{ "$schema": "https://json-schema.org/draft/2020-12/schema", "$id": "https://chainguard.dev/melange/pkg/config/configuration", "$ref": "#/$defs/Configuration", "$defs": { "AdditionalCertificateEntry": { "properties": { "name": { "type": "string" }, "content": { "type": "string" } }, "additionalProperties": false, "type": "object" }, "BaseImageDescriptor": { "properties": { "image": { "type": "string" }, "apkindex": { "type": "string" } }, "additionalProperties": false, "type": "object" }, "BuildOption": { "properties": { "Vars": { "additionalProperties": { "type": "string" }, "type": "object" }, "Environment": { "$ref": "#/$defs/EnvironmentOption" } }, "additionalProperties": false, "type": "object", "required": [ "Vars", "Environment" ], "description": "BuildOption describes an optional deviation to a package build." }, "CPE": { "properties": { "part": { "type": "string" }, "vendor": { "type": "string" }, "product": { "type": "string" }, "edition": { "type": "string" }, "language": { "type": "string" }, "sw_edition": { "type": "string" }, "target_sw": { "type": "string" }, "target_hw": { "type": "string" }, "other": { "type": "string" } }, "additionalProperties": false, "type": "object", "description": "CPE stores values used to produce a CPE to describe the package, suitable for matching against NVD records." }, "Capabilities": { "properties": { "add": { "items": { "type": "string" }, "type": "array", "description": "Linux process capabilities to add to the pipeline container." }, "drop": { "items": { "type": "string" }, "type": "array", "description": "Linux process capabilities to drop from the pipeline container." } }, "additionalProperties": false, "type": "object", "description": "Capabilities is the configuration for Linux capabilities for the runner." }, "Capability": { "properties": { "path": { "type": "string" }, "add": { "additionalProperties": { "type": "string" }, "type": "object" }, "reason": { "type": "string" } }, "additionalProperties": false, "type": "object", "description": "Capability stores paths and an associated map of capabilities and justification to include in a package." }, "Checks": { "properties": { "disabled": { "items": { "type": "string" }, "type": "array", "description": "Optional: disable these linters that are not enabled by default." } }, "additionalProperties": false, "type": "object" }, "Configuration": { "properties": { "package": { "$ref": "#/$defs/Package", "description": "Package metadata" }, "environment": { "$ref": "#/$defs/ImageConfiguration", "description": "The specification for the packages build environment\nOptional: environment variables to override apko" }, "capabilities": { "$ref": "#/$defs/Capabilities", "description": "Optional: Linux capabilities configuration to apply to the melange runner." }, "pipeline": { "items": { "$ref": "#/$defs/Pipeline" }, "type": "array", "description": "Required: The list of pipelines that produce the package." }, "subpackages": { "items": { "$ref": "#/$defs/Subpackage" }, "type": "array", "description": "Optional: The list of subpackages that this package also produces." }, "data": { "items": { "$ref": "#/$defs/RangeData" }, "type": "array", "description": "Optional: An arbitrary list of data that can be used via templating in the\npipeline" }, "update": { "$ref": "#/$defs/Update", "description": "Optional: The update block determining how this package is auto updated" }, "vars": { "additionalProperties": { "type": "string" }, "type": "object", "description": "Optional: A map of arbitrary variables that can be used via templating in\nthe pipeline" }, "var-transforms": { "items": { "$ref": "#/$defs/VarTransforms" }, "type": "array", "description": "Optional: A list of transformations to create for the builtin template\nvariables" }, "options": { "additionalProperties": { "$ref": "#/$defs/BuildOption" }, "type": "object", "description": "Optional: Deviations to the build" }, "test": { "$ref": "#/$defs/Test", "description": "Test section for the main package." } }, "additionalProperties": false, "type": "object", "required": [ "package", "environment", "capabilities", "update" ], "description": "Configuration is the root melange configuration." }, "ContentsOption": { "properties": { "Packages": { "$ref": "#/$defs/ListOption" } }, "additionalProperties": false, "type": "object", "required": [ "Packages" ], "description": "ContentsOption describes an optional deviation to an apko environment's contents block." }, "Copyright": { "properties": { "paths": { "items": { "type": "string" }, "type": "array", "description": "Optional: The license paths, typically '*'" }, "attestation": { "type": "string", "description": "Optional: Attestations of the license" }, "license": { "type": "string", "description": "Required: The license for this package" }, "license-path": { "type": "string", "description": "Optional: Path to text of the custom License Ref" }, "detection-override": { "type": "string", "description": "Optional: License override" } }, "additionalProperties": false, "type": "object", "required": [ "license" ] }, "DataItems": { "additionalProperties": { "type": "string" }, "type": "object" }, "Dependencies": { "properties": { "runtime": { "items": { "type": "string" }, "type": "array", "description": "Optional: List of runtime dependencies" }, "provides": { "items": { "type": "string" }, "type": "array", "description": "Optional: List of packages provided" }, "replaces": { "items": { "type": "string" }, "type": "array", "description": "Optional: List of replace objectives" }, "provider-priority": { "type": "string", "description": "Optional: An integer string compared against other equal package provides used to\ndetermine priority of provides" }, "replaces-priority": { "type": "string", "description": "Optional: An integer string compared against other equal package provides used to\ndetermine priority of file replacements" } }, "additionalProperties": false, "type": "object" }, "EnvironmentOption": { "properties": { "Contents": { "$ref": "#/$defs/ContentsOption" } }, "additionalProperties": false, "type": "object", "required": [ "Contents" ], "description": "EnvironmentOption describes an optional deviation to an apko environment." }, "GitHubMonitor": { "properties": { "identifier": { "type": "string", "description": "Org/repo for GitHub" }, "strip-prefix": { "type": "string", "description": "If the version in GitHub contains a prefix which should be ignored" }, "strip-suffix": { "type": "string", "description": "If the version in GitHub contains a suffix which should be ignored" }, "tag-filter": { "type": "string", "description": "Filter to apply when searching tags on a GitHub repository\n\nDeprecated: Use TagFilterPrefix instead" }, "tag-filter-prefix": { "type": "string", "description": "Prefix filter to apply when searching tags on a GitHub repository" }, "tag-filter-contains": { "type": "string", "description": "Filter to apply when searching tags on a GitHub repository" }, "use-tag": { "type": "boolean", "description": "Override the default of using a GitHub release to identify related tag to\nfetch. Not all projects use GitHub releases but just use tags" } }, "additionalProperties": false, "type": "object", "required": [ "identifier" ], "description": "GitHubMonitor indicates using the GitHub API" }, "GitMonitor": { "properties": { "strip-prefix": { "type": "string", "description": "StripPrefix is the prefix to strip from the version" }, "strip-suffix": { "type": "string", "description": "If the version in GitHub contains a suffix which should be ignored" }, "tag-filter-prefix": { "type": "string", "description": "Prefix filter to apply when searching tags on a GitHub repository" }, "tag-filter-contains": { "type": "string", "description": "Filter to apply when searching tags on a GitHub repository" } }, "additionalProperties": false, "type": "object", "description": "GitMonitor indicates using Git" }, "Group": { "properties": { "groupname": { "type": "string" }, "gid": { "type": "integer" }, "members": { "items": { "type": "string" }, "type": "array" } }, "additionalProperties": false, "type": "object" }, "ImageAccounts": { "properties": { "run-as": { "type": "string" }, "users": { "items": { "$ref": "#/$defs/User" }, "type": "array" }, "groups": { "items": { "$ref": "#/$defs/Group" }, "type": "array" } }, "additionalProperties": false, "type": "object" }, "ImageCertificates": { "properties": { "additional": { "items": { "$ref": "#/$defs/AdditionalCertificateEntry" }, "type": "array" }, "providers": { "items": { "type": "string" }, "type": "array" } }, "additionalProperties": false, "type": "object" }, "ImageConfiguration": { "properties": { "contents": { "$ref": "#/$defs/ImageContents" }, "entrypoint": { "$ref": "#/$defs/ImageEntrypoint" }, "cmd": { "type": "string" }, "stop-signal": { "type": "string" }, "work-dir": { "type": "string" }, "accounts": { "$ref": "#/$defs/ImageAccounts" }, "archs": { "items": { "type": "string" }, "type": "array" }, "environment": { "additionalProperties": { "type": "string" }, "type": "object" }, "paths": { "items": { "$ref": "#/$defs/PathMutation" }, "type": "array" }, "vcs-url": { "type": "string" }, "annotations": { "additionalProperties": { "type": "string" }, "type": "object" }, "include": { "type": "string" }, "volumes": { "items": { "type": "string" }, "type": "array" }, "layering": { "$ref": "#/$defs/Layering" }, "certificates": { "$ref": "#/$defs/ImageCertificates" } }, "additionalProperties": false, "type": "object" }, "ImageContents": { "properties": { "build_repositories": { "items": { "type": "string" }, "type": "array" }, "runtime_repositories": { "items": { "type": "string" }, "type": "array" }, "repositories": { "items": { "type": "string" }, "type": "array" }, "keyring": { "items": { "type": "string" }, "type": "array" }, "packages": { "items": { "type": "string" }, "type": "array" }, "baseimage": { "$ref": "#/$defs/BaseImageDescriptor" } }, "additionalProperties": false, "type": "object" }, "ImageEntrypoint": { "properties": { "type": { "type": "string" }, "command": { "type": "string" }, "shell-fragment": { "type": "string" }, "services": { "additionalProperties": { "type": "string" }, "type": "object" } }, "additionalProperties": false, "type": "object" }, "Input": { "properties": { "description": { "type": "string", "description": "Optional: The human-readable description of the input" }, "default": { "type": "string", "description": "Optional: The default value of the input. Required when the input is." }, "required": { "type": "boolean", "description": "Optional: A toggle denoting whether the input is required or not" } }, "additionalProperties": false, "type": "object" }, "Layering": { "properties": { "strategy": { "type": "string" }, "budget": { "type": "integer" } }, "additionalProperties": false, "type": "object" }, "ListOption": { "properties": { "Add": { "items": { "type": "string" }, "type": "array" }, "Remove": { "items": { "type": "string" }, "type": "array" } }, "additionalProperties": false, "type": "object", "required": [ "Add", "Remove" ], "description": "ListOption describes an optional deviation to a list, for example, a list of packages." }, "Needs": { "properties": { "Packages": { "items": { "type": "string" }, "type": "array", "description": "A list of packages needed by this pipeline" } }, "additionalProperties": false, "type": "object", "required": [ "Packages" ] }, "OCIMonitor": { "properties": { "identifier": { "type": "string", "description": "Required: OCI image reference (e.g. cgr.dev/chainguard/node)" }, "strip-prefix": { "type": "string", "description": "If the version in the tag contains a prefix which should be ignored" }, "strip-suffix": { "type": "string", "description": "If the version in the tag contains a suffix which should be ignored" }, "tag-filter-prefix": { "type": "string", "description": "Prefix filter to apply when searching tags" }, "tag-filter-contains": { "type": "string", "description": "Substring filter to apply when searching tags" } }, "additionalProperties": false, "type": "object", "required": [ "identifier" ], "description": "OCIMonitor indicates using OCI image tags" }, "Package": { "properties": { "name": { "type": "string", "description": "The name of the package" }, "version": { "type": "string", "description": "The version of the package" }, "epoch": { "type": "integer", "description": "The monotone increasing epoch of the package" }, "description": { "type": "string", "description": "A human-readable description of the package" }, "annotations": { "additionalProperties": { "type": "string" }, "type": "object", "description": "Annotations for this package" }, "url": { "type": "string", "description": "The URL to the package's homepage" }, "commit": { "type": "string", "description": "Optional: The git commit of the package build configuration" }, "target-architecture": { "items": { "type": "string" }, "type": "array", "description": "List of target architectures for which this package should be build for" }, "copyright": { "items": { "$ref": "#/$defs/Copyright" }, "type": "array", "description": "The list of copyrights for this package" }, "dependencies": { "$ref": "#/$defs/Dependencies", "description": "List of packages to depends on" }, "options": { "$ref": "#/$defs/PackageOption", "description": "Optional: Options that alter the packages behavior" }, "scriptlets": { "$ref": "#/$defs/Scriptlets", "description": "Optional: Executable scripts that run at various stages of the package\nlifecycle, triggered by configurable events" }, "checks": { "$ref": "#/$defs/Checks", "description": "Optional: enabling, disabling, and configuration of build checks" }, "cpe": { "$ref": "#/$defs/CPE", "description": "The CPE field values to be used for matching against NVD vulnerability\nrecords, if known." }, "setcap": { "items": { "$ref": "#/$defs/Capability" }, "type": "array", "description": "Capabilities to set after the pipeline completes." }, "timeout": { "type": "integer", "description": "Optional: The amount of time to allow this build to take before timing out." }, "resources": { "$ref": "#/$defs/Resources", "description": "Optional: Resources to allocate to the build." }, "test-resources": { "$ref": "#/$defs/Resources", "description": "Optional: Resources to allocate for test execution.\nUsed by external schedulers (like elastic build) to provision\nappropriately-sized test pods/VMs. If not specified, falls back\nto Resources." } }, "additionalProperties": false, "type": "object", "required": [ "name", "version", "epoch", "dependencies", "checks", "cpe" ] }, "PackageOption": { "properties": { "no-provides": { "type": "boolean", "description": "Optional: Signify this package as a virtual package which does not provide\nany files, executables, libraries, etc... and is otherwise empty" }, "no-depends": { "type": "boolean", "description": "Optional: Mark this package as a self contained package that does not\ndepend on any other package" }, "no-commands": { "type": "boolean", "description": "Optional: Mark this package as not providing any executables" }, "no-versioned-shlib-deps": { "type": "boolean", "description": "Optional: Don't generate versioned depends for shared libraries" } }, "additionalProperties": false, "type": "object" }, "PathMutation": { "properties": { "path": { "type": "string" }, "type": { "type": "string" }, "uid": { "type": "integer" }, "gid": { "type": "integer" }, "permissions": { "type": "integer" }, "source": { "type": "string" }, "recursive": { "type": "boolean" } }, "additionalProperties": false, "type": "object" }, "Pipeline": { "properties": { "if": { "type": "string", "description": "Optional: A condition to evaluate before running the pipeline" }, "name": { "type": "string", "description": "Optional: A user defined name for the pipeline" }, "uses": { "type": "string", "description": "Optional: A named reusable pipeline to run\n\nThis can be either a pipeline builtin to melange, or a user defined named pipeline.\nFor example, to use a builtin melange pipeline:\n\t\tuses: autoconf/make" }, "with": { "additionalProperties": { "type": "string" }, "type": "object", "description": "Optional: Arguments passed to the reusable pipelines defined in `uses`" }, "runs": { "type": "string", "description": "Optional: The command to run using the builder's shell (/bin/sh)" }, "pipeline": { "items": { "$ref": "#/$defs/Pipeline" }, "type": "array", "description": "Optional: The list of pipelines to run.\n\nEach pipeline runs in its own context that is not shared between other\npipelines. To share context between pipelines, nest a pipeline within an\nexisting pipeline. This can be useful when you wish to share common\nconfiguration, such as an alternative `working-directory`." }, "inputs": { "additionalProperties": { "$ref": "#/$defs/Input" }, "type": "object", "description": "Optional: A map of inputs to the pipeline" }, "needs": { "$ref": "#/$defs/Needs", "description": "Optional: Configuration to determine any explicit dependencies this pipeline may have" }, "label": { "type": "string", "description": "Optional: Labels to apply to the pipeline" }, "assertions": { "$ref": "#/$defs/PipelineAssertions", "description": "Optional: Assertions to evaluate whether the pipeline was successful" }, "working-directory": { "type": "string", "description": "Optional: The working directory of the pipeline\n\nThis defaults to the guests' build workspace (/home/build)" }, "environment": { "additionalProperties": { "type": "string" }, "type": "object", "description": "Optional: environment variables to override apko" } }, "additionalProperties": false, "type": "object" }, "PipelineAssertions": { "properties": { "required-steps": { "type": "integer", "description": "The number (an int) of required steps that must complete successfully\nwithin the asserted pipeline." } }, "additionalProperties": false, "type": "object" }, "RangeData": { "properties": { "name": { "type": "string" }, "items": { "$ref": "#/$defs/DataItems" } }, "additionalProperties": false, "type": "object", "required": [ "name", "items" ] }, "ReleaseMonitor": { "properties": { "identifier": { "type": "integer", "description": "Required: ID number for release monitor" }, "strip-prefix": { "type": "string", "description": "If the version in release monitor contains a prefix which should be ignored" }, "strip-suffix": { "type": "string", "description": "If the version in release monitor contains a suffix which should be ignored" }, "version-filter-contains": { "type": "string", "description": "Filter to apply when searching version on a Release Monitoring" }, "version-filter-prefix": { "type": "string", "description": "Filter to apply when searching version Release Monitoring" } }, "additionalProperties": false, "type": "object", "required": [ "identifier" ], "description": "ReleaseMonitor indicates using the API for https://release-monitoring.org/" }, "Resources": { "properties": { "cpu": { "type": "string" }, "cpumodel": { "type": "string" }, "memory": { "type": "string" }, "disk": { "type": "string" } }, "additionalProperties": false, "type": "object" }, "Schedule": { "properties": { "reason": { "type": "string", "description": "The reason scheduling is being used" }, "period": { "type": "string" } }, "additionalProperties": false, "type": "object", "description": "Schedule defines the schedule for the update check to run" }, "Scriptlets": { "properties": { "trigger": { "$ref": "#/$defs/Trigger", "description": "Optional: A script to run on a custom trigger" }, "pre-install": { "type": "string", "description": "Optional: The script to run pre install. The script should contain the\nshebang interpreter." }, "post-install": { "type": "string", "description": "Optional: The script to run post install. The script should contain the\nshebang interpreter." }, "pre-deinstall": { "type": "string", "description": "Optional: The script to run before uninstalling. The script should contain\nthe shebang interpreter." }, "post-deinstall": { "type": "string", "description": "Optional: The script to run after uninstalling. The script should contain\nthe shebang interpreter." }, "pre-upgrade": { "type": "string", "description": "Optional: The script to run before upgrading. The script should contain\nthe shebang interpreter." }, "post-upgrade": { "type": "string", "description": "Optional: The script to run after upgrading. The script should contain the\nshebang interpreter." } }, "additionalProperties": false, "type": "object", "required": [ "trigger" ] }, "Subpackage": { "properties": { "if": { "type": "string", "description": "Optional: A conditional statement to evaluate for the subpackage" }, "range": { "type": "string", "description": "Optional: The iterable used to generate multiple subpackages" }, "name": { "type": "string", "description": "Required: Name of the subpackage" }, "pipeline": { "items": { "$ref": "#/$defs/Pipeline" }, "type": "array", "description": "Optional: The list of pipelines that produce subpackage." }, "dependencies": { "$ref": "#/$defs/Dependencies", "description": "Optional: List of packages to depend on" }, "options": { "$ref": "#/$defs/PackageOption", "description": "Optional: Options that alter the packages behavior" }, "scriptlets": { "$ref": "#/$defs/Scriptlets" }, "description": { "type": "string", "description": "Optional: The human readable description of the subpackage" }, "url": { "type": "string", "description": "Optional: The URL to the package's homepage" }, "commit": { "type": "string", "description": "Optional: The git commit of the subpackage build configuration" }, "checks": { "$ref": "#/$defs/Checks", "description": "Optional: enabling, disabling, and configuration of build checks" }, "test": { "$ref": "#/$defs/Test", "description": "Test section for the subpackage." }, "setcap": { "items": { "$ref": "#/$defs/Capability" }, "type": "array", "description": "Capabilities to set after the pipeline completes." } }, "additionalProperties": false, "type": "object", "required": [ "name", "dependencies", "checks" ] }, "Test": { "properties": { "environment": { "$ref": "#/$defs/ImageConfiguration", "description": "Additional Environment necessary for test.\nEnvironment.Contents.Packages automatically get\npackage.dependencies.runtime added to it. So, if your test needs\nno additional packages, you can leave it blank.\nOptional: Additional Environment the test needs to run" }, "pipeline": { "items": { "$ref": "#/$defs/Pipeline" }, "type": "array", "description": "Required: The list of pipelines that test the produced package." } }, "additionalProperties": false, "type": "object", "required": [ "environment", "pipeline" ] }, "Trigger": { "properties": { "script": { "type": "string", "description": "Optional: The script to run" }, "paths": { "items": { "type": "string" }, "type": "array", "description": "Optional: The list of paths to monitor to trigger the script" } }, "additionalProperties": false, "type": "object" }, "Update": { "properties": { "enabled": { "type": "boolean", "description": "Toggle if updates should occur" }, "manual": { "type": "boolean", "description": "Indicates that this package should be manually updated, usually taking\ncare over special version