From 3b0d7ad6e3e6aa2e5a6bd8f04b61f19710e30921 Mon Sep 17 00:00:00 2001
From: Patrick Hermann <patrick.hermann@sva.de>
Date: Thu, 28 May 2026 08:30:24 +0000
Subject: [PATCH] feat(crossplane): add crossplane-verify reusable workflow
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Wraps github.com/stuttgart-things/dagger/crossplane@v0.115.0 `verify`,
which runs the four-layer offline check per example XR (xpkg build,
XR↔XRD, Object wrapper, embedded manifest). Inputs let callers override
the dagger module pin and the provider-kubernetes CRD version used for
Layer 2 schemas.

Closes the workflow side of stuttgart-things/dagger#277.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 .github/workflows/call-crossplane-verify.yaml | 63 +++++++++++++++++++
 1 file changed, 63 insertions(+)
 create mode 100644 .github/workflows/call-crossplane-verify.yaml

diff --git a/.github/workflows/call-crossplane-verify.yaml b/.github/workflows/call-crossplane-verify.yaml
new file mode 100644
index 0000000..7f52c97
--- /dev/null
+++ b/.github/workflows/call-crossplane-verify.yaml
@@ -0,0 +1,63 @@
+---
+name: Crossplane Configuration Verification with Dagger
+on:
+  workflow_call:
+    inputs:
+      runs-on:
+        required: false
+        type: string
+        default: ubuntu-latest
+      environment-name:
+        required: false
+        type: string
+        default: k8s
+      src:
+        description: >-
+          Path to a single Crossplane Configuration directory
+          (containing crossplane.yaml, apis/, examples/).
+        required: true
+        type: string
+      provider-kubernetes-version:
+        description: >-
+          provider-kubernetes version whose CRD schemas are used for Layer 2
+          (Object wrapper) validation. Should match the dependsOn floor in the
+          Configuration's crossplane.yaml.
+        required: false
+        type: string
+        default: v1.2.0
+      dagger-version:
+        description: "Dagger CLI version"
+        required: false
+        type: string
+        default: "0.20.8"
+      crossplane-module-version:
+        description: "Version of stuttgart-things/dagger/crossplane to invoke"
+        required: false
+        type: string
+        default: v0.115.0
+
+permissions:
+  contents: read
+
+jobs:
+  Crossplane-Verify:
+    name: Crossplane Verify (${{ inputs.src }})
+    runs-on: ${{ inputs.runs-on }}
+    environment: ${{ inputs.environment-name }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6.0.2
+        with:
+          fetch-depth: 0
+
+      - name: Verify Configuration
+        uses: dagger/dagger-for-github@v8.4.1
+        with:
+          version: ${{ inputs.dagger-version }}
+          verb: call
+          module: github.com/stuttgart-things/dagger/crossplane@${{ inputs.crossplane-module-version }}
+          args: >-
+            verify
+            --src ${{ inputs.src }}
+            --provider-kubernetes-version ${{ inputs.provider-kubernetes-version }}
+          cloud-token: ${{ secrets.DAGGER_CLOUD_TOKEN }}