24 Repos
The ability to execute shell commands and binaries within a controlled container environment during a build.
Distinct from Host-to-Container Execution: Shortlist candidates focus on host-to-container or non-root specifically; this is the general build-time execution capability.
Explore 24 awesome GitHub repositories matching devops & infrastructure · Container Command Execution. Refine with filters or upvote what's useful.
Buildkit is a programmable container build toolkit and OCI container image builder that converts build definitions into concurrent dependency graphs for image construction. It functions as an OCI image distribution engine, capable of generating container images and exporting artifacts to local storage or remote registries. The project is distinguished by its use of a low-level binary intermediate representation to decouple high-level build languages from the execution engine. It supports multi-platform image builds through user-mode architecture emulation and provides a distributed build cach
Executes build commands inside containers with custom arguments, environment variables, and user permissions.
pkgx is a cross-platform tool orchestrator and portable package runner that enables the execution of specific software versions without requiring permanent installation on the host system. It functions as a multi-ecosystem package wrapper, providing a unified interface to launch tools and managers from various language ecosystems. The project serves as an ephemeral environment provider and script dependency manager, allowing users to declare and automatically inject required software versions into scripts via a shebang line. This allows for the bootstrapping of temporary shells and containers
Executes software tools within container environments to ensure complete isolation from the host operating system.
Cog is a machine learning packaging tool and containerized model wrapper that bundles models and their dependencies into standardized Docker containers. It functions as an environment manager and inference server, ensuring consistent model execution across different hardware systems by resolving GPU drivers, system libraries, and Python dependencies. The project distinguishes itself by automatically generating RESTful HTTP servers and OpenAPI schemas based on defined model input and output types. It manages large model weights as external fixtures to optimize image size and utilizes a slot-ba
Enables the execution of arbitrary shell commands and interactive shells within a controlled container environment.
Phusion/baseimage-docker is a minimal Ubuntu-based Docker base image that includes a proper init system for managing multiple services and processes inside a single container. It provides a lightweight init process that reaps zombie processes, forwards stop signals for graceful shutdown, and supervises daemons through runit, restarting them automatically if they crash. The image includes a preconfigured OpenSSH server restricted to public-key authentication for secure shell access to running containers, along with a cron daemon for scheduling recurring tasks. It supports ordered startup scrip
Executes a single command inside a new container after starting all system services and process supervisors.
Buildah ist ein daemonloses Container-Tool zum Erstellen und Verwalten von OCI-konformen Container-Images. Es fungiert als Kommandozeilen-Utility, das Images erstellt und modifiziert, ohne dass ein Hintergrundprozess oder Root-Rechte erforderlich sind. Das Tool transformiert Dockerfile-Anweisungen in Standard-Images und ermöglicht die Generierung von Images durch das Committen des Zustands eines laufenden Containers. Es unterstützt die Erstellung von Images von Grund auf (scratch) oder aus Basis-Images und stellt sicher, dass alle Ausgaben den Open Container Initiative-Spezifikationen für Portabilität entsprechen. Über die Image-Erstellung hinaus bietet es Funktionen für das lokale Image-Lifecycle-Management, einschließlich Tagging, Umbenennen und Verschieben von Images zwischen Registries. Es ermöglicht zudem die direkte Manipulation von Container-Dateisystemen durch das Mounten von Root-Dateisystemen in das Host-Verzeichnis zur Dateibearbeitung und Metadatenkonfiguration.
Allows running processes inside a working container to install software or modify environment state during a build.
Testcontainers for Java is a library for launching and managing disposable Docker containers to provide isolated dependencies for automated tests. It provides specialized provisioners for containerized databases, a manager for WebDriver browser containers, and an orchestrator for deploying multi-container applications via Docker Compose. The project ensures reproducible data states through database schema initialization and provides integration with JUnit to manage the lifecycle of external services. It supports automated browser testing by launching Selenium containers with the ability to re
Provides a mechanism to run arbitrary shell commands inside a running container via the Docker exec API.
Mamba is a package manager for scientific and data science workflows that implements a high-performance dependency solver in C++. It uses a SAT-based resolution model and a specialized library for metadata processing to calculate compatible package versions across different operating systems. The project provides a standalone executable runtime, allowing the creation of isolated package environments without requiring a pre-existing system installation. It ensures reproducible environment setup by utilizing lock files to pin exact package versions and channels. The system supports containeriz
Executes installation and runtime commands within pre-configured container images to prevent host system contamination.
Concourse is a container-based continuous integration and delivery platform that functions as a distributed build system. It operates as a declarative pipeline orchestrator, using a central controller and multiple worker nodes to execute concurrent tasks within isolated containers. The system distinguishes itself by executing every build step in a separate container to ensure environment consistency and by defining software delivery sequences through portable, versionable configuration files. It provides a web-based pipeline visualizer to display the real-time status and progress of automated
Executes every build step inside a fresh, isolated container to ensure environment consistency.
Youki is a low-level container runtime written in Rust that creates and manages isolated containers according to Open Container Initiative specifications. It serves as an execution engine that can function as a rootless container manager or a pluggable Kubernetes CRI runtime to manage pods and containers within a cluster. The project distinguishes itself by providing a Wasm container runtime capable of executing WebAssembly modules as isolated workloads compatible with standard orchestration tools. It further supports a rootless execution model, allowing isolated environments to start as non-
Runs containers and pods using compatible sandboxes to isolate processes and manage hardware resources.
This project is a collection of curated and standardized Docker base images that serve as reliable starting points for building containerized applications. It functions as an OCI container image repository and a build template library, providing a central source of truth for images that adhere to Open Container Initiative standards for portability. The project utilizes an automated image lifecycle pipeline to build, tag, and push images, ensuring that dependencies remain current and security patches are applied. It specifically supports cross-platform distribution by providing a multi-archite
Executes shell commands and binaries within a controlled environment to create new image layers during builds.
Osmedeus is a security workflow orchestration engine that coordinates AI agents, shell commands, and scanning tools through declarative YAML pipelines. It functions as a distributed security scanner, a declarative workflow automator, and an AI agent framework for security, enabling automated multi-step security analysis with conditional branching, parallel execution, and distributed workers. The engine distinguishes itself through a hybrid runner model that executes workflow steps on the local host, inside Docker containers, or over SSH to remote machines, selected per step or module. It supp
Runs commands inside a Docker container, supporting both ephemeral and persistent execution modes.
CRI-O is an open-source container runtime that implements the Kubernetes Container Runtime Interface (CRI) to manage container images, pods, and containers on cluster nodes using OCI-compatible runtimes. It serves as a node-level container manager that handles image pulling, container lifecycle, and resource monitoring for Kubernetes clusters, running containers according to the Open Container Initiative specifications. The runtime distinguishes itself through live configuration reloading that applies changes to runtime definitions, registry mirrors, and TLS certificates without restarting th
Runs arbitrary commands inside a running container via the exec interface, enabling debugging and administrative tasks.
Incus is a unified orchestration platform for managing system containers, OCI application containers, and virtual machines through a single control plane. It brings together cluster infrastructure management, secure multi-tenancy, software-defined networking, and pluggable storage backend orchestration into one cohesive system exposed via a full REST API and command-line interface. What distinguishes Incus is its ability to run multiple instance types side by side—full Linux system containers, OCI application containers, and QEMU virtual machines—all managed with consistent tooling. Networkin
Runs commands inside running containers or virtual machines via the client, enabling shell access without network connectivity.
Dieses Projekt ist ein containerbasierter Workspace-Orchestrator und ein Standard für die Definition von Entwicklungsumgebungen mittels Docker. Es bietet einen Mechanismus zur Automatisierung des Builds, Starts und der Verwaltung isolierter Toolchains und stellt sicher, dass Software-Abhängigkeiten und Runtimes vom lokalen Host-System getrennt sind. Das System ermöglicht die Verteilung von Umgebungsdefinitionen, Editoreinstellungen und Toolchain-Konfigurationen über die Versionsverwaltung. Dies gewährleistet Portabilität und Standardisierung über Teams hinweg und ermöglicht es Mitwirkenden, identische Workspaces auf verschiedenen Maschinen zu instanziieren. Es unterstützt zudem die Remote-Container-Entwicklung durch die Verbindung eines lokalen Editors mit Docker-Engines, die auf Remote-Servern gehostet werden. Das Toolset deckt die Workspace-Bereitstellung durch benutzerdefinierte Dockerfiles und Konfigurationsdateien ab, zusammen mit dem Lebenszyklusmanagement für das Starten, Stoppen und Anhängen an Container. Es umfasst Funktionen zum Mounten lokaler Ordner in isolierte Volumes, zum Weiterleiten von Netzwerk-Ports an den Host und zum Ausführen von Editor-Erweiterungen direkt innerhalb der containerisierten Umgebung. Das Tool bietet CLI-Dienstprogramme zum Erstellen von Container-Images, zum Orchestrieren des Umgebungsstarts und zum Ausführen von Remote-Befehlen.
Executes specific processes or scripts inside a running container from an external terminal.
