Are your FOSS (Free and open-source software) applications in production up to date?
UTDON was born from a shell that compares :
- the version of an application currently running (production)
- to the latest available version (GITHUB or Gitea-compatible repository).
As we only have applications whose source repository is located on "GitHub" or "CodeBerg", UTDON currently only works with GitHub and "Gitea " compatible repositories.
- Monitoring by UI.
- Monitoring by API call.
- Monitoring by API call and update of a monitoring service (ping type).
- API call to the CI/CD chain to trigger the application update process.
- Monitoring applications that don't offer an API entry point for versioning.
- Authentication possible for Github, Gitea-compatible repositories and applications (sometimes required to obtain version).
UDON follows the "semver" protocol (https://semver.org/), accessible via the "/api/v1/version" entrypoint, which returns a value in JSON format: {"version":"[\d+].[\d+].[\d+]} (3 groups of numbers separated by a dot).
GitHub "tags" and container "tags" will remain similar to this response.
Release Candidates will be defined as follows: "[\d+].[\d+].[\d+]-rc-[\d+]".
- Install the service & start it up
- Use your web browser to connect to the service:
- http://[IP address]:[port]/
- default login/password: admin/admin
- Change the password.
- Create users & groups
- Create the first "control" (which may be your new UTDON service... to check that everything is working)
- You run the comparison.
- Each control indicates its last "comparison" status.
- To automate the process, create a cron job with "curl" that calls the entrypoint of your choice:
- comparison only: the state is updated at application level
- comparison with the monitoring service update, and you'll be notified of any discrepancies.
graph TD
ag(api tags github)
s(server)
ps(production server)
pr(production release)
lr(last release)
cp(compare)
res(result as JSON)
mps(monitoring ping service)
cicd(CI/CD)
s-->|call|ag
ag-->|apply expression and get|lr
s-->|call|ps
ps-->|apply expression and get|pr
cp-->lr
cp-->pr
s-->cp
cp-->|give|res
res-->|update internal state|s
s-->|update|mps
s-->|call|cicd
- Nodejs
- React/Redux
- JSON databases: located in RAM, replacing files during execution has no effect. Database contents are saved after each modification and when the service receives the SGINT | SIGTERM | SIGUSR2 signal.
- RegExp and Jmespath filters for Json.
- Swagger.
Never expose UTDON directly to the Internet (use a VPN if necessary). UTDON is an internal, self-hosted tool that performs actions on your private resources (Monitoring/CI-CD).
Refuse all SAAS hosting: This product has not been designed to be multi-tenant, and is not protected by an E2E solution. Authentication data is encrypted using a string that would be supplied by the potential host and therefore decipherable by it. Understand that UTDON "controls" contain the url of the service to be monitored, and potentially access to your CI/CD chain and/or monitoring service.
The contents of both databases are partially encrypted:
- user.json: Administrator password (non-reversible) and authentication token (reversible)
- database.json:
- Authentication strings for monitoring urls and CI/CD chain (reversible).
- HTTP header associated with the production scrap process
- globalGithubToken: global Github authentication token (reversible)
Stop the service, delete the "user.json" file, then restart. Then log in with the default account/password: admin/admin, then change it immediately.
Sessions are managed in RAM, so a simple service restart resets all sessions.
Logs are kept to a minimum to avoid unnecessary storage:
- User login
- User logout
- Add control
- Deleting a control
- Control modification
- Run comparison
- Call last comparison
- Execute external ping call (external monitoring)
- Execute external call to CI/CD chain
- Add one "readonly" token per user for use from a CI/CD chain.
- S3 storage.
- Entrypoint API metrics.
- LDAP authentication.
-
login page image: generated by AI https://www.artguru.ai/fr/
-
Icons: https://tabler.io/icons
-
Radioactive button: https://zurb.com/playground/radioactive-buttons
-
Multiselect component https://github.com/hc-oss/react-multi-select-component?tab=readme-ov-file
-
LoaderShip: https://www.loadership.com/
Give it a star...