Skip to main content

Tekton

Dagger runs dagger check as a Tekton Task, so the same checks you run locally run on every PipelineRun — while keeping all of your existing Tekton infrastructure.

tip

For checks with no pipeline YAML at all, enable Cloud Checks with dagger ws autocheck on. The Tekton Task below is the hybrid-mode alternative for when you want to drive Dagger from your existing Tekton setup.

How it works​

Tekton provides capabilities which allow you to run dagger check as a Tekton Task without needing any external configuration. This integration uses the standard architecture for Tekton and adds a Dagger Engine sidecar which gives each Tekton PipelineRun its own Dagger Engine. The Task runs dagger check against the modules installed in your workspace.

To trigger a pipeline run, you can use the Tekton CLI (tkn), or you can configure events in Tekton to run it automatically as desired.

Prerequisites​

Example​

The following example runs dagger check for a simple Go application.

Install the git-clone Task from Tekton Hub. This Task adds repository cloning capabilities to the Tekton Pipeline. Use the following command:

tkn hub install task git-clone

Define a new Tekton Pipeline as follows, in a file named git-pipeline.yaml:

git-pipeline.yaml
apiVersion: tekton.dev/v1beta1
kind: Pipeline
metadata:
  name: dagger-pipeline
spec:
  description: |
    This pipeline clones a Git repository, then runs the Dagger checks.
  params:
  - name: repo-url
    type: string
    description: The Git repository clone URL
  - name: dagger-cloud-token
    type: string
    description: The Dagger Cloud token
  workspaces:
  - name: shared-data
    description: |
      This workspace contains the cloned repository files, so they can be read by the
      next task.
  tasks:
  - name: fetch-source
    taskRef:
      name: git-clone
    workspaces:
    - name: output
      workspace: shared-data
    params:
    - name: url
      value: $(params.repo-url)
  - name: dagger
    runAfter: ["fetch-source"]
    taskRef:
      name: dagger
    workspaces:
    - name: source
      workspace: shared-data
    params:
      - name: dagger-cloud-token
        value: $(params.dagger-cloud-token)

This Pipeline references two Tasks:

  • The git-clone Task, to check out the Git repository for the project into a Tekton Workspace;
  • A custom dagger Task, to run dagger check for the project (defined below).

Define a new Tekton Task as follows, in a file named dagger-task.yaml:

dagger-task.yaml
apiVersion: tekton.dev/v1beta1
kind: Task
metadata:
  name: dagger
spec:
  description: Run Dagger checks
  workspaces:
  - name: source
  params:
    - name: dagger-cloud-token
      type: string
      description: Dagger Cloud Token
  volumes:
    - name: dagger-socket
      emptyDir: {}
    - name: dagger-storage
      emptyDir: {}
  sidecars:
    - name: dagger-engine
      # modify to use the desired Dagger version
      image: registry.dagger.io/engine:v0.21.4
      securityContext:
        privileged: true
        capabilities:
          add:
            - ALL
      readinessProbe:
        exec:
          command: ["dagger", "core", "version"]
      volumeMounts:
        - mountPath: /run/dagger
          name: dagger-socket
        - mountPath: /var/lib/dagger
          name: dagger-storage
  steps:
  # runs the checks from the modules installed in your workspace
  - name: read
    image: docker:dind
    workingDir: $(workspaces.source.path)
    script: |
      #!/usr/bin/env sh
      apk add curl
      curl -fsSL https://dl.dagger.io/dagger/install.sh | BIN_DIR=/usr/local/bin sh
      dagger check
    volumeMounts:
      - mountPath: /run/dagger
        name: dagger-socket
    env:
      - name: _EXPERIMENTAL_DAGGER_RUNNER_HOST
        value: unix:///run/dagger/engine.sock
      - name: DAGGER_CLOUD_TOKEN
        valueFrom:
          secretKeyRef:
            name: $(params.dagger-cloud-token)
            key: "token"

This Tekton Task installs the Dagger CLI and runs dagger check against the modules installed in your workspace (which was checked out in the previous Tekton Pipeline).

In this Tekton Task, the Dagger Engine runs as a sidecar and shares a socket with the Task itself. The Task uses dind as its runtime in order to have Docker available.

Define a new Tekton PipelineRun as follows, in a file named git-pipeline-run.yaml:

git-pipeline-run.yaml
apiVersion: tekton.dev/v1beta1
kind: PipelineRun
metadata:
  generateName: clone-read-run-
spec:
  pipelineRef:
    name: dagger-pipeline
  podTemplate:
    securityContext:
      fsGroup: 65532
  workspaces:
  - name: shared-data
    volumeClaimTemplate:
      spec:
        accessModes:
        - ReadWriteOnce
        resources:
          requests:
            storage: 1Gi
  params:
  - name: repo-url
    # replace with your repository URL
    value: https://github.com/kpenfound/greetings-api.git
  - name: dagger-cloud-token
    value: YOUR_DAGGER_CLOUD_TOKEN_HERE

This PipelineRun corresponds to the Tekton Pipeline created previously. It executes the Tekton Pipeline with a given set of input parameters: the Git repository URL and an optional Dagger Cloud token.

To apply the configuration and run the Tekton Pipeline, use the following commands:

kubectl apply -f dagger-task.yaml
kubectl apply -f git-pipeline-yaml
kubectl create -f git-pipeline-run.yaml

To see the logs from the PipelineRun, obtain the PipelineRun name from the output and run tkn pipelinerun logs clone-read-run-<id> -f.

Resources​

If you have any questions about additional ways to use Tekton with Dagger, join our Discord and ask your questions in our Kubernetes channel.

About Tekton​

Tekton is a Kubernetes-based framework for creating, managing and running CI/CD pipelines.