build: add sync-fork action #3
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Publish | |
on: | |
push: | |
branches: ["main"] | |
tags: ["v**"] | |
pull_request: | |
types: | |
- opened | |
- synchronize | |
- reopened | |
- ready_for_review | |
paths: | |
# run tests in a PR when an SDK is modified... | |
- ./sdk | |
# ...or when we are | |
- ./.github/workflows/publish.yml | |
jobs: | |
publish: | |
if: ${{ github.repository == 'dagger/dagger' && github.event_name == 'push' }} | |
runs-on: dagger-g2-v0-15-0-16c | |
steps: | |
- uses: actions/checkout@v4 | |
- name: "Publish Engine" | |
uses: ./.github/actions/call | |
with: | |
function: |- | |
engine \ | |
publish \ | |
--tag="${{ github.ref_name }}" --tag="${{ github.sha }}" \ | |
--image="$DAGGER_ENGINE_IMAGE" \ | |
--registry="$DAGGER_ENGINE_IMAGE_REGISTRY" \ | |
--registry-username="$DAGGER_ENGINE_IMAGE_USERNAME" \ | |
--registry-password=env:DAGGER_ENGINE_IMAGE_PASSWORD | |
env: | |
DAGGER_ENGINE_IMAGE: ${{ vars.RELEASE_DAGGER_ENGINE_IMAGE }} | |
DAGGER_ENGINE_IMAGE_REGISTRY: ghcr.io | |
DAGGER_ENGINE_IMAGE_USERNAME: ${{ github.actor }} | |
DAGGER_ENGINE_IMAGE_PASSWORD: ${{ secrets.RELEASE_DAGGER_CI_TOKEN }} | |
- name: "Publish CLI" | |
uses: ./.github/actions/call | |
with: | |
function: |- | |
cli \ | |
publish \ | |
--github-org-name="$GH_ORG_NAME" \ | |
--github-token=env:GITHUB_TOKEN \ | |
--goreleaser-key=env:GORELEASER_KEY \ | |
--aws-access-key-id=env:AWS_ACCESS_KEY_ID \ | |
--aws-secret-access-key=env:AWS_SECRET_ACCESS_KEY \ | |
--aws-region="$AWS_REGION" \ | |
--aws-bucket="$AWS_BUCKET" \ | |
--artefacts-fqdn="$ARTEFACTS_FQDN" | |
env: | |
GH_ORG_NAME: ${{ vars.GH_ORG_NAME }} | |
GITHUB_TOKEN: ${{ secrets.RELEASE_DAGGER_CI_TOKEN }} | |
AWS_ACCESS_KEY_ID: ${{ secrets.RELEASE_AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.RELEASE_AWS_SECRET_ACCESS_KEY }} | |
AWS_REGION: ${{ vars.RELEASE_AWS_REGION }} | |
AWS_BUCKET: ${{ vars.RELEASE_AWS_BUCKET }} | |
ARTEFACTS_FQDN: ${{ vars.RELEASE_FQDN }} | |
GORELEASER_KEY: ${{ secrets.GORELEASER_PRO_LICENSE_KEY }} | |
- name: "Publish Metadata" | |
uses: ./.github/actions/call | |
with: | |
function: |- | |
cli \ | |
publish-metadata \ | |
--aws-access-key-id=env:AWS_ACCESS_KEY_ID \ | |
--aws-secret-access-key=env:AWS_SECRET_ACCESS_KEY \ | |
--aws-region="$AWS_REGION" \ | |
--aws-bucket="$AWS_BUCKET" \ | |
--aws-cloudfront-distribution="$AWS_CLOUDFRONT_DISTRIBUTION" | |
env: | |
AWS_ACCESS_KEY_ID: ${{ secrets.RELEASE_AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.RELEASE_AWS_SECRET_ACCESS_KEY }} | |
AWS_REGION: ${{ vars.RELEASE_AWS_REGION }} | |
AWS_BUCKET: ${{ vars.RELEASE_AWS_BUCKET }} | |
AWS_CLOUDFRONT_DISTRIBUTION: ${{ vars.RELEASE_AWS_CLOUDFRONT_DISTRIBUTION }} | |
# TODO: move this into dagger function call | |
- name: "Notify" | |
uses: ./.github/actions/notify | |
if: github.ref_name != 'main' | |
with: | |
message: "🚙 Engine + 🚗 CLI: https://github.com/${{ github.repository }}/releases/tag/${{ github.ref_name }}" | |
discord-webhook: ${{ secrets.NEW_RELEASE_DISCORD_WEBHOOK }} | |
publish-sdk-go: | |
needs: publish | |
runs-on: dagger-g2-v0-15-0-4c | |
steps: | |
- uses: actions/checkout@v4 | |
- name: "go publish" | |
uses: ./.github/actions/call | |
env: | |
RELEASE_DAGGER_CI_TOKEN: ${{ secrets.RELEASE_DAGGER_CI_TOKEN }} | |
RELEASE_DISCORD_WEBHOOK: ${{ secrets.NEW_RELEASE_DISCORD_WEBHOOK }} | |
with: | |
function: sdk go publish --tag="${{ github.ref_name }}" --github-token=env:RELEASE_DAGGER_CI_TOKEN --discord-webhook=env:RELEASE_DISCORD_WEBHOOK | |
publish-sdk-php: | |
needs: publish | |
runs-on: dagger-g2-v0-15-0-4c | |
steps: | |
- uses: actions/checkout@v4 | |
- name: "php publish" | |
uses: ./.github/actions/call | |
env: | |
RELEASE_DAGGER_CI_TOKEN: ${{ secrets.RELEASE_DAGGER_CI_TOKEN }} | |
RELEASE_DISCORD_WEBHOOK: ${{ secrets.NEW_RELEASE_DISCORD_WEBHOOK }} | |
with: | |
function: sdk php publish --tag="${{ github.ref_name }}" --github-token=env:RELEASE_DAGGER_CI_TOKEN --discord-webhook=env:RELEASE_DISCORD_WEBHOOK | |
publish-sdk-python: | |
needs: publish | |
if: github.ref_name != 'main' | |
runs-on: dagger-g2-v0-15-0-4c | |
steps: | |
- uses: actions/checkout@v4 | |
- name: "python publish" | |
uses: ./.github/actions/call | |
env: | |
RELEASE_DAGGER_CI_TOKEN: ${{ secrets.RELEASE_DAGGER_CI_TOKEN }} | |
RELEASE_PYPI_TOKEN: ${{ secrets.RELEASE_PYPI_TOKEN }} | |
RELEASE_PYPI_REPO: ${{ secrets.RELEASE_PYPI_REPO }} | |
RELEASE_DISCORD_WEBHOOK: ${{ secrets.NEW_RELEASE_DISCORD_WEBHOOK }} | |
with: | |
function: sdk python publish --tag="${{ github.ref_name }}" --github-token=env:RELEASE_DAGGER_CI_TOKEN --discord-webhook=env:RELEASE_DISCORD_WEBHOOK --pypi-repo="$RELEASE_PYPI_REPO" --pypi-token=env:RELEASE_PYPI_TOKEN | |
publish-sdk-typescript: | |
needs: publish | |
if: github.ref_name != 'main' | |
runs-on: dagger-g2-v0-15-0-4c | |
steps: | |
- uses: actions/checkout@v4 | |
- name: "typescript publish" | |
uses: ./.github/actions/call | |
env: | |
RELEASE_DAGGER_CI_TOKEN: ${{ secrets.RELEASE_DAGGER_CI_TOKEN }} | |
RELEASE_NPM_TOKEN: ${{ secrets.RELEASE_NPM_TOKEN }} | |
RELEASE_DISCORD_WEBHOOK: ${{ secrets.NEW_RELEASE_DISCORD_WEBHOOK }} | |
with: | |
function: sdk typescript publish --tag="${{ github.ref_name }}" --github-token=env:RELEASE_DAGGER_CI_TOKEN --discord-webhook=env:RELEASE_DISCORD_WEBHOOK --npm-token=env:RELEASE_NPM_TOKEN | |
publish-sdk-elixir: | |
needs: publish | |
if: github.ref_name != 'main' | |
runs-on: dagger-g2-v0-15-0-4c | |
steps: | |
- uses: actions/checkout@v4 | |
- name: "elixir publish" | |
uses: ./.github/actions/call | |
env: | |
RELEASE_DAGGER_CI_TOKEN: ${{ secrets.RELEASE_DAGGER_CI_TOKEN }} | |
HEX_API_KEY: ${{ secrets.HEX_API_KEY }} | |
RELEASE_DISCORD_WEBHOOK: ${{ secrets.NEW_RELEASE_DISCORD_WEBHOOK }} | |
with: | |
function: sdk elixir publish --tag="${{ github.ref_name }}" --github-token=env:RELEASE_DAGGER_CI_TOKEN --discord-webhook=env:RELEASE_DISCORD_WEBHOOK --hex-apikey=env:HEX_API_KEY | |
publish-helm: | |
needs: publish | |
if: github.ref_name != 'main' | |
runs-on: dagger-g2-v0-15-0-4c | |
steps: | |
- uses: actions/checkout@v4 | |
- name: "helm publish" | |
uses: ./.github/actions/call | |
env: | |
RELEASE_DAGGER_CI_TOKEN: ${{ secrets.RELEASE_DAGGER_CI_TOKEN }} | |
RELEASE_DISCORD_WEBHOOK: ${{ secrets.NEW_RELEASE_DISCORD_WEBHOOK }} | |
with: | |
function: publish --target=${{ github.ref_name }} --github-token=env:RELEASE_DAGGER_CI_TOKEN --discord-webhook=env:RELEASE_DISCORD_WEBHOOK | |
module: ./helm | |
daggerverse-bump-dagger: | |
needs: publish | |
if: github.ref_name != 'main' | |
runs-on: dagger-g2-v0-15-0-4c | |
steps: | |
- uses: actions/checkout@v4 | |
- name: "Bump Dagger version in Daggerverse" | |
uses: ./.github/actions/call | |
env: | |
RELEASE_DAGGER_CI_TOKEN: ${{ secrets.RELEASE_DAGGER_CI_TOKEN }} | |
with: | |
function: --github-token=env:RELEASE_DAGGER_CI_TOKEN bump-dagger-version --to=${{ github.ref_name }} --github-assignee={{ github.actor }} | |
module: ./modules/daggerverse | |
# TODO: daggerize provisioning tests | |
test-provision-macos: | |
name: "Test SDK Provision / macos" | |
# We want to test the SDKs in a CLI dependency bump PR, in which case publish | |
# has to be skipped, AND after every push to main/tags, in which case publish | |
# must run first. This is unfortunately quite annoying to express in yaml... | |
# https://github.com/actions/runner/issues/491#issuecomment-850884422 | |
needs: publish | |
if: | | |
always() && | |
github.repository == 'dagger/dagger' && | |
(needs.publish.result == 'success' || needs.publish.result == 'skipped') | |
runs-on: macos-13 | |
steps: | |
- name: "Set CLI Test URL" | |
run: | | |
if [ ${{ github.event_name }} == 'push' ]; then | |
BASE_URL="https://${{ vars.RELEASE_FQDN }}/dagger" | |
if [ $GITHUB_REF_NAME == 'main' ]; then | |
# this is a push to the main branch | |
ARCHIVE_URL="${BASE_URL}/main/${GITHUB_SHA}/dagger_${GITHUB_SHA}_darwin_amd64.tar.gz" | |
CHECKSUMS_URL="${BASE_URL}/main/${GITHUB_SHA}/checksums.txt" | |
RUNNER_HOST="docker-image://${{ vars.RELEASE_DAGGER_ENGINE_IMAGE }}:${GITHUB_SHA}" | |
else | |
# this is a tag push | |
ARCHIVE_URL="${BASE_URL}/releases/${GITHUB_REF_NAME:1}/dagger_${GITHUB_REF_NAME}_darwin_amd64.tar.gz" | |
CHECKSUMS_URL="${BASE_URL}/releases/${GITHUB_REF_NAME:1}/checksums.txt" | |
RUNNER_HOST="docker-image://${{ vars.RELEASE_DAGGER_ENGINE_IMAGE }}:${GITHUB_REF_NAME}" | |
fi | |
else | |
BASE_URL="https://dl.dagger.io/dagger" | |
# this is a pr, just default to main artifacts | |
ARCHIVE_URL="${BASE_URL}/main/head/dagger_head_darwin_amd64.tar.gz" | |
CHECKSUMS_URL="${BASE_URL}/main/head/checksums.txt" | |
RUNNER_HOST="docker-image://registry.dagger.io/engine:main" | |
fi | |
echo "_INTERNAL_DAGGER_TEST_CLI_URL=${ARCHIVE_URL}" >> $GITHUB_ENV | |
echo "_INTERNAL_DAGGER_TEST_CLI_CHECKSUMS_URL=${CHECKSUMS_URL}" >> $GITHUB_ENV | |
echo "_EXPERIMENTAL_DAGGER_RUNNER_HOST=${RUNNER_HOST}" >> $GITHUB_ENV | |
shell: bash | |
- name: "Install Docker" | |
uses: douglascamata/[email protected] | |
env: | |
HOMEBREW_NO_INSTALLED_DEPENDENTS_CHECK: 1 | |
- uses: docker/setup-qemu-action@v3 | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-go@v5 | |
with: | |
go-version: "1.23" | |
- name: "Test Go SDK" | |
run: | | |
cd sdk/go | |
go test -v -run TestProvision ./... | |
- uses: yezz123/setup-uv@v4 | |
with: | |
uv-version: "0.2.27" | |
- name: "Test Python SDK" | |
run: | | |
cd sdk/python | |
uv run pytest -xm provision | |
- uses: actions/setup-node@v2 | |
with: | |
node-version: 18 | |
- uses: oven-sh/setup-bun@v1 | |
with: | |
bun-version: 1.1.26 | |
- name: "Test TypeScript SDK (Node)" | |
run: | | |
cd sdk/typescript | |
yarn install | |
yarn test:node -g 'Automatic Provisioned CLI Binary' | |
- name: "Test TypeScript SDK (Bun)" | |
run: | | |
cd sdk/typescript | |
yarn install | |
yarn test:bun -g 'Automatic Provisioned CLI Binary' | |
- name: "ALWAYS print engine logs - especially useful on failure" | |
if: always() | |
run: docker logs $(docker ps -q --filter name=dagger-engine) | |
# TODO: daggerize provisioning tests | |
test-provision-go-linux: | |
name: "Test SDK Provision / go / linux" | |
needs: publish | |
if: | | |
always() && | |
github.repository == 'dagger/dagger' && | |
(needs.publish.result == 'success' || needs.publish.result == 'skipped') | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: "Set CLI Test URL" | |
run: | | |
if [ ${{ github.event_name }} == 'push' ]; then | |
BASE_URL="https://${{ vars.RELEASE_FQDN }}/dagger" | |
if [ $GITHUB_REF_NAME == 'main' ]; then | |
# this is a push to the main branch | |
ARCHIVE_URL="${BASE_URL}/main/${GITHUB_SHA}/dagger_${GITHUB_SHA}_linux_amd64.tar.gz" | |
CHECKSUMS_URL="${BASE_URL}/main/${GITHUB_SHA}/checksums.txt" | |
RUNNER_HOST="docker-image://${{ vars.RELEASE_DAGGER_ENGINE_IMAGE }}:${GITHUB_SHA}" | |
