wireapp · mohitrajain · Feb 20, 2026 · Nov 28, 2025 · Nov 28, 2025 · Dec 17, 2025
@@ -25,6 +25,7 @@ Fixes ${ISSUE_URL}
 Add one or more labels to trigger offline builds:
 - `build-default` - Full production build (ansible, terraform, all packages)
 - `build-demo` - Demo/WIAB build
+- `build-wiab-staging` - WIAB-staging build
 - `build-min` - Minimal build (fastest, essential charts only)
 - `build-all` - Run all three builds
 

@@ -9,21 +9,22 @@
 #   - No label: No builds run (must add label to trigger builds)
 #   - 'build-default': Builds only default profile
 #   - 'build-demo': Builds only demo profile
+#   - 'build-wiab-staging' - Builds only wiab-staging profile
 #   - 'build-min': Builds only min profile
 #   - 'build-all': Explicitly builds all profiles (useful for workflow changes)
 #
 # Push to master/develop: Always builds all profiles regardless of labels
 #
 on:
   push:
-    branches: [master, develop]
+    branches: ["**"]
     tags: [v*]
     paths-ignore:
       - "*.md"
       - "**/*.md"
   pull_request:
     types: [synchronize, reopened, labeled]
-    branches: [master, develop]
+    branches: ["**"]
     paths-ignore:
       - "*.md"
       - "**/*.md"
@@ -32,9 +33,9 @@ jobs:
   build-default:
     name: Build default profile
     if: |
-      github.event_name == 'push' ||
       contains(github.event.pull_request.labels.*.name, 'build-all') ||
-      contains(github.event.pull_request.labels.*.name, 'build-default')
+      contains(github.event.pull_request.labels.*.name, 'build-default') ||
+      contains(github.event.pull_request.labels.*.name, 'build-wiab-staging')
     runs-on:
       group: wire-server-deploy
     outputs:
@@ -72,6 +73,27 @@ jobs:
           AWS_SECRET_ACCESS_KEY: '${{ secrets.AWS_SECRET_ACCESS_KEY }}'
           AWS_REGION: "eu-west-1"
 
+  verify-default:
+    name: Verify default profile
+    needs: build-default
+    if: |
+      contains(github.event.pull_request.labels.*.name, 'build-all') ||
+      contains(github.event.pull_request.labels.*.name, 'build-default')
+    runs-on:
+      group: wire-server-deploy
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          submodules: true
+      - uses: cachix/install-nix-action@v27
+      - uses: cachix/cachix-action@v15
+        with:
+          name: wire-server
+          signingKey: "${{ secrets.CACHIX_SIGNING_KEY }}"
+
+      - name: Install nix environment
+        run: nix-env -f default.nix -iA env
+
       - name: Install terraform
         uses: hashicorp/setup-terraform@v3
         with:
@@ -89,6 +111,45 @@ jobs:
         env:
           HCLOUD_TOKEN: '${{ secrets.HCLOUD_TOKEN }}'
 
+  # verify wiab-staging profile
+  verify-wiab-staging:
+    name: Verify wiab staging profile
+    needs: build-default
+    if: |
+      contains(github.event.pull_request.labels.*.name, 'build-all') ||
+      contains(github.event.pull_request.labels.*.name, 'build-wiab-staging')
+    runs-on:
+      group: wire-server-deploy
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          submodules: true
+      - uses: cachix/install-nix-action@v27
+      - uses: cachix/cachix-action@v15
+        with:
+          name: wire-server
+          signingKey: "${{ secrets.CACHIX_SIGNING_KEY }}"
+
+      - name: Install nix environment
+        run: nix-env -f default.nix -iA env
+
+      - name: Install terraform
+        uses: hashicorp/setup-terraform@v3
+        with:
+          terraform_version: "^1.3.7"
+          terraform_wrapper: false
+
+      - name: Deploy offline wiab-staging environment to hetzner
+        run: ./offline/cd_staging.sh
+        env:
+          HCLOUD_TOKEN: '${{ secrets.HCLOUD_TOKEN }}'
+
+      - name: Clean up hetzner wiab-staging environment; just in case
+        if: always()
+        run: (cd terraform/examples/wiab-staging-hetzner ; terraform init && terraform destroy -auto-approve)
+        env:
+          HCLOUD_TOKEN: '${{ secrets.HCLOUD_TOKEN }}'
+
   # Build container in parallel
   build-container:
     name: Build container
@@ -118,7 +179,6 @@ jobs:
   build-demo:
     name: Build demo profile
     if: |
-      github.event_name == 'push' ||
       contains(github.event.pull_request.labels.*.name, 'build-all') ||
       contains(github.event.pull_request.labels.*.name, 'build-demo')
     runs-on:
@@ -179,7 +239,6 @@ jobs:
   build-min:
     name: Build min profile
     if: |
-      github.event_name == 'push' ||
       contains(github.event.pull_request.labels.*.name, 'build-all') ||
       contains(github.event.pull_request.labels.*.name, 'build-min')
     runs-on:

@@ -1,25 +1,29 @@
 #
 # Follow the guidelines from DataStax for upgrades.
 #
-  hosts: "cassandra"
+- hosts: "cassandra"
   any_errors_fatal: yes
   gather_facts: no
   serial: 1
   vars:
-    cluster_name: default
+    cassandra_cluster_name: default
   vars_files:
     - roles-external/ansible-cassandra/defaults/main.yml
   tasks:
     - action: ec2_metadata_facts
-    - include: tasks/cassandra_cluster_healthy.yml
+      when: not (offline | default(false))
+    - include_tasks: tasks/cassandra_cluster_healthy.yml
       vars:
-        cassandra_role: "cassandra_{{ cluster_name }}"
+        cassandra_role: cassandra
+        dry_run: true
         # TODO: Adjust this value accordingly!
         expected_num_schemas: 1
 
     - name: 'Cassandra: upgrade sstables'
       shell: nodetool upgradesstables
 
-    - include: roles-external/ansible-cassandra/tasks/repairs_backups.yml
-      vars:
-        cassandra_cluster_name: "{{ cluster_name }}"
+    # Skip repairs_backups setup in offline environments
+    # - include_tasks: ../roles-external/ansible-cassandra/tasks/repairs_backups.yml
+    #   vars:
+    #     cassandra_cluster_name: "{{ cassandra_cluster_name }}"
+    #   when: not (offline | default(false))
@@ -2,28 +2,33 @@
   hosts: cassandra
   gather_facts: yes
   vars_files:
-    - roles/cassandra/defaults/main.yml
+    - roles-external/ansible-cassandra/defaults/main.yml
 
   tasks:
     # First let's ensure that are no repairs on _any_ nodes
-    - include: tasks/cassandra_remove_cron.yml
+    - include_tasks: tasks/cassandra_remove_cron.yml
       vars:
-        cluster_name: default
-    - include: tasks/cassandra_wait_ongoing_repair.yml
+        cassandra_cluster_name: default
+    - include_tasks: tasks/cassandra_wait_ongoing_repair.yml
 
 - name: Prepare the nodes
   hosts: cassandra
   any_errors_fatal: yes
   gather_facts: no
   serial: 1
+  vars:
+    cassandra_cluster_name: default
   tasks:
     - name: 'Cassandra: first upgrade sstables'
       shell: nodetool upgradesstables
 
     - name: 'Cassandra: run repairs'
       shell: nodetool repair -full -pr 2>&1 | systemd-cat -t cassandra_repair
 
-    - include: tasks/cassandra_cluster_healthy.yml
+    - include_tasks: tasks/cassandra_cluster_healthy.yml
+      vars:
+        cassandra_role: cassandra
+        dry_run: true
 
     - name: 'Cassandra: backup the data'
-      shell: /usr/local/bin/cassandra_backup_{{ cluster_name }} 2>&1 | systemd-cat -t cassandra_daily_backup
+      shell: /usr/local/bin/cassandra_backup_{{ cassandra_cluster_name }} 2>&1 | systemd-cat -t cassandra_daily_backup
@@ -1,9 +1,19 @@
+#
+# TODO: This playbook needs updates for offline/systemd environments:
+# - cassandra_up.yml references runit (not systemd)
+# - cassandra_up.yml uses AWS-specific variables (ansible_ec2_local_ipv4, routing_table)
+# - cassandra_up.yml needs offline mode support
+#
+# For now, use manual restart approach:
+#   ssh <node> 'sudo systemctl restart cassandra.service'
+#   Wait for startup, then verify with: nodetool version && nodetool status
+#
 - name: restart cassandra nodes
   hosts: "cassandra"
   any_errors_fatal: yes
   gather_facts: no
   serial: 1
   tasks:
-    - include: tasks/cassandra_cluster_healthy.yml
-    - include: tasks/cassandra_down.yml
-    - include: tasks/cassandra_up.yml
+    - include_tasks: tasks/cassandra_cluster_healthy.yml
+    - include_tasks: tasks/cassandra_down.yml
+    - include_tasks: tasks/cassandra_up.yml