Table of Contents
This repository contains the public content of the PullSec blog.
It includes writeups, technical notes, project pages, and public-facing markdown content used by the main Hugo site.
The blog engine, theme integration, layouts, and deployment workflows are managed separately in a private repository.
This separation keeps the architecture clean:
- content stays public
- the site engine stays private
- the deployment pipeline remains isolated
Important
This repository is intentionally content-only and is consumed by the main blog as a Git submodule.
flowchart LR
A[Local Content Editing<br/>Markdown + media]
B[Public Repository<br/>hugo-content]
C[Private Blog Engine<br/>hugo-fixit]
D[GitHub Actions]
E[Hugo Production Build]
F[Public Website<br/>pullsec.io]
A -->|git push| B
B -->|git submodule| C
C -->|trigger workflow| D
D -->|build site| E
E -->|deploy| F
| Stage | Component | Role | Description |
|---|---|---|---|
| Authoring | Local Workspace | Content creation | Write and update markdown content |
| Source | hugo-content | Public content store | Version control for published content |
| Integration | hugo-fixit | Site engine | Pulls content via Git submodule |
| CI/CD | GitHub Actions | Build automation | Generates and deploys the final static site |
| Deployment | GitHub Pages | Hosting | Serves the final website |
Note
This repository is public by design. Only the content is exposed.
The blog engine, configuration, layouts, and deployment logic are kept private.
| Repository | Visibility | Purpose |
|---|---|---|
hugo-content |
Public | Writeups, posts, pages, and public media |
hugo-fixit |
Private | Hugo engine, config, layouts, workflows |
hugo-community |
Public | Giscus / GitHub Discussions backend |
about/ About page content
collections/ Collection taxonomy pages
categories/ Category taxonomy pages
friends/ Friends / blogroll page content
posts/ General blog articles
projects/ Project pages
tags/ Tag taxonomy pages
writeups/ Security writeups and walkthroughsNote
- Content is organized using Hugo-compatible markdown structure.
- Writeups should use page bundles whenever images or local assets are needed.
- Taxonomy folders are kept here so content remains fully separated from the engine.
git clone https://github.com/pullsec/hugo-content.git
cd hugo-contentgit add .
git commit -m "feat: add new writeup"
git pushAfter pushing content changes, the private blog repository must update its submodule pointer:
cd ../hugo-fixit
git submodule update --remote --merge content
git add content
git commit -m "chore: update content submodule"
git pushThis repository is intended to be mounted inside the main blog repository as:
content/
From the main private blog repository:
git submodule add https://github.com/pullsec/hugo-content.git contentIf already configured:
git submodule update --init --recursiveThis repository does not build the site by itself.
To preview content properly, use it through the main Hugo project (hugo-fixit) where the engine, theme, and layout logic are available.
Example from the main blog repository:
podman run --rm -it \
--userns=keep-id \
-p 1313:1313 \
-v "$PWD":/src:Z \
-w /src \
ghcr.io/gohugoio/hugo:v0.158.0 \
server --bind 0.0.0.0 --baseURL http://localhost:1313To maintain a clean separation between:
- editorial content
- site engine and configuration
- deployment and automation logic
Because the content itself is intended to be published and shared openly.
To avoid exposing internal site configuration, layout customizations, and deployment implementation.
Not as a full website.
It is a content source designed to be consumed by the main Hugo project.
test ruleset pipeline