From be088d66312d456ad0a08a3f09fb971d1207f30c Mon Sep 17 00:00:00 2001 From: Javier Rodriguez Date: Wed, 10 Jun 2026 13:29:29 +0200 Subject: [PATCH 1/2] feat(dagger): expose mark-latest as a tri-state enum on attestation init Add a MarkLatest enum (ON_CREATE, TRUE, FALSE) to the Dagger module's Init so callers can control "latest" promotion. It is modelled as an enum rather than *bool because the Dagger v0.19.11 SDK collapses *bool parameters to bool and drops the false value before it reaches the wire, making the skip-promotion state unreachable. Assisted-by: Claude Code Signed-off-by: Javier Rodriguez Chainloop-Trace-Sessions: a7b993f3-ce9f-4dc0-a3a1-9ac34df533b8 --- extras/dagger/README.md | 18 ++++++++++++++++++ extras/dagger/main.go | 36 ++++++++++++++++++++++++++++++++++++ 2 files changed, 54 insertions(+) diff --git a/extras/dagger/README.md b/extras/dagger/README.md index 678d0f02f..0dab51313 100644 --- a/extras/dagger/README.md +++ b/extras/dagger/README.md @@ -76,6 +76,24 @@ dagger call -m github.com/chainloop-dev/chainloop \ --contract-name my-existing-contract \ # optional flag to specify an existing contract that will be used during the creation of a workflow ``` +##### Controlling "latest" promotion + +The optional `--mark-latest` flag controls whether the project version is promoted to `latest`. It is an enum with three values: + +- `ON_CREATE` (default): newly created versions become `latest`; existing/pre-release versions are left unchanged. +- `TRUE`: force-promote a pre-release version to `latest`. +- `FALSE`: skip `latest` promotion entirely, even for newly created versions. + +```sh +dagger call -m github.com/chainloop-dev/chainloop \ + init \ + --token env:CHAINLOOP_TOKEN \ + --workflow-name the-name-of-the-workflow \ + --project-name the-name-of-the-project \ + --version 1.0.0 \ + --mark-latest FALSE # create the version without promoting it to latest +``` + #### 2 - Get the status ([docs](https://docs.chainloop.dev/getting-started/attestation-crafting#inspecting-the-crafting-status)) Resuming a previous attestation diff --git a/extras/dagger/main.go b/extras/dagger/main.go index d6db9794f..da6be72f0 100644 --- a/extras/dagger/main.go +++ b/extras/dagger/main.go @@ -156,6 +156,12 @@ func (m *Chainloop) Init( // mark the version as release // +optional release bool, + // Control whether this project version is promoted to "latest". + // ON_CREATE (default): new versions become latest, existing ones are untouched. + // TRUE: force-promote a pre-release version. FALSE: skip promotion entirely. + // +optional + // +default="ON_CREATE" + markLatest MarkLatest, // Github event file for PR detection (when running in Github Actions) // +optional githubEventFile *dagger.File, @@ -283,6 +289,19 @@ func (m *Chainloop) Init( ) } + // Map the tri-state enum onto the CLI's --mark-latest flag. ON_CREATE omits + // the flag so the server applies its default behavior. An enum (non-empty + // string) is used instead of *bool because Dagger v0.19.11 collapses *bool + // to bool in the generated SDK and drops the false value (see PFM-6269). + switch markLatest { + case MarkLatestTrue: + args = append(args, "--mark-latest=true") + case MarkLatestFalse: + args = append(args, "--mark-latest=false") + case MarkLatestOnCreate: + // omit the flag → CLI sends no value → server applies its default + } + info, err := att. Container(0). WithExec(args, execOpts). @@ -699,6 +718,23 @@ const ( OutputFormatJSON OutputFormat = "json" ) +// MarkLatest controls whether a project version is promoted to "latest" during +// attestation init. It is modelled as an enum rather than a *bool because the +// Dagger v0.19.11 SDK collapses *bool parameters to bool and drops the false +// value before it reaches the wire, making the "skip promotion" state +// unreachable (see PFM-6269). A non-empty string survives that check. +type MarkLatest string + +const ( + // MarkLatestOnCreate keeps the server default: a newly created version + // becomes latest, while existing/pre-release versions are left unchanged. + MarkLatestOnCreate MarkLatest = "ON_CREATE" + // MarkLatestTrue force-promotes a pre-release version to latest. + MarkLatestTrue MarkLatest = "TRUE" + // MarkLatestFalse skips latest promotion, even for newly created versions. + MarkLatestFalse MarkLatest = "FALSE" +) + // Generate, sign and push the attestation to the chainloop control plane func (att *Attestation) Push( ctx context.Context, From 2174d04cfb7ee965f6776be4a2324794826a830f Mon Sep 17 00:00:00 2001 From: Javier Rodriguez Date: Wed, 10 Jun 2026 13:44:31 +0200 Subject: [PATCH 2/2] docs(dagger): clarify mark-latest FALSE never demotes an existing version mark-latest only controls promotion: FALSE prevents a newly created version from becoming latest but leaves an existing version's latest status untouched. Reword the README so the example is not read as demoting an already-latest version. Assisted-by: Claude Code Signed-off-by: Javier Rodriguez Chainloop-Trace-Sessions: a7b993f3-ce9f-4dc0-a3a1-9ac34df533b8 --- extras/dagger/README.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/extras/dagger/README.md b/extras/dagger/README.md index 0dab51313..cf6bbd0ff 100644 --- a/extras/dagger/README.md +++ b/extras/dagger/README.md @@ -80,9 +80,11 @@ dagger call -m github.com/chainloop-dev/chainloop \ The optional `--mark-latest` flag controls whether the project version is promoted to `latest`. It is an enum with three values: -- `ON_CREATE` (default): newly created versions become `latest`; existing/pre-release versions are left unchanged. +- `ON_CREATE` (default): newly created versions become `latest`; existing versions are left unchanged. - `TRUE`: force-promote a pre-release version to `latest`. -- `FALSE`: skip `latest` promotion entirely, even for newly created versions. +- `FALSE`: do not promote the version to `latest`. + +`TRUE` and `FALSE` only affect promotion: they never demote a version that is already `latest`. In particular, `FALSE` prevents a newly created version from becoming `latest`, but it has no effect on an existing version (its `latest` status is left untouched). ```sh dagger call -m github.com/chainloop-dev/chainloop \ @@ -91,7 +93,7 @@ dagger call -m github.com/chainloop-dev/chainloop \ --workflow-name the-name-of-the-workflow \ --project-name the-name-of-the-project \ --version 1.0.0 \ - --mark-latest FALSE # create the version without promoting it to latest + --mark-latest FALSE # create the new version 1.0.0 without making it latest ``` #### 2 - Get the status ([docs](https://docs.chainloop.dev/getting-started/attestation-crafting#inspecting-the-crafting-status))