Centralized CI/CD orchestration hub for multi-repository pipelines
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Project description
CI/CD Hub
Centralized CI/CD for Java and Python repos with config-driven toggles, reusable workflows, and a single hub that runs pipelines across many repositories.
[!NOTE] Refactor In Progress - We're aligning CLI/registry integration and doc automation. Some commands may be incomplete. See STATUS.md for current state.
Why CI/CD Hub?
| Problem | Solution |
|---|---|
| Hours writing YAML per repo | One CLI generates config + workflows in minutes |
| Copy-paste configs that drift | 3-tier merge (defaults → hub → repo) keeps everything in sync |
| Manually configuring 10+ tools | Schema-validated config with profiles that auto-configure tools |
| Debugging cryptic CI failures | Triage bundles with prioritized, actionable reports |
Who It's For
| Audience | Use Case |
|---|---|
| Hub/Org Admins | Centralized standards across many repos |
| Teams | Consistent CI gates across Python and Java |
| Maintainers | Minimal YAML, reproducible workflows |
Core Concepts
- Hub repo: hosts defaults, templates, workflows, and repo configs.
- Target repo: owns
.ci-hub.ymlfor per-repo overrides. - Merge order: defaults → hub config → repo config (repo wins).
CLI Flow (Short)
# Guided onboarding (interactive)
python -m cihub setup
# Or generate config + workflow directly
python -m cihub init --repo . --apply
# Run CI locally (uses .ci-hub.yml)
python -m cihub ci
Execution Modes
- Central mode: the hub clones repos and runs pipelines directly from a single workflow.
- Distributed mode: the hub dispatches workflows to each repo via caller templates and reusable workflows.
Pre-Push Validation
Run local checks before pushing:
cihub check # Fast: lint, format, type, test (~30s)
cihub check --audit # + links, adr, configs (~45s)
cihub check --security # + bandit, pip-audit, trivy, gitleaks (~2min)
cihub check --full # + templates, matrix, license, zizmor (~3min)
cihub check --all # Everything including mutation (~15min)
Other validation commands:
cihub validate --repo . # Validate .ci-hub.yml against schema
cihub run ruff --repo . # Run one tool, emit JSON
cihub verify --remote # Verify workflow contracts (requires gh auth)
cihub docs generate # Regenerate CLI/config reference docs
cihub docs check # Verify docs are up to date
Toolchains
Python
| Category | Tools |
|---|---|
| Testing | pytest, Hypothesis |
| Linting | Ruff, Black, isort |
| Types | mypy |
| Security | Bandit, pip-audit, Semgrep, Trivy |
| Mutation | mutmut |
| Container | Docker, SBOM |
Java
| Category | Tools |
|---|---|
| Testing | jqwik |
| Coverage | JaCoCo |
| Quality | Checkstyle, SpotBugs, PMD |
| Security | OWASP Dependency-Check, Semgrep, Trivy |
| Mutation | PITest |
| Container | Docker, SBOM |
Shared (Both Languages)
Semgrep, Trivy, CodeQL, SBOM, Docker
Quick Start
Central mode
# Run all repos
gh workflow run hub-run-all.yml -R jguida941/ci-cd-hub
# Run by group
gh workflow run hub-run-all.yml -R jguida941/ci-cd-hub -f run_group=fixtures
Distributed mode
- Create a PAT with
repo+workflowscopes. - Set
HUB_DISPATCH_TOKENvia CLI:
python -m cihub setup-secrets --all
- In each target repo:
python -m cihub init --repo . --apply
- Set
dispatch_enabled: trueinconfig/repos/<repo>.yaml.
