mk (Make)
Efficiency is doing things right; effectiveness is doing the right things. This tool helps you do both. One task runner to rule them all.
Yet another simple task runner.
mk is a powerful and flexible task runner designed to help you automate and manage your tasks efficiently. It supports running commands both locally and inside containers, making it versatile for various environments and use cases. Running tasks in containers is a first-class citizen, ensuring seamless integration with containerized workflows.
Features
- Simple Configuration: Define your tasks in a straightforward YAML file.
- Flexible Execution: Run tasks locally, in containers, or as nested tasks.
- Error Handling: Control how errors are handled with
ignore_errors. - Verbose Output: Enable verbose output for detailed logs.
Configuration format support
Other supported file type configurations format:
- JSON
- TOML
- Lua
See example folder for sample configuration file.
Installation
Binary for different OS distribution can be downloaded here. Linux, macOS, and Windows are supported.
Install using script
mk runs on most major platforms. If your platform isn't listed below, please open an issue.
The recommended way to install mk is via the install script:
|
The recommended way to install mk is via the install script:
|
From source
If you're into Rust, then mk can be installed with cargo. The minimum supported version of Rust is 1.37.0. The binaries produce may be bigger than expected as it contains debug symbols.
Manual installation
Follow the instruction below to install and use mk on your system.
- Download the binary for your OS distribution here.
- Copy it to your system binary directory (
/usr/local/bin) or to your userspace binary directory ($HOME/.local/bin).
Usage
Using CLI
)
)
Here is a sample command line usage of mk.
Both commands above are equivalent. The config file can be omitted as mk defaults to file tasks.yaml.
When tasks.yaml is missing, mk also checks tasks.yml, .mk/tasks.yaml, .mk/tasks.yml, and mk.toml.
Recent workflow features:
mk validatevalidates task graphs and command configuration without running anything.mk plan <task>andmk run <task> --dry-runshow the resolved execution plan.mk run <task> --json-eventsemits newline-delimited JSON task and command events.- Tasks can opt into incremental caching with
inputs,outputs, andcache.enabled. - Container commands can select
runtime: docker|podman|auto. - Local
command:steps can save stdout withsave_output_asand reuse it later via${{ outputs.NAME }}.
Makefile and task.yaml comparison
Below is the Makefile:
cov :=
:
:
:
:
:
:
: : :
:
:
:
And here's the rewritten tasks.yaml file, converted from the original Makefile above:
tasks:
install: pip install -r requirements/dev.txt -r requirements/test.txt -e .
clean:
commands:
- task: clean-build
- task: clean-pyc
clean-build: |
rm -rf build dist test.egg-info
clean-pyc: find . -type f -name *.pyc -delete
lint: ruff check test --line-length 100
build:
depends_on:
- lint
- clean
commands:
- python setup.py sdist bdist_wheel
release:
depends_on:
- build
- tag
commands:
- twine upload dist/*
tag:
commands:
- command: |
tag=$(python -c 'import test; print("v" + test.__version__)')
git tag -a $tag -m "Details: https://github.com/sample/sample.git"
git push origin $tag
shell: zsh
test: pytest --cov=test --cov-branch --cov-report=term-missing
ptw: ptw -- --cov=test --cov-branch --cov-report=term-missing
cov-report: coverage html
By transforming our 40-line Makefile into a streamlined 30-line tasks.yaml file, we can achieve a cleaner and more efficient setup. This new format is not only more editor-friendly but also supports code folding for better readability.
As you can see, most of the fields are optional and can be omitted. You only need to modify them when deeper configuration is required.
Sample real-world task yaml
Let's create a sample yaml file called tasks.yaml.
tasks:
task1:
commands:
- command: |
echo $FOO
echo $BAR
shell: bash
ignore_errors: false
verbose: true
- command: 'true'
shell: zsh
ignore_errors: true
verbose: true
- command: echo $BAR
ignore_errors: false
verbose: true
depends_on:
- name: task1
description: This is a task
labels:
environment:
FOO: bar
env_file:
- test.env
Here's the test.env that needed by the yaml file:
BAR=foo
This yaml task named task1 can be run on mk with the command below:
Here's a longer version Yaml that utilize container run on task5:
tasks:
task1:
depends_on:
- name: task4
preconditions:
- command: echo "Precondition 1"
- command: echo "Precondition 2"
commands:
- command: |
echo $FOO
echo $BAR
verbose: true
- command: echo fubar
verbose: true
- command: echo $BAR
verbose: true
- task: task3
description: This is a task
labels:
- label=1
- label=2
environment:
FOO: bar
env_file:
- test.env
task2:
commands:
- command: echo $FOO
verbose: true
depends_on:
- name: task1
description: This is a task
labels:
environment:
FOO: bar
env_file:
- test.env
task3:
commands:
- command: echo $FOO
verbose: true
description: This is a task
labels:
environment:
FOO: bar
env_file:
- test.env
task4:
commands:
- command: echo $FOO
verbose: true
description: This is a task
labels:
environment:
FOO: fubar
env_file:
- test.env
task5:
commands:
- container_command:
- bash
- -c
- echo $FOO
image: docker.io/library/bash:latest
verbose: true
description: This is a task
labels:
environment:
FOO: fubar
env_file:
- test.env
Support for anchors and aliases
The tasks.yaml file currently supports YAML anchors and aliases, allowing you to avoid repetition. Here's a sample configuration:
x-sample:
preconditions:
- command: echo "Precondition 1"
- command: echo "Precondition 2"
tasks:
task_a:
<<: *task-precondition
commands:
- command: echo "I'm on macOS"
test: test $(uname) = 'Darwin'
- command: echo "I'm on Linux"
test: test $(uname) = 'Linux'
Handling Cyclic Dependencies
Cyclic dependencies occur when a task depends on itself, either directly or indirectly, creating a loop that can cause the system to run indefinitely. To prevent this, the system detects cyclic dependencies and exits immediately with an error message.
