chore: implement upgrade tests for mattermost

.github/workflows/ci-docs-shim.yaml

@@ -22,13 +22,14 @@ on:
 
 jobs:
   run-test:
-    name: Create and Deploy Flavor ${{ matrix.flavor }}
+    name: ${{ matrix.type }} ${{ matrix.flavor }}
     runs-on: "ubuntu-latest"
     timeout-minutes: 20
     strategy:
       matrix:
         flavor: [upstream, registry1]
+        type: [install, upgrade]
     steps:
-      - name: Shim for Deploy ${{ matrix.flavor }}
+      - name: Shim for ${{ matrix.type }} ${{ matrix.flavor }}
         run: |
-          echo "Documentation-only change detected; marking Deploy ${{ matrix.flavor }} as successful."
+          echo "Documentation-only change detected; marking ${{ matrix.type }} ${{ matrix.flavor }} as successful."

.github/workflows/codeql.yaml

@@ -42,4 +42,4 @@ jobs:
       - name: Perform CodeQL Analysis
         uses: github/codeql-action/analyze@a56a03b370b87b26fde6d680755f818cfda0372b # v2.24.5
         with:
-          category: "/language:${{matrix.language}}"
+          category: "/language:${{matrix.language}}"

.github/workflows/commitlint.yaml

@@ -8,4 +8,4 @@ on:
 jobs:
   validate:
     name: Validate
-    uses: defenseunicorns/uds-common/.github/workflows/commitlint.yaml@442bae718050ea9a47254851a45632aabeb13b17
+    uses: defenseunicorns/uds-common/.github/workflows/commitlint.yaml@e2ad99f7caba1b0d08856918db9385a431cfdbca # v0.3.3

.github/workflows/dependencyreview.yaml

@@ -24,4 +24,4 @@ jobs:
       - name: 'Checkout Repository'
         uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
       - name: 'Dependency Review'
-        uses: actions/dependency-review-action@0efb1d1d84fc9633afcdaad14c485cbbc90ef46c # v2.5.1
+        uses: actions/dependency-review-action@0efb1d1d84fc9633afcdaad14c485cbbc90ef46c # v2.5.1

.github/workflows/lint.yaml

@@ -0,0 +1,34 @@
+name: Scan
+
+on:
+  # This workflow is triggered on pull requests to the main branch.
+  pull_request:
+    branches: [main]
+    types: [milestoned, opened, synchronize]
+
+jobs:
+  validate:
+    runs-on: ubuntu-latest
+    name: Lint
+    permissions:
+      contents: read # Allows reading the repo contents
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        with:
+          fetch-depth: 0
+
+      - name: Environment setup
+        uses: defenseunicorns/uds-common/.github/actions/setup@e2ad99f7caba1b0d08856918db9385a431cfdbca # v0.3.3
+        with:
+          username: ${{ secrets.IRON_BANK_ROBOT_USERNAME }}
+          password: ${{ secrets.IRON_BANK_ROBOT_PASSWORD }}
+
+      - name: Install lint deps
+        run: |
+          uds run lint:deps
+
+      - name: Lint the repository
+        run: |
+          uds run lint:yaml

.github/workflows/scorecard.yaml

@@ -5,7 +5,7 @@ on:
   schedule:
     - cron: '30 1 * * 6'
   push:
-    branches: [ "main" ]
+    branches: ["main"]
 
 # Declare default permissions as read only.
 permissions: read-all

.github/workflows/tag-and-release.yaml

@@ -34,28 +34,28 @@ jobs:
     permissions:
       contents: read
       packages: write
-    
+
     steps:
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
       - name: Environment setup
-        uses: defenseunicorns/uds-common/.github/actions/setup@442bae718050ea9a47254851a45632aabeb13b17
+        uses: defenseunicorns/uds-common/.github/actions/setup@e2ad99f7caba1b0d08856918db9385a431cfdbca # v0.3.3
         with:
           username: ${{secrets.IRON_BANK_ROBOT_USERNAME}}
           password: ${{secrets.IRON_BANK_ROBOT_PASSWORD}}
-    
+
       - name: Login to GHCR
         uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3
         with:
           registry: ghcr.io
           username: dummy
           password: ${{ secrets.GITHUB_TOKEN }}
-    
+
       - name: Publish Package
         run: uds run -f tasks/publish.yaml package --set FLAVOR=${{ matrix.flavor }}
 
       - name: Save logs
         if: always()
-        uses: defenseunicorns/uds-common/.github/actions/save-logs@442bae718050ea9a47254851a45632aabeb13b17
+        uses: defenseunicorns/uds-common/.github/actions/save-logs@e2ad99f7caba1b0d08856918db9385a431cfdbca # v0.3.3
         with:
-          suffix: ${{ matrix.flavor }}-${{ github.run_id }}-${{ github.run_attempt }}
+          suffix: ${{ matrix.flavor }}-${{ github.run_id }}-${{ github.run_attempt }}

.github/workflows/test.yaml

@@ -4,7 +4,7 @@ name: Test
 on:
   pull_request:
     branches: [main]
-    types: [milestoned, opened, edited, synchronize]  
+    types: [milestoned, opened, synchronize]
     paths-ignore:
       - "**.md"
       - "**.jpg"
@@ -33,30 +33,32 @@ permissions:
 
 jobs:
   run-test:
-    name: Create and Deploy Flavor ${{ matrix.flavor }}
+    name: ${{ matrix.type }} ${{ matrix.flavor }}
     runs-on: ubuntu-latest
     timeout-minutes: 20
     strategy:
       matrix:
         flavor: [upstream, registry1]
+        type: [install, upgrade]
 
     steps:
       - name: Checkout repository
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
       - name: Environment setup
-        uses: defenseunicorns/uds-common/.github/actions/setup@442bae718050ea9a47254851a45632aabeb13b17
+        uses: defenseunicorns/uds-common/.github/actions/setup@e2ad99f7caba1b0d08856918db9385a431cfdbca # v0.3.3
         with:
           username: ${{secrets.IRON_BANK_ROBOT_USERNAME}}
           password: ${{secrets.IRON_BANK_ROBOT_PASSWORD}}
 
       - name: Test
-        uses: defenseunicorns/uds-common/.github/actions/test@442bae718050ea9a47254851a45632aabeb13b17
+        uses: defenseunicorns/uds-common/.github/actions/test@e2ad99f7caba1b0d08856918db9385a431cfdbca # v0.3.3
         with:
           flavor: ${{ matrix.flavor }}
+          type: ${{ matrix.type }}
 
       - name: Save logs
         if: always()
-        uses: defenseunicorns/uds-common/.github/actions/save-logs@442bae718050ea9a47254851a45632aabeb13b17
+        uses: defenseunicorns/uds-common/.github/actions/save-logs@e2ad99f7caba1b0d08856918db9385a431cfdbca # v0.3.3
         with:
-          suffix: ${{ matrix.flavor }}-${{ github.run_id }}-${{ github.run_attempt }}
+          suffix: ${{ matrix.type }}-${{ matrix.flavor }}-${{ github.run_id }}-${{ github.run_attempt }}

.yamllint

@@ -0,0 +1,35 @@
+yaml-files:
+  - '**/*.y*ml'
+  - '.yamllint'
+
+ignore:
+  - 'chart/templates**'
+
+rules:
+  anchors: enable
+  braces: enable
+  brackets: enable
+  colons: enable
+  commas: enable
+  comments:
+    level: warning
+  comments-indentation:
+    level: warning
+  document-end: disable
+  document-start:
+    level: warning
+  empty-lines: enable
+  empty-values: disable
+  float-values: disable
+  hyphens: enable
+  indentation: enable
+  key-duplicates: enable
+  key-ordering: disable
+  line-length: disable
+  new-line-at-end-of-file: enable
+  new-lines: enable
+  octal-values: disable
+  quoted-strings: disable
+  trailing-spaces: enable
+  truthy:
+    level: warning

README.md

@@ -61,17 +61,9 @@ The released packages can be found in [ghcr](https://github.com/defenseunicorns/
 
 ## UDS Tasks (for local dev and CI)
 
-*For local dev, this requires installing [uds-cli](https://github.com/defenseunicorns/uds-cli?tab=readme-ov-file#install)
-
-| Task | Description | Example |
-| ---- | ----------- | ------- |
-| setup-cluster | Uses the `k3d-core-istio` bundle to create a cluster for testing against | `uds run setup-cluster` |
-| create-package | Creates just the Mattermost package | `uds run create-package --set FLAVOR=<flavor>` |
-| create-test-bundle | Creates Mattermost and Mattermost dependency packages and then bundles them | `uds run create-test-bundle` |
-| deploy-package | Deploy Mattermost package only | `uds run deploy-package` |
-| deploy-test-bundle | Deploy Mattermost and Mattermost dependency bundle | `uds run deploy-test-bundle` |
-| test-package | Run checks against a deployed package or bundle | `uds run test-package` |
-| cleanup | Teardown the cluster | `uds run cleanup` |
+*For local dev, this requires you install [uds-cli](https://github.com/defenseunicorns/uds-cli?tab=readme-ov-file#install)
+
+> :white_check_mark: **Tip:** To get a list of tasks to run you can use `uds run --list`!
 
 ## Contributing
 

bundle/uds-bundle.yaml

@@ -10,18 +10,18 @@ packages:
   - name: dev-minio
     repository: ghcr.io/defenseunicorns/packages/uds/dev-minio
     ref: 0.0.1
-  
+
   - name: dev-postgres
     repository: ghcr.io/defenseunicorns/packages/uds/dev-postgres
     ref: 0.0.1
-  
+
   - name: dev-secrets
     path: ../
     ref: 0.1.0
     exports:
-    - name: ACCESS_KEY
-    - name: SECRET_KEY
-    - name: DB_PASSWORD
+      - name: ACCESS_KEY
+      - name: SECRET_KEY
+      - name: DB_PASSWORD
 
   - name: mattermost
     path: ../

chart/templates/mattermost-config.yaml

@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: mattermost-config
-  namespace: {{ .Release.Namespace }}
+  namespace: {{.Release.Namespace}}
 type: Opaque
 stringData:
   MM_PLUGINSETTINGS_ENABLEUPLOADS: "{{ .Values.config.enablePluginUploads | toString }}"

chart/templates/mattermost-gossip-svc.yaml

@@ -3,7 +3,7 @@ apiVersion: v1
 kind: Service
 metadata:
   name: mattermost-gossip
-  namespace: {{ .Release.Namespace }}
+  namespace: {{.Release.Namespace}}
   labels:
     app.kubernetes.io/name: mattermost-enterprise-edition
 spec:

chart/templates/mattermost-object-store.yaml

@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: mattermost-object-store
-  namespace: {{ .Release.Namespace }}
+  namespace: {{.Release.Namespace}}
 type: Opaque
 stringData:
   MM_FILESETTINGS_AMAZONS3SSL: "{{ .Values.objectStorage.secure | toString }}"

chart/templates/mattermost-postgres.yaml

@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: mattermost-postgres
-  namespace: {{ .Release.Namespace }}
+  namespace: {{.Release.Namespace}}
 type: Opaque
 stringData:
   db_connection_string: "postgres://{{ .Values.postgres.username }}:{{ .Values.postgres.password }}@{{ .Values.postgres.host }}:{{ .Values.postgres.port }}/{{ .Values.postgres.dbName }}{{ .Values.postgres.connectionOptions }}"

