Skip to content

build: add podman compatibility for local dev and CI #675

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
nicolasburtey wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

build: add podman compatibility for local dev and CI #675

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions .github/workflows/bats.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,5 +18,7 @@ jobs:

- uses: actions/checkout@v3
- name: Run e2e tests
env:
ENGINE_DEFAULT: podman
Copy link
Copy Markdown

@cursor cursor bot Feb 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CI workflows missing podman service start step

Medium Severity

Both bats.yml and perf-report.yml set ENGINE_DEFAULT: podman but don't call podman-service-start before running their commands. The test-integration.yml workflow correctly adds make podman-service-start before start-deps, suggesting it's required for podman to function on CI. Without it, the podman socket and container configuration (policy, registries, hosts entry) won't be set up, likely causing container operations to fail.

Additional Locations (1)

Fix in Cursor Fix in Web

run: nix run .#bats

2 changes: 2 additions & 0 deletions .github/workflows/perf-report.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,8 @@ jobs:

- name: Generate performance data
id: perf
env:
ENGINE_DEFAULT: podman
run: |
# Run the performance report script and output to file
nix develop -c ./bin/perf-report.sh perf-report.md
Expand Down
4 changes: 3 additions & 1 deletion .github/workflows/test-integration.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,5 +17,7 @@ jobs:
authToken: ${{ env.CACHIX_AUTH_TOKEN }}
- uses: actions/checkout@v3
- name: Run integration tests
run: nix develop -c make start-deps setup-db test-in-ci
env:
ENGINE_DEFAULT: podman
run: nix develop -c bash -c "make podman-service-start start-deps setup-db test-in-ci"

3 changes: 3 additions & 0 deletions Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,9 @@
next-watch:
cargo watch -s 'cargo nextest run'

podman-service-start:
@./dev/bin/podman-service-start.sh

clean-deps:
./dev/bin/clean-deps.sh

Expand Down
29 changes: 29 additions & 0 deletions dev/bin/podman-get-socket.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
#!/usr/bin/env bash
set -euo pipefail

# Determine the correct podman socket to use
# On macOS, podman often uses SSH connections to a VM, so we shouldn't set DOCKER_HOST

# Check if we're on macOS and podman is using SSH connections
if [[ "$(uname)" == "Darwin" ]]; then
# Check if podman is using SSH connections (typical for macOS)
if podman system connection list 2>/dev/null | grep -q "ssh://"; then
# On macOS with SSH connections, don't set DOCKER_HOST
# Return special value to indicate no socket should be used
echo "NO_SOCKET"
exit 0
fi
fi

# For Linux or other cases, use Unix sockets
SYSTEM_SOCKET="/run/podman/podman.sock"
USER_SOCKET="${XDG_RUNTIME_DIR:-/run/user/$(id -u)}/podman/podman.sock"

if [ -S "$SYSTEM_SOCKET" ] && CONTAINER_HOST="unix://$SYSTEM_SOCKET" timeout 3s podman version >/dev/null 2>&1; then
echo "unix://$SYSTEM_SOCKET"
elif [ -S "$USER_SOCKET" ] && CONTAINER_HOST="unix://$USER_SOCKET" timeout 3s podman version >/dev/null 2>&1; then
echo "unix://$USER_SOCKET"
else
# Default fallback (will likely fail, but provides a reasonable default)
echo "unix://$SYSTEM_SOCKET"
fi
Copy link
Copy Markdown

@cursor cursor bot Feb 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

New script podman-get-socket.sh is never used

Low Severity

podman-get-socket.sh is added in this PR but is not referenced by any other file — not in the Makefile, not in CI workflows, and not in podman-service-start.sh. Grepping the entire codebase for podman-get-socket yields zero results. This is dead code that adds maintenance burden without providing any value.

Fix in Cursor Fix in Web

57 changes: 57 additions & 0 deletions dev/bin/podman-service-start.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
#!/usr/bin/env bash
set -euo pipefail

echo "--- Configuring Podman ---"

if [ "$(uname)" = "Linux" ]; then
echo "Applying Linux-specific podman configuration..."
mkdir -p /etc/containers
echo '{ "default": [{"type": "insecureAcceptAnything"}]}' > /etc/containers/policy.json || true
echo 'unqualified-search-registries = ["docker.io"]' > /etc/containers/registries.conf || true
grep -q "host.containers.internal" /etc/hosts || echo "127.0.0.1 host.containers.internal" >> /etc/hosts || true
else
echo "Non-Linux system detected, skipping container configuration"
fi

echo "--- Podman configuration done ---"
echo "--- Starting Podman service ---"

if [ "$(uname)" = "Linux" ]; then
echo "Checking if podman socket is working..."

# Try system socket first, then user socket
SYSTEM_SOCKET="/run/podman/podman.sock"
USER_SOCKET="${XDG_RUNTIME_DIR:-/run/user/$(id -u)}/podman/podman.sock"

if [ -S "$SYSTEM_SOCKET" ] && CONTAINER_HOST="unix://$SYSTEM_SOCKET" timeout 3s podman version >/dev/null 2>&1; then
echo "System podman socket already working!"
elif [ -S "$USER_SOCKET" ] && CONTAINER_HOST="unix://$USER_SOCKET" timeout 3s podman version >/dev/null 2>&1; then
echo "User podman socket already working!"
else
echo "Starting podman system service..."

# Try to create system socket directory with sudo, fall back to user socket
if sudo mkdir -p /run/podman 2>/dev/null; then
echo "Using system socket at $SYSTEM_SOCKET"
podman system service --time=0 "unix://$SYSTEM_SOCKET" &
SOCKET_PATH="$SYSTEM_SOCKET"
else
echo "Cannot create system socket, using user socket at $USER_SOCKET"
mkdir -p "$(dirname "$USER_SOCKET")"
podman system service --time=0 "unix://$USER_SOCKET" &
SOCKET_PATH="$USER_SOCKET"
fi

echo "Waiting for socket to be created..."
for i in 1 2 3 4 5; do
if [ -S "$SOCKET_PATH" ] && CONTAINER_HOST="unix://$SOCKET_PATH" timeout 3s podman version >/dev/null 2>&1; then
echo "Socket created and working!"
break
fi
echo "Waiting... ($i/5)"
sleep 2
done
Copy link
Copy Markdown

@cursor cursor bot Feb 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Socket wait loop silently succeeds on failure

High Severity

The wait loop tries 5 times to verify the socket is ready, but if all attempts fail, execution falls through and the script prints "Podman service ready" on the final line. With set -e active, the if condition doesn't trigger an exit on failure, so the script always reports success. This masks a failed podman service start and causes confusing downstream errors in CI.

Additional Locations (1)

Fix in Cursor Fix in Web

fi
fi

echo "--- Podman service ready ---"
Loading