Resolves: #4790

@vikram-dagger tried to use a new version of secrets in the registry authentication and it failed:

Here is a repro

package main

import (
	"context"
	"fmt"
	"os"

	"dagger.io/dagger"
)

func main() {
	ctx := context.Background()
	c, err := dagger.Connect(ctx, dagger.WithLogOutput(os.Stderr))
	if err != nil {
		panic(err)
	}

	sec := c.SetSecret("my-secret-id", "yolo")
	stdout, err := c.Container().WithRegistryAuth("localhost:8888", "YOLO", sec).Publish(ctx, "local...

Add user-agent flags to dagger session

It will retrieve information sent by SDKs and forward them to the registry

Bumps prettier from 2.8.4 to 2.8.6.

Release notes
Sourced from prettier's releases.

2.8.6

Allow decorators on private members and class expressions

🔗 Changelog
2.8.5

Support TypeScript 5.0

🔗 Changelog

Changelog
Sourced from prettier's changelog.

2.8.6
diff
Allow decorators on private members and class expressions (#14548 by @​fisker)

// Input
class A {
@decorator()
#privateMethod () {}
}
// Prettier 2.8.5
SyntaxError: Decorators are not v...

Bumps node-fetch from 3.3.0 to 3.3.1.

Release notes
Sourced from node-fetch's releases.

v3.3.1
3.3.1 (2023-03-11)
Bug Fixes

release "Allow URL class object as an argument for fetch()" #1696 (#1716) (7b86e94)

Commits

7b86e94 fix: release "Allow URL class object as an argument for fetch()" #1696 (#1716)
8ced5b9 docs: readme - non ESM example (#1707)
71e376b ci(release): use latest Node LTS (#1697)
e093030 Allow URL class ob...

Bumps @types/node from 16.18.13 to 16.18.18.

Commits

See full diff in compare view

[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-sc...

Bumps @typescript-eslint/eslint-plugin from 5.54.1 to 5.56.0.

Release notes
Sourced from @​typescript-eslint/eslint-plugin's releases.

v5.56.0
5.56.0 (2023-03-20)
Bug Fixes

eslint-plugin: [member-ordering] check order when optionalityOrder is present with no optional members (#6619) (6aff431)
eslint-plugin: [no-misused-promises] avoid unnecessary calls to getContextualType (#6193) (745cfe4)
eslint-pl...

Bumps ruff from 0.0.255 to 0.0.257.

Release notes
Sourced from ruff's releases.

v0.0.257

What's Changed
Rules

[ruff] Prefer itertools.pairwise() over zip() for successive pairs (RUF007) by @​evanrittenhouse in charliermarsh/ruff#3501
[flake8-bugbear] Add no-explicit-stacklevel (B028) by @​johnor in charliermarsh/ruff#3550
[pylint] invalid-characters-* by @​r3m0t in charliermarsh/ruff#3552
[pylint] Implement useless-return (R1711) by @​tomecki in ch...

What are you trying to do?

We recently made a change to where we store dnsmasq related paths because a user reported issues that ended up being caused by AppArmor. We would ilke to test this so it doesn't regress again.

Testing this change within our suite is pretty painful and awkward because AppArmor must be installed and configured at the kernel level. It would probably be easier to just try running Dagger tests on a machine already set up in this way.

Why is this important ...

Fix #4801

This commit adds Go and Python snippets to the GitHub Actions/Google Cloud guide. It also updates the content and inline links where needed.

Relates to #4574

This commit adds Go and Python snippets to the GitHub Actions/Google Cloud guide. It also updates the content and inline links where needed.

Relates to #4574

There are quite a few questions in Discord about building an image locally without publishing to a remote registry:

https://discord.com/channels/707636530424053791/1068148348240019498
#1046817210695417906 message
#1081963303921799269 message
https://discord.com/channels/707636530424053791/1047912353469059165
https://discord.com/channels/707636530424053791/1080194783953305661
...

This commit updates the AWS CDK guide to make the pre-requisites clearer.

This commit adds a guide for building/using containers locally with Dagger.

Closes #4812

Bumps google.golang.org/grpc from 1.52.3 to 1.54.0.

Release notes
Sourced from google.golang.org/grpc's releases.

Release 1.54.0
Behavior Changes

xds: remove support for xDS v2 transport API (#6013)

New Features

server: expose SetSendCompressor API to set send compressor name (#5744)

Special Thanks: @​jronak

xdsclient: include Node proto only in the first discovery request message, to improve performance (#6078)

Bug Fixes

metadata: fix validation l...

This one's pretty annoying: the currently running job ID isn't exposed to Actions (https://github.com/orgs/community/discussions/8945), so we have to deduce it via the API.

Upgrades us to buildkit with this fix: https://github.com/moby/buildkit/pull/3732

Fixes #4620

I also realized there's a simpler way to build the buildctl bin from our go.mod version which enables us to only have to specify the buildkit dependency version in one place, so I included that here too.

Supabase

Curl

This PR was auto-generated.

What is the issue?

People are surprised by caching of executions with the same inputs and are not sure how to ensure that certain executions are not cached, but run every time.

#general message
#general message

When you search the docs for "no cache" there is nothing helpful (and the CUE SDK is a confusing red herring for new SDK users).

I have a hypothesis that lack of feedback for multi-second spans of time is confusing for users and that they'd benefit from feedback like

Dagger Engine downloading...
Dagger Engine starting...
...

Dagger Engine found...
...

What is the issue?

🐛 If you have an env var that is an empty string, Graphql explodes as it's converted to null or undefined. To fix it you have to add whitespace

Log output

Will add repro...

Steps to reproduce

Will add repro...

SDK version

Python

OS version

This commit adds a guide about using secrets.

Closes https://github.com/dagger/dagger.io/issues/1971

What is the issue?

Dagger does not respect SIGINT (ctrl + c). Able to replicate on Mac and Linux.

Log output

n/a

Steps to reproduce

run a pipeline and hit ctrl-c. It seems like SIGINT is ignored while the Dagger pipeline is running.

SDK version

Go SDK

OS version

mac, linux

Before this, a session with a particularly enormous number of refs being solved could create a CombinedResult that would be greater than the grpc default message size of 16MB. This would cause builds to fail at the very end while trying to return the result to buildkit.

This was in part due to the fact that by just combining every individual ref from each vertex of the dag we were duplicating a ton of LLB.

The new approach instead uses MergeOp to combine all the solved refs together. A ...

Namely redis_srv to redisSrv to be consistent with docs in the service containers

As time has gone on some of our terminology has slowly morphed, but it's now reached the point where there's significant inconsistencies/vagueness in our docs and especially in our codebase, e.g.

1. It's not clear what the runner is vs. the engine
2. In our code, engine/engine.go is what starts a session with the remote engine. However cmd/engine/main.go is the implementation of the engine that executes on the runner. And internal/engine/client.go has the code the session created by `...

Bumps golang.org/x/term from 0.5.0 to 0.6.0.

Commits

0edf009 go.mod: update golang.org/x dependencies
See full diff in compare view

[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibil...

Bumps @docusaurus/theme-mermaid from 2.3.1 to 2.4.0.

Release notes
Sourced from @​docusaurus/theme-mermaid's releases.

2.4.0 (2023-03-23)
Blog post: https://docusaurus.io/blog/releases/2.4/
:rocket: New Feature

docusaurus-plugin-content-docs, docusaurus-theme-classic

#8236 feat(content-docs): add support for sidebar item category/link descriptions in generated index page (@​ZarakiKanzaki)

docusaurus-th...

Bumps @docusaurus/preset-classic from 2.3.1 to 2.4.0.

Release notes
Sourced from @​docusaurus/preset-classic's releases.

2.4.0 (2023-03-23)
Blog post: https://docusaurus.io/blog/releases/2.4/
:rocket: New Feature

docusaurus-plugin-content-docs, docusaurus-theme-classic

#8236 feat(content-docs): add support for sidebar item category/link descriptions in generated index page (@​ZarakiKanzaki)

docusaurus...

Bumps @docusaurus/core from 2.3.1 to 2.4.0.

Release notes
Sourced from @​docusaurus/core's releases.

2.4.0 (2023-03-23)
Blog post: https://docusaurus.io/blog/releases/2.4/
:rocket: New Feature

docusaurus-plugin-content-docs, docusaurus-theme-classic

#8236 feat(content-docs): add support for sidebar item category/link descriptions in generated index page (@​ZarakiKanzaki)

docusaurus-theme-classic

#8708 feat(theme): ...

Bumps ruff from 0.0.255 to 0.0.259.

Release notes
Sourced from ruff's releases.

v0.0.259

Summary
Follow-up release to v0.0.258 to fix an issue related to rule resolution via select and ignore.
What's Changed
Bug Fixes

Fix RuleSet.remove by @​MichaReiser in charliermarsh/ruff#3685
Respect all rule-exemption sources when suppressing parser errors by @​charliermarsh in charliermarsh/ruff#3665
Avoid nested loops in missing_whitespace by @​charliermarsh...

Bumps poethepoet from 0.18.1 to 0.19.0.

Release notes
Sourced from poethepoet's releases.

v0.19.0
Enhancements

Display the default value of args in help #126
Append additional arguments after the first -- to the end of a cmd task #69
Make script tasks work with async functions (#6d9fed4)
Add support for envfile paths relative to the user home dir #125

Fixes

Improve logic to locate poetry executable #121
Make ref task pass extra arguments from the de...

Problem

Sometimes, querying certain fields of Container will return an error, but they shouldn't. Specifically any of these fields:

• stdout
• stderr
• exitCode
• Any other field that requires executing a command in the container

The error occurs when no command has been explicitly defined for this container: in other words, there is no withExec step in the current pipeline.

The typical workaround is to add an explicit withExec(nil), which is very confusing.

...

This was already configurable via the config file but a flag is often more convenient to use.

What are you trying to do?

This came out of a convo on Discord.

I would like to Dagger to support a withEnvVariables call. The syntax would like like this

withEnvVariables({
    ENV_VAR_1: "VALUE",
    ENV_VAR_2: "VALUE"
    ENV_VAR_3: "VALUE"
    ...
})

[I might try and put a pull request in for this one, but I've raised in case I don't get around to it. cc @jpadams @kpenfound]

Why is this important to you?

Complex pipelines can require nume...

Signed-off-by: Marcos Lilljedahl

Bumps prettier from 2.8.4 to 2.8.7.

Release notes
Sourced from prettier's releases.

2.8.7

Allow multiple decorators on same getter/setter

🔗 Changelog
2.8.6

Allow decorators on private members and class expressions

🔗 Changelog
2.8.5

Support TypeScript 5.0

🔗 Changelog

Changelog
Sourced from prettier's changelog.

2.8.7
diff
Allow multiple decorators on same getter/setter (#14584 by @​fisker)

// Input
class A {
@decorator()
get foo () {}
@​...

Bumps @types/node from 16.18.13 to 16.18.19.

Commits

See full diff in compare view

[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-sc...

We shared how we think about Dagger releases, what goes into a release & how they are produced in How we release Dagger:

What would you like us to improve about Dagger releases?

Bumps typescript from 4.9.5 to 5.0.2.

Release notes
Sourced from typescript's releases.

TypeScript 5.0
For release notes, check out the release announcement.
For the complete list of fixed issues, check out the

fixed issues query for Typescript v5.0.0 (Beta).
fixed issues query for Typescript v5.0.1 (RC).
fixed issues query for Typescript v5.0.2 (Stable).

Downloads are available on:

npm
NuGet package

TypeScript 5.0 RC
For release notes, check o...

Bumps eslint-config-prettier from 8.7.0 to 8.8.0.

Changelog
Sourced from eslint-config-prettier's changelog.

Version 8.8.0 (2023-03-20)

Added: [@​typescript-eslint/lines-around-comment]. Thanks to @​ttionya!

Commits

88ba724 eslint-config-prettier v8.8.0
1a7be70 add rule @typescript/lines-around-comment (#246)
130bf88 Move removed rules to deprecated section (#245)
See full diff in compare view

[![Dependabot compatibility score...

Bumps eslint from 8.35.0 to 8.36.0.

Release notes
Sourced from eslint's releases.

v8.36.0
Features

c89a485 feat: Add checkJSDoc option to multiline-comment-style (#16807) (Laurent Cozic)
f5f5e11 feat: Serialize parsers/processors in flat config (#16944) (Nicholas C. Zakas)
4799297 feat: use @​eslint-community dependencies (#16784) (Michaël De Boey)

Bug Fixes

92c1943 fix: correctly iterate files matched by glob patterns (#16831) (Nitin Kumar)

Documenta...

Bumps @svgr/webpack from 6.5.1 to 7.0.0.

Release notes
Sourced from @​svgr/webpack's releases.

v7.0.0
Features

allow specifying jsxRuntimeImport in config (86bb86f), closes #801 #801
remove @​svgr/plugin-jsx from core (a0f078d)
upgrade to svgo v3 (#798) (21b6209)

BREAKING CHANGES

plugin-jsx is no longer included by default in core
svgr now requires Node.js v14+

Changelog
Sourced from @​svgr/webpack's changelog.

7.0.0 (2023-03-24)
Features

allow ...

Bumps typedoc from 0.23.26 to 0.23.28.

Release notes
Sourced from typedoc's releases.

v0.23.28
Features

Added support for TypeScript 5.0, #2201.

const type parameters.
JSDoc @overload tag.
JSDoc @satisfies tag.

v0.23.27
Features

Added --treatValidationWarningsAsErrors to treat only validation warnings as errors without treating all warnings as errors, #2199.

Bug Fixes

Fixed a bug where optional properties were not appropriately marked as opti...

Bumps sass from 1.59.3 to 1.60.0.

Release notes
Sourced from sass's releases.

Dart Sass 1.60.0
To install Sass 1.60.0, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.
Changes

Add support for the pi, e, infinity, -infinity, and NaN constants in calculations. These will be interpreted as the corresponding numbers.

Add support for unknown constants in calculations. These will be int...

Bumps platformdirs from 3.1.1 to 3.2.0.

Release notes
Sourced from platformdirs's releases.

3.2.0
What's Changed

Add pyproject-fmt by @​gaborbernat in platformdirs/platformdirs#150
Bump deps and tools by @​gaborbernat in platformdirs/platformdirs#149
Bump pypa/gh-action-pypi-publish from 1.6.4 to 1.7.1 by @​dependabot in platformdirs/platformdirs#151
Bump pypa/gh-action-pypi-publish from 1.7.1 to 1.8.1 by @​dependabot in platformdirs/platform...

Rather than handling a restrictive list of event types, just duck type and see what values are present on them.

Also backfills tests because the webhook payload handling is surprisingly tricky, e.g. push event payloads contain a repository object that is incompatible with *github.Repository.

This label is needed so we can distinguish from dagger.io/git.ref which points to a merge commit for PRs. This is the value that should be shown in the UI and tied to a commit status.

This commit upgrades to Docusaurus 2.4.0 and fixes the compilation errors introduced by dependabot in https://github.com/dagger/dagger/commit/cf47b596d4a5e7f4b1a8d0a6fcd1598ea6887526

This commit corrects variable names in the service containers guide and also rearranges the code tabs to be consistent with other guides.
Relates to https://github.com/dagger/dagger/pull/4825

What is the issue?

This task is to review all Python code samples and ensure that variable names use snake_case and not camelCase, for consistency with language conventions. Update where required and also update accompanying text to reflect this change.
Relates to https://github.com/dagger/dagger/pull/4825 and https://github.com/dagger/dagger/pull/4851

This will remove the /website/static/guides.json file from the Git index of the repo.

Bumps github.com/opencontainers/runc from 1.1.4 to 1.1.5.

Release notes
Sourced from github.com/opencontainers/runc's releases.

runc 1.1.5 -- "囚われた屈辱は　反撃の嚆矢だ"
This is the fifth patch release in the 1.1.z series of runc, which fixes
three CVEs found in runc.

CVE-2023-25809 is a vulnerability involving rootless containers where
(under specific configurations), the container would have write access
to the /sys/fs/cgroup/user.slice/... cgrou...

What are you trying to do?

API fields that are marked as deprecated only get codegen'ed into the docblock. That shows in reference docs, and maybe the IDE helps make it more visible as well (depending on language), but we should log a warning when these calls are being used.

Why is this important to you?

Logging a warning makes it more visible whenever you're actually running a pipeline, no matter if you use a smart IDE or consult the reference docs during development. Removing the...

What are you trying to do?

The Python reference documentation doesn't clearly show a method as being a coroutine.

Why is this important to you?

We used to have a note in the description clarifying that it needs to be awaited, but it was removed for simplicity. Making it clearer again can be helpful to users.

How are you currently working around this?

The IDE's autocomplete should show the return type as being a coroutine:

In the reference you can notice that if it rais...

We lint the code snippets in the SDK guides, but the new Guides section uses a different path for the snippets that isn't being included in that linting. This is creating some inconsistency in code formatting.

With the playground embeds though, it's no longer a direct reference between the snippet file and what you see on the page. I assume the playground embeds are created from the snippets, @vikram-dagger please correct me if I'm wrong.

There's a lot of inconsistencies in the documentation when choosing either stdout or stderr on streaming the engine logs. In NodeJS it's almost always stdout, while in Go it's sometimes one or the other. I've always pushed for stderr in Python.

All SDKs should standardize to using stderr for that. It's not just for errors, it's for logs, keeping stdout for the script's own output.

Reference: CLI Guidelines

Send output to stdout. T...

What are you trying to do?

Making codegen types (from API) hashable would allow them to be used in some interesting use cases.

Why is this important to you?

As an example, one user could benefit from using an LRU cache in a function that receives a (lazy) pipeline, does something dynamic with it and returns it.

Assuming that such function is a dependency used more than once in the same project, and that the result will be the same if the input pipeline is the same, you can bene...

Bumps black from 23.1.0 to 23.3.0.

Release notes
Sourced from black's releases.

23.3.0
Highlights
This release fixes a longstanding confusing behavior in Black's GitHub action, where the
version of the action did not determine the version of Black being run (issue #3382). In
addition, there is a small bug fix around imports and a number of improvements to the
preview style.
Please try out the
preview style
with black --preview and tell us your feedback. All c...

Bumps eslint from 8.35.0 to 8.37.0.

Release notes
Sourced from eslint's releases.

v8.37.0
Features

b6ab8b2 feat: require-unicode-regexp add suggestions (#17007) (Josh Goldberg)
10022b1 feat: Copy getScope() to SourceCode (#17004) (Nicholas C. Zakas)
1665c02 feat: Use plugin metadata for flat config serialization (#16992) (Nicholas C. Zakas)
b3634f6 feat: docs license (#17010) (Samuel Roldan)
892e6e5 feat: languageOptions.parser must be an object. (#16985...

Getting rid of previous secret API.

cc @shykes

Bumps @typescript-eslint/eslint-plugin from 5.54.1 to 5.57.0.

Release notes
Sourced from @​typescript-eslint/eslint-plugin's releases.

v5.57.0
5.57.0 (2023-03-27)
Bug Fixes

eslint-plugin: [no-unnecessary-boolean-literal-compare] simplify fixer and add support for double negation (#6620) (81c8519)
eslint-plugin: correct crashes with getTypeArguments for ts < 3.7 (#6767) (59eab58)

Features

eslint-...

if a secret is written to the log/file in more than 1 writes, it risks not being scrubbed as our logic does work for full values.
It shouldn't be a usual behavior, but it could happen, therefore we need to handle it.

Implementation idea

Concourse implementation for reference: https://github.com/dagger/dagger/pull/4518#discussion_r1105195391

Alternate implementation: better streaming capabilities, might allow some timing attack to discover some part of secrets

Regarding this...

What is the issue?

The Typescript code fails if the user doesn't have a tsconfig.json file already. This is not explicitly stated anywhere, so should be added. The command to create the file if not already present is tsc --init --module esnext --moduleResolution nodenext

What is the issue?

Add an example of standing up a database service for application testing to the guide at https://docs.dagger.io/757394/use-service-containers

This commit adds an example of standing up a just-in-time database service for unit testing a PHP application to the service containers guide.

Closes #4866

This commit adds an instruction for how to create a tsconfig.json file for TypeScript users.

Closes #4865

This commit adds information on how to install and get started with Rust and PHP to the "custom GraphQL client" tutorial.

Closes #4477

Bumps ruff from 0.0.255 to 0.0.260.

Release notes
Sourced from ruff's releases.

v0.0.260

What's Changed
Rules

[flake8-bugbear] Add more immutable functions for B008 by @​rouge8 in charliermarsh/ruff#3764
[flake8-bugbear] Allow pathlib.Path() in B008 by @​rouge8 in charliermarsh/ruff#3794
[flake8-bugbear] Expand the scope of useless-expression (B018) by @​charliermarsh in charliermarsh/ruff#3455
[flake8-bugbear]: Implement rule B031 by @​dhruvmanila...

Bumps @types/node from 16.18.19 to 16.18.23.

Commits

See full diff in compare view

[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-sc...

What are you trying to do?

If I run a local Dagger pipeline against a modified Git repository, it should be made obvious that this run was against a modified version of the HEAD commit so it doesn't get conflated with "clean" runs.

Why is this important to you?

No response

How are you currently working around this?

No response

Remove the extra character from the .with_registry_auth() statement

This commit updates an inaccurate statement in the style guide.

Relates to https://github.com/dagger/dagger/issues/4857#issuecomment-1490035824

This commit adds Go and Node.js snippets to the multi-build guide, and updates the guide copy accordingly.

Relates to #4574

TODO:

• [ ] tests (tested empirically through Bass atm)

A lot of places in our docs use with_mounted_directory (because that's all that existed at the time). Now that we have with_directory, I think we should update our documentation to use that instead in all places.

For most use cases, users will want to use with_directory, with the mount being more of an edge case. Guiding them towards mounted directory by default causes them to trip over the concept of mounts very early on.

Change highlighting of code in Getting Started etc in docs. Hard to read with large light-colored boxes on top of code. Maybe some annotations on side? Like a heavy vertical line?

Looks great

Harder to read

This fixes the service container leak
(https://github.com/moby/buildkit/commit/3187d2d056de7e3f976ef62cd548499dc3472a7e)

It also brings in the ability to configure the local cache manager (https://github.com/moby/buildkit/commit/d6ed0f03b89931142e40dba4f7304392a87a6eb8)

Use Directory { dockerBuild } rather than Container { build }, following user feedback that the former is less confusing than the latter.

Overview

There should be a way for a software project to declare its artifacts and how to build them with Dagger, in such a way that the artifacts can be discovered and produced on-demand via the Dagger API.

This is related to #4414, but focuses on a one narrow possible application of a project entrypoint: specifically artifacts.

Design

I'm not sure how this would work, but here is a rough sketch to stimulate conversation.

Frontend API

API to discover and consum...

Fixes #4878

Reference: https://docusaurus.io/docs/markdown-features/code-blocks#:~:text=You can set your own background color for highlighted code

Fixes Python's #4821

Todo

• [ ] Tests

There is an undocumented way to write comments so we can regenerate function name correctly for each languages.

ref: https://github.com/dagger/dagger/pull/4862#discussion_r1153104208

When Pdeathsig is used, the child process will receive the signal whenever the parent thread is killed. In go, an os thread can be killed if it is locked to a goroutine and left locked when the goroutine finishes execution. The go runtime will schedule goroutines to OS threads as it sees fit, so this can result in random unexpected signals being sent to child processes with pdeathsig set.

There's no currently known case where the shim code leaves goroutines locked to a thread, but give...

We were hitting some errors related to use of generics in a dependency due to the fact that the previous goreleaser image was still on go 1.19.

Error was encountered here: https://github.com/dagger/dagger/actions/runs/4598492189/jobs/8122598929#step:5:861

What is the issue?

Overview

We should have guidelines for our core/schema/*.graphqls files, like we used to in CUE.

This helps with consistency and for following best practices that are not only for the GraphQL API, but also that make it easier to be consumed by the SDKs.

Todo

As a first step we can bring quite a few rules that were discussed during the review of the following PR:

• #4367

There's also the undoc...

What happened? What did you expect to happen?

I'm sharing the docker.sock with the go test container.

Locally on docker desktop it works if I add TC_HOST=host.docker.internal but on github actions it does not work.

What happened? What did you expect to happen?

Hi,

I whould like to know how can i build a container with golang making a:
[...]
WithExec([]string{"apt-get", "update"}).
WithExec([]string{"rm", "-rf", "/var/lib/apt/lists/*"}).
[...]

if i try using something like this:
WithExec([]string{"apt-get", "update","&&","rm", "-rf", "/var/lib/apt/lists/*"}).

The contaner build complains saying that the command "apt-get update" only takes one argument.

I dont fully underestand how t...

Bumps github.com/docker/docker from 23.0.1+incompatible to 23.0.3+incompatible.

Release notes
Sourced from github.com/docker/docker's releases.

v23.0.3
23.0.3

Note
Due to an issue with CentOS 9 Stream's package repositories, packages for
CentOS 9 are currently unavailable. Packages for CentOS 9 may be added later,
or as part of the next (23.0.4) patch release.

Bug fixes and enhancements

Fixed a number of issues that can cause Swarm encrypted overlay ne...

Refactor argument building with a clearer loop and structured data.
Add the --ua flags to send sdk type and version number to registry, for:

• [ ] Node SDK
• [ ] Go SDK
• [ ] Python SDK

cc @gerhard

Bumps ruff from 0.0.255 to 0.0.261.

Release notes
Sourced from ruff's releases.

v0.0.261

What's Changed
Rules

[flake8-simplify] Ignore collapsible-if violations for if False: and if True: by @​JonathanPlasse in charliermarsh/ruff#3732
[flake8-pie] Extend unncessary-generator-any-all to set comprehensions by @​charliermarsh in charliermarsh/ruff#3824
[flake8-simplify] Implement dict-get-with-none-default (SIM910) by @​kyoto7250 in charliermarsh/ruff...

Makes it possible for UIs to treat them differently, i.e. don't show them as errored when really they're just stopped.

Bumps golang.org/x/term from 0.5.0 to 0.7.0.

Commits

7ae6be6 go.mod: update golang.org/x dependencies
0edf009 go.mod: update golang.org/x dependencies
See full diff in compare view

[](https://docs.github.com/en/github/managing-security-vulnerabilities/a...

What are you trying to do?

I'm trying to create and GPG-sign a built binary with Dagger.

To do this, I need to mount my ~/.gnupg directory into my container and run gpg --detach-sign --armor binary-name.

The above command requires the following files (keyrings and trustdb) to create the signature:

• ~/.gnupg/pubring.kbx
• ~/.gnupg/trustdb.gpg
• ~/.gnupg/private-keys-v1.d/*

Currently Dagger only permits mounting files as secrets. It's not possible to mount an entire d...

This commit adds an important note to the service containers guide regarding ports. It is related to the example in https://github.com/dagger/dagger.io/issues/1769.

Bumps google.golang.org/protobuf from 1.29.0 to 1.29.1.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. ...

A small fix so that withExposedPort actually sets the EXPOSE equivalent config in the resulting container.

Doesn't hurt to be more verbose here since it's not directly user facing, and can help quite a bit with debugging problems related to startup.

Bumps mypy from 1.1.1 to 1.2.0.

Commits

4f47dfb Promote version to 1.2.0 and drop +dev from the version
06aa182 [dataclass_transform] support implicit default for "init" parameter in field ...
7beaec2 Support descriptors in dataclass transform (#15006)
a7a995a Multiple inheritance considers callable objects as subtypes of functions (#14...
7f2a5b5 [dataclass_transform] fix deserialization for frozen_default
bfa9eac [mypyc] Be stricter about functi...

Without this you can get a nil pointer exception when trying to use a secret w/ the cache mount synchronization code paths (currently only when running in k8s w/ AWS_WEB_IDENTITY_TOKEN_FILE set)

I'll also send out a followup that refactors the code so session initialization is shared between engine/engine.go and cmd/engine/operatorClient.go which will prevent future problems w/ trying to make sure they are both updated equivalently, but this change is a quick fix in the meantime.

Our "default" codepaths ensure that SDK+CLI+Engine are all compatible with one another, but if you manually deploy an engine and connect a CLI/SDK to it, it's no longer guaranteed to be compatible.

Today, the only way users know about compatibility is by looking at the SDK release notes (example), but that's extremely non-obvious.

There are many possible ways of improving this situation and in the long run our goal s...

Problem

In Dagger Cloud, I can list individual pipeline runs, with various fields giving me information about the run. One field tells me the git branch that the pipeline was run against. But the value of that field is always "HEAD", which is not actually a branch name, but a symbolic reference. If anything, "HEAD" might be a separate field ("this was the value of the HEAD reference at time of run").

Example:

Solution

Change telemetry to actually send the name of the c...

This PR was auto-generated.

Related to: #3885

This is exactly what we did - worked like a charm.

When working with a lot of engine instances and clients that may end up connecting to any one of them it can be extremely useful to know which engine a given client connected to.

The engine can be configured w/ a name via a DAGGER_ENGINE_NAME env, otherwise it will just default to the hostname. Clients will now log that when they connect to it.

Just submitting as a strawman, I'd like a better solution than just writing the engine name directly to the CLI's stderr, would it be p...

We have more improvements planned to the secrets API, as presented in the 0.5 release.

• improved scrubbing strategy
• more control over secret mounts
• pass secrets to Dockerfile build

Maybe, there is something we didn't think about.

Please vote, share your opinions and ideas so we can prioritize accordingly.

improved scrubbing strategy

more control over secret mounts

pass secrets to Dockerfile build

Follow up to #4892

Signed-off-by: Helder Correia

This commit adds a guide about creating a Dagger CI pipeline for a PHP framework application using PHP and a GraphQL client.

Closes https://github.com/dagger/dagger.io/issues/1769

To keep consistency with all SDKs naming, use nodejs as label instead of node.

Following request from @gerhard https://github.com/dagger/dagger.io/pull/2145

Bumps github.com/aws/aws-sdk-go-v2/feature/s3/manager from 1.11.10 to 1.11.61.

Commits

30383d5 Release 2023-04-07
352f89c Regenerated Clients
5042939 Update API model
d40a16e NXDOMAIN errors should not be retried (#2083)
439f88c Add announcement for next release for dlm
e4036a9 Release 2023-04-06
1c455e2 Regenerated Clients
adb09d3 Update endpoints model
3d4ed44 Update API model
296e005 Release 2023-04-05
Additional commits viewable in compare view

...

Bumps golang.org/x/tools from 0.1.10 to 0.8.0.

Release notes
Sourced from golang.org/x/tools's releases.

gopls/v0.8.0
Go version support
Support for Go 1.18
Version 0.8.0 of gopls supports features added to Go 1.18, specifically:

Support for multi-module workspaces using go.work files.
Diagnostics for Fuzz tests.
Improved support for generics.

To use these features, gopls must be installed using Go 1.18. See go.dev/dl for the latest status of Go 1.18 -- ...

Bumps sass from 1.59.3 to 1.61.0.

Release notes
Sourced from sass's releases.

Dart Sass 1.61.0
To install Sass 1.61.0, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.
Changes

Potentially breaking change: Drop support for End-of-Life Node.js 12.

Fix remaining cases for the performance regression introduced in 1.59.0.

Embedded Sass

The JS embedded host now loads files from the w...

What are you trying to do?

PR https://github.com/dagger/dagger/pull/4892 adds some SDK labels that are used for user-agent tagging to understand better our SDK usage. It'd be very valuable if we could also add these labels to the root pipeline here https://github.com/dagger/dagger/blob/4be9d6ee11cb5d3a66ec3e0f846436535009fd5e/core/pipeline/label.go#L33 so we can have visibility of the SDK version at the telemetry level.

cc @grouville @gerhard

Why is this important to you?

To ...

Allows an exec to skip the entrypoint. This allows folks to implement Dockerfile semantics (RUN skips entrypoint) without having to collect the current value, remove it, and add it back afterwards.

Example use case

Problem

Our chainable API is pretty simple, but it also feels limiting when you want multiple related fields, especially if they’re a part of a simple object like EnvVariable, Port or Label.

