* Initial Implementation of Push Proxy Authentication
* Include Config Listener for Leader plus delete startup function as job scheduler runs on initialization
* Remove push proxy auth from local imports
* Add push proxy auth to external imports
* Add push proxy auth error messages
* Update error codes
* Fix enterprise dep definition
* make i18n-extract
* Mock System store Get
* m
* m
* m
* m
* Update serverID header
* Add install type env var to docker
* Update Push Proxy config with new options
Global, US, Germany and Japan. Previous configurations will keep working
* use model.SafeDereference
* Delete token when new push proxy URL is empty
* ServerID header only if auth token is available
---------
Co-authored-by: Daniel Schalla <daniel@mattermost.com>
Co-authored-by: Nick Misasi <nick.misasi@mattermost.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
* Enabling Prometheus, Grafana, Loki and Promtail running as containers by default in local dev environments
* Updating the Grafana dashboards available in the local dev environment
* Revert "Enabling Prometheus, Grafana, Loki and Promtail running as containers by default in local dev environments"
This reverts commit 3a252a8383.
* this config change is not needed anymore
* pin to ubuntu-24.04
* always use FIPS compatible Postgres settings
* use sha256 for remote cluster IDs
* use sha256 for client config hash
* rework S3 backend to be FIPS compatible
* skip setup-node during build, since already in container
* support FIPS builds
* Dockerfile for FIPS image, using glibc-openssl-fips
* workaround entrypoint inconsistencies
* authenticate to DockerHub
* fix FIPS_ENABLED, add test-mmctl-fips
* decouple check-mattermost-vet from test/build steps
* fixup! decouple check-mattermost-vet from test/build steps
* only build-linux-amd64 for fips
* rm entrypoint workaround
* tweak comment grammar
* rm unused Dockerfile.fips (for now)
* ignore gpg import errors, since would fail later anyway
* for fips, only make package-linux-amd64
* set FIPS_ENABLED for build step
* Add a FIPS-specific list of prepackaged plugins
Note that the names are still temporary, since they are not uploaded to
S3 yet. We may need to tweak them when that happens.
* s/golangci-lint/check-style/
This ensures we run all the `check-style` checks: previously,
`modernize` was missing.
* pin go-vet to @v2, remove annoying comment
* add -fips to linux-amd64.tz.gz package
* rm unused setup-chainctl
* use BUILD_TYPE_NAME instead
* mv fips build to enterprise-only
* fixup! use BUILD_TYPE_NAME instead
* temporarily pre-package no plugins for FIPS
* split package-cleanup
* undo package-cleanup, just skip ARM, also test
* skip arm for FIPS in second target too
* fmt Makefile
* Revert "rm unused Dockerfile.fips (for now)"
This reverts commit 601e37e0ff.
* reintroduce Dockerfile.fips and align with existing Dockerfile
* s/IMAGE/BUILD_IMAGE/
* bump the glibc-openssl-fips version
* rm redundant comment
* fix FIPS checks
* set PLUGIN_PACKAGES empty until prepackaged plugins ready
* upgrade glibc-openssl-fips, use non-dev version for final stage
* another BUILD_IMAGE case
* Prepackage the FIPS versions of plugins
* relocate FIPS_ENABLED initialization before use
* s/Config File MD5/Config File Hash/
* Update the FIPS plugin names and encode the + sign
* add /var/tmp for local socket manipulation
---------
Co-authored-by: Alejandro García Montoro <alejandro.garciamontoro@gmail.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
Resets the entrypoint to both build environment Dockerfiles (Dockerfile.buildenv and Dockerfile.buildenv-fips) to unify invoking either a shell or running a command without jumping through hoops.
With glibc 2.34 and the [removal of libpthread](https://developers.redhat.com/articles/2021/12/17/why-glibc-234-removed-libpthread), binaries built using [Debian bookworm](https://www.debian.org/releases/bookworm/) aren't compatible with older but still supported operating systems like RHEL8. In those environments, Mattermost fails to start with errors like:
```
mattermost/bin/mattermost: /lib64/libc.so.6: version `GLIBC_2.32' not found (required by mattermost/bin/mattermost)
mattermost/bin/mattermost: /lib64/libc.so.6: version `GLIBC_2.34' not found (required by mattermost/bin/mattermost)
```
One option might be to generate a static build and avoid the glibc dependency, but this kind of change is out of scope for now. Let's just revert back to using [Debian bullseye](https://www.debian.org/releases/bullseye/), which remains supported until at least August 2026.
* Upgrade Go to 1.24.3
Updates the following files:
- server/.go-version: 1.23.9 → 1.24.3
- server/build/Dockerfile.buildenv: golang:1.23.9-bullseye → golang:1.24.3-bullseye
- server/go.mod: go 1.23.0 → go 1.24.3, toolchain go1.23.9 → go1.24.3
- server/public/go.mod: go 1.23.0 → go 1.24.3, toolchain go1.23.9 → go1.24.3
Also fixes non-constant format string errors introduced by Go 1.24.3's stricter format string checking:
- Added response() helper function in slashcommands/util.go for simple string responses
- Removed unused responsef() function from slashcommands/util.go
- Replaced responsef() with response() for translated strings that don't need formatting
- Fixed fmt.Errorf and fmt.Fprintf calls to use proper format verbs instead of string concatenation
- Updated marketplace buildURL to handle format strings conditionally
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Update generated mocks for Go 1.24.3
Regenerated mocks using mockery v2.53.4 to ensure compatibility with Go 1.24.3.
