Convey is built around a concept that we call a build container. A build container is a container that has all of the dependencies to turn an input into something else. This could be source code or even just data processing. You can find more information on build containers here.

Convey is built around this concept to allow you to build/process anything on any platform while at the same time protecting the host from a malicious config. This protection is provided by not exposing dangerous options like volume mounts or port forwards while running containers. This is accomplished by using a shared volume and mounting it into containers as they are run. This allows you to pass state between modular tasks that can be reused between multiple plans.

Once built, convey can build itself entirely. This is done by using an import task to copy the source code into the workspace. Once that stage is complete, it runs another stage that builds for linux-x86_64, windows-x86_64, darwin-x86_64, and freebsd-x86_64 in parallel. The final stage will take those compiled binaries and export them back to the hosts file system. You can see this plan in its entirety here.

Of course you don't have to export back to the host file system. Since these are just containers, you could instead upload them to your staging environment,,, whatever. Or you could export to the host and create another plan that will import the artifacts and then publish them.