What anodizer builds
Artifacts the `anodizer release` pipeline produces: binaries, archives, packages, installers, containers, and signing material.
What anodizer builds
Output formats and the builds[] / archives[] / dockers_v2[] / signs[]
keys that drive them. Native binaries for 6 targets ship on every release
(linux amd64/arm64, darwin amd64/arm64, windows amd64/arm64), built with
cargo + cargo-zigbuild + cross.
Live configuration
Build / archive / nfpm / dockers_v2 / sign blocks from
cfgd/.anodizer.yaml
(snapshot 2026-05-24) — every key referenced in the tables below is wired
here.
defaults:
targets:
- x86_64-unknown-linux-gnu
- aarch64-unknown-linux-gnu
- x86_64-apple-darwin
- aarch64-apple-darwin
- x86_64-pc-windows-msvc
cross: auto
# Per-crate (one workspace shown):
builds:
- binary: cfgd
mod_timestamp: "{{ CommitTimestamp }}"
archives:
- name_template: "{{ ProjectName }}-{{ Version }}-{{ Os }}-{{ Arch }}"
formats: [tar.gz]
format_overrides:
- { os: windows, formats: [zip] }
files: [LICENSE, README.md]
universal_binaries:
- { name_template: "{{ ProjectName }}", replace: false }
checksum:
name_template: "{{ ArtifactName }}.sha256"
algorithm: sha256
split: true
# Top-level:
upx:
- id: default
enabled: true
args: ["--best", "--lzma"]
targets: [x86_64-unknown-linux-gnu, aarch64-unknown-linux-gnu,
x86_64-apple-darwin, x86_64-pc-windows-msvc]
nfpms:
- id: cfgd
formats: [deb, rpm, apk]
maintainer: "TJ Smith <tj@jarvispro.io>"
contents:
- { src: LICENSE, dst: /usr/share/doc/cfgd/LICENSE }
- { src: README.md, dst: /usr/share/doc/cfgd/README.md }
# dockers_v2: pushes a multi-arch image index in one step (no separate manifest).
dockers_v2:
- id: cfgd
dockerfile: Dockerfile.agent.release
images: ["ghcr.io/tj-smith47/cfgd"]
tags: ["{{ Version }}", "v{{ Version }}", "latest"]
sbom: true
signs:
- { id: cosign-checksum, artifacts: checksum, cmd: cosign }
- { id: cosign-source, artifacts: source, cmd: cosign }
docker_signs:
- { id: cosign-images, artifacts: manifests, cmd: cosign }
binary_signs:
- { id: cosign-bin, artifacts: binary, cmd: cosign }
sboms:
- { id: default, cmd: syft, artifacts: archive, documents: ["{{ .ProjectName }}-{{ .Version }}.cdx.json"] }
Build
Archives and checksums
| Key | Status | Notes |
checksum.algorithm | ✅ Verified | sha256 default. anodizer-0.1.1-checksums.txt. Full list: sha1/224/256/384/512, sha3-*, blake2s/2b, blake3, crc32, md5 |
checksum.split | ✅ Verified | cfgd .anodizer.yaml (checksum.split: true per crate) |
Linux packages
macOS and Windows installers (built on Linux CI)
These formats are assembled on an ordinary Linux runner — no macOS or
Windows host in the build matrix. Anodizer's own dogfood config wires all five
(anodizer .anodizer.yaml,
app_bundles: / dmgs: / pkgs: / msis: / nsis: blocks), built unsigned
in CI. Code-signing and notarization still require the platform's own
credentials; the bundles themselves do not. As of
v0.12.3 all five
ship as live release assets (amd64 + arm64). The .AppImage row below is the
sole remaining 🟡 In progress format — its block is wired and CI-built, but no
public release asset has landed yet.
| Key | Status | Notes |
notarize.macos | 🤝 Help wanted | Cross-platform (rcodesign). Implementation requires sign.certificate (P12 file), sign.password, and notarize.{issuer_id, key, key_id}, i.e. an Apple Developer Program membership. Not dogfoodable on Linux runners without a paid Apple account |
notarize.macos_native | 🤝 Help wanted | Needs Apple Developer cert on a macOS runner |
Container images
| Key | Status | Notes |
dockers_v2[] | ✅ Verified | ghcr.io/tj-smith47/cfgd (cfgd-agent, cfgd-operator, cfgd-csi); cfgd .anodizer.yaml (dockers_v2: per crate) |
docker_manifests[] | ✅ Verified | ghcr.io/tj-smith47/cfgd:v0.3.5 (multi-arch linux/amd64+arm64). dockers_v2 already pushes a multi-arch index, so cfgd's docker_manifests[] entries are bypassed at runtime (docker: skipping manifest ... already pushed as multi-arch by docker_v2) — retained only for the niche case of stitching together images not built by dockers_v2 in the same run |
dockers_v2[].build_args / labels / annotations | ✅ Verified | cfgd .anodizer.yaml (build_args.VERSION + org.opencontainers.image.* annotations) |
dockers_v2[].sbom: true | ✅ Verified | cfgd .anodizer.yaml (sbom: true on all three dockers_v2 images) |
docker_digest.name_template | ✅ Verified | cfgd .anodizer.yaml (docker_digest.name_template: "cfgd_{{ .Tag }}.digest") |
dockers_v2[].use: buildx | ✅ Verified | crates/stage-docker/src/detect.rs (buildx is the default backend) |
dockers_v2[].use: podman / docker_manifests[].use: docker / podman | 🤝 Help wanted | Linux-only backend selectors. No live release exercises the non-buildx path |
docker_hub.description | 🤝 Help wanted | We use ghcr; needs a Docker Hub-anchored release |
Signing