From 954965af46b604c373a263565cf3c81cd3cfbc76 Mon Sep 17 00:00:00 2001 From: didericis Date: Tue, 23 Jun 2026 00:36:35 -0400 Subject: [PATCH] feat: support macos-container bottle commits --- bot_bottle/backend/macos_container/launch.py | 21 +++++- bot_bottle/backend/macos_container/util.py | 34 +++++++++ bot_bottle/cli/commit.py | 34 ++++++--- tests/unit/test_cli_commit.py | 44 ++++++------ tests/unit/test_macos_container_launch.py | 76 ++++++++++++++++++++ tests/unit/test_macos_container_util.py | 46 ++++++++++++ 6 files changed, 224 insertions(+), 31 deletions(-) diff --git a/bot_bottle/backend/macos_container/launch.py b/bot_bottle/backend/macos_container/launch.py index 8f0d47a..ed214cd 100644 --- a/bot_bottle/backend/macos_container/launch.py +++ b/bot_bottle/backend/macos_container/launch.py @@ -17,7 +17,11 @@ from contextlib import ExitStack, contextmanager from pathlib import Path from typing import Callable, Generator -from ...bottle_state import egress_state_dir, git_gate_state_dir +from ...bottle_state import ( + egress_state_dir, + git_gate_state_dir, + read_committed_image, +) from ...egress import EGRESS_ROUTES_IN_CONTAINER, egress_resolve_token_values from ...git_gate import revoke_git_gate_provisioned_keys from ...log import die, info, warn @@ -83,7 +87,7 @@ def launch( try: plan = _mint_certs(plan) - _build_images(plan) + plan = _build_images(plan) internal_network = internal_network_name(plan.slug) egress_network = egress_network_name(plan.slug) @@ -134,17 +138,28 @@ def _mint_certs(plan: MacosContainerBottlePlan) -> MacosContainerBottlePlan: return dataclasses.replace(plan, egress_plan=egress_plan) -def _build_images(plan: MacosContainerBottlePlan) -> None: +def _build_images(plan: MacosContainerBottlePlan) -> MacosContainerBottlePlan: container_mod.build_image( SIDECAR_BUNDLE_IMAGE, _REPO_DIR, dockerfile=SIDECAR_BUNDLE_DOCKERFILE, ) + committed = read_committed_image(plan.slug) + if committed and container_mod.image_exists(committed): + info(f"using committed image {committed!r}") + return dataclasses.replace( + plan, + agent_provision=dataclasses.replace( + plan.agent_provision, + image=committed, + ), + ) container_mod.build_image( plan.image, _REPO_DIR, dockerfile=plan.dockerfile_path, ) + return plan def _create_networks( diff --git a/bot_bottle/backend/macos_container/util.py b/bot_bottle/backend/macos_container/util.py index 350ba3b..9418dcc 100644 --- a/bot_bottle/backend/macos_container/util.py +++ b/bot_bottle/backend/macos_container/util.py @@ -8,6 +8,7 @@ import ipaddress import platform import shutil import subprocess +import tempfile import time from typing import Iterable @@ -72,6 +73,39 @@ def build_image(ref: str, context: str, *, dockerfile: str = "") -> None: subprocess.run(args, check=True) +def commit_container(container_name: str, image_tag: str) -> None: + """Snapshot a running Apple Container as a local image. + + Apple Container exposes filesystem export rather than Docker's + `commit` verb. Bot-bottle supplies command and environment at + launch time, so preserving the root filesystem is sufficient for a + resumable committed bottle image. + """ + with tempfile.TemporaryDirectory(prefix="bot-bottle-container-commit.") as tmp: + rootfs_tar = os.path.join(tmp, "rootfs.tar") + dockerfile = os.path.join(tmp, "Dockerfile") + result = subprocess.run( + [_CONTAINER, "export", "-o", rootfs_tar, container_name], + capture_output=True, + text=True, + check=False, + ) + if result.returncode != 0: + die( + f"container export {container_name!r} failed: " + f"{(result.stderr or '').strip() or ''}" + ) + with open(dockerfile, "w", encoding="utf-8") as f: + f.write( + "FROM scratch\n" + "ADD rootfs.tar /\n" + "USER node\n" + "WORKDIR /home/node\n" + ) + build_image(image_tag, tmp, dockerfile=dockerfile) + info(f"committed {container_name!r} → {image_tag!r}") + + def _ensure_builder_dns() -> None: dns = dns_server() status = _builder_status() diff --git a/bot_bottle/cli/commit.py b/bot_bottle/cli/commit.py index cab3135..cae8e3f 100644 --- a/bot_bottle/cli/commit.py +++ b/bot_bottle/cli/commit.py @@ -1,10 +1,11 @@ """commit: freeze a running bottle's state to a resumable artifact. -Docker bottles are committed to a local Docker image. Smolmachines -bottles are packed from the running VM into a `.smolmachine` artifact. -The resulting reference is stored in per-bottle state so the next -`./cli.py resume ` boots from the snapshot instead of rebuilding -from the Dockerfile. +Docker bottles are committed to a local Docker image. Macos-container +bottles are exported and rebuilt as a local Apple Container image. +Smolmachines bottles are packed from the running VM into a +`.smolmachine` artifact. The resulting reference is stored in +per-bottle state so the next `./cli.py resume ` boots from the +snapshot instead of rebuilding from the Dockerfile. """ from __future__ import annotations @@ -13,7 +14,8 @@ import argparse from pathlib import Path from ..backend import enumerate_active_agents -from ..backend.docker.util import commit_container +from ..backend.docker.util import commit_container as docker_commit_container +from ..backend.macos_container.util import commit_container as macos_commit_container from ..backend.smolmachines.smolvm import pack_create_from_vm from ..bottle_state import bottle_state_dir from ..bottle_state import mark_preserved, read_metadata, write_committed_image @@ -24,6 +26,7 @@ from . import tui _COMMITTED_IMAGE_PREFIX = "bot-bottle-committed-" _DOCKER_BACKENDS = {"docker", ""} +_MACOS_CONTAINER_BACKEND = "macos-container" _SMOLMACHINES_BACKEND = "smolmachines" @@ -77,13 +80,27 @@ def cmd_commit(argv: list[str]) -> int: container = _agent_container_name(slug) image_tag = _committed_image_tag(slug) - commit_container(container, image_tag) + docker_commit_container(container, image_tag) write_committed_image(slug, image_tag) mark_preserved(slug) info(f"to resume from this snapshot: ./cli.py resume {slug}") info(f"to export for migration: docker save {image_tag} -o {slug}.tar") return 0 + if backend == _MACOS_CONTAINER_BACKEND: + container = _agent_container_name(slug) + image_tag = _committed_image_tag(slug) + + macos_commit_container(container, image_tag) + write_committed_image(slug, image_tag) + mark_preserved(slug) + info(f"to resume from this snapshot: ./cli.py resume {slug}") + info( + f"to export for migration: " + f"container image save {image_tag} -o {slug}.tar" + ) + return 0 + if backend == _SMOLMACHINES_BACKEND: machine = _agent_machine_name(slug) output = _committed_smolmachine_output(slug) @@ -98,7 +115,8 @@ def cmd_commit(argv: list[str]) -> int: if backend: die( - f"commit is only supported for the docker and smolmachines backends; " + f"commit is only supported for docker, macos-container, and " + f"smolmachines; " f"bottle {slug!r} uses {backend!r}" ) die(f"commit cannot determine the backend for bottle {slug!r}") diff --git a/tests/unit/test_cli_commit.py b/tests/unit/test_cli_commit.py index 38eb7d5..d6ee16d 100644 --- a/tests/unit/test_cli_commit.py +++ b/tests/unit/test_cli_commit.py @@ -76,7 +76,7 @@ class TestCmdCommitSlugArg(_FakeHomeMixin, unittest.TestCase): )) with patch( - "bot_bottle.cli.commit.commit_container", + "bot_bottle.cli.commit.docker_commit_container", ) as mock_commit, patch( "bot_bottle.cli.commit.info", ): @@ -95,7 +95,7 @@ class TestCmdCommitSlugArg(_FakeHomeMixin, unittest.TestCase): started_at="t", backend="docker", )) - with patch("bot_bottle.cli.commit.commit_container"), \ + with patch("bot_bottle.cli.commit.docker_commit_container"), \ patch("bot_bottle.cli.commit.info"): cmd_commit([slug]) @@ -111,7 +111,7 @@ class TestCmdCommitSlugArg(_FakeHomeMixin, unittest.TestCase): started_at="t", backend="docker", )) - with patch("bot_bottle.cli.commit.commit_container"), \ + with patch("bot_bottle.cli.commit.docker_commit_container"), \ patch("bot_bottle.cli.commit.info"): cmd_commit([slug]) @@ -125,13 +125,33 @@ class TestCmdCommitSlugArg(_FakeHomeMixin, unittest.TestCase): started_at="t", backend="", )) - with patch("bot_bottle.cli.commit.commit_container") as mock_commit, \ + with patch("bot_bottle.cli.commit.docker_commit_container") as mock_commit, \ patch("bot_bottle.cli.commit.info"): rc = cmd_commit([slug]) self.assertEqual(0, rc) mock_commit.assert_called_once() + def test_commits_macos_container_bottle(self): + slug = "dev-abc12" + bottle_state.write_metadata(bottle_state.BottleMetadata( + identity=slug, agent_name="dev", cwd="", copy_cwd=False, + started_at="t", backend="macos-container", + )) + + with patch( + "bot_bottle.cli.commit.macos_commit_container", + ) as mock_commit, patch( + "bot_bottle.cli.commit.info", + ): + rc = cmd_commit([slug]) + + self.assertEqual(0, rc) + mock_commit.assert_called_once_with( + f"bot-bottle-{slug}", + f"bot-bottle-committed-{slug}:latest", + ) + class TestCmdCommitSmolmachinesBackend(_FakeHomeMixin, unittest.TestCase): def setUp(self): @@ -173,22 +193,6 @@ class TestCmdCommitUnsupportedBackend(_FakeHomeMixin, unittest.TestCase): def tearDown(self): self._teardown_fake_home() - def test_dies_for_macos_container_backend(self): - slug = "dev-abc12" - bottle_state.write_metadata(bottle_state.BottleMetadata( - identity=slug, agent_name="dev", cwd="", copy_cwd=False, - started_at="t", backend="macos-container", - )) - - with patch( - "bot_bottle.cli.commit.die", side_effect=SystemExit("die"), - ) as mock_die: - with self.assertRaises(SystemExit): - cmd_commit([slug]) - - mock_die.assert_called_once() - self.assertIn("macos-container", mock_die.call_args.args[0]) - class TestCmdCommitNoActiveBottles(_FakeHomeMixin, unittest.TestCase): def setUp(self): diff --git a/tests/unit/test_macos_container_launch.py b/tests/unit/test_macos_container_launch.py index 415884a..02b29dc 100644 --- a/tests/unit/test_macos_container_launch.py +++ b/tests/unit/test_macos_container_launch.py @@ -9,6 +9,7 @@ from types import SimpleNamespace from typing import cast from unittest.mock import patch +from bot_bottle.agent_provider import AgentProvisionPlan from bot_bottle.backend.macos_container import launch from bot_bottle.backend.macos_container.bottle_plan import MacosContainerBottlePlan from bot_bottle.manifest import ManifestIndex @@ -261,5 +262,80 @@ class TestMacosContainerLaunchArgv(unittest.TestCase): ) +def _build_plan(stage_dir: Path) -> MacosContainerBottlePlan: + return MacosContainerBottlePlan( + spec=SimpleNamespace(), + manifest=_MANIFEST, + stage_dir=stage_dir, + git_gate_plan=SimpleNamespace(upstreams=()), + egress_plan=SimpleNamespace(), + supervise_plan=None, + agent_provision=AgentProvisionPlan( + template="claude", + command="claude", + prompt_mode="append_file", + image="bot-bottle-agent:latest", + dockerfile="/repo/Dockerfile", + guest_home="/home/node", + instance_name="bot-bottle-dev-abc", + prompt_file=stage_dir / "prompt.txt", + guest_env={}, + ), + slug="dev-abc", + forwarded_env={}, + ) + + +class TestMacosContainerLaunchCommittedImage(unittest.TestCase): + def setUp(self): + self._tmp = tempfile.TemporaryDirectory() + self.stage_dir = Path(self._tmp.name) + + def tearDown(self): + self._tmp.cleanup() + + def test_build_images_uses_committed_image_when_present(self): + plan = _build_plan(self.stage_dir) + calls = [] + + def fake_build(image, context, *, dockerfile=""): + calls.append((image, context, dockerfile)) + + with patch.object( + launch, "read_committed_image", + return_value="bot-bottle-committed-dev-abc:latest", + ), patch.object( + launch.container_mod, "image_exists", return_value=True, + ), patch.object( + launch.container_mod, "build_image", side_effect=fake_build, + ), patch.object(launch, "info"): + updated = launch._build_images(plan) + + self.assertEqual("bot-bottle-committed-dev-abc:latest", updated.image) + self.assertEqual(1, len(calls)) + self.assertEqual(launch.SIDECAR_BUNDLE_IMAGE, calls[0][0]) + + def test_build_images_builds_agent_when_committed_image_missing(self): + plan = _build_plan(self.stage_dir) + calls = [] + + def fake_build(image, context, *, dockerfile=""): + calls.append((image, context, dockerfile)) + + with patch.object( + launch, "read_committed_image", + return_value="bot-bottle-committed-dev-abc:latest", + ), patch.object( + launch.container_mod, "image_exists", return_value=False, + ), patch.object( + launch.container_mod, "build_image", side_effect=fake_build, + ): + updated = launch._build_images(plan) + + self.assertEqual("bot-bottle-agent:latest", updated.image) + self.assertEqual(2, len(calls)) + self.assertEqual("bot-bottle-agent:latest", calls[1][0]) + + if __name__ == "__main__": unittest.main() diff --git a/tests/unit/test_macos_container_util.py b/tests/unit/test_macos_container_util.py index 9789a29..ac98702 100644 --- a/tests/unit/test_macos_container_util.py +++ b/tests/unit/test_macos_container_util.py @@ -73,6 +73,52 @@ resolver #2 ) self.assertTrue(run.call_args_list[-1].kwargs["check"]) + def test_commit_container_exports_rootfs_and_builds_image(self): + completed = util.subprocess.CompletedProcess( + args=[], returncode=0, stdout="", stderr="", + ) + dockerfile_text = "" + + def fake_build_image(image_tag, context, *, dockerfile=""): + nonlocal dockerfile_text + with open(dockerfile, encoding="utf-8") as f: + dockerfile_text = f.read() + + with patch.object(util.subprocess, "run", return_value=completed) as run, \ + patch.object(util, "build_image", side_effect=fake_build_image) as build_image, \ + patch.object(util, "info"): + util.commit_container( + "bot-bottle-dev-abc12", + "bot-bottle-committed-dev-abc12:latest", + ) + + argv = run.call_args.args[0] + self.assertEqual("container", argv[0]) + self.assertEqual("export", argv[1]) + self.assertEqual("-o", argv[2]) + self.assertTrue(argv[3].endswith("/rootfs.tar")) + self.assertEqual("bot-bottle-dev-abc12", argv[4]) + build_image.assert_called_once() + self.assertEqual( + "bot-bottle-committed-dev-abc12:latest", + build_image.call_args.args[0], + ) + self.assertIn("ADD rootfs.tar /\n", dockerfile_text) + self.assertIn("USER node\n", dockerfile_text) + self.assertIn("WORKDIR /home/node\n", dockerfile_text) + + def test_commit_container_dies_on_export_failure(self): + failed = util.subprocess.CompletedProcess( + args=[], returncode=1, stdout="", stderr="No such container", + ) + with patch.object(util.subprocess, "run", return_value=failed), \ + patch.object(util, "die", side_effect=SystemExit("die")) as die: + with self.assertRaises(SystemExit): + util.commit_container("missing-container", "some:tag") + + die.assert_called_once() + self.assertIn("missing-container", die.call_args.args[0]) + def test_build_image_restarts_builder_when_dns_mismatches(self): status = util.subprocess.CompletedProcess( args=[],