#feat: dagger module by migmartri · Pull ...
modern widget
There are two "minor" things that I haven't figure out or I think it could be improved
attestation initin our regular CLI returns more context to the user in the form of logging to stderr. With Dagger this doesn't seem to be possible.- I don't seem to be able to pass a "string" as a
secretargument. For example
This works
func (m *Chainloop) AttestationPush(ctx context.Context, passphrase string,
...
WithSecretVariable("CHAINLOOP_SIGNING_PASSWORD", dag.SetSecret("CL", passphrase)).
but passing a secret directly doesn't .
func (m *Chainloop) AttestationPush(ctx context.Context, passphrase *Secret,
it says secret env var not found so it seems that the value provided is just a secret name, not the actual value. Is there any way to pass a secret by value? or is it passing a string the right way?
Thanks!
sterile pulsar
@gleaming loom @fickle bobcat take a look 🙂
gleaming loom
Hey @modern widget 👋
On the secret input, by default the syntax is --passphrase MY_PASSPHRASE where MY_PASSPHRASE is the name of an environment variable with your secret value, not the secret itself. I don't think this is documented today.
For the stderr, you could potentially call both stdout and stderr instead of just stdout here: https://github.com/chainloop-dev/chainloop/pull/502/files#diff-3c3d22e7e56b22d040f0298fee1b79c30493a0bf441cb5b5a7e8163946de4d3fR41
That would be an additional line like
stderr, err := m.cliImage().WithExec([]string{"attestation", "init", "--remote-state", "-o", "json"}).Stderr(ctx)
Because of the caching, this won't actually execute attestation init a second time
sterile pulsar
Thanks for doing this @modern widget ! We are looking forward to featuring it!
modern widget
btw, I am trying to publish to daggerverse and I get this error https://daggerverse.dev/crawl/github.com/chainloop-dev/chainloop/extras/dagger@bacb7c758f1dff569e7711026f7d715bc399eda4
The error seems to say something like "failed to parse method AttestationReset:" and I am wondering if this has something to do with the use of Optional param modifiers (it's the only method that uses it)
func (m *Chainloop) AttestationReset(ctx context.Context, trigger, reason Optional[string], attestationID string)
gleaming loom
Yes good call! As of v0.9.9, Go's Optional is replaced with the // +optional syntax the same as the other SDKs. More info here: #daggernauts message
here's the git diff on one of my modules I updated https://github.com/kpenfound/dagger-modules/commit/75312746d4654ee0679647bc04921e47ba47c92f#diff-ca31f40efdb6fb4cfd8e16486a98341cdad61808cfc00c06f7333a785a178543
modern widget
perfect
For the stderr, you could potentially call both stdout and stderr instead of just stdout here: https://github.com/chainloop-dev/chainloop/pull/502/files#diff-3c3d22e7e56b22d040f0298fee1b79c30493a0bf441cb5b5a7e8163946de4d3fR41
by this you mean to concat both outputs and make it a single return string?
I'd rather keep the output what it should be (attestation ID returned by the init function)
or is there any way I can pipe to daggers stderr?
fickle bobcat
@modern widget like this? https://github.com/jpadams/both/blob/main/main.go#L19
It's an example of how you can use the partial lazily-evaluated pipeline in the WithExec() and get both the Stdout and Stderr from the same command when needed.
modern widget
I see, thanks for the pointer
I don't think I want that. I still want callers of the Init method to be able to easily consume the returned ID. Not to parse the output that will contain in that case some logging output + the ID
gleaming loom
Ah got it. I think what you probably want is discussed here: https://github.com/dagger/dagger/issues/6442
modern widget
yeah, it's more about logging, I am keeping an eye on that
thanks though for double checking
re
: On the secret input, by default the syntax is --passphrase MY_PASSPHRASE where MY_PASSPHRASE i
I need to admit that I am not that familiar with the Secret primitive in combination with modules. But if doing dagger call myMethod --passphrase MY_PASSPHRASE means that in my module what it will happen is to resolve an env variable $MY_PASSPHRASE, my question is, how do I get the value in there in the first place? I do not think the new dagger allows "bringing" env variables from the host right?
in other words, if I need to pass the actual value, i.e an API token, is string parameter type the only one suitable for the job or am I missing something?
fickle bobcat
No, you can have a Secret as an input type and use a secret from the host environment or host filesystem by specifying a the ENV VAR or file "container" versus the secret contents themselves.
So if your secret is in the local env var MY_PASSPHRASE (or a similar thing for a local file file:/foo/secret.txt), you can get the value of the secret into your function's argument with
env var
dagger call yourfunc --passphrase MY_PASSPHRASE
# or
dagger call yourfunc --passphrase env:MY_PASSPHRASE
thanks for the explanation Jeremy, I just upgraded my module to leverage secrets by reference https://daggerverse.dev/mod/github.com/chainloop-dev/chainloop/extras/dagger@ecd42adcd353259c8e879f0950838f61bbf395ca
I have to admit that the fact that by default the CLI resolves a secret as env variable is confusing to me. I like the prefixes env: or file: so I'd rather those prefixes to be required than accepting no-prefix, because for some reason to me, in my head, no-prefix means "by value". Probably because --flag $MY_VAR is what I always do with most of the commands I use.
In any case, this is just feedback, zenith is looking good and I appreciate the responsiveness! 🙂