turn back the schedule

chore: add updates to force redeployment on Vercel (#348 )
## Changes made - Updated `check.sh` script to add support for automatic re-deploying in the event that the the registry has a partial/full outage. --------- Co-authored-by: Cian Johnston <cian@coder.com>
2024-11-23 00:26:46 +00:00 · 2024-11-22 23:45:57 +00:00 · 2024-11-19 14:22:03 +05:00 · 2024-11-18 16:11:12 +05:00 · 2024-11-15 12:27:03 +00:00 · 2024-10-30 18:10:26 +05:00
64 changed files with 1678 additions and 390 deletions
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -0,0 +1,6 @@
 version: 2
 updates:
  - package-ecosystem: "github-actions"
    directory: "/"
    schedule:
      interval: "weekly"
--- a/.github/scripts/check.sh
+++ b/.github/scripts/check.sh
@@ -0,0 +1,186 @@
 #!/usr/bin/env bash
 set -o pipefail
 set -u
 VERBOSE="${VERBOSE:-0}"
 if [[ "${VERBOSE}" -ne "0" ]]; then
    set -x
 fi
 # List of required environment variables
 required_vars=(
    "INSTATUS_API_KEY"
    "INSTATUS_PAGE_ID"
    "INSTATUS_COMPONENT_ID"
    "VERCEL_API_KEY"
 )
 # Check if each required variable is set
 for var in "${required_vars[@]}"; do
    if [[ -z "${!var:-}" ]]; then
        echo "Error: Environment variable '$var' is not set."
        exit 1
    fi
 done
 REGISTRY_BASE_URL="${REGISTRY_BASE_URL:-https://registry.coder.com}"
 status=0
 declare -a modules=()
 declare -a failures=()
 # Collect all module directories containing a main.tf file
 for path in $(find . -maxdepth 2 -not -path '*/.*' -type f -name main.tf | cut -d '/' -f 2 | sort -u); do
    modules+=("${path}")
 done
 echo "Checking modules: ${modules[*]}"
 # Function to update the component status on Instatus
 update_component_status() {
    local component_status=$1
    # see https://instatus.com/help/api/components
    (curl -X PUT "https://api.instatus.com/v1/$INSTATUS_PAGE_ID/components/$INSTATUS_COMPONENT_ID" \
        -H "Authorization: Bearer $INSTATUS_API_KEY" \
        -H "Content-Type: application/json" \
        -d "{\"status\": \"$component_status\"}")
 }
 # Function to create an incident
 create_incident() {
    local incident_name="Testing Instatus"
    local message="The following modules are experiencing issues:\n"
    for i in "${!failures[@]}"; do
        message+="$((i + 1)). ${failures[$i]}\n"
    done
    component_status="PARTIALOUTAGE"
    if (( ${#failures[@]} == ${#modules[@]} )); then
        component_status="MAJOROUTAGE"
    fi
    # see https://instatus.com/help/api/incidents
    response=$(curl -s -X POST "https://api.instatus.com/v1/$INSTATUS_PAGE_ID/incidents" \
        -H "Authorization: Bearer $INSTATUS_API_KEY" \
        -H "Content-Type: application/json" \
        -d "{
            \"name\": \"$incident_name\",
            \"message\": \"$message\",
            \"components\": [\"$INSTATUS_COMPONENT_ID\"],
            \"status\": \"INVESTIGATING\",
            \"notify\": true,
            \"statuses\": [
                {
                    \"id\": \"$INSTATUS_COMPONENT_ID\",
                    \"status\": \"PARTIALOUTAGE\"
                }
            ]
        }")
    incident_id=$(echo "$response" | jq -r '.id')
    echo "$incident_id"
 }
 force_redeploy_registry () {
    # These are not secret values; safe to just expose directly in script
    local VERCEL_TEAM_SLUG="codercom"
    local VERCEL_TEAM_ID="team_tGkWfhEGGelkkqUUm9nXq17r"
    local VERCEL_APP="registry"
    local latest_res
    latest_res=$(curl "https://api.vercel.com/v6/deployments?app=$VERCEL_APP&limit=1&slug=$VERCEL_TEAM_SLUG&teamId=$VERCEL_TEAM_ID&target=production&state=BUILDING,INITIALIZING,QUEUED,READY" \
        --fail \
        --silent \
        --header "Authorization: Bearer $VERCEL_API_KEY" \
        --header "Content-Type: application/json"
    )
    # If we have zero deployments, something is VERY wrong. Make the whole
    # script exit with a non-zero status code
    local latest_id
    latest_id=$(echo "${latest_res}" | jq -r '.deployments[0].uid')
    if [[ "${latest_id}" = "null" ]]; then
        echo "Unable to pull any previous deployments for redeployment"
        echo "Please redeploy the latest deployment manually in Vercel."
        echo "https://vercel.com/codercom/registry/deployments"
        exit 1
    fi
    local latest_date_ts_seconds
    latest_date_ts_seconds=$(echo "${latest_res}" | jq -r '.deployments[0].createdAt/1000|floor')
    local current_date_ts_seconds
    current_date_ts_seconds="$(date +%s)"
    local max_redeploy_interval_seconds=7200 # 2 hours
    if (( current_date_ts_seconds - latest_date_ts_seconds < max_redeploy_interval_seconds )); then
        echo "The registry was deployed less than 2 hours ago."
        echo "Not automatically re-deploying the regitstry."
        echo "A human reading this message should decide if a redeployment is necessary."
        echo "Please check the Vercel dashboard for more information."
        echo "https://vercel.com/codercom/registry/deployments"
        exit 1
    fi
    local latest_deployment_state
    latest_deployment_state="$(echo "${latest_res}" | jq -r '.deployments[0].state')"
    if [[ "${latest_deployment_state}" != "READY" ]]; then
        echo "Last deployment was not in READY state. Skipping redeployment."
        echo "A human reading this message should decide if a redeployment is necessary."
        echo "Please check the Vercel dashboard for more information."
        echo "https://vercel.com/codercom/registry/deployments"
        exit 1
    fi
    echo "============================================================="
    echo "!!! Redeploying registry with deployment ID: ${latest_id} !!!"
    echo "============================================================="
    if ! curl -X POST "https://api.vercel.com/v13/deployments?forceNew=1&skipAutoDetectionConfirmation=1&slug=$VERCEL_TEAM_SLUG&teamId=$VERCEL_TEAM_ID" \
        --fail \
        --header "Authorization: Bearer $VERCEL_API_KEY" \
        --header "Content-Type: application/json" \
        --data-raw "{ \"deploymentId\": \"${latest_id}\", \"name\": \"${VERCEL_APP}\", \"target\": \"production\" }"; then
        echo "DEPLOYMENT FAILED! Please check the Vercel dashboard for more information."
        echo "https://vercel.com/codercom/registry/deployments"
        exit 1
    fi
 }
 # Check each module's accessibility
 for module in "${modules[@]}"; do
    # Trim leading/trailing whitespace from module name
    module=$(echo "${module}" | xargs)
    url="${REGISTRY_BASE_URL}/modules/${module}"
    printf "=== Checking module %s at %s\n" "${module}" "${url}"
    status_code=$(curl --output /dev/null --head --silent --fail --location "${url}" --retry 3 --write-out "%{http_code}")
    if (( status_code != 200 )); then
        printf "==> FAIL(%s)\n" "${status_code}"
        status=1
        failures+=("${module}")
    else
        printf "==> OK(%s)\n" "${status_code}"
    fi
 done
 # Determine overall status and update Instatus component
 if (( status == 0 )); then
    echo "All modules are operational."
    # set to
    update_component_status "OPERATIONAL"
 else
    echo "The following modules have issues: ${failures[*]}"
    # check if all modules are down
    if (( ${#failures[@]} == ${#modules[@]} )); then
        update_component_status "MAJOROUTAGE"
    else
        update_component_status "PARTIALOUTAGE"
    fi
    # Create a new incident
    incident_id=$(create_incident)
    echo "Created incident with ID: $incident_id"
    # If a module is down, force a reployment to try getting things back online
    # ASAP
    force_redeploy_registry
 fi
 exit "${status}"
--- a/.github/workflows/check.yaml
+++ b/.github/workflows/check.yaml
@@ -0,0 +1,23 @@
 name: Health
 # Check modules health on registry.coder.com
 on:
  schedule:
    - cron: "*/13 * * * *" # Runs every 13th minute
  workflow_dispatch: # Allows manual triggering of the workflow if needed
 jobs:
  run-script:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
      - name: Run check.sh
        run: |
          ./.github/scripts/check.sh
        env:
          INSTATUS_API_KEY: ${{ secrets.INSTATUS_API_KEY }}
          INSTATUS_PAGE_ID: ${{ secrets.INSTATUS_PAGE_ID }}
          INSTATUS_COMPONENT_ID: ${{ secrets.INSTATUS_COMPONENT_ID }}
          VERCEL_API_KEY: ${{ secrets.VERCEL_API_KEY }}
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -17,7 +17,8 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
-      - uses: oven-sh/setup-bun@v1
+      - uses: coder/coder/.github/actions/setup-tf@main
      - uses: oven-sh/setup-bun@v2
        with:
          bun-version: latest
      - name: Setup
@@ -27,7 +28,10 @@ jobs:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
-      - uses: oven-sh/setup-bun@v1
+        with:
          fetch-depth: 0 # Needed to get tags
      - uses: coder/coder/.github/actions/setup-tf@main
      - uses: oven-sh/setup-bun@v2
        with:
          bun-version: latest
      - name: Setup
@@ -38,3 +42,16 @@ jobs:
        uses: crate-ci/typos@v1.17.2
      - name: Lint
        run: bun lint
      - name: Check version
        shell: bash
        run: |
          # check for version changes
          ./update-version.sh
          # Check if any changes were made in README.md files
          if [[ -n "$(git status --porcelain -- '**/README.md')" ]]; then
            echo "Version mismatch detected. Please run ./update-version.sh and commit the updated README.md files."
            git diff -- '**/README.md' 
            exit 1
          else
            echo "No version mismatch detected. All versions are up to date."
          fi
--- a/.github/workflows/update-readme.yaml
+++ b/.github/workflows/update-readme.yaml
@@ -1,42 +0,0 @@
 name: Update README on Tag
 on:
  workflow_dispatch:
  push:
    tags:
      - 'v*'
 jobs:
  update-readme:
    permissions:
      contents: write
      pull-requests: write
    runs-on: ubuntu-latest
    steps:
      - name: Checkout code
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - name: Get the latest tag
        id: get-latest-tag
        run: echo "TAG=$(git describe --tags --abbrev=0 | sed 's/^v//')" >> $GITHUB_OUTPUT
      - name: Run update script
        run: ./update-version.sh
      - name: Create Pull Request
        id: create-pr
        uses: peter-evans/create-pull-request@v5
        with:
          commit-message: 'chore: bump version to ${{ env.TAG }} in README.md files'
          title: 'chore: bump version to ${{ env.TAG }} in README.md files'
          body: 'This is an auto-generated PR to update README.md files of all modules with the new tag ${{ env.TAG }}'
          branch: 'update-readme-branch'
          base: 'main'
        env:
          TAG: ${{ steps.get-latest-tag.outputs.TAG }}
      - name: Auto-approve
        uses: hmarr/auto-approve-action@v4
        if: github.ref == 'refs/heads/update-readme-branch'
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -47,6 +47,7 @@ You can test a module locally by updating the source as follows
 ```tf
 module "example" {
  source = "git::https://github.com/<USERNAME>/<REPO>.git//<MODULE-NAME>?ref=<BRANCH-NAME>"
  # You may need to remove the 'version' field, it is incompatible with some sources.
 }
 ```
--- a/README.md
+++ b/README.md
@@ -7,6 +7,7 @@
 [![discord](https://img.shields.io/discord/747933592273027093?label=discord)](https://discord.gg/coder)
 [![license](https://img.shields.io/github/license/coder/modules)](./LICENSE)
 [![Health](https://github.com/coder/modules/actions/workflows/check.yaml/badge.svg)](https://github.com/coder/modules/actions/workflows/check.yaml)
 </div>
--- a/aws-region/main.test.ts
+++ b/aws-region/main.test.ts
@@ -1,6 +1,5 @@
 import { describe, expect, it } from "bun:test";
 import {
  executeScriptInContainer,
  runTerraformApply,
  runTerraformInit,
  testRequiredVariables,
--- a/azure-region/main.test.ts
+++ b/azure-region/main.test.ts
@@ -1,6 +1,5 @@
 import { describe, expect, it } from "bun:test";
 import {
  executeScriptInContainer,
  runTerraformApply,
  runTerraformInit,
  testRequiredVariables,
--- a/code-server/README.md
+++ b/code-server/README.md
@@ -14,7 +14,7 @@ Automatically install [code-server](https://github.com/coder/code-server) in a w
 ```tf
 module "code-server" {
  source   = "registry.coder.com/modules/code-server/coder"
-  version  = "1.0.17"
+  version  = "1.0.18"
  agent_id = coder_agent.example.id
 }
 ```
@@ -28,7 +28,7 @@ module "code-server" {
 ```tf
 module "code-server" {
  source          = "registry.coder.com/modules/code-server/coder"
-  version         = "1.0.17"
+  version         = "1.0.18"
  agent_id        = coder_agent.example.id
  install_version = "4.8.3"
 }
@@ -41,7 +41,7 @@ Install the Dracula theme from [OpenVSX](https://open-vsx.org/):
 ```tf
 module "code-server" {
  source   = "registry.coder.com/modules/code-server/coder"
-  version  = "1.0.17"
+  version  = "1.0.18"
  agent_id = coder_agent.example.id
  extensions = [
    "dracula-theme.theme-dracula"
@@ -58,7 +58,7 @@ Configure VS Code's [settings.json](https://code.visualstudio.com/docs/getstarte
 ```tf
 module "code-server" {
  source     = "registry.coder.com/modules/code-server/coder"
-  version    = "1.0.17"
+  version    = "1.0.18"
  agent_id   = coder_agent.example.id
  extensions = ["dracula-theme.theme-dracula"]
  settings = {
@@ -74,7 +74,7 @@ Just run code-server in the background, don't fetch it from GitHub:
 ```tf
 module "code-server" {
  source     = "registry.coder.com/modules/code-server/coder"
-  version    = "1.0.17"
+  version    = "1.0.18"
  agent_id   = coder_agent.example.id
  extensions = ["dracula-theme.theme-dracula", "ms-azuretools.vscode-docker"]
 }
@@ -89,7 +89,7 @@ Run an existing copy of code-server if found, otherwise download from GitHub:
 ```tf
 module "code-server" {
  source     = "registry.coder.com/modules/code-server/coder"
-  version    = "1.0.17"
+  version    = "1.0.18"
  agent_id   = coder_agent.example.id
  use_cached = true
  extensions = ["dracula-theme.theme-dracula", "ms-azuretools.vscode-docker"]
@@ -101,7 +101,7 @@ Just run code-server in the background, don't fetch it from GitHub:
 ```tf
 module "code-server" {
  source   = "registry.coder.com/modules/code-server/coder"
-  version  = "1.0.17"
+  version  = "1.0.18"
  agent_id = coder_agent.example.id
  offline  = true
 }
--- a/coder-login/main.test.ts
+++ b/coder-login/main.test.ts
@@ -1,10 +1,5 @@
-import { describe, expect, it } from "bun:test";
+import { describe } from "bun:test";
-import {
+import { runTerraformInit, testRequiredVariables } from "../test";
  executeScriptInContainer,
  runTerraformApply,
  runTerraformInit,
  testRequiredVariables,
 } from "../test";
 describe("coder-login", async () => {
  await runTerraformInit(import.meta.dir);
--- a/cursor/README.md
+++ b/cursor/README.md
@@ -16,7 +16,7 @@ Uses the [Coder Remote VS Code Extension](https://github.com/coder/cursor-coder)
 ```tf
 module "cursor" {
  source   = "registry.coder.com/modules/cursor/coder"
-  version  = "1.0.18"
+  version  = "1.0.19"
  agent_id = coder_agent.example.id
 }
 ```
@@ -28,7 +28,7 @@ module "cursor" {
 ```tf
 module "cursor" {
  source   = "registry.coder.com/modules/cursor/coder"
-  version  = "1.0.18"
+  version  = "1.0.19"
  agent_id = coder_agent.example.id
  folder   = "/home/coder/project"
 }
--- a/cursor/main.test.ts
+++ b/cursor/main.test.ts
@@ -1,6 +1,5 @@
 import { describe, expect, it } from "bun:test";
 import {
  executeScriptInContainer,
  runTerraformApply,
  runTerraformInit,
  testRequiredVariables,
--- a/cursor/main.tf
+++ b/cursor/main.tf
@@ -40,7 +40,7 @@ resource "coder_app" "cursor" {
  external     = true
  icon         = "/icon/cursor.svg"
  slug         = "cursor"
-  display_name = "Cursor IDE"
+  display_name = "Cursor Desktop"
  order        = var.order
  url = join("", [
    "cursor://coder.coder-remote/open",
--- a/dotfiles/README.md
+++ b/dotfiles/README.md
@@ -18,7 +18,7 @@ Under the hood, this module uses the [coder dotfiles](https://coder.com/docs/v2/
 ```tf
 module "dotfiles" {
  source   = "registry.coder.com/modules/dotfiles/coder"
-  version  = "1.0.15"
+  version  = "1.0.18"
  agent_id = coder_agent.example.id
 }
 ```
@@ -30,7 +30,7 @@ module "dotfiles" {
 ```tf
 module "dotfiles" {
  source   = "registry.coder.com/modules/dotfiles/coder"
-  version  = "1.0.15"
+  version  = "1.0.18"
  agent_id = coder_agent.example.id
 }
 ```
@@ -40,7 +40,7 @@ module "dotfiles" {
 ```tf
 module "dotfiles" {
  source   = "registry.coder.com/modules/dotfiles/coder"
-  version  = "1.0.15"
+  version  = "1.0.18"
  agent_id = coder_agent.example.id
  user     = "root"
 }
@@ -51,13 +51,13 @@ module "dotfiles" {
 ```tf
 module "dotfiles" {
  source   = "registry.coder.com/modules/dotfiles/coder"
-  version  = "1.0.15"
+  version  = "1.0.18"
  agent_id = coder_agent.example.id
 }
 module "dotfiles-root" {
  source       = "registry.coder.com/modules/dotfiles/coder"
-  version      = "1.0.15"
+  version      = "1.0.18"
  agent_id     = coder_agent.example.id
  user         = "root"
  dotfiles_uri = module.dotfiles.dotfiles_uri
@@ -71,7 +71,7 @@ You can set a default dotfiles repository for all users by setting the `default_
 ```tf
 module "dotfiles" {
  source               = "registry.coder.com/modules/dotfiles/coder"
-  version              = "1.0.15"
+  version              = "1.0.18"
  agent_id             = coder_agent.example.id
  default_dotfiles_uri = "https://github.com/coder/dotfiles"
 }
--- a/exoscale-zone/main.test.ts
+++ b/exoscale-zone/main.test.ts
@@ -1,6 +1,5 @@
 import { describe, expect, it } from "bun:test";
 import {
  executeScriptInContainer,
  runTerraformApply,
  runTerraformInit,
  testRequiredVariables,
--- a/filebrowser/README.md
+++ b/filebrowser/README.md
@@ -13,10 +13,9 @@ A file browser for your workspace.
 ```tf
 module "filebrowser" {
-  source     = "registry.coder.com/modules/filebrowser/coder"
+  source   = "registry.coder.com/modules/filebrowser/coder"
-  version    = "1.0.8"
+  version  = "1.0.23"
-  agent_id   = coder_agent.example.id
+  agent_id = coder_agent.example.id
  agent_name = "main"
 }
 ```
@@ -28,11 +27,10 @@ module "filebrowser" {
 ```tf
 module "filebrowser" {
-  source     = "registry.coder.com/modules/filebrowser/coder"
+  source   = "registry.coder.com/modules/filebrowser/coder"
-  version    = "1.0.8"
+  version  = "1.0.23"
-  agent_id   = coder_agent.example.id
+  agent_id = coder_agent.example.id
-  agent_name = "main"
+  folder   = "/home/coder/project"
  folder     = "/home/coder/project"
 }
 ```
@@ -41,9 +39,8 @@ module "filebrowser" {
 ```tf
 module "filebrowser" {
  source        = "registry.coder.com/modules/filebrowser/coder"
-  version       = "1.0.8"
+  version       = "1.0.23"
  agent_id      = coder_agent.example.id
  agent_name    = "main"
  database_path = ".config/filebrowser.db"
 }
 ```
--- a/filebrowser/main.test.ts
+++ b/filebrowser/main.test.ts
@@ -11,13 +11,11 @@ describe("filebrowser", async () => {
  testRequiredVariables(import.meta.dir, {
    agent_id: "foo",
    agent_name: "main",
  });
  it("fails with wrong database_path", async () => {
    const state = await runTerraformApply(import.meta.dir, {
      agent_id: "foo",
      agent_name: "main",
      database_path: "nofb",
    }).catch((e) => {
      if (!e.message.startsWith("\nError: Invalid value for variable")) {
@@ -29,7 +27,6 @@ describe("filebrowser", async () => {
  it("runs with default", async () => {
    const state = await runTerraformApply(import.meta.dir, {
      agent_id: "foo",
      agent_name: "main",
    });
    const output = await executeScriptInContainer(state, "alpine");
    expect(output.exitCode).toBe(0);
@@ -51,7 +48,6 @@ describe("filebrowser", async () => {
  it("runs with database_path var", async () => {
    const state = await runTerraformApply(import.meta.dir, {
      agent_id: "foo",
      agent_name: "main",
      database_path: ".config/filebrowser.db",
    });
    const output = await executeScriptInContainer(state, "alpine");
@@ -74,7 +70,6 @@ describe("filebrowser", async () => {
  it("runs with folder var", async () => {
    const state = await runTerraformApply(import.meta.dir, {
      agent_id: "foo",
      agent_name: "main",
      folder: "/home/coder/project",
    });
    const output = await executeScriptInContainer(state, "alpine");
--- a/filebrowser/main.tf
+++ b/filebrowser/main.tf
@@ -20,7 +20,8 @@ data "coder_workspace_owner" "me" {}
 variable "agent_name" {
  type        = string
-  description = "The name of the main deployment. (Used to build the subpath for coder_app.)"
+  description = "The name of the coder_agent resource. (Only required if subdomain is false and the template uses multiple agents.)"
  default     = null
 }
 variable "database_path" {
@@ -67,6 +68,12 @@ variable "order" {
  default     = null
 }
 variable "slug" {
  type        = string
  description = "The slug of the coder_app resource."
  default     = "filebrowser"
 }
 variable "subdomain" {
  type        = bool
  description = <<-EOT
@@ -79,7 +86,7 @@ variable "subdomain" {
 resource "coder_script" "filebrowser" {
  agent_id     = var.agent_id
  display_name = "File Browser"
-  icon         = "https://raw.githubusercontent.com/filebrowser/logo/master/icon_raw.svg"
+  icon         = "/icon/filebrowser.svg"
  script = templatefile("${path.module}/run.sh", {
    LOG_PATH : var.log_path,
    PORT : var.port,
@@ -87,18 +94,30 @@ resource "coder_script" "filebrowser" {
    LOG_PATH : var.log_path,
    DB_PATH : var.database_path,
    SUBDOMAIN : var.subdomain,
-    SERVER_BASE_PATH : var.subdomain ? "" : format("/@%s/%s.%s/apps/filebrowser", data.coder_workspace_owner.me.name, data.coder_workspace.me.name, var.agent_name),
+    SERVER_BASE_PATH : local.server_base_path
  })
  run_on_start = true
 }
 resource "coder_app" "filebrowser" {
  agent_id     = var.agent_id
-  slug         = "filebrowser"
+  slug         = var.slug
  display_name = "File Browser"
-  url          = "http://localhost:${var.port}"
+  url          = local.url
-  icon         = "https://raw.githubusercontent.com/filebrowser/logo/master/icon_raw.svg"
+  icon         = "/icon/filebrowser.svg"
  subdomain    = var.subdomain
  share        = var.share
  order        = var.order
  healthcheck {
    url       = local.healthcheck_url
    interval  = 5
    threshold = 6
  }
 }
 locals {
  server_base_path = var.subdomain ? "" : format("/@%s/%s%s/apps/%s", data.coder_workspace_owner.me.name, data.coder_workspace.me.name, var.agent_name != null ? ".${var.agent_name}" : "", var.slug)
  url              = "http://localhost:${var.port}${local.server_base_path}"
  healthcheck_url  = "http://localhost:${var.port}${local.server_base_path}/health"
 }
--- a/filebrowser/run.sh
+++ b/filebrowser/run.sh
@@ -1,9 +1,13 @@
 #!/usr/bin/env bash
 BOLD='\033[0;1m'
 printf "$${BOLD}Installing filebrowser \n\n"
-curl -fsSL https://raw.githubusercontent.com/filebrowser/get/master/get.sh | bash
+# Check if filebrowser is installed
 if ! command -v filebrowser &> /dev/null; then
  curl -fsSL https://raw.githubusercontent.com/filebrowser/get/master/get.sh | bash
 fi
 printf "🥳 Installation complete! \n\n"
@@ -18,7 +22,7 @@ if [ "${DB_PATH}" != "filebrowser.db" ]; then
 fi
 # set baseurl to be able to run if sudomain=false; if subdomain=true the SERVER_BASE_PATH value will be ""
-filebrowser config set --baseurl "${SERVER_BASE_PATH}" > ${LOG_PATH} 2>&1
+filebrowser config set --baseurl "${SERVER_BASE_PATH}"$${DB_FLAG} > ${LOG_PATH} 2>&1
 printf "📂 Serving $${ROOT_DIR} at http://localhost:${PORT} \n\n"
--- a/git-clone/README.md
+++ b/git-clone/README.md
@@ -14,7 +14,7 @@ This module allows you to automatically clone a repository by URL and skip if it
 ```tf
 module "git-clone" {
  source   = "registry.coder.com/modules/git-clone/coder"
-  version  = "1.0.12"
+  version  = "1.0.18"
  agent_id = coder_agent.example.id
  url      = "https://github.com/coder/coder"
 }
@@ -27,7 +27,7 @@ module "git-clone" {
 ```tf
 module "git-clone" {
  source   = "registry.coder.com/modules/git-clone/coder"
-  version  = "1.0.12"
+  version  = "1.0.18"
  agent_id = coder_agent.example.id
  url      = "https://github.com/coder/coder"
  base_dir = "~/projects/coder"
@@ -41,7 +41,7 @@ To use with [Git Authentication](https://coder.com/docs/v2/latest/admin/git-prov
 ```tf
 module "git-clone" {
  source   = "registry.coder.com/modules/git-clone/coder"
-  version  = "1.0.12"
+  version  = "1.0.18"
  agent_id = coder_agent.example.id
  url      = "https://github.com/coder/coder"
 }
@@ -66,7 +66,7 @@ data "coder_parameter" "git_repo" {
 # Clone the repository for branch `feat/example`
 module "git_clone" {
  source   = "registry.coder.com/modules/git-clone/coder"
-  version  = "1.0.12"
+  version  = "1.0.18"
  agent_id = coder_agent.example.id
  url      = data.coder_parameter.git_repo.value
 }
@@ -74,7 +74,7 @@ module "git_clone" {
 # Create a code-server instance for the cloned repository
 module "code-server" {
  source   = "registry.coder.com/modules/code-server/coder"
-  version  = "1.0.12"
+  version  = "1.0.18"
  agent_id = coder_agent.example.id
  order    = 1
  folder   = "/home/${local.username}/${module.git_clone.folder_name}"
@@ -98,7 +98,7 @@ Configuring `git-clone` for a self-hosted GitHub Enterprise Server running at `g
 ```tf
 module "git-clone" {
  source   = "registry.coder.com/modules/git-clone/coder"
-  version  = "1.0.12"
+  version  = "1.0.18"
  agent_id = coder_agent.example.id
  url      = "https://github.example.com/coder/coder/tree/feat/example"
  git_providers = {
@@ -116,7 +116,7 @@ To GitLab clone with a specific branch like `feat/example`
 ```tf
 module "git-clone" {
  source   = "registry.coder.com/modules/git-clone/coder"
-  version  = "1.0.12"
+  version  = "1.0.18"
  agent_id = coder_agent.example.id
  url      = "https://gitlab.com/coder/coder/-/tree/feat/example"
 }
@@ -127,7 +127,7 @@ Configuring `git-clone` for a self-hosted GitLab running at `gitlab.example.com`
 ```tf
 module "git-clone" {
  source   = "registry.coder.com/modules/git-clone/coder"
-  version  = "1.0.12"
+  version  = "1.0.18"
  agent_id = coder_agent.example.id
  url      = "https://gitlab.example.com/coder/coder/-/tree/feat/example"
  git_providers = {
@@ -147,7 +147,7 @@ For example, to clone the `feat/example` branch:
 ```tf
 module "git-clone" {
  source      = "registry.coder.com/modules/git-clone/coder"
-  version     = "1.0.12"
+  version     = "1.0.18"
  agent_id    = coder_agent.example.id
  url         = "https://github.com/coder/coder"
  branch_name = "feat/example"
@@ -163,7 +163,7 @@ For example, this will clone into the `~/projects/coder/coder-dev` folder:
 ```tf
 module "git-clone" {
  source      = "registry.coder.com/modules/git-clone/coder"
-  version     = "1.0.12"
+  version     = "1.0.18"
  agent_id    = coder_agent.example.id
  url         = "https://github.com/coder/coder"
  folder_name = "coder-dev"
--- a/github-upload-public-key/main.test.ts
+++ b/github-upload-public-key/main.test.ts
@@ -1,3 +1,4 @@
 import { type Server, serve } from "bun";
 import { describe, expect, it } from "bun:test";
 import {
  createJSONResponse,
@@ -9,7 +10,6 @@ import {
  testRequiredVariables,
  writeCoder,
 } from "../test";
 import { Server, serve } from "bun";
 describe("github-upload-public-key", async () => {
  await runTerraformInit(import.meta.dir);
@@ -21,10 +21,12 @@ describe("github-upload-public-key", async () => {
  it("creates new key if one does not exist", async () => {
    const { instance, id, server } = await setupContainer();
    await writeCoder(id, "echo foo");
-    let exec = await execContainer(id, [
+
    const url = server.url.toString().slice(0, -1);
    const exec = await execContainer(id, [
      "env",
-      "CODER_ACCESS_URL=" + server.url.toString().slice(0, -1),
+      `CODER_ACCESS_URL=${url}`,
-      "GITHUB_API_URL=" + server.url.toString().slice(0, -1),
+      `GITHUB_API_URL=${url}`,
      "CODER_OWNER_SESSION_TOKEN=foo",
      "CODER_EXTERNAL_AUTH_ID=github",
      "bash",
@@ -42,10 +44,12 @@ describe("github-upload-public-key", async () => {
    const { instance, id, server } = await setupContainer();
    // use keyword to make server return a existing key
    await writeCoder(id, "echo findkey");
-    let exec = await execContainer(id, [
+
    const url = server.url.toString().slice(0, -1);
    const exec = await execContainer(id, [
      "env",
-      "CODER_ACCESS_URL=" + server.url.toString().slice(0, -1),
+      `CODER_ACCESS_URL=${url}`,
-      "GITHUB_API_URL=" + server.url.toString().slice(0, -1),
+      `GITHUB_API_URL=${url}`,
      "CODER_OWNER_SESSION_TOKEN=foo",
      "CODER_EXTERNAL_AUTH_ID=github",
      "bash",
@@ -95,7 +99,7 @@ const setupServer = async (): Promise<Server> => {
        }
        // case: key already exists
-        if (req.headers.get("Authorization") == "Bearer findkey") {
+        if (req.headers.get("Authorization") === "Bearer findkey") {
          return createJSONResponse([
            {
              key: "foo",
--- a/jetbrains-gateway/README.md
+++ b/jetbrains-gateway/README.md
@@ -14,7 +14,7 @@ This module adds a JetBrains Gateway Button to open any workspace with a single
 ```tf
 module "jetbrains_gateway" {
  source         = "registry.coder.com/modules/jetbrains-gateway/coder"
-  version        = "1.0.13"
+  version        = "1.0.23"
  agent_id       = coder_agent.example.id
  agent_name     = "example"
  folder         = "/home/coder/example"
@@ -32,7 +32,7 @@ module "jetbrains_gateway" {
 ```tf
 module "jetbrains_gateway" {
  source         = "registry.coder.com/modules/jetbrains-gateway/coder"
-  version        = "1.0.13"
+  version        = "1.0.23"
  agent_id       = coder_agent.example.id
  agent_name     = "example"
  folder         = "/home/coder/example"
@@ -46,7 +46,7 @@ module "jetbrains_gateway" {
 ```tf
 module "jetbrains_gateway" {
  source         = "registry.coder.com/modules/jetbrains-gateway/coder"
-  version        = "1.0.13"
+  version        = "1.0.23"
  agent_id       = coder_agent.example.id
  agent_name     = "example"
  folder         = "/home/coder/example"
@@ -61,7 +61,7 @@ module "jetbrains_gateway" {
 ```tf
 module "jetbrains_gateway" {
  source         = "registry.coder.com/modules/jetbrains-gateway/coder"
-  version        = "1.0.13"
+  version        = "1.0.23"
  agent_id       = coder_agent.example.id
  agent_name     = "example"
  folder         = "/home/coder/example"
@@ -72,6 +72,24 @@ module "jetbrains_gateway" {
 }
 ```
 ### Custom base link
 Due to the highest priority of the `ide_download_link` parameter in the `(jetbrains-gateway://...` within IDEA, the pre-configured download address will be overridden when using [IDEA's offline mode](https://www.jetbrains.com/help/idea/fully-offline-mode.html). Therefore, it is necessary to configure the `download_base_link` parameter for the `jetbrains_gateway` module to change the value of `ide_download_link`.
 ```tf
 module "jetbrains_gateway" {
  source             = "registry.coder.com/modules/jetbrains-gateway/coder"
  version            = "1.0.23"
  agent_id           = coder_agent.example.id
  agent_name         = "example"
  folder             = "/home/coder/example"
  jetbrains_ides     = ["GO", "WS"]
  releases_base_link = "https://releases.internal.site/"
  download_base_link = "https://download.internal.site/"
  default            = "GO"
 }
 ```
 ## Supported IDEs
 This module and JetBrains Gateway support the following JetBrains IDEs:
--- a/jetbrains-gateway/main.test.ts
+++ b/jetbrains-gateway/main.test.ts
@@ -14,6 +14,26 @@ describe("jetbrains-gateway", async () => {
    folder: "/home/foo",
  });
  it("should create a link with the default values", async () => {
    const state = await runTerraformApply(import.meta.dir, {
      // These are all required.
      agent_id: "foo",
      agent_name: "foo",
      folder: "/home/coder",
    });
    expect(state.outputs.url.value).toBe(
      "jetbrains-gateway://connect#type=coder&workspace=default&owner=default&agent=foo&folder=/home/coder&url=https://mydeployment.coder.com&token=$SESSION_TOKEN&ide_product_code=IU&ide_build_number=241.14494.240&ide_download_link=https://download.jetbrains.com/idea/ideaIU-2024.1.tar.gz",
    );
    const coder_app = state.resources.find(
      (res) => res.type === "coder_app" && res.name === "gateway",
    );
    expect(coder_app).not.toBeNull();
    expect(coder_app?.instances.length).toBe(1);
    expect(coder_app?.instances[0].attributes.order).toBeNull();
  });
  it("default to first ide", async () => {
    const state = await runTerraformApply(import.meta.dir, {
      agent_id: "foo",
--- a/jetbrains-gateway/main.tf
+++ b/jetbrains-gateway/main.tf
@@ -18,6 +18,12 @@ variable "agent_id" {
  description = "The ID of a Coder agent."
 }
 variable "slug" {
  type        = string
  description = "The slug for the coder_app. Allows resuing the module with the same template."
  default     = "gateway"
 }
 variable "agent_name" {
  type        = string
  description = "Agent name."
@@ -140,9 +146,29 @@ variable "jetbrains_ides" {
  }
 }
 variable "releases_base_link" {
  type        = string
  description = ""
  default     = "https://data.services.jetbrains.com"
  validation {
    condition     = can(regex("^https?://.+$", var.releases_base_link))
    error_message = "The releases_base_link must be a valid HTTP/S address."
  }
 }
 variable "download_base_link" {
  type        = string
  description = ""
  default     = "https://download.jetbrains.com"
  validation {
    condition     = can(regex("^https?://.+$", var.download_base_link))
    error_message = "The download_base_link must be a valid HTTP/S address."
  }
 }
 data "http" "jetbrains_ide_versions" {
  for_each = var.latest ? toset(var.jetbrains_ides) : toset([])
-  url      = "https://data.services.jetbrains.com/products/releases?code=${each.key}&latest=true&type=${var.channel}"
+  url      = "${var.releases_base_link}/products/releases?code=${each.key}&latest=true&type=${var.channel}"
 }
 locals {
@@ -152,7 +178,7 @@ locals {
      name          = "GoLand",
      identifier    = "GO",
      build_number  = var.jetbrains_ide_versions["GO"].build_number,
-      download_link = "https://download.jetbrains.com/go/goland-${var.jetbrains_ide_versions["GO"].version}.tar.gz"
+      download_link = "${var.download_base_link}/go/goland-${var.jetbrains_ide_versions["GO"].version}.tar.gz"
      version       = var.jetbrains_ide_versions["GO"].version
    },
    "WS" = {
@@ -160,7 +186,7 @@ locals {
      name          = "WebStorm",
      identifier    = "WS",
      build_number  = var.jetbrains_ide_versions["WS"].build_number,
-      download_link = "https://download.jetbrains.com/webstorm/WebStorm-${var.jetbrains_ide_versions["WS"].version}.tar.gz"
+      download_link = "${var.download_base_link}/webstorm/WebStorm-${var.jetbrains_ide_versions["WS"].version}.tar.gz"
      version       = var.jetbrains_ide_versions["WS"].version
    },
    "IU" = {
@@ -168,7 +194,7 @@ locals {
      name          = "IntelliJ IDEA Ultimate",
      identifier    = "IU",
      build_number  = var.jetbrains_ide_versions["IU"].build_number,
-      download_link = "https://download.jetbrains.com/idea/ideaIU-${var.jetbrains_ide_versions["IU"].version}.tar.gz"
+      download_link = "${var.download_base_link}/idea/ideaIU-${var.jetbrains_ide_versions["IU"].version}.tar.gz"
      version       = var.jetbrains_ide_versions["IU"].version
    },
    "PY" = {
@@ -176,7 +202,7 @@ locals {
      name          = "PyCharm Professional",
      identifier    = "PY",
      build_number  = var.jetbrains_ide_versions["PY"].build_number,
-      download_link = "https://download.jetbrains.com/python/pycharm-professional-${var.jetbrains_ide_versions["PY"].version}.tar.gz"
+      download_link = "${var.download_base_link}/python/pycharm-professional-${var.jetbrains_ide_versions["PY"].version}.tar.gz"
      version       = var.jetbrains_ide_versions["PY"].version
    },
    "CL" = {
@@ -184,7 +210,7 @@ locals {
      name          = "CLion",
      identifier    = "CL",
      build_number  = var.jetbrains_ide_versions["CL"].build_number,
-      download_link = "https://download.jetbrains.com/cpp/CLion-${var.jetbrains_ide_versions["CL"].version}.tar.gz"
+      download_link = "${var.download_base_link}/cpp/CLion-${var.jetbrains_ide_versions["CL"].version}.tar.gz"
      version       = var.jetbrains_ide_versions["CL"].version
    },
    "PS" = {
@@ -192,7 +218,7 @@ locals {
      name          = "PhpStorm",
      identifier    = "PS",
      build_number  = var.jetbrains_ide_versions["PS"].build_number,
-      download_link = "https://download.jetbrains.com/webide/PhpStorm-${var.jetbrains_ide_versions["PS"].version}.tar.gz"
+      download_link = "${var.download_base_link}/webide/PhpStorm-${var.jetbrains_ide_versions["PS"].version}.tar.gz"
      version       = var.jetbrains_ide_versions["PS"].version
    },
    "RM" = {
@@ -200,7 +226,7 @@ locals {
      name          = "RubyMine",
      identifier    = "RM",
      build_number  = var.jetbrains_ide_versions["RM"].build_number,
-      download_link = "https://download.jetbrains.com/ruby/RubyMine-${var.jetbrains_ide_versions["RM"].version}.tar.gz"
+      download_link = "${var.download_base_link}/ruby/RubyMine-${var.jetbrains_ide_versions["RM"].version}.tar.gz"
      version       = var.jetbrains_ide_versions["RM"].version
    }
    "RD" = {
@@ -208,7 +234,7 @@ locals {
      name          = "Rider",
      identifier    = "RD",
      build_number  = var.jetbrains_ide_versions["RD"].build_number,
-      download_link = "https://download.jetbrains.com/rider/JetBrains.Rider-${var.jetbrains_ide_versions["RD"].version}.tar.gz"
+      download_link = "${var.download_base_link}/rider/JetBrains.Rider-${var.jetbrains_ide_versions["RD"].version}.tar.gz"
      version       = var.jetbrains_ide_versions["RD"].version
    }
  }
@@ -243,10 +269,11 @@ data "coder_parameter" "jetbrains_ide" {
 }
 data "coder_workspace" "me" {}
 data "coder_workspace_owner" "me" {}
 resource "coder_app" "gateway" {
  agent_id     = var.agent_id
-  slug         = "gateway"
+  slug         = var.slug
  display_name = local.display_name
  icon         = local.icon
  external     = true
@@ -254,6 +281,8 @@ resource "coder_app" "gateway" {
  url = join("", [
    "jetbrains-gateway://connect#type=coder&workspace=",
    data.coder_workspace.me.name,
    "&owner=",
    data.coder_workspace_owner.me.name,
    "&agent=",
    var.agent_name,
    "&folder=",
--- a/jfrog-oauth/.npmrc.tftpl
+++ b/jfrog-oauth/.npmrc.tftpl
@@ -0,0 +1,5 @@
 email=${ARTIFACTORY_EMAIL}
 %{ for REPO in REPOS ~}
 ${REPO.SCOPE}registry=${JFROG_URL}/artifactory/api/npm/${REPO.NAME}
 //${JFROG_HOST}/artifactory/api/npm/${REPO.NAME}/:_authToken=${ARTIFACTORY_ACCESS_TOKEN}
 %{ endfor ~}
--- a/jfrog-oauth/README.md
+++ b/jfrog-oauth/README.md
@@ -17,15 +17,16 @@ Install the JF CLI and authenticate package managers with Artifactory using OAut
 ```tf
 module "jfrog" {
  source         = "registry.coder.com/modules/jfrog-oauth/coder"
-  version        = "1.0.15"
+  version        = "1.0.19"
  agent_id       = coder_agent.example.id
  jfrog_url      = "https://example.jfrog.io"
  username_field = "username" # If you are using GitHub to login to both Coder and Artifactory, use username_field = "username"
  package_managers = {
-    "npm" : "npm",
+    npm    = ["npm", "@scoped:npm-scoped"]
-    "go" : "go",
+    go     = ["go", "another-go-repo"]
-    "pypi" : "pypi"
+    pypi   = ["pypi", "extra-index-pypi"]
    docker = ["example-docker-staging.jfrog.io", "example-docker-production.jfrog.io"]
  }
 }
 ```
@@ -44,13 +45,13 @@ Configure the Python pip package manager to fetch packages from Artifactory whil
 ```tf
 module "jfrog" {
  source         = "registry.coder.com/modules/jfrog-oauth/coder"
-  version        = "1.0.15"
+  version        = "1.0.19"
  agent_id       = coder_agent.example.id
  jfrog_url      = "https://example.jfrog.io"
  username_field = "email"
  package_managers = {
-    "pypi" : "pypi"
+    pypi = ["pypi"]
  }
 }
 ```
@@ -72,15 +73,15 @@ The [JFrog extension](https://open-vsx.org/extension/JFrog/jfrog-vscode-extensio
 ```tf
 module "jfrog" {
  source                = "registry.coder.com/modules/jfrog-oauth/coder"
-  version               = "1.0.15"
+  version               = "1.0.19"
  agent_id              = coder_agent.example.id
  jfrog_url             = "https://example.jfrog.io"
  username_field        = "username" # If you are using GitHub to login to both Coder and Artifactory, use username_field = "username"
  configure_code_server = true       # Add JFrog extension configuration for code-server
  package_managers = {
-    "npm" : "npm",
+    npm  = ["npm"]
-    "go" : "go",
+    go   = ["go"]
-    "pypi" : "pypi"
+    pypi = ["pypi"]
  }
 }
 ```
--- a/jfrog-oauth/main.test.ts
+++ b/jfrog-oauth/main.test.ts
@@ -1,19 +1,129 @@
-import { serve } from "bun";
+import { describe, expect, it } from "bun:test";
 import { describe } from "bun:test";
 import {
-  createJSONResponse,
+  findResourceInstance,
  runTerraformInit,
  runTerraformApply,
  testRequiredVariables,
 } from "../test";
 describe("jfrog-oauth", async () => {
  type TestVariables = {
    agent_id: string;
    jfrog_url: string;
    package_managers: string;
    username_field?: string;
    jfrog_server_id?: string;
    external_auth_id?: string;
    configure_code_server?: boolean;
  };
  await runTerraformInit(import.meta.dir);
-  testRequiredVariables(import.meta.dir, {
+  const fakeFrogApi = "localhost:8081/artifactory/api";
-    agent_id: "some-agent-id",
+  const fakeFrogUrl = "http://localhost:8081";
-    jfrog_url: "http://localhost:8081",
+  const user = "default";
-    package_managers: "{}",
+
  it("can run apply with required variables", async () => {
    testRequiredVariables<TestVariables>(import.meta.dir, {
      agent_id: "some-agent-id",
      jfrog_url: fakeFrogUrl,
      package_managers: "{}",
    });
  });
  it("generates an npmrc with scoped repos", async () => {
    const state = await runTerraformApply<TestVariables>(import.meta.dir, {
      agent_id: "some-agent-id",
      jfrog_url: fakeFrogUrl,
      package_managers: JSON.stringify({
        npm: ["global", "@foo:foo", "@bar:bar"],
      }),
    });
    const coderScript = findResourceInstance(state, "coder_script");
    const npmrcStanza = `cat << EOF > ~/.npmrc
 email=${user}@example.com
 registry=http://${fakeFrogApi}/npm/global
 //${fakeFrogApi}/npm/global/:_authToken=
@foo:registry=http://${fakeFrogApi}/npm/foo
 //${fakeFrogApi}/npm/foo/:_authToken=
@bar:registry=http://${fakeFrogApi}/npm/bar
 //${fakeFrogApi}/npm/bar/:_authToken=
 EOF`;
    expect(coderScript.script).toContain(npmrcStanza);
    expect(coderScript.script).toContain(
      'jf npmc --global --repo-resolve "global"',
    );
    expect(coderScript.script).toContain(
      'if [ -z "YES" ]; then\n  not_configured npm',
    );
  });
  it("generates a pip config with extra-indexes", async () => {
    const state = await runTerraformApply<TestVariables>(import.meta.dir, {
      agent_id: "some-agent-id",
      jfrog_url: fakeFrogUrl,
      package_managers: JSON.stringify({
        pypi: ["global", "foo", "bar"],
      }),
    });
    const coderScript = findResourceInstance(state, "coder_script");
    const pipStanza = `cat << EOF > ~/.pip/pip.conf
 [global]
 index-url = https://${user}:@${fakeFrogApi}/pypi/global/simple
 extra-index-url =
    https://${user}:@${fakeFrogApi}/pypi/foo/simple
    https://${user}:@${fakeFrogApi}/pypi/bar/simple
 EOF`;
    expect(coderScript.script).toContain(pipStanza);
    expect(coderScript.script).toContain(
      'jf pipc --global --repo-resolve "global"',
    );
    expect(coderScript.script).toContain(
      'if [ -z "YES" ]; then\n  not_configured pypi',
    );
  });
  it("registers multiple docker repos", async () => {
    const state = await runTerraformApply<TestVariables>(import.meta.dir, {
      agent_id: "some-agent-id",
      jfrog_url: fakeFrogUrl,
      package_managers: JSON.stringify({
        docker: ["foo.jfrog.io", "bar.jfrog.io", "baz.jfrog.io"],
      }),
    });
    const coderScript = findResourceInstance(state, "coder_script");
    const dockerStanza = ["foo", "bar", "baz"]
      .map((r) => `register_docker "${r}.jfrog.io"`)
      .join("\n");
    expect(coderScript.script).toContain(dockerStanza);
    expect(coderScript.script).toContain(
      'if [ -z "YES" ]; then\n  not_configured docker',
    );
  });
  it("sets goproxy with multiple repos", async () => {
    const state = await runTerraformApply<TestVariables>(import.meta.dir, {
      agent_id: "some-agent-id",
      jfrog_url: fakeFrogUrl,
      package_managers: JSON.stringify({
        go: ["foo", "bar", "baz"],
      }),
    });
    const proxyEnv = findResourceInstance(state, "coder_env", "goproxy");
    const proxies = ["foo", "bar", "baz"]
      .map((r) => `https://${user}:@${fakeFrogApi}/go/${r}`)
      .join(",");
    expect(proxyEnv.value).toEqual(proxies);
    const coderScript = findResourceInstance(state, "coder_script");
    expect(coderScript.script).toContain(
      'jf goc --global --repo-resolve "foo"',
    );
    expect(coderScript.script).toContain(
      'if [ -z "YES" ]; then\n  not_configured go',
    );
  });
 });
 //TODO add more tests
--- a/jfrog-oauth/main.tf
+++ b/jfrog-oauth/main.tf
@@ -53,23 +53,51 @@ variable "configure_code_server" {
 }
 variable "package_managers" {
-  type        = map(string)
+  type = object({
-  description = <<EOF
+    npm    = optional(list(string), [])
-A map of package manager names to their respective artifactory repositories.
+    go     = optional(list(string), [])
-For example:
+    pypi   = optional(list(string), [])
-    {
+    docker = optional(list(string), [])
-      "npm": "YOUR_NPM_REPO_KEY",
+  })
-      "go": "YOUR_GO_REPO_KEY",
+  description = <<-EOF
-      "pypi": "YOUR_PYPI_REPO_KEY",
+    A map of package manager names to their respective artifactory repositories. Unused package managers can be omitted.
-      "docker": "YOUR_DOCKER_REPO_KEY"
+    For example:
-    }
+      {
-EOF
+        npm    = ["GLOBAL_NPM_REPO_KEY", "@SCOPED:NPM_REPO_KEY"]
        go     = ["YOUR_GO_REPO_KEY", "ANOTHER_GO_REPO_KEY"]
        pypi   = ["YOUR_PYPI_REPO_KEY", "ANOTHER_PYPI_REPO_KEY"]
        docker = ["YOUR_DOCKER_REPO_KEY", "ANOTHER_DOCKER_REPO_KEY"]
      }
  EOF
 }
 locals {
  # The username field to use for artifactory
  username   = var.username_field == "email" ? data.coder_workspace_owner.me.email : data.coder_workspace_owner.me.name
-  jfrog_host = replace(var.jfrog_url, "https://", "")
+  jfrog_host = split("://", var.jfrog_url)[1]
  common_values = {
    JFROG_URL                = var.jfrog_url
    JFROG_HOST               = local.jfrog_host
    JFROG_SERVER_ID          = var.jfrog_server_id
    ARTIFACTORY_USERNAME     = local.username
    ARTIFACTORY_EMAIL        = data.coder_workspace_owner.me.email
    ARTIFACTORY_ACCESS_TOKEN = data.coder_external_auth.jfrog.access_token
  }
  npmrc = templatefile(
    "${path.module}/.npmrc.tftpl",
    merge(
      local.common_values,
      {
        REPOS = [
          for r in var.package_managers.npm :
          strcontains(r, ":") ? zipmap(["SCOPE", "NAME"], ["${split(":", r)[0]}:", split(":", r)[1]]) : { SCOPE = "", NAME = r }
        ]
      }
    )
  )
  pip_conf = templatefile(
    "${path.module}/pip.conf.tftpl", merge(local.common_values, { REPOS = var.package_managers.pypi })
  )
 }
 data "coder_workspace" "me" {}
@@ -83,19 +111,22 @@ resource "coder_script" "jfrog" {
  agent_id     = var.agent_id
  display_name = "jfrog"
  icon         = "/icon/jfrog.svg"
-  script = templatefile("${path.module}/run.sh", {
+  script = templatefile("${path.module}/run.sh", merge(
-    JFROG_URL : var.jfrog_url,
+    local.common_values,
-    JFROG_HOST : local.jfrog_host,
+    {
-    JFROG_SERVER_ID : var.jfrog_server_id,
+      CONFIGURE_CODE_SERVER = var.configure_code_server
-    ARTIFACTORY_USERNAME : local.username,
+      HAS_NPM               = length(var.package_managers.npm) == 0 ? "" : "YES"
-    ARTIFACTORY_EMAIL : data.coder_workspace_owner.me.email,
+      NPMRC                 = local.npmrc
-    ARTIFACTORY_ACCESS_TOKEN : data.coder_external_auth.jfrog.access_token,
+      REPOSITORY_NPM        = try(element(var.package_managers.npm, 0), "")
-    CONFIGURE_CODE_SERVER : var.configure_code_server,
+      HAS_GO                = length(var.package_managers.go) == 0 ? "" : "YES"
-    REPOSITORY_NPM : lookup(var.package_managers, "npm", ""),
+      REPOSITORY_GO         = try(element(var.package_managers.go, 0), "")
-    REPOSITORY_GO : lookup(var.package_managers, "go", ""),
+      HAS_PYPI              = length(var.package_managers.pypi) == 0 ? "" : "YES"
-    REPOSITORY_PYPI : lookup(var.package_managers, "pypi", ""),
+      PIP_CONF              = local.pip_conf
-    REPOSITORY_DOCKER : lookup(var.package_managers, "docker", ""),
+      REPOSITORY_PYPI       = try(element(var.package_managers.pypi, 0), "")
-  })
+      HAS_DOCKER            = length(var.package_managers.docker) == 0 ? "" : "YES"
      REGISTER_DOCKER       = join("\n", formatlist("register_docker \"%s\"", var.package_managers.docker))
    }
  ))
  run_on_start = true
 }
@@ -121,10 +152,13 @@ resource "coder_env" "jfrog_ide_store_connection" {
 }
 resource "coder_env" "goproxy" {
-  count    = lookup(var.package_managers, "go", "") == "" ? 0 : 1
+  count    = length(var.package_managers.go) == 0 ? 0 : 1
  agent_id = var.agent_id
  name     = "GOPROXY"
-  value    = "https://${local.username}:${data.coder_external_auth.jfrog.access_token}@${local.jfrog_host}/artifactory/api/go/${lookup(var.package_managers, "go", "")}"
+  value = join(",", [
    for repo in var.package_managers.go :
    "https://${local.username}:${data.coder_external_auth.jfrog.access_token}@${local.jfrog_host}/artifactory/api/go/${repo}"
  ])
 }
 output "access_token" {
--- a/jfrog-oauth/pip.conf.tftpl
+++ b/jfrog-oauth/pip.conf.tftpl
@@ -0,0 +1,6 @@
 [global]
 index-url = https://${ARTIFACTORY_USERNAME}:${ARTIFACTORY_ACCESS_TOKEN}@${JFROG_HOST}/artifactory/api/pypi/${try(element(REPOS, 0), "")}/simple
 extra-index-url =
 %{ for REPO in try(slice(REPOS, 1, length(REPOS)), []) ~}
    https://${ARTIFACTORY_USERNAME}:${ARTIFACTORY_ACCESS_TOKEN}@${JFROG_HOST}/artifactory/api/pypi/${REPO}/simple
 %{ endfor ~}
--- a/jfrog-oauth/run.sh
+++ b/jfrog-oauth/run.sh
@@ -2,6 +2,21 @@
 BOLD='\033[0;1m'
 not_configured() {
  type=$1
  echo "🤔 no $type repository is set, skipping $type configuration."
  echo "You can configure a $type repository by providing a key for '$type' in the 'package_managers' input."
 }
 config_complete() {
  echo "🥳 Configuration complete!"
 }
 register_docker() {
  repo=$1
  echo -n "${ARTIFACTORY_ACCESS_TOKEN}" | docker login "$repo" --username ${ARTIFACTORY_USERNAME} --password-stdin
 }
 # check if JFrog CLI is already installed
 if command -v jf > /dev/null 2>&1; then
  echo "✅ JFrog CLI is already installed, skipping installation."
@@ -20,52 +35,47 @@ echo "${ARTIFACTORY_ACCESS_TOKEN}" | jf c add --access-token-stdin --url "${JFRO
 jf c use "${JFROG_SERVER_ID}"
 # Configure npm to use the Artifactory "npm" repository.
-if [ -z "${REPOSITORY_NPM}" ]; then
+if [ -z "${HAS_NPM}" ]; then
-  echo "🤔 no npm repository is set, skipping npm configuration."
+  not_configured npm
  echo "You can configure an npm repository by providing the a key for 'npm' in the 'package_managers' input."
 else
  echo "📦 Configuring npm..."
  jf npmc --global --repo-resolve "${REPOSITORY_NPM}"
  cat << EOF > ~/.npmrc
-email=${ARTIFACTORY_EMAIL}
+${NPMRC}
 registry=${JFROG_URL}/artifactory/api/npm/${REPOSITORY_NPM}
 EOF
-  echo "//${JFROG_HOST}/artifactory/api/npm/${REPOSITORY_NPM}/:_authToken=${ARTIFACTORY_ACCESS_TOKEN}" >> ~/.npmrc
+  config_complete
 fi
 # Configure the `pip` to use the Artifactory "python" repository.
-if [ -z "${REPOSITORY_PYPI}" ]; then
+if [ -z "${HAS_PYPI}" ]; then
-  echo "🤔 no pypi repository is set, skipping pip configuration."
+  not_configured pypi
  echo "You can configure a pypi repository by providing the a key for 'pypi' in the 'package_managers' input."
 else
-  echo "📦 Configuring pip..."
+  echo "🐍 Configuring pip..."
  jf pipc --global --repo-resolve "${REPOSITORY_PYPI}"
  mkdir -p ~/.pip
  cat << EOF > ~/.pip/pip.conf
-[global]
+${PIP_CONF}
 index-url = https://${ARTIFACTORY_USERNAME}:${ARTIFACTORY_ACCESS_TOKEN}@${JFROG_HOST}/artifactory/api/pypi/${REPOSITORY_PYPI}/simple
 EOF
  config_complete
 fi
 # Configure Artifactory "go" repository.
-if [ -z "${REPOSITORY_GO}" ]; then
+if [ -z "${HAS_GO}" ]; then
-  echo "🤔 no go repository is set, skipping go configuration."
+  not_configured go
  echo "You can configure a go repository by providing the a key for 'go' in the 'package_managers' input."
 else
  echo "🐹 Configuring go..."
  jf goc --global --repo-resolve "${REPOSITORY_GO}"
  config_complete
 fi
 echo "🥳 Configuration complete!"
 # Configure the JFrog CLI to use the Artifactory "docker" repository.
-if [ -z "${REPOSITORY_DOCKER}" ]; then
+if [ -z "${HAS_DOCKER}" ]; then
-  echo "🤔 no docker repository is set, skipping docker configuration."
+  not_configured docker
  echo "You can configure a docker repository by providing the a key for 'docker' in the 'package_managers' input."
 else
  if command -v docker > /dev/null 2>&1; then
    echo "🔑 Configuring 🐳 docker credentials..."
    mkdir -p ~/.docker
-    echo -n "${ARTIFACTORY_ACCESS_TOKEN}" | docker login ${JFROG_HOST} --username ${ARTIFACTORY_USERNAME} --password-stdin
+    ${REGISTER_DOCKER}
  else
    echo "🤔 no docker is installed, skipping docker configuration."
  fi
@@ -96,20 +106,19 @@ echo "📦 Configuring JFrog CLI completion..."
 SHELLNAME=$(grep "^$USER" /etc/passwd | awk -F':' '{print $7}' | awk -F'/' '{print $NF}')
 # Generate the completion script
 jf completion $SHELLNAME --install
 begin_stanza="# BEGIN: jf CLI shell completion (added by coder module jfrog-oauth)"
 # Add the completion script to the user's shell profile
 if [ "$SHELLNAME" == "bash" ] && [ -f ~/.bashrc ]; then
-  if ! grep -q "# jf CLI shell completion" ~/.bashrc; then
+  if ! grep -q "$begin_stanza" ~/.bashrc; then
-    echo "" >> ~/.bashrc
+    printf "%s\n" "$begin_stanza" >> ~/.bashrc
    echo "# BEGIN: jf CLI shell completion (added by coder module jfrog-oauth)" >> ~/.bashrc
    echo 'source "$HOME/.jfrog/jfrog_bash_completion"' >> ~/.bashrc
    echo "# END: jf CLI shell completion" >> ~/.bashrc
  else
    echo "🥳 ~/.bashrc already contains jf CLI shell completion configuration, skipping."
  fi
 elif [ "$SHELLNAME" == "zsh" ] && [ -f ~/.zshrc ]; then
-  if ! grep -q "# jf CLI shell completion" ~/.zshrc; then
+  if ! grep -q "$begin_stanza" ~/.zshrc; then
-    echo "" >> ~/.zshrc
+    printf "\n%s\n" "$begin_stanza" >> ~/.zshrc
    echo "# BEGIN: jf CLI shell completion (added by coder module jfrog-oauth)" >> ~/.zshrc
    echo "autoload -Uz compinit" >> ~/.zshrc
    echo "compinit" >> ~/.zshrc
    echo 'source "$HOME/.jfrog/jfrog_zsh_completion"' >> ~/.zshrc
--- a/jfrog-token/.npmrc.tftpl
+++ b/jfrog-token/.npmrc.tftpl
@@ -0,0 +1,5 @@
 email=${ARTIFACTORY_EMAIL}
 %{ for REPO in REPOS ~}
 ${REPO.SCOPE}registry=${JFROG_URL}/artifactory/api/npm/${REPO.NAME}
 //${JFROG_HOST}/artifactory/api/npm/${REPO.NAME}/:_authToken=${ARTIFACTORY_ACCESS_TOKEN}
 %{ endfor ~}
--- a/jfrog-token/README.md
+++ b/jfrog-token/README.md
@@ -15,14 +15,15 @@ Install the JF CLI and authenticate package managers with Artifactory using Arti
 ```tf
 module "jfrog" {
  source                   = "registry.coder.com/modules/jfrog-token/coder"
-  version                  = "1.0.15"
+  version                  = "1.0.19"
  agent_id                 = coder_agent.example.id
  jfrog_url                = "https://XXXX.jfrog.io"
  artifactory_access_token = var.artifactory_access_token
  package_managers = {
-    "npm" : "npm",
+    npm    = ["npm", "@scoped:npm-scoped"]
-    "go" : "go",
+    go     = ["go", "another-go-repo"]
-    "pypi" : "pypi"
+    pypi   = ["pypi", "extra-index-pypi"]
    docker = ["example-docker-staging.jfrog.io", "example-docker-production.jfrog.io"]
  }
 }
 ```
@@ -41,14 +42,14 @@ For detailed instructions, please see this [guide](https://coder.com/docs/v2/lat
 ```tf
 module "jfrog" {
  source                   = "registry.coder.com/modules/jfrog-token/coder"
-  version                  = "1.0.15"
+  version                  = "1.0.19"
  agent_id                 = coder_agent.example.id
  jfrog_url                = "https://YYYY.jfrog.io"
  artifactory_access_token = var.artifactory_access_token # An admin access token
  package_managers = {
-    "npm" : "npm-local",
+    npm  = ["npm-local"]
-    "go" : "go-local",
+    go   = ["go-local"]
-    "pypi" : "pypi-local"
+    pypi = ["pypi-local"]
  }
 }
 ```
@@ -74,15 +75,15 @@ The [JFrog extension](https://open-vsx.org/extension/JFrog/jfrog-vscode-extensio
 ```tf
 module "jfrog" {
  source                   = "registry.coder.com/modules/jfrog-token/coder"
-  version                  = "1.0.15"
+  version                  = "1.0.19"
  agent_id                 = coder_agent.example.id
  jfrog_url                = "https://XXXX.jfrog.io"
  artifactory_access_token = var.artifactory_access_token
  configure_code_server    = true # Add JFrog extension configuration for code-server
  package_managers = {
-    "npm" : "npm",
+    npm  = ["npm"]
-    "go" : "go",
+    go   = ["go"]
-    "pypi" : "pypi"
+    pypi = ["pypi"]
  }
 }
 ```
@@ -94,15 +95,13 @@ data "coder_workspace" "me" {}
 module "jfrog" {
  source                   = "registry.coder.com/modules/jfrog-token/coder"
-  version                  = "1.0.15"
+  version                  = "1.0.19"
  agent_id                 = coder_agent.example.id
  jfrog_url                = "https://XXXX.jfrog.io"
  artifactory_access_token = var.artifactory_access_token
  token_description        = "Token for Coder workspace: ${data.coder_workspace_owner.me.name}/${data.coder_workspace.me.name}"
  package_managers = {
-    "npm" : "npm",
+    npm = ["npm"]
    "go" : "go",
    "pypi" : "pypi"
  }
 }
 ```
--- a/jfrog-token/main.test.ts
+++ b/jfrog-token/main.test.ts
@@ -1,12 +1,29 @@
 import { serve } from "bun";
-import { describe } from "bun:test";
+import { describe, expect, it } from "bun:test";
 import {
  createJSONResponse,
  findResourceInstance,
  runTerraformInit,
  runTerraformApply,
  testRequiredVariables,
 } from "../test";
 describe("jfrog-token", async () => {
  type TestVariables = {
    agent_id: string;
    jfrog_url: string;
    artifactory_access_token: string;
    package_managers: string;
    token_description?: string;
    check_license?: boolean;
    refreshable?: boolean;
    expires_in?: number;
    username_field?: string;
    jfrog_server_id?: string;
    configure_code_server?: boolean;
  };
  await runTerraformInit(import.meta.dir);
  // Run a fake JFrog server so the provider can initialize
@@ -32,10 +49,116 @@ describe("jfrog-token", async () => {
    port: 0,
  });
-  testRequiredVariables(import.meta.dir, {
+  const fakeFrogApi = `${fakeFrogHost.hostname}:${fakeFrogHost.port}/artifactory/api`;
-    agent_id: "some-agent-id",
+  const fakeFrogUrl = `http://${fakeFrogHost.hostname}:${fakeFrogHost.port}`;
-    jfrog_url: "http://" + fakeFrogHost.hostname + ":" + fakeFrogHost.port,
+  const user = "default";
-    artifactory_access_token: "XXXX",
+  const token = "xxx";
-    package_managers: "{}",
+
  it("can run apply with required variables", async () => {
    testRequiredVariables<TestVariables>(import.meta.dir, {
      agent_id: "some-agent-id",
      jfrog_url: fakeFrogUrl,
      artifactory_access_token: "XXXX",
      package_managers: "{}",
    });
  });
  it("generates an npmrc with scoped repos", async () => {
    const state = await runTerraformApply<TestVariables>(import.meta.dir, {
      agent_id: "some-agent-id",
      jfrog_url: fakeFrogUrl,
      artifactory_access_token: "XXXX",
      package_managers: JSON.stringify({
        npm: ["global", "@foo:foo", "@bar:bar"],
      }),
    });
    const coderScript = findResourceInstance(state, "coder_script");
    const npmrcStanza = `cat << EOF > ~/.npmrc
 email=${user}@example.com
 registry=http://${fakeFrogApi}/npm/global
 //${fakeFrogApi}/npm/global/:_authToken=xxx
@foo:registry=http://${fakeFrogApi}/npm/foo
 //${fakeFrogApi}/npm/foo/:_authToken=xxx
@bar:registry=http://${fakeFrogApi}/npm/bar
 //${fakeFrogApi}/npm/bar/:_authToken=xxx
 EOF`;
    expect(coderScript.script).toContain(npmrcStanza);
    expect(coderScript.script).toContain(
      'jf npmc --global --repo-resolve "global"',
    );
    expect(coderScript.script).toContain(
      'if [ -z "YES" ]; then\n  not_configured npm',
    );
  });
  it("generates a pip config with extra-indexes", async () => {
    const state = await runTerraformApply<TestVariables>(import.meta.dir, {
      agent_id: "some-agent-id",
      jfrog_url: fakeFrogUrl,
      artifactory_access_token: "XXXX",
      package_managers: JSON.stringify({
        pypi: ["global", "foo", "bar"],
      }),
    });
    const coderScript = findResourceInstance(state, "coder_script");
    const pipStanza = `cat << EOF > ~/.pip/pip.conf
 [global]
 index-url = https://${user}:${token}@${fakeFrogApi}/pypi/global/simple
 extra-index-url =
    https://${user}:${token}@${fakeFrogApi}/pypi/foo/simple
    https://${user}:${token}@${fakeFrogApi}/pypi/bar/simple
 EOF`;
    expect(coderScript.script).toContain(pipStanza);
    expect(coderScript.script).toContain(
      'jf pipc --global --repo-resolve "global"',
    );
    expect(coderScript.script).toContain(
      'if [ -z "YES" ]; then\n  not_configured pypi',
    );
  });
  it("registers multiple docker repos", async () => {
    const state = await runTerraformApply<TestVariables>(import.meta.dir, {
      agent_id: "some-agent-id",
      jfrog_url: fakeFrogUrl,
      artifactory_access_token: "XXXX",
      package_managers: JSON.stringify({
        docker: ["foo.jfrog.io", "bar.jfrog.io", "baz.jfrog.io"],
      }),
    });
    const coderScript = findResourceInstance(state, "coder_script");
    const dockerStanza = ["foo", "bar", "baz"]
      .map((r) => `register_docker "${r}.jfrog.io"`)
      .join("\n");
    expect(coderScript.script).toContain(dockerStanza);
    expect(coderScript.script).toContain(
      'if [ -z "YES" ]; then\n  not_configured docker',
    );
  });
  it("sets goproxy with multiple repos", async () => {
    const state = await runTerraformApply<TestVariables>(import.meta.dir, {
      agent_id: "some-agent-id",
      jfrog_url: fakeFrogUrl,
      artifactory_access_token: "XXXX",
      package_managers: JSON.stringify({
        go: ["foo", "bar", "baz"],
      }),
    });
    const proxyEnv = findResourceInstance(state, "coder_env", "goproxy");
    const proxies = ["foo", "bar", "baz"]
      .map((r) => `https://${user}:${token}@${fakeFrogApi}/go/${r}`)
      .join(",");
    expect(proxyEnv.value).toEqual(proxies);
    const coderScript = findResourceInstance(state, "coder_script");
    expect(coderScript.script).toContain(
      'jf goc --global --repo-resolve "foo"',
    );
    expect(coderScript.script).toContain(
      'if [ -z "YES" ]; then\n  not_configured go',
    );
  });
 });
--- a/jfrog-token/main.tf
+++ b/jfrog-token/main.tf
@@ -80,23 +80,51 @@ variable "configure_code_server" {
 }
 variable "package_managers" {
-  type        = map(string)
+  type = object({
-  description = <<EOF
+    npm    = optional(list(string), [])
-A map of package manager names to their respective artifactory repositories.
+    go     = optional(list(string), [])
-For example:
+    pypi   = optional(list(string), [])
-    {
+    docker = optional(list(string), [])
-      "npm": "YOUR_NPM_REPO_KEY",
+  })
-      "go": "YOUR_GO_REPO_KEY",
+  description = <<-EOF
-      "pypi": "YOUR_PYPI_REPO_KEY",
+    A map of package manager names to their respective artifactory repositories. Unused package managers can be omitted.
-      "docker": "YOUR_DOCKER_REPO_KEY"
+    For example:
-    }
+      {
-EOF
+        npm    = ["GLOBAL_NPM_REPO_KEY", "@SCOPED:NPM_REPO_KEY"]
        go     = ["YOUR_GO_REPO_KEY", "ANOTHER_GO_REPO_KEY"]
        pypi   = ["YOUR_PYPI_REPO_KEY", "ANOTHER_PYPI_REPO_KEY"]
        docker = ["YOUR_DOCKER_REPO_KEY", "ANOTHER_DOCKER_REPO_KEY"]
      }
  EOF
 }
 locals {
  # The username field to use for artifactory
  username   = var.username_field == "email" ? data.coder_workspace_owner.me.email : data.coder_workspace_owner.me.name
-  jfrog_host = replace(var.jfrog_url, "https://", "")
+  jfrog_host = split("://", var.jfrog_url)[1]
  common_values = {
    JFROG_URL                = var.jfrog_url
    JFROG_HOST               = local.jfrog_host
    JFROG_SERVER_ID          = var.jfrog_server_id
    ARTIFACTORY_USERNAME     = local.username
    ARTIFACTORY_EMAIL        = data.coder_workspace_owner.me.email
    ARTIFACTORY_ACCESS_TOKEN = artifactory_scoped_token.me.access_token
  }
  npmrc = templatefile(
    "${path.module}/.npmrc.tftpl",
    merge(
      local.common_values,
      {
        REPOS = [
          for r in var.package_managers.npm :
          strcontains(r, ":") ? zipmap(["SCOPE", "NAME"], ["${split(":", r)[0]}:", split(":", r)[1]]) : { SCOPE = "", NAME = r }
        ]
      }
    )
  )
  pip_conf = templatefile(
    "${path.module}/pip.conf.tftpl", merge(local.common_values, { REPOS = var.package_managers.pypi })
  )
 }
 # Configure the Artifactory provider
@@ -123,19 +151,22 @@ resource "coder_script" "jfrog" {
  agent_id     = var.agent_id
  display_name = "jfrog"
  icon         = "/icon/jfrog.svg"
-  script = templatefile("${path.module}/run.sh", {
+  script = templatefile("${path.module}/run.sh", merge(
-    JFROG_URL : var.jfrog_url,
+    local.common_values,
-    JFROG_HOST : local.jfrog_host,
+    {
-    JFROG_SERVER_ID : var.jfrog_server_id,
+      CONFIGURE_CODE_SERVER = var.configure_code_server
-    ARTIFACTORY_USERNAME : local.username,
+      HAS_NPM               = length(var.package_managers.npm) == 0 ? "" : "YES"
-    ARTIFACTORY_EMAIL : data.coder_workspace_owner.me.email,
+      NPMRC                 = local.npmrc
-    ARTIFACTORY_ACCESS_TOKEN : artifactory_scoped_token.me.access_token,
+      REPOSITORY_NPM        = try(element(var.package_managers.npm, 0), "")
-    CONFIGURE_CODE_SERVER : var.configure_code_server,
+      HAS_GO                = length(var.package_managers.go) == 0 ? "" : "YES"
-    REPOSITORY_NPM : lookup(var.package_managers, "npm", ""),
+      REPOSITORY_GO         = try(element(var.package_managers.go, 0), "")
-    REPOSITORY_GO : lookup(var.package_managers, "go", ""),
+      HAS_PYPI              = length(var.package_managers.pypi) == 0 ? "" : "YES"
-    REPOSITORY_PYPI : lookup(var.package_managers, "pypi", ""),
+      PIP_CONF              = local.pip_conf
-    REPOSITORY_DOCKER : lookup(var.package_managers, "docker", ""),
+      REPOSITORY_PYPI       = try(element(var.package_managers.pypi, 0), "")
-  })
+      HAS_DOCKER            = length(var.package_managers.docker) == 0 ? "" : "YES"
      REGISTER_DOCKER       = join("\n", formatlist("register_docker \"%s\"", var.package_managers.docker))
    }
  ))
  run_on_start = true
 }
@@ -161,10 +192,13 @@ resource "coder_env" "jfrog_ide_store_connection" {
 }
 resource "coder_env" "goproxy" {
-  count    = lookup(var.package_managers, "go", "") == "" ? 0 : 1
+  count    = length(var.package_managers.go) == 0 ? 0 : 1
  agent_id = var.agent_id
  name     = "GOPROXY"
-  value    = "https://${local.username}:${artifactory_scoped_token.me.access_token}@${local.jfrog_host}/artifactory/api/go/${lookup(var.package_managers, "go", "")}"
+  value = join(",", [
    for repo in var.package_managers.go :
    "https://${local.username}:${artifactory_scoped_token.me.access_token}@${local.jfrog_host}/artifactory/api/go/${repo}"
  ])
 }
 output "access_token" {
--- a/jfrog-token/pip.conf.tftpl
+++ b/jfrog-token/pip.conf.tftpl
@@ -0,0 +1,6 @@
 [global]
 index-url = https://${ARTIFACTORY_USERNAME}:${ARTIFACTORY_ACCESS_TOKEN}@${JFROG_HOST}/artifactory/api/pypi/${try(element(REPOS, 0), "")}/simple
 extra-index-url =
 %{ for REPO in try(slice(REPOS, 1, length(REPOS)), []) ~}
    https://${ARTIFACTORY_USERNAME}:${ARTIFACTORY_ACCESS_TOKEN}@${JFROG_HOST}/artifactory/api/pypi/${REPO}/simple
 %{ endfor ~}
--- a/jfrog-token/run.sh
+++ b/jfrog-token/run.sh
@@ -2,6 +2,21 @@
 BOLD='\033[0;1m'
 not_configured() {
  type=$1
  echo "🤔 no $type repository is set, skipping $type configuration."
  echo "You can configure a $type repository by providing a key for '$type' in the 'package_managers' input."
 }
 config_complete() {
  echo "🥳 Configuration complete!"
 }
 register_docker() {
  repo=$1
  echo -n "${ARTIFACTORY_ACCESS_TOKEN}" | docker login "$repo" --username ${ARTIFACTORY_USERNAME} --password-stdin
 }
 # check if JFrog CLI is already installed
 if command -v jf > /dev/null 2>&1; then
  echo "✅ JFrog CLI is already installed, skipping installation."
@@ -11,8 +26,7 @@ else
  sudo chmod 755 /usr/local/bin/jf
 fi
-# The jf CLI checks $CI when determining whether to use interactive
+# The jf CLI checks $CI when determining whether to use interactive flows.
 # flows.
 export CI=true
 # Authenticate JFrog CLI with Artifactory.
 echo "${ARTIFACTORY_ACCESS_TOKEN}" | jf c add --access-token-stdin --url "${JFROG_URL}" --overwrite "${JFROG_SERVER_ID}"
@@ -20,52 +34,47 @@ echo "${ARTIFACTORY_ACCESS_TOKEN}" | jf c add --access-token-stdin --url "${JFRO
 jf c use "${JFROG_SERVER_ID}"
 # Configure npm to use the Artifactory "npm" repository.
-if [ -z "${REPOSITORY_NPM}" ]; then
+if [ -z "${HAS_NPM}" ]; then
-  echo "🤔 no npm repository is set, skipping npm configuration."
+  not_configured npm
  echo "You can configure an npm repository by providing the a key for 'npm' in the 'package_managers' input."
 else
  echo "📦 Configuring npm..."
  jf npmc --global --repo-resolve "${REPOSITORY_NPM}"
  cat << EOF > ~/.npmrc
-email=${ARTIFACTORY_EMAIL}
+${NPMRC}
 registry=${JFROG_URL}/artifactory/api/npm/${REPOSITORY_NPM}
 EOF
-  echo "//${JFROG_HOST}/artifactory/api/npm/${REPOSITORY_NPM}/:_authToken=${ARTIFACTORY_ACCESS_TOKEN}" >> ~/.npmrc
+  config_complete
 fi
 # Configure the `pip` to use the Artifactory "python" repository.
-if [ -z "${REPOSITORY_PYPI}" ]; then
+if [ -z "${HAS_PYPI}" ]; then
-  echo "🤔 no pypi repository is set, skipping pip configuration."
+  not_configured pypi
  echo "You can configure a pypi repository by providing the a key for 'pypi' in the 'package_managers' input."
 else
  echo "🐍 Configuring pip..."
  jf pipc --global --repo-resolve "${REPOSITORY_PYPI}"
  mkdir -p ~/.pip
  cat << EOF > ~/.pip/pip.conf
-[global]
+${PIP_CONF}
 index-url = https://${ARTIFACTORY_USERNAME}:${ARTIFACTORY_ACCESS_TOKEN}@${JFROG_HOST}/artifactory/api/pypi/${REPOSITORY_PYPI}/simple
 EOF
  config_complete
 fi
 # Configure Artifactory "go" repository.
-if [ -z "${REPOSITORY_GO}" ]; then
+if [ -z "${HAS_GO}" ]; then
-  echo "🤔 no go repository is set, skipping go configuration."
+  not_configured go
  echo "You can configure a go repository by providing the a key for 'go' in the 'package_managers' input."
 else
  echo "🐹 Configuring go..."
  jf goc --global --repo-resolve "${REPOSITORY_GO}"
  config_complete
 fi
 echo "🥳 Configuration complete!"
 # Configure the JFrog CLI to use the Artifactory "docker" repository.
-if [ -z "${REPOSITORY_DOCKER}" ]; then
+if [ -z "${HAS_DOCKER}" ]; then
-  echo "🤔 no docker repository is set, skipping docker configuration."
+  not_configured docker
  echo "You can configure a docker repository by providing the a key for 'docker' in the 'package_managers' input."
 else
  if command -v docker > /dev/null 2>&1; then
    echo "🔑 Configuring 🐳 docker credentials..."
    mkdir -p ~/.docker
-    echo -n "${ARTIFACTORY_ACCESS_TOKEN}" | docker login ${JFROG_HOST} --username ${ARTIFACTORY_USERNAME} --password-stdin
+    ${REGISTER_DOCKER}
  else
    echo "🤔 no docker is installed, skipping docker configuration."
  fi
@@ -96,20 +105,19 @@ echo "📦 Configuring JFrog CLI completion..."
 SHELLNAME=$(grep "^$USER" /etc/passwd | awk -F':' '{print $7}' | awk -F'/' '{print $NF}')
 # Generate the completion script
 jf completion $SHELLNAME --install
 begin_stanza="# BEGIN: jf CLI shell completion (added by coder module jfrog-token)"
 # Add the completion script to the user's shell profile
 if [ "$SHELLNAME" == "bash" ] && [ -f ~/.bashrc ]; then
-  if ! grep -q "# jf CLI shell completion" ~/.bashrc; then
+  if ! grep -q "$begin_stanza" ~/.bashrc; then
-    echo "" >> ~/.bashrc
+    printf "%s\n" "$begin_stanza" >> ~/.bashrc
    echo "# BEGIN: jf CLI shell completion (added by coder module jfrog-token)" >> ~/.bashrc
    echo 'source "$HOME/.jfrog/jfrog_bash_completion"' >> ~/.bashrc
    echo "# END: jf CLI shell completion" >> ~/.bashrc
  else
    echo "🥳 ~/.bashrc already contains jf CLI shell completion configuration, skipping."
  fi
 elif [ "$SHELLNAME" == "zsh" ] && [ -f ~/.zshrc ]; then
-  if ! grep -q "# jf CLI shell completion" ~/.zshrc; then
+  if ! grep -q "$begin_stanza" ~/.zshrc; then
-    echo "" >> ~/.zshrc
+    printf "\n%s\n" "$begin_stanza" >> ~/.zshrc
    echo "# BEGIN: jf CLI shell completion (added by coder module jfrog-token)" >> ~/.zshrc
    echo "autoload -Uz compinit" >> ~/.zshrc
    echo "compinit" >> ~/.zshrc
    echo 'source "$HOME/.jfrog/jfrog_zsh_completion"' >> ~/.zshrc
--- a/jupyter-notebook/README.md
+++ b/jupyter-notebook/README.md
@@ -16,7 +16,7 @@ A module that adds Jupyter Notebook in your Coder template.
 ```tf
 module "jupyter-notebook" {
  source   = "registry.coder.com/modules/jupyter-notebook/coder"
-  version  = "1.0.8"
+  version  = "1.0.19"
  agent_id = coder_agent.example.id
 }
 ```
--- a/jupyter-notebook/run.sh
+++ b/jupyter-notebook/run.sh
@@ -7,14 +7,14 @@ printf "$${BOLD}Installing jupyter-notebook!\n"
 # check if jupyter-notebook is installed
 if ! command -v jupyter-notebook > /dev/null 2>&1; then
  # install jupyter-notebook
-  # check if python3 pip is installed
+  # check if pipx is installed
-  if ! command -v pip3 > /dev/null 2>&1; then
+  if ! command -v pipx > /dev/null 2>&1; then
-    echo "pip3 is not installed"
+    echo "pipx is not installed"
-    echo "Please install pip3 in your Dockerfile/VM image before running this script"
+    echo "Please install pipx in your Dockerfile/VM image before using this module"
    exit 1
  fi
-  # install jupyter-notebook
+  # install jupyter notebook
-  pip3 install --upgrade --no-cache-dir --no-warn-script-location jupyter
+  pipx install -q notebook
  echo "🥳 jupyter-notebook has been installed\n\n"
 else
  echo "🥳 jupyter-notebook is already installed\n\n"
@@ -22,4 +22,4 @@ fi
 echo "👷 Starting jupyter-notebook in background..."
 echo "check logs at ${LOG_PATH}"
-$HOME/.local/bin/jupyter notebook --NotebookApp.ip='0.0.0.0' --ServerApp.port=${PORT} --no-browser --ServerApp.token='' --ServerApp.password='' > ${LOG_PATH} 2>&1 &
+$HOME/.local/bin/jupyter-notebook --NotebookApp.ip='0.0.0.0' --ServerApp.port=${PORT} --no-browser --ServerApp.token='' --ServerApp.password='' > ${LOG_PATH} 2>&1 &
--- a/jupyterlab/README.md
+++ b/jupyterlab/README.md
@@ -16,7 +16,7 @@ A module that adds JupyterLab in your Coder template.
 ```tf
 module "jupyterlab" {
  source   = "registry.coder.com/modules/jupyterlab/coder"
-  version  = "1.0.8"
+  version  = "1.0.23"
  agent_id = coder_agent.example.id
 }
 ```
--- a/jupyterlab/main.test.ts
+++ b/jupyterlab/main.test.ts
@@ -1,20 +1,20 @@
 import { describe, expect, it } from "bun:test";
 import {
  execContainer,
  executeScriptInContainer,
  findResourceInstance,
  runContainer,
  runTerraformApply,
  runTerraformInit,
  testRequiredVariables,
-  findResourceInstance,
+  type TerraformState,
  runContainer,
  TerraformState,
  execContainer,
 } from "../test";
 // executes the coder script after installing pip
 const executeScriptInContainerWithPip = async (
  state: TerraformState,
  image: string,
-  shell: string = "sh",
+  shell = "sh",
 ): Promise<{
  exitCode: number;
  stdout: string[];
@@ -22,7 +22,7 @@ const executeScriptInContainerWithPip = async (
 }> => {
  const instance = findResourceInstance(state, "coder_script");
  const id = await runContainer(image);
-  const respPip = await execContainer(id, [shell, "-c", "apk add py3-pip"]);
+  const respPipx = await execContainer(id, [shell, "-c", "apk add pipx"]);
  const resp = await execContainer(id, [shell, "-c", instance.script]);
  const stdout = resp.stdout.trim().split("\n");
  const stderr = resp.stderr.trim().split("\n");
@@ -40,7 +40,7 @@ describe("jupyterlab", async () => {
    agent_id: "foo",
  });
-  it("fails without pip3", async () => {
+  it("fails without pipx", async () => {
    const state = await runTerraformApply(import.meta.dir, {
      agent_id: "foo",
    });
@@ -48,14 +48,14 @@ describe("jupyterlab", async () => {
    expect(output.exitCode).toBe(1);
    expect(output.stdout).toEqual([
      "\u001B[0;1mInstalling jupyterlab!",
-      "pip3 is not installed",
+      "pipx is not installed",
-      "Please install pip3 in your Dockerfile/VM image before running this script",
+      "Please install pipx in your Dockerfile/VM image before running this script",
    ]);
  });
-  // TODO: Add faster test to run with pip3.
+  // TODO: Add faster test to run with pipx.
  // currently times out.
-  // it("runs with pip3", async () => {
+  // it("runs with pipx", async () => {
  //   ...
  //   const output = await executeScriptInContainerWithPip(state, "alpine");
  //   ...
--- a/jupyterlab/main.tf
+++ b/jupyterlab/main.tf
@@ -9,6 +9,9 @@ terraform {
  }
 }
 data "coder_workspace" "me" {}
 data "coder_workspace_owner" "me" {}
 # Add required variables for your modules and remove any unneeded variables
 variable "agent_id" {
  type        = string
@@ -36,6 +39,12 @@ variable "share" {
  }
 }
 variable "subdomain" {
  type        = bool
  description = "Determines whether JupyterLab will be accessed via its own subdomain or whether it will be accessed via a path on Coder."
  default     = true
 }
 variable "order" {
  type        = number
  description = "The order determines the position of app in the UI presentation. The lowest order is shown first and apps with equal order are sorted by name (ascending order)."
@@ -49,17 +58,18 @@ resource "coder_script" "jupyterlab" {
  script = templatefile("${path.module}/run.sh", {
    LOG_PATH : var.log_path,
    PORT : var.port
    BASE_URL : var.subdomain ? "" : "/@${data.coder_workspace_owner.me.name}/${data.coder_workspace.me.name}/apps/jupyterlab"
  })
  run_on_start = true
 }
 resource "coder_app" "jupyterlab" {
  agent_id     = var.agent_id
-  slug         = "jupyterlab"
+  slug         = "jupyterlab" # sync with the usage in URL
  display_name = "JupyterLab"
-  url          = "http://localhost:${var.port}"
+  url          = var.subdomain ? "http://localhost:${var.port}" : "http://localhost:${var.port}/@${data.coder_workspace_owner.me.name}/${data.coder_workspace.me.name}/apps/jupyterlab"
  icon         = "/icon/jupyter.svg"
-  subdomain    = true
+  subdomain    = var.subdomain
  share        = var.share
  order        = var.order
 }
--- a/jupyterlab/run.sh
+++ b/jupyterlab/run.sh
@@ -1,25 +1,35 @@
 #!/usr/bin/env sh
 if [ -n "${BASE_URL}" ]; then
  BASE_URL_FLAG="--ServerApp.base_url=${BASE_URL}"
 fi
 BOLD='\033[0;1m'
 printf "$${BOLD}Installing jupyterlab!\n"
 # check if jupyterlab is installed
-if ! command -v jupyterlab > /dev/null 2>&1; then
+if ! command -v jupyter-lab > /dev/null 2>&1; then
  # install jupyterlab
-  # check if python3 pip is installed
+  # check if pipx is installed
-  if ! command -v pip3 > /dev/null 2>&1; then
+  if ! command -v pipx > /dev/null 2>&1; then
-    echo "pip3 is not installed"
+    echo "pipx is not installed"
-    echo "Please install pip3 in your Dockerfile/VM image before running this script"
+    echo "Please install pipx in your Dockerfile/VM image before running this script"
    exit 1
  fi
  # install jupyterlab
-  pip3 install --upgrade --no-cache-dir --no-warn-script-location jupyterlab
+  pipx install -q jupyterlab
-  echo "🥳 jupyterlab has been installed\n\n"
+  printf "%s\n\n" "🥳 jupyterlab has been installed"
 else
-  echo "🥳 jupyterlab is already installed\n\n"
+  printf "%s\n\n" "🥳 jupyterlab is already installed"
 fi
-echo "👷 Starting jupyterlab in background..."
+printf "👷 Starting jupyterlab in background..."
-echo "check logs at ${LOG_PATH}"
+printf "check logs at ${LOG_PATH}"
-$HOME/.local/bin/jupyter lab --ServerApp.ip='0.0.0.0' --ServerApp.port=${PORT} --no-browser --ServerApp.token='' --ServerApp.password='' > ${LOG_PATH} 2>&1 &
+$HOME/.local/bin/jupyter-lab --no-browser \
  "$BASE_URL_FLAG" \
  --ServerApp.ip='*' \
  --ServerApp.port="${PORT}" \
  --ServerApp.token='' \
  --ServerApp.password='' \
  > "${LOG_PATH}" 2>&1 &
--- a/kasmvnc/README.md
+++ b/kasmvnc/README.md
@@ -0,0 +1,23 @@
 ---
 display_name: KasmVNC
 description: A modern open source VNC server
 icon: ../.icons/kasmvnc.svg
 maintainer_github: coder
 verified: true
 tags: [helper, vnc, desktop]
 ---
 # KasmVNC
 Automatically install [KasmVNC](https://kasmweb.com/kasmvnc) in a workspace, and create an app to access it via the dashboard.
 ```tf
 module "kasmvnc" {
  source              = "registry.coder.com/modules/kasmvnc/coder"
  version             = "1.0.23"
  agent_id            = coder_agent.example.id
  desktop_environment = "xfce"
 }
 ```
 > **Note:** This module only works on workspaces with a pre-installed desktop environment. As an example base image you can use `codercom/enterprise-desktop` image.
--- a/kasmvnc/main.test.ts
+++ b/kasmvnc/main.test.ts
@@ -0,0 +1,37 @@
 import { describe, expect, it } from "bun:test";
 import {
  runTerraformApply,
  runTerraformInit,
  testRequiredVariables,
 } from "../test";
 const allowedDesktopEnvs = ["xfce", "kde", "gnome", "lxde", "lxqt"] as const;
 type AllowedDesktopEnv = (typeof allowedDesktopEnvs)[number];
 type TestVariables = Readonly<{
  agent_id: string;
  desktop_environment: AllowedDesktopEnv;
  port?: string;
  kasm_version?: string;
 }>;
 describe("Kasm VNC", async () => {
  await runTerraformInit(import.meta.dir);
  testRequiredVariables<TestVariables>(import.meta.dir, {
    agent_id: "foo",
    desktop_environment: "gnome",
  });
  it("Successfully installs for all expected Kasm desktop versions", async () => {
    for (const v of allowedDesktopEnvs) {
      const applyWithEnv = () => {
        runTerraformApply<TestVariables>(import.meta.dir, {
          agent_id: "foo",
          desktop_environment: v,
        });
      };
      expect(applyWithEnv).not.toThrow();
    }
  });
 });
--- a/kasmvnc/main.tf
+++ b/kasmvnc/main.tf
@@ -0,0 +1,63 @@
 terraform {
  required_version = ">= 1.0"
  required_providers {
    coder = {
      source  = "coder/coder"
      version = ">= 0.12"
    }
  }
 }
 variable "agent_id" {
  type        = string
  description = "The ID of a Coder agent."
 }
 variable "port" {
  type        = number
  description = "The port to run KasmVNC on."
  default     = 6800
 }
 variable "kasm_version" {
  type        = string
  description = "Version of KasmVNC to install."
  default     = "1.3.2"
 }
 variable "desktop_environment" {
  type        = string
  description = "Specifies the desktop environment of the workspace. This should be pre-installed on the workspace."
  validation {
    condition     = contains(["xfce", "kde", "gnome", "lxde", "lxqt"], var.desktop_environment)
    error_message = "Invalid desktop environment. Please specify a valid desktop environment."
  }
 }
 resource "coder_script" "kasm_vnc" {
  agent_id     = var.agent_id
  display_name = "KasmVNC"
  icon         = "/icon/kasmvnc.svg"
  script = templatefile("${path.module}/run.sh", {
    PORT : var.port,
    DESKTOP_ENVIRONMENT : var.desktop_environment,
    KASM_VERSION : var.kasm_version
  })
  run_on_start = true
 }
 resource "coder_app" "kasm_vnc" {
  agent_id     = var.agent_id
  slug         = "kasm-vnc"
  display_name = "kasmVNC"
  url          = "http://localhost:${var.port}"
  icon         = "/icon/kasmvnc.svg"
  subdomain    = true
  share        = "owner"
  healthcheck {
    url       = "http://localhost:${var.port}/app"
    interval  = 5
    threshold = 5
  }
 }
--- a/kasmvnc/run.sh
+++ b/kasmvnc/run.sh
@@ -0,0 +1,235 @@
 #!/usr/bin/env bash
 # Exit on error, undefined variables, and pipe failures
 set -euo pipefail
 # Function to check if vncserver is already installed
 check_installed() {
  if command -v vncserver &> /dev/null; then
    echo "vncserver is already installed."
    return 0 # Don't exit, just indicate it's installed
  else
    return 1 # Indicates not installed
  fi
 }
 # Function to download a file using wget, curl, or busybox as a fallback
 download_file() {
  local url="$1"
  local output="$2"
  local download_tool
  if command -v curl &> /dev/null; then
    # shellcheck disable=SC2034
    download_tool=(curl -fsSL)
  elif command -v wget &> /dev/null; then
    # shellcheck disable=SC2034
    download_tool=(wget -q -O-)
  elif command -v busybox &> /dev/null; then
    # shellcheck disable=SC2034
    download_tool=(busybox wget -O-)
  else
    echo "ERROR: No download tool available (curl, wget, or busybox required)"
    exit 1
  fi
  # shellcheck disable=SC2288
  "$${download_tool[@]}" "$url" > "$output" || {
    echo "ERROR: Failed to download $url"
    exit 1
  }
 }
 # Function to install kasmvncserver for debian-based distros
 install_deb() {
  local url=$1
  local kasmdeb="/tmp/kasmvncserver.deb"
  download_file "$url" "$kasmdeb"
  CACHE_DIR="/var/lib/apt/lists/partial"
  # Check if the directory exists and was modified in the last 60 minutes
  if [[ ! -d "$CACHE_DIR" ]] || ! find "$CACHE_DIR" -mmin -60 -print -quit &> /dev/null; then
    echo "Stale package cache, updating..."
    # Update package cache with a 300-second timeout for dpkg lock
    sudo apt-get -o DPkg::Lock::Timeout=300 -qq update
  fi
  DEBIAN_FRONTEND=noninteractive sudo apt-get -o DPkg::Lock::Timeout=300 install --yes -qq --no-install-recommends --no-install-suggests "$kasmdeb"
  rm "$kasmdeb"
 }
 # Function to install kasmvncserver for rpm-based distros
 install_rpm() {
  local url=$1
  local kasmrpm="/tmp/kasmvncserver.rpm"
  local package_manager
  if command -v dnf &> /dev/null; then
    # shellcheck disable=SC2034
    package_manager=(dnf localinstall -y)
  elif command -v zypper &> /dev/null; then
    # shellcheck disable=SC2034
    package_manager=(zypper install -y)
  elif command -v yum &> /dev/null; then
    # shellcheck disable=SC2034
    package_manager=(yum localinstall -y)
  elif command -v rpm &> /dev/null; then
    # Do we need to manually handle missing dependencies?
    # shellcheck disable=SC2034
    package_manager=(rpm -i)
  else
    echo "ERROR: No supported package manager available (dnf, zypper, yum, or rpm required)"
    exit 1
  fi
  download_file "$url" "$kasmrpm"
  # shellcheck disable=SC2288
  sudo "$${package_manager[@]}" "$kasmrpm" || {
    echo "ERROR: Failed to install $kasmrpm"
    exit 1
  }
  rm "$kasmrpm"
 }
 # Function to install kasmvncserver for Alpine Linux
 install_alpine() {
  local url=$1
  local kasmtgz="/tmp/kasmvncserver.tgz"
  download_file "$url" "$kasmtgz"
  tar -xzf "$kasmtgz" -C /usr/local/bin/
  rm "$kasmtgz"
 }
 # Detect system information
 if [[ ! -f /etc/os-release ]]; then
  echo "ERROR: Cannot detect OS: /etc/os-release not found"
  exit 1
 fi
 # shellcheck disable=SC1091
 source /etc/os-release
 distro="$ID"
 distro_version="$VERSION_ID"
 codename="$VERSION_CODENAME"
 arch="$(uname -m)"
 if [[ "$ID" == "ol" ]]; then
  distro="oracle"
  distro_version="$${distro_version%%.*}"
 elif [[ "$ID" == "fedora" ]]; then
  distro_version="$(grep -oP '\(\K[\w ]+' /etc/fedora-release | tr '[:upper:]' '[:lower:]' | tr -d ' ')"
 fi
 echo "Detected Distribution: $distro"
 echo "Detected Version: $distro_version"
 echo "Detected Codename: $codename"
 echo "Detected Architecture: $arch"
 # Map arch to package arch
 case "$arch" in
  x86_64)
    if [[ "$distro" =~ ^(ubuntu|debian|kali)$ ]]; then
      arch="amd64"
    fi
    ;;
  aarch64)
    if [[ "$distro" =~ ^(ubuntu|debian|kali)$ ]]; then
      arch="arm64"
    fi
    ;;
  arm64)
    : # This is effectively a noop
    ;;
  *)
    echo "ERROR: Unsupported architecture: $arch"
    exit 1
    ;;
 esac
 # Check if vncserver is installed, and install if not
 if ! check_installed; then
  # Check for NOPASSWD sudo (required)
  if ! command -v sudo &> /dev/null || ! sudo -n true 2> /dev/null; then
    echo "ERROR: sudo NOPASSWD access required!"
    exit 1
  fi
  base_url="https://github.com/kasmtech/KasmVNC/releases/download/v${KASM_VERSION}"
  echo "Installing KASM version: ${KASM_VERSION}"
  case $distro in
    ubuntu | debian | kali)
      bin_name="kasmvncserver_$${codename}_${KASM_VERSION}_$${arch}.deb"
      install_deb "$base_url/$bin_name"
      ;;
    oracle | fedora | opensuse)
      bin_name="kasmvncserver_$${distro}_$${distro_version}_${KASM_VERSION}_$${arch}.rpm"
      install_rpm "$base_url/$bin_name"
      ;;
    alpine)
      bin_name="kasmvnc.alpine_$${distro_version//./}_$${arch}.tgz"
      install_alpine "$base_url/$bin_name"
      ;;
    *)
      echo "Unsupported distribution: $distro"
      exit 1
      ;;
  esac
 else
  echo "vncserver already installed. Skipping installation."
 fi
 if command -v sudo &> /dev/null && sudo -n true 2> /dev/null; then
  kasm_config_file="/etc/kasmvnc/kasmvnc.yaml"
  SUDO=sudo
 else
  kasm_config_file="$HOME/.vnc/kasmvnc.yaml"
  SUDO=
  echo "WARNING: Sudo access not available, using user config dir!"
  if [[ -f "$kasm_config_file" ]]; then
    echo "WARNING: Custom user KasmVNC config exists, not overwriting!"
    echo "WARNING: Ensure that you manually configure the appropriate settings."
    kasm_config_file="/dev/stderr"
  else
    echo "WARNING: This may prevent custom user KasmVNC settings from applying!"
    mkdir -p "$HOME/.vnc"
  fi
 fi
 echo "Writing KasmVNC config to $kasm_config_file"
 $SUDO tee "$kasm_config_file" > /dev/null << EOF
 network:
  protocol: http
  websocket_port: ${PORT}
  ssl:
    require_ssl: false
    pem_certificate:
    pem_key:
  udp:
    public_ip: 127.0.0.1
 EOF
 # This password is not used since we start the server without auth.
 # The server is protected via the Coder session token / tunnel
 # and does not listen publicly
 echo -e "password\npassword\n" | vncpasswd -wo -u "$USER"
 # Start the server
 printf "🚀 Starting KasmVNC server...\n"
 vncserver -select-de "${DESKTOP_ENVIRONMENT}" -disableBasicAuth > /tmp/kasmvncserver.log 2>&1 &
 pid=$!
 # Wait for server to start
 sleep 5
 grep -v '^[[:space:]]*$' /tmp/kasmvncserver.log | tail -n 10
 if ps -p $pid | grep -q "^$pid"; then
  echo "ERROR: Failed to start KasmVNC server. Check full logs at /tmp/kasmvncserver.log"
  exit 1
 fi
 printf "🚀 KasmVNC server started successfully!\n"
--- a/nodejs/main.test.ts
+++ b/nodejs/main.test.ts
@@ -1,4 +1,4 @@
-import { describe, expect, it } from "bun:test";
+import { describe } from "bun:test";
 import { runTerraformInit, testRequiredVariables } from "../test";
 describe("nodejs", async () => {
--- a/personalize/main.test.ts
+++ b/personalize/main.test.ts
@@ -1,13 +1,9 @@
 import { readableStreamToText, spawn } from "bun";
 import { describe, expect, it } from "bun:test";
 import {
  executeScriptInContainer,
  runTerraformApply,
  runTerraformInit,
  testRequiredVariables,
  runContainer,
  execContainer,
  findResourceInstance,
 } from "../test";
 describe("personalize", async () => {
--- a/slackme/main.test.ts
+++ b/slackme/main.test.ts
@@ -72,7 +72,7 @@ executed`,
  it("formats execution with milliseconds", async () => {
    await assertSlackMessage({
      command: "echo test",
-      format: `$COMMAND took $DURATION`,
+      format: "$COMMAND took $DURATION",
      durationMS: 150,
      output: "echo test took 150ms",
    });
@@ -81,7 +81,7 @@ executed`,
  it("formats execution with seconds", async () => {
    await assertSlackMessage({
      command: "echo test",
-      format: `$COMMAND took $DURATION`,
+      format: "$COMMAND took $DURATION",
      durationMS: 15000,
      output: "echo test took 15.0s",
    });
@@ -90,7 +90,7 @@ executed`,
  it("formats execution with minutes", async () => {
    await assertSlackMessage({
      command: "echo test",
-      format: `$COMMAND took $DURATION`,
+      format: "$COMMAND took $DURATION",
      durationMS: 120000,
      output: "echo test took 2m 0.0s",
    });
@@ -99,7 +99,7 @@ executed`,
  it("formats execution with hours", async () => {
    await assertSlackMessage({
      command: "echo test",
-      format: `$COMMAND took $DURATION`,
+      format: "$COMMAND took $DURATION",
      durationMS: 60000 * 60,
      output: "echo test took 1hr 0m 0.0s",
    });
--- a/terraform_validate.sh
+++ b/terraform_validate.sh
@@ -4,25 +4,25 @@ set -euo pipefail
 # Function to run terraform init and validate in a directory
 run_terraform() {
-    local dir="$1"
+  local dir="$1"
-    echo "Running terraform init and validate in $dir"
+  echo "Running terraform init and validate in $dir"
-    pushd "$dir"
+  pushd "$dir"
-    terraform init -upgrade
+  terraform init -upgrade
-    terraform validate
+  terraform validate
-    popd
+  popd
 }
 # Main script
 main() {
-    # Get the directory of the script
+  # Get the directory of the script
-    script_dir=$(dirname "$(readlink -f "$0")")
+  script_dir=$(dirname "$(readlink -f "$0")")
-    # Get all subdirectories in the repository
+  # Get all subdirectories in the repository
-    subdirs=$(find "$script_dir" -mindepth 1 -maxdepth 1 -type d -not -name ".*" | sort)
+  subdirs=$(find "$script_dir" -mindepth 1 -maxdepth 1 -type d -not -name ".*" | sort)
-    for dir in $subdirs; do
+  for dir in $subdirs; do
-        run_terraform "$dir"
+    run_terraform "$dir"
-    done
+  done
 }
 # Run the main script
--- a/test.ts
+++ b/test.ts
@@ -1,6 +1,6 @@
 import { readableStreamToText, spawn } from "bun";
-import { afterEach, expect, it } from "bun:test";
+import { expect, it } from "bun:test";
-import { readFile, unlink } from "fs/promises";
+import { readFile, unlink } from "node:fs/promises";
 export const runContainer = async (
  image: string,
@@ -21,7 +21,8 @@ export const runContainer = async (
    "-c",
    init,
  ]);
-  let containerID = await readableStreamToText(proc.stdout);
+
  const containerID = await readableStreamToText(proc.stdout);
  const exitCode = await proc.exited;
  if (exitCode !== 0) {
    throw new Error(containerID);
@@ -36,7 +37,7 @@ export const runContainer = async (
 export const executeScriptInContainer = async (
  state: TerraformState,
  image: string,
-  shell: string = "sh",
+  shell = "sh",
 ): Promise<{
  exitCode: number;
  stdout: string[];
@@ -108,12 +109,17 @@ export interface TerraformState {
  resources: [TerraformStateResource, ...TerraformStateResource[]];
 }
 type TerraformVariables = Record<string, JsonValue>;
 export interface CoderScriptAttributes {
  script: string;
  agent_id: string;
  url: string;
 }
 export type ResourceInstance<T extends string = string> =
  T extends "coder_script" ? CoderScriptAttributes : Record<string, string>;
 /**
 * finds the first instance of the given resource type in the given state. If
 * name is specified, it will only find the instance with the given name.
@@ -122,10 +128,7 @@ export const findResourceInstance = <T extends string>(
  state: TerraformState,
  type: T,
  name?: string,
-  // if type is "coder_script" return CoderScriptAttributes
+): ResourceInstance<T> => {
 ): T extends "coder_script"
  ? CoderScriptAttributes
  : Record<string, string> => {
  const resource = state.resources.find(
    (resource) =>
      resource.type === type && (name ? resource.name === name : true),
@@ -138,16 +141,17 @@ export const findResourceInstance = <T extends string>(
      `Resource ${type} has ${resource.instances.length} instances`,
    );
  }
-  return resource.instances[0].attributes as any;
+
  return resource.instances[0].attributes as ResourceInstance<T>;
 };
 /**
 * Creates a test-case for each variable provided and ensures that the apply
 * fails without it.
 */
-export const testRequiredVariables = <TVars extends Record<string, string>>(
+export const testRequiredVariables = <TVars extends TerraformVariables>(
  dir: string,
-  vars: TVars,
+  vars: Readonly<TVars>,
 ) => {
  // Ensures that all required variables are provided.
  it("required variables", async () => {
@@ -155,15 +159,15 @@ export const testRequiredVariables = <TVars extends Record<string, string>>(
  });
  const varNames = Object.keys(vars);
-  varNames.forEach((varName) => {
+  for (const varName of varNames) {
    // Ensures that every variable provided is required!
-    it("missing variable " + varName, async () => {
+    it(`missing variable: ${varName}`, async () => {
-      const localVars: Record<string, string> = {};
+      const localVars: TerraformVariables = {};
-      varNames.forEach((otherVarName) => {
+      for (const otherVarName of varNames) {
        if (otherVarName !== varName) {
          localVars[otherVarName] = vars[otherVarName];
        }
-      });
+      }
      try {
        await runTerraformApply(dir, localVars);
@@ -179,7 +183,7 @@ export const testRequiredVariables = <TVars extends Record<string, string>>(
      }
      throw new Error(`${varName} is not a required variable!`);
    });
-  });
+  }
 };
 /**
@@ -187,11 +191,9 @@ export const testRequiredVariables = <TVars extends Record<string, string>>(
 * fine to run in parallel with other instances of this function, as it uses a
 * random state file.
 */
-export const runTerraformApply = async <
+export const runTerraformApply = async <TVars extends TerraformVariables>(
  TVars extends Readonly<Record<string, string | boolean>>,
 >(
  dir: string,
-  vars: TVars,
+  vars: Readonly<TVars>,
  env?: Record<string, string>,
 ): Promise<TerraformState> => {
  const stateFile = `${dir}/${crypto.randomUUID()}.tfstate`;
--- a/tsconfig.json
+++ b/tsconfig.json
@@ -1,10 +1,14 @@
 {
  "compilerOptions": {
-    "target": "esnext",
+    // If we were just compiling for the tests, we could safely target ESNext at
-    "module": "esnext",
+    // all times, but just because we've been starting to add more runtime logic
    // files to some of the modules, erring on the side of caution by having a
    // older compilation target
    "target": "ES6",
    "module": "ESNext",
    "strict": true,
    "allowSyntheticDefaultImports": true,
-    "moduleResolution": "nodenext",
+    "moduleResolution": "node",
    "types": ["bun-types"]
  }
 }
--- a/update-version.sh
+++ b/update-version.sh
@@ -1,20 +1,24 @@
 #!/usr/bin/env bash
-# This script updates the version number in the README.md files of all modules
+# This script increments the version number in the README.md files of all modules
-# to the latest tag in the repository. It is intended to be run from the root
+# by 1 patch version. It is intended to be run from the root
 # of the repository or by using the `bun update-version` command.
 set -euo pipefail
 current_tag=$(git describe --tags --abbrev=0)
 previous_tag=$(git describe --tags --abbrev=0 $current_tag^)
 mapfile -t changed_dirs < <(git diff --name-only "$previous_tag"..."$current_tag" -- ':!**/README.md' ':!**/*.test.ts' | xargs dirname | grep -v '^\.' | sort -u)
-LATEST_TAG=$(git describe --abbrev=0 --tags | sed 's/^v//') || exit $?
+# Increment the patch version
 LATEST_TAG=$(echo "$current_tag" | sed 's/^v//' | awk -F. '{print $1"."$2"."$3+1}') || exit $?
 # List directories with changes that are not README.md or test files
 mapfile -t changed_dirs < <(git diff --name-only "$current_tag" -- ':!**/README.md' ':!**/*.test.ts' | xargs dirname | grep -v '^\.' | sort -u)
 echo "Directories with changes: ${changed_dirs[*]}"
 # Iterate over directories and update version in README.md
 for dir in "${changed_dirs[@]}"; do
  if [[ -f "$dir/README.md" ]]; then
    echo "Bumping version in $dir/README.md"
    file="$dir/README.md"
    tmpfile=$(mktemp /tmp/tempfile.XXXXXX)
    awk -v tag="$LATEST_TAG" '{
@@ -25,5 +29,12 @@ for dir in "${changed_dirs[@]}"; do
        print
      }
    }' "$file" > "$tmpfile" && mv "$tmpfile" "$file"
    # Check if the README.md file has changed
    if ! git diff --quiet -- "$dir/README.md"; then
      echo "Bumping version in $dir/README.md from $current_tag to $LATEST_TAG (incremented)"
    else
      echo "Version in $dir/README.md is already up to date"
    fi
  fi
 done
--- a/vault-jwt/README.md
+++ b/vault-jwt/README.md
@@ -0,0 +1,77 @@
 ---
 display_name: Hashicorp Vault Integration (JWT)
 description: Authenticates with Vault using a JWT from Coder's OIDC provider
 icon: ../.icons/vault.svg
 maintainer_github: coder
 partner_github: hashicorp
 verified: true
 tags: [helper, integration, vault, jwt, oidc]
 ---
 # Hashicorp Vault Integration (JWT)
 This module lets you authenticate with [Hashicorp Vault](https://www.vaultproject.io/) in your Coder workspaces by reusing the [OIDC](https://coder.com/docs/admin/auth#openid-connect) access token from Coder's OIDC authentication method. This requires configuring the Vault [JWT/OIDC](https://developer.hashicorp.com/vault/docs/auth/jwt#configuration) auth method.
 ```tf
 module "vault" {
  source         = "registry.coder.com/modules/vault-jwt/coder"
  version        = "1.0.20"
  agent_id       = coder_agent.example.id
  vault_addr     = "https://vault.example.com"
  vault_jwt_role = "coder" # The Vault role to use for authentication
 }
 ```
 Then you can use the Vault CLI in your workspaces to fetch secrets from Vault:
 ```shell
 vault kv get -namespace=coder -mount=secrets coder
 ```
 or using the Vault API:
 ```shell
 curl -H "X-Vault-Token: ${VAULT_TOKEN}" -X GET "${VAULT_ADDR}/v1/coder/secrets/data/coder"
 ```
 ## Examples
 ### Configure Vault integration with a non standard auth path (default is "jwt")
 ```tf
 module "vault" {
  source              = "registry.coder.com/modules/vault-jwt/coder"
  version             = "1.0.20"
  agent_id            = coder_agent.example.id
  vault_addr          = "https://vault.example.com"
  vault_jwt_auth_path = "oidc"
  vault_jwt_role      = "coder" # The Vault role to use for authentication
 }
 ```
 ### Map workspace owner's group to a Vault role
 ```tf
 data "coder_workspace_owner" "me" {}
 module "vault" {
  source         = "registry.coder.com/modules/vault-jwt/coder"
  version        = "1.0.20"
  agent_id       = coder_agent.example.id
  vault_addr     = "https://vault.example.com"
  vault_jwt_role = data.coder_workspace_owner.me.groups[0]
 }
 ```
 ### Install a specific version of the Vault CLI
 ```tf
 module "vault" {
  source            = "registry.coder.com/modules/vault-jwt/coder"
  version           = "1.0.20"
  agent_id          = coder_agent.example.id
  vault_addr        = "https://vault.example.com"
  vault_jwt_role    = "coder" # The Vault role to use for authentication
  vault_cli_version = "1.17.5"
 }
 ```
--- a/vault-jwt/main.test.ts
+++ b/vault-jwt/main.test.ts
@@ -0,0 +1,12 @@
 import { describe } from "bun:test";
 import { runTerraformInit, testRequiredVariables } from "../test";
 describe("vault-jwt", async () => {
  await runTerraformInit(import.meta.dir);
  testRequiredVariables(import.meta.dir, {
    agent_id: "foo",
    vault_addr: "foo",
    vault_jwt_role: "foo",
  });
 });
--- a/vault-jwt/main.tf
+++ b/vault-jwt/main.tf
@@ -0,0 +1,64 @@
 terraform {
  required_version = ">= 1.0"
  required_providers {
    coder = {
      source  = "coder/coder"
      version = ">= 0.12.4"
    }
  }
 }
 # Add required variables for your modules and remove any unneeded variables
 variable "agent_id" {
  type        = string
  description = "The ID of a Coder agent."
 }
 variable "vault_addr" {
  type        = string
  description = "The address of the Vault server."
 }
 variable "vault_jwt_auth_path" {
  type        = string
  description = "The path to the Vault JWT auth method."
  default     = "jwt"
 }
 variable "vault_jwt_role" {
  type        = string
  description = "The name of the Vault role to use for authentication."
 }
 variable "vault_cli_version" {
  type        = string
  description = "The version of Vault to install."
  default     = "latest"
  validation {
    condition     = can(regex("^(latest|[0-9]+\\.[0-9]+\\.[0-9]+)$", var.vault_cli_version))
    error_message = "Vault version must be in the format 0.0.0 or latest"
  }
 }
 resource "coder_script" "vault" {
  agent_id     = var.agent_id
  display_name = "Vault (GitHub)"
  icon         = "/icon/vault.svg"
  script = templatefile("${path.module}/run.sh", {
    CODER_OIDC_ACCESS_TOKEN : data.coder_workspace_owner.me.oidc_access_token,
    VAULT_JWT_AUTH_PATH : var.vault_jwt_auth_path,
    VAULT_JWT_ROLE : var.vault_jwt_role,
    VAULT_CLI_VERSION : var.vault_cli_version,
  })
  run_on_start       = true
  start_blocks_login = true
 }
 resource "coder_env" "vault_addr" {
  agent_id = var.agent_id
  name     = "VAULT_ADDR"
  value    = var.vault_addr
 }
 data "coder_workspace_owner" "me" {}
--- a/vault-jwt/run.sh
+++ b/vault-jwt/run.sh
@@ -0,0 +1,112 @@
 #!/usr/bin/env bash
 # Convert all templated variables to shell variables
 VAULT_CLI_VERSION=${VAULT_CLI_VERSION}
 VAULT_JWT_AUTH_PATH=${VAULT_JWT_AUTH_PATH}
 VAULT_JWT_ROLE=${VAULT_JWT_ROLE}
 CODER_OIDC_ACCESS_TOKEN=${CODER_OIDC_ACCESS_TOKEN}
 fetch() {
  dest="$1"
  url="$2"
  if command -v curl > /dev/null 2>&1; then
    curl -sSL --fail "$${url}" -o "$${dest}"
  elif command -v wget > /dev/null 2>&1; then
    wget -O "$${dest}" "$${url}"
  elif command -v busybox > /dev/null 2>&1; then
    busybox wget -O "$${dest}" "$${url}"
  else
    printf "curl, wget, or busybox is not installed. Please install curl or wget in your image.\n"
    exit 1
  fi
 }
 unzip_safe() {
  if command -v unzip > /dev/null 2>&1; then
    command unzip "$@"
  elif command -v busybox > /dev/null 2>&1; then
    busybox unzip "$@"
  else
    printf "unzip or busybox is not installed. Please install unzip in your image.\n"
    exit 1
  fi
 }
 install() {
  # Get the architecture of the system
  ARCH=$(uname -m)
  if [ "$${ARCH}" = "x86_64" ]; then
    ARCH="amd64"
  elif [ "$${ARCH}" = "aarch64" ]; then
    ARCH="arm64"
  else
    printf "Unsupported architecture: $${ARCH}\n"
    return 1
  fi
  # Fetch the latest version of Vault if VAULT_CLI_VERSION is 'latest'
  if [ "$${VAULT_CLI_VERSION}" = "latest" ]; then
    LATEST_VERSION=$(curl -s https://releases.hashicorp.com/vault/ | grep -v 'rc' | grep -oE 'vault/[0-9]+\.[0-9]+\.[0-9]+' | sed 's/vault\///' | sort -V | tail -n 1)
    printf "Latest version of Vault is %s.\n\n" "$${LATEST_VERSION}"
    if [ -z "$${LATEST_VERSION}" ]; then
      printf "Failed to determine the latest Vault version.\n"
      return 1
    fi
    VAULT_CLI_VERSION=$${LATEST_VERSION}
  fi
  # Check if the vault CLI is installed and has the correct version
  installation_needed=1
  if command -v vault > /dev/null 2>&1; then
    CURRENT_VERSION=$(vault version | grep -oE '[0-9]+\.[0-9]+\.[0-9]+')
    if [ "$${CURRENT_VERSION}" = "$${VAULT_CLI_VERSION}" ]; then
      printf "Vault version %s is already installed and up-to-date.\n\n" "$${CURRENT_VERSION}"
      installation_needed=0
    fi
  fi
  if [ $${installation_needed} -eq 1 ]; then
    # Download and install Vault
    if [ -z "$${CURRENT_VERSION}" ]; then
      printf "Installing Vault CLI ...\n\n"
    else
      printf "Upgrading Vault CLI from version %s to %s ...\n\n" "$${CURRENT_VERSION}" "${VAULT_CLI_VERSION}"
    fi
    fetch vault.zip "https://releases.hashicorp.com/vault/$${VAULT_CLI_VERSION}/vault_$${VAULT_CLI_VERSION}_linux_$${ARCH}.zip"
    if [ $? -ne 0 ]; then
      printf "Failed to download Vault.\n"
      return 1
    fi
    if ! unzip_safe vault.zip; then
      printf "Failed to unzip Vault.\n"
      return 1
    fi
    rm vault.zip
    if sudo mv vault /usr/local/bin/vault 2> /dev/null; then
      printf "Vault installed successfully!\n\n"
    else
      mkdir -p ~/.local/bin
      if ! mv vault ~/.local/bin/vault; then
        printf "Failed to move Vault to local bin.\n"
        return 1
      fi
      printf "Please add ~/.local/bin to your PATH to use vault CLI.\n"
    fi
  fi
  return 0
 }
 TMP=$(mktemp -d)
 if ! (
  cd "$TMP"
  install
 ); then
  echo "Failed to install Vault CLI."
  exit 1
 fi
 rm -rf "$TMP"
 # Authenticate with Vault
 printf "🔑 Authenticating with Vault ...\n\n"
 echo "$${CODER_OIDC_ACCESS_TOKEN}" | vault write auth/"$${VAULT_JWT_AUTH_PATH}"/login role="$${VAULT_JWT_ROLE}" jwt=-
 printf "🥳 Vault authentication complete!\n\n"
 printf "You can now use Vault CLI to access secrets.\n"
--- a/vscode-desktop/main.test.ts
+++ b/vscode-desktop/main.test.ts
@@ -22,7 +22,7 @@ describe("vscode-desktop", async () => {
    );
    const coder_app = state.resources.find(
-      (res) => res.type == "coder_app" && res.name == "vscode",
+      (res) => res.type === "coder_app" && res.name === "vscode",
    );
    expect(coder_app).not.toBeNull();
@@ -79,7 +79,7 @@ describe("vscode-desktop", async () => {
    });
    const coder_app = state.resources.find(
-      (res) => res.type == "coder_app" && res.name == "vscode",
+      (res) => res.type === "coder_app" && res.name === "vscode",
    );
    expect(coder_app).not.toBeNull();
--- a/vscode-web/README.md
+++ b/vscode-web/README.md
@@ -14,7 +14,7 @@ Automatically install [Visual Studio Code Server](https://code.visualstudio.com/
 ```tf
 module "vscode-web" {
  source         = "registry.coder.com/modules/vscode-web/coder"
-  version        = "1.0.14"
+  version        = "1.0.22"
  agent_id       = coder_agent.example.id
  accept_license = true
 }
@@ -29,7 +29,7 @@ module "vscode-web" {
 ```tf
 module "vscode-web" {
  source         = "registry.coder.com/modules/vscode-web/coder"
-  version        = "1.0.14"
+  version        = "1.0.22"
  agent_id       = coder_agent.example.id
  install_prefix = "/home/coder/.vscode-web"
  folder         = "/home/coder"
@@ -42,7 +42,7 @@ module "vscode-web" {
 ```tf
 module "vscode-web" {
  source         = "registry.coder.com/modules/vscode-web/coder"
-  version        = "1.0.14"
+  version        = "1.0.22"
  agent_id       = coder_agent.example.id
  extensions     = ["github.copilot", "ms-python.python", "ms-toolsai.jupyter"]
  accept_license = true
@@ -56,7 +56,7 @@ Configure VS Code's [settings.json](https://code.visualstudio.com/docs/getstarte
 ```tf
 module "vscode-web" {
  source     = "registry.coder.com/modules/vscode-web/coder"
-  version    = "1.0.14"
+  version    = "1.0.22"
  agent_id   = coder_agent.example.id
  extensions = ["dracula-theme.theme-dracula"]
  settings = {
--- a/vscode-web/main.tf
+++ b/vscode-web/main.tf
@@ -121,6 +121,18 @@ variable "auto_install_extensions" {
  default     = false
 }
 variable "subdomain" {
  type        = bool
  description = <<-EOT
    Determines whether the app will be accessed via it's own subdomain or whether it will be accessed via a path on Coder.
    If wildcards have not been setup by the administrator then apps with "subdomain" set to true will not be accessible.
  EOT
  default     = true
 }
 data "coder_workspace_owner" "me" {}
 data "coder_workspace" "me" {}
 resource "coder_script" "vscode-web" {
  agent_id     = var.agent_id
  display_name = "VS Code Web"
@@ -138,6 +150,7 @@ resource "coder_script" "vscode-web" {
    EXTENSIONS_DIR : var.extensions_dir,
    FOLDER : var.folder,
    AUTO_INSTALL_EXTENSIONS : var.auto_install_extensions,
    SERVER_BASE_PATH : local.server_base_path,
  })
  run_on_start = true
@@ -158,15 +171,21 @@ resource "coder_app" "vscode-web" {
  agent_id     = var.agent_id
  slug         = var.slug
  display_name = var.display_name
-  url          = var.folder == "" ? "http://localhost:${var.port}" : "http://localhost:${var.port}?folder=${var.folder}"
+  url          = local.url
  icon         = "/icon/code.svg"
-  subdomain    = true
+  subdomain    = var.subdomain
  share        = var.share
  order        = var.order
  healthcheck {
-    url       = "http://localhost:${var.port}/healthz"
+    url       = local.healthcheck_url
    interval  = 5
    threshold = 6
  }
 }
 locals {
  server_base_path = var.subdomain ? "" : format("/@%s/%s/apps/%s/", data.coder_workspace_owner.me.name, data.coder_workspace.me.name, var.slug)
  url              = var.folder == "" ? "http://localhost:${var.port}${local.server_base_path}" : "http://localhost:${var.port}${local.server_base_path}?folder=${var.folder}"
  healthcheck_url  = var.subdomain ? "http://localhost:${var.port}/healthz" : "http://localhost:${var.port}${local.server_base_path}/healthz"
 }
--- a/vscode-web/run.sh
+++ b/vscode-web/run.sh
@@ -10,10 +10,16 @@ if [ -n "${EXTENSIONS_DIR}" ]; then
  EXTENSION_ARG="--extensions-dir=${EXTENSIONS_DIR}"
 fi
 # Set extension directory
 SERVER_BASE_PATH_ARG=""
 if [ -n "${SERVER_BASE_PATH}" ]; then
  SERVER_BASE_PATH_ARG="--server-base-path=${SERVER_BASE_PATH}"
 fi
 run_vscode_web() {
-  echo "👷 Running $VSCODE_WEB serve-local $EXTENSION_ARG --port ${PORT} --host 127.0.0.1 --accept-server-license-terms --without-connection-token --telemetry-level ${TELEMETRY_LEVEL} in the background..."
+  echo "👷 Running $VSCODE_WEB serve-local $EXTENSION_ARG $SERVER_BASE_PATH_ARG --port ${PORT} --host 127.0.0.1 --accept-server-license-terms --without-connection-token --telemetry-level ${TELEMETRY_LEVEL} in the background..."
  echo "Check logs at ${LOG_PATH}!"
-  "$VSCODE_WEB" serve-local "$EXTENSION_ARG" --port "${PORT}" --host 127.0.0.1 --accept-server-license-terms --without-connection-token --telemetry-level "${TELEMETRY_LEVEL}" > "${LOG_PATH}" 2>&1 &
+  "$VSCODE_WEB" serve-local "$EXTENSION_ARG" "$SERVER_BASE_PATH_ARG" --port "${PORT}" --host 127.0.0.1 --accept-server-license-terms --without-connection-token --telemetry-level "${TELEMETRY_LEVEL}" > "${LOG_PATH}" 2>&1 &
 }
 # Check if the settings file exists...
@@ -72,27 +78,25 @@ for extension in "$${EXTENSIONLIST[@]}"; do
  output=$($VSCODE_WEB "$EXTENSION_ARG" --install-extension "$extension" --force)
  if [ $? -ne 0 ]; then
    echo "Failed to install extension: $extension: $output"
    exit 1
  fi
 done
 if [ "${AUTO_INSTALL_EXTENSIONS}" = true ]; then
  if ! command -v jq > /dev/null; then
    echo "jq is required to install extensions from a workspace file."
-    exit 0
+  else
-  fi
+    WORKSPACE_DIR="$HOME"
    if [ -n "${FOLDER}" ]; then
      WORKSPACE_DIR="${FOLDER}"
    fi
-  WORKSPACE_DIR="$HOME"
+    if [ -f "$WORKSPACE_DIR/.vscode/extensions.json" ]; then
-  if [ -n "${FOLDER}" ]; then
+      printf "🧩 Installing extensions from %s/.vscode/extensions.json...\n" "$WORKSPACE_DIR"
-    WORKSPACE_DIR="${FOLDER}"
+      extensions=$(jq -r '.recommendations[]' "$WORKSPACE_DIR"/.vscode/extensions.json)
-  fi
+      for extension in $extensions; do
-
+        $VSCODE_WEB "$EXTENSION_ARG" --install-extension "$extension" --force
-  if [ -f "$WORKSPACE_DIR/.vscode/extensions.json" ]; then
+      done
-    printf "🧩 Installing extensions from %s/.vscode/extensions.json...\n" "$WORKSPACE_DIR"
+    fi
    extensions=$(jq -r '.recommendations[]' "$WORKSPACE_DIR"/.vscode/extensions.json)
    for extension in $extensions; do
      $VSCODE_WEB "$EXTENSION_ARG" --install-extension "$extension" --force
    done
  fi
 fi
--- a/windows-rdp/README.md
+++ b/windows-rdp/README.md
@@ -15,7 +15,7 @@ Enable Remote Desktop + a web based client on Windows workspaces, powered by [de
 # AWS example. See below for examples of using this module with other providers
 module "windows_rdp" {
  source      = "registry.coder.com/modules/windows-rdp/coder"
-  version     = "1.0.16"
+  version     = "1.0.18"
  count       = data.coder_workspace.me.start_count
  agent_id    = resource.coder_agent.main.id
  resource_id = resource.aws_instance.dev.id
@@ -33,7 +33,7 @@ module "windows_rdp" {
 ```tf
 module "windows_rdp" {
  source      = "registry.coder.com/modules/windows-rdp/coder"
-  version     = "1.0.16"
+  version     = "1.0.18"
  count       = data.coder_workspace.me.start_count
  agent_id    = resource.coder_agent.main.id
  resource_id = resource.aws_instance.dev.id
@@ -45,7 +45,7 @@ module "windows_rdp" {
 ```tf
 module "windows_rdp" {
  source      = "registry.coder.com/modules/windows-rdp/coder"
-  version     = "1.0.16"
+  version     = "1.0.18"
  count       = data.coder_workspace.me.start_count
  agent_id    = resource.coder_agent.main.id
  resource_id = resource.google_compute_instance.dev[0].id
--- a/windows-rdp/main.test.ts
+++ b/windows-rdp/main.test.ts
@@ -1,6 +1,6 @@
 import { describe, expect, it } from "bun:test";
 import {
-  TerraformState,
+  type TerraformState,
  runTerraformApply,
  runTerraformInit,
  testRequiredVariables,
Author	SHA1	Message	Date
Cian Johnston	bc73955f50	turn back the schedule	2024-11-23 00:26:46 +00:00
Michael Smith	6597a2d547	chore: add updates to force redeployment on Vercel (#348 ) ## Changes made - Updated `check.sh` script to add support for automatic re-deploying in the event that the the registry has a partial/full outage. --------- Co-authored-by: Cian Johnston <cian@coder.com>	2024-11-22 23:45:57 +00:00
Muhammad Atif Ali	5101c27c83	chore: integrate Instatus in check script (#342 )	2024-11-19 14:22:03 +05:00
Muhammad Atif Ali	90bfbfdc40	chore: add health check badge (#341 )	2024-11-18 16:11:12 +05:00
Cian Johnston	57d96ca27f	ci: add script to check modules on registry.coder.com (#340 ) Added a script + corresponding GitHub action to check active modules on registry.coder.com	2024-11-15 12:27:03 +00:00
Tao Chen	f5ab7995d1	feat(filebrowser): check if already installed (#334 ) Co-authored-by: Muhammad Atif Ali <atif@coder.com>	2024-10-30 18:10:26 +05:00
djarbz	528a8a9fea	fix(kasmvnc): optimize KasmVNC deployment script (#329 ) Co-authored-by: Mathias Fredriksson <mafredri@gmail.com>	2024-10-30 10:25:41 +00:00
Kerwin Bryant	87854707bc	feat(jetbrains-gateway): add releases_base_link/download_base_link variables (#333 )	2024-10-30 14:51:03 +05:00
Roger Chao	b53554b4e4	fix(jupyterlab): update command -v from jupyterlab to jupyter-lab (#328 ) Update `command -v` from `jupyterlab` to `jupyter-lab` to check to if jupyterlab binary is installed.	2024-10-23 13:51:25 -07:00
Steven Masley	ce5a5b383a	feat(vscode-web): support hosting on a subpath with `subdomain=false` (#288 ) Co-authored-by: Muhammad Atif Ali <atif@coder.com> Co-authored-by: Muhammad Atif Ali <me@matifali.dev>	2024-10-21 13:46:19 +05:00
framctr	1b147ae90d	feat(jupyterlab): add support for `subdomain=false` (#316 ) Co-authored-by: Muhammad Atif Ali <atif@coder.com> Co-authored-by: Asher <ash@coder.com>	2024-10-21 12:06:10 +05:00
djarbz	7992d9d265	fix(kasmVNC): fix debian installation and improve logging (#326 )	2024-10-21 08:04:59 +05:00
Yves ANDOLFATTO	20d97a25dd	fix(filebrowser): support custom base_url in case of custom db path (#320 ) Co-authored-by: Muhammad Atif Ali <atif@coder.com> Co-authored-by: Muhammad Atif Ali <me@matifali.dev>	2024-10-18 17:21:36 +05:00
Muhammad Atif Ali	8e0dfcd534	feat(jetbrains-gateway): add slug variable (#322 )	2024-10-17 14:25:03 +00:00
Muhammad Atif Ali	9752bf89a6	chore(kasmvnc): refactor download logic to support multiple tools (#323 )	2024-10-17 19:17:38 +05:00
Muhammad Atif Ali	48c81c9ff4	kasm VNC (#250 ) Co-authored-by: Michael Smith <throwawayclover@gmail.com>	2024-10-17 02:03:00 +00:00
Muhammad Atif Ali	acd5edffe7	fix(vault-jwt): fix vault CLI installation (#311 )	2024-10-16 02:04:28 +05:00
Muhammad Atif Ali	4dcab99cb0	fix(vscode-web): remove exit if extension installation fails (#318 )	2024-10-15 22:53:36 +05:00
Muhammad Atif Ali	50a946df0f	chore: explicitly setup terraform (#319 )	2024-10-15 18:48:15 +05:00
Asher	8a0ac3435c	Add owner to Gateway link (#310 ) Without this, it is not possible to reliably connect to another user's workspace (for admins, mainly) when duplicate workspace names are involved.	2024-10-07 21:16:01 -08:00
Michael Smith	438c904567	chore: cleanup all test files (#293 ) ## Changes made - Removed all unused imports, and made sure type imports were labeled correctly - Updated all comparisons to be more strict - Simplified loops to remove unneeded closure functions - Removed all explicit `any` types - Updated how strings were defined to follow general TypeScript best practices ## Notes - We definitely want some kind of linting setup for this repo. I'm going to bring this up when Blueberry has its next team meeting next week	2024-09-27 15:35:47 -04:00
Muhammad Atif Ali	bd6747f9bc	chore: move update-version to ci (#301 )	2024-09-27 18:24:06 +00:00
Muhammad Atif Ali	fb81c8969f	feat(vault-jwt): Add Vault JWT/OIDC module (#297 ) Co-authored-by: Mathias Fredriksson <mafredri@gmail.com>	2024-09-27 18:20:57 +00:00
Muhammad Atif Ali	162808760d	fix(filebrowser): only require agent_name when not on subdomain (#299 )	2024-09-27 11:07:49 -04:00
Brent Souza	ad1189afff	feat(jfrog): support multiple repositories (#289 ) Co-authored-by: bsouza <BSouza@Acadian-Asset.com> Co-authored-by: Muhammad Atif Ali <atif@coder.com>	2024-09-27 12:02:57 +05:00
dependabot[bot]	94e126f248	chore(deps): bump oven-sh/setup-bun from 1 to 2 (#305 ) Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2024-09-25 00:16:11 +05:00
Muhammad Atif Ali	04535a9cd7	chore: add dependabot.yml (#302 )	2024-09-25 00:12:30 +05:00
Muhammad Atif Ali	7a9f553564	chore(cursor): update display_name to Cursor Desktop (#300 )	2024-09-24 23:24:02 +05:00
Muhammad Atif Ali	e11b19d33e	feat(jupyter): switch from pip3 to pipx for Jupyter install (#294 )	2024-09-23 13:33:08 +05:00
github-actions[bot]	93c4fb3a8d	chore: bump version to 1.0.18 in README.md files (#292 ) This is an auto-generated PR to update README.md files of all modules with the new tag 1.0.18 Co-authored-by: matifali <matifali@users.noreply.github.com>	2024-09-20 21:22:43 +05:00