# Builder # # The builder configuration controls how the application is built with `docker build`. # # See https://kamal-deploy.org/docs/configuration/builder-examples/ for more information. # Builder options # # Options go under the builder key in the root configuration. builder: # Arch # # The architectures to build for — you can set an array or just a single value. # # Allowed values are `amd64` and `arm64`: arch: - amd64 # Remote # # The connection string for a remote builder. If supplied, Kamal will use this # for builds that do not match the local architecture of the deployment host. remote: ssh://docker@docker-builder # Local # # If set to false, Kamal will always use the remote builder even when building # the local architecture. # # Defaults to true: local: true # Builder cache # # The type must be either 'gha' or 'registry'. # # The image is only used for registry cache and is not compatible with the Docker driver: cache: type: registry options: mode=max image: kamal-app-build-cache # Build context # # If this is not set, then a local Git clone of the repo is used. # This ensures a clean build with no uncommitted changes. # # To use the local checkout instead, you can set the context to `.`, or a path to another directory. context: . # Dockerfile # # The Dockerfile to use for building, defaults to `Dockerfile`: dockerfile: Dockerfile.production # Build target # # If not set, then the default target is used: target: production # Build arguments # # Any additional build arguments, passed to `docker build` with `--build-arg =`: args: ENVIRONMENT: production # Referencing build arguments # # ```shell # ARG RUBY_VERSION # FROM ruby:$RUBY_VERSION-slim as base # ``` # Build secrets # # Values are read from `.kamal/secrets`: secrets: - SECRET1 - SECRET2 # Referencing build secrets # # ```shell # # Copy Gemfiles # COPY Gemfile Gemfile.lock ./ # # # Install dependencies, including private repositories via access token # # Then remove bundle cache with exposed GITHUB_TOKEN # RUN --mount=type=secret,id=GITHUB_TOKEN \ # BUNDLE_GITHUB__COM=x-access-token:$(cat /run/secrets/GITHUB_TOKEN) \ # bundle install && \ # rm -rf /usr/local/bundle/cache # ``` # SSH # # SSH agent socket or keys to expose to the build: ssh: default=$SSH_AUTH_SOCK # Driver # # The build driver to use, defaults to `docker-container`: driver: docker # Provenance # # It is used to configure provenance attestations for the build result. # The value can also be a boolean to enable or disable provenance attestations. provenance: mode=max # SBOM (Software Bill of Materials) # # It is used to configure SBOM generation for the build result. # The value can also be a boolean to enable or disable SBOM generation. sbom: true