feat(infra): automated build system for missing binaries

[CalvinAllen]

Automated Build System

Build infrastructure for providing pre-built binaries for versions that aren't available from upstream sources.

When users request a build via dtvem request (which creates a GitHub issue), maintainers can approve the request by adding the build-approved label. This triggers automated workflows to build the requested version.

---

Build Workflows

When a maintainer adds the build-approved label to a build request issue, automatically build the requested version.

Build Request Workflow

# .github/workflows/build-request.yml
name: Build Requested Version
on:
  issues:
    types: [labeled]

jobs:
  build:
    if: github.event.label.name == 'build-approved'
    # Parse issue title: build(python): 3.6.15 darwin-amd64
    # Trigger platform-specific build workflow

Platform-Specific Build Workflows

Create workflows for each runtime:

• .github/workflows/build-python.yml
• .github/workflows/build-ruby.yml
• .github/workflows/build-node.yml

Each workflow should:

1. Build the requested version on the appropriate runner
2. Calculate SHA256 checksum
3. Upload artifact to builds.dtvem.io with immutable cache headers
4. Trigger manifest regeneration (generate-manifests-from-r2 workflow)
5. Close the issue with success comment

Runner Matrix

Platform	GitHub Runner
linux-amd64	ubuntu-latest
linux-arm64	ubuntu-24.04-arm
darwin-amd64	macos-13
darwin-arm64	macos-14
windows-amd64	windows-latest

Cache Headers

Build artifacts are immutable. Workflows should set:

cache-control: public, max-age=31536000, immutable

---

Security Considerations

• Only maintainers can add build-approved label (GitHub permission model)
• Validate version format to prevent injection attacks
• Verify runtime is supported before building

---

Related

• Binary mirroring infrastructure: feat(infra): binary mirroring and manifest generation from R2 #167
• Parent issue: fix(providers): improve version source consistency and reliability #140