3434 tailnet-integration : ${{ steps.filter.outputs.tailnet-integration }}
3535 steps :
3636 - name : Harden Runner
37- uses : step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
37+ uses : step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
3838 with :
3939 egress-policy : audit
4040
@@ -155,7 +155,7 @@ jobs:
155155 runs-on : ${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-8' || 'ubuntu-latest' }}
156156 steps :
157157 - name : Harden Runner
158- uses : step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
158+ uses : step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
159159 with :
160160 egress-policy : audit
161161
@@ -188,7 +188,7 @@ jobs:
188188
189189# Check for any typos
190190 - name : Check for typos
191- uses : crate-ci/typos@b74202f74b4346efdbce7801d187ec57b266bac8 # v1.27.3
191+ uses : crate-ci/typos@2872c382bb9668d4baa5eade234dcbc0048ca2cf # v1.28.2
192192 with :
193193 config : .github/workflows/typos.toml
194194
@@ -227,7 +227,7 @@ jobs:
227227 if : always()
228228 steps :
229229 - name : Harden Runner
230- uses : step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
230+ uses : step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
231231 with :
232232 egress-policy : audit
233233
@@ -281,7 +281,7 @@ jobs:
281281 timeout-minutes : 7
282282 steps :
283283 - name : Harden Runner
284- uses : step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
284+ uses : step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
285285 with :
286286 egress-policy : audit
287287
@@ -322,7 +322,7 @@ jobs:
322322 - windows-2022
323323 steps :
324324 - name : Harden Runner
325- uses : step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
325+ uses : step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
326326 with :
327327 egress-policy : audit
328328
@@ -370,18 +370,23 @@ jobs:
370370 api-key : ${{ secrets.DATADOG_API_KEY }}
371371
372372 test-go-pg :
373- runs-on : ${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-8' || 'ubuntu-latest' }}
374- needs :
375- - changes
373+ runs-on : ${{ matrix.os == 'ubuntu-latest' && github.repository_owner == 'coder' && 'depot-ubuntu-22.04-4' || matrix.os == 'macos-latest' && github.repository_owner == 'coder' && 'macos-latest-xlarge' || matrix.os == 'windows-2022' && github.repository_owner == 'coder' && 'windows-latest-16-cores' || matrix.os }}
374+ needs : changes
376375 if : needs.changes.outputs.go == 'true' || needs.changes.outputs.ci == 'true' || github.ref == 'refs/heads/main'
377376 # This timeout must be greater than the timeout set by `go test` in
378377 # `make test-postgres` to ensure we receive a trace of running
379378 # goroutines. Setting this to the timeout +5m should work quite well
380379 # even if some of the preceding steps are slow.
381380 timeout-minutes : 25
381+ strategy :
382+ matrix :
383+ os :
384+ - ubuntu-latest
385+ - macos-latest
386+ - windows-2022
382387 steps :
383388 - name : Harden Runner
384- uses : step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
389+ uses : step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
385390 with :
386391 egress-policy : audit
387392
@@ -396,12 +401,46 @@ jobs:
396401 - name : Setup Terraform
397402 uses : ./.github/actions/setup-tf
398403
404+ # Sets up the ImDisk toolkit for Windows and creates a RAM disk on drive R:.
405+ - name : Setup ImDisk
406+ if : runner.os == 'Windows'
407+ uses : ./.github/actions/setup-imdisk
408+
399409 - name : Test with PostgreSQL Database
400410 env :
401411 POSTGRES_VERSION : " 13"
402412 TS_DEBUG_DISCO : " true"
413+ shell : bash
403414 run : |
404- make test-postgres
415+ # if macOS, install google-chrome for scaletests
416+ # As another concern, should we really have this kind of external dependency
417+ # requirement on standard CI?
418+ if [ "${{ matrix.os }}" == "macos-latest" ]; then
419+ brew install google-chrome
420+ fi
421+
422+ # By default Go will use the number of logical CPUs, which
423+ # is a fine default.
424+ PARALLEL_FLAG=""
425+
426+ # macOS will output "The default interactive shell is now zsh"
427+ # intermittently in CI...
