loading...

Avoiding Font Piracy On GitHub & Netlify

#github #opensource #licensing #webfonts
fabe profile image Fabian Schultz ・1 min read

After reading How GitHub became the web’s largest font piracy site (and how to fix it) I was wondering how I can avoid uploading/publishing font files on GitHub, considering that most of my sites are deployed by Netlify, and require all files to be inside the repository.

At first I tried to encrypt the fonts using a 7z archive. Unfortunately, 7zip can not be used inside Netlify deploys, so I decided to try and download an archive from a secret, remote location before building the project:

"scripts": {
  "build": "npm run fonts:fetch && gatsby build",
  "fonts:fetch": "wget -O Fonts.zip $SECRET_FONTS_URL; unzip Fonts.zip -d ./static/fonts; rm Fonts.zip",
}

I run an NPM Script called fonts:fetch, which will download a zip file from a secret location specified inside an environment variable. This zip file can then be extracted to a desired location and Netlify can use it inside the building process.

Inside my deploy settings, I can then set that secret URL:

... which ensures that no trace of the font files is left inside the repository! 👮‍♂️

Posted on by:

fabe profile

Discussion

pic
Editor guide
 
skiilaa profile image skiilaa twitter logo github logo
Permalink

Nice solution! A bit complicated tho'. Would be nice to have an automated solution for this.

Reply
 
qm3ster profile image Mihail Malo twitter logo github logo
Permalink

We can fix this. But should we?

Reply
Code of Conduct Report abuse

Read next

hemant profile image

I Created My Dynamic GitHub Readme🎉 Here is How I Did!

Hemant Joshi 😼 -

brianverm profile image

Live Exploiting Your Open Source Dependencies with Brian Vermeer

Brian Vermeer 🧑🏼‍🎓🧑🏼‍💻 -

mahithchigurupati profile image

GitHub: Everything you need to know

Mahith -

nickytonline profile image

Are you in the GitHub Arctic Code Vault?

Nick Taylor (he/him) -