phuker.github.io

Simplified Chinese English

Use GitHub Actions to release the GitHub Pages website privately from the open warehouse to fully hide the list of website files and historical records without paying for payment

GitHub free account restrictions can only publish the Github Pages website from the open warehouse, which will bring some privacy issues. Anyone can::

• View file modification of historical records, historical privacy data is difficult to delete
• Check the file list and easily find the unpublished draft
• Random fork warehouse, all data will be kept open, it is difficult to delete
• Easily pack and download all static website files

Do not store any static website files in the GitHub warehouse, but use Github Actions to remotely download the static website packing file and directly publish it to Github Pages.

Effect:

• GitHub free accounts can also be used, no need to pay for the function only
• The file modification of the historical record is not disclosed, and the historical privacy data cannot be viewed at will
• The file list is not disclosed, and the page files that store to the secret path cannot be easily found
• Fork, clone, packaging download will not involve website data

• You can upload and download the web service of the file, such as:
  • Web server (it is recommended to upload to the same path every time, the download link is fixed, and no parameter is specified every time you run workflow)
  • File sharing services that can be downloaded directly, such as file.io (the download link of this type of service is generally not fixed, and you need to specify the parameter every time you run workflow)
• The generated static website file

• Fork in this warehouse, repository name is changed to the desired name, usually <用户名小写>.github.io (official document)
• Modify warehouse settings:
  • Settings Actions General Artifact and log retention is set to minimum value 1 day
  • Settings Pages , Source changed to GitHub Actions
• Entering Actions , the first entering will appear to warn Workflows aren't being run on this forked repository , and click I understand my workflows, go ahead and enable them button to confirm the warning.

A total of 3 parameters need to be set:

• REMOTE_FILE_URL : Must be set, the URL of the static website package file.
• REMOTE_FILE_TYPE : Must be set, the format of the static website packing file, optional: 7z , tar .
• REMOTE_FILE_PASSWORD : Optional, encrypted unlimited password (password) of static website packing files. If not encrypted, this parameter does not need to be set.

Parameters can be set at 2 positions:

• Fixed parameter: Settings Secrets Actions , click New repository secret to add it to Secrets. Just set it here, stay empty when running workflow without setting.
• Non -fixed parameters: Set at each time workflow. If there are the same parameters in the Secrets, it will be covered by the value filled in.

It is recommended to use a fixed parameter and set it to secrets, instead of specifying the parameters every time you run workflow. Because the Secrets parameter will be hidden in the log of Workflow Run, and the parameters specified when running workflow will be directly output into the log, which can be viewed publicly and cannot be hidden.

A total of 4 types of packaging files are supported, please select the type of packing files as needed. Various types and example files are as follows:

• demo/test.7z : Use 7-zip packaging compression, not encrypted
• demo/test.enc.7z : Use 7-ZIP to package compression and encryption, encrypted file name, the password is 123456
• demo/test.tar.gz : Use tar to pack compression, not encrypted
• demo/test.tar.gz.enc : Use tar to pack compression, and then use OpenSSL to encrypt. The password is 123456

Assuming that the static website file is located at /path/to/static/dir directory, the password is YOUR_PASSWORD_123456 . The following is an example of the packaging command. The operating environment is Ubuntu 20.04.

Use 7Z to package compression to /path/to/files.7z , not encrypted:

 cd /path/to/static/dir && 7z a /path/to/files.7z .

Use 7Z to pack and encrypt and encrypt into /path/to/files.7z , encrypted file name, encrypted unclean order to hard coding to command parameters:

 cd /path/to/static/dir && 7z a -mhe=on -pYOUR_PASSWORD_123456 /path/to/files.7z .

You can also use the Windows graphics interface program to pack the static website file into 7Z format.

Use TAR to pack compression to ./files.tar.gz , not encrypted:

tar --owner 0 --group 0 --numeric-owner -czvf files.tar.gz -C /path/to/static/dir .

Use TAR and OpenSSL to pack and encrypt and encrypt them to ./files.tar.gz.enc , encrypted unclean order to hard codes to command parameters:

tar --owner 0 --group 0 --numeric-owner -czvf - -C /path/to/static/dir . | openssl enc -aes-256-cbc -pbkdf2 -pass pass:YOUR_PASSWORD_123456 -in - -out files.tar.gz.enc

Upload the package file to your server or file sharing service. Use the command line to upload the packing file /path/to/files.7z to the File.io example:

curl -F ' file=@/tmp/test.bin ' https://file.io/

Actions Deploy to GitHub Pages Run workflow , fill in non -fixed parameters, click Run workflow to wait for running. After running:

• If the operation is successful, the Workflow Run will automatically delete without further operation.
• If the operation fails, the workflow run will not be deleted automatically. The logs and artifacts may contain privacy data and can be viewed publicly. Please delete all Workflow Run manually after the error is eliminated.

Finally delete the package files on the server and cancel the file sharing.

It is recommended to fix the above packaging and deployment steps into a custom script.