When discussing caching of `status-go` with Sid I noticed that the build
we cache daily created from our nightly build is different from the
build we create locally due to a single input.
In a release CI host we can see the IPFS URL is that of Infura:
```
> find /nix/store -maxdepth 1 -name '*-status-go-*android' | tail -n1
/nix/store/2cc8ilhx5g3k2awbn4sla61n4cml2405-status-go-0.130.1-d2cce5e-android
> RESULT=$(find /nix/store -maxdepth 1 -name '*-status-go-*android' | tail -n1)
> nix show-derivation $RESULT | tr ' ' '\n' | grep IpfsGateway
github.com/status-im/status-go/params.IpfsGatewayURL=https://status-im.infura-ipfs.io/ipfs/
```
But for a local build the URL is the default, which is our own gateway:
```
> nix-build --no-out-link -A targets.status-go.mobile.android
/nix/store/1p53m7a6y1kg3vcyd8d06scf3bsyn5rk-status-go-0.157.2-47711c4-android
> RESULT=$(nix-build --no-out-link -A targets.status-go.mobile.android)
> nix show-derivation $RESULT | tr ' ' '\n' | grep IpfsGateway
github.com/status-im/status-go/params.IpfsGatewayURL=https://ipfs.status.im/
```
This difference causes builds of `status-go` that get uploaded to our
Nix cache to not match what developers locally would build, which
results in a cache miss.
This changes the Nix cache CI jobs to instead of building only dependencies
(`buildInuts`) to simply build the generic versions of `status-go` without
nightly specific inputs.
Signed-off-by: Jakub Sokołowski <jakub@status.im>
For an unknown reason the original Diawi plugin for Fastlane has been
removed from GitHub and RubyGems pages and can no longer be used.
This replaces it with a Node.js script which does the same job.
I tried using `diawi` and `diawi-nodejs-uploader` but both had issues,
one of them being depending on far too many useless packages.
Resolves: https://github.com/status-im/status-mobile/issues/15951
Signed-off-by: Jakub Sokołowski <jakub@status.im>
It only blocks CI builds for no good reason when branch has not been
rebased recently, which has no real benefit as GitHub already enforces
not merging outdated PRs. It's just annoying and wastes time.
Depends on: https://github.com/status-im/status-jenkins-lib/pull/68
Signed-off-by: Jakub Sokołowski <jakub@status.im>
For some unknown to me reason we are using a different Yarn call to
Shadow-cljs to generate the JSBundle for iOS builds, while the one
created by the Android derivation shoudl be exactly the same.
I'm changing the target to just be `make jsbundle` while keeping aliases
referencing old naming, and moving things around in `nix` folder to
reflect the fact that the derivation is no longer Android-specific.
Also, crucially, I've changed the `import` in `index.js` to use the
`./result/index.js` path, since that's what Nix creates. I'm not sure if
this clashes with any developer workflow that takes place locally, so
I'd appreciate some testing from developers.
Depends on: https://github.com/status-im/status-jenkins-lib/pull/67
Signed-off-by: Jakub Sokołowski <jakub@status.im>
Otherwise builds fail with:
```
15:15:22 [16:15:22]: Cloning remote git repo...
15:15:22 [16:15:22]: If cloning the repo takes too long, you can use the `clone_branch_directly` option in match.
15:15:23 Cloning into '/tmp/d20230425-79805-70bge2'...
15:15:23 git@github.com: Permission denied (publickey).
15:15:23 fatal: Could not read from remote repository.
```
Depends on: https://github.com/status-im/status-jenkins-lib/pull/63
Signed-off-by: Jakub Sokołowski <jakub@status.im>
Possible fix for slow upload speeds and failures caused by most probably
hitting per-bucket rate limits of DigitalOcean:
>- 500 total operations per second to any individual bucket.
>- 300 combined PUT, POST, COPY, DELETE, and LIST operations per second to any individual Space. We may further limit LIST operations if necessary under periods of high load.y
https://docs.digitalocean.com/products/spaces/details/limits/#rate-limits
Depends on: https://github.com/status-im/status-jenkins-lib/pull/52
Signed-off-by: Jakub Sokołowski <jakub@status.im>
Otherwise we get weird failures like these:
```
clang-11: error: cannot use 'cpp-output' output with multiple -arch options
clang-11: error: invalid argument '-mmacos-version-min=10.12' not allowed with '-miphoneos-version-min=8.0'
clang-11: error: invalid argument '-mmacos-version-min=10.12' not allowed with '-miphoneos-version-min=8.0'
```
Depends on: https://github.com/status-im/status-jenkins-lib/pull/47
Signed-off-by: Jakub Sokołowski <jakub@status.im>
This way the name of the repo makes at least some sense and
matches the `status-desktop` repo naming.
