PMM-7 Several build/dev fixes

[ademidoff]

PMM-7

Link to the Feature Build: SUBMODULES-4320

This pull request introduces several improvements and fixes across the development environment, CI/CD workflows, and build configurations. The most notable changes involve updating test coverage collection to be per-package, enhancing the GitHub Actions merge gatekeeper workflow for better container registry integration, and refining Dockerfile and RPM packaging configurations for improved security and maintainability.

CI/CD and Build Process Improvements:

• Updated the Merge Gatekeeper GitHub Actions workflow to use the latest Ubuntu runner, added pull_request_target trigger, enabled package read permissions, and switched to running the gatekeeper via a container image from GitHub Container Registry with explicit login.
• Changed test coverage commands in all Makefiles (admin/Makefile, agent/Makefile, managed/Makefile, vmproxy/Makefile) to collect per-package coverage instead of cross-package coverage, simplifying the coverage process and potentially making results more accurate for each package. [1] [2] [3] [4]

Development Environment Configuration:

• Modified the PostgreSQL setup in .devcontainer/setup.py to allow both trust and scram-sha-256 authentication methods from all hosts for easier development, improving flexibility for local testing.

Docker and Packaging Adjustments:

• In build/docker/server/Dockerfile.el9, switched cache mount points for DNF/YUM, ensured microdnf is removed after installing dnf, and adjusted build steps for better caching and image cleanliness.
• In build/docker/client/Dockerfile.el9, removed the redundant -r flag from the useradd command for pmm-agent, as the user is not a system user.
• Changed file ownership for certain UI and dashboard directories in the RPM spec (pmm-managed.spec) to root instead of pmm, increasing security of installed files.

Note

The test failures are unrelated to this PR, they probably originate from new releases of MySQL.

[ademidoff]

This is useless for UIDs above 1000 and it produces a warning.

[ademidoff]

Since we added scram-sha-256, this was missed.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 42.05%. Comparing base (ae2bf6f) to head (fb4e30d).
⚠️ Report is 2 commits behind head on v3.

Additional details and impacted files

@@            Coverage Diff             @@
##               v3    #5290      +/-   ##
==========================================
- Coverage   47.78%   42.05%   -5.74%     
==========================================
  Files         410      410              
  Lines       41992    41992              
==========================================
- Hits        20066    17658    -2408     
- Misses      19948    22547    +2599     
+ Partials     1978     1787     -191     

Flag	Coverage Δ
admin	34.89% <ø> (-0.91%)	⬇️
agent	48.91% <ø> (-4.43%)	⬇️
managed	40.61% <ø> (-7.10%)	⬇️
vmproxy	72.09% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[ademidoff]

Upstream used to rebuild the image on every run, which was a waste.