ci: small oops

.ci/docker-compose-file/.env

@@ -6,23 +6,12 @@ LDAP_TAG=2.4.50
 INFLUXDB_TAG=2.5.0
 TDENGINE_TAG=3.0.2.4
 DYNAMO_TAG=1.21.0
-CASSANDRA_TAG=3.11
+CASSANDRA_TAG=3.11.6
 MINIO_TAG=RELEASE.2023-03-20T20-16-18Z
 OPENTS_TAG=9aa7f88
 KINESIS_TAG=2.1
-HSTREAMDB_TAG=v0.19.3
-HSTREAMDB_ZK_TAG=3.8.1
 
 MS_IMAGE_ADDR=mcr.microsoft.com/mssql/server
 SQLSERVER_TAG=2019-CU19-ubuntu-20.04
 
-
-# Password for the 'elastic' user (at least 6 characters)
-ELASTIC_PASSWORD="emqx123"
-# Password for the 'kibana_system' user (at least 6 characters)
-KIBANA_PASSWORD="emqx123"
-# Version of Elastic products
-ELASTIC_TAG=8.11.4
-LICENSE=basic
-
 TARGET=emqx/emqx

.ci/docker-compose-file/cassandra/Dockerfile

@@ -0,0 +1,4 @@
+ARG CASSANDRA_TAG=3.11.6
+FROM cassandra:${CASSANDRA_TAG}
+COPY cassandra.yaml /etc/cassandra/cassandra.yaml
+CMD ["cassandra", "-f"]

.ci/docker-compose-file/credentials.env

@@ -1,7 +0,0 @@
-MONGO_USERNAME=emqx
-MONGO_PASSWORD=passw0rd
-MONGO_AUTHSOURCE=admin
-
-# See "Environment Variables" @ https://hub.docker.com/_/mongo
-MONGO_INITDB_ROOT_USERNAME=${MONGO_USERNAME}
-MONGO_INITDB_ROOT_PASSWORD=${MONGO_PASSWORD}

.ci/docker-compose-file/docker-compose-azurite.yaml

@@ -1,24 +0,0 @@
-version: '3.9'
-
-services:
-  azurite:
-    container_name: azurite
-    image: mcr.microsoft.com/azure-storage/azurite:3.30.0
-    restart: always
-    expose:
-      - "10000"
-    # ports:
-    #   - "10000:10000"
-    networks:
-      - emqx_bridge
-    healthcheck:
-      test: ["CMD", "curl", "-f", "http://localhost:10000"]
-      interval: 30s
-      timeout: 5s
-      retries: 4
-    command:
-      - azurite-blob
-      - "--blobHost"
-      - 0.0.0.0
-      - "-d"
-      - debug.log

.ci/docker-compose-file/docker-compose-cassandra.yaml

@@ -1,38 +1,32 @@
 version: '3.9'
 
-x-cassandra: &cassandra
-  restart: always
-  image: public.ecr.aws/docker/library/cassandra:${CASSANDRA_TAG:-3.11}
-  environment:
-    CASSANDRA_BROADCAST_ADDRESS: "1.2.3.4"
-    CASSANDRA_RPC_ADDRESS: "0.0.0.0"
-    HEAP_NEWSIZE: "128M"
-    MAX_HEAP_SIZE: "2048M"
-  #ports:
-  #  - "9042:9042"
-  #  - "9142:9142"
-  command:
-    - /bin/bash
-    - -c
-    - |
-      /opt/cassandra/bin/cassandra -f -R > /cassandra.log &
-      /opt/cassandra/bin/cqlsh -u cassandra -p cassandra -e "CREATE KEYSPACE mqtt WITH REPLICATION = { 'class':'SimpleStrategy','replication_factor':1};"
-      while [[ $$? -ne 0 ]];do sleep 5; /opt/cassandra/bin/cqlsh -u cassandra -p cassandra -e "CREATE KEYSPACE mqtt WITH REPLICATION = { 'class':'SimpleStrategy','replication_factor':1};"; done
-      /opt/cassandra/bin/cqlsh -u cassandra -p cassandra -e "describe keyspaces;"
-      tail -f /cassandra.log
-  networks:
-    - emqx_bridge
-
 services:
   cassandra_server:
-    <<: *cassandra
     container_name: cassandra
+    build:
+      context: ./cassandra
+      args:
+        CASSANDRA_TAG: ${CASSANDRA_TAG}
+    image: emqx-cassandra
+    restart: always
+    environment:
+      CASSANDRA_BROADCAST_ADDRESS: "1.2.3.4"
+      CASSANDRA_RPC_ADDRESS: "0.0.0.0"
+      HEAP_NEWSIZE: "128M"
+      MAX_HEAP_SIZE: "2048M"
     volumes:
       - ./certs:/certs
-      - ./cassandra/cassandra.yaml:/etc/cassandra/cassandra.yaml
-  cassandra_noauth_server:
-    <<: *cassandra
-    container_name: cassandra_noauth
-    volumes:
-      - ./certs:/certs
-      - ./cassandra/cassandra_noauth.yaml:/etc/cassandra/cassandra.yaml
+    #ports:
+    #  - "9042:9042"
+    #  - "9142:9142"
+    command:
+      - /bin/bash
+      - -c
+      - |
+        /opt/cassandra/bin/cassandra -f -R > /cassandra.log &
+        /opt/cassandra/bin/cqlsh -u cassandra -p cassandra -e "CREATE KEYSPACE mqtt WITH REPLICATION = { 'class':'SimpleStrategy','replication_factor':1};"
+        while [[ $$? -ne 0 ]];do sleep 5; /opt/cassandra/bin/cqlsh -u cassandra -p cassandra -e "CREATE KEYSPACE mqtt WITH REPLICATION = { 'class':'SimpleStrategy','replication_factor':1};"; done
+        /opt/cassandra/bin/cqlsh -u cassandra -p cassandra -e "describe keyspaces;"
+        tail -f /cassandra.log
+    networks:
+      - emqx_bridge

.ci/docker-compose-file/docker-compose-couchbase.yaml

@@ -1,30 +0,0 @@
-version: '3.9'
-
-services:
-  couchbase:
-    container_name: couchbase
-    hostname: couchbase
-    image: ghcr.io/emqx/couchbase:1.0.0
-    restart: always
-    expose:
-      - 8091-8093
-    # ports:
-    #   - "8091-8093:8091-8093"
-    networks:
-      - emqx_bridge
-    healthcheck:
-      test: ["CMD", "curl", "-f", "http://localhost:8093/admin/ping"]
-      interval: 30s
-      timeout: 5s
-      retries: 4
-    environment:
-      - CLUSTER=localhost
-      - USER=admin
-      - PASS=public
-      - PORT=8091
-      - RAMSIZEMB=2048
-      - RAMSIZEINDEXMB=512
-      - RAMSIZEFTSMB=512
-      - BUCKETS=mqtt
-      - BUCKETSIZES=100
-      - AUTOREBALANCE=true

.ci/docker-compose-file/docker-compose-dynamo.yaml

@@ -3,7 +3,7 @@ version: '3.9'
 services:
   dynamodb-local:
     container_name: dynamo 
-    image: public.ecr.aws/aws-dynamodb-local/aws-dynamodb-local:${DYNAMO_TAG}
+    image: amazon/dynamodb-local:${DYNAMO_TAG}
     restart: always
     ports:
       - "8000:8000"

.ci/docker-compose-file/docker-compose-elastic-search-tls.yaml

@@ -1,111 +0,0 @@
-version: "3.9"
-
-# hint: run the following if the container fails to start locally
-# sysctl -w vm.max_map_count=262144
-services:
-  setup:
-    image: public.ecr.aws/elastic/elasticsearch:${ELASTIC_TAG}
-    volumes:
-      - ./elastic:/usr/share/elasticsearch/config/certs
-    user: "0"
-    command: >
-      bash -c '
-        if [ x${ELASTIC_PASSWORD} == x ]; then
-          echo "Set the ELASTIC_PASSWORD environment variable in the .env file";
-          exit 1;
-        elif [ x${KIBANA_PASSWORD} == x ]; then
-          echo "Set the KIBANA_PASSWORD environment variable in the .env file";
-          exit 1;
-        fi;
-        echo "Setting file permissions"
-        chown -R root:root config/certs;
-        find . -type d -exec chmod 750 \{\} \;;
-        find . -type f -exec chmod 640 \{\} \;;
-        echo "Waiting for Elasticsearch availability";
-        until curl -s --cacert config/certs/ca/ca.crt https://es01:9200 | grep -q "missing authentication credentials"; do sleep 30; done;
-        echo "Setting kibana_system password";
-        until curl -s -X POST --cacert config/certs/ca/ca.crt -u "elastic:${ELASTIC_PASSWORD}" -H "Content-Type: application/json" https://es01:9200/_security/user/kibana_system/_password -d "{\"password\":\"${KIBANA_PASSWORD}\"}" | grep -q "^{}"; do sleep 10; done;
-        echo "All done!";
-      '
-    healthcheck:
-      test: ["CMD-SHELL", "[ -f config/certs/ca/ca.crt ]"]
-      interval: 1s
-      timeout: 5s
-      retries: 120
-
-  es01:
-    depends_on:
-      setup:
-        condition: service_healthy
-    image: public.ecr.aws/elastic/elasticsearch:${ELASTIC_TAG}
-    container_name: elasticsearch
-    hostname: elasticsearch
-    volumes:
-      - ./elastic:/usr/share/elasticsearch/config/certs
-      - esdata01:/usr/share/elasticsearch/data
-    ports:
-      - 9200:9200
-    environment:
-      - node.name=es01
-      - ELASTIC_PASSWORD=${ELASTIC_PASSWORD}
-      - bootstrap.memory_lock=true
-      - discovery.type=single-node
-      - xpack.security.enabled=true
-      - xpack.security.http.ssl.enabled=true
-      - xpack.security.http.ssl.key=certs/es01/es01.key
-      - xpack.security.http.ssl.certificate=certs/es01/es01.crt
-      - xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt
-      - xpack.license.self_generated.type=${LICENSE}
-    mem_limit: 4G
-    ulimits:
-      memlock:
-        soft: -1
-        hard: -1
-    healthcheck:
-      test:
-        [
-          "CMD-SHELL",
-          "curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'",
-        ]
-      interval: 10s
-      timeout: 10s
-      retries: 120
-    restart: always
-    networks:
-      - emqx_bridge
-
-  kibana:
-    depends_on:
-      es01:
-        condition: service_healthy
-    image: public.ecr.aws/elastic/kibana:${ELASTIC_TAG}
-    volumes:
-      - ./elastic:/usr/share/kibana/config/certs
-      - kibanadata:/usr/share/kibana/data
-    ports:
-      - 5601:5601
-    environment:
-      - SERVERNAME=kibana
-      - ELASTICSEARCH_HOSTS=https://es01:9200
-      - ELASTICSEARCH_USERNAME=kibana_system
-      - ELASTICSEARCH_PASSWORD=${KIBANA_PASSWORD}
-      - ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=config/certs/ca/ca.crt
-    mem_limit: 1073741824
-    healthcheck:
-      test:
-        [
-          "CMD-SHELL",
-          "curl -s -I http://localhost:5601 | grep -q 'HTTP/1.1 302 Found'",
-        ]
-      interval: 10s
-      timeout: 10s
-      retries: 120
-    restart: always
-    networks:
-      - emqx_bridge
-
-volumes:
-  esdata01:
-    driver: local
-  kibanadata:
-    driver: local

.ci/docker-compose-file/docker-compose-emqx-cluster.yaml

@@ -13,15 +13,13 @@ x-default-emqx: &default-emqx
 services:
   haproxy:
     container_name: haproxy
-    image: public.ecr.aws/docker/library/haproxy:2.4
+    image: haproxy:2.4
     depends_on:
       - emqx1
       - emqx2
     volumes:
       - ./haproxy/haproxy.cfg:/usr/local/etc/haproxy/haproxy.cfg
-      - ../../apps/emqx/etc/certs/cert.pem:/usr/local/etc/haproxy/certs/cert.pem
-      - ../../apps/emqx/etc/certs/key.pem:/usr/local/etc/haproxy/certs/key.pem
-      - ../../apps/emqx/etc/certs/cacert.pem:/usr/local/etc/haproxy/certs/cacert.pem
+      - ../../apps/emqx/etc/certs:/usr/local/etc/haproxy/certs
     ports:
       - "18083:18083"
 #     - "1883:1883"
@@ -36,7 +34,7 @@ services:
       - -c
       - |
         set -x
-        cat /usr/local/etc/haproxy/certs/cert.pem /usr/local/etc/haproxy/certs/key.pem > /var/lib/haproxy/emqx.pem
+        cat /usr/local/etc/haproxy/certs/cert.pem /usr/local/etc/haproxy/certs/key.pem > /tmp/emqx.pem
         haproxy -f /usr/local/etc/haproxy/haproxy.cfg
 
   emqx1:

.ci/docker-compose-file/docker-compose-greptimedb.yaml

@@ -4,7 +4,7 @@ services:
   greptimedb:
     container_name: greptimedb
     hostname: greptimedb
-    image: greptime/greptimedb:v0.7.1
+    image: greptime/greptimedb:0.3.2
     expose:
       - "4000"
       - "4001"

.ci/docker-compose-file/docker-compose-hstreamdb.yaml

@@ -2,13 +2,11 @@ version: "3.5"
 
 services:
   hserver:
-    image: hstreamdb/hstream:${HSTREAMDB_TAG}
+    image: hstreamdb/hstream:v0.15.0
     container_name: hstreamdb
     depends_on:
-      zookeeper:
-        condition: service_started
-      hstore:
-        condition: service_healthy
+      - zookeeper
+      - hstore
     # ports:
     #   - "127.0.0.1:6570:6570"
     expose:
@@ -39,7 +37,7 @@ services:
         --io-tasks-network emqx_bridge
 
   hstore:
-    image: hstreamdb/hstream:${HSTREAMDB_TAG}
+    image: hstreamdb/hstream:v0.15.0
     networks:
       - emqx_bridge
     volumes:
@@ -55,17 +53,10 @@ services:
         --use-tcp --tcp-host $$(hostname -I | awk '{print $$1}') \
         --user-admin-port 6440 \
         --param enable-dscp-reflection=false \
-        --no-interactive \
-        > /data/store/hstore.log 2>&1
-    healthcheck:
-      test: ["CMD", "grep", "LogDevice Cluster running", "/data/store/hstore.log"]
-      interval: 10s
-      timeout: 10s
-      retries: 60
-      start_period: 60s
+        --no-interactive
 
   zookeeper:
-    image: zookeeper:${HSTREAMDB_ZK_TAG}
+    image: zookeeper
     expose:
       - 2181
     networks:

.ci/docker-compose-file/docker-compose-influxdb-tcp.yaml

@@ -3,7 +3,7 @@ version: '3.9'
 services:
   influxdb_server_tcp:
     container_name: influxdb_tcp
-    image: public.ecr.aws/docker/library/influxdb:${INFLUXDB_TAG}
+    image: influxdb:${INFLUXDB_TAG}
     expose:
       - "8086"
       - "8089/udp"

.ci/docker-compose-file/docker-compose-influxdb-tls.yaml

@@ -3,7 +3,7 @@ version: '3.9'
 services:
   influxdb_server_tls:
     container_name: influxdb_tls
-    image: public.ecr.aws/docker/library/influxdb:${INFLUXDB_TAG}
+    image: influxdb:${INFLUXDB_TAG}
     expose:
       - "8086"
       - "8089/udp"

.ci/docker-compose-file/docker-compose-iotdb.yaml

@@ -1,53 +1,24 @@
 version: '3.9'
 
 services:
-  iotdb_1_3_0:
-    container_name: iotdb130
-    hostname: iotdb130
-    image: apache/iotdb:1.3.0-standalone
-    restart: always
-    environment:
-      - enable_rest_service=true
-      - cn_internal_address=iotdb130
-      - cn_internal_port=10710
-      - cn_consensus_port=10720
-      - cn_seed_config_node=iotdb130:10710
-      - dn_rpc_address=iotdb130
-      - dn_internal_address=iotdb130
-      - dn_rpc_port=6667
-      - dn_mpp_data_exchange_port=10740
-      - dn_schema_region_consensus_port=10750
-      - dn_data_region_consensus_port=10760
-      - dn_seed_config_node=iotdb130:10710
-    # volumes:
-    #     - ./data:/iotdb/data
-    #     - ./logs:/iotdb/logs
-    expose:
-      - "18080"
-    # IoTDB's REST interface, uncomment for local testing
-    # ports:
-    #     - "18080:18080"
-    networks:
-      - emqx_bridge
-
-  iotdb_1_1_0:
-    container_name: iotdb110
-    hostname: iotdb110
+  iotdb:
+    container_name: iotdb
+    hostname: iotdb
     image: apache/iotdb:1.1.0-standalone
     restart: always
     environment:
       - enable_rest_service=true
-      - cn_internal_address=iotdb110
+      - cn_internal_address=iotdb
       - cn_internal_port=10710
       - cn_consensus_port=10720
-      - cn_target_config_node_list=iotdb110:10710
-      - dn_rpc_address=iotdb110
-      - dn_internal_address=iotdb110
+      - cn_target_config_node_list=iotdb:10710
+      - dn_rpc_address=iotdb
+      - dn_internal_address=iotdb
       - dn_rpc_port=6667
       - dn_mpp_data_exchange_port=10740
       - dn_schema_region_consensus_port=10750
       - dn_data_region_consensus_port=10760
-      - dn_target_config_node_list=iotdb110:10710
+      - dn_target_config_node_list=iotdb:10710
     # volumes:
     #     - ./data:/iotdb/data
     #     - ./logs:/iotdb/logs

.ci/docker-compose-file/docker-compose-kafka.yaml

@@ -2,7 +2,7 @@ version: '3.9'
 
 services:
   zookeeper:
-    image: public.ecr.aws/docker/library/zookeeper:3.6
+    image: docker.io/library/zookeeper:3.6
     ports:
       - "2181:2181"
     container_name: zookeeper
@@ -18,7 +18,7 @@ services:
       - /tmp/emqx-ci/emqx-shared-secret:/var/lib/secret
   kdc:
     hostname: kdc.emqx.net
-    image:  ghcr.io/emqx/emqx-builder/5.3-9:1.15.7-26.2.5-3-ubuntu22.04
+    image:  ghcr.io/emqx/emqx-builder/5.1-3:1.14.5-25.3.2-1-ubuntu20.04
     container_name: kdc.emqx.net
     expose:
       - 88 # kdc

.ci/docker-compose-file/docker-compose-kinesis.yaml

@@ -3,7 +3,7 @@ version: '3.9'
 services:
   kinesis:
     container_name: kinesis
-    image: public.ecr.aws/localstack/localstack:2.1
+    image: localstack/localstack:2.1
     environment:
       - KINESIS_ERROR_PROBABILITY=0.0
       - KINESIS_LATENCY=0

.ci/docker-compose-file/docker-compose-ldap.yaml

@@ -6,13 +6,11 @@ services:
     build:
       context: ../..
       dockerfile: .ci/docker-compose-file/openldap/Dockerfile
-    ulimits:
-      nofile: 1024
+      args:
+        LDAP_TAG: ${LDAP_TAG}
     image: openldap
     #ports:
-    #  - "389:389"
-    volumes:
-      - ./certs/ca.crt:/etc/certs/ca.crt
+    #  - 389:389
     restart: always
     networks:
       - emqx_bridge

.ci/docker-compose-file/docker-compose-mongo-replicaset-tcp.yaml

@@ -4,7 +4,7 @@ services:
   mongo1:
     hostname: mongo1
     container_name: mongo1
-    image: public.ecr.aws/docker/library/mongo:${MONGO_TAG}
+    image: mongo:${MONGO_TAG}
     environment:
       MONGO_INITDB_DATABASE: mqtt
     networks:
@@ -22,7 +22,7 @@ services:
   mongo2:
     hostname: mongo2
     container_name: mongo2
-    image: public.ecr.aws/docker/library/mongo:${MONGO_TAG}
+    image: mongo:${MONGO_TAG}
     environment:
       MONGO_INITDB_DATABASE: mqtt
     networks:
@@ -40,7 +40,7 @@ services:
   mongo3:
     hostname: mongo3
     container_name: mongo3
-    image: public.ecr.aws/docker/library/mongo:${MONGO_TAG}
+    image: mongo:${MONGO_TAG}
     environment:
       MONGO_INITDB_DATABASE: mqtt
     networks:
@@ -56,7 +56,7 @@ services:
       --replSet rs0
 
   mongo_rs_client:
-    image: public.ecr.aws/docker/library/mongo:${MONGO_TAG}
+    image: mongo:${MONGO_TAG}
     container_name: mongo_rs_client
     networks:
       - emqx_bridge

.ci/docker-compose-file/docker-compose-mongo-replicaset-tls.yaml

@@ -4,7 +4,7 @@ services:
   mongo1:
     hostname: mongo1
     container_name: mongo1
-    image: public.ecr.aws/docker/library/mongo:${MONGO_TAG}
+    image: mongo:${MONGO_TAG}
     environment:
       MONGO_INITDB_DATABASE: mqtt
     networks:
@@ -27,7 +27,7 @@ services:
   mongo2:
     hostname: mongo2
     container_name: mongo2
-    image: public.ecr.aws/docker/library/mongo:${MONGO_TAG}
+    image: mongo:${MONGO_TAG}
     environment:
       MONGO_INITDB_DATABASE: mqtt
     networks:
@@ -50,7 +50,7 @@ services:
   mongo3:
     hostname: mongo3
     container_name: mongo3
-    image: public.ecr.aws/docker/library/mongo:${MONGO_TAG}
+    image: mongo:${MONGO_TAG}
     environment:
       MONGO_INITDB_DATABASE: mqtt
     networks:
@@ -71,7 +71,7 @@ services:
         mongod --ipv6 --bind_ip_all --tlsMode requireTLS --tlsCertificateKeyFile /etc/certs/mongodb.pem --replSet rs0
       
   mongo_client:
-    image: public.ecr.aws/docker/library/mongo:${MONGO_TAG}
+    image: mongo:${MONGO_TAG}
     container_name: mongo_client
     networks:
       - emqx_bridge

.ci/docker-compose-file/docker-compose-mongo-sharded-tcp.yaml

@@ -4,7 +4,7 @@ services:
   mongosharded1:
     hostname: mongosharded1
     container_name: mongosharded1
-    image: public.ecr.aws/docker/library/mongo:${MONGO_TAG}
+    image: mongo:${MONGO_TAG}
     environment:
       MONGO_INITDB_DATABASE: mqtt
     networks:
@@ -24,7 +24,7 @@ services:
   mongosharded2:
     hostname: mongosharded2
     container_name: mongosharded2
-    image: public.ecr.aws/docker/library/mongo:${MONGO_TAG}
+    image: mongo:${MONGO_TAG}
     environment:
       MONGO_INITDB_DATABASE: mqtt
     networks:
@@ -44,7 +44,7 @@ services:
   mongosharded3:
     hostname: mongosharded3
     container_name: mongosharded3
-    image: public.ecr.aws/docker/library/mongo:${MONGO_TAG}
+    image: mongo:${MONGO_TAG}
     environment:
       MONGO_INITDB_DATABASE: mqtt
     networks:
@@ -62,7 +62,7 @@ services:
       --bind_ip_all
 
   mongosharded_client:
-    image: public.ecr.aws/docker/library/mongo:${MONGO_TAG}
+    image: mongo:${MONGO_TAG}
     container_name: mongosharded_client
     networks:
       - emqx_bridge

.ci/docker-compose-file/docker-compose-mongo-single-tcp.yaml

@@ -3,15 +3,12 @@ version: '3.9'
 services:
   mongo_server:
     container_name: mongo
-    image: public.ecr.aws/docker/library/mongo:${MONGO_TAG}
+    image: mongo:${MONGO_TAG}
     restart: always
     networks:
       - emqx_bridge
     ports:
       - "27017:27017"
-    env_file:
-      - .env
-      - credentials.env
     command:
       --ipv6
       --bind_ip_all

.ci/docker-compose-file/docker-compose-mongo-single-tls.yaml

@@ -3,7 +3,7 @@ version: '3.9'
 services:
   mongo_server_tls:
     container_name: mongo-tls
-    image: public.ecr.aws/docker/library/mongo:${MONGO_TAG}
+    image: mongo:${MONGO_TAG}
     restart: always
     environment:
       MONGO_INITDB_DATABASE: mqtt

.ci/docker-compose-file/docker-compose-mysql-tcp.yaml

@@ -3,7 +3,7 @@ version: '3.9'
 services:
   mysql_server:
     container_name: mysql
-    image: public.ecr.aws/docker/library/mysql:${MYSQL_TAG}
+    image: mysql:${MYSQL_TAG}
     restart: always
     ports:
       - "3306:3306"

.ci/docker-compose-file/docker-compose-mysql-tls.yaml

@@ -3,7 +3,7 @@ version: '3.9'
 services:
   mysql_server_tls:
     container_name: mysql-tls
-    image: public.ecr.aws/docker/library/mysql:${MYSQL_TAG}
+    image: mysql:${MYSQL_TAG}
     restart: always
     environment:
       MYSQL_ROOT_PASSWORD: public

.ci/docker-compose-file/docker-compose-otel.yaml

@@ -1,69 +0,0 @@
-version: '3.9'
-
-services:
-  jaeger-all-in-one:
-    image: jaegertracing/all-in-one:1.51.0
-    container_name: jaeger.emqx.net
-    hostname: jaeger.emqx.net
-    networks:
-      - emqx_bridge
-    restart: always
-#    ports:
-#      - "16686:16686"
-    user: "${DOCKER_USER:-root}"
-
-  # Collector
-  otel-collector:
-    image: otel/opentelemetry-collector:0.90.0
-    container_name: otel-collector.emqx.net
-    hostname: otel-collector.emqx.net
-    networks:
-      - emqx_bridge
-    restart: always
-    command: ["--config=/etc/otel-collector-config.yaml", "${OTELCOL_ARGS}"]
-    volumes:
-      - ./otel:/etc/
-#    ports:
-#      - "1888:1888"   # pprof extension
-#      - "8888:8888"   # Prometheus metrics exposed by the collector
-#      - "8889:8889"   # Prometheus exporter metrics
-#      - "13133:13133" # health_check extension
-#      - "4317:4317"   # OTLP gRPC receiver
-#      - "4318:4318"   # OTLP http receiver
-#      - "55679:55679" # zpages extension
-    depends_on:
-      - jaeger-all-in-one
-    user: "${DOCKER_USER:-root}"
-
-
-# Collector
-  otel-collector-tls:
-    image: otel/opentelemetry-collector:0.90.0
-    container_name: otel-collector-tls.emqx.net
-    hostname: otel-collector-tls.emqx.net
-    networks:
-      - emqx_bridge
-    restart: always
-    command: ["--config=/etc/otel-collector-config-tls.yaml", "${OTELCOL_ARGS}"]
-    volumes:
-      - ./otel:/etc/
-      - ./certs:/etc/certs
- #   ports:
- #     - "14317:4317"   # OTLP gRPC receiver
-    depends_on:
-      - jaeger-all-in-one
-    user: "${DOCKER_USER:-root}"
-
-#networks:
-#  emqx_bridge:
-#    driver: bridge
-#    name: emqx_bridge
-#    enable_ipv6: true
-#    ipam:
-#      driver: default
-#      config:
-#        - subnet: 172.100.239.0/24
-#          gateway: 172.100.239.1
-#        - subnet: 2001:3200:3200::/64
-#          gateway: 2001:3200:3200::1
-#

.ci/docker-compose-file/docker-compose-pgsql-tcp.yaml

@@ -3,7 +3,7 @@ version: '3.9'
 services:
   pgsql_server:
     container_name: pgsql
-    image: public.ecr.aws/docker/library/postgres:${PGSQL_TAG}
+    image: postgres:${PGSQL_TAG}
     restart: always
     environment:
       POSTGRES_PASSWORD: public

.ci/docker-compose-file/docker-compose-pgsql-tls.yaml

@@ -8,7 +8,7 @@ services:
       dockerfile: ./pgsql/Dockerfile
       args:
         POSTGRES_USER: postgres
-        BUILD_FROM: public.ecr.aws/docker/library/postgres:${PGSQL_TAG}
+        BUILD_FROM: postgres:${PGSQL_TAG}
     image: emqx_pgsql:${PGSQL_TAG}
     restart: always
     environment:

.ci/docker-compose-file/docker-compose-python.yaml

@@ -3,7 +3,7 @@ version: '3.9'
 services:
   python:
     container_name: python
-    image: public.ecr.aws/docker/library/python:3.9.16-alpine3.18
+    image: python:3.9.16-alpine3.18
     depends_on:
       - emqx1
       - emqx2

.ci/docker-compose-file/docker-compose-rabbitmq.yaml

@@ -3,18 +3,16 @@ version: '3.9'
 services:
   rabbitmq:
     container_name: rabbitmq
-    image: public.ecr.aws/docker/library/rabbitmq:3.11-management
+    image: rabbitmq:3.11-management
 
     restart: always
     expose:
       - "15672"
       - "5672"
-      - "5671"
     # We don't want to take ports from the host
-    #ports:
+    # ports:
     #   - "15672:15672"
     #   - "5672:5672"
-    #   - "5671:5671"
     volumes:
       - ./certs/ca.crt:/opt/certs/ca.crt
       - ./certs/server.crt:/opt/certs/server.crt

.ci/docker-compose-file/docker-compose-redis-cluster-tcp.yaml

@@ -3,7 +3,7 @@ services:
 
   redis-cluster-1: &redis-node
     container_name: redis-cluster-1
-    image: public.ecr.aws/docker/library/redis:${REDIS_TAG}
+    image: redis:${REDIS_TAG}
     volumes:
     - ./redis/cluster-tcp:/usr/local/etc/redis
     command: redis-server /usr/local/etc/redis/redis.conf

.ci/docker-compose-file/docker-compose-redis-cluster-tls.yaml

@@ -3,7 +3,7 @@ services:
 
   redis-cluster-tls-1: &redis-node
     container_name: redis-cluster-tls-1
-    image: public.ecr.aws/docker/library/redis:${REDIS_TAG}
+    image: redis:${REDIS_TAG}
     volumes:
     - ./redis/cluster-tls:/usr/local/etc/redis
     - ../../apps/emqx/etc/certs:/etc/certs

.ci/docker-compose-file/docker-compose-redis-sentinel-tcp.yaml

@@ -4,7 +4,7 @@ services:
 
   redis-sentinel-master:
     container_name: redis-sentinel-master
-    image: public.ecr.aws/docker/library/redis:${REDIS_TAG}
+    image: redis:${REDIS_TAG}
     volumes:
     - ./redis/sentinel-tcp:/usr/local/etc/redis
     command: redis-server /usr/local/etc/redis/master.conf
@@ -13,7 +13,7 @@ services:
 
   redis-sentinel-slave:
     container_name: redis-sentinel-slave
-    image: public.ecr.aws/docker/library/redis:${REDIS_TAG}
+    image: redis:${REDIS_TAG}
     volumes:
       - ./redis/sentinel-tcp:/usr/local/etc/redis
     command: redis-server /usr/local/etc/redis/slave.conf
@@ -24,7 +24,7 @@ services:
 
   redis-sentinel:
     container_name: redis-sentinel
-    image: public.ecr.aws/docker/library/redis:${REDIS_TAG}
+    image: redis:${REDIS_TAG}
     volumes:
       - ./redis/sentinel-tcp/sentinel-base.conf:/usr/local/etc/redis/sentinel-base.conf
     depends_on:

.ci/docker-compose-file/docker-compose-redis-sentinel-tls.yaml

@@ -4,7 +4,7 @@ services:
 
   redis-sentinel-tls-master:
     container_name: redis-sentinel-tls-master
-    image: public.ecr.aws/docker/library/redis:${REDIS_TAG}
+    image: redis:${REDIS_TAG}
     volumes:
       - ./redis/sentinel-tls:/usr/local/etc/redis
       - ../../apps/emqx/etc/certs:/etc/certs
@@ -14,7 +14,7 @@ services:
 
   redis-sentinel-tls-slave:
     container_name: redis-sentinel-tls-slave
-    image: public.ecr.aws/docker/library/redis:${REDIS_TAG}
+    image: redis:${REDIS_TAG}
     volumes:
       - ./redis/sentinel-tls:/usr/local/etc/redis
       - ../../apps/emqx/etc/certs:/etc/certs
@@ -26,7 +26,7 @@ services:
 
   redis-sentinel-tls:
     container_name: redis-sentinel-tls
-    image: public.ecr.aws/docker/library/redis:${REDIS_TAG}
+    image: redis:${REDIS_TAG}
     volumes:
       - ./redis/sentinel-tls/sentinel-base.conf:/usr/local/etc/redis/sentinel-base.conf
       - ../../apps/emqx/etc/certs:/etc/certs

.ci/docker-compose-file/docker-compose-redis-single-tcp.yaml

@@ -3,12 +3,13 @@ version: '3.9'
 services:
   redis_server:
     container_name: redis
-    image: public.ecr.aws/docker/library/redis:${REDIS_TAG}
-    volumes:
-      - ./redis/single-tcp:/usr/local/etc/redis/
+    image: redis:${REDIS_TAG}
     ports:
       - "6379:6379"
-    command: redis-server /usr/local/etc/redis/redis.conf
+    command:
+      - redis-server
+      - "--bind 0.0.0.0 ::"
+      - --requirepass public
     restart: always
     networks:
       - emqx_bridge

.ci/docker-compose-file/docker-compose-redis-single-tls.yaml

@@ -3,15 +3,23 @@ version: '3.9'
 services:
   redis_server_tls:
     container_name: redis-tls
-    image: public.ecr.aws/docker/library/redis:${REDIS_TAG}
+    image: redis:${REDIS_TAG}
     volumes:
       - ./certs/server.crt:/etc/certs/redis.crt
       - ./certs/server.key:/etc/certs/redis.key
       - ./certs/ca.crt:/etc/certs/ca.crt
-      - ./redis/single-tls:/usr/local/etc/redis
     ports:
       - "6380:6380"
-    command: redis-server /usr/local/etc/redis/redis.conf
+    command:
+      - redis-server
+      - "--bind 0.0.0.0 ::"
+      - --requirepass public
+      - --tls-port 6380
+      - --tls-cert-file /etc/certs/redis.crt
+      - --tls-key-file /etc/certs/redis.key
+      - --tls-ca-cert-file /etc/certs/ca.crt
+      - --tls-protocols "TLSv1.3"
+      - --tls-ciphersuites "TLS_CHACHA20_POLY1305_SHA256"
     restart: always
     networks:
       emqx_bridge:

.ci/docker-compose-file/docker-compose-rocketmq-ssl.yaml

@@ -1,41 +0,0 @@
-version: '3.9'
-
-services:
-  mqnamesrvssl:
-    image: apache/rocketmq:4.9.4
-    container_name: rocketmq_namesrv_ssl
-#    ports:
-#      - 9876:9876
-    volumes:
-      - ./rocketmq/logs_ssl:/opt/logs
-      - ./rocketmq/store_ssl:/opt/store
-    environment:
-      JAVA_OPT: "-Dtls.server.mode=enforcing"
-    command: ./mqnamesrv
-    networks:
-      - emqx_bridge
-
-  mqbrokerssl:
-    image: apache/rocketmq:4.9.4
-    container_name: rocketmq_broker_ssl
-#    ports:
-#      - 10909:10909
-#      - 10911:10911
-    volumes:
-      - ./rocketmq/logs_ssl:/opt/logs
-      - ./rocketmq/store_ssl:/opt/store
-      - ./rocketmq/conf_ssl/broker.conf:/etc/rocketmq/broker.conf
-      - ./rocketmq/conf_ssl/plain_acl.yml:/home/rocketmq/rocketmq-4.9.4/conf/plain_acl.yml
-    environment:
-        NAMESRV_ADDR: "rocketmq_namesrv_ssl:9876"
-        JAVA_OPTS: " -Duser.home=/opt -Drocketmq.broker.diskSpaceWarningLevelRatio=0.99"
-        JAVA_OPT_EXT: "-server -Xms512m -Xmx512m -Xmn512m -Dtls.server.mode=enforcing"
-    command: ./mqbroker -c /etc/rocketmq/broker.conf
-    depends_on:
-      - mqnamesrvssl
-    networks:
-      - emqx_bridge
-
-networks:
-  emqx_bridge:
-    driver: bridge

.ci/docker-compose-file/docker-compose-toxiproxy.yaml

@@ -39,10 +39,6 @@ services:
       - 19042:9042
       # Cassandra TLS
       - 19142:9142
-      # Cassandra No Auth
-      - 19043:9043
-      # Cassandra TLS No Auth
-      - 19143:9143
       # S3
       - 19000:19000
       # S3 TLS

.ci/docker-compose-file/docker-compose.yaml

@@ -3,18 +3,17 @@ version: '3.9'
 services:
   erlang:
     container_name: erlang
-    image: ${DOCKER_CT_RUNNER_IMAGE:-ghcr.io/emqx/emqx-builder/5.3-9:1.15.7-26.2.5-3-ubuntu22.04}
+    image: ${DOCKER_CT_RUNNER_IMAGE:-ghcr.io/emqx/emqx-builder/5.1-3:1.14.5-25.3.2-1-ubuntu20.04}
     env_file:
-      - credentials.env
       - conf.env
     environment:
-      GITHUB_ACTIONS: ${GITHUB_ACTIONS:-}
-      GITHUB_TOKEN: ${GITHUB_TOKEN:-}
-      GITHUB_RUN_ID: ${GITHUB_RUN_ID:-}
-      GITHUB_SHA: ${GITHUB_SHA:-}
-      GITHUB_RUN_NUMBER: ${GITHUB_RUN_NUMBER:-}
-      GITHUB_EVENT_NAME: ${GITHUB_EVENT_NAME:-}
-      GITHUB_REF: ${GITHUB_REF:-}
+      GITHUB_ACTIONS: ${GITHUB_ACTIONS}
+      GITHUB_TOKEN: ${GITHUB_TOKEN}
+      GITHUB_RUN_ID: ${GITHUB_RUN_ID}
+      GITHUB_SHA: ${GITHUB_SHA}
+      GITHUB_RUN_NUMBER: ${GITHUB_RUN_NUMBER}
+      GITHUB_EVENT_NAME: ${GITHUB_EVENT_NAME}
+      GITHUB_REF: ${GITHUB_REF}
     networks:
       - emqx_bridge
     ports:

.ci/docker-compose-file/elastic/ca/ca.crt

@@ -1,20 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDSjCCAjKgAwIBAgIVAIrN275DCtGnotTPpxwvQ5751N4OMA0GCSqGSIb3DQEB
-CwUAMDQxMjAwBgNVBAMTKUVsYXN0aWMgQ2VydGlmaWNhdGUgVG9vbCBBdXRvZ2Vu
-ZXJhdGVkIENBMB4XDTI0MDExNjAyMzIyMFoXDTI3MDExNTAyMzIyMFowNDEyMDAG
-A1UEAxMpRWxhc3RpYyBDZXJ0aWZpY2F0ZSBUb29sIEF1dG9nZW5lcmF0ZWQgQ0Ew
-ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCy0nwiEurUkIPFMLV1weVM
-pPk/AlwZUzqjkeL44gsY53XI9Q05w/sL9u6PzwrXgTCFWNXzI9+MoAtp8phPkn14
-cmg5/3sLe9YcFVFjYK/MoljlUbPDj+4dgk8l+w5FRSi0+JN5krUm7rYk9lojAkeS
-fX8RU7ekKGbjBXIFtPxX5GNadu9RidR5GkHM3XroAIoris8bFOzMgFn9iybYnkhq
-0S+Hpv0A8FVxzle0KNbPpsIkxXH2DnP2iPTDym9xJNl9Iv9MPtj9XaamH7TmXcSt
-MbjkAudKsCw4bRuhHonM16DIUr8sX5UcRcAWyJ1x1qpZaOzMdh2VdYAHNuOsZwzJ
-AgMBAAGjUzBRMB0GA1UdDgQWBBTAyDlp8NZfPe8NCGVlHJSVclGOhTAfBgNVHSME
-GDAWgBTAyDlp8NZfPe8NCGVlHJSVclGOhTAPBgNVHRMBAf8EBTADAQH/MA0GCSqG
-SIb3DQEBCwUAA4IBAQAeIUXRKmC53iirY4P49YspLafspAMf4ndMFQAp+Oc223Vs
-hQC4axNoYnUdzWDH6LioAN7P826xNPqtXvTZF9fmeX7K8Nm9Kdj+for+QQI3j6+X
-zq98VVkACb8b/Mc9Nac/WBbv/1IKyKgNNta7//WNPgAFolOfti/C0NLsPcKhrM9L
-mGbvRX8ZjH8pVJ0YTy4/xfDcF7G/Lxl4Yvb0ZXpuQbvE1+Y0h5aoTNshT/skJxC4
-iyVseYr21s3pptKcr6H9KZuSdZe5pbEo+81nT15w+50aswFLk9GCYh5UsQ+1jkRK
-cKgxP93i6x8BVbQJGKi1A1jhauSKX2IpWZQsHy4p
------END CERTIFICATE-----

