ci: add temp workflows for ephemeral build branch and nightly refactor

[tommasini]

Description

Adds temporary (non-destructive) versions of the TestFlight upload and nightly build workflows to test the ephemeral build branch pattern without modifying the production workflows.

New files:

• create-build-branch.yml — Reusable workflow that creates an ephemeral build/<source>-<timestamp> branch from a source ref, avoiding version-bump pushes to protected branches like main
• upload-to-testflight-temp.yml — Copy of upload-to-testflight.yml with: workflow_call support, ephemeral branch via create-build-branch.yml, build number in the summary
• nightly-build-temp.yml — Copy of nightly-build.yml refactored to: run on cron schedule instead of push-triggered, call upload-to-testflight-temp.yml for iOS exp/rc, use create-build-branch.yml + build.yml for Android exp/rc

Also updated:

• CODEOWNERS — Added explicit @MetaMask/mobile-platform ownership for create-build-branch.yml

The originals (upload-to-testflight.yml, nightly-build.yml) are unchanged.

Changelog

CHANGELOG entry: null

Related issues

Fixes:

Manual testing steps

N/A — CI workflow changes only. Verify by triggering upload-to-testflight-temp or nightly-build-temp via workflow_dispatch and confirming the ephemeral branch is created, build succeeds, and branch is cleaned up.

Screenshots/Recordings

Before

N/A

After

N/A

Pre-merge author checklist

• I've followed MetaMask Contributor Docs and MetaMask Mobile Coding Standards.
• I've completed the PR template to the best of my ability
• I've included tests if applicable
• I've documented my code using JSDoc format if applicable
• I've applied the right labels on the PR (see labeling guidelines). Not required for external contributors.

Pre-merge reviewer checklist

• I've manually tested the PR (e.g. pull and build branch, run the app, test code being changed).
• I confirm that this PR addresses all acceptance criteria described in the ticket it closes and includes the necessary testing evidence such as recordings and or screenshots.

Made with Cursor

---

Note

Medium Risk
Adds new scheduled and reusable GitHub Actions workflows that create/push/delete ephemeral branches and fetch Apple credentials from AWS; misconfiguration could affect CI runs or repo branches, but production workflows are unchanged.

Overview
Introduces a reusable create-build-branch.yml workflow that creates and pushes an ephemeral build/<source>-<timestamp> branch for version-bump commits, avoiding direct pushes to protected refs.

Adds temporary workflows to exercise this pattern: upload-to-testflight-temp.yml builds iOS from the ephemeral branch, uploads the IPA to TestFlight using Apple API keys fetched via AWS OIDC/Secrets Manager, and then deletes the build branch; nightly-build-temp.yml runs on a daily cron to trigger iOS (exp then rc) and Android (exp then rc) builds using ephemeral branches and performs Android branch cleanup.

Updates CODEOWNERS to assign @MetaMask/mobile-platform ownership for create-build-branch.yml.

^{Written by Cursor Bugbot for commit b98371a. This will update automatically on new commits. Configure here.}

[github-actions]

CLA Signature Action: All authors have signed the CLA. You may need to manually re-run the blocking PR check if it doesn't pass in a few minutes.

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.}

[github-actions]

✅ E2E Fixture Validation — Schema is up to date
17 value mismatches detected (expected — fixture represents an existing user).
View details

[github-actions]

🔍 Smart E2E Test Selection

• Selected E2E tags: None (no tests recommended)
• Selected Performance tags: None (no tests recommended)
• Risk Level: low
• AI Confidence: 98%

click to see 🤖 AI reasoning details

E2E Test Selection:
All 4 changed files are purely CI/CD infrastructure with zero impact on application code or E2E test execution:

1. create-build-branch.yml (new): A reusable GitHub Actions workflow that creates ephemeral build branches to avoid pushing version-bump commits to protected branches. No app code touched.

2. nightly-build-temp.yml (new): A scheduled nightly build orchestration workflow for iOS/Android (exp/rc environments). Replaces the old persistent chore/temp-nightly branch approach. No app code touched.

3. upload-to-testflight-temp.yml (new): A reusable workflow for iOS build + TestFlight upload with AWS Secrets Manager integration. No app code touched.

4. CODEOWNERS (modified): Adds one ownership line for the new create-build-branch.yml workflow. Pure metadata.

None of these changes affect:

• Application source code (no app/ changes)
• E2E test infrastructure (no tests/, wdio/, .detoxrc.js changes)
• App build configuration (no package.json, metro.config.js, babel.config.js changes)
• Any user-facing functionality or flows

These are build/deployment pipeline improvements that have no bearing on what the app does or how Detox E2E tests execute. No E2E test tags are warranted.

Performance Test Selection:
No application code, UI components, state management, or performance-sensitive paths were modified. All changes are CI/CD workflow files and CODEOWNERS metadata. No performance tests are warranted.

View GitHub Actions results

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud