move alpha.dagger.io/europa to dagger.io

Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>

pkg/dagger.io/dagger/engine/exec.cue

@@ -0,0 +1,81 @@
+package engine
+
+// Execute a command in a container
+#Exec: {
+	$dagger: task: _name: "Exec"
+
+	// Container filesystem
+	input: #FS
+
+	// Transient filesystem mounts
+	//   Key is an arbitrary name, for example "app source code"
+	//   Value is mount configuration
+	mounts: [name=string]: #Mount
+
+	// Command to execute
+	// Example: ["echo", "hello, world!"]
+	args: [...string]
+
+	// Environment variables
+	env: [key=string]: string
+
+	// Working directory
+	workdir: string | *"/"
+
+	// User ID or name
+	user: string | *"root"
+
+	// If set, always execute even if the operation could be cached
+	always: true | *false
+
+	// Inject hostname resolution into the container
+	// key is hostname, value is IP
+	hosts: [hostname=string]: string
+
+	// Modified filesystem
+	output: #FS
+
+	// Command exit code
+	// Currently this field can only ever be zero.
+	// If the command fails, DAG execution is immediately terminated.
+	// FIXME: expand API to allow custom handling of failed commands
+	exit: int & 0
+}
+
+// A transient filesystem mount.
+#Mount: {
+	dest: string
+	type: string
+	{
+		type:     "cache"
+		contents: #CacheDir
+	} | {
+		type:     "tmp"
+		contents: #TempDir
+	} | {
+		type:     "service"
+		contents: #Service
+	} | {
+		type:     "fs"
+		contents: #FS
+		source?:  string
+		ro?:      true | *false
+	} | {
+		type:     "secret"
+		contents: #Secret
+		uid:      int | *0
+		gid:      int | *0
+		mask:     int | *0o400
+	}
+}
+
+// A (best effort) persistent cache dir
+#CacheDir: {
+	id:          string
+	concurrency: *"shared" | "private" | "locked"
+}
+
+// A temporary directory for command execution
+#TempDir: {
+	size: int64 | *0
+}

pkg/dagger.io/dagger/engine/fs.cue

@@ -0,0 +1,79 @@
+package engine
+
+// Create one or multiple directory in a container
+#Mkdir: {
+	$dagger: task: _name: "Mkdir"
+
+	// Container filesystem
+	input: #FS
+
+	// Path of the directory to create
+	// It can be nested (e.g : "/foo" or "/foo/bar")
+	path: string
+
+	// Permissions of the directory
+	permissions: *0o755 | int
+
+	// If set, it creates parents' directory if they do not exist
+	parents: *true | false
+
+	// Modified filesystem
+	output: #FS
+}
+
+#ReadFile: {
+	$dagger: task: _name: "ReadFile"
+
+	// Filesystem tree holding the file
+	input: #FS
+	// Path of the file to read
+	path: string
+	// Contents of the file
+	contents: string
+}
+
+// Write a file to a filesystem tree, creating it if needed
+#WriteFile: {
+	$dagger: task: _name: "WriteFile"
+
+	// Input filesystem tree
+	input: #FS
+	// Path of the file to write
+	path: string
+	// Contents to write
+	contents: string
+	// Permissions of the file
+	permissions: *0o600 | int
+	// Output filesystem tree
+	output: #FS
+}
+
+// Produce an empty directory
+#Scratch: #FS & {$dagger: fs: _id: null}
+
+// Copy files from one FS tree to another
+#Copy: {
+	$dagger: task: _name: "Copy"
+
+	input: #FS
+	#CopyInfo
+	output: #FS
+}
+
+#CopyInfo: {
+	source: {
+		root: #FS
+		path: string | *"/"
+	}
+	dest: string
+}
+
+// Merge multiple FS trees into one
+#Merge: {
+	@dagger(notimplemented)
+	$dagger: task: _name: "Merge"
+
+	input: #FS
+	layers: [...#CopyInfo]
+	output: #FS
+}

pkg/dagger.io/dagger/engine/git.cue

@@ -0,0 +1,30 @@
+package engine
+
+// Push a directory to a git remote
+#GitPush: {
+	@dagger(notimplemented)
+	$dagger: task: _name: "GitPush"
+
+	input:  #FS
+	remote: string
+	ref:    string
+}
+
+// Pull a directory from a git remote
+// Warning: do NOT embed credentials in the remote url as this will expose them in logs. 
+// By using username and password Dagger will handle this for you in a secure manner.
+#GitPull: {
+	$dagger: task: _name: "GitPull"
+	remote:     string
+	ref:        string
+	keepGitDir: true | *false
+	auth?:      {
+		username: string
+		password: #Secret // can be password or personal access token
+	} | {
+		authToken: #Secret
+	} | {
+		authHeader: #Secret
+	}
+	output: #FS
+}

pkg/dagger.io/dagger/engine/http.cue

@@ -0,0 +1,47 @@
+package engine
+
+// HTTP operations
+
+// Raw buildkit API
+//
+// package llb // import "github.com/moby/buildkit/client/llb"
+//
+// func HTTP(url string, opts ...HTTPOption) State
+//
+// type HTTPOption interface {
+//         SetHTTPOption(*HTTPInfo)
+// }
+// func Checksum(dgst digest.Digest) HTTPOption
+// func Chmod(perm os.FileMode) HTTPOption
+// func Chown(uid, gid int) HTTPOption
+// func Filename(name string) HTTPOption
+
+// Fetch a file over HTTP
+#HTTPFetch: {
+	$dagger: task: _name: "HTTPFetch"
+
+	// Source url
+	// Example: https://www.dagger.io/index.html
+	source: string
+
+	// Destination path of the downloaded file
+	// Example: "/downloads/index.html"
+	dest: string
+
+	// Optionally verify the file checksum
+	// FIXME: what is the best format to encode checksum?
+	checksum?: string
+
+	// Optionally set file permissions on the downloaded file
+	// FIXME: find a more developer-friendly way to input file permissions
+	permissions?: int
+
+	// Optionally set UID of the downloaded file
+	uid?: int
+
+	// Optionally set GID of the downloaded file
+	gid?: int
+
+	// New filesystem state containing the downloaded file
+	output: #FS
+}

pkg/dagger.io/dagger/engine/image.cue

@@ -0,0 +1,106 @@
+package engine
+
+// Upload a container image to a remote repository
+#Push: {
+	$dagger: task: _name: "Push"
+
+	// Target repository address
+	dest: #Ref
+
+	// Filesystem contents to push
+	input: #FS
+
+	// Container image config
+	config: #ImageConfig
+
+	// Authentication
+	auth: [...{
+		target:   string
+		username: string
+		secret:   string | #Secret
+	}]
+
+	// Complete ref of the pushed image, including digest
+	result: #Ref
+}
+
+// A ref is an address for a remote container image
+//
+// Examples:
+//   - "index.docker.io/dagger"
+//   - "dagger"
+//   - "index.docker.io/dagger:latest"
+//   - "index.docker.io/dagger:latest@sha256:a89cb097693dd354de598d279c304a1c73ee550fbfff6d9ee515568e0c749cfe"
+#Ref: string
+
+// Container image config. See [OCI](https://www.opencontainers.org/).
+// Spec left open on purpose to account for additional fields.
+// [Image Spec](https://github.com/opencontainers/image-spec/blob/main/specs-go/v1/config.go)
+// [Docker Superset](https://github.com/moby/buildkit/blob/master/frontend/dockerfile/dockerfile2llb/image.go)
+#ImageConfig: {
+	Env?: [...string]
+	User?: string
+	Cmd?: [...string]
+	...
+}
+
+// Download a container image from a remote repository
+#Pull: {
+	$dagger: task: _name: "Pull"
+
+	// Repository source ref
+	source: #Ref
+
+	// Authentication
+	auth: [...{
+		target:   string
+		username: string
+		secret:   string | #Secret
+	}]
+
+	// Root filesystem of downloaded image
+	output: #FS
+
+	// Image digest
+	digest: string
+
+	// Downloaded container image config
+	config: #ImageConfig
+}
+
+// Build a container image using buildkit
+// FIXME: rename to #Dockerfile to clarify scope
+#Build: {
+	$dagger: task: _name: "Build"
+
+	// Source directory to build
+	source: #FS
+	{
+		frontend:   "dockerfile"
+		dockerfile: {
+			path: string | *"Dockerfile"
+		} | {
+			contents: string
+		}
+
+		// Authentication
+		auth: [...{
+			target:   string
+			username: string
+			secret:   string | #Secret
+		}]
+
+		// FIXME: options ported from op.#DockerBuild
+		platforms?: [...string]
+		target?: string
+		buildArg?: [string]: string
+		label?: [string]:    string
+		hosts?: [string]:    string
+	}
+
+	// Root filesystem produced by build
+	output: #FS
+
+	// Container image config produced by build
+	config: #ImageConfig
+}

