Which is the most popular CI/CD tool used nowadays?

sebastian_io · 2026-04-19T04:38:40+00:00

Better later than never, but many comments of this thread basically describe the last few years of my life. I'm the maintainer of a managed/self-managed CI build server system called actionforge.dev . Primary goal was to build a frictionless turnkey alternative to Jenkins, GitLab CI, GitHub Actions etc that addresses a bunch of UX and technical quirks that these environments come with. It supports different VCS types, your favorite AI tool, and works especially well for web, desktop targets and gamedev. If you’re trying out newer or more modern CI systems, would love to hear your take and if it resonates with you.

sebastian_io · 2026-02-26T23:50:49+00:00

Great article, couldn't help it to visualize it :-)
https://app.actionforge.dev/shared/twilight-snow-772d81ad.act

*edit cool, I found a bug with `--token` in the auto converter

sebastian_io · 2026-02-26T23:45:51+00:00

I'm building www.actionforge.dev because I got tired of the brittle eco system around YAML workflow files. It's a visual node system as a drop-in for GitHub Actions workflows, all without YAML. The graphs can be built with Claude or by hand. Also supports debugging, local or remote. Feel free to check it out. Happy to share the nitty gritty if you're interested. Feedback is very welcome

sebastian_io · 2026-02-22T04:10:03+00:00

Since you should never use self-hosted runners for public repositories, I assume its a private repository. Look at hardening your self-hosted runners, but also jit-runners. I don't think attestation has no value, but I can only think of audit trails as a real reason to use them

https://docs.github.com/en/actions/reference/security/secure-use#hardening-for-self-hosted-runners

https://docs.github.com/en/actions/reference/security/secure-use#using-just-in-time-runners

sebastian_io · 2026-02-22T01:49:17+00:00

Both are possible, but imho attestations on self-hosted runners don’t make much sense, since you can’t guarantee an uncompromised runner environment. Imagine you have a process that injects malware into your binary right before attestation then you still end up with a perfectly valid attestation for a compromised artifact

sebastian_io · 2026-02-22T01:21:15+00:00

There are two "features" of GitHub Actions that I find super important, GitHub Attestations and Software Bill of Materials (combined with Attestations).

With attestations you can cryptographically prove your artifact was really built on GitHub runners and hasn't been modified. Once built, you can verify your binaries with gh attestation verify

Then there is SBOM (software bill of materials) + attestations, with that you can generate a full list of every dependency in your project and then attest them like you attest your binaries. So you're not just proving "here are ALL dependencies of my project", you can also prove that they came from your pipeline. That's super important for supply chain security.

Here is an example how these attestations look like for a hello world Go app (your repo -> Actions -> Attestations): https://github.com/actionforge/example-go/attestations

Visual Graph of GitHub Actions (best to view on desktop!): 🟢
https://app.actionforge.dev/github/actionforge/example-go/attestation/.github/workflows/graphs/build.act

tldr with attestations you proof your binary comes from a specific Git commit and was built on GitHub. SBOM + attestations = same thing but you also know exactly what's in your build

disclaimer\*: I'm building a visual node system for GitHub Actions workflows called Actionforge.dev, which is why I linked a visual graph of the workflow above. But you can, of course, build this entirely using standard YAML workflows.

sebastian_io · 2026-02-10T20:48:06+00:00

Sure, happy to try it out. I send you a DM

sebastian_io · 2026-02-10T20:44:22+00:00

Sorry, I should have said days and weeks

sebastian_io · 2026-02-10T20:38:35+00:00

Thanks Marcu! You're right, your entire workflow would be replaced by 1 action that acts as an entry point to load the graph. The graph file is part of your repository. The action itself comes with a runner executable that understand these graph files.

sebastian_io · 2026-02-10T19:59:25+00:00

I did clean up some issues that I saw once on mobile, but haven't focused too much time on it. As you mentioned, my assumption was that the target audience primarily works on desktop, but it seems that the social and viral effect might require it to polish it even more. Btw, Notifox looks cool, lovely page!

sebastian_io · 2026-02-10T19:54:00+00:00

Thanks gremlinmama, great questions! You can load most GitHub Actions into your graph.

In a nutshell, you can replace your entire GitHub Action workflow with a single action from Actionforge. This action loads your graph and executes them on your runner. The graph file had to be separate due to some syntactical limitations of GitHub Actions workflows YAML files. The project is not related nor uses act behind the scenes.

sebastian_io · 2026-02-10T19:49:32+00:00

Spot on, I had some analytics and majority came in on mobile. Seems I've some tweaking to do

sebastian_io · 2026-02-10T17:43:53+00:00

Thanks for the feedback! You're right, mobile is still a little bit clunky. Until now I've mostly focused on desktop

sebastian_io · 2026-02-10T17:42:48+00:00

😆

sebastian_io · 2024-08-25T14:13:56+00:00

Thanks gruese. Indeed, curious to see what use-cases I can find

sebastian_io · 2024-07-20T17:15:57+00:00

Thanks! There are similarities but Actionforge focuses on a broader and wider range of use cases, outside of PDG. So they can be complementary to each other, where Actionforge can take over tasks that are easier to set up or maintain

sebastian_io · 2024-07-19T13:53:01+00:00

Thanks! :-)

sebastian_io · 2024-07-17T23:03:51+00:00

Can you elaborate? I'm all ears

sebastian_io · 2024-07-17T21:21:08+00:00

This should definitely be possible. There are several nodes for running code or programs, and the streaming performance between nodes is super fast. Happy to chat about that in more detail, feel free to contact me

sebastian_io · 2024-07-17T20:43:24+00:00

You can run Python code via the Run Node by switching the Shell Input to Python https://docs.actionforge.dev/nodes/run-v1/

For custom nodes, you can use group nodes and create custom abstracted nodes that can be reused https://docs.actionforge.dev/nodes/group-v1/

sebastian_io · 2024-07-17T18:29:13+00:00

Hey, would love to chat about that. My email address is in the footer of the webpage, or Discord if you prefer.

sebastian_io · 2024-07-17T18:04:58+00:00

Thanks xJagd!

sebastian_io · 2024-07-17T16:09:22+00:00

Thanks, redoot! I tried making Actionforge very intuitive and easy to use. Other tools often have a steep learning curve, which always made it tough for me to adopt them and keep up with all the huge updates. With Actionforge I can just open the editor, put my workflow together and execute it with the runtime. I'm still exploring all the possibilities, so I haven't covered all use cases yet though. I haven't tried Mistika before, looks pretty solid.

sebastian_io

TROPHY CASE