Merge pull request #114 from wearearima/feature/deploy-to-google-app-engine

deploy: deploy to google app engine instead of github pages

Author: aberasarte

.github/workflows/build.yml

@@ -0,0 +1,42 @@
+name: Build and Deploy Jekyll site
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - master
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+      id-token: write
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          submodules: recursive
+
+      - name: Setup Ruby
+        uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: "2.7.1"
+          bundler-cache: true
+
+      - name: Build Jekyll site
+        env:
+          JEKYLL_ENV: production
+        run: bundle exec jekyll build --trace
+
+      - id: auth
+        name: Authenticate to Google Cloud
+        uses: google-github-actions/auth@v2
+        with:
+          workload_identity_provider: "projects/150426842195/locations/global/workloadIdentityPools/github-pool/providers/github-provider"
+          service_account: "arima-blog-sa@blog-arima-eu.iam.gserviceaccount.com"
+
+      - name: Deploy to App Engine
+        uses: google-github-actions/deploy-appengine@v2

.github/workflows/deploy.yml

@@ -26,3 +26,8 @@ docker volume create jekyll-ruby-gems
 Each time we want to launch our Jekyll container, run it like this:
 ````
 docker run --rm -p 4000:4000 --name jekyll --volume="$PWD:/srv/jekyll" --mount source=jekyll-ruby-gems,target=/usr/local/bundle -it jekyll/jekyll:3.8 jekyll serve
+````
+
+## Deployment
+
+The site is published through Google App Engine. The workflow in `.github/workflows/deploy.yml` builds the Jekyll site and deploys the generated `_site` directory using Workload Identity Federation.

README.md

@@ -0,0 +1,95 @@
+runtime: python39
+
+handlers:
+  - url: /(.*\..*)
+    static_files: _site/\1
+    upload: _site/(.*)
+    secure: always
+    http_headers:
+      Content-Security-Policy: >-
+        default-src 'self';
+        script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://platform.twitter.com https://cdn.syndication.twimg.com https://syndication.twitter.com;
+        style-src 'self' 'unsafe-inline';
+        img-src 'self' data: https://www.google-analytics.com https://www.googletagmanager.com https://pbs.twimg.com https://ton.twimg.com https://abs.twimg.com;
+        font-src 'self' data:;
+        connect-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://region1.google-analytics.com https://platform.twitter.com https://cdn.syndication.twimg.com https://syndication.twitter.com https://api.twitter.com;
+        frame-src https://platform.twitter.com https://syndication.twitter.com;
+        frame-ancestors 'self';
+        object-src 'none';
+        base-uri 'self';
+        form-action 'self';
+        manifest-src 'self';
+        upgrade-insecure-requests;
+      X-Frame-Options: SAMEORIGIN
+      X-Content-Type-Options: nosniff
+      Referrer-Policy: strict-origin-when-cross-origin
+      Permissions-Policy: >-
+        accelerometer=(),
+        camera=(),
+        geolocation=(),
+        gyroscope=(),
+        microphone=(),
+        payment=(),
+        usb=()
+
+  - url: /(.*)/
+    static_files: _site/\1/index.html
+    upload: _site/(.*)/index.html
+    secure: always
+    http_headers:
+      Content-Security-Policy: >-
+        default-src 'self';
+        script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://platform.twitter.com https://cdn.syndication.twimg.com https://syndication.twitter.com;
+        style-src 'self' 'unsafe-inline';
+        img-src 'self' data: https://www.google-analytics.com https://www.googletagmanager.com https://pbs.twimg.com https://ton.twimg.com https://abs.twimg.com;
+        font-src 'self' data:;
+        connect-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://region1.google-analytics.com https://platform.twitter.com https://cdn.syndication.twimg.com https://syndication.twitter.com https://api.twitter.com;
+        frame-src https://platform.twitter.com https://syndication.twitter.com;
+        frame-ancestors 'self';
+        object-src 'none';
+        base-uri 'self';
+        form-action 'self';
+        manifest-src 'self';
+        upgrade-insecure-requests;
+      X-Frame-Options: SAMEORIGIN
+      X-Content-Type-Options: nosniff
+      Referrer-Policy: strict-origin-when-cross-origin
+      Permissions-Policy: >-
+        accelerometer=(),
+        camera=(),
+        geolocation=(),
+        gyroscope=(),
+        microphone=(),
+        payment=(),
+        usb=()
+
+  - url: /
+    static_files: _site/index.html
+    upload: _site/index.html
+    secure: always
+    http_headers:
+      Content-Security-Policy: >-
+        default-src 'self';
+        script-src 'self' https://www.googletagmanager.com https://www.google-analytics.com https://www.gstatic.com https://platform.twitter.com https://cdn.syndication.twimg.com https://syndication.twitter.com;
+        style-src 'self' 'unsafe-inline';
+        img-src 'self' data: https://www.google-analytics.com https://www.googletagmanager.com https://pbs.twimg.com https://ton.twimg.com https://abs.twimg.com;
+        font-src 'self' data:;
+        connect-src 'self' https://www.google-analytics.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://region1.google-analytics.com https://platform.twitter.com https://cdn.syndication.twimg.com https://syndication.twitter.com https://api.twitter.com;
+        frame-src https://platform.twitter.com https://syndication.twitter.com;
+        frame-ancestors 'self';
+        object-src 'none';
+        base-uri 'self';
+        form-action 'self';
+        manifest-src 'self';
+        upgrade-insecure-requests;
+      X-Frame-Options: SAMEORIGIN
+      X-Content-Type-Options: nosniff
+      Referrer-Policy: strict-origin-when-cross-origin
+      Permissions-Policy: >-
+        accelerometer=(),
+        camera=(),
+        geolocation=(),
+        gyroscope=(),
+        microphone=(),
+        payment=(),
+        usb=()