Luckily, this post has directed me to the right track:
If you try ‘security show-keychain-info keychain-file’ then you’ll get the error “User interaction is not allowed”, and that’s a phrase to search with for some more info.
When I tried that:
$ sudo su - jenkins
server:~ jenkins$ security show-keychain-info ~/Library/Keychains/login.keychain
security: SecKeychainCopySettings /Users/Shared/Jenkins/Library/Keychains/login.keychain: User interaction is not allowed.
Well, well, I’d expected that. Let’s unlock that first:
Behold: timeout=300s. It hit me that while the project is built by Jenkins, more than 5 minutes pass (due to the long process of JS&CSS compressing, but that’s another topic) and the keychain is locked again. We should fix that: