diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml new file mode 100644 index 0000000000..d0fa09d4e2 --- /dev/null +++ b/.github/workflows/deploy.yml @@ -0,0 +1,93 @@ +# Copyright (c) 2023 Jonah Aragon + +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to +# deal in the Software without restriction, including without limitation the +# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or +# sell copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: + +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. + +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING +# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS +# IN THE SOFTWARE. + +name: 🌩️ Deploy Production to Cloudflare + +on: + workflow_dispatch: + release: + types: [published] + +# Allow one concurrent deployment +concurrency: + group: "cloudflare-preview" + cancel-in-progress: true + +env: + PYTHON_VERSION: 3.8 + +jobs: + build: + name: Build and deploy + + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + fetch-depth: '0' + ssh-key: ${{ secrets.ACTIONS_SSH_KEY }} + submodules: 'true' + + - name: Python setup + uses: actions/setup-python@v4 + with: + python-version: '3.8' + cache: 'pipenv' + + - name: Cache files + uses: actions/cache@v3.3.2 + with: + key: ${{ github.ref }} + path: .cache + + - name: Install Python dependencies + run: | + pip install pipenv + pipenv install + sudo apt install pngquant + + - name: Build website + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + CARDS: true + run: | + git clone https://github.com/privacyguides/i18n i18n-download + cp -rl i18n-download/i18n . + cp -rl i18n-download/includes . + cp -rl i18n-download/theme . + pipenv run mkdocs build --config-file config/mkdocs.en.yml + pipenv run mkdocs build --config-file config/mkdocs.es.yml + pipenv run mkdocs build --config-file config/mkdocs.fr.yml + pipenv run mkdocs build --config-file config/mkdocs.he.yml + pipenv run mkdocs build --config-file config/mkdocs.it.yml + pipenv run mkdocs build --config-file config/mkdocs.nl.yml + pipenv run mkdocs build --config-file config/mkdocs.ru.yml + pipenv run mkdocs build --config-file config/mkdocs.zh-Hant.yml + cp -r static/* site/ + pipenv run mkdocs --version + + - name: Publish to Cloudflare Pages + uses: cloudflare/pages-action@v1 + with: + apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }} + accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }} + projectName: privacyguides-org + directory: site diff --git a/.github/workflows/preview.yml b/.github/workflows/preview.yml new file mode 100644 index 0000000000..82d3bc0703 --- /dev/null +++ b/.github/workflows/preview.yml @@ -0,0 +1,123 @@ +# Copyright (c) 2023 Jonah Aragon + +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to +# deal in the Software without restriction, including without limitation the +# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or +# sell copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: + +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. + +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE +# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING +# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS +# IN THE SOFTWARE. + +name: 🌩️ Deploy Preview to Cloudflare + +on: [ push, delete, create ] + +# Allow one concurrent deployment +concurrency: + group: "cloudflare-preview" + cancel-in-progress: true + +env: + PYTHON_VERSION: 3.8 + +jobs: + build: + name: Build + runs-on: ubuntu-latest + strategy: + matrix: + language: [en, es] + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + fetch-depth: '0' + ssh-key: ${{ secrets.ACTIONS_SSH_KEY }} + submodules: 'true' + + - name: Python setup + uses: actions/setup-python@v4 + with: + python-version: '3.8' + cache: 'pipenv' + + - name: Cache files + uses: actions/cache@v3.3.2 + with: + key: ${{ github.ref }} + path: .cache + + - name: Install Python dependencies + run: | + pip install pipenv + pipenv install + sudo apt install pngquant + + - name: Build website + env: + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} + CARDS: true + run: | + git clone https://github.com/privacyguides/i18n i18n-download + cp -rl i18n-download/i18n . + cp -rl i18n-download/includes . + cp -rl i18n-download/theme . + pipenv run mkdocs build --config-file config/mkdocs.${{ matrix.language }}.yml + cp -r static/* site/ + pipenv run mkdocs --version + + - name: Archive code coverage results + uses: actions/upload-artifact@v3 + with: + name: site-${{ matrix.language }} + path: site/${{ matrix.language }} + + deploy: + needs: build + name: Deploy + runs-on: ubuntu-latest + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + fetch-depth: '0' + ssh-key: ${{ secrets.ACTIONS_SSH_KEY }} + submodules: 'false' + + - name: Download en + uses: actions/download-artifact@v3 + with: + name: site-en + path: site/en + + - name: Download es + uses: actions/download-artifact@v3 + with: + name: site-es + path: site/es + + - run: | + ls -la + ls -la site/ + ls -la site/* + cp -r static/* site/ + + - name: Publish to Cloudflare Pages + uses: cloudflare/pages-action@v1 + with: + apiToken: ${{ secrets.CLOUDFLARE_API_TOKEN }} + accountId: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }} + projectName: preview-privacyguides-org + directory: site diff --git a/static/_headers b/static/_headers new file mode 100644 index 0000000000..143c112ecc --- /dev/null +++ b/static/_headers @@ -0,0 +1,5 @@ +/* + X-Frame-Options: DENY + X-XSS-Protection: 0 + X-Content-Type-Options: nosniff + Content-Security-Policy: default-src 'none'; script-src https://www.privacyguides.org https://opencollective.com 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; img-src https://opencollective.com data: 'self'; connect-src https://api.github.com https://*.privacyguides.net 'self'; frame-src https://opencollective.com https://snowflake.torproject.org https://*.privacyguides.net; frame-ancestors 'none' diff --git a/static/_redirects b/static/_redirects index fd120bcb26..093452a15c 100644 --- a/static/_redirects +++ b/static/_redirects @@ -18,70 +18,25 @@ # FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS # IN THE SOFTWARE. -/ /en/ 302 Language=en -/ /es/ 302 Language=es -/ /fr/ 302 Language=fr -/ /he/ 302 Language=he -/ /it/ 302 Language=it -/ /nl/ 302 Language=nl -/ /zh-hant/ 302 Language=zh-Hant -/ /ru/ 302 Language=ru -/ /en/ 302 +/ /en/ -/.well-known/matrix/* https://matrix.privacyguides.org/.well-known/matrix/:splat 200 /.well-known/* /well-known/:splat 200 /kb /en/basics/why-privacy-matters/ /:lang/kb /:lang/basics/why-privacy-matters/ +/kb/ /en/basics/why-privacy-matters/ +/:lang/kb/ /:lang/basics/why-privacy-matters/ /coc /en/CODE_OF_CONDUCT/ /license https://github.com/privacyguides/privacyguides.org/tree/main/README.md#license -/team /en/about/ -/browsers /en/desktop-browsers/ -/blog https://blog.privacyguides.org -/basics/dns-overview /en/advanced/dns-overview/ -/basics/tor-overview /en/advanced/tor-overview/ -/real-time-communication/communication-network-types /en/advanced/communication-network-types -/advanced/real-time-communication /en/advanced/communication-network-types -/android/overview /en/os/android-overview/ -/linux-desktop/overview /en/os/linux-overview/ -/android/grapheneos-vs-calyxos https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/ -/ios/configuration https://blog.privacyguides.org/2022/10/22/ios-configuration-guide/ -/linux-desktop/hardening https://blog.privacyguides.org/2022/04/22/linux-system-hardening/ -/linux-desktop/sandboxing https://blog.privacyguides.org/2022/04/22/linux-application-sandboxing/ -/advanced/signal-configuration-hardening https://blog.privacyguides.org/2022/07/07/signal-configuration-and-hardening/ -/real-time-communication/signal-configuration-hardening https://blog.privacyguides.org/2022/07/07/signal-configuration-and-hardening/ -/advanced/integrating-metadata-removal https://blog.privacyguides.org/2022/04/09/integrating-metadata-removal/ -/advanced/erasing-data https://blog.privacyguides.org/2022/05/25/secure-data-erasure/ -/operating-systems /en/desktop/ -/threat-modeling /en/basics/threat-modeling/ -/self-contained-networks /en/tor/ -/privacy-policy /en/about/privacy-policy/ -/metadata-removal-tools /en/data-redaction/ -/basics /en/kb -/software/file-encryption /en/encryption/ -/providers /en/tools/#service-providers -/software/calendar-contacts /en/calendar/ -/calendar-contacts /en/calendar/ -/software/metadata-removal-tools /en/data-redaction/ -/contact /en/about/ -/welcome-to-privacy-guides https://blog.privacyguides.org/2021/09/14/welcome-to-privacy-guides/ -/software/email /en/email-clients/ -/providers/paste /en/tools/ -/blog/2019/10/05/understanding-vpns https://www.jonaharagon.com/posts/understanding-vpns/ -/terms-and-notices /en/about/notices/ -/software/networks /en/tor/ -/social-news-aggregator /en/news-aggregators/ -/basics/erasing-data https://blog.privacyguides.org/2022/05/25/secure-data-erasure/ -/linux-desktop /en/desktop/ +/team /en/about/ 301 +/browsers /en/desktop-browsers/ 301 +/blog https://blog.privacyguides.org 301 -/providers/:slug /en/:slug/ -/software/:slug /en/:slug/ -/blog/* https://blog.privacyguides.org/:splat -/assets/* /en/assets/:splat +/blog/* https://blog.privacyguides.org/:splat 301 +/assets/* /en/assets/:splat 301 -/:slug/ /en/:slug/ /about/:slug/ /en/about/:slug/ /advanced/:slug/ /en/advanced/:slug/ /basics/:slug/ /en/basics/:slug/ diff --git a/static/well-known/matrix/client b/static/well-known/matrix/client new file mode 100644 index 0000000000..39aa9e1a36 --- /dev/null +++ b/static/well-known/matrix/client @@ -0,0 +1,5 @@ +{ + "m.homeserver": { + "base_url": "https://matrix.privacyguides.org" + } +} diff --git a/static/well-known/matrix/server b/static/well-known/matrix/server new file mode 100644 index 0000000000..05e642d69d --- /dev/null +++ b/static/well-known/matrix/server @@ -0,0 +1,3 @@ +{ + "m.server": "matrix.privacyguides.org:8448" +} diff --git a/theme/partials/header.html b/theme/partials/header.html index 4a878343eb..0b9ff3f153 100644 --- a/theme/partials/header.html +++ b/theme/partials/header.html @@ -104,7 +104,7 @@ {% for alt in config.extra.alternate %}