Otherwise builds fail with:
```
15:15:22 [16:15:22]: Cloning remote git repo...
15:15:22 [16:15:22]: If cloning the repo takes too long, you can use the `clone_branch_directly` option in match.
15:15:23 Cloning into '/tmp/d20230425-79805-70bge2'...
15:15:23 git@github.com: Permission denied (publickey).
15:15:23 fatal: Could not read from remote repository.
```
Depends on: https://github.com/status-im/status-jenkins-lib/pull/63
Signed-off-by: Jakub Sokołowski <jakub@status.im>
This way people don't have to ask me for access to logs from CI hosts to
be acquired using SSH access, but instead they will be simply included
in Jenkins build artifacts.
Signed-off-by: Jakub Sokołowski <jakub@status.im>
Since uploads to SauceLabs were dropped from `Fastfile` in:
https://github.com/status-im/status-mobile/pull/14969
Also dropped:
- Useless Diawi upload of APK
- Useless DO Spaces upload of IPA
Signed-off-by: Jakub Sokołowski <jakub@status.im>
Possible fix for slow upload speeds and failures caused by most probably
hitting per-bucket rate limits of DigitalOcean:
>- 500 total operations per second to any individual bucket.
>- 300 combined PUT, POST, COPY, DELETE, and LIST operations per second to any individual Space. We may further limit LIST operations if necessary under periods of high load.y
https://docs.digitalocean.com/products/spaces/details/limits/#rate-limits
Depends on: https://github.com/status-im/status-jenkins-lib/pull/52
Signed-off-by: Jakub Sokołowski <jakub@status.im>
Otherwise the upload fails with `400 Bad Request` due to size:
```
bundler: failed to load command: fastlane (/Users/jenkins/.bundle/ruby/2.7.0/bin/fastlane)
/Users/jenkins/.bundle/ruby/2.7.0/gems/rest-client-2.1.0/lib/restclient/abstract_response.rb:249:in `exception_with_response': 400 Bad Request (RestClient::BadRequest)
```
Because release builds are over 100 MB:
```
> ls -l StatusIm-Mobile-v1.20.0-59567a.ipa
-rw-r--r-- 1 jakubgs jakubgs 104M Sep 7 15:50 StatusIm-Mobile-v1.20.0-59567a.ip
```
And the Diawi free account limit is 75 MB:
https://www.diawi.com/features-services
Signed-off-by: Jakub Sokołowski <jakub@status.im>
Otherwise we get weird failures like these:
```
clang-11: error: cannot use 'cpp-output' output with multiple -arch options
clang-11: error: invalid argument '-mmacos-version-min=10.12' not allowed with '-miphoneos-version-min=8.0'
clang-11: error: invalid argument '-mmacos-version-min=10.12' not allowed with '-miphoneos-version-min=8.0'
```
Depends on: https://github.com/status-im/status-jenkins-lib/pull/47
Signed-off-by: Jakub Sokołowski <jakub@status.im>
This way we can make PRs depend only on successful tests, and not whole
builds for all platforms, which take 10 minutes or more.
Signed-off-by: Jakub Sokołowski <jakub@status.im>
This way the name of the repo makes at least some sense and
matches the `status-desktop` repo naming.
Also updated `status-jenkins-lib` since it also contained
references to `status-react` repo and job names.
Signed-off-by: Jakub Sokołowski <jakub@status.im>
This has several benefits:
* Less abuse of `extra-sandbox-paths` Nix option
* Less inputs to the Android release build derivation
* Easier for users to sign the build themselves
* Simplification of `scripts/release-android.sh`
* Preparation for building using Nix Flakes
The only two remaining credentials passed via `extra-sandbox-paths` is
the Infura and OpenSea API keys, and there is no way around that other
than passing them via Nix arguments, but that would cause them to end up
in `/nix/store` as part of `.drv` files.
I'm also renaming `release-fdroid` to `build-fdroid` to be consistent.
Depends on: https://github.com/status-im/status-jenkins-lib/pull/42
Signed-off-by: Jakub Sokołowski <jakub@status.im>
Minor upgrade done to match the version deployed in CI due to a bug
with `nix-copy-closure` which broken Nix cache jobs:
https://github.com/status-im/infra-ci/issues/49
This will not force upgrade on developes, nor require any `make nix-purge`.
If however and upgrade is wanted it can be simply done with `nix upgrade-nix`.
Signed-off-by: Jakub Sokołowski <jakub@status.im>
By using just the timestamp we increase the probability of hitting a
race condition with another build due to same filename of sandbox file.
Depends on: https://github.com/status-im/status-jenkins-lib/pull/40
Signed-off-by: Jakub Sokołowski <jakub@status.im>
Will make it easier and safer to upgrade Nix on CI hosts.
Also added architecture since we are starting to mix those.
Signed-off-by: Jakub Sokołowski <jakub@status.im>
This will make identifying installed software easier.
It can also be used to generate F-Droid RPs more easily.
Depends on:
https://github.com/status-im/status-jenkins-lib/pull/35
Signed-off-by: Jakub Sokołowski <jakub@status.im>
This is required to also ad GitHub releases to `status-desktop`.
Also renamed `status-react-jenkins` to `status-jenkins-lib` for clarity.
Depends on: https://github.com/status-im/status-react-jenkins/pull/23
Signed-off-by: Jakub Sokołowski <jakub@status.im>
This changes the behavior of mobile combined builds to not publish
the results of `nightly` or `release` builds unless `PUBLISH`
parameter is set to `true`.
It also makes the `BUILD_TYPE` into a dropdown choice field with
pre-defined values, like `manual` or `e2e`.
Changes:
- Add parameter definitions for `BUILD_TYPE` and `PUBLISH`
- Move uploading of `latest.json` to `Publish` stage
- Make `Publish` stage optional based on the `PUBLISH` parameter
Requires: https://github.com/status-im/status-react-jenkins/pull/21
Signed-off-by: Jakub Sokołowski <jakub@status.im>
Signed-off-by: Andrea Maria Piana <andrea.maria.piana@gmail.com>
Using different temporary keychains does not work if we do not set
`default_keychain=true`, because `codesign` then can't find the cert:
```
error: No signing certificate "iOS Distribution" found: No "iOS Distribution" signing certificate matching team ID
```
But if we set `default_keychain=true` then we cause a race condition
when the keychain is deleted by a parallel job while another is using it
as its default.
For this reason we have to use a static keychain name and keep it
between builds.
I tried disabling `default_keychain=true` in #11378 but it worked only
because the default user keychain already had the cert.
Signed-off-by: Jakub Sokołowski <jakub@status.im>
Signed-off-by: Andrea Maria Piana <andrea.maria.piana@gmail.com>
This is a new approach to signing the iOS app by using a temporary
Keychain created only for that specific build and unlocked in advance.
By doing it this way we can avoid issues with `errSecInternalComponent`
appearing when there is no UI to open a Keychain password prompt when
running build in CI. I've described this problem in details in:
https://github.com/fastlane/fastlane/issues/15185
Thanks to `codesign:` partition ID being added to key partition list by
Fastlane `match` when importing a Keychain this approach now works:
https://github.com/fastlane/fastlane/pull/17456
Signed-off-by: Jakub Sokołowski <jakub@status.im>