From 383f17dd1a4b7264e203c72649de780b0210468f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Vedran=20Ivankovi=C4=87?= <33936733+Veki301@users.noreply.github.com> Date: Wed, 12 Feb 2025 13:57:52 +0100 Subject: [PATCH] WPB-15421/ci-fix (#751) * install terraform using hashicorp/setupterraform action https://github.com/actions/runner-images/issues/10796 * missing values/secrets for `helm install` * fix exclusion logic in ci.sh, add wire-server-enterprise repo to exclusion list * uncomment rabbitmq from `wire-server/secrets.yaml` * more logging in offline-helm.sh * add missing values to cannon and background-worker, remove additional logs --- .github/workflows/ci.yml | 5 ++++ .github/workflows/offline.yml | 6 +++++ bin/offline-helm.sh | 5 ++-- bin/offline-secrets.sh | 14 +++++++++++ offline/ci.sh | 4 ++-- values/wire-server/prod-secrets.example.yaml | 25 +++++++++++++------- values/wire-server/prod-values.example.yaml | 10 ++++++++ 7 files changed, 57 insertions(+), 12 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 50dd01ce8..83a8c9ce9 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -25,6 +25,11 @@ jobs: run: nix-build -A env - name: Install the environment run: nix-env -f . -A env -i + - name: Install terraform + uses: hashicorp/setup-terraform@v3 + with: + terraform_version: "^1.3.7" + terraform_wrapper: false - name: Check terraform init run: | cd terraform/environment diff --git a/.github/workflows/offline.yml b/.github/workflows/offline.yml index 5ad30d640..e7f9268b3 100644 --- a/.github/workflows/offline.yml +++ b/.github/workflows/offline.yml @@ -57,6 +57,12 @@ jobs: env: DOCKER_LOGIN: '${{ secrets.DOCKER_LOGIN }}' + - name: Install terraform + uses: hashicorp/setup-terraform@v3 + with: + terraform_version: "^1.3.7" + terraform_wrapper: false + - name: Deploy offline environment to hetzner run: | ./offline/cd.sh diff --git a/bin/offline-helm.sh b/bin/offline-helm.sh index 9b1f283b6..a84f9cd50 100755 --- a/bin/offline-helm.sh +++ b/bin/offline-helm.sh @@ -11,7 +11,8 @@ helm upgrade --install --wait demo-smtp ./charts/demo-smtp --values ./values/dem helm upgrade --install --wait rabbitmq ./charts/rabbitmq --values ./values/rabbitmq/prod-values.example.yaml --values ./values/rabbitmq/prod-secrets.example.yaml helm upgrade --install --wait databases-ephemeral ./charts/databases-ephemeral --values ./values/databases-ephemeral/prod-values.example.yaml helm upgrade --install --wait reaper ./charts/reaper -helm upgrade --install --wait --timeout=15m0s wire-server ./charts/wire-server --values ./values/wire-server/prod-values.example.yaml --values ./values/wire-server/secrets.yaml +helm upgrade --install --wait --timeout=30m0s wire-server ./charts/wire-server --values ./values/wire-server/prod-values.example.yaml --values ./values/wire-server/secrets.yaml + # if charts/webapp directory exists if [ -d "./charts/webapp" ]; then helm upgrade --install --wait --timeout=15m0s webapp ./charts/webapp --values ./values/webapp/prod-values.example.yaml @@ -30,6 +31,6 @@ helm upgrade --install --wait --timeout=15m0s ingress-nginx-controller ./charts/ echo "Printing all pods status: " kubectl get pods --all-namespaces -o wide -#./bin/debug_logs.sh +./bin/debug_logs.sh # TODO: Requires certs; which we do not have in CI/CD at this point. future work =) (Would need cert-manager in offline package. That'd be neat) # helm upgrade --install --wait nginx-ingress-services ./charts/nginx-ingress-services --values ./values/nginx-ingress-services/values.yaml --values ./values/nginx-ingress-services/secrets.yaml diff --git a/bin/offline-secrets.sh b/bin/offline-secrets.sh index 255cbeece..fb1b926f1 100755 --- a/bin/offline-secrets.sh +++ b/bin/offline-secrets.sh @@ -31,6 +31,9 @@ brig: secret: "$zrest" awsKeyId: dummykey awsSecretKey: dummysecret + rabbitmq: + username: wire-server + password: verysecurepassword # These are only necessary if you wish to support sign up via SMS/calls # And require accounts at twilio.com / nexmo.com setTwilio: |- @@ -43,6 +46,14 @@ cargohold: secrets: awsKeyId: "$minio_access_key" awsSecretKey: "$minio_secret_key" + rabbitmq: + username: wire-server + password: verysecurepassword +cannon: + secrets: + rabbitmq: + username: wire-server + password: verysecurepassword galley: secrets: awsKeyId: dummykey @@ -51,6 +62,9 @@ gundeck: secrets: awsKeyId: dummykey awsSecretKey: dummysecret + rabbitmq: + username: wire-server + password: verysecurepassword nginz: secrets: zAuth: diff --git a/offline/ci.sh b/offline/ci.sh index e3a0a9e56..c16aa9af1 100755 --- a/offline/ci.sh +++ b/offline/ci.sh @@ -4,7 +4,7 @@ set -euo pipefail INCREMENTAL="${INCREMENTAL:-0}" # Default exclude list -HELM_CHART_EXCLUDE_LIST="inbucket" +HELM_CHART_EXCLUDE_LIST="inbucket,wire-server-enterprise" # Parse the HELM_CHART_EXCLUDE_LIST argument for arg in "$@" @@ -150,7 +150,7 @@ wire_build_chart_release () { wire_build="$1" curl "$wire_build" | jq -r --argjson HELM_CHART_EXCLUDE_LIST "$HELM_CHART_EXCLUDE_LIST" ' .helmCharts - | with_entries(select([.key] | inside($HELM_CHART_EXCLUDE_LIST) | not)) + | with_entries(select(.key as $k | $HELM_CHART_EXCLUDE_LIST | index($k) | not)) | to_entries | map("\(.key) \(.value.repo) \(.value.version)") | join("\n") diff --git a/values/wire-server/prod-secrets.example.yaml b/values/wire-server/prod-secrets.example.yaml index dfa5439e7..051ece86c 100644 --- a/values/wire-server/prod-secrets.example.yaml +++ b/values/wire-server/prod-secrets.example.yaml @@ -16,39 +16,48 @@ brig: awsSecretKey: dummysecret # These are only necessary if you wish to support sign up via SMS/calls # And require accounts at twilio.com / nexmo.com + rabbitmq: + username: wire-server + password: verysecurepassword setTwilio: |- sid: "dummy" token: "dummy" setNexmo: |- key: "dummy" secret: "dummy" - # Uncomment for federation. Set values accordingly - # rabbitmq: - # username: wire-server - # password: verysecurepassword +cannon: + secrets: + rabbitmq: + username: wire-server + password: verysecurepassword cargohold: secrets: # these only need to be changed if using real AWS services awsKeyId: dummykey awsSecretKey: dummysecret + rabbitmq: + username: wire-server + password: verysecurepassword galley: secrets: # these only need to be changed if using real AWS services awsKeyId: dummykey awsSecretKey: dummysecret - # Uncomment for federation below. Set values accordingly - # rabbitmq: - # username: wire-server - # password: verysecurepassword + rabbitmq: + username: wire-server + password: verysecurepassword gundeck: secrets: # these only need to be changed if using real AWS services awsKeyId: dummykey awsSecretKey: dummysecret + rabbitmq: + username: wire-server + password: verysecurepassword proxy: secrets: diff --git a/values/wire-server/prod-values.example.yaml b/values/wire-server/prod-values.example.yaml index a4d21876d..92bfe25b5 100644 --- a/values/wire-server/prod-values.example.yaml +++ b/values/wire-server/prod-values.example.yaml @@ -117,6 +117,9 @@ cannon: # tag: some-tag (only override if you want a newer/different version than what is in the chart) # For demo mode only, we don't need to keep websocket connections open on chart upgrades drainTimeout: 10 + config: + cassandra: + host: cassandra-external cargohold: replicaCount: 3 @@ -256,3 +259,10 @@ legalhold: federator: tls: useSharedFederatorSecret: true + +background-worker: + config: + cassandra: + host: cassandra-external + # Enable for federation + enableFederation: false