Skip to content

Instantly share code, notes, and snippets.

View ralphbean's full-sized avatar

Ralph Bean ralphbean

302 followers · 48 following
  • Red Hat
  • Rochester, NY
View GitHub Profile
@ralphbean
ralphbean / stage-orchestration-models.md
Created April 8, 2026 18:15
Stage orchestration models comparison (PR #201 discussion)

Stage orchestration models

Three distinct mental models have emerged in the PR #201 discussion for how stages, sandboxes, scripts, and agents relate to each other. They agree on many things but differ on where orchestration logic lives and what runs inside vs. outside the sandbox.

Common ground

All three models agree on:

  • Pre-scripts and post-scripts run outside the sandbox (post needs git push, gh pr; pre may gather data the sandbox can't access).
  • The sandbox enforces network, filesystem, and process isolation.
@ralphbean
ralphbean / 0010-per-org-github-apps.md
Created April 2, 2026 14:38
Per-org GitHub Apps design decision — conversation and ADR

title: "10. Per-org GitHub Apps for agent identity" status: Proposed relates_to:

  • agent-architecture
  • agent-infrastructure
  • security-threat-model topics:
  • security
  • credentials
@ralphbean
ralphbean / content.sh
Last active June 17, 2025 19:21
Example file
#!/bin/sh
echo "hello world!"
@ralphbean
ralphbean / README.md
Last active January 6, 2025 21:36
Fedora Konflux Cluster
@ralphbean
ralphbean / Containerfile.embeder
Last active July 1, 2024 15:33
Embedded one container in another
FROM registry.redhat.io/ubi9/ubi:latest
RUN dnf -y install podman
# Change the graph root.
RUN sed -i 's/^graphroot = .*/graphroot = "\/usr\/lib\/containers\/storage"/' /etc/containers/storage.conf
# Ignore chown errors
RUN sed -i 's/#ignore_chown_errors = "false"/ignore_chown_errors = "true"/' /etc/containers/storage.conf
# TEST workaround for bootc-build-image error (maybe overlay issue)
@ralphbean
ralphbean / refresh-oci-copy-file.py
Last active July 6, 2024 00:53
refresh-oci-copy-file.py
#!/usr/bin/env python
""" Write oci-copy.yaml file based on latest data in hugginface
In order to get the latest revision:
$ python3 refresh-oci-copy-file.py prometheus-eval/prometheus-8x7b-v2.0
In order to get files and digests for a specific revision in the history:
$ python3 refresh-oci-copy-file.py --revision e0bb4692356a1738acf25f15180e9f025725b0f2 prometheus-eval/prometheus-8x7b-v2.0
@ralphbean
ralphbean / download.sh
Created May 29, 2024 20:31
download.sh
#!/bin/bash -e
# A script to pull down multiarch artifacts with conflicting names stored in a single image index
PULLSPEC=$1
REPO=$(echo $PULLSPEC | awk -F ':' '{ print $1 }')
TAG=$(echo $PULLSPEC | awk -F ':' '{ print $2 }')
IMAGE_INDEX=$(oras manifest fetch $PULLSPEC)
OUTPUT=output/
@ralphbean
ralphbean / expand-taskref.sh
Last active May 22, 2024 19:35
expand-taskref.sh
#!/bin/bash -e
# Given a filename with a pipelines-as-code pipelinerun and a task name within it
# remove the bundle taskref and replace it with an inline version of the task definition.
# For hacking.
filename=$1
taskname=$2
prefix=".spec.pipelineSpec"
kind=$(yq .kind "$filename")
@ralphbean
ralphbean / contributors-list.py
Created October 3, 2023 20:17
List contributors on a JIRA
#!/usr/bin/env python
import argparse
import os
import sys
import jira
def get_args():
@ralphbean
ralphbean / README.md
Created September 16, 2023 22:32
dnf lockfile resolution example