feat(spm): add artifact bundle support

[ikesyo]

Summary

• add default-on SwiftPM artifact bundle installation with source-build fallback
• add artifactbundle, artifactbundle_asset, and spm.artifactbundle_only controls
• cover asset selection, target triple matching, artifact bundle executable filtering, and a SwiftFormat e2e install

Tests

• cargo fmt --check
• cargo test backend::spm
• mise run test:e2e e2e/core/test_swift_slow
• mise run lint

Discussion: #9691

This PR description was generated by an AI coding assistant.

[gemini-code-assist]

Code Review

This pull request introduces support for SwiftPM artifact bundles in the SPM backend, allowing mise to install prebuilt binaries from *.artifactbundle.zip assets instead of building from source. It includes new configuration options like artifactbundle and artifactbundle_asset, along with a global spm.artifactbundle_only setting. Review feedback highlighted the need for proper checksum verification using verify_checksum to ensure integrity and lockfile compatibility. Additionally, improvements were suggested regarding the efficiency of bundle scanning and the ordering of platform metadata updates.

[gemini-code-assist]

The current implementation does not verify the integrity of the downloaded artifact bundle. If asset.digest is provided by the API, it is used as the checksum without hashing the file to verify it matches. Additionally, this logic bypasses the lockfile's checksum verification in --locked mode because it doesn't check if a checksum already exists for the platform.

You should use self.verify_checksum which correctly handles verification against existing lockfile entries, generates new checksums when needed, and enforces integrity checks.

[gemini-code-assist]

This block is redundant if the platform information is updated and verified earlier in the function. Moving the update earlier ensures that the ToolVersion object is correctly populated before verification and extraction, and avoids using the unverified checksum variable.

[gemini-code-assist]

Using file::recursive_ls on the entire extraction directory can be inefficient if the archive contains a large number of files. Since Swift artifact bundles have a specific structure (a .artifactbundle directory containing an info.json), a more targeted search or a depth-limited walk would be more efficient.

References

1. When adding support for a new archive format (e.g., by extending TarFormat::from_ext), ensure all relevant parts of the codebase that handle archive detection, asset scoring, and opening/extraction are updated to recognize and process the new format.

[greptile-apps]

Greptile Summary

This PR adds SwiftPM artifact bundle installation support to the spm backend, enabling mise to download and install prebuilt executables from *.artifactbundle.zip release assets before falling back to a source build.

• Introduces try_install_artifactbundle with full asset resolution, download, extraction, target-triple matching, and binary filtering. Three new per-tool options (artifactbundle, artifactbundle_asset, filter_bins) and a global setting spm.artifactbundle_only control the behavior.
• Adds parse_swift_target_triples with HashSet-based deduplication, a break after the first matching variant per artifact, and an .artifactbundle.zip extension guard.
• Includes comprehensive unit tests for every new function and an e2e test that installs SwiftFormat 0.61.1 via its artifact bundle.

Confidence Score: 5/5

The artifact bundle install path is well-guarded with fallback logic and all three previously flagged correctness issues are resolved.

All three issues from prior review threads are fixed. The two remaining observations are minor disk and cache inefficiencies with no functional impact on installation correctness or user data.

src/backend/spm.rs — the remote_version_listing_tool_option_keys array and the fallback cleanup path in try_install_artifactbundle are worth a second look.

Important Files Changed

Filename	Overview
src/backend/spm.rs	Adds full artifact bundle install path: asset resolution, download, extraction, triple matching, binary filtering, and source-build fallback. Previously flagged issues (Vec::dedup, first-variant break, extension validation) are all addressed.
docs/dev-tools/backends/spm.md	Adds clear documentation for artifactbundle, artifactbundle_asset, and spm.artifactbundle_only with accurate TOML examples.
e2e/core/test_swift_slow	Adds an e2e assertion that installs SwiftFormat 0.61.1 via artifact bundle and verifies the version output.
schema/mise.json	Adds spm.artifactbundle_only boolean setting to the JSON schema with correct type, description, and default.
settings.toml	Registers spm.artifactbundle_only with correct env var, default, and description, consistent with the cargo.binstall_only pattern.

_{Reviews (4): Last reviewed commit: "fix(spm): remove needless borrows" | Re-trigger Greptile}