From ee219a8b1731976ac19561941af2b44d3512c0ab Mon Sep 17 00:00:00 2001 From: ikkz Date: Sun, 17 May 2026 06:33:27 +0800 Subject: [PATCH 1/2] fix(git-clone): propagate pre/post-clone script failures (#891) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ## Description Fix git-clone module to fail fast when `pre_clone_script` or `post_clone_script` returns a non-zero exit code. Previously, both scripts were executed but their exit codes were never checked — a failing pre-clone hook (e.g., a prerequisite check that calls `exit 1`) was silently ignored and cloning continued. This broke the advertised "validate prerequisites before cloning" behavior and could leave workspaces starting with unmet preconditions. ## Type of Change - [ ] New module - [ ] New template - [x] Bug fix - [ ] Feature/enhancement - [ ] Documentation - [ ] Other ## Module Information **Path:** `registry/coder/modules/git-clone` **New version:** `v1.3.1` **Breaking change:** [ ] Yes [x] No ## Testing & Validation - [x] Tests pass (`bun test`) - [x] Code formatted (`bun fmt`) - [x] Changes tested locally ## Related Issues - https://github.com/coder/registry/pull/887#issuecomment-4413765491 - https://github.com/coder/registry/issues/60 - https://github.com/coder/registry/issues/86 --- registry/coder/modules/git-clone/README.md | 24 ++++++------- registry/coder/modules/git-clone/main.test.ts | 34 ++++++++++++++++++- registry/coder/modules/git-clone/run.sh | 2 ++ 3 files changed, 47 insertions(+), 13 deletions(-) diff --git a/registry/coder/modules/git-clone/README.md b/registry/coder/modules/git-clone/README.md index 9c61941c..3336770f 100644 --- a/registry/coder/modules/git-clone/README.md +++ b/registry/coder/modules/git-clone/README.md @@ -14,7 +14,7 @@ This module allows you to automatically clone a repository by URL and skip if it module "git-clone" { count = data.coder_workspace.me.start_count source = "registry.coder.com/coder/git-clone/coder" - version = "1.3.0" + version = "1.3.1" agent_id = coder_agent.example.id url = "https://github.com/coder/coder" } @@ -28,7 +28,7 @@ module "git-clone" { module "git-clone" { count = data.coder_workspace.me.start_count source = "registry.coder.com/coder/git-clone/coder" - version = "1.3.0" + version = "1.3.1" agent_id = coder_agent.example.id url = "https://github.com/coder/coder" base_dir = "~/projects/coder" @@ -43,7 +43,7 @@ To use with [Git Authentication](https://coder.com/docs/v2/latest/admin/git-prov module "git-clone" { count = data.coder_workspace.me.start_count source = "registry.coder.com/coder/git-clone/coder" - version = "1.3.0" + version = "1.3.1" agent_id = coder_agent.example.id url = "https://github.com/coder/coder" } @@ -70,7 +70,7 @@ data "coder_parameter" "git_repo" { module "git_clone" { count = data.coder_workspace.me.start_count source = "registry.coder.com/coder/git-clone/coder" - version = "1.3.0" + version = "1.3.1" agent_id = coder_agent.example.id url = data.coder_parameter.git_repo.value } @@ -105,7 +105,7 @@ Configuring `git-clone` for a self-hosted GitHub Enterprise Server running at `g module "git-clone" { count = data.coder_workspace.me.start_count source = "registry.coder.com/coder/git-clone/coder" - version = "1.3.0" + version = "1.3.1" agent_id = coder_agent.example.id url = "https://github.example.com/coder/coder/tree/feat/example" git_providers = { @@ -125,7 +125,7 @@ To GitLab clone with a specific branch like `feat/example` module "git-clone" { count = data.coder_workspace.me.start_count source = "registry.coder.com/coder/git-clone/coder" - version = "1.3.0" + version = "1.3.1" agent_id = coder_agent.example.id url = "https://gitlab.com/coder/coder/-/tree/feat/example" } @@ -137,7 +137,7 @@ Configuring `git-clone` for a self-hosted GitLab running at `gitlab.example.com` module "git-clone" { count = data.coder_workspace.me.start_count source = "registry.coder.com/coder/git-clone/coder" - version = "1.3.0" + version = "1.3.1" agent_id = coder_agent.example.id url = "https://gitlab.example.com/coder/coder/-/tree/feat/example" git_providers = { @@ -159,7 +159,7 @@ For example, to clone the `feat/example` branch: module "git-clone" { count = data.coder_workspace.me.start_count source = "registry.coder.com/coder/git-clone/coder" - version = "1.3.0" + version = "1.3.1" agent_id = coder_agent.example.id url = "https://github.com/coder/coder" branch_name = "feat/example" @@ -177,7 +177,7 @@ For example, this will clone into the `~/projects/coder/coder-dev` folder: module "git-clone" { count = data.coder_workspace.me.start_count source = "registry.coder.com/coder/git-clone/coder" - version = "1.3.0" + version = "1.3.1" agent_id = coder_agent.example.id url = "https://github.com/coder/coder" folder_name = "coder-dev" @@ -196,7 +196,7 @@ If not defined, the default, `0`, performs a full clone. module "git-clone" { count = data.coder_workspace.me.start_count source = "registry.coder.com/coder/git-clone/coder" - version = "1.3.0" + version = "1.3.1" agent_id = coder_agent.example.id url = "https://github.com/coder/coder" depth = 1 @@ -212,7 +212,7 @@ This is useful for preparing the environment or validating prerequisites before module "git-clone" { count = data.coder_workspace.me.start_count source = "registry.coder.com/coder/git-clone/coder" - version = "1.3.0" + version = "1.3.1" agent_id = coder_agent.example.id url = "https://github.com/coder/coder" pre_clone_script = <<-EOT @@ -235,7 +235,7 @@ This is useful for running initialization tasks like installing dependencies or module "git-clone" { count = data.coder_workspace.me.start_count source = "registry.coder.com/coder/git-clone/coder" - version = "1.3.0" + version = "1.3.1" agent_id = coder_agent.example.id url = "https://github.com/coder/coder" post_clone_script = <<-EOT diff --git a/registry/coder/modules/git-clone/main.test.ts b/registry/coder/modules/git-clone/main.test.ts index 922f4028..af900eef 100644 --- a/registry/coder/modules/git-clone/main.test.ts +++ b/registry/coder/modules/git-clone/main.test.ts @@ -250,13 +250,14 @@ describe("git-clone", async () => { const state = await runTerraformApply(import.meta.dir, { agent_id: "foo", url: "fake-url", + base_dir: "/tmp", post_clone_script: "echo 'Post-clone script executed'", }); const output = await executeScriptInContainer( state, "alpine/git", "sh", - "mkdir -p ~/fake-url && echo 'existing' > ~/fake-url/file.txt", + "mkdir -p /tmp/fake-url && echo 'existing' > /tmp/fake-url/file.txt", ); expect(output.stdout).toContain("Running post-clone script..."); expect(output.stdout).toContain("Post-clone script executed"); @@ -273,4 +274,35 @@ describe("git-clone", async () => { expect(output.stdout).toContain("Pre-clone script executed"); expect(output.stdout).toContain("Cloning fake-url to ~/fake-url..."); }); + + it("fails when pre-clone script fails", async () => { + const state = await runTerraformApply(import.meta.dir, { + agent_id: "foo", + url: "fake-url", + pre_clone_script: "echo 'Pre-clone script failed'; exit 42", + }); + const output = await executeScriptInContainer(state, "alpine/git"); + expect(output.exitCode).toBe(42); + expect(output.stdout).toContain("Running pre-clone script..."); + expect(output.stdout).toContain("Pre-clone script failed"); + expect(output.stdout).not.toContain("Cloning fake-url to ~/fake-url..."); + }); + + it("fails when post-clone script fails", async () => { + const state = await runTerraformApply(import.meta.dir, { + agent_id: "foo", + url: "fake-url", + base_dir: "/tmp", + post_clone_script: "echo 'Post-clone script failed'; exit 43", + }); + const output = await executeScriptInContainer( + state, + "alpine/git", + "sh", + "mkdir -p /tmp/fake-url && echo 'existing' > /tmp/fake-url/file.txt", + ); + expect(output.exitCode).toBe(43); + expect(output.stdout).toContain("Running post-clone script..."); + expect(output.stdout).toContain("Post-clone script failed"); + }); }); diff --git a/registry/coder/modules/git-clone/run.sh b/registry/coder/modules/git-clone/run.sh index 03050349..76928a40 100644 --- a/registry/coder/modules/git-clone/run.sh +++ b/registry/coder/modules/git-clone/run.sh @@ -1,5 +1,7 @@ #!/usr/bin/env bash +set -euo pipefail + REPO_URL="${REPO_URL}" CLONE_PATH="${CLONE_PATH}" BRANCH_NAME="${BRANCH_NAME}" From f9802456ceceb490aaa37bb70ce34e45d11b7cf7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 May 2026 15:03:46 +0000 Subject: [PATCH 2/2] chore(deps): bump the github-actions group across 1 directory with 3 updates (#892) Bumps the github-actions group with 3 updates in the / directory: [coder/coder](https://github.com/coder/coder), [crate-ci/typos](https://github.com/crate-ci/typos) and [zizmorcore/zizmor-action](https://github.com/zizmorcore/zizmor-action). Updates `coder/coder` from 2.32.0 to 2.33.3
Release notes

Sourced from coder/coder's releases.

v2.33.3

Changelog

[!NOTE] This is a mainline Coder release. We advise enterprise customers without a staging environment to install our latest stable release while we refine this version. Learn more about our Release Schedule.

Bug fixes

  • Upgrade Go toolchain from 1.25.9 to 1.25.10 (#25230, e5a96f3608)
  • Cherry-pick go-git v5.19.0 (CVE-2026-45022) (#25229, 4e4e23539e)
  • Dashboard: Show Organizations in admin dropdown for single-org OSS deployments (#25175, bbca430b4c)
  • fix(scripts/ironbank): update base image to UBI9 and remove urllib3 (CVE-2026-44431) (#25247, 818fc72802)
  • Server: Harden Azure identity certificate fetch (cherry-pick v2.33) (#25276, 844c1e0467)
  • Verify PKCS7 signature on Azure instance identity tokens (2.33 cherry-pick) (#25302, 2b778f292c)

Compare: v2.33.2...v2.33.3

Container image

  • docker pull ghcr.io/coder/coder:2.33.3

Install/upgrade

Refer to our docs to install or upgrade Coder, or use a release asset below.

v2.33.2

Changelog

[!NOTE] This is a mainline Coder release. We advise enterprise customers without a staging environment to install our latest stable release while we refine this version. Learn more about our Release Schedule.

Bug fixes

  • Backport 11 Coder Agents docs PRs to release/2.33 (#25047, d622e86fa0)

Compare: v2.33.1...v2.33.2

Container image

  • docker pull ghcr.io/coder/coder:2.33.2

Install/upgrade

Refer to our docs to install or upgrade Coder, or use a release asset below.

v2.33.1

Changelog

[!NOTE] This is a mainline Coder release. We advise enterprise customers without a staging environment to install our latest stable release while we refine this version. Learn more about our Release Schedule.

... (truncated)

Commits

Updates `crate-ci/typos` from 1.45.1 to 1.46.2
Release notes

Sourced from crate-ci/typos's releases.

v1.46.2

[1.46.2] - 2026-05-16

Fixes

  • Don't correct to criterias
  • Don't correct to replaceables

v1.46.1

[1.46.1] - 2026-05-08

Fixes

  • Don't correct to confidentials

v1.46.0

[1.46.0] - 2026-04-30

Features

  • Updated the dictionary with the April 2026 changes

v1.45.2

[1.45.2] - 2026-04-27

Fixes

  • Ignore ssh ed25519 public keys
Changelog

Sourced from crate-ci/typos's changelog.

