- This PR adds a new mount type: `docker.sock` (in addition to `cache`
and `tmp`)
- It's then able to mount the LOCAL (as in, from the machine running
dagger) docker socket inside the container by pretending to be an SSH
Agent (hijacking the SSH agent forwarding support of buildkit)
Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
Code convention: use nouns instead of verbs whenever possible.
Reasoning: One can apply just about anything to Kubernetes via this:
deployment, load balancer, RBAC policy, a custom CRD resource, etc.
Upstream those are called resources: You give `kubectl apply` one or more
manifests and it will create the corresponding resources.
Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
- `source` is now optional
- `sourceInline` renamed to `manifest`
- `kubeconfig` is a `string` rather than a `dagger.#Secret`
Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
since `.dagger` directories have a special meaning now because of gitflow,
it's better not to have a `~/.dagger` since it's not a workspace and
it confuses dagger (e.g. `dagger new` from $HOME).
We don't store state there anymore, just keys and the last version
check, so it's okay to be in ~/.config IMO
Looking at my system, in ~/.config there's `gcloud`, `gatsby`, `gh`,
`yarn`, and others so it seems like a pretty common location.
Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
This adds support for `--include` and `--exclude` for directory inputs.
For instance, this is what you would want to use when passing dagger
repository as an input:
```
inputs:
repository:
dir:
path: .
exclude:
- '**/node_modules'
- cmd/dagger/dagger
- cmd/dagger/dagger-debug
```
Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
- Secrets are never exposed in plaintext in the Cue tree. `dagger query`
won't dump secrets anymore, Cue errors won't contain them either.
- BuildKit-native secrets support through a new `mount` type. This
ensures secrets will never be part of containerd layers, buildkit
cache and generally speaking will never be saved to disk in plaintext.
- Updated netlify as an example
- Added tests
- Changed the Cue definition of a secret to:
```
@dagger(secret)
id: string
}
```
This is to ensure both that setting the wrong input type on a secret
(e.g. `dagger input text`) will fail, and attempting to misuse the
secret (e.g. interpolating, passing as an env variable, etc) will also
fail properly.
Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>
