Partial refactor and other improvements

.github/workflows/release.yml

@@ -35,7 +35,10 @@ jobs:
         uses: actions/setup-go@v5
         with:
           go-version: stable
-
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
+
       - name: Set up Zig
         uses: mlugg/setup-zig@v1
 
@@ -50,3 +53,6 @@ jobs:
           args: release --clean ${{ env.flags }}
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          PDFSIGNER_LICENSE_PUBLIC_KEY: ${{ secrets.PDFSIGNER_LICENSE_PUBLIC_KEY }}
+          PDFSIGNER_HMAC_KEY: ${{ secrets.PDFSIGNER_HMAC_KEY }}
+          PDFSIGNER_LICENSE: ${{ secrets.PDFSIGNER_LICENSE }}

.goreleaser.yaml

@@ -13,6 +13,9 @@ builds:
   - -X main.Version={{ .ShortCommit }}
   - -X main.GitCommit={{ .FullCommit }}
   - -X main.GitBranch={{ .Branch }}
+  - -X github.com/digitorus/pdfsigner/license.publicKeyBase64={{ .Env.PDFSIGNER_LICENSE_PUBLIC_KEY }}
+  - -X github.com/digitorus/pdfsigner/license.licenseBase64={{ .Env.PDFSIGNER_LICENSE }}
+  - -X github.com/digitorus/pdfsigner/license.hmacKey={{ .Env.PDFSIGNER_HMAC_KEY }}
   flags:
   - -trimpath
   env:
@@ -40,6 +43,8 @@ builds:
   - -X main.Version={{ .Version }}
   - -X main.GitCommit={{ .FullCommit }}
   - -X main.GitBranch={{ .Branch }}
+  - -X github.com/digitorus/pdfsigner/license.publicKeyBase64={{ .Env.PDFSIGNER_LICENSE_PUBLIC_KEY }}
+  - -X github.com/digitorus/pdfsigner/license.licenseBase64={{ .Env.PDFSIGNER_LICENSE }}
   flags:
   - -trimpath
   env:
@@ -55,6 +60,67 @@ builds:
         {{- if eq .Arch "arm64"}}CC=zig c++ -target aarch64-windows-gnu{{- end }}
       {{- end }}
 
+dockers:
+  - ids:
+    - pdfsigner-linux
+    image_templates:
+    - "digitorus/{{ .ProjectName }}:{{ .Tag }}-amd64"
+    - "digitorus/{{ .ProjectName }}:v{{ .Major }}-amd64"
+    - "digitorus/{{ .ProjectName }}:v{{ .Major }}.{{ .Minor }}-amd64"
+    - "digitorus/{{ .ProjectName }}:latest-amd64"
+    use: buildx
+    build_flag_templates:
+    - "--platform=linux/amd64"
+    - "--label=org.opencontainers.image.created={{ .Date }}"
+    - "--label=org.opencontainers.image.title={{ .ProjectName }}"
+    - "--label=org.opencontainers.image.revision={{ .FullCommit }}"
+    - "--label=org.opencontainers.image.version={{ .Version }}"
+    - "--label=org.opencontainers.image.source={{ urlPathEscape .GitURL }}"
+    - "--label=org.opencontainers.image.vendor=Digitorus"
+    extra_files:
+    - config.example.yaml
+
+  - ids:
+    - pdfsigner-linux
+    image_templates:
+    - "digitorus/{{ .ProjectName }}:{{ .Tag }}-arm64"
+    - "digitorus/{{ .ProjectName }}:v{{ .Major }}-arm64"
+    - "digitorus/{{ .ProjectName }}:v{{ .Major }}.{{ .Minor }}-arm64"
+    - "digitorus/{{ .ProjectName }}:latest-arm64"
+    use: buildx
+    goarch: arm64
+    build_flag_templates:
+    - "--platform=linux/arm64"
+    - "--label=org.opencontainers.image.created={{ .Date }}"
+    - "--label=org.opencontainers.image.title={{ .ProjectName }}"
+    - "--label=org.opencontainers.image.revision={{ .FullCommit }}"
+    - "--label=org.opencontainers.image.version={{ .Version }}"
+    - "--label=org.opencontainers.image.source={{ urlPathEscape .GitURL }}"
+    - "--label=org.opencontainers.image.vendor=Digitorus"
+    extra_files:
+    - config.example.yaml
+
+docker_manifests:
+  - name_template: "digitorus/{{ .ProjectName }}:{{ .Tag }}"
+    image_templates:
+    - "digitorus/{{ .ProjectName }}:{{ .Tag }}-amd64"
+    - "digitorus/{{ .ProjectName }}:{{ .Tag }}-arm64"
+
+  - name_template: "digitorus/{{ .ProjectName }}:v{{ .Major }}"
+    image_templates:
+    - "digitorus/{{ .ProjectName }}:v{{ .Major }}-amd64"
+    - "digitorus/{{ .ProjectName }}:v{{ .Major }}-arm64"
+
+  - name_template: "digitorus/{{ .ProjectName }}:v{{ .Major }}.{{ .Minor }}"
+    image_templates:
+    - "digitorus/{{ .ProjectName }}:v{{ .Major }}.{{ .Minor }}-amd64"
+    - "digitorus/{{ .ProjectName }}:v{{ .Major }}.{{ .Minor }}-arm64"
+
+  - name_template: "digitorus/{{ .ProjectName }}:latest"
+    image_templates:
+    - "digitorus/{{ .ProjectName }}:latest-amd64"
+    - "digitorus/{{ .ProjectName }}:latest-arm64"
+
 archives:
   - formats: [ 'tar.gz' ]
     # this name template makes the OS and Arch compatible with the results of uname.

Dockerfile

@@ -1,9 +1,34 @@
 FROM alpine
-ADD ca-certificates.crt /etc/ssl/certs/
-ADD static /static
-ADD config.yaml
-ADD pdfsigner /
-COPY passwd /etc/passwd
-WORKDIR /
-USER user
-CMD ["./pdfsinger", "serve", "--config", "./config.yaml"]
+
+# Create non-root user
+RUN addgroup -S -g 1000 appgroup && adduser -S -u 1000 -G appgroup appuser
+
+# Install certificates
+RUN apk add --no-cache ca-certificates
+
+# Create application directories
+RUN mkdir -p /usr/local/bin \
+    /etc/pdfsigner \
+    /var/lib/pdfsigner \ 
+    /var/lib/pdfsigner/input \
+    /var/lib/pdfsigner/output
+
+# Copy application files
+COPY config.example.yaml /etc/pdfsigner/config.yaml
+COPY pdfsigner /usr/local/bin/pdfsigner
+
+# Set permissions and ownership
+RUN chown -R appuser:appgroup /etc/pdfsigner /var/lib/pdfsigner
+RUN chmod 755 /usr/local/bin/pdfsigner
+
+# Define volume for configuration
+VOLUME ["/etc/pdfsigner", "/var/lib/pdfsigner/input", "/var/lib/pdfsigner/output"]
+
+WORKDIR /var/lib/pdfsigner
+
+USER appuser
+
+HEALTHCHECK --interval=30s --timeout=3s \
+    CMD wget --no-verbose --tries=1 --spider http://localhost:8080/health || exit 1
+
+CMD ["pdfsigner", "serve", "--config", "/etc/pdfsigner/config.yaml"]