For example, if I have an EnvVariable object, and I want both the name and value, I need to make two extra requests:

envVars, err := ctr.EnvVariables(ctx)
if err != nil {
    return nil
}
for _, env := range envVars {
    name, err = env.Name(ctx)
    if err != nil {
        return...

Context

We have an outstanding bug when using exitCode, stdout and stderr:

• https://github.com/dagger/dagger/issues/3192

These fields trigger the configured command to execute. Problem is that if the command fails, the common code that they all share returns an error. That isn’t the proper behavior. A proper GraphQL error would be for example that no exec was actually configured, or the network connection was suddenly killed.

This happened initially because we had a techni...

Python implementation for:

• https://github.com/dagger/dagger/issues/3885

This using a generic implementation in the base class instead of duplicating in codegen.

Signed-off-by: Helder Correia

This replaces the "experimental_dagger_s3" remotecache type with a new
approach that integrates the local cache manager of the engine with a
remote cache service running in the cloud. This will only be enabled
currently if the _EXPERIMENTAL_DAGGER_CACHESERVICE_URL env is set in
the engine, in which case that should point to either a tcp:// or
unix:// endpoint where the service is being provided (currently, eventually this will
just run in the cloud and require an API token). If that i...

Bumps beartype from 0.12.0 to 0.13.0.

Release notes
Sourced from beartype's releases.

Beartype 0.13.0
This minor release delivers pulse-quickening support for pandera (pandas) type hints, PEP 484, PEP 585, PEP 591, PEP 647, PEP 3119, and pseudo-callables. This release resolves 12 issues and merges 2 pull requests. But first: a quiet word from our wondrous sponsors. They are monocled QA wizards who serve justice while crushing bugs for humanity. High f...

Bumps pytest from 7.2.2 to 7.3.0.

Release notes
Sourced from pytest's releases.

7.3.0
pytest 7.3.0 (2023-04-08)
Features

#10525: Test methods decorated with @classmethod can now be discovered as tests, following the same rules as normal methods. This fills the gap that static methods were discoverable as tests but not class methods.
#10755: console_output_style{.interpreted-text role="confval"} now supports progress-even-when-capture-no to ...

Bumps github.com/aws/aws-sdk-go-v2/feature/s3/manager from 1.11.10 to 1.11.62.

Commits

fcc0f5d Release 2023-04-10
cd750e0 Regenerated Clients
1bc2f05 Update endpoints model
b964f5c Update API model
fd69015 fix APIGW exports nullability exceptions
fae239a Merge pull request #2089 from aws/auditAccessibility
acf33a2 Update aws-sdk-go-v2's comment codegened from Smithy Go's updated document sm...
27360c1 fix APIGW exports nullability exceptions
30383d5 R...

Buildkit internally stores some cache metadata of etags and http checksums using an id based on this name, so setting it to the URL maximizes our chances of following more optimized cache codepaths.

The codepaths in Buildkit are here:

1. A hash is used to lookup any possible etag/url-hash metadata from previous http sources: https://github.com/sipsma/buildkit/blob/cf2698c0e4b708127c3aa86c49d51532feee6b82/source/http/httpsource.go#L128-L134

2. That hash is based in part on this getFileN...

Context

This proposal is just extracting Problem 3: Orphaned pipelines from the following, to keep that discussion focused:

• https://github.com/dagger/dagger/issues/4205

Problem

If a synchronous function is not explicitly called, the entire pipeline is orphaned:

lint()

testOutput, err := test().Stdout(ctx)

In the above example, lint is never executed.

Current workaround: Don't forget

- *Originally posted by @aluzzardi in https://github....

Bumps beartype from 0.12.0 to 0.13.1.

Release notes
Sourced from beartype's releases.

Beartype 0.13.1
This patch release brings titillating support for working tests. That's right; the prior minor release broke tests by failing to ship the mypy.ini configuration file in tarballed sdists, thereby breaking the test_pep561_mypy() integration test when run from tarballed sdists. This is why we facepalm.
This patch release resolves 1 issue and merges 1 pul...

Bumps typedoc-plugin-markdown from 3.14.0 to 3.15.0.

Release notes
Sourced from typedoc-plugin-markdown's releases.

typedoc-plugin-markdown@3.15.0
Features

TypdeDoc 0.24 compatibility fixes.

Changelog
Sourced from typedoc-plugin-markdown's changelog.

3.15.0 (2023-04-11)
Features

TypdeDoc 0.24 compatibility fixes.

Commits

64995ec typedoc-plugin-markdown@3.15.1
eaf8c7d fix: Expose refl...

Signed-off-by: Marcos Lilljedahl

Adds owner: String to the following APIs:

type Container {
  withMountedDirectory(..., owner: String): Container!
  withMountedFile(..., owner: String): Container!
  withDirectory(..., owner: String): Container!
  withFile(..., owner: String): Container!
  withNewFile(..., owner: String): Container!
  withMountedCache(..., owner: String): Container!
  withMountedSecret(..., owner: String): Container!
  withUnixSocket(..., owner: String): Container!
}

The `Str...

Also: avoid putting a useless 'HEAD' value in dagger.io/git.branch when running on a detached HEAD.

What is the issue?

Reported by @gerhard on 11/04/23: Currently, the docs navigation menu (left menu) has sub-pages expanded. This creates a very long menu. The items at the bottom are not visible unless you scroll down. Also, when browsing the docs, it's easy to lose your place in the navigation menu due to its length.

What is the issue?

1. Selecting a specific language tab in a code snippet is not persistent across pages.

2. Selecting a specific language tab in the quickstart is not consistent across quickstart pages.

Reproduction for #1:

• https://docs.dagger.io/472910/quickstart-build-multi and select Node
• https://docs.dagger.io/252029/load-images-local-docker-engine - Node is not pre-selected

Reproduction for #2:

• https://docs.dagger.io/947391/quickstart-test and select Node
• htt...

What is the issue?

The navigation menu for docs is not consistent in how it displays pages and sub-pages:

• For SDK/CLI/API sections, sub-pages are displayed inline
• For the quickstart, sub-pages are hidden until the quickstart is selected and then, other sections are hidden. This is also the only section with a Home button to return to the docs index.
• For the guides, sub-pages are listed in the main content area

![image](https://user-images.githubusercontent.com/112123850/231...

This commit merges the following three language-specific guides, related to using Dagger in CI, into a single multi-language guide.

Relates to #4574.

This commit adds a new cookbook page which is intended to aggregate code snippets from multiple sources, including existing documentation, GitHub repositories, Discord and others. Each recipe includes a brief explanation, code sample and optional link to source. Recipes are categorized within the page, although the categorization is currently fluid and may change.

Bumps dns-packet from 5.3.1 to 5.5.0.

Changelog
Sourced from dns-packet's changelog.

Version 5.5.0 - 2023-03-27

Feature: Added support for the NAPTR record type.

Version 5.4.0 - 2022-06-14

Feature: Added support for the SSHFP record type.

Version 5.2.0 - 2019-02-21

Feature: Added support for de/encoding certain OPT options.

Version 5.1.0 - 2019-01-22

Feature: Added support for the RP record type.

Version 5.0.0 - 2018-06-01

Breaking: Node.j...

Introduces interfaces to the go sdk as requested in #4401.

Signed-off-by: Helder Correia

In Dagger v0.5.0 we shipped an experimental new feature: a terminal UI for dagger run. (https://github.com/dagger/dagger/pull/4522)

Terminal UIs are notoriously difficult to implement, so there will be quirks, and there may be times where it gets in your way. But overall it should be much better experience than dagger.WithLogOutput(os.Stderr). If you run into any quirks or bugs, or have any ideas to further improve it, please leave a comment here!

![image](https://user-images.github...

Didn't work on www.warp.dev, but surprised that it worked fine with a rich status 🙂 (in iTerm).

The "open logs in $EDITOR" is aweseome 🙂 A container pull with layer download and extraction opens as an empty file though.

<img width="1642" alt="Screenshot 2023-04-12 at 16 12 02" src="https://user-images.githubusercontent.com/174525/231518475-5c49a126-02e8-46c1-ac31-bb3b93e6301b.png">

Maybe that output goes into stderr and the open logs is only for stdout output?

Oh, yeah these are actually their own special type of logs ("vertex status" :nerd_face:) so they don't end up captured like all the rest. "Open logs" should give you the interleaved stdout/stderr logs that you see in the details pane.

We can capture these logs too, just so it's less confusing. Could maybe even capture them in a more useful format, since filled progress bars don't seem all that useful at that point.

The python dependencies install could be simplified and the go version I think is 1.20, but that can be in a follow up.

_Originally posted by @helderco in https://github.com/dagger/dagger/pull/4937#pullrequestreview-1380990279_

I see.

Yes, would be nice to see normal TTY output in real time, but then open those logs as if having run in non-TTY:

We need to scrub even if the secret is written in multiple os.Stdout.Write().

Current state

After investigation, our system split big secrets into 32KB chunks.
And our secrets are limited to < 128000 bytes values.
Buildkit seems to handle bigger plaintext values, but we pass our secrets to the shim via os/exec.Cmd which limits the size of passed parameters. (I'll see how to improve that, maybe by passing the secrets as file to the shim command line)

Interesting - how does it fail? Does Warp usually work with fancy TUIs like htop? I would try myself but don't have a Mac handy.

Yes, htop works.

With this TUI, it just hangs like this:

<img width="196" alt="Screenshot 2023-04-12 at 18 16 41" src="https://user-images.githubusercontent.com/174525/231548423-61774b19-0444-453f-86af-200f65a478b4.png">

Bumps github.com/jackpal/gateway from 1.0.7 to 1.0.10.

Commits

c92e8af Update readme.
405795e Merge pull request #36 from jech/master
1d43aca Fix typo in go:build line
ebddb2a Modernize code.
7b6b918 Updated list of supported OSs.
169fd5f Remove unused code.
d68e6e9 Merge pull request #35 from fuskovic/fix-osx-gateway-parsing
fe27879 validate routing table flags
94d4aae Merge pull request #28 from greatroar/parsers
42c566e Merge branch 'master' into par...

Bumps github.com/aws/aws-sdk-go from 1.34.0 to 1.44.242.

Release notes
Sourced from github.com/aws/aws-sdk-go's releases.

Release v1.44.242 (2023-04-12)
Service Client Updates

service/groundstation: Updates service API and documentation
service/managedblockchain: Updates service documentation

Release v1.44.241 (2023-04-11)
Service Client Updates

service/ecr-public: Updates service API and documentation
service/emr-serverless: Updates service API and d...

Bumps github.com/go-git/go-git/v5 from 5.5.2 to 5.6.1.

Release notes
Sourced from github.com/go-git/go-git/v5's releases.

v5.6.1
What's Changed

plumbing/transport: don't use the firstErrLine when it is empty by @​ThinkChaos in go-git/go-git#682
plumbing/transport: ssh, unable to pass a custom HostKeyCallback func by @​aymanbagabas in go-git/go-git#655
storage/filesystem: dotgit: fix a filesystem race in Refs/walkReferencesTree by @​MichaelMure in go-git/...

Bumps golang.org/x/mod from 0.9.0 to 0.10.0.

Commits

ad6fd61 zip: fix on Windows
See full diff in compare view

Dependabo...

Bumps github.com/charmbracelet/lipgloss from 0.6.0 to 0.7.1.

Release notes
Sourced from github.com/charmbracelet/lipgloss's releases.

v0.7.1
This bugfix release fixes a problem introduced in v0.7.0 where applications could freeze or hang on start-up.
What's Changed

fix(renderer): use termenv default renderer by @​aymanbagabas in charmbracelet/lipgloss#179
chore: bump termenv to v0.15.1 by @​muesli in charmbracelet/lipgloss#180

Full Changelog: h...

Bumps httpx from 0.23.3 to 0.24.0.

Release notes
Sourced from httpx's releases.

Version 0.24.0
0.24.0 (6th April, 2023)
Changed

The logging behaviour has been change to be more in-line with other standard Python logging usages. We no longer have a custom TRACE log level, and we no longer use the HTTPX_LOG_LEVEL environment variable to auto-configure logging. We now have a significant amount of DEBUG logging available at the network level. Full documentati...

Bumps sass from 1.61.0 to 1.62.0.

Release notes
Sourced from sass's releases.

Dart Sass 1.62.0
To install Sass 1.62.0, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.
Changes

Deprecate the use of multiple !global or !default flags on the same variable. This deprecation is named duplicate-var-flags.

Allow special numbers like var() or calc() in the global functions: grayscale(), i...

Closes #4943

What is the issue?

From https://github.com/dagger/dagger/pull/4822#issuecomment-1494400399:

A couple of thoughts:
We should emphasise that WithSecretVariable doesn't end in the container image history, or the final layer. WithEnvVariable does, and sometimes a regular env variable that should not stick around (maybe because that container will be published) should be declared via WithSecretVariable instead. I hit this problem a few weeks ago: https://github.com/thechangelog/change...

What is the issue?

From https://discord.com/channels/707636530424053791/1095626134919594084:

include a note that service containers should be configured to listen on 0.0.0.0 instead of 127.0.0.1...
yep - the issue with 127.0.0.1 is it'll only be reachable within the container itself, so other services (including our healthcheck) won't be able to connect to it. 0.0.0.0 on the other hand will allow connections to any destination IP, i.e. the container's 10.87.xx.xx IP in the Dag...

Closes #4954

Closes #4953

So far it's working great. The only issue I've found is that PgUp / PgDown doesnt seem to be working for me, possibly because I'm in tmux?

Is that with the tree focused, the logs focused, or both? I think it might not be implemented for the logs view. :thinking:

Just log view, though I don’t have enough jobs right now to try it in the tree.

Bumps github.com/aws/aws-sdk-go from 1.34.0 to 1.44.243.

Release notes
Sourced from github.com/aws/aws-sdk-go's releases.

Release v1.44.243 (2023-04-13)
Service Client Updates

service/chime-sdk-voice: Updates service API and documentation
service/mediaconnect: Updates service API, documentation, and paginators

Release v1.44.242 (2023-04-12)
Service Client Updates

service/groundstation: Updates service API and documentation
service/managedblockchain: U...

What is the issue?

The answer to the question in https://docs.dagger.io/162770/faq#how-do-i-log-in-to-a-container-registry-using-a-dagger-sdk is outdated, as we also now have SDK methods for registry authentication. This issue is to update the answer in the FAQ to reflect the above.

Closes #4958

Fixes #4586
This seems to be caused by multiple calls to defaultHTTPClient on every request.
DisableKeepAlives on the existing code also seemed to fixed the issue but I think it's better to avoid creating the transports over and over.

Test output with the fix:

% go test -run TestLeak -v
=== RUN   TestLeak
2023/04/14 05:11:00 goroutines: 2
2023/04/14 05:11:04 goroutines: 4
2023/04/14 05:11:04 goroutines: 5
2023/04/14 05:11:04 goroutines: 5
STATUS OK
2023/04/14 05:11:05...

Would be nice to collapse/expand with h/l. Or space.

Sometimes it gets stuck in the last line of "importing cache manifest from dagger:10686922502337221602". Ticker is animated and time counts up, but it can take forever unless I kill it.

<img width="874" alt="Screenshot 2023-04-14 at 14 52 21" src="https://user-images.githubusercontent.com/174525/232078614-48177e8c-9998-4f9b-b745-dcafd6f706f9.png">

Yeah, this is a tricky one. It seems to happen with any vertex that quickly starts and finishes. I've also seen it with mkfile.

I attempted to debug it a couple of times, and even captured some journal logs to try and reproduce it (with _EXPERIMENTAL_DAGGER_JOURNAL=/tmp/foo.log), but haven't pinned it down just yet.

Bumps github.com/aws/aws-sdk-go from 1.34.0 to 1.44.244.

Release notes
Sourced from github.com/aws/aws-sdk-go's releases.

Release v1.44.244 (2023-04-14)
Service Client Updates

service/ecs: Updates service documentation

This release supports ephemeral storage for AWS Fargate Windows containers.

service/lambda: Updates service API and documentation

This release adds SnapStart related exceptions to InvokeWithResponseStream API. IAM access related docu...

Bumps pytest from 7.3.0 to 7.3.1.

Release notes
Sourced from pytest's releases.

7.3.1
pytest 7.3.1 (2023-04-14)
Improvements

#10875: Python 3.12 support: fixed RuntimeError: TestResult has no addDuration method when running unittest tests.
#10890: Python 3.12 support: fixed shutil.rmtree(onerror=...) deprecation warning when using tmp_path{.interpreted-text role="fixture"}.

Bug Fixes

#10896: Fixed performance regression related to tmp_pat...

@marcosnils pointed out this would be useful in the engine logs too

What is the issue?

Running a directory (by mistake, not by intention) seems to cause the build process to crash or exit prematurely.

Check the "Steps to reproduce" for the dagger script I've used. The equivalent Dockerfile correctly aborts with Permission denied error:

 => [2/3] RUN mkdir -p /test/abc                                                                                    0.2s
 => ERROR [3/3] RUN /test/abc                                                            ...

What is the issue?

Improve the PHP/Laravel guide by adding pipeline labels to the pipeline stages. Context: https://github.com/dagger/dagger/pull/4913#pullrequestreview-1385588413

Bumps github.com/aws/aws-sdk-go from 1.34.0 to 1.44.245.

Release notes
Sourced from github.com/aws/aws-sdk-go's releases.

Release v1.44.245 (2023-04-17)
Service Client Updates

service/appflow: Updates service API and documentation
service/drs: Updates service API, documentation, and paginators
service/dynamodb: Updates service API, documentation, waiters, paginators, and examples

Documentation updates for DynamoDB API

service/emr-serverless: Updates ...

Bumps attrs from 22.2.0 to 23.1.0.

Release notes
Sourced from attrs's releases.

23.1.0
Highlights
A lot of features and smaller bug fixes! But also with a heavy heart, we're leaving the last dataclass-less Python version (3.6) behind, but don't worry: the old versions aren't going anywhere and thanks to the magic of package metadata, pip install attrs should still work on Python 3.6 as if nothing happened.
Special Thanks
This release would not be pos...

Closes #4877

Examples all rely on withMountedDirectory. After this PR, we default to withDirectory.
Some examples still rely on the old withDirectory(.., exclude: "") because it made more sense in the example, but the majority of them rely on directoryOps to do include/ exclude folders

Noticed a lot of these were accumulating in a long running engine I was testing (1 per minute)...

Closes #4821

This PR addresses two issues found in the buildArgs function:

• Empty string values were not processed: The function was using the if (value) condition, which is falsy for empty strings, causing the code block to be skipped for empty string values. To fix this, the condition has been updated to explicitly check for undefined and null:

if (value !== undefined && value !== null) {
  // ...
}

This chan...

(Based on #4932 just to avoid merge conflicts, will clean up later.)

Currently every schema type has a set of types like this:

type File struct {
  ID FileID `json:"id"`
}

type FileID string

func (id FileID) decode() (*fileIDPayload, error) { ... }

type fileIDPayload struct {
  LLB *pb.Definition `json:"llb"`
  File string `json:"file"`
}

func (*fileIDPayload) ToFile() (*File, error) { ... }

Methods live on *File but they constantly have to convert back...

Adds more context around the https://docs.dagger.io/110632/embed-directories/ docs.
After this PR, readers will know:

• what embedding is
• why is there an example just in Go

Until now, we didn't use a cache for Go modules download in our CI, resulting in a lot of wasteful downloads.

Now, it's loaded directly from the cache.

Working on #4971 , I found a mistake in the test for directory.dockerBuild. container.Build was tested instead.

Here is a quick fix

cc: @jlongtine

See https://github.com/dagger/graphql-go-tools/pull/3

This should improve our test run time pretty significantly, and also improve dagger run start time and anything else that creates a Dagger session.

Have run into the same issue intermittently

Some applications detect the presence of a TTY on stdin/stdout/stderr and use that to determine whether to render a TUI of their own. In that case the application will likely just hang.

Also: this was never guaranteed to work as expected anyway, because both the Dagger TUI and the application will be competing for stdin's attention.

What is the issue?

the returned error string from container.Stdout sometimes trim characters from stdout.

Log output

input:1: pipeline.pipeline.container.from.withExec.stdout process "sh -c echo "cccaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\nbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb...

@vito Yeah, PgUp / PgDown doesn't work for me in log view, either. I'd love to have that, if possible. engine:test gets pretty boring scrolling up and down a line at a time...

Was originally including this fix with a bunch of other updates to the cache mount import/export, but need it on a shorter time frame now.

I just started using Dagger, and I am very impressed with it so far. I want to build an image and publish it under multiple tags. I am wondering if this is the correct approach currently:

...
images = [client.container.from... for _ in ...]
for _ in [
        "my-image:6.2.0",
        "my-image:6.2",
        "my-image:6",
        "my-image:latest",
    ]:
        await client.container().publish(
            address=_,
            platform_variants=images,
        )
...

It would be great if we could limit secrets to single with_exec commands, like RUN --mount=type=secret, e.g.:

my_secret = client.set_secret("PIP_INDEX_URL", "my-secret-url")
ctr = (
    client.container().from_("python:3")
    .with_exec(["pip3", "install", "-r", "requirements.txt"], secrets=[my_secret])
    ...
)

my-secret would only be available for the pip install command but not for ...

That's correct, the container is built only once while the .publish() action returns the digest for each of those tags.

There's been discussions in the past to allow a single call to publish to multiple tags but IIRC the main issue was dealing with the multiple returned digests.

For a slight performance improvement you can also put that publish in a concurrent task group:

• #4766

🙏🏻 @vito

Previously we would lock the addnhosts file itself, which in hindsight doesn't make a lot of sense because we also atomically write to it via renaming. This was causing service related tests to hang because concurrent updates weren't synchronizing properly.

Signed-off-by: Marcos Lilljedahl

Signed-off-by: Marcos Lilljedahl

Bumps @types/node from 16.18.19 to 16.18.24.

Commits

See full diff in compare view

[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-sc...

For a slight performance improvement you can also put that publish in a concurrent task group:

Right, I tried to refactor my script to sth like this:

async with anyio.create_task_group() as tg:
    for _ in [
        "my-image:6.2.0",
        "my-image:6.2",
        "my-image:6",
        "my-image:latest",
    ]:
        tg.start_soon(client.container().publish, _, platform_variants)

The issue with this is that the output of the image build is printed for each tag ...

The issue with this is that the output of the image build is printed for each tag on the console. This makes reading the build log in CI really hard.

Oh, right! I suspect that's related to:

• https://github.com/dagger/dagger/issues/4605

There's an open PR to fix that:

• https://github.com/dagger/dagger/pull/4789

It seems that's stale at the moment, and I haven't seen the feedback on it, but I'm assuming it fixes this specific use case (better to confirm though 🙂).

There's a...

Perfect! Thanks for pointing out the current status and keeping up the great work!

Feature request! Open a shell in a new container based off of a step in the pipeline.

This demoed at one point by @aluzzardi and was just reminded of it in Community Call.

This is breaking the Netlify build. We should probably just HTML escape all these, but this is a quicker fix.

We currently run the shim both outside the container (to reconfigure the runc bundle) and inside exec containers, which makes it straightforward to redirect stdout/stderr, serve nested sessions, etc. It's the pid 1 and spawns the actual user process as a subchild.

However, this can cause problems for programs that insist on being pid 1 such as systemd.

We can instead run the shim completely outside the container. This will require at least:

1. Still handling stdout/stderr file redirect...

Another cool feature would be to open in a graph as @aluzzardi showed in https://youtu.be/bL_9GOCZy3Y?t=564

Since the tree structure doesn't correctly map to a vertex having multiple parents (dependencies), the graph would allow much better visibility to the DAG.

Bumps github.com/aws/aws-sdk-go from 1.34.0 to 1.44.247.

Release notes
Sourced from github.com/aws/aws-sdk-go's releases.

Release v1.44.247 (2023-04-20)
Service Client Updates

service/chime: Updates service API and documentation

Adds support for Hindi and Thai languages and additional Amazon Transcribe parameters to the StartMeetingTranscription API.

service/chime-sdk-media-pipelines: Updates service API and documentation
service/chime-sdk-meetings: ...