pkg/dagger.io/dagger/engine/plan.cue

@@ -0,0 +1,144 @@
+package engine
+
+// A deployment plan executed by `dagger up`
+#Plan: #DAG
+
+// A special kind of program which `dagger` can execute.
+#DAG: {
+	// Receive inputs from the client
+	inputs: {
+		// Receive directories
+		directories: [name=string]: _#inputDirectory
+		// Securely receive secrets
+		secrets: [name=string]: _#inputSecret
+		// Receive runtime parameters
+		params: [name=string]: _
+	}
+
+	// Send outputs to the client
+	outputs: {
+		@dagger(notimplemented)
+		directories: [name=string]: _#outputDirectory
+	}
+
+	// Forward network services to and from the client
+	proxy: [endpoint=string]: _#proxyEndpoint
+
+	// Configure platform execution
+	platform?: string
+
+	// Execute actions in containers
+	actions: {
+		...
+	}
+}
+
+_#inputDirectory: {
+	// FIXME: rename to "InputDirectory" for consistency
+	$dagger: task: _name: "InputDirectory"
+
+	// Import from this path ON THE CLIENT MACHINE
+	// Example: "/Users/Alice/dev/todoapp/src"
+	path: string
+
+	// Filename patterns to include
+	// Example: ["*.go", "Dockerfile"]
+	include?: [...string]
+
+	// Filename patterns to exclude
+	// Example: ["node_modules"]
+	exclude?: [...string]
+
+	// Imported filesystem contents
+	// Use this as input for actions requiring an #FS field
+	contents: #FS
+}
+
+// Securely receive a secret from the client
+_#inputSecret: {
+	_#inputSecretEnv | _#inputSecretFile | _#inputSecretExec
+
+	// Reference to the secret contents
+	// Use this by securely mounting it into a container.
+	// See universe.dagger.io/docker.#Run.mounts
+	// FIXME: `contents` field name causes confusion (not actually the secret contents..)
+	contents: #Secret
+
+	// Whether to trim leading and trailing space characters from secret value
+	trimSpace: *true | false
+}
+
+// Read secret from an environment variable ON THE CLIENT MACHINE
+_#inputSecretEnv: {
+	$dagger: task: _name: "InputSecretEnv"
+
+	envvar: string
+
+	contents: #Secret
+}
+
+// Read secret from a file ON THE CLIENT MACHINE
+_#inputSecretFile: {
+	$dagger: task: _name: "InputSecretFile"
+
+	path: string
+
+	contents: #Secret
+}
+
+// Get secret by executing a command ON THE CLIENT MACHINE
+_#inputSecretExec: {
+	$dagger: task: _name: "InputSecretExec"
+
+	command: {
+		name: string
+		args: [...string]
+		interactive: true | *false @dagger(notimplemented) // FIXME: https://github.com/dagger/dagger/issues/1268
+	}
+
+	contents: #Secret
+}
+
+_#outputDirectory: {
+	$dagger: task: _name: "OutputDirectory"
+
+	// Filesystem contents to export
+	// Reference an #FS field produced by an action
+	contents: #FS
+
+	// Export to this path ON THE CLIENT MACHINE
+	dest: string
+}
+
+// Forward a network endpoint to and from the client
+_#proxyEndpoint: {
+	$dagger: task: _name: "ProxyEndpoint"
+
+	// Service endpoint can be proxied to action containers as unix sockets
+	// FIXME: should #Service be renamed to #ServiceEndpoint or #Endpoint? Naming things is hard...
+	// FIXME: should be endpoint
+	service:  #Service
+	endpoint: service
+	{
+		// FIXME: reconcile with spec
+		unix: string
+	} | {
+		// FIXME: reconcile with spec
+		npipe: string
+	} | {
+		// Listen for connections ON THE CLIENT MACHINE, proxy to actions
+		listen: #Address @dagger(notimplemented)
+	} | {
+		// Connect to a remote endpoint FROM THE CLIENT MACHINE, proxy to actions
+		connect: #Address @dagger(notimplemented)
+	} | {
+		// Proxy to/from the contents of a file ON THE CLIENT MACHINE
+		filepath: string @dagger(notimplemented)
+	} | {
+		// Proxy to/from standard input and output of a command ON THE CLIENT MACHINE
+		command: [string, ...string] | string @dagger(notimplemented)
+	}
+}
+
+// A network service address
+#Address: string & =~"^(tcp://|unix://|udp://).*"

