Skip to content

feat: set up macOS container tooling (NEEDS VPN NETWORKING FIX)#270

Draft
shunk031 wants to merge 1 commit into
mainfrom
feat/container
Draft

feat: set up macOS container tooling (NEEDS VPN NETWORKING FIX)#270
shunk031 wants to merge 1 commit into
mainfrom
feat/container

Conversation

@shunk031

@shunk031 shunk031 commented Sep 16, 2025

Copy link
Copy Markdown
Owner

Summary

  • Add macOS setup for Apple Container, Socktainer, Docker CLI, and Docker Compose.
  • Configure the Docker CLI to use a socktainer Docker context.
  • Use the stable Homebrew Socktainer formula instead of forcing the Homebrew --HEAD build.

Testing

  • bash -n install/macos/common/container.sh install/macos/common/mac_app_store.sh
  • shfmt -i 4 -sr -d install/macos/common/container.sh install/macos/common/mac_app_store.sh
  • shellcheck install/macos/common/container.sh install/macos/common/mac_app_store.sh
  • git diff --check
  • docker compose up -d with the socktainer Docker context
  • docker compose ps

Notes: Docker Compose, Socktainer HEAD, and VPN networking

During local validation, Docker Compose worked with the stable Homebrew formulae for Apple Container and Socktainer, plus the Homebrew Docker CLI and Compose plugin, using the socktainer Docker context.

This PR does not force brew install --HEAD socktainer. socktainer/socktainer#262 fixes a DNS sidecar image issue and also notes a current Homebrew --HEAD resource-bundle packaging caveat. In local testing, the latest Homebrew HEAD build hit the documented SocktainerDNSImage resource-bundle failure, so the stable Homebrew formula is currently the safer default for this dotfiles setup.

VPN caveat

With VPN enabled, the host route for the Apple Container subnet was captured by the VPN interface instead of the Apple Container bridge. In that state, the local forward proxy port accepted TCP connections, but the backend connection to the container timed out. Container DNS through the Apple Container gateway also failed.

After disconnecting VPN, the local forward proxy smoke test returned the expected Apache response.

Related upstream reports:

Rollback / uninstall

If we decide not to use Apple Container and Socktainer for now, remove the local setup with:

docker context use default || true
docker context rm socktainer || true

brew services stop socktainer || true
brew services stop container || true

brew uninstall socktainer || true
brew uninstall container || true

If the Homebrew Docker CLI and Compose formulae were only installed for this trial, they can also be removed with:

brew uninstall docker-compose || true
brew uninstall docker || true

Only remove Apple Container state after confirming that no local images, networks, or runtime state are needed:

rm -rf "$HOME/Library/Application Support/com.apple.container"
rm -rf "$HOME/.config/container"

@codecov

codecov Bot commented Sep 16, 2025

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 90.49%. Comparing base (3125d17) to head (4852ba4).

Additional details and impacted files
@@            Coverage Diff             @@
##             main     #270      +/-   ##
==========================================
+ Coverage   90.19%   90.49%   +0.29%     
==========================================
  Files          10       10              
  Lines         306      305       -1     
==========================================
  Hits          276      276              
+ Misses         30       29       -1     
Flag Coverage Δ
macos-14-client 41.66% <ø> (ø)
ubuntu-latest-client 90.49% <ø> (+0.98%) ⬆️
ubuntu-latest-server 89.83% <ø> (-0.37%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@shunk031 shunk031 changed the base branch from master to main May 6, 2026 12:09
@shunk031 shunk031 force-pushed the feat/container branch 2 times, most recently from 899b013 to c7222da Compare June 28, 2026 14:03

@shunk031 shunk031 left a comment

Copy link
Copy Markdown
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Performance Alert ⚠️

Possible performance regression was detected for benchmark 'MacOS benchmark'.
Benchmark result of this commit is worse than the previous benchmark result exceeding threshold 1.50.

Benchmark suite Current: 4852ba4 Previous: 62e967a Ratio
zsh initial startup time 10.17 Second 6.28 Second 1.62

This comment was automatically generated by workflow using github-action-benchmark.

CC: @shunk031

@shunk031 shunk031 marked this pull request as draft June 29, 2026 01:44
@shunk031 shunk031 changed the title feat: add macOS container installation and testing scripts feat: set up macOS container and Docker CLI tooling Jun 29, 2026
@shunk031 shunk031 changed the title feat: set up macOS container and Docker CLI tooling feat: set up macOS container tooling with VPN caveat Jun 29, 2026
@shunk031 shunk031 changed the title feat: set up macOS container tooling with VPN caveat feat: set up macOS container tooling (needs VPN networking fix) Jun 29, 2026
@shunk031 shunk031 changed the title feat: set up macOS container tooling (needs VPN networking fix) feat: set up macOS container tooling (NEEDS VPN NETWORKING FIX) Jun 29, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant