Using different temporary keychains does not work if we do not set
`default_keychain=true`, because `codesign` then can't find the cert:
```
error: No signing certificate "iOS Distribution" found: No "iOS Distribution" signing certificate matching team ID
```
But if we set `default_keychain=true` then we cause a race condition
when the keychain is deleted by a parallel job while another is using it
as its default.
For this reason we have to use a static keychain name and keep it
between builds.
I tried disabling `default_keychain=true` in #11378 but it worked only
because the default user keychain already had the cert.
Signed-off-by: Jakub Sokołowski <jakub@status.im>
Signed-off-by: Andrea Maria Piana <andrea.maria.piana@gmail.com>
If we run parallel job and a job sets a temporary keychain into a
default than another job can assume that is the user default.
The result is that one of the jobs will attempt to set a non-existent
temporary keychain into the default keychain.
This happens when we call `Fastlane::Actions::DeleteKeychainAction`:
https://github.com/fastlane/fastlane/blob/2.164.0/fastlane/lib/fastlane/actions/delete_keychain.rb#L21
Signed-off-by: Jakub Sokołowski <jakub@status.im>
This is a new approach to signing the iOS app by using a temporary
Keychain created only for that specific build and unlocked in advance.
By doing it this way we can avoid issues with `errSecInternalComponent`
appearing when there is no UI to open a Keychain password prompt when
running build in CI. I've described this problem in details in:
https://github.com/fastlane/fastlane/issues/15185
Thanks to `codesign:` partition ID being added to key partition list by
Fastlane `match` when importing a Keychain this approach now works:
https://github.com/fastlane/fastlane/pull/17456
Signed-off-by: Jakub Sokołowski <jakub@status.im>
This updates a bunch of things in the Jenkins logic.
For details of that see:
https://github.com/status-im/status-react-jenkins/pull/12
It grew out of the changes I made to make PR builds available in Desktop client:
https://github.com/status-im/nim-status-client/pull/507
Changes:
- Bump `status-react-jenkins` library to newer version, probably `1.2.0`
- Update use of `utils.pkgFilename()` in `ci/Jenkinsfile.combined`
- Make all iOS builds go into the same folder: `status-ios`
- Drop e2e build type, infer it from Android ABIs set to `x86` only
- Simplify logic in `nix/mobile/android/release.nix.`
Signed-off-by: Jakub Sokołowski <jakub@status.im>
Build PR Scheme in PR build
use named parameters, use pr_build boolean
Signed-off-by: Jakub Sokołowski <jakub@status.im>
Enable capabilities
Signed-off-by: Jakub Sokołowski <jakub@status.im>
Add custom app icon
Remove user defined profile
Add PR scheme
Explicit provide provisioning profiles
Fix pr schema
Bump jenkins
Pod bump
Describe pr_build argument
Signed-off-by: Gheorghe Pinzaru <feross95@gmail.com>
With it we can set last_hope_attempts_backoff to 5 seconds.
This should fix issues with upload wait timing out.
Signed-off-by: Jakub Sokołowski <jakub@status.im>
This way the nix expression in nix/mobile/android/targets/release-android.nix will not fail.
And the naming of build types and `.env.${type}` files will be more consistent.
Signed-off-by: Jakub Sokołowski <jakub@status.im>
it will break adding new devices, but will help workaround the isssue
that we don't have 2FA installed on our Apple ID
Signed-off-by: Igor Mandrigin <i@mandrigin.ru>
Squashe commits:
- add an e2e build target for ios
- add correct sdk and destination for simulator
- fixup! add correct sdk and destination for simulator
- drop xcarchive_path since we are not using it
- temporarily bind ios build to macos-03
- Detect installed simulator SDK and use it.
- Signed-off-by: Jakub Sokołowski <jakub@status.im>
Signed-off-by: Jakub Sokołowski <jakub@status.im>
This commit updates the version of realm-js
Vulnerability has been fixed in realm-js after we notified them
Security vulnerability in hapijs / hoek 4.2.1 (package-lock.json)
https://nvd.nist.gov/vuln/detail/CVE-2018-3728
Signed-off-by: Eric Dvorsak <eric@dvorsak.fr>
- add missing Lint step for mobile builds
- add missing upload steps for android
- prefix fastlane calls with bundle exec
- update slackSend to format for PR builds
- silence fastlane notifying slack, Jenkins already does
Signed-off-by: Jakub Sokołowski <jakub@status.im>
Realm download script didn't support it, so the simplest solution is
just to patch it and replace before iOS builds.
Signed-off-by: Igor Mandrigin <i@mandrigin.ru>