Beginning as we speak, Swift builders who write code for Apple platforms (iOS, iPadOS, macOS, tvOS, watchOS, or visionOS) or for Swift functions operating on the server facet can use AWS CodeArtifact to securely retailer and retrieve their package deal dependencies. CodeArtifact integrates with normal developer instruments corresponding to Xcode, xcodebuild, and the Swift Bundle Supervisor (the
swift package deal command).
Downloading and integrating packages is a routine operation for software builders. Nonetheless, it presents at the least two vital challenges for organizations.
The primary problem is authorized. Organizations should be sure that licenses for third-party packages are suitable with the anticipated use of licenses to your particular undertaking and that the package deal doesn’t violate another person’s mental property (IP). The second problem is safety. Organizations should be sure that the included code is secure to make use of and doesn’t embody again doorways or intentional vulnerabilities designed to introduce safety flaws in your app. Injecting vulnerabilities in widespread open-source tasks is named a provide chain assault and has change into more and more widespread lately.
To deal with these challenges, organizations usually set up non-public package deal servers on premises or within the cloud. Builders can solely use packages vetted by their group’s safety and authorized groups and made obtainable by means of non-public repositories.
AWS CodeArtifact is a managed service that permits you to safely distribute packages to your inner groups of builders. There isn’t a want to put in, handle, or scale the underlying infrastructure. We care for that for you, providing you with extra time to work in your apps as an alternative of the software program growth infrastructure.
I’m excited to announce that CodeArtifact now helps native Swift packages, along with npm, PyPI, Maven, NuGet, and generic package deal codecs. Swift packages are a well-liked strategy to package deal and distribute reusable Swift code components. To learn to create your personal Swift package deal, you may observe this tutorial. The group has additionally created greater than 6,00Zero Swift packages that you should utilize in your Swift functions.
Now you can publish and obtain your Swift package deal dependencies out of your CodeArtifact repository within the AWS Cloud. CodeArtifact SwiftPM works with current developer instruments corresponding to Xcode, VSCode, and the Swift Bundle Supervisor command line device. After your packages are saved in CodeArtifact, you may reference them in your undertaking’s
Bundle.swift file or in your Xcode undertaking, in the same approach you employ Git endpoints to entry public Swift packages.
After the configuration is full, your network-jailed construct system will obtain the packages from the CodeArtifact repository, making certain that solely accepted and managed packages are used throughout your software’s construct course of.
How To Get Began
As standard on this weblog, I’ll present you the way it works. Think about I’m engaged on an iOS software that makes use of Amazon DynamoDB as a database. My software embeds the AWS SDK for Swift as a dependency. To adjust to my group insurance policies, the applying should use a selected model of the AWS SDK for Swift, compiled in-house and accepted by my group’s authorized and safety groups. On this demo, I present you ways I put together my setting, add the package deal to the repository, and use this particular package deal construct as a dependency for my undertaking.
For this demo, I concentrate on the steps particular to Swift packages. You possibly can learn the tutorial written by my colleague Steven to get began with CodeArtifact.
I exploit an AWS account that has a package deal repository (
MySwiftRepo) and area (
stormacq-test) already configured.
To let SwiftPM acess my CodeArtifact repository, I begin by amassing an authentication token from CodeArtifact.
export CODEARTIFACT_AUTH_TOKEN=`aws codeartifact get-authorization-token --domain stormacq-test --domain-owner 012345678912 --query authorizationToken --output textual content`
Observe that the authentication token expires after 12 hours. I have to repeat this command after 12 hours to acquire a contemporary token.
Then, I request the repository endpoint. I go the
area identify and
area proprietor (the AWS account ID). Discover the
--format swift choice.
export CODEARTIFACT_REPO=`aws codeartifact get-repository-endpoint --domain stormacq-test --domain-owner 012345678912 --format swift --repository MySwiftRepo --query repositoryEndpoint --output textual content`
Now that I’ve the repository endpoint and an authentication token, I exploit the AWS Command Line Interface (AWS CLI) to configure SwiftPM on my machine.
SwiftPM can retailer the repository configurations at consumer stage (within the file
~/.swiftpm/configurations) or at undertaking stage (within the file
<your undertaking>/.swiftpm/configurations). By default, the CodeArtifact login command creates a project-level configuration to permit you to use totally different CodeArtifact repositories for various tasks.
I exploit the AWS CLI to configure SwiftPM on my construct machine.
aws codeartifact login --tool swift --domain stormacq-test --repository MySwiftRepo --namespace aws --domain-owner 012345678912
The command invokes
swift package-registry login with the right choices, which in flip, creates the required SwiftPM configuration information with the given repository identify (
MySwiftRepo) and scope identify (
Now that my construct machine is prepared, I put together my group’s accepted model of the AWS SDK for Swift package deal after which I add it to the repository.
git clone https://github.com/awslabs/aws-sdk-swift.git pushd aws-sdk-swift swift package deal archive-source mv aws-sdk-swift.zip ../aws-sdk-swift-Zero.24.Zero.zip popd
Lastly, I add this package deal model to the repository.
When utilizing Swift 5.9 or more moderen, I can add my package deal to my non-public repository utilizing the SwiftPM command:
swift package-registry publish aws.aws-sdk-swift Zero.24.Zero --verbose
The variations of Swift earlier than 5.9 don’t present a
swift package-registry publish command. So, I exploit the
curl command as an alternative.
curl -X PUT --user "aws:$CODEARTIFACT_AUTH_TOKEN" -H "Settle for: software/vnd.swift.registry.v1+json" -F source-archive="@aws-sdk-swift-Zero.24.Zero.zip" "$aws/aws-sdk-swift/Zero.24.Zero"
Discover the format of the package deal identify after the URI of the repository:
<scope>/<package deal identify>/<package deal model>. The package deal model should observe the semantic versioning scheme.
I can use the CLI or the console to confirm that the package deal is out there within the repository.
aws codeartifact list-package-versions --domain stormacq-test --repository MySwiftRepo --format swift --namespace aws --package aws-sdk-swift
Now that the package deal is out there, I can use it in my tasks as standard.
Xcode makes use of SwiftPM instruments and configuration information I simply created. So as to add a package deal to my Xcode undertaking, I choose the undertaking identify on the left pane, after which I choose the Bundle Dependencies tab. I can see the packages which are already a part of my undertaking. So as to add a non-public package deal, I select the + signal underneath Packages.
On the highest proper search subject, I enter
aws.aws-sdk-swift (that is
<scope identify>.<package deal identify>). After a second or two, the package deal identify seems on the listing. On the highest proper facet, you may confirm the supply repository (subsequent to the Registry label). Earlier than deciding on the Add Bundle button, choose the model of the package deal, identical to you do for publicly obtainable packages.
Alternatively, for my server-side or command-line functions, I add the dependency within the
Bundle.swift file. I additionally use the format (
<scope>.<package deal identify>) as the primary parameter of
dependencies: [ .package(id: "aws.aws-sdk-swift", from: "0.24.0") ],
After I sort
swift package deal replace, SwiftPM downloads the package deal from the CodeArtifact repository.
Issues to Know
There are some issues to bear in mind earlier than importing your first Swift packages.
- Remember to replace to the most recent model of the CLI earlier than making an attempt any command proven within the previous directions.
- You need to use Swift model 5.eight or newer to make use of CodeArtifact with the
swift package dealcommand. On macOS, the Swift toolchain comes with Xcode. Swift 5.eight is out there on macOS 13 (Ventura) and Xcode 14. On Linux and Home windows, you may obtain the Swift toolchain from swift.org.
- You need to use Xcode 15 to your iOS, iPadOS, tvOS, or watchOS functions. I examined this with Xcode 15 beta8.
swift package-registry publishcommand is out there with Swift 5.9 or newer. Once you use Swift 5.eight, you should utilize
curlto add your package deal, as I confirmed within the demo (or use any HTTP shopper of your alternative).
- Swift packages have the idea of scope. A scope offers a namespace for associated packages inside a package deal repository. Scopes are mapped to CodeArtifact namespaces.
- The authentication token expires after 12 hours. We advise writing a script to automate its renewal or utilizing a scheduled AWS Lambda operate and securely storing the token in AWS Secrets and techniques Supervisor (for instance).
If Xcode can’t discover your non-public package deal, double-check the registry configuration in
~/.swiftpm/configurations/registries.json. Particularly, test if the scope identify is current. Additionally confirm that the authentication token is current within the keychain. The identify of the entry is the URL of your repository. You possibly can confirm the entries within the keychain with the
/Utility/Utilities/Keychain Entry.app software or utilizing the
safety command line device.
safety find-internet-password -s "stormacq-test-012345678912.d.codeartifact.us-west-2.amazonaws.com" -g
Right here is the SwiftPM configuration on my machine.
Pricing and Availability
CodeArtifact prices for Swift packages are the identical as for the opposite package deal codecs already supported. CodeArtifact billing is dependent upon three metrics: the storage (measured in GB per 30 days), the variety of requests, and the info switch out to the web or to different AWS Areas. Knowledge switch to AWS providers in the identical Area isn’t charged, that means you may run your CICD jobs on Amazon EC2 Mac situations, for instance, with out incurring a cost for the CodeArtifact knowledge switch. As standard, the pricing web page has the main points.
CodeArtifact for Swift packages is out there in all 13 Areas the place CodeArtifact is out there.
Now go construct your Swift functions and add your non-public packages to CodeArtifact!
PS : Are you aware you may write Lambda capabilities within the Swift programming language? Examine the short begin information or observe this 35-minute tutorial.