else | |
# this is a tag push | |
ARCHIVE_URL="${BASE_URL}/releases/${GITHUB_REF_NAME:1}/dagger_${GITHUB_REF_NAME}_linux_amd64.tar.gz" | |
CHECKSUMS_URL="${BASE_URL}/releases/${GITHUB_REF_NAME:1}/checksums.txt" | |
RUNNER_HOST="docker-image://${{ vars.RELEASE_DAGGER_ENGINE_IMAGE }}:${GITHUB_REF_NAME}" | |
fi | |
else | |
BASE_URL="https://dl.dagger.io/dagger" | |
# this is a pr, just default to main artifacts | |
ARCHIVE_URL="${BASE_URL}/main/head/dagger_head_linux_amd64.tar.gz" | |
CHECKSUMS_URL="${BASE_URL}/main/head/checksums.txt" | |
RUNNER_HOST="docker-image://registry.dagger.io/engine:main" | |
fi | |
echo "_INTERNAL_DAGGER_TEST_CLI_URL=${ARCHIVE_URL}" >> $GITHUB_ENV | |
echo "_INTERNAL_DAGGER_TEST_CLI_CHECKSUMS_URL=${CHECKSUMS_URL}" >> $GITHUB_ENV | |
echo "_EXPERIMENTAL_DAGGER_RUNNER_HOST=${RUNNER_HOST}" >> $GITHUB_ENV | |
shell: bash | |
- uses: actions/setup-go@v5 | |
with: | |
go-version: "1.23" | |
- name: "Test Go SDK" | |
run: | | |
cd sdk/go | |
go test -v -run TestProvision ./... | |
- name: "ALWAYS print engine logs - especially useful on failure" | |
if: always() | |
run: docker logs $(docker ps -q --filter name=dagger-engine) | |
# TODO: daggerize provisioning tests | |
test-provision-python-linux: | |
name: "Test SDK Provision / python / linux" | |
needs: publish | |
if: | | |
always() && | |
github.repository == 'dagger/dagger' && | |
(needs.publish.result == 'success' || needs.publish.result == 'skipped') | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: "Set CLI Test URL" | |
run: | | |
if [ ${{ github.event_name }} == 'push' ]; then | |
BASE_URL="https://${{ vars.RELEASE_FQDN }}/dagger" | |
if [ $GITHUB_REF_NAME == 'main' ]; then | |
# this is a push to the main branch | |
ARCHIVE_URL="${BASE_URL}/main/${GITHUB_SHA}/dagger_${GITHUB_SHA}_linux_amd64.tar.gz" | |
CHECKSUMS_URL="${BASE_URL}/main/${GITHUB_SHA}/checksums.txt" | |
RUNNER_HOST="docker-image://${{ vars.RELEASE_DAGGER_ENGINE_IMAGE }}:${GITHUB_SHA}" | |
else | |
# this is a tag push | |
ARCHIVE_URL="${BASE_URL}/releases/${GITHUB_REF_NAME:1}/dagger_${GITHUB_REF_NAME}_linux_amd64.tar.gz" | |
CHECKSUMS_URL="${BASE_URL}/releases/${GITHUB_REF_NAME:1}/checksums.txt" | |
RUNNER_HOST="docker-image://${{ vars.RELEASE_DAGGER_ENGINE_IMAGE }}:${GITHUB_REF_NAME}" | |
fi | |
else | |
BASE_URL="https://dl.dagger.io/dagger" | |
# this is a pr, just default to main artifacts | |
ARCHIVE_URL="${BASE_URL}/main/head/dagger_head_linux_amd64.tar.gz" | |
CHECKSUMS_URL="${BASE_URL}/main/head/checksums.txt" | |
RUNNER_HOST="docker-image://registry.dagger.io/engine:main" | |
fi | |
echo "_INTERNAL_DAGGER_TEST_CLI_URL=${ARCHIVE_URL}" >> $GITHUB_ENV | |
echo "_INTERNAL_DAGGER_TEST_CLI_CHECKSUMS_URL=${CHECKSUMS_URL}" >> $GITHUB_ENV | |
echo "_EXPERIMENTAL_DAGGER_RUNNER_HOST=${RUNNER_HOST}" >> $GITHUB_ENV | |
shell: bash | |
- uses: yezz123/setup-uv@v4 | |
with: | |
uv-version: "0.2.27" | |
- name: "Test Python SDK" | |
run: | | |
cd sdk/python | |
uv run pytest -xm provision | |
- name: "ALWAYS print engine logs - especially useful on failure" | |
if: always() | |
run: docker logs $(docker ps -q --filter name=dagger-engine) | |
# TODO: daggerize provisioning tests | |
test-provision-typescript-linux: | |
name: "Test SDK Provision / TypeScript / linux" | |
needs: publish | |
if: | | |
always() && | |
github.repository == 'dagger/dagger' && | |
(needs.publish.result == 'success' || needs.publish.result == 'skipped') | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: "Set CLI Test URL" | |
run: | | |
if [ ${{ github.event_name }} == 'push' ]; then | |
BASE_URL="https://${{ vars.RELEASE_FQDN }}/dagger" | |
if [ $GITHUB_REF_NAME == 'main' ]; then | |
# this is a push to the main branch | |
ARCHIVE_URL="${BASE_URL}/main/${GITHUB_SHA}/dagger_${GITHUB_SHA}_linux_amd64.tar.gz" | |
CHECKSUMS_URL="${BASE_URL}/main/${GITHUB_SHA}/checksums.txt" | |
RUNNER_HOST="docker-image://${{ vars.RELEASE_DAGGER_ENGINE_IMAGE }}:${GITHUB_SHA}" | |
else | |
# this is a tag push | |
ARCHIVE_URL="${BASE_URL}/releases/${GITHUB_REF_NAME:1}/dagger_${GITHUB_REF_NAME}_linux_amd64.tar.gz" | |
CHECKSUMS_URL="${BASE_URL}/releases/${GITHUB_REF_NAME:1}/checksums.txt" | |
RUNNER_HOST="docker-image://${{ vars.RELEASE_DAGGER_ENGINE_IMAGE }}:${GITHUB_REF_NAME}" | |
fi | |
else | |
BASE_URL="https://dl.dagger.io/dagger" | |
# this is a pr, just default to main artifacts | |
ARCHIVE_URL="${BASE_URL}/main/head/dagger_head_linux_amd64.tar.gz" | |
CHECKSUMS_URL="${BASE_URL}/main/head/checksums.txt" | |
RUNNER_HOST="docker-image://registry.dagger.io/engine:main" | |
fi | |
echo "_INTERNAL_DAGGER_TEST_CLI_URL=${ARCHIVE_URL}" >> $GITHUB_ENV | |
echo "_INTERNAL_DAGGER_TEST_CLI_CHECKSUMS_URL=${CHECKSUMS_URL}" >> $GITHUB_ENV | |
echo "_EXPERIMENTAL_DAGGER_RUNNER_HOST=${RUNNER_HOST}" >> $GITHUB_ENV | |
shell: bash | |
- uses: actions/setup-node@v2 | |
with: | |
node-version: 18 | |
- uses: oven-sh/setup-bun@v1 | |
with: | |
bun-version: 1.1.26 | |
- name: "Test TypeScript SDK (Node)" | |
run: | | |
cd sdk/typescript | |
yarn install | |
yarn test:node -g 'Automatic Provisioned CLI Binary' | |
- name: "Test TypeScript SDK (Bun)" | |
run: | | |
cd sdk/typescript | |
yarn install | |
yarn test:bun -g 'Automatic Provisioned CLI Binary' | |
- name: "ALWAYS print engine logs - especially useful on failure" | |
if: always() | |
run: docker logs $(docker ps -q --filter name=dagger-engine) |