Summary

• Replace walkObjectChecks with ModTree abstraction for traversing module trees
• Rename FnTreeNode to ModTreeNode with simplified structure
• Add support for walking arrays of objects with +check methods
• Add --all/-a flag to dagger check to enumerate dynamic checks
• Include dynamic checks in aggregate listing even without --all
• Fix TUI display for aggregate check execution
• Add modtree path matching tests

Context

This PR adds the core infrastructure needed to support d...

Summary

• Add dynamic test enumeration to Go toolchain using +check decorator
• Add test splitting to engine-dev toolchain for parallel test execution

Changes

Go toolchain

• Tests() returns []*TestDirectory grouped by directory
• Each Test has a +check decorated Run() method
• Uses Source.Search() for fast regex-based test discovery
• Pre-builds container and shares across tests via WithWorkdir()

Engine-dev toolchain

• Tests() returns []*TestDirectory with...

https://github.com/user-attachments/assets/f3c41d78-373e-4774-bbaf-ec5654220d3a

Same as #11350 but that PR missed the specific case of "contextual git repo/ref that's actually a local dir".

Discord ref: https://discord.com/channels/707636530424053791/1458838030155513956

TODO:

• [ ] integ test (verified with a manual repro)

Close #10882

This reverts commit 79c2341d21f7499269a4667d093bb7f32e1d157d.

I saw some strange slowness in https://github.com/dagger/dagger/pull/11608 but thought it went away after re-runs. However, I did some more testing before starting the release and realized it actually is quite noticeably slower. It's hard to tell in CI since our infra is quite noisy, but my laptop is much more consistent and is consistently several minutes slower to run TestModules with the nftables change vs. without it.

...

https://github.com/dagger/dagger/pull/11608 attempted this but ended up causing perf regressions for unclear reasons. It may have resulted in CNI creation/teardown overhead that caused each container to take longer? Needs more investigation

Problem

When running 'dagger check' in a module, there is no distinction between:

a) checks meant to be run in the context of another module (by installing the current module as a toolchain)
b) checks meant to be run in the context of the current module

As a result, running 'dagger check' in a toolchain module, is likely to fail in confusing and unpredictable ways.

This complicates out-of-the-box CI for every Dagger module - because that requires a simple way to run every check on ...

Previously the unique identifier for a module was just module's git url, but that created issues in the case where we want a module to install a previous version of itself as a toolchain. This small change allows for that, plus lots more test cases.

Solves https://github.com/dagger/dagger/issues/11695

Do not merge unless we all agree we should go ahead with it!

Here's a strawman proposal that leans hard into pragmas to support sequencing and context-conditional execution.

This proposal has some controversial aspects even with me, but it seemed worth pulling on the thread and seeing how much it addresses.

In particular, I had to convince myself to press on after deciding it might be OK for functions to reference other functions in pragmas. And to press on after inventing a bit of special notation inside those pragmas. But, in the whole picture,...

Very interesting 👍

Regarding referencing functions by name or by their return type: type looks more elegant, but also more complex. You have to define a type, a specific type, that might only be used to create this link. For instance if your ship function must be run after tests to pass, the result value of test might be discarded anyway as we only want to synchronise execution, we have nothing to do with the value itself.
So in that case it means to create a type, return a value, add an...

When a user runs dagger toolchain install without a dagger module, automatically init the dagger module in the current directory.

If -m/--mod or DAGGER_MODULE is set, do not init but keep the previous behavior.

Maybe */ should become optional if users omit this too often ?

A small, low-hanging fruit optimization.

This optimization has already been done in the PHP SDK.

Both the official and community image are maintained by the same person. But the community image is almost 74Mb smaller and designed specifically for copying the binary.

https://hub.docker.com/_/composer
https://hub.docker.com/r/composer/composer

This PR adds a liveness probe in the same way we already have a readiness probe.

I've set the defaults to be more forgiving than the readiness checks.

This should help with engines that get into an unrecoverable state and need to be restarted.

Summary

This PR adds support for the checks feature to the Java SDK, bringing it to feature parity with Python, TypeScript, and Go SDKs.

Changes

• New @Check annotation: Marks functions as checks that can be executed for validation
• Updated FunctionInfo record: Added isCheck field to track check status
• Updated annotation processor: Detects @Check annotation and generates withCheck() call
• Test module added: hello-with-checks-java demonstrates usag...

So in that case it means to create a type, return a value, add an argument, all that for nothing.

Yeah, I agree - the arg-passing trick is neat when there is something actually worth propagating, but it's really clunky to require it for all forms of sequencing, especially if/when the values being propagated are deterministic (i.e. keyed on commit or branch) or not interesting to the target function (shipping probably doesn't care about test reports, even if you make your checks return ...

The engine logs above Debug have over time devolved to be mostly useless. Many of the Debug level logs are also not particularly helpful. This commit is a grab bag of improvements that makes Info level logs useful without being too overwhelming:

• warnings about deprecated APIs are rm'd; there's zero utility for these to be in engine logs vs client telemetry output
• "CoreModObject.ConvertFromSDKResult: got nil value" happens in expected scenarios, lowered to debug
• "collectPBDefinitions:...

This changes how arguments of type dagger.Directory get parsed by the CLI.

The old simple syntax is the default but you'll also be able to say

dagger call fn1 --path-arg "$HOME/project/p1?include=go.mod,go.sum,cmd,internal&gitignore=true"

Saw a couple interesting bug fixes + perf improvements since we last bumped.

This removes the generation of internal/telemetry and internal/querybuilder that can be installed from the local library.

Add a new flag to --generate-module to pull the libraty that matches the engine version's.

Add a new _EXPERIMENTAL_DAGGER_DEV_ENGINE to force the engine to act as a dev engine even if its tagged so we don't break engine_test files if we do some breaking changes in telemetry or querybuilder package.

Related to #11515 and #11547

Just realized +labels wouldn't be enough for preview environments, since we'd need to handle removing them too. :thinking:

Currently we handle that by looking for a unlabeled or closed event and that the PR is missing the labels:

on:
  pull_request:
    types:
      - unlabeled
      - closed
    paths:
      - ...

name: Cloud preview environment deleted

jobs:
  add-github-pr-comment:
    # add the check in case a user remove a different set of labels
  ...

I was thinking about some use cases, that are don't know how we should handle them.

So for instance, let's say we have a check function, defined in a toolchain. And we want to notify a system when the check is passing or failing (I'm thinking about notification and tracking, but that could be anything else). So in this case, a ship/publish function makes total sense. But we want, we need the check results.
I'm seeing different ways to achieve that:

1/ define a ship function tha...

Apparently containerd added support for igzip to decompress image layers as it's multiple times faster than pigz.

It is made by Intel and heavily uses specialized CPU instructions, but it does exist for aarch64? Not sure if the perf optimizations carry over entirely to arm yet.

Context

Dagger is great at building and running integration test harnesses. This is done in two parts:

1. Execution environment: the container that will run the test code
2. Service dependencies: services that the tests need to connect to while they run

Orchestrating the execution environment with Dagger is pretty straightforward: build the container on-the-fly, mount the application code, optionally build, run the test tool.

But there are several ways to orchestrate servi...

I think a good DX would look something like this:

import { render, screen, fireEvent } from '@testing-library/react';
import Counter from './Counter.jsx';
import dag from '@dagger.io/dagger';

describe('Counter Component', () => {
  // Create service container
  let postgres = dag().container().from('postgres:latest').asService();

  // Jest beforeAll hook to start services.
  // Can also do beforeEach() to start a new one for each unit in this suite
  beforeAll(async ()...

Use our own dagger/pytest test integration library to run the python sdk tests. This will send telemetry for all tests that are running.

Reverting the code that was allowing to have currentEnv from a toolchain corresponding to the currentEnv of the parent module. This causes issues in ci:boostrap check, will doit differently but for now just revert that part so CI will be green again.

NOTE: this is about a change to how we test the Dagger project. It is NOT about how Dagger runs tests.

For our e2e tests, we orchestrate service dependencies outside our test code. Recently we have discussed the benefits of orchestrating service dependencies in the test code. This made us realize that, for our own project, we should switch to this technique.

Task list

Core integration tests

• [ ] Migrate test execution: from `to...

This lets you do

// +default="alpine:latest"
ctr *dagger.Container,

and

{
  "function": ["testWithDefaultContainer"],
  "argument": "ctr",
  "default": "alpine:3.18"
}

in json.

Added lots of tests so hopefully this isn't a terrible idea.

In making this I discovered that our documentation for python constructors with complex types has been wrong all along, so I've corrected that too.

Hi! :wave:

re: "Docker API compatibility bridge", aka Dogger. The (limited) work I've done on it is here. It's worth keeping in mind that I didn't start this with just Testcontainers in mind. The goal I had was to be able to use the docker CLI from within Dagger's execution environment without having to pull down and run the Docker engine, while also taking advantage of Dagger's cache. The primary use-case I had in mind was `ki...

I recently implemented (what i understand to be) the (2) service orchestration at the client level, as one of those rare examples from the community :]

https://github.com/hofstadter-io/hof/blob/_next/lib/env/cmd/run.go

pseudo-code

all = `user selected sync points`
services = [for $item in all if $item.kind == "service"]
containers = [for $item in all if $item.kind == "container"]

for $svc in services:
  $svc.up()
for $ctr in containers:
  if isLast:
    $ctr.terminal()
...

another one which resonates in my head is mutate. Mostly because ship in my head usually implies changing the state of something.

Another obstacle I'd identified is that docker run -p 8080:80 nginx wouldn't actually expose the container's port on localhost, but on Service.endpoint()

If you call Service.up(), the port is in fact exposed on localhost. This is strictly better than Docker/testcontainers, because Docker cannot actually guarantee what the listening hostname + ports are - testcontainers has to make educated guesses.

Bumps the sdk-java group with 8 updates in the /sdk/java directory:

Bumps the sdk-typescript group in /sdk/typescript with 13 updates:

Bumps the sdk-python-docker group with 1 update in the /modules/ruff/build directory: astral-sh/ruff.

Updates astral-sh/ruff from 0.14.11 to 0.14.13

Release notes
Sourced from astral-sh/ruff's releases.

0.14.13
Release Notes
Released on 2026-01-15.
This is a follow-up release to 0.14.12. Because of an issue publishing the WASM packages, there is no GitHub release or Git tag for 0.14.12, although the package was published to PyPI. The contents of the 0...

Bumps the engine group with 28 updates in the / directory:

What are you trying to do?

From https://docs.dagger.io/core-concepts/checks/. Elixir SDK required to add checks to the function to annotate that it can be run via dagger check.

Why is this important to you?

No response

How are you currently working around this?

No response

Initially the proposal SGTM. The only question that comes to my mind is if you have thought about how the UX around customizing exposed ports might be. Given that dagger up could potentially start multiple services, it could happen that those services might be trying to expose an invalid (< 1024) or overlapping ports so some sort of client-side customization will be needed here similarly to the --ports flag that dagger call $svc up has today.

@eunomie Having tried something like that in Concourse, I'm inclined to not mix the notifications use case in with ships:

1. Notifications tend to be unilateral, like "alert the team when ANY function fails." In Concourse this meant copy-pasting ~6 lines of YAML on every Job, and with @ship it seems like that would mean one @ship per @check, or a new notation like @any-check - so it starts to feel a bit forced.
2. A lot of the time people what notifications to be on _state transit...

If you call Service.up(), the port is in fact exposed on localhost

Right, but in the context of a "Docker API compatibility bridge", the localhost that the Service.up() gets exposed on is not the user who would have ran docker run, but the compatibility bridge's.

Had some promising but not quite fruitful trials w/ latest LLM coding models (codex 5.2-xhigh + opus 4.5) when it comes to debugging super gnarly engine issues around caching.

Seemed like one bottleneck was that it had to learn (and re-learn after context compaction) the whole codebase every time (which is often necessary for particularly tricky problems). So giving it detailed developer docs that focus it in on the parts that truly matter when debugging cache stuff may save a lot of file ...

The security:scanSource CI check fails when a newer Trivy version is available. Bump to the latest release to unblock the pipeline.

To verify the digest:

• docker pull aquasec/trivy:0.68.2
• docker inspect aquasec/trivy:0.68.2 --format='{{index .RepoDigests 0}}'

Bumps the sdk-typescript group with 13 updates in the /sdk/typescript directory:

• Adds ContainerLogs method to the containerBackend interface
• Implements it for Docker and Apple container backends
• When container startup fails, fetches and displays container logs in the error message

What is the issue?

I am deploying a GitHub self-hosted actions runner on some older Nvidia Jetson hardware that uses an ARM Cortex-A57 that the software we are developing must support. Every version of the dagger cli that' I've tried panics immediately.

From the digging I've done so far the panic appears to be an issue with the github.com/wazero/wazero dependency. Updating it from 1.9.0 to 1.11.0 seems to resolve the issue when I tested against main. I unfortunately don't have the t...

Fixes #11554

Context

When from __future__ import annotations (PEP 563) is enabled, param.annotation becomes a string instead of an actual type object. This causes all metadata extraction (DefaultPath, Doc, Name, Ignore, Deprecated) to fail silently: the annotations are simply ignored.

Fix

The fix uses get_type_hints(..., include_extras=True) to resolve string annotations back to actual types while preserving Annotated metadata.

To test

dagger ...

Introduce MainModule field to Env to explicitly represent the project
being worked on, as distinct from toolchain modules. This provides a
clear semantic separation:

• MainModule: the project/context module
• installedModules: toolchain modules (via withModule, now deprecated)

Changes:

• Add MainModule field to Env struct
• Add Env.WithMainModule() method and GraphQL binding
• Update currentEnv() to use withMainModule instead of withModule
• Env.Checks() now delegates to MainModule.Checks()...

Well, I think you could have a toolchain with a notify @ship function that will run after all checks, and deals with it. So you just install the toolchain, probably add some config in the dagger.json to customize it, and that should be enough. So no copy-pasting. But more than that, notification was just one easy example, there's probably other use cases. And I'm not really sure why we should make notification a special case.

But the transition based notification looks interesting. But...

I have not, but that's a good point.
A first idea could be to add the port to the +up pragma, but that's probably wrong. We can imagine to have that in the dagger.json, the same way we are customizing checks for instance. That way it stays decoupled from the implementation of the service and is really just a host-side configuration.
But we start to have more and more things in this dagger.json and I don't know if that's a good thing.

Here's a strawman proposal that leans hard into pragmas to support sequencing and context-conditional execution.

There is an inherent limitation with using pragmas.
In our company most github workflows do the following:

• on pull request run checks and pushes concurrently, because we need to push an image for further testing regardless of unit tests passing
• on merge we push only after checks are successful

Pragmas are unconditional, so something like this becomes very tricky to d...

We haven't been maintaining these and generally do benchmarking locally for now. They cause CI to be red when triggered, so just removing for now.

@idlsoft Isn't that just a matter of setting different pragmas on different functions to handle the different configurations? Parts 1 and 2 are meant to address the fact that all these sorts of different configurations need to be supported, and at least with this proposal the idea is that you would just define different functions for them, which shouldn't be too toilsome, since they can trivially share code. (Much easier than duplicating entire GHA workflows, and IMO still better than templat...

Didn't have time for a detailed review yet... But my 2 cents: if we're going in the direction of a full-blown declarative workflow DSL built on dagger functions (not a bad idea, although the devil is in the details)... then the starting point IMO is to move that declarative config out of the function code, and into a separate layer, possibly a yaml/toml config file in the project module, or something equivalent.

A few reasons:

1. If you're referencing another function from code, that ...

@idlsoft Isn't that just a matter of setting different pragmas on different functions

Well, maybe, but all the extra attributes are basically a replacement for good old if statements. Which still has value, is convenient to use, and may satisfy 90% of use cases, but is also limited.

To give another example, after pushing a docker image we post a request to an external service to scan the image, and get approval that no critical vulnerabilities were found. That's a post-push action.
...

@idlsoft

To give another example, after pushing a docker image we post a request to an external service to scan the image, and get approval that no critical vulnerabilities were found. That's a post-push action.

If you're humor me for a moment, that's just another pragma:

@ship(branches: ["@default"]) # defaults to `after: ["@checks"]`
pub publishImageAfterChecks: Void {
  publishImage
}

@check(after: ["publish-image-*"]) # * to match PRs and main, or just spell ...

I suppose if dependencies between checks and ships go both ways - yes, this is a lot more flexible.
For some reason I assumed that ships can depend on checks, but not the other way around.

On a different note, it may be useful to have 3 possible outcomes instead of 2: success, failure, ignored. And, perhaps a way to consume them in the "after" functions?

1. Yeah, the encoded function names were a hesitation that I also had. It would really come down to DX. If that's the cost of entry and the DX is better in every other way than the alternatives we come up with, for me it's not a dealbreaker, since it's at least using string values that we're already expecting the user to be familiar with outside of any particular codebase, in particular as a way to interact with the very functions that have these pragmas. But, it's subjective like you said.
   ...

I suppose if dependencies between checks and ships go both ways - yes, this is a lot more flexible.

Yeah exactly. :)

On a different note, it may be useful to have 3 possible outcomes instead of 2: success, failure, ignored. And, perhaps a way to consume them in the "after" functions?

Interested to hear more on that - what's your use case?

Interested to hear more on that - what's your use case?

It'd be similar to how in unittesting you can to skip a test under certain conditions that can only be evaluated at runtime, typically by throwing a specific exception/error.
You can then see separate counters for succeeded/failed/skipped. The distinction is important, I think.

An example... Only push an artifact if remote repository credentials were provided? idk, I'm sure there are better ones.

Also... if pragmas control co...

Couple interrelated goals here:

1. Fix the root cause of the TestConstructor flakes by more fundamentally squashing the possibility of content digest overlap resulting in cross-client cache confusion
2. Setup some cache key + ID changes that will be needed for the imminent removal of the buildkit solver
3. Finish what I originally started in https://github.com/dagger/dagger/pull/11625 but had to partially back out of due to needing a fix ASAP

Main thing is to manage "content digests" ...

This is a rough first draft based purely on a single instance where I daggerized a particular repo. I daggerized it via prompting and then asked the LLM to create a skill out of what it learned. Likely useful enough to merge as is and iterate on.

I don't think the opinions it expresses are likely what everyone shares, but I also don't have time to get bogged down in refining details right now since this was just a quick extracurricular thing. If there's preference to not merge I'll just cl...

This is an update to the reverted https://github.com/dagger/dagger/pull/11608 which fixes the performance regression that introduced.

After investigation, the previous PR was fine except that it removed the ip6tables package.

When I run TestModule (pretty heavy integ test suite):

• With the previous PR: 7m39s
• With the previous PR but leave in ip6tables: 5m56s

These numbers are pretty consistent on my laptop, not noise.

It's not 100% clear to me yet why that is, but m...

It might be a little bit off topic, but if we think about a separate config layer, would it also make sense to include the toolchain customization that is right now inside the dagger.json?
Or should all that in fact be the equivalent of the dagger.json but maybe using a different format (like toml)? To also avoid to have multiple config files.

@eunomie That's a great point - much more interested in the config file approach from that POV, since we've already made a concession there to some extent.

@vito whether it's a @ship in a 100% reusable toolchain, or in a more project-specific toolchain, it's the same problem. It makes it impossible to break down your project's dagger functions in a set of toolchains - you have to keep a '.dagger` in your project with embedded functions, and also install toolchains when that's possible. And we have to explain all of that, navigate when to use which, etc. I don't like that UX because it's too many concepts to understand on day one. I would p...

@shykes Sorry, I don't follow - why would you need a .dagger? Wouldn't @ship functions always be defined in a toolchain, just like @check?

Or should all that in fact be the equivalent of the dagger.json but maybe using a different format (like toml)? To also avoid to have multiple config files.

As long as non-json formats are being considered, PKL may be an interesting contender. It has interesting built-in features to help avoid duplication.

This refactors/simplifies toolchain proxying. I've felt like the original proxying was too hacky, especially if we're going to lean on toolchains even more. This can all potentially go away if we solve contextual Envs (@shykes @vito ), but in the current implementation this refactor seems like a more straightforward approach

We were running all tests with -race, which means that we don't hit earlier go build cache and is generally quite slow to build. It also is not incredibly valuable in that it applies to the client side of integ tests, which isn't the main point of the integ tests.

You could see this in telemetry because there was often a large gap between the start of the withExec for go test ... and the actual start of spans for tests.

This was exacerbated by the fact that we defaulted to running go ...

Fixes scan failures https://dagger.cloud/dagger/checks/github.com/dagger/dagger@48433f58938d323ff6b72a2ea3e02abd562d4293?check=security%3AscanSource&listen=c5e4b1ad40f3aa3c&listen=3f34620b160e3548#3f34620b160e3548:L180

This adds a private API that allows retrieving the include field of a dagger.json

Bumps the sdk-java group in /sdk/java with 2 updates: org.assertj:assertj-core and org.testng:testng.

Updates org.assertj:assertj-core from 3.27.6 to 3.27.7

Release notes
Sourced from org.assertj:assertj-core's releases.

v3.27.7
:lock: Security
Core

Fix XXE vulnerability in isXmlEqualTo assertion (CVE-2026-24400)

See GHSA-rqfh-9r24-8c9r for details; many thanks to @​wxt201 and @​Song-Li for responsibly repor...

Bumps the docs group with 5 updates in the /docs directory:

Bumps the sdk-typescript group with 15 updates in the /sdk/typescript directory:

Bumps the engine group with 30 updates in the / directory:

Every Go module contains a bunch of boilerplate to work properly and integrate with the IDE.

A regular dagger go module is composed of the following generated files:

├── dagger.gen.go <--- module support static generation + dagger global client used in the module
├── internal
│   ├── dagger/dagger.gen.go <--- Client bindings to query the dagger engine, include core and dependencies bindings.
│   ├── querybuilder/
│   └── telemetry/

Note: querybuilder and telemetry are staticall...

This is a discussion to decide if we should get rid of defaultPath and defaultAddress to just use default for everything. We should discuss context for why things are the way they are, blockers for making the change, and how the change would be implemented.

Some historical context for reference: https://github.com/dagger/dagger/issues/7647#issuecomment-2201921231

Simplify the test harness for our integration tests, without changing the actual test logic.

A skill to help AIs and humans understand and improve Dagger's complex codegen system.

Mark gitignored entries in stats instead of excluding them from the walk, and have the server skip deletes/updates under those paths.

This avoids cross-client conflicts caused by confusing overlapping requirements of having .gitignore in the synced fs tree but also needing to exclude it sometimes.

Fixes CI flake about change kind changed from "add" to "delete" during sync and variations

• repro'd with `dagger call engine-dev test --parallel=12 --pkg ./core/integration --run='TestHo...

see test comments for details + ASCII art

fixes this issue (thanks to @sipsma for catching it in the act!):

https://github.com/user-attachments/assets/f606d496-8822-4c25-9de6-ed8827ce0592

What is the issue?

Follow-up of Discord discussion: https://discord.com/channels/707636530424053791/1465717553530671389

I have a context directory, which looks like (simplified)

    // +defaultPath="/"
    // +ignore=["**","!dagger.json"]
    source *dagger.Directory,

When calling a module without any arguments, the source is resolved as a "context" directory and the correct filters (exclude) are applied:

$ dagger call test

dagger.json

However, if a --source...

When installing a generated go client ('dagger client install go'), if the target module has dagger.io/dagger installed and replaced with a go.mod replace directive, then the replaced version will be overwritten with the generator's bundled version (matching the current engine's version).

This will break whatever behavior was enabled by the replaced version. In our case, github.com/dagger/dagger, we need the replace directive because we're targeting a dev version of the library.

As discus...

• codegen: fix optional argument detection in generated client wrappers
• docs: document IsArgOptional gotcha in dagger-codegen skill

This was causing an engine panic when you install a module which has toolchains.

The change is to only load toolchains on the parent module.

This is preliminary work for generators I extracted in a dedicated PR to help keep the generators one as focused as possible.

This PR extracts the code to preview patches (used in the CLI to display a summary of a changeset) so it might be used in different places later

This is preliminary work for generators I extracted in a dedicated PR to help keep the generators one as focused as possible.

Allow to handle changesets in the CLI with the object directly instead of the id.

Just a shortcut that will help to deal with changesets from generators.

Missed this during previous effort that split up recipe+content digests. Seems to have been causing flakes in CI where wrong auth was used for git ops. Setting the content digest rather than recipe digest fixes it since it keeps the recipe consistent even when git ops using different auth happen to result in the same directory.

Remove evaling span which was accidentally committed.

Bumps the sdk-typescript group with 14 updates in the /sdk/typescript directory:

I was reading the docs and noticed this link was getting a 404 so I tracked down the updated location.

Bumps qs and express. These dependencies needed to be updated together.
Updates qs from 6.11.0 to 6.14.1

Changelog
Sourced from qs's changelog.

6.14.1

[Fix] ensure arrayLength applies to [] notation as well
[Fix] parse: when a custom decoder returns null for a key, ignore that key
[Refactor] parse: extract key segment splitting helper
[meta] add threat model
[actions] add workflow permissions
[Tests] stringify: incre...

• ref #11728

Signed-off-by: Marcos Lilljedahl

Bumps the engine group with 30 updates in the / directory:

Longstanding subtle DagQL issue - sub-selections of array results need to be resolved in parallel. We already resolved fields in parallel, just not arrays.

What is the issue?

We occasionally get errors from the engine trying to load a remote module through SSH in our CI environment (multiple ephemeral GHA runners accessing a single dagger engine).

We receive 128 exit code with a permission denied; however, our SSH socket looks correctly started and has our key in the runner.

It appears that the engine is trying to reuse a socket from a previous runner that does not exist anymore.

Dagger version

dagger v0.19.8 (image://registry.d...

Using this to run CI async and test various things for now. Probably will end up having a couple spin-off PRs to avoid a single monster one

This gives generated clients in go their own go.mod.

Doing this means we don't compete with the project's own go.mod at all

It includes backwards compat for existing generated clients so that we don't break anyone's working setup.

We are also directly handling the integration test's need to replace the local SDK (read: library) rather than making that part of client generation. In the integration tests we handle the replace for the local library. Because the generated clients have th...

Skip Available() call for drivers, getting rid of docker version altogether.
If Provision() or Connect() fails, try the next driver.
Skip Wait() loop when establishing the buildkit connection.
Instead, if Info() fails, error out.
Delay setting up buildkit session to before Run.

This approximately halves the connect time for me on a docker+ssh context.

I've had trouble running dagger call engine-dev introspection-json as-json contents due to possible Alpine issues.

load http(url: "https://dl-cdn.alpinelinux.org/alpine/edge/main/x86_64/libcrypto3-3.5.4-r0.apk", refID: "qbyaq3p936rlfmt7shw4nbi3z"): invalid response status 404 Not Found

I'm not exactly sure what happened: https://dagger.cloud/tiborvass/traces/22fa61bd3737d64e844dad167bd733c5?listen=5f98acc260801256&listen=0a627df8013f68cd&listen=f86b388a509b75ae&listen=8ec8af...

It was inadvertently removed in the refactor in #11685

Please first merge https://github.com/dagger/dagger/pull/11770

Signed-off-by: Solomon Hykes

to support the dagger CLI provisioning engines with e.g. HTTP_PROXY injected

Trying a theory: we can identify which spans are 'user spans' by wrapping all points where we exec something, since that will cover both module function calls and any telemetry produced by a withExec (e.g. test spans).

Every call made in the engine is sent back to the client (and from there forwarded to cloud). Each call also was including the entire ID payload of the call.

That takes total O(n^2) space, where n is the size of the DAG, due to the fact that each call payload duplicates the parts of the DAG already sent in earlier call payloads.

e.g. for a very simple DAG like A->B->C, the telemetry sent would be

1. ID for A
2. ID for A->B
3. ID for A->B->C

We don't seem to be using the payload at...

Bumps the docs group with 7 updates in the /docs directory:

Bumps the sdk-elixir group with 2 updates in the /sdk/elixir directory: credo and ex_doc.

Updates credo from 1.7.15 to 1.7.16

Release notes
Sourced from credo's releases.

v1.7.16
Check it out on Hex: https://hex.pm/packages/credo/1.7.16

Fix compatibility & compiler warnings with Elixir 1.20.0-rc.1
Credo.Check.Refactor.PassAsyncInTestCases add new param :force_comment_on_explicit_false (defaults to false)
Cre...

What is the issue?

I don't see a way to mark things as Checks. I believe it would be implemented through a new attribute ?

Dagger version

dagger v0.19.10 (image://registry.dagger.io/engine:v0.19.10) darwin/arm64/v8

Steps to reproduce

dagger init --sdk=php and no Check attribute seems available

Log output

No response

Add dagger generate feature.

Functions returning a Changeset can be decorated and will be listed as generator function and executed via dagger generate command.

Generators can be used to construct assets, generate code that should be versioned, etc.

Security scans are failing, need to bump go to 1.25.6. Also regenerating some stale files that got committed to main.

Bumps preact from 10.26.9 to 10.28.3.

Release notes
Sourced from preact's releases.

10.28.3
Fixes

Avoid scheduling suspense state udpates (#5006, thanks @​JoviDeCroock)
Resolve some suspense crashes (#4999, thanks @​JoviDeCroock)
Support inheriting namespace through portals (#4993, thanks @​JoviDeCroock)

Maintenance

Update test with addition of _original (#4989, thanks @​JoviDeCroock)

10.28.2
Fixes

Enforce strict equality for VNode object construct...

Bumps cross-spawn from 7.0.3 to 7.0.6.

Changelog
Sourced from cross-spawn's changelog.

7.0.6 (2024-11-18)
Bug Fixes

update cross-spawn version to 7.0.5 in package-lock.json (f700743)

7.0.5 (2024-11-07)
Bug Fixes

fix escaping bug introduced by backtracking (640d391)

7.0.4 (2024-11-07)
Bug Fixes

disable regexp backtracking (#160) (5ff3a07)

Commits

77cd97f chore(release): 7.0.6
6717de4 chore: upgrade standard-version
f700743 fix: upda...

discord ref: https://discord.com/channels/707636530424053791/1467943417588744292

When storage fills up, opening the client telemetry DB can fail, but aborting the session prevents telemetry from flushing or cleanup from progressing — a catch-22 where the engine can’t proceed to recover.

This change logs and continue on keepalive DB open errors, so clients are at least not stuck waiting for a clientdb prune.

There's probably a lot more we could do here, but this seems like a reasonable start.

If a LICENSE isn't found during dagger init, we create one for you by downloading it from spdx.org.

This creates a network dep, which is especially problematic when there's networking errors from spdx.org and our tests flake out.

It also is probably somewhat impolite to download hundreds of copies of the same license file each CI run.

This changes the default license only (apache 2.0) to be embedded so we can avoid the network dep in that case.

A likely better long-term fix would ...

Hi everyone,

Does anyone know how to export files or directories from the runtime container?

I followed these cookbook examples (thanks for them, btw):

https://docs.dagger.io/cookbook#copy-a-file-to-the-dagger-module-runtime-container-for-custom-processing
https://docs.dagger.io/cookbook#export-a-directory-or-file-to-the-host

However, I can’t find any way to chain an export from within the runtime container.
More specifically, I have an entrypoint module that runs and manages ot...

Turns out some infra providers like AWS CodeBuild are somehow still on Linux kernel 4.14 (despite that one officially being 2y past EOL).

The experience on these kernels is not gonna be ideal in terms of performance but right now the only hard blocker is our use of open_tree and related syscalls during container start (to avoid overlayfs leak issues).

It's pretty easy to just skip that when starting containers, so we may as well to unblock users on CodeBuild. Overlay leaks result in var...

DiffLLB is deadcode

Before:

After:

Along the way: don't print user default: when -s is passed.

Sockets have to be explicitly provided as arguments to the API. If so, then RUN --mount=type=ssh will use that socket.

So if you want to have a function that does a DockerBuild with an SSH socket the code might be like:

func (m *MyModule) DoDockerbuild(dir *dagger.Directory, sshSock *dagger.Socket) *dagger.Container {
  return dir.DockerBuild(dagger.DirectoryDockerBuildOpts{SSH: sshSock})
}

And can then be called like this (or similar):

dagger call do-dockerbuild ...

A skill for writing design proposals for improving Dagger

When the engine started, it was checking mutable mounts for any leftover volatile dirs. The way it did this resulted in the "shared" mount pool needed by overlay cache mounts being skipped. This also ended up being saved as the mounts to use for that ref going forward, which meant any concurrent use of the overlay cache mount would be invalid due to duplicate work/upper dirs and also fail due to volatile existing.

Fix is to just ensure the shared mount pool is correctly used in all cases.

Bumps apko to latest version to fix the CVE

This is an option of the official client libraries, that is not passed through in generated clients.

