Release 2022-11-02 - (expected chart version 4.26.0)#2814
Closed
Release 2022-11-02 - (expected chart version 4.26.0)#2814
Conversation
* feat: make repl * doc: changelog
* feat: add unsafe concurrency effect * feat: just hoist traverse * feat: add a "safety" flag * refactor: UnsafeConcurrency -> Concurrency * feat: add haddocks
* Bump servant-swagger-ui * Fixup * bycatch * don't remove from cabal, add to stack.yaml! * hi ci
Documentation updates fix - missing -h param in nodetool
Master->Develop after release
* Servantify /i-api * Serve servant api under path prefix. * More servant end-points * More servant end-points * More servant end-points * More servant end-points * More servant end-points * More servant end-points * Keep wai-route routing table only for swagger1.2 (part 1). * Keep wai-route routing table only for swagger1.2 (part 2). * More servant end-points * More servant end-points * Fun with schema-profunctor * More servant end-points (feature config) * More servant end-points (feature config) * More servant end-points (feature config) * More servant end-points * Cleanup * Fixup * Bug fix: make routes distinguishable by path. Given two routes with the same path, some swagger-ui version distinguish by query params, some (including the servant-swagger-ui version we're going to use moving forward) will collapse all of them into the last. This commit makes the paths different by adding string literal segments. * Update docs * Revert "Cleanup" This reverts commit 7d1c0e1. * changelog * Removed unused imports. * imports * Fixup * Cleanup * docs. * hi ci Co-authored-by: Igor Ranieri <igor@elland.me>
* rpc effect machinery * propagate effects * move RPC calls into interpreter * feat: use unsafe concurrency for lookupProfiles
* services/gundeck: move appName closer to where it's used * services/gundeck: document SNS Platform Application requirements
This seems to have gotten broken, it complains about some resources that can't be found: ``` level=error ts=2022-09-30T08:09:08.703284478Z caller=klog.go:116 component=k8s_client_runtime func=ErrorDepth msg="status \"default/wire-server-metrics-kube-p-prometheus\" failed: failed to update status subresource: prometheuses.monitoring.coreos.com \"wire-server-metrics-kube-p-prometheus\" not found" ``` Describing how to install a monitoring system, shipping our own wrapper chart, and documenting how to install it shouldn't be something we did in first place. It's a potential endless game of whack-a-mole with upstream changes, and mirroring it downstream in our documentation shouldn't be part of wire-server. Instead, describe what wire-server can do, how it marks its metrics endpoints via ServiceMonitor, and refer to the upstream docs of two commonly used metrics operators.
* refactor: build UserSpec tests out of more composable pieces
Co-authored-by: Marko Dimjašević <marko.dimjasevic@wire.com> Co-authored-by: Stefan Matting <stefan@wire.com>
Co-authored-by: Zebot <zebot@users.noreply.github.com>
Co-authored-by: Zebot <zebot@users.noreply.github.com>
Major changes: 1. Instead of pinning things in `cabal.project`, we pin them in `nix/haskell-pins.nix`. This allows us to share built artefacts among the team and helps us avoid problems of compiling things with newer C libraries because cabal doesn't invalidate the built artefacts in the cabal-store. 2. Images are built using nixpkgs' `dockerTools.streamLayeredImage`. This allows us to build minimal images without needing a docker daemon to be running. This also helps us cache most of our images in the nix cache. 3. Every time any cabal file is changed or a new package is added, we must run `make regen-local-nix-derivations`. This will update various nix derivations we have for our project. This is protected by `make check-local-nix-derivations` which runs as a dependency of `make lint-all` in CI. Co-authored-by: Stefan Matting <stefan@wire.com>
Co-authored-by: Akshay Mankar <akshay@wire.com>
* Makefile: Avoid building haddocks while building production images * Add changelog for nix builds, forgotten in #2331
… http(s) managers (#2772) * cacert-fixup attempt * Use SSL.contextSetDefaultVerifyPaths so we respect SSL_CERT_FILE env var * Revert "cacert-fixup attempt" This reverts commit 398cec18b365481640a5206b57305071401a5817. No need. * Set SSL_CERT_FILE in all docker images * Changelog * Redundant imports * more redundant imports Co-authored-by: Akshay Mankar <akshay@wire.com>
* New version of hlint is more reliable * Change file check for -all * Fixed compilation breaking b/c of operation order? * Fixed lint script -k true * Apply lint correctly
Using haskellPacakges.shellFor directly forced us to use nix-shell which exports too many environment variables. These environment variables cause a lot of problems, specially for people not using NixOS. This change reads buildInputs and nativeBuildInputs for the derivation produced by haskellPacakges.shellFor and adds it to paths of pkgs.buildEnv. To allow cabal to find C dependencies, we also have to export PKG_CONFIG_PATH and LIBRARY_PATH
* Servant Cookie combinator * Parse authorization header * Remove confusing type synonyms * Create schemas for Wire.API.User.Auth types * Fix build and golden tests * Add Access(..) * Add mkSomeAccess and mkSomeCookie & adapt * Optional response headers in MultiVerb * Replace SomeCookie with UserTokenCookie * Finish servantification of access endpoint * Servantify send-login-code * Servantify login endpoint * Servantify logout endpoint * Servantify change-self-email endpoint * Servantify list-cookies endpoint * Servantify remove-cookies endpoint * Change status code to 200 * Servantify legalhold-login endpoint * Servantify sso-login endpoint * Servantify login-code endpoint * Servantify reauthenticate endpoint * Fix build * Add access_token query parameter * Parse cookies leniently * Adapt integration test to new error codes * Add CanThrow annotations * Document Bearer token in Swagger * Add CHANGELOG entry * Revert "Adapt integration test to new error codes" This reverts commit 165340ab3072d21fc72cf097c00aabd857c5f584. * Make servant cookie parser lenient * More leniency in Servant parsers * Adapt some tests * Remove redundant Brig error * Redundant brackets * lbl → label * Reformat long line * Remove empty routes * Apply hlint suggestions * Regenerate nix derivations Co-authored-by: Stefan Matting <stefan@wire.com>
* upload docker images: retry, take 1 To work around: ``` *** Uploading /tmp/tmp.kIKRERgZ1H/image to quay.io/wire/spar-integration:4.25.22Getting image source signatures Copying blob f4f33343fcb5 skipped: already exists Copying blob a3ab88edf03d skipped: already exists Copying blob 9360a695c022 skipped: already exists Copying blob 62d7b43f88a6 skipped: already exists Copying blob 134eff2df9f9 skipped: already exists Copying blob 8834895fc941 skipped: already exists Copying blob 52a0756d3ab1 done ======================>----------] 30.0MiB / 40.3MiB Copying blob fa04d4e808c5 done ---------------------------------] 8.0b / 190.0KiB Copying blob 6c806be006f4 skipped: already exists FATA[0004] trying to reuse blob sha256:95218c34e1598cf423f77062d98259bedcc19c9b8f4d937d0905895ee7b0242e at destination: too many requests to registry make: *** [Makefile:242: upload-images] Error 1 make: Leaving directory '/tmp/build/80754af9/wire-server' ``` * Hi CI * Move `--retry-times` after copy Co-authored-by: Akshay Mankar <akshay@wire.com>
* CommitBundle: Add protobuf ser/deser * Change mime type of endpoint * Adapt tests * Remove superfluous test * Add additional check to test * Add new test case: commit bundles to remote conv * Add test case: Commit bundle from remote user * reformat wire-message-proto-lens.cabal * add changelog entry * Renamed protoLabel * Linted and formatted * Added fundeps to convert proto lens. * Updated mimetype * Removed redundant qualified Co-authored-by: Igor Ranieri <igor@elland.me>
* Makefile: Allow db-migrate and db-reset to migrate/reset all keyspaces * Use locally built schema binaries for db migrations Also make sure DB is up to date every time tests are run and not just when DBs are spun up.
* feat: implement intersperse and testing framework * chore: format * doc: changelog * test: add a test showing a simpler use of intersperse * chore: format * Update libs/polysemy-wire-zoo/test/Test/IntersperseSpec.hs Co-authored-by: Igor Ranieri Elland <54423+elland@users.noreply.github.com> * chore: disable hlint hint Co-authored-by: Igor Ranieri Elland <54423+elland@users.noreply.github.com>
* Fix content type used when testing MLS commit bundles * shellcheck .cabal file * Must not forget to regen derivations
…m clients/TM (#2786) After not using the wire client for some time, it can easily happen that many conversations have many assets that should be downloaded. We may wish to be more lenient on asset download (well, getting signed URLs to download assets) requests. See https://wearezeta.atlassian.net/browse/SQCORE-1372 and https://wearezeta.atlassian.net/browse/SQSERVICES-1763
* Refactor for clarity. * More hints in case of compiler errors. * Make `make full-clean` fuller.
* Use ormolu 0.5.0.1 in dev environment * use ghc92 * add ormolu fixity configuration * reformat all files * Formatted pending changes from develop Co-authored-by: Igor Ranieri <igor@elland.me>
Co-authored-by: jschaul <jschaul@users.noreply.github.com>
* Check external commit criteria - Extract the key package from the update path - Validate key package before replacing the old one * Fix the serialiseMLS instance for `Sender 'MLSPlainText` * Update the mls-test-cli reference * Integration tests for external commits
* Add optional client ID to tokens * Add client ID to access token * Access can now take a client ID * Add client ID access test * More client ID access tests * hlint * Regenerate nix derivations * Change client ID field in token libzauth expects one-letter fields * Disable automatic formatting in libzauth * Test client id token metadata * Add Z-Client variable * Add ZClient combinator * Add CHANGELOG entry * Check validity of client ID on access * Throw error on /access with a different client ID * Add Z-Client header to nginz in charts
* nix: Pin openssl to 1.1 * Revert "nix: Pin openssl to 1.1" This causes a world rebuild of nixpkgs (which takes a lot of time), and the build in CI doesn't complete successfully anyhow. This reverts commit dc1f54e. * nix: selectively pin openssl to 1.1 for Haskell packages. This injects openssl 1.1 into the build of specifically the HsOpenSSL package, which other Haskell derivations depend on for TLS functionality. Co-authored-by: Molly Miller <molly.miller@wire.com>
* chore: add advisory regarding openssl * name files consistently to have security responses show up ordered by date * Set reversed order to have most recent entry on top Co-authored-by: jschaul <jschaul@users.noreply.github.com>
zebot
added
the
ok-to-test
Contributor
|
Closing this because I'd like to have #2816 included in the release |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
15 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
[2022-11-02] (Chart Release 4.26.0)
Release notes
If you have not upgraded to release 2021-03-21 (Chart Release 2.103.0) yet, please do that now!
NB: we only support releases 6 months back, so this should not be an issue. But in this particular case we are positive that things will break if you don't do an intermediate upgrade. (Remove deprecated spar table in cassandra. #2768)
Build docker images using nix derivations instead of Dockerfiles (Generate/write nix derivations for all the haskell code #2331, Avoid building haddocks while building production images #2771, Fixup to nixification: correctly load root CA TLS/SSL certificates in http(s) managers #2772, nix: fix typo in optimized nix builds #2775, nix: Use pkgs.buildEnv for development environment #2776)
Upgrade team-settings version to 4.13.0-v0.31.5-0-4754212 (Update team-settings version in Helm chart [skip ci] #2180)
Upgrade webapp version to 2022-10-12-production.0-v0.31.5-0-0cefecc (Update webapp version in Helm chart [skip ci] #2302)
The experimental wire-server-metrics helm chart has been removed.
