Fix netlify deployment (DeFiCh#747)

Author: benzumbrunn

.github/workflows/deploy-gh-pages.yml

@@ -0,0 +1,89 @@
+name: Deploy Next.js site to Pages
+
+on:
+  # Runs on pushes targeting the default branch
+  push:
+    branches: ["main"]
+
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+# Sets permissions of the GITHUB_TOKEN to allow deployment to GitHub Pages
+permissions:
+  contents: read
+  pages: write
+  id-token: write
+
+# Allow only one concurrent deployment, skipping runs queued between the run in-progress and latest queued.
+# However, do NOT cancel in-progress runs as we want to allow these production deployments to complete.
+concurrency:
+  group: "pages"
+  cancel-in-progress: false
+
+jobs:
+  # Build job
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Detect package manager
+        id: detect-package-manager
+        run: |
+          if [ -f "${{ github.workspace }}/yarn.lock" ]; then
+            echo "manager=yarn" >> $GITHUB_OUTPUT
+            echo "command=install" >> $GITHUB_OUTPUT
+            echo "runner=yarn" >> $GITHUB_OUTPUT
+            exit 0
+          elif [ -f "${{ github.workspace }}/package.json" ]; then
+            echo "manager=pnpm" >> $GITHUB_OUTPUT
+            echo "command=ci" >> $GITHUB_OUTPUT
+            echo "runner=npx --no-install" >> $GITHUB_OUTPUT
+            exit 0
+          else
+            echo "Unable to determine package manager"
+            exit 1
+          fi
+      - name: Setup Node
+        uses: actions/setup-node@v4
+        with:
+          node-version: "20"
+          cache: ${{ steps.detect-package-manager.outputs.manager }}
+      - name: Setup Pages
+        uses: actions/configure-pages@v5
+        with:
+          # Automatically inject basePath in your Next.js configuration file and disable
+          # server side image optimization (https://nextjs.org/docs/api-reference/next/image#unoptimized).
+          #
+          # You may remove this line if you want to manage the configuration yourself.
+          static_site_generator: next
+      - name: Restore cache
+        uses: actions/cache@v4
+        with:
+          path: |
+            .next/cache
+          # Generate a new cache whenever packages or source files change.
+          key: ${{ runner.os }}-nextjs-${{ hashFiles('**/pnpm-lock.json', '**/yarn.lock') }}-${{ hashFiles('**.[jt]s', '**.[jt]sx') }}
+          # If source files changed but packages didn't, rebuild from a prior cache.
+          restore-keys: |
+            ${{ runner.os }}-nextjs-${{ hashFiles('**/package-lock.json', '**/yarn.lock') }}-
+      - name: Install dependencies
+        run: ${{ steps.detect-package-manager.outputs.manager }} ${{ steps.detect-package-manager.outputs.command }}
+      - name: Build with Next.js
+        run: ${{ steps.detect-package-manager.outputs.runner }} next build
+      - name: Upload artifact
+        uses: actions/upload-pages-artifact@v3
+        with:
+          path: ./out
+
+  # Deployment job
+  deploy:
+    environment:
+      name: github-pages
+      url: ${{ steps.deployment.outputs.page_url }}
+    runs-on: ubuntu-latest
+    needs: build
+    steps:
+      - name: Deploy to GitHub Pages
+        id: deployment
+        uses: actions/deploy-pages@v4

.github/workflows/nextjs.yml

@@ -2,10 +2,49 @@
   command = "pnpm run build"
   publish = ".next"
 
+[[plugins]]
+  package = "@netlify/plugin-lighthouse"
+
 [[plugins]]
   package = "@netlify/plugin-nextjs"
 
