From 8e4b7c71d920395c37cc02f6795aefcb3c0fd7c1 Mon Sep 17 00:00:00 2001 From: Jordan McClintock Date: Wed, 24 Jan 2024 21:28:31 +0000 Subject: [PATCH] initial mattermost uds package --- .github/actions/save-logs/action.yaml | 18 +++ .github/actions/setup/action.yaml | 30 +++++ .github/workflows/commitlint.yaml | 28 +++++ .../workflows/pull-request-conditionals.yaml | 30 +++++ .github/workflows/tag-and-release.yaml | 49 ++++++++ .github/workflows/test.yaml | 52 +++++++++ .gitignore | 18 +++ .pre-commit-config.yaml | 53 +++++++++ .release-please-manifest.json | 3 + CHANGELOG.md | 62 ++++++++++ CODEOWNERS | 1 + CONTRIBUTING.md | 27 +++++ bundle/uds-bundle.yaml | 26 +++++ bundle/uds-config.yaml | 10 ++ chart/.helmignore | 23 ++++ chart/Chart.yaml | 18 +++ chart/templates/uds-package.yaml | 20 ++++ chart/values.yaml | 0 commitlint.config.js | 1 + docs/DEVELOPMENT_MAINTENANCE.md | 62 ++++++++++ oscal-component.yaml | 80 +++++++++++++ release-please-config.json | 24 ++++ renovate.json | 107 +++++++++++++++++ src/dev-secrets/minio-secret.yaml | 10 ++ src/dev-secrets/postgres-secret.yaml | 9 ++ src/dev-secrets/zarf.yaml | 46 ++++++++ tasks.yaml | 36 ++++++ tasks/cleanup.yaml | 5 + tasks/create.yaml | 17 +++ tasks/deploy.yaml | 10 ++ tasks/publish.yaml | 25 ++++ tasks/setup.yaml | 5 + tasks/test.yaml | 67 +++++++++++ values/mattermost-ce.yaml | 0 values/mattermost-operator-upstream.yaml | 0 values/mattermost-operator-values.yaml | 7 ++ values/mattermost-upstream.yaml | 0 values/mattermost-values.yaml | 59 ++++++++++ version.txt | 1 + zarf.yaml | 110 ++++++++++++++++++ 40 files changed, 1149 insertions(+) create mode 100644 .github/actions/save-logs/action.yaml create mode 100644 .github/actions/setup/action.yaml create mode 100644 .github/workflows/commitlint.yaml create mode 100644 .github/workflows/pull-request-conditionals.yaml create mode 100644 .github/workflows/tag-and-release.yaml create mode 100644 .github/workflows/test.yaml create mode 100644 .gitignore create mode 100644 .pre-commit-config.yaml create mode 100644 .release-please-manifest.json create mode 100644 CHANGELOG.md create mode 100644 CODEOWNERS create mode 100644 CONTRIBUTING.md create mode 100644 bundle/uds-bundle.yaml create mode 100644 bundle/uds-config.yaml create mode 100644 chart/.helmignore create mode 100644 chart/Chart.yaml create mode 100644 chart/templates/uds-package.yaml create mode 100644 chart/values.yaml create mode 100644 commitlint.config.js create mode 100644 docs/DEVELOPMENT_MAINTENANCE.md create mode 100644 oscal-component.yaml create mode 100644 release-please-config.json create mode 100644 renovate.json create mode 100644 src/dev-secrets/minio-secret.yaml create mode 100644 src/dev-secrets/postgres-secret.yaml create mode 100644 src/dev-secrets/zarf.yaml create mode 100644 tasks.yaml create mode 100644 tasks/cleanup.yaml create mode 100644 tasks/create.yaml create mode 100644 tasks/deploy.yaml create mode 100644 tasks/publish.yaml create mode 100644 tasks/setup.yaml create mode 100644 tasks/test.yaml create mode 100644 values/mattermost-ce.yaml create mode 100644 values/mattermost-operator-upstream.yaml create mode 100644 values/mattermost-operator-values.yaml create mode 100644 values/mattermost-upstream.yaml create mode 100644 values/mattermost-values.yaml create mode 100644 version.txt create mode 100644 zarf.yaml diff --git a/.github/actions/save-logs/action.yaml b/.github/actions/save-logs/action.yaml new file mode 100644 index 00000000..fbb3bfce --- /dev/null +++ b/.github/actions/save-logs/action.yaml @@ -0,0 +1,18 @@ +name: save-logs +description: "Save debug logs" + +runs: + using: composite + steps: + - name: Fix log permissions + run: | + sudo chown $USER /tmp/zarf-*.log || echo "" + sudo chown $USER /tmp/uds-*.log || echo "" + shell: bash + + - uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3 + with: + name: debug-log + path: | + /tmp/zarf-*.log + /tmp/uds-*.log diff --git a/.github/actions/setup/action.yaml b/.github/actions/setup/action.yaml new file mode 100644 index 00000000..ecead890 --- /dev/null +++ b/.github/actions/setup/action.yaml @@ -0,0 +1,30 @@ +# action.yml +name: "Setup Environment" +description: "UDS Environment Setup" + +runs: + using: "composite" + steps: + - name: Install Zarf + uses: defenseunicorns/setup-zarf@main + with: + # renovate: datasource=github-tags depName=defenseunicorns/zarf versioning=semver + version: v0.32.1 + download-init-package: true + + - name: Use Node.js latest + uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0 + with: + node-version: 20 + + - name: Install k3d + shell: bash + run: curl -s https://raw.githubusercontent.com/k3d-io/k3d/main/install.sh | TAG=v5.6.0 bash + + - name: Set up Homebrew + uses: Homebrew/actions/setup-homebrew@master + + - name: Install UDS CLI + shell: bash + # renovate: datasource=github-tags depName=defenseunicorns/uds-cli versioning=semver + run: brew install defenseunicorns/tap/uds@0.5.3 diff --git a/.github/workflows/commitlint.yaml b/.github/workflows/commitlint.yaml new file mode 100644 index 00000000..24495034 --- /dev/null +++ b/.github/workflows/commitlint.yaml @@ -0,0 +1,28 @@ +name: Metadata + +on: + pull_request: + branches: [main] + types: [opened, edited, synchronize] + +jobs: + title_check: + runs-on: ubuntu-latest + name: Validate PR Title + permissions: + pull-requests: read + + steps: + - name: Checkout + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + fetch-depth: 0 + + - name: Setup Node.js + uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0 + + - name: Install commitlint + run: npm install --save-dev @commitlint/{config-conventional,cli} + + - name: Lint PR title + run: echo "${{ github.event.pull_request.title }}" | npx commitlint diff --git a/.github/workflows/pull-request-conditionals.yaml