Issue with Pulling SPM from AWS CodeArtifact in Xcode Cloud - SSL Error Intermittently Occurs

Developer Tools & Services Xcode Cloud
Vinsi OP
Created 4w
Replies 2
Boosts 1
Views 205
Participants 2

Hi everyone,

I'm encountering an intermittent issue with my Xcode Cloud CI/CD pipeline when pulling Swift Package Manager (SPM) dependencies from AWS CodeArtifact. The build process occasionally fails with an SSL error, but other times it succeeds without any issues. This inconsistency is causing significant disruption to our continuous integration process.

Environment:

Xcode Cloud Swift Package Manager (SPM) for dependency management AWS CodeArtifact as the package registry

Error Message:

Error: registry login using https://xx-xx-xx.codeartifact.eu-central-1.amazonaws.com/swift/***/login failed: The certificate for this server is invalid. You might be connecting to a server that is pretending to be "xx-xx-xx.codeartifact.eu-central-1.amazonaws.com" which could put your confidential information at risk.. Would you like to connect to the server anyway?

Replies  2
Boosts  1
Views  205
Participants  2
darrellb OP
1w

I'm seeing the same issue, though with a Reposilite server. Happened first about a month ago and it stopped pretty much all of our builds from working. It then just kind of resolved itself while I was looking into it. Now it just started erroring out again starting today, just randomly in some builds.

0
darrellb OP
1w

I've found a workaround for the issue that I'll be rolling out to the team soon - in short, move the package resolution up a step, and add retry logic.

I grabbed a retry function from a Stack Overflow post (which apparently I can't link here, but you could find it pretty easy searching for details from the function below), dropped it into the ci_post_clone.sh script along with a call to do package resolution.

Doing the package resolution here will cache the results so the later resolution done during the build phase doesn't need to go out to the internet and try to download them again. In my tests so far I've found that it usually resolves correctly by the 2nd or 3rd attempt.

#!/bin/sh

function fail {
  echo $1 >&2
  exit 1
}

function retry {
  local n=1
  local max=5
  local delay=15
  while true; do
    "$@" && break || {
      if [[ $n -lt $max ]]; then
        ((n++))
        echo "Command failed. Attempt $n/$max:"
        sleep $delay;
      else
        fail "The command has failed after $n attempts."
      fi
    }
  done
}

echo "Pre-resolving packages"
retry swift package resolve
0
Issue with Pulling SPM from AWS CodeArtifact in Xcode Cloud - SSL Error Intermittently Occurs
First post date Last post date
 
 
Q