-
Notifications
You must be signed in to change notification settings - Fork 1
/
Jenkinsfile
154 lines (112 loc) · 5.91 KB
/
Jenkinsfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
pipeline {
agent { label 'linux' }
options {
buildDiscarder(logRotator(artifactDaysToKeepStr: '30', artifactNumToKeepStr: '10'))
}
stages {
stage('Android bundle AAB') {
agent { label 'linux' }
when {
tag "release-android-*";
}
environment {
ANDROID_PSIPHON_CONFIG = 'op://Jenkins/Conduit Psiphon Config/android_psiphon_config'
ANDROID_EMBEDDED_SERVER_ENTRIES = 'op://Jenkins/Conduit Psiphon Config/android_embedded_server_entries'
ANDROID_UPLOAD_KEYSTORE = 'op://Jenkins/Conduit Upload Signing Key/upload-keystore.jks.base64'
ANDROID_UPLOAD_KEYSTORE_PROPERTIES = 'op://Jenkins/Conduit Upload Signing Key/keystore.properties'
}
steps {
sh 'npm ci'
script {
releaseName = TAG_NAME.minus("release-android-")
}
writeFile file: 'src/git-hash.js', text: "export const GIT_HASH = '${releaseName}';"
dir('android') {
withSecrets() {
writeFile file: 'app/src/main/res/raw/psiphon_config', text: env.ANDROID_PSIPHON_CONFIG
writeFile file: 'app/src/main/res/raw/embedded_server_entries', text: env.ANDROID_EMBEDDED_SERVER_ENTRIES
writeFile file: 'app/upload-keystore.jks', text: env.ANDROID_UPLOAD_KEYSTORE, encoding: "Base64"
writeFile file: 'keystore.properties', text: env.ANDROID_UPLOAD_KEYSTORE_PROPERTIES
}
sh './gradlew clean bundleRelease'
sh "mv app/build/outputs/bundle/release/app-release.aab app/build/outputs/bundle/release/conduit-${releaseName}.aab"
}
archiveArtifacts artifacts: 'android/app/build/outputs/bundle/release/*.aab', fingerprint: true, onlyIfSuccessful: true
}
}
stage('iOS IPA') {
agent { label 'mac-mini-node2' }
when {
tag "release-ios-*";
}
environment {
// TODO: These are large values that can cause sh directives to fail with "Argument list too long".
IOS_PSIPHON_CONFIG = 'op://Jenkins/Conduit Psiphon Config/ios_psiphon_config'
IOS_EMBEDDED_SERVER_ENTRIES = 'op://Jenkins/Conduit Psiphon Config/ios_embedded_server_entries'
// Required for our sudo-less Cocoapods installation.
PATH = "${env.HOME}/.gem/bin:${env.PATH}"
// Required by Cocoapods.
LANG = "en_US.UTF-8"
}
steps {
sh 'echo "PATH: $PATH"'
sh 'echo "Node version: $(node --version)"'
sh 'echo "NPM version: $(npm --version)"'
sh 'echo "Xcodebuild version:\n$(xcodebuild -version)"'
sh 'npm ci'
script {
releaseName = TAG_NAME.minus("release-ios-")
}
writeFile file: 'src/git-hash.js', text: "export const GIT_HASH = '${releaseName}';"
dir('ios') {
// Loads credential "mac-pro-build build user" from Jenkins.
// (usernameVariable must be present to avoid a bug in the plugin).
withCredentials([usernamePassword(credentialsId: '2e8830e4-ff4e-4876-b939-875e5aea611e', usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD')]) {
// Use single quotes to avoid Groovy interpolation of secrets.
sh 'security unlock-keychain -p "${PASSWORD}" /Users/build/Library/Keychains/#.keychain-db'
}
withSecrets() {
writeFile file: 'ios_psiphon_config', text: env.IOS_PSIPHON_CONFIG
writeFile file: 'ios_embedded_server_entries', text: env.IOS_EMBEDDED_SERVER_ENTRIES
}
sh 'pod install --repo-update'
sh 'xcodebuild archive -workspace ./conduit.xcworkspace -scheme conduit -configuration Release -sdk iphoneos -archivePath ./build/conduit.xcarchive -allowProvisioningUpdates'
sh 'xcodebuild -exportArchive -archivePath ./build/conduit.xcarchive -exportOptionsPlist exportAppStoreOptions.plist -exportPath ./build -allowProvisioningUpdates'
// Verify the generated IPA with credential "iTunes Connect user"
withCredentials([usernamePassword(credentialsId: '3b64f68c-9ab2-4986-ae1a-91ebd4b96fc4', usernameVariable: 'ITUNES_CONNECT_USERNAME', passwordVariable: 'ITUNES_CONNECT_PASSWORD')]) {
sh 'xcrun altool --validate-app -t ios -f "./build/Conduit.ipa" -u "${ITUNES_CONNECT_USERNAME}" -p "${ITUNES_CONNECT_PASSWORD}"'
}
sh "mv ./build/Conduit.ipa ./build/Conduit-${releaseName}.ipa"
}
archiveArtifacts artifacts: 'ios/build/*.ipa', fingerprint: true, onlyIfSuccessful: true
}
}
}
post {
always {
dir('client') {
// This is very large, save space on jenkins
sh 'rm -rf node_modules'
}
}
failure {
script {
changes = getChangeList()
}
slackSend message:"${env.JOB_NAME} - Build #${env.BUILD_NUMBER} failed (<${env.BUILD_URL}|Open>)\nChanges:\n${changes}",
color: "danger"
}
}
}
String getChangeList() {
if (currentBuild.changeSets.size() == 0) {
return "No changes"
}
def changeList = ""
for (changeSet in currentBuild.changeSets) {
for (entry in changeSet.items) {
changeList += "- ${entry.msg} [${entry.authorName}]\n"
}
}
return changeList
}