chore: validate env expo cp-7.63.0

[weitingsun]

Description

• Move creating .env from push-eas-update.yml to build.sh
• Have eas push platform as an input so we can choose to push to all, ios or android

Changelog

CHANGELOG entry: null

Related issues

Fixes:

Manual testing steps

Feature: my feature name

  Scenario: user [verb for user action]
    Given [describe expected initial app state]

    When user [verb for user action]
    Then [describe expected outcome]

Screenshots/Recordings

Before

After

Pre-merge author checklist

• I've followed MetaMask Contributor Docs and MetaMask Mobile Coding Standards.
• I've completed the PR template to the best of my ability
• I've included tests if applicable
• I've documented my code using JSDoc format if applicable
• I've applied the right labels on the PR (see labeling guidelines). Not required for external contributors.

Pre-merge reviewer checklist

• I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
• I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

---

Note

Medium Risk
Changes the OTA update GitHub Actions workflow and scripts/build.sh publish path, including new platform selection and altered .env generation; mistakes could break release/update automation or omit required env values.

Overview
Adds a platform input to the push-eas-update workflow and passes it through as OTA_PUSH_PLATFORM, allowing OTA updates to target ios, android, or all.

Updates scripts/build.sh’s expo-update flow to generate .env (and mirror vars into GITHUB_ENV) from a fixed allowlist, then publish EAS updates sequentially per platform with explicit per-platform failure reporting/propagation. Also removes the workflow’s EXPO_NO_LAVAMOAT override and hardens Sentry auth token injection by switching sed to a safer delimiter.

^{Written by Cursor Bugbot for commit faa3f6b. This will update automatically on new commits. Configure here.}

[github-actions]

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

[cursor]

Environment values lack escaping for special characters

Low Severity

The new .env creation writes values without escaping or quoting: echo "${var}=${value}". The removed createEnvFile() function properly escaped backslashes, double quotes, and dollar signs, then wrapped values in quotes. If any secret values contain special characters (like $, ", \, or spaces), they could cause parsing issues when Expo reads the .env file or trigger unintended shell expansion.

 

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 80.27%. Comparing base (de82fcb) to head (4d92ae7).
⚠️ Report is 15 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main   #25415      +/-   ##
==========================================
- Coverage   80.55%   80.27%   -0.29%     
==========================================
  Files        4257     4263       +6     
  Lines      109159   109959     +800     
  Branches    23213    23417     +204     
==========================================
+ Hits        87937    88267     +330     
- Misses      15089    15506     +417     
- Partials     6133     6186      +53     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[github-actions]

🔍 Smart E2E Test Selection

• Selected E2E tags: None (no tests recommended)
• Selected Performance tags: None (no tests recommended)
• Risk Level: low
• AI Confidence: 92%

click to see 🤖 AI reasoning details

E2E Test Selection:
The changes are purely CI/build infrastructure modifications:

1. .github/workflows/push-eas-update.yml: Added a new platform input parameter to allow selecting which platform (ios, android, or all) to update via EAS. Also removed the EXPO_NO_LAVAMOAT environment variable.

2. scripts/build.sh:

   • Refactored createEnvFile() function with simplified escaping logic
   • Modified buildExpoUpdate() to run iOS and Android updates sequentially (instead of simultaneously) to avoid LavaMoat lockdown serializer conflicts
   • Added platform-specific logic based on OTA_PUSH_PLATFORM environment variable
   • Fixed checkAuthToken() to use | as sed delimiter to handle special characters in auth tokens

These changes:

• Do NOT modify any app source code (React Native components, controllers, business logic)
• Do NOT affect E2E test infrastructure (no changes to e2e/ directory, test pages, fixtures, or utilities)
• Are purely build/deployment workflow improvements for EAS OTA updates
• Do NOT change how the app behaves at runtime

The validation for these changes would be running the actual EAS update workflow, not E2E tests. No E2E test tags are needed.

Performance Test Selection:
These changes are purely CI/build infrastructure modifications (GitHub workflow and build script). They do not affect any runtime app code, UI components, data loading, or app initialization. The changes are for EAS OTA update deployment process and have no impact on app performance metrics like rendering, loading times, or responsiveness.

View GitHub Actions results

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[sethkfman]

LGTM