 [[headers]]
   for = "/keys/security@defichain.com.public.key"
   [headers.values]
     Content-Type = "text/plain"
+
+[[redirects]]
+  from = "http://defichain.com/*"
+  to = "https://defichain.com/:splat"
+  status = 301
+  force = true
+
+[[redirects]]
+  from = "http://zhs.defichain.com/*"
+  to = "https://defichain.com/zh-Hans/:splat"
+  status = 301
+  force = true
+
+[[redirects]]
+  from = "https://zhs.defichain.com/*"
+  to = "https://defichain.com/zh-Hans/:splat"
+  status = 301
+  force = true
+
+[[redirects]]
+  from = "http://zht.defichain.com/*"
+  to = "https://defichain.com/zh-Hant/:splat"
+  status = 301
+  force = true
+
+[[redirects]]
+  from = "https://zht.defichain.com/*"
+  to = "https://defichain.com/zh-Hant/:splat"
+  status = 301
+  force = true
+  
+[[redirects]]
+  from = "https://defichain.com/dfi-token"
+  to = "https://defichain.com/dfi"
+  status = 301
+  force = true

netlify.toml

@@ -1,13 +1,86 @@
+const securityHeaders = [
+  {
+    key: "Content-Security-Policy",
+    value:
+      `default-src 'none';` +
+      `base-uri 'none';` +
+      `child-src 'self' app.netlify.com;` +
+      `form-action 'none';` +
+      `frame-ancestors 'none';` +
+      `img-src 'self' images.prismic.io assets.coingecko.com s2.coinmarketcap.com *.cloudfront.net data:;` +
+      `media-src 'self';` +
+      `object-src 'none';` +
+      `script-src 'self' ajax.googleapis.com widgets.coingecko.com files.coinmarketcap.com 3rdparty-apis.coinmarketcap.com app.netlify.com netlify-cdp-loader.netlify.app *.googletagmanager.com ${
+        process.env.NODE_ENV === "development" ? `'unsafe-eval'` : ""
+      } https://connect.facebook.net;` +
+      `script-src-elem 'self' ajax.googleapis.com widgets.coingecko.com files.coinmarketcap.com 3rdparty-apis.coinmarketcap.com *.googletagmanager.com;` +
+      `style-src 'self' fonts.googleapis.com 'unsafe-inline' files.coinmarketcap.com 'unsafe-inline';` +
+      `font-src 'self' fonts.gstatic.com;` +
+      `connect-src 'self' api.coingecko.com 3rdparty-apis.coinmarketcap.com wss://cable.coingecko.com ocean.defichain.com api.github.com *.google-analytics.com;`,
+  },
+  {
+    key: "Referrer-Policy",
+    value: "same-origin",
+  },
+  {
+    key: "X-Content-Type-Options",
+    value: "nosniff",
+  },
+  {
+    key: "X-Frame-Options",
+    value: "DENY",
+  },
+  {
+    key: "X-XSS-Protection",
+    value: "1; mode=block",
+  },
+  {
+    key: "Strict-Transport-Security",
+    value: "max-age=63072000; includeSubDomains; preload",
+  },
+];
+
 module.exports = {
-  output: "export",
   experimental: {
     forceSwcTransforms: true,
   },
   reactStrictMode: true,
   swcMinify: true,
   pageExtensions: ["page.tsx", "page.ts"],
+  async headers() {
+    return [
+      {
+        source: "/(.*)",
+        headers: securityHeaders,
+      },
+    ];
+  },
   images: {
     domains: ["images.prismic.io"],
     unoptimized: true,
   },
+  async redirects() {
+    return [
+      {
+        source: "/learn/:path*",
+        destination: "/404",
+        permanent: false,
+      },
+      {
+        source: "/media",
+        destination: "/404",
+        permanent: false,
+      },
+      {
+        source: "/bug-bounty",
+        destination: "/404",
+        permanent: false,
+      },
+      {
+        source: "/security",
+        destination: "/404",
+        permanent: false,
+      },
+    ];
+  },
 };

next.config.js

@@ -20,9 +20,6 @@
     "@prismicio/react": "^2.7.3",
     "@waveshq/standard-defichain-jellyfishsdk": "^3.0.1",
     "@waveshq/standard-web": "^3.0.1",
-    "next": "13.5.8",
-    "react": "18.2.0",
-    "react-dom": "18.2.0",
     "bignumber.js": "^9.1.2",
     "classnames": "^2.3.2",
     "gray-matter": "^4.0.3",
@@ -41,6 +38,8 @@
   },
   "devDependencies": {
     "@cypress/code-coverage": "^3.12.9",
+    "@netlify/plugin-lighthouse": "^5.0.0",
+    "@netlify/plugin-nextjs": "^4.41.1",
     "@tailwindcss/typography": "^0.5.10",
     "@testing-library/cypress": "^9.0.0",
     "@types/lodash": "^4.14.201",