Merge branch 'main' into kasmVNC

10 months ago · 382c76bc06
parent 3ce7ef56b1 438c904567
commit 382c76bc06
50 changed files with 1112 additions and 335 deletions
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@ -0,0 +1,6 @@
 version: 2
 updates:
  - package-ecosystem: "github-actions"
    directory: "/"
    schedule:
      interval: "weekly"
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@ -17,7 +17,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
-      - uses: oven-sh/setup-bun@v1
+      - uses: oven-sh/setup-bun@v2
        with:
          bun-version: latest
      - name: Setup
@ -27,7 +27,9 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
-      - uses: oven-sh/setup-bun@v1
+        with:
          fetch-depth: 0 # Needed to get tags
      - uses: oven-sh/setup-bun@v2
        with:
          bun-version: latest
      - name: Setup
@ -38,3 +40,16 @@ jobs:
        uses: crate-ci/typos@v1.17.2
      - name: Lint
        run: bun lint
      - name: Check version
        shell: bash
        run: |
          # check for version changes
          ./update-version.sh
          # Check if any changes were made in README.md files
          if [[ -n "$(git status --porcelain -- '**/README.md')" ]]; then
            echo "Version mismatch detected. Please run ./update-version.sh and commit the updated README.md files."
            git diff -- '**/README.md' 
            exit 1
          else
            echo "No version mismatch detected. All versions are up to date."
          fi
--- a/.github/workflows/update-readme.yaml
+++ b/.github/workflows/update-readme.yaml
@ -1,42 +0,0 @@
 name: Update README on Tag
 on:
  workflow_dispatch:
  push:
    tags:
      - 'v*'
 jobs:
  update-readme:
    permissions:
      contents: write
      pull-requests: write
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - name: Get the latest tag
        id: get-latest-tag
        run: echo "TAG=$(git describe --tags --abbrev=0 | sed 's/^v//')" >> $GITHUB_OUTPUT
      - name: Run update script
        run: ./update-version.sh
      - name: Create Pull Request
        id: create-pr
        uses: peter-evans/create-pull-request@v5
        with:
          commit-message: 'chore: bump version to ${{ env.TAG }} in README.md files'
          title: 'chore: bump version to ${{ env.TAG }} in README.md files'
          body: 'This is an auto-generated PR to update README.md files of all modules with the new tag ${{ env.TAG }}'
          branch: 'update-readme-branch'
          base: 'main'
        env:
          TAG: ${{ steps.get-latest-tag.outputs.TAG }}
      - name: Auto-approve
        uses: hmarr/auto-approve-action@v4
        if: github.ref == 'refs/heads/update-readme-branch'
--- a/.icons/cursor.svg
+++ b/.icons/cursor.svg
--- a/aws-region/main.test.ts
+++ b/aws-region/main.test.ts
@ -1,6 +1,5 @@
 import { describe, expect, it } from "bun:test";
 import {
  executeScriptInContainer,
  runTerraformApply,
  runTerraformInit,
  testRequiredVariables,
--- a/azure-region/main.test.ts
+++ b/azure-region/main.test.ts
@ -1,6 +1,5 @@
 import { describe, expect, it } from "bun:test";
 import {
  executeScriptInContainer,
  runTerraformApply,
  runTerraformInit,
  testRequiredVariables,
--- a/code-server/README.md
+++ b/code-server/README.md
@ -14,7 +14,7 @@ Automatically install [code-server](https://github.com/coder/code-server) in a w
 ```tf
 module "code-server" {
  source   = "registry.coder.com/modules/code-server/coder"
-  version  = "1.0.17"
+  version  = "1.0.18"
  agent_id = coder_agent.example.id
 }
 ```
@ -28,7 +28,7 @@ module "code-server" {
 ```tf
 module "code-server" {
  source          = "registry.coder.com/modules/code-server/coder"
-  version         = "1.0.17"
+  version         = "1.0.18"
  agent_id        = coder_agent.example.id
  install_version = "4.8.3"
 }
@ -41,7 +41,7 @@ Install the Dracula theme from [OpenVSX](https://open-vsx.org/):
 ```tf
 module "code-server" {
  source   = "registry.coder.com/modules/code-server/coder"
-  version  = "1.0.17"
+  version  = "1.0.18"
  agent_id = coder_agent.example.id
  extensions = [
    "dracula-theme.theme-dracula"
@ -58,7 +58,7 @@ Configure VS Code's [settings.json](https://code.visualstudio.com/docs/getstarte
 ```tf
 module "code-server" {
  source     = "registry.coder.com/modules/code-server/coder"
-  version    = "1.0.17"
+  version    = "1.0.18"
  agent_id   = coder_agent.example.id
  extensions = ["dracula-theme.theme-dracula"]
  settings = {
@ -74,7 +74,7 @@ Just run code-server in the background, don't fetch it from GitHub:
 ```tf
 module "code-server" {
  source     = "registry.coder.com/modules/code-server/coder"
-  version    = "1.0.17"
+  version    = "1.0.18"
  agent_id   = coder_agent.example.id
  extensions = ["dracula-theme.theme-dracula", "ms-azuretools.vscode-docker"]
 }
@ -89,7 +89,7 @@ Run an existing copy of code-server if found, otherwise download from GitHub:
 ```tf
 module "code-server" {
  source     = "registry.coder.com/modules/code-server/coder"
-  version    = "1.0.17"
+  version    = "1.0.18"
  agent_id   = coder_agent.example.id
  use_cached = true
  extensions = ["dracula-theme.theme-dracula", "ms-azuretools.vscode-docker"]
@ -101,7 +101,7 @@ Just run code-server in the background, don't fetch it from GitHub:
 ```tf
 module "code-server" {
  source   = "registry.coder.com/modules/code-server/coder"
-  version  = "1.0.17"
+  version  = "1.0.18"
  agent_id = coder_agent.example.id
  offline  = true
 }
--- a/coder-login/main.test.ts
+++ b/coder-login/main.test.ts
@ -1,10 +1,5 @@
-import { describe, expect, it } from "bun:test";
+import { describe } from "bun:test";
-import {
+import { runTerraformInit, testRequiredVariables } from "../test";
  executeScriptInContainer,
  runTerraformApply,
  runTerraformInit,
  testRequiredVariables,
 } from "../test";
 describe("coder-login", async () => {
  await runTerraformInit(import.meta.dir);
--- a/cursor/README.md
+++ b/cursor/README.md
@ -0,0 +1,35 @@
 ---
 display_name: Cursor IDE
 description: Add a one-click button to launch Cursor IDE
 icon: ../.icons/cursor.svg
 maintainer_github: coder
 verified: true
 tags: [ide, cursor, helper]
 ---
 # Cursor IDE
 Add a button to open any workspace with a single click in Cursor IDE.
 Uses the [Coder Remote VS Code Extension](https://github.com/coder/cursor-coder).
 ```tf
 module "cursor" {
  source   = "registry.coder.com/modules/cursor/coder"
  version  = "1.0.19"
  agent_id = coder_agent.example.id
 }
 ```
 ## Examples
 ### Open in a specific directory
 ```tf
 module "cursor" {
  source   = "registry.coder.com/modules/cursor/coder"
  version  = "1.0.19"
  agent_id = coder_agent.example.id
  folder   = "/home/coder/project"
 }
 ```
--- a/cursor/main.test.ts
+++ b/cursor/main.test.ts
@ -0,0 +1,88 @@
 import { describe, expect, it } from "bun:test";
 import {
  runTerraformApply,
  runTerraformInit,
  testRequiredVariables,
 } from "../test";
 describe("cursor", async () => {
  await runTerraformInit(import.meta.dir);
  testRequiredVariables(import.meta.dir, {
    agent_id: "foo",
  });
  it("default output", async () => {
    const state = await runTerraformApply(import.meta.dir, {
      agent_id: "foo",
    });
    expect(state.outputs.cursor_url.value).toBe(
      "cursor://coder.coder-remote/open?owner=default&workspace=default&url=https://mydeployment.coder.com&token=$SESSION_TOKEN",
    );
    const coder_app = state.resources.find(
      (res) => res.type === "coder_app" && res.name === "cursor",
    );
    expect(coder_app).not.toBeNull();
    expect(coder_app?.instances.length).toBe(1);
    expect(coder_app?.instances[0].attributes.order).toBeNull();
  });
  it("adds folder", async () => {
    const state = await runTerraformApply(import.meta.dir, {
      agent_id: "foo",
      folder: "/foo/bar",
    });
    expect(state.outputs.cursor_url.value).toBe(
      "cursor://coder.coder-remote/open?owner=default&workspace=default&folder=/foo/bar&url=https://mydeployment.coder.com&token=$SESSION_TOKEN",
    );
  });
  it("adds folder and open_recent", async () => {
    const state = await runTerraformApply(import.meta.dir, {
      agent_id: "foo",
      folder: "/foo/bar",
      open_recent: "true",
    });
    expect(state.outputs.cursor_url.value).toBe(
      "cursor://coder.coder-remote/open?owner=default&workspace=default&folder=/foo/bar&openRecent&url=https://mydeployment.coder.com&token=$SESSION_TOKEN",
    );
  });
  it("adds folder but not open_recent", async () => {
    const state = await runTerraformApply(import.meta.dir, {
      agent_id: "foo",
      folder: "/foo/bar",
      openRecent: "false",
    });
    expect(state.outputs.cursor_url.value).toBe(
      "cursor://coder.coder-remote/open?owner=default&workspace=default&folder=/foo/bar&url=https://mydeployment.coder.com&token=$SESSION_TOKEN",
    );
  });
  it("adds open_recent", async () => {
    const state = await runTerraformApply(import.meta.dir, {
      agent_id: "foo",
      open_recent: "true",
    });
    expect(state.outputs.cursor_url.value).toBe(
      "cursor://coder.coder-remote/open?owner=default&workspace=default&openRecent&url=https://mydeployment.coder.com&token=$SESSION_TOKEN",
    );
  });
  it("expect order to be set", async () => {
    const state = await runTerraformApply(import.meta.dir, {
      agent_id: "foo",
      order: "22",
    });
    const coder_app = state.resources.find(
      (res) => res.type === "coder_app" && res.name === "cursor",
    );
    expect(coder_app).not.toBeNull();
    expect(coder_app?.instances.length).toBe(1);
    expect(coder_app?.instances[0].attributes.order).toBe(22);
  });
 });
--- a/cursor/main.tf
+++ b/cursor/main.tf
@ -0,0 +1,62 @@
 terraform {
  required_version = ">= 1.0"
  required_providers {
    coder = {
      source  = "coder/coder"
      version = ">= 0.23"
    }
  }
 }
 variable "agent_id" {
  type        = string
  description = "The ID of a Coder agent."
 }
 variable "folder" {
  type        = string
  description = "The folder to open in Cursor IDE."
  default     = ""
 }
 variable "open_recent" {
  type        = bool
  description = "Open the most recent workspace or folder. Falls back to the folder if there is no recent workspace or folder to open."
  default     = false
 }
 variable "order" {
  type        = number
  description = "The order determines the position of app in the UI presentation. The lowest order is shown first and apps with equal order are sorted by name (ascending order)."
  default     = null
 }
 data "coder_workspace" "me" {}
 data "coder_workspace_owner" "me" {}
 resource "coder_app" "cursor" {
  agent_id     = var.agent_id
  external     = true
  icon         = "/icon/cursor.svg"
  slug         = "cursor"
  display_name = "Cursor Desktop"
  order        = var.order
  url = join("", [
    "cursor://coder.coder-remote/open",
    "?owner=",
    data.coder_workspace_owner.me.name,
    "&workspace=",
    data.coder_workspace.me.name,
    var.folder != "" ? join("", ["&folder=", var.folder]) : "",
    var.open_recent ? "&openRecent" : "",
    "&url=",
    data.coder_workspace.me.access_url,
    "&token=$SESSION_TOKEN",
  ])
 }
 output "cursor_url" {
  value       = coder_app.cursor.url
  description = "Cursor IDE Desktop URL."
 }
--- a/dotfiles/README.md
+++ b/dotfiles/README.md
@ -18,7 +18,7 @@ Under the hood, this module uses the [coder dotfiles](https://coder.com/docs/v2/
 ```tf
 module "dotfiles" {
  source   = "registry.coder.com/modules/dotfiles/coder"
-  version  = "1.0.15"
+  version  = "1.0.18"
  agent_id = coder_agent.example.id
 }
 ```
@ -30,7 +30,7 @@ module "dotfiles" {
 ```tf
 module "dotfiles" {
  source   = "registry.coder.com/modules/dotfiles/coder"
-  version  = "1.0.15"
+  version  = "1.0.18"
  agent_id = coder_agent.example.id
 }
 ```
@ -40,7 +40,7 @@ module "dotfiles" {
 ```tf
 module "dotfiles" {
  source   = "registry.coder.com/modules/dotfiles/coder"
-  version  = "1.0.15"
+  version  = "1.0.18"
  agent_id = coder_agent.example.id
  user     = "root"
 }
@ -51,13 +51,13 @@ module "dotfiles" {
 ```tf
 module "dotfiles" {
  source   = "registry.coder.com/modules/dotfiles/coder"
-  version  = "1.0.15"
+  version  = "1.0.18"
  agent_id = coder_agent.example.id
 }
 module "dotfiles-root" {
  source       = "registry.coder.com/modules/dotfiles/coder"
-  version      = "1.0.15"
+  version      = "1.0.18"
  agent_id     = coder_agent.example.id
  user         = "root"
  dotfiles_uri = module.dotfiles.dotfiles_uri
@ -71,7 +71,7 @@ You can set a default dotfiles repository for all users by setting the `default_
 ```tf
 module "dotfiles" {
  source               = "registry.coder.com/modules/dotfiles/coder"
-  version              = "1.0.15"
+  version              = "1.0.18"
  agent_id             = coder_agent.example.id
  default_dotfiles_uri = "https://github.com/coder/dotfiles"
 }
--- a/exoscale-zone/main.test.ts
+++ b/exoscale-zone/main.test.ts
@ -1,6 +1,5 @@
 import { describe, expect, it } from "bun:test";
 import {
  executeScriptInContainer,
  runTerraformApply,
  runTerraformInit,
  testRequiredVariables,
--- a/filebrowser/README.md
+++ b/filebrowser/README.md
@ -14,9 +14,8 @@ A file browser for your workspace.
 ```tf
 module "filebrowser" {
  source   = "registry.coder.com/modules/filebrowser/coder"
-  version    = "1.0.8"
+  version  = "1.0.19"
  agent_id = coder_agent.example.id
  agent_name = "main"
 }
 ```
@ -29,9 +28,8 @@ module "filebrowser" {
 ```tf
 module "filebrowser" {
  source   = "registry.coder.com/modules/filebrowser/coder"
-  version    = "1.0.8"
+  version  = "1.0.19"
  agent_id = coder_agent.example.id
  agent_name = "main"
  folder   = "/home/coder/project"
 }
 ```
@ -41,9 +39,8 @@ module "filebrowser" {
 ```tf
 module "filebrowser" {
  source        = "registry.coder.com/modules/filebrowser/coder"
-  version       = "1.0.8"
+  version       = "1.0.19"
  agent_id      = coder_agent.example.id
  agent_name    = "main"
  database_path = ".config/filebrowser.db"
 }
 ```
--- a/filebrowser/main.test.ts
+++ b/filebrowser/main.test.ts
@ -11,13 +11,11 @@ describe("filebrowser", async () => {
  testRequiredVariables(import.meta.dir, {
    agent_id: "foo",
    agent_name: "main",
  });
  it("fails with wrong database_path", async () => {
    const state = await runTerraformApply(import.meta.dir, {
      agent_id: "foo",
      agent_name: "main",
      database_path: "nofb",
    }).catch((e) => {
      if (!e.message.startsWith("\nError: Invalid value for variable")) {
@ -29,7 +27,6 @@ describe("filebrowser", async () => {
  it("runs with default", async () => {
    const state = await runTerraformApply(import.meta.dir, {
      agent_id: "foo",
      agent_name: "main",
    });
    const output = await executeScriptInContainer(state, "alpine");
    expect(output.exitCode).toBe(0);
@ -51,7 +48,6 @@ describe("filebrowser", async () => {
  it("runs with database_path var", async () => {
    const state = await runTerraformApply(import.meta.dir, {
      agent_id: "foo",
      agent_name: "main",
      database_path: ".config/filebrowser.db",
    });
    const output = await executeScriptInContainer(state, "alpine");
@ -74,7 +70,6 @@ describe("filebrowser", async () => {
  it("runs with folder var", async () => {
    const state = await runTerraformApply(import.meta.dir, {
      agent_id: "foo",
      agent_name: "main",
      folder: "/home/coder/project",
    });
    const output = await executeScriptInContainer(state, "alpine");
--- a/filebrowser/main.tf
+++ b/filebrowser/main.tf
@ -21,6 +21,12 @@ data "coder_workspace_owner" "me" {}
 variable "agent_name" {
  type        = string
  description = "The name of the main deployment. (Used to build the subpath for coder_app.)"
  default     = ""
  validation {
    # If subdomain is false, then agent_name must be set.
    condition     = var.subdomain || var.agent_name != ""
    error_message = "The agent_name must be set."
  }
 }
 variable "database_path" {
--- a/git-clone/README.md
+++ b/git-clone/README.md
@ -14,7 +14,7 @@ This module allows you to automatically clone a repository by URL and skip if it
 ```tf
 module "git-clone" {
  source   = "registry.coder.com/modules/git-clone/coder"
-  version  = "1.0.12"
+  version  = "1.0.18"
  agent_id = coder_agent.example.id
  url      = "https://github.com/coder/coder"
 }
@ -27,7 +27,7 @@ module "git-clone" {
 ```tf
 module "git-clone" {
  source   = "registry.coder.com/modules/git-clone/coder"
-  version  = "1.0.12"
+  version  = "1.0.18"
  agent_id = coder_agent.example.id
  url      = "https://github.com/coder/coder"
  base_dir = "~/projects/coder"
@ -41,7 +41,7 @@ To use with [Git Authentication](https://coder.com/docs/v2/latest/admin/git-prov
 ```tf
 module "git-clone" {
  source   = "registry.coder.com/modules/git-clone/coder"
-  version  = "1.0.12"
+  version  = "1.0.18"
  agent_id = coder_agent.example.id
  url      = "https://github.com/coder/coder"
 }
@ -66,7 +66,7 @@ data "coder_parameter" "git_repo" {
 # Clone the repository for branch `feat/example`
 module "git_clone" {
  source   = "registry.coder.com/modules/git-clone/coder"
-  version  = "1.0.12"
+  version  = "1.0.18"
  agent_id = coder_agent.example.id
  url      = data.coder_parameter.git_repo.value
 }
@ -74,7 +74,7 @@ module "git_clone" {
 # Create a code-server instance for the cloned repository
 module "code-server" {
  source   = "registry.coder.com/modules/code-server/coder"
-  version  = "1.0.12"
+  version  = "1.0.18"
  agent_id = coder_agent.example.id
  order    = 1
  folder   = "/home/${local.username}/${module.git_clone.folder_name}"
@ -98,7 +98,7 @@ Configuring `git-clone` for a self-hosted GitHub Enterprise Server running at `g
 ```tf
 module "git-clone" {
  source   = "registry.coder.com/modules/git-clone/coder"
-  version  = "1.0.12"
+  version  = "1.0.18"
  agent_id = coder_agent.example.id
  url      = "https://github.example.com/coder/coder/tree/feat/example"
  git_providers = {
@ -116,7 +116,7 @@ To GitLab clone with a specific branch like `feat/example`
 ```tf
 module "git-clone" {
  source   = "registry.coder.com/modules/git-clone/coder"
-  version  = "1.0.12"
+  version  = "1.0.18"
  agent_id = coder_agent.example.id
  url      = "https://gitlab.com/coder/coder/-/tree/feat/example"
 }
@ -127,7 +127,7 @@ Configuring `git-clone` for a self-hosted GitLab running at `gitlab.example.com`
 ```tf
 module "git-clone" {
  source   = "registry.coder.com/modules/git-clone/coder"
-  version  = "1.0.12"
+  version  = "1.0.18"
  agent_id = coder_agent.example.id
  url      = "https://gitlab.example.com/coder/coder/-/tree/feat/example"
  git_providers = {
@ -147,7 +147,7 @@ For example, to clone the `feat/example` branch:
 ```tf
 module "git-clone" {
  source      = "registry.coder.com/modules/git-clone/coder"
-  version     = "1.0.12"
+  version     = "1.0.18"
  agent_id    = coder_agent.example.id
  url         = "https://github.com/coder/coder"
  branch_name = "feat/example"
@ -163,7 +163,7 @@ For example, this will clone into the `~/projects/coder/coder-dev` folder:
 ```tf
 module "git-clone" {
  source      = "registry.coder.com/modules/git-clone/coder"
-  version     = "1.0.12"
+  version     = "1.0.18"
  agent_id    = coder_agent.example.id
  url         = "https://github.com/coder/coder"
  folder_name = "coder-dev"
--- a/git-commit-signing/README.md
+++ b/git-commit-signing/README.md
@ -2,8 +2,8 @@
 display_name: Git commit signing
 description: Configures Git to sign commits using your Coder SSH key
 icon: ../.icons/git.svg
-maintainer_github: phorcys420
+maintainer_github: coder
-verified: false
+verified: true
 tags: [helper, git]
 ---
--- a/github-upload-public-key/main.test.ts
+++ b/github-upload-public-key/main.test.ts
@ -1,3 +1,4 @@
 import { type Server, serve } from "bun";
 import { describe, expect, it } from "bun:test";
 import {
  createJSONResponse,
@ -9,7 +10,6 @@ import {
  testRequiredVariables,
  writeCoder,
 } from "../test";
 import { Server, serve } from "bun";
 describe("github-upload-public-key", async () => {
  await runTerraformInit(import.meta.dir);
@ -21,10 +21,12 @@ describe("github-upload-public-key", async () => {
  it("creates new key if one does not exist", async () => {
