Replies: 3 comments 5 replies
-
Do you consider something like this ? #Container: #From | #WithExec | #WithDirectory | #WithEnvVariable
#From: {
address: string
}
#WithExec: {
on: #Container
args: [...string]
stdout: string
stderr: string
}
#WithDirectory: {
on: #Container
path: string
}
#WithEnvVariable: {
on: #Container
name: string
value: string
}
homepage: #WithExec & {
args: ["curl", "https://dagger.io/"]
on: #WithExec & {
args: ["apk", "add", "curl"]
on: #From & {
address: "alpine:3.16"
}
}
} |
Beta Was this translation helpful? Give feedback.
-
Very nice! It looks like we are close to being able to merge this, which would be fantastic.
Isn't that supported via File { secret }?
Have we exhausted all options there? My first reaction is "this should be doable in userland with the existing API", but I might be wrong.
Right, I remember you explaining this one to me. We had a great hack/workaround, but it got ruined as a side effect of the Go SDK switching to using the session helper, because that prevented you from dynamically setting env variables What are our options for working around this one?
We need this in the API anyway, we could prioritize it to unblock you. (cc @vito @sipsma @aluzzardi)
Same, we need this in API anyway.
I'm guessing the missing features are also things we would want outside of the CUE SDK? Registry auth etc?
This is great.
Very high for me :) We seem to be very close, and switching to engine 0.3 will allow us to stop maintaining the 0.2 engine without breaking CUE users. It doesn't resolve the question of what to do next for the CUE SDK. But it does make the current status quo less expensive to maintain, which buys us time to decide what comes next. My strong preference would be to ship this ASAP, unless the engineering effort is too great, or we can't reduce migration pain to an acceptable level. |
Beta Was this translation helpful? Give feedback.
-
Hi, not sure whether this is useful for you. I'm investing use of cue & dagger in order to be more Infrastructure-as-Configuration versus code. In that context, I created a tiny container registry solution with cue + dagger-cue. In GHA context federation/OIDC is used. - name: azure login by federation
uses: azure/login@v1
with:
client-id: ${{ env.clientIdU }}
subscription-id: ${{ env.subscriptionIdU }}
tenant-id: ${{ env.tenantIdU }}
enable-AzPSSession: false # no Az modules in use Thus, azure operations are straight forward. When pushing a new image to the cont. reg., using docker.#Push, an access token is required. // - start - prepare docker login enabling for azure container registry
creg: {
_r: #invokeCmd & {
#script: "az acr login --name \(crname.value) --subscription \(g.#subscriptionId[tenant]) --out yaml --expose-token --only-show-errors > \(g.#rf)"
}
_d: yaml.Unmarshal(_r.result)
loginServer: _d.loginServer
accessToken: _d.accessToken
}
cregTokenAsFile: core.#WriteFile & {
input: dagger.#Scratch
path: _cregFile
contents: creg.accessToken
}
// !NB! stays in cache
cregTokenAsSecret: core.#NewSecret & {
input: cregTokenAsFile.output
path: _cregFile
}
// - end
// - build image
build: docker.#Dockerfile & {
source: client.filesystem.".".read.contents
dockerfile: path: "/dockerFiles/DockerFile.\(dfpf)"
}
// - push image to container registry :v<datetime>
pushVersion: docker.#Push & {
dest: "\(creg.loginServer)/azbicue:v\(tag.value)"
auth: {
// when access token is used, independent of user type user | servicePrincipal
username: "00000000-0000-0000-0000-000000000000"
secret: cregTokenAsSecret.output
}
image: build.output
} A more direct injection of the access token as secret would be appreciated! |
Beta Was this translation helpful? Give feedback.
-
I've gotten a good chunk of work done on a port of the v0.2/Europa API to the v0.3+/multi-language engine.
I'd like to:
v0.2/Europa API Port Progress
Much of the context is in #3121.
That said, the current major blockers are
core.#NewSecret
,core.#DecodeSecret
,core.#TrimSecret
,client.commands
without secrets getting into the engine cache (and thus on disk in an unencrypted form).client.network
: recent releases of the engine should unblock thiscore.#Exec
always: true
is not implementedcore.#GitPull
,core.#Push
,core.#Pull
are not implementedcore.#Dockerfile
is only partially implementedThere are a few other small things missing, which you can see on #3121, and I'm planning on adding to engine v0.3 soon.
I'd like to understand the current interest in this port being finished.
CUE Futures 馃敭
This one is substantially fuzzier for me.
The general idea of a CUE SDK for the GraphQL API (generated similarly to our other SDKs) makes sense to me.
I'm uncertain about the design, and haven't yet given it much thought.
Some things are straightforward, like generating CUE structs for various GraphQL scalar data types.
Can become:
But I'm not sure how we could design fields with arguments (i.e. "functions").
I'd love to hear ideas, if anyone has any!
Beta Was this translation helpful? Give feedback.
All reactions