version: 3
This is the Hugo static site for www.highheathcattery.co.uk. Forms are sent to a small golang server, and emails sent with Gmail API. Emails are created with hermes and form data parsed with schemas.
Comments automatically create pull requests and send confirmation emails. This is inspired by staticman. This repo is installed as a Github App with permission to edit content and pull requests.
There is a docker compose file which will start the go app which runs the static file server and form actions.
For fast theme development run:
hugo server
To test forms you will need:
docker-compose up
Normal pages are in content/<page>.md. The theme for this page will be looked
up following the usual look up order. In this project that is usually:
theme/highheath/layouts/_default/single.htmltheme/highheath/layouts/<page>/list.html# if it is a content type
There is the <script> tag in the <head> for New Relic Browser integration.
The snippet is available in the New Relic UI.
Github Actions are triggered to build and deploy the app on release. Release Drafter is used to draft releases based on pull request titles. A service account is used to deploy via helm3. This must be created first.
The helm chart used is a generic-app chart.
To create the service account and permissions, a cluster-admin needs to apply the following:
kubectl apply -f deploy/serviceaccount.yamlSecrets for github actions are as follows:
K8S_SECRET: The full yaml secret for the serviceaccountK8S_URL: The url of the kubernetes api server
Secrets in the cluster need to be created for gmail and github
authentication.
For the gmail api, a project Website Form Backend has been
created with Oauth2 credentials. credentials.json can be downloaded from the
console. The application should be started where, after authenticating the app,
a token.json will be created. These should not be checked in. A secret in the
cluster should be created:
kubectl create secret generic gmail -n highheath --from-file=credentials.json --from-file=token.jsonA Github App (not Oauth2 App) has been created called
high-heath-farm-cattery. This is installed for this repo only.
A private key has been created (and can be rotated) and should be downloaded
as private-key.pem. This should not be checked in. A secret in the
cluster should be created:
kubectl create secret generic github -n highheath --from-file=private-key.pemRecaptcha V3 is used to protect the site. The users browser makes a request before each form and a token is added to the form. This token is then checked against the recaptcha API with a client secret. This secret needs to be created with:
kubectl create secret generic recaptcha --from-literal=secret=<SECRET>The recaptcha admin console can be used to see the number of requests and suspicious requests to the forms.