docs: add Gemara documentation site

Introduces foundational documentation infrastructure for Gemara:
- Jekyll-based documentation site (docs/)
- GitHub Actions workflow for automated deployment
- Makefile targets for local development
- Dependabot bundler configuration

Partially resolves #155

Signed-off-by: sonupreetam <[email protected]>

Author: sonupreetam

.github/dependabot.yaml

@@ -27,3 +27,16 @@ updates:
         update-types:
           - "minor"
           - "patch"
+  - package-ecosystem: "bundler"
+    directory: "/docs"
+    schedule:
+      interval: "weekly"
+    commit-message:
+      prefix: "chore(deps)"
+    labels: ["ruby", "dependencies"]
+    groups:
+      dependencies:
+        applies-to: version-updates
+        update-types:
+          - "minor"
+          - "patch"

.github/workflows/jekyll-site.yml

@@ -0,0 +1,79 @@
+name: Jekyll Site CI/CD
+
+on:
+  # Test on pull requests
+  pull_request:
+    paths:
+      - 'docs/**'
+      - 'schemas/**'
+      - '.github/workflows/jekyll-site.yml'
+
+  # Deploy on pushes to main
+  push:
+    branches:
+      - main
+    paths:
+      - 'docs/**'
+      - 'schemas/**'
+      - '.github/workflows/jekyll-site.yml'
+
+  # Allow manual workflow dispatch
+  workflow_dispatch:
+
+# Sets permissions of the GITHUB_TOKEN to minimum required
+permissions:
+  contents: read
+  pages: write
+  id-token: write
+
+# Allow only one concurrent deployment
+concurrency:
+  group: ${{ github.event_name == 'push' && 'pages' || format('pr-{0}', github.event.pull_request.number) }}
+  cancel-in-progress: false
+
+jobs:
+  # Build and test job
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          persist-credentials: false
+
+      - name: Setup Pages
+        if: github.event_name == 'push' && github.ref == 'refs/heads/main'
+        id: pages
+        uses: actions/configure-pages@983d7736d9b0ae728b81ab479565c72886d7745b # v5.0.0
+
+      - name: Build with Jekyll
+        uses: actions/jekyll-build-pages@44a6e6beabd48582f863aeeb6cb2151cc1716697 # v1.0.13
+        with:
+          source: ./docs
+          destination: ./docs/_site
+
+      - name: Test HTML
+        run: |
+          # Check that key pages were generated
+          echo "Verifying generated pages..."
+          test -f docs/_site/index.html || { echo "Error: Missing index.html"; exit 1; }
+          echo "Success: All expected pages generated successfully"
+
+      - name: Upload artifact for GitHub Pages
+        if: github.event_name == 'push' && github.ref == 'refs/heads/main'
+        uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # v3.0.1
+        with:
+          path: docs/_site
+
+  # Deployment job (only runs on push to main)
+  deploy:
+    if: github.event_name == 'push' && github.ref == 'refs/heads/main'
+    environment:
+      name: github-pages
+      url: ${{ steps.deployment.outputs.page_url }}
+    runs-on: ubuntu-latest
+    needs: build
+    steps:
+      - name: Deploy to GitHub Pages
+        id: deployment
+        uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4.0.5

Makefile

@@ -71,4 +71,52 @@ lintinsights:
 	@rm schema.cue
 	@echo "  >  Linting security-insights.yml complete."
 
-PHONY: tidy test testcov lintcue cuegen dirtycheck lintinsights
+# Documentation site targets
+CONTAINER_CMD := $(shell command -v podman 2> /dev/null || command -v docker 2> /dev/null)
+VOLUME_FLAGS := $(shell [ "$$(uname -s)" = "Linux" ] && echo ":Z" || echo "")
+
+check-container:
+	@if [ -z "$(CONTAINER_CMD)" ]; then \
+		echo "ERROR: Neither podman nor docker found."; \
+		exit 1; \
+	fi
+
+serve: check-container
+	@echo "  >  Starting Jekyll documentation site..."
+	@echo "  >  Using container runtime: $(CONTAINER_CMD)"
+	@$(CONTAINER_CMD) stop gemara-docs 2>/dev/null || true
+	@$(CONTAINER_CMD) rm gemara-docs 2>/dev/null || true
+	@echo "  >  Site will be available at: http://localhost:4000"
+	@echo ""
+	@$(CONTAINER_CMD) run --rm \
+		--name gemara-docs \
+		--volume="$$PWD/docs:/srv/jekyll$(VOLUME_FLAGS)" \
+		--publish 4000:4000 \
+		--publish 35729:35729 \
+		docker.io/jekyll/jekyll:latest \
+		jekyll serve --host 0.0.0.0 --livereload --force_polling
+
+build: check-container
+	@echo "  >  Building Jekyll documentation site..."
+	@$(CONTAINER_CMD) run --rm \
+		--volume="$$PWD/docs:/srv/jekyll$(VOLUME_FLAGS)" \
+		docker.io/jekyll/jekyll:latest \
+		jekyll build
+
+clean: check-container
+	@echo "  >  Cleaning generated files..."
+	@rm -rf docs/_site docs/.jekyll-cache docs/.jekyll-metadata
+	@echo "  >  Stopping and removing any running containers..."
+	@$(CONTAINER_CMD) stop gemara-docs 2>/dev/null || true
+	@$(CONTAINER_CMD) rm gemara-docs 2>/dev/null || true
+	@echo "  >  Clean complete!"
+
+stop: check-container
+	@echo "  >  Stopping documentation server..."
+	@$(CONTAINER_CMD) stop gemara-docs 2>/dev/null || true
+	@$(CONTAINER_CMD) rm gemara-docs 2>/dev/null || true
+	@echo "  >  Server stopped!"
+
+restart: stop serve
+
+.PHONY: tidy test testcov lintcue cuegen dirtycheck lintinsights serve build clean stop restart check-container

docs/Gemfile

@@ -0,0 +1,29 @@
+source "https://rubygems.org"
+
+# Specify minimum Ruby version
+ruby ">= 3.0.0"
+
+# Jekyll version
+gem "jekyll", "~> 4.3.0"
+
+# Theme
+gem "minima", "~> 2.5"
+
+# Jekyll plugins
+group :jekyll_plugins do
+  gem "jekyll-feed", "~> 0.12"
+  gem "jekyll-seo-tag", "~> 2.8"
+  gem "jekyll-remote-theme", "~> 0.4"
+end
+
+# Platform-specific gems
+platforms :mingw, :x64_mingw, :mswin, :jruby do
+  gem "tzinfo", ">= 1", "< 3"
+  gem "tzinfo-data"
+end
+
+# Performance-booster for watching directories on Windows
+gem "wdm", "~> 0.1", :platforms => [:mingw, :x64_mingw, :mswin]
+
+# Lock `http_parser.rb` gem to `v0.6.x` on JRuby builds
+gem "http_parser.rb", "~> 0.6.0", :platforms => [:jruby]

docs/Gemfile.lock

@@ -0,0 +1,97 @@
+GEM
+  remote: https://rubygems.org/
+  specs:
+    addressable (2.8.7)
+      public_suffix (>= 2.0.2, < 7.0)
+    colorator (1.1.0)
+    concurrent-ruby (1.3.5)
+    em-websocket (0.5.3)
+      eventmachine (>= 0.12.9)
+      http_parser.rb (~> 0)
+    eventmachine (1.2.7)
+    ffi (1.17.2)
+    forwardable-extended (2.6.0)
+    google-protobuf (3.23.4)
+    http_parser.rb (0.8.0)
+    i18n (1.14.7)
+      concurrent-ruby (~> 1.0)
+    jekyll (4.3.4)
+      addressable (~> 2.4)
+      colorator (~> 1.0)
+      em-websocket (~> 0.5)
+      i18n (~> 1.0)
+      jekyll-sass-converter (>= 2.0, < 4.0)
+      jekyll-watch (~> 2.0)
+      kramdown (~> 2.3, >= 2.3.1)
+      kramdown-parser-gfm (~> 1.0)
+      liquid (~> 4.0)
+      mercenary (>= 0.3.6, < 0.5)
+      pathutil (~> 0.9)
+      rouge (>= 3.0, < 5.0)
+      safe_yaml (~> 1.0)
+      terminal-table (>= 1.8, < 4.0)
+      webrick (~> 1.7)
+    jekyll-feed (0.17.0)
+      jekyll (>= 3.7, < 5.0)
+    jekyll-remote-theme (0.4.3)
+      addressable (~> 2.0)
+      jekyll (>= 3.5, < 5.0)
+      jekyll-sass-converter (>= 1.0, <= 3.0.0, != 2.0.0)
+      rubyzip (>= 1.3.0, < 3.0)
+    jekyll-sass-converter (3.0.0)
+      sass-embedded (~> 1.54)
+    jekyll-seo-tag (2.8.0)
+      jekyll (>= 3.8, < 5.0)
+    jekyll-watch (2.2.1)
+      listen (~> 3.0)
+    kramdown (2.5.1)
+      rexml (>= 3.3.9)
+    kramdown-parser-gfm (1.1.0)
+      kramdown (~> 2.0)
+    liquid (4.0.4)
+    listen (3.9.0)
+      rb-fsevent (~> 0.10, >= 0.10.3)
+      rb-inotify (~> 0.9, >= 0.9.10)
+    mercenary (0.4.0)
+    minima (2.5.1)
+      jekyll (>= 3.5, < 5.0)
+      jekyll-feed (~> 0.9)
+      jekyll-seo-tag (~> 2.1)
+    pathutil (0.16.2)
+      forwardable-extended (~> 2.6)
+    public_suffix (5.1.1)
+    rake (13.3.1)
+    rb-fsevent (0.11.2)
+    rb-inotify (0.11.1)
+      ffi (~> 1.0)
+    rexml (3.4.4)
+    rouge (3.30.0)
+    rubyzip (2.4.1)
+    safe_yaml (1.0.5)
+    sass-embedded (1.58.3)
+      google-protobuf (~> 3.21)
+      rake (>= 10.0.0)
+    terminal-table (3.0.2)
+      unicode-display_width (>= 1.1.1, < 3)
+    unicode-display_width (2.6.0)
+    webrick (1.9.1)
+
+PLATFORMS
+  ruby
+
+DEPENDENCIES
+  http_parser.rb (~> 0.6.0)
+  jekyll (~> 4.3.0)
+  jekyll-feed (~> 0.12)
+  jekyll-remote-theme (~> 0.4)
+  jekyll-seo-tag (~> 2.8)
+  minima (~> 2.5)
+  tzinfo (>= 1, < 3)
+  tzinfo-data
+  wdm (~> 0.1)
+
+RUBY VERSION
+   ruby 3.1.1p18
+
+BUNDLED WITH
+   1.17.2

docs/_config.yml

@@ -0,0 +1,89 @@
+# Gemara Documentation Site Configuration
+
+title: Gemara
+description: >-
+  GRC Engineering Model for Automated Risk Assessment - A logical model to describe
+  compliance activities, their interactions, and schemas for automated interoperability.
+
+baseurl: ""
+url: ""
+
+titles_from_headings:
+  enabled:     true
+  strip_title: true
+
+# Author/Project info (displayed in footer)
+author:
+  name: Gemara Working Group
+  email: [email protected]
+
+# Build settings
+theme: minima
+plugins:
+  - jekyll-remote-theme
+  - jekyll-feed
+  - jekyll-seo-tag
+
+# Navigation
+header_pages:
+  - docs/index.md
+
+# Exclude from processing
+exclude:
+  - docs/Gemfile
+  - docs/Gemfile.lock
+  - docs/node_modules
+  - docs/vendor/bundle/
+  - docs/vendor/cache/
+  - docs/vendor/gems/
+  - docs/vendor/ruby/
+
+# Collections for better organization
+collections:
+  layers:
+    output: true
+    permalink: /:collection/:name/
+
+# Defaults
+defaults:
+  - scope:
+      path: ""
+      type: "pages"
+    values:
+      layout: "page"
+  - scope:
+      path: ""
+      type: "layers"
+    values:
+      layout: "page"
+
+# GitHub metadata
+repository: ossf/gemara
+github:
+  is_project_page: true
+
+# Set to `true` to show excerpts on the homepage.
+show_excerpts: false
+
+# Social Media Links.
+#   Renders icons via Font Awesome Free web fonts CDN, based on ordered list of
+#   entries. Valid entry keys:
+#     * title    Tooltip rendered on hovering over icon.
+#     * icon     Font Awesome icon id. `github` corresponds to `fa-github`.
+#     * url      Full URL of social profile.
+social_links:
+  - icon: github
+    url: "https://github.com/ossf"
+  - icon: x-twitter
+    url: "https://x.com/openssf"
+  - icon: bluesky
+    url: "https://bsky.app/profile/openssf.org"
+  - icon: linkedin
+    url: "https://www.linkedin.com/company/openssf/"
+
+# Markdown settings
+markdown: kramdown
+kramdown:
+  input: GFM
+  syntax_highlighter: rouge
+  toc_levels: "2"