Skip to content

Latest commit

 

History

History
150 lines (104 loc) · 4.94 KB

README.md

File metadata and controls

150 lines (104 loc) · 4.94 KB

Documentation en Français

UTDON (UpToDateOrNot??) - [Translated by deepl.com]

Are your FOSS (Free and open-source software) applications in production up to date?

Introducing

UTDON was born from a shell that compares :

  • the version of an application currently running (production)
  • to the latest available version (GITHUB or Gitea-compatible repository).

As we only have applications whose source repository is located on "GitHub" or "CodeBerg", UTDON currently only works with GitHub and "Gitea " compatible repositories.

dashboard

Use cases

  • Monitoring by UI.
  • Monitoring by API call.
  • Monitoring by API call and update of a monitoring service (ping type).
  • API call to the CI/CD chain to trigger the application update process.
  • Monitoring applications that don't offer an API entry point for versioning.
  • Authentication possible for Github, Gitea-compatible repositories and applications (sometimes required to obtain version).

UTDON Versioning

UDON follows the "semver" protocol (https://semver.org/), accessible via the "/api/v1/version" entrypoint, which returns a value in JSON format: {"version":"[\d+].[\d+].[\d+]} (3 groups of numbers separated by a dot).

GitHub "tags" and container "tags" will remain similar to this response.

Release Candidates will be defined as follows: "[\d+].[\d+].[\d+]-rc-[\d+]".

How does it work?

Flow

graph TD
ag(api tags github)

s(server)
ps(production server)
pr(production release)
lr(last release)
cp(compare)
res(result as JSON)
mps(monitoring ping service)
cicd(CI/CD)
s-->|call|ag
ag-->|apply expression and get|lr
s-->|call|ps
ps-->|apply expression and get|pr
cp-->lr
cp-->pr
s-->cp
cp-->|give|res
res-->|update internal state|s
s-->|update|mps
s-->|call|cicd
Loading

Logs

Stack

  • Nodejs
  • React/Redux
  • JSON databases: located in RAM, replacing files during execution has no effect. Database contents are saved after each modification and when the service receives the SGINT | SIGTERM | SIGUSR2 signal.
  • RegExp and Jmespath filters for Json.
  • Swagger.

Security

Never expose UTDON directly to the Internet (use a VPN if necessary). UTDON is an internal, self-hosted tool that performs actions on your private resources (Monitoring/CI-CD).

Refuse all SAAS hosting: This product has not been designed to be multi-tenant, and is not protected by an E2E solution. Authentication data is encrypted using a string that would be supplied by the potential host and therefore decipherable by it. Understand that UTDON "controls" contain the url of the service to be monitored, and potentially access to your CI/CD chain and/or monitoring service.

Encryption

The contents of both databases are partially encrypted:

  • user.json: Administrator password (non-reversible) and authentication token (reversible)
  • database.json:
    • Authentication strings for monitoring urls and CI/CD chain (reversible).
    • HTTP header associated with the production scrap process
  • globalGithubToken: global Github authentication token (reversible)

If you've lost the admin password

Stop the service, delete the "user.json" file, then restart. Then log in with the default account/password: admin/admin, then change it immediately.

Session

Sessions are managed in RAM, so a simple service restart resets all sessions.

Logs

Logs are kept to a minimum to avoid unnecessary storage:

  • User login
  • User logout
  • Add control
  • Deleting a control
  • Control modification
  • Run comparison
  • Call last comparison
  • Execute external ping call (external monitoring)
  • Execute external call to CI/CD chain

Roadmap

  • Add one "readonly" token per user for use from a CI/CD chain.
  • S3 storage.
  • Entrypoint API metrics.
  • LDAP authentication.

Credits

If you like this application

Give it a star...