#🚀 v0.15.1

👋 <@&946480760016207902> following up from #1309173342586277930, we're doing v0.15.1 very soon (today?)

https://github.com/dagger/dagger/milestone/70

looks like we accidentally introduced a regression into v0.15.0 around metrics displays, so we want to do a patch release today to fix this: https://github.com/dagger/dagger/pull/9171

@rancid birch has [volunteered to run it](#1309173342586277930 message) - we'll need the latest batch of release improvements in https://github.com/dagger/dagger/pull/9175

Putting this on your radar in case we get confirmation that this is indeed a bug in go-github: https://github.com/google/go-github/issues/3384

This has now been confirmed as missing functionality in need of enhancement. Will be looking at a fix now.

oops https://github.com/dagger/dagger/pull/9180

genius level move from me here 😛

@fierce heron do you want to give the running the release a try? I'm happy to help and be available for the whole process

🎉 🎉 someone should add @fierce heron to https://github.com/orgs/dagger/teams/releng 😄

Oh right, added him

process to follow is https://github.com/dagger/dagger/blob/main/RELEASING.md

there's also a 1password vault which has some credentials that are occasionally useful for emergencies

yeah i do

will take a look post-meeting

https://github.com/dagger/dagger/pull/9172 waiting for crypto dep bump

can i sneakily rebase the prep PR?

from the content, i don't see why not

I'm rebasing and updating some files, might be easier to wait a min

i mean rebase the prep PR on main after you've merged

Oh yeah, that sgtm

yup, shouldn't be an issue with rebasing 😄

Yeah sure, need documentation as well

@fierce heron i'm so glad it's close to a single script

that did not use to be true at all 😄

Just merged that PR

it's at the point where as i'm copy pasting the commands i am confused as to why they're not in a bash script with -ex pipefail, which is a very positive signal

These are all the docs: https://github.com/dagger/dagger/blob/main/RELEASING.md if that's what you were referring to

yeah im following that now, saw jed post it

Let me know if you want me to be on standby in lounge or anything, happy to check stuff along the way if helpful

👍 discord calls are superborked for me today so it'll be fun if that's needed

yeah feel free to add any improvements to the process as you go - consolidating steps, etc, are all very welcomed

Oh right, well Zoom or anything else works too 😄 Just let me know, text chat works too

there's the improvements pr for that

although, of course, the dream is to have releaser/main.go as the "release entrypoint" - you call a function in there, and it all just goes

anyways, i'm on my way out the door now, good luck with the release ❤️

@fierce heron, is it too late or can you hold for 10 mins? Wanna try getting https://github.com/dagger/dagger/pull/9063 in.

yep i can wait

was just about to rebase

Tests are passing locally, PR is rebased and approved. So it's just a matter of checks passing.

Merged, thanks!

❤️‍🔥

grep is failing me here, i got timeout failing checks for -q check and engine lint, which gha runs those so i can rerun? @rancid birch @upper venture

That's https://github.com/dagger/dagger/issues/8570, which is just a cloud-related issue. The actual corresponding GHA checks are passed, so you can ignore for the moment

is the corresponding gh check Engine & CLI / lint (pull_request) ?

Yes

Huh, I think you've hit the first test flake I've seen in like over a week: https://v3.dagger.cloud/dagger/traces/10f3b03d05da4654646b8bb8effb9f28

It's just a telemetry test showing there was some extra output, but I don't think it's important yet. I'd open an issue for it as a flake and just re-run that job to be extra sure it's not consistent

Oh just saw you merged already, that's okay because it will re-run on main. Still worth a flake issue (whenever you have a sec, not an emergency)

@rancid birch probably not for this release, but I think I fixed the other remaining cross compilation flake in a PR somewhere

I think its the dumb-init one

human error, i swear i saw all the checks pass

apart from the lint ones obviously

i probably had a different PR open in a tab

No problem at all, no harm done. But yeah I've learned over time that when doing a release I have to have a dedicated browser window + terminal and put everything else out of sight in a different workspace otherwise I get lost in my 10k tabs 😄

i've got the dedicated terminal, that part was immediately obvious from the exports in RELEASING.md

i've been seeing the ✘ moby.filesync.v1.FileSync/DiffCopy X.Xs \n! transport is closing shit randomly while developing, too, so very much some real flaky behavior. any theories?

It's a buildkit internal thing that we don't care about, but I think it started appearing occasionally after the recent telemetry changes, it used to be hidden

Hm somehow the publish workflow failed

https://github.com/dagger/dagger/actions/runs/12303751404/job/34339587043#step:4:5713 it's saying the CLI already exists?

Not seen that one before 😭 maybe the goreleaser bump was bad?

was that changed in the improving releasing PR? Just so I can look in parallel

https://github.com/dagger/dagger/actions/workflows/publish.yml if you back out to the action, it does look like it's running twice

Yeah I'm actually not able to look, I'm on mobile and should not be looking at this 👀

i thought this was suspicious

it's only supposed to run on tags, i imagine?

No I also publishes nightly builds on every main

gotcha

It looooooks like the release on gh is good

The publish metadata step didn't run tho

But yes it ran here

https://goreleaser.com/errors/release-upload/#1-a-github-bug-in-which-it-successfully-fails-to-upload

Found this

sooo what are next steps here then? should i try to make publish more reentrant (eg ignore failures due to the upload existing?)

or just rerun maybe?

Can we manually run the publish metadata step? Otherwise I guess we might need to delete the published artifacts and re-run the whole job in CI

(Sorry not up to date on the new stuff there, trying to not bother you more than necessary)

Yes this can be run manually

I would suggest running them all manually?

You could tryyy

        uses: ./.github/actions/call
        with:
          function: |-
            cli \
            publish-metadata \
            --aws-access-key-id=env:AWS_ACCESS_KEY_ID \
            --aws-secret-access-key=env:AWS_SECRET_ACCESS_KEY \
            --aws-region="$AWS_REGION" \
            --aws-bucket="$AWS_BUCKET" \
            --aws-cloudfront-distribution="$AWS_CLOUDFRONT_DISTRIBUTION"
        env:
          AWS_ACCESS_KEY_ID: ${{ secrets.RELEASE_AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.RELEASE_AWS_SECRET_ACCESS_KEY }}
          AWS_REGION: ${{ vars.RELEASE_AWS_REGION }}
          AWS_BUCKET: ${{ vars.RELEASE_AWS_BUCKET }}
          AWS_CLOUDFRONT_DISTRIBUTION: ${{ vars.RELEASE_AWS_CLOUDFRONT_DISTRIBUTION }}
      # TODO: move this into dagger function call
      - name: "Notify"
        uses: ./.github/actions/notify
        if: github.ref_name != 'main'
        with:
          message: "🚙 Engine + 🚗 CLI: https://github.com/${{ github.repository }}/releases/tag/${{ github.ref_name }}"
          discord-webhook: ${{ secrets.NEW_RELEASE_DISCORD_WEBHOOK }}

lotsa creds here to find lol

Theoretically. You could delete the release and run it again.

This should be "fine"

Whether that's good practice or not lol

But if it's just ephemeral

Then it should succeed

(we have done this before I think)

You could delete the release
we're talking just the github release here, right? no other side-effect uploads happening here?

I would maybe confirm this first, and check to see it's not the other options

Hm it does go and rebuild the engine and cli and upload them

So it would push a new engine tag

But essentially this, if the creds aren't accessible

I'm checking if I have access

manually running the publish metadata seems less risky if possible

alright, deleting the gh release is easy enough (and looks like i have access), but i don't know off the top of my head where to delete the engine tag much less whether i have creds

Oh I wonder if - did publish succeed on main before you tagged?

That would maybe explain it running twice 🤔🤔🤔🤔🤔

https://github.com/dagger/dagger/actions/workflows/publish.yml no it did not, it's still running

When you have confirmed that all checks on $RELEASE_BRANCH are green, run the following: ahhh i read this as PR_BRANCH

https://github.com/dagger/dagger/actions/runs/12303726162 the checks on main seem stuck in a never-ending pending state

oh nm it failed finally

main publish failure

typescript sdk fail: ```
Error: failed to execute function with automatic provisioning: InitEngineSessionBinaryError: failed to download dagger cli binary: Error: failed to download dagger cli archive from https://dl.dagger.io/dagger/main/196f232a4d6b2d1d3db5f5e040cf20b6a76a76c5/dagger_196f232a4d6b2d1d3db5f5e040cf20b6a76a76c5_linux_amd64.tar.gz

and 403'd on checksums for the go sdk

(double checking if I found the right creds in DMs)

Ahhhh

Yeah okay this will have been the cause

The checks effectively ran twice - this is a horrible bug in how goreleaser handles tags

I can fix this tomorrow I think

But if we deleted the tag and the release and went again, it should just all resolve

Thanks for finding that lol 😆

so just to clarify, delete the release on github and then re-run the publish job from the v0.15.1 tag?

i will fixup the release docs, also. ``` When you have confirmed that all checks on $RELEASE_BRANCH are green, run the following:

the when implied that i had done that in previous steps

also unclear if we need to delete the "engine tag" (presumably this is a registry tag?)

it's still unclear to me if we need to rerun the one on the main commit, too, but it can't hurt.