pkg/dagger.io/dagger/engine/secret.cue

@@ -0,0 +1,15 @@
+package engine
+
+// Create a new a secret from a filesystem tree
+#NewSecret: {
+	$dagger: task: _name: "NewSecret"
+
+	// Filesystem tree holding the secret
+	input: #FS
+	// Path of the secret to read
+	path: string
+	// Whether to trim leading and trailing space characters from secret value
+	trimSpace: *true | false
+	// Contents of the secret
+	output: #Secret
+}

pkg/dagger.io/dagger/engine/types.cue

@@ -0,0 +1,29 @@
+package engine
+
+// A reference to a filesystem tree.
+// For example:
+//  - The root filesystem of a container
+//  - A source code repository
+//  - A directory containing binary artifacts
+// Rule of thumb: if it fits in a tar archive, it fits in a #FS.
+#FS: {
+	$dagger: fs: _id: string | null
+}
+
+// A reference to an external secret, for example:
+//  - A password
+//  - A SSH private key
+//  - An API token
+// Secrets are never merged in the Cue tree. They can only be used
+// by a special filesystem mount designed to minimize leak risk.
+#Secret: {
+	$dagger: secret: _id: string
+}
+
+// A reference to a network service endpoint, for example:
+//  - A TCP or UDP port
+//  - A unix or npipe socket
+//  - An HTTPS endpoint
+#Service: {
+	$dagger: service: _id: string
+}

pkg/dagger.io/dagger/plan.cue

@@ -0,0 +1,11 @@
+package dagger
+
+import (
+	"alpha.dagger.io/europa/dagger/engine"
+)
+
+// A deployment plan executed by `dagger up`
+#Plan: engine.#Plan
+
+// A special kind of program which `dagger` can execute.
+#DAG: engine.#DAG

pkg/dagger.io/dagger/types.cue

@@ -0,0 +1,30 @@
+package dagger
+
+import (
+	"alpha.dagger.io/europa/dagger/engine"
+)
+
+// A reference to a filesystem tree.
+// For example:
+//  - The root filesystem of a container
+//  - A source code repository
+//  - A directory containing binary artifacts
+// Rule of thumb: if it fits in a tar archive, it fits in a #FS.
+#FS: engine.#FS
+
+// A reference to an external secret, for example:
+//  - A password
+//  - A SSH private key
+//  - An API token
+// Secrets are never merged in the Cue tree. They can only be used
+// by a special filesystem mount designed to minimize leak risk.
+#Secret: engine.#Secret
+
+// A reference to a network service endpoint, for example:
+//  - A TCP or UDP port
+//  - A unix socket
+//  - An HTTPS endpoint
+#Service: engine.#Service
+
+// A network service address
+#Address: engine.#Address

pkg/dagger.io/dagger/utils.cue

@@ -0,0 +1,28 @@
+package dagger
+
+import (
+	"alpha.dagger.io/europa/dagger/engine"
+)
+
+// Select a subdirectory from a filesystem tree
+#Subdir: {
+	// Input tree
+	input: #FS
+
+	// Path of the subdirectory
+	// Example: "/build"
+	path: string
+
+	// Subdirectory tree
+	output: #FS & copy.output
+
+	// Copy action
+	copy: engine.#Copy & {
+		"input": engine.#Scratch
+		source: {
+			root:   input
+			"path": path
+		}
+		dest: "/"
+	}
+}