Open Source (Go) implementation of "Zanzibar: Google's Consistent, Global Authorization System".

Overview

ORY Keto - Open Source & Cloud Native Access Control Server

Chat | Forums | Newsletter

Guide | API Docs | Code Docs

Support this project!

Ory Keto is the first and only open source implementation of "Zanzibar: Google's Consistent, Global Authorization System":

Determining whether online users are authorized to access digital objects is central to preserving privacy. This paper presents the design, implementation, and deployment of Zanzibar, a global system for storing and evaluating access control lists. Zanzibar provides a uniform data model and configuration language for expressing a wide range of access control policies from hundreds of client services at Google, including Calendar, Cloud, Drive, Maps, Photos, and YouTube. Its authorization decisions respect causal ordering of user actions and thus provide external consistency amid changes to access control lists and object contents. Zanzibar scales to trillions of access control lists and millions of authorization requests per second to support services used by billions of people. It has maintained 95th-percentile latency of less than 10 milliseconds and availability of greater than 99.999% over 3 years of production use.

Source

If you need to know if a user (or robot, car, service) is allowed to do something - Ory Keto is the right fit for you.

Currently, Ory Keto implements the basic API contracts for managing and checking relations ("permissions") with HTTP and gRPC APIs. Future versions will include features such as userset rewrites (e.g. RBAC-style role-permission models), Zookies, and more. An overview of what is implemented and upcoming can be found at Implemented and Planned Features.

Build Status Coverage Status Go Report Card


Who's using it?

The ORY community stands on the shoulders of individuals, companies, and maintainers. We thank everyone involved - from submitting bug reports and feature requests, to contributing patches, to sponsoring our work. Our community is 1000+ strong and growing rapidly. The ORY stack protects 16.000.000.000+ API requests every month with over 250.000+ active service nodes. We would have never been able to achieve this without each and everyone of you!

The following list represents companies that have accompanied us along the way and that have made outstanding contributions to our ecosystem. If you think that your company deserves a spot here, reach out to [email protected] now!

Please consider giving back by becoming a sponsor of our open source work on Patreon or Open Collective.

Type Name Logo Website
Sponsor Raspberry PI Foundation Raspberry PI Foundation raspberrypi.org
Contributor Kyma Project Kyma Project kyma-project.io
Sponsor ThoughtWorks ThoughtWorks thoughtworks.com
Sponsor Tulip Tulip Retail tulip.com
Sponsor Cashdeck / All My Funds All My Funds cashdeck.com.au
Sponsor 3Rein 3Rein 3rein.com
Contributor Hootsuite Hootsuite hootsuite.com
Adopter * Segment Segment segment.com
Adopter * Arduino Arduino arduino.cc
Adopter * DataDetect Datadetect unifiedglobalarchiving.com/data-detect/
Adopter * Sainsbury's Sainsbury's sainsburys.co.uk
Sponsor OrderMyGear OrderMyGear ordermygear.com
Sponsor Spiri.bo Spiri.bo spiri.bo

We also want to thank all individual contributors

as well as all of our backers

and past & current supporters (in alphabetical order) on Patreon: Alexander Alimovs, Billy, Chancy Kennedy, Drozzy, Edwin Trejos, Howard Edidin, Ken Adler Oz Haven, Stefan Hans, TheCrealm.

* Uses one of ORY's major projects in production.

Installation

Head over to the documentation to learn about ways of installing ORY Keto.

Ecosystem

We build Ory on several guiding principles when it comes to our architecture design:

  • Minimal dependencies
  • Runs everywhere
  • Scales without effort
  • Minimize room for human and network errors

ORY's architecture designed to run best on a Container Orchestration Systems such as Kubernetes, CloudFoundry, OpenShift, and similar projects. Binaries are small (5-15MB) and available for all popular processor types (ARM, AMD64, i386) and operating systems (FreeBSD, Linux, macOS, Windows) without system dependencies (Java, Node, Ruby, libxml, ...).

ORY Kratos: Identity and User Infrastructure and Management

ORY Kratos is an API-first Identity and User Management system that is built according to cloud architecture best practices. It implements core use cases that almost every software application needs to deal with: Self-service Login and Registration, Multi-Factor Authentication (MFA/2FA), Account Recovery and Verification, Profile and Account Management.

ORY Hydra: OAuth2 & OpenID Connect Server

ORY Hydra is an OpenID Certified™ OAuth2 and OpenID Connect Provider which easily connects to any existing identity system by writing a tiny "bridge" application. Gives absolute control over user interface and user experience flows.

ORY Oathkeeper: Identity & Access Proxy

ORY Oathkeeper is a BeyondCorp/Zero Trust Identity & Access Proxy (IAP) with configurable authentication, authorization, and request mutation rules for your web services: Authenticate JWT, Access Tokens, API Keys, mTLS; Check if the contained subject is allowed to perform the request; Encode resulting content into custom headers (X-User-ID), JSON Web Tokens and more!

ORY Keto: Access Control Policies as a Server

ORY Keto is a policy decision point. It uses a set of access control policies, similar to AWS IAM Policies, in order to determine whether a subject (user, application, service, car, ...) is authorized to perform a certain action on a resource.

Security

Disclosing vulnerabilities

If you think you found a security vulnerability, please refrain from posting it publicly on the forums, the chat, or GitHub and send us an email to [email protected] instead.

Telemetry

Our services collect summarized, anonymized data which can optionally be turned off. Click here to learn more.

Guide

The Guide is available here.

HTTP API documentation

The HTTP API is documented here.

Upgrading and Changelog

New releases might introduce breaking changes. To help you identify and incorporate those changes, we document these changes in UPGRADE.md and CHANGELOG.md.

Command line documentation

Run keto -h or keto help.

Develop

We encourage all contributions and encourage you to read our contribution guidelines

Dependencies

You need Go 1.16+ and (for the test suites):

It is possible to develop ORY Keto on Windows, but please be aware that all guides assume a Unix shell like bash or zsh.

Install from source

make install

Formatting Code

You can format all code using make format. Our CI checks if your code is properly formatted.

Running Tests

There are two types of tests you can run:

  • Short tests (do not require a SQL database like PostgreSQL)
  • Regular tests (do require PostgreSQL, MySQL, CockroachDB)
Short Tests

Short tests run fairly quickly. You can either test all of the code at once

go test -short -tags sqlite ./...

or test just a specific module:

go test -tags sqlite -short ./internal/check/...
Regular Tests

Regular tests require a database set up. Our test suite is able to work with docker directly (using ory/dockertest) but we encourage to use the script instead. Using dockertest can bloat the number of Docker Images on your system and starting them on each run is quite slow. Instead we recommend doing:

source ./scripts/test-resetdb.sh
go test -tags sqlite ./...
End-to-End Tests

The e2e tests are part of the normal go test. To only run the e2e test, use

source ./scripts/test-resetdb.sh
go test -tags sqlite ./internal/e2e/...

or add the -short tag to only test against sqlite in-memory.

Build Docker

You can build a development Docker Image using:

make docker
Issues
  • Moving forward with ORY Keto

    Moving forward with ORY Keto

    I recently (re-)discovered the OPA project. This issue is about deprecating the ORY Ladon engine and aligning ORY Keto with OPA. The decision is not yet made and we are looking for valuable input regarding this.

    OPA allows you to write authorization logic using a language specifically designed for that, called rego. Syntax is very go-like. Due to this, OPA is capable of providing all sorts of authorization mechanisms, like RBAC, ABAC, ACL, AWS IAM Policies, and more. In fact, I believe that ORY Ladon's logic is implementable using rego. I'm not sure if that holds true for conditions which still needs verification from my side.

    Let's take a look at the current downsides of each project.

    I believe that policy documents as implemented by ORY Ladon are very powerful, but also very complicated. Many developers struggle with proper resource & action naming. I think that regular expressions have their place here, but many developers struggle with writing and testing regular expressions and variable substitution is very flaky (currently only used in the ORY Oathkeeper adapter for ORY Keto iirc) from a ux perspective. Also, regular expressions do not scale well, especially if read from the database. I think we can fix this with caching, but that is not fixing the problem itself, only the symptom.

    On the same hand, OPA is limited. I think rego is great for developers that really want to jump into this (like me). But it's a new syntax, new language, and new tools. I think the language is not incredibly intuitive and not always readable:

    I believe that policy documents are, in general, quite complicated. In my opinion, rego has a steep learning curve as well. Can you tell me immediately what this does?

    sod_roles = [
        ["create-payment", "approve-payment"],
        ["create-vendor", "pay-vendor"]
    ]
    
    sod_violation[user] {
        role1 = user_role[user][_]
        role2 = user_role[user][_]
        sod_roles[_] = [role1, role2]
    }
    

    At least I can not - the point I'm trying to make is, you have to learn this.

    OPA comes with a REST API but it's really a parser and execution engine. It parses rego files and executes the logic based on data you provide. The result is always true or false, depending on the authorization result.

    The server is limited. It stores everything in-memory so pushing logic to the server is not realistic with more than one server running. Instead, you'll probably have to write a CI pipeline which builds a docker image that has all your policy definitions. IMO that can be very nice, especially if you have rego test as part of that pipeline. But, from my experience, most people do not want or know how to do these things.

    Coming back to policies for a moment: Most developers do not need AWS IAM Policies, simple role management is enough. By the way, the Google Cloud Platform migrated completely to RBAC/ACL as well recently (at least in the UI) - very few people want to deal with complicated JSON documents. And many make mistakes, which is evident due to the many S3 leaks we're seeing recently (caused by misconfigured buckets, well really misconfigured AWS IAM Policies). I think the same would have happened if AWS used rego, or it would have probably caused less people to use this feature at all.

    My vision for ORY Keto is to have a "policy decision point" (someone that says if something is allowed or not) that just works. I also believe that it should be possible to use several well-known patterns out of the box, this includes RBAC, ACL, ABAC and ORY Ladon Policies (for BC compatibility) and well, maybe your own rego definitions? I will experiment this month with different concepts and try to migrate Ladon Policies on top of rego. My preliminary tests showed that we can get a 10x performance improvement for simple use cases. We'll see how well this does for advanced ones.

    We write this software is for you, so please participate in the discussion and leave your ideas and comments below.

    opened by aeneasr 50
  • Keto latency with large number of policies

    Keto latency with large number of policies

    Describe the bug Keto's latency increases with policies and resources

    To Reproduce Steps to reproduce the behavior:

    1. (Optionally) Start with a fresh database
    2. Create 30k regex policies with 1 or more resources
    3. Perform allowed checks
    4. Witness requests take 1-10 seconds to complete

    Expected behavior Access allowed checks under 100ms

    Version:

    • Environment: MacOS Mojave, Postgres 11
    • Version: Master (0.3.1)

    Additional context Initially, I noticed Keto requests taking longer than 1 minute in pods running on Kubernetes when our policy count exceeded 30k. We also had memory issues but it may be unrelated. I was unable to run a memory profile using ppof on our images, the pod would crash OOM before the memory profile was written.

    The policy causing the latency had 16 resources. They all had 2 wildcards. Ex: tenant:<.*>:resource:foo<.*>

    Observations about latency:

    • The number of resources directly affects latency.
    • The number of policies (unused or not) affects latency
    • SERVE_MAX_AGE caused 500 errors with this many policies

    A temporary solution to this would be to split my policy into 16 individual policies, but 1-2 second requests (running locally) still seems extreme.

    bug help wanted 
    opened by jrmullins 23
  • 0.2.2-sandbox+oryOS.10: Unable to initialize compiler: lstat /go: no such file or directory

    0.2.2-sandbox+oryOS.10: Unable to initialize compiler: lstat /go: no such file or directory

    Describe the bug Version [0.2.2-sandbox+oryOS.10] keto serve => Unable to initialize compiler: lstat /go: no such file or directory

    Version [v0.1.9-sandbox+oryOS.9] keto serve => work well

    To Reproduce Steps to reproduce the behavior:

    1. Run keto serve
    2. See error: Unable to initialize compiler: lstat /go: no such file or directory

    Version:

    • Environment: [binaries]
    • Version [0.2.2-sandbox+oryOS.10]
    opened by sevenlure 20
  • Define and architect SQL schema and queries for querying relations

    Define and architect SQL schema and queries for querying relations

    Is your feature request related to a problem? Please describe.

    We need to define all SQL queries required for fetching / querying relations.

    Describe the solution you'd like

    Discuss SQL queries in this issue.

    feat blocking corp/m5 
    opened by aeneasr 19
  • Protobuf APIs & tooling

    Protobuf APIs & tooling

    Is your feature request related to a problem? Please describe.

    Currently we use protoc wich is quite limited. A better tool might be https://github.com/uber/prototool It comes with linting. Also interesting: https://github.com/googleapis/gapic-generator

    We might want to use a gateway to avoid writing REST APIs.

    blocking corp/m5 
    opened by zepatrik 18
  • cmd: Add support for glob matching

    cmd: Add support for glob matching

    Related issue #66

    Proposed changes

    Adds support for the "glob" flavor, following the same patterns as "exact" and "regex".

    Checklist

    • [x] I have read the contributing guidelines
    • [x] I confirm that this pull request does not address a security vulnerability. If this pull request addresses a security vulnerability, I confirm that I got green light (please contact [email protected]) from the maintainers to push the changes.
    • [x] I signed the Developer's Certificate of Origin by signing my commit(s). You can amend your signature to the most recent commit by using git commit --amend -s. If you amend the commit, you might need to force push using git push --force HEAD:<branch>. Please be very careful when using force push.
    • [x] I have added tests that prove my fix is effective or that my feature works
    • [x] I have added necessary documentation within the code base (if appropriate)
    • [x] I have documented my changes in the developer guide (if appropriate) (https://github.com/ory/docs/pull/102)

    Further comments

    opened by rliebz 15
  • Conditional function based on Context Conditions does not Apply

    Conditional function based on Context Conditions does not Apply

    Bug or Unclear Documentation Conditional function based on Context Conditions does not Apply Tested with EqualsSubjectCondition and StringEqualCondition

    To Reproduce Steps to reproduce the behavior:

    1. Create a exact Policie with the resulting Json Response on: /engines/acp/ory/exact/policies
    [{
       "id": "test-users-alice",
       "description": "",
       "subjects": ["users:alice"],
       "resources": ["resources:users:alice"],
       "actions": [ "read", "update"],
       "effect": "allow",
       "conditions": [ {
          "subject": {
             "type": "EqualsSubjectCondition"
          }
       }]
    }]
    
    1. Request on /engines/acp/ory/exact/allowed with the Request Body:
    {
        "action": "read",
        "subject": "users:alice",
        "resource": "resources:users:alice",
        "context": {
            "subject": "users:alice"
        }
    }
    
    1. Results in following Result
    {
        "allowed": false
    }
    

    Expected behavior Expected is to following Result:

    {
        "allowed": true
    }
    

    Version:

    • Environment: Docker
    • Version: oryd/keto:v0.2.2-sandbox_oryOS.10
    bug 
    opened by ppvolto 14
  • feat: Add mapping table for encoding subject into UUIDs

    feat: Add mapping table for encoding subject into UUIDs

    This PR contains first work towards supporting automatic subject/object encodings into UUIDs, as discussed in #792.

    Related issue(s)

    #792

    Checklist

    • [x] I have read the contributing guidelines.
    • [x] I have referenced an issue containing the design document if my change introduces a new feature.
    • [x] I am following the contributing code guidelines.
    • [x] I have read the security policy.
    • [x] I confirm that this pull request does not address a security vulnerability. If this pull request addresses a security. vulnerability, I confirm that I got green light (please contact [email protected]) from the maintainers to push the changes.
    • [x] I have added tests that prove my fix is effective or that my feature works.
    • [ ] I have added or changed the documentation.

    Future work

    In order to complete the work for #792, the following items still need to be adressed (in this or future PRs):

    • [ ] RFC: Should the new encoding be enabled unconditionally, or opt-in as suggested in https://github.com/ory/keto/issues/792#issue-1071582579?
    • [ ] Use the new mapping methods in the API when reading or writing relation tuples.
    opened by hperl 12
  • SQL: make strings variable length

    SQL: make strings variable length

    Currently the column definitions use an arbitrary fixed string length. Researching a bit revealed that there are basically no advantages with that with any of our supported database systems. We should just make those strings variable length to allow applications to use any format they like. Making clear that using huge strings and pointing to the databases' documentation should be enough IMO.

    help wanted good first issue blocking corp/m5 
    opened by zepatrik 12
  • Importing github.com/ory/keto not compatible with Kratos version 0.6.x

    Importing github.com/ory/keto not compatible with Kratos version 0.6.x

    Describe the bug

    When importing Keto we need to do the same replacements that are currently in master branch and in version v0.6.0.

    However, the replacement for kratos-client-go is on version v0.5.4-alpha.1.0.20210210170256-960b093d8bf9 which is not compatible with latest Kratos version.

    When removing this replacement the error

    go: github.com/ory/[email protected] requires
            github.com/ory/[email protected] requires
            github.com/ory/[email protected] requires
            github.com/ory/[email protected] requires
            github.com/ory/[email protected] requires
            github.com/ory/[email protected]: invalid version: unknown revision 000000000000
            
    

    occurs. As long as the replacement is there, it is obviously not possible to update kratos-client-go.

    Reproducing the bug

    Just have a Go project importing github.com/ory/keto v0.6.0-alpha.3, use the replacements (otherwise it's not working anyway) and then try to use kratos-client-go on its latest version.

    Expected behavior

    It should be possible to use latest Kratos (0.6.x) and Keto (0.6.x) version together.

    opened by janiskemper 11
  • glob not working on members of groups

    glob not working on members of groups

    Wildcards in the members of groups are not interpreted as wildcards for flavor glob.

    Applies to recent versions of keto, e.g., to commit db94481.

    The reason seems to be at the end of the file engine/ladon/rego/glob/main.rego in the function match_subjects. The intended implementation is preceded by the implementation for the flavor exact.

    Add something like

    decide_allow([group_policy], [{"id": "groups:6", "members": ["group-*"]}]) with input as {"resource": "articles:6", "subject": "group-member", "action": "actions:6"}

    to main_test.rego for a corresponding test.

    feat help wanted good first issue 
    opened by zd9KgA 11
  • chore(deps): bump actions/setup-go from 2 to 3

    chore(deps): bump actions/setup-go from 2 to 3

    Bumps actions/setup-go from 2 to 3.

    Release notes

    Sourced from actions/setup-go's releases.

    v3.0.0

    What's Changed

    Breaking Changes

    With the update to Node 16, all scripts will now be run with Node 16 rather than Node 12.

    This new major release removes the stable input, so there is no need to specify additional input to use pre-release versions. This release also corrects the pre-release versions syntax to satisfy the SemVer notation (1.18.0-beta1 -> 1.18.0-beta.1, 1.18.0-rc1 -> 1.18.0-rc.1).

    steps:
      - uses: actions/[email protected]
      - uses: actions/[email protected]
        with:
          go-version: '1.18.0-rc.1' 
      - run: go version
    

    Add check-latest input

    In scope of this release we add the check-latest input. If check-latest is set to true, the action first checks if the cached version is the latest one. If the locally cached version is not the most up-to-date, a Go version will then be downloaded from go-versions repository. By default check-latest is set to false. Example of usage:

    steps:
      - uses: actions/[email protected]
      - uses: actions/[email protected]
        with:
          go-version: '1.16'
          check-latest: true
      - run: go version
    

    Moreover, we updated @actions/core from 1.2.6 to 1.6.0

    v2.1.5

    In scope of this release we updated matchers.json to improve the problem matcher pattern. For more information please refer to this pull request

    v2.1.4

    What's Changed

    New Contributors

    Full Changelog: https://github.com/actions/setup-go/compare/v2.1.3...v2.1.4

    v2.1.3

    • Updated communication with runner to use environment files rather then workflow commands

    v2.1.2

    This release includes vendored licenses for this action's npm dependencies.

