guettli/sharedinbox
1
0
Fork 0
Code Issues 21 Pull Requests 6 Actions Packages Projects Releases Wiki Activity

ci: optimize Dagger pipeline and document stunnel connection

Browse Source
This commit is contained in:
GuettliBot2
2026-05-17 00:02:41 +02:00
parent a2954ae812
commit 5ff994b9d0
6 changed files with 123 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.daggerignore
+61 -6
View File
@@ -1,20 +1,75 @@
.git/
.git .git
.local/
.local .local
.cache/
.cache .cache
.config/
.config .config
.atuin/
.atuin .atuin
.direnv/
.direnv .direnv
.gemini/
.gemini .gemini
.rustup/
.rustup .rustup
.ssh/
.ssh
.vscode/
.vscode
.vscode-server/
.vscode-server
.copilot/
.copilot
.dartServer/
.dartServer
.dart_tool/
.dart_tool
.dart-tool/
.dart-tool
.flutter/
.flutter
.pub-cache/
.pub-cache
fvm/
fvm
snap/
snap snap
node_modules/
node_modules node_modules
build/
build build
android/.gradle android/.gradle/
.gradle/
.gradle .gradle
Android/
Android Android
.android/
.android .android
ios/Pods ios/Pods/
macos/Pods macos/Pods/
linux/flutter/ephemeral linux/flutter/ephemeral/
website/public website/public/
website/resources website/resources/
*.log
run*.log
test_results.txt
test_output.txt
md5_*.txt
IGNORE_ME
.env
.envrc
.gitconfig
.lesshst
.tmux.conf
.wget-hsts
.zcompdump
.zshrc
.bash_logout
.bashrc
.profile
.nix-profile
.flutter-plugins-dependencies
.dart-cli-completion/
.dart-cli-completion
.forgejo/workflows/ci.yml
+3 -3
View File
@@ -22,7 +22,7 @@ jobs:
echo "experimental-features = nix-command flakes" >> ~/.config/nix/nix.conf echo "experimental-features = nix-command flakes" >> ~/.config/nix/nix.conf
- name: Run Full Check Suite - name: Run Full Check Suite
run: nix develop --no-warn-dirty --command dagger call -m ci check --source . run: nix develop --no-warn-dirty --command dagger call --progress=plain -m ci check --source .
build-linux: build-linux:
name: Build Linux Release name: Build Linux Release
@@ -41,7 +41,7 @@ jobs:
echo "experimental-features = nix-command flakes" >> ~/.config/nix/nix.conf echo "experimental-features = nix-command flakes" >> ~/.config/nix/nix.conf
- name: Build Linux - name: Build Linux
run: nix develop --no-warn-dirty --command dagger call -m ci build-linux-release --source . -o build/linux/x64/release/bundle run: nix develop --no-warn-dirty --command dagger call --progress=plain -m ci build-linux-release --source . -o build/linux/x64/release/bundle
- name: Set up SSH key - name: Set up SSH key
continue-on-error: true continue-on-error: true
@@ -106,7 +106,7 @@ jobs:
ANDROID_KEYSTORE_PASSWORD: ${{ secrets.ANDROID_KEYSTORE_PASSWORD }} ANDROID_KEYSTORE_PASSWORD: ${{ secrets.ANDROID_KEYSTORE_PASSWORD }}
PLAY_STORE_CONFIG_JSON: ${{ secrets.PLAY_STORE_CONFIG_JSON }} PLAY_STORE_CONFIG_JSON: ${{ secrets.PLAY_STORE_CONFIG_JSON }}
run: | run: |
nix develop --no-warn-dirty --command dagger call -m ci build-android-release --source . -o build/app/outputs/bundle/release/app-release.aab nix develop --no-warn-dirty --command dagger call --progress=plain -m ci build-android-release --source . -o build/app/outputs/bundle/release/app-release.aab
nix develop --no-warn-dirty --command task deploy-android-bundle # Still use task for deployment script if it's easier for now nix develop --no-warn-dirty --command task deploy-android-bundle # Still use task for deployment script if it's easier for now
- name: Set up SSH key - name: Set up SSH key
DAGGER.md
+2 -2
View File
@@ -58,10 +58,10 @@ _DAGGER_RUNNER_HOST=tcp://127.0.0.1:8080
``` ```
### Usage ### Usage
Once the environment is set up, you can run the Dagger pipeline: Once the environment is set up, you can run the Dagger pipeline. For non-interactive environments (CI, LLMs), use `--progress=plain` for readable logs:
```bash ```bash
nix develop --command dagger call -m ci check --source . nix develop --command dagger call --progress=plain -m ci check --source .
``` ```
## CI Integration (Codeberg/Forgejo) ## CI Integration (Codeberg/Forgejo)
assets/.keep
View File
ci/main.go
+12 -7
View File
@@ -11,14 +11,22 @@ type Ci struct{}
// Base container with all dependencies for Flutter and Linux builds // Base container with all dependencies for Flutter and Linux builds
func (m *Ci) Base(source *dagger.Directory) *dagger.Container { func (m *Ci) Base(source *dagger.Directory) *dagger.Container {
return dag.Container(). return dag.Container().
From("ghcr.io/cirruslabs/flutter:3.22.2"). From("ghcr.io/cirruslabs/flutter:3.41.6").
WithExec([]string{"apt-get", "update"}). WithExec([]string{"apt-get", "update"}).
WithExec([]string{"apt-get", "install", "-y", WithExec([]string{"apt-get", "install", "-y",
"clang", "cmake", "ninja-build", "pkg-config", "clang", "cmake", "ninja-build", "pkg-config",
"libgtk-3-dev", "liblzma-dev", "libsecret-1-dev", "libgtk-3-dev", "liblzma-dev", "libsecret-1-dev",
"libgcrypt20-dev", "libjson-cpp-dev", "sqlite3", "curl", "python3"}). "libgcrypt20-dev", "libjsoncpp-dev", "sqlite3", "curl", "python3"}).
WithMountedCache("/root/.pub-cache", dag.CacheVolume("flutter-pub-cache")).
WithMountedCache("/root/.gradle", dag.CacheVolume("gradle-cache")).
WithEnvVariable("PUB_CACHE", "/root/.pub-cache").
WithDirectory("/src", source, dagger.ContainerWithDirectoryOpts{ WithDirectory("/src", source, dagger.ContainerWithDirectoryOpts{
Exclude: []string{".git", ".local", ".cache", "build", "ci", ".daggerignore"}, Exclude: []string{
"**/.*", ".*",
"build", "node_modules", "snap", "fvm", "Android", "ios/Pods", "macos/Pods",
"linux/flutter/ephemeral", "website/public", "website/resources",
"ci", "test_output.txt", "run*.log", "**/*.log", "stat_*.txt", "md5_*.txt",
},
}). }).
WithWorkdir("/src") WithWorkdir("/src")
} }
@@ -32,9 +40,6 @@ func (m *Ci) Setup(source *dagger.Directory) *dagger.Container {
// Run hygiene check // Run hygiene check
func (m *Ci) CheckHygiene(ctx context.Context, source *dagger.Directory) (string, error) { func (m *Ci) CheckHygiene(ctx context.Context, source *dagger.Directory) (string, error) {
// Note: We don't have .git in the container, so we check the files provided in the directory.
// But check-hygiene in Taskfile uses 'git ls-files'.
// For now, we'll just check if these directories exist in the provided source.
return m.Base(source). return m.Base(source).
WithExec([]string{"/bin/bash", "-c", "FORBIDDEN=\".ssh .bashrc .config .local .cache .gitconfig .android Android .gradle .pub-cache .dartServer .flutter .dart-cli-completion .atuin .bash_logout .profile .zcompdump .zshrc snap .emulator_console_auth_token .lesshst .metadata .tmux.conf\"; for f in $FORBIDDEN; do if [ -e \"$f\" ]; then echo \"ERROR: Forbidden file/dir found in source: $f\"; exit 1; fi; done; echo \"Hygiene check passed.\""}). WithExec([]string{"/bin/bash", "-c", "FORBIDDEN=\".ssh .bashrc .config .local .cache .gitconfig .android Android .gradle .pub-cache .dartServer .flutter .dart-cli-completion .atuin .bash_logout .profile .zcompdump .zshrc snap .emulator_console_auth_token .lesshst .metadata .tmux.conf\"; for f in $FORBIDDEN; do if [ -e \"$f\" ]; then echo \"ERROR: Forbidden file/dir found in source: $f\"; exit 1; fi; done; echo \"Hygiene check passed.\""}).
Stdout(ctx) Stdout(ctx)
@@ -66,7 +71,7 @@ func (m *Ci) Check(ctx context.Context, source *dagger.Directory) (string, error
} }
// Run tests // Run tests
test, err := setup.WithExec([]string{"flutter", "test"}).Stdout(ctx) test, err := setup.WithExec([]string{"flutter", "test", "test/unit"}).Stdout(ctx)
if err != nil { if err != nil {
return test, err return test, err
} }
codeberg-runner/README.md
+45
View File
@@ -3,3 +3,48 @@
Installed like explained here: Installed like explained here:
https://forgejo.org/docs/next/admin/actions/installation/binary/ https://forgejo.org/docs/next/admin/actions/installation/binary/
## Connecting to Dagger (via stunnel)
Dagger is running on the host machine and exported via stunnel on port 8774. The runner connects to it using a local stunnel client.
The following TLS secrets must be configured as environment variables in Codeberg:
- `DAGGER_CLIENT_CERT`: Content of `client.crt`
- `DAGGER_CLIENT_KEY`: Content of `client.key`
- `DAGGER_CA_CERT`: Content of `ca.crt`
### Setup Script
This snippet can be used in a CI job to establish the connection:
```bash
# Write TLS files from environment variables
mkdir -p /etc/dagger/tls
echo "$DAGGER_CLIENT_CERT" > /etc/dagger/tls/client.crt
echo "$DAGGER_CLIENT_KEY" > /etc/dagger/tls/client.key
echo "$DAGGER_CA_CERT" > /etc/dagger/tls/ca.crt
# Create stunnel configuration
cat > /tmp/dagger-client.conf << EOF
foreground = yes
pid =
[dagger]
client = yes
accept = 127.0.0.1:1774
connect = <server-ip>:8774
cert = /etc/dagger/tls/client.crt
key = /etc/dagger/tls/client.key
CAfile = /etc/dagger/tls/ca.crt
verify = 2
EOF
# Start stunnel in the background
stunnel /tmp/dagger-client.conf &
# Configure Dagger to use the tunnel
export _EXPERIMENTAL_DAGGER_RUNNER_HOST=tcp://127.0.0.1:1774
dagger version
```
Note: Replace `<server-ip>` with the actual IP address of the machine running Dagger.