This enables us to configure Certificate Authority, Registries and Execution Permissions

https://docs.dagger.io/manuals/administrator/custom-registry

debug = true
insecure-entitlements = ["security.insecure"]

[registry."docker.io"]
  mirrors = ["mirror.gcr.io"]

[registry."your.private.registry"]
    mirrors = []
    

https://docs.dagger.io/manuals/administrator/custom-ca

The base certificates, which can be applied to the base dagger engine

FROM your.private.registry/private-certificates:latest AS pvt
FROM registry.dagger.io/engine:v0.12.2 AS engine
COPY --from=pvt /certificates /usr/local/share/ca-certificates

Build the custom base image

docker build -t your.private.registry/mageep/custom-dagger-engine:v0.12.2 -f engine.Dockerfile .

https://docs.dagger.io/manuals/administrator/custom-runner

Start the custom engine and mount the configuration with the new base image that has our custom CA certificates

docker run -d --rm --name custom-dagger-engine --privileged --volume $PWD/engine.toml:/etc/dagger/engine.toml your.private.registry/mageep/custom-dagger-engine:v0.12.2

Smoke test - You can run GraphQL Queries directly against the Dagger Engine, as that's how it how a dagger client actually communicates with the Dagger Engine. A Dagger SDK is an SDK for the GraphQL Dagger Engine API

It should be able to pull the image from Artifacts and also not complain about the certificate being an unknown CA, as we've already built and started a custom dagger engine ✊👊

Add environment variable to tell Dagger CLI what the new engine is called.

$env:_EXPERIMENTAL_DAGGER_RUNNER_HOST
docker-container://custom-dagger-engine

'{
 container {
   from(address: "your.private.registry/dotnet/sdk:8.0") {
     withExec(args: ["dotnet", "-h"]) {
       stdout
     }
   }
 }
}' | dagger query --progress=plain