added docker file and gpg public key for data encryption

.github/workflows/serve-encrypt.yml

@@ -0,0 +1,68 @@
+name: Serve-Encrypt workflow
+
+on:
+  push:
+    paths:
+      - "serve-encrypt/**"
+  # Adds ability to run this workflow manually
+  workflow_dispatch:
+    inputs:
+      logLevel:
+        description: 'Log level'
+        required: true
+        default: 'warning'
+        type: choice
+        options:
+        - info
+        - warning
+        - debug
+      tags:
+        description: 'Manual run'
+        required: false
+        type: boolean
+
+jobs:
+
+  push: 
+    if: | 
+      github.ref == 'refs/heads/main' &&
+      github.repository == 'scilifelabdatacentre/serve-images'
+    needs: build_and_test
+    runs-on: ubuntu-latest
+    concurrency:
+      group: '${{ github.workflow }} @ ${{ github.event.pull_request.head.label || github.head_ref || github.ref }}'
+      cancel-in-progress: true
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - name: 'Checkout github action'
+        uses: actions/checkout@main
+
+      - name: Docker meta
+        id: meta
+        uses: docker/metadata-action@v4
+        with:
+          images: ghcr.io/scilifelabdatacentre/serve-encrypt
+          tags: |
+            type=raw,value={{date 'YYMMDD-HHmm' tz='Europe/Stockholm'}}
+
+      - name: 'Login to GHCR'
+        uses: docker/login-action@v1
+        with:
+          registry: ghcr.io
+          username: ${{github.actor}}
+          password: ${{secrets.GITHUB_TOKEN}}
+
+      - name: Publish image to GHCR
+        uses: docker/build-push-action@v3
+        with:
+          file: ./serve-encrypt/Dockerfile
+          context: ./serve-encrypt
+          push: true
+          build-args: version=${{ github.ref_name }}
+          tags: |
+            ${{ steps.meta.outputs.tags }}
+            ghcr.io/scilifelabdatacentre/serve-encrypt:latest
+          labels: ${{ steps.meta.outputs.labels }}

serve-encrypt/Dockerfile

@@ -0,0 +1,29 @@
+# Use an official Debian as a parent image for a lightweight build
+FROM debian:stable-slim
+
+# Install PostgreSQL client and GPG
+RUN apt-get update && apt-get install -y gnupg2 curl postgresql-client && apt-get clean && rm -rf /var/lib/apt/lists/*
+
+# Create a non-root user and group (using user ID 1000 and group ID 1000 for compatibility)
+# Fixed commands for Debian
+RUN groupadd -g 1000 pguser && \
+    useradd -m -u 1000 -g pguser pguser
+
+# Set the GNUPGHOME environment variable
+ENV GNUPGHOME=/home/pguser/.gnupg
+
+# Set working directory
+WORKDIR /home/pguser
+
+# Copy the GPG public key
+COPY gpg-public-key /home/pguser/gpg-public-key
+
+# Import the GPG key
+# The command to switch users before running a command has also been adjusted for Debian compatibility
+RUN chown pguser:pguser /home/pguser/gpg-public-key && \
+    chmod 600 /home/pguser/gpg-public-key && \
+    su pguser -c 'gpg --import /home/pguser/gpg-public-key'
+
+# Switch to the non-root user
+USER pguser
+

serve-encrypt/gpg-public-key

@@ -0,0 +1,13 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mDMEZdi2zRYJKwYBBAHaRw8BAQdAWiUZyQidLNI7H5h2guFRX7Z5XMq7xlezOTPU
+4E7WLSy0IU1vbnR5UHl0aG9uIDxzZXJ2ZUBzY2lsaWZlbGFiLnNlPoiZBBMWCgBB
+FiEEFMj00C+87r6gxkIweUw2dG7WihkFAmXYts0CGwMFCQWjmoAFCwkIBwICIgIG
+FQoJCAsCBBYCAwECHgcCF4AACgkQeUw2dG7WihluEAD/e0/fe2ZWu+qsbANLrIeC
+SDcuUOhOjyExEqYUsYBuxxAA+wbnERFA6nO19tZEEVBXYz0yIbSQyCKh4CTPoUBj
+4g4EuDgEZdi2zRIKKwYBBAGXVQEFAQEHQKyr292yAwCT0lK/RaU+BBAFaSywvgvp
+0YXqHyjrHBUQAwEIB4h+BBgWCgAmFiEEFMj00C+87r6gxkIweUw2dG7WihkFAmXY
+ts0CGwwFCQWjmoAACgkQeUw2dG7Wihli3AEAqd2f5uOgNylWH0HeLfnAR2xUz69G
+lQdnr5MH33bDUu0A/1Q7OvzCTXQmjxFrAyqEn8UDs3y+wCri3z0OfX49ElgK
+=pyub
+-----END PGP PUBLIC KEY BLOCK-----