Segment package versioning
xcodedave opened this issue · comments
Describe the bug
To permit reproducible builds (e.g. when building versioned apps), dependencies must be version locked.
The implicit requirement on package vendors is that package versions remain available after being published (even if deprecated or bugs are found - those should be patch versions).
It seems that version 1.5.10 of analytics-swift has disappeared / been deleted and its version tag is no longer present in this repository. This happened after it was published and our code version locked against it. 😭
To Reproduce
Setup a Swift package depending on version 1.5.10 of the Segment analytics-swift package. e.g.:
// swift-tools-version: 5.10
import PackageDescription
let package = Package(
name: "SegmentTest",
products: [
.library(name: "SegmentTest", targets: ["SegmentTest"]),
],
dependencies: [
.package(url: "https://github.com/segmentio/analytics-swift", exact: "1.5.10")
],
targets: [
.target(
name: "SegmentTest",
dependencies: [
.product(name: "Segment", package: "analytics-swift")
]
)
]
)Expected behavior
I expected the published 1.5.10 version of https://github.com/segmentio/analytics-swift to still exist and not cause CI builds to fail.
Screenshots
CI log:
Dependencies could not be resolved because no versions of 'analytics-swift' match the requirement 1.5.10 and [REDACTED] depends on 'analytics-swift' 1.5.10.
Platform (please complete the following information):
- Library Version in use: 1.5.10
- Platform being tested: iOS
- Integrations in use: N/A
Additional context
Removing already published package versions leads to breaking CI. Non-reproducible builds, and necessitates rebasing of working branch(es). Please do not do this.
Refer to here: #336
My apologies for the hassle. Please move to 1.5.11.