From 13f7496c3b015c78856bab747a4a59166216c64d Mon Sep 17 00:00:00 2001 From: Frank Breedijk Date: Wed, 18 Oct 2023 13:17:49 +0200 Subject: [PATCH 01/11] This makes the local site behave just like the hosted version --- hugo.yaml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/hugo.yaml b/hugo.yaml index 42e326fb..b0a7758c 100644 --- a/hugo.yaml +++ b/hugo.yaml @@ -16,3 +16,14 @@ languages: languageDirection: ltr languageName: Nederlands weight: 2 + +server: + headers: + - for: /** + values: + Strict-Transport-Security: "max-age=63072000; includeSubdomains;" + X-Frame-Options: "DENY" + X-Content-Type-Options: "nosniff" + X-XSS-Protection: "1; mode=block" + Content-Security-Policy: "default-src 'none'; font-src 'self'; img-src 'self' data:; script-src 'self' https://unpkg.com/; style-src 'self'; connect-src 'self';" + Referrer-Policy: "same-origin" From de81e3e2a8d195646b5a4172c949ed4fdf9c9c17 Mon Sep 17 00:00:00 2001 From: Frank Breedijk Date: Wed, 18 Oct 2023 15:00:15 +0200 Subject: [PATCH 02/11] Adjusted buidl prcess --- .github/workflows/build_pages_native.yml | 44 ++++++++---------------- 1 file changed, 14 insertions(+), 30 deletions(-) diff --git a/.github/workflows/build_pages_native.yml b/.github/workflows/build_pages_native.yml index 16e5bebf..ab3cfa4d 100644 --- a/.github/workflows/build_pages_native.yml +++ b/.github/workflows/build_pages_native.yml @@ -10,49 +10,33 @@ on: jobs: build_and_test: - runs-on: ubuntu-latest + runs-on: alpine-latest steps: - name: Checkout code uses: actions/checkout@v3 # with: # fetch-depth: 0 - - name: Set up Node.js ${{ matrix.node-version }} - uses: actions/setup-node@v3 - with: - node-version: 20 - cache: yarn - - name: Next cache - uses: actions/cache@v3 - with: - # See here for caching with `yarn` https://github.com/actions/cache/blob/main/examples#node---yarn or you can leverage caching with actions/setup-node https://github.com/actions/setup-node - path: | - ${{ github.workspace }}/.next/cache - # Generate a new cache whenever packages or source files change. - key: ${{ runner.os }}-nextjs-${{ hashFiles('**/package.json') }}-${{ hashFiles('**.[jt]s', '**.[jt]sx') }} - # If source files changed but packages didn't, rebuild from a prior cache. - restore-keys: | - ${{ runner.os }}-nextjs-${{ hashFiles('**/package.json') }} - - name: Yarn - run: yarn + - name: Setup prerequisites + run: apk add hugo - name: Build - run: yarn build + run: hugo - name: "Fix security.txt" - run: mkdir out/.well-known && (cd out/.well-known && ln -s ../security.txt) && ls -al out/.well-known + run: mkdir public/.well-known && (cd public/.well-known && ln -s ../security.txt) && ls -al public/.well-known - name: ".htaccess" run: cp .htaccess out/ - - name: Test HTML code - run: | - sudo apt-get update -y - sudo apt-get install python3-pip libcurl4 -y - pip3 install html5validator - sudo gem install --no-document html-proofer - ./proof_html.sh || exit 0 +# - name: Test HTML code +# run: | +# sudo apt-get update -y +# sudo apt-get install python3-pip libcurl4 -y +# pip3 install html5validator +# sudo gem install --no-document html-proofer +# ./proof_html.sh || exit 0 - name: rsync deploy uses: burnett01/rsync-deployments@5.2.1 if: ${{ github.ref == 'refs/heads/main' }} with: switches: -avzr --delete - path: out/ + path: public/ remote_path: htdocs/beta remote_host: ${{ secrets.DEPLOY_HOST }} remote_user: ${{ secrets.DEPLOY_USER }} @@ -61,4 +45,4 @@ jobs: uses: JamesIves/github-pages-deploy-action@v4 if: ${{ github.ref == 'refs/heads/main' }} with: - folder: out/admin # The folder the action should deploy. + folder: /admin # The folder the action should deploy. From 6eb747c5bb48c43adf78550233db5311a2643826 Mon Sep 17 00:00:00 2001 From: Frank Breedijk Date: Wed, 18 Oct 2023 15:17:34 +0200 Subject: [PATCH 03/11] Fixing error in workflow definition --- .github/workflows/build_pages_native.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build_pages_native.yml b/.github/workflows/build_pages_native.yml index ab3cfa4d..7c91afd0 100644 --- a/.github/workflows/build_pages_native.yml +++ b/.github/workflows/build_pages_native.yml @@ -10,14 +10,14 @@ on: jobs: build_and_test: - runs-on: alpine-latest + runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v3 # with: # fetch-depth: 0 - name: Setup prerequisites - run: apk add hugo + run: apt update && apt install -y hugo npm node - name: Build run: hugo - name: "Fix security.txt" From 9b3e91a27b8062f0d5894809914aafeb81020594 Mon Sep 17 00:00:00 2001 From: Frank Breedijk Date: Wed, 18 Oct 2023 15:19:00 +0200 Subject: [PATCH 04/11] Make me a sandwich --- .github/workflows/build_pages_native.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build_pages_native.yml b/.github/workflows/build_pages_native.yml index 7c91afd0..a6455c5f 100644 --- a/.github/workflows/build_pages_native.yml +++ b/.github/workflows/build_pages_native.yml @@ -17,7 +17,7 @@ jobs: # with: # fetch-depth: 0 - name: Setup prerequisites - run: apt update && apt install -y hugo npm node + run: sudo apt-get update && sudo apt-get install -y hugo npm node - name: Build run: hugo - name: "Fix security.txt" From 2e9a7a45fd3e6a98c3aaa933f19687d3d2ee1902 Mon Sep 17 00:00:00 2001 From: Frank Breedijk Date: Wed, 18 Oct 2023 15:22:41 +0200 Subject: [PATCH 05/11] Node is included --- .github/workflows/build_pages_native.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build_pages_native.yml b/.github/workflows/build_pages_native.yml index a6455c5f..0cd01ed7 100644 --- a/.github/workflows/build_pages_native.yml +++ b/.github/workflows/build_pages_native.yml @@ -17,7 +17,7 @@ jobs: # with: # fetch-depth: 0 - name: Setup prerequisites - run: sudo apt-get update && sudo apt-get install -y hugo npm node + run: sudo apt-get update && sudo apt-get install -y hugo npm - name: Build run: hugo - name: "Fix security.txt" From 92cf85e5b49bcb9311ccaaeb9f58157784f39c63 Mon Sep 17 00:00:00 2001 From: Frank Breedijk Date: Wed, 18 Oct 2023 15:26:58 +0200 Subject: [PATCH 06/11] Tell Hugo where the config is --- .github/workflows/build_pages_native.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build_pages_native.yml b/.github/workflows/build_pages_native.yml index 0cd01ed7..3aaeaa3a 100644 --- a/.github/workflows/build_pages_native.yml +++ b/.github/workflows/build_pages_native.yml @@ -19,7 +19,7 @@ jobs: - name: Setup prerequisites run: sudo apt-get update && sudo apt-get install -y hugo npm - name: Build - run: hugo + run: hugo --config hugo.yml - name: "Fix security.txt" run: mkdir public/.well-known && (cd public/.well-known && ln -s ../security.txt) && ls -al public/.well-known - name: ".htaccess" From 95437b17f803d02e83512e18720ee67022a24e24 Mon Sep 17 00:00:00 2001 From: Frank Breedijk Date: Wed, 18 Oct 2023 15:29:35 +0200 Subject: [PATCH 07/11] Debug --- .github/workflows/build_pages_native.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build_pages_native.yml b/.github/workflows/build_pages_native.yml index 3aaeaa3a..ee1eb557 100644 --- a/.github/workflows/build_pages_native.yml +++ b/.github/workflows/build_pages_native.yml @@ -19,7 +19,7 @@ jobs: - name: Setup prerequisites run: sudo apt-get update && sudo apt-get install -y hugo npm - name: Build - run: hugo --config hugo.yml + run: ls && pwd && hugo --config hugo.yml - name: "Fix security.txt" run: mkdir public/.well-known && (cd public/.well-known && ln -s ../security.txt) && ls -al public/.well-known - name: ".htaccess" From d9cfc481ee8b33fb4e0189f74e460a5195a54009 Mon Sep 17 00:00:00 2001 From: Frank Breedijk Date: Wed, 18 Oct 2023 15:31:16 +0200 Subject: [PATCH 08/11] Gevalletjes yaml --- .github/workflows/build_pages_native.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build_pages_native.yml b/.github/workflows/build_pages_native.yml index ee1eb557..c926ae86 100644 --- a/.github/workflows/build_pages_native.yml +++ b/.github/workflows/build_pages_native.yml @@ -19,7 +19,7 @@ jobs: - name: Setup prerequisites run: sudo apt-get update && sudo apt-get install -y hugo npm - name: Build - run: ls && pwd && hugo --config hugo.yml + run: ls && pwd && hugo --config hugo.yaml - name: "Fix security.txt" run: mkdir public/.well-known && (cd public/.well-known && ln -s ../security.txt) && ls -al public/.well-known - name: ".htaccess" From db237a2ced234df1bd310a11ff293adf18ced014 Mon Sep 17 00:00:00 2001 From: Frank Breedijk Date: Wed, 18 Oct 2023 16:05:36 +0200 Subject: [PATCH 09/11] Use a prebuilt action --- .github/workflows/build_pages_native.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build_pages_native.yml b/.github/workflows/build_pages_native.yml index c926ae86..bb8b2399 100644 --- a/.github/workflows/build_pages_native.yml +++ b/.github/workflows/build_pages_native.yml @@ -16,10 +16,10 @@ jobs: uses: actions/checkout@v3 # with: # fetch-depth: 0 - - name: Setup prerequisites - run: sudo apt-get update && sudo apt-get install -y hugo npm + - name: Setup Hugo + uses: peaceiris/actions-hugo@v2 - name: Build - run: ls && pwd && hugo --config hugo.yaml + run: hugo --minify - name: "Fix security.txt" run: mkdir public/.well-known && (cd public/.well-known && ln -s ../security.txt) && ls -al public/.well-known - name: ".htaccess" From f9a35c0fd43d28b4592009a412ff3ec5a2d0aab3 Mon Sep 17 00:00:00 2001 From: Frank Breedijk Date: Wed, 18 Oct 2023 16:10:54 +0200 Subject: [PATCH 10/11] Hugo has support for this --- .github/workflows/build_pages_native.yml | 8 ++++---- .htaccess => static/.htaccess | 0 static/.well-known/security.txt | 15 +++++++++++++++ 3 files changed, 19 insertions(+), 4 deletions(-) rename .htaccess => static/.htaccess (100%) create mode 100644 static/.well-known/security.txt diff --git a/.github/workflows/build_pages_native.yml b/.github/workflows/build_pages_native.yml index bb8b2399..e3cdcc19 100644 --- a/.github/workflows/build_pages_native.yml +++ b/.github/workflows/build_pages_native.yml @@ -20,10 +20,10 @@ jobs: uses: peaceiris/actions-hugo@v2 - name: Build run: hugo --minify - - name: "Fix security.txt" - run: mkdir public/.well-known && (cd public/.well-known && ln -s ../security.txt) && ls -al public/.well-known - - name: ".htaccess" - run: cp .htaccess out/ +# - name: "Fix security.txt" +# run: mkdir public/.well-known && (cd public/.well-known && ln -s ../security.txt) && ls -al public/.well-known +# - name: ".htaccess" +# run: cp .htaccess public/ # - name: Test HTML code # run: | # sudo apt-get update -y diff --git a/.htaccess b/static/.htaccess similarity index 100% rename from .htaccess rename to static/.htaccess diff --git a/static/.well-known/security.txt b/static/.well-known/security.txt new file mode 100644 index 00000000..a022363c --- /dev/null +++ b/static/.well-known/security.txt @@ -0,0 +1,15 @@ +# Found a bug? Report it here: +Contact: https://app.zerocopter.com/en/rd/f9afbf32-ce59-48ed-96f2-ac4410595aa4 +Contact: https://app.zerocopter.com/nl/rd/f9afbf32-ce59-48ed-96f2-ac4410595aa4 +Contact: https://app.zerocopter.com/de/rd/f9afbf32-ce59-48ed-96f2-ac4410595aa4 +Contact: https://app.zerocopter.com/fr/rd/f9afbf32-ce59-48ed-96f2-ac4410595aa4 + +Preferred-Languages: en, nl, de, fr +Expires: 2025-01-01T00:01:00.000Z + +# Vulnerability Disclosure Policy +Policy: https://www.divd.nl/security/ + +# DIVD is a non-profit organisation run by volunteers. If you want to help out as a volunteer, please free to reach out to us: +Hiring: https://www.divd.nl/join/ + From b289850c75e49112b346a3e43fdafe710f07ee56 Mon Sep 17 00:00:00 2001 From: Frank Breedijk Date: Thu, 19 Oct 2023 15:24:46 +0200 Subject: [PATCH 11/11] use relative admin path --- .github/workflows/build_pages_native.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build_pages_native.yml b/.github/workflows/build_pages_native.yml index e3cdcc19..13d11c8f 100644 --- a/.github/workflows/build_pages_native.yml +++ b/.github/workflows/build_pages_native.yml @@ -45,4 +45,4 @@ jobs: uses: JamesIves/github-pages-deploy-action@v4 if: ${{ github.ref == 'refs/heads/main' }} with: - folder: /admin # The folder the action should deploy. + folder: admin # The folder the action should deploy.