Example of Cyclic Dependency
Consider the following tasks:
tasks:
task_a:
depends_on:
- task_b
commands:
- command: "echo 'Running task A'"
shell: "sh"
ignore_errors: false
verbose: true
task_b:
depends_on:
- task_c
commands:
- command: "echo 'Running task B'"
shell: "sh"
ignore_errors: false
verbose: true
task_c:
depends_on:
- task_a
commands:
- command: "echo 'Running task C'"
shell: "sh"
ignore_errors: false
verbose: true
In this example, task_a depends on task_b, task_b depends on task_c, and task_c depends on task_a, creating a cyclic dependency.
How the System Handles Cyclic Dependencies
When the system detects a cyclic dependency, it exits immediately with an error message indicating the cycle. This prevents the system from entering an infinite loop.
Secret Vault
To generate secrets, first create a private key:
The key will be saved in the default directory ~/.config/mk/priv. This can be changed if needed.
Next, initialize a secret vault:
To store secrets (for example, saving a dotenv file in the vault):
|
To display secrets:
To list available secrets:
To export secrets back to a dotenv file:
Secrets can also be consumed directly from tasks.yaml.
Use secrets_path when the decrypted secret is dotenv content:
vault_location: ./.mk/vault
keys_location: ./.mk/keys
key_name: default
tasks:
deploy:
secrets_path:
- app/development/env
commands:
- command: env | grep '^NODE_ENV='
If app/development/env decrypts to:
NODE_ENV=production
VERSION=1
those values are merged into the task environment before commands run.
Use ${{ secrets.NAME }} when the decrypted secret should become a single environment value:
tasks:
migrate:
environment:
PSQL_PASSWORD: ${{ secrets.app/database/password }}
commands:
- command: ./migrate.sh
Use save_output_as to capture a command stdout value for later commands in the same task:
tasks:
release:
commands:
- command: printf 'v1.2.3\n'
save_output_as: version
- command: echo "building ${{ outputs.version }}"
Multi-line commands can also save outputs. Internal newlines are preserved, and trailing newline characters are trimmed:
tasks:
package:
environment:
BUILD_TAG: build-${{ outputs.tag }}
commands:
- command: |
version="1.2.3"
commit="abc123"
printf '%s-%s\n' "$version" "$commit"
save_output_as: tag
- command: printf '%s\n' "$BUILD_TAG"
Set retrigger: true on a non-interactive local command to allow pressing R while it is running to stop and start it again manually. This is intended for long-running processes such as go run . without enabling file watching.
Using a YubiKey or hardware-backed GPG key
mk supports vault encryption and decryption via the system gpg binary, which allows you to use any hardware security key supported by GnuPG — including YubiKey with OpenPGP applet, Nitrokey, and similar devices. Passphrase-protected software GPG keys are also supported this way.
Prerequisites
- GnuPG installed (
gpgin PATH) gpg-agentrunning (it starts automatically on most systems)- For YubiKey:
scdaemonand the OpenPGP applet configured on the card; PIN is entered viapinentryautomatically
Step 1 — Register your GPG key with mk
This validates the key is present in your local GPG keyring and saves a reference in ~/.config/mk/priv/. The private key material never leaves the hardware.
Step 2 — Initialize a vault linked to your GPG key
This creates the vault directory and writes a .vault-meta.toml file that records the GPG key ID. All subsequent commands on this vault automatically use GPG without needing --gpg-key-id flags.
Step 3 — Store and retrieve secrets normally
# Store (encrypts with your GPG public key; no PIN needed here)
|
# Retrieve (gpg-agent prompts for your YubiKey PIN/passphrase via pinentry)
# List
# Export to file
Using gpg_key_id in tasks.yaml
Set gpg_key_id at the root or per-task level so tasks can decrypt secrets automatically:
vault_location: ./.mk/vault
gpg_key_id: YOUR_KEY_FINGERPRINT
tasks:
deploy:
secrets_path:
- app/production/env
environment:
DB_PASS: ${{ secrets.app/database/password }}
commands:
- command: ./deploy.sh
Note on key_name and gpg_key_id
When gpg_key_id is set, the built-in PGP engine is not used — key_name and keys_location are ignored and the system gpg binary handles all cryptographic operations. If both are present in your config, gpg_key_id takes precedence.
Config Schema
The docs can be found here.
What's on the roadmap?
- Add global context for environment and output
- Add support for makefile, markdown and org-mode as task config format
- Add
interactivefield for commands that can accept stdin (i.e. python, psql) - Add support for saving and reusing command output (output can be reused on other command inside a task)
- Add proper documentation
- Add support for cargo env
- Add support for trigger reload when on cargo run
- Add fuzzy finder for tasks
- Add more unit tests and benchmarks
- Add support for npm commands
- Add fuzzer scripts for code fuzzing
- Complete the code coverage
- Expand
extends-based composition beyond local single-parent files - Make sure to support windows and macOS
- Make use of labels
- Proper prop argument drilling so ignore_errors on defined on task would go down properly on child commands
- Support for lima and nerdctrl
- There's still a lot of unknown, if you found a bug please report.
License
Licensed under either of
- Apache License, Version 2.0 (LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0)
- MIT license (LICENSE-MIT or http://opensource.org/licenses/MIT)
at your option.
Contribution
Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the Apache-2.0 license, shall be dual licensed as above, without any additional terms or conditions.
References
- https://taskfile.dev/ - Taskfile
- https://compose-spec.github.io/compose-spec/ - Docker Compose
- https://docs.ansible.com/ansible/latest/playbook_guide/playbooks_intro.html - Ansible