dagger/dagger v0.18.6

on GitHub

v0.18.6 - 2025-05-06

🔥 Breaking Changes

• Cache URI-based secrets based on their plaintext value rather than the URI by @sipsma in #10311
  Previously, the "cache key" for URI-based secrets (e.g. env://FOO, file:///some/path, etc.) was the URI string. This meant that operations including the secret (e.g. as an environment variable in a Container) would be cached based on the URI value. If two secrets from different clients had the same URI but different plaintext values, cache for operations that include them would be shared.

  In many cases, even when URIs were the same, the plaintext of secrets could be meaningfully different, which made this behavior surprising and lead to unexpected results.

  Now, URI-based secrets are cached based on secure hashes of their plaintext value. Two secrets that have the same URI but different plaintext values will be cached separately, and operations that include them will not share cache.

  However, there are cases where users do want secrets with different plaintexts to share cache, e.g. secrets that rotate in plaintext value frequently but aren't meaningfully different and thus shouldn't bust the cache of operations that include them.

  To continue supporting those use cases, there is a new optional cacheKey argument to Secret that can be used to specify a custom cache key. If provided, the cache key will be used instead of the default plaintext-based cache key, allowing any secrets sharing that cache-key to be cached together.

  SDKs can provide this as an optional argument to the Secret constructor. Other example usages:

  dagger shell:

  • dagger shell -c "some-function --secret-arg $(secret env://FOO --cache-key my-cache-key)"

  dagger call (supports a special syntax that sets the cache key via a query param in the URI):

  • dagger call some-function --secret-arg env://FOO?cacheKey=my-cache-key

Added

• New GitRepository.branches API by @jedevc in #10250
• New File top-level field added to allow easier creation of File objects by @jedevc in #10290

Fixed

• GitRepository.tags patterns arg is now respected for local git repositories by @jedevc in #10250
• Return an error when a function argument conflicts with a persistent flag in dagger call by @helderco in #10305
• Fix "failed to return error" and "failed to emit telemetry" errors when two identical functions execute at the same time and one client cancels the request by @sipsma in #10264
• Fix panic in vault secret provider when path exists but secret doesn't by @sipsma in #10311
• Fix panic when using Container.build with a Dockerfile that is FROM scratch by @sipsma in #10332

What to do next?

• Read the documentation
• Join our Discord server
• Follow us on Twitter