docs: unify repo and website docs

README.md

@@ -1,7 +1,7 @@
 <br />
 <div align="center">
   <a href="https://github.com/finos/git-proxy">
-    <img src="./docs/img/logo.png" alt="Logo" height="95">
+    <img src="./website/static/img/logo.png" alt="Logo" height="95">
   </a>
 
   <br />

experimental/license-inventory/README.md

@@ -1,7 +1,7 @@
 <br />
 <div align="center">
   <a href="https://github.com/finos/git-proxy">
-    <img src="../../docs/img/logo.png" alt="Logo" height="95">
+    <img src="../../website/static/img/logo.png" alt="Logo" height="95">
   </a>
 
   <br />

docs/Upgrading to v2.md → website/docs/Upgrading to v2.md

@@ -10,7 +10,7 @@ Two important breaking changes were made:
 
 ### Associate commits by email
 
-Commits are no longer associated by Git's `user.name`. Now, they're associated by email (to match the handling of commits by GitHub, GitLab and other SCM providers), which allows Git Proxy to handle multiple SCM providers. [#973](github.com/finos/git-proxy/pull/973)
+Commits are no longer associated by Git's `user.name`. Now, they're associated by email (to match the handling of commits by GitHub, GitLab and other SCM providers), which allows Git Proxy to handle multiple SCM providers. [#973](https://github.com/finos/git-proxy/pull/973)
 
 In practice, pushes that were working in v1 (made with an improperly configured git client) may be blocked in v2 due to the change in requirements. The user's GitProxy email must match the commit's email (Git's `user.email`). This is often already required by a firm's contribution policy or to pass a CLA (Contributor License Agreement) check on a project.
 
@@ -30,7 +30,7 @@ If you encounter any errors not on this guide, feel free to [open a discussion](
 
 ### Errors when pushing to a repo that was working in v1:
 
-#### fatal: <repo-url>/info/refs not valid: is this git repository?
+#### fatal: `<repo-url>`/info/refs not valid: is this git repository?
 
 `git push` returns:
 
@@ -52,7 +52,7 @@ In v2, URLs are automatically formatted when adding a repo. **Repos added in v1
 "url": "https://github.com/my-org/my-repo.git"
 ```
 
-#### Your push has been blocked (<email> is not allowed to push on repo <repo-url>)
+#### Your push has been blocked (`<email>` is not allowed to push on repo `<repo-url>`)
 
 `git push` returns:
 
@@ -93,7 +93,7 @@ Changing the email address associated with commits can be accomplished via a num
   - `checkEmptyBranch` simply checks whether the branch has had any new commits (if not, the push will be rejected)
 - Added a settings page for configuring the JWT token to authenticate UI requests to API when `apiAuthentication` is enabled in [#1096](https://github.com/finos/git-proxy/pull/1096)
   - Previously, requests from the UI were bypassing the JWT check if the user was logged in, and failing otherwise when `apiAuthentication` was set
-  - For more details on setting JWT, check the [architecture documentation](./Architecture.md#setting-up-jwt-authentication):
+  - For more details on setting JWT, check the [architecture documentation](./architecture/Architecture.md#setting-up-jwt-authentication):
 - Added the ability to create new users via the GitProxy CLI in [#981](https://github.com/finos/git-proxy/pull/981)
 - Added `/healthcheck` endpoint for AWS Load Balancer support [#1197](https://github.com/finos/git-proxy/pull/1197)
 - Improved login page flexibility, error handling and visibility of available auth methods in [#1227](https://github.com/finos/git-proxy/pull/1227)

docs/Architecture.md → website/docs/architecture/Architecture.md

@@ -2,7 +2,7 @@
 
 This guide explains GitProxy's various components, and how they communicate with each other when performing a `git push`.
 
-As mentioned in [the README](/README.md), GitProxy is an application that intercepts pushes and applies rules/policies to ensure they're compliant. Although a number of policies are available by default, these can be extended by using plugins.
+As mentioned in [the README](https://github.com/finos/git-proxy/blob/main/README.md), GitProxy is an application that intercepts pushes and applies rules/policies to ensure they're compliant. Although a number of policies are available by default, these can be extended by using plugins.
 
 ## Overview
 
@@ -24,11 +24,11 @@ These are all the core components in the project, along with some basic user int
 
 <!-- Note: this diagram can be edited in https://diagrams.net.
 
-Just upload the GitProxy_Architecture.drawio file available in /docs/img, edit the diagram and then export it as PNG.
+Just upload the GitProxy_Architecture.drawio file available in /website/static/img, edit the diagram and then export it as PNG.
 
 Don't forget to save and update the attached .drawio (XML)! -->
 
-![GitProxy Architecture Diagram](./img/GitProxy_Architecture.png)
+![GitProxy Architecture Diagram](../../static/img/GitProxy_Architecture.png)
 
 ### Pushing to GitProxy
 
@@ -175,7 +175,7 @@ For example: logging in with myusername@mymail.com will create a new user with u
 New methods can be added by:
 
 1. Extending `/src/service/passport` with the relevant [passport.js strategy](https://www.passportjs.org/packages/).
-   - The strategy file must have a `configure` method and a `type` string to match with the config method. See the pre-existing methods in [`/src/service/passport`](/src/service/passport) for more details.
+   - The strategy file must have a `configure` method and a `type` string to match with the config method. See the pre-existing methods in [`/src/service/passport`](https://github.com/finos/git-proxy/blob/main/src/service/passport) for more details.
 2. Creating a `proxy.config.json` entry with the required configuration parameters
 3. Importing the new strategy and adding it to the `authStrategies` array in `/src/service/passport/index.ts`
 
@@ -310,13 +310,13 @@ Has a list of `questions`, each of which can be configured with a `label` and a
 
 Given the previous configuration, the attestation prompt would look like this:
 
-![Attestation Prompt](./img/attestation_example.png)
+![Attestation Prompt](../../static/img/attestation_example.png)
 
 #### `domains`
 
 Allows setting custom URLs for GitProxy interfaces in case these cannot be determined.
 
-This parameter is used in [`/src/service/urls.ts`](/src/service/urls.ts) to override URLs for the proxy (default: http://localhost:8000) and service (default: http://localhost:8080).
+This parameter is used in [`/src/service/urls.ts`](https://github.com/finos/git-proxy/blob/main/src/service/urls.ts) to override URLs for the proxy (default: http://localhost:8000) and service (default: http://localhost:8080).
 
 Sample configuration:
 
@@ -356,7 +356,7 @@ Currently unused.
 
 Sets the contact email for the Open Source Program Office (or equivalent organisational contact) in the attestation form:
 
-![Attestation Form](./img/attestation_example.png)
+![Attestation Form](../../static/img/attestation_example.png)
 
 #### `csrfProtection`
 
@@ -416,7 +416,7 @@ List of database sources. The first source with `enabled` set to `true` will be
 
 Each entry has its own unique configuration parameters.
 
-Extending GitProxy to support other databases requires adding the relevant handlers and setup to the [`/src/db`](/src/db/) directory. Feel free to [open an issue](https://github.com/finos/git-proxy/issues) requesting support for any specific databases - or [open a PR](https://github.com/finos/git-proxy/pulls) with the desired changes!
+Extending GitProxy to support other databases requires adding the relevant handlers and setup to the [`/src/db`](https://github.com/finos/git-proxy/blob/main/src/db/) directory. Feel free to [open an issue](https://github.com/finos/git-proxy/issues) requesting support for any specific databases - or [open a PR](https://github.com/finos/git-proxy/pulls) with the desired changes!
 
 #### `authentication`
 
@@ -432,7 +432,7 @@ Allows defining ways to authenticate to the API. This is useful for securing cus
 
 If `apiAuthentication` is left empty, API endpoints will be publicly accesible.
 
-Currently, only JWT auth is supported. This is implemented via the [`jwtAuthHandler` middleware](/src/service/passport/jwtAuthHandler.ts). Aside of validating incoming access tokens, it can also assign roles based on the token payload.
+Currently, only JWT auth is supported. This is implemented via the [`jwtAuthHandler` middleware](https://github.com/finos/git-proxy/blob/main/src/service/passport/jwtAuthHandler.ts). Aside of validating incoming access tokens, it can also assign roles based on the token payload.
 
 ##### Setting up JWT Authentication
 

docs/Processors.md → website/docs/architecture/Processors.md

@@ -14,21 +14,21 @@ This action also handles fallbacks for v1 legacy proxy URLs.
 
 Checks if the URL of the repo being pushed to is present in the GitProxy repo database. If no repo URL in the database matches, the push is blocked.
 
-Source: [/src/proxy/processors/push-action/checkRepoInAuthorisedList.ts](/src/proxy/processors/push-action/checkRepoInAuthorisedList.ts)
+Source: [/src/proxy/processors/push-action/checkRepoInAuthorisedList.ts](https://github.com/finos/git-proxy/blob/main/src/proxy/processors/push-action/checkRepoInAuthorisedList.ts)
 
 ## `parsePush`
 
 Parses the push request data which comes from the Git client as a buffer that contains packet line data. If anything unexpected happens during parsing, such as malformed pack data or multiple ref updates in a single push, the push will get rejected.
 
 Also handles extraction of push contents, such as the details of the individual commits contained in the push and the details of `committer` (the user attempting to push the commits through the proxy).
 
-Source: [/src/proxy/processors/push-action/parsePush.ts](/src/proxy/processors/push-action/parsePush.ts)
+Source: [/src/proxy/processors/push-action/parsePush.ts](https://github.com/finos/git-proxy/blob/main/src/proxy/processors/push-action/parsePush.ts)
 
 ## `checkEmptyBranch`
 
 Checks if the push contains any commit data, or is just an empty branch push (pushing a new branch without any additional commits). Empty branch pushes are blocked because subsequent processors require commit data to work correctly.
 
-Source: [/src/proxy/processors/push-action/checkEmptyBranch.ts](/src/proxy/processors/push-action/checkEmptyBranch.ts)
+Source: [/src/proxy/processors/push-action/checkEmptyBranch.ts](https://github.com/finos/git-proxy/blob/main/src/proxy/processors/push-action/checkEmptyBranch.ts)
 
 ## `checkCommitMessages`
 
@@ -66,7 +66,7 @@ If the arrays are empty, the checks will pass and chain execution will continue.
 
 Note that invalid regex patterns will throw an error during proxy startup. These must be fixed in order to initialize GitProxy.
 
-Source: [/src/proxy/processors/push-action/checkCommitMessages.ts](/src/proxy/processors/push-action/checkCommitMessages.ts)
+Source: [/src/proxy/processors/push-action/checkCommitMessages.ts](https://github.com/finos/git-proxy/blob/main/src/proxy/processors/push-action/checkCommitMessages.ts)
 
 ## `checkAuthorEmails`
 
@@ -76,7 +76,7 @@ If neither of these are configured (set to empty strings), then the checks will
 
 Note that invalid regex patterns will throw an error during proxy startup. These must be fixed in order to initialize GitProxy.
 
-Source: [/src/proxy/processors/push-action/checkAuthorEmails.ts](/src/proxy/processors/push-action/checkAuthorEmails.ts)
+Source: [/src/proxy/processors/push-action/checkAuthorEmails.ts](https://github.com/finos/git-proxy/blob/main/src/proxy/processors/push-action/checkAuthorEmails.ts)
 
 #### `checkUserPushPermission`
 
@@ -90,7 +90,7 @@ This step will fail on various scenarios such as:
 
 Note: The _pusher_ can potentially be a different user from the _commit author(s)_. In order to filter the commit authors, you must use the `commitConfig.author` config entry. See [`checkAuthorEmails`](#checkauthoremails) for more details.
 
-Source: [/src/proxy/processors/push-action/checkUserPushPermission.ts](/src/proxy/processors/push-action/checkUserPushPermission.ts)
+Source: [/src/proxy/processors/push-action/checkUserPushPermission.ts](https://github.com/finos/git-proxy/blob/main/src/proxy/processors/push-action/checkUserPushPermission.ts)
 
 ## `pullRemote`
 
@@ -102,29 +102,29 @@ In the event that the clone fails, pullRemote will automatically delete the _.re
 
 If the clone succeeds then the chain will schedule deletion of the clone by [`clearBareClone`](#clearbareclone) after processing of the chain completes. This ensures that disk space used is recovered, subsequent pushes of the same SHA don't conflict and that user credentials cached in the `git clone` are removed.
 
-Source: [/src/proxy/processors/push-action/pullRemote.ts](/src/proxy/processors/push-action/pullRemote.ts)
+Source: [/src/proxy/processors/push-action/pullRemote.ts](https://github.com/finos/git-proxy/blob/main/src/proxy/processors/push-action/pullRemote.ts)
 
 ## `writePack`
 
 Executes `git receive-pack` with the incoming pack data from the request body in order to receive the pushed data. It also identifies new `.idx` files in `.git/objects/pack` for other processors (such as [`checkHiddenCommits`](#checkhiddencommits)) to scan more efficiently.
 
 Note that `writePack` sets Git's `receive.unpackLimit` to `0`, which forces Git to always create pack files instead of unpacking objects individually.
 
-Source: [/src/proxy/processors/push-action/writePack.ts](/src/proxy/processors/push-action/writePack.ts)
+Source: [/src/proxy/processors/push-action/writePack.ts](https://github.com/finos/git-proxy/blob/main/src/proxy/processors/push-action/writePack.ts)
 
 ## `checkHiddenCommits`
 
 Detects "hidden" commits in a push, which is possible if the pack file in the push was tampered in some way.
 
 It calls `git verify-pack` on each of the new `.idx` files found in [`writePack`](#writepack). If any unreferenced commits are present, the push is blocked.
 
-Source: [/src/proxy/processors/push-action/checkHiddenCommits.ts](/src/proxy/processors/push-action/checkHiddenCommits.ts)
+Source: [/src/proxy/processors/push-action/checkHiddenCommits.ts](https://github.com/finos/git-proxy/blob/main/src/proxy/processors/push-action/checkHiddenCommits.ts)
 
 ## `checkIfWaitingAuth`
 
 Checks if the action has been authorised (approved by a reviewer). If so, allows the push to continue to the remote. It simply continues chain execution if the push hasn't been approved.
 
-Source: [/src/proxy/processors/push-action/checkIfWaitingAuth.ts](/src/proxy/processors/push-action/checkIfWaitingAuth.ts)
+Source: [/src/proxy/processors/push-action/checkIfWaitingAuth.ts](https://github.com/finos/git-proxy/blob/main/src/proxy/processors/push-action/checkIfWaitingAuth.ts)
 
 ## `preReceive`
 
@@ -142,15 +142,15 @@ This processor will block the push depending on the exit status of the pre-recei
 
 For detailed setup instructions and examples, see the [Pre-Receive Hook configuration guide](https://git-proxy.finos.org/docs/configuration/pre-receive/).
 
