Commit Graph

113 Commits

Author SHA1 Message Date
Jakub Sokołowski acfa73ab43
nix: build unsigned Android APK, sign separately
This has several benefits:

* Less abuse of `extra-sandbox-paths` Nix option
* Less inputs to the Android release build derivation
* Easier for users to sign the build themselves
* Simplification of `scripts/release-android.sh`
* Preparation for building using Nix Flakes

The only two remaining credentials passed via `extra-sandbox-paths` is
the Infura and OpenSea API keys, and there is no way around that other
than passing them via Nix arguments, but that would cause them to end up
in `/nix/store` as part of `.drv` files.

I'm also renaming `release-fdroid` to `build-fdroid` to be consistent.

Depends on: https://github.com/status-im/status-jenkins-lib/pull/42

Signed-off-by: Jakub Sokołowski <jakub@status.im>
2022-05-21 11:10:11 +02:00
Jakub Sokołowski 8d62680abe
ci: use improved method to get APK architectures
Detecting APK architectures using `apkanalyzer` tool
rather than just guessing based on build type.

Depends on: https://github.com/status-im/status-jenkins-lib/pull/41

Signed-off-by: Jakub Sokołowski <jakub@status.im>
2022-05-11 14:57:00 +02:00
Jakub Sokołowski 777d0581ce
nix: upgrade from 2.6.1 to 2.8.0
Minor upgrade done to match the version deployed in CI due to a bug
with `nix-copy-closure` which broken Nix cache jobs:
https://github.com/status-im/infra-ci/issues/49

This will not force upgrade on developes, nor require any `make nix-purge`.
If however and upgrade is wanted it can be simply done with `nix upgrade-nix`.

Signed-off-by: Jakub Sokołowski <jakub@status.im>
2022-05-07 11:24:58 +02:00
Jakub Sokołowski 2bab1325d8
ci: fix nix sandbox filename by adding random string
By using just the timestamp we increase the probability of hitting a
race condition with another build due to same filename of sandbox file.

Depends on: https://github.com/status-im/status-jenkins-lib/pull/40

Signed-off-by: Jakub Sokołowski <jakub@status.im>
2022-04-27 15:07:26 +04:00
Jakub Sokołowski 0311983751
ci: upgrade Nix from 2.3.12 to 2.6.1
Due to changes in how Nix handles Git refs we need to specify
`refs/tags/` prefix in `package.json` to avoid the following error:
```
fatal: couldn't find remote ref refs/heads/v2.0.3-status-v6
error: program 'git' failed with exit code 128
```

I also had to rewrite some logic in `nix/scripts/source.sh` in order to
take account of single-user and multi-user installations.
We default to multi-user for Darwin, but not for any other OS due to
discovered issues with `nix-daemon` socket on Arch and open file limits.

I also rewrote `nix/scripts/setup.sh` and `/nix/scripts/purge.sh` to support
different types of installations. Both single-user and multi-user, as some
operating systems have issues with multi-user installations.

Resolves: https://github.com/status-im/status-react/issues/12832
Depends on: https://github.com/status-im/status-jenkins-lib/pull/37

Related changes:
* https://github.com/status-im/infra-ci/commit/84947b9f
* https://github.com/status-im/infra-ci/commit/bb98f5f3
* https://github.com/status-im/infra-ci/commit/f75d524d
* https://github.com/status-im/infra-ci/commit/d1fc92cd
* https://github.com/status-im/infra-ci/commit/87c4091e
* https://github.com/status-im/infra-ci/commit/8d6b6b3f
* https://github.com/status-im/infra-ci/commit/c4f13285
* https://github.com/status-im/infra-ci/commit/38ac698d

Signed-off-by: Jakub Sokołowski <jakub@status.im>
2022-04-11 12:26:54 +02:00
Roman Volosovskyi aa72ac5747
[#13016] Pass opensea key from env
Signed-off-by: andrey <motor4ik@gmail.com>
2022-03-21 13:59:35 +01:00
Jakub Sokołowski 525577ab17
ci: specify nix version via agent label
Will make it easier and safer to upgrade Nix on CI hosts.

Also added architecture since we are starting to mix those.

Signed-off-by: Jakub Sokołowski <jakub@status.im>
2022-01-12 18:21:28 +01:00
Jakub Sokołowski 79be879306
ci: upgrade library and use of pkgFilename()
Depends on: https://github.com/status-im/status-jenkins-lib/pull/36

Signed-off-by: Jakub Sokołowski <jakub@status.im>
2021-09-28 21:25:34 +02:00
Jakub Sokołowski e2c18ea151
add commit hash to app metadata for Android and iOS
This will make identifying installed software easier.
It can also be used to generate F-Droid RPs more easily.

Depends on:
https://github.com/status-im/status-jenkins-lib/pull/35

Signed-off-by: Jakub Sokołowski <jakub@status.im>
2021-09-21 11:48:45 +02:00
Andrea Maria Piana 45b9fd4b91
[Fixes: #12607] Edit messages
Signed-off-by: Andrea Maria Piana <andrea.maria.piana@gmail.com>
2021-06-29 13:18:52 +02:00
Jakub Sokołowski c20d6b5782
ci: do no delete non-draft releases
We identified this issue in status-desktop release from branch
`release/0.1.0-beta.10` which had old version in VERSION file.
https://ci.status.im/job/status-desktop/job/release/job/release%252F0.1.0-beta.10/

Depends on: https://github.com/status-im/status-jenkins-lib/pull/28

Signed-off-by: Jakub Sokołowski <jakub@status.im>
2021-06-08 09:19:36 +02:00
Jakub Sokołowski dd0031f68e
ci: add PR numbers to filenames of artifacts
This is useful for QA team when they download multiple builds.

Signed-off-by: Jakub Sokołowski <jakub@status.im>
2021-05-02 22:19:03 +02:00
Jakub Sokołowski cf9f160de9
ci: nicer artifact filenames for release builds
Depends on: https://github.com/status-im/status-jenkins-lib/pull/24

Signed-off-by: Jakub Sokołowski <jakub@status.im>
2021-04-28 17:25:39 +02:00
Jakub Sokołowski 594c83013c
ci: upgrade jenkins lib to 1.2.12 to generalize GH release
This is required to also ad GitHub releases to `status-desktop`.

Also renamed `status-react-jenkins` to `status-jenkins-lib` for clarity.

Depends on: https://github.com/status-im/status-react-jenkins/pull/23

Signed-off-by: Jakub Sokołowski <jakub@status.im>
2021-04-19 11:47:34 +02:00
Jakub Sokołowski d946d473c6 fastlane: use Apple Store Connect API for CI builds
Because our CI Apple account still has 2FA disabled in order for it to
be usable in Jenkin it is now failing with an error that seems unrelated
to 2FA.

The recommended way of doing Apple authentication for CI are App Store
Connect API JWTs. The API appears to support both pushing builds as well as
updating metadata and other tasks like refreshing of provisioning
profiles.

Fixes: https://github.com/status-im/status-react/issues/11713
Issue: https://github.com/fastlane/fastlane/issues/18098
Docs: https://docs.fastlane.tools/app-store-connect-api/

Signed-off-by: Jakub Sokołowski <jakub@status.im>
2021-02-04 15:10:07 +01:00
Jakub Sokołowski 9889e80bbd
ci: parametrize publishing, make BUILD_TYPE a choice
This changes the behavior of mobile combined builds to not publish
the results of `nightly` or `release` builds unless `PUBLISH`
parameter is set to `true`.

It also makes the `BUILD_TYPE` into a dropdown choice field with
pre-defined values, like `manual` or `e2e`.

Changes:
- Add parameter definitions for `BUILD_TYPE` and `PUBLISH`
- Move uploading of `latest.json` to `Publish` stage
- Make `Publish` stage optional based on the `PUBLISH` parameter

Requires: https://github.com/status-im/status-react-jenkins/pull/21

Signed-off-by: Jakub Sokołowski <jakub@status.im>
Signed-off-by: Andrea Maria Piana <andrea.maria.piana@gmail.com>
2021-01-08 12:54:17 +01:00
Andrea Maria Piana b5a6f1b78f
Add nix purge command and change the behavior of nix clean
Signed-off-by: Andrea Maria Piana <andrea.maria.piana@gmail.com>
2020-12-23 09:08:46 +01:00
Jakub Sokołowski 458ef05740
bump jenkins library to 1.2.8 to add keychain password
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2020-12-02 19:34:10 +01:00
Jakub Sokołowski b62ff59f16
ci: make GitHub build links use CDN for downloads
Should speed up downloads for some geographical locations.

Signed-off-by: Jakub Sokołowski <jakub@status.im>
2020-12-02 15:53:17 +01:00
Jakub Sokołowski 0b8c673094
ci: fix iOS signing, use same keychain name
Using different temporary keychains does not work if we do not set
`default_keychain=true`, because `codesign` then can't find the cert:
```
error: No signing certificate "iOS Distribution" found: No "iOS Distribution" signing certificate matching team ID
```
But if we set `default_keychain=true` then we cause a race condition
when the keychain is deleted by a parallel job while another is using it
as its default.

For this reason we have to use a static keychain name and keep it
between builds.

I tried disabling `default_keychain=true` in #11378 but it worked only
because the default user keychain already had the cert.

Signed-off-by: Jakub Sokołowski <jakub@status.im>
Signed-off-by: Andrea Maria Piana <andrea.maria.piana@gmail.com>
2020-11-17 10:16:32 +01:00
Jakub Sokołowski 3b780f4ff2
fastlane: Create temporary Keychain for iOS signing
This is a new approach to signing the iOS app by using a temporary
Keychain created only for that specific build and unlocked in advance.

By doing it this way we can avoid issues with `errSecInternalComponent`
appearing when there is no UI to open a Keychain password prompt when
running build in CI. I've described this problem in details in:
https://github.com/fastlane/fastlane/issues/15185

Thanks to `codesign:` partition ID being added to key partition list by
Fastlane `match` when importing a Keychain this approach now works:
https://github.com/fastlane/fastlane/pull/17456

Signed-off-by: Jakub Sokołowski <jakub@status.im>
2020-11-03 00:03:38 +01:00
Jakub Sokołowski c4cac2cef7
fix availability of INFURA_TOKEN for Android build
The env variable `INFURA_TOKEN` is used at build time of JS bundle, not
the final APK file. We never passed the `secretsFile` to the
derivation for JS bundle so it never saw the `INFURA_TOKEN`.

Signed-off-by: Jakub Sokołowski <jakub@status.im>
2020-10-05 16:36:05 +02:00
Jakub Sokołowski 93ed3eb7ff
ci: add public download url to build description
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2020-10-01 17:32:10 +02:00
Jakub Sokołowski c866082cde
ci: use more buckets for different builds
* `status-im-releases` for release builds
* `status-im-nightlies` for nightlies

I want to reserve the `status-im` bucket for use with the site.

Signed-off-by: Jakub Sokołowski <jakub@status.im>
2020-09-28 20:10:14 +02:00
Jakub Sokołowski eeff44eea7
ci: fix Android release builds not splitting ABIs
This was caused by Groovy script logic not checking `params.BUILT_TYPE`.

Related: https://github.com/status-im/status-react-jenkins/pull/14

Signed-off-by: Jakub Sokołowski <jakub@status.im>
2020-08-10 14:48:23 +02:00
Jakub Sokołowski f904d7b543
nix: add --console=plain to gradle call
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2020-08-06 14:34:07 +02:00
Jakub Sokołowski 7a80eca73c
jenkin: fix GitHub releases
Specifically filenames and the diff link.

Signed-off-by: Jakub Sokołowski <jakub@status.im>
2020-08-06 14:28:21 +02:00
Jakub Sokołowski 84286782f6
bump status-react-jenkins to 1.2.0
This updates a bunch of things in the Jenkins logic.
For details of that see:
https://github.com/status-im/status-react-jenkins/pull/12

It grew out of the changes I made to make PR builds available in Desktop client:
https://github.com/status-im/nim-status-client/pull/507

Changes:
- Bump `status-react-jenkins` library to newer version, probably `1.2.0`
- Update use of `utils.pkgFilename()` in `ci/Jenkinsfile.combined`
- Make all iOS builds go into the same folder: `status-ios`
- Drop e2e build type, infer it from Android ABIs set to `x86` only
- Simplify logic in `nix/mobile/android/release.nix.`

Signed-off-by: Jakub Sokołowski <jakub@status.im>
2020-07-13 12:13:47 +02:00
Jakub Sokołowski 7d7462356e
ci: lower build timeouts to 20 minutes
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2020-07-08 12:33:33 +02:00
Jakub Sokołowski 112132aa94
drop all desktop related files and references
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2020-07-08 10:26:51 +02:00
Jakub Sokołowski b95056f3ce
ci: fix what version is set for iOS PR builds
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2020-07-06 09:47:39 +02:00
Gheorghe Pinzaru d916751160
Add PR Scheme for iOs build
Build PR Scheme in PR build

use named parameters, use pr_build boolean

Signed-off-by: Jakub Sokołowski <jakub@status.im>

Enable capabilities

Signed-off-by: Jakub Sokołowski <jakub@status.im>

Add custom app icon

Remove user defined profile

Add PR scheme

Explicit provide provisioning profiles

Fix pr schema

Bump jenkins

Pod bump

Describe pr_build argument

Signed-off-by: Gheorghe Pinzaru <feross95@gmail.com>
2020-06-29 16:16:35 +03:00
Jakub Sokołowski 41e04b9555
disable play store release
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2020-06-23 17:17:50 +02:00
Andrea Maria Piana 1714970e4e
Use Infura token pulled from environment
This way we can use different token for e2e, release, and devel builds.

Signed-off-by: Jakub Sokołowski <jakub@status.im>
Signed-off-by: Andrea Maria Piana <andrea.maria.piana@gmail.com>
2020-06-19 19:26:40 +02:00
Jakub Sokołowski 284c26055f
update Jenkins library to allow vebose Fastlane calls
For more details see status-react-jenkins change:
https://github.com/status-im/status-react-jenkins/pull/7

Signed-off-by: Jakub Sokołowski <jakub@status.im>
2020-06-02 18:50:43 +02:00
Jakub Sokołowski a96b35996f
drop scripts/copy-translations.sh as useless
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2020-05-14 09:46:22 +02:00
Jakub Sokołowski 157d054e33
jenkins: allow combined jobs to copy artifacts
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2020-05-12 09:14:49 +02:00
Gheorghe Pinzaru c34df26e19
Move icons assets into resources
Fix logout icon usage

Update icons docs

Remove scripting

change jenkins

Signed-off-by: Gheorghe Pinzaru <feross95@gmail.com>
2020-05-08 14:12:52 +03:00
yenda d5ef218584
use shadow-cljs
Signed-off-by: Jakub Sokołowski <jakub@status.im>
Signed-off-by: yenda <eric@status.im>
2020-04-30 15:43:46 +02:00
Jakub Sokołowski 7b6b620ceb
nix: use overlays instead of packageOverrides
Changes:
- Add `nix/DETAILS.md` for more in-depth info
- Rename some of `config.status-im` variables
- Drop `env` argument for Android build
- Use `overlays` instead of `packageOverrides`
- Move the `pkgs` overlay to `nix/overlay.nix`
- Move `nix/status-go/utils.nix` to `nix/tools`
- Make `shell.nix` use the `shells.default` only
- Use `default.nix` as target for `nix/scripts/shell.sh`
- Make `nix/scripts/shell.sh` use `--attr` instead of `target`
- Drop the `target` argument in favour of using `--attr`
- Drop unnecessary `src` from `nix/mobile/ios/default.nix`
- Move `mkShell` and `mergeSh` under `lib`
- Move `patched-go` package to `nix/pkgs` directory
- Move `gomobile` package to `nix/pkgs` directory
- Move `ANDROID_ABI_SPLIT` to `config.status-im.android.abi-split`
- Move `ANDROID_ABI_INCLUDE to `config.status-im.android.abi-include`

Signed-off-by: Jakub Sokołowski <jakub@status.im>
2020-04-29 11:53:33 +02:00
Jakub Sokołowski 5fab3268bd
allow lint stage fail in CI and still upload build result
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2020-03-27 09:19:46 +01:00
Jakub Sokołowski 0306f1cfbd
ci: re-add Play Store upload case for release
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2020-03-25 11:17:06 +01:00
Jakub Sokołowski 4a7c03b1cc
avoid building jsbundle twice, drop jsbundle stage
Because we run nix/scripts/clean.sh after building JSBundle it is
removed from Nix store and can't be reused in the Bundle stage.

Signed-off-by: Jakub Sokołowski <jakub@status.im>
2020-03-17 22:11:54 +01:00
Jakub Sokołowski 4e567cf782
use status-react-jenkins as CI library
This PR extracts all the ci/*.groovy scripts into a separate private repo located at:
https://github.com/status-im/status-react-jenkins

The main reasons for a separate repo are:

* Hiding the internal details of our CI setup
* Hiding names of Jenkins credentials available in CI jobs
* Lowering attack surface for malicious external contributors
* Increasing focus on PRs related to CI setup

You can read more about how Jenkins pipeline shared libraries work here:
https://jenkins.io/doc/book/pipeline/shared-libraries/

In simple terms I've added the repo to the main Jenkins configuration in "Global Pipeline Libraries" section and load it using:

  library 'status-react-jenkins@master'

Which makes globally available all of the libraries defined in the `vars` directory of that repo.
This also eliminates the need for statements like `android = load 'ci/android.groovy'`.

Signed-off-by: Jakub Sokołowski <jakub@status.im>
2020-03-11 19:11:36 +01:00
Jakub Sokołowski efa420def4
disable playstore upload
Signed-off-by: Jakub Sokołowski <jakub@status.im>
Signed-off-by: Churikova Tetiana <churikova.tm@gmail.com>
2020-03-05 10:52:19 +01:00
Jakub Sokołowski cb78293db7
use Android keystore from Jenkins credentials
This way we don't have to store it on individual CI hosts.

Signed-off-by: Jakub Sokołowski <jakub@status.im>
2020-02-27 06:54:28 +01:00
Jakub Sokołowski aca703a011
major nix refactor
Changes:
- Adds a new `nix-gc` Makefile target for removing old packages
- Moves all `nix/*.sh` files to `nix/scripts/*.sh` to make things more tidy
- Renames `TARGET_OS` into `TARGET` and makes it effective only with `nix/scripts/shell.sh`
- Renames `target-os` Nix argument to just `target` and makes it effective only with `shell.nix`
- Drops `IN_CI_ENVIRONMENT` env variable which was useless
- Drops use of `target-os` argument outside of `shell.nix` (with few exceptions, but just in naming)
- `nix/platform.nix` has been made obsolete and removed
- Moves the definition of all major targets to `nix/targets.nix`
- Moves the definition of all major shells to `nix/shells.nix`
- Makes `default.nix` and `shell.nix` just thin wrappers around `nix/default.nix`
- `nix/nixpkgs-bootstrap.nix` has been moved to `nix/pkgs.nix`
- All package and tool overrides have been moved to `nix/pkgs.nix`
- Explicit passing of contents of `pkgs` has been removed in favor of `callPackage` doing it for us
- `nix/bootstrapped-shell.nix` has been moved to `nix/tools/mkShell.nix`
- A new `mergeSh` tool has been added to `pkgs` from `nix/tools/mergeSh.nix`
  - This tool is used to merge shells created using `mkShell`
- `mobile/targets/jsbundle.nix` has been moved to `mobile/android/jsbundle/default.nix`
- Moves `status-go` version sanitization to `nix/status-go/utils.nix`
- Renames version to rawVersion and versionName to cleanVersion in status-go derivation
- Ports nix/mobile/ios/install-pods-and-status-go.sh to Nix sub-shells
- Moves adjustment of `inotify/max_user_watches` out into `scripts/inotify_fix.sh`
- Makes iOS builds use the Nix version of Fastlane

Signed-off-by: Jakub Sokołowski <jakub@status.im>
2019-12-12 18:51:21 +01:00
Vitaliy Vlasov f28fd8fc9c
customize TMPDIR and clean it
Also:
- parallelize upload and achive stages
- fix s3cmd uploads for combined Jenkinsfile
- fix failing TestFlight clean job

Signed-off-by: Jakub Sokołowski <jakub@status.im>
2019-10-18 09:40:11 +02:00
Jakub Sokołowski afc2412514
desktop builds need GnuPG
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2019-10-17 11:03:41 +02:00
Jakub Sokołowski 599ed98093
fix which APK is published for e2e builds
Signed-off-by: Jakub Sokołowski <jakub@status.im>
2019-10-01 23:42:16 +02:00