.dockerignore

@@ -1,3 +1,10 @@
-**
-!release-packages
-!ci
+Dockerfile
+# Docs
+doc/
+# GitHub stuff
+.github
+.gitignore
+.travis.yml
+LICENSE
+README.md
+node_modules

.editorconfig

@@ -1,6 +0,0 @@
-root = true
-
-[*]
-indent_style = space
-trim_trailing_whitespace = true
-indent_size = 2

.git-blame-ignore-revs

@@ -1,2 +0,0 @@
-# Prettier 3.4.2
-9b0340a09276f93c054d705d1b9a5f24cc5dbc97

.gitattributes

@@ -1 +0,0 @@
-*.afdesign filter=lfs diff=lfs merge=lfs -text

.github/CODEOWNERS

@@ -1,7 +1,2 @@
-* @coder/code-server
-
-ci/helm-chart/ @Matthew-Beckett @alexgorbatchev
-
-docs/install.md @GNUxeava
-
-src/node/i18n/locales/zh-cn.json @zhaozhiming
+* @code-asher @kylecarbs
+Dockerfile @nhooyr

.github/ISSUE_TEMPLATE/bug-report.yml

@@ -1,126 +0,0 @@
-name: Bug report
-description: File a bug report
-labels: ["bug", "triage"]
-body:
-  - type: checkboxes
-    attributes:
-      label: Is there an existing issue for this?
-      description: Please search to see if an issue already exists for the bug you encountered.
-      options:
-        - label: I have searched the existing issues
-          required: true
-
-  - type: textarea
-    attributes:
-      label: OS/Web Information
-      description: |
-        examples:
-          - **Web Browser**: Chrome
-          - **Local OS**: macOS
-          - **Remote OS**: Ubuntu
-          - **Remote Architecture**: amd64
-          - **`code-server --version`**: 4.0.1
-
-        Please do not just put "latest" for the version.
-      value: |
-        - Web Browser:
-        - Local OS:
-        - Remote OS:
-        - Remote Architecture:
-        - `code-server --version`:
-    validations:
-      required: true
-
-  - type: textarea
-    attributes:
-      label: Steps to Reproduce
-      description: |
-        Please describe exactly how to reproduce the bug. For example:
-        1. Open code-server in Firefox
-        2. Install extension `foo.bar` from the extensions sidebar
-        3. Run command `foo.bar.baz`
-      value: |
-        1.
-        2.
-        3.
-    validations:
-      required: true
-
-  - type: textarea
-    attributes:
-      label: Expected
-      description: What should happen?
-    validations:
-      required: true
-
-  - type: textarea
-    attributes:
-      label: Actual
-      description: What actually happens?
-    validations:
-      required: true
-
-  - type: textarea
-    id: logs
-    attributes:
-      label: Logs
-      description: Run code-server with the --verbose flag and then paste any relevant logs from the server, from the browser console and/or the browser network tab. For issues with installation, include installation logs (i.e. output of `npm install -g code-server`).
-      render: shell
-
-  - type: textarea
-    attributes:
-      label: Screenshot/Video
-      description: Please include a screenshot, gif or screen recording of your issue.
-    validations:
-      required: false
-
-  - type: dropdown
-    attributes:
-      label: Does this bug reproduce in native VS Code?
-      description: If the bug reproduces in native VS Code, submit the issue upstream instead (https://github.com/microsoft/vscode).
-      options:
-        - Yes, this is also broken in native VS Code
-        - No, this works as expected in native VS Code
-        - This cannot be tested in native VS Code
-        - I did not test native VS Code
-    validations:
-      required: true
-
-  - type: dropdown
-    attributes:
-      label: Does this bug reproduce in VS Code web?
-      description: If the bug reproduces in VS Code web, submit the issue upstream instead (https://github.com/microsoft/vscode). You can run VS Code web with `code serve-web` (this is not the same as vscode.dev).
-      options:
-        - Yes, this is also broken in VS Code web
-        - No, this works as expected in VS Code web
-        - This cannot be tested in VS Code web
-        - I did not test VS Code web
-    validations:
-      required: true
-
-  - type: dropdown
-    attributes:
-      label: Does this bug reproduce in GitHub Codespaces?
-      description: If the bug reproduces in GitHub Codespaces, submit the issue upstream instead (https://github.com/microsoft/vscode).
-      options:
-        - Yes, this is also broken in GitHub Codespaces
-        - No, this works as expected in GitHub Codespaces
-        - This cannot be tested in GitHub Codespaces
-        - I did not test GitHub Codespaces
-    validations:
-      required: true
-
-  - type: checkboxes
-    attributes:
-      label: Are you accessing code-server over a secure context?
-      description: code-server relies on service workers (which only work in secure contexts) for many features. Double-check that you are using a secure context like HTTPS or localhost.
-      options:
-        - label: I am using a secure context.
-          required: false
-
-  - type: textarea
-    attributes:
-      label: Notes
-      description: Please include any addition notes that will help us resolve this issue.
-    validations:
-      required: false

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,22 @@
+---
+name: Bug Report
+about: Report problems and unexpected behavior.
+title: ''
+labels: 'bug'
+assignees: ''
+---
+
+<!-- Please search existing issues to avoid creating duplicates. -->
+<!-- All extension-specific issues should be created with the `Extension Bug` template. -->
+
+- `code-server` version: <!-- The version of code-server -->
+- OS Version: <!-- OS version, cloud provider,  -->
+
+## Description
+
+<!-- Describes the problem here -->
+
+## Steps to Reproduce
+
+1. <!-- step 1: click ... -->
+1. <!-- step 2: ... -->

.github/ISSUE_TEMPLATE/config.yml

@@ -1,8 +0,0 @@
-blank_issues_enabled: false
-contact_links:
-  - name: Question?
-    url: https://github.com/coder/code-server/discussions/new?category_id=22503114
-    about: Ask the community for help on our GitHub Discussions board
-  - name: code-server Slack Community
-    about: Need immediate help or just want to talk? Hop in our Slack. Note - this Slack is not actively monitored by code-server maintainers.
-    url: https://cdr.co/join-community

.github/ISSUE_TEMPLATE/doc.md

@@ -1,11 +0,0 @@
----
-name: Documentation improvement
-about: Suggest a documentation improvement
-labels: "docs"
----
-
-## What is your suggestion?
-
-## How will this improve the docs?
-
-## Are you interested in submitting a PR for this?

.github/ISSUE_TEMPLATE/extension_bug.md

@@ -0,0 +1,22 @@
+---
+name: Extension Bug
+about: Report problems and unexpected behavior with extensions.
+title: ''
+labels: 'extension-specific'
+assignees: ''
+---
+
+<!-- Please search existing issues to avoid creating duplicates. -->
+
+- `code-server` version: <!-- The version of code-server -->
+- OS Version: <!-- OS version, cloud provider,  -->
+- Extension: <!-- Link to extension -->
+
+## Description
+
+<!-- Describes the problem here -->
+
+## Steps to Reproduce
+
+1. <!-- step 1: click ... -->
+1. <!-- step 2: ... -->

.github/ISSUE_TEMPLATE/feature-request.md

@@ -1,13 +0,0 @@
----
-name: Feature request
-about: Suggest an idea to improve code-server
-labels: enhancement
----
-
-## What is your suggestion?
-
-## Why do you want this feature?
-
-## Are there any workarounds to get this functionality today?
-
-## Are you interested in submitting a PR for this?

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,11 @@
+---
+name: Feature Request
+about: Suggest an idea for this project.
+title: ''
+labels: 'feature'
+assignees: ''
+---
+
+<!-- Please search existing issues to avoid creating duplicates. -->
+
+<!-- Describe the feature you'd like. -->

.github/ISSUE_TEMPLATE/question.md

@@ -0,0 +1,17 @@
+---
+name: Question
+about: Ask a question.
+title: ''
+labels: 'question'
+assignees: ''
+---
+
+<!-- Please search existing issues to avoid creating duplicates. -->
+
+## Description
+
+<!-- A description of the the question. -->
+
+## Related Issues
+
+<!-- Any issues related to your question. -->

.github/PULL_REQUEST_TEMPLATE.md

@@ -1,8 +0,0 @@
-<!--
-Please link to the issue this PR solves.
-If there is no existing issue, please first create one unless the fix is minor.
-
-Please make sure the base of your PR is the default branch!
--->
-
-Fixes #

.github/codecov.yml

@@ -1,31 +0,0 @@
-codecov:
-  require_ci_to_pass: yes
-  allow_coverage_offsets: True
-
-coverage:
-  precision: 2
-  round: down
-  range: "40...70"
-  status:
-    patch: off
-  notify:
-    slack:
-      default:
-        url: secret:v1::tXC7VwEIKYjNU8HRgRv2GdKOSCt5UzpykKZb+o1eCDqBgb2PEqwE3A26QUPYMLo4BO2qtrJhFIvwhUvlPwyzDCNGoNiuZfXr0UeZZ0y1TcZu672R/NBNMwEPO/e1Ye0pHxjzKHnuH7HqbjFucox/RBQLtiL3J56SWGE3JtbkC6o=
-        threshold: 1%
-        only_pulls: false
-        branches:
-          - "main"
-
-parsers:
-  gcov:
-    branch_detection:
-      conditional: yes
-      loop: yes
-      method: no
-      macro: no
-
-comment:
-  layout: "reach,diff,flags,files,footer"
-  behavior: default
-  require_changes: no

.github/codeql-config.yml

@@ -1 +0,0 @@
-name: "code-server CodeQL config"

.github/dependabot.yaml

@@ -1,31 +0,0 @@
-version: 2
-updates:
-  - package-ecosystem: "github-actions"
-    directory: "/"
-    schedule:
-      interval: "monthly"
-      time: "06:00"
-      timezone: "America/Chicago"
-    labels: []
-    commit-message:
-      prefix: "chore"
-
-  - package-ecosystem: "npm"
-    directory: "/"
-    schedule:
-      interval: "monthly"
-      time: "06:00"
-      timezone: "America/Chicago"
-    commit-message:
-      prefix: "chore"
-    labels: []
-    ignore:
-      # Ignore patch updates for all dependencies
-      - dependency-name: "*"
-        update-types:
-          - version-update:semver-patch
-      # Ignore major updates to Node.js types, because they need to
-      # correspond to the Node.js engine version
-      - dependency-name: "@types/node"
-        update-types:
-          - version-update:semver-major

.github/pull_request_template.md

@@ -0,0 +1,6 @@
+<!-- Please answer these questions before submitting your PR. Thanks! -->
+
+### Describe in detail the problem you had and how this PR fixes it
+
+### Is there an open issue you can link to?
+

.github/semantic.yaml

@@ -1,66 +0,0 @@
-###############################################################################
-# This file configures "Semantic Pull Requests", which is documented here:
-# https://github.com/zeke/semantic-pull-requests
-###############################################################################
-
-# Scopes are optionally supplied after a 'type'. For example, in
-#
-# feat(docs): autostart ui
-#
-# '(docs)' is the scope. Scopes are used to signify where the change occurred.
-scopes:
-  # docs: changes to the code-server documentation.
-  - docs
-
-  # vendor: changes to vendored dependencies.
-  - vendor
-
-  # deps: changes to code-server's dependencies.
-  - deps
-
-  # cs: changes to code specific to code-server.
-  - cs
-
-  # cli: changes to the command-line interface.
-  - cli
-
-# We only check that the PR title is semantic. The PR title is automatically
-# applied to the "Squash & Merge" flow as the suggested commit message, so this
-# should suffice unless someone drastically alters the message in that flow.
-titleOnly: true
-
-# Types are the 'tag' types in a commit or PR title. For example, in
-#
-# chore: fix thing
-#
-# 'chore' is the type.
-types:
-  # A build of any kind.
-  - build
-
-  # A user-facing change that corrects a defect in code-server.
-  - fix
-
-  # Any code task that is ignored for changelog purposes. Examples include
-  # devbin scripts and internal-only configurations.
-  - chore
-
-  # Any work performed on CI.
-  - ci
-
-  # Work that directly implements or supports the implementation of a feature.
-  - feat
-
-  # A refactor changes code structure without any behavioral change.
-  - refactor
-
-  # A git revert for any style of commit.
-  - revert
-
-  # Adding tests of any kind. Should be separate from feature or fix
-  # implementations. For example, if a commit adds a fix + test, it's a fix
-  # commit. If a commit is simply bumping coverage, it's a test commit.
-  - test
-
-  # A new release.
-  - release

.github/stale.yml

@@ -1,12 +0,0 @@
-# Number of days of inactivity before an issue becomes stale
-daysUntilStale: 180
-# Number of days of inactivity before a stale issue is closed
-daysUntilClose: 5
-# Label to apply when stale.
-staleLabel: stale
-# Comment to post when marking an issue as stale. Set to `false` to disable
-markComment: >
-  This issue has been automatically marked as stale because it has not had
-  recent activity. It will be closed if no activity occurs in the next 5 days.
-# Comment to post when closing a stale issue. Set to `false` to disable
-closeComment: false

.github/workflows/build.yaml

@@ -1,299 +0,0 @@
-name: Build
-
-on:
-  push:
-    branches:
-      - main
-  pull_request:
-    branches:
-      - main
-
-# Cancel in-progress runs for pull requests when developers push
-# additional changes, and serialize builds in branches.
-# https://docs.github.com/en/actions/using-jobs/using-concurrency#example-using-concurrency-to-cancel-any-in-progress-job-or-run
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: ${{ github.event_name == 'pull_request' }}
-
-jobs:
-  changes:
-    runs-on: ubuntu-latest
-    outputs:
-      ci: ${{ steps.filter.outputs.ci }}
-      code: ${{ steps.filter.outputs.code }}
-      deps: ${{ steps.filter.outputs.deps }}
-      docs: ${{ steps.filter.outputs.docs }}
-      helm: ${{ steps.filter.outputs.helm }}
-    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-      - uses: dorny/paths-filter@d1c1ffe0248fe513906c8e24db8ea791d46f8590 # v3
-        id: filter
-        with:
-          filters: |
-            ci:
-              - ".github/**"
-              - "ci/**"
-            docs:
-              - "docs/**"
-              - "README.md"
-              - "CHANGELOG.md"
-            helm:
-              - "ci/helm-chart/**"
-            code:
-              - "src/**"
-              - "test/**"
-            deps:
-              - "lib/**"
-              - "patches/**"
-              - "package-lock.json"
-              - "test/package-lock.json"
-      - id: debug
-        run: |
-          echo "${{ toJSON(steps.filter )}}"
-
-  prettier:
-    name: Run prettier check
-    runs-on: ubuntu-22.04
-    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
-        with:
-          node-version-file: .node-version
-          cache: npm
-          cache-dependency-path: |
-            package-lock.json
-            test/package-lock.json
-      - run: SKIP_SUBMODULE_DEPS=1 npm ci
-      - run: npx prettier --check .
-
-  doctoc:
-    name: Doctoc markdown files
-    runs-on: ubuntu-22.04
-    needs: changes
-    if: needs.changes.outputs.docs == 'true'
-    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
-        with:
-          node-version-file: .node-version
-          cache: npm
-          cache-dependency-path: |
-            package-lock.json
-            test/package-lock.json
-      - run: SKIP_SUBMODULE_DEPS=1 npm ci
-      - run: npm run doctoc
-
-  lint-helm:
-    name: Lint Helm chart
-    runs-on: ubuntu-22.04
-    needs: changes
-    if: needs.changes.outputs.helm == 'true'
-    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-      - uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5.0.0
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-          version: "v3.19.2"
-      - run: helm plugin install https://github.com/instrumenta/helm-kubeval
-      - run: helm kubeval ci/helm-chart
-
-  lint-ts:
-    name: Lint TypeScript files
-    runs-on: ubuntu-22.04
-    needs: changes
-    if: needs.changes.outputs.code == 'true'
-    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
-        with:
-          node-version-file: .node-version
-          cache: npm
-          cache-dependency-path: |
-            package-lock.json
-            test/package-lock.json
-      - run: SKIP_SUBMODULE_DEPS=1 npm ci
-      - run: npm run lint:ts
-
-  lint-actions:
-    name: Lint GitHub Actions
-    runs-on: ubuntu-latest
-    needs: changes
-    if: needs.changes.outputs.ci == 'true'
-    steps:
-      - name: Checkout repo
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-      - name: Check workflow files
-        run: |
-          bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash) 1.7.9
-          ./actionlint -color -shellcheck= -ignore "softprops/action-gh-release"
-        shell: bash
-
-  test-unit:
-    name: Run unit tests
-    runs-on: ubuntu-22.04
-    needs: changes
-    if: needs.changes.outputs.code == 'true'
-    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
-        with:
-          node-version-file: .node-version
-          cache: npm
-          cache-dependency-path: |
-            package-lock.json
-            test/package-lock.json
-      - run: SKIP_SUBMODULE_DEPS=1 npm ci
-      - run: npm run test:unit
-      - uses: codecov/codecov-action@75cd11691c0faa626561e295848008c8a7dddffe # v5
-        if: success()
-        with:
-          token: ${{ secrets.CODECOV_TOKEN }}
-
-  build:
-    name: linux-x64
-    runs-on: ubuntu-22.04
-    env:
-      CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
-      DISABLE_V8_COMPILE_CACHE: 1
-      VERSION: 0.0.0
-      VSCODE_TARGET: linux-x64
-      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      ELECTRON_SKIP_BINARY_DOWNLOAD: 1
-      PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD: 1
-
-    steps:
-      - run: sudo apt update && sudo apt install -y libkrb5-dev
-      - uses: awalsh128/cache-apt-pkgs-action@2c09a5e66da6c8016428a2172bd76e5e4f14bb17 # latest
-        with:
-          packages: quilt
-          version: 1.0
-
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-        with:
-          submodules: true
-      - run: quilt push -a
-      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
-        with:
-          node-version-file: .node-version
-          cache: npm
-          cache-dependency-path: |
-            package-lock.json
-            test/package-lock.json
-      - run: SKIP_SUBMODULE_DEPS=1 npm ci
-      - run: npm run build
-      # Get Code's git hash.  When this changes it means the content is
-      # different and we need to rebuild.
-      - name: Get latest lib/vscode rev
-        id: vscode-rev
-        run: echo "rev=$(git rev-parse HEAD:./lib/vscode)" >> $GITHUB_OUTPUT
-      # We need to rebuild when we have a new version of Code, when any of the
-      # patches changed, or when the code-server version changes (since it gets
-      # embedded into the code).  Use VSCODE_CACHE_VERSION to force a rebuild.
-      - name: Fetch prebuilt linux-x64 Code package from cache
-        id: cache-vscode
-        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4
-        with:
-          path: lib/vscode-reh-web-linux-x64
-          key: vscode-linux-x64-package-${{ secrets.VSCODE_CACHE_VERSION }}-${{ steps.vscode-rev.outputs.rev }}-${{ hashFiles('patches/*.diff', 'ci/build/build-vscode.sh') }}
-      - name: Build vscode
-        if: steps.cache-vscode.outputs.cache-hit != 'true'
-        run: |
-          pushd lib/vscode
-          npm ci
-          popd
-          npm run build:vscode
-      # Push up an artifact containing the linux-x64 release.
-      - run: KEEP_MODULES=1 npm run release
-      - run: tar -czf package.tar.gz release
-      - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
-        with:
-          name: linux-x64-package
-          path: ./package.tar.gz
-
-  test-e2e:
-    name: Run e2e tests
-    runs-on: ubuntu-22.04
-    env:
-      LOG_LEVEL: debug
-    needs: [changes, build]
-    if: needs.changes.outputs.code == 'true' || needs.changes.outputs.deps == 'true' || needs.changes.outputs.ci == 'true'
-
-    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
-        with:
-          node-version-file: .node-version
-          cache: npm
-          cache-dependency-path: |
-            package-lock.json
-            test/package-lock.json
-      - run: SKIP_SUBMODULE_DEPS=1 npm ci
-      - name: Install Playwright OS dependencies
-        run: |
-          ./test/node_modules/.bin/playwright install-deps
-          ./test/node_modules/.bin/playwright install
-
-      - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
-        with:
-          name: linux-x64-package
-      - run: tar -xzf package.tar.gz
-
-      - run: CODE_SERVER_TEST_ENTRY=./release npm run test:e2e
-      - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
-        if: always()
-        with:
-          name: failed-test-videos
-          path: ./test/test-results
-
-  test-e2e-proxy:
-    name: Run e2e tests behind proxy
-    runs-on: ubuntu-22.04
-    env:
-      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      LOG_LEVEL: debug
-    needs: [changes, build]
-    if: needs.changes.outputs.code == 'true' || needs.changes.outputs.deps == 'true' || needs.changes.outputs.ci == 'true'
-
-    steps:
-      - name: Cache Caddy
-        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4
-        id: caddy-cache
-        with:
-          path: |
-            ~/.cache/caddy
-          key: cache-caddy-2.5.2
-      - name: Install Caddy
-        if: steps.caddy-cache.outputs.cache-hit != 'true'
-        run: |
-          gh release download v2.5.2 --repo caddyserver/caddy --pattern "caddy_2.5.2_linux_amd64.tar.gz"
-          mkdir -p ~/.cache/caddy
-          tar -xzf caddy_2.5.2_linux_amd64.tar.gz --directory ~/.cache/caddy
-
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
-        with:
-          node-version-file: .node-version
-          cache: npm
-          cache-dependency-path: |
-            package-lock.json
-            test/package-lock.json
-      - run: SKIP_SUBMODULE_DEPS=1 npm ci
-      - name: Install Playwright OS dependencies
-        run: |
-          ./test/node_modules/.bin/playwright install-deps
-          ./test/node_modules/.bin/playwright install
-
-      - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
-        with:
-          name: linux-x64-package
-      - run: tar -xzf package.tar.gz
-
-      - run: ~/.cache/caddy/caddy start --config ./ci/Caddyfile
-      - run: CODE_SERVER_TEST_ENTRY=./release npm run test:e2e:proxy
-      - run: ~/.cache/caddy/caddy stop --config ./ci/Caddyfile
-        if: always()
-      - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
-        if: always()
-        with:
-          name: failed-test-videos-proxy
-          path: ./test/test-results