-Source: [/src/proxy/processors/push-action/preReceive.ts](/src/proxy/processors/push-action/preReceive.ts)
+Source: [/src/proxy/processors/push-action/preReceive.ts](https://github.com/finos/git-proxy/blob/main/src/proxy/processors/push-action/preReceive.ts)
 
 ## `getDiff`
 
 Executes `git diff` to obtain the diff for the given revision range. If there are no commits (possibly due to a malformed push), the push is blocked.
 
 The data extracted in this step is later used in [`scanDiff`](#scandiff).
 
-Source: [/src/proxy/processors/push-action/getDiff.ts](/src/proxy/processors/push-action/getDiff.ts)
+Source: [/src/proxy/processors/push-action/getDiff.ts](https://github.com/finos/git-proxy/blob/main/src/proxy/processors/push-action/getDiff.ts)
 
 ## `gitleaks`
 
@@ -165,7 +165,7 @@ The following parameters can be configured:
 
 This processor runs the Gitleaks check starting from the root commit to the `commitFrom` value present in the push. If the Gitleaks check fails (nonzero exit code), or otherwise cannot spawn, the push will be blocked.
 
-Source: [/src/proxy/processors/push-action/gitleaks.ts](/src/proxy/processors/push-action/gitleaks.ts)
+Source: [/src/proxy/processors/push-action/gitleaks.ts](https://github.com/finos/git-proxy/blob/main/src/proxy/processors/push-action/gitleaks.ts)
 
 ## `scanDiff`
 
@@ -203,17 +203,17 @@ This will scan every file changed and try to match the configured literals, patt
 
 Note that invalid regex patterns will throw an error during proxy startup. These must be fixed in order to initialize GitProxy.
 
-Source: [/src/proxy/processors/push-action/scanDiff.ts](/src/proxy/processors/push-action/scanDiff.ts)
+Source: [/src/proxy/processors/push-action/scanDiff.ts](https://github.com/finos/git-proxy/blob/main/src/proxy/processors/push-action/scanDiff.ts)
 
 ## `blockForAuth`
 
 This action appends a message to be displayed after all the processors have finished on a pre-approval push.
 
 Note that this message will show again even if the push had been previously rejected by a reviewer or cancelled and resubmitted by the committer. After a manual rejection, pushing again creates a new `action` object so that the push can be re-reviewed and approved.
 
-![blockForAuth output](./img/blockForAuth_output.png)
+![blockForAuth output](../../static/img/blockForAuth_output.png)
 
-Source: [/src/proxy/processors/push-action/blockForAuth.ts](/src/proxy/processors/push-action/blockForAuth.ts)
+Source: [/src/proxy/processors/push-action/blockForAuth.ts](https://github.com/finos/git-proxy/blob/main/src/proxy/processors/push-action/blockForAuth.ts)
 
 ## `audit`
 
@@ -284,4 +284,4 @@ Recursively removes the contents of the (modified) repository clone stored in `.
 
 `clearBareClone` runs only if `pullRemote` was successful.
 
-Source: [/src/proxy/processors/post-processor/clearBareClone.ts](/src/proxy/processors/post-processor/clearBareClone.ts)
+Source: [/src/proxy/processors/post-processor/clearBareClone.ts](https://github.com/finos/git-proxy/blob/main/src/proxy/processors/post-processor/clearBareClone.ts)

website/package.json

@@ -16,8 +16,8 @@
     "axios": "^1.13.4",
     "classnames": "^2.5.1",
     "clsx": "^2.1.1",
-    "eslint": "^9.39.2",
-    "eslint-plugin-react": "^7.37.5",
+    "eslint": "^10.1.0",
+    "eslint-plugin-react": "^7.22.0",
     "react": "^19.2.4",
     "react-dom": "^19.2.4",
     "react-player": "^3.4.0",

website/sidebars.js

@@ -36,6 +36,8 @@ module.exports = {
         'quickstart/approve',
       ],
     },
+    'deployment',
+    'Upgrading to v2',
     {
       type: 'category',
       label: 'Configuration',
@@ -50,7 +52,20 @@ module.exports = {
       collapsed: false,
       items: ['configuration/overview', 'configuration/reference', 'configuration/pre-receive'],
     },
-    'deployment',
+    {
+      type: 'category',
+      label: 'Architecture',
+      link: {
+        type: 'generated-index',
+        title: 'Architecture',
+        slug: '/category/architecture',
+        keywords: ['architecture'],
+        image: '/img/github-mark.png',
+      },
+      collapsible: true,
+      collapsed: false,
+      items: ['architecture/Architecture', 'architecture/Processors'],
+    },
     {
       type: 'category',
       label: 'Development',