Add container upgrade command#1943
Open
Saviollage wants to merge 6 commits into
Open
Conversation
--release avoids colliding with the inherited root --version flag (argument-parser subcommands inherit the root's version option). Also moves the GitHubRelease JSON decode inside the existing do/catch so a malformed 200 response is reported as a clean ContainerizationError instead of a raw DecodingError dump.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Type of Change
Motivation and Context
Fixes #1942.
Upgrading
containercurrently requires theupdate-container.shshellscript installed under /usr/local/bin. This PR adds a native, discoverable
container upgradecommand with behavioral parity to the script:com.apple.container.*services are running anddirects the user to
container system stop-v/--release) from theGitHub releases API
-f/--forcefalling back to an unsigned one
sudo installer -pkg <pkg> -target /(trust anchored inmacOS Installer/Gatekeeper validating the signed package, as with the
script)
The release-resolution and asset-selection logic is implemented as pure
functions with unit tests.
Deliberate deviations from the script, for reviewers:
--release(short-vkept): a subcommand--versionoption would shadow the--versionflag subcommands inheritfrom the root command.
Error:prefix (repoconvention) rather than the script's plain stdout echo; exit codes match.
and no unsigned-package prompt when the release has no installer asset at
all (the script prompts before discovering there is nothing to download).
installation starts.
-v <installed-version>, the "already on version" answer requiresthe release lookup first (the script answers before fetching), so it
needs network access.
ReleaseVersion.version()rather than parsing
container --versionoutput — identical for anyinstalled binary.
Non-goals for this PR (possible follow-ups, listed in the issue):
auto-stopping services, semver-aware comparison,
--dry-run, downloadprogress bar.
Testing
Unit tests cover the GitHub release decoding, endpoint construction, asset
selection precedence, upgrade policy, and argument parsing (
make test:568 tests / 70 suites passing). An integration test verifies the
running-service guard — the only path that can safely run in CI, since
actually installing a package would modify the host. The guard and the
release-not-found path were additionally verified end-to-end against the
debug binary (exit code 1 with the expected messages in both cases).
make fmtis clean andmake docsbuilds. The full integration suite wasnot run locally (this environment hits the BUILDING.md
~/Documentsvmnetlimitation); relying on CI for that.