improve (signature): sign build with gpg

.drone.yml

@@ -39,13 +39,6 @@ steps:
   - make build_backend
   - timeout 1 ./dist/filestash || true
 
-- name: build_finalise
-  image: debian:latest
-  depends_on: [ build_go, build_js ]
-  commands:
-  - cp -R dist /tmp/filestash
-  - tar -C /tmp/ -zcf filestash_linux-amd64.tar.gz ./filestash
-
 - name: test_prepare
   image: alpine:latest
   depends_on: [ clone ]
@@ -60,7 +53,7 @@ steps:
 
 - name: test_frontend
   image: node:8-alpine
-  depends_on: [ test_prepare ]
+  depends_on: [ test_prepare, build_frontend ]
   commands:
   - cd ../test/unit_js
   - npm install --silent
@@ -68,7 +61,7 @@ steps:
 
 - name: test_backend
   image: golang:1.12-alpine
-  depends_on: [ test_prepare ]
+  depends_on: [ test_prepare, build_backend ]
   commands:
   - apk add git gcc libc-dev poppler-utils > /dev/null
   - cp ../test/assets/* /tmp/
@@ -77,7 +70,7 @@ steps:
 
 - name: test_e2e
   image: machines/puppeteer
-  depends_on: [ build_prepare, build_js, build_go ]
+  depends_on: [ build_frontend, build_backend ]
   environment:
     ADMIN_PASSWORD: $$2a$$10$$9OFbPZV4lYpYjU5eUi91o.kgeMyCuW11j878YBRri3gBwccq2lSFy
     APP_URL: http://127.0.0.1:8334
@@ -89,9 +82,25 @@ steps:
   - node servers/webdav.js > /dev/null &
   - npm test
 
-- name: release_artifact
+- name: release_prepare
+  image: debian:stable-slim
+  depends_on: [ test_e2e ]
+  environment:
+    GPG_PRIVATE:
+      from_secret: GPG_PRIVATE
+    GPG_PASSPHRASE:
+      from_secret: GPG_PASSPHRASE
+  commands:
+  - apt-get update > /dev/null && apt-get install -y gnupg1 curl > /dev/null
+  - mv dist filestash
+  - tar -cf filestash_linux-amd64.tar ./filestash
+  - curl -s "https://downloads.filestash.app/gpg?private=$GPG_PASSPHRASE" > /tmp/private.key
+  - echo $GPG_PASSPHRASE | gpg1 --import /tmp/private.key
+  - echo $GPG_PASSPHRASE | gpg1 --sign --passphrase-fd 0 --default-key mickael@kerjean.me --no-tty filestash_linux-amd64.tar
+
+- name: release_publish
   image: appleboy/drone-scp
-  depends_on: [ test_go, test_js, test_e2e ]
+  depends_on: [ release_prepare ]
   when:
     branch: master
   settings:
@@ -101,12 +110,12 @@ steps:
       from_secret: SSH_USERNAME
     password:
       from_secret: SSH_PASSWORD
-    source: filestash_linux-amd64.tar.gz
+    source: filestash_linux-amd64.tar.gpg
     target: /app/pages/data/projects/filestash/downloads/latest/
 
 - name: release_docker
   image: plugins/docker
-  depends_on: [ release_artifact ]
+  depends_on: [ release_publish ]
   when:
     branch: master
   settings:
@@ -118,7 +127,7 @@ steps:
       from_secret: DOCKER_PASSWORD
     tags: latest
 
-- name: deploy
+- name: release_deploy
   image: appleboy/drone-ssh
   depends_on: [ release_docker ]
   when:
@@ -137,9 +146,9 @@ steps:
     - docker-compose up -d --force-recreate --build
     - docker image prune -f
 
-- name: report
+- name: release_report
   image: plugins/irc
-  depends_on: [ deploy ]
+  depends_on: [ release_deploy ]
   when:
     branch: master
   settings:

