chore: Remove redundant social keys

[Cal-L]

Description

This is part of the effort to reduce the amount of GH repo secrets. Remove redundant social auth related keys and unused qa build configs.

MAIN_IOS_GOOGLE_CLIENT_ID_UAT
MAIN_IOS_GOOGLE_REDIRECT_URI_UAT
MAIN_ANDROID_GOOGLE_CLIENT_ID_UAT
MAIN_ANDROID_GOOGLE_SERVER_CLIENT_ID_UAT
MAIN_ANDROID_APPLE_CLIENT_ID_UAT

Changelog

CHANGELOG entry:

Related issues

Fixes: #29773

Manual testing steps

Feature: my feature name

  Scenario: user [verb for user action]
    Given [describe expected initial app state]

    When user [verb for user action]
    Then [describe expected outcome]

Screenshots/Recordings

Before

After

Pre-merge author checklist

• I've followed MetaMask Contributor Docs and MetaMask Mobile Coding Standards.
• I've completed the PR template to the best of my ability
• I've included tests if applicable
• I've documented my code using JSDoc format if applicable
• I've applied the right labels on the PR (see labeling guidelines). Not required for external contributors.

Performance checks (if applicable)

• I've tested on Android
  • Ideally on a mid-range device; emulator is acceptable
• I've tested with a power user scenario
  • Use these power-user SRPs to import wallets with many accounts and tokens
• I've instrumented key operations with Sentry traces for production performance metrics
  • See trace() for usage and addToken for an example

For performance guidelines and tooling, see the Performance Guide.

Pre-merge reviewer checklist

• I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
• I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

---

Note

Low Risk
Low risk because this only removes unused/legacy QA build entries and redundant OAuth-related secret wiring in CI/build scripts; main/flask build paths and canonical secret names remain unchanged. Risk is limited to any external/legacy pipeline still depending on the deleted QA build names or old secret aliases.

Overview
Removes legacy QA build support by deleting the qa-prod/qa-dev entries from builds.yml and dropping them from the build.yml dispatch options.

Simplifies CI secret wiring by removing the unused MAIN_*_UAT and FLASK_*_PROD OAuth/social env vars from E2E build/test workflows (build-android-e2e.yml, build-ios-e2e.yml, run-e2e-workflow.yml, run-e2e-api-specs.yml, update-e2e-fixtures.yml) and deleting the corresponding remap logic from scripts/build.sh.

^{Reviewed by Cursor Bugbot for commit f238c9a. Bugbot is set up for automated code reviews on this repo. Configure here.}

[github-actions]

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

[github-actions]

🔍 Smart E2E Test Selection

• Selected E2E tags: SmokeSeedlessOnboarding
• Selected Performance tags: None (no tests recommended)
• Risk Level: medium
• AI Confidence: 72%

click to see 🤖 AI reasoning details

E2E Test Selection:
All changes in this PR are CI/build infrastructure changes — no app source code is modified. The changes fall into two categories:

1. Removal of legacy QA build types (qa-prod, qa-dev) from builds.yml and build.yml workflow choices. These were legacy internal testing builds that are being retired.

2. Removal of OAuth credential remapping from scripts/build.sh and all E2E-related GitHub Actions workflows (build-android-e2e.yml, build-ios-e2e.yml, run-e2e-workflow.yml, run-e2e-api-specs.yml, update-e2e-fixtures.yml). The removed credentials are: IOS_GOOGLE_CLIENT_ID, IOS_GOOGLE_REDIRECT_URI, ANDROID_APPLE_CLIENT_ID, ANDROID_GOOGLE_CLIENT_ID, ANDROID_GOOGLE_SERVER_CLIENT_ID (in their various environment-specific forms).

Risk Assessment:

• The OAuth credential removal from build scripts and CI workflows is the most impactful change. These credentials are used for social login (Google/Apple OAuth) in the seedless onboarding flow. If the E2E builds no longer inject these credentials, SmokeSeedlessOnboarding tests that rely on Google/Apple OAuth could be affected.
• However, the intent appears to be a cleanup — the QA build type that used these credentials is being removed, and the remaining build types may handle OAuth differently (e.g., via builds.yml secret mappings that are still present for non-QA builds, or the feature may be restructured to not need these specific env vars).
• All other E2E test tags are unaffected — no changes to test runner infrastructure, fixture servers, page objects, or app code.
• No performance-sensitive code is changed, so no performance tests are needed.

Selected Tags: SmokeSeedlessOnboarding — to validate that the removal of OAuth credential injection doesn't break the seedless onboarding E2E tests, which are the only tests directly dependent on these credentials.

Performance Test Selection:
No app source code, UI components, controllers, or performance-sensitive paths were modified. All changes are purely CI/build infrastructure (workflow YAML files, build script, builds configuration). No performance tests are warranted.

View GitHub Actions results

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud