update: try build with webapp patch on 5.14 backend

.github/workflows/offline-min.yml

@@ -0,0 +1,51 @@
+on:
+  push:
+    branches: [5.14*]
+    paths-ignore:
+      - '*.md'
+      - '**/*.md'
+jobs:
+  offline:
+    name: Prepare min offline package
+    # Useful to skip expensive CI when writing docs
+    if: "!contains(github.event.head_commit.message, 'skip ci')"
+    runs-on:
+      group: wire-server-deploy
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          submodules: true
+      - uses: cachix/install-nix-action@v27
+      - uses: cachix/cachix-action@v15
+        with:
+          name: wire-server
+          signingKey: "${{ secrets.CACHIX_SIGNING_KEY }}"
+
+      - name: Install nix environment
+        run: nix-env -f default.nix -iA env
+
+      - name: Get upload name
+        id: upload_name
+        run: |
+          # FIXME: Tag with a nice release name using the github tag...
+          # SOURCE_TAG=${GITHUB_REF#refs/tags/}
+          echo ::set-output name=UPLOAD_NAME::$GITHUB_SHA
+          # echo ::set-output name=UPLOAD_NAME::${SOURCE_TAG:-$GITHUB_SHA}
+
+      - name: Process the min profile build
+        run: ./offline/min-build/build.sh
+        env:
+          GPG_PRIVATE_KEY: '${{ secrets.GPG_PRIVATE_KEY }}'
+          DOCKER_LOGIN: '${{ secrets.DOCKER_LOGIN }}'
+
+      - name: Copy min build assets tarball to S3
+        run: |
+          # Upload tarball for each profile by specifying their OUTPUT_TAR path
+          aws s3 cp offline/min-build/output/assets.tgz s3://public.wire.com/artifacts/wire-server-deploy-static-min-${{ steps.upload_name.outputs.UPLOAD_NAME }}.tgz
+          echo "Uploaded to: https://s3-$AWS_REGION.amazonaws.com/public.wire.com/artifacts/wire-server-deploy-static-min-${{ steps.upload_name.outputs.UPLOAD_NAME }}.tgz"
+          # remove the archives from the build to optimize the space on the server
+          rm -rf offline/min-build/output/*
+        env:
+          AWS_ACCESS_KEY_ID: '${{ secrets.AWS_ACCESS_KEY_ID }}'
+          AWS_SECRET_ACCESS_KEY: '${{ secrets.AWS_SECRET_ACCESS_KEY }}'
+          AWS_REGION: "eu-west-1"

.github/workflows/offline.yml

@@ -1,9 +1,9 @@
 on:
   push:
-    branches: [master, develop]
+    branches: [master, "5.14"]
     tags: [ v* ]
   pull_request:
-    branches: [master, develop]
+    branches: [master, "5.14"]
 jobs:
   offline:
     name: Prepare offline package
@@ -32,25 +32,6 @@ jobs:
           echo ::set-output name=UPLOAD_NAME::$GITHUB_SHA
           # echo ::set-output name=UPLOAD_NAME::${SOURCE_TAG:-$GITHUB_SHA}
 
