diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index 38bc948b..7d0f866b 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -13,7 +13,16 @@ "mhutchie.git-graph", "esbenp.prettier-vscode", "tamasfe.even-better-toml", - "budparr.language-hugo-vscode" + "budparr.language-hugo-vscode", + "EditorConfig.EditorConfig", + "github.vscode-github-actions", + "bierner.github-markdown-preview", + "ms-vsliveshare.vsliveshare", + "ltex-plus.vscode-ltex-plus", + "yzhang.markdown-all-in-one", + "redhat.vscode-yaml", + "rvben.rumdl", + "kaellarkin.hugo-shortcode-syntax" ] } }, diff --git a/.github/workflows/build-blog.yml b/.github/workflows/build-blog.yml deleted file mode 100644 index 5281c152..00000000 --- a/.github/workflows/build-blog.yml +++ /dev/null @@ -1,117 +0,0 @@ -name: 🛠️ Build Blog - -on: - workflow_call: - inputs: - ref: - required: true - type: string - repo: - required: true - type: string - context: - type: string - default: deploy-preview - continue-on-error: - type: boolean - default: true - privileged: - type: boolean - default: true - -permissions: - contents: read - -jobs: - build: - runs-on: ubuntu-latest - continue-on-error: ${{ inputs.continue-on-error }} - permissions: - contents: read - - steps: - - name: Add GitHub Token to Environment - run: | - echo "GH_TOKEN=${{ secrets.GITHUB_TOKEN }}" >> "$GITHUB_ENV" - - - name: Download Repository - uses: actions/checkout@v4 - with: - repository: ${{ inputs.repo }} - ref: ${{ inputs.ref }} - persist-credentials: "false" - fetch-depth: 0 - - - name: Download Submodules - uses: actions/download-artifact@v4 - with: - pattern: repo-* - path: modules - - - name: Move mkdocs-material-insiders to mkdocs-material - if: inputs.privileged - run: | - rmdir modules/mkdocs-material - mv modules/repo-mkdocs-material-insiders modules/mkdocs-material - - - name: Move brand submodule to theme/assets/brand - run: | - rmdir theme/assets/brand - mv modules/repo-brand theme/assets/brand - - - name: Install Python (pipenv) - if: inputs.privileged - uses: actions/setup-python@v5 - with: - cache: "pipenv" - - - name: Install Python (no pipenv) - if: ${{ !inputs.privileged }} - uses: actions/setup-python@v5 - - - name: Install Python Dependencies - if: inputs.privileged - run: | - pip install pipenv - pipenv install - sudo apt install pngquant - - - name: Install Python Dependencies (Unprivileged) - if: ${{ !inputs.privileged }} - run: | - pip install mkdocs-material mkdocs-rss-plugin mkdocs-glightbox mkdocs-macros-plugin - sudo apt install pngquant - - - name: Set base navigation URLs for production build - if: inputs.context == 'production' - run: | - { - echo "MAIN_SITE_BASE_URL=https://www.privacyguides.org/en/" - echo "MAIN_SITE_ABOUT_URL=https://www.privacyguides.org/en/about/" - echo "MAIN_SITE_RECOMMENDATIONS_URL=https://www.privacyguides.org/en/tools/" - echo "MAIN_SITE_KNOWLEDGE_BASE_URL=https://www.privacyguides.org/en/basics/why-privacy-matters/" - echo "ARTICLES_SITE_BASE_URL=https://www.privacyguides.org/posts/tag/articles/" - echo "VIDEOS_SITE_BASE_URL=https://www.privacyguides.org/videos/" - echo "NEWS_SITE_BASE_URL=https://www.privacyguides.org/news/" - } >> "$GITHUB_ENV" - - - name: Build Website (Privileged) - if: inputs.privileged - run: | - pipenv run mkdocs build --config-file mkdocs.blog.yml - - - name: Build Website (Unprivileged) - if: ${{ !inputs.privileged }} - run: | - BUILD_INSIDERS=false mkdocs build --config-file mkdocs.blog.yml - - - name: Package Website - run: | - tar -czf site-build-blog.tar.gz site - - - name: Upload Site - uses: actions/upload-artifact@v4 - with: - name: site-build-blog.tar.gz - path: site-build-blog.tar.gz - retention-days: 1 diff --git a/.github/workflows/build-container.yml b/.github/workflows/build-container.yml deleted file mode 100644 index 04d30b5e..00000000 --- a/.github/workflows/build-container.yml +++ /dev/null @@ -1,99 +0,0 @@ -name: ☁️ Build Container - -# Configures this workflow to run every release. -on: - release: - types: [published] - workflow_dispatch: - -concurrency: - group: container-build - cancel-in-progress: true - -permissions: - contents: read - packages: write - -# Defines two custom environment variables for the workflow. These are used for the Container registry domain, and a name for the Docker image that this workflow builds. -env: - REGISTRY: ghcr.io - IMAGE_NAME: ${{ github.repository }} - -# There is a single job in this workflow. It's configured to run on the latest available version of Ubuntu. -jobs: - submodule: - strategy: - matrix: - repo: [mkdocs-material-insiders, brand] - uses: privacyguides/.github/.github/workflows/download-repo.yml@main - with: - repo: ${{ matrix.repo }} - secrets: - ACTIONS_SSH_KEY: ${{ secrets.ACTIONS_SSH_KEY }} - - build-and-push-image: - needs: submodule - runs-on: ubuntu-latest - steps: - - name: Checkout repository - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - - uses: actions/download-artifact@v4 - with: - pattern: repo-* - path: modules - - - run: | - rm -rf modules/mkdocs-material - mv modules/repo-mkdocs-material-insiders modules/mkdocs-material - rm -rf theme/assets/brand - mv modules/repo-brand theme/assets/brand - - # Uses the `docker/login-action` action to log in to the Container registry registry using the account and password that will publish the packages. Once published, the packages are scoped to the account defined here. - - name: Log in to the Container registry - uses: docker/login-action@v3.3.0 - with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - # This step uses [docker/metadata-action](https://github.com/docker/metadata-action#about) to extract tags and labels that will be applied to the specified image. The `id` "meta" allows the output of this step to be referenced in a subsequent step. The `images` value provides the base name for the tags and labels. - - name: Extract metadata (tags, labels) for Docker - id: meta - uses: docker/metadata-action@v5.5.1 - with: - images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - tags: | - type=ref,event=branch - type=ref,event=tag - type=ref,event=pr - type=sha - flavor: | - latest=${{ github.event_name == 'release' }} - - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - # This step uses the `docker/build-push-action` action to build the image, based on your repository's `Dockerfile`. If the build succeeds, it pushes the image to GitHub Packages. - # It uses the `context` parameter to define the build's context as the set of files located in the specified path. For more information, see "[Usage](https://github.com/docker/build-push-action#usage)" in the README of the `docker/build-push-action` repository. - # It uses the `tags` and `labels` parameters to tag and label the image with the output from the "meta" step. - - name: Build and push Docker image - uses: docker/build-push-action@v6.9.0 - with: - context: . - push: true - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - platforms: linux/amd64,linux/arm64 - cache-from: type=gha - cache-to: type=gha,mode=max - - cleanup: - if: ${{ always() }} - needs: build-and-push-image - uses: privacyguides/.github/.github/workflows/cleanup.yml@main diff --git a/.github/workflows/build-pr.yml b/.github/workflows/build-pr.yml index bd6c5907..ebcc02e9 100644 --- a/.github/workflows/build-pr.yml +++ b/.github/workflows/build-pr.yml @@ -47,19 +47,7 @@ jobs: name: metadata path: metadata - submodule: - needs: metadata - strategy: - matrix: ${{ fromJson(needs.metadata.outputs.submodules) }} - uses: privacyguides/.github/.github/workflows/download-repo.yml@main - with: - repo: ${{ matrix.repo }} - privileged: ${{ fromJSON(needs.metadata.outputs.privileged) }} - secrets: - ACTIONS_SSH_KEY: ${{ secrets.ACTIONS_SSH_KEY }} - build_english: - needs: [submodule, metadata] strategy: matrix: lang: [en] @@ -68,76 +56,31 @@ jobs: with: ref: ${{github.event.pull_request.head.ref}} repo: ${{github.event.pull_request.head.repo.full_name}} - lang: en continue-on-error: false - privileged: ${{ fromJSON(needs.metadata.outputs.privileged) }} - strict: true - secrets: - MEMBERS_API_URL: ${{ secrets.MEMBERS_API_URL }} - - build_i18n: - if: ${{ contains(github.event.pull_request.labels.*.name, 'ci:build i18n') }} - needs: [submodule, metadata] - strategy: - matrix: - lang: [es, fr, he, it, nl, ru, zh-Hant, zh-TW] - fail-fast: false - uses: ./.github/workflows/build.yml - with: - ref: ${{github.event.pull_request.head.ref}} - repo: ${{github.event.pull_request.head.repo.full_name}} - lang: ${{ matrix.lang }} - continue-on-error: true - privileged: ${{ fromJSON(needs.metadata.outputs.privileged) }} - strict: true - secrets: - MEMBERS_API_URL: ${{ secrets.MEMBERS_API_URL }} - - build_blog: - if: ${{ contains(github.event.pull_request.labels.*.name, 'ci:build blog') }} - needs: [submodule, metadata] - uses: ./.github/workflows/build-blog.yml - with: - ref: ${{github.event.pull_request.head.ref}} - repo: ${{github.event.pull_request.head.repo.full_name}} - continue-on-error: true - privileged: ${{ fromJSON(needs.metadata.outputs.privileged) }} build_zimfile: if: ${{ contains(github.event.pull_request.labels.*.name, 'ci:build zimfile') }} - needs: [submodule, metadata] uses: ./.github/workflows/build-zimfile.yml with: ref: ${{github.event.pull_request.head.ref}} repo: ${{github.event.pull_request.head.repo.full_name}} combine_build: - needs: [build_english, build_i18n, build_blog] - if: | - (always() && !cancelled() && !failure()) && - needs.build_english.result == 'success' && - (needs.build_i18n.result == 'success' || needs.build_i18n.result == 'skipped') && - (needs.build_blog.result == 'success' || needs.build_blog.result == 'skipped') - + needs: build_english runs-on: ubuntu-latest steps: - uses: actions/download-artifact@v4 with: - pattern: site-build-* + pattern: site-build.tar.gz merge-multiple: true - run: | for file in *.tar.gz; do tar -zxf "$file"; done - ls -la site/ + ls -la public/ - name: Upload Site uses: actions/upload-artifact@v4 with: name: site-build-combined - path: site + path: public retention-days: 5 - - cleanup: - if: ${{ always() }} - needs: [build_english, build_i18n, build_blog, build_zimfile] - uses: privacyguides/.github/.github/workflows/cleanup.yml@main diff --git a/.github/workflows/build-zimfile.yml b/.github/workflows/build-zimfile.yml deleted file mode 100644 index ff3c2c37..00000000 --- a/.github/workflows/build-zimfile.yml +++ /dev/null @@ -1,609 +0,0 @@ -name: 🥝 Build Zimfile - -on: - workflow_call: - inputs: - ref: - required: true - type: string - repo: - required: true - type: string - -permissions: - contents: read - -env: - VIDEOS_SITE_BASE_URL: https://www.privacyguides.org/videos/ - NEWS_SITE_BASE_URL: https://www.privacyguides.org/news/ - HOMEPAGE_CTA_ABOUT_LINK: about.html - HOMEPAGE_CTA_DONATE_LINK: about/donate.html - BUILD_OFFLINE: true - PRODUCTION: true - CARDS: false - GITREVISIONDATE: false - GITAUTHORS: false - -jobs: - package_eng: - runs-on: ubuntu-latest - permissions: - contents: read - - env: - LANGUAGE_SWITCHER: false - MAIN_SITE_BASE_URL: /en/index.html - MAIN_SITE_ABOUT_URL: /en/about.html - MAIN_SITE_RECOMMENDATIONS_URL: /en/tools.html - MAIN_SITE_KNOWLEDGE_BASE_URL: /en/basics/why-privacy-matters.html - ARTICLES_SITE_BASE_URL: /articles/index.html - - steps: - - name: Add GitHub Token to Environment - run: | - echo "GH_TOKEN=${{ secrets.GITHUB_TOKEN }}" >> "$GITHUB_ENV" - - - name: Download Repository - uses: actions/checkout@v4 - with: - repository: ${{ inputs.repo }} - ref: ${{ inputs.ref }} - persist-credentials: "false" - fetch-depth: 0 - - - name: Download Submodules - uses: actions/download-artifact@v4 - with: - pattern: repo-* - path: modules - - - name: Move mkdocs-material-insiders to mkdocs-material - run: | - rmdir modules/mkdocs-material - mv modules/repo-mkdocs-material-insiders modules/mkdocs-material - - - name: Move brand submodule to theme/assets/brand - run: | - rmdir theme/assets/brand - mv modules/repo-brand theme/assets/brand - - - name: Install Python (pipenv) - uses: actions/setup-python@v5 - with: - cache: "pipenv" - - - name: Install Python Dependencies - run: | - pip install pipenv - pipenv install - sudo apt install pngquant - - - name: Generate Donating Members List - env: - MEMBERS_API_URL: ${{ secrets.MEMBERS_API_URL }} - continue-on-error: true - run: | - pip install requests - python tools/generate-members.py > includes/members.md - - - name: Build English - run: | - ./run.sh --build --production --insiders --offline --lang=en - - - name: Delete Unreferenced Assets - run: | - bash tools/delete-unreferenced.sh - env: - ASSETS_DIR: site/en/assets - SEARCH_DIR: site/en - - - name: Run generate-topics.sh for top posts - run: | - bash tools/generate-topics.sh \ - --source='https://discuss.privacyguides.net/top.json?period=weekly' \ - --tag="top posts" \ - --destination="./site/en/index.html" \ - --count=3 - - - name: Run generate-topics.sh for latest posts - run: | - bash tools/generate-topics.sh \ - --source='https://discuss.privacyguides.net/latest.json' \ - --tag="latest posts" \ - --destination="./site/en/index.html" \ - --count=12 - - - name: Build Articles - run: | - pipenv run mkdocs build --config-file mkdocs.blog.yml - - - name: Delete Unreferenced Assets - run: | - bash tools/delete-unreferenced.sh - env: - ASSETS_DIR: site/articles/assets - SEARCH_DIR: site/articles - - - name: Remove Duplicate Files - run: | - cd site && bash ../tools/symlink-duplicates.sh - ln -s en/index.html