ci(deploy): copy public/.htaccess into dist after build
All checks were successful
ci / build-test (push) Successful in 3m47s
All checks were successful
ci / build-test (push) Successful in 3m47s
Astro/Vite drops dotfiles from public/ during build, so .htaccess
never makes it into dist/. The deployed Apache origin then has no
header rules to apply, leaving the site without HSTS, X-Frame-Options,
Referrer-Policy, etc. — caught today by the post-deploy smoke test
("HSTS missing").
Copy the file explicitly after build. test -f makes the step fail
loudly if public/.htaccess goes missing, rather than silently
shipping a header-less site.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
hsiegeln
@@ -53,6 +53,15 @@ jobs:
|
||||
- name: Build site
|
||||
run: npm run build
|
||||
|
||||
# Astro/Vite does not copy dotfiles from public/ into dist/, so .htaccess
|
||||
# never reaches the deployed origin and Apache never sees the security
|
||||
# headers it sets. Copy it explicitly. Fail if the source is missing
|
||||
# rather than silently shipping a header-less site.
|
||||
- name: Copy .htaccess into dist
|
||||
run: |
|
||||
test -f public/.htaccess
|
||||
cp public/.htaccess dist/.htaccess
|
||||
|
||||
- name: Guard — no TODO markers may ship in built HTML
|
||||
run: |
|
||||
if grep -rlE '(TODO|TBD):' dist 2>/dev/null | grep -E '\.(html|svg)$'; then
|
||||
|
||||
Reference in New Issue
Block a user