Symbiosis with OSS as an iOS Engineer

By Aki Yuki

Elevator Pitch

Learn best practices, security insights, and the importance of iOS Community contributions to OSS as iOS Developer. This talk will empower you to adapt, contribute, and secure your OSS usage in the iOS development from real-world case study.

Description

Background

OSS inextricably enhances our iOS development and we are depending on many OSS projects. For example, software that improves the deployment experience like fastlane, great libraries like RxSwift, and even the Swift compiler are all open source.

However, due to being on the Apple platform, the OSS that we use requires changes every time there is an update, and can be greatly influenced by those changes. For example, if OSS has issue on the new Xcode (beta), what should we do? Also, as tools such as Swift Package, which have a high compatibility with OSS, have evolved, security risks have increased, but knowledge about what kind of risks there are is not widespread.

What you’ll learn from this Talk about OSS

In this talk, I will explain what we can do and think to work effectively with OSS in iOS Development and to understand and solve these problems correctly and effectively. You will learn about best practices in using OSS as iOS Engineer, which I have learned from many years of work, contributions, and discussions with other engineers in Github Issues. In addition, I will discuss

  • Going beyond creating Github issues and introduce a mindset for writing contribution code to OSS
    • How fast contribution helps the iOS Developer Community?
    • How to work with maintainers?
    • A Case study of XcodeGen contribution
  • Understanding features of OSS on Apple Platform
    • How we can work with Apple for issues in OSS?
    • A Case study of fastlane contribution in Xcode 14 Beta
  • Security insights regarding OSS in a Development environment
    • Why we need to care about security on OSS (especially, iOS)?
    • How can we protect ourselves from security incident?
    • A Case study of security of OSS with Xcode and Swift Package

Notes

Why I can speak this session?

I have contributed many OSS and solved problems (like, XcodeGen(I’m one of maintainer), Swift Compiler, fastlane, tuist/Xcodeproj etc). By these OSS experience, I noticed I can tell my OSS experience and mindset to encourage many developers to contribute OSS.

For example, fastlane with Xcode 14 beta had a issue that we cannot deploy to AppStore Connect. I fixed by this PR https://github.com/fastlane/fastlane/pull/20631. But There were many problems there:

  • No one tries to fix this problem in issue while long time: https://github.com/fastlane/fastlane/issues/20371
  • We cannot detect what is root cause of this issue because of many changes of Xcode beta. etc…

To solve problem, I tried to see huge ruby code, and hidden folder of Xcode 14 Beta. I also contacted with Apple that it was a breaking change of Xcode in feedback assistant. Finally, I fixed this problem and contributed to fastlane. This was a big work for me. I can tell this rare working to other engineer to learn how to solve difficult problem with OSS and Xcode beta. I learned many mindset from this experience and this would be great for many engineers.

OSS resume

I contributed OSS Projects, Swift Compiler, fastlane, XcodeGen … to fix bug and add new feature.

apple/swift

I found that swift compiler’s optimizer had a problem of checking function has a side-effect. If this missed case was still missing, swift compiler may delete a function which has side-effect and it may effects to app behavior. So, I made a pull request to fix it and was merged. It was written in C++.

https://github.com/apple/swift/pull/33851

Also, fixed docs of Swift Intermediate Language: https://github.com/apple/swift/pull/31847

fastlane

  • https://github.com/fastlane/fastlane/pull/20631

XcodeGen (Collaborator)

I added new feature to support Local Swift Package and fixed bugs. Company’s Project had a local Swift Package when XcodeGen not supported it. So, I made Pull Request for supporting it and merged.

  • https://github.com/yonaskolb/XcodeGen/pull/796
  • https://github.com/yonaskolb/XcodeGen/pull/808

And, other small bug fix and improvements …

xcode-install

As you (may) know, installing Xcode takes long time and sometimes it is canceled many time if network environment is poor. This problem had on xcode-install which supports to install and manage many Xcode version. I added new feature to support downloading by adding option for retrying download count. It was written in Ruby.

  • https://github.com/xcpretty/xcode-install/pull/400

It is used in fastlane: https://github.com/fastlane/fastlane/pull/17691

And some code review: https://github.com/xcpretty/xcode-install/pull/405

tuist/XcodeProj

PR: https://github.com/tuist/XcodeProj/pull/605

My resume: https://gist.github.com/freddi-kit/0ba99d07e6a84dcca5496c2e3d88e4ce