As reported by @kpenfound

Module loading was specifying an include that had a **/* appended, which appears to create a huge slowdown in monorepos with large directory trees in terms of number of files/dirs.

This specifically applies to a case like:

1. Big monorepo
2. A dagger module subdir that has relatively few files

Before this change, the **/* pattern seemed to be possibly be resulting in walks/checks of the full tree. I didn't take time yet to diagnose why exactly that happens and if it's expected or ...

This is a test for https://github.com/dagger/dagger/issues/8955 Unfortunately there isn't a fix for this, and the test will check for the buggy case.

Once the bug is fixed, this test can be adjusted to test for the correct behaviour.

Fixes https://github.com/dagger/dagger/issues/11724

What is the issue?

When running dagger develop multiple times on the same module, ocassionally the output is different. Specifically the ordering of a particular module type's .MarshalJSON, .UnmarshalJSON functions is changing in the /dagger.gen.go.

I actually found this issue rarely happens so I don't have an exact repro, however I believe I have isolated the root cause of the non-determinism and can show it [using this example repo](https://github.com/chrisjpalmer/dagger-co...

🏗️ 🚧

Fixes https://github.com/dagger/dagger/issues/11798

This re-exports core types and some functions we were missing in generated clients. Without this, users would have to import their generated client and the published library

What is the issue?

When doing a dagger install .. in a CI pipeline the task can fail with:

error setting dir metadata for / lchown / not permitted

The full error from logs looks like:

✘ .export(path: ""): String! 0.0s ERROR
✘ export directory / to host  0.0s ERROR
! error from receiver: error setting dir metadata for /: lchown /: operation not permitted

In this use case, the dagger modules each have tests in a tests directory. i.e. daggerverse/module/tests.

As part ...

Bumps the engine group with 31 updates in the / directory:

This reverts commit f68dea413fe7118330b3eea9196ecbf1463250de from #11685

It broke check.Source() API. It's being added back in #11771

This fixes a loading error that breaks our main module

What is the issue?

In Dang, I placed all my test checks on an intermediate type named Test:

• Getter
• Test type

In Dagger v0.19.10, dagger check -l yielded:

• lint
• test:language
• test:lsp
• test:treesitter

But in v0.19.11, I only get:

• lint

If I merge the `...

Implement https://gist.github.com/shykes/e4778dc5ec17c9a8bbd3120f5c21ce73

What are you trying to do?

After a few talks with some fellow daggernauts, we are all wondering why there is not some kind of curation on the daggerverse.

• Docker Hub has pulls + stars + last updated criteria
• Github has stars and forks
• Packagist has Installs Stars Watchers Forks
• You've got the idea...

IMHO, the daggerverse desperately needs an addition of more criteria or a manual curation to go one step further.
This is a break in the adoption of dagger generally, as I see it.
...

Problem

As of 0.19.11, generated clients are smaller: they import dagger.io/dagger for core types, instead of duplicating it. This includes dagger.io/dagger/telemetry.

This broke a small number of modules (all internally used by us) that manually imported their generated dagger/telemetry package, to use our experimental otel features (attribute definitions etc). As a result these modules fail to load with v0.19.11.

Known affected modules:

Directly affected:

• `github.com/dagge...

The change to telemetry imports doesn't work in dev engines because it ends up requiring import statements change.

Fixing this will require more significant work, just adding a temporary workaround in the meantime to unblock our local dev.

cc @TomChv

This ones been biting me for a while so I'm finally taking a shot at this lol

Fixes using go natively on mac in the dagger project.

Summary

• Export CopyFileContent on darwin in internal/fsutil/copy to match the linux API
• Extract syscall.Mount/syscall.Unmount bind-mount calls from core/changeset.go into platform-specific helpers
• Move 4 Linux-only functions from core/git_remote.go (runWithStandardUmaskAndNetOverride, unshareAndRun, overrideNetworkConfig, runProcessGroup) into git_remote_linux.go
• Move mountIntoContainer from core/service.go into service_linux.go
• Move `pathResolverForM...

Updates the requirements on uv-build to permit the latest version.
Updates uv-build to 0.10.0

Release notes
Sourced from uv-build's releases.

0.10.0
Release Notes
Since we released uv 0.9.0 in October of 2025, we've accumulated various changes that improve correctness and user experience, but could break some workflows. This release contains those changes; many have been marked as breaking out of an abundance of caution. We expect most users to be able t...

Bumps the sdk-java group in /sdk/java with 2 updates: com.palantir.javapoet:javapoet and io.opentelemetry:opentelemetry-bom.

Updates com.palantir.javapoet:javapoet from 0.10.0 to 0.11.0

Release notes
Sourced from com.palantir.javapoet:javapoet's releases.

0.11.0
No documented user-facing changes

Commits

035c1f3 Release 0.11.0
a020cf1 [High Priority] Excavator: Upgrades baseline-error-pron...

Bumps the sdk-typescript group with 16 updates in the /sdk/typescript directory:

Bumps the docs group with 8 updates in the /docs directory:

Bumps the sdk-python-docker group with 1 update in the /modules/ruff/build directory: astral-sh/ruff.

Updates astral-sh/ruff from 0.14.14 to 0.15.0

Release notes
Sourced from astral-sh/ruff's releases.

0.15.0
Release Notes
Released on 2026-02-03.
Check out the blog post for a migration guide and overview of the changes!
Breaking changes

Ruff now formats your code according to the 2026 style guide. See the formatter section below or in the blog post ...

What is the issue?

I have a larger repository which I've adopted to use Dagger. This repository contains a .env file with ~220 env variables, all unrelated to Dagger, which is copied from a .env.template for local dev. I've noticed significant slow downs to module loading when the .env file is present (~1.9s w/o .env, ~26s w/ .env).

This directly impacts all uses of Dagger within this repository.

There looks to be some prior discussion on configuring the env file loading in h...

What is the issue?

I'm not certain how to this occurred, but I wanted to record the error here. I was refactoring an existing module, moving/deleting code (a Release struct) from one module (mod A) to a new one (mod B). When I called dagger functions on mod A the CLI errors with:

$ dagger functions

✘ load module: . 2.2s ERROR
✘ initializing module 0.3s ERROR
! Post "http://dagger/query": command [docker exec -i dagger-engine-v0.19.11 buildctl dial-stdio] has
  exited with exit ...

Update the go_sdk to send a pinned lib version to a commit from dagger-go-sdk.

⚠️ This change the release process, now we will need to update the const in go_sdk to the latest commit of dagger-go-sdk, this commit will not be the one tagged because it's done before the release.
At some point, it would be much better to release the SDKs before the engine so we can set the commit of the released instead of the one before.

When a function return an object that defines check or generat functions, those should appear when we list and be run when needed.

This behaviour has been removed during the migration from the previous checks code to the new ModTree.

fixes #11811

Fixes #11765

Couple of interrelated high-level goals here.

One goal is to reduce usage of "custom recipe digests" and replace them with content digests. This is important for the dagql cache upgrades as recipe digests will be changed to always be purely "recipe", with any additional digests (content, "semantic", etc.) modeled as separate digests. That in turn makes the whole system much simpler algorithmically and makes digests less opaque ("is this a true recipe digest or a cus...

Before this change, manual local-cache pruning only accepted useDefaultPolicy, so teams running with gc=false could not reuse their configured space thresholds and had to choose between all-or-nothing pruning behavior.

After this change, engine.localCache.prune accepts explicit space overrides and applies them per call, enabling controlled manual pruning windows without re-enabling automatic GC.

Added test coverage in core/integration/localcache_test.go, test case `TestLocalCachePru...

Dang now has dang fmt + LSP support - getting this reformat out of the way so it doesn't become a large diff landmine for whoever edits these next.

Follow-up, on top of #11560

Instead of always:

1. ls-remote
2. then fetch

We should be able to only fetch directly to avoid this unnecessary step. This has implications on the function caching, but discussion is open on that

This is an ugly solution still, but the aim is to assess the performance across the entire test suite

Expose generators and generator functions to environments, allowing to access all the generate functions.

Fixes #11750.

The issue is caused by a check on setCallInputs:

if len(arg.metadata.Ignore) > 0 && !arg.metadata.isContextual() { // contextual args already have ignore applied

In this context an argument is considered contextual if either the DefaultPath or DefaultAddress is set. If it is then setCallInputs will not go through the ignore process of directories. The problem: arguments that are contextual (they have a default path) but a user specified a value ...

Before this change, Container.WithExec could panic with "index out of range" while handling exec failures. The failure-handling path assumed mount and output slices were always aligned, and a deferred block could run even when mount preparation had already failed.

e.g.

 panic: runtime error: index out of range [0] with length 0

 goroutine 4176537 [running]:
 github.com/dagger/dagger/core.(*Container).WithExec.func2()
         /app/core/container_exec.go:299 +0x1198
 githu...

This is unrefined slop atm, but directionally correct. Just want to kick off some full CI checks for errors and/or perf impact. Will do human cleanup before bringing out of draft.

Goal is to make the base cache aware of more dagql primitives, specifically of IDs and Results (whereas previously cache was decoupled and generic).

This is another crucial step for replacing the buildkit solver and enables a lot of simplifications + new features.

This is one of those situations wher...

Not sure how this got set to 0.19.20? But it did

The jest module's dang SDK source was unpinned, resolving to whatever main pointed to at fetch time. A breaking change in vito/dang (e5942b3) caused a ~2h window where any CI run fetching the SDK got a compile error. This was fixed upstream (dagger/jest#7), and these test refs now point to commits that include the pinned SDK.

This span is important so the UI knows where to zoom into, otherwise you get a trace that has all the check(foo).run() plumbing around it.

Follow-up of https://github.com/dagger/dagger/pull/11837

PrepareMounts allocates refs in a loop and can fail partway through. Before, callers were responsible for cleaning up partial refs on error. This was fragile: a caller refactor could silently introduce leaks.

Now PrepareMounts cleans up after itself:

• on success, caller owns the refs
• on failure, PrepareMounts releases any refs it created

Includes a regression test for the partial-failure path.

https://go.dev/doc/go1.26

Interested to see if there's anything noticeable in terms of performance

• retire dagger watch - stopped working ages ago I think?
• add dagger trace [--org ]

Currently, trace streams payloads via the existing Cloud GraphQL APIs, converts them back into OTLP data, and exports them back into the local frontend. Alternatively we could add OTLP fetching endpoints to Cloud, and I had a separate PR for that, the main advantage being that you don't need to specify an org, but this PR immediately works without having to bikeshed that and coordinate merging, so...

Context

@nipuna-perera hit a Jenkins-only failure on dagger toolchain install.

The command was resolving the module from DAGGER_MODULE (remote git ref) instead of the local workspace. For local-mutating commands, that leads to: kind must be "local", got "git".

Problem

The error did not explain where the module ref came from, so the fix path was unclear.

Approach

Keep behavior unchanged, impro...

Store and expose the reference to the original module in which the check or generate has been defined (and by extension to any ModTreeNode).
For instance if a check is defined in a Toolchain, Module will remain the root module while OriginalModule will be the Toolchain's module.
That way we can access properties like ModuleSource from a check or generate function.

The OriginalModule is exposed in the schema, I'm not sure it's needed or not. If it's not required I'd be...

Hi,

Is there any improvements about this subject ?

even simpler than dots - just print logs, no dots or report

This converts a panic into an error, so the engine will keep on running when this bug is encountered. Unfortunately this does not fix https://github.com/dagger/dagger/issues/11825

When we use a glob like **/*.go in doc strings or descriptions, that was causing these comments to become invalid syntax.

Before this change, several engine BoltDBs ran with NoSync only, and crashy/shutdown-edge cases could still surface bbolt corruption panics like page ... already freed.

After this change, every BoltDB in this tree that already uses NoSync also sets NoFreelistSync and NoGrowSync, aligning the option set across all DB open paths and matching the mitigation pattern used in containerd.

This updates all four relevant init points: snapshotter metadata store options, containerd metad...

What is the issue?

I have a dagger module where I am
(1) creating a hashicorp/vault server with -dev flag
(2) initializing that vault server with a bunch of policies
(3) initializing a nomad instance running on my local docker using

but I am running into an issue where (2) and (3) aren't always run. Upon further investigation, it looks like its just skipping those initialization steps because its being cached. I created a minimal reproduction of ...

Replace manual generate function exposed in the main .dagger module by dagger generate command:

• add +generate pragma and @generate directive

• rename some of the generate functions to better express what they are doing

  $ dagger generate -l
  Name                        Description
  changelog:generate          Generate the changelog with 'changie merge'. Only run this manually, at release time.
  docs:references             Regenerate the API ...

Bug Description

After a Dagger session completes (or fails), the BuildKit solver's in-memory vertex cache (actives map) can retain stale session ID references. When a new session connects and resolves the same LLB vertex digests (same Dagger module, same code), the solver reuses the cached vertex state. The reused state's NextSession() iterator walks parent states and finds the dead session ID, causing a 5-second timeout per cache key lookup. Every subsequent job fails within ~10 seco...

Nullable return types from functions weren't propagating from the Nullable-wrapped result to the de-ref'd un-null result.

This meant nullable return types from functions would not get cached. It seems most SDKs end up using Non-nullable types for the most part in practice, but we just hit this in Dang where you can easily specify a type as Nullable.

