* s/Server CI (PR|Master)/Server CI/
* whitespace changes
* fixup! s/Server CI (PR|Master)/Server CI/
* Check workflow event type instead of name for PR reporting
Address code review feedback by checking github.event.workflow_run.event
instead of github.event.workflow_run.name since Server CI now runs for
both PRs and master branches.
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* Update mmctl-test-template.yml to conditionally execute docker login for mattermost repository owner
* Update build-server-image.yml and server-test-template.yml to conditionally execute docker login for mattermost repository owner
* Update workflow files to conditionally execute docker login for pull requests from mattermost/mattermost
* Enhance CI workflows to conditionally execute jobs for pull requests from mattermost/mattermost
* Remove conditional check for docker login in CI workflows to streamline execution across all pull requests
* Add conditional check for docker login in CI workflows for pull requests from mattermost/mattermost
* Refactor CI workflows to gracefully skip tests for external pull requests, enhancing clarity and execution flow
* revert checks
* skip fips testing for forks
* Fix fork detection in FIPS tests to allow push events
The previous condition `github.repository_owner == 'mattermost'` was
incorrect as it would always be false for forks. Updated to properly
detect forks using `github.event.pull_request.head.repo.full_name == github.repository`
and allow FIPS tests to run on push events.
---------
Co-authored-by: Jesse Hallam <jesse@mattermost.com>
* pin to ubuntu-24.04
* always use FIPS compatible Postgres settings
* use sha256 for remote cluster IDs
* use sha256 for client config hash
* rework S3 backend to be FIPS compatible
* skip setup-node during build, since already in container
* support FIPS builds
* Dockerfile for FIPS image, using glibc-openssl-fips
* workaround entrypoint inconsistencies
* authenticate to DockerHub
* fix FIPS_ENABLED, add test-mmctl-fips
* decouple check-mattermost-vet from test/build steps
* fixup! decouple check-mattermost-vet from test/build steps
* only build-linux-amd64 for fips
* rm entrypoint workaround
* tweak comment grammar
* rm unused Dockerfile.fips (for now)
* ignore gpg import errors, since would fail later anyway
* for fips, only make package-linux-amd64
* set FIPS_ENABLED for build step
* Add a FIPS-specific list of prepackaged plugins
Note that the names are still temporary, since they are not uploaded to
S3 yet. We may need to tweak them when that happens.
* s/golangci-lint/check-style/
This ensures we run all the `check-style` checks: previously,
`modernize` was missing.
* pin go-vet to @v2, remove annoying comment
* add -fips to linux-amd64.tz.gz package
* rm unused setup-chainctl
* use BUILD_TYPE_NAME instead
* mv fips build to enterprise-only
* fixup! use BUILD_TYPE_NAME instead
* temporarily pre-package no plugins for FIPS
* split package-cleanup
* undo package-cleanup, just skip ARM, also test
* skip arm for FIPS in second target too
* fmt Makefile
* Revert "rm unused Dockerfile.fips (for now)"
This reverts commit 601e37e0ff.
* reintroduce Dockerfile.fips and align with existing Dockerfile
* s/IMAGE/BUILD_IMAGE/
* bump the glibc-openssl-fips version
* rm redundant comment
* fix FIPS checks
* set PLUGIN_PACKAGES empty until prepackaged plugins ready
* upgrade glibc-openssl-fips, use non-dev version for final stage
* another BUILD_IMAGE case
* Prepackage the FIPS versions of plugins
* relocate FIPS_ENABLED initialization before use
* s/Config File MD5/Config File Hash/
* Update the FIPS plugin names and encode the + sign
* add /var/tmp for local socket manipulation
---------
Co-authored-by: Alejandro García Montoro <alejandro.garciamontoro@gmail.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
* consolidate go version computation
* use Go from mattermost-build-server
* work around "error obtaining VCS status: exit status 128" in a container"
* no longer require sudo
* fix config-reset for GOFLAGS
* only test-postgres-binary on master/release
* add check-prereqs-enterprise to test-mmctl* to ensure go.work setup
Replace empty string fallback with github.run_id to prevent workflow
evaluation errors when concurrency group evaluates to empty string on
non-pull-request events.
* Consolidate server and webapp CI workflows into single templates
- Merge server-ci-master.yml and server-ci-pr.yml into server-ci-template.yml
- Merge webapp-ci-master.yml and webapp-ci-pr.yml into webapp-ci-template.yml
- Add conditional concurrency control for PRs only
- Maintain all existing behavior while eliminating duplication
* narrow paths to trigger (server|webapp)-ci
* Consolidate server and webapp CI workflows into single templates
- Merge server-ci-master.yml and server-ci-pr.yml into server-ci-template.yml
- Merge webapp-ci-master.yml and webapp-ci-pr.yml into webapp-ci-template.yml
- Add conditional concurrency control for PRs only
- Maintain all existing behavior while eliminating duplication
* Fix concurrency control to preserve master build behavior
Address feedback about master builds being queued. Make concurrency
group conditional so master builds have no concurrency control at all,
maintaining identical behavior to before consolidation.
- Master builds: No concurrency (multiple builds can run simultaneously)
- PR builds: Concurrency with cancellation (one build per PR)
We discovered that cancel-in-progress only controls
in-progress jobs. Which means that pending jobs will _always_
be cancelled regardless. There is an open discussion:
https://github.com/orgs/community/discussions/5435
which was closed saying this is how the feature is designed.
We try to work around this by refactoring into separate reusable
workflows and having concurrency only for PR workflows.
```release-note
NONE
```
Co-authored-by: Mattermost Build <build@mattermost.com>
Mattermost build was a confusingly named workflow. Changed it
to Server CI to make it consistent with Webapp CI.
Also changed the filenames.
```release-note
NONE
```
