From c157dfb5122fd28d3285fce6514dd870cf278f98 Mon Sep 17 00:00:00 2001 From: ClementMabileau Date: Sun, 14 Apr 2024 20:24:16 +0200 Subject: [PATCH 1/7] Add condition on "deploy" step to only trigger on forks (#32) see DISCLAIMER comment add required secrets in comment On main branch the condition on the deploy step was: github.event_name == 'push' || github.event_name == 'workflow_dispatch' It must be resolved given that we want to avoid triggering on forks (due to possibly missing secrets leading to failing workflow) it then become: (github.event_name == 'push' && github.event.repository.fork == 'false') || github.event_name == 'workflow_dispatch' <==> If it is a classic push: - on fork *do not* trigger deployment - on base repo trigger deployment But if it is manually triggered, execute deployment step anyway maybe we're on fork maybe we're not but this is user triggered so it the user's responsability anyway. --- .github/workflows/build_and_deploy.yml | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build_and_deploy.yml b/.github/workflows/build_and_deploy.yml index acd0ee6..6e4ed21 100644 --- a/.github/workflows/build_and_deploy.yml +++ b/.github/workflows/build_and_deploy.yml @@ -39,10 +39,23 @@ jobs: path: ./build/blog # Deployment job: heavily inspired from https://swharden.com/blog/2022-03-20-github-actions-hugo/ - # /!\ only triggers on push events and manually triggered + # /!\ only triggers on (push events AND non-fork repos) OR manually triggered + ## Required secrets: + # - SSH_KNOWN_HOSTS + # - PRIVATE_SSH_KEY + # - CI_USER_NAME + # - STATIC_WEBSITE_PATH deploy: needs: [build] - if: ${{ github.event_name == 'push' || github.event_name == 'workflow_dispatch' }} + # DISCLAIMER: + # The following is a very POOR solution to avoid *failing deploy step* due to missing secrets + # on fork repositories, but sadly the `env` context is not accessible from `jobs..if`: + # https://docs.github.com/en/actions/learn-github-actions/contexts#context-availability + # + # If for any reason you want to trigger this step on your fork remove the following line, + # trigger manually or open an issue https://github.com/iScsc/blog.iscsc.fr/issues, + # we'll find a better way to skip this step. + if: ${{ (github.event_name == 'push' && github.event.repository.fork == 'false') || github.event_name == 'workflow_dispatch' }} runs-on: ubuntu-latest steps: - name: 🛠️ Setup build directory From cac3969010e4d5f17b9f566b12ba778d087bd85f Mon Sep 17 00:00:00 2001 From: ClementMabileau Date: Fri, 3 May 2024 01:42:27 +0200 Subject: [PATCH 2/7] Update remote git repo to newest deployed version, remote git pull (#55) * Add script for remotely git pull on server from GitHub Action * Modify Github Action to use the remote git pull script --- .github/workflows/build_and_deploy.yml | 8 ++++-- scripts/remote_git_pull.sh | 40 ++++++++++++++++++++++++++ 2 files changed, 46 insertions(+), 2 deletions(-) create mode 100644 scripts/remote_git_pull.sh diff --git a/.github/workflows/build_and_deploy.yml b/.github/workflows/build_and_deploy.yml index 6e4ed21..a4f3aaf 100644 --- a/.github/workflows/build_and_deploy.yml +++ b/.github/workflows/build_and_deploy.yml @@ -44,7 +44,7 @@ jobs: # - SSH_KNOWN_HOSTS # - PRIVATE_SSH_KEY # - CI_USER_NAME - # - STATIC_WEBSITE_PATH + # - REPO_PATH_ON_REMOTE deploy: needs: [build] # DISCLAIMER: @@ -83,7 +83,11 @@ jobs: # Upload the build to the remote server location: the volume shared by the nginx container serving http requests - name: 🚀 Upload run: | - rsync --archive --stats --verbose --delete ./build/blog/* ${{ secrets.CI_USER_NAME }}@iscsc.fr:${{ secrets.STATIC_WEBSITE_PATH}} + rsync --archive --stats --verbose --delete ./build/blog/* ${{ secrets.CI_USER_NAME }}@iscsc.fr:${{ secrets.REPO_PATH_ON_REMOTE }}/build/blog + + - name: ⏬ Remote git pull + run: | + ssh ${{ secrets.CI_USER_NAME }}@iscsc.fr /usr/bin/bash ${{ secrets.REPO_PATH_ON_REMOTE }}/scripts/remote_git_pull.sh ${{ secrets.REPO_PATH_ON_REMOTE }} # Finally notify of the new article (if any) on the iScsc discord server # action jitterbit/get-changed-files@v1 doesn't support 'workflow_dispatch' events: https://github.com/jitterbit/get-changed-files/issues/38 diff --git a/scripts/remote_git_pull.sh b/scripts/remote_git_pull.sh new file mode 100644 index 0000000..4ce72a8 --- /dev/null +++ b/scripts/remote_git_pull.sh @@ -0,0 +1,40 @@ +#!/usr/bin/bash + +PATH=$(/usr/bin/getconf PATH || /bin/kill $$) + +die() { + echo "[!] Something went wrong, exiting..." + exit 1 +} + +echo "[+] Connected to iscsc.fr" + +if [ $# -ne 1 ]; then + echo "[!] Must provide one and only one argument: repo path on remote"; + die; +fi +REPO_PATH="$1"; shift + +echo "[+] Change directory" +cd ${REPO_PATH} || die + +REMOTE_URL="iscsc/blog.iscsc.fr" +REMOTE_NAME=$(git remote -v | grep --ignore-case "${REMOTE_URL}" | grep "(fetch)" | awk '{print $1}') +MAIN_BRANCH_NAME=main + +echo "[+] iScsc remote name is '${REMOTE_NAME}'" +echo "[+] Fetch '${MAIN_BRANCH_NAME}' from '${REMOTE_NAME}'" +git fetch "${REMOTE_NAME}" "${MAIN_BRANCH_NAME}" || die + +echo "[+] Checkout on '${MAIN_BRANCH_NAME}'" +git checkout "${MAIN_BRANCH_NAME}" || die + +REMOTE_MAIN_REF_NAME="${REMOTE_NAME}/${MAIN_BRANCH_NAME}" + +echo "[+] Remote ref is '${REMOTE_MAIN_REF_NAME}'" +echo "[+] Rebase on '${REMOTE_MAIN_REF_NAME}'" +git rebase "${REMOTE_MAIN_REF_NAME}" || die + +echo "[+] git log from here:" +git log --color --decorate --oneline --max-count=20 main + From 61a664f84d083fa8f284af9c02b97f82ee696231 Mon Sep 17 00:00:00 2001 From: Clems1236 <46500363+Clems1236@users.noreply.github.com> Date: Sat, 4 May 2024 12:09:47 +0200 Subject: [PATCH 3/7] Add a new WU - Base64 Custom (#56) * Add files via upload * Update and rename WU2024-Base64Custom.md to src/content/posts/WU2024-Base64Custom.md * Update WU2024-Base64Custom.md --- src/content/posts/WU2024-Base64Custom.md | 46 ++++++++++++++++++++++++ 1 file changed, 46 insertions(+) create mode 100644 src/content/posts/WU2024-Base64Custom.md diff --git a/src/content/posts/WU2024-Base64Custom.md b/src/content/posts/WU2024-Base64Custom.md new file mode 100644 index 0000000..319b41b --- /dev/null +++ b/src/content/posts/WU2024-Base64Custom.md @@ -0,0 +1,46 @@ +--- +title: "WU Chall Base32 - THCon" +summary: "Understand basics of encoded strings to reverse base32" +date: 2024-04-29T12:35:51+0200 +tags: ["THCon","write-up","FR","Supwn"] +author: clementS +draft: false +--- + +# Base64Custom +**Entrée : un fichier txt contenant une chaîne de charactère encodée :** +**KREEGTaOPNRDIcbFGYaFeMLTLcaHOMbTGBWWKXbJNZXGSdDd** + +> Indice :[..] He said he just changed the sextets into quintuplets ? what does that even mean?? + +## Etape 1: comprendre comment fonctionne un encodage de string et plus particulièrement l’encodage base64 +Pour représenter un string, on associe à chaque charactère, un indice. Exemple : A->0, B->1,C->3….a->27,b->28… +Les représentations les plus commune sont la bijection ASCII et UTF-8. La bijection ASCII comporte 128 charactères (A..Za..z1..9 ?/…). + +Pour représenter un string on va écrire à la suite chaque identifiant de chaque charactère. Exemple 1 : « Aa »->0 26 +Ici on veut représenter notre chaîne de charactère en utilisant ASCII (128 charactères) . On représentera donc chaque id sur 7 bits (2^7 = 128 bits). +0 26 -> 00000 11010 + +L’encodage en base64, permet de transférer plus facilement des données. En effet, son alphabet est [A..Za..z0..9 ?/], il ne possède donc aucun charactère spéciaux. Il prend en entrée une suite de bits, et les groupes par 6 (il complète avec des 0, à la fin si ca tombe pas juste). +-> 000000 000111 00*0000* + +-> Pour avoir la représentation textuelle, on utilise l’alphabet bijection Base64. On a donc un tout autre string. Ici il devient : AHA + +## Etape 2: On attaque le concret. +On sait que ici, on a pris le FLAG, on l’a mis en base 32 (groupement bits par 5, et à pris sa représentation). On doit donc faire l’étape inverse. On peut en théorie prendre n’importe quelle alphabet mais en analysant la chaîne donnée on remarque que elle est composée des caractères [A..Za..f]. +## Etape 3 : Subtilité. +Comme on l’a préciser tout à l’heure, on peut mettre des 0 à la fin si on a pas assez de bits pour bien convertir. On regarde si il faut éventuellement retirer un bit ou en ajouter. +## Etape 4 : La dernière étape correspond a représenter les bits avec le format universelle pour représenter un texte : ASCII. + +> Rq : Il faut différencier encodage base64 et ASCII + +Base64 prend en entrée des bits et renvoie un chaine de charactère. C’est juste une bijection. ASCII prend en entrée une chaîne de charactère et renvoie des bits ou inversement. C’est une façon de représenter facilement un texte pour l’ordinateur. + +## Résumé +``` +Flag -------> 00101010001110 ------> AGSHhhbsf + Encodage ASCII Bijection Base 32 +On doit reverse le process : +AGSHhhbsf ------> 00101010001110 -------> Flag + Bijection Base 32 Décodage ASCII +``` From 5b2c6e3b80b011195d76b8e4cc356bb60143017e Mon Sep 17 00:00:00 2001 From: ClementMabileau Date: Sun, 5 May 2024 02:38:42 +0200 Subject: [PATCH 4/7] Fix unexpected skipped deployment step (#57) * Add debug * TO BE REVERTED: Test of deployment * Fix unexpected skipped step due to misscrafted logic * Remove debug lines * Craft the final logic expression and update comments --- .github/workflows/build_and_deploy.yml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build_and_deploy.yml b/.github/workflows/build_and_deploy.yml index a4f3aaf..10bd4a2 100644 --- a/.github/workflows/build_and_deploy.yml +++ b/.github/workflows/build_and_deploy.yml @@ -20,6 +20,11 @@ jobs: build: runs-on: ubuntu-latest steps: + - name: Debug + run: | + echo "github.event.repository.fork = ${{ github.event.repository.fork }}" + echo "github.event_name = ${{ github.event_name }}" + # Checkout repo AND ITS SUBMODULES - name: 🛒 Checkout uses: actions/checkout@v3 @@ -39,7 +44,7 @@ jobs: path: ./build/blog # Deployment job: heavily inspired from https://swharden.com/blog/2022-03-20-github-actions-hugo/ - # /!\ only triggers on (push events AND non-fork repos) OR manually triggered + # /!