privacyguides/privacyguides.org
1
1
Fork 0
mirror of https://github.com/privacyguides/privacyguides.org.git synced 2026-05-19 09:51:20 +00:00
Code Issues Activity

ci!: Update PR workflows for Hugo

Browse Source
This commit is contained in:
Jonah Aragon
2026-05-18 12:25:39 -05:00
parent fc002416fd
commit 48da80aa62
15 changed files with 62 additions and 1714 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.devcontainer/devcontainer.json
+10 -1
View File
@@ -13,7 +13,16 @@
"mhutchie.git-graph",
"esbenp.prettier-vscode",
"tamasfe.even-better-toml",
"budparr.language-hugo-vscode"
"budparr.language-hugo-vscode",
"EditorConfig.EditorConfig",
"github.vscode-github-actions",
"bierner.github-markdown-preview",
"ms-vsliveshare.vsliveshare",
"ltex-plus.vscode-ltex-plus",
"yzhang.markdown-all-in-one",
"redhat.vscode-yaml",
"rvben.rumdl",
"kaellarkin.hugo-shortcode-syntax"
]
}
},
.github/workflows/build-blog.yml
-117
View File
@@ -1,117 +0,0 @@
name: 🛠️ Build Blog
on:
workflow_call:
inputs:
ref:
required: true
type: string
repo:
required: true
type: string
context:
type: string
default: deploy-preview
continue-on-error:
type: boolean
default: true
privileged:
type: boolean
default: true
permissions:
contents: read
jobs:
build:
runs-on: ubuntu-latest
continue-on-error: ${{ inputs.continue-on-error }}
permissions:
contents: read
steps:
- name: Add GitHub Token to Environment
run: |
echo "GH_TOKEN=${{ secrets.GITHUB_TOKEN }}" >> "$GITHUB_ENV"
- name: Download Repository
uses: actions/checkout@v4
with:
repository: ${{ inputs.repo }}
ref: ${{ inputs.ref }}
persist-credentials: "false"
fetch-depth: 0
- name: Download Submodules
uses: actions/download-artifact@v4
with:
pattern: repo-*
path: modules
- name: Move mkdocs-material-insiders to mkdocs-material
if: inputs.privileged
run: |
rmdir modules/mkdocs-material
mv modules/repo-mkdocs-material-insiders modules/mkdocs-material
- name: Move brand submodule to theme/assets/brand
run: |
rmdir theme/assets/brand
mv modules/repo-brand theme/assets/brand
- name: Install Python (pipenv)
if: inputs.privileged
uses: actions/setup-python@v5
with:
cache: "pipenv"
- name: Install Python (no pipenv)
if: ${{ !inputs.privileged }}
uses: actions/setup-python@v5
- name: Install Python Dependencies
if: inputs.privileged
run: |
pip install pipenv
pipenv install
sudo apt install pngquant
- name: Install Python Dependencies (Unprivileged)
if: ${{ !inputs.privileged }}
run: |
pip install mkdocs-material mkdocs-rss-plugin mkdocs-glightbox mkdocs-macros-plugin
sudo apt install pngquant
- name: Set base navigation URLs for production build
if: inputs.context == 'production'
run: |
{
echo "MAIN_SITE_BASE_URL=https://www.privacyguides.org/en/"
echo "MAIN_SITE_ABOUT_URL=https://www.privacyguides.org/en/about/"
echo "MAIN_SITE_RECOMMENDATIONS_URL=https://www.privacyguides.org/en/tools/"
echo "MAIN_SITE_KNOWLEDGE_BASE_URL=https://www.privacyguides.org/en/basics/why-privacy-matters/"
echo "ARTICLES_SITE_BASE_URL=https://www.privacyguides.org/posts/tag/articles/"
echo "VIDEOS_SITE_BASE_URL=https://www.privacyguides.org/videos/"
echo "NEWS_SITE_BASE_URL=https://www.privacyguides.org/news/"
} >> "$GITHUB_ENV"
- name: Build Website (Privileged)
if: inputs.privileged
run: |
pipenv run mkdocs build --config-file mkdocs.blog.yml
- name: Build Website (Unprivileged)
if: ${{ !inputs.privileged }}
run: |
BUILD_INSIDERS=false mkdocs build --config-file mkdocs.blog.yml
- name: Package Website
run: |
tar -czf site-build-blog.tar.gz site
- name: Upload Site
uses: actions/upload-artifact@v4
with:
name: site-build-blog.tar.gz
path: site-build-blog.tar.gz
retention-days: 1
.github/workflows/build-container.yml
-99
View File
@@ -1,99 +0,0 @@
name: ☁️ Build Container
# Configures this workflow to run every release.
on:
release:
types: [published]
workflow_dispatch:
concurrency:
group: container-build
cancel-in-progress: true
permissions:
contents: read
packages: write
# Defines two custom environment variables for the workflow. These are used for the Container registry domain, and a name for the Docker image that this workflow builds.
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
# There is a single job in this workflow. It's configured to run on the latest available version of Ubuntu.
jobs:
submodule:
strategy:
matrix:
repo: [mkdocs-material-insiders, brand]
uses: privacyguides/.github/.github/workflows/download-repo.yml@main
with:
repo: ${{ matrix.repo }}
secrets:
ACTIONS_SSH_KEY: ${{ secrets.ACTIONS_SSH_KEY }}
build-and-push-image:
needs: submodule
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: actions/download-artifact@v4
with:
pattern: repo-*
path: modules
- run: |
rm -rf modules/mkdocs-material
mv modules/repo-mkdocs-material-insiders modules/mkdocs-material
rm -rf theme/assets/brand
mv modules/repo-brand theme/assets/brand
# Uses the `docker/login-action` action to log in to the Container registry registry using the account and password that will publish the packages. Once published, the packages are scoped to the account defined here.
- name: Log in to the Container registry
uses: docker/login-action@v3.3.0
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
# This step uses [docker/metadata-action](https://github.com/docker/metadata-action#about) to extract tags and labels that will be applied to the specified image. The `id` "meta" allows the output of this step to be referenced in a subsequent step. The `images` value provides the base name for the tags and labels.
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@v5.5.1
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: |
type=ref,event=branch
type=ref,event=tag
type=ref,event=pr
type=sha
flavor: |
latest=${{ github.event_name == 'release' }}
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
# This step uses the `docker/build-push-action` action to build the image, based on your repository's `Dockerfile`. If the build succeeds, it pushes the image to GitHub Packages.
# It uses the `context` parameter to define the build's context as the set of files located in the specified path. For more information, see "[Usage](https://github.com/docker/build-push-action#usage)" in the README of the `docker/build-push-action` repository.
# It uses the `tags` and `labels` parameters to tag and label the image with the output from the "meta" step.
- name: Build and push Docker image
uses: docker/build-push-action@v6.9.0
with:
context: .
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
platforms: linux/amd64,linux/arm64
cache-from: type=gha
cache-to: type=gha,mode=max
cleanup:
if: ${{ always() }}
needs: build-and-push-image
uses: privacyguides/.github/.github/workflows/cleanup.yml@main
.github/workflows/build-pr.yml
+4 -61
View File
@@ -47,19 +47,7 @@ jobs:
name: metadata
path: metadata
submodule:
needs: metadata
strategy:
matrix: ${{ fromJson(needs.metadata.outputs.submodules) }}
uses: privacyguides/.github/.github/workflows/download-repo.yml@main
with:
repo: ${{ matrix.repo }}
privileged: ${{ fromJSON(needs.metadata.outputs.privileged) }}
secrets:
ACTIONS_SSH_KEY: ${{ secrets.ACTIONS_SSH_KEY }}
build_english:
needs: [submodule, metadata]
strategy:
matrix:
lang: [en]
@@ -68,76 +56,31 @@ jobs:
with:
ref: ${{github.event.pull_request.head.ref}}
repo: ${{github.event.pull_request.head.repo.full_name}}
lang: en
continue-on-error: false
privileged: ${{ fromJSON(needs.metadata.outputs.privileged) }}
strict: true
secrets:
MEMBERS_API_URL: ${{ secrets.MEMBERS_API_URL }}
build_i18n:
if: ${{ contains(github.event.pull_request.labels.*.name, 'ci:build i18n') }}
needs: [submodule, metadata]
strategy:
matrix:
lang: [es, fr, he, it, nl, ru, zh-Hant, zh-TW]
fail-fast: false
uses: ./.github/workflows/build.yml
with:
ref: ${{github.event.pull_request.head.ref}}
repo: ${{github.event.pull_request.head.repo.full_name}}
lang: ${{ matrix.lang }}
continue-on-error: true
privileged: ${{ fromJSON(needs.metadata.outputs.privileged) }}
strict: true
secrets:
MEMBERS_API_URL: ${{ secrets.MEMBERS_API_URL }}
build_blog:
if: ${{ contains(github.event.pull_request.labels.*.name, 'ci:build blog') }}
needs: [submodule, metadata]
uses: ./.github/workflows/build-blog.yml
with:
ref: ${{github.event.pull_request.head.ref}}
repo: ${{github.event.pull_request.head.repo.full_name}}
continue-on-error: true
privileged: ${{ fromJSON(needs.metadata.outputs.privileged) }}
build_zimfile:
if: ${{ contains(github.event.pull_request.labels.*.name, 'ci:build zimfile') }}
needs: [submodule, metadata]
uses: ./.github/workflows/build-zimfile.yml
with:
ref: ${{github.event.pull_request.head.ref}}
repo: ${{github.event.pull_request.head.repo.full_name}}
combine_build:
needs: [build_english, build_i18n, build_blog]
if: |
(always() && !cancelled() && !failure()) &&
needs.build_english.result == 'success' &&
(needs.build_i18n.result == 'success' || needs.build_i18n.result == 'skipped') &&
(needs.build_blog.result == 'success' || needs.build_blog.result == 'skipped')
needs: build_english
runs-on: ubuntu-latest
steps:
- uses: actions/download-artifact@v4
with:
pattern: site-build-*
pattern: site-build.tar.gz
merge-multiple: true
- run: |
for file in *.tar.gz; do tar -zxf "$file"; done
ls -la site/
ls -la public/
- name: Upload Site
uses: actions/upload-artifact@v4
with:
name: site-build-combined
path: site
path: public
retention-days: 5
cleanup:
if: ${{ always() }}
needs: [build_english, build_i18n, build_blog, build_zimfile]
uses: privacyguides/.github/.github/workflows/cleanup.yml@main
.github/workflows/build-zimfile.yml
-609
View File
@@ -1,609 +0,0 @@
name: 🥝 Build Zimfile
on:
workflow_call:
inputs:
ref:
required: true
type: string
repo:
required: true
type: string
permissions:
contents: read
env:
VIDEOS_SITE_BASE_URL: https://www.privacyguides.org/videos/
NEWS_SITE_BASE_URL: https://www.privacyguides.org/news/
HOMEPAGE_CTA_ABOUT_LINK: about.html
HOMEPAGE_CTA_DONATE_LINK: about/donate.html
BUILD_OFFLINE: true
PRODUCTION: true
CARDS: false
GITREVISIONDATE: false
GITAUTHORS: false
jobs:
package_eng:
runs-on: ubuntu-latest
permissions:
contents: read
env:
LANGUAGE_SWITCHER: false
MAIN_SITE_BASE_URL: /en/index.html
MAIN_SITE_ABOUT_URL: /en/about.html
MAIN_SITE_RECOMMENDATIONS_URL: /en/tools.html
MAIN_SITE_KNOWLEDGE_BASE_URL: /en/basics/why-privacy-matters.html
ARTICLES_SITE_BASE_URL: /articles/index.html
steps:
- name: Add GitHub Token to Environment
run: |
echo "GH_TOKEN=${{ secrets.GITHUB_TOKEN }}" >> "$GITHUB_ENV"
- name: Download Repository
uses: actions/checkout@v4
with:
repository: ${{ inputs.repo }}
ref: ${{ inputs.ref }}
persist-credentials: "false"
fetch-depth: 0
- name: Download Submodules
uses: actions/download-artifact@v4
with:
pattern: repo-*
path: modules
- name: Move mkdocs-material-insiders to mkdocs-material
run: |
rmdir modules/mkdocs-material
mv modules/repo-mkdocs-material-insiders modules/mkdocs-material
- name: Move brand submodule to theme/assets/brand
run: |
rmdir theme/assets/brand
mv modules/repo-brand theme/assets/brand
- name: Install Python (pipenv)
uses: actions/setup-python@v5
with:
cache: "pipenv"
- name: Install Python Dependencies
run: |
pip install pipenv
pipenv install
sudo apt install pngquant
- name: Generate Donating Members List
env:
MEMBERS_API_URL: ${{ secrets.MEMBERS_API_URL }}
continue-on-error: true
run: |
pip install requests
python tools/generate-members.py > includes/members.md
- name: Build English
run: |
./run.sh --build --production --insiders --offline --lang=en
- name: Delete Unreferenced Assets
run: |
bash tools/delete-unreferenced.sh
env:
ASSETS_DIR: site/en/assets
SEARCH_DIR: site/en
- name: Run generate-topics.sh for top posts
run: |
bash tools/generate-topics.sh \
--source='https://discuss.privacyguides.net/top.json?period=weekly' \
--tag="top posts" \
--destination="./site/en/index.html" \
--count=3
- name: Run generate-topics.sh for latest posts
run: |
bash tools/generate-topics.sh \
--source='https://discuss.privacyguides.net/latest.json' \
--tag="latest posts" \
--destination="./site/en/index.html" \
--count=12
- name: Build Articles
run: |
pipenv run mkdocs build --config-file mkdocs.blog.yml
- name: Delete Unreferenced Assets
run: |
bash tools/delete-unreferenced.sh
env:
ASSETS_DIR: site/articles/assets
SEARCH_DIR: site/articles
- name: Remove Duplicate Files
run: |
cd site && bash ../tools/symlink-duplicates.sh
ln -s en/index.html index.html
ln -s en/about/notices.html license
cd ..
- name: Set zimfile name
run: |
echo "ZIMFILE_NAME=privacyguides.org_en_all_$(date +%Y)-$(date +%m).zim" >> "$GITHUB_ENV"
- name: Create ZIM File
uses: kohlerdominik/docker-run-action@44bd2138ca4f85c36b2fdc3966ef03518879f7f3
with:
image: ghcr.io/openzim/zim-tools:3.6.0
volumes: ${{ github.workspace }}:/data
run: |
zimwriterfs \
-w index.html \
-I en/assets/brand/logos/png/square/pg-yellow.png \
-l eng \
-t "Privacy Guides" \
-d "Your central privacy and security resource to protect yourself online." \
-c "Privacy Guides" \
-p "Privacy Guides" \
-e "https://www.privacyguides.org" \
-n "privacyguides.org_en_all" \
/data/site/ /data/${{ env.ZIMFILE_NAME }}
- name: Upload ZIM File
uses: actions/upload-artifact@v4
with:
path: ${{ env.ZIMFILE_NAME }}
name: ${{ env.ZIMFILE_NAME }}
compression-level: 0
- name: Run zimcheck
uses: kohlerdominik/docker-run-action@44bd2138ca4f85c36b2fdc3966ef03518879f7f3
continue-on-error: true
with:
image: ghcr.io/openzim/zim-tools:3.6.0
volumes: ${{ github.workspace }}:/data
run: |
zimcheck /data/${{ env.ZIMFILE_NAME }}
package_eng_kb:
runs-on: ubuntu-latest
permissions:
contents: read
env:
LANGUAGE_SWITCHER: false
ARTICLES_SITE_BASE_URL: https://www.privacyguides.org/posts/tag/articles/
NEWS_SITE_BASE_URL: https://www.privacyguides.org/news/
steps:
- name: Add GitHub Token to Environment
run: |
echo "GH_TOKEN=${{ secrets.GITHUB_TOKEN }}" >> "$GITHUB_ENV"
- name: Download Repository
uses: actions/checkout@v4
with:
repository: ${{ inputs.repo }}
ref: ${{ inputs.ref }}
persist-credentials: "false"
fetch-depth: 0
- name: Download Submodules
uses: actions/download-artifact@v4
with:
pattern: repo-*
path: modules
- name: Move mkdocs-material-insiders to mkdocs-material
run: |
rmdir modules/mkdocs-material
mv modules/repo-mkdocs-material-insiders modules/mkdocs-material
- name: Move brand submodule to theme/assets/brand
run: |
rmdir theme/assets/brand
mv modules/repo-brand theme/assets/brand
- name: Install Python (pipenv)
uses: actions/setup-python@v5
with:
cache: "pipenv"
- name: Install Python Dependencies
run: |
pip install pipenv
pipenv install
sudo apt install pngquant
- name: Generate Donating Members List
env:
MEMBERS_API_URL: ${{ secrets.MEMBERS_API_URL }}
continue-on-error: true
run: |
pip install requests
python tools/generate-members.py > includes/members.md
- name: Build English
run: |
./run.sh --build --production --insiders --offline --lang=en
- name: Run generate-topics.sh for top posts
run: |
bash tools/generate-topics.sh \
--source='https://discuss.privacyguides.net/top.json?period=weekly' \
--tag="top posts" \
--destination="./site/en/index.html" \
--count=3
- name: Run generate-topics.sh for latest posts
run: |
bash tools/generate-topics.sh \
--source='https://discuss.privacyguides.net/latest.json' \
--tag="latest posts" \
--destination="./site/en/index.html" \
--count=12
- name: Delete Unreferenced Assets
run: |
bash tools/delete-unreferenced.sh
env:
ASSETS_DIR: site/en/assets
SEARCH_DIR: site/en
- name: Remove Duplicate Files
run: |
cd site && bash ../tools/symlink-duplicates.sh
ln -s en/index.html index.html
ln -s en/about/notices.html license
cd ..
- name: Set zimfile name
run: |
echo "ZIMFILE_NAME=privacyguides.org_en_kb_$(date +%Y)-$(date +%m).zim" >> "$GITHUB_ENV"
- name: List Files (for debugging)
run: |
ls -la site/
- name: Create ZIM File
uses: kohlerdominik/docker-run-action@44bd2138ca4f85c36b2fdc3966ef03518879f7f3
with:
image: ghcr.io/openzim/zim-tools:3.6.0
volumes: ${{ github.workspace }}:/data
run: |
zimwriterfs \
-w index.html \
-I en/assets/brand/logos/png/square/pg-yellow.png \
-l eng \
-t "Privacy Guides" \
-d "Knowledge base articles and recommendations from Privacy Guides." \
-c "Privacy Guides" \
-p "Privacy Guides" \
-e "https://www.privacyguides.org" \
-n "privacyguides.org_en_kb" \
/data/site/ /data/${{ env.ZIMFILE_NAME }}
- name: Upload ZIM File
uses: actions/upload-artifact@v4
with:
path: ${{ env.ZIMFILE_NAME }}
name: ${{ env.ZIMFILE_NAME }}
compression-level: 0
- name: Run zimcheck
uses: kohlerdominik/docker-run-action@44bd2138ca4f85c36b2fdc3966ef03518879f7f3
continue-on-error: true
with:
image: ghcr.io/openzim/zim-tools:3.6.0
volumes: ${{ github.workspace }}:/data
run: |
zimcheck /data/${{ env.ZIMFILE_NAME }}
package_eng_articles:
runs-on: ubuntu-latest
permissions:
contents: read
env:
MAIN_SITE_BASE_URL: https://www.privacyguides.org/en/
MAIN_SITE_ABOUT_URL: https://www.privacyguides.org/en/about/
MAIN_SITE_RECOMMENDATIONS_URL: https://www.privacyguides.org/en/tools/
MAIN_SITE_KNOWLEDGE_BASE_URL: https://www.privacyguides.org/en/basics/
steps:
- name: Add GitHub Token to Environment
run: |
echo "GH_TOKEN=${{ secrets.GITHUB_TOKEN }}" >> "$GITHUB_ENV"
- name: Download Repository
uses: actions/checkout@v4
with:
repository: ${{ inputs.repo }}
ref: ${{ inputs.ref }}
persist-credentials: "false"
fetch-depth: 0
- name: Download Submodules
uses: actions/download-artifact@v4
with:
pattern: repo-*
path: modules
- name: Move mkdocs-material-insiders to mkdocs-material
run: |
rmdir modules/mkdocs-material
mv modules/repo-mkdocs-material-insiders modules/mkdocs-material
- name: Move brand submodule to theme/assets/brand
run: |
rmdir theme/assets/brand
mv modules/repo-brand theme/assets/brand
- name: Install Python (pipenv)
uses: actions/setup-python@v5
with:
cache: "pipenv"
- name: Install Python Dependencies
run: |
pip install pipenv
pipenv install
sudo apt install pngquant
- name: Build Articles
run: |
pipenv run mkdocs build --config-file mkdocs.blog.yml
- name: Delete Unreferenced Assets
run: |
bash tools/delete-unreferenced.sh
env:
ASSETS_DIR: site/articles/assets
SEARCH_DIR: site/articles
- name: Remove Duplicate Files
run: |
cd site && bash ../tools/symlink-duplicates.sh
ln -s articles/index.html index.html
cd ..
- name: Set zimfile name
run: |
echo "ZIMFILE_NAME=privacyguides.org_en_articles_$(date +%Y)-$(date +%m).zim" >> "$GITHUB_ENV"
- name: Create ZIM File
uses: kohlerdominik/docker-run-action@44bd2138ca4f85c36b2fdc3966ef03518879f7f3
with:
image: ghcr.io/openzim/zim-tools:3.6.0
volumes: ${{ github.workspace }}:/data
run: |
zimwriterfs \
-w index.html \
-I articles/assets/brand/logos/png/square/pg-yellow.png \
-l eng \
-t "Privacy Guides" \
-d "Long-form articles from the Privacy Guides team and other contributors." \
-c "Privacy Guides" \
-p "Privacy Guides" \
-e "https://www.privacyguides.org" \
-n "privacyguides.org_en_articles" \
/data/site/ /data/${{ env.ZIMFILE_NAME }}
- name: Upload ZIM File
uses: actions/upload-artifact@v4
with:
path: ${{ env.ZIMFILE_NAME }}
name: ${{ env.ZIMFILE_NAME }}
compression-level: 0
- name: Run zimcheck
uses: kohlerdominik/docker-run-action@44bd2138ca4f85c36b2fdc3966ef03518879f7f3
continue-on-error: true
with:
image: ghcr.io/openzim/zim-tools:3.6.0
volumes: ${{ github.workspace }}:/data
run: |
zimcheck /data/${{ env.ZIMFILE_NAME }}
build_mul:
runs-on: ubuntu-latest
continue-on-error: true
permissions:
contents: read
env:
MAIN_SITE_BASE_URL: /en/index.html
MAIN_SITE_ABOUT_URL: /en/about.html
MAIN_SITE_RECOMMENDATIONS_URL: /en/tools.html
MAIN_SITE_KNOWLEDGE_BASE_URL: /en/basics/why-privacy-matters.html
ARTICLES_SITE_BASE_URL: /articles/index.html
strategy:
matrix:
lang: [en, es, fr, he, it, nl, ru, zh-Hant]
steps:
- name: Add GitHub Token to Environment
run: |
echo "GH_TOKEN=${{ secrets.GITHUB_TOKEN }}" >> "$GITHUB_ENV"
- name: Download Repository
uses: actions/checkout@v4
with:
repository: ${{ inputs.repo }}
ref: ${{ inputs.ref }}
persist-credentials: "false"
fetch-depth: 0
- name: Download Submodules
uses: actions/download-artifact@v4
with:
pattern: repo-*
path: modules
- name: Move mkdocs-material-insiders to mkdocs-material
run: |
rmdir modules/mkdocs-material
mv modules/repo-mkdocs-material-insiders modules/mkdocs-material
- name: Move brand submodule to theme/assets/brand
run: |
rmdir theme/assets/brand
mv modules/repo-brand theme/assets/brand
- name: Copy Translation Files
if: matrix.lang != 'en'
run: |
cp -rl modules/repo-i18n/i18n .
cp -rl modules/repo-i18n/includes .
- name: Install Python (pipenv)
uses: actions/setup-python@v5
with:
cache: "pipenv"
- name: Install Python Dependencies
run: |
pip install pipenv
pipenv install
sudo apt install pngquant
- name: Generate Donating Members List
env:
MEMBERS_API_URL: ${{ secrets.MEMBERS_API_URL }}
continue-on-error: true
run: |
pip install requests
python tools/generate-members.py > includes/members.md
- name: Build Website
run: |
./run.sh --build --production --insiders --offline --lang=${{ matrix.lang }}
- name: Run generate-topics.sh for top posts
if: matrix.lang == 'en'
run: |
bash tools/generate-topics.sh \
--source='https://discuss.privacyguides.net/top.json?period=weekly' \
--tag="top posts" \
--destination="./site/en/index.html" \
--count=3
- name: Run generate-topics.sh for latest posts
if: matrix.lang == 'en'
run: |
bash tools/generate-topics.sh \
--source='https://discuss.privacyguides.net/latest.json' \
--tag="latest posts" \
--destination="./site/en/index.html" \
--count=12
- name: Delete Unreferenced Assets
run: |
bash tools/delete-unreferenced.sh
env:
ASSETS_DIR: site/${{ matrix.lang }}/assets
SEARCH_DIR: site/${{ matrix.lang }}
- name: Build Articles
if: matrix.lang == 'en'
run: |
pipenv run mkdocs build --config-file mkdocs.blog.yml
- name: Delete Unreferenced Assets
if: matrix.lang == 'en'
run: |
bash tools/delete-unreferenced.sh
env:
ASSETS_DIR: site/articles/assets
SEARCH_DIR: site/articles
- name: Package Website
run: |
tar -czf site-zimready-${{ matrix.lang }}.tar.gz site
- name: Upload Site
uses: actions/upload-artifact@v4
with:
name: site-zimready-${{ matrix.lang }}.tar.gz
path: site-zimready-${{ matrix.lang }}.tar.gz
retention-days: 1
compression-level: 0
package_mul:
runs-on: ubuntu-latest
needs: [build_mul]
permissions:
contents: read
steps:
- name: Download Repository
uses: actions/checkout@v4
with:
repository: ${{ inputs.repo }}
ref: ${{ inputs.ref }}
persist-credentials: "false"
fetch-depth: 0
- name: Download All Sites
uses: actions/download-artifact@v4
with:
pattern: site-zimready-*
merge-multiple: true
- name: Extract Sites
run: |
for file in *.tar.gz; do tar -zxf "$file"; done
- name: Remove Duplicate Files
run: |
cd site && bash ../tools/symlink-duplicates.sh
ln -s en/index.html index.html
ln -s en/about/notices.html license
cd ..
