OCI distro (#64)

fixes #9

Author: 0x77dev

.github/workflows/ci.yml

@@ -3,27 +3,38 @@ name: CI
 on:
   push:
     branches: [main]
+    tags: ["v*"]
   pull_request:
     types: [opened, synchronize, reopened, ready_for_review]
 
+env:
+  IMAGE: ghcr.io/${{ github.repository }}
+
 jobs:
   build:
     name: Build (${{ matrix.name }})
     runs-on: ${{ matrix.runs_on }}
+    defaults:
+      run:
+        shell: nix develop --command bash -eo pipefail {0}
     permissions:
       id-token: write
       contents: read
       attestations: write
+      packages: write
     strategy:
       fail-fast: false
       matrix:
         include:
           - name: linux-amd64
             runs_on: ubuntu-24.04
+            platform: linux-amd64
           - name: linux-arm64
             runs_on: ubuntu-24.04-arm
+            platform: linux-arm64
           - name: macos-arm64
             runs_on: macos-26
+            platform: darwin-arm64
 
     steps:
       - name: Checkout
@@ -65,20 +76,55 @@ jobs:
           name: pdf-sign-${{ matrix.name }}
           path: dist/*
 
-  shell:
-    name: Dev Shell (${{ matrix.name }})
-    runs-on: ${{ matrix.runs_on }}
-    strategy:
-      fail-fast: false
-      matrix:
-        include:
-          - name: linux-amd64
-            runs_on: ubuntu-24.04
-          - name: linux-arm64
-            runs_on: ubuntu-24.04-arm
-          - name: macos-arm64
-            runs_on: macos-26
+      # --- OCI image build and push (all platforms) ---
+
+      - name: Build streaming image
+        run: |
+          nix build .#image --out-link image
 
+      - name: Login to GHCR
+        if: github.event.pull_request.head.repo.fork != true
+        run: |
+          skopeo login ghcr.io \
+            --username "${{ github.actor }}" \
+            --password "${{ secrets.GITHUB_TOKEN }}" \
+            --compat-auth-file "$HOME/.docker/config.json"
+
+      - name: Push image to GHCR
+        id: push-image
+        if: github.event.pull_request.head.repo.fork != true
+        run: |
+          printf '{"default":[{"type":"reject"}],"transports":{"docker-archive":{"":[{"type":"insecureAcceptAnything"}]},"docker":{"ghcr.io/%s":[{"type":"insecureAcceptAnything"}]}}}\n' \
+            "${{ github.repository }}" > "$RUNNER_TEMP/skopeo-policy.json"
+          ./image | gzip --fast | skopeo \
+            --policy "$RUNNER_TEMP/skopeo-policy.json" \
+            copy \
+            --digestfile "$RUNNER_TEMP/image-digest" \
+            docker-archive:/dev/stdin \
+            "docker://$IMAGE:sha-${GITHUB_SHA::7}-${{ matrix.platform }}"
+          echo "digest=$(cat "$RUNNER_TEMP/image-digest")" >> "$GITHUB_OUTPUT"
+
+      - name: Attest image
+        if: github.event.pull_request.head.repo.fork != true
+        uses: actions/attest-build-provenance@v4
+        with:
+          subject-name: ${{ env.IMAGE }}
+          subject-digest: ${{ steps.push-image.outputs.digest }}
+          push-to-registry: true
+
+  docker:
+    name: Docker Manifest
+    if: github.event.pull_request.head.repo.fork != true
+    needs: build
+    runs-on: ubuntu-24.04
+    defaults:
+      run:
+        shell: nix develop --command bash -eo pipefail {0}
+    permissions:
+      id-token: write
+      contents: read
+      packages: write
+      attestations: write
     steps:
       - name: Checkout
         uses: actions/checkout@v6
@@ -95,7 +141,74 @@ jobs:
           name: pdf-sign
           authToken: ${{ secrets.CACHIX_AUTH_TOKEN }}
 
-      - name: Build dev shell
+      - name: Login to GHCR
+        run: |
+          skopeo login ghcr.io \
+            --username "${{ github.actor }}" \
+            --password "${{ secrets.GITHUB_TOKEN }}" \
+            --compat-auth-file "$HOME/.docker/config.json"
+
+      - name: Compute tags
+        id: tags
+        run: |
+          SHA_SHORT="${GITHUB_SHA::7}"
+          TAGS="$IMAGE:sha-$SHA_SHORT"
+
+          if [[ "$GITHUB_REF" == refs/heads/main ]]; then
+            TAGS="$TAGS,$IMAGE:latest"
+          fi
+
+          if [[ "$GITHUB_REF" == refs/tags/v* ]]; then
+            VERSION="${GITHUB_REF#refs/tags/}"
+            TAGS="$TAGS,$IMAGE:$VERSION"
+            TAGS="$TAGS,$IMAGE:${VERSION#v}"
+
+            MINOR="${VERSION%.*}"
+            TAGS="$TAGS,$IMAGE:${MINOR#v}"
+
+            TAGS="$TAGS,$IMAGE:latest"
+          fi
+
+          echo "tags=$TAGS" >> "$GITHUB_OUTPUT"
+
+      - name: Create multi-platform manifest
+        run: |
+          SHA_SHORT="${GITHUB_SHA::7}"
+          IFS=',' read -ra TAG_ARRAY <<< "${{ steps.tags.outputs.tags }}"
+
+          FIRST_TAG="${TAG_ARRAY[0]}"
+          EXTRA_TAGS=()
+          for tag in "${TAG_ARRAY[@]:1}"; do
+            EXTRA_TAGS+=(--tags "${tag##*:}")
+          done
+
+          manifest-tool push from-args \
+            --platforms linux/amd64,linux/arm64,darwin/arm64 \
+            --template "$IMAGE:sha-$SHA_SHORT-OS-ARCH" \
+            --target "$FIRST_TAG" \
+            "${EXTRA_TAGS[@]}"
+
+      - name: Get manifest digest
+        id: digest
         run: |
-          nix develop --command true
+          SHA_SHORT="${GITHUB_SHA::7}"
+          DIGEST=$(skopeo inspect "docker://$IMAGE:sha-$SHA_SHORT" | jq -r '.Digest')
+          echo "digest=$DIGEST" >> "$GITHUB_OUTPUT"
 
+      - name: Attest manifest
+        uses: actions/attest-build-provenance@v4
+        with:
+          subject-name: ${{ env.IMAGE }}
+          subject-digest: ${{ steps.digest.outputs.digest }}
+          push-to-registry: true
+
+      - name: Verify attestations
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          sleep 5
+          IFS=',' read -ra TAG_ARRAY <<< "${{ steps.tags.outputs.tags }}"
+          for tag in "${TAG_ARRAY[@]}"; do
+            echo "Verifying $tag..."
+            gh attestation verify "oci://$tag" --repo "${{ github.repository }}"
+          done

README.md

@@ -1,7 +1,11 @@
 # pdf-sign
 
+[![built with garnix](https://img.shields.io/endpoint.svg?url=https%3A%2F%2Fgarnix.io%2Fapi%2Fbadges%2F0x77dev%2Fpdf-sign%3Fbranch%3Dmain)](https://garnix.io/repo/0x77dev/pdf-sign) [![CI](https://github.com/0x77dev/pdf-sign/actions/workflows/ci.yml/badge.svg)](https://github.com/0x77dev/pdf-sign/actions/workflows/ci.yml)
+
 PDF signing utility written in Rust that supports both **OpenPGP (GPG)** and **Sigstore (keyless OIDC)** signatures, appending cryptographic signatures directly to PDFs, making it easy to sign and verify documents without heavyweight PDF signing stacks, making your PDFs authentic, tamper-proof, while being fully compatible with regular readers.
 
+[![Watch the demo on X](https://pbs.twimg.com/amplify_video_thumb/2000478980236013569/img/FpmQTXfyxCD5yxaW.jpg)](https://twitter.com/0x77dev/status/2000481268258205919)
+
 [![asciicast](https://asciinema.org/a/JXR1crpqtcbMT1DIhD3dzXFB9.svg)](https://asciinema.org/a/JXR1crpqtcbMT1DIhD3dzXFB9)
 
