Merge branch 'main' into renovate/mattermost-package-dependencies

Author: Racer159

.github/workflows/codeql.yaml

@@ -33,13 +33,13 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3.25.10
+        uses: github/codeql-action/init@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11
         with:
           languages: ${{ matrix.language }}
       - name: Autobuild
-        uses: github/codeql-action/autobuild@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3.25.10
+        uses: github/codeql-action/autobuild@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3.25.10
+        uses: github/codeql-action/analyze@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11
         with:
           category: "/language:${{matrix.language}}"

.github/workflows/commitlint.yaml

@@ -8,4 +8,4 @@ on:
 jobs:
   validate:
     name: Validate
-    uses: defenseunicorns/uds-common/.github/workflows/commitlint.yaml@61450a210fd16cf14157ee417f9682a4664c05e5 # v0.6.0
+    uses: defenseunicorns/uds-common/.github/workflows/commitlint.yaml@772b3337950b7c8e0882c527263684306bba7ce4 # v0.7.1

.github/workflows/lint.yaml

@@ -20,7 +20,7 @@ jobs:
           fetch-depth: 0
 
       - name: Environment setup
-        uses: defenseunicorns/uds-common/.github/actions/setup@61450a210fd16cf14157ee417f9682a4664c05e5 # v0.6.0
+        uses: defenseunicorns/uds-common/.github/actions/setup@772b3337950b7c8e0882c527263684306bba7ce4 # v0.7.1
         with:
           registry1Username: ${{ secrets.IRON_BANK_ROBOT_USERNAME }}
           registry1Password: ${{ secrets.IRON_BANK_ROBOT_PASSWORD }}

.github/workflows/scorecard.yaml

@@ -37,14 +37,14 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
+        uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
         with:
           name: SARIF file
           path: results.sarif
           retention-days: 5
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3.25.10
+        uses: github/codeql-action/upload-sarif@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11
         with:
           sarif_file: results.sarif

.github/workflows/tag-and-release.yaml

@@ -25,7 +25,7 @@ jobs:
   publish-package:
     needs: tag-new-version
     if: ${{ needs.tag-new-version.outputs.release_created == 'true' }}
-    runs-on: ${{ matrix.architecture == 'arm64' && 'uds-ubuntu-arm64-4-core' || 'ubuntu-latest' }}
+    runs-on: ${{ matrix.architecture == 'arm64' && 'uds-swf-ubuntu-arm64-4-core' || 'ubuntu-latest' }}
     strategy:
       matrix:
         flavor: [upstream, registry1]
@@ -43,28 +43,28 @@ jobs:
       - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
       - name: Environment setup
-        uses: defenseunicorns/uds-common/.github/actions/setup@61450a210fd16cf14157ee417f9682a4664c05e5 # v0.6.0
+        uses: defenseunicorns/uds-common/.github/actions/setup@772b3337950b7c8e0882c527263684306bba7ce4 # v0.7.1
         with:
           registry1Username: ${{ secrets.IRON_BANK_ROBOT_USERNAME }}
           registry1Password: ${{ secrets.IRON_BANK_ROBOT_PASSWORD }}
           ghToken: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Build Package
-        run: uds run -f tasks/publish.yaml build-package --set FLAVOR=${{ matrix.flavor }}
+        run: uds run -f tasks/publish.yaml build-package --set FLAVOR=${{ matrix.flavor }} --no-progress
 
       - name: Test Package
         if: ${{ runner.arch != 'ARM64' }}
-        run: uds run -f tasks/publish.yaml test-package --set FLAVOR=${{ matrix.flavor }}
+        run: uds run -f tasks/publish.yaml test-package --set FLAVOR=${{ matrix.flavor }} --no-progress
 
       - name: Publish Package
-        run: uds run -f tasks/publish.yaml publish-package --set FLAVOR=${{ matrix.flavor }}
+        run: uds run -f tasks/publish.yaml publish-package --set FLAVOR=${{ matrix.flavor }} --no-progress
 
       - name: Debug Output
         if: ${{ always() }}
-        uses: defenseunicorns/uds-common/.github/actions/debug-output@61450a210fd16cf14157ee417f9682a4664c05e5 # v0.6.0
+        uses: defenseunicorns/uds-common/.github/actions/debug-output@772b3337950b7c8e0882c527263684306bba7ce4 # v0.7.1
 
       - name: Save logs
         if: always()
-        uses: defenseunicorns/uds-common/.github/actions/save-logs@61450a210fd16cf14157ee417f9682a4664c05e5 # v0.6.0
+        uses: defenseunicorns/uds-common/.github/actions/save-logs@772b3337950b7c8e0882c527263684306bba7ce4 # v0.7.1
         with:
           suffix: ${{ matrix.flavor }}-${{ matrix.architecture }}-${{ github.run_id }}-${{ github.run_attempt }}

.github/workflows/test.yaml

@@ -46,29 +46,29 @@ jobs:
         uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
       - name: Environment setup
-        uses: defenseunicorns/uds-common/.github/actions/setup@61450a210fd16cf14157ee417f9682a4664c05e5 # v0.6.0
+        uses: defenseunicorns/uds-common/.github/actions/setup@772b3337950b7c8e0882c527263684306bba7ce4 # v0.7.1
         with:
           registry1Username: ${{ secrets.IRON_BANK_ROBOT_USERNAME }}
           registry1Password: ${{ secrets.IRON_BANK_ROBOT_PASSWORD }}
           ghToken: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Test
-        uses: defenseunicorns/uds-common/.github/actions/test@61450a210fd16cf14157ee417f9682a4664c05e5 # v0.6.0
+        uses: defenseunicorns/uds-common/.github/actions/test@772b3337950b7c8e0882c527263684306bba7ce4 # v0.7.1
         with:
           flavor: ${{ matrix.flavor }}
           type: ${{ matrix.type }}
 
       - name: Debug Output
         if: ${{ always() }}
-        uses: defenseunicorns/uds-common/.github/actions/debug-output@61450a210fd16cf14157ee417f9682a4664c05e5 # v0.6.0
+        uses: defenseunicorns/uds-common/.github/actions/debug-output@772b3337950b7c8e0882c527263684306bba7ce4 # v0.7.1
 
       - name: Save logs
         if: always()
-        uses: defenseunicorns/uds-common/.github/actions/save-logs@61450a210fd16cf14157ee417f9682a4664c05e5 # v0.6.0
+        uses: defenseunicorns/uds-common/.github/actions/save-logs@772b3337950b7c8e0882c527263684306bba7ce4 # v0.7.1
         with:
           suffix: ${{ matrix.type }}-${{ matrix.flavor }}-${{ github.run_id }}-${{ github.run_attempt }}
 
-      - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
+      - uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
         if: always()
         with:
           name: playwright-report-${{ matrix.type }}-${{ matrix.flavor }}-${{ github.run_id }}-${{ github.run_attempt }}

.pre-commit-config.yaml

@@ -32,7 +32,7 @@ repos:
     hooks:
       - id: fix-smartquotes
   - repo: https://github.com/python-jsonschema/check-jsonschema
-    rev: 0.28.5
+    rev: 0.29.0
     hooks:
       - id: check-jsonschema
         name: "Validate Zarf Configs Against Schema"
@@ -49,6 +49,6 @@ repos:
     hooks:
       - id: golangci-lint
   - repo: https://github.com/renovatebot/pre-commit-hooks
-    rev: 37.413.3
+    rev: 37.426.2
     hooks:
       - id: renovate-config-validator