- name: Set zimfile name
run: |
echo "ZIMFILE_NAME=privacyguides.org_mul_all_$(date +%Y)-$(date +%m).zim" >> "$GITHUB_ENV"
- name: List Files (for debugging)
run: |
ls -la site/
- name: Create ZIM File
uses: kohlerdominik/docker-run-action@44bd2138ca4f85c36b2fdc3966ef03518879f7f3
with:
image: ghcr.io/openzim/zim-tools:3.6.0
volumes: ${{ github.workspace }}:/data
run: |
zimwriterfs \
-w index.html \
-I en/assets/brand/logos/png/square/pg-yellow.png \
-l mul \
-t "Privacy Guides" \
-d "Your central privacy and security resource to protect yourself online." \
-c "Privacy Guides" \
-p "Privacy Guides" \
-e "https://www.privacyguides.org" \
-n "privacyguides.org_mul_all" \
/data/site/ /data/${{ env.ZIMFILE_NAME }}
- name: Upload ZIM File
uses: actions/upload-artifact@v4
with:
path: ${{ env.ZIMFILE_NAME }}
name: ${{ env.ZIMFILE_NAME }}
compression-level: 0
- name: Run zimcheck
uses: kohlerdominik/docker-run-action@44bd2138ca4f85c36b2fdc3966ef03518879f7f3
continue-on-error: true
with:
image: ghcr.io/openzim/zim-tools:3.6.0
volumes: ${{ github.workspace }}:/data
run: |
zimcheck /data/${{ env.ZIMFILE_NAME }}
.github/workflows/build.yml
+8 -216
View File
@@ -3,36 +3,15 @@ name: 🛠️ Build Website
on:
workflow_call:
inputs:
config:
type: string
default: build
ref:
required: true
type: string
repo:
required: true
type: string
lang:
type: string
default: en
context:
type: string
default: deploy-preview
continue-on-error:
type: boolean
default: true
privileged:
type: boolean
default: true
strict:
type: boolean
default: false
cache:
type: boolean
default: true
secrets:
MEMBERS_API_URL:
required: false
permissions:
contents: read
@@ -45,55 +24,6 @@ jobs:
contents: read
steps:
- name: Add GitHub Token to Environment
run: |
echo "GH_TOKEN=${{ secrets.GITHUB_TOKEN }}" >> "$GITHUB_ENV"
- name: Set Metadata
if: inputs.config == 'build'
run: |
{
echo "BUILD_CONTEXT=${{ inputs.context }}"
echo "EXTRA_FLAGS=""$EXTRA_FLAGS" --production""
} >> "$GITHUB_ENV"
- name: Set base navigation URLs for production build
if: inputs.context == 'production'
run: |
{
echo "MAIN_SITE_BASE_URL=https://www.privacyguides.org/en/"
echo "MAIN_SITE_ABOUT_URL=https://www.privacyguides.org/en/about/"
echo "MAIN_SITE_RECOMMENDATIONS_URL=https://www.privacyguides.org/en/tools/"
echo "MAIN_SITE_KNOWLEDGE_BASE_URL=https://www.privacyguides.org/en/basics/why-privacy-matters/"
echo "ARTICLES_SITE_BASE_URL=https://www.privacyguides.org/posts/tag/articles/"
echo "VIDEOS_SITE_BASE_URL=https://www.privacyguides.org/videos/"
echo "NEWS_SITE_BASE_URL=https://www.privacyguides.org/news/"
} >> "$GITHUB_ENV"
- name: Set Metadata for Privileged Builds
if: inputs.privileged
run: |
echo "BUILD_INSIDERS=true" >> "$GITHUB_ENV"
echo "EXTRA_FLAGS=""$EXTRA_FLAGS" --insiders"" >> "$GITHUB_ENV"
- name: Set Metadata for International Builds
if: inputs.lang != 'en'
run: |
echo "GITREVISIONDATE=false" >> "$GITHUB_ENV"
echo "GITAUTHORS=false" >> "$GITHUB_ENV"
- name: Set Metadata for Offline Mode
if: inputs.config == 'offline'
run: |
{
echo "EXTRA_FLAGS=""$EXTRA_FLAGS" --offline""
} >> "$GITHUB_ENV"
- name: Set Metadata for Strict Mode
if: inputs.strict
run: |
echo "EXTRA_FLAGS=""$EXTRA_FLAGS" --cmd_flags=--strict"" >> "$GITHUB_ENV"
- name: Download Repository
uses: actions/checkout@v4
with:
@@ -101,162 +31,24 @@ jobs:
ref: ${{ inputs.ref }}
persist-credentials: "false"
fetch-depth: 0
submodules: recursive
- name: Download Submodules
uses: actions/download-artifact@v4
- name: Setup Hugo
uses: peaceiris/actions-hugo@v3
with:
pattern: repo-*
path: modules
- name: Move mkdocs-material-insiders to mkdocs-material
if: inputs.privileged
run: |
rmdir modules/mkdocs-material
mv modules/repo-mkdocs-material-insiders modules/mkdocs-material
- name: Move brand submodule to theme/assets/brand
run: |
rmdir theme/assets/brand
mv modules/repo-brand theme/assets/brand
- name: Copy Translation Files
if: inputs.lang != 'en'
run: |
cp -rl modules/repo-i18n/i18n .
cp -rl modules/repo-i18n/includes .
- name: Install Python (pipenv)
if: inputs.privileged
uses: actions/setup-python@v5
with:
cache: "pipenv"
- name: Install Python (no pipenv)
if: ${{ !inputs.privileged }}
uses: actions/setup-python@v5
- name: Restore Privacy Plugin Cache
uses: actions/cache/restore@v4
id: privacy_cache_restore
if: inputs.cache
with:
key: privacy-cache-${{ inputs.repo }}-${{ hashfiles('.cache/plugin/privacy/**') }}
path: |
.cache/plugin/privacy
restore-keys: |
privacy-cache-${{ inputs.repo }}-
privacy-cache-privacyguides/privacyguides.org-
privacy-cache-
- name: Restore Social Plugin Cache
uses: actions/cache/restore@v4
id: social_cache_restore
if: inputs.cache
with:
key: social-cache-${{ inputs.repo }}-${{ inputs.lang }}-${{ hashfiles('.cache/plugin/social/manifest.json') }}
path: |
.cache/plugin/social/manifest.json
.cache/plugin/social/assets
restore-keys: |
social-cache-${{ inputs.repo }}-${{ inputs.lang }}-
social-cache-privacyguides/privacyguides.org-${{ inputs.lang }}-
- name: Install Python Dependencies
if: inputs.privileged
run: |
pip install pipenv
pipenv install
sudo apt install pngquant
- name: Install Python Dependencies (Unprivileged)
if: ${{ !inputs.privileged }}
run: |
pip install mkdocs-material
sudo apt install pngquant
echo "EXTRA_FLAGS=""$EXTRA_FLAGS" --cmd=mkdocs"" >> "$GITHUB_ENV"
- name: Generate Donating Members List
env:
MEMBERS_API_URL: ${{ secrets.MEMBERS_API_URL }}
continue-on-error: true
run: |
pip install requests
python tools/generate-members.py > includes/members.md
hugo-version: 'latest'
- name: Build Website
run: |
eval ./run.sh --build --lang=${{ inputs.lang }} "$EXTRA_FLAGS"
- name: Run generate-topics.sh for top posts
if: inputs.lang == 'en'
run: |
bash tools/generate-topics.sh \
--source='https://discuss.privacyguides.net/top.json?period=weekly' \
--tag="top posts" \
--destination="./site/en/index.html" \
--count=3
- name: Run generate-topics.sh for latest posts
if: inputs.lang == 'en'
run: |
bash tools/generate-topics.sh \
--source='https://discuss.privacyguides.net/latest.json' \
--tag="latest posts" \
--destination="./site/en/index.html" \
--count=12
hugo
- name: Package Website
run: |
tar -czf site-${{ inputs.config }}-${{ inputs.lang }}.tar.gz site
- name: Find Privacy Plugin Cache
uses: actions/cache/restore@v4
if: steps.privacy_cache_restore.outputs.cache-hit != 'true' && inputs.cache
id: privacy_cache_test
with:
key: privacy-cache-privacyguides/privacyguides.org-${{ hashfiles('.cache/plugin/privacy/**') }}
lookup-only: true
path: |
.cache/plugin/privacy
- name: Find Social Plugin Cache
uses: actions/cache/restore@v4
if: steps.social_cache_restore.outputs.cache-hit != 'true' && inputs.cache
id: social_cache_test
with:
key: social-cache-privacyguides/privacyguides.org-${{ inputs.lang }}-${{ hashfiles('.cache/plugin/social/manifest.json') }}
lookup-only: true
path: |
.cache/plugin/social/manifest.json
.cache/plugin/social/assets
- name: Save Privacy Plugin Cache
uses: actions/cache/save@v4
if: steps.privacy_cache_test.outputs.cache-hit != 'true' && inputs.cache
with:
key: privacy-cache-${{ inputs.repo }}-${{ hashfiles('.cache/plugin/privacy/**') }}
path: .cache/plugin/privacy
- name: Save Social Plugin Cache
uses: actions/cache/save@v4
if: steps.social_cache_test.outputs.cache-hit != 'true' && inputs.cache
with:
key: social-cache-${{ inputs.repo }}-${{ inputs.lang }}-${{ hashfiles('.cache/plugin/social/manifest.json') }}
path: |
.cache/plugin/social/manifest.json
.cache/plugin/social/assets
tar -czf site-build.tar.gz public
- name: Upload Site
uses: actions/upload-artifact@v4
with:
name: site-${{ inputs.config }}-${{ inputs.lang }}.tar.gz
path: site-${{ inputs.config }}-${{ inputs.lang }}.tar.gz
retention-days: 1
- name: Upload members list
uses: actions/upload-artifact@v4
if: inputs.config == 'build' && inputs.lang == 'en'
with:
name: members.md
path: includes/members.md
name: site-build.tar.gz
path: site-build.tar.gz
retention-days: 1
.github/workflows/publish-immediate.yml
-75
View File
@@ -1,75 +0,0 @@
# Copyright (c) 2021-2025 Jonah Aragon <jonah@triplebit.net>
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to
# deal in the Software without restriction, including without limitation the
# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
# sell copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
# IN THE SOFTWARE.
name: 📦 Immediate Releases
on:
workflow_dispatch:
push:
branches:
- "main"
paths:
- "blog/**"
concurrency:
group: release-deployment
cancel-in-progress: false
permissions:
contents: write
pages: write
id-token: write
deployments: write
jobs:
submodule:
strategy:
matrix:
repo: [mkdocs-material-insiders, brand]
uses: privacyguides/.github/.github/workflows/download-repo.yml@main
with:
repo: ${{ matrix.repo }}
secrets:
ACTIONS_SSH_KEY: ${{ secrets.ACTIONS_SSH_KEY }}
build_blog:
needs: submodule
permissions:
contents: read
uses: ./.github/workflows/build-blog.yml
with:
repo: ${{ github.repository }}
ref: ${{ github.ref }}
continue-on-error: false
context: production
deploy:
needs: [build_blog]
uses: privacyguides/webserver/.github/workflows/deploy-garage.yml@main
with:
environment: production
secrets:
PROD_GARAGE_KEY_ID: ${{ secrets.PROD_GARAGE_KEY_ID }}
PROD_GARAGE_SECRET_KEY: ${{ secrets.PROD_GARAGE_SECRET_KEY }}
cleanup:
if: ${{ always() }}
needs: [build_blog]
uses: privacyguides/.github/.github/workflows/cleanup.yml@main
.github/workflows/publish-mirror.yml
-53
View File
@@ -1,53 +0,0 @@
# Copyright (c) 2022 Jonah Aragon <jonah@triplebit.net>
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to
# deal in the Software without restriction, including without limitation the
# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
# sell copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
# IN THE SOFTWARE.
name: 🪞 Push to Mirrors
permissions:
contents: read
on: [push, delete, create]
# Ensures that only one mirror task will run at a time.
concurrency:
group: git-mirror
jobs:
gitlab:
runs-on: ubuntu-latest
steps:
- name: Mirror to GitLab
uses: wearerequired/git-mirror-action@v1
env:
SSH_PRIVATE_KEY: ${{ secrets.ACTIONS_SSH_KEY }}
with:
source-repo: "git@github.com:privacyguides/privacyguides.org.git"
destination-repo: "git@gitlab.com:privacyguides/privacyguides.org.git"
codeberg:
runs-on: ubuntu-latest
steps:
- name: Mirror to Codeberg
uses: wearerequired/git-mirror-action@v1
env:
SSH_PRIVATE_KEY: ${{ secrets.ACTIONS_SSH_KEY }}
with:
source-repo: "git@github.com:privacyguides/privacyguides.org.git"
destination-repo: "git@codeberg.org:privacyguides/privacyguides.org.git"
.github/workflows/publish-pr.yml
+28 -25
View File
@@ -93,26 +93,44 @@ jobs:
needs: metadata
permissions:
contents: read
runs-on: ubuntu-latest
outputs:
address: ${{ steps.deployment.outputs.address }}
steps:
- uses: actions/download-artifact@v4
with:
pattern: site-build-combined.tar.gz
merge-multiple: true
uses: privacyguides/webserver/.github/workflows/deploy-garage-preview.yml@main
with:
alias: ${{ needs.metadata.outputs.pr_number }}
bucket: ${{ vars.PREVIEW_GARAGE_BUCKET }}
hostname: ${{ vars.PREVIEW_GARAGE_HOSTNAME }}
secrets:
PREVIEW_GARAGE_KEY_ID: ${{ secrets.PREVIEW_GARAGE_KEY_ID }}
PREVIEW_GARAGE_SECRET_KEY: ${{ secrets.PREVIEW_GARAGE_SECRET_KEY }}
- run: |
for file in *.tar.gz; do tar -zxf "$file"; done
ls -la public/
- name: Limit length of site alias to 12
run: echo "SHORT_ALIAS=$(echo "${{ needs.metadata.outputs.pr_number }}" | cut -c1-12)" >> "$GITHUB_ENV"
- uses: hkdobrev/minio-deploy-action@v1
with:
endpoint: https://${{ vars.PREVIEW_GARAGE_HOSTNAME }}
bucket: ${{ vars.PREVIEW_GARAGE_BUCKET }}
access_key: ${{ secrets.PREVIEW_GARAGE_KEY_ID }}
secret_key: ${{ secrets.PREVIEW_GARAGE_SECRET_KEY }}
source_dir: "public/"
target_dir: "/${{ env.SHORT_ALIAS }}/"
- id: deployment
run: |
echo "address=https://pr${{ env.SHORT_ALIAS }}.unreviewed.privacyguides.dev/en/" >> "$GITHUB_OUTPUT"
comment:
permissions:
pull-requests: write
needs: [deploy_garage, metadata]
needs: deploy_garage
runs-on: ubuntu-latest
env:
address: ${{ needs.deploy_garage.outputs.address }}
steps:
- uses: thollander/actions-comment-pull-request@v2.5.0
if: ${{ needs.metadata.outputs.privileged == 'true' }}
with:
pr_number: ${{ needs.metadata.outputs.pr_number }}
message: |
@@ -123,18 +141,3 @@ jobs:
| <span aria-hidden="true">🔨</span> Latest commit | ${{ needs.metadata.outputs.sha }} |
| <span aria-hidden="true">😎</span> Preview | ${{ env.address }} |
comment_tag: deployment
- uses: thollander/actions-comment-pull-request@v2.5.0
if: ${{ needs.metadata.outputs.privileged == 'false' }}
with:
