feat: native support for plugins (#99)

## Description

This adds an `initContainer` used to sideload mattermost plugins. New
plugins can be added by adding additional `ADD` commands to the included
`Dockerfile`.

## Related Issue

Fixes #7 

Depends on defenseunicorns/uds-common#161 for
renovate changes.

## Type of change

- [ ] Bug fix (non-breaking change which fixes an issue)
- [x] New feature (non-breaking change which adds functionality)
- [ ] Other (security config, docs update, etc)

## Checklist before merging

- [ ] Test, docs, adr added or updated as needed
- [ ] [Contributor Guide
Steps](https://github.com/defenseunicorns/uds-package-mattermost/blob/main/CONTRIBUTING.md#developer-workflow)
followed

---------

Co-authored-by: zamaz <71521611+zachariahmiller@users.noreply.github.com>

.github/workflows/test.yaml

@@ -34,7 +34,7 @@ permissions:
 jobs:
   run-test:
     name: ${{ matrix.type }} ${{ matrix.flavor }}
-    runs-on: ubuntu-latest
+    runs-on: ${{ matrix.flavor == 'registry1' && matrix.type == 'upgrade' && 'uds-swf-ubuntu-big-boy-4-core' || 'ubuntu-latest' }}
     timeout-minutes: 20
     strategy:
       matrix:

bundle/uds-bundle.yaml

@@ -44,6 +44,12 @@ packages:
       - name: ACCESS_KEY
       - name: SECRET_KEY
 
+  - name: mattermost-plugins
+    path: ../
+    # x-release-please-start-version
+    ref: 9.9.1-uds.0
+    # x-release-please-end
+
   - name: mattermost
     path: ../
     # x-release-please-start-version
@@ -64,3 +70,13 @@ packages:
               value: "minio.dev-minio.svc.cluster.local:9000"
             - path: "objectStorage.bucket"
               value: "uds-mattermost-dev"
+        mattermost-enterprise-edition:
+          values:
+            - path: "mattermostApp.extraInitContainers"
+              value:
+                - name: mattermost-extra-plugins
+                  image: uds-package-mattermost/mattermost-extra-plugins:latest
+                  imagePullPolicy: Always
+                  volumeMounts:
+                    - name: mattermost-plugins
+                      mountPath: /mattermost/plugins/

docs/configuration.md

@@ -0,0 +1,41 @@
+# Configuration
+
+This Mattermost package is primarily configured through the upstream
+[Mattermost chart](https://github.com/mattermost/mattermost-helm/tree/master/charts/mattermost-enterprise-edition).
+
+## Plugins
+
+For installing plugins into your environment, we recommend the included `mattermost-plugins` Zarf package.
+It includes the following plugins by default:
+
+- [`mattermost-plugin-ai`](https://github.com/mattermost/mattermost-plugin-ai)
+- [`mattermost-plugin-gitlab`](https://github.com/mattermost/mattermost-plugin-gitlab)
+
+
+In order to load these plugins into the Mattermost server, the `uds-package-mattermost/mattermost-extra-plugins`
+image provided by this package should be injected as an `initContainer` by adding the following `overrides` to your
+UDS bundle:
+
+```yaml
+  - name: mattermost
+    overrides:
+      mattermost:
+        mattermost-enterprise-edition:
+          values:
+            - path: "mattermostApp.extraInitContainers"
+              value:
+                # Extra Container to install plugins
+                - name: mattermost-extra-plugins
+                  image: uds-package-mattermost/mattermost-extra-plugins:latest
+                  imagePullPolicy: Always
+                  volumeMounts:
+                    # Must match plugins volumes from chart
+
+                    # In mattermost-team-edition chart, this is `/mattermost/$MM_PLUGINSETTINGS_CLIENTDIRECTORY`
+                    # see: https://github.com/mattermost/mattermost-helm/blob/master/charts/mattermost-team-edition/templates/deployment.yaml#L103-L104
+
+                    # In mattermost-enterprise-edition chart, it is hardcoded to `/mattermost/plugins/`
+                    # see: https://github.com/mattermost/mattermost-helm/blob/master/charts/mattermost-enterprise-edition/templates/deployment-mattermost-app.yaml#L174-L177
+                    - name: mattermost-plugins
+                      mountPath: /mattermost/plugins/
+```

plugins/Dockerfile

@@ -0,0 +1,17 @@
+FROM cgr.dev/chainguard/busybox:latest
+
+# renovate: datasource=github-tags depName=mattermost/mattermost-plugin-ai versioning=semver
+ENV MATTERMOST_AI_PLUGIN_VERSION=0.8.2
+# renovate: datasource=github-tags depName=mattermost/mattermost-plugin-gitlab versioning=semver
+ENV MATTERMOST_GITLAB_PLUGIN_VERSION=1.9.1
+
+USER root
+
+ADD https://github.com/mattermost/mattermost-plugin-ai/releases/download/v$MATTERMOST_AI_PLUGIN_VERSION/mattermost-plugin-ai-v$MATTERMOST_AI_PLUGIN_VERSION-linux-amd64.tar.gz /extra-plugins/
+ADD https://github.com/mattermost/mattermost-plugin-gitlab/releases/download/v$MATTERMOST_GITLAB_PLUGIN_VERSION/com.github.manland.mattermost-plugin-gitlab-$MATTERMOST_GITLAB_PLUGIN_VERSION.tar.gz /extra-plugins/
+
+COPY ./entrypoint.sh /bin/entrypoint.sh
+
+RUN chmod -R 777 /extra-plugins/*.tar.gz
+
+ENTRYPOINT [ "/bin/entrypoint.sh" ]

plugins/entrypoint.sh

@@ -0,0 +1,16 @@
+#! /bin/sh
+
+set -e
+
+PLUGINS_TAR=$(ls /extra-plugins)
+
+cd /mattermost/plugins/
+
+for plugin_tar in ${PLUGINS_TAR};
+do
+  plugin_tar="/extra-plugins/${plugin_tar##*/}"
+  echo "extracting $plugin_tar ..."
+  tar -xf $plugin_tar
+done
+
+echo "finished loading plugins"

plugins/zarf.yaml

@@ -0,0 +1,21 @@
+# yaml-language-server: $schema=https://github.com/raw/defenseunicorns/zarf/main/zarf.schema.json
+kind: ZarfPackageConfig
+metadata:
+  name: mattermost-plugins
+  description: "UDS Mattermost Plugins Package"
+  # x-release-please-start-version
+  version: "9.9.1-uds.0"
+  # x-release-please-end
+
+components:
+  - name: mattermost-plugins
+    required: true
+    images:
+      - uds-package-mattermost/mattermost-extra-plugins:latest
+    actions:
+      onCreate:
+        before:
+          # we always build on amd64 because that is the target architecture for the plugin binaries
+          # but we still need fake arm64 images because @zachariahmiller said so
+          - cmd: |
+              docker buildx build . -t uds-package-mattermost/mattermost-extra-plugins:latest --platform linux/amd64

tasks.yaml

@@ -22,6 +22,10 @@ tasks:
       - task: create:package
         with:
           options: "--skip-sbom"
+      - task: create:package
+        with:
+          path: ./plugins
+          options: "--skip-sbom --flavor ''"
 
   - name: create-mm-test-bundle
     description: Create a local UDS Mattermost bundle
@@ -33,6 +37,10 @@ tasks:
   - name: create-mm-latest-release-bundle
     description: Create UDS Mattermost bundle based on the latest release
     actions:
+      - task: create:package
+        with:
+          path: ./plugins
+          options: "--skip-sbom --flavor ''"
       - task: pull:latest-package-release
         with:
           spoof_release: "true"
@@ -65,6 +73,4 @@ tasks:
       - task: setup:create-doug-user
       - task: create-mm-test-bundle
       - task: deploy:test-bundle
-      - cmd: ./uds zarf tools kubectl delete pods --all --namespace mattermost
-        description: "Workaround - restart the pods so the sso configuration will take effect"
       - task: test:all

tasks/publish.yaml

@@ -3,14 +3,40 @@ includes:
   - test: ./test.yaml
   - create: https://github.com/raw/defenseunicorns/uds-common/v0.7.1/tasks/create.yaml
   - deploy: https://github.com/raw/defenseunicorns/uds-common/v0.7.1/tasks/deploy.yaml
-  - publish: https://github.com/raw/defenseunicorns/uds-common/v0.7.1/tasks/publish.yaml
+  # TODO: @marshall007 - upstream logic into uds-common, tracking: https://github.com/defenseunicorns/uds-common/issues/178
+  # - publish: https://github.com/raw/defenseunicorns/uds-common/v0.7.1/tasks/publish.yaml
   - setup: https://github.com/raw/defenseunicorns/uds-common/v0.7.1/tasks/setup.yaml
 
 tasks:
+  # Slightly modified version of uds-common `publish:package`:
+  # https://github.com/defenseunicorns/uds-common/blob/v0.8.0/tasks/publish.yaml#L2-L20
+  - name: publish
+    description: Publish package for the supplied architecture
+    inputs:
+      path:
+        description: Path to the zarf package(s) being published
+        default: .
+      filter:
+        description: Filter the package(s) to be published by name
+        default: "*"
+      target_repo:
+        description: The repository to publish into
+        default: ghcr.io/defenseunicorns/packages/uds
+    actions:
+      - description: Publish package for the supplied architecture
+        cmd: |
+          for pkg in ${{ .inputs.path }}/zarf-package-${{ .inputs.filter }}.tar.zst; do
+            ./uds zarf package publish "$pkg" oci://${{ .inputs.target_repo }}
+          done
+
   - name: build-package
     description: Build package
     actions:
       - task: create:package
+      - task: create:package
+        with:
+          path: ./plugins
+          options: "--flavor ''"
 
   - name: test-package
     description: Test the package
@@ -23,11 +49,12 @@ tasks:
       - task: test:all
 
   - name: publish-package
-    description: Publish the package
+    description: Publish the packages
     actions:
-      - description: Publish the package
-        task: publish:package
+      - description: Publish the full mattermost packages
+        task: publish
         with:
-          # x-release-please-start-version
-          version: "9.9.1-uds.0"
-          # x-release-please-end
+          filter: mattermost-*
+      - description: Publish the skeleton plugins package
+        cmd: |
+          ./uds zarf package publish ./plugins oci://ghcr.io/defenseunicorns/packages/uds