chart/templates/mattermost-sso.yaml

@@ -2,7 +2,7 @@ apiVersion: v1
 kind: Secret
 metadata:
   name: mattermost-sso
-  namespace: {{ .Release.Namespace }}
+  namespace: {{.Release.Namespace}}
 type: Opaque
 stringData:
   MM_GITLABSETTINGS_ENABLE: "{{ .Values.sso.enabled | toString }}"

chart/templates/uds-package.yaml

@@ -2,15 +2,15 @@ apiVersion: uds.dev/v1alpha1
 kind: Package
 metadata:
   name: mattermost
-  namespace: {{ .Release.Namespace }}
+  namespace: {{.Release.Namespace}}
 spec:
   network:
     expose:
       - service: mattermost-enterprise-edition
         podLabels:
           app.kubernetes.io/name: mattermost-enterprise-edition
         gateway: tenant
-        host: {{ .Values.subdomain }}
+        host: {{.Values.subdomain}}
         port: 8065
     allow:
       # Permit intra-namespace communication for job communications

common/zarf.yaml

@@ -2,7 +2,7 @@
 kind: ZarfPackageConfig
 metadata:
   name: mattermost-common
-  description: "UDS Mattermost Common Package" 
+  description: "UDS Mattermost Common Package"
 
 components:
   - name: mattermost
@@ -20,4 +20,4 @@ components:
         gitPath: chart
         version: 2.6.43
         valuesFiles:
-          - ../values/common-values.yaml
+          - ../values/common-values.yaml

oscal-component.yaml

@@ -31,15 +31,15 @@ component-definition:
             - uuid: 889dce9c-d83f-48a3-a62a-3f50e311761a
               control-id: au-2
               description: >-
-                Mattermost creates event logs.  
+                Mattermost creates event logs.
             - uuid: ce2c791e-f47e-45d3-9bba-dcd7a372ddd3
               control-id: au-3
               description: >-
-                Mattermost creates event logs.  
+                Mattermost creates event logs.
             - uuid: 2ef78f64-d9ac-4292-a5f1-6c627734d39c
               control-id: au-3.1
               description: >-
-                Mattermost creates event logs.  
+                Mattermost creates event logs.
             - uuid: 1041d516-56b9-4652-886e-bd5bad38f789
               control-id: au-8
               description: >-

renovate.json

@@ -10,15 +10,26 @@
     "replacements:all",
     "workarounds:all"
   ],
-  "hostRules": [
+  "packageRules": [
     {
-      "matchHost": "registry1.dso.mil",
-      "hostType": "docker",
-      "description": "Encrypted creds for registry1, scoped to this Github org using: https://github.com/renovatebot/renovate/blob/main/docs/usage/configuration-options.md#encrypted",
-      "encrypted": {
-        "username": "wcFMA/xDdHCJBTolAQ/9FXYzgNUO6MJ9crVH8W1p5U8ecnK6yamVOBmKib+9Lu4dtldIzqJBObR8Ctvq+our0VTXbhuCU0AvghJO+Rbjij+sDK3VNL93ojD2Xcd3IHeZhz4U+K2VPIRKHGPTC2mfc9pRZ076hoRqeAPWYrtU3gtNk7ZedMX75+yEuUWax5wS0gIjHnbu/R8fLTadNPbdyRaVGYembtuF8P2hMorCrjAED07UNivnaJaNb6Dj72Bticwqs2gIStoed3S8luzUJIgOOdS9J4Dq3ybkSIWg3+GJQhLyKIhZpgbRQoMbYLQ/z7obT1xX0avXnjobb5rW445R0LXLXj4MokgGo1p5cA+AhP5JEk49w2uutzD3tPZB58edH4USOk4q/9MXNdXzvU5RxOA6ScGeh1JNa+62/N4HA8UtYEudTFOcHkt3xq6h5VKc5k7JbvkCso29wqC8AR5ctBzuLspnzxhPrjm/BcfB/FMnwJE2MbtBxa8R1Z5Hd1DEfsEV57mF7dtV0SIImV+l/4bK/1xz/G9v31u/5DrfkQR6DjAvX8w4zUZE5gHKGsZoeZEFuUc5YQuwdeWEg20Qah4v6rbDfJUzXj9vbyFLMdIomPkuWkNSDzg6oMWCmeQAeL3+ykjsVdoBoJCvHvFEpw4dlrdlnQK1VXsWSX7TTDkRuYKQUKbKIBOWOCXScgFDQwu+f0mUkmFX1MrAojYgfWyZ1hlUDGcsE4pvTWJKP1lHykRM/qPUVh/YXfayh5upYh2MXT44yqMHhyNJE/KlCTp9KXsdflm3kaCAhqEC746IbvBpPjz3DTA7nwLUhDB3K2Zi9t/kIhMQCbV+wI2FgA",
-        "password": "wcFMA/xDdHCJBTolAQ/6A4VHieAREvIZ35w9tpdLuvCysq3951xcwBD+o5A6QNYz9K5J0X4NDp2NF5FwEeEBgh3CGF7t/jXHdvvFUSo1wnTT0N+XoU4fXta1px9rkZssPWaMmqbmQ+KWXrEo7SMYK4nXBdExtIZ/j8XvjvTZ1apAh+ySW41eAKXbeQC+5I2rjDJegH6hI7kGkQDzmSAoaDX/Nw8seccozzOj9GEGxPbtF1UYJIfG0jZObf0GowXXCtCOEd5QcQQnzILIaiN0tgZgXrQKFehMTboi8rgYLtRI3LIObUjxl7O59q7ZBCkUuyt9nYF14i9PD8IltVdPsTrGpyK/yQMFrjHWkIPGFHZC9dLyjQlhTjMFBYdye9KGfoZHnKR5pXZw7JvCho/PaP3S8y4LXPJa7YHty0wEcP1eWT0b1hapHnsyDEJ22xyCz0hVFeUnXRPj3zSqBzn4+wVPZmxcCwuLNmu28JJ76SNYAf/4hTjlc2+8WasB/C8rNA+ASf+C6SsMMp677JffWXJtfJHgtPGV+gTCBITG7D8pkCVyIdoiGDv503QDiw59YdocEHkIaRw6EzSZ5XFEHz0mbnTZ7HgRYPklsQzVvetEOmctFdZgYZZ1hjVOkWIjiuSR+hDc3IT/TdXEohZxizAZAEmmsli0Q70m2EWJo1tUqxS9soQGKGQc/crIdpHSdgFfBI3gyKZP4ehv1WzYqrWlg1syDgbNllgEJIIBxv+ZI+QMJUF8SdtleMkxE6PYvc1bzpj6nTrM1oahiK8BUKS+cTpXQr1+LneL1mQ/4rSqNQO5ooBweej3Ql0cDNzjahfYc/1AwctQOdjZRpmGUs+RaMezgF8"
-      }
+      "groupName": "Mattermost Support Dependencies",
+      "labels": ["support-deps"],
+      "commitMessageTopic": "support-deps",
+      "packagePatterns": ["*"]
+    },
+    {
+      "groupName": "Mattermost Package Dependencies",
+      "labels": ["package-deps"],
+      "commitMessageTopic": "package-deps",
+      "registryUrls": ["https://registry1.dso.mil"],
+      "matchDatasources": ["docker", "helm", "git-tags"]
+    },
+    {
+      "groupName": "Mattermost Package Dependencies",
+      "labels": ["package-deps"],
+      "commitMessageTopic": "package-deps",
+      "matchPackageNames": ["https://repo1.dso.mil/big-bang/product/packages/mattermost.git"],
+      "allowedVersions": "/.+-bb.+/"
     }
   ]
 }