Github Action automatically enforce company policy on repositories using Repolinter.
Report Bug
·
Request Feature
Continuous Compliance makes it possible to enforce company policy on repositories. Continuous Compliance will automatically check your repository for mandatory files or requirements. When possible, it will create detailed Github issue with instructions on how to resolve it.
At Philips we have been using this Action since mid 2022 without any problems. Head over to https://github.com/philips-labs/continuous-compliance-template to see how we organize this.
If you want to stay updated, hit the "Watch" button.
Philips was looking for a way to automatically enforce certain policy in their innersource philips-internal organization. After stumbling upon Repolinter and Newrelics Action, we decided we wanted something slightly different and more versatile. We started working on a fork of Repolinter, one that introduced the ability create different GitHub issues per rule that was broken. After having this specific functionality added, we needed a way to automatically check the 5000+ repositories within our internal organization. This is when Continuous Compliance was born. We have used it for several months internally, and learned a lot by doing so. By publishing the source code, we want to share it with a broader community. We have migrated our internal Continuous Compliance, to use this open source one(have to eat your own dog food!).
- Repolinter (forked, original here)
The easiest way to use this action is to add the following into your workflow file. Additional configuration might be necessary to fit your usecase. Add the following part in your workflow file: See Continuous-Compliance-Template for a full example on how to feed repos into Continuous Compliance and how to use Git as a local database.
continuous-compliance:
name: continuous-compliance
runs-on: ubuntu-20.04
steps:
- name: Create ruleset config
id: config
run: |
echo "ENCODED_RULESET=$(cat ./config/repolint.json | base64 -w 0)" >> $GITHUB_OUTPUT
- name: Perform repolinter on repositories
uses: philips-labs/[email protected]
with:
ruleset: ${{steps.config.outputs.ENCODED_RULESET}}
gh_token: ${{steps.token.outputs.token}}
target_repos: my-org/repo1,my-org/repo2| parameter | description | required | default |
|---|---|---|---|
| ruleset | Base64 encoded ruleset config file or url to ruleset config file. | true |
|
| gh_token | Github token that has permissions to create labels, issues and has read rights to view files. | true |
|
| target_repos | Target Repositories (my-org/repository,my-org/repository-2) | true |
To configure rules, you create a ruleset for Repolinter to use. There are different types of rules and fixes you can configure. The documentation can be found in the Repolinter repository.
Get started quickly by reading the information below.
Ensure you have the following installed:
- Bash
- Docker
The following IDE is recommended when working on this codebase:
-
Clone the repo.
git clone [email protected]:philips-labs/continuous-compliance-action.git
-
Build the docker image
docker build . -
Run the docker locally build docker image.
docker run IMAGE_ID_HERE
Our Docker image is available at GitHub Container Registry (ghcr).
GitHub Container Registry See all available images here. Run the Docker image by doing:
docker run ghcr.io/philips-labs/continuous-compliance:0.1The Docker image includes the repolinter project, and the scripts required to make Continuous Compliance work.
If you have a suggestion that would make this project better, please fork the repository and create a pull request. You can also simply open an issue with the tag "enhancement".
- Fork the Project
- Create your Feature Branch (
git checkout -b feature/AmazingFeature) - Commit your Changes (
git commit -m 'Add some AmazingFeature') - Push to the Branch (
git push origin feature/AmazingFeature) - Open a Pull Request
Please refer to the Contributing Guidelines for all the guidelines.
Distributed under the MIT License. See LICENSE for more information.
This project is inspired by: