24 repositorios
The ability to execute shell commands and binaries within a controlled container environment during a build.
Distinct from Host-to-Container Execution: Shortlist candidates focus on host-to-container or non-root specifically; this is the general build-time execution capability.
Explore 24 awesome GitHub repositories matching devops & infrastructure · Container Command Execution. Refine with filters or upvote what's useful.
Buildkit is a programmable container build toolkit and OCI container image builder that converts build definitions into concurrent dependency graphs for image construction. It functions as an OCI image distribution engine, capable of generating container images and exporting artifacts to local storage or remote registries. The project is distinguished by its use of a low-level binary intermediate representation to decouple high-level build languages from the execution engine. It supports multi-platform image builds through user-mode architecture emulation and provides a distributed build cach
Executes build commands inside containers with custom arguments, environment variables, and user permissions.
pkgx is a cross-platform tool orchestrator and portable package runner that enables the execution of specific software versions without requiring permanent installation on the host system. It functions as a multi-ecosystem package wrapper, providing a unified interface to launch tools and managers from various language ecosystems. The project serves as an ephemeral environment provider and script dependency manager, allowing users to declare and automatically inject required software versions into scripts via a shebang line. This allows for the bootstrapping of temporary shells and containers
Executes software tools within container environments to ensure complete isolation from the host operating system.
Cog is a machine learning packaging tool and containerized model wrapper that bundles models and their dependencies into standardized Docker containers. It functions as an environment manager and inference server, ensuring consistent model execution across different hardware systems by resolving GPU drivers, system libraries, and Python dependencies. The project distinguishes itself by automatically generating RESTful HTTP servers and OpenAPI schemas based on defined model input and output types. It manages large model weights as external fixtures to optimize image size and utilizes a slot-ba
Enables the execution of arbitrary shell commands and interactive shells within a controlled container environment.
Phusion/baseimage-docker is a minimal Ubuntu-based Docker base image that includes a proper init system for managing multiple services and processes inside a single container. It provides a lightweight init process that reaps zombie processes, forwards stop signals for graceful shutdown, and supervises daemons through runit, restarting them automatically if they crash. The image includes a preconfigured OpenSSH server restricted to public-key authentication for secure shell access to running containers, along with a cron daemon for scheduling recurring tasks. It supports ordered startup scrip
Executes a single command inside a new container after starting all system services and process supervisors.
Buildah es una herramienta de contenedores sin demonio utilizada para construir y gestionar imágenes de contenedores compatibles con OCI. Funciona como una utilidad de línea de comandos que crea y modifica imágenes sin requerir un proceso en segundo plano ni privilegios de root. La herramienta transforma las instrucciones de Dockerfile en imágenes estándar y permite la generación de imágenes mediante la confirmación del estado de un contenedor en ejecución. Admite la creación de imágenes desde cero o imágenes base, asegurando que toda la salida cumpla con las especificaciones de la Open Container Initiative para la portabilidad. Más allá de la construcción de imágenes, proporciona capacidades para la gestión del ciclo de vida de imágenes locales, incluyendo etiquetado, cambio de nombre y movimiento de imágenes entre registros. También permite la manipulación directa de sistemas de archivos de contenedores mediante el montaje de sistemas de archivos raíz en el directorio host para la edición de archivos y la configuración de metadatos.
Allows running processes inside a working container to install software or modify environment state during a build.
Testcontainers for Java is a library for launching and managing disposable Docker containers to provide isolated dependencies for automated tests. It provides specialized provisioners for containerized databases, a manager for WebDriver browser containers, and an orchestrator for deploying multi-container applications via Docker Compose. The project ensures reproducible data states through database schema initialization and provides integration with JUnit to manage the lifecycle of external services. It supports automated browser testing by launching Selenium containers with the ability to re
Provides a mechanism to run arbitrary shell commands inside a running container via the Docker exec API.
Mamba is a package manager for scientific and data science workflows that implements a high-performance dependency solver in C++. It uses a SAT-based resolution model and a specialized library for metadata processing to calculate compatible package versions across different operating systems. The project provides a standalone executable runtime, allowing the creation of isolated package environments without requiring a pre-existing system installation. It ensures reproducible environment setup by utilizing lock files to pin exact package versions and channels. The system supports containeriz
Executes installation and runtime commands within pre-configured container images to prevent host system contamination.
Concourse is a container-based continuous integration and delivery platform that functions as a distributed build system. It operates as a declarative pipeline orchestrator, using a central controller and multiple worker nodes to execute concurrent tasks within isolated containers. The system distinguishes itself by executing every build step in a separate container to ensure environment consistency and by defining software delivery sequences through portable, versionable configuration files. It provides a web-based pipeline visualizer to display the real-time status and progress of automated
Executes every build step inside a fresh, isolated container to ensure environment consistency.
Youki is a low-level container runtime written in Rust that creates and manages isolated containers according to Open Container Initiative specifications. It serves as an execution engine that can function as a rootless container manager or a pluggable Kubernetes CRI runtime to manage pods and containers within a cluster. The project distinguishes itself by providing a Wasm container runtime capable of executing WebAssembly modules as isolated workloads compatible with standard orchestration tools. It further supports a rootless execution model, allowing isolated environments to start as non-
Runs containers and pods using compatible sandboxes to isolate processes and manage hardware resources.
This project is a collection of curated and standardized Docker base images that serve as reliable starting points for building containerized applications. It functions as an OCI container image repository and a build template library, providing a central source of truth for images that adhere to Open Container Initiative standards for portability. The project utilizes an automated image lifecycle pipeline to build, tag, and push images, ensuring that dependencies remain current and security patches are applied. It specifically supports cross-platform distribution by providing a multi-archite
Executes shell commands and binaries within a controlled environment to create new image layers during builds.
Osmedeus is a security workflow orchestration engine that coordinates AI agents, shell commands, and scanning tools through declarative YAML pipelines. It functions as a distributed security scanner, a declarative workflow automator, and an AI agent framework for security, enabling automated multi-step security analysis with conditional branching, parallel execution, and distributed workers. The engine distinguishes itself through a hybrid runner model that executes workflow steps on the local host, inside Docker containers, or over SSH to remote machines, selected per step or module. It supp
Runs commands inside a Docker container, supporting both ephemeral and persistent execution modes.
CRI-O is an open-source container runtime that implements the Kubernetes Container Runtime Interface (CRI) to manage container images, pods, and containers on cluster nodes using OCI-compatible runtimes. It serves as a node-level container manager that handles image pulling, container lifecycle, and resource monitoring for Kubernetes clusters, running containers according to the Open Container Initiative specifications. The runtime distinguishes itself through live configuration reloading that applies changes to runtime definitions, registry mirrors, and TLS certificates without restarting th
Runs arbitrary commands inside a running container via the exec interface, enabling debugging and administrative tasks.
Incus is a unified orchestration platform for managing system containers, OCI application containers, and virtual machines through a single control plane. It brings together cluster infrastructure management, secure multi-tenancy, software-defined networking, and pluggable storage backend orchestration into one cohesive system exposed via a full REST API and command-line interface. What distinguishes Incus is its ability to run multiple instance types side by side—full Linux system containers, OCI application containers, and QEMU virtual machines—all managed with consistent tooling. Networkin
Runs commands inside running containers or virtual machines via the client, enabling shell access without network connectivity.
Este proyecto es un orquestador de espacios de trabajo basado en contenedores y un estándar para definir entornos de desarrollo utilizando Docker. Proporciona un mecanismo para automatizar la construcción, lanzamiento y gestión de toolchains aislados, asegurando que las dependencias de software y los tiempos de ejecución estén separados del sistema host local. El sistema permite la distribución de definiciones de entorno, configuraciones de editor y configuraciones de toolchain a través del control de versiones. Esto garantiza la portabilidad y estandarización entre equipos, permitiendo a los colaboradores instanciar espacios de trabajo idénticos en diferentes máquinas. También admite el desarrollo en contenedores remotos conectando un editor local a motores Docker alojados en servidores remotos. El conjunto de herramientas cubre el aprovisionamiento de espacios de trabajo a través de Dockerfiles y archivos de configuración personalizados, junto con la gestión del ciclo de vida para iniciar, detener y adjuntar contenedores. Incluye capacidades para montar carpetas locales en volúmenes aislados, reenviar puertos de red al host y ejecutar extensiones de editor directamente dentro del entorno contenerizado. La herramienta proporciona utilidades de línea de comandos para construir imágenes de contenedores, orquestar el inicio del entorno y ejecutar comandos remotos.
Executes specific processes or scripts inside a running container from an external terminal.
Zinit es un gestor de plugins para Zsh diseñado para descargar, cargar y actualizar extensiones y fragmentos para la shell Z. Funciona como un optimizador de rendimiento, instalador de binarios de shell y gestor de autocompletado, proporcionando un framework para la automatización del ciclo de vida de la shell y el registro de definiciones de autocompletado con tabulador. El proyecto se distingue por una optimización avanzada del inicio, utilizando compilación de bytecode, caché de configuración y carga diferida para reducir los tiempos de arranque de la shell. Además, diferencia su modelo de ejecución de plugins al soportar la carga de fragmentos de código remotos individuales sin requerir instalaciones completas de repositorios y al utilizar capas de emulación de shell para asegurar la compatibilidad con sintaxis no nativa. Las capacidades más amplias del gestor incluyen la automatización de los ciclos de vida de los plugins mediante hooks de instalación, el despliegue de binarios compilados en directorios de prefijo dedicados y la activación dinámica de plugins basada en condiciones ambientales. También proporciona herramientas para gestionar servicios en segundo plano mediante tuberías con nombre, monitorear la actividad de los plugins y realizar análisis de rendimiento de carga.
Runs custom shell commands, makefiles, or configure scripts immediately after cloning or updating a plugin.
Veewee es un framework para automatizar la generación y empaquetado de imágenes de máquinas virtuales personalizadas a través de múltiples hipervisores. Sirve como un constructor de imágenes de máquinas virtuales, automatizador de instalación de SO y convertidor de imágenes capaz de producir imágenes configuradas para KVM, Vagrant y VMware. La herramienta se diferencia al utilizar la inyección de pulsaciones de teclas de escritorio remoto para simular entradas de teclado directamente en el búfer de la máquina invitada, automatizando instalaciones que normalmente requieren interacción manual. Además, permite la creación de cajas base personalizadas y formatos de imagen portátiles a través de un sistema de exportación multiproveedor. El proyecto cubre pipelines de construcción de imágenes, incluyendo gestión de ISO, especificaciones de máquina basadas en YAML y generación de configuración basada en plantillas. Su superficie de capacidad se extiende a la configuración de parámetros de hardware, scripts de post-instalación secuenciales y validación de construcción para verificar que los componentes estén instalados correctamente.
Executes a sequential series of shell scripts inside a guest VM after the primary OS installation is complete.
Baserow is a self-hosted, no-code relational database platform built on PostgreSQL. It provides a spreadsheet-like interface for structuring and managing data without writing code, while exposing all database resources via a REST API to support headless architectures. The platform distinguishes itself by integrating large language models and embedding servers to power AI assistants and automated data generation. It further extends its utility as a no-code application builder, allowing users to create custom internal portals, dashboards, and business tools using visual logic and managed data.
Enables the execution of administrative database operations via a CLI on live containers.
dpanel es una interfaz de gestión de Docker basada en web y gestor de servidores remotos. Sirve como una herramienta de ciclo de vida de contenedores y orquestador para desplegar aplicaciones multicontenedor utilizando archivos de configuración de Docker Compose y tiendas de aplicaciones. El proyecto se distingue como una consola de gestión central capaz de controlar contenedores en múltiples servidores remotos a través de conexiones API o SSH. Incluye un navegador de sistema de archivos del host integrado para acceder a archivos y carpetas en máquinas remotas mediante SSH y SFTP. La plataforma cubre flujos de trabajo de imágenes de contenedor, incluyendo la construcción de imágenes personalizadas y la actualización de contenedores existentes. Proporciona capacidades para organizar contenedores con etiquetas, gestionar el acceso a la red y certificados SSL, y controlar el acceso de usuarios a través de permisos granulares y cuentas multiusuario. La funcionalidad adicional incluye la programación de tareas para operaciones automatizadas de contenedores y la personalización de la interfaz.
Automates periodic container operations by mapping predefined configuration templates to trigger intervals.
Ofelia is a recurring job scheduler designed to run commands inside Docker containers or directly on the host system using a defined timetable. It functions as a configuration engine that reads job schedules and commands from container labels, a concurrency guard to prevent overlapping task executions, and a log router for reporting job outcomes. The system distinguishes itself by using a label-based configuration model, allowing job schedules and execution logic to be defined within container metadata rather than external configuration files. It employs a lock-based concurrency control mecha
Provides a system for automating recurring commands inside Docker containers using a defined timetable.
mini-swe-agent is an autonomous software engineering system designed to develop features and fix bugs by combining large language models with a bash interface. It operates as an agentic framework that executes coding tasks and documentation updates through a continuous cycle of model reasoning and tool execution. The project differentiates itself with a strong focus on safety and evaluation, utilizing container-based sandbox execution via Docker or Singularity to isolate command execution. It includes a batch-parallel evaluation harness to measure code-fixing accuracy against standardized sof
Enables the execution of shell commands inside Singularity containers using writable sandboxes.