chore: bump version

* Make sure that a rule that refer to a bridge that has been converted to
a bridge V2 bridge gets its type converted if needed.
* Add test case for sending message to a Bridge V2 through a rule

.ci/docker-compose-file/.env

@@ -10,19 +10,10 @@ CASSANDRA_TAG=3.11
 MINIO_TAG=RELEASE.2023-03-20T20-16-18Z
 OPENTS_TAG=9aa7f88
 KINESIS_TAG=2.1
-HSTREAMDB_TAG=v0.19.3
+HSTREAMDB_TAG=v0.16.1
 HSTREAMDB_ZK_TAG=3.8.1
 
 MS_IMAGE_ADDR=mcr.microsoft.com/mssql/server
 SQLSERVER_TAG=2019-CU19-ubuntu-20.04
 
-
-# Password for the 'elastic' user (at least 6 characters)
-ELASTIC_PASSWORD="emqx123"
-# Password for the 'kibana_system' user (at least 6 characters)
-KIBANA_PASSWORD="emqx123"
-# Version of Elastic products
-ELASTIC_TAG=8.11.4
-LICENSE=basic
-
 TARGET=emqx/emqx

.ci/docker-compose-file/credentials.env

@@ -1,7 +0,0 @@
-MONGO_USERNAME=emqx
-MONGO_PASSWORD=passw0rd
-MONGO_AUTHSOURCE=admin
-
-# See "Environment Variables" @ https://hub.docker.com/_/mongo
-MONGO_INITDB_ROOT_USERNAME=${MONGO_USERNAME}
-MONGO_INITDB_ROOT_PASSWORD=${MONGO_PASSWORD}

.ci/docker-compose-file/docker-compose-azurite.yaml

@@ -1,24 +0,0 @@
-version: '3.9'
-
-services:
-  azurite:
-    container_name: azurite
-    image: mcr.microsoft.com/azure-storage/azurite:3.30.0
-    restart: always
-    expose:
-      - "10000"
-    # ports:
-    #   - "10000:10000"
-    networks:
-      - emqx_bridge
-    healthcheck:
-      test: ["CMD", "curl", "-f", "http://localhost:10000"]
-      interval: 30s
-      timeout: 5s
-      retries: 4
-    command:
-      - azurite-blob
-      - "--blobHost"
-      - 0.0.0.0
-      - "-d"
-      - debug.log

.ci/docker-compose-file/docker-compose-couchbase.yaml

@@ -1,30 +0,0 @@
-version: '3.9'
-
-services:
-  couchbase:
-    container_name: couchbase
-    hostname: couchbase
-    image: ghcr.io/emqx/couchbase:1.0.0
-    restart: always
-    expose:
-      - 8091-8093
-    # ports:
-    #   - "8091-8093:8091-8093"
-    networks:
-      - emqx_bridge
-    healthcheck:
-      test: ["CMD", "curl", "-f", "http://localhost:8093/admin/ping"]
-      interval: 30s
-      timeout: 5s
-      retries: 4
-    environment:
-      - CLUSTER=localhost
-      - USER=admin
-      - PASS=public
-      - PORT=8091
-      - RAMSIZEMB=2048
-      - RAMSIZEINDEXMB=512
-      - RAMSIZEFTSMB=512
-      - BUCKETS=mqtt
-      - BUCKETSIZES=100
-      - AUTOREBALANCE=true

.ci/docker-compose-file/docker-compose-elastic-search-tls.yaml

@@ -1,111 +0,0 @@
-version: "3.9"
-
-# hint: run the following if the container fails to start locally
-# sysctl -w vm.max_map_count=262144
-services:
-  setup:
-    image: public.ecr.aws/elastic/elasticsearch:${ELASTIC_TAG}
-    volumes:
-      - ./elastic:/usr/share/elasticsearch/config/certs
-    user: "0"
-    command: >
-      bash -c '
-        if [ x${ELASTIC_PASSWORD} == x ]; then
-          echo "Set the ELASTIC_PASSWORD environment variable in the .env file";
-          exit 1;
-        elif [ x${KIBANA_PASSWORD} == x ]; then
-          echo "Set the KIBANA_PASSWORD environment variable in the .env file";
-          exit 1;
-        fi;
-        echo "Setting file permissions"
-        chown -R root:root config/certs;
-        find . -type d -exec chmod 750 \{\} \;;
-        find . -type f -exec chmod 640 \{\} \;;
-        echo "Waiting for Elasticsearch availability";
-        until curl -s --cacert config/certs/ca/ca.crt https://es01:9200 | grep -q "missing authentication credentials"; do sleep 30; done;
-        echo "Setting kibana_system password";
-        until curl -s -X POST --cacert config/certs/ca/ca.crt -u "elastic:${ELASTIC_PASSWORD}" -H "Content-Type: application/json" https://es01:9200/_security/user/kibana_system/_password -d "{\"password\":\"${KIBANA_PASSWORD}\"}" | grep -q "^{}"; do sleep 10; done;
-        echo "All done!";
-      '
-    healthcheck:
-      test: ["CMD-SHELL", "[ -f config/certs/ca/ca.crt ]"]
-      interval: 1s
-      timeout: 5s
-      retries: 120
-
-  es01:
-    depends_on:
-      setup:
-        condition: service_healthy
-    image: public.ecr.aws/elastic/elasticsearch:${ELASTIC_TAG}
-    container_name: elasticsearch
-    hostname: elasticsearch
-    volumes:
-      - ./elastic:/usr/share/elasticsearch/config/certs
-      - esdata01:/usr/share/elasticsearch/data
-    ports:
-      - 9200:9200
-    environment:
-      - node.name=es01
-      - ELASTIC_PASSWORD=${ELASTIC_PASSWORD}
-      - bootstrap.memory_lock=true
-      - discovery.type=single-node
-      - xpack.security.enabled=true
-      - xpack.security.http.ssl.enabled=true
-      - xpack.security.http.ssl.key=certs/es01/es01.key
-      - xpack.security.http.ssl.certificate=certs/es01/es01.crt
-      - xpack.security.http.ssl.certificate_authorities=certs/ca/ca.crt
-      - xpack.license.self_generated.type=${LICENSE}
-    mem_limit: 4G
-    ulimits:
-      memlock:
-        soft: -1
-        hard: -1
-    healthcheck:
-      test:
-        [
-          "CMD-SHELL",
-          "curl -s --cacert config/certs/ca/ca.crt https://localhost:9200 | grep -q 'missing authentication credentials'",
-        ]
-      interval: 10s
-      timeout: 10s
-      retries: 120
-    restart: always
-    networks:
-      - emqx_bridge
-
-  kibana:
-    depends_on:
-      es01:
-        condition: service_healthy
-    image: public.ecr.aws/elastic/kibana:${ELASTIC_TAG}
-    volumes:
-      - ./elastic:/usr/share/kibana/config/certs
-      - kibanadata:/usr/share/kibana/data
-    ports:
-      - 5601:5601
-    environment:
-      - SERVERNAME=kibana
-      - ELASTICSEARCH_HOSTS=https://es01:9200
-      - ELASTICSEARCH_USERNAME=kibana_system
-      - ELASTICSEARCH_PASSWORD=${KIBANA_PASSWORD}
-      - ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=config/certs/ca/ca.crt
-    mem_limit: 1073741824
-    healthcheck:
-      test:
-        [
-          "CMD-SHELL",
-          "curl -s -I http://localhost:5601 | grep -q 'HTTP/1.1 302 Found'",
-        ]
-      interval: 10s
-      timeout: 10s
-      retries: 120
-    restart: always
-    networks:
-      - emqx_bridge
-
-volumes:
-  esdata01:
-    driver: local
-  kibanadata:
-    driver: local

.ci/docker-compose-file/docker-compose-greptimedb.yaml

@@ -4,7 +4,7 @@ services:
   greptimedb:
     container_name: greptimedb
     hostname: greptimedb
-    image: greptime/greptimedb:v0.7.1
+    image: greptime/greptimedb:0.3.2
     expose:
       - "4000"
       - "4001"

.ci/docker-compose-file/docker-compose-iotdb.yaml

@@ -1,53 +1,24 @@
 version: '3.9'
 
 services:
-  iotdb_1_3_0:
-    container_name: iotdb130
-    hostname: iotdb130
-    image: apache/iotdb:1.3.0-standalone
-    restart: always
-    environment:
-      - enable_rest_service=true
-      - cn_internal_address=iotdb130
-      - cn_internal_port=10710
-      - cn_consensus_port=10720
-      - cn_seed_config_node=iotdb130:10710
-      - dn_rpc_address=iotdb130
-      - dn_internal_address=iotdb130
-      - dn_rpc_port=6667
-      - dn_mpp_data_exchange_port=10740
-      - dn_schema_region_consensus_port=10750
-      - dn_data_region_consensus_port=10760
-      - dn_seed_config_node=iotdb130:10710
-    # volumes:
-    #     - ./data:/iotdb/data
-    #     - ./logs:/iotdb/logs
-    expose:
-      - "18080"
-    # IoTDB's REST interface, uncomment for local testing
-    # ports:
-    #     - "18080:18080"
-    networks:
-      - emqx_bridge
-
-  iotdb_1_1_0:
-    container_name: iotdb110
-    hostname: iotdb110
+  iotdb:
+    container_name: iotdb
+    hostname: iotdb
     image: apache/iotdb:1.1.0-standalone
     restart: always
     environment:
       - enable_rest_service=true
-      - cn_internal_address=iotdb110
+      - cn_internal_address=iotdb
       - cn_internal_port=10710
       - cn_consensus_port=10720
-      - cn_target_config_node_list=iotdb110:10710
-      - dn_rpc_address=iotdb110
-      - dn_internal_address=iotdb110
+      - cn_target_config_node_list=iotdb:10710
+      - dn_rpc_address=iotdb
+      - dn_internal_address=iotdb
       - dn_rpc_port=6667
       - dn_mpp_data_exchange_port=10740
       - dn_schema_region_consensus_port=10750
       - dn_data_region_consensus_port=10760
-      - dn_target_config_node_list=iotdb110:10710
+      - dn_target_config_node_list=iotdb:10710
     # volumes:
     #     - ./data:/iotdb/data
     #     - ./logs:/iotdb/logs

.ci/docker-compose-file/docker-compose-kafka.yaml

@@ -18,7 +18,7 @@ services:
       - /tmp/emqx-ci/emqx-shared-secret:/var/lib/secret
   kdc:
     hostname: kdc.emqx.net
-    image:  ghcr.io/emqx/emqx-builder/5.3-9:1.15.7-26.2.5-3-ubuntu22.04
+    image:  ghcr.io/emqx/emqx-builder/5.2-3:1.14.5-25.3.2-2-ubuntu22.04
     container_name: kdc.emqx.net
     expose:
       - 88 # kdc

.ci/docker-compose-file/docker-compose-ldap.yaml

@@ -10,7 +10,7 @@ services:
       nofile: 1024
     image: openldap
     #ports:
-    #  - "389:389"
+    #  - 389:389
     volumes:
       - ./certs/ca.crt:/etc/certs/ca.crt
     restart: always

.ci/docker-compose-file/docker-compose-mongo-single-tcp.yaml

@@ -9,9 +9,6 @@ services:
       - emqx_bridge
     ports:
       - "27017:27017"
-    env_file:
-      - .env
-      - credentials.env
     command:
       --ipv6
       --bind_ip_all

.ci/docker-compose-file/docker-compose-otel.yaml

@@ -1,69 +0,0 @@
-version: '3.9'
-
-services:
-  jaeger-all-in-one:
-    image: jaegertracing/all-in-one:1.51.0
-    container_name: jaeger.emqx.net
-    hostname: jaeger.emqx.net
-    networks:
-      - emqx_bridge
-    restart: always
-#    ports:
-#      - "16686:16686"
-    user: "${DOCKER_USER:-root}"
-
-  # Collector
-  otel-collector:
-    image: otel/opentelemetry-collector:0.90.0
-    container_name: otel-collector.emqx.net
-    hostname: otel-collector.emqx.net
-    networks:
-      - emqx_bridge
-    restart: always
-    command: ["--config=/etc/otel-collector-config.yaml", "${OTELCOL_ARGS}"]
-    volumes:
-      - ./otel:/etc/
-#    ports:
-#      - "1888:1888"   # pprof extension
-#      - "8888:8888"   # Prometheus metrics exposed by the collector
-#      - "8889:8889"   # Prometheus exporter metrics
-#      - "13133:13133" # health_check extension
-#      - "4317:4317"   # OTLP gRPC receiver
-#      - "4318:4318"   # OTLP http receiver
-#      - "55679:55679" # zpages extension
-    depends_on:
-      - jaeger-all-in-one
-    user: "${DOCKER_USER:-root}"
-
-
-# Collector
-  otel-collector-tls:
-    image: otel/opentelemetry-collector:0.90.0
-    container_name: otel-collector-tls.emqx.net
-    hostname: otel-collector-tls.emqx.net
-    networks:
-      - emqx_bridge
-    restart: always
-    command: ["--config=/etc/otel-collector-config-tls.yaml", "${OTELCOL_ARGS}"]
-    volumes:
-      - ./otel:/etc/
-      - ./certs:/etc/certs
- #   ports:
- #     - "14317:4317"   # OTLP gRPC receiver
-    depends_on:
-      - jaeger-all-in-one
-    user: "${DOCKER_USER:-root}"
-
-#networks:
-#  emqx_bridge:
-#    driver: bridge
-#    name: emqx_bridge
-#    enable_ipv6: true
-#    ipam:
-#      driver: default
-#      config:
-#        - subnet: 172.100.239.0/24
-#          gateway: 172.100.239.1
-#        - subnet: 2001:3200:3200::/64
-#          gateway: 2001:3200:3200::1
-#

.ci/docker-compose-file/docker-compose-rabbitmq.yaml

@@ -9,12 +9,10 @@ services:
     expose:
       - "15672"
       - "5672"
-      - "5671"
     # We don't want to take ports from the host
-    #ports:
+    # ports:
     #   - "15672:15672"
     #   - "5672:5672"
-    #   - "5671:5671"
     volumes:
       - ./certs/ca.crt:/opt/certs/ca.crt
       - ./certs/server.crt:/opt/certs/server.crt

.ci/docker-compose-file/docker-compose-rocketmq-ssl.yaml

@@ -1,41 +0,0 @@
-version: '3.9'
-
-services:
-  mqnamesrvssl:
-    image: apache/rocketmq:4.9.4
-    container_name: rocketmq_namesrv_ssl
-#    ports:
-#      - 9876:9876
-    volumes:
-      - ./rocketmq/logs_ssl:/opt/logs
-      - ./rocketmq/store_ssl:/opt/store
-    environment:
-      JAVA_OPT: "-Dtls.server.mode=enforcing"
-    command: ./mqnamesrv
-    networks:
-      - emqx_bridge
-
-  mqbrokerssl:
-    image: apache/rocketmq:4.9.4
-    container_name: rocketmq_broker_ssl
-#    ports:
-#      - 10909:10909
-#      - 10911:10911
-    volumes:
-      - ./rocketmq/logs_ssl:/opt/logs
-      - ./rocketmq/store_ssl:/opt/store
-      - ./rocketmq/conf_ssl/broker.conf:/etc/rocketmq/broker.conf
-      - ./rocketmq/conf_ssl/plain_acl.yml:/home/rocketmq/rocketmq-4.9.4/conf/plain_acl.yml
-    environment:
-        NAMESRV_ADDR: "rocketmq_namesrv_ssl:9876"
-        JAVA_OPTS: " -Duser.home=/opt -Drocketmq.broker.diskSpaceWarningLevelRatio=0.99"
-        JAVA_OPT_EXT: "-server -Xms512m -Xmx512m -Xmn512m -Dtls.server.mode=enforcing"
-    command: ./mqbroker -c /etc/rocketmq/broker.conf
-    depends_on:
-      - mqnamesrvssl
-    networks:
-      - emqx_bridge
-
-networks:
-  emqx_bridge:
-    driver: bridge

.ci/docker-compose-file/docker-compose-toxiproxy.yaml

@@ -39,10 +39,6 @@ services:
       - 19042:9042
       # Cassandra TLS
       - 19142:9142
-      # Cassandra No Auth
-      - 19043:9043
-      # Cassandra TLS No Auth
-      - 19143:9143
       # S3
       - 19000:19000
       # S3 TLS

.ci/docker-compose-file/docker-compose.yaml

@@ -3,9 +3,8 @@ version: '3.9'
 services:
   erlang:
     container_name: erlang
-    image: ${DOCKER_CT_RUNNER_IMAGE:-ghcr.io/emqx/emqx-builder/5.3-9:1.15.7-26.2.5-3-ubuntu22.04}
+    image: ${DOCKER_CT_RUNNER_IMAGE:-ghcr.io/emqx/emqx-builder/5.2-3:1.14.5-25.3.2-2-ubuntu22.04}
     env_file:
-      - credentials.env
       - conf.env
     environment:
       GITHUB_ACTIONS: ${GITHUB_ACTIONS:-}

.ci/docker-compose-file/elastic/ca/ca.crt

@@ -1,20 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDSjCCAjKgAwIBAgIVAIrN275DCtGnotTPpxwvQ5751N4OMA0GCSqGSIb3DQEB
-CwUAMDQxMjAwBgNVBAMTKUVsYXN0aWMgQ2VydGlmaWNhdGUgVG9vbCBBdXRvZ2Vu
-ZXJhdGVkIENBMB4XDTI0MDExNjAyMzIyMFoXDTI3MDExNTAyMzIyMFowNDEyMDAG
-A1UEAxMpRWxhc3RpYyBDZXJ0aWZpY2F0ZSBUb29sIEF1dG9nZW5lcmF0ZWQgQ0Ew
-ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCy0nwiEurUkIPFMLV1weVM
-pPk/AlwZUzqjkeL44gsY53XI9Q05w/sL9u6PzwrXgTCFWNXzI9+MoAtp8phPkn14
-cmg5/3sLe9YcFVFjYK/MoljlUbPDj+4dgk8l+w5FRSi0+JN5krUm7rYk9lojAkeS
-fX8RU7ekKGbjBXIFtPxX5GNadu9RidR5GkHM3XroAIoris8bFOzMgFn9iybYnkhq
-0S+Hpv0A8FVxzle0KNbPpsIkxXH2DnP2iPTDym9xJNl9Iv9MPtj9XaamH7TmXcSt
-MbjkAudKsCw4bRuhHonM16DIUr8sX5UcRcAWyJ1x1qpZaOzMdh2VdYAHNuOsZwzJ
-AgMBAAGjUzBRMB0GA1UdDgQWBBTAyDlp8NZfPe8NCGVlHJSVclGOhTAfBgNVHSME
-GDAWgBTAyDlp8NZfPe8NCGVlHJSVclGOhTAPBgNVHRMBAf8EBTADAQH/MA0GCSqG
-SIb3DQEBCwUAA4IBAQAeIUXRKmC53iirY4P49YspLafspAMf4ndMFQAp+Oc223Vs
-hQC4axNoYnUdzWDH6LioAN7P826xNPqtXvTZF9fmeX7K8Nm9Kdj+for+QQI3j6+X
-zq98VVkACb8b/Mc9Nac/WBbv/1IKyKgNNta7//WNPgAFolOfti/C0NLsPcKhrM9L
-mGbvRX8ZjH8pVJ0YTy4/xfDcF7G/Lxl4Yvb0ZXpuQbvE1+Y0h5aoTNshT/skJxC4
-iyVseYr21s3pptKcr6H9KZuSdZe5pbEo+81nT15w+50aswFLk9GCYh5UsQ+1jkRK
-cKgxP93i6x8BVbQJGKi1A1jhauSKX2IpWZQsHy4p
------END CERTIFICATE-----

.ci/docker-compose-file/elastic/ca/ca.key

@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAstJ8IhLq1JCDxTC1dcHlTKT5PwJcGVM6o5Hi+OILGOd1yPUN
-OcP7C/buj88K14EwhVjV8yPfjKALafKYT5J9eHJoOf97C3vWHBVRY2CvzKJY5VGz
-w4/uHYJPJfsORUUotPiTeZK1Ju62JPZaIwJHkn1/EVO3pChm4wVyBbT8V+RjWnbv
-UYnUeRpBzN166ACKK4rPGxTszIBZ/Ysm2J5IatEvh6b9APBVcc5XtCjWz6bCJMVx
-9g5z9oj0w8pvcSTZfSL/TD7Y/V2mph+05l3ErTG45ALnSrAsOG0boR6JzNegyFK/
-LF+VHEXAFsidcdaqWWjszHYdlXWABzbjrGcMyQIDAQABAoIBAAZOLXYanmjpIRpX
-h7h7oikYEplWDRcQBBvvKZaOyuchhznTKTiZmF0xQ3Ny8J4Ndj9ndODWSZxI6uod
-FaGNp+qytwnfgDBVGSVDm6tyRfSkX1fTsA/j3/iupvmO/w9yezdZYgLaCVTyex31
-yVMdchZgYjYDUpEBYzJbV2xL18+GBRmmPjdXumlpcJqcclxjOQJSu/1WCGVfn/e/
-64NQpAm7NSKLqeUl32g0/DvUpmYRfmf7ZjVUjePaJQU6sw5/N+3V9F1hYs8VSWz0
-OMzYIfUcvixw+VWx5bu0nWt98FirhsQPjCTThD+DHP6koXGrdXpeMOQE1YZmoV5T
-vP0X+FECgYEA5dsKVDQFL67muqz3CNRVM0xDWACCoa8789hYoxvhd1iO3e4kwXBa
-ABPcZckioq+HiQ4UIxC2AhQ1FuTeIUTq7LZ0HtAAdKFi48U4LzmPhNUpG1E/HbJ3
-GQbi4u1cAzGYuhdywktgBhn9bJ4XB7+X3815Y9qKkuRcwtXgKGDy8HkCgYEAxyly
-vc7NBkLfIAmkOsm6VXfvfBTEUBUGi6+k1rarTUxWFIgRuk4FHywwWUTdxWBKJz3n
-HNNJb/g7CcufdhLTuWVHQtJDxYf2cJjoi+Kf7/i/Qs9Nyhokj5Mnh6KlZQOWXpZd
-Gwn/O13NeDxt1TIVO2xp6zY4FhVEPvaHuxsMCtECgYA7/eR/P6iO3nZoCJbdXhXy
-spftEw0FSCg8p53SzIcXUCzRrcM4HavP0181zb5VebzFP8Bvun/WoRGOLSPwyP0L
-1T8Pf7huuGSIEERuxvY3dC8raxQvGxJMnOiA0/Ss/Lfg8hfIsEWashPb0pMuOYpZ
-JlblgfejCSlQzOOZhlxB+QKBgQCKmizRLV9/0QAJAsy5YPR9UJdpCebJOKiyg806
-5Ct5AvwRE9UKjAuCczU+mu+f0fApOSpi5CQCeYVUvtG90UJpjrM2LLCfgoyeNbv4
-xgG6dqlcbHrdgK4bATUMbsOd9g4qy4gGLkHi5df9qkhhi5Y9Iajg2X3U2H4DN3yk
-WSFbUQKBgQCLz333qWOuT3OBv+EYxHDQUS4YG+dReUos+v0iPJzu+spnfibBF5IC
-RjHIhPsdN1byNB0naXOkkz4tUlLGXv6umFgDtQvy/2rxvxQmUGp/WY1VM2+164Xe
-NEWdMEU6UckCoMO77kw8JosKhmXCYaSW5bWwnXuEpOj9WWpwjKtxlA==
------END RSA PRIVATE KEY-----

.ci/docker-compose-file/elastic/es01/es01.crt

@@ -1,20 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDQDCCAiigAwIBAgIUe90yOBN1KBxOEr2jro3epamZksIwDQYJKoZIhvcNAQEL
-BQAwNDEyMDAGA1UEAxMpRWxhc3RpYyBDZXJ0aWZpY2F0ZSBUb29sIEF1dG9nZW5l
-cmF0ZWQgQ0EwHhcNMjQwMTE2MDIzMjIyWhcNMjcwMTE1MDIzMjIyWjAPMQ0wCwYD
-VQQDEwRlczAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxGEL71pV
-j8qoUxEuL7qjRSeS1eHxeKhu2jqEZb7iA1o/7b/26QuYAkoYL+WuJNfYjg5F/O8W
-VVuAYIlN6a/mC6wT2t3pX4YSrdp+i3gtAC/LX+8mAeqMQPD+4jitOwjOsYzbuFCb
-nYl86dnFPl/+Pmj20mtZ+Wt7oIPD88j6+r5qgv59pHICxS7Cq304LDTRQbNoT8HO
-4c9VGGGtWIdtrqiYrz1OVefkffMrvFt77v6dKHn8g5tSyfQUDCoEKtTOc3Pe5zCB
-vIMs6HaapoSkl8XdpFHQ712PCZRebAMCrVcPYQ3r8e9GYmLY/NhxEn3dWTqRhHeg
-UD13O8o1aBWonwIDAQABo28wbTAdBgNVHQ4EFgQUXvGJtSf2/mLOK17AzUridtCV
-xWwwHwYDVR0jBBgwFoAUwMg5afDWXz3vDQhlZRyUlXJRjoUwIAYDVR0RBBkwF4IJ
-bG9jYWxob3N0hwR/AAABggRlczAxMAkGA1UdEwQCMAAwDQYJKoZIhvcNAQELBQAD
-ggEBACaNq3ZqrbsGvbEtrf6kJGIsTokTFHeVJUSYmt1ZZzDFLSepXAC/J8gphV45
-B+YSlkDPNTwMYlf7TUYY872zkdqOXN9r0NUx8MzVAX0+rux0RJba5GGUvJGZDNMX
-WM5z9ry1KjQSQ1bSoRQOD3QArmBmhvikHjLc97Vqt56N0wA/ztXWOpNZX/TXmast
-aXlUbcfQE73Cdq9tW1ATXwbQ2Gf7vVAUT3zjZSZbNdgPuBicGJHf85Fhjm2ND4+R
-sjLIOQ2YgVxNHYbueScc6lJM5RNK194K7WrEQnRyGHT3NaDUm0FFNl//aQeq1ZVw
-6gaUYlkTFauXwEYMDK901cWFaBE=
------END CERTIFICATE-----

.ci/docker-compose-file/elastic/es01/es01.key

@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEpAIBAAKCAQEAxGEL71pVj8qoUxEuL7qjRSeS1eHxeKhu2jqEZb7iA1o/7b/2
-6QuYAkoYL+WuJNfYjg5F/O8WVVuAYIlN6a/mC6wT2t3pX4YSrdp+i3gtAC/LX+8m
-AeqMQPD+4jitOwjOsYzbuFCbnYl86dnFPl/+Pmj20mtZ+Wt7oIPD88j6+r5qgv59
-pHICxS7Cq304LDTRQbNoT8HO4c9VGGGtWIdtrqiYrz1OVefkffMrvFt77v6dKHn8
-g5tSyfQUDCoEKtTOc3Pe5zCBvIMs6HaapoSkl8XdpFHQ712PCZRebAMCrVcPYQ3r
-8e9GYmLY/NhxEn3dWTqRhHegUD13O8o1aBWonwIDAQABAoIBADJ3A/Om4az5dcce
-96EBU9q+IDBBh2Wr1wzSk9p3sqoM47fLqH5b4dzYwJ1yZw2FwFtFFLw6jqExyexE
-7JY8gyAFwPZyJ3pKQHuX1gQuRlYxchB9quU8Kn230LA+w1mT2lXrLj2PzWWvAsAv
-m837KiFMpP0O5EjB07u8kLsRr1mG6QQ24Kc8oxd7xLXIiPzSvsOpYwo9hmIWENd5
-kyA7oSa9EmN3TRTkKOHI7cFQ3DqIGdO71waUofKOdx39DyHS2YKWxDE/LUjkS9zw
-1AyZG09l4uowyLRqwYhivEq9Za6rdc64yheuHatAM9kC2AOcVcsCPZquIe90k4t1
-L7e9CAECgYEA1W483xTW8ngzxv9MMuPiW+PwVGRpyQrbO6OZOxdWEYfhrZlk5wlW
-XK2T85jqooJwMWPTk1F49vZ9WN2KuLkL65GlkEtkFbxmOiFJjXuWwycbFSk05hPs
-4AESBYHieaSPcwYhvLeG6g4PFyeqmbAGnKsJaj2ylPwDBOc7LgVlqAECgYEA64wo
-gZwaj5SlP8M/OqGH04UVYr1kP/Eq6eiDfMyV5exy+pyzofZyNKUfJfw6sGgyRRHx
-OVxlnPMsZ8zbdOXsvUEIeavpwDfQcp5eAURL65I6GMLsx2QpfiN2mDe1MqQW0jct
-UleFaURgS84KHLE0+tBBg906jOHGjsE7Q3lyUJ8CgYBYYPev4K9JZGD8bEcfY6Ie
-Lvsb1yC+8VHrFkmjYHxxcfUPr89KpGEwq2fynUW72YufyBiajkgq69Ln84U4DNhU
-ydDnOXDOV191fsc4YQ8C7LSYRKH1DBcwgwD1at1fRbdpCAb8YHrrfLre+bv5PBzg
-zyps5fOHIfwWEbI90lpQAQKBgQDoMMqBMTtxi+r1lucOScrVtFuncOCQs5BE8cIj
-1JxzAQk6iBv/LSvZP2gcDq5f1Oaw9YXfsHguJfwA+ozeiAQ9bw0Gu3N52sstIXWz
-M/rO5d9FJ2k3CEJqqFSwqkGBAQXKBUA06jeF1DREpX+MVxbNo1rhvMOJusn7UPm1
-gtMwKwKBgQCfRzFO10ITwrw8rcRZwO9Axgqf11V7xn6qpgRxj4h0HOErVTCN1H0b
-vE3Pz7cxS/g9vFRP37TuqBLfGVzPt9LAEFwCWPeZJLROBLHyu8XrhTbQx+sI2/pe
-SBEJAQAHtYasFTE0sBEKNEY2rIt1c29XZhyhhtNKD9gRN/gB355wLg==
------END RSA PRIVATE KEY-----

.ci/docker-compose-file/elastic/instances.yml

@@ -1,7 +0,0 @@
-instances:
-   - name: es01
-     dns:
-       - es01
-       - localhost
-     ip:
-       - 127.0.0.1

.ci/docker-compose-file/kafka/kafka-entrypoint.sh

@@ -49,9 +49,6 @@ echo "+++++++ Creating Kafka Topics ++++++++"
 # there seem to be a race condition when creating the topics (too early)
 env KAFKA_CREATE_TOPICS="$KAFKA_CREATE_TOPICS_NG" KAFKA_PORT="$PORT1" create-topics.sh
 
-# create a topic with max.message.bytes=100
-/opt/kafka/bin/kafka-topics.sh --create --bootstrap-server "${SERVER}:${PORT1}" --topic max-100-bytes --partitions 1 --replication-factor 1 --config max.message.bytes=100
-
 echo "+++++++ Wait until Kafka ports are down ++++++++"
 
 bash -c 'while printf "" 2>>/dev/null >>/dev/tcp/$0/$1; do sleep 1; done' $SERVER $PORT1

