This has several benefits:
* Less abuse of `extra-sandbox-paths` Nix option
* Less inputs to the Android release build derivation
* Easier for users to sign the build themselves
* Simplification of `scripts/release-android.sh`
* Preparation for building using Nix Flakes
The only two remaining credentials passed via `extra-sandbox-paths` is
the Infura and OpenSea API keys, and there is no way around that other
than passing them via Nix arguments, but that would cause them to end up
in `/nix/store` as part of `.drv` files.
I'm also renaming `release-fdroid` to `build-fdroid` to be consistent.
Depends on: https://github.com/status-im/status-jenkins-lib/pull/42
Signed-off-by: Jakub Sokołowski <jakub@status.im>
Changes:
* Create `nix/config.nix` with `config` defaults
* Add `nix/tools/gradlePropParser.nix` for reading `gradle.properties`
* Add `nix/mobile/android/keystore.nix` for generating a keystore
* Load keystore generation in `nix/mobile/android/default.nix`
* Use generated keystore if it's not provided via `config`
* Add `-deststoretype pkcs12` in `scripts/generate-keystore.sh`
* Add `nix/lib/assertEnvVarSet.nix` for checking if env var is set
Signed-off-by: Jakub Sokołowski <jakub@status.im>
changes:
- Drop use of /dev/stderr, doesn't work on MacOS
- Use uname -s instead of $OS which was removed
- Remove leading whitespace that fucks with Nix
- Check if `/etc/os-release` exists before reading it
Signed-off-by: Jakub Sokołowski <jakub@status.im>
Changes:
* Drop --keep from nix/scripts/build.sh as it does nothing
* Allow scripts/release-android.sh take passwords from env
* Use env file in extra-sandbox-paths to pass keystore passwords
* Quote ever segment of Nix options to avoid parsing errors
Signed-off-by: Jakub Sokołowski <jakub@status.im>
This PR extracts all the ci/*.groovy scripts into a separate private repo located at:
https://github.com/status-im/status-react-jenkins
The main reasons for a separate repo are:
* Hiding the internal details of our CI setup
* Hiding names of Jenkins credentials available in CI jobs
* Lowering attack surface for malicious external contributors
* Increasing focus on PRs related to CI setup
You can read more about how Jenkins pipeline shared libraries work here:
https://jenkins.io/doc/book/pipeline/shared-libraries/
In simple terms I've added the repo to the main Jenkins configuration in "Global Pipeline Libraries" section and load it using:
library 'status-react-jenkins@master'
Which makes globally available all of the libraries defined in the `vars` directory of that repo.
This also eliminates the need for statements like `android = load 'ci/android.groovy'`.
Signed-off-by: Jakub Sokołowski <jakub@status.im>
changes:
- Stops scripts/generate-keystore.sh runnig for every new TARGET=android shell
- Moves running scripts/generate-keystore.sh to keystore Makefile target
- Makes generate-keystore.sh accept STATUS_RELEASE_STORE_FILE as env variable
- Fixes error about missing lsof from start-react-native.sh
- Fixes error about unknown -keystore command in scripts/generate-keystore.sh
- Fixes getting OS_NAME without calling Nix shell
- Fixes getting TMP_BUILD_NUMBER without calling Nix shell
- Adds lsof used in start-react-native.sh to Android release Nix derivation
- Simplified how nix/scripts/build.sh appends the --keep flag
- Made use of colors.sh in more scripts
Signed-off-by: Jakub Sokołowski <jakub@status.im>
Changes:
- Add missing lazy assignment for OS_NAME, fixes double Nix shells
- Moved `scripts/add-nix-gcroots.sh` to `nix/scripts/gcroots.sh`
- Moved Nix package manager setup to `nix/scripts/setup.sh`
- Created `nix/scripts/source.sh` to reuse in all Nix scripts
- Created `STARTING_GUIDE.md` with instructions for contributors
- Created `scripts/colors.sh` for definition of shell colors
- Removed `scripts/setup` in favor of `nix/scripts/setup.sh`
- Removed all of `scripts/lib` since it was useless
Signed-off-by: Jakub Sokołowski <jakub@status.im>