[
{
"path": ".dockerignore",
"content": "**\n!release-packages\n!ci\n"
},
{
"path": ".editorconfig",
"content": "root = true\n\n[*]\nindent_style = space\ntrim_trailing_whitespace = true\nindent_size = 2\n"
},
{
"path": ".git-blame-ignore-revs",
"content": "# Prettier 3.4.2\n9b0340a09276f93c054d705d1b9a5f24cc5dbc97"
},
{
"path": ".gitattributes",
"content": "*.afdesign filter=lfs diff=lfs merge=lfs -text\n"
},
{
"path": ".github/CODEOWNERS",
"content": "* @coder/code-server\n\nci/helm-chart/ @Matthew-Beckett @alexgorbatchev\n\ndocs/install.md @GNUxeava\n\nsrc/node/i18n/locales/zh-cn.json @zhaozhiming\n"
},
{
"path": ".github/ISSUE_TEMPLATE/bug-report.yml",
"content": "name: Bug report\ndescription: File a bug report\nlabels: [\"bug\", \"triage\"]\nbody:\n - type: checkboxes\n attributes:\n label: Is there an existing issue for this?\n description: Please search to see if an issue already exists for the bug you encountered.\n options:\n - label: I have searched the existing issues\n required: true\n\n - type: textarea\n attributes:\n label: OS/Web Information\n description: |\n examples:\n - **Web Browser**: Chrome\n - **Local OS**: macOS\n - **Remote OS**: Ubuntu\n - **Remote Architecture**: amd64\n - **`code-server --version`**: 4.0.1\n\n Please do not just put \"latest\" for the version.\n value: |\n - Web Browser:\n - Local OS:\n - Remote OS:\n - Remote Architecture:\n - `code-server --version`:\n validations:\n required: true\n\n - type: textarea\n attributes:\n label: Steps to Reproduce\n description: |\n Please describe exactly how to reproduce the bug. For example:\n 1. Open code-server in Firefox\n 2. Install extension `foo.bar` from the extensions sidebar\n 3. Run command `foo.bar.baz`\n value: |\n 1.\n 2.\n 3.\n validations:\n required: true\n\n - type: textarea\n attributes:\n label: Expected\n description: What should happen?\n validations:\n required: true\n\n - type: textarea\n attributes:\n label: Actual\n description: What actually happens?\n validations:\n required: true\n\n - type: textarea\n id: logs\n attributes:\n label: Logs\n description: Run code-server with the --verbose flag and then paste any relevant logs from the server, from the browser console and/or the browser network tab. For issues with installation, include installation logs (i.e. output of `npm install -g code-server`).\n render: shell\n\n - type: textarea\n attributes:\n label: Screenshot/Video\n description: Please include a screenshot, gif or screen recording of your issue.\n validations:\n required: false\n\n - type: dropdown\n attributes:\n label: Does this bug reproduce in native VS Code?\n description: If the bug reproduces in native VS Code, submit the issue upstream instead (https://github.com/microsoft/vscode).\n options:\n - Yes, this is also broken in native VS Code\n - No, this works as expected in native VS Code\n - This cannot be tested in native VS Code\n - I did not test native VS Code\n validations:\n required: true\n\n - type: dropdown\n attributes:\n label: Does this bug reproduce in VS Code web?\n description: If the bug reproduces in VS Code web, submit the issue upstream instead (https://github.com/microsoft/vscode). You can run VS Code web with `code serve-web` (this is not the same as vscode.dev).\n options:\n - Yes, this is also broken in VS Code web\n - No, this works as expected in VS Code web\n - This cannot be tested in VS Code web\n - I did not test VS Code web\n validations:\n required: true\n\n - type: dropdown\n attributes:\n label: Does this bug reproduce in GitHub Codespaces?\n description: If the bug reproduces in GitHub Codespaces, submit the issue upstream instead (https://github.com/microsoft/vscode).\n options:\n - Yes, this is also broken in GitHub Codespaces\n - No, this works as expected in GitHub Codespaces\n - This cannot be tested in GitHub Codespaces\n - I did not test GitHub Codespaces\n validations:\n required: true\n\n - type: checkboxes\n attributes:\n label: Are you accessing code-server over a secure context?\n description: code-server relies on service workers (which only work in secure contexts) for many features. Double-check that you are using a secure context like HTTPS or localhost.\n options:\n - label: I am using a secure context.\n required: false\n\n - type: textarea\n attributes:\n label: Notes\n description: Please include any addition notes that will help us resolve this issue.\n validations:\n required: false\n"
},
{
"path": ".github/ISSUE_TEMPLATE/config.yml",
"content": "blank_issues_enabled: false\ncontact_links:\n - name: Question?\n url: https://github.com/coder/code-server/discussions/new?category_id=22503114\n about: Ask the community for help on our GitHub Discussions board\n - name: code-server Slack Community\n about: Need immediate help or just want to talk? Hop in our Slack. Note - this Slack is not actively monitored by code-server maintainers.\n url: https://cdr.co/join-community\n"
},
{
"path": ".github/ISSUE_TEMPLATE/doc.md",
"content": "---\nname: Documentation improvement\nabout: Suggest a documentation improvement\nlabels: \"docs\"\n---\n\n## What is your suggestion?\n\n## How will this improve the docs?\n\n## Are you interested in submitting a PR for this?\n"
},
{
"path": ".github/ISSUE_TEMPLATE/feature-request.md",
"content": "---\nname: Feature request\nabout: Suggest an idea to improve code-server\nlabels: enhancement\n---\n\n## What is your suggestion?\n\n## Why do you want this feature?\n\n## Are there any workarounds to get this functionality today?\n\n## Are you interested in submitting a PR for this?\n"
},
{
"path": ".github/PULL_REQUEST_TEMPLATE.md",
"content": "\n\nFixes #\n"
},
{
"path": ".github/codecov.yml",
"content": "codecov:\n require_ci_to_pass: yes\n allow_coverage_offsets: True\n\ncoverage:\n precision: 2\n round: down\n range: \"40...70\"\n status:\n patch: off\n notify:\n slack:\n default:\n url: secret:v1::tXC7VwEIKYjNU8HRgRv2GdKOSCt5UzpykKZb+o1eCDqBgb2PEqwE3A26QUPYMLo4BO2qtrJhFIvwhUvlPwyzDCNGoNiuZfXr0UeZZ0y1TcZu672R/NBNMwEPO/e1Ye0pHxjzKHnuH7HqbjFucox/RBQLtiL3J56SWGE3JtbkC6o=\n threshold: 1%\n only_pulls: false\n branches:\n - \"main\"\n\nparsers:\n gcov:\n branch_detection:\n conditional: yes\n loop: yes\n method: no\n macro: no\n\ncomment:\n layout: \"reach,diff,flags,files,footer\"\n behavior: default\n require_changes: no\n"
},
{
"path": ".github/codeql-config.yml",
"content": "name: \"code-server CodeQL config\"\n"
},
{
"path": ".github/dependabot.yaml",
"content": "version: 2\nupdates:\n - package-ecosystem: \"github-actions\"\n directory: \"/\"\n schedule:\n interval: \"monthly\"\n time: \"06:00\"\n timezone: \"America/Chicago\"\n labels: []\n commit-message:\n prefix: \"chore\"\n\n - package-ecosystem: \"npm\"\n directory: \"/\"\n schedule:\n interval: \"monthly\"\n time: \"06:00\"\n timezone: \"America/Chicago\"\n commit-message:\n prefix: \"chore\"\n labels: []\n ignore:\n # Ignore patch updates for all dependencies\n - dependency-name: \"*\"\n update-types:\n - version-update:semver-patch\n # Ignore major updates to Node.js types, because they need to\n # correspond to the Node.js engine version\n - dependency-name: \"@types/node\"\n update-types:\n - version-update:semver-major\n"
},
{
"path": ".github/semantic.yaml",
"content": "###############################################################################\n# This file configures \"Semantic Pull Requests\", which is documented here:\n# https://github.com/zeke/semantic-pull-requests\n###############################################################################\n\n# Scopes are optionally supplied after a 'type'. For example, in\n#\n# feat(docs): autostart ui\n#\n# '(docs)' is the scope. Scopes are used to signify where the change occurred.\nscopes:\n # docs: changes to the code-server documentation.\n - docs\n\n # vendor: changes to vendored dependencies.\n - vendor\n\n # deps: changes to code-server's dependencies.\n - deps\n\n # cs: changes to code specific to code-server.\n - cs\n\n # cli: changes to the command-line interface.\n - cli\n\n# We only check that the PR title is semantic. The PR title is automatically\n# applied to the \"Squash & Merge\" flow as the suggested commit message, so this\n# should suffice unless someone drastically alters the message in that flow.\ntitleOnly: true\n\n# Types are the 'tag' types in a commit or PR title. For example, in\n#\n# chore: fix thing\n#\n# 'chore' is the type.\ntypes:\n # A build of any kind.\n - build\n\n # A user-facing change that corrects a defect in code-server.\n - fix\n\n # Any code task that is ignored for changelog purposes. Examples include\n # devbin scripts and internal-only configurations.\n - chore\n\n # Any work performed on CI.\n - ci\n\n # Work that directly implements or supports the implementation of a feature.\n - feat\n\n # A refactor changes code structure without any behavioral change.\n - refactor\n\n # A git revert for any style of commit.\n - revert\n\n # Adding tests of any kind. Should be separate from feature or fix\n # implementations. For example, if a commit adds a fix + test, it's a fix\n # commit. If a commit is simply bumping coverage, it's a test commit.\n - test\n\n # A new release.\n - release\n"
},
{
"path": ".github/stale.yml",
"content": "# Number of days of inactivity before an issue becomes stale\ndaysUntilStale: 180\n# Number of days of inactivity before a stale issue is closed\ndaysUntilClose: 5\n# Label to apply when stale.\nstaleLabel: stale\n# Comment to post when marking an issue as stale. Set to `false` to disable\nmarkComment: >\n This issue has been automatically marked as stale because it has not had\n recent activity. It will be closed if no activity occurs in the next 5 days.\n# Comment to post when closing a stale issue. Set to `false` to disable\ncloseComment: false\n"
},
{
"path": ".github/workflows/build.yaml",
"content": "name: Build\n\non:\n push:\n branches:\n - main\n pull_request:\n branches:\n - main\n\n# Cancel in-progress runs for pull requests when developers push\n# additional changes, and serialize builds in branches.\n# https://docs.github.com/en/actions/using-jobs/using-concurrency#example-using-concurrency-to-cancel-any-in-progress-job-or-run\nconcurrency:\n group: ${{ github.workflow }}-${{ github.ref }}\n cancel-in-progress: ${{ github.event_name == 'pull_request' }}\n\n# Note: if: success() is used in several jobs -\n# this ensures that it only executes if all previous jobs succeeded.\n\n# if: steps.cache-node-modules.outputs.cache-hit != 'true'\n# will skip running `npm install` if it successfully fetched from cache\n\njobs:\n changes:\n runs-on: ubuntu-latest\n outputs:\n ci: ${{ steps.filter.outputs.ci }}\n code: ${{ steps.filter.outputs.code }}\n deps: ${{ steps.filter.outputs.deps }}\n docs: ${{ steps.filter.outputs.docs }}\n helm: ${{ steps.filter.outputs.helm }}\n steps:\n - name: Checkout repo\n uses: actions/checkout@v6\n - name: Check changed files\n uses: dorny/paths-filter@v3\n id: filter\n with:\n filters: |\n ci:\n - \".github/**\"\n - \"ci/**\"\n docs:\n - \"docs/**\"\n - \"README.md\"\n - \"CHANGELOG.md\"\n helm:\n - \"ci/helm-chart/**\"\n code:\n - \"src/**\"\n - \"test/**\"\n deps:\n - \"lib/**\"\n - \"patches/**\"\n - \"package-lock.json\"\n - \"test/package-lock.json\"\n - id: debug\n run: |\n echo \"${{ toJSON(steps.filter )}}\"\n\n prettier:\n name: Run prettier check\n runs-on: ubuntu-22.04\n steps:\n - uses: actions/checkout@v6\n - uses: actions/setup-node@v6\n with:\n node-version-file: .node-version\n cache: npm\n cache-dependency-path: |\n package-lock.json\n test/package-lock.json\n - run: SKIP_SUBMODULE_DEPS=1 npm ci\n - run: npx prettier --check .\n\n doctoc:\n name: Doctoc markdown files\n runs-on: ubuntu-22.04\n needs: changes\n if: needs.changes.outputs.docs == 'true'\n steps:\n - uses: actions/checkout@v6\n - uses: actions/setup-node@v6\n with:\n node-version-file: .node-version\n cache: npm\n cache-dependency-path: |\n package-lock.json\n test/package-lock.json\n - run: SKIP_SUBMODULE_DEPS=1 npm ci\n - run: npm run doctoc\n\n lint-helm:\n name: Lint Helm chart\n runs-on: ubuntu-22.04\n needs: changes\n if: needs.changes.outputs.helm == 'true'\n steps:\n - uses: actions/checkout@v6\n - uses: azure/setup-helm@v4\n with:\n token: ${{ secrets.GITHUB_TOKEN }}\n - run: helm plugin install https://github.com/instrumenta/helm-kubeval\n - run: helm kubeval ci/helm-chart\n\n lint-ts:\n name: Lint TypeScript files\n runs-on: ubuntu-22.04\n needs: changes\n if: needs.changes.outputs.code == 'true'\n steps:\n - uses: actions/checkout@v6\n - uses: actions/setup-node@v6\n with:\n node-version-file: .node-version\n cache: npm\n cache-dependency-path: |\n package-lock.json\n test/package-lock.json\n - run: SKIP_SUBMODULE_DEPS=1 npm ci\n - run: npm run lint:ts\n\n lint-actions:\n name: Lint GitHub Actions\n runs-on: ubuntu-latest\n needs: changes\n if: needs.changes.outputs.ci == 'true'\n steps:\n - name: Checkout repo\n uses: actions/checkout@v6\n - name: Check workflow files\n run: |\n bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash) 1.7.9\n ./actionlint -color -shellcheck= -ignore \"softprops/action-gh-release\"\n shell: bash\n\n test-unit:\n name: Run unit tests\n runs-on: ubuntu-22.04\n needs: changes\n if: needs.changes.outputs.code == 'true'\n steps:\n - uses: actions/checkout@v6\n - uses: actions/setup-node@v6\n with:\n node-version-file: .node-version\n cache: npm\n cache-dependency-path: |\n package-lock.json\n test/package-lock.json\n - run: SKIP_SUBMODULE_DEPS=1 npm ci\n - run: npm run test:unit\n - uses: codecov/codecov-action@v5\n if: success()\n with:\n token: ${{ secrets.CODECOV_TOKEN }}\n\n build:\n name: Build code-server\n runs-on: ubuntu-22.04\n env:\n CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}\n DISABLE_V8_COMPILE_CACHE: 1\n steps:\n - uses: actions/checkout@v6\n with:\n submodules: true\n - run: sudo apt update && sudo apt install -y libkrb5-dev\n - uses: awalsh128/cache-apt-pkgs-action@latest\n with:\n packages: quilt\n version: 1.0\n - run: quilt push -a\n - uses: actions/setup-node@v6\n with:\n node-version-file: .node-version\n cache: npm\n cache-dependency-path: |\n package-lock.json\n test/package-lock.json\n - run: SKIP_SUBMODULE_DEPS=1 npm ci\n - run: npm run build\n env:\n GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}\n # Get Code's git hash. When this changes it means the content is\n # different and we need to rebuild.\n - name: Get latest lib/vscode rev\n id: vscode-rev\n run: echo \"rev=$(git rev-parse HEAD:./lib/vscode)\" >> $GITHUB_OUTPUT\n # We need to rebuild when we have a new version of Code, when any of\n # the patches changed, or when the code-server version changes (since\n # it gets embedded into the code). Use VSCODE_CACHE_VERSION to\n # force a rebuild.\n - name: Fetch prebuilt Code package from cache\n id: cache-vscode\n uses: actions/cache@v4\n with:\n path: lib/vscode-reh-web-*\n key: vscode-reh-package-${{ secrets.VSCODE_CACHE_VERSION }}-${{ steps.vscode-rev.outputs.rev }}-${{ hashFiles('patches/*.diff', 'ci/build/build-vscode.sh') }}\n - name: Build vscode\n env:\n VERSION: \"0.0.0\"\n if: steps.cache-vscode.outputs.cache-hit != 'true'\n run: |\n pushd lib/vscode\n npm ci\n popd\n npm run build:vscode\n # The release package does not contain any native modules\n # and is neutral to architecture/os/libc version.\n - run: npm run release\n if: success()\n # https://github.com/actions/upload-artifact/issues/38\n - run: tar -czf package.tar.gz release\n - uses: actions/upload-artifact@v7\n with:\n name: npm-package\n path: ./package.tar.gz\n\n test-e2e:\n name: Run e2e tests\n runs-on: ubuntu-22.04\n needs: [changes, build]\n if: needs.changes.outputs.code == 'true' || needs.changes.outputs.deps == 'true'\n steps:\n - uses: actions/checkout@v6\n - run: sudo apt update && sudo apt install -y libkrb5-dev\n - uses: actions/setup-node@v6\n with:\n node-version-file: .node-version\n cache: npm\n cache-dependency-path: |\n package-lock.json\n test/package-lock.json\n - run: SKIP_SUBMODULE_DEPS=1 npm ci\n - uses: actions/download-artifact@v8\n with:\n name: npm-package\n - run: tar -xzf package.tar.gz\n - run: cd release && npm install --unsafe-perm --omit=dev\n - name: Install Playwright OS dependencies\n run: |\n ./test/node_modules/.bin/playwright install-deps\n ./test/node_modules/.bin/playwright install\n - run: CODE_SERVER_TEST_ENTRY=./release npm run test:e2e\n - uses: actions/upload-artifact@v7\n if: always()\n with:\n name: failed-test-videos\n path: ./test/test-results\n - run: rm -rf ./release ./test/test-results\n\n test-e2e-proxy:\n name: Run e2e tests behind proxy\n runs-on: ubuntu-22.04\n needs: [changes, build]\n if: needs.changes.outputs.code == 'true' || needs.changes.outputs.deps == 'true'\n steps:\n - uses: actions/checkout@v6\n - run: sudo apt update && sudo apt install -y libkrb5-dev\n - uses: actions/setup-node@v6\n with:\n node-version-file: .node-version\n cache: npm\n cache-dependency-path: |\n package-lock.json\n test/package-lock.json\n - run: SKIP_SUBMODULE_DEPS=1 npm ci\n - uses: actions/download-artifact@v8\n with:\n name: npm-package\n - run: tar -xzf package.tar.gz\n - run: cd release && npm install --unsafe-perm --omit=dev\n - name: Install Playwright OS dependencies\n run: |\n ./test/node_modules/.bin/playwright install-deps\n ./test/node_modules/.bin/playwright install\n - name: Cache Caddy\n uses: actions/cache@v4\n id: caddy-cache\n with:\n path: |\n ~/.cache/caddy\n key: cache-caddy-2.5.2\n - name: Install Caddy\n env:\n GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}\n if: steps.caddy-cache.outputs.cache-hit != 'true'\n run: |\n gh release download v2.5.2 --repo caddyserver/caddy --pattern \"caddy_2.5.2_linux_amd64.tar.gz\"\n mkdir -p ~/.cache/caddy\n tar -xzf caddy_2.5.2_linux_amd64.tar.gz --directory ~/.cache/caddy\n - run: ~/.cache/caddy/caddy start --config ./ci/Caddyfile\n - run: CODE_SERVER_TEST_ENTRY=./release npm run test:e2e:proxy\n - run: ~/.cache/caddy/caddy stop --config ./ci/Caddyfile\n if: always()\n\n - uses: actions/upload-artifact@v7\n if: always()\n with:\n name: failed-test-videos-proxy\n path: ./test/test-results\n"
},
{
"path": ".github/workflows/installer.yaml",
"content": "name: Installer integration\n\non:\n push:\n branches:\n - main\n paths:\n - \"install.sh\"\n - \".github/workflows/installer.yaml\"\n pull_request:\n branches:\n - main\n paths:\n - \"install.sh\"\n - \".github/workflows/installer.yaml\"\n\n# Cancel in-progress runs for pull requests when developers push\n# additional changes, and serialize builds in branches.\n# https://docs.github.com/en/actions/using-jobs/using-concurrency#example-using-concurrency-to-cancel-any-in-progress-job-or-run\nconcurrency:\n group: ${{ github.workflow }}-${{ github.ref }}\n cancel-in-progress: ${{ github.event_name == 'pull_request' }}\n\npermissions:\n contents: read\n\njobs:\n ubuntu:\n name: Test installer on Ubuntu\n runs-on: ubuntu-latest\n steps:\n - name: Checkout repo\n uses: actions/checkout@v6\n\n - name: Install code-server\n run: ./install.sh\n\n - name: Test code-server was installed globally\n run: code-server --help\n\n alpine:\n name: Test installer on Alpine\n runs-on: ubuntu-latest\n container: \"alpine:3.17\"\n steps:\n - name: Checkout repo\n uses: actions/checkout@v6\n\n - name: Install curl\n run: apk add curl\n\n - name: Add user\n run: adduser coder --disabled-password\n\n # Standalone should work without root.\n - name: Test standalone to a non-existent prefix\n run: su coder -c \"./install.sh --method standalone --prefix /tmp/does/not/yet/exist\"\n\n # We do not actually have Alpine standalone builds so running code-server\n # will not work.\n - name: Test code-server was installed to prefix\n run: test -f /tmp/does/not/yet/exist/bin/code-server\n\n macos:\n name: Test installer on macOS\n runs-on: macos-latest\n\n steps:\n - name: Checkout repo\n uses: actions/checkout@v6\n\n - name: Install code-server\n run: ./install.sh\n\n - name: Test code-server was installed globally\n run: code-server --help\n"
},
{
"path": ".github/workflows/publish.yaml",
"content": "name: Publish code-server\n\non:\n # Shows the manual trigger in GitHub UI\n # helpful as a back-up in case the GitHub Actions Workflow fails\n workflow_dispatch:\n inputs:\n version:\n description: The version to publish (include \"v\", i.e. \"v4.9.1\").\n type: string\n required: true\n\n release:\n types: [released]\n\n# Cancel in-progress runs for pull requests when developers push\n# additional changes, and serialize builds in branches.\n# https://docs.github.com/en/actions/using-jobs/using-concurrency#example-using-concurrency-to-cancel-any-in-progress-job-or-run\nconcurrency:\n group: ${{ github.workflow }}-${{ github.ref }}\n cancel-in-progress: ${{ github.event_name == 'pull_request' }}\n\njobs:\n npm:\n runs-on: ubuntu-latest\n steps:\n - name: Checkout code-server\n uses: actions/checkout@v6\n\n - name: Install Node.js\n uses: actions/setup-node@v6\n with:\n node-version-file: .node-version\n\n - name: Download npm package from release artifacts\n uses: robinraju/release-downloader@v1.12\n with:\n repository: \"coder/code-server\"\n tag: ${{ github.event.inputs.version || github.ref_name }}\n fileName: \"package.tar.gz\"\n out-file-path: \"release-npm-package\"\n\n # Strip out the v (v4.9.1 -> 4.9.1).\n - name: Get and set VERSION\n run: |\n TAG=\"${{ github.event.inputs.version || github.ref_name }}\"\n echo \"VERSION=${TAG#v}\" >> $GITHUB_ENV\n\n - run: npm run publish:npm\n env:\n VERSION: ${{ env.VERSION }}\n GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}\n NPM_TOKEN: ${{ secrets.NPM_TOKEN }}\n NPM_ENVIRONMENT: \"production\"\n\n aur:\n runs-on: ubuntu-latest\n timeout-minutes: 10\n env:\n GH_TOKEN: ${{ secrets.HOMEBREW_GITHUB_API_TOKEN }}\n\n steps:\n # We need to checkout code-server so we can get the version\n - name: Checkout code-server\n uses: actions/checkout@v6\n with:\n fetch-depth: 0\n path: \"./code-server\"\n\n - name: Checkout code-server-aur repo\n uses: actions/checkout@v6\n with:\n repository: \"cdrci/code-server-aur\"\n token: ${{ secrets.HOMEBREW_GITHUB_API_TOKEN }}\n ref: \"master\"\n\n - name: Merge in master\n run: |\n git remote add upstream https://github.com/coder/code-server-aur.git\n git fetch upstream\n git merge upstream/master\n\n - name: Configure git\n run: |\n git config --global user.name cdrci\n git config --global user.email opensource@coder.com\n\n # Strip out the v (v4.9.1 -> 4.9.1).\n - name: Get and set VERSION\n run: |\n TAG=\"${{ github.event.inputs.version || github.ref_name }}\"\n echo \"VERSION=${TAG#v}\" >> $GITHUB_ENV\n\n - name: Validate package\n uses: heyhusen/archlinux-package-action@v3.0.0\n env:\n VERSION: ${{ env.VERSION }}\n with:\n pkgver: ${{ env.VERSION }}\n updpkgsums: true\n srcinfo: true\n\n - name: Open PR\n # We need to git push -u otherwise gh will prompt\n # asking where to push the branch.\n env:\n VERSION: ${{ env.VERSION }}\n run: |\n git checkout -b update-version-${{ env.VERSION }}\n git add .\n git commit -m \"chore: updating version to ${{ env.VERSION }}\"\n git push -u origin $(git branch --show)\n gh pr create --repo coder/code-server-aur --title \"chore: bump version to ${{ env.VERSION }}\" --body \"PR opened by @$GITHUB_ACTOR\" --assignee $GITHUB_ACTOR\n\n docker:\n runs-on: ubuntu-latest\n steps:\n - name: Checkout code-server\n uses: actions/checkout@v6\n\n - name: Set up QEMU\n uses: docker/setup-qemu-action@v3\n\n - name: Set up Docker Buildx\n uses: docker/setup-buildx-action@v3\n\n - name: Login to Docker Hub\n uses: docker/login-action@v3\n with:\n username: ${{ secrets.DOCKER_USERNAME }}\n password: ${{ secrets.DOCKER_PASSWORD }}\n\n - name: Login to GHCR\n uses: docker/login-action@v3\n with:\n registry: ghcr.io\n username: ${{ github.actor }}\n password: ${{ secrets.GITHUB_TOKEN }}\n\n # Strip out the v (v4.9.1 -> 4.9.1).\n - name: Get and set VERSION\n run: |\n TAG=\"${{ github.event.inputs.version || github.ref_name }}\"\n echo \"VERSION=${TAG#v}\" >> $GITHUB_ENV\n\n - name: Download deb artifacts\n uses: robinraju/release-downloader@v1.12\n with:\n repository: \"coder/code-server\"\n tag: v${{ env.VERSION }}\n fileName: \"*.deb\"\n out-file-path: \"release-packages\"\n\n - name: Download rpm artifacts\n uses: robinraju/release-downloader@v1.12\n with:\n repository: \"coder/code-server\"\n tag: v${{ env.VERSION }}\n fileName: \"*.rpm\"\n out-file-path: \"release-packages\"\n\n - name: Publish to Docker\n run: ./ci/steps/docker-buildx-push.sh\n env:\n VERSION: ${{ env.VERSION }}\n GITHUB_TOKEN: ${{ github.token }}\n"
},
{
"path": ".github/workflows/release.yaml",
"content": "name: Draft release\n\non:\n workflow_dispatch:\n inputs:\n version:\n description: The version to publish (include \"v\", i.e. \"v4.9.1\").\n type: string\n required: true\n\npermissions:\n contents: write # For creating releases.\n discussions: write # For creating a discussion.\n\n# Cancel in-progress runs for pull requests when developers push\n# additional changes\nconcurrency:\n group: ${{ github.workflow }}-${{ github.ref }}\n cancel-in-progress: ${{ github.event_name == 'pull_request' }}\n\njobs:\n package-linux-cross:\n name: ${{ matrix.prefix }}\n runs-on: ubuntu-latest\n timeout-minutes: 15\n needs: npm-version\n container: \"python:3.8-slim-buster\"\n strategy:\n matrix:\n include:\n - prefix: x86_64-linux-gnu\n npm_arch: x64\n apt_arch: amd64\n package_arch: amd64\n - prefix: aarch64-linux-gnu\n npm_arch: arm64\n apt_arch: arm64\n package_arch: arm64\n - prefix: arm-linux-gnueabihf\n npm_arch: armv7l\n apt_arch: armhf\n package_arch: armv7l\n\n env:\n AR: ${{ format('{0}-ar', matrix.prefix) }}\n AS: ${{ format('{0}-as', matrix.prefix) }}\n CC: ${{ format('{0}-gcc', matrix.prefix) }}\n CPP: ${{ format('{0}-cpp', matrix.prefix) }}\n CXX: ${{ format('{0}-g++', matrix.prefix) }}\n FC: ${{ format('{0}-gfortran', matrix.prefix) }}\n LD: ${{ format('{0}-ld', matrix.prefix) }}\n STRIP: ${{ format('{0}-strip', matrix.prefix) }}\n PKG_CONFIG_PATH: ${{ format('/usr/lib/{0}/pkgconfig', matrix.prefix) }}\n TARGET_ARCH: ${{ matrix.apt_arch }}\n npm_config_arch: ${{ matrix.npm_arch }}\n PKG_ARCH: ${{ matrix.package_arch }}\n # Not building from source results in an x86_64 argon2, as if\n # npm_config_arch is being ignored.\n npm_config_build_from_source: true\n\n steps:\n - name: Checkout repo\n uses: actions/checkout@v6\n\n - name: Install Node.js\n uses: actions/setup-node@v6\n with:\n node-version-file: .node-version\n cache: npm\n cache-dependency-path: |\n package-lock.json\n test/package-lock.json\n\n - name: Install cross-compiler and system dependencies\n run: |\n sed -i 's/deb\\.debian\\.org/archive.debian.org/g' /etc/apt/sources.list\n dpkg --add-architecture $TARGET_ARCH\n apt update && apt install -y --no-install-recommends \\\n crossbuild-essential-$TARGET_ARCH \\\n libx11-dev:$TARGET_ARCH \\\n libx11-xcb-dev:$TARGET_ARCH \\\n libxkbfile-dev:$TARGET_ARCH \\\n libsecret-1-dev:$TARGET_ARCH \\\n libkrb5-dev:$TARGET_ARCH \\\n ca-certificates \\\n curl wget rsync gettext-base\n\n - run: SKIP_SUBMODULE_DEPS=1 npm ci\n\n - name: Install nfpm\n run: |\n mkdir -p ~/.local/bin\n curl -sSfL https://github.com/goreleaser/nfpm/releases/download/v2.3.1/nfpm_2.3.1_`uname -s`_`uname -m`.tar.gz | tar -C ~/.local/bin -zxv nfpm\n echo \"$HOME/.local/bin\" >> $GITHUB_PATH\n\n - name: Download npm package\n uses: actions/download-artifact@v8\n with:\n name: npm-release-package\n\n - run: tar -xzf package.tar.gz\n - run: npm run release:standalone\n\n - name: Replace node with cross-compile equivalent\n run: |\n node_version=$(node --version)\n wget https://nodejs.org/dist/${node_version}/node-${node_version}-linux-${npm_config_arch}.tar.xz\n tar -xf node-${node_version}-linux-${npm_config_arch}.tar.xz node-${node_version}-linux-${npm_config_arch}/bin/node --strip-components=2\n mv ./node ./release-standalone/lib/node\n\n # Strip out the v (v4.9.1 -> 4.9.1).\n - name: Get and set VERSION\n run: |\n TAG=\"${{ inputs.version || github.ref_name }}\"\n echo \"VERSION=${TAG#v}\" >> $GITHUB_ENV\n\n - env:\n VERSION: ${{ env.VERSION }}\n run: npm run package $PKG_ARCH\n\n - uses: softprops/action-gh-release@v1\n with:\n draft: true\n discussion_category_name: \"š£ Announcements\"\n files: ./release-packages/*\n\n package-macos-amd64:\n name: x86-64 macOS build\n runs-on: macos-15-intel\n timeout-minutes: 15\n needs: npm-version\n env:\n GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}\n\n steps:\n - name: Checkout repo\n uses: actions/checkout@v6\n\n - name: Install Node.js\n uses: actions/setup-node@v6\n with:\n node-version-file: .node-version\n cache: npm\n cache-dependency-path: |\n package-lock.json\n test/package-lock.json\n\n - run: SKIP_SUBMODULE_DEPS=1 npm ci\n\n - name: Install nfpm\n run: |\n mkdir -p ~/.local/bin\n curl -sSfL https://github.com/goreleaser/nfpm/releases/download/v2.3.1/nfpm_2.3.1_`uname -s`_`uname -m`.tar.gz | tar -C ~/.local/bin -zxv nfpm\n echo \"$HOME/.local/bin\" >> $GITHUB_PATH\n\n # The version of node-gyp we use depends on distutils but it was removed\n # in Python 3.12. It seems to be fixed in the latest node-gyp so when we\n # next update Node we can probably remove this. For now, install\n # setuptools since it contains distutils.\n - run: brew install python-setuptools\n\n - name: Download npm package\n uses: actions/download-artifact@v8\n with:\n name: npm-release-package\n\n - run: tar -xzf package.tar.gz\n - run: npm run release:standalone\n - run: npm run test:native\n\n # Strip out the v (v4.9.1 -> 4.9.1).\n - name: Get and set VERSION\n run: |\n TAG=\"${{ inputs.version || github.ref_name }}\"\n echo \"VERSION=${TAG#v}\" >> $GITHUB_ENV\n\n - name: Build packages with nfpm\n env:\n VERSION: ${{ env.VERSION }}\n run: npm run package\n\n - uses: softprops/action-gh-release@v1\n with:\n draft: true\n discussion_category_name: \"š£ Announcements\"\n files: ./release-packages/*\n\n package-macos-arm64:\n name: arm64 macOS build\n runs-on: macos-latest\n timeout-minutes: 15\n needs: npm-version\n env:\n GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}\n\n steps:\n - name: Checkout repo\n uses: actions/checkout@v6\n\n - name: Install Node.js\n uses: actions/setup-node@v6\n with:\n node-version-file: .node-version\n cache: npm\n cache-dependency-path: |\n package-lock.json\n test/package-lock.json\n\n - run: SKIP_SUBMODULE_DEPS=1 npm ci\n\n - name: Install nfpm\n run: |\n mkdir -p ~/.local/bin\n curl -sSfL https://github.com/goreleaser/nfpm/releases/download/v2.3.1/nfpm_2.3.1_`uname -s`_`uname -m`.tar.gz | tar -C ~/.local/bin -zxv nfpm\n echo \"$HOME/.local/bin\" >> $GITHUB_PATH\n\n # The version of node-gyp we use depends on distutils but it was removed\n # in Python 3.12. It seems to be fixed in the latest node-gyp so when we\n # next update Node we can probably remove this. For now, install\n # setuptools since it contains distutils.\n - run: brew install python-setuptools\n\n - name: Download npm package\n uses: actions/download-artifact@v8\n with:\n name: npm-release-package\n\n - run: tar -xzf package.tar.gz\n - run: npm run release:standalone\n - run: npm run test:native\n\n # Strip out the v (v4.9.1 -> 4.9.1).\n - name: Get and set VERSION\n run: |\n TAG=\"${{ inputs.version || github.ref_name }}\"\n echo \"VERSION=${TAG#v}\" >> $GITHUB_ENV\n\n - name: Build packages with nfpm\n env:\n VERSION: ${{ env.VERSION }}\n run: npm run package\n\n - uses: softprops/action-gh-release@v1\n with:\n draft: true\n discussion_category_name: \"š£ Announcements\"\n files: ./release-packages/*\n\n npm-package:\n name: Upload npm package\n runs-on: ubuntu-latest\n timeout-minutes: 15\n needs: npm-version\n steps:\n - name: Download npm package\n uses: actions/download-artifact@v8\n with:\n name: npm-release-package\n\n - uses: softprops/action-gh-release@v1\n with:\n draft: true\n discussion_category_name: \"š£ Announcements\"\n files: ./package.tar.gz\n\n npm-version:\n name: Modify package.json version\n runs-on: ubuntu-latest\n timeout-minutes: 15\n steps:\n - name: Download artifacts\n uses: dawidd6/action-download-artifact@v16\n id: download\n with:\n branch: ${{ github.ref }}\n workflow: build.yaml\n workflow_conclusion: completed\n name: npm-package\n check_artifacts: false\n if_no_artifact_found: fail\n\n - run: tar -xzf package.tar.gz\n\n # Strip out the v (v4.9.1 -> 4.9.1).\n - name: Get and set VERSION\n run: |\n TAG=\"${{ inputs.version || github.ref_name }}\"\n echo \"VERSION=${TAG#v}\" >> $GITHUB_ENV\n\n - name: Modify version\n env:\n VERSION: ${{ env.VERSION }}\n run: |\n echo \"Updating version in root package.json\"\n npm version --prefix release \"$VERSION\"\n\n echo \"Updating version in lib/vscode/product.json\"\n tmp=$(mktemp)\n jq \".codeServerVersion = \\\"$VERSION\\\"\" release/lib/vscode/product.json > \"$tmp\" && mv \"$tmp\" release/lib/vscode/product.json\n # Ensure it has the same permissions as before\n chmod 644 release/lib/vscode/product.json\n\n - run: tar -czf package.tar.gz release\n\n - name: Upload npm package artifact\n uses: actions/upload-artifact@v7\n with:\n name: npm-release-package\n path: ./package.tar.gz\n"
},
{
"path": ".github/workflows/scripts.yaml",
"content": "name: Script unit tests\n\non:\n push:\n branches:\n - main\n paths:\n - \"**.sh\"\n - \"**.bats\"\n pull_request:\n branches:\n - main\n paths:\n - \"**.sh\"\n - \"**.bats\"\n\npermissions:\n actions: none\n checks: none\n contents: read\n deployments: none\n issues: none\n packages: none\n pull-requests: none\n repository-projects: none\n security-events: none\n statuses: none\n\n# Cancel in-progress runs for pull requests when developers push\n# additional changes, and serialize builds in branches.\n# https://docs.github.com/en/actions/using-jobs/using-concurrency#example-using-concurrency-to-cancel-any-in-progress-job-or-run\nconcurrency:\n group: ${{ github.workflow }}-${{ github.ref }}\n cancel-in-progress: ${{ github.event_name == 'pull_request' }}\n\njobs:\n test:\n name: Run script unit tests\n runs-on: ubuntu-latest\n # This runs on Alpine to make sure we're testing with actual sh.\n container: \"alpine:3.17\"\n steps:\n - name: Checkout repo\n uses: actions/checkout@v6\n\n - name: Install test utilities\n run: apk add bats checkbashisms\n\n - name: Check Bashisms\n run: checkbashisms ./install.sh\n\n - name: Run script unit tests\n run: ./ci/dev/test-scripts.sh\n\n lint:\n name: Lint shell files\n runs-on: ubuntu-latest\n timeout-minutes: 5\n steps:\n - name: Checkout repo\n uses: actions/checkout@v6\n\n - name: Install lint utilities\n run: sudo apt install shellcheck\n\n - name: Lint shell files\n run: ./ci/dev/lint-scripts.sh\n"
},
{
"path": ".github/workflows/security.yaml",
"content": "name: Security\n\non:\n push:\n branches: [main]\n paths:\n - \"package.json\"\n pull_request:\n paths:\n - \"package.json\"\n schedule:\n # Runs every Monday morning PST\n - cron: \"17 15 * * 1\"\n\n# Cancel in-progress runs for pull requests when developers push additional\n# changes, and serialize builds in branches.\nconcurrency:\n group: ${{ github.workflow }}-${{ github.ref }}\n cancel-in-progress: ${{ github.event_name == 'pull_request' }}\n\njobs:\n audit:\n name: Audit node modules\n runs-on: ubuntu-latest\n timeout-minutes: 15\n steps:\n - name: Checkout repo\n uses: actions/checkout@v6\n with:\n fetch-depth: 0\n\n - name: Install Node.js\n uses: actions/setup-node@v6\n with:\n node-version-file: .node-version\n\n - name: Audit npm for vulnerabilities\n run: npm audit\n if: success()\n\n trivy-scan-repo:\n name: Scan repo with Trivy\n permissions:\n contents: read # for actions/checkout to fetch code\n security-events: write # for github/codeql-action/upload-sarif to upload SARIF results\n runs-on: ubuntu-22.04\n steps:\n - name: Checkout repo\n uses: actions/checkout@v6\n with:\n fetch-depth: 0\n\n - name: Run Trivy vulnerability scanner in repo mode\n uses: aquasecurity/trivy-action@97e0b3872f55f89b95b2f65b3dbab56962816478\n with:\n scan-type: \"fs\"\n scan-ref: \".\"\n ignore-unfixed: true\n format: \"template\"\n template: \"@/contrib/sarif.tpl\"\n output: \"trivy-repo-results.sarif\"\n severity: \"HIGH,CRITICAL\"\n\n - name: Upload Trivy scan results to GitHub Security tab\n uses: github/codeql-action/upload-sarif@v4\n with:\n sarif_file: \"trivy-repo-results.sarif\"\n\n codeql-analyze:\n permissions:\n actions: read # for github/codeql-action/init to get workflow details\n contents: read # for actions/checkout to fetch code\n security-events: write # for github/codeql-action/autobuild to send a status report\n name: Analyze with CodeQL\n runs-on: ubuntu-22.04\n\n steps:\n - name: Checkout repository\n uses: actions/checkout@v6\n\n # Initializes the CodeQL tools for scanning.\n - name: Initialize CodeQL\n uses: github/codeql-action/init@v4\n with:\n config-file: ./.github/codeql-config.yml\n languages: javascript\n\n - name: Autobuild\n uses: github/codeql-action/autobuild@v4\n\n - name: Perform CodeQL Analysis\n uses: github/codeql-action/analyze@v4\n"
},
{
"path": ".github/workflows/trivy-docker.yaml",
