Merge branch 'main' into add-new-network-metadata

saehejkang · web-flow · commit 9fd5f2df4613 · 2025-10-20T22:09:36.000-07:00
diff --git a/.github/workflows/common.yml b/.github/workflows/common.yml
@@ -1,5 +1,8 @@
 name: container project - common jobs
 
+permissions:
+  contents: read
+
 on:
   workflow_call:
     inputs:
diff --git a/.github/workflows/docs-release.yml b/.github/workflows/docs-release.yml
@@ -1,6 +1,10 @@
 # Manual workflow for releasing docs ad-hoc. Workflow can only be run for main or release branches.
 # Workflow does NOT publish a release of container.
 name: Deploy application website
+
+permissions:
+  contents: read
+
 on:
   workflow_dispatch:
 
diff --git a/.github/workflows/merge-build.yml b/.github/workflows/merge-build.yml
@@ -1,5 +1,8 @@
 name: container project - merge build
 
+permissions:
+  contents: read
+
 on:
   push:
     branches:
diff --git a/.github/workflows/pr-build.yml b/.github/workflows/pr-build.yml
@@ -1,5 +1,8 @@
 name: container project - PR build
 
+permissions:
+  contents: read
+
 on:
   pull_request:
     types: [opened, reopened, synchronize]
diff --git a/.github/workflows/release-build.yml b/.github/workflows/release-build.yml
@@ -1,5 +1,8 @@
 name: container project - release build
 
+permissions:
+  contents: read
+
 on:
   push:
     tags:
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -1,5 +1,8 @@
 name: container project - release build
 
+permissions:
+  contents: read
+
 on:
   push:
     tags:
diff --git a/Makefile b/Makefile
@@ -181,6 +181,7 @@ integration: init-block
 		$(SWIFT) test -c $(BUILD_CONFIGURATION) $(SWIFT_CONFIGURATION) --filter TestCLIBuildBase || exit_code=1 ; \
 		$(SWIFT) test -c $(BUILD_CONFIGURATION) $(SWIFT_CONFIGURATION) --filter TestCLIVolumes || exit_code=1 ; \
 		$(SWIFT) test -c $(BUILD_CONFIGURATION) $(SWIFT_CONFIGURATION) --filter TestCLIKernelSet || exit_code=1 ; \
+		$(SWIFT) test -c $(BUILD_CONFIGURATION) $(SWIFT_CONFIGURATION) --filter TestCLIAnonymousVolumes || exit_code=1 ; \
 		echo Ensuring apiserver stopped after the CLI integration tests ; \
 		scripts/ensure-container-stopped.sh ; \
 		exit $${exit_code} ; \
diff --git a/Sources/ContainerClient/Core/Volume.swift b/Sources/ContainerClient/Core/Volume.swift
@@ -16,7 +16,7 @@
 
 import Foundation
 
-/// A named volume that can be mounted in containers.
+/// A named or anonymous volume that can be mounted in containers.
 public struct Volume: Sendable, Codable, Equatable, Identifiable {
     // id of the volume.
     public var id: String { name }
@@ -45,7 +45,7 @@ public struct Volume: Sendable, Codable, Equatable, Identifiable {
         createdAt: Date = Date(),
         labels: [String: String] = [:],
         options: [String: String] = [:],
-        sizeInBytes: UInt64? = nil,
+        sizeInBytes: UInt64? = nil
     ) {
         self.name = name
         self.driver = driver
@@ -58,6 +58,16 @@ public struct Volume: Sendable, Codable, Equatable, Identifiable {
     }
 }
 
+extension Volume {
+    /// Reserved label key for marking anonymous volumes
+    public static let anonymousLabel = "com.apple.container.resource.anonymous"
+
+    /// Whether this is an anonymous volume (detected via label)
+    public var isAnonymous: Bool {
+        labels[Self.anonymousLabel] != nil
+    }
+}
+
 /// Error types for volume operations.
 public enum VolumeError: Error, LocalizedError {
     case volumeNotFound(String)
@@ -95,9 +105,14 @@ public struct VolumeStorage {
 
         do {
             let regex = try Regex(volumeNamePattern)
-            return name.contains(regex)
+            return (try? regex.wholeMatch(in: name)) != nil
         } catch {
             return false
         }
     }
+
+    /// Generates an anonymous volume name with UUID format
+    public static func generateAnonymousVolumeName() -> String {
+        UUID().uuidString.lowercased()
+    }
 }
diff --git a/Sources/ContainerClient/Parser.swift b/Sources/ContainerClient/Parser.swift
@@ -25,11 +25,13 @@ public struct ParsedVolume {
     public let name: String
     public let destination: String
     public let options: [String]
+    public let isAnonymous: Bool
 
-    public init(name: String, destination: String, options: [String] = []) {
+    public init(name: String, destination: String, options: [String] = [], isAnonymous: Bool = false) {
         self.name = name
         self.destination = destination
         self.options = options
+        self.isAnonymous = isAnonymous
     }
 }
 
@@ -368,8 +370,7 @@ public struct Parser {
                 case "tmpfs":
                     fs.type = Filesystem.FSType.tmpfs
                 case "volume":
-                    // Volume type will be set later in source parsing when we create the actual volume filesystem
-                    break
+                    isVolume = true
                 default:
                     throw ContainerizationError(.invalidArgument, message: "unsupported mount type \(val)")
                 }
@@ -416,7 +417,6 @@ public struct Parser {
                     }
 
                     // This is a named volume
-                    isVolume = true
                     volumeName = val
                     fs.source = val
                 case "tmpfs":
@@ -434,11 +434,19 @@ public struct Parser {
         guard isVolume else {
             return .filesystem(fs)
         }
+
+        // If it's a volume type but no source was provided, create an anonymous volume
+        let isAnonymous = volumeName.isEmpty
+        if isAnonymous {
+            volumeName = VolumeStorage.generateAnonymousVolumeName()
+        }
+
         return .volume(
             ParsedVolume(
                 name: volumeName,
                 destination: fs.destination,
-                options: fs.options
+                options: fs.options,
+                isAnonymous: isAnonymous
             ))
     }
 
@@ -459,7 +467,19 @@ public struct Parser {
         let parts = vol.split(separator: ":")
         switch parts.count {
         case 1:
-            throw ContainerizationError(.invalidArgument, message: "anonymous volumes are not supported")
+            // Anonymous volume: -v /path
+            // Generate a random name for the anonymous volume
+            let anonymousName = VolumeStorage.generateAnonymousVolumeName()
+            let destination = String(parts[0])
+            let options: [String] = []
+
+            return .volume(
+                ParsedVolume(
+                    name: anonymousName,
+                    destination: destination,
+                    options: options,
+                    isAnonymous: true
+                ))
         case 2, 3:
             let src = String(parts[0])
             let dst = String(parts[1])
diff --git a/Sources/ContainerClient/Utility.swift b/Sources/ContainerClient/Utility.swift
@@ -160,19 +160,15 @@ public struct Utility {
             case .filesystem(let fs):
                 resolvedMounts.append(fs)
             case .volume(let parsed):
-                do {
-                    let volume = try await ClientVolume.inspect(parsed.name)
-                    let volumeMount = Filesystem.volume(
-                        name: parsed.name,
-                        format: volume.format,
-                        source: volume.source,
-                        destination: parsed.destination,
-                        options: parsed.options
-                    )
-                    resolvedMounts.append(volumeMount)
-                } catch {
-                    throw ContainerizationError(.invalidArgument, message: "volume '\(parsed.name)' not found")
-                }
+                let volume = try await getOrCreateVolume(parsed: parsed)
+                let volumeMount = Filesystem.volume(
+                    name: parsed.name,
+                    format: volume.format,
+                    source: volume.source,
+                    destination: parsed.destination,
+                    options: parsed.options
+                )
+                resolvedMounts.append(volumeMount)
             }
         }
 
@@ -281,4 +277,36 @@ public struct Utility {
         }
         return result
     }
+
+    /// Gets an existing volume or creates it if it doesn't exist.
+    /// Shows a warning for named volumes when auto-creating.
+    private static func getOrCreateVolume(parsed: ParsedVolume) async throws -> Volume {
+        let labels = parsed.isAnonymous ? [Volume.anonymousLabel: ""] : [:]
+
+        let volume: Volume
+        do {
+            volume = try await ClientVolume.create(
+                name: parsed.name,
+                driver: "local",
+                driverOpts: [:],
+                labels: labels
+            )
+        } catch let error as VolumeError {
+            guard case .volumeAlreadyExists = error else {
+                throw error
+            }
+            // Volume already exists, just inspect it
+            volume = try await ClientVolume.inspect(parsed.name)
+        } catch let error as ContainerizationError {
+            // Handle XPC-wrapped volumeAlreadyExists error
+            guard error.message.contains("already exists") else {
+                throw error
+            }
+            volume = try await ClientVolume.inspect(parsed.name)
+        }
+
+        // TODO: Warn user if named volume was auto-created
+
+        return volume
+    }
 }
diff --git a/Sources/ContainerCommands/System/DNS/DNSList.swift b/Sources/ContainerCommands/System/DNS/DNSList.swift
@@ -26,6 +26,12 @@ extension Application {
             aliases: ["ls"]
         )
 
