docs: elaborate instructions for setting up hcp vault module (#163)

Co-authored-by: Mathias Fredriksson <mafredri@gmail.com>

.github/workflows/update-readme.yaml

@@ -9,7 +9,7 @@ on:
 jobs:
   update-readme:
     permissions:
-      contents: read
+      contents: write
       pull-requests: write
     runs-on: ubuntu-latest
     steps:
@@ -33,6 +33,7 @@ jobs:
           title: 'chore: bump version to ${{ env.TAG }} in README.md files'
           body: 'This is an auto-generated PR to update README.md files of all modules with the new tag ${{ env.TAG }}'
           branch: 'update-readme-branch'
+          base: 'main'
         env:
           TAG: ${{ steps.get-latest-tag.outputs.TAG }}
 

code-server/main.tf

@@ -32,6 +32,12 @@ variable "display_name" {
   default     = "code-server"
 }
 
+variable "slug" {
+  type        = string
+  description = "The slug for the code-server application."
+  default     = "code-server"
+}
+
 variable "settings" {
   type        = map(string)
   description = "A map of settings to apply to code-server."
@@ -89,7 +95,7 @@ resource "coder_script" "code-server" {
 
 resource "coder_app" "code-server" {
   agent_id     = var.agent_id
-  slug         = "code-server"
+  slug         = var.slug
   display_name = var.display_name
   url          = "http://localhost:${var.port}/${var.folder != "" ? "?folder=${urlencode(var.folder)}" : ""}"
   icon         = "/icon/code.svg"

filebrowser/README.md

@@ -14,7 +14,7 @@ A file browser for your workspace.
 ```tf
 module "filebrowser" {
   source   = "registry.coder.com/modules/filebrowser/coder"
-  version  = "1.0.2"
+  version  = "1.0.3"
   agent_id = coder_agent.example.id
 }
 ```
@@ -28,7 +28,7 @@ module "filebrowser" {
 ```tf
 module "filebrowser" {
   source   = "registry.coder.com/modules/filebrowser/coder"
-  version  = "1.0.2"
+  version  = "1.0.3"
   agent_id = coder_agent.example.id
   folder   = "/home/coder/project"
 }
@@ -39,7 +39,7 @@ module "filebrowser" {
 ```tf
 module "filebrowser" {
   source        = "registry.coder.com/modules/filebrowser/coder"
-  version       = "1.0.2"
+  version       = "1.0.3"
   agent_id      = coder_agent.example.id
   database_path = ".config/filebrowser.db"
 }

git-commit-signing/README.md

@@ -19,7 +19,7 @@ This module has a chance of conflicting with the user's dotfiles / the personali
 ```tf
 module "git-commit-signing" {
   source   = "registry.coder.com/modules/git-commit-signing/coder"
-  version  = "1.0.2"
+  version  = "1.0.3"
   agent_id = coder_agent.example.id
 }
 ```

hcp-vault-secrets/README.md

@@ -23,7 +23,14 @@ module "vault" {
 
 ## Configuration
 
-To configure the HCP Vault Secrets module, you must create an HCP Service Principal from the HCP Vault Secrets app in the HCP console. This will give you the `HCP_CLIENT_ID` and `HCP_CLIENT_SECRET` that you need to authenticate with HCP Vault Secrets. See the [HCP Vault Secrets documentation](https://developer.hashicorp.com/hcp/docs/vault-secrets) for more information.
+To configure the HCP Vault Secrets module, follow these steps,
+
+1. [Create secrets in HCP Vault Secrets](https://developer.hashicorp.com/vault/tutorials/hcp-vault-secrets-get-started/hcp-vault-secrets-create-secret)
+2. Create an HCP Service Principal from the HCP Vault Secrets app in the HCP console. This will give you the `HCP_CLIENT_ID` and `HCP_CLIENT_SECRET` that you need to authenticate with HCP Vault Secrets.
+   ![HCP vault secrets credentials](../.images/hcp-vault-secrets-credentials.png)
+3. Set `HCP_CLIENT_ID` and `HCP_CLIENT_SECRET` variables on the coder provisioner (recommended) or supply them as input to the module.
+
+> See the [HCP Vault Secrets documentation](https://developer.hashicorp.com/hcp/docs/vault-secrets) for more information.
 
 ## Fetch All Secrets
 

jetbrains-gateway/README.md

@@ -14,7 +14,7 @@ This module adds a JetBrains Gateway Button to open any workspace with a single
 ```tf
 module "jetbrains_gateway" {
   source         = "registry.coder.com/modules/jetbrains-gateway/coder"
-  version        = "1.0.2"
+  version        = "1.0.3"
   agent_id       = coder_agent.example.id
   agent_name     = "example"
   folder         = "/home/coder/example"
@@ -32,7 +32,7 @@ module "jetbrains_gateway" {
 ```tf
 module "jetbrains_gateway" {
   source         = "registry.coder.com/modules/jetbrains-gateway/coder"
-  version        = "1.0.2"
+  version        = "1.0.3"
   agent_id       = coder_agent.example.id
   agent_name     = "example"
   folder         = "/home/coder/example"

jfrog-oauth/main.tf

@@ -19,6 +19,12 @@ variable "jfrog_url" {
   }
 }
 
+variable "jfrog_server_id" {
+  type        = string
+  description = "The server ID of the JFrog instance for JFrog CLI configuration"
+  default     = "0"
+}
+
 variable "username_field" {
   type        = string
   description = "The field to use for the artifactory username. i.e. Coder username or email."
@@ -79,6 +85,7 @@ resource "coder_script" "jfrog" {
   script = templatefile("${path.module}/run.sh", {
     JFROG_URL : var.jfrog_url,
     JFROG_HOST : local.jfrog_host,
+    JFROG_SERVER_ID : var.jfrog_server_id,
     ARTIFACTORY_USERNAME : local.username,
     ARTIFACTORY_EMAIL : data.coder_workspace.me.owner_email,
     ARTIFACTORY_ACCESS_TOKEN : data.coder_external_auth.jfrog.access_token,

jfrog-oauth/run.sh

@@ -15,9 +15,9 @@ fi
 # flows.
 export CI=true
 # Authenticate JFrog CLI with Artifactory.
-echo "${ARTIFACTORY_ACCESS_TOKEN}" | jf c add --access-token-stdin --url "${JFROG_URL}" --overwrite 0
+echo "${ARTIFACTORY_ACCESS_TOKEN}" | jf c add --access-token-stdin --url "${JFROG_URL}" --overwrite "${JFROG_SERVER_ID}"
 # Set the configured server as the default.
-jf c use 0
+jf c use "${JFROG_SERVER_ID}"
 
 # Configure npm to use the Artifactory "npm" repository.
 if [ -z "${REPOSITORY_NPM}" ]; then

jfrog-token/main.tf

@@ -23,6 +23,12 @@ variable "jfrog_url" {
   }
 }
 
+variable "jfrog_server_id" {
+  type        = string
+  description = "The server ID of the JFrog instance for JFrog CLI configuration"
+  default     = "0"
+}
+
 variable "artifactory_access_token" {
   type        = string
   description = "The admin-level access token to use for JFrog."
@@ -112,6 +118,7 @@ resource "coder_script" "jfrog" {
   script = templatefile("${path.module}/run.sh", {
     JFROG_URL : var.jfrog_url,
     JFROG_HOST : local.jfrog_host,
+    JFROG_SERVER_ID : var.jfrog_server_id,
     ARTIFACTORY_USERNAME : local.username,
     ARTIFACTORY_EMAIL : data.coder_workspace.me.owner_email,
     ARTIFACTORY_ACCESS_TOKEN : artifactory_scoped_token.me.access_token,

jfrog-token/run.sh

@@ -15,9 +15,9 @@ fi
 # flows.
 export CI=true
 # Authenticate JFrog CLI with Artifactory.
-echo "${ARTIFACTORY_ACCESS_TOKEN}" | jf c add --access-token-stdin --url "${JFROG_URL}" --overwrite 0
+echo "${ARTIFACTORY_ACCESS_TOKEN}" | jf c add --access-token-stdin --url "${JFROG_URL}" --overwrite "${JFROG_SERVER_ID}"
 # Set the configured server as the default.
-jf c use 0
+jf c use "${JFROG_SERVER_ID}"
 
 # Configure npm to use the Artifactory "npm" repository.
 if [ -z "${REPOSITORY_NPM}" ]; then

update-version.sh

@@ -8,14 +8,7 @@ set -euo pipefail
 
 current_tag=$(git describe --tags --abbrev=0)
 previous_tag=$(git describe --tags --abbrev=0 $current_tag^)
-mapfile -t changed_files < <(git diff --name-only "$previous_tag" "$current_tag" | xargs dirname | sort -u | grep -v '^\.')
-
-changed_dirs=()
-for file in $changed_files; do
-  dir=$(dirname "$file")
-  changed_dirs+=("$dir")
-done
-changed_dirs=($(printf "%s\n" "${changed_dirs[@]}" | sort -u))
+mapfile -t changed_dirs < <(git diff --name-only "$previous_tag"..."$current_tag" -- ':!**/README.md' ':!**/*.test.ts' | xargs dirname | grep -v '^\.' | sort -u)
 
 LATEST_TAG=$(git describe --abbrev=0 --tags | sed 's/^v//') || exit $?
 