"content": "name: Trivy Nightly Docker Scan\n\non:\n # Run scans if the workflow is modified, in order to test the\n # workflow itself. This results in some spurious notifications,\n # but seems okay for testing.\n pull_request:\n branches:\n - main\n paths:\n - .github/workflows/trivy-docker.yaml\n\n # Run scans against master whenever changes are merged.\n push:\n branches:\n - main\n paths:\n - .github/workflows/trivy-docker.yaml\n\n schedule:\n # Run at 10:15 am UTC (3:15am PT/5:15am CT)\n # Run at 0 minutes 0 hours of every day.\n - cron: \"15 10 * * *\"\n\n workflow_dispatch:\n\npermissions:\n actions: none\n checks: none\n contents: read\n deployments: none\n issues: none\n packages: none\n pull-requests: none\n repository-projects: none\n security-events: write\n statuses: none\n\n# Cancel in-progress runs for pull requests when developers push\n# additional changes, and serialize builds in branches.\n# https://docs.github.com/en/actions/using-jobs/using-concurrency#example-using-concurrency-to-cancel-any-in-progress-job-or-run\nconcurrency:\n group: ${{ github.workflow }}-${{ github.ref }}\n\njobs:\n trivy-scan-image:\n runs-on: ubuntu-22.04\n\n steps:\n - name: Checkout code\n uses: actions/checkout@v6\n\n - name: Run Trivy vulnerability scanner in image mode\n uses: aquasecurity/trivy-action@97e0b3872f55f89b95b2f65b3dbab56962816478\n with:\n image-ref: \"docker.io/codercom/code-server:latest\"\n ignore-unfixed: true\n format: \"sarif\"\n output: \"trivy-image-results.sarif\"\n severity: \"HIGH,CRITICAL\"\n\n - name: Upload Trivy scan results to GitHub Security tab\n uses: github/codeql-action/upload-sarif@v4\n with:\n sarif_file: \"trivy-image-results.sarif\"\n"
},
{
"path": ".gitignore",
"content": ".tsbuildinfo\n.cache\n/out*/\nrelease/\nrelease-npm-package/\nrelease-standalone/\nrelease-packages/\nrelease-gcp/\nrelease-images/\nnode_modules\n/plugins\n/lib/coder-cloud-agent\n.home\ncoverage\n**/.DS_Store\n\n# Code packages itself here.\n/lib/vscode-reh-web-*\n\n# Failed e2e test videos are saved here\ntest/test-results\n\n# Quilt's internal data.\n/.pc\n/patches/*.diff~\n"
},
{
"path": ".gitmodules",
"content": "[submodule \"lib/vscode\"]\n\tpath = lib/vscode\n\turl = https://github.com/microsoft/vscode\n"
},
{
"path": ".node-version",
"content": "22.22.0\n"
},
{
"path": ".prettierignore",
"content": "lib/vscode\nlib/vscode-reh-web-linux-x64\nrelease-standalone\nrelease-packages\nrelease\nhelm-chart\ntest/scripts\ntest/e2e/extensions/test-extension\n.pc\npackage-lock.json\n"
},
{
"path": ".prettierrc.yaml",
"content": "printWidth: 120\nsemi: false\ntrailingComma: all\narrowParens: always\nsingleQuote: false\nuseTabs: false\n"
},
{
"path": ".tours/contributing.tour",
"content": "{\n \"$schema\": \"https://aka.ms/codetour-schema\",\n \"title\": \"Contributing\",\n \"steps\": [\n {\n \"directory\": \"src\",\n \"line\": 1,\n \"description\": \"Hello world! code-server's source code lives here in `src` (see the explorer). It's broadly arranged into browser code, Node code, and code shared between both.\"\n },\n {\n \"file\": \"src/node/entry.ts\",\n \"line\": 157,\n \"description\": \"code-server begins execution here. CLI arguments are parsed, special flags like --help are handled, then the HTTP server is started.\"\n },\n {\n \"file\": \"src/node/cli.ts\",\n \"line\": 28,\n \"description\": \"This describes all of the code-server CLI options and how they will be parsed.\"\n },\n {\n \"file\": \"src/node/cli.ts\",\n \"line\": 233,\n \"description\": \"Here's the actual CLI parser.\"\n },\n {\n \"file\": \"src/node/settings.ts\",\n \"line\": 1,\n \"description\": \"code-server maintains a settings file that is read and written here.\"\n },\n {\n \"file\": \"src/node/app.ts\",\n \"line\": 11,\n \"description\": \"The core of code-server are HTTP and web socket servers which are created here. They provide authentication, file access, an API, and serve web-based applications like VS Code.\"\n },\n {\n \"file\": \"src/node/wsRouter.ts\",\n \"line\": 38,\n \"description\": \"This is an analog to Express's Router that handles web socket routes.\"\n },\n {\n \"file\": \"src/node/http.ts\",\n \"line\": 1,\n \"description\": \"This file provides various HTTP utility functions.\"\n },\n {\n \"file\": \"src/node/coder_cloud.ts\",\n \"line\": 9,\n \"description\": \"The cloud agent spawned here provides the --link functionality.\"\n },\n {\n \"file\": \"src/node/heart.ts\",\n \"line\": 7,\n \"description\": \"code-server's heart beats to indicate recent activity.\\n\\nAlso documented here: [https://github.com/coder/code-server/blob/main/docs/FAQ.md#heartbeat-file](https://github.com/coder/code-server/blob/main/docs/FAQ.md#heartbeat-file)\"\n },\n {\n \"file\": \"src/node/socket.ts\",\n \"line\": 13,\n \"description\": \"We pass sockets to child processes, however we can't pass TLS sockets so when code-server is handling TLS (via --cert) we use this to create a proxy that can be passed to the child.\"\n },\n {\n \"directory\": \"src/node/routes\",\n \"line\": 1,\n \"description\": \"code-server's routes live here in `src/node/routes` (see the explorer).\"\n },\n {\n \"file\": \"src/node/routes/index.ts\",\n \"line\": 123,\n \"description\": \"The architecture of code-server allows it to be extended with applications via plugins. Each application is registered at its own route and handles requests at and below that route. Currently we have only VS Code (although it is not yet actually split out into a plugin).\"\n },\n {\n \"file\": \"src/node/plugin.ts\",\n \"line\": 103,\n \"description\": \"The previously mentioned plugins are loaded here.\"\n },\n {\n \"file\": \"src/node/routes/apps.ts\",\n \"line\": 12,\n \"description\": \"This provides a list of the applications registered with code-server.\"\n },\n {\n \"file\": \"src/node/routes/domainProxy.ts\",\n \"line\": 18,\n \"description\": \"code-server provides a built-in proxy to help in developing web-based applications. This is the code for the domain-based proxy.\\n\\nAlso documented here: [https://github.com/coder/code-server/blob/main/docs/FAQ.md#how-do-i-securely-access-web-services](https://github.com/coder/code-server/blob/main/docs/FAQ.md#how-do-i-securely-access-web-services)\"\n },\n {\n \"file\": \"src/node/routes/pathProxy.ts\",\n \"line\": 19,\n \"description\": \"Here is the path-based version of the proxy.\\n\\nAlso documented here: [https://github.com/coder/code-server/blob/main/docs/FAQ.md#how-do-i-securely-access-web-services](https://github.com/coder/code-server/blob/main/docs/FAQ.md#how-do-i-securely-access-web-services)\"\n },\n {\n \"file\": \"src/node/proxy.ts\",\n \"line\": 4,\n \"description\": \"Both the domain and path proxy use the single proxy instance created here.\"\n },\n {\n \"file\": \"src/node/routes/health.ts\",\n \"line\": 5,\n \"description\": \"A simple endpoint that lets you see if code-server is up.\\n\\nAlso documented here: [https://github.com/coder/code-server/blob/main/docs/FAQ.md#healthz-endpoint](https://github.com/coder/code-server/blob/main/docs/FAQ.md#healthz-endpoint)\"\n },\n {\n \"file\": \"src/node/routes/login.ts\",\n \"line\": 46,\n \"description\": \"code-server supports a password-based login here.\"\n },\n {\n \"file\": \"src/node/routes/static.ts\",\n \"line\": 16,\n \"description\": \"This serves static assets. Anything under the code-server directory can be fetched. Anything outside requires authentication.\"\n },\n {\n \"file\": \"src/node/routes/update.ts\",\n \"line\": 10,\n \"description\": \"This endpoint lets you query for the latest code-server version. It's used to power the update popup you see in VS Code.\"\n },\n {\n \"file\": \"src/node/routes/vscode.ts\",\n \"line\": 15,\n \"description\": \"This is the endpoint that serves VS Code's HTML, handles VS Code's websockets, and handles a few VS Code-specific endpoints for fetching static files.\"\n },\n {\n \"file\": \"src/node/vscode.ts\",\n \"line\": 13,\n \"description\": \"The actual VS Code spawn and initialization is handled here. VS Code runs in a separate child process. We communicate via IPC and by passing it web sockets.\"\n },\n {\n \"file\": \"src/browser/serviceWorker.ts\",\n \"line\": 1,\n \"description\": \"The service worker only exists to provide PWA functionality.\"\n },\n {\n \"directory\": \"src/browser/pages\",\n \"line\": 1,\n \"description\": \"HTML, CSS, and JavaScript for each page lives in here `src/browser/pages` (see the explorer). Currently our HTML uses a simple search and replace template system with variables that {{LOOK_LIKE_THIS}}.\"\n },\n {\n \"file\": \"src/browser/pages/vscode.html\",\n \"line\": 1,\n \"description\": \"The VS Code HTML is based off VS Code's own `workbench.html`.\"\n },\n {\n \"directory\": \"src/browser/media\",\n \"line\": 1,\n \"description\": \"Static images and the manifest live here in `src/browser/media` (see the explorer).\"\n },\n {\n \"directory\": \"lib/vscode\",\n \"line\": 1,\n \"description\": \"code-server makes use of VS Code's frontend web/remote support. Most of the modifications implement the remote server since that portion of the code is closed source and not released with VS Code.\\n\\nWe also have a few bug fixes and have added some features (like client-side extensions). See [https://github.com/coder/code-server/blob/main/docs/CONTRIBUTING.md#modifications-to-vs-code](https://github.com/coder/code-server/blob/main/docs/CONTRIBUTING.md#modifications-to-vs-code) for a list.\\n\\nWe make an effort to keep the modifications as few as possible.\"\n }\n ]\n}\n"
},
{
"path": ".tours/start-development.tour",
"content": "{\n \"$schema\": \"https://aka.ms/codetour-schema\",\n \"title\": \"Start Development\",\n \"steps\": [\n {\n \"file\": \"package.json\",\n \"line\": 31,\n \"description\": \"## Commands\\n\\nTo start developing, make sure you have Node 16+ and the [required dependencies](https://github.com/Microsoft/vscode/wiki/How-to-Contribute#prerequisites) installed. Then, run the following commands:\\n\\n1. Install dependencies:\\n>> npm\\n\\n3. Start development mode (and watch for changes):\\n>> npm run watch\"\n },\n {\n \"file\": \"src/node/app.ts\",\n \"line\": 68,\n \"description\": \"## Visit the web server\\n\\nIf all goes well, you should see something like this in your terminal. code-server should be live in development mode.\\n\\n---\\n```bash\\n[2020-12-09T21:03:37.156Z] info code-server 3.7.4 development\\n[2020-12-09T21:03:37.157Z] info Using user-data-dir ~/.local/share/code-server\\n[2020-12-09T21:03:37.165Z] info Using config file ~/.config/code-server/config.yaml\\n[2020-12-09T21:03:37.165Z] info HTTP server listening on http://127.0.0.1:8080 \\n[2020-12-09T21:03:37.165Z] info - Authentication is enabled\\n[2020-12-09T21:03:37.165Z] info - Using password from ~/.config/code-server/config.yaml\\n[2020-12-09T21:03:37.165Z] info - Not serving HTTPS\\n```\\n\\n---\\n\\nIf you have the default configuration, you can access it at [http://localhost:8080](http://localhost:8080).\"\n },\n {\n \"file\": \"src/browser/pages/login.html\",\n \"line\": 26,\n \"description\": \"## Make a change\\n\\nThis is the login page, let's make a change and see it update on our web server! Perhaps change the text :)\\n\\n```html\\n
Modifying the login page šØš¼āš»
\\n```\\n\\nReminder, you can likely preview at [http://localhost:8080](http://localhost:8080)\"\n },\n {\n \"file\": \"src/node/app.ts\",\n \"line\": 62,\n \"description\": \"## That's it!\\n\\n\\nThat's all there is to it! When this tour ends, your terminal session may stop, but just use `npm run watch` to start developing from here on out!\\n\\n\\nIf you haven't already, be sure to check out these resources:\\n- [Tour: Contributing](command:codetour.startTourByTitle?[\\\"Contributing\\\"])\\n- [Docs: FAQ.md](https://github.com/coder/code-server/blob/main/docs/FAQ.md)\\n- [Docs: CONTRIBUTING.md](https://github.com/coder/code-server/blob/main/docs/CONTRIBUTING.md)\\n- [Community: GitHub Discussions](https://github.com/coder/code-server/discussions)\\n- [Community: Slack](https://community.coder.com)\"\n }\n ]\n}\n"
},
{
"path": "CHANGELOG.md",
"content": "# Changelog\n\nAll notable changes to this project will be documented in this file.\n\nThe format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),\nand this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).\n\n\n\n## Unreleased\n\n## [4.109.5](https://github.com/coder/code-server/releases/tag/v4.109.5) - 2026-03-02\n\nCode v1.109.5\n\n### Changed\n\n- Update to Code 1.109.5\n\n## [4.109.2](https://github.com/coder/code-server/releases/tag/v4.109.2) - 2026-02-12\n\nCode v1.109.2\n\n### Changed\n\n- Update to Code 1.109.2\n\n## [4.109.0](https://github.com/coder/code-server/releases/tag/v4.109.0) - 2026-02-12\n\nCode v1.109.0\n\n### Changed\n\n- Update to Code 1.109.0\n\n## [4.108.2](https://github.com/coder/code-server/releases/tag/v4.108.2) - 2026-01-26\n\nCode v1.108.2\n\n### Changed\n\n- Update to Code 1.108.2\n\n## [4.108.1](https://github.com/coder/code-server/releases/tag/v4.108.1) - 2026-01-16\n\nCode v1.108.1\n\n### Changed\n\n- Update to Code 1.108.1\n\n## [4.108.0](https://github.com/coder/code-server/releases/tag/v4.108.0) - 2026-01-12\n\nCode v1.108.0\n\n### Changed\n\n- Update to Code 1.108.0\n\n## [4.107.1](https://github.com/coder/code-server/releases/tag/v4.107.1) - 2026-01-09\n\nCode v1.107.1\n\n### Changed\n\n- Update to Code 1.107.1\n\n## [4.107.0](https://github.com/coder/code-server/releases/tag/v4.107.0) - 2026-12-17\n\nCode v1.107.0\n\n### Changed\n\n- Update to Code 1.107.0\n\n### Added\n\n- New `--cookie-suffix` flag that can be used to add a suffix to the cookie when\n using the built-in password authentication. You can use this to avoid\n collisions with other instances of code-server.\n- Support a new property `authorizationHeaderToken` on the extension gallery\n configuration. This will be added to marketplace requests as a bearer token\n using the `Authorization` header.\n\n## [4.106.3](https://github.com/coder/code-server/releases/tag/v4.106.3) - 2025-12-01\n\nCode v1.106.3\n\n### Changed\n\n- Update to Code 1.106.3\n\n## [4.106.2](https://github.com/coder/code-server/releases/tag/v4.106.2) - 2025-11-19\n\nCode v1.106.2\n\n### Changed\n\n- Update to Code 1.106.2\n\n## [4.106.0](https://github.com/coder/code-server/releases/tag/v4.106.0) - 2025-11-19\n\nCode v1.106.0\n\n### Changed\n\n- Update to Code 1.106.0\n\n## [4.105.1](https://github.com/coder/code-server/releases/tag/v4.105.1) - 2025-10-20\n\nCode v1.105.1\n\n### Changed\n\n- Update to Code 1.105.1\n\n## [4.105.0](https://github.com/coder/code-server/releases/tag/v4.105.0) - 2025-10-17\n\nCode v1.105.0\n\n### Changed\n\n- Update to Code 1.105.0\n\n## [4.104.3](https://github.com/coder/code-server/releases/tag/v4.104.3) - 2025-10-07\n\nCode v1.104.3\n\n### Changed\n\n- Update to Code 1.104.3.\n\n## [4.104.2](https://github.com/coder/code-server/releases/tag/v4.104.2) - 2025-09-26\n\nCode v1.104.2\n\n### Changed\n\n- Update to Code 1.104.2.\n\n## [4.104.1](https://github.com/coder/code-server/releases/tag/v4.104.1) - 2025-09-19\n\nCode v1.104.1\n\n### Changed\n\n- Update to Code 1.104.1.\n\n## [4.104.0](https://github.com/coder/code-server/releases/tag/v4.104.0) - 2025-09-15\n\nCode v1.104.0\n\n### Fixed\n\n- Fix \"extension not found\" errors from Open VSX when trying to install the\n latest version of an extension.\n\n### Changed\n\n- Update to Code 1.104.0.\n\n## [4.103.2](https://github.com/coder/code-server/releases/tag/v4.103.2) - 2025-08-25\n\nCode v1.103.2\n\n### Changed\n\n- Update to Code 1.103.2.\n\n## [4.103.1](https://github.com/coder/code-server/releases/tag/v4.103.1) - 2025-08-15\n\nCode v1.103.1\n\n### Changed\n\n- Update to Code 1.103.1.\n\n## [4.103.0](https://github.com/coder/code-server/releases/tag/v4.103.0) - 2025-08-12\n\nCode v1.103.0\n\n### Changed\n\n- Update to Code 1.103.0.\n\n## [4.102.2](https://github.com/coder/code-server/releases/tag/v4.102.2) - 2025-07-24\n\nCode v1.102.2\n\n### Changed\n\n- Update to Code 1.102.2.\n\n## [4.102.1](https://github.com/coder/code-server/releases/tag/v4.102.1) - 2025-07-17\n\nCode v1.102.1\n\n### Changed\n\n- Update to Code 1.102.1.\n\n## [4.102.0](https://github.com/coder/code-server/releases/tag/v4.102.0) - 2025-07-16\n\nCode v1.102.0\n\n### Changed\n\n- Update to Code 1.102.0.\n\n### Added\n\n- Custom strings can be configured using the `--i18n` flag set to a JSON\n file. This can be used for either translation (and can be used alongside\n `--locale`) or for customizing the strings. See\n [./src/node/i18n/locales/en.json](./src/node/i18n/locales/en.json) for the\n available keys.\n\n## [4.101.2](https://github.com/coder/code-server/releases/tag/v4.101.2) - 2025-06-25\n\nCode v1.101.2\n\n### Changed\n\n- Update to Code 1.101.2.\n\n### Fixed\n\n- Fix web views not loading due to 401 when requesting the service worker.\n\n## [4.101.1](https://github.com/coder/code-server/releases/tag/v4.101.1) - 2025-06-20\n\nCode v1.101.1\n\n### Changed\n\n- Update to Code 1.101.1.\n\n## [4.101.0](https://github.com/coder/code-server/releases/tag/v4.101.0) - 2025-06-20\n\nCode v1.101.0\n\n### Changed\n\n- Update to Code 1.101.0.\n\n## [4.100.3](https://github.com/coder/code-server/releases/tag/v4.100.3) - 2025-06-03\n\nCode v1.100.3\n\n### Changed\n\n- Update to Code 1.100.3.\n\n## [4.100.2](https://github.com/coder/code-server/releases/tag/v4.100.2) - 2025-05-15\n\nCode v1.100.2\n\n### Changed\n\n- Update to Code 1.100.2.\n\n## [4.100.1](https://github.com/coder/code-server/releases/tag/v4.100.1) - 2025-05-13\n\nCode v1.100.1\n\n### Changed\n\n- Update to Code 1.100.1.\n\n## [4.100.0](https://github.com/coder/code-server/releases/tag/v4.100.0) - 2025-05-12\n\nCode v1.100.0\n\n### Added\n\n- Trusted domains for links can now be set at run-time by configuring\n `linkProtectionTrustedDomains` in the `lib/vscode/product.json` file or via\n the `--link-protection-trusted-domains` flag.\n\n### Changed\n\n- Update to Code 1.100.0.\n- Disable extension signature verification, which previously was skipped by\n default (the package used for verification is not available to OSS builds of\n VS Code) but now reportedly throws hard errors making it impossible to install\n extensions.\n\n### Fixed\n\n- Flags with repeatable options now work via the config file.\n\n## [4.99.4](https://github.com/coder/code-server/releases/tag/v4.99.4) - 2025-05-02\n\nCode v1.99.3\n\n### Security\n\n- Validate that ports in the path proxy are numbers, to prevent proxying to\n arbitrary domains.\n\n## [4.99.3](https://github.com/coder/code-server/releases/tag/v4.99.3) - 2025-04-17\n\nCode v1.99.3\n\n### Added\n\n- Added `--skip-auth-preflight` flag to let preflight requests through the\n proxy.\n\n### Changed\n\n- Update to Code 1.99.3.\n\n## [4.99.2](https://github.com/coder/code-server/releases/tag/v4.99.2) - 2025-04-10\n\nCode v1.99.2\n\n### Changed\n\n- Update to Code 1.99.2.\n\n## [4.99.1](https://github.com/coder/code-server/releases/tag/v4.99.1) - 2025-04-08\n\nCode v1.99.1\n\n### Changed\n\n- Update to Code 1.99.1.\n\n## [4.99.0](https://github.com/coder/code-server/releases/tag/v4.99.0) - 2025-04-07\n\nCode v1.99.0\n\n### Changed\n\n- Update to Code 1.99.0.\n\n## [4.98.0](https://github.com/coder/code-server/releases/tag/v4.98.0) - 2025-03-07\n\nCode v1.98.0\n\n### Changed\n\n- Update to Code 1.98.0.\n\n## [4.97.2](https://github.com/coder/code-server/releases/tag/v4.96.4) - 2025-02-18\n\nCode v1.97.2\n\n### Added\n\n- Added back macOS amd64 builds.\n\n### Changed\n\n- Update to Code 1.97.2.\n- Softened dark mode login page colors.\n\n## [4.96.4](https://github.com/coder/code-server/releases/tag/v4.96.4) - 2025-01-20\n\nCode v1.96.4\n\n### Changed\n\n- Update to Code 1.96.4.\n\n## [4.96.2](https://github.com/coder/code-server/releases/tag/v4.96.2) - 2024-12-20\n\nCode v1.96.2\n\n### Changed\n\n- Update to Code 1.96.2.\n\n## [4.96.1](https://github.com/coder/code-server/releases/tag/v4.96.1) - 2024-12-18\n\nCode v1.96.1\n\n### Added\n\n- Dark color scheme for login and error pages.\n\n### Changed\n\n- Update to Code 1.96.1.\n\n## [4.95.3](https://github.com/coder/code-server/releases/tag/v4.95.3) - 2024-11-18\n\nCode v1.95.3\n\n### Changed\n\n- Update to Code 1.95.3.\n\n## [4.95.2](https://github.com/coder/code-server/releases/tag/v4.95.2) - 2024-11-12\n\nCode v1.95.2\n\n### Changed\n\n- Update to Code 1.95.2.\n\n## [4.95.1](https://github.com/coder/code-server/releases/tag/v4.95.1) - 2024-11-06\n\nCode v1.95.1\n\n### Changed\n\n- Update to Code 1.95.1.\n\n## [4.93.1](https://github.com/coder/code-server/releases/tag/v4.93.1) - 2024-09-23\n\nCode v1.93.1\n\n### Changed\n\n- Updated to Code 1.93.1.\n\n### Added\n\n- Added `--abs-proxy-base-path` flag for when code-server is not at the root.\n\n## [4.92.2](https://github.com/coder/code-server/releases/tag/v4.92.2) - 2024-08-19\n\nCode v1.92.2\n\n### Breaking changes\n\n- Dropped a patch that changed the compile target from es2022 to es2020 because\n it no longer works with the way VS Code uses static properties. This may break\n older browsers, so those browsers will either have to be updated or use an\n older version of code-server.\n\n### Changed\n\n- Updated to Code 1.92.2.\n\n## [4.91.0](https://github.com/coder/code-server/releases/tag/v4.91.0) - 2024-07-10\n\nCode v1.91.0\n\n### Changed\n\n- Updated to Code 1.91.0.\n\n## [4.90.3](https://github.com/coder/code-server/releases/tag/v4.90.3) - 2024-06-21\n\nCode v1.90.2\n\n### Changed\n\n- Updated to Code 1.90.2.\n\n### Fixed\n\n- When the log gets rotated it will no longer incorrectly be moved to a new\n directory created in the current working directory named with a date.\n Instead, the file itself is prepended with the date and kept in the same\n directory, as originally intended.\n\n## [4.90.2](https://github.com/coder/code-server/releases/tag/v4.90.2) - 2024-06-14\n\nCode v1.90.1\n\n### Changed\n\n- Updated to Code 1.90.1.\n\n## [4.90.1](https://github.com/coder/code-server/releases/tag/v4.90.1) - 2024-06-12\n\nCode v1.90.0\n\n### Fixed\n\n- Cache a call to get CPU information used in telemetry that could result in a\n lack responsiveness if it was particularly slow.\n\n## [4.90.0](https://github.com/coder/code-server/releases/tag/v4.90.0) - 2024-06-11\n\nCode v1.90.0\n\n### Changed\n\n- Updated to Code 1.90.0.\n- Updated Node to 20.11.1.\n\n### Added\n\n- Send contents to the clipboard in the integrated terminal by piping to\n `code-server --stdin-to-clipboard` or `code-server -c`.\n\n You may want to make this an alias:\n\n ```\n alias xclip=\"code-server --stdin-to-clipboard\"\n echo -n \"hello world\" | xclip\n ```\n\n## [4.89.1](https://github.com/coder/code-server/releases/tag/v4.89.1) - 2024-04-14\n\nCode v1.89.1\n\n### Changed\n\n- Updated to Code 1.89.1.\n\n## [4.89.0](https://github.com/coder/code-server/releases/tag/v4.89.0) - 2024-04-08\n\nCode v1.89.0\n\n### Changed\n\n- Updated to Code 1.89.0.\n\n## [4.23.1](https://github.com/coder/code-server/releases/tag/v4.23.1) - 2024-04-15\n\nCode v1.88.1\n\n### Changed\n\n- Updated to Code 1.88.1.\n\n## [4.23.0](https://github.com/coder/code-server/releases/tag/v4.23.0) - 2024-04-08\n\nCode v1.88.0\n\n### Changed\n\n- Updated to Code 1.88.0.\n- Updated Node to 18.18.2.\n\n### Fixed\n\n- Fix masking the exit code when failing to install extensions on the command\n line outside the integrated terminal. Installing extensions inside the\n integrated terminal still masks the exit code and is an upstream bug.\n\n## [4.22.1](https://github.com/coder/code-server/releases/tag/v4.22.1) - 2024-03-14\n\nCode v1.87.2\n\n### Changed\n\n- Updated to Code 1.87.2.\n- Enable keep-alive for proxy agent.\n\n## [4.22.0](https://github.com/coder/code-server/releases/tag/v4.22.0) - 2024-03-03\n\nCode v1.87.0\n\n### Changed\n\n- Updated to Code 1.87.0.\n\n## [4.21.2](https://github.com/coder/code-server/releases/tag/v4.21.2) - 2024-02-28\n\nCode v1.86.2\n\n### Changed\n\n- Updated to Code 1.86.2.\n\n## [4.21.1](https://github.com/coder/code-server/releases/tag/v4.21.1) - 2024-02-09\n\nCode v1.86.1\n\n### Changed\n\n- Updated to Code 1.86.1.\n- Updated to Node 18.17.1.\n\n### Added\n\n- Docker images for Fedora and openSUSE.\n\n## [4.21.0](https://github.com/coder/code-server/releases/tag/v4.21.0) - 2024-02-05\n\nCode v1.86.0\n\n### Changed\n\n- Updated to Code 1.86.0.\n\n## [4.20.1](https://github.com/coder/code-server/releases/tag/v4.20.1) - 2024-01-22\n\nCode v1.85.2\n\n### Changed\n\n- Updated to Code 1.85.2.\n\n### Fixed\n\n- Query variables are no longer double-encoded when going over the path proxy.\n\n## [4.20.0](https://github.com/coder/code-server/releases/tag/v4.20.0) - 2023-12-21\n\nCode v1.85.1\n\n### Added\n\n- New flag `--disable-file-uploads` to disable uploading files to the remote by\n drag and drop and to disable opening local files via the \"show local\" button\n in the file open prompt. Note that you can still open local files by drag and\n dropping the file onto the editor pane.\n- Added `wget` to the release image.\n\n### Changed\n\n- Updated to Code 1.85.1.\n- The `--disable-file-downloads` flag will now disable the \"show local\" button\n in the file save prompt as well.\n- Debian release image updated to use Bookworm.\n\n## [4.19.1](https://github.com/coder/code-server/releases/tag/v4.19.1) - 2023-11-29\n\nCode v1.84.2\n\n### Fixed\n\n- Fixed an issue where parts of the editor would not load (like the file\n explorer, source control, etc) when using a workspace file.\n\n## [4.19.0](https://github.com/coder/code-server/releases/tag/v4.19.0) - 2023-11-18\n\nCode v1.84.2\n\n### Changed\n\n- Updated to Code 1.84.2.\n\n## [4.18.0](https://github.com/coder/code-server/releases/tag/v4.18.0) - 2023-10-20\n\nCode v1.83.1\n\n### Changed\n\n- Updated to Code 1.83.1.\n\n## [4.17.1](https://github.com/coder/code-server/releases/tag/v4.17.1) - 2023-09-29\n\nCode v1.82.2\n\n### Fixed\n\n- Make secret storage persistent. For example, logging in with GitHub should\n persist between browser refreshes and code-server restarts.\n- Issues with argon2 on arm builds should be fixed now.\n\n## [4.17.0](https://github.com/coder/code-server/releases/tag/v4.17.0) - 2023-09-22\n\nCode v1.82.2\n\n### Added\n\n- Japanese locale.\n- `CODE_SERVER_HOST` environment variable.\n\n### Changed\n\n- Update to Code 1.82.2. This includes an update to Node 18, which also means\n that the minimum glibc is now 2.28. If you need to maintain a lower glibc then\n you can take a version of Node 18 that is compiled with a lower glibc and use\n that to build code-server (or at a minimum rebuild the native modules).\n- Display paths to config files in full rather than abbreviated. If you have\n trouble with the password not working please update and make sure the\n displayed config paths are what you expect.\n\n### Fixed\n\n- Fix some dependency issues for the standalone arm64 and armv7l releases. If\n you had issues with missing or failing modules please try these new builds.\n\n## [4.16.1](https://github.com/coder/code-server/releases/tag/v4.16.1) - 2023-07-31\n\nCode v1.80.2\n\n### Changed\n\n- Updated to Code 1.80.2.\n\n## [4.16.0](https://github.com/coder/code-server/releases/tag/v4.16.0) - 2023-07-28\n\nCode v1.80.1\n\n### Added\n\n- `--disable-proxy` flag. This disables the domain and path proxies but it does\n not disable the ports panel in Code. That can be disabled by using\n `remote.autoForwardPorts=false` in your settings.\n\n## [4.15.0](https://github.com/coder/code-server/releases/tag/v4.15.0) - 2023-07-21\n\nCode v1.80.1\n\n### Changed\n\n- Updated to Code 1.80.1.\n\n### Added\n\n- `--trusted-origin` flag for specifying origins that you trust but do not\n control (for example a reverse proxy).\n\nCode v1.79.2\n\n## [4.14.1](https://github.com/coder/code-server/releases/tag/v4.14.1) - 2023-06-26\n\nCode v1.79.2\n\n### Security\n\n- Remove extra write permissions on the Node binary bundled with the linux-amd64\n tarball. If you extract the tar without a umask this could mean the Node\n binary would be unexpectedly writable.\n\n### Fixed\n\n- Inability to launch multiple instances of code-server for different users.\n\n### Added\n\n- `--session-socket` CLI flag to configure the location of the session socket.\n By default it will be placed in `/code-server-ipc.sock`.\n\n## [4.14.0](https://github.com/coder/code-server/releases/tag/v4.14.0) - 2023-06-16\n\nCode v1.79.2\n\n### Added\n\n- `--domain-proxy` now supports `{{port}}` and `{{host}}` template variables.\n\n### Changed\n\n- Updated to Code 1.79.2\n- Files opened from an external terminal will now open in the most closely\n related window rather than in the last opened window.\n\n## [4.13.0](https://github.com/coder/code-server/releases/tag/v4.13.0) - 2023-05-19\n\nCode v1.78.2\n\n### Changed\n\n- Updated to Code 1.78.2.\n\n### Fixed\n\n- Proxying files that contain non-ASCII characters.\n- Origin check when X-Forwarded-Host contains comma-separated hosts.\n\n## [4.12.0](https://github.com/coder/code-server/releases/tag/v4.12.0) - 2023-04-21\n\nCode v1.77.3\n\n### Changed\n\n- Updated to Code 1.77.3\n- Ports panel will use domain-based proxy (instead of the default path-based\n proxy) when set via --proxy-domain.\n- Apply --app-name to the PWA title.\n\n### Added\n\n- Thai translation for login page.\n- Debug logs around the origin security check. If you are getting forbidden\n errors on web sockets please run code-server with `--log debug` to see why the\n requests are being blocked.\n\n## [4.11.0](https://github.com/coder/code-server/releases/tag/v4.11.0) - 2023-03-16\n\nCode v1.76.1\n\n### Changed\n\n- Updated to Code 1.76.1\n\n## [4.10.1](https://github.com/coder/code-server/releases/tag/v4.10.1) - 2023-03-04\n\nCode v1.75.1\n\n### Security\n\nAdded an origin check to web sockets to prevent cross-site hijacking attacks on\nusers using older or niche browser that do not support SameSite cookies and\nattacks across sub-domains that share the same root domain.\n\nThe check requires the host header to be set so if you use a reverse proxy\nensure it forwards that information otherwise web sockets will be blocked.\n\n## [4.10.0](https://github.com/coder/code-server/releases/tag/v4.10.0) - 2023-02-15\n\nCode v1.75.1\n\n### Changed\n\n- Updated to Code 1.75.1\n\n### Removed\n\n- Removed `--link` (was deprecated over thirteen months ago in 4.0.1).\n\n## [4.9.1](https://github.com/coder/code-server/releases/tag/v4.9.1) - 2022-12-15\n\nCode v1.73.1\n\n### Changed\n\n- Updated a couple steps in the build and release process to ensure we're using\n `npm` and `yarn` consistently depending on the step.\n\n### Fixed\n\n- Fixed an issue with code-server version not displaying in the Help > About window.\n- Fixed terminal not loading on macOS clients.\n\n## [4.9.0](https://github.com/coder/code-server/releases/tag/v4.9.0) - 2022-12-06\n\nCode v1.73.1\n\n### Changed\n\n- Upgraded to Code 1.73.1\n\n### Added\n\n- `/security.txt` added as a route with info on our security policy information thanks to @ghuntley\n\n### Fixed\n\n- Installing on majaro images should now work thanks to @MrPeacockNLB for\n adding the `--noconfirm` flag in `install.sh`\n\n### Known Issues\n\n- `--cert` on Ubuntu 22.04: OpenSSL v3 is used which breaks `pem` meaning the\n `--cert` feature will not work. [Reference](https://github.com/adobe/fetch/pull/318#issuecomment-1306070259)\n\n## [4.8.3](https://github.com/coder/code-server/releases/tag/v4.8.3) - 2022-11-07\n\nCode v1.72.1\n\n### Added\n\n- install script now supports arch-like (i.e. manjaro, endeavourous, etc.)\n architectures\n\n### Changed\n\n- Updated text in the Getting Started page.\n\n## [4.8.2](https://github.com/coder/code-server/releases/tag/v4.8.2) - 2022-11-02\n\nCode v1.72.1\n\n### Added\n\n- New text in the Getting Started page with info about\n `coder/coder`. This is enabled by default but can be disabled by passing the CLI\n flag `--disable-getting-started-override` or setting\n `CS_DISABLE_GETTING_STARTED_OVERRIDE=1` or\n `CS_DISABLE_GETTING_STARTED_OVERRIDE=true`.\n\n## [4.8.1](https://github.com/coder/code-server/releases/tag/v4.8.1) - 2022-10-28\n\nCode v1.72.1\n\n### Fixed\n\n- Fixed CSP error introduced in 4.8.0 that caused issues with webviews and most\n extensions.\n\n## [4.8.0](https://github.com/coder/code-server/releases/tag/v4.8.0) - 2022-10-24\n\nCode v1.72.1\n\n### Added\n\n- Support for the Ports panel which leverages code-server's built-in proxy. It\n also uses `VSCODE_PROXY_URI` where `{{port}}` is replace when forwarding a port.\n Example: `VSCODE_PROXY_URI=https://{{port}}.kyle.dev` would forward an\n application running on localhost:3000 to https://3000.kyle.dev\n- Support for `--disable-workspace-trust` CLI flag\n- Support for `--goto` flag to open file @ line:column\n- Added Ubuntu-based images for Docker releases. If you run into issues with\n `PATH` being overwritten in Docker please try the Ubuntu image as this is a\n problem in the Debian base image.\n\n### Changed\n\n- Updated Code to 1.72.1\n\n### Fixed\n\n- Enabled `BROWSER` environment variable\n- Patched `asExternalUri` to work so now extensions run inside code-server can use it\n\n## [4.7.1](https://github.com/coder/code-server/releases/tag/v4.7.1) - 2022-09-30\n\nCode v1.71.2\n\n### Changed\n\n- Updated Code to 1.71.2\n\n### Fixed\n\n- Fixed install script not upgrading code-server when already installed on RPM-based machines\n- Fixed install script failing to gain root permissions on FreeBSD\n\n## [4.7.0](https://github.com/coder/code-server/releases/tag/v4.7.0) - 2022-09-09\n\nCode v1.71.0\n\n### Changed\n\n- Updated Code to 1.71.0\n\n### Removed\n\n- Dropped heartbeat patch because it was implemented upstream\n\n### Fixed\n\n- Add flags --unsafe-perm --legacy-peer-deps in `npm-postinstall.sh` which ensures installing with npm works correctly\n\n## [4.6.1](https://github.com/coder/code-server/releases/tag/v4.6.1) - 2022-09-31\n\nCode v1.70.2\n\n### Changed\n\n- Updated Code to 1.70.2\n- Updated `argon2` to 0.29.0 which should fix issues on FreeBSD\n- Updated docs to suggest using `npm` instead of `yarn`\n\n### Removed\n\n- Dropped database migration patch affected to 4.0.2 versions and earlier.\n\n### Fixed\n\n- Fixed preservation of `process.execArgv` which means you can pass `--prof` to profile code-server\n\n## [4.6.0](https://github.com/coder/code-server/releases/tag/v4.6.0) - 2022-08-17\n\nCode v1.70.1\n\n### Changed\n\n- Updated Code to 1.70.1.\n\n### Added\n\n- Added a heartbeat to sockets. This should prevent them from getting closed by\n reverse proxy timeouts when idle like NGINX's default 60-second timeout.\n\n### Fixed\n\n- Fixed logout option appearing even when authentication is disabled.\n\n## [4.5.2](https://github.com/coder/code-server/releases/tag/v4.5.2) - 2022-08-15\n\nCode v1.68.1\n\n### Security\n\n- Fixed the proxy route not performing authentication. For example if you were\n to run a development HTTP server using `python -m http.server 8000` then it\n would be accessible at `my.domain/proxy/8000/` without any authentication.\n\n If all of the following apply to you please update as soon as possible:\n - You run code-server with the built-in password authentication.\n - You run unprotected HTTP services on ports accessible by code-server.\n\n### Changed\n\n- Invoking `code-server` in the integrated terminal will now use the script that\n comes with upstream Code. This means flags like `--wait` will be\n automatically supported now. However the upstream script only has the ability\n to interact with the running code-server and cannot spawn new instances. If\n you need to spawn a new code-server from the integrated terminal please\n specify the full path to code-server's usual script (for example\n `/usr/bin/code-server`).\n\n### Fixed\n\n- Invoking `code-server` in the integrated terminal will now work instead of\n erroring about not finding Node.\n\n## [4.5.1](https://github.com/coder/code-server/releases/tag/v4.5.1) - 2022-07-18\n\nCode v1.68.1\n\n### Changed\n\n- We now use `release/v<0.0.0>` for the release branch name so it doesn't\n conflict with the tag name\n- Added `.prettierignore` to ignore formatting files in `lib/vscode`\n\n### Added\n\n- Allow more comprehensive affinity config in Helm chart\n- Added custom message in Homebrew PR to make sure code-server maintainers are\n tagged\n- Allow setting `priorityClassName` via Helm chart\n- Added troubleshooting docs to `CONTRIBUTING.md`\n\n### Fixed\n\n- Removed default memory limit which was set via `NODE_OPTIONS`\n- Changed output in pipe to make it easier to debug code-server when doing live\n edits\n- Fixed display-language patch to use correct path which broke in 4.5.0\n- Fixed multiple code-server windows opening when using the code-server CLI in\n the Integrated Terminal\n- Fixed Integrated Terminal not working when web base was not the root path\n\n### Security\n\n- Updated `glob-parent` version in dependencies\n\n## [4.5.0](https://github.com/coder/code-server/releases/tag/v4.5.0) - 2022-06-29\n\nCode v1.68.1\n\n### Changed\n\n- Updated codecov to use codecov uploader\n- Moved integration tests to Jest\n- Fixed docker release to only download .deb\n- Upgraded to Code 1.68.1\n- Install `nfpm` from GitHub\n- Upgraded to TypeScript 4.6\n\n### Added\n\n- Added tests for `open`, `isWsl`, `handlePasswordValidation`\n- Provided alternate image registry to dockerhub\n- Allowed users to have scripts run on container with `ENTRYPOINTD` environment\n variable\n\n### Fixed\n\n- Fixed open CLI command to work on macOS\n\n## [4.4.0](https://github.com/coder/code-server/releases/tag/v4.4.0) - 2022-05-06\n\nCode v1.66.2\n\n### Changed\n\n- Refactored methods in `Heart` class and made `Heart.beat()` async to make\n testing easier.\n- Upgraded to Code 1.66.2.\n\n### Added\n\n- Added back telemetry patch which was removed in the Code reachitecture.\n- Added support to use `true` for `CS_DISABLE_FILE_DOWNLOADS` environment\n variable. This means you can disable file downloads by setting\n `CS_DISABLE_FILE_DOWNLOADS` to `true` or `1`.\n- Added tests for `Heart` class.\n\n### Fixed\n\n- Fixed installation issue in AUR after LICENSE rename.\n- Fixed issue with listening on IPv6 addresses.\n- Fixed issue with Docker publish action not being able to find artifacts. Now\n it downloads the release assets from the release.\n\n## [4.3.0](https://github.com/coder/code-server/releases/tag/v4.3.0) - 2022-04-14\n\nCode v1.65.2\n\n### Changed\n\n- Excluded .deb files from release Docker image which drops the compressed and\n uncompressed size by 58% and 34%.\n- Upgraded to Code 1.65.2.\n\n### Added\n\n- Added a new CLI flag called `--disable-file-downloads` which allows you to\n disable the \"Download...\" option that shows in the UI when right-clicking on a\n file. This can also set by running `CS_DISABLE_FILE_DOWNLOADS=1`.\n- Aligned the dependencies for binary and npm release artifacts.\n\n### Fixed\n\n- Fixed the code-server version from not displaying in the Help > About dialog.\n- Fixed issues with the TypeScript and JavaScript Language Features Extension\n failing to activate.\n- Fixed missing files in ipynb extension.\n- Fixed the homebrew release workflow.\n- Fixed the Docker release workflow from not always publishing version tags.\n\n## [4.2.0](https://github.com/coder/code-server/releases/tag/v4.2.0) - 2022-03-22\n\nCode v1.64.2\n\n### Added\n\n- Added tests for `handleArgsSocketCatchError`, `setDefaults` and\n `optionDescriptions`.\n\n### Changed\n\n- We switched from using the fork `coder/vscode` to a submodule of\n `microsoft/vscode` + patches managed by `quilt` for how Code sits inside the\n code-server codebase.\n- Upgraded to Code 1.64.2.\n\n### Fixed\n\n- Update popup notification through `--disable-update-check` is now fixed.\n- Fixed PWA icons not loading on iPad\n- Fixed the homebrew release process. Our `cdrci` bot should now automatically\n update the version as part of the release pipeline.\n- Fixed titleBar color setting being ignored in PWA.\n\n### Security\n\n- Updated to `minimist-list`.\n- Updated `cloud-agent` to `v0.2.4` which uses `nhooyr.io/webscoket` `v1.8.7`.\n\n## [4.1.0](https://github.com/coder/code-server/releases/tag/v4.1.0) - 2022-03-03\n\nCode v1.63.0\n\n### Added\n\n- Support for injecting GitHub token into Code so extensions can make use of it.\n This can be done with the `GITHUB_TOKEN` environment variable or `github-auth`\n in the config file.\n- New flag `--socket-mode` allows setting the mode (file permissions) of the\n socket created when using `--socket`.\n- The version of Code bundled with code-server now appears when using the\n `--version` flag. For example: `4.0.2 5cdfe74686aa73e023f8354a9a6014eb30caa7dd with Code 1.63.0`.\n If you have been parsing this flag for the version you might want to use\n `--version --json` instead as doing that will be more stable.\n\n### Changed\n\n- The workspace or folder passed on the CLI will now use the same redirect\n method that the last opened workspace or folder uses. This means if you use\n something like `code-server /path/to/dir` you will now get a query parameter\n added (like so: `my-domain.tld?folder=/path/to/dir`), making it easier to edit\n by hand and making it consistent with the last opened and menu open behaviors.\n- The folder/workspace query parameter no longer has encoded slashes, making\n them more readable and editable by hand. This was only affecting the last\n opened behavior, not opens from the menu.\n\n### Fixed\n\n- Fix web sockets not connecting when using `--cert`.\n- Prevent workspace state collisions when opening a workspace that shares the\n same file path with another workspace on a different machine that shares the\n same domain. This was causing files opened in one workspace to be \"re-\"opened\n in the other workspace when the other workspace is opened.\n- Pin the Express version which should make installing from npm work again.\n- Propagate signals to code-server in the Docker image which means it should\n stop more quickly and gracefully.\n- Fix missing argon binaries in the standalone releases on arm machines.\n\n## [4.0.2](https://github.com/coder/code-server/releases/tag/v4.0.2) - 2022-01-27\n\nCode v1.63.0\n\n### Fixed\n\n- Unset the `BROWSER` environment variable. This fixes applications that hard\n exit when trying to spawn the helper script `BROWSER` points to because the\n file is missing. While we do include the script now we are leaving the\n variable omitted because the script does not work yet.\n\n## [4.0.1](https://github.com/coder/code-server/releases/tag/v4.0.1) - 2022-01-04\n\nCode v1.63.0\n\ncode-server has been rebased on upstream's newly open-sourced server\nimplementation (#4414).\n\n### Changed\n\n- Web socket compression has been made the default (when supported). This means\n the `--enable` flag will no longer take `permessage-deflate` as an option.\n- The static endpoint can no longer reach outside code-server. However the\n vscode-remote-resource endpoint still can.\n- OpenVSX has been made the default marketplace.\n- The last opened folder/workspace is no longer stored separately in the\n settings file (we rely on the already-existing query object instead).\n- The marketplace override environment variables `SERVICE_URL` and `ITEM_URL`\n have been replaced with a single `EXTENSIONS_GALLERY` variable that\n corresponds to `extensionsGallery` in Code's `product.json`.\n\n### Added\n\n- `VSCODE_PROXY_URI` env var for use in the terminal and extensions.\n\n### Removed\n\n- Extra extension directories have been removed. The `--extra-extensions-dir`\n and `--extra-builtin-extensions-dir` flags will no longer be accepted.\n- The `--install-source` flag has been removed.\n\n### Deprecated\n\n- `--link` is now deprecated (#4562).\n\n### Security\n\n- We fixed a XSS vulnerability by escaping HTML from messages in the error page (#4430).\n\n## [3.12.0](https://github.com/coder/code-server/releases/tag/v3.12.0) - 2021-09-15\n\nCode v1.60.0\n\n### Changed\n\n- Upgrade Code to 1.60.0.\n\n### Fixed\n\n- Fix logout when using a base path (#3608).\n\n## [3.11.1](https://github.com/coder/code-server/releases/tag/v3.11.1) - 2021-08-06\n\nUndocumented (see releases page).\n\n## [3.11.0](https://github.com/coder/code-server/releases/tag/v3.11.0) - 2021-06-14\n\nUndocumented (see releases page).\n\n## [3.10.2](https://github.com/coder/code-server/releases/tag/v3.10.2) - 2021-05-21\n\nCode v1.56.1\n\n### Added\n\n- Support `extraInitContainers` in helm chart values (#3393).\n\n### Changed\n\n- Change `extraContainers` to support templating in helm chart (#3393).\n\n### Fixed\n\n- Fix \"Open Folder\" on welcome page (#3437).\n\n## [3.10.1](https://github.com/coder/code-server/releases/tag/v3.10.1) - 2021-05-17\n\nCode v1.56.1\n\n### Fixed\n\n- Check the logged user instead of $USER (#3330).\n- Fix broken node_modules.asar symlink in npm package (#3355).\n- Update cloud agent to fix version issue (#3342).\n\n### Changed\n\n- Use xdgBasedir.runtime instead of tmp (#3304).\n\n## [3.10.0](https://github.com/coder/code-server/releases/tag/v3.10.0) - 2021-05-10\n\nCode v1.56.0\n\n### Changed\n\n- Update to Code 1.56.0 (#3269).\n- Minor connections refactor (#3178). Improves connection stability.\n- Use ptyHostService (#3308). This brings us closer to upstream Code.\n\n### Added\n\n- Add flag for toggling permessage-deflate (#3286). The default is off so\n compression will no longer be used by default. Use the --enable flag to\n toggle it back on.\n\n### Fixed\n\n- Make rate limiter not count against successful logins (#3141).\n- Refactor logout (#3277). This fixes logging out in some scenarios.\n- Make sure directories exist (#3309). This fixes some errors on startup.\n\n### Security\n\n- Update dependencies with CVEs (#3223).\n\n## Previous versions\n\nThis was added with `3.10.0`, which means any previous versions are not\ndocumented in the changelog.\n\nTo see those, please visit the [Releases page](https://github.com/coder/code-server/releases).\n"
},
{
"path": "LICENSE",
"content": "The MIT License\n\nCopyright (c) 2019 Coder Technologies Inc.\n\nPermission is hereby granted, free of charge, to any person obtaining a copy of\nthis software and associated documentation files (the \"Software\"), to deal in\nthe Software without restriction, including without limitation the rights to\nuse, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of\nthe Software, and to permit persons to whom the Software is furnished to do so,\nsubject to the following conditions:\n\nThe above copyright notice and this permission notice shall be included in all\ncopies or substantial portions of the Software.\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\nIMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS\nFOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR\nCOPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER\nIN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN\nCONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.\n"
},
{
"path": "ThirdPartyNotices.txt",
"content": "code-server\n\nTHIRD-PARTY SOFTWARE NOTICES AND INFORMATION\nDo Not Translate or Localize\n\n1.\tMicrosoft/vscode version 1.47.0 (https://github.com/Microsoft/vscode)\n\n%% Microsoft/vscode NOTICES AND INFORMATION BEGIN HERE\n=========================================\nMIT License \n\n\nCopyright (c) 2015 - present Microsoft Corporation \n\n\nPermission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the \"Software\"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: \n\n\nThe above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. \n\n\nTHE SOFTWARE IS PROVIDED \"AS IS\", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. "
},
{
"path": "ci/Caddyfile",
"content": "{\n\tadmin localhost:4444\n}\n:8000 {\n\t@portLocalhost path_regexp port ^/([0-9]+)\\/ide\n handle @portLocalhost {\n\t\turi strip_prefix {re.port.1}/ide\n reverse_proxy localhost:{re.port.1}\n }\n\n\thandle {\n respond \"Bad hostname\" 400\n }\n\n}\n"
},
{
"path": "ci/README.md",
"content": "# ci\n\nThis directory contains scripts used for code-server's continuous integration infrastructure.\n\nSome of these scripts contain more detailed documentation and options\nin header comments.\n\nAny file or directory in this subdirectory should be documented here.\n\n- [./ci/lib.sh](./lib.sh)\n - Contains code duplicated across these scripts.\n\n## dev\n\nThis directory contains scripts used for the development of code-server.\n\n- [./ci/dev/image](./dev/image)\n - See [./docs/CONTRIBUTING.md](../docs/CONTRIBUTING.md) for docs on the development container.\n- [./ci/dev/fmt.sh](./dev/fmt.sh) (`npm run fmt`)\n - Runs formatters.\n- [./ci/dev/lint.sh](./dev/lint.sh) (`npm run lint`)\n - Runs linters.\n- [./ci/dev/test-unit.sh](./dev/test-unit.sh) (`npm run test:unit`)\n - Runs unit tests.\n- [./ci/dev/test-e2e.sh](./dev/test-e2e.sh) (`npm run test:e2e`)\n - Runs end-to-end tests.\n- [./ci/dev/watch.ts](./dev/watch.ts) (`npm run watch`)\n - Starts a process to build and launch code-server and restart on any code changes.\n - Example usage in [./docs/CONTRIBUTING.md](../docs/CONTRIBUTING.md).\n- [./ci/dev/gen_icons.sh](./dev/gen_icons.sh) (`npm run icons`)\n - Generates the various icons from a single `.svg` favicon in\n `src/browser/media/favicon.svg`.\n - Requires [imagemagick](https://imagemagick.org/index.php)\n\n## build\n\nThis directory contains the scripts used to build and release code-server.\nYou can disable minification by setting `MINIFY=`.\n\n- [./ci/build/build-code-server.sh](./build/build-code-server.sh) (`npm run build`)\n - Builds code-server into `./out` and bundles the frontend into `./dist`.\n- [./ci/build/build-vscode.sh](./build/build-vscode.sh) (`npm run build:vscode`)\n - Builds vscode into `./lib/vscode/out-vscode`.\n- [./ci/build/build-release.sh](./build/build-release.sh) (`npm run release`)\n - Bundles the output of the above two scripts into a single node module at `./release`.\n- [./ci/build/clean.sh](./build/clean.sh) (`npm run clean`)\n - Removes all build artifacts.\n - Useful to do a clean build.\n- [./ci/build/code-server.sh](./build/code-server.sh)\n - Copied into standalone releases to run code-server with the bundled node binary.\n- [./ci/build/test-standalone-release.sh](./build/test-standalone-release.sh) (`npm run test:standalone-release`)\n - Ensures code-server in the `./release-standalone` directory works by installing an extension.\n- [./ci/build/build-packages.sh](./build/build-packages.sh) (`npm run package`)\n - Packages `./release-standalone` into a `.tar.gz` archive in `./release-packages`.\n - If on linux, [nfpm](https://github.com/goreleaser/nfpm) is used to generate `.deb` and `.rpm`.\n- [./ci/build/nfpm.yaml](./build/nfpm.yaml)\n - Used to configure [nfpm](https://github.com/goreleaser/nfpm) to generate `.deb` and `.rpm`.\n- [./ci/build/code-server-nfpm.sh](./build/code-server-nfpm.sh)\n - Entrypoint script for code-server for `.deb` and `.rpm`.\n- [./ci/build/code-server.service](./build/code-server.service)\n - systemd user service packaged into the `.deb` and `.rpm`.\n- [./ci/build/release-github-draft.sh](./build/release-github-draft.sh) (`npm run release:github-draft`)\n - Uses [gh](https://github.com/cli/cli) to create a draft release with a template description.\n- [./ci/build/release-github-assets.sh](./build/release-github-assets.sh) (`npm run release:github-assets`)\n - Downloads the release-package artifacts for the current commit from CI.\n - Uses [gh](https://github.com/cli/cli) to upload the artifacts to the release\n specified in `package.json`.\n- [./ci/build/npm-postinstall.sh](./build/npm-postinstall.sh)\n - Post install script for the npm package.\n - Bundled by`npm run release`.\n\n## release-image\n\nThis directory contains the release docker container image.\n\n- [./ci/steps/build-docker-buildx-push.sh](./steps/docker-buildx-push.sh)\n - Builds the release containers with tags `codercom/code-server-$ARCH:$VERSION` for amd64 and arm64 with `docker buildx` and pushes them.\n - Assumes debian releases are ready in `./release-packages`.\n\n## images\n\nThis directory contains the images for CI.\n\n## steps\n\nThis directory contains the scripts used in CI.\nHelps avoid clobbering the CI configuration.\n\n- [./steps/fmt.sh](./steps/fmt.sh)\n - Runs `npm run fmt`.\n- [./steps/lint.sh](./steps/lint.sh)\n - Runs `npm run lint`.\n- [./steps/test-unit.sh](./steps/test-unit.sh)\n - Runs `npm run test:unit`.\n- [./steps/test-integration.sh](./steps/test-integration.sh)\n - Runs `npm run test:integration`.\n- [./steps/test-e2e.sh](./steps/test-e2e.sh)\n - Runs `npm run test:e2e`.\n- [./steps/release.sh](./steps/release.sh)\n - Runs the release process.\n - Generates the npm package at `./release`.\n- [./steps/release-packages.sh](./steps/release-packages.sh)\n - Takes the output of the previous script and generates a standalone release and\n release packages into `./release-packages`.\n- [./steps/publish-npm.sh](./steps/publish-npm.sh)\n - Grabs the `npm-package` release artifact for the current commit and publishes it on npm.\n- [./steps/docker-buildx-push.sh](./steps/docker-buildx-push.sh)\n - Builds the docker image and then pushes it.\n- [./steps/push-docker-manifest.sh](./steps/push-docker-manifest.sh)\n - Loads all images in `./release-images` and then builds and pushes a multi architecture\n docker manifest for the amd64 and arm64 images to `codercom/code-server:$VERSION` and\n `codercom/code-server:latest`.\n"
},
{
"path": "ci/build/build-code-server.sh",
"content": "#!/usr/bin/env bash\nset -euo pipefail\n\n# Builds code-server into out and the frontend into dist.\n\nmain() {\n cd \"$(dirname \"${0}\")/../..\"\n\n tsc\n\n # If out/node/entry.js does not already have the shebang,\n # we make sure to add it and make it executable.\n if ! grep -q -m1 \"^#!/usr/bin/env node\" out/node/entry.js; then\n sed -i.bak \"1s;^;#!/usr/bin/env node\\n;\" out/node/entry.js && rm out/node/entry.js.bak\n chmod +x out/node/entry.js\n fi\n}\n\nmain \"$@\"\n"
},
{
"path": "ci/build/build-lib.sh",
"content": "#!/usr/bin/env bash\n\n# This is a library which contains functions used inside ci/build\n#\n# We separated it into it's own file so that we could easily unit test\n# these functions and helpers.\n\n# On some CPU architectures (notably node/uname \"armv7l\", default on Raspberry Pis),\n# different package managers have different labels for the same CPU (deb=armhf, rpm=armhfp).\n# This function returns the overriden arch on platforms\n# with alternate labels, or the same arch otherwise.\nget_nfpm_arch() {\n local PKG_FORMAT=\"${1:-}\"\n local ARCH=\"${2:-}\"\n\n case \"$ARCH\" in\n armv7l)\n if [ \"$PKG_FORMAT\" = \"deb\" ]; then\n echo armhf\n elif [ \"$PKG_FORMAT\" = \"rpm\" ]; then\n echo armhfp\n fi\n ;;\n *)\n echo \"$ARCH\"\n ;;\n esac\n}\n"
},
{
"path": "ci/build/build-packages.sh",
"content": "#!/usr/bin/env bash\nset -euo pipefail\n\n# Given a platform-specific release found in ./release-standalone, generate an\n# compressed archives and bundles (as appropriate for the platform) named after\n# the platform's architecture and OS and place them in ./release-packages and\n# ./release-gcp.\n\nmain() {\n cd \"$(dirname \"${0}\")/../..\"\n source ./ci/lib.sh\n source ./ci/build/build-lib.sh\n\n # Allow us to override architecture\n # we use this for our Linux ARM64 cross compile builds\n if [ \"$#\" -eq 1 ] && [ \"$1\" ]; then\n ARCH=$1\n fi\n\n mkdir -p release-packages\n\n release_archive\n\n if [[ $OS == \"linux\" ]]; then\n release_nfpm\n fi\n}\n\nrelease_archive() {\n local release_name=\"code-server-$VERSION-$OS-$ARCH\"\n if [[ $OS == \"linux\" ]]; then\n tar -czf \"release-packages/$release_name.tar.gz\" --owner=0 --group=0 --transform \"s/^\\.\\/release-standalone/$release_name/\" ./release-standalone\n else\n tar -czf \"release-packages/$release_name.tar.gz\" -s \"/^release-standalone/$release_name/\" release-standalone\n fi\n\n echo \"done (release-packages/$release_name)\"\n\n release_gcp\n}\n\nrelease_gcp() {\n mkdir -p \"release-gcp/$VERSION\"\n cp \"release-packages/$release_name.tar.gz\" \"./release-gcp/$VERSION/$OS-$ARCH.tar.gz\"\n mkdir -p \"release-gcp/latest\"\n cp \"./release-packages/$release_name.tar.gz\" \"./release-gcp/latest/$OS-$ARCH.tar.gz\"\n}\n\n# Generates deb and rpm packages.\nrelease_nfpm() {\n local nfpm_config\n\n export NFPM_ARCH\n\n PKG_FORMAT=\"deb\"\n NFPM_ARCH=\"$(get_nfpm_arch $PKG_FORMAT \"$ARCH\")\"\n nfpm_config=\"$(envsubst < ./ci/build/nfpm.yaml)\"\n echo \"Building deb\"\n echo \"$nfpm_config\" | head --lines=4\n nfpm pkg -f <(echo \"$nfpm_config\") --target \"release-packages/code-server_${VERSION}_${NFPM_ARCH}.deb\"\n\n PKG_FORMAT=\"rpm\"\n NFPM_ARCH=\"$(get_nfpm_arch $PKG_FORMAT \"$ARCH\")\"\n nfpm_config=\"$(envsubst < ./ci/build/nfpm.yaml)\"\n echo \"Building rpm\"\n echo \"$nfpm_config\" | head --lines=4\n nfpm pkg -f <(echo \"$nfpm_config\") --target \"release-packages/code-server-$VERSION-$NFPM_ARCH.rpm\"\n}\n\nmain \"$@\"\n"
},
{
"path": "ci/build/build-release.sh",
"content": "#!/usr/bin/env bash\nset -euo pipefail\n\n# Once both code-server and VS Code have been built, use this script to copy\n# them into a single directory (./release), prepare the package.json and\n# product.json, and add shrinkwraps. This results in a generic NPM package that\n# we published to NPM and also use to compile platform-specific packages.\n\n# MINIFY controls whether minified VS Code is bundled. It must match the value\n# used when VS Code was built.\nMINIFY=\"${MINIFY-true}\"\n\n# node_modules are not copied by default. Set KEEP_MODULES=1 to copy them.\nKEEP_MODULES=\"${KEEP_MODULES-0}\"\n\nmain() {\n cd \"$(dirname \"${0}\")/../..\"\n\n source ./ci/lib.sh\n\n VSCODE_SRC_PATH=\"lib/vscode\"\n VSCODE_OUT_PATH=\"$RELEASE_PATH/lib/vscode\"\n\n create_shrinkwraps\n\n mkdir -p \"$RELEASE_PATH\"\n\n bundle_code_server\n bundle_vscode\n\n rsync ./docs/README.md \"$RELEASE_PATH\"\n rsync LICENSE \"$RELEASE_PATH\"\n rsync ./lib/vscode/ThirdPartyNotices.txt \"$RELEASE_PATH\"\n}\n\nbundle_code_server() {\n rsync out \"$RELEASE_PATH\"\n\n # For source maps and images.\n mkdir -p \"$RELEASE_PATH/src/browser\"\n rsync src/browser/media/ \"$RELEASE_PATH/src/browser/media\"\n mkdir -p \"$RELEASE_PATH/src/browser/pages\"\n rsync src/browser/pages/*.html \"$RELEASE_PATH/src/browser/pages\"\n rsync src/browser/pages/*.css \"$RELEASE_PATH/src/browser/pages\"\n rsync src/browser/robots.txt \"$RELEASE_PATH/src/browser\"\n\n # Adds the commit to package.json\n jq --slurp '(.[0] | del(.scripts,.jest,.devDependencies)) * .[1]' package.json <(\n cat << EOF\n {\n \"commit\": \"$(git rev-parse HEAD)\",\n \"scripts\": {\n \"postinstall\": \"sh ./postinstall.sh\"\n }\n }\nEOF\n ) > \"$RELEASE_PATH/package.json\"\n mv npm-shrinkwrap.json \"$RELEASE_PATH\"\n\n rsync ci/build/npm-postinstall.sh \"$RELEASE_PATH/postinstall.sh\"\n\n if [ \"$KEEP_MODULES\" = 1 ]; then\n rsync node_modules/ \"$RELEASE_PATH/node_modules\"\n fi\n}\n\nbundle_vscode() {\n mkdir -p \"$VSCODE_OUT_PATH\"\n\n local rsync_opts=()\n if [[ ${DEBUG-} = 1 ]]; then\n rsync_opts+=(-vh)\n fi\n\n # Some extensions have a .gitignore which excludes their built source from the\n # npm package so exclude any .gitignore files.\n rsync_opts+=(--exclude .gitignore)\n\n # Exclude Node as we will add it ourselves for the standalone and will not\n # need it for the npm package.\n rsync_opts+=(--exclude /node)\n\n # Exclude Node modules.\n if [[ $KEEP_MODULES = 0 ]]; then\n rsync_opts+=(--exclude node_modules)\n fi\n\n rsync \"${rsync_opts[@]}\" ./lib/vscode-reh-web-*/ \"$VSCODE_OUT_PATH\"\n\n # Merge the package.json for the web/remote server so we can include\n # dependencies, since we want to ship this via NPM.\n jq --slurp '.[0] * .[1]' \\\n \"$VSCODE_SRC_PATH/remote/package.json\" \\\n \"$VSCODE_OUT_PATH/package.json\" > \"$VSCODE_OUT_PATH/package.json.merged\"\n mv \"$VSCODE_OUT_PATH/package.json.merged\" \"$VSCODE_OUT_PATH/package.json\"\n cp \"$VSCODE_SRC_PATH/remote/npm-shrinkwrap.json\" \"$VSCODE_OUT_PATH/npm-shrinkwrap.json\"\n\n # Include global extension dependencies as well.\n rsync \"$VSCODE_SRC_PATH/extensions/package.json\" \"$VSCODE_OUT_PATH/extensions/package.json\"\n cp \"$VSCODE_SRC_PATH/extensions/npm-shrinkwrap.json\" \"$VSCODE_OUT_PATH/extensions/npm-shrinkwrap.json\"\n rsync \"$VSCODE_SRC_PATH/extensions/postinstall.mjs\" \"$VSCODE_OUT_PATH/extensions/postinstall.mjs\"\n}\n\ncreate_shrinkwraps() {\n # package-lock.json files (used to ensure deterministic versions of\n # dependencies) are not packaged when publishing to the NPM registry.\n #\n # To ensure deterministic dependency versions (even when code-server is\n # installed with NPM), we create an npm-shrinkwrap.json file from the\n # currently installed node_modules. This ensures the versions used from\n # development (that the package-lock.json guarantees) are also the ones\n # installed by end-users. These will include devDependencies, but those will\n # be ignored when installing globally (for code-server), and because we use\n # --omit=dev (for VS Code).\n\n # We first generate the shrinkwrap file for code-server itself - which is the\n # current directory.\n cp package-lock.json package-lock.json.temp\n npm shrinkwrap\n mv package-lock.json.temp package-lock.json\n\n # Then the shrinkwrap files for the bundled VS Code.\n pushd \"$VSCODE_SRC_PATH/remote/\"\n cp package-lock.json package-lock.json.temp\n npm shrinkwrap\n mv package-lock.json.temp package-lock.json\n popd\n\n pushd \"$VSCODE_SRC_PATH/extensions/\"\n cp package-lock.json package-lock.json.temp\n npm shrinkwrap\n mv package-lock.json.temp package-lock.json\n popd\n}\n\nmain \"$@\"\n"
},
{
"path": "ci/build/build-standalone-release.sh",
"content": "#!/usr/bin/env bash\nset -euo pipefail\n\n# Once we have an NPM package, use this script to copy it to a separate\n# directory (./release-standalone) and install the dependencies. This new\n# directory can then be packaged as a platform-specific release.\n\nmain() {\n cd \"$(dirname \"${0}\")/../..\"\n\n source ./ci/lib.sh\n\n rsync \"$RELEASE_PATH/\" \"$RELEASE_PATH-standalone\"\n RELEASE_PATH+=-standalone\n\n # Package managers may shim their own \"node\" wrapper into the PATH, so run\n # node and ask it for its true path.\n local node_path\n node_path=\"$(node -p process.execPath)\"\n\n mkdir -p \"$RELEASE_PATH/bin\"\n mkdir -p \"$RELEASE_PATH/lib\"\n rsync ./ci/build/code-server.sh \"$RELEASE_PATH/bin/code-server\"\n rsync \"$node_path\" \"$RELEASE_PATH/lib/node\"\n\n chmod 755 \"$RELEASE_PATH/lib/node\"\n\n pushd \"$RELEASE_PATH\"\n npm install --unsafe-perm --omit=dev\n # Code deletes some files from the extension node_modules directory which\n # leaves broken symlinks in the corresponding .bin directory. nfpm will fail\n # on these broken symlinks so clean them up.\n rm -fr \"./lib/vscode/extensions/node_modules/.bin\"\n popd\n}\n\nmain \"$@\"\n"
},
{
"path": "ci/build/build-vscode.sh",
"content": "#!/usr/bin/env bash\nset -euo pipefail\n\n# Builds vscode into lib/vscode/out-vscode.\n\n# MINIFY controls whether a minified version of vscode is built.\nMINIFY=${MINIFY-true}\n\ndelete-bin-script() {\n rm -f \"lib/vscode-reh-web-linux-x64/bin/$1\"\n}\n\ncopy-bin-script() {\n local script=\"$1\"\n local dest=\"lib/vscode-reh-web-linux-x64/bin/$script\"\n cp \"lib/vscode/resources/server/bin/$script\" \"$dest\"\n sed -i.bak \"s/@@VERSION@@/$(vscode_version)/g\" \"$dest\"\n sed -i.bak \"s/@@COMMIT@@/$BUILD_SOURCEVERSION/g\" \"$dest\"\n sed -i.bak \"s/@@APPNAME@@/code-server/g\" \"$dest\"\n\n # Fix Node path on Darwin and Linux.\n # We do not want expansion here; this text should make it to the file as-is.\n # shellcheck disable=SC2016\n sed -i.bak 's/^ROOT=\\(.*\\)$/VSROOT=\\1\\nROOT=\"$(dirname \"$(dirname \"$VSROOT\")\")\"/g' \"$dest\"\n sed -i.bak 's/ROOT\\/out/VSROOT\\/out/g' \"$dest\"\n # We do not want expansion here; this text should make it to the file as-is.\n # shellcheck disable=SC2016\n sed -i.bak 's/$ROOT\\/node/${NODE_EXEC_PATH:-$ROOT\\/lib\\/node}/g' \"$dest\"\n\n # Fix Node path on Windows.\n sed -i.bak 's/^set ROOT_DIR=\\(.*\\)$/set ROOT_DIR=%~dp0..\\\\..\\\\..\\\\..\\r\\nset VSROOT_DIR=\\1/g' \"$dest\"\n sed -i.bak 's/%ROOT_DIR%\\\\out/%VSROOT_DIR%\\\\out/g' \"$dest\"\n\n chmod +x \"$dest\"\n rm \"$dest.bak\"\n}\n\nmain() {\n cd \"$(dirname \"${0}\")/../..\"\n\n source ./ci/lib.sh\n\n # Set the commit Code will embed into the product.json. We need to do this\n # since Code tries to get the commit from the `.git` directory which will fail\n # as it is a submodule.\n #\n # Also, we use code-server's commit rather than VS Code's otherwise it would\n # not update when only our patch files change, and that will cause caching\n # issues where the browser keeps using outdated code.\n export BUILD_SOURCEVERSION\n BUILD_SOURCEVERSION=$(git rev-parse HEAD)\n\n pushd lib/vscode\n\n if [[ ! ${VERSION-} ]]; then\n echo \"VERSION not set. Please set before running this script:\"\n echo \"VERSION='0.0.0' npm run build:vscode\"\n exit 1\n fi\n\n # Add the date, our name, links, enable telemetry (this just makes telemetry\n # available; telemetry can still be disabled by flag or setting), and\n # configure trusted extensions (since some, like github.copilot-chat, never\n # ask to be trusted and this is the only way to get auth working).\n #\n # This needs to be done before building as Code will read this file and embed\n # it into the client-side code.\n git checkout product.json # Reset in case the script exited early.\n cp product.json product.original.json # Since jq has no inline edit.\n jq --slurp '.[0] * .[1]' product.original.json <(\n cat << EOF\n {\n \"enableTelemetry\": true,\n \"quality\": \"stable\",\n \"codeServerVersion\": \"$VERSION\",\n \"nameShort\": \"code-server\",\n \"nameLong\": \"code-server\",\n \"applicationName\": \"code-server\",\n \"dataFolderName\": \".code-server\",\n \"win32MutexName\": \"codeserver\",\n \"licenseUrl\": \"https://github.com/coder/code-server/blob/main/LICENSE\",\n \"win32DirName\": \"code-server\",\n \"win32NameVersion\": \"code-server\",\n \"win32AppUserModelId\": \"coder.code-server\",\n \"win32ShellNameShort\": \"c&ode-server\",\n \"darwinBundleIdentifier\": \"com.coder.code.server\",\n \"linuxIconName\": \"com.coder.code.server\",\n \"reportIssueUrl\": \"https://github.com/coder/code-server/issues/new\",\n \"documentationUrl\": \"https://go.microsoft.com/fwlink/?LinkID=533484#vscode\",\n \"keyboardShortcutsUrlMac\": \"https://go.microsoft.com/fwlink/?linkid=832143\",\n \"keyboardShortcutsUrlLinux\": \"https://go.microsoft.com/fwlink/?linkid=832144\",\n \"keyboardShortcutsUrlWin\": \"https://go.microsoft.com/fwlink/?linkid=832145\",\n \"introductoryVideosUrl\": \"https://go.microsoft.com/fwlink/?linkid=832146\",\n \"tipsAndTricksUrl\": \"https://go.microsoft.com/fwlink/?linkid=852118\",\n \"newsletterSignupUrl\": \"https://www.research.net/r/vsc-newsletter\",\n \"linkProtectionTrustedDomains\": [\n \"https://open-vsx.org\"\n ],\n \"trustedExtensionAuthAccess\": [\n \"vscode.git\", \"vscode.github\",\n \"github.vscode-pull-request-github\",\n \"github.copilot\", \"github.copilot-chat\"\n ],\n \"aiConfig\": {\n \"ariaKey\": \"code-server\"\n }\n }\nEOF\n ) > product.json\n\n # Any platform here works since we will do our own packaging. We have to do\n # this because we have an NPM package that could be installed on any platform.\n # The correct platform dependencies and scripts will be installed as part of\n # the post-install during `npm install` or when building a standalone release.\n node --max-old-space-size=16384 --optimize-for-size \\\n ./node_modules/gulp/bin/gulp.js \\\n \"vscode-reh-web-linux-x64${MINIFY:+-min}\"\n\n # Reset so if you develop after building you will not be stuck with the wrong\n # commit (the dev client will use `oss-dev` but the dev server will still use\n # product.json which will have `stable-$commit`).\n git checkout product.json\n\n popd\n\n pushd lib/vscode-reh-web-linux-x64\n # Make sure Code took the version we set in the environment variable. Not\n # having a version will break display languages.\n if ! jq -e .commit product.json; then\n echo \"'commit' is missing from product.json\"\n exit 1\n fi\n popd\n\n # These provide a `code-server` command in the integrated terminal to open\n # files in the current instance.\n delete-bin-script remote-cli/code-server\n copy-bin-script remote-cli/code-darwin.sh\n copy-bin-script remote-cli/code-linux.sh\n copy-bin-script remote-cli/code.cmd\n\n # These provide a way for terminal applications to open browser windows.\n delete-bin-script helpers/browser.sh\n copy-bin-script helpers/browser-darwin.sh\n copy-bin-script helpers/browser-linux.sh\n copy-bin-script helpers/browser.cmd\n}\n\nmain \"$@\"\n"
},
{
"path": "ci/build/clean.sh",
"content": "#!/usr/bin/env bash\nset -euo pipefail\n\nmain() {\n cd \"$(dirname \"${0}\")/../..\"\n source ./ci/lib.sh\n\n git clean -Xffd\n}\n\nmain \"$@\"\n"
},
{
"path": "ci/build/code-server-nfpm.sh",
"content": "#!/usr/bin/env sh\n\nexec /usr/lib/code-server/bin/code-server \"$@\"\n"
},
{
"path": "ci/build/code-server-user.service",
"content": "[Unit]\nDescription=code-server\nAfter=network.target\n\n[Service]\nType=exec\nExecStart=/usr/bin/code-server\nRestart=always\n\n[Install]\nWantedBy=default.target\n"
},
{
"path": "ci/build/code-server.sh",
"content": "#!/bin/sh\nset -eu\n\n# This script is intended to be bundled into the standalone releases.\n# Runs code-server with the bundled node binary.\n\n_realpath() {\n # See https://github.com/coder/code-server/issues/1537 on why no realpath or readlink -f.\n\n script=\"$1\"\n cd \"$(dirname \"$script\")\"\n\n while [ -L \"$(basename \"$script\")\" ]; do\n script=\"$(readlink \"$(basename \"$script\")\")\"\n cd \"$(dirname \"$script\")\"\n done\n\n echo \"$PWD/$(basename \"$script\")\"\n}\n\nroot() {\n script=\"$(_realpath \"$0\")\"\n bin_dir=\"$(dirname \"$script\")\"\n dirname \"$bin_dir\"\n}\n\nROOT=\"$(root)\"\nexec \"$ROOT/lib/node\" \"$ROOT\" \"$@\"\n"
},
{
"path": "ci/build/code-server@.service",
"content": "[Unit]\nDescription=code-server\nAfter=network.target\n\n[Service]\nType=exec\nExecStart=/usr/bin/code-server\nRestart=always\nUser=%i\n\n[Install]\nWantedBy=default.target\n"
},
{
"path": "ci/build/nfpm.yaml",
"content": "name: \"code-server\"\narch: \"${NFPM_ARCH}\"\nplatform: \"linux\"\nversion: \"v${VERSION}\"\nsection: \"devel\"\npriority: \"optional\"\nmaintainer: \"Joe Previte \"\ndescription: |\n Run VS Code in the browser.\nvendor: \"Coder\"\nhomepage: \"https://github.com/coder/code-server\"\nlicense: \"MIT\"\n\ncontents:\n - src: ./ci/build/code-server-nfpm.sh\n dst: /usr/bin/code-server\n\n - src: ./ci/build/code-server@.service\n dst: /usr/lib/systemd/system/code-server@.service\n\n - src: ./ci/build/code-server-user.service\n dst: /usr/lib/systemd/user/code-server.service\n\n - src: ./release-standalone/*\n dst: /usr/lib/code-server\n"
},
{
"path": "ci/build/npm-postinstall.sh",
"content": "#!/usr/bin/env sh\nset -eu\n\n# Copied from ../lib.sh except we do not rename Darwin and we do not need to\n# detect Alpine.\nos() {\n osname=$(uname | tr '[:upper:]' '[:lower:]')\n case $osname in\n cygwin* | mingw*) osname=\"windows\" ;;\n esac\n echo \"$osname\"\n}\n\n# Create a symlink at $2 pointing to $1 on any platform. Anything that\n# currently exists at $2 will be deleted.\nsymlink() {\n source=\"$1\"\n dest=\"$2\"\n rm -rf \"$dest\"\n case $OS in\n windows) mklink /J \"$dest\" \"$source\" ;;\n *) ln -s \"$source\" \"$dest\" ;;\n esac\n}\n\n# VS Code bundles some modules into an asar which is an archive format that\n# works like tar. It then seems to get unpacked into node_modules.asar.\n#\n# I don't know why they do this but all the dependencies they bundle already\n# exist in node_modules so just symlink it. We have to do this since not only\n# Code itself but also extensions will look specifically in this directory for\n# files (like the ripgrep binary or the oniguruma wasm).\nsymlink_asar() {\n symlink node_modules node_modules.asar\n}\n\n# Make a symlink at bin/$1/$3 pointing to the platform-specific version of the\n# script in $2. The extension of the link will be .cmd for Windows otherwise it\n# will be whatever is in $4 (or no extension if $4 is not set).\nsymlink_bin_script() {\n oldpwd=\"$(pwd)\"\n cd \"bin/$1\"\n source=\"$2\"\n dest=\"$3\"\n ext=\"${4-}\"\n case $OS in\n windows) symlink \"$source.cmd\" \"$dest.cmd\" ;;\n darwin | macos) symlink \"$source-darwin.sh\" \"$dest$ext\" ;;\n *) symlink \"$source-linux.sh\" \"$dest$ext\" ;;\n esac\n cd \"$oldpwd\"\n}\n\ncommand_exists() {\n if [ ! \"$1\" ]; then return 1; fi\n command -v \"$@\" > /dev/null\n}\n\nis_root() {\n if command_exists id && [ \"$(id -u)\" = 0 ]; then\n return 0\n fi\n return 1\n}\n\nOS=\"$(os)\"\n\nmain() {\n # Grabs the major version of node from $npm_config_user_agent which looks like\n # yarn/1.21.1 npm/? node/v14.2.0 darwin x64\n major_node_version=$(echo \"$npm_config_user_agent\" | sed -n 's/.*node\\/v\\([^.]*\\).*/\\1/p')\n\n if [ -n \"${FORCE_NODE_VERSION:-}\" ]; then\n echo \"WARNING: Overriding required Node.js version to v$FORCE_NODE_VERSION\"\n echo \"This could lead to broken functionality, and is unsupported.\"\n echo \"USE AT YOUR OWN RISK!\"\n fi\n\n if [ \"$major_node_version\" -ne \"${FORCE_NODE_VERSION:-22}\" ]; then\n echo \"ERROR: code-server currently requires node v22.\"\n if [ -n \"$FORCE_NODE_VERSION\" ]; then\n echo \"However, you have overrided the version check to use v$FORCE_NODE_VERSION.\"\n fi\n echo \"We have detected that you are on node v$major_node_version\"\n echo \"You can override this version check by setting \\$FORCE_NODE_VERSION,\"\n echo \"but configurations that do not use the same node version are unsupported.\"\n exit 1\n fi\n\n # Under npm, if we are running as root, we need --unsafe-perm otherwise\n # post-install scripts will not have sufficient permissions to do their thing.\n if is_root; then\n case \"${npm_config_user_agent-}\" in npm*)\n if [ \"${npm_config_unsafe_perm-}\" != \"true\" ]; then\n echo \"Please pass --unsafe-perm to npm to install code-server\"\n echo \"Otherwise post-install scripts will not have permissions to run\"\n echo \"See https://docs.npmjs.com/misc/config#unsafe-perm\"\n echo \"See https://stackoverflow.com/questions/49084929/npm-sudo-global-installation-unsafe-perm\"\n exit 1\n fi\n ;;\n esac\n fi\n\n if ! vscode_install; then\n echo \"You may not have the required dependencies to build the native modules.\"\n echo \"Please see https://github.com/coder/code-server/blob/main/docs/npm.md\"\n exit 1\n fi\n\n if [ -n \"${FORCE_NODE_VERSION:-}\" ]; then\n echo \"WARNING: The required Node.js version was overriden to v$FORCE_NODE_VERSION\"\n echo \"This could lead to broken functionality, and is unsupported.\"\n echo \"USE AT YOUR OWN RISK!\"\n fi\n}\n\ninstall_with_yarn_or_npm() {\n echo \"User agent: ${npm_config_user_agent-none}\"\n # For development we enforce npm, but for installing the package as an\n # end-user we want to keep using whatever package manager is in use.\n case \"${npm_config_user_agent-}\" in\n npm*)\n if ! npm install --unsafe-perm --omit=dev; then\n return 1\n fi\n ;;\n yarn*)\n if ! yarn --production --frozen-lockfile --no-default-rc; then\n return 1\n fi\n ;;\n *)\n echo \"Could not determine which package manager is being used to install code-server\"\n exit 1\n ;;\n esac\n return 0\n}\n\nvscode_install() {\n echo 'Installing Code dependencies...'\n cd lib/vscode\n if ! install_with_yarn_or_npm; then\n return 1\n fi\n\n symlink_asar\n symlink_bin_script remote-cli code code-server\n symlink_bin_script helpers browser browser .sh\n\n cd extensions\n if ! install_with_yarn_or_npm; then\n return 1\n fi\n\n return 0\n}\n\nmain \"$@\"\n"
},
{
"path": "ci/dev/doctoc.sh",
"content": "#!/usr/bin/env bash\nset -euo pipefail\n\nmain() {\n cd \"$(dirname \"$0\")/../..\"\n\n doctoc --title '# FAQ' docs/FAQ.md > /dev/null\n doctoc --title '# Setup Guide' docs/guide.md > /dev/null\n doctoc --title '# Install' docs/install.md > /dev/null\n doctoc --title '# npm Install Requirements' docs/npm.md > /dev/null\n doctoc --title '# Contributing' docs/CONTRIBUTING.md > /dev/null\n doctoc --title '# Maintaining' docs/MAINTAINING.md > /dev/null\n doctoc --title '# Contributor Covenant Code of Conduct' docs/CODE_OF_CONDUCT.md > /dev/null\n doctoc --title '# iPad' docs/ipad.md > /dev/null\n doctoc --title '# Termux' docs/termux.md > /dev/null\n\n if [[ ${CI-} && $(git ls-files --other --modified --exclude-standard) ]]; then\n echo \"Files need generation or are formatted incorrectly:\"\n git -c color.ui=always status | grep --color=no '\\[31m'\n echo \"Please run the following locally:\"\n echo \" npm run doctoc\"\n exit 1\n fi\n}\n\nmain \"$@\"\n"
},
{
"path": "ci/dev/gen_icons.sh",
"content": "#!/bin/sh\nset -eu\n\n# Generate icons from a single favicon.svg. favicon.svg should have no fill\n# colors set.\nmain() {\n cd src/browser/media\n\n # We need .ico for backwards compatibility. The other two are the only icon\n # sizes required by Chrome and we use them for stuff like apple-touch-icon as\n # well. https://web.dev/add-manifest/\n #\n # This should be enough and we can always add more if there are problems.\n #\n # -quiet to avoid https://github.com/ImageMagick/ImageMagick/issues/884\n # -background defaults to white but we want it transparent.\n # -density somehow makes the image both sharper and smaller in file size.\n #\n # https://imagemagick.org/script/command-line-options.php#background\n convert -quiet -background transparent \\\n -resize 256x256 -density 256x256 \\\n favicon.svg favicon.ico\n\n # Generate PWA icons. There should be enough padding to support masking.\n convert -quiet -border 60x60 -bordercolor white -background white \\\n -resize 192x192 -density 192x192 \\\n favicon.svg pwa-icon-maskable-192.png\n convert -quiet -border 160x160 -bordercolor white -background white \\\n -resize 512x512 -density 512x512 \\\n favicon.svg pwa-icon-maskable-512.png\n\n # Generate non-maskable PWA icons.\n magick pwa-icon-maskable-192.png \\\n \\( +clone -threshold 101% -fill white -draw \"roundRectangle 0,0 %[fx:int(w)],%[fx:int(h)] 50,50\" \\) \\\n -channel-fx \"| gray=>alpha\" \\\n pwa-icon-192.png\n magick pwa-icon-maskable-512.png \\\n \\( +clone -threshold 101% -fill white -draw \"roundRectangle 0,0 %[fx:int(w)],%[fx:int(h)] 100,100\" \\) \\\n -channel-fx \"| gray=>alpha\" \\\n pwa-icon-512.png\n\n # The following adds dark mode support for the favicon as\n # favicon-dark-support.svg There is no similar capability for pwas or .ico so\n # we can only add support to the svg.\n favicon_dark_style=\"\"\n cp favicon.svg favicon-dark-support.svg\n sed \"s% favicon-dark-support.svg\n}\n\nmain \"$@\"\n"
},
{
"path": "ci/dev/lint-scripts.sh",
"content": "#!/usr/bin/env bash\nset -euo pipefail\n\nmain() {\n cd \"$(dirname \"$0\")/../..\"\n shellcheck -e SC2046,SC2164,SC2154,SC1091,SC1090,SC2002 $(git ls-files '*.sh' | grep -v 'lib/vscode')\n}\n\nmain \"$@\"\n"
},
{
"path": "ci/dev/postinstall.sh",
"content": "#!/usr/bin/env bash\nset -euo pipefail\n\n# Install dependencies in $1.\ninstall-deps() {\n local args=()\n if [[ ${CI-} ]]; then\n args+=(ci)\n else\n args+=(install)\n fi\n # If there is no package.json then npm will look upward and end up installing\n # from the root resulting in an infinite loop (this can happen if you have not\n # checked out the submodule yet for example).\n if [[ ! -f \"$1/package.json\" ]]; then\n echo \"$1/package.json is missing; did you run git submodule update --init?\"\n exit 1\n fi\n pushd \"$1\"\n echo \"Installing dependencies for $PWD\"\n npm \"${args[@]}\"\n popd\n}\n\nmain() {\n cd \"$(dirname \"$0\")/../..\"\n source ./ci/lib.sh\n\n install-deps test\n install-deps test/e2e/extensions/test-extension\n # We don't need these when running the integration tests\n # so you can pass SKIP_SUBMODULE_DEPS\n if [[ ! ${SKIP_SUBMODULE_DEPS-} ]]; then\n install-deps lib/vscode\n fi\n}\n\nmain \"$@\"\n"
},
{
"path": "ci/dev/preinstall.js",
"content": "if (process.env.npm_execpath.includes(\"yarn\")) {\n throw new Error(\"`yarn` is no longer supported; please use `npm install` instead\")\n}\n"
},
{
"path": "ci/dev/test-e2e.sh",
"content": "#!/usr/bin/env bash\nset -euo pipefail\n\nhelp() {\n echo >&2 \" You can build with 'npm run watch' or you can build a release\"\n echo >&2 \" For example: 'npm run build && npm run build:vscode && KEEP_MODULES=1 npm run release'\"\n echo >&2 \" Then 'CODE_SERVER_TEST_ENTRY=./release npm run test:e2e'\"\n echo >&2 \" You can manually run that release with 'node ./release'\"\n}\n\nmain() {\n cd \"$(dirname \"$0\")/../..\"\n\n source ./ci/lib.sh\n\n pushd test/e2e/extensions/test-extension\n echo \"Building test extension\"\n npm run build\n popd\n\n local dir=\"$PWD\"\n if [[ ! ${CODE_SERVER_TEST_ENTRY-} ]]; then\n echo \"Set CODE_SERVER_TEST_ENTRY to test another build of code-server\"\n else\n pushd \"$CODE_SERVER_TEST_ENTRY\"\n dir=\"$PWD\"\n popd\n fi\n\n echo \"Testing build in '$dir'\"\n\n # Simple sanity checks to see that we've built. There could still be things\n # wrong (native modules version issues, incomplete build, etc).\n if [[ ! -d $dir/out ]]; then\n echo >&2 \"No code-server build detected\"\n help\n exit 1\n fi\n\n if [[ ! -d $dir/lib/vscode/out ]]; then\n echo >&2 \"No VS Code build detected\"\n help\n exit 1\n fi\n\n cd test\n ./node_modules/.bin/playwright test \"$@\"\n}\n\nmain \"$@\"\n"
},
{
"path": "ci/dev/test-integration.sh",
"content": "#!/usr/bin/env bash\nset -euo pipefail\n\nhelp() {\n echo >&2 \" You can build the standalone release with 'npm run release:standalone'\"\n echo >&2 \" Or you can pass in a custom path.\"\n echo >&2 \" CODE_SERVER_PATH='/var/tmp/coder/code-server/bin/code-server' npm run test:integration\"\n}\n\n# Make sure a code-server release works. You can pass in the path otherwise it\n# will look for release-standalone in the current directory.\n#\n# This is to make sure we don't have Node version errors or any other\n# compilation-related errors.\nmain() {\n cd \"$(dirname \"$0\")/../..\"\n\n source ./ci/lib.sh\n\n local path=\"$RELEASE_PATH-standalone/bin/code-server\"\n if [[ ! ${CODE_SERVER_PATH-} ]]; then\n echo \"Set CODE_SERVER_PATH to test another build of code-server\"\n else\n path=\"$CODE_SERVER_PATH\"\n fi\n\n echo \"Running tests with code-server binary: '$path'\"\n\n if [[ ! -f $path ]]; then\n echo >&2 \"No code-server build detected\"\n echo >&2 \"Looked in $path\"\n help\n exit 1\n fi\n\n CODE_SERVER_PATH=\"$path\" ./test/node_modules/.bin/jest \"$@\" --coverage=false --testRegex \"./test/integration\" --testPathIgnorePatterns \"./test/integration/fixtures\"\n}\n\nmain \"$@\"\n"
},
{
"path": "ci/dev/test-native.sh",
"content": "#!/usr/bin/env bash\nset -euo pipefail\n\nhelp() {\n echo >&2 \" You can build the standalone release with 'npm run release:standalone'\"\n echo >&2 \" Or you can pass in a custom path.\"\n echo >&2 \" CODE_SERVER_PATH='/var/tmp/coder/code-server/bin/code-server' npm run test:integration\"\n}\n\n# Make sure a code-server release works. You can pass in the path otherwise it\n# will look for release-standalone in the current directory.\n#\n# This is to make sure we don't have Node version errors or any other\n# compilation-related errors.\nmain() {\n cd \"$(dirname \"$0\")/../..\"\n\n source ./ci/lib.sh\n\n local path=\"$RELEASE_PATH-standalone/bin/code-server\"\n if [[ ! ${CODE_SERVER_PATH-} ]]; then\n echo \"Set CODE_SERVER_PATH to test another build of code-server\"\n else\n path=\"$CODE_SERVER_PATH\"\n fi\n\n echo \"Running tests with code-server binary: '$path'\"\n\n if [[ ! -f $path ]]; then\n echo >&2 \"No code-server build detected\"\n echo >&2 \"Looked in $path\"\n help\n exit 1\n fi\n\n CODE_SERVER_PATH=\"$path\" ./test/node_modules/.bin/jest \"$@\" --coverage=false --testRegex \"./test/integration/help.test.ts\"\n}\n\nmain \"$@\"\n"
},
{
"path": "ci/dev/test-scripts.sh",
"content": "#!/usr/bin/env bash\nset -euo pipefail\n\nmain() {\n cd \"$(dirname \"$0\")/../..\"\n bats ./test/scripts\n}\n\nmain \"$@\"\n"
},
{
"path": "ci/dev/test-unit.sh",
"content": "#!/usr/bin/env bash\nset -euo pipefail\n\nmain() {\n cd \"$(dirname \"$0\")/../..\"\n\n source ./ci/lib.sh\n\n # We must keep jest in a sub-directory. See ../../test/package.json for more\n # information. We must also run it from the root otherwise coverage will not\n # include our source files.\n ./test/node_modules/.bin/jest \"$@\" --testRegex \"./test/unit/.*ts\"\n}\n\nmain \"$@\"\n"
},
{
"path": "ci/dev/watch.ts",
"content": "import { spawn, ChildProcess } from \"child_process\"\nimport * as path from \"path\"\nimport { onLine, OnLineCallback } from \"../../src/node/util\"\n\ninterface DevelopmentCompilers {\n [key: string]: ChildProcess | undefined\n vscode: ChildProcess\n vscodeWebExtensions: ChildProcess\n codeServer: ChildProcess\n plugins: ChildProcess | undefined\n}\n\nclass Watcher {\n private rootPath = path.resolve(process.cwd())\n private readonly paths = {\n /** Path to uncompiled VS Code source. */\n vscodeDir: path.join(this.rootPath, \"lib/vscode\"),\n pluginDir: process.env.PLUGIN_DIR,\n }\n\n //#region Web Server\n\n /** Development web server. */\n private webServer: ChildProcess | undefined\n\n private reloadWebServer = (): void => {\n if (this.webServer) {\n this.webServer.kill()\n }\n\n // Pass CLI args, save for `node` and the initial script name.\n const args = process.argv.slice(2)\n this.webServer = spawn(\"node\", [path.join(this.rootPath, \"out/node/entry.js\"), ...args])\n onLine(this.webServer, (line) => console.log(\"[code-server]\", line))\n const { pid } = this.webServer\n\n this.webServer.on(\"exit\", () => console.log(\"[code-server]\", `Web process ${pid} exited`))\n\n console.log(\"\\n[code-server]\", `Spawned web server process ${pid}`)\n }\n\n //#endregion\n\n //#region Compilers\n\n private readonly compilers: DevelopmentCompilers = {\n codeServer: spawn(\"tsc\", [\"--watch\", \"--pretty\", \"--preserveWatchOutput\"], { cwd: this.rootPath }),\n vscode: spawn(\"npm\", [\"run\", \"watch\"], { cwd: this.paths.vscodeDir }),\n vscodeWebExtensions: spawn(\"npm\", [\"run\", \"watch-web\"], { cwd: this.paths.vscodeDir }),\n plugins: this.paths.pluginDir\n ? spawn(\"npm\", [\"run\", \"build\", \"--watch\"], { cwd: this.paths.pluginDir })\n : undefined,\n }\n\n public async initialize(): Promise {\n for (const event of [\"SIGINT\", \"SIGTERM\"]) {\n process.on(event, () => this.dispose(0))\n }\n\n for (const [processName, devProcess] of Object.entries(this.compilers)) {\n if (!devProcess) continue\n\n devProcess.on(\"exit\", (code) => {\n console.log(`[${processName}]`, \"Terminated unexpectedly\")\n this.dispose(code)\n })\n\n if (devProcess.stderr) {\n devProcess.stderr.on(\"data\", (d: string | Uint8Array) => process.stderr.write(d))\n }\n }\n\n onLine(this.compilers.vscode, this.parseVSCodeLine)\n onLine(this.compilers.codeServer, this.parseCodeServerLine)\n\n if (this.compilers.plugins) {\n onLine(this.compilers.plugins, this.parsePluginLine)\n }\n }\n\n //#endregion\n\n //#region Line Parsers\n\n private parseVSCodeLine: OnLineCallback = (strippedLine, originalLine) => {\n if (!strippedLine.length) return\n\n console.log(\"[Code OSS]\", originalLine)\n\n if (strippedLine.includes(\"Finished compilation with\")) {\n console.log(\"[Code OSS] āØ Finished compiling! āØ\", \"(Refresh your web browser ā»ļø)\")\n this.reloadWebServer()\n }\n }\n\n private parseCodeServerLine: OnLineCallback = (strippedLine, originalLine) => {\n if (!strippedLine.length) return\n\n console.log(\"[Compiler][code-server]\", originalLine)\n\n if (strippedLine.includes(\"Watching for file changes\")) {\n console.log(\"[Compiler][code-server]\", \"Finished compiling!\", \"(Refresh your web browser ā»ļø)\")\n this.reloadWebServer()\n }\n }\n\n private parsePluginLine: OnLineCallback = (strippedLine, originalLine) => {\n if (!strippedLine.length) return\n\n console.log(\"[Compiler][Plugin]\", originalLine)\n\n if (strippedLine.includes(\"Watching for file changes...\")) {\n this.reloadWebServer()\n }\n }\n\n //#endregion\n\n //#region Utilities\n\n private dispose(code: number | null): void {\n for (const [processName, devProcess] of Object.entries(this.compilers)) {\n console.log(`[${processName}]`, \"Killing...\\n\")\n devProcess?.removeAllListeners()\n devProcess?.kill()\n }\n process.exit(typeof code === \"number\" ? code : 0)\n }\n\n //#endregion\n}\n\nasync function main(): Promise {\n try {\n const watcher = new Watcher()\n await watcher.initialize()\n } catch (error: any) {\n console.error(error.message)\n process.exit(1)\n }\n}\n\nmain()\n"
},
{
"path": "ci/helm-chart/.helmignore",
"content": "# Patterns to ignore when building packages.\n# This supports shell glob matching, relative path matching, and\n# negation (prefixed with !). Only one pattern per line.\n.DS_Store\n# Common VCS dirs\n.git/\n.gitignore\n.bzr/\n.bzrignore\n.hg/\n.hgignore\n.svn/\n# Common backup files\n*.swp\n*.bak\n*.tmp\n*.orig\n*~\n# Various IDEs\n.project\n.idea/\n*.tmproj\n.vscode/\n"
},
{
"path": "ci/helm-chart/Chart.yaml",
"content": "apiVersion: v2\nname: code-server\ndescription: A Helm chart for coder/code-server\n\n# A chart can be either an 'application' or a 'library' chart.\n#\n# Application charts are a collection of templates that can be packaged into versioned archives\n# to be deployed.\n#\n# Library charts provide useful utilities or functions for the chart developer. They're included as\n# a dependency of application charts to inject those utilities and functions into the rendering\n# pipeline. Library charts do not define any templates and therefore cannot be deployed.\ntype: application\n\n# This is the chart version. This version number should be incremented each time you make changes\n# to the chart and its templates, including the app version.\n# Versions are expected to follow Semantic Versioning (https://semver.org/)\nversion: 3.33.0\n\n# This is the version number of the application being deployed. This version number should be\n# incremented each time you make changes to the application. Versions are not expected to\n# follow Semantic Versioning. They should reflect the version the application is using.\nappVersion: 4.109.5\n"
},
{
"path": "ci/helm-chart/templates/NOTES.txt",
"content": "1. Get the application URL by running these commands:\n{{- if .Values.ingress.enabled }}\n{{- range $host := .Values.ingress.hosts }}\n {{- range .paths }}\n http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }}\n {{- end }}\n{{- end }}\n{{- else if contains \"NodePort\" .Values.service.type }}\n export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath=\"{.spec.ports[0].nodePort}\" services {{ include \"code-server.fullname\" . }})\n export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath=\"{.items[0].status.addresses[0].address}\")\n echo http://$NODE_IP:$NODE_PORT\n{{- else if contains \"LoadBalancer\" .Values.service.type }}\n NOTE: It may take a few minutes for the LoadBalancer IP to be available.\n You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include \"code-server.fullname\" . }}'\n export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include \"code-server.fullname\" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')\n echo http://$SERVICE_IP:{{ .Values.service.port }}\n{{- else if contains \"ClusterIP\" .Values.service.type }}\n echo \"Visit http://127.0.0.1:8080 to use your application\"\n kubectl port-forward --namespace {{ .Release.Namespace }} service/{{ include \"code-server.fullname\" . }} 8080:http\n{{- end }}\n\nAdministrator credentials:\n\n Password: echo $(kubectl get secret --namespace {{ .Release.Namespace }} {{ template \"code-server.fullname\" . }} -o jsonpath=\"{.data.password}\" | base64 --decode)\n"
},
{
"path": "ci/helm-chart/templates/_helpers.tpl",
"content": "{{/* vim: set filetype=mustache: */}}\n{{/*\nExpand the name of the chart.\n*/}}\n{{- define \"code-server.name\" -}}\n{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix \"-\" -}}\n{{- end -}}\n\n{{/*\nCreate a default fully qualified app name.\nWe truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).\nIf release name contains chart name it will be used as a full name.\n*/}}\n{{- define \"code-server.fullname\" -}}\n{{- if .Values.fullnameOverride -}}\n{{- .Values.fullnameOverride | trunc 63 | trimSuffix \"-\" -}}\n{{- else -}}\n{{- $name := default .Chart.Name .Values.nameOverride -}}\n{{- if contains $name .Release.Name -}}\n{{- .Release.Name | trunc 63 | trimSuffix \"-\" -}}\n{{- else -}}\n{{- printf \"%s-%s\" .Release.Name $name | trunc 63 | trimSuffix \"-\" -}}\n{{- end -}}\n{{- end -}}\n{{- end -}}\n\n{{/*\nCreate chart name and version as used by the chart label.\n*/}}\n{{- define \"code-server.chart\" -}}\n{{- printf \"%s-%s\" .Chart.Name .Chart.Version | replace \"+\" \"_\" | trunc 63 | trimSuffix \"-\" -}}\n{{- end -}}\n\n{{/*\nCommon labels\n*/}}\n{{- define \"code-server.labels\" -}}\nhelm.sh/chart: {{ include \"code-server.chart\" . }}\n{{ include \"code-server.selectorLabels\" . }}\n{{- if .Chart.AppVersion }}\napp.kubernetes.io/version: {{ .Chart.AppVersion | quote }}\n{{- end }}\napp.kubernetes.io/managed-by: {{ .Release.Service }}\n{{- end }}\n\n{{/*\nSelector labels\n*/}}\n{{- define \"code-server.selectorLabels\" -}}\napp.kubernetes.io/name: {{ include \"code-server.name\" . }}\napp.kubernetes.io/instance: {{ .Release.Name }}\n{{- end }}\n\n{{/*\nCreate the name of the service account to use\n*/}}\n{{- define \"code-server.serviceAccountName\" -}}\n{{- if .Values.serviceAccount.create -}}\n {{ default (include \"code-server.fullname\" .) .Values.serviceAccount.name }}\n{{- else -}}\n {{ default \"default\" .Values.serviceAccount.name }}\n{{- end -}}\n{{- end -}}\n"
},
{
"path": "ci/helm-chart/templates/deployment.yaml",
"content": "apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: {{ include \"code-server.fullname\" . }}\n labels:\n {{- include \"code-server.labels\" . | nindent 4 }}\n {{- if .Values.annotations }}\n annotations: {{- toYaml .Values.annotations | nindent 4 }}\n {{- end }}\nspec:\n replicas: {{ .Values.replicaCount | default 1 }}\n strategy:\n type: Recreate\n selector:\n matchLabels:\n {{- include \"code-server.selectorLabels\" . | nindent 6 }}\n template:\n metadata:\n labels:\n {{- include \"code-server.selectorLabels\" . | nindent 8 }}\n {{- if .Values.podAnnotations }}\n annotations: {{- toYaml .Values.podAnnotations | nindent 8 }}\n {{- end }}\n spec:\n imagePullSecrets: {{- toYaml .Values.imagePullSecrets | nindent 8 }}\n {{- if .Values.hostnameOverride }}\n hostname: {{ .Values.hostnameOverride }}\n {{- end }}\n {{- if .Values.priorityClassName }}\n priorityClassName: {{ .Values.priorityClassName }}\n {{- end }}\n {{- if .Values.securityContext.enabled }}\n securityContext:\n fsGroup: {{ .Values.securityContext.fsGroup }}\n {{- end }}\n {{- if or (and .Values.volumePermissions.enabled .Values.persistence.enabled) .Values.extraInitContainers }}\n initContainers:\n {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }}\n - name: init-chmod-data\n image: busybox:latest\n imagePullPolicy: IfNotPresent\n command:\n - sh\n - -c\n - |\n chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} /home/coder\n securityContext:\n runAsUser: {{ .Values.volumePermissions.securityContext.runAsUser }}\n volumeMounts:\n - name: data\n mountPath: /home/coder\n {{- end }}\n{{- if .Values.extraInitContainers }}\n{{ tpl .Values.extraInitContainers . | indent 6}}\n{{- end }}\n {{- end }}\n containers:\n{{- if .Values.extraContainers }}\n{{ tpl .Values.extraContainers . | indent 8}}\n{{- end }}\n - name: {{ .Chart.Name }}\n image: \"{{ .Values.image.repository }}:{{ .Values.image.tag }}\"\n imagePullPolicy: {{ .Values.image.pullPolicy }}\n {{- if .Values.securityContext.enabled }}\n securityContext:\n runAsUser: {{ .Values.securityContext.runAsUser }}\n {{- end }}\n {{- if .Values.lifecycle.enabled }}\n lifecycle:\n {{- if .Values.lifecycle.postStart }}\n postStart:\n {{ toYaml .Values.lifecycle.postStart | nindent 14 }}\n {{- end }}\n {{- if .Values.lifecycle.preStop }}\n preStop:\n {{ toYaml .Values.lifecycle.preStop | nindent 14 }}\n {{- end }}\n {{- end }}\n env:\n {{- if .Values.extraVars }}\n{{ toYaml .Values.extraVars | indent 10 }}\n {{- end }}\n - name: PASSWORD\n valueFrom:\n secretKeyRef:\n {{- if .Values.existingSecret }}\n name: {{ .Values.existingSecret }}\n {{- else }}\n name: {{ template \"code-server.fullname\" . }}\n {{- end }}\n key: password\n {{- if .Values.extraArgs }}\n args:\n{{ toYaml .Values.extraArgs | indent 10 }}\n {{- end }}\n volumeMounts:\n - name: data\n mountPath: /home/coder\n {{- range .Values.extraConfigmapMounts }}\n - name: {{ .name }}\n mountPath: {{ .mountPath }}\n subPath: {{ .subPath | default \"\" }}\n readOnly: {{ .readOnly }}\n {{- end }}\n {{- range .Values.extraSecretMounts }}\n - name: {{ .name }}\n mountPath: {{ .mountPath }}\n subPath: {{ .subPath | default \"\" }}\n readOnly: {{ .readOnly }}\n {{- end }}\n {{- range .Values.extraVolumeMounts }}\n - name: {{ .name }}\n mountPath: {{ .mountPath }}\n subPath: {{ .subPath | default \"\" }}\n readOnly: {{ .readOnly }}\n {{- end }}\n ports:\n - name: http\n containerPort: 8080\n protocol: TCP\n {{- range .Values.extraPorts }}\n - name: {{ .name }}\n containerPort: {{ .port }}\n protocol: {{ .protocol }}\n {{- end }}\n {{- if ne .Values.livenessProbe.enabled false }}\n livenessProbe:\n httpGet:\n path: /healthz\n port: http\n {{- end }}\n {{- if ne .Values.readinessProbe.enabled false }}\n readinessProbe:\n httpGet:\n path: /healthz\n port: http\n {{- end }}\n resources:\n {{- toYaml .Values.resources | nindent 12 }}\n {{- with .Values.nodeSelector }}\n nodeSelector:\n {{- toYaml . | nindent 8 }}\n {{- end }}\n {{- with .Values.affinity }}\n affinity:\n {{- tpl . $ | nindent 8 }}\n {{- end }}\n {{- with .Values.tolerations }}\n tolerations:\n {{- toYaml . | nindent 8 }}\n {{- end }}\n serviceAccountName: {{ template \"code-server.serviceAccountName\" . }}\n volumes:\n - name: data\n {{- if .Values.persistence.enabled }}\n {{- if not .Values.persistence.hostPath }}\n persistentVolumeClaim:\n claimName: {{ .Values.persistence.existingClaim | default (include \"code-server.fullname\" .) }}\n {{- else }}\n hostPath:\n path: {{ .Values.persistence.hostPath }}\n type: Directory\n {{- end -}}\n {{- else }}\n emptyDir: {}\n {{- end -}}\n {{- range .Values.extraSecretMounts }}\n - name: {{ .name }}\n secret:\n secretName: {{ .secretName }}\n defaultMode: {{ .defaultMode }}\n {{- end }}\n {{- range .Values.extraConfigmapMounts }}\n - name: {{ .name }}\n configMap:\n name: {{ .configMap }}\n defaultMode: {{ .defaultMode }}\n {{- end }}\n {{- range .Values.extraVolumeMounts }}\n - name: {{ .name }}\n {{- if .existingClaim }}\n persistentVolumeClaim:\n claimName: {{ .existingClaim }}\n {{- else if .hostPath }}\n hostPath:\n path: {{ .hostPath }}\n type: Directory\n {{- else }}\n emptyDir:\n {{- toYaml .emptyDir | nindent 10 }}\n {{- end }}\n {{- end }}\n"
},
{
"path": "ci/helm-chart/templates/ingress.yaml",
"content": "{{- if .Values.ingress.enabled -}}\n{{- $fullName := include \"code-server.fullname\" . -}}\n{{- $svcPort := .Values.service.port -}}\n{{- if semverCompare \">=1.19-0\" $.Capabilities.KubeVersion.GitVersion -}}\napiVersion: networking.k8s.io/v1\n{{- else if semverCompare \">=1.14-0\" .Capabilities.KubeVersion.GitVersion -}}\napiVersion: networking.k8s.io/v1beta1\n{{- else -}}\napiVersion: extensions/v1beta1\n{{- end }}\nkind: Ingress\nmetadata:\n name: {{ $fullName }}\n labels:\n {{- include \"code-server.labels\" . | nindent 4 }}\n {{- with .Values.ingress.annotations }}\n annotations:\n {{- toYaml . | nindent 4 }}\n {{- end }}\nspec:\n {{- if .Values.ingress.ingressClassName }}\n ingressClassName: {{ .Values.ingress.ingressClassName }}\n {{- end }}\n {{- if .Values.ingress.tls }}\n tls:\n {{- range .Values.ingress.tls }}\n - hosts:\n {{- range .hosts }}\n - {{ . | quote }}\n {{- end }}\n secretName: {{ .secretName }}\n {{- end }}\n {{- end }}\n rules:\n {{- if semverCompare \">=1.19-0\" $.Capabilities.KubeVersion.GitVersion -}}\n {{- range .Values.ingress.hosts }}\n - host: {{ .host | quote }}\n http:\n paths:\n {{- range .paths }}\n - path: {{ . }}\n pathType: Prefix\n backend:\n service:\n name: {{ $fullName }}\n port: \n number: {{ $svcPort }}\n {{- end }}\n {{- end }}\n {{- else -}}\n {{- range .Values.ingress.hosts }}\n - host: {{ .host | quote }}\n http:\n paths:\n {{- range .paths }}\n - path: {{ . }}\n backend:\n serviceName: {{ $fullName }}\n servicePort: {{ $svcPort }}\n {{- end }}\n {{- end }}\n {{- end }}\n{{- end }}"
},
{
"path": "ci/helm-chart/templates/pvc.yaml",
"content": "{{- if and (and .Values.persistence.enabled (not .Values.persistence.existingClaim)) (not .Values.persistence.hostPath) }}\nkind: PersistentVolumeClaim\napiVersion: v1\nmetadata:\n name: {{ include \"code-server.fullname\" . }}\n namespace: {{ .Release.Namespace }}\n{{- with .Values.persistence.annotations }}\n annotations:\n{{ toYaml . | indent 4 }}\n{{- end }}\n labels:\n {{- include \"code-server.labels\" . | nindent 4 }}\nspec:\n accessModes:\n - {{ .Values.persistence.accessMode | quote }}\n resources:\n requests:\n storage: {{ .Values.persistence.size | quote }}\n{{- if .Values.persistence.storageClass }}\n{{- if (eq \"-\" .Values.persistence.storageClass) }}\n storageClassName: \"\"\n{{- else }}\n storageClassName: \"{{ .Values.persistence.storageClass }}\"\n{{- end }}\n{{- end }}\n{{- end }}\n"
},
{
"path": "ci/helm-chart/templates/secrets.yaml",
"content": "{{- if not .Values.existingSecret }}\napiVersion: v1\nkind: Secret\nmetadata:\n name: {{ include \"code-server.fullname\" . }}\n annotations:\n \"helm.sh/hook\": \"pre-install\"\n labels:\n {{- include \"code-server.labels\" . | nindent 4 }}\ntype: Opaque\ndata:\n {{- if .Values.password }}\n password: \"{{ .Values.password | b64enc }}\"\n {{- else }}\n password: \"{{ randAlphaNum 24 | b64enc }}\"\n {{- end }}\n{{- end }}\n"
},
{
"path": "ci/helm-chart/templates/service.yaml",
"content": "apiVersion: v1\nkind: Service\nmetadata:\n name: {{ include \"code-server.fullname\" . }}\n labels:\n {{- include \"code-server.labels\" . | nindent 4 }}\nspec:\n type: {{ .Values.service.type }}\n ports:\n - port: {{ .Values.service.port }}\n targetPort: http\n protocol: TCP\n name: http\n {{- range .Values.extraPorts }}\n - port: {{ .port }}\n targetPort: {{ .port }}\n protocol: {{ .protocol }}\n name: {{ .name }}\n {{- end }}\n selector:\n app.kubernetes.io/name: {{ include \"code-server.name\" . }}\n app.kubernetes.io/instance: {{ .Release.Name }}\n"
},
{
"path": "ci/helm-chart/templates/serviceaccount.yaml",
"content": "{{- if or .Values.serviceAccount.create -}}\napiVersion: v1\nkind: ServiceAccount\nmetadata:\n labels:\n {{- include \"code-server.labels\" . | nindent 4 }}\n name: {{ template \"code-server.serviceAccountName\" . }}\n{{- end -}}\n"
},
{
"path": "ci/helm-chart/templates/tests/test-connection.yaml",
"content": "apiVersion: v1\nkind: Pod\nmetadata:\n name: \"{{ include \"code-server.fullname\" . }}-test-connection\"\n labels:\n {{- include \"code-server.labels\" . | nindent 4 }}\n annotations:\n \"helm.sh/hook\": test\nspec:\n containers:\n - name: wget\n image: busybox\n command: ['wget']\n args: ['{{ include \"code-server.fullname\" . }}:{{ .Values.service.port }}/healthz']\n restartPolicy: Never\n"
},
{
"path": "ci/helm-chart/values.yaml",
"content": "# Default values for code-server.\n# This is a YAML-formatted file.\n# Declare variables to be passed into your templates.\n\nreplicaCount: 1\n\nimage:\n repository: codercom/code-server\n tag: '4.109.5'\n pullPolicy: Always\n\n# Specifies one or more secrets to be used when pulling images from a\n# private container repository\n# https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry\nimagePullSecrets: []\n# - name: registry-creds\n\nnameOverride: \"\"\nfullnameOverride: \"\"\nhostnameOverride: \"\"\n\n# The existing secret to use for code-server authentication in the frontend. the password is stored in the secret under the key `password`\n# existingSecret: \"\"\n\nserviceAccount:\n # Specifies whether a service account should be created\n create: true\n # Annotations to add to the service account\n annotations: {}\n # The name of the service account to use.\n # If not set and create is true, a name is generated using the fullname template\n name: \"\"\n\n# Specifies annotations for deployment\nannotations: {}\n\npodAnnotations: {}\n\npodSecurityContext: {}\n # fsGroup: 2000\n\npriorityClassName: \"\"\n\nservice:\n type: ClusterIP\n port: 8080\n\ningress:\n enabled: false\n #annotations:\n # kubernetes.io/tls-acme: \"true\"\n #hosts:\n # - host: code-server.example.loc\n # paths:\n # - /\n ingressClassName: \"\"\n #tls:\n # - secretName: code-server\n # hosts:\n # - code-server.example.loc\n\n# Optional additional arguments\nextraArgs: []\n # These are the arguments normally passed to code-server; run\n # code-server --help for a list of available options.\n #\n # Each argument and parameter must have its own entry; if you use\n # --param value on the command line, then enter it here as:\n #\n # - --param\n # - value\n #\n # If you receive an error like \"Unknown option --param value\", it may be\n # because both the parameter and value are specified as a single argument,\n # rather than two separate arguments (e.g. \"- --param value\" on a line).\n\n# Optional additional environment variables\nextraVars: []\n# - name: DISABLE_TELEMETRY\n# value: \"true\"\n# if dind is desired:\n# - name: DOCKER_HOST\n# value: \"tcp://localhost:2376\"\n\n##\n## Init containers parameters:\n## volumePermissions: Change the owner of the persist volume mountpoint to RunAsUser:fsGroup\n##\nvolumePermissions:\n enabled: true\n securityContext:\n runAsUser: 0\n\n## Pod Security Context\n## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/\n##\nsecurityContext:\n enabled: true\n fsGroup: 1000\n runAsUser: 1000\n\nresources: {}\n # We usually recommend not to specify default resources and to leave this as a conscious\n # choice for the user. This also increases chances charts run on environments with little\n # resources, such as Minikube. If you do want to specify resources, uncomment the following\n # lines, adjust them as necessary, and remove the curly braces after 'resources:'.\n # limits:\n # cpu: 100m\n # memory: 128Mi\n # requests:\n # cpu: 100m\n # memory: 1000Mi\n\nlivenessProbe:\n enabled: true\n\nreadinessProbe:\n enabled: true\n\nnodeSelector: {}\n\ntolerations: []\n\naffinity: {}\n\n## Persist data to a persistent volume\npersistence:\n enabled: true\n ## code-server data Persistent Volume Storage Class\n ## If defined, storageClassName: \n ## If set to \"-\", storageClassName: \"\", which disables dynamic provisioning\n ## If undefined (the default) or set to null, no storageClassName spec is\n ## set, choosing the default provisioner. (gp2 on AWS, standard on\n ## GKE, AWS & OpenStack)\n ##\n # storageClass: \"-\"\n accessMode: ReadWriteOnce\n size: 10Gi\n annotations: {}\n # existingClaim: \"\"\n # hostPath: /data\n\nlifecycle:\n enabled: false\n # postStart:\n # exec:\n # command:\n # - /bin/bash\n # - -c\n # - curl -s -L SOME_SCRIPT | bash\n\n # for dind, the following may be helpful\n # postStart:\n # exec:\n # command:\n # - /bin/sh\n # - -c\n # - |\n # sudo apt-get update \\\n # && sudo apt-get install -y docker.io\n\n## Enable an Specify container in extraContainers.\n##Ā This is meant to allow adding code-server dependencies, like docker-dind.\nextraContainers: |\n# If docker-dind is used, DOCKER_HOST env is mandatory to set in \"extraVars\"\n# - name: docker-dind\n# image: docker:28.3.2-dind\n# imagePullPolicy: IfNotPresent\n# resources:\n# requests:\n# cpu: 1\n# ephemeral-storage: \"50Gi\"\n# memory: 10Gi\n# securityContext:\n# privileged: true\n# procMount: Default\n# env:\n# - name: DOCKER_TLS_CERTDIR\n# value: \"\" # disable TLS setup\n# command:\n# - dockerd\n# - --host=unix:///var/run/docker.sock\n# - --host=tcp://0.0.0.0:2376\n\n\nextraInitContainers: |\n# - name: customization\n# image: {{ .Values.image.repository }}:{{ .Values.image.tag }}\n# imagePullPolicy: IfNotPresent\n# env:\n# - name: SERVICE_URL\n# value: https://open-vsx.org/vscode/gallery\n# - name: ITEM_URL\n# value: https://open-vsx.org/vscode/item\n# command:\n# - sh\n# - -c\n# - |\n# code-server --install-extension ms-python.python\n# code-server --install-extension golang.Go\n# volumeMounts:\n# - name: data\n# mountPath: /home/coder\n\n## Additional code-server secret mounts\nextraSecretMounts: []\n # - name: secret-files\n # mountPath: /etc/secrets\n # subPath: private.key # (optional)\n # secretName: code-server-secret-files\n # readOnly: true\n\n## Additional code-server volume mounts\nextraVolumeMounts: []\n # - name: extra-volume\n # mountPath: /mnt/volume\n # readOnly: true\n # existingClaim: volume-claim\n # hostPath: \"\"\n # emptyDir: {}\n\nextraConfigmapMounts: []\n # - name: certs-configmap\n # mountPath: /etc/code-server/ssl/\n # subPath: certificates.crt # (optional)\n # configMap: certs-configmap\n # readOnly: true\n\nextraPorts: []\n # - name: minecraft\n # port: 25565\n # protocol: tcp\n"
},
{
"path": "ci/lib.sh",
"content": "#!/usr/bin/env bash\nset -euo pipefail\n\npushd() {\n builtin pushd \"$@\" > /dev/null\n}\n\npopd() {\n builtin popd > /dev/null\n}\n\nvscode_version() {\n jq -r .version lib/vscode/package.json\n}\n\nos() {\n osname=$(uname | tr '[:upper:]' '[:lower:]')\n case $osname in\n linux)\n # Alpine's ldd doesn't have a version flag but if you use an invalid flag\n # (like --version) it outputs the version to stderr and exits with 1.\n # TODO: Better to check /etc/os-release; see ../install.sh.\n ldd_output=$(ldd --version 2>&1 || true)\n if echo \"$ldd_output\" | grep -iq musl; then\n osname=\"alpine\"\n fi\n ;;\n darwin) osname=\"macos\" ;;\n cygwin* | mingw*) osname=\"windows\" ;;\n esac\n echo \"$osname\"\n}\n\narch() {\n cpu=\"$(uname -m)\"\n case \"$cpu\" in\n aarch64) cpu=arm64 ;;\n x86_64) cpu=amd64 ;;\n esac\n echo \"$cpu\"\n}\n\nrsync() {\n command rsync -a --del \"$@\"\n}\n\nARCH=\"$(arch)\"\nexport ARCH\nOS=$(os)\nexport OS\n\n# RELEASE_PATH is the destination directory for the release from the root.\n# Defaults to release\nRELEASE_PATH=\"${RELEASE_PATH-release}\"\n"
},
{
"path": "ci/release-image/Dockerfile",
"content": "# syntax=docker/dockerfile:experimental\n\nARG BASE=debian:12\nFROM scratch AS packages\nCOPY release-packages/code-server*.deb /tmp/\n\nFROM $BASE\n\nRUN apt-get update \\\n && apt-get install -y \\\n curl \\\n dumb-init \\\n git \\\n git-lfs \\\n htop \\\n locales \\\n lsb-release \\\n man-db \\\n nano \\\n openssh-client \\\n procps \\\n sudo \\\n vim-tiny \\\n wget \\\n zsh \\\n && git lfs install \\\n && rm -rf /var/lib/apt/lists/*\n\n# https://wiki.debian.org/Locale#Manually\nRUN sed -i \"s/# en_US.UTF-8/en_US.UTF-8/\" /etc/locale.gen \\\n && locale-gen\nENV LANG=en_US.UTF-8\n\nRUN if grep -q 1000 /etc/passwd; then \\\n userdel -r \"$(id -un 1000)\"; \\\n fi \\\n && adduser --gecos '' --disabled-password coder \\\n && echo \"coder ALL=(ALL) NOPASSWD:ALL\" >> /etc/sudoers.d/nopasswd\n\nRUN ARCH=\"$(dpkg --print-architecture)\" \\\n && curl -fsSL \"https://github.com/boxboat/fixuid/releases/download/v0.6.0/fixuid-0.6.0-linux-$ARCH.tar.gz\" | tar -C /usr/local/bin -xzf - \\\n && chown root:root /usr/local/bin/fixuid \\\n && chmod 4755 /usr/local/bin/fixuid \\\n && mkdir -p /etc/fixuid \\\n && printf \"user: coder\\ngroup: coder\\n\" > /etc/fixuid/config.yml\n\nCOPY ci/release-image/entrypoint.sh /usr/bin/entrypoint.sh\nRUN --mount=from=packages,src=/tmp,dst=/tmp/packages dpkg -i /tmp/packages/code-server*$(dpkg --print-architecture).deb\n\n# Allow users to have scripts run on container startup to prepare workspace.\n# https://github.com/coder/code-server/issues/5177\nENV ENTRYPOINTD=${HOME}/entrypoint.d\n\nEXPOSE 8080\n# This way, if someone sets $DOCKER_USER, docker-exec will still work as\n# the uid will remain the same. note: only relevant if -u isn't passed to\n# docker-run.\nUSER 1000\nENV USER=coder\nWORKDIR /home/coder\nENTRYPOINT [\"/usr/bin/entrypoint.sh\", \"--bind-addr\", \"0.0.0.0:8080\", \".\"]\n"
},
{
"path": "ci/release-image/Dockerfile.fedora",
"content": "# syntax=docker/dockerfile:experimental\n\nARG BASE=fedora:39\nFROM scratch AS packages\nCOPY release-packages/code-server*.rpm /tmp/\n\nFROM $BASE\n\nRUN dnf update -y \\\n && dnf install -y \\\n curl \\\n git \\\n git-lfs \\\n htop \\\n nano \\\n openssh-clients \\\n procps \\\n wget \\\n zsh \\\n dumb-init \\\n glibc-langpack-en \\\n && rm -rf /var/cache/dnf\nRUN git lfs install\n\nENV LANG=en_US.UTF-8\nRUN echo 'LANG=\"en_US.UTF-8\"' > /etc/locale.conf\n\nRUN useradd -u 1000 coder && echo \"coder ALL=(ALL) NOPASSWD:ALL\" >> /etc/sudoers.d/nopasswd\n\nRUN ARCH=\"$(uname -m | sed 's/x86_64/amd64/g' | sed 's/aarch64/arm64/g')\" \\\n && curl -fsSL \"https://github.com/boxboat/fixuid/releases/download/v0.6.0/fixuid-0.6.0-linux-$ARCH.tar.gz\" | tar -C /usr/local/bin -xzf - \\\n && chown root:root /usr/local/bin/fixuid \\\n && chmod 4755 /usr/local/bin/fixuid \\\n && mkdir -p /etc/fixuid \\\n && printf \"user: coder\\ngroup: coder\\n\" > /etc/fixuid/config.yml\n\nCOPY ci/release-image/entrypoint.sh /usr/bin/entrypoint.sh\nRUN --mount=from=packages,src=/tmp,dst=/tmp/packages rpm -i /tmp/packages/code-server*$(uname -m | sed 's/x86_64/amd64/g' | sed 's/aarch64/arm64/g').rpm\n\n# Allow users to have scripts run on container startup to prepare workspace.\n# https://github.com/coder/code-server/issues/5177\nENV ENTRYPOINTD=${HOME}/entrypoint.d\n\nEXPOSE 8080\n# This way, if someone sets $DOCKER_USER, docker-exec will still work as\n# the uid will remain the same. note: only relevant if -u isn't passed to\n# docker-run.\nUSER 1000\nENV USER=coder\nWORKDIR /home/coder\nENTRYPOINT [\"/usr/bin/entrypoint.sh\", \"--bind-addr\", \"0.0.0.0:8080\", \".\"]\n"
