{"id":19281858,"url":"https://github.com/elide-dev/build-infra","last_synced_at":"2025-04-22T01:31:14.331Z","repository":{"id":175664689,"uuid":"646018864","full_name":"elide-dev/build-infra","owner":"elide-dev","description":"Secure reusable build infrastructure","archived":false,"fork":false,"pushed_at":"2025-04-01T09:19:24.000Z","size":2447,"stargazers_count":2,"open_issues_count":7,"forks_count":2,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-01T17:53:37.665Z","etag":null,"topics":["bazel","devtools","github-actions","reusable-workflows","workflows"],"latest_commit_sha":null,"homepage":"https://elide.dev","language":"Kotlin","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/elide-dev.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":".github/CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":"SECURITY.md","support":null,"governance":".github/GOVERNANCE.md","roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-05-27T03:14:55.000Z","updated_at":"2025-03-22T06:49:01.000Z","dependencies_parsed_at":"2023-10-23T23:25:38.274Z","dependency_job_id":"b0d45d69-a822-41c9-aebb-64a015d4ce04","html_url":"https://github.com/elide-dev/build-infra","commit_stats":null,"previous_names":["elide-dev/build-infra"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/elide-dev%2Fbuild-infra","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/elide-dev%2Fbuild-infra/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/elide-dev%2Fbuild-infra/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/elide-dev%2Fbuild-infra/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/elide-dev","download_url":"https://codeload.github.com/elide-dev/build-infra/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":250161988,"owners_count":21385019,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["bazel","devtools","github-actions","reusable-workflows","workflows"],"created_at":"2024-11-09T21:24:27.755Z","updated_at":"2025-04-22T01:31:13.950Z","avatar_url":"https://github.com/elide-dev.png","language":"Kotlin","readme":"# elide ci infra\n\n[![Lint: Actions](https://github.com/elide-dev/build-infra/actions/workflows/check.actions-lint.ci.yml/badge.svg)](https://github.com/elide-dev/build-infra/actions/workflows/check.actions-lint.ci.yml)\n[![Lint: YAML](https://github.com/elide-dev/build-infra/actions/workflows/check.yaml-lint.ci.yml/badge.svg)](https://github.com/elide-dev/build-infra/actions/workflows/check.yaml-lint.ci.yml)\n[![OpenSSF Best Practices](https://www.bestpractices.dev/projects/7693/badge)](https://www.bestpractices.dev/projects/7693)\n\n### Structure\n\nEach workflow profile is defined in this repository as a GitHub Workflow, using YAML. In some cases, workflows are paired\nwith a container image which includes the tools which are used by the workflow. The image typically isn't required (unless\nnoted) but may vastly speed up builds by pre-including tools.\n\nFor an exhaustive list of build profiles and their use, see the table further down.\n\n- **[Containers](./containers): Container image definitions** which are used by **actions** and **workflows**; some of\n these can also be used directly in downstream workflows.\n\n- **[Actions](./actions): Custom GitHub Actions** for use in Elide codebases. Actions are used like any other GitHub Action,\n but with references to this repository instead.\n\n- **[Workflows](./.github/workflows/pkg): Custom YAML workflow definitions** for use in Elide codebases. Workflows are used as external\n `workflow_call` targets.\n\n- **[Gradle](./gradle): Gradle build conventions** which are re-usable across projects, as a suite of easily applicable build convention\n plugins and version catalogs.\n\n## Workflows\n\nIn a `.github/workflows/\u003cx\u003e.yml`:\n\n```yaml\n# ...\n\njobs:\n ## Build container\n build-a-container:\n name: \"Image\"\n uses: elide-dev/build-infra/.github/workflows/container.yml@main\n secrets: inherit\n permissions:\n checks: write\n id-token: write\n contents: read\n packages: write\n pull-requests: write\n with:\n image: elide-dev/build-infra/gvm\n path: containers/gvm\n push: ${{ github.event_name == 'push' \u0026\u0026 github.ref == 'refs/heads/main' }}\n```\n\nThe above job uses the `container.yml` \"build profile\" (see all profiles listed below). By using the re-usable workflow, you\ngain consistency:\n\n- Repository authentication is handled for you\n- Intelligent platform selection (with override)\n- Consistent tagging and labeling of images\n- Underlying Github Actions updates happen without repo commits\n\n\n# Build profiles\n\n| Name | Description |\n|------------------|----------------------------------|\n| `android.yml` | Build an Android app with Gradle |\n| `container.yml` | Build and push a container image |\n| `jvm.gradle.yml` | Run a Gradle build targeting JVM |\n| `jvm.maven.yml` | Run a Maven build targeting JVM |\n| `bazel.yml` | Build targets with Bazel |\n\nSee below for documentation about reusable workflow inputs.\n\n## Workflow inputs\n\nSee below for an exhaustive list of all inputs for each build profile. You can use these inputs in the `with: {}` block of your workflow invocation.\n\n### Containers\n\n- **Description:** Consistently build properly tagged container images in sync with source control\n- **Workflow:** `.github/workflows/container.yml`\n\n#### Inputs\n\n| Name | Type | Description | Default value |\n|--------------|-----------|----------------------------------|-----------------------------|\n| `image`* | `string` | Image coordinate to build | _(None. Required.)_ |\n| `auth` | `boolean` | Whether to authenticate | `true` |\n| `dockerfile` | `string` | Full path to Dockerfile to build | `\"Dockerfile\"` |\n| `path` | `string` | Docker context path for build | `\".\"` |\n| `platforms` | `string` | Architectures/platforms to build | `\"linux/amd64,linux/arm64\"` |\n| `push` | `boolean` | Whether to push after building | `false` |\n| `registry` | `string` | Whether to push after building | `\"ghcr.io\"` |\n| `runner` | `string` | Runner to use for all tasks | _(See runner docs)_ |\n| `tags` | `string` | Tags to push to with built image | _(None.)_ |\n\n### Gradle: Android\n\n- **Description:** Consistently build JVM outputs using Gradle\n- **Workflow:** `.github/workflows/jvm.gradle.yml`\n\n#### Inputs\n\n| Name | Type | Description | Default value |\n|-------------------|-----------|----------------------------------|-------------------------|\n| `action` | `string` | Gradle task(s) to execute | `\"build\"` |\n| `android` | `boolean` | Install Android SDK | true |\n| `artifact` | `string` | Name of output artifact to use | _(None.)_ |\n| `artifacts` | `boolean` | Upload built artifacts | `false` |\n| `cache_action` | `boolean` | Turn GHA cache on/off | `true` |\n| `cache_local` | `boolean` | Turn local caching on/off | `false` |\n| `cache_read_only` | `boolean` | GHA cache read-only status | `false` |\n| `cache_remote` | `boolean` | Turn remote caching on/off | `true` |\n| `checks` | `boolean` | Run checks and Sonar | `true` |\n| `coverage` | `boolean` | Upload → Codecov after build | `false` |\n| `coverage_report` | `string` | Path to coverage report | _(None.)_ |\n| `coverage_flags` | `string` | Extra flags to pass to Codecov | _(None.)_ |\n| `flags` | `string` | Extra flags to append | _(None.)_ |\n| `gradle` | `string` | Gradle version to install \u0026 use | `\"wrapper\"` |\n| `install_jvm` | `boolean` | Setup a regular JVM before build | `true` |\n| `jvm` | `string` | JVM version to install/target | _(See JVM notes below)_ |\n| `jvm_dist` | `string` | JVM distribution to use | `\"adopt-hotspot\"` |\n| `label` | `string` | Label to show for build step | `\"Gradle\"` |\n| `reports` | `boolean` | Whether to upload built reports | `true` |\n| `runner` | `string` | Runner to use for all tasks | _(See runner docs)_ |\n\n\n### Gradle: JVM\n\n- **Description:** Consistently build JVM outputs using Gradle\n- **Workflow:** `.github/workflows/jvm.gradle.yml`\n\n#### Inputs\n\n| Name | Type | Description | Default value |\n|-------------------|-----------|----------------------------------|-------------------------|\n| `action` | `string` | Gradle task(s) to execute | `\"build\"` |\n| `artifact` | `string` | Name of output artifact to use | _(None.)_ |\n| `artifacts` | `boolean` | Upload built artifacts | `false` |\n| `cache_action` | `boolean` | Turn GHA cache on/off | `true` |\n| `cache_local` | `boolean` | Turn local caching on/off | `false` |\n| `cache_read_only` | `boolean` | GHA cache read-only status | `false` |\n| `cache_remote` | `boolean` | Turn remote caching on/off | `true` |\n| `checks` | `boolean` | Run checks and Sonar | `true` |\n| `coverage` | `boolean` | Upload → Codecov after build | `false` |\n| `coverage_report` | `string` | Path to coverage report | _(None.)_ |\n| `coverage_flags` | `string` | Extra flags to pass to Codecov | _(None.)_ |\n| `flags` | `string` | Extra flags to append | _(None.)_ |\n| `gradle` | `string` | Gradle version to install \u0026 use | `\"wrapper\"` |\n| `gvm` | `string` | GraalVM version to use | _(See JVM notes below)_ |\n| `gvm_components` | `string` | GraalVM components to install | `\"native-image,js\"` |\n| `install_gvm` | `boolean` | Setup a distribution of GraalVM | `false` |\n| `install_jvm` | `boolean` | Setup a regular JVM before build | `true` |\n| `jvm` | `string` | JVM version to install/target | _(See JVM notes below)_ |\n| `jvm_dist` | `string` | JVM distribution to use | `\"adopt-hotspot\"` |\n| `label` | `string` | Label to show for build step | `\"Gradle\"` |\n| `provenance` | `boolean` | Stamp for SLSA provenance | `false` |\n| `publish` | `boolean` | Perform a publish after build | `false` |\n| `reports` | `boolean` | Whether to upload built reports | `true` |\n| `runner` | `string` | Runner to use for all tasks | _(See runner docs)_ |\n\n### JVM: Maven\n\n- **Description:** Consistently build JVM outputs using Maven\n- **Workflow:** `.github/workflows/jvm.maven.yml`\n\n#### Inputs\n\nInputs for the Maven workflow are nearly identical to those for the Gradle workflow (listed above):\n\n| Name | Type | Description | Default value |\n|-------------------|-----------|----------------------------------|-------------------------|\n| `action` | `string` | Maven goal(s) to execute | `\"package\"` |\n| `artifact` | `string` | Name of output artifact to use | _(None.)_ |\n| `artifacts` | `boolean` | Upload built artifacts | `false` |\n| `cache_action` | `boolean` | Turn GHA cache on/off | `true` |\n| `cache_local` | `boolean` | Turn local caching on/off | `false` |\n| `cache_read_only` | `boolean` | GHA cache read-only status | `false` |\n| `cache_remote` | `boolean` | Turn remote caching on/off | `true` |\n| `checks` | `boolean` | Run checks and Sonar | `true` |\n| `coverage` | `boolean` | Upload → Codecov after build | `false` |\n| `coverage_report` | `string` | Path to coverage report | _(None.)_ |\n| `coverage_flags` | `string` | Extra flags to pass to Codecov | _(None.)_ |\n| `flags` | `string` | Extra flags to append | _(None.)_ |\n| `gvm` | `string` | GraalVM version to use | _(See JVM notes below)_ |\n| `gvm_components` | `string` | GraalVM components to install | `\"native-image,js\"` |\n| `install_gvm` | `boolean` | Setup a distribution of GraalVM | `false` |\n| `install_jvm` | `boolean` | Setup a regular JVM before build | `true` |\n| `jvm` | `string` | JVM version to install/target | _(See JVM notes below)_ |\n| `jvm_dist` | `string` | JVM distribution to use | `\"adopt-hotspot\"` |\n| `label` | `string` | Label to show for build step | `\"Gradle\"` |\n| `provenance` | `boolean` | Stamp for SLSA provenance | `false` |\n| `publish` | `boolean` | Perform a publish after build | `false` |\n| `reports` | `boolean` | Whether to upload built reports | `true` |\n| `runner` | `string` | Runner to use for all tasks | _(See runner docs)_ |\n\n### Bazel\n\n- **Description:** Run builds with Bazel\n- **Workflow:** `.github/workflows/bazel.yml`\n\n#### Inputs\n\nThere are no required inputs for a Bazel build; the target specification defaults to the value\n`//...`, which builds all targets. The default `command` is `build`. The build is executed with\nBazelisk, which will respect the `.bazelversion` present at the root of your project.\n\n| Name | Type | Description | Default value |\n|------------------|-----------|----------------------------------|-------------------------|\n| `artifact` | `string` | Name of output artifact to use | _(None.)_ |\n| `artifacts` | `boolean` | Upload built artifacts | `false` |\n| `cache_action` | `boolean` | Turn GHA cache on/off | `true` |\n| `command` | `string` | Bazel command to execute | `\"build\"` |\n| `targets` | `string` | Bazel target string | `\"//...\"` |\n| `flags` | `string` | Extra flags to append | _(None.)_ |\n| `gvm` | `string` | GraalVM version to use | _(See JVM notes below)_ |\n| `gvm_components` | `string` | GraalVM components to install | `\"native-image,js\"` |\n| `install_gvm` | `boolean` | Setup a distribution of GraalVM | `false` |\n| `install_jvm` | `boolean` | Setup a regular JVM before build | `true` |\n| `jvm` | `string` | JVM version to install/target | _(See JVM notes below)_ |\n| `jvm_dist` | `string` | JVM distribution to use | `\"adopt-hotspot\"` |\n| `runner` | `string` | Runner to use for all tasks | _(See runner docs)_ |\n\n## Gradle Conventions\n\nThe Gradle conventions provided by this project are generic in nature and can be used in nearly any Gradle 8+ project.\nConventions are applied in a cascading fashion, with relevant plugins being applied first, which then provide strong\nbaseline settings.\n\n**Gradle infra:**\n\n- **[Plugins](./gradle/plugins)** for common build tasks, especially around [JPMS][8]. See the plugins list below.\n- **[Catalogs](./gradle/catalogs)** defining security-hardened library catalogs\n- **[Platforms](./gradle/platforms)** which enforce different profiles of dependency constraints\n\nRead more about the Gradle build infra [here](./gradle). There are [samples](./gradle/samples).\n\n### Plugins\n\n- **[`dev.elide.gha`][9]:** Integrate your Gradle build with GitHub Actions. Enables enhanced logging and reporting\n features, PR integrations, and other features supported by the workflows in this repo.\n\n- **[`dev.elide.jmod`][0]:** Build [`jmod`][1] artifacts in Gradle JVM projects with Java 9+. `jmod` artifacts are\n compatible with [`jlink`][2] and make for great optimized build artifacts in modular projects.\n\n- **[`dev.elide.jpms`][3]:** Toolkit plugin for Gradle builds enabled with modular Java (Java Platform Module System, or\n JPMS). Provides a `modulepath` configuration and modular builds for Java, Kotlin, and GraalVM.\n\n- **[`dev.elide.mrjar`][4]:** Plugin for easily building multi-target MRJAR artifacts. This plugin goes above and beyond\n by building the entire project at each bytecode tier, so that modern Java runtimes can leverage the latest bytecode.\n\n- **[`dev.elide.jlink`][5]:** Plugin for using `jmod` and `jpms` to build optimized, self-contained modular Java apps\n using [`jlink`][2].\n\n- **[`dev.elide.graalvm`][6]:** Plugin for using `jmod` and `jpms` to build optimized, native AOT Java apps using\n [`native-image`][7].\n\n## Contributing\n\nFollow the YAML and action convention within the repository; the multi-workspace expressed here for actions uses the\n[GitHub Actions Toolkit](https://github.com/actions/toolkit) and [`pnpm`](https://pnpm.io/) [workspaces](https://pnpm.io/workspaces).\n\nBuild configurations are validated on each push, and actions are built and tested to the extent possible. Once a PR is merged,\nit is expected to be deployed to private package storage, where update tools can pick it up.\n\n## License\n\nThis repository is shared openly for OSS use. It is licensed as MIT.\n\n[0]: ./gradle/plugins/jmod\n[1]: https://docs.oracle.com/en/java/javase/11/tools/jmod.html\n[2]: https://docs.oracle.com/en/java/javase/11/tools/jlink.html\n[3]: ./gradle/plugins/jpms\n[4]: ./gradle/plugins/mrjar\n[5]: ./gradle/plugins/jlink\n[6]: ./gradle/plugins/graalvm\n[7]: https://www.graalvm.org/latest/reference-manual/native-image/\n[8]: https://www.oracle.com/corporate/features/understanding-java-9-modules.html\n[9]: ./gradle/plugins/gha\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Felide-dev%2Fbuild-infra","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Felide-dev%2Fbuild-infra","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Felide-dev%2Fbuild-infra/lists"}