In Xcode 14 beta 4, build tool plugins need to be trusted before they can be run now, which works fine on my local Xcode instance by following the instructions in the alert dialogue.
However, on Xcode cloud I'm just given an error immediately after starting the archive:
Showing All Messages
Archiving project Foo with scheme Foo of project Foo
Prepare packages
Validate plug-in “CodegenPlugin” in package “mypackage”
“CodegenPlugin” is disabled
Plug-in “CodegenPlugin” is implemented here
From what I can tell, there's no state or flag stored in the Xcode project files or anything else that is checked in. Is there an environment variable or flag I can set to tell Xcode cloud to trust my build tool plugin?
Yup, this looks like what I'm looking for, thanks! The only problem now is to figure out how to pass it to Xcode Cloud. There doesn't seem to be any option for passing xcodebuild arguments in the edit workflow screen, only a table for environment variables.
Hi @Luke_Lau - did you ever figure out a solution to this?
Seems like you cannot use Swift Package Plugins, or any dependency which might use them, if you also want to use Xcode Cloud. Which is a bit of a deal breaker - as it's highly likely that open source packages will start making use of them.
It is possible to get Xcode Cloud to trust build tool plugins programmatically. Here are the steps required:
In the same directory as your project/workspace, create a directory named ci_scripts containing a file named ci_post_clone.sh. Exactly those names.
In the script, execute the following statements: defaults write com.apple.dt.Xcode IDESkipPackagePluginFingerprintValidatation -bool YES and defaults write com.apple.dt.Xcode IDESkipMacroFingerprintValidation -bool YES. Exactly those statements, including the misspelling (validataion).
If you haven't already, track your project/workspace Package.resolved file in source control. Can't git-ignore it, or else Xcode Cloud refuses to proceed.
I'm assuming you've also done all the clicking and typing and logging in necessary to connect your Xcode project, your Xcode Cloud project, and your source control, but one step in there is easy to miss, because the Xcode wizard that walks you through granting source control (say, GitHub) access to Xcode Cloud will give you a green checkmark saying "You're done!" before you're actually done. The very last step requires logging into App Store Connect one last time, and granting Xcode Cloud your permission to access the repositories, again. If you miss this step, package resolution will fail.
With all this in place, Xcode Cloud should be to check out your source, resolve packages (including public-hosted, private-hosted, and local packages), and run builds/tests, automatically trusting build plugins included among your packages.
BIG CAVEAT: As of Xcode 15, build tool plugins are no longer allowed to modify source code in situ. Code generation plugins, like Protobuf, are only permitted to write source to a temporary directory. Any existing workflows you have that were built on a capacity to generate version-control-tracked source in CI are not gonna work.