Okay, I was super confused at first because I was looking at the CI runs for the latest commit on main, but for some reason GH links to the v0.15.1 tag CI there, not main. I get what happened a little more now.

I am not sure about being able to just run the publish metadata step manually anymore, there's a bunch of other publish jobs that depend on it that we'd need to run manually too. I'm trying to trace through everything that happened in publish to see what we need to "undo"

grabbing a snack quick, I'll join lounge after and look through that

sg i just reheated lunch

Yes I think so

Yeah pretty sure about this 🙂

I have done this before (at someeee point)

So delete release and re-run on tag

Is everything else idempotent in that we won't just hit an error re-publishing stuff?

The engine and cli will republish - but I think they overwrite the existing artifacts

So "it's fine"

That's what was making me think we'd need to track down everything and delete it, but if it's idempotent-ish enough then that's not necessary

The other super super backup option is "skip .1, it's borked, and do .2"

true

It's idempotent-ish yes 😂😂😂

A statement

no need to worry that we never completed a publish run on non-tag main?

Yeah that should be fine

They're "separate"

onnit then

Except in this bizarre edge case

https://github.com/dagger/dagger/actions/runs/12303751404 running

lookin good now

Yeah publish succeeded 🎉 daggerverse bump hit an error: https://github.com/dagger/dagger/actions/runs/12303751404/job/34342438240#step:3:4808

Looks like something related to changes in https://github.com/dagger/dagger/pull/9167

was just posting that 🙂

That's fortunately not that devastating, easier to do manually

everything else looks good though, phew

its actually this PR https://github.com/dagger/dagger/pull/9175 that introduced the issue, not 9167

Yeah I think it might just be a string interpolation issue https://github.com/dagger/dagger/actions/runs/12303751404/job/34342438240#step:3:101

That release token is in our 1password I believe, I can DM you the name. It looks like it should be safe to just run that dagger call locally then

Ayyyy

Nice well done me

Yeah definitely string interpolation, although I’m rusty enough with the gha that it’s unclear to me why it’s not templating that particular string

oh lul it's missing $

you can't forget to give microsoft their $

Yeah we can fix in the improve releasing PR

i got the thing all prepped to run locally, i just don't know what to actually use as the github.actor value

is it me or a bot?

(the bot would be the 1p entry's account presumably)

found it, it's me

hmmm now it's missing a command when trying to run the engine

│ ✔ .withExec(args: ["--addr", "tcp://0.0.0.0:1234", "--addr", "unix:///var/run/buildkit/buildkitd.sock", "--network-cidr", "10.12.34.0/24"], insecureRootCapabilities: true, useEntrypoint: true): Container! 0.0s
│ ✘ .asService: Service! 0.0s
│ ! no command has been set

Yeah that's the breaking change from v0.15.0, needs an update (can also include in the improve releasing PR), along the lines of https://github.com/dagger/dagger/pull/8865/files#diff-5e1df8cb218aca17cfd229832a2f41f46d4c1825d55c006500945c737c047aa9R35

I think if you just changed the engineVersion in dagger.json for that module locally to v0.14.0 it'd work

threw a UseEntrypoint on there, but will do withdefaultargs instead when PRing

ah nm i think its hanging with the useentrypoint

(hmmm so super non urgent, but just noticed that we didn't get notifications in the #releases channels for the SDKs)

Huuuuuge kudos for taking the release @fierce heron 💜

Yeah, I was wondering the same thing because I use that as my blog post trigger.

looking at the publish.yml run that went through, ``` Releaser.notify(
1427: │ │ discordWebhook: setSecret(name: "e9388b86e76c333efcf4d3c32c5b04a36cdda0940d0c7d1fa1a07ee8f47a3bc1"): Secret!
1427: │ │ name: "🐍 Python SDK"
1427: │ │ repository: "https://github.com/dagger/dagger.git"
1427: │ │ target: "sdk/python/v0.15.1"
1427: │ ): Void

i don't trust discord at all today though so 🤷‍♂️

on the Double-check that all the above packages have been correctly published and updated to their latest versions. step, confirmed everything except the CLI download, for me the given url https://dl.dagger.io 403s?

