Anyone had success with apple/container?

I would love to use apple/container to make it easier to test builds locally, especially now that I have more cases where I am linking to C for certain servers and executables. (e.g. if I need something from OpenSSL and want to have version X.Y.Z built from source with certain flags)

I tried to adapt the existing Dockerfile for elm, but could not get it quite right.

Does anyone have a good flow of like “run this script to get out a binary” for apple/container? In particular, I would love to cache the “build OpenSSL from source and install Haskell dependencies” part. I’m not knowledgeable about containerizing, so I cannot tell if I am too early to apple/container or just too new to using containers in general.

I have had good experiences with nix for reproducible builds, and it does caching well. I haven’t used the feature that containerizes a build, but it is purportedly easy. I haven’t found it necessary because the default mode (native binaries) works well for me

I’ve seen and read about apple/container but as of yet haven’t understood why one would use it over Docker from a pure capability perspective. From what I can tell it’s a more Apple-natively integrated OCI-compliant container tooling (leveraging kernel isolation, better native perf and some resource utilisation improvements), but trading off feature coverage and maturity (?) – and confusingly, it doesn’t appear to let you run macos containers, only Linux containers.

so I cannot tell if I am too early to apple/container or just too new to using containers in general.

I would guess if you’re saying you’re new to containers, then you’re probably too early to apple/container, and will likely find more support and resources for the more widely used Docker right now.

Does anyone have a good flow of like “run this script to get out a binary”

We have these scripts for the Elm compiler:

build-linux-arm32v7-musl.sh
build-linux-arm64-musl.sh
build-linux-x86_64-musl.sh
build-macos-arm64.sh
build-macos-x86_64.sh

The Linux ones use Docker to create statically-linked musl based binaries.

I set them up when we were trying to resolve the native arm64 Elm build issues. We spoke about this some time ago but here’s all the documentation and source again in case you find it helpful for your current work:

It also includes information about cross-compiling, and there is one script per arch+os combo so I hope it’s easy to inspect and understand.

The lamdera compiler also uses these scripts and additionally has the Github CI setup for all those scripts, plus Windows.

In particular, I would love to cache the “build OpenSSL from source and install Haskell dependencies” part.

I spent a lot of time trying to optimise caching to avoid unecessary rebuilds. There is a note at the bottom of the readme about gotchas/strategies with layering order in Docker (I believe the same would apply for apple/containers) that you might find helpful.

NB: I’m broadly +1 on @dta 's nix recommendation, we’re moving towards it as well and philosophically; declarative immutable builds make way more sense to me. That said, nix is a fairly big tangent, and I’d hate to send you on a wild goose chase. Even though what it provides is epic, it’s ergonomics (the nix language mainly) are a very steep learning curve. If you like to deeply understand and control the tools you’re using, Docker will be more “better the devil you know” in the short term in your case IMO.