Skip to content

Commit

Permalink
Merge pull request #9 from DIVD-NL/build_and_security_headers
Browse files Browse the repository at this point in the history
This makes the local site behave just like the hosted version
  • Loading branch information
MrSeccubus authored Oct 19, 2023
2 parents 62369b1 + f9a35c0 commit b56e31f
Show file tree
Hide file tree
Showing 4 changed files with 42 additions and 32 deletions.
48 changes: 16 additions & 32 deletions .github/workflows/build_pages_native.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,43 +16,27 @@ jobs:
uses: actions/checkout@v3
# with:
# fetch-depth: 0
- name: Set up Node.js ${{ matrix.node-version }}
uses: actions/setup-node@v3
with:
node-version: 20
cache: yarn
- name: Next cache
uses: actions/cache@v3
with:
# See here for caching with `yarn` https://github.com/actions/cache/blob/main/examples#node---yarn or you can leverage caching with actions/setup-node https://github.com/actions/setup-node
path: |
${{ github.workspace }}/.next/cache
# Generate a new cache whenever packages or source files change.
key: ${{ runner.os }}-nextjs-${{ hashFiles('**/package.json') }}-${{ hashFiles('**.[jt]s', '**.[jt]sx') }}
# If source files changed but packages didn't, rebuild from a prior cache.
restore-keys: |
${{ runner.os }}-nextjs-${{ hashFiles('**/package.json') }}
- name: Yarn
run: yarn
- name: Setup Hugo
uses: peaceiris/actions-hugo@v2
- name: Build
run: yarn build
- name: "Fix security.txt"
run: mkdir out/.well-known && (cd out/.well-known && ln -s ../security.txt) && ls -al out/.well-known
- name: ".htaccess"
run: cp .htaccess out/
- name: Test HTML code
run: |
sudo apt-get update -y
sudo apt-get install python3-pip libcurl4 -y
pip3 install html5validator
sudo gem install --no-document html-proofer
./proof_html.sh || exit 0
run: hugo --minify
# - name: "Fix security.txt"
# run: mkdir public/.well-known && (cd public/.well-known && ln -s ../security.txt) && ls -al public/.well-known
# - name: ".htaccess"
# run: cp .htaccess public/
# - name: Test HTML code
# run: |
# sudo apt-get update -y
# sudo apt-get install python3-pip libcurl4 -y
# pip3 install html5validator
# sudo gem install --no-document html-proofer
# ./proof_html.sh || exit 0
- name: rsync deploy
uses: burnett01/[email protected]
if: ${{ github.ref == 'refs/heads/main' }}
with:
switches: -avzr --delete
path: out/
path: public/
remote_path: htdocs/beta
remote_host: ${{ secrets.DEPLOY_HOST }}
remote_user: ${{ secrets.DEPLOY_USER }}
Expand All @@ -61,4 +45,4 @@ jobs:
uses: JamesIves/github-pages-deploy-action@v4
if: ${{ github.ref == 'refs/heads/main' }}
with:
folder: out/admin # The folder the action should deploy.
folder: /admin # The folder the action should deploy.
11 changes: 11 additions & 0 deletions hugo.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -16,3 +16,14 @@ languages:
languageDirection: ltr
languageName: Nederlands
weight: 2

server:
headers:
- for: /**
values:
Strict-Transport-Security: "max-age=63072000; includeSubdomains;"
X-Frame-Options: "DENY"
X-Content-Type-Options: "nosniff"
X-XSS-Protection: "1; mode=block"
Content-Security-Policy: "default-src 'none'; font-src 'self'; img-src 'self' data:; script-src 'self' https://unpkg.com/; style-src 'self'; connect-src 'self';"
Referrer-Policy: "same-origin"
File renamed without changes.
15 changes: 15 additions & 0 deletions static/.well-known/security.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
# Found a bug? Report it here:
Contact: https://app.zerocopter.com/en/rd/f9afbf32-ce59-48ed-96f2-ac4410595aa4
Contact: https://app.zerocopter.com/nl/rd/f9afbf32-ce59-48ed-96f2-ac4410595aa4
Contact: https://app.zerocopter.com/de/rd/f9afbf32-ce59-48ed-96f2-ac4410595aa4
Contact: https://app.zerocopter.com/fr/rd/f9afbf32-ce59-48ed-96f2-ac4410595aa4

Preferred-Languages: en, nl, de, fr
Expires: 2025-01-01T00:01:00.000Z

# Vulnerability Disclosure Policy
Policy: https://www.divd.nl/security/

# DIVD is a non-profit organisation run by volunteers. If you want to help out as a volunteer, please free to reach out to us:
Hiring: https://www.divd.nl/join/

0 comments on commit b56e31f

Please sign in to comment.