{"id":44087639,"url":"https://github.com/open-component-model/demo-secure-delivery","last_synced_at":"2026-02-08T10:35:09.691Z","repository":{"id":161116019,"uuid":"631666817","full_name":"open-component-model/demo-secure-delivery","owner":"open-component-model","description":"A locally running demo, showcasing the secure delivery aspects of Flux and OCM.","archived":false,"fork":false,"pushed_at":"2025-11-18T12:27:51.000Z","size":5610,"stargazers_count":6,"open_issues_count":0,"forks_count":2,"subscribers_count":7,"default_branch":"main","last_synced_at":"2025-11-18T15:46:24.689Z","etag":null,"topics":["ocm","open-component-model"],"latest_commit_sha":null,"homepage":"https://ocm.software/","language":"Mustache","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/open-component-model.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":".github/CODEOWNERS","security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2023-04-23T18:32:32.000Z","updated_at":"2025-11-18T12:27:57.000Z","dependencies_parsed_at":"2024-04-19T09:49:11.179Z","dependency_job_id":"9cbbb3bb-4eb3-44cf-ac82-f07c86de26f5","html_url":"https://github.com/open-component-model/demo-secure-delivery","commit_stats":null,"previous_names":["open-component-model/demo-secure-delivery"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/open-component-model/demo-secure-delivery","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/open-component-model%2Fdemo-secure-delivery","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/open-component-model%2Fdemo-secure-delivery/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/open-component-model%2Fdemo-secure-delivery/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/open-component-model%2Fdemo-secure-delivery/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/open-component-model","download_url":"https://codeload.github.com/open-component-model/demo-secure-delivery/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/open-component-model%2Fdemo-secure-delivery/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29227798,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-08T09:43:19.170Z","status":"ssl_error","status_checked_at":"2026-02-08T09:42:55.556Z","response_time":57,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ocm","open-component-model"],"created_at":"2026-02-08T10:35:05.382Z","updated_at":"2026-02-08T10:35:09.686Z","avatar_url":"https://github.com/open-component-model.png","language":"Mustache","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![REUSE status](https://api.reuse.software/badge/github.com/open-component-model/demo-secure-delivery)](https://api.reuse.software/info/github.com/open-component-model/demo-secure-delivery)\n\n# Secure software delivery with Flux and Open Component Model\n\n## Fully guided walkthrough\n\n![workflow](./docs/images/new_diagram.png)\n\nThis walkthrough deploys a full end-to-end scenario demonstrating how OCM and Flux can be employed to continuously deploy applications in air-gapped environments.\n\nThe demo environment consists of Gitea, Tekton, Flux and the OCM controller.\n\nTo be able to show that provider and consumer are really disconnected, two distinct Gitea organizations are created:\n\n- [software-provider](https://gitea.ocm.dev/software-provider)\n- [software-consumer](https://gitea.ocm.dev/software-consumer)\n\n## Software Provider\n\nThe provider organization contains a repository which models the `podinfo` application. When a new release is created a Tekton pipeline will be triggered that builds the OCM component and pushes it to the [software provider's OCI registry](https://gitea.ocm.dev/software-provider/-/packages).\n\n## Software Consumer\n\nThe software consumer organization models an air-gapped scenario where applications are deployed from a secure OCI registry rather than directly from an arbitrary public upstream source.\n\nThe software consumer organization contains a repository named [ocm-applications](https://gitea.ocm.dev/software-consumer/ocm-applications). During the setup of the demo a PR is created which contains a set of Kubernetes manifests required to deploy the OCM component published by the software provider.\n\nOnce this pull request is merged the Flux machinery will deploy `podinfo` component. [Capacitor](https://capacitor.ocm.dev) can be used to understand the state of the cluster.\n\n### Walkthrough\n\nInstructions are provided to guide you through the process of deploying the demo environment, cutting a release for \"podinfo,\" verifying the release automation, installing the component, viewing the Capacitor GitOps dashboard, accessing the deployed application, applying configuration changes, monitoring the application update, and cutting a new release with updated features.