pipelineconductor

module

v0.2.0 Latest Latest Go to latest Published: Apr 26, 2026 License: MIT

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/plexusone/pipelineconductor

Links

Open Source Insights

README ¶

PipelineConductor

Orchestrate and harmonize multi-repo CI/CD pipelines with policy-driven automation.

PipelineConductor is a tool for managing CI/CD pipeline consistency across hundreds of repositories. It scans repositories, evaluates them against Cedar policies, generates compliance reports, and can automatically remediate violations.

Features

Core

🏢 Multi-org scanning: Scan repositories across multiple GitHub organizations
📜 Policy-as-code: Define CI/CD policies using Cedar
⚙️ Profile system: Named configurations for different project types (default, modern, legacy)
📊 Compliance reports: Generate JSON, SARIF, Markdown, CSV, and HTML reports

Compliance Checking (v0.2.0)

✅ Reference repo matching: Check workflows against a reference repository
📁 Local filesystem scanning: Scan repositories without GitHub API
🤖 GitHub Action: Reusable action for CI/CD integration
🔧 Automated remediation: Generate missing workflows from templates
📈 Dashboard generation: Dashforge integration for visual compliance dashboards

Installation

go install github.com/plexusone/pipelineconductor/cmd/pipelineconductor@latest

Or build from source:

git clone https://github.com/plexusone/pipelineconductor.git
cd pipelineconductor
go build -o pipelineconductor ./cmd/pipelineconductor

Quick Start

Set your GitHub token:

export GITHUB_TOKEN=ghp_your_token_here

Scan your organization for policy compliance:

pipelineconductor scan --orgs myorg --output report.json

Check workflow compliance against a reference repository:

pipelineconductor check --orgs myorg --ref-repo plexusone/.github

Usage

Scan Command

Scan repositories for policy compliance:

# Basic scan
pipelineconductor scan --orgs myorg

# Multiple organizations
pipelineconductor scan --orgs org1,org2,org3

# Filter by language
pipelineconductor scan --orgs myorg --languages Go,Python

# Output to file
pipelineconductor scan --orgs myorg --output report.json --format json

Check Command

Check workflow compliance against a reference repository:

# Check organization repos against reference
pipelineconductor check --orgs myorg --ref-repo plexusone/.github

# Check with strict mode (require exact reusable workflow matches)
pipelineconductor check --orgs myorg --ref-repo plexusone/.github --strict

# Check local repositories
pipelineconductor check --local ~/projects --ref-repo plexusone/.github

# Output as HTML report
pipelineconductor check --orgs myorg --ref-repo plexusone/.github -f html -o report.html

Configuration File

Create ~/.pipelineconductor.yaml or .pipelineconductor.yaml:

github_token: ${GITHUB_TOKEN}
orgs:
  - myorg
  - otherorg
profile: default
verbose: true

GitHub Action

Use PipelineConductor in your CI/CD pipeline:

- name: Check Compliance
  uses: plexusone/[email protected]
  with:
    ref-repo: 'plexusone/.github'
    orgs: 'myorg'
    format: 'markdown'

Profiles

PipelineConductor uses profiles to define expected CI/CD configurations:

Profile	Go Versions	Platforms	Use Case
`default`	1.24, 1.25	Linux, macOS, Windows	Standard projects
`modern`	1.25	Linux, macOS	Latest features
`legacy`	1.12	Linux	Older projects

Documentation

Full documentation is available at plexusone.github.io/pipelineconductor

Architecture

┌─────────────────────────────────────────────────────────────────┐
│                     PipelineConductor CLI                       │
├─────────────────────────────────────────────────────────────────┤
│  ┌──────────────┐  ┌──────────────┐  ┌───────────────────────┐  │
│  │  Collectors  │  │    Policy    │  │     Compliance        │  │
│  │ - GitHub API │  │    Engine    │  │ - Reference Matcher   │  │
│  │ - Local FS   │  │ - Cedar      │  │ - Workflow Generator  │  │
│  └──────────────┘  └──────────────┘  └───────────────────────┘  │
│                            │                                    │
│                    ┌───────┴────────┐                           │
│                    │   pkg/model    │                           │
│                    └────────────────┘                           │
└─────────────────────────────────────────────────────────────────┘

Contributing

Contributions are welcome! Please see CONTRIBUTING.md for guidelines.

License

MIT License - see LICENSE for details.

Directories ¶

Path	Synopsis
internal
collector Package collector provides interfaces and implementations for collecting repository and workflow data from various sources.	Package collector provides interfaces and implementations for collecting repository and workflow data from various sources.
compliance Package compliance provides workflow compliance checking functionality.	Package compliance provides workflow compliance checking functionality.
dashboard Package dashboard provides dashboard generation from compliance results.	Package dashboard provides dashboard generation from compliance results.
policy Package policy provides Cedar policy evaluation for CI/CD compliance.	Package policy provides Cedar policy evaluation for CI/CD compliance.
remediator Package remediator provides workflow remediation and generation functionality.	Package remediator provides workflow remediation and generation functionality.
report Package report provides compliance report generation in multiple formats.	Package report provides compliance report generation in multiple formats.
pkg
model Package model provides core data structures for PipelineConductor.	Package model provides core data structures for PipelineConductor.
schema Package schema provides embedded JSON schemas for validation.	Package schema provides embedded JSON schemas for validation.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL