{"id":49360298,"url":"https://github.com/klinux/gocdnext","last_synced_at":"2026-06-13T02:04:36.896Z","repository":{"id":352549519,"uuid":"1213586392","full_name":"klinux/gocdnext","owner":"klinux","description":"Modern CI/CD orchestrator with webhook-first ingest, container-native plugins, log archive to object storage, and a Helm-installable control plane.","archived":false,"fork":false,"pushed_at":"2026-06-06T02:47:09.000Z","size":8441,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-06-06T03:19:47.539Z","etag":null,"topics":["cd","ci","ci-cd","continuous-deployment","continuous-integration","golang","grpc","helm","kubernetes","nextjs","oss","postgres"],"latest_commit_sha":null,"homepage":"https://klinux.github.io/gocdnext/docs/","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/klinux.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":"docs/roadmap.md","authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2026-04-17T14:38:17.000Z","updated_at":"2026-06-06T02:42:19.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/klinux/gocdnext","commit_stats":null,"previous_names":["klinux/gocdnext"],"tags_count":102,"template":false,"template_full_name":null,"purl":"pkg:github/klinux/gocdnext","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/klinux%2Fgocdnext","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/klinux%2Fgocdnext/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/klinux%2Fgocdnext/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/klinux%2Fgocdnext/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/klinux","download_url":"https://codeload.github.com/klinux/gocdnext/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/klinux%2Fgocdnext/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":34269365,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-05-26T15:22:16.424Z","status":"online","status_checked_at":"2026-06-13T02:00:06.617Z","response_time":62,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cd","ci","ci-cd","continuous-deployment","continuous-integration","golang","grpc","helm","kubernetes","nextjs","oss","postgres"],"created_at":"2026-04-27T16:01:37.903Z","updated_at":"2026-06-13T02:04:36.884Z","avatar_url":"https://github.com/klinux.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# gocdnext\n\n\u003e Modern CI/CD orchestrator. Cherry-picks the good ideas from **GoCD** (VSM,\n\u003e fanout, pipeline dependencies, stage/job model), **Woodpecker** (plugin =\n\u003e container), and **GitLab CI** (stages, rules, needs, matrix, extends).\n\u003e Written in Go. UI in Next.js. Container-native. Webhook-first.\n\nStatus: **active development** — v0.x, minor bumps may carry breaking\nchanges until 1.0. Public repo, shipping monthly.\n\n📚 **Docs**: \u003chttps://klinux.github.io/gocdnext/docs/\u003e\n\n[![Open in GitHub Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/klinux/gocdnext)\n[![Open in Gitpod](https://img.shields.io/badge/Gitpod-ready--to--code-908a85?logo=gitpod)](https://gitpod.io/#https://github.com/klinux/gocdnext)\n\n![Dashboard](docs/public/screenshots/01-dashboard.png)\n\n## Why another CI tool?\n\nWe loved GoCD's model (explicit stage → job → task, dependency materials, VSM)\nbut hated the stack: Java/Spring/Hibernate, XML config, poll-first, Rails UI,\nno plugin marketplace. This is what GoCD would look like if we started today.\n\nDifferentiators vs. GitHub Actions / Tekton / Woodpecker:\n\n- **Upstream material** — `pipeline B` waits for `pipeline A.stage X` to pass\n  *with the same commit SHA*, with automatic fanout across N downstreams.\n- **Value Stream Map (VSM)** — visualize the graph of pipelines + materials.\n- **Webhook-first**, polling only as fallback. **Auto-register webhook** on\n  GitHub / GitLab / Bitbucket when you create a git material.\n- **Plugin catalog** — 40+ reference plugins (build/test/scan/sign/deploy/\n  notify), each shipped as a versioned container image with a typed input\n  contract.\n- **Kubernetes-native runtime** — pod-per-job execution with runner profiles\n  (K1–K4), or classic Docker on the agent host.\n- **Pipeline services** — sibling service containers (postgres,\n  redis, etc.) declared in YAML, reachable by every job via DNS\n  alias, and rendered as nodes in the pipeline graph.\n- **RBAC + audit log** — admin/maintainer/viewer hierarchy, every mutation\n  recorded in `audit_events`.\n- **Approval gates** — gate stages on approver groups with quorum, with full\n  audit trail.