Skip to content

Bump wire-server to 5.25.0 and fix background-worker PostgreSQL config#867

Open
sghosh23 wants to merge 10 commits intomasterfrom
fix/bump-wire-server-5.25-pg-secrets
Open

Bump wire-server to 5.25.0 and fix background-worker PostgreSQL config#867
sghosh23 wants to merge 10 commits intomasterfrom
fix/bump-wire-server-5.25-pg-secrets

Conversation

@sghosh23
Copy link
Contributor

@sghosh23 sghosh23 commented Feb 10, 2026

Summary

  • Cherry-picks wire-builds bump to 5.25.0 from PR Update wire-builds #843 (commit aa181b84)
  • Adds missing background-worker PostgreSQL configuration and secret sync

Changes

1. offline/tasks/proc_pull_charts.sh

Cherry-picked from #843 — updates wire-builds reference to 5.25.0 (5a74084).

2. bin/offline-helm.sh

Adds .background-worker.secrets.pgPassword to sync_pg_secrets(). The function previously synced PostgreSQL passwords only to brig, galley, spar, and gundeck — but background-worker has required pgPassword since Chart 5.24.0.

3. values/wire-server/prod-values.example.yaml

  • background-worker: Adds postgresql connection config (host, port, user, dbname) and explicit postgresMigration.conversation: cassandra
  • galley: Adds explicit postgresMigration.conversation: cassandra

⚠️ Critical Note: background-worker default bug at 5.25.0

At Chart 5.25.0, the background-worker Helm chart incorrectly defaults postgresMigration.conversation to postgresql instead of cassandra (fixed in 5.26.0). Without the explicit override added in this PR:

  • User Group → Channel sync background jobs read conversations from PostgreSQL (where they don't exist yet)
  • Jobs get Nothing and silently skip member synchronization
  • No crash or error — just silent data inconsistency

This PR adds the explicit cassandra override as a workaround.

Related

  • Supersedes the wire-builds portion of Update wire-builds #843
  • Addresses background-worker PostgreSQL gap discovered during 5.5→5.25 migration planning

zebot and others added 2 commits February 10, 2026 11:48
@zebot @sghosh23
Update wire-builds to 7b0217a...5a74084
17eb55e 
Wire Server: 5.25.0

Changed charts:
- account-pages: 0.9.0-pre.1 → 0.9.0-pre.49
- wire-server: 5.23.0 → 5.25.0
- redis-ephemeral: 5.23.0 → 5.25.0
- rabbitmq: 5.23.0 → 5.25.0
- rabbitmq-external: 5.23.0 → 5.25.0
- databases-ephemeral: 5.23.0 → 5.25.0
- fake-aws: 5.23.0 → 5.25.0
- fake-aws-s3: 5.23.0 → 5.25.0
- fake-aws-sqs: 5.23.0 → 5.25.0
- aws-ingress: 5.23.0 → 5.25.0
- fluent-bit: 5.23.0 → 5.25.0
- kibana: 5.23.0 → 5.25.0
- backoffice: 5.23.0 → 5.25.0
- calling-test: 5.23.0 → 5.25.0
- demo-smtp: 5.23.0 → 5.25.0
- elasticsearch-curator: 5.23.0 → 5.25.0
- elasticsearch-external: 5.23.0 → 5.25.0
- elasticsearch-ephemeral: 5.23.0 → 5.25.0
- minio-external: 5.23.0 → 5.25.0
- cassandra-external: 5.23.0 → 5.25.0
- ingress-nginx-controller: 5.23.0 → 5.25.0
- nginx-ingress-services: 5.23.0 → 5.25.0
- reaper: 5.23.0 → 5.25.0
- restund: 5.23.0 → 5.25.0
- k8ssandra-test-cluster: 5.23.0 → 5.25.0
- webapp: 0.8.0-pre.1876 → 0.8.0-pre.1963
- ldap-scim-bridge: 5.23.0 → 5.25.0
- k8ssandra-operator: 1.16.0 → 1.18.0
- step-certificates: 1.25.0 → 1.28.6
- wire-server-enterprise: 5.23.0 → 5.25.0
- postgresql-external: 0.0.44 → 0.0.45

Build: https://raw.githubusercontent.com/wireapp/wire-builds/5a74084feeb1138925dcb671b333da0c76f88f08/build.json
@sghosh23
feat: add background-worker postgresql config and pgPassword secret s…
7e129f1 
…ync for wire-server 5.25.0

- Add .background-worker.secrets.pgPassword to sync_pg_secrets() in
  bin/offline-helm.sh so the PostgreSQL password is synced to
  background-worker values alongside brig/galley/spar/gundeck
- Add postgresql connection config (host, port, user, dbname) to
  background-worker section in prod-values.example.yaml
- Add explicit postgresMigration.conversation=cassandra for both
  galley and background-worker in prod-values.example.yaml
- The background-worker override is critical at Chart 5.25.0 where
  the Helm chart incorrectly defaults this value to "postgresql"
  instead of "cassandra", causing User Group to Channel sync jobs
  to silently skip member synchronization
@sghosh23 sghosh23 requested review from a team and julialongtin as code owners February 10, 2026 10:49
@sghosh23
Copy link
Contributor Author

sghosh23 commented Feb 17, 2026

Note on prod-values.example.yaml for 5.25.0: please keep the example.com placeholders (e.g., federationDomain, conversationCodeURI, deeplink endpoints) and do not replace them in this PR. These must be configured per deployment/host, so the file should remain a template with example values and guidance instead of hardcoding a specific domain.

@sonarqubecloud
Copy link

sonarqubecloud bot commented Feb 17, 2026

Quality Gate Failed Quality Gate failed

Failed conditions
3.1% Duplication on New Code (required ≤ 3%)

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@julialongtin julialongtin Awaiting requested review from julialongtin julialongtin is a code owner

Assignees

No one assigned

Labels

build-default

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sghosh23 @zebot