428+ if [ "${{ matrix.os }}" == "macos-latest" ]; then
429+ touch ~/.bash_profile && echo "export BASH_SILENCE_DEPRECATION_WARNING=1" >> ~/.bash_profile
430+ fi
431+
432+ if [ "${{ runner.os }}" == "Linux" ]; then
433+ make test-postgres
434+ elif [ "${{ runner.os }}" == "Windows" ]; then
435+ # Create a temp dir on the R: ramdisk drive for Windows. The default
436+ # C: drive is extremely slow: https://github.com/actions/runner-images/issues/8755
437+ mkdir -p "R:/temp/embedded-pg"
438+ go run scripts/embedded-pg/main.go -path "R:/temp/embedded-pg"
439+ DB=ci gotestsum --format standard-quiet -- -v -short -count=1 ./...
440+ else
441+ go run scripts/embedded-pg/main.go
442+ DB=ci gotestsum --format standard-quiet -- -v -short -count=1 ./...
443+ fi
405444
406445name : Upload test stats to Datadog
407446 timeout-minutes : 1
@@ -426,7 +465,7 @@ jobs:
426465 timeout-minutes : 25
427466 steps :
428467 - name : Harden Runner
429- uses : step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
468+ uses : step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
430469 with :
431470 egress-policy : audit
432471
@@ -463,7 +502,7 @@ jobs:
463502 timeout-minutes : 25
464503 steps :
465504 - name : Harden Runner
466- uses : step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
505+ uses : step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
467506 with :
468507 egress-policy : audit
469508
@@ -494,6 +533,47 @@ jobs:
494533 with :
495534 api-key : ${{ secrets.DATADOG_API_KEY }}
496535
536+ test-go-race-pg :
537+ runs-on : ${{ github.repository_owner == 'coder' && 'depot-ubuntu-22.04-16' || 'ubuntu-latest' }}
538+ needs : changes
539+ if : needs.changes.outputs.go == 'true' || needs.changes.outputs.ci == 'true' || github.ref == 'refs/heads/main'
540+ timeout-minutes : 25
541+ steps :
542+ - name : Harden Runner
543+ uses : step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
544+ with :
545+ egress-policy : audit
546+
547+ - name : Checkout
548+ uses : actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
549+ with :
550+ fetch-depth : 1
551+
552+ - name : Setup Go
553+ uses : ./.github/actions/setup-go
554+
555+ - name : Setup Terraform
556+ uses : ./.github/actions/setup-tf
557+
558+ # We run race tests with reduced parallelism because they use more CPU and we were finding
559+ # instances where tests appear to hang for multiple seconds, resulting in flaky tests when
560+ # short timeouts are used.
561+ # c.f. discussion on https://github.com/coder/coder/pull/15106
562+ - name : Run Tests
563+ env :
564+ POSTGRES_VERSION : " 16"
565+ run : |
566+ make test-postgres-docker
567+ DB=ci gotestsum --junitfile="gotests.xml" -- -race -parallel 4 -p 4 ./...
568+
569+ name : Upload test stats to Datadog
570+ timeout-minutes : 1
571+ continue-on-error : true
572+ uses : ./.github/actions/upload-datadog
573+ if : always()
574+ with :
575+ api-key : ${{ secrets.DATADOG_API_KEY }}
576+
497577 # Tailnet integration tests only run when the `tailnet` directory or `go.sum`
498578 # and `go.mod` are changed. These tests are to ensure we don't add regressions
499579 # to tailnet, either due to our code or due to updating dependencies.
@@ -508,7 +588,7 @@ jobs:
508588 timeout-minutes : 20
509589 steps :
510590 - name : Harden Runner
511- uses : step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
591+ uses : step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
512592 with :
513593 egress-policy : audit
514594
@@ -534,7 +614,7 @@ jobs:
534614 timeout-minutes : 20
535615 steps :
536616 - name : Harden Runner
537- uses : step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
617+ uses : step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
538618 with :
539619 egress-policy : audit
540620
@@ -566,7 +646,7 @@ jobs:
566646 name : ${{ matrix.variant.name }}
567647 steps :
568648 - name : Harden Runner
569- uses : step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
649+ uses : step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
570650 with :
571651 egress-policy : audit
572652
@@ -586,6 +666,8 @@ jobs:
586666 name : make gen
587667
588668 - run : pnpm build
669+ env :
670+ NODE_OPTIONS : ${{ github.repository_owner == 'coder' && '--max_old_space_size=8192' || '' }}
589671 working-directory : site
590672
591673 - run : pnpm playwright:install
@@ -630,7 +712,7 @@ jobs:
630712 if : needs.changes.outputs.ts == 'true' || needs.changes.outputs.ci == 'true'
631713 steps :
632714 - name : Harden Runner
633- uses : step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
715+ uses : step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
634716 with :
635717 egress-policy : audit
636718
@@ -707,7 +789,7 @@ jobs:
707789
708790 steps :
709791 - name : Harden Runner
710- uses : step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
792+ uses : step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
711793 with :
712794 egress-policy : audit
713795
@@ -771,6 +853,7 @@ jobs:
771853 - test-go
772854 - test-go-pg
773855 - test-go-race
856+ - test-go-race-pg
774857 - test-js
775858 - test-e2e
776859 - offlinedocs
@@ -780,7 +863,7 @@ jobs:
780863 if : always()
781864 steps :
782865 - name : Harden Runner
783- uses : step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
866+ uses : step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
784867 with :
785868 egress-policy : audit
786869
@@ -793,6 +876,7 @@ jobs:
793876 echo "- test-go: ${{ needs.test-go.result }}"
794877 echo "- test-go-pg: ${{ needs.test-go-pg.result }}"
795878 echo "- test-go-race: ${{ needs.test-go-race.result }}"
879+ echo "- test-go-race-pg: ${{ needs.test-go-race-pg.result }}"
796880 echo "- test-js: ${{ needs.test-js.result }}"
797881 echo "- test-e2e: ${{ needs.test-e2e.result }}"
798882 echo "- offlinedocs: ${{ needs.offlinedocs.result }}"
@@ -815,7 +899,7 @@ jobs:
815899 runs-on : ${{ github.repository_owner == 'coder' && 'depot-macos-latest' || 'macos-latest' }}
816900 steps :
817901 - name : Harden Runner
818- uses : step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
902+ uses : step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
819903 with :
820904 egress-policy : audit
821905
@@ -901,7 +985,7 @@ jobs:
901985 IMAGE : ghcr.io/coder/coder-preview:${{ steps.build-docker.outputs.tag }}
902986 steps :
903987 - name : Harden Runner
904- uses : step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
988+ uses : step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
905989 with :
906990 egress-policy : audit
907991
@@ -1037,7 +1121,7 @@ jobs:
10371121 id-token : write
10381122 steps :
10391123 - name : Harden Runner
1040- uses : step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
1124+ uses : step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
10411125 with :
10421126 egress-policy : audit
10431127
@@ -1062,7 +1146,7 @@ jobs:
10621146 version : " 2.2.1"
10631147
10641148 - name : Get Cluster Credentials
1065- uses : google-github-actions/get-gke-credentials@206d64b64b0eba0a6e2f25113d044c31776ca8d6 # v2.2.2
1149+ uses : google-github-actions/get-gke-credentials@9025e8f90f2d8e0c3dafc3128cc705a26d992a6a # v2.3.0
10661150 with :
10671151 cluster_name : dogfood-v2
10681152 location : us-central1-a
@@ -1099,7 +1183,7 @@ jobs:
10991183 if : github.ref == 'refs/heads/main' && !github.event.pull_request.head.repo.fork
11001184 steps :
11011185 - name : Harden Runner
1102- uses : step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
1186+ uses : step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
11031187 with :
11041188 egress-policy : audit
11051189
@@ -1134,7 +1218,7 @@ jobs:
11341218 if : needs.changes.outputs.db == 'true' || needs.changes.outputs.ci == 'true' || github.ref == 'refs/heads/main'
11351219 steps :
11361220 - name : Harden Runner
1137- uses : step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
1221+ uses : step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
11381222 with :
11391223 egress-policy : audit
11401224
0 commit comments