Melange ships an extensive library of reusable pipelines that cover the most common packaging tasks — downloading sources, applying patches, stripping debug symbols, and running ecosystem-specific build tools. These pipelines live in theDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/chainguard-dev/melange/llms.txt
Use this file to discover all available pages before exploring further.
pkg/build/pipelines/ directory of the melange repository and are available to every build without any additional configuration.
How built-in pipelines are located
A pipeline is invoked by its path relative to thepkg/build/pipelines/ directory, without the .yaml extension. For a pipeline stored at pkg/build/pipelines/go/build.yaml you write:
pkg/build/pipelines/fetch.yaml you simply write:
To list every available pipeline, browse the
pkg/build/pipelines/ tree in the melange repository or run find $(go env GOPATH)/pkg/mod/chainguard.dev/melange*/pkg/build/pipelines -name '*.yaml' after installing melange locally.Pipeline categories
| Category | Path prefix | Purpose |
|---|---|---|
| General | (top-level) | Fetch, patch, strip, git operations |
| autoconf | autoconf/ | GNU Autotools configure / make builds |
| cargo | cargo/ | Rust / Cargo builds |
| cmake | cmake/ | CMake configure and build |
| go | go/ | Go compiler builds and dependency bumps |
| llvm | llvm/ | LLVM-based toolchain builds |
| maven | maven/ | Java / Maven builds |
| meson | meson/ | Meson build system |
| npm | npm/ | Node.js / npm installs |
| pecl | pecl/ | PHP PECL extension builds |
| perl | perl/ | Perl module builds |
| python | python/ | Python package builds |
| R | R/ | R package builds (CRAN) |
| ruby | ruby/ | RubyGems builds |
| split | split/ | Package splitting helpers (bin, lib, dev, …) |
Commonly used pipelines
fetch
Downloads a source archive from a URI, verifies its checksum, and extracts it into the workspace. This is the most common way to get upstream source tarballs.
Required packages: wget
| Input | Default | Description |
|---|---|---|
uri | (required) | URI to download |
expected-sha256 | — | Expected SHA-256 checksum |
expected-sha512 | — | Expected SHA-512 checksum |
expected-none | — | Set to skip checksum verification |
strip-components | 1 | Tar --strip-components value |
directory | . | Target extraction directory |
extract | true | Whether to untar the download |
delete | false | Delete the archive after extraction |
timeout | 5 | Connect/read timeout in seconds |
dns-timeout | 20 | DNS lookup timeout in seconds |
retry-limit | 5 | Number of download retries |
purl-name | ${{package.name}} | PURL name for SBOM generation |
purl-version | ${{package.version}} | PURL version for SBOM generation |
reason | — | Human-readable reason for using fetch instead of git-checkout |
patch
Applies one or more patch files to the workspace sources using the patch command. Patch files must be placed in the source directory alongside your melange YAML.
Required packages: patch
| Input | Default | Description |
|---|---|---|
patches | — | Whitespace-delimited list of patch files |
series | — | Path to a quilt-style series file |
strip-components | 1 | Strip components passed to patch -p |
fuzz | 2 | Maximum fuzz factor for context diffs |
Either
patches or series must be provided. They are mutually exclusive — if both are set, series takes precedence.strip
Strips debug symbols from all ELF binaries and shared libraries in the package staging directory. This reduces APK size significantly for compiled packages.
Required packages: binutils, scanelf
| Input | Default | Description |
|---|---|---|
opts | -g | Flags passed to the strip command |
scanelf to enumerate all ET_DYN and ET_EXEC ELF files under ${{targets.contextdir}} and strips only native-architecture binaries (x86_64 or aarch64).
Example:
git-checkout
Clones a git repository into the workspace. Supports shallow clones, branch or tag pinning, commit verification, cherry-picks, submodules, and sparse checkout. See the Git Pipelines page for full documentation.
Required packages: git
Example:
git-am
Applies one or more patch files to a git repository using git am. This is an alternative to the patch pipeline for repositories checked out with git-checkout.
Required packages: git
| Input | Default | Description |
|---|---|---|
patches | (required) | Whitespace-delimited list of patch files |
--source-dir. This assumes git-checkout used the default destination (.), so the workspace root is the git repository.
Example:
Ecosystem pipeline quick reference
autoconf/ — GNU Autotools
autoconf/ — GNU Autotools
The
autoconf/ pipelines wrap the standard ./configure && make && make install workflow:autoconf/configure— runs./configurewith common flagsautoconf/make— runsmakeautoconf/make-install— runsmake installinto${{targets.destdir}}
cmake/ — CMake
cmake/ — CMake
The
cmake/ pipelines configure and build CMake-based projects:cmake/configure— runscmakewith standard flagscmake/build— runscmake --buildcmake/install— installs to staging directory
meson/ — Meson
meson/ — Meson
The
meson/ pipelines wrap Meson and Ninja:meson/configure— runsmeson setupmeson/compile— runsninjameson/install— runsninja install
split/ — Package splitting
split/ — Package splitting
The
split/ pipelines extract subsets of installed files into sub-packages:split/bin— movesusr/bincontents to a sub-packagesplit/dev— moves headers and static librariessplit/lib— moves shared librariessplit/manpages— moves man pagessplit/debug— moves debug symbolssplit/static— moves.astatic librariessplit/locales— moves locale data
python/ — Python packages
python/ — Python packages
The
python/ pipelines handle Python builds and installs, typically using setuptools or pip.perl/ — Perl modules
perl/ — Perl modules
The
perl/ pipelines handle Makefile.PL and Build.PL based Perl module builds.Adding new built-in pipelines
New built-in pipelines are created by adding YAML files to thepkg/build/pipelines/ directory and rebuilding melange. To test locally before submitting a pull request, install a development version with:
wolfictl: