From d4816461b6a3c4dd6ab7316328fa59e7bc5e6f0f Mon Sep 17 00:00:00 2001 From: johnmhoran Date: Thu, 21 May 2026 17:03:04 -0700 Subject: [PATCH] Update workflows, token, .htaccess Reference: https://github.com/aboutcode-org/www.aboutcode.org/issues/154 Signed-off-by: johnmhoran --- .github/workflows-archive/a-b-build-only.yml | 51 +++++++ .github/workflows-archive/a-b-deploy.yml | 125 ++++++++++++++++++ .github/workflows-archive/deploy.yml | 56 -------- .github/workflows-archive/update-releases.yml | 123 +++++++++++++++++ .github/workflows/a-b-build-only.yml | 16 +-- .github/workflows/a-b-deploy.yml | 42 ++---- .github/workflows/update-releases.yml | 11 +- website/static/.htaccess | 15 +++ 8 files changed, 330 insertions(+), 109 deletions(-) create mode 100644 .github/workflows-archive/a-b-build-only.yml create mode 100644 .github/workflows-archive/a-b-deploy.yml delete mode 100644 .github/workflows-archive/deploy.yml create mode 100644 .github/workflows-archive/update-releases.yml diff --git a/.github/workflows-archive/a-b-build-only.yml b/.github/workflows-archive/a-b-build-only.yml new file mode 100644 index 0000000..9e7e2cb --- /dev/null +++ b/.github/workflows-archive/a-b-build-only.yml @@ -0,0 +1,51 @@ +name: Build Docusaurus Site (Manual) + +on: + workflow_dispatch: + inputs: + target: + description: "Build target (affects baseUrl config)" + required: true + default: "dreamhost" + type: choice + options: + - dreamhost + - gh + +permissions: + contents: read + +jobs: + build: + name: Build site + runs-on: ubuntu-latest + steps: + - name: Checkout repo + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 + + - name: Setup Node + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 + with: + node-version: 20 + cache: npm + cache-dependency-path: website/package-lock.json + + - name: Install dependencies + run: | + cd website + npm ci + + - name: Build Docusaurus site + env: + DEPLOY_TARGET: ${{ inputs.target }} + run: | + cd website + npm run build + + - name: Upload build artifact + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + with: + name: docusaurus-build + path: website/build + # JMH -- TBD: + # retention-days: 7 diff --git a/.github/workflows-archive/a-b-deploy.yml b/.github/workflows-archive/a-b-deploy.yml new file mode 100644 index 0000000..f1b70f4 --- /dev/null +++ b/.github/workflows-archive/a-b-deploy.yml @@ -0,0 +1,125 @@ +name: Build & Deploy Docusaurus Site + +on: + push: + branches: [ main ] + + pull_request: + branches: [ main ] + + workflow_dispatch: + inputs: + target: + description: "Deploy target" + required: true + default: "gh" + type: choice + options: + - gh + - dreamhost + +permissions: + contents: read + pages: write + id-token: write + +jobs: + build: + name: Build site + runs-on: ubuntu-latest + + outputs: + deploy_target: ${{ steps.set-target.outputs.target }} + + steps: + - name: Checkout repo + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 + + - name: Set deploy target + id: set-target + run: | + if [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then + echo "target=${{ inputs.target }}" >> $GITHUB_OUTPUT + else + echo "target=gh" >> $GITHUB_OUTPUT + fi + + - name: Setup Node + uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 + with: + node-version: 20 + cache: npm + cache-dependency-path: website/package-lock.json + + - name: Install dependencies + run: | + cd website + npm ci + + - name: Build Docusaurus site + env: + DEPLOY_TARGET: ${{ steps.set-target.outputs.target }} + run: | + cd website + npm run build + + - name: Upload build artifact + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + with: + name: docusaurus-build + path: website/build + + + deploy-gh-pages: + name: Deploy to GitHub Pages + needs: build + if: | + needs.build.outputs.deploy_target == 'gh' && + github.event_name != 'pull_request' + runs-on: ubuntu-latest + + environment: + name: github-pages + + steps: + - name: Download build artifact + uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + with: + name: docusaurus-build + path: build + + - name: Upload Pages artifact + uses: actions/upload-pages-artifact@7b1f4a764d45c48632c6b24a0339c27f5614fb0b # v4.0.0 + with: + path: build + + - name: Deploy to GitHub Pages + uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e #v4.0.5 + + + deploy-dreamhost: + name: Deploy to DreamHost + needs: build + if: | + needs.build.outputs.deploy_target == 'dreamhost' && + github.event_name != 'pull_request' + runs-on: ubuntu-latest + + steps: + - name: Download build artifact + uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + with: + name: docusaurus-build + path: build + + - name: Setup SSH + run: | + mkdir -p ~/.ssh + echo "${{ secrets.DREAMHOST_SSH_KEY }}" > ~/.ssh/id_rsa + chmod 600 ~/.ssh/id_rsa + ssh-keyscan -H ${{ secrets.DREAMHOST_HOST }} >> ~/.ssh/known_hosts + + - name: Deploy via rsync + run: | + rsync -avz --delete build/ \ + ${{ secrets.DREAMHOST_USER }}@${{ secrets.DREAMHOST_HOST }}:${{ secrets.DREAMHOST_PATH }}/ diff --git a/.github/workflows-archive/deploy.yml b/.github/workflows-archive/deploy.yml deleted file mode 100644 index 8df56e7..0000000 --- a/.github/workflows-archive/deploy.yml +++ /dev/null @@ -1,56 +0,0 @@ -# Claude to start. -name: Deploy to GitHub Pages - -on: - push: - branches: - - main - -permissions: - contents: read - pages: write - id-token: write - -# Allow only one concurrent deployment -concurrency: - group: 'pages' - cancel-in-progress: false - -jobs: - deploy: - environment: - name: github-pages - url: ${{ steps.deployment.outputs.page_url }} - runs-on: ubuntu-latest - defaults: - run: - working-directory: ./website - - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Setup Node.js - uses: actions/setup-node@v4 - with: - node-version: 20 - cache: npm - cache-dependency-path: ./website/package-lock.json - - - name: Install dependencies - run: npm ci - - - name: Build website - run: npm run build - - - name: Setup Pages - uses: actions/configure-pages@v4 - - - name: Upload artifact - uses: actions/upload-pages-artifact@v3 - with: - path: website/build - - - name: Deploy to GitHub Pages - id: deployment - uses: actions/deploy-pages@v4 diff --git a/.github/workflows-archive/update-releases.yml b/.github/workflows-archive/update-releases.yml new file mode 100644 index 0000000..d63d669 --- /dev/null +++ b/.github/workflows-archive/update-releases.yml @@ -0,0 +1,123 @@ +name: Update Releases Feed + +on: + workflow_dispatch: + schedule: + # - cron: "15 * * * *" # every hour at :15 + - cron: "15 9 * * *" # every day at 09:15 UTC + +jobs: + update: + runs-on: ubuntu-latest + permissions: + contents: write # needed to commit updates to releases.json + + strategy: + max-parallel: 1 + matrix: + repo: + - aboutcode-org/aboutcode-toolkit + - aboutcode-org/ai-gen-code-search + - aboutcode-org/binary-inspector + - aboutcode-org/commoncode + - aboutcode-org/container-inspector + - aboutcode-org/debian-inspector + - aboutcode-org/dejacode + - aboutcode-org/dependency-inspector + - aboutcode-org/elf-inspector + - aboutcode-org/extractcode + - aboutcode-org/federatedcode + - aboutcode-org/fetchcode + - aboutcode-org/go-inspector + - aboutcode-org/license-expression + - aboutcode-org/matchcode-toolkit + - aboutcode-org/nuget-inspector + - aboutcode-org/plugincode + - aboutcode-org/purldb + - aboutcode-org/purl-validator + - aboutcode-org/purlvalidator-go + - aboutcode-org/pygmars + - aboutcode-org/python-inspector + - aboutcode-org/rust-inspector + - aboutcode-org/saneyaml + - aboutcode-org/scancode.io + - aboutcode-org/scancode-plugins + - aboutcode-org/scancode-toolkit + - aboutcode-org/scancode-workbench + - aboutcode-org/source-inspector + - aboutcode-org/typecode + - aboutcode-org/univers + - aboutcode-org/vulnerablecode + - aboutcode-org/www.aboutcode.org + # Add more repos here + + env: + GITHUB_TOKEN: ${{ secrets.GH_REPO_POLLING }} + + steps: + # 1 Checkout the target repo (Repo B) + - name: Checkout repository + uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 + with: + ref: main + fetch-depth: 0 + token: ${{ secrets.GH_REPO_POLLING }} + + # 2 Debug: show which repo is being processed + - name: Debug - current repo + run: echo "Processing ${{ matrix.repo }}" + + # 3 Fetch the latest release from the current source repo + - name: Fetch latest release + run: | + REPO=${{ matrix.repo }} + curl -s -H "Accept: application/vnd.github+json" \ + https://api.github.com/repos/$REPO/releases/latest \ + -o release.json || echo '{}' > release.json + + # 4 Update releases.json in website/static cl + - name: Update releases.json + env: + REPO: ${{ matrix.repo }} + run: | + TMP=$(mktemp) + FILTER=$(mktemp --suffix=.jq) + mkdir -p website/static + if [ ! -f website/static/releases.json ]; then + echo "[]" > website/static/releases.json + fi + printf '%s\n' \ + '$existing[0] +' \ + '[ $release[0] | {' \ + ' repo: (if .name==null then "" else .name end),' \ + ' repo_slug: env.REPO,' \ + ' repo_url: ("https://github.com/" + env.REPO),' \ + ' tag: (if .tag_name==null then "" else .tag_name end),' \ + ' tag_url: (if .html_url==null then "" else .html_url end),' \ + ' published_at: (if .published_at==null then "" else .published_at end),' \ + ' releases_page_url: ("https://github.com/" + env.REPO + "/releases"),' \ + ' compare_url: ("https://github.com/" + env.REPO + "/compare/" + (if .tag_name==null then "" else .tag_name end) + "...main"),' \ + ' commits_since: 0,' \ + ' prerelease: .prerelease,' \ + ' author: (if .author==null then "" else .author.login end)' \ + '}' \ + '] | sort_by(.published_at) | reverse | unique_by(.repo_url) | sort_by(.published_at) | reverse' \ + > "$FILTER" + jq -n \ + --slurpfile existing website/static/releases.json \ + --slurpfile release release.json \ + -f "$FILTER" > "$TMP" + mv "$TMP" website/static/releases.json + rm -f release.json "$FILTER" + shell: bash + + # 5 Commit & push changes if releases.json changed + - name: Commit and push if changed + run: | + git config user.name "AboutCode Automation" + git config user.email "automation@aboutcode.org" + git add website/static/releases.json + git commit -m "$(echo -e "Update releases for ${{ matrix.repo }}\n\nSigned-off-by: AboutCode Automation ")" || exit 0 + git pull --rebase origin main + git push + shell: bash diff --git a/.github/workflows/a-b-build-only.yml b/.github/workflows/a-b-build-only.yml index 9e7e2cb..74c58ae 100644 --- a/.github/workflows/a-b-build-only.yml +++ b/.github/workflows/a-b-build-only.yml @@ -1,5 +1,4 @@ name: Build Docusaurus Site (Manual) - on: workflow_dispatch: inputs: @@ -11,41 +10,36 @@ on: options: - dreamhost - gh - permissions: contents: read - jobs: build: name: Build site runs-on: ubuntu-latest steps: - name: Checkout repo - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 - + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Setup Node - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 + uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 with: - node-version: 20 + node-version: 24 cache: npm cache-dependency-path: website/package-lock.json - - name: Install dependencies run: | cd website npm ci - - name: Build Docusaurus site env: DEPLOY_TARGET: ${{ inputs.target }} run: | cd website npm run build - - name: Upload build artifact - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: docusaurus-build path: website/build + include-hidden-files: true # JMH -- TBD: # retention-days: 7 diff --git a/.github/workflows/a-b-deploy.yml b/.github/workflows/a-b-deploy.yml index f1b70f4..0d4fa71 100644 --- a/.github/workflows/a-b-deploy.yml +++ b/.github/workflows/a-b-deploy.yml @@ -1,12 +1,9 @@ name: Build & Deploy Docusaurus Site - on: push: branches: [ main ] - pull_request: branches: [ main ] - workflow_dispatch: inputs: target: @@ -17,24 +14,19 @@ on: options: - gh - dreamhost - permissions: contents: read pages: write id-token: write - jobs: build: name: Build site runs-on: ubuntu-latest - outputs: deploy_target: ${{ steps.set-target.outputs.target }} - steps: - name: Checkout repo - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 - + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set deploy target id: set-target run: | @@ -43,33 +35,28 @@ jobs: else echo "target=gh" >> $GITHUB_OUTPUT fi - - name: Setup Node - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0 + uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0 with: - node-version: 20 + node-version: 24 cache: npm cache-dependency-path: website/package-lock.json - - name: Install dependencies run: | cd website npm ci - - name: Build Docusaurus site env: DEPLOY_TARGET: ${{ steps.set-target.outputs.target }} run: | cd website npm run build - - name: Upload build artifact - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: docusaurus-build path: website/build - - + include-hidden-files: true deploy-gh-pages: name: Deploy to GitHub Pages needs: build @@ -77,26 +64,20 @@ jobs: needs.build.outputs.deploy_target == 'gh' && github.event_name != 'pull_request' runs-on: ubuntu-latest - environment: name: github-pages - steps: - name: Download build artifact - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@70fc10c777b56b1aba04a2c2e9e26d02b34f4d69 # v7.0.0 with: name: docusaurus-build path: build - - name: Upload Pages artifact - uses: actions/upload-pages-artifact@7b1f4a764d45c48632c6b24a0339c27f5614fb0b # v4.0.0 + uses: actions/upload-pages-artifact@fc324d3547104276b827a68afc52ff2a11cc49c9 # v5.0.0 with: path: build - - name: Deploy to GitHub Pages - uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e #v4.0.5 - - + uses: actions/deploy-pages@cd2ce8fcbc39b97be8ca5fce6e763baed58fa128 # v5.0.0 deploy-dreamhost: name: Deploy to DreamHost needs: build @@ -104,22 +85,19 @@ jobs: needs.build.outputs.deploy_target == 'dreamhost' && github.event_name != 'pull_request' runs-on: ubuntu-latest - steps: - name: Download build artifact - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 + uses: actions/download-artifact@70fc10c777b56b1aba04a2c2e9e26d02b34f4d69 # v7.0.0 with: name: docusaurus-build path: build - - name: Setup SSH run: | mkdir -p ~/.ssh echo "${{ secrets.DREAMHOST_SSH_KEY }}" > ~/.ssh/id_rsa chmod 600 ~/.ssh/id_rsa ssh-keyscan -H ${{ secrets.DREAMHOST_HOST }} >> ~/.ssh/known_hosts - - name: Deploy via rsync run: | - rsync -avz --delete build/ \ + rsync -avz build/ \ ${{ secrets.DREAMHOST_USER }}@${{ secrets.DREAMHOST_HOST }}:${{ secrets.DREAMHOST_PATH }}/ diff --git a/.github/workflows/update-releases.yml b/.github/workflows/update-releases.yml index d63d669..bcb718b 100644 --- a/.github/workflows/update-releases.yml +++ b/.github/workflows/update-releases.yml @@ -1,17 +1,14 @@ name: Update Releases Feed - on: workflow_dispatch: schedule: # - cron: "15 * * * *" # every hour at :15 - cron: "15 9 * * *" # every day at 09:15 UTC - jobs: update: runs-on: ubuntu-latest permissions: contents: write # needed to commit updates to releases.json - strategy: max-parallel: 1 matrix: @@ -50,23 +47,19 @@ jobs: - aboutcode-org/vulnerablecode - aboutcode-org/www.aboutcode.org # Add more repos here - env: GITHUB_TOKEN: ${{ secrets.GH_REPO_POLLING }} - steps: # 1 Checkout the target repo (Repo B) - name: Checkout repository - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: ref: main fetch-depth: 0 token: ${{ secrets.GH_REPO_POLLING }} - # 2 Debug: show which repo is being processed - name: Debug - current repo run: echo "Processing ${{ matrix.repo }}" - # 3 Fetch the latest release from the current source repo - name: Fetch latest release run: | @@ -74,7 +67,6 @@ jobs: curl -s -H "Accept: application/vnd.github+json" \ https://api.github.com/repos/$REPO/releases/latest \ -o release.json || echo '{}' > release.json - # 4 Update releases.json in website/static cl - name: Update releases.json env: @@ -110,7 +102,6 @@ jobs: mv "$TMP" website/static/releases.json rm -f release.json "$FILTER" shell: bash - # 5 Commit & push changes if releases.json changed - name: Commit and push if changed run: | diff --git a/website/static/.htaccess b/website/static/.htaccess index 063036d..08c16dd 100644 --- a/website/static/.htaccess +++ b/website/static/.htaccess @@ -1,6 +1,21 @@ Options -MultiViews + RewriteEngine On RewriteBase / + +# ========================================================= +# Archived project redirects +# ========================================================= + +# Redirect exact project roots and all subpaths +RewriteRule ^dejacode/?(.*)?$ https://aboutcode.org/#application-projects [R=302,L,NE] +RewriteRule ^scancode/?(.*)?$ https://aboutcode.org/#application-projects [R=302,L,NE] +RewriteRule ^vulnerablecode/?(.*)?$ https://aboutcode.org/#application-projects [R=302,L,NE] + +# ========================================================= +# Docusaurus SPA fallback +# ========================================================= + RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.html [L]