Ruby builders can now use AWS CodeArtifact to securely retailer and retrieve their gems. CodeArtifact integrates with commonplace developer instruments like gem
and bundler
.
Purposes usually use quite a few packages to hurry up growth by offering reusable code for widespread duties like community entry, cryptography, or information manipulation. Builders additionally embed SDKs–such because the AWS SDKs–to entry distant companies. These packages might come from inside your group or from third events like open supply tasks. Managing packages and dependencies is integral to software program growth. Languages like Java, C#, JavaScript, Swift, and Python have instruments for downloading and resolving dependencies, and Ruby builders sometimes use gem
and bundler
.
Nonetheless, utilizing third-party packages presents authorized and safety challenges. Organizations should guarantee bundle licenses are appropriate with their tasks and don’t violate mental property. They have to additionally confirm that the included code is protected and doesn’t introduce vulnerabilities, a tactic referred to as a provide chain assault. To handle these challenges, organizations sometimes use personal bundle servers. Builders can solely use packages vetted by safety and authorized groups made out there by means of personal repositories.
CodeArtifact is a managed service that enables the protected distribution of packages to inside developer groups with out managing the underlying infrastructure. CodeArtifact now helps Ruby gems along with npm, PyPI, Maven, NuGet, SwiftPM, and generic codecs.
You’ll be able to publish and obtain Ruby gem dependencies out of your CodeArtifact repository within the AWS Cloud, working with present instruments akin to gem
and bundler
. After storing packages in CodeArtifact, you possibly can reference them in your Gemfile
. Your construct system will then obtain accredited packages from the CodeArtifact repository throughout the construct course of.
The right way to get began
Think about I’m engaged on a bundle to be shared with different growth groups in my group.
On this demo, I present you ways I put together my surroundings, add the bundle to the repository, and use this particular bundle construct as a dependency for my undertaking. I deal with the steps particular to Ruby packages. You’ll be able to learn the tutorial written by my colleague Steven to get began with CodeArtifact.
I exploit an AWS account that has a bundle repository (MyGemsRepo
) and area (stormacq-test
) already configured.
To let the Ruby instruments acess my CodeArtifact repository, I begin by amassing an authentication token from CodeArtifact.
export CODEARTIFACT_AUTH_TOKEN=`aws codeartifact get-authorization-token
--domain stormacq-test
--domain-owner 012345678912
--query authorizationToken
--output textual content`
export GEM_HOST_API_KEY="Bearer $CODEARTIFACT_AUTH_TOKEN"
Be aware that the authentication token expires after 12 hours. I need to repeat this command after 12 hours to acquire a recent token.
Then, I request the repository endpoint. I move the area
identify and area proprietor
(the AWS account ID). Discover the --format ruby
possibility.
export RUBYGEMS_HOST=`aws codeartifact get-repository-endpoint
--domain stormacq-test
--domain-owner 012345678912
--format ruby
--repository MyGemsRepo
--query repositoryEndpoint
--output textual content`
Now that I’ve the repository endpoint and an authentication token, gem
will use these surroundings variable values to hook up with my personal bundle repository.
I create a quite simple undertaking, construct it, and ship it to the bundle repository.
$ gem construct hola.gemspec
Efficiently constructed RubyGem
Identify: hola-codeartifact
Model: 0.0.0
File: hola-codeartifact-0.0.0.gem
$ gem push hola-codeartifact-0.0.0.gem
Pushing gem to https://stormacq-test-486652066693.d.codeartifact.us-west-2.amazonaws.com/ruby/MyGemsRepo...
I confirm within the console that the bundle is accessible.
Now that the bundle is accessible, I can use it in my tasks as ordinary. This includes configuring the native ~/.gemrc
file on my machine. I comply with the directions offered by the console, and I be certain I exchange ${CODEARTIFACT_AUTH_TOKEN}
with its precise worth.
As soon as ~/.gemrc
is appropriately configured, I can set up gems as ordinary. They are going to be downloaded from my personal gem repository.
$ gem set up hola-codeartifact
Fetching hola-codeartifact-0.0.0.gem
Efficiently put in hola-codeartifact-0.0.0
Parsing documentation for hola-codeartifact-0.0.0
Putting in ri documentation for hola-codeartifact-0.0.0
Finished putting in documentation for hola-codeartifact after 0 seconds
1 gem put in
Set up from upstream
I also can affiliate my repository with an upstream supply. It would robotically fetch gems from upstream after I request one.
To affiliate the repository with rubygems.org, I exploit the console, or I kind
aws codeartifact associate-external-connection
--domain stormacq-test
--repository MyGemsRepo
--external-connection public:ruby-gems-org
{
"repository": {
"identify": "MyGemsRepo",
"administratorAccount": "012345678912",
"domainName": "stormacq-test",
"domainOwner": "012345678912",
"arn": "arn:aws:codeartifact:us-west-2:012345678912:repository/stormacq-test/MyGemsRepo",
"upstreams": [],
"externalConnections": [
{
"externalConnectionName": "public:ruby-gems-org",
"packageFormat": "ruby",
"status": "AVAILABLE"
}
],
"createdTime": "2024-04-12T12:58:44.101000+02:00"
}
}
As soon as related, I can pull any gems by means of CodeArtifact. It would robotically fetch packages from upstream when not domestically out there.
$ gem set up rake
Fetching rake-13.2.1.gem
Efficiently put in rake-13.2.1
Parsing documentation for rake-13.2.1
Putting in ri documentation for rake-13.2.1
Finished putting in documentation for rake after 0 seconds
1 gem put in
I exploit the console to confirm the rake
bundle is now out there in my repo.
Issues to know
There are some issues to bear in mind earlier than importing your first Ruby packages.
Pricing and availability
CodeArtifact prices for Ruby packages are the identical as for the opposite bundle codecs already supported. CodeArtifact billing relies on three metrics: the storage (measured in GB per 30 days), the variety of requests, and the info switch out to the web or to different AWS Areas. Information switch to AWS companies in the identical Area will not be charged, that means you possibly can run your steady integration and supply (CI/CD) jobs on Amazon Elastic Compute Cloud (Amazon EC2) or AWS CodeBuild, for instance, with out incurring a cost for the CodeArtifact information switch. As ordinary, the pricing web page has the small print.
CodeArtifact for Ruby packages is accessible in all 13 Areas the place CodeArtifact is accessible.
Now, go construct your Ruby functions and add your personal packages to CodeArtifact!