openlane

This repository houses the core server and orchestration elements which are at the heart of the openlane cloud service.

Features

At it's core, this repo is a collection of services built on top of an entity framework which allows us to:

• Model database schemas as graph structures
• Define schemas as programmatic go code
• Execute complex database queries and graph traversals easily
• Extend and customize using templates and code generation utilities
• Type-safe resolvers and GraphQL schema stitching
• Code generated audit / history tables for defined schemas

On top of this powerful core we also have an incredible amount of pluggable, extensible services:

• Authentication: we today support password, OAuth2 / Social login providers (Github, Google), Passkeys as well as standard OIDC Discovery flows
• Multi-factor: built-in 2FA mechanisms, TOTP
• Authorization: extensible and flexible permissions constructs via openFGA based on Google Zanzibar
• Session Management: built-in session management with JWKS key validation, encrypted cookies and sessions
• Robust Middleware: cache control, CORS, Rate Limiting, transaction rollbacks, and more
• Queuing and Scheduling: Task management and scheduling with Marionette
• External Storage Providers: store data in AWS S3, Google GCS, or locally
• External Database Providers: Leverage Turso, or other PostgreSQL / SQLite compatible vendors and libraries
• Data Isolation and Management: Hierarchal organizations and granular permissions controls

Development

Developing against this repo involves a few mandatory tools; please read up on these and familiarize yourself if you're interested in making additions or changes!

1. ent - insane entity mapping tool, definitely not an ORM but kind of an ORM (handles our relational data storage, mappings, codegen processes)
2. atlas - Schema generation and migrations (can be disabled in lieu of migrations on disk)
3. goose - Secondary database migration utility we also use for seeding data
4. gqlgen - Code generation + GraphQL server building from from ent schema definitions
5. gqlgenc - Client building utilities with GraphQL
6. openfga - Flexible authorization/permission engine inspired by Google Zanzibar
7. echo - High performance, extensible, minimalist Go web framework
8. koanf - Configuration management library which parses command line arguments, Go structs + creates our main configuration files

We also leverage many secondary technologies in use, including (but not limited to!):

1. taskfile - So much better than Make zomg
2. redis - in-memory datastore used for sessions, caching
3. databases:
   • postgres
   • libsql
   • sqlite
4. golangci-lint - an annoyingly opinionated linter
5. buildkite - our CI system of choice (with github actions providing some intermediary support)

All of these components are bundled into our respective Docker images; for additional information / instructions, see the contributing guide in this repository. We're constantly adding and changing things, but have tried to list all the great open source tools and projects we rely on; if you see your project (or one you use) in here and wish to list it, feel free to open a PR!

Dependencies

The vast majority of behaviors of the system can be turned on or off by updating the configuration parameters found in config; in some instances, we've made features or integrations with third party systems which are "always on", but we're happy to receive PR's wrapping those dependencies if you are interested in running the software without them!

Installing Dependencies

Setup Taskfile by following the instructions and using one of the various convenient package managers or installation scripts. After installation, you can then simply run task install to load the associated dependencies. Nearly everything in this repository assumes you already have a local golang environment setup so this is not included. Please see the associated documentation.

Updating Configuration Settings

See the README in the config directory.

Deploying

The only "supported" method of deploying today is locally, but we have a WIP Helm chart which can be found here

Contributing

Please read the contributing guide as well as the Developer Certificate of Origin. You will be required to sign all commits to the theopenlane organization, so if you're unfamiliar with how to set that up, see github's documentation.

Licensing

This repository contains core which is open source software under Apache 2.0. Openlane is a product produced from this open source software exclusively by The Open Lane, Inc. This product is produced under our published commercial terms (which are subject to change), and any logos or trademarks in this repository or the broader theopenlane organization are not covered under the Apache License.

Others are allowed to make their own distribution of this software or include this software in other commercial offerings, but cannot use any of the Openlane logos, trademarks, cloud services, etc.

Security

We take the security of our software products and services seriously, including all of the open source code repositories managed through our Github Organizations, such as theopenlane. If you believe you have found a security vulnerability in any of our repositories, please report it to us through coordinated disclosure.

Please do NOT report security vulnerabilities through public github issues, discussions, or pull requests!

Instead, please send an email to security@theopenlane.io with as much information as possible to best help us understand and resolve the issues. See the security policy attached to this repository for more details.

Questions?

You can email us at info@theopenlane.io, open a github issue in this repository, or reach out to matoszz directly.