chore: prepare for release of v0.0.8 (#55)

This PR is in preparationg for release of version 0.0.8.

Author: binarycodes

.github/workflows/go-build.yml

@@ -2,6 +2,11 @@ name: generic-go-versionbuild
 
 on:
   workflow_call:
+    secrets:
+      GPG_PRIVATE_KEY:
+        required: true
+      GPG_PASSPHRASE:
+        required: true
     inputs:
       service:
         required: true
@@ -165,11 +170,24 @@ jobs:
           merge-multiple: true
 
       - name: package with nfpm
+        env:
+          GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
+          GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
+          GPG_KEY_ID: mail@binarycodes.io
         run: |
           mkdir -p dist
           nfpm pkg --packager archlinux --config nfpm.yaml --target dist/
           nfpm pkg --packager deb --config nfpm.yaml --target dist/
 
+          # sign the package for arch linux
+          test -n "$GPG_PRIVATE_KEY" || { echo "GPG_PRIVATE_KEY is empty"; exit 1; }
+          printf '%s' "$GPG_PRIVATE_KEY" | gpg --batch --import
+          gpg --batch --list-secret-keys --keyid-format LONG
+
+          FPR="$(gpg --batch --list-secret-keys --with-colons | awk -F: '$1=="fpr"{print $10; exit}')"
+
+          gpg --batch --yes --local-user "$FPR" --pinentry-mode loopback --passphrase "$GPG_PASSPHRASE" --detach-sign dist/*.pkg.tar.zst
+
       - name: upload build artifact
         uses: actions/upload-artifact@v4
         with:

.github/workflows/go-ssh-keysign-workflow.yml

@@ -24,3 +24,6 @@ jobs:
     with:
       service: go-ssh-keysign
       artifactVersion: ${{ needs.set-version.outputs.short_sha }}
+    secrets:
+      GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
+      GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}

.gitignore

@@ -5,3 +5,6 @@
 **/node_modules/
 **/*ca_key*
 src/**
+
+# ignore test nfpm packages
+dist/**

nfpm.yaml

@@ -1,11 +1,25 @@
 name: ssh-keysign
 arch: amd64
 platform: linux
-version: 0.0.7
+version: 0.0.8
 section: default
 priority: extra
 maintainer: Sujoy Das <me@binarycodes.io>
 description: Generate short lived, oauth verified, SSH certficates on the fly
+license: GPL v3.0
+homepage: https://github.com/binarycodes/ssh-key-signer
+
+archlinux:
+  packager: Sujoy Das <me@binarycodes.io>
+  pkgbase: ssh-keysign
+
 contents:
   - src: ./go-ssh-keysign/bin/ssh-keysign-linux-amd64
-    dst: /usr/local/bin/ssh-keysign
+    dst: /usr/bin/ssh-keysign
+    file_info:
+      mode: 0755
+      owner: root
+      group: root
+
+  - src: ./LICENSE
+    dst: /usr/share/licenses/ssh-keysign/LICENSE

retry-tag-workflow.sh

@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 
-tagname="v0.0.7"
+tagname="v0.0.8"
 
 git tag -d "$tagname"
 git push --delete origin "$tagname"

server/pom.xml

@@ -7,7 +7,7 @@
     <groupId>io.binarycodes.homelab</groupId>
     <artifactId>ssh-signer-mono</artifactId>
     <name>SSH KeySigner</name>
-    <version>0.0.7</version>
+    <version>0.0.8</version>
 
     <packaging>pom</packaging>
 

server/ssh-key-signer-server/pom.xml

@@ -5,7 +5,7 @@
 
     <groupId>io.binarycodes.homelab</groupId>
     <artifactId>ssh-key-signer-server</artifactId>
-    <version>0.0.7</version>
+    <version>0.0.8</version>
     <packaging>jar</packaging>
 
     <name>Server - SSH Key Signer</name>
@@ -14,7 +14,7 @@
     <properties>
         <java.version>21</java.version>
         <vaadin.version>24.9.2</vaadin.version>
-        <ssh-signer-common-lib.version>0.0.7</ssh-signer-common-lib.version>
+        <ssh-signer-common-lib.version>0.0.8</ssh-signer-common-lib.version>
     </properties>
 
     <parent>

server/ssh-signer-common-lib/pom.xml

@@ -6,7 +6,7 @@
 
     <groupId>io.binarycodes.homelab</groupId>
     <artifactId>ssh-signer-common-lib</artifactId>
-    <version>0.0.7</version>
+    <version>0.0.8</version>
 
     <name>Common Library - SSH Key Signer</name>