The forge suite is a collection of tools to automate tasks by tracking updates on a remote repository.
forgebuild is a task runner which pulls updates from remote repositories (git, mercurial), while
forgehook is a notification system to push updates received from a repository via webhooks.
forgehook can be hooked to forgebuild to trigger tasks automatically when updates are received, but both tools can be useful on their own and integrate with your own tooling. If either tool gets in your way instead of easing your life, this is considered a bug and should be addressed.
Solo, unprivileged CI/CD
This project was started because popular CI/CD distributions (such as Drone CI or Gitlab CI) are very convoluted systems, deeply tied to an ecosystem. The forge suite aims to be more portable and to easily integrate into your own ecosystem.
All of these CI/CD plateforms consider the repository itself should contain the tasks to be run, for example in a
.gitlab-ci.yml file. This top-down deployment model is well suited to an organization controling the whole of its software supply chain, but is a severe restriction to 3rd party involvement, which mostly hinders volunteer-run projects.
The forge suite adopts an opposite approach, where anyone can receive updates from remote repositories, and run the tasks they wish. This allows anyone within or without your projects to setup new test suites, benchmarks, and integrations. The applications are endless and should benefit your projects in many ways.
Don't wait for the maintainers for permission, just forge on!
- Security through simplicity: everything can be understood, and audited
- Composability: the tools should not get in your way, under any circumstance
- Specification: multiple implementations exist for each tool, following their respective specifications
Code Of Conduct
This project abides by the ~fr operating principles.
While the forge suite aims at security through simplicity, there may be ways it will bite you. Please don't use these tools for any sensitive project just yet, as we have not received a security audit.
In the future, we will support a secure software supply chain through PGP signatures, inspired by GNU Guix's channel introductions.
Everything is licensed under GPLv3, unless noted otherwise. The logo is an exception, as I have merely copied it from the Internet.