status-react/ci/tools/Jenkinsfile.fastlane-clean
Jakub Sokołowski 3b780f4ff2
fastlane: Create temporary Keychain for iOS signing
This is a new approach to signing the iOS app by using a temporary
Keychain created only for that specific build and unlocked in advance.

By doing it this way we can avoid issues with `errSecInternalComponent`
appearing when there is no UI to open a Keychain password prompt when
running build in CI. I've described this problem in details in:
https://github.com/fastlane/fastlane/issues/15185

Thanks to `codesign:` partition ID being added to key partition list by
Fastlane `match` when importing a Keychain this approach now works:
https://github.com/fastlane/fastlane/pull/17456

Signed-off-by: Jakub Sokołowski <jakub@status.im>
2020-11-03 00:03:38 +01:00

56 lines
1.3 KiB
Plaintext

library 'status-react-jenkins@v1.2.6'
pipeline {
agent { label 'macos' }
environment {
LANG = 'en_US.UTF-8'
LANGUAGE = 'en_US.UTF-8'
LC_ALL = 'en_US.UTF-8'
TARGET = 'ios'
FASTLANE_DISABLE_COLORS = 1
/* See nix/README.md */
NIX_IGNORE_SYMLINK_STORE = 1
/* avoid writing to r/o /nix */
GEM_HOME = '~/.rubygems'
}
options {
timestamps()
/* Disable concurrent jobs */
disableConcurrentBuilds()
/* Prevent Jenkins jobs from running forever */
timeout(time: 45, unit: 'MINUTES')
/* Don't keep more than 50 builds */
buildDiscarder(logRotator(numToKeepStr: '50'))
}
stages {
stage('Prep') {
steps { script {
nix.shell(
'bundle install --gemfile=fastlane/Gemfile',
attr: 'shells.fastlane',
)
} }
}
stage('Clean Users'){
steps { script {
withCredentials([
usernamePassword(
credentialsId: 'fastlane-match-apple-id',
usernameVariable: 'FASTLANE_APPLE_ID',
passwordVariable: 'FASTLANE_PASSWORD'
),
]) {
nix.shell(
'bundle exec --gemfile=fastlane/Gemfile fastlane ios clean',
keepEnv: ['FASTLANE_APPLE_ID', 'FASTLANE_PASSWORD'],
attr: 'shells.fastlane',
)
}
} }
}
}
}