diff --git a/.github/workflows/bake.yml b/.github/workflows/bake.yml index bb87fd0..ec691b1 100644 --- a/.github/workflows/bake.yml +++ b/.github/workflows/bake.yml @@ -20,6 +20,11 @@ jobs: change-triage: name: Check changed files runs-on: ubuntu-24.04 + permissions: + packages: read + env: + # renovate: datasource=github-tags depName=dagger/dagger versioning=semver + DAGGER_VERSION: 0.21.7 outputs: matrix: ${{ steps.get-matrix.outputs.matrix}} steps: @@ -28,12 +33,20 @@ jobs: with: persist-credentials: false + - name: Log in to the GitHub Container registry + uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Fetch valid targets id: get-targets uses: dagger/dagger-for-github@27b130bf0f79a7f6fbbbe0fbca6760dc9bb40a77 # v8.4.1 env: - # renovate: datasource=github-tags depName=dagger/dagger versioning=semver - DAGGER_VERSION: 0.21.7 + # Provision the engine from GHCR instead of registry.dagger.io, whose + # Fly.io-hosted front intermittently times out from GitHub runners. + _EXPERIMENTAL_DAGGER_RUNNER_HOST: docker-image://ghcr.io/dagger/engine:v${{ env.DAGGER_VERSION }} with: version: ${{ env.DAGGER_VERSION }} verb: call diff --git a/.github/workflows/bake_targets.yml b/.github/workflows/bake_targets.yml index 1b88056..9cbecb5 100644 --- a/.github/workflows/bake_targets.yml +++ b/.github/workflows/bake_targets.yml @@ -126,6 +126,13 @@ jobs: with: persist-credentials: false + - name: Log in to the GitHub Container registry + uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Install Task uses: go-task/setup-task@01a4adf9db2d14c1de7a560f09170b6e0df736aa # v2.1.0 diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 7d0e778..a8edb89 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -21,6 +21,11 @@ jobs: unit-test: name: Go unit tests runs-on: ubuntu-24.04 + permissions: + packages: read + env: + # renovate: datasource=github-tags depName=dagger/dagger versioning=semver + DAGGER_VERSION: 0.21.7 steps: - name: Checkout uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 @@ -33,11 +38,19 @@ jobs: go-version-file: dagger/maintenance/go.mod cache-dependency-path: dagger/maintenance/go.sum + - name: Log in to the GitHub Container registry + uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Generate the Dagger client uses: dagger/dagger-for-github@27b130bf0f79a7f6fbbbe0fbca6760dc9bb40a77 # v8.4.1 env: - # renovate: datasource=github-tags depName=dagger/dagger versioning=semver - DAGGER_VERSION: 0.21.7 + # Provision the engine from GHCR instead of registry.dagger.io, whose + # Fly.io-hosted front intermittently times out from GitHub runners. + _EXPERIMENTAL_DAGGER_RUNNER_HOST: docker-image://ghcr.io/dagger/engine:v${{ env.DAGGER_VERSION }} with: version: ${{ env.DAGGER_VERSION }} verb: develop diff --git a/.github/workflows/update-catalogs.yml b/.github/workflows/update-catalogs.yml index ed63e0d..36c4613 100644 --- a/.github/workflows/update-catalogs.yml +++ b/.github/workflows/update-catalogs.yml @@ -18,8 +18,12 @@ jobs: update-catalogs: name: Updating catalogs runs-on: ubuntu-24.04 + env: + # renovate: datasource=github-tags depName=dagger/dagger versioning=semver + DAGGER_VERSION: 0.21.7 permissions: id-token: write + packages: read steps: - name: Checkout uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7 @@ -34,12 +38,20 @@ jobs: token: ${{ secrets.REPO_GHA_PAT }} ref: main + - name: Log in to the GitHub Container registry + uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Update catalogs id: update-extension-catalogs uses: dagger/dagger-for-github@27b130bf0f79a7f6fbbbe0fbca6760dc9bb40a77 # v8.4.1 env: - # renovate: datasource=github-tags depName=dagger/dagger versioning=semver - DAGGER_VERSION: 0.21.7 + # Provision the engine from GHCR instead of registry.dagger.io, whose + # Fly.io-hosted front intermittently times out from GitHub runners. + _EXPERIMENTAL_DAGGER_RUNNER_HOST: docker-image://ghcr.io/dagger/engine:v${{ env.DAGGER_VERSION }} with: version: ${{ env.DAGGER_VERSION }} verb: call diff --git a/.github/workflows/update_os_libraries.yml b/.github/workflows/update_os_libraries.yml index a572098..ea697a4 100644 --- a/.github/workflows/update_os_libraries.yml +++ b/.github/workflows/update_os_libraries.yml @@ -15,6 +15,11 @@ jobs: fetch-extensions: name: Fetch target extensions runs-on: ubuntu-24.04 + permissions: + packages: read + env: + # renovate: datasource=github-tags depName=dagger/dagger versioning=semver + DAGGER_VERSION: 0.21.7 outputs: extensions: ${{ steps.get-extensions.outputs.extensions }} steps: @@ -23,12 +28,20 @@ jobs: with: persist-credentials: false + - name: Log in to the GitHub Container registry + uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Fetch extensions id: get-extensions-dagger uses: dagger/dagger-for-github@27b130bf0f79a7f6fbbbe0fbca6760dc9bb40a77 # v8.4.1 env: - # renovate: datasource=github-tags depName=dagger/dagger versioning=semver - DAGGER_VERSION: 0.21.7 + # Provision the engine from GHCR instead of registry.dagger.io, whose + # Fly.io-hosted front intermittently times out from GitHub runners. + _EXPERIMENTAL_DAGGER_RUNNER_HOST: docker-image://ghcr.io/dagger/engine:v${{ env.DAGGER_VERSION }} with: version: ${{ env.DAGGER_VERSION }} verb: call @@ -46,6 +59,11 @@ jobs: update-extension-os-libs: name: Update OS libs for ${{ matrix.extension }} runs-on: ubuntu-24.04 + permissions: + packages: read + env: + # renovate: datasource=github-tags depName=dagger/dagger versioning=semver + DAGGER_VERSION: 0.21.7 needs: - fetch-extensions strategy: @@ -65,8 +83,9 @@ jobs: - name: Update OS libs for ${{ matrix.extension }} uses: dagger/dagger-for-github@27b130bf0f79a7f6fbbbe0fbca6760dc9bb40a77 # v8.4.1 env: - # renovate: datasource=github-tags depName=dagger/dagger versioning=semver - DAGGER_VERSION: 0.21.7 + # Provision the engine from GHCR instead of registry.dagger.io, whose + # Fly.io-hosted front intermittently times out from GitHub runners. + _EXPERIMENTAL_DAGGER_RUNNER_HOST: docker-image://ghcr.io/dagger/engine:v${{ env.DAGGER_VERSION }} with: version: ${{ env.DAGGER_VERSION }} verb: call diff --git a/Taskfile.yml b/Taskfile.yml index 7ee1558..1116a12 100644 --- a/Taskfile.yml +++ b/Taskfile.yml @@ -211,7 +211,7 @@ tasks: cmds: - > docker run -d -v /var/lib/dagger --name {{ .DAGGER_ENGINE_NAME }} --restart always --network {{ .E2E_NETWORK }} - --privileged registry.dagger.io/engine:{{ .DAGGER_ENGINE_VERSION }} + --privileged ghcr.io/dagger/engine:{{ .DAGGER_ENGINE_VERSION }} status: - test "$(docker inspect -f {{`'{{json .State.Running}}'`}} {{ .DAGGER_ENGINE_NAME }})" == "true"