diff --git a/extras/dagger/README.md b/extras/dagger/README.md index 678d0f02f..cf6bbd0ff 100644 --- a/extras/dagger/README.md +++ b/extras/dagger/README.md @@ -76,6 +76,26 @@ dagger call -m github.com/chainloop-dev/chainloop \ --contract-name my-existing-contract \ # optional flag to specify an existing contract that will be used during the creation of a workflow ``` +##### Controlling "latest" promotion + +The optional `--mark-latest` flag controls whether the project version is promoted to `latest`. It is an enum with three values: + +- `ON_CREATE` (default): newly created versions become `latest`; existing versions are left unchanged. +- `TRUE`: force-promote a pre-release version to `latest`. +- `FALSE`: do not promote the version to `latest`. + +`TRUE` and `FALSE` only affect promotion: they never demote a version that is already `latest`. In particular, `FALSE` prevents a newly created version from becoming `latest`, but it has no effect on an existing version (its `latest` status is left untouched). + +```sh +dagger call -m github.com/chainloop-dev/chainloop \ + init \ + --token env:CHAINLOOP_TOKEN \ + --workflow-name the-name-of-the-workflow \ + --project-name the-name-of-the-project \ + --version 1.0.0 \ + --mark-latest FALSE # create the new version 1.0.0 without making it latest +``` + #### 2 - Get the status ([docs](https://docs.chainloop.dev/getting-started/attestation-crafting#inspecting-the-crafting-status)) Resuming a previous attestation diff --git a/extras/dagger/main.go b/extras/dagger/main.go index d6db9794f..da6be72f0 100644 --- a/extras/dagger/main.go +++ b/extras/dagger/main.go @@ -156,6 +156,12 @@ func (m *Chainloop) Init( // mark the version as release // +optional release bool, + // Control whether this project version is promoted to "latest". + // ON_CREATE (default): new versions become latest, existing ones are untouched. + // TRUE: force-promote a pre-release version. FALSE: skip promotion entirely. + // +optional + // +default="ON_CREATE" + markLatest MarkLatest, // Github event file for PR detection (when running in Github Actions) // +optional githubEventFile *dagger.File, @@ -283,6 +289,19 @@ func (m *Chainloop) Init( ) } + // Map the tri-state enum onto the CLI's --mark-latest flag. ON_CREATE omits + // the flag so the server applies its default behavior. An enum (non-empty + // string) is used instead of *bool because Dagger v0.19.11 collapses *bool + // to bool in the generated SDK and drops the false value (see PFM-6269). + switch markLatest { + case MarkLatestTrue: + args = append(args, "--mark-latest=true") + case MarkLatestFalse: + args = append(args, "--mark-latest=false") + case MarkLatestOnCreate: + // omit the flag → CLI sends no value → server applies its default + } + info, err := att. Container(0). WithExec(args, execOpts). @@ -699,6 +718,23 @@ const ( OutputFormatJSON OutputFormat = "json" ) +// MarkLatest controls whether a project version is promoted to "latest" during +// attestation init. It is modelled as an enum rather than a *bool because the +// Dagger v0.19.11 SDK collapses *bool parameters to bool and drops the false +// value before it reaches the wire, making the "skip promotion" state +// unreachable (see PFM-6269). A non-empty string survives that check. +type MarkLatest string + +const ( + // MarkLatestOnCreate keeps the server default: a newly created version + // becomes latest, while existing/pre-release versions are left unchanged. + MarkLatestOnCreate MarkLatest = "ON_CREATE" + // MarkLatestTrue force-promotes a pre-release version to latest. + MarkLatestTrue MarkLatest = "TRUE" + // MarkLatestFalse skips latest promotion, even for newly created versions. + MarkLatestFalse MarkLatest = "FALSE" +) + // Generate, sign and push the attestation to the chainloop control plane func (att *Attestation) Push( ctx context.Context,