.ci/docker-compose-file/openldap/Dockerfile

@@ -1,4 +1,4 @@
-FROM docker.io/zmstone/openldap:2.5.16@sha256:a813922115a1d1f1b974399595921d1778fae22b3f1ee15dcfa8cfa89700dbc7
+FROM docker.io/zmstone/openldap:2.5.16
 
 COPY .ci/docker-compose-file/openldap/slapd.conf /usr/local/etc/openldap/slapd.conf
 COPY apps/emqx_ldap/test/data/emqx.io.ldif /usr/local/etc/openldap/schema/emqx.io.ldif

.ci/docker-compose-file/openldap/README.md

@@ -1,61 +0,0 @@
-# LDAP authentication
-
-To run manual tests with the default docker-compose files.
-
-Expose openldap container port by uncommenting the `ports` config in `docker-compose-ldap.yaml `
-
-To start openldap:
-
-```
-docker-compose -f ./.ci/docker-compose-file/docker-compose.yaml -f ./.ci/docker-compose-file/docker-compose-ldap.yaml up -docker
-```
-
-## LDAP database
-
-LDAP database is populated from below files:
-```
-apps/emqx_ldap/test/data/emqx.io.ldif /usr/local/etc/openldap/schema/emqx.io.ldif
-apps/emqx_ldap/test/data/emqx.schema /usr/local/etc/openldap/schema/emqx.schema
-```
-
-## Minimal EMQX config
-
-```
-authentication = [
-  {
-    backend = ldap
-    base_dn = "uid=${username},ou=testdevice,dc=emqx,dc=io"
-    filter = "(& (objectClass=mqttUser) (uid=${username}))"
-    mechanism = password_based
-    method {
-      is_superuser_attribute = isSuperuser
-      password_attribute = userPassword
-      type = hash
-    }
-    password = public
-    pool_size = 8
-    query_timeout = "5s"
-    request_timeout = "10s"
-    server = "localhost:1389"
-    username = "cn=root,dc=emqx,dc=io"
-  }
-]
-```
-
-## Example ldapsearch command
-
-```
-ldapsearch -x -H ldap://localhost:389 -D "cn=root,dc=emqx,dc=io" -W -b "uid=mqttuser0007,ou=testdevice,dc=emqx,dc=io" "(&(objectClass=mqttUser)(uid=mqttuser0007))"
-```
-
-## Example mqttx command
-
-The client password hashes are generated from their username.
-
-```
-# disabled user
-mqttx pub -t 't/1' -h localhost -p 1883 -m x -u mqttuser0006 -P mqttuser0006
-
-# enabled super-user
-mqttx pub -t 't/1' -h localhost -p 1883 -m x -u mqttuser0007 -P mqttuser0007
-```

.ci/docker-compose-file/otel/.gitignore

@@ -1,6 +0,0 @@
-certs
-hostname
-hosts
-otel-collector.json
-otel-collector-tls.json
-resolv.conf

.ci/docker-compose-file/otel/otel-collector-config-tls.yaml

@@ -1,52 +0,0 @@
-receivers:
-  otlp:
-    protocols:
-      grpc:
-        tls:
-          ca_file: /etc/certs/ca.crt
-          cert_file: /etc/certs/server.crt
-          key_file: /etc/certs/server.key
-      http:
-        tls:
-          ca_file: /etc/certs/ca.crt
-          cert_file: /etc/certs/server.crt
-          key_file: /etc/certs/server.key
-
-exporters:
-  logging:
-    verbosity: detailed
-  otlp:
-    endpoint: jaeger.emqx.net:4317
-    tls:
-      insecure: true
-  debug:
-    verbosity: detailed
-  file:
-    path: /etc/otel-collector-tls.json
-
-
-processors:
-  batch:
-    # send data immediately
-    timeout: 0
-
-extensions:
-  health_check:
-  zpages:
-    endpoint: :55679
-
-service:
-  extensions: [zpages, health_check]
-  pipelines:
-    traces:
-      receivers: [otlp]
-      processors: [batch]
-      exporters: [logging, otlp]
-    metrics:
-      receivers: [otlp]
-      processors: [batch]
-      exporters: [logging]
-    logs:
-      receivers: [otlp]
-      processors: [batch]
-      exporters: [logging, file]

.ci/docker-compose-file/otel/otel-collector-config.yaml

@@ -1,51 +0,0 @@
-receivers:
-  otlp:
-    protocols:
-      grpc:
-        tls:
-#          ca_file: /etc/ca.pem
-#          cert_file: /etc/server.pem
-#          key_file: /etc/server.key
-      http:
-        tls:
-#          ca_file: /etc/ca.pem
-#          cert_file: /etc/server.pem
-#          key_file: /etc/server.key
-
-exporters:
-  logging:
-    verbosity: detailed
-  otlp:
-    endpoint: jaeger.emqx.net:4317
-    tls:
-      insecure: true
-  debug:
-    verbosity: detailed
-  file:
-    path: /etc/otel-collector.json
-
-processors:
-  batch:
-    # send data immediately
-    timeout: 0
-
-extensions:
-  health_check:
-  zpages:
-    endpoint: :55679
-
-service:
-  extensions: [zpages, health_check]
-  pipelines:
-    traces:
-      receivers: [otlp]
-      processors: [batch]
-      exporters: [logging, otlp]
-    metrics:
-      receivers: [otlp]
-      processors: [batch]
-      exporters: [logging]
-    logs:
-      receivers: [otlp]
-      processors: [batch]
-      exporters: [logging, file]

.ci/docker-compose-file/pgsql/Dockerfile

@@ -1,4 +1,4 @@
-ARG BUILD_FROM=public.ecr.aws/docker/library/postgres:13@sha256:fa69de30d02652cfdfb68166692e5186f6972c17f83c89c71ac8ff0916d46ae3
+ARG BUILD_FROM=public.ecr.aws/docker/library/postgres:13
 FROM ${BUILD_FROM}
 ARG POSTGRES_USER=postgres
 COPY --chown=$POSTGRES_USER ./pgsql/pg_hba_tls.conf /var/lib/postgresql/pg_hba.conf

.ci/docker-compose-file/python/pytest.sh

@@ -6,9 +6,6 @@
 set -x
 set +e
 
-# shellcheck disable=SC3028 disable=SC3054
-SCRIPT_DIR="$( dirname -- "$( readlink -f -- "$0"; )"; )"
-
 EMQX_TEST_DB_BACKEND=$1
 if [ "$EMQX_TEST_DB_BACKEND" = "rlog" ]
 then
@@ -23,7 +20,7 @@ fi
 apk update && apk add git curl
 git clone -b develop-5.0 https://github.com/emqx/paho.mqtt.testing.git /paho.mqtt.testing
 
-pip install --require-hashes -r "$SCRIPT_DIR/requirements.txt"
+pip install pytest==7.1.2 pytest-retry==1.3.0
 
 pytest --retries 3 -v /paho.mqtt.testing/interoperability/test_client/V5/test_connect.py -k test_basic --host "$TARGET_HOST"
 RESULT=$?

.ci/docker-compose-file/python/requirements.txt

@@ -1,21 +0,0 @@
-pytest-retry==1.6.1 \
-    --hash=sha256:3d420afc08e61ed3be28ecbb544371041b1b8e5fea7c94eb97cefa0d4ea9825c \
-    --hash=sha256:3d663159a9be4d6878705822cf27a0976f99ec1bc4f2d9494e80403b17f700f2
-pytest==7.4.4 \
-    --hash=sha256:2cf0005922c6ace4a3e2ec8b4080eb0d9753fdc93107415332f50ce9e7994280 \
-    --hash=sha256:b090cdf5ed60bf4c45261be03239c2c1c22df034fbffe691abe93cd80cea01d8
-pluggy==1.3.0 \
-    --hash=sha256:cf61ae8f126ac6f7c451172cf30e3e43d3ca77615509771b3a984a0730651e12 \
-    --hash=sha256:d89c696a773f8bd377d18e5ecda92b7a3793cbe66c87060a6fb58c7b6e1061f7
-iniconfig==2.0.0 \
-    --hash=sha256:2d91e135bf72d31a410b17c16da610a82cb55f6b0477d1a902134b24a455b8b3 \
-    --hash=sha256:b6a85871a79d2e3b22d2d1b94ac2824226a63c6b741c88f7ae975f18b6778374
-tomli==2.0.1 \
-    --hash=sha256:939de3e7a6161af0c887ef91b7d41a53e7c5a1ca976325f429cb46ea9bc30ecc \
-    --hash=sha256:de526c12914f0c550d15924c62d72abc48d6fe7364aa87328337a31007fe8a4f
-exceptiongroup==1.2.0 \
-    --hash=sha256:4bfd3996ac73b41e9b9628b04e079f193850720ea5945fc96a08633c66912f14 \
-    --hash=sha256:91f5c769735f051a4290d52edd0858999b57e5876e9f85937691bd4c9fa3ed68
-packaging==23.2 \
-    --hash=sha256:048fb0e9405036518eaaf48a55953c750c11e1a1b68e0dd1a9d62ed0c092cfc5 \
-    --hash=sha256:8c491190033a9af7e1d931d0b5dacc2ef47509b34dd0de67ed209b5203fc88c7

.ci/docker-compose-file/redis/sentinel-tcp/sentinel-base.conf

@@ -1,7 +1,7 @@
 sentinel resolve-hostnames yes
 bind :: 0.0.0.0
 
-sentinel monitor mytcpmaster redis-sentinel-master 6379 1
-sentinel auth-pass mytcpmaster public
-sentinel down-after-milliseconds mytcpmaster 10000
-sentinel failover-timeout mytcpmaster 20000
+sentinel monitor mymaster redis-sentinel-master 6379 1
+sentinel auth-pass mymaster public
+sentinel down-after-milliseconds mymaster 10000
+sentinel failover-timeout mymaster 20000

.ci/docker-compose-file/redis/sentinel-tls/sentinel-base.conf

@@ -8,7 +8,7 @@ tls-key-file /etc/certs/key.pem
 tls-ca-cert-file /etc/certs/cacert.pem
 tls-auth-clients no
 
-sentinel monitor mytlsmaster redis-sentinel-tls-master 6389 1
-sentinel auth-pass mytlsmaster public
-sentinel down-after-milliseconds mytlsmaster 10000
-sentinel failover-timeout mytlsmaster 20000
+sentinel monitor mymaster redis-sentinel-tls-master 6389 1
+sentinel auth-pass mymaster public
+sentinel down-after-milliseconds mymaster 10000
+sentinel failover-timeout mymaster 20000

.ci/docker-compose-file/rocketmq/conf/plain_acl.yml

@@ -9,4 +9,3 @@ accounts:
     defaultGroupPerm: PUB|SUB
     topicPerms:
       - TopicTest=PUB|SUB
-      - Topic2=PUB|SUB

.ci/docker-compose-file/rocketmq/conf_ssl/broker.conf

@@ -1,24 +0,0 @@
-brokerClusterName=DefaultClusterSSL
-brokerName=broker-a
-brokerId=0
-
-brokerIP1=rocketmq_broker_ssl
-
-defaultTopicQueueNums=4
-autoCreateTopicEnable=true
-autoCreateSubscriptionGroup=true
-
-listenPort=10911
-deleteWhen=04
-
-fileReservedTime=120
-mapedFileSizeCommitLog=1073741824
-mapedFileSizeConsumeQueue=300000
-diskMaxUsedSpaceRatio=100
-maxMessageSize=65536
-
-brokerRole=ASYNC_MASTER
-
-flushDiskType=ASYNC_FLUSH
-
-aclEnable=true

.ci/docker-compose-file/rocketmq/conf_ssl/plain_acl.yml

@@ -1,12 +0,0 @@
-globalWhiteRemoteAddresses:
-
-accounts:
-  - accessKey: RocketMQ
-    secretKey: 12345678
-    whiteRemoteAddress:
-    admin: false
-    defaultTopicPerm: DENY
-    defaultGroupPerm: PUB|SUB
-    topicPerms:
-      - TopicTest=PUB|SUB
-      - Topic2=PUB|SUB

.ci/docker-compose-file/toxiproxy.json

@@ -96,18 +96,6 @@
     "upstream": "cassandra:9142",
     "enabled": true
   },
-  {
-    "name": "cassa_no_auth_tcp",
-    "listen": "0.0.0.0:9043",
-    "upstream": "cassandra_noauth:9042",
-    "enabled": true
-  },
-  {
-    "name": "cassa_no_auth_tls",
-    "listen": "0.0.0.0:9143",
-    "upstream": "cassandra_noauth:9142",
-    "enabled": true
-  },
   {
     "name": "sqlserver",
     "listen": "0.0.0.0:1433",
@@ -139,15 +127,9 @@
     "enabled": true
   },
   {
-    "name": "iotdb110",
+    "name": "iotdb",
     "listen": "0.0.0.0:18080",
-    "upstream": "iotdb110:18080",
-    "enabled": true
-  },
-  {
-    "name": "iotdb130",
-    "listen": "0.0.0.0:28080",
-    "upstream": "iotdb130:18080",
+    "upstream": "iotdb:18080",
     "enabled": true
   },
   {
@@ -209,23 +191,5 @@
     "listen": "0.0.0.0:636",
     "upstream": "ldap:636",
     "enabled": true
-  },
-  {
-    "name": "elasticsearch",
-    "listen": "0.0.0.0:9200",
-    "upstream": "elasticsearch:9200",
-    "enabled": true
-  },
-  {
-    "name": "azurite_plain",
-    "listen": "0.0.0.0:10000",
-    "upstream": "azurite:10000",
-    "enabled": true
-  },
-  {
-    "name": "couchbase",
-    "listen": "0.0.0.0:8093",
-    "upstream": "couchbase:8093",
-    "enabled": true
   }
 ]

.ci/fvt_tests/http_server/rebar.config

@@ -1,11 +1,12 @@
 %% -*- mode: erlang -*-
 
 {erl_opts, [debug_info]}.
-{deps, [
+{deps,
+ [
     {minirest, {git, "https://github.com/emqx/minirest.git", {tag, "1.3.7"}}}
-]}.
+ ]}.
 
 {shell, [
-    % {config, "config/sys.config"},
+  % {config, "config/sys.config"},
     {apps, [http_server]}
 ]}.

.ci/fvt_tests/http_server/src/http_server.app.src

@@ -1,18 +1,18 @@
 %% -*- mode: erlang -*-
-{application, http_server, [
-    {description, "An HTTP server application"},
-    {vsn, "0.2.0"},
-    {registered, []},
-    % {mod, {http_server_app, []}},
-    {modules, []},
-    {applications, [
-        kernel,
-        stdlib,
-        minirest
-    ]},
-    {env, []},
-    {modules, []},
+{application, http_server,
+ [{description, "An HTTP server application"},
+  {vsn, "0.2.0"},
+  {registered, []},
+  % {mod, {http_server_app, []}},
+  {modules, []},
+  {applications,
+   [kernel,
+    stdlib,
+    minirest
+   ]},
+  {env,[]},
+  {modules, []},
 
-    {licenses, ["Apache 2.0"]},
-    {links, []}
-]}.
+  {licenses, ["Apache 2.0"]},
+  {links, []}
+ ]}.

.ci/gitlint.requirements.txt

@@ -1,14 +0,0 @@
-arrow==1.2.3 --hash=sha256:5a49ab92e3b7b71d96cd6bfcc4df14efefc9dfa96ea19045815914a6ab6b1fe2
-click==8.1.3 --hash=sha256:bb4d8133cb15a609f44e8213d9b391b0809795062913b383c62be0ee95b1db48
-exceptiongroup==1.2.0 --hash=sha256:4bfd3996ac73b41e9b9628b04e079f193850720ea5945fc96a08633c66912f14
-gitlint==0.19.1 --hash=sha256:26bb085959148d99fbbc178b4e56fda6c3edd7646b7c2a24d8ee1f8e036ed85d
-gitlint-core==0.19.1 --hash=sha256:f41effd1dcbc06ffbfc56b6888cce72241796f517b46bd9fd4ab1b145056988c
-iniconfig==2.0.0 --hash=sha256:b6a85871a79d2e3b22d2d1b94ac2824226a63c6b741c88f7ae975f18b6778374
-packaging==23.2 --hash=sha256:8c491190033a9af7e1d931d0b5dacc2ef47509b34dd0de67ed209b5203fc88c7
-pluggy==1.3.0 --hash=sha256:d89c696a773f8bd377d18e5ecda92b7a3793cbe66c87060a6fb58c7b6e1061f7
-pytest==7.4.4 --hash=sha256:b090cdf5ed60bf4c45261be03239c2c1c22df034fbffe691abe93cd80cea01d8
-pytest-retry==1.6.1 --hash=sha256:3d420afc08e61ed3be28ecbb544371041b1b8e5fea7c94eb97cefa0d4ea9825c
-python-dateutil==2.8.2 --hash=sha256:961d03dc3453ebbc59dbdea9e4e11c5651520a876d0f4db161e8674aae935da9
-sh==1.14.3 --hash=sha256:e4045b6c732d9ce75d571c79f5ac2234edd9ae4f5fa9d59b09705082bdca18c7
-six==1.16.0 --hash=sha256:8abb2f1d86890a2dfb989f9a77cfcfd3e47c2a354b01111771326f8aa26e0254
-tomli==2.0.1 --hash=sha256:939de3e7a6161af0c887ef91b7d41a53e7c5a1ca976325f429cb46ea9bc30ecc

.github/CODEOWNERS

@@ -1,29 +1,18 @@
 ## Default
 * @emqx/emqx-review-board
 
-# emqx-review-board members
-## HJianBo
-## id
-## ieQu1
-## keynslug
-## qzhuyan
-## savonarola
-## terry-xiaoyu
-## thalesmg
-## zhongwencool
-## zmstone
-
 ## apps
 /apps/emqx/                @emqx/emqx-review-board @lafirest
-/apps/emqx_auth/           @emqx/emqx-review-board @JimMoen
+/apps/emqx_connector/      @emqx/emqx-review-board
+/apps/emqx_auth/           @emqx/emqx-review-board @JimMoen @savonarola
 /apps/emqx_connector/      @emqx/emqx-review-board @JimMoen
 /apps/emqx_dashboard/      @emqx/emqx-review-board @JimMoen @lafirest
 /apps/emqx_dashboard_rbac/ @emqx/emqx-review-board @lafirest
 /apps/emqx_dashboard_sso/  @emqx/emqx-review-board @JimMoen @lafirest
-/apps/emqx_exhook/         @emqx/emqx-review-board @JimMoen
+/apps/emqx_exhook/         @emqx/emqx-review-board @JimMoen @HJianBo
+/apps/emqx_ft/             @emqx/emqx-review-board @savonarola @keynslug
 /apps/emqx_gateway/        @emqx/emqx-review-board @lafirest
-/apps/emqx_management/     @emqx/emqx-review-board @lafirest
-/apps/emqx_opentelemetry   @emqx/emqx-review-board @SergeTupchiy
+/apps/emqx_management/     @emqx/emqx-review-board @lafirest @sstrigler
 /apps/emqx_plugins/        @emqx/emqx-review-board @JimMoen
 /apps/emqx_prometheus/     @emqx/emqx-review-board @JimMoen
 /apps/emqx_psk/            @emqx/emqx-review-board @lafirest
@@ -31,7 +20,7 @@
 /apps/emqx_rule_engine/    @emqx/emqx-review-board @kjellwinblad
 /apps/emqx_slow_subs/      @emqx/emqx-review-board @lafirest
 /apps/emqx_statsd/         @emqx/emqx-review-board @JimMoen
-/apps/emqx_durable_storage/ @emqx/emqx-review-board @keynslug
+/apps/emqx_durable_storage/ @emqx/emqx-review-board @ieQu1 @keynslug
 
 ## CI
 /deploy/  @emqx/emqx-review-board @Rory-Z

.github/ISSUE_TEMPLATE/bug-report.yaml

@@ -61,6 +61,10 @@ body:
         # paste output here
         $ uname -a
         # paste output here
+
+        # On Windows:
+        C:\> wmic os get Caption, Version, BuildNumber, OSArchitecture
+        # paste output here
         ```
 
         </details>

.github/actions/package-macos/action.yaml

@@ -3,7 +3,7 @@ inputs:
   profile: # emqx, emqx-enterprise
     required: true
     type: string
-  otp:
+  otp: # 25.3.2-2
     required: true
     type: string
   os:
@@ -33,7 +33,7 @@ runs:
         HOMEBREW_NO_INSTALL_UPGRADE: 1
         HOMEBREW_NO_INSTALLED_DEPENDENTS_CHECK: 1
       run: |
-        brew install curl zip unzip coreutils openssl@1.1 unixodbc
+        brew install curl zip unzip coreutils openssl@1.1
         echo "/usr/local/opt/bison/bin" >> $GITHUB_PATH
         echo "/usr/local/bin" >> $GITHUB_PATH
         echo "emqx_name=${emqx_name}" >> $GITHUB_OUTPUT
@@ -51,12 +51,12 @@ runs:
             echo "SELF_HOSTED=false" >> $GITHUB_OUTPUT
             ;;
         esac
-    - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+    - uses: actions/cache@v3
       id: cache
       if: steps.prepare.outputs.SELF_HOSTED != 'true'
       with:
         path: ${{ steps.prepare.outputs.OTP_INSTALL_PATH }}
-        key: otp-install-${{ inputs.otp }}-${{ inputs.os }}-static-ssl-disable-hipe-disable-jit-20240524-1
+        key: otp-install-${{ inputs.otp }}-${{ inputs.os }}-static-ssl-disable-hipe-disable-jit
     - name: build erlang
       if: steps.cache.outputs.cache-hit != 'true'
       shell: bash
@@ -80,10 +80,9 @@ runs:
         git clone --depth 1 --branch OTP-${{ inputs.otp }} https://github.com/emqx/otp.git "$OTP_SOURCE_PATH"
         cd "$OTP_SOURCE_PATH"
         if [ "$(arch)" = arm64 ]; then
-            ODBCHOME="$(brew --prefix unixodbc)"
-            export CFLAGS="-O2 -g -I${ODBCHOME}/include"
-            export LDFLAGS="-L${ODBCHOME}/lib"
-            WITH_ODBC="--with-odbc=${ODBCHOME}"
+            export CFLAGS="-O2 -g -I$(brew --prefix unixodbc)/include"
+            export LDFLAGS="-L$(brew --prefix unixodbc)/lib"
+            WITH_ODBC="--with-odbc=$(brew --prefix unixodbc)"
         else
             WITH_ODBC=""
         fi

.github/actions/prepare-jmeter/action.yaml

@@ -1,21 +1,37 @@
 name: 'Prepare jmeter'
 
+inputs:
+  version-emqx:
+    required: true
+    type: string
+
 runs:
   using: composite
   steps:
-    - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
+    - uses: actions/download-artifact@v3
+      with:
+        name: emqx-docker
+        path: /tmp
+    - name: load docker image
+      shell: bash
+      env:
+        PKG_VSN: ${{ inputs.version-emqx }}
+      run: |
+        EMQX_DOCKER_IMAGE_TAG=$(docker load < /tmp/emqx-docker-${PKG_VSN}.tar.gz | sed 's/Loaded image: //g')
+        echo "_EMQX_DOCKER_IMAGE_TAG=$EMQX_DOCKER_IMAGE_TAG" >> $GITHUB_ENV
+    - uses: actions/checkout@v3
       with:
         repository: emqx/emqx-fvt
         ref: broker-autotest-v5
         path: scripts
-    - uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 # v4.2.1
+    - uses: actions/setup-java@v3
       with:
         java-version: '8.0.282' # The JDK version to make available on the path.
         java-package: jdk # (jre, jdk, or jdk+fx) - defaults to jdk
         architecture: x64 # (x64 or x86) - defaults to x64
         # https://github.com/actions/setup-java/blob/main/docs/switching-to-v2.md
         distribution: 'zulu'
-    - uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4
+    - uses: actions/download-artifact@v3
       with:
         name: apache-jmeter.tgz
     - name: install jmeter

.github/dependabot.yml

@@ -1,32 +0,0 @@
-version: 2
-updates:
-  - package-ecosystem: github-actions
-    directory: "/"
-    reviewers:
-      - "emqx/emqx-review-board"
-    schedule:
-      interval: weekly
-    groups:
-      actions:
-        patterns:
-          - "*"
-  - package-ecosystem: github-actions
-    directory: "/.github/actions/package-macos/" # All subdirectories outside of "/.github/workflows" must be explicitly included.
-    reviewers:
-      - "emqx/emqx-review-board"
-    schedule:
-      interval: weekly
-    groups:
-      actions-package-macos:
-        patterns:
-          - "*"
-  - package-ecosystem: github-actions
-    directory: "/.github/actions/prepare-jmeter/" # All subdirectories outside of "/.github/workflows" must be explicitly included.
-    reviewers:
-      - "emqx/emqx-review-board"
-    schedule:
-      interval: weekly
-    groups:
-      actions-prepare-jmeter:
-        patterns:
-          - "*"

.github/pull_request_template.md

@@ -1,8 +1,9 @@
 Fixes <issue-or-jira-number>
 
-Release version: v/e5.?
+<!-- Make sure to target release-52 branch if this PR is intended to fix the issues for the release candidate. -->
 
 ## Summary
+copilot:summary
 
 ## PR Checklist
 Please convert it to a draft if any of the following conditions are not met. Reviewers may skip over until all the items are checked:
@@ -10,7 +11,7 @@ Please convert it to a draft if any of the following conditions are not met. Rev
 - [ ] Added tests for the changes
 - [ ] Added property-based tests for code which performs user input validation
 - [ ] Changed lines covered in coverage report
-- [ ] Change log has been added to `changes/(ce|ee)/(feat|perf|fix|breaking)-<PR-id>.en.md` files
+- [ ] Change log has been added to `changes/(ce|ee)/(feat|perf|fix)-<PR-id>.en.md` files
 - [ ] For internal contributor: there is a jira ticket to track this change
 - [ ] Created PR to [emqx-docs](https://github.com/emqx/emqx-docs) if documentation update is required, or link to a follow-up jira ticket
 - [ ] Schema changes are backward compatible

.github/workflows/.zipignore

@@ -1,3 +0,0 @@
-.git/*
-*/.git/*
-*/.github/*

.github/workflows/.zipignore2

@@ -1 +0,0 @@
-*/.github/*

.github/workflows/_pr_entrypoint.yaml

@@ -11,48 +11,27 @@ on:
       ref:
         required: false
 
-defaults:
-  run:
-    shell: bash
-
 env:
   IS_CI: "yes"
 
 jobs:
-  init:
-    runs-on: ubuntu-22.04
-    outputs:
-      BUILDER_VSN: ${{ steps.env.outputs.BUILDER_VSN }}
-      OTP_VSN: ${{ steps.env.outputs.OTP_VSN }}
-      ELIXIR_VSN: ${{ steps.env.outputs.ELIXIR_VSN }}
-      BUILDER: ${{ steps.env.outputs.BUILDER }}
-    steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-        with:
-          ref: ${{ github.event.inputs.ref }}
-      - name: Set up environment
-        id: env
-        run: |
-          source ./env.sh
-          echo "BUILDER_VSN=$EMQX_BUILDER_VSN" | tee -a "$GITHUB_OUTPUT"
-          echo "OTP_VSN=$OTP_VSN" | tee -a "$GITHUB_OUTPUT"
-          echo "ELIXIR_VSN=$ELIXIR_VSN" | tee -a "$GITHUB_OUTPUT"
-          echo "BUILDER=$EMQX_BUILDER" | tee -a "$GITHUB_OUTPUT"
-
   sanity-checks:
-    runs-on: ubuntu-22.04
-    needs: init
-    container: ${{ needs.init.outputs.BUILDER }}
+    runs-on: ${{ fromJSON(github.repository_owner == 'emqx' && '["self-hosted","ephemeral","linux","x64"]' || '["ubuntu-22.04"]') }}
+    container: "ghcr.io/emqx/emqx-builder/5.2-3:1.14.5-25.3.2-2-ubuntu22.04"
     outputs:
       ct-matrix: ${{ steps.matrix.outputs.ct-matrix }}
       ct-host: ${{ steps.matrix.outputs.ct-host }}
       ct-docker: ${{ steps.matrix.outputs.ct-docker }}
-
-    permissions:
-      contents: read
+      version-emqx: ${{ steps.matrix.outputs.version-emqx }}
+      version-emqx-enterprise: ${{ steps.matrix.outputs.version-emqx-enterprise }}
+      runner_labels: ${{ github.repository_owner == 'emqx' && '["self-hosted","ephemeral","linux","x64"]' || '["ubuntu-22.04"]' }}
+      builder: "ghcr.io/emqx/emqx-builder/5.2-3:1.14.5-25.3.2-2-ubuntu22.04"
+      builder_vsn: "5.2-3"
+      otp_vsn: "25.3.2-2"
+      elixir_vsn: "1.14.5"
 
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@v3
         with:
           ref: ${{ github.event.inputs.ref }}
           fetch-depth: 0
@@ -64,7 +43,7 @@ jobs:
           BEFORE_REF: ${{ github.event_name == 'pull_request' && github.event.pull_request.base.sha || github.event.before }}
           AFTER_REF: ${{ github.sha }}
         run: |
-          pip install --require-hashes -r .ci/gitlint.requirements.txt
+          pip install gitlint
           gitlint --commits $BEFORE_REF..$AFTER_REF --config .github/workflows/.gitlint
       - name: Run shellcheck
         run: |
@@ -97,8 +76,7 @@ jobs:
           MIX_ENV: emqx-enterprise
           PROFILE: emqx-enterprise
         run: |
-          # mix local.hex --force --if-missing && mix local.rebar --force --if-missing
-          mix local.hex 2.0.6 --force --if-missing && mix local.rebar --force --if-missing
+          mix local.hex --force --if-missing && mix local.rebar --force --if-missing
       - name: Check formatting
         env:
           MIX_ENV: emqx-enterprise
@@ -111,20 +89,35 @@ jobs:
       - name: Generate CT Matrix
         id: matrix
         run: |
-          MATRIX="$(./scripts/find-apps.sh --ci)"
+          APPS="$(./scripts/find-apps.sh --ci)"
+          MATRIX="$(echo "${APPS}" | jq -c '
+            [
+              (.[] | select(.profile == "emqx") | . + {
+                builder: "5.2-3",
+                otp: "25.3.2-2",
+                elixir: "1.14.5"
+              }),
+              (.[] | select(.profile == "emqx-enterprise") | . + {
+                builder: "5.2-3",
+                otp: ["25.3.2-2"][],
+                elixir: "1.14.5"
+              })
+            ]
+          ')"
           echo "${MATRIX}" | jq
-          CT_MATRIX="$(echo "${MATRIX}" | jq -c 'map({profile}) | unique')"
+          CT_MATRIX="$(echo "${MATRIX}" | jq -c 'map({profile, builder, otp, elixir}) | unique')"
           CT_HOST="$(echo "${MATRIX}"   | jq -c 'map(select(.runner == "host"))')"
           CT_DOCKER="$(echo "${MATRIX}" | jq -c 'map(select(.runner == "docker"))')"
           echo "ct-matrix=${CT_MATRIX}" | tee -a $GITHUB_OUTPUT
           echo "ct-host=${CT_HOST}"     | tee -a $GITHUB_OUTPUT
           echo "ct-docker=${CT_DOCKER}" | tee -a $GITHUB_OUTPUT
+          echo "version-emqx=$(./pkg-vsn.sh emqx)" | tee -a $GITHUB_OUTPUT
+          echo "version-emqx-enterprise=$(./pkg-vsn.sh emqx-enterprise)" | tee -a $GITHUB_OUTPUT
 
   compile:
-    runs-on: ${{ endsWith(github.repository, '/emqx') && 'ubuntu-22.04' || fromJSON('["self-hosted","ephemeral-xl","linux","x64"]') }}
-    container: ${{ needs.init.outputs.BUILDER }}
+    runs-on: ${{ fromJSON(github.repository_owner == 'emqx' && '["self-hosted","ephemeral-xl","linux","x64"]' || '["ubuntu-22.04"]') }}
+    container: ${{ needs.sanity-checks.outputs.builder }}
     needs:
-      - init
       - sanity-checks
     strategy:
       matrix:
@@ -132,11 +125,8 @@ jobs:
           - emqx
           - emqx-enterprise
 