docker/Dockerfile

@@ -1,15 +1,17 @@
 FROM debian:stable-slim
 MAINTAINER mickael@kerjean.me
 
+ENV PUBLIC_KEY="-----BEGIN PGP PUBLIC KEY BLOCK-----\\n\\nmQENBFzLpYEBCADOOzgckQCQRrPrq15awP5Xj3BCytNjAXDixISR3Oyq0TP9PD3z\\nAp6zwOd5B4NpwCk2vQdOaq3qRKcMGFUEDNElL9WkzBixSyqj1GNCTrtJCNtJQ3TX\\nuKebrJ1DRs1vjO/tSFMgzlF843gwgy926vVdhJKRZ+13ZrWGbbWq2wilRCYXYTkw\\n+2niWXJCe22bpofAoNmNkHGmMsImCpB/P6sE803iJgTkKgU8uzZxQdeH39LaL7Ha\\nZ8aPisOO6oc5aEQ9Lx31K5cyC+373nGq56Jh0qpJjJnuT6jeHt4uYcF/OnExUf94\\nmPwv0+5kEgIfaq8qY2nwwMX9ZIqjARcS0ufVABEBAAG0JE1pY2thZWwgS2VyamVh\\nbiA8bWlja2FlbEBrZXJqZWFuLm1lPokBVAQTAQgAPhYhBHPmP6wrA9RH5bNj1lF0\\n5OJyO2PrBQJcy6WBAhsDBQkDwmcABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJ\\nEFF05OJyO2PrnQUH/0+CV+4EiOlEYR2mFPCvJ44nt7r500wUaE9ifkdnG1cUnJY7\\n/kX7ZmSXH0atplklHTl+HjPf2l95gz1dDXhk1uZ63fcguJqk38De22wSMFqgLiBp\\nj+1JcvJs+41afX7xry6GABPP3YYJTa6xtUAS3TloG7CVUCoLHmh7TNI7+KqOYLTQ\\nw6qTN5oA5Bq108O0To2V5OmzvSVohF6GN0RwOzibaP+bsbOZt0UNPyTrjbEbbHYM\\nFL8eO3uR2quMLvZiz6asBmLBAvdvf5AtOgrWfa1krobEZOGcZtgNRJ6EumHLzESF\\n/d0AEB0CdB3jfIfusLLj499gJXJ/o2GrGx/zFvO5AQ0EXMulgQEIALMfHawDbtNP\\nNn50E4E1pkWb4Rfdyr3mLWjRmqmCzWud+XwD3biu1g/fFaH4/d51SvVSg8M26bdF\\n0wTzw/fJZBCFICWkZgsdVa59aY8IstEVmQAOw5xUW2jItr2MKgmRUQ5Y50Hj64DG\\nyH9tn8L1W7Mf6+IzU6hhtaDm13TR7w1kfldWxrUrWTJ12Krd8WAOJN8Dg97bwxID\\ncrfrT2OMTGM9hnV63hIOme/ho5KvNTn3NuOmbbRAY/bjnoDFINTBg1DXddR0AkcJ\\nnXsN/lQbjvfIAOW3uk53HcZBk2aKc0tEx3IcS8z8shSutr5cV/pM1muyzEc7QlYF\\nLcH7GhQFyykAEQEAAYkBPAQYAQgAJhYhBHPmP6wrA9RH5bNj1lF05OJyO2PrBQJc\\ny6WBAhsMBQkDwmcAAAoJEFF05OJyO2PrmVAH/AvR0JJQlrWoFjz9tJkM5tzqtV2x\\nl7mufKwldP2xAAFVg4mLZpEyeIhLAmaYgvdNg0IbOUCKm2BZHKVLPzHFchPV+L05\\nzLYtI8lRfbuXjHQnMhWzorUdHGsi01cFPhnelRUkk+eCwopcdvIKQZBP3f+YAefj\\ntqH0aeggcEp5EpgDs99gE4fwymcKd1XgcfQO/p36Pp7N2pWPpVEJlCqFQ6QwlXCr\\n4zGTPqs+1dj94kg9948z/YUtxevSSmFwGpVFtz6rMp2xwjzKDFLSntZwWAnL/cNR\\nLahn9jFK+fiLn435EF4hMU3jk+0+PcXPeptfwPqPgoJLG4hG0O+IOIbRD78=\\n=XPwb\\n-----END PGP PUBLIC KEY BLOCK-----\\n"
+
 RUN apt-get update > /dev/null && \
     #################
     # Install
-    apt-get install -y libglib2.0-0 curl > /dev/null && \
-    curl -s https://downloads.filestash.app/latest/filestash_linux-amd64.tar.gz > /tmp/filestash.tar.gz && \
-    mkdir /app/ && \
-    tar zxf /tmp/filestash.tar.gz -C /tmp/ && \
-    mv /tmp/filestash/* /app/ && \
-    rm -rf /tmp/filestash* && \
+    apt-get install -y libglib2.0-0 curl gnupg > /dev/null && \
+    echo $PUBLIC_KEY | gpg --import && \
+    cd /tmp/ && \
+    curl -s https://downloads.filestash.app/latest/filestash_linux-amd64.tar.gpg | gpg --decrypt | tar xf - && \
+    mv filestash /app/ && \
+    apt-get purge -y --auto-remove gnupg && \
     #################
     # Optional dependencies
     apt-get install -y curl emacs zip poppler-utils > /dev/null&& \
@@ -40,7 +42,8 @@ RUN apt-get update > /dev/null && \
     useradd filestash && \
     chown -R filestash:filestash /app/ && \
     rm -rf /var/lib/apt/lists/* && \
-    rm -rf /tmp/*
+    rm -rf /tmp/* && \
+    timeout 1 /app/filestash | grep -q start
 
 EXPOSE 8334
 VOLUME ["/app/data/"]