replace remaining cdr github links

I will try checking the docs too

.eslintrc.yaml

@@ -0,0 +1,43 @@
+parser: "@typescript-eslint/parser"
+env:
+  browser: true
+  es6: true # Map, etc.
+  jest: true
+  node: true
+
+parserOptions:
+  ecmaVersion: 2018
+  sourceType: module
+
+extends:
+  - eslint:recommended
+  - plugin:@typescript-eslint/recommended
+  - plugin:import/recommended
+  - plugin:import/typescript
+  - plugin:prettier/recommended
+  # Prettier should always be last
+  # Removes eslint rules that conflict with prettier.
+  - prettier
+
+rules:
+  # Sometimes you need to add args to implement a function signature even
+  # if they are unused.
+  "@typescript-eslint/no-unused-vars": ["error", { "args": "none" }]
+  # For overloads.
+  no-dupe-class-members: off
+  "@typescript-eslint/no-use-before-define": off
+  "@typescript-eslint/no-non-null-assertion": off
+  "@typescript-eslint/ban-types": off
+  "@typescript-eslint/no-var-requires": off
+  "@typescript-eslint/explicit-module-boundary-types": off
+  "@typescript-eslint/no-explicit-any": off
+  "@typescript-eslint/no-extra-semi": off
+  eqeqeq: error
+  import/order:
+    [error, { alphabetize: { order: "asc" }, groups: [["builtin", "external", "internal"], "parent", "sibling"] }]
+  no-async-promise-executor: off
+
+settings:
+  import/resolver:
+    typescript:
+      alwaysTryTypes: true

.git-blame-ignore-revs

@@ -1,2 +0,0 @@
-# Prettier 3.4.2
-9b0340a09276f93c054d705d1b9a5f24cc5dbc97

.github/CODEOWNERS

@@ -1,7 +1,3 @@
-* @coder/code-server
+* @coder/code-server-reviewers
 
 ci/helm-chart/ @Matthew-Beckett @alexgorbatchev
-
-docs/install.md @GNUxeava
-
-src/node/i18n/locales/zh-cn.json @zhaozhiming

.github/ISSUE_TEMPLATE/bug-report.yml

@@ -1,5 +1,6 @@
 name: Bug report
 description: File a bug report
+title: "[Bug]: "
 labels: ["bug", "triage"]
 body:
   - type: checkboxes
@@ -9,7 +10,6 @@ body:
       options:
         - label: I have searched the existing issues
           required: true
-
   - type: textarea
     attributes:
       label: OS/Web Information
@@ -20,8 +20,6 @@ body:
           - **Remote OS**: Ubuntu
           - **Remote Architecture**: amd64
           - **`code-server --version`**: 4.0.1
-
-        Please do not just put "latest" for the version.
       value: |
         - Web Browser:
         - Local OS:
@@ -30,94 +28,56 @@ body:
         - `code-server --version`:
     validations:
       required: true
-
   - type: textarea
     attributes:
       label: Steps to Reproduce
       description: |
-        Please describe exactly how to reproduce the bug. For example:
-        1. Open code-server in Firefox
-        2. Install extension `foo.bar` from the extensions sidebar
-        3. Run command `foo.bar.baz`
+        1. open code-server
+        2. install extension
+        3. run command
       value: |
-        1.
+        1. 
         2.
         3.
     validations:
       required: true
-
   - type: textarea
     attributes:
       label: Expected
       description: What should happen?
     validations:
       required: true
-
   - type: textarea
     attributes:
       label: Actual
       description: What actually happens?
     validations:
       required: true
-
   - type: textarea
     id: logs
     attributes:
       label: Logs
-      description: Run code-server with the --verbose flag and then paste any relevant logs from the server, from the browser console and/or the browser network tab. For issues with installation, include installation logs (i.e. output of `npm install -g code-server`).
-      render: shell
-
+      description: Run code-server with the --verbose flag and then paste any relevant logs from the server, from the browser console and/or the browser network tab. For issues with installation, include installation logs (i.e. output of `yarn global add code-server`).
   - type: textarea
     attributes:
       label: Screenshot/Video
       description: Please include a screenshot, gif or screen recording of your issue.
     validations:
       required: false
-
-  - type: dropdown
-    attributes:
-      label: Does this bug reproduce in native VS Code?
-      description: If the bug reproduces in native VS Code, submit the issue upstream instead (https://github.com/microsoft/vscode).
-      options:
-        - Yes, this is also broken in native VS Code
-        - No, this works as expected in native VS Code
-        - This cannot be tested in native VS Code
-        - I did not test native VS Code
-    validations:
-      required: true
-
-  - type: dropdown
-    attributes:
-      label: Does this bug reproduce in VS Code web?
-      description: If the bug reproduces in VS Code web, submit the issue upstream instead (https://github.com/microsoft/vscode). You can run VS Code web with `code serve-web` (this is not the same as vscode.dev).
-      options:
-        - Yes, this is also broken in VS Code web
-        - No, this works as expected in VS Code web
-        - This cannot be tested in VS Code web
-        - I did not test VS Code web
-    validations:
-      required: true
-
-  - type: dropdown
-    attributes:
-      label: Does this bug reproduce in GitHub Codespaces?
-      description: If the bug reproduces in GitHub Codespaces, submit the issue upstream instead (https://github.com/microsoft/vscode).
-      options:
-        - Yes, this is also broken in GitHub Codespaces
-        - No, this works as expected in GitHub Codespaces
-        - This cannot be tested in GitHub Codespaces
-        - I did not test GitHub Codespaces
-    validations:
-      required: true
-
   - type: checkboxes
     attributes:
-      label: Are you accessing code-server over a secure context?
-      description: code-server relies on service workers (which only work in secure contexts) for many features. Double-check that you are using a secure context like HTTPS or localhost.
+      label: Does this issue happen in VS Code?
+      description: Please try reproducing this issue in VS Code
       options:
-        - label: I am using a secure context.
-          required: false
-
+        - label: I cannot reproduce this in VS Code.
+          required: true
+  - type: checkboxes
+    attributes:
+      label: Are you accessing code-server over HTTPS?
+      description: code-server relies on service workers for many features. Double-check that you are using HTTPS.
+      options:
+        - label: I am using HTTPS.
+          required: true
   - type: textarea
     attributes:
       label: Notes

.github/ISSUE_TEMPLATE/doc.md

@@ -1,7 +1,9 @@
 ---
 name: Documentation improvement
 about: Suggest a documentation improvement
+title: "[Docs]: "
 labels: "docs"
+assignees: "@jsjoeio"
 ---
 
 ## What is your suggestion?

.github/ISSUE_TEMPLATE/feature-request.md

@@ -1,7 +1,9 @@
 ---
 name: Feature request
 about: Suggest an idea to improve code-server
+title: "[Feat]: "
 labels: enhancement
+assignees: ""
 ---
 
 ## What is your suggestion?

.github/PULL_REQUEST_TEMPLATE/release_template.md

@@ -0,0 +1,16 @@
+<!-- Note: this variable $CODE_SERVER_VERSION_TO_UPDATE will be set when you run the release-prep.sh script with `yarn release:prep` -->
+
+This PR is to generate a new release of `code-server` at `$CODE_SERVER_VERSION_TO_UPDATE`
+
+## Screenshot
+
+TODO
+
+## TODOs
+
+Follow "Publishing a release" steps in `ci/README.md`
+
+<!-- Note some of these steps below are redundant since they're listed in the "Publishing a release" docs -->
+
+- [ ] publish release and merge PR
+- [ ] update the AUR package

.github/dependabot.yaml

@@ -1,31 +0,0 @@
-version: 2
-updates:
-  - package-ecosystem: "github-actions"
-    directory: "/"
-    schedule:
-      interval: "monthly"
-      time: "06:00"
-      timezone: "America/Chicago"
-    labels: []
-    commit-message:
-      prefix: "chore"
-
-  - package-ecosystem: "npm"
-    directory: "/"
-    schedule:
-      interval: "monthly"
-      time: "06:00"
-      timezone: "America/Chicago"
-    commit-message:
-      prefix: "chore"
-    labels: []
-    ignore:
-      # Ignore patch updates for all dependencies
-      - dependency-name: "*"
-        update-types:
-          - version-update:semver-patch
-      # Ignore major updates to Node.js types, because they need to
-      # correspond to the Node.js engine version
-      - dependency-name: "@types/node"
-        update-types:
-          - version-update:semver-major

.github/ranger.yml

@@ -0,0 +1,29 @@
+# Configuration for the repo ranger bot
+# See docs: https://www.notion.so/Documentation-8d7627bb1f3c42b7b1820e8d6f157a57#9879d1374fab4d1f9c607c230fd5123d
+default:
+  close:
+    # Default time to wait before closing the label. Can either be a number in milliseconds
+    # or a string specified by the `ms` package (https://www.npmjs.com/package/ms)
+    delay: "2 days"
+
+    # Default comment to post when an issue is first marked with a closing label
+    comment: "⚠️ This issue has been marked $LABEL and will be closed in $DELAY."
+
+labels:
+  duplicate: close
+  wontfix: close
+  "squash when passing": merge
+  "rebase when passing": merge
+  "merge when passing": merge
+  "new contributor":
+    action: comment
+    delay: 5s
+    message: "Thanks for making your first contribution! :slightly_smiling_face:"
+  "upstream:vscode":
+    action: close
+    delay: 5s
+    comment: >
+      This issue has been marked as 'upstream:vscode'.
+      Please file this upstream: [link to open issue](https://github.com/microsoft/vscode/issues/new/choose)
+
+      This issue will automatically close in $DELAY.

.github/semantic.yaml

@@ -61,6 +61,3 @@ types:
   # implementations. For example, if a commit adds a fix + test, it's a fix
   # commit. If a commit is simply bumping coverage, it's a test commit.
   - test
-
-  # A new release.
-  - release

