ci: read CocoaPods trunk token from AWS secret (#126)

2023-05-24 17:16:50 -07:00 · 2023-05-24 17:16:50 -07:00 · e503486622
parent b036e83716
commit e503486622
2 changed files with 17 additions and 0 deletions
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@ -1,6 +1,8 @@
 # .circleci/config.yml

 version: 2.1
+orbs:
+  aws-cli: circleci/aws-cli@3.1.4

 defaults: &defaults
  macos:
@ -124,6 +126,10 @@ jobs:
    steps: 
      - *restore_repo
      - restore_gems
+      - aws-cli/setup:
+          role-arn: $AWS_OIDC_ROLE_ARN
+          role-session-name: "${CIRCLE_WORKFLOW_JOB_ID}.deploy"
+          session-duration: '900'
      - check_bundle
      - run:
          name: Release pods
@ -139,6 +145,7 @@ workflows:
          requires:
            - install_gems
      - deploy:
+          context: amplify-swift-aws-oidc
          filters:
            branches:
              only:
--- a/fastlane/Fastfile
+++ b/fastlane/Fastfile
@ -13,6 +13,8 @@
 # Uncomment the line if you want fastlane to automatically update itself
 # update_fastlane

+require 'json'
+
 opt_out_usage

 default_platform(:ios)
@ -31,6 +33,14 @@ platform :ios do

  desc "Release pods"
  lane :release_pods do
+    # Define `COCOAPODS_TRUNK_TOKEN` env var for trunk authentication
+    # https://github.com/CocoaPods/cocoapods-trunk/commit/9e6ec1c1faf96fa837dc2ed70b5f54006b181ed6
+    secret = sh(
+        command: 'aws secretsmanager get-secret-value --secret-id ${COCOAPODS_SECRET_ARN}',
+        log: false
+    )
+
+    ENV['COCOAPODS_TRUNK_TOKEN'] = JSON.parse(secret)["SecretString"]

    pods.each { |pod|
      pod_push(path: pod, allow_warnings: true, swift_version: "5.1")