Each workflow profile is defined in this repository as a GitHub Workflow, using YAML. In some cases, workflows are paired with a container image which includes the tools which are used by the workflow. The image typically isn't required (unless noted) but may vastly speed up builds by pre-including tools.
For an exhaustive list of build profiles and their use, see the table further down.
-
Containers: Container image definitions which are used by actions and workflows; some of these can also be used directly in downstream workflows.
-
Actions: Custom GitHub Actions for use in Elide codebases. Actions are used like any other GitHub Action, but with references to this repository instead.
-
Workflows: Custom YAML workflow definitions for use in Elide codebases. Workflows are used as external
workflow_calltargets. -
Gradle: Gradle build conventions which are re-usable across projects, as a suite of easily applicable build convention plugins and version catalogs.
In a .github/workflows/<x>.yml:
# ...
jobs:
## Build container
build-a-container:
name: "Image"
uses: elide-dev/build-infra/.github/workflows/container.yml@main
secrets: inherit
permissions:
checks: write
id-token: write
contents: read
packages: write
pull-requests: write
with:
image: elide-dev/build-infra/gvm
path: containers/gvm
push: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}The above job uses the container.yml "build profile" (see all profiles listed below). By using the re-usable workflow, you
gain consistency:
- Repository authentication is handled for you
- Intelligent platform selection (with override)
- Consistent tagging and labeling of images
- Underlying Github Actions updates happen without repo commits
| Name | Description |
|---|---|
android.yml |
Build an Android app with Gradle |
container.yml |
Build and push a container image |
jvm.gradle.yml |
Run a Gradle build targeting JVM |
jvm.maven.yml |
Run a Maven build targeting JVM |
bazel.yml |
Build targets with Bazel |
See below for documentation about reusable workflow inputs.
See below for an exhaustive list of all inputs for each build profile. You can use these inputs in the with: {} block of your workflow invocation.
- Description: Consistently build properly tagged container images in sync with source control
- Workflow:
.github/workflows/container.yml
| Name | Type | Description | Default value |
|---|---|---|---|
image* |
string |
Image coordinate to build | (None. Required.) |
auth |
boolean |
Whether to authenticate | true |
dockerfile |
string |
Full path to Dockerfile to build | "Dockerfile" |
path |
string |
Docker context path for build | "." |
platforms |
string |
Architectures/platforms to build | "linux/amd64,linux/arm64" |
push |
boolean |
Whether to push after building | false |
registry |
string |
Whether to push after building | "ghcr.io" |
runner |
string |
Runner to use for all tasks | (See runner docs) |
tags |
string |
Tags to push to with built image | (None.) |
- Description: Consistently build JVM outputs using Gradle
- Workflow:
.github/workflows/jvm.gradle.yml
| Name | Type | Description | Default value |
|---|---|---|---|
action |
string |
Gradle task(s) to execute | "build" |
android |
boolean |
Install Android SDK | true |
artifact |
string |
Name of output artifact to use | (None.) |
artifacts |
boolean |
Upload built artifacts | false |
cache_action |
boolean |
Turn GHA cache on/off | true |
cache_local |
boolean |
Turn local caching on/off | false |
cache_read_only |
boolean |
GHA cache read-only status | false |
cache_remote |
boolean |
Turn remote caching on/off | true |
checks |
boolean |
Run checks and Sonar | true |
coverage |
boolean |
Upload → Codecov after build | false |
coverage_report |
string |
Path to coverage report | (None.) |
coverage_flags |
string |
Extra flags to pass to Codecov | (None.) |
flags |
string |
Extra flags to append | (None.) |
gradle |
string |
Gradle version to install & use | "wrapper" |
install_jvm |
boolean |
Setup a regular JVM before build | true |
jvm |
string |
JVM version to install/target | (See JVM notes below) |
jvm_dist |
string |
JVM distribution to use | "adopt-hotspot" |
label |
string |
Label to show for build step | "Gradle" |
reports |
boolean |
Whether to upload built reports | true |
runner |
string |
Runner to use for all tasks | (See runner docs) |
- Description: Consistently build JVM outputs using Gradle
- Workflow:
.github/workflows/jvm.gradle.yml
| Name | Type | Description | Default value |
|---|---|---|---|
action |
string |
Gradle task(s) to execute | "build" |
artifact |
string |
Name of output artifact to use | (None.) |
artifacts |
boolean |
Upload built artifacts | false |
cache_action |
boolean |
Turn GHA cache on/off | true |
cache_local |
boolean |
Turn local caching on/off | false |
cache_read_only |
boolean |
GHA cache read-only status | false |
cache_remote |
boolean |
Turn remote caching on/off | true |
checks |
boolean |
Run checks and Sonar | true |
coverage |
boolean |
Upload → Codecov after build | false |
coverage_report |
string |
Path to coverage report | (None.) |
coverage_flags |
string |
Extra flags to pass to Codecov | (None.) |
flags |
string |
Extra flags to append | (None.) |
gradle |
string |
Gradle version to install & use | "wrapper" |
gvm |
string |
GraalVM version to use | (See JVM notes below) |
gvm_components |
string |
GraalVM components to install | "native-image,js" |
install_gvm |
boolean |
