Skip to content

feat(dagger): support workflow creation #1324

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
migmartri merged 4 commits into from
Sep 18, 2024
Merged

feat(dagger): support workflow creation #1324

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
8605213
feat(dagger): support workflow creation
migmartri Sep 15, 2024
a6fed38
feat(dagger): support workflow creation
migmartri Sep 15, 2024
29c5281
feat(dagger): support pointing ot existing contract
migmartri Sep 18, 2024
cd3a6eb
rebase
migmartri Sep 18, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion dagger.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,5 +2,5 @@
"name": "chainloop",
"sdk": "go",
"source": "extras/dagger",
"engineVersion": "v0.12.3"
"engineVersion": "v0.13.0"
Copy link
Member Author

@migmartri migmartri Sep 15, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

my local dagger version is 0.13, so I decided to bump it. The changes in the go.mod seems to also be a consequence of running go develop

Copy link
Member

@javirln javirln Sep 17, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

They released the 0.13 last week, we should all update to latest.

}
13 changes: 12 additions & 1 deletion extras/dagger/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -165,7 +165,18 @@ dagger call -m github.com/chainloop-dev/chainloop \
mark-canceled --reason "nothing to see here"
```

### Pointing to a different Chainloop Instance
## CLI operations

This module also provides access to the underlying Chainloop CLI by exposing some of its commands

### Workflow Creation

