add separate GH Action for bund artifact

.github/workflows/bund-artifact.yml

@@ -0,0 +1,70 @@
+on:
+  push:
+    branches: [master, develop]
+    tags: [ v* ]
+  pull_request:
+    branches: [master, develop]
+jobs:
+  offline:
+    name: Prepare bund offline package
+    # Useful to skip expensive CI when writing docs
+    if: "!contains(github.event.head_commit.message, 'skip ci')"
+    runs-on:
+      group: wire-server-deploy
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          submodules: true
+      - uses: cachix/install-nix-action@v27
+      - uses: cachix/cachix-action@v15
+        with:
+          name: wire-server
+          signingKey: "${{ secrets.CACHIX_SIGNING_KEY }}"
+
+      - name: Install nix environment
+        run: nix-env -f default.nix -iA env
+
+      - name: Run offline build
+        run: ./offline/ci.sh '["elasticsearch-curator", "fluent-bit", "kibana", "redis-cluster", "inbucket", "aws-ingress", "backoffice", "calling-test", "nginx-ingress-controller", "postgresql"]'
+        env:
+          GPG_PRIVATE_KEY: '${{ secrets.GPG_PRIVATE_KEY }}'
+          DOCKER_LOGIN: '${{ secrets.DOCKER_LOGIN }}'
+
+      - name: Get upload name
+        id: upload_name
+        run: |
+          # FIXME: Tag with a nice release name using the github tag...
+          # SOURCE_TAG=${GITHUB_REF#refs/tags/}
+          echo ::set-output name=UPLOAD_NAME::$GITHUB_SHA-bund
+          # echo ::set-output name=UPLOAD_NAME::${SOURCE_TAG:-$GITHUB_SHA}
+
+      - name: Copy assets tarball to S3
+        run: |
+          aws s3 cp assets.tgz s3://public.wire.com/artifacts/wire-server-deploy-static-${{ steps.upload_name.outputs.UPLOAD_NAME }}.tgz
+          echo "Uploaded to: https://s3-$AWS_REGION.amazonaws.com/public.wire.com/artifacts/wire-server-deploy-static-${{ steps.upload_name.outputs.UPLOAD_NAME }}.tgz"
+        env:
+          AWS_ACCESS_KEY_ID: '${{ secrets.AWS_ACCESS_KEY_ID }}'
+          AWS_SECRET_ACCESS_KEY: '${{ secrets.AWS_SECRET_ACCESS_KEY }}'
+          AWS_REGION: "eu-west-1"
+
+      - name: Build and upload wire-server-deploy container
+        run: |
+          container_image=$(nix-build --no-out-link -A container)
+
+          skopeo copy --dest-creds "$DOCKER_LOGIN" \
+            docker-archive:"$container_image" \
+            "docker://quay.io/wire/wire-server-deploy:${{ steps.upload_name.outputs.UPLOAD_NAME }}"
+        env:
+          DOCKER_LOGIN: '${{ secrets.DOCKER_LOGIN }}'
+
+      - name: Deploy offline environment to hetzner
+        run: |
+          ./offline/cd.sh
+        env:
+          HCLOUD_TOKEN: '${{ secrets.HCLOUD_TOKEN }}'
+
+      - name: Clean up hetzner environment; just in case
+        if: always()
+        run: (cd terraform/examples/wire-server-deploy-offline-hetzner ; terraform init && terraform destroy -auto-approve)
+        env:
+          HCLOUD_TOKEN: '${{ secrets.HCLOUD_TOKEN }}'

offline/ci.sh

@@ -2,6 +2,9 @@
 set -euo pipefail
 
 INCREMENTAL="${INCREMENTAL:-0}"
+HELM_CHART_EXCLUDE_LIST=${1:-'["inbucket"]'}
+
+echo "Excluding following charts from the release: $HELM_CHART_EXCLUDE_LIST"
 
 # Build the container image
 container_image=$(nix-build --no-out-link -A container)
@@ -138,7 +141,13 @@ legacy_chart_release() {
 wire_build_chart_release () {
   set -euo pipefail
   wire_build="$1"
-  curl "$wire_build" | jq -r '.helmCharts | with_entries(select(.key != "inbucket")) | to_entries | map("\(.key) \(.value.repo) \(.value.version)") | join("\n") '
+  curl "$wire_build" | jq -r --argjson HELM_CHART_EXCLUDE_LIST "$HELM_CHART_EXCLUDE_LIST" '
+  .helmCharts
+  | with_entries(select([.key] | inside($HELM_CHART_EXCLUDE_LIST) | not))
+  | to_entries
+  | map("\(.key) \(.value.repo) \(.value.version)")
+  | join("\n")
+  '
 }
 
 # pull_charts() accepts charts in format