forge suite

Your DIY/KISS Continuous Integration & Delivery

forge logo

(en) fr

Introduction

The forge suite is a collection of tools to automate tasks by tracking updates on a remote repository. forgebuild is a task runner which pulls updates from remote repositories (git, mercurial), while forgehook is a notification system to push updates received from a repository via webhooks.

forgehook can be hooked to forgebuild to trigger tasks automatically when updates are received, but both tools can be useful on their own and integrate with your own tooling. If either tool gets in your way instead of easing your life, this is considered a bug and should be addressed.

Usecases

Multi-user CI/CD

Diagram showing the forge sending a webhook to the endpoint, which validates it then passes the information to forgehook, which notifies subscribers, triggering forgebuild tasks

Solo, unprivileged CI/CD

Diagram showing the forge sending a webhook to the endpoint, which validates it then passes the information to forgebuild, triggering tasks

Motivations

This project was started because popular CI/CD distributions (such as Drone CI or Gitlab CI) are very convoluted systems, deeply tied to an ecosystem. The forge suite aims to be more portable and to easily integrate into your own ecosystem.

All of these CI/CD plateforms consider the repository itself should contain the tasks to be run, for example in a .gitlab-ci.yml file. This top-down deployment model is well suited to an organization controling the whole of its software supply chain, but is a severe restriction to 3rd party involvement, which mostly hinders volunteer-run projects.

The forge suite adopts an opposite approach, where anyone can receive updates from remote repositories, and run the tasks they wish. This allows anyone within or without your projects to setup new test suites, benchmarks, and integrations. The applications are endless and should benefit your projects in many ways.

Don't wait for the maintainers for permission, just forge on!

Principles

Code Of Conduct

This project abides by the ~fr operating principles.

Security

While the forge suite aims at security through simplicity, there may be ways it will bite you. Please don't use these tools for any sensitive project just yet, as we have not received a security audit.

In the future, we will support a secure software supply chain through PGP signatures, inspired by GNU Guix's channel introductions.

License

Everything is licensed under GPLv3, unless noted otherwise. The logo is an exception, as I have merely copied it from the Internet.