{"id":28036129,"url":"https://github.com/consid-germany/gates","last_synced_at":"2025-05-11T12:06:50.639Z","repository":{"id":232781106,"uuid":"785131523","full_name":"consid-germany/gates","owner":"consid-germany","description":"A tool to manage software deployments and pipelines across multiple environments.","archived":false,"fork":false,"pushed_at":"2025-05-09T23:06:15.000Z","size":69339,"stargazers_count":5,"open_issues_count":11,"forks_count":3,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-05-11T12:06:40.962Z","etag":null,"topics":["aws","continuous-deployment","devops","rust","typescript"],"latest_commit_sha":null,"homepage":"https://gates.consid.tech","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/consid-germany.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2024-04-11T09:02:04.000Z","updated_at":"2025-05-08T06:30:18.000Z","dependencies_parsed_at":"2025-04-30T15:25:47.467Z","dependency_job_id":"9cbb2e2f-720b-4232-81c2-778a2cb36646","html_url":"https://github.com/consid-germany/gates","commit_stats":null,"previous_names":["consid-germany/gates"],"tags_count":4,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/consid-germany%2Fgates","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/consid-germany%2Fgates/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/consid-germany%2Fgates/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/consid-germany%2Fgates/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/consid-germany","download_url":"https://codeload.github.com/consid-germany/gates/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253561431,"owners_count":21927787,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","continuous-deployment","devops","rust","typescript"],"created_at":"2025-05-11T12:06:50.044Z","updated_at":"2025-05-11T12:06:50.618Z","avatar_url":"https://github.com/consid-germany.png","language":"Rust","readme":"# gates\n\n[![ci](https://github.com/consid-germany/gates/actions/workflows/ci.yaml/badge.svg)](https://github.com/consid-germany/gates/actions/workflows/ci.yaml)\n[![release](https://github.com/consid-germany/gates/actions/workflows/release.yaml/badge.svg)](https://github.com/consid-germany/gates/actions/workflows/release.yaml)\n\n**gates** is a tool to assist software development \nteams in managing the deployment of software artifacts across multiple pipelines and environments.\nThe tool provides toggles called gates which can be in the state `open` or `closed`\nto control whether a deployment or pipeline should proceed or not.\n\nA gates application comprises the following three components:\n\n1. **api**: HTTP API to create, list and update gates and their states. The API is implemented as a serverless application with Rust, AWS Lambda and the AWS API Gateway. The gates are stored in an AWS DynamoDB table.\n2. **ui**: Web frontend providing a user interface to view and toggle gates as well as to add comments to gates (useful to indicate why a gate is in a certain state).\n3. **action**: GitHub Action which can be used within GitHub Action workflows to check the state of a gate and stop the pipeline if the gate is in `closed` state.\n\n## Demo\n\nYou can check out a demo of the gates ui here: https://gates.consid.tech.\n\n*Note that this is a demo deployment of the gates application which replaces comment messages with sanitized default messages and does not allow to\ncreate or delete gates.*\n\n\n## Quick Start - GitHub Action\n\nTo use gates within your GitHub deployment pipeline you can simply use the ***consid-germany/gates*** action as shown in the block below.\nThe parameters explained:\n\n- `gitHubApiBaseUrl`: URL of the GitHub API of your gates deployment.\n- `group`, `service`, `environment`: Required and used to specify the gate of which the gate state is checked during the workflow execution. \n \nIf the gate state is `open`, the workflow will proceed. If the gate state is `closed` the action will set an error to cancel the workflow.\n\n```yaml\njobs:\n  example:\n    permissions:\n      id-token: write\n    runs-on: ubuntu-latest\n    steps:\n      - uses: consid-germany/gates@v1.3.0\n        with:\n          gitHubApiBaseUrl: https://github.gates.consid.tech/api\n          group: some-group\n          service: some-service\n          environment: test\n```\n\n## Quick Start - AWS Deployment\n\nThe simplest and fastest way to get your own deployment of the gates application \nis to deploy the stack in your AWS account with the provided AWS CDK construct. Follow the instructions below.