chore: improve ios build on CI

[Rohit3523]

Proposed changes

The goal of this PR

• Addedretry-step action to the iOS build workflow to improve stability (macOS runners often hang, retry-step already improved Maestro builds by ~95%)
• Add artifact retention of 14 days for iOS uploads
• Enable concurrency to avoid overlapping builds.

Action Link: https://github.com/RocketChat/Rocket.Chat.ReactNative/actions/runs/18877586230?pr=6748

Issue(s)

https://rocketchat.atlassian.net/browse/COMM-58

How to test or reproduce

Screenshots

Types of changes

• Bugfix (non-breaking change which fixes an issue)
• Improvement (non-breaking change which improves a current function)
• New feature (non-breaking change which adds functionality)
• Documentation update (if none of the other choices apply)

Checklist

• I have read the CONTRIBUTING doc
• I have signed the CLA
• Lint and unit tests pass locally with my changes
• I have added tests that prove my fix is effective or that my feature works (if applicable)
• I have added necessary documentation (if applicable)
• Any dependent changes have been merged and published in downstream modules

Further comments

Summary by CodeRabbit

• Chores
  • iOS builds now run inside a retry wrapper (up to 3 attempts, wait between attempts, step-level timeout) to improve resilience.
  • Artifact retention extended to 14 days for dSYM and Info.plist uploads.
  • Workflow concurrency added to cancel redundant in-flight runs when a new run starts.
  • Removed an explicit build timeout to allow longer-running iOS builds to finish.

[coderabbitai]

Walkthrough

Wraps the iOS build step in a retry action (3 attempts, 60s wait, 60-minute timeout), adds 14-day retention to iOS dSYM and Info.plist artifact uploads, adds a top-level concurrency policy to the develop workflow, and removes explicit 60-minute timeouts from iOS build workflows. (34 words)

Changes

Cohort / File(s)	Summary
iOS Build Action \.github/actions/build-ios/action.yml	Replaced direct shell build invocation with nick-fields/retry@v3 wrapper running from the ios directory; configured max_attempts: 3, retry_wait_seconds: 60, timeout_minutes: 60; moved shell specification into the retry step; added retention-days: 14 to dSYM and Info.plist upload-artifact steps for both official and experimental paths.
Develop Workflow Concurrency \.github/workflows/build-develop.yml	Added top-level concurrency block using the workflow name as group and cancel-in-progress: true to cancel prior in-flight runs when a new run starts.
Workflow Timeout Removal \.github/workflows/build-ios.yml, \.github/workflows/build-official-ios.yml	Removed timeout-minutes: 60 from the Build iOS step(s), eliminating the explicit 60-minute execution timeout on those workflow steps.

Sequence Diagram(s)

sequenceDiagram
    participant DevWF as build-develop.yml
    participant Runner as CI Runner
    participant Action as build-ios/action.yml
    participant Retry as nick-fields/retry@v3

    DevWF->>Runner: start job (concurrency may cancel previous)
    Runner->>Action: invoke build-ios action
    Action->>Retry: execute build command in `ios/` (max_attempts=3, wait=60s, timeout=60m)
    alt build succeeds within attempts
        Retry->>Runner: build success
        Runner->>Action: upload artifacts (dSYM, Info.plist) with retention-days: 14
    else attempts exhausted / failure
        Retry->>Runner: final failure
        Runner->>Action: upload any produced artifacts (if present) with retention-days: 14
    end

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

• Pay attention to:
  • \.github/actions/build-ios/action.yml: verify the retry wrapper preserves the existing official vs experimental conditional paths and the working-directory is correct.
  • Artifact upload steps: confirm retention-days: 14 is applied to the correct steps and uses valid YAML syntax.
  • \.github/workflows/build-develop.yml: confirm concurrency expression and cancel-in-progress behavior are intended.
  • \.github/workflows/build-ios.yml and \.github/workflows/build-official-ios.yml: ensure removing timeout-minutes doesn't introduce unintended long-running jobs.

Suggested reviewers

• diegolmello

Poem

🐰 I hopped into CI with retries neat,
Three little tries, each pause a heartbeat.
Artifacts nap for fourteen days bright,
Old runs get canceled to keep things light.
Hop, build, and nibble—then sleep till night.

Pre-merge checks and finishing touches

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'chore: improve ios build on CI' directly matches the pull request's primary objective of improving iOS build reliability on CI infrastructure.
Linked Issues check	✅ Passed	The PR implements all stated objectives: adds retry logic to iOS builds, adds 14-day artifact retention, and enables concurrency to prevent overlapping builds.
Out of Scope Changes check	✅ Passed	All changes directly relate to iOS build CI improvements: retry wrapper, artifact retention, concurrency configuration, and timeout adjustments align with stated objectives.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch improve-ios-build

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 0860f9c and 24b8fe7.

📒 Files selected for processing (1)

• .github/actions/build-ios/action.yml (2 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• .github/actions/build-ios/action.yml

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: ESLint and Test / run-eslint-and-test
• GitHub Check: format

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

iOS Build Available

Rocket.Chat Experimental 4.66.0.107610

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

.github/workflows/build-develop.yml (1)

11-13: Concurrency control correctly configured; group naming is slightly verbose.

The concurrency block correctly prevents overlapping runs and cancels outdated jobs. The group name ${{ github.workflow }}-develop resolves to "Build Develop-develop" (redundant "develop" suffix), though this is harmless and still functional. If clarity is desired, consider simplifying to ${{ github.workflow }} or a custom identifier.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 55e7db3 and f7bedfa.

📒 Files selected for processing (2)

• .github/actions/build-ios/action.yml (2 hunks)
• .github/workflows/build-develop.yml (1 hunks)

🔇 Additional comments (3)

.github/actions/build-ios/action.yml (3)

117-130: Retry wrapper correctly implemented; verify timeout semantics.

The nick-fields/retry@v3 wrapper with 3 attempts and 60-second retry delay is a sound approach to mitigate transient macOS CI failures. Environment variables are correctly positioned outside the action, ensuring proper scoping across retries.

However, clarify the timeout behavior: Does timeout_minutes: 30 apply per attempt (potentially up to ~100 minutes total with waits) or across all retries? Verify this aligns with your CI capacity and expected build duration.

---

117-130: Verify exponential backoff claim from AI summary.

The AI summary states the build uses "exponential backoff," but the visible configuration shows retry_wait_seconds: 60 (fixed delay). Verify whether:

1. nick-fields/retry@v3 applies exponential backoff automatically despite the fixed value, or
2. The summary overstates the retry behavior (actual behavior is fixed 60-second delays).

---

153-183: Artifact retention policy appropriately applied to debug and metadata artifacts.

The 14-day retention period for dSYM and Info.plist artifacts is a sensible choice for post-build debugging and compliance. IPA artifacts are intentionally excluded, likely due to storage constraints or policy.

[coderabbitai]

Actionable comments posted: 2

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

• Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 3d87f99 and 0860f9c.

📒 Files selected for processing (3)

• .github/actions/build-ios/action.yml (2 hunks)
• .github/workflows/build-ios.yml (0 hunks)
• .github/workflows/build-official-ios.yml (0 hunks)

💤 Files with no reviewable changes (2)

• .github/workflows/build-official-ios.yml
• .github/workflows/build-ios.yml

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: ESLint and Test / run-eslint-and-test
• GitHub Check: format

🔇 Additional comments (4)

.github/actions/build-ios/action.yml (4)

116-131: Verify timeout reduction from 60 to 50 minutes is safe.

The retry step wraps the iOS build with 3 retries and a 50-minute timeout. However, the AI summary indicates the previous timeout was 60 minutes. If typical builds regularly consume 55+ minutes, the new 50-minute limit could cause legitimate builds to timeout prematurely, triggering unnecessary retries and slowing CI.

Also note: retry_on: timeout means only timeout failures retry; build errors or dependency issues fail immediately without retry. Confirm this aggressive behavior is intentional.

Please verify:

1. Typical build duration: Does the iOS build normally take 50–60 minutes? If so, the timeout may be too tight.
2. Intended retry behavior: Should the retry action only retry on timeout, or should it also retry on other transient failures?

You can check recent CI run logs to estimate typical build duration.

---

160-160: Artifact retention policy looks good.

Adding 14-day explicit retention to dSYM and Info.plist artifacts is a best practice for debugging and compliance. The configuration is consistent across both official and experimental build paths, and 14 days is a reasonable balance between retention needs and storage costs.

Also applies to: 168-168, 176-176, 184-184

---

116-131: Verify timeout reduction from 60 to 50 minutes is safe for your typical build duration.

The retry step wraps the iOS build with 3 retries and a 50-minute timeout. The AI summary indicates the previous timeout was 60 minutes. If your builds regularly take 55–60 minutes, the new 50-minute limit could cause legitimate builds to timeout prematurely, triggering unnecessary retries and wasting CI resources.

Also note: retry_on: timeout means only timeout failures will retry; build errors or transient dependency issues fail immediately without retry. Confirm this fail-fast behavior is intentional.

Please verify:

1. Typical build duration: Review recent CI run logs to confirm whether iOS builds normally take 50–55 minutes. If they frequently approach 55–60 minutes, the new 50-minute timeout may be too tight.
2. Retry strategy: Confirm that retrying only on timeout (not on all transient failures) is the intended behavior.

---

160-160: Artifact retention configuration is sound.

Adding explicit 14-day retention to dSYM and Info.plist artifacts is a best practice for debugging and compliance. The retention is applied consistently across both official and experimental build paths, and 14 days is a reasonable balance between retention needs and storage costs.

Also applies to: 168-168, 176-176, 184-184

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

Verify nick-fields/retry@v3 is actively maintained.

The retry wrapper improves CI stability for transient macOS runner hangs (per PR objectives). However, nick-fields/retry is a third-party community action, so verify it is actively maintained and free from known security issues.

