Compliance CLI

A unified deployment tool for webapp environments, replacing the bash-based deploy.sh script with a Go implementation.

Features

• Deploy to dev, preview, QA, and production environments
• Automatic binary updates
• Cross-platform support (Linux and macOS, both amd64 and arm64)
• Drop-in replacement for existing deploy.sh scripts

Installation

Option 1: Using the wrapper script (Recommended)

Copy this one-liner to your project's deploy script:

#!/usr/bin/env bash
curl -sL https://raw.githubusercontent.com/u2i/compliance-cli/main/scripts/deploy-wrapper.sh | bash -s -- "$@"

The wrapper will automatically:

• Download the latest binary on first use
• Cache it locally in ~/.local/bin
• Update it daily (or force update with COMPLIANCE_CLI_FORCE_UPDATE=true)

Option 2: Direct download

Download the binary for your platform from the releases page and place it in your PATH.

Option 3: Build from source

git clone https://github.com/u2i/compliance-cli.git
cd compliance-cli
make build
make install

Usage

The CLI maintains the same interface as the original deploy.sh script:

# Deploy to development
compliance-cli dev

# Deploy preview for PR
compliance-cli preview --pr-number 123

# Deploy to QA
compliance-cli qa

# Promote to production
compliance-cli prod --promote --release qa-abc123

Environment Variables

The following environment variables are required:

• PROJECT_ID - GCP project ID
• REGION - GCP region
• COMMIT_SHA - Git commit SHA
• SHORT_SHA - Short git commit SHA

These can also be provided as flags:

compliance-cli dev --project-id my-project --region us-central1 --commit-sha abc123 --short-sha abc

Examples

Development deployment

export PROJECT_ID=u2i-tenant-webapp-nonprod
export REGION=europe-west1
export COMMIT_SHA=$(git rev-parse HEAD)
export SHORT_SHA=$(git rev-parse --short HEAD)

compliance-cli dev

Preview deployment

compliance-cli preview --pr-number 123

QA deployment (typically triggered by CI on tag)

compliance-cli qa

Production promotion

compliance-cli prod --promote --release qa-abc123

Development

Building

make build         # Build for current platform
make release       # Build for all platforms
make test          # Run tests
make clean         # Clean build artifacts

Docker Image Build

The Docker image is automatically built and published to GitHub Container Registry via GitHub Actions.

Image Location

• Registry: ghcr.io/u2i/compliance-cli
• Pull command: docker pull ghcr.io/u2i/compliance-cli:latest

Automatic Builds

The GitHub workflow (.github/workflows/build-docker-image.yml) automatically triggers when:

• Code is pushed to the main branch
• Pull requests are created/updated
• Manually triggered via GitHub Actions UI

Features:

1. Builds multi-arch Docker images (linux/amd64, linux/arm64)
2. Pushes to GitHub Container Registry (ghcr.io)
3. Uses GitHub Actions cache for faster builds
4. Tags images with:
   • latest (for main branch)
   • main (for main branch)
   • pr-<number> (for pull requests)
   • main-<short-sha> (for main branch commits)
   • Custom tag (when manually triggered)

Manual Trigger

You can manually trigger a build from the GitHub Actions tab with an optional custom tag.

Google Cloud Build (Alternative)

To build and push to Google Container Registry:

gcloud builds submit --project=u2i-bootstrap --config=cloudbuild.yaml

This creates gcr.io/u2i-bootstrap/compliance-cli-builder images.

Release Process

1. Tag the release:

   git tag -a v1.0.0 -m "Release v1.0.0"
   git push origin v1.0.0

2. Build release artifacts:

   make release

3. Create GitHub release and upload the binaries from bin/

Migration from deploy.sh

To migrate from the bash deploy.sh to compliance-cli:

1. Replace the contents of your scripts/deploy.sh with:

   #!/usr/bin/env bash
   curl -sL https://raw.githubusercontent.com/u2i/compliance-cli/main/scripts/deploy-wrapper.sh | bash -s -- "$@"

2. No other changes needed - all existing CI/CD pipelines and scripts will continue to work.

License

Apache 2.0