},
{
"path": "ci/release-image/Dockerfile.opensuse",
"content": "# syntax=docker/dockerfile:experimental\n\nARG BASE=opensuse/tumbleweed\nFROM scratch AS packages\nCOPY release-packages/code-server*.rpm /tmp/\n\nFROM $BASE\n\nRUN zypper dup -y \\\n && zypper in -y \\\n curl \\\n git \\\n git-lfs \\\n htop \\\n nano \\\n openssh-clients \\\n procps \\\n wget \\\n zsh \\\n sudo \\\n catatonit \\\n && rm -rf /var/cache/zypp /var/cache/zypper\nRUN git lfs install\n\nENV LANG=en_US.UTF-8\nRUN echo 'LANG=\"en_US.UTF-8\"' > /etc/locale.conf\n\nRUN useradd -u 1000 coder && echo \"coder ALL=(ALL) NOPASSWD:ALL\" >> /etc/sudoers.d/nopasswd\n\nRUN ARCH=\"$(uname -m | sed 's/x86_64/amd64/g' | sed 's/aarch64/arm64/g')\" \\\n && curl -fsSL \"https://github.com/boxboat/fixuid/releases/download/v0.6.0/fixuid-0.6.0-linux-$ARCH.tar.gz\" | tar -C /usr/local/bin -xzf - \\\n && chown root:root /usr/local/bin/fixuid \\\n && chmod 4755 /usr/local/bin/fixuid \\\n && mkdir -p /etc/fixuid \\\n && printf \"user: coder\\ngroup: coder\\n\" > /etc/fixuid/config.yml\n\nCOPY ci/release-image/entrypoint-catatonit.sh /usr/bin/entrypoint-catatonit.sh\nRUN --mount=from=packages,src=/tmp,dst=/tmp/packages rpm -i /tmp/packages/code-server*$(uname -m | sed 's/x86_64/amd64/g' | sed 's/aarch64/arm64/g').rpm\n\n# Allow users to have scripts run on container startup to prepare workspace.\n# https://github.com/coder/code-server/issues/5177\nENV ENTRYPOINTD=${HOME}/entrypoint.d\n\nEXPOSE 8080\n# This way, if someone sets $DOCKER_USER, docker-exec will still work as\n# the uid will remain the same. note: only relevant if -u isn't passed to\n# docker-run.\nUSER 1000\nENV USER=coder\nWORKDIR /home/coder\nENTRYPOINT [\"/usr/bin/entrypoint-catatonit.sh\", \"--bind-addr\", \"0.0.0.0:8080\", \".\"]\n"
},
{
"path": "ci/release-image/docker-bake.hcl",
"content": "# Use this file from the top of the repo, with `-f ci/release-image/docker-bake.hcl`\n\n# Uses env var VERSION if set;\n# normally, this is set by ci/lib.sh\nvariable \"VERSION\" {\n default = \"latest\"\n}\n\nvariable \"DOCKER_REGISTRY\" {\n default = \"docker.io/codercom/code-server\"\n}\n\nvariable \"GITHUB_REGISTRY\" {\n default = \"ghcr.io/coder/code-server\"\n}\n\ngroup \"default\" {\n targets = [\n \"code-server-debian-12\",\n \"code-server-ubuntu-focal\",\n \"code-server-ubuntu-noble\",\n \"code-server-fedora-39\",\n \"code-server-opensuse-tumbleweed\",\n ]\n}\n\nfunction \"prepend_hyphen_if_not_null\" {\n params = [tag]\n result = notequal(\"\",\"${tag}\") ? \"-${tag}\" : \"${tag}\"\n}\n\n# use empty tag (tag=\"\") to generate default tags\nfunction \"gen_tags\" {\n params = [registry, tag]\n result = notequal(\"\",\"${registry}\") ? [\n notequal(\"\", \"${tag}\") ? \"${registry}:${tag}\" : \"${registry}:latest\",\n notequal(\"latest\",VERSION) ? \"${registry}:${VERSION}${prepend_hyphen_if_not_null(tag)}\" : \"\",\n ] : []\n}\n\n# helper function to generate tags for docker registry and github registry.\n# set (DOCKER|GITHUB)_REGISTRY=\"\" to disable corresponding registry\nfunction \"gen_tags_for_docker_and_ghcr\" {\n params = [tag]\n result = concat(\n gen_tags(\"${DOCKER_REGISTRY}\", \"${tag}\"),\n gen_tags(\"${GITHUB_REGISTRY}\", \"${tag}\"),\n )\n}\n\ntarget \"code-server-debian-12\" {\n dockerfile = \"ci/release-image/Dockerfile\"\n tags = concat(\n gen_tags_for_docker_and_ghcr(\"\"),\n gen_tags_for_docker_and_ghcr(\"debian\"),\n gen_tags_for_docker_and_ghcr(\"bookworm\"),\n )\n platforms = [\"linux/amd64\", \"linux/arm64\"]\n}\n\ntarget \"code-server-ubuntu-focal\" {\n dockerfile = \"ci/release-image/Dockerfile\"\n tags = concat(\n gen_tags_for_docker_and_ghcr(\"ubuntu\"),\n gen_tags_for_docker_and_ghcr(\"focal\"),\n )\n args = {\n BASE = \"ubuntu:focal\"\n }\n platforms = [\"linux/amd64\", \"linux/arm64\"]\n}\n\ntarget \"code-server-ubuntu-noble\" {\n dockerfile = \"ci/release-image/Dockerfile\"\n tags = concat(\n gen_tags_for_docker_and_ghcr(\"noble\"),\n )\n args = {\n BASE = \"ubuntu:noble\"\n }\n platforms = [\"linux/amd64\", \"linux/arm64\"]\n}\n\ntarget \"code-server-fedora-39\" {\n dockerfile = \"ci/release-image/Dockerfile.fedora\"\n tags = concat(\n gen_tags_for_docker_and_ghcr(\"fedora\"),\n gen_tags_for_docker_and_ghcr(\"39\"),\n )\n args = {\n BASE = \"fedora:39\"\n }\n platforms = [\"linux/amd64\", \"linux/arm64\"]\n}\n\ntarget \"code-server-opensuse-tumbleweed\" {\n dockerfile = \"ci/release-image/Dockerfile.opensuse\"\n tags = concat(\n gen_tags_for_docker_and_ghcr(\"opensuse\"),\n gen_tags_for_docker_and_ghcr(\"tumbleweed\"),\n )\n args = {\n BASE = \"opensuse/tumbleweed\"\n }\n platforms = [\"linux/amd64\", \"linux/arm64\"]\n}\n"
},
{
"path": "ci/release-image/entrypoint-catatonit.sh",
"content": "#!/bin/sh\nset -eu\n\n# We do this first to ensure sudo works below when renaming the user.\n# Otherwise the current container UID may not exist in the passwd database.\neval \"$(fixuid -q)\"\n\nif [ \"${DOCKER_USER-}\" ]; then\n USER=\"$DOCKER_USER\"\n if [ \"$DOCKER_USER\" != \"$(whoami)\" ]; then\n echo \"$DOCKER_USER ALL=(ALL) NOPASSWD:ALL\" | sudo tee -a /etc/sudoers.d/nopasswd > /dev/null\n # Unfortunately we cannot change $HOME as we cannot move any bind mounts\n # nor can we bind mount $HOME into a new home as that requires a privileged container.\n sudo usermod --login \"$DOCKER_USER\" coder\n sudo groupmod -n \"$DOCKER_USER\" coder\n\n sudo sed -i \"/coder/d\" /etc/sudoers.d/nopasswd\n fi\nfi\n\n# Allow users to have scripts run on container startup to prepare workspace.\n# https://github.com/coder/code-server/issues/5177\nif [ -d \"${ENTRYPOINTD}\" ]; then\n find \"${ENTRYPOINTD}\" -type f -executable -print -exec {} \\;\nfi\n\nexec catatonit -- /usr/bin/code-server \"$@\"\n"
},
{
"path": "ci/release-image/entrypoint.sh",
"content": "#!/bin/sh\nset -eu\n\n# We do this first to ensure sudo works below when renaming the user.\n# Otherwise the current container UID may not exist in the passwd database.\neval \"$(fixuid -q)\"\n\nif [ \"${DOCKER_USER-}\" ]; then\n USER=\"$DOCKER_USER\"\n if [ -z \"$(id -u \"$DOCKER_USER\" 2>/dev/null)\" ]; then\n echo \"$DOCKER_USER ALL=(ALL) NOPASSWD:ALL\" | sudo tee -a /etc/sudoers.d/nopasswd > /dev/null\n # Unfortunately we cannot change $HOME as we cannot move any bind mounts\n # nor can we bind mount $HOME into a new home as that requires a privileged container.\n sudo usermod --login \"$DOCKER_USER\" coder\n sudo groupmod -n \"$DOCKER_USER\" coder\n\n sudo sed -i \"/coder/d\" /etc/sudoers.d/nopasswd\n fi\nfi\n\n# Allow users to have scripts run on container startup to prepare workspace.\n# https://github.com/coder/code-server/issues/5177\nif [ -d \"${ENTRYPOINTD}\" ]; then\n find \"${ENTRYPOINTD}\" -type f -executable -print -exec {} \\;\nfi\n\nexec dumb-init /usr/bin/code-server \"$@\"\n"
},
{
"path": "ci/steps/brew-bump.sh",
"content": "#!/usr/bin/env bash\nset -euo pipefail\n\nmain() {\n # Only sourcing this so we get access to $VERSION\n source ./ci/lib.sh\n source ./ci/steps/steps-lib.sh\n\n echo \"Checking environment variables\"\n\n # We need VERSION to bump the brew formula\n if ! is_env_var_set \"VERSION\"; then\n echo \"VERSION is not set\"\n exit 1\n fi\n\n # We need HOMEBREW_GITHUB_API_TOKEN to push up commits\n if ! is_env_var_set \"HOMEBREW_GITHUB_API_TOKEN\"; then\n echo \"HOMEBREW_GITHUB_API_TOKEN is not set\"\n exit 1\n fi\n\n # Find the docs for bump-formula-pr here\n # https://github.com/Homebrew/brew/blob/master/Library/Homebrew/dev-cmd/bump-formula-pr.rb#L18\n local output\n if ! output=$(brew bump-formula-pr --version=\"${VERSION}\" code-server --no-browse --no-audit --message=\"PR opened by @${GITHUB_ACTOR}\" 2>&1); then\n if [[ $output == *\"Duplicate PRs should not be opened\"* ]]; then\n echo \"$VERSION is already submitted\"\n exit 0\n else\n echo \"$output\"\n exit 1\n fi\n fi\n}\n\nmain \"$@\"\n"
},
{
"path": "ci/steps/docker-buildx-push.sh",
"content": "#!/usr/bin/env bash\nset -euo pipefail\n\nmain() {\n cd \"$(dirname \"$0\")/../..\"\n # NOTE@jsjoeio - this script assumes VERSION exists as an\n # environment variable.\n\n # NOTE@jsjoeio - this script assumes that you've downloaded\n # the release-packages artifact to ./release-packages before\n # running this docker buildx step\n docker buildx bake -f ci/release-image/docker-bake.hcl --push\n}\n\nmain \"$@\"\n"
},
{
"path": "ci/steps/publish-npm.sh",
"content": "#!/usr/bin/env bash\nset -euo pipefail\n\nmain() {\n cd \"$(dirname \"$0\")/../..\"\n source ./ci/lib.sh\n source ./ci/steps/steps-lib.sh\n\n ## Authentication tokens\n # Needed to publish on NPM\n if ! is_env_var_set \"NPM_TOKEN\"; then\n echo \"NPM_TOKEN is not set. Cannot publish to npm without credentials.\"\n exit 1\n fi\n\n ## Publishing Information\n # All the variables below are used to determine how we should publish\n # the npm package. We also use this information for bumping the version.\n # This is because npm won't publish your package unless it's a new version.\n # i.e. for development, we bump the version to --\n # example: \"version\": \"4.0.1-4769-ad7b23cfe6ffd72914e34781ef7721b129a23040\"\n # We use this to grab the PR_NUMBER\n if ! is_env_var_set \"GITHUB_REF\"; then\n echo \"GITHUB_REF is not set. Are you running this locally? We rely on values provided by GitHub.\"\n exit 1\n fi\n\n # We use this when setting NPM_VERSION\n if ! is_env_var_set \"GITHUB_SHA\"; then\n echo \"GITHUB_SHA is not set. Are you running this locally? We rely on values provided by GitHub.\"\n exit 1\n fi\n\n # We use this to determine the NPM_ENVIRONMENT\n if ! is_env_var_set \"GITHUB_EVENT_NAME\"; then\n echo \"GITHUB_EVENT_NAME is not set. Are you running this locally? We rely on values provided by GitHub.\"\n exit 1\n fi\n\n # Check that we're using at least v7 of npm CLI\n if ! command -v jq &> /dev/null; then\n echo \"Couldn't find jq\"\n echo \"We need this in order to modify the package.json for dev builds.\"\n exit 1\n fi\n\n # This allows us to publish to npm in CI workflows\n if [[ ${CI-} ]]; then\n echo \"//registry.npmjs.org/:_authToken=${NPM_TOKEN}\" > ~/.npmrc\n fi\n\n ## Environment\n # This string is used to determine how we should tag the npm release.\n # Environment can be one of three choices:\n # \"development\" - this means we tag with the PR number, allowing\n # a developer to install this version with `npm install code-server@`\n # \"staging\" - this means we tag with `beta`, allowing\n # a developer to install this version with `npm install code-server@beta`\n # \"production\" - this means we tag with `latest` (default), allowing\n # a developer to install this version with `npm install code-server@latest`\n if ! is_env_var_set \"NPM_ENVIRONMENT\"; then\n echo \"NPM_ENVIRONMENT is not set.\"\n echo \"Determining in script based on GITHUB environment variables.\"\n\n if [[ \"$GITHUB_EVENT_NAME\" == 'push' && \"$GITHUB_REF\" == 'refs/heads/main' ]]; then\n NPM_ENVIRONMENT=\"staging\"\n else\n NPM_ENVIRONMENT=\"development\"\n fi\n\n fi\n\n # NOTE@jsjoeio - this script assumes we have the artifact downloaded on disk\n # That happens in CI as a step before we run this.\n # https://github.com/actions/upload-artifact/issues/38\n tar -xzf release-npm-package/package.tar.gz\n\n # We use this to set the name of the package in the\n # package.json\n PACKAGE_NAME=\"code-server\"\n\n # NOTES:@jsjoeio\n # We only need to run npm version for \"development\" and \"staging\".\n # This is because our release:prep script automatically bumps the version\n # in the package.json and we commit it as part of the release PR.\n if [[ \"$NPM_ENVIRONMENT\" == \"production\" ]]; then\n NPM_VERSION=\"$VERSION\"\n # This means the npm version will be published as \"stable\"\n # and installed when a user runs `npm install code-server`\n NPM_TAG=\"latest\"\n else\n COMMIT_SHA=\"$GITHUB_SHA\"\n\n if [[ \"$NPM_ENVIRONMENT\" == \"staging\" ]]; then\n NPM_VERSION=\"$VERSION-beta-$COMMIT_SHA\"\n # This means the npm version will be tagged with \"beta\"\n # and installed when a user runs `npm install code-server@beta`\n NPM_TAG=\"beta\"\n PACKAGE_NAME=\"@coder/code-server-pr\"\n fi\n\n if [[ \"$NPM_ENVIRONMENT\" == \"development\" ]]; then\n # Source: https://github.com/actions/checkout/issues/58#issuecomment-614041550\n PR_NUMBER=$(echo \"$GITHUB_REF\" | awk 'BEGIN { FS = \"/\" } ; { print $3 }')\n NPM_VERSION=\"$VERSION-$PR_NUMBER-$COMMIT_SHA\"\n PACKAGE_NAME=\"@coder/code-server-pr\"\n # This means the npm version will be tagged with \"\"\n # and installed when a user runs `npm install code-server@`\n NPM_TAG=\"$PR_NUMBER\"\n fi\n\n echo \"- tag: $NPM_TAG\"\n echo \"- version: $NPM_VERSION\"\n echo \"- package name: $PACKAGE_NAME\"\n echo \"- npm environment: $NPM_ENVIRONMENT\"\n\n # We modify the version in the package.json\n # to be the current version + the PR number + commit SHA\n # or we use current version + beta + commit SHA\n # Example: \"version\": \"4.0.1-4769-ad7b23cfe6ffd72914e34781ef7721b129a23040\"\n # Example: \"version\": \"4.0.1-beta-ad7b23cfe6ffd72914e34781ef7721b129a23040\"\n pushd release\n npm version \"$NPM_VERSION\"\n # Use the development package name\n # This is so we don't clutter the code-server versions on npm\n # with development versions.\n # jq can't edit in place so we must store in memory and echo\n local contents\n contents=\"$(jq \".name |= \\\"$PACKAGE_NAME\\\"\" package.json)\"\n echo \"${contents}\" > package.json\n popd\n fi\n\n # We need to make sure we haven't already published the version.\n # If we get error, continue with script because we want to publish\n # If version is valid, we check if we're publishing the same one\n local hasVersion\n if hasVersion=$(npm view \"$PACKAGE_NAME@$NPM_VERSION\" version 2> /dev/null) && [[ $hasVersion == \"$NPM_VERSION\" ]]; then\n echo \"$NPM_VERSION is already published under $PACKAGE_NAME\"\n return\n fi\n\n # Since the dev builds are scoped to @coder\n # We pass --access public to ensure npm knows it's not private.\n cd release\n npm publish --tag \"$NPM_TAG\" --access public\n}\n\nmain \"$@\"\n"
},
{
"path": "ci/steps/steps-lib.sh",
"content": "#!/usr/bin/env bash\n\n# This is a library which contains functions used inside ci/steps\n#\n# We separated it into it's own file so that we could easily unit test\n# these functions and helpers\n\n# Checks whether and environment variable is set.\n# Source: https://stackoverflow.com/a/62210688/3015595\nis_env_var_set() {\n local name=\"${1:-}\"\n if test -n \"${!name:-}\"; then\n return 0\n else\n return 1\n fi\n}\n\n# Checks whether a directory exists.\ndirectory_exists() {\n local dir=\"${1:-}\"\n if [[ -d \"${dir:-}\" ]]; then\n return 0\n else\n return 1\n fi\n}\n\n# Checks whether a file exists.\nfile_exists() {\n local file=\"${1:-}\"\n if test -f \"${file:-}\"; then\n return 0\n else\n return 1\n fi\n}\n\n# Checks whether a file is executable.\nis_executable() {\n local file=\"${1:-}\"\n if [ -f \"${file}\" ] && [ -r \"${file}\" ] && [ -x \"${file}\" ]; then\n return 0\n else\n return 1\n fi\n}\n"
},
{
"path": "docs/CODE_OF_CONDUCT.md",
"content": "\n\n\n# Contributor Covenant Code of Conduct\n\n- [Contributor Covenant Code of Conduct](#contributor-covenant-code-of-conduct)\n - [Our Pledge](#our-pledge)\n - [Our Standards](#our-standards)\n - [Our Responsibilities](#our-responsibilities)\n - [Scope](#scope)\n - [Enforcement](#enforcement)\n - [Attribution](#attribution)\n\n\n\n\n# Contributor Covenant Code of Conduct\n\n## Our Pledge\n\nIn the interest of fostering an open and welcoming environment, we as\ncontributors and maintainers pledge to making participation in our project and\nour community a harassment-free experience for everyone, regardless of age, body\nsize, disability, ethnicity, sex characteristics, gender identity and expression,\nlevel of experience, education, socio-economic status, nationality, personal\nappearance, race, religion, or sexual identity and orientation.\n\n## Our Standards\n\nExamples of behavior that contributes to creating a positive environment\ninclude:\n\n- Using welcoming and inclusive language\n- Being respectful of differing viewpoints and experiences\n- Gracefully accepting constructive criticism\n- Focusing on what is best for the community\n- Showing empathy towards other community members\n\nExamples of unacceptable behavior by participants include:\n\n- The use of sexualized language or imagery and unwelcome sexual attention or\n advances\n- Trolling, insulting/derogatory comments, and personal or political attacks\n- Public or private harassment\n- Publishing others' private information, such as a physical or electronic\n address, without explicit permission\n- Other conduct which could reasonably be considered inappropriate in a\n professional setting\n\n## Our Responsibilities\n\nProject maintainers are responsible for clarifying the standards of acceptable\nbehavior and are expected to take appropriate and fair corrective action in\nresponse to any instances of unacceptable behavior.\n\nProject maintainers have the right and responsibility to remove, edit, or\nreject comments, commits, code, wiki edits, issues, and other contributions\nthat are not aligned to this Code of Conduct, or to ban temporarily or\npermanently any contributor for other behaviors that they deem inappropriate,\nthreatening, offensive, or harmful.\n\n## Scope\n\nThis Code of Conduct applies both within project spaces and in public spaces\nwhen an individual is representing the project or its community. Examples of\nrepresenting a project or community include using an official project e-mail\naddress, posting via an official social media account, or acting as an appointed\nrepresentative at an online or offline event. Representation of a project may be\nfurther defined and clarified by project maintainers.\n\n## Enforcement\n\nInstances of abusive, harassing, or otherwise unacceptable behavior may be\nreported by contacting the project team at opensource@coder.com. All\ncomplaints will be reviewed and investigated and will result in a response that\nis deemed necessary and appropriate to the circumstances. The project team is\nobligated to maintain confidentiality with regard to the reporter of an incident.\nFurther details of specific enforcement policies may be posted separately.\n\nProject maintainers who do not follow or enforce the Code of Conduct in good\nfaith may face temporary or permanent repercussions as determined by other\nmembers of the project's leadership.\n\n## Attribution\n\nThis Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,\navailable at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html\n\n[homepage]: https://www.contributor-covenant.org\n\nFor answers to common questions about this code of conduct, see\nhttps://www.contributor-covenant.org/faq\n"
},
{
"path": "docs/CONTRIBUTING.md",
"content": "\n\n\n# Contributing\n\n- [Requirements](#requirements)\n - [Linux-specific requirements](#linux-specific-requirements)\n- [Development workflow](#development-workflow)\n - [Version updates to Code](#version-updates-to-code)\n - [Patching Code](#patching-code)\n - [Build](#build)\n - [Creating a Standalone Release](#creating-a-standalone-release)\n - [Troubleshooting](#troubleshooting)\n - [I see \"Forbidden access\" when I load code-server in the browser](#i-see-forbidden-access-when-i-load-code-server-in-the-browser)\n - [\"Can only have one anonymous define call per script\"](#can-only-have-one-anonymous-define-call-per-script)\n - [Help](#help)\n- [Test](#test)\n - [Unit tests](#unit-tests)\n - [Script tests](#script-tests)\n - [Integration tests](#integration-tests)\n - [End-to-end tests](#end-to-end-tests)\n- [Structure](#structure)\n - [Modifications to Code](#modifications-to-code)\n - [Currently Known Issues](#currently-known-issues)\n\n\n\n\n## Requirements\n\nThe prerequisites for contributing to code-server are almost the same as those\nfor [VS Code](https://github.com/Microsoft/vscode/wiki/How-to-Contribute#prerequisites).\nHere is what is needed:\n\n- `node` v22.x\n- `git` v2.x or greater\n- [`git-lfs`](https://git-lfs.github.com)\n- [`npm`](https://www.npmjs.com/)\n - Used to install JS packages and run scripts\n- [`nfpm`](https://nfpm.goreleaser.com/)\n - Used to build `.deb` and `.rpm` packages\n- [`jq`](https://stedolan.github.io/jq/)\n - Used to build code-server releases\n- [`gnupg`](https://gnupg.org/index.html)\n - All commits must be signed and verified; see GitHub's [Managing commit\n signature\n verification](https://docs.github.com/en/github/authenticating-to-github/managing-commit-signature-verification)\n or follow [this tutorial](https://joeprevite.com/verify-commits-on-github)\n- `quilt`\n - Used to manage patches to Code\n- `rsync` and `unzip`\n - Used for code-server releases\n- `bats`\n - Used to run script unit tests\n\n### Linux-specific requirements\n\nIf you're developing code-server on Linux, make sure you have installed or\ninstall the following dependencies:\n\n```shell\nsudo apt-get install build-essential g++ libx11-dev libxkbfile-dev libsecret-1-dev libkrb5-dev python-is-python3\n```\n\nThese are required by Code. See [their Wiki](https://github.com/microsoft/vscode/wiki/How-to-Contribute#prerequisites)\nfor more information.\n\n## Development workflow\n\n1. `git clone https://github.com/coder/code-server.git` - Clone `code-server`\n2. `git submodule update --init` - Clone `vscode` submodule\n3. `quilt push -a` - Apply patches to the `vscode` submodule.\n4. `npm install` - Install dependencies\n5. `npm run watch` - Launch code-server localhost:8080. code-server will be live\n reloaded when changes are made; the browser needs to be refreshed manually.\n\nWhen pulling down changes that include modifications to the patches you will\nneed to apply them with `quilt`. If you pull down changes that update the\n`vscode` submodule you will need to run `git submodule update --init` and\nre-apply the patches.\n\nWhen you make a change that affects people deploying the marketplace please\nupdate the changelog as part of your PR.\n\nNote that building code-server takes a very, very long time, and loading it in\nthe browser in development mode also takes a very, very long time.\n\nDisplay language (Spanish, etc) support only works in a full build; it will not\nwork in development mode.\n\nGenerally we prefer that PRs be squashed into `main` but you can rebase or merge\nif it is important to keep the individual commits (make sure to clean up the\ncommits first if you are doing this).\n\n### Version updates to Code\n\n1. Remove any patches with `quilt pop -a`.\n2. Update the `lib/vscode` submodule to the desired upstream version branch.\n 1. `cd lib/vscode && git checkout release/1.66 && cd ../..`\n 2. `git add lib && git commit -m \"chore: update to Code \"`\n3. Apply the patches one at a time (`quilt push`). If the application succeeds\n but the lines changed, update the patch with `quilt refresh`. If there are\n conflicts, then force apply with `quilt push -f`, manually add back the\n rejected code, then run `quilt refresh`.\n4. From the code-server **project root**, run `npm install`.\n5. Check the Node.js version that's used by Electron (which is shipped with VS\n Code. If necessary, update our version of Node.js to match.\n\n### Patching Code\n\n1. You can go through the patch stack with `quilt push` and `quilt pop`.\n2. Create a new patch (`quilt new {name}.diff`) or use an existing patch.\n3. Add the file(s) you are patching (`quilt add [-P patch] {file}`). A file\n **must** be added before you make changes to it.\n4. Make your changes. Patches do not need to be independent of each other but\n each patch must result in a working code-server without any broken in-between\n states otherwise they are difficult to test and modify.\n5. Add your changes to the patch (`quilt refresh`)\n6. Add a comment in the patch about the reason for the patch and how to\n reproduce the behavior it fixes or adds. Every patch should have an e2e test\n as well.\n\n### Build\n\nYou can build a full production as follows:\n\n```shell\ngit submodule update --init\nquilt push -a\nnpm install\nnpm run build\nVERSION=0.0.0 npm run build:vscode\nnpm run release\n```\n\nThis does not keep `node_modules`. If you want them to be kept, use\n`KEEP_MODULES=1 npm run release`\n\nRun your build:\n\n```shell\ncd release\nnpm install --omit=dev # Skip if you used KEEP_MODULES=1\n# Runs the built JavaScript with Node.\nnode .\n```\n\nThen, to build the release package:\n\n```shell\nnpm run release:standalone\nnpm run test:integration\nnpm run package\n```\n\n> On Linux, the currently running distro will become the minimum supported\n> version. In our GitHub Actions CI, we use CentOS 8 for maximum compatibility.\n> If you need your builds to support older distros, run the build commands\n> inside a Docker container with all the build requirements installed.\n\n#### Creating a Standalone Release\n\nPart of the build process involves creating standalone releases. At the time of\nwriting, we do this for the following platforms/architectures:\n\n- Linux amd64 (.tar.gz, .deb, and .rpm)\n- Linux arm64 (.tar.gz, .deb, and .rpm)\n- Linux arm7l (.tar.gz)\n- Linux armhf.deb\n- Linux armhf.rpm\n- macOS arm64.tar.gz\n\nCurrently, these are compiled in CI using the `npm run release:standalone`\ncommand in the `release.yaml` workflow. We then upload them to the draft release\nand distribute via GitHub Releases.\n\n### Troubleshooting\n\n#### I see \"Forbidden access\" when I load code-server in the browser\n\nThis means your patches didn't apply correctly. We have a patch to remove the\nauth from vanilla Code because we use our own.\n\nTry popping off the patches with `quilt pop -a` and reapplying with `quilt push\n-a`.\n\n#### \"Can only have one anonymous define call per script\"\n\nCode might be trying to use a dev or prod HTML in the wrong context. You can try\nre-running code-server and setting `VSCODE_DEV=1`.\n\n### Help\n\nIf you get stuck or need help, you can always start a new GitHub Discussion\n[here](https://github.com/coder/code-server/discussions). One of the maintainers\nwill respond and help you out.\n\n## Test\n\nThere are four kinds of tests in code-server:\n\n1. Unit tests\n2. Script tests\n3. Integration tests\n4. End-to-end tests\n\n### Unit tests\n\nOur unit tests are written in TypeScript and run using\n[Jest](https://jestjs.io/), the testing framework].\n\nThese live under [test/unit](../test/unit).\n\nWe use unit tests for functions and things that can be tested in isolation. The\nfile structure is modeled closely after `/src` so it's easy for people to know\nwhere test files should live.\n\n### Script tests\n\nOur script tests are written in bash and run using [bats](https://github.com/bats-core/bats-core).\n\nThese tests live under `test/scripts`.\n\nWe use these to test anything related to our scripts (most of which live under\n`ci`).\n\n### Integration tests\n\nThese are a work in progress. We build code-server and run tests with `npm run\ntest:integration`, which ensures that code-server builds work on their\nrespective platforms.\n\nOur integration tests look at components that rely on one another. For example,\ntesting the CLI requires us to build and package code-server.\n\n### End-to-end tests\n\nThe end-to-end (e2e) tests are written in TypeScript and run using\n[Playwright](https://playwright.dev/).\n\nThese live under [test/e2e](../test/e2e).\n\nBefore the e2e tests run, we run `globalSetup`, which eliminates the need to log\nin before each test by preserving the authentication state.\n\nTake a look at `codeServer.test.ts` to see how you would use it (see\n`test.use`).\n\nWe also have a model where you can create helpers to use within tests. See\n[models/CodeServer.ts](../test/e2e/models/CodeServer.ts) for an example.\n\n## Structure\n\ncode-server essentially serves as an HTTP API for logging in and starting a\nremote Code process.\n\nThe CLI code is in [src/node](../src/node) and the HTTP routes are implemented\nin [src/node/routes](../src/node/routes).\n\nMost of the meaty parts are in the Code portion of the codebase under\n[lib/vscode](../lib/vscode), which we describe next.\n\n### Modifications to Code\n\nOur modifications to Code can be found in the [patches](../patches) directory.\nWe pull in Code as a submodule pointing to an upstream release branch.\n\nIn v1 of code-server, we had Code as a submodule and used a single massive patch\nthat split the codebase into a front-end and a server. The front-end consisted\nof the UI code, while the server ran the extensions and exposed an API to the\nfront-end for file access and all UI needs.\n\nOver time, Microsoft added support to Code to run it on the web. They had made\nthe front-end open source, but not the server. As such, code-server v2 (and\nlater) uses the Code front-end and implements the server. We did this by using a\nGit subtree to fork and modify Code.\n\nMicrosoft eventually made the server open source and we were able to reduce our\nchanges significantly. Some time later we moved back to a submodule and patches\n(managed by `quilt` this time instead of the mega-patch).\n\nAs the web portion of Code continues to mature, we'll be able to shrink and\npossibly eliminate our patches. In the meantime, upgrading the Code version\nrequires us to ensure that our changes are still applied correctly and work as\nintended. In the future, we'd like to run Code unit tests against our builds to\nensure that features work as expected.\n\n> We have [extension docs](../ci/README.md) on the CI and build system.\n\nIf the functionality you're working on does NOT depend on code from Code, please\nmove it out and into code-server.\n\n### Currently Known Issues\n\n- Creating custom Code extensions and debugging them doesn't work\n- Extension profiling and tips are currently disabled\n"
},
{
"path": "docs/FAQ.md",
"content": "\n\n\n# FAQ\n\n- [Questions?](#questions)\n- [How should I expose code-server to the internet?](#how-should-i-expose-code-server-to-the-internet)\n- [Can I use code-server on the iPad?](#can-i-use-code-server-on-the-ipad)\n- [How does the config file work?](#how-does-the-config-file-work)\n- [How do I make my keyboard shortcuts work?](#how-do-i-make-my-keyboard-shortcuts-work)\n- [Why can't code-server use Microsoft's extension marketplace?](#why-cant-code-server-use-microsofts-extension-marketplace)\n- [How can I request an extension that's missing from the marketplace?](#how-can-i-request-an-extension-thats-missing-from-the-marketplace)\n- [How do I install an extension?](#how-do-i-install-an-extension)\n- [How do I install an extension manually?](#how-do-i-install-an-extension-manually)\n- [How do I use my own extensions marketplace?](#how-do-i-use-my-own-extensions-marketplace)\n- [Where are extensions stored?](#where-are-extensions-stored)\n- [Where is VS Code configuration stored?](#where-is-vs-code-configuration-stored)\n- [How can I reuse my VS Code configuration?](#how-can-i-reuse-my-vs-code-configuration)\n- [How does code-server decide what workspace or folder to open?](#how-does-code-server-decide-what-workspace-or-folder-to-open)\n- [How do I access my Documents/Downloads/Desktop folders in code-server on macOS?](#how-do-i-access-my-documentsdownloadsdesktop-folders-in-code-server-on-macos)\n- [How do I direct server-side requests through a proxy?](#how-do-i-direct-server-side-requests-through-a-proxy)\n- [How do I debug issues with code-server?](#how-do-i-debug-issues-with-code-server)\n- [What is the healthz endpoint?](#what-is-the-healthz-endpoint)\n- [What is the heartbeat file?](#what-is-the-heartbeat-file)\n- [How do I change the password?](#how-do-i-change-the-password)\n- [Can I store my password hashed?](#can-i-store-my-password-hashed)\n- [Is multi-tenancy possible?](#is-multi-tenancy-possible)\n- [Can I use Docker in a code-server container?](#can-i-use-docker-in-a-code-server-container)\n- [How do I disable telemetry?](#how-do-i-disable-telemetry)\n- [What's the difference between code-server and Coder?](#whats-the-difference-between-code-server-and-coder)\n- [What's the difference between code-server and Theia?](#whats-the-difference-between-code-server-and-theia)\n- [What's the difference between code-server and OpenVSCode-Server?](#whats-the-difference-between-code-server-and-openvscode-server)\n- [What's the difference between code-server and GitHub Codespaces?](#whats-the-difference-between-code-server-and-github-codespaces)\n- [What's the difference between code-server and VS Code web?](#whats-the-difference-between-code-server-and-vs-code-web)\n- [Does code-server have any security login validation?](#does-code-server-have-any-security-login-validation)\n- [Are there community projects involving code-server?](#are-there-community-projects-involving-code-server)\n- [How do I change the port?](#how-do-i-change-the-port)\n- [How do I hide the coder/coder promotion in Help: Getting Started?](#how-do-i-hide-the-codercoder-promotion-in-help-getting-started)\n- [How do I disable the proxy?](#how-do-i-disable-the-proxy)\n- [How do I disable file download?](#how-do-i-disable-file-download)\n- [Why do web views not work?](#why-do-web-views-not-work)\n\n\n\n\n## Questions?\n\nPlease file all questions and support requests at\n.\n\n## How should I expose code-server to the internet?\n\nPlease see [our instructions on exposing code-server safely to the\ninternet](./guide.md).\n\n## Can I use code-server on the iPad?\n\nSee [iPad](./ipad.md) for information on using code-server on the iPad.\n\n## How does the config file work?\n\nWhen `code-server` starts up, it creates a default config file in `~/.config/code-server/config.yaml`:\n\n```yaml\nbind-addr: 127.0.0.1:8080\nauth: password\npassword: mew...22 # Randomly generated for each config.yaml\ncert: false\n```\n\nThe default config defines the following behavior:\n\n- Listen on the loopback IP port 8080\n- Enable password authorization\n- Do not use TLS\n\nEach key in the file maps directly to a `code-server` flag (run `code-server --help` to see a listing of all the flags). Any flags passed to `code-server`\nwill take priority over the config file.\n\nYou can change the config file's location using the `--config` flag or\n`$CODE_SERVER_CONFIG` environment variable.\n\nThe default location respects `$XDG_CONFIG_HOME`.\n\n## How do I make my keyboard shortcuts work?\n\nMany shortcuts will not work by default, since they'll be \"caught\" by the browser.\n\nIf you use Chrome, you can work around this by installing the progressive web\napp (PWA):\n\n1. Start the editor\n2. Click the **plus** icon in the URL toolbar to install the PWA\n\nIf you use Firefox, you can use the appropriate extension to install PWA.\n\n1. Go to the installation [website](https://addons.mozilla.org/en-US/firefox/addon/pwas-for-firefox/) of the add-on\n2. Add the add-on to Firefox\n3. Follow the os-specific instructions on how to install the runtime counterpart\n\nFor other browsers, you'll have to remap keybindings for shortcuts to work.\n\n## Why can't code-server use Microsoft's extension marketplace?\n\nThough code-server takes the open-source core of VS Code and allows you to run\nit in the browser, it is not entirely equivalent to Microsoft's VS Code.\n\nOne major difference is in regards to extensions and the marketplace. The core\nof VS code is open source, while the marketplace and many published Microsoft\nextensions are not. Furthermore, Microsoft prohibits the use of any\nnon-Microsoft VS Code from accessing their marketplace. Per the [Terms of\nService](https://cdn.vsassets.io/v/M146_20190123.39/_content/Microsoft-Visual-Studio-Marketplace-Terms-of-Use.pdf):\n\n> Marketplace Offerings are intended for use only with Visual Studio Products\n> and Services, and you may only install and use Marketplace Offerings with\n> Visual Studio Products and Services.\n\nBecause of this, we can't offer any extensions on Microsoft's marketplace.\nInstead, we use the [Open-VSX extension gallery](https://open-vsx.org), which is also used by various other forks.\nIt isn't perfect, but its getting better by the day with more and more extensions.\n\nWe also offer our own marketplace for open source extensions, but plan to\ndeprecate it at a future date and completely migrate to Open-VSX.\n\nThese are the closed-source extensions that are presently unavailable:\n\n1. [Live Share](https://visualstudio.microsoft.com/services/live-share). We may\n implement something similar (see\n [#33](https://github.com/coder/code-server/issues/33))\n1. [Remote Extensions (SSH, Containers,\n WSL)](https://github.com/microsoft/vscode-remote-release). We may implement\n these again at some point, see\n ([#1315](https://github.com/coder/code-server/issues/1315)).\n\nFor more about the closed source portions of VS Code, see [vscodium/vscodium](https://github.com/VSCodium/vscodium#why-does-this-exist).\n\n## How can I request an extension that's missing from the marketplace?\n\nTo add an extension to Open-VSX, please see [open-vsx/publish-extensions](https://github.com/open-vsx/publish-extensions).\nWe no longer plan to add new extensions to our legacy extension gallery.\n\n## How do I install an extension?