pr_number: ${{ needs.metadata.outputs.pr_number }}
message: |
### <span aria-hidden="true">✅</span> Your preview is ready!
| Name | Link |
| :---: | ---- |
| <span aria-hidden="true">🔨</span> Latest commit | ${{ needs.metadata.outputs.sha }} |
| <span aria-hidden="true">😎</span> Preview | ${{ env.address }} |
Please note that this preview was built from an untrusted source, so it was not granted access to all mkdocs-material features. Maintainers should ensure this PR has been reviewed locally with a full build before merging.
comment_tag: deployment
.github/workflows/publish-release.yml
-127
View File
@@ -1,127 +0,0 @@
# Copyright (c) 2021-2024 Jonah Aragon <jonah@triplebit.net>
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to
# deal in the Software without restriction, including without limitation the
# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
# sell copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
# IN THE SOFTWARE.
name: 📦 Release
on:
push:
tags:
- "*"
concurrency:
group: release-deployment
cancel-in-progress: true
permissions:
contents: write
pages: write
id-token: write
deployments: write
jobs:
submodule:
strategy:
matrix:
repo: [mkdocs-material-insiders, brand, i18n]
uses: privacyguides/.github/.github/workflows/download-repo.yml@main
with:
repo: ${{ matrix.repo }}
secrets:
ACTIONS_SSH_KEY: ${{ secrets.ACTIONS_SSH_KEY }}
build:
needs: submodule
strategy:
matrix:
lang: [en, es, fr, he, it, nl, ru, zh-Hant, zh-TW]
build: [build]
permissions:
contents: read
uses: ./.github/workflows/build.yml
with:
config: ${{ matrix.build }}
ref: ${{ github.ref }}
repo: ${{ github.repository }}
lang: ${{ matrix.lang }}
context: production
continue-on-error: false
cache: false
secrets:
MEMBERS_API_URL: ${{ secrets.MEMBERS_API_URL }}
build_blog:
needs: submodule
permissions:
contents: read
uses: ./.github/workflows/build-blog.yml
with:
repo: ${{ github.repository }}
ref: ${{ github.ref }}
continue-on-error: false
context: production
build_zimfile:
needs: submodule
permissions:
contents: read
uses: ./.github/workflows/build-zimfile.yml
with:
repo: ${{ github.repository }}
ref: ${{ github.ref }}
release:
name: Create release notes
needs: [build, build_zimfile]
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- uses: actions/download-artifact@v4
with:
pattern: "*.zim"
merge-multiple: true
- name: Create release notes
uses: ncipollo/release-action@v1
with:
generateReleaseNotes: true
artifacts: "*.zim"
makeLatest: true
deploy:
needs: [build, build_blog]
uses: privacyguides/webserver/.github/workflows/deploy-all.yml@main
secrets:
PROD_MINIO_KEY_ID: ${{ secrets.PROD_MINIO_KEY_ID }}
PROD_MINIO_SECRET_KEY: ${{ secrets.PROD_MINIO_SECRET_KEY }}
PROD_GARAGE_KEY_ID: ${{ secrets.PROD_GARAGE_KEY_ID }}
PROD_GARAGE_SECRET_KEY: ${{ secrets.PROD_GARAGE_SECRET_KEY }}
CF_API_TOKEN: ${{ secrets.CF_API_TOKEN }}
CF_ACCOUNT_ID: ${{ secrets.CF_ACCOUNT_ID }}
CLUSTER_USERNAME: ${{ secrets.CLUSTER_USERNAME }}
CLUSTER_PASSWORD: ${{ secrets.CLUSTER_PASSWORD }}
CLOUDFLARE_ZONE: ${{ secrets.CLOUDFLARE_ZONE }}
CLOUDFLARE_TOKEN: ${{ secrets.CLOUDFLARE_TOKEN }}
cleanup:
if: ${{ always() }}
needs: [build, build_blog, build_zimfile]
uses: privacyguides/.github/.github/workflows/cleanup.yml@main
.github/workflows/test-build.yml
-62
View File
@@ -1,62 +0,0 @@
# Copyright (c) 2024 Jonah Aragon <jonah@triplebit.net>
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to
# deal in the Software without restriction, including without limitation the
# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
# sell copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
# IN THE SOFTWARE.
name: 📦 Manual Test Build
on:
workflow_dispatch:
permissions:
contents: read
jobs:
submodule:
strategy:
matrix:
repo: [mkdocs-material-insiders, brand, i18n]
uses: privacyguides/.github/.github/workflows/download-repo.yml@main
with:
repo: ${{ matrix.repo }}
secrets:
ACTIONS_SSH_KEY: ${{ secrets.ACTIONS_SSH_KEY }}
build:
needs: submodule
strategy:
matrix:
lang: [en, fr, he]
build: [build, offline]
fail-fast: false
permissions:
contents: read
uses: ./.github/workflows/build.yml
with:
config: ${{ matrix.build }}
ref: ${{ github.ref }}
repo: ${{ github.repository }}
lang: ${{ matrix.lang }}
continue-on-error: true
secrets:
MEMBERS_API_URL: ${{ secrets.MEMBERS_API_URL }}
cleanup:
if: ${{ always() }}
needs: build
uses: privacyguides/.github/.github/workflows/cleanup.yml@main
.github/workflows/test-lint.yml
-131
View File
@@ -1,131 +0,0 @@
# Copyright (c) 2024 Jonah Aragon <jonah@triplebit.net>
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to
# deal in the Software without restriction, including without limitation the
# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
# sell copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
# IN THE SOFTWARE.
name: 🤖 Linting
permissions:
contents: read
on:
workflow_dispatch:
pull_request:
branches:
- main
push:
concurrency:
group: ${{ github.ref }}-${{ github.workflow }}
cancel-in-progress: true
env:
MAIN_BRANCH: ${{ github.event_name == 'push' }}
jobs:
megalinter:
name: MegaLinter
runs-on: ubuntu-latest
steps:
- if: ${{ env.MAIN_BRANCH }}
uses: actions/checkout@v4
- if: ${{ env.MAIN_BRANCH == 0 }}
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Configure markdown-link-check
run: |
cat <<EOT >> .markdown-link-check.json
{
"ignorePatterns": [
{
"pattern": "^https://twitter.com"
},
{
"pattern": "^https://reddit.com"
},
{
"pattern": "^#_"
},
{
"pattern": ".onion"
},
{
"pattern": "^https://en.opensuse.org"
},
{
"pattern": "^https://quad9.net"
},
{
"pattern": "^https://dnscrypt.info"
},
{
"pattern": "^https://pipewire.org"
}
],
"replacementPatterns": [
{
"pattern": "^assets/",
"replacement": "https://www.privacyguides.org/en/assets/"
},
{
"pattern": "^(../)*assets/",
"replacement": "https://www.privacyguides.org/en/assets/"
},
{
"pattern": "^/",
"replacement": "https://www.privacyguides.org/"
}
],
"retryOn429": true,
"retryCount": 5,
"aliveStatusCodes": [200, 206, 403]
}
EOT
- id: ml
# You can override MegaLinter flavor used to have faster performances
# More info at https://megalinter.io/flavors/
uses: oxsecurity/megalinter/flavors/documentation@v8.0.0
env:
# All available variables are described in documentation
# https://megalinter.io/configuration/
# Validates all source when push on main, else just the git diff with main.
VALIDATE_ALL_CODEBASE: ${{ env.MAIN_BRANCH }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# ADD YOUR CUSTOM ENV VARIABLES HERE OR DEFINE THEM IN A FILE .mega-linter.yml AT THE ROOT OF YOUR REPOSITORY
DISABLE: COPYPASTE,SPELL,HTML
DISABLE_LINTERS: JSON_JSONLINT,MARKDOWN_MARKDOWN_TABLE_FORMATTER
DISABLE_ERRORS_LINTERS: CSS_STYLELINT,MARKDOWN_MARKDOWN_LINK_CHECK,YAML_YAMLLINT,DOCKERFILE_HADOLINT,REPOSITORY_TRIVY,REPOSITORY_CHECKOV,REPOSITORY_GITLEAKS
EDITORCONFIG_EDITORCONFIG_CHECKER_ARGUMENTS: -disable-indentation
ENV_DOTENV_LINTER_ARGUMENTS: "--skip QuoteCharacter"
MARKDOWN_MARKDOWN_LINK_CHECK_FILTER_REGEX_INCLUDE: (docs)
MARKDOWN_MARKDOWNLINT_CONFIG_FILE: .markdownlint.yml
MARKDOWN_MARKDOWNLINT_FILTER_REGEX_EXCLUDE: (PULL_REQUEST_TEMPLATE\.md)
# Upload MegaLinter artifacts
- name: Archive production artifacts
if: success() || failure()
uses: actions/upload-artifact@v4
with:
name: MegaLinter reports
path: |
megalinter-reports
mega-linter.log
.github/workflows/update-discussions.yml
-82
View File
@@ -1,82 +0,0 @@
# Copyright (c) 2024 Jonah Aragon <jonah@triplebit.net>
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to
# deal in the Software without restriction, including without limitation the
# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
# sell copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
# IN THE SOFTWARE.
name: 🔄 Update Discussions
on:
workflow_dispatch:
schedule:
- cron: "*/30 * * * *"
permissions:
contents: read
jobs:
generate:
runs-on: ubuntu-latest
permissions:
contents: read
environment:
name: production
steps:
- name: Checkout
uses: actions/checkout@v4
with:
persist-credentials: "false"
fetch-depth: 1
- name: Create site/en directory
run: mkdir -p site/en
- name: Update Discussions
uses: yakubique/minio-download@v1.1.1
with:
endpoint: https://${{ vars.PROD_GARAGE_HOSTNAME }}
access_key: ${{ secrets.PROD_GARAGE_KEY_ID }}
secret_key: ${{ secrets.PROD_GARAGE_SECRET_KEY }}
bucket: ${{ vars.PROD_GARAGE_BUCKET }}
source: /en/index.html
target: ./site/en/
- name: Run generate-topics.sh for top posts
run: |
bash tools/generate-topics.sh \
--source='https://discuss.privacyguides.net/top.json?period=weekly' \
--tag="top posts" \
--destination="./site/en/index.html" \
--count=3
- name: Run generate-topics.sh for latest posts
run: |
bash tools/generate-topics.sh \
--source='https://discuss.privacyguides.net/latest.json' \
--tag="latest posts" \
--destination="./site/en/index.html" \
--count=12
- name: Upload modified index
uses: yakubique/minio-upload@v1.1.3
with:
endpoint: https://${{ vars.PROD_GARAGE_HOSTNAME }}
access_key: ${{ secrets.PROD_GARAGE_KEY_ID }}
secret_key: ${{ secrets.PROD_GARAGE_SECRET_KEY }}
bucket: ${{ vars.PROD_GARAGE_BUCKET }}
source: ./site/en/index.html
target: /en/index.html
.github/workflows/upload-crowdin.yml
-53
View File
@@ -1,53 +0,0 @@
# Copyright (c) 2022-2024 Jonah Aragon <jonah@triplebit.net>
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to
# deal in the Software without restriction, including without limitation the
# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
# sell copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
# IN THE SOFTWARE.
name: 💬 Crowdin Upload
permissions:
contents: read
on:
workflow_dispatch:
push:
branches: [main]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
synchronize-with-crowdin:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: crowdin action
uses: crowdin/github-action@v2.2.0
with:
upload_sources: true
upload_sources_args: "--auto-update --delete-obsolete"
download_translations: false
config: crowdin.yml
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
CROWDIN_PROJECT_ID: ${{ secrets.CROWDIN_PROJECT_ID }}
CROWDIN_PERSONAL_TOKEN: ${{ secrets.CROWDIN_PERSONAL_TOKEN }}
.vscode/extensions.json
Vendored
+12 -3
View File
@@ -5,8 +5,17 @@
// List of extensions which should be recommended for users of this workspace.
"recommendations": [
"mhutchie.git-graph",
"esbenp.prettier-vscode",
"tamasfe.even-better-toml",
"budparr.language-hugo-vscode"
"esbenp.prettier-vscode",
"tamasfe.even-better-toml",
"budparr.language-hugo-vscode",
"EditorConfig.EditorConfig",
"github.vscode-github-actions",
"bierner.github-markdown-preview",
"ms-vsliveshare.vsliveshare",
"ltex-plus.vscode-ltex-plus",
"yzhang.markdown-all-in-one",
"redhat.vscode-yaml",
"rvben.rumdl",
"kaellarkin.hugo-shortcode-syntax"
]
}