Securitycontrols.org has moved. It used to be hosted in Wix. Here’s some additional information about the migration.
Why Jekyll?
I was looking for a blog friendly platform that could build to static pages with relative ease. Here’s why I picked Jekyll over a traditional CMS
Cost
Static websites are extremely cheap to host and can be safely cached by CDNs for lightening fast delivery.
Security
Static websites aren’t vulnerable to a lot of the traditional web attacks, meaning risk of using out of date libraries is lower.
Other benefits
Jekyll is also markdown based, which I use for other things and am quite familiar with. In fact, my favorite note taking app Obsidian is markdown based, so this will make blogging easier from that perspective.
Cons
The downsides of Jekyll are that there’s no easy way to edit on the go. I still need to find a good mobile app for markdown editing with git capabilities. I know Obsidian has some community plugins with Git / source control capabilities so I might explore that.
Hosting
I went with AWS S3 bucket hosting since that’s the cheapest solution I am familiar with. For content delivery I am using CloudFront to manage delivery and caching rules and enable HTTPS to help protect the privacy of anyone reading the site (specific urls are encrypted with HTTPS).
Automation and CI/CD
Unfortunately, Jekyll is not the most convenient tool for blogging because the site has to be built (rendered) and uploaded. Instead of having to manually copy files to AWS S3, I set up GitHub actions to build the site for my site repo every time I push to certain branches.
I included a snippet from my GitHub actions workflow yml file in the appendix. I didn’t include my 2nd job in the snippet for the develop branch. The 2nd job just points to a different S3 bucket, different deploy branch, and doesn’t build with the production tag. The entire deployment takes around 50 seconds which is billed as one minute.
This build time is well within Github’s free tier which is (at the time of writing) 2,000 minutes per month. After a full day of development and troubleshooting the github actions workflow, I only ran 52 deployments.
Appendix
github workflow yml
name: Deploy Jekyll Site to S3
on:
push:
branches:
- main
- develop
jobs:
deploy-to-main:
runs-on: ubuntu-latest
# Checks the branch for the push trigger is main
if: "github.ref == 'refs/heads/main'"
steps:
# Checkout main branch
- name: Checkout main branch
uses: actions/checkout@v2
with:
ref: main
# Install a specific version of Ruby
- name: Setup Ruby
uses: ruby/setup-ruby@v1
with:
ruby-version: 3.2.1
bundler-cache: true
# Installs dependencies from the Gemfile
- name: Install dependencies
run: bundle install
# Builds the site and specifies environment, in this case production which adds some tags
- name: Build Jekyll site
run: bundle exec jekyll build JEKYLL_ENV=production
# Copies files to a temporary location
- name: Copy files to home
run: pwd && rm -rdf ~/_site && mkdir ~/_site && cp -R _site/* ~/_site/
# Checks out an empty branch for deployment
- name: Checkout empty deploy branch
uses: actions/checkout@v2
with:
ref: refs/heads/deploy
persist-credentials: false
clean: true
# Copies files back from the temporary location
- name: Copy files
run: pwd && cp -R ~/_site/* .
# Commits and pushes the changes
- name: Commit and push changes
run: |
git config user.name "$"
git config user.email "$@users.noreply.github.com"
git remote set-url origin https://x-access-token:$@github.com/$GITHUB_REPOSITORY
git add -A
git commit -m "Deployed site on $(date +"%Y-%m-%d %H:%M:%S") UTC"
git push
# Uploads the _site directory to S3
- name: Upload to Main S3 Bucket
uses: jakejarvis/s3-sync-action@master
with:
args: --delete --follow-symlinks --acl public-read --exclude '.git/*' --exclude '*.scss'
source_dir: _site/
env:
AWS_S3_BUCKET: $
AWS_ACCESS_KEY_ID: $
AWS_SECRET_ACCESS_KEY: $