.github/workflows/build.yaml

@@ -1,299 +0,0 @@
-name: Build
-
-on:
-  push:
-    branches:
-      - main
-  pull_request:
-    branches:
-      - main
-
-# Cancel in-progress runs for pull requests when developers push
-# additional changes, and serialize builds in branches.
-# https://docs.github.com/en/actions/using-jobs/using-concurrency#example-using-concurrency-to-cancel-any-in-progress-job-or-run
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: ${{ github.event_name == 'pull_request' }}
-
-jobs:
-  changes:
-    runs-on: ubuntu-latest
-    outputs:
-      ci: ${{ steps.filter.outputs.ci }}
-      code: ${{ steps.filter.outputs.code }}
-      deps: ${{ steps.filter.outputs.deps }}
-      docs: ${{ steps.filter.outputs.docs }}
-      helm: ${{ steps.filter.outputs.helm }}
-    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-      - uses: dorny/paths-filter@d1c1ffe0248fe513906c8e24db8ea791d46f8590 # v3
-        id: filter
-        with:
-          filters: |
-            ci:
-              - ".github/**"
-              - "ci/**"
-            docs:
-              - "docs/**"
-              - "README.md"
-              - "CHANGELOG.md"
-            helm:
-              - "ci/helm-chart/**"
-            code:
-              - "src/**"
-              - "test/**"
-            deps:
-              - "lib/**"
-              - "patches/**"
-              - "package-lock.json"
-              - "test/package-lock.json"
-      - id: debug
-        run: |
-          echo "${{ toJSON(steps.filter )}}"
-
-  prettier:
-    name: Run prettier check
-    runs-on: ubuntu-22.04
-    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
-        with:
-          node-version-file: .node-version
-          cache: npm
-          cache-dependency-path: |
-            package-lock.json
-            test/package-lock.json
-      - run: SKIP_SUBMODULE_DEPS=1 npm ci
-      - run: npx prettier --check .
-
-  doctoc:
-    name: Doctoc markdown files
-    runs-on: ubuntu-22.04
-    needs: changes
-    if: needs.changes.outputs.docs == 'true'
-    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
-        with:
-          node-version-file: .node-version
-          cache: npm
-          cache-dependency-path: |
-            package-lock.json
-            test/package-lock.json
-      - run: SKIP_SUBMODULE_DEPS=1 npm ci
-      - run: npm run doctoc
-
-  lint-helm:
-    name: Lint Helm chart
-    runs-on: ubuntu-22.04
-    needs: changes
-    if: needs.changes.outputs.helm == 'true'
-    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-      - uses: azure/setup-helm@dda3372f752e03dde6b3237bc9431cdc2f7a02a2 # v5.0.0
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-          version: "v3.19.2"
-      - run: helm plugin install https://github.com/instrumenta/helm-kubeval
-      - run: helm kubeval ci/helm-chart
-
-  lint-ts:
-    name: Lint TypeScript files
-    runs-on: ubuntu-22.04
-    needs: changes
-    if: needs.changes.outputs.code == 'true'
-    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
-        with:
-          node-version-file: .node-version
-          cache: npm
-          cache-dependency-path: |
-            package-lock.json
-            test/package-lock.json
-      - run: SKIP_SUBMODULE_DEPS=1 npm ci
-      - run: npm run lint:ts
-
-  lint-actions:
-    name: Lint GitHub Actions
-    runs-on: ubuntu-latest
-    needs: changes
-    if: needs.changes.outputs.ci == 'true'
-    steps:
-      - name: Checkout repo
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-      - name: Check workflow files
-        run: |
-          bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash) 1.7.9
-          ./actionlint -color -shellcheck= -ignore "softprops/action-gh-release"
-        shell: bash
-
-  test-unit:
-    name: Run unit tests
-    runs-on: ubuntu-22.04
-    needs: changes
-    if: needs.changes.outputs.code == 'true'
-    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
-        with:
-          node-version-file: .node-version
-          cache: npm
-          cache-dependency-path: |
-            package-lock.json
-            test/package-lock.json
-      - run: SKIP_SUBMODULE_DEPS=1 npm ci
-      - run: npm run test:unit
-      - uses: codecov/codecov-action@75cd11691c0faa626561e295848008c8a7dddffe # v5
-        if: success()
-        with:
-          token: ${{ secrets.CODECOV_TOKEN }}
-
-  build:
-    name: linux-x64
-    runs-on: ubuntu-22.04
-    env:
-      CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
-      DISABLE_V8_COMPILE_CACHE: 1
-      VERSION: 0.0.0
-      VSCODE_TARGET: linux-x64
-      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      ELECTRON_SKIP_BINARY_DOWNLOAD: 1
-      PLAYWRIGHT_SKIP_BROWSER_DOWNLOAD: 1
-
-    steps:
-      - run: sudo apt update && sudo apt install -y libkrb5-dev
-      - uses: awalsh128/cache-apt-pkgs-action@2c09a5e66da6c8016428a2172bd76e5e4f14bb17 # latest
-        with:
-          packages: quilt
-          version: 1.0
-
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-        with:
-          submodules: true
-      - run: quilt push -a
-      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
-        with:
-          node-version-file: .node-version
-          cache: npm
-          cache-dependency-path: |
-            package-lock.json
-            test/package-lock.json
-      - run: SKIP_SUBMODULE_DEPS=1 npm ci
-      - run: npm run build
-      # Get Code's git hash.  When this changes it means the content is
-      # different and we need to rebuild.
-      - name: Get latest lib/vscode rev
-        id: vscode-rev
-        run: echo "rev=$(git rev-parse HEAD:./lib/vscode)" >> $GITHUB_OUTPUT
-      # We need to rebuild when we have a new version of Code, when any of the
-      # patches changed, or when the code-server version changes (since it gets
-      # embedded into the code).  Use VSCODE_CACHE_VERSION to force a rebuild.
-      - name: Fetch prebuilt linux-x64 Code package from cache
-        id: cache-vscode
-        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4
-        with:
-          path: lib/vscode-reh-web-linux-x64
-          key: vscode-linux-x64-package-${{ secrets.VSCODE_CACHE_VERSION }}-${{ steps.vscode-rev.outputs.rev }}-${{ hashFiles('patches/*.diff', 'ci/build/build-vscode.sh') }}
-      - name: Build vscode
-        if: steps.cache-vscode.outputs.cache-hit != 'true'
-        run: |
-          pushd lib/vscode
-          npm ci
-          popd
-          npm run build:vscode
-      # Push up an artifact containing the linux-x64 release.
-      - run: KEEP_MODULES=1 npm run release
-      - run: tar -czf package.tar.gz release
-      - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
-        with:
-          name: linux-x64-package
-          path: ./package.tar.gz
-
-  test-e2e:
-    name: Run e2e tests
-    runs-on: ubuntu-22.04
-    env:
-      LOG_LEVEL: debug
-    needs: [changes, build]
-    if: needs.changes.outputs.code == 'true' || needs.changes.outputs.deps == 'true' || needs.changes.outputs.ci == 'true'
-
-    steps:
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
-        with:
-          node-version-file: .node-version
-          cache: npm
-          cache-dependency-path: |
-            package-lock.json
-            test/package-lock.json
-      - run: SKIP_SUBMODULE_DEPS=1 npm ci
-      - name: Install Playwright OS dependencies
-        run: |
-          ./test/node_modules/.bin/playwright install-deps
-          ./test/node_modules/.bin/playwright install
-
-      - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
-        with:
-          name: linux-x64-package
-      - run: tar -xzf package.tar.gz
-
-      - run: CODE_SERVER_TEST_ENTRY=./release npm run test:e2e
-      - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
-        if: always()
-        with:
-          name: failed-test-videos
-          path: ./test/test-results
-
-  test-e2e-proxy:
-    name: Run e2e tests behind proxy
-    runs-on: ubuntu-22.04
-    env:
-      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      LOG_LEVEL: debug
-    needs: [changes, build]
-    if: needs.changes.outputs.code == 'true' || needs.changes.outputs.deps == 'true' || needs.changes.outputs.ci == 'true'
-
-    steps:
-      - name: Cache Caddy
-        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4
-        id: caddy-cache
-        with:
-          path: |
-            ~/.cache/caddy
-          key: cache-caddy-2.5.2
-      - name: Install Caddy
-        if: steps.caddy-cache.outputs.cache-hit != 'true'
-        run: |
-          gh release download v2.5.2 --repo caddyserver/caddy --pattern "caddy_2.5.2_linux_amd64.tar.gz"
-          mkdir -p ~/.cache/caddy
-          tar -xzf caddy_2.5.2_linux_amd64.tar.gz --directory ~/.cache/caddy
-
-      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
-        with:
-          node-version-file: .node-version
-          cache: npm
-          cache-dependency-path: |
-            package-lock.json
-            test/package-lock.json
-      - run: SKIP_SUBMODULE_DEPS=1 npm ci
-      - name: Install Playwright OS dependencies
-        run: |
-          ./test/node_modules/.bin/playwright install-deps
-          ./test/node_modules/.bin/playwright install
-
-      - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8
-        with:
-          name: linux-x64-package
-      - run: tar -xzf package.tar.gz
-
-      - run: ~/.cache/caddy/caddy start --config ./ci/Caddyfile
-      - run: CODE_SERVER_TEST_ENTRY=./release npm run test:e2e:proxy
-      - run: ~/.cache/caddy/caddy stop --config ./ci/Caddyfile
-        if: always()
-      - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
-        if: always()
-        with:
-          name: failed-test-videos-proxy
-          path: ./test/test-results

