From 3b0cb5f92aa3aa13ddb32f29dbc24fefd30fe4d1 Mon Sep 17 00:00:00 2001
From: Cian Johnston <cian@coder.com>
Date: Fri, 16 Aug 2024 10:28:03 +0100
Subject: [PATCH 1/4] update envbuider-dogfood template to use provider

---
 envbuilder-dogfood/main.tf | 69 ++++++++++++++++++++++++--------------
 1 file changed, 44 insertions(+), 25 deletions(-)

diff --git a/envbuilder-dogfood/main.tf b/envbuilder-dogfood/main.tf
index 97134b2b8bb6e..47df25a6779c9 100644
--- a/envbuilder-dogfood/main.tf
+++ b/envbuilder-dogfood/main.tf
@@ -7,6 +7,9 @@ terraform {
       source  = "kreuzwerker/docker"
       version = "~> 3.0.0"
     }
+    envbuilder = {
+      source = "coder/envbuilder"
+    }
   }
 }
 
@@ -24,7 +27,7 @@ locals {
   }
 
   envbuilder_repo = "ghcr.io/coder/envbuilder-preview"
-  container_name  = "coder-${data.coder_workspace_owner.me.name}-${lower(data.coder_workspace.me.name)}"
+  container_name = "coder-${data.coder_workspace_owner.me.name}-${lower(data.coder_workspace.me.name)}"
   // Envbuilder clones repos to /workspaces by default.
   repo_dir = "/workspaces/coder"
 }
@@ -322,7 +325,7 @@ resource "docker_volume" "workspaces" {
 
 # This file is mounted as a Kubernetes secret on provisioner pods.
 # It contains the required credentials for the envbuilder cache repo.
-data "local_sensitive_file" "envbuilder_cache_dockerconfigjson" {
+data "local_sensitive_file" "envbuilder_cache_dockerconfigjson" { 
   filename = "/home/coder/envbuilder-cache-dockerconfig.json"
 }
 
@@ -331,38 +334,54 @@ data "docker_registry_image" "envbuilder" {
 }
 
 resource "docker_image" "envbuilder" {
-  name          = "${local.envbuilder_repo}@${data.docker_registry_image.envbuilder.sha256_digest}"
+  name = "${local.envbuilder_repo}@${data.docker_registry_image.envbuilder.sha256_digest}"
   pull_triggers = [data.docker_registry_image.envbuilder.sha256_digest]
-  keep_locally  = true
+  keep_locally = true
+}
+
+locals {
+  cache_repo = "us-central1-docker.pkg.dev/coder-dogfood-v2/envbuilder-cache/coder-dogfood"
+  envbuilder_env = {
+    "CODER_AGENT_TOKEN": coder_agent.dev.token,
+    "CODER_AGENT_URL": data.coder_workspace.me.access_url,
+    "ENVBUILDER_GIT_USERNAME": data.coder_external_auth.github.access_token,
+    "ENVBUILDER_GIT_URL": data.coder_parameter.devcontainer_repo.value,
+    "ENVBUILDER_DEVCONTAINER_DIR": data.coder_parameter.devcontainer_dir.value,
+    "ENVBUILDER_INIT_SCRIPT": coder_agent.dev.init_script,
+    "ENVBUILDER_FALLBACK_IMAGE": "codercom/oss-dogfood:latest", # This image runs if builds fail
+    "ENVBUILDER_PUSH_IMAGE": "true", # Push the image to the remote cache
+    "ENVBUILDER_CACHE_REPO": local.cache_repo,
+    "ENVBUILDER_DOCKER_CONFIG_BASE64": data.local_sensitive_file.envbuilder_cache_dockerconfigjson.content_base64,
+    "USE_CAP_NET_ADMIN": "true",
+    # Set git commit details correctly
+    "GIT_AUTHOR_NAME": coalesce(data.coder_workspace_owner.me.full_name, data.coder_workspace_owner.me.name),
+    "GIT_AUTHOR_EMAIL": data.coder_workspace_owner.me.email,
+    "GIT_COMMITTER_NAME": coalesce(data.coder_workspace_owner.me.full_name, data.coder_workspace_owner.me.name),
+    "GIT_COMMITTER_EMAIL": data.coder_workspace_owner.me.email,
+  }
+}  
+
+# Check for the presence of a prebuilt image in the cache repo
+# that we can use instead.
+resource "envbuilder_cached_image" "cached" {
+  count         = data.coder_workspace.me.start_count
+  builder_image = docker_image.envbuilder.name
+  git_url       = data.coder_parameter.devcontainer_repo.value
+  cache_repo    = local.cache_repo
+  extra_env     = local.envbuilder_env
 }
 
