eblume/blumeops
1
1
Fork 0
Code Issues Pull requests Projects Releases 83 Packages Wiki Activity Actions
blumeops/docs/reference/tools/dagger.md
Erich Blume 779b7d6709 Eliminate double towncrier run in release workflow (#199) 
## Summary

- Added a new `build_quartz` Dagger function that builds the Quartz site from a pre-processed source tree (no towncrier)
- Reordered the release workflow so towncrier runs **once** on the runner, then passes the updated working tree to `build-quartz`
- `build_docs` and `build_changelog` are preserved for standalone use — `build_docs` now delegates to `build_quartz` internally

## Motivation

Previously towncrier ran twice per release: once inside a Dagger container (via `build_docs` → `build_changelog`) and once on the runner to capture CHANGELOG.md changes for the git commit. This was wasteful and fragile — if towncrier behavior changed, the two runs could produce different results.

## Test plan

- [ ] Review diff to confirm workflow step ordering is correct
- [ ] Trigger a release and confirm towncrier runs only once
- [ ] Verify the docs tarball contains the updated CHANGELOG.md
- [ ] `dagger call build-quartz --src=. --version=vX.Y.Z` should work standalone

Reviewed-on: https://forge.ops.eblu.me/eblume/blumeops/pulls/199
2026-02-16 21:24:34 -08:00

2.3 KiB
Raw Blame History

title modified tags
Dagger 2026-02-12
reference
ci-cd
dagger

Dagger

Build engine for BlumeOps CI/CD pipelines. Replaces shell-based build scripts with Python functions that run identically locally and in CI.

Quick Reference

Property Value
Module blumeops-ci
Engine Version v0.19.11
SDK Python
Source .dagger/src/blumeops_ci/main.py
Config dagger.json

Functions

Function Signature Description
build (src, container_name) → Container Build a container from containers/<name>/Dockerfile
publish (src, container_name, version, registry?) → str Build and push to registry (default: registry.ops.eblu.me)
build_docs (src, version) → File Build Quartz docs site, return docs tarball

CLI Examples

# Build a container
dagger call build --src=. --container-name=devpi

# Drop into container shell for inspection
dagger call build --src=. --container-name=devpi terminal

# Debug a failure interactively
dagger call --interactive build --src=. --container-name=devpi

# Publish a container to zot
dagger call publish --src=. --container-name=devpi --version=v1.1.0

# Build docs tarball locally
dagger call build-docs --src=. --version=dev export --path=./docs-dev.tar.gz

# Debug a docs build failure
dagger call --interactive build-docs --src=. --version=dev

Secrets

Dagger has a first-class Secret type — values are never logged or cached. Pass secrets from environment variables using the env:VAR syntax:

dagger call release-docs \
  --src=. --version=v1.6.0 \
  --forgejo-token=env:FORGEJO_TOKEN \
  --argocd-token=env:ARGOCD_TOKEN

In forgejo Actions, secrets are injected as env vars. Locally, mise tasks call op read to populate them.

Caveats

  • Pre-1.0 API — Current version is v0.19.x. Pin the CLI version and test upgrades on a branch before adopting.
  • Privileged container — The Dagger engine requires privileged container access. The Forgejo runner's DinD sidecar provides this.

Related

  • forgejo — CI/CD trigger layer
  • zot — Container registry (publish target)
  • docs — Documentation site (build target)
  • adopt-dagger-ci — Adoption plan (phases 13 complete)