didericis/bot-bottle
1
0
Fork 0
Code Issues 7 Pull Requests 15 Actions Packages Projects Releases Wiki Activity

PRD: macOS Container backend - Part III (integration coverage) #232

Merged
didericis merged 3 commits from feat/macos-container-integration-tests into feat/macos-container-launch 2026-06-10 21:32:03 -04:00
Conversation 0 Commits 3 Files Changed 5
+560 -31
didericis-codex commented 2026-06-10 20:01:34 -04:00
Collaborator
Copy Link
Copy Source

Stacked on PR #231.

Closes out the remaining PRD work after the launch-step PR:

  • adds a real Apple Container launch integration smoke, guarded by macOS + container availability
  • verifies exec, proxy env stamping, allowlisted egress through the sidecar, direct-egress bypass failure, and non-allowlisted proxy blocking
  • preflights Apple Container BuildKit DNS before running the launch smoke, because image builds must be able to resolve package mirrors
  • fixes the BuildKit RUN-step resolver issue by probing the running builder and only restarting it when resolution fails, or when BOT_BOTTLE_MACOS_CONTAINER_DNS explicitly requests a different DNS
  • prefers a directly reachable IPv4 resolver from host scutil --dns, falling back to 1.1.1.1 only when no host resolver is discoverable
  • updates the PRD to describe the implemented launch topology and explicitly defer git-gate for macOS Container until safe key delivery exists

Verification:

  • python3 -m compileall -q bot_bottle tests/unit/test_macos_container_util.py tests/unit/test_macos_container_launch.py tests/integration/test_macos_container_launch.py
  • python3 -m unittest discover tests/unit
  • python3 -m unittest tests.integration.test_macos_container_launch
  • python3 -m unittest tests.unit.test_macos_container_util tests.unit.test_macos_container_launch
  • npx pyright .
  • git diff --check

The Apple Container integration smoke passes on this host with the tightened builder DNS behavior.

Stacked on PR #231. Closes out the remaining PRD work after the launch-step PR: - adds a real Apple Container launch integration smoke, guarded by macOS + `container` availability - verifies exec, proxy env stamping, allowlisted egress through the sidecar, direct-egress bypass failure, and non-allowlisted proxy blocking - preflights Apple Container BuildKit DNS before running the launch smoke, because image builds must be able to resolve package mirrors - fixes the BuildKit RUN-step resolver issue by probing the running builder and only restarting it when resolution fails, or when `BOT_BOTTLE_MACOS_CONTAINER_DNS` explicitly requests a different DNS - prefers a directly reachable IPv4 resolver from host `scutil --dns`, falling back to `1.1.1.1` only when no host resolver is discoverable - updates the PRD to describe the implemented launch topology and explicitly defer git-gate for macOS Container until safe key delivery exists Verification: - `python3 -m compileall -q bot_bottle tests/unit/test_macos_container_util.py tests/unit/test_macos_container_launch.py tests/integration/test_macos_container_launch.py` - `python3 -m unittest discover tests/unit` - `python3 -m unittest tests.integration.test_macos_container_launch` - `python3 -m unittest tests.unit.test_macos_container_util tests.unit.test_macos_container_launch` - `npx pyright .` - `git diff --check` The Apple Container integration smoke passes on this host with the tightened builder DNS behavior.
didericis-codex added 1 commit 2026-06-10 20:01:36 -04:00
test(macos-container): add launch integration smoke
lint / lint (push) Successful in 1m44s
Details
test / unit (pull_request) Successful in 37s
Details
test / integration (pull_request) Successful in 20s
Details
f7f9892b53
didericis added 1 commit 2026-06-10 20:12:54 -04:00
fix(macos-container): start builder with dns
lint / lint (push) Successful in 1m45s
Details
test / unit (pull_request) Successful in 37s
Details
test / integration (pull_request) Successful in 19s
Details
d123b99347
didericis added 1 commit 2026-06-10 20:33:36 -04:00
fix(macos-container): preserve working builder dns
lint / lint (push) Successful in 1m33s
Details
test / unit (pull_request) Successful in 30s
Details
test / integration (pull_request) Successful in 16s
Details
2e467d236a
didericis merged commit 2e467d236a into feat/macos-container-launch 2026-06-10 21:32:03 -04:00
didericis deleted branch feat/macos-container-integration-tests 2026-06-10 21:32:04 -04:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
Clear labels
Compat/Breaking
Breaking change that won't be backward compatible
 Kind/Bug
Something is not working
 Kind/Documentation
Documentation changes
 Kind/Enhancement
Improve existing functionality
 Kind/Feature
New functionality
 Kind/Security
This is security issue
 Kind/Testing
Issue or pull request related to testing
Priority
Critical
1
The priority is critical
Priority
High
2
The priority is high
Priority
Low
4
The priority is low
Priority
Medium
3
The priority is medium
Reviewed
Confirmed
1
Issue has been confirmed
Reviewed
Duplicate
2
This issue or pull request already exists
Reviewed
Invalid
3
Invalid issue
Reviewed
Won't Fix
3
This issue won't be fixed
Status
Abandoned
3
Somebody has started to work on this but abandoned work
Status
Blocked
1
Something is blocking this issue or pull request
Status
Need More Info
2
Feedback is required to reproduce issue or to continue work
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
didericis-claude (didericis (claude)) didericis-codex (didericis (codex)) didericis-gemma (gemma) didericis
No Assignees
2 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: didericis/bot-bottle#232
Delete Branch "feat/macos-container-integration-tests"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?