Run acceptance tests on macos

- podman machine setup
- script to setup env and run tests
- fix EC_VERSION variable subsitution in testenv.go
- create setup and troubleshooting doc

Author: joejstuart

acceptance/snaps/snaps.go

@@ -151,7 +151,6 @@ func MatchSnapshot(ctx context.Context, qualifier, text string, vars map[string]
 	}
 
 	scenario := ctx.Value(testenv.Scenario).(*godog.Scenario)
-
 	snapshot := strings.TrimSuffix(filepath.Base(scenario.Uri), filepath.Ext(scenario.Uri))
 
 	formatText := true

acceptance/testenv/testenv.go

@@ -27,7 +27,6 @@ import (
 	"os/exec"
 	"path"
 	"runtime"
-	"sync"
 	"testing"
 
 	"github.com/testcontainers/testcontainers-go"
@@ -55,9 +54,10 @@ var (
 )
 
 var (
-	version      sync.Once
 	ecVersion    = "undefined"
 	ecVersionErr error
+	// Add a flag to track if version has been initialized
+	versionInitialized bool
 )
 
 // Persist persists the environment stored in context in a ".persisted" file as JSON
@@ -258,15 +258,17 @@ func TestContainersRequest(ctx context.Context, req testcontainers.ContainerRequ
 
 // CLIVersion returns the version of the CLI, useful for matching in snapshots
 func CLIVersion(ctx context.Context) (string, error) {
-	version.Do(func() {
+	// For individual test runs, we need to ensure the version is always fresh
+	// Check if we're in a test context and if the version needs to be refreshed
+	if !versionInitialized || ecVersion == "undefined" {
 		ec := path.Join("dist", fmt.Sprintf("ec_%s_%s", runtime.GOOS, runtime.GOARCH))
 
 		cmd := exec.CommandContext(ctx, ec, "version", "--json")
 		var stdout bytes.Buffer
 		cmd.Stdout = &stdout
 
 		if ecVersionErr = cmd.Run(); ecVersionErr != nil {
-			return
+			return ecVersion, ecVersionErr
 		}
 
 		ver := struct {
@@ -277,7 +279,8 @@ func CLIVersion(ctx context.Context) (string, error) {
 		}
 
 		ecVersion = ver.Version
-	})
+		versionInitialized = true
+	}
 
 	return ecVersion, ecVersionErr
 }

hack/macos/README.md

@@ -0,0 +1,134 @@
+# Podman Machine Setup Scripts
+
+This directory contains automated scripts for setting up and running acceptance tests on macOS with Podman machine.
+
+## Location
+These scripts are located in `hack/macos/` and should be run from the repository root.
+
+## Scripts Overview
+
+### 1. `setup-podman-machine.sh`
+**Purpose**: Complete automated setup of Podman machine for acceptance tests
+
+**What it does**:
+- Checks prerequisites (podman, kind, kubectl)
+- Cleans up existing podman machine
+- Creates new podman machine with optimal settings (4 CPUs, 8GB RAM, 500GB disk)
+- Fixes keyring quota issue (critical for avoiding "Disk quota exceeded" errors)
+- Creates required networks (testcontainers)
+- Configures DNS resolution (rekor.localhost, apiserver.localhost, tuf.localhost)
+- Creates environment setup script
+- Tests the setup
+
+**Usage**:
+```bash
+# From repository root
+./hack/macos/setup-podman-machine.sh
+```
+
+### 2. `run-acceptance-tests.sh`
+**Purpose**: Run acceptance tests with proper environment setup
+
+**What it does**:
+- Checks if setup was completed
+- Loads environment variables
+- Optionally cleans up test resources
+- Runs tests with configurable parallelism and timeout
+- Supports running specific test patterns
+
+**Usage**:
+```bash
+# From repository root
+# Run all tests
+./hack/macos/run-acceptance-tests.sh
+
+# Run with custom settings
+./hack/macos/run-acceptance-tests.sh -p 2 -t 30m
+
+# Run specific tests
+./hack/macos/run-acceptance-tests.sh "TestFeatures/conftest"
+
+# Clean up and run
+./hack/macos/run-acceptance-tests.sh -c "TestFeatures/OPA"
+```
+
+## Quick Start
+
+1. **Initial Setup** (run once):
+   ```bash
+   ./hack/macos/setup-podman-machine.sh
+   ```
+
+2. **Run Tests**:
+   ```bash
+   ./hack/macos/run-acceptance-tests.sh
+   ```
+
+## Environment Variables
+
+The setup script creates `setup-test-env.sh` with these variables:
+- `KIND_EXPERIMENTAL_PROVIDER=podman`
+- `TESTCONTAINERS_RYUK_DISABLED=true`
+- `TESTCONTAINERS_HOST_OVERRIDE=localhost`
+- `DOCKER_HOST=unix:///var/run/docker.sock`
+
+## Troubleshooting
+
+### Quick Fixes
+
+1. **"Disk quota exceeded" errors**:
+   - The setup script automatically fixes this with `kernel.keys.maxkeys=20000`
+   - If you still get errors, run: `podman machine ssh "sudo sysctl -w kernel.keys.maxkeys=20000"`
+
+2. **"Network not found" errors**:
+   - The setup script creates the required `testcontainers` network
+   - If missing, run: `podman network create testcontainers`
+
+3. **DNS resolution issues**:
+   - The setup script adds required entries to `/etc/hosts`
+   - If missing, add: `127.0.0.1 rekor.localhost`, `127.0.0.1 apiserver.localhost`, and `127.0.0.1 tuf.localhost`
+
+4. **TLS handshake timeouts**:
+   - These are usually from stale Kubernetes connections
+   - Clean up with: `kind delete cluster --all`
+
+### Comprehensive Troubleshooting
+
+For detailed troubleshooting, performance optimization, and advanced configuration, see:
+**[TROUBLESHOOTING.md](TROUBLESHOOTING.md)** - Complete guide to manual setup, troubleshooting, and optimization
+
+### Manual Cleanup
+
+If you need to start over:
+```bash
+# Stop and remove podman machine
+podman machine stop
+podman machine rm podman-machine-default
+
+# Clean up system
+podman system prune -a -f
+
+# Re-run setup
+./hack/macos/setup-podman-machine.sh
+```
+
+## Script Features
+
+- **Colorized output** for easy reading
+- **Error handling** with proper exit codes
+- **Prerequisite checking** before setup
+- **Automatic cleanup** of existing resources
+- **Environment validation** after setup
+- **Flexible test execution** with various options
+
+## Dependencies
+
+- `podman` (installed via Homebrew)
+- `kind` (installed via Homebrew)
+- `kubectl` (installed via Homebrew)
+- `sudo` access (for /etc/hosts modification)
+
+Install missing dependencies:
+```bash
+brew install podman kind kubectl
+```