chore: prepare for release of v0.0.10

.github/workflows/tag-on-merge.yml

@@ -31,29 +31,20 @@ jobs:
             echo "version_tag=" >> "$GITHUB_OUTPUT"
           fi
 
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
 
       - name: Create and Push Tag
         if: steps.tag_extraction.outputs.version_tag != ''
 
         env:
           TAG_NAME: ${{ steps.tag_extraction.outputs.version_tag }}
 
-        uses: actions/github-script@v6
-        with:
-          script: |
-            const owner = context.repo.owner;
-            const repo = context.repo.repo;
-            const pr = context.payload.pull_request;
-            const tag = process.env.TAG_NAME;
-            const targetSha = pr.merge_commit_sha;
-
-            console.log(`Creating tag ${tag}`);
-
-            await github.rest.git.createRef({
-              owner: owner,
-              repo: repo,
-              ref: `refs/tags/${tag}`,
-              sha: targetSha
-            });
-
-            console.log(`Successfully created tag ${tag}`);
+        run: |
+          set -euo pipefail
+          git config user.name  "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+
+          git tag -a "$TAG_NAME" -m "release version $TAG_NAME"
+          git push origin "$TAG_NAME"

README.org

@@ -37,7 +37,7 @@ sudo pacman-key --lsign-key B929081F184DE398E1487552FF8D24F0A3FC59A6
 Once the key is imported and trusted, install the package:
 
 #+begin_src sh
-sudo pacman -U https://github.com/binarycodes/ssh-key-signer/releases/download/v0.0.8/ssh-keysign-0.0.8-1-x86_64.pkg.tar.zst
+sudo pacman -U https://github.com/binarycodes/ssh-key-signer/releases/download/v0.0.10/ssh-keysign-0.0.10-1-x86_64.pkg.tar.zst
 #+end_src
 
 Pacman will automatically fetch and verify the accompanying =.sig= file.

nfpm.yaml

@@ -1,7 +1,7 @@
 name: ssh-keysign
 arch: amd64
 platform: linux
-version: 0.0.9
+version: 0.0.10
 section: default
 priority: extra
 maintainer: Sujoy Das <me@binarycodes.io>

retry-tag-workflow.sh

@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 
-tagname="v0.0.9"
+tagname="v0.0.10"
 
 git tag -d "$tagname"
 git push --delete origin "$tagname"

server/pom.xml

@@ -7,7 +7,7 @@
     <groupId>io.binarycodes.homelab</groupId>
     <artifactId>ssh-signer-mono</artifactId>
     <name>SSH KeySigner</name>
-    <version>0.0.9</version>
+    <version>0.0.10</version>
 
     <packaging>pom</packaging>
 

server/ssh-key-signer-server/.dockerignore

@@ -0,0 +1,36 @@
+node_modules
+HELP.md
+!**/src/main/**/target/
+!**/src/test/**/target/
+
+### STS ###
+.apt_generated
+.classpath
+.factorypath
+.project
+.settings
+.springBeans
+.sts4-cache
+
+### IntelliJ IDEA ###
+.idea
+*.iws
+*.iml
+*.ipr
+
+### VS Code ###
+.vscode/
+
+### bruno
+/bruno/
+
+### others
+*.pub
+*.log
+*ca_key*
+
+### generated files
+*.generated.*
+src/main/frontend/generated/
+src/main/bundles/
+environment-setup/

server/ssh-key-signer-server/Dockerfile

@@ -1,15 +1,25 @@
-FROM eclipse-temurin:21-jre-alpine
+ARG JAVA_VERSION="21"
+
+FROM eclipse-temurin:${JAVA_VERSION}-jre-alpine
 
 ARG APP_NAME
 ARG APP_VERSION
 
-RUN test -n "$APP_NAME" || (echo "APP_NAME  not set" && false)
-RUN test -n "$APP_VERSION" || (echo "APP_VERSION  not set" && false)
+RUN test -n "$APP_NAME" || (echo "APP_NAME  not set" && false) \
+    && test -n "$APP_VERSION" || (echo "APP_VERSION  not set" && false)
+
+RUN apk add --no-cache curl \
+    && addgroup -S -g 10001 demo \
+    && adduser -S -D -H -u 10001 -G demo demo
 
 WORKDIR /app
-COPY target/${APP_NAME}-${APP_VERSION}.jar /app/
+COPY --chown=demo:demo target/${APP_NAME}-${APP_VERSION}.jar /app/app.jar
 
+USER demo:demo
 EXPOSE 8088
 
-ENV JAR_FILE_PATH="/app/${APP_NAME}-${APP_VERSION}.jar"
-ENTRYPOINT ["sh", "-c", "java -jar ${JAR_FILE_PATH}"]
+ENV JAVA_TOOL_OPTIONS="-XX:+ExitOnOutOfMemoryError -XX:MaxRAMPercentage=75"
+ENTRYPOINT ["java","-jar","/app/app.jar"]
+
+HEALTHCHECK --interval=30s --timeout=30s --start-period=5s --retries=5 \
+    CMD ["curl", "-fsS", "http://127.0.0.1:8088/actuator/health/readiness"]

server/ssh-key-signer-server/docker-bake.hcl

@@ -0,0 +1,26 @@
+variable "REGISTRY" { default = "docker.io/binarycodes" }
+variable "APP_NAME" { default = "ssh-key-signer-server" }
+variable "APP_VERSION" { default = "0.0.10" }
+
+variable "TAG_NAME" { default = "ssh-key-signer" }
+
+group "default" {
+  targets = ["app"]
+}
+
+target "app" {
+  context    = "."
+  dockerfile = "Dockerfile"
+
+  args = {
+    APP_NAME    = "${APP_NAME}"
+    APP_VERSION = "${APP_VERSION}"
+  }
+
+  tags = [
+    "${REGISTRY}/${TAG_NAME}:${APP_VERSION}",
+    "${REGISTRY}/${TAG_NAME}:latest",
+  ]
+
+  platforms = ["linux/amd64"]
+}