{"id":45161567,"url":"https://github.com/alphauslabs/oops","last_synced_at":"2026-05-07T10:02:39.650Z","repository":{"id":57564464,"uuid":"335520600","full_name":"alphauslabs/oops","owner":"alphauslabs","description":"An automation-friendly, scalable, and scriptable API/generic testing tool designed to run on Kubernetes.","archived":false,"fork":false,"pushed_at":"2026-05-06T09:17:55.000Z","size":427,"stargazers_count":5,"open_issues_count":0,"forks_count":0,"subscribers_count":3,"default_branch":"master","last_synced_at":"2026-05-06T11:25:34.588Z","etag":null,"topics":["golang","k8s","kubernetes","pubsub","scalable","sqs","testing","testing-tools"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/alphauslabs.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2021-02-03T05:44:51.000Z","updated_at":"2026-04-22T04:30:41.000Z","dependencies_parsed_at":"2026-02-20T06:04:29.179Z","dependency_job_id":null,"html_url":"https://github.com/alphauslabs/oops","commit_stats":null,"previous_names":[],"tags_count":63,"template":false,"template_full_name":null,"purl":"pkg:github/alphauslabs/oops","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alphauslabs%2Foops","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alphauslabs%2Foops/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alphauslabs%2Foops/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alphauslabs%2Foops/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/alphauslabs","download_url":"https://codeload.github.com/alphauslabs/oops/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/alphauslabs%2Foops/sbom","scorecard":{"id":186710,"data":{"date":"2025-08-11","repo":{"name":"github.com/alphauslabs/oops","commit":"009440549ac37582296a26e668d1f6f105e14b6b"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":2.3,"checks":[{"name":"Code-Review","score":0,"reason":"Found 0/30 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"SAST","score":0,"reason":"no SAST tool detected","details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/main.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v1.2.8 not signed: https://api.github.com/repos/alphauslabs/oops/releases/149189527","Warn: release artifact v1.2.1 not signed: https://api.github.com/repos/alphauslabs/oops/releases/52023708","Warn: release artifact v1.2.0 not signed: https://api.github.com/repos/alphauslabs/oops/releases/50243653","Warn: release artifact v1.2.8 does not have provenance: https://api.github.com/repos/alphauslabs/oops/releases/149189527","Warn: release artifact v1.2.1 does not have provenance: https://api.github.com/repos/alphauslabs/oops/releases/52023708","Warn: release artifact v1.2.0 does not have provenance: https://api.github.com/repos/alphauslabs/oops/releases/50243653"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:17: update your workflow using https://app.stepsecurity.io/secureworkflow/alphauslabs/oops/main.yml/master?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/alphauslabs/oops/main.yml/master?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/alphauslabs/oops/main.yml/master?enable=pin","Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating golang:1.15.7 to golang:1.15.7@sha256:c161abf0cde3969e05f6914a86cab804b2b0df515f4ff9570475b25547ba7959","Warn: containerImage not pinned by hash: Dockerfile:7: pin your Docker image by updating ubuntu:20.04 to ubuntu:20.04@sha256:8feb4d8ca5354def3d8fce243717141ce31e2c428701f6682bd2fafe15388214","Info:   0 out of   2 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   1 third-party GitHubAction dependencies pinned","Info:   0 out of   2 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Vulnerabilities","score":0,"reason":"10 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2022-0635","Warn: Project is vulnerable to: GO-2022-0646","Warn: Project is vulnerable to: GO-2022-0355 / GHSA-fx95-883v-4q4h","Warn: Project is vulnerable to: GO-2024-3321 / GHSA-v778-237x-gjrc","Warn: Project is vulnerable to: GO-2025-3487 / GHSA-hcg3-q754-cr77","Warn: Project is vulnerable to: GO-2024-2687 / GHSA-4v7x-pqxf-cx7m","Warn: Project is vulnerable