Skip to main content

Builds

Manage Sekuire cloud builds for your agents. When you publish to the public registry, Sekuire builds your Docker image using Kaniko in Kubernetes.

note

Build commands apply to public registry submissions. For private registries, you build and push your own images.

Commands

create

Trigger a new build for an agent. Requires a connected GitHub repository.

sekuire builds create [OPTIONS]

Options

OptionDescription
--agent <ID>Agent ID (defaults to current project)
--tag <TAG>Build tag (default: latest)
-r, --registry <URL>Registry URL

Example

Terminal
$ sekuire builds create --tag v1.0.0

Triggering Build
----------------
Agent: 72ad085f
Tag: v1.0.0

Build triggered successfully!
Build ID: 0fa20384-a027-46d3-8082-fd325f833fba

Track progress:
  sekuire builds status 0fa20384-a027-46d3-8082-fd325f833fba
info

Prerequisites: Agent must be published to the registry and have a GitHub repository connected via sekuire github connect.

status

Check the status of a specific build.

sekuire builds status <BUILD_ID> [OPTIONS]

Options

OptionDescription
--agent <ID>Agent ID (defaults to current project)
-r, --registry <URL>Registry URL

Build Statuses

StatusDescription
pendingBuild queued, waiting for resources
cloningCloning repository from GitHub
analyzingRunning SDK compliance checks
buildingBuilding Docker image with Kaniko
scanning_imageRunning Trivy vulnerability scan
completedBuild finished successfully
failedBuild failed (check logs)
blockedBlocked due to compliance failure

Example: Build Completed

Terminal
$ sekuire builds status 0fa20384-a027-46d3-8082-fd325f833fba

Build Status
------------
Agent: 72ad085f
Build: 0fa20384

Status: Completed successfully
Tag: v1.0.0
Repository: github.com/acme/my-agent
Commit: a1b2c3d4

--- Timeline ---
Created: 2026-01-26 20:16
Started: 2026-01-26 20:17
Completed: 2026-01-26 20:28

--- Checks ---
SDK Compliance: Passed
Security Scan: Passed

--- Image ---
Digest: sha256:b24bc826
Size: 245.3 MB

Example: Build Failed

Terminal
$ sekuire builds status build_abc123

Build Status
------------
Agent: 72ad085f
Build: build_abc

Status: Failed

--- Blocked ---
Reason: SDK not detected. Public registry requires Sekuire SDK integration.

list

List all builds for an agent.

sekuire builds list [OPTIONS]

Options

OptionDescription
--agent <ID>Agent ID (defaults to current project)
--status <STATUS>Filter by status
--format <FORMAT>Output format: table (default) or json
-r, --registry <URL>Registry URL

Example

Terminal
$ sekuire builds list

Builds for 72ad085f
------------------------------------------------------------
BUILD ID     STATUS       TAG        CREATED
------------------------------------------------------------
0fa20384     Done         v1.0.0     2026-01-26 20:16
b53c35b2     Failed       v0.9.0     2026-01-26 20:04
12afb861     Failed       v0.8.0     2026-01-26 19:43

# Filter by status
$ sekuire builds list --status completed

# JSON output
$ sekuire builds list --format json

Build Pipeline

When you trigger a build, Sekuire runs the following pipeline:

1. Clone Repository
   └── Git clone from GitHub using App installation token

2. SDK Compliance Check
   └── Verify Sekuire SDK integration and manifest

3. Docker Build (Kaniko)
   └── Build image in Kubernetes without Docker daemon

4. Security Scan (Trivy)
   └── Scan for vulnerabilities in image layers

5. Push to Registry
   └── Push to registry.sekuire.ai/<sekuire_id>:<tag>

Kaniko Infrastructure

Builds run as Kubernetes Jobs using Kaniko:

  • No Docker daemon required (rootless)
  • Isolated build environment per job
  • Automatic cleanup after completion
  • Resource limits: 4GB memory, 2 CPU cores
  • Timeout: 30 minutes
info

Kaniko builds Docker images inside a container without requiring privileged access, making it secure for multi-tenant Kubernetes clusters.

Dockerfile Requirements

Your Dockerfile must expose a health endpoint and include Sekuire manifest files.

Dockerfile
FROM node:22-alpine AS builder
WORKDIR /app
RUN corepack enable && corepack prepare pnpm@latest --activate
COPY package.json pnpm-lock.yaml* ./
RUN pnpm install --frozen-lockfile
COPY . .
RUN pnpm build

FROM node:22-alpine AS runtime
WORKDIR /app
RUN apk add --no-cache curl
RUN addgroup -g 1001 sekuire && adduser -S sekuire -u 1001

COPY --from=builder --chown=sekuire:sekuire /app/node_modules ./node_modules
COPY --from=builder --chown=sekuire:sekuire /app/dist ./dist
COPY --chown=sekuire:sekuire prompts ./prompts
COPY --chown=sekuire:sekuire sekuire.yml tools.json ./

USER sekuire
ENV NODE_ENV=production
ENV PORT=8002
EXPOSE 8002

HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
    CMD curl -f http://localhost:8002/health || exit 1

CMD ["node", "dist/index.js"]

Key Requirements

  • Health endpoint at /health
  • Run as non-root user (recommended)
  • Include sekuire.yml and tools.json
  • Use multi-stage builds to minimize image size

Troubleshooting

Build fails with "No Dockerfile found"

Ensure your repository has a Dockerfile in the root directory.

Build fails during npm/pnpm install

Check that your package.json has valid dependencies. For TypeScript projects, ensure build scripts complete without errors.

Build times out

Builds have a 30-minute timeout. Optimize your Dockerfile:

  • Use multi-stage builds
  • Leverage layer caching
  • Minimize COPY operations

Security scan finds vulnerabilities

Review the scan results and update vulnerable dependencies. Critical vulnerabilities may block the build for public registry.

Resubmitting After Failure

If your build fails, fix the issues and create a new build:

Terminal
# 1. Check why it failed
$ sekuire builds status <build-id>

# 2. Fix the issues in your code
# (add SDK, update dependencies, fix security issues)

# 3. Commit and push to GitHub
$ git add . && git commit -m "Fix build issues"
$ git push

# 4. Trigger a new build
$ sekuire builds create --tag v1.0.1

# 5. Track new build
$ sekuire builds status <new-build-id>