---

🌐 Web query:

nick-fields/retry v3 GitHub action maintenance security vulnerabilities

💡 Result:

Short answer: nick-fields/retry@v3 is widely used but appears effectively unmaintained and has flagged security/maintenance issues; security scanners recommend replacing or pinning it. [1][2][3]

Details and sources

• Official repo/Marketplace listing (nick-fields/retry v3) — describes the action and ownership but shows repository issues/PRs; no guarantee of active maintenance. [1]
• Security/quality scan (StepSecurity / Action Advisor) flags nick-fields/retry with low score, multiple detected vulnerabilities, and little recent maintenance activity; it recommends the drop-in alternative step-security/retry. [2]
• Independent coverage of GitHub Actions supply‑chain risks explains why using mutable tags (e.g., @V3) or unmaintained third‑party actions increases risk. Best practice: pin to a commit SHA or use a maintained, audited replacement. [3]

Recommendations

• Replace nick-fields/retry@v3 with a maintained alternative (e.g., step-security/retry) or another audited action. [2]
• If you must keep using it, pin to a specific commit SHA (not the mutable @V3 tag) and review the action code; monitor for CVEs and upstream fixes. [3]

Sources
[1] GitHub Marketplace / nick-fields/retry (action docs).
[2] StepSecurity / Action Advisor scan for retry (security score, vulnerabilities, recommendation).
[3] Analysis of GitHub Actions supply‑chain risks and best practices.

---

---

Replace unmaintained dependency or pin to specific commit SHA.

nick-fields/retry@v3 is unmaintained and flagged with multiple security vulnerabilities and low maintenance activity by security scanners. Use a maintained alternative like step-security/retry, or if you must retain nick-fields/retry, pin to a specific commit SHA rather than the mutable @V3 tag.

🤖 Prompt for AI Agents

In .github/actions/build-ios/action.yml around line 117, the workflow uses the
unmaintained action reference "nick-fields/retry@v3"; update this to either a
maintained alternative (for example "step-security/retry@<latest-tag-or-sha>" or
another actively maintained retry action) or pin the existing action to an
immutable commit SHA (e.g., "nick-fields/retry@<commit-sha>") to avoid mutable
tags; change the uses line accordingly and run a quick CI to validate behavior.

---

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

Verify nick-fields/retry@v3 is actively maintained.

The retry action improves stability for transient macOS hangs (per PR objectives), but it's a third-party action. Confirm it's actively maintained and free from known vulnerabilities.

---

🌐 Web query:

nick-fields/retry@v3 GitHub action maintenance status security

💡 Result:

Short answer

• nick-fields/retry@v3 is a third‑party GitHub Action still published (Marketplace README shows v3 and author/ownership). [1]
• Multiple automated security scanners flag the action as low-maintenance and having unresolved findings; StepSecurity’s Action Advisor reports no commit/issue activity in the last 90 days and several detected vulnerabilities, and recommends step-security/retry as a maintained drop‑in replacement. [2][3]
• Public telemetry (issue/PR counts) shows substantial past use but many open issues/PRs on the repo, indicating limited recent maintenance. [4]

What I recommend

• If you require a maintained/secure action, replace nick-fields/retry@v3 with a vetted maintained alternative (e.g., step-security/retry) or pin to a commit and review its code & dependencies before use. [2]
• If you must keep nick-fields/retry, audit its dependencies, enable least-privilege tokens, and rotate any secrets if you suspect exposure.

Sources

1. Marketplace README for retry (nick-fields). [GitHub Marketplace]. [1]
2. StepSecurity Action Advisor security/maintenance comparison (recommends step-security/retry). [2]
3. StepSecurity blog/coverage and wider reporting on GitHub Actions supply‑chain issues (context for risk). [5][6]
4. Public repo/issue stats for nick-fields (ecosyste.ms summary showing issue/PR activity). [4]

Would you like me to (a) check the repo’s most recent commit date and open-issue timestamps now, or (b) prepare a one-line workflow replacement using step-security/retry?

---

Replace nick-fields/retry@v3 with an actively maintained alternative.

StepSecurity Action Advisor reports no commit/issue activity in the last 90 days and several detected vulnerabilities. step-security/retry is recommended as a maintained drop-in replacement. Switch to that action or audit dependencies and enable least-privilege tokens if you must retain this action.

🤖 Prompt for AI Agents

.github/actions/build-ios/action.yml around line 117: the workflow uses an
unmaintained action nick-fields/retry@v3; replace it with the actively
maintained drop-in alternative step-security/retry (use the latest stable tag,
e.g. step-security/retry@v1) and verify input/option names match the original
action; after swapping, run the workflow to confirm behavior is unchanged and,
if you must keep any third‑party action, audit its dependencies and tighten
workflow permissions (least-privilege tokens) in the workflow file.

[github-actions]

iOS Build Available

Rocket.Chat Experimental 4.67.0.107646

[github-actions]

iOS Build Available

Rocket.Chat Experimental 4.68.0.107787