[OmTdev] [Web]Update on omegat-website repository - Jekyll 4 upgrade and security fixes

[Hiroshi M. <mi...@no...>]

Hi everyone,

I wanted to give you all a heads-up about some changes coming to the omegat-website​ repository.

The situation:

Our current published site is running on Jekyll 3.x and Ruby 2.7.x. The problem is that nokogiri​ (the XML processor dependency) has some security vulnerabilities, and we really need to update it. Unfortunately, the newer version of nokogiri​ requires a more recent Ruby version, so we can't just patch it in place.

The solution (and a complication):

I've gone ahead and upgraded everything to Jekyll 4.4 and Ruby 3.2. The newer Jekyll version and its plugins officially recommend Ruby 3.2 and later, so I went with Ruby 3.2.x to keep us on a stable, well-supported platform.

However, this broke the jekyll-asset​ plugin we've been using. Turns out that plugin hasn't been maintained in about 10 years, so it's not compatible with the newer versions.

What I'm proposing:

Let's remove jekyll-asset​ and its old, unmaintained dependencies entirely. To make this work, I've replaced all the {% asset filename %} directives throughout the site with direct HTML tags and arguments.
It's a bit of manual work for 18 lines, but it gets us onto a more maintainable foundation.

Bonus improvement:

I've also updated the CI/CD configuration. Previously, we only had the publish_site​ workflow. I've added a build_site​ workflow that triggers on pull requests, so we can catch any issues with changes before they get merged to master.
It should help prevent broken builds going forward!
And more, we can download a build result from GitHub Actions artifact page before merge to check visuals.

Next steps:

I've already submitted PR#135 to the omegat-org/omegat-website​ repository with all these changes. The site builds and works, but I wanted to ping the web admins to review it when you get a chance.

Let me know if you have any questions or concerns!

Cheers
Hiroshi