\n\n#### 1. Setup demo environment\n\nTo deploy the demo environment execute the following:\n\n`make run`\n\nOnce the environment has been created, login to Gitea using the following credentials:\n\n```\nusername: ocm-admin\npassword: password\n```\n\n#### 2. Cut a release for `podinfo`\n\nNext navigate to: https://gitea.ocm.dev/software-provider/podinfo-component/releases and click \"New Release\".\n\nEnter \"v1.0.0\" for both the tag name and release name, and then click \"Publish Release\".\n\n![release](./docs/images/publish.png)\n\n#### 3. Verify the release\n\nOnce the release is published, navigate to https://ci.ocm.dev/#/namespaces/tekton-pipelines/pipelineruns and follow the progress of the release automation.\n\n![ci](./docs/images/release_automation.png)\n\n#### 4. Install the Component\n\nWhen the release pipeline has been completed we can install the component. Navigate to https://gitea.ocm.dev/software-consumer/ocm-applications/pulls/1 and merge the pull request.\n\n![install](./docs/images/install.png)\n\n#### 5. View the Capacitor Dashboard\n\nAfter certificates are created the Capacitor component and the dashboard will be accessible at https://capacitor.ocm.dev. Give it a minute to spin up...\n\n![capacitor](./docs/images/capacitor.png)\n\n#### 5. View the application\n\nWe can view the `podinfo` Helm release that's been deployed in the default namespace: https://capacitor.ocm.dev/\n\nWe can also view the running application at https://podinfo.ocm.dev\n\n![podinfo](./docs/images/application.png)\n\n#### 6. Apply configuration\n\nThe application can be configured using the parameters exposed in `values.yaml`. Now that podinfo is deployed we can tweak a few parameters.\nNavigate to https://gitea.ocm.dev/software-consumer/ocm-applications/_edit/main/values.yaml\n\n![configure](./docs/images/configure.png)\n\nand add the following:\n\n```yaml\npodinfo:\n  replicas: 2\n  message: \"Hello Open Component Model!\"\n  serviceAccountName: ocm-ops\n```\n\n#### 7. View the configured application\n\nThe changes will soon be reconciled by Flux and visible at https://podinfo.ocm.dev. Note how the pod id changes now that we have 2 replicas of our application running.\n\n![update](./docs/images/update.png)\n\n#### 8. Cut a new release\n\nLet's jump back to the provider repository and cut another release. This release will contain a new feature that changes the image displayed by the podinfo application. Follow the same process as before to create a release, bumping the version to `v1.1.0`.\n\n#### 9. Verify the release\n\nOnce the release is published, navigate to https://ci.ocm.dev/#/namespaces/tekton-pipelines/pipelineruns and follow the progress of the release automation.\n\n#### 10. Monitor the application update\n\nJump back to https://capacitor.ocm.dev to view the rollout of the new release.\n\n![update-wego](./docs/images/update-wego.png)\n\n#### 11. View the updated application\n\nFinally, navigate to https://podinfo.ocm.dev which now displays the OCM logo in place of the cuttlefish and the updated application version of 6.3.6\n\n![update-ocm](./docs/images/update-ocm.png)\n\n### Conclusion\n\nBy leveraging the capabilities of Gitea, Tekton, Flux, and the OCM controller, this demo showcases the seamless deployment of components and dependencies in a secure manner. The use of secure OCI registries and automated release pipelines ensures the integrity and reliability of the deployment process.\n\nUsers can easily set up the demo environment, cut releases, monitor release automation, view the Capacitor GitOps dashboard and observe the deployment and update of applications. We have presented a practical illustration of how OCM and Flux can be employed to facilitate the deployment and management of applications in air-gapped environments, offering a robust and efficient solution for secure software delivery.\n\n## Contributing\n\nCode contributions, feature requests, bug reports, and help requests are very welcome. Please refer to the [Contributing Guide in the Community repository](https://github.com/open-component-model/community/blob/main/CONTRIBUTING.md) for more information on how to contribute to OCM.\n\nOCM follows the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/main/code-of-conduct.md).\n\n## Licensing\n\nCopyright 2022-2023 SAP SE or an SAP affiliate company and Open Component Model contributors.\nPlease see our [LICENSE](LICENSE) for copyright and license information.\nDetailed information including third-party components and their licensing/copyright information is available [via the REUSE tool](https://api.reuse.software/info/github.com/open-component-model/demo-secure-delivery).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fopen-component-model%2Fdemo-secure-delivery","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fopen-component-model%2Fdemo-secure-delivery","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fopen-component-model%2Fdemo-secure-delivery/lists"}