\ only triggers on (push events AND NOT fork repos) OR manually triggered ## Required secrets: # - SSH_KNOWN_HOSTS # - PRIVATE_SSH_KEY @@ -55,7 +60,7 @@ jobs: # If for any reason you want to trigger this step on your fork remove the following line, # trigger manually or open an issue https://github.com/iScsc/blog.iscsc.fr/issues, # we'll find a better way to skip this step. - if: ${{ (github.event_name == 'push' && github.event.repository.fork == 'false') || github.event_name == 'workflow_dispatch' }} + if: ${{ (github.event_name == 'push' && ! github.event.repository.fork) || github.event_name == 'workflow_dispatch' }} runs-on: ubuntu-latest steps: - name: 🛠️ Setup build directory From c4ba0ca17218ae1e20cfd2621cda532086be5972 Mon Sep 17 00:00:00 2001 From: ClementMabileau Date: Sun, 5 May 2024 18:50:58 +0200 Subject: [PATCH 5/7] Fix `new_article.py` script to handle file name containing an upper-case letter (#59) * Add a regression test * Fix lastly introduced regression test expected date formatting * Fix script --- scripts/new_article.py | 3 ++- scripts/test_new_article.py | 20 ++++++++++++++++++++ scripts/test_resources/Article-2.md | 9 +++++++++ 3 files changed, 31 insertions(+), 1 deletion(-) create mode 100644 scripts/test_resources/Article-2.md diff --git a/scripts/new_article.py b/scripts/new_article.py index 14365af..aace8d6 100644 --- a/scripts/new_article.py +++ b/scripts/new_article.py @@ -33,7 +33,8 @@ def main(files_paths): file_name = basename[:-3] # get rid of the `.md` ## Add URL info: - data["url"] = f"https://iscsc.fr/posts/{file_name}" + data["url"] = f"https://iscsc.fr/posts/{file_name.lower()}" # filename generated by HUGO will be lowercase + # so must be the URL ## Finally send Data req = requests.post("http://iscsc.fr:8001/new-blog", json=data) diff --git a/scripts/test_new_article.py b/scripts/test_new_article.py index baae7fa..dbef86d 100644 --- a/scripts/test_new_article.py +++ b/scripts/test_new_article.py @@ -40,6 +40,26 @@ def test_new_article_file(mock_requests_post): } ) + +def test_new_article_file_upper_case(mock_requests_post): + # Add an article with an Upper case --> URL should be lower case + new_article.main(["test_resources/Article-2.md"]) + + mock_requests_post.assert_called_once_with( + 'http://iscsc.fr:8001/new-blog', + json={ + 'title': 'article title', + 'summary': 'article name contains an upper case letter', + 'date': '2024-05-05 12:00:00+02:00', + 'lastUpdate': '2024-05-05 12:00:00+02:00', + 'tags': "['some', 'tags']", + 'author': 'ctmbl', + 'draft': False, + 'url': 'https://iscsc.fr/posts/article-2' + } + ) + + def test_new_leaf_bundle_article(mock_requests_post): new_article.main(["test_resources/leaf_bundle/index.md"]) diff --git a/scripts/test_resources/Article-2.md b/scripts/test_resources/Article-2.md new file mode 100644 index 0000000..10ccdf0 --- /dev/null +++ b/scripts/test_resources/Article-2.md @@ -0,0 +1,9 @@ +--- +title: "article title" +summary: "article name contains an upper case letter" +date: 2024-05-05T12:00:00+02:00 +lastUpdate: 2024-05-05T12:00:00+02:00 +tags: ["some","tags"] +author: ctmbl +draft: false +--- \ No newline at end of file From 518225c077cdeb719c998384d69a077d4b1b16bb Mon Sep 17 00:00:00 2001 From: ClementMabileau Date: Fri, 17 May 2024 22:32:48 +0200 Subject: [PATCH 6/7] Introduce a new subdomain dev.iscsc.fr to publish in-development features from opened PRs (#53) * Add nginx config and