update action to dagger 0.2

- Remove AGE key setup
- Update README to use `dagger do`
- Update tests to dagger 0.2

Signed-off-by: Andrea Luzzardi <aluzzardi@gmail.com>

test/cue.mod/pkg/dagger.io/dagger/exec.cue

@@ -0,0 +1,81 @@
+package dagger
+
+// Execute a command in a container
+#Exec: {
+	$dagger: task: _name: "Exec"
+
+	// Container filesystem
+	input: #FS
+
+	// Transient filesystem mounts
+	//   Key is an arbitrary name, for example "app source code"
+	//   Value is mount configuration
+	mounts: [name=string]: #Mount
+
+	// Command to execute
+	// Example: ["echo", "hello, world!"]
+	args: [...string]
+
+	// Environment variables
+	env: [key=string]: string | #Secret
+
+	// Working directory
+	workdir: string | *"/"
+
+	// User ID or name
+	user: string | *"root"
+
+	// If set, always execute even if the operation could be cached
+	always: true | *false
+
+	// Inject hostname resolution into the container
+	// key is hostname, value is IP
+	hosts: [hostname=string]: string
+
+	// Modified filesystem
+	output: #FS
+
+	// Command exit code
+	// Currently this field can only ever be zero.
+	// If the command fails, DAG execution is immediately terminated.
+	// FIXME: expand API to allow custom handling of failed commands
+	exit: int & 0
+}
+
+// A transient filesystem mount.
+#Mount: {
+	dest: string
+	type: string
+	{
+		type:     "cache"
+		contents: #CacheDir
+	} | {
+		type:     "tmp"
+		contents: #TempDir
+	} | {
+		type:     "service"
+		contents: #Service
+	} | {
+		type:     "fs"
+		contents: #FS
+		source?:  string
+		ro?:      true | *false
+	} | {
+		type:     "secret"
+		contents: #Secret
+		uid:      int | *0
+		gid:      int | *0
+		mask:     int | *0o400
+	}
+}
+
+// A (best effort) persistent cache dir
+#CacheDir: {
+	id:          string
+	concurrency: *"shared" | "private" | "locked"
+}
+
+// A temporary directory for command execution
+#TempDir: {
+	size: int64 | *0
+}

test/cue.mod/pkg/dagger.io/dagger/fs.cue

@@ -0,0 +1,118 @@
+package dagger
+
+// Access the source directory for the current CUE package
+// This may safely be called from any package
+#Source: {
+	$dagger: task: _name: "Source"
+
+	// Relative path to source.
+	path: string
+	// Optionally exclude certain files
+	include: [...string]
+	// Optionally include certain files
+	exclude: [...string]
+
+	output: #FS
+}
+
+// Create one or multiple directory in a container
+#Mkdir: {
+	$dagger: task: _name: "Mkdir"
+
+	// Container filesystem
+	input: #FS
+
+	// Path of the directory to create
+	// It can be nested (e.g : "/foo" or "/foo/bar")
+	path: string
+
+	// Permissions of the directory
+	permissions: *0o755 | int
+
+	// If set, it creates parents' directory if they do not exist
+	parents: *true | false
+
+	// Modified filesystem
+	output: #FS
+}
+
+#ReadFile: {
+	$dagger: task: _name: "ReadFile"
+
+	// Filesystem tree holding the file
+	input: #FS
+	// Path of the file to read
+	path: string
+	// Contents of the file
+	contents: string
+}
+
+// Write a file to a filesystem tree, creating it if needed
+#WriteFile: {
+	$dagger: task: _name: "WriteFile"
+
+	// Input filesystem tree
+	input: #FS
+	// Path of the file to write
+	path: string
+	// Contents to write
+	contents: string
+	// Permissions of the file
+	permissions: *0o600 | int
+	// Output filesystem tree
+	output: #FS
+}
+
+// Copy files from one FS tree to another
+#Copy: {
+	$dagger: task: _name: "Copy"
+	// Input of the operation
+	input: #FS
+	// Contents to copy
+	contents: #FS
+	// Source path (optional)
+	source: string | *"/"
+	// Destination path (optional)
+	dest: string | *"/"
+	// Output of the operation
+	output: #FS
+}
+
+#CopyInfo: {
+	source: {
+		root: #FS
+		path: string | *"/"
+	}
+	dest: string
+}
+
+// Merge multiple FS trees into one
+#Merge: {
+	@dagger(notimplemented)
+	$dagger: task: _name: "Merge"
+
+	input: #FS
+	layers: [...#CopyInfo]
+	output: #FS
+}
+
+// Select a subdirectory from a filesystem tree
+#Subdir: {
+	// Input tree
+	input: #FS
+
+	// Path of the subdirectory
+	// Example: "/build"
+	path: string
+
+	// Copy action
+	_copy: #Copy & {
+		"input":  #Scratch
+		contents: input
+		source:   path
+		dest:     "/"
+	}
+
+	// Subdirectory tree
+	output: #FS & _copy.output
+}

test/cue.mod/pkg/dagger.io/dagger/git.cue

@@ -0,0 +1,30 @@
+package dagger
+
+// Push a directory to a git remote
+#GitPush: {
+	@dagger(notimplemented)
+	$dagger: task: _name: "GitPush"
+
+	input:  #FS
+	remote: string
+	ref:    string
+}
+
+// Pull a directory from a git remote
+// Warning: do NOT embed credentials in the remote url as this will expose them in logs. 
+// By using username and password Dagger will handle this for you in a secure manner.
+#GitPull: {
+	$dagger: task: _name: "GitPull"
+	remote:     string
+	ref:        string
+	keepGitDir: true | *false
+	auth?:      {
+		username: string
+		password: #Secret // can be password or personal access token
+	} | {
+		authToken: #Secret
+	} | {
+		authHeader: #Secret
+	}
+	output: #FS
+}

test/cue.mod/pkg/dagger.io/dagger/http.cue

@@ -0,0 +1,47 @@
+package dagger
+
+// HTTP operations
+
+// Raw buildkit API
+//
+// package llb // import "github.com/moby/buildkit/client/llb"
+//
+// func HTTP(url string, opts ...HTTPOption) State
+//
+// type HTTPOption interface {
+//         SetHTTPOption(*HTTPInfo)
+// }
+// func Checksum(dgst digest.Digest) HTTPOption
+// func Chmod(perm os.FileMode) HTTPOption
+// func Chown(uid, gid int) HTTPOption
+// func Filename(name string) HTTPOption
+
+// Fetch a file over HTTP
+#HTTPFetch: {
+	$dagger: task: _name: "HTTPFetch"
+
+	// Source url
+	// Example: https://www.dagger.io/index.html
+	source: string
+
+	// Destination path of the downloaded file
+	// Example: "/downloads/index.html"
+	dest: string
+
+	// Optionally verify the file checksum
+	// FIXME: what is the best format to encode checksum?
+	checksum?: string
+
+	// Optionally set file permissions on the downloaded file
+	// FIXME: find a more developer-friendly way to input file permissions
+	permissions?: int
+
+	// Optionally set UID of the downloaded file
+	uid?: int
+
+	// Optionally set GID of the downloaded file
+	gid?: int
+
+	// New filesystem state containing the downloaded file
+	output: #FS
+}

test/cue.mod/pkg/dagger.io/dagger/image.cue

@@ -0,0 +1,190 @@
+package dagger
+
+import (
+	"list"
+)
+
+// Upload a container image to a remote repository
+#Push: {
+	$dagger: task: _name: "Push"
+
+	// Target repository address
+	dest: #Ref
+
+	// Filesystem contents to push
+	input: #FS
+
+	// Container image config
+	config: #ImageConfig
+
+	// Authentication
+	auth?: {
+		username: string
+		secret:   #Secret
+	}
+
+	// Complete ref of the pushed image, including digest
+	result: #Ref
+}
+
+// A ref is an address for a remote container image
+//
+// Examples:
+//   - "index.docker.io/dagger"
+//   - "dagger"
+//   - "index.docker.io/dagger:latest"
+//   - "index.docker.io/dagger:latest@sha256:a89cb097693dd354de598d279c304a1c73ee550fbfff6d9ee515568e0c749cfe"
+#Ref: string
+
+// Container image config. See [OCI](https://www.opencontainers.org/).
+#ImageConfig: {
+	user?: string
+	expose?: [string]: {}
+	env?: [string]: string
+	entrypoint?: [...string]
+	cmd?: [...string]
+	volume?: [string]: {}
+	workdir?: string
+	label?: [string]: string
+	stopsignal?:  string
+	healthcheck?: #HealthCheck
+	argsescaped?: bool
+	onbuild?: [...string]
+	stoptimeout?: int
+	shell?: [...string]
+}
+
+#HealthCheck: {
+	test?: [...string]
+	interval?:    int
+	timeout?:     int
+	startperiod?: int
+	retries?:     int
+}
+
+// Download a container image from a remote repository
+#Pull: {
+	$dagger: task: _name: "Pull"
+
+	// Repository source ref
+	source: #Ref
+
+	// Authentication
+	auth?: {
+		username: string
+		secret:   #Secret
+	}
+
+	// Root filesystem of downloaded image
+	output: #FS
+
+	// Image digest
+	digest: string
+
+	// Downloaded container image config
+	config: #ImageConfig
+}
+
+// Build a container image using a Dockerfile
+#Dockerfile: {
+	$dagger: task: _name: "Dockerfile"
+
+	// Source directory to build
+	source: #FS
+
+	dockerfile: *{
+		path: string | *"Dockerfile"
+	} | {
+		contents: string
+	}
+
+	// Authentication
+	auth: [registry=string]: {
+		username: string
+		secret:   #Secret
+	}
+
+	platforms?: [...string]
+	target?: string
+	buildArg?: [string]: string
+	label?: [string]:    string
+	hosts?: [string]:    string
+
+	// Root filesystem produced
+	output: #FS
+
+	// Container image config produced
+	config: #ImageConfig
+}
+
+// Change image config
+#Set: {
+	// The source image config
+	input: #ImageConfig
+
+	// The config to merge
+	config: #ImageConfig
+
+	// Resulting config
+	output: #ImageConfig & {
+		let structs = ["env", "label", "volume", "expose"]
+		let lists = ["onbuild"]
+
+		// doesn't exist in config, copy away
+		for field, value in input if config[field] == _|_ {
+			"\(field)": value
+		}
+
+		// only exists in config, just copy as is
+		for field, value in config if input[field] == _|_ {
+			"\(field)": value
+		}
+
+		// these should exist in both places
+		for field, value in config if input[field] != _|_ {
+			"\(field)": {
+				// handle structs that need merging
+				if list.Contains(structs, field) {
+					_#mergeStructs & {
+						#a: input[field]
+						#b: config[field]
+					}
+				}
+
+				// handle lists that need concatenation
+				if list.Contains(lists, field) {
+					list.Concat([
+						input[field],
+						config[field],
+					])
+				}
+
+				// replace anything else
+				if !list.Contains(structs+lists, field) {
+					value
+				}
+			}
+		}
+	}
+}
+
+// Merge two structs by overwriting or adding values
+_#mergeStructs: {
+	// Struct with defaults
+	#a: [string]: _
+
+	// Struct with overrides
+	#b: [string]: _
+	{
+		// FIXME: we need exists() in if because this matches any kind of error (cue-lang/cue#943)
+		// add anything not in b
+		for field, value in #a if #b[field] == _|_ {
+			"\(field)": value
+		}
+
+		// safely add all of b
+		for field, value in #b {
+			"\(field)": value
+		}
+	}
+}

test/cue.mod/pkg/dagger.io/dagger/plan.cue

@@ -0,0 +1,132 @@
+package dagger
+
+// A special kind of program which `dagger` can execute.
+#Plan: {
+	// Access client machine
+	client: {
+		// Access client filesystem
+		// Path may be absolute, or relative to client working directory
+		filesystem: [path=string]: {
+			// Read data from that path
+			read?: _#clientFilesystemRead & {
+				"path": path
+			}
+
+			// If set, Write to that path
+			write?: _#clientFilesystemWrite & {
+				"path": path
+
+				// avoid race condition
+				if read != _|_ {
+					_after: read
+				}
+			}
+		}
+
+		// Access client environment variables
+		env: [string]: *string | #Secret
+
+		// Execute commands in the client
+		commands: [id=string]: _#clientCommand
+
+		// Platform of the client machine
+		platform: _#clientPlatform
+	}
+
+	// Configure platform execution
+	platform?: string
+
+	// Execute actions in containers
+	actions: {
+		...
+	}
+}
+
+_#clientFilesystemRead: {
+	$dagger: task: _name: "ClientFilesystemRead"
+
+	// Path may be absolute, or relative to client working directory
+	path: string
+
+	{
+		// CUE type defines expected content:
+		//     string: contents of a regular file
+		//     #Secret: secure reference to the file contents
+		contents: string | #Secret
+	} | {
+		// CUE type defines expected content:
+		//     #FS: contents of a directory
+		contents: #FS
+
+		// Filename patterns to include
+		// Example: ["*.go", "Dockerfile"]
+		include?: [...string]
+
+		// Filename patterns to exclude
+		// Example: ["node_modules"]
+		exclude?: [...string]
+	} | {
+		// CUE type defines expected content:
+		//     #Service: unix socket or npipe
+		contents: #Service
+
+		// Type of service
+		type: *"unix" | "npipe"
+	}
+}
+
+_#clientFilesystemWrite: {
+	$dagger: task: _name: "ClientFilesystemWrite"
+
+	// Path may be absolute, or relative to client working directory
+	path: string
+	{
+		// File contents to export (as a string or secret)
+		contents: string | #Secret
+
+		// File permissions (defaults to 0o644)
+		permissions?: int
+	} | {
+		// Filesystem contents to export
+		// Reference an #FS field produced by an action
+		contents: #FS
+	}
+}
+
+_#clientCommand: {
+	$dagger: task: _name: "ClientCommand"
+
+	// Name of the command to execute
+	// Examples: "ls", "/bin/bash"
+	name: string
+
+	// Positional arguments to the command
+	// Examples: ["/tmp"]
+	args: [...string]
+
+	// Command-line flags represented in a civilized form
+	// Example: {"-l": true, "-c": "echo hello world"}
+	flags: [string]: bool | string
+
+	// Environment variables
+	// Example: {"DEBUG": "1"}
+	env: [string]: string | #Secret
+
+	// Capture standard output (as a string or secret)
+	stdout?: *string | #Secret
+
+	// Capture standard error (as a string or secret)
+	stderr?: *string | #Secret
+
+	// Inject standard input (from a string or secret)
+	stdin?: string | #Secret
+}
+
+_#clientPlatform: {
+	$dagger: task: _name: "ClientPlatform"
+
+	// Operating system of the client machine
+	os: string
+	// Hardware architecture of the client machine
+	arch: string
+}

test/cue.mod/pkg/dagger.io/dagger/secrets.cue

@@ -0,0 +1,40 @@
+package dagger
+
+// Decode the contents of a secrets without leaking it.
+// Supported formats: json, yaml
+#DecodeSecret: {
+	$dagger: task: _name: "DecodeSecret"
+
+	// A #Secret whose plain text is a JSON or YAML string
+	input: #Secret
+
+	format: "json" | "yaml"
+
+	// A new secret or (map of secrets) derived from unmarshaling the input secret's plain text
+	output: #Secret | {[string]: output}
+}
+
+// Create a new a secret from a filesystem tree
+#NewSecret: {
+	$dagger: task: _name: "NewSecret"
+
+	// Filesystem tree holding the secret
+	input: #FS
+	// Path of the secret to read
+	path: string
+	// Whether to trim leading and trailing space characters from secret value
+	trimSpace: *true | false
+	// Contents of the secret
+	output: #Secret
+}
+
+// Trim leading and trailing space characters from a secret
+#TrimSecret: {
+	$dagger: task: _name: "TrimSecret"
+
+	// Original secret
+	input: #Secret
+
+	// New trimmed secret
+	output: #Secret
+}

test/cue.mod/pkg/dagger.io/dagger/types.cue

@@ -0,0 +1,37 @@
+package dagger
+
+// A reference to a filesystem tree.
+// For example:
+//  - The root filesystem of a container
+//  - A source code repository
+//  - A directory containing binary artifacts
+// Rule of thumb: if it fits in a tar archive, it fits in a #FS.
+#FS: {
+	$dagger: fs: _id: string | null
+}
+
+// An empty directory
+#Scratch: #FS & {
+	$dagger: fs: _id: null
+}
+
+// A reference to an external secret, for example:
+//  - A password
+//  - A SSH private key
+//  - An API token
+// Secrets are never merged in the Cue tree. They can only be used
+// by a special filesystem mount designed to minimize leak risk.
+#Secret: {
+	$dagger: secret: _id: string
+}
+
+// A reference to a network service endpoint, for example:
+//  - A TCP or UDP port
+//  - A unix socket
+//  - An HTTPS endpoint
+#Service: {
+	$dagger: service: _id: string
+}
+
+// A network service address
+#Address: string & =~"^(tcp://|unix://|udp://).*"