.github/workflows/ci.yaml

@@ -0,0 +1,443 @@
+name: Build
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+
+# Note: if: success() is used in several jobs -
+# this ensures that it only executes if all previous jobs succeeded.
+
+# if: steps.cache-yarn.outputs.cache-hit != 'true'
+# will skip running `yarn install` if it successfully fetched from cache
+
+jobs:
+  prebuild:
+    name: Pre-build checks
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v2
+
+      - name: Install Node.js v14
+        uses: actions/setup-node@v2
+        with:
+          node-version: "14"
+
+      - name: Install helm
+        uses: azure/setup-helm@v1.1
+
+      # NOTE@jsjoeio
+      # disabling this until we can audit the build process
+      # and the usefulness of this step
+      # See: https://github.com/coder/code-server/issues/4287
+      # - name: Fetch dependencies from cache
+      #   id: cache-yarn
+      #   uses: actions/cache@v2
+      #   with:
+      #     path: "**/node_modules"
+      #     key: yarn-build-${{ hashFiles('**/yarn.lock') }}
+      #     restore-keys: |
+      #       yarn-build-
+
+      - name: Install dependencies
+        # if: steps.cache-yarn.outputs.cache-hit != 'true'
+        run: yarn --frozen-lockfile
+
+      - name: Run yarn fmt
+        run: yarn fmt
+        if: success()
+
+      - name: Run yarn lint
+        run: yarn lint
+        if: success()
+
+  audit-ci:
+    name: Run audit-ci
+    needs: prebuild
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v2
+
+      - name: Install Node.js v14
+        uses: actions/setup-node@v2
+        with:
+          node-version: "14"
+
+      - name: Fetch dependencies from cache
+        id: cache-yarn
+        uses: actions/cache@v2
+        with:
+          path: "**/node_modules"
+          key: yarn-build-${{ hashFiles('**/yarn.lock') }}
+          restore-keys: |
+            yarn-build-
+
+      - name: Install dependencies
+        if: steps.cache-yarn.outputs.cache-hit != 'true'
+        run: yarn --frozen-lockfile
+
+      - name: Audit for vulnerabilities
+        run: yarn _audit
+        if: success()
+
+  build:
+    name: Build
+    needs: prebuild
+    runs-on: ubuntu-latest
+    timeout-minutes: 30
+    env:
+      CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+
+      - name: Install Node.js v14
+        uses: actions/setup-node@v2
+        with:
+          node-version: "14"
+
+      # TODO@Teffen investigate why this omits code-oss-dev/node_modules
+      # - name: Fetch dependencies from cache
+      #   id: cache-yarn
+      #   uses: actions/cache@v2
+      #   with:
+      #     path: |
+      #       "**/node_modules"
+      #       "**/vendor/modules"
+      #       "**/vendor/modules/code-oss-dev/node_modules"
+      #     key: yarn-build-${{ hashFiles('**/yarn.lock') }}-${{ hashFiles('**/vendor/yarn.lock') }}
+      #     restore-keys: |
+      #       yarn-build-
+
+      - name: Install dependencies
+        # if: steps.cache-yarn.outputs.cache-hit != 'true'
+        run: yarn --frozen-lockfile
+
+      - name: Build code-server
+        run: yarn build
+
+      # Parse the hash of the latest commit inside vendor/modules/code-oss-dev
+      # use this to avoid rebuilding it if nothing changed
+      # How it works: the `git log` command fetches the hash of the last commit
+      # that changed a file inside `vendor/modules/code-oss-dev`. If a commit changes any file in there,
+      # the hash returned will change, and we rebuild vscode. If the hash did not change,
+      # (for example, a change to `src/` or `docs/`), we reuse the same build as last time.
+      # This saves a lot of time in CI, as compiling VSCode can take anywhere from 5-10 minutes.
+      - name: Get latest vendor/modules/code-oss-dev rev
+        id: vscode-rev
+        run: echo "::set-output name=rev::$(jq -r '.devDependencies["code-oss-dev"]' vendor/package.json | sed -r 's|.*#(.*)$|\1|')"
+
+      - name: Attempt to fetch vscode build from cache
+        id: cache-vscode
+        uses: actions/cache@v2
+        with:
+          path: |
+            vendor/modules/code-oss-dev/.build
+            vendor/modules/code-oss-dev/out-build
+            vendor/modules/code-oss-dev/out-vscode-reh-web
+            vendor/modules/code-oss-dev/out-vscode-reh-web-min
+          key: vscode-reh-build-${{ steps.vscode-rev.outputs.rev }}
+
+      - name: Build vscode
+        if: steps.cache-vscode.outputs.cache-hit != 'true'
+        run: yarn build:vscode
+
+      # Our code imports code from VS Code's `out` directory meaning VS Code
+      # must be built before running these tests.
+      # TODO: Move to its own step?
+      - name: Run code-server unit tests
+        run: yarn test:unit
+        if: success()
+
+      - name: Upload coverage report to Codecov
+        run: yarn coverage
+        if: success()
+
+      # The release package does not contain any native modules
+      # and is neutral to architecture/os/libc version.
+      - name: Create release package
+        run: yarn release
+        if: success()
+
+      # https://github.com/actions/upload-artifact/issues/38
+      - name: Compress release package
+        run: tar -czf package.tar.gz release
+
+      - name: Upload npm package artifact
+        uses: actions/upload-artifact@v2
+        with:
+          name: npm-package
+          path: ./package.tar.gz
+
+  # TODO: cache building yarn --production
+  # possibly 2m30s of savings(?)
+  # this requires refactoring our release scripts
+  package-linux-amd64:
+    name: x86-64 Linux build
+    needs: build
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    container: "centos:7"
+
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Install Node.js v14
+        uses: actions/setup-node@v2
+        with:
+          node-version: "14"
+
+      - name: Install development tools
+        run: |
+          yum install -y epel-release centos-release-scl
+          yum install -y devtoolset-9-{make,gcc,gcc-c++} jq rsync
+
+      - name: Install nfpm and envsubst
+        run: |
+          curl -sfL https://install.goreleaser.com/github.com/goreleaser/nfpm.sh | sh -s -- -b ~/.local/bin v2.3.1
+          curl -L https://github.com/a8m/envsubst/releases/download/v1.1.0/envsubst-`uname -s`-`uname -m` -o envsubst
+          chmod +x envsubst
+          mv envsubst ~/.local/bin
+          echo "$HOME/.local/bin" >> $GITHUB_PATH
+
+      - name: Install yarn
+        run: npm install -g yarn
+
+      - name: Download npm package
+        uses: actions/download-artifact@v2
+        with:
+          name: npm-package
+
+      - name: Decompress npm package
+        run: tar -xzf package.tar.gz
+
+      # NOTE: && here is deliberate - GitHub puts each line in its own `.sh`
+      # file when running inside a docker container.
+      - name: Build standalone release
+        run: source scl_source enable devtoolset-9 && yarn release:standalone
+
+      - name: Sanity test standalone release
+        run: yarn test:standalone-release
+
+      - name: Build packages with nfpm
