Artifactory, Your Swift Package Repository

If you’re looking forward to WWDC 2022 for some exciting Swift news, we have just the thing.

JFrog now offers the first and only Swift binary package repository, enabling developers to use JFrog Artifactory for resolving Swift dependencies instead of enterprise source control (Git) systems. Swift developers can benefit from Artifactory’s robust binary management and the ways that it contributes to stable and efficient CI/CD, massive scalability, and securing the software supply chain..

Why Swift?

Since its introduction as an open source programming language in 2015, Swift has quickly supplanted Objective-C and is most widely used as the go to language for iOS – and all the other Apple OS – app development.

But Swift’s utility goes beyond just developing for Apple products. As a general purpose language, Swift has also found some love among server developers using it to build web services, serverless functions, and more. In addition to running on the Apple and Linux platforms, there are community ports to Windows, WebAssembly, and even Android.

Swift was designed to find the balance between expressibility, performance, and safety. A big emphasis was put on making Swift code easy to read and maintain, as well as making sure Swift code is safe and fast. Swift has no VM or JIT which gives it predictable performance, and is designed to be memory safe from the ground up.

It’s for these reasons that Swift regularly hits “10 most popular language” lists. As of writing, it’s currently sitting at number 12 on the TIOBE index – although expect a bump following WWDC.

Swift’s New Registry-Based Dependency Management

The addition of registry-based dependency management in Swift 5.7 offers an alternative to the source-based dependency management the community is used to. 

Using source control allowed Swift developers to get a package ecosystem up and running quickly, but can cause non-trivial challenges for development organizations such as:

  1. Source-based dependencies are mutable, and using tags for versions only works so long as developers do not force push or move tags around.
  2. Using generic protocols to interact with source control systems isn’t as efficient as needed for enterprise scale dependency resolution.
  3. It is difficult to impossible to tie a commit back to the author in a reliable way, making it unreliable to guarantee the authenticity of the package and its construction.
  4. To interoperate with other languages such as C and Objective C, the Swift Package Manager must have a unique identity for each package in a dependency graph, which can easily break when developers move things between systems.
  5. Developers are unable to store metadata about packages alongside the package artifact material.

A package registry option for Swift addresses these concerns, and JFrog was fortunate to be amongst the collaborators that helped bring Swift’s package registry capabilities to life.

Today there are thousands of packages available in public source control repositories and require a way to map URLs to unique identities, potentially across multiple SCM providers. Thankfully, Artifactory’s flexible metadata system makes it easy to map various URLs to a single identity, enabling the Swift Package Manager to query the registry and avoid duplication across the two identity systems.

Using Artifactory will empower Swift developers to deprecate bespoke and complex URL mapping systems that had to be put in place to address the unique identity issues across public and private forks, rate limiting hitting public source control systems, information leaks about dependencies etc. This will result in improved productivity and security in building and deploying Swift-based systems.

Getting Started with Swift Repositories

Setting up Artifactory as your private Swift Repository is easy and helps assure uninterrupted speed and consistency of your Swift builds across teams. Take advantage of Artifactory’s three repository types for managing your Swift packages and dependency resolution:

  • Local Repositories – For the private Swift packages that you create and share only within your team or project.
  • Remote Repositories – A caching proxy for a registry managed at a remote URL. Artifacts (such as .zip files) requested from a remote repository are cached on demand. You can remove downloaded artifacts from the remote repository cache, however, you can not manually deploy artifacts to a remote Swift registry.
  • Virtual Repositories – Virtual repositories blend 1st and 3rd party (Local and Remote) packages for greater flexibility and a single URL for deployment and dependency resolution.

GA for Swift support in JFrog Artifactory arrives mid June. For easy step-by-step instructions for setting up each of these Swift Repositories, see the JFrog user documentation.

Conclusion

Adding registry-based dependency management is a big step forward for this relatively young language and has the potential for a massively positive impact on the Swift community.
By leveraging Swift repositories in Artifactory you can put to work essential software supply chain best practices to enable DevOps success. Ensure consistency across all your Swift developer teams for dependencies and packages, enable fast and reliable CI/CD, govern access across teams with Artifactory’s fine-grained permissions system, and more.

Try Artifactory’s Swift repositories for yourself and see! You can start putting these methods into practice with a free JFrog cloud account!