Deploy to Cloudflare

.github/workflows/deploy.yml

@@ -0,0 +1,93 @@
+# Copyright (c) 2023 Jonah Aragon <[email protected]>
+
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to
+# deal in the Software without restriction, including without limitation the
+# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+# sell copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+# IN THE SOFTWARE.
+
+name: 🌩️ Deploy Production to Cloudflare
+
+on:
+  workflow_dispatch:
+  release:
+    types: [published]
+
+# Allow one concurrent deployment
+concurrency:
+  group: "cloudflare-preview"
+  cancel-in-progress: true
+
+env:
+  PYTHON_VERSION: 3.8
+
+jobs:
+  build:
+    name: Build and deploy
+
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: '0'
+          ssh-key: ${{ secrets.ACTIONS_SSH_KEY }}
+          submodules: 'true'
+
+      - name: Python setup
+        uses: actions/setup-python@v4
+        with:
+          python-version: '3.8'
+          cache: 'pipenv'
+
+      - name: Cache files
+        uses: actions/[email protected]
+        with:
+          key: ${{ github.ref }}
+          path: .cache
+
+      - name: Install Python dependencies
+        run: |
+          pip install pipenv
+          pipenv install
+          sudo apt install pngquant
+
+      - name: Build website
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          CARDS: true
+        run: |
+          git clone https://github.com/privacyguides/i18n i18n-download
+          cp -rl i18n-download/i18n .
+          cp -rl i18n-download/includes .
+          cp -rl i18n-download/theme .
+          pipenv run mkdocs build --config-file config/mkdocs.en.yml
+          pipenv run mkdocs build --config-file config/mkdocs.es.yml
+          pipenv run mkdocs build --config-file config/mkdocs.fr.yml
+          pipenv run mkdocs build --config-file config/mkdocs.he.yml
+          pipenv run mkdocs build --config-file config/mkdocs.it.yml
+          pipenv run mkdocs build --config-file config/mkdocs.nl.yml
+          pipenv run mkdocs build --config-file config/mkdocs.ru.yml
+          pipenv run mkdocs build --config-file config/mkdocs.zh-Hant.yml
+          cp -r static/* site/
+          pipenv run mkdocs --version
+      
+      - name: Publish to Cloudflare Pages
+        uses: cloudflare/pages-action@v1
+        with:
+          apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
+          accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
+          projectName: privacyguides-org
+          directory: site

.github/workflows/preview.yml

@@ -0,0 +1,123 @@
+# Copyright (c) 2023 Jonah Aragon <[email protected]>
+
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files (the "Software"), to
+# deal in the Software without restriction, including without limitation the
+# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
+# sell copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions:
+
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
+# IN THE SOFTWARE.
+
+name: 🌩️ Deploy Preview to Cloudflare
+
+on: [ push, delete, create ]
+
+# Allow one concurrent deployment
+concurrency:
+  group: "cloudflare-preview"
+  cancel-in-progress: true
+
+env:
+  PYTHON_VERSION: 3.8
+
+jobs:
+  build:
+    name: Build
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        language: [en, es]
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: '0'
+          ssh-key: ${{ secrets.ACTIONS_SSH_KEY }}
+          submodules: 'true'
+
+      - name: Python setup
+        uses: actions/setup-python@v4
+        with:
+          python-version: '3.8'
+          cache: 'pipenv'
+
+      - name: Cache files
+        uses: actions/[email protected]
+        with:
+          key: ${{ github.ref }}
+          path: .cache
+
+      - name: Install Python dependencies
+        run: |
+          pip install pipenv
+          pipenv install
+          sudo apt install pngquant
+
+      - name: Build website
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          CARDS: true
+        run: |
+          git clone https://github.com/privacyguides/i18n i18n-download
+          cp -rl i18n-download/i18n .
+          cp -rl i18n-download/includes .
+          cp -rl i18n-download/theme .
+          pipenv run mkdocs build --config-file config/mkdocs.${{ matrix.language }}.yml
+          cp -r static/* site/
+          pipenv run mkdocs --version
+      
+      - name: Archive code coverage results
+        uses: actions/upload-artifact@v3
+        with:
+          name: site-${{ matrix.language }}
+          path: site/${{ matrix.language }}
+
+  deploy:
+    needs: build
+    name: Deploy
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: '0'
+          ssh-key: ${{ secrets.ACTIONS_SSH_KEY }}
+          submodules: 'false'
+
+      - name: Download en
+        uses: actions/download-artifact@v3
+        with:
+          name: site-en
+          path: site/en
+
+      - name: Download es
+        uses: actions/download-artifact@v3
+        with:
+          name: site-es
+          path: site/es
+
+      - run: |
+          ls -la
+          ls -la site/
+          ls -la site/*
+          cp -r static/* site/
+
+      - name: Publish to Cloudflare Pages
+        uses: cloudflare/pages-action@v1
+        with:
+          apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }}
+          accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}
+          projectName: preview-privacyguides-org
+          directory: site

static/_headers

@@ -0,0 +1,5 @@
+/*
+  X-Frame-Options: DENY
+  X-XSS-Protection: 0
+  X-Content-Type-Options: nosniff
+  Content-Security-Policy: default-src 'none'; script-src https://www.privacyguides.org https://opencollective.com 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; img-src https://opencollective.com data: 'self'; connect-src https://api.github.com https://*.privacyguides.net 'self'; frame-src https://opencollective.com https://snowflake.torproject.org https://*.privacyguides.net; frame-ancestors 'none'

static/_redirects

@@ -18,70 +18,25 @@
 # FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
 # IN THE SOFTWARE.
 
-/  /en/       302  Language=en
-/  /es/       302  Language=es
-/  /fr/       302  Language=fr
-/  /he/       302  Language=he
-/  /it/       302  Language=it
-/  /nl/       302  Language=nl
-/  /zh-hant/  302  Language=zh-Hant
-/  /ru/       302  Language=ru
-/  /en/       302
+/ /en/
 
-/.well-known/matrix/* https://matrix.privacyguides.org/.well-known/matrix/:splat 200
 /.well-known/* /well-known/:splat 200
 
 /kb /en/basics/why-privacy-matters/
 /:lang/kb /:lang/basics/why-privacy-matters/
+/kb/ /en/basics/why-privacy-matters/
+/:lang/kb/ /:lang/basics/why-privacy-matters/
 
 /coc /en/CODE_OF_CONDUCT/
 /license https://github.com/privacyguides/privacyguides.org/tree/main/README.md#license
 
-/team /en/about/
-/browsers /en/desktop-browsers/
-/blog https://blog.privacyguides.org
-/basics/dns-overview /en/advanced/dns-overview/
-/basics/tor-overview /en/advanced/tor-overview/
-/real-time-communication/communication-network-types /en/advanced/communication-network-types
-/advanced/real-time-communication /en/advanced/communication-network-types
-/android/overview /en/os/android-overview/
-/linux-desktop/overview /en/os/linux-overview/
-/android/grapheneos-vs-calyxos https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/
-/ios/configuration https://blog.privacyguides.org/2022/10/22/ios-configuration-guide/
-/linux-desktop/hardening https://blog.privacyguides.org/2022/04/22/linux-system-hardening/
-/linux-desktop/sandboxing https://blog.privacyguides.org/2022/04/22/linux-application-sandboxing/
-/advanced/signal-configuration-hardening https://blog.privacyguides.org/2022/07/07/signal-configuration-and-hardening/
-/real-time-communication/signal-configuration-hardening https://blog.privacyguides.org/2022/07/07/signal-configuration-and-hardening/
-/advanced/integrating-metadata-removal https://blog.privacyguides.org/2022/04/09/integrating-metadata-removal/
-/advanced/erasing-data https://blog.privacyguides.org/2022/05/25/secure-data-erasure/
-/operating-systems /en/desktop/
-/threat-modeling /en/basics/threat-modeling/
-/self-contained-networks /en/tor/
-/privacy-policy /en/about/privacy-policy/
-/metadata-removal-tools /en/data-redaction/
-/basics /en/kb
-/software/file-encryption /en/encryption/
-/providers /en/tools/#service-providers
-/software/calendar-contacts /en/calendar/
-/calendar-contacts /en/calendar/
-/software/metadata-removal-tools /en/data-redaction/
-/contact /en/about/
-/welcome-to-privacy-guides https://blog.privacyguides.org/2021/09/14/welcome-to-privacy-guides/
-/software/email /en/email-clients/
-/providers/paste /en/tools/
-/blog/2019/10/05/understanding-vpns https://www.jonaharagon.com/posts/understanding-vpns/
-/terms-and-notices /en/about/notices/
-/software/networks /en/tor/
-/social-news-aggregator /en/news-aggregators/
-/basics/erasing-data https://blog.privacyguides.org/2022/05/25/secure-data-erasure/
-/linux-desktop /en/desktop/
+/team /en/about/ 301
+/browsers /en/desktop-browsers/ 301
+/blog https://blog.privacyguides.org 301
 
-/providers/:slug /en/:slug/
-/software/:slug /en/:slug/
-/blog/* https://blog.privacyguides.org/:splat
-/assets/* /en/assets/:splat
+/blog/* https://blog.privacyguides.org/:splat 301
+/assets/* /en/assets/:splat 301
 
-/:slug/ /en/:slug/
 /about/:slug/ /en/about/:slug/
 /advanced/:slug/ /en/advanced/:slug/
 /basics/:slug/ /en/basics/:slug/

static/well-known/matrix/client

@@ -0,0 +1,5 @@
+{
+    "m.homeserver": {
+        "base_url": "https://matrix.privacyguides.org"
+    }
+}

static/well-known/matrix/server

@@ -0,0 +1,3 @@
+{
+    "m.server": "matrix.privacyguides.org:8448"
+}

theme/partials/header.html

@@ -104,7 +104,7 @@
               {% for alt in config.extra.alternate %}
                 <li class="md-select__item">
                   <a
-                    href="{{ alt.link | url }}"
+                    href="{{ "/" ~ alt.lang ~ "/" ~ page.url }}"
                     hreflang="{{ alt.lang }}"
                     class="md-select__link"
                   >