Skip to content

feat: add Mattermost Docker deployment with user provisioning (#143)#151

Open
t0kubetsu wants to merge 3 commits into
mainfrom
feature/mattermost-bootstrap
Open

feat: add Mattermost Docker deployment with user provisioning (#143)#151
t0kubetsu wants to merge 3 commits into
mainfrom
feature/mattermost-bootstrap

Conversation

@t0kubetsu
Copy link
Copy Markdown
Contributor

@t0kubetsu t0kubetsu commented May 11, 2026
edited
Loading

Summary

Closes #143

  • Standalone Mattermost Team Edition deployment via Docker Compose (postgres:16-alpine DB + mattermost/mattermost-team-edition:latest + provisioner sidecar)
  • Provisioner creates users via the mattermost CLI, then creates a default team, adds members, and generates personal access tokens via the REST API
  • All tokens written to a named Docker volume (mattermost-tokens) and accessible via make tokens

Changes

File Purpose
Dockerfile Two-stage build: golang:alpine builder (yq/jq) → mattermost/mattermost-team-edition:latest runtime
compose.yml Three services: db, mattermost, provisioner; all with healthchecks and depends_on ordering
provisioning/init.sh POSIX sh bootstrap: wait → idempotency guard → CLI user create → REST login → team create → add members → generate PATs → stamp
provisioning/users.yml Declarative user manifest (admins[] + users[])
Makefile build-up, logs-provisioner, tokens, reprovision, clean, term targets
.env.example Template for all required environment variables
.dockerignore Excludes .env, *.key, *.pem, README.md from build context
README.md Quick Start, Token Retrieval, API Examples, Env Vars table, Troubleshooting

Design Notes

  • Builder stage: golang:alpine — matches the "use official project base image" requirement since Mattermost is written in Go
  • Runtime stage: mattermost/mattermost-team-edition:latest — Alpine-based, ships the mattermost binary needed for CLI user creation
  • User creation: mattermost --config /mattermost/config/config.json user create writes directly to the DB; no HTTP auth needed at this step
  • Token generation: REST API (POST /api/v4/users/{id}/tokens) with admin bearer token; admin creates tokens on behalf of all users
  • Idempotency: /tokens/.provisioned stamp file prevents double-provisioning on container restart

Testing

  • make build-up — all three services start cleanly
  • make logs-provisioner — provisioner completes without errors
  • make tokens — prints username:token lines for all 4 users
  • curl -H "Authorization: Bearer <token>" http://localhost:8065/api/v4/users/me — returns user object
  • make reprovision — re-runs provisioner without duplicating users

Related Issues

t0kubetsu added 2 commits May 11, 2026 15:43
@t0kubetsu
feat: add Mattermost Docker deployment with user provisioning (#143)
1793eda 
- Two-stage Dockerfile: golang:alpine builder + mattermost/mattermost-team-edition:latest runtime
- compose.yml: db (postgres:16-alpine), mattermost, provisioner services with healthchecks
- provisioning/init.sh: CLI user creation + REST API for team, membership, and PAT generation
- provisioning/users.yml: declarative user manifest (admins + trainees)
- Makefile: build/up/down/logs/tokens/reprovision targets matching gitea pattern
- .env.example, .dockerignore, README.md included
@t0kubetsu
fix: address critical review findings in mattermost provisioner (#151)
d4c7f14 
- Fix reprovision: remove stamp via docker run against named volume, not docker exec on wrong container
- Fix make tokens: use docker run against named volume (docker exec fails on stopped container)
- Fix token leak: write tokens to file only, not stdout/logs
- Fix yq: explicitly install mikefarah/yq v4.44.1
- Add --email-verified to mattermost user create
- Fix make clean: scope to project only
- Replace fixed sleep with retry loop for REST login
@t0kubetsu
Copy link
Copy Markdown
Contributor Author

t0kubetsu commented May 11, 2026
edited
Loading

Code review — fixes applied

Fix commit: d4c7f14

PR description

Fixed the raw $(cat <<'EOF' ... EOF) heredoc shell syntax that leaked into the PR body — cleaned via GitHub REST API.

Critical fixes applied

Finding Fix
make reprovision targeted mattermost container — stamp on provisioner volume, never removed Changed to docker run --rm -v mattermost-tokens:/tokens alpine rm -f /tokens/.provisioned + docker compose up $(PROVISIONER)
make tokens used docker exec on stopped container (always fails) Replaced with docker run --rm -v mattermost-tokens:/tokens alpine cat /tokens/tokens.txt
Personal access tokens printed to stdout/docker logs via tee Changed to file-only write; stdout shows [init] + token generated for USERNAME
apk add yq may install wrong yq version Replaced with explicit wget of mikefarah/yq v4.44.1
Missing --email-verified on mattermost user create Added to both admin and regular user creation
Fixed 3s sleep before REST login — insufficient under load Replaced with retry loop (20 attempts × 3s = 60s max)
make clean ran system-wide docker system prune Replaced with docker compose down -v --rmi all

Open items (non-blocking for lab)

  • MM_SERVICESETTINGS_ENABLEAPICREATEACCOUNT: "true" allows open API registration — set to false if not needed post-provisioning
  • Mattermost latest tag should be pinned for reproducibility
  • README API example has wrong channel listing endpoint URL (/api/v4/users/me/teams/channels/api/v4/users/me/teams/{team_id}/channels)

@hyde-repo hyde-repo added the track_axis-03 Student-facing infrastructure services label May 19, 2026
@hyde-repo hyde-repo self-assigned this May 19, 2026
@hyde-repo hyde-repo mentioned this pull request May 22, 2026
Open
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@hyde-repo hyde-repo

Labels

tests-wave_03 track_axis-03 Student-facing infrastructure services

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

feat: Deploy a standalone Mattermost instance (Dockerized, with users provisioned)

2 participants

@t0kubetsu @hyde-repo