Self-service Platform Provisioning • Git-native • Async • Extensible
ProvisionHub is an open-source platform provisioning system designed to scaffold and orchestrate application and infrastructure components using Git-native workflows and asynchronous execution.
It enables developers and platform teams to:
- Create systems and services quickly
- Generate infrastructure-ready repositories
- Automate provisioning workflows
- Integrate with GitOps pipelines
- Build internal developer platforms
ProvisionHub is designed to be adaptable, extensible, and environment-agnostic.
- System scaffolding (WIP)
- Component generation (backend, frontend, database, async, etc.) (WIP)
- Git-native repository creation (WIP)
- Asynchronous provisioning (queue + workers) (WIP)
- Execution tracking and logs (WIP)
- Policy-aware workflows (approval / automation) (WIP)
- Optional GitOps integration (ArgoCD) (WIP)
- Template-driven architecture (WIP)
ProvisionHub follows a Control Plane + Worker Plane architecture.
Responsible for:
- Authentication (OIDC / Keycloak)
- System & Component management
- Git provider integration (GitLab)
- Publishing provisioning jobs
- Tracking provisioning runs
Responsible for:
- Executing provisioning jobs
- Rendering templates
- Creating repositories
- Committing & pushing changes
- Updating run status
- PostgreSQL → state & audit
- RabbitMQ → async job processing
- Git provider → source of truth
- Optional GitOps → deployment automation
Logical project container that groups multiple components.
A deployable unit generated from templates (backend, frontend, database, queue, etc.).
Configuration that defines how a system or component should be generated.
Tracks execution of a provisioning request and its steps.
apps/
control-plane/ # Go API
worker/ # Go async worker
web/ # Next.js frontend
catalog/
modules/ # Component definitions
templates/
helm/
kustomize/
docs/
deployments/
- Go 1.22+
- Docker & Docker Compose
- Next.js
docker compose -f deployments/docker-compose.(dev/prod).yaml up -dServices:
- PostgreSQL
- RabbitMQ
- Keycloak (for auth)
cd apps/control-plane
go run ./cmd/servercd apps/worker
go run ./cmd/workerProvisionHub uses OIDC (Keycloak) for authentication.
Flow:
- Login via browser
- Obtain JWT access token
- Call API using
Authorization: Bearer <token>
- User creates a System or Component
- Control plane validates blueprint
- Job published to RabbitMQ
- Worker executes provisioning steps
- Repository generated
- Status & logs updated
- Optional: GitOps deployment
ProvisionHub is designed to be modular.
You can extend:
- New component types
- New templates
- New Git providers
- New provisioning steps
- GitOps integrations
- Cloud provisioning plugins
- Auth (Keycloak)
- System creation
- Component scaffolding
- Git repo generation
- Async provisioning
- Run tracking
- Approval workflows
- GitOps compatibility
- Retry + DLQ
- Policy engine
- Module versioning
- Multi-environment support
- CLI
- Kubernetes Operator
- Plugin system
We welcome contributions.
Steps:
- Fork repository
- Create branch
- Submit PR
See CONTRIBUTING.md for details.
ProvisionHub is licensed under the Apache License 2.0.
ProvisionHub aims to enable adaptive platform engineering — where infrastructure, automation, and developer experience converge into programmable, self-service systems.
Built with adaptability in mind 🦎