fix wpb-23988: upgrade documentation and small fixes for inventory #3002
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Offline Build Workflow | |
| # | |
| # This workflow builds offline deployment artifacts for different profiles: | |
| # - default: Production deployment (includes external charts, ansible, terraform) | |
| # - build-wiab-staging: Wire-in-a-box (wiab-stag) a production like deployment (includes external charts, ansible, terraform) | |
| # - wiab-dev: Wire-in-a-box dev deployment (includes databases-ephemeral) | |
| # - min: Minimal deployment | |
| # | |
| # Build Optimization via PR Labels: | |
| # - No label: No builds run (must add label to trigger builds) | |
| # - 'build-default': Builds only default profile | |
| # - 'build-dev': Builds only demo profile | |
| # - 'build-wiab-staging' - Builds only wiab-staging profile | |
| # - 'build-min': Builds only min profile | |
| # - 'build-all': Explicitly builds all profiles (useful for workflow changes) | |
| # | |
| # Push to master/develop: Always builds all profiles regardless of labels | |
| # | |
| on: | |
| push: | |
| branches: ["**"] | |
| tags: [v*] | |
| paths-ignore: | |
| - "*.md" | |
| - "**/*.md" | |
| pull_request: | |
| types: [synchronize, reopened, labeled] | |
| branches: ["**"] | |
| paths-ignore: | |
| - "*.md" | |
| - "**/*.md" | |
| jobs: | |
| # Build default profile and create local assets | |
| build-default: | |
| name: Build default profile | |
| if: | | |
| (github.event_name == 'push' && github.ref == 'refs/heads/master') || | |
| contains(github.event.pull_request.labels.*.name, 'build-all') || | |
| contains(github.event.pull_request.labels.*.name, 'build-default') || | |
| contains(github.event.pull_request.labels.*.name, 'build-wiab-staging') | |
| runs-on: | |
| group: wire-server-deploy | |
| outputs: | |
| upload_name: ${{ steps.upload_name.outputs.UPLOAD_NAME }} | |
| steps: | |
| - uses: actions/checkout@v2 | |
| with: | |
| submodules: true | |
| - uses: cachix/install-nix-action@v27 | |
| - uses: cachix/cachix-action@v15 | |
| with: | |
| name: wire-server | |
| signingKey: "${{ secrets.CACHIX_SIGNING_KEY }}" | |
| - name: Install nix environment | |
| run: nix-env -f default.nix -iA env | |
| - name: Get upload name | |
| id: upload_name | |
| run: echo "UPLOAD_NAME=$GITHUB_SHA" >> $GITHUB_OUTPUT | |
| # default profile build | |
| - name: Process the default profile build | |
| run: ./offline/default-build/build.sh | |
| env: | |
| GPG_PRIVATE_KEY: '${{ secrets.GPG_PRIVATE_KEY }}' | |
| DOCKER_LOGIN: '${{ secrets.DOCKER_LOGIN }}' | |
| - name: Copy default build assets tarball to S3 | |
| run: | | |
| aws s3 cp offline/default-build/output/assets.tgz s3://public.wire.com/artifacts/wire-server-deploy-static-${{ steps.upload_name.outputs.UPLOAD_NAME }}.tgz | |
| echo "Uploaded to: https://s3-$AWS_REGION.amazonaws.com/public.wire.com/artifacts/wire-server-deploy-static-${{ steps.upload_name.outputs.UPLOAD_NAME }}.tgz" | |
| env: | |
| AWS_ACCESS_KEY_ID: '${{ secrets.AWS_ACCESS_KEY_ID }}' | |
| AWS_SECRET_ACCESS_KEY: '${{ secrets.AWS_SECRET_ACCESS_KEY }}' | |
| AWS_REGION: "eu-west-1" | |
| verify-default: | |
| name: Verify default profile | |
| needs: build-default | |
| if: | | |
| (github.event_name == 'push' && github.ref == 'refs/heads/master') || | |
| contains(github.event.pull_request.labels.*.name, 'build-all') || | |
| contains(github.event.pull_request.labels.*.name, 'build-default') | |
