{"id":13567808,"url":"https://github.com/lukka/get-cmake","last_synced_at":"2026-04-01T16:49:17.133Z","repository":{"id":42639970,"uuid":"252663668","full_name":"lukka/get-cmake","owner":"lukka","description":"Install and Cache latest CMake and Ninja for your workflows on your GitHub","archived":false,"fork":false,"pushed_at":"2026-03-28T07:11:25.000Z","size":5064,"stargazers_count":127,"open_issues_count":2,"forks_count":22,"subscribers_count":2,"default_branch":"main","last_synced_at":"2026-03-28T12:25:42.867Z","etag":null,"topics":["build","cmake","continuous-integration","cplusplus","cpp","github-action","ninja","vcpkg"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/lukka.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null},"funding":{"github":["lukka"]}},"created_at":"2020-04-03T07:38:04.000Z","updated_at":"2026-03-28T07:11:19.000Z","dependencies_parsed_at":"2023-10-11T06:01:17.048Z","dependency_job_id":"e36cd38e-bbd1-4c24-8f55-662ee016ee18","html_url":"https://github.com/lukka/get-cmake","commit_stats":{"total_commits":150,"total_committers":31,"mean_commits":4.838709677419355,"dds":"0.43999999999999995","last_synced_commit":"4a31d20ffd6a0eba4f88fd7e18084255e6c675b3"},"previous_names":[],"tags_count":92,"template":false,"template_full_name":null,"purl":"pkg:github/lukka/get-cmake","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lukka%2Fget-cmake","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lukka%2Fget-cmake/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lukka%2Fget-cmake/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lukka%2Fget-cmake/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/lukka","download_url":"https://codeload.github.com/lukka/get-cmake/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lukka%2Fget-cmake/sbom","scorecard":{"id":604956,"data":{"date":"2025-08-11","repo":{"name":"github.com/lukka/get-cmake","commit":"f3273e0bcecf2f2c0d3430de21bf02ab2752c47d"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.7,"checks":[{"name":"Maintained","score":7,"reason":"7 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 7","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Code-Review","score":0,"reason":"Found 0/5 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/build-test-tmpl.yml:1","Warn: no topLevel permission defined: .github/workflows/build-test.yml:1","Warn: no topLevel permission defined: .github/workflows/functional-tests-tmpl.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Info: Possibly incomplete results: error parsing job operating system: .github/workflows/build-test-tmpl.yml:37","Info: Possibly incomplete results: error parsing job operating system: .github/workflows/build-test-tmpl.yml:38","Info: Possibly incomplete results: error parsing job operating system: .github/workflows/build-test-tmpl.yml:42","Info: Possibly incomplete results: error parsing job operating system: .github/workflows/build-test-tmpl.yml:78","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-test-tmpl.yml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/lukka/get-cmake/build-test-tmpl.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-test-tmpl.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/lukka/get-cmake/build-test-tmpl.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-test-tmpl.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/lukka/get-cmake/build-test-tmpl.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build-test-tmpl.yml:69: update your workflow using https://app.stepsecurity.io/secureworkflow/lukka/get-cmake/build-test-tmpl.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build-test-tmpl.yml:101: update your workflow using https://app.stepsecurity.io/secureworkflow/lukka/get-cmake/build-test-tmpl.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/functional-tests-tmpl.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/lukka/get-cmake/functional-tests-tmpl.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/functional-tests-tmpl.yml:35: update your workflow using https://app.stepsecurity.io/secureworkflow/lukka/get-cmake/functional-tests-tmpl.yml/main?enable=pin","Info:   0 out of   6 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   1 third-party GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE.txt:0","Info: FSF or OSI recognized license: MIT License: LICENSE.txt:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'main'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":8,"reason":"SAST tool is not run on all commits -- score normalized to 8","details":["Warn: 25 commits out of 29 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"10 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-968p-4wvh-cqc8","Warn: Project is vulnerable to: GHSA-h5c3-5r3r-rr8q","Warn: Project is vulnerable to: GHSA-rmvr-2pp2-xj38","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275","Warn: Project is vulnerable to: GHSA-4gmj-3p3h-gm8h","Warn: Project is vulnerable to: GHSA-fjxv-7rqg-78g4","Warn: Project is vulnerable to: GHSA-35jh-r3h4-6jhm","Warn: Project is vulnerable to: GHSA-52f5-9888-hmc6","Warn: Project is vulnerable to: GHSA-cxrh-j4jr-qwg3"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-21T01:21:50.367Z","repository_id":42639970,"created_at":"2025-08-21T01:21:50.367Z","updated_at":"2025-08-21T01:21:50.367Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31280130,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-01T06:57:45.811Z","status":"ssl_error","status_checked_at":"2026-04-01T06:57:42.389Z","response_time":53,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["build","cmake","continuous-integration","cplusplus","cpp","github-action","ninja","vcpkg"],"created_at":"2024-08-01T13:02:44.210Z","updated_at":"2026-04-01T16:49:17.117Z","avatar_url":"https://github.com/lukka.png","language":"TypeScript","readme":"[![Action Status](https://github.com/lukka/get-cmake/workflows/build-test/badge.svg)](https://github.com/lukka/get-cmake/actions)\n\n[![Coverage Status](https://coveralls.io/repos/github/lukka/get-cmake/badge.svg?branch=main)](https://coveralls.io/github/lukka/get-cmake?branch=main)\n\n- [The **get-cmake** action installs as fast as possible your desired versions of CMake and Ninja](#the-get-cmake-action-installs-as-fast-as-possible-your-desired-versions-of-cmake-and-ninja)\n  - [Quickstart](#quickstart)\n    - [If you want to use  **latest stable** you can use this one-liner:](#if-you-want-to-use--latest-stable-you-can-use-this-one-liner)\n    - [If you want to **pin** the workflow to **specific range of versions** of CMake and Ninja:](#if-you-want-to-pin-the-workflow-to-specific-range-of-versions-of-cmake-and-ninja)\n    - [Outputs](#outputs)\n  - [Action reference: all input/output parameters](#action-reference-all-inputoutput-parameters)\n  - [Who is using `get-cmake`](#who-is-using-get-cmake)\n- [Developers information](#developers-information)\n  - [Prerequisites](#prerequisites)\n  - [Build and lint](#build-and-lint)\n  - [Generate the catalog of CMake releases](#generate-the-catalog-of-cmake-releases)\n  - [Packaging](#packaging)\n  - [Testing](#testing)\n  - [Contributing](#contributing)\n- [License](#license)\n\n\u003cbr\u003e\n\n# [The **get-cmake** action installs as fast as possible your desired versions of CMake and Ninja](https://github.com/marketplace/actions/get-cmake)\nThe action restores from local or cloud based cache both CMake and Ninja. If a `cache-miss` occurs, it downloads and caches the tools right away.\n\nWorks for `x64` and `arm64` hosts on Linux, macOS and Windows.\n\nThe desired version can be specified using [semantic versioning ranges](https://docs.npmjs.com/about-semantic-versioning), and also use `install` or `installrc` special tokens to install resp. the [latest stable](./.latest_cmake_version) or [release candidate](./.latestrc_cmake_version).\n\nThere are two kind of caches:\n- The cloud based [GitHub cache](https://www.npmjs.com/package/@actions/cache). Enabled by default, it can be disabled using the input `useCloudCache:false`. \n- The local self-hosted runner cache, stored locally using [tool-cache](https://www.npmjs.com/package/@actions/tool-cache). Disabled by default, it can enabled with the input `useLocalCache:true`. \n\n\nSteps of `get-cmake`:\n  1. If a `cache-hit` occurs (either local or cloud cache), CMake and Ninja are restored from the cache.\n     1. if both local and cloud are enabled, the local cache check goes first.\n  2. If a `cache-miss` occurs, i.e. none of the enabled caches hit:\n     1. the action downloads and installs the desired versions of CMake and Ninja.\n     2. the action stores CMake and Ninja for the enabled caches:\n        1. if enabled, on the [cloud based GitHub cache](https://www.npmjs.com/package/@actions/cache). This is beneficial for the next run of the workflow especially on _GitHub-hosted runners_.\n        2. if enabled, on the local GitHub runner cache. This is beneficial for the next run of the workflow on the same _self-hosted runner_.\n        \n        _Note:_ when there is a `cache-hit`, nothing will be stored in any of the caches.\n  3. Adds to the `PATH` environment variable the binary directories for CMake and Ninja.\n  \n\u003cbr\u003e\n\n## Quickstart\n### If you want to use  **latest stable** you can use this one-liner:\n```yaml\n  # Option 1: using 'latest' branch, the most recent CMake and ninja are installed.\n    - uses: lukka/get-cmake@latest  # \u003c--= Just this one-liner suffices.\n```\nThe local and cloud cache can be enabled or disabled, for example:\n```yaml\n    # Suited for self-hosted GH runners where the local cache wins over the cloud.\n    - uses: lukka/get-cmake@latest  \n      with:\n        useLocalCache: true         # \u003c--= Use the local cache (default is 'false').\n        useCloudCache: false        # \u003c--= Ditch the cloud cache (default is 'true').\n```\nAnd there is a second option:\n```yaml\n  # Option 2: specify 'latest' or 'latestrc' in the input version arguments:\n    - name: Get latest CMake and Ninja\n      uses: lukka/get-cmake@latest\n      with:\n        cmakeVersion: latestrc      # \u003c--= optional, use the latest release candidate (notice the 'rc' suffix).\n        ninjaVersion: latest        # \u003c--= optional, use the latest release (non candidate).\n```\n\n\u003cbr\u003e\n\n### If you want to **pin** the workflow to **specific range of versions** of CMake and Ninja:\n```yaml\n  # Option 1: specify in a input parameter the desired version using ranges.\n  - uses: lukka/get-cmake@latest\n    with:\n      cmakeVersion: \"~3.25.0\"  # \u003c--= optional, use most recent 3.25.x version\n      ninjaVersion: \"^1.11.1\"  # \u003c--= optional, use most recent 1.x version\n\n  # or using a specific version (no range)\n  - uses: lukka/get-cmake@latest\n    with:\n      cmakeVersion: 3.25.2     # \u003c--= optional, stick to exactly 3.25.2 version\n      ninjaVersion: 1.11.1     # \u003c--= optional, stick to exactly 1.11.1 version\n```\nor there is another option:\n```yaml\n  # Option 2: or you can use the Git 'tag' to select the version, and you can have a one-liner statement,\n  # but note that you can only use one of the existing tags, create a PR to add the tag you need!\n  - name: Get specific version CMake, v3.26.0\n    uses: lukka/get-cmake@v3.26.0     # \u003c- this one-liner is all you need.\n```\n\n\u003cbr\u003e\n\n### Outputs\nThe action provides the following outputs that can be used in subsequent steps:\n- `cmake-path`: The path to the installed CMake executable\n- `ninja-path`: The path to the installed Ninja executable\n\nExample usage:\n```yaml\n- name: Get CMake and Ninja\n  uses: lukka/get-cmake@latest\n  id: cmake-and-ninja\n  \n- name: Use CMake and Ninja paths\n  run: |\n    echo \"CMake is at: ${{ steps.cmake-and-ninja.outputs.cmake-path }}\"\n    echo \"Ninja is at: ${{ steps.cmake-and-ninja.outputs.ninja-path }}\"\n```\n\n\u003cbr\u003e\n\n## Action reference: all input/output parameters\nPlease read [action.yml](./action.yml).\n\n\u003cbr\u003e\n\n## Who is using `get-cmake`\n[This graph](https://lukka.github.io/graph/graph.html) shows the list of public repositories with more than 25 stars using `get-cmake`.\n\n\u003cbr\u003e\n\n# Developers information\n\n## Prerequisites\n[gulp 4](https://www.npmjs.com/package/gulp4) globally installed.\n\n\u003cbr\u003e\n\n## Build and lint\nBuild with `tsc` running:\n\n \u003e npm run build\n\nLaunch `lint` by:\n\n \u003e npm run lint\n\n\u003cbr\u003e\n\n## Generate the catalog of CMake releases\nTo generate the catalog of CMake releases, run a special test with this command:\n\n \u003e npm run generate-catalog\n\nThen embed the new catalog by packaging the action.\n\n\u003cbr\u003e\n\n## Packaging\nTo build, lint validate and package the extension (and embed the release catalog) for release purpose, run:\n\n  \u003e npm run pack\n\n\u003cbr\u003e\n\n## Testing\nTo build, pack and run all tests:\n \n \u003e npm run test\n\n To run all tests:\n \n \u003e npx jest\n\n or\n\n \u003e npx jest -- -t \"\u0026lt;regex to match the describe clause\u0026gt;\"\n\n\u003cbr\u003e\n\n## Contributing\nThe software is provided as is, there is no warranty of any kind. All users are encouraged to improve the [source code](https://github.com/lukka/get-cmake) with fixes and new features.\n\n\u003cbr\u003e\n\n## Release Process\nWhen a new CMake or Ninja version is merged to the main branch, a release should be performed to make it available to users via the `@latest` branch reference and version tags.\n\nSee [RELEASE_PROCESS.md](./RELEASE_PROCESS.md) for detailed instructions.\n\n**Quick summary:**\n- **Automated**: The `auto-release.yml` workflow automatically creates releases when CMake version PRs are merged\n- **Manual**: Use the \"Sync latest branch and create release tag\" workflow in GitHub Actions to manually trigger a release\n\n\u003cbr\u003e\n\n# License\nAll the content in this repository is licensed under the [MIT License](LICENSE.txt).\n\nCopyright (c) 2020-2021-2022-2023-2024-2025 Luca Cappa\n\n","funding_links":["https://github.com/sponsors/lukka"],"categories":["TypeScript"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flukka%2Fget-cmake","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flukka%2Fget-cmake","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flukka%2Fget-cmake/lists"}