@networkpro/blog 1.5.7 → 1.5.9

package/.github/workflows/publish.yml

@@ -7,10 +7,9 @@
 name: Publish to Registries
 
 on:
-  workflow_run:
-    workflows: ['Build Site and Deploy to GH Pages']
-    types:
-      - completed
+  release:
+    types: [created]
+  workflow_dispatch:
 
 permissions:
   actions: read
@@ -25,8 +24,11 @@ concurrency:
 # cspell:ignore userconfig
 
 jobs:
+  check-codeql:
+    uses: ./.github/workflows/check-codeql.yml
+
   build:
-    if: ${{ github.event.workflow_run.conclusion == 'success' }}
+    needs: check-codeql
     runs-on: ubuntu-24.04
     env:
       ENV_MODE: ci

package/.markdownlint.mjs

@@ -16,6 +16,7 @@ export default {
   customRules: [noSmartQuotes],
 
   // Rule exceptions
+  MD060: false, // Pointless style enforcement — doesn't affect render output
   MD041: false, // First line in file should be a top-level header
   MD033: false, // Allow inline HTML
   MD013: false, // Ignore line length

package/CHANGELOG.md

@@ -16,6 +16,38 @@ formatting may vary.
 
 ---
 
+## [1.5.9] - 2025-11-18
+
+### Added
+
+- `netlify.toml` file to configure Netlify build variables and enforce CSP and
+  headers.
+
+### Changed
+
+- Refactored `.github/workflows/publish.yml` to check CodeQL results and then
+  proceed with publishing to npmjs and GPR.
+- Bumped project version to `v1.5.9`.
+
+### Removed
+
+- Removed GitHub CI workflow at `.github/workflows/build-and-deploy.yml`, as
+  builds will now be processed automatically by Netlify.
+
+---
+
+## [1.5.8] - 2025-11-16
+
+### Changed
+
+- Updated `.markdownlint.mjs` to ignore rule `MD060`, which is unnecessarily
+  strict and doesn't affect render output.
+- Bumped project version to `v1.5.8`.
+- Updated dependencies:
+  - `markdownlint-cli2` `^0.18.1` → `^0.19.0`
+
+---
+
 ## [1.5.7] - 2025-11-12
 
 ### Added
@@ -484,7 +516,9 @@ formatting may vary.
 
 <!-- Link references -->
 
-[Unreleased]: https://github.com/netwk-pro/blog/compare/v1.5.7...HEAD
+[Unreleased]: https://github.com/netwk-pro/blog/compare/v1.5.9...HEAD
+[1.5.9]: https://github.com/netwk-pro/blog/releases/tag/v1.5.9
+[1.5.8]: https://github.com/netwk-pro/blog/releases/tag/v1.5.8
 [1.5.7]: https://github.com/netwk-pro/blog/releases/tag/v1.5.7
 [1.5.6]: https://github.com/netwk-pro/blog/releases/tag/v1.5.6
 [1.5.5]: https://github.com/netwk-pro/blog/releases/tag/v1.5.5

package/cspell.json

@@ -14,6 +14,7 @@
     "FOSS",
     "gatekeeping",
     "Gboard",
+    "geolocation",
     "Heli",
     "heliboard",
     "homescreen",
@@ -26,10 +27,12 @@
     "NETPRO",
     "netwk",
     "networkpro",
+    "nosniff",
     "npmjs",
     "NWPRO",
     "otphelper",
     "pozil",
+    "publickey",
     "robotstxt",
     "sideloading",
     "sonicwall",

package/netlify.toml

@@ -0,0 +1,37 @@
+[build]
+  command = "mkdocs build --clean --site-dir build"
+  publish = "build"
+
+[[headers]]
+  for = "/*"
+  [headers.values]
+    Content-Security-Policy = """
+      default-src 'self';
+      script-src 'self' 'unsafe-inline';
+      style-src 'self' 'unsafe-inline';
+      img-src 'self' data:;
+      connect-src 'self' https://api.github.com;
+      font-src 'self' data: https://fonts.gstatic.com;
+      form-action 'self';
+      base-uri 'self';
+      object-src 'none';
+      frame-ancestors 'none';
+      upgrade-insecure-requests;
+      report-uri https://csp.netwk.pro/.netlify/functions/csp-report;
+      report-to csp-endpoint;
+    """
+    Report-To = """
+      {
+        "group": "csp-endpoint",
+        "max_age": 10886400,
+        "endpoints": [
+          { "url": "https://csp.netwk.pro/.netlify/functions/csp-report" }
+        ],
+        "include_subdomains": true
+      }
+    """
+    Permissions-Policy = "fullscreen=(self), sync-xhr=(), camera=(), microphone=(), geolocation=(), clipboard-read=(), clipboard-write=(), payment=(), usb=(), hid=(), gamepad=(), serial=(), publickey-credentials-get=(), browsing-topics=()"
+    X-Content-Type-Options = "nosniff"
+    Referrer-Policy = "strict-origin-when-cross-origin"
+    X-Frame-Options = "DENY"
+    Strict-Transport-Security = "max-age=31536000; includeSubDomains"

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@networkpro/blog",
-  "version": "1.5.7",
+  "version": "1.5.9",
   "description": "The official blog of Network Pro Strategies (Network Pro™).",
   "keywords": [
     "advisory",
@@ -59,7 +59,7 @@
     "eslint-config-prettier": "^10.1.8",
     "globals": "^16.5.0",
     "markdownlint": "^0.39.0",
-    "markdownlint-cli2": "^0.18.1",
+    "markdownlint-cli2": "^0.19.0",
     "npm-run-all": "^4.1.5",
     "postcss": "^8.5.6",
     "prettier": "3.6.2",

package/.github/workflows/build-and-deploy.yml

@@ -1,94 +0,0 @@
-# .github/workflows/build-and-deploy.yml
-#
-# Copyright © 2025 Network Pro Strategies (Network Pro™)
-# SPDX-License-Identifier: CC-BY-4.0 OR GPL-3.0-or-later
-# This file is part of Network Pro
-
-name: Build Site and Deploy to GH Pages
-
-on:
-  release:
-    types: [created]
-  workflow_dispatch:
-
-# Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages
-permissions:
-  actions: read
-  contents: read
-  pages: write
-  id-token: write
-
-# Allow one concurrent deployment
-concurrency:
-  group: 'pages'
-  cancel-in-progress: true
-
-jobs:
-  check-codeql:
-    uses: ./.github/workflows/check-codeql.yml
-
-  build:
-    needs: check-codeql
-    runs-on: ubuntu-24.04
-    env:
-      ENV_MODE: ci
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v5
-        with:
-          fetch-depth: 0
-
-      - name: Set up Node.js
-        uses: actions/setup-node@v6
-        with:
-          node-version: 24
-          cache: npm
-          cache-dependency-path: package-lock.json
-
-      - name: Upgrade npm
-        run: |
-          corepack enable
-          npm install -g npm@11.6.2
-
-      - name: Set up Pages
-        uses: actions/configure-pages@v5
-
-      - name: Install Node.js dependencies
-        run: npm ci
-
-      # Begin Material for MkDocs setup
-      - name: Set up Python
-        uses: actions/setup-python@v6
-        with:
-          python-version-file: '.python-version'
-          cache: 'pip'
-
-      - name: Install Python dependencies
-        run: pip install -r requirements.txt
-
-      # Strict mode disabled for mkdocs-material
-      - name: Build MkDocs documentation
-        run: mkdocs build
-
-      - name: Copy package.json to build directory
-        run: cp package.json build/
-
-      - name: Upload artifact
-        uses: actions/upload-pages-artifact@v4
-        with:
-          path: ./build
-
-  deploy:
-    needs: [check-codeql, build]
-    environment:
-      name: github-pages
-      url: ${{ steps.deployment.outputs.page_url }}
-    runs-on: ubuntu-24.04
-    env:
-      ENV_MODE: ci
-
-    steps:
-      - name: Deploy to GitHub Pages
-        id: deployment
-        uses: actions/deploy-pages@v4