index.html - ln -s en/about/notices.html license - cd .. - - - name: Set zimfile name - run: | - echo "ZIMFILE_NAME=privacyguides.org_en_all_$(date +%Y)-$(date +%m).zim" >> "$GITHUB_ENV" - - - name: Create ZIM File - uses: kohlerdominik/docker-run-action@44bd2138ca4f85c36b2fdc3966ef03518879f7f3 - with: - image: ghcr.io/openzim/zim-tools:3.6.0 - volumes: ${{ github.workspace }}:/data - run: | - zimwriterfs \ - -w index.html \ - -I en/assets/brand/logos/png/square/pg-yellow.png \ - -l eng \ - -t "Privacy Guides" \ - -d "Your central privacy and security resource to protect yourself online." \ - -c "Privacy Guides" \ - -p "Privacy Guides" \ - -e "https://www.privacyguides.org" \ - -n "privacyguides.org_en_all" \ - /data/site/ /data/${{ env.ZIMFILE_NAME }} - - - name: Upload ZIM File - uses: actions/upload-artifact@v4 - with: - path: ${{ env.ZIMFILE_NAME }} - name: ${{ env.ZIMFILE_NAME }} - compression-level: 0 - - - name: Run zimcheck - uses: kohlerdominik/docker-run-action@44bd2138ca4f85c36b2fdc3966ef03518879f7f3 - continue-on-error: true - with: - image: ghcr.io/openzim/zim-tools:3.6.0 - volumes: ${{ github.workspace }}:/data - run: | - zimcheck /data/${{ env.ZIMFILE_NAME }} - - package_eng_kb: - runs-on: ubuntu-latest - permissions: - contents: read - - env: - LANGUAGE_SWITCHER: false - ARTICLES_SITE_BASE_URL: https://www.privacyguides.org/posts/tag/articles/ - NEWS_SITE_BASE_URL: https://www.privacyguides.org/news/ - - steps: - - name: Add GitHub Token to Environment - run: | - echo "GH_TOKEN=${{ secrets.GITHUB_TOKEN }}" >> "$GITHUB_ENV" - - - name: Download Repository - uses: actions/checkout@v4 - with: - repository: ${{ inputs.repo }} - ref: ${{ inputs.ref }} - persist-credentials: "false" - fetch-depth: 0 - - - name: Download Submodules - uses: actions/download-artifact@v4 - with: - pattern: repo-* - path: modules - - - name: Move mkdocs-material-insiders to mkdocs-material - run: | - rmdir modules/mkdocs-material - mv modules/repo-mkdocs-material-insiders modules/mkdocs-material - - - name: Move brand submodule to theme/assets/brand - run: | - rmdir theme/assets/brand - mv modules/repo-brand theme/assets/brand - - - name: Install Python (pipenv) - uses: actions/setup-python@v5 - with: - cache: "pipenv" - - - name: Install Python Dependencies - run: | - pip install pipenv - pipenv install - sudo apt install pngquant - - - name: Generate Donating Members List - env: - MEMBERS_API_URL: ${{ secrets.MEMBERS_API_URL }} - continue-on-error: true - run: | - pip install requests - python tools/generate-members.py > includes/members.md - - - name: Build English - run: | - ./run.sh --build --production --insiders --offline --lang=en - - - name: Run generate-topics.sh for top posts - run: | - bash tools/generate-topics.sh \ - --source='https://discuss.privacyguides.net/top.json?period=weekly' \ - --tag="top posts" \ - --destination="./site/en/index.html" \ - --count=3 - - - name: Run generate-topics.sh for latest posts - run: | - bash tools/generate-topics.sh \ - --source='https://discuss.privacyguides.net/latest.json' \ - --tag="latest posts" \ - --destination="./site/en/index.html" \ - --count=12 - - - name: Delete Unreferenced Assets - run: | - bash tools/delete-unreferenced.sh - env: - ASSETS_DIR: site/en/assets - SEARCH_DIR: site/en - - - name: Remove Duplicate Files - run: | - cd site && bash ../tools/symlink-duplicates.sh - ln -s en/index.html index.html - ln -s en/about/notices.html license - cd .. - - - name: Set zimfile name - run: | - echo "ZIMFILE_NAME=privacyguides.org_en_kb_$(date +%Y)-$(date +%m).zim" >> "$GITHUB_ENV" - - - name: List Files (for debugging) - run: | - ls -la site/ - - - name: Create ZIM File - uses: kohlerdominik/docker-run-action@44bd2138ca4f85c36b2fdc3966ef03518879f7f3 - with: - image: ghcr.io/openzim/zim-tools:3.6.0 - volumes: ${{ github.workspace }}:/data - run: | - zimwriterfs \ - -w index.html \ - -I en/assets/brand/logos/png/square/pg-yellow.png \ - -l eng \ - -t "Privacy Guides" \ - -d "Knowledge base articles and recommendations from Privacy Guides." \ - -c "Privacy Guides" \ - -p "Privacy Guides" \ - -e "https://www.privacyguides.org" \ - -n "privacyguides.org_en_kb" \ - /data/site/ /data/${{ env.ZIMFILE_NAME }} - - - name: Upload ZIM File - uses: actions/upload-artifact@v4 - with: - path: ${{ env.ZIMFILE_NAME }} - name: ${{ env.ZIMFILE_NAME }} - compression-level: 0 - - - name: Run zimcheck - uses: kohlerdominik/docker-run-action@44bd2138ca4f85c36b2fdc3966ef03518879f7f3 - continue-on-error: true - with: - image: ghcr.io/openzim/zim-tools:3.6.0 - volumes: ${{ github.workspace }}:/data - run: | - zimcheck /data/${{ env.ZIMFILE_NAME }} - - package_eng_articles: - runs-on: ubuntu-latest - permissions: - contents: read - - env: - MAIN_SITE_BASE_URL: https://www.privacyguides.org/en/ - MAIN_SITE_ABOUT_URL: https://www.privacyguides.org/en/about/ - MAIN_SITE_RECOMMENDATIONS_URL: https://www.privacyguides.org/en/tools/ - MAIN_SITE_KNOWLEDGE_BASE_URL: https://www.privacyguides.org/en/basics/ - - steps: - - name: Add GitHub Token to Environment - run: | - echo "GH_TOKEN=${{ secrets.GITHUB_TOKEN }}" >> "$GITHUB_ENV" - - - name: Download Repository - uses: actions/checkout@v4 - with: - repository: ${{ inputs.repo }} - ref: ${{ inputs.ref }} - persist-credentials: "false" - fetch-depth: 0 - - - name: Download Submodules - uses: actions/download-artifact@v4 - with: - pattern: repo-* - path: modules - - - name: Move mkdocs-material-insiders to mkdocs-material - run: | - rmdir modules/mkdocs-material - mv modules/repo-mkdocs-material-insiders modules/mkdocs-material - - - name: Move brand submodule to theme/assets/brand - run: | - rmdir theme/assets/brand - mv modules/repo-brand theme/assets/brand - - - name: Install Python (pipenv) - uses: actions/setup-python@v5 - with: - cache: "pipenv" - - - name: Install Python Dependencies - run: | - pip install pipenv - pipenv install - sudo apt install pngquant - - - name: Build Articles - run: | - pipenv run mkdocs build --config-file mkdocs.blog.yml - - - name: Delete Unreferenced Assets - run: | - bash tools/delete-unreferenced.sh - env: - ASSETS_DIR: site/articles/assets - SEARCH_DIR: site/articles - - - name: Remove Duplicate Files - run: | - cd site && bash ../tools/symlink-duplicates.sh - ln -s articles/index.html index.html - cd .. - - - name: Set zimfile name - run: | - echo "ZIMFILE_NAME=privacyguides.org_en_articles_$(date +%Y)-$(date +%m).zim" >> "$GITHUB_ENV" - - - name: Create ZIM File - uses: kohlerdominik/docker-run-action@44bd2138ca4f85c36b2fdc3966ef03518879f7f3 - with: - image: ghcr.io/openzim/zim-tools:3.6.0 - volumes: ${{ github.workspace }}:/data - run: | - zimwriterfs \ - -w index.html \ - -I articles/assets/brand/logos/png/square/pg-yellow.png \ - -l eng \ - -t "Privacy Guides" \ - -d "Long-form articles from the Privacy Guides team and other contributors." \ - -c "Privacy Guides" \ - -p "Privacy Guides" \ - -e "https://www.privacyguides.org" \ - -n "privacyguides.org_en_articles" \ - /data/site/ /data/${{ env.ZIMFILE_NAME }} - - - name: Upload ZIM File - uses: actions/upload-artifact@v4 - with: - path: ${{ env.ZIMFILE_NAME }} - name: ${{ env.ZIMFILE_NAME }} - compression-level: 0 - - - name: Run zimcheck - uses: kohlerdominik/docker-run-action@44bd2138ca4f85c36b2fdc3966ef03518879f7f3 - continue-on-error: true - with: - image: ghcr.io/openzim/zim-tools:3.6.0 - volumes: ${{ github.workspace }}:/data - run: | - zimcheck /data/${{ env.ZIMFILE_NAME }} - - build_mul: - runs-on: ubuntu-latest - continue-on-error: true - permissions: - contents: read - - env: - MAIN_SITE_BASE_URL: /en/index.html - MAIN_SITE_ABOUT_URL: /en/about.html - MAIN_SITE_RECOMMENDATIONS_URL: /en/tools.html - MAIN_SITE_KNOWLEDGE_BASE_URL: /en/basics/why-privacy-matters.html - ARTICLES_SITE_BASE_URL: /articles/index.html - - strategy: - matrix: - lang: [en, es, fr, he, it, nl, ru, zh-Hant] - - steps: - - name: Add GitHub Token to Environment - run: | - echo "GH_TOKEN=${{ secrets.GITHUB_TOKEN }}" >> "$GITHUB_ENV" - - - name: Download Repository - uses: actions/checkout@v4 - with: - repository: ${{ inputs.repo }} - ref: ${{ inputs.ref }} - persist-credentials: "false" - fetch-depth: 0 - - - name: Download Submodules - uses: actions/download-artifact@v4 - with: - pattern: repo-* - path: modules - - - name: Move mkdocs-material-insiders to mkdocs-material - run: | - rmdir modules/mkdocs-material - mv modules/repo-mkdocs-material-insiders modules/mkdocs-material - - - name: Move brand submodule to theme/assets/brand - run: | - rmdir theme/assets/brand - mv modules/repo-brand theme/assets/brand - - - name: Copy Translation Files - if: matrix.lang != 'en' - run: | - cp -rl modules/repo-i18n/i18n . - cp -rl modules/repo-i18n/includes . - - - name: Install Python (pipenv) - uses: actions/setup-python@v5 - with: - cache: "pipenv" - - - name: Install Python Dependencies - run: | - pip install pipenv - pipenv install - sudo apt install pngquant - - - name: Generate Donating Members List - env: - MEMBERS_API_URL: ${{ secrets.MEMBERS_API_URL }} - continue-on-error: true - run: | - pip install requests - python tools/generate-members.py > includes/members.md - - - name: Build Website - run: | - ./run.sh --build --production --insiders --offline --lang=${{ matrix.lang }} - - - name: Run generate-topics.sh for top posts - if: matrix.lang == 'en' - run: | - bash tools/generate-topics.sh \ - --source='https://discuss.privacyguides.net/top.json?period=weekly' \ - --tag="top posts" \ - --destination="./site/en/index.html" \ - --count=3 - - - name: Run generate-topics.sh for latest posts - if: matrix.lang == 'en' - run: | - bash tools/generate-topics.sh \ - --source='https://discuss.privacyguides.net/latest.json' \ - --tag="latest posts" \ - --destination="./site/en/index.html" \ - --count=12 - - - name: Delete Unreferenced Assets - run: | - bash tools/delete-unreferenced.sh - env: - ASSETS_DIR: site/${{ matrix.lang }}/assets - SEARCH_DIR: site/${{ matrix.lang }} - - - name: Build Articles - if: matrix.lang == 'en' - run: | - pipenv run mkdocs build --config-file mkdocs.blog.yml - - - name: Delete Unreferenced Assets - if: matrix.lang == 'en' - run: | - bash tools/delete-unreferenced.sh - env: - ASSETS_DIR: site/articles/assets - SEARCH_DIR: site/articles - - - name: Package Website - run: | - tar -czf site-zimready-${{ matrix.lang }}.tar.gz site - - - name: Upload Site - uses: actions/upload-artifact@v4 - with: - name: site-zimready-${{ matrix.lang }}.tar.gz - path: site-zimready-${{ matrix.lang }}.tar.gz - retention-days: 1 - compression-level: 0 - - package_mul: - runs-on: ubuntu-latest - needs: [build_mul] - permissions: - contents: read - - steps: - - name: Download Repository - uses: actions/checkout@v4 - with: - repository: ${{ inputs.repo }} - ref: ${{ inputs.ref }} - persist-credentials: "false" - fetch-depth: 0 - - - name: Download All Sites - uses: actions/download-artifact@v4 - with: - pattern: site-zimready-* - merge-multiple: true - - - name: Extract Sites - run: | - for file in *.tar.gz; do tar -zxf "$file"; done - - - name: Remove Duplicate Files - run: | - cd site && bash ../tools/symlink-duplicates.sh - ln -s en/index.html index.html - ln -s en/about/notices.html license - cd .. - - - name: Set zimfile name - run: | - echo "ZIMFILE_NAME=privacyguides.org_mul_all_$(date +%Y)-$(date +%m).zim" >> "$GITHUB_ENV" - - - name: List Files (for debugging) - run: | - ls -la site/ - - - name: Create ZIM File - uses: kohlerdominik/docker-run-action@44bd2138ca4f85c36b2fdc3966ef03518879f7f3 - with: - image: ghcr.io/openzim/zim-tools:3.6.0 - volumes: ${{ github.workspace }}:/data - run: | - zimwriterfs \ - -w index.html \ - -I en/assets/brand/logos/png/square/pg-yellow.png \ - -l mul \ - -t "Privacy Guides" \ - -d "Your central privacy and security resource to protect yourself online." \ - -c "Privacy Guides" \ - -p "Privacy Guides" \ - -e "https://www.privacyguides.org" \ - -n "privacyguides.org_mul_all" \ - /data/site/ /data/${{ env.ZIMFILE_NAME }} - - - name: Upload ZIM File - uses: actions/upload-artifact@v4 - with: - path: ${{ env.ZIMFILE_NAME }} - name: ${{ env.ZIMFILE_NAME }} - compression-level: 0 - - - name: Run zimcheck - uses: kohlerdominik/docker-run-action@44bd2138ca4f85c36b2fdc3966ef03518879f7f3 - continue-on-error: true - with: - image: ghcr.io/openzim/zim-tools:3.6.0 - volumes: ${{ github.workspace }}:/data - run: | - zimcheck /data/${{ env.ZIMFILE_NAME }} diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index a571d5ab..816654c8 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -3,36 +3,15 @@ name: 🛠️ Build Website on: workflow_call: inputs: - config: - type: string - default: build ref: required: true type: string repo: required: true type: string - lang: - type: string - default: en - context: - type: string - default: deploy-preview continue-on-error: type: boolean default: true - privileged: - type: boolean - default: true - strict: - type: boolean - default: false - cache: - type: boolean - default: true - secrets: - MEMBERS_API_URL: - required: false permissions: contents: read @@ -45,55 +24,6 @@ jobs: contents: read steps: - - name: Add GitHub Token to Environment - run: | - echo "GH_TOKEN=${{ secrets.GITHUB_TOKEN }}" >> "$GITHUB_ENV" - - - name: Set Metadata - if: inputs.config == 'build' - run: | - { - echo "BUILD_CONTEXT=${{ inputs.context }}" - echo "EXTRA_FLAGS=""$EXTRA_FLAGS" --production"" - } >> "$GITHUB_ENV" - - - name: Set base navigation URLs for production build - if: inputs.context == 'production' - run: | - { - echo "MAIN_SITE_BASE_URL=https://www.privacyguides.org/en/" - echo "MAIN_SITE_ABOUT_URL=https://www.privacyguides.org/en/about/" - echo "MAIN_SITE_RECOMMENDATIONS_URL=https://www.privacyguides.org/en/tools/" - echo "MAIN_SITE_KNOWLEDGE_BASE_URL=https://www.privacyguides.org/en/basics/why-privacy-matters/" - echo "ARTICLES_SITE_BASE_URL=https://www.privacyguides.org/posts/tag/articles/" - echo "VIDEOS_SITE_BASE_URL=https://www.privacyguides.org/videos/" - echo "NEWS_SITE_BASE_URL=https://www.privacyguides.org/news/" - } >> "$GITHUB_ENV" - - - name: Set Metadata for Privileged Builds - if: inputs.privileged - run: | - echo "BUILD_INSIDERS=true" >> "$GITHUB_ENV" - echo "EXTRA_FLAGS=""$EXTRA_FLAGS" --insiders"" >> "$GITHUB_ENV" - - - name: Set Metadata for International Builds - if: inputs.lang != 'en' - run: | - echo "GITREVISIONDATE=false" >> "$GITHUB_ENV" - echo "GITAUTHORS=false" >> "$GITHUB_ENV" - - - name: Set Metadata for Offline Mode - if: inputs.config == 'offline' - run: | - { - echo "EXTRA_FLAGS=""$EXTRA_FLAGS" --offline"" - } >> "$GITHUB_ENV" - - - name: Set Metadata for Strict Mode - if: inputs.strict - run: | - echo "EXTRA_FLAGS=""$EXTRA_FLAGS" --cmd_flags=--strict"" >> "$GITHUB_ENV" - - name: Download Repository uses: actions/checkout@v4 with: @@ -101,162 +31,24 @@ jobs: ref: ${{ inputs.ref }} persist-credentials: "false" fetch-depth: 0 + submodules: recursive - - name: Download Submodules - uses: actions/download-artifact@v4 + - name: Setup Hugo + uses: peaceiris/actions-hugo@v3 with: - pattern: repo-* - path: modules - - - name: Move mkdocs-material-insiders to mkdocs-material - if: inputs.privileged - run: | - rmdir modules/mkdocs-material - mv modules/repo-mkdocs-material-insiders modules/mkdocs-material - - - name: Move brand submodule to theme/assets/brand - run: | - rmdir theme/assets/brand - mv modules/repo-brand theme/assets/brand - - - name: Copy Translation Files - if: inputs.lang != 'en' - run: | - cp -rl modules/repo-i18n/i18n . - cp -rl modules/repo-i18n/includes . - - - name: Install Python (pipenv) - if: inputs.privileged - uses: actions/setup-python@v5 - with: - cache: "pipenv" - - - name: Install Python (no pipenv) - if: ${{ !inputs.privileged }} - uses: actions/setup-python@v5 - - - name: Restore Privacy Plugin Cache - uses: actions/cache/restore@v4 - id: privacy_cache_restore - if: inputs.cache - with: - key: privacy-cache-${{ inputs.repo }}-${{ hashfiles('.cache/plugin/privacy/**') }} - path: | - .cache/plugin/privacy - restore-keys: | - privacy-cache-${{ inputs.repo }}- - privacy-cache-privacyguides/privacyguides.org- - privacy-cache- - - - name: Restore Social Plugin Cache - uses: actions/cache/restore@v4 - id: social_cache_restore - if: inputs.cache - with: - key: social-cache-${{ inputs.repo }}-${{ inputs.lang }}-${{ hashfiles('.cache/plugin/social/manifest.json') }} - path: | - .cache/plugin/social/manifest.json - .cache/plugin/social/assets - restore-keys: | - social-cache-${{ inputs.repo }}-${{ inputs.lang }}- - social-cache-privacyguides/privacyguides.org-${{ inputs.lang }}- - - - name: Install Python Dependencies - if: inputs.privileged - run: | - pip install pipenv - pipenv install - sudo apt install pngquant - - - name: Install Python Dependencies (Unprivileged) - if: ${{ !inputs.privileged }} - run: | - pip install mkdocs-material - sudo apt install pngquant - echo "EXTRA_FLAGS=""$EXTRA_FLAGS" --cmd=mkdocs"" >> "$GITHUB_ENV" - - - name: Generate Donating Members List - env: - MEMBERS_API_URL: ${{ secrets.MEMBERS_API_URL }} - continue-on-error: true - run: | - pip install requests - python tools/generate-members.py > includes/members.md + hugo-version: 'latest' - name: Build Website run: | - eval ./run.sh --build --lang=${{ inputs.lang }} "$EXTRA_FLAGS" - - - name: Run generate-topics.sh for top posts - if: inputs.lang == 'en' - run: | - bash tools/generate-topics.sh \ - --source='https://discuss.privacyguides.net/top.json?period=weekly' \ - --tag="top posts" \ - --destination="./site/en/index.html" \ - --count=3 - - - name: Run generate-topics.sh for latest posts - if: inputs.lang == 'en' - run: | - bash tools/generate-topics.sh \ - --source='https://discuss.privacyguides.net/latest.json' \ - --tag="latest posts" \ - --destination="./site/en/index.html" \ - --count=12 + hugo - name: Package Website run: | - tar -czf site-${{ inputs.config }}-${{ inputs.lang }}.tar.gz site - - - name: Find Privacy Plugin Cache - uses: actions/cache/restore@v4 - if: steps.privacy_cache_restore.outputs.cache-hit != 'true' && inputs.cache - id: privacy_cache_test - with: - key: privacy-cache-privacyguides/privacyguides.org-${{ hashfiles('.cache/plugin/privacy/**') }} - lookup-only: true - path: | - .cache/plugin/privacy - - - name: Find Social Plugin Cache - uses: actions/cache/restore@v4 - if: steps.social_cache_restore.outputs.cache-hit != 'true' && inputs.cache - id: social_cache_test - with: - key: social-cache-privacyguides/privacyguides.org-${{ inputs.lang }}-${{ hashfiles('.cache/plugin/social/manifest.json') }} - lookup-only: true - path: | - .cache/plugin/social/manifest.json - .cache/plugin/social/assets - - - name: Save Privacy Plugin Cache - uses: actions/cache/save@v4 - if: steps.privacy_cache_test.outputs.cache-hit != 'true' && inputs.cache - with: - key: privacy-cache-${{ inputs.repo }}-${{ hashfiles('.cache/plugin/privacy/**') }} - path: .cache/plugin/privacy - - - name: Save Social Plugin Cache - uses: actions/cache/save@v4 - if: steps.social_cache_test.outputs.cache-hit != 'true' && inputs.cache - with: - key: social-cache-${{ inputs.repo }}-${{ inputs.lang }}-${{ hashfiles('.cache/plugin/social/manifest.json') }} - path: | - .cache/plugin/social/manifest.json - .cache/plugin/social/assets + tar -czf site-build.tar.gz public - name: Upload Site uses: actions/upload-artifact@v4 with: - name: site-${{ inputs.config }}-${{ inputs.lang }}.tar.gz - path: site-${{ inputs.config }}-${{ inputs.lang }}.tar.gz - retention-days: 1 - - - name: Upload members list - uses: actions/upload-artifact@v4 - if: inputs.config == 'build' && inputs.lang == 'en' - with: - name: members.md - path: includes/members.md + name: site-build.tar.gz + path: site-build.tar.gz retention-days: 1 diff --git a/.github/workflows/publish-immediate.yml b/.github/workflows/publish-immediate.yml deleted file mode 100644 index 41a9fb7d..00000000 --- a/.github/workflows/publish-immediate.yml +++ /dev/null @@ -1,75 +0,0 @@ -# Copyright (c) 2021-2025 Jonah Aragon - -# Permission is hereby granted, free of charge, to any person obtaining a copy -# of this software and associated documentation files (the "Software"), to -# deal in the Software without restriction, including without limitation the -# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or -# sell copies of the Software, and to permit persons to whom the Software is -# furnished to do so, subject to the following conditions: - -# The above copyright notice and this permission notice shall be included in -# all copies or substantial portions of the Software. - -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE -# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING -# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS -# IN THE SOFTWARE. - -name: 📦 Immediate Releases - -on: - workflow_dispatch: - push: - branches: - - "main" - paths: - - "blog/**" - -concurrency: - group: release-deployment - cancel-in-progress: false - -permissions: - contents: write - pages: write - id-token: write - deployments: write - -jobs: - submodule: - strategy: - matrix: - repo: [mkdocs-material-insiders, brand] - uses: privacyguides/.github/.github/workflows/download-repo.yml@main - with: - repo: ${{ matrix.repo }} - secrets: - ACTIONS_SSH_KEY: ${{ secrets.ACTIONS_SSH_KEY }} - - build_blog: - needs: submodule - permissions: - contents: read - uses: ./.github/workflows/build-blog.yml - with: - repo: ${{ github.repository }} - ref: ${{ github.ref }} - continue-on-error: false - context: production - - deploy: - needs: [build_blog] - uses: privacyguides/webserver/.github/workflows/deploy-garage.yml@main - with: - environment: production - secrets: - PROD_GARAGE_KEY_ID: ${{ secrets.PROD_GARAGE_KEY_ID }} - PROD_GARAGE_SECRET_KEY: ${{ secrets.PROD_GARAGE_SECRET_KEY }} - - cleanup: - if: ${{ always() }} - needs: [build_blog] - uses: privacyguides/.github/.github/workflows/cleanup.yml@main diff --git a/.github/workflows/publish-mirror.yml b/.github/workflows/publish-mirror.yml deleted file mode 100644 index b5216fa1..00000000 --- a/.github/workflows/publish-mirror.yml +++ /dev/null @@ -1,53 +0,0 @@ -# Copyright (c) 2022 Jonah Aragon - -# Permission is hereby granted, free of charge, to any person obtaining a copy -# of this software and associated documentation files (the "Software"), to -# deal in the Software without restriction, including without limitation the -# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or -# sell copies of the Software, and to permit persons to whom the Software is -# furnished to do so, subject to the following conditions: - -# The above copyright notice and this permission notice shall be included in -# all copies or substantial portions of the Software. - -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE -# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING -# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS -# IN THE SOFTWARE. - -name: 🪞 Push to Mirrors - -permissions: - contents: read - -on: [push, delete, create] - -# Ensures that only one mirror task will run at a time. -concurrency: - group: git-mirror - -jobs: - gitlab: - runs-on: ubuntu-latest - steps: - - name: Mirror to GitLab - uses: wearerequired/git-mirror-action@v1 - env: - SSH_PRIVATE_KEY: ${{ secrets.ACTIONS_SSH_KEY }} - with: - source-repo: "git@github.com:privacyguides/privacyguides.org.git" - destination-repo: "git@gitlab.com:privacyguides/privacyguides.org.git" - - codeberg: - runs-on: ubuntu-latest - steps: - - name: Mirror to Codeberg - uses: wearerequired/git-mirror-action@v1 - env: - SSH_PRIVATE_KEY: ${{ secrets.ACTIONS_SSH_KEY }} - with: - source-repo: "git@github.com:privacyguides/privacyguides.org.git" - destination-repo: "git@codeberg.org:privacyguides/privacyguides.org.git" diff --git a/.github/workflows/publish-pr.yml b/.github/workflows/publish-pr.yml index 8800e865..3adebc8b 100644 --- a/.github/workflows/publish-pr.yml +++ b/.github/workflows/publish-pr.yml @@ -93,26 +93,44 @@ jobs: needs: metadata permissions: contents: read + runs-on: ubuntu-latest + outputs: + address: ${{ steps.deployment.outputs.address }} + steps: + - uses: actions/download-artifact@v4 + with: + pattern: site-build-combined.tar.gz + merge-multiple: true - uses: privacyguides/webserver/.github/workflows/deploy-garage-preview.yml@main - with: - alias: ${{ needs.metadata.outputs.pr_number }} - bucket: ${{ vars.PREVIEW_GARAGE_BUCKET }} - hostname: ${{ vars.PREVIEW_GARAGE_HOSTNAME }} - secrets: - PREVIEW_GARAGE_KEY_ID: ${{ secrets.PREVIEW_GARAGE_KEY_ID }} - PREVIEW_GARAGE_SECRET_KEY: ${{ secrets.PREVIEW_GARAGE_SECRET_KEY }} + - run: | + for file in *.tar.gz; do tar -zxf "$file"; done + ls -la public/ + + - name: Limit length of site alias to 12 + run: echo "SHORT_ALIAS=$(echo "${{ needs.metadata.outputs.pr_number }}" | cut -c1-12)" >> "$GITHUB_ENV" + + - uses: hkdobrev/minio-deploy-action@v1 + with: + endpoint: https://${{ vars.PREVIEW_GARAGE_HOSTNAME }} + bucket: ${{ vars.PREVIEW_GARAGE_BUCKET }} + access_key: ${{ secrets.PREVIEW_GARAGE_KEY_ID }} + secret_key: ${{ secrets.PREVIEW_GARAGE_SECRET_KEY }} + source_dir: "public/" + target_dir: "/${{ env.SHORT_ALIAS }}/" + + - id: deployment + run: | + echo "address=https://pr${{ env.SHORT_ALIAS }}.unreviewed.privacyguides.dev/en/" >> "$GITHUB_OUTPUT" comment: permissions: pull-requests: write - needs: [deploy_garage, metadata] + needs: deploy_garage runs-on: ubuntu-latest env: address: ${{ needs.deploy_garage.outputs.address }} steps: - uses: thollander/actions-comment-pull-request@v2.5.0 - if: ${{ needs.metadata.outputs.privileged == 'true' }} with: pr_number: ${{ needs.metadata.outputs.pr_number }} message: | @@ -123,18 +141,3 @@ jobs: | Latest commit | ${{ needs.metadata.outputs.sha }} | | Preview | ${{ env.address }} | comment_tag: deployment - - - uses: thollander/actions-comment-pull-request@v2.5.0 - if: ${{ needs.metadata.outputs.privileged == 'false' }} - with: - pr_number: ${{ needs.metadata.outputs.pr_number }} - message: | - ### Your preview is ready! - - | Name | Link | - | :---: | ---- | - | Latest commit | ${{ needs.metadata.outputs.sha }} | - | Preview | ${{ env.address }} | - - Please note that this preview was built from an untrusted source, so it was not granted access to all mkdocs-material features. Maintainers should ensure this PR has been reviewed locally with a full build before merging. - comment_tag: deployment diff --git a/.github/workflows/publish-release.yml b/.github/workflows/publish-release.yml deleted file mode 100644 index e822f885..00000000 --- a/.github/workflows/publish-release.yml +++ /dev/null @@ -1,127 +0,0 @@ -# Copyright (c) 2021-2024 Jonah Aragon - -# Permission is hereby granted, free of charge, to any person obtaining a copy -# of this software and associated documentation files (the "Software"), to -# deal in the Software without restriction, including without limitation the -# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or -# sell copies of the Software, and to permit persons to whom the Software is -# furnished to do so, subject to the following conditions: - -# The above copyright notice and this permission notice shall be included in -# all copies or substantial portions of the Software. - -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE -# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING -# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS -# IN THE SOFTWARE. - -name: 📦 Release - -on: - push: - tags: - - "*" - -concurrency: - group: release-deployment - cancel-in-progress: true - -permissions: - contents: write - pages: write - id-token: write - deployments: write - -jobs: - submodule: - strategy: - matrix: - repo: [mkdocs-material-insiders, brand, i18n] - uses: privacyguides/.github/.github/workflows/download-repo.yml@main - with: - repo: ${{ matrix.repo }} - secrets: - ACTIONS_SSH_KEY: ${{ secrets.ACTIONS_SSH_KEY }} - - build: - needs: submodule - strategy: - matrix: - lang: [en, es, fr, he, it, nl, ru, zh-Hant, zh-TW] - build: [build] - permissions: - contents: read - uses: ./.github/workflows/build.yml - with: - config: ${{ matrix.build }} - ref: ${{ github.ref }} - repo: ${{ github.repository }} - lang: ${{ matrix.lang }} - context: production - continue-on-error: false - cache: false - secrets: - MEMBERS_API_URL: ${{ secrets.MEMBERS_API_URL }} - - build_blog: - needs: submodule - permissions: - contents: read - uses: ./.github/workflows/build-blog.yml - with: - repo: ${{ github.repository }} - ref: ${{ github.ref }} - continue-on-error: false - context: production - - build_zimfile: - needs: submodule - permissions: - contents: read - uses: ./.github/workflows/build-zimfile.yml - with: - repo: ${{ github.repository }} - ref: ${{ github.ref }} - - release: - name: Create release notes - needs: [build, build_zimfile] - runs-on: ubuntu-latest - permissions: - contents: write - - steps: - - uses: actions/download-artifact@v4 - with: - pattern: "*.zim" - merge-multiple: true - - - name: Create release notes - uses: ncipollo/release-action@v1 - with: - generateReleaseNotes: true - artifacts: "*.zim" - makeLatest: true - - deploy: - needs: [build, build_blog] - uses: privacyguides/webserver/.github/workflows/deploy-all.yml@main - secrets: - PROD_MINIO_KEY_ID: ${{ secrets.PROD_MINIO_KEY_ID }} - PROD_MINIO_SECRET_KEY: ${{ secrets.PROD_MINIO_SECRET_KEY }} - PROD_GARAGE_KEY_ID: ${{ secrets.PROD_GARAGE_KEY_ID }} - PROD_GARAGE_SECRET_KEY: ${{ secrets.PROD_GARAGE_SECRET_KEY }} - CF_API_TOKEN: ${{ secrets.CF_API_TOKEN }} - CF_ACCOUNT_ID: ${{ secrets.CF_ACCOUNT_ID }} - CLUSTER_USERNAME: ${{ secrets.CLUSTER_USERNAME }} - CLUSTER_PASSWORD: ${{ secrets.CLUSTER_PASSWORD }} - CLOUDFLARE_ZONE: ${{ secrets.CLOUDFLARE_ZONE }} - CLOUDFLARE_TOKEN: ${{ secrets.CLOUDFLARE_TOKEN }} - - cleanup: - if: ${{ always() }} - needs: [build, build_blog, build_zimfile] - uses: privacyguides/.github/.github/workflows/cleanup.yml@main diff --git a/.github/workflows/test-build.yml b/.github/workflows/test-build.yml deleted file mode 100644 index 2c4e0044..00000000 --- a/.github/workflows/test-build.yml +++ /dev/null @@ -1,62 +0,0 @@ -# Copyright (c) 2024 Jonah Aragon - -# Permission is hereby granted, free of charge, to any person obtaining a copy -# of this software and associated documentation files (the "Software"), to -# deal in the Software without restriction, including without limitation the -# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or -# sell copies of the Software, and to permit persons to whom the Software is -# furnished to do so, subject to the following conditions: - -# The above copyright notice and this permission notice shall be included in -# all copies or substantial portions of the Software. - -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE -# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING -# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS -# IN THE SOFTWARE. - -name: 📦 Manual Test Build - -on: - workflow_dispatch: - -permissions: - contents: read - -jobs: - submodule: - strategy: - matrix: - repo: [mkdocs-material-insiders, brand, i18n] - uses: privacyguides/.github/.github/workflows/download-repo.yml@main - with: - repo: ${{ matrix.repo }} - secrets: - ACTIONS_SSH_KEY: ${{ secrets.ACTIONS_SSH_KEY }} - - build: - needs: submodule - strategy: - matrix: - lang: [en, fr, he] - build: [build, offline] - fail-fast: false - permissions: - contents: read - uses: ./.github/workflows/build.yml - with: - config: ${{ matrix.build }} - ref: ${{ github.ref }} - repo: ${{ github.repository }} - lang: ${{ matrix.lang }} - continue-on-error: true - secrets: - MEMBERS_API_URL: ${{ secrets.MEMBERS_API_URL }} - - cleanup: - if: ${{ always() }} - needs: build - uses: privacyguides/.github/.github/workflows/cleanup.yml@main diff --git a/.github/workflows/test-lint.yml b/.github/workflows/test-lint.yml deleted file mode 100644 index 07f57375..00000000 --- a/.github/workflows/test-lint.yml +++ /dev/null @@ -1,131 +0,0 @@ -# Copyright (c) 2024 Jonah Aragon - -# Permission is hereby granted, free of charge, to any person obtaining a copy -# of this software and associated documentation files (the "Software"), to -# deal in the Software without restriction, including without limitation the -# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or -# sell copies of the Software, and to permit persons to whom the Software is -# furnished to do so, subject to the following conditions: - -# The above copyright notice and this permission notice shall be included in -# all copies or substantial portions of the Software. - -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE -# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING -# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS -# IN THE SOFTWARE. - -name: 🤖 Linting - -permissions: - contents: read - -on: - workflow_dispatch: - pull_request: - branches: - - main - push: - -concurrency: - group: ${{ github.ref }}-${{ github.workflow }} - cancel-in-progress: true - -env: - MAIN_BRANCH: ${{ github.event_name == 'push' }} - -jobs: - megalinter: - name: MegaLinter - runs-on: ubuntu-latest - steps: - - if: ${{ env.MAIN_BRANCH }} - uses: actions/checkout@v4 - - - if: ${{ env.MAIN_BRANCH == 0 }} - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - - name: Configure markdown-link-check - run: | - cat <> .markdown-link-check.json - { - "ignorePatterns": [ - { - "pattern": "^https://twitter.com" - }, - { - "pattern": "^https://reddit.com" - }, - { - "pattern": "^#_" - }, - { - "pattern": ".onion" - }, - { - "pattern": "^https://en.opensuse.org" - }, - { - "pattern": "^https://quad9.net" - }, - { - "pattern": "^https://dnscrypt.info" - }, - { - "pattern": "^https://pipewire.org" - } - ], - "replacementPatterns": [ - { - "pattern": "^assets/", - "replacement": "https://www.privacyguides.org/en/assets/" - }, - { - "pattern": "^(../)*assets/", - "replacement": "https://www.privacyguides.org/en/assets/" - }, - { - "pattern": "^/", - "replacement": "https://www.privacyguides.org/" - } - ], - "retryOn429": true, - "retryCount": 5, - "aliveStatusCodes": [200, 206, 403] - } - EOT - - - id: ml - # You can override MegaLinter flavor used to have faster performances - # More info at https://megalinter.io/flavors/ - uses: oxsecurity/megalinter/flavors/documentation@v8.0.0 - env: - # All available variables are described in documentation - # https://megalinter.io/configuration/ - # Validates all source when push on main, else just the git diff with main. - VALIDATE_ALL_CODEBASE: ${{ env.MAIN_BRANCH }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - # ADD YOUR CUSTOM ENV VARIABLES HERE OR DEFINE THEM IN A FILE .mega-linter.yml AT THE ROOT OF YOUR REPOSITORY - DISABLE: COPYPASTE,SPELL,HTML - DISABLE_LINTERS: JSON_JSONLINT,MARKDOWN_MARKDOWN_TABLE_FORMATTER - DISABLE_ERRORS_LINTERS: CSS_STYLELINT,MARKDOWN_MARKDOWN_LINK_CHECK,YAML_YAMLLINT,DOCKERFILE_HADOLINT,REPOSITORY_TRIVY,REPOSITORY_CHECKOV,REPOSITORY_GITLEAKS - EDITORCONFIG_EDITORCONFIG_CHECKER_ARGUMENTS: -disable-indentation - ENV_DOTENV_LINTER_ARGUMENTS: "--skip QuoteCharacter" - MARKDOWN_MARKDOWN_LINK_CHECK_FILTER_REGEX_INCLUDE: (docs) - MARKDOWN_MARKDOWNLINT_CONFIG_FILE: .markdownlint.yml - MARKDOWN_MARKDOWNLINT_FILTER_REGEX_EXCLUDE: (PULL_REQUEST_TEMPLATE\.md) - - # Upload MegaLinter artifacts - - name: Archive production artifacts - if: success() || failure() - uses: actions/upload-artifact@v4 - with: - name: MegaLinter reports - path: | - megalinter-reports - mega-linter.log diff --git a/.github/workflows/update-discussions.yml b/.github/workflows/update-discussions.yml deleted file mode 100644 index 7c2bb2a7..00000000 --- a/.github/workflows/update-discussions.yml +++ /dev/null @@ -1,82 +0,0 @@ -# Copyright (c) 2024 Jonah Aragon - -# Permission is hereby granted, free of charge, to any person obtaining a copy -# of this software and associated documentation files (the "Software"), to -# deal in the Software without restriction, including without limitation the -# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or -# sell copies of the Software, and to permit persons to whom the Software is -# furnished to do so, subject to the following conditions: - -# The above copyright notice and this permission notice shall be included in -# all copies or substantial portions of the Software. - -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE -# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING -# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS -# IN THE SOFTWARE. - -name: 🔄 Update Discussions - -on: - workflow_dispatch: - schedule: - - cron: "*/30 * * * *" - -permissions: - contents: read - -jobs: - generate: - runs-on: ubuntu-latest - permissions: - contents: read - environment: - name: production - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - persist-credentials: "false" - fetch-depth: 1 - - - name: Create site/en directory - run: mkdir -p site/en - - - name: Update Discussions - uses: yakubique/minio-download@v1.1.1 - with: - endpoint: https://${{ vars.PROD_GARAGE_HOSTNAME }} - access_key: ${{ secrets.PROD_GARAGE_KEY_ID }} - secret_key: ${{ secrets.PROD_GARAGE_SECRET_KEY }} - bucket: ${{ vars.PROD_GARAGE_BUCKET }} - source: /en/index.html - target: ./site/en/ - - - name: Run generate-topics.sh for top posts - run: | - bash tools/generate-topics.sh \ - --source='https://discuss.privacyguides.net/top.json?period=weekly' \ - --tag="top posts" \ - --destination="./site/en/index.html" \ - --count=3 - - - name: Run generate-topics.sh for latest posts - run: | - bash tools/generate-topics.sh \ - --source='https://discuss.privacyguides.net/latest.json' \ - --tag="latest posts" \ - --destination="./site/en/index.html" \ - --count=12 - - - name: Upload modified index - uses: yakubique/minio-upload@v1.1.3 - with: - endpoint: https://${{ vars.PROD_GARAGE_HOSTNAME }} - access_key: ${{ secrets.PROD_GARAGE_KEY_ID }} - secret_key: ${{ secrets.PROD_GARAGE_SECRET_KEY }} - bucket: ${{ vars.PROD_GARAGE_BUCKET }} - source: ./site/en/index.html - target: /en/index.html diff --git a/.github/workflows/upload-crowdin.yml b/.github/workflows/upload-crowdin.yml deleted file mode 100644 index 49504a31..00000000 --- a/.github/workflows/upload-crowdin.yml +++ /dev/null @@ -1,53 +0,0 @@ -# Copyright (c) 2022-2024 Jonah Aragon - -# Permission is hereby granted, free of charge, to any person obtaining a copy -# of this software and associated documentation files (the "Software"), to -# deal in the Software without restriction, including without limitation the -# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or -# sell copies of the Software, and to permit persons to whom the Software is -# furnished to do so, subject to the following conditions: - -# The above copyright notice and this permission notice shall be included in -# all copies or substantial portions of the Software. - -# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE -# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING -# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS -# IN THE SOFTWARE. - -name: 💬 Crowdin Upload - -permissions: - contents: read - -on: - workflow_dispatch: - push: - branches: [main] - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - -jobs: - synchronize-with-crowdin: - runs-on: ubuntu-latest - - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: crowdin action - uses: crowdin/github-action@v2.2.0 - with: - upload_sources: true - upload_sources_args: "--auto-update --delete-obsolete" - download_translations: false - config: crowdin.yml - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - CROWDIN_PROJECT_ID: ${{ secrets.CROWDIN_PROJECT_ID }} - CROWDIN_PERSONAL_TOKEN: ${{ secrets.CROWDIN_PERSONAL_TOKEN }} diff --git a/.vscode/extensions.json b/.vscode/extensions.json index 9dd63450..fcca5177 100644 --- a/.vscode/extensions.json +++ b/.vscode/extensions.json @@ -5,8 +5,17 @@ // List of extensions which should be recommended for users of this workspace. "recommendations": [ "mhutchie.git-graph", - "esbenp.prettier-vscode", - "tamasfe.even-better-toml", - "budparr.language-hugo-vscode" + "esbenp.prettier-vscode", + "tamasfe.even-better-toml", + "budparr.language-hugo-vscode", + "EditorConfig.EditorConfig", + "github.vscode-github-actions", + "bierner.github-markdown-preview", + "ms-vsliveshare.vsliveshare", + "ltex-plus.vscode-ltex-plus", + "yzhang.markdown-all-in-one", + "redhat.vscode-yaml", + "rvben.rumdl", + "kaellarkin.hugo-shortcode-syntax" ] }