* Simplify invite_people email parsing
Replace backwards in-place mutation loop with a straightforward forward
filter into a new slice. Extract into parseEmailList so the logic can be
unit tested directly.
* MM-68150: Upgrade golangci-lint to v2.12.2
Remove //go:fix inline from NewPointer, which is a generic function not
yet supported by the inline analyzer, and fix 11 slicesbackward
modernize issues flagged by the new version.
* MM-68150: Enable all linters by default; disable those with >20 existing issues
Switch from opt-in (default: none) to opt-out (default: all) so new
linters added to golangci-lint are evaluated automatically. Explicitly
disable every linter that has more than 20 pre-existing violations,
deferring those for later cleanup. Also disable a handful of linters
whose violations are intentional patterns in this codebase (nilerr,
dogsled, sqlclosecheck, iotamixing, predeclared, containedctx, iface,
gocheckcompilerdirectives, promlinter, goprintffuncname, gomoddirectives).
* MM-68150: Fix mirror linter issues
Replace Write([]byte(s)) with WriteString(s), and FindIndex([]byte(s))
with FindStringIndex(s), to avoid unnecessary allocations.
* MM-68150: Fix nosprintfhostport linter issue
Use net.JoinHostPort to construct host:port strings instead of
fmt.Sprintf with a manually formatted pattern.
* MM-68150: Fix rowserrcheck and sqlclosecheck linter issues
Check rows.Err() after iteration loops in schema_dump.go. In the
sqlx_wrapper test, defer rows.Close() rather than closing inline.
* MM-68150: Fix nilnesserr linter issues — wrong variable in error handlers
In 11 places, a stale variable (often the outer err from a prior
assignment) was used instead of the freshly-checked error variable
(appErr, rowErr, jsonErr, writeErr, esErr). Each produces a typed-nil
wrapped in a non-nil interface, silently discarding the real error.
* MM-68150: Add i18n string for app.compile_csv_chunks.write_error
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
* MM-68149: upgrade to Go 1.26.2
Update go directive in go.mod and .go-version.
* MM-68149: replace pointer helpers with Go 1.26 new()
Go 1.26 extends the built-in new() to accept an initial value expression,
making typed-pointer helpers like model.NewPointer(x), bToP(x), and boolPtr(x)
redundant. Replace every call site with new(x) and remove the now-unused
helper functions and their //go:fix inline directives.
* MM-68149: apply go fix for reflect API and format-string changes
- reflect.Ptr → reflect.Pointer (renamed in Go 1.18, deprecated alias removed in 1.26)
- reflect range-over-struct: for i := 0; i < t.NumField(); i++ → for field := range t.Fields()
and the equivalent for Methods() and interface types
- Fix format-string concatenation and variadic-arg mismatches flagged by go vet
* MM-68149: update JPEG fixtures and test infrastructure for Go 1.26 encoder
Go 1.26 ships a new image/jpeg encoder that produces slightly different output.
Regenerate all JPEG fixture files and switch the comparison helpers from
byte-equality to pixel-level comparison with a small per-channel tolerance,
so minor encoder drift across patch versions is handled automatically.
Add -update-fixtures flag to make it easy to regenerate fixtures after future
major Go upgrades. Document the update procedure in tests/README.md.
* MM-68149: CI check that go fix ./... produces no changes
* Fix real bugs flagged by CodeRabbit review
- group.go: set newGroup.MemberCount not group.MemberCount (member count
was populated on the wrong variable and lost before publish/return)
- file_test.go: guard compareImage(GetFilePreview) on the preview slice
length, not the thumbnail slice length (copy-paste error)
- config_test.go: remove duplicate MinimumLength assignment
* fixup! Fix real bugs flagged by CodeRabbit review
* Report POC
* Including more error logs
* Added localisationj for each reviewer
* Optimisations
* Minor tweaks
* restored go module files
* lint fixes
* Added back transslations
* Added translations
* linter and test fixes
* restored go module files
* e2e lint fix
* lint fixes
* AI fixes
* fixed typo
* fixed nil pointer error
* Added more tests
* Publish report even if deletion fails
* Fixed the e2e test
* Distinguished between no data and deleted data
* lint fixes
* fixed tests
* e2e test fix
* Updated test to also upload actual file
* Removed file name tracking
* Text updates
* fixed e2e test
* lint fix
* Replace hardcoded test passwords with model.NewTestPassword()
Add model.NewTestPassword() utility that generates 14+ character
passwords meeting complexity requirements for FIPS compliance. Replace
all short hardcoded test passwords across the test suite with calls to
this function.
* Enforce FIPS compliance for passwords and HMAC keys
FIPS OpenSSL requires HMAC keys to be at least 14 bytes. PBKDF2 uses
the password as the HMAC key internally, so short passwords cause
PKCS5_PBKDF2_HMAC to fail.
- Add FIPSEnabled and PasswordFIPSMinimumLength build-tag constants
- Raise the password minimum length floor to 14 when compiled with
requirefips, applied in SetDefaults only when unset and validated
independently in IsValid
- Return ErrMismatchedHashAndPassword for too-short passwords in
PBKDF2 CompareHashAndPassword rather than a cryptic OpenSSL error
- Validate atmos/camo HMAC key length under FIPS and lengthen test
keys accordingly
- Adjust password validation tests to use PasswordFIPSMinimumLength
so they work under both FIPS and non-FIPS builds
* CI: shard FIPS test suite and extract merge template
Run FIPS tests on PRs that touch go.mod or have 'fips' in the branch
name. Shard FIPS tests across 4 runners matching the normal Postgres
suite. Extract the test result merge logic into a reusable workflow
template to deduplicate the normal and FIPS merge jobs.
* more
* Fix email test helper to respect FIPS minimum password length
* Fix test helpers to respect FIPS minimum password length
* Remove unnecessary "disable strict password requirements" blocks from test helpers
* Fix CodeRabbit review comments on PR #35905
- Add server-test-merge-template.yml to server-ci.yml pull_request.paths
so changes to the reusable merge workflow trigger Server CI validation
- Skip merge-postgres-fips-test-results job when test-postgres-normal-fips
was skipped, preventing failures due to missing artifacts
- Set guest.Password on returned guest in CreateGuestAndClient helper
to keep contract consistent with CreateUserWithClient
- Use shared LowercaseLetters/UppercaseLetters/NUMBERS/PasswordFIPSMinimumLength
constants in NewTestPassword() to avoid drift if FIPS floor changes
https://claude.ai/code/session_01HmE9QkZM3cAoXn2J7XrK2f
* Rename FIPS test artifact to match server-ci-report pattern
The server-ci-report job searches for artifacts matching "*-test-logs",
so rename from postgres-server-test-logs-fips to
postgres-server-fips-test-logs to be included in the report.
---------
Co-authored-by: Claude <noreply@anthropic.com>
* updated go to version 1.25.8
* updated gotestsum version to work with go 1.25.8
go 1.25 does not work with indirect tools 0.11 dependency pulled by
gotestsum.
* Use sync.WaitGroup.Go to simplify goroutine creation
Replace the wg.Add(1) + go func() { defer wg.Done() }() pattern with
wg.Go(), which was introduced in Go 1.25.
* pushes fips image on workflow dispatch to allow fips test to run on go version update
* fix new requirements for FIPS compliance imposed on updating to go 1.25.8
* updates openssl symbol check for library shipped with FIPS new versions
go-openssl v2 shipped with FIPS versions starting from 1.25 uses mkcgo to generate
bindings causing symbol names to be different.
* removes temp workflow-dispatch condition
* keep versions out of agents md file
* Add shared channel integration test tool (MM-67944)
Add tools/sharedchannel-test, a standalone Go tool that validates shared
channel synchronization between two real Mattermost Enterprise instances.
The tool builds and manages two server processes with separate databases,
establishes a remote cluster connection, and runs integration tests for
membership, post, and reaction sync.
Test coverage:
- Membership: add, remove, re-add, bulk remove
- Posts: create, edit, delete
- Reactions: add, remove
Uses mlog with dual console targets (stdout for info, stderr for errors)
and exits non-zero on failure for CI integration.
Running `make i18n-extract` on a en.json file
with bad JSON will just wipe off all keys instead
of throwing the error. This is very confusing
and can lead to a lot of time wasted because
there's no indication that the JSON is incorrect.
Fixing this.
```release-note
NONE
```
* update ArrayFromJSON to use LimitedReader
* update for bad merge
* fix lint errors
* update test code
* update unit tests
* update unit tests
* fix unit tests
* use consts, other cleanup
* add non sorting duplicate check
* set config to default value, then config setting if available
* fix lint errors
* fixes and debugs
* fix log test
* remove setting from Client, add unlimited Parser to client
* a couple more fixes
* another fix
* rename some variables
* remove superflous call
* check for valid MaximumPayloadSize
* update language file
* fix for e2e-tests
* update util function to return error
* lint fix
* update config property name to include unit
* fix for unit test
* add new config to telemetry
* call function to create LimitedReader
* Deprecate old function, use new function name
* return new AppError on failed parse
* return new AppError on failed parse
* return new AppError on failed parse
* add constant for i18n valid constants
* Update server/public/model/utils_test.go
Co-authored-by: Miguel de la Cruz <mgdelacroix@gmail.com>
* Apply suggestions from code review
Co-authored-by: Miguel de la Cruz <mgdelacroix@gmail.com>
* update error variable, remove unnecessary check
* Update function names
* fix errors from merge
* update unit test to create unique ids
---------
Co-authored-by: Mattermost Build <build@mattermost.com>
Co-authored-by: Miguel de la Cruz <mgdelacroix@gmail.com>
