macOS privacy manifest enforcement is rolling out soon, so this brings all macOS plugins into alignment with our iOS policy of always having a manifest, including updating the repo tooling to enforce that.
Very few plugins are affected because most share the implementation package with iOS, and we didn't do any target platform switching when adding the manifests for iOS, automatically covering macOS as well.
Fixes https://github.com/flutter/flutter/issues/155564
This PR:
* Modifies the `version_check_command` test so it checks the leading markdown of the first line of a CHANGELOG file, to ensure it's `'##'`.
* Fixes the CHANGELOG in two packages that were allowed by the tool before this fix:
* google_maps_flutter_web
* interactive_media_ads
## Issues
Fixes https://github.com/flutter/flutter/issues/152638
When running publish-check, any pre-publish hook must be run before the `publish --dry-run` step as the latter succeeding may depend on the former.
Part of https://github.com/flutter/flutter/issues/150210
I was unsure if we wanted to add a new platform option for this or add a `--wasm` flag to the command. Adding a `--wasm` flag seems more complicated since we would probably want to add extra handling around proper use of the flag, whereas adding a `web-wasm` platform should require no additional checks.
This is in preparation for https://github.com/flutter/flutter/issues/151664
Adds the ability for a package to specify a script that should be run before publishing. To minimize the chance of such a script breaking things only in the post-submit `release` step, if the script is present it will also be run during `publish-check`.
These should be used with caution since they can cause the published artifacts to be different from that is checked in, but in the intended use case of extension builds this risk is far preferable to the risks associated with checking in binaries that were built on local, ad-hoc basis. (Longer term, we may need an alternate solution however, as generating artifacts in CI can have its own supply chain validation issues.)
Also does some minor refactoring to custom test script code to make it follow the same pattern as this new code.
Fixes https://github.com/flutter/flutter/issues/150210
Configures the flutter/packages CI to run web tests using the `canvaskit` renderer, which is the new default for web apps.
It also does some minor changes:
* Skips tests on the web for `package:palette_generator` (cleanup issue created below)
* Makes the `palette_generator` example run on the web. This was used to manually verify that the package still works as expected with canvaskit.
* Tweaks the README of the `pointer_interceptor` example apps, so they match what's happening in there.
## Issues
* Fixes https://github.com/flutter/flutter/issues/143543
Co-authored-by: David Iglesias <ditman@gmail.com>
The logic for handling Dart unit test `test_on` directives was incorrect, causing it to skip packages that required vm testing, even when run in vm mode. This PR:
- Adds the missing tests for false negatives.
- Reworks the logic to explicitly fail for anything that isn't one of the exact patterns we are expecting, to make it much harder to re-introduce a bug like this in the future.
Currently if a PR follows the recommended combo PR process for a federated plugin, the main PR will have CI errors that say the PR isn't allowed to do what it is doing, which is confusing, especially to new contributors or reviewers.
This updates the tooling to detect the temporary overrides created by the tooling, and uses that to trigger a different error message that explains that the error is expected, and exists only to prevent accidental landing.
Fixes https://github.com/flutter/flutter/issues/129303
macOS 14 added new requirements that un-codesigned sandbox apps must be granted access when changed. Waiting for this UI caused macOS tests to fail on macOS 14. Additionally, adding codesigning is not sufficient, since it must still be approved before codesigning is enough to pass the check. As a workaround, this PR disables sandboxing for macOS tests in CI.
https://developer.apple.com/documentation/updates/security#June-2023)
> App Sandbox now associates your macOS app with its sandbox container using its code signature. The operating system asks the person using your app to grant permission if it tries to access a sandbox container associated with a different app. For more information, see [Accessing files from the macOS App Sandbox](https://developer.apple.com/documentation/security/app_sandbox/accessing_files_from_the_macos_app_sandbox).
And that link explains why this is happening on a macOS 14 update:
> In macOS 14 and later, the operating system uses your appâs code signature to associate it with its sandbox container. If your app tries to access the sandbox container owned by another app, the system asks the person using your app whether to grant access. If the person denies access and your app is already running, then it canât read or write the files in the other appâs sandbox container. If the person denies access while your app is launching and trying to enter the other appâs sandbox container, your app fails to launch.
