diff --git a/.github/workflows/offline-min.yml b/.github/workflows/offline-min.yml new file mode 100644 index 000000000..b1d979e4a --- /dev/null +++ b/.github/workflows/offline-min.yml @@ -0,0 +1,51 @@ +on: + push: + branches: [5.14*] + paths-ignore: + - '*.md' + - '**/*.md' +jobs: + offline: + name: Prepare min offline package + # Useful to skip expensive CI when writing docs + if: "!contains(github.event.head_commit.message, 'skip ci')" + runs-on: + group: wire-server-deploy + steps: + - uses: actions/checkout@v2 + with: + submodules: true + - uses: cachix/install-nix-action@v27 + - uses: cachix/cachix-action@v15 + with: + name: wire-server + signingKey: "${{ secrets.CACHIX_SIGNING_KEY }}" + + - name: Install nix environment + run: nix-env -f default.nix -iA env + + - name: Get upload name + id: upload_name + run: | + # FIXME: Tag with a nice release name using the github tag... + # SOURCE_TAG=${GITHUB_REF#refs/tags/} + echo ::set-output name=UPLOAD_NAME::$GITHUB_SHA + # echo ::set-output name=UPLOAD_NAME::${SOURCE_TAG:-$GITHUB_SHA} + + - name: Process the min profile build + run: ./offline/min-build/build.sh + env: + GPG_PRIVATE_KEY: '${{ secrets.GPG_PRIVATE_KEY }}' + DOCKER_LOGIN: '${{ secrets.DOCKER_LOGIN }}' + + - name: Copy min build assets tarball to S3 + run: | + # Upload tarball for each profile by specifying their OUTPUT_TAR path + aws s3 cp offline/min-build/output/assets.tgz s3://public.wire.com/artifacts/wire-server-deploy-static-min-${{ steps.upload_name.outputs.UPLOAD_NAME }}.tgz + echo "Uploaded to: https://s3-$AWS_REGION.amazonaws.com/public.wire.com/artifacts/wire-server-deploy-static-min-${{ steps.upload_name.outputs.UPLOAD_NAME }}.tgz" + # remove the archives from the build to optimize the space on the server + rm -rf offline/min-build/output/* + env: + AWS_ACCESS_KEY_ID: '${{ secrets.AWS_ACCESS_KEY_ID }}' + AWS_SECRET_ACCESS_KEY: '${{ secrets.AWS_SECRET_ACCESS_KEY }}' + AWS_REGION: "eu-west-1" diff --git a/.github/workflows/offline.yml b/.github/workflows/offline.yml index 2f07076e6..25d6a2523 100644 --- a/.github/workflows/offline.yml +++ b/.github/workflows/offline.yml @@ -1,9 +1,9 @@ on: push: - branches: [master, develop] + branches: [master, "5.14"] tags: [ v* ] pull_request: - branches: [master, develop] + branches: [master, "5.14"] jobs: offline: name: Prepare offline package @@ -32,25 +32,6 @@ jobs: echo ::set-output name=UPLOAD_NAME::$GITHUB_SHA # echo ::set-output name=UPLOAD_NAME::${SOURCE_TAG:-$GITHUB_SHA} - # min profile build - - name: Process the min profile build - run: ./offline/min-build/build.sh - env: - GPG_PRIVATE_KEY: '${{ secrets.GPG_PRIVATE_KEY }}' - DOCKER_LOGIN: '${{ secrets.DOCKER_LOGIN }}' - - - name: Copy min build assets tarball to S3 - run: | - # Upload tarball for each profile by specifying their OUTPUT_TAR path - aws s3 cp offline/min-build/output/assets.tgz s3://public.wire.com/artifacts/wire-server-deploy-static-min-${{ steps.upload_name.outputs.UPLOAD_NAME }}.tgz - echo "Uploaded to: https://s3-$AWS_REGION.amazonaws.com/public.wire.com/artifacts/wire-server-deploy-static-min-${{ steps.upload_name.outputs.UPLOAD_NAME }}.tgz" - # remove the archives from the build to optimize the space on the server - rm -rf offline/min-build/output/* - env: - AWS_ACCESS_KEY_ID: '${{ secrets.AWS_ACCESS_KEY_ID }}' - AWS_SECRET_ACCESS_KEY: '${{ secrets.AWS_SECRET_ACCESS_KEY }}' - AWS_REGION: "eu-west-1" - # deafult profile build - name: Process the default profile build run: ./offline/default-build/build.sh @@ -64,28 +45,7 @@ jobs: aws s3 cp offline/default-build/output/assets.tgz s3://public.wire.com/artifacts/wire-server-deploy-static-${{ steps.upload_name.outputs.UPLOAD_NAME }}.tgz echo "Uploaded to: https://s3-$AWS_REGION.amazonaws.com/public.wire.com/artifacts/wire-server-deploy-static-${{ steps.upload_name.outputs.UPLOAD_NAME }}.tgz" # remove the archives from the build to optimize the space on the server - rm offline/default-build/output/containers-helm.tar - env: - AWS_ACCESS_KEY_ID: '${{ secrets.AWS_ACCESS_KEY_ID }}' - AWS_SECRET_ACCESS_KEY: '${{ secrets.AWS_SECRET_ACCESS_KEY }}' - AWS_REGION: "eu-west-1" - - # demo profile build - - name: Process the demo profile build - run: ./offline/demo-build/build.sh - env: - GPG_PRIVATE_KEY: '${{ secrets.GPG_PRIVATE_KEY }}' - DOCKER_LOGIN: '${{ secrets.DOCKER_LOGIN }}' - - - name: Copy demo build assets tarball to S3 and clean up - run: | - # Upload tarball for each profile by specifying their OUTPUT_TAR path - aws s3 cp offline/demo-build/output/assets.tgz s3://public.wire.com/artifacts/wire-server-deploy-static-demo-${{ steps.upload_name.outputs.UPLOAD_NAME }}.tgz - echo "Uploaded to: https://s3-$AWS_REGION.amazonaws.com/public.wire.com/artifacts/wire-server-deploy-static-demo-${{ steps.upload_name.outputs.UPLOAD_NAME }}.tgz" - # remove the assets from the build to optimize the space on the server - rm -rf offline/demo-build/output/* - # removing everything except assets.tgz as it is not required anymore in the further builds - find offline/default-build/output/ -mindepth 1 -maxdepth 1 ! -name 'assets.tgz' -exec rm -r {} + + # rm offline/default-build/output/containers-helm.tar env: AWS_ACCESS_KEY_ID: '${{ secrets.AWS_ACCESS_KEY_ID }}' AWS_SECRET_ACCESS_KEY: '${{ secrets.AWS_SECRET_ACCESS_KEY }}' diff --git a/offline/default-build/build.sh b/offline/default-build/build.sh index d4b5d6286..b6a77acc1 100755 --- a/offline/default-build/build.sh +++ b/offline/default-build/build.sh @@ -26,7 +26,7 @@ TASKS_DIR="${SCRIPT_DIR}/../tasks" # -------------------------- # pulling the charts, charts to be skipped are passed as arguments HELM_CHART_EXCLUDE_LIST -"${TASKS_DIR}"/proc_pull_charts.sh OUTPUT_DIR="${OUTPUT_DIR}" # HELM_CHART_EXCLUDE_LIST="inbucket,wire-server-enterprise,coturn" +"${TASKS_DIR}"/proc_pull_charts.sh OUTPUT_DIR="${OUTPUT_DIR}" HELM_CHART_EXCLUDE_LIST="inbucket,wire-server-enterprise,postgresql" # copy local copy of values from root directory to output directory cp -r "${ROOT_DIR}"/values "${OUTPUT_DIR}"/ diff --git a/offline/tasks/proc_pull_charts.sh b/offline/tasks/proc_pull_charts.sh index f1d3b0ad5..55195e2f8 100755 --- a/offline/tasks/proc_pull_charts.sh +++ b/offline/tasks/proc_pull_charts.sh @@ -83,5 +83,5 @@ pull_charts() { echo "Pulling charts done." } -wire_build="https://raw.githubusercontent.com/wireapp/wire-builds/refs/heads/q2-2025/build.json" +wire_build="https://raw.githubusercontent.com/wireapp/wire-builds/ab2f729b10065d42fa2bf5adc9f97d545610c1e9/build.json" wire_build_chart_release "$wire_build" | pull_charts diff --git a/values/coturn/prod-secrets.example.yaml b/values/coturn/prod-secrets.example.yaml new file mode 100644 index 000000000..973d868de --- /dev/null +++ b/values/coturn/prod-secrets.example.yaml @@ -0,0 +1,3 @@ +secrets: + zrestSecrets: + - "" diff --git a/values/coturn/prod-values.example.yaml b/values/coturn/prod-values.example.yaml index 973d868de..e38f8a3a0 100644 --- a/values/coturn/prod-values.example.yaml +++ b/values/coturn/prod-values.example.yaml @@ -1,3 +1 @@ -secrets: - zrestSecrets: - - "" +# using upstream values for coturn helm \ No newline at end of file diff --git a/values/postgresql/demo-secrets.example.yaml b/values/postgresql/demo-secrets.example.yaml new file mode 100644 index 000000000..bcfd4baea --- /dev/null +++ b/values/postgresql/demo-secrets.example.yaml @@ -0,0 +1,8 @@ +# TODO: look deeper into requirements and make a solid, commented secrets example file +# TODO: better secret handling +postgresql: + auth: + username: wire-server + password: verysecurepassword + database: wire-server + postgresPassword: verysecurepassword diff --git a/values/postgresql/demo-values.example.yaml b/values/postgresql/demo-values.example.yaml new file mode 100644 index 000000000..fcf671496 --- /dev/null +++ b/values/postgresql/demo-values.example.yaml @@ -0,0 +1,10 @@ +# This chart is meant to be used in ephemeral deployments, such as demo environments. +# TODO: look deeper into requirements and make a solid, commented values example file +postgresql: + primary: + persistence: + enabled: false + volumePermissions: + image: + repository: bitnami/os-shell + tag: 12-debian-12-r46