-    permissions:
-      contents: read
-
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@v3
         with:
           fetch-depth: 0
       - name: Work around https://github.com/actions/checkout/issues/766
@@ -148,97 +138,120 @@ jobs:
           ENABLE_COVER_COMPILE: 1
         run: |
           make ensure-rebar3
-          make ${PROFILE}-compile test-compile
-          echo "PROFILE=${PROFILE}" | tee -a .env
-          echo "PKG_VSN=$(./pkg-vsn.sh ${PROFILE})" | tee -a .env
-          zip -ryq -x@.github/workflows/.zipignore $PROFILE.zip .
-      - uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
+          make ${PROFILE}
+          make test-compile
+          zip -ryq $PROFILE.zip .
+      - uses: actions/upload-artifact@v3
         with:
           name: ${{ matrix.profile }}
           path: ${{ matrix.profile }}.zip
-          retention-days: 7
+          retention-days: 1
 
   run_emqx_app_tests:
     needs:
-      - init
       - sanity-checks
       - compile
     uses: ./.github/workflows/run_emqx_app_tests.yaml
     with:
-      builder: ${{ needs.init.outputs.BUILDER }}
+      runner_labels: ${{ needs.sanity-checks.outputs.runner_labels }}
+      builder: ${{ needs.sanity-checks.outputs.builder }}
       before_ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.base.sha || github.event.before }}
       after_ref: ${{ github.sha }}
 
   run_test_cases:
     needs:
-      - init
       - sanity-checks
       - compile
     uses: ./.github/workflows/run_test_cases.yaml
     with:
-      builder: ${{ needs.init.outputs.BUILDER }}
+      runner_labels: ${{ needs.sanity-checks.outputs.runner_labels }}
+      builder: ${{ needs.sanity-checks.outputs.builder }}
       ct-matrix: ${{ needs.sanity-checks.outputs.ct-matrix }}
       ct-host: ${{ needs.sanity-checks.outputs.ct-host }}
       ct-docker: ${{ needs.sanity-checks.outputs.ct-docker }}
 
   static_checks:
     needs:
-      - init
       - sanity-checks
       - compile
     uses: ./.github/workflows/static_checks.yaml
     with:
-      builder: ${{ needs.init.outputs.BUILDER }}
+      runner_labels: ${{ needs.sanity-checks.outputs.runner_labels }}
+      builder: ${{ needs.sanity-checks.outputs.builder }}
       ct-matrix: ${{ needs.sanity-checks.outputs.ct-matrix }}
 
   build_slim_packages:
     needs:
       - sanity-checks
     uses: ./.github/workflows/build_slim_packages.yaml
+    with:
+      runner_labels: ${{ needs.sanity-checks.outputs.runner_labels }}
+      builder: ${{ needs.sanity-checks.outputs.builder }}
+      builder_vsn: ${{ needs.sanity-checks.outputs.builder_vsn }}
+      otp_vsn: ${{ needs.sanity-checks.outputs.otp_vsn }}
+      elixir_vsn: ${{ needs.sanity-checks.outputs.elixir_vsn }}
 
   build_docker_for_test:
     needs:
-      - init
       - sanity-checks
     uses: ./.github/workflows/build_docker_for_test.yaml
+    with:
+      runner_labels: ${{ needs.sanity-checks.outputs.runner_labels }}
+      otp_vsn: ${{ needs.sanity-checks.outputs.otp_vsn }}
+      elixir_vsn: ${{ needs.sanity-checks.outputs.elixir_vsn }}
+      version-emqx: ${{ needs.sanity-checks.outputs.version-emqx }}
+      version-emqx-enterprise: ${{ needs.sanity-checks.outputs.version-emqx-enterprise }}
 
   spellcheck:
     needs:
       - sanity-checks
       - build_slim_packages
     uses: ./.github/workflows/spellcheck.yaml
+    with:
+      runner_labels: ${{ needs.sanity-checks.outputs.runner_labels }}
 
   run_conf_tests:
     needs:
-      - init
       - sanity-checks
       - compile
     uses: ./.github/workflows/run_conf_tests.yaml
     with:
-      builder: ${{ needs.init.outputs.BUILDER }}
+      runner_labels: ${{ needs.sanity-checks.outputs.runner_labels }}
+      builder: ${{ needs.sanity-checks.outputs.builder }}
 
   check_deps_integrity:
     needs:
-      - init
       - sanity-checks
     uses: ./.github/workflows/check_deps_integrity.yaml
     with:
-      builder: ${{ needs.init.outputs.BUILDER }}
+      runner_labels: ${{ needs.sanity-checks.outputs.runner_labels }}
+      builder: ${{ needs.sanity-checks.outputs.builder }}
 
   run_jmeter_tests:
     needs:
       - sanity-checks
       - build_docker_for_test
     uses: ./.github/workflows/run_jmeter_tests.yaml
+    with:
+      runner_labels: ${{ needs.sanity-checks.outputs.runner_labels }}
+      version-emqx: ${{ needs.sanity-checks.outputs.version-emqx }}
 
   run_docker_tests:
     needs:
       - sanity-checks
       - build_docker_for_test
     uses: ./.github/workflows/run_docker_tests.yaml
+    with:
+      runner_labels: ${{ needs.sanity-checks.outputs.runner_labels }}
+      version-emqx: ${{ needs.sanity-checks.outputs.version-emqx }}
+      version-emqx-enterprise: ${{ needs.sanity-checks.outputs.version-emqx-enterprise }}
 
   run_helm_tests:
     needs:
       - sanity-checks
       - build_docker_for_test
     uses: ./.github/workflows/run_helm_tests.yaml
+    with:
+      runner_labels: ${{ needs.sanity-checks.outputs.runner_labels }}
+      version-emqx: ${{ needs.sanity-checks.outputs.version-emqx }}
+      version-emqx-enterprise: ${{ needs.sanity-checks.outputs.version-emqx-enterprise }}

.github/workflows/_push-entrypoint.yaml

@@ -8,64 +8,35 @@ on:
   push:
     tags:
       - 'v*'
+      - 'e*'
     branches:
       - 'master'
-      - 'release-5[0-9]'
+      - 'release-5?'
       - 'ci/**'
-  workflow_dispatch:
-    inputs:
-      ref:
-        required: false
-
-defaults:
-  run:
-    shell: bash
 
 env:
   IS_CI: 'yes'
 
 jobs:
-  init:
-    runs-on: ubuntu-22.04
-    outputs:
-      BUILDER_VSN: ${{ steps.env.outputs.BUILDER_VSN }}
-      OTP_VSN: ${{ steps.env.outputs.OTP_VSN }}
-      ELIXIR_VSN: ${{ steps.env.outputs.ELIXIR_VSN }}
-      BUILDER: ${{ steps.env.outputs.BUILDER }}
-      BUILD_FROM: ${{ steps.env.outputs.BUILD_FROM }}
-      RUN_FROM: ${{ steps.env.outputs.BUILD_FROM }}
-    steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-        with:
-          ref: ${{ github.event.inputs.ref }}
-      - name: Set up environment
-        id: env
-        run: |
-          source env.sh
-          echo "BUILDER_VSN=$EMQX_BUILDER_VSN" >> "$GITHUB_OUTPUT"
-          echo "OTP_VSN=$OTP_VSN" >> "$GITHUB_OUTPUT"
-          echo "ELIXIR_VSN=$ELIXIR_VSN" >> "$GITHUB_OUTPUT"
-          echo "BUILDER=$EMQX_BUILDER" >> "$GITHUB_OUTPUT"
-          echo "BUILD_FROM=$EMQX_DOCKER_BUILD_FROM" >> "$GITHUB_OUTPUT"
-          echo "RUN_FROM=$EMQX_DOCKER_RUN_FROM" >> "$GITHUB_OUTPUT"
-
   prepare:
-    runs-on: ubuntu-22.04
-    needs: init
-    container: ${{ needs.init.outputs.BUILDER }}
+    runs-on: ${{ fromJSON(github.repository_owner == 'emqx' && '["self-hosted","ephemeral","linux","x64"]' || '["ubuntu-22.04"]') }}
+    container: 'ghcr.io/emqx/emqx-builder/5.2-3:1.14.5-25.3.2-2-ubuntu22.04'
     outputs:
       profile: ${{ steps.parse-git-ref.outputs.profile }}
       release: ${{ steps.parse-git-ref.outputs.release }}
       latest: ${{ steps.parse-git-ref.outputs.latest }}
+      version: ${{ steps.parse-git-ref.outputs.version }}
       ct-matrix: ${{ steps.matrix.outputs.ct-matrix }}
       ct-host: ${{ steps.matrix.outputs.ct-host }}
       ct-docker: ${{ steps.matrix.outputs.ct-docker }}
-
-    permissions:
-      contents: read
+      runner_labels: ${{ github.repository_owner == 'emqx' && '["self-hosted","ephemeral","linux","x64"]' || '["ubuntu-22.04"]' }}
+      builder: 'ghcr.io/emqx/emqx-builder/5.2-3:1.14.5-25.3.2-2-ubuntu22.04'
+      builder_vsn: '5.2-3'
+      otp_vsn: '25.3.2-2'
+      elixir_vsn: '1.14.5'
 
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@v3
         with:
           ref: ${{ github.event.inputs.ref }}
           fetch-depth: 0
@@ -73,22 +44,38 @@ jobs:
         shell: bash
         run: |
           git config --global --add safe.directory "$GITHUB_WORKSPACE"
-      - name: Detect emqx profile
+      - name: Detect emqx profile and version
         id: parse-git-ref
         run: |
           JSON="$(./scripts/parse-git-ref.sh $GITHUB_REF)"
           PROFILE=$(echo "$JSON" | jq -cr '.profile')
           RELEASE=$(echo "$JSON" | jq -cr '.release')
           LATEST=$(echo "$JSON"  | jq -cr '.latest')
+          VERSION="$(./pkg-vsn.sh "$PROFILE")"
           echo "profile=$PROFILE" | tee -a $GITHUB_OUTPUT
           echo "release=$RELEASE" | tee -a $GITHUB_OUTPUT
           echo "latest=$LATEST"   | tee -a $GITHUB_OUTPUT
+          echo "version=$VERSION" | tee -a $GITHUB_OUTPUT
       - name: Build matrix
         id: matrix
         run: |
-          MATRIX="$(./scripts/find-apps.sh --ci)"
+          APPS="$(./scripts/find-apps.sh --ci)"
+          MATRIX="$(echo "${APPS}" | jq -c '
+            [
+              (.[] | select(.profile == "emqx") | . + {
+                builder: "5.2-3",
+                otp: "25.3.2-2",
+                elixir: "1.14.5"
+              }),
+              (.[] | select(.profile == "emqx-enterprise") | . + {
+                builder: "5.2-3",
+                otp: ["25.3.2-2"][],
+                elixir: "1.14.5"
+              })
+            ]
+          ')"
           echo "${MATRIX}" | jq
-          CT_MATRIX="$(echo "${MATRIX}" | jq -c 'map({profile}) | unique')"
+          CT_MATRIX="$(echo "${MATRIX}" | jq -c 'map({profile, builder, otp, elixir}) | unique')"
           CT_HOST="$(echo "${MATRIX}"   | jq -c 'map(select(.runner == "host"))')"
           CT_DOCKER="$(echo "${MATRIX}" | jq -c 'map(select(.runner == "docker"))')"
           echo "ct-matrix=${CT_MATRIX}" | tee -a $GITHUB_OUTPUT
@@ -98,44 +85,49 @@ jobs:
   build_packages:
     if: needs.prepare.outputs.release == 'true'
     needs:
-      - init
       - prepare
     uses: ./.github/workflows/build_packages.yaml
     with:
       profile: ${{ needs.prepare.outputs.profile }}
-      publish: true
-      otp_vsn: ${{ needs.init.outputs.OTP_VSN }}
-      elixir_vsn: ${{ needs.init.outputs.ELIXIR_VSN }}
-      builder_vsn: ${{ needs.init.outputs.BUILDER_VSN }}
+      publish: ${{ needs.prepare.outputs.release }}
+      otp_vsn: ${{ needs.prepare.outputs.otp_vsn }}
+      elixir_vsn: ${{ needs.prepare.outputs.elixir_vsn }}
+      builder_vsn: ${{ needs.prepare.outputs.builder_vsn }}
     secrets: inherit
 
   build_and_push_docker_images:
     if: needs.prepare.outputs.release == 'true'
     needs:
-      - init
       - prepare
     uses: ./.github/workflows/build_and_push_docker_images.yaml
     with:
       profile: ${{ needs.prepare.outputs.profile }}
-      publish: true
+      version: ${{ needs.prepare.outputs.version }}
+      publish: ${{ needs.prepare.outputs.release }}
       latest: ${{ needs.prepare.outputs.latest }}
-      build_from: ${{ needs.init.outputs.BUILD_FROM }}
-      run_from: ${{ needs.init.outputs.RUN_FROM }}
+      otp_vsn: ${{ needs.prepare.outputs.otp_vsn }}
+      elixir_vsn: ${{ needs.prepare.outputs.elixir_vsn }}
+      builder_vsn: ${{ needs.prepare.outputs.builder_vsn }}
+      runner_labels: ${{ needs.prepare.outputs.runner_labels }}
     secrets: inherit
 
   build_slim_packages:
     if: needs.prepare.outputs.release != 'true'
     needs:
-      - init
       - prepare
     uses: ./.github/workflows/build_slim_packages.yaml
+    with:
+      runner_labels: ${{ needs.prepare.outputs.runner_labels }}
+      builder: ${{ needs.prepare.outputs.builder }}
+      builder_vsn: ${{ needs.prepare.outputs.builder_vsn }}
+      otp_vsn: ${{ needs.prepare.outputs.otp_vsn }}
+      elixir_vsn: ${{ needs.prepare.outputs.elixir_vsn }}
 
   compile:
     if: needs.prepare.outputs.release != 'true'
-    runs-on: ${{ endsWith(github.repository, '/emqx') && 'ubuntu-22.04' || fromJSON('["self-hosted","ephemeral","linux","x64"]') }}
-    container: ${{ needs.init.outputs.BUILDER }}
+    runs-on: ${{ fromJSON(needs.prepare.outputs.runner_labels) }}
+    container: ${{ needs.prepare.outputs.builder }}
     needs:
-      - init
       - prepare
     strategy:
       matrix:
@@ -143,11 +135,8 @@ jobs:
           - emqx
           - emqx-enterprise
 
-    permissions:
-      contents: read
-
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@v3
         with:
           ref: ${{ github.event.inputs.ref }}
           fetch-depth: 0
@@ -160,10 +149,8 @@ jobs:
           ENABLE_COVER_COMPILE: 1
         run: |
           make $PROFILE
-          echo "PROFILE=${PROFILE}" | tee -a .env
-          echo "PKG_VSN=$(./pkg-vsn.sh ${PROFILE})" | tee -a .env
-          zip -ryq -x@.github/workflows/.zipignore $PROFILE.zip .
-      - uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
+          zip -ryq $PROFILE.zip .
+      - uses: actions/upload-artifact@v3
         with:
           name: ${{ matrix.profile }}
           path: ${{ matrix.profile }}.zip
@@ -171,23 +158,24 @@ jobs:
 
   run_emqx_app_tests:
     needs:
-      - init
+      - prepare
       - compile
     uses: ./.github/workflows/run_emqx_app_tests.yaml
     with:
-      builder: ${{ needs.init.outputs.BUILDER }}
+      runner_labels: ${{ needs.prepare.outputs.runner_labels }}
+      builder: ${{ needs.prepare.outputs.builder }}
       before_ref: ${{ github.event.before }}
       after_ref: ${{ github.sha }}
 
   run_test_cases:
     if: needs.prepare.outputs.release != 'true'
     needs:
-      - init
       - prepare
       - compile
     uses: ./.github/workflows/run_test_cases.yaml
     with:
-      builder: ${{ needs.init.outputs.BUILDER }}
+      runner_labels: ${{ needs.prepare.outputs.runner_labels }}
+      builder: ${{ needs.prepare.outputs.builder }}
       ct-matrix: ${{ needs.prepare.outputs.ct-matrix }}
       ct-host: ${{ needs.prepare.outputs.ct-host }}
       ct-docker: ${{ needs.prepare.outputs.ct-docker }}
@@ -195,20 +183,20 @@ jobs:
   run_conf_tests:
     if: needs.prepare.outputs.release != 'true'
     needs:
-      - init
       - prepare
       - compile
     uses: ./.github/workflows/run_conf_tests.yaml
     with:
-      builder: ${{ needs.init.outputs.BUILDER }}
+      runner_labels: ${{ needs.prepare.outputs.runner_labels }}
+      builder: ${{ needs.prepare.outputs.builder }}
 
   static_checks:
     if: needs.prepare.outputs.release != 'true'
     needs:
-      - init
       - prepare
       - compile
     uses: ./.github/workflows/static_checks.yaml
     with:
-      builder: ${{ needs.init.outputs.BUILDER }}
+      runner_labels: ${{ needs.prepare.outputs.runner_labels }}
+      builder: ${{ needs.prepare.outputs.builder }}
       ct-matrix: ${{ needs.prepare.outputs.ct-matrix }}

.github/workflows/build_and_push_docker_images.yaml

@@ -10,16 +10,25 @@ on:
       profile:
         required: true
         type: string
+      version:
+        required: true
+        type: string
       latest:
         required: true
         type: string
       publish:
         required: true
-        type: boolean
-      build_from:
+        type: string
+      otp_vsn:
         required: true
         type: string
-      run_from:
+      elixir_vsn:
+        required: true
+        type: string
+      builder_vsn:
+        required: true
+        type: string
+      runner_labels:
         required: true
         type: string
     secrets:
@@ -39,6 +48,8 @@ on:
         required: false
         type: string
         default: 'emqx'
+      version:
+        required: true
       latest:
         required: false
         type: boolean
@@ -47,22 +58,26 @@ on:
         required: false
         type: boolean
         default: false
-      build_from:
+      otp_vsn:
         required: false
         type: string
-        default: ghcr.io/emqx/emqx-builder/5.3-9:1.15.7-26.2.5-3-debian12
-      run_from:
-        default: public.ecr.aws/debian/debian:stable-20240612-slim
-
-permissions:
-  contents: read
+        default: '25.3.2-2'
+      elixir_vsn:
+        required: false
+        type: string
+        default: '1.14.5'
+      builder_vsn:
+        required: false
+        type: string
+        default: '5.2-3'
+      runner_labels:
+        required: false
+        type: string
+        default: '["self-hosted","ephemeral","linux","x64"]'
 
 jobs:
-  build:
-    runs-on: ${{ github.repository_owner == 'emqx' && fromJSON(format('["self-hosted","ephemeral","linux","{0}"]', matrix.arch)) || 'ubuntu-22.04' }}
-    container: ${{ inputs.build_from }}
-    outputs:
-      PKG_VSN: ${{ steps.build.outputs.PKG_VSN }}
+  docker:
+    runs-on: ${{ fromJSON(inputs.runner_labels) }}
 
     strategy:
       fail-fast: false
@@ -70,141 +85,54 @@ jobs:
         profile:
           - ${{ inputs.profile }}
           - ${{ inputs.profile }}-elixir
-        arch:
-          - x64
-          - arm64
+        registry:
+          - 'docker.io'
+          - 'public.ecr.aws'
+        exclude:
+          - profile: emqx-enterprise
+            registry: 'public.ecr.aws'
+          - profile: emqx-enterprise-elixir
+            registry: 'public.ecr.aws'
 
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-        with:
-          ref: ${{ github.event.inputs.ref }}
-      - run: git config --global --add safe.directory "$PWD"
-      - name: build release tarball
-        id: build
-        run: |
-          make ${{ matrix.profile }}-tgz
-      - uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
-        with:
-          name: "${{ matrix.profile }}-${{ matrix.arch }}.tar.gz"
-          path: "_packages/emqx*/emqx-*.tar.gz"
-          retention-days: 7
-          overwrite: true
-          if-no-files-found: error
+    - uses: actions/checkout@v3
+      with:
+        ref: ${{ github.event.inputs.ref }}
+        fetch-depth: 0
 
-  docker:
-    runs-on: ${{ endsWith(github.repository, '/emqx') && 'ubuntu-22.04' || fromJSON('["self-hosted","ephemeral","linux","x64"]') }}
-    needs:
-      - build
-    defaults:
-      run:
-        shell: bash
+    - uses: docker/setup-qemu-action@v2
+    - uses: docker/setup-buildx-action@v2
 
-    strategy:
-      fail-fast: false
-      matrix:
-        profile:
-          - ["${{ inputs.profile }}", "${{ inputs.profile == 'emqx' && 'docker.io,public.ecr.aws' || 'docker.io' }}"]
-          - ["${{ inputs.profile }}-elixir", "${{ inputs.profile == 'emqx' && 'docker.io,public.ecr.aws' || 'docker.io' }}"]
+    - name: Login to hub.docker.com
+      uses: docker/login-action@v2
+      if: matrix.registry == 'docker.io'
+      with:
+        username: ${{ secrets.DOCKER_HUB_USER }}
+        password: ${{ secrets.DOCKER_HUB_TOKEN }}
 
-    steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-        with:
-          ref: ${{ github.event.inputs.ref }}
-      - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
-        with:
-          pattern: "${{ matrix.profile[0] }}-*.tar.gz"
-          path: _packages
-          merge-multiple: true
+    - name: Login to AWS ECR
+      uses: docker/login-action@v2
+      if: matrix.registry == 'public.ecr.aws'
+      with:
+        registry: public.ecr.aws
+        username: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        ecr: true
 
-      - name: Move artifacts to root directory
-        env:
-          PROFILE: ${{ inputs.profile }}
-        run: |
-          ls -lR _packages/$PROFILE
-          mv _packages/$PROFILE/*.tar.gz ./
-
-      - name: Enable containerd image store on Docker Engine
-        run: |
-          echo "$(sudo cat /etc/docker/daemon.json | jq '. += {"features": {"containerd-snapshotter": true}}')" > daemon.json
-          sudo mv daemon.json /etc/docker/daemon.json
-          sudo systemctl restart docker
-
-      - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0
-      - uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1
-
-      - name: Login to hub.docker.com
-        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
-        if: inputs.publish && contains(matrix.profile[1], 'docker.io')
-        with:
-          username: ${{ secrets.DOCKER_HUB_USER }}
-          password: ${{ secrets.DOCKER_HUB_TOKEN }}
-
-      - name: Login to AWS ECR
-        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
-        if: inputs.publish && contains(matrix.profile[1], 'public.ecr.aws')
-        with:
-          registry: public.ecr.aws
-          username: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          password: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          ecr: true
-
-      - name: Build docker image for smoke test
-        env:
-          PROFILE: ${{ matrix.profile[0] }}
-          DOCKER_REGISTRY: ${{ matrix.profile[1] }}
-          DOCKER_ORG: ${{ github.repository_owner }}
-          DOCKER_LATEST: ${{ inputs.latest }}
-          DOCKER_PUSH: false
-          DOCKER_BUILD_NOCACHE: true
-          BUILD_FROM: ${{ inputs.build_from }}
-          RUN_FROM: ${{ inputs.run_from }}
-          PKG_VSN: ${{ needs.build.outputs.PKG_VSN }}
-          EMQX_SOURCE_TYPE: tgz
-        run: |
-          ./build ${PROFILE} docker
-          echo "Built tags:"
-          echo "==========="
-          cat .emqx_docker_image_tags
-          echo "==========="
-          echo "_EMQX_DOCKER_IMAGE_TAG=$(head -n 1 .emqx_docker_image_tags)" >> $GITHUB_ENV
-
-      - name: smoke test
-        timeout-minutes: 1
-        run: |
-          for tag in $(cat .emqx_docker_image_tags); do
-            CID=$(docker run -d -p 18083:18083 $tag)
-            HTTP_PORT=$(docker inspect --format='{{(index (index .NetworkSettings.Ports "18083/tcp") 0).HostPort}}' $CID)
-            ./scripts/test/emqx-smoke-test.sh localhost $HTTP_PORT
-            docker rm -f $CID
-          done
-      - name: dashboard tests
-        working-directory: ./scripts/ui-tests
-        timeout-minutes: 5
-        run: |
-          set -eu
-          docker compose up --abort-on-container-exit --exit-code-from selenium
-          docker compose rm -fsv
-      - name: test node_dump
-        run: |
-          CID=$(docker run -d -P $_EMQX_DOCKER_IMAGE_TAG)
-          docker exec -t -u root -w /root $CID bash -c 'apt-get -y update && apt-get -y install net-tools'
-          docker exec -t -u root $CID node_dump
-          docker rm -f $CID
-
-      - name: Build and push docker image
-        if: inputs.publish || github.repository_owner != 'emqx'
-        env:
-          PROFILE: ${{ matrix.profile[0] }}
-          DOCKER_REGISTRY: ${{ matrix.profile[1] }}
-          DOCKER_ORG: ${{ github.repository_owner }}
-          DOCKER_LATEST: ${{ inputs.latest }}
-          DOCKER_PUSH: true
-          DOCKER_BUILD_NOCACHE: false
-          DOCKER_PLATFORMS: linux/amd64,linux/arm64
-          DOCKER_LOAD: false
-          BUILD_FROM: ${{ inputs.build_from }}
-          RUN_FROM: ${{ inputs.run_from }}
-          PKG_VSN: ${{ needs.build.outputs.PKG_VSN }}
-          EMQX_SOURCE_TYPE: tgz
-        run: |
-          ./build ${PROFILE} docker
+    - name: Build docker image
+      env:
+        PROFILE: ${{ matrix.profile }}
+        DOCKER_REGISTRY: ${{ matrix.registry }}
+        DOCKER_ORG: ${{ github.repository_owner }}
+        DOCKER_LATEST: ${{ inputs.latest }}
+        DOCKER_PUSH: ${{ inputs.publish == 'true' || inputs.publish || github.repository_owner != 'emqx' }}
+        DOCKER_BUILD_NOCACHE: true
+        DOCKER_PLATFORMS: linux/amd64,linux/arm64
+        EMQX_RUNNER: 'debian:11-slim'
+        EMQX_DOCKERFILE: 'deploy/docker/Dockerfile'
+        PKG_VSN: ${{ inputs.version }}
+        EMQX_BUILDER_VSN: ${{ inputs.builder_vsn }}
+        EMQX_OTP_VSN: ${{ inputs.otp_vsn }}
+        EMQX_ELIXIR_VSN: ${{ inputs.elixir_vsn }}
+      run: |
+        ./build ${PROFILE} docker

.github/workflows/build_docker_for_test.yaml

@@ -6,15 +6,31 @@ concurrency:
 
 on:
   workflow_call:
-
-permissions:
-  contents: read
+    inputs:
+      runner_labels:
+        required: true
+        type: string
+      otp_vsn:
+        required: true
+        type: string
+      elixir_vsn:
+        required: true
+        type: string
+      version-emqx:
+        required: true
+        type: string
+      version-emqx-enterprise:
+        required: true
+        type: string
 
 jobs:
   docker:
-    runs-on: ${{ endsWith(github.repository, '/emqx') && 'ubuntu-22.04' || fromJSON('["self-hosted","ephemeral","linux","x64"]') }}
+    runs-on: ${{ fromJSON(inputs.runner_labels) }}
     env:
       EMQX_NAME: ${{ matrix.profile }}
+      PKG_VSN: ${{ startsWith(matrix.profile, 'emqx-enterprise') && inputs.version-emqx-enterprise || inputs.version-emqx }}
+      OTP_VSN: ${{ inputs.otp_vsn }}
+      ELIXIR_VSN: ${{ inputs.elixir_vsn }}
 
     strategy:
       fail-fast: false
@@ -26,32 +42,22 @@ jobs:
           - emqx-enterprise-elixir
 
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-      - name: Set up environment
-        id: env
-        run: |
-          source env.sh
-          PKG_VSN=$(docker run --rm -v $(pwd):$(pwd) -w $(pwd) -u $(id -u) "$EMQX_BUILDER" ./pkg-vsn.sh "$EMQX_NAME")
-          echo "PKG_VSN=$PKG_VSN" >> "$GITHUB_ENV"
+      - uses: actions/checkout@v3
       - name: build and export to Docker
         id: build
         run: |
           make ${EMQX_NAME}-docker
-          echo "_EMQX_DOCKER_IMAGE_TAG=$(head -n 1 .emqx_docker_image_tags)" >> $GITHUB_ENV
+          echo "EMQX_IMAGE_TAG=$(cat .docker_image_tag)" >> $GITHUB_ENV
       - name: smoke test
         run: |
-          CID=$(docker run -d --rm -P $_EMQX_DOCKER_IMAGE_TAG)
+          CID=$(docker run -d --rm -P $EMQX_IMAGE_TAG)
           HTTP_PORT=$(docker inspect --format='{{(index (index .NetworkSettings.Ports "18083/tcp") 0).HostPort}}' $CID)
-          ./scripts/test/emqx-smoke-test.sh localhost $HTTP_PORT || {
-            docker logs $CID
-            exit 1
-          }
+          ./scripts/test/emqx-smoke-test.sh localhost $HTTP_PORT
           docker stop $CID
       - name: export docker image
-        if: always()
         run: |
-          docker save $_EMQX_DOCKER_IMAGE_TAG | gzip > $EMQX_NAME-docker-$PKG_VSN.tar.gz
-      - uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
+          docker save $EMQX_IMAGE_TAG | gzip > $EMQX_NAME-docker-$PKG_VSN.tar.gz
+      - uses: actions/upload-artifact@v3
         with:
           name: "${{ env.EMQX_NAME }}-docker"
           path: "${{ env.EMQX_NAME }}-docker-${{ env.PKG_VSN }}.tar.gz"