\n\n## Screenshots\n\n\u003ctable\u003e\n  \u003ctr\u003e\n    \u003ctd width=\"50%\"\u003e\n      \u003ca href=\"docs/public/screenshots/02-run-detail.png\"\u003e\n        \u003cimg src=\"docs/public/screenshots/02-run-detail.png\" alt=\"Run detail with live logs\" /\u003e\n      \u003c/a\u003e\n      \u003cp align=\"center\"\u003e\u003csub\u003eRun detail — Jobs / Tests / Artifacts tabs with live log stream\u003c/sub\u003e\u003c/p\u003e\n    \u003c/td\u003e\n    \u003ctd width=\"50%\"\u003e\n      \u003ca href=\"docs/public/screenshots/03-project-pipelines.png\"\u003e\n        \u003cimg src=\"docs/public/screenshots/03-project-pipelines.png\" alt=\"Project pipelines\" /\u003e\n      \u003c/a\u003e\n      \u003cp align=\"center\"\u003e\u003csub\u003eProject pipelines with bottleneck pill + stage strip\u003c/sub\u003e\u003c/p\u003e\n    \u003c/td\u003e\n  \u003c/tr\u003e\n  \u003ctr\u003e\n    \u003ctd width=\"50%\"\u003e\n      \u003ca href=\"docs/public/screenshots/04-vsm.png\"\u003e\n        \u003cimg src=\"docs/public/screenshots/04-vsm.png\" alt=\"Value Stream Map\" /\u003e\n      \u003c/a\u003e\n      \u003cp align=\"center\"\u003e\u003csub\u003eValue Stream Map — pipelines + materials graph\u003c/sub\u003e\u003c/p\u003e\n    \u003c/td\u003e\n    \u003ctd width=\"50%\"\u003e\n      \u003ca href=\"docs/public/screenshots/05-plugins-catalog.png\"\u003e\n        \u003cimg src=\"docs/public/screenshots/05-plugins-catalog.png\" alt=\"Plugin catalog\" /\u003e\n      \u003c/a\u003e\n      \u003cp align=\"center\"\u003e\u003csub\u003ePlugin catalog — auto-generated from \u003ccode\u003eplugin.yaml\u003c/code\u003e\u003c/sub\u003e\u003c/p\u003e\n    \u003c/td\u003e\n  \u003c/tr\u003e\n\u003c/table\u003e\n\n## Repo layout\n\n```\nserver/      Go control plane: HTTP API, gRPC for agents, scheduler, webhooks\nagent/       Go agent: pulls jobs, runs containers (docker or k8s), streams logs\ncli/         gocdnext CLI: validate, apply, admin\nweb/         Next.js 15 UI (App Router, RSC, Server Actions, shadcn)\nproto/       gRPC / protobuf contracts (managed by buf)\nplugins/     Reference plugins — 40+ images (build/test/scan/sign/deploy/notify)\ncharts/      Helm chart (server + agents, single-host Ingress / Gateway API)\nexamples/    Sample .gocdnext/ pipeline files\ndocs/        Starlight docs site (concepts, recipes, reference, operate guide)\n```\n\n## Cloud dev (Codespaces / Gitpod)\n\nZero local setup + **public URLs** so GitHub webhooks can actually land\nduring development — key for exercising the `auto_register_webhook`\n+ push → run flow end-to-end.\n\n- Click **Open in GitHub Codespaces** or **Open in Gitpod** above.\n- The devcontainer / `.gitpod.yml` bootstrap seeds `.env`, installs\n  `air` + `goose`, `pnpm install`s the web, and builds the plugin\n  images (`gocdnext/node`, etc.).\n- Run `make dev` to bring up postgres + server + agent + web with\n  hot reload.\n- **Webhook testing**:\n  - *Gitpod*: port `8153` is flagged `visibility: public` in\n    `.gitpod.yml`; GitHub can POST directly at\n    `https://8153-\u003cworkspace\u003e.\u003cregion\u003e.gitpod.io/api/webhooks/github`.\n  - *Codespaces*: forward port `8153` as **Public**\n    (`gh codespace ports visibility 8153:public` or right-click the\n    port in VS Code). The post-create already sets\n    `GOCDNEXT_PUBLIC_BASE` to the workspace URL.\n\nSee [docs/cloud-dev.md](docs/cloud-dev.md) for the full workflow,\nport map, cost budgets, and troubleshooting.\n\n## Quick start (dev)\n\nThe fast path uses `make dev` to bring everything up with hot reload —\npostgres + minio + server + agent + web, behind a single foreground\nprocess. Ctrl+C tears it all down.\n\n```bash\n# 1. one-shot env scaffold (.env + tools — air, goose, sqlc, buf)\nmake env-setup\n\n# 2. bring up the full stack with hot reload\nmake dev\n```\n\nThat's it. The UI lands on \u003chttp://localhost:3000\u003e, the API on `:8153`,\nthe agent connects via gRPC on `:8154`.\n\nIf you want the pieces separately (e.g. to attach a debugger):\n\n```bash\nmake db-up                   # postgres + minio only\nmake migrate-up              # apply migrations\nmake build                   # compile server + agent + cli\n./bin/gocdnext-server \u0026\nGOCDNEXT_SERVER_ADDR=localhost:8154 GOCDNEXT_AGENT_TOKEN=dev-token ./bin/gocdnext-agent \u0026\n./bin/gocdnext validate examples/simple\n```\n\n## Pipeline spec\n\nPipelines live in a **`.gocdnext/` folder** at the repo root. One file per\npipeline, multiple pipelines per repo. See [docs/pipeline-spec.md](docs/pipeline-spec.md)\nfor the full reference.