24 dépôts
The ability to execute shell commands and binaries within a controlled container environment during a build.
Distinct from Host-to-Container Execution: Shortlist candidates focus on host-to-container or non-root specifically; this is the general build-time execution capability.
Explore 24 awesome GitHub repositories matching devops & infrastructure · Container Command Execution. Refine with filters or upvote what's useful.
Buildkit is a programmable container build toolkit and OCI container image builder that converts build definitions into concurrent dependency graphs for image construction. It functions as an OCI image distribution engine, capable of generating container images and exporting artifacts to local storage or remote registries. The project is distinguished by its use of a low-level binary intermediate representation to decouple high-level build languages from the execution engine. It supports multi-platform image builds through user-mode architecture emulation and provides a distributed build cach
Executes build commands inside containers with custom arguments, environment variables, and user permissions.
pkgx is a cross-platform tool orchestrator and portable package runner that enables the execution of specific software versions without requiring permanent installation on the host system. It functions as a multi-ecosystem package wrapper, providing a unified interface to launch tools and managers from various language ecosystems. The project serves as an ephemeral environment provider and script dependency manager, allowing users to declare and automatically inject required software versions into scripts via a shebang line. This allows for the bootstrapping of temporary shells and containers
Executes software tools within container environments to ensure complete isolation from the host operating system.
Cog is a machine learning packaging tool and containerized model wrapper that bundles models and their dependencies into standardized Docker containers. It functions as an environment manager and inference server, ensuring consistent model execution across different hardware systems by resolving GPU drivers, system libraries, and Python dependencies. The project distinguishes itself by automatically generating RESTful HTTP servers and OpenAPI schemas based on defined model input and output types. It manages large model weights as external fixtures to optimize image size and utilizes a slot-ba
Enables the execution of arbitrary shell commands and interactive shells within a controlled container environment.
Phusion/baseimage-docker is a minimal Ubuntu-based Docker base image that includes a proper init system for managing multiple services and processes inside a single container. It provides a lightweight init process that reaps zombie processes, forwards stop signals for graceful shutdown, and supervises daemons through runit, restarting them automatically if they crash. The image includes a preconfigured OpenSSH server restricted to public-key authentication for secure shell access to running containers, along with a cron daemon for scheduling recurring tasks. It supports ordered startup scrip
Executes a single command inside a new container after starting all system services and process supervisors.
Buildah est un outil de conteneur sans démon (daemonless) utilisé pour construire et gérer des images de conteneurs conformes aux spécifications OCI. Il fonctionne comme un utilitaire en ligne de commande qui crée et modifie des images sans nécessiter de processus en arrière-plan ou de privilèges root. L'outil transforme les instructions Dockerfile en images standard et permet la génération d'images en validant l'état d'un conteneur en cours d'exécution. Il prend en charge la création d'images à partir de zéro ou d'images de base, garantissant que toute sortie respecte les spécifications de l'Open Container Initiative pour la portabilité. Au-delà de la construction d'images, il offre des capacités de gestion locale du cycle de vie des images, incluant le taggage, le renommage et le déplacement d'images entre registres. Il permet également la manipulation directe des systèmes de fichiers des conteneurs en montant les systèmes de fichiers racine sur le répertoire hôte pour l'édition de fichiers et la configuration des métadonnées.
Allows running processes inside a working container to install software or modify environment state during a build.
Testcontainers for Java is a library for launching and managing disposable Docker containers to provide isolated dependencies for automated tests. It provides specialized provisioners for containerized databases, a manager for WebDriver browser containers, and an orchestrator for deploying multi-container applications via Docker Compose. The project ensures reproducible data states through database schema initialization and provides integration with JUnit to manage the lifecycle of external services. It supports automated browser testing by launching Selenium containers with the ability to re
Provides a mechanism to run arbitrary shell commands inside a running container via the Docker exec API.
Mamba is a package manager for scientific and data science workflows that implements a high-performance dependency solver in C++. It uses a SAT-based resolution model and a specialized library for metadata processing to calculate compatible package versions across different operating systems. The project provides a standalone executable runtime, allowing the creation of isolated package environments without requiring a pre-existing system installation. It ensures reproducible environment setup by utilizing lock files to pin exact package versions and channels. The system supports containeriz
Executes installation and runtime commands within pre-configured container images to prevent host system contamination.
Concourse is a container-based continuous integration and delivery platform that functions as a distributed build system. It operates as a declarative pipeline orchestrator, using a central controller and multiple worker nodes to execute concurrent tasks within isolated containers. The system distinguishes itself by executing every build step in a separate container to ensure environment consistency and by defining software delivery sequences through portable, versionable configuration files. It provides a web-based pipeline visualizer to display the real-time status and progress of automated
Executes every build step inside a fresh, isolated container to ensure environment consistency.
Youki is a low-level container runtime written in Rust that creates and manages isolated containers according to Open Container Initiative specifications. It serves as an execution engine that can function as a rootless container manager or a pluggable Kubernetes CRI runtime to manage pods and containers within a cluster. The project distinguishes itself by providing a Wasm container runtime capable of executing WebAssembly modules as isolated workloads compatible with standard orchestration tools. It further supports a rootless execution model, allowing isolated environments to start as non-
Runs containers and pods using compatible sandboxes to isolate processes and manage hardware resources.
This project is a collection of curated and standardized Docker base images that serve as reliable starting points for building containerized applications. It functions as an OCI container image repository and a build template library, providing a central source of truth for images that adhere to Open Container Initiative standards for portability. The project utilizes an automated image lifecycle pipeline to build, tag, and push images, ensuring that dependencies remain current and security patches are applied. It specifically supports cross-platform distribution by providing a multi-archite
Executes shell commands and binaries within a controlled environment to create new image layers during builds.
Osmedeus is a security workflow orchestration engine that coordinates AI agents, shell commands, and scanning tools through declarative YAML pipelines. It functions as a distributed security scanner, a declarative workflow automator, and an AI agent framework for security, enabling automated multi-step security analysis with conditional branching, parallel execution, and distributed workers. The engine distinguishes itself through a hybrid runner model that executes workflow steps on the local host, inside Docker containers, or over SSH to remote machines, selected per step or module. It supp
Runs commands inside a Docker container, supporting both ephemeral and persistent execution modes.
CRI-O is an open-source container runtime that implements the Kubernetes Container Runtime Interface (CRI) to manage container images, pods, and containers on cluster nodes using OCI-compatible runtimes. It serves as a node-level container manager that handles image pulling, container lifecycle, and resource monitoring for Kubernetes clusters, running containers according to the Open Container Initiative specifications. The runtime distinguishes itself through live configuration reloading that applies changes to runtime definitions, registry mirrors, and TLS certificates without restarting th
Runs arbitrary commands inside a running container via the exec interface, enabling debugging and administrative tasks.
Incus is a unified orchestration platform for managing system containers, OCI application containers, and virtual machines through a single control plane. It brings together cluster infrastructure management, secure multi-tenancy, software-defined networking, and pluggable storage backend orchestration into one cohesive system exposed via a full REST API and command-line interface. What distinguishes Incus is its ability to run multiple instance types side by side—full Linux system containers, OCI application containers, and QEMU virtual machines—all managed with consistent tooling. Networkin
Runs commands inside running containers or virtual machines via the client, enabling shell access without network connectivity.
Ce projet est un orchestrateur d'espace de travail basé sur des conteneurs et un standard pour définir des environnements de développement utilisant Docker. Il fournit un mécanisme pour automatiser la construction, le lancement et la gestion de toolchains isolées, garantissant que les dépendances logicielles et les runtimes sont séparés du système hôte local. Le système permet la distribution des définitions d'environnement, des paramètres d'éditeur et des configurations de toolchain via le contrôle de version. Cela garantit la portabilité et la standardisation entre les équipes, permettant aux contributeurs d'instancier des espaces de travail identiques sur différentes machines. Il prend également en charge le développement en conteneur distant en connectant un éditeur local à des moteurs Docker hébergés sur des serveurs distants. La boîte à outils couvre le provisionnement de l'espace de travail via des Dockerfiles et des fichiers de configuration personnalisés, ainsi que la gestion du cycle de vie pour démarrer, arrêter et s'attacher aux conteneurs. Elle inclut des capacités pour monter des dossiers locaux dans des volumes isolés, transférer des ports réseau vers l'hôte et exécuter des extensions d'éditeur directement à l'intérieur de l'environnement conteneurisé. L'outil fournit des utilitaires en ligne de commande pour construire des images de conteneurs, orchestrer le démarrage de l'environnement et exécuter des commandes distantes.
Executes specific processes or scripts inside a running container from an external terminal.
Zinit est un gestionnaire de plugins Zsh conçu pour télécharger, charger et mettre à jour des extensions et des snippets pour le shell Z. Il fonctionne comme un optimiseur de performance, un installateur de binaires shell et un gestionnaire de complétion, fournissant un framework pour l'automatisation du cycle de vie du shell et l'enregistrement des définitions de complétion par tabulation. Le projet se distingue par une optimisation avancée du démarrage, utilisant la compilation en bytecode, la mise en cache de configuration et le chargement différé pour réduire les temps de boot du shell. Il différencie davantage son modèle d'exécution de plugins en prenant en charge le sourcing de snippets de code distants individuels sans nécessiter d'installations complètes de dépôts et en utilisant des couches d'émulation shell pour assurer la compatibilité avec une syntaxe non native. Les capacités plus larges du gestionnaire incluent l'automatisation des cycles de vie des plugins via des hooks d'installation, le déploiement de binaires compilés dans des répertoires préfixés dédiés, et l'activation dynamique des plugins basée sur les conditions environnementales. Il fournit également des outils pour gérer les services en arrière-plan utilisant des tubes nommés, surveiller l'activité des plugins et effectuer une analyse des performances de chargement.
Runs custom shell commands, makefiles, or configure scripts immediately after cloning or updating a plugin.
Veewee est un framework pour automatiser la génération et le packaging d'images de machine virtuelle personnalisées à travers de multiples hyperviseurs. Il sert de constructeur d'image de machine virtuelle, d'automatisateur d'installation d'OS et de convertisseur d'image capable de produire des images configurées pour KVM, Vagrant et VMware. L'outil se différencie en utilisant l'injection de frappes clavier de bureau distant pour simuler des entrées clavier directement dans le tampon de la machine invitée, automatisant les installations qui nécessitent généralement une interaction manuelle. Il permet en outre la création de boîtes de base personnalisées et de formats d'image portables via un système d'exportation multi-fournisseur. Le projet couvre des pipelines de construction d'image incluant la gestion ISO, les spécifications de machine basées sur YAML et la génération de configuration pilotée par template. Sa surface de capacité s'étend à la configuration des paramètres matériels, au scripting séquentiel post-installation et à la validation de build pour vérifier que les composants sont installés correctement.
Executes a sequential series of shell scripts inside a guest VM after the primary OS installation is complete.
Baserow is a self-hosted, no-code relational database platform built on PostgreSQL. It provides a spreadsheet-like interface for structuring and managing data without writing code, while exposing all database resources via a REST API to support headless architectures. The platform distinguishes itself by integrating large language models and embedding servers to power AI assistants and automated data generation. It further extends its utility as a no-code application builder, allowing users to create custom internal portals, dashboards, and business tools using visual logic and managed data.
Enables the execution of administrative database operations via a CLI on live containers.
dpanel is a web-based Docker management interface and remote server manager. It serves as a container lifecycle tool and orchestrator for deploying multi-container applications using Docker Compose configuration files and application stores. The project distinguishes itself as a central management console capable of controlling containers across multiple remote servers via API or SSH connections. It includes an integrated host filesystem browser for accessing files and folders on remote machines via SSH and SFTP. The platform covers container image workflows, including building custom images
Automates periodic container operations by mapping predefined configuration templates to trigger intervals.
Ofelia is a recurring job scheduler designed to run commands inside Docker containers or directly on the host system using a defined timetable. It functions as a configuration engine that reads job schedules and commands from container labels, a concurrency guard to prevent overlapping task executions, and a log router for reporting job outcomes. The system distinguishes itself by using a label-based configuration model, allowing job schedules and execution logic to be defined within container metadata rather than external configuration files. It employs a lock-based concurrency control mecha
Provides a system for automating recurring commands inside Docker containers using a defined timetable.
mini-swe-agent is an autonomous software engineering system designed to develop features and fix bugs by combining large language models with a bash interface. It operates as an agentic framework that executes coding tasks and documentation updates through a continuous cycle of model reasoning and tool execution. The project differentiates itself with a strong focus on safety and evaluation, utilizing container-based sandbox execution via Docker or Singularity to isolate command execution. It includes a batch-parallel evaluation harness to measure code-fixing accuracy against standardized sof
Enables the execution of shell commands inside Singularity containers using writable sandboxes.