Based on StrongDM Comply
A build pipeline that renders "policy-as-code" to "human friendly" artifacts: word processor docs, web files, EReader, PDF etc.
Value added:
- Enable enforcement of documentation change control via git/github workflow.
- Enforce documentation template style consistency.
- Include documentation TDD quality gates.
- Automate branching, tagging, version control, and archiving for policy documents!
To use this:
use the Dockerfile in the build/app directory to automate rendering of final artifacts
via github commit webhook trigger.
To render locally, do something like:
A. fork a documents templates repo to your GH Account:
soc2-policy-templates
B. clone it locally
cd ~
git clone https://github.com/gjyoung1974/soc2-policy-templates.gitC. make required edits to the Markdown code & then run docker
docker run --env gh_token=${GITHUB_TOKEN} --env gh_user=${GITHUB_USER} --env gh_email=${GITHUB_EMAIL} \
--env gh_repo="soc2-policy-templates" -v ~/soc2-policy-templates:/source gyoung/comply:latestD. Ultimately use a build system like CircleCI. Include a config.yml similar to the following in your templates repository:
version: 2
executorType: machine
jobs:
build:
working_directory: ~/source
docker:
machine:
image: circleci/classic:edge
steps:
- checkout
- run: docker run --env gh_token=${GITHUB_TOKEN} --env gh_user=${GITHUB_USER} --env gh_email=${GITHUB_EMAIL} --env gh_repo=${GITHUB_REPO} ${COMPLY_APP_IMAGE}