Change Log

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

[Unreleased] - ReleaseDate

[1.46.2] - 2026-05-16

Fixes

  • Don't correct to criterias
  • Don't correct to replaceables

[1.46.1] - 2026-05-08

Fixes

  • Don't correct to confidentials

[1.46.0] - 2026-04-30

Features

  • Updated the dictionary with the April 2026 changes

[1.45.2] - 2026-04-27

Fixes

  • Ignore ssh ed25519 public keys

[1.45.1] - 2026-04-13

Fixes

  • (action) Use a temp dir for caching

[1.45.0] - 2026-04-01

Features

  • Updated the dictionary with the March 2026 changes

[1.44.0] - 2026-02-27

Features

... (truncated)

Commits

Updates `zizmorcore/zizmor-action` from 0.5.3 to 0.5.6
Release notes

Sourced from zizmorcore/zizmor-action's releases.

v0.5.6

  • 1.25.2 is now available via the action
  • 1.25.2 is now the default version of zizmor used by the action

v0.5.5

This is a no-op release.

v0.5.4

  • 1.25.0 is now available via the action
  • 1.25.0 is now the default version of zizmor used by the action
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) ---
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yaml | 6 +++--- .github/workflows/version-bump.yaml | 2 +- .github/workflows/zizmor.yaml | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 6793e375..68f99f29 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -37,7 +37,7 @@ jobs: all: - '**' - name: Set up Terraform - uses: coder/coder/.github/actions/setup-tf@34584e909bbe6f501fb2cbdc994325b4d3f9e2ef # v2.32.0 + uses: coder/coder/.github/actions/setup-tf@2b778f292c2ddf8ac261683d0d5d8a18da1512f6 # v2.33.3 - name: Set up Bun uses: oven-sh/setup-bun@0c5077e51419868618aeaa5fe8019c62421857d6 # v2 with: @@ -87,13 +87,13 @@ jobs: bun-version: latest # Need Terraform for its formatter - name: Install Terraform - uses: coder/coder/.github/actions/setup-tf@34584e909bbe6f501fb2cbdc994325b4d3f9e2ef # v2.32.0 + uses: coder/coder/.github/actions/setup-tf@2b778f292c2ddf8ac261683d0d5d8a18da1512f6 # v2.33.3 - name: Install dependencies run: bun install - name: Validate formatting run: bun fmt:ci - name: Check for typos - uses: crate-ci/typos@cf5f1c29a8ac336af8568821ec41919923b05a83 # v1.45.1 + uses: crate-ci/typos@aca895bf05aec0cb7dffa6f94495e923224d9f17 # v1.46.2 with: config: .github/typos.toml validate-readme-files: diff --git a/.github/workflows/version-bump.yaml b/.github/workflows/version-bump.yaml index 5df8b435..477a65d3 100644 --- a/.github/workflows/version-bump.yaml +++ b/.github/workflows/version-bump.yaml @@ -31,7 +31,7 @@ jobs: bun-version: latest - name: Set up Terraform - uses: coder/coder/.github/actions/setup-tf@34584e909bbe6f501fb2cbdc994325b4d3f9e2ef # v2.32.0 + uses: coder/coder/.github/actions/setup-tf@2b778f292c2ddf8ac261683d0d5d8a18da1512f6 # v2.33.3 - name: Install dependencies run: bun install diff --git a/.github/workflows/zizmor.yaml b/.github/workflows/zizmor.yaml index baed8be7..c2f75a1b 100644 --- a/.github/workflows/zizmor.yaml +++ b/.github/workflows/zizmor.yaml @@ -27,7 +27,7 @@ jobs: persist-credentials: false - name: Run zizmor (blocking, HIGH only) - uses: zizmorcore/zizmor-action@b1d7e1fb5de872772f31590499237e7cce841e8e # v0.5.3 + uses: zizmorcore/zizmor-action@5f14fd08f7cf1cb1609c1e344975f152c7ee938d # v0.5.6 with: advanced-security: false annotations: true @@ -49,7 +49,7 @@ jobs: persist-credentials: false - name: Run zizmor (SARIF) - uses: zizmorcore/zizmor-action@b1d7e1fb5de872772f31590499237e7cce841e8e # v0.5.3 + uses: zizmorcore/zizmor-action@5f14fd08f7cf1cb1609c1e344975f152c7ee938d # v0.5.6 with: inputs: | .github/workflows