feat: brand assets + Pages site against the docs chrome

Andrew Dunnrequested to merge
andunn-brand-and-docs-site into main

What this MR ships

Three commits, one logical change: refresh the brand artifacts to the public-sector/reference v1.1.0 shape and publish a single-page docs site on GitLab Pages.

Brand artifacts

  • avatar.svg (256×256), hero.svg (1200×430), favicon.svg (64×64) redrawn against standards/repository/templates/ from the reference: paper canvas (#fbfaf8), ink (#1d1d1f), accent (Pajamas Orange #fc6d26), GITLAB PUBLIC SECTOR brand band inside the frame, Inter + JetBrains Mono type stack.
  • Glyph: spine + layered container. Vertical accent column on the left (the curated/signed binding) plus horizontal layer dividers on the right (the build layers). Same composition at three legibility tiers; the favicon strips dividers and keeps spine + frame.
  • Tagline (avatar tag + hero subline, same phrase verbatim per the repository SKILL): A curated kaniko for GitLab Runner. Drops the FIPS-strict lede — FIPS is a downstream variant, not the headline.
  • avatar.png and hero.png re-rendered (256×256 and 3600×1290).

Pages site

  • site/index.html — single static HTML, no build step. Consumes design/chrome/docs/ from the reference's Pages CDN. Site header band with brand + nav + theme toggle; <main class="page"> with one <header class="page-header"> and six <section class="section"> blocks for the content (Overview, Design, Variants, Use, Maintenance, Airgap); <footer class="site-footer"> at the bottom.
  • Content covers what a regulated buyer asks before adopting kaniko: what this is, how it's designed (six design choices with rationale), the seven-variant matrix, pull/verify/run flow, maintenance discipline (Renovate, patch refresh, pre-release gates, security response), and a replication recipe for airgapped consumers.
  • .gitlab-ci.yml gains a pages stage and job that copies site/ to public/ on push to main. Once Pages is enabled on the project, the site serves at https://gitlab-com.gitlab.io/public-sector/kaniko/.

README

  • Adds the GitLab Public Sector badge as the first badge per the repository SKILL (badge row order: estate → pipeline → license).
  • Ends with the canonical GitLab Public Sector, 2026. footer line that ties every Public Sector project together visually.

Why now

Pre-flip prep for the kaniko visibility change. The current public-flip sequence is kaniko + lab/rootless + lab/airgap-fips. All three need the reference's v1.1.0 visual baseline before the namespace's first public projects land.

Test plan

  • Pipeline runs the full build + scan + verify matrix (no test rules changed; only the pages stage was added).
  • Once merged on main, the pages job publishes the site; spot check https://gitlab-com.gitlab.io/public-sector/kaniko/ for chrome
    • content + the anchor sections (Overview, Design, Variants, Use, Maintenance, Airgap).
  • Repository SKILL self-conformance: avatar/hero/favicon present at repo root, badge row order correct, footer line present.
  • cosign verify and verify-attestation commands in the site work against a real release-tagged image digest.

🤖 Generated with Claude Code

Merge request reports