Skip to content

Commit 01460c0

Browse files
author
Di Wu
authored
ci: add write permission ssh key and read secret from AWS (#13)
1 parent a0e101b commit 01460c0

File tree

2 files changed

+18
-2
lines changed

2 files changed

+18
-2
lines changed

.circleci/config.yml

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@ version: 2.1
55
orbs:
66
macos: circleci/macos@2.3.3
77
ruby: circleci/ruby@2.0.0
8-
8+
aws-cli: circleci/aws-cli@3.1.4
99

1010
default-executor: &default-executor
1111
macos:
@@ -14,7 +14,6 @@ default-executor: &default-executor
1414
environment:
1515
FL_OUTPUT_DIR: output
1616

17-
1817
jobs:
1918
build-test-ios:
2019
<<: *default-executor
@@ -48,6 +47,10 @@ jobs:
4847
- "1d:f2:37:1e:7e:38:02:e0:76:2d:6a:a8:47:2e:85:09"
4948
- checkout
5049
- ruby/install-deps
50+
- aws-cli/setup:
51+
role-arn: $AWS_OIDC_ROLE_ARN
52+
role-session-name: "${CIRCLE_WORKFLOW_JOB_ID}.release"
53+
session-duration: '900'
5154
- run:
5255
name: Publish new version to cocoapods trunk
5356
command: bundle exec fastlane ios release
@@ -78,6 +81,8 @@ workflows:
7881
requires:
7982
- build-test-ios
8083
- build-test-macos
84+
context: amplify-swift-aws-oidc
85+
8186
- publish-doc:
8287
filters:
8388
branches:

fastlane/Fastfile

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,5 @@
1+
require 'json'
2+
13
PODSPEC_PATH = "AmplifyUtilsNotifications.podspec"
24
CHANGELOG_PATH = "CHANGELOG.md"
35

@@ -103,6 +105,15 @@ platform :ios do
103105

104106
desc "Publish new version to cocoapod trunck"
105107
private_lane :publish_to_cocoapod_trunk do
108+
# Define `COCOAPODS_TRUNK_TOKEN` env var for trunk authentication
109+
# https://github.com/CocoaPods/cocoapods-trunk/commit/9e6ec1c1faf96fa837dc2ed70b5f54006b181ed6
110+
secret = sh(
111+
command: 'aws secretsmanager get-secret-value --secret-id ${COCOAPODS_SECRET_ARN}',
112+
log: false
113+
)
114+
115+
ENV['COCOAPODS_TRUNK_TOKEN'] = JSON.parse(secret)["SecretString"]
116+
106117
pod_push(
107118
use_bundle_exec: true,
108119
allow_warnings: true,

0 commit comments

Comments
 (0)