chore: npm run assets

Signed-off-by: Xe Iaso <me@xeiaso.net>

.github/actions/spelling/expect.txt

@@ -64,7 +64,6 @@ Codespaces
 confd
 connnection
 containerbuild
-containerregistry
 coreutils
 Cotoyogi
 Cromite
@@ -342,7 +341,6 @@ Velen
 vendored
 vhosts
 VKE
-vnd
 VPS
 Vultr
 weblate

.github/workflows/docker-pr.yml

@@ -2,7 +2,7 @@ name: Docker image builds (pull requests)
 
 on:
   pull_request:
-    branches: ["main"]
+    branches: [ "main" ]
 
 env:
   DOCKER_METADATA_SET_OUTPUT_ENV: "true"
@@ -21,20 +21,29 @@ jobs:
           fetch-depth: 0
           persist-credentials: false
 
-      - name: build essential
+      - name: Set up Homebrew
+        uses: Homebrew/actions/setup-homebrew@main
+
+      - name: Setup Homebrew cellar cache
+        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
+        with:
+          path: |
+            /home/linuxbrew/.linuxbrew/Cellar
+            /home/linuxbrew/.linuxbrew/bin
+            /home/linuxbrew/.linuxbrew/etc
+            /home/linuxbrew/.linuxbrew/include
+            /home/linuxbrew/.linuxbrew/lib
+            /home/linuxbrew/.linuxbrew/opt
+            /home/linuxbrew/.linuxbrew/sbin
+            /home/linuxbrew/.linuxbrew/share
+            /home/linuxbrew/.linuxbrew/var
+          key: ${{ runner.os }}-go-homebrew-cellar-${{ hashFiles('go.sum') }}
+          restore-keys: |
+            ${{ runner.os }}-go-homebrew-cellar-
+
+      - name: Install Brew dependencies
         run: |
-          sudo apt-get update
+          brew bundle
-          sudo apt-get install -y build-essential
-
-      - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
-        with:
-          node-version: latest
-
-      - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
-        with:
-          go-version: stable
-
-      - uses: ko-build/setup-ko@d006021bd0c28d1ce33a07e7943d48b079944c8d # v0.9
 
       - name: Docker meta
         id: meta

.github/workflows/docker.yml

@@ -27,24 +27,33 @@ jobs:
           fetch-depth: 0
           persist-credentials: false
 
-      - name: build essential
-        run: |
-          sudo apt-get update
-          sudo apt-get install -y build-essential
-
       - name: Set lowercase image name
         run: |
           echo "IMAGE=ghcr.io/${GITHUB_REPOSITORY,,}" >> $GITHUB_ENV
 
-      - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+      - name: Set up Homebrew
-        with:
+        uses: Homebrew/actions/setup-homebrew@main
-          node-version: latest
 
-      - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
+      - name: Setup Homebrew cellar cache
+        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
         with:
-          go-version: stable
+          path: |
+            /home/linuxbrew/.linuxbrew/Cellar
+            /home/linuxbrew/.linuxbrew/bin
+            /home/linuxbrew/.linuxbrew/etc
+            /home/linuxbrew/.linuxbrew/include
+            /home/linuxbrew/.linuxbrew/lib
+            /home/linuxbrew/.linuxbrew/opt
+            /home/linuxbrew/.linuxbrew/sbin
+            /home/linuxbrew/.linuxbrew/share
+            /home/linuxbrew/.linuxbrew/var
+          key: ${{ runner.os }}-go-homebrew-cellar-${{ hashFiles('go.sum') }}
+          restore-keys: |
+            ${{ runner.os }}-go-homebrew-cellar-
 
-      - uses: ko-build/setup-ko@d006021bd0c28d1ce33a07e7943d48b079944c8d # v0.9
+      - name: Install Brew dependencies
+        run: |
+          brew bundle
 
       - name: Log into registry
         uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0

