Part of my build process involves downloading a specific dependency which requires a key. Obviously I don't want to commit the key to git. Most real CI solutions allow you to add secrets via their UI and then you can access them in the build script via env variables. Can't find any documentation on doing this with Xcode Cloud - is it possible?
I guess not?
I think this will be possible with the Environment section of the Xcode Cloud Workflow. There's a checkbox for "Secret" next to each environment variable that you define.
Bump! Everything I see is "use the Edit Scheme -> Run -> Arguments -> Environment variables" but this is not what I want since the value has to be specified there. So...?
Custom environment variables seem to be the way for this, as per the docs:
In addition to Xcode and macOS versions, you can set custom environment variables for a workflow in its Environment section. These variables are available to custom build scripts you use to extend workflows. For example, set a secret environment variable to contain an API key you use in a custom build script that uploads a workflow’s artifacts to your server. Important To securely store an environment variable and make sure it doesn’t appear in any logs, select the Secret checkbox.