Yeah that link is not helpful, there's only public access to the binary paths, but it's just linking to the root of the bucket.

curl -L https://dl.dagger.io/dagger/install.sh | BIN_DIR=~/bin sh works and the SDK provisioning tests passed, so the bucket was updated successfully

tags are all present here https://github.com/dagger/dagger/tags and on the go+php mirrors as well, so moving on to the improve releasing steps

@rancid birch linux checksums seem to be failing in OSS CI ? and probably related https://github.com/dagger/dagger.io/pull/4119 ci checks failing in cloud

Hmmm... It works for me on linux/arm64:

sipsma@dagger_dev:~/repo/github.com/sipsma/dagger$ curl -fsS https://dl.dagger.io/dagger/install.sh | BIN_DIR=~/bin sh
sh debug downloading files into /tmp/tmp.DlSpP0mDQk
sh debug http_download https://dl.dagger.io/dagger/releases/0.15.1/dagger_v0.15.1_linux_arm64.tar.gz
sh debug http_download https://dl.dagger.io/dagger/releases/0.15.1/checksums.txt
sh debug display shell completion instructions

I'll see if I can check if it's x86 specific somehow

works fine on macos too

but there are a bunch of provisioning tests that should have caught this earlier, they passed though, so not sure what changed

Hmmmm oh I wonder if this is because of the fact we deleted some artifacts and we got different checksums

sounds likely

If so it's cached in cloud front

The solution would be to invalidate the cloud front cache - I thiiiink the AWS creds we have can do this

Yeah if I change install.sh to force x86_64 I hit it too:

sipsma@dagger_dev:/tmp$ BINDIR=./bin ./install.sh 
./install.sh debug downloading files into /tmp/tmp.KdZIxXDidt
./install.sh debug http_download https://dl.dagger.io/dagger/releases/0.15.1/dagger_v0.15.1_linux_amd64.tar.gz
./install.sh debug http_download https://dl.dagger.io/dagger/releases/0.15.1/checksums.txt
./install.sh err hash_sha256_verify checksum for '/tmp/tmp.KdZIxXDidt/dagger_v0.15.1_linux_amd64.tar.gz' did not verify 5230bfd932ecaa02266efd830c5cf793367433242aec2ff6b3c133238bf8d266 vs 228c046ecaaa5a1cb5bc8dea12b8341f34e1128cc834f2dcd921bcbe6e72d10c

The command to do this is part of the release metadata step

the one extra weird thing here is implication that macos and arm builds are repeatable but the x86 isn't lmao

looking now

hmm i see ``` WithExec([]string{"aws", "cloudfront", "create-invalidation", "--distribution-id", awsCloudfrontDistribution, "--paths", "/dagger/install.sh", "/dagger/install.ps1"})

// update version pointers (only on proper releases)
if version := cli.Dagger.Version; semver.IsValid(version) && semver.Prerelease(version) == "" {
    cpOpts := dagger.ContainerWithExecOpts{
        Stdin: strings.TrimPrefix(version, "v"),
    }
    ctr = ctr.
        WithExec([]string{"aws", "s3", "cp", "-", s3Path(awsBucket, "dagger/latest_version")}, cpOpts).
        WithExec([]string{"aws", "s3", "cp", "-", s3Path(awsBucket, "dagger/versions/latest")}, cpOpts).
        WithExec([]string{"aws", "s3", "cp", "-", s3Path(awsBucket, "dagger/versions/%s", strings.TrimPrefix(semver.MajorMinor(version), "v"))}, cpOpts)
}

WithExec([]string{"aws", "cloudfront", "create-invalidation", "--distribution-id", awsCloudfrontDistribution, "--paths", "/dagger/install.sh", "/dagger/install.ps1"})
is the only one that's invalidation specific

so i'll try that i guess

i don't think i have these particular AWS powers @rancid birch

logged in, found the distribution in CI output, but command is accessdenied

I'll DM to make sure you're using the right 1password creds

RELEASING.md tells me to ping @silk token @urban bison @slate quiver @whole fossil if anything on this PR fails. i don't want to do this but markdown may as well be legally binding. it's just the preview environment creation, no idea if that matters

https://github.com/dagger/dagger-for-github/pull/166 lookin for a review @silk token @upper venture @whole fossil

@fierce heron I can do the release of the action or let you prosecute the markdown 🙂

I'll do the release of the action

oh, I see you did it @fierce heron . Sweet.

i already got got once today by not reading the markdown carefully enough, now it's getting followed to a T lol

we're all good at this point, hanging shit for tomorrow is https://github.com/dagger/dagger/pull/9189 and https://github.com/dagger/dagger/pull/9192

pushed a commit to resolve this properly i think: https://github.com/dagger/dagger/pull/9189/commits/f329b47a6618c3fd66bc56abc8b572871f12d03a

the problem is that we were auto-detecting which tag to publish under from the git status

but - this really really isn't a good valid thing to try doing

since we can have the exact scenario that we did - so instead we need to use the tag from the github event

🚀 v0.15.1

sigh, and here's why the discord notification didn't trigger: https://github.com/dagger/dagger/pull/9189/commits/9628b9901bd8863c210bc1b7ba965a0f0056085c

sigh i guess detecting version info from git just has this problem

but because of the version module, it's all kind of gotten spread out through the code, instead of passed down from one place

i wonder if this is just fundamentally the wrong way of doing things (because it's just so stateful)

it feels somewhat fundamental - a release is "triggered" by an event (like a main or a tag push) - the type of that event (main or tag) determines what version number we get, but we're currently only attempting to derive this from inspecting the git directory - which might change on re-runs (new tags can appear/disappear)

i think what i really really want is the idea of a "contextual event" - so that i could have the version module know what github event triggered it - and then on tagged builds, it just validates that the tag exists, but on main builds, it can auto-derive it's weird pseudo-version vX.Y.Z-timestamp-commit

but now that's putting provider specific logic deep into modules, which feels like a design smell

Great to see this working!

@fierce heron any specific ideas here, or am i just making no sense?

it feels tangential to what we discussed around native ci, and a "event-driven" vs a "state-driven" model

Nicely done @fierce heron ! What a first ride 🎠

@upper venture for the test results publishing usecase, I made changes to add github event data to dagger module (still a WIP PR). https://github.com/dagger/dagger/pull/9011/files#diff-844c5083ad869965eb8bea7310291bcec5f105c66c861d61faa17a43579b3d8c

do you think that kind of info could be useful in general to what you are looking for

maybe? it's sort of useful, but i think i'm more interested in what this might look like if we had automatically propagated

having thought about my little rant above, I actually think it's okay to determine the version number based off the git state - as long as this doesn't determine the publishing
events should drive publishing (or at least, that's the way we currently do it). the builds can be driven by the state though

i need coffee still but i'm like 80% following. i do think making trying to make the process less stateful and more re-entrant is the problem to solve, how to get there is hazier for me.

@upper venture "events should drive publishing" what events are we talking about here?

or at least, that's the way we currently do it
Should we re-evaluate that? I don't know how big of a change it would be to switch to an artifact driven workflow, but it might reduce some of these headaches

"artifact driven" "event driven" "state driven"... all of these things are isomorphic to me depending on context and tools, anyone care to disambiguate and concretize the imagined differences?

part of my difficulty here is probably concourse-brain, like in concourse eventing is driven by state changes to artifacts lol

yeah I can try 😂 these might be slightly different answers depending on who you're asking, but specific to how releases happen:

• "event driven" - something happens in git like a commit or a tag and we run some jobs. If its a tag, we know what tag was created from the event metadata and can pass that information through for things like build metadata
• "state driven" - something happens in git like a commit or a tag and we run some jobs. We don't know anything about the event, but we know we were asked to run a release pipeline, so we use the information available in git to decide what to do
• "artifact driven" - every git commit on main produces artifacts. The process of releasing selects the artifacts of a commit to promote rather than rebuilding everything when we push a tag that we've theoretically already built before

❤️ tq that helps, now im curious if @upper venture was using these words the same way. artifact-driven seems a good goal. driving the artifact builds obviously requires some level of state-driven-ness.

from my one run of this, i can say part of the challenge here is that we have a good amount of state to modify when we prep the release --- we commit this, and then need to use artifacts that come from that specific commit, which we eventually tag. this muddles the state vs artifact-driven thing, like a lot of the benefits and simplicity of the artifact-driven approach are lost when we need make changes prior to cutting a release

Yeah exactly, stuff like that would have to change a bit. Basically any commit should be considered release-able (without rebuilding w modified metadata or anything), so bumping any version information would usually happen immediately after a release (so we release 0.15.1, then change immediately main's semver to 0.15.2 so that any subsequent commit could be released as 0.15.2)

that makes bumping minors and majors kinda weird, no? i guess maybe you just never release the patch version

Usually it's handled through some kind of committed metadata rather than git information. For example https://github.com/hashicorp/vault/blob/main/version/VERSION

and then any artifact built with this could be released and tagged as 1.19.0-beta1. I think in that case we had a workflow that would go bump that file after a release automatically

i just mean that by default you'd release a bunch of 0.15.3-betaXs, then when you decide to bump minors or majors, you'd change that file giving you 0.16.0-betaXs

and doing that at the last minute could be weird

but i guess worst case the commit that bumps the version would get beta1 and you'd use those artifacts for the release

yeah it helps to have an automatic process to bump that as soon as you release a version. But there's other ways to solve that problem too