// the find
semaphoreui/semaphore
Modern UI and powerful API for Ansible, Terraform/OpenTofu/Terragrunt, PowerShell and other DevOps tools.
Semaphore is a self-hosted web UI and API for running Ansible playbooks, Terraform/OpenTofu, and shell scripts without touching the terminal. It fills the gap between raw CLI automation and a full CI/CD platform like Jenkins — simpler to operate, but with scheduling, RBAC, and a task history. Target audience is small-to-medium ops teams who are already heavy Ansible or Terraform users and want a UI layer without adopting AWX.
The multi-tool support is genuine — Ansible, Terraform, OpenTofu, Terragrunt, Bash, and PowerShell are all first-class, not afterthoughts. The runner architecture (distributed runners registered against a central server) means you can execute tasks close to your infrastructure without opening inbound firewall rules. Migration history goes back to v0.0.0 with versioned SQL files, so upgrades are traceable and rollback is possible. SQLite support for the zero-config case means you can actually try it in five minutes with a single Docker run.
The version numbering in migrations is chaotic — patch-level SQL files like v2.8.91 and v2.9.100 alongside .err.sql siblings suggest the migration system has had some rough patches; anyone who hit a failed migration in production knows how unpleasant that is. There is no native secret management: secrets live in 'Variable Groups' backed by the same DB, so a DB dump is a credential dump unless you wire up an external secret storage. The RBAC model is coarse — project-level roles only, no template-level or resource-level permissions, which means you can't give a developer run-only access to specific playbooks without giving them access to everything in the project. The community edition vs. pro split is increasingly visible in the codebase (see TerraformInventoryState_pro.go) but not well-documented in the README, so you may build a workflow that turns out to require a paid license.