+        run: yarn package
+
+      - name: Upload release artifacts
+        uses: actions/upload-artifact@v2
+        with:
+          name: release-packages
+          path: ./release-packages
+
+  # NOTE@oxy:
+  # We use Ubuntu 16.04 here, so that our build is more compatible
+  # with older libc versions. We used to (Q1'20) use CentOS 7 here,
+  # but it has a full update EOL of Q4'20 and a 'critical security'
+  # update EOL of 2024. We're dropping full support a few years before
+  # the final EOL, but I don't believe CentOS 7 has a large arm64 userbase.
+  # It is not feasible to cross-compile with CentOS.
+
+  # Cross-compile notes: To compile native dependencies for arm64,
+  # we install the aarch64/armv7l cross toolchain and then set it as the default
+  # compiler/linker/etc. with the AR/CC/CXX/LINK environment variables.
+  # qemu-user-static on ubuntu-16.04 currently doesn't run Node correctly,
+  # so we just build with "native"/x86_64 node, then download arm64/armv7l node
+  # and then put it in our release. We can't smoke test the cross build this way,
+  # but this means we don't need to maintain a self-hosted runner!
+
+  # NOTE@jsjoeio:
+  # We used to use 16.04 until GitHub deprecated it on September 20, 2021
+  # See here: https://github.com/actions/virtual-environments/pull/3862/files
+  package-linux-cross:
+    name: Linux cross-compile builds
+    needs: build
+    runs-on: ubuntu-18.04
+    timeout-minutes: 15
+    strategy:
+      matrix:
+        include:
+          - prefix: aarch64-linux-gnu
+            arch: arm64
+          - prefix: arm-linux-gnueabihf
+            arch: armv7l
+
+    env:
+      AR: ${{ format('{0}-ar', matrix.prefix) }}
+      CC: ${{ format('{0}-gcc', matrix.prefix) }}
+      CXX: ${{ format('{0}-g++', matrix.prefix) }}
+      LINK: ${{ format('{0}-g++', matrix.prefix) }}
+      NPM_CONFIG_ARCH: ${{ matrix.arch }}
+      NODE_VERSION: v14.17.4
+
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Install Node.js v14
+        uses: actions/setup-node@v2
+        with:
+          node-version: "14"
+
+      - name: Install nfpm
+        run: |
+          curl -sfL https://install.goreleaser.com/github.com/goreleaser/nfpm.sh | sh -s -- -b ~/.local/bin v2.3.1
+          echo "$HOME/.local/bin" >> $GITHUB_PATH
+
+      - name: Install cross-compiler
+        run: sudo apt update && sudo apt install $PACKAGE
+        env:
+          PACKAGE: ${{ format('g++-{0}', matrix.prefix) }}
+
+      - name: Download npm package
+        uses: actions/download-artifact@v2
+        with:
+          name: npm-package
+
+      - name: Decompress npm package
+        run: tar -xzf package.tar.gz
+
+      - name: Build standalone release
+        run: yarn release:standalone
+
+      - name: Replace node with cross-compile equivalent
+        run: |
+          wget https://nodejs.org/dist/${NODE_VERSION}/node-${NODE_VERSION}-linux-${NPM_CONFIG_ARCH}.tar.xz
+          tar -xf node-${NODE_VERSION}-linux-${NPM_CONFIG_ARCH}.tar.xz node-${NODE_VERSION}-linux-${NPM_CONFIG_ARCH}/bin/node --strip-components=2
+          mv ./node ./release-standalone/lib/node
+
+      - name: Build packages with nfpm
+        run: yarn package ${NPM_CONFIG_ARCH}
+
+      - name: Upload release artifacts
+        uses: actions/upload-artifact@v2
+        with:
+          name: release-packages
+          path: ./release-packages
+
+  package-macos-amd64:
+    name: x86-64 macOS build
+    needs: build
+    runs-on: macos-latest
+    timeout-minutes: 15
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Install Node.js v14
+        uses: actions/setup-node@v2
+        with:
+          node-version: "14"
+
+      - name: Install nfpm
+        run: |
+          curl -sfL https://install.goreleaser.com/github.com/goreleaser/nfpm.sh | sh -s -- -b ~/.local/bin v2.3.1
+          echo "$HOME/.local/bin" >> $GITHUB_PATH
+
+      - name: Download npm package
+        uses: actions/download-artifact@v2
+        with:
+          name: npm-package
+
+      - name: Decompress npm package
+        run: tar -xzf package.tar.gz
+
+      - name: Build standalone release
+        run: yarn release:standalone
+
+      - name: Sanity test standalone release
+        run: yarn test:standalone-release
+
+      - name: Build packages with nfpm
+        run: yarn package
+
+      - name: Upload release artifacts
+        uses: actions/upload-artifact@v2
+        with:
+          name: release-packages
+          path: ./release-packages
+
+  test-e2e:
+    name: End-to-end tests
+    needs: package-linux-amd64
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+    env:
+      # Since we build code-server we might as well run tests from the release
+      # since VS Code will load faster due to the bundling.
+      CODE_SERVER_TEST_ENTRY: "./release-packages/code-server-linux-amd64"
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Install Node.js v14
+        uses: actions/setup-node@v2
+        with:
+          node-version: "14"
+
+      - name: Fetch dependencies from cache
+        id: cache-yarn
+        uses: actions/cache@v2
+        with:
+          path: "**/node_modules"
+          key: yarn-build-${{ hashFiles('**/yarn.lock') }}
+          restore-keys: |
+            yarn-build-
+
+      - name: Download release packages
+        uses: actions/download-artifact@v2
+        with:
+          name: release-packages
+          path: ./release-packages
+
+      - name: Untar code-server release
+        run: |
+          cd release-packages
+          tar -xzf code-server*-linux-amd64.tar.gz
+          mv code-server*-linux-amd64 code-server-linux-amd64
+
+      - name: Install dependencies
+        if: steps.cache-yarn.outputs.cache-hit != 'true'
+        run: yarn --frozen-lockfile
+
+      - name: Install Playwright OS dependencies
+        run: |
+          ./test/node_modules/.bin/playwright install-deps
+          ./test/node_modules/.bin/playwright install
+
+      - name: Run end-to-end tests
+        run: yarn test:e2e
+
+      - name: Upload test artifacts
+        if: always()
+        uses: actions/upload-artifact@v2
+        with:
+          name: failed-test-videos
+          path: ./test/test-results
+
+      - name: Remove release packages and test artifacts
+        run: rm -rf ./release-packages ./test/test-results
+
+  trivy-scan-repo:
+    runs-on: ubuntu-20.04
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+      - name: Run Trivy vulnerability scanner in repo mode
+        #Commit SHA for v0.0.17
+        uses: aquasecurity/trivy-action@9c21d3ca2c14eb35419e2a8b66d1195946d579b8
+        with:
+          scan-type: "fs"
+          scan-ref: "."
+          ignore-unfixed: true
+          format: "template"
+          template: "@/contrib/sarif.tpl"
+          output: "trivy-repo-results.sarif"
+          severity: "HIGH,CRITICAL"
+      - name: Upload Trivy scan results to GitHub Security tab
+        uses: github/codeql-action/upload-sarif@v1
+        with:
+          sarif_file: "trivy-repo-results.sarif"

.github/workflows/codeql-analysis.yml

@@ -0,0 +1,33 @@
+name: "Code Scanning"
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [main]
+  schedule:
+    # Runs every Monday morning PST
+    - cron: "17 15 * * 1"
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-20.04
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v2
+
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v1
+        with:
+          config-file: ./.github/codeql-config.yml
+          languages: javascript
+
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@v1
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v1

.github/workflows/docker.yaml

@@ -0,0 +1,28 @@
+name: Publish on Docker
+
+on:
+  # Shows the manual trigger in GitHub UI
+  # helpful as a back-up in case the GitHub Actions Workflow fails
+  workflow_dispatch:
+
+  release:
+    types: [released]
+
+jobs:
+  docker-images:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+
+      - name: Run ./ci/steps/docker-buildx-push.sh
+        run: ./ci/steps/docker-buildx-push.sh
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
+          DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}

.github/workflows/docs-preview.yaml

@@ -0,0 +1,95 @@
+name: Docs preview
+
+on:
+  pull_request:
+    branches:
+      - main
+
+permissions:
+  actions: none
+  checks: none
+  contents: read
+  deployments: none
+  issues: none
+  packages: none
+  pull-requests: write
+  repository-projects: none
+  security-events: none
+  statuses: none
+
+jobs:
+  preview:
+    name: Docs preview
+    runs-on: ubuntu-20.04
+    environment: CI
+    steps:
+      - name: Cancel Previous Runs
+        uses: styfle/cancel-workflow-action@0.9.1
+
+      - name: Checkout m
+        uses: actions/checkout@v2
+        with:
+          repository: coder/m
+          ref: refs/heads/master
+          ssh-key: ${{ secrets.READONLY_M_DEPLOY_KEY }}
+          submodules: true
+          fetch-depth: 0
+
+      - name: Install Node.js
+        uses: actions/setup-node@v2
+        with:
+          node-version: 14
+
+      - name: Cache Node Modules
+        uses: actions/cache@v2
+        with:
+          path: "/node_modules"
+          key: node-${{ hashFiles('yarn.lock') }}
+
+      - name: Create Deployment
+        id: deployment
+        run: ./ci/scripts/github_deployment.sh create
+        env:
+          GITHUB_TOKEN: ${{ github.token }}
+          DEPLOY_ENVIRONMENT: codercom-preview-docs
+
+      - name: Deploy Preview to Vercel
+        id: preview
+        run: ./ci/scripts/deploy_vercel.sh
+        env:
+          VERCEL_ORG_ID: team_tGkWfhEGGelkkqUUm9nXq17r
+          VERCEL_PROJECT_ID: QmZRucMRh3GFk1817ZgXjRVuw5fhTspHPHKct3JNQDEPGd
+          VERCEL_TOKEN: ${{ secrets.VERCEL_TOKEN }}
+          CODE_SERVER_DOCS_MAIN_BRANCH: ${{ github.event.pull_request.head.sha }}
+
+      - name: Install node_modules
+        run: yarn install
+
+      - name: Check docs
+        run: yarn ts-node ./product/coder.com/site/scripts/checkDocs.ts
+        env:
+          BASE_URL: ${{ steps.preview.outputs.url }}
+
+      - name: Update Deployment
+        # If we don't specify always, it won't run this check if failed.
+        # This means the deployment would be stuck pending.
+        if: always()
+        run: ./ci/scripts/github_deployment.sh update
+        env:
+          GITHUB_DEPLOYMENT: ${{ steps.deployment.outputs.id }}
+          GITHUB_TOKEN: ${{ github.token }}
+          DEPLOY_STATUS: ${{ steps.preview.outcome }}
+          DEPLOY_URL: ${{ steps.preview.outputs.url }}
+
+      - name: Comment Credentials
+        uses: marocchino/sticky-pull-request-comment@v2
+        if: always()
+        with:
+          header: codercom-preview-docs
+          message: |
+            ✨ Coder.com for PR #${{ github.event.number }} deployed! It will be updated on every commit.
+
+            * _Host_: ${{ steps.preview.outputs.url }}/docs/code-server
+            * _Last deploy status_: ${{ steps.preview.outcome }}
+            * _Commit_: ${{ github.event.pull_request.head.sha }}
+            * _Workflow status_: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}

.github/workflows/installer.yaml

@@ -1,76 +0,0 @@
-name: Installer integration
-
-on:
-  push:
-    branches:
-      - main
-    paths:
-      - "install.sh"
-      - ".github/workflows/installer.yaml"
-  pull_request:
-    branches:
-      - main
-    paths:
-      - "install.sh"
-      - ".github/workflows/installer.yaml"
-
-# Cancel in-progress runs for pull requests when developers push
-# additional changes, and serialize builds in branches.
-# https://docs.github.com/en/actions/using-jobs/using-concurrency#example-using-concurrency-to-cancel-any-in-progress-job-or-run
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: ${{ github.event_name == 'pull_request' }}
-
-permissions:
-  contents: read
-
-jobs:
-  ubuntu:
-    name: Test installer on Ubuntu
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout repo
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-
-      - name: Install code-server
-        run: ./install.sh
-
-      - name: Test code-server was installed globally
-        run: code-server --help
-
-  alpine:
-    name: Test installer on Alpine
-    runs-on: ubuntu-latest
-    container: "alpine:3.17"
-    steps:
-      - name: Checkout repo
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-
-      - name: Install curl
-        run: apk add curl
-
-      - name: Add user
-        run: adduser coder --disabled-password
-
-      # Standalone should work without root.
-      - name: Test standalone to a non-existent prefix
-        run: su coder -c "./install.sh --method standalone --prefix /tmp/does/not/yet/exist"
-
-      # We do not actually have Alpine standalone builds so running code-server
-      # will not work.
-      - name: Test code-server was installed to prefix
-        run: test -f /tmp/does/not/yet/exist/bin/code-server
-
-  macos:
-    name: Test installer on macOS
-    runs-on: macos-latest
-
-    steps:
-      - name: Checkout repo
-        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
-
-      - name: Install code-server
-        run: ./install.sh
-
-      - name: Test code-server was installed globally
-        run: code-server --help

.github/workflows/installer.yml

@@ -0,0 +1,59 @@
+name: Installer integration
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - "install.sh"
+  pull_request:
+    branches:
+      - main
+    paths:
+      - "install.sh"
+
+jobs:
+  ubuntu:
+    name: Test installer on Ubuntu
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v2
+
+      - name: Install code-server
+        run: ./install.sh
+
+      - name: Test code-server
+        run: yarn test:standalone-release code-server
+
+  alpine:
+    name: Test installer on Alpine
+    runs-on: ubuntu-latest
+    container: "alpine:3.14"
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v2
+
+      - name: Install curl
+        run: apk add curl
+
+      - name: Add user
+        run: adduser coder --disabled-password
+
+      # Standalone should work without root.
+      - name: Test standalone to a non-existent prefix
+        run: su coder -c "./install.sh --method standalone --prefix /tmp/does/not/yet/exist"
+
+  macos:
+    name: Test installer on macOS
+    runs-on: macos-latest
+
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v2
+
+      - name: Install code-server
+        run: ./install.sh
+
+      - name: Test code-server
+        run: yarn test:standalone-release code-server

.github/workflows/npm-beta.yaml

@@ -0,0 +1,29 @@
+name: Publish on npm and tag with "beta"
+
+on:
+  # Shows the manual trigger in GitHub UI
+  # helpful as a back-up in case the GitHub Actions Workflow fails
+  workflow_dispatch:
+
+  push:
+    branches:
+      - main
+
+jobs:
+  # NOTE: this job requires curl, jq and yarn
+  # All of them are included in ubuntu-latest.
+  npm:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Publish npm package and tag "beta"
+        run: yarn publish:npm
+        env:
+          ENVIRONMENT: "staging"
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+          NPM_TAG: "beta"
+          # Since this only runs on a merge into main, we can't use github.event.number
+          # so we instead use the word "beta" and the PR merge commit SHA
+          PR_NUMBER_AND_COMMIT_SHA: beta-${{ github.sha }}

.github/workflows/npm-brew.yaml

@@ -0,0 +1,48 @@
+name: Publish on npm and brew
+
+on:
+  # Shows the manual trigger in GitHub UI
+  # helpful as a back-up in case the GitHub Actions Workflow fails
+  workflow_dispatch:
+
+  release:
+    types: [released]
+
+jobs:
+  # NOTE: this job requires curl, jq and yarn
+  # All of them are included in ubuntu-latest.
+  npm:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Publish npm package and tag with "latest"
+        run: yarn publish:npm
+        env:
+          ENVIRONMENT: "production"
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+          NPM_TAG: "latest"
+
+  homebrew:
+    # The newest version of code-server needs to be available on npm when this runs
+    # otherwise, it will 404 and won't open a PR to bump version on homebrew/homebrew-core
+    needs: npm
+    runs-on: macos-latest
+    steps:
+      # Ensure things are up to date
+      # Suggested by homebrew maintainers
+      # https://github.com/Homebrew/discussions/discussions/1532#discussioncomment-782633
+      - name: Set up Homebrew
+        id: set-up-homebrew
+        uses: Homebrew/actions/setup-homebrew@master
+
+      - uses: actions/checkout@v2
+      - name: Configure git
+        run: |
+          git config user.name github-actions
+          git config user.email github-actions@github.com
+      - name: Bump code-server homebrew version
+        env:
+          HOMEBREW_GITHUB_API_TOKEN: ${{secrets.HOMEBREW_GITHUB_API_TOKEN}}
+        run: ./ci/steps/brew-bump.sh

.github/workflows/npm-dev.yaml

@@ -0,0 +1,30 @@
+name: Publish on npm and tag with PR number
+
+on:
+  # Shows the manual trigger in GitHub UI
+  # helpful as a back-up in case the GitHub Actions Workflow fails
+  workflow_dispatch:
+
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  # NOTE: this job requires curl, jq and yarn
+  # All of them are included in ubuntu-latest.
+  npm:
+    # This environment "npm" requires someone from
+    # coder/code-server-reviewers to approve the PR before this job runs.
+    environment: npm
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Run ./ci/steps/publish-npm.sh
+        run: yarn publish:npm
+        env:
+          ENVIRONMENT: "development"
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}
+          NPM_TAG: ${{ github.event.number }}
+          PR_NUMBER_AND_COMMIT_SHA: ${{ github.event.number }}-${{ github.event.pull_request.head.sha }}

.github/workflows/publish.yaml

@@ -1,167 +0,0 @@
-name: Publish code-server
-
-on:
-  # Shows the manual trigger in GitHub UI
-  # helpful as a back-up in case the GitHub Actions Workflow fails
-  workflow_dispatch:
-    inputs:
-      version:
-        type: string
-        required: true
-
-  release:
-    types: [released]
-
-# Cancel in-progress runs for pull requests when developers push
-# additional changes, and serialize builds in branches.
-# https://docs.github.com/en/actions/using-jobs/using-concurrency#example-using-concurrency-to-cancel-any-in-progress-job-or-run
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: ${{ github.event_name == 'pull_request' }}
-
-jobs:
-  npm:
-    runs-on: ubuntu-latest
-    env:
-      TAG: ${{ inputs.version || github.ref_name }}
-      GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      NPM_TOKEN: ${{ secrets.NPM_TOKEN }}