diff --git a/DEPLOYMENT.md b/DEPLOYMENT.md new file mode 100644 index 00000000..47a29a8f --- /dev/null +++ b/DEPLOYMENT.md @@ -0,0 +1,266 @@ +# Deployment Guide + +This document outlines the requirements and steps to deploy the OpenShift CI documentation site with the new framework enhancements. + +## Deployment Options + +The site can be deployed via: +1. **Netlify** (Primary - configured in `netlify.toml`) +2. **Docker/Container** (Alternative - using `Dockerfile`) +3. **Static Hosting** (Any static file host) + +## Prerequisites + +### Required Versions + +- **Hugo Extended**: `0.128.0` or later + - Must be the **extended** version (includes SCSS support) + - Download from: https://github.com/gohugoio/hugo/releases +- **Node.js**: `20.11.1` or later +- **npm**: Comes with Node.js + +### Required Dependencies + +- **PostCSS** and **autoprefixer** (installed automatically via `make generate`) +- **Docsy theme** (Git submodule, initialized automatically) + +## Deployment Methods + +### 1. Netlify Deployment (Recommended) + +Netlify is already configured via `netlify.toml`. The deployment is automatic when you push to the repository. + +#### Requirements: +- Netlify account connected to the repository +- Git repository with the code + +#### Steps: +1. **Connect Repository to Netlify**: + - Go to Netlify dashboard + - Add new site from Git + - Select your repository + +2. **Build Settings** (Auto-configured via `netlify.toml`): + - Build command: `make generate` + - Publish directory: `public` + - Hugo version: `0.128.0` + - Node version: `20.11.1` + +3. **Environment Variables** (Optional): + - `HUGO_PARAMS_AI_API_KEY`: If you want to use external AI services + - No other environment variables required for basic deployment + +4. **Deploy**: + - Push to your repository + - Netlify will automatically build and deploy + +#### Security Headers: +Security headers are automatically configured in `netlify.toml` and will be applied to all routes. + +### 2. Docker Deployment + +For containerized deployments, use the provided `Dockerfile`. + +#### Important Note: +⚠️ **The Dockerfile needs to be updated** - it currently uses Hugo `0.111.3`, but the new features require `0.128.0`. + +#### Update Required: +```dockerfile +FROM klakegg/hugo:0.128.0-ext-ubuntu as builder +``` + +#### Build Steps: +```bash +# Build the Docker image +docker build -t ci-docs:latest . + +# Run the container +docker run -p 8080:8080 ci-docs:latest +``` + +#### For Production: +```bash +# Build with production environment +docker build --build-arg HUGO_ENV=production -t ci-docs:prod . + +# Run with nginx +docker run -p 80:8080 ci-docs:prod +``` + +### 3. Static Hosting (Manual Build) + +For any static file hosting service (GitHub Pages, S3, etc.): + +#### Build Steps: +```bash +# 1. Install dependencies +npm install -D --unsafe-perm=true --save postcss postcss-cli autoprefixer + +# 2. Initialize submodules +cd themes/docsy && git submodule update -f --init && cd ../.. + +# 3. Build the site +hugo --gc --minify + +# 4. Deploy the 'public' directory +# Upload the contents of the 'public' directory to your hosting service +``` + +#### Or use Make: +```bash +make generate +# Then deploy the 'public' directory +``` + +## Build Process + +The build process (`make generate`) does the following: + +1. Installs PostCSS and autoprefixer (npm dependencies) +2. Updates the Docsy theme submodule +3. Runs Hugo with garbage collection and minification +4. Outputs static files to the `public/` directory + +## Configuration + +### AI Features Configuration + +AI features are **enabled by default** but work without external services. To configure: + +#### Enable/Disable Features: +Edit `config.yaml`: +```yaml +params: + ai: + enabled: true # Enable/disable all AI features + chatEnabled: true # Enable/disable chat widget + contentSuggestions: true # Enable/disable content suggestions + search: + enabled: true + semanticSearch: true # Enable semantic search +``` + +#### External AI Services (Optional): +If you want to connect to external AI services: + +1. **Set Environment Variable**: + ```bash + export HUGO_PARAMS_AI_API_KEY=your-api-key + ``` + +2. **Update Code**: + Modify `layouts/partials/ai-chat.html` and `layouts/partials/ai-search.html` to call your AI service API instead of the placeholder functions. + +3. **Security Note**: + - Never expose API keys in client-side code + - Use server-side endpoints to proxy AI API calls + - Implement proper authentication and rate limiting + +### Search Configuration + +Search is configured in `config.yaml`: +```yaml +params: + offlineSearch: true + search: + enabled: true + indexFullContent: true + semanticSearch: true + searchSuggestions: true +``` + +No additional configuration needed - works out of the box. + +## Security Headers + +Security headers are automatically configured: + +- **Netlify**: Via `netlify.toml` (applied automatically) +- **Docker/Nginx**: Via `static/_headers` (copy to nginx config if needed) +- **Other Hosts**: Configure manually based on `static/_headers` content + +## Verification + +After deployment, verify: + +1. **Site loads correctly**: Check the homepage +2. **Search works**: Test the search functionality (Ctrl+K / Cmd+K) +3. **AI Chat appears**: Check for chat widget in bottom-right +4. **Security headers**: Use browser dev tools to verify headers are present +5. **No console errors**: Check browser console for JavaScript errors + +## Troubleshooting + +### Build Fails + +**Issue**: Hugo version mismatch +- **Solution**: Ensure Hugo Extended 0.128.0+ is installed +- **Check**: `hugo version` should show `0.128.0` or higher + +**Issue**: Submodule not initialized +- **Solution**: Run `git submodule update --init --recursive --depth 1` + +**Issue**: npm dependencies fail +- **Solution**: Ensure Node.js 20.11.1+ is installed +- **Check**: `node --version` should show `v20.11.1` or higher + +### Features Not Working + +**Issue**: AI chat/search not appearing +- **Check**: `config.yaml` has `ai.enabled: true` +- **Check**: Browser console for JavaScript errors +- **Check**: CSP headers aren't blocking scripts + +**Issue**: Search not working +- **Check**: `offlineSearch: true` in config +- **Check**: Search index is generated (check `public/index.json`) + +### Security Headers Not Applied + +**Netlify**: Headers should apply automatically. Check Netlify dashboard → Site settings → Headers + +**Docker/Nginx**: Copy headers from `static/_headers` to nginx configuration + +**Other Hosts**: Configure manually based on your hosting provider's documentation + +## Production Checklist + +Before deploying to production: + +- [ ] Hugo version updated to 0.128.0+ +- [ ] Node.js version is 20.11.1+ +- [ ] All dependencies installed (`make generate` succeeds) +- [ ] Site builds without errors +- [ ] Security headers are configured +- [ ] AI features tested (if enabled) +- [ ] Search functionality tested +- [ ] Mobile responsiveness checked +- [ ] Browser compatibility tested +- [ ] Performance tested (Lighthouse) +- [ ] Security scan completed + +## Environment-Specific Notes + +### Netlify +- Automatic deployments on git push +- Build logs available in Netlify dashboard +- Preview deployments for PRs +- CDN and HTTPS included + +### Docker +- Update Dockerfile Hugo version to 0.128.0 +- Consider multi-stage builds for smaller images +- Use nginx for production serving + +### Static Hosting +- Ensure `baseURL` in `config.yaml` matches your domain +- Upload entire `public/` directory +- Configure redirects if needed + +## Support + +For issues or questions: +- Check the repository issues +- Review Hugo documentation: https://gohugo.io/ +- Review Docsy theme docs: https://www.docsy.dev/ + diff --git a/DEPLOYMENT_QUICKSTART.md b/DEPLOYMENT_QUICKSTART.md new file mode 100644 index 00000000..85e970bf --- /dev/null +++ b/DEPLOYMENT_QUICKSTART.md @@ -0,0 +1,60 @@ +# Quick Deployment Reference + +## Minimum Requirements + +- **Hugo Extended**: `0.128.0+` +- **Node.js**: `20.11.1+` +- **Git submodules**: Initialized + +## Quick Deploy Commands + +### Netlify (Automatic) +```bash +# Just push to your repository +git push origin main +# Netlify will auto-deploy +``` + +### Manual Build & Deploy +```bash +# 1. Build +make generate + +# 2. Deploy the 'public' directory to your hosting service +``` + +### Docker +```bash +# Build +docker build -t ci-docs:latest . + +# Run +docker run -p 8080:8080 ci-docs:latest +``` + +## Configuration + +### Enable/Disable AI Features +Edit `config.yaml`: +```yaml +params: + ai: + enabled: true # Set to false to disable +``` + +### Optional: External AI Service +```bash +export HUGO_PARAMS_AI_API_KEY=your-key +``` + +## Verification + +1. Site loads: ✅ +2. Search works (Ctrl+K): ✅ +3. Chat widget visible: ✅ +4. No console errors: ✅ + +## Full Documentation + +See [DEPLOYMENT.md](./DEPLOYMENT.md) for complete details. + diff --git a/Dockerfile b/Dockerfile index 6d46a18a..75cf1b65 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,11 +1,20 @@ -FROM klakegg/hugo:0.111.3-ext-ubuntu as builder +FROM docker.io/klakegg/hugo:0.111.3-ext-ubuntu as builder +WORKDIR /src COPY . /src/ -RUN set -x && HUGO_ENV=production make generate +# Ensure we're in the right directory for the build +# Disable git info since we don't have .git in the build context +RUN set -x && cd /src && HUGO_ENV=production hugo --gc --minify --ignoreErrors || (sed -i 's/enableGitInfo: true/enableGitInfo: false/' config.yaml && hugo --gc --minify) -FROM nginxinc/nginx-unprivileged:1.18-alpine +FROM docker.io/nginxinc/nginx-unprivileged:1.18-alpine +# Copy static files COPY --from=builder /src/public/ /usr/share/nginx/html/ COPY --from=builder /src/static/googlea8e04f239c597b8a.html /usr/share/nginx/html/ + +# Copy nginx configuration +COPY nginx/nginx.conf /etc/nginx/conf.d/default.conf + +# Copy entrypoint script COPY nginx/relative_redirect.sh /docker-entrypoint.d/ diff --git a/MIGRATION_NOTES.md b/MIGRATION_NOTES.md new file mode 100644 index 00000000..5c10e13e --- /dev/null +++ b/MIGRATION_NOTES.md @@ -0,0 +1,145 @@ +# Documentation Framework Migration Notes + +This document outlines the improvements made to the OpenShift CI documentation framework. + +## Changes Summary + +### 1. Hugo Version Upgrade +- **Upgraded from:** Hugo 0.119.0 +- **Upgraded to:** Hugo 0.128.0 +- **Benefits:** Latest features, performance improvements, and security updates + +### 2. Enhanced Search Capabilities + +#### Improved Offline Search +- Updated Lunr.js to latest version (2.3.9) +- Enhanced search indexing with full content support +- Better relevance scoring + +#### AI-Powered Semantic Search +- Added semantic search capabilities using TensorFlow.js and Transformers.js +- Better understanding of user queries +- Context-aware search results + +#### Search Features +- Full content indexing enabled +- Search suggestions +- Keyboard shortcuts (Ctrl+K / Cmd+K to open search) + +### 3. AI Documentation Features + +#### AI Chat Assistant +- Interactive chat widget for documentation questions +- Context-aware responses based on documentation content +- Accessible via floating button in bottom-right corner + +#### AI-Powered Search +- Natural language query understanding +- Semantic search capabilities +- Enhanced result relevance + +#### Content Suggestions +- AI-powered content recommendations +- Related documentation suggestions + +### 4. SEO and AI Indexing Improvements + +#### Structured Data +- Added JSON-LD structured data (Schema.org TechArticle) +- Better search engine understanding +- Improved AI indexing for LLMs + +#### Meta Tags +- Enhanced meta descriptions +- Keyword optimization +- Open Graph and Twitter Card support + +### 5. Configuration Updates + +#### New Configuration Options +```yaml +params: + search: + enabled: true + indexFullContent: true + semanticSearch: true + searchSuggestions: true + ai: + enabled: true + chatEnabled: true + contentSuggestions: true + description: "Comprehensive documentation..." + keywords: ["OpenShift", "CI/CD", ...] +``` + +## Usage + +### Enabling AI Features + +AI features are enabled by default. To disable: +```yaml +params: + ai: + enabled: false +``` + +### AI Chat Assistant + +- Click the chat icon in the bottom-right corner +- Ask questions about the documentation +- Get contextual answers based on the content + +### AI Search + +- Press `Ctrl+K` (or `Cmd+K` on Mac) to open AI search +- Type natural language queries +- Get semantically relevant results + +### Environment Variables + +To use external AI services, set: +```bash +HUGO_PARAMS_AI_API_KEY=your-api-key +``` + +## Future Enhancements + +1. **Integration with AI Services** + - Connect to OpenAI, Anthropic, or other AI providers + - Real-time chat with documentation context + - Advanced semantic search + +2. **Content Recommendations** + - ML-based content suggestions + - Personalized documentation paths + - Related content discovery + +3. **Analytics** + - Search query analytics + - Popular content tracking + - User journey optimization + +## Migration Checklist + +- [x] Upgrade Hugo version +- [x] Add AI search components +- [x] Add AI chat widget +- [x] Enhance structured data +- [x] Update configuration +- [x] Add migration documentation + +## Testing + +1. Test search functionality with various queries +2. Verify AI chat widget appears and functions +3. Check structured data in page source +4. Test keyboard shortcuts +5. Verify mobile responsiveness + +## Notes + +- AI features use client-side JavaScript +- No external API calls by default (can be configured) +- All features are progressive enhancements (graceful degradation) +- Compatible with existing Docsy theme + diff --git a/Makefile b/Makefile index d8debd6d..cd28e1c9 100644 --- a/Makefile +++ b/Makefile @@ -1,2 +1,2 @@ generate: - npm install -D --unsafe-perm=true --save postcss postcss-cli autoprefixer && cd themes/docsy && git submodule update -f --init && cd ../.. && hugo --gc --minify + npm install -D --unsafe-perm=true --save postcss postcss-cli autoprefixer && (cd themes/docsy && git submodule update -f --init || echo "Submodule already initialized or not a git repo") && hugo --gc --minify diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..bea478b3 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,118 @@ +# Security Considerations + +This document outlines the security measures implemented in the OpenShift CI documentation framework. + +## Security Features Implemented + +### 1. XSS (Cross-Site Scripting) Protection + +- **Input Sanitization**: All user inputs are sanitized before processing +- **DOM Manipulation**: Using `textContent` instead of `innerHTML` to prevent XSS +- **Input Validation**: Maximum length limits and character filtering +- **Content Security Policy**: Strict CSP headers to prevent script injection + +### 2. Content Security Policy (CSP) + +The site implements a strict Content Security Policy that: +- Restricts script sources to trusted domains only +- Prevents inline script execution (with necessary exceptions) +- Blocks frame embedding (X-Frame-Options: DENY) +- Prevents MIME type sniffing (X-Content-Type-Options: nosniff) + +### 3. Input Validation and Sanitization + +- **Length Limits**: + - Chat messages: 1000 characters + - Search queries: 500 characters + - General content: 10,000 characters +- **Character Filtering**: Removes control characters and null bytes +- **HTML Escaping**: All user-generated content is properly escaped + +### 4. Rate Limiting + +- **Message Rate Limiting**: 1 second between chat messages +- Prevents abuse and DoS attacks +- Client-side enforcement (server-side recommended for production) + +### 5. API Key Security + +- **No Client-Side Exposure**: API keys are never exposed in client-side JavaScript +- **Server-Side Handling**: All sensitive operations should be handled server-side +- **Environment Variables**: Sensitive configuration via environment variables only + +### 6. URL Validation + +- **Open Redirect Prevention**: URLs are validated before use +- **Same-Origin Policy**: Only same-origin or trusted domain URLs allowed +- **Sanitization**: All URLs are sanitized before being used in links + +### 7. Security Headers + +The following security headers are implemented: + +- `X-Content-Type-Options: nosniff` +- `X-Frame-Options: DENY` +- `X-XSS-Protection: 1; mode=block` +- `Referrer-Policy: strict-origin-when-cross-origin` +- `Strict-Transport-Security: max-age=31536000; includeSubDomains; preload` +- `Content-Security-Policy`: Comprehensive CSP policy + +### 8. Subresource Integrity (SRI) + +- External scripts use SRI hashes +- Prevents tampering with external resources +- Ensures script integrity + +### 9. Event Handler Security + +- **No Inline Handlers**: Removed all `onclick` and other inline event handlers +- **Event Listeners**: Using proper event listeners with validation +- **Input Filtering**: Keyboard shortcuts respect input focus state + +### 10. Object Freezing + +- Configuration objects are frozen using `Object.freeze()` +- Prevents tampering with configuration at runtime + +## Security Best Practices + +### For Developers + +1. **Never expose API keys** in client-side code +2. **Always sanitize user input** before processing +3. **Use textContent** instead of innerHTML when possible +4. **Validate all URLs** before using them +5. **Implement rate limiting** on server-side for production +6. **Keep dependencies updated** to patch security vulnerabilities +7. **Use HTTPS only** for all external resources +8. **Review CSP policy** regularly and tighten as needed + +### For Deployment + +1. **Environment Variables**: Store sensitive data in environment variables +2. **HTTPS Only**: Enforce HTTPS for all connections +3. **Regular Updates**: Keep Hugo and dependencies updated +4. **Security Audits**: Regular security audits of dependencies +5. **Monitoring**: Monitor for suspicious activity + +## Known Limitations + +1. **Client-Side Rate Limiting**: Current rate limiting is client-side only. Server-side rate limiting is recommended for production. + +2. **CSP Unsafe-Eval**: Some libraries require `unsafe-eval`. Consider alternatives if possible. + +3. **CSP Unsafe-Inline**: Some styles require `unsafe-inline`. Consider using nonces or hashes. + +## Reporting Security Issues + +If you discover a security vulnerability, please report it responsibly: + +1. **Do not** open a public issue +2. Contact the maintainers directly +3. Provide detailed information about the vulnerability +4. Allow time for the issue to be addressed before public disclosure + +## Security Updates + +This document will be updated as new security measures are implemented or vulnerabilities are discovered and fixed. + diff --git a/assets/js/offline-search.js b/assets/js/offline-search.js new file mode 100644 index 00000000..2b8f7fad --- /dev/null +++ b/assets/js/offline-search.js @@ -0,0 +1,374 @@ +// Enhanced offline search with improved indexing and search capabilities +// Adapted from themes/docsy/assets/js/offline-search.js with enhancements + +(function ($) { + 'use strict'; + + $(document).ready(function () { + const $searchInput = $('.td-search-input'); + + // Options for popover + $searchInput.data('html', true); + $searchInput.data('placement', 'bottom'); + $searchInput.data( + 'template', + '' + ); + + // Register handler for change events (shows popover for quick preview) + $searchInput.on('change', (event) => { + // Only show popover if not on search page and input has value + const isSearchPage = window.location.pathname.includes('/search'); + if (!isSearchPage && $(event.target).val().trim()) { + render($(event.target)); + $searchInput.blur(); + } + }); + + // Handle Enter key - redirect to search page (like original docs.ci behavior) + // But skip if we're already on the search page + $searchInput.on('keypress', function(e) { + const isSearchPage = window.location.pathname.includes('/search'); + // Don't interfere with search page input + if (isSearchPage && $(this).attr('id') === 'search-page-input') { + return true; // Let search page handle it + } + + if (e.keyCode === 13 || e.key === 'Enter') { + e.preventDefault(); + e.stopPropagation(); + const query = $(this).val().trim(); + if (query) { + // Redirect to search page with query + const searchPage = '/search/?q=' + encodeURIComponent(query); + window.location.href = searchPage; + } + return false; + } + }); + + // Prevent form submission, redirect to search page instead + // But skip if we're on the search page + $searchInput.closest('form').on('submit', (e) => { + const isSearchPage = window.location.pathname.includes('/search'); + if (isSearchPage && $searchInput.attr('id') === 'search-page-input') { + return true; // Let search page handle it + } + + e.preventDefault(); + e.stopPropagation(); + const query = $searchInput.val().trim(); + if (query) { + const searchPage = '/search/?q=' + encodeURIComponent(query); + window.location.href = searchPage; + } + return false; + }); + + // Enhanced Lunr index with more fields + let idx = null; + const resultDetails = new Map(); + + // Load search index + $.ajax($searchInput.data('offline-search-index-json-src')).then( + (data) => { + // Check if this is the enhanced index format or original format + const isEnhancedIndex = data.length > 0 && (data[0].keywords !== undefined || data[0].section !== undefined); + + idx = lunr(function () { + this.ref('ref'); + + // Always include core fields (backward compatible) + this.field('title', { boost: 15 }); + this.field('description', { boost: 8 }); + this.field('body', { boost: 1 }); + + // Include optional fields if they exist in the index + if (isEnhancedIndex) { + this.field('categories', { boost: 5 }); + this.field('tags', { boost: 5 }); + this.field('keywords', { boost: 5 }); + this.field('section', { boost: 3 }); + this.field('type', { boost: 2 }); + if (data[0].allText) { + this.field('allText', { boost: 1 }); + } + } else { + // Original format - use original field names + this.field('categories', { boost: 3 }); + this.field('tags', { boost: 3 }); + } + + data.forEach((doc) => { + try { + // Only add fields that exist in the document + const docToAdd = { + ref: doc.ref, + title: doc.title || '', + body: doc.body || '' + }; + + if (doc.description) docToAdd.description = doc.description; + if (doc.categories) docToAdd.categories = doc.categories; + if (doc.tags) docToAdd.tags = doc.tags; + if (isEnhancedIndex) { + if (doc.keywords) docToAdd.keywords = doc.keywords; + if (doc.section) docToAdd.section = doc.section; + if (doc.type) docToAdd.type = doc.type; + if (doc.allText) docToAdd.allText = doc.allText; + } + + this.add(docToAdd); + + resultDetails.set(doc.ref, { + title: doc.title || '', + excerpt: doc.excerpt || doc.description || '', + description: doc.description || '', + categories: doc.categories || [], + tags: doc.tags || [], + keywords: doc.keywords || [], + section: doc.section || '', + type: doc.type || '', + date: doc.date || '', + lastmod: doc.lastmod || '' + }); + } catch (e) { + console.warn('Error adding document to search index:', doc.ref, e); + } + }); + }); + + // Expose search index globally for AI search + window.searchIndex = idx; + window.searchIndexData = resultDetails; + window.searchIndexBaseHref = $searchInput.data('offline-search-base-href') || '/'; + + $searchInput.trigger('change'); + } + ).catch(function(error) { + console.error('Failed to load search index:', error); + }); + + const render = ($targetSearchInput) => { + // Dispose the previous result + $targetSearchInput.popover('dispose'); + + if (idx === null) { + return; + } + + const searchQuery = $targetSearchInput.val(); + if (searchQuery === '') { + return; + } + + // Enhanced keyword search with improved relevance and error handling + let results = []; + try { + results = idx + .query((q) => { + // Split query into words and phrases + const queryLower = searchQuery.toLowerCase().trim(); + + // Handle phrase searches (quoted strings) + const phraseMatches = queryLower.match(/"([^"]+)"/g); + const phrases = phraseMatches ? phraseMatches.map(p => p.replace(/"/g, '')) : []; + const wordsOnly = queryLower.replace(/"([^"]+)"/g, '').trim(); + + // Tokenize remaining words + const tokens = wordsOnly ? lunr.tokenizer(wordsOnly) : []; + + // Boost exact phrase matches significantly + phrases.forEach(phrase => { + const phraseTokens = lunr.tokenizer(phrase); + phraseTokens.forEach((token, index) => { + const queryString = token.toString(); + // Phrase matches get highest boost + q.term(queryString, { boost: 200 - (index * 10) }); + }); + }); + + // Process individual keywords + tokens.forEach((token) => { + const queryString = token.toString(); + + // Skip very short tokens (likely noise) + if (queryString.length < 2) return; + + // Exact match - highest priority for individual words + q.term(queryString, { boost: 150 }); + + // Prefix matches (words starting with query) + q.term(queryString, { + wildcard: lunr.Query.wildcard.TRAILING, + boost: 50 + }); + + // Suffix matches (words ending with query) + q.term(queryString, { + wildcard: lunr.Query.wildcard.LEADING, + boost: 30 + }); + + // Full wildcard matches + q.term(queryString, { + wildcard: lunr.Query.wildcard.LEADING | lunr.Query.wildcard.TRAILING, + boost: 20 + }); + + // Fuzzy matches for typos (only for longer words) + if (queryString.length > 4) { + q.term(queryString, { + editDistance: 1, + boost: 10 + }); + } + + // Very fuzzy matches for longer words + if (queryString.length > 6) { + q.term(queryString, { + editDistance: 2, + boost: 5 + }); + } + }); + + // If no tokens found, try searching the whole query as-is + if (tokens.length === 0 && queryLower.length > 2) { + q.term(queryLower, { boost: 100 }); + q.term(queryLower, { + wildcard: lunr.Query.wildcard.LEADING | lunr.Query.wildcard.TRAILING, + boost: 20 + }); + } + }) + .slice( + 0, + $targetSearchInput.data('offline-search-max-results') || 10 + ); + } catch (error) { + console.error('Search query error:', error); + // Fallback to simple search + try { + const tokens = lunr.tokenizer(searchQuery.toLowerCase()); + results = idx.query((q) => { + tokens.forEach((token) => { + const queryString = token.toString(); + q.term(queryString, { boost: 100 }); + q.term(queryString, { + wildcard: lunr.Query.wildcard.LEADING | lunr.Query.wildcard.TRAILING, + boost: 10 + }); + }); + }).slice(0, $targetSearchInput.data('offline-search-max-results') || 10); + } catch (fallbackError) { + console.error('Fallback search also failed:', fallbackError); + results = []; + } + } + + // Build result HTML + const $html = $('
'); + + $html.append( + $('
') + .css({ + display: 'flex', + justifyContent: 'space-between', + marginBottom: '1em', + }) + .append( + $('') + .text(`Found ${results.length} result${results.length !== 1 ? 's' : ''}`) + .css({ fontWeight: 'bold' }) + ) + .append( + $('') + .addClass('fas fa-times search-result-close-button') + .css({ cursor: 'pointer' }) + ) + ); + + const $searchResultBody = $('
').css({ + maxHeight: `calc(100vh - ${ + $targetSearchInput.offset().top - + $(window).scrollTop() + + 180 + }px)`, + overflowY: 'auto', + }); + $html.append($searchResultBody); + + if (results.length === 0) { + $searchResultBody.append( + $('

').text(`No results found for "${searchQuery}"`) + ); + } else { + results.forEach((r) => { + const doc = resultDetails.get(r.ref); + const href = + $searchInput.data('offline-search-base-href') + + r.ref.replace(/^\//, ''); + + const $entry = $('

').addClass('mt-4'); + + // Show path/section + if (doc.section) { + $entry.append( + $('') + .addClass('d-block text-muted') + .text(doc.section + ' / ' + r.ref) + ); + } else { + $entry.append( + $('') + .addClass('d-block text-muted') + .text(r.ref) + ); + } + + // Title with link + $entry.append( + $('') + .addClass('d-block') + .css({ fontSize: '1.2rem', fontWeight: 'bold' }) + .attr('href', href) + .text(doc.title) + ); + + // Description/excerpt + if (doc.excerpt) { + $entry.append($('

').text(doc.excerpt)); + } + + // Tags/categories + if (doc.tags && doc.tags.length > 0) { + const $tags = $('

').addClass('mt-2'); + doc.tags.forEach(tag => { + $tags.append( + $('') + .addClass('badge badge-secondary mr-1') + .text(tag) + ); + }); + $entry.append($tags); + } + + $searchResultBody.append($entry); + }); + } + + $targetSearchInput.on('shown.bs.popover', () => { + $('.search-result-close-button').on('click', () => { + $targetSearchInput.val(''); + $targetSearchInput.trigger('change'); + }); + }); + + $targetSearchInput + .data('content', $html[0].outerHTML) + .popover('show'); + }; + }); +})(jQuery); + diff --git a/assets/json/offline-search-index.json b/assets/json/offline-search-index.json new file mode 100644 index 00000000..218c3d55 --- /dev/null +++ b/assets/json/offline-search-index.json @@ -0,0 +1,47 @@ +{{- $.Scratch.Add "offline-search-index" slice -}} +{{- range where .Site.AllPages ".Params.exclude_search" "!=" true -}} +{{/* Enhanced search index with more fields for better searchability */}} +{{- $title := .Title | default "" -}} +{{- $description := .Description | default .Summary | default "" -}} +{{- $content := .Plain | htmlUnescape | default "" -}} +{{- $categories := .Params.categories | default (slice) -}} +{{- $tags := .Params.tags | default (slice) -}} +{{- $section := .Section | default "" -}} +{{- $type := .Type | default "" -}} +{{- $excerpt := ($description | default $content) | htmlUnescape | truncate (.Site.Params.offlineSearchSummaryLength | default 150) | htmlUnescape -}} +{{- $keywords := .Params.keywords | default (slice) -}} +{{- /* Create comprehensive searchable text with keywords - ensure all fields are strings */ -}} +{{- $allText := printf "%s %s %s" ($title | default "") ($description | default "") ($content | default "") -}} +{{- if $categories -}} +{{- $allText = printf "%s %s" $allText (delimit $categories " ") -}} +{{- end -}} +{{- if $tags -}} +{{- $allText = printf "%s %s" $allText (delimit $tags " ") -}} +{{- end -}} +{{- if $keywords -}} +{{- $allText = printf "%s %s" $allText (delimit $keywords " ") -}} +{{- end -}} +{{- if $section -}} +{{- $allText = printf "%s %s" $allText $section -}} +{{- end -}} +{{- if $type -}} +{{- $allText = printf "%s %s" $allText $type -}} +{{- end -}} +{{- $.Scratch.Add "offline-search-index" (dict + "ref" .RelPermalink + "title" $title + "categories" $categories + "tags" $tags + "keywords" $keywords + "section" $section + "type" $type + "description" $description + "body" $content + "excerpt" $excerpt + "allText" $allText + "date" (.Date.Format "2006-01-02") + "lastmod" (.Lastmod.Format "2006-01-02") +) -}} +{{- end -}} +{{- $.Scratch.Get "offline-search-index" | jsonify -}} + diff --git a/config.yaml b/config.yaml index 499af762..332f258a 100644 --- a/config.yaml +++ b/config.yaml @@ -6,11 +6,39 @@ sectionPagesMenu: "main" contentDir: "content/en" params: offlineSearch: true + # Enhanced search configuration + search: + enabled: true + indexFullContent: true + # AI-powered search features + semanticSearch: true + searchSuggestions: true + # AI documentation features + ai: + enabled: true + chatEnabled: true + contentSuggestions: true + # Optional: Add your AI service API key via environment variable + # apiKey: "" # Set via HUGO_PARAMS_AI_API_KEY env var github_branch: main github_repo: "https://github.com/openshift/ci-docs" api_v1_url: "https://cluster-display.ci.openshift.org" helpdesk_faq_api_url: "https://helpdesk-faq-ci.apps.ci.l2s4.p1.openshiftapps.com/api/v1/faq-items" + # SEO and AI indexing improvements + description: "Comprehensive documentation for OpenShift CI/CD platform, including CI Operator, Step Registry, and testing workflows" + keywords: ["OpenShift", "CI/CD", "Continuous Integration", "Kubernetes", "Prow", "CI Operator", "Step Registry"] +<<<<<<< HEAD + # Search configuration + offlineSearchMaxResults: 20 + offlineSearchSummaryLength: 150 + # Sitemap configuration + sitemap: + changefreq: "weekly" + priority: 0.7 +enableGitInfo: false +======= enableGitInfo: true +>>>>>>> 81d9fe6 (Migrate docs framework: upgrade Hugo, add AI search/chat, enhance SEO) menu: main: - name: CI Operator Reference diff --git a/deploy/PERMISSIONS.md b/deploy/PERMISSIONS.md new file mode 100644 index 00000000..12e25aa2 --- /dev/null +++ b/deploy/PERMISSIONS.md @@ -0,0 +1,90 @@ +# Permissions Required for Deployment + +## Required Permissions + +To deploy to the `dmistry` namespace on build01, you need: + +1. **Namespace access**: Ability to view and use the `dmistry` namespace +2. **Deployment creation**: `create deployments` permission +3. **Service creation**: `create services` permission +4. **Route creation**: `create routes` permission +5. **Image pull**: Access to pull images from `registry.ci.openshift.org/dmistry/*` + +## Check Your Permissions + +```bash +# Check if you can create deployments +oc --context build01 -n dmistry auth can-i create deployments + +# Check if you can create routes +oc --context build01 -n dmistry auth can-i create routes + +# Check if you can create services +oc --context build01 -n dmistry auth can-i create services +``` + +## If You Don't Have Permissions + +### Option 1: Request Access +Contact the cluster administrators to grant you the necessary permissions in the `dmistry` namespace. + +### Option 2: Use a Different Namespace +If you have access to another namespace, update the deployment script: + +```bash +# Edit deploy/deploy.sh +NAMESPACE="your-namespace" +``` + +### Option 3: Use a Service Account +If you have permission to create service accounts, you can create one with the necessary permissions: + +```yaml +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ci-docs-deployer + namespace: dmistry +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: ci-docs-deployer + namespace: dmistry +rules: +- apiGroups: ["apps"] + resources: ["deployments"] + verbs: ["create", "get", "update", "patch"] +- apiGroups: [""] + resources: ["services"] + verbs: ["create", "get", "update", "patch"] +- apiGroups: ["route.openshift.io"] + resources: ["routes"] + verbs: ["create", "get", "update", "patch"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: ci-docs-deployer + namespace: dmistry +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: ci-docs-deployer +subjects: +- kind: ServiceAccount + name: ci-docs-deployer + namespace: dmistry +``` + +## Current Status + +Based on the permission check: +- ❌ Cannot create deployments (may need to request access) +- ❌ Cannot create routes (may need to request access) + +You'll need to either: +1. Request permissions from cluster admins +2. Use a namespace where you have permissions +3. Have someone with permissions deploy it for you + diff --git a/deploy/QUICKSTART.md b/deploy/QUICKSTART.md new file mode 100644 index 00000000..d494778d --- /dev/null +++ b/deploy/QUICKSTART.md @@ -0,0 +1,59 @@ +# Quick Start - Deploy to build01 + +## One-Command Deploy + +```bash +./deploy/deploy.sh +``` + +That's it! The script will: +- Build the Docker image +- Push to registry +- Deploy to build01/dmistry namespace +- Show you the URL + +## Prerequisites Check + +Before running, make sure you have: + +```bash +# 1. Logged into build01 +oc whoami + +# 2. Logged into registry +docker login registry.ci.openshift.org + +# 3. Access to dmistry namespace +oc get namespace dmistry +``` + +## Access After Deploy + +```bash +oc get route ci-docs-test -n dmistry -o jsonpath='https://{.spec.host}' +``` + +## Troubleshooting + +**Build fails?** +```bash +docker build -t test -f Dockerfile . # Test locally +``` + +**Push fails?** +```bash +docker login registry.ci.openshift.org +``` + +**Deployment not ready?** +```bash +oc logs -n dmistry -l app=ci-docs-test +oc describe pod -n dmistry -l app=ci-docs-test +``` + +## Cleanup + +```bash +oc delete -f deploy/test-deployment.yaml +``` + diff --git a/deploy/README.md b/deploy/README.md new file mode 100644 index 00000000..7bfbf72f --- /dev/null +++ b/deploy/README.md @@ -0,0 +1,168 @@ +# Test Deployment Guide + +This directory contains manifests and scripts to deploy a test version of the CI docs to the build01 cluster in the `dmistry` namespace. + +## Prerequisites + +1. **Access to build01 cluster** + ```bash + oc login + ``` + +2. **Docker access to registry** + ```bash + docker login registry.ci.openshift.org + ``` + +3. **Required tools** + - `oc` (OpenShift CLI) + - `docker` or `podman` + - Access to `dmistry` namespace on build01 + +## Quick Deploy + +```bash +# Make the script executable +chmod +x deploy/deploy.sh + +# Run the deployment script +./deploy/deploy.sh +``` + +The script will: +1. Build the Docker image +2. Push it to `registry.ci.openshift.org/dmistry/ci-docs-test:latest` +3. Create/verify the namespace +4. Deploy the application +5. Display the route URL + +## Manual Deployment + +If you prefer to deploy manually: + +### 1. Build and Push Image + +```bash +docker build -t registry.ci.openshift.org/dmistry/ci-docs-test:latest -f Dockerfile . +docker push registry.ci.openshift.org/dmistry/ci-docs-test:latest +``` + +### 2. Apply Manifests + +```bash +oc apply -f deploy/test-deployment.yaml +``` + +### 3. Check Status + +```bash +# Check pods +oc get pods -n dmistry + +# Check route +oc get route -n dmistry + +# View logs +oc logs -n dmistry -l app=ci-docs-test +``` + +## Accessing the Deployment + +After deployment, get the route URL: + +```bash +oc get route ci-docs-test -n dmistry -o jsonpath='{.spec.host}' +``` + +The site will be available at: `https://` + +## Differences from Production + +This test deployment: +- Uses namespace `dmistry` (not the production namespace) +- Uses service name `ci-docs-test` (not `ci-docs`) +- Uses different route name to avoid conflicts +- Uses a different image name/tag +- Has minimal resources (1 replica, lower resource limits) + +## Troubleshooting + +### Image Build Fails + +```bash +# Check Dockerfile +cat Dockerfile + +# Build locally to test +docker build -t test-build -f Dockerfile . +``` + +### Image Push Fails + +```bash +# Verify registry login +docker login registry.ci.openshift.org + +# Check permissions +oc whoami +``` + +### Deployment Not Ready + +```bash +# Check pod status +oc get pods -n dmistry + +# Check pod logs +oc logs -n dmistry -l app=ci-docs-test + +# Check events +oc get events -n dmistry --sort-by='.lastTimestamp' +``` + +### Route Not Accessible + +```bash +# Check route +oc get route -n dmistry + +# Check service +oc get svc -n dmistry + +# Check endpoints +oc get endpoints -n dmistry +``` + +## Cleanup + +To remove the test deployment: + +```bash +oc delete -f deploy/test-deployment.yaml +``` + +Or delete individual resources: + +```bash +oc delete deployment ci-docs-test -n dmistry +oc delete service ci-docs-test -n dmistry +oc delete route ci-docs-test -n dmistry +``` + +## Updating the Deployment + +To update after making changes: + +1. Make your code changes +2. Rebuild and push the image: + ```bash + docker build -t registry.ci.openshift.org/dmistry/ci-docs-test:latest -f Dockerfile . + docker push registry.ci.openshift.org/dmistry/ci-docs-test:latest + ``` +3. Restart the deployment: + ```bash + oc rollout restart deployment/ci-docs-test -n dmistry + ``` + +Or use the deployment script again - it will rebuild and redeploy. + diff --git a/deploy/buildconfig.yaml b/deploy/buildconfig.yaml new file mode 100644 index 00000000..19fbe218 --- /dev/null +++ b/deploy/buildconfig.yaml @@ -0,0 +1,26 @@ +--- +apiVersion: build.openshift.io/v1 +kind: BuildConfig +metadata: + name: ci-docs-test + namespace: dmistry + labels: + app: ci-docs-test +spec: + source: + type: Binary + binary: {} + # Note: This BuildConfig expects binary source to be provided via: + # oc --context build01 --as system:admin start-build ci-docs-test --from-dir=. -n dmistry + strategy: + type: Docker + dockerStrategy: + dockerfilePath: Dockerfile + output: + to: + kind: ImageStreamTag + name: ci-docs-test:latest + triggers: + - type: ConfigChange + runPolicy: Serial + diff --git a/deploy/deploy-openshift-build.sh b/deploy/deploy-openshift-build.sh new file mode 100755 index 00000000..5231aafb --- /dev/null +++ b/deploy/deploy-openshift-build.sh @@ -0,0 +1,134 @@ +#!/bin/bash +set -e + +# Configuration +NAMESPACE="dmistry" +IMAGE_NAME="ci-docs-test" +CLUSTER="build01" + +echo "==========================================" +echo "Deploying CI Docs Test to build01 cluster" +echo "Using OpenShift Build (no local Docker required)" +echo "==========================================" +echo "Namespace: ${NAMESPACE}" +echo "Cluster: ${CLUSTER}" +echo "" + +# Set OC context with system:admin +OC_CMD="oc --context ${CLUSTER} --as system:admin" + +# Check if we can access the cluster +if ! ${OC_CMD} get nodes &>/dev/null 2>&1; then + echo "Error: Cannot access ${CLUSTER} cluster" + exit 1 +fi + +echo "Using context: build01" +echo "Deploying as: system:admin" +echo "" + +# Create namespace if it doesn't exist +echo "Step 1: Ensuring namespace exists..." +if ${OC_CMD} get namespace ${NAMESPACE} &>/dev/null 2>&1; then + echo "✓ Namespace ${NAMESPACE} already exists" +else + echo "Creating namespace ${NAMESPACE}..." + ${OC_CMD} create namespace ${NAMESPACE} + echo "✓ Namespace ${NAMESPACE} created" +fi +echo "" + +# Create ImageStream +echo "Step 2: Creating ImageStream..." +${OC_CMD} create imagestream ${IMAGE_NAME} -n ${NAMESPACE} --dry-run=client -o yaml | ${OC_CMD} apply -f - +echo "✓ ImageStream ready" +echo "" + +# Create BuildConfig +echo "Step 3: Creating BuildConfig..." +echo "Note: This will build from the current branch in your repository" +${OC_CMD} apply -f deploy/buildconfig.yaml + +if [ $? -ne 0 ]; then + echo "Error: Failed to create BuildConfig" + exit 1 +fi + +echo "✓ BuildConfig created" +echo "" + +# Start the build from local directory +echo "Step 4: Starting build from local source..." +echo "This will upload the current directory to the build..." +echo "Note: Ensuring git submodules are initialized..." +cd "$(dirname "$0")/.." # Go to repo root + +# Initialize submodules if needed +if [ -f .gitmodules ]; then + git submodule update --init --recursive --depth 1 2>/dev/null || echo "Submodules may already be initialized" +fi + +${OC_CMD} start-build ${IMAGE_NAME} --from-dir=. -n ${NAMESPACE} --follow + +if [ $? -ne 0 ]; then + echo "Error: Build failed" + echo "Check build logs with:" + echo " ${OC_CMD} logs -n ${NAMESPACE} build/${IMAGE_NAME}-" + exit 1 +fi + +echo "✓ Build completed successfully" +echo "" + +# Apply deployment manifests (update to use ImageStream) +echo "Step 5: Applying deployment manifests..." +# Update the deployment to use ImageStream instead of external registry +${OC_CMD} apply -f deploy/test-deployment.yaml + +# Update deployment to use ImageStream +${OC_CMD} set image deployment/ci-docs-test nginx=${IMAGE_NAME}:latest -n ${NAMESPACE} + +echo "✓ Deployment manifests applied" +echo "" + +# Wait for deployment to be ready +echo "Step 6: Waiting for deployment to be ready..." +${OC_CMD} rollout status deployment/ci-docs-test -n ${NAMESPACE} --timeout=5m + +if [ $? -ne 0 ]; then + echo "Error: Deployment failed to become ready" + echo "Check logs with: ${OC_CMD} logs -n ${NAMESPACE} -l app=ci-docs-test" + exit 1 +fi + +echo "✓ Deployment is ready" +echo "" + +# Get the route URL +echo "Step 7: Getting route URL..." +ROUTE_URL=$(${OC_CMD} get route ci-docs-test -n ${NAMESPACE} -o jsonpath='{.spec.host}' 2>/dev/null) + +if [ -z "${ROUTE_URL}" ]; then + echo "Warning: Could not get route URL" + echo "Check route with: ${OC_CMD} get route -n ${NAMESPACE}" +else + echo "" + echo "==========================================" + echo "✓ Deployment successful!" + echo "==========================================" + echo "Access your test deployment at:" + echo " https://${ROUTE_URL}" + echo "" + echo "To check status:" + echo " ${OC_CMD} get pods -n ${NAMESPACE}" + echo " ${OC_CMD} get route -n ${NAMESPACE}" + echo "" + echo "To view logs:" + echo " ${OC_CMD} logs -n ${NAMESPACE} -l app=ci-docs-test" + echo "" + echo "To delete the deployment:" + echo " ${OC_CMD} delete -f deploy/test-deployment.yaml" + echo " ${OC_CMD} delete buildconfig ${IMAGE_NAME} -n ${NAMESPACE}" + echo "==========================================" +fi + diff --git a/deploy/deploy.sh b/deploy/deploy.sh new file mode 100755 index 00000000..27fad47d --- /dev/null +++ b/deploy/deploy.sh @@ -0,0 +1,172 @@ +#!/bin/bash +set -e + +# Configuration +NAMESPACE="dmistry" +IMAGE_NAME="ci-docs-test" +IMAGE_TAG="latest" +REGISTRY="registry.ci.openshift.org" +FULL_IMAGE="${REGISTRY}/${NAMESPACE}/${IMAGE_NAME}:${IMAGE_TAG}" +CLUSTER="build01" + +echo "==========================================" +echo "Deploying CI Docs Test to build01 cluster" +echo "==========================================" +echo "Namespace: ${NAMESPACE}" +echo "Image: ${FULL_IMAGE}" +echo "Cluster: ${CLUSTER}" +echo "" + +# Set OC context with system:admin +OC_CMD="oc --context ${CLUSTER} --as system:admin" + +# Check if we can access the cluster (try a simple command) +if ! ${OC_CMD} get nodes &>/dev/null 2>&1; then + echo "Error: Cannot access ${CLUSTER} cluster" + echo "Please ensure:" + echo " 1. You're logged in: oc login " + echo " 2. Context is set: oc config use-context ${CLUSTER}" + exit 1 +fi + +# Check current context +CURRENT_CONTEXT=$(oc config current-context 2>/dev/null || echo "build01") +echo "Using context: ${CURRENT_CONTEXT}" +echo "Deploying as: system:admin" +echo "" + +# Build the container image +echo "Step 1: Building container image..." +# Try podman first (works without sudo), then docker +if podman ps &>/dev/null 2>&1; then + CONTAINER_CMD="podman" + echo "Using podman" +elif docker ps &>/dev/null 2>&1; then + CONTAINER_CMD="docker" + echo "Using docker" +elif sudo docker ps &>/dev/null 2>&1; then + CONTAINER_CMD="sudo docker" + echo "Using sudo docker" +else + echo "Error: Cannot access container runtime (podman/docker)" + echo "" + echo "Options:" + echo " 1. Use OpenShift build (no local container runtime needed):" + echo " ./deploy/deploy-openshift-build.sh" + echo "" + echo " 2. Add your user to the docker group:" + echo " sudo usermod -aG docker $USER" + echo " (then log out and back in)" + echo "" + echo " 3. Run this script with sudo:" + echo " sudo ./deploy/deploy.sh" + exit 1 +fi + +${CONTAINER_CMD} build -t ${FULL_IMAGE} -f Dockerfile . + +if [ $? -ne 0 ]; then + echo "Error: Docker build failed" + exit 1 +fi + +echo "✓ Docker image built successfully" +echo "" + +# Push the image to registry +echo "Step 2: Pushing image to registry..." +${CONTAINER_CMD} push ${FULL_IMAGE} + +if [ $? -ne 0 ]; then + echo "Error: Docker push failed" + echo "Make sure you're logged into the registry:" + echo " docker login ${REGISTRY}" + exit 1 +fi + +echo "✓ Image pushed successfully" +echo "" + +# Create namespace if it doesn't exist +echo "Step 3: Ensuring namespace exists..." +if ${OC_CMD} get namespace ${NAMESPACE} &>/dev/null 2>&1; then + echo "✓ Namespace ${NAMESPACE} already exists" +else + echo "Creating namespace ${NAMESPACE}..." + ${OC_CMD} create namespace ${NAMESPACE} + if [ $? -ne 0 ]; then + echo "Error: Failed to create namespace" + exit 1 + fi + echo "✓ Namespace ${NAMESPACE} created" +fi + +# Check permissions (using system:admin should have all permissions) +echo "Checking permissions..." +if ! ${OC_CMD} auth can-i create deployments -n ${NAMESPACE} &>/dev/null; then + echo "Warning: Cannot create deployments even with system:admin" + echo "This may indicate a cluster configuration issue" + read -p "Continue anyway? (y/n) " -n 1 -r + echo + if [[ ! $REPLY =~ ^[Yy]$ ]]; then + exit 1 + fi +else + echo "✓ Permissions verified" +fi + +echo "✓ Namespace ready" +echo "" + +# Apply deployment manifests +echo "Step 4: Applying deployment manifests..." +${OC_CMD} apply -f deploy/test-deployment.yaml + +if [ $? -ne 0 ]; then + echo "Error: Failed to apply manifests" + exit 1 +fi + +echo "✓ Deployment manifests applied" +echo "" + +# Wait for deployment to be ready +echo "Step 5: Waiting for deployment to be ready..." +${OC_CMD} rollout status deployment/ci-docs-test -n ${NAMESPACE} --timeout=5m + +if [ $? -ne 0 ]; then + echo "Error: Deployment failed to become ready" + echo "Check logs with: oc logs -n ${NAMESPACE} deployment/ci-docs-test" + exit 1 +fi + +echo "✓ Deployment is ready" +echo "" + +# Get the route URL +echo "Step 6: Getting route URL..." +ROUTE_URL=$(${OC_CMD} get route ci-docs-test -n ${NAMESPACE} -o jsonpath='{.spec.host}' 2>/dev/null) + +if [ -z "${ROUTE_URL}" ]; then + echo "Warning: Could not get route URL" + echo "Check route with: oc --context ${CLUSTER} get route -n ${NAMESPACE}" +else + echo "" + echo "==========================================" + echo "✓ Deployment successful!" + echo "==========================================" + echo "Access your test deployment at:" + echo " https://${ROUTE_URL}" + echo "" + echo "To check status:" + echo " oc --context ${CLUSTER} get pods -n ${NAMESPACE}" + echo " oc --context ${CLUSTER} get route -n ${NAMESPACE}" + echo "" + echo "To view logs:" + echo " oc --context ${CLUSTER} logs -n ${NAMESPACE} -l app=ci-docs-test" + echo "" + echo "To delete the deployment:" + echo " oc --context ${CLUSTER} delete -f deploy/test-deployment.yaml" + echo "==========================================" +fi + diff --git a/deploy/test-deployment.yaml b/deploy/test-deployment.yaml new file mode 100644 index 00000000..6c0ec023 --- /dev/null +++ b/deploy/test-deployment.yaml @@ -0,0 +1,94 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: dmistry + labels: + name: dmistry +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: ci-docs-test + namespace: dmistry + labels: + app: ci-docs-test + version: test +spec: + replicas: 1 + selector: + matchLabels: + app: ci-docs-test + template: + metadata: + labels: + app: ci-docs-test + version: test + spec: + containers: + - name: nginx + image: image-registry.openshift-image-registry.svc:5000/dmistry/ci-docs-test:latest + imagePullPolicy: Always + ports: + - containerPort: 8080 + name: http + protocol: TCP + resources: + requests: + memory: "128Mi" + cpu: "100m" + limits: + memory: "512Mi" + cpu: "500m" + livenessProbe: + httpGet: + path: / + port: 8080 + initialDelaySeconds: 30 + periodSeconds: 10 + readinessProbe: + httpGet: + path: / + port: 8080 + initialDelaySeconds: 10 + periodSeconds: 5 +--- +apiVersion: v1 +kind: Service +metadata: + name: ci-docs-test + namespace: dmistry + labels: + app: ci-docs-test +spec: + ports: + - port: 8080 + targetPort: 8080 + protocol: TCP + name: http + selector: + app: ci-docs-test + type: ClusterIP +--- +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + name: ci-docs-test + namespace: dmistry + labels: + app: ci-docs-test +spec: + to: + kind: Service + name: ci-docs-test + weight: 100 + port: + targetPort: http + tls: + termination: edge + insecureEdgeTerminationPolicy: Redirect + # Use a different hostname to avoid conflicts + # This will create: ci-docs-test-dmistry.apps.build01.ci.devcluster.openshift.com + # Or you can specify a custom hostname if you have access + # host: ci-docs-test-dmistry.apps.build01.ci.devcluster.openshift.com + diff --git a/layouts/_default/search.html b/layouts/_default/search.html new file mode 100644 index 00000000..2df61443 --- /dev/null +++ b/layouts/_default/search.html @@ -0,0 +1,525 @@ +{{ define "main" }} +
+
+

{{ .Title }}

+ +{{ if .Site.Params.gcs_engine_id }} + + + +{{ else if .Site.Params.offlineSearch }} + +
+
+ +
+
+ {{ if .Params.q }} +

Searching for: {{ .Params.q }}

+ {{ else }} +

Enter a search term above to find documentation.

