Create GitHub workflow for creating TestFlight builds

- Exposing build log and artifacts
- Building with retroarch-apple-deps
- Create GitHub workflow for creating TestFlight builds for mac
- Manually select Xcode 16.0, and add workflow_dispatch to manually trigger
- Run on macos-15 runner (which has Xcode 16)
- Use personal access token
- Parameterize manual workflow trigger
- Allow workflow execution from any branch

.github/workflows/iOS-AppStore.yml

@@ -0,0 +1,88 @@
+name: iOS App Store
+on:
+  # push:
+  workflow_dispatch:
+    inputs:
+      branch:
+        description: 'Branch to build from'
+        type: string
+        required: true
+        default: 'master'
+      upload:
+        description: 'Upload to TestFlight'
+        type: boolean
+        required: true
+        default: true
+  schedule:
+    - cron: '0 0 * * *'
+jobs:
+  build-and-deploy:
+    runs-on: macos-15
+    steps:
+      - name: Sync
+        env:
+          GITHUB_TOKEN: ${{ secrets.GH_PAT }}
+          REPOSITORY: ${{ github.repository }}
+        run: gh repo sync $REPOSITORY -b master
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Setup Deps
+        env:
+          GITHUB_TOKEN: ${{ secrets.GH_PAT }}
+        run: |
+          gh repo clone warmenhoven/retroarch-apple-deps
+          sudo mv retroarch-apple-deps /usr/local/share
+      - name: Setup Certs
+        env:
+          BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }}
+          P12_PASSWORD: ${{ secrets.P12_PASSWORD }}
+          IOS_BUILD_PROVISION_PROFILE_BASE64: ${{ secrets.IOS_BUILD_PROVISION_PROFILE_BASE64 }}
+          IOS_WIDGET_BUILD_PROVISION_PROFILE_BASE64: ${{ secrets.IOS_WIDGET_BUILD_PROVISION_PROFILE_BASE64 }}
+          KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
+        run: |
+          # create variables
+          CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
+          PP_PATH=$RUNNER_TEMP/build_pp.mobileprovision
+          PP_EXT_PATH=$RUNNER_TEMP/build_pp_ext.mobileprovision
+          KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
+
+          # import certificate from secrets
+          echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH
+          echo -n "$IOS_BUILD_PROVISION_PROFILE_BASE64" | base64 --decode -o $PP_PATH
+          echo -n "$IOS_WIDGET_BUILD_PROVISION_PROFILE_BASE64" | base64 --decode -o $PP_EXT_PATH
+
+          # create temporary keychain
+          security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
+          security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
+          security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
+
+          # import certificate to keychain
+          security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
+          security set-key-partition-list -S apple-tool:,apple: -k "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
+          security list-keychain -d user -s $KEYCHAIN_PATH
+
+          # apply provisioning profile
+          mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles
+          cp $PP_PATH ~/Library/MobileDevice/Provisioning\ Profiles
+          cp $PP_EXT_PATH ~/Library/MobileDevice/Provisioning\ Profiles
+      - name: Fastlane
+        env:
+          APP_STORE_CONNECT_API_KEY_ISSUER_ID: ${{ secrets.APP_STORE_CONNECT_API_KEY_ISSUER_ID }}
+          APP_STORE_CONNECT_API_KEY_KEY: ${{ secrets.APP_STORE_CONNECT_API_KEY_KEY }}
+          APP_STORE_CONNECT_API_KEY_KEY_ID: ${{ secrets.APP_STORE_CONNECT_API_KEY_KEY_ID }}
+        run: |
+          cd pkg/apple
+          if [ -n "${{ inputs.branch }}" ] ; then BRANCH='${{ inputs.branch }}' ; else BRANCH=master ; fi
+          if [ -n "${{ inputs.upload }}" ] ; then UPLOAD='upload:${{ inputs.upload }}' ; fi
+          fastlane ios build branch:$BRANCH $UPLOAD
+      - name: Get short SHA
+        id: slug
+        run: echo "sha8=$(echo ${GITHUB_SHA} | cut -c1-8)" >> $GITHUB_OUTPUT
+      - name: Artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: RetroArch-iOS-${{ steps.slug.outputs.sha8 }}
+          overwrite: true
+          path: |
+            pkg/apple/RetroArch.ipa
+            pkg/apple/buildlog/*

.github/workflows/macOS-AppStore.yml

@@ -0,0 +1,88 @@
+name: macOS App Store
+on:
+  # push:
+  workflow_dispatch:
+    inputs:
+      branch:
+        description: 'Branch to build from'
+        type: string
+        required: true
+        default: 'master'
+      upload:
+        description: 'Upload to TestFlight'
+        type: boolean
+        required: true
+        default: true
+  schedule:
+    - cron: '0 0 * * *'
+jobs:
+  build-and-deploy:
+    runs-on: macos-15
+    steps:
+      - name: Sync
+        env:
+          GITHUB_TOKEN: ${{ secrets.GH_PAT }}
+          REPOSITORY: ${{ github.repository }}
+        run: gh repo sync $REPOSITORY -b master
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Setup Deps
+        env:
+          GITHUB_TOKEN: ${{ secrets.GH_PAT }}
+        run: |
+          gh repo clone warmenhoven/retroarch-apple-deps
+          sudo mv retroarch-apple-deps /usr/local/share
+      - name: Setup Certs
+        env:
+          BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }}
+          INSTALL_CERTIFICATE_BASE64: ${{ secrets.MACOS_INSTALLER_CERTIFICATE_BASE64 }}
+          P12_PASSWORD: ${{ secrets.P12_PASSWORD }}
+          MACOS_BUILD_PROVISION_PROFILE_BASE64: ${{ secrets.MACOS_BUILD_PROVISION_PROFILE_BASE64 }}
+          KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
+        run: |
+          # create variables
+          BUILD_CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
+          INSTALL_CERTIFICATE_PATH=$RUNNER_TEMP/install_certificate.p12
+          PP_PATH=$RUNNER_TEMP/build_pp.mobileprovision
+          KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
+
+          # import certificate from secrets
+          echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $BUILD_CERTIFICATE_PATH
+          echo -n "$INSTALL_CERTIFICATE_BASE64" | base64 --decode -o $INSTALL_CERTIFICATE_PATH
+          echo -n "$MACOS_BUILD_PROVISION_PROFILE_BASE64" | base64 --decode -o $PP_PATH
+
+          # create temporary keychain
+          security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
+          security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
+          security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
+
+          # import certificate to keychain
+          security import $BUILD_CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
+          security import $INSTALL_CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
+          security set-key-partition-list -S apple-tool:,apple: -k "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
+          security list-keychain -d user -s $KEYCHAIN_PATH
+
+          # apply provisioning profile
+          mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles
+          cp $PP_PATH ~/Library/MobileDevice/Provisioning\ Profiles
+      - name: Fastlane
+        env:
+          APP_STORE_CONNECT_API_KEY_ISSUER_ID: ${{ secrets.APP_STORE_CONNECT_API_KEY_ISSUER_ID }}
+          APP_STORE_CONNECT_API_KEY_KEY: ${{ secrets.APP_STORE_CONNECT_API_KEY_KEY }}
+          APP_STORE_CONNECT_API_KEY_KEY_ID: ${{ secrets.APP_STORE_CONNECT_API_KEY_KEY_ID }}
+        run: |
+          cd pkg/apple
+          if [ -n "${{ inputs.branch }}" ] ; then BRANCH='${{ inputs.branch }}' ; else BRANCH=master ; fi
+          if [ -n "${{ inputs.upload }}" ] ; then UPLOAD='upload:${{ inputs.upload }}' ; fi
+          fastlane mac build branch:$BRANCH $UPLOAD
+      - name: Get short SHA
+        id: slug
+        run: echo "sha8=$(echo ${GITHUB_SHA} | cut -c1-8)" >> $GITHUB_OUTPUT
+      - name: Artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: RetroArch-macOS-${{ steps.slug.outputs.sha8 }}
+          overwrite: true
+          path: |
+            pkg/apple/RetroArch.pkg
+            pkg/apple/buildlog/*

.github/workflows/tvOS-AppStore.yml

@@ -0,0 +1,88 @@
+name: tvOS App Store
+on:
+  # push:
+  workflow_dispatch:
+    inputs:
+      branch:
+        description: 'Branch to build from'
+        type: string
+        required: true
+        default: 'master'
+      upload:
+        description: 'Upload to TestFlight'
+        type: boolean
+        required: true
+        default: true
+  schedule:
+    - cron: '0 0 * * *'
+jobs:
+  build-and-deploy:
+    runs-on: macos-15
+    steps:
+      - name: Sync
+        env:
+          GITHUB_TOKEN: ${{ secrets.GH_PAT }}
+          REPOSITORY: ${{ github.repository }}
+        run: gh repo sync $REPOSITORY -b master
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Setup Deps
+        env:
+          GITHUB_TOKEN: ${{ secrets.GH_PAT }}
+        run: |
+          gh repo clone warmenhoven/retroarch-apple-deps
+          sudo mv retroarch-apple-deps /usr/local/share
+      - name: Setup Certs
+        env:
+          BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }}
+          P12_PASSWORD: ${{ secrets.P12_PASSWORD }}
+          TVOS_BUILD_PROVISION_PROFILE_BASE64: ${{ secrets.TVOS_BUILD_PROVISION_PROFILE_BASE64 }}
+          TVOS_TOPSHELF_BUILD_PROVISION_PROFILE_BASE64: ${{ secrets.TVOS_TOPSHELF_BUILD_PROVISION_PROFILE_BASE64 }}
+          KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
+        run: |
+          # create variables
+          CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
+          PP_PATH=$RUNNER_TEMP/build_pp.mobileprovision
+          PP_EXT_PATH=$RUNNER_TEMP/build_pp_ext.mobileprovision
+          KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
+
+          # import certificate from secrets
+          echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH
+          echo -n "$TVOS_BUILD_PROVISION_PROFILE_BASE64" | base64 --decode -o $PP_PATH
+          echo -n "$TVOS_TOPSHELF_BUILD_PROVISION_PROFILE_BASE64" | base64 --decode -o $PP_EXT_PATH
+
+          # create temporary keychain
+          security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
+          security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
+          security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
+
+          # import certificate to keychain
+          security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
+          security set-key-partition-list -S apple-tool:,apple: -k "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
+          security list-keychain -d user -s $KEYCHAIN_PATH
+
+          # apply provisioning profile
+          mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles
+          cp $PP_PATH ~/Library/MobileDevice/Provisioning\ Profiles
+          cp $PP_EXT_PATH ~/Library/MobileDevice/Provisioning\ Profiles
+      - name: Fastlane
+        env:
+          APP_STORE_CONNECT_API_KEY_ISSUER_ID: ${{ secrets.APP_STORE_CONNECT_API_KEY_ISSUER_ID }}
+          APP_STORE_CONNECT_API_KEY_KEY: ${{ secrets.APP_STORE_CONNECT_API_KEY_KEY }}
+          APP_STORE_CONNECT_API_KEY_KEY_ID: ${{ secrets.APP_STORE_CONNECT_API_KEY_KEY_ID }}
+        run: |
+          cd pkg/apple
+          if [ -n "${{ inputs.branch }}" ] ; then BRANCH='${{ inputs.branch }}' ; else BRANCH=master ; fi
+          if [ -n "${{ inputs.upload }}" ] ; then UPLOAD='upload:${{ inputs.upload }}' ; fi
+          fastlane appletvos build branch:$BRANCH $UPLOAD
+      - name: Get short SHA
+        id: slug
+        run: echo "sha8=$(echo ${GITHUB_SHA} | cut -c1-8)" >> $GITHUB_OUTPUT
+      - name: Artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: RetroArch-tvOS-${{ steps.slug.outputs.sha8 }}
+          overwrite: true
+          path: |
+            pkg/apple/RetroArchTV.ipa
+            pkg/apple/buildlog/*