From 69c854f401a8a107fe5c7df08b9b0210cc4c7739 Mon Sep 17 00:00:00 2001
From: Egor <egor@philippov.ca>
Date: Sat, 17 Jan 2026 00:11:01 -0800
Subject: [PATCH] more docker release updates

---
 .env.example              | 10 ++---
 README.md                 | 79 ++++++++++-----------------------------
 docker-compose.dev.yml    | 40 ++++++++++++++++++++
 docker-compose.yml        |  4 +-
 package.json              |  3 +-
 scripts/release-docker.ts | 51 +++++++++++++++++++++++++
 server/Dockerfile         |  2 +-
 7 files changed, 118 insertions(+), 71 deletions(-)
 create mode 100644 docker-compose.dev.yml
 create mode 100644 scripts/release-docker.ts

diff --git a/.env.example b/.env.example
index a8a506a..9377d1f 100644
--- a/.env.example
+++ b/.env.example
@@ -1,11 +1,7 @@
 # Optional: Protect endpoint registration with an API key (recommended for public deployments)
+# Default: unset (no authentication required)
 # API_KEY=your-secret-key-here
 
 # Optional: Enable verbose signal-cli logging
-# SIGNAL_CLI_VERBOSE=true
-
-# Android release signing (only needed for building production APKs)
-# KEYSTORE_FILE=./android/release.keystore
-# KEYSTORE_PASSWORD=<generated-password>
-# KEY_ALIAS=sup-release
-# KEY_PASSWORD=<generated-password>
+# Default: false
+# VERBOSE=true
diff --git a/README.md b/README.md
index e65c31b..d363559 100644
--- a/README.md
+++ b/README.md
@@ -49,33 +49,29 @@ After adding yourself to the docker group, **logout and login** for it to take e
 **Without ProtonMail** (just UnifiedPush):
 
 ```bash
-# Clone the repo
-git clone https://github.com/lone-cloud/sup.git
-cd sup
+# Download docker-compose.yml
+curl -L -O https://raw.githubusercontent.com/lone-cloud/sup/master/docker-compose.yml
 
 # Create .env file
 cat > .env << 'EOF'
-# Required: API key for securing your server
+# Optional: API key for remote access
+# Set this to protect your server when accessing it from outside your home network
+# (e.g., registering UnifiedPush apps while away from home)
+# Default: unset (no authentication required)
 API_KEY=your-random-secret-key-here
 
 # Optional: Enable verbose logging
+# Default: false
 VERBOSE=false
 EOF
 
-# Build and start SUP server only
+# Start SUP server
 docker compose up -d
 
 # Link your Signal account (one-time setup)
 # Visit http://localhost:8080/link and scan QR code with Signal app
 ```
 
-**With ProtonMail** (UnifiedPush + email notifications):
-
-```bash
-# Same setup as above, then start with protonmail profile
-docker compose --profile protonmail up -d
-```
-
 ### ProtonMail Integration (Optional)
 
 To receive ProtonMail notifications via Signal:
@@ -91,6 +87,7 @@ To receive ProtonMail notifications via Signal:
    - Enter your ProtonMail email
    - Enter your ProtonMail password
    - Enter your 2FA code
+   - Wait (potentially a long time) for ProtonMail Bridge to sync emails
 
 3. **Get IMAP credentials**:
    - Run: `info`
@@ -113,57 +110,21 @@ To receive ProtonMail notifications via Signal:
 
 Your phone will now receive Signal notifications when ProtonMail receives new emails.
 
-### Checking Logs
-
-```bash
-# Without ProtonMail
-docker compose logs -f
-
-# With ProtonMail
-docker compose --profile protonmail logs -f
-
-# View specific service
-docker compose logs -f sup-server
-docker compose --profile protonmail logs -f email-monitor
-docker compose --profile protonmail logs -f protonmail-bridge
-```
-
-### Stopping Services
-
-```bash
-# Without ProtonMail
-docker compose down
-
-# With ProtonMail
-docker compose --profile protonmail down
-
-# Stop and remove volumes (warning: deletes Signal/ProtonMail data)
-docker compose --profile protonmail down -v
-```
-
 ### Development
 
+For local development, use the dev compose file to build from source:
+
+```bash
+docker compose -f docker-compose.dev.yml up -d
+```
+
+Or run services directly with Bun:
+
 ```bash
 bun install
-bun dev
+bun --filter sup-server dev
 ```
 
-Visit `http://localhost:8080/link` to link your Signal account.
-
-## API Endpoints
-
-### UnifiedPush Protocol
-
-- `POST /up/{app_id}` - Register new endpoint
-- `DELETE /up/{app_id}` - Unregister endpoint
-- `GET /up` - Discovery endpoint
-- `POST /_matrix/push/v1/notify/{endpoint_id}` - Push notification
-
-### Management
-
-- `GET /health` - Health check
-- `GET /endpoints` - List registered endpoints
-
 ## How It Works
 
 1. Android app registers with server via `/up/{app_id}`
@@ -180,10 +141,8 @@ Download the latest APK from [GitHub Releases](https://github.com/lone-cloud/sup
 
 **Install via Obtainium:** [obtainium://add/https://github.com/lone-cloud/sup](obtainium://add/https://github.com/lone-cloud/sup)
 
-**Certificate Fingerprint for Obtainium verification:**
+**Certificate Fingerprint:**
 
 ```text
 0D:3C:99:15:0E:12:1A:DE:0D:AE:05:CB:16:46:5E:65:31:56:DC:D6:98:87:59:4E:79:B1:0D:AE:1E:56:F2:E8
 ```
-
-Verify this fingerprint when installing via Obtainium to ensure authenticity.
diff --git a/docker-compose.dev.yml b/docker-compose.dev.yml
new file mode 100644
index 0000000..5675109
--- /dev/null
+++ b/docker-compose.dev.yml
@@ -0,0 +1,40 @@
+services:
+  sup-server:
+    build: ./server
+    ports:
+      - '8080:8080'
+    environment:
+      - PORT=8080
+      - API_KEY=${API_KEY:-}
+      - VERBOSE=${VERBOSE:-false}
+    volumes:
+      - signal-data:/root/.local/share/signal-cli
+    restart: unless-stopped
+
+  protonmail-bridge:
+    image: shenxn/protonmail-bridge:build
+    container_name: protonmail-bridge
+    profiles: ['protonmail']
+    volumes:
+      - proton-bridge-data:/root
+      - /tmp/bridge-updates:/root/.local/share/protonmail/bridge-v3/updates:ro # Disable auto-updates
+    restart: unless-stopped
+
+  sup-proton-bridge:
+    build: ./proton-bridge
+    container_name: sup-proton-bridge
+    profiles: ['protonmail']
+    depends_on:
+      - sup-server
+      - protonmail-bridge
+    environment:
+      - BRIDGE_IMAP_USERNAME=${BRIDGE_IMAP_USERNAME}
+      - BRIDGE_IMAP_PASSWORD=${BRIDGE_IMAP_PASSWORD}
+      - SUP_API_KEY=${API_KEY}
+      - SUP_TOPIC=${SUP_TOPIC:-Proton Mail}
+      - VERBOSE=${VERBOSE:-false}
+    restart: unless-stopped
+
+volumes:
+  signal-data:
+  proton-bridge-data:
diff --git a/docker-compose.yml b/docker-compose.yml
index 5675109..e01df69 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,6 +1,6 @@
 services:
   sup-server:
-    build: ./server
+    image: ghcr.io/lone-cloud/sup-server:latest
     ports:
       - '8080:8080'
     environment:
@@ -21,7 +21,7 @@ services:
     restart: unless-stopped
 
   sup-proton-bridge:
-    build: ./proton-bridge
+    image: ghcr.io/lone-cloud/sup-proton-bridge:latest
     container_name: sup-proton-bridge
     profiles: ['protonmail']
     depends_on:
diff --git a/package.json b/package.json
index 8b3708f..1bbf883 100644
--- a/package.json
+++ b/package.json
@@ -23,7 +23,8 @@
     "android:build": "bun run scripts/test-android-build.ts",
     "android:release": "bun run scripts/release-android.ts",
     "android:deps": "bun run scripts/check-android-deps.ts",
-    "android:lockfile": "bun run scripts/update-android-lockfile.ts"
+    "android:lockfile": "bun run scripts/update-android-lockfile.ts",
+    "docker:release": "bun run scripts/release-docker.ts"
   },
   "devDependencies": {
     "@biomejs/biome": "^2.3.11",
diff --git a/scripts/release-docker.ts b/scripts/release-docker.ts
new file mode 100644
index 0000000..642165f
--- /dev/null
+++ b/scripts/release-docker.ts
@@ -0,0 +1,51 @@
+import { $ } from 'bun';
+
+const service = process.argv[2];
+
+if (!service || !['server', 'bridge'].includes(service)) {
+  console.error('Usage: bun run docker:release <service>');
+  console.error('Example: bun run docker:release server');
+  console.error('         bun run docker:release bridge');
+  process.exit(1);
+}
+
+const registry = 'ghcr.io/lone-cloud';
+const config = service === 'server'
+  ? { name: 'sup-server', path: './server' }
+  : { name: 'sup-proton-bridge', path: './proton-bridge' };
+
+try {
+  // Read version from package.json
+  const packageJson = await Bun.file(`${config.path}/package.json`).json();
+  const version = `v${packageJson.version}`;
+  
+  console.log(`🚀 Releasing ${config.name} ${version}...`);
+  
+  const fullName = `${registry}/${config.name}`;
+  
+  console.log(`\n📦 Building ${config.name}...`);
+  await $`docker build -t ${fullName}:${version} -t ${fullName}:latest ${config.path}`;
+  console.log(`✓ Built ${config.name}`);
+
+  console.log(`📤 Pushing ${fullName}:${version}...`);
+  await $`docker push ${fullName}:${version}`;
+  console.log(`✓ Pushed ${fullName}:${version}`);
+
+  console.log(`📤 Pushing ${fullName}:latest...`);
+  await $`docker push ${fullName}:latest`;
+  console.log(`✓ Pushed ${fullName}:latest`);
+
+  console.log(`
+✨ ${config.name} ${version} released successfully!
+
+Images pushed:
+  - ${fullName}:${version}
+  - ${fullName}:latest
+
+Users can now pull with:
+  docker compose pull
+`);
+} catch (error) {
+  console.error('❌ Release failed:', error);
+  process.exit(1);
+}
diff --git a/server/Dockerfile b/server/Dockerfile
index 9dc964a..1bb4d34 100644
--- a/server/Dockerfile
+++ b/server/Dockerfile
@@ -11,7 +11,7 @@ RUN bun build --compile src/server.ts --outfile sup-server
 
 FROM alpine:3.21
 
-RUN apk add --no-cache openjdk25-jre
+RUN apk add --no-cache openjdk21-jre
 
 COPY --from=builder /app/sup-server /usr/local/bin/sup-server
 COPY --from=builder /app/signal-cli /usr/local/bin/signal-cli