numbers" }, "require-sequential": { "type": "boolean", "description": "Indicates that automated pull requests should be merged in order rather than superseding and closing previous unmerged PRs" }, "shared": { "type": "boolean", "description": "Indicate that an update to this package requires an epoch bump of\ndownstream dependencies, e.g. golang, java" }, "version-separator": { "type": "string", "description": "Override the version separator if it is nonstandard" }, "ignore-regex-patterns": { "items": { "type": "string" }, "type": "array", "description": "A slice of regex patterns to match an upstream version and ignore" }, "release-monitor": { "$ref": "#/$defs/ReleaseMonitor", "description": "The configuration block for updates tracked via release-monitoring.org" }, "github": { "$ref": "#/$defs/GitHubMonitor", "description": "The configuration block for updates tracked via the Github API" }, "git": { "$ref": "#/$defs/GitMonitor", "description": "The configuration block for updates tracked via Git" }, "oci": { "$ref": "#/$defs/OCIMonitor", "description": "The configuration block for updates tracked via OCI image tags" }, "version_data": { "$ref": "#/$defs/VersionDataMonitor", "description": "The configuration block for updates tracked via chainguard version data" }, "version-transform": { "items": { "$ref": "#/$defs/VersionTransform" }, "type": "array", "description": "The configuration block for transforming the `package.version` into an APK version" }, "exclude-reason": { "type": "string", "description": "ExcludeReason is required if enabled=false, to explain why updates are disabled." }, "schedule": { "$ref": "#/$defs/Schedule", "description": "Schedule defines the schedule for the update check to run" }, "enable-prerelease-tags": { "type": "boolean", "description": "Optional: Disables filtering of common pre-release tags" } }, "additionalProperties": false, "type": "object", "required": [ "enabled" ], "description": "Update provides information used to describe how to keep the package up to date" }, "User": { "properties": { "username": { "type": "string" }, "uid": { "type": "integer" }, "gid": { "type": "integer" }, "shell": { "type": "string" }, "homedir": { "type": "string" } }, "additionalProperties": false, "type": "object" }, "VarTransforms": { "properties": { "from": { "type": "string", "description": "Required: The original template variable.\n\nExample: ${{package.version}}" }, "match": { "type": "string", "description": "Required: The regular expression to match against the `from` variable" }, "replace": { "type": "string", "description": "Required: The repl to replace on all `match` matches" }, "to": { "type": "string", "description": "Required: The name of the new variable to create\n\nExample: mangeled-package-version" } }, "additionalProperties": false, "type": "object", "required": [ "from", "match", "replace", "to" ] }, "VersionDataMonitor": { "properties": { "version_format": { "type": "string", "description": "Format string for composing the version, using ${{source_name.field}} placeholders" }, "sources": { "items": { "$ref": "#/$defs/VersionDataSource" }, "type": "array", "description": "The list of upstream sources to fetch version data from" } }, "additionalProperties": false, "type": "object", "required": [ "version_format", "sources" ], "description": "VersionDataMonitor indicates using chainguard version data" }, "VersionDataSource": { "properties": { "name": { "type": "string", "description": "The name of the source, used to reference it in the format string" }, "stream": { "type": "string", "description": "The stream to track for updates (e.g. \"12.6\", \"9\")" }, "ignore": { "items": { "type": "string" }, "type": "array", "description": "A list of regex patterns to ignore when matching upstream versions" }, "commit_source": { "type": "string", "description": "The source whose commits to use when multiple sources are configured" }, "use_release": { "type": "boolean", "description": "Whether to use GitHub releases as the tag source instead of git tags" } }, "additionalProperties": false, "type": "object", "required": [ "name", "stream" ], "description": "VersionDataSource defines an individual upstream source for version data" }, "VersionTransform": { "properties": { "match": { "type": "string", "description": "Required: The regular expression to match against the `package.version` variable" }, "replace": { "type": "string", "description": "Required: The repl to replace on all `match` matches" } }, "additionalProperties": false, "type": "object", "required": [ "match", "replace" ], "description": "VersionTransform allows mapping the package version to an APK version" } } }