Skip to content
Jason on Twitter Jason on GitHub

Introducing, Tuki!

Tuki is a small, open-source, GitOps-style utility for safely running one-off commands in your production environment.

Managing production commands and scripts manually is a tedious and error-prone process that often leads to significant downtime and operational headaches.

Tuki Drake Meme

In the past, I've been one of the few senior engineers on a team trusted with production console access. This caused frustration for me since I could never fully disconnect, even during vacation, frustration for my team who had to sync with me even for minor changes, and frustration for customers whose support inquiries were delayed while waiting for my intervention.

In one case, I even accidentally deleted an entire table in production due to a typo in a command, and we had to take our app offline for several hours to complete a point-in-time restore. đŸ˜¬

I created Tuki to provide an alternative that mitigates the frustration, inefficiency, and risk of directly accessing the production console. Tuki also brings all the compliance features you need—auditing, RBAC, etc.—via Git.

PR with new script

With Tuki, you will write scripts in your normal code review process and then they will be executed in production upon merge.

While many complete GitOps solutions exists for deploying your entire production infrastructure, e.g., with Kubernetes, there is a lack of a single-purpose tools that fit the one-off task use case for teams with simpler deployment approaches. Tuki fills that gap :)

Project Status

Tuki is a newly launched open-source project that I extracted and generalized from a private company project and recently made available under the MIT license.

The current version works well with self-hosted servers, such as Kamal, and we'd love to collaborate with you to bring it to different configurations.

To collaborate on Tuki, please visit the project's Github repo: https://github.com/hundredwatt/tuki

To discuss Tuki or get help with your specific configuration, join our Discord: https://discord.gg/RTSnGZHh5Z

How It Works

To use Tuki, you will begin by deploying the utility as a service in your production environment.

Then you will create a harness that will run your scripts in production. Tuki will use the harness to execute your scripts in production. For example, this harness works with Ruby on Rails applications running on a Kamal-managed host:

#!/usr/bin/env sh

docker run -i --rm --network kamal --env-file ~/.kamal/apps/demo_rails_app/env/roles/web.env myregistry.com/demo_rails_app:latest bin/rails runner -

Next, create a new, empty git repository where your scripts will leave. Add the harness file to .tuki/harness.sh in this repo.

gh repo create # or visit https://github.com/new
cp path/to/harness.sh .tuki/harness.sh
git add .
git commit -m "setting up Tuki"
git push

To connect the Github repository to Tuki, set the REPO_URL environment variable on the Tuki service to the repository's SSH URL (has format: git@github.com:<user>/<repository>.git).

Script repo ready to use with Tuki

Now you are ready to run your first script with Tuki! To do that:

  1. Write the script, here's an example for a Ruby on Rails app:
account_id = 6734
user_id = 81292

account = Account.find_by(id: account_id)
raise ActiveRecord::RecordNotFound, "Account #{account_id} not found" unless account

user = User.find_by(id: user_id)
raise ActiveRecord::RecordNotFound, "User #{user_id} not found" unless user

# Check if user is already an administrator
if account.administrators.include?(user)
  puts "User #{user.id} is already an administrator of Account #{account.id}"
  return false
end

# Add user as administrator
account.administrators << user
puts "Successfully added User #{user.id} as administrator to Account #{account.id}"
  1. Add the script to your git repository (you can name the file whatever you want) and then submit a PR

PR with new script

  1. When the PR is merged, the Tuki utility will see the new file and execute it

  2. Once the scripts completes, Tuki updates a state file in the repository and pushes it so you can see what happened

State file updated

Next Steps