From a639d8051053d66af1e03d8e70955ef8bc74cb61 Mon Sep 17 00:00:00 2001 From: mohitrajain Date: Tue, 2 Jun 2026 16:57:14 +0200 Subject: [PATCH 01/12] fix: WPB-25755 bring changes from #876 for release-5.27 and rebased from master --- changelog.d/3-deploy-builds/wire-server-5.27 | 1 + offline/tasks/proc_pull_charts.sh | 2 +- values/wire-server/demo-secrets.example.yaml | 2 +- values/wire-server/demo-values.example.yaml | 23 +++++++++++++++----- values/wire-server/prod-values.example.yaml | 23 +++++++++++++++----- 5 files changed, 37 insertions(+), 14 deletions(-) create mode 100644 changelog.d/3-deploy-builds/wire-server-5.27 diff --git a/changelog.d/3-deploy-builds/wire-server-5.27 b/changelog.d/3-deploy-builds/wire-server-5.27 new file mode 100644 index 000000000..eef103064 --- /dev/null +++ b/changelog.d/3-deploy-builds/wire-server-5.27 @@ -0,0 +1 @@ +Added: update prod and demo example values/secrets for wire-server 5.27, aligning PostgreSQL config, postgresMigration (conversation, teamFeatures), rabbitmq, and mlsPrivateKeys across all services diff --git a/offline/tasks/proc_pull_charts.sh b/offline/tasks/proc_pull_charts.sh index 20b1e7fb1..c0ab02834 100755 --- a/offline/tasks/proc_pull_charts.sh +++ b/offline/tasks/proc_pull_charts.sh @@ -84,5 +84,5 @@ pull_charts() { } -wire_build="https://raw.githubusercontent.com/wireapp/wire-builds/f941851bee7666441a23ba782766cd8d7de5043e/build.json" +wire_build="https://raw.githubusercontent.com/wireapp/wire-builds/ecd204f07540e79fc1febe2483a42111129a5d0d/build.json" wire_build_chart_release "$wire_build" | pull_charts diff --git a/values/wire-server/demo-secrets.example.yaml b/values/wire-server/demo-secrets.example.yaml index 0780cc146..731de571b 100644 --- a/values/wire-server/demo-secrets.example.yaml +++ b/values/wire-server/demo-secrets.example.yaml @@ -121,7 +121,7 @@ nginz: basicAuth: ":" -# RabbitMQ credentials for background-worker. +# RabbitMQ and PostgreSQL credentials for background-worker. background-worker: secrets: pgPassword: verysecurepassword diff --git a/values/wire-server/demo-values.example.yaml b/values/wire-server/demo-values.example.yaml index f12567827..252878384 100644 --- a/values/wire-server/demo-values.example.yaml +++ b/values/wire-server/demo-values.example.yaml @@ -36,6 +36,9 @@ brig: port: "5432" user: wire-server dbname: wire-server + # See pool size calculation guide: https://docs.wire.com/latest/how-to/administrate/postgresql.html + postgresqlPool: + size: 10 # adjust pool size as needed based on expected load and available resources useSES: false # Set to false if you want to hand out DynamoDB to store prekeys randomPrekeys: true @@ -183,10 +186,15 @@ galley: port: "5432" user: wire-server dbname: wire-server + # See pool size calculation guide: https://docs.wire.com/latest/how-to/administrate/postgresql.html + postgresqlPool: + size: 10 # adjust pool size as needed based on expected load and available resources # Explicitly set postgresMigration to cassandra for fresh deployments. - # This controls whether galley reads conversations from Cassandra or PostgreSQL. + # This controls whether galley reads conversations/teamFeatures from Cassandra or PostgreSQL. postgresMigration: conversation: cassandra + conversationCodes: cassandra + teamFeatures: cassandra enableFederation: false # Enable to use federation settings: # prefix URI used when inviting users to a conversation by link @@ -366,13 +374,16 @@ background-worker: port: "5432" user: wire-server dbname: wire-server - # IMPORTANT: At Chart 5.25.0, the background-worker Helm chart incorrectly defaults - # postgresMigration.conversation to "postgresql" instead of "cassandra". - # This MUST be explicitly set to "cassandra" unless you have already migrated - # conversations to PostgreSQL. Without this override, User Group to Channel sync - # jobs will silently skip member synchronization. + # See pool size calculation guide: https://docs.wire.com/latest/how-to/administrate/postgresql.html + postgresqlPool: + size: 5 # Background worker has fewer connections to DB, so smaller pool size is fine postgresMigration: conversation: cassandra + conversationCodes: cassandra + teamFeatures: cassandra + migrateConversations: false + migrateConversationCodes: false + migrateTeamFeatures: false # Enable for federation enableFederation: false metrics: diff --git a/values/wire-server/prod-values.example.yaml b/values/wire-server/prod-values.example.yaml index 31932fbe5..5ab911af7 100644 --- a/values/wire-server/prod-values.example.yaml +++ b/values/wire-server/prod-values.example.yaml @@ -36,6 +36,9 @@ brig: port: "5432" user: wire-server dbname: wire-server + # See pool size calculation guide: https://docs.wire.com/latest/how-to/administrate/postgresql.html + postgresqlPool: + size: 10 # adjust pool size as needed based on expected load and available resources useSES: false # Set to false if you want to hand out DynamoDB to store prekeys randomPrekeys: true @@ -183,10 +186,15 @@ galley: port: "5432" user: wire-server dbname: wire-server + # See pool size calculation guide: https://docs.wire.com/latest/how-to/administrate/postgresql.html + postgresqlPool: + size: 10 # adjust pool size as needed based on expected load and available resources # Explicitly set postgresMigration to cassandra for fresh deployments. - # This controls whether galley reads conversations from Cassandra or PostgreSQL. + # This controls whether galley reads conversations/teamFeatures from Cassandra or PostgreSQL. postgresMigration: conversation: cassandra + conversationCodes: cassandra + teamFeatures: cassandra enableFederation: false # Enable to use federation settings: # prefix URI used when inviting users to a conversation by link @@ -366,13 +374,16 @@ background-worker: port: "5432" user: wire-server dbname: wire-server - # IMPORTANT: At Chart 5.25.0, the background-worker Helm chart incorrectly defaults - # postgresMigration.conversation to "postgresql" instead of "cassandra". - # This MUST be explicitly set to "cassandra" unless you have already migrated - # conversations to PostgreSQL. Without this override, User Group to Channel sync - # jobs will silently skip member synchronization. + # See pool size calculation guide: https://docs.wire.com/latest/how-to/administrate/postgresql.html + postgresqlPool: + size: 5 # Background worker has fewer connections to DB, so smaller pool size is fine postgresMigration: conversation: cassandra + conversationCodes: cassandra + teamFeatures: cassandra + migrateConversations: false + migrateConversationCodes: false + migrateTeamFeatures: false # Enable for federation enableFederation: false metrics: From ba20d77c623b25eada96bd9cbfac494230329f0c Mon Sep 17 00:00:00 2001 From: mohitrajain Date: Wed, 3 Jun 2026 17:26:33 +0200 Subject: [PATCH 02/12] fix: WPB-25755 update default artifact hashes for wiab-stag and dev and update changelog for release 5.27 --- CHANGELOG.md | 5 +++++ ansible/inventory/demo/host.yml | 2 +- ansible/inventory/demo/wiab-staging.yml | 2 +- changelog.d/3-deploy-builds/wire-server-5.27 | 1 - 4 files changed, 7 insertions(+), 3 deletions(-) delete mode 100644 changelog.d/3-deploy-builds/wire-server-5.27 diff --git a/CHANGELOG.md b/CHANGELOG.md index 972567033..ede600d1d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,11 @@ ## Breaking changes --> +# Relase 5.27 + +## Release notes + +* Added: update prod and demo example values/secrets for wire-server 5.27, aligning PostgreSQL config, postgresMigration (conversation, teamFeatures), rabbitmq, and mlsPrivateKeys across all services # Relase 5.25 R1 diff --git a/ansible/inventory/demo/host.yml b/ansible/inventory/demo/host.yml index e98fc4d30..0e4a23614 100644 --- a/ansible/inventory/demo/host.yml +++ b/ansible/inventory/demo/host.yml @@ -18,7 +18,7 @@ wiab: wire_ip: "" # artifact_hash - artifact_hash: "2dd562a37d449eb88eb1f77dcad5c9153987af5f" + artifact_hash: "54c1c37d9b5d963d581d43e38c2c0b93c4c086d9" # docker vars docker_ce_version: "5:28.1.1-1~ubuntu.24.04~noble" diff --git a/ansible/inventory/demo/wiab-staging.yml b/ansible/inventory/demo/wiab-staging.yml index 66f2d97be..30af930c8 100644 --- a/ansible/inventory/demo/wiab-staging.yml +++ b/ansible/inventory/demo/wiab-staging.yml @@ -6,6 +6,6 @@ wiab-staging: ansible_user: 'demo' ansible_ssh_private_key_file: "~/.ssh/id_ed25519" vars: - artifact_hash: 2dd562a37d449eb88eb1f77dcad5c9153987af5f + artifact_hash: 54c1c37d9b5d963d581d43e38c2c0b93c4c086d9 # when enabled, disable WAN SNAT/masquerading for VMs on the private network private_deployment: true diff --git a/changelog.d/3-deploy-builds/wire-server-5.27 b/changelog.d/3-deploy-builds/wire-server-5.27 deleted file mode 100644 index eef103064..000000000 --- a/changelog.d/3-deploy-builds/wire-server-5.27 +++ /dev/null @@ -1 +0,0 @@ -Added: update prod and demo example values/secrets for wire-server 5.27, aligning PostgreSQL config, postgresMigration (conversation, teamFeatures), rabbitmq, and mlsPrivateKeys across all services From 9b351ff9ba67f10271def0a95a7a8f9a6e1b63c9 Mon Sep 17 00:00:00 2001 From: mohitrajain Date: Thu, 4 Jun 2026 22:24:40 +0200 Subject: [PATCH 03/12] fix: WPB-25755 allow for no change detection in changelog.d directory if file addition and removal is part of the same PR --- .github/workflows/changelog-verify.yml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/workflows/changelog-verify.yml b/.github/workflows/changelog-verify.yml index 04e10e473..a3e8ce3a6 100644 --- a/.github/workflows/changelog-verify.yml +++ b/.github/workflows/changelog-verify.yml @@ -65,8 +65,12 @@ jobs: ALLOW_RELEASE_CLEANUP=false if [ -z "$CHANGED_FILES" ]; then - if [ -n "$DELETED_FILES" ] && [ -n "$CHANGELOG_MODIFIED" ]; then - echo "No new or modified changelog.d/ entries found, but CHANGELOG.md changed, so this release cleanup is allowed." + if [ -n "$CHANGELOG_MODIFIED" ]; then + if [ -n "$DELETED_FILES" ]; then + echo "Release detected via CHANGELOG.md update; deleted changelog.d/ entries are allowed." + else + echo "Release detected via CHANGELOG.md update; no changelog.d/ deletions found in this compare range." + fi ALLOW_RELEASE_CLEANUP=true else echo "No files changed in changelog.d/ for this ${GITHUB_EVENT_NAME:-event}." From 516326c370bd8afe07888a2834ba37e3aee5bc5f Mon Sep 17 00:00:00 2001 From: mohitrajain Date: Fri, 5 Jun 2026 16:09:31 +0200 Subject: [PATCH 04/12] fix: WPB-25755 update the artifact for 5.27 based on main branch --- offline/tasks/proc_pull_charts.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/offline/tasks/proc_pull_charts.sh b/offline/tasks/proc_pull_charts.sh index c0ab02834..ee3c69bf2 100755 --- a/offline/tasks/proc_pull_charts.sh +++ b/offline/tasks/proc_pull_charts.sh @@ -84,5 +84,5 @@ pull_charts() { } -wire_build="https://raw.githubusercontent.com/wireapp/wire-builds/ecd204f07540e79fc1febe2483a42111129a5d0d/build.json" +wire_build="https://raw.githubusercontent.com/wireapp/wire-builds/20fc45b2199c71c22b94371b0c5a1697b1b952c6/build.json" wire_build_chart_release "$wire_build" | pull_charts From ca1a03732ab18fddc1e405de9ae0c16b042f5981 Mon Sep 17 00:00:00 2001 From: mohitrajain Date: Wed, 8 Apr 2026 15:16:04 +0200 Subject: [PATCH 05/12] fix: WPB-23445 remove hard coded nginx image references for sftd-join-call --- values/sftd/demo-values.example.yaml | 4 ---- values/sftd/prod-values.example.yaml | 4 ---- 2 files changed, 8 deletions(-) diff --git a/values/sftd/demo-values.example.yaml b/values/sftd/demo-values.example.yaml index 91dc2c885..566db6bc4 100644 --- a/values/sftd/demo-values.example.yaml +++ b/values/sftd/demo-values.example.yaml @@ -3,10 +3,6 @@ host: sftd.example.com replicaCount: 1 joinCall: replicaCount: 1 - image: - repository: docker.io/bitnamilegacy/nginx - pullPolicy: IfNotPresent - tag: "1.27.3-debian-12-r5" tls: issuerRef: name: letsencrypt-http01 diff --git a/values/sftd/prod-values.example.yaml b/values/sftd/prod-values.example.yaml index 1c2374f9e..e93462308 100644 --- a/values/sftd/prod-values.example.yaml +++ b/values/sftd/prod-values.example.yaml @@ -14,10 +14,6 @@ joinCall: # this value should be set to 3 when deployed in a full production DMZ manner # replicaCount = 1 is to support the simple wiab-staging solution replicaCount: 1 - image: - repository: docker.io/bitnamilegacy/nginx - pullPolicy: IfNotPresent - tag: "1.27.3-debian-12-r5" # Uncomment to enable SFT to SFT communication for federated calls # multiSFT: From 079e1602c4d6a5723788f7b88a71e7f2bf1cce7d Mon Sep 17 00:00:00 2001 From: mohitrajain Date: Tue, 24 Mar 2026 17:29:26 +0100 Subject: [PATCH 06/12] fix: WPB-25755 update wire-builds reference to test the default bundle --- changelog.d/2-wire-builds/wsd-5.28 | 1 + 1 file changed, 1 insertion(+) create mode 100644 changelog.d/2-wire-builds/wsd-5.28 diff --git a/changelog.d/2-wire-builds/wsd-5.28 b/changelog.d/2-wire-builds/wsd-5.28 new file mode 100644 index 000000000..d923fb258 --- /dev/null +++ b/changelog.d/2-wire-builds/wsd-5.28 @@ -0,0 +1 @@ +Changed: the wire-builds reference for 2026-q1 with 5.28 backend From e1164853f2776de0f8fce3287bd9766dc5dddb78 Mon Sep 17 00:00:00 2001 From: mohitrajain Date: Thu, 4 Jun 2026 22:45:27 +0200 Subject: [PATCH 07/12] fix: WPB-25755 update default artifact hashes for wiab-stag and dev and update changelog --- CHANGELOG.md | 6 ++++++ ansible/inventory/demo/host.yml | 2 +- ansible/inventory/demo/wiab-staging.yml | 2 +- changelog.d/2-wire-builds/wsd-5.28 | 1 - 4 files changed, 8 insertions(+), 3 deletions(-) delete mode 100644 changelog.d/2-wire-builds/wsd-5.28 diff --git a/CHANGELOG.md b/CHANGELOG.md index ede600d1d..e5d1c85fa 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,12 @@ ## Breaking changes --> +# Relase 5.28 + +## Release notes + +* Changed: the wire-builds reference for 2026-q1 with 5.28 backend + # Relase 5.27 ## Release notes diff --git a/ansible/inventory/demo/host.yml b/ansible/inventory/demo/host.yml index 0e4a23614..5c5230cf7 100644 --- a/ansible/inventory/demo/host.yml +++ b/ansible/inventory/demo/host.yml @@ -18,7 +18,7 @@ wiab: wire_ip: "" # artifact_hash - artifact_hash: "54c1c37d9b5d963d581d43e38c2c0b93c4c086d9" + artifact_hash: "8b427c9d8cb7ca40bcf592baae5692eb32772f28" # docker vars docker_ce_version: "5:28.1.1-1~ubuntu.24.04~noble" diff --git a/ansible/inventory/demo/wiab-staging.yml b/ansible/inventory/demo/wiab-staging.yml index 30af930c8..34207fea0 100644 --- a/ansible/inventory/demo/wiab-staging.yml +++ b/ansible/inventory/demo/wiab-staging.yml @@ -6,6 +6,6 @@ wiab-staging: ansible_user: 'demo' ansible_ssh_private_key_file: "~/.ssh/id_ed25519" vars: - artifact_hash: 54c1c37d9b5d963d581d43e38c2c0b93c4c086d9 + artifact_hash: 8b427c9d8cb7ca40bcf592baae5692eb32772f28 # when enabled, disable WAN SNAT/masquerading for VMs on the private network private_deployment: true diff --git a/changelog.d/2-wire-builds/wsd-5.28 b/changelog.d/2-wire-builds/wsd-5.28 deleted file mode 100644 index d923fb258..000000000 --- a/changelog.d/2-wire-builds/wsd-5.28 +++ /dev/null @@ -1 +0,0 @@ -Changed: the wire-builds reference for 2026-q1 with 5.28 backend From 3b5d73134c5e8f0d5b96860e402890454d6dd726 Mon Sep 17 00:00:00 2001 From: mohitrajain Date: Fri, 5 Jun 2026 17:15:44 +0200 Subject: [PATCH 08/12] fix: WPB-25755 update the artifact for 5.28 based on main branch --- offline/tasks/proc_pull_charts.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/offline/tasks/proc_pull_charts.sh b/offline/tasks/proc_pull_charts.sh index ee3c69bf2..d3ff8a434 100755 --- a/offline/tasks/proc_pull_charts.sh +++ b/offline/tasks/proc_pull_charts.sh @@ -84,5 +84,5 @@ pull_charts() { } -wire_build="https://raw.githubusercontent.com/wireapp/wire-builds/20fc45b2199c71c22b94371b0c5a1697b1b952c6/build.json" +wire_build="https://raw.githubusercontent.com/wireapp/wire-builds/69988e51523016399b23a74d2cffe063545e3f58/build.json" wire_build_chart_release "$wire_build" | pull_charts From 574ed699a2d1bd11bd090f9e363dfe0b989189a5 Mon Sep 17 00:00:00 2001 From: mohitrajain Date: Wed, 3 Jun 2026 15:28:32 +0200 Subject: [PATCH 09/12] fix: WPB-25752 update the wire-builds reference with 5.30.18 commit --- changelog.d/2-wire-builds/release-5.30 | 1 + 1 file changed, 1 insertion(+) create mode 100644 changelog.d/2-wire-builds/release-5.30 diff --git a/changelog.d/2-wire-builds/release-5.30 b/changelog.d/2-wire-builds/release-5.30 new file mode 100644 index 000000000..308ab7248 --- /dev/null +++ b/changelog.d/2-wire-builds/release-5.30 @@ -0,0 +1 @@ +Changed: the wire-builds reference with 5.30.18 commit From 48cd2779071087341c3d8d3304c6ef066228054a Mon Sep 17 00:00:00 2001 From: mohitrajain Date: Thu, 4 Jun 2026 22:49:05 +0200 Subject: [PATCH 10/12] fix: WPB-25755 update default artifact hashes for wiab-stag and dev and update changelog --- CHANGELOG.md | 6 ++++++ ansible/inventory/demo/host.yml | 2 +- ansible/inventory/demo/wiab-staging.yml | 2 +- changelog.d/2-wire-builds/release-5.30 | 1 - 4 files changed, 8 insertions(+), 3 deletions(-) delete mode 100644 changelog.d/2-wire-builds/release-5.30 diff --git a/CHANGELOG.md b/CHANGELOG.md index e5d1c85fa..55cf26eda 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,12 @@ ## Breaking changes --> +# Relase 5.30 + +## Release notes + +* Changed: the wire-builds reference with 5.30.18 commit + # Relase 5.28 ## Release notes diff --git a/ansible/inventory/demo/host.yml b/ansible/inventory/demo/host.yml index 5c5230cf7..4cb0fc9d7 100644 --- a/ansible/inventory/demo/host.yml +++ b/ansible/inventory/demo/host.yml @@ -18,7 +18,7 @@ wiab: wire_ip: "" # artifact_hash - artifact_hash: "8b427c9d8cb7ca40bcf592baae5692eb32772f28" + artifact_hash: "14209ac0389523346a6a051793181c6070bb193f" # docker vars docker_ce_version: "5:28.1.1-1~ubuntu.24.04~noble" diff --git a/ansible/inventory/demo/wiab-staging.yml b/ansible/inventory/demo/wiab-staging.yml index 34207fea0..a3bbd5423 100644 --- a/ansible/inventory/demo/wiab-staging.yml +++ b/ansible/inventory/demo/wiab-staging.yml @@ -6,6 +6,6 @@ wiab-staging: ansible_user: 'demo' ansible_ssh_private_key_file: "~/.ssh/id_ed25519" vars: - artifact_hash: 8b427c9d8cb7ca40bcf592baae5692eb32772f28 + artifact_hash: 14209ac0389523346a6a051793181c6070bb193f # when enabled, disable WAN SNAT/masquerading for VMs on the private network private_deployment: true diff --git a/changelog.d/2-wire-builds/release-5.30 b/changelog.d/2-wire-builds/release-5.30 deleted file mode 100644 index 308ab7248..000000000 --- a/changelog.d/2-wire-builds/release-5.30 +++ /dev/null @@ -1 +0,0 @@ -Changed: the wire-builds reference with 5.30.18 commit From 3aa2ec335ce931e1cbd81b19c128053ea8a8fae3 Mon Sep 17 00:00:00 2001 From: mohitrajain Date: Fri, 5 Jun 2026 17:30:26 +0200 Subject: [PATCH 11/12] fix: WPB-25755 update the artifact for 5.30 based on main branch --- offline/tasks/proc_pull_charts.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/offline/tasks/proc_pull_charts.sh b/offline/tasks/proc_pull_charts.sh index d3ff8a434..06d72f244 100755 --- a/offline/tasks/proc_pull_charts.sh +++ b/offline/tasks/proc_pull_charts.sh @@ -84,5 +84,5 @@ pull_charts() { } -wire_build="https://raw.githubusercontent.com/wireapp/wire-builds/69988e51523016399b23a74d2cffe063545e3f58/build.json" +wire_build="https://raw.githubusercontent.com/wireapp/wire-builds/1cc9193f8ddee6a54f39c41eeca43dea6692d9f4/build.json" wire_build_chart_release "$wire_build" | pull_charts From 9cbafe28672fd0bf438830f2a71eec95d2eb51d0 Mon Sep 17 00:00:00 2001 From: mohitrajain Date: Wed, 3 Jun 2026 15:28:32 +0200 Subject: [PATCH 12/12] fix: WPB-25752 update the wire-builds reference with 5.30.18 commit --- changelog.d/2-wire-builds/release-5.30 | 1 + offline/tasks/proc_pull_charts.sh | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) create mode 100644 changelog.d/2-wire-builds/release-5.30 diff --git a/changelog.d/2-wire-builds/release-5.30 b/changelog.d/2-wire-builds/release-5.30 new file mode 100644 index 000000000..308ab7248 --- /dev/null +++ b/changelog.d/2-wire-builds/release-5.30 @@ -0,0 +1 @@ +Changed: the wire-builds reference with 5.30.18 commit diff --git a/offline/tasks/proc_pull_charts.sh b/offline/tasks/proc_pull_charts.sh index 06d72f244..45089feec 100755 --- a/offline/tasks/proc_pull_charts.sh +++ b/offline/tasks/proc_pull_charts.sh @@ -84,5 +84,5 @@ pull_charts() { } -wire_build="https://raw.githubusercontent.com/wireapp/wire-builds/1cc9193f8ddee6a54f39c41eeca43dea6692d9f4/build.json" +wire_build="https://raw.githubusercontent.com/wireapp/wire-builds/1d0ce6d81590755cff3ec3f23e3cbd2149f765f3/build.json" wire_build_chart_release "$wire_build" | pull_charts