{"id":24698976,"url":"https://github.com/hacklanta/deploy-goon","last_synced_at":"2026-05-14T20:02:13.998Z","repository":{"id":11399801,"uuid":"13845947","full_name":"hacklanta/deploy-goon","owner":"hacklanta","description":"An HTTP deploy / command trigger application.","archived":false,"fork":false,"pushed_at":"2014-09-02T02:13:20.000Z","size":508,"stargazers_count":1,"open_issues_count":1,"forks_count":0,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-11-27T13:17:30.409Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hacklanta.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2013-10-24T22:23:41.000Z","updated_at":"2014-12-27T19:21:36.000Z","dependencies_parsed_at":"2022-08-22T08:50:55.797Z","dependency_job_id":null,"html_url":"https://github.com/hacklanta/deploy-goon","commit_stats":null,"previous_names":[],"tags_count":14,"template":false,"template_full_name":null,"purl":"pkg:github/hacklanta/deploy-goon","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hacklanta%2Fdeploy-goon","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hacklanta%2Fdeploy-goon/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hacklanta%2Fdeploy-goon/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hacklanta%2Fdeploy-goon/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hacklanta","download_url":"https://codeload.github.com/hacklanta/deploy-goon/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hacklanta%2Fdeploy-goon/sbom","scorecard":{"id":452261,"data":{"date":"2025-08-11","repo":{"name":"github.com/hacklanta/deploy-goon","commit":"33e52257bdbc4a5b4cd898c96ccf6e21e7611aaf"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":2.3,"checks":[{"name":"SAST","score":0,"reason":"no SAST tool detected","details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Code-Review","score":0,"reason":"Found 0/30 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":0,"reason":"license file not detected","details":["Warn: project does not have a license file"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact 1.0.0 not signed: https://api.github.com/repos/hacklanta/deploy-goon/releases/95568","Warn: release artifact 1.0.0 does not have provenance: https://api.github.com/repos/hacklanta/deploy-goon/releases/95568"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}}]},"last_synced_at":"2025-08-19T08:30:29.736Z","repository_id":11399801,"created_at":"2025-08-19T08:30:29.736Z","updated_at":"2025-08-19T08:30:29.736Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":33041204,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-13T13:14:54.681Z","status":"online","status_checked_at":"2026-05-14T02:00:06.663Z","response_time":57,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-01-27T04:35:01.634Z","updated_at":"2026-05-14T20:02:13.963Z","avatar_url":"https://github.com/hacklanta.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Deploy Goon [![Build Status](https://travis-ci.org/hacklanta/deploy-goon.png?branch=master)](https://travis-ci.org/hacklanta/deploy-goon)\n\nDeploy Goon is that was originally birthed from working on deployment procedures for [Anchor Tab](http://anchortab.com). When\nI was building out our continuous integration and deployment system, I wanted a way to trigger a release on the production\nserver without the server running Jenkins actually having SSH access to the production box. To accomplish that, I wrote a\nquick-and-dirty Node.js daemon that kicked off the deploy scripts when it received an HTTP request.\n\nAfter some iteration on the intial idea, I ended up with the specification for what is now Deploy Goon: a simple, but\npowerful, remote command execution daemon configurable with JSON files.\n\n## Features\n\n* Capable of running any command, as any user.\n* IP whitelisting to prevent Joe the Hacker from executing your deploys.\n* Support for using X-Forwarded-For header as IP if proxy trust is enabled.\n* Easy-to-use CLI interface for managing which configuration files are used.\n* Automatically reloads deploy configurations when they change.\n* Stock support for basic notifications delivered via Mandrill email. If you have additional notification methods you'd\nlike supported, open a PR!\n\n## Installation\n\nTo install Deploy Goon, you'll need to first install [Node.js](http://nodejs.org). You can find some excellent instructions\nfor doing so on their website. After you have Node.js installed, execute the following command on your terminal:\n\n```\n$ sudo npm install -g deploy-goon\n```\n\nThat will globally install Deploy Goon, and should drop the `deploygoon` executable on your path, which is all you really\nneed to get started.