diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 794ddf2..35a3589 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -53,3 +53,9 @@ repos: entry: bash -c 'cd "$(git rev-parse --show-toplevel)" && nix develop --command task check-ci-images' pass_filenames: false files: ^(ci/main\.go|\.fvmrc)$ + - id: dagger-versions-aligned + name: verify Dagger version is consistent across dagger.json, flake.nix, Dockerfile and DAGGER.md + language: system + entry: bash -c 'cd "$(git rev-parse --show-toplevel)" && scripts/check_dagger_versions.sh' + pass_filenames: false + files: ^(ci/dagger\.json|flake\.nix|\.forgejo/Dockerfile|DAGGER\.md)$ diff --git a/Taskfile.yml b/Taskfile.yml index 0cc1083..9279b97 100644 --- a/Taskfile.yml +++ b/Taskfile.yml @@ -712,6 +712,11 @@ tasks: cmds: - scripts/check_ci_images.sh + check-dagger-versions: + desc: Verify ci/dagger.json, flake.nix, .forgejo/Dockerfile and DAGGER.md pin the same Dagger version + cmds: + - scripts/check_dagger_versions.sh + _integrations: internal: true run: once diff --git a/flake.nix b/flake.nix index 03c5ec3..b512860 100644 --- a/flake.nix +++ b/flake.nix @@ -49,14 +49,16 @@ ''; }; - # The dagger/nix flake pins 0.20.8, whose Nix wrapper is a broken self-exec - # loop. Fetch 0.21.4 directly so the pre-commit dart-check hook can run. - dagger021 = pkgs.stdenv.mkDerivation { + # The dagger/nix flake's Nix wrapper is a broken self-exec loop, so we + # fetch the CLI binary directly. Keep this version in lockstep with + # ci/dagger.json (engineVersion) and .forgejo/Dockerfile (DAGGER_VERSION) — + # scripts/check_dagger_versions.sh enforces this. + daggerCli = pkgs.stdenv.mkDerivation { pname = "dagger"; - version = "0.21.4"; + version = "0.20.8"; src = pkgs.fetchurl { - url = "https://dl.dagger.io/dagger/releases/0.21.4/dagger_v0.21.4_linux_amd64.tar.gz"; - sha256 = "0wlnbr4g5069755131yjp2a6alacn64f1c8b27xn0cbynq3zicjd"; + url = "https://dl.dagger.io/dagger/releases/0.20.8/dagger_v0.20.8_linux_amd64.tar.gz"; + sha256 = "1ns6wq2z1skd2fq9lbrcali0s8kn24p3haamnjjgchg6zlv6b960"; }; sourceRoot = "."; installPhase = '' @@ -69,7 +71,7 @@ devShells.default = pkgs.mkShell { buildInputs = with pkgs; [ # Dagger CLI - dagger021 + daggerCli # Go compiler — for Dagger development go diff --git a/scripts/check_dagger_versions.sh b/scripts/check_dagger_versions.sh new file mode 100755 index 0000000..e479b77 --- /dev/null +++ b/scripts/check_dagger_versions.sh @@ -0,0 +1,49 @@ +#!/usr/bin/env bash +# Verify that the Dagger version is consistent across the project. +# +# The Dagger CLI must speak the same protocol as the engine it talks to. We +# pin the version in four places (engine image in DAGGER.md, the CLI in +# flake.nix, the CLI in the Forgejo runner Dockerfile, and the module +# engineVersion in ci/dagger.json). This script fails if any of them drift. +set -euo pipefail + +ROOT=$(git rev-parse --show-toplevel) + +# ci/dagger.json — strip leading "v" for comparison. +dagger_json=$(grep -oE '"engineVersion"[[:space:]]*:[[:space:]]*"[^"]+"' "$ROOT/ci/dagger.json" \ + | sed -E 's/.*"v?([^"]+)"$/\1/') + +# flake.nix — the dagger021 derivation's CLI download URL. +flake_nix=$(grep -oE 'dagger_v[0-9]+\.[0-9]+\.[0-9]+_linux' "$ROOT/flake.nix" \ + | head -n1 \ + | sed -E 's/dagger_v([0-9.]+)_linux/\1/') + +# .forgejo/Dockerfile — DAGGER_VERSION env on the install line. +dockerfile=$(grep -oE 'DAGGER_VERSION=[0-9]+\.[0-9]+\.[0-9]+' "$ROOT/.forgejo/Dockerfile" \ + | head -n1 \ + | cut -d= -f2) + +# DAGGER.md — engine image tag in the example systemd unit. +dagger_md=$(grep -oE 'dagger/nix/v[0-9]+\.[0-9]+\.[0-9]+' "$ROOT/DAGGER.md" \ + | head -n1 \ + | sed -E 's@.*/v@@') + +printf 'ci/dagger.json engineVersion = v%s\n' "$dagger_json" +printf 'flake.nix dagger021 = %s\n' "$flake_nix" +printf '.forgejo/Dockerf. DAGGER_VERSION= %s\n' "$dockerfile" +printf 'DAGGER.md engine tag = v%s\n' "$dagger_md" + +for v in "$flake_nix" "$dockerfile" "$dagger_md"; do + if [ -z "$v" ]; then + echo "ERROR: failed to parse a Dagger version reference." >&2 + exit 1 + fi + if [ "$v" != "$dagger_json" ]; then + echo "" >&2 + echo "ERROR: Dagger versions are out of sync." >&2 + echo " Align ci/dagger.json, flake.nix, .forgejo/Dockerfile and DAGGER.md to the same version." >&2 + exit 1 + fi +done + +echo "Dagger versions aligned (v$dagger_json)."