Description

This curriculum spans the technical and operational rigor of a multi-workshop program focused on build system design, comparable to an internal capability build-out for standardizing and securing large-scale DevOps pipelines across engineering organisations.

Module 1: Evaluating Build Tool Ecosystems

Selecting between declarative (e.g., Bazel) and imperative (e.g., Make) build systems based on team familiarity and reproducibility requirements.
Assessing language-specific tooling (e.g., Gradle for Java, MSBuild for .NET) against polyglot project needs.
Integrating build tools with existing artifact repositories such as Artifactory or Nexus during tool selection.
Balancing startup time and incremental build performance when choosing between local and remote execution models.
Enforcing consistent tool versions across developer workstations and CI agents using version pinning mechanisms.
Mapping build tool capabilities to compliance needs, including audit trails and SBOM generation.

Module 2: Designing Reproducible Build Pipelines

Isolating build environments using containerization to eliminate host-side dependency contamination.
Implementing deterministic builds by pinning external dependencies and suppressing timestamps in artifacts.
Managing cache invalidation strategies for local and distributed build caches to avoid stale outputs.
Enforcing hermetic builds by restricting network access during compilation phases.
Standardizing environment variables and PATH settings across development and CI execution contexts.
Validating build reproducibility through hash comparison of output artifacts across multiple clean runs.

Module 3: Dependency Management at Scale

Configuring centralized dependency resolution rules to prevent version sprawl in monorepos.
Implementing dependency locking (e.g., Gradle.lockfile, yarn.lock) and enforcing lockfile updates in pull requests.
Scanning third-party dependencies for vulnerabilities during the build using tools like OWASP Dependency-Check.
Setting up internal mirrors for public package registries to improve reliability and security.
Resolving conflicting transitive dependencies through explicit version constraints or shading.
Automating license compliance checks by extracting metadata from dependencies during artifact packaging.

Module 4: Optimizing Build Performance

Profiling build execution to identify bottlenecks such as redundant compilation or I/O contention.
Enabling parallel task execution while managing resource contention on shared CI agents.
Integrating remote build execution (e.g., Google RBE, Buildbarn) to distribute workloads across clusters.
Configuring incremental compilation for language-specific compilers (e.g., Java, TypeScript).
Managing disk space and eviction policies for local build caches on ephemeral CI runners.
Reducing cold-start times by pre-warming build environments with common dependencies.

Module 5: Integrating with CI/CD Orchestration

Triggering downstream pipelines only after successful artifact publication from the build stage.
Passing build metadata (e.g., commit SHA, build number) to deployment tools via structured outputs.
Handling build matrix configurations for multi-platform or multi-architecture outputs.
Configuring CI job concurrency limits to prevent resource exhaustion during parallel builds.
Implementing retry logic for flaky build steps without compromising artifact integrity.
Enforcing build signing and checksum verification before promoting artifacts to staging environments.

Module 6: Securing the Build Supply Chain

Requiring signed commits and pull request approvals before initiating privileged builds.
Isolating builds for untrusted contributions using sandboxed execution environments.
Encrypting secrets passed to builds using platform-native secret management (e.g., GitHub Secrets, HashiCorp Vault).
Preventing dependency confusion attacks by configuring strict repository precedence rules.
Auditing build logs for credential leakage using automated scanning tools.
Implementing attestations (e.g., in-toto, SLSA) to verify provenance of production artifacts.

Module 7: Governance and Standardization Across Teams

Defining organization-wide build configuration templates to reduce configuration drift.
Enforcing build tool standards through pre-commit hooks and CI policy checks.
Centralizing build tool upgrades and deprecations using version governance calendars.
Creating shared custom plugins or tasks to encapsulate common build logic across projects.
Monitoring build success rates and failure patterns across repositories for proactive intervention.
Documenting build troubleshooting runbooks for common failures like cache corruption or OOM kills.

Module 8: Observability and Debugging in Build Systems

Instrumenting builds with structured logging to enable centralized log analysis.
Correlating build performance metrics with CI infrastructure metrics (e.g., CPU, memory).
Archiving build outputs and intermediate artifacts for post-failure debugging.
Implementing distributed tracing for multi-stage builds spanning multiple services.
Setting up alerts for abnormal build durations or sudden failure rate increases.
Providing developers with self-service access to historical build data and comparison tools.