Skip to content

Research macOS runner isolation options for concurrent workloads#10

Draft
Copilot wants to merge 2 commits intomainfrom
copilot/research-isolation-options-macos
Draft

Research macOS runner isolation options for concurrent workloads#10
Copilot wants to merge 2 commits intomainfrom
copilot/research-isolation-options-macos

Conversation

Copy link
Copy Markdown

Copilot AI commented Dec 28, 2025
edited
Loading

Researched lightweight isolation technologies for running multiple concurrent GitHub Actions runners on a single macOS machine without each consuming full VM resources.

Key Findings

No perfect solution exists. Trade-offs between isolation strength, memory overhead, and concurrency:

  • Tart VMs: Strongest isolation, macOS-native support, but Apple licensing limits to 2 concurrent macOS VMs per host @ 8-12GB each
  • Docker: Current implementation works for Linux workflows only, 2-3GB base VM + 2GB per container
  • Process sandboxing: 10-15+ concurrent runners @ 1-1.5GB each, weak isolation (shared kernel), suitable only for trusted code
  • Apple Containerization: Future option (macOS 26+), lightweight Linux VMs with VM-level isolation per container

Documentation Added

Created docs/macos-runner-isolation-options.md covering:

  • Comparative analysis of 6 isolation technologies (Docker, Tart, Apple Containerization, Sandbox API, user accounts, chroot)
  • Memory planning and capacity calculations per approach
  • Phased implementation recommendations
  • Use case mapping (iOS/macOS builds → Tart, Linux CI → Docker, high-concurrency trusted → sandboxed native)

Recommended Strategy

Support multiple isolation types based on workload requirements:

  1. Maintain Docker for Linux workflows
  2. Add Tart support for macOS-native builds (document 2-VM limit)
  3. Add sandboxed native runner option for high-concurrency trusted workloads
  4. Monitor Apple Containerization for future adoption

Memory example for Mac mini M2 Pro (32GB):

  • Docker: 6-8 concurrent Linux runners
  • Tart: 2 macOS + 4 Docker Linux runners
  • Sandboxed: 10-15 concurrent runners (low isolation)
Original prompt

research options for isolation of runners on Mac os. I need something lightweight enough that a single machine can serve several concurrent runners without each one in a VM eating up system memory but also without them all blessing into each other.

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

@depoll
Add comprehensive research documentation on macOS runner isolation op…
19f6371 
…tions

Co-authored-by: depoll <1392690+depoll@users.noreply.github.com>
Copilot AI changed the title [WIP] Research options for isolation of runners on Mac OS Research macOS runner isolation options for concurrent workloads Dec 28, 2025
Copilot AI requested a review from depoll December 28, 2025 08:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@depoll depoll Awaiting requested review from depoll

Copilot code review Copilot Awaiting requested review from Copilot Copilot will automatically review once the pull request is marked ready for review

Assignees

@depoll depoll

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@depoll