.github/workflows/build_packages.yaml

@@ -12,7 +12,7 @@ on:
         type: string
       publish:
         required: true
-        type: boolean
+        type: string
       otp_vsn:
         required: true
         type: string
@@ -46,8 +46,7 @@ on:
       ref:
         required: false
       profile:
-        required: true
-        default: 'emqx'
+        required: false
       publish:
         required: false
         type: boolean
@@ -55,34 +54,84 @@ on:
       otp_vsn:
         required: false
         type: string
-        default: '26.2.5-3'
+        default: '25.3.2-2'
       elixir_vsn:
         required: false
         type: string
-        default: '1.15.7'
+        default: '1.14.5'
       builder_vsn:
         required: false
         type: string
-        default: '5.3-9'
-
-permissions:
-  contents: read
+        default: '5.2-3'
 
 jobs:
+  windows:
+    runs-on: windows-2019
+    if: inputs.profile == 'emqx'
+    strategy:
+      fail-fast: false
+      matrix:
+        profile: # for now only CE for windows
+          - emqx
+    steps:
+    - uses: actions/checkout@v3
+      with:
+        ref: ${{ github.event.inputs.ref }}
+        fetch-depth: 0
+
+    - uses: ilammy/msvc-dev-cmd@v1.12.0
+    - uses: erlef/setup-beam@v1.16.0
+      with:
+        otp-version: 25.3.2
+    - name: build
+      env:
+        PYTHON: python
+        DIAGNOSTIC: 1
+      run: |
+        # ensure crypto app (openssl)
+        erl -eval "erlang:display(crypto:info_lib())" -s init stop
+        make ${{ matrix.profile }}-tgz
+    - name: run emqx
+      timeout-minutes: 5
+      run: |
+        $ErrorActionPreference = "Stop"
+        ./_build/${{ matrix.profile }}/rel/emqx/bin/emqx start
+        Start-Sleep -s 10
+        $pingOutput = ./_build/${{ matrix.profile }}/rel/emqx/bin/emqx ping
+        if ($pingOutput = 'pong') {
+          echo "EMQX started OK"
+        } else {
+          echo "Failed to ping EMQX $pingOutput"
+          Exit 1
+        }
+        ./_build/${{ matrix.profile }}/rel/emqx/bin/emqx stop
+        echo "EMQX stopped"
+        ./_build/${{ matrix.profile }}/rel/emqx/bin/emqx install
+        echo "EMQX installed"
+        ./_build/${{ matrix.profile }}/rel/emqx/bin/emqx uninstall
+        echo "EMQX uninstalled"
+    - uses: actions/upload-artifact@v3
+      if: success()
+      with:
+        name: ${{ matrix.profile }}
+        path: _packages/${{ matrix.profile }}/
+
   mac:
     strategy:
       fail-fast: false
       matrix:
         profile:
           - ${{ inputs.profile }}
-        os:
-          - macos-13
-          - macos-14
         otp:
           - ${{ inputs.otp_vsn }}
+        os:
+          - macos-11
+          - macos-12
+          - macos-12-arm64
     runs-on: ${{ matrix.os }}
     steps:
-    - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+    - uses: emqx/self-hosted-cleanup-action@v1.0.3
+    - uses: actions/checkout@v3
       with:
         ref: ${{ github.event.inputs.ref }}
         fetch-depth: 0
@@ -95,115 +144,138 @@ jobs:
         apple_developer_identity: ${{ secrets.APPLE_DEVELOPER_IDENTITY }}
         apple_developer_id_bundle: ${{ secrets.APPLE_DEVELOPER_ID_BUNDLE }}
         apple_developer_id_bundle_password: ${{ secrets.APPLE_DEVELOPER_ID_BUNDLE_PASSWORD }}
-    - uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
+    - uses: actions/upload-artifact@v3
       if: success()
       with:
-        name: ${{ matrix.profile }}-${{ matrix.os }}-${{ matrix.otp }}
+        name: ${{ matrix.profile }}
         path: _packages/${{ matrix.profile }}/
-        retention-days: 7
 
   linux:
-    runs-on: [self-hosted, ephemeral, linux, "${{ matrix.arch == 'arm64' && 'arm64' || 'x64' }}"]
+    runs-on: ['self-hosted', 'ephemeral', 'linux', "${{ matrix.arch }}"]
+    # always run in builder container because the host might have the wrong OTP version etc.
+    # otherwise buildx.sh does not run docker if arch and os matches the target arch and os.
+    container:
+      image: "ghcr.io/emqx/emqx-builder/${{ matrix.builder }}:${{ matrix.elixir }}-${{ matrix.otp }}-${{ matrix.os }}"
+
     strategy:
       fail-fast: false
       matrix:
         profile:
           - ${{ inputs.profile }}
+        otp:
+          - ${{ inputs.otp_vsn }}
+        arch:
+          - x64
+          - arm64
         os:
-          - ubuntu24.04
           - ubuntu22.04
           - ubuntu20.04
+          - ubuntu18.04
           - debian12
           - debian11
           - debian10
           - el9
           - el8
+          - el7
           - amzn2
           - amzn2023
-        arch:
-          - amd64
-          - arm64
-        with_elixir:
-          - 'no'
-        otp:
-          - ${{ inputs.otp_vsn }}
         builder:
           - ${{ inputs.builder_vsn }}
         elixir:
           - ${{ inputs.elixir_vsn }}
+        with_elixir:
+          - 'no'
         include:
-          - profile: ${{ inputs.profile }}
-            os: ubuntu22.04
-            arch: amd64
-            with_elixir: 'yes'
+          - profile: emqx
             otp: ${{ inputs.otp_vsn }}
+            arch: x64
+            os: ubuntu22.04
             builder: ${{ inputs.builder_vsn }}
             elixir: ${{ inputs.elixir_vsn }}
+            with_elixir: 'yes'
 
     defaults:
       run:
         shell: bash
 
     steps:
-    - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+    - uses: AutoModality/action-clean@v1
+
+    - uses: actions/checkout@v3
       with:
         ref: ${{ github.event.inputs.ref }}
         fetch-depth: 0
-    - name: build tgz
+
+    - name: fix workdir
+      run: |
+        set -eu
+        git config --global --add safe.directory "$GITHUB_WORKSPACE"
+        # Align path for CMake caches
+        if [ ! "$PWD" = "/emqx" ]; then
+          ln -s $PWD /emqx
+          cd /emqx
+        fi
+        echo "pwd is $PWD"
+
+    - name: build emqx packages
       env:
         PROFILE: ${{ matrix.profile }}
-        ARCH: ${{ matrix.arch }}
-        OS: ${{ matrix.os }}
         IS_ELIXIR: ${{ matrix.with_elixir }}
-        BUILDER: "ghcr.io/emqx/emqx-builder/${{ matrix.builder }}:${{ matrix.elixir }}-${{ matrix.otp }}-${{ matrix.os }}"
-        BUILDER_SYSTEM: force_docker
+        ACLOCAL_PATH: "/usr/share/aclocal:/usr/local/share/aclocal"
       run: |
-        ./scripts/buildx.sh \
-          --profile $PROFILE \
-          --arch $ARCH \
-          --builder $BUILDER \
-          --elixir $IS_ELIXIR \
-          --pkgtype tgz
-    - name: build pkg
-      if: matrix.with_elixir == 'no'
+        set -eu
+        if [ "${IS_ELIXIR:-}" == 'yes' ]; then
+          make "${PROFILE}-elixir-tgz"
+        else
+          make "${PROFILE}-tgz"
+          make "${PROFILE}-pkg"
+        fi
+    - name: test emqx packages
       env:
         PROFILE: ${{ matrix.profile }}
-        ARCH: ${{ matrix.arch }}
-        OS: ${{ matrix.os }}
         IS_ELIXIR: ${{ matrix.with_elixir }}
-        BUILDER: "ghcr.io/emqx/emqx-builder/${{ matrix.builder }}:${{ matrix.elixir }}-${{ matrix.otp }}-${{ matrix.os }}"
-        BUILDER_SYSTEM: force_docker
       run: |
-        ./scripts/buildx.sh \
-          --profile $PROFILE \
-          --arch $ARCH \
-          --builder $BUILDER \
-          --elixir $IS_ELIXIR \
-          --pkgtype pkg
-    - uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
+        set -eu
+        if [ "${IS_ELIXIR:-}" == 'yes' ]; then
+          ./scripts/pkg-tests.sh "${PROFILE}-elixir-tgz"
+        else
+          ./scripts/pkg-tests.sh "${PROFILE}-tgz"
+          ./scripts/pkg-tests.sh "${PROFILE}-pkg"
+        fi
+    - uses: actions/upload-artifact@v3
       with:
-        name: ${{ matrix.profile }}-${{ matrix.os }}-${{ matrix.arch }}${{ matrix.with_elixir == 'yes' && '-elixir' || '' }}-${{ matrix.builder }}-${{ matrix.otp }}-${{ matrix.elixir }}
+        name: ${{ matrix.profile }}
         path: _packages/${{ matrix.profile }}/
-        retention-days: 7
 
   publish_artifacts:
     runs-on: ubuntu-latest
     needs:
       - mac
       - linux
-    if: inputs.publish
+    if: inputs.publish == 'true' || inputs.publish
     strategy:
       fail-fast: false
       matrix:
         profile:
           - ${{ inputs.profile }}
     steps:
-    - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
+    - uses: actions/download-artifact@v3
       with:
-        pattern: "${{ matrix.profile }}-*"
+        name: ${{ matrix.profile }}
         path: packages/${{ matrix.profile }}
-        merge-multiple: true
-    - uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
+    - name: install dos2unix
+      run: sudo apt-get update -y && sudo apt install -y dos2unix
+    - name: get packages
+      run: |
+        set -eu
+        cd packages/${{ matrix.profile }}
+        # fix the .sha256 file format
+        for var in $(ls | grep emqx | grep -v sha256); do
+          dos2unix $var.sha256
+          echo "$(cat $var.sha256) $var" | sha256sum -c || exit 1
+        done
+        cd -
+    - uses: aws-actions/configure-aws-credentials@v2
       with:
         aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
         aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
@@ -211,9 +283,6 @@ jobs:
     - name: upload to aws s3
       env:
         PROFILE: ${{ matrix.profile }}
-        REF_NAME: ${{ github.event_name == 'workflow_dispatch' && github.event.inputs.ref || github.ref_name }}
-        AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }}
-        AWS_CLOUDFRONT_ID: ${{ secrets.AWS_CLOUDFRONT_ID }}
       run: |
         set -eu
         if [ $PROFILE = 'emqx' ]; then
@@ -224,5 +293,5 @@ jobs:
             echo "unknown profile $PROFILE"
             exit 1
         fi
-        aws s3 cp --recursive packages/$PROFILE s3://$AWS_S3_BUCKET/$s3dir/$REF_NAME
-        aws cloudfront create-invalidation --distribution-id "$AWS_CLOUDFRONT_ID" --paths "/$s3dir/$REF_NAME/*"
+        aws s3 cp --recursive packages/$PROFILE s3://${{ secrets.AWS_S3_BUCKET }}/$s3dir/${{ github.ref_name }}
+        aws cloudfront create-invalidation --distribution-id ${{ secrets.AWS_CLOUDFRONT_ID }} --paths "/$s3dir/${{ github.ref_name }}/*"

.github/workflows/build_packages_cron.yaml

@@ -9,59 +9,76 @@ on:
     - cron:  '0 */6 * * *'
   workflow_dispatch:
 
-permissions:
-  contents: read
-
 jobs:
   linux:
     if: github.repository_owner == 'emqx'
-    runs-on: ${{ endsWith(github.repository, '/emqx') && 'ubuntu-22.04' || fromJSON('["self-hosted","ephemeral","linux","x64"]') }}
+    runs-on: ['self-hosted', 'ephemeral', 'linux', "${{ matrix.arch }}"]
+    container:
+      image: "ghcr.io/emqx/emqx-builder/${{ matrix.builder }}:${{ matrix.elixir }}-${{ matrix.otp }}-${{ matrix.os }}"
 
     strategy:
       fail-fast: false
       matrix:
         profile:
           - ['emqx', 'master']
-          - ['emqx', 'release-57']
-          - ['emqx', 'release-58']
+          - ['emqx-enterprise', 'release-52']
+          - ['emqx-enterprise', 'release-53']
+        otp:
+          - 25.3.2-2
+        arch:
+          - x64
         os:
+          - debian10
           - ubuntu22.04
           - amzn2023
-
-    env:
-      PROFILE: ${{ matrix.profile[0] }}
-      OS: ${{ matrix.os }}
-      BUILDER_SYSTEM: force_docker
+        builder:
+          - 5.2-3
+        elixir:
+          - 1.14.5
 
     defaults:
       run:
         shell: bash
 
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@v3
         with:
           ref: ${{ matrix.profile[1] }}
           fetch-depth: 0
-      - name: Set up environment
-        id: env
+
+      - name: fix workdir
         run: |
-          source env.sh
-          BUILDER="ghcr.io/emqx/emqx-builder/${EMQX_BUILDER_VSN}:${ELIXIR_VSN}-${OTP_VSN}-${OS}"
-          echo "BUILDER=$BUILDER" >> "$GITHUB_ENV"
-      - name: build tgz
+          set -eu
+          git config --global --add safe.directory "$GITHUB_WORKSPACE"
+          # Align path for CMake caches
+          if [ ! "$PWD" = "/emqx" ]; then
+            ln -s $PWD /emqx
+            cd /emqx
+          fi
+          echo "pwd is $PWD"
+
+      - name: build emqx packages
+        env:
+          PROFILE: ${{ matrix.profile[0] }}
+          ACLOCAL_PATH: "/usr/share/aclocal:/usr/local/share/aclocal"
         run: |
-          ./scripts/buildx.sh --profile "$PROFILE" --pkgtype tgz --builder "$BUILDER"
-      - name: build pkg
+          set -eu
+          make "${PROFILE}-tgz"
+          make "${PROFILE}-pkg"
+      - name: test emqx packages
+        env:
+          PROFILE: ${{ matrix.profile[0] }}
         run: |
-          ./scripts/buildx.sh --profile "$PROFILE" --pkgtype pkg --builder "$BUILDER"
-      - uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
+          set -eu
+          ./scripts/pkg-tests.sh "${PROFILE}-tgz"
+          ./scripts/pkg-tests.sh "${PROFILE}-pkg"
+      - uses: actions/upload-artifact@v3
         if: success()
         with:
-          name: ${{ matrix.profile[0] }}-${{ matrix.profile[1] }}-${{ matrix.os }}
+          name: ${{ matrix.profile[0] }}
           path: _packages/${{ matrix.profile[0] }}/
-          retention-days: 7
       - name: Send notification to Slack
-        uses: slackapi/slack-github-action@70cd7be8e40a46e8b0eced40b0de447bdb42f68e # v1.26.0
+        uses: slackapi/slack-github-action@v1.23.0
         if: failure()
         env:
           SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
@@ -80,39 +97,93 @@ jobs:
           - emqx
         branch:
           - master
+        otp:
+          - 25.3.2-2
         os:
-          - macos-14-arm64
+          - macos-13
+          - macos-12-arm64
 
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@v3
         with:
           ref: ${{ matrix.branch }}
           fetch-depth: 0
-      - name: Set up environment
-        id: env
-        run: |
-          source env.sh
-          echo "OTP_VSN=$OTP_VSN" >> "$GITHUB_OUTPUT"
       - uses: ./.github/actions/package-macos
         with:
           profile: ${{ matrix.profile }}
-          otp: ${{ steps.env.outputs.OTP_VSN }}
+          otp: ${{ matrix.otp }}
           os: ${{ matrix.os }}
           apple_id_password: ${{ secrets.APPLE_ID_PASSWORD }}
           apple_developer_identity: ${{ secrets.APPLE_DEVELOPER_IDENTITY }}
           apple_developer_id_bundle: ${{ secrets.APPLE_DEVELOPER_ID_BUNDLE }}
           apple_developer_id_bundle_password: ${{ secrets.APPLE_DEVELOPER_ID_BUNDLE_PASSWORD }}
-      - uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
+      - uses: actions/upload-artifact@v3
         if: success()
         with:
-          name: ${{ matrix.profile }}-${{ matrix.os }}
+          name: ${{ matrix.profile }}
           path: _packages/${{ matrix.profile }}/
           retention-days: 7
       - name: Send notification to Slack
-        uses: slackapi/slack-github-action@70cd7be8e40a46e8b0eced40b0de447bdb42f68e # v1.26.0
+        uses: slackapi/slack-github-action@v1.23.0
         if: failure()
         env:
           SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
         with:
           payload: |
             {"text": "Scheduled build of ${{ matrix.profile }} package for ${{ matrix.os }} failed: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"}
+
+  windows:
+    if: github.repository_owner == 'emqx'
+    runs-on: windows-2019
+    strategy:
+      fail-fast: false
+      matrix:
+        profile:
+          - emqx
+        otp:
+          - 25.3.2
+    steps:
+      - uses: actions/checkout@v3
+      - uses: ilammy/msvc-dev-cmd@v1.12.0
+      - uses: erlef/setup-beam@v1.16.0
+        with:
+          otp-version: ${{ matrix.otp }}
+      - name: build
+        env:
+          PYTHON: python
+          DIAGNOSTIC: 1
+        run: |
+          # ensure crypto app (openssl)
+          erl -eval "erlang:display(crypto:info_lib())" -s init stop
+          make ${{ matrix.profile }}-tgz
+      - name: run emqx
+        timeout-minutes: 5
+        run: |
+          ./_build/${{ matrix.profile }}/rel/emqx/bin/emqx start
+          Start-Sleep -s 10
+          $pingOutput = ./_build/${{ matrix.profile }}/rel/emqx/bin/emqx ping
+          if ($pingOutput = 'pong') {
+            echo "EMQX started OK"
+          } else {
+            echo "Failed to ping EMQX $pingOutput"
+            Exit 1
+          }
+          ./_build/${{ matrix.profile }}/rel/emqx/bin/emqx stop
+          echo "EMQX stopped"
+          ./_build/${{ matrix.profile }}/rel/emqx/bin/emqx install
+          echo "EMQX installed"
+          ./_build/${{ matrix.profile }}/rel/emqx/bin/emqx uninstall
+          echo "EMQX uninstalled"
+      - uses: actions/upload-artifact@v3
+        with:
+          name: windows
+          path: _packages/${{ matrix.profile }}/*
+          retention-days: 7
+      - name: Send notification to Slack
+        uses: slackapi/slack-github-action@v1.23.0
+        if: failure()
+        env:
+          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+        with:
+          payload: |
+            {"text": "Scheduled build of ${{ matrix.profile }} package for Windows failed: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"}

.github/workflows/build_slim_packages.yaml

@@ -6,50 +6,99 @@ concurrency:
 
 on:
   workflow_call:
+    inputs:
+      runner_labels:
+        required: true
+        type: string
+      builder:
+        required: true
+        type: string
+      builder_vsn:
+        required: true
+        type: string
+      otp_vsn:
+        required: true
+        type: string
+      elixir_vsn:
+        required: true
+        type: string
+
   workflow_dispatch:
     inputs:
       ref:
         required: false
-
-permissions:
-  contents: read
+      runner_labels:
+        required: false
+        type: string
+        default: '["self-hosted","ephemeral", "linux", "x64"]'
+      builder:
+        required: false
+        type: string
+        default: 'ghcr.io/emqx/emqx-builder/5.2-3:1.14.5-25.3.2-2-ubuntu22.04'
+      builder_vsn:
+        required: false
+        type: string
+        default: '5.2-3'
+      otp_vsn:
+        required: false
+        type: string
+        default: '25.3.2-2'
+      elixir_vsn:
+        required: false
+        type: string
+        default: '1.14.5'
 
 jobs:
   linux:
-    runs-on: ${{ github.repository_owner == 'emqx' && fromJSON(format('["self-hosted","ephemeral","linux","{0}"]', matrix.profile[2])) || 'ubuntu-22.04' }}
+    runs-on: ${{ fromJSON(inputs.runner_labels) }}
     env:
-      PROFILE: ${{ matrix.profile[0] }}
-      ELIXIR: ${{ matrix.profile[1] == 'elixir' && 'yes' || 'no' }}
-      ARCH: ${{ matrix.profile[2] == 'x64' && 'amd64' || 'arm64' }}
-      BUILDER_SYSTEM: force_docker
+      EMQX_NAME: ${{ matrix.profile[0] }}
 
     strategy:
       fail-fast: false
       matrix:
         profile:
-          - ["emqx", "elixir", "x64"]
-          - ["emqx", "elixir", "arm64"]
-          - ["emqx-enterprise", "erlang", "x64"]
+          - ["emqx", "25.3.2-2", "ubuntu20.04", "elixir"]
+          - ["emqx-enterprise", "25.3.2-2", "ubuntu20.04", "erlang"]
+
+    container: "ghcr.io/emqx/emqx-builder/${{ inputs.builder_vsn }}:${{ inputs.elixir_vsn }}-${{ matrix.profile[1] }}-${{ matrix.profile[2] }}"
 
     steps:
-    - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+    - uses: actions/checkout@v3
       with:
         fetch-depth: 0
-    - name: build tgz
+    - name: Work around https://github.com/actions/checkout/issues/766
       run: |
-        ./scripts/buildx.sh --profile $PROFILE --pkgtype tgz --elixir $ELIXIR --arch $ARCH
-    - name: build pkg
+        git config --global --add safe.directory "$GITHUB_WORKSPACE"
+        echo "CODE_PATH=$GITHUB_WORKSPACE" >> $GITHUB_ENV
+    - name: build and test tgz package
+      if: matrix.profile[3] == 'erlang'
       run: |
-        ./scripts/buildx.sh --profile $PROFILE --pkgtype pkg --elixir $ELIXIR --arch $ARCH
-    - uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
+        make ${EMQX_NAME}-tgz
+        ./scripts/pkg-tests.sh ${EMQX_NAME}-tgz
+    - name: build and test deb/rpm packages
+      if: matrix.profile[3] == 'erlang'
+      run: |
+        make ${EMQX_NAME}-pkg
+        ./scripts/pkg-tests.sh ${EMQX_NAME}-pkg
+    - name: build and test tgz package (Elixir)
+      if: matrix.profile[3] == 'elixir'
+      run: |
+        make ${EMQX_NAME}-elixir-tgz
+        ./scripts/pkg-tests.sh ${EMQX_NAME}-elixir-tgz
+    - name: build and test deb/rpm packages (Elixir)
+      if: matrix.profile[3] == 'elixir'
+      run: |
+        make ${EMQX_NAME}-elixir-pkg
+        ./scripts/pkg-tests.sh ${EMQX_NAME}-elixir-pkg
+    - uses: actions/upload-artifact@v3
       with:
         name: "${{ matrix.profile[0] }}-${{ matrix.profile[1] }}-${{ matrix.profile[2] }}"
         path: _packages/${{ matrix.profile[0] }}/*
         retention-days: 7
-        compression-level: 0
-    - uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
+    - uses: actions/upload-artifact@v3
       with:
-        name: "${{ matrix.profile[0] }}-schema-dump-${{ matrix.profile[1] }}-${{ matrix.profile[2] }}"
+        name: "${{ matrix.profile[0] }}_schema_dump"
         path: |
           scripts/spellcheck
           _build/docgen/${{ matrix.profile[0] }}/schema-en.json
@@ -61,30 +110,28 @@ jobs:
       matrix:
         profile:
         - emqx
+        otp:
+        - ${{ inputs.otp_vsn }}
         os:
-        - macos-14-arm64
+        - macos-11
+        - macos-12-arm64
 
     runs-on: ${{ matrix.os }}
     env:
       EMQX_NAME: ${{ matrix.profile }}
 
     steps:
-    - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-    - name: Set up environment
-      id: env
-      run: |
-        source env.sh
-        echo "OTP_VSN=$OTP_VSN" >> "$GITHUB_OUTPUT"
+    - uses: actions/checkout@v3
     - uses: ./.github/actions/package-macos
       with:
         profile: ${{ matrix.profile }}
-        otp: ${{ steps.env.outputs.OTP_VSN }}
+        otp: ${{ matrix.otp }}
         os: ${{ matrix.os }}
         apple_id_password: ${{ secrets.APPLE_ID_PASSWORD }}
         apple_developer_identity: ${{ secrets.APPLE_DEVELOPER_IDENTITY }}
         apple_developer_id_bundle: ${{ secrets.APPLE_DEVELOPER_ID_BUNDLE }}
         apple_developer_id_bundle_password: ${{ secrets.APPLE_DEVELOPER_ID_BUNDLE_PASSWORD }}
-    - uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
+    - uses: actions/upload-artifact@v3
       with:
         name: ${{ matrix.os }}
         path: _packages/**/*

.github/workflows/check_deps_integrity.yaml

@@ -3,44 +3,43 @@ name: Check integrity of rebar and mix dependencies
 on:
   workflow_call:
     inputs:
+      runner_labels:
+        required: true
+        type: string
       builder:
         required: true
         type: string
 
-permissions:
-  contents: read
-
 jobs:
   check_deps_integrity:
-    runs-on: ${{ endsWith(github.repository, '/emqx') && 'ubuntu-22.04' || fromJSON('["self-hosted","ephemeral","linux","x64"]') }}
+    runs-on: ${{ fromJSON(inputs.runner_labels) }}
     container: ${{ inputs.builder }}
-    env:
-      MIX_ENV: ${{ matrix.profile }}
-      PROFILE: ${{ matrix.profile }}
-    strategy:
-      matrix:
-        profile:
-          - emqx-enterprise
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@v3
       - run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
       - run: make ensure-rebar3
       - run: ./scripts/check-deps-integrity.escript
       - name: Setup mix
+        env:
+          MIX_ENV: emqx-enterprise
+          PROFILE: emqx-enterprise
         run: |
-          # mix local.hex --force
-          mix local.hex 2.0.6 --force
+          mix local.hex --force
           mix local.rebar --force
           mix deps.get
-      - name: print mix dependency tree
-        run: mix deps.tree
       - run: ./scripts/check-elixir-deps-discrepancies.exs
+        env:
+          MIX_ENV: emqx-enterprise
+          PROFILE: emqx-enterprise
       - run: ./scripts/check-elixir-applications.exs
+        env:
+          MIX_ENV: emqx-enterprise
+          PROFILE: emqx-enterprise
       - name: Upload produced lock files
-        uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
+        uses: actions/upload-artifact@v3
         if: failure()
         with:
-          name: ${{ matrix.profile }}_produced_lock_files
+          name: produced_lock_files
           path: |
             mix.lock
             rebar.lock

.github/workflows/codeql.yaml

@@ -4,39 +4,40 @@ on:
   schedule:
     - cron: '33 14 * * 4'
   workflow_dispatch:
-
-permissions:
-  contents: read
+    inputs:
+      ref:
+        required: false
 
 jobs:
   analyze:
-    if: github.repository == 'emqx/emqx'
     name: Analyze
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-latest
     timeout-minutes: 360
     permissions:
       actions: read
+      contents: read
       security-events: write
+    container:
+      image: ghcr.io/emqx/emqx-builder/5.2-3:1.14.5-25.3.2-2-ubuntu22.04
 
     strategy:
       fail-fast: false
       matrix:
-        branch:
-          - master
-          - release-57
-          - release-58
-        language:
-          - cpp
-          - python
+        language: [ 'cpp', 'python' ]
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      uses: actions/checkout@v3
       with:
-        ref: ${{ matrix.branch }}
+        ref: ${{ github.event.inputs.ref }}
+
+    - name: Ensure git safe dir
+      run: |
+        git config --global --add safe.directory "$GITHUB_WORKSPACE"
+        make ensure-rebar3
 
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@7e187e1c529d80bac7b87a16e7a792427f65cf02 # v2.15.5
+      uses: github/codeql-action/init@v2
       with:
         languages: ${{ matrix.language }}
 
@@ -45,9 +46,16 @@ jobs:
       env:
         PROFILE: emqx-enterprise
       run: |
-        ./scripts/buildx.sh --profile emqx-enterprise --pkgtype rel
+        make emqx-enterprise-compile
+
+    - name: Fetch deps
+      if: matrix.language == 'python'
+      env:
+        PROFILE: emqx-enterprise
+      run: |
+        make deps-emqx-enterprise
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@7e187e1c529d80bac7b87a16e7a792427f65cf02 # v2.15.5
+      uses: github/codeql-action/analyze@v2
       with:
         category: "/language:${{matrix.language}}"

.github/workflows/green_master.yaml

@@ -8,36 +8,19 @@ on:
     - cron: "0 * * * *"
   workflow_dispatch:
 
-permissions:
-  contents: read
-
 jobs:
   rerun-failed-jobs:
     if: github.repository_owner == 'emqx'
-    runs-on: ubuntu-latest
+    runs-on: ['self-hosted', 'linux', 'x64', 'ephemeral']
     permissions:
       checks: read
       actions: write
-    strategy:
-      fail-fast: false
-      matrix:
-        ref:
-          - master
-          - release-57
-          - release-58
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-        with:
-          ref: ${{ matrix.ref }}
+      - uses: actions/checkout@v3
 
       - name: run script
         shell: bash
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          GITHUB_REPO: ${{ github.repository }}
         run: |
-          gh api --method GET -f head_sha=$(git rev-parse HEAD) -f status=completed -f exclude_pull_requests=true /repos/${GITHUB_REPO}/actions/runs > runs.json
-          for id in $(jq -r '.workflow_runs[] | select((."conclusion" == "failure") and (."name" != "Keep master green") and .run_attempt < 3) | .id' runs.json); do
-            echo "rerun https://github.com/${GITHUB_REPO}/actions/runs/$id"
-            gh api --method POST /repos/${GITHUB_REPO}/actions/runs/$id/rerun-failed-jobs || true
-          done
+          python3 scripts/rerun-failed-checks.py

.github/workflows/performance_test.yaml

@@ -19,20 +19,17 @@ env:
   TF_VAR_prometheus_remote_write_url: ${{ secrets.TF_EMQX_PERF_TEST_PROMETHEUS_REMOTE_WRITE_URL }}
   SLACK_WEBHOOK_URL: ${{ secrets.TF_EMQX_PERF_TEST_SLACK_URL }}
 
-permissions:
-  contents: read
-
 jobs:
   prepare:
     runs-on: ubuntu-latest
     if: github.repository_owner == 'emqx'
-    container: ghcr.io/emqx/emqx-builder/5.3-9:1.15.7-26.2.5-3-ubuntu20.04
+    container: ghcr.io/emqx/emqx-builder/5.2-3:1.14.5-25.3.2-2-ubuntu20.04
     outputs:
       BENCH_ID: ${{ steps.prepare.outputs.BENCH_ID }}
       PACKAGE_FILE: ${{ steps.package_file.outputs.PACKAGE_FILE }}
 
     steps:
-    - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+    - uses: actions/checkout@v3
       with:
         fetch-depth: 0
         ref: ${{ github.event.inputs.ref }}
@@ -52,7 +49,7 @@ jobs:
       id: package_file
       run: |
         echo "PACKAGE_FILE=$(find _packages/emqx -name 'emqx-*.deb' | head -n 1 | xargs basename)" >> $GITHUB_OUTPUT
-    - uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
+    - uses: actions/upload-artifact@v3
       with:
         name: emqx-ubuntu20.04
         path: _packages/emqx/${{ steps.package_file.outputs.PACKAGE_FILE }}
@@ -66,23 +63,23 @@ jobs:
 
     steps:
     - name: Configure AWS Credentials
-      uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
+      uses: aws-actions/configure-aws-credentials@v2
       with:
         aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_PERF_TEST }}
         aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_PERF_TEST }}
         aws-region: eu-west-1
     - name: Checkout tf-emqx-performance-test
-      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      uses: actions/checkout@v3
       with:
         repository: emqx/tf-emqx-performance-test
         path: tf-emqx-performance-test
         ref: v0.2.3
-    - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
+    - uses: actions/download-artifact@v3
       with:
         name: emqx-ubuntu20.04
         path: tf-emqx-performance-test/
     - name: Setup Terraform
-      uses: hashicorp/setup-terraform@651471c36a6092792c552e8b1bef71e592b462d8 # v3.1.1
+      uses: hashicorp/setup-terraform@v2
       with:
         terraform_wrapper: false
     - name: run scenario
@@ -105,7 +102,7 @@ jobs:
         terraform destroy -auto-approve
         aws s3 sync --exclude '*' --include '*.tar.gz' s3://$TF_VAR_s3_bucket_name/$TF_VAR_bench_id .
     - name: Send notification to Slack
-      uses: slackapi/slack-github-action@70cd7be8e40a46e8b0eced40b0de447bdb42f68e # v1.26.0
+      uses: slackapi/slack-github-action@v1.24.0
       with:
         payload-file-path: "./tf-emqx-performance-test/slack-payload.json"
     - name: terraform destroy
@@ -113,13 +110,13 @@ jobs:
       working-directory: ./tf-emqx-performance-test
       run: |
         terraform destroy -auto-approve
-    - uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
+    - uses: actions/upload-artifact@v3
       if: success()
       with:
         name: metrics
         path: |
           "./tf-emqx-performance-test/*.tar.gz"
-    - uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
+    - uses: actions/upload-artifact@v3
       if: failure()
       with:
         name: terraform
@@ -137,23 +134,23 @@ jobs:
 
     steps:
     - name: Configure AWS Credentials
-      uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
+      uses: aws-actions/configure-aws-credentials@v2
       with:
         aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_PERF_TEST }}
         aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_PERF_TEST }}
         aws-region: eu-west-1
     - name: Checkout tf-emqx-performance-test
-      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      uses: actions/checkout@v3
       with:
         repository: emqx/tf-emqx-performance-test
         path: tf-emqx-performance-test
         ref: v0.2.3
-    - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
+    - uses: actions/download-artifact@v3
       with:
         name: emqx-ubuntu20.04
         path: tf-emqx-performance-test/
     - name: Setup Terraform
-      uses: hashicorp/setup-terraform@651471c36a6092792c552e8b1bef71e592b462d8 # v3.1.1
+      uses: hashicorp/setup-terraform@v2
       with:
         terraform_wrapper: false
     - name: run scenario
@@ -176,7 +173,7 @@ jobs:
         terraform destroy -auto-approve
         aws s3 sync --exclude '*' --include '*.tar.gz' s3://$TF_VAR_s3_bucket_name/$TF_VAR_bench_id .
     - name: Send notification to Slack
-      uses: slackapi/slack-github-action@70cd7be8e40a46e8b0eced40b0de447bdb42f68e # v1.26.0
+      uses: slackapi/slack-github-action@v1.24.0
       with:
         payload-file-path: "./tf-emqx-performance-test/slack-payload.json"
     - name: terraform destroy
@@ -184,13 +181,13 @@ jobs:
       working-directory: ./tf-emqx-performance-test
       run: |
         terraform destroy -auto-approve
-    - uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
+    - uses: actions/upload-artifact@v3
       if: success()
       with:
         name: metrics
         path: |
           "./tf-emqx-performance-test/*.tar.gz"
-    - uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
+    - uses: actions/upload-artifact@v3
       if: failure()
       with:
         name: terraform
@@ -209,23 +206,23 @@ jobs:
 
     steps:
     - name: Configure AWS Credentials
-      uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
+      uses: aws-actions/configure-aws-credentials@v2
       with:
         aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_PERF_TEST }}
         aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_PERF_TEST }}
         aws-region: eu-west-1
     - name: Checkout tf-emqx-performance-test
-      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      uses: actions/checkout@v3
       with:
         repository: emqx/tf-emqx-performance-test
         path: tf-emqx-performance-test
         ref: v0.2.3
-    - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
+    - uses: actions/download-artifact@v3
       with:
         name: emqx-ubuntu20.04
         path: tf-emqx-performance-test/
     - name: Setup Terraform
-      uses: hashicorp/setup-terraform@651471c36a6092792c552e8b1bef71e592b462d8 # v3.1.1
+      uses: hashicorp/setup-terraform@v2
       with:
         terraform_wrapper: false
     - name: run scenario
@@ -249,7 +246,7 @@ jobs:
         terraform destroy -auto-approve
         aws s3 sync --exclude '*' --include '*.tar.gz' s3://$TF_VAR_s3_bucket_name/$TF_VAR_bench_id .
     - name: Send notification to Slack
-      uses: slackapi/slack-github-action@70cd7be8e40a46e8b0eced40b0de447bdb42f68e # v1.26.0
+      uses: slackapi/slack-github-action@v1.24.0
       with:
         payload-file-path: "./tf-emqx-performance-test/slack-payload.json"
     - name: terraform destroy
@@ -257,13 +254,13 @@ jobs:
       working-directory: ./tf-emqx-performance-test
       run: |
         terraform destroy -auto-approve
-    - uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
+    - uses: actions/upload-artifact@v3
       if: success()
       with:
         name: metrics
         path: |
           "./tf-emqx-performance-test/*.tar.gz"
-    - uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
+    - uses: actions/upload-artifact@v3
       if: failure()
       with:
         name: terraform
@@ -283,23 +280,23 @@ jobs:
 
     steps:
     - name: Configure AWS Credentials
-      uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
+      uses: aws-actions/configure-aws-credentials@v2
       with:
         aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_PERF_TEST }}
         aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_PERF_TEST }}
         aws-region: eu-west-1
     - name: Checkout tf-emqx-performance-test
-      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      uses: actions/checkout@v3
       with:
         repository: emqx/tf-emqx-performance-test
         path: tf-emqx-performance-test
         ref: v0.2.3
-    - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
+    - uses: actions/download-artifact@v3
       with:
         name: emqx-ubuntu20.04
         path: tf-emqx-performance-test/
     - name: Setup Terraform
-      uses: hashicorp/setup-terraform@651471c36a6092792c552e8b1bef71e592b462d8 # v3.1.1
+      uses: hashicorp/setup-terraform@v2
       with:
         terraform_wrapper: false
     - name: run scenario
@@ -322,7 +319,7 @@ jobs:
         terraform destroy -auto-approve
         aws s3 sync --exclude '*' --include '*.tar.gz' s3://$TF_VAR_s3_bucket_name/$TF_VAR_bench_id .
     - name: Send notification to Slack
-      uses: slackapi/slack-github-action@70cd7be8e40a46e8b0eced40b0de447bdb42f68e # v1.26.0
+      uses: slackapi/slack-github-action@v1.24.0
       with:
         payload-file-path: "./tf-emqx-performance-test/slack-payload.json"
     - name: terraform destroy
@@ -330,13 +327,13 @@ jobs:
       working-directory: ./tf-emqx-performance-test
       run: |
         terraform destroy -auto-approve
-    - uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
+    - uses: actions/upload-artifact@v3
       if: success()
       with:
         name: metrics
         path: |
           "./tf-emqx-performance-test/*.tar.gz"
-    - uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
+    - uses: actions/upload-artifact@v3
       if: failure()
       with:
         name: terraform

.github/workflows/release.yaml

@@ -8,35 +8,23 @@ on:
       tag:
         type: string
         required: true
-      publish_release_artifacts:
+      publish_release_artefacts:
         type: boolean
         required: true
         default: false
 
-permissions:
-  contents: read
-
 jobs:
   upload:
     runs-on: ubuntu-22.04
-    permissions:
-      contents: write
-      checks: write
-      packages: write
-      actions: read
-      issues: read
-      pull-requests: read
-      repository-projects: read
-      statuses: read
     strategy:
       fail-fast: false
     steps:
-      - uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
+      - uses: aws-actions/configure-aws-credentials@v2
         with:
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           aws-region: ${{ secrets.AWS_DEFAULT_REGION }}
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@v3
         with:
           ref: ${{ github.event.inputs.tag }}
       - name: Detect profile
@@ -52,13 +40,11 @@ jobs:
             v*)
               echo "profile=emqx" >> $GITHUB_OUTPUT
               echo "version=$(./pkg-vsn.sh emqx)" >> $GITHUB_OUTPUT
-              echo "ref_name=v$(./pkg-vsn.sh emqx)" >> "$GITHUB_ENV"
               echo "s3dir=emqx-ce" >> $GITHUB_OUTPUT
               ;;
             e*)
               echo "profile=emqx-enterprise" >> $GITHUB_OUTPUT
               echo "version=$(./pkg-vsn.sh emqx-enterprise)" >> $GITHUB_OUTPUT
-              echo "ref_name=e$(./pkg-vsn.sh emqx-enterprise)" >> "$GITHUB_ENV"
               echo "s3dir=emqx-ee" >> $GITHUB_OUTPUT
               ;;
           esac
@@ -66,16 +52,14 @@ jobs:
         run: |
           BUCKET=${{ secrets.AWS_S3_BUCKET }}
           OUTPUT_DIR=${{ steps.profile.outputs.s3dir }}
-          aws s3 cp --recursive s3://$BUCKET/$OUTPUT_DIR/${{ env.ref_name }} packages
-      - uses: emqx/upload-assets@974befcf0e72a1811360a81c798855efb66b0551 # 0.5.2
+          aws s3 cp --recursive s3://$BUCKET/$OUTPUT_DIR/${{ github.ref_name }} packages
+      - uses: alexellis/upload-assets@0.4.0
         env:
           GITHUB_TOKEN: ${{ github.token }}
         with:
           asset_paths: '["packages/*"]'
-          tag_name: "${{ env.ref_name }}"
-          skip_existing: true
       - name: update to emqx.io
-        if: github.event_name == 'release' || inputs.publish_release_artifacts
+        if: startsWith(github.ref_name, 'v') && ((github.event_name == 'release' && !github.event.prerelease) || inputs.publish_release_artefacts)
         run: |
           set -eux
           curl -w %{http_code} \
@@ -83,10 +67,10 @@ jobs:
                -H "Content-Type: application/json" \
                -H "token: ${{ secrets.EMQX_IO_TOKEN }}" \
                -X POST \
-               -d "{\"repo\":\"emqx/emqx\", \"tag\": \"${{ env.ref_name }}\" }" \
+               -d "{\"repo\":\"emqx/emqx\", \"tag\": \"${{ github.ref_name }}\" }" \
                ${{ secrets.EMQX_IO_RELEASE_API }}
       - name: Push to packagecloud.io
-        if: (github.event_name == 'release' && !github.event.release.prerelease) || inputs.publish_release_artifacts
+        if: (github.event_name == 'release' && !github.event.prerelease) || inputs.publish_release_artefacts
         env:
           PROFILE: ${{ steps.profile.outputs.profile }}
           VERSION: ${{ steps.profile.outputs.version }}
@@ -106,12 +90,14 @@ jobs:
           push "debian/bullseye" "packages/$PROFILE-$VERSION-debian11-arm64.deb"
           push "debian/bookworm" "packages/$PROFILE-$VERSION-debian12-amd64.deb"
           push "debian/bookworm" "packages/$PROFILE-$VERSION-debian12-arm64.deb"
+          push "ubuntu/bionic" "packages/$PROFILE-$VERSION-ubuntu18.04-amd64.deb"
+          push "ubuntu/bionic" "packages/$PROFILE-$VERSION-ubuntu18.04-arm64.deb"
           push "ubuntu/focal" "packages/$PROFILE-$VERSION-ubuntu20.04-amd64.deb"
           push "ubuntu/focal" "packages/$PROFILE-$VERSION-ubuntu20.04-arm64.deb"
           push "ubuntu/jammy" "packages/$PROFILE-$VERSION-ubuntu22.04-amd64.deb"
           push "ubuntu/jammy" "packages/$PROFILE-$VERSION-ubuntu22.04-arm64.deb"
-          push "ubuntu/noble" "packages/$PROFILE-$VERSION-ubuntu24.04-amd64.deb"
-          push "ubuntu/noble" "packages/$PROFILE-$VERSION-ubuntu24.04-arm64.deb"
+          push "el/7" "packages/$PROFILE-$VERSION-el7-amd64.rpm"
+          push "el/7" "packages/$PROFILE-$VERSION-el7-arm64.rpm"
           push "el/8" "packages/$PROFILE-$VERSION-el8-amd64.rpm"
           push "el/8" "packages/$PROFILE-$VERSION-el8-arm64.rpm"
           push "el/9" "packages/$PROFILE-$VERSION-el9-amd64.rpm"
@@ -131,7 +117,7 @@ jobs:
       checks: write
       actions: write
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@v3
       - name: trigger re-run of app versions check on open PRs
         shell: bash
         env:

.github/workflows/run_conf_tests.yaml

@@ -7,17 +7,19 @@ concurrency:
 on:
   workflow_call:
     inputs:
+      runner_labels:
+        required: true
+        type: string
       builder:
         required: true
         type: string
 
-permissions:
-  contents: read
-
 jobs:
   run_conf_tests:
-    runs-on: ${{ endsWith(github.repository, '/emqx') && 'ubuntu-22.04' || fromJSON('["self-hosted","ephemeral","linux","x64"]') }}
+    runs-on: ${{ fromJSON(inputs.runner_labels) }}
     container: ${{ inputs.builder }}
+    env:
+      PROFILE: ${{ matrix.profile }}
     strategy:
       fail-fast: false
       matrix:
@@ -25,24 +27,22 @@ jobs:
           - emqx
           - emqx-enterprise
     steps:
-      - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
+      - uses: actions/download-artifact@v3
         with:
           name: ${{ matrix.profile }}
       - name: extract artifact
         run: |
           unzip -o -q ${{ matrix.profile }}.zip
           git config --global --add safe.directory "$GITHUB_WORKSPACE"
-      - run: cat .env | tee -a $GITHUB_ENV
-      - run: make ${{ matrix.profile }}
       - run: ./scripts/test/check-example-configs.sh
       - run: ./scripts/conf-test/run.sh
       - name: print erlang log
         if: failure()
         run: |
-          cat _build/${{ matrix.profile }}/rel/emqx/log/erlang.log.*
-      - uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
+          cat _build/${{ matrix.profile }}/rel/emqx/logs/erlang.log.*
+      - uses: actions/upload-artifact@v3
         if: failure()
         with:
-          name: conftest-logs-${{ matrix.profile }}
-          path: _build/${{ matrix.profile }}/rel/emqx/log
-          retention-days: 7
+          name: logs-${{ matrix.profile }}
+          path: _build/${{ matrix.profile }}/rel/emqx/logs
+

.github/workflows/run_docker_tests.yaml

@@ -6,13 +6,20 @@ concurrency:
 
 on:
   workflow_call:
-
-permissions:
-  contents: read
+    inputs:
+      runner_labels:
+        required: true
+        type: string
+      version-emqx:
+        required: true
+        type: string
+      version-emqx-enterprise:
+        required: true
+        type: string
 
 jobs:
   basic-tests:
-    runs-on: ${{ endsWith(github.repository, '/emqx') && 'ubuntu-22.04' || fromJSON('["self-hosted","ephemeral","linux","x64"]') }}
+    runs-on: ${{ fromJSON(inputs.runner_labels) }}
     defaults:
       run:
         shell: bash
@@ -25,24 +32,19 @@ jobs:
 
     env:
       EMQX_NAME: ${{ matrix.profile[0] }}
+      PKG_VSN: ${{ matrix.profile[0] == 'emqx-enterprise' && inputs.version-emqx-enterprise || inputs.version-emqx }}
       EMQX_IMAGE_OLD_VERSION_TAG: ${{ matrix.profile[1] }}
 
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-      - name: Set up environment
-        id: env
-        run: |
-          source env.sh
-          PKG_VSN=$(docker run --rm -v $(pwd):$(pwd) -w $(pwd) -u $(id -u) "$EMQX_BUILDER" ./pkg-vsn.sh "$EMQX_NAME")
-          echo "PKG_VSN=$PKG_VSN" >> "$GITHUB_ENV"
-      - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
+      - uses: actions/checkout@v3
+      - uses: actions/download-artifact@v3
         with:
           name: ${{ env.EMQX_NAME }}-docker
           path: /tmp
       - name: load docker image
         run: |
-          _EMQX_DOCKER_IMAGE_TAG=$(docker load < /tmp/${EMQX_NAME}-docker-${PKG_VSN}.tar.gz 2>/dev/null | sed 's/Loaded image: //g')
-          echo "_EMQX_DOCKER_IMAGE_TAG=$_EMQX_DOCKER_IMAGE_TAG" >> $GITHUB_ENV
+          EMQX_IMAGE_TAG=$(docker load < /tmp/${EMQX_NAME}-docker-${PKG_VSN}.tar.gz 2>/dev/null | sed 's/Loaded image: //g')
+          echo "EMQX_IMAGE_TAG=$EMQX_IMAGE_TAG" >> $GITHUB_ENV
       - name: dashboard tests
         working-directory: ./scripts/ui-tests
         run: |
@@ -50,11 +52,9 @@ jobs:
           docker compose up --abort-on-container-exit --exit-code-from selenium
       - name: test two nodes cluster with proto_dist=inet_tls in docker
         run: |
-          ## -d 1 means only put node 1 (latest version) behind haproxy
-          ./scripts/test/start-two-nodes-in-docker.sh -d 1 -P $_EMQX_DOCKER_IMAGE_TAG $EMQX_IMAGE_OLD_VERSION_TAG
+          ./scripts/test/start-two-nodes-in-docker.sh -P $EMQX_IMAGE_TAG $EMQX_IMAGE_OLD_VERSION_TAG
           HTTP_PORT=$(docker inspect --format='{{(index (index .NetworkSettings.Ports "18083/tcp") 0).HostPort}}' haproxy)
           ./scripts/test/emqx-smoke-test.sh localhost $HTTP_PORT
-          ## -c menas 'cleanup'
           ./scripts/test/start-two-nodes-in-docker.sh -c
       - name: cleanup
         if: always()
@@ -63,12 +63,14 @@ jobs:
           docker compose rm -fs
 
   paho-mqtt-testing:
-    runs-on: ${{ github.repository_owner == 'emqx' && fromJSON('["self-hosted","ephemeral","linux","x64"]') || 'ubuntu-22.04' }}
+    runs-on: ${{ fromJSON(inputs.runner_labels) }}
     defaults:
       run:
         shell: bash
     env:
       EMQX_NAME: ${{ matrix.profile }}
+      PKG_VSN: ${{ matrix.profile == 'emqx-enterprise' && inputs.version-emqx-enterprise || inputs.version-emqx }}
+      _EMQX_TEST_DB_BACKEND: ${{ matrix.cluster_db_backend }}
 
     strategy:
       fail-fast: false
@@ -77,20 +79,12 @@ jobs:
           - emqx
           - emqx-enterprise
           - emqx-elixir
+        cluster_db_backend:
+          - mnesia
+          - rlog
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-      - name: Set up environment
-        id: env
-        run: |
-          source env.sh
-          if [ "$EMQX_NAME" = "emqx-enterprise" ]; then
-            _EMQX_TEST_DB_BACKEND='rlog'
-          else
-            _EMQX_TEST_DB_BACKEND='mnesia'
-          fi
-          PKG_VSN=$(docker run --rm -v $(pwd):$(pwd) -w $(pwd) -u $(id -u) "$EMQX_BUILDER" ./pkg-vsn.sh "$EMQX_NAME")
-          echo "PKG_VSN=$PKG_VSN" >> "$GITHUB_ENV"
-      - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
+      - uses: actions/checkout@v3
+      - uses: actions/download-artifact@v3
         with:
           name: ${{ env.EMQX_NAME }}-docker
           path: /tmp
@@ -119,4 +113,4 @@ jobs:
       - name: test node_dump
         run: |
           docker exec -t -u root node1.emqx.io bash -c 'apt-get -y update && apt-get -y install net-tools'
-          docker exec -t -u root node1.emqx.io node_dump
+          docker exec node1.emqx.io node_dump

.github/workflows/run_emqx_app_tests.yaml

@@ -10,6 +10,9 @@ concurrency:
 on:
   workflow_call:
     inputs:
+      runner_labels:
+        required: true
+        type: string
       builder:
         required: true
         type: string
@@ -23,25 +26,20 @@ on:
 env:
   IS_CI: "yes"
 
-permissions:
-  contents: read
-
 jobs:
-  prepare_matrix:
-    runs-on: ${{ endsWith(github.repository, '/emqx') && 'ubuntu-22.04' || fromJSON('["self-hosted","ephemeral","linux","x64"]') }}
+  run_emqx_app_tests:
+    runs-on: ${{ fromJSON(inputs.runner_labels) }}
     container: ${{ inputs.builder }}
+
     defaults:
       run:
         shell: bash
-    outputs:
-      matrix: ${{ steps.matrix.outputs.matrix }}
-      skip: ${{ steps.matrix.outputs.skip }}
+
     steps:
-    - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+    - uses: actions/checkout@v3
       with:
         fetch-depth: 0
-    - name: prepare test matrix
-      id: matrix
+    - name: run
       env:
         BEFORE_REF: ${{ inputs.before_ref }}
         AFTER_REF: ${{ inputs.after_ref }}
@@ -50,54 +48,18 @@ jobs:
         changed_files="$(git diff --name-only ${BEFORE_REF} ${AFTER_REF} apps/emqx)"
         if [ "$changed_files" = '' ]; then
           echo "nothing changed in apps/emqx, ignored."
-          echo 'matrix=[]' | tee -a $GITHUB_OUTPUT
-          echo 'skip=true' | tee -a $GITHUB_OUTPUT
           exit 0
-        else
-          echo 'skip=false' | tee -a $GITHUB_OUTPUT
-          echo 'matrix=[{"type": "eunit_proper_and_static"},{"type": "1_3"},{"type": "2_3"},{"type": "3_3"}]' | tee -a $GITHUB_OUTPUT
         fi
-
-  run_emqx_app_tests:
-    if: needs.prepare_matrix.outputs.skip != 'true'
-    needs:
-      - prepare_matrix
-    runs-on: ${{ endsWith(github.repository, '/emqx') && 'ubuntu-22.04' || fromJSON('["self-hosted","ephemeral","linux","x64"]') }}
-    container: ${{ inputs.builder }}
-    strategy:
-      fail-fast: false
-      matrix:
-        include: ${{ fromJson(needs.prepare_matrix.outputs.matrix) }}
-    defaults:
-      run:
-        shell: bash
-    steps:
-    - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-      with:
-        fetch-depth: 0
-    - name: run
-      run: |
-        git config --global --add safe.directory "$GITHUB_WORKSPACE"
         make ensure-rebar3
         cp rebar3 apps/emqx/
         cd apps/emqx
-        if [[ ${{ matrix.type }} == "eunit_proper_and_static" ]]; then
-            ./rebar3 xref
-            ./rebar3 dialyzer
-            ./rebar3 eunit -v --name 'eunit@127.0.0.1'
-            ./rebar3 proper -d test/props
-        else
-            export SUITEGROUP=${{ matrix.type }}
-            SUITES=$(../../scripts/find-suites.sh apps/emqx | \
-                       sed -e 's|apps/emqx/test/||g' | \
-                       sed -Ee 's|,?apps/emqx/integration_test/.*||g' | \
-                       sed -e 's/\.erl//g')
-            echo "Suites: $SUITES"
-            ./rebar3 as standalone_test ct --name 'test@127.0.0.1' -v --readable=true --suite="$SUITES"
-        fi
-    - uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
+        ./rebar3 xref
+        ./rebar3 dialyzer
+        ./rebar3 eunit -v --name 'eunit@127.0.0.1'
+        ./rebar3 as standalone_test ct --name 'test@127.0.0.1' -v --readable=true
+        ./rebar3 proper -d test/props
+    - uses: actions/upload-artifact@v3
       if: failure()
       with:
-        name: logs-emqx-app-tests-${{ matrix.type }}
+        name: logs-emqx-app-tests
         path: apps/emqx/_build/test/logs
-        retention-days: 7

.github/workflows/run_helm_tests.yaml

@@ -6,18 +6,26 @@ concurrency:
 
 on:
   workflow_call:
-
-permissions:
-  contents: read
+    inputs:
+      runner_labels:
+        required: true
+        type: string
+      version-emqx:
+        required: true
+        type: string
+      version-emqx-enterprise:
+        required: true
+        type: string
 
 jobs:
   helm_test:
-    runs-on: ${{ github.repository_owner == 'emqx' && fromJSON('["self-hosted","ephemeral","linux","x64"]') || 'ubuntu-22.04' }}
+    runs-on: ${{ fromJSON(inputs.runner_labels) }}
     defaults:
       run:
         shell: bash
     env:
       EMQX_NAME: ${{ matrix.profile }}
+      EMQX_TAG: ${{ matrix.profile == 'emqx-enterprise' && inputs.version-emqx-enterprise || inputs.version-emqx }}
       REPOSITORY: "emqx/${{ matrix.profile }}"
 
     strategy:
@@ -34,17 +42,10 @@ jobs:
         - ssl1.3
         - ssl1.2
     steps:
-    - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+    - uses: actions/checkout@v3
       with:
         path: source
-    - name: Set up environment
-      id: env
-      run: |
-        cd source
-        source env.sh
-        PKG_VSN=$(docker run --rm -v $(pwd):$(pwd) -w $(pwd) -u $(id -u) "$EMQX_BUILDER" ./pkg-vsn.sh "$EMQX_NAME")
-        echo "EMQX_TAG=$PKG_VSN" >> "$GITHUB_ENV"
-    - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
+    - uses: actions/download-artifact@v3
       with:
         name: "${{ env.EMQX_NAME }}-docker"
         path: /tmp
@@ -105,7 +106,6 @@ jobs:
             --set emqxConfig.EMQX_MQTT__RETRY_INTERVAL=2s \
             --set emqxConfig.EMQX_MQTT__MAX_TOPIC_ALIAS=10 \
             --set emqxConfig.EMQX_AUTHORIZATION__SOURCES=[] \
-            --set emqxConfig.EMQX_LOG__CONSOLE__LEVEL=debug \
             --set emqxConfig.EMQX_AUTHORIZATION__NO_MATCH=allow \
             --values rpc-overrides.yaml \
             deploy/charts/${EMQX_NAME} \
@@ -125,11 +125,9 @@ jobs:
             --set emqxConfig.EMQX_MQTT__RETRY_INTERVAL=2s \
             --set emqxConfig.EMQX_MQTT__MAX_TOPIC_ALIAS=10 \
             --set emqxConfig.EMQX_AUTHORIZATION__SOURCES=[] \
-            --set emqxConfig.EMQX_LOG__CONSOLE__LEVEL=debug \
             --set emqxConfig.EMQX_AUTHORIZATION__NO_MATCH=allow \
             --values rpc-overrides.yaml \
             deploy/charts/${EMQX_NAME} \
-            --wait \
             --debug
     - name: waiting emqx started
       timeout-minutes: 5
@@ -142,13 +140,12 @@ jobs:
           echo "waiting emqx started";
           sleep 10;
         done
-    - name: Setup 18083 port forwarding
-      run: |
-        nohup kubectl port-forward service/${EMQX_NAME} 18083:18083 > /dev/null &
-    - name: Get auth token
+    - name: Get Token
       run: |
+        kubectl port-forward service/${EMQX_NAME} 18083:18083 > /dev/null &
         curl --head -X GET --retry 10 --retry-connrefused --retry-delay 6 http://localhost:18083/status
         echo "TOKEN=$(curl --silent -X 'POST' 'http://127.0.0.1:18083/api/v5/login' -H 'accept: application/json' -H 'Content-Type: application/json' -d '{"username": "admin","password": "public"}' | jq -r ".token")" >> $GITHUB_ENV
+
     - name: Check cluster
       timeout-minutes: 1
       run: |
@@ -156,22 +153,17 @@ jobs:
           nodes_length="$(curl --silent -H "Authorization: Bearer $TOKEN" -X GET http://127.0.0.1:18083/api/v5/cluster| jq '.nodes|length')"
           [ $nodes_length != "3" ]
         do
-          if [ $nodes_length -eq 0 ]; then
-            echo "node len must >= 1, refresh Token... "
-            TOKEN=$(curl --silent -X 'POST' 'http://127.0.0.1:18083/api/v5/login' -H 'accept: application/json' -H 'Content-Type: application/json' -d '{"username": "admin","password": "public"}' | jq -r ".token")
-          else
-            echo "waiting ${EMQX_NAME} cluster scale. Current live nodes: $nodes_length."
-          fi
-          sleep 1;
+          echo "waiting ${EMQX_NAME} cluster scale. Current live nodes: $nodes_length."
+          sleep 1
         done
-    - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+    - uses: actions/checkout@v3
       with:
         repository: emqx/paho.mqtt.testing
         ref: develop-5.0
         path: paho.mqtt.testing
     - name: install pytest
       run: |
-        pip install --require-hashes -r source/.ci/docker-compose-file/python/requirements.txt
+        pip install pytest==7.1.2 pytest-retry==1.3.0
         echo "$HOME/.local/bin" >> $GITHUB_PATH
     - name: run paho test
       timeout-minutes: 10

