ci(deploy): copy public/.htaccess into dist after build
All checks were successful
ci / build-test (push) Successful in 3m47s
All checks were successful
ci / build-test (push) Successful in 3m47s
Astro/Vite drops dotfiles from public/ during build, so .htaccess
never makes it into dist/. The deployed Apache origin then has no
header rules to apply, leaving the site without HSTS, X-Frame-Options,
Referrer-Policy, etc. — caught today by the post-deploy smoke test
("HSTS missing").
Copy the file explicitly after build. test -f makes the step fail
loudly if public/.htaccess goes missing, rather than silently
shipping a header-less site.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
hsiegeln
@@ -53,6 +53,15 @@ jobs:
|
|||||||
- name: Build site
|
- name: Build site
|
||||||
run: npm run build
|
run: npm run build
|
||||||
|
|
||||||
|
# Astro/Vite does not copy dotfiles from public/ into dist/, so .htaccess
|
||||||
|
# never reaches the deployed origin and Apache never sees the security
|
||||||
|
# headers it sets. Copy it explicitly. Fail if the source is missing
|
||||||
|
# rather than silently shipping a header-less site.
|
||||||
|
- name: Copy .htaccess into dist
|
||||||
|
run: |
|
||||||
|
test -f public/.htaccess
|
||||||
|
cp public/.htaccess dist/.htaccess
|
||||||
|
|
||||||
- name: Guard — no TODO markers may ship in built HTML
|
- name: Guard — no TODO markers may ship in built HTML
|
||||||
run: |
|
run: |
|
||||||
if grep -rlE '(TODO|TBD):' dist 2>/dev/null | grep -E '\.(html|svg)$'; then
|
if grep -rlE '(TODO|TBD):' dist 2>/dev/null | grep -E '\.(html|svg)$'; then
|
||||||
|
|||||||
Reference in New Issue
Block a user