Apple Silicon 上用于 CI 和其他自动化的 macOS VM

馅饼 – 满足您自动化需求的开源虚拟化

Tart 是一个虚拟化工具集,用于在 Apple 芯片上构建、运行和管理虚拟机。 由 CI 工程师根据您的自动化需求构建。以下是馅饼的一些亮点:

  • Tart使用Apple自己的近乎原生的性能Virtualization.Framework
  • 从任何与 OCI 兼容的容器注册表推送/拉取虚拟机。
  • 使用Tart Packer插件自动创建VM。
  • 内置 CI 集成。

尝试在运行 macOS Monterey 或更高版本的 Apple Silicon 设备上运行 Tart VM(将下载 25 GB 映像):

brew install cirruslabs/cli/tart
tart clone ghcr.io/cirruslabs/macos-monterey-base:latest monterey-base
tart run monterey-base

馅饼 VM 视图应用

CI 集成

Tart本身只负责管理虚拟机,但我们已经将Tart支持构建到一个名为Cirrus CLI的工具中。 也由Cirrus Labs开发。Cirrus CLI 是一个命令行工具,具有 一种配置格式,用于在本地或任何 CI 系统中执行常见的 CI 步骤(运行脚本、缓存文件夹等)。 我们构建了Cirrus CLI来解决“但它在我的机器上工作!”的问题。

下面是一个配置文件的示例,该文件将启动一个 Tart VM,将复制工作目录和 将在虚拟机内运行脚本和其他指令.cirrus.yml

task:
  name: hello
  macos_instance:
    # can be a remote or a local virtual machine
    image: ghcr.io/cirruslabs/macos-monterey-base:latest
  hello_script:
    - echo "Hello from within a Tart VM!"
    - echo "Here is my CPU info:"
    - sysctl -n machdep.cpu.brand_string
    - sleep 15

Put the above file in the root of your repository and run it with the following command:.cirrus.yml

brew install cirruslabs/cli/cirrus
cirrus run

Cirrus CLI Run

Cirrus CI already leverages Tart to power its macOS cloud infrastructure. The config from above will just work in Cirrus CI and your tasks will be executed inside Tart VMs in our cloud..cirrus.yml

Note: Cirrus CI only allows images managed and regularly updated by us.

Virtual Machine Management

Creating from scratch

Tart can create VMs from files. You can download a specific file here or you can use instead of a path to to download the latest available version:*.ipsw*.ipswlatest*.ipsw

tart create --from-ipsw=latest monterey-vanilla
tart run monterey-vanilla

After the initial booting of the VM you’ll need to manually go through the macOS installation process. As a convention we recommend creating an user with an password. After the regular installation please do some additional modifications in the VM:adminadmin

  1. Enable Auto-Login. Users & Groups -> Login Options -> Automatic login -> admin.
  2. Allow SSH. Sharing -> Remote Login
  3. Disable Lock Screen. Preferences -> Lock Screen -> disable “Require Password” after 5.
  4. Disable Screen Saver.
  5. Run in Terminal, find add to allow sudo without a password.sudo visudo%admin ALL=(ALL) ALLadmin ALL=(ALL) NOPASSWD: ALL

Configuring a VM

By default, a tart VM uses 2 CPUs and 4 GB of memory with a display. This can be changed with command. Please refer to for additional details.1024x768tart settart set --help

Building with Packer

Please refer to Tart Packer Plugin repository for setup instructions. Here is an example of a template to build local image based of a remote image:monterey-base

{
  "builders": [
    {
      "name": "tart",
      "type": "tart-cli",
      "vm_base_name": "tartvm/vanilla:latest",
      "vm_name": "monterey-base",
      "cpu_count": 4,
      "memory_gb": 8,
      "disk_size_gb": 32,
      "ssh_username": "admin",
      "ssh_password": "admin",
      "ssh_timeout": "120s"
    }
  ],
  "provisioners": [
    {
      "inline": [
        "echo 'Disabling spotlight indexing...'",
        "sudo mdutil -a -i off"
      ],
      "type": "shell"
    },
    # more provisioners
  ]
}

Here is a repository with Packer templates used to build all the images managed by us.

Working with a Remote OCI Container Registry

For example, let’s say you want to push/pull images to a registry hosted at https://acme.io/.

Registry Authorization

First, you need to log in and save credential for host via command:acme.iotart login

tart login acme.io

Credentials are securely stored in Keychain.

Pushing a Local Image

Once credentials are saved for , run the following command to push a local images remotely with two tags:acme.io

tart push my-local-vm-name acme.io/remoteorg/name:latest acme.io/remoteorg/name:v1.0.0

Pulling a Remote Image

tart pull acme.io/remoteorg/name:latest my-local-vm-name

FAQ

How Tart is different from Anka

Under the hood Tart is using the same technology as Anka 3.0 so there should be no real difference in performance or features supported. If there is some feature missing please don’t hesitate to create a feature request.

Instead of Anka Registry, Tart can work with any OCI-compatible container registry.

Tart doesn’t yet have an analogue of Anka Controller for managing long living VMs. Please take a look at CI integration section for an option to run ephemeral VMs for your needs.

Why Tart is free and open sourced?

Tart is a relatively small project, and it didn’t feel right to try to monetize it. Apple did all the heavy lifting with their .Virtualization.Framework

How to change VM’s disk size?

You can choose disk size upon creation of a virtual machine:

tart create --from-ipsw=latest --disk-size=25 monterey-vanilla

For an existing VM please use Packer Plugin which can increase disk size for new virtual machines. Here is an example of how to change disk size in a Packer template.

VM location on disk

Tart stores all it’s files in directory. Local images that you can run are stored in . Remote images are pulled into .~/.tart/~/.tart/vms/~/.tart/vms/cache/OCIs/

Nested virtualization support?

Tart is limited by functionality of Apple’s . At the moment doesn’t support nested virtualization.Virtualization.FrameworkVirtualization.Framework

GitHub

点击跳转