+        @Option(name: .long, help: "Format of the output")
+        var format: ListFormat = .table
+
+        @Flag(name: .shortAndLong, help: "Only output the domain")
+        var quiet = false
+
         @OptionGroup
         var global: Flags.Global
 
@@ -34,7 +40,35 @@ extension Application {
         public func run() async throws {
             let resolver: HostDNSResolver = HostDNSResolver()
             let domains = resolver.listDomains()
-            print(domains.joined(separator: "\n"))
+            try printDomains(domains: domains, format: format)
+        }
+
+        private func createHeader() -> [[String]] {
+            [["DOMAIN"]]
+        }
+
+        func printDomains(domains: [String], format: ListFormat) throws {
+            if format == .json {
+                let data = try JSONEncoder().encode(domains)
+                print(String(data: data, encoding: .utf8)!)
+
+                return
+            }
+
+            if self.quiet {
+                domains.forEach { domain in
+                    print(domain)
+                }
+                return
+            }
+
+            var rows = createHeader()
+            for domain in domains {
+                rows.append([domain])
+            }
+
+            let formatter = TableOutput(rows: rows)
+            print(formatter.format())
         }
 
     }
diff --git a/Sources/ContainerCommands/Volume/VolumeList.swift b/Sources/ContainerCommands/Volume/VolumeList.swift
@@ -44,7 +44,7 @@ extension Application.VolumeCommand {
         }
 
         private func createHeader() -> [[String]] {
-            [["NAME", "DRIVER", "OPTIONS"]]
+            [["NAME", "TYPE", "DRIVER", "OPTIONS"]]
         }
 
         func printVolumes(volumes: [Volume], format: Application.ListFormat) throws {
@@ -61,8 +61,13 @@ extension Application.VolumeCommand {
                 return
             }
 
+            // Sort volumes by creation time (newest first)
+            let sortedVolumes = volumes.sorted { v1, v2 in
+                v1.createdAt > v2.createdAt
+            }
+
             var rows = createHeader()
-            for volume in volumes {
+            for volume in sortedVolumes {
                 rows.append(volume.asRow)
             }
 
@@ -74,9 +79,11 @@ extension Application.VolumeCommand {
 
 extension Volume {
     var asRow: [String] {
+        let volumeType = self.isAnonymous ? "anonymous" : "named"
         let optionsString = options.isEmpty ? "" : options.map { "\($0.key)=\($0.value)" }.joined(separator: ",")
         return [
             self.name,
+            volumeType,
             self.driver,
             optionsString,
         ]
diff --git a/Sources/Services/ContainerAPIService/Volumes/VolumesService.swift b/Sources/Services/ContainerAPIService/Volumes/VolumesService.swift
@@ -167,7 +167,7 @@ public actor VolumesService {
 
         try await store.create(volume)
 
-        log.info("Created volume", metadata: ["name": "\(name)", "driver": "\(driver)"])
+        log.info("Created volume", metadata: ["name": "\(name)", "driver": "\(driver)", "isAnonymous": "\(volume.isAnonymous)"])
         return volume
     }
 
diff --git a/Tests/CLITests/Subcommands/Volumes/TestCLIAnonymousVolumes.swift b/Tests/CLITests/Subcommands/Volumes/TestCLIAnonymousVolumes.swift
diff --git a/Tests/CLITests/Subcommands/Volumes/TestCLIVolumes.swift b/Tests/CLITests/Subcommands/Volumes/TestCLIVolumes.swift
diff --git a/Tests/CLITests/Utilities/CLITest.swift b/Tests/CLITests/Utilities/CLITest.swift
diff --git a/docs/command-reference.md b/docs/command-reference.md
diff --git a/scripts/make-docs.sh b/scripts/make-docs.sh
