feat: Adds github action for linktesting

.github/workflows/ci.yaml

@@ -43,3 +43,50 @@ jobs:
 
       - name: Build
         run: hugo
+
+  test:
+    name: Link check with htmltest
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
+        with:
+          submodules: 'recursive'
+
+      - name: Set up Hugo
+        uses: peaceiris/actions-hugo@16361eb4acea8698b220b76c0d4e84e1fd22c61d # v2.6.0
+        with:
+          hugo-version: '0.110.0'
+          extended: true
+
+      - name: Set up Node
+        uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0
+        with:
+          node-version: 16
+
+      - name: Install dependencies
+        run: |
+          cd themes/docsy
+          npm install
+
+      - name: Set up PostCSS
+        run: npm install --save-dev autoprefixer postcss-cli postcss
+
+      - name: Build
+        run: hugo
+
+      - name: Test HTML
+        # https://github.com/wjdp/htmltest-action/
+        continue-on-error: false # <- Set to true if run shouldn't fail with broken links
+        uses: wjdp/htmltest-action@master
+        with:
+          config: .htmltest.yml
+          path: public
+
+      - name: Archive htmltest results
+        uses: actions/upload-artifact@v3
+        with:
+          name: htmltest-report
+          path: tmp/.htmltest/htmltest.log
+          retention-days: 7 # default is 90 days

.htmltest.yml

@@ -0,0 +1,13 @@
+DirectoryPath: public
+CheckDoctype: true
+IgnoreAltMissing: false
+IgnoreDirectoryMissingTrailingSlash: true
+IgnoreDirs: [_print]
+IgnoreEmptyHref: false
+IgnoreInternalEmptyHash: true
+IgnoreURLs:
+- ^https?://localhost\b
+- ^https://github\.com/bank-vaults/bank-vaults\.dev/commit/
+- ^https://github\.com/orgs/bank-vaults/projects/
+- ^https://www.nitrokey.com/
+TestFilesConcurrently: false

content/docs/installing/_index.md

@@ -4,12 +4,12 @@ weight: 10
 ---
 
 Bank-Vaults is a swiss-army knife with multiple manifestations, so the first steps depend on what you want to achieve.
-Check one of the following guides to get an overview:
+<!-- Check one of the following guides to get an overview:
 
 - [Dynamic credentials with Vault using Kubernetes Service Accounts](https://techblog.cisco.com/vault-dynamic-secrets/)
 - [Vault Operator](https://techblog.cisco.com/vault-operator/)
 - [Vault unseal flow with KMS](https://techblog.cisco.com/vault-unsealing/)
-- [Inject secrets directly into pods from Vault](https://techblog.cisco.com/inject-secrets-into-pods-vault-revisited/)
+- [Inject secrets directly into pods from Vault](https://techblog.cisco.com/inject-secrets-into-pods-vault-revisited/) -->
 
 ## Deploy with Helm
 

content/docs/mutating-webhook/configuration.md

@@ -144,7 +144,7 @@ In this case, an init-container will be injected into the given Pod. This contai
 
 Currently, the Kubernetes Service Account-based Vault authentication mechanism is used by `vault-env`, so it requests a Vault token based on the Service Account of the container it is injected into.
 
-- [GCP](https://developer.hashicorp.com/vault/docs/auth/gcp) and general [OIDC/JWT](https://developer.hashicorp.com/vault/docs/auth/jwt) authentication methods are supported as well, see the [example manifest](https://github.com/bank-vaults/vault-operator/blob/main/test/deploy/test-deployment-gcp.yaml).
+- [GCP](https://developer.hashicorp.com/vault/docs/auth/gcp) and general [OIDC/JWT](https://developer.hashicorp.com/vault/docs/auth/jwt) authentication methods are supported as well, see the [example manifest](https://github.com/bank-vaults/secrets-webhook/blob/main/examples/test-deployment-gcp.yaml).
 - Kubernetes [Projected Service Account Tokens](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#service-account-token-volume-projection) work too, as shown in [this example](https://github.com/bank-vaults/vault-operator/blob/main/test/oidc-pod.yaml).
 
 Kubernetes 1.12 introduced a feature called [APIServer dry-run](https://kubernetes.io/blog/2019/01/14/apiserver-dry-run-and-kubectl-diff/) which became beta as of 1.13. This feature requires some changes in webhooks with side effects. Vault mutating admission webhook is `dry-run aware`.

content/docs/mutating-webhook/deploy.md

@@ -16,7 +16,7 @@ If you are getting the **x509: certificate signed by unknown authority app=vault
 
 `vault-env` by default replaces itself with the original process of the Pod after reading the secrets from Vault, but with the `vault.security.banzaicloud.io/vault-env-daemon: "true"` annotation this behavior can be changed. So `vault-env` can change to `daemon mode`, so `vault-env` starts the original process as a child process and remains in memory, and renews the lease of the requested Vault token and of the dynamic secrets (if requested any) until their final expiration time.
 
-You can find a full example using MySQL dynamic secrets in the [Bank-Vaults project's Vault Operator repository](https://github.com/bank-vaults/vault-operator/blob/main/test/deploy/test-dynamic-env-vars.yaml):
+You can find a full example using MySQL dynamic secrets in the [Bank-Vaults project's Vault Operator repository](https://github.com/bank-vaults/secrets-webhook/blob/main/examples/test-dynamic-env-vars.yaml):
 
 ```bash
 # Deploy MySQL first as the Vault storage backend and our application will request dynamic secrets for this database as well:

content/docs/mutating-webhook/vault-agent-templating.md

@@ -55,7 +55,7 @@ For the webhook to detect that it will need to mutate or change a PodSpec, add t
 |-------------------------------------|-----------------------------------------------------------------|--------------------------------------------------------------|
 | VAULT_IMAGE                         | hashicorp/vault:latest                                          | The vault image to use for the sidecar container             |
 | VAULT_IMAGE_PULL_POLICY             | IfNotPresent                                                    | The pull policy for the vault agent container                |
-| VAULT_ADDR                          | <https://127.0.0.1:8200>                                        | Kubernetes service Vault endpoint URL                        |
+| VAULT_ADDR                          | https://127.0.0.1:8200                                          | Kubernetes service Vault endpoint URL                        |
 | VAULT_TLS_SECRET                    | ""                                                              | Supply a secret with the vault TLS CA so TLS can be verified |
 | VAULT_AGENT_SHARE_PROCESS_NAMESPACE | Kubernetes version <1.12 default off, 1.12 or higher default on | ShareProcessNamespace override                               |
 

content/docs/operator/hsm/nitrokey-opensc.md

@@ -202,8 +202,8 @@ Since the HSM is a hardware device connected to a physical node, Bank-Vaults has
     time="2020-03-04T13:32:29Z" level=info msg="joining leader vault..."
     time="2020-03-04T13:32:29Z" level=info msg="vault metrics exporter enabled: :9091/metrics"
     [GIN-debug] [WARNING] Running in "debug" mode. Switch to "release" mode in production.
-    - using env:	export GIN_MODE=release
-    - using code:	gin.SetMode(gin.ReleaseMode)
+    - using env:  export GIN_MODE=release
+    - using code: gin.SetMode(gin.ReleaseMode)
 
     [GIN-debug] GET    /metrics                  --> github.com/gin-gonic/gin.WrapH.func1 (3 handlers)
     [GIN-debug] Listening and serving HTTP on :9091

content/docs/operator/reference.md

@@ -119,13 +119,13 @@ _Appears in:_
 
 #### `name` (_string_)
 
-Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names
+Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
 #### `labels` (_object (keys:string, values:string)_)
 
-Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels
+Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
 #### `annotations` (_object (keys:string, values:string)_)
 
-Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations
+Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
 
 
 ### EmbeddedPersistentVolumeClaim
@@ -565,12 +565,13 @@ VaultConfigurerLabels define a set of Kubernetes labels that will be added to al
 #### `vaultConfigurerPodSpec` (_[EmbeddedPodSpec](#embeddedpodspec)_)
 
 VaultConfigurerPodSpec is a Kubernetes Pod specification snippet (`spec:` block) that will be merged into the operator generated Vault Configurer Pod specification. default:
-#### `config` (_[JSON](#json)_)
+#### `config` (_JSON_)
 
 Config is the Vault Server configuration. See https://www.vaultproject.io/docs/configuration/ for more details. default:
-#### `externalConfig` (_[JSON](#json)_)
+#### `externalConfig` (_JSON_)
+
+ExternalConfig is higher level configuration block which instructs the Bank Vaults Configurer to configure Vault through its API, thus allows setting up: - Secret Engines - Auth Methods - Audit Devices - Plugin Backends - Policies - Startup Secrets (Bank Vaults feature)
 
-ExternalConfig is higher level configuration block which instructs the Bank Vaults Configurer to configure Vault through its API, thus allows setting up: - Secret Engines - Auth Methods - Audit Devices - Plugin Backends - Policies - Startup Secrets (Bank Vaults feature) A documented example: https://github.com/bank-vaults/vault-operator/blob/main/vault-config.yml default:
 #### `unsealConfig` (_[UnsealConfig](#unsealconfig)_)
 
 UnsealConfig defines where the Vault cluster's unseal keys and root token should be stored after initialization. See the type's documentation for more details. Only one method may be specified. default: Kubernetes Secret based unsealing

content/docs/operator/templating-configuration.md

@@ -34,7 +34,7 @@ In this case, `vault-configurer` evaluates the value of `MY_ENVIRONMENT_VARIABLE
 
 Note that you can also use [Sprig functions](#sprig-functions) and [custom Kubernetes-related functions](#custom-functions) in your templates.
 
-For a detailed example, see the [Using templates for injecting dynamic configuration in Vault](https://techblog.cisco.com/bank-vaults-templates#full-example) blog post.
+<!-- For a detailed example, see the [Using templates for injecting dynamic configuration in Vault](https://techblog.cisco.com/bank-vaults-templates#full-example) blog post. -->
 
 ## Sprig functions
 

content/docs/operator/tls/_index.md

@@ -77,7 +77,7 @@ To use an existing secret which contains the TLS certificate, define [existingTl
 
 If you don't want to use the certificates generated by Helm or the Bank-Vaults operator, the easiest way to create a custom certificate for Bank-Vaults is using [CFSSL](https://github.com/cloudflare/cfssl).
 
-The [TLS directory in the documentation](https://github.com/bank-vaults/bank-vaults.dev/tree/main/content/docs/tls) holds a set of custom CFSSL configurations which are prepared for the Helm release name `vault` in the `default` namespace. Of course, you can put any other certificates into the Secret below, this is just an example.
+The [TLS directory in the documentation](https://github.com/bank-vaults/bank-vaults.dev/tree/main/content/docs/operator/tls) holds a set of custom CFSSL configurations which are prepared for the Helm release name `vault` in the `default` namespace. Of course, you can put any other certificates into the Secret below, this is just an example.
 
 1. Install [CFSSL](https://github.com/cloudflare/cfssl).
 2. Create a CA: