{"id":23181014,"url":"https://github.com/replicatedhq/replicated","last_synced_at":"2026-04-22T23:02:40.557Z","repository":{"id":41361291,"uuid":"66676623","full_name":"replicatedhq/replicated","owner":"replicatedhq","description":"A CLI to create, edit and promote releases in Replicated","archived":false,"fork":false,"pushed_at":"2026-04-22T21:17:39.000Z","size":33133,"stargazers_count":36,"open_issues_count":26,"forks_count":25,"subscribers_count":19,"default_branch":"main","last_synced_at":"2026-04-22T22:26:23.008Z","etag":null,"topics":["kots","replicated"],"latest_commit_sha":null,"homepage":"https://vendor.replicated.com","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/replicatedhq.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2016-08-26T20:15:31.000Z","updated_at":"2026-04-22T20:54:55.000Z","dependencies_parsed_at":"2023-12-21T01:37:54.138Z","dependency_job_id":"92fc6488-c561-4923-8e74-96ae4ab46b9a","html_url":"https://github.com/replicatedhq/replicated","commit_stats":{"total_commits":561,"total_committers":41,"mean_commits":"13.682926829268293","dds":0.8270944741532977,"last_synced_commit":"f34298cc7380c747738554897fe3d0b90edfcd70"},"previous_names":[],"tags_count":211,"template":false,"template_full_name":null,"purl":"pkg:github/replicatedhq/replicated","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/replicatedhq%2Freplicated","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/replicatedhq%2Freplicated/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/replicatedhq%2Freplicated/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/replicatedhq%2Freplicated/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/replicatedhq","download_url":"https://codeload.github.com/replicatedhq/replicated/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/replicatedhq%2Freplicated/sbom","scorecard":{"id":746193,"data":{"date":"2025-08-11","repo":{"name":"github.com/replicatedhq/replicated","commit":"e2e8103cf2583de996a07cf958ce8bd10eff1eb3"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":4.7,"checks":[{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Code-Review","score":10,"reason":"all changesets reviewed","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/main.yaml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Maintained","score":10,"reason":"21 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yaml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/replicatedhq/replicated/main.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yaml:23: update your workflow using https://app.stepsecurity.io/secureworkflow/replicatedhq/replicated/main.yaml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/main.yaml:26: update your workflow using https://app.stepsecurity.io/secureworkflow/replicatedhq/replicated/main.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yaml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/replicatedhq/replicated/main.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yaml:46: update your workflow using https://app.stepsecurity.io/secureworkflow/replicatedhq/replicated/main.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yaml:54: update your workflow using https://app.stepsecurity.io/secureworkflow/replicatedhq/replicated/main.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yaml:55: update your workflow using https://app.stepsecurity.io/secureworkflow/replicatedhq/replicated/main.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yaml:13: update your workflow using https://app.stepsecurity.io/secureworkflow/replicatedhq/replicated/main.yaml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/main.yaml:14: update your workflow using https://app.stepsecurity.io/secureworkflow/replicatedhq/replicated/main.yaml/main?enable=pin","Warn: containerImage not pinned by hash: Dockerfile:1: pin your Docker image by updating golang:1.24 to golang:1.24@sha256:e155b5162f701b7ab2e6e7ea51cec1e5f6deffb9ab1b295cf7a697e81069b050","Warn: goCommand not pinned by hash: Dockerfile:5","Info:   0 out of   8 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   1 third-party GitHubAction dependencies pinned","Info:   0 out of   1 goCommand dependencies pinned","Info:   0 out of   1 containerImage dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Signed-Releases","score":0,"reason":"Project