Beginning in the present day, Swift builders who write code for Apple platforms (iOS, iPadOS, macOS, tvOS, watchOS, or visionOS) or for Swift functions operating on the server facet can use AWS CodeArtifact to securely retailer and retrieve their bundle dependencies. CodeArtifact integrates with customary developer instruments resembling Xcode, xcodebuild, and the Swift Package deal Supervisor (the swift bundle command).
Easy functions routinely embody dozens of packages. Massive enterprise functions may need lots of of dependencies. These packages assist builders velocity up the event and testing course of by offering code that solves widespread programming challenges resembling community entry, cryptographic features, or information format manipulation. Builders additionally embed SDKs–such because the AWS SDKs–to entry distant companies. These packages may be produced by different groups in your group or maintained by third-parties, resembling open-source tasks.
Managing packages and their dependencies is an integral a part of the software program growth course of. Trendy programming languages embody instruments to obtain and resolve dependencies: Maven in Java, NuGet in C#, npm or yarn in JavaScript, and pip in Python simply to say a number of. Builders for Apple platforms use CocoaPods or the Swift Package deal Supervisor (SwiftPM). Downloading and integrating packages is a routine operation for software builders. Nevertheless, it presents not less than two important challenges for organizations.
The primary problem is authorized. Organizations should make sure that licenses for third-party packages are suitable with the anticipated use of licenses to your particular challenge and that the bundle doesn’t violate another person’s mental property (IP). The second problem is safety. Organizations should make sure that the included code is secure to make use of and doesn’t embody again doorways or intentional vulnerabilities designed to introduce safety flaws in your app. Injecting vulnerabilities in in style open-source tasks is called a provide chain assault and has grow to be more and more in style in recent times.
To handle these challenges, organizations usually set up personal bundle servers on premises or within the cloud. Builders can solely use packages vetted by their group’s safety and authorized groups and made accessible by means of personal repositories. AWS CodeArtifact is a managed service that means that you can safely distribute packages to your inner groups of builders. There is no such thing as a want to put in, handle, or scale the underlying infrastructure. We deal with that for you, supplying you with extra time to work in your apps as a substitute of the software program growth infrastructure.
I’m excited to announce that CodeArtifact now helps native Swift packages, along with npm, PyPI, Maven, NuGet, and generic bundle codecs. Swift packages are a well-liked solution to bundle and distribute reusable Swift code components. To discover ways to create your personal Swift bundle, you possibly can comply with this tutorial. The group has additionally created greater than 6,000 Swift packages that you should use in your Swift functions. Now you can publish and obtain your Swift bundle dependencies out of your CodeArtifact repository within the AWS Cloud.
CodeArtifact SwiftPM works with present developer instruments resembling Xcode, VSCode, and the Swift Package deal Supervisor command line software. After your packages are saved in CodeArtifact, you possibly can reference them in your challenge’s Package deal.swift file or in your Xcode challenge, in the same approach you employ Git endpoints to entry public Swift packages. After the configuration is full, your network-jailed construct system will obtain the packages from the CodeArtifact repository, guaranteeing that solely accredited and managed packages are used throughout your software’s construct course of.
How To Get Began
As common on this weblog, I’ll present you the way it works. Think about I’m engaged on an iOS software that makes use of Amazon DynamoDB as a database. My software embeds the AWS SDK for Swift as a dependency. To adjust to my group insurance policies, the applying should use a particular model of the AWS SDK for Swift, compiled in-house and accredited by my group’s authorized and safety groups. On this demo, I present you ways I put together my surroundings, add the bundle to the repository, and use this particular bundle construct as a dependency for my challenge.
For this demo, I deal with the steps particular to Swift packages. You possibly can learn the tutorial written by my colleague Steven to get began with CodeArtifact. I take advantage of an AWS account that has a bundle repository (MySwiftRepo) and area (stormacq-test) already configured.
To let SwiftPM acess my CodeArtifact repository, I begin by accumulating an authentication token from CodeArtifact.
“`bash
export CODEARTIFACT_AUTH_TOKEN=`aws codeartifact get-authorization-token
–domain stormacq-test
–domain-owner 012345678912
–query authorizationToken
–output textual content`
“`
Notice that the authentication token expires after 12 hours. I need to repeat this command after 12 hours to acquire a contemporary token.
Then, I request the repository endpoint. I move the area identify and area proprietor (the AWS account ID). Discover the –format swift possibility.
“`bash
export CODEARTIFACT_REPO=`aws codeartifact get-repository-endpoint
–domain stormacq-test
–domain-owner 012345678912
–format swift
–repository MySwiftRepo
–query repositoryEndpoint
–output textual content`
“`
Now that I’ve the repository endpoint and an authentication token, I take advantage of the AWS Command Line Interface (AWS CLI) to configure SwiftPM on my machine. SwiftPM can retailer the repository configurations at person degree (within the file ~/.swiftpm/configurations) or at challenge degree (within the file
I take advantage of the AWS CLI to configure SwiftPM on my construct machine.
“`bash
aws codeartifact login
–tool swift
–domain stormacq-test
–repository MySwiftRepo
–namespace aws
–domain-owner 012345678912
“`
The command invokes swift package-registry login with the proper choices, which in flip, creates the required SwiftPM configuration recordsdata with the given repository identify (MySwiftRepo) and scope identify (aws).
Now that my construct machine is prepared, I put together my group’s accredited model of the AWS SDK for Swift bundle after which I add it to the repository.
“`bash
git clone https://github.com/awslabs/aws-sdk-swift.git
pushd aws-sdk-swift
swift bundle archive-source
mv aws-sdk-swift.zip ../aws-sdk-swift-0.24.0.zip
popd
“`
Lastly, I add this bundle model to the repository. When utilizing Swift 5.9 or more moderen, I can add my bundle to my personal repository utilizing the SwiftPM command:
“`bash
swift package-registry publish
aws.aws-sdk-swift
0.24.0
–verbose
“`
The variations of Swift earlier than 5.9 don’t present a swift package-registry publish command. So, I take advantage of the curl command as a substitute.
“`bash
curl -X PUT –user “aws:$CODEARTIFACT_AUTH_TOKEN”
-H “Settle for: software/vnd.swift.registry.v1+json”
-F source-archive=”@aws-sdk-swift-0.24.0.zip”
“${CODEARTIFACT_REPO}aws/aws-sdk-swift/0.24.0”
“`
Discover the format of the bundle identify after the URI of the repository:
I can use the CLI or the console to confirm that the bundle is on the market within the repository.
“`bash
aws codeartifact list-package-versions
–domain stormacq-test
–repository MySwiftRepo
–format swift
–namespace aws
–package aws-sdk-swift
“`
Now that the bundle is on the market, I can use it in my tasks as common. Xcode makes use of SwiftPM instruments and configuration recordsdata I simply created. So as to add a bundle to my Xcode challenge, I choose the challenge identify on the left pane, after which I choose the Package deal Dependencies tab. I can see the packages which are already a part of my challenge. So as to add a non-public bundle, I select the + signal underneath Packages. On the highest proper search area, I enter aws.aws-sdk-swift (that is
Alternatively, for my server-side or command-line functions, I add the dependency within the Package deal.swift file. I additionally use the format (
“`swift
dependencies: [
.package(id: “aws.aws-sdk-swift”, from: “0.24.0”)
],
“`
Once I kind swift bundle replace, SwiftPM downloads the bundle from the CodeArtifact repository.
Issues to Know
There are some issues to bear in mind earlier than importing your first Swift packages. Make sure to replace to the newest model of the CLI earlier than making an attempt any command proven within the previous directions. It’s a must to use Swift model 5.8 or newer to make use of CodeArtifact with the swift bundle command. On macOS, the Swift toolchain comes with Xcode. Swift 5.8 is on the market on macOS 13 (Ventura) and Xcode 14. On Linux and Home windows, you possibly can obtain the Swift…
Source link
