I built a website on github and would like to protect it from someone copying my repository and running the same website (either online or offline for themselves).
The website is fairly basic and builds on github action, which excute on schedule a Rmarkdown file that produces (updates) the index.html file. I want to avoid people being able to copy and freely execute that Rmarkdown file. I wonder if I could encrypt that specific file, and simply use a secret key with github actions to decrypt it when updating the website. Is this possible and would it be a good solution?
I also thought about having a private repository with my Rmarkdown file and simply push the html file to the public repository via github action, the problem is the github action takes a while to execute and I would quickly run out of the computation time (2000-3000 mins/month) offered by github.
I also thought about having a private repository with my Rmarkdown file and simply push the html file to the public repository via github action
That would have been the first approach, but since the RMarkdown process consumes to much tasks, it needs to be executed elsewhere.
Since other online free plans (like RStudio Cloud) are also limited in their project hours per month, another approach would be to call your own managed server (for instance, a Google Cloud compute engine, or Digital Ocean Droplet) where:
the RMarkdown file would reside (meaning, it would not be in the GitHub repository at all: no need to obfuscate/encrypt anything)
the process can take place
the generated index.html can uploaded back to your repository, and the rest of your GitHub action can publish the pages.
Related
I am managing a mostly static site through GoDaddy.
The site is a React single page application, that is still currently under development, and that occasionally needs content updating. The project folder is hosted as a public git repository.
My goal is to be able to automate the process of updating the site. Currently I need to:
npm run build
navigate to the build folder in windows file explorer
navigate to the public html folder in cpanel, in my web browser
delete the current build files
upload the contents of the build files into cpanel, folder by folder (cpanel will not allow me to upload subfolders)
I have looked through countless forum posts, and blogs, etc to find a way to automate this, but I always end up doing it manually.
You need to investigate using continuous deployment (CD/CI) and using a different hosting setup. Unfortunately, the type of platform that you use (with CPanel) is limiting and is not really oriented at your use case.
However, CPanel does have an option to use Git version control to manage the files and folders in your account. Go into this option and say "Clone repository", where you'll have to link a repo and say where it should install. Note: It is possible that your hosting provider has disabled this feature.
I suspect that this CPanel feature does not automatically pull in changes when you update the repo, so you would probably still need to manually clone the repo again when you make changes (which is still easier than copying files over). Also note that any data you store may be removed when cloning again.
I'm very new to GitHub Actions/CI/CD, and I want to know whether it is possible to automate the following scenario:
I have a local script that makes use of some APIs to download some files onto my local machine. My current status is that: I have to run the script every day to check whether the content of these files is updated or not. If some of those files got updated then I need to add those changes into a new branch and push it to a repository as a PR.
My trying: My idea is that since it's possible to compare the hash of the downloaded files to know whether any of those got updated. The next thing to do is to make this into an event to trigger some action?
If it's possible could you share some resources/tutorials about how to do it?
I tested something similar on GitHub to understand how the CI/CD GitHub actions works.
the script is based on an SQLite DataBase which is updated automatically each time (automatic git push). And it uses Github Secrets to store encrypted Tokens/Passwords.
You can find my scheduler in the follow link: https://github.com/noweh/project-marvel-memories/blob/master/.github/workflows/run-schedule.yml.
you can find more information directly in the github documentation.
Here for the Github actions: https://docs.github.com/en/actions/learn-github-actions/events-that-trigger-workflows.
And here for the Github encrypted secrets: https://docs.github.com/en/actions/security-guides/encrypted-secrets#creating-encrypted-secrets-for-an-environment
The upload/download artifact documentation implies that one should be able to build into the dist folder. My interpretation of this is that we can then reference this content in, for example, a static site, so that a site auto-builds itself for github pages on master pushes. However, it seems that artifacts are only uploaded to a specific location (i.e. GET /repos/{owner}/{repo}/actions/artifacts ) and can be downloaded only in zipped format, which defeats the purpose.
Is there a way to populate the dist folder of the repo, so that the file that was built becomes publicly and permanently accessible as part of the repo, and I can reference it without having to deploy it elsewhere like S3 etc?
Example
Here's a use case:
I have a dashboard which parses some data from several remote locations and shows it in charts. The page is deployed from /docs because it's a Github Pages hosted page.
the web page only reads static, cached data from /docs/cache/dump.json.
the dump.json file is generated via a scheduled Github Action which invokes a script that goes to the data sources and generates the dump.
This is how the web page can function quickly without on-page lockups due to lengthy data processing while the dump generation happes in the background. The web page periodically re-reads the /docs/cache/dump.json file to get new data, which should override old data on every scheduled trigger.
The idea is to have the action run and replace the dump.json file periodically, but all I can do is produce an artifact which I then have to manually fetch and unzip. Ideally, it would just replace the current dump.json file in place.
To persist changes made by a build process, it is necessary to add and commit them like after any change to a repo. Several actions exist for this, like this one.
So you would add the following to the workflow:
- name: Commit changes
uses: EndBug/add-and-commit#v7
with:
author_name: Commitobot
author_email: my#mail.com
message: "Updating build result!"
add: "docs/cache/dump.json"
We run Google Cloud Functions (python), which require to be deployed from Google Cloud Source Repository. Since all the code is stored on GitHub we resort to first mirroring GitHub into Source Repository. Although this only requires a few mouse clicks, it becomes a burden to repeat over 3+ projects (dev, staging, production) times 5+ repos (5+ apps).
I am looking to automate the mirroring config, preferably to add into the Terraform automation we already use, into a hands-off project configuration. Does the Google API support this mirroring automation? So far on my Google Cloud expedition everything was available in their API!
I fail to find Terraform examples though, and would appreciate a tip.
Come to think of it, if I can take Source Repository out of the equation, that would be just fine with me too. After all, I only use it as a pass-through / empty shell.
The Cloud Source Repository API includes a Repo resource that has a Mirror Config object where you could type in your Github's URL, webhook and credentials to automate this procedure. I would initially test it with the create method, but if you have an existing Cloud Source Repository I believe the patch method will also be worth exploring.
Additionally, there is an open Feature Request in order to connect a repository via the Cloud Build GitHub App that I recommend you to star and follow, as it could further ease your automation needs.
I have set up a wiki in Azure DevOps and I want to set up a pipeline that takes the markdown files, transform them into HTML and publish them as a stand-alone static web site. When someone commits changes in the markdown files I want to build new static files to the site using a pipeline in Azure DevOps.
Gatsby is a platform that I'm somewhat familiar with, but the wiki consists of markdown files only + a file called "order" that determines the order of the documents in the wiki.
Does anyone have an idea as to how I should set this up?
You need this setup:
Expose your markdown files by an API. Azure should have some kind of serverless lambda function service. The query result should be an array or list of the files you need in the order you need them. It's best to let your Azure based API deal with the order file. Gatsby should only be concerned with building your site in the right order as supplied by your API.
Call your markdon API during the Gatsby build process. See the docs for how to fetch data at build time.
Create a template page for all your wiki pages. See the Gatsby tutorial part 7.
You need to create the wiki pages using the Gatsby node API. Use the createPages function.
PS: I'm interested in your decision what serverless lambda function service you would use because I am running into a similar use case. Feel free to comment how you solved the 1. of your setup.