Fixes broken links generated on relative URLs

.editorconfig

@@ -0,0 +1,7 @@
+root = true
+
+[*.{yaml,yml}]
+indent_size = 4
+
+[*.py]
+indent_size = 4

.gitignore

@@ -13,4 +13,5 @@ node_modules/
 
 # Temporal content
 checkouts/
-static/img/checkouts/
+static/img/checkouts/
+data/releases.yaml

CODEOWNERS

@@ -1 +1 @@
-* @sanderson042 @mchurichi @ajessup @drrt @evan2645 @umairmkhan
+* @sanderson042 @mchurichi @ajessup @Andres-GC @evan2645 @umairmkhan

Dockerfile.linkchecker

@@ -0,0 +1,9 @@
+FROM python:3.7-alpine
+
+ENV HOME /tmp
+
+RUN pip install linkchecker
+
+ADD linkcheckerrc .
+
+ENTRYPOINT [ "linkchecker" ]

Makefile

@@ -18,12 +18,12 @@ serve-with-releases:
 		--buildFuture \
 		--disableFastRender
 
-production-build: pull-external-content
+production-build: ci-check-links
 	hugo \
 		--gc \
 		--ignoreCache
 
-preview-build: pull-external-content
+preview-build: ci-check-links
 	hugo \
 		--gc \
 		--ignoreCache \
@@ -49,4 +49,22 @@ docker-serve-with-releases: docker-build
 		spiffe.io:latest
 
 pull-external-content:
-	python ./pull_external.py
+	python ./pull_external.py
+
+ci-check-links: pull-external-content
+	echo "Running Hugo server..." && \
+	hugo server -p 1212 & \
+	sleep 2 && \
+	echo "Running links checker..." && \
+	linkchecker -f linkcheckerrc http://localhost:1212; \
+	echo "Stopping Hugo server..." && \
+	pkill hugo
+
+check-links:
+	pipenv run linkchecker -f linkcheckerrc http://localhost:1313
+
+docker-check-links-build:
+	docker build -f Dockerfile.linkchecker -t linkchecker .
+
+docker-check-links: docker-check-links-build
+	docker run --rm -it -u $(shell id -u):$(shell id -g) --net host linkchecker -f linkcheckerrc http://localhost:1313

Pipfile

@@ -12,6 +12,8 @@ argh = "*"
 [packages]
 pyyaml = "~=5.3"
 toml = "~=0.10.1"
+requests = "~=2.25.1"
+linkchecker = "~=10.0.1"
 
 [requires]
 python_version = "3.7"

README.md

@@ -66,6 +66,26 @@ Web Server is available at //localhost:1313/ (bind address 0.0.0.0)
 
 The website is now available at [`http://localhost:1313`](http://localhost:1313). Changes in the Markdown files or the [external content descriptor file](./external.yaml) trigger a rebuild of the site. After the rebuild, the site is reloaded in your browser.
 
+### Checking for broken links
+
+It is common that URLs you are pointing to get deprecated or moved somewhere else over time, leading to broken links on our website.
+
+In order to avoid this, there is a tool that lets you check whether there are broken links in the whole website or not.
+
+First, make sure you are serving the website locally using the `-with-releases` form of the script (`make docker-serve-with-releases` or `make serve-with-releases`), and that it is accessible at `http://localhost:1313`, then run the following command:
+
+```shell
+make docker-check-links # if you are using Docker to serve the website
+```
+
+or
+
+```shell
+make check-links # if you are using a local toolchain to serve the website
+```
+
+The tool will crawl your local website and report if there's any broken link on it. If there's any, and you can't create a PR to fix the link right away, please [file an issue on GitHub](https://github.com/spiffe/spiffe.io/issues/new)
+
 ## Publishing the site
 
 The site is published automatically by [Netlify](https://netlify.com). Whenever you merge pull requests to `master`, the site is automatically built and published in about a minute. **There's no need to handle this manually**.

assets/sass/custom.sass

@@ -107,4 +107,7 @@
 
 a
   code
-    color: $link
+    color: $link
+
+.non-actionable
+  cursor: default

config.toml

@@ -7,6 +7,7 @@ canonifyurls = true
 googleAnalytics = "UA-99605331-1"
 enableGitInfo = true
 publicUrl = "https://spiffe.io"
+spireGitHubUrl = "https://github.com/spiffe/spire"
 
 [markup]
   [markup.tableOfContents]

content/docs/latest/deploying/install-agents.md

@@ -13,7 +13,7 @@ aliases:
 
 Pre-built SPIRE releases can be found on the [SPIRE downloads page](/downloads/#spire-releases). The tarballs contain both server and agent binaries.
 
-If you wish, you may also [build SPIRE from source](https://github.com/spiffe/spire/blob/master/CONTRIBUTING.md).
+If you wish, you may also [build SPIRE from source](https://github.com/spiffe/spire/blob/{{< spire-latest "tag" >}}/CONTRIBUTING.md).
 
 ## Step 2: Install the Server and Agent {#step-2}
 

content/docs/latest/deploying/libraries.md

@@ -13,21 +13,24 @@ You can use one of the following libraries to fetch SVIDs and trust bundles from
 
 The following code samples demonstrate how to use the libraries to establish and maintain SPIFFE-enabled connections transparently between applications.
 
-# C++
+# C, C++
+
+See the [c-spiffe library GitHub page](https://github.com/HewlettPackard/c-spiffe) for more information about a SPIFFE C/C++ library. This library is not yet part of the official SPIFFE repo and is still under development in June 2021. An earlier official c-spiffe library became out-of-date and was archived.
 
-See the [c-spiffe library GitHub page](https://github.com/spiffe/c-spiffe) for more information about the SPIFFE C++ library. 
 
 # Go
 
-See the [go-spiffe library GitHub page](https://github.com/spiffe/go-spiffe/tree/master/v2) for more information about the SPIFFE Go library. 
+See the [go-spiffe library GitHub page](https://github.com/spiffe/go-spiffe/tree/main/v2) for more information about the SPIFFE Go library. 
 
-* [SPIFFE to SPIFFE authentication using X.509 SVIDs](https://github.com/spiffe/go-spiffe/tree/master/v2/examples/spiffe-tls)
+* [SPIFFE to SPIFFE authentication using X.509 SVIDs](https://github.com/spiffe/go-spiffe/tree/main/v2/examples/spiffe-tls)
 
-* [SPIFFE to SPIFFE authentication using JWT SVIDs](https://github.com/spiffe/go-spiffe/tree/master/v2/examples/spiffe-jwt-using-proxy)
+* [SPIFFE to SPIFFE authentication using JWT SVIDs](https://github.com/spiffe/go-spiffe/tree/main/v2/examples/spiffe-jwt-using-proxy)
 
 # Java
 
-See the [java-spiffe library GitHub page](https://github.com/spiffe/java-spiffe) for more information about the SPIFFE Java library. 
+See the [java-spiffe library GitHub page](https://github.com/spiffe/java-spiffe) for more information about the SPIFFE Java library.
 
-* [Federation and TCP Support](https://github.com/spiffe/spiffe-example/tree/master/java-spiffe-federation-jboss)
+# Rust
 
+See the [spiffe crate](https://crates.io/crates/spiffe) for more information about the SPIFFE Rust library.
+This library is not yet part of the official SPIFFE repo and is still under development. 

content/docs/latest/deploying/registering.md

@@ -21,7 +21,7 @@ The server will send to the agent a list of all registration entries for workloa
 
 During workload attestation, the agent discovers selectors and compares them to those in the cached registration entries to determine which SVIDs they should assign to the workload.  
 
-You register a workload either by issuing the `spire-server entry create` command at the command line or calling directly into the Registration API, as described in the [Registration API documentation](https://github.com/spiffe/spire/blob/master/proto/spire/api/registration/registration.proto). Existing entries can be modified using the `spire-server entry update` command.
+You register a workload either by issuing the `spire-server entry create` command at the command line or calling directly into the Registration API, as described in the [Registration API documentation](https://github.com/spiffe/spire/blob/{{< spire-latest "tag" >}}/proto/spire/api/registration/registration.proto). Existing entries can be modified using the `spire-server entry update` command.
 
 {{< info >}}
 When running on Kubernetes, a common way to invoke commands on the SPIRE Server is through the `kubectl exec` command on a pod running the SPIRE Server. For example:
@@ -34,7 +34,7 @@ kubectl exec -n spire spire-server-0 -- \
 ```
 {{< /info >}}
 
-To learn more about the `spire-server entry create` and `spire-server entry update` commands and options, consult the [SPIRE Server reference guide](https://github.com/spiffe/spire/blob/master/doc/spire_server.md).
+To learn more about the `spire-server entry create` and `spire-server entry update` commands and options, consult the [SPIRE Server reference guide](/docs/latest/deploying/spire_server/).
 
 # How to register a workload
 
@@ -62,9 +62,9 @@ Different selectors are available depending on the platform or architecture on w
 
 | For a list of supported selectors for this platform | Go here |
 | ---------------- | ----------- |
-| **Kubernetes**       | The [configuration reference page for the Kubernetes Node Attestor](https://github.com/spiffe/spire/blob/master/doc/plugin_server_nodeattestor_k8s_sat.md)
-| **AWS**       | The [configuration reference page for the AWS Node Resolver](https://github.com/spiffe/spire/blob/master/doc/plugin_server_noderesolver_aws_iid.md)
-| **Azure**       | The [configuration reference page for the Azure Managed Service Identity Node Resolver](https://github.com/spiffe/spire/blob/master/doc/plugin_server_noderesolver_azure_msi.md)
+| **Kubernetes**       | The [configuration reference page for the Kubernetes Node Attestor](https://github.com/spiffe/spire/blob/{{< spire-latest "tag" >}}/doc/plugin_server_nodeattestor_k8s_sat.md)
+| **AWS**       | The [configuration reference page for the AWS Node Resolver](https://github.com/spiffe/spire/blob/{{< spire-latest "tag" >}}/doc/plugin_server_noderesolver_aws_iid.md)
+| **Azure**       | The [configuration reference page for the Azure Managed Service Identity Node Resolver](https://github.com/spiffe/spire/blob/{{< spire-latest "tag" >}}/doc/plugin_server_noderesolver_azure_msi.md)
 
 ## 2. Defining the SPIFFE ID of the Workload
 
@@ -81,9 +81,9 @@ spire-server entry create \
 
 | For a list of supported selectors for this platform | Go here |
 | ---------------- | ----------- |
-| **Unix**       | The [configuration reference page for the Unix Workload Attestor](https://github.com/spiffe/spire/blob/master/doc/plugin_agent_workloadattestor_unix.md)
-| **Kubernetes** | The [configuration reference page for the Kubernetes Workload Attestor](https://github.com/spiffe/spire/blob/master/doc/plugin_agent_workloadattestor_k8s.md)
-| **Docker** | The [configuration reference page for the Docker Workload Attestor](https://github.com/spiffe/spire/blob/master/doc/plugin_agent_workloadattestor_docker.md)
+| **Unix**       | The [configuration reference page for the Unix Workload Attestor](https://github.com/spiffe/spire/blob/{{< spire-latest "tag" >}}/doc/plugin_agent_workloadattestor_unix.md)
+| **Kubernetes** | The [configuration reference page for the Kubernetes Workload Attestor](https://github.com/spiffe/spire/blob/{{< spire-latest "tag" >}}/doc/plugin_agent_workloadattestor_k8s.md)
+| **Docker** | The [configuration reference page for the Docker Workload Attestor](https://github.com/spiffe/spire/blob/{{< spire-latest "tag" >}}/doc/plugin_agent_workloadattestor_docker.md)
 
 # How to list registration entries
 
@@ -101,7 +101,7 @@ For example, to list all registration entries that match a set of EC2 instances
 spire-server entry show -selector tag:app:webserver
 ```
 
-To learn more about the `spire-server entry show` command and options, consult the [SPIRE Server reference guide](https://github.com/spiffe/spire/blob/master/doc/spire_server.md).
+To learn more about the `spire-server entry show` command and options, consult the [SPIRE Server reference guide](/docs/latest/deploying/spire_server/).
 
 # How to remove registration entries
 
@@ -113,7 +113,7 @@ For example:
 spire-server entry delete -entryID 92f4518e-61c9-420d-b984-074afa7c7002
 ```
 
-To learn more about the `spire-server entry delete` command and options, consult the [SPIRE Server reference guide](https://github.com/spiffe/spire/blob/master/doc/spire_server.md).
+To learn more about the `spire-server entry delete` command and options, consult the [SPIRE Server reference guide](/docs/latest/deploying/spire_server/).
 
 # Mapping Workloads to Multiple Nodes
 

content/docs/latest/deploying/svids.md

@@ -19,13 +19,13 @@ Developers coding a new workload that needs to interact with SPIFFE can interact
 
 * Generate short-lived keys and certificates on behalf of the workload, specifically:
  * A private key tied to that SPIFFE ID that can be used to sign data on behalf of the workload. 
- * A corresponding short-lived X.509 certificate - an [X509-SVID](https://github.com/spiffe/spiffe/blob/master/standards/X509-SVID.md). This can be used to establish TLS or otherwise authenticate to other workloads.
+ * A corresponding short-lived X.509 certificate - an [X509-SVID](https://github.com/spiffe/spiffe/blob/main/standards/X509-SVID.md). This can be used to establish TLS or otherwise authenticate to other workloads.
  * A set of certificates – known as a [trust bundle](/docs/latest/spiffe/concepts/#trust-bundle) – that a workload can use to verify an X.509-SVID presented by another workload in the same trust domain or a federated trust domain.
-* Generate or validate JSON Web Tokens ([JWT-SVIDs](https://github.com/spiffe/spiffe/blob/master/standards/JWT-SVID.md)) issued on behalf of the workload or another workload in the same trust domain or a federated trust domain.
+* Generate or validate JSON Web Tokens ([JWT-SVIDs](https://github.com/spiffe/spiffe/blob/main/standards/JWT-SVID.md)) issued on behalf of the workload or another workload in the same trust domain or a federated trust domain.
 
 The Workload API doesn't require any explicit authentication (such as a secret). Rather, the SPIFFE specification leaves it to implementation of the SPIFFE Workload API to determine how to authenticate the workload. In the case of SPIRE, this is achieved by inspecting the Unix kernel metadata collected by the SPIRE Agent when a workload calls the API.
 
-The API is a gRPC API, derived [from a protobuf](https://github.com/spiffe/go-spiffe/blob/master/proto/spiffe/workload/workload.proto). The [gRPC project](https://grpc.io/) provides tools to generate client libraries from a protobuf in a variety of languages.
+The API is a gRPC API, derived [from a protobuf](https://github.com/spiffe/go-spiffe/blob/main/proto/spiffe/workload/workload.proto). The [gRPC project](https://grpc.io/) provides tools to generate client libraries from a protobuf in a variety of languages.
 
 ## Working with SVIDs in Go 
 
@@ -62,4 +62,4 @@ will:
 3.   Write the X.509-SVID, private key associated with each of those identities to `/tmp/`
 4.   Write the trust bundle (certificate chain) needed to validate X.509-SVIDs issued under that trust domain to `/tmp/` as well
 
-A complete list of relevant commands can be found in the [SPIRE Agent Documentation](https://github.com/spiffe/spire/blob/master/doc/spire_agent.md#command-line-options).
+A complete list of relevant commands can be found in the [SPIRE Agent Documentation](/docs/latest/deploying/spire_agent/#command-line-options).