24 个仓库
The ability to execute shell commands and binaries within a controlled container environment during a build.
Distinct from Host-to-Container Execution: Shortlist candidates focus on host-to-container or non-root specifically; this is the general build-time execution capability.
Explore 24 awesome GitHub repositories matching devops & infrastructure · Container Command Execution. Refine with filters or upvote what's useful.
Buildkit is a programmable container build toolkit and OCI container image builder that converts build definitions into concurrent dependency graphs for image construction. It functions as an OCI image distribution engine, capable of generating container images and exporting artifacts to local storage or remote registries. The project is distinguished by its use of a low-level binary intermediate representation to decouple high-level build languages from the execution engine. It supports multi-platform image builds through user-mode architecture emulation and provides a distributed build cach
Executes build commands inside containers with custom arguments, environment variables, and user permissions.
pkgx is a cross-platform tool orchestrator and portable package runner that enables the execution of specific software versions without requiring permanent installation on the host system. It functions as a multi-ecosystem package wrapper, providing a unified interface to launch tools and managers from various language ecosystems. The project serves as an ephemeral environment provider and script dependency manager, allowing users to declare and automatically inject required software versions into scripts via a shebang line. This allows for the bootstrapping of temporary shells and containers
Executes software tools within container environments to ensure complete isolation from the host operating system.
Cog is a machine learning packaging tool and containerized model wrapper that bundles models and their dependencies into standardized Docker containers. It functions as an environment manager and inference server, ensuring consistent model execution across different hardware systems by resolving GPU drivers, system libraries, and Python dependencies. The project distinguishes itself by automatically generating RESTful HTTP servers and OpenAPI schemas based on defined model input and output types. It manages large model weights as external fixtures to optimize image size and utilizes a slot-ba
Enables the execution of arbitrary shell commands and interactive shells within a controlled container environment.
Phusion/baseimage-docker is a minimal Ubuntu-based Docker base image that includes a proper init system for managing multiple services and processes inside a single container. It provides a lightweight init process that reaps zombie processes, forwards stop signals for graceful shutdown, and supervises daemons through runit, restarting them automatically if they crash. The image includes a preconfigured OpenSSH server restricted to public-key authentication for secure shell access to running containers, along with a cron daemon for scheduling recurring tasks. It supports ordered startup scrip
Executes a single command inside a new container after starting all system services and process supervisors.
Buildah 是一个无守护进程的容器工具,用于构建和管理符合 OCI 标准的容器镜像。它作为一个命令行实用程序,无需后台进程或 root 权限即可创建和修改镜像。 该工具将 Dockerfile 指令转换为标准镜像,并允许通过提交运行中容器的状态来生成镜像。它支持从头开始或从基础镜像创建镜像,确保所有输出符合 Open Container Initiative(OCI)的可移植性规范。 除了镜像构建,它还提供本地镜像生命周期管理功能,包括标记、重命名以及在注册表之间移动镜像。它还通过将根文件系统挂载到主机目录以进行文件编辑和元数据配置,实现了对容器文件系统的直接操作。
Allows running processes inside a working container to install software or modify environment state during a build.
Testcontainers for Java is a library for launching and managing disposable Docker containers to provide isolated dependencies for automated tests. It provides specialized provisioners for containerized databases, a manager for WebDriver browser containers, and an orchestrator for deploying multi-container applications via Docker Compose. The project ensures reproducible data states through database schema initialization and provides integration with JUnit to manage the lifecycle of external services. It supports automated browser testing by launching Selenium containers with the ability to re
Provides a mechanism to run arbitrary shell commands inside a running container via the Docker exec API.
Mamba is a package manager for scientific and data science workflows that implements a high-performance dependency solver in C++. It uses a SAT-based resolution model and a specialized library for metadata processing to calculate compatible package versions across different operating systems. The project provides a standalone executable runtime, allowing the creation of isolated package environments without requiring a pre-existing system installation. It ensures reproducible environment setup by utilizing lock files to pin exact package versions and channels. The system supports containeriz
Executes installation and runtime commands within pre-configured container images to prevent host system contamination.
Concourse is a container-based continuous integration and delivery platform that functions as a distributed build system. It operates as a declarative pipeline orchestrator, using a central controller and multiple worker nodes to execute concurrent tasks within isolated containers. The system distinguishes itself by executing every build step in a separate container to ensure environment consistency and by defining software delivery sequences through portable, versionable configuration files. It provides a web-based pipeline visualizer to display the real-time status and progress of automated
Executes every build step inside a fresh, isolated container to ensure environment consistency.
Youki is a low-level container runtime written in Rust that creates and manages isolated containers according to Open Container Initiative specifications. It serves as an execution engine that can function as a rootless container manager or a pluggable Kubernetes CRI runtime to manage pods and containers within a cluster. The project distinguishes itself by providing a Wasm container runtime capable of executing WebAssembly modules as isolated workloads compatible with standard orchestration tools. It further supports a rootless execution model, allowing isolated environments to start as non-
Runs containers and pods using compatible sandboxes to isolate processes and manage hardware resources.
This project is a collection of curated and standardized Docker base images that serve as reliable starting points for building containerized applications. It functions as an OCI container image repository and a build template library, providing a central source of truth for images that adhere to Open Container Initiative standards for portability. The project utilizes an automated image lifecycle pipeline to build, tag, and push images, ensuring that dependencies remain current and security patches are applied. It specifically supports cross-platform distribution by providing a multi-archite
Executes shell commands and binaries within a controlled environment to create new image layers during builds.
Osmedeus is a security workflow orchestration engine that coordinates AI agents, shell commands, and scanning tools through declarative YAML pipelines. It functions as a distributed security scanner, a declarative workflow automator, and an AI agent framework for security, enabling automated multi-step security analysis with conditional branching, parallel execution, and distributed workers. The engine distinguishes itself through a hybrid runner model that executes workflow steps on the local host, inside Docker containers, or over SSH to remote machines, selected per step or module. It supp
Runs commands inside a Docker container, supporting both ephemeral and persistent execution modes.
CRI-O is an open-source container runtime that implements the Kubernetes Container Runtime Interface (CRI) to manage container images, pods, and containers on cluster nodes using OCI-compatible runtimes. It serves as a node-level container manager that handles image pulling, container lifecycle, and resource monitoring for Kubernetes clusters, running containers according to the Open Container Initiative specifications. The runtime distinguishes itself through live configuration reloading that applies changes to runtime definitions, registry mirrors, and TLS certificates without restarting th
Runs arbitrary commands inside a running container via the exec interface, enabling debugging and administrative tasks.
Incus is a unified orchestration platform for managing system containers, OCI application containers, and virtual machines through a single control plane. It brings together cluster infrastructure management, secure multi-tenancy, software-defined networking, and pluggable storage backend orchestration into one cohesive system exposed via a full REST API and command-line interface. What distinguishes Incus is its ability to run multiple instance types side by side—full Linux system containers, OCI application containers, and QEMU virtual machines—all managed with consistent tooling. Networkin
Runs commands inside running containers or virtual machines via the client, enabling shell access without network connectivity.
本项目是一个基于容器的工作区编排器,也是使用 Docker 定义开发环境的标准。它提供了一种自动化构建、启动和管理隔离工具链的机制,确保软件依赖和运行时与本地主机系统分离。 该系统支持通过源代码控制分发环境定义、编辑器设置和工具链配置。这确保了跨团队的可移植性和标准化,允许贡献者在不同机器上实例化相同的工作区。它还通过将本地编辑器连接到远程服务器上托管的 Docker 引擎,支持远程容器开发。 该工具集涵盖了通过自定义 Dockerfile 和配置文件进行的工作区配置,以及用于启动、停止和附加到容器的生命周期管理。它包括将本地文件夹挂载到隔离卷、将网络端口转发到主机以及直接在容器化环境中执行编辑器扩展的功能。 该工具提供用于构建容器镜像、编排环境启动和执行远程命令的命令行实用程序。
Executes specific processes or scripts inside a running container from an external terminal.
Zinit 是一个 Zsh 插件管理器,用于下载、加载和更新 Z shell 的扩展和代码片段。它充当性能优化器、Shell 二进制安装器和补全管理器,为 Shell 生命周期自动化和 Tab 补全定义注册提供了一个框架。 该项目通过字节码编译、配置缓存和延迟加载等高级启动优化技术脱颖而出,显著缩短了 Shell 启动时间。它还通过支持在无需完整仓库安装的情况下加载远程代码片段,以及利用 Shell 模拟层确保与非原生语法的兼容性,从而优化了插件执行模型。 该管理器的更广泛能力包括通过安装钩子(hooks)实现插件生命周期自动化、将编译后的二进制文件部署到专用前缀目录,以及根据环境条件动态激活插件。它还提供了使用命名管道管理后台服务、监控插件活动以及执行加载性能分析的工具。
Runs custom shell commands, makefiles, or configure scripts immediately after cloning or updating a plugin.
Veewee 是一个用于自动化生成和打包跨多个虚拟机管理程序的自定义虚拟机镜像的框架。它作为一个虚拟机镜像构建器、操作系统安装自动化工具和镜像转换器,能够为 KVM、Vagrant 和 VMware 生成配置好的镜像。 该工具的独特之处在于使用远程桌面按键注入直接向客户机缓冲区模拟键盘输入,从而自动化通常需要手动交互的安装过程。它还通过多提供商导出系统支持创建自定义基础镜像 (base boxes) 和便携式镜像格式。 该项目涵盖了镜像构建管道,包括 ISO 管理、基于 YAML 的机器规范和模板驱动的配置生成。其功能范围扩展到硬件参数配置、顺序安装后脚本编写以及构建验证,以确保组件安装正确。
Executes a sequential series of shell scripts inside a guest VM after the primary OS installation is complete.
Baserow is a self-hosted, no-code relational database platform built on PostgreSQL. It provides a spreadsheet-like interface for structuring and managing data without writing code, while exposing all database resources via a REST API to support headless architectures. The platform distinguishes itself by integrating large language models and embedding servers to power AI assistants and automated data generation. It further extends its utility as a no-code application builder, allowing users to create custom internal portals, dashboards, and business tools using visual logic and managed data.
Enables the execution of administrative database operations via a CLI on live containers.
dpanel 是一个基于 Web 的 Docker 管理界面和远程服务器管理器。它作为一个容器生命周期工具和编排器,用于使用 Docker Compose 配置文件和应用程序商店部署多容器应用程序。 该项目作为一个中央管理控制台,能够通过 API 或 SSH 连接控制跨多个远程服务器的容器。它包括一个集成的宿主机文件系统浏览器,用于通过 SSH 和 SFTP 访问远程机器上的文件和文件夹。 该平台涵盖了容器镜像工作流,包括构建自定义镜像和更新现有容器。它提供了使用标签组织容器、管理网络访问和 SSL 证书以及通过细粒度权限和多用户账户控制用户访问的功能。其他功能包括用于自动化容器操作的任务调度和界面自定义。
Automates periodic container operations by mapping predefined configuration templates to trigger intervals.
Ofelia is a recurring job scheduler designed to run commands inside Docker containers or directly on the host system using a defined timetable. It functions as a configuration engine that reads job schedules and commands from container labels, a concurrency guard to prevent overlapping task executions, and a log router for reporting job outcomes. The system distinguishes itself by using a label-based configuration model, allowing job schedules and execution logic to be defined within container metadata rather than external configuration files. It employs a lock-based concurrency control mecha
Provides a system for automating recurring commands inside Docker containers using a defined timetable.
mini-swe-agent is an autonomous software engineering system designed to develop features and fix bugs by combining large language models with a bash interface. It operates as an agentic framework that executes coding tasks and documentation updates through a continuous cycle of model reasoning and tool execution. The project differentiates itself with a strong focus on safety and evaluation, utilizing container-based sandbox execution via Docker or Singularity to isolate command execution. It includes a batch-parallel evaluation harness to measure code-fixing accuracy against standardized sof
Enables the execution of shell commands inside Singularity containers using writable sandboxes.