After reading How GitHub became the web’s largest font piracy site (and how to fix it) I was wondering how I can avoid uploading/publishing font files on GitHub, considering that most of my sites are deployed by Netlify, and require all files to be inside the repository.
At first I tried to encrypt the fonts using a 7z archive. Unfortunately, 7zip can not be used inside Netlify deploys, so I decided to try and download an archive from a secret, remote location before building the project:
"scripts": {
"build": "npm run fonts:fetch && gatsby build",
"fonts:fetch": "wget -O Fonts.zip $SECRET_FONTS_URL; unzip Fonts.zip -d ./static/fonts; rm Fonts.zip",
}
I run an NPM Script called fonts:fetch, which will download a zip file from a secret location specified inside an environment variable. This zip file can then be extracted to a desired location and Netlify can use it inside the building process.
Inside my deploy settings, I can then set that secret URL:
... which ensures that no trace of the font files is left inside the repository! 👮♂️
Discussion (3)
This is great. Well done.
Nice solution! A bit complicated tho'. Would be nice to have an automated solution for this.
We can fix this. But should we?