.github/workflows/run_jmeter_tests.yaml

@@ -2,17 +2,21 @@ name: JMeter integration tests
 
 on:
   workflow_call:
-
-permissions:
-  contents: read
+    inputs:
+      runner_labels:
+        required: true
+        type: string
+      version-emqx:
+        required: true
+        type: string
 
 jobs:
   jmeter_artifact:
-    runs-on: ${{ endsWith(github.repository, '/emqx') && 'ubuntu-22.04' || fromJSON('["self-hosted","ephemeral","linux","x64"]') }}
+    runs-on: ${{ fromJSON(inputs.runner_labels) }}
     steps:
     - name: Cache Jmeter
       id: cache-jmeter
-      uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+      uses: actions/cache@v3
       with:
         path: /tmp/apache-jmeter.tgz
         key: apache-jmeter-5.4.3.tgz
@@ -31,14 +35,13 @@ jobs:
         else
           wget --no-verbose --no-check-certificate -O /tmp/apache-jmeter.tgz $ARCHIVE_URL
         fi
-    - uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
+    - uses: actions/upload-artifact@v3
       with:
         name: apache-jmeter.tgz
         path: /tmp/apache-jmeter.tgz
-        retention-days: 3
 
   advanced_feat:
-    runs-on: ${{ github.repository_owner == 'emqx' && fromJSON('["self-hosted","ephemeral","linux","x64"]') || 'ubuntu-22.04' }}
+    runs-on: ${{ fromJSON(inputs.runner_labels) }}
 
     strategy:
       fail-fast: false
@@ -51,23 +54,10 @@ jobs:
 
     needs: jmeter_artifact
     steps:
-    - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-    - name: Set up environment
-      id: env
-      run: |
-        source env.sh
-        PKG_VSN=$(docker run --rm -v $(pwd):$(pwd) -w $(pwd) -u $(id -u) "$EMQX_BUILDER" ./pkg-vsn.sh emqx)
-        echo "PKG_VSN=$PKG_VSN" >> "$GITHUB_ENV"
-    - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
-      with:
-        name: emqx-docker
-        path: /tmp
-    - name: load docker image
-      shell: bash
-      run: |
-        EMQX_DOCKER_IMAGE_TAG=$(docker load < /tmp/emqx-docker-${PKG_VSN}.tar.gz | sed 's/Loaded image: //g')
-        echo "_EMQX_DOCKER_IMAGE_TAG=$EMQX_DOCKER_IMAGE_TAG" >> $GITHUB_ENV
+    - uses: actions/checkout@v3
     - uses: ./.github/actions/prepare-jmeter
+      with:
+        version-emqx: ${{ inputs.version-emqx }}
     - name: docker compose up
       timeout-minutes: 5
       run: |
@@ -95,15 +85,14 @@ jobs:
           echo "check logs failed"
           exit 1
         fi
-    - uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
+    - uses: actions/upload-artifact@v3
       if: always()
       with:
-        name: jmeter_logs-advanced_feat-${{ matrix.scripts_type }}
+        name: jmeter_logs
         path: ./jmeter_logs
-        retention-days: 3
 
   pgsql_authn_authz:
-    runs-on: ${{ github.repository_owner == 'emqx' && fromJSON('["self-hosted","ephemeral","linux","x64"]') || 'ubuntu-22.04' }}
+    runs-on: ${{ fromJSON(inputs.runner_labels) }}
 
     strategy:
       fail-fast: false
@@ -120,23 +109,10 @@ jobs:
 
     needs: jmeter_artifact
     steps:
-    - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-    - name: Set up environment
-      id: env
-      run: |
-        source env.sh
-        PKG_VSN=$(docker run --rm -v $(pwd):$(pwd) -w $(pwd) -u $(id -u) "$EMQX_BUILDER" ./pkg-vsn.sh emqx)
-        echo "PKG_VSN=$PKG_VSN" >> "$GITHUB_ENV"
-    - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
-      with:
-        name: emqx-docker
-        path: /tmp
-    - name: load docker image
-      shell: bash
-      run: |
-        EMQX_DOCKER_IMAGE_TAG=$(docker load < /tmp/emqx-docker-${PKG_VSN}.tar.gz | sed 's/Loaded image: //g')
-        echo "_EMQX_DOCKER_IMAGE_TAG=$EMQX_DOCKER_IMAGE_TAG" >> $GITHUB_ENV
+    - uses: actions/checkout@v3
     - uses: ./.github/actions/prepare-jmeter
+      with:
+        version-emqx: ${{ inputs.version-emqx }}
     - name: docker compose up
       timeout-minutes: 5
       env:
@@ -175,15 +151,14 @@ jobs:
       if: failure()
       run: |
         docker compose -f .ci/docker-compose-file/docker-compose-emqx-cluster.yaml logs --no-color > ./jmeter_logs/emqx.log
-    - uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
+    - uses: actions/upload-artifact@v3
       if: always()
       with:
-        name: jmeter_logs-pgsql_authn_authz-${{ matrix.scripts_type }}_${{ matrix.pgsql_tag }}
+        name: jmeter_logs
         path: ./jmeter_logs
-        retention-days: 3
 
   mysql_authn_authz:
-    runs-on: ${{ github.repository_owner == 'emqx' && fromJSON('["self-hosted","ephemeral","linux","x64"]') || 'ubuntu-22.04' }}
+    runs-on: ${{ fromJSON(inputs.runner_labels) }}
 
     strategy:
       fail-fast: false
@@ -197,23 +172,10 @@ jobs:
 
     needs: jmeter_artifact
     steps:
-    - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-    - name: Set up environment
-      id: env
-      run: |
-        source env.sh
-        PKG_VSN=$(docker run --rm -v $(pwd):$(pwd) -w $(pwd) -u $(id -u) "$EMQX_BUILDER" ./pkg-vsn.sh emqx)
-        echo "PKG_VSN=$PKG_VSN" >> "$GITHUB_ENV"
-    - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
-      with:
-        name: emqx-docker
-        path: /tmp
-    - name: load docker image
-      shell: bash
-      run: |
-        EMQX_DOCKER_IMAGE_TAG=$(docker load < /tmp/emqx-docker-${PKG_VSN}.tar.gz | sed 's/Loaded image: //g')
-        echo "_EMQX_DOCKER_IMAGE_TAG=$EMQX_DOCKER_IMAGE_TAG" >> $GITHUB_ENV
+    - uses: actions/checkout@v3
     - uses: ./.github/actions/prepare-jmeter
+      with:
+        version-emqx: ${{ inputs.version-emqx }}
     - name: docker compose up
       timeout-minutes: 5
       env:
@@ -248,15 +210,14 @@ jobs:
           echo "check logs failed"
           exit 1
         fi
-    - uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
+    - uses: actions/upload-artifact@v3
       if: always()
       with:
-        name: jmeter_logs-mysql_authn_authz-${{ matrix.scripts_type }}_${{ matrix.mysql_tag }}
+        name: jmeter_logs
         path: ./jmeter_logs
-        retention-days: 3
 
   JWT_authn:
-    runs-on: ${{ github.repository_owner == 'emqx' && fromJSON('["self-hosted","ephemeral","linux","x64"]') || 'ubuntu-22.04' }}
+    runs-on: ${{ fromJSON(inputs.runner_labels) }}
 
     strategy:
       fail-fast: false
@@ -266,23 +227,10 @@ jobs:
 
     needs: jmeter_artifact
     steps:
-    - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-    - name: Set up environment
-      id: env
-      run: |
-        source env.sh
-        PKG_VSN=$(docker run --rm -v $(pwd):$(pwd) -w $(pwd) -u $(id -u) "$EMQX_BUILDER" ./pkg-vsn.sh emqx)
-        echo "PKG_VSN=$PKG_VSN" >> "$GITHUB_ENV"
-    - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
-      with:
-        name: emqx-docker
-        path: /tmp
-    - name: load docker image
-      shell: bash
-      run: |
-        EMQX_DOCKER_IMAGE_TAG=$(docker load < /tmp/emqx-docker-${PKG_VSN}.tar.gz | sed 's/Loaded image: //g')
-        echo "_EMQX_DOCKER_IMAGE_TAG=$EMQX_DOCKER_IMAGE_TAG" >> $GITHUB_ENV
+    - uses: actions/checkout@v3
     - uses: ./.github/actions/prepare-jmeter
+      with:
+        version-emqx: ${{ inputs.version-emqx }}
     - name: docker compose up
       timeout-minutes: 5
       run: |
@@ -313,15 +261,14 @@ jobs:
           echo "check logs failed"
           exit 1
         fi
-    - uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
+    - uses: actions/upload-artifact@v3
       if: always()
       with:
-        name: jmeter_logs-JWT_authn-${{ matrix.scripts_type }}
+        name: jmeter_logs
         path: ./jmeter_logs
-        retention-days: 3
 
   built_in_database_authn_authz:
-    runs-on: ${{ github.repository_owner == 'emqx' && fromJSON('["self-hosted","ephemeral","linux","x64"]') || 'ubuntu-22.04' }}
+    runs-on: ${{ fromJSON(inputs.runner_labels) }}
 
     strategy:
       fail-fast: false
@@ -332,23 +279,10 @@ jobs:
 
     needs: jmeter_artifact
     steps:
-    - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-    - name: Set up environment
-      id: env
-      run: |
-        source env.sh
-        PKG_VSN=$(docker run --rm -v $(pwd):$(pwd) -w $(pwd) -u $(id -u) "$EMQX_BUILDER" ./pkg-vsn.sh emqx)
-        echo "PKG_VSN=$PKG_VSN" >> "$GITHUB_ENV"
-    - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
-      with:
-        name: emqx-docker
-        path: /tmp
-    - name: load docker image
-      shell: bash
-      run: |
-        EMQX_DOCKER_IMAGE_TAG=$(docker load < /tmp/emqx-docker-${PKG_VSN}.tar.gz | sed 's/Loaded image: //g')
-        echo "_EMQX_DOCKER_IMAGE_TAG=$EMQX_DOCKER_IMAGE_TAG" >> $GITHUB_ENV
+    - uses: actions/checkout@v3
     - uses: ./.github/actions/prepare-jmeter
+      with:
+        version-emqx: ${{ inputs.version-emqx }}
     - name: docker compose up
       timeout-minutes: 5
       run: |
@@ -370,9 +304,8 @@ jobs:
           echo "check logs failed"
           exit 1
         fi
-    - uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
+    - uses: actions/upload-artifact@v3
       if: always()
       with:
-        name: jmeter_logs-built_in_database_authn_authz-${{ matrix.scripts_type }}
+        name: jmeter_logs
         path: ./jmeter_logs
-        retention-days: 3

.github/workflows/run_relup_tests.yaml

@@ -7,16 +7,16 @@ concurrency:
 on:
   workflow_call:
     inputs:
+      runner:
+        required: true
+        type: string
       builder:
         required: true
         type: string
 
-permissions:
-  contents: read
-
 jobs:
   relup_test_plan:
-    runs-on: ${{ endsWith(github.repository, '/emqx') && 'ubuntu-22.04' || fromJSON('["self-hosted","ephemeral","linux","x64"]') }}
+    runs-on: ["${{ inputs.runner }}", 'linux', 'x64', 'ephemeral']
     container: ${{ inputs.builder }}
     outputs:
       CUR_EE_VSN: ${{ steps.find-versions.outputs.CUR_EE_VSN }}
@@ -25,7 +25,7 @@ jobs:
       run:
         shell: bash
     steps:
-    - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
+    - uses: actions/download-artifact@v3
       with:
         name: emqx-enterprise
     - name: extract artifact
@@ -45,22 +45,21 @@ jobs:
       run: |
         export PROFILE='emqx-enterprise'
         make emqx-enterprise-tgz
-    - uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
+    - uses: actions/upload-artifact@v3
       name: Upload built emqx and test scenario
       with:
-        name: relup_tests_emqx_built
+        name: emqx_built
         path: |
           _upgrade_base
           _packages
           scripts
           .ci
-        retention-days: 7
 
   relup_test_run:
     needs:
       - relup_test_plan
     if: needs.relup_test_plan.outputs.OLD_VERSIONS != '[]'
-    runs-on: ${{ endsWith(github.repository, '/emqx') && 'ubuntu-22.04' || fromJSON('["self-hosted","ephemeral","linux","x64"]') }}
+    runs-on: ["${{ inputs.runner }}", 'linux', 'x64', 'ephemeral']
     strategy:
       fail-fast: false
       matrix:
@@ -72,10 +71,10 @@ jobs:
       run:
         shell: bash
     steps:
-    - uses: erlef/setup-beam@b9c58b0450cd832ccdb3c17cc156a47065d2114f # v1.18.1
+    - uses: erlef/setup-beam@v1.16.0
       with:
-        otp-version: 26.2.5
-    - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        otp-version: 25.3.2
+    - uses: actions/checkout@v3
       with:
         repository: hawk/lux
         ref: lux-2.8.1
@@ -88,10 +87,10 @@ jobs:
         ./configure
         make
         echo "$(pwd)/bin" >> $GITHUB_PATH
-    - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
+    - uses: actions/download-artifact@v3
       name: Download built emqx and test scenario
       with:
-        name: relup_tests_emqx_built
+        name: emqx_built
         path: .
     - name: run relup test
       run: |
@@ -111,11 +110,10 @@ jobs:
           docker logs node2.emqx.io | tee lux_logs/emqx2.log
           exit 1
         fi
-    - uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
+    - uses: actions/upload-artifact@v3
       name: Save debug data
       if: failure()
       with:
-        name: relup_test_run_debug_data
+        name: debug_data
         path: |
           lux_logs
-        retention-days: 3

.github/workflows/run_test_cases.yaml

@@ -7,6 +7,9 @@ concurrency:
 on:
   workflow_call:
     inputs:
+      runner_labels:
+        required: true
+        type: string
       builder:
         required: true
         type: string
@@ -25,7 +28,7 @@ env:
 
 jobs:
   eunit_and_proper:
-    runs-on: ${{ github.repository_owner == 'emqx' && fromJSON('["self-hosted","ephemeral","linux","x64"]') || 'ubuntu-22.04' }}
+    runs-on: ${{ fromJSON(inputs.runner_labels) }}
     name: "eunit_and_proper (${{ matrix.profile }})"
     strategy:
       fail-fast: false
@@ -35,44 +38,37 @@ jobs:
     defaults:
       run:
         shell: bash
-    container: ${{ inputs.builder }}
-
-    env:
-      PROFILE: ${{ matrix.profile }}
-      ENABLE_COVER_COMPILE: 1
-      CT_COVER_EXPORT_PREFIX: ${{ matrix.profile }}
-
-    permissions:
-      contents: read
+    container: "ghcr.io/emqx/emqx-builder/${{ matrix.builder }}:${{ matrix.elixir }}-${{ matrix.otp }}-ubuntu22.04"
 
     steps:
-      - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
+      - uses: actions/download-artifact@v3
         with:
           name: ${{ matrix.profile }}
-
       - name: extract artifact
         run: |
           unzip -o -q ${{ matrix.profile }}.zip
           git config --global --add safe.directory "$GITHUB_WORKSPACE"
         # produces eunit.coverdata
-      - run: make eunit
+      - name: eunit
+        env:
+          PROFILE: ${{ matrix.profile }}
+          CT_COVER_EXPORT_PREFIX: ${{ matrix.profile }}-${{ matrix.otp }}
+        run: make eunit
 
         # produces proper.coverdata
-      - run: make proper
-
-      - run: make cover
-
-      - name: send to coveralls
-        if: github.repository == 'emqx/emqx'
+      - name: proper
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: make coveralls
+          PROFILE: ${{ matrix.profile }}
+          CT_COVER_EXPORT_PREFIX: ${{ matrix.profile }}-${{ matrix.otp }}
+        run: make proper
 
-      - run: cat rebar3.crashdump
-        if: failure()
+      - uses: actions/upload-artifact@v3
+        with:
+          name: coverdata
+          path: _build/test/cover
 
   ct_docker:
-    runs-on: ${{ github.repository_owner == 'emqx' && fromJSON('["self-hosted","ephemeral","linux","x64"]') || 'ubuntu-22.04' }}
+    runs-on: ${{ fromJSON(inputs.runner_labels) }}
     name: "${{ matrix.app }}-${{ matrix.suitegroup }} (${{ matrix.profile }})"
     strategy:
       fail-fast: false
@@ -83,88 +79,8 @@ jobs:
       run:
         shell: bash
 
-    env:
-      PROFILE: ${{ matrix.profile }}
-
-    permissions:
-      contents: read
-
     steps:
-      - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
-        with:
-          name: ${{ matrix.profile }}
-      - name: extract artifact
-        run: |
-          unzip -o -q ${{ matrix.profile }}.zip
-
-        # produces $PROFILE-<app-name>-<otp-vsn>-sg<suitegroup>.coverdata
-      - name: run common tests
-        env:
-          DOCKER_CT_RUNNER_IMAGE: ${{ inputs.builder }}
-          MONGO_TAG: "5"
-          MYSQL_TAG: "8"
-          PGSQL_TAG: "13"
-          REDIS_TAG: "7.0"
-          INFLUXDB_TAG: "2.5.0"
-          TDENGINE_TAG: "3.0.2.4"
-          OPENTS_TAG: "9aa7f88"
-          MINIO_TAG: "RELEASE.2023-03-20T20-16-18Z"
-          SUITEGROUP: ${{ matrix.suitegroup }}
-          ENABLE_COVER_COMPILE: 1
-          CT_COVER_EXPORT_PREFIX: ${{ matrix.profile }}-sg${{ matrix.suitegroup }}
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: ./scripts/ct/run.sh --ci --app ${{ matrix.app }} --keep-up
-
-      - name: make cover
-        run: |
-          docker exec -e PROFILE="$PROFILE" -t erlang make cover
-
-      - name: send to coveralls
-        if: github.repository == 'emqx/emqx'
-        run: |
-          ls _build/test/cover/*.coverdata || exit 0
-          docker exec -e PROFILE="$PROFILE" -t erlang make coveralls
-
-      - name: rebar3.crashdump
-        if: failure()
-        run: cat rebar3.crashdump
-
-      - name: compress logs
-        if: failure()
-        run: tar -czf logs.tar.gz _build/test/logs
-
-      - uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
-        if: failure()
-        with:
-          name: logs-${{ matrix.profile }}-${{ matrix.prefix }}-sg${{ matrix.suitegroup }}
-          path: logs.tar.gz
-          compression-level: 0
-          retention-days: 7
-
-  ct:
-    runs-on: ${{ github.repository_owner == 'emqx' && fromJSON('["self-hosted","ephemeral","linux","x64"]') || 'ubuntu-22.04' }}
-    name: "${{ matrix.app }}-${{ matrix.suitegroup }} (${{ matrix.profile }})"
-    strategy:
-      fail-fast: false
-      matrix:
-        include: ${{ fromJson(inputs.ct-host) }}
-
-    container: ${{ inputs.builder }}
-    defaults:
-      run:
-        shell: bash
-
-    permissions:
-      contents: read
-
-    env:
-      PROFILE: ${{ matrix.profile }}
-      SUITEGROUP: ${{ matrix.suitegroup }}
-      ENABLE_COVER_COMPILE: 1
-      CT_COVER_EXPORT_PREFIX: ${{ matrix.profile }}-sg${{ matrix.suitegroup }}
-
-    steps:
-      - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
+      - uses: actions/download-artifact@v3
         with:
           name: ${{ matrix.profile }}
       - name: extract artifact
@@ -174,53 +90,139 @@ jobs:
 
         # produces $PROFILE-<app-name>-<otp-vsn>-sg<suitegroup>.coverdata
       - name: run common tests
-        run: make "${{ matrix.app }}-ct"
-
-      - run: make cover
-
-      - name: send to coveralls
-        if: github.repository == 'emqx/emqx'
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          ls _build/test/cover/*.coverdata || exit 0
-          make coveralls
-
-      - run: cat rebar3.crashdump
-        if: failure()
-
+          DOCKER_CT_RUNNER_IMAGE: "ghcr.io/emqx/emqx-builder/${{ matrix.builder }}:${{ matrix.elixir }}-${{ matrix.otp }}-ubuntu22.04"
+          MONGO_TAG: "5"
+          MYSQL_TAG: "8"
+          PGSQL_TAG: "13"
+          REDIS_TAG: "7.0"
+          INFLUXDB_TAG: "2.5.0"
+          TDENGINE_TAG: "3.0.2.4"
+          OPENTS_TAG: "9aa7f88"
+          MINIO_TAG: "RELEASE.2023-03-20T20-16-18Z"
+          PROFILE: ${{ matrix.profile }}
+          SUITEGROUP: ${{ matrix.suitegroup }}
+          CT_COVER_EXPORT_PREFIX: ${{ matrix.profile }}-${{ matrix.otp }}-sg${{ matrix.suitegroup }}
+        run: ./scripts/ct/run.sh --ci --app ${{ matrix.app }}
+      - uses: actions/upload-artifact@v3
+        with:
+          name: coverdata
+          path: _build/test/cover
       - name: compress logs
         if: failure()
         run: tar -czf logs.tar.gz _build/test/logs
-
-      - uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
+      - uses: actions/upload-artifact@v3
         if: failure()
         with:
-          name: logs-${{ matrix.profile }}-${{ matrix.prefix }}-sg${{ matrix.suitegroup }}
+          name: logs-${{ matrix.profile }}-${{ matrix.prefix }}-${{ matrix.otp }}-sg${{ matrix.suitegroup }}
+          path: logs.tar.gz
+
+  ct:
+    runs-on: ${{ fromJSON(inputs.runner_labels) }}
+    name: "${{ matrix.app }}-${{ matrix.suitegroup }} (${{ matrix.profile }})"
+    strategy:
+      fail-fast: false
+      matrix:
+        include: ${{ fromJson(inputs.ct-host) }}
+
+    container: "ghcr.io/emqx/emqx-builder/${{ matrix.builder }}:${{ matrix.elixir }}-${{ matrix.otp }}-ubuntu22.04"
+    defaults:
+      run:
+        shell: bash
+
+    steps:
+      - uses: actions/download-artifact@v3
+        with:
+          name: ${{ matrix.profile }}
+      - name: extract artifact
+        run: |
+          unzip -o -q ${{ matrix.profile }}.zip
+          git config --global --add safe.directory "$GITHUB_WORKSPACE"
+
+        # produces $PROFILE-<app-name>-<otp-vsn>-sg<suitegroup>.coverdata
+      - name: run common tests
+        env:
+          PROFILE: ${{ matrix.profile }}
+          SUITEGROUP: ${{ matrix.suitegroup }}
+          CT_COVER_EXPORT_PREFIX: ${{ matrix.profile }}-${{ matrix.otp }}-sg${{ matrix.suitegroup }}
+        run: |
+          make "${{ matrix.app }}-ct"
+      - uses: actions/upload-artifact@v3
+        with:
+          name: coverdata
+          path: _build/test/cover
+          if-no-files-found: warn # do not fail if no coverdata found
+      - name: compress logs
+        if: failure()
+        run: tar -czf logs.tar.gz _build/test/logs
+      - uses: actions/upload-artifact@v3
+        if: failure()
+        with:
+          name: logs-${{ matrix.profile }}-${{ matrix.prefix }}-${{ matrix.otp }}-sg${{ matrix.suitegroup }}
           path: logs.tar.gz
-          compression-level: 0
-          retention-days: 7
 
   tests_passed:
     needs:
       - eunit_and_proper
       - ct
       - ct_docker
-    runs-on: ubuntu-22.04
+    runs-on: ${{ fromJSON(inputs.runner_labels) }}
     strategy:
       fail-fast: false
-
-    permissions:
-      pull-requests: write
-
     steps:
-      - name: Coveralls finished
-        if: github.repository == 'emqx/emqx'
-        uses: coverallsapp/github-action@643bc377ffa44ace6394b2b5d0d3950076de9f63 # v2.3.0
-        with:
-          parallel-finished: true
-          git-branch: ${{ github.ref }}
-          git-commit: ${{ github.sha }}
-
       - run: echo "All tests passed"
-          
+
+  make_cover:
+    needs:
+      - eunit_and_proper
+      - ct
+      - ct_docker
+    runs-on: ${{ fromJSON(inputs.runner_labels) }}
+    container: ${{ inputs.builder }}
+    strategy:
+      fail-fast: false
+      matrix:
+        profile:
+          - emqx-enterprise
+    steps:
+      - uses: actions/download-artifact@v3
+        with:
+          name: ${{ matrix.profile }}
+      - name: extract artifact
+        run: |
+          unzip -o -q ${{ matrix.profile }}.zip
+          git config --global --add safe.directory "$GITHUB_WORKSPACE"
+
+      - uses: actions/download-artifact@v3
+        name: download coverdata
+        with:
+          name: coverdata
+          path: _build/test/cover
+
+      - name: make cover
+        env:
+          PROFILE: emqx-enterprise
+        run: make cover
+
+      - name: send to coveralls
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          PROFILE: emqx-enterprise
+        run: make coveralls
+
+      - name: get coveralls logs
+        if: failure()
+        run: cat rebar3.crashdump
+
+  # do this in a separate job
+  upload_coverdata:
+    needs: make_cover
+    runs-on: ${{ fromJSON(inputs.runner_labels) }}
+    steps:
+      - name: Coveralls Finished
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          curl -v -k https://coveralls.io/webhook \
+               --header "Content-Type: application/json" \
+               --data "{\"repo_name\":\"$GITHUB_REPOSITORY\",\"repo_token\":\"$GITHUB_TOKEN\",\"payload\":{\"build_num\":$GITHUB_RUN_ID,\"status\":\"done\"}}" || true

.github/workflows/scorecard.yaml

@@ -1,53 +0,0 @@
-name: Scorecard supply-chain security
-on:
-  # For Branch-Protection check. Only the default branch is supported. See
-  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
-  branch_protection_rule:
-  # To guarantee Maintained check is occasionally updated. See
-  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
-  schedule:
-    - cron: '25 21 * * 6'
-  push:
-    branches:
-      - master
-  workflow_dispatch:
-
-permissions: read-all
-
-jobs:
-  analysis:
-    if: github.repository == 'emqx/emqx'
-    name: Scorecard analysis
-    runs-on: ubuntu-22.04
-    permissions:
-      security-events: write
-      id-token: write
-
-    steps:
-      - name: "Checkout code"
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-        with:
-          persist-credentials: false
-
-      - name: "Run analysis"
-        uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
-        with:
-          results_file: results.sarif
-          results_format: sarif
-          # - Publish results to OpenSSF REST API for easy access by consumers
-          # - Allows the repository to include the Scorecard badge.
-          # - See https://github.com/ossf/scorecard-action#publishing-results.
-          publish_results: true
-
-      - name: "Upload artifact"
-        uses: actions/upload-artifact@89ef406dd8d7e03cfd12d9e0a4a378f454709029 # v4.3.5
-        with:
-          name: SARIF file
-          path: results.sarif
-          retention-days: 5
-
-      # Upload the results to GitHub's code scanning dashboard.
-      - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@7e187e1c529d80bac7b87a16e7a792427f65cf02 # v2.22.1
-        with:
-          sarif_file: results.sarif

.github/workflows/spellcheck.yaml

@@ -6,9 +6,10 @@ concurrency:
 
 on:
   workflow_call:
-
-permissions:
-  contents: read
+    inputs:
+      runner_labels:
+        required: true
+        type: string
 
 jobs:
   spellcheck:
@@ -17,12 +18,12 @@ jobs:
         profile:
         - emqx
         - emqx-enterprise
-    runs-on: ${{ endsWith(github.repository, '/emqx') && 'ubuntu-22.04' || fromJSON('["self-hosted","ephemeral","linux","x64"]') }}
+    runs-on: ${{ fromJSON(inputs.runner_labels) }}
     steps:
-      - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
+      - uses: actions/download-artifact@v3
         with:
-          pattern: "${{ matrix.profile }}-schema-dump-*-x64"
-          merge-multiple: true
+          name: "${{ matrix.profile }}_schema_dump"
+          path: /tmp/
       - name: Run spellcheck
         run: |
-          bash scripts/spellcheck/spellcheck.sh _build/docgen/${{ matrix.profile }}/schema-en.json
+          bash /tmp/scripts/spellcheck/spellcheck.sh /tmp/_build/docgen/${{ matrix.profile }}/schema-en.json

.github/workflows/stale.yaml

@@ -8,20 +8,17 @@ on:
     - cron: "0 * * * *"
   workflow_dispatch:
 
-permissions:
-  contents: read
-
 jobs:
   stale:
-    if: github.repository == 'emqx/emqx'
-    runs-on: ubuntu-22.04
+    if: github.repository_owner == 'emqx'
+    runs-on: ['self-hosted', 'linux', 'x64', 'ephemeral']
     permissions:
       issues: write
       pull-requests: none
 
     steps:
       - name: Close Stale Issues
-        uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e # v9.0.0
+        uses: actions/stale@v6
         with:
           days-before-stale: 7
           days-before-close: 7

.github/workflows/static_checks.yaml

@@ -7,6 +7,9 @@ concurrency:
 on:
   workflow_call:
     inputs:
+      runner_labels:
+        required: true
+        type: string
       builder:
         required: true
         type: string
@@ -17,32 +20,30 @@ on:
 env:
   IS_CI: "yes"
 
-permissions:
-  contents: read
-
 jobs:
   static_checks:
-    runs-on: ${{ github.repository_owner == 'emqx' && fromJSON('["self-hosted","ephemeral","linux","x64"]') || 'ubuntu-22.04' }}
+    runs-on: ${{ fromJSON(inputs.runner_labels) }}
     name: "static_checks (${{ matrix.profile }})"
     strategy:
       fail-fast: false
       matrix:
         include: ${{ fromJson(inputs.ct-matrix) }}
-    container: "${{ inputs.builder }}"
+    container: "ghcr.io/emqx/emqx-builder/${{ matrix.builder }}:${{ matrix.elixir }}-${{ matrix.otp }}-ubuntu22.04"
     steps:
-      - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
+      - uses: actions/download-artifact@v3
         with:
           name: ${{ matrix.profile }}
       - name: extract artifact
         run: |
           unzip -o -q ${{ matrix.profile }}.zip
           git config --global --add safe.directory "$GITHUB_WORKSPACE"
-      - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
+      - uses: actions/cache@v3
         with:
-          path: "emqx_dialyzer_${{ matrix.profile }}_plt"
-          key: rebar3-dialyzer-plt-${{ matrix.profile }}-${{ hashFiles('rebar.*', 'apps/*/rebar.*') }}
+          path: "emqx_dialyzer_${{ matrix.otp }}_plt"
+          key: rebar3-dialyzer-plt-${{ matrix.profile }}-${{ matrix.otp }}-${{ hashFiles('rebar.*', 'apps/*/rebar.*', 'lib-ee/*/rebar.*') }}
           restore-keys: |
-            rebar3-dialyzer-plt-${{ matrix.profile }}-
-      - run: cat .env | tee -a $GITHUB_ENV
+            rebar3-dialyzer-plt-${{ matrix.profile }}-${{ matrix.otp }}-
       - name: run static checks
+        env:
+          PROFILE: ${{ matrix.profile }}
         run: make static_checks

.github/workflows/sync-release-branch.yaml

@@ -1,88 +0,0 @@
-name: Sync release branch
-
-concurrency:
-  group: sync-release-branch-${{ github.event_name }}-${{ github.ref }}
-  cancel-in-progress: true
-
-on:
-  schedule:
-    - cron:  '0 2 * * *'
-  workflow_dispatch:
-
-permissions:
-  contents: read
-
-jobs:
-  create-pr:
-    runs-on: ${{ endsWith(github.repository, '/emqx') && 'ubuntu-22.04' || fromJSON('["self-hosted","ephemeral","linux","x64"]') }}
-
-    strategy:
-      fail-fast: false
-      matrix:
-        branch:
-          - release-57
-
-    env:
-      SYNC_BRANCH: ${{ matrix.branch }}
-
-    defaults:
-      run:
-        shell: bash
-
-    permissions:
-      contents: write
-      pull-requests: write
-
-    steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-        with:
-          fetch-depth: 0
-
-      - name: create new branch
-        run: |
-          set -euxo pipefail
-          NEW_BRANCH_NAME=sync-${SYNC_BRANCH}-$(date +"%Y%m%d-%H%M%S")
-          echo "NEW_BRANCH_NAME=${NEW_BRANCH_NAME}" >> $GITHUB_ENV
-          git config --global user.name "${GITHUB_ACTOR}"
-          git config --global user.email "${GITHUB_ACTOR}@users.noreply.github.com"
-          git checkout -b ${NEW_BRANCH_NAME}
-          git merge origin/${SYNC_BRANCH} 2>&1 | tee merge.log
-          git push origin ${NEW_BRANCH_NAME}:${NEW_BRANCH_NAME}
-
-      - name: create pull request
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: |
-          set -euxo pipefail
-          for pr in $(gh pr list --state open --base master --label sync-release-branch --search "Sync ${SYNC_BRANCH} in:title" --repo ${{ github.repository }} --json number --jq '.[] | .number'); do
-            gh pr close $pr --repo ${{ github.repository }} --delete-branch || true
-          done
-          gh pr create --title "Sync ${SYNC_BRANCH}" --body "Sync ${SYNC_BRANCH}" --base master --head ${NEW_BRANCH_NAME} --label sync-release-branch --repo ${{ github.repository }}
-
-      - name: Send notification to Slack
-        if: failure()
-        env:
-          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
-        run: |
-          awk '{printf "%s\\n", $0}' merge.log > merge.log.1
-          cat <<EOF > payload.json
-          {
-            "blocks": [
-              {
-                "type": "section",
-                "text": {
-                  "type": "mrkdwn",
-                  "text": "Automatic sync of ${SYNC_BRANCH} branch failed: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
-                }
-              },
-              {
-                "type": "section",
-                "text": {
-                  "type": "mrkdwn",
-                  "text": "\`\`\`$(cat merge.log.1)\`\`\`"
-                }
-              }
-            ]
-          }
-          EOF
-          curl -X POST -H 'Content-type: application/json' --data @payload.json "$SLACK_WEBHOOK_URL"

.github/workflows/upload-helm-charts.yaml

@@ -9,21 +9,18 @@ on:
         type: string
         required: true
 
-permissions:
-  contents: read
-
 jobs:
   upload:
     runs-on: ubuntu-22.04
     strategy:
       fail-fast: false
     steps:
-      - uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 # v4.0.2
+      - uses: aws-actions/configure-aws-credentials@v2
         with:
           aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           aws-region: ${{ secrets.AWS_DEFAULT_REGION }}
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@v3
         with:
           ref: ${{ github.event.inputs.tag }}
       - name: Detect profile
@@ -45,8 +42,8 @@ jobs:
               echo "version=$(./pkg-vsn.sh emqx-enterprise)" >> $GITHUB_OUTPUT
               ;;
           esac
-      - uses: emqx/push-helm-action@5ca37070f42cf874fc843a0e0c7c10ac76de5255 # v1.1
-        if: github.event_name == 'release' && !github.event.release.prerelease
+      - uses: emqx/push-helm-action@v1.1
+        if: github.event_name == 'release' && !github.event.prerelease
         with:
           charts_dir: "${{ github.workspace }}/deploy/charts/${{ steps.profile.outputs.profile }}"
           version: ${{ steps.profile.outputs.version }}

.gitignore

@@ -23,8 +23,6 @@ _build
 .rebar3
 rebar3.crashdump
 .DS_Store
-# emqx_ds_replication_layer_meta:ensure_site/0
-data
 etc/gen.emqx.conf
 compile_commands.json
 cuttlefish
@@ -61,7 +59,7 @@ erlang_ls.config
 .envrc
 # elixir
 mix.lock
-apps/emqx/test/emqx_static_checks_data/master.bpapi2
+apps/emqx/test/emqx_static_checks_data/master.bpapi
 # rendered configurations
 *.conf.rendered
 *.conf.rendered.*
@@ -71,11 +69,3 @@ bom.json
 ct_run*/
 apps/emqx_conf/etc/emqx.conf.all.rendered*
 rebar-git-cache.tar
-# build docker image locally
-.dockerignore
-.docker_image_tag
-.emqx_docker_image_tags
-.git/
-apps/emqx_utils/src/emqx_variform_parser.erl
-apps/emqx_utils/src/emqx_variform_scan.erl
-default-profile.mk

.tool-versions

@@ -1,2 +1,2 @@
-erlang 26.2.5-3
-elixir 1.15.7-otp-26
+erlang 25.3.2-2
+elixir 1.14.5-otp-25

Dockerfile.ubuntu20.04.runner

@@ -1,5 +1,5 @@
 ## This is a fast-build Dockerfile only for testing
-FROM ubuntu:20.04@sha256:f2034e7195f61334e6caff6ecf2e965f92d11e888309065da85ff50c617732b8
+FROM ubuntu:20.04
 ARG PROFILE=emqx
 
 RUN apt-get update; \
@@ -30,10 +30,11 @@ VOLUME ["/opt/emqx/log", "/opt/emqx/data"]
 # - 8083 for WebSocket/HTTP
 # - 8084 for WSS/HTTPS
 # - 8883 port for MQTT(SSL)
+# - 11883 port for internal MQTT/TCP
 # - 18083 for dashboard and API
 # - 4370 default Erlang distrbution port
 # - 5369 for backplain gen_rpc
-EXPOSE 1883 8083 8084 8883 18083 4370 5369
+EXPOSE 1883 8083 8084 8883 11883 18083 4370 5369
 
 ENTRYPOINT ["/usr/bin/docker-entrypoint.sh"]
 

Makefile

@@ -6,17 +6,34 @@ endif
 REBAR = $(CURDIR)/rebar3
 BUILD = $(CURDIR)/build
 SCRIPTS = $(CURDIR)/scripts
-include env.sh
+export EMQX_RELUP ?= true
+export EMQX_DEFAULT_BUILDER = ghcr.io/emqx/emqx-builder/5.1-4:1.14.5-25.3.2-2-debian11
+export EMQX_DEFAULT_RUNNER = public.ecr.aws/debian/debian:11-slim
+export EMQX_REL_FORM ?= tgz
+export QUICER_DOWNLOAD_FROM_RELEASE = 1
+ifeq ($(OS),Windows_NT)
+	export REBAR_COLOR=none
+	FIND=/usr/bin/find
+else
+	FIND=find
+endif
 
 # Dashboard version
 # from https://github.com/emqx/emqx-dashboard5
-export EMQX_DASHBOARD_VERSION ?= v1.10.0-beta.1
-export EMQX_EE_DASHBOARD_VERSION ?= e1.8.0-beta.1
+export EMQX_DASHBOARD_VERSION ?= v1.5.0
+export EMQX_EE_DASHBOARD_VERSION ?= e1.3.0
 
-export EMQX_RELUP ?= true
-export EMQX_REL_FORM ?= tgz
+# `:=` should be used here, otherwise the `$(shell ...)` will be executed every time when the variable is used
+# In make 4.4+, for backward-compatibility the value from the original environment is used.
+# so the shell script will be executed tons of times.
+# https://github.com/emqx/emqx/pull/10627
+ifeq ($(strip $(OTP_VSN)),)
+export OTP_VSN := $(shell $(SCRIPTS)/get-otp-vsn.sh)
+endif
+ifeq ($(strip $(ELIXIR_VSN)),)
+export ELIXIR_VSN := $(shell $(SCRIPTS)/get-elixir-vsn.sh)
+endif
 
--include default-profile.mk
 PROFILE ?= emqx
 REL_PROFILES := emqx emqx-enterprise
 PKG_PROFILES := emqx-pkg emqx-enterprise-pkg
@@ -28,8 +45,6 @@ CT_COVER_EXPORT_PREFIX ?= $(PROFILE)
 
 export REBAR_GIT_CLONE_OPTIONS += --depth=1
 
-ELIXIR_COMMON_DEPS := ensure-hex ensure-mix-rebar3 ensure-mix-rebar
-
 .PHONY: default
 default: $(REBAR) $(PROFILE)
 
@@ -49,8 +64,7 @@ $(REBAR): .prepare ensure-rebar3
 
 .PHONY: ensure-hex
 ensure-hex:
-	# @mix local.hex --if-missing --force
-	@mix local.hex 2.0.6 --if-missing --force
+	@mix local.hex --if-missing --force
 
 .PHONY: ensure-mix-rebar3
 ensure-mix-rebar3: $(REBAR)
@@ -60,21 +74,17 @@ ensure-mix-rebar3: $(REBAR)
 ensure-mix-rebar: $(REBAR)
 	@mix local.rebar --if-missing --force
 
-
-.PHONY: elixir-common-deps
-elixir-common-deps: $(ELIXIR_COMMON_DEPS)
-
 .PHONY: mix-deps-get
-mix-deps-get: elixir-common-deps
+mix-deps-get: $(ELIXIR_COMMON_DEPS)
 	@mix deps.get
 
 .PHONY: eunit
 eunit: $(REBAR) merge-config
-	@$(REBAR) eunit --name eunit@127.0.0.1 -c -v --cover_export_name $(CT_COVER_EXPORT_PREFIX)-eunit
+	@ENABLE_COVER_COMPILE=1 $(REBAR) eunit  --name eunit@127.0.0.1 -v -c --cover_export_name $(CT_COVER_EXPORT_PREFIX)-eunit
 
 .PHONY: proper
 proper: $(REBAR)
-	@$(REBAR) proper -d test/props -c
+	@ENABLE_COVER_COMPILE=1 $(REBAR) proper -d test/props -c
 
 .PHONY: test-compile
 test-compile: $(REBAR) merge-config
@@ -86,7 +96,7 @@ $(REL_PROFILES:%=%-compile): $(REBAR) merge-config
 
 .PHONY: ct
 ct: $(REBAR) merge-config
-	@$(REBAR) ct --name $(CT_NODE_NAME) -c -v --cover_export_name $(CT_COVER_EXPORT_PREFIX)-ct
+	@ENABLE_COVER_COMPILE=1 $(REBAR) ct --name $(CT_NODE_NAME) -c -v --cover_export_name $(CT_COVER_EXPORT_PREFIX)-ct
 
 ## only check bpapi for enterprise profile because it's a super-set.
 .PHONY: static_checks
@@ -103,13 +113,7 @@ endif
 
 # Allow user-set GROUPS environment variable
 ifneq ($(GROUPS),)
-GROUPS_ARG := --group $(GROUPS)
-endif
-
-ifeq ($(ENABLE_COVER_COMPILE),1)
-cover_args = --cover --cover_export_name $(CT_COVER_EXPORT_PREFIX)-$(subst /,-,$1)
-else
-cover_args =
+GROUPS_ARG := --groups $(GROUPS)
 endif
 
 ## example:
@@ -118,10 +122,10 @@ define gen-app-ct-target
 $1-ct: $(REBAR) merge-config clean-test-cluster-config
 	$(eval SUITES := $(shell $(SCRIPTS)/find-suites.sh $1))
 ifneq ($(SUITES),)
-	$(REBAR) ct -v \
+	ENABLE_COVER_COMPILE=1 $(REBAR) ct -c -v \
 		--readable=$(CT_READABLE) \
 		--name $(CT_NODE_NAME) \
-		$(call cover_args,$1) \
+		--cover_export_name $(CT_COVER_EXPORT_PREFIX)-$(subst /,-,$1) \
 		--suite $(SUITES) \
 		$(GROUPS_ARG) \
 		$(CASES_ARG)
@@ -195,8 +199,8 @@ $(PROFILES:%=clean-%):
 	@if [ -d _build/$(@:clean-%=%) ]; then \
 		rm -f rebar.lock; \
 		rm -rf _build/$(@:clean-%=%)/rel; \
-		find _build/$(@:clean-%=%) -name '*.beam' -o -name '*.so' -o -name '*.app' -o -name '*.appup' -o -name '*.o' -o -name '*.d' -type f | xargs rm -f; \
-		find _build/$(@:clean-%=%) -type l -delete; \
+		$(FIND) _build/$(@:clean-%=%) -name '*.beam' -o -name '*.so' -o -name '*.app' -o -name '*.appup' -o -name '*.o' -o -name '*.d' -type f | xargs rm -f; \
+		$(FIND) _build/$(@:clean-%=%) -type l -delete; \
 	fi
 
 .PHONY: clean-all
@@ -244,7 +248,7 @@ $(foreach zt,$(ALL_ZIPS),$(eval $(call download-relup-packages,$(zt))))
 ## relup target is to create relup instructions
 .PHONY: $(REL_PROFILES:%=%-relup)
 define gen-relup-target
-$1-relup: $(COMMON_DEPS)
+$1-relup: $1-relup-downloads $(COMMON_DEPS)
 	@$(BUILD) $1 relup
 endef
 ALL_TGZS = $(REL_PROFILES)
@@ -253,7 +257,7 @@ $(foreach zt,$(ALL_TGZS),$(eval $(call gen-relup-target,$(zt))))
 ## tgz target is to create a release package .tar.gz with relup
 .PHONY: $(REL_PROFILES:%=%-tgz)
 define gen-tgz-target
-$1-tgz: $(COMMON_DEPS)
+$1-tgz: $1-relup
 	@$(BUILD) $1 tgz
 endef
 ALL_TGZS = $(REL_PROFILES)
@@ -316,20 +320,8 @@ $(foreach tt,$(ALL_ELIXIR_TGZS),$(eval $(call gen-elixir-tgz-target,$(tt))))
 
 .PHONY: fmt
 fmt: $(REBAR)
-	@find . \( -name '*.app.src' -o \
-						 -name '*.erl' -o \
-					   -name '*.hrl' -o \
-			  		 -name 'rebar.config' -o \
-			  		 -name '*.eterm' -o \
-			  		 -name '*.escript' \) \
-	                          -not -path '*/_build/*' \
-	                          -not -path '*/deps/*' \
-	                          -not -path '*/_checkouts/*' \
-	                          -type f \
-		| xargs $(SCRIPTS)/erlfmt -w
-	@$(SCRIPTS)/erlfmt -w 'apps/emqx/rebar.config.script'
-	@$(SCRIPTS)/erlfmt -w 'elvis.config'
-	@$(SCRIPTS)/erlfmt -w 'bin/nodetool'
+	@$(SCRIPTS)/erlfmt -w '{apps,lib-ee}/*/{src,include,priv,test,integration_test}/**/*.{erl,hrl,app.src,eterm}'
+	@$(SCRIPTS)/erlfmt -w 'rebar.config.erl'
 	@mix format
 
 .PHONY: clean-test-cluster-config
@@ -339,7 +331,3 @@ clean-test-cluster-config:
 .PHONY: spellcheck
 spellcheck:
 	./scripts/spellcheck/spellcheck.sh _build/docgen/$(PROFILE)/schema-en.json
-
-.PHONY: nothing
-nothing:
-	@:

NOTICE

@@ -1,5 +1,5 @@
 EMQX, highly scalable, highly available distributed MQTT messaging platform for IoT.
-Copyright (c) 2017-2024 EMQ Technologies Co., Ltd. All Rights Reserved.
+Copyright (c) 2017-2023 EMQ Technologies Co., Ltd. All Rights Reserved.
 
 This product contains code developed at EMQ Technologies Co., Ltd.
 Visit https://www.emqx.come to learn more.

README-CN.md

@@ -1,12 +1,9 @@
-简体中文 | [English](./README.md) | [Русский](./README-RU.md)
-
 # EMQX
 
 [![GitHub Release](https://img.shields.io/github/release/emqx/emqx?color=brightgreen&label=Release)](https://github.com/emqx/emqx/releases)
 [![Build Status](https://github.com/emqx/emqx/actions/workflows/_push-entrypoint.yaml/badge.svg)](https://github.com/emqx/emqx/actions/workflows/_push-entrypoint.yaml)
 [![Coverage Status](https://img.shields.io/coveralls/github/emqx/emqx/master?label=Coverage)](https://coveralls.io/github/emqx/emqx?branch=master)
 [![Docker Pulls](https://img.shields.io/docker/pulls/emqx/emqx?label=Docker%20Pulls)](https://hub.docker.com/r/emqx/emqx)
-[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/emqx/emqx/badge)](https://securityscorecards.dev/viewer/?uri=github.com/emqx/emqx)
 [![Slack](https://img.shields.io/badge/Slack-EMQ-39AE85?logo=slack)](https://slack-invite.emqx.io/)
 [![Discord](https://img.shields.io/discord/931086341838622751?label=Discord&logo=discord)](https://discord.gg/xYGf3fQnES)
 [![Twitter](https://img.shields.io/badge/Twitter-EMQ-1DA1F2?logo=twitter)](https://twitter.com/EMQTech)
@@ -63,7 +60,7 @@ EMQX Cloud 文档：[docs.emqx.com/zh/cloud/latest/](https://docs.emqx.com/zh/cl
 - 访问 [EMQ 问答社区](https://askemq.com/) 以获取帮助，也可以分享您的想法或项目。
 - 添加小助手微信号 `emqmkt`，加入 EMQ 微信技术交流群。
 - 加入我们的 [Discord](https://discord.gg/xYGf3fQnES)，参于实时讨论。
-- 关注我们的 [Bilibili](https://space.bilibili.com/522222081)，获取最新物联网技术分享。
+- 关注我们的 [bilibili](https://space.bilibili.com/522222081)，获取最新物联网技术分享。
 - 关注我们的 [微博](https://weibo.com/emqtt) 或 [Twitter](https://twitter.com/EMQTech)，获取 EMQ 最新资讯。
 
 ## 相关资源
@@ -80,7 +77,7 @@ EMQX Cloud 文档：[docs.emqx.com/zh/cloud/latest/](https://docs.emqx.com/zh/cl
 
   优雅的跨平台 MQTT 5.0 客户端工具，提供了桌面端、命令行、Web 三种版本，帮助您更快的开发和调试 MQTT 服务和应用。
 
-- [车联网平台搭建从入门到精通](https://www.emqx.com/zh/blog/category/internet-of-vehicles)
+- [车联网平台搭建从入门到精通 ](https://www.emqx.com/zh/blog/category/internet-of-vehicles)
 
   结合 EMQ 在车联网领域的实践经验，从协议选择等理论知识，到平台架构设计等实战操作，分享如何搭建一个可靠、高效、符合行业场景需求的车联网平台。
 
@@ -88,7 +85,7 @@ EMQX Cloud 文档：[docs.emqx.com/zh/cloud/latest/](https://docs.emqx.com/zh/cl
 
 `master` 分支是最新的 5 版本，`main-v4.4` 是 4.4 版本。
 
-EMQX 4.4 版本需要 OTP 24；5 版本则可以使用 OTP 25 和 26 构建。
+EMQX 4.4 版本需要 OTP 24；5 版本则可以使用 OTP 24 和 25 构建。
 
 ```bash
 git clone https://github.com/emqx/emqx.git

README-RU.md

@@ -1,12 +1,9 @@
-Русский | [简体中文](./README-CN.md) | [English](./README.md)
-
 # Брокер EMQX
 
 [![GitHub Release](https://img.shields.io/github/release/emqx/emqx?color=brightgreen&label=Release)](https://github.com/emqx/emqx/releases)
 [![Build Status](https://github.com/emqx/emqx/actions/workflows/_push-entrypoint.yaml/badge.svg)](https://github.com/emqx/emqx/actions/workflows/_push-entrypoint.yaml)
 [![Coverage Status](https://img.shields.io/coveralls/github/emqx/emqx/master?label=Coverage)](https://coveralls.io/github/emqx/emqx?branch=master)
 [![Docker Pulls](https://img.shields.io/docker/pulls/emqx/emqx?label=Docker%20Pulls)](https://hub.docker.com/r/emqx/emqx)
-[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/emqx/emqx/badge)](https://securityscorecards.dev/viewer/?uri=github.com/emqx/emqx)
 [![Slack](https://img.shields.io/badge/Slack-EMQ-39AE85?logo=slack)](https://slack-invite.emqx.io/)
 [![Discord](https://img.shields.io/discord/931086341838622751?label=Discord&logo=discord)](https://discord.gg/xYGf3fQnES)
 [![Twitter](https://img.shields.io/badge/Follow-EMQ-1DA1F2?logo=twitter)](https://twitter.com/EMQTech)
@@ -35,7 +32,7 @@ docker run -d --name emqx -p 1883:1883 -p 8083:8083 -p 8883:8883 -p 8084:8084 -p
 
 Чтобы ознакомиться с функциональностью EMQX, пожалуйста, следуйте [руководству по началу работы](https://www.emqx.io/docs/en/v5.0/getting-started/getting-started.html#start-emqx).
 
-#### Запуск кластера EMQX на Kubernetes
+#### Запуск кластера EMQX на kubernetes
 
 [Документация по EMQX Operator](https://github.com/emqx/emqx-operator/blob/main/docs/en_US/getting-started/getting-started.md).
 
@@ -86,9 +83,7 @@ docker run -d --name emqx -p 1883:1883 -p 8083:8083 -p 8883:8883 -p 8084:8084 -p
 
 Ветка `master` предназначена для последней версии 5, переключитесь на ветку `main-v4.4` для версии 4.4.
 
-EMQX требует OTP 24 для версии 4.4.
-Версии 5.0 ~ 5.3 могут быть собраны с OTP 24 или 25.
-Версия 5.4 и новее могут быть собраны с OTP 25 или 26.
+EMQX требует OTP 24 для версии 4.4. Версию 5.0 можно собирать с OTP 24 или 25.
 
 ```bash
 git clone https://github.com/emqx/emqx.git

README.md

@@ -1,12 +1,9 @@
-English | [简体中文](./README-CN.md) | [Русский](./README-RU.md)
-
 # EMQX
 
 [![GitHub Release](https://img.shields.io/github/release/emqx/emqx?color=brightgreen&label=Release)](https://github.com/emqx/emqx/releases)
 [![Build Status](https://github.com/emqx/emqx/actions/workflows/_push-entrypoint.yaml/badge.svg)](https://github.com/emqx/emqx/actions/workflows/_push-entrypoint.yaml)
 [![Coverage Status](https://img.shields.io/coveralls/github/emqx/emqx/master?label=Coverage)](https://coveralls.io/github/emqx/emqx?branch=master)
 [![Docker Pulls](https://img.shields.io/docker/pulls/emqx/emqx?label=Docker%20Pulls)](https://hub.docker.com/r/emqx/emqx)
-[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/emqx/emqx/badge)](https://securityscorecards.dev/viewer/?uri=github.com/emqx/emqx)
 [![Slack](https://img.shields.io/badge/Slack-EMQ-39AE85?logo=slack)](https://slack-invite.emqx.io/)
 [![Discord](https://img.shields.io/discord/931086341838622751?label=Discord&logo=discord)](https://discord.gg/xYGf3fQnES)
 [![Twitter](https://img.shields.io/badge/Follow-EMQ-1DA1F2?logo=twitter)](https://twitter.com/EMQTech)
@@ -37,7 +34,7 @@ docker run -d --name emqx -p 1883:1883 -p 8083:8083 -p 8084:8084 -p 8883:8883 -p
 
 Next, please follow the [Deploy with Docker](https://www.emqx.io/docs/en/v5.1/deploy/install-docker.html) guide for further instructions.
 
-#### Run EMQX cluster on Kubernetes
+#### Run EMQX cluster on kubernetes
 
 Please consult official [EMQX Operator](https://github.com/emqx/emqx-operator/blob/main/docs/en_US/getting-started/getting-started.md) documentation for details.
 
@@ -98,9 +95,7 @@ For more organised improvement proposals, you can send pull requests to [EIP](ht
 
 The `master` branch tracks the latest version 5. For version 4.4 checkout the `main-v4.4` branch.
 
