Update build.sh

.gitignore

@@ -0,0 +1 @@
+.idea/

build.sh

@@ -1,22 +1,22 @@
-#!/bin/bash 
+#!/bin/bash
 
 ################################################
 # Check repo is running on isomer v2 template. #
 ################################################
-if ! grep -Fxq "remote_theme: isomerpages/isomerpages-template@next-gen" /opt/build/repo/_config.yml; then
- echo "$1 is not on isomerpages/isomerpages-template@next-gen"
- exit 1
+if ! grep -Fxq "remote_theme: isomerpages/isomerpages-template@next-gen" _config.yml; then
+ echo "$1 is not on isomerpages/isomerpages-template@next-gen"
+ exit 1
 fi
 
-#################################################################
-# Override netlify.toml with centrally-hosted netlify.toml file #
-#################################################################
-curl https://raw.githubusercontent.com/opengovsg/isomer-build/master/overrides/netlify.toml -o /opt/build/repo/netlify.toml
+#####################################################################
+# Override customHttp.yml with centrally-hosted customHttp.yml file #
+#####################################################################
+curl https://raw.githubusercontent.com/opengovsg/isomer-build/amplify/overrides/customHttp.yml -o customHttp.yml
 
 ###################################################################
 # Obtain config override file to enforce plugins and remote theme #
 ###################################################################
-curl https://raw.githubusercontent.com/opengovsg/isomer-build/master/overrides/_config-override.yml -o /opt/build/repo/_config-override.yml
+curl https://raw.githubusercontent.com/opengovsg/isomer-build/master/overrides/_config-override.yml -o _config-override.yml
 
 #####################################################
 # Delete custom plugins from _plugins folder if any #
@@ -28,13 +28,13 @@ rm -rf _plugins
 # The Gemfile can either reference isomer-jekyll #
 # or github-pages #
 ##################################################
-curl https://raw.githubusercontent.com/opengovsg/isomer-build/master/overrides/Gemfile-github-pages -o /opt/build/repo/Gemfile-github-pages
-curl https://raw.githubusercontent.com/opengovsg/isomer-build/master/overrides/Gemfile-isomer-jekyll -o /opt/build/repo/Gemfile-isomer-jekyll
-diff_line_count_github_pages_gemfile=$(diff --ignore-space-change /opt/build/repo/Gemfile /opt/build/repo/Gemfile-github-pages | wc -l)
-diff_line_count_isomer_jekyll_gemfile=$(diff --ignore-space-change /opt/build/repo/Gemfile /opt/build/repo/Gemfile-isomer-jekyll | wc -l)
-if (( diff_line_count_github_pages_gemfile > 0 && diff_line_count_isomer_jekyll_gemfile > 0 )); then
- echo "Gemfile was tampered with"
- exit 1
+curl https://raw.githubusercontent.com/opengovsg/isomer-build/master/overrides/Gemfile-github-pages -o Gemfile-github-pages
+curl https://raw.githubusercontent.com/opengovsg/isomer-build/master/overrides/Gemfile-isomer-jekyll -o Gemfile-isomer-jekyll
+diff_line_count_github_pages_gemfile=$(diff --ignore-space-change Gemfile Gemfile-github-pages | wc -l)
+diff_line_count_isomer_jekyll_gemfile=$(diff --ignore-space-change Gemfile Gemfile-isomer-jekyll | wc -l)
+if ((diff_line_count_github_pages_gemfile > 0 && diff_line_count_isomer_jekyll_gemfile > 0)); then
+ echo "Gemfile was tampered with"
+ exit 1
 fi
 
 ###############################################################
@@ -44,14 +44,24 @@ fi
 collections=$(find . -path ./_site -prune -false -o -name collection.yml -type f)
 var=$(echo $collections | sed 's/ .\//,.\//g')
 
-env='development'
-while getopts "e:" opt; do
- case $opt in
- e) env=$OPTARG ;;
- *) echo 'error' >&2
- exit 1
- esac
-done
-
-# netlify build
-JEKYLL_ENV=$env git lfs install && jekyll build --config _config.yml",$var",/opt/build/repo/_config-override.yml
+#################################
+# Install git lfs, if available #
+#################################
+if git lfs install; then
+ echo "git lfs installed"
+else
+ echo "git lfs not installed"
+fi
+
+FILE="Gemfile.lock"
+
+if [ -f "$FILE" ]; then
+ echo "The file $FILE exists. Removing it."
+else
+ echo "The file $FILE does not exist."
+fi
+
+curl "https://raw.githubusercontent.com/isomerpages/isomerpages-template/next-gen/Gemfile.lock"
+
+# Amplify build
+bundle exec jekyll build --config _config.yml",$var",_config-override.yml

overrides/_config-override.yml

@@ -8,4 +8,6 @@ plugins:
 
 # Approved remote_theme
 remote_theme: isomerpages/isomerpages-template@next-gen
-safe: false
+safe: false
+sass:
+ style: compressed

overrides/customHttp.yml

@@ -0,0 +1,164 @@
+# Changes to this file should be copied to overrides/netlify.toml in the master branch.
+customHeaders:
+ - pattern: "**/*"
+ headers:
+ - key: X-XSS-Protection
+ value: 1; mode=block
+ - key: Referrer-Policy
+ value: strict-origin-when-cross-origin
+ - key: X-Content-Type-Options
+ value: nosniff
+ - key: X-Frame-Options
+ value: deny
+ - key: Strict-Transport-Security
+ # This header is added automatically by Netlify and KeyCDN.
+ value: max-age=31536000; includeSubDomains; preload
+ - key: Content-Security-Policy
+ # Amplify requires all lines in a multi-line string to have the same indentation.
+ value: >-
+ default-src 
+ 'self'
+ https://*.dcube.cloud/
+ ; 
+ script-src 
+ 'self' 
+ 'sha256-nWKjNpDy9BIIH8p69UATrM+dYfeHm3RCw7s03nOoDC0=' # Script for GTM tag
+ blob: 
+ https://assets.dcube.cloud 
+ https://*.wogaa.sg 
+ https://assets.adobedtm.com 
+ https://www.google-analytics.com 
+ https://cdnjs.cloudflare.com 
+ https://va.ecitizen.gov.sg 
+ https://*.cloudfront.net 
+ https://printjs-4de6.kxcdn.com 
+ https://unpkg.com 
+ https://unpkg.com/web-vitals
+ https://wogadobeanalytics.sc.omtrdc.net 
+ https://connect.facebook.net 
+ https://graph.facebook.com 
+ https://facebook.com 
+ https://www.facebook.com 
+ https://*.googletagmanager.com
+ https://*.licdn.com 
+ https://webchat.vica.gov.sg 
+ https://vica.gov.sg
+ https://www.google.com/recaptcha/
+ https://www.gstatic.com/recaptcha/
+ https://api-chat-fe-flag.vica.gov.sg
+ https://static.zdassets.com
+ https://ekr.zdassets.com
+ https://*.zendesk.com
+ https://*.zopim.com
+ https://www.instagram.com
+ https://script.wiz.gov.sg/widget.js
+ https://script-staging.wiz.gov.sg/widget.js
+ wss://*.zendesk.com
+ wss://*.zopim.com
+ https://*.dcube.cloud/
+ https://console.apac.sabio.cloud/
+ https://console-flex-api.ap.sabio.cloud/
+ https://cdn.jsdelivr.net/npm/[email protected]/dist/algoliasearch-lite.umd.js
+ https://cdn.jsdelivr.net/npm/[email protected]/dist/instantsearch.production.min.js
+ ; 
+ object-src 
+ 'self'
+ ; 
+ style-src 
+ 'self' 
+ 'unsafe-inline'
+ https://fonts.googleapis.com/ 
+ https://*.cloudfront.net 
+ https://va.ecitizen.gov.sg 
+ https://*.wogaa.sg 
+ https://cdnjs.cloudflare.com 
+ https://datagovsg.github.io 
+ https://webchat.vica.gov.sg 
+ https://vica.gov.sg
+ https://unpkg.com
+ https://script.wiz.gov.sg/widget.css
+ https://script-staging.wiz.gov.sg/widget.css
+ https://assets.dcube.cloud/
+ https://console.apac.sabio.cloud/
+ https://console-flex-api.ap.sabio.cloud
+ https://cdn.jsdelivr.net/npm/instantsearch.css@7/themes/satellite-min.css
+ ; 
+ img-src 
+ *
+ ; 
+ media-src 
+ *
+ ; 
+ frame-src 
+ https://form.gov.sg/ 
+ https://wogaa.demdex.net/ 
+ https://*.youtube.com 
+ https://*.youtube-nocookie.com 
+ https://*.vimeo.com 
+ https://vimeo.com
+ https://www.google.com 
+ https://checkfirst.gov.sg 
+ https://www.checkfirst.gov.sg 
+ https://docs.google.com 
+ https://nlb.ap.panopto.com
+ https://www.google.com/recaptcha/
+ https://accounts.google.com
+ https://www.gstatic.com/recaptcha/
+ https://data.gov.sg
+ https://*.data.gov.sg
+ https://calendar.google.com
+ https://datastudio.google.com
+ https://lookerstudio.google.com
+ https://*.fls.doubleclick.net
+ https://www.facebook.com
+ https://m.facebook.com/
+ https://www.instagram.com
+ https://api.id.gov.sg/
+ ; 
+ frame-ancestors 
+ 'none'
+ ; 
+ font-src 
+ * 
+ data:
+ ; 
+ connect-src 
+ 'self' 
+ https://dpm.demdex.net 
+ https://*.google-analytics.com
+ https://analytics.google.com
+ https://*.googletagmanager.com 
+ https://stats.g.doubleclick.net 
+ https://*.wogaa.sg 
+ https://va.ecitizen.gov.sg 
+ https://ifaqs.flexanswer.com 
+ https://*.cloudfront.net 
+ https://fonts.googleapis.com 
+ https://cdnjs.cloudflare.com 
+ https://wogadobeanalytics.sc.omtrdc.net 
+ https://data.gov.sg 
+ https://api-production.data.gov.sg
+ https://api.isomer.gov.sg
+ https://webchat.vica.gov.sg
+ https://chat.vica.gov.sg
+ https://vica.gov.sg
+ https://s3-va-prd-vica.s3-ap-southeast-1.amazonaws.com
+ wss://chat.vica.gov.sg
+ https://api-vica-ana.vica.gov.sg/api/v1/response-ratings
+ https://api-chat-fe-flag.vica.gov.sg
+ https://static.zdassets.com
+ https://ekr.zdassets.com
+ https://*.zendesk.com
+ https://*.zopim.com
+ https://ask.gov.sg
+ https://staging.ask.gov.sg
+ wss://*.zendesk.com
+ wss://*.zopim.com
+ https://*.dcube.cloud/
+ https://console-flex-api.ap.sabio.cloud
+ https://console.apac.sabio.cloud/
+ https://authmiddleware.ap.sabio.cloud
+ https://*.algolia.net
+ https://*.algolianet.com
+ https://*.algolia.io
+ ;