Skip to content
Build Master

f #446

Sign in to view logs

f

f #446

Workflow file for this run

.github/workflows/build_master.yml at 57bd71e
name: Build Master
on:
push:
branches:
- master
paths-ignore:
- '.gitignore'
- 'book/**'
workflow_dispatch:
concurrency: build_master
permissions:
packages: write
id-token: write
contents: write
jobs:
run-translation:
runs-on: ubuntu-latest
container:
image: ghcr.io/hacktricks-wiki/hacktricks-cloud/translator-image:latest
environment: prod
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0 #Needed to download everything to be able to access the master & language branches
# Build the mdBook
- name: Build mdBook
run: MDBOOK_BOOK__LANGUAGE=en mdbook build || (echo "Error logs" && cat hacktricks-preprocessor-error.log && echo "" && echo "" && echo "Debug logs" && (cat hacktricks-preprocessor.log | tail -n 20) && exit 1)
- name: Post-process SEO artifacts
run: |
python3 scripts/seo_postprocess.py pages \
--book-dir ./book \
--site-url https://cloud.hacktricks.wiki \
--lang en \
--default-lang en \
--site-name "HackTricks Cloud"
- name: Push search index to hacktricks-searchindex repo
shell: bash
env:
PAT_TOKEN: ${{ secrets.PAT_TOKEN }}
run: |
set -euo pipefail
ASSET="book/searchindex.js"
TARGET_REPO="HackTricks-wiki/hacktricks-searchindex"
FILENAME="searchindex-cloud-en.js"
if [ ! -f "$ASSET" ]; then
echo "Expected $ASSET to exist after build" >&2
exit 1
fi
TOKEN="${PAT_TOKEN}"
if [ -z "$TOKEN" ]; then
echo "No PAT_TOKEN available" >&2
exit 1
fi
# First, compress the original file (in the build directory)
cd "${GITHUB_WORKSPACE}"
gzip -9 -k -f "$ASSET"
# Show compression stats
ORIGINAL_SIZE=$(wc -c < "$ASSET")
COMPRESSED_SIZE=$(wc -c < "${ASSET}.gz")
RATIO=$(awk "BEGIN {printf \"%.1f\", ($COMPRESSED_SIZE / $ORIGINAL_SIZE) * 100}")
echo "Compression: ${ORIGINAL_SIZE} bytes -> ${COMPRESSED_SIZE} bytes (${RATIO}%)"
# XOR encrypt the compressed file
KEY='Prevent_Online_AVs_From_Flagging_HackTricks_Search_Gzip_As_Malicious_394h7gt8rf9u3rf9g'
cat > /tmp/xor_encrypt.py << 'EOF'
import sys
key = sys.argv[1]
input_file = sys.argv[2]
output_file = sys.argv[3]
with open(input_file, 'rb') as f:
data = f.read()
key_bytes = key.encode('utf-8')
encrypted = bytearray(len(data))
for i in range(len(data)):
encrypted[i] = data[i] ^ key_bytes[i % len(key_bytes)]
with open(output_file, 'wb') as f:
f.write(encrypted)
print(f"Encrypted: {len(data)} bytes")
EOF
python3 /tmp/xor_encrypt.py "$KEY" "${ASSET}.gz" "${ASSET}.gz.enc"
# Rebuild and force-push with retries to handle concurrent updates.
MAX_RETRIES=20
RETRY_COUNT=0
while [ $RETRY_COUNT -lt $MAX_RETRIES ]; do
RETRY_COUNT=$((RETRY_COUNT + 1))
echo "Push attempt ${RETRY_COUNT}/${MAX_RETRIES}"
cd "${GITHUB_WORKSPACE}"
rm -rf /tmp/searchindex-repo /tmp/searchindex-backup
git clone https://x-access-token:${TOKEN}@github.com/${TARGET_REPO}.git /tmp/searchindex-repo
cd /tmp/searchindex-repo
git config user.name "GitHub Actions"
git config user.email "github-actions@github.com"
# Save all current files from master branch to temp directory.
mkdir -p /tmp/searchindex-backup
cp -r * /tmp/searchindex-backup/ 2>/dev/null || true
# Create a fresh orphan branch (no history).
git checkout --orphan new-main
# Remove all files from git index (but keep working directory).
git rm -rf . 2>/dev/null || true
# Restore all files from backup (keeps all language files).
cp -r /tmp/searchindex-backup/* . 2>/dev/null || true
# Update English searchindex artifact.
cp "${GITHUB_WORKSPACE}/${ASSET}.gz.enc" "${FILENAME}.gz"
git add -A
TIMESTAMP=$(date -u +"%Y-%m-%d %H:%M:%S UTC")
git commit -m "Update searchindex files - ${TIMESTAMP}" --allow-empty
if git push -f origin new-main:master 2>&1 | tee /tmp/push_output.txt; then
echo "Successfully reset repository history and pushed all searchindex files"
break
fi
if [ $RETRY_COUNT -lt $MAX_RETRIES ]; then
if grep -q "cannot lock ref 'refs/heads/master'" /tmp/push_output.txt; then
echo "Concurrent update detected on remote master. Retrying..."
else
echo "Force push failed. Retrying..."
fi
sleep 1
else
echo "Failed to push after ${MAX_RETRIES} attempts"
exit 1
fi
done
# Login in AWs
- name: Configure AWS credentials using OIDC
uses: aws-actions/configure-aws-credentials@v3
with:
role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
aws-region: us-east-1
# Sync the build to S3
- name: Sync to S3
run: aws s3 sync ./book s3://hacktricks-cloud/en --delete
- name: Upload root sitemap index
run: |
LANGS=$(aws s3api list-objects-v2 --bucket hacktricks-cloud --delimiter / --query 'CommonPrefixes[].Prefix' --output text | tr '\t' '\n' | sed 's:/$::' | grep -E '^[a-z]{2}$' | sort | paste -sd, -)
if [ -z "$LANGS" ]; then
LANGS="en"
fi
python3 scripts/seo_postprocess.py index --site-url https://cloud.hacktricks.wiki --languages "$LANGS" --output ./sitemap.xml
aws s3 cp ./sitemap.xml s3://hacktricks-cloud/sitemap.xml --content-type application/xml --cache-control max-age=300
- name: Upload root ads.txt
run: |
aws s3 cp ./ads.txt s3://hacktricks-cloud/ads.txt --content-type text/plain --cache-control max-age=300
aws s3 cp ./ads.txt s3://hacktricks-cloud/en/ads.txt --content-type text/plain --cache-control max-age=300
- name: Upload root robots.txt
run: |
aws s3 cp ./src/robots.txt s3://hacktricks-cloud/robots.txt --content-type text/plain --cache-control max-age=300
aws s3 cp ./src/robots.txt s3://hacktricks-cloud/en/robots.txt --content-type text/plain --cache-control max-age=300
- name: Invalidate CloudFront HTML and SEO assets
run: |
aws cloudfront create-invalidation \
--distribution-id "${{ secrets.CLOUDFRONT_DISTRIBUTION_ID }}" \
--paths "/en/*" "/robots.txt" "/en/robots.txt" "/sitemap.xml" "/en/sitemap.xml"