has not signed or included provenance with any releases.","details":["Warn: release artifact v0.111.0 not signed: https://api.github.com/repos/replicatedhq/replicated/releases/240087814","Warn: release artifact v0.110.0 not signed: https://api.github.com/repos/replicatedhq/replicated/releases/237807001","Warn: release artifact v0.109.1 not signed: https://api.github.com/repos/replicatedhq/replicated/releases/231920421","Warn: release artifact v0.109.0 not signed: https://api.github.com/repos/replicatedhq/replicated/releases/231914896","Warn: release artifact v0.108.0 not signed: https://api.github.com/repos/replicatedhq/replicated/releases/231274956","Warn: release artifact v0.111.0 does not have provenance: https://api.github.com/repos/replicatedhq/replicated/releases/240087814","Warn: release artifact v0.110.0 does not have provenance: https://api.github.com/repos/replicatedhq/replicated/releases/237807001","Warn: release artifact v0.109.1 does not have provenance: https://api.github.com/repos/replicatedhq/replicated/releases/231920421","Warn: release artifact v0.109.0 does not have provenance: https://api.github.com/repos/replicatedhq/replicated/releases/231914896","Warn: release artifact v0.108.0 does not have provenance: https://api.github.com/repos/replicatedhq/replicated/releases/231274956"],"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 30 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":3,"reason":"7 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GO-2022-0635","Warn: Project is vulnerable to: GO-2022-0646","Warn: Project is vulnerable to: GO-2025-3605 / GHSA-7vpp-9cxj-q8gv","Warn: Project is vulnerable to: GO-2024-2698 / GHSA-rhh4-rh7c-7r5v","Warn: Project is vulnerable to: GO-2024-3005","Warn: Project is vulnerable to: GHSA-9h84-qmv7-982p","Warn: Project is vulnerable to: GHSA-f9f8-9pmf-xv68"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-22T18:49:19.737Z","repository_id":41361291,"created_at":"2025-08-22T18:49:19.737Z","updated_at":"2025-08-22T18:49:19.737Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32158346,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-22T17:06:48.269Z","status":"ssl_error","status_checked_at":"2026-04-22T17:06:19.037Z","response_time":58,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["kots","replicated"],"created_at":"2024-12-18T08:14:07.947Z","updated_at":"2026-04-22T23:02:40.513Z","avatar_url":"https://github.com/replicatedhq.png","language":"Go","readme":"# Replicated Vendor CLI\n\nThis repository provides a Go client and CLI for interacting with the Replicated Vendor API.\n\n## CLI\n\n\n### Mac Install\n```\nbrew install replicatedhq/replicated/cli\n```\n\n### Linux Install\n```\ncurl -o install.sh -sSL https://raw.githubusercontent.com/replicatedhq/replicated/master/install.sh\nsudo bash ./install.sh\n```\n\n### Getting Started\n\nYou can use the replicated CLI command (i.e. `$ replicated --help`). \n\n#### (Pre-requirement) Config the CLI to have access to the Replicated Vendor portal \n\nTo use the CLI you need a user API Token to connect. You can create one by clicking on `New User API Token` in your \n[Account Settings](https://vendor.replicated.com/account-settings). \n\nThen, you can set the following environment variable to avoid passing it as an argument to each command\n\n```shell\n$ export REPLICATED_API_TOKEN=\u003cYour new User API Token\u003e\n```\n\n#### Now, let's check an example\n\nWe will check all Applications available and the distribution channels:\n\nTo list the applications available run `replicated app ls`, i.e.:\n\n```shell\n$ replicated app ls  \nID                             NAME     SLUG              SCHEDULER\n2FOfwth3fHauBqCvsZ1OaBAr7MU    test     test-rodent       kots\n2FOvdw6IR0oewVPVCcmH12tSRoL    nginx    nginx-sheepdog    kots\n```\n\nThen, to check the channels run `replicated channel ls --app \u003cYour APP SLUG OR ID\u003e`, i.e.:\n\n```shell\n$ replicated channel ls --app 2FOfwth3fHauBqCvsZ1OaBAr7MU\nID                             NAME        RELEASE    VERSION\n2FOfwru7Rq1plkqyZFLH6MLR1fk    Stable      1          0.0.1\n2FOfwu2zcDbqR24BVPSjjnkVwIe    Beta        1          0.0.1\n2FOfwreTFbmkXtf9bukwh8s1ewb    Unstable    1          0.0.1\n```\n\n\u003e **Notes:**\n\u003e - If you do not export the environment variable above then, you must pass your User API token via the flag `--token \u003cYour new User API Token\u003e`\n\u003e - You can also, set via environment variable your app slug or ID (i.e. `export REPLICATED_APP=\u003cYour APP SLUG OR ID\u003e`). So that, the above \ncommand would be simply `replicated channel ls`.\n\n### CI Example\nCreating a new release for every tagged build is a common use of the replicated command.\n\nAssume the app's yaml config is checked in at replicated.yaml and you have configured TravisCI or CircleCI with your REPLICATED_APP and REPLICATED_API_TOKEN environment variables.\n\nThen add  a release.sh script to your project something like this:\n\n```bash\n#!/bin/bash\n\n# Create a new release from replicated.yaml and promote the Unstable channel to use it.\n# Aborts if version tag is empty.\n\nset -e\n\nVERSION=$1\nINSTALL_SCRIPT=https://raw.githubusercontent.com/replicatedhq/replicated/master/install.sh\nCHANNEL=Unstable\n\nif [ -z \"$VERSION\" ]; then\necho \"No version; skipping replicated release\"\n  exit\nfi\n\n# install replicated\ncurl -sSL \"$INSTALL_SCRIPT\" \u003e install.sh\nsudo bash ./install.sh\n\ncat replicated.yaml | replicated release create --yaml - --promote Unstable --version \"$VERSION\"\n# Channel ee9d99e87b4a5acc2863f68cb2a0c390 successfully set to release 15\n```\n\nNow you can automate tagged releases in TravisCI or CircleCI:\n\n```yaml\n# .travis.yml\nsudo: required\nafter_success:\n  - ./release.sh \"$TRAVIS_TAG\"\n\n```\n\n```yaml\n# circle.yml\ndeployment:\n  tag:\n    tag: /v.*/\n    owner: replicatedcom\n    commands:\n      - ./release.sh \"$CIRCLE_TAG\"\n```\n\n## Client\n\n[GoDoc](https://godoc.org/github.com/replicatedhq/replicated/client)\n\n```golang\npackage main\n\nimport (\n\t\"fmt\"\n\t\"log\"\n\t\"os\"\n\n\t\"github.com/replicatedhq/replicated/pkg/platformclient\"\n)\n\nfunc main() {\n\ttoken := os.Getenv(\"REPLICATED_API_TOKEN\")\n\tappSlugOrID := os.Getenv(\"REPLICATED_APP\")\n\n\tapi := platformclient.New(token)\n\n\tapp, err := api.GetApp(appSlugOrID)\n\tif err != nil {\n\t\tlog.Fatal(err)\n\t}\n\n\tchannels, err := api.ListChannels(app.Id)\n\tif err != nil {\n\t\tlog.Fatal(err)\n\t}\n\tfor _, c := range channels {\n\t\tfmt.Printf(\"channel %s is on release %d\\n\", c.Name, c.ReleaseSequence)\n\t}\n}\n```\n\n## Development\n```make build``` installs the binary to ```$GOPATH/bin```\nThe models are generated from the API's swagger spec.\n\n### Tests\n\n#### Environment\n* ```REPLICATED_API_ORIGIN``` may be set to override the API endpoint\n* ```VENDOR_USER_EMAIL``` and ```VENDOR_USER_PASSWORD``` should be set to delete apps created for testing\n* ```REPLICATED_REGISTRY_ORIGIN``` may be set to overrride the registry endpoint \n\n### Releases\n\nReleases of the Replicated Vendor CLI are automated using [Dagger](https://dagger.io/) and [GoReleaser](https://goreleaser.com/).\n\nTo create a new release:\n\n```bash\n# Create a major, minor, or patch release:\nmake release version=major\nmake release version=minor\nmake release version=patch\n```\n\nThe release process:\n1. Ensures you're on the `main` branch with a clean git tree\n2. Updates the version in the codebase\n3. Creates a git tag for the release\n4. Builds and publishes binaries to GitHub Releases\n5. Publishes Docker images to Docker Hub (as `replicated/vendor-cli`)\n\nOnce the release is out, if there any changes to CLI commands or parameters, new docs have to be generated:\n\n```bash\nmake docs\n```\n\nThis will create a PR in https://github.com/replicatedhq/replicated-docs, which then needs to be reviewed and merged.\n\n### Regenerating Client Code\n\nWhen the swagger definitions change, you can regenerate the Client code from the swagger spec with\n\n    make get-spec-prod gen-models\n\nmodels for the v2 api isn't really working yet, need to find the URL for that OpenAPI spec.\n\n## Usage Recipes\n\n#### Make a new release by editing another\n```\nreplicated release inspect 130 | sed 1,4d \u003e config.yaml\nvim config.yaml\ncat config.yaml | replicated release create --yaml -\n# SEQUENCE: 131\n```\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Freplicatedhq%2Freplicated","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Freplicatedhq%2Freplicated","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Freplicatedhq%2Freplicated/lists"}