* only build for mattermostdevelopment/mattermost-build-server-fips
* calculate go version from Docker image, not .go-version
* allow manual dispach of build-server-image
* Update mmctl-test-template.yml to conditionally execute docker login for mattermost repository owner
* Update build-server-image.yml and server-test-template.yml to conditionally execute docker login for mattermost repository owner
* Update workflow files to conditionally execute docker login for pull requests from mattermost/mattermost
* Enhance CI workflows to conditionally execute jobs for pull requests from mattermost/mattermost
* Remove conditional check for docker login in CI workflows to streamline execution across all pull requests
* Add conditional check for docker login in CI workflows for pull requests from mattermost/mattermost
* Refactor CI workflows to gracefully skip tests for external pull requests, enhancing clarity and execution flow
* revert checks
* skip fips testing for forks
* Fix fork detection in FIPS tests to allow push events
The previous condition `github.repository_owner == 'mattermost'` was
incorrect as it would always be false for forks. Updated to properly
detect forks using `github.event.pull_request.head.repo.full_name == github.repository`
and allow FIPS tests to run on push events.
---------
Co-authored-by: Jesse Hallam <jesse@mattermost.com>
* pin to ubuntu-24.04
* always use FIPS compatible Postgres settings
* use sha256 for remote cluster IDs
* use sha256 for client config hash
* rework S3 backend to be FIPS compatible
* skip setup-node during build, since already in container
* support FIPS builds
* Dockerfile for FIPS image, using glibc-openssl-fips
* workaround entrypoint inconsistencies
* authenticate to DockerHub
* fix FIPS_ENABLED, add test-mmctl-fips
* decouple check-mattermost-vet from test/build steps
* fixup! decouple check-mattermost-vet from test/build steps
* only build-linux-amd64 for fips
* rm entrypoint workaround
* tweak comment grammar
* rm unused Dockerfile.fips (for now)
* ignore gpg import errors, since would fail later anyway
* for fips, only make package-linux-amd64
* set FIPS_ENABLED for build step
* Add a FIPS-specific list of prepackaged plugins
Note that the names are still temporary, since they are not uploaded to
S3 yet. We may need to tweak them when that happens.
* s/golangci-lint/check-style/
This ensures we run all the `check-style` checks: previously,
`modernize` was missing.
* pin go-vet to @v2, remove annoying comment
* add -fips to linux-amd64.tz.gz package
* rm unused setup-chainctl
* use BUILD_TYPE_NAME instead
* mv fips build to enterprise-only
* fixup! use BUILD_TYPE_NAME instead
* temporarily pre-package no plugins for FIPS
* split package-cleanup
* undo package-cleanup, just skip ARM, also test
* skip arm for FIPS in second target too
* fmt Makefile
* Revert "rm unused Dockerfile.fips (for now)"
This reverts commit 601e37e0ff.
* reintroduce Dockerfile.fips and align with existing Dockerfile
* s/IMAGE/BUILD_IMAGE/
* bump the glibc-openssl-fips version
* rm redundant comment
* fix FIPS checks
* set PLUGIN_PACKAGES empty until prepackaged plugins ready
* upgrade glibc-openssl-fips, use non-dev version for final stage
* another BUILD_IMAGE case
* Prepackage the FIPS versions of plugins
* relocate FIPS_ENABLED initialization before use
* s/Config File MD5/Config File Hash/
* Update the FIPS plugin names and encode the + sign
* add /var/tmp for local socket manipulation
---------
Co-authored-by: Alejandro García Montoro <alejandro.garciamontoro@gmail.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
* consolidate go version computation
* use Go from mattermost-build-server
* work around "error obtaining VCS status: exit status 128" in a container"
* no longer require sudo
* fix config-reset for GOFLAGS
* only test-postgres-binary on master/release
* add check-prereqs-enterprise to test-mmctl* to ensure go.work setup
Replace empty string fallback with github.run_id to prevent workflow
evaluation errors when concurrency group evaluates to empty string on
non-pull-request events.
* Consolidate server and webapp CI workflows into single templates
- Merge server-ci-master.yml and server-ci-pr.yml into server-ci-template.yml
- Merge webapp-ci-master.yml and webapp-ci-pr.yml into webapp-ci-template.yml
- Add conditional concurrency control for PRs only
- Maintain all existing behavior while eliminating duplication
* narrow paths to trigger (server|webapp)-ci
* Consolidate server and webapp CI workflows into single templates
- Merge server-ci-master.yml and server-ci-pr.yml into server-ci-template.yml
- Merge webapp-ci-master.yml and webapp-ci-pr.yml into webapp-ci-template.yml
- Add conditional concurrency control for PRs only
- Maintain all existing behavior while eliminating duplication
* Fix concurrency control to preserve master build behavior
Address feedback about master builds being queued. Make concurrency
group conditional so master builds have no concurrency control at all,
maintaining identical behavior to before consolidation.
- Master builds: No concurrency (multiple builds can run simultaneously)
- PR builds: Concurrency with cancellation (one build per PR)
Setting `id-token: write` allows the workflow to request and use a JSON Web Token (JWT) from GitHub's OIDC provider. This JWT can then be exchanged with an external service -- in this case, ChainGuard -- to obtain short-lived credentials for authenticating and performing actions on that service.
We need to identify ourselves to Chainguard for pulling images during
build steps. Note that the identity value is not a secret, at least in
so far as we're already using it this way over at
https://github.com/mattermost/mattermost/pull/33549/files.
* Improve claude code to run bash commands
With this limitation removed, it can do more things in a PR.
```release-note
NONE
```
* Update claude.yml
* fix indentation
```release-note
NONE
```
* adopt golangci-lint v2
No actual linting changes in this commit, just upgraded tooling and
directives to ignore new linter rules. Adopting v2 solves some
gosec issues in v1 and also happens to be a nice performance boost!
As part of this PR, we also drop support for `MM_NO_ENTERPRISE_LINT`
which hasn't been need for a while anyway.
* simplify: go install is fine!
* missing GOBIN
* golangci-lint: drop legacy preset exclusion
* TestPool
* Store infra
* Store tests updates
* Bump maximum concurrent postgres connections
* More infra
* channels/jobs
* channels/app
* channels/api4
* Protect i18n from concurrent access
* Replace some use of os.Setenv
* Remove debug
* Lint fixes
* Fix more linting
* Fix test
* Remove use of Setenv in drafts tests
* Fix flaky TestWebHubCloseConnOnDBFail
* Fix merge
* [MM-62408] Add CI job to generate test coverage (#30284)
* Add CI job to generate test coverage
* Remove use of Setenv in drafts tests
* Fix flaky TestWebHubCloseConnOnDBFail
* Fix more Setenv usage
* Fix more potential flakyness
* Remove parallelism from flaky test
* Remove conflicting env var
* Fix
* Disable parallelism
* Test atomic covermode
* Disable parallelism
* Enable parallelism
* Add upload coverage step
* Fix codecov.yml
* Add codecov.yml
* Remove redundant workspace field
* Add Parallel() util methods and refactor
* Fix formatting
* More formatting fixes
* Fix reporting
When Elasticsearch/Opensearch was in enterprise repo,
we had to bump up the runners: 9b151defcc.
However, the ES code was move inside server repo,
but the test runners were not changed. This led to frequent
test failures. So we are bumping up the test runners.
This will unfortunately lead to an increased cost, but
we have also cut down in other places viz. the build phase
uses the free runner now (https://github.com/mattermost/mattermost/pull/29297).
And the enterprise build also uses free runner (https://github.com/mattermost/enterprise/pull/1792).
```release-note
NONE
```
* feat: Add package.json for Playwright library with dependencies
* feat: Add explicit exports for test.config in playwright-lib package
* feat: Add initialization setup for Mattermost E2E testing with admin and user client
* fix: Update package dependencies and resolve TypeScript build errors
* feat: Update package exports for test.config to support both CommonJS and ESM
* playwright shared library
* add README, fix pipeline
* keep file structures, move report up to playwright
* minimize API, use the prerelease versions of client and types
* bump version
* update package*.json
* resolve merge conflict
* update depedencies and merge conflicts
* update readme and fix ci
* remove unnecessary export and list all external packages
* fix import for Client4