 ## Why pdf-sign?
@@ -55,6 +59,54 @@ nix build
 ./result/bin/pdf-sign --help
 ```
 
+### Docker
+
+Multi-platform images (`linux/amd64`, `linux/arm64`, `darwin/arm64`) are published to GHCR with [build provenance attestations](https://docs.github.com/en/actions/security-for-github-actions/using-artifact-attestations).
+
+```bash
+docker pull ghcr.io/0x77dev/pdf-sign
+
+# Verify attestation
+gh attestation verify oci://ghcr.io/0x77dev/pdf-sign:latest --repo 0x77dev/pdf-sign
+```
+
+**GPG signing** — mount your host GPG agent socket and keyring (Linux only — [macOS Docker Desktop cannot forward Unix sockets](https://github.com/docker/for-mac/issues/483)):
+
+```bash
+docker run --rm \
+  -v "$(gpgconf --list-dirs agent-socket)":/gnupg/S.gpg-agent \
+  -v ~/.gnupg/pubring.kbx:/gnupg/pubring.kbx:ro \
+  -v "$PWD":/data \
+  ghcr.io/0x77dev/pdf-sign sign --key 0xDEADBEEF document.pdf
+```
+
+**Sigstore signing (interactive)** — forward the OIDC callback port:
+
+```bash
+docker run --rm \
+  -p 127.0.0.1:8080:8080 -e OIDC_REDIRECT_PORT=8080 \
+  -v "$PWD":/data \
+  ghcr.io/0x77dev/pdf-sign sign --backend sigstore document.pdf
+```
+
+**Sigstore signing (CI/non-interactive)** — pass a pre-obtained identity token:
+
+```bash
+docker run --rm \
+  -e SIGSTORE_IDENTITY_TOKEN="$OIDC_TOKEN" \
+  -v "$PWD":/data \
+  ghcr.io/0x77dev/pdf-sign sign --backend sigstore document.pdf
+```
+
+**Verify signatures:**
+
+```bash
+docker run --rm -v "$PWD":/data \
+  ghcr.io/0x77dev/pdf-sign verify document_signed.pdf \
+  --certificate-identity user@example.com \
+  --certificate-oidc-issuer https://accounts.google.com
+```
+
 ## Commands
 
 ### `sign` - Sign a PDF

crates/gpg/src/sign.rs

@@ -64,6 +64,8 @@ pub async fn create_signature(
   tracing::debug!("Connecting to GPG agent");
   use sequoia_gpg_agent as agent;
 
+  prepare_agent_pinentry();
+
   let ctx = agent::Context::new().context("Failed to create GPG agent context")?;
   let agent = agent::Agent::connect(&ctx)
     .await

crates/sigstore/src/sign.rs

@@ -256,8 +256,10 @@ async fn obtain_identity_token(
   .await
   .context("Failed to create OIDC authorization URL")?;
 
-  // Open browser for user authorization
-  webbrowser::open(oidc_url.0.as_ref()).context("Failed to open browser for OIDC authorization")?;
+  let auth_url = oidc_url.0.as_ref();
+  if webbrowser::open(auth_url).is_err() {
+    eprintln!("\nOpen this URL in your browser to authenticate:\n\n  {auth_url}\n");
+  }
 
   tracing::debug!(port = port, "Waiting for OIDC callback");
   let listener = sigstore::oauth::openidflow::RedirectListener::new(

flake.nix

@@ -69,6 +69,7 @@
           {
             default = package.pdfSign;
             pdf-sign = package.pdfSign;
+            image = package.image;
             inherit autocast;
           };
 

nix/git-hooks.nix

@@ -12,6 +12,7 @@ git-hooks.lib.${system}.run {
     nixfmt.enable = true;
     shellcheck.enable = true;
     rustfmt.enable = true;
+    actionlint.enable = true;
   };
 
   package = pkgs.prek;

nix/package.nix

@@ -57,27 +57,42 @@ rec {
     }
   );
 
-  image = pkgs.dockerTools.buildLayeredImage {
+  image = pkgs.dockerTools.streamLayeredImage {
     name = "ghcr.io/0x77dev/pdf-sign";
-    tag = "latest";
 
-    contents = [ pdfSign ];
+    contents = [
+      pdfSign
+      pkgs.dockerTools.caCertificates
+      pkgs.dockerTools.fakeNss
+      pkgs.iana-etc
+      pkgs.gnupg
+    ];
+
+    fakeRootCommands = ''
+      mkdir -p tmp
+      chmod 1777 tmp
+    '';
 
     config = {
-      Cmd = [ "${lib.getExe pdfSign}" ];
+      Entrypoint = [ "${lib.getExe pdfSign}" ];
       WorkingDir = "/data";
       Env = [
         "GNUPGHOME=/gnupg"
-        # OIDC_REDIRECT_PORT can be set at runtime for Sigstore signing
+        "SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt"
       ];
       Volumes = {
         "/gnupg" = { };
         "/data" = { };
       };
       ExposedPorts = {
-        # Dynamic OIDC redirect port (can be mapped with -p)
         "8080/tcp" = { };
       };
+      Labels = {
+        "org.opencontainers.image.source" = "https://github.com/0x77dev/pdf-sign";
+        "org.opencontainers.image.description" =
+          "Lightweight PDF signing with OpenPGP (GPG) and Sigstore (keyless OIDC)";
+        "org.opencontainers.image.licenses" = "GPL-3.0-only";
+      };
     };
   };
 }

nix/shell.nix

@@ -30,6 +30,11 @@ pkgs.mkShell {
       bun
       nodejs_24
 
+      # OCI tooling
+      skopeo
+      manifest-tool
+      jq
+
       # Demo tools
       asciinema
       autocast