Release 2022-11-03 - (expected chart version 4.26.0) #2821
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
* feat: make repl * doc: changelog
* feat: add unsafe concurrency effect * feat: just hoist traverse * feat: add a "safety" flag * refactor: UnsafeConcurrency -> Concurrency * feat: add haddocks
* Bump servant-swagger-ui * Fixup * bycatch * don't remove from cabal, add to stack.yaml! * hi ci
Documentation updates fix - missing -h param in nodetool
Master->Develop after release
* Servantify /i-api * Serve servant api under path prefix. * More servant end-points * More servant end-points * More servant end-points * More servant end-points * More servant end-points * More servant end-points * Keep wai-route routing table only for swagger1.2 (part 1). * Keep wai-route routing table only for swagger1.2 (part 2). * More servant end-points * More servant end-points * Fun with schema-profunctor * More servant end-points (feature config) * More servant end-points (feature config) * More servant end-points (feature config) * More servant end-points * Cleanup * Fixup * Bug fix: make routes distinguishable by path. Given two routes with the same path, some swagger-ui version distinguish by query params, some (including the servant-swagger-ui version we're going to use moving forward) will collapse all of them into the last. This commit makes the paths different by adding string literal segments. * Update docs * Revert "Cleanup" This reverts commit 7d1c0e1. * changelog * Removed unused imports. * imports * Fixup * Cleanup * docs. * hi ci Co-authored-by: Igor Ranieri <igor@elland.me>
* rpc effect machinery * propagate effects * move RPC calls into interpreter * feat: use unsafe concurrency for lookupProfiles
* services/gundeck: move appName closer to where it's used * services/gundeck: document SNS Platform Application requirements
This seems to have gotten broken, it complains about some resources that can't be found: ``` level=error ts=2022-09-30T08:09:08.703284478Z caller=klog.go:116 component=k8s_client_runtime func=ErrorDepth msg="status \"default/wire-server-metrics-kube-p-prometheus\" failed: failed to update status subresource: prometheuses.monitoring.coreos.com \"wire-server-metrics-kube-p-prometheus\" not found" ``` Describing how to install a monitoring system, shipping our own wrapper chart, and documenting how to install it shouldn't be something we did in first place. It's a potential endless game of whack-a-mole with upstream changes, and mirroring it downstream in our documentation shouldn't be part of wire-server. Instead, describe what wire-server can do, how it marks its metrics endpoints via ServiceMonitor, and refer to the upstream docs of two commonly used metrics operators.
* refactor: build UserSpec tests out of more composable pieces
Co-authored-by: Marko Dimjašević <marko.dimjasevic@wire.com> Co-authored-by: Stefan Matting <stefan@wire.com>
Co-authored-by: Zebot <zebot@users.noreply.github.com>
Co-authored-by: Zebot <zebot@users.noreply.github.com>
Major changes: 1. Instead of pinning things in `cabal.project`, we pin them in `nix/haskell-pins.nix`. This allows us to share built artefacts among the team and helps us avoid problems of compiling things with newer C libraries because cabal doesn't invalidate the built artefacts in the cabal-store. 2. Images are built using nixpkgs' `dockerTools.streamLayeredImage`. This allows us to build minimal images without needing a docker daemon to be running. This also helps us cache most of our images in the nix cache. 3. Every time any cabal file is changed or a new package is added, we must run `make regen-local-nix-derivations`. This will update various nix derivations we have for our project. This is protected by `make check-local-nix-derivations` which runs as a dependency of `make lint-all` in CI. Co-authored-by: Stefan Matting <stefan@wire.com>
Co-authored-by: Akshay Mankar <akshay@wire.com>
* Makefile: Avoid building haddocks while building production images * Add changelog for nix builds, forgotten in #2331
… http(s) managers (#2772) * cacert-fixup attempt * Use SSL.contextSetDefaultVerifyPaths so we respect SSL_CERT_FILE env var * Revert "cacert-fixup attempt" This reverts commit 398cec1. No need. * Set SSL_CERT_FILE in all docker images * Changelog * Redundant imports * more redundant imports Co-authored-by: Akshay Mankar <akshay@wire.com>
* New version of hlint is more reliable * Change file check for -all * Fixed compilation breaking b/c of operation order? * Fixed lint script -k true * Apply lint correctly
* Fix content type used when testing MLS commit bundles * shellcheck .cabal file * Must not forget to regen derivations
…m clients/TM (#2786) After not using the wire client for some time, it can easily happen that many conversations have many assets that should be downloaded. We may wish to be more lenient on asset download (well, getting signed URLs to download assets) requests. See https://wearezeta.atlassian.net/browse/SQCORE-1372 and https://wearezeta.atlassian.net/browse/SQSERVICES-1763
* Refactor for clarity. * More hints in case of compiler errors. * Make `make full-clean` fuller.
* Use ormolu 0.5.0.1 in dev environment * use ghc92 * add ormolu fixity configuration * reformat all files * Formatted pending changes from develop Co-authored-by: Igor Ranieri <igor@elland.me>
Co-authored-by: jschaul <jschaul@users.noreply.github.com>
* Check external commit criteria - Extract the key package from the update path - Validate key package before replacing the old one * Fix the serialiseMLS instance for `Sender 'MLSPlainText` * Update the mls-test-cli reference * Integration tests for external commits
* Add optional client ID to tokens * Add client ID to access token * Access can now take a client ID * Add client ID access test * More client ID access tests * hlint * Regenerate nix derivations * Change client ID field in token libzauth expects one-letter fields * Disable automatic formatting in libzauth * Test client id token metadata * Add Z-Client variable * Add ZClient combinator * Add CHANGELOG entry * Check validity of client ID on access * Throw error on /access with a different client ID * Add Z-Client header to nginz in charts
* nix: Pin openssl to 1.1 * Revert "nix: Pin openssl to 1.1" This causes a world rebuild of nixpkgs (which takes a lot of time), and the build in CI doesn't complete successfully anyhow. This reverts commit dc1f54e. * nix: selectively pin openssl to 1.1 for Haskell packages. This injects openssl 1.1 into the build of specifically the HsOpenSSL package, which other Haskell derivations depend on for TLS functionality. Co-authored-by: Molly Miller <molly.miller@wire.com>
* chore: add advisory regarding openssl * name files consistently to have security responses show up ordered by date * Set reversed order to have most recent entry on top Co-authored-by: jschaul <jschaul@users.noreply.github.com>
Co-authored-by: Zebot <zebot@users.noreply.github.com>
* `GET /api/event-notification-schemas` for server-initiated events * s/TODO/FUTUREWORK/g
zebot
added
the
ok-to-test
smatting
approved these changes
Nov 3, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
[2022-11-03] (Chart Release 4.26.0)
Release notes
If you have not upgraded to release 2021-03-21 (Chart Release 2.103.0) yet, please do that now!
NB: we only support releases 6 months back, so this should not be an issue. But in this particular case we are positive that things will break if you don't do an intermediate upgrade. (Remove deprecated spar table in cassandra. #2768)
Build docker images using nix derivations instead of Dockerfiles (Generate/write nix derivations for all the haskell code #2331, Avoid building haddocks while building production images #2771, Fixup to nixification: correctly load root CA TLS/SSL certificates in http(s) managers #2772, nix: fix typo in optimized nix builds #2775, nix: Use pkgs.buildEnv for development environment #2776)
Upgrade team-settings version to 4.13.0-v0.31.5-0-4754212 (Update team-settings version in Helm chart [skip ci] #2180)
Upgrade webapp version to 2022-11-02-production.0-v0.31.9-0-337e400 (Update webapp version in Helm chart [skip ci] #2302)
The experimental wire-server-metrics helm chart has been removed.