Also updated `status-jenkins-lib` since it also contained
references to `status-react` repo and job names.
Signed-off-by: Jakub Sokołowski <jakub@status.im>
This has several benefits:
* Less abuse of `extra-sandbox-paths` Nix option
* Less inputs to the Android release build derivation
* Easier for users to sign the build themselves
* Simplification of `scripts/release-android.sh`
* Preparation for building using Nix Flakes
The only two remaining credentials passed via `extra-sandbox-paths` is
the Infura and OpenSea API keys, and there is no way around that other
than passing them via Nix arguments, but that would cause them to end up
in `/nix/store` as part of `.drv` files.
I'm also renaming `release-fdroid` to `build-fdroid` to be consistent.
Depends on: https://github.com/status-im/status-jenkins-lib/pull/42
Signed-off-by: Jakub Sokołowski <jakub@status.im>
By using just the timestamp we increase the probability of hitting a
race condition with another build due to same filename of sandbox file.
Depends on: https://github.com/status-im/status-jenkins-lib/pull/40
Signed-off-by: Jakub Sokołowski <jakub@status.im>
This will make identifying installed software easier.
It can also be used to generate F-Droid RPs more easily.
Depends on:
https://github.com/status-im/status-jenkins-lib/pull/35
Signed-off-by: Jakub Sokołowski <jakub@status.im>
This is required to also ad GitHub releases to `status-desktop`.
Also renamed `status-react-jenkins` to `status-jenkins-lib` for clarity.
Depends on: https://github.com/status-im/status-react-jenkins/pull/23
Signed-off-by: Jakub Sokołowski <jakub@status.im>
This changes the behavior of mobile combined builds to not publish
the results of `nightly` or `release` builds unless `PUBLISH`
parameter is set to `true`.
It also makes the `BUILD_TYPE` into a dropdown choice field with
pre-defined values, like `manual` or `e2e`.
Changes:
- Add parameter definitions for `BUILD_TYPE` and `PUBLISH`
- Move uploading of `latest.json` to `Publish` stage
- Make `Publish` stage optional based on the `PUBLISH` parameter
Requires: https://github.com/status-im/status-react-jenkins/pull/21
Signed-off-by: Jakub Sokołowski <jakub@status.im>
Signed-off-by: Andrea Maria Piana <andrea.maria.piana@gmail.com>
Using different temporary keychains does not work if we do not set
`default_keychain=true`, because `codesign` then can't find the cert:
```
error: No signing certificate "iOS Distribution" found: No "iOS Distribution" signing certificate matching team ID
```
But if we set `default_keychain=true` then we cause a race condition
when the keychain is deleted by a parallel job while another is using it
as its default.
For this reason we have to use a static keychain name and keep it
between builds.
I tried disabling `default_keychain=true` in #11378 but it worked only
because the default user keychain already had the cert.
Signed-off-by: Jakub Sokołowski <jakub@status.im>
Signed-off-by: Andrea Maria Piana <andrea.maria.piana@gmail.com>
This is a new approach to signing the iOS app by using a temporary
Keychain created only for that specific build and unlocked in advance.
By doing it this way we can avoid issues with `errSecInternalComponent`
appearing when there is no UI to open a Keychain password prompt when
running build in CI. I've described this problem in details in:
https://github.com/fastlane/fastlane/issues/15185
Thanks to `codesign:` partition ID being added to key partition list by
Fastlane `match` when importing a Keychain this approach now works:
https://github.com/fastlane/fastlane/pull/17456
Signed-off-by: Jakub Sokołowski <jakub@status.im>
The env variable `INFURA_TOKEN` is used at build time of JS bundle, not
the final APK file. We never passed the `secretsFile` to the
derivation for JS bundle so it never saw the `INFURA_TOKEN`.
Signed-off-by: Jakub Sokołowski <jakub@status.im>
* `status-im-releases` for release builds
* `status-im-nightlies` for nightlies
I want to reserve the `status-im` bucket for use with the site.
Signed-off-by: Jakub Sokołowski <jakub@status.im>