Bumps docusaurus-plugin-image-zoom from 0.1.1 to 0.1.4.

Release notes
Sourced from docusaurus-plugin-image-zoom's releases.

Release 0.1.4
:bug: Bug Fix

Fixes publishing to include lib output from prepublishOnly (@​scalvert)

Committers: 1

Steve Calvert (@​scalvert)

Release 0.1.3
:house: Internal

#20 Adds prettier, rewrites all files (@​scalvert)
#19 Converts to TS to ensure functional match with Docusaurus APIs (@​scalvert)...

Bumps @typescript-eslint/parser from 5.56.0 to 5.59.0.

Release notes
Sourced from @​typescript-eslint/parser's releases.

v5.59.0
5.59.0 (2023-04-17)
Bug Fixes

eslint-plugin: [no-unnecessary-condition] allow nullish coalescing for naked type parameter (#6910) (3e5f858)

Features

eslint-plugin: [ban-types] add NonNullable suggestion and allow custom suggestions (#6876) (ff65235)

v5.58.0
5.58.0 (2023-04-10)
...

Bumps ruff from 0.0.255 to 0.0.262.

Release notes
Sourced from ruff's releases.

v0.0.262

What's Changed
Configuration

Allow users to extend the set of included files via include by @​charliermarsh in charliermarsh/ruff#3914
Implement isort custom sections and ordering (#2419) by @​hackedd in charliermarsh/ruff#3900

Rules

[flake8-simplify] Add autofix for contextlib.suppress (SIM105) by @​leiserfg in charliermarsh/ruff#3915
[flake8-bandit] Ignore ...

I think it would be great if dagger run printed a summary (or full?) logs on exit. Right now when you exit out of the TUI you have nothing in your scrollback, so you can't go back and passively see where you left off, or see output you didn't know you wanted to keep at the time, etc.

Now that I've gone back and forth a bit, I found myself more comfortable with Bass's UI: it doesn't take over the whole screen, instead you stay in the terminal the whole time and just focus on the bottom of...

I added this as a command line flag option for --oci-max-parallelism previously, but it doesn't work with the engine toml yet.

Actually this is probably now best addressed by just adding upstream, seems like a pretty trivial and generically useful feature

What happened? What did you expect to happen?

I have the following main.py file and I would like to understand how I utilize the caching functionality in Dagger.

I am using the following version:
dagger-io==0.5.1
Python 3.11.3

import sys
import anyio
import dagger


async def main():
    config = dagger.Config(log_output=sys.stdout)
    async with dagger.Connection(config) as client:
        first = (
            client.container()
            .from_("python:...

This one's pretty straightforward. Previously we would concurrently write to all event readers, but that meant rapid writes to the same reader could be delivered out-of-order. This was especially likely to happen to vertexes that quickly start and finish.

It looks like the goal was to prevent one slow consumer from blocking all the rest, but I think we're fine; the TUI has an infinitely buffered pipe, and the telemetry is also pushed into a queue and sent in batches, so in practice it shou...

Finally tracked this down: https://github.com/dagger/dagger/pull/4996

Also fixes the scroll % indicator.

@busla just added this :tada: https://github.com/dagger/dagger/pull/4997

@jlongtine PR ready: https://github.com/dagger/dagger/pull/4998

This commit adds Python and Node.js snippets for the "Work with the host filesystem guide". It also updates the text where required.

Relates to #4574

Currently, withSecretVariable takes a dagger.Secret. The dx for this looks like:

mysecret := client.SetSecret('my-var', 'secret value')

mycontainer := client.Container().From('alpine').WithSecretVariable('SECRET_ENV', mysecret)

I'm proposing we also have an option to pass a string instead of a dagger.Secret and skip the first step, like:

mycontainer := client.Container().From('alpine').WithSecretVariable('SECRET_ENV', 'secret value')

Thoughts?

I want to install something and append it to PATH to make it accessible. So how to prepend the new directory into the env variable as we do with PATH?

I found one possible solution is query env variable PATH and use this value for appending with new value. I waiting for someone who give a better solution than I do

Hey @wingyplus , just to clarify, are you talking about updating the path in a container you're creating? Something like:

client.Container()
...
.WithEnvVariable('PATH', '/root/.nvm/versions/node/v16.17.0/bin:$PATH')

where $PATH would evaluate (today the above does not work)

Yes, exactly.

Yes, you are correct:

path = await ctr.get_variable("PATH")
print(await (ctr
  .with_env_variable("PATH", f"/opt/venv/bin:{path}")
  .with_exec(['echo', '$PATH'])
  .stdout()
))

I'm currently using:

container := client.Container()
path := container.EnvVariable("PATH")

container.
...
.WithEnvVariable("PATH", fmt.Sprintf("/root/.nvm/versions/node/v16.17.0/bin:%s", path))

Not sure if has anything better. 😂

Thank you, you all. 🙇

Yes, you are correct:

path = await ctr.get_variable("PATH")
print(await (ctr
  .with_env_variable("PATH", f"/opt/venv/bin:{path}")
  .with_exec(['echo', '$PATH'])
  .stdout()
))

Mark @helderco as answer for clearer solution. 🙇

I think this might deserve its own step in the core API… It’s possible in userland, but pretty verbose, and the question does come up often. Seems worth the overhead of a builtin helper. Any thoughts on design?

If you try to get stdout/stderr of an exec and the contents have exceeded 16.7 MB, you will get an error like: Error: input:1: container.from.withMountedDirectory.withWorkdir.withExec.withMountedCache.withMountedFile.withEnvVariable.withExec.stdout ResourceExhausted: grpc: received message larger than max (76040932 vs. 16777216)

I think we can fix this by splitting the code out here to ...

I agree; extending $PATH seems like a common use case. it would be nice to have parity with Dockerfile ENV which supports interpolation.

It might be a surprising default, since who knows what values people might try to set in env vars. An expand: true param would be simple enough to implement by using os.Expand and fetching values from the current image config.

container {
  withEnvVariable(name: "PATH", value: "/opt/venv/bin:${PATH}"...

Heap is useful for hunting down memory leaks. Goroutines are useful for general debugging when you want a full stack trace of the entire engine but don't want to send SIGQUIT (which shuts the engine down).

Yes, I second @vito's suggestion. 👍

Bumps github.com/aws/aws-sdk-go from 1.34.0 to 1.44.248.

Release notes
Sourced from github.com/aws/aws-sdk-go's releases.

Release v1.44.248 (2023-04-21)
Service Client Updates

service/connect: Updates service API and documentation
service/ecs: Updates service documentation

Documentation update to address various Amazon ECS tickets.

service/fms: Updates service API, documentation, and paginators

Release v1.44.247 (2023-04-20)
Service Client Updates

...

As for doing it by default I'm not worried about the values people may be using, just that we now would have an exception to "we don't expand env vars". Some people try to use it in WithExec() without a shell too, like they can in a Dockerfile. Being explicit makes it clearer. I expect users to ask for it to be included in other places as well when we add this.

I have an inkling of a memory for why we've never done it, from version v0.2, but don't remember the arguments.

In the code for obtaining stdout/stderr of a failed exec, we were passing the context to the deferred Release of the gateway container that is used for all the other calls. This context had a failsafe 30 second timeout so that obtaining stdout/stderr didn't inadvertently block for excessive amounts of time.

If that context ended up cancelled, the Release call would not actually happen, which meant that all the cache refs for the created container would continue to be held open in the engin...

@helderco Here's my thinking re: default behavior:

Dockerfiles can get away with interpolating by default because the only way to pass in a dynamic value is through build args, which also uses interpolation syntax. So either the interpolation is satisfied by an env var, or it is satisfied by a build arg:

FROM golang
ENV PATH=/foo:$PATH
RUN echo $PATH

FROM golang
ARG ARG=/bar
ENV PATH=/foo:$ARG
RUN echo $PATH

If you were to pass `--bui...

Empty caches have 755 permissions, so we should be consistent with that when changing ownership.

see https://github.com/dagger/dagger/pull/4932#discussion_r1174164399