Build Questions answered by Mill builds
Note | Update March 2025. This post was originally written for Mill 0.11. I’ve updated the examples to work with Mill 0.12.9, but didn’t incorporate all improvements since then. |
I’ve started this series with a list of questions you will encounter in non trivial builds. I claimed that Mill had great at answering most of these questions, but left the actual answers open. Well, after showing Mill for a bit, it is time to answer them.
Mill Basic Building Blocks
Note | Update March 2025. This post was originally written for Mill 0.11. I’ve updated the examples to work with Mill 0.12.9, but didn’t incorporate all improvements since then. |
Lets explore the Mill building blocks. We start with a hello world:
import mill._
import javalib._
def buildGreetings = Task{
val greeting = "Hello Mill!"
val outFile = Task.dest / "greeting.txt" // Note, we use T.dest as our output directory
os.write(outFile, greeting)
println(s"File is in $outFile")
PathRef(outFile)
}Then we build it:
$ ./mill buildGreetings
...
[1/1] buildGreetings
File is in /home/roman/dev/private-dev/mill-demo/out/buildGreetings.dest/greeting.txt
$ cat /home/roman/dev/private-dev/mill-demo/out/buildGreetings.dest/greeting.txt
Hello Mill!That works. Note that we used T.dest to give each target its own directory to write to disk
without trampling over other targets. The location in the 'out' directory is always the task names with a .dest suffix.
Whirlwind Tour of Mill Build
Note | Update March 2025. I wrote this post for Mill 0.11. I’ve updated the examples to work with Mill 0.12.9, but didn’t incorporate all improvements since then. |
Lets start a whirlwind tour. Last time we stopped at a basic Java app. Yes, Mill does of course support building Scala projects as well, but Mill works well for other builds as well.
Intro to Mill Build: Pleasant Complex Builds
Note | Update March 2025. This post was originally written for Mill 0.11. I’ve updated the examples to work with Mill 0.12.9, but didn’t incorporate all improvements since then. |
I’ve experienced a few build tools over time: Apache Ant, Apache Maven, Gradle, SBT, MSBuild, make and probably some more I’ve forgotten about. Recently I’ve experimented with the Mill build tool and it is one of the best ones I’ve worked so far.
JQuery: Always use dataType for $.ajax
I recently investigated a XSS vulnerability reported via Bugcrowd. I could reproduce the issue, I just didn’t understand it. The vulnerability looked like this:
Attacker uploads a JavaScript file onto Confluence as attachment
Manipulate a Confluence macro via REST API to have invalid parameters.
Now, when the macro is edited/used, the code in the uploaded JavaScript is executed.
The code snipped looked something like this:
// AJS is the Atlassian JavaScript library entry point. AJS.$ refers to the included JQuery library
AJS.$.ajax({
url: 'url-manipulated-by-attacker-to-downloads-the-attachment-file',
type: 'GET',
success: function (response) {
// some basic processing
}
})