-      # min profile build
-      - name: Process the min profile build
-        run: ./offline/min-build/build.sh
-        env:
-          GPG_PRIVATE_KEY: '${{ secrets.GPG_PRIVATE_KEY }}'
-          DOCKER_LOGIN: '${{ secrets.DOCKER_LOGIN }}'
-
-      - name: Copy min build assets tarball to S3
-        run: |
-          # Upload tarball for each profile by specifying their OUTPUT_TAR path
-          aws s3 cp offline/min-build/output/assets.tgz s3://public.wire.com/artifacts/wire-server-deploy-static-min-${{ steps.upload_name.outputs.UPLOAD_NAME }}.tgz
-          echo "Uploaded to: https://s3-$AWS_REGION.amazonaws.com/public.wire.com/artifacts/wire-server-deploy-static-min-${{ steps.upload_name.outputs.UPLOAD_NAME }}.tgz"
-          # remove the archives from the build to optimize the space on the server
-          rm -rf offline/min-build/output/*
-        env:
-          AWS_ACCESS_KEY_ID: '${{ secrets.AWS_ACCESS_KEY_ID }}'
-          AWS_SECRET_ACCESS_KEY: '${{ secrets.AWS_SECRET_ACCESS_KEY }}'
-          AWS_REGION: "eu-west-1"
-
       # deafult profile build
       - name: Process the default profile build
         run: ./offline/default-build/build.sh
@@ -64,28 +45,7 @@ jobs:
           aws s3 cp offline/default-build/output/assets.tgz s3://public.wire.com/artifacts/wire-server-deploy-static-${{ steps.upload_name.outputs.UPLOAD_NAME }}.tgz
           echo "Uploaded to: https://s3-$AWS_REGION.amazonaws.com/public.wire.com/artifacts/wire-server-deploy-static-${{ steps.upload_name.outputs.UPLOAD_NAME }}.tgz"
           # remove the archives from the build to optimize the space on the server
-          rm offline/default-build/output/containers-helm.tar
-        env:
-          AWS_ACCESS_KEY_ID: '${{ secrets.AWS_ACCESS_KEY_ID }}'
-          AWS_SECRET_ACCESS_KEY: '${{ secrets.AWS_SECRET_ACCESS_KEY }}'
-          AWS_REGION: "eu-west-1"
-
-      # demo profile build
-      - name: Process the demo profile build
-        run: ./offline/demo-build/build.sh
-        env:
-          GPG_PRIVATE_KEY: '${{ secrets.GPG_PRIVATE_KEY }}'
-          DOCKER_LOGIN: '${{ secrets.DOCKER_LOGIN }}'
-
-      - name: Copy demo build assets tarball to S3 and clean up
-        run: |
-          # Upload tarball for each profile by specifying their OUTPUT_TAR path
-          aws s3 cp offline/demo-build/output/assets.tgz s3://public.wire.com/artifacts/wire-server-deploy-static-demo-${{ steps.upload_name.outputs.UPLOAD_NAME }}.tgz
-          echo "Uploaded to: https://s3-$AWS_REGION.amazonaws.com/public.wire.com/artifacts/wire-server-deploy-static-demo-${{ steps.upload_name.outputs.UPLOAD_NAME }}.tgz"
-          # remove the assets from the build to optimize the space on the server
-          rm -rf offline/demo-build/output/*
-          # removing everything except assets.tgz as it is not required anymore in the further builds
-          find offline/default-build/output/ -mindepth 1 -maxdepth 1 ! -name 'assets.tgz' -exec rm -r {} +
+          # rm offline/default-build/output/containers-helm.tar
         env:
           AWS_ACCESS_KEY_ID: '${{ secrets.AWS_ACCESS_KEY_ID }}'
           AWS_SECRET_ACCESS_KEY: '${{ secrets.AWS_SECRET_ACCESS_KEY }}'

offline/default-build/build.sh

@@ -26,7 +26,7 @@ TASKS_DIR="${SCRIPT_DIR}/../tasks"
 # --------------------------
 
 # pulling the charts, charts to be skipped are passed as arguments HELM_CHART_EXCLUDE_LIST
-"${TASKS_DIR}"/proc_pull_charts.sh OUTPUT_DIR="${OUTPUT_DIR}" # HELM_CHART_EXCLUDE_LIST="inbucket,wire-server-enterprise,coturn"
+"${TASKS_DIR}"/proc_pull_charts.sh OUTPUT_DIR="${OUTPUT_DIR}" HELM_CHART_EXCLUDE_LIST="inbucket,wire-server-enterprise,postgresql"
 
 # copy local copy of values from root directory to output directory
 cp -r "${ROOT_DIR}"/values "${OUTPUT_DIR}"/

offline/tasks/proc_pull_charts.sh

@@ -83,5 +83,5 @@ pull_charts() {
   echo "Pulling charts done."
 }
 
-wire_build="https://raw.githubusercontent.com/wireapp/wire-builds/refs/heads/q2-2025/build.json"
+wire_build="https://raw.githubusercontent.com/wireapp/wire-builds/ab2f729b10065d42fa2bf5adc9f97d545610c1e9/build.json"
 wire_build_chart_release "$wire_build" | pull_charts

values/coturn/prod-secrets.example.yaml

@@ -0,0 +1,3 @@
+secrets:
+  zrestSecrets:
+    - ""

values/coturn/prod-values.example.yaml

@@ -1,3 +1 @@
-secrets:
-  zrestSecrets:
-    - ""
+# using upstream values for coturn helm

values/postgresql/demo-secrets.example.yaml

@@ -0,0 +1,8 @@
+# TODO: look deeper into requirements and make a solid, commented secrets example file
+# TODO: better secret handling
+postgresql:
+  auth:
+    username: wire-server
+    password: verysecurepassword
+    database: wire-server
+    postgresPassword: verysecurepassword

values/postgresql/demo-values.example.yaml

@@ -0,0 +1,10 @@
+# This chart is meant to be used in ephemeral deployments, such as demo environments.
+# TODO: look deeper into requirements and make a solid, commented values example file
+postgresql:
+  primary:
+    persistence:
+      enabled: false
+  volumePermissions:
+    image:
+      repository: bitnami/os-shell
+      tag: 12-debian-12-r46