-EMQX 4.4 requires OTP 24.
-EMQX 5.0 ~ 5.3 can be built with OTP 24 or 25.
-EMQX 5.4 and newer can be built with OTP 25 or 26.
+EMQX 4.4 requires OTP 24. EMQX 5.0 and 5.1 can be built with OTP 24 or 25.
 
 ```bash
 git clone https://github.com/emqx/emqx.git

Windows.md

@@ -0,0 +1,131 @@
+# Build and run EMQX on Windows
+
+NOTE: The instructions and examples are based on Windows 10.
+
+## Build Environment
+
+### Visual studio for C/C++ compile and link
+
+EMQX includes Erlang NIF (Native Implemented Function) components, implemented
+in C/C++. To compile and link C/C++ libraries, the easiest way is perhaps to
+install Visual Studio.
+
+Visual Studio 2019 is used in our tests.
+If you are like me (@zmstone), do not know where to start,
+please follow this OTP guide:
+https://github.com/erlang/otp/blob/master/HOWTO/INSTALL-WIN32.md
+
+NOTE: To avoid surprises, you may need to add below two paths to `Path` environment variable
+and order them before other paths.
+
+```
+C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Tools\MSVC\14.28.29910\bin\Hostx64\x64
+C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Auxiliary\Build
+```
+
+Depending on your visual studio version and OS, the paths may differ.
+The first path is for rebar3 port compiler to find `cl.exe` and `link.exe`
+The second path is for CMD to setup environment variables.
+
+### Erlang/OTP
+
+Install Erlang/OTP 24 from https://www.erlang.org/downloads
+You may need to edit the `Path` environment variable to allow running
+Erlang commands such as `erl` from powershell.
+
+To validate Erlang installation in CMD or powershell:
+
+* Start (or restart) CMD or powershell
+
+* Execute `erl` command to enter Erlang shell
+
+* Evaluate Erlang expression `halt().` to exit Erlang shell.
+
+e.g.
+
+```
+PS C:\Users\zmsto> erl
+Eshell V12.2.1  (abort with ^G)
+1> halt().
+```
+
+### bash
+
+All EMQX build/run scripts are either in `bash` or `escript`.
+`escript` is installed as a part of Erlang. To install a `bash`
+environment in Windows, there are quite a few options.
+
+Cygwin is what we tested with.
+
+* Add `cygwin\bin` dir to `Path` environment variable
+  To do so, search for Edit environment variable in control panel and
+  add `C:\tools\cygwin\bin` (depending on the location where it was installed)
+  to `Path` list.
+
+* Validate installation.
+  Start (restart) CMD or powershell console and execute `which bash`, it should
+  print out `/usr/bin/bash`
+
+NOTE: Make sure cygwin's bin dir is added before `C:\Windows\system32` in `Path`,
+otherwise the build scripts may end up using binaries from wsl instead of cygwin.
+
+### Other tools
+
+Some of the unix world tools are required to build EMQX.  Including:
+
+* git
+* curl
+* make
+* cmake
+* jq
+* zip / unzip
+
+We recommend using [scoop](https://scoop.sh/), or [Chocolatey](https://chocolatey.org/install) to install the tools.
+
+When using scoop:
+
+```
+scoop install git curl make cmake jq zip unzip
+```
+
+## Build EMQX source code
+
+* Clone the repo: `git clone https://github.com/emqx/emqx.git`
+
+* Start CMD console
+
+* Execute `vcvarsall.bat x86_amd64` to load environment variables
+
+* Change to emqx directory and execute `make`
+
+### Possible errors
+
+* `'cl.exe' is not recognized as an internal or external command`
+  This error is likely due to Visual Studio executables are not set in `Path` environment variable.
+  To fix it, either add path like `C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Tools\MSVC\14.28.29910\bin\Hostx64\x64`
+  to `Paht`. Or make sure `vcvarsall.bat x86_amd64` is executed prior to the `make` command
+
+* `fatal error C1083: Cannot open include file: 'assert.h': No such file or directory`
+  If Visual Studio is installed correctly, this is likely `LIB` and `LIB_PATH` environment
+  variables are not set. Make sure `vcvarsall.bat x86_amd64` is executed prior to the `make` command
+
+* `link: extra operand 'some.obj'`
+  This is likely due to the usage of GNU `lnik.exe` but not the one from Visual Studio.
+  Execute `link.exe --version` to inspect which one is in use. The one installed from
+  Visual Studio should print out `Microsoft (R) Incremental Linker`.
+  To fix it, Visual Studio's bin paths should be ordered prior to Cygwin's (or similar installation's)
+  bin paths in `Path` environment variable.
+
+## Run EMQX
+
+To start EMQX broker.
+
+Execute `_build\emqx\rel\emqx>.\bin\emqx console` or `_build\emqx\rel\emqx>.\bin\emqx start` to start EMQX.
+
+Then execute `_build\emqx\rel\emqx>.\bin\emqx_ctl status` to check status.
+If everything works fine, it should print out
+
+```
+Node 'emqx@127.0.0.1' 4.3-beta.1 is started
+Application emqx 4.3.0 is running
+```

apps/emqx/.gitignore

@@ -1,2 +0,0 @@
-# See: emqx_common_test_helpers:copy_acl_conf/0
-etc/acl.conf

apps/emqx/NOTICE

@@ -1,5 +1,5 @@
 EMQX, highly scalable, highly available distributed MQTT messaging platform for IoT.
-Copyright (c) 2017-2024 EMQ Technologies Co., Ltd. All Rights Reserved.
+Copyright (c) 2017-2023 EMQ Technologies Co., Ltd. All Rights Reserved.
 
 This product contains code developed at EMQ Technologies Co., Ltd.
 Visit https://www.emqx.come to learn more.

apps/emqx/etc/emqx.conf

@@ -1,20 +0,0 @@
-## EMQX provides support for two primary log handlers: `file` and `console`, with an additional `audit` handler specifically designed to always direct logs to files.
-## The system's default log handling behavior can be configured via the environment variable `EMQX_DEFAULT_LOG_HANDLER`, which accepts the following settings:
-##
-##   - `file`: Directs log output exclusively to files.
-##   - `console`: Channels log output solely to the console.
-##
-## It's noteworthy that `EMQX_DEFAULT_LOG_HANDLER` is set to `file` when EMQX is initiated via systemd `emqx.service` file.
-## In scenarios outside systemd initiation, `console` serves as the default log handler.
-
-## Read more about configs here: {{ emqx_configuration_doc_log }}
-
-log {
-    # file {
-    #     level = warning
-    # }
-    # console {
-    #     level = warning
-    # }
-}
-

apps/emqx/etc/vm.args.cloud

@@ -98,7 +98,7 @@
 #+W w
 
 ## Sets time warp mode: no_time_warp | single_time_warp | multi_time_warp
-+C multi_time_warp
+#+C no_time_warp
 
 ## Prevents loading information about source filenames and line numbers.
 #+L

apps/emqx/include/asserts.hrl

@@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2023-2024 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2023 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
@@ -45,10 +45,6 @@
 ).
 
 -define(assertReceive(PATTERN, TIMEOUT),
-    ?assertReceive(PATTERN, TIMEOUT, #{})
-).
-
--define(assertReceive(PATTERN, TIMEOUT, EXTRA),
     (fun() ->
         receive
             X__V = PATTERN -> X__V
@@ -58,8 +54,7 @@
                     {module, ?MODULE},
                     {line, ?LINE},
                     {expression, (??PATTERN)},
-                    {mailbox, ?drainMailbox()},
-                    {extra_info, EXTRA}
+                    {mailbox, ?drainMailbox()}
                 ]}
             )
         end
@@ -88,28 +83,6 @@
     end)()
 ).
 
--define(assertExceptionOneOf(CT1, CT2, EXPR),
-    (fun() ->
-        X__Attrs = [
-            {module, ?MODULE},
-            {line, ?LINE},
-            {expression, (??EXPR)},
-            {pattern, "[ " ++ (??CT1) ++ ", " ++ (??CT2) ++ " ]"}
-        ],
-        X__Exc =
-            try (EXPR) of
-                X__V -> erlang:error({assertException, [{unexpected_success, X__V} | X__Attrs]})
-            catch
-                X__C:X__T:X__S -> {X__C, X__T, X__S}
-            end,
-        case {element(1, X__Exc), element(2, X__Exc)} of
-            CT1 -> ok;
-            CT2 -> ok;
-            _ -> erlang:error({assertException, [{unexpected_exception, X__Exc} | X__Attrs]})
-        end
-    end)()
-).
-
 -define(retrying(CONFIG, NUM_RETRIES, TEST_BODY_FN), begin
     __TEST_CASE = ?FUNCTION_NAME,
     (fun

apps/emqx/include/bpapi.hrl

@@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2017-2024 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2017-2023 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
@@ -14,4 +14,9 @@
 %% limitations under the License.
 %%--------------------------------------------------------------------
 
--include_lib("emqx_utils/include/bpapi.hrl").
+-ifndef(EMQX_BPAPI_HRL).
+-define(EMQX_BPAPI_HRL, true).
+
+-compile({parse_transform, emqx_bpapi_trans}).
+
+-endif.

apps/emqx/include/emqx.hrl

@@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2017-2024 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2017-2023 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
@@ -39,6 +39,9 @@
 %% System topic
 -define(SYSTOP, <<"$SYS/">>).
 
+%% Queue topic
+-define(QUEUE, <<"$queue/">>).
+
 %%--------------------------------------------------------------------
 %% alarms
 %%--------------------------------------------------------------------
@@ -52,7 +55,29 @@
 
 -record(subscription, {topic, subid, subopts}).
 
--include_lib("emqx_utils/include/emqx_message.hrl").
+%% See 'Application Message' in MQTT Version 5.0
+-record(message, {
+    %% Global unique message ID
+    id :: binary(),
+    %% Message QoS
+    qos = 0,
+    %% Message from
+    from :: atom() | binary(),
+    %% Message flags
+    flags = #{} :: emqx_types:flags(),
+    %% Message headers. May contain any metadata. e.g. the
+    %% protocol version number, username, peerhost or
+    %% the PUBLISH properties (MQTT 5.0).
+    headers = #{} :: emqx_types:headers(),
+    %% Topic that the message is published to
+    topic :: emqx_types:topic(),
+    %% Message Payload
+    payload :: emqx_types:payload(),
+    %% Timestamp (Unit: millisecond)
+    timestamp :: integer(),
+    %% not used so far, for future extension
+    extra = [] :: term()
+}).
 
 -record(delivery, {
     %% Sender of the delivery
@@ -65,20 +90,9 @@
 %% Route
 %%--------------------------------------------------------------------
 
--record(share_dest, {
-    session_id :: emqx_session:session_id(),
-    group :: emqx_types:group()
-}).
-
 -record(route, {
     topic :: binary(),
-    dest ::
-        node()
-        | {binary(), node()}
-        | emqx_session:session_id()
-        %% One session can also have multiple subscriptions to the same topic through different groups
-        | #share_dest{}
-        | emqx_external_broker:dest()
+    dest :: node() | {binary(), node()} | emqx_session:session_id()
 }).
 
 %%--------------------------------------------------------------------
@@ -99,17 +113,14 @@
 %%--------------------------------------------------------------------
 
 -record(banned, {
-    who :: emqx_types:banned_who(),
+    who ::
+        {clientid, binary()}
+        | {peerhost, inet:ip_address()}
+        | {username, binary()},
     by :: binary(),
     reason :: binary(),
     at :: integer(),
     until :: integer()
 }).
 
-%%--------------------------------------------------------------------
-%% Configurations
-%%--------------------------------------------------------------------
--define(KIND_REPLICATE, replicate).
--define(KIND_INITIATE, initiate).
-
 -endif.

apps/emqx/include/emqx_access_control.hrl

@@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2022-2024 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2022-2023 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
@@ -24,13 +24,9 @@
 -define(DEFAULT_ACTION_QOS, 0).
 -define(DEFAULT_ACTION_RETAIN, false).
 
--define(AUTHZ_SUBSCRIBE_MATCH_MAP(QOS), #{action_type := subscribe, qos := QOS}).
 -define(AUTHZ_SUBSCRIBE(QOS), #{action_type => subscribe, qos => QOS}).
 -define(AUTHZ_SUBSCRIBE, ?AUTHZ_SUBSCRIBE(?DEFAULT_ACTION_QOS)).
 
--define(AUTHZ_PUBLISH_MATCH_MAP(QOS, RETAIN), #{
-    action_type := publish, qos := QOS, retain := RETAIN
-}).
 -define(AUTHZ_PUBLISH(QOS, RETAIN), #{action_type => publish, qos => QOS, retain => RETAIN}).
 -define(AUTHZ_PUBLISH(QOS), ?AUTHZ_PUBLISH(QOS, ?DEFAULT_ACTION_RETAIN)).
 -define(AUTHZ_PUBLISH, ?AUTHZ_PUBLISH(?DEFAULT_ACTION_QOS)).

apps/emqx/include/emqx_channel.hrl

@@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2017-2024 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2017-2023 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.

apps/emqx/include/emqx_cm.hrl

@@ -1,5 +1,5 @@
 %%-------------------------------------------------------------------
-%% Copyright (c) 2022-2024 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2022-2023 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
@@ -23,20 +23,11 @@
 -define(CHAN_INFO_TAB, emqx_channel_info).
 -define(CHAN_LIVE_TAB, emqx_channel_live).
 
-%% Mria table for session registration.
+%% Mria/Mnesia Tables for channel management.
 -define(CHAN_REG_TAB, emqx_channel_registry).
 
 -define(T_KICK, 5_000).
 -define(T_GET_INFO, 5_000).
 -define(T_TAKEOVER, 15_000).
 
--define(CM_POOL, emqx_cm_pool).
-
-%% Registered sessions.
--record(channel, {
-    chid :: emqx_types:clientid() | '_',
-    %% pid field is extended in 5.6.0 to support recording unregistration timestamp.
-    pid :: pid() | non_neg_integer() | '$1'
-}).
-
 -endif.

apps/emqx/include/emqx_durable_session_metadata.hrl

@@ -1,35 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2022, 2024 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
-%% @doc This header contains definitions of durable session metadata
-%% keys, that can be consumed by the external code.
--ifndef(EMQX_DURABLE_SESSION_META_HRL).
--define(EMQX_DURABLE_SESSION_META_HRL, true).
-
-%% Session metadata keys:
--define(created_at, created_at).
--define(last_alive_at, last_alive_at).
--define(expiry_interval, expiry_interval).
-%% Unique integer used to create unique identities:
--define(last_id, last_id).
-%% Connection info (relevent for the dashboard):
--define(peername, peername).
--define(will_message, will_message).
--define(clientinfo, clientinfo).
--define(protocol, protocol).
--define(offline_info, offline_info).
-
--endif.

apps/emqx/include/emqx_hooks.hrl

@@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2021-2024 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2021-2023 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
@@ -25,8 +25,6 @@
 -define(HP_AUTHN, 970).
 -define(HP_AUTHZ, 960).
 -define(HP_SYS_MSGS, 950).
--define(HP_SCHEMA_VALIDATION, 945).
--define(HP_MESSAGE_TRANSFORMATION, 943).
 -define(HP_TOPIC_METRICS, 940).
 -define(HP_RETAINER, 930).
 -define(HP_AUTO_SUB, 920).

apps/emqx/include/emqx_metrics.hrl

@@ -1,258 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2024 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
-
--ifndef(EMQX_METRICS_HRL).
--define(EMQX_METRICS_HRL, true).
-
-%% Bytes sent and received
--define(BYTES_METRICS, [
-    {counter, 'bytes.received', <<"Number of bytes received ">>},
-    {counter, 'bytes.sent', <<"Number of bytes sent on this connection">>}
-]).
-
-%% Packets sent and received
--define(PACKET_METRICS, [
-    {counter, 'packets.received', <<"Number of received packet">>},
-    {counter, 'packets.sent', <<"Number of sent packet">>},
-    {counter, 'packets.connect.received', <<"Number of received CONNECT packet">>},
-    {counter, 'packets.connack.sent', <<"Number of sent CONNACK packet">>},
-    {counter, 'packets.connack.error',
-        <<"Number of received CONNECT packet with unsuccessful connections">>},
-    {counter, 'packets.connack.auth_error',
-        <<"Number of received CONNECT packet with failed Authentication">>},
-    {counter, 'packets.publish.received', <<"Number of received PUBLISH packet">>},
-    %% PUBLISH packets sent
-    {counter, 'packets.publish.sent', <<"Number of sent PUBLISH packet">>},
-    %% PUBLISH packet_id inuse
-    {counter, 'packets.publish.inuse',
-        <<"Number of received PUBLISH packet with occupied identifiers">>},
-    %% PUBLISH failed for error
-    {counter, 'packets.publish.error',
-        <<"Number of received PUBLISH packet that cannot be published">>},
-    %% PUBLISH failed for auth error
-    {counter, 'packets.publish.auth_error',
-        <<"Number of received PUBLISH packets with failed the Authorization check">>},
-    %% PUBLISH(QoS2) packets dropped
-    {counter, 'packets.publish.dropped',
-        <<"Number of messages discarded due to the receiving limit">>},
-    %% PUBACK packets received
-    {counter, 'packets.puback.received', <<"Number of received PUBACK packet">>},
-    %% PUBACK packets sent
-    {counter, 'packets.puback.sent', <<"Number of sent PUBACK packet">>},
-    %% PUBACK packet_id inuse
-    {counter, 'packets.puback.inuse',
-        <<"Number of received PUBACK packet with occupied identifiers">>},
-    %% PUBACK packets missed
-    {counter, 'packets.puback.missed', <<"Number of received packet with identifiers.">>},
-    %% PUBREC packets received
-    {counter, 'packets.pubrec.received', <<"Number of received PUBREC packet">>},
-    %% PUBREC packets sent
-    {counter, 'packets.pubrec.sent', <<"Number of sent PUBREC packet">>},
-    %% PUBREC packet_id inuse
-    {counter, 'packets.pubrec.inuse',
-        <<"Number of received PUBREC packet with occupied identifiers">>},
-    %% PUBREC packets missed
-    {counter, 'packets.pubrec.missed',
-        <<"Number of received PUBREC packet with unknown identifiers">>},
-    %% PUBREL packets received
-    {counter, 'packets.pubrel.received', <<"Number of received PUBREL packet">>},
-    %% PUBREL packets sent
-    {counter, 'packets.pubrel.sent', <<"Number of sent PUBREL packet">>},
-    %% PUBREL packets missed
-    {counter, 'packets.pubrel.missed',
-        <<"Number of received PUBREC packet with unknown identifiers">>},
-    %% PUBCOMP packets received
-    {counter, 'packets.pubcomp.received', <<"Number of received PUBCOMP packet">>},
-    %% PUBCOMP packets sent
-    {counter, 'packets.pubcomp.sent', <<"Number of sent PUBCOMP packet">>},
-    %% PUBCOMP packet_id inuse
-    {counter, 'packets.pubcomp.inuse',
-        <<"Number of received PUBCOMP packet with occupied identifiers">>},
-    %% PUBCOMP packets missed
-    {counter, 'packets.pubcomp.missed', <<"Number of missed PUBCOMP packet">>},
-    %% SUBSCRIBE Packets received
-    {counter, 'packets.subscribe.received', <<"Number of received SUBSCRIBE packet">>},
-    %% SUBSCRIBE error
-    {counter, 'packets.subscribe.error',
-        <<"Number of received SUBSCRIBE packet with failed subscriptions">>},
-    %% SUBSCRIBE failed for not auth
-    {counter, 'packets.subscribe.auth_error',
-        <<"Number of received SUBACK packet with failed Authorization check">>},
-    %% SUBACK packets sent
-    {counter, 'packets.suback.sent', <<"Number of sent SUBACK packet">>},
-    %% UNSUBSCRIBE Packets received
-    {counter, 'packets.unsubscribe.received', <<"Number of received UNSUBSCRIBE packet">>},
-    %% UNSUBSCRIBE error
-    {counter, 'packets.unsubscribe.error',
-        <<"Number of received UNSUBSCRIBE packet with failed unsubscriptions">>},
-    %% UNSUBACK Packets sent
-    {counter, 'packets.unsuback.sent', <<"Number of sent UNSUBACK packet">>},
-    %% PINGREQ packets received
-    {counter, 'packets.pingreq.received', <<"Number of received PINGREQ packet">>},
-    %% PINGRESP Packets sent
-    {counter, 'packets.pingresp.sent', <<"Number of sent PUBRESP packet">>},
-    %% DISCONNECT Packets received
-    {counter, 'packets.disconnect.received', <<"Number of received DISCONNECT packet">>},
-    %% DISCONNECT Packets sent
-    {counter, 'packets.disconnect.sent', <<"Number of sent DISCONNECT packet">>},
-    %% Auth Packets received
-    {counter, 'packets.auth.received', <<"Number of received AUTH packet">>},
-    %% Auth Packets sent
-    {counter, 'packets.auth.sent', <<"Number of sent AUTH packet">>}
-]).
-
-%% Messages sent/received and pubsub
--define(MESSAGE_METRICS, [
-    %% All Messages received
-    {counter, 'messages.received', <<
-        "Number of messages received from the client, equal to the sum of "
-        "messages.qos0.received, messages.qos1.received and messages.qos2.received"
-    >>},
-    %% All Messages sent
-    {counter, 'messages.sent', <<
-        "Number of messages sent to the client, equal to the sum of "
-        "messages.qos0.sent, messages.qos1.sent and messages.qos2.sent"
-    >>},
-    %% QoS0 Messages received
-    {counter, 'messages.qos0.received', <<"Number of QoS 0 messages received from clients">>},
-    %% QoS0 Messages sent
-    {counter, 'messages.qos0.sent', <<"Number of QoS 0 messages sent to clients">>},
-    %% QoS1 Messages received
-    {counter, 'messages.qos1.received', <<"Number of QoS 1 messages received from clients">>},
-    %% QoS1 Messages sent
-    {counter, 'messages.qos1.sent', <<"Number of QoS 1 messages sent to clients">>},
-    %% QoS2 Messages received
-    {counter, 'messages.qos2.received', <<"Number of QoS 2 messages received from clients">>},
-    %% QoS2 Messages sent
-    {counter, 'messages.qos2.sent', <<"Number of QoS 2 messages sent to clients">>},
-    %% PubSub Metrics
-
-    %% Messages Publish
-    {counter, 'messages.publish',
-        <<"Number of messages published in addition to system messages">>},
-    %% Messages dropped due to no subscribers
-    {counter, 'messages.dropped',
-        <<"Number of messages dropped before forwarding to the subscription process">>},
-    %% Messages that failed validations
-    {counter, 'messages.validation_failed', <<"Number of message validation failed">>},
-    %% Messages that passed validations
-    {counter, 'messages.validation_succeeded', <<"Number of message validation successful">>},
-    %% % Messages that failed transformations
-    {counter, 'messages.transformation_failed', <<"Number fo message transformation failed">>},
-    %% % Messages that passed transformations
-    {counter, 'messages.transformation_succeeded',
-        <<"Number fo message transformation succeeded">>},
-    %% QoS2 Messages expired
-    {counter, 'messages.dropped.await_pubrel_timeout',
-        <<"Number of messages dropped due to waiting PUBREL timeout">>},
-    %% Messages dropped
-    {counter, 'messages.dropped.no_subscribers',
-        <<"Number of messages dropped due to no subscribers">>},
-    %% Messages forward
-    {counter, 'messages.forward', <<"Number of messages forwarded to other nodes">>},
-    %% Messages delayed
-    {counter, 'messages.delayed', <<"Number of delay-published messages">>},
-    %% Messages delivered
-    {counter, 'messages.delivered',
-        <<"Number of messages forwarded to the subscription process internally">>},
-    %% Messages acked
-    {counter, 'messages.acked', <<"Number of received PUBACK and PUBREC packet">>},
-    %% Messages persistently stored
-    {counter, 'messages.persisted', <<"Number of message persisted">>}
-]).
-
-%% Delivery metrics
--define(DELIVERY_METRICS, [
-    %% All Dropped during delivery
-    {counter, 'delivery.dropped', <<"Total number of discarded messages when sending">>},
-    %% Dropped due to no_local
-    {counter, 'delivery.dropped.no_local', <<
-        "Number of messages that were dropped due to the No Local subscription "
-        "option when sending"
-    >>},
-    %% Dropped due to message too large
-    {counter, 'delivery.dropped.too_large', <<
-        "The number of messages that were dropped because the length exceeded "
-        "the limit when sending"
-    >>},
-    %% Dropped qos0 message
-    {counter, 'delivery.dropped.qos0_msg', <<
-        "Number of messages with QoS 0 that were dropped because the message "
-        "queue was full when sending"
-    >>},
-    %% Dropped due to queue full
-    {counter, 'delivery.dropped.queue_full', <<
-        "Number of messages with a non-zero QoS that were dropped because the "
-        "message queue was full when sending"
-    >>},
-    %% Dropped due to expired
-    {counter, 'delivery.dropped.expired',
-        <<"Number of messages dropped due to message expiration on sending">>}
-]).
-
-%% Client Lifecircle metrics
--define(CLIENT_METRICS, [
-    {counter, 'client.connect', <<"Number of client connections">>},
-    {counter, 'client.connack', <<"Number of CONNACK packet sent">>},
-    {counter, 'client.connected', <<"Number of successful client connected">>},
-    {counter, 'client.authenticate', <<"Number of client Authentication">>},
-    {counter, 'client.auth.anonymous', <<"Number of clients who log in anonymously">>},
-    {counter, 'client.authorize', <<"Number of Authorization rule checks">>},
-    {counter, 'client.subscribe', <<"Number of client subscriptions">>},
-    {counter, 'client.unsubscribe', <<"Number of client unsubscriptions">>},
-    {counter, 'client.disconnected', <<"Number of client disconnects">>}
-]).
-
-%% Session Lifecircle metrics
--define(SESSION_METRICS, [
-    {counter, 'session.created', <<"Number of sessions created">>},
-    {counter, 'session.resumed',
-        <<"Number of sessions resumed because Clean Session or Clean Start is false">>},
-    {counter, 'session.takenover',
-        <<"Number of sessions takenover because Clean Session or Clean Start is false">>},
-    {counter, 'session.discarded',
-        <<"Number of sessions dropped because Clean Session or Clean Start is true">>},
-    {counter, 'session.terminated', <<"Number of terminated sessions">>}
-]).
-
-%% Statistic metrics for ACL checking
--define(STASTS_ACL_METRICS, [
-    {counter, 'authorization.allow', <<"Number of Authorization allow">>},
-    {counter, 'authorization.deny', <<"Number of Authorization deny">>},
-    {counter, 'authorization.cache_hit', <<"Number of Authorization hits the cache">>},
-    {counter, 'authorization.cache_miss', <<"Number of Authorization cache missing">>}
-]).
-
-%% Statistic metrics for auth checking
--define(STASTS_AUTHN_METRICS, [
-    {counter, 'authentication.success', <<"Number of successful client Authentication">>},
-    {counter, 'authentication.success.anonymous',
-        <<"Number of successful client Authentication due to anonymous">>},
-    {counter, 'authentication.failure', <<"Number of failed client Authentication">>}
-]).
-
-%% Overload protection counters
--define(OLP_METRICS, [
-    {counter, 'overload_protection.delay.ok', <<"Number of overload protection delayed">>},
-    {counter, 'overload_protection.delay.timeout',
-        <<"Number of overload protection delay timeout">>},
-    {counter, 'overload_protection.hibernation', <<"Number of overload protection hibernation">>},
-    {counter, 'overload_protection.gc', <<"Number of overload protection garbage collection">>},
-    {counter, 'overload_protection.new_conn',
-        <<"Number of overload protection close new incoming connection">>}
-]).
-
--endif.

apps/emqx/include/emqx_mqtt.hrl

@@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2017-2024 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2017-2023 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
@@ -55,17 +55,6 @@
 %% MQTT-3.1.1 and MQTT-5.0 [MQTT-4.7.3-3]
 -define(MAX_TOPIC_LEN, 65535).
 
-%%--------------------------------------------------------------------
-%% MQTT Share-Sub Internal
-%%--------------------------------------------------------------------
-
--record(share, {group :: emqx_types:group(), topic :: emqx_types:topic()}).
-
-%% guards
--define(IS_TOPIC(T),
-    (is_binary(T) orelse is_record(T, share))
-).
-
 %%--------------------------------------------------------------------
 %% MQTT QoS Levels
 %%--------------------------------------------------------------------
@@ -672,9 +661,13 @@ end).
 -define(PACKET(Type), #mqtt_packet{header = #mqtt_packet_header{type = Type}}).
 
 -define(SHARE, "$share").
--define(QUEUE, "$queue").
-
--define(REDISPATCH_TO(GROUP, TOPIC), {GROUP, TOPIC}).
+-define(SHARE(Group, Topic), emqx_topic:join([<<?SHARE>>, Group, Topic])).
+-define(IS_SHARE(Topic),
+    case Topic of
+        <<?SHARE, _/binary>> -> true;
+        _ -> false
+    end
+).
 
 -define(SHARE_EMPTY_FILTER, share_subscription_topic_cannot_be_empty).
 -define(SHARE_EMPTY_GROUP, share_subscription_group_name_cannot_be_empty).
@@ -683,7 +676,6 @@ end).
 
 -define(FRAME_PARSE_ERROR, frame_parse_error).
 -define(FRAME_SERIALIZE_ERROR, frame_serialize_error).
-
 -define(THROW_FRAME_ERROR(Reason), erlang:throw({?FRAME_PARSE_ERROR, Reason})).
 -define(THROW_SERIALIZE_ERROR(Reason), erlang:throw({?FRAME_SERIALIZE_ERROR, Reason})).
 

apps/emqx/include/emqx_persistent_message.hrl

@@ -1,29 +0,0 @@
-%%--------------------------------------------------------------------
-%% Copyright (c) 2024 EMQ Technologies Co., Ltd. All Rights Reserved.
-%%
-%% Licensed under the Apache License, Version 2.0 (the "License");
-%% you may not use this file except in compliance with the License.
-%% You may obtain a copy of the License at
-%%
-%%     http://www.apache.org/licenses/LICENSE-2.0
-%%
-%% Unless required by applicable law or agreed to in writing, software
-%% distributed under the License is distributed on an "AS IS" BASIS,
-%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-%% See the License for the specific language governing permissions and
-%% limitations under the License.
-%%--------------------------------------------------------------------
--ifndef(EMQX_PERSISTENT_MESSAGE_HRL).
--define(EMQX_PERSISTENT_MESSAGE_HRL, true).
-
--define(PERSISTENT_MESSAGE_DB, messages).
--define(PERSISTENCE_ENABLED, emqx_message_persistence_enabled).
-
--define(WITH_DURABILITY_ENABLED(DO),
-    case is_persistence_enabled() of
-        true -> DO;
-        false -> {skipped, disabled}
-    end
-).
-
--endif.

apps/emqx/include/emqx_placeholder.hrl

@@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2017-2024 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2017-2023 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
@@ -19,84 +19,67 @@
 
 -define(PH_VAR_THIS, <<"$_THIS_">>).
 
--define(PH(Var), <<"${" Var "}">>).
+-define(PH(Type), <<"${", Type/binary, "}">>).
 
 %% action: publish/subscribe
--define(VAR_ACTION, "action").
--define(PH_ACTION, ?PH(?VAR_ACTION)).
+-define(PH_ACTION, <<"${action}">>).
 
 %% cert
--define(VAR_CERT_SUBJECT, "cert_subject").
--define(VAR_CERT_CN_NAME, "cert_common_name").
--define(VAR_CERT_PEM, "cert_pem").
--define(PH_CERT_SUBJECT, ?PH(?VAR_CERT_SUBJECT)).
--define(PH_CERT_CN_NAME, ?PH(?VAR_CERT_CN_NAME)).
--define(PH_CERT_PEM, ?PH(?VAR_CERT_PEM)).
+-define(PH_CERT_SUBJECT, <<"${cert_subject}">>).
+-define(PH_CERT_CN_NAME, <<"${cert_common_name}">>).
 
-%% MQTT/Gateway
--define(VAR_PASSWORD, "password").
--define(VAR_CLIENTID, "clientid").
--define(VAR_USERNAME, "username").
--define(VAR_TOPIC, "topic").
--define(VAR_ENDPOINT_NAME, "endpoint_name").
--define(VAR_NS_CLIENT_ATTRS, {var_namespace, "client_attrs"}).
-
--define(PH_PASSWORD, ?PH(?VAR_PASSWORD)).
--define(PH_CLIENTID, ?PH(?VAR_CLIENTID)).
--define(PH_FROM_CLIENTID, ?PH("from_clientid")).
--define(PH_USERNAME, ?PH(?VAR_USERNAME)).
--define(PH_FROM_USERNAME, ?PH("from_username")).
--define(PH_TOPIC, ?PH(?VAR_TOPIC)).
+%% MQTT
+-define(PH_PASSWORD, <<"${password}">>).
+-define(PH_CLIENTID, <<"${clientid}">>).
+-define(PH_FROM_CLIENTID, <<"${from_clientid}">>).
+-define(PH_USERNAME, <<"${username}">>).
+-define(PH_FROM_USERNAME, <<"${from_username}">>).
+-define(PH_TOPIC, <<"${topic}">>).
 %% MQTT payload
--define(PH_PAYLOAD, ?PH("payload")).
+-define(PH_PAYLOAD, <<"${payload}">>).
 %% client IPAddress
--define(VAR_PEERHOST, "peerhost").
--define(PH_PEERHOST, ?PH(?VAR_PEERHOST)).
+-define(PH_PEERHOST, <<"${peerhost}">>).
 %% ip & port
--define(PH_HOST, ?PH("host")).
--define(PH_PORT, ?PH("port")).
+-define(PH_HOST, <<"${host}">>).
+-define(PH_PORT, <<"${port}">>).
 %% Enumeration of message QoS 0,1,2
--define(VAR_QOS, "qos").
--define(PH_QOS, ?PH(?VAR_QOS)).
--define(PH_FLAGS, ?PH("flags")).
+-define(PH_QOS, <<"${qos}">>).
+-define(PH_FLAGS, <<"${flags}">>).
 %% Additional data related to process within the MQTT message
--define(PH_HEADERS, ?PH("headers")).
+-define(PH_HEADERS, <<"${headers}">>).
 %% protocol name
--define(VAR_PROTONAME, "proto_name").
--define(PH_PROTONAME, ?PH(?VAR_PROTONAME)).
+-define(PH_PROTONAME, <<"${proto_name}">>).
 %% protocol version
--define(PH_PROTOVER, ?PH("proto_ver")).
+-define(PH_PROTOVER, <<"${proto_ver}">>).
 %% MQTT keepalive interval
--define(PH_KEEPALIVE, ?PH("keepalive")).
+-define(PH_KEEPALIVE, <<"${keepalive}">>).
 %% MQTT clean_start
--define(PH_CLEAR_START, ?PH("clean_start")).
+-define(PH_CLEAR_START, <<"${clean_start}">>).
 %% MQTT Session Expiration time
--define(PH_EXPIRY_INTERVAL, ?PH("expiry_interval")).
+-define(PH_EXPIRY_INTERVAL, <<"${expiry_interval}">>).
 
 %% Time when PUBLISH message reaches Broker (ms)
--define(PH_PUBLISH_RECEIVED_AT, ?PH("publish_received_at")).
+-define(PH_PUBLISH_RECEIVED_AT, <<"${publish_received_at}">>).
 %% Mountpoint for bridging messages
--define(VAR_MOUNTPOINT, "mountpoint").
--define(PH_MOUNTPOINT, ?PH(?VAR_MOUNTPOINT)).
+-define(PH_MOUNTPOINT, <<"${mountpoint}">>).
 %% IPAddress and Port of terminal
--define(PH_PEERNAME, ?PH("peername")).
+-define(PH_PEERNAME, <<"${peername}">>).
 %% IPAddress and Port listened by emqx
--define(PH_SOCKNAME, ?PH("sockname")).
+-define(PH_SOCKNAME, <<"${sockname}">>).
 %% whether it is MQTT bridge connection
--define(PH_IS_BRIDGE, ?PH("is_bridge")).
+-define(PH_IS_BRIDGE, <<"${is_bridge}">>).
 %% Terminal connection completion time (s)
--define(PH_CONNECTED_AT, ?PH("connected_at")).
+-define(PH_CONNECTED_AT, <<"${connected_at}">>).
 %% Event trigger time(millisecond)
--define(PH_TIMESTAMP, ?PH("timestamp")).
+-define(PH_TIMESTAMP, <<"${timestamp}">>).
 %% Terminal disconnection completion time (s)
--define(PH_DISCONNECTED_AT, ?PH("disconnected_at")).
+-define(PH_DISCONNECTED_AT, <<"${disconnected_at}">>).
 
--define(PH_NODE, ?PH("node")).
--define(PH_REASON, ?PH("reason")).
+-define(PH_NODE, <<"${node}">>).
+-define(PH_REASON, <<"${reason}">>).
 
--define(PH_ENDPOINT_NAME, ?PH(?VAR_ENDPOINT_NAME)).
--define(VAR_RETAIN, "retain").
--define(PH_RETAIN, ?PH(?VAR_RETAIN)).
+-define(PH_ENDPOINT_NAME, <<"${endpoint_name}">>).
+-define(PH_RETAIN, <<"${retain}">>).
 
 %% sync change these place holder with binary def.
 -define(PH_S_ACTION, "${action}").

apps/emqx/include/emqx_quic.hrl

@@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2022-2024 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2022-2023 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.

apps/emqx/include/emqx_release.hrl

@@ -1,5 +1,5 @@
 %%--------------------------------------------------------------------
-%% Copyright (c) 2021-2024 EMQ Technologies Co., Ltd. All Rights Reserved.
+%% Copyright (c) 2021-2023 EMQ Technologies Co., Ltd. All Rights Reserved.
 %%
 %% Licensed under the Apache License, Version 2.0 (the "License");
 %% you may not use this file except in compliance with the License.
@@ -32,7 +32,10 @@
 %% `apps/emqx/src/bpapi/README.md'
 
 %% Opensource edition
--define(EMQX_RELEASE_CE, "5.8.0-alpha.1").
+-define(EMQX_RELEASE_CE, "5.3.1-alpha.1").
 
 %% Enterprise edition
--define(EMQX_RELEASE_EE, "5.8.0-alpha.1").
+-define(EMQX_RELEASE_EE, "5.3.1-alpha.2").
+
+%% The HTTP API version
+-define(EMQX_API_VERSION, "5.0").