.github/workflows/installer.yaml

@@ -1,76 +0,0 @@
-name: Installer integration
-
-on:
-  push:
-    branches:
-      - main
-    paths:
-      - "install.sh"
-      - ".github/workflows/installer.yaml"
-  pull_request:
-    branches:
-      - main
-    paths:
-      - "install.sh"
-      - ".github/workflows/installer.yaml"
-
-# Cancel in-progress runs for pull requests when developers push
-# additional changes, and serialize builds in branches.
-# https://docs.github.com/en/actions/using-jobs/using-concurrency#example-using-concurrency-to-cancel-any-in-progress-job-or-run
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: ${{ github.event_name == 'pull_request' }}
-
-permissions:
-  contents: read
-
-jobs:
-  ubuntu:
-    name: Test installer on Ubuntu
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout repo
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-
-      - name: Install code-server
-        run: ./install.sh
-
-      - name: Test code-server was installed globally
-        run: code-server --help
-
-  alpine:
-    name: Test installer on Alpine
-    runs-on: ubuntu-latest
-    container: "alpine:3.17"
-    steps:
-      - name: Checkout repo
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-
-      - name: Install curl
-        run: apk add curl
-
-      - name: Add user
-        run: adduser coder --disabled-password
-
-      # Standalone should work without root.
-      - name: Test standalone to a non-existent prefix
-        run: su coder -c "./install.sh --method standalone --prefix /tmp/does/not/yet/exist"
-
-      # We do not actually have Alpine standalone builds so running code-server
-      # will not work.
-      - name: Test code-server was installed to prefix
-        run: test -f /tmp/does/not/yet/exist/bin/code-server
-
-  macos:
-    name: Test installer on macOS
-    runs-on: macos-latest
-
-    steps:
-      - name: Checkout repo
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-
-      - name: Install code-server
-        run: ./install.sh
-
-      - name: Test code-server was installed globally
-        run: code-server --help

.github/workflows/publish.yaml

@@ -1,167 +0,0 @@
-name: Publish code-server
-
-on:
-  # Shows the manual trigger in GitHub UI
-  # helpful as a back-up in case the GitHub Actions Workflow fails
-  workflow_dispatch:
-    inputs:
-      version:
-        type: string
-        required: true
-
-  release:
-    types: [released]
-
-# Cancel in-progress runs for pull requests when developers push
-# additional changes, and serialize builds in branches.
-# https://docs.github.com/en/actions/using-jobs/using-concurrency#example-using-concurrency-to-cancel-any-in-progress-job-or-run
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: ${{ github.event_name == 'pull_request' }}
-
-jobs:
-  npm:
-    runs-on: ubuntu-latest
-    env:
-      TAG: ${{ inputs.version || github.ref_name }}
-      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
-      NPM_ENVIRONMENT: "production"
-
-    steps:
-      - name: Set version to tag without leading v
-        run: |
-          echo "VERSION=${TAG#v}" >> $GITHUB_ENV
-
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
-        with:
-          node-version-file: .node-version
-
-      - uses: robinraju/release-downloader@daf26c55d821e836577a15f77d86ddc078948b05 # v1.12
-        with:
-          repository: "coder/code-server"
-          tag: ${{ env.TAG }}
-          fileName: "package.tar.gz"
-          out-file-path: "release-npm-package"
-
-      - run: tar -xzf release-npm-package/package.tar.gz
-      - run: |
-          echo "//registry.npmjs.org/:_authToken=${NPM_TOKEN}" > ~/.npmrc
-          pushd release
-          npm publish --tag latest --access public
-
-  aur:
-    runs-on: ubuntu-latest
-    timeout-minutes: 10
-    env:
-      GH_TOKEN: ${{ secrets.HOMEBREW_GITHUB_API_TOKEN }}
-      TAG: ${{ inputs.version || github.ref_name }}
-
-    steps:
-      - name: Set version to tag without leading v
-        run: |
-          echo "VERSION=${TAG#v}" >> $GITHUB_ENV
-
-      - name: Checkout code-server-aur repo
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-        with:
-          repository: "cdrci/code-server-aur"
-          token: ${{ secrets.HOMEBREW_GITHUB_API_TOKEN }}
-          ref: "master"
-
-      - name: Configure git
-        run: |
-          git config --global user.name cdrci
-          git config --global user.email opensource@coder.com
-
-      - name: Fetch and reset master
-        run: |
-          git remote add upstream https://github.com/coder/code-server-aur.git
-          git fetch upstream
-          git reset --hard upstream/master
-          git push --force
-
-      - name: Validate package
-        uses: heyhusen/archlinux-package-action@c9f94059ccbebe8710d31d582f33ef4e84fe575c # v3.0.0
-        with:
-          pkgver: ${{ env.VERSION }}
-          updpkgsums: true
-          srcinfo: true
-
-      - name: Open PR
-        run: |
-          git checkout -b update-version-${{ env.VERSION }}
-          git add .
-          git commit -m "chore: updating version to ${{ env.VERSION }}"
-          git push -u origin $(git branch --show)
-          gh pr create --repo coder/code-server-aur --title "chore: bump version to ${{ env.VERSION }}" --body "PR opened by @$GITHUB_ACTOR" --assignee $GITHUB_ACTOR
-
-  docker:
-    runs-on: ubuntu-latest
-    env:
-      GITHUB_TOKEN: ${{ github.token }}
-      TAG: ${{ inputs.version || github.ref_name }}
-
-    steps:
-      - name: Set version to tag without leading v
-        run: |
-          echo "VERSION=${TAG#v}" >> $GITHUB_ENV
-
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-      - uses: docker/setup-qemu-action@ce360397dd3f832beb865e1373c09c0e9f86d70a # v4.0.0
-      - uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0
-
-      - uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3
-        with:
-          username: ${{ secrets.DOCKER_USERNAME }}
-          password: ${{ secrets.DOCKER_PASSWORD }}
-      - uses: docker/login-action@c94ce9fb468520275223c153574b00df6fe4bcc9 # v3
-        with:
-          registry: ghcr.io
-          username: ${{ github.actor }}
-          password: ${{ secrets.GITHUB_TOKEN }}
-
-      - uses: robinraju/release-downloader@daf26c55d821e836577a15f77d86ddc078948b05 # v1.12
-        with:
-          repository: "coder/code-server"
-          tag: v${{ env.VERSION }}
-          fileName: "*.deb"
-          out-file-path: "release-packages"
-      - uses: robinraju/release-downloader@daf26c55d821e836577a15f77d86ddc078948b05 # v1.12
-        with:
-          repository: "coder/code-server"
-          tag: v${{ env.VERSION }}
-          fileName: "*.rpm"
-          out-file-path: "release-packages"
-
-      - run: npm run publish:docker
-
-  repo:
-    runs-on: ubuntu-latest
-    env:
-      GH_TOKEN: ${{ secrets.HOMEBREW_GITHUB_API_TOKEN }}
-      TAG: ${{ inputs.version || github.ref_name }}
-    needs: docker
-
-    steps:
-      - name: Set version to tag without leading v
-        run: |
-          echo "VERSION=${TAG#v}" >> $GITHUB_ENV
-
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-
-      - run: ./ci/build/update-repo.sh
-
-      - name: Open PR
-        run: |
-          git config --global user.name cdrci
-          git config --global user.email opensource@coder.com
-          git checkout -b "helm/$VERSION"
-          git add .
-          git commit -m "Update to $VERSION"
-          git push -u origin "$(git branch --show)"
-          gh pr create \
-            --repo coder/code-server \
-            --body-file .cache/checklist \
-            --title "Update to $VERSION"

.github/workflows/release.yaml

@@ -1,193 +0,0 @@
-name: Draft release
-
-on:
-  workflow_dispatch:
-    inputs:
-      version:
-        type: string
-        required: true
-  pull_request_target:
-    types:
-      - closed
-    branches:
-      - "update/**"
-
-permissions:
-  contents: write # For creating releases.
-  discussions: write #  For creating a discussion.
-
-# Cancel in-progress runs for pull requests when developers push
-# additional changes
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: ${{ github.event_name == 'pull_request' }}
-
-jobs:
-  package-linux:
-    name: ${{ format('linux-{0}', matrix.vscode_arch) }}
-    runs-on: ubuntu-22.04
-    if: github.event_name == 'workflow_dispatch' || github.event.pull_request.merged == true
-
-    strategy:
-      matrix:
-        include:
-          - npm_arch: x64
-            vscode_arch: x64
-            package_arch: amd64
-          - npm_arch: arm64
-            vscode_arch: arm64
-            package_arch: arm64
-          - npm_arch: arm
-            vscode_arch: armhf
-            package_arch: armv7l
-
-    env:
-      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      ELECTRON_SKIP_BINARY_DOWNLOAD: 1
-      PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD: 1
-      TAG: ${{ inputs.version || github.event.pull_request.head.ref || github.ref_name }}
-      # Set release package name.
-      ARCH: ${{ matrix.package_arch }}
-      # Cross-compile target.
-      VSCODE_ARCH: ${{ matrix.vscode_arch }}
-      npm_config_arch: ${{ matrix.npm_arch }}
-      # Ensure native modules are built from source to avoid prebuilds and use
-      # the correct version of glibc.
-      npm_config_build_from_source: true
-      # Gulp target name.
-      # TODO: Pull from VSCODE_ARCH instead.
-      VSCODE_TARGET: ${{ format('linux-{0}', matrix.vscode_arch) }}
-
-    steps:
-      - run: sudo apt update && sudo apt install -y libkrb5-dev
-      - uses: awalsh128/cache-apt-pkgs-action@2c09a5e66da6c8016428a2172bd76e5e4f14bb17 # latest
-        with:
-          packages: quilt
-          version: 1.0
-      - name: Install nfpm
-        run: |
-          mkdir -p ~/.local/bin
-          curl -sSfL https://github.com/goreleaser/nfpm/releases/download/v2.3.1/nfpm_2.3.1_`uname -s`_`uname -m`.tar.gz | tar -C ~/.local/bin -zxv nfpm
-          echo "$HOME/.local/bin" >> $GITHUB_PATH
-
-      - name: Strip update/ and v from tag
-        run: |
-          version=${TAG#update/}
-          echo "VERSION=${version#v}" >> $GITHUB_ENV
-
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-        with:
-          submodules: true
-      - run: quilt push -a
-      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
-        with:
-          node-version-file: .node-version
-          cache: npm
-          cache-dependency-path: |
-            package-lock.json
-            test/package-lock.json
-
-      - name: Build
-        run: |
-          cd lib/vscode/build
-          npm ci
-          cd ..
-          source ./build/azure-pipelines/linux/setup-env.sh
-          # Run preinstall script before root dependencies are installed
-          # so that v8 headers are patched correctly for native modules.
-          node build/npm/preinstall.ts
-          cd ../..
-          npm ci
-          npm run build
-          npm run build:vscode
-
-      # Platform-agnostic NPM package.
-      - run: npm run release
-        if: ${{ matrix.vscode_arch == 'x64' }}
-      - run: tar -czf package.tar.gz release
-        if: ${{ matrix.vscode_arch == 'x64' }}
-      - run: |
-          sed "/^## Unreleased/,/^## / ! d" CHANGELOG.md | head -n -2 | tail -n +3 > .cache/release-notes
-        if: ${{ matrix.vscode_arch == 'x64' }}
-      - uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v1
-        if: ${{ matrix.vscode_arch == 'x64' }}
-        with:
-          draft: true
-          discussion_category_name: "📣 Announcements"
-          files: package.tar.gz
-          tag_name: v${{ env.VERSION }}
-          name: v${{ env.VERSION }}
-          body: .cache/release-notes
-
-      # Platform-specific release.
-      - run: KEEP_MODULES=1 npm run release
-      - run: npm run package
-      - uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v1
-        with:
-          draft: true
-          discussion_category_name: "📣 Announcements"
-          files: ./release-packages/*
-          tag_name: v${{ env.VERSION }}
-          name: v${{ env.VERSION }}
-
-  package-macos:
-    name: ${{ matrix.vscode_target }}
-    runs-on: ${{ matrix.os }}
-    if: github.event_name == 'workflow_dispatch' || github.event.pull_request_merged == true
-    strategy:
-      matrix:
-        include:
-          - os: macos-15-intel
-            vscode_target: darwin-x64
-          - os: macos-latest
-            vscode_target: darwin-arm64
-    env:
-      VSCODE_TARGET: ${{ matrix.vscode_target }}
-      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      TAG: ${{ inputs.version || github.ref_name }}
-      # Ensure native modules are built from source to avoid prebuilds.
-      npm_config_build_from_source: true
-
-    steps:
-      # The version of node-gyp we use depends on distutils but it was removed
-      # in Python 3.12.  It seems to be fixed in the latest node-gyp so when we
-      # next update Node we can probably remove this.  For now, install
-      # setuptools since it contains distutils.
-      - run: brew install python-setuptools quilt
-      - name: Install nfpm
-        run: |
-          mkdir -p ~/.local/bin
-          curl -sSfL https://github.com/goreleaser/nfpm/releases/download/v2.3.1/nfpm_2.3.1_`uname -s`_`uname -m`.tar.gz | tar -C ~/.local/bin -zxv nfpm
-          echo "$HOME/.local/bin" >> $GITHUB_PATH
-
-      - name: Strip update/ and v from tag
-        run: |
-          version=${TAG#update/}
-          echo "VERSION=${version#v}" >> $GITHUB_ENV
-
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-        with:
-          submodules: true
-      - run: quilt push -a
-      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
-        with:
-          node-version-file: .node-version
-          cache: npm
-          cache-dependency-path: |
-            package-lock.json
-            test/package-lock.json
-
-      - run: npm ci
-      - run: npm run build
-      - run: npm run build:vscode
-      - run: KEEP_MODULES=1 npm run release
-      - run: npm run test:native
-
-      - run: npm run package
-      - uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v1
-        with:
-          draft: true
-          discussion_category_name: "📣 Announcements"
-          files: ./release-packages/*
-          tag_name: v${{ env.VERSION }}
-          name: v${{ env.VERSION }}

.github/workflows/scripts.yaml

@@ -1,67 +0,0 @@
-name: Script unit tests
-
-on:
-  push:
-    branches:
-      - main
-    paths:
-      - "**.sh"
-      - "**.bats"
-  pull_request:
-    branches:
-      - main
-    paths:
-      - "**.sh"
-      - "**.bats"
-
-permissions:
-  actions: none
-  checks: none
-  contents: read
-  deployments: none
-  issues: none
-  packages: none
-  pull-requests: none
-  repository-projects: none
-  security-events: none
-  statuses: none
-
-# Cancel in-progress runs for pull requests when developers push
-# additional changes, and serialize builds in branches.
-# https://docs.github.com/en/actions/using-jobs/using-concurrency#example-using-concurrency-to-cancel-any-in-progress-job-or-run
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: ${{ github.event_name == 'pull_request' }}
-
-jobs:
-  test:
-    name: Run script unit tests
-    runs-on: ubuntu-latest
-    # This runs on Alpine to make sure we're testing with actual sh.
-    container: "alpine:3.17"
-    steps:
-      - name: Checkout repo
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-
-      - name: Install test utilities
-        run: apk add bats checkbashisms
-
-      - name: Check Bashisms
-        run: checkbashisms ./install.sh
-
-      - name: Run script unit tests
-        run: ./ci/dev/test-scripts.sh
-
-  lint:
-    name: Lint shell files
-    runs-on: ubuntu-latest
-    timeout-minutes: 5
-    steps:
-      - name: Checkout repo
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-
-      - name: Install lint utilities
-        run: sudo apt install shellcheck
-
-      - name: Lint shell files
-        run: ./ci/dev/lint-scripts.sh

.github/workflows/security.yaml

@@ -1,92 +0,0 @@
-name: Security
-
-on:
-  push:
-    branches: [main]
-    paths:
-      - "package.json"
-  pull_request:
-    paths:
-      - "package.json"
-  schedule:
-    # Runs every Monday morning PST
-    - cron: "17 15 * * 1"
-
-# Cancel in-progress runs for pull requests when developers push additional
-# changes, and serialize builds in branches.
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: ${{ github.event_name == 'pull_request' }}
-
-jobs:
-  audit:
-    name: Audit node modules
-    runs-on: ubuntu-latest
-    timeout-minutes: 15
-    steps:
-      - name: Checkout repo
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-        with:
-          fetch-depth: 0
-
-      - name: Install Node.js
-        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
-        with:
-          node-version-file: .node-version
-
-      - name: Audit npm for vulnerabilities
-        run: npm audit
-        if: success()
-
-  trivy-scan-repo:
-    name: Scan repo with Trivy
-    permissions:
-      contents: read # for actions/checkout to fetch code
-      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
-    runs-on: ubuntu-22.04
-    steps:
-      - name: Checkout repo
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-        with:
-          fetch-depth: 0
-
-      - name: Run Trivy vulnerability scanner in repo mode
-        uses: aquasecurity/trivy-action@97e0b3872f55f89b95b2f65b3dbab56962816478 # latest
-        with:
-          scan-type: "fs"
-          scan-ref: "."
-          ignore-unfixed: true
-          format: "template"
-          template: "@/contrib/sarif.tpl"
-          output: "trivy-repo-results.sarif"
-          severity: "HIGH,CRITICAL"
-
-      - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@68bde559dea0fdcac2102bfdf6230c5f70eb485e # v4
-        with:
-          sarif_file: "trivy-repo-results.sarif"
-
-  codeql-analyze:
-    permissions:
-      actions: read # for github/codeql-action/init to get workflow details
-      contents: read # for actions/checkout to fetch code
-      security-events: write # for github/codeql-action/autobuild to send a status report
-    name: Analyze with CodeQL
-    runs-on: ubuntu-22.04
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-
-      # Initializes the CodeQL tools for scanning.
-      - name: Initialize CodeQL
-        uses: github/codeql-action/init@68bde559dea0fdcac2102bfdf6230c5f70eb485e # v4
-        with:
-          config-file: ./.github/codeql-config.yml
-          languages: javascript
-
-      - name: Autobuild
-        uses: github/codeql-action/autobuild@68bde559dea0fdcac2102bfdf6230c5f70eb485e # v4
-
-      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@68bde559dea0fdcac2102bfdf6230c5f70eb485e # v4

.github/workflows/trivy-docker.yaml

@@ -1,65 +0,0 @@
-name: Trivy Nightly Docker Scan
-
-on:
-  # Run scans if the workflow is modified, in order to test the
-  # workflow itself. This results in some spurious notifications,
-  # but seems okay for testing.
-  pull_request:
-    branches:
-      - main
-    paths:
-      - .github/workflows/trivy-docker.yaml
-
-  # Run scans against master whenever changes are merged.
-  push:
-    branches:
-      - main
-    paths:
-      - .github/workflows/trivy-docker.yaml
-
-  schedule:
-    # Run at 10:15 am UTC (3:15am PT/5:15am CT)
-    # Run at 0 minutes 0 hours of every day.
-    - cron: "15 10 * * *"
-
-  workflow_dispatch:
-
-permissions:
-  actions: none
-  checks: none
-  contents: read
-  deployments: none
-  issues: none
-  packages: none
-  pull-requests: none
-  repository-projects: none
-  security-events: write
-  statuses: none
-
-# Cancel in-progress runs for pull requests when developers push
-# additional changes, and serialize builds in branches.
-# https://docs.github.com/en/actions/using-jobs/using-concurrency#example-using-concurrency-to-cancel-any-in-progress-job-or-run
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-
-jobs:
-  trivy-scan-image:
-    runs-on: ubuntu-22.04
-
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-
-      - name: Run Trivy vulnerability scanner in image mode
-        uses: aquasecurity/trivy-action@97e0b3872f55f89b95b2f65b3dbab56962816478 # latest
-        with:
-          image-ref: "docker.io/codercom/code-server:latest"
-          ignore-unfixed: true
-          format: "sarif"
-          output: "trivy-image-results.sarif"
-          severity: "HIGH,CRITICAL"
-
-      - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@68bde559dea0fdcac2102bfdf6230c5f70eb485e # v4
-        with:
-          sarif_file: "trivy-image-results.sarif"

.github/workflows/update.yaml

@@ -1,72 +0,0 @@
-name: Update code-server
-
-on:
-  workflow_dispatch:
-    inputs:
-      version:
-        type: string
-        required: true
-  schedule:
-    - cron: "0 16,21 * * *"
-
-jobs:
-  update:
-    runs-on: ubuntu-latest
-    env:
-      TAG: ${{ inputs.version }}
-      GH_TOKEN: ${{ secrets.HOMEBREW_GITHUB_API_TOKEN }}
-
-    steps:
-      - name: Fetch latest tag
-        if: env.TAG == ''
-        run: |
-          tag=$(curl -fsSLI -o /dev/null -w "%{url_effective}" https://github.com/microsoft/vscode/releases/latest)
-          tag="${tag#https://github.com/microsoft/vscode/releases/tag/}"
-          echo "TAG=$tag" >> $GITHUB_ENV
-
-      - name: Remove leading v from tag
-        run: |
-          echo "VERSION=${TAG#v}" >> $GITHUB_ENV
-
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-        with:
-          submodules: true
-
-      - name: Check current version
-        id: check
-        run: |
-          commit="$(git -C lib/vscode rev-parse HEAD)"
-          if [[ $(git -C lib/vscode ls-remote --tags | grep "$commit") == */"$VERSION" ]] ; then
-            echo "$VERSION update has already been merged into $(git rev-parse --abbrev-ref HEAD)"
-            echo done=true >> $GITHUB_OUTPUT
-          elif git ls-remote --exit-code --heads origin "update/$VERSION" ; then
-            echo "There is already a PR for updating to $VERSION"
-            echo done=true >> $GITHUB_OUTPUT
-          else
-            echo "$VERSION update has not started yet"
-            echo done=false >> $GITHUB_OUTPUT
-          fi
-
-      - uses: awalsh128/cache-apt-pkgs-action@2c09a5e66da6c8016428a2172bd76e5e4f14bb17 # latest
-        if: steps.check.outputs.done == 'false'
-        with:
-          packages: quilt
-          version: 1.0
-
-      - run: ./ci/build/update-vscode.sh
-        if: steps.check.outputs.done == 'false'
-
-      - name: Open PR
-        if: steps.check.outputs.done == 'false'
-        run: |
-          git config --global user.name cdrci
-          git config --global user.email opensource@coder.com
-          git checkout -b "update/$VERSION"
-          git add .
-          git commit -m "Update VS Code to $VERSION"
-          git push -u origin "$(git branch --show)"
-          gh pr create \
-            --repo coder/code-server \
-            --title "Update VS Code to $VERSION" \
-            --body-file .cache/checklist \
-            --draft

.gitignore

@@ -1,24 +1,8 @@
-.tsbuildinfo
-.cache
-/out*/
-release/
-release-packages/
-release-gcp/
-release-images/
+/lib
 node_modules
-/plugins
-/lib/coder-cloud-agent
-.home
-coverage
-**/.DS_Store
-*.bak
-
-# Code packages itself here.
-/lib/vscode-reh-web-*
-
-# Failed e2e test videos are saved here
-test/test-results
-
-# Quilt's internal data.
-/.pc
-/patches/*.diff~
+dist
+out
+.DS_Store
+release
+.vscode
+.cache

.gitmodules

@@ -1,3 +0,0 @@
-[submodule "lib/vscode"]
-	path = lib/vscode
-	url = https://github.com/microsoft/vscode

.node-version

@@ -1 +1 @@
-22.22.1
+10.15.1

.nvmrc

@@ -1 +0,0 @@
-.node-version

.prettierignore

@@ -1,8 +0,0 @@
-lib
-release-packages
-release
-helm-chart
-test/scripts
-test/e2e/extensions/test-extension
-.pc
-package-lock.json

.prettierrc.yaml

@@ -1,6 +0,0 @@
-printWidth: 120
-semi: false
-trailingComma: all
-arrowParens: always
-singleQuote: false
-useTabs: false

.tours/contributing.tour

@@ -1,151 +0,0 @@
-{
-  "$schema": "https://aka.ms/codetour-schema",
-  "title": "Contributing",
-  "steps": [
-    {
-      "directory": "src",
-      "line": 1,
-      "description": "Hello world! code-server's source code lives here in `src` (see the explorer). It's broadly arranged into browser code, Node code, and code shared between both."
-    },
-    {
-      "file": "src/node/entry.ts",
-      "line": 157,
-      "description": "code-server begins execution here. CLI arguments are parsed, special flags like --help are handled, then the HTTP server is started."
-    },
-    {
-      "file": "src/node/cli.ts",
-      "line": 28,
-      "description": "This describes all of the code-server CLI options and how they will be parsed."
-    },
-    {
-      "file": "src/node/cli.ts",
-      "line": 233,
-      "description": "Here's the actual CLI parser."
-    },
-    {
-      "file": "src/node/settings.ts",
-      "line": 1,
-      "description": "code-server maintains a settings file that is read and written here."
-    },
-    {
-      "file": "src/node/app.ts",
-      "line": 11,
-      "description": "The core of code-server are HTTP and web socket servers which are created here. They provide authentication, file access, an API, and serve web-based applications like VS Code."
-    },
-    {
-      "file": "src/node/wsRouter.ts",
-      "line": 38,
-      "description": "This is an analog to Express's Router that handles web socket routes."
-    },
-    {
-      "file": "src/node/http.ts",
-      "line": 1,
-      "description": "This file provides various HTTP utility functions."
-    },
-    {
-      "file": "src/node/coder_cloud.ts",
-      "line": 9,
-      "description": "The cloud agent spawned here provides the --link functionality."
-    },
-    {
-      "file": "src/node/heart.ts",
-      "line": 7,
-      "description": "code-server's heart beats to indicate recent activity.\n\nAlso documented here: [https://github.com/coder/code-server/blob/main/docs/FAQ.md#heartbeat-file](https://github.com/coder/code-server/blob/main/docs/FAQ.md#heartbeat-file)"
-    },
-    {
-      "file": "src/node/socket.ts",
-      "line": 13,
-      "description": "We pass sockets to child processes, however we can't pass TLS sockets so when code-server is handling TLS (via --cert) we use this to create a proxy that can be passed to the child."
-    },
-    {
-      "directory": "src/node/routes",
-      "line": 1,
-      "description": "code-server's routes live here in `src/node/routes` (see the explorer)."
-    },
-    {
-      "file": "src/node/routes/index.ts",
-      "line": 123,
-      "description": "The architecture of code-server allows it to be extended with applications via plugins. Each application is registered at its own route and handles requests at and below that route. Currently we have only VS Code (although it is not yet actually split out into a plugin)."
-    },
-    {
-      "file": "src/node/plugin.ts",
-      "line": 103,
-      "description": "The previously mentioned plugins are loaded here."
-    },
-    {
-      "file": "src/node/routes/apps.ts",
-      "line": 12,
-      "description": "This provides a list of the applications registered with code-server."
-    },
-    {
-      "file": "src/node/routes/domainProxy.ts",
-      "line": 18,
-      "description": "code-server provides a built-in proxy to help in developing web-based applications. This is the code for the domain-based proxy.\n\nAlso documented here: [https://github.com/coder/code-server/blob/main/docs/FAQ.md#how-do-i-securely-access-web-services](https://github.com/coder/code-server/blob/main/docs/FAQ.md#how-do-i-securely-access-web-services)"
-    },
-    {
-      "file": "src/node/routes/pathProxy.ts",
-      "line": 19,
-      "description": "Here is the path-based version of the proxy.\n\nAlso documented here: [https://github.com/coder/code-server/blob/main/docs/FAQ.md#how-do-i-securely-access-web-services](https://github.com/coder/code-server/blob/main/docs/FAQ.md#how-do-i-securely-access-web-services)"
-    },
-    {
-      "file": "src/node/proxy.ts",
-      "line": 4,
-      "description": "Both the domain and path proxy use the single proxy instance created here."
-    },
-    {
-      "file": "src/node/routes/health.ts",
-      "line": 5,
-      "description": "A simple endpoint that lets you see if code-server is up.\n\nAlso documented here: [https://github.com/coder/code-server/blob/main/docs/FAQ.md#healthz-endpoint](https://github.com/coder/code-server/blob/main/docs/FAQ.md#healthz-endpoint)"
-    },
-    {
-      "file": "src/node/routes/login.ts",
-      "line": 46,
-      "description": "code-server supports a password-based login here."
-    },
-    {
-      "file": "src/node/routes/static.ts",
-      "line": 16,
-      "description": "This serves static assets. Anything under the code-server directory can be fetched. Anything outside requires authentication."
-    },
-    {
-      "file": "src/node/routes/update.ts",
-      "line": 10,
-      "description": "This endpoint lets you query for the latest code-server version. It's used to power the update popup you see in VS Code."
-    },
-    {
-      "file": "src/node/routes/vscode.ts",
-      "line": 15,
-      "description": "This is the endpoint that serves VS Code's HTML, handles VS Code's websockets, and handles a few VS Code-specific endpoints for fetching static files."
-    },
-    {
-      "file": "src/node/vscode.ts",
-      "line": 13,
-      "description": "The actual VS Code spawn and initialization is handled here. VS Code runs in a separate child process. We communicate via IPC and by passing it web sockets."
-    },
-    {
-      "file": "src/browser/serviceWorker.ts",
-      "line": 1,
-      "description": "The service worker only exists to provide PWA functionality."
-    },
-    {
-      "directory": "src/browser/pages",
-      "line": 1,
-      "description": "HTML, CSS, and JavaScript for each page lives in here `src/browser/pages` (see the explorer). Currently our HTML uses a simple search and replace template system with variables that {{LOOK_LIKE_THIS}}."
-    },
-    {
-      "file": "src/browser/pages/vscode.html",
-      "line": 1,
-      "description": "The VS Code HTML is based off VS Code's own `workbench.html`."
-    },
-    {
-      "directory": "src/browser/media",
-      "line": 1,
-      "description": "Static images and the manifest live here in `src/browser/media` (see the explorer)."
-    },
-    {
-      "directory": "lib/vscode",
-      "line": 1,
-      "description": "code-server makes use of VS Code's frontend web/remote support. Most of the modifications implement the remote server since that portion of the code is closed source and not released with VS Code.\n\nWe also have a few bug fixes and have added some features (like client-side extensions). See [https://github.com/coder/code-server/blob/main/docs/CONTRIBUTING.md#modifications-to-vs-code](https://github.com/coder/code-server/blob/main/docs/CONTRIBUTING.md#modifications-to-vs-code) for a list.\n\nWe make an effort to keep the modifications as few as possible."
-    }
-  ]
-}

.tours/start-development.tour

@@ -1,26 +0,0 @@
-{
-  "$schema": "https://aka.ms/codetour-schema",
-  "title": "Start Development",
-  "steps": [
-    {
-      "file": "package.json",
-      "line": 31,
-      "description": "## Commands\n\nTo start developing, make sure you have Node 16+ and the [required dependencies](https://github.com/Microsoft/vscode/wiki/How-to-Contribute#prerequisites) installed. Then, run the following commands:\n\n1. Install dependencies:\n>> npm\n\n3. Start development mode (and watch for changes):\n>> npm run watch"
-    },
-    {
-      "file": "src/node/app.ts",
-      "line": 68,
-      "description": "## Visit the web server\n\nIf all goes well, you should see something like this in your terminal. code-server should be live in development mode.\n\n---\n```bash\n[2020-12-09T21:03:37.156Z] info  code-server 3.7.4 development\n[2020-12-09T21:03:37.157Z] info  Using user-data-dir ~/.local/share/code-server\n[2020-12-09T21:03:37.165Z] info  Using config file ~/.config/code-server/config.yaml\n[2020-12-09T21:03:37.165Z] info  HTTP server listening on http://127.0.0.1:8080 \n[2020-12-09T21:03:37.165Z] info    - Authentication is enabled\n[2020-12-09T21:03:37.165Z] info      - Using password from ~/.config/code-server/config.yaml\n[2020-12-09T21:03:37.165Z] info    - Not serving HTTPS\n```\n\n---\n\nIf you have the default configuration, you can access it at [http://localhost:8080](http://localhost:8080)."
-    },
-    {
-      "file": "src/browser/pages/login.html",
-      "line": 26,
-      "description": "## Make a change\n\nThis is the login page, let's make a change and see it update on our web server! Perhaps change the text :)\n\n```html\n<div class=\"sub\">Modifying the login page 👨🏼‍💻</div>\n```\n\nReminder, you can likely preview at [http://localhost:8080](http://localhost:8080)"
-    },
-    {
-      "file": "src/node/app.ts",
-      "line": 62,
-      "description": "## That's it!\n\n\nThat's all there is to it! When this tour ends, your terminal session may stop, but just use `npm run watch` to start developing from here on out!\n\n\nIf you haven't already, be sure to check out these resources:\n- [Tour: Contributing](command:codetour.startTourByTitle?[\"Contributing\"])\n- [Docs: FAQ.md](https://github.com/coder/code-server/blob/main/docs/FAQ.md)\n- [Docs: CONTRIBUTING.md](https://github.com/coder/code-server/blob/main/docs/CONTRIBUTING.md)\n- [Community: GitHub Discussions](https://github.com/coder/code-server/discussions)\n- [Community: Slack](https://community.coder.com)"
-    }
-  ]
-}

.travis.yml

@@ -0,0 +1,50 @@
+language: node_js
+node_js:
+- 10.15.1
+services:
+- docker
+matrix:
+  include:
+  - os: linux
+    dist: trusty
+    env:
+      - VSCODE_VERSION="1.33.1" MAJOR_VERSION="1" VERSION="$MAJOR_VERSION.$TRAVIS_BUILD_NUMBER-vsc$VSCODE_VERSION" TARGET="centos"
+  - os: linux
+    dist: trusty
+    env:
+      - VSCODE_VERSION="1.33.1" MAJOR_VERSION="1" VERSION="$MAJOR_VERSION.$TRAVIS_BUILD_NUMBER-vsc$VSCODE_VERSION" TARGET="alpine"
+  - os: osx
+    env:
+      - VSCODE_VERSION="1.33.1" MAJOR_VERSION="1" VERSION="$MAJOR_VERSION.$TRAVIS_BUILD_NUMBER-vsc$VSCODE_VERSION"
+before_install:
+- if [[ "$TRAVIS_OS_NAME" == "linux" ]]; then sudo apt-get install libxkbfile-dev
+  libsecret-1-dev; fi
+- npm install -g yarn@1.12.3
+script:
+- scripts/build.sh
+before_deploy:
+- echo "$VERSION" "$TRAVIS_COMMIT"
+- git config --local user.name "$USER_NAME"
+- git config --local user.email "$USER_EMAIL"
+- git tag "$VERSION" "$TRAVIS_COMMIT"
+deploy:
+  provider: releases
+  file_glob: true
+  draft: true
+  tag_name: "$VERSION"
+  target_commitish: "$TRAVIS_COMMIT"
+  name: "$VERSION"
+  skip_cleanup: true
+  api_key:
+    secure: YL/x24KjYjgYXPcJWk3FV7FGxI79Mh6gBECQEcdlf3fkLEoKFVgzHBoUNWrFPzyR4tgLyWNAgcpD9Lkme1TRWTom7UPjXcwMNyLcLa+uec7ciSAnYD9ntLTpiCuPDD1u0LtRGclSi/EHQ+F8YVq+HZJpXTsJeAmOmihma3GVbGKSZr+BRum+0YZSG4w+o4TOlYzw/4bLWS52MogZcwpjd+hemBbgXLuGU2ziKv2vEKCZFbEeA16II4x1WLI4mutDdCeh7+3aLzGLwDa49NxtsVYNjyNFF75JhCTCNA55e2YMiLz9Uq69IXe/mi5F7xUaFfhIqqLNyKBnKeEOzu3dYnc+8n3LjnQ+00PmkF05nx9kBn3UfV1kwQGh6QbyDmTtBP07rtUMyI14aeQqHjxsaVRdMnwj9Q2DjXRr8UDqESZF0rmK3pHCXS2fBhIzLE8tLVW5Heiba2pQRFMHMZW+KBE97FzcFh7is90Ait3T8enfcd/PWFPYoBejDAdjwxwOkezh5N5ZkYquEfDYuWrFi6zRFCktsruaAcA+xGtTf9oilBBzUqu8Ie+YFWH5me83xakcblJWdaW/D2rLJAJH3m6LFm8lBqyUgDX5t/etob6CpDuYHu5D1J3XINOj/+aLAcadq6qlh70PMZS3zYffUu3JlzaD2amlSHIT8b5YXFc=
+  file:
+    - release/*.tar.gz
+    - release/*.zip
+  on:
+    repo: cdr/code-server
+    branch: master
+cache:
+  yarn: true
+  timeout: 1000
+  directories:
+  - .cache

Dockerfile

@@ -0,0 +1,53 @@
+FROM node:10.15.1
+
+# Install VS Code's deps. These are the only two it seems we need.
+RUN apt-get update && apt-get install -y \
+	libxkbfile-dev \
+	libsecret-1-dev
+
+# Ensure latest yarn.
+RUN npm install -g yarn@1.13
+
+WORKDIR /src
+COPY . .
+
+# In the future, we can use https://github.com/yarnpkg/rfcs/pull/53 to make yarn use the node_modules
+# directly which should be fast as it is slow because it populates its own cache every time.
+RUN yarn && NODE_ENV=production yarn task build:server:binary
+
+# We deploy with ubuntu so that devs have a familiar environment.
+FROM ubuntu:18.04
+
+RUN apt-get update && apt-get install -y \
+	openssl \
+	net-tools \
+	git \
+	locales \
+	sudo \
+	dumb-init \
+	vim \
+	curl \
+	wget
+
+RUN locale-gen en_US.UTF-8
+# We unfortunately cannot use update-locale because docker will not use the env variables
+# configured in /etc/default/locale so we need to set it manually.
+ENV LC_ALL=en_US.UTF-8
+
+RUN adduser --gecos '' --disabled-password coder && \
+	echo "coder ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers.d/nopasswd
+
+USER coder
+# We create first instead of just using WORKDIR as when WORKDIR creates, the user is root.
+RUN mkdir -p /home/coder/project
+
+WORKDIR /home/coder/project
+
+# This assures we have a volume mounted even if the user forgot to do bind mount.
+# So that they do not lose their data if they delete the container.
+VOLUME [ "/home/coder/project" ]
+
+COPY --from=0 /src/packages/server/cli-linux-x64 /usr/local/bin/code-server
+EXPOSE 8443
+
+ENTRYPOINT ["dumb-init", "code-server"]

README.md

@@ -0,0 +1,90 @@
+# code-server
+
+[!["Open Issues"](https://img.shields.io/github/issues-raw/cdr/code-server.svg)](https://github.com/cdr/code-server/issues)
+[!["Latest Release"](https://img.shields.io/github/release/cdr/code-server.svg)](https://github.com/cdr/code-server/releases/latest)
+[![MIT license](https://img.shields.io/badge/license-MIT-green.svg)](https://github.com/cdr/code-server/blob/master/LICENSE)
+[![Discord](https://img.shields.io/discord/463752820026376202.svg?label=&logo=discord&logoColor=ffffff&color=7389D8&labelColor=6A7EC2)](https://discord.gg/zxSwN8Z)
+
+`code-server` is [VS Code](https://github.com/Microsoft/vscode) running on a remote server, accessible through the browser.
+
+Try it out:
+```bash
+docker run -it -p 127.0.0.1:8443:8443 -v "${PWD}:/home/coder/project" codercom/code-server --allow-http --no-auth
+```
+
+- Code on your Chromebook, tablet, and laptop with a consistent dev environment.
+	- If you have a Windows or Mac workstation, more easily develop for Linux.
+- Take advantage of large cloud servers to speed up tests, compilations, downloads, and more.
+- Preserve battery life when you're on the go.
+	- All intensive computation runs on your server.
+	- You're no longer running excess instances of Chrome.
+
+![Screenshot](/doc/assets/ide.png)
+
+## Getting Started
+
+### Run over SSH
+
+Use [sshcode](https://github.com/codercom/sshcode) for a simple setup.
+
+### Docker
+
+See docker oneliner mentioned above. Dockerfile is at [/Dockerfile](/Dockerfile).
+
+### Binaries
+
+1.  [Download a binary](https://github.com/cdr/code-server/releases) (Linux and OS X supported. Windows coming soon)
+2.  Start the binary with the project directory as the first argument
+
+    ```
+    code-server <initial directory to open>
+    ```
+	> You will be prompted to enter the password shown in the CLI
+	`code-server` should now be running at https://localhost:8443.
+
+	> code-server uses a self-signed SSL certificate that may prompt your browser to ask you some additional questions before you proceed. Please [read here](doc/self-hosted/index.md) for more information.
+
+For detailed instructions and troubleshooting, see the [self-hosted quick start guide](doc/self-hosted/index.md).
+
+Quickstart guides for [Google Cloud](doc/admin/install/google_cloud.md), [AWS](doc/admin/install/aws.md), and [DigitalOcean](doc/admin/install/digitalocean.md).
+
+How to [secure your setup](/doc/security/ssl.md).
+
+## Development
+
+### Known Issues
+
+- Creating custom VS Code extensions and debugging them doesn't work.
+
+### Future
+- **Stay up to date!** Get notified about new releases of code-server.
+  ![Screenshot](/doc/assets/release.gif)
+- Windows support.
+- Electron and Chrome OS applications to bridge the gap between local<->remote.
+- Run VS Code unit tests against our builds to ensure features work as expected.
+
+### Extensions
+
+At the moment we can't use the official VSCode Marketplace. We've created a custom extension marketplace focused around open-sourced extensions. However, if you have access to the `.vsix` file, you can manually install the extension.
+
+## Telemetry
+
+Use the `--disable-telemetry` flag or set `DISABLE_TELEMETRY=true` to disable tracking ENTIRELY.
+
+We use data collected to improve code-server.
+
+## Contributing
+
+Development guides are coming soon.
+
+## License
+
+[MIT](LICENSE)
+
+## Enterprise
+
+Visit [our enterprise page](https://coder.com/enterprise) for more information about our enterprise offering.
+
+## Commercialization
+
+If you would like to commercialize code-server, please contact contact@coder.com.

ThirdPartyNotices.txt

@@ -1,22 +0,0 @@
-code-server
-
-THIRD-PARTY SOFTWARE NOTICES AND INFORMATION
-Do Not Translate or Localize
-
-1.	Microsoft/vscode version 1.47.0 (https://github.com/Microsoft/vscode)
-
-%% Microsoft/vscode NOTICES AND INFORMATION BEGIN HERE
-=========================================
-MIT License 
-
-
-Copyright (c) 2015 - present Microsoft Corporation 
-
-
-Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: 
-
-
-The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. 
-
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.  

build/platform.ts

@@ -0,0 +1,42 @@
+/**
+ * Script that detects platform name and arch.
+ * Cannot use os.platform() as that won't detect libc version
+ */
+import * as cp from "child_process";
+import * as fs from "fs";
+import * as os from "os";
+
+enum Lib {
+	GLIBC,
+	MUSL,
+}
+
+const CLIB: Lib | undefined = ((): Lib | undefined => {
+	if (os.platform() !== "linux") {
+		return;
+	}
+	const glibc = cp.spawnSync("getconf", ["GNU_LIBC_VERSION"]);
+	if (glibc.status === 0) {
+		return Lib.GLIBC;
+	}
+
+	const ldd = cp.spawnSync("ldd", ["--version"]);
+	if (ldd.stdout && ldd.stdout.indexOf("musl") !== -1) {
+		return Lib.MUSL;
+	}
+
+	const muslFile = fs.readdirSync("/lib").find((value) => value.startsWith("libc.musl"));
+	if (muslFile) {
+		return Lib.MUSL;
+	}
+
+	return Lib.GLIBC;
+})();
+
+export const platform = (): NodeJS.Platform | "musl" => {
+	if (CLIB === Lib.MUSL) {
+		return "musl";
+	}
+
+	return os.platform();
+};

build/tasks.ts

@@ -0,0 +1,211 @@
+import { register, run } from "@coder/runner";
+import { logger, field } from "@coder/logger";
+import * as fs from "fs";
+import * as fse from "fs-extra";
+import * as os from "os";
+import { platform } from "./platform";
+import * as path from "path";
+import * as zlib from "zlib";
+import * as https from "https";
+import * as tar from "tar";
+
+const isWin = os.platform() === "win32";
+const libPath = path.join(__dirname, "../lib");
+const vscodePath = path.join(libPath, "vscode");
+const defaultExtensionsPath = path.join(libPath, "extensions");
+const pkgsPath = path.join(__dirname, "../packages");
+const vscodeVersion = process.env.VSCODE_VERSION || "1.33.1";
+const vsSourceUrl = `https://codesrv-ci.cdr.sh/vstar-${vscodeVersion}.tar.gz`;
+
+const buildServerBinary = register("build:server:binary", async (runner) => {
+	logger.info("Building with environment", field("env", {
+		NODE_ENV: process.env.NODE_ENV,
+		VERSION: process.env.VERSION,
+		OSTYPE: process.env.OSTYPE,
+		TARGET: process.env.TARGET,
+	}));
+
+	await ensureInstalled();
+	await Promise.all([
+		buildBootstrapFork(),
+		buildWeb(),
+		buildServerBundle(),
+		buildAppBrowser(),
+	]);
+
+	await buildServerBinaryPackage();
+});
+
+const buildServerBinaryPackage = register("build:server:binary:package", async (runner) => {
+	const cliPath = path.join(pkgsPath, "server");
+	runner.cwd = cliPath;
+	if (!fs.existsSync(path.join(cliPath, "out"))) {
+		throw new Error("Cannot build binary without server bundle built");
+	}
+	await buildServerBinaryCopy();
+	const resp = await runner.execute(isWin ? "npm.cmd" : "npm", ["run", "build:binary"]);
+	if (resp.exitCode !== 0) {
+		throw new Error(`Failed to package binary: ${resp.stderr}`);
+	}
+});
+
+const buildServerBinaryCopy = register("build:server:binary:copy", async (runner) => {
+	const cliPath = path.join(pkgsPath, "server");
+	const cliBuildPath = path.join(cliPath, "build");
+	fse.removeSync(cliBuildPath);
+	fse.mkdirpSync(path.join(cliBuildPath, "extensions"));
+	const bootstrapForkPath = path.join(pkgsPath, "vscode", "out", "bootstrap-fork.js");
+	const webOutputPath = path.join(pkgsPath, "web", "out");
+	const browserAppOutputPath = path.join(pkgsPath, "app", "browser", "out");
+	let ripgrepPath = path.join(pkgsPath, "..", "lib", "vscode", "node_modules", "vscode-ripgrep", "bin", "rg");
+	if (isWin) {
+		ripgrepPath += ".exe";
+	}
+
+	if (!fs.existsSync(webOutputPath)) {
+		throw new Error("Web bundle must be built");
+	}
+	if (!fs.existsSync(defaultExtensionsPath)) {
+		throw new Error("Default extensions must be built");
+	}
+	if (!fs.existsSync(bootstrapForkPath)) {
+		throw new Error("Bootstrap fork must exist");
+	}
+	if (!fs.existsSync(ripgrepPath)) {
+		throw new Error("Ripgrep must exist");
+	}
+	fse.copySync(defaultExtensionsPath, path.join(cliBuildPath, "extensions"));
+	fs.writeFileSync(path.join(cliBuildPath, "bootstrap-fork.js.gz"), zlib.gzipSync(fs.readFileSync(bootstrapForkPath)));
+	const cpDir = (dir: string, rootPath: string, subdir?: "login"): void => {
+		const stat = fs.statSync(dir);
+		if (stat.isDirectory()) {
+			const paths = fs.readdirSync(dir);
+			paths.forEach((p) => cpDir(path.join(dir, p), rootPath, subdir));
+		} else if (stat.isFile()) {
+			const newPath = path.join(cliBuildPath, "web", subdir || "", path.relative(rootPath, dir));
+			fse.mkdirpSync(path.dirname(newPath));
+			fs.writeFileSync(newPath + ".gz", zlib.gzipSync(fs.readFileSync(dir)));
+		} else {
+			// Nothing
+		}
+	};
+	cpDir(webOutputPath, webOutputPath);
+	cpDir(browserAppOutputPath, browserAppOutputPath, "login");
+	fse.mkdirpSync(path.join(cliBuildPath, "dependencies"));
+	fse.copySync(ripgrepPath, path.join(cliBuildPath, "dependencies", "rg"));
+});
+
+const buildServerBundle = register("build:server:bundle", async (runner) => {
+	const cliPath = path.join(pkgsPath, "server");
+	runner.cwd = cliPath;
+	await runner.execute(isWin ? "npm.cmd" : "npm", ["run", "build"]);
+});
+
+const buildBootstrapFork = register("build:bootstrap-fork", async (runner) => {
+	await ensureInstalled();
+	await ensurePatched();
+
+	const vscodePkgPath = path.join(pkgsPath, "vscode");
+	runner.cwd = vscodePkgPath;
+	await runner.execute(isWin ? "npm.cmd" : "npm", ["run", "build:bootstrap-fork"]);
+});
+
+const buildAppBrowser = register("build:app:browser", async (runner) => {
+	await ensureInstalled();
+
+	const appPath = path.join(pkgsPath, "app/browser");
+	runner.cwd = appPath;
+	fse.removeSync(path.join(appPath, "out"));
+	await runner.execute(isWin ? "npm.cmd" : "npm", ["run", "build"]);
+});
+
+const buildWeb = register("build:web", async (runner) => {
+	await ensureInstalled();
+	await ensurePatched();
+
+	const webPath = path.join(pkgsPath, "web");
+	runner.cwd = webPath;
+	fse.removeSync(path.join(webPath, "out"));
+	await runner.execute(isWin ? "npm.cmd" : "npm", ["run", "build"]);
+});
+
+const ensureInstalled = register("vscode:install", async (runner) => {
+	runner.cwd = libPath;
+
+	if (fs.existsSync(vscodePath) && fs.existsSync(defaultExtensionsPath)) {
+		const pkgVersion = JSON.parse(fs.readFileSync(path.join(vscodePath, "package.json")).toString("utf8")).version;
+		if (pkgVersion === vscodeVersion) {
+			runner.cwd = vscodePath;
+
+			const reset = await runner.execute("git", ["reset", "--hard"]);
+			if (reset.exitCode !== 0) {
+				throw new Error(`Failed to clean git repository: ${reset.stderr}`);
+			}
+
+			return;
+		}
+	}
+
+	fse.removeSync(libPath);
+	fse.mkdirpSync(libPath);
+
+	await new Promise<void>((resolve, reject): void => {
+		https.get(vsSourceUrl, (res) => {
+			if (res.statusCode !== 200) {
+				return reject(res.statusMessage);
+			}
+
+			res.pipe(tar.x({
+				C: libPath,
+			}).on("finish", () => {
+				resolve();
+			}).on("error", (err: Error) => {
+				reject(err);
+			}));
+		}).on("error", (err) => {
+			reject(err);
+		});
+	});
+});
+
+const ensurePatched = register("vscode:patch", async (runner) => {
+	if (!fs.existsSync(vscodePath)) {
+		throw new Error("vscode must be cloned to patch");
+	}
+	await ensureInstalled();
+
+	runner.cwd = vscodePath;
+	const patchPath = path.join(__dirname, "../scripts/vscode.patch");
+	const apply = await runner.execute("git", ["apply", "--unidiff-zero", patchPath]);
+	if (apply.exitCode !== 0) {
+		throw new Error(`Failed to apply patches: ${apply.stderr}`);
+	}
+});
+
+register("package", async (runner, releaseTag) => {
+	if (!releaseTag) {
+		throw new Error("Please specify the release tag.");
+	}
+
+	const releasePath = path.resolve(__dirname, "../release");
+
+	const archiveName = `code-server${releaseTag}-${platform()}-${os.arch()}`;
+	const archiveDir = path.join(releasePath, archiveName);
+	fse.removeSync(archiveDir);
+	fse.mkdirpSync(archiveDir);
+
+	const binaryPath = path.join(__dirname, `../packages/server/cli-${platform()}-${os.arch()}`);
+	const binaryDestination = path.join(archiveDir, "code-server");
+	fse.copySync(binaryPath, binaryDestination);
+	fs.chmodSync(binaryDestination, "755");
+	["README.md", "LICENSE"].forEach((fileName) => {
+		fse.copySync(path.resolve(__dirname, `../${fileName}`), path.join(archiveDir, fileName));
+	});
+
+	runner.cwd = releasePath;
+	await (os.platform() === "linux"
+		? runner.execute("tar", ["-cvzf", `${archiveName}.tar.gz`, `${archiveName}`])
+		: runner.execute("zip", ["-r", `${archiveName}.zip`, `${archiveName}`]));
+});
+
+run();

ci/Caddyfile

@@ -1,15 +0,0 @@
-{
-	admin    localhost:4444
-}
-:8000 {
-	@portLocalhost path_regexp port ^/([0-9]+)\/ide
-        handle @portLocalhost {
-		uri strip_prefix {re.port.1}/ide
-                reverse_proxy localhost:{re.port.1}
-        }
-
-	handle {
-                respond "Bad hostname" 400
-        }
-
-}

ci/build/build-code-server.sh

@@ -1,19 +0,0 @@
-#!/usr/bin/env bash
-set -euo pipefail
-
-# Builds code-server into out and the frontend into dist.
-
-main() {
-  cd "$(dirname "${0}")/../.."
-
-  tsc
-
-  # If out/node/entry.js does not already have the shebang,
-  # we make sure to add it and make it executable.
-  if ! grep -q -m1 "^#!/usr/bin/env node" out/node/entry.js; then
-    sed -i.bak "1s;^;#!/usr/bin/env node\n;" out/node/entry.js && rm out/node/entry.js.bak
-    chmod +x out/node/entry.js
-  fi
-}
-
-main "$@"

ci/build/build-lib.sh

@@ -1,28 +0,0 @@
-#!/usr/bin/env bash
-
-# This is a library which contains functions used inside ci/build
-#
-# We separated it into it's own file so that we could easily unit test
-# these functions and helpers.
-
-# On some CPU architectures (notably node/uname "armv7l", default on Raspberry Pis),
-# different package managers have different labels for the same CPU (deb=armhf, rpm=armhfp).
-# This function returns the overriden arch on platforms
-# with alternate labels, or the same arch otherwise.
-get_nfpm_arch() {
-  local PKG_FORMAT="${1:-}"
-  local ARCH="${2:-}"
-
-  case "$ARCH" in
-    armv7l)
-      if [ "$PKG_FORMAT" = "deb" ]; then
-        echo armhf
-      elif [ "$PKG_FORMAT" = "rpm" ]; then
-        echo armhfp
-      fi
-      ;;
-    *)
-      echo "$ARCH"
-      ;;
-  esac
-}

ci/build/build-packages.sh

@@ -1,65 +0,0 @@
-#!/usr/bin/env bash
-set -euo pipefail
-
-# Given a release found in $RELEASE_PATH, generate a deb, rpm, and tarball each
-# named after $ARCH (derived from uname -m but can be overridden for
-# cross-compilation) and $OS (derived from uname and cannot be overridden) and
-# place them in ./release-packages and ./release-gcp.
-
-main() {
-  cd "$(dirname "${0}")/../.."
-  source ./ci/lib.sh
-  source ./ci/build/build-lib.sh
-
-  VERSION=$(jq -r .version "$RELEASE_PATH/package.json")
-  export VERSION # for nfpm to use
-
-  mkdir -p release-packages
-
-  release_archive
-
-  if [[ $OS == "linux" ]]; then
-    release_nfpm
-  fi
-}
-
-release_archive() {
-  local release_name="code-server-$VERSION-$OS-$ARCH"
-  if [[ $OS == "linux" ]]; then
-    tar -czf "release-packages/$release_name.tar.gz" --owner=0 --group=0 --transform "s/^$RELEASE_PATH/$release_name/" "$RELEASE_PATH"
-  else
-    tar -czf "release-packages/$release_name.tar.gz" -s "/^$RELEASE_PATH/$release_name/" "$RELEASE_PATH"
-  fi
-
-  echo "done (release-packages/$release_name)"
-
-  release_gcp
-}
-
-release_gcp() {
-  mkdir -p "release-gcp/$VERSION"
-  cp "release-packages/$release_name.tar.gz" "./release-gcp/$VERSION/$OS-$ARCH.tar.gz"
-  mkdir -p "release-gcp/latest"
-  cp "./release-packages/$release_name.tar.gz" "./release-gcp/latest/$OS-$ARCH.tar.gz"
-}
-
-# Generates deb and rpm packages.
-release_nfpm() {
-  local nfpm_config
-
-  export NFPM_ARCH
-
-  NFPM_ARCH="$(get_nfpm_arch deb "$ARCH")"
-  nfpm_config="$(envsubst < ./ci/build/nfpm.yaml)"
-  echo "Building deb"
-  echo "$nfpm_config" | head --lines=4
-  nfpm pkg -f <(echo "$nfpm_config") --target "release-packages/code-server_${VERSION}_${NFPM_ARCH}.deb"
-
-  NFPM_ARCH="$(get_nfpm_arch rpm "$ARCH")"
-  nfpm_config="$(envsubst < ./ci/build/nfpm.yaml)"
-  echo "Building rpm"
-  echo "$nfpm_config" | head --lines=4
-  nfpm pkg -f <(echo "$nfpm_config") --target "release-packages/code-server-$VERSION-$NFPM_ARCH.rpm"
-}
-
-main "$@"

ci/build/build-release.sh

@@ -1,175 +0,0 @@
-#!/usr/bin/env bash
-set -euo pipefail
-
-# Once both code-server and VS Code have been built, use this script to copy
-# them into a single directory (./release), prepare the package.json and
-# product.json, and add shrinkwraps.  This results in a generic NPM package that
-# we can publish to NPM.
-
-# MINIFY controls whether minified VS Code is bundled. It must match the value
-# used when VS Code was built.
-MINIFY="${MINIFY-true}"
-
-# node_modules are not copied by default.  Set KEEP_MODULES=1 to copy them.
-# Note these modules will be for the platform that built them, making the result
-# no longer generic (it can still be published though as the modules will be
-# ignored when pushing).
-KEEP_MODULES="${KEEP_MODULES-0}"
-
-main() {
-  cd "$(dirname "${0}")/../.."
-
-  source ./ci/lib.sh
-
-  VSCODE_SRC_PATH="lib/vscode"
-  VSCODE_OUT_PATH="$RELEASE_PATH/lib/vscode"
-
-  create_shrinkwraps
-
-  mkdir -p "$RELEASE_PATH"
-
-  bundle_code_server
-  bundle_vscode
-
-  rsync ./docs/README.md "$RELEASE_PATH"
-  rsync LICENSE "$RELEASE_PATH"
-  rsync ./lib/vscode/ThirdPartyNotices.txt "$RELEASE_PATH"
-
-  if [ "$KEEP_MODULES" = 1 ]; then
-    # Copy the code-server launcher.
-    mkdir -p "$RELEASE_PATH/bin"
-    rsync ./ci/build/code-server.sh "$RELEASE_PATH/bin/code-server"
-    chmod 755 "$RELEASE_PATH/bin/code-server"
-
-    # Delete the extra bin scripts.
-    rm "$RELEASE_PATH/lib/vscode/bin/remote-cli/code-darwin.sh"
-    rm "$RELEASE_PATH/lib/vscode/bin/remote-cli/code-linux.sh"
-    rm "$RELEASE_PATH/lib/vscode/bin/helpers/browser-darwin.sh"
-    rm "$RELEASE_PATH/lib/vscode/bin/helpers/browser-linux.sh"
-    if [ "$OS" != windows ] ; then
-      rm "$RELEASE_PATH/lib/vscode/bin/remote-cli/code.cmd"
-      rm "$RELEASE_PATH/lib/vscode/bin/helpers/browser.cmd"
-    fi
-  fi
-}
-
-bundle_code_server() {
-  rsync out "$RELEASE_PATH"
-
-  # For source maps and images.
-  mkdir -p "$RELEASE_PATH/src/browser"
-  rsync src/browser/media/ "$RELEASE_PATH/src/browser/media"
-  mkdir -p "$RELEASE_PATH/src/browser/pages"
-  rsync src/browser/pages/*.html "$RELEASE_PATH/src/browser/pages"
-  rsync src/browser/pages/*.css "$RELEASE_PATH/src/browser/pages"
-  rsync src/browser/robots.txt "$RELEASE_PATH/src/browser"
-
-  # Adds the commit to package.json
-  jq --slurp '(.[0] | del(.scripts,.jest,.devDependencies)) * .[1]' package.json <(
-    cat << EOF
-  {
-    "version": "$(jq -r .codeServerVersion "./lib/vscode-reh-web-$VSCODE_TARGET/product.json")",
-    "commit": "$(git rev-parse HEAD)",
-    "scripts": {
-      "postinstall": "sh ./postinstall.sh"
-    }
-  }
-EOF
-  ) > "$RELEASE_PATH/package.json"
-  mv npm-shrinkwrap.json "$RELEASE_PATH"
-
-  if [ "$KEEP_MODULES" = 1 ]; then
-    local rsync_opts=(-a)
-    if [[ ${DEBUG-} = 1 ]]; then
-      rsync_opts+=(-vh)
-    fi
-    # If we build from source, exclude the prebuilds.
-    if [[ ${npm_config_build_from_source-} = true ]]; then
-      rsync_opts+=(--exclude /argon2/prebuilds)
-    fi
-    rsync "${rsync_opts[@]}" node_modules/ "$RELEASE_PATH/node_modules"
-    # Remove dev dependencies.
-    pushd "$RELEASE_PATH"
-    npm prune --production
-    popd
-  fi
-
-  rsync ci/build/npm-postinstall.sh "$RELEASE_PATH/postinstall.sh"
-}
-
-bundle_vscode() {
-  mkdir -p "$VSCODE_OUT_PATH"
-
-  local rsync_opts=(-a)
-  if [[ ${DEBUG-} = 1 ]]; then
-    rsync_opts+=(-vh)
-  fi
-
-  # Some extensions have a .gitignore which excludes their built source from the
-  # npm package so exclude any .gitignore files.
-  rsync_opts+=(--exclude .gitignore)
-
-  # Exclude Node since we want to place it in a directory above.
-  rsync_opts+=(--exclude /node)
-
-  # Exclude Node modules.  Note that these will already only include production
-  # dependencies, so if we do keep them there is no need to do any
-  # post-processing to remove dev dependencies.
-  if [[ $KEEP_MODULES = 0 ]]; then
-    rsync_opts+=(--exclude node_modules)
-  fi
-
-  rsync "${rsync_opts[@]}" "./lib/vscode-reh-web-$VSCODE_TARGET/" "$VSCODE_OUT_PATH"
-
-  # Copy the Node binary.
-  if [[ $KEEP_MODULES = 1 ]]; then
-    cp "./lib/vscode-reh-web-$VSCODE_TARGET/node" "$RELEASE_PATH/lib"
-  fi
-
-  # Merge the package.json for the web/remote server so we can include
-  # dependencies, since we want to ship this via NPM.
-  jq --slurp '.[0] * .[1]' \
-    "$VSCODE_SRC_PATH/remote/package.json" \
-    "$VSCODE_OUT_PATH/package.json" > "$VSCODE_OUT_PATH/package.json.merged"
-  mv "$VSCODE_OUT_PATH/package.json.merged" "$VSCODE_OUT_PATH/package.json"
-  cp "$VSCODE_SRC_PATH/remote/npm-shrinkwrap.json" "$VSCODE_OUT_PATH/npm-shrinkwrap.json"
-
-  # Include global extension dependencies as well.
-  rsync "$VSCODE_SRC_PATH/extensions/package.json" "$VSCODE_OUT_PATH/extensions/package.json"
-  cp "$VSCODE_SRC_PATH/extensions/npm-shrinkwrap.json" "$VSCODE_OUT_PATH/extensions/npm-shrinkwrap.json"
-  rsync "$VSCODE_SRC_PATH/extensions/postinstall.mjs" "$VSCODE_OUT_PATH/extensions/postinstall.mjs"
-}
-
-create_shrinkwraps() {
-  # package-lock.json files (used to ensure deterministic versions of
-  # dependencies) are not packaged when publishing to the NPM registry.
-  #
-  # To ensure deterministic dependency versions (even when code-server is
-  # installed with NPM), we create an npm-shrinkwrap.json file from the
-  # currently installed node_modules. This ensures the versions used from
-  # development (that the package-lock.json guarantees) are also the ones
-  # installed by end-users.  These will include devDependencies, but those will
-  # be ignored when installing globally (for code-server), and because we use
-  # --omit=dev (for VS Code).
-
-  # We first generate the shrinkwrap file for code-server itself - which is the
-  # current directory.
-  cp package-lock.json package-lock.json.temp
-  npm shrinkwrap
-  mv package-lock.json.temp package-lock.json
-
-  # Then the shrinkwrap files for the bundled VS Code.
-  pushd "$VSCODE_SRC_PATH/remote/"
-  cp package-lock.json package-lock.json.temp
-  npm shrinkwrap
-  mv package-lock.json.temp package-lock.json
-  popd
-
-  pushd "$VSCODE_SRC_PATH/extensions/"
-  cp package-lock.json package-lock.json.temp
-  npm shrinkwrap
-  mv package-lock.json.temp package-lock.json
-  popd
-}
-
-main "$@"

ci/build/build-vscode.sh

@@ -1,159 +0,0 @@
-#!/usr/bin/env bash
-set -euo pipefail
-
-# Builds vscode into lib/vscode/out-vscode.
-
-# MINIFY controls whether a minified version of vscode is built.
-MINIFY=${MINIFY-true}
-
-fix-bin-script() {
-  local script="lib/vscode-reh-web-$VSCODE_TARGET/bin/$1"
-  sed -i.bak "s/@@VERSION@@/$(vscode_version)/g" "$script"
-  sed -i.bak "s/@@COMMIT@@/$BUILD_SOURCEVERSION/g" "$script"
-  sed -i.bak "s/@@APPNAME@@/code-server/g" "$script"
-
-  # Fix Node path on Darwin and Linux.
-  # We do not want expansion here; this text should make it to the file as-is.
-  # shellcheck disable=SC2016
-  sed -i.bak 's/^ROOT=\(.*\)$/VSROOT=\1\nROOT="$(dirname "$(dirname "$VSROOT")")"/g' "$script"
-  sed -i.bak 's/ROOT\/out/VSROOT\/out/g' "$script"
-  # We do not want expansion here; this text should make it to the file as-is.
-  # shellcheck disable=SC2016
-  sed -i.bak 's/$ROOT\/node/${NODE_EXEC_PATH:-$ROOT\/lib\/node}/g' "$script"
-
-  # Fix Node path on Windows.
-  sed -i.bak 's/^set ROOT_DIR=\(.*\)$/set ROOT_DIR=%~dp0..\\..\\..\\..\r\nset VSROOT_DIR=\1/g' "$script"
-  sed -i.bak 's/%ROOT_DIR%\\out/%VSROOT_DIR%\\out/g' "$script"
-
-  chmod +x "$script"
-  rm "$script.bak"
-}
-
-copy-bin-script() {
-  cp "lib/vscode/resources/server/bin/$1" "lib/vscode-reh-web-$VSCODE_TARGET/bin/$1"
-  fix-bin-script "$1"
-}
-
-main() {
-  cd "$(dirname "${0}")/../.."
-
-  source ./ci/lib.sh
-
-  # Set the commit Code will embed into the product.json.  We need to do this
-  # since Code tries to get the commit from the `.git` directory which will fail
-  # as it is a submodule.
-  #
-  # Also, we use code-server's commit rather than VS Code's otherwise it would
-  # not update when only our patch files change, and that will cause caching
-  # issues where the browser keeps using outdated code.
-  export BUILD_SOURCEVERSION
-  BUILD_SOURCEVERSION=$(git rev-parse HEAD)
-
-  pushd lib/vscode
-
-  if [[ ! ${VERSION-} ]]; then
-    echo "VERSION not set. Please set before running this script:"
-    echo "VERSION='0.0.0' npm run build:vscode"
-    exit 1
-  fi
-
-  # Add the date, our name, links, enable telemetry (this just makes telemetry
-  # available; telemetry can still be disabled by flag or setting), and
-  # configure trusted extensions (since some, like github.copilot-chat, never
-  # ask to be trusted and this is the only way to get auth working).
-  #
-  # This needs to be done before building as Code will read this file and embed
-  # it into the client-side code.
-  git checkout product.json             # Reset in case the script exited early.
-  cp product.json product.original.json # Since jq has no inline edit.
-  jq --slurp '.[0] * .[1]' product.original.json <(
-    cat << EOF
-  {
-    "enableTelemetry": true,
-    "quality": "stable",
-    "codeServerVersion": "$VERSION",
-    "nameShort": "code-server",
-    "nameLong": "code-server",
-    "applicationName": "code-server",
-    "dataFolderName": ".code-server",
-    "win32MutexName": "codeserver",
-    "licenseUrl": "https://github.com/coder/code-server/blob/main/LICENSE",
-    "win32DirName": "code-server",
-    "win32NameVersion": "code-server",
-    "win32AppUserModelId": "coder.code-server",
-    "win32ShellNameShort": "c&ode-server",
-    "darwinBundleIdentifier": "com.coder.code.server",
-    "linuxIconName": "com.coder.code.server",
-    "reportIssueUrl": "https://github.com/coder/code-server/issues/new",
-    "documentationUrl": "https://go.microsoft.com/fwlink/?LinkID=533484#vscode",
-    "keyboardShortcutsUrlMac": "https://go.microsoft.com/fwlink/?linkid=832143",
-    "keyboardShortcutsUrlLinux": "https://go.microsoft.com/fwlink/?linkid=832144",
-    "keyboardShortcutsUrlWin": "https://go.microsoft.com/fwlink/?linkid=832145",
-    "introductoryVideosUrl": "https://go.microsoft.com/fwlink/?linkid=832146",
-    "tipsAndTricksUrl": "https://go.microsoft.com/fwlink/?linkid=852118",
-    "newsletterSignupUrl": "https://www.research.net/r/vsc-newsletter",
-    "linkProtectionTrustedDomains": [
-      "https://open-vsx.org"
-    ],
-    "trustedExtensionAuthAccess": [
-      "vscode.git", "vscode.github",
-      "github.vscode-pull-request-github",
-      "github.copilot", "github.copilot-chat"
-    ],
-    "aiConfig": {
-      "ariaKey": "code-server"
-    }
-  }
-EOF
-  ) > product.json
-
-
-  VSCODE_QUALITY=stable npm run gulp compile-copilot-extension-full-build
-
-  npm run gulp core-ci
-  npm run gulp "vscode-reh-web-$VSCODE_TARGET${MINIFY:+-min}-ci"
-
-  # Reset so if you develop after building you will not be stuck with the wrong
-  # commit (the dev client will use `oss-dev` but the dev server will still use
-  # product.json which will have `stable-$commit`).
-  git checkout product.json
-
-  popd
-
-  pushd "lib/vscode-reh-web-$VSCODE_TARGET"
-  # Make sure Code took the version we set in the environment variable.  Not
-  # having a version will break display languages.
-  if ! jq -e .commit product.json; then
-    echo "'commit' is missing from product.json"
-    exit 1
-  fi
-  popd
-
-  # Set vars and fix paths.
-  case $OS in
-    windows)
-      fix-bin-script remote-cli/code.cmd
-      fix-bin-script helpers/browser.cmd
-      ;;
-    *)
-      fix-bin-script remote-cli/code-server
-      fix-bin-script helpers/browser.sh
-      ;;
-  esac
-
-  # Include bin scripts for other platforms so we can use the right one in the
-  # NPM post-install.
-
-  # These provide a `code-server` command in the integrated terminal to open
-  # files in the current instance.
-  copy-bin-script remote-cli/code-darwin.sh
-  copy-bin-script remote-cli/code-linux.sh
-  copy-bin-script remote-cli/code.cmd
-
-  # These provide a way for terminal applications to open browser windows.
-  copy-bin-script helpers/browser-darwin.sh
-  copy-bin-script helpers/browser-linux.sh
-  copy-bin-script helpers/browser.cmd
-}
-
-main "$@"

ci/build/clean.sh

@@ -1,11 +0,0 @@
-#!/usr/bin/env bash
-set -euo pipefail
-
-main() {
-  cd "$(dirname "${0}")/../.."
-  source ./ci/lib.sh
-
-  git clean -Xffd
-}
-
-main "$@"

ci/build/code-server-nfpm.sh

@@ -1,3 +0,0 @@
-#!/usr/bin/env sh
-
-exec /usr/lib/code-server/bin/code-server "$@"

ci/build/code-server-user.service

@@ -1,11 +0,0 @@
-[Unit]
-Description=code-server
-After=network.target
-
-[Service]
-Type=exec
-ExecStart=/usr/bin/code-server
-Restart=always
-
-[Install]
-WantedBy=default.target

ci/build/code-server.sh

@@ -1,28 +0,0 @@
-#!/bin/sh
-set -eu
-
-# This script is intended to be bundled into the standalone releases.
-# Runs code-server with the bundled node binary.
-
-_realpath() {
-  # See https://github.com/coder/code-server/issues/1537 on why no realpath or readlink -f.
-
-  script="$1"
-  cd "$(dirname "$script")"
-
-  while [ -L "$(basename "$script")" ]; do
-    script="$(readlink "$(basename "$script")")"
-    cd "$(dirname "$script")"
-  done
-
-  echo "$PWD/$(basename "$script")"
-}
-
-root() {
-  script="$(_realpath "$0")"
-  bin_dir="$(dirname "$script")"
-  dirname "$bin_dir"
-}
-
-ROOT="$(root)"
-exec "$ROOT/lib/node" "$ROOT" "$@"

ci/build/code-server@.service

@@ -1,12 +0,0 @@
-[Unit]
-Description=code-server
-After=network.target
-
-[Service]
-Type=exec
-ExecStart=/usr/bin/code-server
-Restart=always
-User=%i
-
-[Install]
-WantedBy=default.target

ci/build/nfpm.yaml

@@ -1,25 +0,0 @@
-name: "code-server"
-arch: "${NFPM_ARCH}"
-platform: "linux"
-version: "v${VERSION}"
-section: "devel"
-priority: "optional"
-maintainer: "Joe Previte <joe@coder.com>"
-description: |
-  Run VS Code in the browser.
-vendor: "Coder"
-homepage: "https://github.com/coder/code-server"
-license: "MIT"
-
-contents:
-  - src: ./ci/build/code-server-nfpm.sh
-    dst: /usr/bin/code-server
-
-  - src: ./ci/build/code-server@.service
-    dst: /usr/lib/systemd/system/code-server@.service
-
-  - src: ./ci/build/code-server-user.service
-    dst: /usr/lib/systemd/user/code-server.service
-
-  - src: ./release/*
-    dst: /usr/lib/code-server

ci/build/npm-postinstall.sh

@@ -1,148 +0,0 @@
-#!/usr/bin/env sh
-set -eu
-
-# Copied from ../lib.sh except we do not rename Darwin and we do not need to
-# detect Alpine.
-os() {
-  osname=$(uname | tr '[:upper:]' '[:lower:]')
-  case $osname in
-    cygwin* | mingw*) osname="windows" ;;
-  esac
-  echo "$osname"
-}
-
-# Create a symlink at $2 pointing to $1 on any platform.  Anything that
-# currently exists at $2 will be deleted.
-symlink() {
-  source="$1"
-  dest="$2"
-  rm -rf "$dest"
-  case $OS in
-    windows) mklink /J "$dest" "$source" ;;
-    *) ln -s "$source" "$dest" ;;
-  esac
-}
-
-# Make a symlink at bin/$1/$3 pointing to the platform-specific version of the
-# script in $2.  The extension of the link will be .cmd for Windows otherwise it
-# will be whatever is in $4 (or no extension if $4 is not set).
-symlink_bin_script() {
-  oldpwd="$(pwd)"
-  cd "bin/$1"
-  source="$2"
-  dest="$3"
-  ext="${4-}"
-  case $OS in
-    windows) symlink "$source.cmd" "$dest.cmd" ;;
-    darwin | macos) symlink "$source-darwin.sh" "$dest$ext" ;;
-    *) symlink "$source-linux.sh" "$dest$ext" ;;
-  esac
-  cd "$oldpwd"
-}
-
-command_exists() {
-  if [ ! "$1" ]; then return 1; fi
-  command -v "$@" > /dev/null
-}
-
-is_root() {
-  if command_exists id && [ "$(id -u)" = 0 ]; then
-    return 0
-  fi
-  return 1
-}
-
-OS="$(os)"
-
-main() {
-  # Grabs the major version of node from $npm_config_user_agent which looks like
-  # yarn/1.21.1 npm/? node/v14.2.0 darwin x64
-  major_node_version=$(echo "$npm_config_user_agent" | sed -n 's/.*node\/v\([^.]*\).*/\1/p')
-
-  if [ -n "${FORCE_NODE_VERSION:-}" ]; then
-    echo "WARNING: Overriding required Node.js version to v$FORCE_NODE_VERSION"
-    echo "This could lead to broken functionality, and is unsupported."
-    echo "USE AT YOUR OWN RISK!"
-  fi
-
-  if [ "$major_node_version" -ne "${FORCE_NODE_VERSION:-22}" ]; then
-    echo "ERROR: code-server currently requires node v22."
-    if [ -n "$FORCE_NODE_VERSION" ]; then
-      echo "However, you have overrided the version check to use v$FORCE_NODE_VERSION."
-    fi
-    echo "We have detected that you are on node v$major_node_version"
-    echo "You can override this version check by setting \$FORCE_NODE_VERSION,"
-    echo "but configurations that do not use the same node version are unsupported."
-    exit 1
-  fi
-
-  # Under npm, if we are running as root, we need --unsafe-perm otherwise
-  # post-install scripts will not have sufficient permissions to do their thing.
-  if is_root; then
-    case "${npm_config_user_agent-}" in npm*)
-      if [ "${npm_config_unsafe_perm-}" != "true" ]; then
-        echo "Please pass --unsafe-perm to npm to install code-server"
-        echo "Otherwise post-install scripts will not have permissions to run"
-        echo "See https://docs.npmjs.com/misc/config#unsafe-perm"
-        echo "See https://stackoverflow.com/questions/49084929/npm-sudo-global-installation-unsafe-perm"
-        exit 1
-      fi
-      ;;
-    esac
-  fi
-
-  if ! vscode_install; then
-    echo "You may not have the required dependencies to build the native modules."
-    echo "Please see https://github.com/coder/code-server/blob/main/docs/npm.md"
-    exit 1
-  fi
-
-  if [ -n "${FORCE_NODE_VERSION:-}" ]; then
-    echo "WARNING: The required Node.js version was overriden to v$FORCE_NODE_VERSION"
-    echo "This could lead to broken functionality, and is unsupported."
-    echo "USE AT YOUR OWN RISK!"
-  fi
-}
-
-install_with_yarn_or_npm() {
-  echo "User agent: ${npm_config_user_agent-none}"
-  # For development we enforce npm, but for installing the package as an
-  # end-user we want to keep using whatever package manager is in use.
-  case "${npm_config_user_agent-}" in
-    npm*)
-      if ! npm install --unsafe-perm --omit=dev; then
-        return 1
-      fi
-      ;;
-    yarn*)
-      if ! yarn --production --frozen-lockfile --no-default-rc; then
-        return 1
-      fi
-      ;;
-    *)
-      echo "Could not determine which package manager is being used to install code-server"
-      exit 1
-      ;;
-  esac
-  return 0
-}
-
-vscode_install() {
-  echo 'Installing Code dependencies...'
-  cd lib/vscode
-  if ! install_with_yarn_or_npm; then
-    return 1
-  fi
-
-  symlink_bin_script remote-cli code code-server
-  symlink_bin_script helpers browser browser .sh
-
-  cd extensions
-  if ! install_with_yarn_or_npm; then
-    return 1
-  fi
-
-  return 0
-}
-
-main "$@"

ci/build/update-repo.sh

@@ -1,46 +0,0 @@
-#!/usr/bin/env bash
-
-set -Eeuo pipefail
-
-function update_helm() {
-  local current
-  current=$(yq .version ci/helm-chart/Chart.yaml)
-  local next
-  next=$(semver "$current" -i minor)
-  echo "Bumping version from $current to $next..."
-  sed -i.bak "s/^version: $current\$/version: $next/" ci/helm-chart/Chart.yaml
-
-  echo "Setting app version and image to $version..."
-  sed -i.bak "s/^appVersion: .\+\$/appVersion: $version/" ci/helm-chart/Chart.yaml
-  sed -i.bak "s/^  tag: .\+\$/  tag: '$version'/" ci/helm-chart/values.yaml
-}
-
-function update_changelog() {
-  local date
-  date=$(printf '%(%Y-%m-%d)T\n' -1)
-  local link="https://github.com/coder/code-server/releases/tag/v$version"
-  sed -i.bak "s|## Unreleased|## Unreleased\n\n## [$version]($link) - $date|" CHANGELOG.md
-}
-
-function main() {
-  cd "$(dirname "${0}")/../.."
-
-  source ./ci/lib.sh
-
-  local version=${VERSION:-$(git describe --tags)}
-  version="${version#v}"
-
-  declare -a steps
-
-  steps+=(
-    "Update Helm chart" "update_helm"
-    "Update changelog" "update_changelog"
-  )
-
-  run-steps "${steps[@]}"
-
-  # This step is always manual.
-  echo "- [ ] https://github.com/coder/code-server-aur/pulls" >> .cache/checklist
-}
-
-main "$@"

ci/build/update-vscode.sh

@@ -1,154 +0,0 @@
-#!/usr/bin/env bash
-
-set -Eeuo pipefail
-
-function unapply_patches() {
-  local -i exit_code=0
-  quiet quilt pop -af || exit_code=$?
-  case $exit_code in
-    # Sucessfully unapplied.
-    0) ;;
-    # No more patches to unapply.
-    2) ;;
-    # Some error.
-    *) return $exit_code ;;
-  esac
-}
-
-function update_vscode() {
-  pushd lib/vscode
-  if ! git checkout 2>&1 "$target_vscode_version" ; then
-    echo "$target_vscode_version does not exist locally, fetching..."
-    git fetch --all --prune
-    git checkout "$target_vscode_version"
-  fi
-  popd
-}
-
-function refresh_patches() {
-  local -i exit_code=0
-  while quiet quilt push ; ! (( exit_code=$? )) ; do
-    quilt refresh
-  done
-  case $exit_code in
-    # No more patches to apply.
-    2) ;;
-    # Some error.
-    *) return $exit_code ;;
-  esac
-}
-
-function update_node() {
-  local node_version
-  node_version=$(cat .node-version)
-  if [[ $node_version == "$target_node_version" ]] ; then
-    echo "Already set to $target_node_version"
-  else
-    echo "Updating from $node_version to $target_node_version..."
-    echo "$target_node_version" > .node-version
-  fi
-}
-
-function get-webview-script-hash() {
-  local html
-  html=$(<"$1")
-  local start_tag='<script async type="module">'
-  local end_tag="</script>"
-  html=${html##*"$start_tag"}
-  html=${html%%"$end_tag"*}
-  echo -n "$html" | openssl sha256 -binary | openssl base64
-}
-
-function update_csp() {
-  local current
-  current=$(quilt top 2>/dev/null || echo "")
-  local patch_action=""
-  echo "Currently at ${current:-base}"
-  if [[ $current != */webview.diff ]] ; then
-    echo "Moving to patches/webview.diff..."
-    local -i exit_code=0
-    if quilt applied 2>/dev/null | grep --quiet webview.diff ; then
-      quiet quilt pop webview || exit_code=$?
-      patch_action=pop
-    else
-      quiet quilt push webview || exit_code=$?
-      patch_action=push
-    fi
-    case $exit_code in
-      # Successfully moved.
-      0) ;;
-      # Some error.
-      *) return $exit_code ;;
-    esac
-  fi
-
-  local file=lib/vscode/src/vs/workbench/contrib/webview/browser/pre/index.html
-  local hash
-  hash=$(get-webview-script-hash "$file")
-  echo "Calculated hash as $hash"
-  # Use octothorpe as a delimiter since the hash may contain a slash.
-  sed -i.bak "s#script-src 'sha256-[^']\+'#script-src 'sha256-$hash'#" "$file"
-  quilt refresh
-
-  if [[ $patch_action != "" ]] ; then
-    echo "Moving back to ${current:-base}..."
-    case $patch_action in
-      pop) quiet quilt push "$current" ;;
-      push) quiet quilt pop "${current:--a}" ;;
-    esac
-  fi
-}
-
-function add_changelog() {
-  local file=CHANGELOG.md
-  if grep --quiet "Code $target_vscode_version" "$file" ; then
-    echo "Changelog for $target_vscode_version already exists"
-  else
-    # TODO: This is not exactly robust.  In particular, it needs to handle if
-    # there is already a "changed" section.
-    sed -i.bak "s/## Unreleased/## Unreleased\n\nCode v$target_vscode_version\n\n### Changed\n\n- Update to Code $target_vscode_version/" "$file"
-  fi
-}
-
-function main() {
-  cd "$(dirname "${0}")/../.."
-
-  source ./ci/lib.sh
-
-  local target_node_version
-  target_node_version=$(grep target lib/vscode/remote/.npmrc | awk -F= '{print $2}' | tr -d '"')
-
-  declare -a steps
-
-  # If version is not set, assume we are already at the target version and the
-  # user is just trying to resolve conflics.
-  local target_vscode_version
-  if [[ ${VERSION-} ]] ; then
-    # Removing patches only needs to be done locally; in CI we start from a
-    # fresh clone each time.
-    if [[ ! ${CI-} ]] ; then
-      steps+=("Unapplying patches" "unapply_patches")
-    fi
-    target_vscode_version="${VERSION#v}"
-    steps+=(
-      "Update VS Code to $target_vscode_version" "update_vscode"
-      "Refresh VS Code patches" "refresh_patches"
-    )
-  else
-    target_vscode_version="$(git -C lib/vscode describe --tags --exact-match)"
-    echo "Detected VS Code version $target_vscode_version"
-  fi
-
-  steps+=(
-    "Set Node version to $target_node_version" "update_node"
-    "Update CSP webview hash" "update_csp"
-    "Add changelog note" "add_changelog"
-  )
-
-  run-steps "${steps[@]}"
-
-  # This step is always manual.
-  echo "- [ ] Verify changelog" >> .cache/checklist
-}
-
-main "$@"

ci/dev/doctoc.sh

@@ -1,26 +0,0 @@
-#!/usr/bin/env bash
-set -euo pipefail
-
-main() {
-  cd "$(dirname "$0")/../.."
-
-  doctoc --title '# FAQ' docs/FAQ.md > /dev/null
-  doctoc --title '# Setup Guide' docs/guide.md > /dev/null
-  doctoc --title '# Install' docs/install.md > /dev/null
-  doctoc --title '# npm Install Requirements' docs/npm.md > /dev/null
-  doctoc --title '# Contributing' docs/CONTRIBUTING.md > /dev/null
-  doctoc --title '# Maintaining' docs/MAINTAINING.md > /dev/null
-  doctoc --title '# Contributor Covenant Code of Conduct' docs/CODE_OF_CONDUCT.md > /dev/null
-  doctoc --title '# iPad' docs/ipad.md > /dev/null
-  doctoc --title '# Termux' docs/termux.md > /dev/null
-
-  if [[ ${CI-} && $(git ls-files --other --modified --exclude-standard) ]]; then
-    echo "Files need generation or are formatted incorrectly:"
-    git -c color.ui=always status | grep --color=no '\[31m'
-    echo "Please run the following locally:"
-    echo "  npm run doctoc"
-    exit 1
-  fi
-}
-
-main "$@"