>
> The operating system also tracks the association between an appâs code signing identity and its sandbox container for helper tools, including launch agents. If a person denies permission for a launch agent to enter its sandbox container and the app fails to start, launchd starts the launch agent again and the operating system re-requests access.
Fixes packages part of https://github.com/flutter/flutter/issues/149264.
Verified tests pass:
https://ci.chromium.org/ui/p/flutter/builders/staging.shadow/Mac_arm64%20macos_platform_tests%20master%20-%20packages/6/overview
In part of the documentation, Flutter is spelled out with a typo. I fixed it using a repository search.
- [] The title of the PR starts with the name of the package surrounded by square brackets, e.g. `[shared_preferences]`
Updates all links to the Flutter wiki to point to their new location in the flutter/flutter repository. (The sole exception is a link to a doc that doesn't have a final home yet, and is linked from legacy code anyway so doesn't really need to be updated.)
While touching the PR template, makes a few minor improvements:
- Removes the breaking change discussion that doesn't apply to this repository, as breaking changes are handled totally differently for packages (and is covered by the link to docs about Dart versioning).
- Adds text and a link to reflect the fact that some PRs can be changelog-exempt.
Converts native unit tests from Objective-C to Swift, as a first step toward an eventual plugin conversion. Since OCMock usage was removed in a previous PR, the tests are converted essentially directly (the rewrites were largely mechanical syntax replacement), without any changes needed to production code.
There are a few places where interacting with the Pigeon-generated Obj-C is somewhat awkward because the NSError signature isn't auto-converting to `throw` in cases where we use `NSNumber` wrapping, but all that will get cleaned up when we switch the plugin over to Swift Pigeon generation and have idiomatic Swift APIs that the tests will be calling instead.
Fixes a couple of false positives in the repo tooling surfaced by this PR:
- `darwin/Tests/` wasn't recognized as a test directory.
- Swift tests weren't recognized as exempt from requiring Swift entries in the podspec.
Part of https://github.com/flutter/flutter/issues/119104
Usually when an iOS plugin uses Swift files, it requires a workaround in the podspec to add Swift to the search paths. Part of the `podspec-check` command is validating this workaround is found. However, when the only Swift file is the `Package.swift` (Swift Package Manager manifest), skip this validation since having this file does not indicate the plugin uses Swift files.
Fixes https://github.com/flutter/flutter/issues/147548.
- Adds `build_runner`, `mockito`, and `pigeon` to the list of dependencies that we expect to only be in dev_dependencies.
- Fixes the error message for violations; I had missed in initial review that the errorr message was the same as the one for non-repo-local depndencies, making it misleading about what the problem was and how to fix it. (Also fixed the indentation, which had always been wrong.)
- Fixes `camera_avfoundation`, which had a violation introduced in my recent PR to start the Pigeon conversion.
See https://github.com/flutter/flutter/issues/117905
*Replace this paragraph with a description of what this PR is changing or adding, and why. Consider including before/after screenshots.*
Additional checks as a followup to https://github.com/flutter/packages/pull/6446
*List which issues are fixed by this PR. You must list at least one issue.*
Related to https://github.com/flutter/flutter/issues/145992
*If you had to change anything in the [flutter/tests] repo, include a link to the migration guide as per the [breaking change policy].*
Create a linter that ensures that `integration_test` is not used in dependencies.
Will be paired with a change to documentation
```
If you are considering adding an external dependency:
Consider other options, and discuss with #hackers-ecosystem in Discord.
* If you add a dev_dependency on an external package, pin it to a specific version if at all possible.
* If you add a dependency on an external package in an example/, pin it to a specific version if at all possible.
* Some dependencies should only be linked as dev dependencies like integration_test
```
Related to flutter/flutter/issues/145992
Reverts: flutter/packages#6416
Initiated by: ditman
Reason for reverting: Failures happen (later) in other plugins (more updates in the related issue)
https://github.com/flutter/flutter/issues/145866
Original PR Author: ditman
Reviewed By: {jmagman}
This change reverts the following previous change:
Adds `--allow-warnings` to podspec_check_command.dart so stuff can keep rolling.
**To be removed soon!**
Adds the flowing to the tool:
- A new `--exact-match-only` flag to be used with `--packages` to prevent group matching (i.e., a selection like `--packages=path_provider --exact-match-only` would only run on `packages/path_provider/path_provider`, not `packages/path_provider/*`).
- Two new `publish` command flags:
- `--tag-for-auto-publish`, to do all the steps that `publish` currently does except for the real `pub publish`, so it would dry-run the publish and then create and push the tag if successful.
- `--already-tagged`, to skip the step of adding and pushing a tag, and replace it with a check that `HEAD` already has the expected tag.
This set of additions supports a workflow where the current `release` step is changed to use `--tag-for-auto-publish`, and then the separate auto-publish system would publish each package with `... publish --already-tagged --packages=<some package> --exact-match-only`.
See https://github.com/flutter/packages/pull/5005#discussion_r1344542422 for previous discussion/context.
Part of https://github.com/flutter/flutter/issues/126827
The web tests currently all assume to be using the html renderer. `flutter test` previously erroneously was serving files for the HTML renderer by default (which is not the intended behavior). After this was fixed, the tests started running on the CanvasKit renderer and some of them broke. If we are relying on the html renderer, we should explicitly pass it when running `flutter test`
When running `analyze` in a local tree that has done builds, there can be false positives of the "unexpected analysis options" check due to the .symlinks directory making other packages' analysis options show up in the check. This avoids following links to prevent those false positives.
Updates the repo tooling to Dart 3, now that the N-2 version has Dart 3, which allows us to use Dart 3 features (e.g., records) going forward.
To allow the update:
- Removes `break` commands from `switch`es (all done automatically with `dart fix --apply`)
- Replaces mocking of `ProcessResult` with just creating an actual `ProcessResult` since it's a `final` data class and thus can't (but also doesn't need to be) mocked.
`script/tool_runner.sh` has only been intended for CI usage for quite a while, but it still lives in a prominent non-CI location which has been a source of confusion for developers (e.g., people looking at how CI is running things, and reasonably assuming that since the script isn't in a CI-specific location, it's for general use). While running it for simple cases works, it conflicts with any package selection, which is common thing to want to control when running locally.
This makes the following changes:
- Move the script into the .ci directory
- Adds explicit comments that it's not designed for local use, with a pointer to the corresponding local command
- Removes a stale reference to external-to-the-repo use of tool_runner.sh, as that usage no longer exists
- Also consolidates and updates the links to the external scripts
- Updates a couple of CONTRIBUTING.md comments that still said to run tool_runner.sh
- Opportunistically cleans up some tooling references to .cirrus.yml, found while cleaning up comments in tool_runner.sh and checking for other references.
Expand the multiple-test-files workaround in `drive-examples` from macOS to all of the desktop platforms, now that we know it's not macOS-specific.
See https://github.com/flutter/flutter/issues/135673
The example app of a federated example is effectively test-only code, so treat changes to it (other than the one published file) as dev-only for the purposes of deciding what to flag for CHANGELOGs.
Reworks Pigeon's CI validation of generated files to support multiple hosts, rather than only Linux, with the ability to set specific languages per host, to allow us to run validation for each language on whatever host it is most convenient to set up a formatter for that language, rather than having to support all languages on Linux.
See discussion in https://github.com/flutter/packages/pull/5928
Part of https://github.com/flutter/flutter/issues/41129
Get ready for a world where `swift-format` is available on the `PATH` https://flutter-review.googlesource.com/c/recipes/+/54020
1. Add `format --clang-format --java --kotlin --swift --dart` flags to decide whether to run specific formatters, as opposed to using the `path`. Keep `swift-format` optional but default the others to run. This matches the current behavior on Linux.
2. Add `*-path` variants of each.
This will allow us to run `format --swift --no-clang-format --no-java --no-kotlin --no-dart` on the macOS bot so it doesn't duplicate same `format` call run on Linux.
Part of https://github.com/flutter/flutter/issues/41129
Adds a new tool command (and runs it in CI) to check that each package:
- is listed correctly in the repo-level README.md table
- has a CODEOWNERS entry
In the future we could add other things (e.g., auto-label), but these were the main things we've had issues with recently.
Updates README.md and CODEOWNERS to fix failures it found:
- Adds a couple of missing CODEOWNERS
- Expands the web implementation CODEOWNERS to individual packages so that we don't have to special-case handling in the tool
- Fixes some minor mistakes in README.md
- URL-encodes all `:`s in the README.md links (which is why ever line shows as changed); it worked without that in practice, but it should really be encoded, and having it consistently encoded made things easier for the tooling.
Adds privacy manifests to all iOS plugins.
While we only *need* to do the plugins listed [here](https://developer.apple.com/support/third-party-SDK-requirements/) for now, the wording of the page:
> The following are commonly used SDKs in apps on the App Store
suggests that the list of things for which this is required is just an arbitrary cutoff rather than a conceptual distinction, so it seems safest to just assume the list will grow over time and do all of them. To ensure that, this includes new repo tooling to check that a manifest is specified in the podspec.
The large caveat is that we do not currently know if this actually works. This is the method of inclusion that seems to be [the consensus among people using Cocoapods](https://github.com/CocoaPods/CocoaPods/issues/10325), as bundling it directly as a `resource` causes problems for clients who do not use `use_frameworks`. (In theory it seems like a manifest would not actually be *required* in that case since there is no framework, but it has the potential to actually stomp top-level resources.) Hopefully the automated analysis that Apple will eventually roll out will tolerate the file being bundled in a resource bundle in the framework rather than a top-level manifest file. If not, however, it's not clear how Cocoapods can be supported, so we can adopt this common approach for now under the assumption that eventually tooling will adapt to the reality of the ecosystem, and revisit the exact bundling later if necessary.
Only `shared_preferences` has a non-empty manifest, as it is our only plugin that uses a required reason API, and none of our plugins themselves collect private data. Ideally for that plugin we would instead use `C56D.1`, which is for wrappers, but as currently written we can't use it since it's exclusively a wrapper. If that changes in the future based on our pending request, we can revisit. For now, however, this reason should suffice since we don't currently allow reading from other app groups.
Fixes https://github.com/flutter/flutter/issues/131495
Fixes https://github.com/flutter/flutter/issues/139756
Fixes https://github.com/flutter/flutter/issues/139757
Fixes https://github.com/flutter/flutter/issues/139758
Fixes https://github.com/flutter/flutter/issues/139759
Fixes https://github.com/flutter/flutter/issues/139760
See also https://github.com/flutter/flutter/issues/139761
For iOS and macOS move fetch deps from explicity running `pub get` and `pod install` to instead run `flutter build x --config-only` which smartly fetches deps and lays down the required native pieces. I didn't guard it on whether certain files are present since the command already has similar guards, and runs pretty fast if the native code has already been generated.
This fixes an issue where `pod install` is run before the Flutter native bits and migrations are run.
Fixes issues seen in the Flutter roll https://github.com/flutter/packages/pull/5792#issuecomment-1876103613
```
Running command: "pod install" in /Volumes/Work/s/w/ir/x/w/packages/packages/camera/camera_avfoundation/example/ios
Analyzing dependencies
[!] CocoaPods could not find compatible versions for pod "Flutter":
In Podfile:
Flutter (from `Flutter`)
Specs satisfying the `Flutter (from `Flutter`)` dependency were found, but they required a higher minimum deployment target.
[!] Automatically assigning platform `iOS` with version `11.0` on target `Runner` because no platform was specified. Please specify a platform for this target in your Podfile. See `https://guides.cocoapods.org/syntax/podfile.html#platform`.
Unable to "pod install"
```
Caused by https://github.com/flutter/flutter/pull/140478
A non-Flutter package can have Flutter-based tests (e.g., cupertino_icons), in which case we need to use `flutter test` rather than `dart test` just like we would for a package with a non-dev Flutter dependency. This updates the `requiresFlutter` check to include dev dependencies as well as normal dependencies.
⦠to `update-excerpts` tool
Need this tool to recognize `.java`, `.gradle`, and `.sh` files in order to complete [flutter/flutter#102679](https://github.com/flutter/flutter/issues/102679). The `README.md` for the `espresso` package contains code from `.java`, `.gradle`, and `.sh` files.
Support for `.m` files was requested by @tarrinneal.
Part of fix for https://github.com/flutter/flutter/issues/138336 by bumping the Gradle version of all package example apps (plus `image_picker_android` plugin) to 7.6.3 from those that had a version below that to fix security vulnerability.
Also fixes a bug I found while using the `update-dependencies` packages tool command that caused it to not catch all of the `gradle-wrapper.properties` files when running with the `gradle` dependency + added a test for the fix.
