From c73218c37fa9f9e1a2bb3d94d075578bce49fd89 Mon Sep 17 00:00:00 2001
From: Nato Boram <NatoBoram@users.noreply.github.com>
Date: Fri, 29 Mar 2024 13:46:56 -0400
Subject: [PATCH] =?UTF-8?q?=F0=9F=9A=9A=20Rename=20SSH=20key=20secret=20(#?=
 =?UTF-8?q?26)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* 🚚 Rename ssh key secret

* 🏷️ Add undici-types declaration file

* 📝 Update SSH key names in README.md

* 🔧 Update Docker scripts in package.json

* 🔧 Sort package.json from docs
---
 .github/allowed_signers.txt               |  1 -
 .github/authorized_keys                   |  1 +
 .github/workflows/pnpm-publish.yaml       | 17 +++++++++--------
 .github/workflows/pnpm-version-patch.yaml |  8 ++++----
 README.md                                 |  4 ++--
 package.json                              |  8 +++++---
 src/types/undici-types.d.ts               |  3 +++
 7 files changed, 24 insertions(+), 18 deletions(-)
 delete mode 100644 .github/allowed_signers.txt
 create mode 100644 .github/authorized_keys
 create mode 100644 src/types/undici-types.d.ts

diff --git a/.github/allowed_signers.txt b/.github/allowed_signers.txt
deleted file mode 100644
index d384e45..0000000
--- a/.github/allowed_signers.txt
+++ /dev/null
@@ -1 +0,0 @@
-41898282+github-actions[bot]@users.noreply.github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHOT3aO1DDeMaG+eNH8FbMxYRpLt+O0Gnwrt4M+Al/DJ @natoboram/gigachad.ts
diff --git a/.github/authorized_keys b/.github/authorized_keys
new file mode 100644
index 0000000..9f4541c
--- /dev/null
+++ b/.github/authorized_keys
@@ -0,0 +1 @@
+41898282+github-actions[bot]@users.noreply.github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE0nNJJzdXWCLFEqZd4BMgzbTfabG3Z2kamWwXOpRqBI 41898282+github-actions[bot]@users.noreply.github.com
diff --git a/.github/workflows/pnpm-publish.yaml b/.github/workflows/pnpm-publish.yaml
index 008dc45..1e80a3b 100644
--- a/.github/workflows/pnpm-publish.yaml
+++ b/.github/workflows/pnpm-publish.yaml
@@ -10,8 +10,9 @@ jobs:
     runs-on: ubuntu-latest
 
     permissions:
-      contents: read
-      packages: write
+      contents: write # Upload the release files
+      id-token: write # Add `--provenance`
+      packages: write # Publish the package
 
     if: github.actor != 'nektos/act'
 
@@ -31,7 +32,7 @@ jobs:
         with:
           registry-url: https://npm.pkg.github.com
           scope: "@natoboram"
-      - run: pnpm publish --access public --no-git-checks
+      - run: pnpm publish --access public --no-git-checks --provenance
         env:
           NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
@@ -39,7 +40,7 @@ jobs:
         with:
           registry-url: https://registry.npmjs.org
           scope: "@natoboram"
-      - run: pnpm publish --access public --no-git-checks
+      - run: pnpm publish --access public --no-git-checks --provenance
         env:
           NODE_AUTH_TOKEN: ${{ secrets.NODE_AUTH_TOKEN }}
 
@@ -47,10 +48,10 @@ jobs:
       - name: Sign
         run: |
           eval `ssh-agent -s`
-          ssh-add - <<< '${{ secrets.SIGNING_KEY_PRIVATE }}'
-          echo '${{ vars.SIGNING_KEY_PUBLIC }}' > '${{ runner.temp }}/SIGNING_KEY_PUBLIC.pub'
-          ssh-keygen -Y sign -f '${{ runner.temp }}/SIGNING_KEY_PUBLIC.pub' -n file natoboram-gigachad.ts-*.tgz
-          ssh-keygen -Y verify -f ./.github/allowed_signers.txt -I '41898282+github-actions[bot]@users.noreply.github.com' -n file -s natoboram-gigachad.ts-*.tgz.sig < natoboram-gigachad.ts-*.tgz
+          ssh-add - <<< '${{ secrets.DEPLOY_KEY_PRIVATE }}'
+          echo '${{ vars.DEPLOY_KEY_PUBLIC }}' > '${{ runner.temp }}/DEPLOY_KEY_PUBLIC.pub'
+          ssh-keygen -Y sign -f '${{ runner.temp }}/DEPLOY_KEY_PUBLIC.pub' -n file natoboram-gigachad.ts-*.tgz
+          ssh-keygen -Y verify -f ./.github/authorized_keys -I '41898282+github-actions[bot]@users.noreply.github.com' -n file -s natoboram-gigachad.ts-*.tgz.sig < natoboram-gigachad.ts-*.tgz
       - run: gh release upload ${{ github.ref_name }} natoboram-gigachad.ts-*.tgz natoboram-gigachad.ts-*.tgz.sig
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/pnpm-version-patch.yaml b/.github/workflows/pnpm-version-patch.yaml
index 0d5de45..9972fe2 100644
--- a/.github/workflows/pnpm-version-patch.yaml
+++ b/.github/workflows/pnpm-version-patch.yaml
@@ -14,7 +14,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
         with:
-          ssh-key: ${{ secrets.SIGNING_KEY_PRIVATE }}
+          ssh-key: ${{ secrets.DEPLOY_KEY_PRIVATE }}
       - uses: pnpm/action-setup@v3
         with:
           version: latest
@@ -29,15 +29,15 @@ jobs:
 