.github/workflows/go.yml

@@ -2,9 +2,9 @@ name: Go
 
 on:
   push:
-    branches: ["main"]
+    branches: [ "main" ]
   pull_request:
-    branches: ["main"]
+    branches: [ "main" ]
 
 permissions:
   contents: read
@@ -15,51 +15,77 @@ jobs:
     #runs-on: alrest-techarohq
     runs-on: ubuntu-24.04
     steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+    - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-        with:
+      with:
-          persist-credentials: false
+        persist-credentials: false
 
-      - name: build essential
+    - name: build essential
-        run: |
+      run: |
-          sudo apt-get update
+        sudo apt-get update
-          sudo apt-get install -y build-essential
+        sudo apt-get install -y build-essential
 
-      - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+    - name: Set up Homebrew
-        with:
+      uses: Homebrew/actions/setup-homebrew@main
-          node-version: latest
 
-      - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
+    - name: Setup Homebrew cellar cache
-        with:
+      uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
-          go-version: stable
+      with:
+        path: |
+          /home/linuxbrew/.linuxbrew/Cellar
+          /home/linuxbrew/.linuxbrew/bin
+          /home/linuxbrew/.linuxbrew/etc
+          /home/linuxbrew/.linuxbrew/include
+          /home/linuxbrew/.linuxbrew/lib
+          /home/linuxbrew/.linuxbrew/opt
+          /home/linuxbrew/.linuxbrew/sbin
+          /home/linuxbrew/.linuxbrew/share
+          /home/linuxbrew/.linuxbrew/var
+        key: ${{ runner.os }}-go-homebrew-cellar-${{ hashFiles('go.sum') }}
+        restore-keys: |
+          ${{ runner.os }}-go-homebrew-cellar-
 
-      - name: Cache playwright binaries
+    - name: Install Brew dependencies
-        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
+      run: |
-        id: playwright-cache
+        brew bundle
-        with:
-          path: |
-            ~/.cache/ms-playwright
-          key: ${{ runner.os }}-playwright-${{ hashFiles('**/go.sum') }}
 
-      - name: install node deps
+    - name: Setup Golang caches
-        run: |
+      uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
-          npm ci
+      with:
+        path: |
+          ~/.cache/go-build
+          ~/go/pkg/mod
+        key: ${{ runner.os }}-golang-${{ hashFiles('**/go.sum') }}
+        restore-keys: |
+          ${{ runner.os }}-golang-
 
-      - name: install playwright browsers
+    - name: Cache playwright binaries
-        run: |
+      uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
-          npx --no-install playwright@1.52.0 install --with-deps
+      id: playwright-cache
-          npx --no-install playwright@1.52.0 run-server --port 9001 &
+      with:
+        path: |
+          ~/.cache/ms-playwright
+        key: ${{ runner.os }}-playwright-${{ hashFiles('**/go.sum') }}
 
-      - name: Build
+    - name: install node deps
-        run: npm run build
+      run: |
+        npm ci
 
-      - name: Test
+    - name: install playwright browsers
-        run: npm run test
+      run: |
+        npx --no-install playwright@1.52.0 install --with-deps
+        npx --no-install playwright@1.52.0 run-server --port 9001 &
 
-      - name: Lint with staticcheck
+    - name: Build
-        uses: dominikh/staticcheck-action@024238d2898c874f26d723e7d0ff4308c35589a2 # v1.4.0
+      run: npm run build
-        with:
-          version: "latest"
 
-      - name: Govulncheck
+    - name: Test
-        run: |
+      run: npm run test
-          go tool govulncheck ./...
+
+    - name: Lint with staticcheck
+      uses: dominikh/staticcheck-action@024238d2898c874f26d723e7d0ff4308c35589a2 # v1.4.0
+      with:
+        version: "latest"
+
+    - name: Govulncheck
+      run: |
+        go tool govulncheck ./...

.github/workflows/package-builds-stable.yml

@@ -25,13 +25,39 @@ jobs:
           sudo apt-get update
           sudo apt-get install -y build-essential
 
-      - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+      - name: Set up Homebrew
-        with:
+        uses: Homebrew/actions/setup-homebrew@main
-          node-version: latest
 
-      - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
+      - name: Setup Homebrew cellar cache
+        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
         with:
-          go-version: stable
+          path: |
+            /home/linuxbrew/.linuxbrew/Cellar
+            /home/linuxbrew/.linuxbrew/bin
+            /home/linuxbrew/.linuxbrew/etc
+            /home/linuxbrew/.linuxbrew/include
+            /home/linuxbrew/.linuxbrew/lib
+            /home/linuxbrew/.linuxbrew/opt
+            /home/linuxbrew/.linuxbrew/sbin
+            /home/linuxbrew/.linuxbrew/share
+            /home/linuxbrew/.linuxbrew/var
+          key: ${{ runner.os }}-go-homebrew-cellar-${{ hashFiles('go.sum') }}
+          restore-keys: |
+            ${{ runner.os }}-go-homebrew-cellar-
+
+      - name: Install Brew dependencies
+        run: |
+          brew bundle
+
+      - name: Setup Golang caches
+        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
+        with:
+          path: |
+            ~/.cache/go-build
+            ~/go/pkg/mod
+          key: ${{ runner.os }}-golang-${{ hashFiles('**/go.sum') }}
+          restore-keys: |
+            ${{ runner.os }}-golang-
 
       - name: install node deps
         run: |

.github/workflows/package-builds-unstable.yml

@@ -2,9 +2,9 @@ name: Package builds (unstable)
 
 on:
   push:
-    branches: ["main"]
+    branches: [ "main" ]
   pull_request:
-    branches: ["main"]
+    branches: [ "main" ]
 
 permissions:
   contents: read
@@ -15,34 +15,60 @@ jobs:
     #runs-on: alrest-techarohq
     runs-on: ubuntu-24.04
     steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+    - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-        with:
+      with:
-          persist-credentials: false
+        persist-credentials: false
-          fetch-tags: true
+        fetch-tags: true
-          fetch-depth: 0
+        fetch-depth: 0
 
-      - name: build essential
+    - name: build essential
-        run: |
+      run: |
-          sudo apt-get update
+        sudo apt-get update
-          sudo apt-get install -y build-essential
+        sudo apt-get install -y build-essential
 
-      - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4.4.0
+    - name: Set up Homebrew
-        with:
+      uses: Homebrew/actions/setup-homebrew@main
-          node-version: latest
 
-      - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0
+    - name: Setup Homebrew cellar cache
-        with:
+      uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
-          go-version: stable
+      with:
+        path: |
+          /home/linuxbrew/.linuxbrew/Cellar
+          /home/linuxbrew/.linuxbrew/bin
+          /home/linuxbrew/.linuxbrew/etc
+          /home/linuxbrew/.linuxbrew/include
+          /home/linuxbrew/.linuxbrew/lib
+          /home/linuxbrew/.linuxbrew/opt
+          /home/linuxbrew/.linuxbrew/sbin
+          /home/linuxbrew/.linuxbrew/share
+          /home/linuxbrew/.linuxbrew/var
+        key: ${{ runner.os }}-go-homebrew-cellar-${{ hashFiles('go.sum') }}
+        restore-keys: |
+          ${{ runner.os }}-go-homebrew-cellar-
 
-      - name: install node deps
+    - name: Install Brew dependencies
-        run: |
+      run: |
-          npm ci
+        brew bundle
 
-      - name: Build Packages
+    - name: Setup Golang caches
-        run: |
+      uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
-          go tool yeet
+      with:
+        path: |
+          ~/.cache/go-build
+          ~/go/pkg/mod
+        key: ${{ runner.os }}-golang-${{ hashFiles('**/go.sum') }}
+        restore-keys: |
+          ${{ runner.os }}-golang-
 
-      - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
+    - name: install node deps
-        with:
+      run: |
-          name: packages
+        npm ci
-          path: var/*
+
+    - name: Build Packages
+      run: |
+        go tool yeet
+
+    - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
+      with:
+        name: packages
+        path: var/*

.github/workflows/smoke-tests.yml

@@ -15,7 +15,6 @@ jobs:
       matrix:
         test:
           - default-config-macro
-          - docker-registry
           - double_slash
           - forced-language
           - git-clone

VERSION

@@ -1 +1 @@
-1.23.1
+1.23.0

data/clients/docker-client.yaml

@@ -1,25 +0,0 @@
-- name: allow-docker-client
-  action: ALLOW
-  expression:
-    all:
-      - path.startsWith("/v2/")
-      - userAgent.contains("docker/")
-      - userAgent.contains("git-commit/")
-      - '"Accept" in headers'
-      - headers["Accept"].contains("vnd.docker.distribution")
-      - '"Baggage" in headers'
-      - headers["Baggage"].contains("trigger")
-
-- name: allow-crane-client
-  action: ALLOW
-  expression:
-    all:
-      - userAgent.contains("crane/")
-      - userAgent.contains("go-containerregistry/")
-
-- name: allow-docker-distribution-api-client
-  action: ALLOW
-  expression:
-    all:
-      - '"Docker-Distribution-Api-Version" in headers'
-      - '!(userAgent.contains("Mozilla"))'

docs/docs/CHANGELOG.md

@@ -13,35 +13,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 <!-- This changes the project to: -->
 
-## v1.23.1: Lyse Hext - Echo 1
+- Fix `SERVE_ROBOTS_TXT` setting file after the double slash fix broke it.
-
+- Remove the default configuration rule to block Tencent cloud. If users see abuse from Tencent cloud IP ranges, please contact abuse@tencent.com and mention that you are using Anubis to protect your services. Please include source IP address, source port, timestamp, target IP address, target port, request headers (including the User-Agent header), and target endpoints/patterns.
-- Fix `SERVE_ROBOTS_TXT` setting after the double slash fix broke it.
-
-### Potentially breaking changes
-
-#### Remove default Tencent Cloud block rule
-
-v1.23.0 added a default rule to block Tencent Cloud. After an email from their abuse team where they promised to take action to clean up their reputation, I have removed the default block rule. If this network causes you problems, please contact [abuse@tencent.com](mailto:abuse@tencent.com) and supply the following information:
-
-- Time of abusive requests.
-- IP address, User-Agent header, or other unique identifiers that can help the abuse team educate the customer about their misbehaving infrastructure.
-- Does the abusive IP address request robots.txt? If not, be sure to include that information.
-- A brief description of the impact to your system such as high system load, pages not rendering, or database system crashes. This helps the provider establish the fact that their customer is causing you measurable harm.
-- Context as to what your service is, what it does, and why they should care.
-
-Mention that you are using Anubis or BotStopper to protect your services. If they do not respond to you, please [contact me](https://xeiaso.net/contact) as soon as possible.
-
-#### Docker / OCI registry clients
-
-Anubis v1.23.0 accidentally blocked Docker / OCI registry clients. In order to explicitly allow them, add an import for `(data)/clients/docker-client.yaml`:
-
-```yaml
-bots:
-  - import: (data)/meta/default-config.yaml
-  - import: (data)/clients/docker-client.yaml
-```
-
-This is technically a regression as these clients used to work in Anubis v1.22.0, however it is allowable to make this opt-in as most websites do not expect to be serving Docker / OCI registry client traffic.
 
 ## v1.23.0: Lyse Hext
 

docs/docs/admin/roles/_category_.json

@@ -1,8 +0,0 @@
-{
-  "label": "Server Roles",
-  "position": 40,
-  "link": {
-    "type": "generated-index",
-    "description": "Various server roles you will need to keep in mind with Anubis."
-  }
-}

docs/docs/admin/roles/oci-registry.mdx

@@ -1,10 +0,0 @@
-# OCI Registries
-
-If you are serving an OCI registry behind Anubis, you will need to import the `(data)/clients/docker-client.yaml` file in order to make sure that OCI registry clients can download images:
-
-```yaml
-bots:
-  - import: (data)/meta/default-config.yaml
-  - import: (data)/clients/docker-client.yaml
-# ... the rest of your config
-```

package-lock.json

@@ -1,12 +1,12 @@
 {
   "name": "@techaro/anubis",
-  "version": "1.23.1",
+  "version": "1.23.0",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "@techaro/anubis",
-      "version": "1.23.1",
+      "version": "1.23.0",
       "license": "ISC",
       "dependencies": {
         "@aws-crypto/sha256-js": "^5.2.0",

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@techaro/anubis",
-  "version": "1.23.1",
+  "version": "1.23.0",
   "description": "",
   "main": "index.js",
   "scripts": {

test/docker-registry/anubis.yaml

@@ -1,7 +0,0 @@
-bots:
-  - import: (data)/meta/default-config.yaml
-  - import: (data)/clients/docker-client.yaml
-
-status_codes:
-  CHALLENGE: 200
-  DENY: 403

test/docker-registry/docker-compose.yaml

@@ -1,30 +0,0 @@
-services:
-  registry:
-    image: distribution/distribution:edge
-    restart: always
-
-  relayd:
-    image: ghcr.io/xe/x/relayd
-    pull_policy: always
-    environment:
-      CERT_DIR: /etc/techaro/pki/registry.local.cetacean.club
-      CERT_FNAME: cert.pem
-      KEY_FNAME: key.pem
-      PROXY_TO: http://anubis:3000
-    ports:
-      - 3004:3004
-    volumes:
-      - ../pki/registry.local.cetacean.club:/etc/techaro/pki/registry.local.cetacean.club
-
-  anubis:
-    image: ko.local/anubis
-    restart: always
-    environment:
-      BIND: ":3000"
-      TARGET: http://registry:5000
-      POLICY_FNAME: /etc/techaro/anubis.yaml
-      USE_REMOTE_ADDRESS: "true"
-    ports:
-      - 3000
-    volumes:
-      - ./anubis.yaml:/etc/techaro/anubis.yaml

test/docker-registry/test.sh

@@ -1,29 +0,0 @@
-#!/usr/bin/env bash
-
-set -eo pipefail
-
-export VERSION=${GITHUB_SHA}-test
-export KO_DOCKER_REPO=ko.local
-
-set -u
-
-source ../lib/lib.sh
-
-build_anubis_ko
-
-function cleanup() {
-	docker compose down
-}
-
-trap cleanup EXIT SIGINT
-
-mint_cert registry.local.cetacean.club
-
-docker compose up -d
-
-backoff-retry skopeo \
-	--insecure-policy \
-	copy \
-	--dest-tls-verify=false \
-	docker://hello-world \
-	docker://registry.local.cetacean.club:3004/hello-world

test/docker-registry/var/.gitignore

@@ -1,2 +0,0 @@
-*
-!.gitignore

test/git-push/test.sh

@@ -2,7 +2,7 @@
 
 set -eo pipefail
 
-export VERSION=${GITHUB_SHA}-test
+export VERSION=$GITHUB_COMMIT-test
 export KO_DOCKER_REPO=ko.local
 
 set -u
@@ -21,16 +21,16 @@ docker compose up -d
 sleep 2
 
 (
-	cd var &&
+  cd var && \
-		mkdir foo &&
+  mkdir foo && \
-		cd foo &&
+  cd foo && \
-		git init &&
+  git init && \
-		touch README &&
+  touch README && \
-		git add . &&
+  git add . && \
-		git config user.name "Anubis CI" &&
+  git config user.name "Anubis CI" && \
-		git config user.email "social+anubis-ci@techaro.lol" &&
+  git config user.email "social+anubis-ci@techaro.lol" && \
-		git commit -sm "initial commit" &&
+  git commit -sm "initial commit" && \
-		git push -u http://localhost:3000/git/foo.git master
+  git push -u http://localhost:3000/git/foo.git master
 )
 
 exit 0