Merge branch 'release/0.9.0'

.circleci/config.yml

@@ -12,6 +12,35 @@
 # - https://circleci.com/docs/2.0/circleci-images
 # - https://circleci.com/docs/2.0/contexts
 
+# This build configuration uses sensitive/secret data through `git-crypt` via specific Circle CI project environment
+# variables. They must be set before running the workflows/jobs in order to work properly.
+#
+# NOTE: The GPG private/secret key and the associated password are encoded with base64 using the `-w`/`--wrap` option
+# that excludes line breaks in the resulting encoded value. This is necessary to prevent problems with the Circle CI
+# web app UI that doesn't handle line breaks correctly which would result in invalid Bash environment variable values.
+#
+# > $NORD_DOCS_GPG_CICD_KEY
+# Stores the GPG private/secret key in exported ASCII format encoded with base64:
+# `gpg --export-secret-keys --armor <KEY_ID> | base64 -w 0`
+#
+# > $NORD_DOCS_GPG_CICD_KEY_PASSWORD
+# Stores the GPG private/secret key password encoded with base64:
+# `base64 -w 0`
+#
+# > $NORD_DOCS_GPG_CICD_KEY_GRIP
+# Stores the GPG private/secret "keygrip" (cacheid) which is a 40 character value of hexadecimal characters identifying the key. It can be received by passing the `--with-keygrip` when listing the GPG private/secret keys:
+# `gpg --list-secret-keys --with-keygrip`
+#
+# > $NORD_DOCS_GPG_CICD_KEY_FINGERPRINT
+# Stores the GPG key fingerprint that is required in batch mode when deleting the key from the key ring again in the
+# post-process job.
+#  It can be received when listing the GPG keys:
+# `gpg --list-keys`
+#
+# See the following references and documentations of used GPG tools for more details:
+# - man gpg-preset-passphrase(1)
+# - https://www.gnupg.org/documentation/manuals/gnupg/gpg_002dpreset_002dpassphrase.html
+
 version: 2.1
 
 commands:
@@ -21,9 +50,48 @@ commands:
       - run:
           name: Build production bundle
           command: npm run build:gatsby
+  decrypt-sensitive-data:
+    description: "Decrypt senstive data through git-crypt"
+    steps:
+      - run:
+          name: Import base64 encoded GPG secret key
+          command: echo "$NORD_DOCS_GPG_CICD_KEY" | base64 --decode | gpg --batch --import
+      - run:
+          name: Configure GPG agent to allow preset passphrases
+          command: gpgconf --kill gpg-agent && gpg-agent --daemon --allow-preset-passphrase --max-cache-ttl 86400
+      - run:
+          name: Import preset passphrase for GPG keygrip (cacheid)
+          command: |
+            /usr/lib/gnupg2/gpg-preset-passphrase --preset --passphrase "$(echo "$NORD_DOCS_GPG_CICD_KEY_PASSWORD" | base64 --decode)" "$NORD_DOCS_GPG_CICD_KEY_GRIP"
+      - run:
+          name: Unlock encrypted repository files
+          command: git-crypt unlock
+  delete-encryption-keys:
+    description: "Delete the GPG secret and public key from the key ring used to decrypt senstive data"
+    steps:
+      - run:
+          name: Delete GPG secret and public key from keyring
+          command: gpg --batch --delete-secret-and-public-keys --yes "$NORD_DOCS_GPG_CICD_KEY_FINGERPRINT"
+  encrypt-sensitive-data:
+    description: "Encrypt senstive data through git-crypt"
+    steps:
+      - run:
+          name: Lock decrypted repository files
+          command: git-crypt lock
+  install-build-dependencies:
+    description: "Install build dependencies"
+    steps:
+      - run:
+          name: Update package lists
+          command: apt-get update
+      - run:
+          name: Install git-crypt and GPG
+          command: apt-get install -y git-crypt gnupg2
   post-process:
     description: "Post-process the build"
     steps:
+      - encrypt-sensitive-data
+      - delete-encryption-keys
       - save-npm-cache
       - store_artifacts:
           path: ./build/reports
@@ -40,6 +108,8 @@ commands:
     description: "Pre-process the build"
     steps:
       - checkout
+      - install-build-dependencies
+      - decrypt-sensitive-data
       - print-env-info
       - restore-npm-cache
       - run:

.eslintrc.js

@@ -25,7 +25,7 @@ const {
 
 module.exports = {
   extends: "arcticicestudio",
-  plugins: ["babel", "prettier"],
+  plugins: ["babel", "prettier", "react-hooks"],
   parser: "babel-eslint",
   env: {
     browser: true,
@@ -44,8 +44,17 @@ module.exports = {
     }
   },
   rules: {
+    /* Prioritize format errors found by Prettier. */
     "prettier/prettier": "error",
+
+    /* Support for React Hooks. */
+    "react-hooks/rules-of-hooks": "error",
+    "react/jsx-no-bind": "off",
+
+    /* Disable noisy and low priority rules. */
     "no-confusing-arrow": "off",
+    "react/display-name": "off",
+
     /* Also suppress errors when importing development dependencies in project specific scripts. */
     "import/no-extraneous-dependencies": [
       "error",

.gatsby/onCreateWebpackConfig.js

@@ -86,6 +86,7 @@ const onCreateWebpackConfig = ({ actions, stage }) => {
         config: r("../src/config/"),
         containers: r("../src/components/containers/"),
         data: r("../src/data/"),
+        hooks: r("../src/hooks/"),
         layouts: r("../src/components/layouts/"),
         molecules: r("../src/components/molecules/"),
         organisms: r("../src/components/organisms/"),

.gatsby/plugins/google/gtag.js

@@ -15,11 +15,9 @@
  * @since 0.4.0
  */
 
-const { GOOGLE_UNIVERSAL_ANALYTICS_TRACKING_ID } = require("../../../src/config/internal/constants");
-
 module.exports = {
   /* The tracking IDs for all used "Google Marketing" products. */
-  trackingIds: [GOOGLE_UNIVERSAL_ANALYTICS_TRACKING_ID],
+  trackingIds: [`${process.env.NORD_DOCS_GOOGLE_UNIVERSAL_ANALYTICS_TRACKING_ID}`],
   /* The configuration that gets passed to the `gtag.js`'s `config` command. */
   /* eslint-disable-next-line babel/camelcase */
   gtagConfig: { anonymize_ip: true },

.gatsby/plugins/source-graphql.js

@@ -0,0 +1,28 @@
+/*
+ * Copyright (C) 2018-present Arctic Ice Studio <[email protected]>
+ * Copyright (C) 2018-present Sven Greb <[email protected]>
+ *
+ * Project:    Nord Docs
+ * Repository: https://github.com/arcticicestudio/nord-docs
+ * License:    MIT
+ */
+
+/**
+ * @file The configuration for the Gatsby plugin `gatsby-source-graphql` using the read-only token to fetch public data
+ * from the GitHub GraphQL API
+ *
+ * @author Arctic Ice Studio <[email protected]>
+ * @author Sven Greb <[email protected]>
+ * @since 0.9.0
+ * @see https://developer.github.com/v4
+ * @see https://github.com/gatsbyjs/gatsby/tree/master/packages/gatsby-source-graphql
+ */
+
+module.exports = {
+  typeName: "GitHub",
+  fieldName: "github",
+  url: "https://api.github.com/graphql",
+  headers: {
+    Authorization: `bearer ${process.env.NORD_DOCS_GITHUB_API_TOKEN_READONLY_PUBLIC}`
+  }
+};

.git-crypt/.gitattributes

@@ -0,0 +1,4 @@
+# Do not edit this file.  To specify the files to encrypt, create your own
+# .gitattributes file in the directory where your files are.
+* !filter !diff
+*.gpg binary

.gitattributes

@@ -4,6 +4,12 @@
 # Project:    Nord Docs
 # Repository: https://github.com/arcticicestudio/nord-docs
 # License:    MIT
+# References:
+#   https://git-scm.com/docs/gitattributes
+#   https://git-scm.com/book/en/v2/Customizing-Git-Git-Attributes#Keyword-Expansion
+#   https://github.com/AGWA/git-crypt
+#   https://www.gnupg.org
+#   https://wiki.archlinux.org/index.php/GnuPG
 
 # Automatically perform line feed (LF) normalization for files detected as text and leave all files detected as binary
 # untouched.
@@ -14,3 +20,11 @@
 # +--------+
 *.ai binary
 *.png binary
+
+# +------------+
+# + Encryption +
+# +------------+
+.gatsby/.env.development filter=git-crypt diff=git-crypt
+.gatsby/.env.production filter=git-crypt diff=git-crypt
+.gitattributes !filter !diff
+.gitignore !filter !diff