Using different temporary keychains does not work if we do not set
`default_keychain=true`, because `codesign` then can't find the cert:
```
error: No signing certificate "iOS Distribution" found: No "iOS Distribution" signing certificate matching team ID
```
But if we set `default_keychain=true` then we cause a race condition
when the keychain is deleted by a parallel job while another is using it
as its default.
For this reason we have to use a static keychain name and keep it
between builds.
I tried disabling `default_keychain=true` in #11378 but it worked only
because the default user keychain already had the cert.
Signed-off-by: Jakub Sokołowski <jakub@status.im>
Signed-off-by: Andrea Maria Piana <andrea.maria.piana@gmail.com>
If we run parallel job and a job sets a temporary keychain into a
default than another job can assume that is the user default.
The result is that one of the jobs will attempt to set a non-existent
temporary keychain into the default keychain.
This happens when we call `Fastlane::Actions::DeleteKeychainAction`:
https://github.com/fastlane/fastlane/blob/2.164.0/fastlane/lib/fastlane/actions/delete_keychain.rb#L21
Signed-off-by: Jakub Sokołowski <jakub@status.im>
This is a new approach to signing the iOS app by using a temporary
Keychain created only for that specific build and unlocked in advance.
By doing it this way we can avoid issues with `errSecInternalComponent`
appearing when there is no UI to open a Keychain password prompt when
running build in CI. I've described this problem in details in:
https://github.com/fastlane/fastlane/issues/15185
Thanks to `codesign:` partition ID being added to key partition list by
Fastlane `match` when importing a Keychain this approach now works:
https://github.com/fastlane/fastlane/pull/17456
Signed-off-by: Jakub Sokołowski <jakub@status.im>
It's been a while and a fix for an issue I've reported a long time ago
has been merged in https://github.com/fastlane/fastlane/pull/17456. With
this fix we should see less iOS signing issues appearing as `errSecInternalComponent`.
This should also enable me to try a fix I proposed in
https://github.com/fastlane/fastlane/issues/15185 which consists of
creating a temporary unlocked keychain for each build.
Signed-off-by: Jakub Sokołowski <jakub@status.im>
This updates a bunch of things in the Jenkins logic.
For details of that see:
https://github.com/status-im/status-react-jenkins/pull/12
It grew out of the changes I made to make PR builds available in Desktop client:
https://github.com/status-im/nim-status-client/pull/507
Changes:
- Bump `status-react-jenkins` library to newer version, probably `1.2.0`
- Update use of `utils.pkgFilename()` in `ci/Jenkinsfile.combined`
- Make all iOS builds go into the same folder: `status-ios`
- Drop e2e build type, infer it from Android ABIs set to `x86` only
- Simplify logic in `nix/mobile/android/release.nix.`
Signed-off-by: Jakub Sokołowski <jakub@status.im>
Build PR Scheme in PR build
use named parameters, use pr_build boolean
Signed-off-by: Jakub Sokołowski <jakub@status.im>
Enable capabilities
Signed-off-by: Jakub Sokołowski <jakub@status.im>
Add custom app icon
Remove user defined profile
Add PR scheme
Explicit provide provisioning profiles
Fix pr schema
Bump jenkins
Pod bump
Describe pr_build argument
Signed-off-by: Gheorghe Pinzaru <feross95@gmail.com>
This caused an error on Play Store metadata update:
Google Api Error: invalidIconImage: Invalid icon image.
And the issue was using color space:
Indexed color (77 colors)
Instead of:
RGBA
Signed-off-by: Jakub Sokołowski <jakub@status.im>
With it we can set last_hope_attempts_backoff to 5 seconds.
This should fix issues with upload wait timing out.
Signed-off-by: Jakub Sokołowski <jakub@status.im>
Also:
- upgrade Go: 1.12 > 1.13
- upgrade Android SDK: 28.0.3 > 29.0.2
- nix: stop using system Fastlane for iOS builds
- nix: include CocoaPods in shell for iOS
- nix: concatenate shellHooks correctly
- fix gomobile status-go build by setting GO111MODULE=off
- fix gradle accepting empty STATUS_GO_SRC_OVERRIDE value
- don't use a pure shell for uploadToSauceLabs()
Signed-off-by: Jakub Sokołowski <jakub@status.im>
This way the nix expression in nix/mobile/android/targets/release-android.nix will not fail.
And the naming of build types and `.env.${type}` files will be more consistent.
Signed-off-by: Jakub Sokołowski <jakub@status.im>
Jakub Sokołowski
jinhojang6
Gheorghe Pinzaru
Serhy
André Medeiros
Pedro Pombeiro
snyk-bot
snyk-test
Igor Mandrigin