chore: switch to an XcodeGen project file (#32)

Author: ThomasK33

.github/actions/nix-devshell/action.yaml

@@ -0,0 +1,13 @@
+name: "Setup Nix devshell"
+description: "This action sets up a nix devshell environment"
+runs:
+  using: "composite"
+  steps:
+    - name: Setup Nix
+      uses: DeterminateSystems/nix-installer-action@e50d5f73bfe71c2dd0aa4218de8f4afa59f8f81d # v16
+
+    - name: Setup GHA Nix cache
+      uses: DeterminateSystems/magic-nix-cache-action@6221693898146dc97e38ad0e013488a16477a4c4 # v9
+
+    - name: Enter devshell
+      uses: nicknovitski/nix-develop@9be7cfb4b10451d3390a75dc18ad0465bed4932a # v1.2.1

.github/workflows/ci.yml

@@ -10,7 +10,6 @@ on:
     paths-ignore:
       - "README.md"
 
-
 permissions:
   contents: read
 
@@ -19,36 +18,69 @@ jobs:
     name: test
     runs-on: ${{ github.repository_owner == 'coder' && 'depot-macos-latest' || 'macos-latest'}}
     steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
+        with:
+          egress-policy: audit
+
       - name: Checkout
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           fetch-depth: 1
+
       - name: Switch XCode Version
-        uses: maxim-lobanov/setup-xcode@v1
+        uses: maxim-lobanov/setup-xcode@60606e260d2fc5762a71e64e74b2174e8ea3c8bd # v1.6.0
         with:
-          xcode-version: '16.0.0'
-      - run: |
-          make test
+          # (ThomasK33): depot.dev does not yet support Xcode 16.1 or 16.2 GA, thus we're stuck with 16.0.0 for now.
+          # I've already reached out, so hopefully this comment will soon be obsolete.
+          xcode-version: "16.0.0"
+
+      - name: Setup Nix
+        uses: ./.github/actions/nix-devshell
+
+      - run: make test
+
   format:
     name: fmt
     runs-on: ${{ github.repository_owner == 'coder' && 'depot-macos-latest' || 'macos-latest'}}
     steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
+        with:
+          egress-policy: audit
+
       - name: Checkout
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           fetch-depth: 1
-      - run: |
-          make fmt
+
+      - name: Switch XCode Version
+        uses: maxim-lobanov/setup-xcode@60606e260d2fc5762a71e64e74b2174e8ea3c8bd # v1.6.0
+        with:
+          # (ThomasK33): depot.dev does not yet support Xcode 16.1 or 16.2 GA, thus we're stuck with 16.0.0 for now.
+          # I've already reached out, so hopefully this comment will soon be obsolete.
+          xcode-version: "16.0.0"
+
+      - name: Setup Nix
+        uses: ./.github/actions/nix-devshell
+
+      - run: make fmt
+
   lint:
     name: lint
     runs-on: ${{ github.repository_owner == 'coder' && 'depot-macos-latest' || 'macos-latest'}}
     steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@cb605e52c26070c328afc4562f0b4ada7618a84e # v2.10.4
+        with:
+          egress-policy: audit
+
       - name: Checkout
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           fetch-depth: 1
-      - name: Install Swiftlint
-        run: |
-          brew install swiftlint
-      - run: |
-          make lint
+
+      - name: Setup Nix
+        uses: ./.github/actions/nix-devshell
+
+      - run: make lint