@@ -33,4 +26,4 @@ for dir in "${changed_dirs[@]}"; do
       }
     }' "$file" > "$tmpfile" && mv "$tmpfile" "$file"
   fi
-done
+done

vault-github/README.md

@@ -15,7 +15,7 @@ This module lets you authenticate with [Hashicorp Vault](https://www.vaultprojec
 ```tf
 module "vault" {
   source     = "registry.coder.com/modules/vault-github/coder"
-  version    = "1.0.3"
+  version    = "1.0.4"
   agent_id   = coder_agent.example.id
   vault_addr = "https://vault.example.com"
 }
@@ -46,7 +46,7 @@ To configure the Vault module, you must set up a Vault GitHub auth method. See t
 ```tf
 module "vault" {
   source               = "registry.coder.com/modules/vault-github/coder"
-  version              = "1.0.3"
+  version              = "1.0.4"
   agent_id             = coder_agent.example.id
   vault_addr           = "https://vault.example.com"
   coder_github_auth_id = "my-github-auth-id"
@@ -58,7 +58,7 @@ module "vault" {
 ```tf
 module "vault" {
   source                 = "registry.coder.com/modules/vault-github/coder"
-  version                = "1.0.3"
+  version                = "1.0.4"
   agent_id               = coder_agent.example.id
   vault_addr             = "https://vault.example.com"
   coder_github_auth_id   = "my-github-auth-id"
@@ -71,7 +71,7 @@ module "vault" {
 ```tf
 module "vault" {
   source            = "registry.coder.com/modules/vault-github/coder"
-  version           = "1.0.3"
+  version           = "1.0.4"
   agent_id          = coder_agent.example.id
   vault_addr        = "https://vault.example.com"
   vault_cli_version = "1.15.0"

vault-github/run.sh

@@ -34,7 +34,7 @@ unzip_safe() {
 install() {
   # Fetch the latest version of Vault if INSTALL_VERSION is 'latest'
   if [ "$${INSTALL_VERSION}" = "latest" ]; then
-    LATEST_VERSION=$(curl -s https://releases.hashicorp.com/vault/ | grep -oP 'vault/\K[0-9]+\.[0-9]+\.[0-9]+' | sort -V | tail -n 1)
+    LATEST_VERSION=$(curl -s https://releases.hashicorp.com/vault/ | grep -v '-rc' | grep -oP 'vault/\K[0-9]+\.[0-9]+\.[0-9]+' | sort -V | tail -n 1)
     printf "Latest version of Vault is %s.\n\n" "$${LATEST_VERSION}"
     if [ -z "$${LATEST_VERSION}" ]; then
       printf "Failed to determine the latest Vault version.\n"

vault-token/README.md

@@ -21,7 +21,7 @@ variable "vault_token" {
 
 module "vault" {
   source      = "registry.coder.com/modules/vault-token/coder"
-  version     = "1.0.3"
+  version     = "1.0.4"
   agent_id    = coder_agent.example.id
   vault_token = var.token
   vault_addr  = "https://vault.example.com"
@@ -74,7 +74,7 @@ variable "vault_token" {
 
 module "vault" {
   source            = "registry.coder.com/modules/vault-token/coder"
-  version           = "1.0.3"
+  version           = "1.0.4"
   agent_id          = coder_agent.example.id
   vault_addr        = "https://vault.example.com"
   vault_token       = var.token

vault-token/run.sh

@@ -32,7 +32,7 @@ unzip_safe() {
 install() {
   # Fetch the latest version of Vault if INSTALL_VERSION is 'latest'
   if [ "$${INSTALL_VERSION}" = "latest" ]; then
-    LATEST_VERSION=$(curl -s https://releases.hashicorp.com/vault/ | grep -oP 'vault/\K[0-9]+\.[0-9]+\.[0-9]+' | sort -V | tail -n 1)
+    LATEST_VERSION=$(curl -s https://releases.hashicorp.com/vault/ | grep -v '-rc' | grep -oP 'vault/\K[0-9]+\.[0-9]+\.[0-9]+' | sort -V | tail -n 1)
     printf "Latest version of Vault is %s.\n\n" "$${LATEST_VERSION}"
     if [ -z "$${LATEST_VERSION}" ]; then
       printf "Failed to determine the latest Vault version.\n"

vscode-web/README.md

@@ -14,7 +14,7 @@ Automatically install [Visual Studio Code Server](https://code.visualstudio.com/
 ```tf
 module "vscode-web" {
   source         = "registry.coder.com/modules/vscode-web/coder"
-  version        = "1.0.2"
+  version        = "1.0.3"
   agent_id       = coder_agent.example.id
   accept_license = true
 }
@@ -29,7 +29,7 @@ module "vscode-web" {
 ```tf
 module "vscode-web" {
   source         = "registry.coder.com/modules/vscode-web/coder"
-  version        = "1.0.2"
+  version        = "1.0.3"
   agent_id       = coder_agent.example.id
   install_dir    = "/home/coder/.vscode-web"
   folder         = "/home/coder"