Targets¶
targets: declares what StageFreight does with a build — push image tags, sync a
registry README, publish a GitLab component, cut a forge release, publish an archive or
package, or deploy a static site. Each entry is a discriminated union keyed by kind:
the kind decides which other keys are valid.
Every target shares an id (unique) and a when: routing block (all non-empty
conditions must match — AND logic).
The blocks below are generated from the config source — for each kind, exactly the fields it accepts, with each field's meaning, allowed values, and whether it's required.
targets¶
Distribution targets and side-effects. Each target has a kind that determines its behavior: push images, sync READMEs, publish components, or create releases.
kind: registry¶
targets:
- id: <string> # ID is the unique identifier for this target (logging, status, enable/disable). · required
kind: registry # Kind is the target type. Determines which fields are valid. · one of: binary-archive, docker-readme, generic-package, gitlab-component, pages, registry, release · required
registry: <string> # Registry references a registries[].id for registry/docker-readme targets. When set…
build: <string> # Build references a BuildConfig.ID. Required for kind: registry.
tags: [<string>] # Tags are tag templates resolved against version info (kind: registry). e.g., ["{version}"…
signing_profile: <string> # SigningProfile references a signing_profiles[].id — the trust profile this target signs under.…
native_scan: false # NativeScan enables post-push vulnerability scanning via the registry's own built-in scanner.…
retention: # Retention controls cleanup of old tags/releases. Structured only in v2 (no scalar shorthand).
keep_last: <int> # keep the N most recent tags · required
keep_daily: <int> # keep one per day for the last N days · required
keep_weekly: <int> # keep one per week for the last N weeks · required
keep_monthly: <int> # keep one per month for the last N months · required
keep_yearly: <int> # keep one per year for the last N years · required
protect: [<string>] # tag patterns that are never deleted (v2) · required
when: # When specifies routing conditions for this target.
branches: [<string>] # Branches lists branch filters. Each entry is a policy name or "re:<regex>". Empty = no branch…
git_tags: [<string>] # GitTags lists git tag filters. Each entry is a policy name or "re:<regex>". Empty = no tag…
events: [<string>] # Events lists CI event type filters. Supported: push, tag, release, schedule, manual, pull_request… · one of: manual, merge_request, pull_request, push, release, schedule, tag
forges: [<string>] # Forges restricts this target to specific CI forges by provider name (github, gitlab, gitea…
kind: docker-readme¶
targets:
- id: <string> # ID is the unique identifier for this target (logging, status, enable/disable). · required
kind: docker-readme # Kind is the target type. Determines which fields are valid. · one of: binary-archive, docker-readme, generic-package, gitlab-component, pages, registry, release · required
registry: <string> # Registry references a registries[].id for registry/docker-readme targets. When set…
file: <string> # File is the path to the README file (kind: docker-readme).
link_base: <string> # LinkBase is the base URL for relative link rewriting (kind: docker-readme).
when: # When specifies routing conditions for this target.
branches: [<string>] # Branches lists branch filters. Each entry is a policy name or "re:<regex>". Empty = no branch…
git_tags: [<string>] # GitTags lists git tag filters. Each entry is a policy name or "re:<regex>". Empty = no tag…
events: [<string>] # Events lists CI event type filters. Supported: push, tag, release, schedule, manual, pull_request… · one of: manual, merge_request, pull_request, push, release, schedule, tag
forges: [<string>] # Forges restricts this target to specific CI forges by provider name (github, gitlab, gitea…
kind: gitlab-component¶
targets:
- id: <string> # ID is the unique identifier for this target (logging, status, enable/disable). · required
kind: gitlab-component # Kind is the target type. Determines which fields are valid. · one of: binary-archive, docker-readme, generic-package, gitlab-component, pages, registry, release · required
spec_files: [<string>] # SpecFiles lists component spec file paths (kind: gitlab-component).
catalog: false # Catalog enables GitLab Catalog registration (kind: gitlab-component).
when: # When specifies routing conditions for this target.
branches: [<string>] # Branches lists branch filters. Each entry is a policy name or "re:<regex>". Empty = no branch…
git_tags: [<string>] # GitTags lists git tag filters. Each entry is a policy name or "re:<regex>". Empty = no tag…
events: [<string>] # Events lists CI event type filters. Supported: push, tag, release, schedule, manual, pull_request… · one of: manual, merge_request, pull_request, push, release, schedule, tag
forges: [<string>] # Forges restricts this target to specific CI forges by provider name (github, gitlab, gitea…
kind: release¶
targets:
- id: <string> # ID is the unique identifier for this target (logging, status, enable/disable). · required
kind: release # Kind is the target type. Determines which fields are valid. · one of: binary-archive, docker-readme, generic-package, gitlab-component, pages, registry, release · required
aliases: [<string>] # Aliases are rolling git tag aliases (kind: release). e.g., ["{version}", "{major}.{minor}"…
tag: <string> # Tag is the immutable identity pattern for a release channel (kind: release). Distinct from Aliases…
archives: <string> # Archives references a binary-archive target ID (kind: release and generic-package).
prerelease: false # Prerelease marks the forge release as a pre-release (kind: release). Honored natively by…
mirror: <string> # Mirror references a sources.mirrors[].id for release sync. Forge identity (provider, url…
sync_release: false # SyncRelease syncs release notes + tags to a remote forge (kind: release, remote only).
sync_assets: false # SyncAssets syncs scan artifacts to a remote forge (kind: release, remote only).
signing_profile: <string> # SigningProfile references a signing_profiles[].id — the trust profile this target signs under.…
retention: # Retention controls cleanup of old tags/releases. Structured only in v2 (no scalar shorthand).
keep_last: <int> # keep the N most recent tags · required
keep_daily: <int> # keep one per day for the last N days · required
keep_weekly: <int> # keep one per week for the last N weeks · required
keep_monthly: <int> # keep one per month for the last N months · required
keep_yearly: <int> # keep one per year for the last N years · required
protect: [<string>] # tag patterns that are never deleted (v2) · required
when: # When specifies routing conditions for this target.
branches: [<string>] # Branches lists branch filters. Each entry is a policy name or "re:<regex>". Empty = no branch…
git_tags: [<string>] # GitTags lists git tag filters. Each entry is a policy name or "re:<regex>". Empty = no tag…
events: [<string>] # Events lists CI event type filters. Supported: push, tag, release, schedule, manual, pull_request… · one of: manual, merge_request, pull_request, push, release, schedule, tag
forges: [<string>] # Forges restricts this target to specific CI forges by provider name (github, gitlab, gitea…
kind: binary-archive¶
targets:
- id: <string> # ID is the unique identifier for this target (logging, status, enable/disable). · required
kind: binary-archive # Kind is the target type. Determines which fields are valid. · one of: binary-archive, docker-readme, generic-package, gitlab-component, pages, registry, release · required
build: <string> # Build references a BuildConfig.ID. Required for kind: registry.
name: <string> # Name is the archive filename template (kind: binary-archive). Supports: {id}, {version}, {os}…
format: <string> # Format is the archive format: "tar.gz", "zip", "auto", or "binary" (kind: binary-archive). "auto"… · one of: auto, binary, tar.gz, zip
binary_name: <string> # BinaryName overrides the binary name inside the archive (kind: binary-archive). Auto-detected from…
include: [<string>] # Include lists extra files to bundle into the archive (kind: binary-archive). e.g., ["README.md"…
checksums: false # Checksums generates a SHA256SUMS file alongside archives (kind: binary-archive).
when: # When specifies routing conditions for this target.
branches: [<string>] # Branches lists branch filters. Each entry is a policy name or "re:<regex>". Empty = no branch…
git_tags: [<string>] # GitTags lists git tag filters. Each entry is a policy name or "re:<regex>". Empty = no tag…
events: [<string>] # Events lists CI event type filters. Supported: push, tag, release, schedule, manual, pull_request… · one of: manual, merge_request, pull_request, push, release, schedule, tag
forges: [<string>] # Forges restricts this target to specific CI forges by provider name (github, gitlab, gitea…
kind: generic-package¶
targets:
- id: <string> # ID is the unique identifier for this target (logging, status, enable/disable). · required
kind: generic-package # Kind is the target type. Determines which fields are valid. · one of: binary-archive, docker-readme, generic-package, gitlab-component, pages, registry, release · required
repo: <string> # Repo references a repos[].id (kind: generic-package). The forge identity (provider, url, project…
package: <string> # Package is the generic package name (kind: generic-package). Defaults to the repo project's…
version: <string> # Version is the immutable package version pattern (kind: generic-package). Resolved against version…
archives: <string> # Archives references a binary-archive target ID (kind: release and generic-package).
when: # When specifies routing conditions for this target.
branches: [<string>] # Branches lists branch filters. Each entry is a policy name or "re:<regex>". Empty = no branch…
git_tags: [<string>] # GitTags lists git tag filters. Each entry is a policy name or "re:<regex>". Empty = no tag…
events: [<string>] # Events lists CI event type filters. Supported: push, tag, release, schedule, manual, pull_request… · one of: manual, merge_request, pull_request, push, release, schedule, tag
forges: [<string>] # Forges restricts this target to specific CI forges by provider name (github, gitlab, gitea…
kind: pages¶
targets:
- id: <string> # ID is the unique identifier for this target (logging, status, enable/disable). · required
kind: pages # Kind is the target type. Determines which fields are valid. · one of: binary-archive, docker-readme, generic-package, gitlab-component, pages, registry, release · required
provider: <string> # Provider is the vendor type for auth and API behavior. Registry: docker, ghcr, gitlab, jfrog… · one of: cloudflare, github
build: <string> # Build references a BuildConfig.ID. Required for kind: registry.
dir: <string> # Dir publishes a repo directory directly instead of a build's output tree (kind: pages). Exactly one…
domain: [<string>] # Domain is the custom domain(s) (kind: pages). Accepts a bare scalar or a list:
project: <string> # Project is the Cloudflare Pages project name (provider: cloudflare). Default: the target id.…
base_path: <string> # BasePath is the URL path the site is served under (kind: pages). Inferred per provider (Cloudflare…
exclude: [<string>] # Exclude drops matching paths from the publish workspace before deploy (kind: pages). Globs, applied…
when: # When specifies routing conditions for this target.
branches: [<string>] # Branches lists branch filters. Each entry is a policy name or "re:<regex>". Empty = no branch…
git_tags: [<string>] # GitTags lists git tag filters. Each entry is a policy name or "re:<regex>". Empty = no tag…
events: [<string>] # Events lists CI event type filters. Supported: push, tag, release, schedule, manual, pull_request… · one of: manual, merge_request, pull_request, push, release, schedule, tag
forges: [<string>] # Forges restricts this target to specific CI forges by provider name (github, gitlab, gitea…
Target IDs must be unique across all targets. The
whenblock controls routing: all non-empty fields must match (AND logic).