dagger-modules
container images, and for verifying Kubernetes deployment repos.Installation
dagger install git.xarif.de/base/dagger-modules@25ae1687fb911cc9f33042c2b60bc2dabf60427eEntrypoint
Return Type
DaggerModulesExample
dagger -m git.xarif.de/base/dagger-modules@25ae1687fb911cc9f33042c2b60bc2dabf60427e call \
func (m *MyModule) Example() *dagger.DaggerModules {
return dag.
DaggerModules()
}@function
def example() -> dagger.DaggerModules:
return (
dag.dagger_modules()
)@func()
example(): DaggerModules {
return dag
.daggerModules()
}Types
DaggerModules 🔗
DaggerModules is the main entry point for the Dagger module.
buildImage() 🔗
BuildImage builds a container from a Dockerfile in the given source directory and, optionally, runs a YAML-defined test suite against the freshly-built container before returning it.
When --tests is omitted, the build is pure (no execution) and returns the
container lazily. When --tests is supplied, tests are executed eagerly and
any failure short-circuits the call with an error.
PublishImage delegates to this function; there is no separate TestImage.
Return Type
Container !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| source | Directory ! | - | Source directory containing the Dockerfile |
| dockerfile | String | "Dockerfile" | Path to the Dockerfile relative to source root |
| buildArg | [String ! ] | - | Repeatable build arguments in KEY=VALUE form (e.g. `--build-arg=VERSION=1.2.3`) |
| buildSecret | [Secret ! ] | - | Repeatable build secrets, each provided as a Dagger secret. Inside the Dockerfile, mount as `RUN --mount=type=secret,id=<secret-name> ...`. The secret's Dagger name (set via `--build-secret=name:env://VAR`) is used as the secret id. |
| platform | String | - | Target platform (e.g. `linux/amd64`, `linux/arm64`). Defaults to engine native. |
| target | String | - | Target build stage in a multi-stage Dockerfile. |
| tests | File | - | YAML test specification file. When provided, tests are executed against the built container and any failure aborts the call. |
| root | Directory | - | Root directory of the repository. Used to resolve mount paths in test specs independently of the build-context (--source). Defaults to the caller's working directory. |
Example
dagger -m git.xarif.de/base/dagger-modules@25ae1687fb911cc9f33042c2b60bc2dabf60427e call \
build-image --source DIR_PATHfunc (m *MyModule) Example(source *dagger.Directory) *dagger.Container {
return dag.
DaggerModules().
BuildImage(source)
}@function
def example(source: dagger.Directory) -> dagger.Container:
return (
dag.dagger_modules()
.build_image(source)
)@func()
example(source: Directory): Container {
return dag
.daggerModules()
.buildImage(source)
}publishImage() 🔗
PublishImage builds and pushes a container image to an OCI registry.
Always pushes two tags: latest and the sanitized --ref-name.
When --ref-name is a SemVer-style tag (e.g. v1.2.3), additional floating
tags v1.2 and v1 are also pushed unless --no-semver-tags is set. This
is the conventional pattern for shared-action and GitHub Action repositories.
Additional ad-hoc tags can be supplied via repeatable --extra-tag flags.
If --tests is provided, tests must pass before any push happens. The
build+test phase is delegated to BuildImage so the two functions stay in
lockstep.
Returns the digest of the ref-tagged push.
Return Type
String !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| source | Directory ! | - | Source directory containing the Dockerfile |
| registry | String ! | - | Registry address (hostname or URL — protocol prefix is stripped automatically) |
| username | String ! | - | Registry username |
| password | Secret ! | - | Registry password or token |
| repository | String ! | - | Repository path, e.g. "myuser/myrepo" or "mygroup/myrepo" |
| refName | String ! | - | Git ref name used as image tag alongside "latest" |
| dockerfile | String | "Dockerfile" | Path to the Dockerfile relative to source root |
| tests | File | - | YAML test specification file — if provided, tests must pass before pushing |
| buildArg | [String ! ] | - | Repeatable build arguments in KEY=VALUE form |
| buildSecret | [Secret ! ] | - | Repeatable build secrets |
| platform | String | - | Target platform (e.g. `linux/amd64`, `linux/arm64`) |
| target | String | - | Target build stage in a multi-stage Dockerfile |
| extraTag | [String ! ] | - | Repeatable extra tags to push in addition to `latest` |
| noSemverTags | Boolean | - | Disable automatic SemVer floating-tag derivation (vMAJOR, vMAJOR.MINOR) |
| root | Directory | - | Root directory of the repository. Used to resolve mount paths in test specs independently of the build-context (--source). Defaults to the caller's working directory. |
Example
dagger -m git.xarif.de/base/dagger-modules@25ae1687fb911cc9f33042c2b60bc2dabf60427e call \
publish-image --source DIR_PATH --registry string --username string --password env:MYSECRET --repository string --ref-name stringfunc (m *MyModule) Example(ctx context.Context, source *dagger.Directory, registry string, username string, password *dagger.Secret, repository string, refName string) string {
return dag.
DaggerModules().
PublishImage(ctx, source, registry, username, password, repository, refName)
}@function
async def example(source: dagger.Directory, registry: str, username: str, password: dagger.Secret, repository: str, ref_name: str) -> str:
return await (
dag.dagger_modules()
.publish_image(source, registry, username, password, repository, ref_name)
)@func()
async example(source: Directory, registry: string, username: string, password: Secret, repository: string, refName: string): Promise<string> {
return dag
.daggerModules()
.publishImage(source, registry, username, password, repository, refName)
}verifyKustomize() 🔗
VerifyKustomize validates a Kubernetes deployment repo by checking that
vendored Helm chart caches match the versions declared in kustomization.yaml
and that kustomize build produces valid output.
When helmCharts entries are found, the function:
- verifies charts/-/ exists for each entry
- detects stale chart directories not matching any current entry
- runs kustomize build --enable-helm .
When no helmCharts entries exist, it runs plain kustomize build ..
The build runs inside the provided toolImage container, which should match the production ArgoCD CMP image for version parity.
Return Type
String !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| source | Directory ! | - | Kubernetes deployment repo root containing kustomization.yaml |
| toolImage | String | "registry.gitlab.com/xarif/docker/argocd-sops-cmp:latest" | Container image with kustomize + helm CLI tools. Must match the production ArgoCD CMP image for version parity. |
| root | Directory | - | Root directory of the repository. Accepted for forward-compatibility with future test/fixture mount support (same as build-image --root) and to allow dagger-call.sh to pass --root=. uniformly to all functions without per-function case logic. |
Example
dagger -m git.xarif.de/base/dagger-modules@25ae1687fb911cc9f33042c2b60bc2dabf60427e call \
verify-kustomize --source DIR_PATHfunc (m *MyModule) Example(ctx context.Context, source *dagger.Directory) string {
return dag.
DaggerModules().
VerifyKustomize(ctx, source)
}@function
async def example(source: dagger.Directory) -> str:
return await (
dag.dagger_modules()
.verify_kustomize(source)
)@func()
async example(source: Directory): Promise<string> {
return dag
.daggerModules()
.verifyKustomize(source)
}