From 43044cf8ed321b7e71977c01280ab40300fb5a2b Mon Sep 17 00:00:00 2001
From: Wayne Starr <me@racer159.com>
Date: Thu, 21 Mar 2024 13:27:41 -0600
Subject: [PATCH 1/4] chore: implement upgrade tests for mattermost

---
 .github/workflows/ci-docs-shim.yaml          |  7 +--
 .github/workflows/codeql.yaml                |  2 +-
 .github/workflows/commitlint.yaml            |  2 +-
 .github/workflows/dependencyreview.yaml      |  2 +-
 .github/workflows/lint.yaml                  | 34 +++++++++++++
 .github/workflows/scorecard.yaml             |  2 +-
 .github/workflows/tag-and-release.yaml       | 12 ++---
 .github/workflows/test.yaml                  | 13 ++---
 .yamllint                                    | 35 +++++++++++++
 README.md                                    | 14 ++----
 bundle/uds-bundle.yaml                       | 10 ++--
 chart/templates/mattermost-config.yaml       |  2 +-
 chart/templates/mattermost-gossip-svc.yaml   |  2 +-
 chart/templates/mattermost-object-store.yaml |  2 +-
 chart/templates/mattermost-postgres.yaml     |  2 +-
 chart/templates/mattermost-sso.yaml          |  2 +-
 chart/templates/uds-package.yaml             |  4 +-
 common/zarf.yaml                             |  4 +-
 oscal-component.yaml                         |  6 +--
 renovate.json                                | 27 +++++++---
 tasks.yaml                                   | 53 +++++++++++---------
 tasks/create.yaml                            | 20 --------
 tasks/dependencies.yaml                      |  5 ++
 tasks/publish.yaml                           | 32 ++++++------
 tasks/test.yaml                              |  1 +
 25 files changed, 177 insertions(+), 118 deletions(-)
 create mode 100644 .github/workflows/lint.yaml
 create mode 100644 .yamllint
 delete mode 100644 tasks/create.yaml
 create mode 100644 tasks/dependencies.yaml

diff --git a/.github/workflows/ci-docs-shim.yaml b/.github/workflows/ci-docs-shim.yaml
index 02ea9c09..ad8e133a 100644
--- a/.github/workflows/ci-docs-shim.yaml
+++ b/.github/workflows/ci-docs-shim.yaml
@@ -22,13 +22,14 @@ on:
 
 jobs:
   run-test:
-    name: Create and Deploy Flavor ${{ matrix.flavor }}
+    name: ${{ matrix.type }} ${{ matrix.flavor }}
     runs-on: "ubuntu-latest"
     timeout-minutes: 20
     strategy:
       matrix:
         flavor: [upstream, registry1]
+        type: [install, upgrade]
     steps:
-      - name: Shim for Deploy ${{ matrix.flavor }}
+      - name: Shim for ${{ matrix.type }} ${{ matrix.flavor }}
         run: |
-          echo "Documentation-only change detected; marking Deploy ${{ matrix.flavor }} as successful."
+          echo "Documentation-only change detected; marking ${{ matrix.type }} ${{ matrix.flavor }} as successful."
diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml
index 64a7cb57..78a06858 100644
--- a/.github/workflows/codeql.yaml
+++ b/.github/workflows/codeql.yaml
@@ -42,4 +42,4 @@ jobs:
       - name: Perform CodeQL Analysis
         uses: github/codeql-action/analyze@a56a03b370b87b26fde6d680755f818cfda0372b # v2.24.5
         with:
-          category: "/language:${{matrix.language}}"
\ No newline at end of file
+          category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/commitlint.yaml b/.github/workflows/commitlint.yaml
index 54ef3a69..d02d0eb3 100644
--- a/.github/workflows/commitlint.yaml
+++ b/.github/workflows/commitlint.yaml
@@ -8,4 +8,4 @@ on:
 jobs:
   validate:
     name: Validate
-    uses: defenseunicorns/uds-common/.github/workflows/commitlint.yaml@442bae718050ea9a47254851a45632aabeb13b17
+    uses: defenseunicorns/uds-common/.github/workflows/commitlint.yaml@e2ad99f7caba1b0d08856918db9385a431cfdbca # v0.3.3
diff --git a/.github/workflows/dependencyreview.yaml b/.github/workflows/dependencyreview.yaml
index a5937a71..3f345622 100644
--- a/.github/workflows/dependencyreview.yaml
+++ b/.github/workflows/dependencyreview.yaml
@@ -24,4 +24,4 @@ jobs:
       - name: 'Checkout Repository'
         uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
       - name: 'Dependency Review'
-        uses: actions/dependency-review-action@0efb1d1d84fc9633afcdaad14c485cbbc90ef46c # v2.5.1
\ No newline at end of file
+        uses: actions/dependency-review-action@0efb1d1d84fc9633afcdaad14c485cbbc90ef46c # v2.5.1
diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml
new file mode 100644
index 00000000..c5638525
--- /dev/null
+++ b/.github/workflows/lint.yaml
@@ -0,0 +1,34 @@
+name: Scan
+
+on:
+  # This workflow is triggered on pull requests to the main branch.
+  pull_request:
+    branches: [main]
+    types: [milestoned, opened, synchronize]
+
+jobs:
+  validate:
+    runs-on: ubuntu-latest
+    name: Lint
+    permissions:
+      contents: read # Allows reading the repo contents
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        with:
+          fetch-depth: 0
+
+      - name: Environment setup
+        uses: defenseunicorns/uds-common/.github/actions/setup@e2ad99f7caba1b0d08856918db9385a431cfdbca # v0.3.3
+        with:
+          username: ${{ secrets.IRON_BANK_ROBOT_USERNAME }}
+          password: ${{ secrets.IRON_BANK_ROBOT_PASSWORD }}
+
+      - name: Install lint deps
+        run: |
+          uds run lint:deps
+
+      - name: Lint the repository
+        run: |
+          uds run lint:yaml
diff --git a/.github/workflows/scorecard.yaml b/.github/workflows/scorecard.yaml
index f9307bf7..23a96197 100644
--- a/.github/workflows/scorecard.yaml
+++ b/.github/workflows/scorecard.yaml
@@ -5,7 +5,7 @@ on:
   schedule:
     - cron: '30 1 * * 6'
   push:
-    branches: [ "main" ]
+    branches: ["main"]
 
 # Declare default permissions as read only.
 permissions: read-all
diff --git a/.github/workflows/tag-and-release.yaml b/.github/workflows/tag-and-release.yaml
index 09fc94b8..cd7eef20 100644
--- a/.github/workflows/tag-and-release.yaml
+++ b/.github/workflows/tag-and-release.yaml
@@ -34,28 +34,28 @@ jobs:
     permissions:
       contents: read
       packages: write
-    
+
     steps:
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
       - name: Environment setup
-        uses: defenseunicorns/uds-common/.github/actions/setup@442bae718050ea9a47254851a45632aabeb13b17
+        uses: defenseunicorns/uds-common/.github/actions/setup@e2ad99f7caba1b0d08856918db9385a431cfdbca # v0.3.3
         with:
           username: ${{secrets.IRON_BANK_ROBOT_USERNAME}}
           password: ${{secrets.IRON_BANK_ROBOT_PASSWORD}}
-    
+
       - name: Login to GHCR
         uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3
         with:
           registry: ghcr.io
           username: dummy
           password: ${{ secrets.GITHUB_TOKEN }}
-    
+
       - name: Publish Package
         run: uds run -f tasks/publish.yaml package --set FLAVOR=${{ matrix.flavor }}
 
       - name: Save logs
         if: always()
-        uses: defenseunicorns/uds-common/.github/actions/save-logs@442bae718050ea9a47254851a45632aabeb13b17
+        uses: defenseunicorns/uds-common/.github/actions/save-logs@e2ad99f7caba1b0d08856918db9385a431cfdbca # v0.3.3
         with:
-          suffix: ${{ matrix.flavor }}-${{ github.run_id }}-${{ github.run_attempt }}
\ No newline at end of file
+          suffix: ${{ matrix.flavor }}-${{ github.run_id }}-${{ github.run_attempt }}
diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
index 7069c096..6e0d9ac9 100644
--- a/.github/workflows/test.yaml
+++ b/.github/workflows/test.yaml
@@ -4,7 +4,7 @@ name: Test
 on:
   pull_request:
     branches: [main]
-    types: [milestoned, opened, edited, synchronize]  
+    types: [milestoned, opened, synchronize]
     paths-ignore:
       - "**.md"
       - "**.jpg"
@@ -33,30 +33,31 @@ permissions:
 
 jobs:
   run-test:
-    name: Create and Deploy Flavor ${{ matrix.flavor }}
+    name: ${{ matrix.type }} ${{ matrix.flavor }}
     runs-on: ubuntu-latest
     timeout-minutes: 20
     strategy:
       matrix:
         flavor: [upstream, registry1]
+        type: [install, upgrade]
 
     steps:
       - name: Checkout repository
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
       - name: Environment setup
-        uses: defenseunicorns/uds-common/.github/actions/setup@442bae718050ea9a47254851a45632aabeb13b17
+        uses: defenseunicorns/uds-common/.github/actions/setup@e2ad99f7caba1b0d08856918db9385a431cfdbca # v0.3.3
         with:
           username: ${{secrets.IRON_BANK_ROBOT_USERNAME}}
           password: ${{secrets.IRON_BANK_ROBOT_PASSWORD}}
 
       - name: Test
-        uses: defenseunicorns/uds-common/.github/actions/test@442bae718050ea9a47254851a45632aabeb13b17
+        uses: defenseunicorns/uds-common/.github/actions/test@e2ad99f7caba1b0d08856918db9385a431cfdbca # v0.3.3
         with:
           flavor: ${{ matrix.flavor }}
 
       - name: Save logs
         if: always()
-        uses: defenseunicorns/uds-common/.github/actions/save-logs@442bae718050ea9a47254851a45632aabeb13b17
+        uses: defenseunicorns/uds-common/.github/actions/save-logs@e2ad99f7caba1b0d08856918db9385a431cfdbca # v0.3.3
         with:
-          suffix: ${{ matrix.flavor }}-${{ github.run_id }}-${{ github.run_attempt }}
+          suffix: ${{ matrix.type }}-${{ matrix.flavor }}-${{ github.run_id }}-${{ github.run_attempt }}
diff --git a/.yamllint b/.yamllint
new file mode 100644
index 00000000..3b3e2556
--- /dev/null
+++ b/.yamllint
@@ -0,0 +1,35 @@
+yaml-files:
+  - '**/*.y*ml'
+  - '.yamllint'
+
+ignore:
+  - 'chart/templates**'
+
+rules:
+  anchors: enable
+  braces: enable
+  brackets: enable
+  colons: enable
+  commas: enable
+  comments:
+    level: warning
+  comments-indentation:
+    level: warning
+  document-end: disable
+  document-start:
+    level: warning
+  empty-lines: enable
+  empty-values: disable
+  float-values: disable
+  hyphens: enable
+  indentation: enable
+  key-duplicates: enable
+  key-ordering: disable
+  line-length: disable
+  new-line-at-end-of-file: enable
+  new-lines: enable
+  octal-values: disable
+  quoted-strings: disable
+  trailing-spaces: enable
+  truthy:
+    level: warning
diff --git a/README.md b/README.md
index 123ac142..1d6145e8 100644
--- a/README.md
+++ b/README.md
@@ -61,17 +61,9 @@ The released packages can be found in [ghcr](https://github.com/defenseunicorns/
 
 ## UDS Tasks (for local dev and CI)
 
-*For local dev, this requires installing [uds-cli](https://github.com/defenseunicorns/uds-cli?tab=readme-ov-file#install)
-
-| Task | Description | Example |
-| ---- | ----------- | ------- |
-| setup-cluster | Uses the `k3d-core-istio` bundle to create a cluster for testing against | `uds run setup-cluster` |
-| create-package | Creates just the Mattermost package | `uds run create-package --set FLAVOR=<flavor>` |
-| create-test-bundle | Creates Mattermost and Mattermost dependency packages and then bundles them | `uds run create-test-bundle` |
-| deploy-package | Deploy Mattermost package only | `uds run deploy-package` |
-| deploy-test-bundle | Deploy Mattermost and Mattermost dependency bundle | `uds run deploy-test-bundle` |
-| test-package | Run checks against a deployed package or bundle | `uds run test-package` |
-| cleanup | Teardown the cluster | `uds run cleanup` |
+*For local dev, this requires you install [uds-cli](https://github.com/defenseunicorns/uds-cli?tab=readme-ov-file#install)
+
+> :white_check_mark: **Tip:** To get a list of tasks to run you can use `uds run --list`!
 
 ## Contributing
 
diff --git a/bundle/uds-bundle.yaml b/bundle/uds-bundle.yaml
index b189a83c..6d793598 100644
--- a/bundle/uds-bundle.yaml
+++ b/bundle/uds-bundle.yaml
@@ -10,18 +10,18 @@ packages:
   - name: dev-minio
     repository: ghcr.io/defenseunicorns/packages/uds/dev-minio
     ref: 0.0.1
-  
+
   - name: dev-postgres
     repository: ghcr.io/defenseunicorns/packages/uds/dev-postgres
     ref: 0.0.1
-  
+
   - name: dev-secrets
     path: ../
     ref: 0.1.0
     exports:
-    - name: ACCESS_KEY
-    - name: SECRET_KEY
-    - name: DB_PASSWORD
+      - name: ACCESS_KEY
+      - name: SECRET_KEY
+      - name: DB_PASSWORD
 
   - name: mattermost
     path: ../
diff --git a/chart/templates/mattermost-config.yaml b/chart/templates/mattermost-config.yaml
index 53dbba44..15eedf01 100644
--- a/chart/templates/mattermost-config.yaml
+++ b/chart/templates/mattermost-config.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: mattermost-config
-  namespace: {{ .Release.Namespace }}
+  namespace: {{.Release.Namespace}}
 type: Opaque
 stringData:
   MM_PLUGINSETTINGS_ENABLEUPLOADS: "{{ .Values.config.enablePluginUploads | toString }}"
diff --git a/chart/templates/mattermost-gossip-svc.yaml b/chart/templates/mattermost-gossip-svc.yaml
index 5d190824..80903bc5 100644
--- a/chart/templates/mattermost-gossip-svc.yaml
+++ b/chart/templates/mattermost-gossip-svc.yaml
@@ -3,7 +3,7 @@ apiVersion: v1
 kind: Service
 metadata:
   name: mattermost-gossip
-  namespace: {{ .Release.Namespace }}
+  namespace: {{.Release.Namespace}}
   labels:
     app.kubernetes.io/name: mattermost-enterprise-edition
 spec:
diff --git a/chart/templates/mattermost-object-store.yaml b/chart/templates/mattermost-object-store.yaml
index 03b627e0..05f056d4 100644
--- a/chart/templates/mattermost-object-store.yaml
+++ b/chart/templates/mattermost-object-store.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: mattermost-object-store
-  namespace: {{ .Release.Namespace }}
+  namespace: {{.Release.Namespace}}
 type: Opaque
 stringData:
   MM_FILESETTINGS_AMAZONS3SSL: "{{ .Values.objectStorage.secure | toString }}"
diff --git a/chart/templates/mattermost-postgres.yaml b/chart/templates/mattermost-postgres.yaml
index 3830dc36..d64fd96b 100644
--- a/chart/templates/mattermost-postgres.yaml
+++ b/chart/templates/mattermost-postgres.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: mattermost-postgres
-  namespace: {{ .Release.Namespace }}
+  namespace: {{.Release.Namespace}}
 type: Opaque
 stringData:
   db_connection_string: "postgres://{{ .Values.postgres.username }}:{{ .Values.postgres.password }}@{{ .Values.postgres.host }}:{{ .Values.postgres.port }}/{{ .Values.postgres.dbName }}{{ .Values.postgres.connectionOptions }}"
diff --git a/chart/templates/mattermost-sso.yaml b/chart/templates/mattermost-sso.yaml
index 84de4369..1cc1be56 100644
--- a/chart/templates/mattermost-sso.yaml
+++ b/chart/templates/mattermost-sso.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: mattermost-sso
-  namespace: {{ .Release.Namespace }}
+  namespace: {{.Release.Namespace}}
 type: Opaque
 stringData:
   MM_GITLABSETTINGS_ENABLE: "{{ .Values.sso.enabled | toString }}"
diff --git a/chart/templates/uds-package.yaml b/chart/templates/uds-package.yaml
index efbf7ad2..7ce6779c 100644
--- a/chart/templates/uds-package.yaml
+++ b/chart/templates/uds-package.yaml
@@ -2,7 +2,7 @@ apiVersion: uds.dev/v1alpha1
 kind: Package
 metadata:
   name: mattermost
-  namespace: {{ .Release.Namespace }}
+  namespace: {{.Release.Namespace}}
 spec:
   network:
     expose:
@@ -10,7 +10,7 @@ spec:
         podLabels:
           app.kubernetes.io/name: mattermost-enterprise-edition
         gateway: tenant
-        host: {{ .Values.subdomain }}
+        host: {{.Values.subdomain}}
         port: 8065
     allow:
       # Permit intra-namespace communication for job communications
diff --git a/common/zarf.yaml b/common/zarf.yaml
index ac258ed3..493b7ff3 100644
--- a/common/zarf.yaml
+++ b/common/zarf.yaml
@@ -2,7 +2,7 @@
 kind: ZarfPackageConfig
 metadata:
   name: mattermost-common
-  description: "UDS Mattermost Common Package" 
+  description: "UDS Mattermost Common Package"
 
 components:
   - name: mattermost
@@ -20,4 +20,4 @@ components:
         gitPath: chart
         version: 2.6.43
         valuesFiles:
-          - ../values/common-values.yaml
\ No newline at end of file
+          - ../values/common-values.yaml
diff --git a/oscal-component.yaml b/oscal-component.yaml
index 2ffbdbba..36af65ac 100644
--- a/oscal-component.yaml
+++ b/oscal-component.yaml
@@ -31,15 +31,15 @@ component-definition:
             - uuid: 889dce9c-d83f-48a3-a62a-3f50e311761a
               control-id: au-2
               description: >-
-                Mattermost creates event logs.  
+                Mattermost creates event logs.
             - uuid: ce2c791e-f47e-45d3-9bba-dcd7a372ddd3
               control-id: au-3
               description: >-
-                Mattermost creates event logs.  
+                Mattermost creates event logs.
             - uuid: 2ef78f64-d9ac-4292-a5f1-6c627734d39c
               control-id: au-3.1
               description: >-
-                Mattermost creates event logs.  
+                Mattermost creates event logs.
             - uuid: 1041d516-56b9-4652-886e-bd5bad38f789
               control-id: au-8
               description: >-
diff --git a/renovate.json b/renovate.json
index 8bb93ce0..1f030a3d 100644
--- a/renovate.json
+++ b/renovate.json
@@ -10,15 +10,26 @@
     "replacements:all",
     "workarounds:all"
   ],
-  "hostRules": [
+  "packageRules": [
     {
-      "matchHost": "registry1.dso.mil",
-      "hostType": "docker",
-      "description": "Encrypted creds for registry1, scoped to this Github org using: https://github.com/renovatebot/renovate/blob/main/docs/usage/configuration-options.md#encrypted",
-      "encrypted": {
-        "username": "wcFMA/xDdHCJBTolAQ/9FXYzgNUO6MJ9crVH8W1p5U8ecnK6yamVOBmKib+9Lu4dtldIzqJBObR8Ctvq+our0VTXbhuCU0AvghJO+Rbjij+sDK3VNL93ojD2Xcd3IHeZhz4U+K2VPIRKHGPTC2mfc9pRZ076hoRqeAPWYrtU3gtNk7ZedMX75+yEuUWax5wS0gIjHnbu/R8fLTadNPbdyRaVGYembtuF8P2hMorCrjAED07UNivnaJaNb6Dj72Bticwqs2gIStoed3S8luzUJIgOOdS9J4Dq3ybkSIWg3+GJQhLyKIhZpgbRQoMbYLQ/z7obT1xX0avXnjobb5rW445R0LXLXj4MokgGo1p5cA+AhP5JEk49w2uutzD3tPZB58edH4USOk4q/9MXNdXzvU5RxOA6ScGeh1JNa+62/N4HA8UtYEudTFOcHkt3xq6h5VKc5k7JbvkCso29wqC8AR5ctBzuLspnzxhPrjm/BcfB/FMnwJE2MbtBxa8R1Z5Hd1DEfsEV57mF7dtV0SIImV+l/4bK/1xz/G9v31u/5DrfkQR6DjAvX8w4zUZE5gHKGsZoeZEFuUc5YQuwdeWEg20Qah4v6rbDfJUzXj9vbyFLMdIomPkuWkNSDzg6oMWCmeQAeL3+ykjsVdoBoJCvHvFEpw4dlrdlnQK1VXsWSX7TTDkRuYKQUKbKIBOWOCXScgFDQwu+f0mUkmFX1MrAojYgfWyZ1hlUDGcsE4pvTWJKP1lHykRM/qPUVh/YXfayh5upYh2MXT44yqMHhyNJE/KlCTp9KXsdflm3kaCAhqEC746IbvBpPjz3DTA7nwLUhDB3K2Zi9t/kIhMQCbV+wI2FgA",
-        "password": "wcFMA/xDdHCJBTolAQ/6A4VHieAREvIZ35w9tpdLuvCysq3951xcwBD+o5A6QNYz9K5J0X4NDp2NF5FwEeEBgh3CGF7t/jXHdvvFUSo1wnTT0N+XoU4fXta1px9rkZssPWaMmqbmQ+KWXrEo7SMYK4nXBdExtIZ/j8XvjvTZ1apAh+ySW41eAKXbeQC+5I2rjDJegH6hI7kGkQDzmSAoaDX/Nw8seccozzOj9GEGxPbtF1UYJIfG0jZObf0GowXXCtCOEd5QcQQnzILIaiN0tgZgXrQKFehMTboi8rgYLtRI3LIObUjxl7O59q7ZBCkUuyt9nYF14i9PD8IltVdPsTrGpyK/yQMFrjHWkIPGFHZC9dLyjQlhTjMFBYdye9KGfoZHnKR5pXZw7JvCho/PaP3S8y4LXPJa7YHty0wEcP1eWT0b1hapHnsyDEJ22xyCz0hVFeUnXRPj3zSqBzn4+wVPZmxcCwuLNmu28JJ76SNYAf/4hTjlc2+8WasB/C8rNA+ASf+C6SsMMp677JffWXJtfJHgtPGV+gTCBITG7D8pkCVyIdoiGDv503QDiw59YdocEHkIaRw6EzSZ5XFEHz0mbnTZ7HgRYPklsQzVvetEOmctFdZgYZZ1hjVOkWIjiuSR+hDc3IT/TdXEohZxizAZAEmmsli0Q70m2EWJo1tUqxS9soQGKGQc/crIdpHSdgFfBI3gyKZP4ehv1WzYqrWlg1syDgbNllgEJIIBxv+ZI+QMJUF8SdtleMkxE6PYvc1bzpj6nTrM1oahiK8BUKS+cTpXQr1+LneL1mQ/4rSqNQO5ooBweej3Ql0cDNzjahfYc/1AwctQOdjZRpmGUs+RaMezgF8"
-      }
+      "groupName": "Mattermost Support Dependencies",
+      "labels": ["support-deps"],
+      "commitMessageTopic": "support-deps",
+      "packagePatterns": ["*"]
+    },
+    {
+      "groupName": "Mattermost Package Dependencies",
+      "labels": ["package-deps"],
+      "commitMessageTopic": "package-deps",
+      "registryUrls": ["https://registry1.dso.mil"],
+      "matchDatasources": ["docker", "helm", "git-tags"]
+    },
+    {
+      "groupName": "Mattermost Package Dependencies",
+      "labels": ["package-deps"],
+      "commitMessageTopic": "package-deps",
+      "matchPackageNames": ["https://repo1.dso.mil/big-bang/product/packages/mattermost.git"],
+      "allowedVersions": "/.+-bb.+/"
     }
   ]
 }
diff --git a/tasks.yaml b/tasks.yaml
index 017a344d..cb647880 100644
--- a/tasks.yaml
+++ b/tasks.yaml
@@ -1,44 +1,47 @@
 includes:
   - cleanup: ./tasks/cleanup.yaml
-  - create: ./tasks/create.yaml
-  - deploy: https://raw.githubusercontent.com/defenseunicorns/uds-common-tasks/v0.2.2/tasks/deploy.yaml
-  - setup: https://raw.githubusercontent.com/defenseunicorns/uds-common-tasks/v0.2.2/tasks/setup.yaml
+  - dependencies: ./tasks/dependencies.yaml
   - test: ./tasks/test.yaml
+  - create: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.3.3/tasks/create.yaml
+  - lint: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.3.3/tasks/lint.yaml
+  - pull: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.3.3/tasks/pull.yaml
+  - deploy: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.3.3/tasks/deploy.yaml
+  - setup: https://raw.githubusercontent.com/defenseunicorns/uds-common-tasks/v0.3.3/tasks/setup.yaml
 
 tasks:
   - name: default
+    description: Setup k3d cluster, deploy Mattermost
     actions:
-      - task: setup-cluster
-      - task: create-test-bundle
-      - task: deploy-test-bundle
-
-  - name: create-package
-    actions:
-      - task: create:mattermost-package
+      - task: create-mm-test-bundle
+      - task: setup:k3d-test-cluster
+      - task: deploy:test-bundle
 
-  - name: deploy-package
+  - name: create-mm-package
+    description: Create the Mattermost package
     actions:
-      - task: deploy:package
+      - task: create:package
+        with:
+          options: "--skip-sbom"
 
-  - name: cleanup
+  - name: create-mm-test-bundle
+    description: Create a local UDS Mattermost bundle
     actions:
-      - task: cleanup:destroy
+      - task: create-mm-package
+      - task: dependencies:create
+      - task: create:test-bundle
 
 # CI will execute the following (via uds-common/.github/actions/test) so they need to be here with these names
 
-  - name: create-test-bundle
-    actions:
-      - task: create:mattermost-test-bundle
-
-  - name: setup-cluster
+  - name: test-package
+    description: Test the health of a Mattermost deployment
     actions:
+      - task: create-mm-test-bundle
       - task: setup:k3d-test-cluster
-
-  - name: deploy-test-bundle
-    actions:
       - task: deploy:test-bundle
-
-  - name: test-package
-    actions:
       - task: test:health-check
       - task: test:ingress
+
+  - name: test-upgrade
+    description: Test an upgrade from the latest released package to the current branch
+    actions:
+      - cmd: echo "not yet"
diff --git a/tasks/create.yaml b/tasks/create.yaml
deleted file mode 100644
index d9dce4e7..00000000
--- a/tasks/create.yaml
+++ /dev/null
@@ -1,20 +0,0 @@
-includes:
-  - create: https://raw.githubusercontent.com/defenseunicorns/uds-common-tasks/v0.2.1/tasks/create.yaml
-
-tasks:
-  - name: mattermost-test-bundle
-    description: Create the UDS bundle with Mattermost and its dependencies
-    actions:
-      - task: create:package
-      - task: dependency-package
-      - task: create:test-bundle
-
-  - name: mattermost-package
-    description: Create the UDS Mattermost Zarf Package
-    actions:
-      - task: create:package
-
-  - name: dependency-package
-    description: Create the Dependency Zarf Package
-    actions:
-      - cmd: uds zarf package create src/dev-secrets/ --confirm --no-progress --architecture=${UDS_ARCH}
diff --git a/tasks/dependencies.yaml b/tasks/dependencies.yaml
new file mode 100644
index 00000000..1056b955
--- /dev/null
+++ b/tasks/dependencies.yaml
@@ -0,0 +1,5 @@
+tasks:
+  - name: create
+    description: Create the Dependency Zarf Package
+    actions:
+      - cmd: uds zarf package create src/dev-secrets/ --confirm --no-progress --architecture=${UDS_ARCH}
diff --git a/tasks/publish.yaml b/tasks/publish.yaml
index 2c9e9a87..5bfbf615 100644
--- a/tasks/publish.yaml
+++ b/tasks/publish.yaml
@@ -1,27 +1,23 @@
 includes:
-  - publish: https://raw.githubusercontent.com/defenseunicorns/uds-common-tasks/v0.2.1/tasks/publish.yaml
-
-variables:
-  - name: TARGET_REPO
-    default: oci://ghcr.io/defenseunicorns/packages/uds
-
-  - name: VERSION
-    description: The version of the package to build
-    # x-release-please-start-version
-    default: "9.4.1-uds.3"
-    # x-release-please-end
+  - publish: https://raw.githubusercontent.com/defenseunicorns/uds-common-tasks/v0.3.3/tasks/publish.yaml
 
 tasks:
   - name: package
     description: Build and publish the packages
     actions:
-      - description: Create the packages
-        cmd: |
-          set -e
-          ZARF_ARCHITECTURE=amd64 uds run -f tasks/create.yaml mattermost-package --no-progress --set FLAVOR=${FLAVOR}
-          if [ "${FLAVOR}" != "registry1" ]; then
-            ZARF_ARCHITECTURE=arm64 uds run -f tasks/create.yaml mattermost-package --no-progress --set FLAVOR=${FLAVOR}
-          fi
+      - description: Create the AMD64 package
+        task: create:package
+        with:
+          architecture: amd64
+
+      - description: Create the ARM64 package
+        task: create:package
+        with:
+          architecture: arm64
 
       - description: Publish the packages
         task: publish:package
+        with:
+          # x-release-please-start-version
+          version: "9.4.1-uds.3"
+          # x-release-please-end
diff --git a/tasks/test.yaml b/tasks/test.yaml
index 97065ede..acaf7b52 100644
--- a/tasks/test.yaml
+++ b/tasks/test.yaml
@@ -7,6 +7,7 @@ tasks:
             kind: Deployment
             name: mattermost-enterprise-edition
             namespace: mattermost
+            condition: Available
 
   - name: ingress
     actions:

From 0c2e7cfa4eae17e5522c45add2dc3cd9eb3c0d24 Mon Sep 17 00:00:00 2001
From: Wayne Starr <me@racer159.com>
Date: Thu, 21 Mar 2024 13:36:06 -0600
Subject: [PATCH 2/4] update type

---
 .github/workflows/test.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
index 6e0d9ac9..6c59c830 100644
--- a/.github/workflows/test.yaml
+++ b/.github/workflows/test.yaml
@@ -55,6 +55,7 @@ jobs:
         uses: defenseunicorns/uds-common/.github/actions/test@e2ad99f7caba1b0d08856918db9385a431cfdbca # v0.3.3
         with:
           flavor: ${{ matrix.flavor }}
+          type: ${{ matrix.type }}
 
       - name: Save logs
         if: always()

From 01c42d41785741a46f7488f15e7d4e3a5f1f4919 Mon Sep 17 00:00:00 2001
From: Wayne Starr <me@racer159.com>
Date: Thu, 21 Mar 2024 13:42:17 -0600
Subject: [PATCH 3/4] add upgrade tests

---
 tasks.yaml | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/tasks.yaml b/tasks.yaml
index cb647880..44f24491 100644
--- a/tasks.yaml
+++ b/tasks.yaml
@@ -30,6 +30,20 @@ tasks:
       - task: dependencies:create
       - task: create:test-bundle
 
+  - name: create-mm-latest-release-bundle
+    description: Create UDS Mattermost bundle based on the latest release
+    actions:
+      - task: pull:latest-package-release
+      # TODO (@WSTARR): This is currently needed to get around the chicken+egg condition when release please updates the version in GH
+      - description: Get the current Zarf package name
+        cmd: cat zarf.yaml | yq .metadata.version
+        setVariables:
+          - name: CURRENT_VERSION
+      - description: Move the latest to the current (needed to make this work on release-please PRs)
+        cmd: test -f zarf-package-mattermost-${UDS_ARCH}-${CURRENT_VERSION}.tar.zst || mv zarf-package-mattermost-${UDS_ARCH}-*.tar.zst zarf-package-mattermost-${UDS_ARCH}-${CURRENT_VERSION}.tar.zst
+      - task: dependencies:create
+      - task: create:test-bundle
+
 # CI will execute the following (via uds-common/.github/actions/test) so they need to be here with these names
 
