Merge pull request #257 from bcgov/feature/app-store-cert-github-actions

[FEATURE][INSPECT-250]** Add App Store Connect certificate/provisioning to GitHub actions

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,13 @@
+## Pull Request Standards
+
+- [ ] The title of the PR is accurate
+- [ ] The title includes the type of change [`HOTFIX`, `FEATURE`, `etc`]  
+- [ ] The PR title includes the ticket number in format of `[INSPECT-###]`
+- [ ] Documentation is updated to reflect change
+
+# Description
+
+This PR includes the following proposed change(s):
+
+- { List all the changes made }
+- { Include any screenshots necessary }

.github/labeller.yaml

@@ -0,0 +1,15 @@
+# Auto Label Git Action Config
+# 'label_name'
+#   - path_of_diff/where/code_lives/to_base_label_upon
+
+# Any change to any file in .github/workflows
+'GitHub Actions':
+  - '.github/workflows/*'
+
+# Any changes to file or subfolders in /frontend
+'Frontend':
+  - 'ipad/**/*'
+
+# Any change to any file in any directory with a .env in name
+'Environment Variables':
+  - '**/*.env*'

.github/workflows/main.yaml

@@ -0,0 +1,110 @@
+name: Build
+on: 
+  push:
+    branches: [ "master" ]
+
+jobs:
+  build-ios:
+    name: Build and sign ios
+    runs-on: macos-latest
+
+    env:
+      PROJECT: ${{ 'invasivesbc-mussels.iOS.xcworkspace' }}
+      SCHEME: ${{ 'invasivesbc-mussels.iOS' }}
+      DATA_DIR: ${{ 'xcbuild' }}
+      ARCHIVE_NAME:  ${{ 'invasivesbc-mussels.iOS.xcarchive' }}
+      EXPORT_DIR: ${{ 'export' }}
+      IPA_NAME: ${{ 'invasivesbc-mussels.iOS.ipa' }}
+
+    steps:
+      - name: run number with offset
+        env:
+          NUM: ${{ github.run_number }}
+        run: |
+          echo ::set-env name=GITHUB_RUN_NUMBER_WITH_OFFSET::$(($NUM+383))
+
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Display XCode Path for debug
+        run: |
+          xcode-select -p  
+
+      - name: Cache Pods
+        uses: actions/cache@v3
+        with:
+          path: ios/Pods
+          key: ${{ runner.os }}-pods-${{ hashFiles('**/Podfile.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-pods-   
+
+      - name: CocoaPod Install
+        run: pod install 
+
+      # from https://docs.github.com/en/enterprise-cloud@latest/actions/deployment/deploying-xcode-applications/installing-an-apple-certificate-on-macos-runners-for-xcode-development
+      - name: Install the Apple certificate and provisioning profile
+        env:
+          # The first two keys are from the bcgov organization secrets
+          BUILD_CERTIFICATE_BASE64: ${{ secrets.APPLE_APP_STORE_BUILD_CERTIFICATE_BASE64 }}
+          P12_PASSWORD: ${{ secrets.APPLE_APP_STORE_BUILD_CERTIFICATE_PASSWD }}
+          # These two keys are from your app's repo secrets
+          BUILD_PROVISION_PROFILE_BASE64: ${{ secrets.IOS_PROVISION_PROFILE_BASE64 }}
+          KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
+        run: |
+          # create variables
+          CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
+          PP_PATH=$RUNNER_TEMP/build_pp.mobileprovision
+          KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
+
+          # import certificate and provisioning profile from secrets
+          echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode --output $CERTIFICATE_PATH
+          echo -n "$BUILD_PROVISION_PROFILE_BASE64" | base64 --decode --output $PP_PATH
+
+          # create temporary keychain
+          security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
+          security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
+          security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
+
+          # import certificate to keychain
+          security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
+          security list-keychain -d user -s $KEYCHAIN_PATH
+
+          # apply provisioning profile
+          mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles
+          cp $PP_PATH ~/Library/MobileDevice/Provisioning\ Profiles    
+
+      - name: Increment Build No.
+        env:
+          BUILD_NO: ${{ env.GITHUB_RUN_NUMBER_WITH_OFFSET }}
+        run: |
+          # Set Build Number. Not worrying about storing to repo.
+          agvtool new-version -all ${BUILD_NO}
+
+      - name: Build For Release
+        run: |
+          xcodebuild \
+          -workspace $PROJECT \
+          -scheme $SCHEME \
+          -configuration Release \
+          -sdk iphoneos \
+          -derivedDataPath $DATA_DIR \
+          -archivePath ${DATA_DIR}/${ARCHIVE_NAME} \
+          archive
+
+      - name: Export Archive 
+        # This is the step that signs the build
+        run: |
+          xcodebuild \
+          -exportArchive \
+          -archivePath ${DATA_DIR}/${ARCHIVE_NAME} \
+          -exportPath $EXPORT_DIR \
+          -exportOptionsPlist exportOptions.plist \
+          -verbose
+
+      - name: Upload a Build Artifact
+        uses: actions/upload-artifact@v3
+        with:
+          name: ios-release
+          path: ${{ env.EXPORT_DIR }}
+          if-no-files-found: error
+          retention-days: 5

.github/workflows/pr-labeller.yaml

@@ -0,0 +1,15 @@
+name: "Pull Request Labeler"
+on:
+- pull_request_target
+
+jobs:
+  triage:
+    permissions:
+      contents: read
+      pull-requests: write
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/labeler@v4
+      with:
+        repo-token: "${{ secrets.GITHUB_TOKEN }}"
+        configuration-path: .github/labeller.yaml