ci/dev/gen_icons.sh

@@ -1,50 +0,0 @@
-#!/bin/sh
-set -eu
-
-# Generate icons from a single favicon.svg.  favicon.svg should have no fill
-# colors set.
-main() {
-  cd src/browser/media
-
-  # We need .ico for backwards compatibility.  The other two are the only icon
-  # sizes required by Chrome and we use them for stuff like apple-touch-icon as
-  # well.  https://web.dev/add-manifest/
-  #
-  # This should be enough and we can always add more if there are problems.
-  #
-  # -quiet to avoid https://github.com/ImageMagick/ImageMagick/issues/884
-  # -background defaults to white but we want it transparent.
-  # -density somehow makes the image both sharper and smaller in file size.
-  #
-  # https://imagemagick.org/script/command-line-options.php#background
-  convert -quiet -background transparent \
-          -resize 256x256 -density 256x256 \
-          favicon.svg favicon.ico
-
-  # Generate PWA icons.  There should be enough padding to support masking.
-  convert -quiet -border 60x60 -bordercolor white -background white \
-          -resize 192x192 -density 192x192 \
-          favicon.svg pwa-icon-maskable-192.png
-  convert -quiet -border 160x160 -bordercolor white -background white \
-          -resize 512x512 -density 512x512 \
-          favicon.svg pwa-icon-maskable-512.png
-
-  # Generate non-maskable PWA icons.
-  magick pwa-icon-maskable-192.png \
-         \( +clone -threshold 101% -fill white -draw "roundRectangle 0,0 %[fx:int(w)],%[fx:int(h)] 50,50" \) \
-         -channel-fx "| gray=>alpha" \
-         pwa-icon-192.png
-  magick pwa-icon-maskable-512.png \
-         \( +clone -threshold 101% -fill white -draw "roundRectangle 0,0 %[fx:int(w)],%[fx:int(h)] 100,100" \) \
-         -channel-fx "| gray=>alpha" \
-         pwa-icon-512.png
-
-  # The following adds dark mode support for the favicon as
-  # favicon-dark-support.svg There is no similar capability for pwas or .ico so
-  # we can only add support to the svg.
-  favicon_dark_style="<style>@media (prefers-color-scheme: dark) {* { fill: white; }}</style>"
-  cp favicon.svg favicon-dark-support.svg
-  sed "s%<path%$favicon_dark_style\n  <path%" favicon.svg > favicon-dark-support.svg
-}
-
-main "$@"

ci/dev/lint-scripts.sh

@@ -1,9 +0,0 @@
-#!/usr/bin/env bash
-set -euo pipefail
-
-main() {
-  cd "$(dirname "$0")/../.."
-  shellcheck -e SC2046,SC2164,SC2154,SC1091,SC1090,SC2002 $(git ls-files '*.sh' | grep -v 'lib/vscode')
-}
-
-main "$@"

ci/dev/postinstall.sh

@@ -1,38 +0,0 @@
-#!/usr/bin/env bash
-set -euo pipefail
-
-# Install dependencies in $1.
-install-deps() {
-  local args=()
-  if [[ ${CI-} ]]; then
-    args+=(ci)
-  else
-    args+=(install)
-  fi
-  # If there is no package.json then npm will look upward and end up installing
-  # from the root resulting in an infinite loop (this can happen if you have not
-  # checked out the submodule yet for example).
-  if [[ ! -f "$1/package.json" ]]; then
-    echo "$1/package.json is missing; did you run git submodule update --init?"
-    exit 1
-  fi
-  pushd "$1"
-  echo "Installing dependencies for $PWD"
-  npm "${args[@]}"
-  popd
-}
-
-main() {
-  cd "$(dirname "$0")/../.."
-  source ./ci/lib.sh
-
-  install-deps test
-  install-deps test/e2e/extensions/test-extension
-  # We don't need these when running the integration tests
-  # so you can pass SKIP_SUBMODULE_DEPS
-  if [[ ! ${SKIP_SUBMODULE_DEPS-} ]]; then
-    install-deps lib/vscode
-  fi
-}
-
-main "$@"

ci/dev/preinstall.js

@@ -1,3 +0,0 @@
-if (process.env.npm_execpath.includes("yarn")) {
-  throw new Error("`yarn` is no longer supported; please use `npm install` instead")
-}

ci/dev/test-e2e.sh

@@ -1,50 +0,0 @@
-#!/usr/bin/env bash
-set -euo pipefail
-
-help() {
-  echo >&2 "  You can build with 'npm run watch' or you can build a release"
-  echo >&2 "  For example: 'npm run build && npm run build:vscode && KEEP_MODULES=1 npm run release'"
-  echo >&2 "  Then 'CODE_SERVER_TEST_ENTRY=./release npm run test:e2e'"
-  echo >&2 "  You can manually run that release with 'node ./release'"
-}
-
-main() {
-  cd "$(dirname "$0")/../.."
-
-  source ./ci/lib.sh
-
-  pushd test/e2e/extensions/test-extension
-  echo "Building test extension"
-  npm run build
-  popd
-
-  local dir="$PWD"
-  if [[ ! ${CODE_SERVER_TEST_ENTRY-} ]]; then
-    echo "Set CODE_SERVER_TEST_ENTRY to test another build of code-server"
-  else
-    pushd "$CODE_SERVER_TEST_ENTRY"
-    dir="$PWD"
-    popd
-  fi
-
-  echo "Testing build in '$dir'"
-
-  # Simple sanity checks to see that we've built. There could still be things
-  # wrong (native modules version issues, incomplete build, etc).
-  if [[ ! -d $dir/out ]]; then
-    echo >&2 "No code-server build detected"
-    help
-    exit 1
-  fi
-
-  if [[ ! -d $dir/lib/vscode/out ]]; then
-    echo >&2 "No VS Code build detected"
-    help
-    exit 1
-  fi
-
-  cd test
-  ./node_modules/.bin/playwright test "$@"
-}
-
-main "$@"

ci/dev/test-integration.sh

@@ -1,39 +0,0 @@
-#!/usr/bin/env bash
-set -euo pipefail
-
-help() {
-  echo >&2 "  You can build the release with 'KEEP_MODULES=1 npm run release'"
-  echo >&2 "  Or you can pass in a custom path."
-  echo >&2 "  CODE_SERVER_PATH='/var/tmp/coder/code-server/bin/code-server' npm run test:integration"
-}
-
-# Make sure a code-server release works. You can pass in the path otherwise it
-# will look for $RELEASE_PATH in the current directory.
-#
-# This is to make sure we don't have Node version errors or any other
-# compilation-related errors.
-main() {
-  cd "$(dirname "$0")/../.."
-
-  source ./ci/lib.sh
-
-  local path="$RELEASE_PATH/bin/code-server"
-  if [[ ! ${CODE_SERVER_PATH-} ]]; then
-    echo "Set CODE_SERVER_PATH to test another build of code-server"
-  else
-    path="$CODE_SERVER_PATH"
-  fi
-
-  echo "Running tests with code-server binary: '$path'"
-
-  if [[ ! -f $path ]]; then
-    echo >&2 "No code-server build detected"
-    echo >&2 "Looked in $path"
-    help
-    exit 1
-  fi
-
-  CODE_SERVER_PATH="$path" ./test/node_modules/.bin/jest "$@" --coverage=false --testRegex "./test/integration" --testPathIgnorePatterns "./test/integration/fixtures"
-}
-
-main "$@"

ci/dev/test-native.sh

@@ -1,39 +0,0 @@
-#!/usr/bin/env bash
-set -euo pipefail
-
-help() {
-  echo >&2 "  You can build the release with 'KEEP_MODULES=1 npm run release'"
-  echo >&2 "  Or you can pass in a custom path."
-  echo >&2 "  CODE_SERVER_PATH='/var/tmp/coder/code-server/bin/code-server' npm run test:integration"
-}
-
-# Make sure a code-server release works. You can pass in the path otherwise it
-# will look for $RELEASE_PATH in the current directory.
-#
-# This is to make sure we don't have Node version errors or any other
-# compilation-related errors.
-main() {
-  cd "$(dirname "$0")/../.."
-
-  source ./ci/lib.sh
-
-  local path="$RELEASE_PATH/bin/code-server"
-  if [[ ! ${CODE_SERVER_PATH-} ]]; then
-    echo "Set CODE_SERVER_PATH to test another build of code-server"
-  else
-    path="$CODE_SERVER_PATH"
-  fi
-
-  echo "Running tests with code-server binary: '$path'"
-
-  if [[ ! -f $path ]]; then
-    echo >&2 "No code-server build detected"
-    echo >&2 "Looked in $path"
-    help
-    exit 1
-  fi
-
-  CODE_SERVER_PATH="$path" ./test/node_modules/.bin/jest "$@" --coverage=false --testRegex "./test/integration/help.test.ts"
-}
-
-main "$@"

ci/dev/test-scripts.sh

@@ -1,9 +0,0 @@
-#!/usr/bin/env bash
-set -euo pipefail
-
-main() {
-  cd "$(dirname "$0")/../.."
-  bats ./test/scripts
-}
-
-main "$@"

ci/dev/test-unit.sh

@@ -1,15 +0,0 @@
-#!/usr/bin/env bash
-set -euo pipefail
-
-main() {
-  cd "$(dirname "$0")/../.."
-
-  source ./ci/lib.sh
-
-  # We must keep jest in a sub-directory. See ../../test/package.json for more
-  # information. We must also run it from the root otherwise coverage will not
-  # include our source files.
-  ./test/node_modules/.bin/jest "$@" --testRegex "./test/unit/.*ts"
-}
-
-main "$@"

ci/dev/watch.ts

@@ -1,143 +0,0 @@
-import { spawn, ChildProcess } from "child_process"
-import * as path from "path"
-import { onLine, OnLineCallback } from "../../src/node/util"
-
-interface DevelopmentCompilers {
-  [key: string]: ChildProcess | undefined
-  vscode: ChildProcess
-  vscodeWebExtensions: ChildProcess
-  codeServer: ChildProcess
-  plugins: ChildProcess | undefined
-}
-
-class Watcher {
-  private rootPath = path.resolve(process.cwd())
-  private readonly paths = {
-    /** Path to uncompiled VS Code source. */
-    vscodeDir: path.join(this.rootPath, "lib/vscode"),
-    pluginDir: process.env.PLUGIN_DIR,
-  }
-
-  //#region Web Server
-
-  /** Development web server. */
-  private webServer: ChildProcess | undefined
-
-  private reloadWebServer = (): void => {
-    if (this.webServer) {
-      this.webServer.kill()
-    }
-
-    // Pass CLI args, save for `node` and the initial script name.
-    const args = process.argv.slice(2)
-    this.webServer = spawn("node", [path.join(this.rootPath, "out/node/entry.js"), ...args])
-    onLine(this.webServer, (line) => console.log("[code-server]", line))
-    const { pid } = this.webServer
-
-    this.webServer.on("exit", () => console.log("[code-server]", `Web process ${pid} exited`))
-
-    console.log("\n[code-server]", `Spawned web server process ${pid}`)
-  }
-
-  //#endregion
-
-  //#region Compilers
-
-  private readonly compilers: DevelopmentCompilers = {
-    codeServer: spawn("tsc", ["--watch", "--pretty", "--preserveWatchOutput"], { cwd: this.rootPath }),
-    vscode: spawn("npm", ["run", "watch"], { cwd: this.paths.vscodeDir }),
-    vscodeWebExtensions: spawn("npm", ["run", "watch-web"], { cwd: this.paths.vscodeDir }),
-    plugins: this.paths.pluginDir
-      ? spawn("npm", ["run", "build", "--watch"], { cwd: this.paths.pluginDir })
-      : undefined,
-  }
-
-  public async initialize(): Promise<void> {
-    for (const event of ["SIGINT", "SIGTERM"]) {
-      process.on(event, () => this.dispose(0))
-    }
-
-    for (const [processName, devProcess] of Object.entries(this.compilers)) {
-      if (!devProcess) continue
-
-      devProcess.on("exit", (code) => {
-        console.log(`[${processName}]`, "Terminated unexpectedly")
-        this.dispose(code)
-      })
-
-      if (devProcess.stderr) {
-        devProcess.stderr.on("data", (d: string | Uint8Array) => process.stderr.write(d))
-      }
-    }
-
-    onLine(this.compilers.vscode, this.parseVSCodeLine)
-    onLine(this.compilers.codeServer, this.parseCodeServerLine)
-
-    if (this.compilers.plugins) {
-      onLine(this.compilers.plugins, this.parsePluginLine)
-    }
-  }
-
-  //#endregion
-
-  //#region Line Parsers
-
-  private parseVSCodeLine: OnLineCallback = (strippedLine, originalLine) => {
-    if (!strippedLine.length) return
-
-    console.log("[Code OSS]", originalLine)
-
-    if (strippedLine.includes("Finished compilation with")) {
-      console.log("[Code OSS] ✨ Finished compiling! ✨", "(Refresh your web browser ♻️)")
-      this.reloadWebServer()
-    }
-  }
-
-  private parseCodeServerLine: OnLineCallback = (strippedLine, originalLine) => {
-    if (!strippedLine.length) return
-
-    console.log("[Compiler][code-server]", originalLine)
-
-    if (strippedLine.includes("Watching for file changes")) {
-      console.log("[Compiler][code-server]", "Finished compiling!", "(Refresh your web browser ♻️)")
-      this.reloadWebServer()
-    }
-  }
-
-  private parsePluginLine: OnLineCallback = (strippedLine, originalLine) => {
-    if (!strippedLine.length) return
-
-    console.log("[Compiler][Plugin]", originalLine)
-
-    if (strippedLine.includes("Watching for file changes...")) {
-      this.reloadWebServer()
-    }
-  }
-
-  //#endregion
-
-  //#region Utilities
-
-  private dispose(code: number | null): void {
-    for (const [processName, devProcess] of Object.entries(this.compilers)) {
-      console.log(`[${processName}]`, "Killing...\n")
-      devProcess?.removeAllListeners()
-      devProcess?.kill()
-    }
-    process.exit(typeof code === "number" ? code : 0)
-  }
-
-  //#endregion
-}
-
-async function main(): Promise<void> {
-  try {
-    const watcher = new Watcher()
-    await watcher.initialize()
-  } catch (error: any) {
-    console.error(error.message)
-    process.exit(1)
-  }
-}
-
-main()

ci/helm-chart/.helmignore

@@ -1,23 +0,0 @@
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*.orig
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
-.vscode/

ci/helm-chart/Chart.yaml

@@ -1,23 +0,0 @@
-apiVersion: v2
-name: code-server
-description: A Helm chart for coder/code-server
-
-# A chart can be either an 'application' or a 'library' chart.
-#
-# Application charts are a collection of templates that can be packaged into versioned archives
-# to be deployed.
-#
-# Library charts provide useful utilities or functions for the chart developer. They're included as
-# a dependency of application charts to inject those utilities and functions into the rendering
-# pipeline. Library charts do not define any templates and therefore cannot be deployed.
-type: application
-
-# This is the chart version. This version number should be incremented each time you make changes
-# to the chart and its templates, including the app version.
-# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 3.35.0
-
-# This is the version number of the application being deployed. This version number should be
-# incremented each time you make changes to the application. Versions are not expected to
-# follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: 4.116.0

ci/helm-chart/templates/NOTES.txt

@@ -1,24 +0,0 @@
-1. Get the application URL by running these commands:
-{{- if .Values.ingress.enabled }}
-{{- range $host := .Values.ingress.hosts }}
-  {{- range .paths }}
-  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }}
-  {{- end }}
-{{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
-  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "code-server.fullname" . }})
-  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
-  echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
-     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "code-server.fullname" . }}'
-  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "code-server.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
-  echo http://$SERVICE_IP:{{ .Values.service.port }}
-{{- else if contains "ClusterIP" .Values.service.type }}
-  echo "Visit http://127.0.0.1:8080 to use your application"
-  kubectl port-forward --namespace {{ .Release.Namespace }} service/{{ include "code-server.fullname" . }} 8080:http
-{{- end }}
-
-Administrator credentials:
-
-  Password: echo $(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "code-server.fullname" . }} -o jsonpath="{.data.password}" | base64 --decode)

ci/helm-chart/templates/_helpers.tpl

@@ -1,63 +0,0 @@
-{{/* vim: set filetype=mustache: */}}
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "code-server.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "code-server.fullname" -}}
-{{- if .Values.fullnameOverride -}}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- $name := default .Chart.Name .Values.nameOverride -}}
-{{- if contains $name .Release.Name -}}
-{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "code-server.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{/*
-Common labels
-*/}}
-{{- define "code-server.labels" -}}
-helm.sh/chart: {{ include "code-server.chart" . }}
-{{ include "code-server.selectorLabels" . }}
-{{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
-{{- end }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
-{{- end }}
-
-{{/*
-Selector labels
-*/}}
-{{- define "code-server.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "code-server.name" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-{{- end }}
-
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "code-server.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create -}}
-    {{ default (include "code-server.fullname" .) .Values.serviceAccount.name }}
-{{- else -}}
-    {{ default "default" .Values.serviceAccount.name }}
-{{- end -}}
-{{- end -}}

ci/helm-chart/templates/deployment.yaml

@@ -1,194 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: {{ include "code-server.fullname" . }}
-  labels:
-    {{- include "code-server.labels" . | nindent 4 }}
-  {{- if .Values.annotations }}
-  annotations: {{- toYaml .Values.annotations | nindent 4 }}
-  {{- end }}
-spec:
-  {{- if ne .Values.replicaCount nil }}
-  replicas: {{ .Values.replicaCount }}
-  {{- end }}
-  strategy:
-    type: Recreate
-  selector:
-    matchLabels:
-      {{- include "code-server.selectorLabels" . | nindent 6 }}
-  template:
-    metadata:
-      labels:
-        {{- include "code-server.selectorLabels" . | nindent 8 }}
-      {{- if .Values.podAnnotations }}
-      annotations: {{- toYaml .Values.podAnnotations | nindent 8 }}
-      {{- end }}
-    spec:
-      imagePullSecrets: {{- toYaml .Values.imagePullSecrets | nindent 8 }}
-      {{- if .Values.hostnameOverride }}
-      hostname: {{ .Values.hostnameOverride }}
-      {{- end }}
-      {{- if .Values.priorityClassName }}
-      priorityClassName: {{ .Values.priorityClassName }}
-      {{- end }}
-      {{- if .Values.securityContext.enabled }}
-      securityContext:
-        fsGroup: {{ .Values.securityContext.fsGroup }}
-      {{- end }}
-      {{- if or (and .Values.volumePermissions.enabled .Values.persistence.enabled) .Values.extraInitContainers }}
-      initContainers:
-      {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }}
-      - name: init-chmod-data
-        image: busybox:latest
-        imagePullPolicy: IfNotPresent
-        command:
-          - sh
-          - -c
-          - |
-            chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} /home/coder
-        securityContext:
-          runAsUser: {{ .Values.volumePermissions.securityContext.runAsUser }}
-        volumeMounts:
-        - name: data
-          mountPath: /home/coder
-      {{- end }}
-{{- if .Values.extraInitContainers }}
-{{ tpl .Values.extraInitContainers . | indent 6}}
-{{- end }}
-      {{- end }}
-      containers:
-{{- if .Values.extraContainers }}
-{{ tpl .Values.extraContainers . | indent 8}}
-{{- end }}
-        - name: {{ .Chart.Name }}
-          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
-          {{- if .Values.securityContext.enabled }}
-          securityContext:
-            runAsUser: {{ .Values.securityContext.runAsUser }}
-          {{- end }}
-          {{- if .Values.lifecycle.enabled }}
-          lifecycle:
-            {{- if .Values.lifecycle.postStart }}
-            postStart:
-              {{ toYaml .Values.lifecycle.postStart | nindent 14 }}
-            {{- end }}
-            {{- if .Values.lifecycle.preStop }}
-            preStop:
-              {{ toYaml .Values.lifecycle.preStop | nindent 14 }}
-            {{- end }}
-          {{- end }}
-          env:
-        {{- if .Values.extraVars }}
-{{ toYaml .Values.extraVars | indent 10 }}
-        {{- end }}
-          - name: PASSWORD
-            valueFrom:
-              secretKeyRef:
-              {{- if .Values.existingSecret }}
-                name: {{ .Values.existingSecret }}
-              {{- else }}
-                name: {{ template "code-server.fullname" . }}
-              {{- end }}
-                key: password
-        {{- if .Values.extraArgs }}
-          args:
-{{ toYaml .Values.extraArgs | indent 10 }}
-        {{- end }}
-          volumeMounts:
-          - name: data
-            mountPath: /home/coder
-          {{- range .Values.extraConfigmapMounts }}
-          - name: {{ .name }}
-            mountPath: {{ .mountPath }}
-            subPath: {{ .subPath | default "" }}
-            readOnly: {{ .readOnly }}
-          {{- end }}
-          {{- range .Values.extraSecretMounts }}
-          - name: {{ .name }}
-            mountPath: {{ .mountPath }}
-            subPath: {{ .subPath | default "" }}
-            readOnly: {{ .readOnly }}
-          {{- end }}
-          {{- range .Values.extraVolumeMounts }}
-          - name: {{ .name }}
-            mountPath: {{ .mountPath }}
-            subPath: {{ .subPath | default "" }}
-            readOnly: {{ .readOnly }}
-          {{- end }}
-          ports:
-            - name: http
-              containerPort: 8080
-              protocol: TCP
-          {{- range .Values.extraPorts }}
-            - name: {{ .name }}
-              containerPort: {{ .port }}
-              protocol: {{ .protocol }}
-          {{- end }}
-          {{- if ne .Values.livenessProbe.enabled false }}
-          livenessProbe:
-            httpGet:
-              path: /healthz
-              port: http
-          {{- end }}
-          {{- if ne .Values.readinessProbe.enabled false }}
-          readinessProbe:
-            httpGet:
-              path: /healthz
-              port: http
-          {{- end }}
-          resources:
-            {{- toYaml .Values.resources | nindent 12 }}
-      {{- with .Values.nodeSelector }}
-      nodeSelector:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-    {{- with .Values.affinity }}
-      affinity:
-        {{- tpl . $ | nindent 8 }}
-    {{- end }}
-    {{- with .Values.tolerations }}
-      tolerations:
-        {{- toYaml . | nindent 8 }}
-    {{- end }}
-      serviceAccountName: {{ template "code-server.serviceAccountName" . }}
-      volumes:
-      - name: data
-      {{- if .Values.persistence.enabled }}
-        {{- if not .Values.persistence.hostPath }}
-        persistentVolumeClaim:
-          claimName: {{ .Values.persistence.existingClaim | default (include "code-server.fullname" .) }}
-        {{- else }}
-        hostPath:
-          path: {{ .Values.persistence.hostPath }}
-          type: Directory
-        {{- end -}}
-      {{- else }}
-        emptyDir: {}
-      {{- end -}}
-      {{- range .Values.extraSecretMounts }}
-      - name: {{ .name }}
-        secret:
-          secretName: {{ .secretName }}
-          defaultMode: {{ .defaultMode }}
-      {{- end }}
-      {{- range .Values.extraConfigmapMounts }}
-      - name: {{ .name }}
-        configMap:
-          name: {{ .configMap }}
-          defaultMode: {{ .defaultMode }}
-      {{- end }}
-      {{- range .Values.extraVolumeMounts }}
-      - name: {{ .name }}
-        {{- if .existingClaim }}
-        persistentVolumeClaim:
-          claimName: {{ .existingClaim }}
-        {{- else if .hostPath }}
-        hostPath:
-          path: {{ .hostPath }}
-          type: Directory
-        {{- else }}
-        emptyDir:
-          {{- toYaml .emptyDir | nindent 10 }}
-        {{- end }}
-      {{- end }}

ci/helm-chart/templates/ingress.yaml

@@ -1,63 +0,0 @@
-{{- if .Values.ingress.enabled -}}
-{{- $fullName := include "code-server.fullname" . -}}
-{{- $svcPort := .Values.service.port -}}
-{{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion -}}
-apiVersion: networking.k8s.io/v1
-{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
-apiVersion: networking.k8s.io/v1beta1
-{{- else -}}
-apiVersion: extensions/v1beta1
-{{- end }}
-kind: Ingress
-metadata:
-  name: {{ $fullName }}
-  labels:
-    {{- include "code-server.labels" . | nindent 4 }}
-  {{- with .Values.ingress.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-spec:
-  {{- if .Values.ingress.ingressClassName }}
-  ingressClassName: {{ .Values.ingress.ingressClassName }}
-  {{- end }}
-  {{- if .Values.ingress.tls }}
-  tls:
-    {{- range .Values.ingress.tls }}
-    - hosts:
-        {{- range .hosts }}
-        - {{ . | quote }}
-        {{- end }}
-      secretName: {{ .secretName }}
-    {{- end }}
-  {{- end }}
-  rules:
-  {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion -}}
-    {{- range .Values.ingress.hosts }}
-    - host: {{ .host | quote }}
-      http:
-        paths:
-          {{- range .paths }}
-          - path: {{ . }}
-            pathType: Prefix
-            backend:
-              service:
-                name: {{ $fullName }}
-                port: 
-                  number: {{ $svcPort }}
-          {{- end }}
-    {{- end }}
-  {{- else -}}
-    {{- range .Values.ingress.hosts }}
-    - host: {{ .host | quote }}
-      http:
-        paths:
-          {{- range .paths }}
-          - path: {{ . }}
-            backend:
-              serviceName: {{ $fullName }}
-              servicePort: {{ $svcPort }}
-          {{- end }}
-    {{- end }}
-  {{- end }}
-{{- end }}

ci/helm-chart/templates/pvc.yaml

@@ -1,26 +0,0 @@
-{{- if and (and .Values.persistence.enabled (not .Values.persistence.existingClaim)) (not .Values.persistence.hostPath) }}
-kind: PersistentVolumeClaim
-apiVersion: v1
-metadata:
-  name: {{ include "code-server.fullname" . }}
-  namespace: {{ .Release.Namespace }}
-{{- with .Values.persistence.annotations  }}
-  annotations:
-{{ toYaml . | indent 4 }}
-{{- end }}
-  labels:
-    {{- include "code-server.labels" . | nindent 4 }}
-spec:
-  accessModes:
-    - {{ .Values.persistence.accessMode | quote }}
-  resources:
-    requests:
-      storage: {{ .Values.persistence.size | quote }}
-{{- if .Values.persistence.storageClass }}
-{{- if (eq "-" .Values.persistence.storageClass) }}
-  storageClassName: ""
-{{- else }}
-  storageClassName: "{{ .Values.persistence.storageClass }}"
-{{- end }}
-{{- end }}
-{{- end }}

ci/helm-chart/templates/secrets.yaml

@@ -1,17 +0,0 @@
-{{- if not .Values.existingSecret }}
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ include "code-server.fullname" . }}
-  annotations:
-    "helm.sh/hook": "pre-install"
-  labels:
-    {{- include "code-server.labels" . | nindent 4 }}
-type: Opaque
-data:
-  {{- if .Values.password }}
-  password: "{{ .Values.password | b64enc }}"
-  {{- else }}
-  password: "{{ randAlphaNum 24 | b64enc }}"
-  {{- end }}
-{{- end }}

ci/helm-chart/templates/service.yaml

@@ -1,22 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ include "code-server.fullname" . }}
-  labels:
-    {{- include "code-server.labels" . | nindent 4 }}
-spec:
-  type: {{ .Values.service.type }}
-  ports:
-    - port: {{ .Values.service.port }}
-      targetPort: http
-      protocol: TCP
-      name: http
-  {{- range .Values.extraPorts }}
-    - port: {{ .port }}
-      targetPort: {{ .port }}
-      protocol: {{ .protocol }}
-      name: {{ .name }}
-  {{- end }}
-  selector:
-    app.kubernetes.io/name: {{ include "code-server.name" . }}
-    app.kubernetes.io/instance: {{ .Release.Name }}

ci/helm-chart/templates/serviceaccount.yaml

@@ -1,8 +0,0 @@
-{{- if or .Values.serviceAccount.create -}}
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  labels:
-    {{- include "code-server.labels" . | nindent 4 }}
-  name: {{ template "code-server.serviceAccountName" . }}
-{{- end -}}

ci/helm-chart/templates/tests/test-connection.yaml

@@ -1,15 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: "{{ include "code-server.fullname" . }}-test-connection"
-  labels:
-    {{- include "code-server.labels" . | nindent 4 }}
-  annotations:
-    "helm.sh/hook": test
-spec:
-  containers:
-    - name: wget
-      image: busybox
-      command: ['wget']
-      args:  ['{{ include "code-server.fullname" . }}:{{ .Values.service.port }}/healthz']
-  restartPolicy: Never

ci/helm-chart/values.yaml

@@ -1,232 +0,0 @@
-# Default values for code-server.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
-
-replicaCount: 1
-
-image:
-  repository: codercom/code-server
-  tag: '4.116.0'
-  pullPolicy: Always
-
-# Specifies one or more secrets to be used when pulling images from a
-# private container repository
-# https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry
-imagePullSecrets: []
-#  - name: registry-creds
-
-nameOverride: ""
-fullnameOverride: ""
-hostnameOverride: ""
-
-# The existing secret to use for code-server authentication in the frontend. the password is stored in the secret under the key `password`
-# existingSecret: ""
-
-serviceAccount:
-  # Specifies whether a service account should be created
-  create: true
-  # Annotations to add to the service account
-  annotations: {}
-  # The name of the service account to use.
-  # If not set and create is true, a name is generated using the fullname template
-  name: ""
-
-# Specifies annotations for deployment
-annotations: {}
-
-podAnnotations: {}
-
-podSecurityContext: {}
-  # fsGroup: 2000
-
-priorityClassName: ""
-
-service:
-  type: ClusterIP
-  port: 8080
-
-ingress:
-  enabled: false
-  #annotations:
-  #  kubernetes.io/tls-acme: "true"
-  #hosts:
-  #  - host: code-server.example.loc
-  #    paths:
-  #      - /
-  ingressClassName: ""
-  #tls:
-  #  - secretName: code-server
-  #    hosts:
-  #      - code-server.example.loc
-
-# Optional additional arguments
-extraArgs: []
-  # These are the arguments normally passed to code-server; run
-  # code-server --help for a list of available options.
-  #
-  # Each argument and parameter must have its own entry; if you use
-  # --param value on the command line, then enter it here as:
-  #
-  # - --param
-  # - value
-  #
-  # If you receive an error like "Unknown option --param value", it may be
-  # because both the parameter and value are specified as a single argument,
-  # rather than two separate arguments (e.g. "- --param value" on a line).
-
-# Optional additional environment variables
-extraVars: []
-#  - name: DISABLE_TELEMETRY
-#    value: "true"
-# if dind is desired:
-#  - name: DOCKER_HOST
-#    value: "tcp://localhost:2376"
-
-##
-## Init containers parameters:
-## volumePermissions: Change the owner of the persist volume mountpoint to RunAsUser:fsGroup
-##
-volumePermissions:
-  enabled: true
-  securityContext:
-    runAsUser: 0
-
-## Pod Security Context
-## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
-##
-securityContext:
-  enabled: true
-  fsGroup: 1000
-  runAsUser: 1000
-
-resources: {}
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  # limits:
-  #   cpu: 100m
-  #   memory: 128Mi
-  # requests:
-  #  cpu: 100m
-  #  memory: 1000Mi
-
-livenessProbe:
-  enabled: true
-
-readinessProbe:
-  enabled: true
-
-nodeSelector: {}
-
-tolerations: []
-
-affinity: {}
-
-## Persist data to a persistent volume
-persistence:
-  enabled: true
-  ## code-server data Persistent Volume Storage Class
-  ## If defined, storageClassName: <storageClass>
-  ## If set to "-", storageClassName: "", which disables dynamic provisioning
-  ## If undefined (the default) or set to null, no storageClassName spec is
-  ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
-  ##   GKE, AWS & OpenStack)
-  ##
-  # storageClass: "-"
-  accessMode: ReadWriteOnce
-  size: 10Gi
-  annotations: {}
-  # existingClaim: ""
-  # hostPath: /data
-
-lifecycle:
-  enabled: false
-  # postStart:
-  #  exec:
-  #    command:
-  #      - /bin/bash
-  #      - -c
-  #      - curl -s -L SOME_SCRIPT | bash
-
-  # for dind, the following may be helpful
-  # postStart:
-  #   exec:
-  #     command:
-  #       - /bin/sh
-  #       - -c
-  #       - |
-  #         sudo apt-get update \
-  #           && sudo apt-get install -y docker.io
-
-## Enable an Specify container in extraContainers.
-## This is meant to allow adding code-server dependencies, like docker-dind.
-extraContainers: |
-# If docker-dind is used, DOCKER_HOST env is mandatory to set in "extraVars"
-# - name: docker-dind
-#   image: docker:28.3.2-dind
-#   imagePullPolicy: IfNotPresent
-#   resources:
-#     requests:
-#       cpu: 1
-#       ephemeral-storage: "50Gi"
-#       memory: 10Gi
-#   securityContext:
-#     privileged: true
-#     procMount: Default
-#   env:
-#     - name: DOCKER_TLS_CERTDIR
-#       value: "" # disable TLS setup
-#   command:
-#     - dockerd
-#     - --host=unix:///var/run/docker.sock
-#     - --host=tcp://0.0.0.0:2376
-
-
-extraInitContainers: |
-# - name: customization
-#   image: {{ .Values.image.repository }}:{{ .Values.image.tag }}
-#   imagePullPolicy: IfNotPresent
-#   env:
-#     - name: SERVICE_URL
-#       value: https://open-vsx.org/vscode/gallery
-#     - name: ITEM_URL
-#       value: https://open-vsx.org/vscode/item
-#   command:
-#     - sh
-#     - -c
-#     - |
-#       code-server --install-extension ms-python.python
-#       code-server --install-extension golang.Go
-#   volumeMounts:
-#     - name: data
-#       mountPath: /home/coder
-
-## Additional code-server secret mounts
-extraSecretMounts: []
-  # - name: secret-files
-  #   mountPath: /etc/secrets
-  #   subPath: private.key # (optional)
-  #   secretName: code-server-secret-files
-  #   readOnly: true
-
-## Additional code-server volume mounts
-extraVolumeMounts: []
-  # - name: extra-volume
-  #   mountPath: /mnt/volume
-  #   readOnly: true
-  #   existingClaim: volume-claim
-  #   hostPath: ""
-  #   emptyDir: {}
-
-extraConfigmapMounts: []
-  # - name: certs-configmap
-  #   mountPath: /etc/code-server/ssl/
-  #   subPath: certificates.crt # (optional)
-  #   configMap: certs-configmap
-  #   readOnly: true
-
-extraPorts: []
-  # - name: minecraft
-  #   port: 25565
-  #   protocol: tcp

ci/lib.sh

@@ -1,121 +0,0 @@
-#!/usr/bin/env bash
-set -euo pipefail
-
-pushd() {
-  builtin pushd "$@" > /dev/null
-}
-
-popd() {
-  builtin popd > /dev/null
-}
-
-vscode_version() {
-  jq -r .version lib/vscode/package.json
-}
-
-os() {
-  osname=$(uname | tr '[:upper:]' '[:lower:]')
-  case $osname in
-    linux)
-      # Alpine's ldd doesn't have a version flag but if you use an invalid flag
-      # (like --version) it outputs the version to stderr and exits with 1.
-      # TODO: Better to check /etc/os-release; see ../install.sh.
-      ldd_output=$(ldd --version 2>&1 || true)
-      if echo "$ldd_output" | grep -iq musl; then
-        osname="alpine"
-      fi
-      ;;
-    darwin) osname="macos" ;;
-    cygwin* | mingw*) osname="windows" ;;
-  esac
-  echo "$osname"
-}
-
-arch() {
-  cpu="$(uname -m)"
-  case "$cpu" in
-    aarch64) cpu=arm64 ;;
-    x86_64) cpu=amd64 ;;
-  esac
-  echo "$cpu"
-}
-
-rsync() {
-  command rsync -a --del "$@"
-}
-
-if [[ ! ${ARCH-} ]]; then
-  ARCH=$(arch)
-  export ARCH
-fi
-
-if [[ ! ${OS-} ]]; then
-  OS=$(os)
-  export OS
-fi
-
-# RELEASE_PATH is the destination directory for the release from the root.
-# Defaults to release
-if [[ ! ${RELEASE_PATH-} ]]; then
-  RELEASE_PATH="release"
-  export RELEASE_PATH
-fi
-
-nodeOS() {
-  osname=$OS
-  case $osname in
-    macos) osname=darwin ;;
-    windows) osname=win32 ;;
-  esac
-  echo "$osname"
-}
-
-nodeArch() {
-  cpu=$ARCH
-  case $cpu in
-    amd64) cpu=x64 ;;
-  esac
-  echo "$cpu"
-}
-
-run-steps() {
-  local -i failed=0
-  rm -f .cache/checklist
-  while (( $# )) ; do
-    local name=$1 ; shift
-    local fn=$1 ; shift
-    # Only run if an earlier step has not failed.
-    if [[ $failed == 0 ]] ; then
-      echo "$name..."
-      if $fn | indent ; then
-        echo "- [X] $name" >> .cache/checklist
-      else
-        ((failed++))
-      fi
-    fi
-    # For all failed steps, write out an empty checkbox.
-    if [[ $failed != 0 ]] ; then
-      echo "- [ ] $name" >> .cache/checklist
-    fi
-  done
-  if [[ $failed != 0 ]] ; then
-    return 1
-  fi
-}
-
-quiet() {
-  "$@" >/dev/null
-}
-
-indent() {
-  local count=2
-  local space
-  space=$(printf "%${count}s")
-  sed "s/^/$space| /g"
-}
-
-# See gulpfile.reh.ts for available targets.
-if [[ ! ${VSCODE_TARGET-} ]]; then
-  VSCODE_TARGET="$(nodeOS)-$(nodeArch)"
-  export VSCODE_TARGET
-fi

ci/release-image/Dockerfile

@@ -1,61 +0,0 @@
-# syntax=docker/dockerfile:experimental
-
-ARG BASE=debian:13
-FROM scratch AS packages
-COPY release-packages/code-server*.deb /tmp/
-
-FROM $BASE
-
-RUN apt-get update \
-  && apt-get install -y \
-    curl \
-    dumb-init \
-    git \
-    git-lfs \
-    htop \
-    locales \
-    lsb-release \
-    man-db \
-    nano \
-    openssh-client \
-    procps \
-    sudo \
-    vim-tiny \
-    wget \
-    zsh \
-  && git lfs install \
-  && rm -rf /var/lib/apt/lists/*
-
-# https://wiki.debian.org/Locale#Manually
-RUN sed -i "s/# en_US.UTF-8/en_US.UTF-8/" /etc/locale.gen \
-  && locale-gen
-ENV LANG=en_US.UTF-8
-
-RUN if grep -q 1000 /etc/passwd; then \
-    userdel -r "$(id -un 1000)"; \
-  fi \
-  && adduser --gecos '' --disabled-password coder \
-  && echo "coder ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers.d/nopasswd
-
-RUN ARCH="$(dpkg --print-architecture)" \
-  && curl -fsSL "https://github.com/boxboat/fixuid/releases/download/v0.6.0/fixuid-0.6.0-linux-$ARCH.tar.gz" | tar -C /usr/local/bin -xzf - \
-  && chown root:root /usr/local/bin/fixuid \
-  && chmod 4755 /usr/local/bin/fixuid \
-  && mkdir -p /etc/fixuid \
-  && printf "user: coder\ngroup: coder\n" > /etc/fixuid/config.yml
-
-COPY ci/release-image/entrypoint.sh /usr/bin/entrypoint.sh
-RUN --mount=from=packages,src=/tmp,dst=/tmp/packages dpkg -i /tmp/packages/code-server*$(dpkg --print-architecture).deb
-
-# Allow users to have scripts run on container startup to prepare workspace.
-# https://github.com/coder/code-server/issues/5177
-ENV ENTRYPOINTD=${HOME}/entrypoint.d
-
-EXPOSE 8080
-# This way, if someone sets $DOCKER_USER, docker-exec will still work as
-# the uid will remain the same. note: only relevant if -u isn't passed to
-# docker-run.
-USER 1000
-ENV USER=coder
-WORKDIR /home/coder
-ENTRYPOINT ["/usr/bin/entrypoint.sh", "--bind-addr", "0.0.0.0:8080", "."]

ci/release-image/Dockerfile.fedora

@@ -1,51 +0,0 @@
-# syntax=docker/dockerfile:experimental
-
-ARG BASE=fedora:39
-FROM scratch AS packages
-COPY release-packages/code-server*.rpm /tmp/
-
-FROM $BASE
-
-RUN dnf update -y \
-    && dnf install -y \
-    curl \
-    git \
-    git-lfs \
-    htop \
-    nano \
-    openssh-clients \
-    procps \
-    wget \
-    zsh \
-    dumb-init \
-    glibc-langpack-en \
-    && rm -rf /var/cache/dnf
-RUN git lfs install
-
-ENV LANG=en_US.UTF-8
-RUN echo 'LANG="en_US.UTF-8"' > /etc/locale.conf
-
-RUN useradd -u 1000 coder && echo "coder ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers.d/nopasswd
-
-RUN ARCH="$(uname -m | sed 's/x86_64/amd64/g' | sed 's/aarch64/arm64/g')" \
-  && curl -fsSL "https://github.com/boxboat/fixuid/releases/download/v0.6.0/fixuid-0.6.0-linux-$ARCH.tar.gz" | tar -C /usr/local/bin -xzf - \
-  && chown root:root /usr/local/bin/fixuid \
-  && chmod 4755 /usr/local/bin/fixuid \
-  && mkdir -p /etc/fixuid \
-  && printf "user: coder\ngroup: coder\n" > /etc/fixuid/config.yml
-
-COPY ci/release-image/entrypoint.sh /usr/bin/entrypoint.sh
-RUN --mount=from=packages,src=/tmp,dst=/tmp/packages rpm -i /tmp/packages/code-server*$(uname -m | sed 's/x86_64/amd64/g' | sed 's/aarch64/arm64/g').rpm
-
-# Allow users to have scripts run on container startup to prepare workspace.
-# https://github.com/coder/code-server/issues/5177
-ENV ENTRYPOINTD=${HOME}/entrypoint.d
-
-EXPOSE 8080
-# This way, if someone sets $DOCKER_USER, docker-exec will still work as
-# the uid will remain the same. note: only relevant if -u isn't passed to
-# docker-run.
-USER 1000
-ENV USER=coder
-WORKDIR /home/coder
-ENTRYPOINT ["/usr/bin/entrypoint.sh", "--bind-addr", "0.0.0.0:8080", "."]