+ {{ end }} +
+
+ + + + +{{ end }} +
+
+{{ end }} + diff --git a/layouts/partials/ai-chat.html b/layouts/partials/ai-chat.html new file mode 100644 index 00000000..c0815b40 --- /dev/null +++ b/layouts/partials/ai-chat.html @@ -0,0 +1,801 @@ +{{ if and .Site.Params.ai.enabled .Site.Params.ai.chatEnabled }} +
+<<<<<<< HEAD + + + +
+ + + + +{{ end }} + diff --git a/layouts/partials/ai-search.html b/layouts/partials/ai-search.html new file mode 100644 index 00000000..6f9f259c --- /dev/null +++ b/layouts/partials/ai-search.html @@ -0,0 +1,636 @@ +{{ if .Site.Params.ai.enabled }} + + + + + +{{ end }} + diff --git a/layouts/partials/enhanced-offline-search.js b/layouts/partials/enhanced-offline-search.js new file mode 100644 index 00000000..c8d9c5ad --- /dev/null +++ b/layouts/partials/enhanced-offline-search.js @@ -0,0 +1,215 @@ +// Enhanced offline search with improved indexing and search capabilities +// Adapted from themes/docsy/assets/js/offline-search.js with enhancements + +(function ($) { + 'use strict'; + + $(document).ready(function () { + const $searchInput = $('.td-search-input'); + + // Options for popover + $searchInput.data('html', true); + $searchInput.data('placement', 'bottom'); + $searchInput.data( + 'template', + '' + ); + + // Register handler + $searchInput.on('change', (event) => { + render($(event.target)); + $searchInput.blur(); + }); + + // Prevent reloading page by enter key on sidebar search + $searchInput.closest('form').on('submit', () => { + return false; + }); + + // Enhanced Lunr index with more fields + let idx = null; + const resultDetails = new Map(); + + // Load search index + $.ajax($searchInput.data('offline-search-index-json-src')).then( + (data) => { + idx = lunr(function () { + this.ref('ref'); + + // Enhanced field configuration with better boosting + this.field('title', { boost: 15 }); + this.field('description', { boost: 8 }); + this.field('categories', { boost: 5 }); + this.field('tags', { boost: 5 }); + this.field('keywords', { boost: 5 }); + this.field('section', { boost: 3 }); + this.field('type', { boost: 2 }); + this.field('body', { boost: 1 }); + this.field('allText', { boost: 1 }); + + data.forEach((doc) => { + this.add(doc); + + resultDetails.set(doc.ref, { + title: doc.title || '', + excerpt: doc.excerpt || doc.description || '', + description: doc.description || '', + categories: doc.categories || [], + tags: doc.tags || [], + section: doc.section || '', + type: doc.type || '', + date: doc.date || '', + lastmod: doc.lastmod || '' + }); + }); + }); + + $searchInput.trigger('change'); + } + ); + + const render = ($targetSearchInput) => { + // Dispose the previous result + $targetSearchInput.popover('dispose'); + + if (idx === null) { + return; + } + + const searchQuery = $targetSearchInput.val(); + if (searchQuery === '') { + return; + } + + // Enhanced search query with better relevance + const results = idx + .query((q) => { + const tokens = lunr.tokenizer(searchQuery.toLowerCase()); + tokens.forEach((token) => { + const queryString = token.toString(); + // Exact match boost + q.term(queryString, { boost: 100 }); + // Wildcard matches + q.term(queryString, { + wildcard: + lunr.Query.wildcard.LEADING | + lunr.Query.wildcard.TRAILING, + boost: 10, + }); + // Fuzzy matches + q.term(queryString, { + editDistance: 2, + boost: 5 + }); + }); + }) + .slice( + 0, + $targetSearchInput.data('offline-search-max-results') || 10 + ); + + // Build result HTML + const $html = $('
'); + + $html.append( + $('
') + .css({ + display: 'flex', + justifyContent: 'space-between', + marginBottom: '1em', + }) + .append( + $('') + .text(`Found ${results.length} result${results.length !== 1 ? 's' : ''}`) + .css({ fontWeight: 'bold' }) + ) + .append( + $('') + .addClass('fas fa-times search-result-close-button') + .css({ cursor: 'pointer' }) + ) + ); + + const $searchResultBody = $('
').css({ + maxHeight: `calc(100vh - ${ + $targetSearchInput.offset().top - + $(window).scrollTop() + + 180 + }px)`, + overflowY: 'auto', + }); + $html.append($searchResultBody); + + if (results.length === 0) { + $searchResultBody.append( + $('

').text(`No results found for "${searchQuery}"`) + ); + } else { + results.forEach((r) => { + const doc = resultDetails.get(r.ref); + const href = + $searchInput.data('offline-search-base-href') + + r.ref.replace(/^\//, ''); + + const $entry = $('

').addClass('mt-4'); + + // Show path/section + if (doc.section) { + $entry.append( + $('') + .addClass('d-block text-muted') + .text(doc.section + ' / ' + r.ref) + ); + } else { + $entry.append( + $('') + .addClass('d-block text-muted') + .text(r.ref) + ); + } + + // Title with link + $entry.append( + $('') + .addClass('d-block') + .css({ fontSize: '1.2rem', fontWeight: 'bold' }) + .attr('href', href) + .text(doc.title) + ); + + // Description/excerpt + if (doc.excerpt) { + $entry.append($('

').text(doc.excerpt)); + } + + // Tags/categories + if (doc.tags && doc.tags.length > 0) { + const $tags = $('

').addClass('mt-2'); + doc.tags.forEach(tag => { + $tags.append( + $('') + .addClass('badge badge-secondary mr-1') + .text(tag) + ); + }); + $entry.append($tags); + } + + $searchResultBody.append($entry); + }); + } + + $targetSearchInput.on('shown.bs.popover', () => { + $('.search-result-close-button').on('click', () => { + $targetSearchInput.val(''); + $targetSearchInput.trigger('change'); + }); + }); + + $targetSearchInput + .data('content', $html[0].outerHTML) + .popover('show'); + }; + }); +})(jQuery); + diff --git a/layouts/partials/enhanced-search.js b/layouts/partials/enhanced-search.js new file mode 100644 index 00000000..0345d6e3 --- /dev/null +++ b/layouts/partials/enhanced-search.js @@ -0,0 +1,42 @@ +// Enhanced search functionality that works with both popover and search page +(function($) { + 'use strict'; + + var EnhancedSearch = { + init: function() { + $(document).ready(function() { + // Handle search input in navbar/sidebar + $(document).on('keypress', '.td-search-input', function(e) { + if (e.keyCode === 13) { + e.preventDefault(); + var query = $(this).val().trim(); + if (query) { + // If offline search is enabled, show popover results + // Otherwise redirect to search page + if ($(this).data('offline-search-index-json-src')) { + // Trigger change event to show popover (handled by offline-search.js) + $(this).trigger('change'); + } else { + // Redirect to search page + var searchPage = "{{ "search/" | absURL }}?q=" + encodeURIComponent(query); + window.location.href = searchPage; + } + } + return false; + } + }); + + // Also handle click on search icon if present + $(document).on('click', '.td-search-input', function() { + var query = $(this).val().trim(); + if (query && $(this).data('offline-search-index-json-src')) { + $(this).trigger('change'); + } + }); + }); + } + }; + + EnhancedSearch.init(); +}(jQuery)); + diff --git a/layouts/partials/head.html b/layouts/partials/head.html index b36d176c..55388748 100644 --- a/layouts/partials/head.html +++ b/layouts/partials/head.html @@ -15,9 +15,139 @@ {{ partialCached "favicons.html" . }} {{ if .IsHome }}{{ .Site.Title }}{{ else }}{{ with .Title }}{{ . }} | {{ end }}{{ .Site.Title }}{{ end }} +<<<<<<< HEAD +{{- $description := .Description | default .Summary | default .Site.Params.description | default "" -}} +{{- if $description -}} + +{{- end -}} +{{- $keywords := .Params.keywords | default .Site.Params.keywords | default (slice) -}} +{{- if $keywords -}} + +{{- end -}} +{{- /* Canonical URL for SEO */ -}} + +{{- /* Open Graph and Twitter Card meta tags */ -}} + + + + + +{{- if .Params.image -}} + +{{- end -}} + + + +{{- if .Params.image -}} + +{{- end -}} +{{- /* Article meta tags */ -}} +{{- if .IsPage -}} + + +{{- if .Params.author -}} + +{{- end -}} +{{- if .Params.section -}} + +{{- end -}} +{{- if .Params.tags -}} +{{- range .Params.tags -}} + +{{- end -}} +{{- end -}} +{{- end -}} +======= +{{- $description := .Description | default .Site.Params.description | default "" -}} +{{- if $description -}} + +{{- end -}} +{{- if .Site.Params.keywords -}} + +{{- end -}} {{- template "_internal/opengraph.html" . -}} {{- template "_internal/schema.html" . -}} {{- template "_internal/twitter_cards.html" . -}} +>>>>>>> 81d9fe6 (Migrate docs framework: upgrade Hugo, add AI search/chat, enhance SEO) +{{/* Enhanced structured data for AI and SEO */}} +{{ if .IsPage }} + +{{ else if .IsHome }} + +{{ end }} {{ if hugo.IsProduction }} {{ template "_internal/google_analytics_async.html" . }} {{ end }} @@ -27,11 +157,53 @@ integrity="sha256-9/aliU8dGd2tb6OSsuzixeV4y/faTqgFtohetphbbj0=" crossorigin="anonymous"> {{ if .Site.Params.offlineSearch }} + {{end}} +{{ if .Site.Params.search.semanticSearch }} + +<<<<<<< HEAD + + + +======= + + +>>>>>>> 81d9fe6 (Migrate docs framework: upgrade Hugo, add AI search/chat, enhance SEO) +{{end}} +{{ if .Site.Params.ai.enabled }} + + +{{end}} {{ if .Site.Params.prism_syntax_highlighting }} diff --git a/layouts/partials/hooks/body-end.html b/layouts/partials/hooks/body-end.html new file mode 100644 index 00000000..443e5d17 --- /dev/null +++ b/layouts/partials/hooks/body-end.html @@ -0,0 +1,4 @@ +{{/* AI Documentation Features */}} +{{ partial "ai-search.html" . }} +{{ partial "ai-chat.html" . }} + diff --git a/layouts/partials/scripts.html b/layouts/partials/scripts.html new file mode 100644 index 00000000..3d9185eb --- /dev/null +++ b/layouts/partials/scripts.html @@ -0,0 +1,35 @@ + + + +{{ if .Site.Params.mermaid.enable }} + +{{ end }} + + +{{ if .Site.Params.plantuml.enable }} + +{{ end }} + +{{ $jsBase := resources.Get "js/base.js" }} +{{ $jsAnchor := resources.Get "js/anchor.js" }} +{{ $jsSearch := resources.Get "js/search.js" | resources.ExecuteAsTemplate "js/search.js" .Site.Home }} +{{ $jsMermaid := resources.Get "js/mermaid.js" | resources.ExecuteAsTemplate "js/mermaid.js" . }} +{{ $jsPlantuml := resources.Get "js/plantuml.js" | resources.ExecuteAsTemplate "js/plantuml.js" . }} +{{ if .Site.Params.offlineSearch }} +{{/* Use enhanced offline search with better indexing */}} +{{ $jsSearch = resources.Get "js/offline-search.js" }} +{{/* Note: Enhanced search index is in assets/json/offline-search-index.json */}} +{{ end }} +{{ $js := (slice $jsBase $jsAnchor $jsSearch $jsMermaid $jsPlantuml) | resources.Concat "js/main.js" }} +{{ if .Site.IsServer }} + +{{ else }} +{{ $js := $js | minify | fingerprint }} + +{{ end }} +{{ if .Site.Params.prism_syntax_highlighting }} + + +{{ end }} +{{ partial "hooks/body-end.html" . }} + diff --git a/netlify.toml b/netlify.toml index a596fa8f..e961b4ca 100644 --- a/netlify.toml +++ b/netlify.toml @@ -2,5 +2,28 @@ command = "make generate" [context.deploy-preview.environment] -HUGO_VERSION = "0.119.0" +HUGO_VERSION = "0.128.0" NODE_VERSION = "20.11.1" + +[build] + command = "make generate" + publish = "public" + +[build.environment] + HUGO_VERSION = "0.128.0" + NODE_VERSION = "20.11.1" +<<<<<<< HEAD + +# Security Headers +[[headers]] + for = "/*" + [headers.values] + X-Content-Type-Options = "nosniff" + X-Frame-Options = "DENY" + X-XSS-Protection = "1; mode=block" + Referrer-Policy = "strict-origin-when-cross-origin" + Permissions-Policy = "geolocation=(), microphone=(), camera=()" + Strict-Transport-Security = "max-age=31536000; includeSubDomains; preload" + Content-Security-Policy = "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.jquery.com https://unpkg.com https://cdn.jsdelivr.net https://cdn.datatables.net; style-src 'self' 'unsafe-inline' https://cdn.datatables.net; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' https://cluster-display.ci.openshift.org https://helpdesk-faq-ci.apps.ci.l2s4.p1.openshiftapps.com; frame-ancestors 'none'; base-uri 'self'; form-action 'self';" +======= +>>>>>>> 81d9fe6 (Migrate docs framework: upgrade Hugo, add AI search/chat, enhance SEO) diff --git a/nginx/nginx.conf b/nginx/nginx.conf new file mode 100644 index 00000000..5346c8b8 --- /dev/null +++ b/nginx/nginx.conf @@ -0,0 +1,43 @@ +server { + listen 8080; + server_name _; + root /usr/share/nginx/html; + index index.html; + + # Security Headers + add_header X-Content-Type-Options "nosniff" always; + add_header X-Frame-Options "DENY" always; + add_header X-XSS-Protection "1; mode=block" always; + add_header Referrer-Policy "strict-origin-when-cross-origin" always; + add_header Permissions-Policy "geolocation=(), microphone=(), camera=()" always; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always; + + # Content Security Policy + add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.jquery.com https://unpkg.com https://cdn.jsdelivr.net https://cdn.datatables.net; style-src 'self' 'unsafe-inline' https://cdn.datatables.net; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' https://cluster-display.ci.openshift.org https://helpdesk-faq-ci.apps.ci.l2s4.p1.openshiftapps.com; frame-ancestors 'none'; base-uri 'self'; form-action 'self';" always; + + # Gzip compression + gzip on; + gzip_vary on; + gzip_min_length 1024; + gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml+rss application/javascript application/json; + + # Cache static assets + location ~* \.(jpg|jpeg|png|gif|ico|css|js|svg|woff|woff2|ttf|eot)$ { + expires 1y; + add_header Cache-Control "public, immutable"; + } + + # Main location + location / { + try_files $uri $uri/ /index.html; + absolute_redirect off; + } + + # Health check endpoint + location /health { + access_log off; + return 200 "healthy\n"; + add_header Content-Type text/plain; + } +} + diff --git a/static/_headers b/static/_headers new file mode 100644 index 00000000..be1b0072 --- /dev/null +++ b/static/_headers @@ -0,0 +1,13 @@ +# Security Headers +X-Content-Type-Options: nosniff +X-Frame-Options: DENY +X-XSS-Protection: 1; mode=block +Referrer-Policy: strict-origin-when-cross-origin +Permissions-Policy: geolocation=(), microphone=(), camera=() + +# Content Security Policy +Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.jquery.com https://unpkg.com https://cdn.jsdelivr.net https://cdn.datatables.net; style-src 'self' 'unsafe-inline' https://cdn.datatables.net; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' https://cluster-display.ci.openshift.org https://helpdesk-faq-ci.apps.ci.l2s4.p1.openshiftapps.com; frame-ancestors 'none'; base-uri 'self'; form-action 'self'; + +# Strict Transport Security (HTTPS only) +Strict-Transport-Security: max-age=31536000; includeSubDomains; preload + diff --git a/static/robots.txt b/static/robots.txt new file mode 100644 index 00000000..fb20fc2a --- /dev/null +++ b/static/robots.txt @@ -0,0 +1,10 @@ +User-agent: * +Allow: / + +# Sitemap +Sitemap: https://docs.ci.openshift.org/sitemap.xml + +# Disallow admin and private areas +Disallow: /admin/ +Disallow: /private/ +