A web application to centralize the related tools of your projects, a dynamic connection management with security and data collection.

More technical details can be found in the subdirectories ligoj-api and ligoj-ui.

Cross-browser Testing Platform and Open Source <3 Provided by Sauce Labs

                     :8080                    :8081
 Navigateur  ──────>  ligoj-ui  ──────────>  ligoj-api  ──────>  ligoj-db
 (Vue 3 SPA)         Spring Boot             Spring Boot          MySQL 8
                     + fichiers Vue          REST API
                     + proxy REST            + plugins Java

Sans plugin IAM (LDAP/AD), le systeme utilise feature:iam:empty. Les pages Identity affichent les donnees retournees par l'API (qui peuvent etre vides). Les pages Projects et Delegates utilisent les vraies donnees MySQL.

The build is driven by podman compose, a thin wrapper that delegates to an external provider. By default it prefers docker-compose over podman-compose when both are installed — which means installing podman-compose alone is not enough on a machine that already has Docker Compose. Two steps:

# Linux (Fedora/RHEL/Amazon Linux 2023)
sudo dnf install -y podman podman-compose git

# Linux (Debian/Ubuntu)
sudo apt install -y podman python3-pip git && pip install --user podman-compose

# macOS
brew install podman podman-compose git && podman machine init && podman machine start

Use a drop-in file rather than editing containers.conf directly — Podman merges every *.conf it finds under containers.conf.d/, and a drop-in file can declare its own [engine] section without colliding with one already present in your main config (TOML rejects duplicate sections per file):

mkdir -p ~/.config/containers/containers.conf.d
cat > ~/.config/containers/containers.conf.d/ligoj-compose.conf <<'EOF'
[engine]
compose_providers = ["podman-compose"]
compose_warning_logs = false
EOF

compose_warning_logs = false silences the >>>> Executing external compose provider <<<< banner.

If you previously appended [engine] directly to ~/.config/containers/containers.conf and got Key 'engine' has already been defined, remove that appended block (and delete any duplicate [engine] section) before creating the drop-in file above.

which podman-compose                  # → /usr/bin/podman-compose (or similar)
podman compose version | head -n1     # → podman-compose version 1.x.x

If step 3 instead prints Docker Compose version vX.Y.Z (preceded by the delegation banner), step 2 hasn't taken effect — check containers.conf and that podman-compose is on PATH.

Why this matters: delegating to docker-compose triggers the warning "Docker Compose is configured to build using Bake, but buildkit isn't enabled", makes BUILDAH_FORMAT a no-op, and falls back to the legacy Docker builder (Sending build context to Docker daemon ...) instead of buildah.

git clone https://github.com/ligoj/ligoj.git && cd ligoj
podman compose -p ligoj -f compose.yml -f compose-override.yml up -d --build

Then open Ligoj Home in your browser.

For RBAC security, install: plugin-id, plugin-id-ldap, plugin-id-ldap-embedded.

See Wiki page

See each container ligoj-api and ligoj-ui.

Assumes Prerequisites are installed. Clones the repo, sets up a persistent home, then builds and starts the stack:

sudo systemctl enable --now podman.socket   # Linux only, idempotent

git clone https://github.com/ligoj/ligoj.git
cd ligoj

mkdir -p "$(pwd)/.ligoj"
cat > .env <<EOF
LIGOJ_HOME=$(pwd)/.ligoj
PODMAN_USERNS=keep-id
EOF

podman compose -p ligoj -f compose.yml -f compose-override.yml up -d --build
xdg-open http://localhost:8080/ligoj 2>/dev/null || true

AWS_ACCOUNT="$(aws sts get-caller-identity --query "Account" --output text)"
AWS_REGION="$(curl -s http://169.254.169.254/latest/meta-data/placement/availability-zone | sed 's/\(.*\)[a-z]/\1/')"
ECR_REGISTRY=$AWS_ACCOUNT.dkr.ecr.$AWS_REGION.amazonaws.com
docker image tag ligoj/ligoj-api:4.0.0 $ECR_REGISTRY/ligoj/ligoj-api:4.0.0
docker image tag ligoj/ligoj-ui:4.0.0 $ECR_REGISTRY/ligoj/ligoj-ui:4.0.0
aws ecr get-login-password --region $AWS_REGION | docker login --username AWS --password-stdin $ECR_REGISTRY
docker push $ECR_REGISTRY/ligoj/ligoj-api:4.0.0
docker push $ECR_REGISTRY/ligoj/ligoj-ui:4.0.0

Sample .env file:

LIGOJ_HOME=/var/data/ligoj
PODMAN_USERNS=keep-id
LIGOJ_BUILD_PLATFORM=linux/arm64
LIGOJ_TARGET_PLATFORM=linux/arm64
LIGOJ_REGISTRY=nexus.sample.local/
LIGOJ_API_PREPARE_BUILD='export HTTP_PROXY=192.168.0.254:8000 && export HTTPS_PROXY=192.168.0.254:8000'

Minimal prepare-build.sh (HTTP proxy):

export http_proxy=192.168.0.254:8000
export https_proxy=192.168.0.254:8000

A more complete sample — importing private/self-signed CA certificates so Maven trusts an internal mirror — ships as app-api/prepare-build-sample.sh and app-ui/prepare-build-sample.sh. Copy the file to prepare-build.sh to activate it.