    const { instance, id, server } = await setupContainer();
    await writeCoder(id, "echo foo");
-    let exec = await execContainer(id, [
+
    const url = server.url.toString().slice(0, -1);
    const exec = await execContainer(id, [
      "env",
-      "CODER_ACCESS_URL=" + server.url.toString().slice(0, -1),
+      `CODER_ACCESS_URL=${url}`,
-      "GITHUB_API_URL=" + server.url.toString().slice(0, -1),
+      `GITHUB_API_URL=${url}`,
      "CODER_OWNER_SESSION_TOKEN=foo",
      "CODER_EXTERNAL_AUTH_ID=github",
      "bash",
@ -42,10 +44,12 @@ describe("github-upload-public-key", async () => {
    const { instance, id, server } = await setupContainer();
    // use keyword to make server return a existing key
    await writeCoder(id, "echo findkey");
-    let exec = await execContainer(id, [
+
    const url = server.url.toString().slice(0, -1);
    const exec = await execContainer(id, [
      "env",
-      "CODER_ACCESS_URL=" + server.url.toString().slice(0, -1),
+      `CODER_ACCESS_URL=${url}`,
-      "GITHUB_API_URL=" + server.url.toString().slice(0, -1),
+      `GITHUB_API_URL=${url}`,
      "CODER_OWNER_SESSION_TOKEN=foo",
      "CODER_EXTERNAL_AUTH_ID=github",
      "bash",
@ -95,7 +99,7 @@ const setupServer = async (): Promise<Server> => {
        }
        // case: key already exists
-        if (req.headers.get("Authorization") == "Bearer findkey") {
+        if (req.headers.get("Authorization") === "Bearer findkey") {
          return createJSONResponse([
            {
              key: "foo",
--- a/jfrog-oauth/.npmrc.tftpl
+++ b/jfrog-oauth/.npmrc.tftpl
@ -0,0 +1,5 @@
 email=${ARTIFACTORY_EMAIL}
 %{ for REPO in REPOS ~}
 ${REPO.SCOPE}registry=${JFROG_URL}/artifactory/api/npm/${REPO.NAME}
 //${JFROG_HOST}/artifactory/api/npm/${REPO.NAME}/:_authToken=${ARTIFACTORY_ACCESS_TOKEN}
 %{ endfor ~}
--- a/jfrog-oauth/README.md
+++ b/jfrog-oauth/README.md
@ -17,15 +17,16 @@ Install the JF CLI and authenticate package managers with Artifactory using OAut
 ```tf
 module "jfrog" {
  source         = "registry.coder.com/modules/jfrog-oauth/coder"
-  version        = "1.0.15"
+  version        = "1.0.19"
  agent_id       = coder_agent.example.id
  jfrog_url      = "https://example.jfrog.io"
  username_field = "username" # If you are using GitHub to login to both Coder and Artifactory, use username_field = "username"
  package_managers = {
-    "npm" : "npm",
+    npm    = ["npm", "@scoped:npm-scoped"]
-    "go" : "go",
+    go     = ["go", "another-go-repo"]
-    "pypi" : "pypi"
+    pypi   = ["pypi", "extra-index-pypi"]
    docker = ["example-docker-staging.jfrog.io", "example-docker-production.jfrog.io"]
  }
 }
 ```
@ -44,13 +45,13 @@ Configure the Python pip package manager to fetch packages from Artifactory whil
 ```tf
 module "jfrog" {
  source         = "registry.coder.com/modules/jfrog-oauth/coder"
-  version        = "1.0.15"
+  version        = "1.0.19"
  agent_id       = coder_agent.example.id
  jfrog_url      = "https://example.jfrog.io"
  username_field = "email"
  package_managers = {
-    "pypi" : "pypi"
+    pypi = ["pypi"]
  }
 }
 ```
@ -72,15 +73,15 @@ The [JFrog extension](https://open-vsx.org/extension/JFrog/jfrog-vscode-extensio
 ```tf
 module "jfrog" {
  source                = "registry.coder.com/modules/jfrog-oauth/coder"
-  version               = "1.0.15"
+  version               = "1.0.19"
  agent_id              = coder_agent.example.id
  jfrog_url             = "https://example.jfrog.io"
  username_field        = "username" # If you are using GitHub to login to both Coder and Artifactory, use username_field = "username"
  configure_code_server = true       # Add JFrog extension configuration for code-server
  package_managers = {
-    "npm" : "npm",
+    npm  = ["npm"]
-    "go" : "go",
+    go   = ["go"]
-    "pypi" : "pypi"
+    pypi = ["pypi"]
  }
 }
 ```
--- a/jfrog-oauth/main.test.ts
+++ b/jfrog-oauth/main.test.ts
@ -1,19 +1,129 @@
-import { serve } from "bun";
+import { describe, expect, it } from "bun:test";
 import { describe } from "bun:test";
 import {
-  createJSONResponse,
+  findResourceInstance,
  runTerraformInit,
  runTerraformApply,
  testRequiredVariables,
 } from "../test";
 describe("jfrog-oauth", async () => {
  type TestVariables = {
    agent_id: string;
    jfrog_url: string;
    package_managers: string;
    username_field?: string;
    jfrog_server_id?: string;
    external_auth_id?: string;
    configure_code_server?: boolean;
  };
  await runTerraformInit(import.meta.dir);
-  testRequiredVariables(import.meta.dir, {
+  const fakeFrogApi = "localhost:8081/artifactory/api";
  const fakeFrogUrl = "http://localhost:8081";
  const user = "default";
  it("can run apply with required variables", async () => {
    testRequiredVariables<TestVariables>(import.meta.dir, {
      agent_id: "some-agent-id",
-    jfrog_url: "http://localhost:8081",
+      jfrog_url: fakeFrogUrl,
      package_managers: "{}",
    });
-});
+  });
  it("generates an npmrc with scoped repos", async () => {
    const state = await runTerraformApply<TestVariables>(import.meta.dir, {
      agent_id: "some-agent-id",
      jfrog_url: fakeFrogUrl,
      package_managers: JSON.stringify({
        npm: ["global", "@foo:foo", "@bar:bar"],
      }),
    });
    const coderScript = findResourceInstance(state, "coder_script");
    const npmrcStanza = `cat << EOF > ~/.npmrc
 email=${user}@example.com
 registry=http://${fakeFrogApi}/npm/global
 //${fakeFrogApi}/npm/global/:_authToken=
@foo:registry=http://${fakeFrogApi}/npm/foo
 //${fakeFrogApi}/npm/foo/:_authToken=
@bar:registry=http://${fakeFrogApi}/npm/bar
 //${fakeFrogApi}/npm/bar/:_authToken=
 EOF`;
    expect(coderScript.script).toContain(npmrcStanza);
    expect(coderScript.script).toContain(
      'jf npmc --global --repo-resolve "global"',
    );
    expect(coderScript.script).toContain(
      'if [ -z "YES" ]; then\n  not_configured npm',
    );
  });
  it("generates a pip config with extra-indexes", async () => {
    const state = await runTerraformApply<TestVariables>(import.meta.dir, {
      agent_id: "some-agent-id",
      jfrog_url: fakeFrogUrl,
      package_managers: JSON.stringify({
        pypi: ["global", "foo", "bar"],
      }),
    });
    const coderScript = findResourceInstance(state, "coder_script");
    const pipStanza = `cat << EOF > ~/.pip/pip.conf
 [global]
 index-url = https://${user}:@${fakeFrogApi}/pypi/global/simple
 extra-index-url =
    https://${user}:@${fakeFrogApi}/pypi/foo/simple
    https://${user}:@${fakeFrogApi}/pypi/bar/simple
 EOF`;
    expect(coderScript.script).toContain(pipStanza);
    expect(coderScript.script).toContain(
      'jf pipc --global --repo-resolve "global"',
    );
    expect(coderScript.script).toContain(
      'if [ -z "YES" ]; then\n  not_configured pypi',
    );
  });
  it("registers multiple docker repos", async () => {
    const state = await runTerraformApply<TestVariables>(import.meta.dir, {
      agent_id: "some-agent-id",
      jfrog_url: fakeFrogUrl,
      package_managers: JSON.stringify({
        docker: ["foo.jfrog.io", "bar.jfrog.io", "baz.jfrog.io"],
      }),
    });
    const coderScript = findResourceInstance(state, "coder_script");
    const dockerStanza = ["foo", "bar", "baz"]
      .map((r) => `register_docker "${r}.jfrog.io"`)
      .join("\n");
    expect(coderScript.script).toContain(dockerStanza);
    expect(coderScript.script).toContain(
      'if [ -z "YES" ]; then\n  not_configured docker',
    );
  });
  it("sets goproxy with multiple repos", async () => {
    const state = await runTerraformApply<TestVariables>(import.meta.dir, {
      agent_id: "some-agent-id",
      jfrog_url: fakeFrogUrl,
      package_managers: JSON.stringify({
        go: ["foo", "bar", "baz"],
      }),
    });
    const proxyEnv = findResourceInstance(state, "coder_env", "goproxy");
    const proxies = ["foo", "bar", "baz"]
      .map((r) => `https://${user}:@${fakeFrogApi}/go/${r}`)
      .join(",");
    expect(proxyEnv.value).toEqual(proxies);
-//TODO add more tests
+    const coderScript = findResourceInstance(state, "coder_script");
    expect(coderScript.script).toContain(
      'jf goc --global --repo-resolve "foo"',
    );
    expect(coderScript.script).toContain(
      'if [ -z "YES" ]; then\n  not_configured go',
    );
  });
 });
--- a/jfrog-oauth/main.tf
+++ b/jfrog-oauth/main.tf
@ -53,23 +53,51 @@ variable "configure_code_server" {
 }
 variable "package_managers" {
-  type        = map(string)
+  type = object({
-  description = <<EOF
+    npm    = optional(list(string), [])
-A map of package manager names to their respective artifactory repositories.
+    go     = optional(list(string), [])
-For example:
+    pypi   = optional(list(string), [])
    docker = optional(list(string), [])
  })
  description = <<-EOF
    A map of package manager names to their respective artifactory repositories. Unused package managers can be omitted.
    For example:
      {
-      "npm": "YOUR_NPM_REPO_KEY",
+        npm    = ["GLOBAL_NPM_REPO_KEY", "@SCOPED:NPM_REPO_KEY"]
-      "go": "YOUR_GO_REPO_KEY",
+        go     = ["YOUR_GO_REPO_KEY", "ANOTHER_GO_REPO_KEY"]
-      "pypi": "YOUR_PYPI_REPO_KEY",
+        pypi   = ["YOUR_PYPI_REPO_KEY", "ANOTHER_PYPI_REPO_KEY"]
-      "docker": "YOUR_DOCKER_REPO_KEY"
+        docker = ["YOUR_DOCKER_REPO_KEY", "ANOTHER_DOCKER_REPO_KEY"]
      }
-EOF
+  EOF
 }
 locals {
  # The username field to use for artifactory
  username   = var.username_field == "email" ? data.coder_workspace_owner.me.email : data.coder_workspace_owner.me.name
-  jfrog_host = replace(var.jfrog_url, "https://", "")
+  jfrog_host = split("://", var.jfrog_url)[1]
  common_values = {
    JFROG_URL                = var.jfrog_url
    JFROG_HOST               = local.jfrog_host
    JFROG_SERVER_ID          = var.jfrog_server_id
    ARTIFACTORY_USERNAME     = local.username
    ARTIFACTORY_EMAIL        = data.coder_workspace_owner.me.email
    ARTIFACTORY_ACCESS_TOKEN = data.coder_external_auth.jfrog.access_token
  }
  npmrc = templatefile(
    "${path.module}/.npmrc.tftpl",
    merge(
      local.common_values,
      {
        REPOS = [
          for r in var.package_managers.npm :
          strcontains(r, ":") ? zipmap(["SCOPE", "NAME"], ["${split(":", r)[0]}:", split(":", r)[1]]) : { SCOPE = "", NAME = r }
        ]
      }
    )
  )
  pip_conf = templatefile(
    "${path.module}/pip.conf.tftpl", merge(local.common_values, { REPOS = var.package_managers.pypi })
  )
 }
 data "coder_workspace" "me" {}
@ -83,19 +111,22 @@ resource "coder_script" "jfrog" {
  agent_id     = var.agent_id
  display_name = "jfrog"
  icon         = "/icon/jfrog.svg"
-  script = templatefile("${path.module}/run.sh", {
+  script = templatefile("${path.module}/run.sh", merge(
-    JFROG_URL : var.jfrog_url,
+    local.common_values,
-    JFROG_HOST : local.jfrog_host,
+    {
-    JFROG_SERVER_ID : var.jfrog_server_id,
+      CONFIGURE_CODE_SERVER = var.configure_code_server
-    ARTIFACTORY_USERNAME : local.username,
+      HAS_NPM               = length(var.package_managers.npm) == 0 ? "" : "YES"
-    ARTIFACTORY_EMAIL : data.coder_workspace_owner.me.email,
+      NPMRC                 = local.npmrc
-    ARTIFACTORY_ACCESS_TOKEN : data.coder_external_auth.jfrog.access_token,
+      REPOSITORY_NPM        = try(element(var.package_managers.npm, 0), "")
-    CONFIGURE_CODE_SERVER : var.configure_code_server,
+      HAS_GO                = length(var.package_managers.go) == 0 ? "" : "YES"
-    REPOSITORY_NPM : lookup(var.package_managers, "npm", ""),
+      REPOSITORY_GO         = try(element(var.package_managers.go, 0), "")
-    REPOSITORY_GO : lookup(var.package_managers, "go", ""),
+      HAS_PYPI              = length(var.package_managers.pypi) == 0 ? "" : "YES"
-    REPOSITORY_PYPI : lookup(var.package_managers, "pypi", ""),
+      PIP_CONF              = local.pip_conf
-    REPOSITORY_DOCKER : lookup(var.package_managers, "docker", ""),
+      REPOSITORY_PYPI       = try(element(var.package_managers.pypi, 0), "")
-  })
+      HAS_DOCKER            = length(var.package_managers.docker) == 0 ? "" : "YES"
      REGISTER_DOCKER       = join("\n", formatlist("register_docker \"%s\"", var.package_managers.docker))
    }
  ))
  run_on_start = true
 }
@ -121,10 +152,13 @@ resource "coder_env" "jfrog_ide_store_connection" {
 }
 resource "coder_env" "goproxy" {
-  count    = lookup(var.package_managers, "go", "") == "" ? 0 : 1
+  count    = length(var.package_managers.go) == 0 ? 0 : 1
  agent_id = var.agent_id
  name     = "GOPROXY"
-  value    = "https://${local.username}:${data.coder_external_auth.jfrog.access_token}@${local.jfrog_host}/artifactory/api/go/${lookup(var.package_managers, "go", "")}"
+  value = join(",", [
    for repo in var.package_managers.go :
    "https://${local.username}:${data.coder_external_auth.jfrog.access_token}@${local.jfrog_host}/artifactory/api/go/${repo}"
  ])
 }
 output "access_token" {
--- a/jfrog-oauth/pip.conf.tftpl
+++ b/jfrog-oauth/pip.conf.tftpl
@ -0,0 +1,6 @@
 [global]
 index-url = https://${ARTIFACTORY_USERNAME}:${ARTIFACTORY_ACCESS_TOKEN}@${JFROG_HOST}/artifactory/api/pypi/${try(element(REPOS, 0), "")}/simple
 extra-index-url =
 %{ for REPO in try(slice(REPOS, 1, length(REPOS)), []) ~}
    https://${ARTIFACTORY_USERNAME}:${ARTIFACTORY_ACCESS_TOKEN}@${JFROG_HOST}/artifactory/api/pypi/${REPO}/simple
 %{ endfor ~}
--- a/jfrog-oauth/run.sh
+++ b/jfrog-oauth/run.sh
@ -2,6 +2,21 @@
 BOLD='\033[0;1m'
 not_configured() {
  type=$1
  echo "🤔 no $type repository is set, skipping $type configuration."
  echo "You can configure a $type repository by providing a key for '$type' in the 'package_managers' input."
 }
 config_complete() {
  echo "🥳 Configuration complete!"
 }
 register_docker() {
  repo=$1
  echo -n "${ARTIFACTORY_ACCESS_TOKEN}" | docker login "$repo" --username ${ARTIFACTORY_USERNAME} --password-stdin
 }
 # check if JFrog CLI is already installed
 if command -v jf > /dev/null 2>&1; then
  echo "✅ JFrog CLI is already installed, skipping installation."
@ -20,52 +35,47 @@ echo "${ARTIFACTORY_ACCESS_TOKEN}" | jf c add --access-token-stdin --url "${JFRO
 jf c use "${JFROG_SERVER_ID}"
 # Configure npm to use the Artifactory "npm" repository.
-if [ -z "${REPOSITORY_NPM}" ]; then
+if [ -z "${HAS_NPM}" ]; then
-  echo "🤔 no npm repository is set, skipping npm configuration."
+  not_configured npm
  echo "You can configure an npm repository by providing the a key for 'npm' in the 'package_managers' input."
 else
  echo "📦 Configuring npm..."
  jf npmc --global --repo-resolve "${REPOSITORY_NPM}"
  cat << EOF > ~/.npmrc
-email=${ARTIFACTORY_EMAIL}
+${NPMRC}
 registry=${JFROG_URL}/artifactory/api/npm/${REPOSITORY_NPM}
 EOF
-  echo "//${JFROG_HOST}/artifactory/api/npm/${REPOSITORY_NPM}/:_authToken=${ARTIFACTORY_ACCESS_TOKEN}" >> ~/.npmrc
+  config_complete
 fi
 # Configure the `pip` to use the Artifactory "python" repository.
-if [ -z "${REPOSITORY_PYPI}" ]; then
+if [ -z "${HAS_PYPI}" ]; then
-  echo "🤔 no pypi repository is set, skipping pip configuration."
+  not_configured pypi
  echo "You can configure a pypi repository by providing the a key for 'pypi' in the 'package_managers' input."
 else
-  echo "📦 Configuring pip..."
+  echo "🐍 Configuring pip..."
  jf pipc --global --repo-resolve "${REPOSITORY_PYPI}"
  mkdir -p ~/.pip
  cat << EOF > ~/.pip/pip.conf
-[global]
+${PIP_CONF}
 index-url = https://${ARTIFACTORY_USERNAME}:${ARTIFACTORY_ACCESS_TOKEN}@${JFROG_HOST}/artifactory/api/pypi/${REPOSITORY_PYPI}/simple
 EOF
  config_complete
 fi
 # Configure Artifactory "go" repository.
-if [ -z "${REPOSITORY_GO}" ]; then
+if [ -z "${HAS_GO}" ]; then
-  echo "🤔 no go repository is set, skipping go configuration."
+  not_configured go
  echo "You can configure a go repository by providing the a key for 'go' in the 'package_managers' input."
 else
  echo "🐹 Configuring go..."
  jf goc --global --repo-resolve "${REPOSITORY_GO}"
  config_complete
 fi
 echo "🥳 Configuration complete!"
 # Configure the JFrog CLI to use the Artifactory "docker" repository.
-if [ -z "${REPOSITORY_DOCKER}" ]; then
+if [ -z "${HAS_DOCKER}" ]; then
-  echo "🤔 no docker repository is set, skipping docker configuration."
+  not_configured docker
  echo "You can configure a docker repository by providing the a key for 'docker' in the 'package_managers' input."
 else
  if command -v docker > /dev/null 2>&1; then
    echo "🔑 Configuring 🐳 docker credentials..."
    mkdir -p ~/.docker
-    echo -n "${ARTIFACTORY_ACCESS_TOKEN}" | docker login ${JFROG_HOST} --username ${ARTIFACTORY_USERNAME} --password-stdin
+    ${REGISTER_DOCKER}
  else
    echo "🤔 no docker is installed, skipping docker configuration."
  fi
@ -96,20 +106,19 @@ echo "📦 Configuring JFrog CLI completion..."
 SHELLNAME=$(grep "^$USER" /etc/passwd | awk -F':' '{print $7}' | awk -F'/' '{print $NF}')
 # Generate the completion script
 jf completion $SHELLNAME --install
 begin_stanza="# BEGIN: jf CLI shell completion (added by coder module jfrog-oauth)"
 # Add the completion script to the user's shell profile
 if [ "$SHELLNAME" == "bash" ] && [ -f ~/.bashrc ]; then
-  if ! grep -q "# jf CLI shell completion" ~/.bashrc; then
+  if ! grep -q "$begin_stanza" ~/.bashrc; then
-    echo "" >> ~/.bashrc
+    printf "%s\n" "$begin_stanza" >> ~/.bashrc
    echo "# BEGIN: jf CLI shell completion (added by coder module jfrog-oauth)" >> ~/.bashrc
    echo 'source "$HOME/.jfrog/jfrog_bash_completion"' >> ~/.bashrc
    echo "# END: jf CLI shell completion" >> ~/.bashrc
  else
    echo "🥳 ~/.bashrc already contains jf CLI shell completion configuration, skipping."
  fi
 elif [ "$SHELLNAME" == "zsh" ] && [ -f ~/.zshrc ]; then
-  if ! grep -q "# jf CLI shell completion" ~/.zshrc; then
+  if ! grep -q "$begin_stanza" ~/.zshrc; then
-    echo "" >> ~/.zshrc
+    printf "\n%s\n" "$begin_stanza" >> ~/.zshrc
    echo "# BEGIN: jf CLI shell completion (added by coder module jfrog-oauth)" >> ~/.zshrc
    echo "autoload -Uz compinit" >> ~/.zshrc
    echo "compinit" >> ~/.zshrc
    echo 'source "$HOME/.jfrog/jfrog_zsh_completion"' >> ~/.zshrc
--- a/jfrog-token/.npmrc.tftpl
+++ b/jfrog-token/.npmrc.tftpl
@ -0,0 +1,5 @@
 email=${ARTIFACTORY_EMAIL}
 %{ for REPO in REPOS ~}
 ${REPO.SCOPE}registry=${JFROG_URL}/artifactory/api/npm/${REPO.NAME}
 //${JFROG_HOST}/artifactory/api/npm/${REPO.NAME}/:_authToken=${ARTIFACTORY_ACCESS_TOKEN}
 %{ endfor ~}
--- a/jfrog-token/README.md
+++ b/jfrog-token/README.md
@ -15,14 +15,15 @@ Install the JF CLI and authenticate package managers with Artifactory using Arti
 ```tf
 module "jfrog" {
  source                   = "registry.coder.com/modules/jfrog-token/coder"
-  version                  = "1.0.15"
+  version                  = "1.0.19"
  agent_id                 = coder_agent.example.id
  jfrog_url                = "https://XXXX.jfrog.io"
  artifactory_access_token = var.artifactory_access_token
  package_managers = {
-    "npm" : "npm",
+    npm    = ["npm", "@scoped:npm-scoped"]
-    "go" : "go",
+    go     = ["go", "another-go-repo"]
-    "pypi" : "pypi"
+    pypi   = ["pypi", "extra-index-pypi"]
    docker = ["example-docker-staging.jfrog.io", "example-docker-production.jfrog.io"]
  }
 }
 ```
@ -41,14 +42,14 @@ For detailed instructions, please see this [guide](https://coder.com/docs/v2/lat
 ```tf
 module "jfrog" {
  source                   = "registry.coder.com/modules/jfrog-token/coder"
-  version                  = "1.0.15"
+  version                  = "1.0.19"
  agent_id                 = coder_agent.example.id
  jfrog_url                = "https://YYYY.jfrog.io"
  artifactory_access_token = var.artifactory_access_token # An admin access token
  package_managers = {
-    "npm" : "npm-local",
+    npm  = ["npm-local"]
-    "go" : "go-local",
+    go   = ["go-local"]
-    "pypi" : "pypi-local"
+    pypi = ["pypi-local"]
  }
 }
 ```
@ -74,15 +75,15 @@ The [JFrog extension](https://open-vsx.org/extension/JFrog/jfrog-vscode-extensio
 ```tf
 module "jfrog" {
  source                   = "registry.coder.com/modules/jfrog-token/coder"
-  version                  = "1.0.15"
+  version                  = "1.0.19"
  agent_id                 = coder_agent.example.id
  jfrog_url                = "https://XXXX.jfrog.io"
  artifactory_access_token = var.artifactory_access_token
  configure_code_server    = true # Add JFrog extension configuration for code-server
  package_managers = {
-    "npm" : "npm",
+    npm  = ["npm"]
-    "go" : "go",
+    go   = ["go"]
-    "pypi" : "pypi"
+    pypi = ["pypi"]
  }
 }
 ```
@ -94,15 +95,13 @@ data "coder_workspace" "me" {}
 module "jfrog" {
  source                   = "registry.coder.com/modules/jfrog-token/coder"
-  version                  = "1.0.15"
+  version                  = "1.0.19"
  agent_id                 = coder_agent.example.id
  jfrog_url                = "https://XXXX.jfrog.io"
  artifactory_access_token = var.artifactory_access_token
  token_description        = "Token for Coder workspace: ${data.coder_workspace_owner.me.name}/${data.coder_workspace.me.name}"
  package_managers = {
-    "npm" : "npm",
+    npm = ["npm"]
    "go" : "go",
    "pypi" : "pypi"
  }
 }
 ```
--- a/jfrog-token/main.test.ts
+++ b/jfrog-token/main.test.ts
@ -1,12 +1,29 @@
 import { serve } from "bun";
-import { describe } from "bun:test";
+import { describe, expect, it } from "bun:test";
 import {
  createJSONResponse,
  findResourceInstance,
  runTerraformInit,
  runTerraformApply,
  testRequiredVariables,
 } from "../test";
 describe("jfrog-token", async () => {
  type TestVariables = {
    agent_id: string;
    jfrog_url: string;
    artifactory_access_token: string;
    package_managers: string;
    token_description?: string;
    check_license?: boolean;
    refreshable?: boolean;
    expires_in?: number;
    username_field?: string;
    jfrog_server_id?: string;
    configure_code_server?: boolean;
  };
  await runTerraformInit(import.meta.dir);
  // Run a fake JFrog server so the provider can initialize
@ -32,10 +49,116 @@ describe("jfrog-token", async () => {
    port: 0,
  });
-  testRequiredVariables(import.meta.dir, {
+  const fakeFrogApi = `${fakeFrogHost.hostname}:${fakeFrogHost.port}/artifactory/api`;
  const fakeFrogUrl = `http://${fakeFrogHost.hostname}:${fakeFrogHost.port}`;
  const user = "default";
  const token = "xxx";
  it("can run apply with required variables", async () => {
    testRequiredVariables<TestVariables>(import.meta.dir, {
      agent_id: "some-agent-id",
-    jfrog_url: "http://" + fakeFrogHost.hostname + ":" + fakeFrogHost.port,
+      jfrog_url: fakeFrogUrl,
      artifactory_access_token: "XXXX",
      package_managers: "{}",
    });
  });
  it("generates an npmrc with scoped repos", async () => {
    const state = await runTerraformApply<TestVariables>(import.meta.dir, {
      agent_id: "some-agent-id",
      jfrog_url: fakeFrogUrl,
      artifactory_access_token: "XXXX",
      package_managers: JSON.stringify({
        npm: ["global", "@foo:foo", "@bar:bar"],
      }),
    });
    const coderScript = findResourceInstance(state, "coder_script");
    const npmrcStanza = `cat << EOF > ~/.npmrc
 email=${user}@example.com
 registry=http://${fakeFrogApi}/npm/global
 //${fakeFrogApi}/npm/global/:_authToken=xxx
@foo:registry=http://${fakeFrogApi}/npm/foo
 //${fakeFrogApi}/npm/foo/:_authToken=xxx
@bar:registry=http://${fakeFrogApi}/npm/bar
 //${fakeFrogApi}/npm/bar/:_authToken=xxx
 EOF`;
    expect(coderScript.script).toContain(npmrcStanza);
    expect(coderScript.script).toContain(
      'jf npmc --global --repo-resolve "global"',
    );
    expect(coderScript.script).toContain(
      'if [ -z "YES" ]; then\n  not_configured npm',
    );
  });
  it("generates a pip config with extra-indexes", async () => {
    const state = await runTerraformApply<TestVariables>(import.meta.dir, {
      agent_id: "some-agent-id",
      jfrog_url: fakeFrogUrl,
      artifactory_access_token: "XXXX",
      package_managers: JSON.stringify({
        pypi: ["global", "foo", "bar"],
      }),
    });
    const coderScript = findResourceInstance(state, "coder_script");
    const pipStanza = `cat << EOF > ~/.pip/pip.conf
 [global]
 index-url = https://${user}:${token}@${fakeFrogApi}/pypi/global/simple
 extra-index-url =
    https://${user}:${token}@${fakeFrogApi}/pypi/foo/simple
    https://${user}:${token}@${fakeFrogApi}/pypi/bar/simple
 EOF`;
    expect(coderScript.script).toContain(pipStanza);
    expect(coderScript.script).toContain(
      'jf pipc --global --repo-resolve "global"',
    );
    expect(coderScript.script).toContain(
      'if [ -z "YES" ]; then\n  not_configured pypi',
    );
  });
  it("registers multiple docker repos", async () => {
    const state = await runTerraformApply<TestVariables>(import.meta.dir, {
      agent_id: "some-agent-id",
      jfrog_url: fakeFrogUrl,
      artifactory_access_token: "XXXX",
      package_managers: JSON.stringify({
        docker: ["foo.jfrog.io", "bar.jfrog.io", "baz.jfrog.io"],
      }),
    });
    const coderScript = findResourceInstance(state, "coder_script");
    const dockerStanza = ["foo", "bar", "baz"]
      .map((r) => `register_docker "${r}.jfrog.io"`)
      .join("\n");
    expect(coderScript.script).toContain(dockerStanza);
    expect(coderScript.script).toContain(
      'if [ -z "YES" ]; then\n  not_configured docker',
    );
  });
  it("sets goproxy with multiple repos", async () => {
    const state = await runTerraformApply<TestVariables>(import.meta.dir, {
      agent_id: "some-agent-id",
      jfrog_url: fakeFrogUrl,
      artifactory_access_token: "XXXX",
      package_managers: JSON.stringify({
        go: ["foo", "bar", "baz"],
      }),
    });
    const proxyEnv = findResourceInstance(state, "coder_env", "goproxy");
    const proxies = ["foo", "bar", "baz"]
      .map((r) => `https://${user}:${token}@${fakeFrogApi}/go/${r}`)
      .join(",");
    expect(proxyEnv.value).toEqual(proxies);
    const coderScript = findResourceInstance(state, "coder_script");
    expect(coderScript.script).toContain(
      'jf goc --global --repo-resolve "foo"',
    );
    expect(coderScript.script).toContain(
      'if [ -z "YES" ]; then\n  not_configured go',
    );
  });
 });
--- a/jfrog-token/main.tf
+++ b/jfrog-token/main.tf
@ -80,23 +80,51 @@ variable "configure_code_server" {
 }
 variable "package_managers" {
-  type        = map(string)
+  type = object({
-  description = <<EOF
+    npm    = optional(list(string), [])
-A map of package manager names to their respective artifactory repositories.
+    go     = optional(list(string), [])
-For example:
+    pypi   = optional(list(string), [])
    docker = optional(list(string), [])
  })
  description = <<-EOF
    A map of package manager names to their respective artifactory repositories. Unused package managers can be omitted.
    For example:
      {
-      "npm": "YOUR_NPM_REPO_KEY",
+        npm    = ["GLOBAL_NPM_REPO_KEY", "@SCOPED:NPM_REPO_KEY"]
-      "go": "YOUR_GO_REPO_KEY",
+        go     = ["YOUR_GO_REPO_KEY", "ANOTHER_GO_REPO_KEY"]
-      "pypi": "YOUR_PYPI_REPO_KEY",
+        pypi   = ["YOUR_PYPI_REPO_KEY", "ANOTHER_PYPI_REPO_KEY"]
-      "docker": "YOUR_DOCKER_REPO_KEY"
+        docker = ["YOUR_DOCKER_REPO_KEY", "ANOTHER_DOCKER_REPO_KEY"]
      }
-EOF
+  EOF
 }
 locals {
  # The username field to use for artifactory
  username   = var.username_field == "email" ? data.coder_workspace_owner.me.email : data.coder_workspace_owner.me.name
-  jfrog_host = replace(var.jfrog_url, "https://", "")
+  jfrog_host = split("://", var.jfrog_url)[1]
  common_values = {
    JFROG_URL                = var.jfrog_url
    JFROG_HOST               = local.jfrog_host
    JFROG_SERVER_ID          = var.jfrog_server_id
    ARTIFACTORY_USERNAME     = local.username
    ARTIFACTORY_EMAIL        = data.coder_workspace_owner.me.email
    ARTIFACTORY_ACCESS_TOKEN = artifactory_scoped_token.me.access_token
  }
  npmrc = templatefile(
    "${path.module}/.npmrc.tftpl",
    merge(
      local.common_values,
      {
        REPOS = [
          for r in var.package_managers.npm :
          strcontains(r, ":") ? zipmap(["SCOPE", "NAME"], ["${split(":", r)[0]}:", split(":", r)[1]]) : { SCOPE = "", NAME = r }
        ]
      }
    )
  )
  pip_conf = templatefile(
    "${path.module}/pip.conf.tftpl", merge(local.common_values, { REPOS = var.package_managers.pypi })
  )
 }
 # Configure the Artifactory provider
@ -123,19 +151,22 @@ resource "coder_script" "jfrog" {
  agent_id     = var.agent_id
  display_name = "jfrog"
  icon         = "/icon/jfrog.svg"
-  script = templatefile("${path.module}/run.sh", {
+  script = templatefile("${path.module}/run.sh", merge(
-    JFROG_URL : var.jfrog_url,
+    local.common_values,
-    JFROG_HOST : local.jfrog_host,
+    {
-    JFROG_SERVER_ID : var.jfrog_server_id,
+      CONFIGURE_CODE_SERVER = var.configure_code_server
-    ARTIFACTORY_USERNAME : local.username,
+      HAS_NPM               = length(var.package_managers.npm) == 0 ? "" : "YES"
-    ARTIFACTORY_EMAIL : data.coder_workspace_owner.me.email,
+      NPMRC                 = local.npmrc
-    ARTIFACTORY_ACCESS_TOKEN : artifactory_scoped_token.me.access_token,
+      REPOSITORY_NPM        = try(element(var.package_managers.npm, 0), "")
-    CONFIGURE_CODE_SERVER : var.configure_code_server,
+      HAS_GO                = length(var.package_managers.go) == 0 ? "" : "YES"
-    REPOSITORY_NPM : lookup(var.package_managers, "npm", ""),
+      REPOSITORY_GO         = try(element(var.package_managers.go, 0), "")
-    REPOSITORY_GO : lookup(var.package_managers, "go", ""),
+      HAS_PYPI              = length(var.package_managers.pypi) == 0 ? "" : "YES"
-    REPOSITORY_PYPI : lookup(var.package_managers, "pypi", ""),
+      PIP_CONF              = local.pip_conf
-    REPOSITORY_DOCKER : lookup(var.package_managers, "docker", ""),
+      REPOSITORY_PYPI       = try(element(var.package_managers.pypi, 0), "")
-  })
+      HAS_DOCKER            = length(var.package_managers.docker) == 0 ? "" : "YES"
      REGISTER_DOCKER       = join("\n", formatlist("register_docker \"%s\"", var.package_managers.docker))
    }
  ))
  run_on_start = true
 }
@ -161,10 +192,13 @@ resource "coder_env" "jfrog_ide_store_connection" {
 }
 resource "coder_env" "goproxy" {
-  count    = lookup(var.package_managers, "go", "") == "" ? 0 : 1
+  count    = length(var.package_managers.go) == 0 ? 0 : 1
  agent_id = var.agent_id
  name     = "GOPROXY"
-  value    = "https://${local.username}:${artifactory_scoped_token.me.access_token}@${local.jfrog_host}/artifactory/api/go/${lookup(var.package_managers, "go", "")}"
+  value = join(",", [
    for repo in var.package_managers.go :
    "https://${local.username}:${artifactory_scoped_token.me.access_token}@${local.jfrog_host}/artifactory/api/go/${repo}"
  ])
 }
 output "access_token" {
--- a/jfrog-token/pip.conf.tftpl
+++ b/jfrog-token/pip.conf.tftpl
@ -0,0 +1,6 @@
 [global]
 index-url = https://${ARTIFACTORY_USERNAME}:${ARTIFACTORY_ACCESS_TOKEN}@${JFROG_HOST}/artifactory/api/pypi/${try(element(REPOS, 0), "")}/simple
 extra-index-url =
 %{ for REPO in try(slice(REPOS, 1, length(REPOS)), []) ~}
    https://${ARTIFACTORY_USERNAME}:${ARTIFACTORY_ACCESS_TOKEN}@${JFROG_HOST}/artifactory/api/pypi/${REPO}/simple
 %{ endfor ~}
--- a/jfrog-token/run.sh
+++ b/jfrog-token/run.sh
@ -2,6 +2,21 @@
 BOLD='\033[0;1m'
 not_configured() {
  type=$1
  echo "🤔 no $type repository is set, skipping $type configuration."
  echo "You can configure a $type repository by providing a key for '$type' in the 'package_managers' input."
 }
 config_complete() {
  echo "🥳 Configuration complete!"
 }
 register_docker() {
  repo=$1
  echo -n "${ARTIFACTORY_ACCESS_TOKEN}" | docker login "$repo" --username ${ARTIFACTORY_USERNAME} --password-stdin
 }
 # check if JFrog CLI is already installed
 if command -v jf > /dev/null 2>&1; then
  echo "✅ JFrog CLI is already installed, skipping installation."
@ -11,8 +26,7 @@ else
  sudo chmod 755 /usr/local/bin/jf
 fi
-# The jf CLI checks $CI when determining whether to use interactive
+# The jf CLI checks $CI when determining whether to use interactive flows.
 # flows.
 export CI=true
 # Authenticate JFrog CLI with Artifactory.
 echo "${ARTIFACTORY_ACCESS_TOKEN}" | jf c add --access-token-stdin --url "${JFROG_URL}" --overwrite "${JFROG_SERVER_ID}"
@ -20,52 +34,47 @@ echo "${ARTIFACTORY_ACCESS_TOKEN}" | jf c add --access-token-stdin --url "${JFRO
 jf c use "${JFROG_SERVER_ID}"
 # Configure npm to use the Artifactory "npm" repository.
-if [ -z "${REPOSITORY_NPM}" ]; then
+if [ -z "${HAS_NPM}" ]; then
-  echo "🤔 no npm repository is set, skipping npm configuration."
+  not_configured npm
  echo "You can configure an npm repository by providing the a key for 'npm' in the 'package_managers' input."
 else
  echo "📦 Configuring npm..."
  jf npmc --global --repo-resolve "${REPOSITORY_NPM}"
  cat << EOF > ~/.npmrc
-email=${ARTIFACTORY_EMAIL}
+${NPMRC}
 registry=${JFROG_URL}/artifactory/api/npm/${REPOSITORY_NPM}
 EOF
-  echo "//${JFROG_HOST}/artifactory/api/npm/${REPOSITORY_NPM}/:_authToken=${ARTIFACTORY_ACCESS_TOKEN}" >> ~/.npmrc
+  config_complete
 fi
 # Configure the `pip` to use the Artifactory "python" repository.
-if [ -z "${REPOSITORY_PYPI}" ]; then
+if [ -z "${HAS_PYPI}" ]; then
-  echo "🤔 no pypi repository is set, skipping pip configuration."
+  not_configured pypi
  echo "You can configure a pypi repository by providing the a key for 'pypi' in the 'package_managers' input."
 else
  echo "🐍 Configuring pip..."
  jf pipc --global --repo-resolve "${REPOSITORY_PYPI}"
  mkdir -p ~/.pip
  cat << EOF > ~/.pip/pip.conf
-[global]
+${PIP_CONF}
 index-url = https://${ARTIFACTORY_USERNAME}:${ARTIFACTORY_ACCESS_TOKEN}@${JFROG_HOST}/artifactory/api/pypi/${REPOSITORY_PYPI}/simple
 EOF
  config_complete
 fi
 # Configure Artifactory "go" repository.
-if [ -z "${REPOSITORY_GO}" ]; then
+if [ -z "${HAS_GO}" ]; then
-  echo "🤔 no go repository is set, skipping go configuration."
+  not_configured go
  echo "You can configure a go repository by providing the a key for 'go' in the 'package_managers' input."
 else
  echo "🐹 Configuring go..."
  jf goc --global --repo-resolve "${REPOSITORY_GO}"
  config_complete
 fi
 echo "🥳 Configuration complete!"
 # Configure the JFrog CLI to use the Artifactory "docker" repository.
-if [ -z "${REPOSITORY_DOCKER}" ]; then
+if [ -z "${HAS_DOCKER}" ]; then
-  echo "🤔 no docker repository is set, skipping docker configuration."
+  not_configured docker
  echo "You can configure a docker repository by providing the a key for 'docker' in the 'package_managers' input."
 else
  if command -v docker > /dev/null 2>&1; then
    echo "🔑 Configuring 🐳 docker credentials..."
    mkdir -p ~/.docker
-    echo -n "${ARTIFACTORY_ACCESS_TOKEN}" | docker login ${JFROG_HOST} --username ${ARTIFACTORY_USERNAME} --password-stdin
+    ${REGISTER_DOCKER}
  else
    echo "🤔 no docker is installed, skipping docker configuration."
  fi
@ -96,20 +105,19 @@ echo "📦 Configuring JFrog CLI completion..."
 SHELLNAME=$(grep "^$USER" /etc/passwd | awk -F':' '{print $7}' | awk -F'/' '{print $NF}')
 # Generate the completion script
 jf completion $SHELLNAME --install
 begin_stanza="# BEGIN: jf CLI shell completion (added by coder module jfrog-token)"
 # Add the completion script to the user's shell profile
 if [ "$SHELLNAME" == "bash" ] && [ -f ~/.bashrc ]; then
-  if ! grep -q "# jf CLI shell completion" ~/.bashrc; then
+  if ! grep -q "$begin_stanza" ~/.bashrc; then
-    echo "" >> ~/.bashrc
+    printf "%s\n" "$begin_stanza" >> ~/.bashrc
    echo "# BEGIN: jf CLI shell completion (added by coder module jfrog-token)" >> ~/.bashrc
    echo 'source "$HOME/.jfrog/jfrog_bash_completion"' >> ~/.bashrc
    echo "# END: jf CLI shell completion" >> ~/.bashrc
  else
    echo "🥳 ~/.bashrc already contains jf CLI shell completion configuration, skipping."
  fi
 elif [ "$SHELLNAME" == "zsh" ] && [ -f ~/.zshrc ]; then
-  if ! grep -q "# jf CLI shell completion" ~/.zshrc; then
+  if ! grep -q "$begin_stanza" ~/.zshrc; then
-    echo "" >> ~/.zshrc
+    printf "\n%s\n" "$begin_stanza" >> ~/.zshrc
    echo "# BEGIN: jf CLI shell completion (added by coder module jfrog-token)" >> ~/.zshrc
    echo "autoload -Uz compinit" >> ~/.zshrc
    echo "compinit" >> ~/.zshrc
    echo 'source "$HOME/.jfrog/jfrog_zsh_completion"' >> ~/.zshrc
--- a/jupyter-notebook/README.md
+++ b/jupyter-notebook/README.md
@ -16,7 +16,7 @@ A module that adds Jupyter Notebook in your Coder template.
 ```tf
 module "jupyter-notebook" {
  source   = "registry.coder.com/modules/jupyter-notebook/coder"
-  version  = "1.0.8"
+  version  = "1.0.19"
  agent_id = coder_agent.example.id
 }
 ```
--- a/jupyter-notebook/run.sh
+++ b/jupyter-notebook/run.sh
@ -7,14 +7,14 @@ printf "$${BOLD}Installing jupyter-notebook!\n"
 # check if jupyter-notebook is installed
 if ! command -v jupyter-notebook > /dev/null 2>&1; then
  # install jupyter-notebook
-  # check if python3 pip is installed
+  # check if pipx is installed
-  if ! command -v pip3 > /dev/null 2>&1; then
+  if ! command -v pipx > /dev/null 2>&1; then
-    echo "pip3 is not installed"
+    echo "pipx is not installed"
-    echo "Please install pip3 in your Dockerfile/VM image before running this script"
+    echo "Please install pipx in your Dockerfile/VM image before using this module"
    exit 1
  fi
-  # install jupyter-notebook
+  # install jupyter notebook
-  pip3 install --upgrade --no-cache-dir --no-warn-script-location jupyter
+  pipx install -q notebook
  echo "🥳 jupyter-notebook has been installed\n\n"
 else
  echo "🥳 jupyter-notebook is already installed\n\n"
@ -22,4 +22,4 @@ fi
 echo "👷 Starting jupyter-notebook in background..."
 echo "check logs at ${LOG_PATH}"
-$HOME/.local/bin/jupyter notebook --NotebookApp.ip='0.0.0.0' --ServerApp.port=${PORT} --no-browser --ServerApp.token='' --ServerApp.password='' > ${LOG_PATH} 2>&1 &
+$HOME/.local/bin/jupyter-notebook --NotebookApp.ip='0.0.0.0' --ServerApp.port=${PORT} --no-browser --ServerApp.token='' --ServerApp.password='' > ${LOG_PATH} 2>&1 &
--- a/jupyterlab/README.md
+++ b/jupyterlab/README.md
@ -16,7 +16,7 @@ A module that adds JupyterLab in your Coder template.
 ```tf
 module "jupyterlab" {
  source   = "registry.coder.com/modules/jupyterlab/coder"
-  version  = "1.0.8"
+  version  = "1.0.19"
  agent_id = coder_agent.example.id
 }
 ```
--- a/jupyterlab/main.test.ts
+++ b/jupyterlab/main.test.ts
@ -1,20 +1,20 @@
 import { describe, expect, it } from "bun:test";
 import {
  execContainer,
  executeScriptInContainer,
  findResourceInstance,
  runContainer,
  runTerraformApply,
  runTerraformInit,
  testRequiredVariables,
-  findResourceInstance,
+  type TerraformState,
  runContainer,
  TerraformState,
  execContainer,
 } from "../test";
 // executes the coder script after installing pip
 const executeScriptInContainerWithPip = async (
  state: TerraformState,
  image: string,
-  shell: string = "sh",
+  shell = "sh",
 ): Promise<{
  exitCode: number;
  stdout: string[];
@ -22,7 +22,7 @@ const executeScriptInContainerWithPip = async (
 }> => {
  const instance = findResourceInstance(state, "coder_script");
  const id = await runContainer(image);
-  const respPip = await execContainer(id, [shell, "-c", "apk add py3-pip"]);
+  const respPipx = await execContainer(id, [shell, "-c", "apk add pipx"]);
  const resp = await execContainer(id, [shell, "-c", instance.script]);
  const stdout = resp.stdout.trim().split("\n");
  const stderr = resp.stderr.trim().split("\n");
@ -40,7 +40,7 @@ describe("jupyterlab", async () => {
    agent_id: "foo",
  });
-  it("fails without pip3", async () => {
+  it("fails without pipx", async () => {
    const state = await runTerraformApply(import.meta.dir, {
      agent_id: "foo",
    });
@ -48,14 +48,14 @@ describe("jupyterlab", async () => {
    expect(output.exitCode).toBe(1);
    expect(output.stdout).toEqual([
      "\u001B[0;1mInstalling jupyterlab!",
-      "pip3 is not installed",
+      "pipx is not installed",
-      "Please install pip3 in your Dockerfile/VM image before running this script",
+      "Please install pipx in your Dockerfile/VM image before running this script",
    ]);
  });
-  // TODO: Add faster test to run with pip3.
