Skip to content

Commit 24564fc

Browse files
committed
ci: run check workflow
1 parent 8e61bf0 commit 24564fc

9 files changed

Lines changed: 59 additions & 9 deletions

File tree

.github/workflows/check.yml

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,22 @@
1+
name: check
2+
3+
on:
4+
pull_request:
5+
push:
6+
branches:
7+
- main
8+
9+
permissions:
10+
contents: read
11+
12+
jobs:
13+
check:
14+
runs-on: ubuntu-latest
15+
steps:
16+
- uses: actions/checkout@v5
17+
- uses: actions/setup-node@v5
18+
with:
19+
node-version: 24
20+
cache: npm
21+
- run: npm ci
22+
- run: npm run check

custom/.gitkeep

Whitespace-only changes.

custom/_stats/.gitkeep

Whitespace-only changes.

custom/public/.gitkeep

Whitespace-only changes.

defaults/public/security.txt

Lines changed: 0 additions & 5 deletions
This file was deleted.

scripts/build.mjs

Lines changed: 6 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -372,7 +372,7 @@ function renderSecurityTxt(siteConfig) {
372372
""
373373
].join("\n");
374374

375-
for (const filePath of securityTxtPaths()) {
375+
for (const filePath of securityTxtWritePaths()) {
376376
fs.mkdirSync(path.dirname(filePath), { recursive: true });
377377
fs.writeFileSync(filePath, content);
378378
}
@@ -406,15 +406,17 @@ function removeDeferredLegalPages(siteConfig) {
406406
});
407407
}
408408

409-
function securityTxtPaths() {
409+
function securityTxtWritePaths() {
410410
return [
411-
path.join(BUILD_DIR, "security.txt"),
412411
path.join(BUILD_DIR, ".well-known", "security.txt")
413412
];
414413
}
415414

416415
function removeSecurityTxt() {
417-
for (const filePath of securityTxtPaths()) {
416+
for (const filePath of [
417+
...securityTxtWritePaths(),
418+
path.join(BUILD_DIR, "security.txt")
419+
]) {
418420
fs.rmSync(filePath, { force: true });
419421
}
420422
}

scripts/lint.mjs

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@
22

33
import fs from "node:fs";
44
import path from "node:path";
5+
import { execFileSync } from "node:child_process";
56

67
const ROOT = process.cwd();
78
const CHECK_EXTENSIONS = new Set([".js", ".mjs", ".json", ".md", ".toml", ".txt"]);
@@ -44,6 +45,22 @@ function lintFile(filePath) {
4445
failures.push(`${relative}: invalid JSON (${error.message})`);
4546
}
4647
}
48+
49+
if ([".js", ".mjs"].includes(path.extname(filePath))) {
50+
try {
51+
execFileSync(process.execPath, ["--check", filePath], {
52+
cwd: ROOT,
53+
stdio: "pipe"
54+
});
55+
} catch (error) {
56+
const output = [error.stdout, error.stderr]
57+
.filter(Boolean)
58+
.map((buffer) => buffer.toString().trim())
59+
.filter(Boolean)
60+
.join("\n");
61+
failures.push(`${relative}: JavaScript syntax check failed${output ? `\n${output}` : ""}`);
62+
}
63+
}
4764
}
4865

4966
function lintWrangler() {

scripts/workers/worker.mjs

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -68,6 +68,10 @@ async function handleRequest(context) {
6868
return handleExpandAnalytics(request, env, ctx, correlationId);
6969
}
7070

71+
if (slug === "security.txt") {
72+
return Response.redirect(new URL("/.well-known/security.txt", request.url).toString(), 308);
73+
}
74+
7175
if (isProtectedPath(slug)) {
7276
const accessResponse = await requireCloudflareAccess(request, env);
7377
if (accessResponse) return accessResponse;

scripts/workers/worker.test.mjs

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -81,6 +81,9 @@ const assets = {
8181
"/fr/maintenance.html": html("<main>maintenance fr</main>"),
8282
"/fr/404.html": html("<main>fr {{SLUG_MESSAGE}}{{REFERENCE_LINE}}</main>"),
8383
"/_tests/index.html": html("<main>tests</main>"),
84+
"/.well-known/security.txt": new Response("Contact: mailto:security@example.com\n", {
85+
headers: { "content-type": "text/plain; charset=utf-8" }
86+
}),
8487
"/style.css": new Response("body{}", {
8588
headers: { "content-type": "text/css" }
8689
}),
@@ -403,6 +406,13 @@ await run("blocks raw site config asset", async () => {
403406
assert(response.headers.get("x-robots-tag") === "noindex, nofollow", "robots header");
404407
});
405408

409+
await run("redirects legacy security.txt to well-known security.txt", async () => {
410+
const ctx = mockCtx();
411+
const response = await worker.fetch(request("/security.txt"), env(), ctx);
412+
assert(response.status === 308, "status");
413+
assert(response.headers.get("location") === "https://dicai.re/.well-known/security.txt", "location");
414+
});
415+
406416
await run("requires Cloudflare Access config for protected paths", async () => {
407417
const ctx = mockCtx();
408418
const response = await worker.fetch(request("/_tests"), env(), ctx);

0 commit comments

Comments
 (0)