ci/release-image/Dockerfile.opensuse

@@ -1,51 +0,0 @@
-# syntax=docker/dockerfile:experimental
-
-ARG BASE=opensuse/tumbleweed
-FROM scratch AS packages
-COPY release-packages/code-server*.rpm /tmp/
-
-FROM $BASE
-
-RUN zypper dup -y \
-    && zypper in -y \
-    curl \
-    git \
-    git-lfs \
-    htop \
-    nano \
-    openssh-clients \
-    procps \
-    wget \
-    zsh \
-    sudo \
-    catatonit \
-    && rm -rf /var/cache/zypp /var/cache/zypper
-RUN git lfs install
-
-ENV LANG=en_US.UTF-8
-RUN echo 'LANG="en_US.UTF-8"' > /etc/locale.conf
-
-RUN useradd -u 1000 coder && echo "coder ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers.d/nopasswd
-
-RUN ARCH="$(uname -m | sed 's/x86_64/amd64/g' | sed 's/aarch64/arm64/g')" \
-  && curl -fsSL "https://github.com/boxboat/fixuid/releases/download/v0.6.0/fixuid-0.6.0-linux-$ARCH.tar.gz" | tar -C /usr/local/bin -xzf - \
-  && chown root:root /usr/local/bin/fixuid \
-  && chmod 4755 /usr/local/bin/fixuid \
-  && mkdir -p /etc/fixuid \
-  && printf "user: coder\ngroup: coder\n" > /etc/fixuid/config.yml
-
-COPY ci/release-image/entrypoint-catatonit.sh /usr/bin/entrypoint-catatonit.sh
-RUN --mount=from=packages,src=/tmp,dst=/tmp/packages rpm -i /tmp/packages/code-server*$(uname -m | sed 's/x86_64/amd64/g' | sed 's/aarch64/arm64/g').rpm
-
-# Allow users to have scripts run on container startup to prepare workspace.
-# https://github.com/coder/code-server/issues/5177
-ENV ENTRYPOINTD=${HOME}/entrypoint.d
-
-EXPOSE 8080
-# This way, if someone sets $DOCKER_USER, docker-exec will still work as
-# the uid will remain the same. note: only relevant if -u isn't passed to
-# docker-run.
-USER 1000
-ENV USER=coder
-WORKDIR /home/coder
-ENTRYPOINT ["/usr/bin/entrypoint-catatonit.sh", "--bind-addr", "0.0.0.0:8080", "."]

ci/release-image/docker-bake.hcl

@@ -1,130 +0,0 @@
-# Use this file from the top of the repo, with `-f ci/release-image/docker-bake.hcl`
-
-# Uses env var VERSION if set;
-# normally, this is set by ci/lib.sh
-variable "VERSION" {
-    default = "latest"
-}
-
-variable "DOCKER_REGISTRY" {
-    default = "docker.io/codercom/code-server"
-}
-
-variable "GITHUB_REGISTRY" {
-    default = "ghcr.io/coder/code-server"
-}
-
-group "default" {
-    targets = [
-        "code-server-debian-13",
-        "code-server-debian-12",
-        "code-server-ubuntu-focal",
-        "code-server-ubuntu-noble",
-        "code-server-ubuntu-resolute",
-        "code-server-fedora-39",
-        "code-server-opensuse-tumbleweed",
-    ]
-}
-
-function "prepend_hyphen_if_not_null" {
-    params = [tag]
-    result = notequal("","${tag}") ? "-${tag}" : "${tag}"
-}
-
-# use empty tag (tag="") to generate default tags
-function "gen_tags" {
-    params = [registry, tag]
-    result = notequal("","${registry}") ? [
-        notequal("", "${tag}") ? "${registry}:${tag}" : "${registry}:latest",
-        notequal("latest",VERSION) ? "${registry}:${VERSION}${prepend_hyphen_if_not_null(tag)}" : "",
-    ] : []
-}
-
-# helper function to generate tags for docker registry and github registry.
-# set (DOCKER|GITHUB)_REGISTRY="" to disable corresponding registry
-function "gen_tags_for_docker_and_ghcr" {
-    params = [tag]
-    result = concat(
-        gen_tags("${DOCKER_REGISTRY}", "${tag}"),
-        gen_tags("${GITHUB_REGISTRY}", "${tag}"),
-    )
-}
-
-target "code-server-debian-13" {
-    dockerfile = "ci/release-image/Dockerfile"
-    tags = concat(
-        gen_tags_for_docker_and_ghcr(""),
-        gen_tags_for_docker_and_ghcr("debian"),
-        gen_tags_for_docker_and_ghcr("trixie"),
-    )
-    platforms = ["linux/amd64", "linux/arm64"]
-}
-
-target "code-server-debian-12" {
-    dockerfile = "ci/release-image/Dockerfile"
-    tags = concat(
-        gen_tags_for_docker_and_ghcr("bookworm"),
-    )
-    args = {
-        BASE = "debian:12"
-    }
-    platforms = ["linux/amd64", "linux/arm64"]
-}
-
-target "code-server-ubuntu-focal" {
-    dockerfile = "ci/release-image/Dockerfile"
-    tags = concat(
-        gen_tags_for_docker_and_ghcr("focal"),
-    )
-    args = {
-        BASE = "ubuntu:focal"
-    }
-    platforms = ["linux/amd64", "linux/arm64"]
-}
-
-target "code-server-ubuntu-noble" {
-    dockerfile = "ci/release-image/Dockerfile"
-    tags = concat(
-        gen_tags_for_docker_and_ghcr("noble"),
-        gen_tags_for_docker_and_ghcr("ubuntu"),
-    )
-    args = {
-        BASE = "ubuntu:noble"
-    }
-    platforms = ["linux/amd64", "linux/arm64"]
-}
-
-target "code-server-ubuntu-resolute" {
-    dockerfile = "ci/release-image/Dockerfile"
-    tags = concat(
-        gen_tags_for_docker_and_ghcr("resolute"),
-    )
-    args = {
-        BASE = "ubuntu:resolute"
-    }
-    platforms = ["linux/amd64", "linux/arm64"]
-}
-
-target "code-server-fedora-39" {
-    dockerfile = "ci/release-image/Dockerfile.fedora"
-    tags = concat(
-        gen_tags_for_docker_and_ghcr("fedora"),
-        gen_tags_for_docker_and_ghcr("39"),
-    )
-    args = {
-        BASE = "fedora:39"
-    }
-    platforms = ["linux/amd64", "linux/arm64"]
-}
-
-target "code-server-opensuse-tumbleweed" {
-    dockerfile = "ci/release-image/Dockerfile.opensuse"
-    tags = concat(
-        gen_tags_for_docker_and_ghcr("opensuse"),
-        gen_tags_for_docker_and_ghcr("tumbleweed"),
-    )
-    args = {
-        BASE = "opensuse/tumbleweed"
-    }
-    platforms = ["linux/amd64", "linux/arm64"]
-}

ci/release-image/entrypoint-catatonit.sh

@@ -1,27 +0,0 @@
-#!/bin/sh
-set -eu
-
-# We do this first to ensure sudo works below when renaming the user.
-# Otherwise the current container UID may not exist in the passwd database.
-eval "$(fixuid -q)"
-
-if [ "${DOCKER_USER-}" ]; then
-  USER="$DOCKER_USER"
-  if [ "$DOCKER_USER" != "$(whoami)" ]; then
-    echo "$DOCKER_USER ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/nopasswd > /dev/null
-    # Unfortunately we cannot change $HOME as we cannot move any bind mounts
-    # nor can we bind mount $HOME into a new home as that requires a privileged container.
-    sudo usermod --login "$DOCKER_USER" coder
-    sudo groupmod -n "$DOCKER_USER" coder
-
-    sudo sed -i "/coder/d" /etc/sudoers.d/nopasswd
-  fi
-fi
-
-# Allow users to have scripts run on container startup to prepare workspace.
-# https://github.com/coder/code-server/issues/5177
-if [ -d "${ENTRYPOINTD}" ]; then
-  find "${ENTRYPOINTD}" -type f -executable -print -exec {} \;
-fi
-
-exec catatonit -- /usr/bin/code-server "$@"

ci/release-image/entrypoint.sh

@@ -1,27 +0,0 @@
-#!/bin/sh
-set -eu
-
-# We do this first to ensure sudo works below when renaming the user.
-# Otherwise the current container UID may not exist in the passwd database.
-eval "$(fixuid -q)"
-
-if [ "${DOCKER_USER-}" ]; then
-  USER="$DOCKER_USER"
-  if [ -z "$(id -u "$DOCKER_USER" 2>/dev/null)" ]; then
-    echo "$DOCKER_USER ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers.d/nopasswd > /dev/null
-    # Unfortunately we cannot change $HOME as we cannot move any bind mounts
-    # nor can we bind mount $HOME into a new home as that requires a privileged container.
-    sudo usermod --login "$DOCKER_USER" coder
-    sudo groupmod -n "$DOCKER_USER" coder
-
-    sudo sed -i "/coder/d" /etc/sudoers.d/nopasswd
-  fi
-fi
-
-# Allow users to have scripts run on container startup to prepare workspace.
-# https://github.com/coder/code-server/issues/5177
-if [ -d "${ENTRYPOINTD}" ]; then
-  find "${ENTRYPOINTD}" -type f -executable -print -exec {} \;
-fi
-
-exec dumb-init /usr/bin/code-server "$@"

ci/steps/docker-buildx-push.sh

@@ -1,15 +0,0 @@
-#!/usr/bin/env bash
-set -euo pipefail
-
-main() {
-  cd "$(dirname "$0")/../.."
-  # NOTE@jsjoeio - this script assumes VERSION exists as an
-  # environment variable.
-
-  # NOTE@jsjoeio - this script assumes that you've downloaded
-  # the release-packages artifact to ./release-packages before
-  # running this docker buildx step
-  docker buildx bake -f ci/release-image/docker-bake.hcl --push
-}
-
-main "$@"

ci/steps/steps-lib.sh

@@ -1,47 +0,0 @@
-#!/usr/bin/env bash
-
-# This is a library which contains functions used inside ci/steps
-#
-# We separated it into it's own file so that we could easily unit test
-# these functions and helpers
-
-# Checks whether and environment variable is set.
-# Source: https://stackoverflow.com/a/62210688/3015595
-is_env_var_set() {
-  local name="${1:-}"
-  if test -n "${!name:-}"; then
-    return 0
-  else
-    return 1
-  fi
-}
-
-# Checks whether a directory exists.
-directory_exists() {
-  local dir="${1:-}"
-  if [[ -d "${dir:-}" ]]; then
-    return 0
-  else
-    return 1
-  fi
-}
-
-# Checks whether a file exists.
-file_exists() {
-  local file="${1:-}"
-  if test -f "${file:-}"; then
-    return 0
-  else
-    return 1
-  fi
-}
-
-# Checks whether a file is executable.
-is_executable() {
-  local file="${1:-}"
-  if [ -f "${file}" ] && [ -r "${file}" ] && [ -x "${file}" ]; then
-    return 0
-  else
-    return 1
-  fi
-}

deployment/aws/deployment.yaml

@@ -0,0 +1,74 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: code-server
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: code-server
+ namespace: code-server
+spec:
+ ports:
+ - port: 8443
+   name: https
+   protocol: TCP
+ selector:
+   app: code-server
+ type: ClusterIP
+---
+kind: StorageClass
+apiVersion: storage.k8s.io/v1
+metadata:
+  name: gp2
+  annotations:
+    storageclass.kubernetes.io/is-default-class: "true"
+provisioner: kubernetes.io/aws-ebs
+parameters:
+  type: gp2
+  fsType: ext4
+---
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: code-store
+  namespace: code-server
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 60Gi
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  labels:
+    app: code-server
+  name: code-server
+  namespace: code-server
+spec:
+  selector:
+    matchLabels:
+      app: code-server
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: code-server
+    spec:
+      containers:
+      - image: codercom/code-server
+        imagePullPolicy: Always
+        name: code-servery
+        ports:
+        - containerPort: 8443
+          name: https
+        volumeMounts:
+        - name: code-server-storage
+          mountPath: /go/src
+      volumes:
+      - name: code-server-storage
+        persistentVolumeClaim:
+          claimName: code-store
+

deployment/deployment.yaml

@@ -0,0 +1,43 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: code-server
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: code-server
+ namespace: code-server
+spec:
+ ports:
+ - port: 8443
+   name: https
+   protocol: TCP
+ selector:
+   app: code-server
+ type: ClusterIP
+---
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+  labels:
+    app: code-server
+  name: code-server
+  namespace: code-server
+spec:
+  selector:
+    matchLabels:
+      app: code-server
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: code-server
+    spec:
+      containers:
+      - image: codercom/code-server
+        imagePullPolicy: Always
+        name: code-server
+        ports:
+        - containerPort: 8443
+          name: https

doc/admin/install/aws.md

@@ -0,0 +1,69 @@
+# Deploy on AWS
+
+This tutorial shows you how to deploy `code-server` on an EC2 AWS instance.
+
+If you're just starting out, we recommend [installing code-server locally](../../self-hosted/index.md). It takes only a few minutes and lets you try out all of the features.
+
+---
+
+## Deploy to EC2
+
+### Use the AWS wizard
+
+- Click **Launch Instance** from your [EC2 dashboard](https://console.aws.amazon.com/ec2/v2/home).
+- Select the Ubuntu Server 16.04 LTS (HVM), SSD Volume Type (`ami-0f9cf087c1f27d9b1)` at this time of writing)
+- Select an appropriate instance size (we recommend t2.medium/large, depending on team size and number of repositories/languages enabled), then **Next: Configure Instance Details**
+- Select **Next: ...** until you get to the **Configure Security Group** page, then add the default **HTTP** rule (port range "80", source "0.0.0.0/0, ::/0")
+  > Rules with source of 0.0.0.0/0 allow all IP addresses to access your instance. We recommend setting [security group rules](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-network-security.html?icmpid=docs_ec2_console) to allow access from known IP addresses only.
+- Click **Launch**
+- You will be prompted to create a key pair
+    > A key pair consists of a public key that AWS stores, and a private key file that you store. Together, they allow you to connect to your instance securely. For Windows AMIs, the private key file is required to obtain the password used to log into your instance. For Linux AMIs, the private key file allows you to securely SSH into your instance.
+- From the dropdown choose "create a new pair", give the key pair a name
+- Click **Download Key Pair**
+  > This is necessary before you proceed. A `.pem` file will be downloaded. make sure you store is in a safe location because it can't be retrieved once we move on.
+- Finally, click **Launch Instances**
+---
+### SSH Into EC2 Instance
+- First head to your [EC2 dashboard](https://console.aws.amazon.com/ec2/v2/home) and choose instances from the left panel
+- In the description of your EC2 instance copy the public DNS (iPv4) address using the copy to clipboard button
+- Open a terminal on your computer and use the following command to SSH into your EC2 instance
+  ```
+  ssh -i "path/to/your/keypair.pem" ubuntu@(paste the public DNS here)
+  ```
+  >example: `ssh -i "/Users/John/Downloads/TestInstance.pem" ubuntu@ec2-3-45-678-910.compute-1.amazonaws.co`
+- You should see a prompt for your EC2 instance like so<img src="../../assets/aws_ubuntu.png">
+- At this point it is time to download the `code-server` binary. We will of course want the linux version.
+- Find the latest Linux release from this URL:
+  ```
+  https://github.com/cdr/code-server/releases/latest
+  ```
+- Replace {version} in the following command with the version found on the releases page and run it (or just copy the download URL from the releases page):
+  ```
+  wget https://github.com/cdr/code-server/releases/download/{version}/code-server-{version}-linux-x64.tar.gz
+  ```
+- Extract the downloaded tar.gz file with this command, for example:
+  ```
+  tar -xvzf code-server-{version}-linux-x64.tar.gz
+  ```
+- Navigate to extracted directory with this command:
+  ```
+  cd code-server-{version}-linux-x64
+  ```
+- If you run into any permission errors, make the binary executable by running:
+  ```
+  chmod +x code-server
+  ```
+  > To ensure the connection between you and your server is encrypted view our guide on [securing your setup](../../security/ssl.md)
+- Finally, run
+  ```
+  sudo ./code-server -p 80
+  ```
+- When you visit the public IP for your AWS instance, you will be greeted   with this page. Code-server is using a self-signed SSL certificate for easy setup. To proceed to the IDE, click **"Advanced"**<img src ="../../assets/chrome_warning.png">
+- Then click **"proceed anyway"**<img src="../../assets/chrome_confirm.png">
+
+  > For instructions on how to keep the server running after you end your SSH session please checkout [how to use systemd](https://www.linode.com/docs/quick-answers/linux/start-service-at-boot/) to start linux based services if they are killed
+
+  > The `-p 80` flag is necessary in order to make the IDE accessible from the public IP of your instance (also available from the description in the instances page.
+
+  ---
+> NOTE: If you get stuck or need help, [file an issue](https://github.com/cdr/code-server/issues/new?&title=Improve+self-hosted+quickstart+guide), [tweet (@coderhq)](https://twitter.com/coderhq) or [email](mailto:support@coder.com?subject=Self-hosted%20quickstart%20guide).

doc/admin/install/digitalocean.md

@@ -0,0 +1,49 @@
+# Deploy on DigitalOcean
+
+This tutorial shows you how to deploy `code-server` to a single node running on DigitalOcean.
+
+If you're just starting out, we recommend [installing code-server locally](../../self-hosted/index.md). It takes only a few minutes and lets you try out all of the features.
+
+---
+
+## Use the "Create Droplets" wizard
+
+[Open your DigitalOcean dashboard](https://cloud.digitalocean.com/droplets/new) to create a new droplet
+
+- **Choose an image -** Select the **Distributions** tab and then choose Ubuntu
+- **Choose a size -** We recommend at least 4GB RAM and 2 CPU, more depending on team size and number of repositories/languages enabled.
+- Launch your instance
+- Open a terminal on your computer and SSH into your instance
+  > example: ssh root@203.0.113.0
+- Once in the SSH session, visit code-server [releases page](https://github.com/cdr/code-server/releases/) and copy the link to the download for the latest linux release
+- Find the latest Linux release from this URL:
+  ```
+  https://github.com/cdr/code-server/releases/latest
+  ```
+- Replace {version} in the following command with the version found on the releases page and run it (or just copy the download URL from the releases page):
+  ```
+  wget https://github.com/cdr/code-server/releases/download/{version}/code-server-{version}-linux-x64.tar.gz
+  ```
+- Extract the downloaded tar.gz file with this command, for example:
+  ```
+  tar -xvzf code-server-{version}-linux-x64.tar.gz
+  ```
+- Navigate to extracted directory with this command:
+  ```
+  cd code-server-{version}-linux-x64
+  ```
+- If you run into any permission errors when attempting to run the binary:
+  ```
+  chmod +x code-server
+  ```
+  > To ensure the connection between you and your server is encrypted view our guide on [securing your setup](../../security/ssl.md)
+- Finally start the code-server
+  ```
+  sudo ./code-server -p 80
+  ```
+    > For instructions on how to keep the server running after you end your SSH session please checkout [how to use systemd](https://www.linode.com/docs/quick-answers/linux/start-service-at-boot/) to start linux based services if they are killed
+- When you visit the public IP for your Digital Ocean instance, you will be greeted with this page. Code-server is using a self-signed SSL certificate for easy setup. To proceed to the IDE, click **"Advanced"**<img src ="../../assets/chrome_warning.png">
+- Then click **"proceed anyway"**<img src="../../assets/chrome_confirm.png">
+
+---
+> NOTE: If you get stuck or need help, [file an issue](https://github.com/cdr/code-server/issues/new?&title=Improve+self-hosted+quickstart+guide), [tweet (@coderhq)](https://twitter.com/coderhq) or [email](mailto:support@coder.com?subject=Self-hosted%20quickstart%20guide).

doc/admin/install/google_cloud.md

@@ -0,0 +1,71 @@
+# Deploy on Google Cloud
+
+This tutorial shows you how to deploy `code-server` to a single node running on Google Cloud.
+
+If you're just starting out, we recommend [installing code-server locally](../../self-hosted/index.md). It takes only a few minutes and lets you try out all of the features.
+
+---
+
+## Deploy to Google Cloud VM
+> Pre-requisite: Please [set up Google Cloud SDK](https://cloud.google.com/sdk/docs/) on your local machine
+
+- [Open your Google Cloud console](https://console.cloud.google.com/compute/instances) to create a new VM instance and click **Create Instance**
+- Choose an appropriate machine type (we recommend 2 vCPU and 7.5 GB RAM, more depending on team size and number of repositories/languages enabled)
+- Choose Ubuntu 16.04 LTS as your boot disk
+- Check the boxes for **Allow HTTP traffic** and **Allow HTTPS traffic** in the **Firewall** section
+- Create your VM, and **take note** of its public IP address.
+- Copy the link to download the latest Linux binary from our [releases page](https://github.com/cdr/code-server/releases)
+
+---
+
+## Final Steps
+
+- SSH into your Google Cloud VM
+```
+gcloud compute ssh --zone [region] [instance name]
+```
+
+- Find the latest Linux release from this URL:
+```
+https://github.com/cdr/code-server/releases/latest
+```
+
+- Replace {version} in the following command with the version found on the releases page and run it (or just copy the download URL from the releases page):
+```
+wget https://github.com/cdr/code-server/releases/download/{version}/code-server-{version}-linux-x64.tar.gz
+```
+
+- Extract the downloaded tar.gz file with this command, for example:
+```
+tar -xvzf code-server-{version}-linux-x64.tar.gz
+```
+
+- Navigate to extracted directory with this command:
+```
+cd code-server-{version}-linux-x64
+```
+
+- Make the binary executable if you run into any errors regarding permission:
+```
+chmod +x code-server
+```
+
+> To ensure the connection between you and your server is encrypted view our guide on [securing your setup](../../security/ssl.md)
+
+- Start the code-server
+```
+sudo ./code-server -p 80
+```
+
+> For instructions on how to keep the server running after you end your SSH session please checkout [how to use systemd](https://www.linode.com/docs/quick-answers/linux/start-service-at-boot/) to start linux based services if they are killed
+
+- Access code-server from the public IP of your Google Cloud instance we noted earlier in your browser.
+> example: 32.32.32.234
+
+- You will be greeted with this page. Code-server is using a self-signed SSL certificate for easy setup. To proceed to the IDE, click **"Advanced"**<img src ="../../assets/chrome_warning.png">
+
+- Then click **"proceed anyway"**<img src="../../assets/chrome_confirm.png">
+
+---
+
+> NOTE: If you get stuck or need help, [file an issue](https://github.com/cdr/code-server/issues/new?&title=Improve+self-hosted+quickstart+guide), [tweet (@coderhq)](https://twitter.com/coderhq) or [email](mailto:support@coder.com?subject=Self-hosted%20quickstart%20guide).