From 8c90b8f07b98e9de37b8a5d5ffc2bfc1a8b059bb Mon Sep 17 00:00:00 2001 From: mohitrajain Date: Thu, 19 Feb 2026 12:13:31 +0100 Subject: [PATCH 1/6] fix: wpb-23462: point wire_build to a 5.5 build json --- offline/tasks/proc_pull_charts.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/offline/tasks/proc_pull_charts.sh b/offline/tasks/proc_pull_charts.sh index 53801aa80..9afc8df49 100755 --- a/offline/tasks/proc_pull_charts.sh +++ b/offline/tasks/proc_pull_charts.sh @@ -83,5 +83,5 @@ pull_charts() { echo "Pulling charts done." } -wire_build="https://raw.githubusercontent.com/wireapp/wire-builds/refs/heads/wiab-dev-514/build.json" +wire_build="https://raw.githubusercontent.com/wireapp/wire-builds/22741cbaa6c8a6c1bd99055a12f9c605f2a67fe6/build.json" wire_build_chart_release "$wire_build" | pull_charts From ca8c2b49c8f329d7e65fb5e0fa7377772350da41 Mon Sep 17 00:00:00 2001 From: mohitrajain Date: Thu, 19 Feb 2026 18:12:53 +0100 Subject: [PATCH 2/6] fix: wpb-23462: use 5.5 wire-server helm chart values --- values/webapp/prod-values.example.yaml | 7 - values/wire-server/demo-secrets.example.yaml | 58 ------ values/wire-server/demo-values.example.yaml | 180 +++---------------- values/wire-server/prod-secrets.example.yaml | 63 ++----- values/wire-server/prod-values.example.yaml | 106 +++-------- 5 files changed, 68 insertions(+), 346 deletions(-) diff --git a/values/webapp/prod-values.example.yaml b/values/webapp/prod-values.example.yaml index 0d6286cd1..329d340f5 100644 --- a/values/webapp/prod-values.example.yaml +++ b/values/webapp/prod-values.example.yaml @@ -19,14 +19,7 @@ envVars: FEATURE_ENABLE_DEBUG: "false" FEATURE_ENABLE_PHONE_LOGIN: "false" FEATURE_ENABLE_SSO: "false" - FEATURE_ENABLE_IN_CALL_REACTIONS: "true" - FEATURE_ENABLE_IN_CALL_HAND_RAISE: "true" - FEATURE_ENABLE_DETACHED_CALLING_WINDOW: "true" - FEATURE_ENABLE_MESSAGE_FORMAT_BUTTONS: "true" FEATURE_SHOW_LOADING_INFORMATION: "false" - FEATURE_ENABLE_CHANNELS: "false" - FEATURE_ENABLE_CHANNELS_HISTORY_SHARING: "false" - FEATURE_ENABLE_PUBLIC_CHANNELS: "false" URL_ACCOUNT_BASE: "https://account.example.com" #URL_MOBILE_BASE: "https://wire-pwa-staging.zinfra.io" # TODO: is this needed? URL_PRIVACY_POLICY: "https://www.example.com/terms-conditions" diff --git a/values/wire-server/demo-secrets.example.yaml b/values/wire-server/demo-secrets.example.yaml index 8a47a055d..35ef248d4 100644 --- a/values/wire-server/demo-secrets.example.yaml +++ b/values/wire-server/demo-secrets.example.yaml @@ -1,9 +1,3 @@ -# CHANGEME-DEMO: All values here should be changed/reviewed -elasticsearch-index: - secrets: - elasticsearch: - username: elastic - password: changeme brig: secrets: smtpPassword: dummyPassword @@ -21,61 +15,30 @@ brig: awsSecretKey: dummysecret # These are only necessary if you wish to support sign up via SMS/calls # And require accounts at twilio.com / nexmo.com - rabbitmq: - username: wire-server - password: verysecurepassword - # PostgreSQL password is synced with the wire-postgresql-secret from k8s cluster - # To extract the secret from an existing Kubernetes cluster: - # kubectl get secret wire-postgresql-secret -n postgresql -o jsonpath='{.data.password}' | base64 -d - pgPassword: dummyPassword # gets replaced by the actual secret setTwilio: |- sid: "dummy" token: "dummy" setNexmo: |- key: "dummy" secret: "dummy" - elasticsearch: - username: "elastic" - password: "changeme" - elasticsearchAdditional: - username: "elastic" - password: "changeme" -cannon: - secrets: - rabbitmq: - username: wire-server - password: verysecurepassword cargohold: secrets: # these only need to be changed if using real AWS services awsKeyId: dummykey awsSecretKey: dummysecret - rabbitmq: - username: wire-server - password: verysecurepassword galley: secrets: # these only need to be changed if using real AWS services awsKeyId: dummykey awsSecretKey: dummysecret - # PostgreSQL password is synced with the wire-postgresql-secret from k8s cluster - # To extract the secret from an existing Kubernetes cluster: - # kubectl get secret wire-postgresql-secret -n postgresql -o jsonpath='{.data.password}' | base64 -d - pgPassword: dummyPassword # gets replaced by the actual secret - rabbitmq: - username: wire-server - password: verysecurepassword gundeck: secrets: # these only need to be changed if using real AWS services awsKeyId: dummykey awsSecretKey: dummysecret - rabbitmq: - username: wire-server - password: verysecurepassword proxy: secrets: @@ -99,24 +62,3 @@ nginz: # only necessary in test environments (env="staging"). See charts/nginz/README.md basicAuth: ":" -# RabbitMQ credentials for background-worker. -background-worker: - secrets: - rabbitmq: - username: wire-server - password: verysecurepassword - -# Uncomment for legalhold. Set values accordingly - -# legalhold: -# serviceToken: "supersecret" -# # openssl req -x509 -newkey rsa:4096 -sha256 -keyout tls.key -out tls.crt -days -# # 365 -subj '/CN={{ .Values.legalhold.host }}' Or provide your own signed by a -# # proper CA -# tlsKey: | -# -----BEGIN PRIVATE KEY----- -# -----END PRIVATE KEY----- -# -# tlsCrt: | -# -----BEGIN CERTIFICATE----- -# -----END CERTIFICATE----- diff --git a/values/wire-server/demo-values.example.yaml b/values/wire-server/demo-values.example.yaml index fed128a0a..b2cfd8b09 100644 --- a/values/wire-server/demo-values.example.yaml +++ b/values/wire-server/demo-values.example.yaml @@ -1,7 +1,6 @@ tags: proxy: false # enable if you want/need giphy/youtube/etc proxying - legalhold: false # Enable if you need legalhold - federation: false # Enable to use federation + spar: false # enable if you want/need Single-Sign-On (SSO) cassandra-migrations: # images: @@ -23,88 +22,50 @@ brig: config: cassandra: host: cassandra-ephemeral + replicaCount: 1 elasticsearch: host: elasticsearch-ephemeral - rabbitmq: - host: rabbitmq # name of the rabbitmq service, either `rabbitmq-external` or `rabbitmq` - postgresql: - host: postgresql # DNS name without protocol - port: "5432" - user: wire-server - dbname: wire-server useSES: false - # Set to false if you want to hand out DynamoDB to store prekeys - randomPrekeys: true aws: # change if using real AWS region: "eu-west-1" sqsEndpoint: http://fake-aws-sqs:4568 - #dynamoDBEndpoint: http://fake-aws-dynamodb:4567 - + dynamoDBEndpoint: http://fake-aws-dynamodb:4567 # these must match the table names created on fake or real AWS services internalQueue: integration-brig-events-internal prekeyTable: integration-brig-prekeys externalUrls: - nginz: https://nginz-https.example.com # change this + nginz: https://api.example.com # change this teamSettings: https://teams.example.com # change this (on unset if team settings are not used) teamCreatorWelcome: https://teams.example.com/login # change this teamMemberWelcome: https://wire.example.com/download # change this - enableFederation: false # Enable to use federation optSettings: setFederationDomain: example.com # change this # Sync the domain with the 'host' variable in the sftd chart - # Comment the next line (by adding '#' before it) if conference calling is not used - setSftStaticUrl: "https://sftd.example.com:443" - # If set to true, creating new personal users or new teams on your instance from - # outside your backend installation is disabled - setRestrictUserCreation: false - # Uncomment and replace values below for adding federated backends - # setFederationStrategy: allowDynamic - # setFederationDomainConfigs: - # - domain: remotebackend1.example.com - # search_policy: full_search + # uncomment this section if conference calling is not used + setSftStaticUrl: "https://sftd.example.om:443" emailSMS: general: emailSender: email@example.com # change this smsSender: "insert-sms-sender-for-twilio" # change this if SMS support is desired - templateBranding: # change all of these, they are used in emails - brand: Wire - brandUrl: https://wire.com - brandLabel: wire.com - brandLabelUrl: https://wire.com - brandLogoUrl: https://wire.com/p/img/email/logo-email-black.png - brandService: Wire Service Provider - copyright: © WIRE SWISS GmbH - misuse: misuse@wire.com - legal: https://wire.com/legal/ - forgot: https://wire.com/forgot/ - support: https://support.wire.com/ - user: - passwordResetUrl: https://account.example.com/reset/?key=${key}&code=${code} - activationUrl: https://account.example.com/verify/?key=${key}&code=${code} - smsActivationUrl: https://account.example.com/v/${code} - deletionUrl: https://account.example.com/d/?key=${key}&code=${code} - invitationUrl: https://account.example.com/i/${code} smtp: - host: smtp # change this if you want to use your own SMTP server + host: demo-smtp # change this if you want to use your own SMTP server port: 25 # change this connType: plain # change this. Possible values: plain|ssl|tls + turnStatic: + v1: [] + v2: + # - "turn::3478" + # - "turn::3478" + # - "turn::3478?transport=tcp" + # - "turn::3478?transport=tcp" # proxy: # httpProxy: "http://proxy.example.com" # httpsProxy: "https://proxy.example.com" # noProxyList: # - "local.example.com" # - "10.23.0.0/16" - turnStatic: - v1: [] - v2: - # - "turn::3478" - # - "turn::3478" - # - "turn::3478?transport=tcp" - # - "turn::3478?transport=tcp" - metrics: - serviceMonitor: - enabled: true + proxy: replicaCount: 1 @@ -117,21 +78,13 @@ proxy: # noProxyList: # - "local.example.com" # - "10.23.0.0/16" - metrics: - serviceMonitor: - enabled: true + cannon: replicaCount: 1 # image: # tag: some-tag (only override if you want a newer/different version than what is in the chart) # For demo mode only, we don't need to keep websocket connections open on chart upgrades drainTimeout: 10 - config: - cassandra: - host: cassandra-ephemeral - metrics: - serviceMonitor: - enabled: true cargohold: replicaCount: 1 @@ -141,7 +94,7 @@ cargohold: aws: # change if using real AWS region: "eu-west-1" - s3Bucket: assets + s3Bucket: dummy-bucket s3Endpoint: http://fake-aws-s3:9000 s3DownloadEndpoint: https://assets.example.com settings: @@ -152,9 +105,6 @@ cargohold: # noProxyList: # - "local.example.com" # - "10.23.0.0/16" - metrics: - serviceMonitor: - enabled: true galley: replicaCount: 1 @@ -163,25 +113,11 @@ galley: config: cassandra: host: cassandra-ephemeral - rabbitmq: - host: rabbitmq # name of the rabbitmq service, either `rabbitmq-external` or `rabbitmq` - postgresql: - host: postgresql # DNS name without protocol - port: "5432" - user: wire-server - dbname: wire-server - enableFederation: false # Enable to use federation + replicaCount: 1 settings: - # prefix URI used when inviting users to a conversation by link - conversationCodeURI: https://account.example.com/conversation-join/ # change this federationDomain: example.com # change this - # see #RefConfigOptions in `/docs/reference` (https://github.com/wireapp/wire-server/) - featureFlags: - sso: disabled-by-default - # NOTE: Change this to "disabled-by-default" for legalhold support - # legalhold: disabled-by-default - legalhold: disabled-permanently - teamSearchVisibility: disabled-by-default + # prefix URI used when inviting users to a conversation by link + conversationCodeURI: https://example.com/conversation-join/ # change this to poitn to your account pages. aws: region: "eu-west-1" # proxy: @@ -190,9 +126,6 @@ galley: # noProxyList: # - "local.example.com" # - "10.23.0.0/16" - metrics: - serviceMonitor: - enabled: true gundeck: replicaCount: 1 @@ -201,6 +134,7 @@ gundeck: config: cassandra: host: cassandra-ephemeral + replicaCount: 1 aws: # change if using real AWS account: "123456789012" @@ -215,9 +149,6 @@ gundeck: # noProxyList: # - "local.example.com" # - "10.23.0.0/16" - metrics: - serviceMonitor: - enabled: true nginz: replicaCount: 1 @@ -229,73 +160,20 @@ nginz: # tag: some-tag (only override if you want a newer/different version than what is in the chart) nginx_conf: # using prod means mostly that some internal endpoints are not exposed - dns_resolver: kube-dns env: prod external_env_domain: example.com - deeplink: - endpoints: - backendURL: "https://nginz-https.example.com" - backendWSURL: "https://nginz-ssl.example.com" - teamsURL: "https://teams.example.com" - accountsURL: "https://account.example.com" - blackListURL: "https://clientblacklist.wire.com/prod" - websiteURL: "https://wire.com" - title: "My Custom Wire Backend" - # Optional -- Uncomment these if you want to direct all of your mobile users to use the same proxy. - #apiProxy: - #host: "socks5.proxy.com" - #port: 1080 - #needsAuthentication: true # For demo mode only, we don't need to keep websocket connections open on upgrade: drainTimeout: 10 terminationGracePeriodSeconds: 30 - metrics: - serviceMonitor: - enabled: true -spar: + +account-pages: replicaCount: 1 # image: # tag: some-tag (only override if you want a newer/different version than what is in the chart) + envVars: + IS_SELF_HOSTED: "true" config: - cassandra: - host: cassandra-ephemeral - logLevel: Debug - domain: example.com - appUri: https://nginz-https.example.com - ssoUri: https://nginz-https.example.com/sso - maxttlAuthreq: 28800 - maxttlAuthresp: 28800 - # maxScimTokens: 16 # uncomment this if you want to use SCIM provisioning - contacts: - - type: ContactSupport - company: YourCompany - email: email:support@example.com -# proxy: -# httpProxy: "http://proxy.example.com" -# httpsProxy: "https://proxy.example.com" -# noProxyList: -# - "local.example.com" -# - "10.23.0.0/16" - metrics: - serviceMonitor: - enabled: true - -# Only needed when legalhold is enabled -#legalhold: -# host: "legalhold.example.com" -# wireApiHost: "https://nginz-https.example.com" - -# Only needed when federation is enabled -#federator: -# tls: -# useSharedFederatorSecret: true - -background-worker: - config: - cassandra: - host: cassandra-ephemeral - # Enable for federation - enableFederation: false - metrics: - serviceMonitor: - enabled: true + externalUrls: + backendRest: nginz-https.example.com + backendDomain: example.com + appHost: account.example.com diff --git a/values/wire-server/prod-secrets.example.yaml b/values/wire-server/prod-secrets.example.yaml index a397769c6..311e4809d 100644 --- a/values/wire-server/prod-secrets.example.yaml +++ b/values/wire-server/prod-secrets.example.yaml @@ -1,9 +1,6 @@ # CHANGEME-PROD: All values here should be changed/reviewed brig: secrets: - #retrieve postgresql password from Kubernetes Secret with "kubectl get secret wire-postgresql-external-secret -n default -o jsonpath='{.data.password}' | base64 -d" - #pgPassword: verysecurepassword - smtpPassword: dummyPassword zAuth: # generate zauth public/private keys with the 'zauth' executable from wire-server: @@ -19,65 +16,39 @@ brig: awsSecretKey: dummysecret # These are only necessary if you wish to support sign up via SMS/calls # And require accounts at twilio.com / nexmo.com - rabbitmq: - username: guest - password: guest setTwilio: |- sid: "dummy" token: "dummy" setNexmo: |- key: "dummy" secret: "dummy" + # Uncomment for federation. Set values accordingly -cannon: - secrets: - rabbitmq: - username: guest - password: guest + # rabbitmq: + # username: wire-server + # password: verysecurepassword cargohold: secrets: - # Change the awsKeyId and awsSecretKey with the