\n\n### 1) Prerequisites\n\nIn order to deploy the gates application to your AWS account, you will need to meet the following requirements:\n\n- AWS Account with [CDK Bootstrapping](https://docs.aws.amazon.com/cdk/v2/guide/bootstrapping.html) (`us-east-1` region is required to be bootstrapped)\n- [AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html) with [configured credentials](https://docs.aws.amazon.com/cli/latest/reference/configure/) for your AWS Account\n- [Node.js \u0026 npm](https://nodejs.org/en/download)\n\n### 2) Create a new CDK app project\n\nCreate a new AWS CDK project using the AWS CDK CLI `cdk init` command:\n\n```bash\nnpx cdk@latest init app --language typescript\n```\n\n### 3) Install the `@consid-germany/gates` package\n\nInstall the `@consid-germany/gates` npm package which contains the AWS CDK construct.\n\n```bash\nnpm install -D @consid-germany/gates\n```\n\n### 4) Create stack and `Gates` construct\n\nInside your CDK app or stack (see `bin` or `lib` directory), import the `Gates` construct from the `@consid-germany/gates` \npackage and create it.\nThe `Gates` construct needs to be created within a stack that has an environment (`env`) configuration providing the `region` and `account` of \nthe target AWS account where the application should be deployed.\n\nExample stack to use with your CDK application (see app created in the `bin` directory):\n\n```ts\nimport * as cdk from \"aws-cdk-lib\";\nimport { Gates } from \"@consid-germany/gates\";\n\nconst app = new cdk.App();\n\nconst stack = new cdk.Stack(app, 'Stack', {\n    env: {\n        region: \"eu-central-1\", // replace with the region where you want to deploy the stack\n        account: \"1234567890\",  // replace with your AWS account id\n    }\n});\n\nnew Gates(stack, \"Gates\", {\n    gitHubApi: {\n        allowedSubPatterns: [\n            \"repo:consid-germany/gates:*\"   // replace with your repositories\n        ]\n    },\n});\n```\n\n### 5) Deploy the app\n\nRun the following command to deploy the gates application stacks into your AWS account:\n\n```bash\nnpx cdk@latest deploy --all\n```\n\n## Infrastructure Overview\n\nWhen deploying the gates application using the gates AWS CDK construct, there are a few AWS cloud resources which will be created:\n\n- AWS Lambda function for the API and a AWS DynamoDB table where gates are stored.\n- DNS record for the GitHub API (e.g. `github.gates.consid.tech`), which will be routed to an API Gateway (HttpApi). An ACM certificate is created and attached to the HttpApi. The HttpApi uses an AWS Lambda function to validate the JWT OIDC GitHub token which will be included in requests of the GitHub Action workflows using the ***consid-germany/gates*** action. When a request is valid, the API Lambda function will be called with the request and the response of the function is returned.\n- DNS record for the API \u0026 UI (e.g. `gates.consid.tech`), which will be routed to a CloudFront distribution. A global ACM certificate is created and attached to the CloudFront distribution. The CloudFront distribution uses a global AWS WAF (Web Application Firewall) utilizing a WAF rule and a WAF IpSet to restrict access to the content for a custom set of IP addresses.\n  - Requests to `/api` and any sub route `/api/{proxy+}` will be redirected to an API Gateway (HttpApi). To only allow the CloudFront distrbution to be able to access the HttpApi, the HttpApi will use an AWS Lambda function to validate an HTTP Header (`x-verify-origin`) which will be included in the redirected requests by the CloudFront distribution with a secret value. When a request is valid, the API Lambda function will be called with the request and the response of the function is returned.\n  - Any other request will be redirected to the UI (provided via static frontend assets in a S3 Bucket).\n\n![Overview Infrastructure](docs/infrastructure.drawio.png)\n\n## Contributing\n\nAll types of contributions are encouraged and valued. \nCheck out the [Contributing](https://github.com/consid-germany/gates/blob/main/CONTRIBUTING.md) file for more information\nabout how to contribute as well as for detailed information about setting up the local development environment for the different\ncomponents of gates.\n\n## Acknowledgements\n\nThe gates project is heavily inspired by the great [gatekeeper](https://github.com/otto-de/gatekeeper) tool developed at OTTO (GmbH \u0026 Co. KG).","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fconsid-germany%2Fgates","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fconsid-germany%2Fgates","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fconsid-germany%2Fgates/lists"}