   - name: test-package
@@ -44,4 +58,10 @@ tasks:
   - name: test-upgrade
     description: Test an upgrade from the latest released package to the current branch
     actions:
-      - cmd: echo "not yet"
+      - task: create-mm-latest-release-bundle
+      - task: setup:k3d-test-cluster
+      - task: deploy:test-bundle
+      - task: create-mm-test-bundle
+      - task: deploy:test-bundle
+      - task: test:health-check
+      - task: test:ingress

From 6a4320ce8fc01e100db00621dda6d56e6e7bd8b5 Mon Sep 17 00:00:00 2001
From: Wayne Starr <me@racer159.com>
Date: Thu, 21 Mar 2024 14:14:44 -0600
Subject: [PATCH 4/4] do the thing Zach said

---
 chart/templates/mattermost-config.yaml       | 2 +-
 chart/templates/mattermost-gossip-svc.yaml   | 2 +-
 chart/templates/mattermost-object-store.yaml | 2 +-
 chart/templates/mattermost-postgres.yaml     | 2 +-
 chart/templates/mattermost-sso.yaml          | 2 +-
 chart/templates/uds-package.yaml             | 4 ++--
 6 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/chart/templates/mattermost-config.yaml b/chart/templates/mattermost-config.yaml
index 15eedf01..53dbba44 100644
--- a/chart/templates/mattermost-config.yaml
+++ b/chart/templates/mattermost-config.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: mattermost-config
-  namespace: {{.Release.Namespace}}
+  namespace: {{ .Release.Namespace }}
 type: Opaque
 stringData:
   MM_PLUGINSETTINGS_ENABLEUPLOADS: "{{ .Values.config.enablePluginUploads | toString }}"
diff --git a/chart/templates/mattermost-gossip-svc.yaml b/chart/templates/mattermost-gossip-svc.yaml
index 80903bc5..5d190824 100644
--- a/chart/templates/mattermost-gossip-svc.yaml
+++ b/chart/templates/mattermost-gossip-svc.yaml
@@ -3,7 +3,7 @@ apiVersion: v1
 kind: Service
 metadata:
   name: mattermost-gossip
-  namespace: {{.Release.Namespace}}
+  namespace: {{ .Release.Namespace }}
   labels:
     app.kubernetes.io/name: mattermost-enterprise-edition
 spec:
diff --git a/chart/templates/mattermost-object-store.yaml b/chart/templates/mattermost-object-store.yaml
index 05f056d4..03b627e0 100644
--- a/chart/templates/mattermost-object-store.yaml
+++ b/chart/templates/mattermost-object-store.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: mattermost-object-store
-  namespace: {{.Release.Namespace}}
+  namespace: {{ .Release.Namespace }}
 type: Opaque
 stringData:
   MM_FILESETTINGS_AMAZONS3SSL: "{{ .Values.objectStorage.secure | toString }}"
diff --git a/chart/templates/mattermost-postgres.yaml b/chart/templates/mattermost-postgres.yaml
index d64fd96b..3830dc36 100644
--- a/chart/templates/mattermost-postgres.yaml
+++ b/chart/templates/mattermost-postgres.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: mattermost-postgres
-  namespace: {{.Release.Namespace}}
+  namespace: {{ .Release.Namespace }}
 type: Opaque
 stringData:
   db_connection_string: "postgres://{{ .Values.postgres.username }}:{{ .Values.postgres.password }}@{{ .Values.postgres.host }}:{{ .Values.postgres.port }}/{{ .Values.postgres.dbName }}{{ .Values.postgres.connectionOptions }}"
diff --git a/chart/templates/mattermost-sso.yaml b/chart/templates/mattermost-sso.yaml
index 1cc1be56..84de4369 100644
--- a/chart/templates/mattermost-sso.yaml
+++ b/chart/templates/mattermost-sso.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: mattermost-sso
-  namespace: {{.Release.Namespace}}
+  namespace: {{ .Release.Namespace }}
 type: Opaque
 stringData:
   MM_GITLABSETTINGS_ENABLE: "{{ .Values.sso.enabled | toString }}"
diff --git a/chart/templates/uds-package.yaml b/chart/templates/uds-package.yaml
index 7ce6779c..efbf7ad2 100644
--- a/chart/templates/uds-package.yaml
+++ b/chart/templates/uds-package.yaml
@@ -2,7 +2,7 @@ apiVersion: uds.dev/v1alpha1
 kind: Package
 metadata:
   name: mattermost
-  namespace: {{.Release.Namespace}}
+  namespace: {{ .Release.Namespace }}
 spec:
   network:
     expose:
@@ -10,7 +10,7 @@ spec:
         podLabels:
           app.kubernetes.io/name: mattermost-enterprise-edition
         gateway: tenant
-        host: {{.Values.subdomain}}
+        host: {{ .Values.subdomain }}
         port: 8065
     allow:
       # Permit intra-namespace communication for job communications