Skip to content

feat: add Windows support and E2E CI pipeline#1

Open
jonaswre wants to merge 18 commits into
mainfrom
windows-support
Open

feat: add Windows support and E2E CI pipeline#1
jonaswre wants to merge 18 commits into
mainfrom
windows-support

Conversation

@jonaswre

Copy link
Copy Markdown
Owner

Summary

  • Cross-platform backend abstraction (VmBackend, RootfsMaterializer, ProcessSupervisor traits)
  • Windows HCS/HCN backend implementation
  • Platform-neutral path types (HostPathBuf, GuestPathBuf, MountSpec)
  • cfg-gated Unix-only code (libkrun, PTY, xattr)
  • E2E smoke tests that boot real VMs via KVM on Linux CI
  • Windows CI: strict compile check + unit tests

Test plan

  • Linux unit tests pass (199 tests)
  • Linux E2E smoke tests boot alpine VM and verify exec, filesystem, env vars
  • Windows compile check passes (cargo check --workspace)
  • Windows unit tests pass (config, backend, platform modules)
  • Clippy clean with -D warnings

🤖 Generated with Claude Code

jonaswre and others added 18 commits March 13, 2026 15:18
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Cross-platform path types (HostPathBuf, GuestPathBuf, MountSpec)
- PlatformPaths trait for OS-specific directory layout
- Backend abstraction layer (VmBackend, RootfsMaterializer, ProcessSupervisor traits)
- Windows HCS/HCN backend implementation (compute, networking, rootfs, supervisor)
- cfg-gate Unix-only code (libkrun FFI, PTY supervisor, xattr)
- DB migration for backend-neutral runtime columns
- Windows CI: compile check + unit tests (strict)
- Linux CI: E2E smoke tests that boot real VMs via KVM
- Fix clippy if_same_then_else in ReferenceOrPath::from_str

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add missing RootfsMaterializer trait import in hcs.rs
- Fix unreachable code after return in layer extraction non-unix path
- Gate unused imports (Getters, MicroVmBuilder, MicrosandboxResult) with cfg(unix)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Gate runtime re-export in microsandbox-utils lib.rs
- Gate all Unix-only imports in oci/layer/extraction.rs (CStr, CString, anyhow, etc.)
- Gate GzipDecoder, BufReader, Archive imports in oci/layer/mod.rs
- Keep MicroVmConfigBuilder available cross-platform, only gate MicroVmBuilder

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Run cargo fmt to fix formatting issues
- Gate colon-delimited mount spec tests with #[cfg(unix)] (colon syntax
  is intentionally rejected on Windows due to drive letter ambiguity)
- Gate is_absolute() assertion with #[cfg(unix)] (Unix paths aren't
  absolute on Windows)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add udev rule to make /dev/kvm world-accessible in CI
- Add fallback chmod in smoke test script for resilience

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Prevents the calling shell from expanding $E2E_VAR before passing
it to the sandbox shell.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Shell variable expansion depends on exec context; printenv directly
reads the environment without needing shell expansion.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Windows (windows-e2e):
- Compile check + unit tests + release build
- Server start/stop lifecycle validation
- Health endpoint verification
- Graceful Hyper-V error handling (no Hyper-V on CI runners)

macOS (macos-e2e):
- Compile check + utils tests
- Stub libkrun for linking (can't build real libkrun without krunvm)
- Release build + server start/stop lifecycle
- Health endpoint verification
- Graceful error on VM boot (no nested virt on ARM64 runners)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Windows paths like C:\Users\...\sandbox.db break the SQLite URL
parser because backslashes are not valid URL separators. Convert
to forward slashes before constructing the connection string.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
sqlite://C:/path is invalid — the URL parser treats C: as a port.
Use sqlite:///C:/path (three slashes) which correctly denotes an
absolute path in URI notation. Extracted into sqlite_url() helper.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
URL-based connection strings break on Windows because drive letters
like C: are misinterpreted as URL components. Using SqliteConnectOptions
with .filename() bypasses URL parsing entirely.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Use ErrorActionPreference=Continue so native command stderr doesn't
  terminate the PowerShell script
- Add layer extraction error to expected graceful failures (OCI layer
  extraction with ownership override isn't supported on Windows)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add Windows Hyper-V (HCS/HCN) backend for running Linux sandboxes
without Docker. Includes OCI-to-VHD pipeline, Go worker for HCS
lifecycle, bootstrap init (PID 1) for guest overlayfs assembly,
and exec path wrapping — non-absolute commands are wrapped in
`/bin/sh -c` so the guest shell resolves them via PATH.

E2E verified: `msb exe alpine -e "echo hello"` and
`msb exe alpine -e "/bin/echo hello"` both succeed on Win11 26200.
…, E2E tests

- Add Build-BootBundle.ps1: automated cross-compilation (cargo-zigbuild),
  rootfs.vhd creation (Python tarfile with Unix permissions), and manifest
  generation. New `make build_bundle_windows` target.
- Add boot bundle auto-download: ensure_bundle() now downloads from GitHub
  releases with SHA256 verification and indicatif progress bar when bundle
  is missing locally.
- Add Windows to CI release workflow: windows-latest matrix entry builds
  host binaries (msb.exe, msbserver.exe, msbrun-hcs.exe), boot bundle,
  and packages as zips with checksums.
- Add Package-WindowsRelease.ps1 for reusable release packaging.
- Add windows_e2e_test.ps1: 5 E2E tests covering exec, run, back-to-back,
  and volume mounts.
- Update P0-P2 blocker implementations: session-scoped pipes, interactive
  terminal, 9p volume sharing, HCN NAT reuse, admin detection.
- Check off all P3 items in windows-support-checklist.md.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant