Merge pull request #20 from NC3-LU/codex

new: [cicd] Add OCD generation workflow and CLAUDE.md

Author: SteveClement

.github/workflows/ocd.yml

@@ -0,0 +1,87 @@
+name: Generate Open Contributions Descriptor
+
+on:
+  schedule:
+    # Every Monday at 04:00 UTC
+    - cron: '0 4 * * 1'
+  workflow_dispatch:
+  push:
+    branches: ["theme_kode"]
+    paths:
+      - 'content/projects/**'
+      - 'data/authors/**'
+
+permissions:
+  contents: write
+
+defaults:
+  run:
+    shell: bash
+
+jobs:
+  generate-ocd:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          ref: theme_kode
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+
+      - name: Install dependencies
+        run: pip install requests
+
+      - name: Download OCD generator
+        run: |
+          curl -fsSL \
+            https://raw.githubusercontent.com/ossbase-org/Open-Contributions-Descriptor/refs/heads/main/bin/github-to-ocd.py \
+            -o github-to-ocd.py
+
+      - name: Generate OCD — CIRCL
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          python github-to-ocd.py \
+            --org CIRCL \
+            --domain code.lhc.lu \
+            --output ocd.json
+
+      - name: Merge OCD — NC3-LU
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          python github-to-ocd.py \
+            --org NC3-LU \
+            --domain code.lhc.lu \
+            --input ocd.json \
+            --merge-projects \
+            --output ocd.json
+
+      - name: Merge OCD — CybersecurityLuxembourg
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          python github-to-ocd.py \
+            --org CybersecurityLuxembourg \
+            --domain code.lhc.lu \
+            --input ocd.json \
+            --merge-projects \
+            --output ocd.json
+
+      - name: Install to static well-known
+        run: |
+          mkdir -p static/.well-known
+          cp ocd.json static/.well-known/open-contributions.json
+
+      - name: Commit and push if changed
+        run: |
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+          git add static/.well-known/open-contributions.json
+          git diff --cached --quiet && echo "No changes to OCD file." || \
+            git commit -m "upd: [ocd] Regenerate open-contributions.json" && \
+            git push

AGENTS.md

@@ -0,0 +1,44 @@
+# Repository Guidelines
+
+Use this guide when contributing to Code @ LHC's Hugo site to keep content consistent and builds reliable.
+
+## Project Structure & Module Organization
+- `content/` houses Markdown with TOML front matter; subfolders mirror site navigation and service areas. Prefer Hugo shortcodes (e.g. `readme`) over raw HTML embeds.
+- `layouts/` and `layouts/shortcodes/` override theme templates; keep page partials grouped by section to avoid collisions.
+- `assets/sass/` contains the SCSS processed by Hugo Extended; rely on the Hugo Pipes pipeline instead of committing compiled CSS.
+- `static/` serves images and downloads verbatim; store heavy media externally and link here only when needed.
+- `data/` exposes YAML/TOML snippets consumed by shortcodes, ideal for project inventories and shared content blocks.
+- `themes/kode` (active) and `themes/hugo-arcana` are git submodules; sync them before editing and avoid direct changes without upstream pull requests.
+- `public/` is generated build output; never edit it manually.
+
+## Build, Test, and Development Commands
+- `git submodule update --init --recursive` ensures theme sources are available after cloning or switching branches.
+- `hugo server -D --disableFastRender` runs a local preview with drafts enabled and reloads assets on each request (http://localhost:1313).
+- `hugo --cleanDestinationDir --gc --minify` mirrors the CI build, prunes unused assets, and writes fresh output to `public/`; run before pushing.
+- `hugo --panicOnWarning` catches missing resources, shortcode errors, or front matter issues during review.
+- `npm ci` (optional) installs theme tooling when a `package-lock.json` is introduced or updated.
+
+## Coding Style & Naming Conventions
+- Follow `.editorconfig`: 4-space indentation by default, 2 spaces for HTML/CSS/JS/YAML, tabs only in `Makefile`; always keep UTF-8 with LF endings and a trailing newline.
+- Author content in Markdown with TOML front matter; wrap prose near 100 characters and prefer semantic Markdown (lists, tables) over ad-hoc HTML.
+- Name new content files in `kebab-case.md`; include standard fields like `title`, `author`, `description`, `repository`, `weight`, and `draft`. Legacy files may differ—match nearby conventions when touching existing content.
+- Keep SCSS indented with two spaces and organized by component; do not commit generated CSS.
+- Place reusable snippets in `layouts/shortcodes/` instead of embedding raw HTML directly in content files.
+
+## Testing Guidelines
+- Toggle `draft = true` while iterating on new pages, flipping to `false` only when ready to publish.
+- Verify new or updated pages via `hugo server` and watch the terminal/browser console for warnings about missing resources or broken links.
+- Run `hugo --cleanDestinationDir --gc --minify` locally and spot-check `public/index.html` (or affected pages) for layout regressions.
+- Use `hugo --panicOnWarning` to fail fast on front matter or shortcode issues.
+- After Sass changes, confirm compiled styles in the browser and resolve any console warnings.
+- The repository has no automated unit tests; document manual verification steps in pull requests.
+
+## Commit & Pull Request Guidelines
+- Follow the existing `type: [scope] message` pattern (e.g. `new: [project] Add Range42`) using imperative verbs.
+- Group related changes per commit, separating content edits from theme updates to ease review.
+- Pull requests should link related issues, describe the change, list manual checks (commands run), and attach screenshots or GIFs for UI adjustments.
+- Confirm `hugo --cleanDestinationDir --minify` (and other relevant checks) passes before requesting review.
+
+## Security & Configuration Tips
+- Global settings live in `config/_default/`; review `params.toml` before introducing site-wide toggles.
+- The default `theme_kode` branch deploys via `.github/workflows/hugo.yml`; keep the pinned Hugo Extended (0.108.0) and Dart Sass versions updated together when bumping.

