This has several benefits:
* Less abuse of `extra-sandbox-paths` Nix option
* Less inputs to the Android release build derivation
* Easier for users to sign the build themselves
* Simplification of `scripts/release-android.sh`
* Preparation for building using Nix Flakes
The only two remaining credentials passed via `extra-sandbox-paths` is
the Infura and OpenSea API keys, and there is no way around that other
than passing them via Nix arguments, but that would cause them to end up
in `/nix/store` as part of `.drv` files.
I'm also renaming `release-fdroid` to `build-fdroid` to be consistent.
Depends on: https://github.com/status-im/status-jenkins-lib/pull/42
Signed-off-by: Jakub Sokołowski <jakub@status.im>
Also use `ssh-ng://` protocol implementation instead of `ssh://`.
Might fix the following error:
```
error (ignored): error: reached end of FramedSource
error: sized: unexpected end-of-file
error: unexpected end-of-file
```
For more details see: https://github.com/NixOS/nix/issues/6495
Signed-off-by: Jakub Sokołowski <jakub@status.im>
Minor upgrade done to match the version deployed in CI due to a bug
with `nix-copy-closure` which broken Nix cache jobs:
https://github.com/status-im/infra-ci/issues/49
This will not force upgrade on developes, nor require any `make nix-purge`.
If however and upgrade is wanted it can be simply done with `nix upgrade-nix`.
Signed-off-by: Jakub Sokołowski <jakub@status.im>
By using just the timestamp we increase the probability of hitting a
race condition with another build due to same filename of sandbox file.
Depends on: https://github.com/status-im/status-jenkins-lib/pull/40
Signed-off-by: Jakub Sokołowski <jakub@status.im>
Will make it easier and safer to upgrade Nix on CI hosts.
Also added architecture since we are starting to mix those.
Signed-off-by: Jakub Sokołowski <jakub@status.im>
This will make identifying installed software easier.
It can also be used to generate F-Droid RPs more easily.
Depends on:
https://github.com/status-im/status-jenkins-lib/pull/35
Signed-off-by: Jakub Sokołowski <jakub@status.im>
This is part of my work of moving Nix cache to a separate host
because our Master host with jenkins needs more space.
Also, new Nix installer updated `.profile`, not `.bash_profile`.
Signed-off-by: Jakub Sokołowski <jakub@status.im>
Notable software upgrades:
- Go `1.14.13` to `1.14.15`
- Clojure `1.10.1.763` to `1.10.3.855`
- NodeJS `12.20.1` to `12.22.1`
- Git `2.29.2` to `2.31.1`
- CMake `3.10.2` to `3.18.1`
- Curl `7.74.0` to `7.76.1`
- Android NDK `21.3.6528147` to `22.1.7171670`
- Android Platform Tools `30.0.5` to `31.0.2`
Signed-off-by: Jakub Sokołowski <jakub@status.im>
This is required to also ad GitHub releases to `status-desktop`.
Also renamed `status-react-jenkins` to `status-jenkins-lib` for clarity.
Depends on: https://github.com/status-im/status-react-jenkins/pull/23
Signed-off-by: Jakub Sokołowski <jakub@status.im>
Otherwise release builds never create the GitHub draft releases.
Not unless a user explicitly stats a build with `PUBLISH: true`.
Signed-off-by: Jakub Sokołowski <jakub@status.im>
This changes the behavior of mobile combined builds to not publish
the results of `nightly` or `release` builds unless `PUBLISH`
parameter is set to `true`.
It also makes the `BUILD_TYPE` into a dropdown choice field with
pre-defined values, like `manual` or `e2e`.
Changes:
- Add parameter definitions for `BUILD_TYPE` and `PUBLISH`
- Move uploading of `latest.json` to `Publish` stage
- Make `Publish` stage optional based on the `PUBLISH` parameter
Requires: https://github.com/status-im/status-react-jenkins/pull/21
Signed-off-by: Jakub Sokołowski <jakub@status.im>
Signed-off-by: Andrea Maria Piana <andrea.maria.piana@gmail.com>
Using different temporary keychains does not work if we do not set
`default_keychain=true`, because `codesign` then can't find the cert:
```
error: No signing certificate "iOS Distribution" found: No "iOS Distribution" signing certificate matching team ID
```
But if we set `default_keychain=true` then we cause a race condition
when the keychain is deleted by a parallel job while another is using it
as its default.
For this reason we have to use a static keychain name and keep it
between builds.
I tried disabling `default_keychain=true` in #11378 but it worked only
because the default user keychain already had the cert.
Signed-off-by: Jakub Sokołowski <jakub@status.im>
Signed-off-by: Andrea Maria Piana <andrea.maria.piana@gmail.com>