The build context sent to the Docker builder is app-api/ / app-ui/ — the repo's .git/ directory lives at the parent and is therefore invisible to the builder. Without help, buildnumber-maven-plugin warns and falls back to buildNumber=0 / scmBranch=UNKNOWN_BRANCH.

Capture the values on the host and pass them through as build args:

export GIT_COMMIT=$(git rev-parse HEAD)
export GIT_BRANCH=$(git rev-parse --abbrev-ref HEAD)
export GIT_COMMIT_TIME=$(git log -1 --format=%cI)

podman compose -p ligoj -f compose.yml -f compose-override.yml build

compose.yml interpolates these into build.args, both Dockerfiles forward them to Maven as -DbuildNumber=… -DscmBranch=… -Dtimestamp=…, and a profile in each module's pom.xml activates on the presence of -DbuildNumber=, suppressing the SCM lookup the plugin would otherwise attempt (this is what silences the Cannot get the revision information from the scm repository warning).

Local Maven builds (mvn package without -DbuildNumber=…) are unaffected — the plugin still reads the real .git on disk.

With Docker compose, the Ligoj home directory is persistent and contains:

• plugin installations
• container logs
• database data

mkdir -p "$(pwd)/.ligoj"
cat > .env <<EOF
LIGOJ_HOME=$(pwd)/.ligoj
PODMAN_USERNS=keep-id
EOF

compose.yml defines only the api and ui services. The database is picked by layering exactly one of these override files on top:

Running podman compose -p ligoj up -d without an override file fails on purpose — the DB choice is always explicit. To auto-load the PG override instead, rename compose-override.yml to compose.override.yml (the dot form is picked up automatically by Compose).

To avoid repeating the long flag list, define a small alias for your session:

# Tell buildah to emit Docker-format images (OCI is the buildah default and not
# accepted by every downstream registry). No-op if podman delegates to docker.
export BUILDAH_FORMAT=docker

# Pick ONE of these:
alias lc='podman compose -p ligoj -f compose.yml -f compose-override.yml'  # PostgreSQL
alias lc='podman compose -p ligoj -f compose.yml -f compose-mysql.yml'     # MySQL

lc build     # build the images
lc up -d     # start the stack
lc logs -f   # tail the logs
lc down      # stop the stack

Each override file uses its own bind-mount directory (see the table above), so the two databases coexist on disk and swapping back and forth is non-destructive. The schema is created automatically by Hibernate (-Djpa.hbm2ddl=update) on first start, so expect a longer first boot.

To start from a clean slate, wipe the matching directory:

rm -rf "${LIGOJ_HOME:-./.ligoj}/postgres"   # or .../mysql

API is only available from a valid session.

• Swagger UI page
• WADL

Ligoj is massively based on plugin management.

All plugins are deployed in Maven central

To build and deploy a plugin, more information is available in the plugin-api repository.

Ligoj comes with a modular approach. For custom UI, the solutions are:

• Rebuild plugin-ui, with specific assets, and deploy this plugin in a custom Maven repository, or upload it with /system/plugin/{artifact}/{version} API
• Create your own plugin plugin-ui-company, with your specific assets: overrides and additions. Then install this plugin as the above solution
• Copy you specific assets in the Ligoj home directory such as /home/ligoj/META-INF/resources/webjars, $(pwd)/.ligoj/META-INF/resources/webjars, depending on your runtime. For a sample:

  # With Ligoj CLI
  ligoj configuration set --id "ligoj.file.path" --value "^/home/ligoj/META-INF/resources/webjars/.*,^/home/ligoj/statics/themes/.*"
  ligoj file put --from /path/to/icon.png  --path "/home/ligoj/META-INF/resources/webjars/home/img/logo.png"
  
  # With local access of Ligoj home folder
  mkdir -p "${LIGOJ_HOME}/META-INF/resources/webjars/home/img" && cp /path/to/icon.png "$_/logo.png"

SBOM content is exposed thanks to Spring Actuator at this endpoint http://localhost:8080/ligoj/manage/sbom