IAM user credentials for cargohold - # Get the secrets and key from the ansible/inventory/offline/group_vars/all/secrets.yml - awsKeyId: dummykey # replace with minio_cargohold_access_key - awsSecretKey: dummysecret # replace with minio_cargohold_secret_key - rabbitmq: - username: guest - password: guest + # these only need to be changed if using real AWS services + awsKeyId: dummykey + awsSecretKey: dummysecret galley: secrets: - #retrieve postgresql password from Kubernetes Secret with "kubectl get secret wire-postgresql-external-secret -n default -o jsonpath='{.data.password}' | base64 -d" - #pgPassword: verysecurepassword # these only need to be changed if using real AWS services awsKeyId: dummykey awsSecretKey: dummysecret - rabbitmq: - username: guest - password: guest - mlsPrivateKeys: - removal: - ed25519: | - -----BEGIN PRIVATE KEY----- - -----END PRIVATE KEY----- - ecdsa_secp256r1_sha256: | - -----BEGIN PRIVATE KEY----- - -----END PRIVATE KEY----- - ecdsa_secp384r1_sha384: | - -----BEGIN PRIVATE KEY----- - -----END PRIVATE KEY----- - ecdsa_secp521r1_sha512: | - -----BEGIN PRIVATE KEY----- - -----END PRIVATE KEY----- + # Uncomment for federation below. Set values accordingly + # rabbitmq: + # username: wire-server + # password: verysecurepassword gundeck: secrets: # these only need to be changed if using real AWS services awsKeyId: dummykey awsSecretKey: dummysecret - rabbitmq: - username: guest - password: guest proxy: secrets: @@ -102,12 +73,12 @@ nginz: basicAuth: ":" -# RabbitMQ credentials for background-worker. -background-worker: - secrets: - rabbitmq: - username: guest - password: guest +# Uncomment for federation below. Set values accordingly +# background-worker: +# secrets: +# rabbitmq: +# username: wire-server +# password: verysecurepassword # Uncomment for legalhold. Set values accordingly diff --git a/values/wire-server/prod-values.example.yaml b/values/wire-server/prod-values.example.yaml index 0e6d33047..5648951c6 100644 --- a/values/wire-server/prod-values.example.yaml +++ b/values/wire-server/prod-values.example.yaml @@ -21,20 +21,12 @@ brig: # image: # tag: some-tag (only override if you want a newer/different version than what is in the chart) config: - multiSFT: - enabled: false # enable to turn on SFT to SFT communication for federated calls cassandra: host: cassandra-external elasticsearch: host: elasticsearch-external rabbitmq: - host: rabbitmq-external - # For k8s-based RabbitMQ (default). Use 'rabbitmq-external' for production external RabbitMQ VMs - #postgresql: - # host: postgresql-external-rw # DNS name without protocol - # port: "5432" - # user: wire-server - # dbname: wire-server + host: rabbitmq # name of the rabbitmq service, either `rabbitmq-external` or `rabbitmq` useSES: false # Set to false if you want to hand out DynamoDB to store prekeys randomPrekeys: true @@ -52,14 +44,12 @@ brig: teamSettings: https://teams.example.com # change this (or unset if team settings are not used) teamCreatorWelcome: https://teams.example.com/login # change this teamMemberWelcome: https://wire.example.com/download # change this - # TODO: BUG! 5.23 brig charts wont deploy in CI unless federation is enabled! - enableFederation: true # Enable to use federation + enableFederation: false # Enable to use federation optSettings: setFederationDomain: example.com # change this # Sync the domain with the 'host' variable in the sftd chart # Comment the next line (by adding '#' before it) if conference calling is not used setSftStaticUrl: "https://sftd.example.com:443" - # setSftListAllServers: "enabled" # Uncomment for Federation! # If set to true, creating new personal users or new teams on your instance from # outside your backend installation is disabled setRestrictUserCreation: false @@ -103,13 +93,13 @@ brig: turnStatic: v1: [] v2: - # - "turn::3478" - # - "turn::3478" - # - "turn::3478?transport=tcp" - # - "turn::3478?transport=tcp" - metrics: - serviceMonitor: - enabled: false + # - "turn::80" + # - "turn::80?transport=tcp" + # - "turn::80?transport=tcp" + # - "turns::443?transport=tcp" + # - "turns::443?transport=tcp" + proxy: replicaCount: 3 @@ -122,23 +112,14 @@ proxy: # noProxyList: # - "local.example.com" # - "10.23.0.0/16" - metrics: - serviceMonitor: - enabled: false + cannon: replicaCount: 3 # image: # tag: some-tag (only override if you want a newer/different version than what is in the chart) # For demo mode only, we don't need to keep websocket connections open on chart upgrades drainTimeout: 10 - config: - rabbitmq: # Default value for CI, for on-prem deployment, use rabbitmq-external - host: rabbitmq-external - cassandra: - host: cassandra-external - metrics: - serviceMonitor: - enabled: false + cargohold: replicaCount: 3 # image: @@ -159,9 +140,7 @@ cargohold: # noProxyList: # - "local.example.com" # - "10.23.0.0/16" - metrics: - serviceMonitor: - enabled: false + galley: replicaCount: 3 # image: @@ -169,13 +148,8 @@ galley: config: cassandra: host: cassandra-external - rabbitmq: # Default value for CI, for on-prem deployment, use rabbitmq-external - host: rabbitmq-external - #postgresql: - # host: postgresql-external-rw # DNS name without protocol - # port: "5432" - # user: wire-server - # dbname: wire-server + rabbitmq: + host: rabbitmq-external # name of the rabbitmq service, either `rabbitmq-external` or `rabbitmq` enableFederation: false # Enable to use federation settings: # prefix URI used when inviting users to a conversation by link @@ -183,6 +157,9 @@ galley: federationDomain: example.com # change this # see #RefConfigOptions in `/docs/reference` (https://github.com/wireapp/wire-server/) featureFlags: + sso: disabled-by-default + # NOTE: Change this to "disabled-by-default" for legalhold support + # legalhold: disabled-by-default legalhold: disabled-permanently teamSearchVisibility: disabled-by-default aws: @@ -193,16 +170,12 @@ galley: # noProxyList: # - "local.example.com" # - "10.23.0.0/16" - metrics: - serviceMonitor: - enabled: false + gundeck: replicaCount: 3 # image: # tag: some-tag (only override if you want a newer/different version than what is in the chart) config: - rabbitmq: # Default value for CI, for on-prem deployment, use rabbitmq-external - host: rabbitmq-external cassandra: host: cassandra-external aws: @@ -219,9 +192,7 @@ gundeck: # noProxyList: # - "local.example.com" # - "10.23.0.0/16" - metrics: - serviceMonitor: - enabled: false + nginz: replicaCount: 3 config: @@ -232,7 +203,6 @@ nginz: # tag: some-tag (only override if you want a newer/different version than what is in the chart) nginx_conf: # using prod means mostly that some internal endpoints are not exposed - # dns_resolver: coredns env: prod external_env_domain: example.com deeplink: @@ -252,9 +222,7 @@ nginz: # For demo mode only, we don't need to keep websocket connections open on upgrade: drainTimeout: 10 terminationGracePeriodSeconds: 30 - metrics: - serviceMonitor: - enabled: false + spar: replicaCount: 3 # image: @@ -279,44 +247,14 @@ spar: # noProxyList: # - "local.example.com" # - "10.23.0.0/16" - metrics: - serviceMonitor: - enabled: false + # Only needed when legalhold is enabled legalhold: host: "legalhold.example.com" wireApiHost: "https://nginz-https.example.com" - metrics: - serviceMonitor: - enabled: false + # Only needed when federation is enabled federator: - # config: - # optSettings: - # federationStrategy: - # allowedDomains: - # - example.com tls: useSharedFederatorSecret: true - # remoteCAContents: | # Uncomment and place the federating backends root CA certificates in chain (if there are