Summary
The test-backend-bake.sh script does not work reliably on macOS with Apple Silicon. The script currently warns macOS users and prompts for confirmation before proceeding.
This does not affect running tests via Lando (lando yarn test:unit), which remains the recommended way to run backend tests on macOS. This only affects the bake-based script that simulates the CI environment locally.
Background
On macOS, the script uses the docker-container buildx driver (required for linux/arm64 images on Apple Silicon). This driver runs builds inside a separate BuildKit container with its own network namespace, which means network = "host" gives the build access to the BuildKit container's network rather than the Mac's localhost. To work around this, the script creates a shared Docker network and places both MySQL and the BuildKit builder on it.
Known issues with this approach
- MariaDB CLI SSL cert verification: The
default-mysql-client package (Debian Trixie) enforces SSL cert verification for non-localhost connections. Laravel's migrate command shells out to the mysql CLI to load schema dumps (database/schema/mysql-schema.sql), which fails with certificate verification errors when connecting over a Docker network. A workaround (/etc/mysql/conf.d/no-ssl-verify.cnf) is in the Dockerfile but has not been validated on macOS.
- BuildKit network mode limitations: BuildKit only supports
host, none, and default for the network field — arbitrary Docker network names cannot be used directly. The current approach relies on --driver-opt network=<name> when creating the builder, combined with network = "host" in the bake file, so that "host" resolves to the BuildKit container's network (which is the shared Docker network). This indirection has not been fully validated end-to-end on macOS.
To reproduce
Run on a Mac with Apple Silicon:
./scripts/test-backend-bake.sh
Acceptance criteria
Generated with LLM assistance
Summary
The
test-backend-bake.shscript does not work reliably on macOS with Apple Silicon. The script currently warns macOS users and prompts for confirmation before proceeding.This does not affect running tests via Lando (
lando yarn test:unit), which remains the recommended way to run backend tests on macOS. This only affects the bake-based script that simulates the CI environment locally.Background
On macOS, the script uses the
docker-containerbuildx driver (required forlinux/arm64images on Apple Silicon). This driver runs builds inside a separate BuildKit container with its own network namespace, which meansnetwork = "host"gives the build access to the BuildKit container's network rather than the Mac's localhost. To work around this, the script creates a shared Docker network and places both MySQL and the BuildKit builder on it.Known issues with this approach
default-mysql-clientpackage (Debian Trixie) enforces SSL cert verification for non-localhost connections. Laravel'smigratecommand shells out to themysqlCLI to load schema dumps (database/schema/mysql-schema.sql), which fails with certificate verification errors when connecting over a Docker network. A workaround (/etc/mysql/conf.d/no-ssl-verify.cnf) is in the Dockerfile but has not been validated on macOS.host,none, anddefaultfor thenetworkfield — arbitrary Docker network names cannot be used directly. The current approach relies on--driver-opt network=<name>when creating the builder, combined withnetwork = "host"in the bake file, so that "host" resolves to the BuildKit container's network (which is the shared Docker network). This indirection has not been fully validated end-to-end on macOS.To reproduce
Run on a Mac with Apple Silicon:
Acceptance criteria
test-backend-bake.shruns successfully on macOS with Apple Silicondocs/developers/build-ci.md) to remove the known-issue warningGenerated with LLM assistance