Private SPM Pakages authentication in Xcode CI environment

tushar1998 commented 2 weeks ago

Is it reproducible with SwiftPM command-line tools: `swift build`, `swift test`, `swift package` etc?

[X] Confirmed reproduction steps with SwiftPM CLI.

Description

AWS CodeArtifacts support swift packages. The organization decided to host small in house SDKs on to CodeArtifacts and consume it in our mobile apps, here the development process was smooth I was able to authenticate and use my private package from artifacts registry successfully but on CI environment I am having hiccups

First of all running the below command to set authentication with code artifact registry

aws codeartifact login --tool swift --domain <domain> --domain-owner <domain-owner> --repository my-repo --namespace namespace --region us-west-2 --profile default

This create a keychain access item with name <domain>-<domain-owner>.d.codeartifact.us-west-2.amazonaws.com and a configuration file at ~/.swiftpm/configuration/registries.json

Xcode successfull resolves packages with below command and in between asks for a prompt for access keychain I enter the password and it starts fetching the package

xcodebuild -resolvePackageDependencies

My problem here is how to replicate this process in CI environment?? I have tried .netrc solution but it is not picking or even reading the netrc file

Is creating a temporary keychain on CI the right way or there is some other solution ? Is this current problem related to Xcode or swift??

FYI

Using Bitrise as CI and Xcode 15.2 with edge updates

Expected behavior

xcodebuild should resolve pacakge dependencies using the ~/.netrc file if present

Actual behavior

xcodebuild does not resolve pacakge dependencies using the ~/.netrc file and CI gets stuck for user input according to me

Steps to reproduce

No response

Swift Package Manager version/commit hash

5.9

Swift & OS version (output of `swift --version ; uname -a`)

swift-driver version: 1.87.3 Apple Swift version 5.9.2 (swiftlang-5.9.2.2.56 clang-1500.1.0.2.5) Target: arm64-apple-macosx14.0 Darwin Tushars-MacBook-Pro.local 23.5.0 Darwin Kernel Version 23.5.0: Wed May 1 20:12:58 PDT 2024; root:xnu-10063.121.3~5/RELEASE_ARM64_T6000 arm64

MaxDesiatov commented 2 weeks ago

This repository is used exclusively for the open source SwiftPM project. xcodebuild is a part of Xcode and is a closed source project, bug reports for which are tracked in https://feedbackassistant.apple.com, not here.

Please mark the SwiftPM CLI reproduction steps checkbox only if issue description includes such steps, which does not seem to be the case here.

tushar1998 commented 2 weeks ago

Hey @MaxDesiatov as you work in apple this might have occured somewhere or the other. I just want to know how private swift packages get authenticated in CI pipelines for an .xcodeproj ??

Tried Solutions

The keychain access does not work properly and ask for password prompts everytime
netrc file is not read by xcodebuild

MaxDesiatov commented 1 week ago

@tushar1998 is the issue reproducible for you when using swift build instead of xcodebuild?

tushar1998 commented 1 week ago

I was almost gave up accessing key chains on CI environment, I saw AWS docs once again saw each and every page and steps and found the solution here.

The thing I was doing wrong was not giving access to xcodebuild which resides in Xcode application.

Hope this issue can help other people and not waste time @MaxDesiatov you can close this issue

I have not found issue with swift build

swiftlang / swift-package-manager