5.6 C
New York
Tuesday, December 5, 2023

New – Add Your Swift Packages to AWS CodeArtifact

Voiced by Polly

Beginning at the moment, Swift builders who write code for Apple platforms (iOS, iPadOS, macOS, tvOS, watchOS, or visionOS) or for Swift functions working on the server facet can use AWS CodeArtifact to securely retailer and retrieve their package deal dependencies. CodeArtifact integrates with customary developer instruments equivalent to Xcode, xcodebuild, and the Swift Bundle Supervisor (the swift package deal command).

Easy functions routinely embody dozens of packages. Giant enterprise functions may need lots of of dependencies. These packages assist builders pace up the event and testing course of by offering code that solves widespread programming challenges equivalent to community entry, cryptographic features, or information format manipulation. Builders additionally embed SDKs–such because the AWS SDKs–to entry distant providers. These packages is likely to be produced by different groups in your group or maintained by third-parties, equivalent to open-source tasks. Managing packages and their dependencies is an integral a part of the software program growth course of. Fashionable programming languages embody instruments to obtain and resolve dependencies: Maven in Java, NuGet in C#, npm or yarn in JavaScript, and pip in Python simply to say a number of. Builders for Apple platforms use CocoaPods or the Swift Bundle Supervisor (SwiftPM).

Downloading and integrating packages is a routine operation for utility builders. Nonetheless, it presents a minimum of two vital challenges for organizations.

The primary problem is authorized. Organizations should make sure that licenses for third-party packages are suitable with the anticipated use of licenses on your particular venture and that the package deal doesn’t violate another person’s mental property (IP). The second problem is safety. Organizations should make sure that the included code is secure to make use of and doesn’t embody again doorways or intentional vulnerabilities designed to introduce safety flaws in your app. Injecting vulnerabilities in widespread open-source tasks is called a provide chain assault and has grow to be more and more widespread lately.

To handle these challenges, organizations usually set up personal package deal servers on premises or within the cloud. Builders can solely use packages vetted by their group’s safety and authorized groups and made obtainable by personal repositories.

AWS CodeArtifact is a managed service that means that you can safely distribute packages to your inner groups of builders. There is no such thing as a want to put in, handle, or scale the underlying infrastructure. We handle that for you, supplying you with extra time to work in your apps as an alternative of the software program growth infrastructure.

I’m excited to announce that CodeArtifact now helps native Swift packages, along with npm, PyPI, Maven, NuGet, and generic package deal codecs. Swift packages are a well-liked solution to package deal and distribute reusable Swift code components. To discover ways to create your personal Swift package deal, you’ll be able to comply with this tutorial. The neighborhood has additionally created greater than 6,000 Swift packages that you should use in your Swift functions.

Now you can publish and obtain your Swift package deal dependencies out of your CodeArtifact repository within the AWS Cloud. CodeArtifact SwiftPM works with current developer instruments equivalent to Xcode, VSCode, and the Swift Bundle Supervisor command line device. After your packages are saved in CodeArtifact, you’ll be able to reference them in your venture’s Bundle.swift file or in your Xcode venture, in the same manner you employ Git endpoints to entry public Swift packages.

After the configuration is full, your network-jailed construct system will obtain the packages from the CodeArtifact repository, making certain that solely authorised and managed packages are used throughout your utility’s construct course of.

How To Get Began
As regular on this weblog, I’ll present you the way it works. Think about I’m engaged on an iOS utility that makes use of Amazon DynamoDB as a database. My utility embeds the AWS SDK for Swift as a dependency. To adjust to my group insurance policies, the appliance should use a selected model of the AWS SDK for Swift, compiled in-house and authorised by my group’s authorized and safety groups. On this demo, I present you the way I put together my surroundings, add the package deal to the repository, and use this particular package deal construct as a dependency for my venture.

For this demo, I concentrate on the steps particular to Swift packages. You may learn the tutorial written by my colleague Steven to get began with CodeArtifact.

I exploit an AWS account that has a package deal repository (MySwiftRepo) and area (stormacq-test) already configured.

CodeArtifact repository

To let SwiftPM acess my CodeArtifact repository, I begin by accumulating an authentication token from CodeArtifact.

export CODEARTIFACT_AUTH_TOKEN=`aws codeartifact get-authorization-token 
                                     --domain stormacq-test              
                                     --domain-owner 012345678912         
                                     --query authorizationToken          
                                     --output textual content`

Observe that the authentication token expires after 12 hours. I have to repeat this command after 12 hours to acquire a recent token.

Then, I request the repository endpoint. I go the area title and area proprietor (the AWS account ID). Discover the --format swift possibility.

export CODEARTIFACT_REPO=`aws codeartifact get-repository-endpoint  
                               --domain stormacq-test               
                               --domain-owner 012345678912          
                               --format swift                       
                               --repository MySwiftRepo             
                               --query repositoryEndpoint           
                               --output textual content`

Now that I’ve the repository endpoint and an authentication token, I exploit the AWS Command Line Interface (AWS CLI) to configure SwiftPM on my machine.

SwiftPM can retailer the repository configurations at person stage (within the file ~/.swiftpm/configurations) or at venture stage (within the file <your venture>/.swiftpm/configurations). By default, the CodeArtifact login command creates a project-level configuration to help you use completely different CodeArtifact repositories for various tasks.

I exploit the AWS CLI to configure SwiftPM on my construct machine.

aws codeartifact login          
    --tool swift                
    --domain stormacq-test      
    --repository MySwiftRepo    
    --namespace aws             
    --domain-owner 012345678912

The command invokes swift package-registry login with the right choices, which in flip, creates the required SwiftPM configuration information with the given repository title (MySwiftRepo) and scope title (aws).

Now that my construct machine is prepared, I put together my group’s authorised model of the AWS SDK for Swift package deal after which I add it to the repository.

git clone https://github.com/awslabs/aws-sdk-swift.git
pushd aws-sdk-swift
swift package deal archive-source
mv aws-sdk-swift.zip ../aws-sdk-swift-0.24.0.zip

Lastly, I add this package deal model to the repository.

When utilizing Swift 5.9 or more moderen, I can add my package deal to my personal repository utilizing the SwiftPM command:

swift package-registry publish           

The variations of Swift earlier than 5.9 don’t present a swift package-registry publish command. So, I exploit the curl command as an alternative.

curl  -X PUT 
      --user "aws:$CODEARTIFACT_AUTH_TOKEN"               
      -H "Settle for: utility/vnd.swift.registry.v1+json" 
      -F source-archive="@aws-sdk-swift-0.24.0.zip"       

Discover the format of the package deal title after the URI of the repository: <scope>/<package deal title>/<package deal model>. The package deal model should comply with the semantic versioning scheme.

I can use the CLI or the console to confirm that the package deal is obtainable within the repository.

CodeArtifact List Packages

aws codeartifact list-package-versions      
                  --domain stormacq-test    
                  --repository MySwiftRepo  
                  --format swift            
                  --namespace aws           
                  --package aws-sdk-swift
    "variations": [
            "version": "0.24.0",
            "revision": "6XB5O65J8J3jkTDZd8RMLyqz7XbxIg9IXpTudP7THbU=",
            "status": "Published",
            "origin": {
                "domainEntryPoint": {
                    "repositoryName": "MySwiftRepo"
                "originType": "INTERNAL"
    "defaultDisplayVersion": "0.24.0",
    "format": "swift",
    "package deal": "aws-sdk-swift",
    "namespace": "aws"

Now that the package deal is obtainable, I can use it in my tasks as regular.

Xcode makes use of SwiftPM instruments and configuration information I simply created. So as to add a package deal to my Xcode venture, I choose the venture title on the left pane, after which I choose the Bundle Dependencies tab. I can see the packages which can be already a part of my venture. So as to add a personal package deal, I select the + signal below Packages.

