Harness Open Source

A unified open source DevOps platform combining Git hosting, CI/CD pipelines, cloud development environments, and artifact registries in a single self-hosted system.

37.1Kstars
3.3Kforks
Apache License 2.0
Go

Harness Open Source is a comprehensive developer platform that brings together source code management, automated CI/CD pipelines, hosted development environments (Gitspaces), and artifact registries under one roof. Built in Go and TypeScript, it is designed for engineering teams that want to eliminate tool sprawl and run their entire software delivery lifecycle on infrastructure they control.

Originating as the next generation of Drone CI, Harness expands well beyond continuous integration. It adds full Git repository hosting with pull requests, branch rules, code owners, and webhooks — giving teams a GitHub-like experience on their own servers. The CI/CD engine executes pipeline stages inside Docker containers using a YAML-based configuration format, with support for reusable templates and multi-platform language presets out of the box.

Gitspaces provide on-demand, containerized development environments that spin up pre-configured workspaces directly tied to repository branches. Developers connect their preferred IDE and get a reproducible environment without any local setup. The Artifact Registry completes the platform by offering a place to store, proxy, and govern Docker images, Helm charts, and other build artifacts — including controls over upstream open source dependencies.

Harness is deployable with a single Docker command and stores all data in SQLite by default, making it accessible to small teams while also providing the hooks needed for larger deployments through its modular Go architecture, Google Wire dependency injection, and Protocol Buffers-based internal APIs.

What You Get

  • Git Repository Hosting - Full-featured source control with pull requests, protected branches, code owners, webhooks, tag rules, Git LFS support, and a Markdown-rendering web UI that mirrors the GitHub experience on your own infrastructure.
  • YAML-Based CI/CD Pipelines - Docker-native pipeline execution with reusable templates, multi-language presets (Go, Java, Node, Rust, Android, Docker), and a converter tool that imports existing pipelines from GitHub Actions, CircleCI, and other providers.
  • Gitspaces (Cloud Dev Environments) - On-demand, containerized workspaces pre-configured from devcontainer specs; developers connect via VS Code or JetBrains IDEs and get a reproducible environment tied directly to a repository branch.
  • Artifact Registry - Centralized storage for Docker images, Helm charts, and other package types with proxy support for upstream public registries, enabling teams to audit and control all external dependencies.
  • One-Click Provider Migration - Import repositories, CI configuration, and pipeline definitions from GitHub, GitLab, Bitbucket, CircleCI, and Drone in a single operation, including automated pipeline format conversion.
  • REST API and CLI - A Swagger-documented REST API (OpenAPI spec served at /openapi.yaml) and a lightweight CLI (gitness) for token generation, user authentication, and server administration without the web UI.

Common Use Cases

  • Consolidating a fragmented DevOps toolchain - A platform team running separate tools for Git hosting, CI, secrets, and artifact storage replaces them with a single Harness instance, reducing operational overhead and giving developers one place for the full development workflow.
  • Standardizing development environments across a distributed team - An engineering manager uses Gitspaces to provision identical devcontainer-based workspaces for all contributors, eliminating onboarding friction and environment-related bug reports.
  • Migrating from Drone CI to a full DevOps platform - A company already running Drone uses the built-in migration tooling to carry their pipeline definitions into Harness, then incrementally adopts the code hosting and artifact registry features without disrupting existing workflows.
  • Proxying and auditing open source dependencies - A security-conscious team routes all Docker image pulls through the Harness Artifact Registry, gaining a single audit trail for upstream dependencies and the ability to block specific image versions.
  • Running air-gapped DevOps for regulated industries - A compliance team in a financial or government environment deploys Harness on-premise with no external connectivity, using SQLite for the database and the local filesystem for artifact storage.
  • Self-hosting GitHub alternative with enterprise-grade PR workflows - A startup that wants code review workflows, branch protections, and CI without paying for SaaS runs Harness as their primary collaboration tool from a single Docker container.

Under The Hood

Architecture Harness is structured as a layered monolith with clear internal boundaries: HTTP handlers route requests to controllers, controllers coordinate domain logic through service interfaces, and services interact with storage abstractions that are fully swappable. Google Wire drives compile-time dependency injection throughout, ensuring every component declares its dependencies explicitly via provider functions rather than relying on global state. This design makes the codebase highly testable — mock implementations are straightforward to substitute — and has allowed the team to integrate fundamentally different subsystems (SCM, CI, Gitspaces, Registry) while keeping coupling low. Data flows unidirectionally from request parsing through validation, business logic, persistence, and response serialization, with event-driven side channels (via an internal pubsub system and SSE endpoints) handling async operations like pipeline progress and Gitspace lifecycle events.

Tech Stack The backend is written in Go with a modular command structure under cmd/gitness, using Squirrel for SQL query building against SQLite (the default embedded database) with dbmate handling versioned schema migrations. Internal service boundaries use Protocol Buffers and gRPC contracts, while external REST APIs are defined via OpenAPI specifications with generated Go handler stubs. The web frontend is a React-based single-page application using Harness’s own @harnessio/uicore design system and CodeMirror for in-browser code editing, built with Yarn and embedded directly into the Go binary at compile time. Pipeline execution delegates to Docker through a negotiated API version connection, and multi-stage Docker builds with Alpine Linux produce minimal, cross-architecture production images via Go’s cross-compilation support. Cloud storage drivers (GCS, S3) are available for the artifact registry’s blob layer.

Code Quality The repository contains an extensive test suite with over 240 Go test files spanning unit and integration layers, complemented by Cypress end-to-end tests in the web frontend and shell-script-based OCI registry conformance tests. Go interfaces are used pervasively as seams for testing, and the project enforces consistent code style through golangci-lint, goimports, and gci import sorting — all checked in a make check target. Error handling uses structured custom error types throughout the service and controller layers, though some HTTP handlers propagate generic error codes rather than fine-grained API errors. TypeScript in the frontend benefits from strict compiler settings. A CONTRIBUTING.md, git hooks for pre-commit checks, and a .gitmessage template round out the developer experience tooling.

What Makes It Unique Harness is one of very few open source projects that genuinely integrates the full SDLC — code, build, deploy, and development environment — in a single deployable binary with no external dependencies beyond Docker. The Gitspace system is architecturally distinctive: it ties ephemeral container provisioning directly to repository branches and user sessions through an event-driven orchestrator, so environments are created and destroyed as lifecycle events rather than as long-lived infrastructure. The migration subsystem ships a format-conversion layer for pipeline DSLs (Drone YAML → Harness YAML, GitHub Actions → Harness YAML) that lowers the switching cost meaningfully compared to manual rewrites. The artifact registry is built on the OCI Distribution Specification with a pluggable storage driver interface, giving teams flexibility from local filesystem to GCS or S3 without changing application code.

Self-Hosting

Harness Open Source is released under the Apache License 2.0, a permissive open source license with no copyleft requirements. You are free to use it commercially, modify the source, distribute modified versions, and embed it in proprietary systems without releasing your own changes. The only obligation is to include the original license notice and the NOTICE file in distributions. This makes it a straightforward choice for both internal platform teams and product companies building on top of it.

Running Harness yourself means you are responsible for the full operational stack. A minimal single-node deployment requires only Docker and a bind-mounted volume for persistent storage — the embedded SQLite database and local filesystem artifact storage require no external services. However, production workloads benefit from treating the database and artifact storage separately from the container, planning for backup schedules, and sizing the host for concurrent pipeline execution. Gitspaces add Docker container management to the operational surface, as each development environment runs as a container on the same host or a connected Docker daemon. Upgrades are performed by pulling a new image, which applies database migrations automatically on startup. There is no built-in high-availability mode in the open source edition.

The managed Harness SaaS platform (harness.io) adds capabilities that are absent from the open source edition: enterprise-grade SSO and RBAC, secrets management integrations, SLA-backed support, multi-cluster pipeline execution, advanced deployment strategies (canary, blue-green), feature flags, cloud cost management, and security testing orchestration. Teams self-hosting the open source version trade those features and operational hand-holding for full data sovereignty, no per-seat pricing, and the freedom to extend the platform. For small-to-medium engineering teams comfortable with Docker operations, the open source edition delivers substantial value without the managed service overhead.

Join founders buildingwith open source

Opinionated takes, migration guides, cost-saving tips, and insights from the open source ecosystem.

Subscribe on Substack

No spam. Unsubscribe anytime.

Join 750+ subscribers
No spam. Unsubscribe anytime.

Search