* Remove build-opensearch-image.yml -- the published image is unused
* MM-68248: Support OpenSearch v3
* MM-68248: Add CI job to test OpenSearch v2 backwards compatibility
* MM-68248: Handle missing indexes gracefully before reindex
OpenSearch v3 rejects _update_by_query and _delete_by_query with no index
argument (405), and returns index_not_found_exception (404) when querying
an exact index name that hasn't been created yet. Both arise before any
reindex has run, since indexes are created on first document write.
Return nil/empty instead of an error from all affected operations, and add
test coverage for each in the no-indexes state.
* MM-68248: Fix copy-paste operation names in DeleteFilesBatch
* MM-68248: Add i18n string for delete_files_batch error
* Revert "MM-68248: Add i18n string for delete_files_batch error"
This reverts commit e885678088.
* Revert "MM-68248: Fix copy-paste operation names in DeleteFilesBatch"
This reverts commit 4b7caacf59.
* Revert "MM-68248: Handle missing indexes gracefully before reindex"
This reverts commit 2d2d522f86.
* Simplify invite_people email parsing
Replace backwards in-place mutation loop with a straightforward forward
filter into a new slice. Extract into parseEmailList so the logic can be
unit tested directly.
* MM-68150: Upgrade golangci-lint to v2.12.2
Remove //go:fix inline from NewPointer, which is a generic function not
yet supported by the inline analyzer, and fix 11 slicesbackward
modernize issues flagged by the new version.
* MM-68150: Enable all linters by default; disable those with >20 existing issues
Switch from opt-in (default: none) to opt-out (default: all) so new
linters added to golangci-lint are evaluated automatically. Explicitly
disable every linter that has more than 20 pre-existing violations,
deferring those for later cleanup. Also disable a handful of linters
whose violations are intentional patterns in this codebase (nilerr,
dogsled, sqlclosecheck, iotamixing, predeclared, containedctx, iface,
gocheckcompilerdirectives, promlinter, goprintffuncname, gomoddirectives).
* MM-68150: Fix mirror linter issues
Replace Write([]byte(s)) with WriteString(s), and FindIndex([]byte(s))
with FindStringIndex(s), to avoid unnecessary allocations.
* MM-68150: Fix nosprintfhostport linter issue
Use net.JoinHostPort to construct host:port strings instead of
fmt.Sprintf with a manually formatted pattern.
* MM-68150: Fix rowserrcheck and sqlclosecheck linter issues
Check rows.Err() after iteration loops in schema_dump.go. In the
sqlx_wrapper test, defer rows.Close() rather than closing inline.
* MM-68150: Fix nilnesserr linter issues — wrong variable in error handlers
In 11 places, a stale variable (often the outer err from a prior
assignment) was used instead of the freshly-checked error variable
(appErr, rowErr, jsonErr, writeErr, esErr). Each produces a typed-nil
wrapped in a non-nil interface, silently discarding the real error.
* MM-68150: Add i18n string for app.compile_csv_chunks.write_error
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
Wire Microsoft's local Azure Blob Storage emulator into the dev/CI
docker-compose stack so an upcoming Azure FileBackend driver and its
tests have a target to run against, without requiring an Azure
account.
* Define the azurite service in docker-compose.common.yml (used by
both the local-dev and CI compose files).
* Add azurite to the makefile + main docker-compose.yml service maps,
and to docker-compose-generator so callers can include it via
ENABLED_DOCKER_SERVICES.
* Auto-include azurite in `make start-docker` (mirrors how minio is
auto-included today), so existing local workflows keep working
without any per-developer config change.
* Add azurite to the CI start_dependencies wait set so CI brings it up
alongside postgres/minio.
* Set CI_AZURITE_HOST / CI_AZURITE_PORT in dotenv/test.env, mirroring
the CI_MINIO_* pattern.
No production filestore changes — this PR is mergeable in isolation
with no user-visible behavior.
------
AI assisted commit
Bump the default prepackaged Agents plugin from 2.0.2 to 2.0.3 (non-FIPS).
FIPS prepackaged plugin package list is unchanged.
Co-authored-by: Cursor <cursoragent@cursor.com>
* [MM-67867] Update Playbooks plugin to v2.8.1
Updates the prepackaged Playbooks plugin to v2.8.1 (regular and FIPS builds).
Prepackage FIPS version for Playbooks.
* Removing FIPS version
* ci: compile mmctl e2e tests with requirefips when FIPS_ENABLED=true
Without this, the mmctl test binary was compiled without the requirefips
tag even in the FIPS container, leaving model.FIPSEnabled=false and
PasswordSettings.MinimumLength=8. Short passwords like "somepass" passed
validation and hashing silently succeeded, giving false confidence that
the tests were FIPS-clean.
* tests: fix short password in TestUserConvertCmdF for FIPS
"Valid bot to user convert" reached ConvertBotToUser with "password"
(8 chars), which fails MinimumLength=14 on FIPS builds.
* ci: pin enterprise repo to explicit commit hash
Introduces an enterprise.pin file that explicitly pins the enterprise
commit the server is built and tested against. This replaces the
implicit HEAD checkout, eliminating the CI race condition for all
cross-repo changes.
Changes:
- enterprise.pin: pinned enterprise commit SHA
- server/Makefile: new bump-enterprise target to update the pin
Co-authored-by: Claude <claude@anthropic.com>
* ci: fix bump-enterprise error handling and path resolution
- Add set -e so recipe fails fast if git rev-parse fails
- Use $(ROOT)/../enterprise.pin instead of ../enterprise.pin to
resolve path relative to Makefile location, not CWD
Co-authored-by: Claude <claude@anthropic.com>
* fix: add missing 'all' to .PHONY declaration in Makefile
Pre-existing issue flagged by CodeRabbit — the 'all' target (line 199)
was never declared phony. Out of scope for the enterprise.pin change
but trivial to fix.
Co-authored-by: Claude <claude@anthropic.com>
* ci: trigger Enterprise CI re-run
Co-authored-by: Claude <claude@anthropic.com>
---------
Co-authored-by: Claude <claude@anthropic.com>
* updated go to version 1.25.8
* updated gotestsum version to work with go 1.25.8
go 1.25 does not work with indirect tools 0.11 dependency pulled by
gotestsum.
* Use sync.WaitGroup.Go to simplify goroutine creation
Replace the wg.Add(1) + go func() { defer wg.Done() }() pattern with
wg.Go(), which was introduced in Go 1.25.
* pushes fips image on workflow dispatch to allow fips test to run on go version update
* fix new requirements for FIPS compliance imposed on updating to go 1.25.8
* updates openssl symbol check for library shipped with FIPS new versions
go-openssl v2 shipped with FIPS versions starting from 1.25 uses mkcgo to generate
bindings causing symbol names to be different.
* removes temp workflow-dispatch condition
* keep versions out of agents md file
* dont panic in CleanupSqlSettings so we can surface migration failures
* update mattermost-govet
* nolint existing missing CONCURRENT
* Revert "nolint existing missing CONCURRENT"
This reverts commit 45b3110bf0.
* simplify
* approve up to 166
* automate setup-go-work
It's all to easy to forget to `make setup-go-work`, only to run into mysterious build failures. Let's default to doing this automatically, unless `SKIP_SETUP_GO_WORK` is true (or the legacy `IGNORE_GO_WORK_IF_EXISTS`, which was oddly named, since we can't actually ignore it.)
* Make setup-go-work recipe fail-fast with set -e
* Add -buildvcs=false to default GOFLAGS
This prevents Go from embedding VCS information into binaries, which
avoids false positives in container vulnerability scanners like Trivy
when using Go workspaces with enterprise dependencies.
Also updates mmctl-build target to use $(GO) and $(GOFLAGS) for
consistency with other build targets.
Made-with: Cursor
* Update comment wording
Trigger PR sync to test Enterprise CI
Made-with: Cursor
* Trigger CI to test Enterprise CI fix
Made-with: Cursor
* Test Enterprise CI
Made-with: Cursor
* replace buildvcs metadata in mmctl
* rm redundant -buildvcs=false in GitHub actions
* update mmctl-docs to $(GO)
* simplify getVersionInfo signature
* use GOOS/GOARCH convention
* export GOFLAGS for common use
* Clarify version.go var block comment
---------
Co-authored-by: Jesse Hallam <jesse@mattermost.com>
* [MM-67626] Update Playbooks plugin to v2.8.0
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Prepackage FIPS version for Playbooks
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Co-authored-by: Alejandro García Montoro <alejandro.garciamontoro@gmail.com>
* Add container name to Docker logs
This will allow for querying Loki by container's name:
{job="docker",container_name="mattermost-postgres"}
* Configue Loki to prepare for OTLP ingestion
- Add a volume to Loki container to get the config
- Configure Loki with the expected labels so that we can query by job,
app, container.name...
* Add OpenTelemetry collector configuration
There are three pipelines:
1. logs/mattermost scrapes the logs from mattermost.log, parsing the
timestamp and severity, and pushes them to Loki.
2. logs/docker scrapes the Docker logs from *-json.log, parsing the
timestamp, the log itself and the container name, and pushes them to Loki.
3. metrics/docker scrapes the Docker socket to retrieve the containers'
uptime values and pushes them to Prometheus.
* Replace Promtail with OpenTelemetry collector
* Update build tooling for OpenTelemetry collector
1. Make sure that the logs directory is created
2. Swap Promtail with OpenTelemetry collector
* Scrape collector to get Docker stats
Prometheus needs to scrape the OpenTelemetry collector in the exposed
port to get the Docker stats, so that we can query the uptime with
metric container_uptime_seconds, which has a container_name label to
filter by container.
* Update Grafana dashboard for Docker health checks
1. Use Prometheus as the datasource in all queries
2. Simplify the mappings to either 0 (offline, red) or 1 (online,
green).
3. Unify all queries on container_uptime_seconds, filtering by
container_name, and making sure that the latest value we got is at most
15 seconds old, so that it does not show stale data.
4. Add Redis health check, that was missing
5. Update the dashboard title to Docker containers
* Tune Loki and OTel collector configs for local dev
- Switch filelog receivers to start_at: beginning so existing logs are
ingested on collector startup, not just new entries.
- Fix Docker log timestamp layout to use 9s (variable-length nanos)
instead of 0s (fixed-width), matching actual Docker JSON log format.
- Add ingester max_chunk_age to keep chunks open longer in the
single-instance dev setup, so that we can ingest older logs (the
window is max_chunk_age/2).
- Relax Loki limits for local development: allow unordered writes,
disable old-sample rejection, and raise ingestion rate/burst to 64 MB
to avoid throttling during bulk ingest.
* Allow building the server on FreeBSD
* Fix merge
---------
Co-authored-by: Erwan Martin <erwan@pepper.com>
Co-authored-by: Alejandro García Montoro <alejandro.garciamontoro@gmail.com>