    ... (truncated)

    Commits
    • b22fbbc Implementation of caching functionality for setup-go action (#228)
    • fcdc436 Update @​zeit/ncc to @​vercel/ncc (#229)
    • 265edc1 Add go-version-file option (#62)
    • 193b404 Successfully set up (#231)
    • 56a61c9 Create ADR for integrating cache functionality to setup-go action (#217)
    • b46db95 Merge pull request #222 from vsafonkin/v-vsafonkin/add-readme-note
    • 3332358 Add note about go building
    • 46eabca Merge pull request #221 from vsafonkin/v-vsafonkin/fix-gopath-condition
    • 0794822 Rename CONDUCT.md and change email inside (#218)
    • ad70bef Fix condition for old go versions
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    opened by dependabot[bot] 0
  • chore(deps): bump EndBug/add-and-commit from 4.4.0 to 9.0.0

    chore(deps): bump EndBug/add-and-commit from 4.4.0 to 9.0.0

    Bumps EndBug/add-and-commit from 4.4.0 to 9.0.0.

    Release notes

    Sourced from EndBug/add-and-commit's releases.

    v9.0.0

    Changed:

    • [BREAKING] The action will now fail when the git commit command fails. (#370)
    • [BREAKING] The action won't try deleting and re-creting tags when it fails to push them, it's now up to you to set the proper arguments (see the tag_push input). (#367)

    Added:

    • tag_push input: you can now set the arguments of the git push --tags command.
    • tag_pushed output: whether the action pushed tags.

    v8.0.2

    Fixed:

    • The commit input is now properly listed in the README. (#360)

    v8.0.1

    Fixed:

    • Fixed a bug that prevented the --allow-empty flag from being used for the commit input. (#352)
    • Fixed README and CHANGELOG docs for the pull input, that were still showing the option to use NO-PULL to prevent pulling (while now it's the default behavior). (#354)
    • Added a paragraph to the FAQs section of the README, that explains how to work with PRs in v8. (#351)

    v8.0.0

    Fixed:

    • [BREAKING] The action will now work with whatever ref has been checked out, without pulling or switching branches by default. You can still pull using the pull input and create a new branch with the newly-added new_branch input. For more info, check commit 6fdb34e.

    Removed:

    • [BREAKING] The signoff input has been removed, use commit instead. (#331)
    • [BREAKING] The pull_strategy input has been removed, use pull instead.
    • [BREAKING] The branch and branch_mode inputs have been removed, check commit 6fdb34e for more info.
    • [BREAKING] The pull input doesn't support NO-PULL anymore: if you don't want the action to pull, simply remove the input, as it's the default behavior now.

    Added:

    • Added the commit input, that allows you to change the arguments for the git commit command. (#331)
    • Added the new_branch input. (6fdb34e)
    • Added the commit_long_sha output. (#349)

    v7.5.0

    Added:

    • Support remote branch creation: use the branch_mode input to make the action create a new branch when there's no branch with the given name on the remote (#329)

    v7.4.0

    Added:

    • Added pull input: you can use it to change the arguments of the git pull command (#294)

    ... (truncated)

    Changelog

    Sourced from EndBug/add-and-commit's changelog.

    [9.0.0] - 2022-03-11

    Changed:

    • [BREAKING] The action will now fail when the git commit command fails. (#370)
    • [BREAKING] The action won't try deleting and re-creting tags when it fails to push them, it's now up to you to set the proper arguments (see the tag_push input). (#367)

    Added:

    • tag_push input: you can now set the arguments of the git push --tags command.
    • tag_pushed output: whether the action pushed tags.

    [8.0.2] - 2022-02-07

    Fixed:

    • The commit input is now properly listed in the README. (#360)

    [8.0.1] - 2022-01-23

    Fixed:

    • Fixed a bug that prevented the --allow-empty flag from being used for the commit input. (#352)
    • Fixed README and CHANGELOG docs for the pull input, that were still showing the option to use NO-PULL to prevent pulling (while now it's the default behavior). (#354)
    • Added a paragraph to the FAQs section of the README, that explains how to work with PRs in v8. (#351)

    [8.0.0] - 2022-01-20

    Fixed:

    • [BREAKING] The action will now work with whatever ref has been checked out, without pulling or switching branches by default. You can still pull using the pull input and create a new branch with the newly-added new_branch input. For more info, check commit 6fdb34e.

    Removed:

    • [BREAKING] The signoff input has been removed, use commit instead. (#331)
    • [BREAKING] The pull_strategy input has been removed, use pull instead.
    • [BREAKING] The branch and branch_mode inputs have been removed, check commit 6fdb34e for more info.
    • [BREAKING] The pull input doesn't support NO-PULL anymore: if you don't want the action to pull, simply remove the input, as it's the default behavior now.

    Added:

    • Added the commit input, that allows you to change the arguments for the git commit command. (#331)
    • Added the new_branch input. (6fdb34e)
    • Added the commit_long_sha output. (#349)

    [7.5.0] - 2021-12-03

    Added:

    • Support remote branch creation: use the branch_mode input to make the action create a new branch when there's no branch with the given name on the remote (#329)

    ... (truncated)

    Commits
    • 050a667 release: v9.0.0
    • 7fbfbfa docs: add Josh-Cena as a contributor for bug (#377)
    • 0b47528 fix!: fail when there's an error while committing (#376)
    • a3279e7 docs: add sconix as a contributor for ideas (#375)
    • 0930a0f docs(README): add tag_push and tag_pushed
    • 0e4f5f6 feat: add tag_push input and tag_pushed output (#374)
    • d67ae5f chore(deps-dev): bump ts-node from 10.5.0 to 10.7.0 (#373)
    • 2cbf8eb chore(deps-dev): bump typescript from 4.5.5 to 4.6.2 (#372)
    • 6d7bd05 chore(deps-dev): bump eslint-config-prettier from 8.4.0 to 8.5.0 (#371)
    • e6dcd77 docs(README): remove "used by" badge
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    opened by dependabot[bot] 0
  • chore(deps): bump actions/stale from 4 to 5

    chore(deps): bump actions/stale from 4 to 5

    Bumps actions/stale from 4 to 5.

    Release notes

    Sourced from actions/stale's releases.

    v5.0.0

    Features

    v4.1.0

    Features

    Changelog

    Sourced from actions/stale's changelog.

    Changelog

    Commits
    • 3cc1237 Merge pull request #670 from actions/thboop/node16upgrade
    • 76e9fbc update node version
    • 6467b96 Update default runtime to node16
    • 8af6051 build(deps-dev): bump jest-circus from 27.2.0 to 27.4.6 (#665)
    • 7a7efca Fix per issue operation count (#662)
    • 04a1828 build(deps-dev): bump ts-jest from 27.0.5 to 27.1.2 (#641)
    • 65ca395 build(deps-dev): bump eslint-plugin-jest from 24.4.2 to 25.3.2 (#639)
    • eee276c build(deps-dev): bump prettier from 2.4.1 to 2.5.1 (#628)
    • 6c2f9f3 Merge pull request #640 from dmitry-shibanov/v-dmshib/fix-check-dist
    • 37323f1 fix check-dist.yml
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    opened by dependabot[bot] 0
  • chore(deps): bump actions/setup-node from 2 to 3

    chore(deps): bump actions/setup-node from 2 to 3

    Bumps actions/setup-node from 2 to 3.

    Release notes

    Sourced from actions/setup-node's releases.

    Update actions/cache version to 2.0.2

    In scope of this release we updated actions/cache package as the new version contains fixes related to GHES 3.5 (actions/setup-node#460)

    v3.0.0

    In scope of this release we changed version of the runtime Node.js for the setup-node action and updated package-lock.json file to v2.

    Breaking Changes

    Fix logic of error handling for npm warning and uncaught exception

    In scope of this release we fix logic of error handling related to caching (actions/setup-node#358) and (actions/setup-node#359).

    In the previous behaviour we relied on stderr output to throw error. The warning messages from package managers can be written to the stderr's output. For now the action will throw an error only if exit code differs from zero. Besides, we add logic to сatch and log unhandled exceptions.

    Adding Node.js version file support

    In scope of this release we add the node-version-file input and update actions/cache dependency to the latest version.

    Adding Node.js version file support

    The new input (node-version-file) provides functionality to specify the path to the file containing Node.js's version with such behaviour:

    • If the file does not exist the action will throw an error.
    • If you specify both node-version and node-version-file inputs, the action will use value from the node-version input and throw the following warning: Both node-version and node-version-file inputs are specified, only node-version will be used.
    • For now the action does not support all of the variety of values for Node.js version files. The action can handle values according to the documentation and values with v prefix (v14)
    steps:
      - uses: actions/[email protected]
      - name: Setup node from node version file
        uses: actions/[email protected]
        with:
          node-version-file: '.nvmrc'
      - run: npm install
      - run: npm test
    

    Update actions/cache dependency to 1.0.8 version.

    We updated actions/cache dependency to the latest version (1.0.8). For more information please refer to the toolkit/cache.

    Add "cache-hit" output

    This release introduces a new output: cache-hit (#327).

    The cache-hit output contains boolean value indicating that an exact match was found for the key. It shows that the action uses already existing cache or not. The output is available only if cache is enabled.

    Support caching for mono repos and repositories with complex structure

    This release introduces dependency caching support for mono repos and repositories with complex structure (#305).

    By default, the action searches for the dependency file (package-lock.json or yarn.lock) in the repository root. Use the cache-dependency-path input for cases when multiple dependency files are used, or they are located in different subdirectories. This input supports wildcards or a list of file names for caching multiple dependencies.

    Yaml example:

    </tr></table> 
    

    ... (truncated)

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    opened by dependabot[bot] 0
  • chore(deps): bump actions/upload-artifact from 2 to 3

    chore(deps): bump actions/upload-artifact from 2 to 3

    Bumps actions/upload-artifact from 2 to 3.

    Release notes

    Sourced from actions/upload-artifact's releases.

    v3.0.0

    What's Changed

    • Update default runtime to node16 (#293)
    • Update package-lock.json file version to 2 (#302)

    Breaking Changes

    With the update to Node 16, all scripts will now be run with Node 16 rather than Node 12.

    v2.3.1

    Fix for empty fails on Windows failing on upload #281

    v2.3.0 Upload Artifact

    • Optimizations for faster uploads of larger files that are already compressed
    • Significantly improved logging when there are chunked uploads
    • Clarifications in logs around the upload size and prohibited characters that aren't allowed in the artifact name or any uploaded files
    • Various other small bugfixes & optimizations

    v2.2.4

    • Retry on HTTP 500 responses from the service

    v2.2.3

    • Fixes for proxy related issues

    v2.2.2

    • Improved retryability and error handling

    v2.2.1

    • Update used actions/core package to the latest version

    v2.2.0

    • Support for artifact retention

    v2.1.4

    • Add Third Party License Information

    v2.1.3

    • Use updated version of the @action/artifact NPM package

    v2.1.2

    • Increase upload chunk size from 4MB to 8MB
    • Detect case insensitive file uploads

    v2.1.1

    • Fix for certain symlinks not correctly being identified as directories before starting uploads

    v2.1.0

    • Support for uploading artifacts with multiple paths
    • Support for using exclude paths
    • Updates to dependencies

    ... (truncated)

    Commits
    • 3cea537 Merge pull request #327 from actions/robherley/artifact-1.1.0
    • 849aa77 nvm use 12 & npm run release
    • 4d39869 recompile with correct ncc version
    • 2e0d362 bump @​actions/artifact to 1.1.0
    • 09a5d6a Merge pull request #320 from actions/dependabot/npm_and_yarn/ansi-regex-4.1.1
    • 189315d Bump ansi-regex from 4.1.0 to 4.1.1
    • d159c2d Merge pull request #297 from actions/dependabot/npm_and_yarn/ajv-6.12.6
    • c26a7ba Bump ajv from 6.11.0 to 6.12.6
    • 6ed6c72 Merge pull request #303 from actions/dependabot/npm_and_yarn/yargs-parser-13.1.2
    • 2aeee26 Bump yargs-parser from 13.1.1 to 13.1.2
    • Additional commits viewable in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    opened by dependabot[bot] 0
  • chore(deps): bump github.com/stretchr/testify from 1.7.0 to 1.7.5 in /proto

    chore(deps): bump github.com/stretchr/testify from 1.7.0 to 1.7.5 in /proto

    Bumps github.com/stretchr/testify from 1.7.0 to 1.7.5.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    opened by dependabot[bot] 0
Releases(v0.8.0-alpha.2)
Open-IM-Server is open source instant messaging Server.Backend in Go.

Open-IM-Server Open-IM-Server: Open source Instant Messaging Server Instant messaging server. Backend in pure Golang, wire transport protocol is JSON

OpenIM Corporation 8.5k Jun 20, 2022
Magma is an open-source software platform that gives network operators an open, flexible and extendable mobile core network solution.

Connecting the Next Billion People Magma is an open-source software platform that gives network operators an open, flexible and extendable mobile core

Magma 1.3k Jun 15, 2022
Open-IM-Server is open source instant messaging Server.Backend in Go.

Open-IM-Server is open source instant messaging Server.Backend in Go.

OpenIM Corporation 8.5k Jun 23, 2022
go-opa-validate is an open-source lib that evaluates OPA (open policy agent) policy against JSON or YAML data.

go-opa-validate go-opa-validate is an open-source lib that evaluates OPA (open policy agent) policy against JSON or YAML data. Installation Usage Cont

chenk 5 Feb 5, 2022
mesh-kridik is an open-source security scanner that performs various security checks on a Kubernetes cluster with istio service mesh and is leveraged by OPA (Open Policy Agent) to enforce security rules.

mesh-kridik Enhance your Kubernetes service mesh security !! mesh-kridik is an open-source security scanner that performs various security checks on a

chenk 22 May 18, 2022
go-opa-validate is an open-source lib that evaluates OPA (open policy agent) policy against JSON or YAML data.

go-opa-validate go-opa-validate is an open-source lib that evaluates OPA (open policy agent) policy against JSON or YAML data. Installation Usage Cont

chenk 5 Feb 5, 2022
An open source re-implementation of Diablo 2

OpenDiablo2 Join us on Discord! Development Live stream Support us on Patreon We are also working on a toolset: https://github.com/OpenDiablo2/HellSpa

OpenDiablo2 10.2k Jun 22, 2022
Open Source (Go) implementation of "Zanzibar: Google's Consistent, Global Authorization System".

Open Source (Go) implementation of "Zanzibar: Google's Consistent, Global Authorization System". Ships gRPC, REST APIs, newSQL, and an easy and granular permission language. Supports ACL, RBAC, and other access models.

Ory 3.4k Jun 28, 2022
Open source re-implementation of the original Resident Evil 2 / Biohazard 2

OpenBiohazard2 Open source re-implementation of the original Resident Evil 2 engine written in Go and OpenGL. You must own a copy of the original game

Samuel Yuan 162 Jun 17, 2022
An open-source re-implementation of Pokémon Red

This project is open source re-implementation of Pokémon Red.

Akatsuki 215 Jun 1, 2022
Project Kebe is the open-source Snap Store implementation.

Introduction Kebe intends to be a full replacement for the Snap Store. Quickstart Once you have an environment setup (for instance using https://githu

Free To Compute 23 Jun 15, 2022
This project is designed to be an open source implementation for streaming desktop games using WebRTC

The aim of this project is develop a WebRTC screenshare designed for streaming video games and accepting remote inputs. There will be ansible instruct

Akilan Selvacoumar 17 May 7, 2022
Headscale - An open source, self-hosted implementation of the Tailscale control server

Headscale - An open source, self-hosted implementation of the Tailscale control server

Juan Font 5k Jun 23, 2022
Apache Traffic Control is an Open Source implementation of a Content Delivery Network

Apache Traffic Control Apache Traffic Control is an Open Source implementation of a Content Delivery Network. Documentation Intro CDN Basics Traffic C

The Apache Software Foundation 780 Jun 21, 2022
An open source Pusher server implementation compatible with Pusher client libraries written in Go

Try browsing the code on Sourcegraph! IPÊ An open source Pusher server implementation compatible with Pusher client libraries written in Go. Why I wro

Hava 0 Oct 15, 2021
An open source Pusher server implementation compatible with Pusher client libraries written in GO

Try browsing the code on Sourcegraph! IPÊ An open source Pusher server implementation compatible with Pusher client libraries written in Go. Why I wro

Claudemiro 353 May 31, 2022
Security research and open source implementation of the Apple 'Wireless Accessory Configuration' (WAC) protocol

Apple 'Wireless Accessory Configuration' (WAC) research Introduction This repository contains some research on how the WAC protocol works. I was mostl

Bertold Van den Bergh 6 Mar 13, 2022
Feishu/Lark Open API Go Sdk, Support ALL Open API and Event Callback.

lark 中文版 README Feishu/Lark Open API Go Sdk, Support ALL Open API and Event Callback. Created By Code Generation. Install go get github.com/chyroc/lar

chyroc 180 Jun 29, 2022
Go language implementation of a blockchain based on the BDLS BFT protocol. The implementation was adapted from Ethereum and Sperax implementation

BDLS protocol based PoS Blockchain Most functionalities of this client is similar to the Ethereum golang implementation. If you do not find your quest

Yongge Wang 0 Jan 1, 2022
Kelp is a free and open-source trading bot for the Stellar DEX and 100+ centralized exchanges

Kelp Kelp is a free and open-source trading bot for the Stellar universal marketplace and for centralized exchanges such as Binance, Kraken, CoinbaseP

Stellar 897 Jun 20, 2022
Enterprise-Grade Continuous Delivery & DevOps Automation Open Source Platform

CDS: Continuous Delivery Service CDS is an Enterprise-Grade Continuous Delivery & DevOps Automation Platform written in Go(lang). This project is unde

OVHcloud 3.9k Jun 19, 2022
CockroachDB - the open source, cloud-native distributed SQL database.

CockroachDB is a cloud-native SQL database for building global, scalable cloud services that survive disasters. What is CockroachDB? Docs Quickstart C

CockroachDB 25k Jun 23, 2022
TiDB is an open source distributed HTAP database compatible with the MySQL protocol

Slack Channel Twitter: @PingCAP Reddit Mailing list: lists.tidb.io For support, please contact PingCAP What is TiDB? TiDB ("Ti" stands for Titanium) i

PingCAP 31.7k Jun 29, 2022
An open-source graph database

Cayley is an open-source database for Linked Data. It is inspired by the graph database behind Google's Knowledge Graph (formerly Freebase). Documenta

Cayley 14.2k Jun 21, 2022
LiteIDE is a simple, open source, cross-platform Go IDE.

LiteIDE X Introduction LiteIDE is a simple, open source, cross-platform Go IDE. Version: X37.3 (support Go modules) Author: visualfc Features Core fea

null 6.9k Jun 24, 2022
Engo is an open-source 2D game engine written in Go.

Engo A cross-platform game engine written in Go following an interpretation of the Entity Component System paradigm. Engo is currently compilable for

Engo 1.5k Jun 26, 2022
Open source framework for processing, monitoring, and alerting on time series data

Kapacitor Open source framework for processing, monitoring, and alerting on time series data Installation Kapacitor has two binaries: kapacitor – a CL

InfluxData 2.1k Jun 21, 2022
An Open-Source Platform for Quantified Self & IoT

Heedy Note: Heedy is currently in alpha. You can try it out by downloading it from the releases page, but there is no guarantee that future versions w

Heedy 337 Jun 9, 2022
Project Flogo is an open source ecosystem of opinionated event-driven capabilities to simplify building efficient & modern serverless functions, microservices & edge apps.

Project Flogo is an Open Source ecosystem for event-driven apps Ecosystem | Core | Flows | Streams | Flogo Rules | Go Developers | When to use Flogo |

TIBCO Software Inc. 2k Jun 23, 2022