notation
pipeline
Our great sponsors
notation | pipeline | |
---|---|---|
7 | 51 | |
289 | 8,285 | |
6.6% | 0.9% | |
8.9 | 9.7 | |
6 days ago | 4 days ago | |
Go | Go | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
notation
-
Securing CI/CD Images with Cosign and OPA
Notary v2: The evolution to Notary v2 brought improvements in signature portability and integration with third-party key management solutions. However, it does not provide a certificate authority, leaving public key discovery for open-source image verification as an unresolved issue.
-
Automating Kubernetes Deployments with FluxCD for Patched and Signed Container Images
Notation
-
Level-up Container Security: 4 Open-Source Tools for Secure Software Supply Chain
Notation is another command-line too that lets you digitally sign artifacts. And those signatures essentaily become the stamps of approval for the different things in your software supply chain. For example, container images.
- notaryproject/notation: Notation is a project to add signatures as standard items in the registry ecosystem, and to build a set of simple tooling for signing and verifying these signatures. Based on Notary V2 standard.
-
Getting Started with Notary
Notary is the CNCF project name and is often referenced when referring to the process of signing digital artifacts, but Notation is the command line tool that does the heavy lifting. Run the following commands to install Notation.
- Dagger: a new way to build CI/CD pipelines
-
Making the Internet more secure one signed container at a time
It should be interoperable, that's the goal. I proposed some idea for nv2 here: https://github.com/notaryproject/nv2/issues/39 and here: https://github.com/notaryproject/nv2/issues/40 too.
pipeline
-
14 DevOps and SRE Tools for 2024: Your Ultimate Guide to Stay Ahead
Tekton
- GitHub Actions could be so much better
-
Distributed Traces for Testing with Tekton Pipelines and Tracetest
Tekton is an open-source framework for creating efficient CI/CD systems. This empowers developers to seamlessly construct, test, and deploy applications across various cloud environments and on-premise setups.
-
Practical Tips for Refactoring Release CI using GitHub Actions
Despite other alternatives like Circle CI, Travis CI, GitLab CI or even self-hosted options using open-source projects like Tekton or Argo Workflow, the reason for choosing GitHub Actions was straightforward: GitHub Actions, in conjunction with the GitHub ecosystem, offers a user-friendly experience and access to a rich software marketplace.
-
Wolfi: A community Linux OS designed for the container and cloud-native era
[2]: https://github.com/tektoncd/pipeline/issues/5507#issuecommen...
- Nu stiu ce sa fac, orice sfat e bine venit
-
What are some good self-hosted CI/CD tools where pipeline steps run in docker containers?
Drone, or Tekton, Argo Workflows if you’re on k8s
-
Is Jenkins still the king?
If you want a step up, I would recommend trying out Tekton Pipelines. It’s a very popular ci tool, and it runs on Kubernetes. Yes, this would involve setting up a Kubernetes cluster but please don’t run for the hills! You can setup a Kubernetes cluster and install Tekton on top of it with minimal setup using minikube (see here. This would be a great joint exercise as it will give you a bit of Kubernetes understanding alongside it, and the mechanisms of Tekton are a little trickier than GitHub actions imo. It’s all much the same though.
- Is there a way to run a one-off pod that would work as a command line tool?
-
K8s powered Git push deployments
I've recently found this quote by Kelsey Hightower:
"I'm convinced the majority of people managing infrastructure just want a PaaS. The only requirement: it has to be built by them."
Source: https://twitter.com/kelseyhightower/status/85193508753294540...
In the last few weeks, I've experimented a bit with Flux (https://fluxcd.io/), Tekton (https://tekton.dev/) and Cloud Native Buildpacks (https://buildpacks.io/) on how to provide K8s powered git push deployments without using a dedicated CI/CD server.
My project is still in early alpha stage and just a proof of concept :-) My vision is to expand it into an Open Source PaaS in the future.
Do you think the above quote is true? What does an open source PaaS need to be like in order to be accepted by software developers?
Some other projects have been discontinued in the past (like Flynn or Deis) or were created before the Kubernetes era.
Is it the right direction to provide a Heroku like solution based on K8s or is it better to provide an Open Source Infrastructure as Code library with building blocks to avoid everything from scratch?
What are some alternatives?
cosign - Code signing and transparency for containers and binaries
dagger - Application Delivery as Code that Runs Anywhere
net-monitor - The sample net-monitor software, used as samples in Notary v2 (https://github.com/notaryproject/notaryproject)
argo-cd - Declarative Continuous Deployment for Kubernetes
ratify - Artifact Ratification Framework
kubevela - The Modern Application Platform.
grafeas - Artifact Metadata API
tekton-argocd-poc - This a PoC using Tekton (for CI) and ArgoCD (CD). It uses a local k8s cluster (K3D)
secure-supply-chain-on-aks - Learn how to use open-source tools to secure your container deployments on Azure Kubernetes Service.
NUKE - 🏗 The AKEless Build System for C#/.NET
distribution - distribution with reference types
skaffold - Easy and Repeatable Kubernetes Development