docker updates for dev.iscsc.fr * Update build folder hierarchy: build/blog -> build/blog/prod * Add deploy dev wokflow: a github action to be manually deploy a PR to remote * Fix builder container volume on host: default to production * Name production build artifact * Fix deploy_dev workflow URL and build location * TO BE REVERTED: Add fake article to test the workflow * Make deploy_dev workflow trigger on pull_request and need a maintainer approval * Test passing secrets as environment variables * TO BE REVERTED: Test without environment * TO REVERT: Add Debug secrets step * TO REVERT: Add Debug secrets step to existing workflows * Revert "TO REVERT: Add Debug secrets step to existing workflows" This reverts commit 230656644c306b930211f608ef716d077080dc9f. * Revert "TO REVERT: Add Debug secrets step" This reverts commit f5943ddb11957e1cde86279640c6df11c2818060. * Revert "TO BE REVERTED: Test without environment" This reverts commit 776a3761e623d6d64d24bcaa7800c087cc1bdf4b. * Revert "Test passing secrets as environment variables" This reverts commit ab53aefa566c66831703e095a580b47e4a2e97db. * Revert "Make deploy_dev workflow trigger on pull_request and need a maintainer approval" This reverts commit b45155a216baa86cb38f5bc1dcc620e946d9c043. * Revert "TO BE REVERTED: Add fake article to test the workflow" This reverts commit bc73f3d916af8335bf128d615423db1e766f4268. * Revert "Fix deploy_dev workflow URL and build location" This reverts commit f624bf619960248b4e3322666de5093d25659a7c. * Revert "Add deploy dev wokflow: a github action to be manually deploy a PR to remote" This reverts commit a95b787c87bfb0a69f644c2871b698703ffd6c8e. --- .github/workflows/build_and_deploy.yml | 12 +++++------ README.md | 9 ++++---- docker-compose.yml | 9 ++++++-- nginx.conf | 30 +++++++++++++++++++++++--- 4 files changed, 44 insertions(+), 16 deletions(-) diff --git a/.github/workflows/build_and_deploy.yml b/.github/workflows/build_and_deploy.yml index 10bd4a2..e0a6f06 100644 --- a/.github/workflows/build_and_deploy.yml +++ b/.github/workflows/build_and_deploy.yml @@ -40,8 +40,8 @@ jobs: - name: 🚀 Upload Artifacts uses: actions/upload-artifact@v3 with: - name: build - path: ./build/blog + name: prod-build + path: ./build/blog/prod # Deployment job: heavily inspired from https://swharden.com/blog/2022-03-20-github-actions-hugo/ # /!\ only triggers on (push events AND NOT fork repos) OR manually triggered @@ -65,12 +65,12 @@ jobs: steps: - name: 🛠️ Setup build directory run: | - mkdir -p build/blog + mkdir -p build/blog/prod - name: 📥 Download build Artifacts uses: actions/download-artifact@v3 with: - name: build - path: build/blog + name: prod-build + path: build/blog/prod # Create the SSH key file and fill the known_hosts to avoid a prompt from ssh (1st time connecting to remote host) - name: 🔐 Create Key File @@ -88,7 +88,7 @@ jobs: # Upload the build to the remote server location: the volume shared by the nginx container serving http requests - name: 🚀 Upload run: | - rsync --archive --stats --verbose --delete ./build/blog/* ${{ secrets.CI_USER_NAME }}@iscsc.fr:${{ secrets.REPO_PATH_ON_REMOTE }}/build/blog + rsync --archive --stats --verbose --delete ./build/blog/prod/* ${{ secrets.CI_USER_NAME }}@iscsc.fr:${{ secrets.REPO_PATH_ON_REMOTE }}/build/blog/prod - name: ⏬ Remote git pull run: | diff --git a/README.md b/README.md index 855004a..c6d6892 100644 --- a/README.md +++ b/README.md @@ -70,11 +70,11 @@ docker compose run --rm certbot renew #### Deploy the website itself -Create the blog directory, **it must be writable by users that will write to it: you, builder target, CI user...