Merge branch 'main' into fix/image-push-tests-permissions

Author: Siddhant-K-code

.github/ISSUE_TEMPLATE/01-bug.yml

@@ -1,7 +1,7 @@
 name: Bug report
 description: File a bug report.
 title: "[Bug]: "
-labels: ["bug", "triage"]
+type: "Bug"
 body:
   - type: markdown
     attributes:
@@ -34,7 +34,7 @@ body:
   - type: textarea
     id: expected
     attributes:
-      label: Expected Behavior
+      label: Expected behavior
       description: A concise description of what you expected to happen.
     validations:
       required: true

.github/ISSUE_TEMPLATE/02-feature.yml

@@ -1,7 +1,7 @@
 name: Feature or enhancement request
 description: File a request for a feature or enhancement
 title: "[Request]: "
-labels: ["feature", "triage"]
+type: "Feature"
 body:
   - type: markdown
     attributes:

.github/workflows/containerization-build-template.yml

@@ -15,83 +15,86 @@ on:
 jobs: 
   buildAndTest: 
     name: Build and Test repo
+    if: github.repository == 'apple/containerization'
     timeout-minutes: 60
     runs-on: [self-hosted, macos, sequoia, ARM64]
     permissions:
       contents: read
       packages: write
+    env:
+      DEVELOPER_DIR: "/Applications/Xcode_26.b1.app/Contents/Developer"
+
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4 
         with:
           fetch-depth: 0
+
       - name: Activate Swiftly
         run: |
           source /opt/swiftly/env.sh
           cat /opt/swiftly/env.sh
+
       - name: Check formatting
         run: | 
           ./scripts/install-hawkeye.sh
           make fmt
           git diff
           if ! git diff --quiet ; then echo the following files require formatting or license headers: ; git diff --name-only ; false ; fi
-        env:
-          DEVELOPER_DIR: "/Applications/Xcode_26.b1.app/Contents/Developer"
+
       - name: Check protobufs
         run: | 
           make protos
           if ! git diff --quiet ; then echo the following files require formatting or license headers: ; git diff --name-only ; false ; fi
-        env:
-          DEVELOPER_DIR: "/Applications/Xcode_26.b1.app/Contents/Developer"
-          CURRENT_SDK: y
+
       - name: Make containerization and docs
         run: | 
           make clean containerization docs
           tar cfz _site.tgz _site
-        env:
-          DEVELOPER_DIR: "/Applications/Xcode_26.b1.app/Contents/Developer"
-          CURRENT_SDK: y
+
       - name: Make vminitd image
         run: | 
           source /opt/swiftly/env.sh
           make -C vminitd swift linux-sdk
           make init
-        env:
-          CURRENT_SDK: y
+
       - name: Test containerization
         run: | 
           make fetch-default-kernel
           make test integration
         env:
-          REGISTRY_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          REGISTRY_TOKEN: ${{ github.token }}
           REGISTRY_USERNAME: ${{ github.actor }}
-          DEVELOPER_DIR: "/Applications/Xcode_26.b1.app/Contents/Developer"
-          CURRENT_SDK: y
+
       - name: Push vminitd image
         if: ${{ inputs.release }}
         run: |
           bin/cctl images tag vminit:latest ghcr.io/apple/containerization/vminit:${{ inputs.version }}
           bin/cctl images push ghcr.io/apple/containerization/vminit:${{ inputs.version }}
         env:
-          REGISTRY_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          REGISTRY_TOKEN: ${{ github.token }}
           REGISTRY_USERNAME: ${{ github.actor }}
           REGISTRY_HOST: ghcr.io
+
       - name: Create image tar 
-        if: ${{ inputs.release }} != true
+        if: ${{ !inputs.release }}
         run: |
           bin/cctl images save vminit:latest -o vminit.tar
+
       - name: Save vminit artifact
-        if: ${{ inputs.release }} != true
+        if: ${{ !inputs.release }}
         uses: actions/upload-artifact@v4
         with:
           name: vminit
           path: vminit.tar
+
       - name: Save documentation artifact
         uses: actions/upload-artifact@v4
         with:
           name: api-docs
           path: "./_site.tgz"
           retention-days: 14
+
   uploadPages:
     # Separate upload step required because upload-pages-artifact needs
     # gtar which is not on the macOS runner.
@@ -103,13 +106,16 @@ jobs:
     steps:
       - name: Setup Pages
         uses: actions/configure-pages@v5
+
       - name: Download a single artifact
         uses: actions/download-artifact@v4
         with:
           name: api-docs
+
       - name: Add API docs to documentation
         run: |
           tar xfz _site.tgz
+
       - name: Upload Artifact
         uses: actions/upload-pages-artifact@v3
         with:

.spi.yml

@@ -2,3 +2,4 @@ version: 1
 builder:
   configs:
     - documentation_targets: [Containerization, ContainerizationEXT4, ContainerizationOS, ContainerizationOCI, ContainerizationNetlink, ContainerizationIO, ContainerizationExtras, ContainerizationArchive, SendableProperty]
+      swift_version: '6.2'

.swift-version

@@ -1 +1 @@
-6.2-snapshot
+6.2-snapshot-2025-06-25

CONTRIBUTORS.txt

@@ -16,6 +16,7 @@ John Logan (jglogan)
 Kathryn Baldauf (katiewasnothere)
 Madhu Venugopal (mavenugo)
 Michael Crosby (crosbymichael)
+Nandha Reddy (nandsha)
 Sidhartha Mani (wlan0)
 Tanweer Noor (tanweernoor)
 Ximena Perez Diaz (ximenanperez)

Makefile

@@ -19,7 +19,7 @@ BUILD_CONFIGURATION ?= debug
 # Commonly used locations
 SWIFT := "/usr/bin/swift"
 ROOT_DIR := $(shell git rev-parse --show-toplevel)
-BUILD_BIN_DIR := $(shell $(SWIFT) build -c $(BUILD_CONFIGURATION) --show-bin-path)
+BUILD_BIN_DIR = $(shell $(SWIFT) build -c $(BUILD_CONFIGURATION) --show-bin-path)
 
 # Variables for libarchive integration
 LIBARCHIVE_UPSTREAM_REPO := https://github.com/libarchive/libarchive
@@ -54,7 +54,7 @@ containerization:
 	@codesign --force --sign - --timestamp=none --entitlements=signing/vz.entitlements bin/containerization-integration
 
 .PHONY: init
-init: vminitd
+init: containerization vminitd
 	@echo Creating init.ext4...
 	@rm -f bin/init.rootfs.tar.gz bin/init.block
 	@./bin/cctl rootfs create --vminitd vminitd/bin/vminitd --labels org.opencontainers.image.source=https://github.com/apple/containerization --vmexec vminitd/bin/vmexec bin/init.rootfs.tar.gz vminit:latest
@@ -106,7 +106,7 @@ ifeq (,$(wildcard bin/vmlinux))
 endif
 
 .PHONY: fmt
-fmt:	swift-fmt update-licenses
+fmt: swift-fmt update-licenses
 
 .PHONY: swift-fmt
 SWIFT_SRC = $(shell find . -type f -name '*.swift' -not -path "*/.*" -not -path "*.pb.swift" -not -path "*.grpc.swift" -not -path "*/checkouts/*")
@@ -135,12 +135,10 @@ serve-docs:
 	@python3 -m http.server --bind 127.0.0.1 --directory ./_serve
 
 .PHONY: docs
-docs: _site
-
-_site:
+docs:
 	@echo Updating API documentation...
-	rm -rf $@
-	@scripts/make-docs.sh $@ containerization
+	@rm -rf _site
+	@scripts/make-docs.sh _site containerization
 
 .PHONY: cleancontent
 cleancontent:

Package.resolved

@@ -21,14 +21,6 @@ import CompilerPluginSupport
 import Foundation
 import PackageDescription
 
-let settings: [SwiftSetting]
-if ProcessInfo.processInfo.environment["CURRENT_SDK"] != nil {
-    // TODO: Remove this compile condition when the updated macOS SDK is available publicly
-    settings = [.define("CURRENT_SDK")]
-} else {
-    settings = []
-}
-
 let package = Package(
     name: "containerization",
     platforms: [.macOS("15")],
@@ -77,8 +69,7 @@ let package = Package(
             ],
             exclude: [
                 "../Containerization/SandboxContext/SandboxContext.proto"
-            ],
-            swiftSettings: settings
+            ]
         ),
         .executableTarget(
             name: "cctl",

Package.swift

@@ -3,6 +3,9 @@
 The Containerization package allows applications to use Linux containers.
 Containerization is written in [Swift](https://www.swift.org) and uses [Virtualization.framework](https://developer.apple.com/documentation/virtualization) on Apple silicon.
 
+> **Looking for command line binaries for running containers?**\
+> They are available in the dedicated [apple/container](https://github.com/apple/container) repository.
+
 Containerization provides APIs to:
 
 - [Manage OCI images](./Sources/ContainerizationOCI/).
@@ -23,7 +26,7 @@ Containerization executes each Linux container inside of its own lightweight vir
 [vminitd](/vminitd) is a small init system, which is a subproject within Containerization.
 `vminitd` is spawned as the initial process inside of the virtual machine and provides a GRPC API over vsock.
 The API allows the runtime environment to be configured and containerized processes to be launched.
-`vminitd` provides I/O, signals, and events to the calling process when a process is ran.
+`vminitd` provides I/O, signals, and events to the calling process when a process is run.
 
 ## Requirements
 
@@ -59,9 +62,9 @@ While this configuration will work for the majority of workloads we understand t
 To solve this Containerization provides first class APIs to use different kernel configurations and versions on a per container basis.
 This enables containers to be developed and validated across different kernel versions.
 
-See the [README](/kernel/README.md) in the kernel directory for instruction on how to compile the optimized kernel.
+See the [README](/kernel/README.md) in the kernel directory for instructions on how to compile the optimized kernel.
 
-### Pre-build Kernel
+### Pre-built Kernel
 
 If you wish to consume a pre-built kernel it must have `VIRTIO` drivers compiled into the kernel, not as modules.
 
@@ -71,6 +74,13 @@ A kernel image named `vmlinux.container` can be found in the `/opt/kata/share/ka
 
 ## Prepare to build package
 
+Install the recommended version of Xcode.
+
+Set the active developer directory to the installed Xcode (replace `<PATH_TO_XCODE>`):
+```bash
+sudo xcode-select -s <PATH_TO_XCODE>
+``` 
+
 Install [Swiftly](https://github.com/swiftlang/swiftly), [Swift](https://www.swift.org), and [Static Linux SDK](https://www.swift.org/documentation/articles/static-linux-getting-started.html):
 
 ```bash
@@ -143,7 +153,7 @@ make serve-docs
 Preview the documentation by running in another terminal:
 
 ```bash
-open http://localhost:8000/documentation/
+open http://localhost:8000/containerization/documentation/
 ```
 
 ## Contributing