Add a script to install Apple certificate for CI iOS jobs

[huydhn]

This PR adds a script .ci/scripts/setup-ios.sh to to install Apple certificate for CI iOS jobs, which is then used to build and sign ExecuTorchDemo app and its test suite.

The following secrets have been setup in the repo:

• BUILD_CERTIFICATE_BASE64, the p12 build certificate.
• EXECUTORCH_DEMO_BUILD_PROVISION_PROFILE_BASE64, ExecuTorchDemo provisioning profile
• LLAMA_BUILD_PROVISION_PROFILE_BASE64, iLLaMA provisioning profile
• KEYCHAIN_PASSWORD, a random password for the temporary keychain on the runner

After this change, I can follow up with CI jobs to:

• Test ExecuTorchDemo on AWS Device Farm as an example on how it is setup
• Build and sign LLaMA demo app

[pytorch-bot]

🔗 Helpful Links

🧪 See artifacts and rendered test results at hud.pytorch.org/pr/pytorch/executorch/4703

• 📄 Preview Python docs built from this PR

Note: Links to docs will display an error until the docs builds have been completed.

✅ No Failures

As of commit 789ae9d with merge base f492d96 ():
💚 Looks good so far! There are no failures yet. 💚

This comment was automatically generated by Dr. CI and updates every 15 minutes.

[huydhn]

All the changes here in xcodeproj are to make the ExecuTorchDemo app host the test suite MobileNetClassifierTest so that the suite can be run on actual AWS devices (coming up next in a separate PR)

[guangy10]

What do you mean by making the ExecuTorchDemo app host the test suite MobileNetClassifierTest? Are they built and uploaded as separate artifacts in test_ios_ci.sh?

[huydhn]

So, unlike running the test suite in a simulator, running it on actual iOS devices requires a hosting app. So I have 2 choices:

1. Either create a new empty app to host MobileNetClassifierTest
2. or just reuse the ExecuTorchDemo app (as show in my xcode screenshot). This kind of makes more sense to me because we will also be able to test if the app can be run at all on iOS. So, two birds one stone.

@shoumikhin what would be your preferred choice here from the expert?

[huydhn]

Btw, the change I'm highlighting in the screenshot is responsible for those magic numbers that you notice (auto-generated by xcode)

[guangy10]

For this PR to demonstrate using the certs in the workflow I think option 2 makes sense. I'm chatting with @shoumikhin regarding a generic app for benchmarking we will create a new app from scratch with no UI but just tests. @huydhn @shoumikhin once we have that app, can we reuse the provisioning profile and secret directly, or need to re-gen for the new app?

[huydhn]

From what I see, if we can keep the bundle id org.pytorch.executorch.demo.test, then we can reuse the provisioning profile. Otherwise, we need a new one and store it under a different secret.

[facebook-github-bot]

@huydhn has imported this pull request. If you are a Meta employee, you can view this diff on Phabricator.

[facebook-github-bot]

@huydhn has imported this pull request. If you are a Meta employee, you can view this diff on Phabricator.

[facebook-github-bot]

@huydhn has imported this pull request. If you are a Meta employee, you can view this diff on Phabricator.

[guangy10]

How is the $RUNNER_TEMP set?

[huydhn]

That's one of the default env variables set by GitHub, usually it's a sub-directory inside runner installation dir https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/store-information-in-variables#default-environment-variables

[guangy10]

What are these magic numbers?

[guangy10]

@huydhn Thanks for adding the certificates for iOS to the CI.

The demo setup we are using in this PR is for MV2. My only question (for @shoumikhin) is how can we swap with different models? I think we would want to have a generic loader app same as what @kirklandsign is doing for Android.