feat: macOS ARM64 support for containerized dev environment#4649
Merged
feat: macOS ARM64 support for containerized dev environment#4649
Conversation
tuxerrante
requested review from
alcasim,
bennerv,
cadenmarchese,
hawkowl,
hlipsig,
jharrington22,
kimorris27,
mociarain,
mrWinston,
rogbas,
sankur-codes,
tiguelu,
tsatam,
ventifus,
wanghaoran1988 and
yjst2012
as code owners
mrWinston
reviewed
Mar 4, 2026
rh-returners
approved these changes
Mar 4, 2026
Collaborator
rh-returners
left a comment
rh-returners
left a comment
There was a problem hiding this comment.
tested locally on my Fedora and it still works.
9 tasks
aasserzo
reviewed
Mar 9, 2026
Collaborator
|
Due to the diversion between Linux and MacOS setup instructions, consider splitting into two docs for clarity and maintainability. |
aasserzo
reviewed
Mar 9, 2026
aasserzo
reviewed
Mar 9, 2026
aasserzo
reviewed
Mar 9, 2026
Collaborator
|
I'm seeing a new issue - whenever I run |
Collaborator
I tested this, and indeed when To fix this, we can either go back to the "old way", perhaps having separate Dockerfiles per platform, or we can explicitly mount the local go cache into the container like so: |
|
Please rebase pull request. |
The dev environment previously required Linux with Podman due to userns_mode: keep-id and a host Podman socket mount. This adds platform-specific compose overrides and an entrypoint script that auto-starts Podman inside the container when no host socket is available, enabling macOS users (OrbStack/Docker) to use the same `make dev-env-start` workflow. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Ensures cluster names (AZURE_PREFIX, CLUSTER_NAME, etc.) follow a consistent format by deriving USER from `git config user.name` when the shell variable is not already set. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Skip lastlog/faillog updates which can create large sparse files. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Avoid re-evaluating $(shell ...) on every reference by using := instead of =. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Use the default socket location for both Linux (host-mounted) and macOS (in-container) paths, simplifying the entrypoint logic. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Overriding $USER can break tools that depend on the system-provided value. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
hack/cluster (Go) reads CLUSTER via mapstructure, while
hack/setup_resources.sh and az aro CLI use CLUSTER_NAME.
Setting CLUSTER=${CLUSTER_NAME} prevents confusing errors
when running `go run ./hack/cluster create`.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Split the single doc into platform-specific guides for easier navigation. The original file becomes a landing page linking to both. Removes OrbStack recommendation due to enterprise license concerns.
Explain why uname -s cannot be used inside the container and how the Podman socket check is the correct detection mechanism.
Without the prefix, docker compose prompts the user to select a registry when the image is not found locally.
Set GOCACHE and GOMODCACHE to paths under /workspace so the Go build and module caches survive stop/start cycles via the bind mount.
…tion Add necessary volume mounts for Azure and SSH configurations in the Linux development environment. Disable security labels for improved compatibility with local development setups.
The Dockerfile created an aro-dev user but never switched to it, so the container still ran as root and wrote root-owned files into the bind-mounted workspace. Add USER aro-dev, mount credentials into /home/aro-dev/ instead of /root/, restore userns_mode: keep-id on Linux for correct UID mapping, and handle /run/podman ownership for the non-root entrypoint. Made-with: Cursor
Add a trap to clean up the background Podman service on exit, and exec the final make command so it becomes PID 1 and receives SIGTERM directly during container shutdown. Made-with: Cursor
Changed the image removal commands in the Linux and macOS documentation to use the localhost prefix for consistency and to avoid registry prompts when the image is not found locally.
…ev environment documentation Changed the documentation to reflect the correct mount paths for the Azure CLI and SSH keys, ensuring they are now directed to the non-root user's home directory instead of the root directory.
make dev-env-build unexpectedly depend on prior Docker ACR credentials and fail for users who have RP_IMAGE_ACR set in their env. Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Refactor the dev-env entrypoint script to improve the handling of the Podman service. The script now starts the Podman service inside the container if no host socket is found, while ensuring proper signal handling for both the Podman service and the running application. This change allows the application to receive termination signals directly during container shutdown.
…v-env Eliminated the unnecessary ownership change for the /workspace directory during the user creation process in the development environment Dockerfile, streamlining the setup.
Refactor the cleanup function in the dev-env entrypoint script to ensure proper termination of both the Podman service and the running application. This enhancement allows for more reliable resource management during container shutdown by explicitly waiting for background processes to exit.
tuxerrante
force-pushed
the
tuxerrante/dev-env-macos-support
branch
from
c1dacbf to
4262558
Compare
Contributor
There was a problem hiding this comment.
Pull request overview
Adds macOS (ARM64) support for the containerized dev environment by splitting Compose configuration and docs per-platform, and introducing an entrypoint that selects between using a host Podman socket (Linux) vs running Podman inside the container (macOS).
Changes:
- Add platform-specific docker-compose override files and update base compose to be platform-neutral.
- Add a dev-env entrypoint script that starts/uses Podman appropriately and launches
make runlocal-rp. - Split containerized dev environment docs into Linux and macOS guides; update env example for
CLUSTERbridging and macOS ARM64 env hints.
Reviewed changes
Copilot reviewed 10 out of 11 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| hack/devtools/dev-env-entrypoint.sh | New entrypoint to detect host socket vs start in-container Podman, then run RP. |
| env.example | Adds CLUSTER export and commented macOS ARM64/Fedora registry hints. |
| docs/containerized-dev-environment.md | Converts into landing page pointing to Linux/macOS guides; updates mount paths. |
| docs/containerized-dev-environment-linux.md | New Linux-specific setup and usage guide. |
| docs/containerized-dev-environment-macos.md | New macOS/ARM64 guide including e2e and SSH tunneling notes. |
| docker-compose.yml | Makes base compose portable; moves volumes/SELinux bits into overrides; adds entrypoint command & Go cache env. |
| docker-compose.dev-env-linux.yml | Linux override: socket mount, SELinux labels, userns keep-id, label disable opt. |
| docker-compose.dev-env-macos.yml | macOS override: privileged and required volume mounts. |
| Makefile | Adds OS-aware compose selection and registry defaults for dev-env targets. |
| Dockerfile.dev-env | Adds jq, reorders packages, and creates non-root aro-dev user with configurable UID. |
| .gitignore | Adjusts .cache ignore to directory form .cache/. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
mociarain
approved these changes
Mar 23, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
docker-compose.dev-env-macos.yml,docker-compose.dev-env-linux.yml) so the containerized dev environment works on both Linux (Podman) and macOS (Docker)hack/devtools/dev-env-entrypoint.sh) that auto-detects the runtime: uses the host Podman socket on Linux, or startspodman system serviceinside the container on macOSlocalhost/prefix to the dev-env image name to avoid Docker prompting for a registryMotivation
Running the RP directly on macOS fails because the Podman v5 Go client cannot talk to the Docker socket. The previous
docker-compose.ymlhad Linux/Podman-specific config (userns_mode: keep-id, host Podman socket mount) that doesn't work on macOS. This change runs Podman natively inside thearo-dev-envcontainer, sidestepping the incompatibility.Changes
Container runtime
uname, which always returnsLinuxinside the container)localhost/prefix on the image name prevents Docker from prompting for a registry selectionchown -R aro-dev:aro-dev /workspace— At runtime/workspaceis always bind-mounted from the host, so the image layer is hidden and the chown was redundant. It also produced a large, slow layer (duplicating go.mod,.bingo/, etc.). Only/run/podmanis chowned (needed for in-container Podman on macOS). Bind-mounted volumes indocker-compose.ymland the platform overrides suffice for permissions; no extra ownership changes required.podman system serviceinside the container when no host socket is found (macOS). Improved signal handling so the RP and Podman both receive termination signals on container shutdown; shell stays as PID 1 and runs an EXIT trap to clean up.aro-dev(matching host UID viaUSERIDbuild arg). Volume mounts for~/.azure,~/.ssh, and/workspacework with bind mounts; Linux override usesuserns_mode: keep-id.GOCACHEandGOMODCACHEpoint under/workspace/.cache/so cache persists across container restarts via the bind-mounted workspace.localhost/aro-rp_aro-dev; docs and commands updated for removal withlocalhost/prefix.Documentation
containerized-dev-environment.mdinto a landing page + two platform-specific guides:containerized-dev-environment-linux.mdcontainerized-dev-environment-macos.mdlocalhost/prefix.Build & config
:=(simply-expanded) for dev-env variablesenv.example: bridgesCLUSTERandCLUSTER_NAMEjq, sorted packages,-lflag onuseraddTest plan
make dev-env-buildbuilds image withregistry.fedoraproject.org,PLATFORM=linux/arm64make dev-env-startstarts container, entrypoint auto-starts Podman, RP compilespodman versioninside container confirms Podman running onlinux/arm64make dev-env-stopcleanly stops containerdocker compose upmake dev-env-startuses host Podman socket as before