Along the way I noticed a quirk with the sqlite db TTL checks in that we were always following the "TTL expired" branch even when there act...

(still deep in the process of de-slop-ification, not human readable or fully tested yet)

This is the next step in the process of migrating all caching to dagql (away from buildkit and its solver)

• previous step

It updates the cache implementation to use smarter data structures and algorithms, namely a union-find structure wrapped up as an e-graph. This:

• Maximizes our ability to find cache...

This is so that we can develop dagger/dagger with git worktrees. This should greatly simplify agent setups. I tested locally and it looks good, I can dagger-dev -m version call version from a regular branch or a worktree and it works correctly. Using main dagger the same command does not work in a worktree.

Summary:
In git worktrees, .git is a file (not a directory) containing a gitdir reference. This caused Dagger to crash when trying to sync .git as a directory. This change adds workt...

Splitting this out of #11812 so I can get a clean test of it in isolation to make sure the accompanied refactor didn't break anything.

Add the ability to decorate a function with @Generate annotation in Java SDK.

Expand integration tests to cover java.

Release v8.3.0

Fixes #11656

Users expectchangeset.layer to follow 3 simple rules for scoped changesets:

1. diff only what is inside the selected scope
2. keep the resulting layer shape at that same scope
3. if there are no scoped changes, the layer must be empty

Before this change, changeset.layer called before.Diff(after) directly. For scoped inputs, that bypassed the resolver diff path that normalizes both sides before diffing, which could lead to inconsistent scoped output, breaking 1 and ...

I was helped on discord learn about the .env file features for defaulting of arguments and since there was no documentation covering the feature I offered to add a quick page and was told that would be great.

I verified that the docs build and that they look correct and all links are functional when running the doc server. I also validated that all of the cases I documented here function the way they are documented.

Bumps the sdk-java group with 3 updates in the /sdk/java directory: com.palantir.javapoet:javapoet, org.junit:junit-bom and io.opentelemetry:opentelemetry-bom.

Updates com.palantir.javapoet:javapoet from 0.10.0 to 0.11.0

Release notes
Sourced from com.palantir.javapoet:javapoet's releases.

0.11.0
No documented user-facing changes

Commits

035...

Bumps the sdk-typescript group with 17 updates in the /sdk/typescript directory:

Bumps the engine group with 32 updates in the / directory:

Bumps the sdk-java group with 4 updates in the /sdk/java directory: io.vertx:vertx-web-client, com.palantir.javapoet:javapoet, org.junit:junit-bom and io.opentelemetry:opentelemetry-bom.

Updates io.vertx:vertx-web-client from 4.5.24 to 4.5.25

Commits

30d906a Releasing 4.5.25
c89f11c Update to testcontainer...

When DAGGER_MODULE is set, the module is silently loaded with no visible
indication in the TUI.

This PR fixes that by always displaying the name of the module being loaded.

Fixes #11802

Go module codegen had a nondeterministic edge case: when types or methods share the same source position (notably token.NoPos), Pos()-only sorting cannot define a stable order.

This showed up as occasional reordering of generated blocks (e.g. MarshalJSON / UnmarshalJSON) between identical runs, producing noisy diffs in generated code.

Add shared comparators with explicit tiebreakers (position, package path, name) and use them consistently across all codegen sorting...

git is needed for workspace detection (.git root), apk for runtime package installs.

What is the issue?

Setting OTEL_EXPORTER_OTLP_METRICS_ENDPOINT on the Dagger engine process has no effect — metrics are never exported to external OTLP collectors.

Root cause

cmd/engine/telemetry.go:53-55 calls telemetry.Init() without Detect: true:

ctx = telemetry.Init(ctx, telemetry.Config{
    Resource: otelResource,
})

When Detect is false (zero value), Init() at sdk/go/telemetry/init.go:398 skips the block that calls ConfiguredMetricExporter() — t...

Extracting a backwards-compatible portion of #11812 that we can ship first and begin adopting in the repo.

Take advantage of the new workspace API to adopt it in our own modules.

Bumps the sdk-typescript group with 18 updates in the /sdk/typescript directory:

Bumps the sdk-typescript group with 17 updates in the /sdk/typescript directory:

Also fix a bug introduced by the bug on env path.

What is the issue?

Error when trying to pass in a default that looks like a number

Dagger version

dagger v0.19.10 (docker-image://xxxinternalurl:0.1.115) linux/amd64

Steps to reproduce

• Create a dagger module dagger init --sdk=go
• Create a toolchain in a subdir toolchains/test-toolchain using dagger init --sdk=go again
• In the first module you created run dagger toolchain install ./toolchains/test-toolchain/
• in dagger.json add the customization below
• run `dagge...

What is the issue?

The casing of the function and argument field seem to be the casing of the actual implementation.

For example in the go default example, the functionName is ContainerEcho. I don't think this is by design because it is surprising, considering other views on function names are standardized for the environment they are being used in. My first instinct was to use the names as shown by the CLI when using help commands or invoking things.

If it is by design and shoul...

What are you trying to do?

We are trying to build toolchains that offer a very standardized out-of-the-box experience with our templates. While doing this we noticed that it's not easy to design these without some arguments being repeated between the functions we expose.

For example, for our dotnet toolchain, we want to offer an override for the SDK image to be used. This is needed for pretty much all the features we expose and we end up with a large amount of repeated defaults in custo...

Description

When using _EXPERIMENTAL_DAGGER_CACHE_CONFIG with an S3 backend, the Dagger engine crashes with a Go stack overflow during the cache export phase on the second run of a pipeline. The first run succeeds and populates the S3 cache. Any subsequent run that imports this cache and then tries to re-export crashes the engine.

Environment

• Dagger version: v0.19.11
• Engine: Remote engine on EC2 (Amazon Linux 2023, c7i.xlarge24, 192GB RAM)
• Cache config: `type=...

• return container instead of an error. As returning a container the engine will sync to return the error, that's exactly what was done. By making the container available, it's easier to debug as we can dagger call python-sdk lint terminal
• limit lint-docs-snippets check to lint docs... Previously it was also linting sdk/python that added confusion in check results as the same error appeared multiple time

What is the issue?

dagger check --scale-out currently shows a passing check and exit status 0 even if checks failed.

There's a different in the local (to the engine) vs. scale-out paths.

The local path directly calls the underlying function, which will bubble up an error if the call returns it (or returns a Syncable object that fails on sync):

https://github.com/dagger/dagger/blob/42bb3b568c0a38671561a1f40e7a40cba49cde60/core/modtree.go#L151-L171

The scale-out path however just q...

This adds telemetry to Python SDK tests so we can see each individual test passing in the traces/cloud.