+  // TODO: Add faster test to run with pipx.
  // currently times out.
-  // it("runs with pip3", async () => {
+  // it("runs with pipx", async () => {
  //   ...
  //   const output = await executeScriptInContainerWithPip(state, "alpine");
  //   ...
--- a/jupyterlab/run.sh
+++ b/jupyterlab/run.sh
@ -7,14 +7,14 @@ printf "$${BOLD}Installing jupyterlab!\n"
 # check if jupyterlab is installed
 if ! command -v jupyterlab > /dev/null 2>&1; then
  # install jupyterlab
-  # check if python3 pip is installed
+  # check if pipx is installed
-  if ! command -v pip3 > /dev/null 2>&1; then
+  if ! command -v pipx > /dev/null 2>&1; then
-    echo "pip3 is not installed"
+    echo "pipx is not installed"
-    echo "Please install pip3 in your Dockerfile/VM image before running this script"
+    echo "Please install pipx in your Dockerfile/VM image before running this script"
    exit 1
  fi
  # install jupyterlab
-  pip3 install --upgrade --no-cache-dir --no-warn-script-location jupyterlab
+  pipx install -q jupyterlab
  echo "🥳 jupyterlab has been installed\n\n"
 else
  echo "🥳 jupyterlab is already installed\n\n"
@ -22,4 +22,4 @@ fi
 echo "👷 Starting jupyterlab in background..."
 echo "check logs at ${LOG_PATH}"
-$HOME/.local/bin/jupyter lab --ServerApp.ip='0.0.0.0' --ServerApp.port=${PORT} --no-browser --ServerApp.token='' --ServerApp.password='' > ${LOG_PATH} 2>&1 &
+$HOME/.local/bin/jupyter-lab --ServerApp.ip='0.0.0.0' --ServerApp.port=${PORT} --no-browser --ServerApp.token='' --ServerApp.password='' > ${LOG_PATH} 2>&1 &
--- a/nodejs/main.test.ts
+++ b/nodejs/main.test.ts
@ -1,4 +1,4 @@
-import { describe, expect, it } from "bun:test";
+import { describe } from "bun:test";
 import { runTerraformInit, testRequiredVariables } from "../test";
 describe("nodejs", async () => {
--- a/personalize/main.test.ts
+++ b/personalize/main.test.ts
@ -1,13 +1,9 @@
 import { readableStreamToText, spawn } from "bun";
 import { describe, expect, it } from "bun:test";
 import {
  executeScriptInContainer,
  runTerraformApply,
  runTerraformInit,
  testRequiredVariables,
  runContainer,
  execContainer,
  findResourceInstance,
 } from "../test";
 describe("personalize", async () => {
--- a/slackme/main.test.ts
+++ b/slackme/main.test.ts
@ -72,7 +72,7 @@ executed`,
  it("formats execution with milliseconds", async () => {
    await assertSlackMessage({
      command: "echo test",
-      format: `$COMMAND took $DURATION`,
+      format: "$COMMAND took $DURATION",
      durationMS: 150,
      output: "echo test took 150ms",
    });
@ -81,7 +81,7 @@ executed`,
  it("formats execution with seconds", async () => {
    await assertSlackMessage({
      command: "echo test",
-      format: `$COMMAND took $DURATION`,
+      format: "$COMMAND took $DURATION",
      durationMS: 15000,
      output: "echo test took 15.0s",
    });
@ -90,7 +90,7 @@ executed`,
  it("formats execution with minutes", async () => {
    await assertSlackMessage({
      command: "echo test",
-      format: `$COMMAND took $DURATION`,
+      format: "$COMMAND took $DURATION",
      durationMS: 120000,
      output: "echo test took 2m 0.0s",
    });
@ -99,7 +99,7 @@ executed`,
  it("formats execution with hours", async () => {
    await assertSlackMessage({
      command: "echo test",
-      format: `$COMMAND took $DURATION`,
+      format: "$COMMAND took $DURATION",
      durationMS: 60000 * 60,
      output: "echo test took 1hr 0m 0.0s",
    });
--- a/test.ts
+++ b/test.ts
@ -1,6 +1,6 @@
 import { readableStreamToText, spawn } from "bun";
-import { afterEach, expect, it } from "bun:test";
+import { expect, it } from "bun:test";
-import { readFile, unlink } from "fs/promises";
+import { readFile, unlink } from "node:fs/promises";
 export const runContainer = async (
  image: string,
@ -21,7 +21,8 @@ export const runContainer = async (
    "-c",
    init,
  ]);
-  let containerID = await readableStreamToText(proc.stdout);
+
  const containerID = await readableStreamToText(proc.stdout);
  const exitCode = await proc.exited;
  if (exitCode !== 0) {
    throw new Error(containerID);
@ -36,7 +37,7 @@ export const runContainer = async (
 export const executeScriptInContainer = async (
  state: TerraformState,
  image: string,
-  shell: string = "sh",
+  shell = "sh",
 ): Promise<{
  exitCode: number;
  stdout: string[];
@ -108,12 +109,17 @@ export interface TerraformState {
  resources: [TerraformStateResource, ...TerraformStateResource[]];
 }
 type TerraformVariables = Record<string, JsonValue>;
 export interface CoderScriptAttributes {
  script: string;
  agent_id: string;
  url: string;
 }
 export type ResourceInstance<T extends string = string> =
  T extends "coder_script" ? CoderScriptAttributes : Record<string, string>;
 /**
 * finds the first instance of the given resource type in the given state. If
 * name is specified, it will only find the instance with the given name.
@ -122,10 +128,7 @@ export const findResourceInstance = <T extends string>(
  state: TerraformState,
  type: T,
  name?: string,
-  // if type is "coder_script" return CoderScriptAttributes
+): ResourceInstance<T> => {
 ): T extends "coder_script"
  ? CoderScriptAttributes
  : Record<string, string> => {
  const resource = state.resources.find(
    (resource) =>
      resource.type === type && (name ? resource.name === name : true),
@ -138,16 +141,17 @@ export const findResourceInstance = <T extends string>(
      `Resource ${type} has ${resource.instances.length} instances`,
    );
  }
-  return resource.instances[0].attributes as any;
+
  return resource.instances[0].attributes as ResourceInstance<T>;
 };
 /**
 * Creates a test-case for each variable provided and ensures that the apply
 * fails without it.
 */
-export const testRequiredVariables = <TVars extends Record<string, string>>(
+export const testRequiredVariables = <TVars extends TerraformVariables>(
  dir: string,
-  vars: TVars,
+  vars: Readonly<TVars>,
 ) => {
  // Ensures that all required variables are provided.
  it("required variables", async () => {
@ -155,15 +159,15 @@ export const testRequiredVariables = <TVars extends Record<string, string>>(
  });
  const varNames = Object.keys(vars);
-  varNames.forEach((varName) => {
+  for (const varName of varNames) {
    // Ensures that every variable provided is required!
-    it("missing variable " + varName, async () => {
+    it(`missing variable: ${varName}`, async () => {
-      const localVars: Record<string, string> = {};
+      const localVars: TerraformVariables = {};
-      varNames.forEach((otherVarName) => {
+      for (const otherVarName of varNames) {
        if (otherVarName !== varName) {
          localVars[otherVarName] = vars[otherVarName];
        }
-      });
+      }
      try {
        await runTerraformApply(dir, localVars);
@ -179,7 +183,7 @@ export const testRequiredVariables = <TVars extends Record<string, string>>(
      }
      throw new Error(`${varName} is not a required variable!`);
    });
-  });
+  }
 };
 /**
@ -187,11 +191,9 @@ export const testRequiredVariables = <TVars extends Record<string, string>>(
 * fine to run in parallel with other instances of this function, as it uses a
 * random state file.
 */
-export const runTerraformApply = async <
+export const runTerraformApply = async <TVars extends TerraformVariables>(
  TVars extends Readonly<Record<string, string | boolean>>,
 >(
  dir: string,
-  vars: TVars,
+  vars: Readonly<TVars>,
  env?: Record<string, string>,
 ): Promise<TerraformState> => {
  const stateFile = `${dir}/${crypto.randomUUID()}.tfstate`;
--- a/tsconfig.json
+++ b/tsconfig.json
@ -1,10 +1,14 @@
 {
  "compilerOptions": {
-    "target": "esnext",
+    // If we were just compiling for the tests, we could safely target ESNext at
-    "module": "esnext",
+    // all times, but just because we've been starting to add more runtime logic
    // files to some of the modules, erring on the side of caution by having a
    // older compilation target
    "target": "ES6",
    "module": "ESNext",
    "strict": true,
    "allowSyntheticDefaultImports": true,
-    "moduleResolution": "nodenext",
+    "moduleResolution": "node",
    "types": ["bun-types"]
  }
 }
--- a/update-version.sh
+++ b/update-version.sh
@ -1,20 +1,24 @@
 #!/usr/bin/env bash
-# This script updates the version number in the README.md files of all modules
+# This script increments the version number in the README.md files of all modules
-# to the latest tag in the repository. It is intended to be run from the root
+# by 1 patch version. It is intended to be run from the root
 # of the repository or by using the `bun update-version` command.
 set -euo pipefail
 current_tag=$(git describe --tags --abbrev=0)
 previous_tag=$(git describe --tags --abbrev=0 $current_tag^)
 mapfile -t changed_dirs < <(git diff --name-only "$previous_tag"..."$current_tag" -- ':!**/README.md' ':!**/*.test.ts' | xargs dirname | grep -v '^\.' | sort -u)
-LATEST_TAG=$(git describe --abbrev=0 --tags | sed 's/^v//') || exit $?
+# Increment the patch version
 LATEST_TAG=$(echo "$current_tag" | sed 's/^v//' | awk -F. '{print $1"."$2"."$3+1}') || exit $?
 # List directories with changes that are not README.md or test files
 mapfile -t changed_dirs < <(git diff --name-only "$current_tag" -- ':!**/README.md' ':!**/*.test.ts' | xargs dirname | grep -v '^\.' | sort -u)
 echo "Directories with changes: ${changed_dirs[*]}"
 # Iterate over directories and update version in README.md
 for dir in "${changed_dirs[@]}"; do
  if [[ -f "$dir/README.md" ]]; then
    echo "Bumping version in $dir/README.md"
    file="$dir/README.md"
    tmpfile=$(mktemp /tmp/tempfile.XXXXXX)
    awk -v tag="$LATEST_TAG" '{
@ -25,5 +29,12 @@ for dir in "${changed_dirs[@]}"; do
        print
      }
    }' "$file" > "$tmpfile" && mv "$tmpfile" "$file"
    # Check if the README.md file has changed
    if ! git diff --quiet -- "$dir/README.md"; then
      echo "Bumping version in $dir/README.md from $current_tag to $LATEST_TAG (incremented)"
    else
      echo "Version in $dir/README.md is already up to date"
    fi
  fi
 done
--- a/vault-jwt/README.md
+++ b/vault-jwt/README.md
@ -0,0 +1,77 @@
 ---
 display_name: Hashicorp Vault Integration (JWT)
 description: Authenticates with Vault using a JWT from Coder's OIDC provider
 icon: ../.icons/vault.svg
 maintainer_github: coder
 partner_github: hashicorp
 verified: true
 tags: [helper, integration, vault, jwt, oidc]
 ---
 # Hashicorp Vault Integration (JWT)
 This module lets you authenticate with [Hashicorp Vault](https://www.vaultproject.io/) in your Coder workspaces by reusing the [OIDC](https://coder.com/docs/admin/auth#openid-connect) access token from Coder's OIDC authentication method. This requires configuring the Vault [JWT/OIDC](https://developer.hashicorp.com/vault/docs/auth/jwt#configuration) auth method.
 ```tf
 module "vault" {
  source         = "registry.coder.com/modules/vault-jwt/coder"
  version        = "1.0.19"
  agent_id       = coder_agent.example.id
  vault_addr     = "https://vault.example.com"
  vault_jwt_role = "coder" # The Vault role to use for authentication
 }
 ```
 Then you can use the Vault CLI in your workspaces to fetch secrets from Vault:
 ```shell
 vault kv get -namespace=coder -mount=secrets coder
 ```
 or using the Vault API:
 ```shell
 curl -H "X-Vault-Token: ${VAULT_TOKEN}" -X GET "${VAULT_ADDR}/v1/coder/secrets/data/coder"
 ```
 ## Examples
 ### Configure Vault integration with a non standard auth path (default is "jwt")
 ```tf
 module "vault" {
  source              = "registry.coder.com/modules/vault-jwt/coder"
  version             = "1.0.19"
  agent_id            = coder_agent.example.id
  vault_addr          = "https://vault.example.com"
  vault_jwt_auth_path = "oidc"
  vault_jwt_role      = "coder" # The Vault role to use for authentication
 }
 ```
 ### Map workspace owner's group to a Vault role
 ```tf
 data "coder_workspace_owner" "me" {}
 module "vault" {
  source         = "registry.coder.com/modules/vault-jwt/coder"
  version        = "1.0.19"
  agent_id       = coder_agent.example.id
  vault_addr     = "https://vault.example.com"
  vault_jwt_role = data.coder_workspace_owner.me.groups[0]
 }
 ```
 ### Install a specific version of the Vault CLI
 ```tf
 module "vault" {
  source            = "registry.coder.com/modules/vault-jwt/coder"
  version           = "1.0.19"
  agent_id          = coder_agent.example.id
  vault_addr        = "https://vault.example.com"
  vault_jwt_role    = "coder" # The Vault role to use for authentication
  vault_cli_version = "1.17.5"
 }
 ```
--- a/vault-jwt/main.test.ts
+++ b/vault-jwt/main.test.ts
@ -0,0 +1,12 @@
 import { describe } from "bun:test";
 import { runTerraformInit, testRequiredVariables } from "../test";
 describe("vault-jwt", async () => {
  await runTerraformInit(import.meta.dir);
  testRequiredVariables(import.meta.dir, {
    agent_id: "foo",
    vault_addr: "foo",
    vault_jwt_role: "foo",
  });
 });
--- a/vault-jwt/main.tf
+++ b/vault-jwt/main.tf
@ -0,0 +1,64 @@
 terraform {
  required_version = ">= 1.0"
  required_providers {
    coder = {
      source  = "coder/coder"
      version = ">= 0.12.4"
    }
  }
 }
 # Add required variables for your modules and remove any unneeded variables
 variable "agent_id" {
  type        = string
  description = "The ID of a Coder agent."
 }
 variable "vault_addr" {
  type        = string
  description = "The address of the Vault server."
 }
 variable "vault_jwt_auth_path" {
  type        = string
  description = "The path to the Vault JWT auth method."
  default     = "jwt"
 }
 variable "vault_jwt_role" {
  type        = string
  description = "The name of the Vault role to use for authentication."
 }
 variable "vault_cli_version" {
  type        = string
  description = "The version of Vault to install."
  default     = "latest"
  validation {
    condition     = can(regex("^(latest|[0-9]+\\.[0-9]+\\.[0-9]+)$", var.vault_cli_version))
    error_message = "Vault version must be in the format 0.0.0 or latest"
  }
 }
 resource "coder_script" "vault" {
  agent_id     = var.agent_id
  display_name = "Vault (GitHub)"
  icon         = "/icon/vault.svg"
  script = templatefile("${path.module}/run.sh", {
    CODER_OIDC_ACCESS_TOKEN : data.coder_workspace_owner.me.oidc_access_token,
    VAULT_JWT_AUTH_PATH : var.vault_jwt_auth_path,
    VAULT_JWT_ROLE : var.vault_jwt_role,
    VAULT_CLI_VERSION : var.vault_cli_version,
  })
  run_on_start       = true
  start_blocks_login = true
 }
 resource "coder_env" "vault_addr" {
  agent_id = var.agent_id
  name     = "VAULT_ADDR"
  value    = var.vault_addr
 }
 data "coder_workspace_owner" "me" {}
--- a/vault-jwt/run.sh
+++ b/vault-jwt/run.sh
@ -0,0 +1,112 @@
 #!/usr/bin/env bash
 # Convert all templated variables to shell variables
 VAULT_CLI_VERSION=${VAULT_CLI_VERSION}
 VAULT_JWT_AUTH_PATH=${VAULT_JWT_AUTH_PATH}
 VAULT_JWT_ROLE=${VAULT_JWT_ROLE}
 CODER_OIDC_ACCESS_TOKEN=${CODER_OIDC_ACCESS_TOKEN}
 fetch() {
  dest="$1"
  url="$2"
  if command -v curl > /dev/null 2>&1; then
    curl -sSL --fail "$${url}" -o "$${dest}"
  elif command -v wget > /dev/null 2>&1; then
    wget -O "$${dest}" "$${url}"
  elif command -v busybox > /dev/null 2>&1; then
    busybox wget -O "$${dest}" "$${url}"
  else
    printf "curl, wget, or busybox is not installed. Please install curl or wget in your image.\n"
    exit 1
  fi
 }
 unzip_safe() {
  if command -v unzip > /dev/null 2>&1; then
    command unzip "$@"
  elif command -v busybox > /dev/null 2>&1; then
    busybox unzip "$@"
  else
    printf "unzip or busybox is not installed. Please install unzip in your image.\n"
    exit 1
  fi
 }
 install() {
  # Get the architecture of the system
  ARCH=$(uname -m)
  if [ "$${ARCH}" = "x86_64" ]; then
    ARCH="amd64"
  elif [ "$${ARCH}" = "aarch64" ]; then
    ARCH="arm64"
  else
    printf "Unsupported architecture: $${ARCH}\n"
    return 1
  fi
  # Fetch the latest version of Vault if VAULT_CLI_VERSION is 'latest'
  if [ "$${VAULT_CLI_VERSION}" = "latest" ]; then
    LATEST_VERSION=$(curl -s https://releases.hashicorp.com/vault/ | grep -v 'rc' | grep -oE 'vault/[0-9]+\.[0-9]+\.[0-9]+' | sed 's/vault\///' | sort -V | tail -n 1)
    printf "Latest version of Vault is %s.\n\n" "$${LATEST_VERSION}"
    if [ -z "$${LATEST_VERSION}" ]; then
      printf "Failed to determine the latest Vault version.\n"
      return 1
    fi
    VAULT_CLI_VERSION=$${VAULT_CLI_VERSION}
  fi
  # Check if the vault CLI is installed and has the correct version
  installation_needed=1
  if command -v vault > /dev/null 2>&1; then
    CURRENT_VERSION=$(vault version | grep -oE '[0-9]+\.[0-9]+\.[0-9]+')
    if [ "$${CURRENT_VERSION}" = "$${VAULT_CLI_VERSION}" ]; then
      printf "Vault version %s is already installed and up-to-date.\n\n" "$${CURRENT_VERSION}"
      installation_needed=0
    fi
  fi
  if [ $${installation_needed} -eq 1 ]; then
    # Download and install Vault
    if [ -z "$${CURRENT_VERSION}" ]; then
      printf "Installing Vault CLI ...\n\n"
    else
      printf "Upgrading Vault CLI from version %s to %s ...\n\n" "$${CURRENT_VERSION}" "${VAULT_CLI_VERSION}"
    fi
    fetch vault.zip "https://releases.hashicorp.com/vault/$${VAULT_CLI_VERSION}/vault_$${VAULT_CLI_VERSION}_linux_$${ARCH}.zip"
    if [ $? -ne 0 ]; then
      printf "Failed to download Vault.\n"
      return 1
    fi
    if ! unzip_safe vault.zip; then
      printf "Failed to unzip Vault.\n"
      return 1
    fi
    rm vault.zip
    if sudo mv vault /usr/local/bin/vault 2> /dev/null; then
      printf "Vault installed successfully!\n\n"
    else
      mkdir -p ~/.local/bin
      if ! mv vault ~/.local/bin/vault; then
        printf "Failed to move Vault to local bin.\n"
        return 1
      fi
      printf "Please add ~/.local/bin to your PATH to use vault CLI.\n"
    fi
  fi
  return 0
 }
 TMP=$(mktemp -d)
 if ! (
  cd "$TMP"
  install
 ); then
  echo "Failed to install Vault CLI."
  exit 1
 fi
 rm -rf "$TMP"
 # Authenticate with Vault
 printf "🔑 Authenticating with Vault ...\n\n"
 echo "$${CODER_OIDC_ACCESS_TOKEN}" | vault write auth/"$${VAULT_JWT_AUTH_PATH}"/login role="$${VAULT_JWT_ROLE}" jwt=-
 printf "🥳 Vault authentication complete!\n\n"
 printf "You can now use Vault CLI to access secrets.\n"
--- a/vscode-desktop/main.test.ts
+++ b/vscode-desktop/main.test.ts
@ -22,7 +22,7 @@ describe("vscode-desktop", async () => {
    );
    const coder_app = state.resources.find(
-      (res) => res.type == "coder_app" && res.name == "vscode",
+      (res) => res.type === "coder_app" && res.name === "vscode",
    );
    expect(coder_app).not.toBeNull();
@ -79,7 +79,7 @@ describe("vscode-desktop", async () => {
    });
    const coder_app = state.resources.find(
-      (res) => res.type == "coder_app" && res.name == "vscode",
+      (res) => res.type === "coder_app" && res.name === "vscode",
    );
    expect(coder_app).not.toBeNull();
--- a/windows-rdp/README.md
+++ b/windows-rdp/README.md
@ -15,7 +15,7 @@ Enable Remote Desktop + a web based client on Windows workspaces, powered by [de
 # AWS example. See below for examples of using this module with other providers
 module "windows_rdp" {
  source      = "registry.coder.com/modules/windows-rdp/coder"
-  version     = "1.0.16"
+  version     = "1.0.18"
  count       = data.coder_workspace.me.start_count
  agent_id    = resource.coder_agent.main.id
  resource_id = resource.aws_instance.dev.id
@ -33,7 +33,7 @@ module "windows_rdp" {
 ```tf
 module "windows_rdp" {
  source      = "registry.coder.com/modules/windows-rdp/coder"
-  version     = "1.0.16"
+  version     = "1.0.18"
  count       = data.coder_workspace.me.start_count
  agent_id    = resource.coder_agent.main.id
  resource_id = resource.aws_instance.dev.id
@ -45,7 +45,7 @@ module "windows_rdp" {
 ```tf
 module "windows_rdp" {
  source      = "registry.coder.com/modules/windows-rdp/coder"
-  version     = "1.0.16"
+  version     = "1.0.18"
  count       = data.coder_workspace.me.start_count
  agent_id    = resource.coder_agent.main.id
  resource_id = resource.google_compute_instance.dev[0].id
--- a/windows-rdp/main.test.ts
+++ b/windows-rdp/main.test.ts
@ -1,6 +1,6 @@
 import { describe, expect, it } from "bun:test";
 import {
-  TerraformState,
+  type TerraformState,
  runTerraformApply,
  runTerraformInit,
  testRequiredVariables,