Merge branch 'main' into matifali/migration-guide

.github/workflows/cla.yaml

@@ -11,7 +11,7 @@ jobs:
     steps:
       - name: "CLA Assistant"
         if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request_target'
-        uses: contributor-assistant/github-action@v2.4.0
+        uses: contributor-assistant/github-action@v2.6.1
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           # the below token should have repo scope and must be manually added by you in the repository's secret

.github/workflows/release.yml

@@ -31,17 +31,17 @@ jobs:
 
       - name: Import GPG key
         id: import_gpg
-        uses: crazy-max/ghaction-import-gpg@v6.1.0
+        uses: crazy-max/ghaction-import-gpg@v6.2.0
         with:
           # These secrets will need to be configured for the repository:
           gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
           passphrase: ${{ secrets.PASSPHRASE }}
 
       - name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@v5.1.0
+        uses: goreleaser/goreleaser-action@v6.1.0
         with:
           version: latest
-          args: release --rm-dist
+          args: release --clean
         env:
           GPG_FINGERPRINT: ${{ steps.import_gpg.outputs.fingerprint }}
           # GitHub sets this automatically

.github/workflows/test.yml

@@ -64,15 +64,11 @@ jobs:
       fail-fast: false
       matrix:
         terraform:
-          - "1.0.*"
-          - "1.1.*"
-          - "1.2.*"
-          - "1.3.*"
-          - "1.4.*"
           - "1.5.*"
           - "1.6.*"
           - "1.7.*"
           - "1.8.*"
+          - "1.9.*"
     steps:
       - name: Set up Go
         uses: actions/setup-go@v5
@@ -112,7 +108,7 @@ jobs:
 
       - uses: hashicorp/setup-terraform@v3
         with:
-          terraform_version: "1.3.*"
+          terraform_version: "latest"
           terraform_wrapper: false
 
       - name: Check out code into the Go module directory

.goreleaser.yml

@@ -57,4 +57,4 @@ release:
   # If you want to manually examine the release before its live, uncomment this line:
   # draft: true
 changelog:
-  skip: true
+  disable: true

docs/data-sources/workspace.md

@@ -13,11 +13,51 @@ Use this data source to get information for the active workspace build.
 ## Example Usage
 
 ```terraform
-data "coder_workspace" "dev" {
+provider "coder" {}
+
+provider "docker" {}
+
+data "coder_workspace" "me" {}
+
+data "coder_workspace_owner" "me" {}
+
+resource "coder_agent" "dev" {
+  arch = "amd64"
+  os   = "linux"
+  dir  = "/workspace"
 }
 
-resource "kubernetes_pod" "dev" {
-  count = data.coder_workspace.dev.transition == "start" ? 1 : 0
+resource "docker_container" "workspace" {
+  count = data.coder_workspace.me.start_count
+  image = docker_image.main.name
+  # Uses lower() to avoid Docker restriction on container names.
+  name = "coder-${data.coder_workspace_owner.me.name}-${lower(data.coder_workspace.me.name)}"
+  # Hostname makes the shell more user friendly: coder@my-workspace:~$
+  hostname = data.coder_workspace.me.name
+  # Use the docker gateway if the access URL is 127.0.0.1
+  entrypoint = ["sh", "-c", replace(coder_agent.main.init_script, "/localhost|127\\.0\\.0\\.1/", "host.docker.internal")]
+  env        = ["CODER_AGENT_TOKEN=${coder_agent.main.token}"]
+  host {
+    host = "host.docker.internal"
+    ip   = "host-gateway"
+  }
+  # Add labels in Docker to keep track of orphan resources.
+  labels {
+    label = "coder.owner"
+    value = data.coder_workspace_owner.me.name
+  }
+  labels {
+    label = "coder.owner_id"
+    value = data.coder_workspace_owner.me.id
+  }
+  labels {
+    label = "coder.workspace_id"
+    value = data.coder_workspace.me.id
+  }
+  labels {
+    label = "coder.workspace_name"
+    value = data.coder_workspace.me.name
+  }
 }
 ```
 
@@ -30,13 +70,6 @@ resource "kubernetes_pod" "dev" {
 - `access_url` (String) The access URL of the Coder deployment provisioning this workspace.
 - `id` (String) UUID of the workspace.
 - `name` (String) Name of the workspace.
-- `owner` (String, **Deprecated**: Use `coder_workspace_owner.name` instead.) Username of the workspace owner.
-- `owner_email` (String, **Deprecated**: Use `coder_workspace_owner.email` instead.) Email address of the workspace owner.
-- `owner_groups` (List of String, **Deprecated**: Use `coder_workspace_owner.groups` instead.) List of groups the workspace owner belongs to.
-- `owner_id` (String, **Deprecated**: Use `coder_workspace_owner.id` instead.) UUID of the workspace owner.
-- `owner_name` (String, **Deprecated**: Use `coder_workspace_owner.full_name` instead.) Name of the workspace owner.
-- `owner_oidc_access_token` (String, **Deprecated**: Use `coder_workspace_owner.oidc_access_token` instead.) A valid OpenID Connect access token of the workspace owner. This is only available if the workspace owner authenticated with OpenID Connect. If a valid token cannot be obtained, this value will be an empty string.
-- `owner_session_token` (String, **Deprecated**: Use `coder_workspace_owner.session_token` instead.) Session token for authenticating with a Coder deployment. It is regenerated everytime a workspace is started.
 - `start_count` (Number) A computed count based on `transition` state. If `start`, count will equal 1.
 - `template_id` (String) ID of the workspace's template.
 - `template_name` (String) Name of the workspace's template.

docs/data-sources/workspace_owner.md

@@ -15,14 +15,12 @@ Use this data source to fetch information about the workspace owner.
 ```terraform
 provider "coder" {}
 
-data "coder_workspace" "me" {}
-
 data "coder_workspace_owner" "me" {}
 
 resource "coder_agent" "dev" {
   arch = "amd64"
   os   = "linux"
-  dir  = local.repo_dir
+  dir  = "/workspace"
   env = {
     OIDC_TOKEN : data.coder_workspace_owner.me.oidc_access_token,
   }
@@ -36,7 +34,7 @@ resource "coder_env" "git_author_name" {
 }
 
 resource "coder_env" "git_author_email" {
-  agent_id = var.agent_id
+  agent_id = coder_agent.dev.id
   name     = "GIT_AUTHOR_EMAIL"
   value    = data.coder_workspace_owner.me.email
   count    = data.coder_workspace_owner.me.email != "" ? 1 : 0
@@ -52,6 +50,7 @@ resource "coder_env" "git_author_email" {
 - `full_name` (String) The full name of the user.
 - `groups` (List of String) The groups of which the user is a member.
 - `id` (String) The UUID of the workspace owner.
+- `login_type` (String) The type of login the user has.
 - `name` (String) The username of the user.
 - `oidc_access_token` (String) A valid OpenID Connect access token of the workspace owner. This is only available if the workspace owner authenticated with OpenID Connect. If a valid token cannot be obtained, this value will be an empty string.
 - `session_token` (String) Session token for authenticating with a Coder deployment. It is regenerated every time a workspace is started.

docs/index.md

@@ -3,13 +3,12 @@
 page_title: "Coder Provider"
 subcategory: "Infrastructure"
 description: |-
-    Terraform provider for Coder. Coder is a self-hosted cloud development environment that allows enterprises to create consistent, secure, and scalable development environments for their teams.
-  
+    Terraform provider for managing Coder templates, which are the underlying infrastructure for Coder workspaces.
 ---
 
 # Coder Provider
 
-The Coder provider is used to help create [Coder](https://coder.com) templates. Coder is a self-hosted cloud development environment that allows enterprises to create consistent, secure, and scalable development environments for their teams.
+Terraform provider for managing Coder [templates](https://coder.com/docs/templates), which are the underlying infrastructure for Coder [workspaces](https://coder.com/docs/workspaces).
 
 -> Requires Coder v2.13.0 or later.
 
@@ -69,5 +68,4 @@ resource "google_compute_instance" "dev" {
 
 ### Optional
 
-- `feature_use_managed_variables` (Boolean, **Deprecated**: Terraform variables are now exclusively utilized for template-wide variables after the removal of support for legacy parameters.) Feature: use managed Terraform variables. The feature flag is not used anymore as Terraform variables are now exclusively utilized for template-wide variables.
 - `url` (String) The URL to access Coder.

docs/resources/agent.md

@@ -76,15 +76,12 @@ resource "kubernetes_pod" "dev" {
 - `dir` (String) The starting directory when a user creates a shell session. Defaults to `"$HOME"`.
 - `display_apps` (Block Set, Max: 1) The list of built-in apps to display in the agent bar. (see [below for nested schema](#nestedblock--display_apps))
 - `env` (Map of String) A mapping of environment variables to set inside the workspace.
-- `login_before_ready` (Boolean, **Deprecated**: Configure `startup_script_behavior` instead. This attribute will be removed in a future version of the provider.) This option defines whether or not the user can (by default) login to the workspace before it is ready. Ready means that e.g. the `startup_script` is done and has exited. When enabled, users may see an incomplete workspace when logging in.
 - `metadata` (Block List) Each `metadata` block defines a single item consisting of a key/value pair. This feature is in alpha and may break in future releases. (see [below for nested schema](#nestedblock--metadata))
 - `motd_file` (String) The path to a file within the workspace containing a message to display to users when they login via SSH. A typical value would be `"/etc/motd"`.
 - `order` (Number) The order determines the position of agents in the UI presentation. The lowest order is shown first and agents with equal order are sorted by name (ascending order).
 - `shutdown_script` (String) A script to run before the agent is stopped. The script should exit when it is done to signal that the workspace can be stopped. This option is an alias for defining a `coder_script` resource with `run_on_stop` set to `true`.
-- `shutdown_script_timeout` (Number, **Deprecated**: This feature is deprecated and has no effect. This attribute will be removed in a future version of the provider.) Time in seconds until the agent lifecycle status is marked as timed out during shutdown, this happens when the shutdown script has not completed (exited) in the given time.
 - `startup_script` (String) A script to run after the agent starts. The script should exit when it is done to signal that the agent is ready. This option is an alias for defining a `coder_script` resource with `run_on_start` set to `true`.
 - `startup_script_behavior` (String) This option sets the behavior of the `startup_script`. When set to `"blocking"`, the `startup_script` must exit before the workspace is ready. When set to `"non-blocking"`, the `startup_script` may run in the background and the workspace will be ready immediately. Default is `"non-blocking"`, although `"blocking"` is recommended. This option is an alias for defining a `coder_script` resource with `start_blocks_login` set to `true` (blocking).
-- `startup_script_timeout` (Number, **Deprecated**: This feature is deprecated and has no effect. This attribute will be removed in a future version of the provider.) Time in seconds until the agent lifecycle status is marked as timed out during start, this happens when the startup script has not completed (exited) in the given time.
 - `troubleshooting_url` (String) A URL to a document with instructions for troubleshooting problems with the agent.
 
 ### Read-Only

docs/resources/app.md

@@ -63,10 +63,9 @@ resource "coder_app" "vim" {
 - `display_name` (String) A display name to identify the app. Defaults to the slug.
 - `external` (Boolean) Specifies whether `url` is opened on the client machine instead of proxied through the workspace.
 - `healthcheck` (Block Set, Max: 1) HTTP health checking to determine the application readiness. (see [below for nested schema](#nestedblock--healthcheck))
+- `hidden` (Boolean) Determines if the app is visible in the UI (minimum Coder version: v2.16).
 - `icon` (String) A URL to an icon that will display in the dashboard. View built-in icons here: https://github.com/coder/coder/tree/main/site/static/icon. Use a built-in icon with `"${data.coder_workspace.me.access_url}/icon/<path>"`.
-- `name` (String, **Deprecated**: `name` on apps is deprecated, use `display_name` instead) A display name to identify the app.
 - `order` (Number) The order determines the position of app in the UI presentation. The lowest order is shown first and apps with equal order are sorted by name (ascending order).
-- `relative_path` (Boolean, **Deprecated**: `relative_path` on apps is deprecated, use `subdomain` instead.) Specifies whether the URL will be accessed via a relative path or wildcard. Use if wildcard routing is unavailable. Defaults to `true`.
 - `share` (String) Determines the level which the application is shared at. Valid levels are `"owner"` (default), `"authenticated"` and `"public"`. Level `"owner"` disables sharing on the app, so only the workspace owner can access it. Level `"authenticated"` shares the app with all authenticated users. Level `"public"` shares it with any user, including unauthenticated users. Permitted application sharing levels can be configured site-wide via a flag on `coder server` (Enterprise only).
 - `subdomain` (Boolean) Determines whether the app will be accessed via it's own subdomain or whether it will be accessed via a path on Coder. If wildcards have not been setup by the administrator then apps with `subdomain` set to `true` will not be accessible. Defaults to `false`.
 - `url` (String) An external url if `external=true` or a URL to be proxied to from inside the workspace. This should be of the form `http://localhost:PORT[/SUBPATH]`. Either `command` or `url` may be specified, but not both.

docs/resources/metadata.md

@@ -3,12 +3,15 @@
 page_title: "coder_metadata Resource - terraform-provider-coder"
 subcategory: ""
 description: |-
-  Use this resource to attach metadata to a resource. They will be displayed in the Coder dashboard.
+  Use this resource to attach metadata to a resource. They will be displayed in the Coder dashboard alongside the resource. The resource containing the agent, and it's metadata, will be shown by default.
+  Alternatively, to attach metadata to the agent, use a metadata block within a coder_agent resource.
 ---
 
 # coder_metadata (Resource)
 
-Use this resource to attach metadata to a resource. They will be displayed in the Coder dashboard.
+Use this resource to attach metadata to a resource. They will be displayed in the Coder dashboard alongside the resource. The resource containing the agent, and it's metadata, will be shown by default. 
+
+Alternatively, to attach metadata to the agent, use a `metadata` block within a `coder_agent` resource.
 
 ## Example Usage
 
@@ -82,7 +85,7 @@ Required:
 Optional:
 
 - `sensitive` (Boolean) Set to `true` to for items such as API keys whose values should be hidden from view by default. Note that this does not prevent metadata from being retrieved using the API, so it is not suitable for secrets that should not be exposed to workspace users.
-- `value` (String) The value of this metadata item.
+- `value` (String) The value of this metadata item. Supports basic Markdown, including hyperlinks.
 
 Read-Only:
 

examples/data-sources/coder_workspace/data-source.tf

@@ -1,6 +1,46 @@
-data "coder_workspace" "dev" {
+provider "coder" {}
+
+provider "docker" {}
+
+data "coder_workspace" "me" {}
+
+data "coder_workspace_owner" "me" {}
+
+resource "coder_agent" "dev" {
+  arch = "amd64"
+  os   = "linux"
+  dir  = "/workspace"
 }
 
-resource "kubernetes_pod" "dev" {
-  count = data.coder_workspace.dev.transition == "start" ? 1 : 0
+resource "docker_container" "workspace" {
+  count = data.coder_workspace.me.start_count
+  image = docker_image.main.name
+  # Uses lower() to avoid Docker restriction on container names.
+  name = "coder-${data.coder_workspace_owner.me.name}-${lower(data.coder_workspace.me.name)}"
+  # Hostname makes the shell more user friendly: coder@my-workspace:~$
+  hostname = data.coder_workspace.me.name
+  # Use the docker gateway if the access URL is 127.0.0.1
+  entrypoint = ["sh", "-c", replace(coder_agent.main.init_script, "/localhost|127\\.0\\.0\\.1/", "host.docker.internal")]
+  env        = ["CODER_AGENT_TOKEN=${coder_agent.main.token}"]
+  host {
+    host = "host.docker.internal"
+    ip   = "host-gateway"
+  }
+  # Add labels in Docker to keep track of orphan resources.
+  labels {
+    label = "coder.owner"
+    value = data.coder_workspace_owner.me.name
+  }
+  labels {
+    label = "coder.owner_id"
+    value = data.coder_workspace_owner.me.id
+  }
+  labels {
+    label = "coder.workspace_id"
+    value = data.coder_workspace.me.id
+  }
+  labels {
+    label = "coder.workspace_name"
+    value = data.coder_workspace.me.name
+  }
 }

examples/data-sources/coder_workspace_owner/data-source.tf

@@ -1,13 +1,11 @@
 provider "coder" {}
 
-data "coder_workspace" "me" {}
-
 data "coder_workspace_owner" "me" {}
 
 resource "coder_agent" "dev" {
   arch = "amd64"
   os   = "linux"
-  dir  = local.repo_dir
+  dir  = "/workspace"
   env = {
     OIDC_TOKEN : data.coder_workspace_owner.me.oidc_access_token,
   }
@@ -21,7 +19,7 @@ resource "coder_env" "git_author_name" {
 }
 
 resource "coder_env" "git_author_email" {
-  agent_id = var.agent_id
+  agent_id = coder_agent.dev.id
   name     = "GIT_AUTHOR_EMAIL"
   value    = data.coder_workspace_owner.me.email
   count    = data.coder_workspace_owner.me.email != "" ? 1 : 0