diff --git a/.daggerignore b/.daggerignore index 8f692d4..682e250 100644 --- a/.daggerignore +++ b/.daggerignore @@ -1,20 +1,75 @@ +.git/ .git +.local/ .local +.cache/ .cache +.config/ .config +.atuin/ .atuin +.direnv/ .direnv +.gemini/ .gemini +.rustup/ .rustup +.ssh/ +.ssh +.vscode/ +.vscode +.vscode-server/ +.vscode-server +.copilot/ +.copilot +.dartServer/ +.dartServer +.dart_tool/ +.dart_tool +.dart-tool/ +.dart-tool +.flutter/ +.flutter +.pub-cache/ +.pub-cache +fvm/ +fvm +snap/ snap +node_modules/ node_modules +build/ build -android/.gradle +android/.gradle/ +.gradle/ .gradle +Android/ Android +.android/ .android -ios/Pods -macos/Pods -linux/flutter/ephemeral -website/public -website/resources +ios/Pods/ +macos/Pods/ +linux/flutter/ephemeral/ +website/public/ +website/resources/ +*.log +run*.log +test_results.txt +test_output.txt +md5_*.txt +IGNORE_ME +.env +.envrc +.gitconfig +.lesshst +.tmux.conf +.wget-hsts +.zcompdump +.zshrc +.bash_logout +.bashrc +.profile +.nix-profile +.flutter-plugins-dependencies +.dart-cli-completion/ +.dart-cli-completion diff --git a/.forgejo/workflows/ci.yml b/.forgejo/workflows/ci.yml index 44526d4..522f3d7 100644 --- a/.forgejo/workflows/ci.yml +++ b/.forgejo/workflows/ci.yml @@ -22,7 +22,7 @@ jobs: echo "experimental-features = nix-command flakes" >> ~/.config/nix/nix.conf - name: Run Full Check Suite - run: nix develop --no-warn-dirty --command dagger call -m ci check --source . + run: nix develop --no-warn-dirty --command dagger call --progress=plain -m ci check --source . build-linux: name: Build Linux Release @@ -41,7 +41,7 @@ jobs: echo "experimental-features = nix-command flakes" >> ~/.config/nix/nix.conf - name: Build Linux - run: nix develop --no-warn-dirty --command dagger call -m ci build-linux-release --source . -o build/linux/x64/release/bundle + run: nix develop --no-warn-dirty --command dagger call --progress=plain -m ci build-linux-release --source . -o build/linux/x64/release/bundle - name: Set up SSH key continue-on-error: true @@ -106,7 +106,7 @@ jobs: ANDROID_KEYSTORE_PASSWORD: ${{ secrets.ANDROID_KEYSTORE_PASSWORD }} PLAY_STORE_CONFIG_JSON: ${{ secrets.PLAY_STORE_CONFIG_JSON }} run: | - nix develop --no-warn-dirty --command dagger call -m ci build-android-release --source . -o build/app/outputs/bundle/release/app-release.aab + nix develop --no-warn-dirty --command dagger call --progress=plain -m ci build-android-release --source . -o build/app/outputs/bundle/release/app-release.aab nix develop --no-warn-dirty --command task deploy-android-bundle # Still use task for deployment script if it's easier for now - name: Set up SSH key diff --git a/DAGGER.md b/DAGGER.md index 3c2bd0d..6965c52 100644 --- a/DAGGER.md +++ b/DAGGER.md @@ -58,10 +58,10 @@ _DAGGER_RUNNER_HOST=tcp://127.0.0.1:8080 ``` ### Usage -Once the environment is set up, you can run the Dagger pipeline: +Once the environment is set up, you can run the Dagger pipeline. For non-interactive environments (CI, LLMs), use `--progress=plain` for readable logs: ```bash -nix develop --command dagger call -m ci check --source . +nix develop --command dagger call --progress=plain -m ci check --source . ``` ## CI Integration (Codeberg/Forgejo) diff --git a/assets/.keep b/assets/.keep new file mode 100644 index 0000000..e69de29 diff --git a/ci/main.go b/ci/main.go index 5eb0a66..2a68296 100644 --- a/ci/main.go +++ b/ci/main.go @@ -11,14 +11,22 @@ type Ci struct{} // Base container with all dependencies for Flutter and Linux builds func (m *Ci) Base(source *dagger.Directory) *dagger.Container { return dag.Container(). - From("ghcr.io/cirruslabs/flutter:3.22.2"). + From("ghcr.io/cirruslabs/flutter:3.41.6"). WithExec([]string{"apt-get", "update"}). WithExec([]string{"apt-get", "install", "-y", "clang", "cmake", "ninja-build", "pkg-config", "libgtk-3-dev", "liblzma-dev", "libsecret-1-dev", - "libgcrypt20-dev", "libjson-cpp-dev", "sqlite3", "curl", "python3"}). + "libgcrypt20-dev", "libjsoncpp-dev", "sqlite3", "curl", "python3"}). + WithMountedCache("/root/.pub-cache", dag.CacheVolume("flutter-pub-cache")). + WithMountedCache("/root/.gradle", dag.CacheVolume("gradle-cache")). + WithEnvVariable("PUB_CACHE", "/root/.pub-cache"). WithDirectory("/src", source, dagger.ContainerWithDirectoryOpts{ - Exclude: []string{".git", ".local", ".cache", "build", "ci", ".daggerignore"}, + Exclude: []string{ + "**/.*", ".*", + "build", "node_modules", "snap", "fvm", "Android", "ios/Pods", "macos/Pods", + "linux/flutter/ephemeral", "website/public", "website/resources", + "ci", "test_output.txt", "run*.log", "**/*.log", "stat_*.txt", "md5_*.txt", + }, }). WithWorkdir("/src") } @@ -32,9 +40,6 @@ func (m *Ci) Setup(source *dagger.Directory) *dagger.Container { // Run hygiene check func (m *Ci) CheckHygiene(ctx context.Context, source *dagger.Directory) (string, error) { - // Note: We don't have .git in the container, so we check the files provided in the directory. - // But check-hygiene in Taskfile uses 'git ls-files'. - // For now, we'll just check if these directories exist in the provided source. return m.Base(source). WithExec([]string{"/bin/bash", "-c", "FORBIDDEN=\".ssh .bashrc .config .local .cache .gitconfig .android Android .gradle .pub-cache .dartServer .flutter .dart-cli-completion .atuin .bash_logout .profile .zcompdump .zshrc snap .emulator_console_auth_token .lesshst .metadata .tmux.conf\"; for f in $FORBIDDEN; do if [ -e \"$f\" ]; then echo \"ERROR: Forbidden file/dir found in source: $f\"; exit 1; fi; done; echo \"Hygiene check passed.\""}). Stdout(ctx) @@ -66,7 +71,7 @@ func (m *Ci) Check(ctx context.Context, source *dagger.Directory) (string, error } // Run tests - test, err := setup.WithExec([]string{"flutter", "test"}).Stdout(ctx) + test, err := setup.WithExec([]string{"flutter", "test", "test/unit"}).Stdout(ctx) if err != nil { return test, err } diff --git a/codeberg-runner/README.md b/codeberg-runner/README.md index d423c5b..34db063 100644 --- a/codeberg-runner/README.md +++ b/codeberg-runner/README.md @@ -3,3 +3,48 @@ Installed like explained here: https://forgejo.org/docs/next/admin/actions/installation/binary/ + +## Connecting to Dagger (via stunnel) + +Dagger is running on the host machine and exported via stunnel on port 8774. The runner connects to it using a local stunnel client. + +The following TLS secrets must be configured as environment variables in Codeberg: +- `DAGGER_CLIENT_CERT`: Content of `client.crt` +- `DAGGER_CLIENT_KEY`: Content of `client.key` +- `DAGGER_CA_CERT`: Content of `ca.crt` + +### Setup Script + +This snippet can be used in a CI job to establish the connection: + +```bash +# Write TLS files from environment variables +mkdir -p /etc/dagger/tls +echo "$DAGGER_CLIENT_CERT" > /etc/dagger/tls/client.crt +echo "$DAGGER_CLIENT_KEY" > /etc/dagger/tls/client.key +echo "$DAGGER_CA_CERT" > /etc/dagger/tls/ca.crt + +# Create stunnel configuration +cat > /tmp/dagger-client.conf << EOF +foreground = yes +pid = + +[dagger] +client = yes +accept = 127.0.0.1:1774 +connect = :8774 +cert = /etc/dagger/tls/client.crt +key = /etc/dagger/tls/client.key +CAfile = /etc/dagger/tls/ca.crt +verify = 2 +EOF + +# Start stunnel in the background +stunnel /tmp/dagger-client.conf & + +# Configure Dagger to use the tunnel +export _EXPERIMENTAL_DAGGER_RUNNER_HOST=tcp://127.0.0.1:1774 +dagger version +``` + +Note: Replace `` with the actual IP address of the machine running Dagger.