tools: move site.sh into shake; stop running just-pushed shakefile

Running the just pushed Shake.hs was too insecure.

[ci skip]

Makefile

@@ -705,10 +705,14 @@ site-livereload: \
 #     /etc/github-post-receive.conf
 # 2. cron, nightly. Config: /etc/crontab
 # 3. manually (make site).
+# This must use the existing Shake executable without rebuilding it, 
+# as we don't want to immediately execute new code from any collaborator.
 .PHONY: site
 site: \
 		$(call def-help,site, update the hledger.org website (run on prod) )
-	@tools/site.sh
+	@[[ ! -x Shake ]] \
+		&& echo 'Please run "make Shake" first (manual compilation of Shake.hs is required)' \
+		|| ./Shake hledgerorg
 
 ###############################################################################
 $(call def-help-subheading,RELEASING:)

Shake.hs

@@ -24,6 +24,7 @@ tools, including:
 - makeinfo
 - pandoc
 - sed
+- GNU date (on mac: brew install coreutils)
 
 Compiling this script is recommended, to ensure required packages are
 installed, minimise startup delay, and reduce sensitivity to the
@@ -77,6 +78,7 @@ usage = unlines
   ,"./Shake website          build the website and web manuals"
   ,"./Shake website-all      build the website and all web manual versions"
   ,"./Shake all              build all the above"
+  ,"./Shake hledgerorg       update the hledger.org website (when run on prod)"
   ,""
   ,"./Shake mainpages                   build the web pages from the main repo"
   ,"./Shake wikipages                   build the web pages from the wiki repo"
@@ -437,6 +439,41 @@ main = do
                            "--lua-filter=tools/pandoc-toc.lua"
                            "-o" out )
 
+    -- This rule, for updating the live hledger.org site, gets called by:
+    -- 1. github-post-receive (github webhook handler), when something is pushed
+    --    to the main or wiki repos on Github. Config:
+    --     /etc/supervisord.conf -> [program:github-post-receive]
+    --     /etc/github-post-receive.conf
+    -- 2. cron, nightly. Config: /etc/crontab
+    -- 3. manually (make site).
+    phony "hledgerorg" $ do
+      -- out1 <- fromStdout <$>
+      cmd_ Shell
+        -- XXX ideally we would ensure here that output is logged,
+        -- but I don't know how to do that for the Shake rules.
+        -- Instead we'll do the logging in "make site".
+        -- -- run this sequence of commands, stopping if one fails:
+        -- "("
+        -- -- and log all output as well as echoing it
+        -- ") 2>&1 | tee -a site.log"
+
+        -- print timestamp. On mac, use brew-installed GNU date.
+        "echo"
+        "&& PATH=\"/usr/local/opt/coreutils/libexec/gnubin:$PATH\" date --rfc-3339=seconds"
+        -- pull latest wiki repo
+        "&& printf 'wiki repo: ' && git -C wiki pull"
+        -- pull latest main repo - sometimes already done by webhook, not always
+        "&& printf 'main repo: ' && git pull"
+
+      -- Shake.hs might have been updated, but we won't execute the
+      -- new one, too insecure. Continue with this one.
+
+      -- update wiki links on website front page
+      need [ "site/index.md" ]
+
+      -- update the live site based on all latest content
+      need [ "website-all" ]
+
     -- HLEDGER PACKAGES/EXECUTABLES
 
     phony "build" $ need packages

tools/site.sh

@@ -1,36 +0,0 @@
-#!/bin/sh
-# Update website(s): hledger.org
-#
-# Called via github webhook (on push to main repo or wiki)
-#  /etc/supervisord.conf -> [program:github-post-receive]
-#  /etc/github-post-receive.conf
-# and via cron (nightly)
-#  /etc/crontab
-# or manually (make site)
-
-(\
-
-echo && \
-
-# print timestamp. On mac, use brew-installed GNU date.
-PATH="/usr/local/opt/coreutils/libexec/gnubin:$PATH" date --rfc-3339=seconds && \
-
-# fetch latest code & website - sometimes already done by webhook, not always
-git pull && \
-
-# fetch latest wiki content
-printf "wiki: " && git -C wiki pull && \
-
-# ensure GHC can handle non-ascii
-export LANG=en_US.UTF-8 && \
-
-# ensure latest Shake is built
-./Shake.hs && \
-
-
-# update website
-./Shake site/index.md && \
-./Shake website \
-
-# print and log to:
-) 2>&1 | tee -a site.log