\n\n## Using Deploy Goon\n\nIt's time to write your first deploy job configuration. Since Deploy Goon is written in\nJavaScript, we define our deploy jobs in JSON. Here's an example:\n\n```json\n{\n  \"slug\": \"baconsauce\",\n  \"description\": \"An example deployment allowable from localhost.\",\n  \"ipWhitelist\": [\"192.168.1.1\", \"127.0.0.1\"],\n  \"deployActions\": [\n    {\n      \"name\": \"Echo Lo\",\n      \"command\": \"whoami\"\n    }\n  ],\n  \"notifications\": {\n    \"notifier\": \"mandrill\",\n    \"onSuccess\": false,\n    \"settings\": {\n      \"apiKey\": \"zzzzz\",\n      \"fromEmail\": \"deploy@goon.com\",\n      \"fromName\": \"Deploy Goon\",\n      \"toEmail\": \"the@boss.com\",\n      \"toName\": \"The Boss\"\n    }\n  }\n}\n```\n\nIn the configuration above, when `http://localhost:9090/baconsauce` is hit from either `192.168.1.1` or `127.0.0.1`,\nthe `whoami` command will be run. If it failed, we'll dispatch an email via Mandrill to \"The Boss\" letting him know.\n(Of course, \"zzzzz\" isn't a valid Mandrill API key, so you'll need to get one of those.)\n\nHere are all the options we support in detail.\n\n* **slug** (string, required) – This should be a lowercase and hyphenated unique identifier for the project. Something suitable for\n  for usage in a URL because it will make up the latter part of the URL for trigging your deploy.\n* **description** (string, recommended) – Some human readable description of the project for display as output of the `deploygoon ls` command.\n* **ipWhitelist** (array of string, recommended) – IPs \n* **deployActions** (array of objects, required) – The steps of the deploy process described in objects, where each object can take the\n  following parameters:\n  * **name** (string) – The huamn friendly name for the action.\n  * **command** (string) – The program name to execute.\n  * **arguments** (array of string) – Arguments to be passed to the command.\n  * **uid** (number) – The numeric user id to execute the command under.\n  * **gid** (number) – The numeric group id to execute the command under.\n* **notifications** (object, optional) – Notification settings for the deploy process. If omitted, no notifications will occur. If provided\n  use the following format.\n  * **notifier** (string, required) – The name (minus extension) of the [notifier](https://github.com/hacklanta/deploy-goon/tree/master/src/notifiers)\n    to use.\n  * **onSuccess** (boolean, optional) – By default we only notify you on failed deploys. If you'd like success notifications too, set this flag\n    to true.\n  * **settings** (object, required) – The format of this object is specific to the notifier implementation you're using. It will be passed\n    verbatim to the notifier.\n\nAfter you have this build definition, you can do the following:\n\n```\n$ sudo deploygoon add path/to/my-deploy-job.json\n```\n\nYour deploy job will then be added to the list of jobs Deploy Goon knows about. Now, all that's left is to start up\nDeploy Goon!\n\n```\n$ sudo deploygoon start\n```\n\nAssuming nothing went wrong, you should now have Deploy Goon running on port 9090. You should be able to trigger the\ndeploy you described above by going sending an HTTP request to http://localhost:9090/my-job like so:\n\n```\n$ curl http://localhost:9090/my-job\n```\n\nOutput from the deploy job will be displayed in Deploy Goon's logfile located at `/var/log/deploygoon.log`.\n\n## Why Deploy Goon?\n\nFair question. This is a task that's easily handled by doing some quick and dirty shell scripting, as I've obviously done.\nAnd this isn't my first time writing a script like this. I actually implemented a similar ruby-specific one called\n[unicorn-easy-restart](https://github.com/farmdawgnation/unicorn-easy-restart) awhile back. I decided I'm tired of re-inventing\nthe wheel. I figured other people were as well.\n\n## Who is I?\n\nMy name is **Matt Farmer**. I'm a software engineer hailing from Atlanta, GA. I'm a member of Hacklanta. I'm a code curator for\na handful of people these days, not the least of which is [Anchor Tab](http://anchortab.com) where I serve as Lead Engineer. You\ncan read my ramblings at [my blog](http://farmdawgnation.com) and on my [twitter account](http://twitter.com/farmdawgnation).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhacklanta%2Fdeploy-goon","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhacklanta%2Fdeploy-goon","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhacklanta%2Fdeploy-goon/lists"}