Fastlane hang/timeout on macOS Sierra stacks

Continuing from How to upgrade spec of machine or use many cores for building

@viktorbenei Hmm… Build is still over limit despite doing 1. and some improvements.
On XCode 8.0 of Bitrise, build is done in 15min. But on XCode 8.1, 8.2, 8.3~, build is over limit. And on local, it does not occur.
Bitrise set Some setting for XCode8.1~ about this issue?

No known issues and the tooling is the same on all stacks, the difference is only the pre-installed tool versions and of course the Xcode version, but the stacks are always prepared the exact same way.

Ahh, I think I know what the issue will be.
Does the build “hang” somewhere code signing related?

Xcode 8.0 was the last El Capitan based stack (https://github.com/bitrise-io/bitrise.io/blob/master/system_reports/osx-xcode-8.0.x.log#L438), 8.1 was the first Sierra based one (https://github.com/bitrise-io/bitrise.io/blob/master/system_reports/osx-xcode-8.1.x.log#L454).

There was a keychain unlock (and naming) change in Sierra, for which our own steps were upgraded to handle, but if you use your own Script or another tool for managing the signing identity / keychain unlock that might not have the Sierra change fix.

If the keychain is not unlocked properly, then Xcode will present a “Do you allow access to … ?” popup, which have to be manually accepted (clicking on “Allow” or “Always allow”).

@viktorbenei I see! But my “hang” is at xib or storyboard file building.
※ I’m unlocking keychain by Bitrise step and signing by Fastlane.
I want to show my Bitrise environment or log file you. Is it OK?

Sure, feel free to send us the log through email or the onsite chat and we’ll have a look asap!

Thank you. But I’m looking for a problem with either Bitrise or Fastlane.

Hi Viktor - Can we get in on that private beta?

@viktorbenei We succeeded building with fastlane on local. So the problem may not be in fastlane.
We sent log file via chat. Please check it.

Sure, send an email or use the onsite chat on bitrise.io

I’ll check it ASAP!

Checked it, and I still think it will be Keychain related. From the log:

INFO [2017-02-20 02:30:34.97]: e[32m----------------------------------------------------e[0m
INFO [2017-02-20 02:30:34.97]: e[32m--- Step: Switch to ios import_certificates lane ---e[0m
INFO [2017-02-20 02:30:34.97]: e[32m----------------------------------------------------e[0m
INFO [2017-02-20 02:30:34.97]: Cruising over to lane 'ios import_certificates' 🚖
INFO [2017-02-20 02:30:34.98]: Importing certificates
INFO [2017-02-20 02:30:34.98]: e[32m--------------------------------e[0m
INFO [2017-02-20 02:30:34.98]: e[32m--- Step: import_certificate ---e[0m
INFO [2017-02-20 02:30:34.98]: e[32m--------------------------------e[0m
INFO [2017-02-20 02:30:35.40]: e[32m--------------------------------e[0m
INFO [2017-02-20 02:30:35.40]: e[32m--- Step: import_certificate ---e[0m
INFO [2017-02-20 02:30:35.40]: e[32m--------------------------------e[0m
INFO [2017-02-20 02:30:35.73]: Certificates imported succesfully.
INFO [2017-02-20 02:30:35.73]: Cruising back to lane 'ios beta' 🚘
INFO [2017-02-20 02:30:35.73]: e[32m-----------------------------e[0m
INFO [2017-02-20 02:30:35.73]: e[32m--- Step: unlock_keychain ---e[0m
INFO [2017-02-20 02:30:35.73]: e[32m-----------------------------e[0m

From this I think you do some kind of manual keychain unlock.

This is exactly what changed in macOS sierra, and it requires an additional keychain (security) command to properly unlock the keychain, or else Sierra will present a prompt whether you allow access to the signing certificate, and will not proceed until you manually click “Allow” or “Always Allow” in the popup.

Related fastlane issue: https://github.com/fastlane/fastlane/issues/6866

The solution can be:

  • Use our Certificate and profile installer step, which have this new keychain unlock integrated, and also supports both local and remote URLs for the certificate and prov profile, so it can work with files uploaded to Bitrise.io, to any other server, or with files from your repo / from the local file system. Note: you can also use multiple Certificate and profile installer steps in a workflow if you want to, e.g. to install signing files both from Bitrise.io and from local paths.
  • Use fastlane match which now also have this new keychain unlock integrated (related setup guide on our DevCenter).
  • Do the additional unlock command in your script on Sierra. (Related code in our Certificate and profile installer step: https://github.com/bitrise-io/steps-certificate-and-profile-installer/blob/75e9c121fc8f1f04ccdd9c5fadbc7bd43240a500/main.go#L573 - something like security "set-key-partition-list" "-S" "apple-tool:,apple:" "-k" "$BITRISE_KEYCHAIN_PASSWORD" "$HOME/Library/Keychains/login.keychain" after the security import ... command)