search

realm / SwiftLint

A tool to enforce Swift style and conventions.
https://realm.github.io/SwiftLint
MIT License
18.7k stars 2.23k forks source link

Xcode 15: SwiftLint file-read errors when ENABLE_USER_SCRIPT_SANDBOXING = YES #5053

Open vdhamer opened 1 year ago

vdhamer commented 1 year ago

Xcode 15 beta adds a recommendation popup that the user should enable USER_SCRIPT_SANDBOXING to detect dependency issues. With ENABLE_USER_SCRIPT_SANDBOXING = YES, the build fails on several files that SwiftLint tries to scan, but can't access when running in a sandbox. These files are obviously not Swift code: myProj.xcodeproj, .git, .gitignore, and files with string localisations (*.lproj).

Version details

SwiftLint 0.52.2 Xcode 15 beta (14E300b) that came online during Apple's 2023 WWDC event. Xcode 15 beta brings Swift 5.9 (5.9.0.114.6) SwiftLint installed and upgraded to 0.52.2 using brew in Mac terminal MacOS Ventura 13.4

Workarounds to avoid the error

Xcode error message (for my project)

Sandbox: swiftlint(10747) deny(1) file-read-data /<path>/<projectname>/<projectname> UITests

Sandbox: swiftlint(10747) deny(1) file-read-data /<path>/<projectname>/.github

Sandbox: swiftlint(10747) deny(1) file-read-data /<path>/<projectname>/nl.lproj (same for en.lproj)

Sandbox: swiftlint(10747) deny(1) file-read-data /<path>/<projectname>/.git

Sandbox: swiftlint(10747) deny(1) file-read-data /<path>/<projectname>/<projectname>.xcodeproj

The list of offending files varies a bit (probably due to incomplete/incremental compilation).

Reproducible in any project?

Haven't tried to create a "Hello World" project that is on GitHub. The .git and .github files and .xcodeproj files should do the trick. I may confirm this myself. But, if I am right, the majority of the users of the Xcode 15 beta (users of git in some form) who also use SwiftLint should run into this.

Screenshot 2023-06-08 at 18 43 49
grantneufeld commented 1 year ago

I haven’t got it quite working yet, but when sandboxing is on, the Run Script step for SwiftLint, in the Xcode project’s Build Phase, needs some more configuration. Specifically, adding some combination of “Input Files” and/or “Input File Lists” to allow SwiftLint to read the files in the project.

For example, adding $(SRCROOT)/.swiftlint.yml to Input Files allows swiftlint to read its configuration file.

Here’s what I have set for “Input Files”:

$(SRCROOT)/.swiftlint.yml
$(SRCROOT)/**/.swiftlint.yml
$(SRCROOT)/MyApp/
$(SRCROOT)/MyAppTests/
$(SRCROOT)/MyAppUITests/

Also, we may need to tell swiftlint to “exclude” some files and directories, so it doesn’t try to access them.

I tried to limit it to .swift files, and explicitly exclude the Xcode project file, and the git directory, in .swiftlint.yml:

included:
  - "*/*.swift"
  - "*/**/*.swift"
excluded:
  - "*.xcodeproj"
  - ".git"

But I still get sandboxing errors for the .xcodeproj file and the .git directory (with, or without, the --force-exclude command-line option passed to the swiftlint call):

Sandbox: swiftlint(51687) deny(1) file-read-xattr /Users/user/Documents/MyApp/MyApp.xcodeproj Sandbox: swiftlint(51687) deny(1) file-read-data /Users/user/Documents/MyApp/.git

So, apparently, even when explicitly excluded, swiftlint still tries to access those files?

mikaelacaron commented 1 year ago

This is happening to me too on the RC of Xcode 15

mme-Easterdown commented 1 year ago

Same here on released version today:

image
Djibs commented 1 year ago

Any update ??

michaeldwilliams commented 1 year ago

I am also experiencing this on the RC on 15

DanielRouxSA commented 1 year ago

I am also still experiencing this on SwiftLint 0.54.0 and Xcode 15.0.1.

kikeenrique commented 11 months ago

I add my approach, as I've been trying to confront this problem today. I surpassed the no directory read errors, nevertheless, I still got error "No lintable files found at paths". Having approximately next config in swiftlint.yml :

...
included:
  - "."
excluded:
  - "*.xcodeproj"
  - ".git"
...

And next Xcode Build phase -> command:

swiftlint lint --use-script-input-files

with Build phase -> input file:

$(SRCROOT)/.swiftlint.yml

Build phase->input file lists:

$(SRCROOT)/.swiftlint_inputFiles.xcfilelist

The input file swiftlint_inputFiles.xcfilelist is created with next command in CLI being in the project directory (which is the same as the pbxproj file):

find . -name "*.swift" > inputFiles.xcfilelist

I got until getting next error when using too many files:

Even with the pattern, you can get error when having too many files: "pattern serialization length xxxxx exceeds maximum (65535)

And this other error when reducing the amount of files:

"No lintable files found at paths"

stherold commented 2 months ago

Now the setting ENABLE_USER_SCRIPT_SANDBOXING triggers a warning in Xcode 16 🤔