status-mobile/ci/Jenkinsfile.nix-cache
Jakub Sokołowski acfa73ab43
nix: build unsigned Android APK, sign separately
This has several benefits:

* Less abuse of `extra-sandbox-paths` Nix option
* Less inputs to the Android release build derivation
* Easier for users to sign the build themselves
* Simplification of `scripts/release-android.sh`
* Preparation for building using Nix Flakes

The only two remaining credentials passed via `extra-sandbox-paths` is
the Infura and OpenSea API keys, and there is no way around that other
than passing them via Nix arguments, but that would cause them to end up
in `/nix/store` as part of `.drv` files.

I'm also renaming `release-fdroid` to `build-fdroid` to be consistent.

Depends on: https://github.com/status-im/status-jenkins-lib/pull/42

Signed-off-by: Jakub Sokołowski <jakub@status.im>
2022-05-21 11:10:11 +02:00

117 lines
3.1 KiB
Plaintext

library 'status-jenkins-lib@v1.4.3'
pipeline {
agent { label params.AGENT_LABEL }
parameters {
string(
name: 'NIX_CACHE_HOST',
description: 'FQDN of Nix binary cache host.',
defaultValue: params.NIX_CACHE_HOST ?: 'cache-01.do-ams3.nix.ci.statusim.net'
)
string(
name: 'NIX_CACHE_USER',
description: 'Username for Nix binary cache host.',
defaultValue: params.NIX_CACHE_USER ?: 'nix-cache'
)
}
environment {
/* See nix/README.md */
NIX_IGNORE_SYMLINK_STORE = 1
/* we source .bash_profile to be able to use nix-store */
NIX_SSHOPTS = "-o StrictHostKeyChecking=no source .profile;"
NIX_CONF_DIR = "${env.WORKSPACE}/nix"
}
options {
timestamps()
disableConcurrentBuilds()
/* Prevent Jenkins jobs from running forever */
timeout(time: 300, unit: 'MINUTES')
/* Limit builds retained */
buildDiscarder(logRotator(
numToKeepStr: '20',
daysToKeepStr: '30',
))
}
stages {
stage('Setup') {
steps { script {
nix.shell('nix-env -i openssh', sandbox: false, pure: false)
/* some build targets don't build on MacOS */
uname = sh(script: 'uname', returnStdout: true)
} }
}
stage('Build status-go') {
steps { script {
def platforms = ['mobile.android', 'mobile.ios']
if (uname != "Darwin") {
platforms.removeAll { it == "ios" }
}
platforms.each { os ->
nix.build(
attr: "targets.status-go.${os}.buildInputs",
sandbox: false,
link: false
)
}
} }
}
stage('Build android jsbundle') {
steps { script {
/* build/fetch things required to produce a js-bundle for android
* (e.g. maven and node repos) */
nix.build(
attr: 'targets.mobile.android.jsbundle',
sandbox: false,
pure: false,
link: false
)
} }
}
stage('Build android deps') {
steps { script {
/* build/fetch things required to build jsbundle and android */
nix.build(
attr: 'targets.mobile.android.release.buildInputs',
sandbox: false,
pure: false,
link: false
)
} }
}
stage('Build nix shell deps') {
steps { script {
/* build/fetch things required to instantiate shell.nix for TARGET=all */
nix.build(
attr: 'shells.default.buildInputs',
sandbox: false,
link: false
)
} }
}
stage('Upload') {
steps { script {
sshagent(credentials: ['nix-cache-ssh']) {
nix.shell("""
find /nix/store/ -mindepth 1 -maxdepth 1 -type d \
-not -name '*.links' -and -not -name '*-status-react-*' \
| xargs nix copy \
--to ssh-ng://${params.NIX_CACHE_USER}@${params.NIX_CACHE_HOST}
""",
pure: false
)
}
} }
}
}
post {
always { script {
nix.shell('nix-store --optimize', pure: false)
nix.shell('nix/scripts/clean.sh', pure: false)
} }
}
}