PipelineConductor

Orchestrate and harmonize multi-repo CI/CD pipelines with policy-driven automation.

PipelineConductor is a tool for managing CI/CD pipeline consistency across hundreds of repositories. It scans repositories, evaluates them against Cedar policies, generates compliance reports, and can automatically remediate violations.

Features

Core

🏢 Multi-org scanning: Scan repositories across multiple GitHub organizations
📜 Policy-as-code: Define CI/CD policies using Cedar
⚙️ Profile system: Named configurations for different project types (default, modern, legacy)
📊 Compliance reports: Generate JSON, SARIF, Markdown, CSV, and HTML reports

Compliance Checking (v0.2.0)

✅ Reference repo matching: Check workflows against a reference repository
📁 Local filesystem scanning: Scan repositories without GitHub API
🤖 GitHub Action: Reusable action for CI/CD integration
🔧 Automated remediation: Generate missing workflows from templates
📈 Dashboard generation: Dashforge integration for visual compliance dashboards

Installation

go install github.com/plexusone/pipelineconductor/cmd/pipelineconductor@latest

Or build from source:

git clone https://github.com/plexusone/pipelineconductor.git
cd pipelineconductor
go build -o pipelineconductor ./cmd/pipelineconductor

Quick Start

Set your GitHub token:

export GITHUB_TOKEN=ghp_your_token_here

Scan your organization for policy compliance:

pipelineconductor scan --orgs myorg --output report.json

Check workflow compliance against a reference repository:

pipelineconductor check --orgs myorg --ref-repo plexusone/.github

Usage

Scan Command

Scan repositories for policy compliance:

# Basic scan
pipelineconductor scan --orgs myorg

# Multiple organizations
pipelineconductor scan --orgs org1,org2,org3

# Filter by language
pipelineconductor scan --orgs myorg --languages Go,Python

# Output to file
pipelineconductor scan --orgs myorg --output report.json --format json

Check Command

Check workflow compliance against a reference repository:

# Check organization repos against reference
pipelineconductor check --orgs myorg --ref-repo plexusone/.github

# Check with strict mode (require exact reusable workflow matches)
pipelineconductor check --orgs myorg --ref-repo plexusone/.github --strict

# Check local repositories
pipelineconductor check --local ~/projects --ref-repo plexusone/.github

# Output as HTML report
pipelineconductor check --orgs myorg --ref-repo plexusone/.github -f html -o report.html

Configuration File

Create ~/.pipelineconductor.yaml or .pipelineconductor.yaml:

github_token: ${GITHUB_TOKEN}
orgs:
  - myorg
  - otherorg
profile: default
verbose: true

GitHub Action

Use PipelineConductor in your CI/CD pipeline:

- name: Check Compliance
  uses: plexusone/[email protected]
  with:
    ref-repo: 'plexusone/.github'
    orgs: 'myorg'
    format: 'markdown'

Profiles

PipelineConductor uses profiles to define expected CI/CD configurations:

Profile	Go Versions	Platforms	Use Case
`default`	1.24, 1.25	Linux, macOS, Windows	Standard projects
`modern`	1.25	Linux, macOS	Latest features
`legacy`	1.12	Linux	Older projects

Documentation

Full documentation is available at plexusone.github.io/pipelineconductor

Architecture

┌─────────────────────────────────────────────────────────────────┐
│                     PipelineConductor CLI                       │
├─────────────────────────────────────────────────────────────────┤
│  ┌──────────────┐  ┌──────────────┐  ┌───────────────────────┐  │
│  │  Collectors  │  │    Policy    │  │     Compliance        │  │
│  │ - GitHub API │  │    Engine    │  │ - Reference Matcher   │  │
│  │ - Local FS   │  │ - Cedar      │  │ - Workflow Generator  │  │
│  └──────────────┘  └──────────────┘  └───────────────────────┘  │
│                            │                                    │
│                    ┌───────┴────────┐                           │
│                    │   pkg/model    │                           │
│                    └────────────────┘                           │
└─────────────────────────────────────────────────────────────────┘

Contributing

Contributions are welcome! Please see CONTRIBUTING.md for guidelines.

License

MIT License - see LICENSE for details.

Name		Name	Last commit message	Last commit date
Latest commit History 65 Commits
.github		.github
configs/profiles		configs/profiles
docs		docs
examples		examples
internal		internal
pkg/model		pkg/model
policies/examples		policies/examples
recipes		recipes
schema		schema
scripts		scripts
.gitignore		.gitignore
.golangci.yaml		.golangci.yaml
CHANGELOG.json		CHANGELOG.json
CHANGELOG.md		CHANGELOG.md
LICENSE		LICENSE
MRD.md		MRD.md
PLAN_COMPLIANCE_SCAN.md		PLAN_COMPLIANCE_SCAN.md
PRD.md		PRD.md
README.md		README.md
ROADMAP.md		ROADMAP.md
TASKS.md		TASKS.md
TRD.md		TRD.md
action.yaml		action.yaml
go.mod		go.mod
go.sum		go.sum
mkdocs.yml		mkdocs.yml

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

PipelineConductor

Features

Core

Compliance Checking (v0.2.0)

Installation

Quick Start

Usage

Scan Command

Check Command

Configuration File

GitHub Action

Profiles

Documentation

Architecture

Contributing

License

About

Uh oh!

Releases 2

Contributors

Uh oh!

Languages

Folders and files

Latest commit

History

Repository files navigation

PipelineConductor

Features

Core

Compliance Checking (v0.2.0)

Installation

Quick Start

Usage

Scan Command

Check Command

Configuration File

GitHub Action

Profiles

Documentation

Architecture

Contributing

License

About

Resources

License

Contributing

Uh oh!

Stars

Watchers

Forks

Releases 2

Contributors

Uh oh!

Languages