AutoAudit is a M365 compliance automation platform built by several specialist teams. This monorepo centralizes all codebases—including backend services, APIs, compliance scanners, and frontends—enabling unified CI/CD, streamlined development, and rapid automated deployments to the cloud.
The repo follows the established modular structure:
/backend-api/security/frontend/engine/.github/workflows
Full commit history and traceability from team forks are preserved.
- Only trusted, verified releases from
stagingare merged intomain. - Direct commits are prohibited via branch protection rules.
- Changes in
maintrigger the production deployment workflows.
- Code scanning (CodeQL, Grype) and security validations run on every push or PR.
- Docker images are built and tagged for the
prodenvironment here. - Production deployments to Google Cloud Platform (GCP) will be triggered from this branch once configured.
- Currently, GCP deployment automation is being set up;
once complete, a GCP Cloud Build trigger will automatically build and deploy themainbranch code and push images into the GCP Artifact Registry.
- Production Docker images from the
mainbranch are tagged appropriately and pushed to:- Docker Hub - AutoAudit Services
- GCP Artifact Registry (once integration is complete)
- Individual service repos like Engine, Backend-API, Frontend, and Security have mirrored deployment artifacts.
- Only merges from
stagingoccur intomain, following stringent review and testing. - Emergency fixes require expedited team approval and follow strict policies.
- All merges are subject to passing full CI/CD and security gating.
For production deployment queries:
- Contact the DevOps lead managing GCP integration.
- Report critical issues with
mainbranch deployments on GitHub with relevant tags.