From 344952d6b244e9ba084223fc9304a98d4f1ba38d Mon Sep 17 00:00:00 2001
From: Danut Ilisei <danut.ilisei@bitpanda.com>
Date: Tue, 4 Jun 2024 10:27:04 +0200
Subject: [PATCH] fix: check and generate the signare key correctly

---
 .github/workflows/ci.yaml | 20 ++++++++++----------
 Dockerfile                |  6 ++++--
 docker-compose.yml        |  6 ++++--
 linux/debian/postinst     | 20 ++++++++++----------
 4 files changed, 28 insertions(+), 24 deletions(-)

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index ed36dd1..ba2ddf4 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -36,16 +36,6 @@ jobs:
           restore-keys: |
             ${{ runner.os }}-buildx-v1.0-service-node-
 
-      - name: Build and load
-        run: |
-          docker buildx bake \
-            --set "*.cache-from=type=local,src=/tmp/.buildx-cache" \
-            --set "*.cache-to=type=local,dest=/tmp/.buildx-cache-new" \
-            --set "*.platform=linux/amd64" \
-            --builder ${{ steps.buildx.outputs.name }} \
-            -f docker-compose.yml \
-            --load
-
       - name: Create local keystore
         run: |
           echo "1234" >> password.keystore
@@ -64,6 +54,16 @@ jobs:
           cat password.key | ./scripts/generate-signer-key.py
           mv signer-key*.pem signer_key.pem
 
+      - name: Build and load
+        run: |
+          docker buildx bake \
+            --set "*.cache-from=type=local,src=/tmp/.buildx-cache" \
+            --set "*.cache-to=type=local,dest=/tmp/.buildx-cache-new" \
+            --set "*.platform=linux/amd64" \
+            --builder ${{ steps.buildx.outputs.name }} \
+            -f docker-compose.yml \
+            --load
+
       # - name: Test image
       #   run: |
       #     docker compose up -d
diff --git a/Dockerfile b/Dockerfile
index b3996a0..a7ba1f0 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -14,10 +14,12 @@ RUN apt-get update
 
 COPY --from=dev /app/dist/*.deb .
 
+ENV SIGNER_KEY_PASSWORD="something"
+
 RUN if [ -f ./*-signed.deb ]; then \
-        apt-get install -y --no-install-recommends ./*-signed.deb; \
+    apt-get install -y --no-install-recommends ./*-signed.deb; \
     else \
-        apt-get install -y --no-install-recommends ./*.deb; \
+    apt-get install -y --no-install-recommends ./*.deb; \
     fi && \
     rm -rf *.deb && \
     apt-get clean && \
diff --git a/docker-compose.yml b/docker-compose.yml
index 8ac33fe..68fc00a 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -32,6 +32,7 @@ services:
       APP_URL: http://app:8080
       APP_LOG_FILE_ENABLED: false
       APP_LOG_FORMAT: human_readable
+      SIGNER_KEY_PASSWORD: 'pass'
       DB_URL: postgresql://pantos-service-node:pantos@db/pantos-service-node
       CELERY_BROKER: amqp://pantos-service-node:pantos@broker:5672/pantos-service-node
       CELERY_BACKEND: db+postgresql://pantos-service-node:pantos@db/pantos-service-node-celery
@@ -70,6 +71,7 @@ services:
       APP_PORT: 8080
       APP_URL: http://app:8080
       CELERY_LOG_FORMAT: human_readable
+      SIGNER_KEY_PASSWORD: 'pass'
       CELERY_LOG_FILE_ENABLED: false
       DB_URL: postgresql://pantos-service-node:pantos@db/pantos-service-node
       CELERY_BROKER: amqp://pantos-service-node:pantos@broker:5672/pantos-service-node
@@ -90,7 +92,7 @@ services:
     image: postgres:latest
     restart: on-failure
     healthcheck:
-      test: ["CMD", "pg_isready", "-U", "postgres"]
+      test: [ "CMD", "pg_isready", "-U", "postgres" ]
       interval: 10s
       timeout: 5s
       retries: 5
@@ -113,7 +115,7 @@ services:
     networks:
       pantos-service-node:
     healthcheck:
-      test: ["CMD", "rabbitmqctl", "status"]
+      test: [ "CMD", "rabbitmqctl", "status" ]
       interval: 10s
       timeout: 5s
       retries: 5
diff --git a/linux/debian/postinst b/linux/debian/postinst
index 13aada4..9356831 100644
--- a/linux/debian/postinst
+++ b/linux/debian/postinst
@@ -95,18 +95,18 @@ else
 fi
 
 # Signer key
-if [ ! -e "${signer_key_file}" || -z "$SIGNER_KEY_PASSWORD" ]; then
-  if [ ! command -v ssh-keygen ]; then
-    echo "ssh-keygen is not installed, please install the package with the recommended dependencies to generate the key"
-    exit 1
-  fi
-  echo "Signer key does not exist, generating new one"
-  read -s -p "Please enter your password for your pem file: " passwd
-  ssh-keygen -t ed25519 -f "$signer_key_file" -N "$passwd" >/dev/null 2>&1
-  echo "SIGNER_KEY_PASSWORD='$passwd'" >> ${env_file}
+if [ ! -e ${signer_key_file} ] || [ -z ${SIGNER_KEY_PASSWORD} ]; then
+    # Check if ssh-keygen is installed
+    if ! command -v ssh-keygen &>/dev/null; then
+        echo "ssh-keygen is not installed, please install the package with the recommended dependencies to generate the key"
+        exit 1
+    fi
+    echo "Signer key does not exist; generating a new one"
+    read -s -p "Please enter your password for your PEM file: " passwd
+    ssh-keygen -t ed25519 -f "$signer_key_file" -N "$passwd" >/dev/null 2>&1
+    echo "SIGNER_KEY_PASSWORD='$passwd'" >> "${env_file}"
 fi
 
-
 # Offchain bids
 if [ ! -e "${offchain_bids_default_file}" ]; then
   # if offchain bids default file does not exists, we add it, otherwise do nothing