multiple) - metrics: - serviceMonitor: - enabled: false -background-worker: - config: - federationDomain: example.com - # logLevel: Debug - rabbitmq: # Default value for CI, for on-prem deployment, use rabbitmq-external - host: rabbitmq-external - cassandra: - host: cassandra-external - cassandraGalley: - host: cassandra-external - cassandraBrig: - host: cassandra-external - # Enable for federation - enableFederation: false - metrics: - serviceMonitor: - enabled: false From 417656050cf3bda4ed776b80b5ba4332b7c6bcca Mon Sep 17 00:00:00 2001 From: mohitrajain Date: Thu, 19 Feb 2026 18:21:00 +0100 Subject: [PATCH 3/6] fix: wpb-23462: fix pre_chart_process --- offline/tasks/pre_chart_process_0.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/offline/tasks/pre_chart_process_0.sh b/offline/tasks/pre_chart_process_0.sh index fbfdb2c85..c29f5088c 100755 --- a/offline/tasks/pre_chart_process_0.sh +++ b/offline/tasks/pre_chart_process_0.sh @@ -39,4 +39,4 @@ sed -i -Ee 's/useSharedFederatorSecret: false/useSharedFederatorSecret: true/' " # drop step-certificates/.../test-connection.yaml because it lacks an image tag # cf. https://github.com/smallstep/helm-charts/pull/196/files -rm -v "${OUTPUT_DIR}"/charts/step-certificates/charts/step-certificates/templates/tests/* +# rm -v "${OUTPUT_DIR}"/charts/step-certificates/charts/step-certificates/templates/tests/* From e882f24641ed4409c9993e33025f9943df8e7cee Mon Sep 17 00:00:00 2001 From: mohitrajain Date: Fri, 20 Feb 2026 10:43:08 +0100 Subject: [PATCH 4/6] fix: wpb-23462: fix pre_chart_process --- offline/tasks/pre_chart_process_0.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/offline/tasks/pre_chart_process_0.sh b/offline/tasks/pre_chart_process_0.sh index c29f5088c..b8034d3e0 100755 --- a/offline/tasks/pre_chart_process_0.sh +++ b/offline/tasks/pre_chart_process_0.sh @@ -39,4 +39,4 @@ sed -i -Ee 's/useSharedFederatorSecret: false/useSharedFederatorSecret: true/' " # drop step-certificates/.../test-connection.yaml because it lacks an image tag # cf. https://github.com/smallstep/helm-charts/pull/196/files -# rm -v "${OUTPUT_DIR}"/charts/step-certificates/charts/step-certificates/templates/tests/* +# rm -v "${OUTPUT_DIR}"/charts/step-certificates/charts/step-certificates/templates/tests/* From 9dce1ef92746bf01cc2691e7743c692a522974f4 Mon Sep 17 00:00:00 2001 From: mohitrajain Date: Fri, 20 Feb 2026 12:35:23 +0100 Subject: [PATCH 5/6] fix: wpb-23462 fix redis-ephemeral image to use a recent bitnamilegacy image --- values/redis-ephemeral/prod-values.example.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/values/redis-ephemeral/prod-values.example.yaml b/values/redis-ephemeral/prod-values.example.yaml index ca95fe511..a94ad9deb 100644 --- a/values/redis-ephemeral/prod-values.example.yaml +++ b/values/redis-ephemeral/prod-values.example.yaml @@ -6,3 +6,7 @@ redis-ephemeral: requests: cpu: "500m" memory: "512Mi" + image: + registry: docker.io + repository: bitnamilegacy/redis + tag: 7.2.5 From 70c2e34b1642ca9eb8e87e6896ca49ad9f6c25a6 Mon Sep 17 00:00:00 2001 From: mohitrajain Date: Fri, 20 Feb 2026 18:00:54 +0100 Subject: [PATCH 6/6] fix: update the build.json to point to 5.5 WPB-23462 --- offline/tasks/proc_pull_charts.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/offline/tasks/proc_pull_charts.sh b/offline/tasks/proc_pull_charts.sh index 9afc8df49..ed310c5a1 100755 --- a/offline/tasks/proc_pull_charts.sh +++ b/offline/tasks/proc_pull_charts.sh @@ -83,5 +83,5 @@ pull_charts() { echo "Pulling charts done." } -wire_build="https://raw.githubusercontent.com/wireapp/wire-builds/22741cbaa6c8a6c1bd99055a12f9c605f2a67fe6/build.json" +wire_build="https://raw.githubusercontent.com/wireapp/wire-builds/refs/heads/wiab-5.5/build.json" wire_build_chart_release "$wire_build" | pull_charts