Security & CI/CD

Thrum uses GitHub Actions for continuous integration, security scanning, and automated deployment. This guide covers the available workflows and how to configure them.

GitHub Actions Workflows

Documentation Deployment

File: .github/workflows/deploy-pages.yml

Automatically builds and deploys the documentation website to GitHub Pages.

Triggers:

Push to website-dev branch (changes in website/ directory)
Manual dispatch via GitHub Actions UI

Steps:

Checkout repository
Install Node.js dependencies (website/ directory)
Build docs (npm run build-docs) — generates HTML, search index, navigation index
Deploy website/ directory to GitHub Pages

# Manual trigger
gh workflow run deploy-pages.yml

Security Scanning

Additional security scanning workflows are planned for a future release.

Branch Protection

The repository uses branch-based workflows:

Branch	Purpose	Deployment
`main`	Stable release branch	Production merges
`website-dev`	Documentation website	GitHub Pages auto-deploy
`feature/*`	Feature development	CI checks on PR

Local Development

Building Docs Locally

cd website
npm install
npm run build-docs

Running the Dev Server

cd website
npm run serve
# Visit http://localhost:8080

Syncing Docs

To sync website/docs/ (with frontmatter) to docs/ (clean markdown):

cd website
./scripts/sync-docs.sh          # sync all changed files
./scripts/sync-docs.sh --dry-run  # preview changes

Tailscale Security

For remote access and cross-machine synchronization, Thrum uses Tailscale as the primary security model. Tailscale provides end-to-end WireGuard encryption, zero-trust networking, and automatic key rotation. See Tailscale Security for detailed security model and threat analysis.

Next Steps

Development Guide — full contributing guide including testing, building, and adding new features
Tailscale Security — the security model for remote access and cross-machine sync
Architecture — system design overview before contributing to the codebase
Quickstart Guide — get Thrum running locally in 5 minutes