README
¶
JumpGate
Lightweight, GitOps-driven Micro-PaaS for solo developers.
JumpGate is a single Go binary that turns any VPS into a Heroku-like deployment platform. Push to Git — JumpGate builds, deploys, and routes traffic with zero-downtime blue/green cutovers. No web dashboard, no Kubernetes, no bloat.
Architecture
┌─────────────┐
git push ─────────→│ GitHub/GitLab │
└──────┬──────┘
│ webhook (HMAC)
┌──────▼──────┐
│ JumpGate │
│ Daemon │
│ (Go binary) │
└──┬───┬───┬──┘
│ │ │
┌─────────┘ │ └──────────┐
▼ ▼ ▼
┌──────────┐ ┌──────────┐ ┌──────────┐
│ Docker │ │ SQLite │ │ Traefik │
│ Engine │ │ (state) │ │ (proxy) │
└──────────┘ └──────────┘ └─────┬────┘
│
┌─────────────────┘
▼
┌──────────────────┐
│ Your App │
│ Container(s) │
│ :80 / :443 │
└──────────────────┘
How It Works
- You push code to GitHub/GitLab
- JumpGate receives the webhook (HMAC-verified, rate-limited)
- Clones the repo at the specific commit hash into an isolated temp directory
- Parses
jumpgate.toml— your app's deployment manifest - Builds the Docker image, streaming logs to SQLite
- Starts the new container with Traefik routing labels
- Health-checks the new container (TCP port or HTTP endpoint)
- Cuts over — marks new as Running, stops old container (blue/green)
- Cleans up — old images pruned hourly
Quickstart
Prerequisites
- A Linux VPS (Ubuntu 22.04+ recommended)
- Docker Engine installed
- A domain pointed to your VPS
- Go 1.22+ (to build from source)
1. Install JumpGate
# One-line installer (Linux/macOS)
curl -sL https://github.com/VemorPhose/JumpGate/releases/latest/download/install.sh | bash
# Or build from source
git clone https://github.com/VemorPhose/JumpGate.git
cd JumpGate
go build -o jumpgate ./cmd/jumpgate/
sudo mv jumpgate /usr/local/bin/
2. Start Traefik (Ingress)
docker compose -f infra/docker-compose.traefik.yml up -d
Set the Let's Encrypt email:
export ACME_EMAIL="you@example.com"
3. Set Your Webhook Secret
export JUMPGATE_WEBHOOK_SECRET=$(openssl rand -hex 32)
4. Start JumpGate
jumpgate server
5. Add jumpgate.toml to Your Repo
# jumpgate.toml
name = "my-api"
domain = "api.yourdomain.com"
port = 8080
build_args = ["NODE_ENV=production"]
health_check_path = "/healthz"
env_vars = ["DATABASE_URL=postgres://..."]
6. Add a Webhook
-
GitHub: Settings → Webhooks → Add webhook
- Payload URL:
http://<your-server>:9000/webhook - Content type:
application/json - Secret: same as
JUMPGATE_WEBHOOK_SECRET
- Payload URL:
-
GitLab: Settings → Webhooks → Add webhook
- URL:
http://<your-server>:9000/webhook - Secret Token: same as
JUMPGATE_WEBHOOK_SECRET
- URL:
7. Deploy!
git push origin main
Watch the logs:
jumpgate logs my-api
CLI Reference
jumpgate server Start the JumpGate daemon
jumpgate logs <app> Stream build logs for an application
jumpgate status <app> Show deployment status for an application
jumpgate env <app> Show environment info for an application
jumpgate rollback <app> Roll back to the previous deployment
jumpgate help Show this help
jumpgate.toml Reference
| Field | Type | Required | Default | Description |
|---|---|---|---|---|
name |
string | ✅ Yes | — | Unique app identifier (e.g., "api-service") |
domain |
string | ✅ Yes | — | Public domain Traefik routes to this app |
port |
int | ✅ Yes | — | Container port the application listens on |
build_args |
string[] | No | [] |
KEY=VALUE pairs passed to docker build --build-arg |
health_check_path |
string | No | "" |
HTTP path for health check (empty = TCP port check) |
env_vars |
string[] | No | [] |
KEY=VALUE environment variables injected into the container |
dockerfile |
string | No | "Dockerfile" |
Relative path to the Dockerfile |
Examples
Minimal Node.js app:
name = "web"
domain = "app.example.com"
port = 3000
Python API with health check and env vars:
name = "api"
domain = "api.example.com"
port = 8000
health_check_path = "/health"
env_vars = [
"DATABASE_URL=postgres://user:pass@host/db",
"LOG_LEVEL=info",
"SECRET_KEY=${SECRET_KEY}"
]
Custom Dockerfile with build args:
name = "go-service"
domain = "go.example.com"
port = 9090
dockerfile = "Dockerfile.prod"
build_args = ["GO_VERSION=1.22", "CGO_ENABLED=0"]
Environment Variables
| Variable | Required | Default | Description |
|---|---|---|---|
JUMPGATE_WEBHOOK_SECRET |
✅ Yes | — | HMAC secret for webhook validation (min 16 chars) |
JUMPGATE_WEBHOOK_PORT |
No | 9000 |
TCP port for the webhook HTTP server |
JUMPGATE_DATA_DIR |
No | /var/lib/jumpgate |
Directory for the SQLite database |
JUMPGATE_BUILD_DIR |
No | /tmp/jumpgate-builds |
Directory for temporary git clones |
JUMPGATE_TRAEFIK_NETWORK |
No | jumpgate |
Docker network name for Traefik + app containers |
JUMPGATE_HEALTHCHECK_TIMEOUT |
No | 5m |
Max time to wait for container health (Go duration) |
JUMPGATE_BUILD_TIMEOUT |
No | 30m |
Max time for a single Docker build (Go duration) |
JUMPGATE_SOCKET_PATH |
No | /var/run/jumpgate.sock |
Unix socket for CLI communication |
JUMPGATE_DOCKER_SOCKET |
No | unix:///var/run/docker.sock |
Docker daemon socket path |
Deployment Lifecycle
Each deployment goes through these states:
Pending → Building → Running (success)
→ Failed (build/health/cutover failure)
Running → Stopped (cutover to new deployment)
- Pending: Deployment record created, waiting to enter the build queue
- Building: Docker image is being built; logs streamed to SQLite
- Running: Container is live, healthy, and receiving traffic
- Failed: Build, health check, or cutover failed; previous deployment untouched
- Stopped: Previous deployment was replaced by a newer one
Production Hardening
JumpGate includes several production-grade safety features:
- HMAC Signature Verification: All webhooks are cryptographically verified (SHA-256 for GitHub, token for GitLab)
- IP Rate Limiting: 5 req/s per IP with burst of 10; returns 429 on excess
- Deployment Debouncing: Duplicate commits are silently skipped while already building
- Health Check Timeout: Configurable timeout (default 5 min); unhealthy containers are killed, old deployment stays live
- Graceful Shutdown: SIGTERM → drain queue → stop Docker ops → close SQLite
- Image Pruning: Hourly garbage collection removes dangling images
- Isolated Builds: Each build clones to
/tmp/jumpgate-builds/{hash}/— never reused - Single Worker Queue: Sequential Docker builds prevent OOM from concurrent operations
vs. Alternatives
| JumpGate | Coolify | Dokploy | Dokku | CapRover | |
|---|---|---|---|---|---|
| Binary size | ~15 MB | 2 GB+ | 500 MB+ | ~20 MB | 500 MB+ |
| Idle RAM | ~15 MB | 2 GB+ | ~300 MB | ~50 MB | ~300 MB |
| Language | Go (single binary) | PHP/Laravel | Next.js/Node | Bash/Go | Node.js |
| Config | jumpgate.toml (GitOps) |
Web UI (ClickOps) | Web UI | CLI + files | Web UI |
| Database | Embedded SQLite | PostgreSQL | PostgreSQL | None | MongoDB |
| Web dashboard | None (by design) | Yes | Yes | None | Yes |
| Blue/green | ✅ | ✅ | ❌ | ✅ | ❌ |
Development
# Run tests
go test ./internal/...
# Build
go build -o jumpgate ./cmd/jumpgate/
# Run (requires Docker)
JUMPGATE_WEBHOOK_SECRET=test-secret-1234567890 jumpgate server
License
MIT — see LICENSE for details.
Directories
¶
| Path | Synopsis |
|---|---|
|
cmd
|
|
|
jumpgate
command
JumpGate is a lightweight, GitOps-driven Micro-PaaS daemon.
|
JumpGate is a lightweight, GitOps-driven Micro-PaaS daemon. |
|
jumpgate-e2e
command
Package main provides an end-to-end test binary for JumpGate.
|
Package main provides an end-to-end test binary for JumpGate. |
|
internal
|
|
|
bootstrap
Package bootstrap wires all JumpGate modules together and manages the daemon lifecycle — startup, running, crash recovery, and graceful shutdown.
|
Package bootstrap wires all JumpGate modules together and manages the daemon lifecycle — startup, running, crash recovery, and graceful shutdown. |
|
cli
Package cli provides a Unix-domain-socket-based command server that enables `jumpgate logs`, `jumpgate status`, and other CLI subcommands to communicate with the running JumpGate daemon without adding any web dashboard or REST API overhead.
|
Package cli provides a Unix-domain-socket-based command server that enables `jumpgate logs`, `jumpgate status`, and other CLI subcommands to communicate with the running JumpGate daemon without adding any web dashboard or REST API overhead. |
|
config
Package config provides server-side configuration loaded from environment variables and per-application manifests parsed from jumpgate.toml files.
|
Package config provides server-side configuration loaded from environment variables and per-application manifests parsed from jumpgate.toml files. |
|
deploy
Package deploy provides the deployment pipeline orchestrator — the central "brain" of JumpGate that wires together git clone → manifest parse → Docker build → container run → status tracking.
|
Package deploy provides the deployment pipeline orchestrator — the central "brain" of JumpGate that wires together git clone → manifest parse → Docker build → container run → status tracking. |
|
docker
Package docker provides a Go wrapper around the Docker Engine API for building images, running containers, health-checking, and garbage collection.
|
Package docker provides a Go wrapper around the Docker Engine API for building images, running containers, health-checking, and garbage collection. |
|
git
Package git provides repository cloning operations for JumpGate builds.
|
Package git provides repository cloning operations for JumpGate builds. |
|
ingress
Package ingress generates Traefik routing labels for JumpGate-managed containers, encapsulating the Traefik configuration contract.
|
Package ingress generates Traefik routing labels for JumpGate-managed containers, encapsulating the Traefik configuration contract. |
|
logging
Package logging provides structured, leveled logging for the JumpGate daemon using Go's standard library log/slog package.
|
Package logging provides structured, leveled logging for the JumpGate daemon using Go's standard library log/slog package. |
Click to show internal directories.
Click to hide internal directories.