dagger-modules
container images, and for verifying Kubernetes deployment repos.Installation
dagger install git.xarif.de/base/dagger-modules@9567dfd334637faa013c777f0e0968b79ff802b5Entrypoint
Return Type
DaggerModulesExample
dagger -m git.xarif.de/base/dagger-modules@9567dfd334637faa013c777f0e0968b79ff802b5 call \
func (m *MyModule) Example() *dagger.DaggerModules {
return dag.
DaggerModules()
}@function
def example() -> dagger.DaggerModules:
return (
dag.dagger_modules()
)@func()
example(): DaggerModules {
return dag
.daggerModules()
}Types
DaggerModules 🔗
DaggerModules is the main entry point for the Dagger module.
buildImage() 🔗
BuildImage builds a container from a Dockerfile in the given source directory and, optionally, runs a YAML-defined test suite against the freshly-built container before returning it.
When --tests is omitted, the build is pure (no execution) and returns the
container lazily. When --tests is supplied, tests are executed eagerly and
any failure short-circuits the call with an error.
PublishImage delegates to this function; there is no separate TestImage.
Return Type
Container !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| source | Directory ! | - | Source directory containing the Dockerfile |
| dockerfile | String | "Dockerfile" | Path to the Dockerfile relative to source root |
| buildArg | [String ! ] | - | Repeatable build arguments in KEY=VALUE form (e.g. `--build-arg=VERSION=1.2.3`) |
| buildSecret | [Secret ! ] | - | Repeatable build secrets, each provided as a Dagger secret. Inside the Dockerfile, mount as `RUN --mount=type=secret,id=<secret-name> ...`. The secret's Dagger name (set via `--build-secret=name:env://VAR`) is used as the secret id. |
| platform | String | - | Target platform (e.g. `linux/amd64`, `linux/arm64`). Defaults to engine native. |
| target | String | - | Target build stage in a multi-stage Dockerfile. |
| tests | File | - | YAML test specification file. When provided, tests are executed against the built container and any failure aborts the call. |
| root | Directory | - | Root directory of the repository. Used to resolve mount paths in test specs independently of the build-context (--source). Defaults to the caller's working directory. |
Example
dagger -m git.xarif.de/base/dagger-modules@9567dfd334637faa013c777f0e0968b79ff802b5 call \
build-image --source DIR_PATHfunc (m *MyModule) Example(source *dagger.Directory) *dagger.Container {
return dag.
DaggerModules().
BuildImage(source)
}@function
def example(source: dagger.Directory) -> dagger.Container:
return (
dag.dagger_modules()
.build_image(source)
)@func()
example(source: Directory): Container {
return dag
.daggerModules()
.buildImage(source)
}publishImage() 🔗
PublishImage builds and pushes a container image to an OCI registry.
Always pushes two tags: latest and the sanitized --ref-name.
When --ref-name is a SemVer-style tag (e.g. v1.2.3), additional floating
tags v1.2 and v1 are also pushed unless --no-semver-tags is set. This
is the conventional pattern for shared-action and GitHub Action repositories.
Additional ad-hoc tags can be supplied via repeatable --extra-tag flags.
If --tests is provided, tests must pass before any push happens. The
build+test phase is delegated to BuildImage so the two functions stay in
lockstep.
Returns the digest of the ref-tagged push.
Return Type
String !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| source | Directory ! | - | Source directory containing the Dockerfile |
| registry | String ! | - | Registry address (hostname or URL — protocol prefix is stripped automatically) |
| username | String ! | - | Registry username |
| password | Secret ! | - | Registry password or token |
| repository | String ! | - | Repository path, e.g. "myuser/myrepo" or "mygroup/myrepo" |
| refName | String ! | - | Git ref name used as image tag alongside "latest" |
| dockerfile | String | "Dockerfile" | Path to the Dockerfile relative to source root |
| tests | File | - | YAML test specification file — if provided, tests must pass before pushing |
| buildArg | [String ! ] | - | Repeatable build arguments in KEY=VALUE form |
| buildSecret | [Secret ! ] | - | Repeatable build secrets |
| platform | String | - | Target platform (e.g. `linux/amd64`, `linux/arm64`) |
| target | String | - | Target build stage in a multi-stage Dockerfile |
| extraTag | [String ! ] | - | Repeatable extra tags to push in addition to `latest` |
| noSemverTags | Boolean | - | Disable automatic SemVer floating-tag derivation (vMAJOR, vMAJOR.MINOR) |
| root | Directory | - | Root directory of the repository. Used to resolve mount paths in test specs independently of the build-context (--source). Defaults to the caller's working directory. |
Example
dagger -m git.xarif.de/base/dagger-modules@9567dfd334637faa013c777f0e0968b79ff802b5 call \
publish-image --source DIR_PATH --registry string --username string --password env:MYSECRET --repository string --ref-name stringfunc (m *MyModule) Example(ctx context.Context, source *dagger.Directory, registry string, username string, password *dagger.Secret, repository string, refName string) string {
return dag.
DaggerModules().
PublishImage(ctx, source, registry, username, password, repository, refName)
}@function
async def example(source: dagger.Directory, registry: str, username: str, password: dagger.Secret, repository: str, ref_name: str) -> str:
return await (
dag.dagger_modules()
.publish_image(source, registry, username, password, repository, ref_name)
)@func()
async example(source: Directory, registry: string, username: string, password: Secret, repository: string, refName: string): Promise<string> {
return dag
.daggerModules()
.publishImage(source, registry, username, password, repository, refName)
}verifyKustomize() 🔗
VerifyKustomize validates a Kubernetes deployment repo by checking that
vendored Helm chart caches match the versions declared in kustomization.yaml
and that kustomize build produces valid output.
When helmCharts entries are found, the function:
- verifies charts/-/ exists for each entry
- detects stale chart directories not matching any current entry
- runs kustomize build --enable-helm .
When no helmCharts entries exist, it runs plain kustomize build ..
The build runs inside the provided toolImage container, which should match the production ArgoCD CMP image for version parity.
Return Type
String !Arguments
| Name | Type | Default Value | Description |
|---|---|---|---|
| source | Directory ! | - | Kubernetes deployment repo root containing kustomization.yaml |
| toolImage | String | "registry.gitlab.com/xarif/docker/argocd-sops-cmp:latest" | Container image with kustomize + helm CLI tools. Must match the production ArgoCD CMP image for version parity. |
Example
dagger -m git.xarif.de/base/dagger-modules@9567dfd334637faa013c777f0e0968b79ff802b5 call \
verify-kustomize --source DIR_PATHfunc (m *MyModule) Example(ctx context.Context, source *dagger.Directory) string {
return dag.
DaggerModules().
VerifyKustomize(ctx, source)
}@function
async def example(source: dagger.Directory) -> str:
return await (
dag.dagger_modules()
.verify_kustomize(source)
)@func()
async example(source: Directory): Promise<string> {
return dag
.daggerModules()
.verifyKustomize(source)
}