sipsma
commented
1 year ago @cpuguy83 Right now all the automation we use to build these are defined w/ dagger (we use a previous stable version of dagger to build the new ones) in this internal package: https://github.com/dagger/dagger/tree/main/internal/mage
Feel free to let us know if making that package non-internal could help out here. I think the CLI is straightforward to build but the engine has a lot more parts.
Also, if there's anything we could do from a supply chain perspective to let you re-use our own builds (e.g. generate an SBOM), would be very interested to know. Can't promise we'll have the bandwidth to immediately implement that but it would be very good to at least have on our radar if it'd help.
The dagger client automatically pulls in a dagger engine image and binary. For supply chain security reasons we should be using our own engine/cli binaries.