{"id":13532168,"url":"https://github.com/simplesurance/baur","last_synced_at":"2026-01-17T23:34:15.761Z","repository":{"id":33676341,"uuid":"130031126","full_name":"simplesurance/baur","owner":"simplesurance","description":"An incremental task runner for mono repositories.","archived":false,"fork":false,"pushed_at":"2026-01-16T08:23:04.000Z","size":23127,"stargazers_count":376,"open_issues_count":27,"forks_count":14,"subscribers_count":9,"default_branch":"main","last_synced_at":"2026-01-16T22:50:37.590Z","etag":null,"topics":["baur","build","ci","golang","monorepo"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/simplesurance.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2018-04-18T08:37:07.000Z","updated_at":"2026-01-16T08:19:43.000Z","dependencies_parsed_at":"2026-01-06T04:02:21.465Z","dependency_job_id":null,"html_url":"https://github.com/simplesurance/baur","commit_stats":{"total_commits":975,"total_committers":15,"mean_commits":65.0,"dds":0.0379487179487179,"last_synced_commit":"e06f66e6ea886973a53b816848f0b94c2eb53176"},"previous_names":[],"tags_count":63,"template":false,"template_full_name":null,"purl":"pkg:github/simplesurance/baur","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/simplesurance%2Fbaur","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/simplesurance%2Fbaur/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/simplesurance%2Fbaur/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/simplesurance%2Fbaur/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/simplesurance","download_url":"https://codeload.github.com/simplesurance/baur/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/simplesurance%2Fbaur/sbom","scorecard":{"id":32935,"data":{"date":"2025-08-04","repo":{"name":"github.com/simplesurance/baur","commit":"85481ef2c3c4a04bed40972f4023f788362757f4"},"scorecard":{"version":"v5.2.1-28-gc1d103a9","commit":"c1d103a9bb9f635ec7260bf9aa0699466fa4be0e"},"score":6.2,"checks":[{"name":"Maintained","score":10,"reason":"12 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#maintained"}},{"name":"Code-Review","score":5,"reason":"Found 5/9 approved changesets -- score normalized to 5","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#code-review"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#dangerous-workflow"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#cii-best-practices"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#packaging"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/build.yml:1","Info: topLevel 'contents' permission set to 'read': .github/workflows/golangcilint.yml:11","Info: topLevel 'pull-requests' permission set to 'read': .github/workflows/golangcilint.yml:12","Warn: topLevel 'checks' permission set to 'write': .github/workflows/golangcilint.yml:13","Warn: no topLevel permission defined: .github/workflows/test.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#token-permissions"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#security-policy"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: GNU General Public License v2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#fuzzing"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#branch-protection"}},{"name":"Signed-Releases","score":8,"reason":"5 out of the last 5 releases have a total of 5 signed artifacts.","details":["Info: signed release artifact: baur_5.2.0_SHA256SUMS.sig: https://github.com/simplesurance/baur/releases/tag/v5.2.0","Info: signed release artifact: baur_5.1.1_SHA256SUMS.sig: https://github.com/simplesurance/baur/releases/tag/v5.1.1","Info: signed release artifact: baur_5.1.0_SHA256SUMS.sig: https://github.com/simplesurance/baur/releases/tag/v5.1.0","Info: signed release artifact: baur_5.0.0_SHA256SUMS.sig: https://github.com/simplesurance/baur/releases/tag/v5.0.0","Info: signed release artifact: baur_4.0.0_SHA256SUMS.sig: https://github.com/simplesurance/baur/releases/tag/v4.0.0","Warn: release artifact v5.2.0 does not have provenance: https://api.github.com/repos/simplesurance/baur/releases/232199602","Warn: release artifact v5.1.1 does not have provenance: https://api.github.com/repos/simplesurance/baur/releases/199898653","Warn: release artifact v5.1.0 does not have provenance: https://api.github.com/repos/simplesurance/baur/releases/184906518","Warn: release artifact v5.0.0 does not have provenance: https://api.github.com/repos/simplesurance/baur/releases/165492951","Warn: release artifact v4.0.0 does not have provenance: https://api.github.com/repos/simplesurance/baur/releases/161102779"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#signed-releases"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:15: update your workflow using https://app.stepsecurity.io/secureworkflow/simplesurance/baur/build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/simplesurance/baur/build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/simplesurance/baur/build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golangcilint.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/simplesurance/baur/golangcilint.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/golangcilint.yml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/simplesurance/baur/golangcilint.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/golangcilint.yml:25: update your workflow using https://app.stepsecurity.io/secureworkflow/simplesurance/baur/golangcilint.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:30: update your workflow using https://app.stepsecurity.io/secureworkflow/simplesurance/baur/test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/simplesurance/baur/test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:39: update your workflow using https://app.stepsecurity.io/secureworkflow/simplesurance/baur/test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:86: update your workflow using https://app.stepsecurity.io/secureworkflow/simplesurance/baur/test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:90: update your workflow using https://app.stepsecurity.io/secureworkflow/simplesurance/baur/test.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:95: update your workflow using https://app.stepsecurity.io/secureworkflow/simplesurance/baur/test.yml/main?enable=pin","Warn: goCommand not pinned by hash: vendor/github.com/pelletier/go-toml/benchmark.sh:10","Info:   0 out of  11 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   1 third-party GitHubAction dependencies pinned","Info:   0 out of   1 goCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#pinned-dependencies"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#vulnerabilities"}},{"name":"SAST","score":10,"reason":"SAST tool is run on all commits","details":["Info: all commits (28) are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/c1d103a9bb9f635ec7260bf9aa0699466fa4be0e/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-14T19:36:19.128Z","repository_id":33676341,"created_at":"2025-08-14T19:36:19.128Z","updated_at":"2025-08-14T19:36:19.128Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28522309,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-17T22:11:28.393Z","status":"ssl_error","status_checked_at":"2026-01-17T22:11:27.841Z","response_time":85,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["baur","build","ci","golang","monorepo"],"created_at":"2024-08-01T07:01:08.711Z","updated_at":"2026-01-17T23:34:15.756Z","avatar_url":"https://github.com/simplesurance.png","language":"Go","funding_links":[],"categories":["构建系统和依赖性管理工具","Go"],"sub_categories":[],"readme":"# baur [![Go Report Card](https://goreportcard.com/badge/github.com/simplesurance/baur)](https://goreportcard.com/report/github.com/simplesurance/baur)\n\n\u003cimg src=\"https://github.com/simplesurance/baur/wiki/media/baur.png\" width=\"256\" height=\"256\"\u003e\n\n## About\n\nbaur is an incremental task runner for [monolithic Git\nrepositories](https://en.wikipedia.org/wiki/Monorepo). \\\nIt can only run tasks if no previous execution with identical\nuser-defined inputs (e.g. source files) exists.\n\nIt can be used in CI environments to build, check and test only applications\nthat are affected by changes.\n\nTask outputs like build artifacts can be stored locally and remote.\\\nInformation about task executions are stored in PostgreSQL and can be queried. \n\nPractical usage examples of baur can be found in the [example\nrepository](https://github.com/simplesurance/baur-example).\n\n\u003ca href=\"https://asciinema.org/a/410274?rows=45\" target=\"_blank\"\u003e\u003cimg src=\"https://asciinema.org/a/410274.svg\" height=\"250\"/\u003e\u003c/a\u003e\n\n### How it works\n\nTask are defined per application in [TOML](https://github.com/toml-lang/toml)\nconfiguration files.\\\nDefinitions can be shared between applications by defining them in include\nfiles. \\\nEach task specifies:\n\n- A command to execute,\n- Inputs that determine if a task needs to be run:\n  - Files\n  - Environment variables\n  - Golang source files, (imported packages are automatically recursively\n    resolved to files)\n  - Results from other task runs\n- Optionally outputs and their upload destinations: \n  - Files (upload to S3 or copy in local filesystem),\n  - Docker Images\n\nbaur calculates a digest of all task inputs and stores it for successful runs in\nthe database.\nOn following runs, baur only runs tasks for which no run with the same digest\nexist. \\\nA set of references of successful task runs can be stored together with custom\ndata (e.g. a changelog) in the database as release and queried.\n\n## Quickstart\n\n### Installation\n\n#### From a Release\n\nThe recommended way is to download the latest released version from the [release\npage](https://github.com/simplesurance/baur/releases). \\\nOfficial releases are provided for Linux, macOS and Windows.\n\nAfter downloading the release archive, extract the `baur` binary\n(`tar xJf baur-OS_ARCH-VERSION.tar.xz`) and move it to your preferred location.\n\n#### From Source\n\nYou can build and install the latest version from the main branch by running:\n\n```sh\ngo install github.com/simplesurance/baur/v5/...@main\n```\n\n### Setup\n\nbaur uses a PostgreSQL database to record information about past task runs. The\nquickest way to setup a PostgreSQL for local testing is with docker:\n\n```sh\ndocker run -p 127.0.0.1:5432:5432 -e POSTGRES_DB=baur -e POSTGRES_HOST_AUTH_METHOD=trust postgres:latest\n```\n\nAfterwards you create your baur repository configuration file.\nIn the root directory of your Git repository run:\n\n```sh\nbaur init repo\n```\n\nThe command will print instructions how to initialize your database and create\nyour first application configuration file.\n\n### First Steps\n\nTo show information about the available commands run:\n\n```sh\nbaur --help\n```\n\nSome commands to start with are:\n\n| command                               | action                                                                                               |\n|:--------------------------------------|------------------------------------------------------------------------------------------------------|\n| `baur status`                         | List task in the repository with their build status                                                  |\n| `baur run`                            | Run all tasks of all applications with pending builds, upload their artifacts and records the result |\n| `baur ls runs all`                    | List recorded tasks                                                                                  |\n| `baur show currency-service`          | Show information about an application called *currency-service*                                      |\n| `baur ls inputs --digests shop.build` | List inputs with their digests of the *build* task of an application called *shop*                   |\n| `baur run --help`                     | Show the usage information for the *run* command.                                                    |\n\n## Documentation\n\nDocumentation is available in the [wiki](https://github.com/simplesurance/baur/wiki).\n\n## Upgrading from older baur Versions\n\nSee [Upgrade Instructions in the wiki](https://github.com/simplesurance/baur/wiki#upgrade-guide)\n\n## Versioning\n\nbaur follows [Semantic Versioning](https://semver.org/) for its command line\ninterface, configuration file format and database schema. \\\nThe APIs of the Go packages are **excluded** from the semantic versioning policy.\nTheir APIs may change at any time in a backward incompatible manner.\n\n## Contributing\n\nWe are happy to receive Pull Requests for baur. \\\nIf you like to contribute a non-trivial change, it is recommended to outline the\nidea before in the [Ideas forum](https://github.com/simplesurance/baur/discussions/categories/ideas).\n\n## Contact\n\n* Questions? - [Q\u0026A Forum](https://github.com/simplesurance/baur/discussions/categories/q-a)\n* Suggestion for a cool feature or other improvements? - [Ideas Forum](https://github.com/simplesurance/baur/discussions/categories/ideas)\n\n## Links\n\n* [Example Repository](https://github.com/simplesurance/baur-example)\n* [Wiki](https://github.com/simplesurance/baur/wiki)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsimplesurance%2Fbaur","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsimplesurance%2Fbaur","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsimplesurance%2Fbaur/lists"}