These were mostly a wrapper around prometheus operator. It makes more sense to
refer to the upstream docs of Prometheus Operator or Grafana Agent Operator for
installation instead. (charts/wire-server-metrics: drop #2740)
API changes
Do not expose swagger-ui on prod systems (to minimize attack surface) (Disable swagger-ui in prod. #2800)
Change mime type of body of /v3/mls/commit-bundles endpoint (FS-1059 Change commit-bundle body type to protobuf format #2773)
Stop rate-limiting asset-signed-url requests on /assets/.* (Stop rate-limiting asset-signed-url requests #2786)
The
/accessendpoint now takes an optionalclient_idquery parameter. The first time it is provided, a new user token will be generated containing the given client ID. Successive invocations of/accesswill ignore theclient_idparameter. Some endpoints can now potentially require a client ID as part of the access token. When trying to invoke them with an access token that does not contain a client ID, an authentication error will occur. (Add client ID to tokens #2764)Features
Introduce support for external commits in MLS ([FS-919] Support Basic Processing of External Commits #2765)
The
GET /teams/{tid}/membersendpoint now supports pagination ([SQSERVICES 1769] Allow pagination for team endpoints #2802)Bug fixes and other updates
Documentation
Fix copyright date on docs.wire.com (fix copyright date in the docs #2792)
Improve and cross-link documentation on SNS / push notifications. (#PR_NOT_FOUND)
Internal changes
Convert brig's auth endpoints to servant (Servantify brig's auth API #2750)
bump nginx-module-vts from v0.1.15 to v0.2.1 (bump nginx-module-vts from v0.1.15 to v0.2.1 #2793)
Remove deprecated table for storing scim external_ids.
Data has been migrated away in release 2021-03-21 (Chart Release 2.103.0) (see
/services/spar/migrate-data/src/Spar/DataMigration/V1_ExternalIds.hs); last time it has been touched in production is before upgrade to release 2021-03-23 (Chart Release 2.104.0). (Remove deprecated spar table in cassandra. #2768)Refactor some internal Scim user tests (Refactor Scim.Scim.UserSpec tests to use composable pieces #2762)
Reduce the payload size of internal
client.deleteevent (Reduce payload size for internal client.delete event #2807)Bump servant-swagger-ui package. (Bump servant-swagger-ui package #2747)
Increase charts/galley memory limit to 500M. (Higher memory limit for galley #2798)
Add RPC, ServiceRPC and GalleyProvider effects to brig (Brig Polysemy: Galley RPC effect #2653)
Use locally build schema binaries for db migrations and execute them right before running integration tests. (Use locally built schema binaries for db migrations #2791)
Rename the make targets from
db-migrate-packageanddb-reset-packagetodb-migrateanddb-resetand allow migrating and resetting all keyspaces. (Use locally built schema binaries for db migrations #2791)Add a Make target for ghci (Add a repl target to Makefile #2749)
Upgrade nginz/nginx to 1.22.1 (nginz: upgrade nginx version #2777)
The dev environment provided by nix now contains all the haskell packages
compiled by nix. This could casue linker errors while compiling haskell code in
this repo. One way to get resolve them is to delete the 'dist-newstyle'
directory. (Generate/write nix derivations for all the haskell code #2331)
Implemented a new intersperse combinator for Polysemy (Polysemy: intersperse combinator #2767)
Add a Concurrency effect for Polysemy (Polysemy concurrency effect #2748)
Don't fail client deletion when mls remove key is undefined (Update error checking for MLS removal key & add operator documenteation #2738)
Migrate stern to swagger2-ui (remaining backwards compatible with circulating backoffice images) (see also Servantify stern #2742 from last release) (Servantify stern #2744)
Gundeck push token API and notification API is migrated to Servant ([SQSERVICES-1646] Servantify Gundeck #2769)
Delete
deploy/services-demodirectory (Delete services-demo #2789)