.ci/docker-compose-file/elastic/ca/ca.key

@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAstJ8IhLq1JCDxTC1dcHlTKT5PwJcGVM6o5Hi+OILGOd1yPUN
-OcP7C/buj88K14EwhVjV8yPfjKALafKYT5J9eHJoOf97C3vWHBVRY2CvzKJY5VGz
-w4/uHYJPJfsORUUotPiTeZK1Ju62JPZaIwJHkn1/EVO3pChm4wVyBbT8V+RjWnbv
-UYnUeRpBzN166ACKK4rPGxTszIBZ/Ysm2J5IatEvh6b9APBVcc5XtCjWz6bCJMVx
-9g5z9oj0w8pvcSTZfSL/TD7Y/V2mph+05l3ErTG45ALnSrAsOG0boR6JzNegyFK/
-LF+VHEXAFsidcdaqWWjszHYdlXWABzbjrGcMyQIDAQABAoIBAAZOLXYanmjpIRpX
-h7h7oikYEplWDRcQBBvvKZaOyuchhznTKTiZmF0xQ3Ny8J4Ndj9ndODWSZxI6uod
-FaGNp+qytwnfgDBVGSVDm6tyRfSkX1fTsA/j3/iupvmO/w9yezdZYgLaCVTyex31
-yVMdchZgYjYDUpEBYzJbV2xL18+GBRmmPjdXumlpcJqcclxjOQJSu/1WCGVfn/e/
-64NQpAm7NSKLqeUl32g0/DvUpmYRfmf7ZjVUjePaJQU6sw5/N+3V9F1hYs8VSWz0
-OMzYIfUcvixw+VWx5bu0nWt98FirhsQPjCTThD+DHP6koXGrdXpeMOQE1YZmoV5T
-vP0X+FECgYEA5dsKVDQFL67muqz3CNRVM0xDWACCoa8789hYoxvhd1iO3e4kwXBa
-ABPcZckioq+HiQ4UIxC2AhQ1FuTeIUTq7LZ0HtAAdKFi48U4LzmPhNUpG1E/HbJ3
-GQbi4u1cAzGYuhdywktgBhn9bJ4XB7+X3815Y9qKkuRcwtXgKGDy8HkCgYEAxyly
-vc7NBkLfIAmkOsm6VXfvfBTEUBUGi6+k1rarTUxWFIgRuk4FHywwWUTdxWBKJz3n
-HNNJb/g7CcufdhLTuWVHQtJDxYf2cJjoi+Kf7/i/Qs9Nyhokj5Mnh6KlZQOWXpZd
-Gwn/O13NeDxt1TIVO2xp6zY4FhVEPvaHuxsMCtECgYA7/eR/P6iO3nZoCJbdXhXy
-spftEw0FSCg8p53SzIcXUCzRrcM4HavP0181zb5VebzFP8Bvun/WoRGOLSPwyP0L
-1T8Pf7huuGSIEERuxvY3dC8raxQvGxJMnOiA0/Ss/Lfg8hfIsEWashPb0pMuOYpZ
-JlblgfejCSlQzOOZhlxB+QKBgQCKmizRLV9/0QAJAsy5YPR9UJdpCebJOKiyg806
-5Ct5AvwRE9UKjAuCczU+mu+f0fApOSpi5CQCeYVUvtG90UJpjrM2LLCfgoyeNbv4
-xgG6dqlcbHrdgK4bATUMbsOd9g4qy4gGLkHi5df9qkhhi5Y9Iajg2X3U2H4DN3yk
-WSFbUQKBgQCLz333qWOuT3OBv+EYxHDQUS4YG+dReUos+v0iPJzu+spnfibBF5IC
-RjHIhPsdN1byNB0naXOkkz4tUlLGXv6umFgDtQvy/2rxvxQmUGp/WY1VM2+164Xe
-NEWdMEU6UckCoMO77kw8JosKhmXCYaSW5bWwnXuEpOj9WWpwjKtxlA==
------END RSA PRIVATE KEY-----

.ci/docker-compose-file/elastic/es01/es01.crt

@@ -1,20 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDQDCCAiigAwIBAgIUe90yOBN1KBxOEr2jro3epamZksIwDQYJKoZIhvcNAQEL
-BQAwNDEyMDAGA1UEAxMpRWxhc3RpYyBDZXJ0aWZpY2F0ZSBUb29sIEF1dG9nZW5l
-cmF0ZWQgQ0EwHhcNMjQwMTE2MDIzMjIyWhcNMjcwMTE1MDIzMjIyWjAPMQ0wCwYD
-VQQDEwRlczAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxGEL71pV
-j8qoUxEuL7qjRSeS1eHxeKhu2jqEZb7iA1o/7b/26QuYAkoYL+WuJNfYjg5F/O8W
-VVuAYIlN6a/mC6wT2t3pX4YSrdp+i3gtAC/LX+8mAeqMQPD+4jitOwjOsYzbuFCb
-nYl86dnFPl/+Pmj20mtZ+Wt7oIPD88j6+r5qgv59pHICxS7Cq304LDTRQbNoT8HO
-4c9VGGGtWIdtrqiYrz1OVefkffMrvFt77v6dKHn8g5tSyfQUDCoEKtTOc3Pe5zCB
-vIMs6HaapoSkl8XdpFHQ712PCZRebAMCrVcPYQ3r8e9GYmLY/NhxEn3dWTqRhHeg
-UD13O8o1aBWonwIDAQABo28wbTAdBgNVHQ4EFgQUXvGJtSf2/mLOK17AzUridtCV
-xWwwHwYDVR0jBBgwFoAUwMg5afDWXz3vDQhlZRyUlXJRjoUwIAYDVR0RBBkwF4IJ
-bG9jYWxob3N0hwR/AAABggRlczAxMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQAD
-ggEBACaNq3ZqrbsGvbEtrf6kJGIsTokTFHeVJUSYmt1ZZzDFLSepXAC/J8gphV45
-B+YSlkDPNTwMYlf7TUYY872zkdqOXN9r0NUx8MzVAX0+rux0RJba5GGUvJGZDNMX
-WM5z9ry1KjQSQ1bSoRQOD3QArmBmhvikHjLc97Vqt56N0wA/ztXWOpNZX/TXmast
-aXlUbcfQE73Cdq9tW1ATXwbQ2Gf7vVAUT3zjZSZbNdgPuBicGJHf85Fhjm2ND4+R
-sjLIOQ2YgVxNHYbueScc6lJM5RNK194K7WrEQnRyGHT3NaDUm0FFNl//aQeq1ZVw
-6gaUYlkTFauXwEYMDK901cWFaBE=
------END CERTIFICATE-----

.ci/docker-compose-file/elastic/es01/es01.key

@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAxGEL71pVj8qoUxEuL7qjRSeS1eHxeKhu2jqEZb7iA1o/7b/2
-6QuYAkoYL+WuJNfYjg5F/O8WVVuAYIlN6a/mC6wT2t3pX4YSrdp+i3gtAC/LX+8m
-AeqMQPD+4jitOwjOsYzbuFCbnYl86dnFPl/+Pmj20mtZ+Wt7oIPD88j6+r5qgv59
-pHICxS7Cq304LDTRQbNoT8HO4c9VGGGtWIdtrqiYrz1OVefkffMrvFt77v6dKHn8
-g5tSyfQUDCoEKtTOc3Pe5zCBvIMs6HaapoSkl8XdpFHQ712PCZRebAMCrVcPYQ3r
-8e9GYmLY/NhxEn3dWTqRhHegUD13O8o1aBWonwIDAQABAoIBADJ3A/Om4az5dcce
-96EBU9q+IDBBh2Wr1wzSk9p3sqoM47fLqH5b4dzYwJ1yZw2FwFtFFLw6jqExyexE
-7JY8gyAFwPZyJ3pKQHuX1gQuRlYxchB9quU8Kn230LA+w1mT2lXrLj2PzWWvAsAv
-m837KiFMpP0O5EjB07u8kLsRr1mG6QQ24Kc8oxd7xLXIiPzSvsOpYwo9hmIWENd5
-kyA7oSa9EmN3TRTkKOHI7cFQ3DqIGdO71waUofKOdx39DyHS2YKWxDE/LUjkS9zw
-1AyZG09l4uowyLRqwYhivEq9Za6rdc64yheuHatAM9kC2AOcVcsCPZquIe90k4t1
-L7e9CAECgYEA1W483xTW8ngzxv9MMuPiW+PwVGRpyQrbO6OZOxdWEYfhrZlk5wlW
-XK2T85jqooJwMWPTk1F49vZ9WN2KuLkL65GlkEtkFbxmOiFJjXuWwycbFSk05hPs
-4AESBYHieaSPcwYhvLeG6g4PFyeqmbAGnKsJaj2ylPwDBOc7LgVlqAECgYEA64wo
-gZwaj5SlP8M/OqGH04UVYr1kP/Eq6eiDfMyV5exy+pyzofZyNKUfJfw6sGgyRRHx
-OVxlnPMsZ8zbdOXsvUEIeavpwDfQcp5eAURL65I6GMLsx2QpfiN2mDe1MqQW0jct
-UleFaURgS84KHLE0+tBBg906jOHGjsE7Q3lyUJ8CgYBYYPev4K9JZGD8bEcfY6Ie
-Lvsb1yC+8VHrFkmjYHxxcfUPr89KpGEwq2fynUW72YufyBiajkgq69Ln84U4DNhU
-ydDnOXDOV191fsc4YQ8C7LSYRKH1DBcwgwD1at1fRbdpCAb8YHrrfLre+bv5PBzg
-zyps5fOHIfwWEbI90lpQAQKBgQDoMMqBMTtxi+r1lucOScrVtFuncOCQs5BE8cIj
-1JxzAQk6iBv/LSvZP2gcDq5f1Oaw9YXfsHguJfwA+ozeiAQ9bw0Gu3N52sstIXWz
-M/rO5d9FJ2k3CEJqqFSwqkGBAQXKBUA06jeF1DREpX+MVxbNo1rhvMOJusn7UPm1
-gtMwKwKBgQCfRzFO10ITwrw8rcRZwO9Axgqf11V7xn6qpgRxj4h0HOErVTCN1H0b
-vE3Pz7cxS/g9vFRP37TuqBLfGVzPt9LAEFwCWPeZJLROBLHyu8XrhTbQx+sI2/pe
-SBEJAQAHtYasFTE0sBEKNEY2rIt1c29XZhyhhtNKD9gRN/gB355wLg==
------END RSA PRIVATE KEY-----

.ci/docker-compose-file/elastic/instances.yml

@@ -1,7 +0,0 @@
-instances:
-   - name: es01
-     dns:
-       - es01
-       - localhost
-     ip:
-       - 127.0.0.1

.ci/docker-compose-file/haproxy/haproxy.cfg

@@ -83,13 +83,13 @@ backend emqx_ws_back
 frontend emqx_ssl
     mode tcp
     option tcplog
-    bind *:8883 ssl crt /var/lib/haproxy/emqx.pem ca-file /usr/local/etc/haproxy/certs/cacert.pem verify required no-sslv3
+    bind *:8883 ssl crt /tmp/emqx.pem ca-file /usr/local/etc/haproxy/certs/cacert.pem verify required no-sslv3
     default_backend emqx_ssl_back
 
 frontend emqx_wss
     mode tcp
     option tcplog
-    bind *:8084 ssl crt /var/lib/haproxy/emqx.pem ca-file /usr/local/etc/haproxy/certs/cacert.pem verify required no-sslv3
+    bind *:8084 ssl crt /tmp/emqx.pem ca-file /usr/local/etc/haproxy/certs/cacert.pem verify required no-sslv3
     default_backend emqx_wss_back
 
 backend emqx_ssl_back

.ci/docker-compose-file/kafka/kafka-entrypoint.sh

@@ -49,9 +49,6 @@ echo "+++++++ Creating Kafka Topics ++++++++"
 # there seem to be a race condition when creating the topics (too early)
 env KAFKA_CREATE_TOPICS="$KAFKA_CREATE_TOPICS_NG" KAFKA_PORT="$PORT1" create-topics.sh
 
-# create a topic with max.message.bytes=100
-/opt/kafka/bin/kafka-topics.sh --create --bootstrap-server "${SERVER}:${PORT1}" --topic max-100-bytes --partitions 1 --replication-factor 1 --config max.message.bytes=100
-
 echo "+++++++ Wait until Kafka ports are down ++++++++"
 
 bash -c 'while printf "" 2>>/dev/null >>/dev/tcp/$0/$1; do sleep 1; done' $SERVER $PORT1

.ci/docker-compose-file/openldap/Dockerfile

@@ -1,4 +1,13 @@
-FROM docker.io/zmstone/openldap:2.5.16@sha256:a813922115a1d1f1b974399595921d1778fae22b3f1ee15dcfa8cfa89700dbc7
+FROM buildpack-deps:bookworm
+
+ARG LDAP_TAG=2.5.16
+
+RUN apt-get update && apt-get install -y groff groff-base
+RUN wget https://www.openldap.org/software/download/OpenLDAP/openldap-release/openldap-${LDAP_TAG}.tgz \
+    && tar xvzf openldap-${LDAP_TAG}.tgz \
+    && cd openldap-${LDAP_TAG} \
+    && ./configure && make depend && make && make install \
+    && cd .. && rm -rf  openldap-${LDAP_TAG}
 
 COPY .ci/docker-compose-file/openldap/slapd.conf /usr/local/etc/openldap/slapd.conf
 COPY apps/emqx_ldap/test/data/emqx.io.ldif /usr/local/etc/openldap/schema/emqx.io.ldif

.ci/docker-compose-file/openldap/README.md

@@ -1,61 +0,0 @@
-# LDAP authentication
-
-To run manual tests with the default docker-compose files.
-
-Expose openldap container port by uncommenting the `ports` config in `docker-compose-ldap.yaml `
-
-To start openldap:
-
-```
-docker-compose -f ./.ci/docker-compose-file/docker-compose.yaml -f ./.ci/docker-compose-file/docker-compose-ldap.yaml up -docker
-```
-
-## LDAP database
-
-LDAP database is populated from below files:
-```
-apps/emqx_ldap/test/data/emqx.io.ldif /usr/local/etc/openldap/schema/emqx.io.ldif
-apps/emqx_ldap/test/data/emqx.schema /usr/local/etc/openldap/schema/emqx.schema
-```
-
-## Minimal EMQX config
-
-```
-authentication = [
-  {
-    backend = ldap
-    base_dn = "uid=${username},ou=testdevice,dc=emqx,dc=io"
-    filter = "(& (objectClass=mqttUser) (uid=${username}))"
-    mechanism = password_based
-    method {
-      is_superuser_attribute = isSuperuser
-      password_attribute = userPassword
-      type = hash
-    }
-    password = public
-    pool_size = 8
-    query_timeout = "5s"
-    request_timeout = "10s"
-    server = "localhost:1389"
-    username = "cn=root,dc=emqx,dc=io"
-  }
-]
-```
-
-## Example ldapsearch command
-
-```
-ldapsearch -x -H ldap://localhost:389 -D "cn=root,dc=emqx,dc=io" -W -b "uid=mqttuser0007,ou=testdevice,dc=emqx,dc=io" "(&(objectClass=mqttUser)(uid=mqttuser0007))"
-```
-
-## Example mqttx command
-
-The client password hashes are generated from their username.
-
-```
-# disabled user
-mqttx pub -t 't/1' -h localhost -p 1883 -m x -u mqttuser0006 -P mqttuser0006
-
-# enabled super-user
-mqttx pub -t 't/1' -h localhost -p 1883 -m x -u mqttuser0007 -P mqttuser0007
-```

.ci/docker-compose-file/openldap/slapd.conf

@@ -1,13 +1,14 @@
 include         /usr/local/etc/openldap/schema/core.schema
 include         /usr/local/etc/openldap/schema/cosine.schema
 include         /usr/local/etc/openldap/schema/inetorgperson.schema
+include         /usr/local/etc/openldap/schema/ppolicy.schema
 include         /usr/local/etc/openldap/schema/emqx.schema
 
 TLSCACertificateFile  /usr/local/etc/openldap/cacert.pem
 TLSCertificateFile    /usr/local/etc/openldap/cert.pem
 TLSCertificateKeyFile /usr/local/etc/openldap/key.pem
 
-database mdb
+database bdb
 suffix "dc=emqx,dc=io"
 rootdn "cn=root,dc=emqx,dc=io"
 rootpw {SSHA}eoF7NhNrejVYYyGHqnt+MdKNBh4r1w3W

.ci/docker-compose-file/otel/.gitignore

@@ -1,6 +0,0 @@
-certs
-hostname
-hosts
-otel-collector.json
-otel-collector-tls.json
-resolv.conf

.ci/docker-compose-file/otel/otel-collector-config-tls.yaml

@@ -1,52 +0,0 @@
-receivers:
-  otlp:
-    protocols:
-      grpc:
-        tls:
-          ca_file: /etc/certs/ca.crt
-          cert_file: /etc/certs/server.crt
-          key_file: /etc/certs/server.key
-      http:
-        tls:
-          ca_file: /etc/certs/ca.crt
-          cert_file: /etc/certs/server.crt
-          key_file: /etc/certs/server.key
-
-exporters:
-  logging:
-    verbosity: detailed
-  otlp:
-    endpoint: jaeger.emqx.net:4317
-    tls:
-      insecure: true
-  debug:
-    verbosity: detailed
-  file:
-    path: /etc/otel-collector-tls.json
-
-
-processors:
-  batch:
-    # send data immediately
-    timeout: 0
-
-extensions:
-  health_check:
-  zpages:
-    endpoint: :55679
-
-service:
-  extensions: [zpages, health_check]
-  pipelines:
-    traces:
-      receivers: [otlp]
-      processors: [batch]
-      exporters: [logging, otlp]
-    metrics:
-      receivers: [otlp]
-      processors: [batch]
-      exporters: [logging]
-    logs:
-      receivers: [otlp]
-      processors: [batch]
-      exporters: [logging, file]

.ci/docker-compose-file/otel/otel-collector-config.yaml

@@ -1,51 +0,0 @@
-receivers:
-  otlp:
-    protocols:
-      grpc:
-        tls:
-#          ca_file: /etc/ca.pem
-#          cert_file: /etc/server.pem
-#          key_file: /etc/server.key
-      http:
-        tls:
-#          ca_file: /etc/ca.pem
-#          cert_file: /etc/server.pem
-#          key_file: /etc/server.key
-
-exporters:
-  logging:
-    verbosity: detailed
-  otlp:
-    endpoint: jaeger.emqx.net:4317
-    tls:
-      insecure: true
-  debug:
-    verbosity: detailed
-  file:
-    path: /etc/otel-collector.json
-
-processors:
-  batch:
-    # send data immediately
-    timeout: 0
-
-extensions:
-  health_check:
-  zpages:
-    endpoint: :55679
-
-service:
-  extensions: [zpages, health_check]
-  pipelines:
-    traces:
-      receivers: [otlp]
-      processors: [batch]
-      exporters: [logging, otlp]
-    metrics:
-      receivers: [otlp]
-      processors: [batch]
-      exporters: [logging]
-    logs:
-      receivers: [otlp]
-      processors: [batch]
-      exporters: [logging, file]

.ci/docker-compose-file/pgsql/Dockerfile

@@ -1,4 +1,4 @@
-ARG BUILD_FROM=public.ecr.aws/docker/library/postgres:13@sha256:fa69de30d02652cfdfb68166692e5186f6972c17f83c89c71ac8ff0916d46ae3
+ARG BUILD_FROM=postgres:13
 FROM ${BUILD_FROM}
 ARG POSTGRES_USER=postgres
 COPY --chown=$POSTGRES_USER ./pgsql/pg_hba_tls.conf /var/lib/postgresql/pg_hba.conf

.ci/docker-compose-file/python/pytest.sh

@@ -6,9 +6,6 @@
 set -x
 set +e
 
-# shellcheck disable=SC3028 disable=SC3054
-SCRIPT_DIR="$( dirname -- "$( readlink -f -- "$0"; )"; )"
-
 EMQX_TEST_DB_BACKEND=$1
 if [ "$EMQX_TEST_DB_BACKEND" = "rlog" ]
 then
@@ -23,7 +20,7 @@ fi
 apk update && apk add git curl
 git clone -b develop-5.0 https://github.com/emqx/paho.mqtt.testing.git /paho.mqtt.testing
 
-pip install --require-hashes -r "$SCRIPT_DIR/requirements.txt"
+pip install pytest==7.1.2 pytest-retry
 
 pytest --retries 3 -v /paho.mqtt.testing/interoperability/test_client/V5/test_connect.py -k test_basic --host "$TARGET_HOST"
 RESULT=$?

.ci/docker-compose-file/python/requirements.txt

@@ -1,21 +0,0 @@
-pytest-retry==1.6.1 \
-    --hash=sha256:3d420afc08e61ed3be28ecbb544371041b1b8e5fea7c94eb97cefa0d4ea9825c \
-    --hash=sha256:3d663159a9be4d6878705822cf27a0976f99ec1bc4f2d9494e80403b17f700f2
-pytest==7.4.4 \
-    --hash=sha256:2cf0005922c6ace4a3e2ec8b4080eb0d9753fdc93107415332f50ce9e7994280 \
-    --hash=sha256:b090cdf5ed60bf4c45261be03239c2c1c22df034fbffe691abe93cd80cea01d8
-pluggy==1.3.0 \
-    --hash=sha256:cf61ae8f126ac6f7c451172cf30e3e43d3ca77615509771b3a984a0730651e12 \
-    --hash=sha256:d89c696a773f8bd377d18e5ecda92b7a3793cbe66c87060a6fb58c7b6e1061f7
-iniconfig==2.0.0 \
-    --hash=sha256:2d91e135bf72d31a410b17c16da610a82cb55f6b0477d1a902134b24a455b8b3 \
-    --hash=sha256:b6a85871a79d2e3b22d2d1b94ac2824226a63c6b741c88f7ae975f18b6778374
-tomli==2.0.1 \
-    --hash=sha256:939de3e7a6161af0c887ef91b7d41a53e7c5a1ca976325f429cb46ea9bc30ecc \
-    --hash=sha256:de526c12914f0c550d15924c62d72abc48d6fe7364aa87328337a31007fe8a4f
-exceptiongroup==1.2.0 \
-    --hash=sha256:4bfd3996ac73b41e9b9628b04e079f193850720ea5945fc96a08633c66912f14 \
-    --hash=sha256:91f5c769735f051a4290d52edd0858999b57e5876e9f85937691bd4c9fa3ed68
-packaging==23.2 \
-    --hash=sha256:048fb0e9405036518eaaf48a55953c750c11e1a1b68e0dd1a9d62ed0c092cfc5 \
-    --hash=sha256:8c491190033a9af7e1d931d0b5dacc2ef47509b34dd0de67ed209b5203fc88c7

.ci/docker-compose-file/redis/cluster-tcp/redis.conf

@@ -1,11 +1,10 @@
 bind :: 0.0.0.0
 port 6379
+requirepass public
 
 cluster-enabled yes
 
-masteruser default
 masterauth public
-aclfile /usr/local/etc/redis/users.acl
 
 protected-mode no
 daemonize no

.ci/docker-compose-file/redis/cluster-tcp/users.acl

@@ -1,2 +0,0 @@
-user default on >public ~* &* +@all
-user test_user on >test_passwd ~* &* +@all

.ci/docker-compose-file/redis/cluster-tls/redis.conf

@@ -1,11 +1,10 @@
 bind :: 0.0.0.0
 port 6379
+requirepass public
 
 cluster-enabled yes
 
-masteruser default
 masterauth public
-aclfile /usr/local/etc/redis/users.acl
 
 tls-port 6389
 tls-cert-file /etc/certs/cert.pem

.ci/docker-compose-file/redis/cluster-tls/users.acl

@@ -1,2 +0,0 @@
-user default on >public ~* &* +@all
-user test_user on >test_passwd ~* &* +@all

.ci/docker-compose-file/redis/sentinel-tcp/master.conf

@@ -1,6 +1,6 @@
 bind :: 0.0.0.0
 port 6379
-aclfile /usr/local/etc/redis/users.acl
+requirepass public
 
 protected-mode no
 daemonize no

.ci/docker-compose-file/redis/sentinel-tcp/sentinel-base.conf

@@ -1,7 +1,7 @@
 sentinel resolve-hostnames yes
 bind :: 0.0.0.0
 
-sentinel monitor mytcpmaster redis-sentinel-master 6379 1
-sentinel auth-pass mytcpmaster public
-sentinel down-after-milliseconds mytcpmaster 10000
-sentinel failover-timeout mytcpmaster 20000
+sentinel monitor mymaster redis-sentinel-master 6379 1
+sentinel auth-pass mymaster public
+sentinel down-after-milliseconds mymaster 10000
+sentinel failover-timeout mymaster 20000

.ci/docker-compose-file/redis/sentinel-tcp/slave.conf

@@ -1,10 +1,9 @@
 bind :: 0.0.0.0
 port 6379
+requirepass public
 
 replicaof redis-sentinel-master 6379
-masteruser default
 masterauth public
-aclfile /usr/local/etc/redis/users.acl
 
 protected-mode no
 daemonize no

.ci/docker-compose-file/redis/sentinel-tcp/users.acl

@@ -1,2 +0,0 @@
-user default on >public ~* &* +@all
-user test_user on >test_passwd ~* &* +@all

.ci/docker-compose-file/redis/sentinel-tls/master.conf

@@ -1,6 +1,6 @@
 bind :: 0.0.0.0
 port 6379
-aclfile /usr/local/etc/redis/users.acl
+requirepass public
 
 tls-port 6389
 tls-cert-file /etc/certs/cert.pem

.ci/docker-compose-file/redis/sentinel-tls/sentinel-base.conf

@@ -8,7 +8,7 @@ tls-key-file /etc/certs/key.pem
 tls-ca-cert-file /etc/certs/cacert.pem
 tls-auth-clients no
 
-sentinel monitor mytlsmaster redis-sentinel-tls-master 6389 1
-sentinel auth-pass mytlsmaster public
-sentinel down-after-milliseconds mytlsmaster 10000
-sentinel failover-timeout mytlsmaster 20000
+sentinel monitor mymaster redis-sentinel-tls-master 6389 1
+sentinel auth-pass mymaster public
+sentinel down-after-milliseconds mymaster 10000
+sentinel failover-timeout mymaster 20000

.ci/docker-compose-file/redis/sentinel-tls/slave.conf

@@ -1,10 +1,9 @@
 bind :: 0.0.0.0
 port 6379
+requirepass public
 
 replicaof redis-sentinel-tls-master 6389
-masteruser default
 masterauth public
-aclfile /usr/local/etc/redis/users.acl
 
 tls-port 6389
 tls-replication yes

.ci/docker-compose-file/redis/sentinel-tls/users.acl

@@ -1,2 +0,0 @@
-user default on >public ~* &* +@all
-user test_user on >test_passwd ~* &* +@all

.ci/docker-compose-file/redis/single-tcp/redis.conf

@@ -1,3 +0,0 @@
-bind :: 0.0.0.0
-port 6379
-aclfile /usr/local/etc/redis/users.acl

.ci/docker-compose-file/redis/single-tcp/users.acl

@@ -1,2 +0,0 @@
-user default on >public ~* &* +@all
-user test_user on >test_passwd ~* &* +@all

.ci/docker-compose-file/redis/single-tls/redis.conf

@@ -1,9 +0,0 @@
-bind :: 0.0.0.0
-aclfile /usr/local/etc/redis/users.acl
-
-tls-port 6380
-tls-cert-file /etc/certs/redis.crt
-tls-key-file /etc/certs/redis.key
-tls-ca-cert-file /etc/certs/ca.crt
-tls-protocols "TLSv1.3"
-tls-ciphersuites "TLS_CHACHA20_POLY1305_SHA256"

.ci/docker-compose-file/redis/single-tls/users.acl

@@ -1,2 +0,0 @@
-user default on >public ~* &* +@all
-user test_user on >test_passwd ~* &* +@all

.ci/docker-compose-file/rocketmq/conf/plain_acl.yml

@@ -9,4 +9,3 @@ accounts:
     defaultGroupPerm: PUB|SUB
     topicPerms:
       - TopicTest=PUB|SUB
-      - Topic2=PUB|SUB

.ci/docker-compose-file/rocketmq/conf_ssl/broker.conf

@@ -1,24 +0,0 @@
-brokerClusterName=DefaultClusterSSL
-brokerName=broker-a
-brokerId=0
-
-brokerIP1=rocketmq_broker_ssl
-
-defaultTopicQueueNums=4
-autoCreateTopicEnable=true
-autoCreateSubscriptionGroup=true
-
-listenPort=10911
-deleteWhen=04
-
-fileReservedTime=120
-mapedFileSizeCommitLog=1073741824
-mapedFileSizeConsumeQueue=300000
-diskMaxUsedSpaceRatio=100
-maxMessageSize=65536
-
-brokerRole=ASYNC_MASTER
-
-flushDiskType=ASYNC_FLUSH
-
-aclEnable=true

.ci/docker-compose-file/rocketmq/conf_ssl/plain_acl.yml

@@ -1,12 +0,0 @@
-globalWhiteRemoteAddresses:
-
-accounts:
-  - accessKey: RocketMQ
-    secretKey: 12345678
-    whiteRemoteAddress:
-    admin: false
-    defaultTopicPerm: DENY
-    defaultGroupPerm: PUB|SUB
-    topicPerms:
-      - TopicTest=PUB|SUB
-      - Topic2=PUB|SUB

.ci/docker-compose-file/toxiproxy.json

@@ -96,18 +96,6 @@
     "upstream": "cassandra:9142",
     "enabled": true
   },
-  {
-    "name": "cassa_no_auth_tcp",
-    "listen": "0.0.0.0:9043",
-    "upstream": "cassandra_noauth:9042",
-    "enabled": true
-  },
-  {
-    "name": "cassa_no_auth_tls",
-    "listen": "0.0.0.0:9143",
-    "upstream": "cassandra_noauth:9142",
-    "enabled": true
-  },
   {
     "name": "sqlserver",
     "listen": "0.0.0.0:1433",
@@ -139,15 +127,9 @@
     "enabled": true
   },
   {
-    "name": "iotdb110",
+    "name": "iotdb",
     "listen": "0.0.0.0:18080",
-    "upstream": "iotdb110:18080",
-    "enabled": true
-  },
-  {
-    "name": "iotdb130",
-    "listen": "0.0.0.0:28080",
-    "upstream": "iotdb130:18080",
+    "upstream": "iotdb:18080",
     "enabled": true
   },
   {
@@ -197,35 +179,5 @@
     "listen": "0.0.0.0:4566",
     "upstream": "kinesis:4566",
     "enabled": true
-  },
-  {
-    "name": "ldap_tcp",
-    "listen": "0.0.0.0:389",
-    "upstream": "ldap:389",
-    "enabled": true
-  },
-  {
-    "name": "ldap_ssl",
-    "listen": "0.0.0.0:636",
-    "upstream": "ldap:636",
-    "enabled": true
-  },
-  {
-    "name": "elasticsearch",
-    "listen": "0.0.0.0:9200",
-    "upstream": "elasticsearch:9200",
-    "enabled": true
-  },
-  {
-    "name": "azurite_plain",
-    "listen": "0.0.0.0:10000",
-    "upstream": "azurite:10000",
-    "enabled": true
-  },
-  {
-    "name": "couchbase",
-    "listen": "0.0.0.0:8093",
-    "upstream": "couchbase:8093",
-    "enabled": true
   }
 ]

.ci/fvt_tests/http_server/rebar.config

@@ -1,11 +1,12 @@
 %% -*- mode: erlang -*-
 
 {erl_opts, [debug_info]}.
-{deps, [
+{deps,
+ [
     {minirest, {git, "https://github.com/emqx/minirest.git", {tag, "1.3.7"}}}
-]}.
+ ]}.
 
 {shell, [
-    % {config, "config/sys.config"},
+  % {config, "config/sys.config"},
     {apps, [http_server]}
 ]}.

.ci/fvt_tests/http_server/src/http_server.app.src

@@ -1,18 +1,18 @@
 %% -*- mode: erlang -*-
-{application, http_server, [
-    {description, "An HTTP server application"},
-    {vsn, "0.2.0"},
-    {registered, []},
-    % {mod, {http_server_app, []}},
-    {modules, []},
-    {applications, [
-        kernel,
-        stdlib,
-        minirest
-    ]},
-    {env, []},
-    {modules, []},
+{application, http_server,
+ [{description, "An HTTP server application"},
+  {vsn, "0.2.0"},
+  {registered, []},
+  % {mod, {http_server_app, []}},
+  {modules, []},
+  {applications,
+   [kernel,
+    stdlib,
+    minirest
+   ]},
+  {env,[]},
+  {modules, []},
 
-    {licenses, ["Apache 2.0"]},
-    {links, []}
-]}.
+  {licenses, ["Apache 2.0"]},
+  {links, []}
+ ]}.

.ci/gitlint.requirements.txt

@@ -1,14 +0,0 @@
-arrow==1.2.3 --hash=sha256:5a49ab92e3b7b71d96cd6bfcc4df14efefc9dfa96ea19045815914a6ab6b1fe2
-click==8.1.3 --hash=sha256:bb4d8133cb15a609f44e8213d9b391b0809795062913b383c62be0ee95b1db48
-exceptiongroup==1.2.0 --hash=sha256:4bfd3996ac73b41e9b9628b04e079f193850720ea5945fc96a08633c66912f14
-gitlint==0.19.1 --hash=sha256:26bb085959148d99fbbc178b4e56fda6c3edd7646b7c2a24d8ee1f8e036ed85d
-gitlint-core==0.19.1 --hash=sha256:f41effd1dcbc06ffbfc56b6888cce72241796f517b46bd9fd4ab1b145056988c
-iniconfig==2.0.0 --hash=sha256:b6a85871a79d2e3b22d2d1b94ac2824226a63c6b741c88f7ae975f18b6778374
-packaging==23.2 --hash=sha256:8c491190033a9af7e1d931d0b5dacc2ef47509b34dd0de67ed209b5203fc88c7
-pluggy==1.3.0 --hash=sha256:d89c696a773f8bd377d18e5ecda92b7a3793cbe66c87060a6fb58c7b6e1061f7
-pytest==7.4.4 --hash=sha256:b090cdf5ed60bf4c45261be03239c2c1c22df034fbffe691abe93cd80cea01d8
-pytest-retry==1.6.1 --hash=sha256:3d420afc08e61ed3be28ecbb544371041b1b8e5fea7c94eb97cefa0d4ea9825c
-python-dateutil==2.8.2 --hash=sha256:961d03dc3453ebbc59dbdea9e4e11c5651520a876d0f4db161e8674aae935da9
-sh==1.14.3 --hash=sha256:e4045b6c732d9ce75d571c79f5ac2234edd9ae4f5fa9d59b09705082bdca18c7
-six==1.16.0 --hash=sha256:8abb2f1d86890a2dfb989f9a77cfcfd3e47c2a354b01111771326f8aa26e0254
-tomli==2.0.1 --hash=sha256:939de3e7a6161af0c887ef91b7d41a53e7c5a1ca976325f429cb46ea9bc30ecc

.ci/pr-sanity-checks.sh

@@ -12,11 +12,13 @@ if ! type "yq" > /dev/null; then
     exit 1
 fi
 
-cd -P -- "$(dirname -- "${BASH_SOURCE[0]}")/.."
-# shellcheck disable=SC1091
-source ./env.sh
+EMQX_BUILDER_VERSION=${EMQX_BUILDER_VERSION:-5.1-1}
+EMQX_BUILDER_OTP=${EMQX_BUILDER_OTP:-25.3.2-1}
+EMQX_BUILDER_ELIXIR=${EMQX_BUILDER_ELIXIR:-1.14.5}
+EMQX_BUILDER_PLATFORM=${EMQX_BUILDER_PLATFORM:-ubuntu22.04}
+EMQX_BUILDER=${EMQX_BUILDER:-ghcr.io/emqx/emqx-builder/${EMQX_BUILDER_VERSION}:${EMQX_BUILDER_ELIXIR}-${EMQX_BUILDER_OTP}-${EMQX_BUILDER_PLATFORM}}
 
-commands=$(yq ".jobs.sanity-checks.steps[].run" .github/workflows/_pr_entrypoint.yaml | grep -v null)
+commands=$(yq ".runs.steps[].run" .github/actions/pr-sanity-checks/action.yaml | grep -v null)
 
 BEFORE_REF=${BEFORE_REF:-$(git rev-parse master)}
 AFTER_REF=${AFTER_REF:-$(git rev-parse HEAD)}
@@ -27,5 +29,4 @@ docker run --rm -it -v "$(pwd):/emqx" -w /emqx \
        -e GITHUB_BASE_REF="$BEFORE_REF" \
        -e MIX_ENV=emqx-enterprise \
        -e PROFILE=emqx-enterprise \
-       -e ACTIONLINT_VSN=1.6.25 \
-       "${EMQX_BUILDER}" /bin/bash -c "git config --global --add safe.directory /emqx; ${commands}"
+       "${EMQX_BUILDER}" /bin/bash -c "${commands}"

.github/CODEOWNERS

@@ -1,29 +1,16 @@
 ## Default
 * @emqx/emqx-review-board
 
-# emqx-review-board members
-## HJianBo
-## id
-## ieQu1
-## keynslug
-## qzhuyan
-## savonarola
-## terry-xiaoyu
-## thalesmg
-## zhongwencool
-## zmstone
-
 ## apps
 /apps/emqx/                @emqx/emqx-review-board @lafirest
-/apps/emqx_auth/           @emqx/emqx-review-board @JimMoen
+/apps/emqx_authn/          @emqx/emqx-review-board @JimMoen @savonarola
+/apps/emqx_authz/          @emqx/emqx-review-board @JimMoen @savonarola
 /apps/emqx_connector/      @emqx/emqx-review-board @JimMoen
 /apps/emqx_dashboard/      @emqx/emqx-review-board @JimMoen @lafirest
-/apps/emqx_dashboard_rbac/ @emqx/emqx-review-board @lafirest
-/apps/emqx_dashboard_sso/  @emqx/emqx-review-board @JimMoen @lafirest
-/apps/emqx_exhook/         @emqx/emqx-review-board @JimMoen
+/apps/emqx_exhook/         @emqx/emqx-review-board @JimMoen @lafirest
+/apps/emqx_ft/             @emqx/emqx-review-board @savonarola @keynslug
 /apps/emqx_gateway/        @emqx/emqx-review-board @lafirest
-/apps/emqx_management/     @emqx/emqx-review-board @lafirest
-/apps/emqx_opentelemetry   @emqx/emqx-review-board @SergeTupchiy
+/apps/emqx_management/     @emqx/emqx-review-board @lafirest @sstrigler
 /apps/emqx_plugins/        @emqx/emqx-review-board @JimMoen
 /apps/emqx_prometheus/     @emqx/emqx-review-board @JimMoen
 /apps/emqx_psk/            @emqx/emqx-review-board @lafirest
@@ -31,7 +18,7 @@
 /apps/emqx_rule_engine/    @emqx/emqx-review-board @kjellwinblad
 /apps/emqx_slow_subs/      @emqx/emqx-review-board @lafirest
 /apps/emqx_statsd/         @emqx/emqx-review-board @JimMoen
-/apps/emqx_durable_storage/ @emqx/emqx-review-board @keynslug
+/apps/emqx_durable_storage/ @emqx/emqx-review-board @ieQu1 @keynslug 
 
 ## CI
 /deploy/  @emqx/emqx-review-board @Rory-Z

.github/ISSUE_TEMPLATE/bug-report.yaml

@@ -61,6 +61,10 @@ body:
         # paste output here
         $ uname -a
         # paste output here
+
+        # On Windows:
+        C:\> wmic os get Caption, Version, BuildNumber, OSArchitecture
+        # paste output here
         ```
 
         </details>

.github/actions/package-macos/action.yaml

@@ -3,7 +3,7 @@ inputs:
   profile: # emqx, emqx-enterprise
     required: true
     type: string
-  otp:
+  otp: # 25.3.2-1
     required: true
     type: string
   os:
@@ -33,7 +33,7 @@ runs:
         HOMEBREW_NO_INSTALL_UPGRADE: 1
         HOMEBREW_NO_INSTALLED_DEPENDENTS_CHECK: 1
       run: |
-        brew install curl zip unzip coreutils openssl@1.1 unixodbc
+        brew install curl zip unzip coreutils openssl@1.1
         echo "/usr/local/opt/bison/bin" >> $GITHUB_PATH
         echo "/usr/local/bin" >> $GITHUB_PATH
         echo "emqx_name=${emqx_name}" >> $GITHUB_OUTPUT
@@ -51,12 +51,12 @@ runs:
             echo "SELF_HOSTED=false" >> $GITHUB_OUTPUT
             ;;
         esac
-    - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+    - uses: actions/cache@v3
       id: cache
       if: steps.prepare.outputs.SELF_HOSTED != 'true'
       with:
         path: ${{ steps.prepare.outputs.OTP_INSTALL_PATH }}
-        key: otp-install-${{ inputs.otp }}-${{ inputs.os }}-static-ssl-disable-hipe-disable-jit-20240524-1
+        key: otp-install-${{ inputs.otp }}-${{ inputs.os }}-static-ssl-disable-hipe-disable-jit
     - name: build erlang
       if: steps.cache.outputs.cache-hit != 'true'
       shell: bash
@@ -80,10 +80,9 @@ runs:
         git clone --depth 1 --branch OTP-${{ inputs.otp }} https://github.com/emqx/otp.git "$OTP_SOURCE_PATH"
         cd "$OTP_SOURCE_PATH"
         if [ "$(arch)" = arm64 ]; then
-            ODBCHOME="$(brew --prefix unixodbc)"
-            export CFLAGS="-O2 -g -I${ODBCHOME}/include"
-            export LDFLAGS="-L${ODBCHOME}/lib"
-            WITH_ODBC="--with-odbc=${ODBCHOME}"
+            export CFLAGS="-O2 -g -I$(brew --prefix unixodbc)/include"
+            export LDFLAGS="-L$(brew --prefix unixodbc)/lib"
+            WITH_ODBC="--with-odbc=$(brew --prefix unixodbc)"
         else
             WITH_ODBC=""
         fi

.github/actions/pr-sanity-checks/action.yaml

@@ -0,0 +1,74 @@
+name: 'Pull request sanity checks'
+
+defaults:
+  run:
+    shell: 'bash -Eeuo pipefail {0}'
+
+runs:
+  using: composite
+  steps:
+    - name: Work around https://github.com/actions/checkout/issues/766
+      shell: bash
+      run: |
+        git config --global --add safe.directory "$GITHUB_WORKSPACE"
+    - name: Run gitlint
+      shell: bash
+      env:
+        BEFORE_REF: ${{ github.event_name == 'pull_request' && github.event.pull_request.base.sha || github.event.before }}
+        AFTER_REF: ${{ github.sha }}
+      run: |
+        echo "==> gitlint --commits $BEFORE_REF..$AFTER_REF"
+        pip install gitlint
+        gitlint --commits $BEFORE_REF..$AFTER_REF --config .github/workflows/.gitlint
+        echo "==> gitlint ok"
+    - name: Check line-break at EOF
+      shell: bash
+      run: |
+        echo "==> ./scripts/check-nl-at-eof.sh"
+        ./scripts/check-nl-at-eof.sh
+        echo "==> ./scripts/check-nl-at-eof.sh ok"
+    - name: Run shellcheck
+      shell: bash
+      run: |
+        echo "==> ./scripts/shellcheck.sh"
+        apt-get update -y
+        apt-get install -y shellcheck
+        ./scripts/shellcheck.sh
+        echo "==> ./scripts/shellcheck.sh ok"
+    - name: Check apps version
+      shell: bash
+      run: |
+        echo "==> ./scripts/apps-version-check.sh"
+        ./scripts/apps-version-check.sh
+        echo "==> ./scripts/apps-version-check.sh ok"
+    - name: Check Erlang code formatting
+      shell: bash
+      run: |
+        echo "==> ./scripts/check-format.sh"
+        ./scripts/check-format.sh
+        echo "==> check-format ok"
+    - name: Run elvis check
+      shell: bash
+      run: |
+        echo "==> ./scripts/elvis-check.sh $GITHUB_BASE_REF"
+        ./scripts/elvis-check.sh $GITHUB_BASE_REF
+        echo "==> ./scripts/elvis-check.sh $GITHUB_BASE_REF ok"
+    - name: Setup mix
+      env:
+        MIX_ENV: emqx-enterprise
+        PROFILE: emqx-enterprise
+      shell: bash
+      run: |
+        echo "==> mix deps.get"
+        mix local.hex --force
+        mix local.rebar --force
+        echo "==> mix deps.get ok"
+    - name: Check Elixir code formatting
+      env:
+        MIX_ENV: emqx-enterprise
+        PROFILE: emqx-enterprise
+      shell: bash
+      run: |
+        echo "==> mix format --check-formatted"
+        mix format --check-formatted
+        echo "==> mix format ok"

.github/actions/prepare-jmeter/action.yaml

@@ -1,21 +1,38 @@
-name: 'Prepare jmeter'
+name: 'Run jmeter'
+
+inputs:
+  version-emqx:
+    required: true
+    type: string
 
 runs:
   using: composite
   steps:
-    - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+    - uses: AutoModality/action-clean@v1
+    - uses: actions/download-artifact@v3
+      with:
+        name: emqx-docker
+        path: /tmp
+    - name: load docker image
+      shell: bash
+      env:
+        PKG_VSN: ${{ inputs.version-emqx }}
+      run: |
+        EMQX_DOCKER_IMAGE_TAG=$(docker load < /tmp/emqx-docker-${PKG_VSN}.tar.gz | sed 's/Loaded image: //g')
+        echo "_EMQX_DOCKER_IMAGE_TAG=$EMQX_DOCKER_IMAGE_TAG" >> $GITHUB_ENV
+    - uses: actions/checkout@v3
       with:
         repository: emqx/emqx-fvt
         ref: broker-autotest-v5
         path: scripts
-    - uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1
+    - uses: actions/setup-java@v3
       with:
         java-version: '8.0.282' # The JDK version to make available on the path.
         java-package: jdk # (jre, jdk, or jdk+fx) - defaults to jdk
         architecture: x64 # (x64 or x86) - defaults to x64
         # https://github.com/actions/setup-java/blob/main/docs/switching-to-v2.md
         distribution: 'zulu'
-    - uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4
+    - uses: actions/download-artifact@v3
       with:
         name: apache-jmeter.tgz
     - name: install jmeter

.github/dependabot.yml

@@ -1,32 +0,0 @@
-version: 2
-updates:
-  - package-ecosystem: github-actions
-    directory: "/"
-    reviewers:
-      - "emqx/emqx-review-board"
-    schedule:
-      interval: weekly
-    groups:
-      actions:
-        patterns:
-          - "*"
-  - package-ecosystem: github-actions
-    directory: "/.github/actions/package-macos/" # All subdirectories outside of "/.github/workflows" must be explicitly included.
-    reviewers:
-      - "emqx/emqx-review-board"
-    schedule:
-      interval: weekly
-    groups:
-      actions-package-macos:
-        patterns:
-          - "*"
-  - package-ecosystem: github-actions
-    directory: "/.github/actions/prepare-jmeter/" # All subdirectories outside of "/.github/workflows" must be explicitly included.
-    reviewers:
-      - "emqx/emqx-review-board"
-    schedule:
-      interval: weekly
-    groups:
-      actions-prepare-jmeter:
-        patterns:
-          - "*"

.github/pull_request_template.md

@@ -1,8 +1,9 @@
 Fixes <issue-or-jira-number>
 
-Release version: v/e5.?
+<!-- Make sure to target release-51 branch if this PR is intended to fix the issues for the release candidate. -->
 
 ## Summary
+copilot:summary
 
 ## PR Checklist
 Please convert it to a draft if any of the following conditions are not met. Reviewers may skip over until all the items are checked:
@@ -10,7 +11,7 @@ Please convert it to a draft if any of the following conditions are not met. Rev
 - [ ] Added tests for the changes
 - [ ] Added property-based tests for code which performs user input validation
 - [ ] Changed lines covered in coverage report
-- [ ] Change log has been added to `changes/(ce|ee)/(feat|perf|fix|breaking)-<PR-id>.en.md` files
+- [ ] Change log has been added to `changes/(ce|ee)/(feat|perf|fix)-<PR-id>.en.md` files
 - [ ] For internal contributor: there is a jira ticket to track this change
 - [ ] Created PR to [emqx-docs](https://github.com/emqx/emqx-docs) if documentation update is required, or link to a follow-up jira ticket
 - [ ] Schema changes are backward compatible

.github/workflows/.zipignore

@@ -1,3 +0,0 @@
-.git/*
-*/.git/*
-*/.github/*

.github/workflows/.zipignore2

@@ -1 +0,0 @@
-*/.github/*

.github/workflows/_pr_entrypoint.yaml

@@ -1,130 +1,67 @@
 name: PR Entrypoint
 
-concurrency:
-  group: pr-entrypoint-${{ github.event_name }}-${{ github.ref }}
-  cancel-in-progress: true
-
 on:
   pull_request:
-  workflow_dispatch:
-    inputs:
-      ref:
-        required: false
-
-defaults:
-  run:
-    shell: bash
 
 env:
   IS_CI: "yes"
+  OTP_VSN: "25.3.2-1"
+  ELIXIR_VSN: "1.14.5"
+  BUILDER_VSN: "25.3.2-1"
 
 jobs:
-  init:
-    runs-on: ubuntu-22.04
-    outputs:
-      BUILDER_VSN: ${{ steps.env.outputs.BUILDER_VSN }}
-      OTP_VSN: ${{ steps.env.outputs.OTP_VSN }}
-      ELIXIR_VSN: ${{ steps.env.outputs.ELIXIR_VSN }}
-      BUILDER: ${{ steps.env.outputs.BUILDER }}
-    steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-        with:
-          ref: ${{ github.event.inputs.ref }}
-      - name: Set up environment
-        id: env
-        run: |
-          source ./env.sh
-          echo "BUILDER_VSN=$EMQX_BUILDER_VSN" | tee -a "$GITHUB_OUTPUT"
-          echo "OTP_VSN=$OTP_VSN" | tee -a "$GITHUB_OUTPUT"
-          echo "ELIXIR_VSN=$ELIXIR_VSN" | tee -a "$GITHUB_OUTPUT"
-          echo "BUILDER=$EMQX_BUILDER" | tee -a "$GITHUB_OUTPUT"
-
   sanity-checks:
-    runs-on: ubuntu-22.04
-    needs: init
-    container: ${{ needs.init.outputs.BUILDER }}
+    runs-on: ${{ github.repository_owner == 'emqx' && 'aws-amd64' || 'ubuntu-22.04' }}
+    container: "ghcr.io/emqx/emqx-builder/5.1-3:1.14.5-25.3.2-1-ubuntu22.04"
     outputs:
       ct-matrix: ${{ steps.matrix.outputs.ct-matrix }}
       ct-host: ${{ steps.matrix.outputs.ct-host }}
       ct-docker: ${{ steps.matrix.outputs.ct-docker }}
-
-    permissions:
-      contents: read
+      version-emqx: ${{ steps.matrix.outputs.version-emqx }}
+      version-emqx-enterprise: ${{ steps.matrix.outputs.version-emqx-enterprise }}
+      runner: ${{ github.repository_owner == 'emqx' && 'aws-amd64' || 'ubuntu-22.04' }}
+      builder: "ghcr.io/emqx/emqx-builder/5.1-3:1.14.5-25.3.2-1-ubuntu22.04"
+      builder_vsn: "5.1-3"
+      otp_vsn: "25.3.2-1"
+      elixir_vsn: "1.14.5"
 
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@v3
         with:
-          ref: ${{ github.event.inputs.ref }}
           fetch-depth: 0
-      - name: Work around https://github.com/actions/checkout/issues/766
-        run: |
-          git config --global --add safe.directory "$GITHUB_WORKSPACE"
-      - name: Run gitlint
-        env:
-          BEFORE_REF: ${{ github.event_name == 'pull_request' && github.event.pull_request.base.sha || github.event.before }}
-          AFTER_REF: ${{ github.sha }}
-        run: |
-          pip install --require-hashes -r .ci/gitlint.requirements.txt
-          gitlint --commits $BEFORE_REF..$AFTER_REF --config .github/workflows/.gitlint
-      - name: Run shellcheck
-        run: |
-          DEBIAN_FRONTEND=noninteractive apt-get update -qy && apt-get install -qy shellcheck
-          ./scripts/shellcheck.sh
-      - name: Run shell tests
-        run: |
-          DEBIAN_FRONTEND=noninteractive apt-get update -qy && apt-get install -qy shelltestrunner
-          scripts/shelltest/run_tests.sh
-      - name: Check workflow files
-        env:
-          ACTIONLINT_VSN: 1.6.25
-        run: |
-          wget -q https://github.com/rhysd/actionlint/releases/download/v${ACTIONLINT_VSN}/actionlint_${ACTIONLINT_VSN}_linux_$(dpkg --print-architecture).tar.gz -O actionlint.tar.gz
-          tar zxf actionlint.tar.gz actionlint
-          # TODO: enable shellcheck when all the current issues are fixed
-          ./actionlint -color \
-            -shellcheck= \
-            -ignore 'label ".+" is unknown' \
-            -ignore 'value "emqx-enterprise" in "exclude"' \
-            -ignore 'value "emqx-enterprise-elixir" in "exclude"'
-      - name: Check line-break at EOF
-        run: |
-          ./scripts/check-nl-at-eof.sh
-      - name: Check apps version
-        run: |
-          ./scripts/apps-version-check.sh
-      - name: Setup mix
-        env:
-          MIX_ENV: emqx-enterprise
-          PROFILE: emqx-enterprise
-        run: |
-          # mix local.hex --force --if-missing && mix local.rebar --force --if-missing
-          mix local.hex 2.0.6 --force --if-missing && mix local.rebar --force --if-missing
-      - name: Check formatting
-        env:
-          MIX_ENV: emqx-enterprise
-          PROFILE: emqx-enterprise
-        run: |
-          ./scripts/check-format.sh
-      - name: Run elvis check
-        run: |
-          ./scripts/elvis-check.sh $GITHUB_BASE_REF
-      - name: Generate CT Matrix
+      - uses: ./.github/actions/pr-sanity-checks
+      - name: Build matrix
         id: matrix
         run: |
-          MATRIX="$(./scripts/find-apps.sh --ci)"
+          APPS="$(./scripts/find-apps.sh --ci)"
+          MATRIX="$(echo "${APPS}" | jq -c '
+            [
+              (.[] | select(.profile == "emqx") | . + {
+                builder: "${BUILDER_VSN}",
+                otp: "${OTP_VSN}",
+                elixir: "${ELIXIR_VSN}"
+              }),
+              (.[] | select(.profile == "emqx-enterprise") | . + {
+                builder: "${BUILDER_VSN}",
+                otp: ["${OTP_VSN}"][],
+                elixir: "${ELIXIR_VSN}"
+              })
+            ]
+          ')"
           echo "${MATRIX}" | jq
-          CT_MATRIX="$(echo "${MATRIX}" | jq -c 'map({profile}) | unique')"
-          CT_HOST="$(echo "${MATRIX}"   | jq -c 'map(select(.runner == "host"))')"
+          CT_MATRIX="$(echo "${MATRIX}" | jq -c 'map({profile, builder, otp, elixir}) | unique')"
+          CT_HOST="$(echo "${MATRIX}" | jq -c 'map(select(.runner == "host"))')"
           CT_DOCKER="$(echo "${MATRIX}" | jq -c 'map(select(.runner == "docker"))')"
           echo "ct-matrix=${CT_MATRIX}" | tee -a $GITHUB_OUTPUT
-          echo "ct-host=${CT_HOST}"     | tee -a $GITHUB_OUTPUT
+          echo "ct-host=${CT_HOST}" | tee -a $GITHUB_OUTPUT
           echo "ct-docker=${CT_DOCKER}" | tee -a $GITHUB_OUTPUT
+          echo "version-emqx=$(./pkg-vsn.sh emqx)" | tee -a $GITHUB_OUTPUT
+          echo "version-emqx-enterprise=$(./pkg-vsn.sh emqx-enterprise)" | tee -a $GITHUB_OUTPUT
 
   compile:
-    runs-on: ${{ endsWith(github.repository, '/emqx') && 'ubuntu-22.04' || fromJSON('["self-hosted","ephemeral-xl","linux","x64"]') }}
-    container: ${{ needs.init.outputs.BUILDER }}
+    runs-on: ${{ needs.sanity-checks.outputs.runner }}
+    container: ${{ needs.sanity-checks.outputs.builder }}
     needs:
-      - init
       - sanity-checks
     strategy:
       matrix:
@@ -132,11 +69,8 @@ jobs:
           - emqx
           - emqx-enterprise
 
-    permissions:
-      contents: read
-
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@v3
         with:
           fetch-depth: 0
       - name: Work around https://github.com/actions/checkout/issues/766
@@ -147,98 +81,124 @@ jobs:
           PROFILE: ${{ matrix.profile }}
           ENABLE_COVER_COMPILE: 1
         run: |
-          make ensure-rebar3
-          make ${PROFILE}-compile test-compile
-          echo "PROFILE=${PROFILE}" | tee -a .env
-          echo "PKG_VSN=$(./pkg-vsn.sh ${PROFILE})" | tee -a .env
-          zip -ryq -x@.github/workflows/.zipignore $PROFILE.zip .
-      - uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
+          make $PROFILE
+          zip -ryq $PROFILE.zip .
+      - uses: actions/upload-artifact@v3
         with:
           name: ${{ matrix.profile }}
           path: ${{ matrix.profile }}.zip
-          retention-days: 7
-
-  run_emqx_app_tests:
-    needs:
-      - init
-      - sanity-checks
-      - compile
-    uses: ./.github/workflows/run_emqx_app_tests.yaml
-    with:
-      builder: ${{ needs.init.outputs.BUILDER }}
-      before_ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.base.sha || github.event.before }}
-      after_ref: ${{ github.sha }}
+          retention-days: 1
 
   run_test_cases:
     needs:
-      - init
       - sanity-checks
       - compile
     uses: ./.github/workflows/run_test_cases.yaml
     with:
-      builder: ${{ needs.init.outputs.BUILDER }}
+      runner: ${{ needs.sanity-checks.outputs.runner }}
+      builder: ${{ needs.sanity-checks.outputs.builder }}
       ct-matrix: ${{ needs.sanity-checks.outputs.ct-matrix }}
       ct-host: ${{ needs.sanity-checks.outputs.ct-host }}
       ct-docker: ${{ needs.sanity-checks.outputs.ct-docker }}
 
   static_checks:
     needs:
-      - init
       - sanity-checks
       - compile
     uses: ./.github/workflows/static_checks.yaml
     with:
-      builder: ${{ needs.init.outputs.BUILDER }}
+      runner: ${{ needs.sanity-checks.outputs.runner }}
+      builder: ${{ needs.sanity-checks.outputs.builder }}
       ct-matrix: ${{ needs.sanity-checks.outputs.ct-matrix }}
 
   build_slim_packages:
     needs:
       - sanity-checks
     uses: ./.github/workflows/build_slim_packages.yaml
+    with:
+      runner: ${{ needs.sanity-checks.outputs.runner }}
+      builder: ${{ needs.sanity-checks.outputs.builder }}
+      builder_vsn: ${{ needs.sanity-checks.outputs.builder_vsn }}
+      otp_vsn: ${{ needs.sanity-checks.outputs.otp_vsn }}
+      elixir_vsn: ${{ needs.sanity-checks.outputs.elixir_vsn }}
 
   build_docker_for_test:
     needs:
-      - init
       - sanity-checks
     uses: ./.github/workflows/build_docker_for_test.yaml
+    with:
+      otp_vsn: ${{ needs.sanity-checks.outputs.otp_vsn }}
+      elixir_vsn: ${{ needs.sanity-checks.outputs.elixir_vsn }}
+      version-emqx: ${{ needs.sanity-checks.outputs.version-emqx }}
+      version-emqx-enterprise: ${{ needs.sanity-checks.outputs.version-emqx-enterprise }}
 
   spellcheck:
     needs:
       - sanity-checks
       - build_slim_packages
     uses: ./.github/workflows/spellcheck.yaml
+    with:
+      runner: ${{ needs.sanity-checks.outputs.runner }}
 
   run_conf_tests:
     needs:
-      - init
       - sanity-checks
       - compile
     uses: ./.github/workflows/run_conf_tests.yaml
     with:
-      builder: ${{ needs.init.outputs.BUILDER }}
+      runner: ${{ needs.sanity-checks.outputs.runner }}
+      builder: ${{ needs.sanity-checks.outputs.builder }}
 
   check_deps_integrity:
     needs:
-      - init
       - sanity-checks
     uses: ./.github/workflows/check_deps_integrity.yaml
     with:
-      builder: ${{ needs.init.outputs.BUILDER }}
+      runner: ${{ needs.sanity-checks.outputs.runner }}
+      builder: ${{ needs.sanity-checks.outputs.builder }}
+
+  elixir_release:
+    needs:
+      - sanity-checks
+      - compile
+    uses: ./.github/workflows/elixir_release.yaml
+    with:
+      runner: ${{ needs.sanity-checks.outputs.runner }}
+      builder: ${{ needs.sanity-checks.outputs.builder }}
+
+  run_relup_tests:
+    needs:
+      - sanity-checks
+      - compile
+    uses: ./.github/workflows/run_relup_tests.yaml
+    with:
+      runner: ${{ needs.sanity-checks.outputs.runner }}
+      builder: ${{ needs.sanity-checks.outputs.builder }}
 
   run_jmeter_tests:
     needs:
       - sanity-checks
       - build_docker_for_test
     uses: ./.github/workflows/run_jmeter_tests.yaml
+    with:
+      runner: ${{ needs.sanity-checks.outputs.runner }}
+      version-emqx: ${{ needs.sanity-checks.outputs.version-emqx }}
 
   run_docker_tests:
     needs:
       - sanity-checks
       - build_docker_for_test
     uses: ./.github/workflows/run_docker_tests.yaml
+    with:
+      runner: ${{ needs.sanity-checks.outputs.runner }}
+      version-emqx: ${{ needs.sanity-checks.outputs.version-emqx }}
+      version-emqx-enterprise: ${{ needs.sanity-checks.outputs.version-emqx-enterprise }}
 
   run_helm_tests:
     needs:
       - sanity-checks
       - build_docker_for_test
     uses: ./.github/workflows/run_helm_tests.yaml
+    with:
+      version-emqx: ${{ needs.sanity-checks.outputs.version-emqx }}
+      version-emqx-enterprise: ${{ needs.sanity-checks.outputs.version-emqx-enterprise }}

.github/workflows/_push-entrypoint.yaml

@@ -1,214 +0,0 @@
-name: Push Entrypoint
-
-concurrency:
-  group: push-entrypoint-${{ github.event_name }}-${{ github.ref }}
-  cancel-in-progress: true
-
-on:
-  push:
-    tags:
-      - 'v*'
-    branches:
-      - 'master'
-      - 'release-5[0-9]'
-      - 'ci/**'
-  workflow_dispatch:
-    inputs:
-      ref:
-        required: false
-
-defaults:
-  run:
-    shell: bash
-
-env:
-  IS_CI: 'yes'
-
-jobs:
-  init:
-    runs-on: ubuntu-22.04
-    outputs:
-      BUILDER_VSN: ${{ steps.env.outputs.BUILDER_VSN }}
-      OTP_VSN: ${{ steps.env.outputs.OTP_VSN }}
-      ELIXIR_VSN: ${{ steps.env.outputs.ELIXIR_VSN }}
-      BUILDER: ${{ steps.env.outputs.BUILDER }}
-      BUILD_FROM: ${{ steps.env.outputs.BUILD_FROM }}
-      RUN_FROM: ${{ steps.env.outputs.BUILD_FROM }}
-    steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-        with:
-          ref: ${{ github.event.inputs.ref }}
-      - name: Set up environment
-        id: env
-        run: |
-          source env.sh
-          echo "BUILDER_VSN=$EMQX_BUILDER_VSN" >> "$GITHUB_OUTPUT"
-          echo "OTP_VSN=$OTP_VSN" >> "$GITHUB_OUTPUT"
-          echo "ELIXIR_VSN=$ELIXIR_VSN" >> "$GITHUB_OUTPUT"
-          echo "BUILDER=$EMQX_BUILDER" >> "$GITHUB_OUTPUT"
-          echo "BUILD_FROM=$EMQX_DOCKER_BUILD_FROM" >> "$GITHUB_OUTPUT"
-          echo "RUN_FROM=$EMQX_DOCKER_RUN_FROM" >> "$GITHUB_OUTPUT"
-
-  prepare:
-    runs-on: ubuntu-22.04
-    needs: init
-    container: ${{ needs.init.outputs.BUILDER }}
-    outputs:
-      profile: ${{ steps.parse-git-ref.outputs.profile }}
-      release: ${{ steps.parse-git-ref.outputs.release }}
-      latest: ${{ steps.parse-git-ref.outputs.latest }}
-      ct-matrix: ${{ steps.matrix.outputs.ct-matrix }}
-      ct-host: ${{ steps.matrix.outputs.ct-host }}
-      ct-docker: ${{ steps.matrix.outputs.ct-docker }}
-
-    permissions:
-      contents: read
-
-    steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-        with:
-          ref: ${{ github.event.inputs.ref }}
-          fetch-depth: 0
-      - name: Work around https://github.com/actions/checkout/issues/766
-        shell: bash
-        run: |
-          git config --global --add safe.directory "$GITHUB_WORKSPACE"
-      - name: Detect emqx profile
-        id: parse-git-ref
-        run: |
-          JSON="$(./scripts/parse-git-ref.sh $GITHUB_REF)"
-          PROFILE=$(echo "$JSON" | jq -cr '.profile')
-          RELEASE=$(echo "$JSON" | jq -cr '.release')
-          LATEST=$(echo "$JSON"  | jq -cr '.latest')
-          echo "profile=$PROFILE" | tee -a $GITHUB_OUTPUT
-          echo "release=$RELEASE" | tee -a $GITHUB_OUTPUT
-          echo "latest=$LATEST"   | tee -a $GITHUB_OUTPUT
-      - name: Build matrix
-        id: matrix
-        run: |
-          MATRIX="$(./scripts/find-apps.sh --ci)"
-          echo "${MATRIX}" | jq
-          CT_MATRIX="$(echo "${MATRIX}" | jq -c 'map({profile}) | unique')"
-          CT_HOST="$(echo "${MATRIX}"   | jq -c 'map(select(.runner == "host"))')"
-          CT_DOCKER="$(echo "${MATRIX}" | jq -c 'map(select(.runner == "docker"))')"
-          echo "ct-matrix=${CT_MATRIX}" | tee -a $GITHUB_OUTPUT
-          echo "ct-host=${CT_HOST}"     | tee -a $GITHUB_OUTPUT
-          echo "ct-docker=${CT_DOCKER}" | tee -a $GITHUB_OUTPUT
-
-  build_packages:
-    if: needs.prepare.outputs.release == 'true'
-    needs:
-      - init
-      - prepare
-    uses: ./.github/workflows/build_packages.yaml
-    with:
-      profile: ${{ needs.prepare.outputs.profile }}
-      publish: true
-      otp_vsn: ${{ needs.init.outputs.OTP_VSN }}
-      elixir_vsn: ${{ needs.init.outputs.ELIXIR_VSN }}
-      builder_vsn: ${{ needs.init.outputs.BUILDER_VSN }}
-    secrets: inherit
-
-  build_and_push_docker_images:
-    if: needs.prepare.outputs.release == 'true'
-    needs:
-      - init
-      - prepare
-    uses: ./.github/workflows/build_and_push_docker_images.yaml
-    with:
-      profile: ${{ needs.prepare.outputs.profile }}
-      publish: true
-      latest: ${{ needs.prepare.outputs.latest }}
-      build_from: ${{ needs.init.outputs.BUILD_FROM }}
-      run_from: ${{ needs.init.outputs.RUN_FROM }}
-    secrets: inherit
-
-  build_slim_packages:
-    if: needs.prepare.outputs.release != 'true'
-    needs:
-      - init
-      - prepare
-    uses: ./.github/workflows/build_slim_packages.yaml
-
-  compile:
-    if: needs.prepare.outputs.release != 'true'
-    runs-on: ${{ endsWith(github.repository, '/emqx') && 'ubuntu-22.04' || fromJSON('["self-hosted","ephemeral","linux","x64"]') }}
-    container: ${{ needs.init.outputs.BUILDER }}
-    needs:
-      - init
-      - prepare
-    strategy:
-      matrix:
-        profile:
-          - emqx
-          - emqx-enterprise
-
-    permissions:
-      contents: read
-
-    steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-        with:
-          ref: ${{ github.event.inputs.ref }}
-          fetch-depth: 0
-      - name: Work around https://github.com/actions/checkout/issues/766
-        run: |
-          git config --global --add safe.directory "$GITHUB_WORKSPACE"
-      - id: compile
-        env:
-          PROFILE: ${{ matrix.profile }}
-          ENABLE_COVER_COMPILE: 1
-        run: |
-          make $PROFILE
-          echo "PROFILE=${PROFILE}" | tee -a .env
-          echo "PKG_VSN=$(./pkg-vsn.sh ${PROFILE})" | tee -a .env
-          zip -ryq -x@.github/workflows/.zipignore $PROFILE.zip .
-      - uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
-        with:
-          name: ${{ matrix.profile }}
-          path: ${{ matrix.profile }}.zip
-          retention-days: 1
-
-  run_emqx_app_tests:
-    needs:
-      - init
-      - compile
-    uses: ./.github/workflows/run_emqx_app_tests.yaml
-    with:
-      builder: ${{ needs.init.outputs.BUILDER }}
-      before_ref: ${{ github.event.before }}
-      after_ref: ${{ github.sha }}
-
-  run_test_cases:
-    if: needs.prepare.outputs.release != 'true'
-    needs:
-      - init
-      - prepare
-      - compile
-    uses: ./.github/workflows/run_test_cases.yaml
-    with:
-      builder: ${{ needs.init.outputs.BUILDER }}
-      ct-matrix: ${{ needs.prepare.outputs.ct-matrix }}
-      ct-host: ${{ needs.prepare.outputs.ct-host }}
-      ct-docker: ${{ needs.prepare.outputs.ct-docker }}
-
-  run_conf_tests:
-    if: needs.prepare.outputs.release != 'true'
-    needs:
-      - init
-      - prepare
-      - compile
-    uses: ./.github/workflows/run_conf_tests.yaml
-    with:
-      builder: ${{ needs.init.outputs.BUILDER }}
-
-  static_checks:
-    if: needs.prepare.outputs.release != 'true'
-    needs:
-      - init
-      - prepare
-      - compile
-    uses: ./.github/workflows/static_checks.yaml
-    with:
-      builder: ${{ needs.init.outputs.BUILDER }}
-      ct-matrix: ${{ needs.prepare.outputs.ct-matrix }}

.github/workflows/build_and_push_docker_images.yaml

@@ -4,207 +4,206 @@ concurrency:
   group: docker-build-${{ github.event_name }}-${{ github.ref }}
   cancel-in-progress: true
 
-on:
-  workflow_call:
-    inputs:
-      profile:
-        required: true
-        type: string
-      latest:
-        required: true
-        type: string
-      publish:
-        required: true
-        type: boolean
-      build_from:
-        required: true
-        type: string
-      run_from:
-        required: true
-        type: string
-    secrets:
-      DOCKER_HUB_USER:
-        required: true
-      DOCKER_HUB_TOKEN:
-        required: true
-      AWS_ACCESS_KEY_ID:
-        required: true
-      AWS_SECRET_ACCESS_KEY:
-        required: true
-  workflow_dispatch:
-    inputs:
-      ref:
-        required: false
-      profile:
-        required: false
-        type: string
-        default: 'emqx'
-      latest:
-        required: false
-        type: boolean
-        default: false
-      publish:
-        required: false
-        type: boolean
-        default: false
-      build_from:
-        required: false
-        type: string
-        default: ghcr.io/emqx/emqx-builder/5.3-9:1.15.7-26.2.5-3-debian12
-      run_from:
-        default: public.ecr.aws/debian/debian:stable-20240612-slim
-
-permissions:
-  contents: read
+# on:
+#   push:
+#     tags:
+#     - v*
+#     - e*
+#     - docker-latest-*
+#   workflow_dispatch:
+#     inputs:
+#       branch_or_tag:
+#         required: false
+#       profile:
+#         required: false
+#         default: 'emqx'
+#       is_latest:
+#         required: false
+#         default: false
 
 jobs:
-  build:
-    runs-on: ${{ github.repository_owner == 'emqx' && fromJSON(format('["self-hosted","ephemeral","linux","{0}"]', matrix.arch)) || 'ubuntu-22.04' }}
-    container: ${{ inputs.build_from }}
-    outputs:
-      PKG_VSN: ${{ steps.build.outputs.PKG_VSN }}
+  prepare:
+    runs-on: ubuntu-22.04
+    # prepare source with any OTP version, no need for a matrix
+    container: "ghcr.io/emqx/emqx-builder/5.1-3:1.14.5-25.3.2-1-ubuntu22.04"
 
-    strategy:
-      fail-fast: false
-      matrix:
-        profile:
-          - ${{ inputs.profile }}
-          - ${{ inputs.profile }}-elixir
-        arch:
-          - x64
-          - arm64
+    outputs:
+      PROFILE: ${{ steps.get_profile.outputs.PROFILE }}
+      EDITION: ${{ steps.get_profile.outputs.EDITION }}
+      IS_LATEST: ${{ steps.get_profile.outputs.IS_LATEST }}
+      IS_EXACT_TAG: ${{ steps.get_profile.outputs.IS_EXACT_TAG }}
+      VERSION: ${{ steps.get_profile.outputs.VERSION }}
 
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@v3
         with:
-          ref: ${{ github.event.inputs.ref }}
-      - run: git config --global --add safe.directory "$PWD"
-      - name: build release tarball
-        id: build
+          ref: ${{ github.event.inputs.branch_or_tag }} # when input is not given, the event tag is used
+          path: source
+          fetch-depth: 0
+
+      - name: Get profiles to build
+        id: get_profile
+        env:
+          INPUTS_PROFILE: ${{ github.event.inputs.profile }}
         run: |
-          make ${{ matrix.profile }}-tgz
-      - uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
+          cd source
+          # tag docker-latest-ce or docker-latest-ee
+          if git describe --tags --exact --match 'docker-latest-*' 2>/dev/null; then
+            echo 'is_latest=true due to docker-latest-* tag'
+            is_latest=true
+          elif [ "${{ inputs.is_latest }}" = "true" ]; then
+            echo 'is_latest=true due to manual input from workflow_dispatch'
+            is_latest=true
+          else
+            echo 'is_latest=false'
+            is_latest=false
+          fi
+          # resolve profile
+          if git describe --tags --match "v*" --exact; then
+            echo "This is an exact git tag, will publish images"
+            is_exact='true'
+            PROFILE=emqx
+          elif git describe --tags --match "e*" --exact; then
+            echo "This is an exact git tag, will publish images"
+            is_exact='true'
+            PROFILE=emqx-enterprise
+          else
+            echo "This is NOT an exact git tag, will not publish images"
+            is_exact='false'
+          fi
+
+          case "${PROFILE:-$INPUTS_PROFILE}" in
+            emqx)
+              EDITION='Opensource'
+              ;;
+            emqx-enterprise)
+              EDITION='Enterprise'
+              ;;
+            *)
+              echo "ERROR: Failed to resolve build profile"
+              exit 1
+              ;;
+          esac
+
+          VSN="$(./pkg-vsn.sh "$PROFILE")"
+          echo "Building emqx/$PROFILE:$VSN image (latest=$is_latest)"
+          echo "Push = $is_exact"
+          echo "IS_LATEST=$is_latest" >> $GITHUB_OUTPUT
+          echo "IS_EXACT_TAG=$is_exact" >> $GITHUB_OUTPUT
+          echo "PROFILE=$PROFILE" >> $GITHUB_OUTPUT
+          echo "EDITION=$EDITION" >> $GITHUB_OUTPUT
+          echo "VERSION=$VSN" >> $GITHUB_OUTPUT
+      - name: get_all_deps
+        env:
+          PROFILE: ${{ steps.get_profile.outputs.PROFILE }}
+        run: |
+          zip -ryq source.zip source/* source/.[^.]*
+      - uses: actions/upload-artifact@v3
         with:
-          name: "${{ matrix.profile }}-${{ matrix.arch }}.tar.gz"
-          path: "_packages/emqx*/emqx-*.tar.gz"
-          retention-days: 7
-          overwrite: true
-          if-no-files-found: error
+          name: source
+          path: source.zip
 
   docker:
-    runs-on: ${{ endsWith(github.repository, '/emqx') && 'ubuntu-22.04' || fromJSON('["self-hosted","ephemeral","linux","x64"]') }}
-    needs:
-      - build
-    defaults:
-      run:
-        shell: bash
+    runs-on: ubuntu-22.04
+    needs: prepare
 
     strategy:
       fail-fast: false
       matrix:
         profile:
-          - ["${{ inputs.profile }}", "${{ inputs.profile == 'emqx' && 'docker.io,public.ecr.aws' || 'docker.io' }}"]
-          - ["${{ inputs.profile }}-elixir", "${{ inputs.profile == 'emqx' && 'docker.io,public.ecr.aws' || 'docker.io' }}"]
+          - "${{ needs.prepare.outputs.PROFILE }}"
+        registry:
+          - 'docker.io'
+          - 'public.ecr.aws'
+        os:
+          - [debian11, "debian:11-slim", "deploy/docker/Dockerfile"]
+        # NOTE: 'otp' and 'elixir' are to configure emqx-builder image
+        #       only support latest otp and elixir, not a matrix
+        builder:
+          - 5.1-3 # update to latest
+        otp:
+          - 25.3.2-1
+        elixir:
+          - 'no_elixir'
+          - '1.14.5' # update to latest
+        exclude: # TODO: publish enterprise to ecr too?
+          - registry: 'public.ecr.aws'
+            profile: emqx-enterprise
 
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-        with:
-          ref: ${{ github.event.inputs.ref }}
-      - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
-        with:
-          pattern: "${{ matrix.profile[0] }}-*.tar.gz"
-          path: _packages
-          merge-multiple: true
+    - uses: actions/download-artifact@v3
+      with:
+        name: source
+        path: .
+    - name: unzip source code
+      run: unzip -q source.zip
 
-      - name: Move artifacts to root directory
-        env:
-          PROFILE: ${{ inputs.profile }}
-        run: |
-          ls -lR _packages/$PROFILE
-          mv _packages/$PROFILE/*.tar.gz ./
+    - uses: docker/setup-qemu-action@v2
+    - uses: docker/setup-buildx-action@v2
 
-      - name: Enable containerd image store on Docker Engine
-        run: |
-          echo "$(sudo cat /etc/docker/daemon.json | jq '. += {"features": {"containerd-snapshotter": true}}')" > daemon.json
-          sudo mv daemon.json /etc/docker/daemon.json
-          sudo systemctl restart docker
+    - name: Login to hub.docker.com
+      uses: docker/login-action@v2
+      if: matrix.registry == 'docker.io'
+      with:
+        username: ${{ secrets.DOCKER_HUB_USER }}
+        password: ${{ secrets.DOCKER_HUB_TOKEN }}
 
-      - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0
-      - uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1
+    - name: Login to AWS ECR
+      uses: docker/login-action@v2
+      if: matrix.registry == 'public.ecr.aws'
+      with:
+        registry: public.ecr.aws
+        username: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        ecr: true
 
-      - name: Login to hub.docker.com
-        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
-        if: inputs.publish && contains(matrix.profile[1], 'docker.io')
-        with:
-          username: ${{ secrets.DOCKER_HUB_USER }}
-          password: ${{ secrets.DOCKER_HUB_TOKEN }}
+    - name: prepare for docker/metadata-action
+      id: pre-meta
+      shell: bash
+      run: |
+        extra_labels=
+        img_suffix=
+        if [ "${{ matrix.elixir }}" != 'no_elixir' ]; then
+          img_suffix="-elixir"
+          extra_labels="org.opencontainers.image.elixir.version=${{ matrix.elixir }}"
+        fi
+        extra_deps=
+        if [[ "${{ matrix.profile }}" = *enterprise* ]]; then
+          extra_deps='libsasl2-2,libsasl2-modules-gssapi-mit'
+        fi
 
-      - name: Login to AWS ECR
-        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
-        if: inputs.publish && contains(matrix.profile[1], 'public.ecr.aws')
-        with:
-          registry: public.ecr.aws
-          username: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          ecr: true
+        echo "img_suffix=$img_suffix" >> $GITHUB_OUTPUT
+        echo "extra_labels=$extra_labels" >> $GITHUB_OUTPUT
+        echo "extra_deps=$extra_deps" >> $GITHUB_OUTPUT
 
-      - name: Build docker image for smoke test
-        env:
-          PROFILE: ${{ matrix.profile[0] }}
-          DOCKER_REGISTRY: ${{ matrix.profile[1] }}
-          DOCKER_ORG: ${{ github.repository_owner }}
-          DOCKER_LATEST: ${{ inputs.latest }}
-          DOCKER_PUSH: false
-          DOCKER_BUILD_NOCACHE: true
-          BUILD_FROM: ${{ inputs.build_from }}
-          RUN_FROM: ${{ inputs.run_from }}
-          PKG_VSN: ${{ needs.build.outputs.PKG_VSN }}
-          EMQX_SOURCE_TYPE: tgz
-        run: |
-          ./build ${PROFILE} docker
-          echo "Built tags:"
-          echo "==========="
-          cat .emqx_docker_image_tags
-          echo "==========="
-          echo "_EMQX_DOCKER_IMAGE_TAG=$(head -n 1 .emqx_docker_image_tags)" >> $GITHUB_ENV
+    - uses: docker/metadata-action@v4
+      id: meta
+      with:
+        images: |
+          ${{ matrix.registry }}/${{ github.repository_owner }}/${{ matrix.profile }}
+        flavor: |
+          latest=${{ matrix.elixir == 'no_elixir'  }}
+          suffix=${{ steps.pre-meta.outputs.img_suffix }}
+        tags: |
+          type=semver,pattern={{major}}.{{minor}},value=${{ needs.prepare.outputs.VERSION }}
+          type=semver,pattern={{version}},value=${{ needs.prepare.outputs.VERSION }}
+          type=raw,value=${{ needs.prepare.outputs.VERSION }}
+          type=raw,value=latest,enable=${{ needs.prepare.outputs.IS_LATEST }}
+        labels: |
+          org.opencontainers.image.otp.version=${{ matrix.otp }}
+          org.opencontainers.image.edition=${{ needs.prepare.outputs.EDITION }}
+          ${{ steps.pre-meta.outputs.extra_labels }}
 
-      - name: smoke test
-        timeout-minutes: 1
-        run: |
-          for tag in $(cat .emqx_docker_image_tags); do
-            CID=$(docker run -d -p 18083:18083 $tag)
-            HTTP_PORT=$(docker inspect --format='{{(index (index .NetworkSettings.Ports "18083/tcp") 0).HostPort}}' $CID)
-            ./scripts/test/emqx-smoke-test.sh localhost $HTTP_PORT
-            docker rm -f $CID
-          done
-      - name: dashboard tests
-        working-directory: ./scripts/ui-tests
-        timeout-minutes: 5
-        run: |
-          set -eu
-          docker compose up --abort-on-container-exit --exit-code-from selenium
-          docker compose rm -fsv
-      - name: test node_dump
-        run: |
-          CID=$(docker run -d -P $_EMQX_DOCKER_IMAGE_TAG)
-          docker exec -t -u root -w /root $CID bash -c 'apt-get -y update && apt-get -y install net-tools'
-          docker exec -t -u root $CID node_dump
-          docker rm -f $CID
-
-      - name: Build and push docker image
-        if: inputs.publish || github.repository_owner != 'emqx'
-        env:
-          PROFILE: ${{ matrix.profile[0] }}
-          DOCKER_REGISTRY: ${{ matrix.profile[1] }}
-          DOCKER_ORG: ${{ github.repository_owner }}
-          DOCKER_LATEST: ${{ inputs.latest }}
-          DOCKER_PUSH: true
-          DOCKER_BUILD_NOCACHE: false
-          DOCKER_PLATFORMS: linux/amd64,linux/arm64
-          DOCKER_LOAD: false
-          BUILD_FROM: ${{ inputs.build_from }}
-          RUN_FROM: ${{ inputs.run_from }}
-          PKG_VSN: ${{ needs.build.outputs.PKG_VSN }}
-          EMQX_SOURCE_TYPE: tgz
-        run: |
-          ./build ${PROFILE} docker
+    - uses: docker/build-push-action@v3
+      with:
+        push: ${{ needs.prepare.outputs.IS_EXACT_TAG == 'true' || github.repository_owner != 'emqx' }}
+        pull: true
+        no-cache: true
+        platforms: linux/amd64,linux/arm64
+        tags: ${{ steps.meta.outputs.tags }}
+        labels: ${{ steps.meta.outputs.labels }}
+        build-args: |
+          EMQX_NAME=${{ matrix.profile }}${{ steps.pre-meta.outputs.img_suffix }}
+          EXTRA_DEPS=${{ steps.pre-meta.outputs.extra_deps }}
+        file: source/${{ matrix.os[2] }}
+        context: source

.github/workflows/build_docker_for_test.yaml

@@ -1,20 +1,50 @@
 name: Build docker image for test
 
 concurrency:
-  group: docker-test-build-${{ github.event_name }}-${{ github.ref }}
+  group: docker-test-build-${{ github.event_name }}-${{ github.sha }}
   cancel-in-progress: true
 
 on:
   workflow_call:
-
-permissions:
-  contents: read
+    inputs:
+      otp_vsn:
+        required: true
+        type: string
+      elixir_vsn:
+        required: true
+        type: string
+      version-emqx:
+        required: true
+        type: string
+      version-emqx-enterprise:
+        required: true
+        type: string
+# on:
+#   push:
+#     branches:
+#       - master
+#       - release-51
+#   pull_request:
+#     # GitHub pull_request action is by default triggered when
+#     # opened reopened or synchronize,
+#     # we add labeled and unlabeled to the list because
+#     # the mac job dpends on the PR having a 'Mac' label
+#     types:
+#       - labeled
+#       - unlabeled
+#       - opened
+#       - reopened
+#       - synchronize
+#   workflow_dispatch:
 
 jobs:
   docker:
-    runs-on: ${{ endsWith(github.repository, '/emqx') && 'ubuntu-22.04' || fromJSON('["self-hosted","ephemeral","linux","x64"]') }}
+    runs-on: ubuntu-latest
     env:
       EMQX_NAME: ${{ matrix.profile }}
+      PKG_VSN: ${{ matrix.profile == 'emqx-enterprise' && inputs.version-emqx-enterprise || inputs.version-emqx }}
+      OTP_VSN: ${{ inputs.otp_vsn }}
+      ELIXIR_VSN: ${{ inputs.elixir_vsn }}
 
     strategy:
       fail-fast: false
@@ -23,36 +53,26 @@ jobs:
           - emqx
           - emqx-enterprise
           - emqx-elixir
-          - emqx-enterprise-elixir
 
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-      - name: Set up environment
-        id: env
-        run: |
-          source env.sh
-          PKG_VSN=$(docker run --rm -v $(pwd):$(pwd) -w $(pwd) -u $(id -u) "$EMQX_BUILDER" ./pkg-vsn.sh "$EMQX_NAME")
-          echo "PKG_VSN=$PKG_VSN" >> "$GITHUB_ENV"
+      - uses: actions/checkout@v3
       - name: build and export to Docker
         id: build
         run: |
           make ${EMQX_NAME}-docker
-          echo "_EMQX_DOCKER_IMAGE_TAG=$(head -n 1 .emqx_docker_image_tags)" >> $GITHUB_ENV
+          echo "EMQX_IMAGE_TAG=$(cat .docker_image_tag)" >> $GITHUB_ENV
       - name: smoke test
         run: |
-          CID=$(docker run -d --rm -P $_EMQX_DOCKER_IMAGE_TAG)
+          CID=$(docker run -d --rm -P $EMQX_IMAGE_TAG)
           HTTP_PORT=$(docker inspect --format='{{(index (index .NetworkSettings.Ports "18083/tcp") 0).HostPort}}' $CID)
-          ./scripts/test/emqx-smoke-test.sh localhost $HTTP_PORT || {
-            docker logs $CID
-            exit 1
-          }
+          ./scripts/test/emqx-smoke-test.sh localhost $HTTP_PORT
           docker stop $CID
       - name: export docker image
-        if: always()
         run: |
-          docker save $_EMQX_DOCKER_IMAGE_TAG | gzip > $EMQX_NAME-docker-$PKG_VSN.tar.gz
-      - uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
+          docker save $EMQX_IMAGE_TAG | gzip > $EMQX_NAME-docker-$PKG_VSN.tar.gz
+      - uses: actions/upload-artifact@v3
         with:
           name: "${{ env.EMQX_NAME }}-docker"
           path: "${{ env.EMQX_NAME }}-docker-${{ env.PKG_VSN }}.tar.gz"
           retention-days: 3
+

.github/workflows/build_packages.yaml

@@ -1,90 +1,148 @@
 name: Cross build packages
 
 concurrency:
-  group: build-packages-${{ github.event_name }}-${{ github.ref }}
+  group: build-${{ github.event_name }}-${{ github.ref }}
   cancel-in-progress: true
 
-on:
-  workflow_call:
-    inputs:
-      profile:
-        required: true
-        type: string
-      publish:
-        required: true
-        type: boolean
-      otp_vsn:
-        required: true
-        type: string
-      elixir_vsn:
-        required: true
-        type: string
-      builder_vsn:
-        required: true
-        type: string
-    secrets:
-      AWS_ACCESS_KEY_ID:
-        required: true
-      AWS_SECRET_ACCESS_KEY:
-        required: true
-      AWS_DEFAULT_REGION:
-        required: true
-      AWS_S3_BUCKET:
-        required: true
-      AWS_CLOUDFRONT_ID:
-        required: true
-      APPLE_ID_PASSWORD:
-        required: true
-      APPLE_DEVELOPER_IDENTITY:
-        required: true
-      APPLE_DEVELOPER_ID_BUNDLE:
-        required: true
-      APPLE_DEVELOPER_ID_BUNDLE_PASSWORD:
-        required: true
-  workflow_dispatch:
-    inputs:
-      ref:
-        required: false
-      profile:
-        required: true
-        default: 'emqx'
-      publish:
-        required: false
-        type: boolean
-        default: false
-      otp_vsn:
-        required: false
-        type: string
-        default: '26.2.5-3'
-      elixir_vsn:
-        required: false
-        type: string
-        default: '1.15.7'
-      builder_vsn:
-        required: false
-        type: string
-        default: '5.3-9'
-
-permissions:
-  contents: read
+# on:
+#   push:
+#     branches:
+#     - 'ci/**'
+#     tags:
+#     - v*
+#     - e*
+#   workflow_dispatch:
+#     inputs:
+#       branch_or_tag:
+#         required: false
+#       profile:
+#         required: false
 
 jobs:
+  prepare:
+    runs-on: ubuntu-22.04
+    container: ghcr.io/emqx/emqx-builder/5.1-3:1.14.5-25.3.2-1-ubuntu22.04
+    outputs:
+      BUILD_PROFILE: ${{ steps.get_profile.outputs.BUILD_PROFILE }}
+      IS_EXACT_TAG: ${{ steps.get_profile.outputs.IS_EXACT_TAG }}
+      VERSION: ${{ steps.get_profile.outputs.VERSION }}
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          ref: ${{ github.event.inputs.branch_or_tag }} # when input is not given, the event tag is used
+          fetch-depth: 0
+
+      - name: Get profile to build
+        id: get_profile
+        run: |
+          git config --global --add safe.directory "$GITHUB_WORKSPACE"
+          tag=${{ github.ref }}
+          if git describe --tags --match "[v|e]*" --exact; then
+            echo "WARN: This is an exact git tag, will publish release"
+            is_exact_tag='true'
+          else
+            echo "WARN: This is NOT an exact git tag, will not publish release"
+            is_exact_tag='false'
+          fi
+          echo "IS_EXACT_TAG=${is_exact_tag}" >> $GITHUB_OUTPUT
+          case $tag in
+            refs/tags/v*)
+              PROFILE='emqx'
+              ;;
+            refs/tags/e*)
+              PROFILE=emqx-enterprise
+              ;;
+            *)
+              PROFILE=${{ github.event.inputs.profile }}
+              case "$PROFILE" in
+                emqx)
+                  true
+                  ;;
+                emqx-enterprise)
+                  true
+                  ;;
+                *)
+                  # maybe triggered from schedule
+                  echo "WARN: \"$PROFILE\" is not a valid profile."
+                  echo "building the default profile 'emqx' instead"
+                  PROFILE='emqx'
+                  ;;
+              esac
+              ;;
+          esac
+          echo "BUILD_PROFILE=$PROFILE" >> $GITHUB_OUTPUT
+          echo "VERSION=$(./pkg-vsn.sh $PROFILE)" >> $GITHUB_OUTPUT
+
+  windows:
+    runs-on: windows-2019
+    if: startsWith(github.ref_name, 'v')
+    strategy:
+      fail-fast: false
+      matrix:
+        profile: # for now only CE for windows
+          - emqx
+    steps:
+    - uses: actions/checkout@v3
+      with:
+        ref: ${{ github.event.inputs.branch_or_tag }}
+        fetch-depth: 0
+
+    - uses: ilammy/msvc-dev-cmd@v1.12.0
+    - uses: erlef/setup-beam@v1.16.0
+      with:
+        otp-version: 25.3.2
+    - name: build
+      env:
+        PYTHON: python
+        DIAGNOSTIC: 1
+      run: |
+        # ensure crypto app (openssl)
+        erl -eval "erlang:display(crypto:info_lib())" -s init stop
+        make ${{ matrix.profile }}-tgz
+    - name: run emqx
+      timeout-minutes: 5
+      run: |
+        $ErrorActionPreference = "Stop"
+        ./_build/${{ matrix.profile }}/rel/emqx/bin/emqx start
+        Start-Sleep -s 10
+        $pingOutput = ./_build/${{ matrix.profile }}/rel/emqx/bin/emqx ping
+        if ($pingOutput = 'pong') {
+          echo "EMQX started OK"
+        } else {
+          echo "Failed to ping EMQX $pingOutput"
+          Exit 1
+        }
+        ./_build/${{ matrix.profile }}/rel/emqx/bin/emqx stop
+        echo "EMQX stopped"
+        ./_build/${{ matrix.profile }}/rel/emqx/bin/emqx install
+        echo "EMQX installed"
+        ./_build/${{ matrix.profile }}/rel/emqx/bin/emqx uninstall
+        echo "EMQX uninstalled"
+    - uses: actions/upload-artifact@v3
+      if: success()
+      with:
+        name: ${{ matrix.profile }}
+        path: _packages/${{ matrix.profile }}/
+
   mac:
+    needs: prepare
     strategy:
       fail-fast: false
       matrix:
         profile:
-          - ${{ inputs.profile }}
-        os:
-          - macos-13
-          - macos-14
+          - ${{ needs.prepare.outputs.BUILD_PROFILE }}
         otp:
-          - ${{ inputs.otp_vsn }}
+          - 25.3.2-1
+        os:
+          - macos-11
+          - macos-12
+          - macos-12-arm64
     runs-on: ${{ matrix.os }}
     steps:
-    - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+    - uses: emqx/self-hosted-cleanup-action@v1.0.3
+    - uses: actions/checkout@v3
       with:
-        ref: ${{ github.event.inputs.ref }}
+        ref: ${{ github.event.inputs.branch_or_tag }}
         fetch-depth: 0
     - uses: ./.github/actions/package-macos
       with:
@@ -95,115 +153,146 @@ jobs:
         apple_developer_identity: ${{ secrets.APPLE_DEVELOPER_IDENTITY }}
         apple_developer_id_bundle: ${{ secrets.APPLE_DEVELOPER_ID_BUNDLE }}
         apple_developer_id_bundle_password: ${{ secrets.APPLE_DEVELOPER_ID_BUNDLE_PASSWORD }}
-    - uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
+    - uses: actions/upload-artifact@v3
       if: success()
       with:
-        name: ${{ matrix.profile }}-${{ matrix.os }}-${{ matrix.otp }}
+        name: ${{ matrix.profile }}
         path: _packages/${{ matrix.profile }}/
-        retention-days: 7
 
   linux:
-    runs-on: [self-hosted, ephemeral, linux, "${{ matrix.arch == 'arm64' && 'arm64' || 'x64' }}"]
+    needs: prepare
+    runs-on: ${{ matrix.build_machine }}
+    # always run in builder container because the host might have the wrong OTP version etc.
+    # otherwise buildx.sh does not run docker if arch and os matches the target arch and os.
+    container:
+      image: "ghcr.io/emqx/emqx-builder/${{ matrix.builder }}:${{ matrix.elixir }}-${{ matrix.otp }}-${{ matrix.os }}"
+
     strategy:
       fail-fast: false
       matrix:
         profile:
-          - ${{ inputs.profile }}
+          - ${{ needs.prepare.outputs.BUILD_PROFILE }}
+        otp:
+          - 25.3.2-1
+        arch:
+          - amd64
+          - arm64
         os:
-          - ubuntu24.04
           - ubuntu22.04
           - ubuntu20.04
+          - ubuntu18.04
           - debian12
           - debian11
           - debian10
           - el9
           - el8
+          - el7
           - amzn2
           - amzn2023
-        arch:
-          - amd64
-          - arm64
+        build_machine:
+          - aws-arm64
+          - aws-amd64
+        builder:
+          - 5.1-3
+        elixir:
+          - 1.14.5
         with_elixir:
           - 'no'
-        otp:
-          - ${{ inputs.otp_vsn }}
-        builder:
-          - ${{ inputs.builder_vsn }}
-        elixir:
-          - ${{ inputs.elixir_vsn }}
+        exclude:
+          - arch: arm64
+            build_machine: aws-amd64
+          - arch: amd64
+            build_machine: aws-arm64
         include:
-          - profile: ${{ inputs.profile }}
-            os: ubuntu22.04
+          - profile: emqx
+            otp: 25.3.2-1
             arch: amd64
+            os: ubuntu22.04
+            build_machine: aws-amd64
+            builder: 5.1-3
+            elixir: 1.14.5
             with_elixir: 'yes'
-            otp: ${{ inputs.otp_vsn }}
-            builder: ${{ inputs.builder_vsn }}
-            elixir: ${{ inputs.elixir_vsn }}
 
     defaults:
       run:
         shell: bash
 
     steps:
-    - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+    - uses: AutoModality/action-clean@v1
+
+    - uses: actions/checkout@v3
       with:
-        ref: ${{ github.event.inputs.ref }}
+        ref: ${{ github.event.inputs.branch_or_tag }}
         fetch-depth: 0
-    - name: build tgz
+
+    - name: fix workdir
+      run: |
+        set -eu
+        git config --global --add safe.directory "$GITHUB_WORKSPACE"
+        # Align path for CMake caches
+        if [ ! "$PWD" = "/emqx" ]; then
+          ln -s $PWD /emqx
+          cd /emqx
+        fi
+        echo "pwd is $PWD"
+
+    - name: build emqx packages
       env:
         PROFILE: ${{ matrix.profile }}
-        ARCH: ${{ matrix.arch }}
-        OS: ${{ matrix.os }}
         IS_ELIXIR: ${{ matrix.with_elixir }}
-        BUILDER: "ghcr.io/emqx/emqx-builder/${{ matrix.builder }}:${{ matrix.elixir }}-${{ matrix.otp }}-${{ matrix.os }}"
-        BUILDER_SYSTEM: force_docker
+        ACLOCAL_PATH: "/usr/share/aclocal:/usr/local/share/aclocal"
       run: |
-        ./scripts/buildx.sh \
-          --profile $PROFILE \
-          --arch $ARCH \
-          --builder $BUILDER \
-          --elixir $IS_ELIXIR \
-          --pkgtype tgz
-    - name: build pkg
-      if: matrix.with_elixir == 'no'
+        set -eu
+        if [ "${IS_ELIXIR:-}" == 'yes' ]; then
+          make "${PROFILE}-elixir-tgz"
+        else
+          make "${PROFILE}-tgz"
+          make "${PROFILE}-pkg"
+        fi
+    - name: test emqx packages
       env:
         PROFILE: ${{ matrix.profile }}
-        ARCH: ${{ matrix.arch }}
-        OS: ${{ matrix.os }}
         IS_ELIXIR: ${{ matrix.with_elixir }}
-        BUILDER: "ghcr.io/emqx/emqx-builder/${{ matrix.builder }}:${{ matrix.elixir }}-${{ matrix.otp }}-${{ matrix.os }}"
-        BUILDER_SYSTEM: force_docker
       run: |
-        ./scripts/buildx.sh \
-          --profile $PROFILE \
-          --arch $ARCH \
-          --builder $BUILDER \
-          --elixir $IS_ELIXIR \
-          --pkgtype pkg
-    - uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
+        set -eu
+        if [ "${IS_ELIXIR:-}" == 'yes' ]; then
+          ./scripts/pkg-tests.sh "${PROFILE}-elixir-tgz"
+        else
+          ./scripts/pkg-tests.sh "${PROFILE}-tgz"
+          ./scripts/pkg-tests.sh "${PROFILE}-pkg"
+        fi
+    - uses: actions/upload-artifact@v3
       with:
-        name: ${{ matrix.profile }}-${{ matrix.os }}-${{ matrix.arch }}${{ matrix.with_elixir == 'yes' && '-elixir' || '' }}-${{ matrix.builder }}-${{ matrix.otp }}-${{ matrix.elixir }}
+        name: ${{ matrix.profile }}
         path: _packages/${{ matrix.profile }}/
-        retention-days: 7
 
   publish_artifacts:
-    runs-on: ubuntu-latest
-    needs:
-      - mac
-      - linux
-    if: inputs.publish
+    runs-on: ubuntu-22.04
+    needs: [prepare, mac, linux]
+    if: needs.prepare.outputs.IS_EXACT_TAG == 'true'
     strategy:
       fail-fast: false
       matrix:
         profile:
-          - ${{ inputs.profile }}
+          - ${{ needs.prepare.outputs.BUILD_PROFILE }}
     steps:
-    - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
+    - uses: actions/download-artifact@v3
       with:
-        pattern: "${{ matrix.profile }}-*"
+        name: ${{ matrix.profile }}
         path: packages/${{ matrix.profile }}
-        merge-multiple: true
-    - uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
+    - name: install dos2unix
+      run: sudo apt-get update && sudo apt install -y dos2unix
+    - name: get packages
+      run: |
+        set -e -u
+        cd packages/${{ matrix.profile }}
+        # fix the .sha256 file format
+        for var in $(ls | grep emqx | grep -v sha256); do
+          dos2unix $var.sha256
+          echo "$(cat $var.sha256) $var" | sha256sum -c || exit 1
+        done
+        cd -
+    - uses: aws-actions/configure-aws-credentials@v2
       with:
         aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
         aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
@@ -211,11 +300,8 @@ jobs:
     - name: upload to aws s3
       env:
         PROFILE: ${{ matrix.profile }}
-        REF_NAME: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.ref || github.ref_name }}
-        AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }}
-        AWS_CLOUDFRONT_ID: ${{ secrets.AWS_CLOUDFRONT_ID }}
       run: |
-        set -eu
+        set -e -u
         if [ $PROFILE = 'emqx' ]; then
             s3dir='emqx-ce'
         elif [ $PROFILE = 'emqx-enterprise' ]; then
@@ -224,5 +310,5 @@ jobs:
             echo "unknown profile $PROFILE"
             exit 1
         fi
-        aws s3 cp --recursive packages/$PROFILE s3://$AWS_S3_BUCKET/$s3dir/$REF_NAME
-        aws cloudfront create-invalidation --distribution-id "$AWS_CLOUDFRONT_ID" --paths "/$s3dir/$REF_NAME/*"
+        aws s3 cp --recursive packages/$PROFILE s3://${{ secrets.AWS_S3_BUCKET }}/$s3dir/${{ github.ref_name }}
+        aws cloudfront create-invalidation --distribution-id ${{ secrets.AWS_CLOUDFRONT_ID }} --paths "/$s3dir/${{ github.ref_name }}/*"

.github/workflows/build_packages_cron.yaml

@@ -9,59 +9,70 @@ on:
     - cron:  '0 */6 * * *'
   workflow_dispatch:
 
-permissions:
-  contents: read
-
 jobs:
   linux:
     if: github.repository_owner == 'emqx'
-    runs-on: ${{ endsWith(github.repository, '/emqx') && 'ubuntu-22.04' || fromJSON('["self-hosted","ephemeral","linux","x64"]') }}
+    runs-on: aws-${{ matrix.arch }}
+    # always run in builder container because the host might have the wrong OTP version etc.
+    # otherwise buildx.sh does not run docker if arch and os matches the target arch and os.
+    container:
+      image: "ghcr.io/emqx/emqx-builder/${{ matrix.builder }}:${{ matrix.elixir }}-${{ matrix.otp }}-${{ matrix.os }}"
 
     strategy:
       fail-fast: false
       matrix:
         profile:
           - ['emqx', 'master']
-          - ['emqx', 'release-57']
-          - ['emqx', 'release-58']
+          - ['emqx-enterprise', 'release-51']
+        otp:
+          - 25.3.2-1
+        arch:
+          - amd64
         os:
-          - ubuntu22.04
+          - debian10
           - amzn2023
-
-    env:
-      PROFILE: ${{ matrix.profile[0] }}
-      OS: ${{ matrix.os }}
-      BUILDER_SYSTEM: force_docker
+        builder:
+          - 5.1-3
+        elixir:
+          - 1.14.5
 
     defaults:
       run:
         shell: bash
 
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: emqx/self-hosted-cleanup-action@v1.0.3
+      - uses: actions/checkout@v3
         with:
           ref: ${{ matrix.profile[1] }}
           fetch-depth: 0
-      - name: Set up environment
-        id: env
+
+      - name: build emqx packages
+        env:
+          ELIXIR: ${{ matrix.elixir }}
+          PROFILE: ${{ matrix.profile[0] }}
+          ARCH: ${{ matrix.arch }}
         run: |
-          source env.sh
-          BUILDER="ghcr.io/emqx/emqx-builder/${EMQX_BUILDER_VSN}:${ELIXIR_VSN}-${OTP_VSN}-${OS}"
-          echo "BUILDER=$BUILDER" >> "$GITHUB_ENV"
-      - name: build tgz
-        run: |
-          ./scripts/buildx.sh --profile "$PROFILE" --pkgtype tgz --builder "$BUILDER"
-      - name: build pkg
-        run: |
-          ./scripts/buildx.sh --profile "$PROFILE" --pkgtype pkg --builder "$BUILDER"
-      - uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
+          set -eu
+          git config --global --add safe.directory "$GITHUB_WORKSPACE"
+          PKGTYPES="tgz pkg"
+          IS_ELIXIR="no"
+          for PKGTYPE in ${PKGTYPES};
+          do
+            ./scripts/buildx.sh \
+              --profile "${PROFILE}" \
+              --pkgtype "${PKGTYPE}" \
+              --arch "${ARCH}" \
+              --elixir "${IS_ELIXIR}" \
+              --builder "force_host"
+          done
+      - uses: actions/upload-artifact@v3
         if: success()
         with:
-          name: ${{ matrix.profile[0] }}-${{ matrix.profile[1] }}-${{ matrix.os }}
+          name: ${{ matrix.profile[0] }}
           path: _packages/${{ matrix.profile[0] }}/
-          retention-days: 7
       - name: Send notification to Slack
-        uses: slackapi/slack-github-action@70cd7be8e40a46e8b0eced40b0de447bdb42f68e # v1.26.0
+        uses: slackapi/slack-github-action@v1.23.0
         if: failure()
         env:
           SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
@@ -80,36 +91,34 @@ jobs:
           - emqx
         branch:
           - master
+        otp:
+          - 25.3.2-1
         os:
-          - macos-14-arm64
+          - macos-12
+          - macos-12-arm64
 
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: emqx/self-hosted-cleanup-action@v1.0.3
+      - uses: actions/checkout@v3
         with:
           ref: ${{ matrix.branch }}
           fetch-depth: 0
-      - name: Set up environment
-        id: env
-        run: |
-          source env.sh
-          echo "OTP_VSN=$OTP_VSN" >> "$GITHUB_OUTPUT"
       - uses: ./.github/actions/package-macos
         with:
           profile: ${{ matrix.profile }}
-          otp: ${{ steps.env.outputs.OTP_VSN }}
+          otp: ${{ matrix.otp }}
           os: ${{ matrix.os }}
           apple_id_password: ${{ secrets.APPLE_ID_PASSWORD }}
           apple_developer_identity: ${{ secrets.APPLE_DEVELOPER_IDENTITY }}
           apple_developer_id_bundle: ${{ secrets.APPLE_DEVELOPER_ID_BUNDLE }}
           apple_developer_id_bundle_password: ${{ secrets.APPLE_DEVELOPER_ID_BUNDLE_PASSWORD }}
-      - uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
+      - uses: actions/upload-artifact@v3
         if: success()
         with:
-          name: ${{ matrix.profile }}-${{ matrix.os }}
+          name: ${{ matrix.profile }}
           path: _packages/${{ matrix.profile }}/
-          retention-days: 7
       - name: Send notification to Slack
-        uses: slackapi/slack-github-action@70cd7be8e40a46e8b0eced40b0de447bdb42f68e # v1.26.0
+        uses: slackapi/slack-github-action@v1.23.0
         if: failure()
         env:
           SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}

.github/workflows/build_slim_packages.yaml

@@ -1,90 +1,180 @@
 name: Build slim packages
 
 concurrency:
-  group: slim-${{ github.event_name }}-${{ github.ref }}
+  group: slim-${{ github.event_name }}-${{ github.sha }}
   cancel-in-progress: true
 
 on:
   workflow_call:
-  workflow_dispatch:
     inputs:
-      ref:
-        required: false
-
-permissions:
-  contents: read
+      runner:
+        required: true
+        type: string
+      builder:
+        required: true
+        type: string
+      builder_vsn:
+        required: true
+        type: string
+      otp_vsn:
+        required: true
+        type: string
+      elixir_vsn:
+        required: true
+        type: string
+# on:
+#   push:
+#     branches:
+#       - master
+#       - release-51
+#   pull_request:
+#     # GitHub pull_request action is by default triggered when
+#     # opened reopened or synchronize,
+#     # we add labeled and unlabeled to the list because
+#     # the mac job dpends on the PR having a 'Mac' label
+#     types:
+#       - labeled
+#       - unlabeled
+#       - opened
+#       - reopened
+#       - synchronize
+#   workflow_dispatch:
 
 jobs:
   linux:
-    runs-on: ${{ github.repository_owner == 'emqx' && fromJSON(format('["self-hosted","ephemeral","linux","{0}"]', matrix.profile[2])) || 'ubuntu-22.04' }}
+    runs-on: ${{ inputs.runner }}
     env:
-      PROFILE: ${{ matrix.profile[0] }}
-      ELIXIR: ${{ matrix.profile[1] == 'elixir' && 'yes' || 'no' }}
-      ARCH: ${{ matrix.profile[2] == 'x64' && 'amd64' || 'arm64' }}
-      BUILDER_SYSTEM: force_docker
+      EMQX_NAME: ${{ matrix.profile[0] }}
 
     strategy:
       fail-fast: false
       matrix:
         profile:
-          - ["emqx", "elixir", "x64"]
-          - ["emqx", "elixir", "arm64"]
-          - ["emqx-enterprise", "erlang", "x64"]
+          - ["emqx", "25.3.2-1", "el7", "erlang"]
+          - ["emqx", "25.3.2-1", "ubuntu22.04", "elixir"]
+          - ["emqx-enterprise", "25.3.2-1", "amzn2023", "erlang"]
+          - ["emqx-enterprise", "25.3.2-1", "ubuntu20.04", "erlang"]
+
+    container: "ghcr.io/emqx/emqx-builder/${{ inputs.builder_vsn }}:${{ inputs.elixir_vsn }}-${{ matrix.profile[1] }}-${{ matrix.profile[2] }}"
 
     steps:
-    - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+    - uses: AutoModality/action-clean@v1
+    - uses: actions/checkout@v3
       with:
         fetch-depth: 0
-    - name: build tgz
+    - name: Work around https://github.com/actions/checkout/issues/766
       run: |
-        ./scripts/buildx.sh --profile $PROFILE --pkgtype tgz --elixir $ELIXIR --arch $ARCH
-    - name: build pkg
+        git config --global --add safe.directory "$GITHUB_WORKSPACE"
+        echo "CODE_PATH=$GITHUB_WORKSPACE" >> $GITHUB_ENV
+    - name: build and test tgz package
+      if: matrix.profile[3] == 'erlang'
       run: |
-        ./scripts/buildx.sh --profile $PROFILE --pkgtype pkg --elixir $ELIXIR --arch $ARCH
-    - uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
+        make ${EMQX_NAME}-tgz
+        ./scripts/pkg-tests.sh ${EMQX_NAME}-tgz
+    - name: build and test deb/rpm packages
+      if: matrix.profile[3] == 'erlang'
+      run: |
+        make ${EMQX_NAME}-pkg
+        ./scripts/pkg-tests.sh ${EMQX_NAME}-pkg
+    - name: build and test tgz package (Elixir)
+      if: matrix.profile[3] == 'elixir'
+      run: |
+        make ${EMQX_NAME}-elixir-tgz
+        ./scripts/pkg-tests.sh ${EMQX_NAME}-elixir-tgz
+    - name: build and test deb/rpm packages (Elixir)
+      if: matrix.profile[3] == 'elixir'
+      run: |
+        make ${EMQX_NAME}-elixir-pkg
+        ./scripts/pkg-tests.sh ${EMQX_NAME}-elixir-pkg
+    - uses: actions/upload-artifact@v3
       with:
         name: "${{ matrix.profile[0] }}-${{ matrix.profile[1] }}-${{ matrix.profile[2] }}"
         path: _packages/${{ matrix.profile[0] }}/*
         retention-days: 7
-        compression-level: 0
-    - uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
+    - uses: actions/upload-artifact@v3
       with:
-        name: "${{ matrix.profile[0] }}-schema-dump-${{ matrix.profile[1] }}-${{ matrix.profile[2] }}"
+        name: "${{ matrix.profile[0] }}_schema_dump"
         path: |
           scripts/spellcheck
           _build/docgen/${{ matrix.profile[0] }}/schema-en.json
         retention-days: 7
 
+  windows:
+    runs-on: windows-2019
+    strategy:
+      fail-fast: false
+      matrix:
+        profile:
+          - emqx
+        otp:
+          - 25.3.2
+    steps:
+    - uses: actions/checkout@v3
+    - uses: ilammy/msvc-dev-cmd@v1.12.0
+    - uses: erlef/setup-beam@v1.16.0
+      with:
+        otp-version: ${{ matrix.otp }}
+    - name: build
+      env:
+        PYTHON: python
+        DIAGNOSTIC: 1
+      run: |
+        # ensure crypto app (openssl)
+        erl -eval "erlang:display(crypto:info_lib())" -s init stop
+        make ${{ matrix.profile }}-tgz
+    - name: run emqx
+      timeout-minutes: 5
+      run: |
+        ./_build/${{ matrix.profile }}/rel/emqx/bin/emqx start
+        Start-Sleep -s 10
+        $pingOutput = ./_build/${{ matrix.profile }}/rel/emqx/bin/emqx ping
+        if ($pingOutput = 'pong') {
+          echo "EMQX started OK"
+        } else {
+          echo "Failed to ping EMQX $pingOutput"
+          Exit 1
+        }
+        ./_build/${{ matrix.profile }}/rel/emqx/bin/emqx stop
+        echo "EMQX stopped"
+        ./_build/${{ matrix.profile }}/rel/emqx/bin/emqx install
+        echo "EMQX installed"
+        ./_build/${{ matrix.profile }}/rel/emqx/bin/emqx uninstall
+        echo "EMQX uninstalled"
+    - uses: actions/upload-artifact@v3
+      with:
+        name: windows
+        path: _packages/${{ matrix.profile }}/*
+        retention-days: 7
+
   mac:
     strategy:
       fail-fast: false
       matrix:
         profile:
         - emqx
+        - emqx-enterprise
+        otp:
+        - ${{ inputs.otp_vsn }}
         os:
-        - macos-14-arm64
+        - macos-12-arm64
+        - macos-13
 
     runs-on: ${{ matrix.os }}
     env:
       EMQX_NAME: ${{ matrix.profile }}
 
     steps:
-    - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-    - name: Set up environment
-      id: env
-      run: |
-        source env.sh
-        echo "OTP_VSN=$OTP_VSN" >> "$GITHUB_OUTPUT"
+    - uses: actions/checkout@v3
     - uses: ./.github/actions/package-macos
       with:
         profile: ${{ matrix.profile }}
-        otp: ${{ steps.env.outputs.OTP_VSN }}
+        otp: ${{ matrix.otp }}
         os: ${{ matrix.os }}
         apple_id_password: ${{ secrets.APPLE_ID_PASSWORD }}
         apple_developer_identity: ${{ secrets.APPLE_DEVELOPER_IDENTITY }}
         apple_developer_id_bundle: ${{ secrets.APPLE_DEVELOPER_ID_BUNDLE }}
         apple_developer_id_bundle_password: ${{ secrets.APPLE_DEVELOPER_ID_BUNDLE_PASSWORD }}
-    - uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
+    - uses: actions/upload-artifact@v3
       with:
         name: ${{ matrix.os }}
         path: _packages/**/*

.github/workflows/check_deps_integrity.yaml

@@ -3,44 +3,43 @@ name: Check integrity of rebar and mix dependencies
 on:
   workflow_call:
     inputs:
+      runner:
+        required: true
+        type: string
       builder:
         required: true
         type: string
 
-permissions:
-  contents: read
-
 jobs:
   check_deps_integrity:
-    runs-on: ${{ endsWith(github.repository, '/emqx') && 'ubuntu-22.04' || fromJSON('["self-hosted","ephemeral","linux","x64"]') }}
+    runs-on: ${{ inputs.runner }}
     container: ${{ inputs.builder }}
-    env:
-      MIX_ENV: ${{ matrix.profile }}
-      PROFILE: ${{ matrix.profile }}
-    strategy:
-      matrix:
-        profile:
-          - emqx-enterprise
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@v3
       - run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
       - run: make ensure-rebar3
       - run: ./scripts/check-deps-integrity.escript
       - name: Setup mix
+        env:
+          MIX_ENV: emqx-enterprise
+          PROFILE: emqx-enterprise
         run: |
-          # mix local.hex --force
-          mix local.hex 2.0.6 --force
+          mix local.hex --force
           mix local.rebar --force
           mix deps.get
-      - name: print mix dependency tree
-        run: mix deps.tree
       - run: ./scripts/check-elixir-deps-discrepancies.exs
+        env:
+          MIX_ENV: emqx-enterprise
+          PROFILE: emqx-enterprise
       - run: ./scripts/check-elixir-applications.exs
+        env:
+          MIX_ENV: emqx-enterprise
+          PROFILE: emqx-enterprise
       - name: Upload produced lock files
-        uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
+        uses: actions/upload-artifact@v3
         if: failure()
         with:
-          name: ${{ matrix.profile }}_produced_lock_files
+          name: produced_lock_files
           path: |
             mix.lock
             rebar.lock

.github/workflows/codeql.yaml

@@ -4,39 +4,40 @@ on:
   schedule:
     - cron: '33 14 * * 4'
   workflow_dispatch:
-
-permissions:
-  contents: read
+    inputs:
+      ref:
+        required: false
 
 jobs:
   analyze:
-    if: github.repository == 'emqx/emqx'
     name: Analyze
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-latest
     timeout-minutes: 360
     permissions:
       actions: read
+      contents: read
       security-events: write
+    container:
+      image: ghcr.io/emqx/emqx-builder/5.1-1:1.14.5-25.3.2-1-ubuntu22.04
 
     strategy:
       fail-fast: false
       matrix:
-        branch:
-          - master
-          - release-57
-          - release-58
-        language:
-          - cpp
-          - python
+        language: [ 'cpp', 'python' ]
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      uses: actions/checkout@v3
       with:
-        ref: ${{ matrix.branch }}
+        ref: ${{ github.event.inputs.ref }}
+
+    - name: Ensure git safe dir
+      run: |
+        git config --global --add safe.directory "$GITHUB_WORKSPACE"
+        make ensure-rebar3
 
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@7e187e1c529d80bac7b87a16e7a792427f65cf02 # v2.15.5
+      uses: github/codeql-action/init@v2
       with:
         languages: ${{ matrix.language }}
 
@@ -45,9 +46,16 @@ jobs:
       env:
         PROFILE: emqx-enterprise
       run: |
-        ./scripts/buildx.sh --profile emqx-enterprise --pkgtype rel
+        make emqx-enterprise-compile
+
+    - name: Fetch deps
+      if: matrix.language == 'python'
+      env:
+        PROFILE: emqx-enterprise
+      run: |
+        make deps-emqx-enterprise
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@7e187e1c529d80bac7b87a16e7a792427f65cf02 # v2.15.5
+      uses: github/codeql-action/analyze@v2
       with:
         category: "/language:${{matrix.language}}"

.github/workflows/elixir_release.yaml

@@ -0,0 +1,50 @@
+# FIXME: temporary workflow for testing; remove later
+name: Elixir Build (temporary)
+
+concurrency:
+  group: mix-${{ github.event_name }}-${{ github.ref }}
+  cancel-in-progress: true
+
+on:
+  workflow_call:
+    inputs:
+      runner:
+        required: true
+        type: string
+      builder:
+        required: true
+        type: string
+# on:
+#   pull_request:
+#   workflow_dispatch:
+
+jobs:
+  elixir_release_build:
+    runs-on: ${{ inputs.runner }}
+    container: ${{ inputs.builder }}
+    strategy:
+      matrix:
+        profile:
+          - emqx
+          - emqx-enterprise
+    steps:
+      - uses: actions/download-artifact@v3
+        with:
+          name: ${{ matrix.profile }}
+      - name: extract artifact
+        run: |
+          unzip -o -q ${{ matrix.profile }}.zip
+          git config --global --add safe.directory "$GITHUB_WORKSPACE"
+      - name: elixir release
+        run: make ${{ matrix.profile }}-elixir
+      - name: start release
+        run: |
+          _build/${{ matrix.profile }}/rel/emqx/bin/emqx start
+      - name: check if started
+        run: |
+          set -e
+          sleep 10
+          timeout 1 bash -c '</dev/tcp/localhost/1883'
+          _build/${{ matrix.profile }}/rel/emqx/bin/emqx ping
+          _build/${{ matrix.profile }}/rel/emqx/bin/emqx ctl status
+          ./scripts/test/emqx-smoke-test.sh localhost 18083