🚚 Rename SSH key secret (#26)

* 🚚 Rename ssh key secret

* 🏷️ Add undici-types declaration file

* 📝 Update SSH key names in README.md

* 🔧 Update Docker scripts in package.json

* 🔧 Sort package.json from docs

.github/authorized_keys

@@ -0,0 +1 @@
+41898282+github-actions[bot]@users.noreply.github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE0nNJJzdXWCLFEqZd4BMgzbTfabG3Z2kamWwXOpRqBI 41898282+github-actions[bot]@users.noreply.github.com

.github/workflows/pnpm-publish.yaml

@@ -10,8 +10,9 @@ jobs:
     runs-on: ubuntu-latest
 
     permissions:
-      contents: read
-      packages: write
+      contents: write # Upload the release files
+      id-token: write # Add `--provenance`
+      packages: write # Publish the package
 
     if: github.actor != 'nektos/act'
 
@@ -31,26 +32,26 @@ jobs:
         with:
           registry-url: https://npm.pkg.github.com
           scope: "@natoboram"
-      - run: pnpm publish --access public --no-git-checks
+      - run: pnpm publish --access public --no-git-checks --provenance
         env:
           NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
       - uses: actions/setup-node@v4
         with:
           registry-url: https://registry.npmjs.org
           scope: "@natoboram"
-      - run: pnpm publish --access public --no-git-checks
+      - run: pnpm publish --access public --no-git-checks --provenance
         env:
           NODE_AUTH_TOKEN: ${{ secrets.NODE_AUTH_TOKEN }}
 
       - run: pnpm pack --pack-gzip-level 9
       - name: Sign
         run: |
           eval `ssh-agent -s`
-          ssh-add - <<< '${{ secrets.SIGNING_KEY_PRIVATE }}'
-          echo '${{ vars.SIGNING_KEY_PUBLIC }}' > '${{ runner.temp }}/SIGNING_KEY_PUBLIC.pub'
-          ssh-keygen -Y sign -f '${{ runner.temp }}/SIGNING_KEY_PUBLIC.pub' -n file natoboram-gigachad.ts-*.tgz
-          ssh-keygen -Y verify -f ./.github/allowed_signers.txt -I '41898282+github-actions[bot]@users.noreply.github.com' -n file -s natoboram-gigachad.ts-*.tgz.sig < natoboram-gigachad.ts-*.tgz
+          ssh-add - <<< '${{ secrets.DEPLOY_KEY_PRIVATE }}'
+          echo '${{ vars.DEPLOY_KEY_PUBLIC }}' > '${{ runner.temp }}/DEPLOY_KEY_PUBLIC.pub'
+          ssh-keygen -Y sign -f '${{ runner.temp }}/DEPLOY_KEY_PUBLIC.pub' -n file natoboram-gigachad.ts-*.tgz
+          ssh-keygen -Y verify -f ./.github/authorized_keys -I '41898282+github-actions[bot]@users.noreply.github.com' -n file -s natoboram-gigachad.ts-*.tgz.sig < natoboram-gigachad.ts-*.tgz
       - run: gh release upload ${{ github.ref_name }} natoboram-gigachad.ts-*.tgz natoboram-gigachad.ts-*.tgz.sig
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/pnpm-version-patch.yaml

@@ -14,7 +14,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
         with:
-          ssh-key: ${{ secrets.SIGNING_KEY_PRIVATE }}
+          ssh-key: ${{ secrets.DEPLOY_KEY_PRIVATE }}
       - uses: pnpm/action-setup@v3
         with:
           version: latest
@@ -29,15 +29,15 @@ jobs:
 
           git config commit.gpgsign true
           git config gpg.format ssh
-          git config user.signingkey 'key::${{ vars.SIGNING_KEY_PUBLIC }}'
+          git config user.signingkey 'key::${{ vars.DEPLOY_KEY_PUBLIC }}'
 
           eval `ssh-agent -s`
-          ssh-add - <<< '${{ secrets.SIGNING_KEY_PRIVATE }}'
+          ssh-add - <<< '${{ secrets.DEPLOY_KEY_PRIVATE }}'
 
           VERSION=$(pnpm version patch --no-git-tag-version)
 
           git commit --all --message "🔖 $VERSION"
-          git tag $VERSION
+          git tag --annotate --message "🔖 $VERSION" --sign $VERSION
           git push
           git push --tags
 

README.md

@@ -29,8 +29,8 @@ This template offers a GitHub Workflow to help you automatically bump the versio
 To make the `git push` work when signed commits are enforced (because you are a gigachad), you'll need to provide a SSH key.
 
 1. Genereate a SSH key with <https://docs.github.com/en/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent#generating-a-new-ssh-key>
-2. Add the private key to your project's secrets at `/settings/secrets/actions/new` with the name `SIGNING_KEY_PRIVATE`
-3. Add the public key to your project's variables at `/settings/variables/actions/new` with the name `SIGNING_KEY_PUBLIC`
+2. Add the private key to your project's secrets at `/settings/secrets/actions/new` with the name `DEPLOY_KEY_PRIVATE`
+3. Add the public key to your project's variables at `/settings/variables/actions/new` with the name `DEPLOY_KEY_PUBLIC`
 4. Add the public key to your project's deploy keys at `/settings/keys`
 
 To publish on NPM, you'll need to provide your NPM token.

package.json

@@ -34,15 +34,15 @@
 		"!dist/**/*.test.*"
 	],
 	"main": "dist/index.js",
-	"module": "dist/index.js",
 	"bin": "dist/main.js",
 	"repository": "github:NatoBoram/gigachad.ts",
 	"scripts": {
 		"build": "tsc",
 		"dev": "tsx ./src/main.ts",
-		"docker": "pnpm run docker:build && npm run docker:run",
+		"docker": "pnpm run docker:build && pnpm run docker:run",
 		"docker:build": "docker build -t gigachad.ts .",
 		"docker:run": "docker run gigachad.ts",
+		"docker:kill": "docker ps --format '{{.Image}} {{.ID}}' | grep gigachad.ts | awk '{print $2}' | xargs docker kill",
 		"docs": "typedoc",
 		"format": "prettier --write .",
 		"lint": "eslint . && prettier --check .",
@@ -61,11 +61,13 @@
 		"typescript": "~5.3.3",
 		"vitest": "^1.3.1"
 	},
+	"type": "module",
 	"exports": {
 		".": {
 			"types": "./dist/index.d.ts",
 			"default": "./dist/index.js"
 		}
 	},
-	"type": "module"
+	"types": "dist/index.d.ts",
+	"module": "dist/index.js"
 }

src/types/undici-types.d.ts

@@ -0,0 +1,3 @@
+declare module "undici-types" {
+	type Request = globalThis.Request
+}