bbaovanc.com/bbaovanc.com
1
0
Fork 0
mirror of https://github.com/BBaoVanC/bbaovanc.com.git synced 2025-07-05 19:47:30 -05:00
Code Issues Projects Releases Wiki Activity
Files
457b1d9f36b1a248aadc8f84256a2f972de5b615
bbaovanc.com/.github/workflows/audit.yml
BBaoVanC 457b1d9f36 a [skip ci]
2022-05-09 16:19:53 -05:00

151 lines
4.3 KiB
YAML
Raw Blame History

name: Audit
on:
push:
branches:
- test1
jobs:
lighthouse:
runs-on: ubuntu-latest
steps:
- name: Setup Hugo
uses: peaceiris/actions-hugo@v2
with:
hugo-version: latest
extended: true
- name: Checkout (pull_request)
if: github.event.pull_request
uses: actions/checkout@v2
with:
submodules: recursive
fetch-depth: 0
ref: ${{ github.event.pull_request.base.ref }}
- name: Checkout (push)
if: github.event_name == 'push'
uses: actions/checkout@v2
with:
submodules: recursive
fetch-depth: 0
ref: ${{ github.event.before }}
- name: Build previous commit
run: |
hugo --printI18nWarnings --printPathWarnings --baseURL https://localhost -d old/
- name: Checkout current commit
uses: actions/checkout@v2
with:
submodules: recursive
fetch-depth: 0
clean: false
- name: Build current commit
run: |
hugo --printI18nWarnings --printPathWarnings --baseURL https://localhost
cp -r public/ new/
# copy, so that public/ stays, it will be needed for Caddy to serve
- name: Save full diff
run: diff -r old/ new/ | tee changes.diff || true
- name: Upload full diff
uses: actions/upload-artifact@v3
with:
name: diff
path: changes.diff
- name: Find changed URLs
id: changed_urls
env:
SCHEME: https
DOMAIN: localhost
run: |
urls="$(./changed-urls.sh)"
urls="${urls//'%'/'%25'}"
urls="${urls//$'\n'/'%0A'}"
urls="${urls//$'\r'/'%0D'}"
echo "::set-output name=urls::$urls"
- name: Install Caddy
if: "${{ steps.changed_urls.outputs.urls != '' }}"
run: |
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo tee /etc/apt/trusted.gpg.d/caddy-stable.asc
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
sudo apt update
sudo apt install caddy
sudo systemctl disable --now caddy
- name: Compress
if: "${{ steps.changed_urls.outputs.urls != '' }}"
run: time ./compress.sh
- name: Audit using Lighthouse
if: "${{ steps.changed_urls.outputs.urls != '' }}"
uses: treosh/lighthouse-ci-action@v9
with:
uploadArtifacts: true
configPath: ./lighthouserc.yaml
runs: 3
serverBaseUrl: https://lhci.bbaovanc.com/
# this should be safe since it only allows adding (not deleting) data
serverToken: 926a24f2-90e4-48b1-809f-055b9408cf4b
urls: ${{ steps.changed_urls.outputs.urls }}
audit:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v2
with:
submodules: recursive
fetch-depth: 0
ref: ${{github.event.pull_request.head.ref}}
repository: ${{github.event.pull_request.head.repo.full_name}}
- name: Setup Hugo
uses: peaceiris/actions-hugo@v2
with:
hugo-version: latest
extended: true
- name: Build
run: |
HUGO_MINIFY_TDEWOLFF_HTML_KEEPCOMMENTS=true HUGO_ENABLEMISSINGTRANSLATIONPLACEHOLDERS=true hugo --printI18nWarnings --printPathWarnings
# For the following steps, see
# https://discourse.gohugo.io/t/audit-your-published-site-for-problems/35184
- name: Audit - raw HTML
if: always()
run: |
! grep -inorE "<\!-- raw HTML omitted -->" public/
- name: Audit - ZgotmplZ (unsafe URL content)
if: always()
run: |
! grep -inorE "ZgotmplZ" public/
#- name: Audit - missing translations
# if: always()
# run: |
# ! grep -inorE "\[i18n\]" public/
- name: Audit - nil values in printf
if: always()
run: |
! grep -inorE "\(<nil>\)" public/
- name: Audit - nil values in printf without safeHTML
if: always()
run: |
! grep -inorE "(&lt;nil&gt;)" public/
- name: Audit - HAHAHUGO
if: always()
run: |
! grep -inorE "hahahugo" public/
Reference in New Issue View Git Blame Copy Permalink