** +Create the blog/prod directory, **it must be writable by users that will write to it: you, builder target, CI user...** ```sh -mkdir build/blog +mkdir -p build/blog/prod chmod -chmown +chown ``` > you should check first the consistency of the server name (iscsc.fr/localhost) in those files: `nginx.conf`, ... @@ -87,8 +87,7 @@ docker compose up --detach blog > Note: before the next step make sure that when cloning the repository you also updated the git submodule! -Then builds the static website, `./build/blog` is a volume shared with both containers so -building the website will automatically "update" it for nginx. +Then builds the static website, `./build/blog/prod` is a volume shared with both containers so building the website will automatically "update" it for nginx. ```sh docker compose up builder ``` diff --git a/docker-compose.yml b/docker-compose.yml index 85235eb..1fa6df1 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -11,7 +11,9 @@ services: - HUGO_ENVIRONMENT=production volumes: - ./src:/src:rw - - ./build/blog:/build/blog:rw + # The container is mode-agnostique: it always builds in /build/blog + # the volume shared on the host side determines where it should go + - ./build/blog/prod:/build/blog:rw blog: build: @@ -25,7 +27,10 @@ services: - ./certbot/www:/var/www/certbot/:ro - ./certbot/conf/:/etc/nginx/ssl/:ro - ./nginx.conf:/etc/nginx/nginx.conf:ro - - ./build/blog:/blog:rw + # serves iscsc.fr ; + - ./build/blog/prod:/blog/prod:rw + # serves dev.iscsc.fr : + - ./build/blog/dev:/blog/dev:rw certbot: image: certbot/certbot:latest diff --git a/nginx.conf b/nginx.conf index d298048..1a90c3b 100644 --- a/nginx.conf +++ b/nginx.conf @@ -17,7 +17,7 @@ http { listen 80; listen [::]:80; - server_name www.iscsc.fr iscsc.fr; + server_name dev.iscsc.fr www.iscsc.fr iscsc.fr; location /.well-known/acme-challenge/ { root /var/www/certbot; @@ -28,17 +28,41 @@ http { } } + server { + listen 443 ssl; + listen [::]:443 ssl; + http2 on; + + server_name dev.iscsc.fr; + + ssl_certificate /etc/nginx/ssl/live/dev.iscsc.fr/fullchain.pem; + ssl_certificate_key /etc/nginx/ssl/live/dev.iscsc.fr/privkey.pem; + + root /blog/dev; #Absolute path to where your hugo site is + index index.html; # Hugo generates HTML + + location / { + try_files $uri $uri/ =404; + } + + # redirect server error pages to the static page /50x.html + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + } + } + server { listen 443 default_server ssl http2; listen [::]:443 ssl http2; - server_name www.iscsc.fr iscsc.fr; + server_name iscsc.fr; ssl_certificate /etc/nginx/ssl/live/iscsc.fr/fullchain.pem; ssl_certificate_key /etc/nginx/ssl/live/iscsc.fr/privkey.pem; - root /blog; #Absolute path to where your hugo site is + root /blog/prod; #Absolute path to where your hugo site is index index.html; # Hugo generates HTML location / { From eadb7b159001082bcad97b33a7f69312b0a9ed19 Mon Sep 17 00:00:00 2001 From: ClementMabileau Date: Tue, 21 May 2024 12:44:49 +0200 Subject: [PATCH 7/7] Add deploy to `dev.iscsc.fr` workflow (#61) * Add deploy dev wokflow: a github action to be manually deploy a PR to remote * Fix deploy_dev workflow URL and build location * TO REVERT: Add fake article to test the workflow * Make deploy_dev workflow trigger on pull_request and need a maintainer approval * Fix deploy dev docker compose builder building to the wrong directory * Revert "TO REVERT: Add fake article to test the workflow" This reverts commit 02ee2ff2873feaeeefed4131fb940080e38fc68d. * Add a development warning banner before building the development website * Fix trailing whitespace * Fix workflow comments * Remove version statement in docker-compose.dev.yml --- .github/workflows/deploy_dev.yml | 49 ++++++++++++++++++++++++++++++++ development_banner.html | 3 ++ docker-compose.dev.yml | 7 +++++ 3 files changed, 59 insertions(+) create mode 100644 .github/workflows/deploy_dev.yml create mode 100644 development_banner.html create mode 100644 docker-compose.dev.yml diff --git a/.github/workflows/deploy_dev.yml b/.github/workflows/deploy_dev.yml new file mode 100644 index 0000000..669e3d3 --- /dev/null +++ b/.github/workflows/deploy_dev.yml @@ -0,0 +1,49 @@ +name: Build and deploy a PR on dev.iscsc.fr + +on: + # Allows you to run this workflow manually from the Actions tab + workflow_dispatch: + + # Trigger the workflow on every pull request, but because of the environment (later defined) + # it will require manual approval to run + pull_request: + +jobs: + # Build job + build-and-deploy-dev: + runs-on: ubuntu-latest + # Force to respect the 'dev-deployment' environment rules, in our case 1 maintainer approval + environment: deployment-dev + steps: + # Checkout repo AND ITS SUBMODULES + - name: 🛒 Checkout + uses: actions/checkout@v3 + with: + submodules: recursive + + - name: 💉 Inject Development Banner + run: | + cat ./development_banner.html >> ./src/themes/poison/layouts/partials/sidebar/sidebar.html + + # Build the static website with the provided docker-compose rules, overriding some elements, see docker-compose.dev.yml + - name: 🛠️ Build with HUGO + run: | + docker compose -f docker-compose.yml -f docker-compose.dev.yml run builder + + # Create the SSH key file and fill the known_hosts to avoid a prompt from ssh (1st time connecting to remote host) + - name: 🔐 Create Key File + run: | + mkdir ~/.ssh + touch ~/.ssh/id_rsa + chmod 600 ~/.ssh/id_rsa + - name: 🔐 Load Host Keys + run: | + echo "${{ secrets.SSH_KNOWN_HOSTS }}" > ~/.ssh/known_hosts + - name: 🔑 Populate Key + run: | + echo "${{ secrets.PRIVATE_SSH_KEY }}" > ~/.ssh/id_rsa + + # Upload the build to the remote server location: the volume shared by the nginx container serving http requests + - name: 🚀 Upload + run: | + rsync --archive --stats --verbose --delete ./build/blog/dev/* ${{ secrets.CI_USER_NAME }}@iscsc.fr:${{ secrets.REPO_PATH_ON_REMOTE }}/build/blog/dev diff --git a/development_banner.html b/development_banner.html new file mode 100644 index 0000000..8630ee4 --- /dev/null +++ b/development_banner.html @@ -0,0 +1,3 @@ +
+ THIS IS A DEVELOPMENT WEBSITE, please go to https://iscsc.fr +
diff --git a/docker-compose.dev.yml b/docker-compose.dev.yml new file mode 100644 index 0000000..090cd31 --- /dev/null +++ b/docker-compose.dev.yml @@ -0,0 +1,7 @@ +services: + builder: + command: --logLevel info --baseURL="https://dev.iscsc.fr" --buildFuture + volumes: + # The container is mode-agnostique: it always builds in /build/blog + # the volume shared on the host side determines where it should go + - ./build/blog/dev:/build/blog:rw