feat(infra): automated build system for missing binaries #159
Description
Automated Build System
Build infrastructure for providing pre-built binaries for versions that aren't available from upstream sources.
When users request a build via dtvem request (which creates a GitHub issue), maintainers can approve the request by adding the build-approved label. This triggers automated workflows to build the requested version.
Build Workflows
When a maintainer adds the build-approved label to a build request issue, automatically build the requested version.
Build Request Workflow
# .github/workflows/build-request.yml
name: Build Requested Version
on:
issues:
types: [labeled]
jobs:
build:
if: github.event.label.name == 'build-approved'
# Parse issue title: build(python): 3.6.15 darwin-amd64
# Trigger platform-specific build workflowPlatform-Specific Build Workflows
Create workflows for each runtime:
-
.github/workflows/build-python.yml -
.github/workflows/build-ruby.yml -
.github/workflows/build-node.yml
Each workflow should:
- Build the requested version on the appropriate runner
- Calculate SHA256 checksum
- Upload artifact to
builds.dtvem.iowith immutable cache headers - Trigger manifest regeneration (generate-manifests-from-r2 workflow)
- Close the issue with success comment
Runner Matrix
| Platform | GitHub Runner |
|---|---|
| linux-amd64 | ubuntu-latest |
| linux-arm64 | ubuntu-24.04-arm |
| darwin-amd64 | macos-13 |
| darwin-arm64 | macos-14 |
| windows-amd64 | windows-latest |
Cache Headers
Build artifacts are immutable. Workflows should set:
cache-control: public, max-age=31536000, immutable
Security Considerations
- Only maintainers can add
build-approvedlabel (GitHub permission model) - Validate version format to prevent injection attacks
- Verify runtime is supported before building
Related
- Binary mirroring infrastructure: feat(infra): binary mirroring and manifest generation from R2 #167
- Parent issue: fix(providers): improve version source consistency and reliability #140