{"id":22735752,"url":"https://github.com/pivotal-cf/kiln","last_synced_at":"2026-04-02T16:07:14.969Z","repository":{"id":23488331,"uuid":"98226517","full_name":"pivotal-cf/kiln","owner":"pivotal-cf","description":"Kiln helps you maintain product tiles for VMware Tanzu Operations Manager.","archived":false,"fork":false,"pushed_at":"2025-09-23T21:11:31.000Z","size":84433,"stargazers_count":32,"open_issues_count":33,"forks_count":22,"subscribers_count":24,"default_branch":"main","last_synced_at":"2025-09-23T22:22:13.297Z","etag":null,"topics":["development-convenience","opsmanager","pivotal","pivotal-tile","tile","tile-developers","tile-metadata"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/pivotal-cf.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE-OF-CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2017-07-24T19:20:13.000Z","updated_at":"2025-09-23T21:11:35.000Z","dependencies_parsed_at":"2023-09-22T00:21:59.606Z","dependency_job_id":"b29c7559-2b3c-4c36-bc8b-9dda13508f0d","html_url":"https://github.com/pivotal-cf/kiln","commit_stats":null,"previous_names":[],"tags_count":153,"template":false,"template_full_name":null,"purl":"pkg:github/pivotal-cf/kiln","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pivotal-cf%2Fkiln","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pivotal-cf%2Fkiln/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pivotal-cf%2Fkiln/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pivotal-cf%2Fkiln/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pivotal-cf","download_url":"https://codeload.github.com/pivotal-cf/kiln/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pivotal-cf%2Fkiln/sbom","scorecard":{"id":417746,"data":{"date":"2025-08-11","repo":{"name":"github.com/pivotal-cf/kiln","commit":"52eed495237f6e012a7336e725cf8ff342be6e4f"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4.8,"checks":[{"name":"Maintained","score":6,"reason":"8 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 6","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Info: jobLevel 'actions' permission set to 'read': .github/workflows/codeql-analysis.yml:28","Info: jobLevel 'contents' permission set to 'read': .github/workflows/codeql-analysis.yml:29","Warn: no topLevel permission defined: .github/workflows/codeql-analysis.yml:1","Warn: topLevel 'contents' permission set to 'write': .github/workflows/release.yml:10","Warn: no topLevel permission defined: .github/workflows/test.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Code-Review","score":5,"reason":"Found 9/17 approved changesets -- score normalized to 5","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v0.105.0 not signed: https://api.github.com/repos/pivotal-cf/kiln/releases/216853742","Warn: release artifact v0.104.0 not signed: https://api.github.com/repos/pivotal-cf/kiln/releases/216578138","Warn: release artifact v0.103.0 not signed: https://api.github.com/repos/pivotal-cf/kiln/releases/197450879","Warn: release artifact v0.102.0 not signed: https://api.github.com/repos/pivotal-cf/kiln/releases/195205078","Warn: release artifact v0.101.0 not signed: https://api.github.com/repos/pivotal-cf/kiln/releases/193993451","Warn: release artifact v0.105.0 does not have provenance: https://api.github.com/repos/pivotal-cf/kiln/releases/216853742","Warn: release artifact v0.104.0 does not have provenance: https://api.github.com/repos/pivotal-cf/kiln/releases/216578138","Warn: release artifact v0.103.0 does not have provenance: https://api.github.com/repos/pivotal-cf/kiln/releases/197450879","Warn: release artifact v0.102.0 does not have provenance: https://api.github.com/repos/pivotal-cf/kiln/releases/195205078","Warn: release artifact v0.101.0 does not have provenance: https://api.github.com/repos/pivotal-cf/kiln/releases/193993451"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:42: update your workflow using https://app.stepsecurity.io/secureworkflow/pivotal-cf/kiln/codeql-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/pivotal-cf/kiln/codeql-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/pivotal-cf/kiln/codeql-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/codeql-analysis.yml:71: update your workflow using https://app.stepsecurity.io/secureworkflow/pivotal-cf/kiln/codeql-analysis.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/pivotal-cf/kiln/release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/pivotal-cf/kiln/release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/pivotal-cf/kiln/release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/pivotal-cf/kiln/release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:61: update your workflow using https://app.stepsecurity.io/secureworkflow/pivotal-cf/kiln/release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:67: update your workflow using https://app.stepsecurity.io/secureworkflow/pivotal-cf/kiln/release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/pivotal-cf/kiln/test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/pivotal-cf/kiln/test.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/pivotal-cf/kiln/test.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/test.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/pivotal-cf/kiln/test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/pivotal-cf/kiln/test.yml/main?enable=pin","Warn: containerImage not pinned by hash: internal/test/Dockerfile:3","Warn: containerImage not pinned by hash: internal/test/Dockerfile:4","Warn: containerImage not pinned by hash: internal/test/Dockerfile:6","Warn: containerImage not pinned by hash: internal/test/Dockerfile:9: pin your Docker image by updating ruby:3.2.0 to ruby:3.2.0@sha256:98e340a1e5a9a61ee0c30e464a058da093ab8179460ed096a2a763a3abaa6c47","Warn: goCommand not pinned by hash: internal/test/Dockerfile:23","Warn: downloadThenRun not pinned by hash: internal/test/Dockerfile:27","Info:   0 out of  10 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   5 third-party GitHubAction dependencies pinned","Info:   0 out of   4 containerImage dependencies pinned","Info:   1 out of   2 goCommand dependencies pinned","Info:   0 out of   1 downloadThenRun dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/release.yml:13"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Security-Policy","score":10,"reason":"security policy file detected","details":["Info: security policy file detected: github.com/pivotal-cf/.github/SECURITY.md:1","Info: Found linked content: github.com/pivotal-cf/.github/SECURITY.md:1","Info: Found disclosure, vulnerability, and/or timelines in security policy: github.com/pivotal-cf/.github/SECURITY.md:1","Info: Found text in security policy: github.com/pivotal-cf/.github/SECURITY.md:1"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Vulnerabilities","score":0,"reason":"20 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2022-0635","Warn: Project is vulnerable to: GO-2022-0646","Warn: Project is vulnerable to: GO-2025-3754 / GHSA-2x5j-vhc8-9cwm","Warn: Project is vulnerable to: GO-2025-3528 / GHSA-265r-hfxg-fhmg","Warn: Project is vulnerable to: GHSA-jq35-85cj-fj4p","Warn: Project is vulnerable to: GO-2024-2512 / GHSA-xw73-rw38-6vjc","Warn: Project is vulnerable to: GO-2024-3005 / GHSA-v23v-6jw2-98fq","Warn: Project is vulnerable to: GO-2025-3829 / GHSA-4vq8-7jfc-9cvp","Warn: Project is vulnerable to: GO-2025-3367 / GHSA-r9px-m959-cxf4","Warn: Project is vulnerable to: GO-2025-3368 / GHSA-v725-9546-7q7m","Warn: Project is vulnerable to: GO-2024-3321 / GHSA-v778-237x-gjrc","Warn: Project is vulnerable to: GO-2025-3487 / GHSA-hcg3-q754-cr77","Warn: Project is vulnerable to: GO-2024-3333","Warn: Project is vulnerable to: GO-2025-3503 / GHSA-qxp5-gwg8-xv66","Warn: Project is vulnerable to: GO-2025-3595 / GHSA-vvgc-356p-c3xw","Warn: Project is vulnerable to: GO-2025-3488 / GHSA-6v2p-p543-phr9","Warn: Project is vulnerable to: GO-2023-1988 / GHSA-2wrh-6pvc-2jm9","Warn: Project is vulnerable to: GO-2023-2102 / GHSA-4374-p667-p6c8","Warn: Project is vulnerable to: GHSA-qppj-fm5r-hxr3","Warn: Project is vulnerable to: GO-2024-2687 / GHSA-4v7x-pqxf-cx7m"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":-1,"reason":"internal error: internal error: Client.Checks.ListCheckRunsForRef: error during graphqlHandler.setupCheckRuns: non-200 OK status code: 502 Bad Gateway body: \"\u003chtml\u003e\\r\\n\u003chead\u003e\u003ctitle\u003e502 Bad Gateway\u003c/title\u003e\u003c/head\u003e\\r\\n\u003cbody\u003e\\r\\n\u003ccenter\u003e\u003ch1\u003e502 Bad Gateway\u003c/h1\u003e\u003c/center\u003e\\r\\n\u003chr\u003e\u003ccenter\u003enginx\u003c/center\u003e\\r\\n\u003c/body\u003e\\r\\n\u003c/html\u003e\\r\\n\"","details":null,"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-19T00:21:36.669Z","repository_id":23488331,"created_at":"2025-08-19T00:21:36.669Z","updated_at":"2025-08-19T00:21:36.669Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":278877094,"owners_count":26061380,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-07T02:00:06.786Z","response_time":59,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["development-convenience","opsmanager","pivotal","pivotal-tile","tile","tile-developers","tile-metadata"],"created_at":"2024-12-10T21:14:53.841Z","updated_at":"2025-10-08T01:45:26.037Z","avatar_url":"https://github.com/pivotal-cf.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Kiln [![release](https://github.com/pivotal-cf/kiln/actions/workflows/release.yml/badge.svg)](https://github.com/pivotal-cf/kiln/actions/workflows/release.yml) [![Go Reference](https://pkg.go.dev/badge/github.com/pivotal-cf/kiln.svg)](https://pkg.go.dev/github.com/pivotal-cf/kiln/pkg)\n\n_Kiln bakes tiles_\n\nKiln helps tile developers build products for [VMware Tanzu Operations Manager](https://network.tanzu.vmware.com/products/ops-manager/). It provides\nan opinionated folder structure and templating capabilities. It is designed to be used\nboth in CI environments and in command-line to produce a tile.\n\nMore information for those just getting started can be found in the [Ops Manager Tile Developer Guide](https://docs.vmware.com/en/Tile-Developer-Guide/3.0/tile-dev-guide/index.html) .\nLooking at an [example kiln tile](https://github.com/releen/hello-tile/tree/main) may also be helpful\n\n## Installation\n\nTo install the `kiln` CLI\n\n- install with Homebrew\n\n  ```shell\n  brew tap pivotal-cf/kiln https://github.com/pivotal-cf/kiln\n  brew install kiln\n  ```\n\n- download from the [releases page](https://github.com/pivotal-cf/kiln/releases)\n\n  ```shell\n  export KILN_VERSION\n  KILN_VERSION=\"$(curl -H \"Accept: application/vnd.github.v3+json\" 'https://api.github.com/repos/pivotal-cf/kiln/releases?per_page=1' | jq -r '.[0].name')\"\n  curl -L -o kiln \"https://github.com/pivotal-cf/kiln/releases/download/${KILN_VERSION}/kiln-darwin-${KILN_VERSION}\"\n  # check the checksum\n  cp kiln \"$(go env GOPATH)/bin\"\n  kiln version\n  ```\n\n- build from source\n\n  ```shell\n  git clone git@github.com:pivotal-cf/kiln.git\n  cd kiln\n  ./scripts/install.sh\n  ```\n\n- copy from a Docker image (to another image)\n\n  ```shell\n  docker pull pivotalcfreleng/kiln:latest\n  ```\n\n  ```Dockerfile\n  FROM pivotalcfreleng/kiln:latest as kiln\n\n  FROM ubuntu\n  COPY --from=kiln /kiln /usr/bin/kiln\n  CMD /usr/bin/bash\n  ```\n\n## Kilnfile\n\nEach tile must have a Kilnfile and Kilnfile.lock. Both are YAML files. Kiln won't generate them for you.\n\nThe code for parsing the Kilnfile and Kilnfile.lock exists in this package: [`\"github.com/pivotal-cf/kiln/pkg/cargo\"`](https://pkg.go.dev/github.com/pivotal-cf/kiln/pkg/cargo#Kilnfile).\nAlthough the package interface is not yet stable, we have found importing it directly to be useful in CI or one-off scripts.\n\n### The Specification [(source)](https://pkg.go.dev/github.com/pivotal-cf/kiln/pkg/cargo#KilnfileLock)\n\nThis file contains a range of configuration in support of kiln commands.\n\n#### \"slug\"\n\nThis field must be a string.\n\nThis field should be populated with the TanzuNet product slug where this tile is published.\n\nIt is used by kiln publish.\n\n#### \"release_sources\"\n\nThis field must be a list of objects with keys from [`ReleaseSourceConfig`](https://pkg.go.dev/github.com/pivotal-cf/kiln/pkg/cargo#ReleaseSourceConfig).\nAll elements must have a `type` field.\n\nThe values for the `type` (string) field are `\"bosh.io\"`, `\"s3\"`, `\"github\"`, or `\"artifactory\"`\n\nSee `fetch` documentation for more details.\n\n#### \"stemcell_critera\"\n\n#### \"releases\"\n\nEach release you want to add to your tile must have an element in this array.\nThe \"name\" field with the BOSH Release Name as the value must be set here.\nThe BOSH Release Name must be identical to the name of the release.\n\nYou must set a **\"name\"** field with the BOSH Release Name as the value must be set here.\nThe BOSH Release Name must be identical to the name of the release.\n\nYou may set a **\"version\"** field. The value must match the [constraints specification](https://github.com/Masterminds/semver?tab=readme-ov-file#checking-version-constraints) for this library.\n\nYou may set a **\"github_repository\"** field. This should be where the BOSH Release source is maintained. It is used for generating Release Notes for your tile.\n\n#### \"bake_configurations\"\n\nYou may add a list of `kiln bake` flags in the Kilnfile to keep a record of how your tile was baked and to keep CI scripts simpler.