| runs-on: | |
| group: wire-server-deploy | |
| steps: | |
| - uses: actions/checkout@v2 | |
| with: | |
| submodules: true | |
| - uses: cachix/install-nix-action@v27 | |
| - uses: cachix/cachix-action@v15 | |
| with: | |
| name: wire-server | |
| signingKey: "${{ secrets.CACHIX_SIGNING_KEY }}" | |
| - name: Install nix environment | |
| run: nix-env -f default.nix -iA env | |
| - name: Install terraform | |
| uses: hashicorp/setup-terraform@v3 | |
| with: | |
| terraform_version: "^1.3.7" | |
| terraform_wrapper: false | |
| - name: Deploy offline environment to hetzner | |
| run: ./offline/cd.sh | |
| env: | |
| HCLOUD_TOKEN: '${{ secrets.HCLOUD_TOKEN }}' | |
| - name: Clean up hetzner environment; just in case | |
| if: always() | |
| run: (cd terraform/examples/wire-server-deploy-offline-hetzner ; terraform init && terraform destroy -auto-approve) | |
| env: | |
| HCLOUD_TOKEN: '${{ secrets.HCLOUD_TOKEN }}' | |
| # verify wiab-staging profile | |
| verify-wiab-staging: | |
| name: Verify wiab staging profile | |
| needs: build-default | |
| if: | | |
| (github.event_name == 'push' && github.ref == 'refs/heads/master') || | |
| contains(github.event.pull_request.labels.*.name, 'build-all') || | |
| contains(github.event.pull_request.labels.*.name, 'build-wiab-staging') | |
| runs-on: | |
| group: wire-server-deploy | |
| steps: | |
| - uses: actions/checkout@v2 | |
| with: | |
| submodules: true | |
| - uses: cachix/install-nix-action@v27 | |
| - uses: cachix/cachix-action@v15 | |
| with: | |
| name: wire-server | |
| signingKey: "${{ secrets.CACHIX_SIGNING_KEY }}" | |
| - name: Install nix environment | |
| run: nix-env -f default.nix -iA env | |
| - name: Install terraform | |
| uses: hashicorp/setup-terraform@v3 | |
| with: | |
| terraform_version: "^1.3.7" | |
| terraform_wrapper: false | |
| - name: Deploy offline wiab-staging environment to hetzner | |
| run: ./offline/cd_staging.sh | |
| env: | |
| HCLOUD_TOKEN: '${{ secrets.HCLOUD_TOKEN }}' | |
| - name: Clean up hetzner wiab-staging environment; just in case | |
| if: always() | |
| run: (cd terraform/examples/wiab-staging-hetzner ; terraform init && terraform destroy -auto-approve) | |
| env: | |
| HCLOUD_TOKEN: '${{ secrets.HCLOUD_TOKEN }}' | |
| # Build container in parallel | |
| build-container: | |
| name: Build container | |
| needs: build-default | |
| runs-on: | |
| group: wire-server-deploy | |
| steps: | |
| - uses: actions/checkout@v2 | |
| with: | |
| submodules: true | |
| - uses: cachix/install-nix-action@v27 | |
| - uses: cachix/cachix-action@v15 | |
| with: | |
| name: wire-server | |
| signingKey: "${{ secrets.CACHIX_SIGNING_KEY }}" | |
| - name: Build and upload wire-server-deploy container | |
| run: | | |
| container_image=$(nix-build --no-out-link -A container) | |
| skopeo copy --retry-times 10 --dest-creds "$DOCKER_LOGIN" \ | |
| docker-archive:"$container_image" \ | |
| "docker://quay.io/wire/wire-server-deploy:${{ needs.build-default.outputs.upload_name }}" | |
| env: | |
| DOCKER_LOGIN: '${{ secrets.DOCKER_LOGIN }}' | |
| # Build dev profile | |
| build-dev: | |
| name: Build dev profile | |
| if: | | |
| (github.event_name == 'push' && github.ref == 'refs/heads/master') || | |
| contains(github.event.pull_request.labels.*.name, 'build-all') || | |
| contains(github.event.pull_request.labels.*.name, 'build-dev') | |
| runs-on: | |
| group: wire-server-deploy | |
| steps: | |
| - uses: actions/checkout@v2 | |
| with: | |
| submodules: true | |
| - uses: cachix/install-nix-action@v27 | |
| - uses: cachix/cachix-action@v15 | |
| with: | |
| name: wire-server | |
| signingKey: "${{ secrets.CACHIX_SIGNING_KEY }}" | |
| - name: Install nix environment | |
| run: nix-env -f default.nix -iA env | |
| - name: Get upload name | |
| id: upload_name | |
| run: echo "UPLOAD_NAME=$GITHUB_SHA" >> $GITHUB_OUTPUT | |
| - name: Process the dev profile build | |
| run: ./offline/demo-build/build.sh | |
| env: | |
| GPG_PRIVATE_KEY: "${{ secrets.GPG_PRIVATE_KEY }}" | |
| DOCKER_LOGIN: "${{ secrets.DOCKER_LOGIN }}" | |
| - name: Copy dev build assets tarball to S3 | |
| run: | | |
| aws s3 cp offline/demo-build/output/assets.tgz s3://public.wire.com/artifacts/wire-server-deploy-static-demo-${{ steps.upload_name.outputs.UPLOAD_NAME }}.tgz | |
| echo "Uploaded to: https://s3-$AWS_REGION.amazonaws.com/public.wire.com/artifacts/wire-server-deploy-static-demo-${{ steps.upload_name.outputs.UPLOAD_NAME }}.tgz" | |
| env: | |
| AWS_ACCESS_KEY_ID: "${{ secrets.AWS_ACCESS_KEY_ID }}" | |
| AWS_SECRET_ACCESS_KEY: "${{ secrets.AWS_SECRET_ACCESS_KEY }}" | |
| AWS_REGION: "eu-west-1" | |
| - name: Install terraform | |
| uses: hashicorp/setup-terraform@v3 | |
| with: | |
| terraform_version: "^1.3.7" | |
| terraform_wrapper: false | |
| - name: Deploy offline demo-wiab environment to hetzner | |
| run: ./offline/cd_demo.sh | |
| env: | |
| HCLOUD_TOKEN: '${{ secrets.HCLOUD_TOKEN }}' | |
| - name: Clean up hetzner wiab environment; just in case | |
| if: always() | |
| run: (cd terraform/examples/wiab-demo-hetzner ; terraform init && terraform destroy -auto-approve) | |
| env: | |
| HCLOUD_TOKEN: '${{ secrets.HCLOUD_TOKEN }}' | |
| - name: Cleanup dev build assets | |
| run: rm -rf offline/demo-build/output/ | |
| # Build min profile | |
| build-min: | |
| name: Build min profile | |
| if: | | |
| (github.event_name == 'push' && github.ref == 'refs/heads/master') || | |
| contains(github.event.pull_request.labels.*.name, 'build-all') || | |
| contains(github.event.pull_request.labels.*.name, 'build-min') | |
| runs-on: | |
| group: wire-server-deploy | |
| steps: | |
| - uses: actions/checkout@v2 | |
| with: | |
| submodules: true | |
| - uses: cachix/install-nix-action@v27 | |
| - uses: cachix/cachix-action@v15 | |
| with: | |
| name: wire-server | |
| signingKey: "${{ secrets.CACHIX_SIGNING_KEY }}" | |
| - name: Install nix environment | |
| run: nix-env -f default.nix -iA env | |
| - name: Get upload name | |
| id: upload_name | |
| run: echo "UPLOAD_NAME=$GITHUB_SHA" >> $GITHUB_OUTPUT | |
| - name: Process the min profile build | |
| run: ./offline/min-build/build.sh | |
| env: | |
| GPG_PRIVATE_KEY: "${{ secrets.GPG_PRIVATE_KEY }}" | |
| DOCKER_LOGIN: "${{ secrets.DOCKER_LOGIN }}" | |
| - name: Copy min build assets tarball to S3 | |
| run: | | |
| aws s3 cp offline/min-build/output/assets.tgz s3://public.wire.com/artifacts/wire-server-deploy-static-min-${{ steps.upload_name.outputs.UPLOAD_NAME }}.tgz | |
| echo "Uploaded to: https://s3-$AWS_REGION.amazonaws.com/public.wire.com/artifacts/wire-server-deploy-static-min-${{ steps.upload_name.outputs.UPLOAD_NAME }}.tgz" | |
| env: | |
| AWS_ACCESS_KEY_ID: "${{ secrets.AWS_ACCESS_KEY_ID }}" | |
| AWS_SECRET_ACCESS_KEY: "${{ secrets.AWS_SECRET_ACCESS_KEY }}" | |
| AWS_REGION: "eu-west-1" | |
| - name: Cleanup min build assets | |
| run: rm -rf offline/min-build/output/ |