chore: enable privacy plugin

[HonkingGoose]

Changes:

• Try the privacy plugin

Context:

Follow-up after @viceice said I can try the privacy plugin in:

• 375

Documentation

• Material for MkDocs, enabling the privacy plugin
• Material for MkDocs, privacy plugin, how it works and settings

Important quotes from docs

Limitations

Dynamically created URLs as part of scripts are not detected, and thus cannot be downloaded automatically, as the plugin does not execute scripts – it only detects fully qualified URLs for downloading and replacement. In short, don't do this:

const cdn = "https://polyfill.io"
const url = `${cdn}/v3/polyfill.min.js`

Instead, always use fully qualified URLs:

const url ="https://polyfill.io/v3/polyfill.min.js"

Built-in privacy plugin

The privacy plugin offers a streamlined solution for automatically self-hosting external assets. With just a single line of configuration, the plugin can automatically identify and download external assets, making GDPR compliance as effortless as it can possibly be.

Objective

How it works

The plugin scans the generated HTML for external assets, i.e., scripts, style sheets, images, and web fonts, downloads them, stores them in the [site directory][mkdocs.site_dir] and replaces all references with links to the downloaded copies for effortless self-hosting. For example:

<script src="https://example.com/script.js"></script>

This external script is downloaded, and the link is replaced with:

<script src="assets/external/example.com/script.js"></script>

Of course, scripts and style sheets can reference further external assets, which is why this process is repeated recursively until no further external assets are detected:

• Scripts are scanned for further scripts, style sheets and JSON files
• Style sheets are scanned for images and web fonts

Additionally, hints like [preconnect][preconnect], used to reduce latency when requesting external assets, are removed from the output, as they're not necessary when self-hosting. After the plugin has done it's work, your project will be free of requests to external services.

There are some [limitations].

[HonkingGoose]

@viceice sorry for aborting your auto-merge, but I want to hear from @rarkins first about their Google search console. :wink:

I'm happy to merge the privacy plugin after @rarkins resolves my comment and approves the PR. :wink:

[viceice]

ok 🤗

[HonkingGoose]

@rarkins The easiest way to find out is to merge my PR and see if your Google stuff complains. You can always revert my PR cleanly as it does not change any dependencies. 🙃

The plugin scans the generated HTML for external assets, i.e., scripts, style sheets, images, and web fonts, downloads them, stores them in the [site directory][mkdocs.site_dir] and replaces all references with links to the downloaded copies for effortless self-hosting.

I tried the server preview and the docs site works well: the fonts are loaded locally, and the search keeps working. But I suspect that loading the Google Analytics locally may break some kind of callback or integration to your Google dashboard.

---

Edit: The Material for MkDocs explains the Google Analytics integration. The docs do not explain what happens when you use the privacy plugin and Google Analytics.

[viceice]

we should open a discussion on mkdocs material repo and ask what happens in that case?

[HonkingGoose]

we should open a discussion on mkdocs material repo and ask what happens in that case?

Let's check if our production configuration works first... :wink:

@rarkins Are you seeing Google Analytics coming from the docs site? The manual says we need a entry like this in our mkdocs.yml config file: [^1]

extra:
  analytics:
    provider: google
    property: G-XXXXXXXXXX

We're missing a analytics section in our mkdocs.yml config file. So maybe that means Google Analytics does not work?

[^1]: Material for MkDocs, setting up Google Analytics

[rarkins]

Ohh maybe we don't have that type of analytics. I get monthly stats but maybe that's just Google telling me how many people clicked through

[HonkingGoose]

Ohh maybe we don't have that type of analytics. I get monthly stats but maybe that's just Google telling me how many people clicked through

We're not using the configuration from the Material for MkDocs manual. I think this means you're getting the click-through rate from Google on search terms or keywords related to the Renovate docs. That configuration may be elsewhere in the repository, or in some kind of Google-specific configuration related to the docs domain?

You added a google-site-verification config thing two years ago but I think that's to verify Renovate owns the Renovate docs site?

• https://github.com/renovatebot/renovatebot.github.io/pull/217

What do you want to do then @rarkins?

1. Merge this PR.
2. Ask the Material for MkDocs maintainer what happens when we use the privacy plugin (but we first need to be clear on what kind of analytics you're getting now).
3. Close PR and keep things as they are now.

[rarkins]

1