Prerequisites
- Python 3.10+ (3.12 used in CI)
- GitHub Actions for workflow execution
- GitHub CLI (
gh) recommended for dispatching workflows
Debugging & Triage
Analyze CI failures:
cihub triage --latest # Triage most recent failed run
cihub triage --run <id> # Triage specific run by ID
Environment flags for debugging:
| Flag | Effect |
|---|---|
CIHUB_DEBUG=True |
Show tracebacks |
CIHUB_VERBOSE=True |
Show tool logs |
CIHUB_DEBUG_CONTEXT=True |
Show decision/context blocks |
CIHUB_EMIT_TRIAGE=True |
Write triage bundle to .cihub/ |
Triage outputs: .cihub/triage.json, priority.json, triage.md
Installation (local development)
python3 -m venv .venv
source .venv/bin/activate
pip install -r requirements/requirements-dev.txt
Documentation
| Doc | Description |
|---|---|
| Docs Index | Full map of guides, references, and development docs |
| Getting Started | Primary entry point for new users |
| CLI Reference | Generated from cihub docs generate |
| Config Reference | Generated from schema |
| Tools Reference | Tool registry and options |
| Troubleshooting | Common issues and fixes |
| Development Guide | Maintainer workflow |
| Current Status | Refactor progress |
Contributing
See CONTRIBUTING.md.
Security
See SECURITY.md.
License
Elastic License 2.0. See LICENSE.
Project details
Verified details
These details have been verified by PyPIProject links
GitHub Statistics
Maintainers
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
cihub-1.0.7.tar.gz
(674.1 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
cihub-1.0.7-py3-none-any.whl
(587.7 kB
view details)
File details
Details for the file cihub-1.0.7.tar.gz.
File metadata
- Download URL: cihub-1.0.7.tar.gz
- Upload date:
- Size: 674.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.12.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
bcf19dbd644e9aae543d6f46008a66f658dbab671b561e1ebb8606de2aad6acc
|
|
| MD5 |
06287912cdfa2051264648404ef1ef6a
|
|
| BLAKE2b-256 |
6fde1d2635f3d4720fd58e37eeb98c548c73af8f1dae3977a18afeb786b7359d
|
Provenance
The following attestation bundles were made for cihub-1.0.7.tar.gz:
Publisher:
publish-pypi.yml on jguida941/ci-cd-hub
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
cihub-1.0.7.tar.gz -
Subject digest:
bcf19dbd644e9aae543d6f46008a66f658dbab671b561e1ebb8606de2aad6acc - Sigstore transparency entry: 829095272
- Sigstore integration time:
-
Permalink:
jguida941/ci-cd-hub@163ad166e2b9b396fde3154886cd17e231772b04 -
Branch / Tag:
refs/tags/v1.0.7 - Owner: https://github.com/jguida941
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish-pypi.yml@163ad166e2b9b396fde3154886cd17e231772b04 -
Trigger Event:
push
-
Statement type:
File details
Details for the file cihub-1.0.7-py3-none-any.whl.
File metadata
- Download URL: cihub-1.0.7-py3-none-any.whl
- Upload date:
- Size: 587.7 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.12.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
f96bccdac33ac1daaa4487c087c9bad5df9177a678efc474e667a1c5a1ec7161
|
|
| MD5 |
537b184ec81920016bd7f5f59373e765
|
|
| BLAKE2b-256 |
a5f9ce990b3820d2c0123b38392875e2b15472c544fb8c2989beeaa89a8d143f
|
Provenance
The following attestation bundles were made for cihub-1.0.7-py3-none-any.whl:
Publisher:
publish-pypi.yml on jguida941/ci-cd-hub
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
cihub-1.0.7-py3-none-any.whl -
Subject digest:
f96bccdac33ac1daaa4487c087c9bad5df9177a678efc474e667a1c5a1ec7161 - Sigstore transparency entry: 829095276
- Sigstore integration time:
-
Permalink:
jguida941/ci-cd-hub@163ad166e2b9b396fde3154886cd17e231772b04 -
Branch / Tag:
refs/tags/v1.0.7 - Owner: https://github.com/jguida941
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
publish-pypi.yml@163ad166e2b9b396fde3154886cd17e231772b04 -
Trigger Event:
push
-
Statement type:
