Skip to main content

GitLab CI

The following code samples demonstrate how to integrate Dagger with GitLab CI.

Docker executor

The following code listing illustrates Dagger usage in a GitLab CI/CD pipeline, assuming either GitLab-hosted runners using the (default) Docker Machine executor or self-managed GitLab Runners using the Docker executor. In both these cases, the Dagger Engine is provisioned "just in time" using a Docker-in-Docker (dind) service.

.gitlab-ci.yml
.docker:
  image: alpine:latest
  services:
    - docker:${DOCKER_VERSION}-dind
  variables:
    DOCKER_HOST: tcp://docker:2376
    DOCKER_TLS_VERIFY: '1'
    DOCKER_TLS_CERTDIR: '/certs'
    DOCKER_CERT_PATH: '/certs/client'
    DOCKER_DRIVER: overlay2
    DOCKER_VERSION: '20.10.16'
    # assumes the Dagger Cloud token is
    # in a masked/protected variable named DAGGER_CLOUD_TOKEN
    # set via the GitLab UI
    DAGGER_CLOUD_TOKEN: $DAGGER_CLOUD_TOKEN
.dagger:
  extends: [.docker]
  before_script:
    - apk add curl
    - curl -L https://dl.dagger.io/dagger/install.sh | BIN_DIR=/usr/local/bin sh
build:
  extends: [.dagger]
  script:
    # assumes a Go project
    # modify to use different function(s) as needed
    - dagger -m github.com/kpenfound/dagger-modules/golang@v0.1.5 call build --project=. --args=.
    # for ephemeral runners only: override the default docker stop timeout and
    # give the Dagger Engine more time to push cache data to Dagger Cloud
    - docker stop -t 300 $(docker ps --filter name="dagger-engine-*" -q)

Kubernetes executor

The following code listing illustrates Dagger usage in a GitLab CI/CD pipeline, assuming self-managed GitLab Runners in a Kubernetes cluster and using the Kubernetes executor.

.gitlab-ci.yml
.dagger:
  image: alpine:latest
  variables:
    # assumes the Dagger Cloud token is
    # in a masked/protected variable named DAGGER_CLOUD_TOKEN
    # set via the GitLab UI
    DAGGER_CLOUD_TOKEN: $DAGGER_CLOUD_TOKEN
  before_script:
    - apk add curl
    - curl -L https://dl.dagger.io/dagger/install.sh | BIN_DIR=/tmp sh
build:
  extends: [.dagger]
  script:
    # assumes a Go project
    # modify to use different function(s) as needed
    - dagger -m github.com/kpenfound/dagger-modules/golang@v0.1.5 call build --project=. --args=.
    # for ephemeral runners only: override the default docker stop timeout and
    # give the Dagger Engine more time to push cache data to Dagger Cloud
    - docker stop -t 300 $(docker ps --filter name="dagger-engine-*" -q)

In this case, each GitLab Runner must be configured to only run on nodes with pre-provisioned instances of the Dagger Engine. This is achieved using taints and tolerations on the nodes, and pod affinity.

The following code listings illustrate the configuration to be applied to each GitLab Runner, with taints, tolerations and pod affinity set via the dagger-node key. For an example of the corresponding node configuration, refer to the OpenShift integration page.

To use this configuration, replace the YOUR-GITLAB-URL placeholder with the URL of your GitLab instance and replace the YOUR-GITLAB-RUNNER-TOKEN-REFERENCE placeholder with your GitLab Runner authentication token.

runner-config.yml
kind: ConfigMap
apiVersion: v1
metadata:
  name: dagger-custom-config-toml
data:
  config.toml: |
    concurrent = 10
    [[runners]]
      environment = ["HOME=/tmp","FF_GITLAB_REGISTRY_HELPER_IMAGE=1", "_EXPERIMENTAL_DAGGER_RUNNER_HOST"="unix:///var/run/dagger/buildkitd.sock"]
      pre_build_script = "export PATH=\"/tmp/:$PATH\""
      name = "GitLab Runner with Dagger"
      url = YOUR-GITLAB-URL
      executor = "kubernetes"
      [runners.kubernetes]
        namespace = "dagger"
        pull_policy = "always"
        privileged = true
      [runners.kubernetes.affinity]
      [runners.kubernetes.affinity.node_affinity.required_during_scheduling_ignored_during_execution]
        [[runners.kubernetes.affinity.node_affinity.required_during_scheduling_ignored_during_execution.node_selector_terms]]
          [[runners.kubernetes.affinity.node_affinity.required_during_scheduling_ignored_during_execution.node_selector_terms.match_expressions]]
            key = "dagger-node"
            operator = "In"
            values = ["true"]
      [runners.kubernetes.node_tolerations]
        "dagger-node" = ""
      [runners.kubernetes.pod_security_context]
        run_as_non_root = false
        run_as_user = 0
        [[runners.kubernetes.volumes.host_path]]
          name = "dagger"
          mount_path = "/var/run/dagger"
          host_path = "/var/run/dagger"
runner.yml
apiVersion: apps.gitlab.com/v1beta2
kind: Runner
metadata:
  name: dagger-runner
  namespace: dagger
spec:
  config: dagger-custom-config-toml
  gitlabUrl: YOUR-GITLAB-URL
  tags: dagger
  token: YOUR-GITLAB-RUNNER-TOKEN-REFERENCE
  runUntagged: false