WPB-15421/ci-fix (#751)

* install terraform using hashicorp/setupterraform action actions/runner-images#10796

* missing values/secrets for `helm install`

* fix exclusion logic in ci.sh, add wire-server-enterprise repo to exclusion list

* uncomment rabbitmq from `wire-server/secrets.yaml`

* more logging in offline-helm.sh

* add missing values to cannon and background-worker, remove additional logs

.github/workflows/ci.yml

@@ -25,6 +25,11 @@ jobs:
         run: nix-build -A env
       - name: Install the environment
         run: nix-env -f . -A env -i
+      - name: Install terraform
+        uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_version: "^1.3.7"
+          terraform_wrapper: false
       - name: Check terraform init
         run: |
           cd terraform/environment

.github/workflows/offline.yml

@@ -57,6 +57,12 @@ jobs:
         env:
           DOCKER_LOGIN: '${{ secrets.DOCKER_LOGIN }}'
 
+      - name: Install terraform
+        uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_version: "^1.3.7"
+          terraform_wrapper: false
+
       - name: Deploy offline environment to hetzner
         run: |
           ./offline/cd.sh

bin/offline-helm.sh

@@ -11,7 +11,8 @@ helm upgrade --install --wait demo-smtp ./charts/demo-smtp --values ./values/dem
 helm upgrade --install --wait rabbitmq ./charts/rabbitmq --values ./values/rabbitmq/prod-values.example.yaml --values ./values/rabbitmq/prod-secrets.example.yaml
 helm upgrade --install --wait databases-ephemeral ./charts/databases-ephemeral --values ./values/databases-ephemeral/prod-values.example.yaml
 helm upgrade --install --wait reaper ./charts/reaper
-helm upgrade --install --wait --timeout=15m0s wire-server ./charts/wire-server --values ./values/wire-server/prod-values.example.yaml --values ./values/wire-server/secrets.yaml
+helm upgrade --install --wait --timeout=30m0s wire-server ./charts/wire-server --values ./values/wire-server/prod-values.example.yaml --values ./values/wire-server/secrets.yaml
+
 # if charts/webapp directory exists
 if [ -d "./charts/webapp" ]; then
     helm upgrade --install --wait --timeout=15m0s webapp ./charts/webapp --values ./values/webapp/prod-values.example.yaml
@@ -30,6 +31,6 @@ helm upgrade --install --wait --timeout=15m0s ingress-nginx-controller ./charts/
 
 echo "Printing all pods status: "
 kubectl get pods --all-namespaces -o wide
-#./bin/debug_logs.sh
+./bin/debug_logs.sh
 # TODO: Requires certs; which we do not have in CI/CD at this point. future work =) (Would need cert-manager in offline package. That'd be neat)
 # helm upgrade --install --wait nginx-ingress-services ./charts/nginx-ingress-services --values ./values/nginx-ingress-services/values.yaml  --values ./values/nginx-ingress-services/secrets.yaml

bin/offline-secrets.sh

@@ -31,6 +31,9 @@ brig:
       secret: "$zrest"
     awsKeyId: dummykey
     awsSecretKey: dummysecret
+    rabbitmq:
+      username: wire-server
+      password: verysecurepassword
     # These are only necessary if you wish to support sign up via SMS/calls
     # And require accounts at twilio.com / nexmo.com
     setTwilio: |-
@@ -43,6 +46,14 @@ cargohold:
   secrets:
     awsKeyId: "$minio_access_key"
     awsSecretKey: "$minio_secret_key"
+    rabbitmq:
+      username: wire-server
+      password: verysecurepassword
+cannon:
+  secrets:
+    rabbitmq:
+      username: wire-server
+      password: verysecurepassword
 galley:
   secrets:
     awsKeyId: dummykey
@@ -51,6 +62,9 @@ gundeck:
   secrets:
     awsKeyId: dummykey
     awsSecretKey: dummysecret
+    rabbitmq:
+      username: wire-server
+      password: verysecurepassword
 nginz:
   secrets:
     zAuth:

offline/ci.sh

@@ -4,7 +4,7 @@ set -euo pipefail
 INCREMENTAL="${INCREMENTAL:-0}"
 
 # Default exclude list
-HELM_CHART_EXCLUDE_LIST="inbucket"
+HELM_CHART_EXCLUDE_LIST="inbucket,wire-server-enterprise"
 
 # Parse the HELM_CHART_EXCLUDE_LIST argument
 for arg in "$@"
@@ -150,7 +150,7 @@ wire_build_chart_release () {
   wire_build="$1"
   curl "$wire_build" | jq -r --argjson HELM_CHART_EXCLUDE_LIST "$HELM_CHART_EXCLUDE_LIST" '
   .helmCharts
-  | with_entries(select([.key] | inside($HELM_CHART_EXCLUDE_LIST) | not))
+  | with_entries(select(.key as $k | $HELM_CHART_EXCLUDE_LIST | index($k) | not))
   | to_entries
   | map("\(.key) \(.value.repo) \(.value.version)")
   | join("\n")

values/wire-server/prod-secrets.example.yaml

@@ -16,39 +16,48 @@ brig:
     awsSecretKey: dummysecret
     # These are only necessary if you wish to support sign up via SMS/calls
     # And require accounts at twilio.com / nexmo.com
+    rabbitmq:
+      username: wire-server
+      password: verysecurepassword
     setTwilio: |-
       sid: "dummy"
       token: "dummy"
     setNexmo: |-
       key: "dummy"
       secret: "dummy"
-    # Uncomment for federation. Set values accordingly
 
-    # rabbitmq:
-    #   username: wire-server
-    #   password: verysecurepassword
+cannon:
+  secrets:
+    rabbitmq:
+      username: wire-server
+      password: verysecurepassword
 
 cargohold:
   secrets:
     # these only need to be changed if using real AWS services
     awsKeyId: dummykey
     awsSecretKey: dummysecret
+    rabbitmq:
+      username: wire-server
+      password: verysecurepassword
 
 galley:
   secrets:
     # these only need to be changed if using real AWS services
     awsKeyId: dummykey
     awsSecretKey: dummysecret
-    # Uncomment for federation below. Set values accordingly
-    # rabbitmq:
-    #   username: wire-server
-    #   password: verysecurepassword
+    rabbitmq:
+      username: wire-server
+      password: verysecurepassword
 
 gundeck:
   secrets:
     # these only need to be changed if using real AWS services
     awsKeyId: dummykey
     awsSecretKey: dummysecret
+    rabbitmq:
+      username: wire-server
+      password: verysecurepassword
 
 proxy:
   secrets:

values/wire-server/prod-values.example.yaml

@@ -117,6 +117,9 @@ cannon:
 #    tag: some-tag (only override if you want a newer/different version than what is in the chart)
   # For demo mode only, we don't need to keep websocket connections open on chart upgrades
   drainTimeout: 10
+  config:
+    cassandra: 
+      host: cassandra-external
 
 cargohold:
   replicaCount: 3
@@ -256,3 +259,10 @@ legalhold:
 federator:
   tls:
     useSharedFederatorSecret: true
+
+background-worker:
+  config:
+    cassandra:
+      host: cassandra-external
+    # Enable for federation
+    enableFederation: false