Melange is a declarative build tool for Alpine apk packages, developed by Chainguard as part of the Wolfi undistro. It takes a YAML build definition and produces signed .apk artifacts, typically consumed by apko to assemble minimal, distroless-style container images.
A melange.yaml file declares package metadata, build-time dependencies pulled from apk repositories, and a pipeline of steps drawn from a library of reusable actions — fetch, autoconf/configure, autoconf/make, go/build, patch, and so on. The build runs inside a freshly populated apk root, optionally under QEMU user-mode emulation so the same definition cross-builds for arm64, amd64, riscv64, and other architectures without changing the pipeline. Output apks are signed with a melange-managed key and can be published straight to an apk repository or consumed locally by apko.
Together with apko, melange powers Chainguard Images and the Wolfi package set, and the same machinery is used by upstream projects that want reproducible, SBOM-annotated package builds. It competes with traditional distro build systems like Debian’s sbuild or RPM’s mock, and distinguishes itself by being container-native, YAML-first, and designed around supply-chain signing from day one.