Since announcing Carrus, we’ve made significant progress on our modern macOS app packaging and MDM deployment tool. Here’s where we stand and what’s coming next.

What’s Working

The core foundations we discussed earlier are taking shape nicely:

  • Robust code signing verification: The security backbone is solid, with thorough signature and notarization checks
  • Database-backed version tracking: Package and version history is now fully tracked with SQLite
  • Recipe-based configuration: The YAML-based recipe system is proving to be clean and maintainable
  • Update detection: Multiple update sources are supported, including direct downloads, GitHub releases, and Firefox-specific checks
  • Notification system: Alerts for available updates now work across CLI, system notifications, Slack, and more

Development Workflow Improvements

We’ve significantly improved our development process by implementing a structured branching strategy with gold (stable) and dev (development) branches. This separation ensures we always maintain a stable codebase while allowing active development to continue.

The repository now includes extensive GitHub Actions workflows that:

  • Run comprehensive test suites on both branches
  • Validate code style and formatting with Ruff
  • Check specific components like notifications and version tracking
  • Send automated error notifications via Slack when builds fail

These workflow improvements mean we can catch issues earlier, maintain code quality, and reduce the manual testing burden - especially important when dealing with security-sensitive package management.

The CI Pipeline

One area that’s seen significant improvement is the CI/CD integration. We now have:

  • Complete GitHub Actions workflows for testing and validation
  • Automated error notifications when builds fail
  • Update detection that runs on a schedule
  • Slack integration for deployment status updates

The Slack notification system has been particularly useful for keeping track of application updates - no more manually checking for new Firefox versions!

What’s Still Coming

While a lot of groundwork is laid, there are still some key areas being worked on:

  • Full MDM integration: The Kandji package builder is in place, but we need tighter integration with Ploughshare
  • More application types: Firefox is working well, but more app types need fully tested recipes
  • Improved error handling: Some edge cases still need better error messages and recovery
  • Performance enhancements: Looking at async optimizations for faster operations

Testing Status

Most features are passing tests, though there’s an issue with the build command that needs some attention. The test suite is comprehensive, covering everything from code signing verification to notification delivery.

Getting Involved

If you’re interested in helping shape Carrus, now’s a great time to get involved. The project structure is documented, and working with the codebase is fairly straightforward:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11

# Clone the repo 
git clone https://github.com/matdotcx/carrus.git
cd carrus

# Set up your environment
python3 -m venv venv
source venv/bin/activate
pip install -e .

# Run the test suite
./run_tests.sh

The project is still in active development, so you’ll find bugs - that’s part of the fun! But the core ideas are solid, and it’s coming together as a proper solution to the macOS packaging problem.

As always, this remains a work in progress. The goal is still the same: to make macOS application management a little less painful for everyone involved, with a focus on security, automation, and reliability.