Hi all! Glad to see that you are collecting feedback on SPM plugins. Very recently I added the SPM build tool plugin for the Swift Confidential tool, which I created and made open-source. The plugin itself is located in its own repository. One may ask, why extracting the plugin to the separate repository? Long story short, this is mainly due to the current limitations of SwiftPM and the way it resolves dependencies declared in the package manifest. Now, let's get into the details.
The common limitation of the build tool plugins is that they practically cannot depend on executableTarget with CLI tool, even if you create buildCommand (as opposed to prebuildCommand). Well, it is theoretically possible as long as you limit the use of your plugin to macOS and Linux, or you abandon the use of any dependencies that have platform restrictions. However, in the majority of cases, the plugin creators would like to target as many platforms as possible. In such a configuration, if you attempt to build the client package, having a dependency on build tool plugin, targeting e.g. ios-arm64-simulator architecture you will most likely get an error, because the CLI tool itself (executableTarget) is unlikely to support such architecture. In fact, if your CLI tool uses Swift Argument Parser, it will currently only build for macOS and Linux, which makes perfect sense. What's less sensible is that SwiftPM is not capable of creating a separate dependency graph for the build tool and somehow figure out that even if the package targets iOS, the build tool itself should rather target the host platform (i.e. macos-x86_64 or macos-arm64). I know that the SPM plugin creators are aware of the problem, since it was mentioned at the very end of SE-0303 proposal, but I just want to emphasize the importance of this limitation.
Why is it so problematic you ask? First of all, with the above limitation the plugin author is pretty much forced to generate the so called artifact bundle, which is basically a ZIP file containing a directory with JSON manifest and CLI executable. To my best knowledge, there is currently no official Swift tooling for generating the artifact bundles, thus I wrote my own Bash script to automate this process. It would be great if the swift package was extended with let's say generate-artifactbundle subcommand to free the developers from the burden of writing their own scripts to accomplish this task.
Moving on, once the artifact bundle is generated, the plugin author needs to make a release of the CLI tool (main repo) attaching the generated bundle as a release artifact, and then reference that bundle from the plugin repository as a binaryTarget specifying the matching checksum. Speaking of a checksum, luckily there is an official command (swift package compute-checksum) for computing this checksum, but the way it works is rather questionable. To begin with, based on my research it appears that the only thing this command does is computing the SHA-256 of the specified file (it doesn't even need to be a ZIP file), yet it must be executed from the root of the Swift package directory, because it will first look into Package.swift file to resolve dependencies, even though this step appears to be completely redundant. You can try it out yourself by comparing the checksums computed by the swift package compute-checksum file.zip and shasum -a 256 file.zip | awk '{print $1}'. It seems that there is a potential for performance and usability optimizations in this regard.
To sum up, the current distribution process of the build tool plugins is rather cumbersome. It requires the creation of an additional repository, which needs to be kept in sync with the main repository and its releases.
Based on my recent investigation, it appears that the striked-through part is no longer an issue with Xcode 14 Beta 6.
This post already got long enough, so I will share the rest of my thoughts on plugins along with improvement ideas in a separate posts.
