ -83,7 +83,8 @@
     "nanoid": "^3.1.31",
     "minimist": "npm:minimist-lite@2.2.1",
     "glob-parent": "^6.0.1",
-    "@types/node": "^16.0.0"
+    "@types/node": "^16.0.0",
+    "qs": "^6.7.3"
   },
   "dependencies": {
     "@coder/logger": "^3.0.0",

src/node/wrapper.ts

@@ -147,7 +147,7 @@ abstract class Process {
  * Child process that will clean up after itself if the parent goes away and can
  * perform a handshake with the parent and ask it to relaunch.
  */
-class ChildProcess extends Process {
+export class ChildProcess extends Process {
   public logger = logger.named(`child:${process.pid}`)
 
   public constructor(private readonly parentPid: number) {

test/unit/node/wrapper.test.ts

@@ -1,5 +1,4 @@
-import { ChildProcess } from "child_process"
+import { ChildProcess, ParentProcess, isChild } from "../../../src/node/wrapper"
-import { ParentProcess, isChild } from "../../../src/node/wrapper"
 
 describe("wrapper", () => {
   describe("isChild", () => {
@@ -9,10 +8,7 @@ describe("wrapper", () => {
     })
   })
   it("should return false for parent process", () => {
-    const p = new ChildProcess()
+    const childProc = new ChildProcess(1)
-    // our ChildProcess isn't exported
+    expect(isChild(childProc)).toBe(true)
-    // and shouldn't be for a test so surpressing TS error.
-    // @ts-expect-error - see above
-    expect(isChild(p)).toBe(false)
   })
 })

yarn.lock

@@ -2812,18 +2812,13 @@ punycode@^2.1.0:
   resolved "https://registry.yarnpkg.com/punycode/-/punycode-2.1.1.tgz#b58b010ac40c22c5657616c8d2c2c02c7bf479ec"
   integrity sha512-XRsRjdf+j5ml+y/6GKHPZbrF/8p2Yga0JPtdqTIY2Xe5ohJPD9saDJJLPvp9+NSBprVvevdXZybnj2cv8OEd0A==
 
-qs@6.11.0:
+qs@6.11.0, qs@6.7.0, qs@^6.7.3:
   version "6.11.0"
   resolved "https://registry.yarnpkg.com/qs/-/qs-6.11.0.tgz#fd0d963446f7a65e1367e01abd85429453f0c37a"
   integrity sha512-MvjoMCJwEarSbUYk5O+nmoSzSutSsTwF85zcHPQ9OrlFoZOYIjaqBAJIqIXjptyD5vThxGq52Xu/MaJzRkIk4Q==
   dependencies:
     side-channel "^1.0.4"
 
-qs@6.7.0:
-  version "6.7.0"
-  resolved "https://registry.yarnpkg.com/qs/-/qs-6.7.0.tgz#41dc1a015e3d581f1621776be31afb2876a9b1bc"
-  integrity sha512-VCdBRNFTX1fyE7Nb6FYoURo/SPe62QCaAyzJvUjwRaIsc+NePBEniHlvxFmmX56+HZphIGtV0XeCirBtpDrTyQ==
-
 queue-microtask@^1.2.2:
   version "1.2.2"
   resolved "https://registry.yarnpkg.com/queue-microtask/-/queue-microtask-1.2.2.tgz#abf64491e6ecf0f38a6502403d4cda04f372dfd3"