These were mostly a wrapper around prometheus operator. It makes more sense to
refer to the upstream docs of Prometheus Operator or Grafana Agent Operator for
installation instead. (charts/wire-server-metrics: drop #2740)
API changes
Do not expose swagger-ui on prod systems (to minimize attack surface) (Disable swagger-ui in prod. #2800)
Change mime type of body of /v3/mls/commit-bundles endpoint (FS-1059 Change commit-bundle body type to protobuf format #2773)
Stop rate-limiting asset-signed-url requests on /assets/.* (Stop rate-limiting asset-signed-url requests #2786)
The
/accessendpoint now takes an optionalclient_idquery parameter. The first time it is provided, a new user token will be generated containing the given client ID. Successive invocations of/accesswill ignore theclient_idparameter. Some endpoints can now potentially require a client ID as part of the access token. When trying to invoke them with an access token that does not contain a client ID, an authentication error will occur. (Add client ID to tokens #2764)Features
Introduce support for external commits in MLS ([FS-919] Support Basic Processing of External Commits #2765)
The
GET /teams/{tid}/membersendpoint now supports pagination ([SQSERVICES 1769] Allow pagination for team endpoints #2802)Bug fixes and other updates
Documentation
tentatively allow
GET /api/event-notification-schemasfor json schemas of server-initiated events (missing pieces tracked in https://wearezeta.atlassian.net/browse/FS-1008) (json schemas for event notifications from haskell types #2739)Fix copyright date on docs.wire.com (fix copyright date in the docs #2792)
Improve and cross-link documentation on SNS / push notifications. (#PR_NOT_FOUND)
Add extension sphinx-reredirects and configuration to generate simple JavaScript based redirects to new locations of previously inconsistently named files/URLs. (fixup: add redirects for pages renamed in #2808 #2811)
Internal changes
Convert brig's auth endpoints to servant (Servantify brig's auth API #2750)
bump nginx-module-vts from v0.1.15 to v0.2.1 (bump nginx-module-vts from v0.1.15 to v0.2.1 #2793)
Remove deprecated table for storing scim external_ids.
Data has been migrated away in release 2021-03-21 (Chart Release 2.103.0) (see
/services/spar/migrate-data/src/Spar/DataMigration/V1_ExternalIds.hs); last time it has been touched in production is before upgrade to release 2021-03-23 (Chart Release 2.104.0). (Remove deprecated spar table in cassandra. #2768)Refactor some internal Scim user tests (Refactor Scim.Scim.UserSpec tests to use composable pieces #2762)
Reduce the payload size of internal
client.deleteevent (Reduce payload size for internal client.delete event #2807, Make FromJSON instance of InternalNotification backwards-compatible #2816)Bump servant-swagger-ui package. (Bump servant-swagger-ui package #2747)
Increase charts/galley memory limit to 500M. (Higher memory limit for galley #2798)
Add RPC, ServiceRPC and GalleyProvider effects to brig (Brig Polysemy: Galley RPC effect #2653)
Use locally build schema binaries for db migrations and execute them right before running integration tests. (Use locally built schema binaries for db migrations #2791)
Rename the make targets from
db-migrate-packageanddb-reset-packagetodb-migrateanddb-resetand allow migrating and resetting all keyspaces. (Use locally built schema binaries for db migrations #2791)Add a Make target for ghci (Add a repl target to Makefile #2749)
Upgrade nginz/nginx to 1.22.1 (nginz: upgrade nginx version #2777)
The dev environment provided by nix now contains all the haskell packages
compiled by nix. This could casue linker errors while compiling haskell code in
this repo. One way to get resolve them is to delete the 'dist-newstyle'
directory. (Generate/write nix derivations for all the haskell code #2331)
Implemented a new intersperse combinator for Polysemy (Polysemy: intersperse combinator #2767)
Add a Concurrency effect for Polysemy (Polysemy concurrency effect #2748)
Don't fail client deletion when mls remove key is undefined (Update error checking for MLS removal key & add operator documenteation #2738)
Migrate stern to swagger2-ui (remaining backwards compatible with circulating backoffice images) (see also Servantify stern #2742 from last release) (Servantify stern #2744)
Gundeck push token API and notification API is migrated to Servant ([SQSERVICES-1646] Servantify Gundeck #2769)
Delete
deploy/services-demodirectory (Delete services-demo #2789)Upgrade Servant to 0.19 (Upgrade to Servant 0.19 #2809)