1

I have an app largely built from CocoaPods (some internal, some external), but in a move to modularise and modernise it, new code is being written in SPM packages. Those packages have dependencies of their own.

As soon as I pin the host app to a tagged version (0.0.2 .. Next Minor) of our internal library, I get errors that I can't explain:

Failed to resolve dependencies
Dependencies could not be resolved because root depends on '{ourLibrary}' 0.0.2..<0.1.0.
'{ourLibrary}' >= 0.0.2 cannot be used because ...
no versions of '{ourLibrary}' match the requirement 0.0.3..<0.1.0
and package '{ourLibrary}' is required using a stable-version
but '{ourLibrary}' depends on an unstable-version package 'iglistkit'.

Two sources of confusion:

  1. The error seems to be saying "you can't have version 0.0.2 because there is no version 0.0.3". Maybe this is a bug in the formatting of the message.

  2. The IGListKit version is "unstable". That project hasn't produced a tagged release for 3+ years so ourLibrary is asking for a version pinned to a specific commit, which is surely the most stable a version can be.

    In ourLibrary's Package.swift:

    .package(url: "https://github.com/Instagram/IGListKit", revision: "501cccc6f03"),

ourLibary is fetched from a git@github.com URL, which can apparently cause other package resolution problems. Maybe this is another one?

Chris
  • 3,445
  • 3
  • 22
  • 28
  • 1
    I think Swift Package Manager does not regard a dependency on a commit hash as stable. The code represented by a commit hash is never going to change, but hat doesn't mean it is stable in the more general sense of being production ready. – JeremyP Mar 30 '23 at 10:34
  • The last stable release of *IGListKit* was apparently 4.0.0 in 2019 but the repo is still active. Maybe raise an issue to get them to produce a new release? – JeremyP Mar 30 '23 at 10:34
  • 1
    I have seen comments (on swift.org, I think) suggesting that `revision:` is considered stable, but I agree with your reasoning. I think I'll try a fork of IGListKit, then I can add a tag. If that resolves it, it will give more weight to a "start doing releases again please" issue. – Chris Mar 30 '23 at 10:36
  • 1
    The [SPM docs](https://github.com/apple/swift-package-manager/blob/main/Documentation/PackageDescription.md) specifically forbid your use case :( "packages which use commit-based dependency requirements can't be added as dependencies to packages that use version-based dependency requirements" – JeremyP Mar 30 '23 at 10:55
  • Useful find, thank you. Also, I can confirm that a forked `IGListKit` with a tag added resolves the problem, so I'll raise an issue there. – Chris Mar 30 '23 at 11:16
  • If you'd like to repeat your comment as an answer @JeremyP, I'll gladly accept it. – Chris Mar 30 '23 at 11:25

1 Answers1

2

Swift Package Manager does not regard a dependency on a commit hash as stable. The code represented by a commit hash is never going to change, but that doesn't mean it is stable in the more general sense of being production ready.

The documentation on SPM dependencies says this:

packages which use commit-based dependency requirements can't be added as dependencies to packages that use version-based dependency requirements

I think your only courses of action are either to fork the IGListKit repository or raise an issue with them to get them to start tagging releases again. Either that, or use the 4.0.0 release from 2019 which was the last one.

JeremyP
  • 84,577
  • 15
  • 123
  • 161
  • The last officially tagged version won't build as a dependency of another package. I have created an issue, but don't have high hopes so have forked and tagged it, which does resolve the issue. – Chris Mar 31 '23 at 20:42