Do Not Merge: Wpb 23462 wiab stag 5.5

offline/tasks/pre_chart_process_0.sh

@@ -39,4 +39,4 @@ sed -i -Ee 's/useSharedFederatorSecret: false/useSharedFederatorSecret: true/' "
 
 # drop step-certificates/.../test-connection.yaml because it lacks an image tag
 # cf. https://github.com/smallstep/helm-charts/pull/196/files
-rm -v "${OUTPUT_DIR}"/charts/step-certificates/charts/step-certificates/templates/tests/*
+# rm -v "${OUTPUT_DIR}"/charts/step-certificates/charts/step-certificates/templates/tests/* 

offline/tasks/proc_pull_charts.sh

@@ -83,5 +83,5 @@ pull_charts() {
   echo "Pulling charts done."
 }
 
-wire_build="https://raw.githubusercontent.com/wireapp/wire-builds/refs/heads/wiab-dev-514/build.json"
+wire_build="https://raw.githubusercontent.com/wireapp/wire-builds/refs/heads/wiab-5.5/build.json"
 wire_build_chart_release "$wire_build" | pull_charts

values/redis-ephemeral/prod-values.example.yaml

@@ -6,3 +6,7 @@ redis-ephemeral:
     requests:
       cpu: "500m"
       memory: "512Mi"
+  image:
+    registry: docker.io
+    repository: bitnamilegacy/redis
+    tag: 7.2.5

values/webapp/prod-values.example.yaml

@@ -19,14 +19,7 @@ envVars:
   FEATURE_ENABLE_DEBUG: "false"
   FEATURE_ENABLE_PHONE_LOGIN: "false"
   FEATURE_ENABLE_SSO: "false"
-  FEATURE_ENABLE_IN_CALL_REACTIONS: "true"
-  FEATURE_ENABLE_IN_CALL_HAND_RAISE: "true"
-  FEATURE_ENABLE_DETACHED_CALLING_WINDOW: "true"
-  FEATURE_ENABLE_MESSAGE_FORMAT_BUTTONS: "true"
   FEATURE_SHOW_LOADING_INFORMATION: "false"
-  FEATURE_ENABLE_CHANNELS: "false"
-  FEATURE_ENABLE_CHANNELS_HISTORY_SHARING: "false"
-  FEATURE_ENABLE_PUBLIC_CHANNELS: "false"
   URL_ACCOUNT_BASE: "https://account.example.com"
   #URL_MOBILE_BASE: "https://wire-pwa-staging.zinfra.io" # TODO: is this needed?
   URL_PRIVACY_POLICY: "https://www.example.com/terms-conditions"

values/wire-server/demo-secrets.example.yaml

@@ -1,9 +1,3 @@
-# CHANGEME-DEMO: All values here should be changed/reviewed
-elasticsearch-index:
-  secrets:
-    elasticsearch:
-      username: elastic
-      password: changeme
 brig:
   secrets:
     smtpPassword: dummyPassword
@@ -21,61 +15,30 @@ brig:
     awsSecretKey: dummysecret
     # These are only necessary if you wish to support sign up via SMS/calls
     # And require accounts at twilio.com / nexmo.com
-    rabbitmq:
-      username: wire-server
-      password: verysecurepassword
-    # PostgreSQL password is synced with the wire-postgresql-secret from k8s cluster
-    # To extract the secret from an existing Kubernetes cluster:
-    #   kubectl get secret wire-postgresql-secret -n postgresql -o jsonpath='{.data.password}' | base64 -d
-    pgPassword: dummyPassword # gets replaced by the actual secret
     setTwilio: |-
       sid: "dummy"
       token: "dummy"
     setNexmo: |-
       key: "dummy"
       secret: "dummy"
-    elasticsearch:
-      username: "elastic"
-      password: "changeme"
-    elasticsearchAdditional:
-      username: "elastic"
-      password: "changeme"
-cannon:
-  secrets:
-    rabbitmq:
-      username: wire-server
-      password: verysecurepassword
 
 cargohold:
   secrets:
     # these only need to be changed if using real AWS services
     awsKeyId: dummykey
     awsSecretKey: dummysecret
-    rabbitmq:
-      username: wire-server
-      password: verysecurepassword
 
 galley:
   secrets:
     # these only need to be changed if using real AWS services
     awsKeyId: dummykey
     awsSecretKey: dummysecret
-    # PostgreSQL password is synced with the wire-postgresql-secret from k8s cluster
-    # To extract the secret from an existing Kubernetes cluster:
-    #   kubectl get secret wire-postgresql-secret -n postgresql -o jsonpath='{.data.password}' | base64 -d
-    pgPassword: dummyPassword # gets replaced by the actual secret
-    rabbitmq:
-      username: wire-server
-      password: verysecurepassword
 
 gundeck:
   secrets:
     # these only need to be changed if using real AWS services
     awsKeyId: dummykey
     awsSecretKey: dummysecret
-    rabbitmq:
-      username: wire-server
-      password: verysecurepassword
 
 proxy:
   secrets:
@@ -99,24 +62,3 @@ nginz:
     # only necessary in test environments (env="staging"). See charts/nginz/README.md
     basicAuth: "<username>:<htpasswd-hashed-password>"
 
-# RabbitMQ credentials for background-worker.
-background-worker:
-  secrets:
-    rabbitmq:
-      username: wire-server
-      password: verysecurepassword
-
-# Uncomment for legalhold. Set values accordingly
-
-# legalhold:
-#   serviceToken: "supersecret"
-#   # openssl req -x509 -newkey rsa:4096 -sha256 -keyout tls.key -out tls.crt -days
-#   # 365 -subj '/CN={{ .Values.legalhold.host }}' Or provide your own signed by a
-#   # proper CA
-#   tlsKey: |
-#     -----BEGIN PRIVATE KEY-----
-#     -----END PRIVATE KEY-----
-#
-#   tlsCrt: |
-#     -----BEGIN CERTIFICATE-----
-#     -----END CERTIFICATE-----