Zinit ist ein Zsh-Plugin-Manager, der für das Herunterladen, Laden und Aktualisieren von Erweiterungen und Snippets für die Z-Shell entwickelt wurde. Er fungiert als Performance-Optimierer, Shell-Binary-Installer und Completion-Manager und bietet ein Framework für die Automatisierung des Shell-Lebenszyklus sowie die Registrierung von Tab-Completion-Definitionen. Das Projekt zeichnet sich durch fortgeschrittene Startup-Optimierung aus, wobei Bytecode-Kompilierung, Konfigurations-Caching und verzögertes Laden genutzt werden, um die Shell-Bootzeiten zu verkürzen. Es differenziert sich zudem durch sein Plugin-Ausführungsmodell, das das Sourcing einzelner Remote-Code-Snippets unterstützt, ohne vollständige Repository-Installationen zu erfordern, und Shell-Emulationsschichten nutzt, um Kompatibilität mit nicht-nativer Syntax zu gewährleisten. Die breiteren Funktionen des Managers umfassen die Automatisierung von Plugin-Lebenszyklen mittels Installations-Hooks, das Deployment kompilierter Binärdateien in dedizierte Präfix-Verzeichnisse und die dynamische Aktivierung von Plugins basierend auf Umgebungsbedingungen. Er bietet zudem Tools zur Verwaltung von Hintergrunddiensten mittels Named Pipes, zur Überwachung von Plugin-Aktivitäten und zur Durchführung von Analysen der Lade-Performance.
Runs custom shell commands, makefiles, or configure scripts immediately after cloning or updating a plugin.
Veewee ist ein Framework für die Automatisierung der Generierung und Verpackung benutzerdefinierter virtueller Maschinen-Images über mehrere Hypervisoren hinweg. Es dient als Image-Builder für virtuelle Maschinen, OS-Installations-Automatisierer und Image-Konverter, der in der Lage ist, konfigurierte Images für KVM, Vagrant und VMware zu produzieren. Das Tool differenziert sich durch die Verwendung von Remote-Desktop-Tastatureingabe-Injektion, um Tastatureingaben direkt in den Gastmaschinen-Puffer zu simulieren und Installationen zu automatisieren, die normalerweise manuelle Interaktion erfordern. Es ermöglicht zudem die Erstellung benutzerdefinierter Base-Boxen und portabler Image-Formate durch ein Multi-Provider-Export-System. Das Projekt deckt Image-Building-Pipelines ab, einschließlich ISO-Management, YAML-basierter Maschinenspezifikationen und template-gesteuerter Konfigurationsgenerierung. Sein Funktionsumfang erstreckt sich auf Hardware-Parameterkonfiguration, sequenzielles Post-Installation-Scripting und Build-Validierung, um zu verifizieren, dass Komponenten korrekt installiert sind.
Executes a sequential series of shell scripts inside a guest VM after the primary OS installation is complete.
Baserow is a self-hosted, no-code relational database platform built on PostgreSQL. It provides a spreadsheet-like interface for structuring and managing data without writing code, while exposing all database resources via a REST API to support headless architectures. The platform distinguishes itself by integrating large language models and embedding servers to power AI assistants and automated data generation. It further extends its utility as a no-code application builder, allowing users to create custom internal portals, dashboards, and business tools using visual logic and managed data.
Enables the execution of administrative database operations via a CLI on live containers.
dpanel is a web-based Docker management interface and remote server manager. It serves as a container lifecycle tool and orchestrator for deploying multi-container applications using Docker Compose configuration files and application stores. The project distinguishes itself as a central management console capable of controlling containers across multiple remote servers via API or SSH connections. It includes an integrated host filesystem browser for accessing files and folders on remote machines via SSH and SFTP. The platform covers container image workflows, including building custom images
Automates periodic container operations by mapping predefined configuration templates to trigger intervals.
Ofelia is a recurring job scheduler designed to run commands inside Docker containers or directly on the host system using a defined timetable. It functions as a configuration engine that reads job schedules and commands from container labels, a concurrency guard to prevent overlapping task executions, and a log router for reporting job outcomes. The system distinguishes itself by using a label-based configuration model, allowing job schedules and execution logic to be defined within container metadata rather than external configuration files. It employs a lock-based concurrency control mecha
Provides a system for automating recurring commands inside Docker containers using a defined timetable.
mini-swe-agent is an autonomous software engineering system designed to develop features and fix bugs by combining large language models with a bash interface. It operates as an agentic framework that executes coding tasks and documentation updates through a continuous cycle of model reasoning and tool execution. The project differentiates itself with a strong focus on safety and evaluation, utilizing container-based sandbox execution via Docker or Singularity to isolate command execution. It includes a batch-parallel evaluation harness to measure code-fixing accuracy against standardized sof
Enables the execution of shell commands inside Singularity containers using writable sandboxes.