README.md

@@ -64,6 +64,11 @@ To use IRSA make sure to NOT set the two key variables and add the appropriate r
               value: "arn:aws:iam::123456789:role/mattermost-role"
 ```
 
+### Monitoring
+
+> [!IMPORTANT]
+> Mattermost supports emitting metrics to feed into Prometheus, but _only_ if you have a license. This package configures the necessary service monitor to enable metrics, but only when a license has been provided via the `MM_LICENSE` var. By default (no license), it does not provision the Service Monitor as it will show unhealthy because metrics is not enabled via the license.
+
 ## Flavors
 
 | Flavor | Description | Example Creation |

bundle/uds-bundle.yaml

@@ -21,10 +21,21 @@ packages:
     overrides:
       postgres-operator:
         uds-postgres-config:
-          variables:
-            - name: POSTGRESQL
-              description: "Configure postgres using CRs via the uds-postgres-config chart"
-              path: postgresql
+          values:
+            - path: postgresql
+              value:
+                enabled: true  # Set to false to not create the PostgreSQL resource
+                teamId: "uds"
+                volume:
+                  size: "10Gi"
+                numberOfInstances: 2
+                users:
+                  mattermost.mattermost: []  # database owner
+                databases:
+                  mattermost: mattermost.mattermost
+                version: "14"
+                ingress:
+                  - remoteNamespace: mattermost
 
   - name: dev-secrets
     path: ../

bundle/uds-config.yaml

@@ -2,17 +2,3 @@ variables:
   dev-minio:
     buckets: |
       - name: uds-mattermost-dev
-  postgres-operator:
-    postgresql:
-      enabled: true  # Set to false to not create the PostgreSQL resource
-      teamId: "uds"
-      volume:
-        size: "10Gi"
-      numberOfInstances: 2
-      users:
-        mattermost.mattermost: []  # database owner
-      databases:
-        mattermost: mattermost.mattermost
-      version: "13"
-      ingress:
-        remoteGenerated: Anywhere

chart/templates/uds-package.yaml

@@ -45,12 +45,13 @@ spec:
         MM_EMAILSETTINGS_ENABLESIGNINWITHUSERNAME: "{{ .Values.sso.enable_sign_in_with_username | toString }}"
   {{- end }}
   monitor:
+  {{- if ne .Values.mattermostLicense "" }}
     - selector:
         app.kubernetes.io/name: mattermost-enterprise-edition
       targetPort: 8067
       portName: mattermost-app-metrics
       description: Metrics
-
+  {{- end }}
   network:
     expose:
       - service: mattermost-enterprise-edition

chart/values.yaml

@@ -26,7 +26,7 @@ postgres:
     cluster-name: pg-cluster
   namespace: postgres
   port: 5432
-
+mattermostLicense: ""
 sso:
   enabled: true
   # Options: "gitlab", "openid_connect"

tasks.yaml

@@ -2,11 +2,11 @@ includes:
   - cleanup: ./tasks/cleanup.yaml
   - dependencies: ./tasks/dependencies.yaml
   - test: ./tasks/test.yaml
-  - create: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.6.0/tasks/create.yaml
-  - lint: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.6.0/tasks/lint.yaml
-  - pull: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.6.0/tasks/pull.yaml
-  - deploy: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.6.0/tasks/deploy.yaml
-  - setup: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.6.0/tasks/setup.yaml
+  - create: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.7.1/tasks/create.yaml
+  - lint: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.7.1/tasks/lint.yaml
+  - pull: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.7.1/tasks/pull.yaml
+  - deploy: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.7.1/tasks/deploy.yaml
+  - setup: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.7.1/tasks/setup.yaml
 
 tasks:
   - name: default

tasks/publish.yaml

@@ -1,10 +1,10 @@
 includes:
   - dependencies: ./dependencies.yaml
   - test: ./test.yaml
-  - create: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.6.0/tasks/create.yaml
-  - deploy: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.6.0/tasks/deploy.yaml
-  - publish: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.6.0/tasks/publish.yaml
-  - setup: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.6.0/tasks/setup.yaml
+  - create: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.7.1/tasks/create.yaml
+  - deploy: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.7.1/tasks/deploy.yaml
+  - publish: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.7.1/tasks/publish.yaml
+  - setup: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.7.1/tasks/setup.yaml
 
 tasks:
   - name: build-package

values/config-values.yaml

@@ -6,3 +6,4 @@ postgres:
   password: "###ZARF_VAR_DB_PASSWORD###"
 
 subdomain: "###ZARF_VAR_SUBDOMAIN###"
+mattermostLicense: "###ZARF_VAR_MM_LICENSE###"

zarf.yaml

@@ -19,6 +19,9 @@ variables:
     description: "Secret Key for S3 compatible storage"
   - name: DB_PASSWORD
     description: "Database Password for Mattermost"
+  - name: MM_LICENSE
+    description: "License for Mattermost"
+    default: ""
 
 components:
   - name: mattermost