Slide 1

Slide 1 text

D E V D AY

Slide 2

Slide 2 text

© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. Deployment pipelines for your iOS / tvOS apps with Amazon EC2 Mac Instances Sébastien Stormacq Principal Seveloper Advocate, AWS @sebsto

Slide 3

Slide 3 text

✅ ✅ ✅ ✅

Slide 4

Slide 4 text

No content

Slide 5

Slide 5 text

⁉ ‼ 💔

Slide 6

Slide 6 text

No content

Slide 7

Slide 7 text

CI/CD Challenges for iOS

Slide 8

Slide 8 text

Typical Solution #1 : Xcode Server

Slide 9

Slide 9 text

No content

Slide 10

Slide 10 text

No content

Slide 11

Slide 11 text

No content

Slide 12

Slide 12 text

No content

Slide 13

Slide 13 text

Typical Solution #2 : macOS Workers nodes

Slide 14

Slide 14 text

Automate the build process Have a macOS machine part of the workflow CI/CD Challenges for iOS

Slide 15

Slide 15 text

Provisioning the hardware 1

Slide 16

Slide 16 text

No content

Slide 17

Slide 17 text

Start a Mac EC2 Instance ➜ ~ aws --region $REGION ec2 allocate-hosts \ --instance-type mac1.metal \ --availability-zone us-east-2b \ --quantity 1 { "HostIds": [ "h-0bab92ca090bfec3f" ] }

Slide 18

Slide 18 text

Start a Mac EC2 Instance ➜ ~ aws --region $REGION ec2 run-instances \ --instance-type mac1.metal \ --key-name your_key \ --placement HostId=h-0bab92ca090bfec3f \ --security-group-ids sg-01000000000000032 \ --image-id AWS_Or_Your_AMI_Id { "Groups": [], "Instances": [ { "AmiLaunchIndex": 0, "ImageId": "ami-019fd52485934f8bd", "InstanceId": "i-0883f109e7f9b025c", "InstanceType": "mac1.metal", "KeyName": "sst-aws", "LaunchTime": "2021-03-08T16:47:39+00:00", "Monitoring": { "State": "disabled" },

Slide 19

Slide 19 text

AWS Cloud mac1 instance Amazon EC2 👩💻

Slide 20

Slide 20 text

mac1 Pricing

Slide 21

Slide 21 text

mac1 Savings Plans

Slide 22

Slide 22 text

sudo passwd ec2-user sudo /System/Library/CoreServices/RemoteManagement/\ ARDAgent.app/Contents/Resources/kickstart \ -activate -configure -access -on \ -restart -agent -privs –all ssh -L 5900:localhost:5900 –C –N -i /path/my-key-pair.pem \ ec2-user@my-instance-public-dns-name open vnc://localhost:5900 mac1 EC2 Tips – VNC (optional) mac1 instance

Slide 23

Slide 23 text

PDISK=$(diskutil list physical external | \ head -n1 | cut -d" " -f1) APFSCONT=$(diskutil list physical external | \ grep "Apple_APFS" | tr -s " " | \ cut -d" " -f8) yes | sudo diskutil repairDisk $PDISK sudo diskutil apfs resizeContainer $APFSCONT 0 mac1 EC2 Tips - EBS mac1 instance

Slide 24

Slide 24 text

# Download and install Xcode from your private web site (or S3 bucket) curl -o xcode.xip https://your_private_web_server/apple/Xcode_12.4.xip xip --expand xcode.xip sudo mv Xcode.app /Applications # Download and install Xcode CLI (use your own S3 bucket / CloudFront distribution, the below will stop working at some point) curl -o xcode-cli.dmg https://your_private_web_server/apple/Command_Line_Tools_for_Xcode_12.4.dmg hdiutil mount ./xcode-cli.dmg sudo installer -pkg /Volumes/Command\ Line\ Developer\ Tools/Command\ Line\ Tools.pkg -target / hdiutil unmount /Volumes/Command\ Line\ Developer\ Tools/ sudo installer -pkg /Applications/Xcode.app/Contents/Resources/Packages/XcodeSystemResources.pkg -target / sudo installer -pkg /Applications/Xcode.app/Contents/Resources/Packages/CoreTypes.pkg -target / sudo installer -pkg /Applications/Xcode.app/Contents/Resources/Packages/MobileDevice.pkg -target / sudo installer -pkg /Applications/Xcode.app/Contents/Resources/Packages/MobileDeviceDevelopment.pkg -target / # it might take several minutes to display the license / to return. Try until it works sudo xcodebuild -license accept xcode-select -p mac1 EC2 Tips – CLI Install Xcode mac1 instance

Slide 25

Slide 25 text

Mac1 EC2 Tips – Create Golden AMI REGION=us-east-2 # REPLACE THE IP ADDRESS IN THE COMMAND BELOW # Use the EC2 mac1 Instance Public IP EBS_VOLUME_ID=$(aws ec2 --region $REGION describe-instances --query 'Reservations[].Instances[?PublicIpAddress==`18.191.179.58`].BlockDeviceMappings[][] .Ebs.VolumeId' --output text) aws ec2 create-snapshot --region $REGION --volume-id $EBS_VOLUME_ID --description "macOS Big Sur Xcode" # AT THIS STAGE COPY THE SNAPSHOT_ID RETURNED BY THE PREVIOUS COMMAND # WAIT FOR THE SNAPSHOT TO COMPLETE, THIS CAN TAKES SEVERAL MINUTES SNAPSHOT_ID= aws ec2 register-image --region=$REGION --name "GOLD_macOS_BigSur_Xcode" -- description "macOS Big Sur Xcode Gold Image" --architecture x86_64_mac -- virtualization-type hvm --block-device-mappings DeviceName="/dev/sda1",Ebs=\{SnapshotId=$SNAPSHOT_ID,VolumeType=gp3\} --root-device- name "/dev/sda1"

Slide 26

Slide 26 text

2 Automated Builds

Slide 27

Slide 27 text

Build and Archive xcodebuild clean build archive \ -workspace "$WORKSPACE" \ -scheme "$SCHEME" \ -archivePath "$ARCHIVE_PATH" \ -configuration "$CONFIGURATION"

Slide 28

Slide 28 text

Code Signing

Slide 29

Slide 29 text

Code Signing security create-keychain -p "${PASSWORD}" "${NAME}" security unlock-keychain -p "${PASSWORD}" "${NAME}" security list-keychains -s "${NAME}" "${OLD_KEYCHAIN_NAMES[@]}"

Slide 30

Slide 30 text

Code Signing echo $S3_APPLE_DISTRIBUTION_CERT | base64 -d > $DIST_CERT security import "${DIST_CERT}" \ -P "${APPLE_DISTRIBUTION_KEY_PASSWORD}" \ -k "${KEYCHAIN_NAME}" \ -T /usr/bin/codesign \ -T /usr/bin/xcodebuild

Slide 31

Slide 31 text

Code Signing

Slide 32

Slide 32 text

Code Signing curl -o ~/AppleWWDRCA.cer \ https://developer.apple.com/certificationauthority/AppleWWDRCA.cer security import ~/AppleWWDRCA.cer -t cert -k "${KEYCHAIN_NAME}" \ -T /usr/bin/codesign -T /usr/bin/xcodebuild curl -o ~/AppleWWDRCAG3.cer \ https://www.apple.com/certificateauthority/AppleWWDRCAG3.cer security import ~/AppleWWDRCAG3.cer -t cert -k "${KEYCHAIN_NAME}" \ -T /usr/bin/codesign -T /usr/bin/xcodebuild curl -o ~/DevAuthCA.cer \ https://www.apple.com/certificateauthority/DevAuthCA.cer security import ~/DevAuthCA.cer -t cert -k "${KEYCHAIN_NAME}” \ -T /usr/bin/codesign -T /usr/bin/xcodebuild

Slide 33

Slide 33 text

Code Signing security set-key-partition-list \ -S apple-tool:,apple: \ -s \ -k "${PASSWORD}" "${NAME}"

Slide 34

Slide 34 text

Code Signing echo $S3_MOBILE_PROFILE | base64 -d > mobile.profile UUID=$(security cms -D -i mobile.profile \ -k "${KEYCHAIN_NAME}" | plutil -extract UUID xml1 -o - - | xmllint --xpath "//string/text()" -) mkdir -p "$HOME/Library/MobileDevice/Provisioning Profiles" cp mobile.profile "$HOME/Library/MobileDevice/Provisioning Profiles/${UUID}.mobileprovision"

Slide 35

Slide 35 text

Other Build Steps

Slide 36

Slide 36 text

Amplify R E - C R E A T E A M P L I F Y C O N F I G U R A T I O N . J S O N /usr/local/bin/amplify pull \ --amplify $AMPLIFY \ --frontend $FRONTEND \ --providers $PROVIDERS \ --yes --region eu-central-1

Slide 37

Slide 37 text

+1 Other Build Steps

Slide 38

Slide 38 text

Increase Build Number +1 BUILD_NUMBER=`date +%Y%m%d%H%M%S` plutil -replace CFBundleVersion \ -string $BUILD_NUMBER \ "./getting started/Info.plist"

Slide 39

Slide 39 text

Other Build Steps

Slide 40

Slide 40 text

Upload to iTunes Connect xcrun altool \ --upload-app \ -f "$(pwd)/build/$SCHEME.ipa" \ -t ios \ -u $APPLE_ID \ -p @env:APPLE_SECRET

Slide 41

Slide 41 text

3 Integrate in the pipeline

Slide 42

Slide 42 text

AWS CodeBuild Swift Amazon Linux 2 AWS Cloud macOS + Xcode Gold AMI GitHub Xcode mac1 Instance 👩💻 Amazon EC2 ?

Slide 43

Slide 43 text

Command Message (build.sh) Command Queue Amazon Simple Queue Service AWS CodeBuild Swift Amazon Linux 2 SQSProducer AWS Cloud macOS + Xcode Gold AMI GitHub Xcode Response Queue Result Message (stdout / stderr) mac1 Instance SQS Build Agent 👩💻 Amazon EC2 ./SQSProducer https://command.queue.url \ https://response.queue.url command.sh ./SQSBuildAgent https://command.queue.url

Slide 44

Slide 44 text

SQS Build Agent S O U R C E C O D E

Slide 45

Slide 45 text

4 Integrate AWS Services

Slide 46

Slide 46 text

IAM Permissions attached { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "cloudformation:List*", "cloudformation:Describe*", "cloudformation:Get*", "cloudformation:Validate*", "cloudformation:Detect*", "amplify:List*", "amplify:Get*", "sqs:Receive*", "sqs:Send*", "sqs:DeleteMessage" ], "Resource": "*" }, { "Sid": "VisualEditor1", "Effect": "Allow", "Action": "secretsmanager:GetSecretValue", "Resource": [ "arn:aws:secretsmanager:REGION:ACCOU NT_ID:secret:amplify*", "arn:aws:secretsmanager:REGION:ACCOU NT_ID:secret:apple*" ] }

Slide 47

Slide 47 text

Store your build secrets A W S S E C R E T S M A N A G E R aws secretsmanager create-secret \ --name apple-dist-certificatee \ --secret-binary fileb://./apple-dist.p12 aws secretsmanager create-secret \ --name apple-id \ --secret-string [email protected]

Slide 48

Slide 48 text

Retrieve your build secrets AW S S E C R E T S M A N A G E R export APPLE_SECRET=$($AWS_CLI secretsmanager get-secret-value \ --secret-id $APPLE_SECRET_SECRET \ --query SecretString --output text) # These are base64 values, we will need to decode to a file when needed APPLE_CERT=$($AWS_CLI secretsmanager get-secret-value \ --secret-id $APPLE_DISTRIBUTION_CERT_SECRET \ --query SecretBinary --output text)

Slide 49

Slide 49 text

Retrieve your build secrets A W S S E C R E T S M A N A G E R echo $APPLE_CERT | base64 -d > $DIST_CERT security import "${DIST_CERT}" \ -P "${KEY_PASSWORD}" \ -k "${KEYCHAIN_NAME}" \ -T /usr/bin/codesign \ -T /usr/bin/xcodebuild

Slide 50

Slide 50 text

© 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. End-to-End Demo

Slide 51

Slide 51 text

✅ ✅ ✅ ✅

Slide 52

Slide 52 text

1

Slide 53

Slide 53 text

https://github.com/sebsto/amplify-ios-getting-started/tree/main/code

Slide 54

Slide 54 text

2

Slide 55

Slide 55 text

3

Slide 56

Slide 56 text

4

Slide 57

Slide 57 text

No content

Slide 58

Slide 58 text

Your imagination 🧠 is the limit

Slide 59

Slide 59 text

Go build !

Slide 60

Slide 60 text

Thank you! © 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved. Sébastien Stormacq @sebsto

Slide 61

Slide 61 text

Please complete the session survey © 2021, Amazon Web Services, Inc. or its affiliates. All rights reserved.