\n\nYou can install extensions from the marketplace using the extensions sidebar in\ncode-server or from the command line:\n\n```console\ncode-server --install-extension \n# example: code-server --install-extension wesbos.theme-cobalt2\n\n# From the Coder extension marketplace\ncode-server --install-extension ms-python.python\n\n# From a downloaded VSIX on the file system\ncode-server --install-extension downloaded-ms-python.python.vsix\n```\n\n## How do I install an extension manually?\n\nIf there's an extension unavailable in the marketplace or an extension that\ndoesn't work, you can download the VSIX from its GitHub releases or build it\nyourself.\n\nOnce you have downloaded the VSIX to the remote machine, you can either:\n\n- Run the **Extensions: Install from VSIX** command in the Command Palette.\n- Run `code-server --install-extension ` in the terminal\n\nYou can also download extensions using the command line. For instance,\ndownloading from OpenVSX can be done like this:\n\n```shell\ncode-server --install-extension \n```\n\n## How do I use my own extensions marketplace?\n\nIf you own a marketplace that implements the VS Code Extension Gallery API, you\ncan point code-server to it by setting `$EXTENSIONS_GALLERY`.\nThis corresponds directly with the `extensionsGallery` entry in in VS Code's `product.json`.\n\nFor example:\n\n```bash\nexport EXTENSIONS_GALLERY='{\"serviceUrl\": \"https://my-extensions/api\"}'\n```\n\nThough you can technically use Microsoft's marketplace in this manner, we\nstrongly discourage you from doing so since this is [against their Terms of Use](#why-cant-code-server-use-microsofts-extension-marketplace).\n\nFor further information, see [this\ndiscussion](https://github.com/microsoft/vscode/issues/31168#issue-244533026)\nregarding the use of the Microsoft URLs in forks, as well as [VSCodium's\ndocs](https://github.com/VSCodium/vscodium/blob/master/DOCS.md#extensions--marketplace).\n\n## Where are extensions stored?\n\nExtensions are stored in `~/.local/share/code-server/extensions` by default.\n\nOn Linux and macOS if you set the `XDG_DATA_HOME` environment variable, the\nextensions directory will be `$XDG_DATA_HOME/code-server/extensions`. In\ngeneral, we try to follow the XDG directory spec.\n\n## Where is VS Code configuration stored?\n\nVS Code configuration such as settings and keybindings are stored in\n`~/.local/share/code-server` by default.\n\nOn Linux and macOS if you set the `XDG_DATA_HOME` environment variable, the data\ndirectory will be `$XDG_DATA_HOME/code-server`. In general, we try to follow the\nXDG directory spec.\n\n## How can I reuse my VS Code configuration?\n\nYou can use the [Settings\nSync](https://marketplace.visualstudio.com/items?itemName=Shan.code-settings-sync)\nextension for this purpose.\n\nAlternatively, you can also pass `--user-data-dir ~/.vscode` or copy `~/.vscode`\ninto `~/.local/share/code-server` to reuse your existing VS Code extensions and\nconfiguration.\n\n## How does code-server decide what workspace or folder to open?\n\ncode-server tries the following in this order:\n\n1. The `workspace` query parameter\n2. The `folder` query parameter\n3. The workspace or directory passed via the command line\n4. The last opened workspace or directory\n\n## How do I access my Documents/Downloads/Desktop folders in code-server on macOS?\n\nNewer versions of macOS require permission through a non-UNIX mechanism for\ncode-server to access the Desktop, Documents, Pictures, Downloads, and other folders.\n\nYou may have to give Node.js full disk access, since it doesn't implement any of the macOS permission request features natively:\n\n1. Find where Node.js is installed on your machine\n\n ```console\n $ which node\n /usr/local/bin/node\n ```\n\n2. Grant Node.js full disk access. Open **System Preferences** > **Security &\n Privacy** > **Privacy** > **Full Disk Access**. Then, click the š to unlock,\n click **+**, and select the Node.js binary you located in the previous step.\n\nSee [#2794](https://github.com/coder/code-server/issues/2794) for additional context.\n\n## How do I direct server-side requests through a proxy?\n\n> code-server proxies only server-side requests.\n\nTo direct server-side requests through a proxy, code-server supports the\nfollowing environment variables:\n\n- `$HTTP_PROXY`\n- `$HTTPS_PROXY`\n- `$NO_PROXY`\n\n```sh\nexport HTTP_PROXY=https://134.8.5.4\nexport HTTPS_PROXY=https://134.8.5.4\n# Now all of code-server's server side requests will go through\n# https://134.8.5.4 first.\ncode-server\n```\n\n- See\n [proxy-from-env](https://www.npmjs.com/package/proxy-from-env#environment-variables)\n for a detailed reference on these environment variables and their syntax (note\n that code-server only uses the `http` and `https` protocols).\n- See [proxy-agent](https://www.npmjs.com/package/proxy-agent) for information\n on on the supported proxy protocols.\n\n## How do I debug issues with code-server?\n\nFirst, run code-server with the `debug` logging (or `trace` to be really\nthorough) by setting the `--log` flag or the `LOG_LEVEL` environment variable.\n`-vvv` and `--verbose` are aliases for `--log trace`.\n\nFirst, run code-server with `debug` logging (or `trace` logging for more\nthorough messages) by setting the `--log` flag or the `LOG_LEVEL` environment\nvariable.\n\n```text\ncode-server --log debug\n```\n\n> Note that the `-vvv` and `--verbose` flags are aliases for `--log trace`.\n\nNext, replicate the issue you're having so that you can collect logging\ninformation from the following places:\n\n1. The most recent files from `~/.local/share/code-server/coder-logs`\n2. The browser console\n3. The browser network tab\n\nAdditionally, collecting core dumps (you may need to enable them first) if\ncode-server crashes can be helpful.\n\n## What is the healthz endpoint?\n\nYou can use the `/healthz` endpoint exposed by code-server to check whether\ncode-server is running without triggering a heartbeat. The response includes a\nstatus (e.g., `alive` or `expired`) and a timestamp for the last heartbeat\n(the default is `0`).\n\n```json\n{\n \"status\": \"alive\",\n \"lastHeartbeat\": 1599166210566\n}\n```\n\nThis endpoint doesn't require authentication.\n\n## What is the heartbeat file?\n\nAs long as there is an active browser connection, code-server touches\n`~/.local/share/code-server/heartbeat` once a minute.\n\nIf you want to shutdown code-server if there hasn't been an active connection\nafter a predetermined amount of time, you can use the --idle-timeout-seconds flag\nor set an `CODE_SERVER_IDLE_TIMEOUT_SECONDS` environment variable.\n\n## How do I change the password?\n\nEdit the `password` field in the code-server config file at\n`~/.config/code-server/config.yaml`, then restart code-server:\n\n```bash\nsudo systemctl restart code-server@$USER\n```\n\n## Can I store my password hashed?\n\nYes, you can do so by setting the value of `hashed-password` instead of `password`. Generate the hash with:\n\n```shell\necho -n \"thisismypassword\" | npx argon2-cli -e\n$argon2i$v=19$m=4096,t=3,p=1$wst5qhbgk2lu1ih4dmuxvg$ls1alrvdiwtvzhwnzcm1dugg+5dto3dt1d5v9xtlws4\n```\n\nReplace `thisismypassword` with your actual password and **remember to put it\ninside quotes**! For example:\n\n```yaml\nauth: password\nhashed-password: \"$argon2i$v=19$m=4096,t=3,p=1$wST5QhBgk2lu1ih4DMuxvg$LS1alrVdIWtvZHwnzCM1DUGg+5DTO3Dt1d5v9XtLws4\"\n```\n\nThe `hashed-password` field takes precedence over `password`.\n\nIf you're using Docker Compose file, in order to make this work, you need to change all the single $ to $$. For example:\n\n```yaml\n- HASHED_PASSWORD=$$argon2i$$v=19$$m=4096,t=3,p=1$$wST5QhBgk2lu1ih4DMuxvg$$LS1alrVdIWtvZHwnzCM1DUGg+5DTO3Dt1d5v9XtLws4\n```\n\n## Is multi-tenancy possible?\n\nIf you want to run multiple code-servers on shared infrastructure, we recommend\nusing virtual machines (provide one VM per user). This will easily allow users\nto run a Docker daemon. If you want to use Kubernetes, you'll want to\nuse [kubevirt](https://kubevirt.io) or\n[sysbox](https://github.com/nestybox/sysbox) to give each user a VM-like\nexperience instead of just a container.\n\n## Can I use Docker in a code-server container?\n\nIf you'd like to access Docker inside of code-server, mount the Docker socket in\nfrom `/var/run/docker.sock`. Then, install the Docker CLI in the code-server\ncontainer, and you should be able to access the daemon.\n\nYou can even make volume mounts work. Let's say you want to run a container and\nmount into `/home/coder/myproject` from inside the `code-server` container. You\nneed to make sure the Docker daemon's `/home/coder/myproject` is the same as the\none mounted inside the `code-server` container, and the mount will work.\n\nIf you want Docker enabled when deploying on Kubernetes, look at the `values.yaml`\nfile for the 3 fields: `extraVars`, `lifecycle.postStart`, and `extraContainers`.\n\n## How do I disable telemetry?\n\nUse the `--disable-telemetry` flag to disable telemetry.\n\n> We use the data collected only to improve code-server.\n\n## What's the difference between code-server and Coder?\n\ncode-server and Coder are both applications that can be installed on any\nmachine. The main difference is who they serve. Out of the box, code-server is\nsimply VS Code in the browser while Coder is a tool for provisioning remote\ndevelopment environments via Terraform.\n\ncode-server was built for individuals while Coder was built for teams. In Coder, you create Workspaces which can have applications like code-server. If you're looking for a team solution, you should reach for [Coder](https://github.com/coder/coder).\n\n## What's the difference between code-server and Theia?\n\nAt a high level, code-server is a patched fork of VS Code that runs in the\nbrowser whereas Theia takes some parts of VS Code but is an entirely different\neditor.\n\n[Theia](https://github.com/eclipse-theia/theia) is a browser IDE loosely based\non VS Code. It uses the same text editor library\n([Monaco](https://github.com/Microsoft/monaco-editor)) and extension API, but\neverything else is different. Theia also uses [Open VSX](https://open-vsx.org)\nfor extensions.\n\nTheia doesn't allow you to reuse your existing VS Code config.\n\n## What's the difference between code-server and OpenVSCode-Server?\n\ncode-server and OpenVSCode-Server both allow you to access VS Code via a\nbrowser. OpenVSCode-Server is a direct fork of VS Code with changes comitted\ndirectly while code-server pulls VS Code in via a submodule and makes changes\nvia patch files.\n\nHowever, OpenVSCode-Server is scoped at only making VS Code available as-is in\nthe web browser. code-server contains additional changes to make the self-hosted\nexperience better (see the next section for details).\n\n## What's the difference between code-server and GitHub Codespaces?\n\nBoth code-server and GitHub Codespaces allow you to access VS Code via a\nbrowser. GitHub Codespaces, however, is a closed-source, paid service offered by\nGitHub and Microsoft.\n\nOn the other hand, code-server is self-hosted, free, open-source, and can be run\non any machine with few limitations.\n\nSpecific changes include:\n\n- Password authentication\n- The ability to host at sub-paths\n- Self-contained web views that do not call out to Microsoft's servers\n- The ability to use your own marketplace and collect your own telemetry\n- Built-in proxy for accessing ports on the remote machine integrated into\n VS Code's ports panel\n- Settings are stored on disk like desktop VS Code, instead of in browser\n storage (note that state is still stored in browser storage).\n- Wrapper process that spawns VS Code on-demand and has a separate CLI\n- Notification when updates are available\n- [Some other things](https://github.com/coder/code-server/tree/main/patches)\n\nSome of these changes appear very unlikely to ever be adopted by Microsoft.\nSome may make their way upstream, further closing the gap, but at the moment it\nlooks like there will always be some subtle differences.\n\n## What's the difference between code-server and VS Code web?\n\nVS Code web (which can be ran using `code serve-web`) has the same differences\nas the Codespaces section above. VS Code web can be a better choice if you need\naccess to the official Microsoft marketplace.\n\n## Does code-server have any security login validation?\n\ncode-server supports setting a single password and limits logins to two per\nminute plus an additional twelve per hour.\n\n## Are there community projects involving code-server?\n\nVisit the [awesome-code-server](https://github.com/coder/awesome-code-server)\nrepository to view community projects and guides with code-server! Feel free to\nadd your own!\n\n## How do I change the port?\n\nThere are two ways to change the port on which code-server runs:\n\n1. with an environment variable e.g. `PORT=3000 code-server`\n2. using the flag `--bind-addr` e.g. `code-server --bind-addr localhost:3000`\n\n## How do I hide the coder/coder promotion in Help: Getting Started?\n\nYou can pass the flag `--disable-getting-started-override` to `code-server` or\nyou can set the environment variable `CS_DISABLE_GETTING_STARTED_OVERRIDE=1` or\n`CS_DISABLE_GETTING_STARTED_OVERRIDE=true`.\n\n## How do I disable the proxy?\n\nYou can pass the flag `--disable-proxy` to `code-server` or\nyou can set the environment variable `CS_DISABLE_PROXY=1` or\n`CS_DISABLE_PROXY=true`.\n\nNote, this option currently only disables the proxy routes to forwarded ports, including\nthe domain and path proxy routes over HTTP and WebSocket; however, it does not\ndisable the automatic port forwarding in the VS Code workbench itself. In other words,\nuser will still see the Ports tab and notifications, but will not be able to actually\nuse access the ports. It is recommended to set `remote.autoForwardPorts` to `false`\nwhen using the option.\n\n## How do I disable file download?\n\nYou can pass the flag `--disable-file-downloads` to `code-server`\n\n## Why do web views not work?\n\nWeb views rely on service workers, and service workers are only available in a\nsecure context, so most likely the answer is that you are using an insecure\ncontext (for example an IP address).\n\nIf this happens, in the browser log you will see something like:\n\n> Error loading webview: Error: Could not register service workers: SecurityError: Failed to register a ServiceWorker for scope with script: An SSL certificate error occurred when fetching the script..\n\nTo fix this, you must either:\n\n- Access over localhost/127.0.0.1 which is always considered secure.\n- Use a domain with a real certificate (for example with Let's Encrypt).\n- Use a trusted self-signed certificate with [mkcert](https://mkcert.dev) (or\n create and trust a certificate manually).\n- Disable security if your browser allows it. For example, in Chromium see\n `chrome://flags/#unsafely-treat-insecure-origin-as-secure`\n"
},
{
"path": "docs/MAINTAINING.md",
"content": "\n\n\n# Maintaining\n\n- [Releasing](#releasing)\n - [Release Candidates](#release-candidates)\n - [AUR](#aur)\n - [Docker](#docker)\n - [Homebrew](#homebrew)\n - [nixpkgs](#nixpkgs)\n - [npm](#npm)\n- [Testing](#testing)\n- [Documentation](#documentation)\n - [Troubleshooting](#troubleshooting)\n\n\n\n\nWe keep code-server up to date with VS Code releases (there are usually two or\nthree a month) but we are not generally actively developing code-server aside\nfrom fixing regressions.\n\nMost of the work is keeping on top of issues and discussions.\n\n## Releasing\n\n1. Check that the changelog lists all the important changes.\n2. Make sure the changelog entry lists the current version of VS Code.\n3. Update the changelog with the release date.\n4. Go to GitHub Actions > Draft release > Run workflow on the commit you want to\n release. Make sure CI has finished the build workflow on that commit or this\n will fail. For the version we match VS Code's minor and patch version. The\n patch number may become temporarily out of sync if we need to put out a\n patch, but if we make our own minor change then we will not release it until\n the next minor VS Code release.\n5. CI will automatically grab the build artifact on that commit (which is why CI\n has to have completed), inject the provided version into the `package.json`,\n put together platform-specific packages, and upload those packages to a draft\n release.\n6. Update the resulting draft release with the changelog contents.\n7. Publish the draft release after validating it.\n8. Bump the Helm chart version once the Docker images have published.\n\n#### Release Candidates\n\nWe prefer to do release candidates so the community can test things before a\nfull-blown release. To do this follow the same steps as above but:\n\n1. Add a `-rc.` suffix to the version.\n2. When you publish the release select \"pre-release\". CI will not automatically\n publish pre-releases.\n3. Do not update the chart version or merge in the changelog until the final\n release.\n\n#### AUR\n\nWe publish to AUR as a package [here](https://aur.archlinux.org/packages/code-server/). This process is manual and can be done by following the steps in [this repo](https://github.com/coder/code-server-aur).\n\n#### Docker\n\nWe publish code-server as a Docker image [here](https://hub.docker.com/r/codercom/code-server), tagging it both with the version and latest.\n\nThis is currently automated with the release process.\n\n#### Homebrew\n\nWe publish code-server on Homebrew [here](https://github.com/Homebrew/homebrew-core/blob/master/Formula/code-server.rb).\n\nThis is currently automated with the release process (but may fail occasionally). If it does, run this locally:\n\n```shell\n# Replace VERSION with version\nbrew bump-formula-pr --version=\"${VERSION}\" code-server --no-browse --no-audit\n```\n\n#### nixpkgs\n\nWe publish code-server in nixpkgs but it must be updated manually.\n\n#### npm\n\nWe publish code-server as a npm package [here](https://www.npmjs.com/package/code-server/v/latest).\n\nThis is currently automated with the release process.\n\n## Testing\n\nOur testing structure is laid out under our [Contributing docs](https://coder.com/docs/code-server/latest/CONTRIBUTING#test).\n\nIf you're ever looking to add more tests, here are a few ways to get started:\n\n- run `npm run test:unit` and look at the coverage chart. You'll see all the\n uncovered lines. This is a good place to start.\n- look at `test/scripts` to see which scripts are tested. We can always use more\n tests there.\n- look at `test/e2e`. We can always use more end-to-end tests.\n\nOtherwise, talk to a current maintainer and ask which part of the codebase is\nlacking most when it comes to tests.\n\n## Documentation\n\n### Troubleshooting\n\nOur docs are hosted on [Vercel](https://vercel.com/). Vercel only shows logs in\nrealtime, which means you need to have the logs open in one tab and reproduce\nyour error in another tab. Since our logs are private to Coder the organization,\nyou can only follow these steps if you're a Coder employee. Ask a maintainer for\nhelp if you need it.\n\nTaking a real scenario, let's say you wanted to troubleshoot [this docs\nchange](https://github.com/coder/code-server/pull/4042). Here is how you would\ndo it:\n\n1. Go to https://vercel.com/codercom/codercom\n2. Click \"View Function Logs\"\n3. In a separate tab, open the preview link from github-actions-bot\n4. Now look at the function logs and see if there are errors in the logs\n"
},
{
"path": "docs/README.md",
"content": "# code-server\n\n[](https://github.com/coder/code-server/discussions) [](https://coder.com/community) [](https://twitter.com/coderhq) [](https://discord.com/invite/coder) [](https://codecov.io/gh/coder/code-server) [](https://coder.com/docs/code-server/latest)\n\nRun [VS Code](https://github.com/Microsoft/vscode) on any machine anywhere and\naccess it in the browser.\n\n\n\n\n## Highlights\n\n- Code on any device with a consistent development environment\n- Use cloud servers to speed up tests, compilations, downloads, and more\n- Preserve battery life when you're on the go; all intensive tasks run on your\n server\n\n## Requirements\n\nSee [requirements](https://coder.com/docs/code-server/latest/requirements) for minimum specs, as well as instructions\non how to set up a Google VM on which you can install code-server.\n\n**TL;DR:** Linux machine with WebSockets enabled, 1 GB RAM, and 2 vCPUs\n\n## Getting started\n\nThere are five ways to get started:\n\n1. Using the [install\n script](https://github.com/coder/code-server/blob/main/install.sh), which\n automates most of the process. The script uses the system package manager if\n possible.\n2. Manually [installing\n code-server](https://coder.com/docs/code-server/latest/install)\n3. Deploy code-server to your team with [coder/coder](https://cdr.co/coder-github)\n4. Using our one-click buttons and guides to [deploy code-server to a cloud\n provider](https://github.com/coder/deploy-code-server) ā”\n5. Using the [code-server feature for\n devcontainers](https://github.com/coder/devcontainer-features/blob/main/src/code-server/README.md),\n if you already use devcontainers in your project.\n\nIf you use the install script, you can preview what occurs during the install\nprocess:\n\n```bash\ncurl -fsSL https://code-server.dev/install.sh | sh -s -- --dry-run\n```\n\nTo install, run:\n\n```bash\ncurl -fsSL https://code-server.dev/install.sh | sh\n```\n\nWhen done, the install script prints out instructions for running and starting\ncode-server.\n\n> **Note**\n> To manage code-server for a team on your infrastructure, see: [coder/coder](https://cdr.co/coder-github)\n\nWe also have an in-depth [setup and\nconfiguration](https://coder.com/docs/code-server/latest/guide) guide.\n\n## Questions?\n\nSee answers to [frequently asked\nquestions](https://coder.com/docs/code-server/latest/FAQ).\n\n## Want to help?\n\nSee [Contributing](https://coder.com/docs/code-server/latest/CONTRIBUTING) for\ndetails.\n\n## Hiring\n\nInterested in [working at Coder](https://coder.com/careers)? Check out [our open\npositions](https://coder.com/careers#openings)!\n\n## For Teams\n\nWe develop [coder/coder](https://cdr.co/coder-github) to help teams to\nadopt remote development.\n"
},
{
"path": "docs/SECURITY.md",
"content": "# Security Policy\n\nCoder and the code-server team want to keep the code-server project secure and safe for end-users.\n\n## Tools\n\nWe use the following tools to help us stay on top of vulnerability mitigation.\n\n- [dependabot](https://dependabot.com/)\n - Submits pull requests to upgrade dependencies. We use dependabot's version\n upgrades as well as security updates.\n- code-scanning\n - [CodeQL](https://securitylab.github.com/tools/codeql/)\n - Semantic code analysis engine that runs on a regular schedule (see\n `codeql-analysis.yml`)\n - [trivy](https://github.com/aquasecurity/trivy)\n - Comprehensive vulnerability scanner that runs on PRs into the default\n branch and scans both our container image and repository code (see\n `trivy-scan-repo` and `trivy-scan-image` jobs in `build.yaml`)\n- `npm audit`\n - Audits NPM dependencies.\n\n## Supported Versions\n\nCoder sponsors the development and maintenance of the code-server project. We will fix security issues within 90 days of receiving a report and publish the fix in a subsequent release. The code-server project does not provide backports or patch releases for security issues at this time.\n\n| Version | Supported |\n| ------------------------------------------------------- | ------------------ |\n| [Latest](https://github.com/coder/code-server/releases) | :white_check_mark: |\n\n## Reporting a Vulnerability\n\nTo report a vulnerability, please send an email to security[@]coder.com, and our security team will respond to you.\n"
},
{
"path": "docs/android.md",
"content": "# Running code-server using UserLAnd\n\n1. Install UserLAnd from [Google Play](https://play.google.com/store/apps/details?id=tech.ula&hl=en_US&gl=US)\n2. Install an Ubuntu VM\n3. Start app\n4. Install Node.js and `curl` using `sudo apt install nodejs npm curl -y`\n5. Install `nvm`:\n\n```shell\ncurl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.0/install.sh | bash\n```\n\n6. Exit the terminal using `exit` and then reopen the terminal\n7. Install and use Node.js 22:\n\n```shell\nnvm install 22\nnvm use 22\n```\n\n8. Install code-server globally on device with: `npm install --global code-server`\n9. Run code-server with `code-server`\n10. Access on localhost:8080 in your browser\n\n# Running code-server using Nix-on-Droid\n\n1. Install Nix-on-Droid from [F-Droid](https://f-droid.org/packages/com.termux.nix/)\n2. Start app\n3. Spawn a shell with code-server by running `nix-shell -p code-server`\n4. Run code-server with `code-server`\n5. Access on localhost:8080 in your browser\n"
},
{
"path": "docs/coder.md",
"content": "# Coder\n\nTo install and run code-server in a Coder workspace, we suggest using the `install.sh`\nscript in your template like so:\n\n```terraform\nresource \"coder_agent\" \"dev\" {\n arch = \"amd64\"\n os = \"linux\"\n startup_script = <\n\n\n# Setup Guide\n\n- [Expose code-server](#expose-code-server)\n - [Port forwarding via SSH](#port-forwarding-via-ssh)\n - [Using Let's Encrypt with Caddy](#using-lets-encrypt-with-caddy)\n - [Using Let's Encrypt with NGINX](#using-lets-encrypt-with-nginx)\n - [Using a self-signed certificate](#using-a-self-signed-certificate)\n - [TLS 1.3 and Safari](#tls-13-and-safari)\n- [External authentication](#external-authentication)\n- [HTTPS and self-signed certificates](#https-and-self-signed-certificates)\n- [Accessing web services](#accessing-web-services)\n - [Using a subdomain](#using-a-subdomain)\n - [Using a subpath](#using-a-subpath)\n - [Using your own proxy](#using-your-own-proxy)\n - [Stripping `/proxy/` from the request path](#stripping-proxyport-from-the-request-path)\n - [Proxying to create a React app](#proxying-to-create-a-react-app)\n - [Proxying to a Vue app](#proxying-to-a-vue-app)\n - [Proxying to an Angular app](#proxying-to-an-angular-app)\n - [Proxying to a Svelte app](#proxying-to-a-svelte-app)\n - [Prefixing `/absproxy/` with a path](#prefixing-absproxyport-with-a-path)\n - [Preflight requests](#preflight-requests)\n- [Internationalization and customization](#internationalization-and-customization)\n - [Available keys and placeholders](#available-keys-and-placeholders)\n - [Legacy flag](#legacy-flag)\n\n\n\n\nThis article will walk you through exposing code-server securely once you've\ncompleted the [installation process](install.md).\n\n## Expose code-server\n\n**Never** expose code-server directly to the internet without some form of\nauthentication and encryption, otherwise someone can take over your machine via\nthe terminal.\n\nBy default, code-server uses password authentication. As such, you must copy the\npassword from code-server's config file to log in. To avoid exposing itself\nunnecessarily, code-server listens on `localhost`; this practice is fine for\ntesting, but it doesn't work if you want to access code-server from a different\nmachine.\n\n> **Rate limits:** code-server rate limits password authentication attempts to\n> two per minute plus an additional twelve per hour.\n\nThere are several approaches to operating and exposing code-server securely:\n\n- Port forwarding via SSH\n- Using Let's Encrypt with Caddy\n- Using Let's Encrypt with NGINX\n- Using a self-signed certificate\n\n### Port forwarding via SSH\n\nWe highly recommend using [port forwarding via\nSSH](https://help.ubuntu.com/community/SSH/OpenSSH/PortForwarding) to access\ncode-server. If you have an SSH server on your remote machine, this approach\ndoesn't require any additional setup at all.\n\nThe downside to SSH forwarding, however, is that you can't access code-server\nwhen using machines without SSH clients (such as iPads). If this applies to you,\nwe recommend using another method, such as [Let's Encrypt](#let-encrypt) instead.\n\n> To work properly, your environment should have WebSockets enabled, which\n> code-server uses to communicate between the browser and server.\n\n1. SSH into your instance and edit the code-server config file to disable\n password authentication:\n\n ```console\n # Replaces \"auth: password\" with \"auth: none\" in the code-server config.\n sed -i.bak 's/auth: password/auth: none/' ~/.config/code-server/config.yaml\n ```\n\n2. Restart code-server:\n\n ```console\n sudo systemctl restart code-server@$USER\n ```\n\n3. Forward local port `8080` to `127.0.0.1:8080` on the remote instance by running the following command on your local machine:\n\n ```console\n # -N disables executing a remote shell\n ssh -N -L 8080:127.0.0.1:8080 [user]@\n ```\n\n4. At this point, you can access code-server by pointing your web browser to `http://127.0.0.1:8080`.\n\n5. If you'd like to make the port forwarding via SSH persistent, we recommend\n using [mutagen](https://mutagen.io/documentation/introduction/installation)\n to do so. Once you've installed mutagen, you can port forward as follows:\n\n ```shell\n # This is the same as the above SSH command, but it runs in the background\n # continuously. Be sure to add `mutagen daemon start` to your ~/.bashrc to\n # start the mutagen daemon when you open a shell.\n mutagen forward create --name=code-server tcp:127.0.0.1:8080 < instance-ip > :tcp:127.0.0.1:8080\n ```\n\n6. Optional, but highly recommended: add the following to `~/.ssh/config` so\n that you can detect bricked SSH connections:\n\n ```bash\n Host *\n ServerAliveInterval 5\n ExitOnForwardFailure yes\n ```\n\n> You can [forward your\n> SSH](https://developer.github.com/v3/guides/using-ssh-agent-forwarding/) and\n> [GPG agent](https://wiki.gnupg.org/AgentForwarding) to the instance to\n> securely access GitHub and sign commits without having to copy your keys.\n\n### Using Let's Encrypt with Caddy\n\nUsing [Let's Encrypt](https://letsencrypt.org) is an option if you want to\naccess code-server on an iPad or do not want to use SSH port forwarding.\n\n1. This option requires that the remote machine be exposed to the internet. Make sure that your instance allows HTTP/HTTPS traffic.\n\n2. You'll need a domain name (if you don't have one, you can purchase one from\n [Google Domains](https://domains.google.com) or the domain service of your\n choice). Once you have a domain name, add an A record to your domain that contains your\n instance's IP address.\n\n3. Install [Caddy](https://caddyserver.com/docs/download#debian-ubuntu-raspbian):\n\n ```console\n sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https\n curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg\n curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list\n sudo apt update\n sudo apt install caddy\n ```\n\n4. Replace `/etc/caddy/Caddyfile` using `sudo` so that the file looks like this:\n\n ```text\n mydomain.com {\n reverse_proxy 127.0.0.1:8080\n }\n ```\n\n If you want to serve code-server from a sub-path, you can do so as follows:\n\n ```text\n mydomain.com/code/* {\n uri strip_prefix /code\n reverse_proxy 127.0.0.1:8080\n }\n ```\n\n Remember to replace `mydomain.com` with your domain name!\n\n5. Reload Caddy:\n\n ```console\n sudo systemctl reload caddy\n ```\n\nAt this point, you should be able to access code-server via\n`https://mydomain.com`.\n\n### Using Let's Encrypt with NGINX\n\n1. This option requires that the remote machine be exposed to the internet. Make\n sure that your instance allows HTTP/HTTPS traffic.\n\n2. You'll need a domain name (if you don't have one, you can purchase one from\n [Google Domains](https://domains.google.com) or the domain service of your\n choice). Once you have a domain name, add an A record to your domain that contains your\n instance's IP address.\n\n3. Install NGINX:\n\n ```bash\n sudo apt update\n sudo apt install -y nginx certbot python3-certbot-nginx\n ```\n\n4. Update `/etc/nginx/sites-available/code-server` using sudo with the following\n configuration:\n\n ```text\n server {\n listen 80;\n listen [::]:80;\n server_name mydomain.com;\n\n location / {\n proxy_pass http://localhost:8080/;\n proxy_set_header Host $http_host;\n proxy_set_header Upgrade $http_upgrade;\n proxy_set_header Connection upgrade;\n proxy_set_header Accept-Encoding gzip;\n }\n }\n ```\n\n Be sure to replace `mydomain.com` with your domain name!\n\n5. Enable the config:\n ```console\n sudo ln -s ../sites-available/code-server /etc/nginx/sites-enabled/code-server\n sudo certbot --non-interactive --redirect --agree-tos --nginx -d mydomain.com -m me@example.com\n ```\n Be sure to replace `me@example.com` with your actual email.\n\nAt this point, you should be able to access code-server via\n`https://mydomain.com`.\n\n### Using a self-signed certificate\n\n> Self signed certificates do not work with iPad; see [./ipad.md](./ipad.md) for\n> more information.\n\nBefore proceeding, we recommend familiarizing yourself with the [risks of\nself-signing a certificate for\nSSL](https://security.stackexchange.com/questions/8110).\n\nWe recommend self-signed certificates as a last resort, since self-signed\ncertificates do not work with iPads and may cause unexpected issues with\ncode-server. You should only proceed with this option if:\n\n- You do not want to buy a domain or you cannot expose the remote machine to\n the internet\n- You do not want to use port forwarding via SSH\n\nTo use a self-signed certificate:\n\n1. This option requires that the remote machine be exposed to the internet. Make\n sure that your instance allows HTTP/HTTPS traffic.\n\n1. SSH into your instance and edit your code-server config file to use a\n randomly generated self-signed certificate:\n\n ```console\n # Replaces \"cert: false\" with \"cert: true\" in the code-server config.\n sed -i.bak 's/cert: false/cert: true/' ~/.config/code-server/config.yaml\n # Replaces \"bind-addr: 127.0.0.1:8080\" with \"bind-addr: 0.0.0.0:443\" in the code-server config.\n sed -i.bak 's/bind-addr: 127.0.0.1:8080/bind-addr: 0.0.0.0:443/' ~/.config/code-server/config.yaml\n # Allows code-server to listen on port 443.\n sudo setcap cap_net_bind_service=+ep /usr/lib/code-server/lib/node\n ```\n\n1. Restart code-server:\n\n ```console\n sudo systemctl restart code-server@$USER\n ```\n\nAt this point, you should be able to access code-server via\n`https://`.\n\nIf you'd like to avoid the warnings displayed by code-server when using a\nself-signed certificate, you can use [mkcert](https://mkcert.dev) to create a\nself-signed certificate that's trusted by your operating system, then pass the\ncertificate to code-server via the `cert` and `cert-key` config fields.\n\n### TLS 1.3 and Safari\n\nIf you will be using Safari and your configuration does not allow anything less\nthan TLS 1.3 you will need to add support for TLS 1.2 since Safari does not\nsupport TLS 1.3 for web sockets at the time of writing. If this is the case you\nshould see OSSStatus: 9836 in the browser console.\n\n## External authentication\n\nIf you want to use external authentication mechanism (e.g., Sign in with\nGoogle), you can do this with a reverse proxy such as:\n\n- [Pomerium](https://www.pomerium.com/docs/guides/code-server.html)\n- [oauth2-proxy](https://oauth2-proxy.github.io/oauth2-proxy/)\n- [Cloudflare Access](https://www.cloudflare.com/zero-trust/products/access/)\n\n## HTTPS and self-signed certificates\n\nFor HTTPS, you can use a self-signed certificate by:\n\n- Passing in `--cert`\n- Passing in an existing certificate by providing the path to `--cert` and the\n path to the key with `--cert-key`\n\nThe self signed certificate will be generated to\n`~/.local/share/code-server/self-signed.crt`.\n\nIf you pass a certificate to code-server, it will respond to HTTPS requests and\nredirect all HTTP requests to HTTPS.\n\n> You can use [Let's Encrypt](https://letsencrypt.org/) to get a TLS certificate\n> for free.\n\nNote: if you set `proxy_set_header Host $host;` in your reverse proxy config, it\nwill change the address displayed in the green section of code-server in the\nbottom left to show the correct address.\n\n## Accessing web services\n\nIf you're working on web services and want to access them locally, code-server\ncan proxy to any port using either a subdomain or a subpath, allowing you to\nsecurely access these services using code-server's built-in authentication.\n\n### Using a subdomain\n\nYou will need a DNS entry that points to your server for each port you want to\naccess. You can either set up a wildcard DNS entry for `*.` if your\ndomain name registrar supports it, or you can create one for every port you want\nto access (`3000.`, `8080.`, etc).\n\nYou should also set up TLS certificates for these subdomains, either using a\nwildcard certificate for `*.` or individual certificates for each port.\n\nTo set your domain, start code-server with the `--proxy-domain` flag:\n\n```console\ncode-server --proxy-domain \n```\n\nFor instance, if you have code-server exposed on `domain.tld` and a Python\nserver running on port 8080 of the same machine code-server is running on, you\ncould run code-server with `--proxy-domain domain.tld` and access the Python\nserver via `8080.domain.tld`.\n\nNote that this uses the host header, so ensure your reverse proxy (if you're\nusing one) forwards that information.\n\n### Using a subpath\n\nSimply browse to `/proxy//`. For instance, if you have code-server\nexposed on `domain.tld` and a Python server running on port 8080 of the same\nmachine code-server is running on, you could access the Python server via\n`domain.tld/proxy/8000`.\n\n### Using your own proxy\n\nYou can make extensions and the ports panel use your own proxy by setting\n`VSCODE_PROXY_URI`. For example if you set\n`VSCODE_PROXY_URI=https://{{port}}.kyle.dev` when an application is detected\nrunning on port 3000 of the same machine code-server is running on the ports\npanel will create a link to https://3000.kyle.dev instead of pointing to the\nbuilt-in subpath-based proxy.\n\nNote: relative paths are also supported i.e.\n`VSCODE_PROXY_URI=./proxy/{{port}}`\n\n### Stripping `/proxy/` from the request path\n\nYou may notice that the code-server proxy strips `/proxy/` from the\nrequest path.\n\nHTTP servers should use relative URLs to avoid the need to be coupled to the\nabsolute path at which they are served. This means you must [use trailing\nslashes on all paths with\nsubpaths](https://blog.cdivilly.com/2019/02/28/uri-trailing-slashes).\n\nThis reasoning is why the default behavior is to strip `/proxy/` from the\nbase path. If your application uses relative URLs and does not assume the\nabsolute path at which it is being served, it will just work no matter what port\nyou decide to serve it off or if you put it in behind code-server or any other\nproxy.\n\nHowever, some prefer the cleaner aesthetic of no trailing slashes. Omitting the\ntrailing slashes couples you to the base path, since you cannot use relative\nredirects correctly anymore. If you're okay with this tradeoff, use `/absproxy`\ninstead and the path will be passed as is (e.g., `/absproxy/3000/my-app-path`).\n\n### Proxying to create a React app\n\nYou must use `/absproxy/` with `create-react-app` (see\n[#2565](https://github.com/coder/code-server/issues/2565) and\n[#2222](https://github.com/coder/code-server/issues/2222) for more information).\nYou will need to inform `create-react-app` of the path at which you are serving\nvia `$PUBLIC_URL` and webpack via `$WDS_SOCKET_PATH`:\n\n```sh\nPUBLIC_URL=/absproxy/3000 \\\n WDS_SOCKET_PATH=$PUBLIC_URL/sockjs-node \\\n BROWSER=none yarn start\n```\n\nYou should then be able to visit\n`https://my-code-server-address.io/absproxy/3000` to see your app exposed\nthrough code-server.\n\n> We highly recommend using the subdomain approach instead to avoid this class of issue.\n\n### Proxying to a Vue app\n\nSimilar to the situation with React apps, you have to make a few modifications\nto proxy a Vue app.\n\n1. add `vue.config.js`\n2. update the values to match this (you can use any free port):\n\n```js\nmodule.exports = {\n devServer: {\n port: 3454,\n sockPath: \"sockjs-node\",\n },\n publicPath: \"/absproxy/3454\",\n}\n```\n\n3. access app at `/absproxy/3454` e.g. `http://localhost:8080/absproxy/3454`\n\nRead more about `publicPath` in the [Vue.js docs](https://cli.vuejs.org/config/#publicpath)\n\n### Proxying to an Angular app\n\nIn order to use code-server's built-in proxy with Angular, you need to make the\nfollowing changes in your app:\n\n1. use `` in `src/index.html`\n2. add `--serve-path /absproxy/4200` to `ng serve` in your `package.json`\n\nFor additional context, see [this GitHub Discussion](https://github.com/coder/code-server/discussions/5439#discussioncomment-3371983).\n\n### Proxying to a Svelte app\n\nIn order to use code-server's built-in proxy with Svelte, you need to make the\nfollowing changes in your app:\n\n1. Add `svelte.config.js` if you don't already have one\n2. Update the values to match this (you can use any free port):\n\n```js\nconst config = {\n kit: {\n paths: {\n base: \"/absproxy/5173\",\n },\n },\n}\n```\n\n3. Access app at `/absproxy/5173/` e.g. `http://localhost:8080/absproxy/5173/\n\nFor additional context, see [this Github Issue](https://github.com/sveltejs/kit/issues/2958)\n\n### Prefixing `/absproxy/` with a path\n\nThis is a case where you need to serve an application via `absproxy` as\nexplained above while serving code-server itself from a path other than the root\nin your domain.\n\nFor example: `http://my-code-server.com/user/123/workspace/my-app`. To achieve\nthis result:\n\n1. Start code-server with the switch `--abs-proxy-base-path=/user/123/workspace`\n2. Follow one of the instructions above for your framework.\n\n### Preflight requests\n\nBy default, if you have auth enabled, code-server will authenticate all proxied\nrequests including preflight requests. This can cause issues because preflight\nrequests do not typically include credentials. To allow all preflight requests\nthrough the proxy without authentication, use `--skip-auth-preflight`.\n\n## Internationalization and customization\n\ncode-server allows you to provide a JSON file to configure certain strings. This\ncan be used for both internationalization and customization.\n\nCreate a JSON file with your custom strings:\n\n```json\n{\n \"WELCOME\": \"Welcome to {{app}}\",\n \"LOGIN_TITLE\": \"{{app}} Access Portal\",\n \"LOGIN_BELOW\": \"Please log in to continue\",\n \"PASSWORD_PLACEHOLDER\": \"Enter Password\"\n}\n```\n\nThen reference the file:\n\n```shell\ncode-server --i18n /path/to/custom-strings.json\n```\n\nOr this can be done in the config file:\n\n```yaml\ni18n: /path/to/custom-strings.json\n```\n\nYou can combine this with the `--locale` flag to configure language support for\nboth code-server and VS Code in cases where code-server has no support but VS\nCode does. If you are using this for internationalization, please consider\nsending us a pull request to contribute it to `src/node/i18n/locales`.\n\n### Available keys and placeholders\n\nRefer to [../src/node/i18n/locales/en.json](../src/node/i18n/locales/en.json)\nfor a full list of the available keys for translations. Note that the only\nplaceholders supported for each key are the ones used in the default string.\n\nThe `--app-name` flag controls the `{{app}}` placeholder in templates. If you\nwant to change the name, you can either:\n\n1. Set `--app-name` (potentially alongside `--i18n`)\n2. Use `--i18n` and hardcode the name in your strings\n\n### Legacy flag\n\nThe `--welcome-text` flag is now deprecated. Use the `WELCOME` key instead.\n"
},
{
"path": "docs/helm.md",
"content": "# code-server Helm Chart\n\n[](https://img.shields.io/badge/Version-1.0.0-informational?style=flat-square) [](https://img.shields.io/badge/Type-application-informational?style=flat-square) [](https://img.shields.io/badge/AppVersion-4.8.0-informational?style=flat-square)\n\n[code-server](https://github.com/coder/code-server) code-server is VS Code running\non a remote server, accessible through the browser.\n\nThis chart is community maintained by [@Matthew-Beckett](https://github.com/Matthew-Beckett) and [@alexgorbatchev](https://github.com/alexgorbatchev)\n\n## Quickstart\n\n```console\n$ git clone https://github.com/coder/code-server\n$ cd code-server\n$ helm upgrade --install code-server ci/helm-chart\n```\n\n## Introduction\n\nThis chart bootstraps a code-server deployment on a\n[Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh)\npackage manager.\n\n## Prerequisites\n\n- Kubernetes 1.6+\n\n## Installing the Chart\n\nTo install the chart with the release name `code-server`:\n\n```console\n$ git clone https://github.com/coder/code-server\n$ cd code-server\n$ helm upgrade --install code-server ci/helm-chart\n```\n\nThe command deploys code-server on the Kubernetes cluster in the default\nconfiguration. The [configuration](#configuration) section lists the parameters\nthat can be configured during installation.\n\n> **Tip**: List all releases using `helm list`\n\n## Uninstalling the Chart\n\nTo uninstall/delete the `code-server` deployment:\n\n```console\n$ helm delete code-server\n```\n\nThe command removes all the Kubernetes components associated with the chart and\ndeletes the release.\n\n## Configuration\n\nThe following table lists the configurable parameters of the code-server chart\nand their default values.\n\n## Values\n\n| Key | Type | Default |\n| ------------------------------------------- | ------ | ------------------------ |\n| affinity | object | `{}` |\n| extraArgs | list | `[]` |\n| extraConfigmapMounts | list | `[]` |\n| extraContainers | string | `\"\"` |\n| extraInitContainers | string | `\"\"` |\n| extraSecretMounts | list | `[]` |\n| extraVars | list | `[]` |\n| extraVolumeMounts | list | `[]` |\n| fullnameOverride | string | `\"\"` |\n| hostnameOverride | string | `\"\"` |\n| image.pullPolicy | string | `\"Always\"` |\n| image.repository | string | `\"codercom/code-server\"` |\n| image.tag | string | `\"4.8.0\"` |\n| imagePullSecrets | list | `[]` |\n| ingress.enabled | bool | `false` |\n| nameOverride | string | `\"\"` |\n| nodeSelector | object | `{}` |\n| persistence.accessMode | string | `\"ReadWriteOnce\"` |\n| persistence.annotations | object | `{}` |\n| persistence.enabled | bool | `true` |\n| persistence.size | string | `\"1Gi\"` |\n| podAnnotations | object | `{}` |\n| podSecurityContext | object | `{}` |\n| replicaCount | int | `1` |\n| resources | object | `{}` |\n| securityContext.enabled | bool | `true` |\n| securityContext.fsGroup | int | `1000` |\n| securityContext.runAsUser | int | `1000` |\n| service.port | int | `8443` |\n| service.type | string | `\"ClusterIP\"` |\n| serviceAccount.create | bool | `true` |\n| serviceAccount.name | string | `nil` |\n| tolerations | list | `[]` |\n| volumePermissions.enabled | bool | `true` |\n| volumePermissions.securityContext.runAsUser | int | `0` |\n\nSpecify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,\n\n```console\n$ helm upgrade --install code-server \\\n ci/helm-chart \\\n --set persistence.enabled=false\n```\n\nThe above command sets the the persistence storage to false.\n\nAlternatively, a YAML file that specifies the values for the above parameters\ncan be provided while installing the chart. For example,\n\n```console\n$ helm upgrade --install code-server ci/helm-chart -f values.yaml\n```\n\n> **Tip**: You can use the default [values.yaml](values.yaml)\n\n# Extra Containers\n\nThere are two parameters which allow to add more containers to pod.\nUse `extraContainers` to add regular containers\nand `extraInitContainers` to add init containers. You can read more\nabout init containers in [k8s documentation](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/).\n\nBoth parameters accept strings and use them as a templates\n\nExample of using `extraInitContainers`:\n\n```yaml\nextraInitContainers: |\n - name: customization\n image: {{ .Values.image.repository }}:{{ .Values.image.tag }}\n imagePullPolicy: IfNotPresent\n env:\n - name: SERVICE_URL\n value: https://open-vsx.org/vscode/gallery\n - name: ITEM_URL\n value: https://open-vsx.org/vscode/item\n command:\n - sh\n - -c\n - |\n code-server --install-extension ms-python.python\n code-server --install-extension golang.Go\n volumeMounts:\n - name: data\n mountPath: /home/coder\n```\n\nWith this yaml in file `init.yaml`, you can execute\n\n```console\n$ helm upgrade --install code-server \\\n ci/helm-chart \\\n --values init.yaml\n```\n\nto deploy code-server with python and golang extensions preinstalled\nbefore main container have started.\n"
},
{
"path": "docs/install.md",
"content": "\n\n\n# Install\n\n- [install.sh](#installsh)\n - [Detection reference](#detection-reference)\n- [npm](#npm)\n- [Standalone releases](#standalone-releases)\n- [Debian, Ubuntu](#debian-ubuntu)\n- [Fedora, CentOS, RHEL, SUSE](#fedora-centos-rhel-suse)\n- [Arch Linux](#arch-linux)\n- [Artix Linux](#artix-linux)\n- [macOS](#macos)\n- [Docker](#docker)\n- [Helm](#helm)\n- [Windows](#windows)\n- [Raspberry Pi](#raspberry-pi)\n- [Termux](#termux)\n- [Cloud providers](#cloud-providers)\n- [Uninstall](#uninstall)\n - [install.sh](#installsh-1)\n - [Homebrew](#homebrew)\n - [npm](#npm-1)\n - [Debian, Ubuntu](#debian-ubuntu-1)\n\n\n\n\nThis document demonstrates how to install `code-server` on various distros and\noperating systems.\n\n## install.sh\n\nThe easiest way to install code-server is to use our [install\nscript](https://github.com/coder/code-server/blob/main/install.sh) for Linux, macOS and FreeBSD. The install script\n[attempts to use the system package manager](#detection-reference) if possible.\n\nYou can preview what occurs during the install process:\n\n```bash\ncurl -fsSL https://code-server.dev/install.sh | sh -s -- --dry-run\n```\n\nTo install, run:\n\n```bash\ncurl -fsSL https://code-server.dev/install.sh | sh\n```\n\nYou can modify the installation process by including one or more of the\nfollowing flags:\n\n- `--dry-run`: echo the commands for the install process without running them.\n- `--method`: choose the installation method.\n - `--method=detect`: detect the package manager but fallback to\n `--method=standalone`.\n - `--method=standalone`: install a standalone release archive into `~/.local`.\n- `--prefix=/usr/local`: install a standalone release archive system-wide.\n- `--version=X.X.X`: install version `X.X.X` instead of latest version.\n- `--help`: see usage docs.\n- `--edge`: install the latest edge version (i.e. pre-release)\n\nWhen done, the install script prints out instructions for running and starting\ncode-server.\n\n> If you're concerned about the install script's use of `curl | sh` and the\n> security implications, please see [this blog\n> post](https://sandstorm.io/news/2015-09-24-is-curl-bash-insecure-pgp-verified-install)\n> by [sandstorm.io](https://sandstorm.io).\n\nIf you prefer to install code-server manually, despite the [detection\nreferences](#detection-reference) and `--dry-run` feature, then continue on for\ninformation on how to do this. The [`install.sh`](https://github.com/coder/code-server/blob/main/install.sh) script runs the\n_exact_ same commands presented in the rest of this document.\n\n### Detection reference\n\n- For Debian and Ubuntu, code-server will install the latest deb package.\n- For Fedora, CentOS, RHEL and openSUSE, code-server will install the latest RPM\n package.\n- For Arch Linux, code-server will install the AUR package.\n- For any unrecognized Linux operating system, code-server will install the\n latest standalone release into `~/.local`.\n - Ensure that you add `~/.local/bin` to your `$PATH` to run code-server.\n\n- For macOS, code-server will install the Homebrew package (if you don't have\n Homebrew installed, code-server will install the latest standalone release\n into `~/.local`).\n - Ensure that you add `~/.local/bin` to your `$PATH` to run code-server.\n\n- For FreeBSD, code-server will install the [npm package](#npm) with `npm`\n\n- If you're installing code-server onto architecture with no releases,\n code-server will install the [npm package](#npm) with `npm`\n - We currently offer releases for amd64 and arm64.\n - The [npm package](#npm) builds the native modules on post-install.\n\n## npm\n\nWe recommend installing with `npm` when:\n\n1. You aren't using a machine with `amd64` or `arm64`.\n2. You are installing code-server on Windows.\n3. You're on Linux with `glibc` < v2.28 or `glibcxx` < v3.4.21.\n4. You're running Alpine Linux or are using a non-glibc libc. See\n [#1430](https://github.com/coder/code-server/issues/1430#issuecomment-629883198)\n for more information.\n\nInstalling code-server with `npm` builds native modules on install.\n\nThis process requires C dependencies; see our guide on [installing with npm](./npm.md) for more information.\n\n## Standalone releases\n\nWe publish self-contained `.tar.gz` archives for every release on\n[GitHub](https://github.com/coder/code-server/releases). The archives bundle the\nnode binary and node modules.\n\nWe create the standalone releases using the [npm package](#npm), and we\nthen create the remaining releases using the standalone version.\n\nThe only requirement to use the standalone release is `glibc` >= 2.28 and\n`glibcxx` >= v3.4.21 on Linux (for macOS, there is no minimum system\nrequirement).\n\nTo use a standalone release:\n\n1. Download the latest release archive for your system from\n [GitHub](https://github.com/coder/code-server/releases).\n2. Unpack the release.\n3. Run code-server by executing `./bin/code-server`.\n\nYou can add `./bin/code-server` to your `$PATH` so that you can execute\n`code-server` without providing full path each time.\n\nHere is a sample script for installing and using a standalone code-server\nrelease on Linux:\n\n```bash\nmkdir -p ~/.local/lib ~/.local/bin\ncurl -fL https://github.com/coder/code-server/releases/download/v$VERSION/code-server-$VERSION-linux-amd64.tar.gz \\\n | tar -C ~/.local/lib -xz\nmv ~/.local/lib/code-server-$VERSION-linux-amd64 ~/.local/lib/code-server-$VERSION\nln -s ~/.local/lib/code-server-$VERSION/bin/code-server ~/.local/bin/code-server\nPATH=\"~/.local/bin:$PATH\"\ncode-server\n# Now visit http://127.0.0.1:8080. Your password is in ~/.config/code-server/config.yaml\n```\n\n## Debian, Ubuntu\n\n> The standalone arm64 .deb does not support Ubuntu 16.04 or earlier. Please\n> upgrade or [build with npm](#npm).\n\n```bash\ncurl -fOL https://github.com/coder/code-server/releases/download/v$VERSION/code-server_${VERSION}_amd64.deb\nsudo dpkg -i code-server_${VERSION}_amd64.deb\nsudo systemctl enable --now code-server@$USER\n# Now visit http://127.0.0.1:8080. Your password is in ~/.config/code-server/config.yaml\n```\n\n## Fedora, CentOS, RHEL, SUSE\n\n> The standalone arm64 .rpm does not support CentOS 7. Please upgrade or [build\n> with npm](#npm).\n\n```bash\ncurl -fOL https://github.com/coder/code-server/releases/download/v$VERSION/code-server-$VERSION-amd64.rpm\nsudo rpm -i code-server-$VERSION-amd64.rpm\nsudo systemctl enable --now code-server@$USER\n# Now visit http://127.0.0.1:8080. Your password is in ~/.config/code-server/config.yaml\n```\n\n## Arch Linux\n\n```bash\n# Install code-server from the AUR using yay.\nyay -S code-server\nsudo systemctl enable --now code-server@$USER\n# Now visit http://127.0.0.1:8080. Your password is in ~/.config/code-server/config.yaml\n```\n\n```bash\n# Install code-server from the AUR with plain makepkg.\ngit clone https://aur.archlinux.org/code-server.git\ncd code-server\nmakepkg -si\nsudo systemctl enable --now code-server@$USER\n# Now visit http://127.0.0.1:8080. Your password is in ~/.config/code-server/config.yaml\n```\n\n## Artix Linux\n\n```bash\n# Install code-server from the AUR\ngit clone https://aur.archlinux.org/code-server.git\ncd code-server\nmakepkg -si\n```\n\nSave the file as `code-server` in `/etc/init.d/` and make it executable with `chmod +x code-server`. Put your username in line 3.\n\n```bash\n#!/sbin/openrc-run\nname=$RC_SVCNAME\ndescription=\"$name - VS Code on a remote server\"\nuser=\"\" # your username here\nhomedir=\"/home/$user\"\ncommand=\"$(which code-server)\"\n# Just because you can do this does not mean you should. Use ~/.config/code-server/config.yaml instead\n#command_args=\"--extensions-dir $homedir/.local/share/$name/extensions --user-data-dir $homedir/.local/share/$name --disable-telemetry\"\ncommand_user=\"$user:$user\"\npidfile=\"/run/$name/$name.pid\"\ncommand_background=\"yes\"\nextra_commands=\"report\"\n\ndepend() {\n use logger dns\n need net\n}\n\nstart_pre() {\n checkpath --directory --owner $command_user --mode 0755 /run/$name /var/log/$name\n}\n\nstart() {\n default_start\n report\n}\n\nstop() {\n default_stop\n}\n\nstatus() {\n default_status\n report\n}\n\nreport() {\n # Report to the user\n einfo \"Reading configuration from ~/.config/code-server/config.yaml\"\n}\n```\n\nStart on boot with default runlevel\n\n```\nrc-update add code-server default\n```\n\nStart the service immediately\n\n```\nrc-service code-server start\n```\n\n## macOS\n\n```bash\nbrew install code-server\nbrew services start code-server\n# Now visit http://127.0.0.1:8080. Your password is in ~/.config/code-server/config.yaml\n```\n\n## Docker\n\n```bash\n# This will start a code-server container and expose it at http://127.0.0.1:8080.\n# It will also mount your current directory into the container as `/home/coder/project`\n# and forward your UID/GID so that all file system operations occur as your user outside\n# the container.\n#\n# Your $HOME/.config is mounted at $HOME/.config within the container to ensure you can\n# easily access/modify your code-server config in $HOME/.config/code-server/config.json\n# outside the container.\nmkdir -p ~/.config\ndocker run -it --name code-server -p 127.0.0.1:8080:8080 \\\n -v \"$HOME/.local:/home/coder/.local\" \\\n -v \"$HOME/.config:/home/coder/.config\" \\\n -v \"$PWD:/home/coder/project\" \\\n -u \"$(id -u):$(id -g)\" \\\n -e \"DOCKER_USER=$USER\" \\\n codercom/code-server:latest\n```\n\nOur official image supports `amd64` and `arm64`. For `arm32` support, you can\nuse a [community-maintained code-server\nalternative](https://hub.docker.com/r/linuxserver/code-server).\n\n## Helm\n\nYou can install code-server using the [Helm package manager](https://coder.com/docs/code-server/latest/helm).\n\n## Windows\n\nWe currently [do not publish Windows\nreleases](https://github.com/coder/code-server/issues/1397). We recommend\ninstalling code-server onto Windows with [`npm`](#npm).\n\n## Raspberry Pi\n\nWe recommend installing code-server onto Raspberry Pi with [`npm`](#npm).\n\nIf you see an error related to `node-gyp` during installation, See [#5174](https://github.com/coder/code-server/issues/5174) for more information.\n\n## Termux\n\nPlease see code-server's [Termux docs](./termux.md#installation) for more\ninformation.\n\n## Cloud providers\n\nWe maintain [one-click apps and install scripts for cloud\nproviders](https://github.com/coder/deploy-code-server) such as DigitalOcean,\nRailway, Heroku, and Azure.\n\n## Uninstall\n\ncode-server can be completely uninstalled by removing the application directory, and your user configuration directory.\n\nTo delete settings and data:\n\n```shell\nrm -rf ~/.local/share/code-server ~/.config/code-server\n```\n\n### install.sh\n\nIf you installed with the install script, by default code-server will be in `~/.local/lib/code-server-` and you can remove it with `rm -rf`. e.g.\n\n```shell\nrm -rf ~/.local/lib/code-server-*\n```\n\n### Homebrew\n\nTo remove the code-server homebrew package, run:\n\n```shell\nbrew remove code-server\n\n# Alternatively\nbrew uninstall code-server\n```\n\n### npm\n\nTo remove the code-server global module, run:\n\n```shell\nnpm uninstall --global code-server\n```\n\n### Debian, Ubuntu\n\nTo uninstall, run:\n\n```shell\nsudo apt remove code-server\n```\n"
},
{
"path": "docs/ios.md",
"content": "# Using code-server on iOS with iSH\n\n1. Install iSH from the [App Store](https://apps.apple.com/us/app/ish-shell/id1436902243)\n2. Install `curl` and `nano` with `apk add curl nano`\n3. Configure iSH to use an earlier version of NodeJS with `nano /etc/apk/repositories` and edit `v3.14` to `v3.12` on both repository links.\n4. Install `nodejs` and `npm` with `apk add nodejs npm`\n5. Install code-server with `curl -fsSL https://code-server.dev/install.sh | sh`\n6. Run code-server with `code-server`\n7. Access on localhost:8080 in your browser\n"
},
{
"path": "docs/ipad.md",
"content": "\n\n\n# iPad\n\n- [Using the code-server progressive web app (PWA)](#using-the-code-server-progressive-web-app-pwa)\n- [Access code-server using Servediter](#access-code-server-using-servediter)\n- [Raspberry Pi USB-C network](#raspberry-pi-usb-c-network)\n- [Recommendations](#recommendations)\n- [Known issues](#known-issues)\n - [Workaround for issue with `ctrl+c` not stopping a running process in the terminal](#workaround-for-issue-with-ctrlc-not-stopping-a-running-process-in-the-terminal)\n- [Access code-server with a self-signed certificate on an iPad](#access-code-server-with-a-self-signed-certificate-on-an-ipad)\n - [Certificate requirements](#certificate-requirements)\n - [Sharing a self-signed certificate with an iPad](#sharing-a-self-signed-certificate-with-an-ipad)\n\n\n\n\nOnce you've installed code-server, you can access it from an iPad.\n\n## Using the code-server progressive web app (PWA)\n\nTo use code-server on an iPad, we recommend installing the code-server\nprogressive web app (PWA):\n\n1. Open code-server in Safari.\n2. Click the **Share** icon.\n3. Click **Add to Home Screen**.\n\nYou can now open code-server from the Home screen, and when you do, you'll be\nusing the PWA. Running code-server as a PWA gets you more screen real estate and\naccess to top-level keyboard shortcuts since its running like a native app.\n\nFor example, you can use `cmd+w` to close an active file in the workbench. You\ncan add this to `keybindings.json`:\n\n1. Open code-server\n2. Go to **Command Palette** > **Open Keyboard Shortcuts (JSON)**\n3. Add the following to `keybindings.json`\n\n ```json\n {\n \"key\": \"cmd+w\",\n \"command\": \"workbench.action.closeActiveEditor\"\n }\n ```\n\n4. Test the command by using `cmd+w` to close an active file.\n\n## Access code-server using Servediter\n\nIf you are unable to get the self-signed certificate working, or you do not have a domain\nname to use, you can use [Servediter for code-server](https://apps.apple.com/us/app/servediter-for-code-server/id1504491325).\n\n> Servediter for code-server is **not** officially supported by the code-server team!\n\nTo use Servediter:\n\n1. Download the app from the App Store.\n2. When prompted, provide your server information. If you are running a local\n server or a [Raspberry Pi connected via USB-C](#raspberry-pi-usb-c-network), you will input your settings\n into **Self Hosted Server**.\n\n## Raspberry Pi USB-C network\n\nWe've heard of users having great success using code-server on an iPad connected\nto a Raspberry Pi via USB-C (the Raspberry Pi provides both power and direct\nnetwork access). Setting this up requires you to turn on **Network over USB-C**\non the Raspberry Pi, then continuing with code-server as usual on the iPad.\n\nFor more information, see:\n\n- [General introduction to Pi as an iPad\n accessory](https://www.youtube.com/watch?v=IR6sDcKo3V8)\n- [iPad with Pi FAQ](https://www.youtube.com/watch?v=SPSlyqo5Q2Q)\n- [Technical guide to connecting a Raspberry Pi to an\n iPad](https://www.geeky-gadgets.com/connect-a-raspberry-pi-4-to-an-ipad-pro-21-01-2020/)\n\nYou may also find the following tips from [Acker\nApple](http://github.com/ackerapple/) helpful:\n\n> Here are my keys to success. I bought a 4\" touch screen with fan included that\n> attaches as a case to the Pi. I use the touch screen for anytime I have\n> connection issues, otherwise I turn off the Pi screen. I gave my Pi a network\n> name so I can easily connect at home on wifi or when on go with 1 usb-c cable\n> that supplys both power and network connectivity. Lastly, not all usb-c cables\n> are equal and not all will work so try different usb-c cables if you are going\n> mad (confirm over wifi first then move to cable).\n\n## Recommendations\n\nOnce you can access code-server on your iPad, you may find the following tips\nand tricks helpful:\n\n- Use multi-task mode to make code changes and see the browser at the same time\n - This prevents the iOS background from dropping an app's state if you are\n switching between code-server and browser (with both in full-screen)\n- Be sure you are using the debug/terminal that is built into VS Code so that\n you donāt need another terminal app running\n - This also prevents switching between full screen apps and losing your view\n due to iOS' background app memory management\n\n## Known issues\n\n- Getting self-signed certificates to work [is an involved\n process](#access-code-server-with-a-self-signed-certificate-on-an-ipad)\n- Keyboard issues:\n - The keyboard disappear sometimes\n [#979](https://github.com/coder/code-server/issues/979)\n - Some expectations regarding shortcuts may not be met:\n - `cmd + n` opens new browser window instead of new file, and it's difficult\n to set alternative as a workaround\n - In general, expect to edit your keyboard shortcuts\n - There's no escape key by default on the Magic Keyboard, so most users set\n the globe key to be an escape key\n- Trackpad scrolling does not work on iPadOS < 14.5\n ([#1455](https://github.com/coder/code-server/issues/1455))\n - [WebKit fix](https://bugs.webkit.org/show_bug.cgi?id=210071#c13)\n- Keyboard may lose focus in Safari / split view [#4182](https://github.com/coder/code-server/issues/4182)\n- Terminal text does not appear by default [#3824](https://github.com/coder/code-server/issues/3824)\n- Copy & paste in terminal does not work well with keyboard shortcuts [#3491](https://github.com/coder/code-server/issues/3491)\n- `ctrl+c` does not stop a long-running process in the browser\n - Tracking upstream issue here:\n [#114009](https://github.com/microsoft/vscode/issues/114009)\n - See [workaround](#ctrl-c-workaround)\n\nAdditionally, see [issues in the code-server repo that are tagged with the `os-ios`\nlabel](https://github.com/coder/code-server/issues?q=is%3Aopen+is%3Aissue+label%3Aos-ios)\nfor more information.\n\n### Workaround for issue with `ctrl+c` not stopping a running process in the terminal\n\nThis's currently an issue with `ctrl+c` not stopping a running process in the\nintegrated terminal. We have filed an issue upstream and are tracking\n[here](https://github.com/microsoft/vscode/issues/114009).\n\nIn the meantime, you can manually define a shortcut as a workaround:\n\n1. Open the Command Palette\n2. Look for **Preferences: Open Keyboard Shortcuts (JSON)**\n3. Add the following snippet:\n\n ```json\n {\n \"key\": \"ctrl+c\",\n \"command\": \"workbench.action.terminal.sendSequence\",\n \"args\": {\n \"text\": \"\\u0003\"\n },\n \"when\": \"terminalFocus\"\n }\n ```\n\n_Source: [StackOverflow](https://stackoverflow.com/a/52735954/3015595)_\n\n## Access code-server with a self-signed certificate on an iPad\n\nIf you've installed code-server and are [running it with a self-signed\ncertificate](./guide.md#using-a-self-signed-certificate), you may see multiple\nsecurity warnings from Safari. To fix this, you'll need to install the\nself-signed certificate generated by code-server as a profile on your device (you'll also need to do this to\nenable WebSocket connections).\n\n### Certificate requirements\n\n- We're assuming that you're using the self-signed certificate code-server\n generates for you (if not, make sure that your certificate [abides by the\n guidelines issued by Apple](https://support.apple.com/en-us/HT210176)).\n- We've noticed that the certificate has to include `basicConstraints=CA:true`.\n- Your certificate must have a subject alt name that matches the hostname you'll\n use to access code-server from the iPad. You can pass this name to code-server\n so that it generates the certificate correctly using `--cert-host`.\n\n### Sharing a self-signed certificate with an iPad\n\nTo share a self-signed certificate with an iPad:\n\n1. Get the location of the certificate code-server generated; code-server prints\n the certificate's location in its logs:\n\n ```console\n [2020-10-30T08:55:45.139Z] info - Using generated certificate and key for HTTPS: ~/.local/share/code-server/mymbp_local.crt\n ```\n\n2. Send the certificate to the iPad, either by emailing it to yourself or using\n Apple's Airdrop feature.\n\n3. Open the `*.crt` file so that you're prompted to go into Settings to install.\n\n4. Go to **Settings** > **General** > **Profile**, and select the profile. Tap **Install**.\n\n5. Go to **Settings** > **About** > **Certificate Trust Settings** and [enable\n full trust for your certificate](https://support.apple.com/en-us/HT204477).\n\nYou should be able to access code-server without all of Safari's warnings now.\n\n**warning**: Your iPad must access code-server via a domain name. It could be local\nDNS like `mymacbookpro.local`, but it must be a domain name. Otherwise, Safari will\nnot allow WebSockets connections.\n"
},
{
"path": "docs/manifest.json",
"content": "{\n \"versions\": [\"v4.8.0\"],\n \"routes\": [\n {\n \"title\": \"Home\",\n \"description\": \"Learn how to install and run code-server.\",\n \"path\": \"./README.md\",\n \"icon_path\": \"assets/images/icons/home.svg\"\n },\n {\n \"title\": \"Requirements\",\n \"description\": \"Learn about what you need to run code-server.\",\n \"icon_path\": \"assets/images/icons/requirements.svg\",\n \"path\": \"./requirements.md\"\n },\n {\n \"title\": \"Install\",\n \"description\": \"How to install code-server.\",\n \"icon_path\": \"assets/images/icons/wrench.svg\",\n \"path\": \"./install.md\",\n \"children\": [\n {\n \"title\": \"npm\",\n \"description\": \"How to install code-server using npm\",\n \"path\": \"./npm.md\"\n },\n {\n \"title\": \"Helm\",\n \"description\": \"How to install code-server using the Helm package manager\",\n \"path\": \"./helm.md\"\n }\n ]\n },\n {\n \"title\": \"Usage\",\n \"description\": \"How to set up and use code-server.\",\n \"icon_path\": \"assets/images/icons/usage.svg\",\n \"path\": \"./guide.md\",\n \"children\": [\n {\n \"title\": \"Coder\",\n \"description\": \"How to run code-server in Coder\",\n \"path\": \"./coder.md\"\n },\n {\n \"title\": \"iPad\",\n \"description\": \"How to access your code-server installation using an iPad.\",\n \"path\": \"./ipad.md\"\n },\n {\n \"title\": \"Termux\",\n \"description\": \"How to install Termux to run code-server on an Android device.\",\n \"path\": \"./termux.md\"\n },\n {\n \"title\": \"iOS\",\n \"description\": \"How to use code-server on iOS with iSH.\",\n \"path\": \"./ios.md\"\n },\n {\n \"title\": \"Android\",\n \"description\": \"How to run code-server on an Android device using UserLAnd.\",\n \"path\": \"./android.md\"\n }\n ]\n },\n {\n \"title\": \"Collaboration\",\n \"description\": \"How to setup real time collaboration using code server.\",\n \"icon_path\": \"assets/images/icons/collab.svg\",\n \"path\": \"./collaboration.md\"\n },\n {\n \"title\": \"Upgrade\",\n \"description\": \"How to upgrade code-server.\",\n \"icon_path\": \"assets/images/icons/upgrade.svg\",\n \"path\": \"./upgrade.md\"\n },\n {\n \"title\": \"FAQ\",\n \"description\": \"Frequently asked questions on installing and running code-server.\",\n \"icon_path\": \"assets/images/icons/faq.svg\",\n \"path\": \"./FAQ.md\"\n },\n {\n \"title\": \"Contributing\",\n \"description\": \"How to contribute to code-server.\",\n \"icon_path\": \"assets/images/icons/contributing.svg\",\n \"path\": \"./CONTRIBUTING.md\",\n \"children\": [\n {\n \"title\": \"Code of conduct\",\n \"description\": \"Coder expects contributors to code-server to behave in a manner that creates an open and welcoming environment.\",\n \"path\": \"./CODE_OF_CONDUCT.md\"\n },\n {\n \"title\": \"Maintenance\",\n \"description\": \"Learn about the workflow followed by code-server's maintainers.\",\n \"path\": \"./MAINTAINING.md\"\n },\n {\n \"title\": \"Triage\",\n \"description\": \"How the maintainers triage issues with code-server.\",\n \"path\": \"./triage.md\"\n },\n {\n \"title\": \"Security\",\n \"description\": \"Learn about the tools used to detect vulnerabilities in code-server, and how you can report vulnerabilities.\",\n \"path\": \"./SECURITY.md\"\n }\n ]\n }\n ]\n}\n"
},
{
"path": "docs/npm.md",
"content": "\n\n\n# npm Install Requirements\n\n- [Node.js version](#nodejs-version)\n- [Ubuntu, Debian](#ubuntu-debian)\n- [Fedora, CentOS, RHEL](#fedora-centos-rhel)\n- [Alpine](#alpine)\n- [macOS](#macos)\n- [FreeBSD](#freebsd)\n- [Windows](#windows)\n- [Installing](#installing)\n- [Troubleshooting](#troubleshooting)\n - [Issues with Node.js after version upgrades](#issues-with-nodejs-after-version-upgrades)\n - [Debugging install issues with npm](#debugging-install-issues-with-npm)\n\n\n\n\nIf you're installing code-server via `npm`, you'll need to install additional\ndependencies required to build the native modules used by VS Code. This article\nincludes installing instructions based on your operating system.\n\n> **WARNING**: Do not use `yarn` to install code-server. Unlike `npm`, it does not respect\n> lockfiles for distributed applications. It will instead use the latest version\n> available at installation time - which might not be the one used for a given\n> code-server release, and [might lead to unexpected behavior](https://github.com/coder/code-server/issues/4927).\n\n## Node.js version\n\nWe use the same major version of Node.js shipped with Code's remote, which is\ncurrently `22.x`. VS Code also [lists Node.js\nrequirements](https://github.com/microsoft/vscode/wiki/How-to-Contribute#prerequisites).\n\nUsing other versions of Node.js [may lead to unexpected\nbehavior](https://github.com/coder/code-server/issues/1633).\n\n## Ubuntu, Debian\n\n```bash\nsudo apt-get install -y \\\n build-essential \\\n pkg-config \\\n python3\nnpm config set python python3\n```\n\nProceed to [installing](#installing)\n\n## Fedora, CentOS, RHEL\n\n```bash\nsudo yum groupinstall -y 'Development Tools'\nsudo yum config-manager --set-enabled PowerTools # unnecessary on CentOS 7\nsudo yum install -y python2\nnpm config set python python2\n```\n\nProceed to [installing](#installing)\n\n## Alpine\n\n```bash\napk add alpine-sdk bash libstdc++ libc6-compat python3 krb5-dev\n```\n\nProceed to [installing](#installing)\n\n## macOS\n\n```bash\nxcode-select --install\n```\n\nProceed to [installing](#installing)\n\n## FreeBSD\n\n```sh\npkg install -y git python npm-node22 pkgconf\npkg install -y libinotify\n```\n\nProceed to [installing](#installing)\n\n## Windows\n\nInstalling code-server requires all of the [prerequisites for VS Code development](https://github.com/Microsoft/vscode/wiki/How-to-Contribute#prerequisites). When installing the C++ compiler tool chain, we recommend using \"Option 2: Visual Studio 2019\" for best results.\n\nNext, install code-server with:\n\n```bash\nnpm install --global code-server\ncode-server\n# Now visit http://127.0.0.1:8080. Your password is in ~/.config/code-server/config.yaml\n```\n\nA `postinstall.sh` script will attempt to run. Select your terminal (e.g., Git bash) as the default shell for npm run-scripts. If an additional dialog does not appear, run the install command again.\n\nIf the `code-server` command is not found, you'll need to [add a directory to your PATH](https://www.architectryan.com/2018/03/17/add-to-the-path-on-windows-10/). To find the directory, use the following command:\n\n```shell\nnpm config get prefix\n```\n\nFor help and additional troubleshooting, see [#1397](https://github.com/coder/code-server/issues/1397).\n\n## Installing\n\nAfter adding the dependencies for your OS, install the code-server package globally:\n\n```bash\nnpm install --global code-server\ncode-server\n# Now visit http://127.0.0.1:8080. Your password is in ~/.config/code-server/config.yaml\n```\n\n## Troubleshooting\n\nIf you need further assistance, post on our [GitHub Discussions\npage](https://github.com/coder/code-server/discussions).\n\n### Issues with Node.js after version upgrades\n\nOccasionally, you may run into issues with Node.js.\n\nIf you install code-server using `npm`, and you upgrade your Node.js\nversion, you may need to reinstall code-server to recompile native modules.\nSometimes, you can get around this by navigating into code-server's `lib/vscode`\ndirectory and running `npm rebuild` to recompile the modules.\n\nA step-by-step example of how you might do this is:\n\n1. Install code-server: `brew install code-server`\n2. Navigate into the directory: `cd /usr/local/Cellar/code-server//libexec/lib/vscode/`\n3. Recompile the native modules: `npm rebuild`\n4. Restart code-server\n\n### Debugging install issues with npm\n\nTo debug installation issues, install with `npm`:\n\n```shell\n# Uninstall\nnpm uninstall --global code-server > /dev/null 2>&1\n\n# Install with logging\nnpm install --loglevel verbose --global code-server\n```\n"