```sh
dagger call -m github.com/chainloop-dev/chainloop \
workflow-create --token env:CHAINLOOP_TOKEN --name [your-workflow-name] --project [its-project]
```

## Pointing to a different Chainloop Instance

By default, this dagger module points to Chainloop's upstream instance, but if you want to point to your own instance, you can do it by running the with-instance command just right after `dagger call`

Expand Down
8 changes: 8 additions & 0 deletions extras/dagger/go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,3 +44,11 @@ require (
golang.org/x/sync v0.7.0
google.golang.org/grpc v1.64.1
)

replace go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc => go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc v0.0.0-20240518090000-14441aefdf88

replace go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp => go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploghttp v0.3.0

replace go.opentelemetry.io/otel/log => go.opentelemetry.io/otel/log v0.3.0

replace go.opentelemetry.io/otel/sdk/log => go.opentelemetry.io/otel/sdk/log v0.3.0
112 changes: 78 additions & 34 deletions extras/dagger/main.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -270,58 +270,35 @@ func (att *Attestation) Debug() *dagger.Container {
return att.Container(0).Terminal()
}

// Build an ephemeral container with everything needed to process the attestation
func (att *Attestation) Container(
// Cache TTL for chainloop commands, in seconds
// Defaults to 0: no caching
// +optional
// +default=0
ttl int,
) *dagger.Container {
ctr := dag.
Container().
func cliContainer(ttl int, token *dagger.Secret, instance InstanceInfo) *dagger.Container {
ctr := dag.Container().
From(fmt.Sprintf("ghcr.io/chainloop-dev/chainloop/cli:%s", chainloopVersion)).
WithEntrypoint([]string{"/chainloop"}). // Be explicit to prepare for possible API change
WithEnvVariable("CHAINLOOP_DAGGER_CLIENT", chainloopVersion).
WithUser("") // Our images come with pre-defined user set, so we need to reset it

if att.Token != nil {
ctr = ctr.WithSecretVariable("CHAINLOOP_TOKEN", att.Token)
}

if att.repository != nil {
ctr = ctr.WithDirectory(".", att.repository)
}

if addr := att.RegistryAuth.Address; addr != "" {
ctr = ctr.WithEnvVariable("CHAINLOOP_REGISTRY_SERVER", addr)
}
WithUser(""). // Our images come with pre-defined user set, so we need to reset it
WithEnvVariable("DAGGER_CACHE_KEY", time.Now().Truncate(time.Duration(ttl)*time.Second).String()) // Cache TTL

if user := att.RegistryAuth.Username; user != "" {
ctr = ctr.WithEnvVariable("CHAINLOOP_REGISTRY_USERNAME", user)
if token != nil {
ctr = ctr.WithSecretVariable("CHAINLOOP_TOKEN", token)
}

if pw := att.RegistryAuth.Password; pw != nil {
ctr = ctr.WithSecretVariable("CHAINLOOP_REGISTRY_PASSWORD", pw)
}

if api := att.Client.Instance.ControlplaneAPI; api != "" {
if api := instance.ControlplaneAPI; api != "" {
ctr = ctr.WithEnvVariable("CHAINLOOP_CONTROL_PLANE_API", api)
}

if ca := att.Client.Instance.ControlplaneCAPath; ca != nil {
if ca := instance.ControlplaneCAPath; ca != nil {
ctr = ctr.WithFile("/controlplane-ca.pem", ca).WithEnvVariable("CHAINLOOP_CONTROL_PLANE_API_CA", "/controlplane-ca.pem")
}

if ca := att.Client.Instance.CASCAPath; ca != nil {
if ca := instance.CASCAPath; ca != nil {
ctr = ctr.WithFile("/cas-ca.pem", ca).WithEnvVariable("CHAINLOOP_ARTIFACT_CAS_API_CA", "/cas-ca.pem")
}

if cas := att.Client.Instance.CASAPI; cas != "" {
if cas := instance.CASAPI; cas != "" {
ctr = ctr.WithEnvVariable("CHAINLOOP_ARTIFACT_CAS_API", cas)
}

if att.Client.Instance.Insecure {
if instance.Insecure {
ctr = ctr.WithEnvVariable("CHAINLOOP_API_INSECURE", "true")
}

Expand All @@ -331,6 +308,34 @@ func (att *Attestation) Container(
return ctr
}

// Build an ephemeral container with everything needed to process the attestation
func (att *Attestation) Container(
// Cache TTL for chainloop commands, in seconds
// Defaults to 0: no caching
// +optional
// +default=0
ttl int,
) *dagger.Container {
ctr := cliContainer(ttl, att.Token, att.Client.Instance)
if att.repository != nil {
ctr = ctr.WithDirectory(".", att.repository)
}

if addr := att.RegistryAuth.Address; addr != "" {
ctr = ctr.WithEnvVariable("CHAINLOOP_REGISTRY_SERVER", addr)
}

if user := att.RegistryAuth.Username; user != "" {
ctr = ctr.WithEnvVariable("CHAINLOOP_REGISTRY_USERNAME", user)
}

if pw := att.RegistryAuth.Password; pw != nil {
ctr = ctr.WithSecretVariable("CHAINLOOP_REGISTRY_PASSWORD", pw)
}

return ctr
}

// Generate, sign and push the attestation to the chainloop control plane
func (att *Attestation) Push(
ctx context.Context,
Expand Down Expand Up @@ -407,3 +412,42 @@ func (att *Attestation) reset(ctx context.Context,
Sync(ctx)
return err
}

/// standalone API calls

// Create a new workflow
func (m *Chainloop) WorkflowCreate(
ctx context.Context,
// Chainloop API token
token *dagger.Secret,
// Workflow name
name string,
// Workflow project
project string,
// +optional
team string,
// +optional
description string,
// name of an existing contract
// +optional
contractName string,
// Set workflow as public so other organizations can see it
// +optional
public bool,
// If the workflow already exists, skip the creation and return success
// +optional
skipIfExists bool,
) (string, error) {
return cliContainer(0, token, m.Instance).
WithExec([]string{
"workflow", "create",
"--name", name,
"--project", project,
"--team", team,
"--description", description,
"--contract", contractName,
"--public", fmt.Sprintf("%t", public),
"--skip-if-exists", fmt.Sprintf("%t", skipIfExists),
}, execOpts).
Stdout(ctx)
}