Xcode add a package as dependency to a project

On the highest proper search area, I enter aws.aws-sdk-swift (that is <scope title>.<package deal title>). After a second or two, the package deal title seems on the checklist. On the highest proper facet, you’ll be able to confirm the supply repository (subsequent to the Registry label). Earlier than choosing the Add Bundle button, choose the model of the package deal, similar to you do for publicly obtainable packages.

Add a private package from Codeartifact on Xcode

Alternatively, for my server-side or command-line functions, I add the dependency within the Bundle.swift file. I additionally use the format (<scope>.<package deal title>) as the primary parameter of .package deal(id:from:)perform.

    dependencies: [
        .package(id: "aws.aws-sdk-swift", from: "0.24.0")

After I sort swift package deal replace, SwiftPM downloads the package deal from the CodeArtifact repository.

Issues to Know
There are some issues to bear in mind earlier than importing your first Swift packages.

  • Make sure to replace to the most recent model of the CLI earlier than attempting any command proven within the previous directions.
  • It’s a must to use Swift model 5.8 or newer to make use of CodeArtifact with the swift package deal command. On macOS, the Swift toolchain comes with Xcode. Swift 5.8 is obtainable on macOS 13 (Ventura) and Xcode 14. On Linux and Home windows, you’ll be able to obtain the Swift toolchain from swift.org.
  • It’s a must to use Xcode 15 on your iOS, iPadOS, tvOS, or watchOS functions. I examined this with Xcode 15 beta8.
  • The swift package-registry publish command is obtainable with Swift 5.9 or newer. If you use Swift 5.8, you should use curlto add your package deal, as I confirmed within the demo (or use any HTTP consumer of your alternative).
  • Swift packages have the idea of scope. A scope gives a namespace for associated packages inside a package deal repository. Scopes are mapped to CodeArtifact namespaces.
  • The authentication token expires after 12 hours. We propose writing a script to automate its renewal or utilizing a scheduled AWS Lambda perform and securely storing the token in AWS Secrets and techniques Supervisor (for instance).

If Xcode cannot discover your personal package deal, double-check the registry configuration in ~/.swiftpm/configurations/registries.json. Specifically, test if the scope title is current. Additionally confirm that the authentication token is current within the keychain. The title of the entry is the URL of your repository. You may confirm the entries within the keychain with the /Utility/Utilities/Keychain Entry.app utility or utilizing the safety command line device.

safety find-internet-password                                                  
          -s "stormacq-test-012345678912.d.codeartifact.us-west-2.amazonaws.com" 

Right here is the SwiftPM configuration on my machine.

cat ~/.swiftpm/configuration/registries.json

  "authentication" : {
    "stormacq-test-012345678912.d.codeartifact.us-west-2.amazonaws.com" : {
      "loginAPIPath" : "/swift/MySwiftRepo/login",
      "sort" : "token"
  "registries" : {
    "aws" : { // <-- that is the scope title!
      "url" : "https://stormacq-test-012345678912.d.codeartifact.us-west-2.amazonaws.com/swift/MySwiftRepo/"
  "model" : 1

Keychain item for codeartifact authentication token

Pricing and Availability
CodeArtifact prices for Swift packages are the identical as for the opposite package deal codecs already supported. CodeArtifact billing is determined by three metrics: the storage (measured in GB per 30 days), the variety of requests, and the info switch out to the web or to different AWS Areas. Knowledge switch to AWS providers in the identical Area isn’t charged, which means you’ll be able to run your CICD jobs on Amazon EC2 Mac situations, for instance, with out incurring a cost for the CodeArtifact information switch. As regular, the pricing web page has the small print.

CodeArtifact for Swift packages is obtainable in all 13 Areas the place CodeArtifact is obtainable.

Now go construct your Swift functions and add your personal packages to CodeArtifact!

— seb

PS : Have you learnt you’ll be able to write Lambda features within the Swift programming language? Examine the short begin information or comply with this 35-minute tutorial.

Related Articles


Please enter your comment!
Please enter your name here

Latest Articles