Using different temporary keychains does not work if we do not set
`default_keychain=true`, because `codesign` then can't find the cert:
```
error: No signing certificate "iOS Distribution" found: No "iOS Distribution" signing certificate matching team ID
```
But if we set `default_keychain=true` then we cause a race condition
when the keychain is deleted by a parallel job while another is using it
as its default.
For this reason we have to use a static keychain name and keep it
between builds.
I tried disabling `default_keychain=true` in #11378 but it worked only
because the default user keychain already had the cert.
Signed-off-by: Jakub Sokołowski <jakub@status.im>
Signed-off-by: Andrea Maria Piana <andrea.maria.piana@gmail.com>
If we run parallel job and a job sets a temporary keychain into a
default than another job can assume that is the user default.
The result is that one of the jobs will attempt to set a non-existent
temporary keychain into the default keychain.
This happens when we call `Fastlane::Actions::DeleteKeychainAction`:
https://github.com/fastlane/fastlane/blob/2.164.0/fastlane/lib/fastlane/actions/delete_keychain.rb#L21
Signed-off-by: Jakub Sokołowski <jakub@status.im>
This is a new approach to signing the iOS app by using a temporary
Keychain created only for that specific build and unlocked in advance.
By doing it this way we can avoid issues with `errSecInternalComponent`
appearing when there is no UI to open a Keychain password prompt when
running build in CI. I've described this problem in details in:
https://github.com/fastlane/fastlane/issues/15185
Thanks to `codesign:` partition ID being added to key partition list by
Fastlane `match` when importing a Keychain this approach now works:
https://github.com/fastlane/fastlane/pull/17456
Signed-off-by: Jakub Sokołowski <jakub@status.im>
This updates a bunch of things in the Jenkins logic.
For details of that see:
https://github.com/status-im/status-react-jenkins/pull/12
It grew out of the changes I made to make PR builds available in Desktop client:
https://github.com/status-im/nim-status-client/pull/507
Changes:
- Bump `status-react-jenkins` library to newer version, probably `1.2.0`
- Update use of `utils.pkgFilename()` in `ci/Jenkinsfile.combined`
- Make all iOS builds go into the same folder: `status-ios`
- Drop e2e build type, infer it from Android ABIs set to `x86` only
- Simplify logic in `nix/mobile/android/release.nix.`
Signed-off-by: Jakub Sokołowski <jakub@status.im>
Build PR Scheme in PR build
use named parameters, use pr_build boolean
Signed-off-by: Jakub Sokołowski <jakub@status.im>
Enable capabilities
Signed-off-by: Jakub Sokołowski <jakub@status.im>
Add custom app icon
Remove user defined profile
Add PR scheme
Explicit provide provisioning profiles
Fix pr schema
Bump jenkins
Pod bump
Describe pr_build argument
Signed-off-by: Gheorghe Pinzaru <feross95@gmail.com>
With it we can set last_hope_attempts_backoff to 5 seconds.
This should fix issues with upload wait timing out.
Signed-off-by: Jakub Sokołowski <jakub@status.im>
This way the nix expression in nix/mobile/android/targets/release-android.nix will not fail.
And the naming of build types and `.env.${type}` files will be more consistent.
Signed-off-by: Jakub Sokołowski <jakub@status.im>
it will break adding new devices, but will help workaround the isssue
that we don't have 2FA installed on our Apple ID
Signed-off-by: Igor Mandrigin <i@mandrigin.ru>
Squashe commits:
- add an e2e build target for ios
- add correct sdk and destination for simulator
- fixup! add correct sdk and destination for simulator
- drop xcarchive_path since we are not using it
- temporarily bind ios build to macos-03
- Detect installed simulator SDK and use it.
- Signed-off-by: Jakub Sokołowski <jakub@status.im>
Signed-off-by: Jakub Sokołowski <jakub@status.im>
This commit updates the version of realm-js
Vulnerability has been fixed in realm-js after we notified them
Security vulnerability in hapijs / hoek 4.2.1 (package-lock.json)
https://nvd.nist.gov/vuln/detail/CVE-2018-3728
Signed-off-by: Eric Dvorsak <eric@dvorsak.fr>
- add missing Lint step for mobile builds
- add missing upload steps for android
- prefix fastlane calls with bundle exec
- update slackSend to format for PR builds
- silence fastlane notifying slack, Jenkins already does
Signed-off-by: Jakub Sokołowski <jakub@status.im>
Realm download script didn't support it, so the simplest solution is
just to patch it and replace before iOS builds.
Signed-off-by: Igor Mandrigin <i@mandrigin.ru>
1. Don't require all the nodes to be provisioned manually to upload to Google play.
2. Don't require all the nodes to be provisioned manually to send to Slack channel.
Pass it as a credential from Jenkins instead.
Signed-off-by: Igor Mandrigin <i@mandrigin.ru>
Jakub Sokołowski
Volodymyr Kozieiev
Gheorghe Pinzaru
Pedro Pombeiro
Igor Mandrigin
Andrea Maria Piana
Chad
Igor Mandrigin
Eric Dvorsak