           git config commit.gpgsign true
           git config gpg.format ssh
-          git config user.signingkey 'key::${{ vars.SIGNING_KEY_PUBLIC }}'
+          git config user.signingkey 'key::${{ vars.DEPLOY_KEY_PUBLIC }}'
 
           eval `ssh-agent -s`
-          ssh-add - <<< '${{ secrets.SIGNING_KEY_PRIVATE }}'
+          ssh-add - <<< '${{ secrets.DEPLOY_KEY_PRIVATE }}'
 
           VERSION=$(pnpm version patch --no-git-tag-version)
 
           git commit --all --message "🔖 $VERSION"
-          git tag $VERSION
+          git tag --annotate --message "🔖 $VERSION" --sign $VERSION
           git push
           git push --tags
 
diff --git a/README.md b/README.md
index f879e16..79b095e 100644
--- a/README.md
+++ b/README.md
@@ -29,8 +29,8 @@ This template offers a GitHub Workflow to help you automatically bump the versio
 To make the `git push` work when signed commits are enforced (because you are a gigachad), you'll need to provide a SSH key.
 
 1. Genereate a SSH key with <https://docs.github.com/en/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent#generating-a-new-ssh-key>
-2. Add the private key to your project's secrets at `/settings/secrets/actions/new` with the name `SIGNING_KEY_PRIVATE`
-3. Add the public key to your project's variables at `/settings/variables/actions/new` with the name `SIGNING_KEY_PUBLIC`
+2. Add the private key to your project's secrets at `/settings/secrets/actions/new` with the name `DEPLOY_KEY_PRIVATE`
+3. Add the public key to your project's variables at `/settings/variables/actions/new` with the name `DEPLOY_KEY_PUBLIC`
 4. Add the public key to your project's deploy keys at `/settings/keys`
 
 To publish on NPM, you'll need to provide your NPM token.
diff --git a/package.json b/package.json
index 720e0c2..092e98c 100644
--- a/package.json
+++ b/package.json
@@ -34,15 +34,15 @@
 		"!dist/**/*.test.*"
 	],
 	"main": "dist/index.js",
-	"module": "dist/index.js",
 	"bin": "dist/main.js",
 	"repository": "github:NatoBoram/gigachad.ts",
 	"scripts": {
 		"build": "tsc",
 		"dev": "tsx ./src/main.ts",
-		"docker": "pnpm run docker:build && npm run docker:run",
+		"docker": "pnpm run docker:build && pnpm run docker:run",
 		"docker:build": "docker build -t gigachad.ts .",
 		"docker:run": "docker run gigachad.ts",
+		"docker:kill": "docker ps --format '{{.Image}} {{.ID}}' | grep gigachad.ts | awk '{print $2}' | xargs docker kill",
 		"docs": "typedoc",
 		"format": "prettier --write .",
 		"lint": "eslint . && prettier --check .",
@@ -61,11 +61,13 @@
 		"typescript": "~5.3.3",
 		"vitest": "^1.3.1"
 	},
+	"type": "module",
 	"exports": {
 		".": {
 			"types": "./dist/index.d.ts",
 			"default": "./dist/index.js"
 		}
 	},
-	"type": "module"
+	"types": "dist/index.d.ts",
+	"module": "dist/index.js"
 }
diff --git a/src/types/undici-types.d.ts b/src/types/undici-types.d.ts
new file mode 100644
index 0000000..fb12213
--- /dev/null
+++ b/src/types/undici-types.d.ts
@@ -0,0 +1,3 @@
+declare module "undici-types" {
+	type Request = globalThis.Request
+}