StageFreight

The world's a stage, give it a pipeline.

A declarative lifecycle runtime. One .stagefreight.yml drives build → sign → release → publish → retain across GitOps, Kubernetes, Docker, and CI — one Go binary in place of fragile shell-script pipelines. It builds and ships itself.

  • Detect → Plan → Build


    Finds Dockerfiles, resolves tags from git, builds multi-platform images via docker buildx — single command, no glue.

    Builds & Tests →

  • Multi-Registry Push


    Docker Hub, GHCR, GitLab, Quay, Harbor, JFrog, Gitea — with branch/tag routing and digest-preserving promotion.

    Targets →

  • Cross-Forge Releases


    Cut releases on GitLab, GitHub, or Gitea with generated notes, badges, and mirror sync across forges.

    Targets → Release →

  • Security Scanning


    Trivy + Grype vulnerability scans and a Syft SBOM, with detail levels tuned per branch or tag.

    Policy → Security →

  • Retention Policies


    Restic-style additive retention (keep_last / daily / weekly / monthly / yearly) across every registry provider.

    Concepts → Retention →

  • Self-Building


    StageFreight builds StageFreight — the image, the docs, and this very site are produced by its own pipeline.

    Screenshots →

There's a setting for every stage — this is theatre.Browse the full documentation