New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[SR-15140] Binary target SSH URLs #4390
Comments
@swift-ci create |
Not sure we want to support this as you can already use the path-based version of binary targets and add them to the actual package's repo. What would be the incentive to have two repos? |
Comment by Daniel Lazarenko (JIRA) Our use case is having large multi-platform binaries (e.g. OpenSSL, WebRTC etc.), especially debug builds with debug symbols. We have multiple versions of those builds: v1, v2, v3... v100 - that quickly accumulates to gigabytes. If we put them into a git repo, SPM has to download it in its entirety (all 100 versions are inside the git clone directory) even though we just need a single version. If we want to limit the cloned git repo size we need to store the large binaries outside of git. One standard choice is to use GitHub releases/packages storage. We can make a "release", attach a binary file there, and point SPM to "https://github.com/acme/myprivaterepo/releases/download/skunkworks.xcframework.zip". This works, but it has issues for us:
Having SSH support solves both issues, and also reuses the same authentication mechanism as the main source code repo, which makes it easy to use: set up SSH key auth once and get the project with all the binary deps via Xcode (not having to pay for what we don't need, because it only downloads binaries that are needed). |
Ah, so GH releases are available using SSH auth? I didn't realize that, I thought this would be another repository. |
Comment by Daniel Lazarenko (JIRA) I'm sorry. I've checked, and GH doesn't actually support SSH for accessing releases. What we'd really want is to be able to use SPM binaries with private repos and GitHub "releases" or GitLab "job artifacts" or such. Since it is not related to SSH, I'm closing the issue. If you know a workaround for us (to do auth over HTTPS with SPM), please point to some solution. |
HTTP auth for fetching private binaries could be done via ~/.netrc: |
Additional Detail from JIRA
md5: c70478a85334abfdc9dcf8629b6b2540
Issue Description:
Currently .binaryTarget supports only HTTPS-based URLs.
This doesn't work with private repositories.
Specifying an SSH url like so (with or without "ssh://" prefix):
Produces an error:
This validation is hardcoded here:
https://github.com/apple/swift-package-manager/blob/main/Sources/PackageLoading/ManifestLoader.swift#L393
Since packages themselves can be fetched from SSH, it would be nice that the related binaries could be downloaded via the same channel.
The text was updated successfully, but these errors were encountered: