….com (#18901)

Cherry pick
(e4d3453)

Starting with version 2.24.X , Coder CLI binaries & corresponding
detached signatures will get published to the GCS bucket
releases.coder.com.

Co-authored-by: ケイラ <mckayla@hey.com>
Co-authored-by: 35C4n0r <70096901+35C4n0r@users.noreply.github.com>

This backports the coder/coder fixes for
coder/coder-desktop-windows#147 and
coder/coder-desktop-macos#201 to v2.24, and
fixes a bug where Coder Desktop logs were duplicated on Windows.

1. #19124
(`c64b3c0d8327edbfad4cc7bc373bdb873cd7e26b`)
    - Required for CI to pass.
2. #19125
(`9f2dc72d9a3d9feecf28bc30cd1234394a0e5c37`)
    - Required for CI to pass.
3. #19143
(`914daac2dcf700817d4ae248a6e8014f64654fe7`)
    - Required for CI to pass.
4. #19023
(`618121cba39833db7c1ca4653d7ce7745d5aff57`)
- First implementation of fix for
coder/coder-desktop-windows#147
5. #19069
(`ba0b124a1daaddde590f5839afebe803330981be`)
- Partially reverts previous commit, actual fix for
coder/coder-desktop-windows#147
6. #19052
(`19171e27c9624c435f97d4ae5e3b61c649bc7063`)
    - Avoid duplicating logs on Coder Desktop Windows
7. #19080
(`18b037d0086cd6eca11e6180b36a302badaa5a5f`)
- Updates coder/tailscale reference, lets Coder Desktop macOS use the
slim binary to run Coder Connect.
    
I've tested my latest build of Coder Desktop against a Coder server
running this branch, just as a sanity check.

---------

Co-authored-by: Cian Johnston <cian@coder.com>
Co-authored-by: Dean Sheather <dean@deansheather.com>

Pin Nix version to 2.28.4 in dogfood workflow

Pins the Nix version in the dogfood workflow to 2.28.4 to avoid a JSON
type error that occurs with Nix 2.29 and above.

Change-Id: Ie024d5070dbe5901952fc52463c6602363ef8886
Signed-off-by: Thomas Kosiewski [tk@coder.com](mailto:tk@coder.com)

Signed-off-by: Thomas Kosiewski <tk@coder.com>

THIS IS A SECURITY FIX - cherry-picks #19214 

upgrade to go 1.24.6 to avoid golang/go#74831
(CVE-2025-47907)

Also points to a new version of our lib/pq fork that worked around the
Go issue, which should restore better performance.

… (#19193)

A customer who recently upgraded their deployment to 2.24 is seeing
their audit log queries take longer than a minute to load (resulting in
a gateway timeout). As such, Support's requested we backport this fix to
2.24 (in the next patch), as it does not require a database migration.

### Original PR Description (#18600):

Closes #17689

This PR optimizes the audit logs query performance by extracting the
count operation into a separate query and replacing the OR-based
workspace_builds with conditional joins.

## Query changes
* Extracted count query to separate one
* Replaced single `workspace_builds` join with OR conditions with
separate conditional joins
* Added conditional joins
* `wb_build` for workspace_build audit logs (which is a direct lookup)
    * `wb_workspace` for workspace create audit logs (via workspace)

Optimized AuditLogsOffset query:
https://explain.dalibo.com/plan/4g1hbedg4a564bg8

New CountAuditLogs query:
https://explain.dalibo.com/plan/ga2fbcecb9efbce3

Co-authored-by: Kacper Sawicki <kacper@coder.com>

…19211) (#19227)

Backport of #19211 to our ESR, v2.24, since this is a kind of bad
(albeit rare) bug and very easy to fix.

### Original PR

Closes #19209.

In `templates.go`, we do this to make sure we count ALL workspaces for a
template before we try and delete that template:
https://github.com/coder/coder/blob/dc598856e3be0926573dbbe2ec680e95a139093a/coderd/templates.go#L81-L99

However, we weren't doing the same when attempting to delete users,
leading to the linked issue. We can solve the issue the same way as we
do for templates.