Update to the Latest Version of the @StanfordBDHG CI

.github/workflows/xcodebuild-or-fastlane.yml

@@ -1,7 +1,7 @@
 #
 # This source file is part of the Stanford Spezi open-source project
 # It is a copy of the xcodebuild-or-fastlane.yml GitHub Action workflow as copied from the Stanford Biodesign Digital Health organization.
-# 
+#
 # SPDX-FileCopyrightText: 2022 Stanford University and the project authors (see CONTRIBUTORS.md)
 #
 # SPDX-License-Identifier: MIT
@@ -82,6 +82,10 @@ on:
         required: false
         type: boolean
         default: false
+      checkout_submodules:
+        description: "Flag indicating if submodules should be automatically checked out."
+        required: false
+        type: boolean
     secrets:
       BUILD_CERTIFICATE_BASE64:
         description: 'The Base64 version of the Apple signing certificate to build your iOS application.'
@@ -90,7 +94,10 @@ on:
         description: 'The password for the Apple signing certificate.'
         required: false
       BUILD_PROVISION_PROFILE_BASE64:
-        description: 'The Base64 version of the Apple provisioning profile to build your iOS application.'
+        description: 'The Base64 version of the Apple provisioning profile to build your main application (e.g. iOS app).'
+        required: false
+      BUILD_SECONDARY_PROVISION_PROFILE_BASE64:
+        description: 'The Base64 version of the Apple provisioning profile to build your an accompanying application (e.g. watchOS app).'
         required: false
       KEYCHAIN_PASSWORD:
         description: 'A password for the keychain that will be created on the runner instance.'
@@ -107,6 +114,9 @@ on:
       APPLE_ID:
         description: 'The Apple ID you use to access the App Store Connect API.'
         required: false
+      checkout_token:
+        description: "The Personal access token (PAT) to use with the checkout action"
+        required: false
 
 jobs:
   build_and_test:
@@ -116,7 +126,12 @@ jobs:
       run:
         working-directory: ${{ inputs.path }}
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
+      with:
+        # This is GitHubs way of implementing ternary expressions (see https://docs.github.com/en/actions/learn-github-actions/expressions)
+        token: ${{ secrets.checkout_token != '' && secrets.checkout_token || github.token }}
+        submodules: ${{ inputs.checkout_submodules }}
+
     - uses: maxim-lobanov/setup-xcode@v1
       with:
         xcode-version: ${{ inputs.xcodeversion }}
@@ -160,29 +175,39 @@ jobs:
         BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }}
         P12_PASSWORD: ${{ secrets.P12_PASSWORD }}
         BUILD_PROVISION_PROFILE_BASE64: ${{ secrets.BUILD_PROVISION_PROFILE_BASE64 }}
+        BUILD_SECONDARY_PROVISION_PROFILE_BASE64: ${{ secrets.BUILD_SECONDARY_PROVISION_PROFILE_BASE64 }}
         KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
       run: |
-        # create variables
+        # Create Variables
         CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
         PP_PATH=$RUNNER_TEMP/build_pp.mobileprovision
         KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
 
-        # import certificate and provisioning profile from secrets
+        # Import Certificate and Provisioning Profile from Secrets
         echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH
         echo -n "$BUILD_PROVISION_PROFILE_BASE64" | base64 --decode -o $PP_PATH
 
-        # create temporary keychain
+        # Create a Temporary Keychain
         security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
         security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
         security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
 
-        # import certificate to keychain
+        # Import Certificate to the Keychain
         security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
         security list-keychain -d user -s $KEYCHAIN_PATH
 
-        # apply provisioning profile
+        # Apply Provisioning Profile
         mkdir -p ~/Library/MobileDevice/Provisioning\ Profiles
-        cp $PP_PATH ~/Library/MobileDevice/Provisioning\ Profiles
+        UUID=`grep UUID -A1 -a $PP_PATH | grep -io "[-A-F0-9]\{36\}"`
+        cp $PP_PATH ~/Library/MobileDevice/Provisioning\ Profiles/$UUID.mobileprovision
+
+        # Secondary Provisioning Profile
+        if [ -n "$BUILD_SECONDARY_PROVISION_PROFILE_BASE64" ]; then
+          PP_SECONDARY_PATH=$RUNNER_TEMP/build_pp_secondary.mobileprovision
+          echo -n "$BUILD_SECONDARY_PROVISION_PROFILE_BASE64" | base64 --decode -o $PP_SECONDARY_PATH
+          SECONDARY_UUID=`grep UUID -A1 -a $PP_SECONDARY_PATH | grep -io "[-A-F0-9]\{36\}"`
+          cp $PP_SECONDARY_PATH ~/Library/MobileDevice/Provisioning\ Profiles/$SECONDARY_UUID.mobileprovision
+        fi
     - name: Initialize CodeQL
       if: ${{ !env.selfhosted && inputs.codeql }}
       uses: github/codeql-action/init@v2