Skip to content

feat: Dagger module for local development#20

Open
MChorfa wants to merge 2 commits intoanthropics:mainfrom
MChorfa:feat/dagger-dev-experience
Open

feat: Dagger module for local development#20
MChorfa wants to merge 2 commits intoanthropics:mainfrom
MChorfa:feat/dagger-dev-experience

Conversation

@MChorfa
Copy link
Copy Markdown

@MChorfa MChorfa commented Apr 9, 2026

Adds minimal Dagger functions for local dev (build, test, lint). Complements existing CI without replacing it.

@MChorfa MChorfa requested a review from a team as a code owner April 9, 2026 02:39
This was referenced Apr 9, 2026
Closed
Closed
Closed
@MChorfa MChorfa force-pushed the feat/dagger-dev-experience branch from 971f055 to 054d293 Compare May 1, 2026 22:24
@MChorfa
Copy link
Copy Markdown
Author

MChorfa commented May 1, 2026
edited
Loading

Major Improvements to Dagger Module

This PR has been significantly enhanced from the original basic implementation:

What is new:

Caching & Performance:

  • Added Go module cache (/go/pkg/mod) and build cache (/go/build-cache) for faster incremental builds
  • Reduced container startup time across all operations

Artifact Outputs (not just stdout):

  • All functions now return proper *dagger.Directory / *dagger.File artifacts instead of string output
  • Enables downstream pipeline composition and artifact export

Cross-Platform Builds:

  • BuildForPlatform(os, arch) - Build for linux/darwin/windows × amd64/arm64
  • Supports reproducible cross-compilation with version injection via ldflags

Security & Supply Chain:

  • VulnScan() - Runs govulncheck for vulnerability scanning
  • SBOM(format) - Generates CycloneDX/SPDX SBOMs using Syft
  • Provenance(os, arch) - Generates SHA256 checksums for binary provenance
  • These align with SLSA Level 4+ and evidence-native engineering principles

Linting:

  • Lint() now uses golangci-lint with structured JSON output instead of raw shell script

Complete Pipeline:

  • All() - Runs the full CI suite: tests, build, lint, vuln-scan, and SBOM generation in one call

Technical Updates:

  • Updated Dagger SDK from v0.19.11 to v0.20.6
  • Aligned Go version with project (1.25)
  • Updated engine version in dagger.json

Ready for review! 🚀

Mohamed Chorfa added 2 commits May 1, 2026 19:13
feat: add Dagger module for local development experience
2ce9843 
Adds dagger functions for local dev (not CI replacement):

- Build: Run go build in clean container

- Test: Run test suite with proper env setup

- Lint: Run lint script in containerized environment

This complements the existing GitHub Actions CI/CD by providing

reproducible local development workflows.
feat(dagger): comprehensive improvements for local dev and CI
5e74f83 
Major enhancements to the Dagger module:

- Updated to Dagger SDK v0.18.2 with proper go.mod alignment
- Added Go module and build cache for faster incremental builds
- Functions now return artifacts (Directory/File) instead of stdout strings
- BuildForPlatform: Cross-platform builds (linux/darwin/windows, amd64/arm64)
- Test: Returns test results with coverage reports
- Lint: Uses golangci-lint with JSON output
- VulnScan: govulncheck for vulnerability scanning
- SBOM: CycloneDX/SPDX SBOM generation with syft
- Provenance: SHA256 checksums for supply chain verification
- All: Complete CI pipeline combining all checks and artifacts

These changes align with SLSA Level 4+ posture and evidence-native engineering principles.
@MChorfa MChorfa force-pushed the feat/dagger-dev-experience branch from 054d293 to 5e74f83 Compare May 1, 2026 23:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@MChorfa