Further work on the plugins/artifact bundles

Author: tonyarnold

.github/workflows/release.yml

@@ -139,19 +139,16 @@ jobs:
           VERSION=${VERSION#v}  # Remove 'v' prefix if present
           echo "Creating artifact bundle for version $VERSION"
           
-          # Make script executable and run
+          # Make scripts executable and run
           chmod +x Scripts/spm-artifact-bundle.sh
+          chmod +x Scripts/update-artifact-bundle.sh
           ./Scripts/spm-artifact-bundle.sh "$VERSION"
           
-          # Update Package.swift with actual checksum and version
-          CHECKSUM=$(cat swift-dependency-audit.artifactbundle.zip.checksum)
-          sed -i "s/PLACEHOLDER_CHECKSUM_WILL_BE_UPDATED_ON_RELEASE/$CHECKSUM/" Package.swift
-          sed -i "s/v1.0.0/v$VERSION/" Package.swift
+          # Activate production Package.swift for releases
+          cp Package-production.swift Package.swift
           
-          # Verify the changes
-          echo "Updated Package.swift with:"
-          echo "Version: v$VERSION"
-          echo "Checksum: $CHECKSUM"
+          # Update Package.swift with actual checksum and version
+          ./Scripts/update-artifact-bundle.sh "v$VERSION"
           
       - name: Create traditional release archives
         run: |

CHANGELOG.md

@@ -16,7 +16,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
   - Docker-based cross-compilation for Linux platforms
   - SHA256 checksum verification for binary integrity
   - Artifact bundle generation script for automated distribution
-  - Binary-only build tool plugin execution (required for Swift Package Manager plugins)
+  - Hybrid binary/source build tool plugin execution following SwiftLint's proven pattern
 
 - **Swift Build Tool Plugin Integration**
   - Automatic dependency validation during builds with Swift Package Manager build tool plugin
@@ -98,16 +98,18 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
   - Added `Scripts/spm-artifact-bundle.sh` for automated artifact bundle generation
   - Created `Scripts/spm-artifact-bundle-info.template` for Swift Package Manager manifest generation
   - Implemented GitHub Actions workflow with matrix strategy for cross-platform builds
-  - Docker-based Linux compilation using `swift:5.10` image with platform-specific builds
+  - Docker-based Linux compilation using `swift:6.1` image with platform-specific builds
   - Binary optimization with `strip` for size reduction and `-Xswiftc -Osize` for performance
   - Artifact bundle structure following SPM schema version 1.0 with multi-platform variants
   - Automated checksum calculation with SHA256 for security verification
-  - Binary-only distribution model required for Swift Package Manager build tool plugins
+  - Hybrid distribution model with conditional binary targets for optimal platform support
+  - Dedicated `Scripts/update-artifact-bundle.sh` script for automated Package.swift checksum updates
+  - Conditional compilation patterns following Swift Package Manager best practices
 
 - **Swift Build Tool Plugin Architecture**
   - Added `DependencyAuditPlugin` conforming to `BuildToolPlugin` protocol with `@main` annotation
   - Implemented `createBuildCommands(context:target:)` method for prebuild command generation
-  - Binary-only execution using `context.tool(named:)` with artifact bundle dependencies
+  - Hybrid execution using `context.tool(named:)` with conditional platform dependencies
   - Uses modern PackagePlugin API with `pluginWorkDirectoryURL` and `directoryURL` properties
   - Target filtering with `SourceModuleTarget` type checking to reduce overhead
   - Proper test target detection using `sourceTarget.kind != .test` instead of string matching

Package.swift

@@ -1,6 +1,19 @@
 // swift-tools-version: 6.1
 import PackageDescription
 
+// Conditional plugin dependencies based on platform
+// Note: Using source target for development until binary target is available
+let swiftDependencyAuditPluginDependencies: [Target.Dependency] = [.target(name: "SwiftDependencyAudit")]
+
+// For production with binary target, use this instead:
+/*
+#if os(macOS)
+swiftDependencyAuditPluginDependencies = [.target(name: "SwiftDependencyAuditBinary")]
+#else
+swiftDependencyAuditPluginDependencies = [.target(name: "SwiftDependencyAudit")]
+#endif
+*/
+
 let package = Package(
     name: "SwiftDependencyAudit",
     platforms: [
@@ -35,12 +48,21 @@ let package = Package(
         .plugin(
             name: "DependencyAuditPlugin",
             capability: .buildTool(),
-            dependencies: ["SwiftDependencyAuditBinary"]
-        ),
-        .binaryTarget(
-            name: "SwiftDependencyAuditBinary",
-            url: "https://github.com/tonyarnold/swift-dependency-audit/releases/download/v1.0.0/swift-dependency-audit.artifactbundle.zip",
-            checksum: "PLACEHOLDER_CHECKSUM_WILL_BE_UPDATED_ON_RELEASE"
+            dependencies: swiftDependencyAuditPluginDependencies
         ),
     ]
 )
+
+// Conditionally add binary target only on macOS
+// Note: Commented out for development until first release with binary target is created
+/*
+#if os(macOS)
+package.targets.append(
+    .binaryTarget(
+        name: "SwiftDependencyAuditBinary",
+        url: "https://github.com/tonyarnold/swift-dependency-audit/releases/download/v0.1.0-test/swift-dependency-audit.artifactbundle.zip",
+        checksum: "b7bf85dc914055edac980164ba7424c4d7b6f174ef5b85a95d4d3ba543ca04f6"
+    )
+)
+#endif
+*/

Plugins/DependencyAuditPlugin/DependencyAuditPlugin.swift

@@ -12,7 +12,6 @@ struct DependencyAuditPlugin: BuildToolPlugin {
             return []
         }
 
-        // Get the binary tool from the artifact bundle
         let tool = try context.tool(named: "swift-dependency-audit")
 
         // Create output directory for plugin results

README.md

@@ -96,7 +96,7 @@ SwiftDependencyAudit includes a Swift Package Manager build tool plugin that aut
 
 ### Plugin Integration
 
-The build tool plugin uses pre-compiled binary targets for optimal performance across multiple platforms:
+The build tool plugin uses a hybrid approach for optimal performance and compatibility:
 
 ```swift
 // Package.swift
@@ -124,17 +124,28 @@ let package = Package(
 )
 ```
 
-**Note**: Build tool plugins require binary targets and cannot use source compilation. The plugin automatically uses the appropriate pre-compiled binary for your platform.
+### Hybrid Binary/Source Approach
+
+Following the proven pattern from SwiftLint, SwiftDependencyAudit uses:
+
+- **macOS**: Pre-compiled binary targets for optimal performance
+- **Other Platforms**: Source compilation for maximum compatibility
+
+This approach provides:
+
+- **Performance**: Binary targets eliminate compilation time on macOS
+- **Compatibility**: Source compilation works on all Swift-supported platforms
+- **Development**: Easy debugging and contribution with source access
+- **Production**: Optimized performance where it matters most
 
 ### Binary Target Distribution
 
-SwiftDependencyAudit provides pre-compiled binary targets for multiple platforms:
+SwiftDependencyAudit provides pre-compiled binary targets for:
 
 - **macOS**: Universal binary supporting both ARM64 (Apple Silicon) and x86_64 (Intel)
-- **Linux**: x86_64 and ARM64 architectures
 - **Cross-platform**: Artifact bundles compatible with Swift Package Manager
 
-Binary targets provide significant performance improvements over source compilation, especially in CI/CD environments and large projects.
+Binary targets provide significant performance improvements over source compilation, especially in CI/CD environments and large projects, while maintaining full compatibility across all platforms.
 
 ### Plugin Features
 

Scripts/update-artifact-bundle.sh

@@ -0,0 +1,36 @@
+#!/bin/bash
+
+set -euo pipefail
+
+readonly version="$1"
+readonly artifactbundle="swift-dependency-audit.artifactbundle.zip"
+
+# Check if artifact bundle exists
+if [[ ! -f "$artifactbundle" ]]; then
+    echo "Error: Artifact bundle '$artifactbundle' not found"
+    exit 1
+fi
+
+# Calculate checksum
+readonly checksum="$(shasum -a 256 "$artifactbundle" | cut -d " " -f1 | xargs)"
+
+echo "Updating Package.swift with:"
+echo "  Version: $version"
+echo "  Checksum: $checksum"
+
+# Update the download URL for the specific version
+sed -i '' \
+ "s|.*github\.com/tonyarnold/swift-dependency-audit/releases/download/.*/swift-dependency-audit\.artifactbundle\.zip.*|        url: \"https://github.com/tonyarnold/swift-dependency-audit/releases/download/$version/swift-dependency-audit.artifactbundle.zip\",|g" \
+ Package.swift
+
+# Update the checksum
+sed -i '' \
+ "s/.*checksum.*/        checksum: \"$checksum\"/g" \
+ Package.swift
+
+echo "✅ Package.swift updated successfully"
+
+# Verify the changes
+echo ""
+echo "Updated binary target configuration:"
+grep -A 3 -B 1 "SwiftDependencyAuditBinary" Package.swift | tail -5