 resource "docker_container" "workspace" {
   count = data.coder_workspace.me.start_count
-  image = docker_image.envbuilder.name
+  image = envbuilder_cached_image.cached.0.image
   name  = local.container_name
   # Hostname makes the shell more user friendly: coder@my-workspace:~$
   hostname = data.coder_workspace.me.name
   # CPU limits are unnecessary since Docker will load balance automatically
-  memory  = 32768
+  memory = 32768
   runtime = "sysbox-runc"
-  env = [
-    "CODER_AGENT_TOKEN=${coder_agent.dev.token}",
-    "CODER_AGENT_URL=${data.coder_workspace.me.access_url}",
-    "ENVBUILDER_GIT_USERNAME=${data.coder_external_auth.github.access_token}",
-    "ENVBUILDER_GIT_URL=${data.coder_parameter.devcontainer_repo.value}",
-    "ENVBUILDER_DEVCONTAINER_DIR=${data.coder_parameter.devcontainer_dir.value}",
-    "ENVBUILDER_INIT_SCRIPT=${coder_agent.dev.init_script}",
-    "ENVBUILDER_FALLBACK_IMAGE=codercom/oss-dogfood:latest", # This image runs if builds fail
-    # "ENVBUILDER_PUSH_IMAGE=1", # Push the image to the remote cache
-    "ENVBUILDER_CACHE_REPO=us-central1-docker.pkg.dev/coder-dogfood-v2/envbuilder-cache/coder-dogfood",
-    "ENVBUILDER_DOCKER_CONFIG_BASE64=${data.local_sensitive_file.envbuilder_cache_dockerconfigjson.content_base64}",
-    "USE_CAP_NET_ADMIN=true",
-    # Set git commit details correctly
-    "GIT_AUTHOR_NAME=${coalesce(data.coder_workspace_owner.me.full_name, data.coder_workspace_owner.me.name)}",
-    "GIT_AUTHOR_EMAIL=${data.coder_workspace_owner.me.email}",
-    "GIT_COMMITTER_NAME=${coalesce(data.coder_workspace_owner.me.full_name, data.coder_workspace_owner.me.name)}",
-    "GIT_COMMITTER_EMAIL=${data.coder_workspace_owner.me.email}",
-  ]
+  # Use environment computed from the provider
+  env = envbuilder_cached_image.cached.0.env
   host {
     host = "host.docker.internal"
     ip   = "host-gateway"
@@ -401,7 +420,7 @@ resource "docker_container" "workspace" {
 
 resource "coder_metadata" "container_info" {
   count       = data.coder_workspace.me.start_count
-  resource_id = docker_container.workspace[0].id
+  resource_id = coder_agent.dev.id
   item {
     key   = "memory"
     value = docker_container.workspace[0].memory

From 3b24e0eb55bfc11dbad16a7b1aa50693ba4addcb Mon Sep 17 00:00:00 2001
From: Cian Johnston <cian@coder.com>
Date: Fri, 16 Aug 2024 15:29:22 +0100
Subject: [PATCH 2/4] make fmt

---
 envbuilder-dogfood/main.tf | 42 +++++++++++++++++++-------------------
 1 file changed, 21 insertions(+), 21 deletions(-)

diff --git a/envbuilder-dogfood/main.tf b/envbuilder-dogfood/main.tf
index 47df25a6779c9..86365a18d5fea 100644
--- a/envbuilder-dogfood/main.tf
+++ b/envbuilder-dogfood/main.tf
@@ -27,7 +27,7 @@ locals {
   }
 
   envbuilder_repo = "ghcr.io/coder/envbuilder-preview"
-  container_name = "coder-${data.coder_workspace_owner.me.name}-${lower(data.coder_workspace.me.name)}"
+  container_name  = "coder-${data.coder_workspace_owner.me.name}-${lower(data.coder_workspace.me.name)}"
   // Envbuilder clones repos to /workspaces by default.
   repo_dir = "/workspaces/coder"
 }
@@ -325,7 +325,7 @@ resource "docker_volume" "workspaces" {
 
 # This file is mounted as a Kubernetes secret on provisioner pods.
 # It contains the required credentials for the envbuilder cache repo.
-data "local_sensitive_file" "envbuilder_cache_dockerconfigjson" { 
+data "local_sensitive_file" "envbuilder_cache_dockerconfigjson" {
   filename = "/home/coder/envbuilder-cache-dockerconfig.json"
 }
 
@@ -334,32 +334,32 @@ data "docker_registry_image" "envbuilder" {
 }
 
 resource "docker_image" "envbuilder" {
-  name = "${local.envbuilder_repo}@${data.docker_registry_image.envbuilder.sha256_digest}"
+  name          = "${local.envbuilder_repo}@${data.docker_registry_image.envbuilder.sha256_digest}"
   pull_triggers = [data.docker_registry_image.envbuilder.sha256_digest]
-  keep_locally = true
+  keep_locally  = true
 }
 
 locals {
   cache_repo = "us-central1-docker.pkg.dev/coder-dogfood-v2/envbuilder-cache/coder-dogfood"
   envbuilder_env = {
-    "CODER_AGENT_TOKEN": coder_agent.dev.token,
-    "CODER_AGENT_URL": data.coder_workspace.me.access_url,
-    "ENVBUILDER_GIT_USERNAME": data.coder_external_auth.github.access_token,
-    "ENVBUILDER_GIT_URL": data.coder_parameter.devcontainer_repo.value,
-    "ENVBUILDER_DEVCONTAINER_DIR": data.coder_parameter.devcontainer_dir.value,
-    "ENVBUILDER_INIT_SCRIPT": coder_agent.dev.init_script,
-    "ENVBUILDER_FALLBACK_IMAGE": "codercom/oss-dogfood:latest", # This image runs if builds fail
-    "ENVBUILDER_PUSH_IMAGE": "true", # Push the image to the remote cache
-    "ENVBUILDER_CACHE_REPO": local.cache_repo,
-    "ENVBUILDER_DOCKER_CONFIG_BASE64": data.local_sensitive_file.envbuilder_cache_dockerconfigjson.content_base64,
-    "USE_CAP_NET_ADMIN": "true",
+    "CODER_AGENT_TOKEN" : coder_agent.dev.token,
+    "CODER_AGENT_URL" : data.coder_workspace.me.access_url,
+    "ENVBUILDER_GIT_USERNAME" : data.coder_external_auth.github.access_token,
+    "ENVBUILDER_GIT_URL" : data.coder_parameter.devcontainer_repo.value,
+    "ENVBUILDER_DEVCONTAINER_DIR" : data.coder_parameter.devcontainer_dir.value,
+    "ENVBUILDER_INIT_SCRIPT" : coder_agent.dev.init_script,
+    "ENVBUILDER_FALLBACK_IMAGE" : "codercom/oss-dogfood:latest", # This image runs if builds fail
+    "ENVBUILDER_PUSH_IMAGE" : "true",                            # Push the image to the remote cache
+    "ENVBUILDER_CACHE_REPO" : local.cache_repo,
+    "ENVBUILDER_DOCKER_CONFIG_BASE64" : data.local_sensitive_file.envbuilder_cache_dockerconfigjson.content_base64,
+    "USE_CAP_NET_ADMIN" : "true",
     # Set git commit details correctly
-    "GIT_AUTHOR_NAME": coalesce(data.coder_workspace_owner.me.full_name, data.coder_workspace_owner.me.name),
-    "GIT_AUTHOR_EMAIL": data.coder_workspace_owner.me.email,
-    "GIT_COMMITTER_NAME": coalesce(data.coder_workspace_owner.me.full_name, data.coder_workspace_owner.me.name),
-    "GIT_COMMITTER_EMAIL": data.coder_workspace_owner.me.email,
+    "GIT_AUTHOR_NAME" : coalesce(data.coder_workspace_owner.me.full_name, data.coder_workspace_owner.me.name),
+    "GIT_AUTHOR_EMAIL" : data.coder_workspace_owner.me.email,
+    "GIT_COMMITTER_NAME" : coalesce(data.coder_workspace_owner.me.full_name, data.coder_workspace_owner.me.name),
+    "GIT_COMMITTER_EMAIL" : data.coder_workspace_owner.me.email,
   }
-}  
+}
 
 # Check for the presence of a prebuilt image in the cache repo
 # that we can use instead.
@@ -378,7 +378,7 @@ resource "docker_container" "workspace" {
   # Hostname makes the shell more user friendly: coder@my-workspace:~$
   hostname = data.coder_workspace.me.name
   # CPU limits are unnecessary since Docker will load balance automatically
-  memory = 32768
+  memory  = 32768
   runtime = "sysbox-runc"
   # Use environment computed from the provider
   env = envbuilder_cached_image.cached.0.env

From 8de7b3fe2405d5cc9aa4af61a459b98cea53bfe0 Mon Sep 17 00:00:00 2001
From: Cian Johnston <cian@coder.com>
Date: Fri, 16 Aug 2024 15:31:58 +0100
Subject: [PATCH 3/4] comment out unnecessary environment variables

---
 envbuilder-dogfood/main.tf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/envbuilder-dogfood/main.tf b/envbuilder-dogfood/main.tf
index 86365a18d5fea..1816fa78b7d9e 100644
--- a/envbuilder-dogfood/main.tf
+++ b/envbuilder-dogfood/main.tf
@@ -345,12 +345,12 @@ locals {
     "CODER_AGENT_TOKEN" : coder_agent.dev.token,
     "CODER_AGENT_URL" : data.coder_workspace.me.access_url,
     "ENVBUILDER_GIT_USERNAME" : data.coder_external_auth.github.access_token,
-    "ENVBUILDER_GIT_URL" : data.coder_parameter.devcontainer_repo.value,
+    # "ENVBUILDER_GIT_URL" : data.coder_parameter.devcontainer_repo.value, # This is set automatically by the provider.
     "ENVBUILDER_DEVCONTAINER_DIR" : data.coder_parameter.devcontainer_dir.value,
     "ENVBUILDER_INIT_SCRIPT" : coder_agent.dev.init_script,
     "ENVBUILDER_FALLBACK_IMAGE" : "codercom/oss-dogfood:latest", # This image runs if builds fail
     "ENVBUILDER_PUSH_IMAGE" : "true",                            # Push the image to the remote cache
-    "ENVBUILDER_CACHE_REPO" : local.cache_repo,
+    # "ENVBUILDER_CACHE_REPO" : local.cache_repo, # This is set automatically by the provider.
     "ENVBUILDER_DOCKER_CONFIG_BASE64" : data.local_sensitive_file.envbuilder_cache_dockerconfigjson.content_base64,
     "USE_CAP_NET_ADMIN" : "true",
     # Set git commit details correctly

From 16958232c11cb757f44fce9470d86bbb97602033 Mon Sep 17 00:00:00 2001
From: Cian Johnston <cian@coder.com>
Date: Tue, 20 Aug 2024 11:36:04 +0100
Subject: [PATCH 4/4] Apply suggestions from code review

Co-authored-by: Mathias Fredriksson <mafredri@gmail.com>
---
 envbuilder-dogfood/main.tf | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/envbuilder-dogfood/main.tf b/envbuilder-dogfood/main.tf
index 1816fa78b7d9e..639fcbd34d5e1 100644
--- a/envbuilder-dogfood/main.tf
+++ b/envbuilder-dogfood/main.tf
@@ -345,12 +345,12 @@ locals {
     "CODER_AGENT_TOKEN" : coder_agent.dev.token,
     "CODER_AGENT_URL" : data.coder_workspace.me.access_url,
     "ENVBUILDER_GIT_USERNAME" : data.coder_external_auth.github.access_token,
-    # "ENVBUILDER_GIT_URL" : data.coder_parameter.devcontainer_repo.value, # This is set automatically by the provider.
+    # "ENVBUILDER_GIT_URL" : data.coder_parameter.devcontainer_repo.value, # The provider sets this via the `git_url` property.
     "ENVBUILDER_DEVCONTAINER_DIR" : data.coder_parameter.devcontainer_dir.value,
     "ENVBUILDER_INIT_SCRIPT" : coder_agent.dev.init_script,
     "ENVBUILDER_FALLBACK_IMAGE" : "codercom/oss-dogfood:latest", # This image runs if builds fail
     "ENVBUILDER_PUSH_IMAGE" : "true",                            # Push the image to the remote cache
-    # "ENVBUILDER_CACHE_REPO" : local.cache_repo, # This is set automatically by the provider.
+    # "ENVBUILDER_CACHE_REPO" : local.cache_repo, # The provider sets this via the `cache_repo` property.
     "ENVBUILDER_DOCKER_CONFIG_BASE64" : data.local_sensitive_file.envbuilder_cache_dockerconfigjson.content_base64,
     "USE_CAP_NET_ADMIN" : "true",
     # Set git commit details correctly