SwiftLint icon indicating copy to clipboard operation
SwiftLint copied to clipboard

Published 20 hours ago verified publisher icon realm

Xcode 15: SwiftLint file-read errors when ENABLE_USER_SCRIPT_SANDBOXING = YES

Open vdhamer opened this issue 1 year ago • 8 comments

Xcode 15 beta adds a recommendation popup that the user should enable USER_SCRIPT_SANDBOXING to detect dependency issues. With ENABLE_USER_SCRIPT_SANDBOXING = YES, the build fails on several files that SwiftLint tries to scan, but can't access when running in a sandbox. These files are obviously not Swift code: myProj.xcodeproj, .git, .gitignore, and files with string localisations (*.lproj).

Version details

SwiftLint 0.52.2 Xcode 15 beta (14E300b) that came online during Apple's 2023 WWDC event. Xcode 15 beta brings Swift 5.9 (5.9.0.114.6) SwiftLint installed and upgraded to 0.52.2 using brew in Mac terminal MacOS Ventura 13.4

Workarounds to avoid the error

  • ENABLE_USER_SCRIPT_SANDBOXING = NO
  • I doubt I can fully avoid this by exclude in the .swiftlint.yml file (because that excludes directories, not files?)

Xcode error message (for my project)

Sandbox: swiftlint(10747) deny(1) file-read-data /<path>/<projectname>/<projectname> UITests

Sandbox: swiftlint(10747) deny(1) file-read-data /<path>/<projectname>/.github

Sandbox: swiftlint(10747) deny(1) file-read-data /<path>/<projectname>/nl.lproj (same for en.lproj)

Sandbox: swiftlint(10747) deny(1) file-read-data /<path>/<projectname>/.git

Sandbox: swiftlint(10747) deny(1) file-read-data /<path>/<projectname>/<projectname>.xcodeproj

The list of offending files varies a bit (probably due to incomplete/incremental compilation).

Reproducible in any project?

Haven't tried to create a "Hello World" project that is on GitHub. The .git and .github files and .xcodeproj files should do the trick. I may confirm this myself. But, if I am right, the majority of the users of the Xcode 15 beta (users of git in some form) who also use SwiftLint should run into this.

Screenshot 2023-06-08 at 18 43 49

vdhamer avatar Jun 08 '23 17:06 vdhamer

I haven’t got it quite working yet, but when sandboxing is on, the Run Script step for SwiftLint, in the Xcode project’s Build Phase, needs some more configuration. Specifically, adding some combination of “Input Files” and/or “Input File Lists” to allow SwiftLint to read the files in the project.

For example, adding $(SRCROOT)/.swiftlint.yml to Input Files allows swiftlint to read its configuration file.

Here’s what I have set for “Input Files”:

$(SRCROOT)/.swiftlint.yml
$(SRCROOT)/**/.swiftlint.yml
$(SRCROOT)/MyApp/
$(SRCROOT)/MyAppTests/
$(SRCROOT)/MyAppUITests/

Also, we may need to tell swiftlint to “exclude” some files and directories, so it doesn’t try to access them.

I tried to limit it to .swift files, and explicitly exclude the Xcode project file, and the git directory, in .swiftlint.yml:

included:
  - "*/*.swift"
  - "*/**/*.swift"
excluded:
  - "*.xcodeproj"
  - ".git"

But I still get sandboxing errors for the .xcodeproj file and the .git directory (with, or without, the --force-exclude command-line option passed to the swiftlint call):

Sandbox: swiftlint(51687) deny(1) file-read-xattr /Users/user/Documents/MyApp/MyApp.xcodeproj Sandbox: swiftlint(51687) deny(1) file-read-data /Users/user/Documents/MyApp/.git

So, apparently, even when explicitly excluded, swiftlint still tries to access those files?

grantneufeld avatar Aug 27 '23 12:08 grantneufeld

This is happening to me too on the RC of Xcode 15

mikaelacaron avatar Sep 14 '23 14:09 mikaelacaron

Same here on released version today: image

mme-Easterdown avatar Sep 19 '23 12:09 mme-Easterdown

Any update ??

Djibs avatar Sep 30 '23 15:09 Djibs

I am also experiencing this on the RC on 15

michaeldwilliams avatar Oct 04 '23 19:10 michaeldwilliams

I am also still experiencing this on SwiftLint 0.54.0 and Xcode 15.0.1.

DanielRouxSA avatar Nov 20 '23 13:11 DanielRouxSA

I add my approach, as I've been trying to confront this problem today. I surpassed the no directory read errors, nevertheless, I still got error "No lintable files found at paths". Having approximately next config in swiftlint.yml :

...
included:
  - "."
excluded:
  - "*.xcodeproj"
  - ".git"
...

And next Xcode Build phase -> command:

swiftlint lint --use-script-input-files

with Build phase -> input file:

$(SRCROOT)/.swiftlint.yml

Build phase->input file lists:

$(SRCROOT)/.swiftlint_inputFiles.xcfilelist

The input file swiftlint_inputFiles.xcfilelist is created with next command in CLI being in the project directory (which is the same as the pbxproj file):

find . -name "*.swift" > inputFiles.xcfilelist

I got until getting next error when using too many files:

Even with the pattern, you can get error when having too many files: "pattern serialization length xxxxx exceeds maximum (65535)

And this other error when reducing the amount of files:

"No lintable files found at paths"

kikeenrique avatar Dec 21 '23 22:12 kikeenrique