Setup a distribution of GraalVM | false |
install_jvm |
boolean |
Setup a regular JVM before build | true |
jvm |
string |
JVM version to install/target | (See JVM notes below) |
jvm_dist |
string |
JVM distribution to use | "adopt-hotspot" |
label |
string |
Label to show for build step | "Gradle" |
provenance |
boolean |
Stamp for SLSA provenance | false |
publish |
boolean |
Perform a publish after build | false |
reports |
boolean |
Whether to upload built reports | true |
runner |
string |
Runner to use for all tasks | (See runner docs) |
- Description: Consistently build JVM outputs using Maven
- Workflow:
.github/workflows/jvm.maven.yml
Inputs for the Maven workflow are nearly identical to those for the Gradle workflow (listed above):
| Name | Type | Description | Default value |
|---|---|---|---|
action |
string |
Maven goal(s) to execute | "package" |
artifact |
string |
Name of output artifact to use | (None.) |
artifacts |
boolean |
Upload built artifacts | false |
cache_action |
boolean |
Turn GHA cache on/off | true |
cache_local |
boolean |
Turn local caching on/off | false |
cache_read_only |
boolean |
GHA cache read-only status | false |
cache_remote |
boolean |
Turn remote caching on/off | true |
checks |
boolean |
Run checks and Sonar | true |
coverage |
boolean |
Upload → Codecov after build | false |
coverage_report |
string |
Path to coverage report | (None.) |
coverage_flags |
string |
Extra flags to pass to Codecov | (None.) |
flags |
string |
Extra flags to append | (None.) |
gvm |
string |
GraalVM version to use | (See JVM notes below) |
gvm_components |
string |
GraalVM components to install | "native-image,js" |
install_gvm |
boolean |
Setup a distribution of GraalVM | false |
install_jvm |
boolean |
Setup a regular JVM before build | true |
jvm |
string |
JVM version to install/target | (See JVM notes below) |
jvm_dist |
string |
JVM distribution to use | "adopt-hotspot" |
label |
string |
Label to show for build step | "Gradle" |
provenance |
boolean |
Stamp for SLSA provenance | false |
publish |
boolean |
Perform a publish after build | false |
reports |
boolean |
Whether to upload built reports | true |
runner |
string |
Runner to use for all tasks | (See runner docs) |
- Description: Run builds with Bazel
- Workflow:
.github/workflows/bazel.yml
There are no required inputs for a Bazel build; the target specification defaults to the value
//..., which builds all targets. The default command is build. The build is executed with
Bazelisk, which will respect the .bazelversion present at the root of your project.
| Name | Type | Description | Default value |
|---|---|---|---|
artifact |
string |
Name of output artifact to use | (None.) |
artifacts |
boolean |
Upload built artifacts | false |
cache_action |
boolean |
Turn GHA cache on/off | true |
command |
string |
Bazel command to execute | "build" |
targets |
string |
Bazel target string | "//..." |
flags |
string |
Extra flags to append | (None.) |
gvm |
string |
GraalVM version to use | (See JVM notes below) |
gvm_components |
string |
GraalVM components to install | "native-image,js" |
install_gvm |
boolean |
Setup a distribution of GraalVM | false |
install_jvm |
boolean |
Setup a regular JVM before build | true |
jvm |
string |
JVM version to install/target | (See JVM notes below) |
jvm_dist |
string |
JVM distribution to use | "adopt-hotspot" |
runner |
string |
Runner to use for all tasks | (See runner docs) |
The Gradle conventions provided by this project are generic in nature and can be used in nearly any Gradle 8+ project. Conventions are applied in a cascading fashion, with relevant plugins being applied first, which then provide strong baseline settings.
Gradle infra:
- Plugins for common build tasks, especially around JPMS. See the plugins list below.
- Catalogs defining security-hardened library catalogs
- Platforms which enforce different profiles of dependency constraints
Read more about the Gradle build infra here. There are samples.
-
dev.elide.gha: Integrate your Gradle build with GitHub Actions. Enables enhanced logging and reporting features, PR integrations, and other features supported by the workflows in this repo. -
dev.elide.jmod: Buildjmodartifacts in Gradle JVM projects with Java 9+.jmodartifacts are compatible withjlinkand make for great optimized build artifacts in modular projects. -
dev.elide.jpms: Toolkit plugin for Gradle builds enabled with modular Java (Java Platform Module System, or JPMS). Provides amodulepathconfiguration and modular builds for Java, Kotlin, and GraalVM. -
dev.elide.mrjar: Plugin for easily building multi-target MRJAR artifacts. This plugin goes above and beyond by building the entire project at each bytecode tier, so that modern Java runtimes can leverage the latest bytecode. -
dev.elide.jlink: Plugin for usingjmodandjpmsto build optimized, self-contained modular Java apps usingjlink. -
dev.elide.graalvm: Plugin for usingjmodandjpmsto build optimized, native AOT Java apps usingnative-image.
Follow the YAML and action convention within the repository; the multi-workspace expressed here for actions uses the
GitHub Actions Toolkit and pnpm workspaces.
Build configurations are validated on each push, and actions are built and tested to the extent possible. Once a PR is merged, it is expected to be deployed to private package storage, where update tools can pick it up.
This repository is shared openly for OSS use. It is licensed as MIT.