I have a project that produces an XCFramework which I zip and upload to the GitHub releases page of the private repository. I've added my personal access token to
~/.netrc and verified it working correctly against api.github.com. Following the GitHub REST reference I am able to find the relevant
asset_id and declare a binary dependency as such:
.binaryTarget( name: privateName, url: "https://api.github.com/repos/\(owner)/\(repo)/releases/assets/\(assetId).zip", // must have .zip extension otherwise get "invalid extension" error - but seems GitHub API doesn't mind the file extension being added checksum: checksum )
This however fails to pull in the binary content. When proxying the network traffic I can see that SPM is making the request without including the
Accept: application/octet-stream header, and according to GitHub docs, without adding this header the response will just be a JSON output description of the asset. Based on this, SPM then fails the resolution with a checksum mismatch failure, since the response it got back is actually a JSON document rather than the zipped XCFramework.
Understandably SPM isn't setting any special request headers based on location; but:
- Am I missing a more obvious way to depend on a binary hosted in a private GitHub release?
- Is there a way to set custom headers on binary requests?
- If there isn't a way currently, would it be considered to introduce a new parameter to
customRequestHeaders: [String: String] = [:]?
As a point of reference, this is possible in Carthage via the use of the
github origin keyword in the Cartfile, such as:
github "owner/repo" "release_tag"
For the special
github case, Carthage first gets a release by tag name, then pulls in files that have
.xcframework.zip when passing
--use-xcframeworks arg) by correctly (for this scenario) setting the
Though from what I understand, this was a somewhat controversial feature introduction, as it gave special preference to GitHub integration over any other code repository. I imagine anything so custom wouldn't be desirable here, but any thoughts towards custom headers for binary targets?