Sync in jwks too

Signed-off-by: Kevin Fox <[email protected]>

.goreleaser.yaml

@@ -15,21 +15,51 @@ builds:
       - CGO_ENABLED=0
     goos:
       - linux
-    main: ./cmd
+    main: ./cmd/main.go
     binary: spire-ha-agent
+    id: spire-ha-agent
+  - env:
+      - CGO_ENABLED=0
+    goos:
+      - linux
+    main: ./cmd/spire-trust-sync-helper.go
+    binary: spire-trust-sync-helper
+    id: spire-trust-sync-helper
 
 archives:
   - format: tar.gz
+    builds:
+      - spire-ha-agent
+    # this name template makes the OS and Arch compatible with the results of `uname`.
+    name_template: >-
+      spire-ha-agent_
+      {{- title .Os }}_
+      {{- if eq .Arch "amd64" }}x86_64
+      {{- else if eq .Arch "386" }}i386
+      {{- else }}{{ .Arch }}{{ end }}
+      {{- if .Arm }}v{{ .Arm }}{{ end }}
+    files:
+      - systemd/[email protected]
+      - systemd/[email protected]
+      - README.md
+      - LICENSE
+    # use zip for windows archives
+    format_overrides:
+      - goos: windows
+        format: zip
+  - format: tar.gz
+    builds:
+      - spire-trust-sync-helper
     # this name template makes the OS and Arch compatible with the results of `uname`.
     name_template: >-
-      {{ .ProjectName }}_
+      spire-trust-sync-helper_
       {{- title .Os }}_
       {{- if eq .Arch "amd64" }}x86_64
       {{- else if eq .Arch "386" }}i386
       {{- else }}{{ .Arch }}{{ end }}
       {{- if .Arm }}v{{ .Arm }}{{ end }}
     files:
-      - systemd/*
+      - systemd/[email protected]  
       - README.md
       - LICENSE
     # use zip for windows archives

systemd/spire-trust-sync@.service

@@ -13,12 +13,13 @@ RuntimeDirectory=spire/trust-sync/%i
 RuntimeDirectoryPreserve=true
 ConfigurationDirectory=spire/trust-sync
 Environment="SPIRE_AGENT_ADDRESS=/var/run/spire/agent/sockets/%i/public/api.sock"
-Environment="SPIRE_TRUST_SYNC_BUNDLE=/var/run/spire/trust-sync/%i/ca.crt"
+Environment="SPIRE_TRUST_SYNC_WD=/var/run/spire/trust-sync/%i"
+EnvironmentFile=-/etc/spiffe/default-trust-domain.env
 EnvironmentFile=-/etc/spire/trust-sync/default.conf
 EnvironmentFile=-/etc/spire/trust-sync/%i.conf
 ExecStart=/bin/spiffe-helper -config /var/run/spire/trust-sync/%i/helper.conf
 ExecStartPre=mkdir -p /run/spire/trust-sync/%i/
-ExecStartPre=/bin/bash -c "echo Y2VydF9kaXIgPSAiQENEQCIKc3ZpZF9maWxlX25hbWUgPSAidGxzLmNydCIKc3ZpZF9rZXlfZmlsZV9uYW1lID0gInRscy5rZXkiCnN2aWRfYnVuZGxlX2ZpbGVfbmFtZSA9ICJjYS5jcnQiCmNtZCA9ICJiYXNoIgpjbWRfYXJncyA9ICItYyBcInNwaXJlLXNlcnZlciBidW5kbGUgc2V0IC1pZCBzcGlmZmU6Ly8ke1NQSVJFX1RSVVNUX1NZTkNfVFJVU1RET01BSU59IC1zb2NrZXRQYXRoICR7U1BJUkVfU0VSVkVSX1NPQ0tFVH0gPCAke1NQSVJFX1RSVVNUX1NZTkNfQlVORExFfVwiIgo= | base64 -d > /var/run/spire/trust-sync/%i/helper.conf"
+ExecStartPre=/bin/bash -c "echo Y2VydF9kaXIgPSAiQENEQCIKc3ZpZF9maWxlX25hbWUgPSAidGxzLmNydCIKc3ZpZF9rZXlfZmlsZV9uYW1lID0gInRscy5rZXkiCnN2aWRfYnVuZGxlX2ZpbGVfbmFtZSA9ICJjYS5jcnQiCmp3dF9idW5kbGVfZmlsZV9uYW1lID0gImp3dF9idW5kbGUuanNvbiIKY21kID0gImJhc2giCmNtZF9hcmdzID0gIi1lYyBcImNkICR7U1BJUkVfVFJVU1RfU1lOQ19XRH07IC91c3IvbGliZXhlYy9zcGlyZS90cnVzdC1zeW5jL3NwaXJlLXRydXN0LXN5bmMtaGVscGVyID4gYnVuZGxlLnNwaWZmZTsgc3BpcmUtc2VydmVyIGJ1bmRsZSBzZXQgLWlkIHNwaWZmZTovLyR7U1BJUkVfVFJVU1RfU1lOQ19UUlVTVERPTUFJTn0gLXNvY2tldFBhdGggJHtTUElSRV9TRVJWRVJfU09DS0VUfSAtZm9ybWF0IHNwaWZmZSA8IGJ1bmRsZS5zcGlmZmVcIiIK | base64 -d > /var/run/spire/trust-sync/%i/helper.conf"
 ExecStartPre=/bin/sed -i "s^@CD@^/var/run/spire/trust-sync/%i^" /var/run/spire/trust-sync/%i/helper.conf
 # https://gist.github.com/ageis/f5595e59b1cddb1513d1b425a323db04
 LockPersonality=true