From ecc3a004c948d6425c93f2658c1fad15c6852854 Mon Sep 17 00:00:00 2001 From: Gilbert Sanchez Date: Sat, 23 May 2026 07:06:41 -0700 Subject: [PATCH 1/2] Disable goldmark unsafe HTML renderer MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit No content files use raw HTML that requires the unsafe renderer — the one exception (a 2008 podcast post with

and
) is converted to plain markdown. Disabling unsafe prevents raw HTML/JS in any markdown file from rendering, which limits the blast radius of future content injection vulnerabilities. Co-Authored-By: Claude Sonnet 4.6 --- .../2008-03-16-one-liner-countdown-timer-in-powershell.md | 8 ++++---- hugo.yaml | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/content/podcast/2008-03-16-one-liner-countdown-timer-in-powershell.md b/content/podcast/2008-03-16-one-liner-countdown-timer-in-powershell.md index 659b3021c..daa9cfbda 100644 --- a/content/podcast/2008-03-16-one-liner-countdown-timer-in-powershell.md +++ b/content/podcast/2008-03-16-one-liner-countdown-timer-in-powershell.md @@ -13,10 +13,10 @@ Here's a quick one for ya. Perfect kitchen timer. Who doesn't have a laptop with start-sleep (60*9); write-host ("`a"*4) -

Start-Sleep works in seconds, so you see where I've done some quick
-math to get nine minutes. Not sure if the ()'s were required, but they
-don't hurt. I didn't know the precedence of parameter parsing versus
-multiplication off the top of my head. Next is Write-Host with some
+Start-Sleep works in seconds, so you see where I've done some quick +math to get nine minutes. Not sure if the ()'s were required, but they +don't hurt. I didn't know the precedence of parameter parsing versus +multiplication off the top of my head. Next is Write-Host with some more multiplication. This one uses "`a" which is the special character which emits a beep (old schoolers know this as the ASCII code for diff --git a/hugo.yaml b/hugo.yaml index 5e29a0d74..658e4e8ff 100644 --- a/hugo.yaml +++ b/hugo.yaml @@ -16,7 +16,7 @@ pagination: markup: goldmark: renderer: - unsafe: true + unsafe: false highlight: style: github lineNos: true From ed87dabf25fafc3d33b3d3d153e3310fdeb80e8d Mon Sep 17 00:00:00 2001 From: Gilbert Sanchez Date: Sat, 23 May 2026 12:34:49 -0700 Subject: [PATCH 2/2] Split Hugo workflow into separate build and deploy jobs Build runs on PRs (read-only) to validate the site compiles. Deploy runs on push to main and commits the built site to docs/. Co-Authored-By: Claude Sonnet 4.6 --- .github/workflows/build.yml | 79 ++++++++++++++++++++++ .github/workflows/{hugo.yml => deploy.yml} | 44 +++++------- 2 files changed, 96 insertions(+), 27 deletions(-) create mode 100644 .github/workflows/build.yml rename .github/workflows/{hugo.yml => deploy.yml} (87%) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 000000000..38d4cf81b --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,79 @@ +name: Build Hugo Site + +on: + pull_request: + +permissions: + contents: read + +jobs: + build: + runs-on: ubuntu-latest + env: + HUGO_VERSION: 0.155.1 + steps: + - name: Install Hugo CLI + run: | + wget -O ${{ runner.temp }}/hugo.deb https://github.com/gohugoio/hugo/releases/download/v${HUGO_VERSION}/hugo_extended_${HUGO_VERSION}_linux-amd64.deb \ + && sudo dpkg -i ${{ runner.temp }}/hugo.deb + + - name: Checkout + uses: actions/checkout@v4 + with: + submodules: recursive + fetch-depth: 0 + + - name: Setup Node.js + uses: actions/setup-node@v4 + with: + node-version: '18' + + - name: Install Node dependencies + run: | + if [ -f package.json ]; then + npm install + fi + + - name: Create data directory + run: mkdir -p data + + - name: Update community stats + run: | + if [ -f .github/scripts/fetch-discourse-activity.js ]; then + echo "Running Discourse activity script..." + node .github/scripts/fetch-discourse-activity.js || true + fi + + if [ ! -f data/community_stats.json ]; then + echo "Creating fallback community stats..." + cat > data/community_stats.json << 'EOF' + { + "activities": [ + { + "message": "PowerShell community thriving", + "time": "Ongoing", + "type": "community", + "color": "bg-blue-500" + } + ], + "stats": { + "total_topics": 15000, + "total_posts": 80000, + "active_users": 12000, + "topics_this_week": 40 + }, + "last_updated": "2024-01-01T00:00:00.000Z", + "fallback": true + } + EOF + fi + + - name: Build with Hugo + env: + HUGO_ENVIRONMENT: production + HUGO_ENV: production + run: | + hugo \ + --gc \ + --minify \ + --destination docs diff --git a/.github/workflows/hugo.yml b/.github/workflows/deploy.yml similarity index 87% rename from .github/workflows/hugo.yml rename to .github/workflows/deploy.yml index 6827b8b7c..3b251145c 100644 --- a/.github/workflows/hugo.yml +++ b/.github/workflows/deploy.yml @@ -1,18 +1,15 @@ -name: Build and Deploy Hugo Site +name: Deploy Hugo Site on: push: branches: - main - pull_request: permissions: contents: write - pages: write - id-token: write jobs: - build-and-deploy: + deploy: runs-on: ubuntu-latest env: HUGO_VERSION: 0.155.1 @@ -21,27 +18,27 @@ jobs: run: | wget -O ${{ runner.temp }}/hugo.deb https://github.com/gohugoio/hugo/releases/download/v${HUGO_VERSION}/hugo_extended_${HUGO_VERSION}_linux-amd64.deb \ && sudo dpkg -i ${{ runner.temp }}/hugo.deb - + - name: Checkout uses: actions/checkout@v4 with: submodules: recursive fetch-depth: 0 - + - name: Setup Node.js uses: actions/setup-node@v4 with: node-version: '18' - + - name: Install Node dependencies run: | if [ -f package.json ]; then npm install fi - + - name: Create data directory run: mkdir -p data - + - name: Update community stats run: | if [ -f .github/scripts/fetch-discourse-activity.js ]; then @@ -116,49 +113,42 @@ jobs: } EOF fi - + - name: Verify community stats file exists run: | if [ -f data/community_stats.json ]; then - echo "✅ Community stats file created successfully" - echo "File contents:" + echo "Community stats file created successfully" cat data/community_stats.json else - echo "❌ Community stats file not found" + echo "Community stats file not found" exit 1 fi - + - name: Build with Hugo env: HUGO_ENVIRONMENT: production HUGO_ENV: production run: | - # Clean docs directory rm -rf docs - - # Build Hugo site to docs directory hugo \ --gc \ --minify \ - --destination docs \ - + --destination docs + - name: Add .nojekyll file run: touch docs/.nojekyll - + - name: Commit and push to main run: | git config --local user.email "action@github.com" git config --local user.name "GitHub Action" - - # Add files that exist + git add docs/ || echo "No docs directory to add" - - # Only add data files if they exist + if [ -f data/community_stats.json ]; then git add data/community_stats.json fi - - # Only commit if there are changes + if ! git diff --staged --quiet; then git commit -m "Deploy Hugo site to docs/ [skip ci]" git push