♻️ Refactor and Upgrade

.github/dependabot.yml

@@ -1,9 +1,6 @@
-# To get started with Dependabot version updates, you'll need to specify which
-# package ecosystems to update and where the package manifests are located.
-# Please see the documentation for all configuration options:
-# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
-
+---
 version: 2
+
 updates:
   - package-ecosystem: "github-actions"
     directory: "/"

.github/workflows/cicd-build-test.yml

@@ -0,0 +1,41 @@
+---
+name: ♻️ Build and Test
+
+on:
+  pull_request:
+    branches:
+      - main
+
+permissions: {}
+
+jobs:
+  build-test:
+    name: Build and Test
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - name: Checkout
+        id: checkout
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+      - name: Build
+        id: build
+        shell: bash
+        run: |
+          docker build --file Dockerfile --tag ministryofjustice/tech-docs-github-pages-publisher:latest .
+
+      - name: Package
+        id: package
+        shell: bash
+        run: |
+          docker run --rm \
+            --volume ${GITHUB_WORKSPACE}/test:/app \
+            ministryofjustice/tech-docs-github-pages-publisher:latest /usr/local/bin/package
+
+      - name: Lychee
+        id: lychee
+        uses: lycheeverse/lychee-action@c053181aa0c3d17606addfe97a9075a32723548a # v1.9.3
+        with:
+          args: --verbose --no-progress './**/*.md' './**/*.html' './**/*.erb' --accept 403,200,429
+          fail: true

.github/workflows/cicd-dependency-review.yml

@@ -1,20 +1,28 @@
-# Need a GitHub Advanced Security license to run this action on private repos.
-
+---
 name: ♻️ Dependency Review
+
 on:
   pull_request:
-    branch: main
+    types:
+        - edited
+        - opened
+        - reopened
+        - synchronize
 
-permissions:
-  contents: read
+permissions: {}
 
 jobs:
   dependency-review:
+    name: Dependency Review
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
     steps:
-      - name: Checkout Repository
-        uses: actions/checkout@v4
+      - name: Checkout
+        id: checkout
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
       - name: Dependency Review
-        uses: actions/dependency-review-action@v3
+        uses: actions/dependency-review-action@9129d7d40b8c12c1ed0f60400d00c92d437adcce # v4.1.3
         with:
           fail-on-severity: critical

.github/workflows/cicd-release.yml

@@ -0,0 +1,45 @@
+---
+name: ♻️ Release
+
+on:
+  push:
+    tags:
+      - "v*"
+
+permissions: {}
+
+jobs:
+  release:
+    name: Release
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - name: Checkout
+        id: checkout
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+      - name: Log in to Docker Hub
+        id: login_dockerhub
+        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Build and Push
+        id: build_and_push
+        uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
+        with:
+          push: true
+          tags: ministryofjustice/tech-docs-github-pages-publisher:${{ github.ref_name }}
+
+      - name: Report failure to Slack
+        id: slack_failure
+        if: always()
+        uses: ravsamhq/notify-slack-action@be814b201e233b2dc673608aa46e5447c8ab13f2 # v2.5.0
+        with:
+          status: ${{ job.status }}
+          notify_when: "failure"
+          notification_title: "Failed GitHub Action Run"
+        env:
+          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}

.gitignore

@@ -1,4 +1,14 @@
 .env
-
+.terraform/
+coverage/
+venv/
+env/
+.DS_STORE
 .vscode
-.idea
+*.code-workspace
+*.sha256
+terraform.tfstate
+test/docs
+test/artifact.tar
+test/config.rb
+test/Gemfile*

.lycheeignore

@@ -0,0 +1,2 @@
+https://ministryofjustice.github.io/tech-docs-github-pages-publisher
+https://github.com/ministryofjustice/tech-docs-github-pages-publisher

Dockerfile

@@ -1,29 +1,24 @@
-# Do not update to Ruby 3 until Gemfile dependencies are fixed
-FROM ruby:2.7.6-alpine3.15
+FROM docker.io/ruby:3.2.3-alpine3.19
 
-# These are needed to support building native extensions during
-# bundle install step
-RUN apk --update add --virtual build_deps build-base git
+ENV BUNDLER_VERSION="2.5.6"
 
-RUN addgroup -g 1000 -S appgroup \
-  && adduser -u 1000 --system appuser \
-  && adduser appuser appgroup \
-  && gem install bundler -v 2.4.22\
-  && bundle config
+RUN apk --update-cache --no-cache add \
+      build-base \
+      git \
+      nodejs
 
-# Required at runtime by middleman
-RUN apk add --no-cache nodejs
+RUN gem install bundler --version "${BUNDLER_VERSION}"
 
-WORKDIR /app
+# Adding package and preview scripts
+COPY bin/ /usr/local/bin/
+
+# Copy Gemfile and Gemfile.lock, install gems and store them for packaging and preview scripts
+WORKDIR /opt/publisher
 
-COPY Gemfile Gemfile.lock ./
+COPY src/opt/publisher/ /opt/publisher/
 
 RUN bundle install
 
-# Stash a copy of the config.rb, Gemfile and Gemfile.lock Middleman need these
-# later, because documentation repos won't have them.
-RUN mkdir /stashed-files
-COPY config.rb Gemfile Gemfile.lock /stashed-files/
+WORKDIR /app
 
-RUN mkdir /publishing-scripts
-COPY scripts/* /scripts/
+ENTRYPOINT ["/bin/sh"]

LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2020-2022 Crown Copyright (Ministry of Justice)
+Copyright (c) 2020-2024 Crown Copyright (Ministry of Justice)
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal