nordeck · weeman1337 · Feb 26, 2025 · Feb 10, 2025 · Feb 10, 2025 · Feb 17, 2025
@@ -0,0 +1,10 @@
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: meetings-bot-credentials
+  namespace: matrix-meetings
+type: Opaque
+stringData:
+  # Do not use in production!
+  password: randompass
@@ -0,0 +1,12 @@
+matrix-meetings-bot:
+  settings:
+    additionalEnv:
+      - name: HOMESERVER_URL
+        value: 'http://synapse.matrix-meetings.svc.cluster.local:8008'
+  init:
+    createUserAccount:
+      enabled: true
+    getFreshDeviceToken:
+      enabled: true
+    homeserver: synapse.matrix-meetings.svc.cluster.local
+    homeserverUrl: 'http://synapse.matrix-meetings.svc.cluster.local:8008'
@@ -0,0 +1,2 @@
+namespace: 'matrix-meetings'
+release-label: 'app.kubernetes.io/instance'
@@ -0,0 +1,109 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: synapse-config
+  namespace: matrix-meetings
+data:
+  homeserver.yaml: |
+    # We use sqlite for simplicity. This is NOT a produiction ready config.
+    server_name: "synapse.matrix-meetings.svc.cluster.local"
+    enable_registration: true
+    # NEVER set this in production!
+    enable_registration_without_verification: true
+    pid_file: /data/homeserver.pid
+    registration_shared_secret: "random_registration_shared_secret"
+    macaroon_secret_key: random_secret_key
+    listeners:
+      - port: 8008
+        tls: false
+        type: http
+        x_forwarded: true
+        resources:
+          - names: [client, federation]
+            compress: false
+    database:
+      name: sqlite3
+      args:
+        database: /data/homeserver.db
+    log_config: "/data/synapse.matrix-meetings.svc.cluster.local.log.config"
+    media_store_path: /data/media_store
+    report_stats: false
+    signing_key_path: "/data/synapse.matrix-meetings.svc.cluster.local.signing.key"
+  # This is needed to fix the log file path. Its otherwise https://element-hq.github.io/synapse/latest/usage/configuration/logging_sample_config.html
+  synapse.matrix-meetings.svc.cluster.local.log.config: |
+    version: 1
+    formatters:
+      precise:
+        format: '%(asctime)s - %(name)s - %(lineno)d - %(levelname)s - %(request)s - %(message)s'
+    handlers:
+      console:
+        class: logging.StreamHandler
+        formatter: precise
+    loggers:
+      synapse:
+        handlers: [console]
+        level: INFO
+    root:
+      handlers: [console]
+      level: INFO
+    disable_existing_loggers: true
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: synapse
+  namespace: matrix-meetings
+spec:
+  selector:
+    matchLabels:
+      app: synapse
+  template:
+    metadata:
+      labels:
+        app: synapse
+    spec:
+      containers:
+        - name: synapse
+          image: ghcr.io/element-hq/synapse:latest
+          resources:
+            limits:
+              memory: '128Mi'
+              cpu: '500m'
+          ports:
+            - containerPort: 8008
+          volumeMounts:
+            - name: synapse-config
+              mountPath: /data/homeserver.yaml
+              subPath: homeserver.yaml
+            - name: synapse-config
+              mountPath: /data/synapse.matrix-meetings.svc.cluster.local.log.config
+              subPath: synapse.matrix-meetings.svc.cluster.local.log.config
+            - name: synapse-data
+              mountPath: /data
+          livenessProbe:
+            httpGet:
+              path: /_matrix/client/versions
+              port: 8008
+          readinessProbe:
+            httpGet:
+              path: /_matrix/client/versions
+              port: 8008
+      volumes:
+        - name: synapse-config
+          configMap:
+            name: synapse-config
+        - name: synapse-data
+          emptyDir: {}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: synapse
+  namespace: matrix-meetings
+spec:
+  selector:
+    app: synapse
+  ports:
+    - port: 8008
+      targetPort: 8008
@@ -12,6 +12,8 @@ jobs:
     timeout-minutes: 30
     env:
       DOCKER_IMAGE: ghcr.io/nordeck/matrix-meetings-widget
+    outputs:
+      docker-tag: ${{ steps.meta.outputs.version }}
     steps:
       - uses: actions/checkout@v4
 
@@ -123,6 +125,8 @@ jobs:
     timeout-minutes: 20
     env:
       DOCKER_IMAGE: ghcr.io/nordeck/matrix-meetings-bot
+    outputs:
+      docker-tag: ${{ steps.meta.outputs.version }}
     steps:
       - uses: actions/checkout@v4
 
@@ -228,6 +232,57 @@ jobs:
           path: 'matrix-meetings-bot.sbom.spdx.json'
           retention-days: 30
 
+  helm-lint-test:
+    runs-on: ubuntu-latest
+    needs:
+      - build-bot
+      - build-widget
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0 # need main branch to diff against
+      - name: Set up Helm
+        uses: azure/setup-helm@v4
+      - uses: actions/setup-python@v5
+        with:
+          python-version: '3.12'
+          check-latest: true
+      - name: Set up chart-testing
+        uses: helm/chart-testing-action@v2.6.1
+      - name: Check if Helm charts updated (run chart-testing list-changed)
+        id: list-changed
+        run: |
+          changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }})
+          if [[ -n "$changed" ]]; then
+            echo "changed=true" >> "$GITHUB_OUTPUT"
+          fi
+      - name: Run chart-testing (lint)
+        if: steps.list-changed.outputs.changed == 'true'
+        # --validate-maintainers is disabled because it tries to resolve the name as GitHub user
+        run: ct lint --validate-maintainers=false --target-branch ${{ github.event.repository.default_branch }}
+      - name: Create kind cluster
+        if: steps.list-changed.outputs.changed == 'true'
+        uses: helm/kind-action@v1.10.0
+      - name: Prepare k8s cluster
+        if: steps.list-changed.outputs.changed == 'true'
+        run: |
+          kubectl create namespace matrix-meetings
+          # We require a running synapse for the bot to work
+          echo "Deploying synapse"
+          kubectl apply -f ./.github/synapse_deployment.yaml
+          # We require a password secret for the bot to work
+          echo "Deploying password secret"
+          kubectl apply -f ./.github/bot_secret.yaml
+      - name: Run chart-testing (install)
+        if: steps.list-changed.outputs.changed == 'true'
+        run: |
+          ct install --config=".github/k8s_config.yaml" --charts charts/matrix-meetings \
+          --target-branch ${{ github.event.repository.default_branch }} \
+          --helm-extra-set-args="--set=matrix-meetings-widget.image.tag=${{ needs.build-widget.outputs.docker-tag }} \
+          --set=matrix-meetings-bot.image.tag=${{ needs.build-bot.outputs.docker-tag }} \
+          -f .github/ci_values.yaml"
+
   run-changesets:
     runs-on: ubuntu-latest
     if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}

@@ -0,0 +1,39 @@
+# Matrix Meetings Widget Charts
+
+This repository contains Helm charts for deploying the Matrix Meetings Widget and Bot. The primary chart is `matrix-meetings`, which combines both the widget and the bot for a complete deployment.
+
+## Charts
+
+### matrix-meetings
+
+The `matrix-meetings` chart is the main chart that combines both the Matrix Meetings Widget and the Matrix Meetings Bot. This chart is designed to be the primary way to deploy the entire solution.
+
+#### Requirements for the bot
+
+The bot requires the following environment variables to work:
+
+- `HOMESERVER_URL`: The URL of the Matrix homeserver.
+- `ACCESS_TOKEN`: The access token of the Matrix user for the bot.
+
+You can also use the `init` section to automatically create and log in a bot user if you provide a secret named "meetings-bot-credentials" with the key "password" present. However, the `HOMESERVER_URL` must still be provided and must match `init.homeserver`.
+
+To set the required values, you need to customize the `values.yaml` file of the charts. Here is an example of how to set the required values:
+
+```yaml
+matrix-meetings-bot:
+  settings:
+    additionalEnv:
+      - name: HOMESERVER_URL
+        value: 'https://matrix-client.matrix.org'
+      - name: ACCESS_TOKEN
+        secretKeyRef:
+          name: matrix-credentials
+          key: access-token
+
+  init:
+    homeserver: 'matrix.org'
+    homeserverUrl: 'https://matrix-client.matrix.org'
+    username: bot-user
+```
+
+For more details, please check the values.yaml file of the charts.
@@ -2,6 +2,6 @@ apiVersion: v2
 name: matrix-meetings-bot
 description: A matrix bot to create Meeting Rooms with customizable settings
 type: application
-version: 0.1.0
+version: 0.1.1
 appVersion: "0.0.0"
 home: https://github.com/nordeck/matrix-meetings
@@ -1,13 +1,13 @@
-#/bin/sh
+#!/bin/sh
 set -x;
-while [ $(curl -k -sw '%{http_code}' "$HOMESERVER" -o /dev/null) -ne 302 ]; do
+while [ "$(curl -k -sw '%{http_code}' "$HOMESERVER"/_matrix/client/versions -o /dev/null)" -ne 200 ]; do
   sleep 1;
 done
-response=$(curl -k --write-out '%{http_code}' --silent --output /dev/null -X GET --header 'Accept: application/json' $HOMESERVER/_matrix/client/r0/register/available?username=$USERTOCREATE)
+response=$(curl -k --write-out '%{http_code}' --silent --output /dev/null -X GET --header 'Accept: application/json' "$HOMESERVER/_matrix/client/r0/register/available?username=$USERTOCREATE")
 if [ "$response" = 400 ]; then
     echo "Bot user already exists"
 else
   echo "Will create User $USERTOCREATE on $HOMESERVER"
-  register_new_matrix_user -a -u $USERTOCREATE -p $BOT_PASSWORD -c /data/homeserver.yaml $HOMESERVER
+  register_new_matrix_user -a -u "$USERTOCREATE" -p "$BOT_PASSWORD" -c /data/homeserver.yaml "$HOMESERVER"
 fi
 exit 0
@@ -1,10 +1,12 @@
-#/bin/sh
+#!/bin/sh
 
 # Get the login token
-TOKEN_RESPONSE=$(curl -s -X POST -H "Content-Type: application/json" -d '{"type":"m.login.password","user":"'${USERTOCREATE}'","password":"'${BOT_PASSWORD}'"}' "${HOMESERVER}/_matrix/client/r0/login")
+TOKEN_RESPONSE=$(curl -s -X POST -H "Content-Type: application/json" -d "{\"type\":\"m.login.password\",\"user\":\"${USERTOCREATE}\",\"password\":\"${BOT_PASSWORD}\"}" "${HOMESERVER}/_matrix/client/r0/login")
+
+echo "Got response: $TOKEN_RESPONSE"
 
 # Extract the access token from the response
-ACCESS_TOKEN=$(echo $TOKEN_RESPONSE | grep -o '"access_token":"[^"]*' | cut -d'"' -f4)
+ACCESS_TOKEN=$(echo "$TOKEN_RESPONSE" | grep -o '"access_token":"[^"]*' | cut -d'"' -f4)
 
 if [ "$ACCESS_TOKEN" != "null" ]; then
     echo "Login successful. Access token: $ACCESS_TOKEN"

@@ -1,4 +1,4 @@
-#/bin/sh
+#!/bin/sh
 
 USER=$(psql  -X -A -w -t   -c "select user_id from ratelimit_override where user_id='@$USERTOCREATE:$SERVER'")
 if [ "$USER" = 400 ]; then

@@ -96,7 +96,7 @@ spec:
         {{- end }}
         {{- if .Values.init.getFreshDeviceToken.enabled }}
         - name: getbottoken
-          image: {{ .Values.init.postgresClient.image }}
+          image: {{ .Values.init.synapse.image }}
           command:
             - sh
             - -x

@@ -11,5 +11,5 @@ spec:
     - name: wget
       image: busybox
       command: ['wget']
-      args: ['{{ include "matrix-meetings-bot.fullname" . }}:{{ .Values.service.port }}']
+      args: ['{{ include "matrix-meetings-bot.fullname" . }}:{{ .Values.service.port }}/v1/health']
   restartPolicy: Never
@@ -96,7 +96,7 @@ settings:
     #   }
 
     # provide a custom DEFAULT_EVENTS_CONFIG to override the defaults
-    #defaultWidgetLayoutsConfig: |
+    # defaultWidgetLayoutsConfig: |
     #  []
 
   ## Add any environment variable from `docs/configuration.md` to customize the
@@ -110,11 +110,11 @@ settings:
     ## Configure the access token (can be skipped if init.getFreshDeviceToken.enabled is activated)
     # - name: ACCESS_TOKEN
     #   secretKeyRef:
-    #     name: pg-credentials
-    #     key: db_host
+    #     name: matrix-credentials
+    #     key: access-token
 
     ## Other optional variables
-    #- name: LOG_LEVEL
+    # - name: LOG_LEVEL
     #  value: 'debug'
 
 ## Settings for the automatic creation and login to a bot user. This is optional

@@ -2,7 +2,7 @@ apiVersion: v2
 name: matrix-meetings
 description: A helper chart to deploy both the widget and the bot
 type: application
-version: 0.2.0
+version: 0.3.0
 appVersion: "0.0.0"
 home: https://github.com/nordeck/matrix-meetings
 dependencies:
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		namespace: 'matrix-meetings'
		release-label: 'app.kubernetes.io/instance'