From b977ae1cb1ef552707d43eb12050ae1ad45e18a6 Mon Sep 17 00:00:00 2001
From: Henry Allen <31718268+hmallen99@users.noreply.github.com>
Date: Fri, 4 Oct 2024 10:57:21 -0400
Subject: [PATCH] Add build pipeline (#6)

---
 .github/workflows/build.yml | 108 ++++++++++++++++++++++++++++++++++++
 .github/workflows/push.yml  |  32 -----------
 2 files changed, 108 insertions(+), 32 deletions(-)
 create mode 100644 .github/workflows/build.yml
 delete mode 100644 .github/workflows/push.yml

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
new file mode 100644
index 000000000000..457f967e1e8a
--- /dev/null
+++ b/.github/workflows/build.yml
@@ -0,0 +1,108 @@
+name: Build iOS App
+
+permissions:
+  id-token: write
+  contents: write
+  deployments: write
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+
+jobs:
+  build_ios_app:
+    runs-on: macos-latest
+    steps:
+      - name: check Xcode version
+        run: /usr/bin/xcodebuild -version
+
+      - name: checkout repository
+        uses: actions/checkout@v4
+
+      - name: Use Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 22
+
+      - name: Install the Apple certificate and provisioning profile
+        env:
+          BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }}
+          P12_PASSWORD: ${{ secrets.P12_PASSWORD }}
+          BUILD_PROVISION_PROFILE_BASE64: ${{ secrets.BUILD_PROVISION_PROFILE_BASE64 }}
+          KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
+        run: |
+          # create variables
+          CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
+          PP_PATH=$RUNNER_TEMP/build_pp.mobileprovision
+          KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
+
+          # import certificate and provisioning profile from secrets
+          echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH
+          echo -n "$BUILD_PROVISION_PROFILE_BASE64" | base64 --decode -o $PP_PATH
+
+          # create temporary keychain
+          security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
+          security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
+          security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
+
+          # import certificate to keychain
+          security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
+          security list-keychain -d user -s $KEYCHAIN_PATH
+
+          # apply provisioning profile
+          mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles
+          cp $PP_PATH ~/Library/MobileDevice/Provisioning\ Profiles
+
+      - name: build javascript bundle
+        run: |
+          npm install
+          npm run build:ios -- --dev false
+
+      - uses: actions/cache/restore@v4
+        id: cache-xcarchive
+        with:
+          path: ./GpuWebCTS.xcarchive
+          key: ${{ runner.os }}-${{ hashFiles('**/Podfile.lock') }}
+
+      - name: build archive
+        if: steps.cache-xcarchive.outputs.cache-hit != 'true'
+        run: |
+          pod install --project-directory=ios
+
+          xcodebuild -scheme "gpuweb-cts-react-native" \
+          -archivePath "GpuWebCTS.xcarchive" \
+          -workspace ios/gpuweb-cts-react-native.xcworkspace \
+          -configuration Release \
+          -sdk iphoneos \
+          -destination generic/platform=iOS \
+          -allowProvisioningUpdates \
+          DEVELOPMENT_TEAM=${{ secrets.DEVELOPMENT_TEAM_ID }} \
+          clean archive
+
+          cp dist/main.ios.jsbundle GpuWebCTS.xcarchive/Products/Applications/ReactTestApp.app
+
+      - uses: actions/cache/save@v4
+        with:
+          path: ./GpuWebCTS.xcarchive
+          key: ${{ steps.cache-xcarchive.outputs.cache-primary-key }}
+
+      - name: export ipa
+        run: |
+          xcodebuild -exportArchive -archivePath GpuWebCTS.xcarchive -exportOptionsPlist GpuWebCTS.xcarchive/Info.plist -exportPath ${{ runner.temp }}/build
+          mv ${{ runner.temp }}/build/ReactTestApp.ipa ${{ runner.temp }}/build/GpuWebCTS.ipa
+
+      - name: Upload application
+        uses: actions/upload-artifact@v4
+        with:
+          name: GpuWebCTSApp
+          path: ${{ runner.temp }}/build/GpuWebCTS.ipa
+          retention-days: 1
+
+      - name: Upload bundle
+        uses: actions/upload-artifact@v4
+        with:
+          name: GpuWebCTSBundle
+          path: dist/main.ios.jsbundle
+          retention-days: 1
diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml
deleted file mode 100644
index b7cdb2450ef1..000000000000
--- a/.github/workflows/push.yml
+++ /dev/null
@@ -1,32 +0,0 @@
-name: Push CI
-
-on:
-  workflow_dispatch:
-  push:
-    branches: [main]
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.head_ref || github.ref }}
-  cancel-in-progress: true
-
-jobs:
-  build:
-    runs-on: ubuntu-latest
-    timeout-minutes: 15
-    steps:
-      - uses: actions/checkout@v2.3.1
-        with:
-          persist-credentials: false
-      - uses: actions/setup-node@v2-beta
-        with:
-          node-version: "16.x"
-      - run: npm ci
-      - run: |
-          npm test
-          mkdir deploy-build/
-          cp -r README.md src standalone out out-wpt docs tools deploy-build/
-      - uses: JamesIves/github-pages-deploy-action@4.1.4
-        with:
-          BRANCH: gh-pages
-          FOLDER: deploy-build
-          CLEAN: true