Update fastlane, enable local build bumps, and disable local Android uploads #1552
Conversation
📝 WalkthroughWalkthroughFastlane dependency updated to version 2.230.0. New local build number bumping functionality added for iOS and Android via a VersionManager method called during deployment flows. Android Play Store JSON key validation removed for local development. Warning messaging updated for manual AAB uploads in deployment scripts. Changes
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Possibly related PRs
Suggested reviewers
Poem
🚥 Pre-merge checks | ✅ 2 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (2 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing touches
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Fix all issues with AI agents
In @app/fastlane/Fastfile:
- Around line 175-177: The Fastfile invokes
Fastlane::Helpers.bump_local_build_number("ios") when local_development &&
version_bump != "skip" but the PR lacks verification steps; before opening a PR,
run the standard pre-PR workflow to validate the bump: execute yarn test, yarn
build, yarn ios and yarn android to ensure unit tests pass, packages build, and
both platform builds succeed so the bumped version.json changes are correct and
safe to merge.
In @app/fastlane/helpers/version_manager.rb:
- Around line 47-59: The bump_local_build_number method has a race condition
during the read-modify-write of the version file; wrap the sequence that calls
read_version_file, increments data[platform]["build"], and write_version_file in
an exclusive file lock (e.g., using File.open + flock) so concurrent processes
serialize access; update bump_local_build_number to acquire the lock on the
versions file before reading and only release it after writing and returning the
new build number, ensuring you still call UI.success and return
data[platform]["build"] after the locked update.
📜 Review details
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
⛔ Files ignored due to path filters (1)
app/Gemfile.lockis excluded by!**/*.lock
📒 Files selected for processing (4)
app/Gemfileapp/fastlane/Fastfileapp/fastlane/helpers/version_manager.rbapp/scripts/mobile-deploy-confirm.cjs
🧰 Additional context used
📓 Path-based instructions (1)
app/fastlane/**/*
📄 CodeRabbit inference engine (app/AGENTS.md)
Verify Fastlane configuration before deployment
Files:
app/fastlane/helpers/version_manager.rbapp/fastlane/Fastfile
🧠 Learnings (11)
📓 Common learnings
Learnt from: CR
Repo: selfxyz/self PR: 0
File: app/AGENTS.md:0-0
Timestamp: 2025-12-25T19:19:04.954Z
Learning: Applies to app/android/**/* : Ensure Android build succeeds with `yarn android` before creating a PR
Learnt from: CR
Repo: selfxyz/self PR: 0
File: app/AGENTS.md:0-0
Timestamp: 2025-12-25T19:19:04.954Z
Learning: Applies to app/fastlane/**/* : Verify Fastlane configuration before deployment
Learnt from: transphorm
Repo: selfxyz/self PR: 1446
File: .github/workflows/mobile-bundle-analysis.yml:117-117
Timestamp: 2025-11-22T23:16:26.719Z
Learning: In the selfxyz/self repository, for mobile workflows (bundle analysis, deployment, CI/CD):
- Both iOS and Android builds now cache Ruby gems at the unified path `app/vendor/bundle`
- The previous separate paths (app/ios/vendor/bundle for iOS) have been deprecated in favor of this unified approach
Learnt from: CR
Repo: selfxyz/self PR: 0
File: packages/mobile-sdk-alpha/AGENTS.md:0-0
Timestamp: 2025-12-25T19:19:35.354Z
Learning: Applies to packages/mobile-sdk-alpha/**/*.{ts,tsx} : Before creating a PR, ensure `yarn build` succeeds (package builds correctly)
Learnt from: CR
Repo: selfxyz/self PR: 0
File: app/AGENTS.md:0-0
Timestamp: 2025-12-25T19:19:04.954Z
Learning: Explain platform-specific code paths (iOS/Android/Web) in PR descriptions
Learnt from: CR
Repo: selfxyz/self PR: 0
File: packages/mobile-sdk-alpha/AGENTS.md:0-0
Timestamp: 2025-12-25T19:19:35.354Z
Learning: Applies to packages/mobile-sdk-alpha/**/*.{ts,tsx} : Before committing changes, ensure the build succeeds by running `yarn build`
Learnt from: CR
Repo: selfxyz/self PR: 0
File: app/AGENTS.md:0-0
Timestamp: 2025-12-25T19:19:04.954Z
Learning: Applies to app/ios/**/* : Ensure iOS build succeeds with `yarn ios` before creating a PR
Learnt from: transphorm
Repo: selfxyz/self PR: 795
File: app/android/app/build.gradle:157-158
Timestamp: 2025-07-29T01:08:28.530Z
Learning: For this React Native project, the team prefers build flexibility over fail-fast behavior for release builds in app/android/app/build.gradle. They intentionally allow fallback to debug signing for local development runs, relying on Google Play Console validation to catch any improperly signed releases during upload.
📚 Learning: 2025-12-25T19:19:04.954Z
Learnt from: CR
Repo: selfxyz/self PR: 0
File: app/AGENTS.md:0-0
Timestamp: 2025-12-25T19:19:04.954Z
Learning: Applies to app/{package.json,app/app.json} : Bump version in `package.json` and `app.json` before deployment
Applied to files:
app/fastlane/helpers/version_manager.rbapp/fastlane/Fastfile
📚 Learning: 2025-12-25T19:19:35.354Z
Learnt from: CR
Repo: selfxyz/self PR: 0
File: packages/mobile-sdk-alpha/AGENTS.md:0-0
Timestamp: 2025-12-25T19:19:35.354Z
Learning: Applies to packages/mobile-sdk-alpha/**/*.{ts,tsx} : Ensure no breaking changes to public API or document them properly
Applied to files:
app/scripts/mobile-deploy-confirm.cjs
📚 Learning: 2025-12-25T19:19:35.354Z
Learnt from: CR
Repo: selfxyz/self PR: 0
File: packages/mobile-sdk-alpha/AGENTS.md:0-0
Timestamp: 2025-12-25T19:19:35.354Z
Learning: Applies to packages/mobile-sdk-alpha/**/*.{ts,tsx} : Before committing changes, ensure the build succeeds by running `yarn build`
Applied to files:
app/scripts/mobile-deploy-confirm.cjs
📚 Learning: 2025-07-29T01:08:28.530Z
Learnt from: transphorm
Repo: selfxyz/self PR: 795
File: app/android/app/build.gradle:157-158
Timestamp: 2025-07-29T01:08:28.530Z
Learning: For this React Native project, the team prefers build flexibility over fail-fast behavior for release builds in app/android/app/build.gradle. They intentionally allow fallback to debug signing for local development runs, relying on Google Play Console validation to catch any improperly signed releases during upload.
Applied to files:
app/scripts/mobile-deploy-confirm.cjsapp/fastlane/Fastfile
📚 Learning: 2025-12-25T19:19:04.954Z
Learnt from: CR
Repo: selfxyz/self PR: 0
File: app/AGENTS.md:0-0
Timestamp: 2025-12-25T19:19:04.954Z
Learning: Explain platform-specific code paths (iOS/Android/Web) in PR descriptions
Applied to files:
app/scripts/mobile-deploy-confirm.cjs
📚 Learning: 2025-12-25T19:19:35.354Z
Learnt from: CR
Repo: selfxyz/self PR: 0
File: packages/mobile-sdk-alpha/AGENTS.md:0-0
Timestamp: 2025-12-25T19:19:35.354Z
Learning: Applies to packages/mobile-sdk-alpha/**/*.{ts,tsx} : Before committing changes, ensure TypeScript types are valid by running `yarn types`
Applied to files:
app/scripts/mobile-deploy-confirm.cjs
📚 Learning: 2025-12-25T19:19:35.354Z
Learnt from: CR
Repo: selfxyz/self PR: 0
File: packages/mobile-sdk-alpha/AGENTS.md:0-0
Timestamp: 2025-12-25T19:19:35.354Z
Learning: Applies to packages/mobile-sdk-alpha/**/index.{ts,tsx} : Run `yarn validate:exports` to verify that exports are properly configured
Applied to files:
app/scripts/mobile-deploy-confirm.cjs
📚 Learning: 2025-12-25T19:19:04.954Z
Learnt from: CR
Repo: selfxyz/self PR: 0
File: app/AGENTS.md:0-0
Timestamp: 2025-12-25T19:19:04.954Z
Learning: Applies to app/fastlane/**/* : Verify Fastlane configuration before deployment
Applied to files:
app/scripts/mobile-deploy-confirm.cjsapp/Gemfileapp/fastlane/Fastfile
📚 Learning: 2025-11-22T23:16:26.719Z
Learnt from: transphorm
Repo: selfxyz/self PR: 1446
File: .github/workflows/mobile-bundle-analysis.yml:117-117
Timestamp: 2025-11-22T23:16:26.719Z
Learning: In the selfxyz/self repository, for mobile workflows (bundle analysis, deployment, CI/CD):
- Both iOS and Android builds now cache Ruby gems at the unified path `app/vendor/bundle`
- The previous separate paths (app/ios/vendor/bundle for iOS) have been deprecated in favor of this unified approach
Applied to files:
app/Gemfileapp/fastlane/Fastfile
📚 Learning: 2025-12-25T19:19:04.954Z
Learnt from: CR
Repo: selfxyz/self PR: 0
File: app/AGENTS.md:0-0
Timestamp: 2025-12-25T19:19:04.954Z
Learning: Applies to app/ios/**/* : Ensure iOS build succeeds with `yarn ios` before creating a PR
Applied to files:
app/fastlane/Fastfile
⏰ Context from checks skipped due to timeout of 300000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (5)
- GitHub Check: test
- GitHub Check: type-check
- GitHub Check: analyze-android
- GitHub Check: android-build-test
- GitHub Check: e2e-ios
🔇 Additional comments (6)
app/Gemfile (1)
11-11: Fastlane 2.230.0 is available and compatible with the project's Ruby 3.2+ constraint (version requires Ruby ≥ 2.6). No CVEs directly target this release; the patch bump from 2.228.0 is safe. Testing Fastlane configuration and build outputs (yarn ios,yarn android) before merge is still recommended per standard deployment practices.app/scripts/mobile-deploy-confirm.cjs (1)
444-451: LGTM! Clear user guidance for local Android deployments.The warning appropriately informs users about the disabled local Android upload flow and provides clear next steps. The conditional logic correctly targets LOCAL_FASTLANE deployments for Android/Both platforms.
app/fastlane/Fastfile (4)
175-177: LGTM! Correct sequencing for local iOS build number bump.The bump occurs before reading the build number from version.json (line 180), ensuring the incremented value is used. The conditional logic appropriately restricts bumping to local development when version bumps aren't skipped.
Note: This change depends on the fix for the race condition identified in
version_manager.rb.
317-318: Clear messaging for local Android development upload restrictions.The updated messages appropriately inform users that Play Store uploads are disabled for local builds and provide clear guidance for manual AAB upload.
338-340: LGTM! Consistent with iOS build number bump implementation.The Android bump follows the same pattern as iOS: bump in local development when version bumps aren't skipped, then read the incremented value from version.json (line 343).
Note: This change depends on the fix for the race condition identified in
version_manager.rb.
374-376: Helpful manual upload guidance for local Android builds.The conditional message provides the specific AAB file path when local development forces skip_upload, making it easier for developers to locate and manually upload the build artifact.
| def bump_local_build_number(platform) | ||
| unless %w[ios android].include?(platform) | ||
| UI.user_error!("Invalid platform: #{platform}. Must be 'ios' or 'android'") | ||
| end | ||
|
|
||
| data = read_version_file | ||
| data[platform]["build"] += 1 | ||
|
|
||
| write_version_file(data) | ||
| UI.success("Bumped #{platform} build number to #{data[platform]["build"]}") | ||
|
|
||
| data[platform]["build"] | ||
| end |
There was a problem hiding this comment.
Race condition risk when bumping multiple platforms concurrently.
If iOS and Android builds run in parallel locally (e.g., yarn mobile-local-deploy both), both lanes will call bump_local_build_number. Without file locking, the read-modify-write sequence can interleave, causing one platform's increment to be lost.
Scenario:
- iOS lane reads version.json:
{ios: {build: 100}, android: {build: 200}} - Android lane reads version.json:
{ios: {build: 100}, android: {build: 200}} - iOS lane writes:
{ios: {build: 101}, android: {build: 200}} - Android lane writes:
{ios: {build: 100}, android: {build: 201}}(iOS bump lost)
🔒 Proposed fix using file locking
def bump_local_build_number(platform)
unless %w[ios android].include?(platform)
UI.user_error!("Invalid platform: #{platform}. Must be 'ios' or 'android'")
end
+ require 'fileutils'
+ lock_file = "#{VERSION_FILE_PATH}.lock"
+
+ # Acquire exclusive lock
+ File.open(lock_file, File::RDWR|File::CREAT, 0644) do |lock|
+ lock.flock(File::LOCK_EX)
+
- data = read_version_file
- data[platform]["build"] += 1
+ data = read_version_file
+ data[platform]["build"] += 1
- write_version_file(data)
- UI.success("Bumped #{platform} build number to #{data[platform]["build"]}")
+ write_version_file(data)
+ UI.success("Bumped #{platform} build number to #{data[platform]["build"]}")
- data[platform]["build"]
+ data[platform]["build"]
+ end # lock automatically released
endCommittable suggestion skipped: line range outside the PR's diff.
🤖 Prompt for AI Agents
In @app/fastlane/helpers/version_manager.rb around lines 47 - 59, The
bump_local_build_number method has a race condition during the read-modify-write
of the version file; wrap the sequence that calls read_version_file, increments
data[platform]["build"], and write_version_file in an exclusive file lock (e.g.,
using File.open + flock) so concurrent processes serialize access; update
bump_local_build_number to acquire the lock on the versions file before reading
and only release it after writing and returning the new build number, ensuring
you still call UI.success and return data[platform]["build"] after the locked
update.
Motivation
Description
app/Gemfileto~> 2.230.0and refreshedapp/Gemfile.lockaccordingly.bump_local_build_number(platform)toapp/fastlane/helpers/version_manager.rbto increment and persist local build numbers.app/fastlane/Fastfileto automatically bump iOS/Android build numbers during local fastlane runs (whenlocal_developmentandversion_bump != "skip").upload_android_buildby forcingskip_uploadin local dev and added explicit manual-upload console messages, and added a warning inapp/scripts/mobile-deploy-confirm.cjswhen local fastlane is chosen for Android.Testing
Gemfile.lockwas written.yarn nice,yarn types,yarn test,yarn build) and local fastlane smoke checks before merging.Codex Task
Summary by CodeRabbit
Release Notes
New Features
Chores
✏️ Tip: You can customize this high-level summary in your review settings.