\n\nIf you set add more than one element to the bake_configurations list, you need to select one by adding a `kiln bake --variables=tile_name=big-footprint-topology` flag corresponding to a bake configuration with a `- tile_name: big-footprint-topology` element\n\nThese are the mappings from bake flag to each field in a bake_configurations element:\n\n| bake_configurations element field      | bake flag                      | documentation                                                                         |\n| -------------------------------------- | ------------------------------ | ------------------------------------------------------------------------------------- |\n| `\"tile_name\"`                          | `--variables=tile_name=`       | This field is used when selecting a configuration from a list of bake_configurations. |\n| `\"metadata_filepath\"`                  | `--metadata=`                  | This should be the path to the product template entrypoint. Usually called `base.yml` |\n| `\"icon_filepath\"`                      | `--icon=`                      | This may be a path to a png file.                                                     |\n| `\"forms_directories\"`                  | `--forms-directory=`           | This may be a list of directories.                                                    |\n| `\"instance_groups_directories\"`        | `--instance-groups-directory=` | This may be a list of directories.                                                    |\n| `\"jobs_directories\"`                   | `--jobs-directory=`            | This may be a list of directories.                                                    |\n| `\"migrations_directories\"`             | `--migrations-directory=`      | This may be a list of directories.                                                    |\n| `\"properties_directories\"`             | `--properties-directory=`      | This may be a list of directories.                                                    |\n| `\"runtime_configurations_directories\"` | `--runtime-configs-directory=` | This may be a list of directories.                                                    |\n| `\"bosh_variables_directories\"`         | `--bosh-variables-directory=`  | This may be a list of directories.                                                    |\n| `\"embed_files\"`                        | `--embed=`                     | This may be a list of filepaths.                                                      |\n| `\"variable_files\"`                     | `--variables-file=`            | This may be a list of filepaths.                                                      |\n\n### The Lock File [(source)](https://pkg.go.dev/github.com/pivotal-cf/kiln/pkg/cargo#Kilnfile)\n\nThis file specifies the exact BOSH Release tarballs to package in a tile.\n\n#### `releases`\n\nThis is an array of [BOSH Release locks](https://pkg.go.dev/github.com/pivotal-cf/kiln/pkg/cargo#BOSHReleaseTarballLock).\nElements will be modified by running `kiln update-release`.\nEach element in the releases array in the Kilnfile will have a corresponding element in the Kilnfile.lock releases array.\n\nThe release name, release version, sha1 checksum, remote_source, remote_path are fields on each element.\n\n## Subcommands\n\n### `help`\n\n```\nUsage: kiln [options] \u003ccommand\u003e [\u003cargs\u003e]\n  --help, -h     bool  prints this usage information (default: false)\n  --version, -v  bool  prints the kiln release version (default: false)\n\nCommands:\n  bake                     bakes a tile\n  fetch                    fetches releases\n  find-release-version     prints a json string of a remote release satisfying the Kilnfile version and stemcell constraints\n  find-stemcell-version    prints the latest stemcell version from Pivnet using the stemcell type listed in the Kilnfile\n  help                     prints this usage information\n  re-bake                  re-bake constructs a tile from a bake record\n  release-notes            generates release notes from bosh-release release notes\n  sync-with-local          update the Kilnfile.lock based on local releases\n  test                     Test manifest for a product\n  update-release           bumps a release to a new version\n  update-stemcell          updates stemcell and release information in Kilnfile.lock\n  validate                 validate Kilnfile and Kilnfile.lock\n  version                  prints the kiln release version\n```\n\n### `bake`\n\nIt takes release and stemcell tarballs, metadata YAML, and JavaScript migrations\nas inputs and produces an OpsMan-compatible tile as its output.\n\nThe produce a tile, you simply need to be within a tile directory and execute the following command:\n\n```\n$ kiln bake\n```\n\nThis will ensure that you have the necessary releases by first calling `kiln fetch`.\n\nRefer to the [example-tile](example-tile) for a complete example showing the\ndifferent features kiln supports.\n\n\u003cdetails\u003e\n  \u003csummary\u003eAdditional bake options\u003c/summary\u003e\n\n##### `--allow-only-publishable-releases`\n\nThe `--allow-only-publishable-releases` flag should be used for development only\nand allows additional releases other than those specified in the kilnfile.lock to\nbe included in the tile\n\n##### `--bosh-variables-directory`\n\nThe `--bosh-variables-directory` flag can be used to include CredHub variable\ndeclarations. You should prefer the use of variables rather than Ops Manager\nsecrets. Each `.yml` file in the directory should define a top-level `variables`\nkey.\n\nThis flag can be specified multiple times if you have organized your\nvariables into subdirectories for development convenience.\n\nExample [variables](example-tile/bosh_variables) directory.\n\n##### `--download-threads`\n\nThe `--download-threads` flag is for those using S3 as a BOSH release source.\nThis flag sets the number of parallel threads to download parts from S3\n\n##### `--embed`\n\nThe `--embed` flag is for embedding any extra files or directories into the\ntile. There are very few reasons a tile developer should want to do this, but if\nyou do, you can include these extra files here. The flag can be specified\nmultiple times to embed multiple files or directories.\n\n##### `--final`\n\nThe `--final` flag is to bake a final release tile. When passing the --final flag,\nKiln creates a baked record file with metadata like source revision SHA, tile version, kiln version and\nfile checksums. This bake record file will be created under bake_records folder. This\nbake record file can later be used to re-bake the tile.\n\n##### `--forms-directory`\n\nThe `--forms-directory` flag takes a path to a directory that contains one\nor more forms. The flag can be specified more than once.\n\nTo reference a form file in the directory you can use the `form`\ntemplate helper:\n\n```\n$ cat /path/to/metadata\n---\nform_types:\n- $( form \"first\" )\n```\n\nExample [forms](example-tile/forms) directory.\n\n##### `--icon`\n\nThe `--icon` flag takes a path to an icon file.\n\nTo include the base64'd representation of the icon you can use the `icon`\ntemplate helper:\n\n```\n$ cat /path/to/metadata\n---\nicon_image: $( icon )\n```\n\n##### `--instance-groups-directory`\n\nThe `--instance-groups-directory` flag takes a path to a directory that contains one\nor more instance groups. The flag can be specified more than once.\n\nTo reference an instance group in the directory you can use the `instance_group`\ntemplate helper:\n\n```\n$ cat /path/to/metadata\n---\njob_types:\n- $( instance_group \"my-instance-group\" )\n```\n\nExample [instance-groups](example-tile/instance_groups) directory.\n\n##### `--jobs-directory`\n\nThe `--jobs-directory` flag takes a path to a directory that contains one\nor more jobs. The flag can be specified more than once.\n\nTo reference a job file in the directory you can use the `job`\ntemplate helper:\n\n```\n$ cat /path/to/instance-group\n---\ntemplates:\n- $( job \"my-job\" )\n- $( job \"my-aliased-job\" )\n- $( job \"my-errand\" )\n```\n\nExample [jobs](example-tile/jobs) directory.\n\nYou may find that you want to define different job files for the same BOSH job\nwith different properties. To do this you add an `alias` key to the job which\nwill be used in preference to the job name when resolving job references:\n\n```\n$ cat /path/to/my-aliased-job\n---\nname: my-job\nalias: my-aliased-job\n```\n\n##### `--kilnfile`\n\nThe `--kilnfile` flag is required with kiln version v0.84.0 and later\nThe flag expects filepath to a Kilnfile (default: Kilnfile). This\nfile contain links to all the bosh sources used to build a tile\n\nSee the [Kilnfile](#kilnfile) section for more information on Kilnfile formatting\n\nTile authors will also need to include a Kilnfile.lock in the same directory\nas the Kilnfile.\n\nSee the [Kilnfile.lock](#kilnfile-lock) section for more information on Kilnfile.lock formatting\n\n##### `--metadata`\n\nSpecify a file path to a tile metadata file for the `--metadata` flag. This\nmetadata file will contain the contents of your tile configuration as specified\nin the OpsManager tile development documentation.\n\n##### `--metadata-only`\n\nThe `--metadata-only` flag outputs the generated metadata to stdout.\nThis flag cannot be used with `--output-file`.\n\n##### `--migrations-directory`\n\nIf your tile has JavaScript migrations, then you will need to include the\n`--migrations-directory` flag. This flag can be specified multiple times if you\nhave organized your migrations into subdirectories for development convenience.\n\n##### `--no-confirm`\n\nThe `no-confirm` flag will delete extra releases in releases directory without prompting.\nThis flag defaults to `true`\n\n##### `--output-file`\n\nThe `--output-file` flag takes a path to the location on the filesystem where\nyour tile will be created. The flag expects a full file name like\n`tiles/my-tile-1.2.3-build.4.pivotal`.\n\nCannot be used with `--metadata-only`.\n\n##### `--properties-directory`\n\nThe `--properties-directory` flag takes a path to a directory that contains one\nor more blueprint property files. The flag can be specified more than once.\n\nTo reference a properties file in the directory you can use the `property`\ntemplate helper:\n\n```\n$ cat /path/to/metadata\n---\nproperty_blueprints:\n- $( property \"rep_password\" )\n```\n\nExample [properties](example-tile/properties) directory.\n\n##### `--releases-directory`\n\nThe `--releases-directory` flag takes a path to a directory that contains one or\nmany release tarballs. The flag can be specified more than once. This is\nuseful if you consume bosh releases as Concourse resources. Each release will\nlikely show up in the task as a separate directory. For example:\n\n```\n$ tree /path/to/releases\n|-- first\n|   |-- cflinuxfs2-release-1.166.0.tgz\n|   `-- consul-release-190.tgz\n`-- second\n    `-- nats-release-22.tgz\n```\n\nTo reference a release you can use the `release` template helper:\n\n```\n$ cat /path/to/metadata\n---\nreleases:\n- $( release \"cflinuxfs2\" )\n- $( release \"consul\" )\n- $( release \"nats\" )\n```\n\nExample kiln command line:\n\n```\n$ kiln bake \\\n    --version 2.0.0 \\\n    --metadata /path/to/metadata.yml \\\n    --releases-directory /path/to/releases/first \\\n    --releases-directory /path/to/releases/second \\\n    --stemcells-directory /path/to/stemcells/first \\\n    --stemcells-directory /path/to/stemcells/second \\\n    --output-file /path/to/cf-2.0.0-build.4.pivotal\n```\n\n##### `--runtime-configs-directory`\n\nThe `--runtime-configs-directory` flag takes a path to a directory that\ncontains one or more runtime config files. The flag can be specified\nmore than once.\n\nTo reference a runtime config in the directory you can use the `runtime_config`\ntemplate helper:\n\n```\n$ cat /path/to/metadata\n---\nruntime_configs:\n- $( runtime_config \"first-runtime-config\" )\n```\n\nExample [runtime-configs](example-tile/runtime_configs) directory.\n\n##### `--sha256`\n\nThe `--sha256` flag calculates the sha256 checksum of the output file\n\n##### `--skip-fetch-directories`\n\nThe `--skip-fetch-directories` skips the automatic release fetching of\nthe specified release directories\n\n##### `--stemcell-tarball` (Deprecated)\n\n_Warning: `--stemcell-tarball` will be removed in a future version of kiln.\nUse `--stemcells-directory` in the future._\n\nThe `--stemcell-tarball` flag takes a path to a stemcell.\n\nTo include information about the stemcell in your metadata you can use the\n`stemcell` template helper:\n\n```\n$ cat /path/to/metadata\n---\nstemcell_criteria: $( stemcell )\n```\n\n##### `--stemcells-directory`\n\nThe `--stemcells-directory` flag takes a path to a directory containing one\nor more stemcells.\n\nTo include information about the stemcell in your metadata you can use the\n`stemcell` template helper. It takes a single argument that specifies which\nstemcell os.\n\nThe `stemcell` helper does not support multiple versions of the same operating\nsystem currently.\n\n```\n$ cat /path/to/metadata\n---\nstemcell_criteria: $( stemcell \"ubuntu-xenial\" )\nadditional_stemcells_criteria:\n- $( stemcell \"windows\" )\n```\n\n##### `--stub-releases`\n\nFor tile developers looking to get some quick feedback about their tile\nmetadata, the `--stub-releases` flag will skip including the release tarballs\ninto the built tile output. This should result in a much smaller file that\nshould upload much more quickly to OpsManager.\n\n##### `--variable`\n\nThe `--variable` flag takes a `key=value` argument that allows you to specify\narbitrary variables for use in your metadata. The flag can be specified\nmore than once.\n\nTo reference a variable you can use the `variable` template helper:\n\n```\n$ cat /path/to/metadata\n---\n$( variable \"some-variable\" )\n```\n\n##### `--variables-file`\n\nThe `--variables-file` flag takes a path to a YAML file that contains arbitrary\nvariables for use in your metadata. The flag can be specified more than once.\n\nTo reference a variable you can use the `variable` template helper:\n\n```\n$ cat /path/to/metadata\n---\n$( variable \"some-variable\" )\n```\n\nExample [variables file](example-tile/variables.yml).\n\n##### `--version`\n\nThe `--version` flag takes the version number you want your tile to become.\n\nTo reference the version you use the `version` template helper:\n\n```\n$ cat /path/to/metadata\n---\nproduct_version: $( version )\nprovides_product_versions:\n- name: example\n  version: $( version )\n```\n\n\u003c/details\u003e\n\n### `re-bake`\n\nIt constructs a tile from a given bake record file.\n\nTo run the command, you simply need to be within a tile directory and execute the following command:\n\n```\n$ kiln re-bake --output-file tile.pivotal bake_records/1.0.0.json\n```\n\nAny variables that Kilnfile needs for the kiln re-bake command should be set in\n~/.kiln/credentials.yml file\n\n### `test`\n\nThe `test` command exercises to ginkgo tests under the `/\u003ctile\u003e/test/manifest` and `/\u003ctile\u003e/migrations` paths of the `pivotal/tas` repos (where `\u003ctile\u003e` is tas, ist, or tasw).\n\nRunning these tests requires a docker daemon. It also requires the user to\nprovide Artifactory credentials via the ARTIFACTORY_USERNAME and\nARTIFACTORY_PASSWORD environment variables to allow the ops-manifest gem to\nbe installed. The credentials must have access to the `tas-rel-eng-gem-dev-local`\nrepository within Broadcom's Artifactory.\n\nIf you run into this docker error `could not execute \"test\": failed to connect to Docker daemon: Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running`,\nthen create a symlink `sudo ln -s ~/.docker/run/docker.sock /var/run/docker.sock`\n\nHere are command line examples:\n\n```\n$ cd ~/workspace/tas/ist\n$ kiln test -e ARTIFACTORY_USERNAME=myuser -e ARTIFACTORY_PASSWORD=secretpassword\n```\n\n```\ncd ~\n$ kiln test --verbose -tp ~/workspace/tas/ist --ginkgo-manifest-flags \"-p -nodes 8 -v\"\n```\n\n\u003cdetails\u003e\n  \u003csummary\u003eAdditional test options\u003c/summary\u003e\n\n##### `--ginkgo-manifest-flags`\n\nThe `--ginkgo-manifest-flags` flag can be used to pass through Ginkgo test flags. The defaults being passed through are `-r -p -slowSpecThreshold 15`. Pass `help` as a flag to retrieve the available options for the embeded version of ginkgo.\n\n#### `--manifest-only`\n\nThe `--manifest-only` flag can be used to run only Manifest tests. If not passed, `kiln test` will run both Manifest and Migration tests by default.\n\n#### `--migrations-only`\n\nThe `--migrations-only` flag can be used to run only Migration tests. If not passed, `kiln test` will run both Manifest and Migration tests by default.\n\n##### `--tile-path`\n\nThe `--tile-path` (`-tp`) flag can be set the path the directory you wish to test. It defaults to the current working directory. For example\n\n```\n$ kiln test -tp ~/workspace/tas/ist\n```\n\n##### `--verbose`\n\nThe `--verbose` (`-v`) flag will log additional debugging info.\n\n\u003c/details\u003e\n\n### `fetch`\n\nThe `fetch` command downloads bosh release tarballs specified in the Kilnfile and\nKilnfile.lock files to a local directory specified by the `--releases-directory` flag.\n\nKiln verifies that the checksum (SHA1) of the downloaded release matches\nchecksum specified for the release in the Kilnfile.lock file. If the checksums do\nnot match, then the releases that don't match will be deleted from disk. _Since\nBOSH releases from different directors with the same packages result in complied\nreleases with different hashes this may result in some problems where if you\ndownload a release that was compiled with a different director those releases\nwill be deleted._\n\nKiln will not download releases if an existing release exists with the correct\nrelease version and checksum.\n\n\u003ca id=\"kilnfile\"\u003e\u003c/a\u003e\n\n## Kilnfile\n\nA Kilnfile contains information about the bosh releases and stemcell used by\na particular tile\n\nExample Kilnfile:\n\n```yaml\n---\nslug: some-slug #optional but if included should match network.pivotal.io\nrelease_sources:\n  - type: bosh.io\n    releases:\n  - name: bpm\n    version: \"*\"\nstemcell_criteria:\n  os: ubuntu-xenial\n  version: \"~621\"\n```\n\n#### Supported release sources\n\n##### Bosh.io\n\n```yaml\nrelease_sources:\n  - type: bosh.io\n```\n\n##### s3\n\n```yaml\nrelease_sources:\n  - type: s3\n    id: unique-name\n    publishable: true # if this bucket contains releases that are suitable to ship to customers\n    bucket: some-bucket-in-s3\n    region: us-east-1 # must be the region of the above bucket\n    access_key_id: $(variable \"s3_access_key_id\") # Must have at least read permissions to bucket\n    secret_access_key: $(variable \"s3_secret_access_key\")\n    path_template: bosh-releases/compiled/{{.Name}}-{{.Version}}-{{.StemcellOS}}-{{.StemcellVersion}}.tgz # See Templating\n```\n\n##### github\n\n```yaml\n- type: github\n  id: optional-unique-name-defaults-to-github-org-name\n  org: the-github-org\n  endpoint: $(variable \"github_host\")\n  github_token: $(variable \"github_token\")\n```\n\n##### artifactory\n\n```yaml\n- type: artifactory\n  id: unique-name\n  artifactory_host: https://build-artifactory.your-artifactory-url.com\n  repo: some-artifactory-repo\n  publishable: true # if this repo contains releases that are suitable to ship to customers\n  username: $(variable \"artifactory_username\")\n  password: $(variable \"artifactory_password\")\n  path_template: shared-releases/{{.Name}}-{{.Version}}-{{.StemcellOS}}-{{.StemcellVersion}}.tgz # See Templating\n```\n\n\u003ca id=\"kilnfile-templating\"\u003e\u003c/a\u003e\n\n### Templating\n\n#### Options\n\nKilnfile files support the following templating options:\n\n- `{{.Name}}` for release name\n- `{{.Version}}` for release version\n- `{{.StemcellOS}}` for stemcell OS\n- `{{.StemcellVersion}}` for stemcell version\n\n- There's also access to a `trimSuffix` helper (e.g. `{{trimSuffix .Name \"-release\"}}`)\n\n#### Functions\n\n##### `select`\n\nThe `select` function allows you to pluck values for nested fields from a\ntemplate helper.\n\nFor instance, this section in our example tile:\n\n```yaml\nmy_release_version: $( release \"my-release\" | select \"version\" )\n```\n\nResults in:\n\n```yaml\nmy_release_version: 1.2.3\n```\n\n#### Variable Interpolation\n\n```yaml\nrelease_sources:\n  - type: s3\n    compiled: true\n    bucket: compiled-releases\n    region: us-west-1\n    access_key_id: $(variable \"aws_access_key_id\")\n    secret_access_key: $(variable \"aws_secret_access_key\")\n    path_template: 2.6/{{trimSuffix .Name \"-release\"}}/{{.Name}}-{{.Version}}-{{.StemcellOS}}-{{.StemcellVersion}}.tgz\n```\n\n_Credentials like S3 keys are not stored in git repos. To support separating\nthat information from non-sensitive configuration, you can reference variables\nlike you do in tile config._\n\n```yaml\n---\naws_access_key_id: SOME_REALLY_SECRET_ID\naws_secret_access_key: SOME_REALLY_SECRET_KEY\n```\n\nInterpolating this file in kiln would look something like this.\n\n1. Get your credentials from Lastpass by running: `lpass show --notes 'pas-releng-fetch-releases' \u003e vars.yml`\n\n```bash\nkiln bake --kilnfile random-Kilnfile --variables-file vars.yml\n```\n\n\u003ca id=\"kilnfile-lock\"\u003e\u003c/a\u003e\n\n### Kilnfile.lock\n\nThe Kilnfile.lock file name is expected to be a file in the same directory as the\nKilnfile with `lock` as as the filename extension.\n\nThis file contains the full list of specific versions of all releases, shas, and sources for\nbosh releases that will go into the tile as well as the target stemcell.\n\nThe file has two top level members `releases` and `stemcell_criteria`.\n\nThe `releases` member is an array of members with each element having the following members.\n\n- `name`: bosh release name\n- `sha1`: checksum of the tarball\n- `version`: semantic version of the release\n- `remote_source`: the resource-type for bosh.io or the id for the other types\n- `remote_path`: the path that where the bosh release is stored\n\nThe `stemcell_criteria ` member is defines the stemcell used to generate the tile\n\n- `os`: the stemcell os used (e.g. ubuntu-xenial)\n- `version`: semantic version of the stemcell\n\nExample Kilnfile.lock :\n\n```yaml\nreleases:\n  - name: bpm\n    sha1: 86675f90d66f7018c57f4ae0312f1b3834dd58c9\n    version: 1.1.18\n    remote_source: bosh.io\n    remote_path: https://bosh.io/d/github.com/cloudfoundry/bpm-release?v=1.1.18\n  - name: backup-and-restore-sdk\n    sha1: 0f48faa2f85297043e5201e2200567c2fe5a9f9a\n    version: 1.18.84\n    remote_source: unique-name # this could be artifactory or s3\n    remote_path: bosh-releases/compiled/backup-and-restore-sdk-1.18.84-ubuntu-jammy-1.179.tgz\n  - name: hello-release\n    sha1: d7de88ab98d7d61d0a4e660c8fff76727817c059\n    version: 0.4.0\n    remote_source: the-github-org\n    remote_path: https://github.com/releen/hello-release/releases/download/0.4.0/hello-release-0.4.0.tgz\nstemcell_criteria:\n  os: ubuntu-xenial\n  version: \"621.0\"\n```\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpivotal-cf%2Fkiln","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpivotal-cf%2Fkiln","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpivotal-cf%2Fkiln/lists"}