Feature: Configuration Templates Generator #10
Description
Feature: Configuration Templates Generator
Summary
Provide a command to generate compliance configuration templates for common use cases, making it easier for teams to get started with the GitHub Compliance CLI without writing YAML from scratch.
Problem Statement
Creating a comprehensive compliance configuration requires deep knowledge of:
- Available checks and their options
- YAML syntax and structure
- Security best practices
- Industry compliance standards
New users often struggle to create their first configuration, and even experienced users would benefit from pre-built templates for common scenarios.
Proposed Solution
Add an init command with an interactive wizard that generates tailored configuration files based on user requirements, industry standards, and best practices.
Detailed Design
Command Line Interface
# Interactive wizard
github-compliance-cli init
# Generate specific template
github-compliance-cli init --template startup
github-compliance-cli init --template enterprise
github-compliance-cli init --template open-source
# Generate from compliance standard
github-compliance-cli init --standard sox
github-compliance-cli init --standard iso27001
github-compliance-cli init --standard hipaa
# Non-interactive with options
github-compliance-cli init --name "My Org Compliance" --org my-org --checks all --output my-compliance.yml
# List available templates
github-compliance-cli init --list-templates
# Validate existing config
github-compliance-cli validate --config compliance.ymlAvailable Templates
1. Startup Template
# Minimal security for small teams
version: 1
organization: "${GITHUB_ORG}"
defaults:
merge_methods:
allow_squash_merge: true
allow_rebase_merge: false
branch_protection:
patterns: ["main"]
required_pull_request_reviews:
required_approving_review_count: 1
security:
dependabot_alerts: true
secret_scanning: "enabled"2. Enterprise Template
# Comprehensive security for large organizations
version: 1
organization: "${GITHUB_ORG}"
defaults:
merge_methods:
allow_merge_commit: false
allow_squash_merge: true
allow_rebase_merge: false
branch_protection:
patterns: ["main", "master", "release/*"]
enforce_admins: true
required_pull_request_reviews:
dismiss_stale_reviews: true
required_approving_review_count: 2
require_code_owner_reviews: true
required_status_checks:
strict: true
contexts: ["ci/build", "ci/test", "security/scan"]
security:
secret_scanning: "enabled"
secret_scanning_push_protection: "enabled"
dependabot_alerts: true
dependabot_updates: true
code_scanning: true
permissions:
remove_individual_collaborators: true
teams:
- team: "security"
permission: "admin"
- team: "engineering"
permission: "write"
rules:
- match:
repositories: ["*-prod", "*-production"]
apply:
branch_protection:
required_pull_request_reviews:
required_approving_review_count: 33. Open Source Template
# Best practices for open source projects
version: 1
defaults:
merge_methods:
allow_merge_commit: true
allow_squash_merge: true
allow_rebase_merge: true
branch_protection:
patterns: ["main", "master"]
required_pull_request_reviews:
required_approving_review_count: 1
allow_force_pushes: false
allow_deletions: false
security:
secret_scanning: "enabled"
dependabot_alerts: true
repository_settings:
features:
has_issues: true
has_wiki: true
has_discussions: trueInteractive Wizard Flow
interface WizardQuestions {
organizationType: 'startup' | 'enterprise' | 'open-source' | 'custom';
organizationName: string;
complianceStandards: Array<'sox' | 'iso27001' | 'hipaa' | 'pci-dss' | 'none'>;
securityLevel: 'minimal' | 'balanced' | 'strict';
teamSize: 'small' | 'medium' | 'large';
repositoryTypes: Array<'production' | 'development' | 'documentation' | 'mixed'>;
existingTools: Array<'jenkins' | 'github-actions' | 'circleci' | 'gitlab-ci'>;
customRequirements: {
requireCodeOwners: boolean;
requireSignedCommits: boolean;
minReviewers: number;
allowDirectPushes: boolean;
requireStatusChecks: boolean;
};
}
class ConfigWizard {
async run(): Promise<ConfigFile> {
const answers = await this.askQuestions();
const template = this.selectTemplate(answers);
const config = this.generateConfig(template, answers);
return this.applyCustomizations(config, answers);
}
private selectTemplate(answers: WizardQuestions): Template {
// Logic to select best matching template
}
private applyComplianceStandard(config: ConfigFile, standard: string): ConfigFile {
// Apply standard-specific requirements
}
}Compliance Standards Mappings
SOX Compliance
const SOX_REQUIREMENTS = {
branch_protection: {
enforce_admins: true,
required_pull_request_reviews: {
required_approving_review_count: 2,
dismiss_stale_reviews: true
}
},
security: {
secret_scanning: "enabled",
code_scanning: true
},
audit: {
require_signed_commits: true,
maintain_audit_log: true
}
};HIPAA Compliance
const HIPAA_REQUIREMENTS = {
branch_protection: {
enforce_admins: true,
restrictions: {
teams: ["hipaa-authorized"]
}
},
security: {
secret_scanning: "enabled",
secret_scanning_push_protection: "enabled"
},
permissions: {
remove_individual_collaborators: true,
require_2fa: true
}
};Template Validation
class ConfigValidator {
validate(config: ConfigFile): ValidationResult {
const errors: ValidationError[] = [];
const warnings: ValidationWarning[] = [];
// Schema validation
this.validateSchema(config, errors);
// Logic validation
this.validateLogic(config, errors, warnings);
// Best practices
this.checkBestPractices(config, warnings);
return { valid: errors.length === 0, errors, warnings };
}
private validateLogic(config: ConfigFile, errors: ValidationError[]): void {
// Check for conflicting rules
// Verify team names exist
// Validate branch patterns
}
private checkBestPractices(config: ConfigFile, warnings: ValidationWarning[]): void {
// Warn about weak security settings
// Suggest improvements
}
}User Stories
- As a new user, I want to quickly generate a working configuration without reading documentation
- As a compliance officer, I want to ensure our config meets SOX requirements
- As a security engineer, I want to start with best practices and customize from there
- As an open source maintainer, I want appropriate settings for public repositories
Implementation Details
Template Engine
interface TemplateEngine {
loadTemplate(name: string): Template;
mergeTemplates(base: Template, overlay: Template): Template;
interpolateVariables(template: Template, vars: Variables): ConfigFile;
validateOutput(config: ConfigFile): ValidationResult;
}Migration Support
// Import from other tools
class ConfigMigrator {
fromGitHubSettings(repo: Repository): PartialConfig;
fromTerraform(tfConfig: string): PartialConfig;
fromAllstar(allstarConfig: string): PartialConfig;
}Testing Strategy
- Unit tests for template generation logic
- Integration tests for wizard flow
- Validation tests for all templates
- Compliance standard verification
- User acceptance testing with different personas
Documentation Needs
- Template reference guide
- Compliance standards mapping documentation
- Customization guide
- Migration guide from other tools
- Video tutorial for interactive wizard
Success Criteria
- Interactive wizard generates valid configurations
- All templates pass validation
- Compliance standards correctly implemented
- Templates cover 80% of common use cases
- Generation takes less than 30 seconds
- Clear documentation for each template
Dependencies
- Inquirer.js or similar for interactive prompts
- YAML schema validator
- Template engine (Handlebars/Mustache)
Open Questions
- Should templates be updatable post-generation?
- How to handle organization-specific customizations?
- Should we provide industry-specific templates (fintech, healthcare)?
- Integration with GitHub's own security policies?
- Version migration support for configuration changes?
Future Enhancements
- Online configuration builder (web UI)
- Template marketplace/sharing
- AI-powered configuration recommendations
- Drift detection from template
- Automatic template updates
- Export to Terraform/CloudFormation