Closed unix-system closed 2 years ago
@LPGhatguy Heya, would I be able to get a review on this?
Hey, I tried to give this PR a shot.
Just running start on a fresh checkout gives you...
$ npm start
> rojo.space@0.1.0 start C:\Users\lucien\projects\rojo.space
> docusaurus start
'docusaurus' is not recognized as an internal or external command,
operable program or batch file.
I tried running docusaurus directly using npx like the Docusaurus docs mention and I get...
$ npx docusaurus --version
β gifsicle pre-build test passed successfully
β jpegtran pre-build test passed successfully
β optipng pre-build test passed successfully
Error: No siteConfig.js file found in website folder!
I'm going to try moving the content here into a fresh Docusaurus project and see how that goes.
Thank you so much for the contribution here! I ended up taking most of the configuration and continuing it in #49. It ended up being easier to scaffold a new Docusaurus project and transplant the content into it.
I also ended up setting up redirects, offline search, and a bunch of new documentation content.
The first blog post on the new website will be crediting you for setting this up. Thank you again, and I'm glad we went down this road!
TL;DR
Docusaurus is a well known Facebook created documentation and blog site that is used to help rapid development of internal Facebook projects. It has a number of maturing features that make it attractive to us:
Want to check out the built Rojo docs in Docusaurus? Check it out here: https://unix-system.github.io/rojo.space/ π You can also download it locally and run
yarn
thenyarn start
to preview a local copy.Rationale
Our current documentation has some issues - some of these are content based, but much of this is due to our use of MkDocs. MkDocs is a well known Python-based content generator for technical documentation. It is easy to setup and has a mature ecosystem. However, we have some problems:
All of these issues are fixed by moving over to Docusaurus. I've done the preparatory work on this and have not made any content changes to the sites.
Here is a summary of the changes I have made:
versioned_docs
folder with clones of the relevant filesbin
folder and moved its contentyarn
sidebars.js
andversioned_sidebars
files where appropriateDependencies
Some new build dependencies are going to be used; I will only include top-level dependencies:
actions/checkout@v1
actions/setup-node@v1
webfactory/ssh-agent@v0.5.0
- Creates the SSH agent to deploy to GitHub Pages. Required.Vulnerability Scan & Security
Vulnerability Scan HTML: snyk-scan.zip
Package / Supply Chain Vulnerabilities I have scanned all available NPM packages using Snyk and some potential vulnerabilities were discovered; I decided to upgrade Docusaurus to fix a
websocket
related vulnerability. Due to the serverless nature of this site, I have decided to accept the residual risk of any residual vulnerabilities as there is no patch available (at the moment) and they have not been shown to be exploitable:Cautious
(? assumed)Low
π’Low
π’Accept
π’ (since the residual and pre-treatment risk ratings are identical there is no need for treatment)SSH usage We are using SSH, which can be an inherently dangerous option for communication. Whilst it is very unlikely that SSH keys could be used to compromise GitHub, special attention should be put on using Deploy Keys rather than personal SSH keys to deploy otherwise the impact scope of a compromised key would broaden to, depending on user privileges, the rest of the
rojo-rbx
organisation.Cautious
(? assumed)Low
π’High
π΄Control
π΅ - Limit scope of SSH key deployments to only therojo.space
projectDeployment Steps
The PR branch has been configured correctly to work with the https://rojo.space domain out of the box. The only input is the SSH Secret that should be created as defined above as a Deploy Key for this repository and entered into Secrets as
GH_PAGES_DEPLOY
Hope this makes sense to everyone and I look forward to your comments!