This addresses mock generation failures that occurred with the Go upgrade.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
* Update to bookworm and fix non-existent sha
Signed-off-by: Stavros Foteinopoulos <stafot@gmail.com>
* fix non-constant format string
---------
Signed-off-by: Stavros Foteinopoulos <stafot@gmail.com>
Co-authored-by: Claude <noreply@anthropic.com>
Co-authored-by: Stavros Foteinopoulos <stafot@gmail.com>
* Move from ubuntu to distroless image
* Update updated ubunty image for first stage
* Update server/build/Dockerfile
Co-authored-by: Daniel Schalla <daniel@mattermost.com>
* Update server/build/Dockerfile
Co-authored-by: Daniel Schalla <daniel@mattermost.com>
* Add mising env var for health check
* Add mattermost user in /etc/passwd
* Fix e2e userId
* use cypress in place of server. Wget and not curl
* Simplify e2e changes
---------
Co-authored-by: Daniel Schalla <daniel@mattermost.com>
* TestPool
* Store infra
* Store tests updates
* Bump maximum concurrent postgres connections
* More infra
* channels/jobs
* channels/app
* channels/api4
* Protect i18n from concurrent access
* Replace some use of os.Setenv
* Remove debug
* Lint fixes
* Fix more linting
* Fix test
* Remove use of Setenv in drafts tests
* Fix flaky TestWebHubCloseConnOnDBFail
* Fix merge
* [MM-62408] Add CI job to generate test coverage (#30284)
* Add CI job to generate test coverage
* Remove use of Setenv in drafts tests
* Fix flaky TestWebHubCloseConnOnDBFail
* Fix more Setenv usage
* Fix more potential flakyness
* Remove parallelism from flaky test
* Remove conflicting env var
* Fix
* Disable parallelism
* Test atomic covermode
* Disable parallelism
* Enable parallelism
* Add upload coverage step
* Fix codecov.yml
* Add codecov.yml
* Remove redundant workspace field
* Add Parallel() util methods and refactor
* Fix formatting
* More formatting fixes
* Fix reporting
As part of https://github.com/mattermost/mattermost/pull/29932, we
stopped packaging Windows for releases. Let's go one step further and
stop building it too (saves build time!). And while we're in here, stop
doing this for OSX as well.
Both these targets remain buildable on demand, but we don't support
these platforms for production deployments.
* Update Go version to v1.23.7
* Bump golangci-lint to a version supporting Go 1.23
* Fix golangci-lint warnings
Several rules from gosimple, revive and staticcheck linters were
failing:
- Redefinition of built-in identifiers (max, min, new, recover...)
- Use of printf-like functions with simple strings
- Check for nil slices, when len already takes it into account
* Trigger Build
* Trigger Build
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* Bump Go version to 1.23.6
* Update CodeQL Github action as well
* Use server's Go version for CodeQL action
Co-authored-by: Antonis Stamatiou <stamatiou.antonis@gmail.com>
* Empty commit to trigger CI
* Bump golangci-lint to a version supporting Go 1.23
* Fix golangci-lint warnings
Several rules from gosimple, revive and staticcheck linters were
failing:
- Redefinition of built-in identifiers (max, min, new, recover...)
- Use of printf-like functions with simple strings
- Check for nil slices, when len already takes it into account
---------
Co-authored-by: Antonis Stamatiou <stamatiou.antonis@gmail.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
* Remove uneeded hack in docker-compose now that problem is solved
* Remove obsolete attribute `version` in docker compose configuration files
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
This PR allows to run a different Mattermost instance in port :8066
using the `make run-node` target. This instance reuses the frontend
files compiled for the main development instance, has its own database
and local mode enabled through environment variables, and for the rest
of the configuration simply takes whatever properties are set in the
`config.json` file.
This target is specially useful to run a Shared Channels development
environment, compiling first the frontend and then running `make
run-server` and `make run-node` side by side, later connecting both
and testing Shared Channels features.
- Update library version.
- Added MaxFlush delay to help reduce CPU usage.
- Fall back to LRU cache for the caches which use SCAN.
- Added mattermost-redis and running for all api layer
tests in Postgres.
https://mattermost.atlassian.net/browse/MM-59934
```release-note
NONE
```
* Utilize free runners for E2E tests, report back to PR on run completion
* Increase test stability on smaller instances
* Merge worker reports
* merge start+prepare steps
* upgrade keycloak
* increase test timeouts
* Add video recording to report artifacts
Co-authored-by: Saturnino Abril <5334504+saturninoabril@users.noreply.github.com>
---------
Co-authored-by: Saturnino Abril <5334504+saturninoabril@users.noreply.github.com>
* update keycloak docker image
* update realm file with a compatible realm
* import realm on start-docker command
Since bitnami's image does not support importing directly, the import of the test realm is done in the make file start-docker action
* Use official image from quay
* updated realm keycloak config
* final note about nickname attrib for saml
* add admin user
* update realm
* Updated from master
* Updated docs
* local typo
* use jq for ldap and saml
* updated readme
* configure Loki for local development
Extend our docker compose setup to include Loki (along with promtail), scraping `logs/*.log` to ingest development logs as well as all logs from running containers.
While we're in here, teach Prometheus to scrape metrics from Docker containers too.
* tweak promtail labels
* document extra services in config.mk
* update home.json