\n\n```\nyour-repo/\n├── .gocdnext/\n│   ├── build.yaml          ← pipeline \"build\"\n│   ├── deploy-api.yaml     ← pipeline \"deploy-api\"\n│   └── deploy-worker.yaml  ← pipeline \"deploy-worker\"\n└── src/...\n```\n\nMinimal file:\n\n```yaml\n# .gocdnext/build.yaml\nname: build                      # optional; filename used as fallback\n\nmaterials:\n  - git:\n      url: https://github.com/org/repo\n      branch: main\n      on: [push, pull_request]\n      auto_register_webhook: true\n\nstages: [compile, test]\n\njobs:\n  compile:\n    stage: compile\n    image: golang:1.23\n    script: [go build ./...]\n\n  test:\n    stage: test\n    image: golang:1.23\n    needs: [compile]\n    script: [go test ./...]\n```\n\n## Install with Helm\n\nEach `vX.Y.Z` tag publishes the chart to two registries — pick whichever\nyour tooling prefers.\n\n**Classic Helm repo (gh-pages)**:\n\n```bash\nhelm repo add gocdnext https://klinux.github.io/gocdnext\nhelm repo update\nhelm install gocd gocdnext/gocdnext --version 0.8.0 \\\n  --set devDatabase.enabled=true \\\n  --set agent.tokenSecret.value=\"$(openssl rand -hex 32)\" \\\n  --set webhookToken.value=\"$(openssl rand -hex 32)\" \\\n  --set secretKey.value=\"$(openssl rand -hex 32)\" \\\n  --set artifactsSignKey.value=\"$(openssl rand -hex 32)\"\n```\n\n**OCI** (Helm 3.8+):\n\n```bash\nhelm install gocd oci://ghcr.io/klinux/charts/gocdnext --version 0.8.0 \\\n  --set devDatabase.enabled=true \\\n  ...\n```\n\nCheck the [latest release](https://github.com/klinux/gocdnext/releases)\nfor the current `vX.Y.Z` — both registries publish on every tag.\n\nThe container images (`ghcr.io/klinux/gocdnext-{server,agent,web}`) are\nmulti-arch (amd64 + arm64) and tagged `latest` on every push to `main`,\nplus `vX.Y.Z` / `X.Y` / `X` on tag releases.\n\n## Architecture\n\nSee [docs/architecture.md](docs/architecture.md) for the design. TL;DR:\n\n```\n  ┌─────────┐  webhook    ┌─────────────┐   gRPC stream   ┌───────────┐\n  │ GitHub  │ ──────────▶ │   server    │ ◀──────────────▶│  agent(s) │\n  └─────────┘             │  (Go,chi,   │                 │  (Go,     │\n                          │   gRPC,     │                 │  container│\n  ┌─────────┐    HTTP     │   sqlc)     │                 │  runtime) │\n  │  web UI │ ──────────▶ │             │                 └───────────┘\n  │ Next.js │             └──────┬──────┘\n  └─────────┘                    │\n                           ┌─────▼──────┐\n                           │ PostgreSQL │\n                           └────────────┘\n```\n\n## What's shipped (v0.8.0)\n\n- **Pipeline core** — `.gocdnext/` folder, stage/job/needs/matrix, materials\n  (git + upstream), webhook-first ingest with polling fallback.\n- **Plugin runtime** — versioned container plugins, typed `plugin.yaml`\n  contracts, secret-aware env propagation (NAME-only on argv).\n- **Plugin catalog** — 40+ reference plugins covering build (node/go/maven/\n  gradle/python/rust), container (buildx/kaniko/docker-push/cosign/trivy),\n  cloud (aws/gcloud/kubectl/helm/kustomize/argocd/terraform), quality\n  (sonar/codecov/coveralls/lighthouse-ci/gitleaks/golangci-lint), and\n  notify (slack/discord/teams/email/matrix).\n- **Runtimes** — Docker on the agent host **or** Kubernetes pod-per-job\n  with runner profiles (K1–K4).\n- **Artifact + cache** — pluggable storage backends (configurable from\n  `/settings/storage`), TTL + per-project + global quotas, container\n  layer cache with buildx `cache: bucket` shorthand.\n- **Approval gates** — approver groups + quorum, audit trail.\n- **RBAC + audit** — admin/maintainer/viewer, `audit_events` table,\n  `/settings/users` and `/settings/audit` UI.\n- **Operability** — VSM, single-host Ingress / Gateway API in the Helm\n  chart, OpenTelemetry traces, Prometheus `/metrics`, `slog` with\n  `trace_id`/`span_id` correlation.\n\n## What's open\n\n- **Pipeline deployment primitive** — Argo-style helm/kustomize/manifests\n  with env history + rollback (concept doc in\n  [docs/concepts/trunk-based-release/](https://klinux.github.io/gocdnext/docs/concepts/trunk-based-release/)).\n- **Per-project agent scope / lock** — deferred from the k8s runtime\n  rollout.\n- **`isolation: per-stage`** — share workspace across jobs in the same\n  stage (Woodpecker model).\n\n## License\n\nApache 2.0 — even though it's internal for now, we want the option to open it.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fklinux%2Fgocdnext","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fklinux%2Fgocdnext","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fklinux%2Fgocdnext/lists"}