to: GO-2024-3333","Warn: Project is vulnerable to: GO-2025-3503 / GHSA-qxp5-gwg8-xv66","Warn: Project is vulnerable to: GO-2025-3595 / GHSA-vvgc-356p-c3xw","Warn: Project is vulnerable to: GO-2025-3488 / GHSA-6v2p-p543-phr9"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-16T19:55:39.510Z","repository_id":57564464,"created_at":"2025-08-16T19:55:39.510Z","updated_at":"2025-08-16T19:55:39.510Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32732349,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-07T02:14:30.463Z","status":"ssl_error","status_checked_at":"2026-05-07T02:14:29.405Z","response_time":62,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["golang","k8s","kubernetes","pubsub","scalable","sqs","testing","testing-tools"],"created_at":"2026-02-20T06:02:16.282Z","updated_at":"2026-05-07T10:02:39.606Z","avatar_url":"https://github.com/alphauslabs.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![main](https://github.com/alphauslabs/oops/actions/workflows/main.yml/badge.svg)](https://github.com/alphauslabs/oops/actions/workflows/main.yml)\r\n\r\n## Overview\r\n\r\n`oops` is an automation-friendly, highly-scalable, and scriptable API/generic testing tool built to run on [Kubernetes](https://kubernetes.io/). It accepts and runs file-based test cases, or 'scenarios' written in [YAML](https://yaml.org/).\r\n\r\n## Running in a local environment\r\n\r\nYou can install the binary and run local scenario file(s). This is useful for testing your scenario file(s) before deployment.\r\n\r\n```bash\r\n# Install the binary.\r\n$ brew install alphauslabs/tap/oops\r\n\r\n# Run a single scenario file.\r\n$ oops -s ./examples/01-simple.yaml\r\n\r\n# or multiple scenario files.\r\n$ oops -s ./examples/01-simple.yaml -s ./examples/02-chaining.yaml\r\n\r\n# For multiple scenario files in a directory (likely the case, eventually),\r\n# you can provide the root directory as input. It will scan all yaml files\r\n# recursively and execute them sequentially.\r\n$ oops --dir ./examples/\r\n```\r\n\r\n## Deploying to Kubernetes\r\n\r\nTo scale the testing workload, this tool will attempt to distribute all scenario files to all worker pods using pub/sub messaging (currently supports SNS+SQS, and GCP PubSub). At the moment, it needs to be triggered first before the actual execution starts. The trigger payload is `{\"code\":\"start\"}`.\r\n\r\nIt is recommended that your scenario files are isolated at the file level. That means that as much as possible, a single scenario file is standalone. For integration tests, a single scenario file could contain multiple related test cases (i.e. create, inspect, delete type of tests) in it.\r\n\r\nAlthough this tool was built to run on k8s, it will work just fine in any environment as long as the workload can be distributed properly using the currently supported pubsub services.\r\n\r\nAn example [`deployment.yaml`](https://github.com/alphauslabs/oops/blob/master/deployment.yaml) for k8s using GCP PubSub is provided for reference. Make sure to update the relevant values for your own setup.\r\n\r\n## Scenario file\r\n\r\nThe following is the specification of a valid scenario file. All scenario files must have a `.yaml` extension.\r\n\r\n```yaml\r\ntags:\r\n  # Tag(s) for this scenario file. If these tag combinations match with what is\r\n  # provided in the --tags flag (if any), this scenario file is allowed to run.\r\n  key1: value1\r\n  key2: value2\r\n\r\nenv:\r\n  # These key/values will be added to the environment variables in your local\r\n  # or in the pod oops will be running on.\r\n  ENV_KEY1: value1\r\n  ENV_KEY2: value2\r\n\r\n# Any value that starts with '#!' (i.e. #!/bin/bash) will be written to disk as\r\n# an executable script file and the resulting output combined from stdout \u0026 stderr\r\n# will become the final evaluated value. This is useful if you chain http calls,\r\n# such as, the url of the second test is from the payload response of the first\r\n# test, etc.\r\n#\r\n# If supported, the filename of the script will be indicated below.\r\n#\r\n# At the moment, shell interpreters that works with `bin -c scriptfile` command is\r\n# supported. Also, Python is supported as well by using the shebang:\r\n#   #!/path/to/python/binary\r\n\r\n# A script to run before anything else. A non-zero return value indicates a failure.\r\n# Filename: \u003ctempdir\u003e/\u003cscenario-filename\u003e.yaml_prepare\r\n# Example: /tmp/scenario01.yaml_prepare\r\nprepare: |\r\n  #!/bin/bash\r\n  echo \"prepare\"\r\n\r\n# A list of http requests to perform sequentially. This tool will continue running\r\n# all the list entries even if failure occurs during the execution.\r\nrun:\r\n  - http:\r\n      method: POST\r\n\r\n      # Filename: \u003ctempdir\u003e/\u003cscenario-filename\u003e.yaml_run\u003cindex\u003e_url\r\n      # Example: /tmp/scenario01.yaml_run0_url\r\n      url: \"https://service.alphaus.cloud/users\"\r\n\r\n      # Filename: \u003ctempdir\u003e/\u003cscenario-filename\u003e.yaml_run\u003cindex\u003e_hdr.\u003ckey\u003e\r\n      # Example: /tmp/scenario01.yaml_run0_hdr.Authorization\r\n      headers:\r\n        Authorization: |\r\n          #!/bin/bash\r\n          echo -n \"Bearer $TOKEN\"\r\n        Content-Type: application/json\r\n\r\n      # Filename: \u003ctempdir\u003e/\u003cscenario-filename\u003e.yaml_run\u003cindex\u003e_qparams.\u003ckey\u003e\r\n      # Example: /tmp/scenario01.yaml_run0_qparams.key2\r\n      query_params:\r\n        key1: value1\r\n        key2: |\r\n          #!/bin/bash\r\n          echo -n \"$KEY2\"\r\n\r\n      # Filename: \u003ctempdir\u003e/\u003cscenario-filename\u003e.yaml_run\u003cindex\u003e_forms.\u003ckey\u003e\r\n      # Example: /tmp/scenario01.yaml_run0_forms.key2\r\n      forms:\r\n        key1: value1\r\n        key2: |\r\n          #!/bin/bash\r\n          echo -n \"$KEY2\"\r\n\r\n      # Filename: \u003ctempdir\u003e/\u003cscenario-filename\u003e.yaml_run\u003cindex\u003e_payload\r\n      # Example: /tmp/scenario01.yaml_run0_payload\r\n      payload: |\r\n        {\"key1\":\"value1\",\"key2\":\"value2\"}\r\n\r\n      # If response payload is not empty, its contents will be written in the\r\n      # file below. Useful if you want to refer to it under 'asserts.script'\r\n      # and/or 'check'.\r\n      response_out: /tmp/out.json\r\n\r\n      asserts:\r\n        # The expected http status code. Indicates a failure if not equal.\r\n        status_code: 200\r\n\r\n        # JSON validation using https://github.com/xeipuuv/gojsonschema package.\r\n        validate_json: |\r\n          {\r\n            \"type\": \"object\",\r\n            \"properties\": {\r\n              ...\r\n            }\r\n          }\r\n\r\n        # A non-zero return value indicates a failure.\r\n        # Filename: \u003ctempdir\u003e/\u003cscenario-filename\u003e.yaml_run\u003cindex\u003e_assertscript\r\n        # Example: /tmp/scenario01.yaml_run0_assertscript\r\n        script: |\r\n          #!/bin/bash\r\n          if [[ \"$(cat /tmp/out.json | jq -r .username)\" != \"user01\" ]]; then\r\n            echo \"try fail\"\r\n            exit 1\r\n          fi\r\n\r\n# A script to run after 'run', if present. Useful also as a standalone script\r\n# in itself, if 'run' is empty. A non-zero return value indicates a failure.\r\n# Filename: \u003ctempdir\u003e/\u003cscenario-filename\u003e.yaml_check\r\n# Example: /tmp/scenario01.yaml_check\r\ncheck: |\r\n  #!/bin/bash\r\n  echo \"check\"\r\n```\r\n\r\nExample [scenario files](https://github.com/alphauslabs/oops/tree/master/examples) are provided for reference as well. You can run them as is.\r\n\r\n## TODO\r\n\r\n- [ ] Parsing and assertions for response JSON payloads\r\n- [x] Labels/tags for filtering what tests to run\r\n- [x] Support for other scripting engines other than `bash/sh`, i.e. Python\r\n- [ ] Store reports to some storage, i.e. S3, GCS, etc.\r\n- [ ] Support for AKS + Service Bus\r\n- [x] Add GCP PubSub for reporting\r\n\r\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Falphauslabs%2Foops","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Falphauslabs%2Foops","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Falphauslabs%2Foops/lists"}