fix(release): block SwiftPM checksum drift#509
Conversation
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Run ID: 📒 Files selected for processing (2)
🚧 Files skipped from review as they are similar to previous changes (2)
📝 WalkthroughWalkthroughThe release pipeline now enforces ChangesSPM Checksum Drift Prevention
Estimated code review effort: 2 (Simple) | ~10 minutes Possibly related PRs
Suggested labels: 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
b6265a9 to
657c400
Compare
Fixes #499
Description
Strengthens the release pipeline so future SwiftPM tags cannot publish with binary target checksums that differ from the freshly built XCFramework zips. SwiftPM resolves
Package.swiftfrom the immutable Git tag, so release-time checksum drift must block publishing instead of being patched into a release asset that consumers never read.Type of Change
Summary
Package.swiftis still in local-native mode.scripts/release/sync-versions.shso release prep setsuseLocalNatives = falsebefore tagging.Root Cause
SwiftPM resolves
Package.swiftfrom the immutable Git tag. The release workflow previously ransync-checksums.shafter artifacts were built and attached a correctedPackage.swift.updatedasset, but external SPM consumers never read that asset. If the tagged manifest checksums did not already match the uploaded zips, the release was still unresolvable.Testing
Validation performed:
git diff --checkrelease.ymlparsed with Python/PyYAMLbash -n scripts/release/sync-versions.shbash -n sdk/runanywhere-swift/scripts/sync-checksums.shsync-checksums.shchangesPackage.swiftwhen generated zips do not match the tagged checksumsPlatform-Specific Testing (check all that apply)
Swift SDK / iOS Sample:
Kotlin SDK / Android Sample:
Flutter SDK / Flutter Sample:
React Native SDK / React Native Sample:
Playground:
Web SDK / Web Sample:
Labels
Please add the appropriate label(s):
SDKs:
Swift SDK- Changes to Swift SDK release consumption (Package.swift/ SwiftPM release flow)Kotlin SDK- Changes to Kotlin SDK (sdk/runanywhere-kotlin)Flutter SDK- Changes to Flutter SDK (sdk/runanywhere-flutter)React Native SDK- Changes to React Native SDK (sdk/runanywhere-react-native)Web SDK- Changes to Web SDK (sdk/runanywhere-web)Commons- Changes to shared native code (sdk/runanywhere-commons)Sample Apps:
iOS Sample- Changes to iOS example app (examples/ios)Android Sample- Changes to Android example app (examples/android)Flutter Sample- Changes to Flutter example app (examples/flutter)React Native Sample- Changes to React Native example app (examples/react-native)Web Sample- Changes to Web example app (examples/web)Checklist
Notes
This prevents future releases from shipping mismatched SwiftPM binary target checksums. It does not rewrite existing tags such as
v0.19.10throughv0.19.13; those require a new patch release or maintainer-side asset remediation.Screenshots
Not applicable; release automation change only.
Summary by CodeRabbit