b/.github/workflows/pull-request-conditionals.yaml new file mode 100644 index 00000000..91f917f2 --- /dev/null +++ b/.github/workflows/pull-request-conditionals.yaml @@ -0,0 +1,30 @@ +name: Conditionals + +# This workflow is triggered on pull requests to the main branch. +on: + pull_request: + paths: + - ".github/**" + - "bundle/**" + - "values/**" + - "tasks/**" + - "tests/**" + - "tasks.yaml" + - "zarf.yaml" + +# Permissions for the GITHUB_TOKEN used by the workflow. +permissions: + id-token: write # Needed for OIDC-related operations. + contents: read # Allows reading the content of the repository. + pull-requests: read # Allows reading pull request metadata. + +# Default settings for all run commands in the workflow jobs. +defaults: + run: + shell: bash -e -o pipefail {0} # Ensures that scripts fail on error and pipefail is set. + +jobs: + run-test: + name: Test + uses: ./.github/workflows/test.yaml + secrets: inherit diff --git a/.github/workflows/tag-and-release.yaml b/.github/workflows/tag-and-release.yaml new file mode 100644 index 00000000..b6f7afae --- /dev/null +++ b/.github/workflows/tag-and-release.yaml @@ -0,0 +1,49 @@ +name: Publish UDS Package Mattermost + +on: + push: + branches: + - main + +jobs: + tag-new-version: + name: Tag New Version + permissions: write-all + runs-on: ubuntu-latest + outputs: + release_created: ${{ steps.release-flag.outputs.release_created }} + steps: + - name: Create release tag + id: tag + uses: google-github-actions/release-please-action@v4.0.1 + - id: release-flag + run: echo "release_created=${{ steps.tag.outputs.release_created || false }}" >> $GITHUB_OUTPUT + + publish-package: + needs: tag-new-version + if: ${{ needs.tag-new-version.outputs.release_created == 'true' }} + runs-on: ubuntu-latest + name: Publish package + + permissions: + contents: read + packages: write + + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + + - name: Environment setup + uses: ./.github/actions/setup + + - name: Iron Bank Login + run: zarf tools registry login -u "${{secrets.IRON_BANK_ROBOT_USERNAME}}" -p "${{secrets.IRON_BANK_ROBOT_PASSWORD}}" registry1.dso.mil + + - name: Login to GHCR + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: dummy + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Publish Package + run: uds run -f tasks/publish.yaml package diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml new file mode 100644 index 00000000..3685557f --- /dev/null +++ b/.github/workflows/test.yaml @@ -0,0 +1,52 @@ +name: Test package + +on: + # Manual trigger + workflow_dispatch: + + # Triggered by pull-request-conditionals.yaml + workflow_call: + +# Abort prior jobs in the same workflow / PR +concurrency: + group: test-${{ github.ref }}-${{ inputs.package }} + cancel-in-progress: true + +permissions: + contents: read + +jobs: + test: + runs-on: "uds-ubuntu-big-boy-16-core" + timeout-minutes: 20 + name: Test + + steps: + - name: Checkout repository + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + + - name: Environment setup + uses: ./.github/actions/setup + + - name: Iron Bank Login + run: zarf tools registry login -u "${{secrets.IRON_BANK_ROBOT_USERNAME}}" -p "${{secrets.IRON_BANK_ROBOT_PASSWORD}}" registry1.dso.mil + + - name: Create test bundle + run: uds run create-test-bundle + + - name: Setup cluster + run: uds run setup-cluster + + - name: Deploy test bundle + run: uds run deploy-test-bundle + + - name: Test package + run: uds run test-package + + - name: Cleanup + if: always() + run: uds run cleanup + + - name: Save logs + if: always() + uses: ./.github/actions/save-logs diff --git a/.gitignore b/.gitignore new file mode 100644 index 00000000..27d57b39 --- /dev/null +++ b/.gitignore @@ -0,0 +1,18 @@ +.cache/ +.idea/ +.vscode/ +build/ +.DS_Store +*.tar.zst +test/tf/public-ec2-instance/.tool-versions +zarf-sbom + +# Terraform +test/tf/public-ec2-instance/.test-data +test/tf/public-ec2-instance/.terraform +terraform.tfstate +terraform.tfstate.backup +.terraform.lock.hcl + +# SOPS stuff that should never be committed to the repo +secret-sops-gpg.yaml diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 00000000..f5d233cd --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,53 @@ +repos: + - repo: https://github.com/pre-commit/pre-commit-hooks + rev: v4.4.0 + hooks: + - id: check-added-large-files + args: ["--maxkb=1024"] + - id: check-merge-conflict + - id: detect-aws-credentials + args: + - "--allow-missing-credentials" + - id: detect-private-key + exclude: | + (?x)^( + kustomizations/bigbang/environment-bb/values-bigbang.enc.yaml + )$ + - id: end-of-file-fixer + exclude: "^kustomizations/bigbang/vendor/.*$" + - id: fix-byte-order-marker + - id: trailing-whitespace + exclude: "^kustomizations/bigbang/vendor/.*$" + args: [--markdown-linebreak-ext=md] + - id: check-yaml + exclude: | + (?x)^( + charts/raw/templates/resources.yaml + )$ + args: + - "--allow-multiple-documents" + - repo: https://github.com/sirosen/fix-smartquotes + rev: 0.2.0 + hooks: + - id: fix-smartquotes + - repo: https://github.com/python-jsonschema/check-jsonschema + rev: 0.24.0 + hooks: + - id: check-jsonschema + name: "Validate Zarf Configs Against Schema" + files: "zarf.yaml" + types: [yaml] + args: + [ + "--schemafile", + "https://raw.githubusercontent.com/defenseunicorns/zarf/v0.29.1/zarf.schema.json", + "--no-cache" + ] + - repo: https://github.com/golangci/golangci-lint + rev: v1.52.3 + hooks: + - id: golangci-lint + - repo: https://github.com/renovatebot/pre-commit-hooks + rev: 36.40.0 + hooks: + - id: renovate-config-validator diff --git a/.release-please-manifest.json b/.release-please-manifest.json new file mode 100644 index 00000000..25a381a0 --- /dev/null +++ b/.release-please-manifest.json @@ -0,0 +1,3 @@ +{ + ".": "9.3.0-uds.0" +} diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 00000000..067f47ca --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,62 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +## [0.1.7](https://github.com/defenseunicorns/uds-capability-mattermost-operator/compare/v0.1.6...v0.1.7) (2023-12-18) + + +### Features + +* Expose full SSO config ([#22](https://github.com/defenseunicorns/uds-capability-mattermost-operator/issues/22)) ([74b0221](https://github.com/defenseunicorns/uds-capability-mattermost-operator/commit/74b0221bb2da50187792994c171176ee52839e79)) + +## [0.1.6](https://github.com/defenseunicorns/uds-capability-mattermost-operator/compare/v0.1.5...v0.1.6) (2023-12-15) + + +### Miscellaneous + +* Update mattermost to v9.2.3-bb.1 ([#20](https://github.com/defenseunicorns/uds-capability-mattermost-operator/issues/20)) ([03943a2](https://github.com/defenseunicorns/uds-capability-mattermost-operator/commit/03943a252152e374689646c6e18372639ca8901b)) + +## [0.1.5](https://github.com/defenseunicorns/uds-capability-mattermost-operator/compare/v0.1.4...v0.1.5) (2023-12-11) + + +### Features + +* expose volume and volume mounts ([#18](https://github.com/defenseunicorns/uds-capability-mattermost-operator/issues/18)) ([c06ae6a](https://github.com/defenseunicorns/uds-capability-mattermost-operator/commit/c06ae6a0f86aa944c15aa9ea59023b78870cc2cc)) + +## [0.1.4](https://github.com/defenseunicorns/uds-capability-mattermost-operator/compare/v0.1.3...v0.1.4) (2023-12-09) + + +### Features + +* Variablize file store endpoint ([#16](https://github.com/defenseunicorns/uds-capability-mattermost-operator/issues/16)) ([fe89c0c](https://github.com/defenseunicorns/uds-capability-mattermost-operator/commit/fe89c0c1bec6e67f25c0e72fef24c820b1639586)) + +## [0.1.3](https://github.com/defenseunicorns/uds-capability-mattermost-operator/compare/v0.1.2...v0.1.3) (2023-12-07) + + +### Features + +* Add configurable bucket suffix ([#15](https://github.com/defenseunicorns/uds-capability-mattermost-operator/issues/15)) ([d2e78e7](https://github.com/defenseunicorns/uds-capability-mattermost-operator/commit/d2e78e74e1969a2ae33ffc80a4a8613a3005e3ac)) +* add initial oscal component definition file. ([#13](https://github.com/defenseunicorns/uds-capability-mattermost-operator/issues/13)) ([44d78bc](https://github.com/defenseunicorns/uds-capability-mattermost-operator/commit/44d78bc7ef9ea7927624578d13c72cee028b7263)) + +## [0.1.2](https://github.com/defenseunicorns/uds-capability-mattermost-operator/compare/v0.1.1...v0.1.2) (2023-12-01) + + +### Miscellaneous + +* Sync dev deps with releases ([01b85a8](https://github.com/defenseunicorns/uds-capability-mattermost-operator/commit/01b85a8fcb8ee00cd3c9ac46140dbdb6b374aea5)) + +## [0.1.1](https://github.com/defenseunicorns/uds-capability-mattermost-operator/compare/v0.1.0...v0.1.1) (2023-11-29) + + +### Miscellaneous + +* initial release updates ([b5da656](https://github.com/defenseunicorns/uds-capability-mattermost-operator/commit/b5da656be61ed520634c9adaf45b26f268c8f9b3)) +* More release updates ([#11](https://github.com/defenseunicorns/uds-capability-mattermost-operator/issues/11)) ([87fcad9](https://github.com/defenseunicorns/uds-capability-mattermost-operator/commit/87fcad970bcd772e08cec286ee3ff42c5aeec432)) + +## [0.0.0] - 2023-08-42 +PRE RELEASE + +### Added +- Initial CHANGELOG.md +- CONTRIBUTING.md +- CODEOWNERS diff --git a/CODEOWNERS b/CODEOWNERS new file mode 100644 index 00000000..9534e0b4 --- /dev/null +++ b/CODEOWNERS @@ -0,0 +1 @@ +/* @defenseunicorns/uds diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 00000000..1e91fca0 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,27 @@ +# Welcome to the Matter Operator UDS Capability + +Thank you for your interest in this Defense Unicorns UDS Capability! + +This document describes the process and requirements for contributing to this UDS Capability. + +## Developer Experience + +Continuous Delivery is core to our development philosophy. Check out [https://minimumcd.org](https://minimumcd.org) for a good baseline agreement on what that means. + +Specifically: + +* We do trunk-based development (main) with short-lived feature branches that originate from the trunk, get merged into the trunk, and are deleted after the merge +* We don't merge code into main that isn't releasable +* We perform automated testing on all changes before they get merged to main +* Continuous integration (CI) pipeline tests are definitive +* We create immutable release artifacts + +## Definition of Done + +We apply these general principles to all User Stories and activities contributing to the UDS SWF. + +* Automated continuous integration (CI) pipeline tests pass +* CI pipeline tests have been updated to meet system changes +* Changes are peer reviewed +* Acceptance criteria is met +* Documentation is updated to reflect what changed diff --git a/bundle/uds-bundle.yaml b/bundle/uds-bundle.yaml new file mode 100644 index 00000000..9d03db98 --- /dev/null +++ b/bundle/uds-bundle.yaml @@ -0,0 +1,26 @@ +kind: UDSBundle +metadata: + name: mattermost-test + description: A UDS bundle for deploying Mattermost and it's dependencies on a development cluster + # x-release-please-start-version + version: 9.3.0-uds.0 + # x-release-please-end + +packages: + - name: dev-minio + repository: ghcr.io/defenseunicorns/packages/uds/dev-minio + ref: 5.0.13-0 + + - name: dev-postgres + repository: ghcr.io/defenseunicorns/packages/uds/dev-postgres + ref: 12.6.6-0 + + - name: dev-secrets + path: ../ + ref: 0.1.0 + + - name: mattermost + path: ../ + # x-release-please-start-version + ref: 9.3.0-uds.0 + # x-release-please-end diff --git a/bundle/uds-config.yaml b/bundle/uds-config.yaml new file mode 100644 index 00000000..9ce97759 --- /dev/null +++ b/bundle/uds-config.yaml @@ -0,0 +1,10 @@ +variables: + dev-minio: + buckets: | + - name: uds-mattermost-dev + dev-postgres: + db_username: "mattermost" + db_name: "mattermostdb" + mattermost: + mattermost_file_store_endpoint: minio.dev-minio.svc.cluster.local + mattermost_bucket_suffix: "-dev" diff --git a/chart/.helmignore b/chart/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/chart/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/chart/Chart.yaml b/chart/Chart.yaml new file mode 100644 index 00000000..4f367fc2 --- /dev/null +++ b/chart/Chart.yaml @@ -0,0 +1,18 @@ +apiVersion: v2 +name: chart +description: uds-mattermost-config + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 diff --git a/chart/templates/uds-package.yaml b/chart/templates/uds-package.yaml new file mode 100644 index 00000000..d5f7419d --- /dev/null +++ b/chart/templates/uds-package.yaml @@ -0,0 +1,20 @@ +apiVersion: uds.dev/v1alpha1 +kind: Package +metadata: + name: mattermost + namespace: {{ .Release.Namespace }} +spec: + network: + expose: + - service: mattermost + podLabels: + app: mattermost + gateway: tenant + host: mattermost + port: 8065 + allow: + # Todo: wide open for hitting in-cluster or external postgres/s3 + - direction: Egress + podLabels: + app: mattermost + remoteGenerated: Anywhere diff --git a/chart/values.yaml b/chart/values.yaml new file mode 100644 index 00000000..e69de29b diff --git a/commitlint.config.js b/commitlint.config.js new file mode 100644 index 00000000..8567d51d --- /dev/null +++ b/commitlint.config.js @@ -0,0 +1 @@ +module.exports = { extends: ["@commitlint/config-conventional"] }; \ No newline at end of file diff --git a/docs/DEVELOPMENT_MAINTENANCE.md b/docs/DEVELOPMENT_MAINTENANCE.md new file mode 100644 index 00000000..5ca5f51c --- /dev/null +++ b/docs/DEVELOPMENT_MAINTENANCE.md @@ -0,0 +1,62 @@ +# UDS Capability Mattermost Operator + +## How to upgrade this package + +This package is pulling in the [bigbang mattermost operator chart](https://repo1.dso.mil/big-bang/product/packages/mattermost-operator) +and the [bigbang mattermost chart](https://repo1.dso.mil/big-bang/product/packages/mattermost) + +The [mattermost-operator-flux-values.yaml](../mattermost-operator-flux-values.yaml) and [mattermost-flux-values.yaml](../mattermost-flux-values.yaml) file contains values used when creating the flux resources for this package. This includes the version of the chart and the base values used for this package. + +To upgrade +1) Point `application.ref.tag` to the updated version of the chart. +1) Update any base values if necessary. +1) Update the `mattermost-operator` and `mattermost` components in the [zarf.yaml](../zarf.yaml) file to pull in the correct images needed for the updated version of the chart. + +## How to test this package + +1) With docker running and while connected to an aws account. +2) Set these env variables. +```bash +export REPO_URL=https://github.com/defenseunicorns/uds-package-mattermost-operator.git +export GIT_BRANCH= +export REGISTRY1_USERNAME= +export REGISTRY1_PASSWORD= +export AWS_AVAILABILITY_ZONE=a +``` + + 3) At the root of this repository, you can run `make test`. This will provision an ec2 instance, build and deploy all dependencies and packages, and run an e2e test to insure the package is deploying successfully, available and ready. + +You can also follow the bread crumbs of the Makefile to manually create the cluster as well as build and deploy all the necessary packages. + +## How to manually trigger e2e tests in a github PR + +This project uses [slash command dispatch](https://github.com/peter-evans/slash-command-dispatch). To use this, add a comment in your PR that says `/test all`. This will trigger the e2e tests for this repo. + +## Auto e2e tests + +This project will automatically run e2e tests on pushes to `main` + +## Creating Releases + +This project uses [release-please-action](https://github.com/google-github-actions/release-please-action) for versioning and releasing OCI packages. + +### How should I write my commits? + +Release Please assumes you are using [Conventional Commit messages](https://www.conventionalcommits.org/). + +The most important prefixes you should have in mind are: + +- `fix:` which represents bug fixes, and correlates to a [SemVer](https://semver.org/) + patch. +- `feat:` which represents a new feature, and correlates to a SemVer minor. +- `feat!:`, or `fix!:`, `refactor!:`, etc., which represent a breaking change + (indicated by the `!`) and will result in a SemVer major. + +When changes are merged to the `main` branch, the Release Please will evaluate all commits since the previous release to calculate what changes are included and will create another PR to increase the version and tag a new release (per the Release Please design [documentation](https://github.com/googleapis/release-please/blob/main/docs/design.md#lifecycle-of-a-release)). This will also automatically generate changelog entries based on these commits. + +> TIP: Merging a PR should be done via a branch **"Squash and merge"**; this means that the commit message seen on this PR merge is what Release Please will use to determine a version bump. + +When the auto generated Release Please PR is merged the following steps will automatically happen. +1) A new release will be created and tagged +1) An e2e test will be triggered +1) If e2e passes, a new package artifact will be published to the OCI registry \ No newline at end of file diff --git a/oscal-component.yaml b/oscal-component.yaml new file mode 100644 index 00000000..2ffbdbba --- /dev/null +++ b/oscal-component.yaml @@ -0,0 +1,80 @@ +component-definition: + uuid: 8a9a32e4-e847-4f59-8282-b1cbc8d4e98f + metadata: + title: UDS Package Mattermost + last-modified: "2023-12-01T20:09:06Z" + version: "20231201" + oscal-version: 1.1.1 + parties: + - uuid: f3cf70f8-ba44-4e55-9ea3-389ef24847d3 + type: organization + name: Defense Unicorns + links: + - href: https://defenseunicorns.com + rel: website + components: + - uuid: 9f1c741f-caf0-4d67-8ffe-b0f180132f46 + type: software + title: Mattermost + description: | + Mattermost is an open-source, self-hostable online chat service designed for team communication and collaboration. + purpose: Provides users with secure team communication and collaboration capabilities. + responsible-roles: + - role-id: provider + party-uuids: + - f3cf70f8-ba44-4e55-9ea3-389ef24847d3 + control-implementations: + - uuid: d2afb4c4-2cd8-5305-a6cc-d1bc7b388d0c + source: https://raw.githubusercontent.com/GSA/fedramp-automation/93ca0e20ff5e54fc04140613476fba80f08e3c7d/dist/content/rev5/baselines/json/FedRAMP_rev5_HIGH-baseline-resolved-profile_catalog.json + description: Controls partially implemented by Mattermost for inheritance by applications that adheres to FedRAMP High Baseline and DoD IL 6. + implemented-requirements: + - uuid: 889dce9c-d83f-48a3-a62a-3f50e311761a + control-id: au-2 + description: >- + Mattermost creates event logs. + - uuid: ce2c791e-f47e-45d3-9bba-dcd7a372ddd3 + control-id: au-3 + description: >- + Mattermost creates event logs. + - uuid: 2ef78f64-d9ac-4292-a5f1-6c627734d39c + control-id: au-3.1 + description: >- + Mattermost creates event logs. + - uuid: 1041d516-56b9-4652-886e-bd5bad38f789 + control-id: au-8 + description: >- + Mattermost event logs contain NIST compliant timestamps. + - uuid: 05c85212-6f2a-480d-b812-b3e2c5bba3e7 + control-id: cp-2 + description: >- + Mattermost partially addresses this control by aiding in the communication of the contingency plan, updates, and execution. + props: + - name: implemented + ns: https://lula.dev/ns/oscal + value: partially + - uuid: 1f53aad7-b772-476c-bf9c-6406daef7cb1 + control-id: ir-8 + description: >- + Mattermost partially meets this control by providing a secure communication platform for coordination of the incident response plan. + props: + - name: implemented + ns: https://lula.dev/ns/oscal + value: partially + - uuid: 4d4a3721-ea7b-4f20-8059-aee0f6a4b432 + control-id: pl-2 + description: >- + Mattermost partially meets this control by providing a secure communication platform for coordination of the system security and privacy plans. + props: + - name: implemented + ns: https://lula.dev/ns/oscal + value: partially + - uuid: dab3bce5-b7e9-4387-9fce-73fe2731721a + control-id: cm-3.6 + description: >- + Mattermost utilizes the underlying istio for FIPs encryption in transit. Mattermost stores data in an encrypted PostgreSQL database. + back-matter: + resources: + - uuid: 1f88a599-61ea-4667-a453-8374d03cdeb0 + title: UDS Package Mattermost + rlinks: + - href: https://github.com/defenseunicorns/uds-package-mattermost diff --git a/release-please-config.json b/release-please-config.json new file mode 100644 index 00000000..f6ba8517 --- /dev/null +++ b/release-please-config.json @@ -0,0 +1,24 @@ +{ + "packages": { + ".": { + "changelog-path": "CHANGELOG.md", + "changelog-sections": [ + { "type": "feat", "section": "Features", "hidden": false }, + { "type": "fix", "section": "Bug Fixes", "hidden": false }, + { "type": "chore", "section": "Miscellaneous", "hidden": false } + ], + "release-type": "simple", + "bump-minor-pre-major": true, + "bump-patch-for-minor-pre-major": true, + "draft": false, + "versioning": "prerelease", + "prerelease-type": "uds", + "extra-files": [ + "bundle/uds-bundle.yaml", + "tasks/publish.yaml", + "zarf.yaml" + ] + } + }, + "$schema": "https://raw.githubusercontent.com/googleapis/release-please/main/schemas/config.json" +} \ No newline at end of file diff --git a/renovate.json b/renovate.json new file mode 100644 index 00000000..3753c877 --- /dev/null +++ b/renovate.json @@ -0,0 +1,107 @@ +{ + "enabled": true, + "forkProcessing": "enabled", + "$schema": "https://docs.renovatebot.com/renovate-schema.json", + "extends": [ + ":dependencyDashboard", + ":semanticPrefixFixDepsChoreOthers", + "config:base", + "group:all", + "replacements:all", + "workarounds:all" + ], + "timezone": "America/New_York", + "rebaseStalePrs": true, + "schedule": ["after 7am and before 9am every weekday"], + "dependencyDashboard": true, + "platform": "github", + "onboarding": false, + "requireConfig": false, + "dependencyDashboardTitle": "Renovate Dashboard 🤖", + "rebaseWhen": "conflicted", + "commitBodyTable": true, + "ignorePaths": ["archive/**"], + "suppressNotifications": ["prIgnoreNotification"], + "pre-commit": { + "enabled": true + }, + "helm-values": { + "fileMatch": ["./.+\\.yaml$"] + }, + "kubernetes": { + "fileMatch": ["\\.yaml$"], + "ignorePaths": [ + "ansible", + "scripts", + ".github" + ] + }, + "hostRules": [ + { + "matchHost": "registry1.dso.mil", + "hostType": "docker", + "description": "Encrypted creds for registry1, scoped to this Github org using: https://github.com/renovatebot/renovate/blob/main/docs/usage/configuration-options.md#encrypted", + "encrypted": { + "username": "wcFMA/xDdHCJBTolARAAiYqwOfwkjFnb7ifSRLxTGwyh5K8sUv4LFnEt9+clanU0hAoab9qY+98XLG9F5q+JuNWW9XSRgEYvg21LPhpux+2n+sF/n5UHNEc0X2C9zPVKBzRBu4RoNlsWNdq+wQaznHuw/iKmcDKddB29GTcXAC27ON78ex4jW4GBBEIY75OYfWUVJl3VM8cbK3t5iPNeldmdtS/1rEe8U2tGRdYvkwbMjM1hscHfc5wK06zt8NKz874jpqDYs9jT3FVrJbG9FHoTsrLvC9cEknu1BR3+LrEEV2UTpN+xkLbkCiI9F3rHwwYrAKpm3VDxjieWP2PbAZcazPvqNrC12pR3QrdbIN+6w7Xc9lIOuCcR+nB1mCTaZv4wGYoHmXat/nW58wAHqGzEnkfgfW7/dXvvZPoV/54CW2B8/iEp3oCf/mHk6tM/nlaN0fOcyFuLthD2t3L8bZEU8v88Bpa9sZgQYTg8vO3zGZeXqTznmq8NfseCXezho0syBize/4c7NI67JoVGJGUtOSZ56cNJkmNEhzH3CCKoD+j6shrojQ1yPLFgfxMa1zkp0tcAJ2dMxBbdMiGRKJcnJLRUi3N0z5I+JdydSZlFFj6Y+w7jWs1cff3mTyFCyhK3USyz+pF/ctTwpWixWWR7Zu/I0lqOr90LMri0bjzOf3xWP0eV3Osbi40BmdjScgG2LbZNVbKesnxaKLqzeubgLz9aTVTjHfHWQ753t4Ge/NPq+618M8JXuujYRc/Hw4bm1G7NHTKxPhiHCmDu+wPsNvt+nUvyk9Wb72XHYNdA8bUjV1gHj/1oSc3yGjOyiyaxDUR+nkPB8B+tr1cMWcVczw", + "password": "wcFMA/xDdHCJBTolAQ/9FqgG7wEhIpomA4DpTgDIQdShdkpUHxRCAaOXOaYamKxmyqQgX0N55hVvMt100/JK0AomtTehrWjsyYmvOA5bi2QqkJgEu7Vk/Nyg+CeJj27lZnbZ2wkWhIPUUZKbnGzNg8vmFqeSbI/nhcwwG+1Iiy06pBf/NB1V8KeezD3ICPJAe7HfW5FYDpuAnqo4ktagTEcmKp9bSztAEmNVgS325mE+SB5oGI7zZre4WLDmYCcawCJfwE2HqiWp9E42oiyEgsAa2RNmy/9RLMRq8QmAJY9UuAMDgyRUKh1bVEh2rhg3pV8N8ImqD8a7y/b5HOH5SE1b459K7rUACimJf8GtQtuUmU3bEhhYzafbN8sB6PByOgWEqPKvcCffLghCzsene4lOyie48rC0UZSTRrNiebcLLeJTnkQsUNm8x6GN34mZU4qkBam7Isvdyc7BcSo2rvMbsuMJEuns8Ua3TQlAab1PXofHjwf7aDPee4hLtJsR75IdeWA3mhPKo2hnZ08cBDwhsB7aXYxrH3rXAbPx7FvgcxGA73gCFwNXLf6S2xHb+D7C/ny4z9XhIQk4BrxKlmPFlfpELoijHQ34VBilM/XkeICbtBJghE31X3Ef/LZdLBsR9gvT4nK+zRRLVnEqndO4YkHFOjwKWQxyaGmN+ZE5gSbPx0R1EBo7vM48merSdgGRZxfF5OodxM/b3+xxBe6CXqi5yYVeNf/Op/lH/5baX6LUQCYHSNPXPHMstFYQm9QBwn6rA2aOYXojRehYwj8ymQo0wJ0TgVtGHDu+ODhTiPjZV1Mm7vVkucl63FLCDe7odIAgNVMBRInDbGYhKmA+I7To1gU" + } + } + ], + "regexManagers": [ + { + "fileMatch": [".*\\.ya?ml$"], + "matchStrings": [ + "# renovate: datasource=helm\n .*- name: (?.*?)\n *url: (?.*?)\n *version: (?.*)\n" + ], + "datasourceTemplate": "helm", + "extractVersionTemplate": "{{#if extractVersion}}{{{extractVersion}}}{{else}}^(?.*)${{/if}}" + }, + { + "fileMatch": [".*\\.ya?ml$"], + "matchStrings": [ + "# renovate: datasource=(?.*?) depName=(?.*?)( versioning=(?.*?))?( extractVersion=(?.*?))?( registryUrl=(?.*?))?\\s.*?:\\s*['\"]?(?.*?)['\"]?\\s" + ], + "versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver-coerced{{/if}}", + "extractVersionTemplate": "{{#if extractVersion}}{{{extractVersion}}}{{else}}^(?.*)${{/if}}" + }, + { + "fileMatch": [".*\\.ya?ml$"], + "matchStrings": [ + "# renovate: zarf-uri datasource=github-tags depName=(?.*?)( versioning=(?.*?))?\\s.*?uri: ['\"]https:\\/\\/github.com\\/defenseunicorns\\/zarf\\/releases\\/download\\/(?.*)\\/zarf_.*_Linux_amd64['\"]", + "# renovate: zarf-uri datasource=github-tags depName=(?.*?)( versioning=(?.*?))?\\s.*?uri: ['\"]https:\\/\\/github.com\\/defenseunicorns\\/zarf\\/releases\\/download\\/.*\\/zarf_(?.*)_Linux_amd64['\"]" + ], + "versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver-coerced{{/if}}", + "datasourceTemplate": "github-tags" + }, + { + "fileMatch": [".*\/?zarf\\.ya?ml$"], + "matchStrings": [ + "-\\s+['\"](?[^:]+):(?.*)['\"]" + ], + "versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver-coerced{{/if}}", + "datasourceTemplate": "docker", + "extractVersionTemplate": "{{#if extractVersion}}{{{extractVersion}}}{{else}}^(?.*)${{/if}}" + }, + { + "fileMatch": ["^Makefile$"], + "matchStrings": [ + "renovate: datasource=(?.*?) depName=(?.*?)( versioning=(?.*?))?( extractVersion=(?.*?))?( registryUrl=(?.*?))?\\s.*?=\\s*['\"]?(?.*?)['\"]?\\s" + ], + "versioningTemplate": "{{#if versioning}}{{{versioning}}}{{else}}semver-coerced{{/if}}", + "extractVersionTemplate": "{{#if extractVersion}}{{{extractVersion}}}{{else}}^(?.*)${{/if}}" + } + ], + "packageRules": [ + { + "matchManagers": ["terraform"], + "matchDepTypes": ["module"], + "matchDatasources": ["github-tags", "git-tags"], + "versioning": "loose" + }, + { + "matchPackagePatterns": ["big-bang/.*"], + "matchDatasources": ["mattermost-tags"], + "allowedVersions": "!/^v.*$/" + } + ] +} diff --git a/src/dev-secrets/minio-secret.yaml b/src/dev-secrets/minio-secret.yaml new file mode 100644 index 00000000..2a766064 --- /dev/null +++ b/src/dev-secrets/minio-secret.yaml @@ -0,0 +1,10 @@ +# Source: bigbang/templates/mattermost/secret-objectstore.yaml +apiVersion: v1 +kind: Secret +metadata: + name: mattermost-object-store + namespace: mattermost +type: kubernetes.io/opaque +stringData: + accesskey: ###ZARF_VAR_ACCESS_KEY### + secretkey: ###ZARF_VAR_SECRET_KEY### diff --git a/src/dev-secrets/postgres-secret.yaml b/src/dev-secrets/postgres-secret.yaml new file mode 100644 index 00000000..137f7557 --- /dev/null +++ b/src/dev-secrets/postgres-secret.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Secret +metadata: + name: mattermost-postgres + namespace: mattermost +type: kubernetes.io/opaque +stringData: + DB_CONNECTION_CHECK_URL: "postgres://mattermost:###ZARF_VAR_POSTGRES_DB_PASSWORD###@postgresql.dev-postgres.svc.cluster.local:5432/mattermostdb?connect_timeout=10&sslmode=disable" + DB_CONNECTION_STRING: "postgres://mattermost:###ZARF_VAR_POSTGRES_DB_PASSWORD###@postgresql.dev-postgres.svc.cluster.local:5432/mattermostdb?connect_timeout=10&sslmode=disable" diff --git a/src/dev-secrets/zarf.yaml b/src/dev-secrets/zarf.yaml new file mode 100644 index 00000000..38e378e7 --- /dev/null +++ b/src/dev-secrets/zarf.yaml @@ -0,0 +1,46 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/defenseunicorns/zarf/main/zarf.schema.json +kind: ZarfPackageConfig +metadata: + name: dev-secrets + version: "0.1.0" + architecture: amd64 + +components: + - name: minio-password + required: true + actions: + onDeploy: + before: + - cmd: kubectl get secret -n dev-minio minio --template='{{ index .data "rootPassword" }}' | base64 -d + mute: true + setVariables: + - name: SECRET_KEY + sensitive: true + - cmd: kubectl get secret -n dev-minio minio --template='{{ index .data "rootUser" }}' | base64 -d + mute: true + setVariables: + - name: ACCESS_KEY + sensitive: true + - name: mattermost-minio + required: true + manifests: + - name: mattermost-minio + files: + - "minio-secret.yaml" + - name: postgres-password + required: true + actions: + onDeploy: + before: + - cmd: kubectl get secret -n dev-postgres postgresql --template={{.data.password}} | base64 -d + mute: true + setVariables: + - name: POSTGRES_DB_PASSWORD + sensitive: true + - name: mattermost-postgres + required: true + manifests: + - name: mattermost-postgres + namespace: mattermost + files: + - postgres-secret.yaml diff --git a/tasks.yaml b/tasks.yaml new file mode 100644 index 00000000..38b9f09d --- /dev/null +++ b/tasks.yaml @@ -0,0 +1,36 @@ +includes: + - cleanup: ./tasks/cleanup.yaml + - create: ./tasks/create.yaml + - deploy: ./tasks/deploy.yaml + - setup: ./tasks/setup.yaml + - test: ./tasks/test.yaml + +tasks: + - name: setup-cluster + actions: + - task: setup:k3d-test-cluster + + - name: create-package + actions: + - task: create:mattermost-package + + - name: create-test-bundle + actions: + - task: create:mattermost-test-bundle + + - name: deploy-package + actions: + - task: deploy:mattermost-package + + - name: deploy-test-bundle + actions: + - task: deploy:mattermost-test-bundle + + - name: test-package + actions: + - task: test:health-check + - task: test:ingress + + - name: cleanup + actions: + - task: cleanup:destroy diff --git a/tasks/cleanup.yaml b/tasks/cleanup.yaml new file mode 100644 index 00000000..6407fe2e --- /dev/null +++ b/tasks/cleanup.yaml @@ -0,0 +1,5 @@ +tasks: + - name: destroy + actions: + - description: Destroy k3d cluster + cmd: k3d cluster delete uds diff --git a/tasks/create.yaml b/tasks/create.yaml new file mode 100644 index 00000000..fdbbb4c6 --- /dev/null +++ b/tasks/create.yaml @@ -0,0 +1,17 @@ +tasks: + - name: mattermost-test-bundle + description: Create the UDS bundle with Mattermost and its dependencies + actions: + - task: mattermost-package + - task: dependency-package + - cmd: uds create bundle --confirm --no-progress --architecture=${UDS_ARCH} + + - name: mattermost-package + description: Create the UDS Mattermost Zarf Package + actions: + - cmd: zarf package create --confirm --no-progress --architecture=${ZARF_ARCHITECTURE} --flavor registry1 + + - name: dependency-package + description: Create the Minio, PostgreSQL, and Redis Dependency Zarf Packages + actions: + - cmd: zarf package create src/dev-secrets/ --confirm --no-progress --architecture=${UDS_ARCH} --skip-sbom diff --git a/tasks/deploy.yaml b/tasks/deploy.yaml new file mode 100644 index 00000000..0134ca41 --- /dev/null +++ b/tasks/deploy.yaml @@ -0,0 +1,10 @@ +tasks: + - name: mattermost-package + actions: + - description: Deploy the UDS Mattermost Zarf Package + cmd: zarf package deploy zarf-package-mattermost-${UDS_ARCH}-*.tar.zst --confirm --no-progress + + - name: mattermost-test-bundle + actions: + - description: Deploy the UDS bundle with Mattermost and its dependencies + cmd: UDS_CONFIG=bundle/uds-config.yaml uds deploy bundle/uds-bundle-mattermost-test-${UDS_ARCH}-*.tar.zst --confirm --no-progress diff --git a/tasks/publish.yaml b/tasks/publish.yaml new file mode 100644 index 00000000..f8c3d277 --- /dev/null +++ b/tasks/publish.yaml @@ -0,0 +1,25 @@ +variables: + - name: TARGET_REPO + default: oci://ghcr.io/defenseunicorns/packages/uds + + - name: VERSION + description: The version of the package to build + # x-release-please-start-version + default: "9.3.0-uds.0" + # x-release-please-end + +tasks: + - name: package + description: Build and publish the packages + actions: + - description: Create the packages + cmd: | + set -e + ZARF_ARCHITECTURE=amd64 uds run -f tasks/create.yaml mattermost-package --no-progress + ZARF_ARCHITECTURE=arm64 uds run -f tasks/create.yaml mattermost-package --no-progress + + - description: Publish the packages + cmd: | + set -e + zarf package publish zarf-package-mattermost-amd64-${VERSION}.tar.zst ${TARGET_REPO} + zarf package publish zarf-package-mattermost-arm64-${VERSION}.tar.zst ${TARGET_REPO} diff --git a/tasks/setup.yaml b/tasks/setup.yaml new file mode 100644 index 00000000..2a029045 --- /dev/null +++ b/tasks/setup.yaml @@ -0,0 +1,5 @@ +tasks: + - name: k3d-test-cluster + actions: + - description: Create k3d cluster with UDS Core + cmd: uds deploy oci://defenseunicorns/uds/bundles/k3d-core-istio:0.7.0-${UDS_ARCH} --confirm --no-progress diff --git a/tasks/test.yaml b/tasks/test.yaml new file mode 100644 index 00000000..e8e7d1cc --- /dev/null +++ b/tasks/test.yaml @@ -0,0 +1,67 @@ +tasks: + - name: health-check + actions: + - description: Mattermost Exporter Health Check + wait: + cluster: + kind: Deployment + name: mattermost-mattermost-exporter + namespace: mattermost + + - description: Mattermost Registry Health Check + wait: + cluster: + kind: Deployment + name: mattermost-registry + namespace: mattermost + + - description: Mattermost Shell Health Check + wait: + cluster: + kind: Deployment + name: mattermost-mattermost-shell + namespace: mattermost + + - description: Mattermost Toolbox Health Check + wait: + cluster: + kind: Deployment + name: mattermost-toolbox + namespace: mattermost + + - description: Mattermost Sidekiq Health Check + wait: + cluster: + kind: Deployment + name: mattermost-sidekiq-all-in-1-v2 + namespace: mattermost + + - description: Mattermost Webservice Health Check + wait: + cluster: + kind: Deployment + name: mattermost-webservice-default + namespace: mattermost + + - description: Mattermost Gitaly Health Check + wait: + cluster: + kind: StatefulSet + name: mattermost-gitaly + namespace: mattermost + + - description: Mattermost Migrations Health Check + wait: + cluster: + kind: Job + name: mattermost-migrations-1 + namespace: mattermost + + - name: ingress + actions: + - description: Mattermost UI Health Check + wait: + network: + protocol: https + address: mattermost.uds.dev + code: 200 diff --git a/values/mattermost-ce.yaml b/values/mattermost-ce.yaml new file mode 100644 index 00000000..e69de29b diff --git a/values/mattermost-operator-upstream.yaml b/values/mattermost-operator-upstream.yaml new file mode 100644 index 00000000..e69de29b diff --git a/values/mattermost-operator-values.yaml b/values/mattermost-operator-values.yaml new file mode 100644 index 00000000..67222be4 --- /dev/null +++ b/values/mattermost-operator-values.yaml @@ -0,0 +1,7 @@ +# imagePullSecrets: +# - name: private-registry + +image: + imagePullPolicy: IfNotPresent + +openshift: false \ No newline at end of file diff --git a/values/mattermost-upstream.yaml b/values/mattermost-upstream.yaml new file mode 100644 index 00000000..e69de29b diff --git a/values/mattermost-values.yaml b/values/mattermost-values.yaml new file mode 100644 index 00000000..0f0be727 --- /dev/null +++ b/values/mattermost-values.yaml @@ -0,0 +1,59 @@ +# hostname is deprecated and replaced with domain. But if hostname exists then use it. +hostname: ###ZARF_VAR_DOMAIN### +domain: ###ZARF_VAR_DOMAIN### + +enterprise: + enabled: ###ZARF_VAR_MATTERMOST_ENTERPRISE_ENABLED### + license: | + ###ZARF_VAR_MATTERMOST_ENTERPRISE_LICENSE### + +openshift: false + +image: + imagePullPolicy: IfNotPresent + +updateJob: + disabled: true + +# monitoring: +# enabled: true + +# serviceMonitor: +# enabled: true +# # conditional passes only for default istio: enabled, mTLS: STRICT +# scheme: https +# tlsConfig: +# caFile: /etc/prom-certs/root-cert.pem +# certFile: /etc/prom-certs/cert-chain.pem +# keyFile: /etc/prom-certs/key.pem +# insecureSkipVerify: true # Prometheus does not support Istio security naming, thus skip verifying target pod certificate + +sso: + enabled: ###ZARF_VAR_MATTERMOST_SSO_ENABLED### + client_id: ###ZARF_VAR_MATTERMOST_SSO_CLIENT_ID### + client_secret: ###ZARF_VAR_MATTERMOST_SSO_CLIENT_SECRET### + auth_endpoint: ###ZARF_VAR_MATTERMOST_SSO_AUTH_ENDPOINT### + token_endpoint: ###ZARF_VAR_MATTERMOST_SSO_TOKEN_ENDPOINT### + user_api_endpoint: ###ZARF_VAR_MATTERMOST_SSO_USER_API_ENDPOINT### + enable_sign_up_with_email: ###ZARF_VAR_MATTERMOST_SSO_EMAIL_SIGNUP_ENABLED### + enable_sign_in_with_email: ###ZARF_VAR_MATTERMOST_SSO_EMAIL_SIGNIN_ENABLED### + enable_sign_in_with_username: ###ZARF_VAR_MATTERMOST_SSO_USERNAME_SIGNIN_ENABLED### + +# global: + # imagePullSecrets: + # - name: private-registry +database: + secret: "mattermost-postgres" +fileStore: + secret: "mattermost-object-store" + url: "###ZARF_VAR_MATTERMOST_FILE_STORE_ENDPOINT###" + bucket: "uds-mattermost###ZARF_VAR_MATTERMOST_BUCKET_SUFFIX###" + +# mattermostEnvs: +# # required for Keycloak >= 20.X to work with mattermost auth pointed to Keycloak +# MM_MATTERMOSTSETTINGS_SCOPE: openid + +volumes: + ###ZARF_VAR_MATTERMOST_VOLUMES### +volumeMounts: + ###ZARF_VAR_MATTERMOST_VOLUME_MOUNTS### diff --git a/version.txt b/version.txt new file mode 100644 index 00000000..ac81141f --- /dev/null +++ b/version.txt @@ -0,0 +1 @@ +9.3.0-uds.0 \ No newline at end of file diff --git a/zarf.yaml b/zarf.yaml new file mode 100644 index 00000000..7748dfb5 --- /dev/null +++ b/zarf.yaml @@ -0,0 +1,110 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/defenseunicorns/zarf/main/zarf.schema.json +kind: ZarfPackageConfig +metadata: + name: mattermost + description: "UDS mattermost package deployed via flux" + # x-release-please-start-version + version: "9.3.0-uds.0" + # x-release-please-end + architecture: amd64 + +variables: + - name: MATTERMOST_ENTERPRISE_ENABLED + default: "false" + - name: MATTERMOST_ENTERPRISE_LICENSE + default: "" + autoIndent: true + - name: MATTERMOST_BUCKET_SUFFIX + default: "" + - name: MATTERMOST_FILE_STORE_ENDPOINT + default: "minio" + - name: MATTERMOST_VOLUMES + default: "[]" + autoIndent: true + - name: MATTERMOST_VOLUME_MOUNTS + default: "[]" + autoIndent: true + - name: MATTERMOST_SSO_ENABLED + default: "false" + - name: MATTERMOST_SSO_CLIENT_ID + default: "" + - name: MATTERMOST_SSO_CLIENT_SECRET + default: "" + - name: MATTERMOST_SSO_AUTH_ENDPOINT + default: "" + - name: MATTERMOST_SSO_TOKEN_ENDPOINT + default: "" + - name: MATTERMOST_SSO_USER_API_ENDPOINT + default: "" + - name: MATTERMOST_SSO_EMAIL_SIGNUP_ENABLED + default: "false" + - name: MATTERMOST_SSO_EMAIL_SIGNIN_ENABLED + default: "false" + - name: MATTERMOST_SSO_USERNAME_SIGNIN_ENABLED + default: "false" + - name: DOMAIN + default: "uds.dev" + +components: + - name: mattermost + required: true + description: "Deploy Mattermost" + only: + flavor: registry1 + charts: + - name: mattermost-operator + namespace: mattermost-operator + url: https://repo1.dso.mil/big-bang/product/packages/mattermost-operator.git + gitPath: chart + version: 1.20.1-bb.0 + valuesFiles: + - values/mattermost-operator-values.yaml + - name: mattermost + namespace: mattermost + url: https://repo1.dso.mil/big-bang/product/packages/mattermost.git + gitPath: chart + version: 9.3.0-bb.2 + valuesFiles: + - values/mattermost-values.yaml + - name: uds-mattermost-config + namespace: mattermost + version: 0.1.0 + localPath: chart + images: + - "registry1.dso.mil/ironbank/opensource/mattermost/mattermost-operator:v1.20.1" + - "registry1.dso.mil/ironbank/opensource/mattermost/mattermost:v9.3.0" + - "registry1.dso.mil/ironbank/opensource/postgres/postgresql12:12.17" + + - name: mattermost + required: true + description: "Deploy Mattermost" + only: + flavor: upstream-ce + charts: + - name: mattermost-operator + namespace: mattermost-operator + url: https://helm.mattermost.com + gitPath: chart + version: 0.3.5 + valuesFiles: + - values/mattermost-operator-values.yaml + - values/mattermost-operator-upstream.yaml + - name: mattermost-team-edition + namespace: mattermost + url: https://helm.mattermost.com + gitPath: chart + version: 6.6.46 + valuesFiles: + - values/mattermost-values.yaml + - values/mattermost-upstream.yaml + - values/mattermost-ce.yaml + - name: uds-mattermost-config + namespace: mattermost + version: 0.1.0 + localPath: chart + images: + - appropriate/curl:latest + - bats/bats:v1.1.0 + - busybox:1.31.1 + - mattermost/mattermost-operator:v1.20.1 + - mattermost/mattermost-team-edition:9.4.1