Self-Hosted CI/CD Build Servers

Harness is an end-to-end developer platform and DevOps orchestration tool designed to automate software build, test, and deployment pipelines. It functions as a CI/CD platform and a source code management system for hosting and managing version-controlled repositories. The platform provides a remote development environment that launches ephemeral, cloud-based coding spaces to ensure standardized setups. It also includes a centralized artifact registry for storing and managing versioned binary packages and container images used in delivery pipelines. The system covers broad capability areas including CI/CD pipeline automation, artifact registry management, and source code management. These services are accessible through a command-line interface and a REST API for external automation and integration.

Drone is a container-based continuous integration and delivery platform, source control management system, and artifact registry. It functions as a hosted workspace provider for cloud-based developer environments and a system for hosting and versioning code repositories. The platform executes build and deployment pipelines within isolated containers, using declarative configurations to automate software delivery. It includes a centralized registry for managing and versioning compiled binaries and build outputs to ensure consistent deployments across environments. The system covers a broad capability surface including event-driven workflow triggering via source control integration, administrative management through a command line interface, and orchestration via a REST API.

Gitea is a self-hosted service designed for managing version control repositories, project issue tracking, and software artifact distribution. It provides a collaborative platform that enables teams to host their own source code, manage development tasks through integrated project boards, and store container images or language-specific packages within a unified environment. The platform distinguishes itself through a built-in automation engine that executes continuous integration and delivery pipelines directly triggered by repository events. It utilizes a background task queue to manage asynchronous operations and interacts directly with the file system for repository storage, ensuring data integrity while maintaining a lightweight footprint. Administrators can oversee the entire instance through a web-based dashboard or via programmatic access to system metadata and configuration. The application architecture supports modular expansion through a plugin-based extension system and processes requests through a middleware-driven pipeline. It is designed for flexible deployment, allowing users to compile the source code into a single executable binary that includes all necessary frontend assets and configuration defaults.

Concourse is a container-based continuous integration and delivery platform that functions as a distributed build system. It operates as a declarative pipeline orchestrator, using a central controller and multiple worker nodes to execute concurrent tasks within isolated containers. The system distinguishes itself by executing every build step in a separate container to ensure environment consistency and by defining software delivery sequences through portable, versionable configuration files. It provides a web-based pipeline visualizer to display the real-time status and progress of automated workflows. The platform covers software delivery orchestration, including automated release management and distributed build scaling. Its capability surface includes artifact management for state persistence between steps, secure worker node registration via encrypted tunnels, and a command-line interface for pipeline control and build triggering. The system supports deployment using containerized configurations for its web interface, worker nodes, and database.

Earthly is a containerized build system and Docker build framework designed for creating reproducible build pipelines. It ensures environment consistency by executing every build step inside an isolated container, combining the isolation of container images with dependency tracking and parallel execution. The system differentiates itself through a focus on hermeticity and multiplatform support, allowing for the generation of container images targeting multiple CPU architectures within a single execution flow. It maintains a hermetic build environment by isolating network access and utilizing a secret-mounting mechanism that injects sensitive data without persisting it in image layers. The project covers a broad range of automation capabilities, including directed acyclic graph orchestration for parallel target execution and content-addressable distributed caching to avoid redundant computations. It further supports monorepo coordination, remote build execution on cloud infrastructure, and the orchestration of containerized integration tests. Earthly provides the ability to inherit specifications from existing Dockerfiles to incorporate them into its own build pipelines.

Dagger is a programmable CI/CD engine and containerized task runner designed to orchestrate build and test pipelines. It functions as an incremental build system that manages containers, filesystems, and secrets through a typed API to ensure consistent execution across local and cloud environments. The engine utilizes a language-agnostic client-server API to allow multi-language pipeline orchestration, enabling the sharing of typed artifacts and state across different SDKs without manual serialization. It optimizes execution through content-addressable caching and a directed acyclic graph to run only the pipeline steps affected by specific changes. The platform covers OCI container orchestration and image management, including pulling and publishing images. It provides integrated secret management, version control integration, and network service coordination with automated liveness probes. Observability is handled through telemetry-driven execution tracing and interactive shell debugging for real-time pipeline state inspection.

This project provides a comprehensive, self-hosted platform for zero-knowledge credential management and enterprise secrets orchestration. It functions as a secure vault that ensures all encryption and decryption processes occur exclusively on the client side, preventing the server from ever accessing plaintext data. By combining identity federation with robust access controls, the system enables organizations to centralize the management of passwords, passkeys, and sensitive infrastructure credentials. The platform distinguishes itself through its focus on both human-centric security and automated machine-to-machine workflows. It supports advanced authentication methods including hardware security keys, passkeys, and biometric unlocking, while simultaneously offering programmatic interfaces for injecting secrets directly into development pipelines and automated infrastructure deployments. This dual-purpose design allows teams to maintain strict data sovereignty through local hosting and containerized deployments while enforcing granular governance across their entire user base. Beyond core storage, the system includes extensive observability and compliance tools, such as immutable audit logging, credential risk analysis, and integration with external security information and event management platforms. It also facilitates secure collaboration through encrypted information sharing, emergency access delegation, and automated identity provisioning. The software is designed for flexible deployment across diverse infrastructure environments and includes command-line utilities for administrative tasks, bulk data migration, and secret retrieval.

This tool is a command-line runner that executes automation workflows locally within isolated container environments. By parsing workflow definition files and translating them into executable shell scripts, it allows developers to validate pipeline logic and configuration changes directly on their machines before committing code to a remote repository. The runner distinguishes itself by providing a simulation engine that mimics remote CI triggers and event payloads, enabling the testing of complex conditional logic without requiring cloud infrastructure. It supports granular control over the execution environment, allowing users to specify custom container images, inject secrets, and map local directory structures to ensure consistent module resolution. Furthermore, it facilitates integration with private enterprise infrastructure by supporting secure authentication and custom container engine configurations. The project provides operational controls for troubleshooting, such as the ability to isolate and execute individual workflow tasks by name. It manages the lifecycle of ephemeral runner instances through standard socket interfaces, ensuring that local development environments remain synchronized with the requirements of production pipelines.

Dokploy is a self-hosted platform-as-a-service designed to simplify the deployment and management of containerized applications and databases. It provides a centralized control plane that decouples administrative management from application workloads, allowing users to oversee infrastructure across multiple server nodes through a unified web interface or a command-line tool. The platform distinguishes itself through an extensive library of pre-configured application templates, enabling the rapid deployment of databases, identity providers, and various productivity or development tools. It supports complex orchestration by allowing users to define multi-container services using standard configuration files, which can be managed through automated build pipelines, Git integration, and real-time performance monitoring. Beyond core deployment, the system includes robust infrastructure management capabilities such as automated backups to external object storage, horizontal and vertical scaling, and granular access control. It also provides secure configuration management, including environment variable synchronization, HTTPS certificate handling, and zero-downtime deployment strategies to ensure application stability and security. The platform is designed for ease of use, offering an interactive API documentation interface and instructional resources to guide users through installation and configuration. It supports a wide range of modern web frameworks and runtimes, providing a flexible environment for hosting and maintaining services on private server hardware.

Dokku is a self-hosted platform as a service that automates the deployment and management of web applications on your own infrastructure. It functions as an infrastructure automation tool, providing a git-driven engine that triggers container builds, service orchestration, and release workflows directly from source code repositories. The platform distinguishes itself by using buildpack-based image construction to detect project structures and automate container creation without manual configuration. It manages the full application lifecycle through a simplified interface that abstracts low-level container runtime commands, while dynamically handling reverse-proxy routing and environment-variable-driven configuration to map traffic and decouple settings from the underlying host. Beyond core deployment, the system provides comprehensive infrastructure lifecycle management, including the automated setup of system dependencies and the configuration of administrative access controls. The platform is designed for modular expansion, allowing users to extend core functionality through a plugin system that hooks into lifecycle events. It is installed on Linux distributions using automated scripts to ensure consistent environment preparation.

This project is a self-hosted platform-as-a-service that provides a centralized management interface for deploying, configuring, and monitoring containerized applications and databases on private infrastructure. It functions as a visual control plane, automating the end-to-end lifecycle of services from source code to production. By managing container orchestration, networking, and resource allocation, it allows users to maintain full control over their own hardware while streamlining the delivery of software. The platform distinguishes itself through its agentless architecture, which uses secure shell connections to execute administrative tasks and manage remote servers without requiring persistent local software. It integrates directly with version control systems to trigger automated build and deployment pipelines, including the creation of temporary, isolated preview environments for every pull request. This workflow is supported by a declarative engine that uses templates to standardize the deployment of complex multi-container architectures and persistent database engines. Beyond core orchestration, the system handles the operational requirements of hosted services by managing dynamic reverse-proxy routing and automated SSL certificate lifecycles. It provides a comprehensive suite of infrastructure management tools, including browser-based terminal access for debugging, automated system dependency installation, and persistent state management via a central database. These capabilities ensure that infrastructure remains synchronized and consistent across multiple remote environments.

CapRover is a self-hosted platform-as-a-service that provides a centralized dashboard for managing containerized applications and databases. It functions as a container orchestration platform, simplifying the deployment, scaling, and networking of services across server environments. By leveraging a reverse-proxy-based architecture, the platform handles domain mapping, traffic routing, and automated SSL certificate lifecycle management to ensure secure, encrypted access for hosted web services. The platform distinguishes itself through its integrated automation capabilities, which include automated deployment pipelines that trigger builds directly from version control repositories. It supports zero-downtime deployments by routing traffic to new containers only after successful health checks. Additionally, the system provides declarative service definitions and template-driven configuration management, allowing users to standardize deployments and inject environment variables or secrets at runtime. Beyond core orchestration, the platform includes tools for persistent storage management, database connectivity, and system monitoring. It offers extensibility through dashboard customization and asset injection, while maintaining operational safety via automated system backups and configuration archiving. Administrative access is secured through authentication mechanisms and firewall configuration to maintain network isolation.