pidgin/nest

ade72caa087d
Add extra way to report security vulnerability

- Add an extra way of reporting a security vulnerability in the project. This
is done by creating a new issue in our issue tracker and ensuring that the
visibility of it is set so that only Pidgin Developers can view it.
- Fix a simple mistake in markdown link syntax in the contributing page which
links back to the Security page.
- Change hardcoded link to list of advisories to a Hugo ref link (if we ever
change the location of the advisories page this will make Hugo throw an error
since it won't be able to find the page, otherwise the link would just end up
being broken without us necessarily knowing about it.

Testing Done:
Ran `dev-server.sh` and verified content looks as intended.

Reviewed at https://reviews.imfreedom.org/r/806/
#####################################################################
# setup up our node environment
#####################################################################
FROM node:14-buster-slim as node-update-date
WORKDIR /nest/
COPY package-lock.json package.json ./
RUN apt-get update && \
apt-get install -y mercurial && \
apt-get clean && \
npm ci --production && \
npm cache clean --force
COPY .hg /nest/.hg
COPY hugo /nest/hugo
COPY tools /nest/tools
RUN node tools/update-lastmod.js
#####################################################################
# run the hugo build
#####################################################################
FROM debian:bullseye as hugo-build
RUN set -ex && \
apt-get update && \
apt-get install -y hugo && \
apt-get clean && \
rm -rf /var/lib/apt/lists
ARG BUILD_NAME
ARG BUILD_DATE
ARG COMMIT
COPY --from=node-update-date /nest/hugo /nest/hugo
RUN hugo -s /nest/hugo -d /nest/public && \
cp /nest/public/post/index.xml /nest/public/rss.xml
#####################################################################
# setup up our node environment
#####################################################################
FROM node:14-buster-slim as node-build
WORKDIR /nest/
COPY package-lock.json package.json ./
RUN npm ci --production && \
npm cache clean --force
COPY tools ./tools
COPY --from=hugo-build /nest/public public
RUN node tools/pre-prod.js
#####################################################################
# finally package everything up with rwgrim/goserve
#####################################################################
FROM rwgrim/goserve
ENV GOSERVE_404_PAGE="/html/404.html"
COPY --from=node-build /nest/public /html/
EXPOSE 3000/tcp