},
{
"path": "docs/requirements.md",
"content": "# Requirements\n\nYou'll need a machine on which you can run code-server. You can use a physical\nmachine you have, or you can use a VM on GCP/AWS.\n\nAt the minimum, we recommend:\n\n- 1 GB of RAM\n- 2 CPU cores\n\nYou can use any Linux distribution, but [our\ndocs](https://coder.com/docs/code-server/latest/guide) assume that you're using\nDebian hosted by Google Cloud (see the following section for instructions on\nsetting this up).\n\nYour environment must have WebSockets enabled, since code-server uses WebSockets\nfor communication between the browser and the server.\n\n## Set up a VM on Google Cloud\n\nThe following steps walk you through setting up a VM running Debian using Google\nCloud (though you are welcome to use any machine or VM provider).\n\nIf you're [signing up with Google](https://console.cloud.google.com/getting-started) for the first time, you should get a 3-month trial with\n\\$300 of credits.\n\nAfter you sign up and create a new Google Cloud Provider (GCP) project, create a\nnew Compute Engine VM instance:\n\n1. Using the sidebar, navigate to **Compute Engine** > **VM Instances**.\n2. Click **Create Instance**.\n3. Provide a **name** for new instance.\n4. Choose the **region** that's closest to you based on [GCP\n ping](https://gcping.com/).\n5. Choose a **zone** (any option is fine).\n6. We recommend choosing an **E2 series instance** from the [general-purpose\n family](https://cloud.google.com/compute/docs/machine-types#general_purpose).\n7. Change the instance type to **custom** and set at least **2 cores** and **2\n GB of RAM**. You can add more resources if desired, though you can also edit\n your instance at a later point.\n8. Though optional, we highly recommend switching the persistent disk to an SSD\n with at least 32 GB. To do so, click **change** under **Boot Disk**. Then,\n change the type to **SSD Persistent Disk**, and set the size to **32**. (You\n can also grow your disk at a later date).\n9. Go to **Networking** > **Networking Interfaces** and edit the existing\n interface to use a static internal IP. Click **Done** to save.\n10. If you don't have a [project-wide SSH\n key](https://cloud.google.com/compute/docs/instances/adding-removing-ssh-keys#project-wide),\n go to **Security** > **SSH Keys** to add your public key.\n11. Click **Create** to proceed.\n\nNotes:\n\n- To lower costs, you can shut down your server when you're not using it.\n- We recommend using the `gcloud cli` to avoid using the GCP Dashboard if possible.\n- For serving code-server over HTTPS, we recommend using an external domain name along with a service such as Let's Encrypt\n"
},
{
"path": "docs/termux.md",
"content": "\n\n\n# Termux\n\n- [Install](#install)\n- [NPM Installation](#npm-installation)\n- [Upgrade](#upgrade)\n- [Known Issues](#known-issues)\n - [Git won't work in `/sdcard`](#git-wont-work-in-sdcard)\n - [Many extensions including language packs fail to install](#many-extensions-including-language-packs-fail-to-install)\n- [Extra](#extra)\n - [Keyboard Shortcuts and Tab Key](#keyboard-shortcuts-and-tab-key)\n - [Create a new user](#create-a-new-user)\n - [Install Go](#install-go)\n - [Install Python](#install-python)\n\n\n\n\n## Install\n\n1. Get [Termux](https://f-droid.org/en/packages/com.termux/) from **F-Droid**.\n2. Run `pkg install tur-repo`\n3. Run `pkg install code-server`\n4. You can now start code server by simply running `code-server`.\n\n## NPM Installation\n\n1. Get [Termux](https://f-droid.org/en/packages/com.termux/) from **F-Droid**.\n\n2. We will now change using the following command.\n\n```sh\ntermux-change-repo\n```\n\nNow select `Main Repository` then change repo to `Mirrors by Grimler Hosted on grimler.se`.\n\n3. After successfully updating of repository update and upgrade all the packages by the following command\n\n```sh\npkg update\npkg upgrade -y\n```\n\n4. Now let's install requirement dependancy.\n\n```sh\npkg install -y \\\n build-essential \\\n binutils \\\n pkg-config \\\n python3 \\\n nodejs-lts\nnpm config set python python3\nnode -v\n```\n\nyou will get Node version `v22`\n\n5. Now install code-server following our guide on [installing with npm](./npm.md)\n\n6. Congratulation code-server is installed on your device using the following command.\n\n```sh\ncode-server --auth none\n```\n\n7. If already installed then use the following command for upgradation.\n\n```\nnpm update --global code-server\n```\n\n## Upgrade\n\n1. Remove all previous installs `rm -rf ~/.local/lib/code-server-*`\n2. Run the install script again `curl -fsSL https://code-server.dev/install.sh | sh`\n\n## Known Issues\n\n### Git won't work in `/sdcard`\n\nIssue : Using git in the `/sdcard` directory will fail during cloning/commit/staging/etc...\\\nFix : None\\\nPotential Workaround :\n\n1. Create a soft-link from the debian-fs to your folder in `/sdcard`\n2. Use git from termux (preferred)\n\n### Many extensions including language packs fail to install\n\nIssue: Android is not seen as a Linux environment but as a separate, unsupported platform, so code-server only allows [Web Extensions](https://code.visualstudio.com/api/extension-guides/web-extensions), refusing to download extensions that run on the server.\\\nFix: None\\\nPotential workarounds :\n\nEither\n\n- Manually download extensions as `.vsix` file and install them via `Extensions: Install from VSIX...` in the Command Palette.\n\n- Use an override to pretend the platform is Linux:\n\nCreate a JS script that patches `process.platform`:\n\n```js\n// android-as-linux.js\nObject.defineProperty(process, \"platform\", {\n get() {\n return \"linux\"\n },\n})\n```\n\nThen use Node's `--require` option to make sure it is loaded before `code-server` starts:\n\n```sh\nNODE_OPTIONS=\"--require /path/to/android-as-linux.js\" code-server\n```\n\nā ļø Note that Android and Linux are not 100% compatible, so use these workarounds at your own risk. Extensions that have native dependencies other than Node or that directly interact with the OS might cause issues.\n\n## Extra\n\n### Keyboard Shortcuts and Tab Key\n\nIn order to support the tab key and use keyboard shortcuts, add this to your\nsettings.json:\n\n```json\n{\n \"keyboard.dispatch\": \"keyCode\"\n}\n```\n\n### Create a new user\n\nTo create a new user follow these simple steps -\n\n1. Create a new user by running `useradd -m`.\n2. Change the password by running `passwd `.\n3. Give your new user sudo access by running `visudo`, scroll down to `User privilege specification` and add the following line after root `username ALL=(ALL:ALL) ALL`.\n4. Now edit the `/etc/passwd` file with your command line editor of choice and at the end of the line that specifies your user change `/bin/sh` to `/bin/bash`.\n5. Now switch users by running `su - `\n\n- Remember the `-` betweeen `su` and username is required to execute `/etc/profile`,\\\n since `/etc/profile` may have some necessary things to be executed you should always add a `-`.\n\n### Install Go\n\n> From https://golang.org/doc/install\n\n1. Go to https://golang.org/dl/ and copy the download link for `linux arm` and run the following:\n\n```bash\nwget download_link\n```\n\n2. Extract the downloaded archive. (This step will erase all previous GO installs, make sure to create a backup if you have previously installed GO)\n\n```bash\nrm -rf /usr/local/go && tar -C /usr/local -xzf archive_name\n```\n\n3. Run `nano /etc/profile` and add the following line `export PATH=$PATH:/usr/local/go/bin`.\n4. Now run `exit` (depending on if you have switched users or not, you may have to run `exit` multiple times to get to normal termux shell) and start Debian again.\n5. Check if your install was successful by running `go version`\n\n### Install Python\n\n> Run these commands as root\n\n1. Run the following commands to install required packages to build python:\n\n```bash\nsudo apt-get update\nsudo apt-get install make build-essential libssl-dev zlib1g-dev \\\n libbz2-dev libreadline-dev libsqlite3-dev wget curl llvm \\\n libncursesw5-dev xz-utils tk-dev libxml2-dev libxmlsec1-dev libffi-dev liblzma-dev\n```\n\n2. Install [pyenv](https://github.com/pyenv/pyenv/) from [pyenv-installer](https://github.com/pyenv/pyenv-installer) by running:\n\n```bash\ncurl -L https://github.com/pyenv/pyenv-installer/raw/master/bin/pyenv-installer | bash\n```\n\n3. Run `nano /etc/profile` and add the following:\n\n```bash\nexport PYENV_ROOT=\"/root/.pyenv\"\nexport PATH=\"/root/.pyenv/bin:$PATH\"\neval \"$(pyenv init --path)\"\neval \"$(pyenv virtualenv-init -)\"\n```\n\n4. Exit and start Debian again.\n5. Run `pyenv versions` to list all installable versions.\n6. Run `pyenv install version` to install the desired python version.\n > The build process may take some time (an hour or 2 depending on your device).\n7. Run `touch /root/.pyenv/version && echo \"your_version_here\" > /root/.pyenv/version`\n8. (You may have to start Debian again) Run `python3 -V` to verify if PATH works or not.\n > If `python3` doesn't work but pyenv says that the install was successful in step 6 then try running `$PYENV_ROOT/versions/your_version/bin/python3`.\n"
},
{
"path": "docs/triage.md",
"content": "# Triage\n\nTriaging code-server issues is done with the following issue filter:\n\n```text\nis:issue is:open no:project sort:created-asc -label:blocked -label:upstream -label:waiting-for-info -label:extension-request\n```\n\nThis will show issues that:\n\n1. Are open.\n1. Have no assigned project.\n1. Are not `blocked` or tagged for work by `upstream` (the VS Code core team).\n If an upstream issue is detrimental to the code-server experience we may fix\n it in our patch instead of waiting for the VS Code team to fix it. Someone\n should periodically go through these issues to see if they can be unblocked!\n1. Are not labeled `waiting-for-info`.\n1. Are not extension requests.\n\n## Triage process\n\n1. If an issue is a question/discussion, it should be converted into a GitHub\n discussion.\n1. Otherwise, give the issue the appropriate labels (feel free to create new\n ones if necessary). There are no hard and set rules for labels. We don't have\n many so look through and see how they've been used throughout the repository.\n They all also have descriptions.\n1. If more information is required, please ask the submitter and tag as\n `waiting-for-info` and wait.\n1. Finally, the issue should be moved into the\n [code-server](https://github.com/coder/code-server/projects/1) project where we\n pick out issues to fix and track their progress.\n\nWe also use [milestones](https://github.com/coder/code-server/milestones) to track\nwhat issues are planned/or were closed for what release.\n"
},
{
"path": "docs/upgrade.md",
"content": "# Upgrade\n\nTo upgrade code-server, install the new version over the old version. All user\ndata is in `~/.local/share/code-server`, so they are preserved between\ninstallations.\n"
},
{
"path": "eslint.config.mjs",
"content": "import { fixupConfigRules } from \"@eslint/compat\"\nimport globals from \"globals\"\nimport tsParser from \"@typescript-eslint/parser\"\nimport path from \"node:path\"\nimport { fileURLToPath } from \"node:url\"\nimport js from \"@eslint/js\"\nimport { FlatCompat } from \"@eslint/eslintrc\"\n\nconst __filename = fileURLToPath(import.meta.url)\nconst __dirname = path.dirname(__filename)\nconst compat = new FlatCompat({\n baseDirectory: __dirname,\n recommendedConfig: js.configs.recommended,\n allConfig: js.configs.all,\n})\n\nexport default [\n ...fixupConfigRules(\n compat.extends(\n \"eslint:recommended\",\n \"plugin:@typescript-eslint/recommended\",\n \"plugin:import/recommended\",\n \"plugin:import/typescript\",\n \"plugin:prettier/recommended\",\n \"prettier\",\n ),\n ),\n {\n languageOptions: {\n globals: {\n ...globals.browser,\n ...globals.jest,\n ...globals.node,\n },\n\n parser: tsParser,\n ecmaVersion: 2018,\n sourceType: \"module\",\n },\n\n settings: {\n \"import/resolver\": {\n typescript: {\n alwaysTryTypes: true,\n },\n },\n },\n\n rules: {\n \"@typescript-eslint/no-unused-vars\": [\n \"error\",\n {\n args: \"none\",\n },\n ],\n\n \"no-dupe-class-members\": \"off\",\n \"@typescript-eslint/no-use-before-define\": \"off\",\n \"@typescript-eslint/no-non-null-assertion\": \"off\",\n \"@typescript-eslint/ban-types\": \"off\",\n \"@typescript-eslint/no-var-requires\": \"off\",\n \"@typescript-eslint/explicit-module-boundary-types\": \"off\",\n \"@typescript-eslint/no-explicit-any\": \"off\",\n \"@typescript-eslint/no-extra-semi\": \"off\",\n \"@typescript-eslint/no-require-imports\": \"off\",\n \"@typescript-eslint/no-unused-vars\": \"off\", // TODO: Fix these.\n \"@typescript-eslint/no-empty-object-type\": \"off\",\n eqeqeq: \"error\",\n\n \"import/order\": [\n \"error\",\n {\n alphabetize: {\n order: \"asc\",\n },\n\n groups: [[\"builtin\", \"external\", \"internal\"], \"parent\", \"sibling\"],\n },\n ],\n\n \"no-async-promise-executor\": \"off\",\n },\n },\n]\n"
},
{
"path": "flake.nix",
"content": "{\n description = \"code-server\";\n\n inputs = {\n nixpkgs.url = \"github:nixos/nixpkgs/nixos-unstable-small\";\n flake-utils.url = \"github:numtide/flake-utils\";\n };\n\n outputs = { self, nixpkgs, flake-utils }:\n flake-utils.lib.eachDefaultSystem\n (system:\n let pkgs = nixpkgs.legacyPackages.${system};\n nodejs = pkgs.nodejs_22;\n in {\n devShells.default = pkgs.mkShell {\n nativeBuildInputs = with pkgs; [\n imagemagick\n nodejs\n python3\n pkg-config\n git\n rsync\n jq\n moreutils\n quilt\n bats\n openssl\n ];\n buildInputs = with pkgs; (lib.optionals (!stdenv.isDarwin) [ libsecret libkrb5 ]\n ++ (with xorg; [ libX11 libxkbfile ])\n ++ lib.optionals stdenv.isDarwin (with pkgs.darwin.apple_sdk.frameworks; [\n AppKit Cocoa CoreServices Security xcbuild\n ]));\n };\n }\n );\n}\n"
},
{
"path": "install.sh",
"content": "#!/bin/sh\nset -eu\n\n# code-server's automatic install script.\n# See https://coder.com/docs/code-server/latest/install\n\nusage() {\n arg0=\"$0\"\n if [ \"$0\" = sh ]; then\n arg0=\"curl -fsSL https://code-server.dev/install.sh | sh -s --\"\n else\n not_curl_usage=\"The latest script is available at https://code-server.dev/install.sh\n\"\n fi\n\n cath << EOF\nInstalls code-server.\nIt tries to use the system package manager if possible.\nAfter successful installation it explains how to start using code-server.\n\nPass in user@host to install code-server on user@host over ssh.\nThe remote host must have internet access.\n${not_curl_usage-}\nUsage:\n\n $arg0 [--dry-run] [--version X.X.X] [--edge] [--method detect] \\\n [--prefix ~/.local] [--rsh ssh] [user@host]\n\n --dry-run\n Echo the commands for the install process without running them.\n\n --version X.X.X\n Install a specific version instead of the latest.\n\n --edge\n Install the latest edge version instead of the latest stable version.\n\n --method [detect | standalone]\n Choose the installation method. Defaults to detect.\n - detect detects the system package manager and tries to use it.\n Full reference on the process is further below.\n - standalone installs a standalone release archive into ~/.local\n Add ~/.local/bin to your \\$PATH to use it.\n\n --prefix \n Sets the prefix used by standalone release archives. Defaults to ~/.local\n The release is unarchived into ~/.local/lib/code-server-X.X.X\n and the binary symlinked into ~/.local/bin/code-server\n To install system wide pass --prefix=/usr/local\n\n --rsh \n Specifies the remote shell for remote installation. Defaults to ssh.\n\nThe detection method works as follows:\n - Debian, Ubuntu, Raspbian: install the deb package from GitHub.\n - Fedora, CentOS, RHEL, openSUSE: install the rpm package from GitHub.\n - Arch Linux: install from the AUR (which pulls releases from GitHub).\n - FreeBSD, Alpine: install from npm.\n - macOS: install using Homebrew if installed otherwise install from GitHub.\n - All others: install the release from GitHub.\n\nWe only build releases on GitHub for amd64 and arm64 on Linux and amd64 for\nmacOS. When the detection method tries to pull a release from GitHub it will\nfall back to installing from npm when there is no matching release for the\nsystem's operating system and architecture.\n\nThe standalone method will force installion using GitHub releases. It will not\nfall back to npm so on architectures without pre-built releases this will error.\n\nThe installer will cache all downloaded assets into ~/.cache/code-server\n\nMore installation docs are at https://coder.com/docs/code-server/latest/install\nEOF\n}\n\necho_latest_version() {\n if [ \"${EDGE-}\" ]; then\n version=\"$(curl -fsSL https://api.github.com/repos/coder/code-server/releases | awk 'match($0,/.*\"html_url\": \"(.*\\/releases\\/tag\\/.*)\".*/)' | head -n 1 | awk -F '\"' '{print $4}')\"\n else\n # https://gist.github.com/lukechilds/a83e1d7127b78fef38c2914c4ececc3c#gistcomment-2758860\n version=\"$(curl -fsSLI -o /dev/null -w \"%{url_effective}\" https://github.com/coder/code-server/releases/latest)\"\n fi\n version=\"${version#https://github.com/coder/code-server/releases/tag/}\"\n version=\"${version#v}\"\n echo \"$version\"\n}\n\necho_npm_postinstall() {\n echoh\n cath << EOF\nnpm package has been installed.\n\nExtend your path to use code-server:\n PATH=\"$NPM_BIN_DIR:\\$PATH\"\nThen run with:\n code-server\nEOF\n}\n\necho_standalone_postinstall() {\n echoh\n cath << EOF\nStandalone release has been installed into $STANDALONE_INSTALL_PREFIX/lib/code-server-$VERSION\n\nExtend your path to use code-server:\n PATH=\"$STANDALONE_INSTALL_PREFIX/bin:\\$PATH\"\nThen run with:\n code-server\nEOF\n}\n\necho_brew_postinstall() {\n echoh\n cath << EOF\nBrew release has been installed.\n\nRun with:\n code-server\nEOF\n}\n\necho_systemd_postinstall() {\n echoh\n cath << EOF\n$1 package has been installed.\n\nTo have systemd start code-server now and restart on boot:\n sudo systemctl enable --now code-server@\\$USER\nOr, if you don't want/need a background service you can run:\n code-server\nEOF\n}\n\necho_coder_postinstall() {\n echoh\n echoh \"Deploy code-server for your team with Coder: https://github.com/coder/coder\"\n}\n\nmain() {\n if [ \"${TRACE-}\" ]; then\n set -x\n fi\n\n unset \\\n DRY_RUN \\\n METHOD \\\n OPTIONAL \\\n ALL_FLAGS \\\n RSH_ARGS \\\n EDGE \\\n RSH\n\n ALL_FLAGS=\"\"\n while [ \"$#\" -gt 0 ]; do\n case \"$1\" in\n -*)\n ALL_FLAGS=\"${ALL_FLAGS} $1\"\n ;;\n esac\n\n case \"$1\" in\n --dry-run)\n DRY_RUN=1\n ;;\n --method)\n METHOD=\"$(parse_arg \"$@\")\"\n shift\n ;;\n --method=*)\n METHOD=\"$(parse_arg \"$@\")\"\n ;;\n --prefix)\n STANDALONE_INSTALL_PREFIX=\"$(parse_arg \"$@\")\"\n shift\n ;;\n --prefix=*)\n STANDALONE_INSTALL_PREFIX=\"$(parse_arg \"$@\")\"\n ;;\n --version)\n VERSION=\"$(parse_arg \"$@\")\"\n shift\n ;;\n --version=*)\n VERSION=\"$(parse_arg \"$@\")\"\n ;;\n --edge)\n EDGE=1\n ;;\n --rsh)\n RSH=\"$(parse_arg \"$@\")\"\n shift\n ;;\n --rsh=*)\n RSH=\"$(parse_arg \"$@\")\"\n ;;\n -h | --h | -help | --help)\n usage\n exit 0\n ;;\n --)\n shift\n # We remove the -- added above.\n ALL_FLAGS=\"${ALL_FLAGS% --}\"\n RSH_ARGS=\"$*\"\n break\n ;;\n -*)\n echoerr \"Unknown flag $1\"\n echoerr \"Run with --help to see usage.\"\n exit 1\n ;;\n *)\n RSH_ARGS=\"$*\"\n break\n ;;\n esac\n\n shift\n done\n\n if [ \"${RSH_ARGS-}\" ]; then\n RSH=\"${RSH-ssh}\"\n echoh \"Installing remotely with $RSH $RSH_ARGS\"\n curl -fsSL https://code-server.dev/install.sh | prefix \"$RSH_ARGS\" \"$RSH\" \"$RSH_ARGS\" sh -s -- \"$ALL_FLAGS\"\n return\n fi\n\n METHOD=\"${METHOD-detect}\"\n if [ \"$METHOD\" != detect ] && [ \"$METHOD\" != standalone ]; then\n echoerr \"Unknown install method \\\"$METHOD\\\"\"\n echoerr \"Run with --help to see usage.\"\n exit 1\n fi\n\n # These are used by the various install_* functions that make use of GitHub\n # releases in order to download and unpack the right release.\n CACHE_DIR=$(echo_cache_dir)\n STANDALONE_INSTALL_PREFIX=${STANDALONE_INSTALL_PREFIX:-$HOME/.local}\n VERSION=${VERSION:-$(echo_latest_version)}\n # These can be overridden for testing but shouldn't normally be used as it can\n # result in a broken code-server.\n OS=${OS:-$(os)}\n ARCH=${ARCH:-$(arch)}\n\n distro_name\n\n # Standalone installs by pulling pre-built releases from GitHub.\n if [ \"$METHOD\" = standalone ]; then\n if has_standalone; then\n install_standalone\n echo_coder_postinstall\n exit 0\n else\n echoerr \"There are no standalone releases for $ARCH\"\n echoerr \"Please try again without '--method standalone'\"\n exit 1\n fi\n fi\n\n # DISTRO can be overridden for testing but shouldn't normally be used as it\n # can result in a broken code-server.\n DISTRO=${DISTRO:-$(distro)}\n\n case $DISTRO in\n # macOS uses brew when available and falls back to standalone. We only have\n # amd64 for macOS so for anything else use npm.\n macos)\n BREW_PATH=\"${BREW_PATH-brew}\"\n if command_exists \"$BREW_PATH\"; then\n install_brew\n else\n echoh \"Homebrew not installed.\"\n echoh \"Falling back to standalone installation.\"\n npm_fallback install_standalone\n fi\n ;;\n # The .deb and .rpm files are pulled from GitHub and we only have amd64 and\n # arm64 there and need to fall back to npm otherwise.\n debian) npm_fallback install_deb ;;\n fedora | opensuse) npm_fallback install_rpm ;;\n # Arch uses the AUR package which only supports amd64 and arm64 since it\n # pulls releases from GitHub so we need to fall back to npm.\n arch) npm_fallback install_aur ;;\n # We don't have GitHub releases that work on Alpine or FreeBSD so we have no\n # choice but to use npm here.\n alpine | freebsd) install_npm ;;\n # For anything else we'll try to install standalone but fall back to npm if\n # we don't have releases for the architecture.\n *)\n echoh \"Unsupported package manager.\"\n echoh \"Falling back to standalone installation.\"\n npm_fallback install_standalone\n ;;\n esac\n\n echo_coder_postinstall\n}\n\nparse_arg() {\n case \"$1\" in\n *=*)\n # Remove everything after first equal sign.\n opt=\"${1%%=*}\"\n # Remove everything before first equal sign.\n optarg=\"${1#*=}\"\n if [ ! \"$optarg\" ] && [ ! \"${OPTIONAL-}\" ]; then\n echoerr \"$opt requires an argument\"\n echoerr \"Run with --help to see usage.\"\n exit 1\n fi\n echo \"$optarg\"\n return\n ;;\n esac\n\n case \"${2-}\" in\n \"\" | -*)\n if [ ! \"${OPTIONAL-}\" ]; then\n echoerr \"$1 requires an argument\"\n echoerr \"Run with --help to see usage.\"\n exit 1\n fi\n ;;\n *)\n echo \"$2\"\n return\n ;;\n esac\n}\n\nfetch() {\n URL=\"$1\"\n FILE=\"$2\"\n\n if [ -e \"$FILE\" ]; then\n echoh \"+ Reusing $FILE\"\n return\n fi\n\n sh_c mkdir -p \"$CACHE_DIR\"\n sh_c curl \\\n -#fL \\\n -o \"$FILE.incomplete\" \\\n -C - \\\n \"$URL\"\n sh_c mv \"$FILE.incomplete\" \"$FILE\"\n}\n\ninstall_brew() {\n echoh \"Installing latest from Homebrew.\"\n echoh\n\n sh_c \"$BREW_PATH\" install code-server\n\n echo_brew_postinstall\n}\n\ninstall_deb() {\n echoh \"Installing v$VERSION of the $ARCH deb package from GitHub.\"\n echoh\n\n fetch \"https://github.com/coder/code-server/releases/download/v$VERSION/code-server_${VERSION}_$ARCH.deb\" \\\n \"$CACHE_DIR/code-server_${VERSION}_$ARCH.deb\"\n sudo_sh_c dpkg -i \"$CACHE_DIR/code-server_${VERSION}_$ARCH.deb\"\n\n echo_systemd_postinstall deb\n}\n\ninstall_rpm() {\n echoh \"Installing v$VERSION of the $ARCH rpm package from GitHub.\"\n echoh\n\n fetch \"https://github.com/coder/code-server/releases/download/v$VERSION/code-server-$VERSION-$ARCH.rpm\" \\\n \"$CACHE_DIR/code-server-$VERSION-$ARCH.rpm\"\n sudo_sh_c rpm -U \"$CACHE_DIR/code-server-$VERSION-$ARCH.rpm\"\n\n echo_systemd_postinstall rpm\n}\n\ninstall_aur() {\n echoh \"Installing latest from the AUR.\"\n echoh\n\n sh_c mkdir -p \"$CACHE_DIR/code-server-aur\"\n sh_c \"curl -#fsSL https://aur.archlinux.org/cgit/aur.git/snapshot/code-server.tar.gz | tar -xzC $CACHE_DIR/code-server-aur --strip-components 1\"\n echo \"+ cd $CACHE_DIR/code-server-aur\"\n if [ ! \"${DRY_RUN-}\" ]; then\n cd \"$CACHE_DIR/code-server-aur\"\n fi\n sh_c makepkg -si --noconfirm\n\n echo_systemd_postinstall AUR\n}\n\ninstall_standalone() {\n echoh \"Installing v$VERSION of the $ARCH release from GitHub.\"\n echoh\n\n fetch \"https://github.com/coder/code-server/releases/download/v$VERSION/code-server-$VERSION-$OS-$ARCH.tar.gz\" \\\n \"$CACHE_DIR/code-server-$VERSION-$OS-$ARCH.tar.gz\"\n\n # -w only works if the directory exists so try creating it first. If this\n # fails we can ignore the error as the -w check will then swap us to sudo.\n sh_c mkdir -p \"$STANDALONE_INSTALL_PREFIX\" 2> /dev/null || true\n\n sh_c=\"sh_c\"\n if [ ! -w \"$STANDALONE_INSTALL_PREFIX\" ]; then\n sh_c=\"sudo_sh_c\"\n fi\n\n if [ -e \"$STANDALONE_INSTALL_PREFIX/lib/code-server-$VERSION\" ]; then\n echoh\n echoh \"code-server-$VERSION is already installed at $STANDALONE_INSTALL_PREFIX/lib/code-server-$VERSION\"\n echoh \"Remove it to reinstall.\"\n exit 0\n fi\n\n \"$sh_c\" mkdir -p \"$STANDALONE_INSTALL_PREFIX/lib\" \"$STANDALONE_INSTALL_PREFIX/bin\"\n \"$sh_c\" tar -C \"$STANDALONE_INSTALL_PREFIX/lib\" -xzf \"$CACHE_DIR/code-server-$VERSION-$OS-$ARCH.tar.gz\"\n \"$sh_c\" mv -f \"$STANDALONE_INSTALL_PREFIX/lib/code-server-$VERSION-$OS-$ARCH\" \"$STANDALONE_INSTALL_PREFIX/lib/code-server-$VERSION\"\n \"$sh_c\" ln -fs \"$STANDALONE_INSTALL_PREFIX/lib/code-server-$VERSION/bin/code-server\" \"$STANDALONE_INSTALL_PREFIX/bin/code-server\"\n\n echo_standalone_postinstall\n}\n\ninstall_npm() {\n echoh \"Installing v$VERSION from npm.\"\n echoh\n\n NPM_PATH=\"${YARN_PATH-npm}\"\n\n if command_exists \"$NPM_PATH\"; then\n sh_c=\"sh_c\"\n if [ ! \"${DRY_RUN-}\" ] && [ ! -w \"$(NPM_PATH config get prefix)\" ]; then\n sh_c=\"sudo_sh_c\"\n fi\n echoh \"Installing with npm.\"\n echoh\n \"$sh_c\" \"$NPM_PATH\" install -g \"code-server@$VERSION\" --unsafe-perm\n NPM_BIN_DIR=\"\\$($NPM_PATH bin -g)\" echo_npm_postinstall\n return\n fi\n echoerr \"Please install npm to install code-server!\"\n echoerr \"You will need at least node v20 and a few C dependencies.\"\n echoerr \"See the docs https://coder.com/docs/code-server/latest/install#npm\"\n\n exit 1\n}\n\n# Run $1 if we have a standalone otherwise run install_npm.\nnpm_fallback() {\n if has_standalone; then\n $1\n else\n echoh \"No standalone releases for $ARCH.\"\n echoh \"Falling back to installation from npm.\"\n install_npm\n fi\n}\n\n# Determine if we have standalone releases on GitHub for the system's arch.\nhas_standalone() {\n case $ARCH in\n arm64) return 0 ;;\n # We only have arm64 for macOS.\n amd64)\n [ \"$(distro)\" != macos ]\n return\n ;;\n *) return 1 ;;\n esac\n}\n\nos() {\n uname=\"$(uname)\"\n case $uname in\n Linux) echo linux ;;\n Darwin) echo macos ;;\n FreeBSD) echo freebsd ;;\n *) echo \"$uname\" ;;\n esac\n}\n\n# Print the detected Linux distro, otherwise print the OS name.\n#\n# Example outputs:\n# - macos -> macos\n# - freebsd -> freebsd\n# - ubuntu, raspbian, debian ... -> debian\n# - amzn, centos, rhel, fedora, ... -> fedora\n# - opensuse-{leap,tumbleweed} -> opensuse\n# - alpine -> alpine\n# - arch, manjaro, endeavouros, ... -> arch\n#\n# Inspired by https://github.com/docker/docker-install/blob/26ff363bcf3b3f5a00498ac43694bf1c7d9ce16c/install.sh#L111-L120.\ndistro() {\n if [ \"$OS\" = \"macos\" ] || [ \"$OS\" = \"freebsd\" ]; then\n echo \"$OS\"\n return\n fi\n\n if [ -f /etc/os-release ]; then\n (\n . /etc/os-release\n if [ \"${ID_LIKE-}\" ]; then\n for id_like in $ID_LIKE; do\n case \"$id_like\" in debian | fedora | opensuse | arch)\n echo \"$id_like\"\n return\n ;;\n esac\n done\n fi\n\n echo \"$ID\"\n )\n return\n fi\n}\n\n# Print a human-readable name for the OS/distro.\ndistro_name() {\n if [ \"$(uname)\" = \"Darwin\" ]; then\n echo \"macOS v$(sw_vers -productVersion)\"\n return\n fi\n\n if [ -f /etc/os-release ]; then\n (\n . /etc/os-release\n echo \"$PRETTY_NAME\"\n )\n return\n fi\n\n # Prints something like: Linux 4.19.0-9-amd64\n uname -sr\n}\n\narch() {\n uname_m=$(uname -m)\n case $uname_m in\n aarch64) echo arm64 ;;\n x86_64) echo amd64 ;;\n *) echo \"$uname_m\" ;;\n esac\n}\n\ncommand_exists() {\n if [ ! \"$1\" ]; then return 1; fi\n command -v \"$@\" > /dev/null\n}\n\nsh_c() {\n echoh \"+ $*\"\n if [ ! \"${DRY_RUN-}\" ]; then\n sh -c \"$*\"\n fi\n}\n\nsudo_sh_c() {\n if [ \"$(id -u)\" = 0 ]; then\n sh_c \"$@\"\n elif command_exists doas; then\n sh_c \"doas $*\"\n elif command_exists sudo; then\n sh_c \"sudo $*\"\n elif command_exists su; then\n sh_c \"su root -c '$*'\"\n else\n echoh\n echoerr \"This script needs to run the following command as root.\"\n echoerr \" $*\"\n echoerr \"Please install doas, sudo, or su.\"\n exit 1\n fi\n}\n\necho_cache_dir() {\n if [ \"${XDG_CACHE_HOME-}\" ]; then\n echo \"$XDG_CACHE_HOME/code-server\"\n elif [ \"${HOME-}\" ]; then\n echo \"$HOME/.cache/code-server\"\n else\n echo \"/tmp/code-server-cache\"\n fi\n}\n\nechoh() {\n echo \"$@\" | humanpath\n}\n\ncath() {\n humanpath\n}\n\nechoerr() {\n echoh \"$@\" >&2\n}\n\n# humanpath replaces all occurrences of \" $HOME\" with \" ~\"\n# and all occurrences of '\"$HOME' with the literal '\"$HOME'.\nhumanpath() {\n sed \"s# $HOME# ~#g; s#\\\"$HOME#\\\"\\$HOME#g\"\n}\n\n# We need to make sure we exit with a non zero exit if the command fails.\n# /bin/sh does not support -o pipefail unfortunately.\nprefix() {\n PREFIX=\"$1\"\n shift\n fifo=\"$(mktemp -d)/fifo\"\n mkfifo \"$fifo\"\n sed -e \"s#^#$PREFIX: #\" \"$fifo\" &\n \"$@\" > \"$fifo\" 2>&1\n}\n\nmain \"$@\"\n"
},
{
"path": "package.json",
"content": "{\n \"name\": \"code-server\",\n \"license\": \"MIT\",\n \"version\": \"0.0.0\",\n \"description\": \"Run VS Code on a remote server.\",\n \"homepage\": \"https://github.com/coder/code-server\",\n \"bugs\": {\n \"url\": \"https://github.com/coder/code-server/issues\"\n },\n \"repository\": \"https://github.com/coder/code-server\",\n \"scripts\": {\n \"clean\": \"./ci/build/clean.sh\",\n \"build\": \"./ci/build/build-code-server.sh\",\n \"build:vscode\": \"./ci/build/build-vscode.sh\",\n \"doctoc\": \"./ci/dev/doctoc.sh\",\n \"release\": \"./ci/build/build-release.sh\",\n \"release:standalone\": \"./ci/build/build-standalone-release.sh\",\n \"release:prep\": \"./ci/build/release-prep.sh\",\n \"test:e2e\": \"VSCODE_IPC_HOOK_CLI= ./ci/dev/test-e2e.sh\",\n \"test:e2e:proxy\": \"USE_PROXY=1 ./ci/dev/test-e2e.sh\",\n \"test:unit\": \"./ci/dev/test-unit.sh --forceExit --detectOpenHandles\",\n \"test:integration\": \"./ci/dev/test-integration.sh\",\n \"test:native\": \"./ci/dev/test-native.sh\",\n \"test:scripts\": \"./ci/dev/test-scripts.sh\",\n \"package\": \"./ci/build/build-packages.sh\",\n \"prettier\": \"prettier --write --log-level=warn --cache .\",\n \"preinstall\": \"node ./ci/dev/preinstall.js\",\n \"postinstall\": \"./ci/dev/postinstall.sh\",\n \"publish:npm\": \"./ci/steps/publish-npm.sh\",\n \"publish:docker\": \"./ci/steps/docker-buildx-push.sh\",\n \"fmt\": \"npm run prettier && ./ci/dev/doctoc.sh\",\n \"lint:scripts\": \"./ci/dev/lint-scripts.sh\",\n \"lint:ts\": \"eslint --max-warnings=0 --fix $(git ls-files '*.ts' '*.js' | grep -v 'lib/vscode')\",\n \"test\": \"echo 'Run npm run test:unit or npm run test:e2e' && exit 1\",\n \"watch\": \"VSCODE_DEV=1 VSCODE_IPC_HOOK_CLI= NODE_OPTIONS='--max_old_space_size=32384 --trace-warnings' ts-node ./ci/dev/watch.ts\",\n \"icons\": \"./ci/dev/gen_icons.sh\"\n },\n \"main\": \"out/node/entry.js\",\n \"devDependencies\": {\n \"@eslint/compat\": \"^1.2.0\",\n \"@eslint/eslintrc\": \"^3.1.0\",\n \"@eslint/js\": \"^9.12.0\",\n \"@schemastore/package\": \"^0.0.10\",\n \"@types/compression\": \"^1.7.3\",\n \"@types/cookie-parser\": \"^1.4.4\",\n \"@types/eslint__js\": \"^8.42.3\",\n \"@types/express\": \"^5.0.0\",\n \"@types/http-proxy\": \"1.17.7\",\n \"@types/js-yaml\": \"^4.0.6\",\n \"@types/node\": \"22.x\",\n \"@types/pem\": \"^1.14.1\",\n \"@types/proxy-from-env\": \"^1.0.1\",\n \"@types/safe-compare\": \"^1.1.0\",\n \"@types/semver\": \"^7.5.2\",\n \"@types/trusted-types\": \"^2.0.4\",\n \"@types/ws\": \"^8.5.5\",\n \"doctoc\": \"^2.2.1\",\n \"eslint\": \"^9.12.0\",\n \"eslint-config-prettier\": \"^10.1.8\",\n \"eslint-import-resolver-typescript\": \"^4.4.4\",\n \"eslint-plugin-import\": \"^2.28.1\",\n \"eslint-plugin-prettier\": \"^5.0.0\",\n \"globals\": \"^16.1.0\",\n \"prettier\": \"3.6.2\",\n \"prettier-plugin-sh\": \"^0.18.0\",\n \"ts-node\": \"^10.9.1\",\n \"typescript\": \"^5.6.2\",\n \"typescript-eslint\": \"^8.8.0\"\n },\n \"dependencies\": {\n \"@coder/logger\": \"^3.0.1\",\n \"argon2\": \"^0.44.0\",\n \"compression\": \"^1.7.4\",\n \"cookie-parser\": \"^1.4.6\",\n \"env-paths\": \"^2.2.1\",\n \"express\": \"^5.0.1\",\n \"http-proxy\": \"^1.18.1\",\n \"httpolyglot\": \"^0.1.2\",\n \"i18next\": \"^25.8.3\",\n \"js-yaml\": \"^4.1.0\",\n \"limiter\": \"^2.1.0\",\n \"pem\": \"^1.14.8\",\n \"proxy-agent\": \"^6.3.1\",\n \"qs\": \"^6.15.0\",\n \"rotating-file-stream\": \"^3.1.1\",\n \"safe-compare\": \"^1.1.4\",\n \"semver\": \"^7.5.4\",\n \"ws\": \"^8.14.2\",\n \"xdg-basedir\": \"^4.0.0\"\n },\n \"resolutions\": {\n \"@types/node\": \"22.x\"\n },\n \"bin\": {\n \"code-server\": \"out/node/entry.js\"\n },\n \"keywords\": [\n \"vscode\",\n \"development\",\n \"ide\",\n \"coder\",\n \"vscode-remote\",\n \"browser-ide\",\n \"remote-development\"\n ],\n \"engines\": {\n \"node\": \"22\"\n },\n \"jest\": {\n \"transform\": {\n \"^.+\\\\.ts$\": \"/test/node_modules/ts-jest\"\n },\n \"testEnvironment\": \"node\",\n \"testPathIgnorePatterns\": [\n \"/node_modules/\",\n \"/lib/\",\n \"/out/\",\n \"test/e2e\"\n ],\n \"collectCoverage\": true,\n \"collectCoverageFrom\": [\n \"/src/**/*.ts\"\n ],\n \"coverageDirectory\": \"/coverage\",\n \"coverageReporters\": [\n \"json\",\n \"json-summary\",\n \"text\",\n \"clover\"\n ],\n \"coveragePathIgnorePatterns\": [\n \"/out\"\n ],\n \"coverageThreshold\": {\n \"global\": {\n \"lines\": 60\n }\n },\n \"modulePathIgnorePatterns\": [\n \"/release-packages\",\n \"/release\",\n \"/release-standalone\",\n \"/release-npm-package\",\n \"/release-gcp\",\n \"/release-images\",\n \"/lib\"\n ],\n \"moduleNameMapper\": {\n \"^.+\\\\.(css|less)$\": \"/test/utils/cssStub.ts\"\n },\n \"globalSetup\": \"/test/utils/globalUnitSetup.ts\"\n }\n}\n"
},
{
"path": "patches/base-path.diff",
"content": "Add base path support\n\nSome users will host code-server behind a path-rewriting reverse proxy, for\nexample domain.tld/my/base/path. This patch adds support for that since Code\nassumes everything is on / by default.\n\nTo test this serve code-server behind a reverse proxy with a path like /code.\n\nIndex: code-server/lib/vscode/src/vs/base/common/network.ts\n===================================================================\n--- code-server.orig/lib/vscode/src/vs/base/common/network.ts\n+++ code-server/lib/vscode/src/vs/base/common/network.ts\n@@ -245,7 +245,9 @@ class RemoteAuthoritiesImpl {\n \t\treturn URI.from({\n \t\t\tscheme: platform.isWeb ? this._preferredWebSchema : Schemas.vscodeRemoteResource,\n \t\t\tauthority: `${host}:${port}`,\n-\t\t\tpath: this._remoteResourcesPath,\n+\t\t\tpath: platform.isWeb\n+\t\t\t\t? (window.location.pathname + \"/\" + this._remoteResourcesPath).replace(/\\/\\/+/g, \"/\")\n+\t\t\t\t: this._remoteResourcesPath,\n \t\t\tquery\n \t\t});\n \t}\nIndex: code-server/lib/vscode/src/vs/code/browser/workbench/workbench-dev.html\n===================================================================\n--- code-server.orig/lib/vscode/src/vs/code/browser/workbench/workbench-dev.html\n+++ code-server/lib/vscode/src/vs/code/browser/workbench/workbench-dev.html\n@@ -11,8 +11,8 @@\n \t\t\n \t\t\n \t\t\n-\t\t\n-\t\t\n+\t\t\n+\t\t\n \n \t\t\n \t\t\n@@ -27,9 +27,9 @@\n \t\t\n \n \t\t\n-\t\t\n-\t\t\n-\t\t\n+\t\t\n+\t\t\n+\t\t\n \t\t\n \n \t\n@@ -39,7 +39,7 @@\n \n \t\n \t\n \t\n \t\n