AWS provides a great set of tools to support both the development and the infrastructure of applications. But sadly, they don't provide pipelines for iOS. Alternatively, EC2 Mac machines can be used. However, at Ensolvers we decided to opt for a low-cost version by integrating with Github repository and Github Actions.
Basically our solution mirrors the content from the CodeCommit repo to Github, so we can make use of Github Actions. To accomplish this integration, we've created a Lambda function in AWS with Python 3.9 as runtime which is triggered by each push to a CodeCommit repository. This function uses the boto3 library to get a GitHub Personal Access Token stored in AWS Secrets Manager and the urllib3 library to send an HTTP POST request to the GitHub API to create a dispatch event in a GitHub Actions workflow - you can have a look to Create a workflow dispatch event for more details on this. In this case, the dispatch event will trigger the workflow.
With git authentication we explored different approaches. First, we tried SSH authentication but then the implementation became too complex: it required us to create an SSH key, store the private key into a secret manager along with the SSH user, then set up SSH keys in AWS/GitHub, start up an SSH agent in the workflow, etc. For the sake of simplicity, we decided to create a new GitHub user for this project and get a Personal Access Token from that user. For AWS, we’ve created a new IAM user and generated HTTPS Git credentials for AWS CodeCommit.
This way, we can access all the repositories from the user through the HTTPS protocol.
Note that the password should be URL-encoded. (That's an URL, after all.)
Now, after this consideration, the GitHub Actions workflow has two jobs:
• Pull from CodeCommit
• Build and deploy
In the following two subsections we describe the concrete actions that need to be added to the .github/workflows file to implement the pipeline
Checkout GitHub repository.
Add a new remote with the CodeCommit repository.
Pull all remotes and branches. It's important to have all branches, otherwise the next step can fail.
Pull the required branch from CodeCommit.
Push the required branch to Github repo.
Checkout GitHub repository.
Rewrite each submodule URL to use special HTTPS credentials instead of using SSH.
Init and update submodules.
Finally, build code and deploy.
In this post we've described a way in which we can integrate CodeCommit with Github Actions to automate iOS building, avoiding to do the same process in a non-containerized way via a reserved EC2 Mac-compatible machine.