Skip to content

chore(ci): fix iOS builds hanging on Github Actions #6854

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
diegolmello merged 6 commits into from
Dec 18, 2025
Merged

chore(ci): fix iOS builds hanging on Github Actions #6854

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
fbc0a0e
feat: enhance Fastlane configuration with keychain settings
diegolmello Dec 16, 2025
1495fcd
fix: update Fastlane provisioning profile configuration for iOS
diegolmello Dec 16, 2025
420b7c2
chore: update Gemfile.lock with dependency version bumps
diegolmello Dec 17, 2025
c8c1d24
Update Gemfile.lock
diegolmello Dec 17, 2025
9213840
chore: update Gemfile and Gemfile.lock for dependency adjustments
diegolmello Dec 17, 2025
5008e1a
chore: refine Fastlane keychain settings for improved code signing
diegolmello Dec 17, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion Gemfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ source 'https://rubygems.org'
ruby '2.7.7'

# Exclude problematic versions of cocoapods and activesupport that causes build failures.
gem 'cocoapods', '>= 1.13', '!= 1.15.0', '!= 1.15.1'
gem 'cocoapods', '>= 1.13', '!= 1.15.1', '!= 1.15.0'
gem 'activesupport', '>= 6.1.7.5', '!= 7.1.0'
gem 'xcodeproj', '< 1.26.0'
gem 'concurrent-ruby', '< 1.3.4'
Expand Down
2 changes: 1 addition & 1 deletion Gemfile.lock
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -308,7 +308,7 @@ DEPENDENCIES
activesupport (>= 6.1.7.5, != 7.1.0)
benchmark
bigdecimal
cocoapods (>= 1.13, != 1.15.0, != 1.15.1)
cocoapods (>= 1.13, != 1.15.1, != 1.15.0)
concurrent-ruby (< 1.3.4)
fastlane
fastlane-plugin-bugsnag
Expand Down
24 changes: 19 additions & 5 deletions ios/fastlane/Fastfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,9 @@ platform :ios do
create_keychain(
name: ENV["MATCH_KEYCHAIN_NAME"],
password: ENV["MATCH_KEYCHAIN_PASSWORD"],
timeout: 1200
timeout: 0,
lock_when_sleeps: false,
unlock: true
)
Comment on lines 21 to 27
Copy link
Contributor

@coderabbitai coderabbitai bot Dec 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

Clarify timeout inconsistency between keychain creation and later shell commands.

The keychain is created with timeout: 0 (no automatic lock), but lines 67 and 91 later use security set-keychain-settings -lut 3600 which sets a 3600-second timeout. This creates conflicting timeout configurations.

Consider either:

  • Using timeout: 3600 here to match the shell commands, or
  • Removing the -lut 3600 flag from lines 67 and 91 to maintain the no-timeout behavior
  create_keychain(	
    name: ENV["MATCH_KEYCHAIN_NAME"],	
    password: ENV["MATCH_KEYCHAIN_PASSWORD"],	
-   timeout: 0,
+   timeout: 3600,
    lock_when_sleeps: false,
    unlock: true
  )
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
create_keychain(
name: ENV["MATCH_KEYCHAIN_NAME"],
password: ENV["MATCH_KEYCHAIN_PASSWORD"],
timeout: 1200
timeout: 0,
lock_when_sleeps: false,
unlock: true
)
create_keychain(
name: ENV["MATCH_KEYCHAIN_NAME"],
password: ENV["MATCH_KEYCHAIN_PASSWORD"],
timeout: 3600,
lock_when_sleeps: false,
unlock: true
)
🤖 Prompt for AI Agents 
In ios/fastlane/Fastfile around lines 21 to 27 the keychain is created with
timeout: 0 while later shell commands at lines ~67 and ~91 set a 3600s timeout
via security set-keychain-settings -lut 3600, producing conflicting timeout
behavior; to fix, make the timeout consistent by either changing timeout: 0 to
timeout: 3600 in the create_keychain call to match the shell commands, or remove
the -lut 3600 flags from the later security set-keychain-settings invocations so
the created keychain remains unlocked indefinitely (choose the option that
matches the intended security policy and update both places accordingly).

end

Expand Down Expand Up @@ -54,11 +56,16 @@ platform :ios do
key_filepath: 'fastlane/app_store_connect_api_key.p8',
in_house: false
)
match(type: "appstore")
get_provisioning_profile(app_identifier: "chat.rocket.reactnative.ShareExtension")
get_provisioning_profile(app_identifier: "chat.rocket.reactnative.NotificationService")
get_provisioning_profile(app_identifier: "chat.rocket.reactnative.watchkitapp")
match(type: "appstore", platform: "ios")
get_provisioning_profile(app_identifier: "chat.rocket.reactnative.ShareExtension", platform: "ios")
get_provisioning_profile(app_identifier: "chat.rocket.reactnative.NotificationService", platform: "ios")
get_provisioning_profile(app_identifier: "chat.rocket.reactnative.watchkitapp", platform: "ios")
# pem(api_key: api_key) # still uses Spaceship http://docs.fastlane.tools/actions/pem/#how-does-it-work
# Allow codesign to access keys without prompting
keychain_path = "~/Library/Keychains/#{ENV['MATCH_KEYCHAIN_NAME']}-db"
sh "security unlock-keychain -p \"#{ENV['MATCH_KEYCHAIN_PASSWORD']}\" #{keychain_path}"
sh "security set-keychain-settings -lut 3600 #{keychain_path}"
sh "security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k \"#{ENV['MATCH_KEYCHAIN_PASSWORD']}\" #{keychain_path}"
Comment on lines +64 to +68
Copy link
Contributor

@coderabbitai coderabbitai bot Dec 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🏁 Script executed:

cat -n ios/fastlane/Fastfile | sed -n '60,100p'

Repository: RocketChat/Rocket.Chat.ReactNative

Length of output: 2382

Add error suppression to line 68 for consistency with build_official.

The set-key-partition-list command on line 68 should include || true to suppress errors, matching the same command on line 92 in build_official. Both lanes perform identical keychain setup, so they should use consistent error handling.

🤖 Prompt for AI Agents 
In ios/fastlane/Fastfile around lines 64 to 68, the `security
set-key-partition-list` command on line 68 lacks error suppression and should
match `build_official` by appending `|| true`; update that sh invocation to add
`|| true` so the command's failure doesn't abort the lane, keeping keychain
setup error handling consistent across lanes.

gym(
scheme: "RocketChatRN",
workspace: "RocketChatRN.xcworkspace",
Expand All @@ -72,11 +79,18 @@ platform :ios do

match(
type: "appstore",
platform: "ios",
app_identifier: ["chat.rocket.ios", "chat.rocket.ios.NotificationService", "chat.rocket.ios.Rocket-Chat-ShareExtension", "chat.rocket.ios.watchkitapp"],
readonly: true,
output_path: './'
)

# Allow codesign to access keys without prompting
keychain_path = "~/Library/Keychains/#{ENV['MATCH_KEYCHAIN_NAME']}-db"
sh "security unlock-keychain -p \"#{ENV['MATCH_KEYCHAIN_PASSWORD']}\" #{keychain_path}"
sh "security set-keychain-settings -lut 3600 #{keychain_path}"
sh "security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k \"#{ENV['MATCH_KEYCHAIN_PASSWORD']}\" #{keychain_path} || true"

update_code_signing_settings(
profile_name: "match AppStore chat.rocket.ios.NotificationService",
build_configurations: "Release",
Expand Down
Loading