CLAUDE.md

@@ -0,0 +1,51 @@
+# CLAUDE.md
+
+This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
+
+## Project Overview
+
+**Code @ LHC** is a Hugo-based static site serving as the official open source software catalog for the Luxembourg House of Cybersecurity (LHC), showcasing cybersecurity projects from CIRCL and NC3-LU. Deployed to GitHub Pages from the `theme_kode` branch.
+
+## Commands
+
+```bash
+# Local development (port 1313, includes drafts, auto-reload)
+hugo server -D --disableFastRender
+
+# Production build (output to public/)
+hugo --minify --gc
+
+# After cloning or switching branches
+git submodule update --init --recursive
+```
+
+There are no automated tests — verify changes locally via `hugo server`, checking the console for warnings about missing resources or broken links.
+
+## Architecture
+
+**Stack:** Hugo v0.108.0, `kode` theme (git submodule), Dart Sass Embedded for SCSS compilation via Hugo Pipes.
+
+**Content model:**
+- `content/projects/*.md` — One file per project with TOML front matter: `title`, `author` (references `data/authors/*.toml`), `description`, `logo`, `weight` (sort order), `repository` (GitHub org/repo path). Body typically uses `{{< readme >}}` shortcode.
+- `layouts/shortcodes/readme.html` — Fetches each project's `README.md` from GitHub at **build time** using Hugo's `resources.GetRemote`. Requires the project's default branch to be `master`.
+- `data/homepage.yml` — Drives homepage sections (banner, highlights, CTA).
+- `data/authors/` — Author metadata (CIRCL.toml, NC3.toml) referenced by project front matter.
+- `config/_default/menus.toml` — Navigation config.
+- `assets/sass/custom.scss` — Site-specific SCSS compiled by Hugo Pipes.
+- `static/img/` — Project logos referenced by filename in project front matter.
+
+**Theme customization:** Override theme templates in the root `layouts/` directory. Do not edit `themes/kode/` directly — it is a git submodule.
+
+**Deployment:** GitHub Actions (`.github/workflows/hugo.yml`) triggers on push to `theme_kode` branch, builds with `HUGO_ENVIRONMENT=production`, and deploys `public/` to GitHub Pages.
+
+## Conventions
+
+**Commit messages:** `type: [scope] message`
+- Examples: `new: [project] Add Range42`, `fix: [cicd] Fixed out of date actions`, `new: [pic] Added scandale logo`
+- Common types: `new`, `fix`, `upd`, `del`
+
+**Files:** snake_case filenames, Markdown with TOML front matter, ~100 char line wrap, SCSS with 2-space indent.
+
+**Adding a project:** Create `content/projects/<name>.md` with TOML front matter, add logo to `static/img/`, ensure the GitHub repo's default branch is `master` for the readme shortcode to work.
+
+**Branch targeting:** All work destined for production must merge to `theme_kode` (not `main`/`master`).