From 2a1dad80f025044167404b92e64fba1282517ea3 Mon Sep 17 00:00:00 2001 From: Anthony Stirling <77850077+Frooodle@users.noreply.github.com.> Date: Sun, 22 Dec 2024 11:17:22 +0000 Subject: [PATCH 1/7] rename --- .github/workflows/push-docker.yml | 6 +++--- DeveloperGuide.md | 8 ++++---- Dockerfile-fat => Dockerfile.fat | 2 +- Dockerfile-ultra-lite => Dockerfile.ultra-lite | 2 +- .../SPDF/config/security/CustomLogoutSuccessHandler.java | 6 +++--- .../SPDF/controller/web/AccountWebController.java | 4 ++-- test.sh | 6 +++--- test2.sh | 2 +- 8 files changed, 18 insertions(+), 18 deletions(-) rename Dockerfile-fat => Dockerfile.fat (96%) rename Dockerfile-ultra-lite => Dockerfile.ultra-lite (94%) diff --git a/.github/workflows/push-docker.yml b/.github/workflows/push-docker.yml index 2ca9a14de91..531abf41f63 100644 --- a/.github/workflows/push-docker.yml +++ b/.github/workflows/push-docker.yml @@ -102,12 +102,12 @@ jobs: type=raw,value=${{ steps.versionNumber.outputs.versionNumber }}-ultra-lite,enable=${{ github.ref == 'refs/heads/master' }} type=raw,value=latest-ultra-lite,enable=${{ github.ref == 'refs/heads/master' }} - - name: Build and push Dockerfile-ultra-lite + - name: Build and push Dockerfile ultra-lite uses: docker/build-push-action@v6 if: github.ref != 'refs/heads/main' with: context: . - file: ./Dockerfile-ultra-lite + file: ./Dockerfile.ultra-lite push: true cache-from: type=gha cache-to: type=gha,mode=max @@ -136,7 +136,7 @@ jobs: with: builder: ${{ steps.buildx.outputs.name }} context: . - file: ./Dockerfile-fat + file: ./Dockerfile.fat push: true cache-from: type=gha cache-to: type=gha,mode=max diff --git a/DeveloperGuide.md b/DeveloperGuide.md index 66b1751e193..1a43b6412e4 100644 --- a/DeveloperGuide.md +++ b/DeveloperGuide.md @@ -86,8 +86,8 @@ Stirling-PDF/ │ └── SPDF/ ├── build.gradle # Gradle build configuration ├── Dockerfile # Main Dockerfile -├── Dockerfile-ultra-lite # Dockerfile for ultra-lite version -├── Dockerfile-fat # Dockerfile for fat version +├── Dockerfile.ultra-lite # Dockerfile for ultra-lite version +├── Dockerfile.fat # Dockerfile for fat version ├── docker-compose.yml # Docker Compose configuration └── test.sh # Test script to deploy all docker versions and run cuke tests ``` @@ -179,14 +179,14 @@ Stirling-PDF uses different Docker images for various configurations. The build For the ultra-lite version: ```bash - docker build --no-cache --pull --build-arg VERSION_TAG=alpha -t stirlingtools/stirling-pdf:latest-ultra-lite -f ./Dockerfile-ultra-lite . + docker build --no-cache --pull --build-arg VERSION_TAG=alpha -t stirlingtools/stirling-pdf:latest-ultra-lite -f ./Dockerfile.ultra-lite . ``` For the fat version (with security enabled): ```bash export DOCKER_ENABLE_SECURITY=true - docker build --no-cache --pull --build-arg VERSION_TAG=alpha -t stirlingtools/stirling-pdf:latest-fat -f ./Dockerfile-fat . + docker build --no-cache --pull --build-arg VERSION_TAG=alpha -t stirlingtools/stirling-pdf:latest-fat -f ./Dockerfile.fat . ``` Note: The `--no-cache` and `--pull` flags ensure that the build process uses the latest base images and doesn't use cached layers, which is useful for testing and ensuring reproducible builds. however to improve build times these can often be removed depending on your usecase diff --git a/Dockerfile-fat b/Dockerfile.fat similarity index 96% rename from Dockerfile-fat rename to Dockerfile.fat index d34c7daa440..6720bf9b613 100644 --- a/Dockerfile-fat +++ b/Dockerfile.fat @@ -12,7 +12,7 @@ RUN DOCKER_ENABLE_SECURITY=true \ ./gradlew clean build # Main stage -FROM alpine:3.20.3 +FROM alpine:3.21.0@sha256:21dc6063fd678b478f57c0e13f47560d0ea4eeba26dfc947b2a4f81f686b9f45 # Copy necessary files COPY scripts /scripts diff --git a/Dockerfile-ultra-lite b/Dockerfile.ultra-lite similarity index 94% rename from Dockerfile-ultra-lite rename to Dockerfile.ultra-lite index 09e4a5a38e8..4953f338a4b 100644 --- a/Dockerfile-ultra-lite +++ b/Dockerfile.ultra-lite @@ -1,5 +1,5 @@ # use alpine -FROM alpine:3.21.0 +FROM alpine:3.21.0@sha256:21dc6063fd678b478f57c0e13f47560d0ea4eeba26dfc947b2a4f81f686b9f45 ARG VERSION_TAG diff --git a/src/main/java/stirling/software/SPDF/config/security/CustomLogoutSuccessHandler.java b/src/main/java/stirling/software/SPDF/config/security/CustomLogoutSuccessHandler.java index 8d5aa76d015..2d0228648c6 100644 --- a/src/main/java/stirling/software/SPDF/config/security/CustomLogoutSuccessHandler.java +++ b/src/main/java/stirling/software/SPDF/config/security/CustomLogoutSuccessHandler.java @@ -219,9 +219,9 @@ private void getRedirect_oauth2( // "https://accounts.google.com/Logout?continue=https://appengine.google.com/_ah/logout?continue=" // + response.encodeRedirectURL(redirect_url); log.info("Google does not have a specific logout URL"); - // log.info("Redirecting to Google logout URL: " + googleLogoutUrl); - // response.sendRedirect(googleLogoutUrl); - // break; + // log.info("Redirecting to Google logout URL: " + googleLogoutUrl); + // response.sendRedirect(googleLogoutUrl); + // break; default: String defaultRedirectUrl = request.getContextPath() + "/login?" + param; log.info("Redirecting to default logout URL: " + defaultRedirectUrl); diff --git a/src/main/java/stirling/software/SPDF/controller/web/AccountWebController.java b/src/main/java/stirling/software/SPDF/controller/web/AccountWebController.java index b46290201d3..3e478af2560 100644 --- a/src/main/java/stirling/software/SPDF/controller/web/AccountWebController.java +++ b/src/main/java/stirling/software/SPDF/controller/web/AccountWebController.java @@ -167,8 +167,8 @@ public String login(HttpServletRequest request, Model model, Authentication auth case "invalid_destination": erroroauth = "login.invalid_destination"; break; - // Valid InResponseTo was not available from the validation context, unable to - // evaluate + // Valid InResponseTo was not available from the validation context, unable to + // evaluate case "invalid_in_response_to": erroroauth = "login.invalid_in_response_to"; break; diff --git a/test.sh b/test.sh index 2ad2590544c..d789c6be7d8 100644 --- a/test.sh +++ b/test.sh @@ -74,7 +74,7 @@ main() { # Building Docker images # docker build --no-cache --pull --build-arg VERSION_TAG=alpha -t stirlingtools/stirling-pdf:latest -f ./Dockerfile . - # docker build --no-cache --pull --build-arg VERSION_TAG=alpha -t stirlingtools/stirling-pdf:latest-ultra-lite -f ./Dockerfile-ultra-lite . + # docker build --no-cache --pull --build-arg VERSION_TAG=alpha -t stirlingtools/stirling-pdf:latest-ultra-lite -f ./Dockerfile.ultra-lite . # Test each configuration #run_tests "Stirling-PDF-Ultra-Lite" "./exampleYmlFiles/docker-compose-latest-ultra-lite.yml" @@ -94,8 +94,8 @@ main() { # Building Docker images with security enabled # docker build --no-cache --pull --build-arg VERSION_TAG=alpha -t stirlingtools/stirling-pdf:latest -f ./Dockerfile . - # docker build --no-cache --pull --build-arg VERSION_TAG=alpha -t stirlingtools/stirling-pdf:latest-ultra-lite -f ./Dockerfile-ultra-lite . - docker build --no-cache --pull --build-arg VERSION_TAG=alpha -t stirlingtools/stirling-pdf:latest-fat -f ./Dockerfile-fat . + # docker build --no-cache --pull --build-arg VERSION_TAG=alpha -t stirlingtools/stirling-pdf:latest-ultra-lite -f ./Dockerfile.ultra-lite . + docker build --no-cache --pull --build-arg VERSION_TAG=alpha -t stirlingtools/stirling-pdf:latest-fat -f ./Dockerfile.fat . # Test each configuration with security diff --git a/test2.sh b/test2.sh index 61db7993146..b33d2df8c16 100644 --- a/test2.sh +++ b/test2.sh @@ -65,7 +65,7 @@ build_and_test() { dockerfile_name="./Dockerfile" ;; ultra-lite) - dockerfile_name="./Dockerfile-ultra-lite" + dockerfile_name="./Dockerfile.ultra-lite" ;; esac From f4ae4ac5c4c899e8d1b12a0d82a38e91128cfb99 Mon Sep 17 00:00:00 2001 From: Anthony Stirling <77850077+Frooodle@users.noreply.github.com.> Date: Sun, 22 Dec 2024 11:20:46 +0000 Subject: [PATCH 2/7] reremove --- Dockerfile-fat | 95 ------------------------------------------- Dockerfile-ultra-lite | 62 ---------------------------- 2 files changed, 157 deletions(-) delete mode 100644 Dockerfile-fat delete mode 100644 Dockerfile-ultra-lite diff --git a/Dockerfile-fat b/Dockerfile-fat deleted file mode 100644 index 2d9cc944b8d..00000000000 --- a/Dockerfile-fat +++ /dev/null @@ -1,95 +0,0 @@ -# Build the application -FROM gradle:8.12-jdk17 AS build - -# Set the working directory -WORKDIR /app - -# Copy the entire project to the working directory -COPY . . - -# Build the application with DOCKER_ENABLE_SECURITY=false -RUN DOCKER_ENABLE_SECURITY=true \ -./gradlew clean build - -# Main stage -FROM alpine:3.21.0@sha256:21dc6063fd678b478f57c0e13f47560d0ea4eeba26dfc947b2a4f81f686b9f45 - -# Copy necessary files -COPY scripts /scripts -COPY pipeline /pipeline -COPY src/main/resources/static/fonts/*.ttf /usr/share/fonts/opentype/noto/ -COPY --from=build /app/build/libs/*.jar app.jar - -ARG VERSION_TAG - -LABEL org.opencontainers.image.title="Stirling-PDF" -LABEL org.opencontainers.image.description="A powerful locally hosted web-based PDF manipulation tool supporting 50+ operations including merging, splitting, conversion, OCR, watermarking, and more." -LABEL org.opencontainers.image.source="https://github.com/Stirling-Tools/Stirling-PDF" -LABEL org.opencontainers.image.licenses="MIT" -LABEL org.opencontainers.image.vendor="Stirling-Tools" -LABEL org.opencontainers.image.url="https://www.stirlingpdf.com" -LABEL org.opencontainers.image.documentation="https://docs.stirlingpdf.com" -LABEL maintainer="Stirling-Tools" -LABEL org.opencontainers.image.authors="Stirling-Tools" -LABEL org.opencontainers.image.version="${VERSION_TAG}" -LABEL org.opencontainers.image.keywords="PDF, manipulation, merge, split, convert, OCR, watermark" - -# Set Environment Variables -ENV DOCKER_ENABLE_SECURITY=false \ - VERSION_TAG=$VERSION_TAG \ - JAVA_TOOL_OPTIONS="$JAVA_TOOL_OPTIONS -XX:MaxRAMPercentage=75" \ - HOME=/home/stirlingpdfuser \ - PUID=1000 \ - PGID=1000 \ - UMASK=022 \ - FAT_DOCKER=true \ - INSTALL_BOOK_AND_ADVANCED_HTML_OPS=false - - -# JDK for app -RUN echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/main" | tee -a /etc/apk/repositories && \ - echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/community" | tee -a /etc/apk/repositories && \ - echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/testing" | tee -a /etc/apk/repositories && \ - apk upgrade --no-cache -a && \ - apk add --no-cache \ - ca-certificates \ - tzdata \ - tini \ - bash \ - curl \ - shadow \ - su-exec \ - openssl \ - openssl-dev \ - openjdk21-jre \ -# Doc conversion - libreoffice \ -# pdftohtml - poppler-utils \ -# OCR MY PDF (unpaper for descew and other advanced featues) - qpdf \ - tesseract-ocr-data-eng \ - font-terminus font-dejavu font-noto font-noto-cjk font-awesome font-noto-extra \ -# CV - py3-opencv \ -# python3/pip - python3 \ - py3-pip && \ -# uno unoconv and HTML - pip install --break-system-packages --no-cache-dir --upgrade unoconv WeasyPrint pdf2image pillow && \ - mv /usr/share/tessdata /usr/share/tessdata-original && \ - mkdir -p $HOME /configs /logs /customFiles /pipeline/watchedFolders /pipeline/finishedFolders && \ - fc-cache -f -v && \ - chmod +x /scripts/* && \ - chmod +x /scripts/init.sh && \ -# User permissions - addgroup -S stirlingpdfgroup && adduser -S stirlingpdfuser -G stirlingpdfgroup && \ - chown -R stirlingpdfuser:stirlingpdfgroup $HOME /scripts /usr/share/fonts/opentype/noto /configs /customFiles /pipeline && \ - chown stirlingpdfuser:stirlingpdfgroup /app.jar && \ - tesseract --list-langs - -EXPOSE 8080/tcp - -# Set user and run command -ENTRYPOINT ["tini", "--", "/scripts/init.sh"] -CMD ["java", "-Dfile.encoding=UTF-8", "-jar", "/app.jar"] diff --git a/Dockerfile-ultra-lite b/Dockerfile-ultra-lite deleted file mode 100644 index 1d87253d824..00000000000 --- a/Dockerfile-ultra-lite +++ /dev/null @@ -1,62 +0,0 @@ -# use alpine -FROM alpine:3.21.0@sha256:21dc6063fd678b478f57c0e13f47560d0ea4eeba26dfc947b2a4f81f686b9f45 - -ARG VERSION_TAG - -LABEL org.opencontainers.image.title="Stirling-PDF" -LABEL org.opencontainers.image.description="A powerful locally hosted web-based PDF manipulation tool supporting 50+ operations including merging, splitting, conversion, OCR, watermarking, and more." -LABEL org.opencontainers.image.source="https://github.com/Stirling-Tools/Stirling-PDF" -LABEL org.opencontainers.image.licenses="MIT" -LABEL org.opencontainers.image.vendor="Stirling-Tools" -LABEL org.opencontainers.image.url="https://www.stirlingpdf.com" -LABEL org.opencontainers.image.documentation="https://docs.stirlingpdf.com" -LABEL maintainer="Stirling-Tools" -LABEL org.opencontainers.image.authors="Stirling-Tools" -LABEL org.opencontainers.image.version="${VERSION_TAG}" -LABEL org.opencontainers.image.keywords="PDF, manipulation, merge, split, convert, OCR, watermark" - -# Set Environment Variables -ENV DOCKER_ENABLE_SECURITY=false \ - HOME=/home/stirlingpdfuser \ - VERSION_TAG=$VERSION_TAG \ - JAVA_TOOL_OPTIONS="$JAVA_TOOL_OPTIONS -XX:MaxRAMPercentage=75" \ - PUID=1000 \ - PGID=1000 \ - UMASK=022 - -# Copy necessary files -COPY scripts/download-security-jar.sh /scripts/download-security-jar.sh -COPY scripts/init-without-ocr.sh /scripts/init-without-ocr.sh -COPY scripts/installFonts.sh /scripts/installFonts.sh -COPY pipeline /pipeline -COPY build/libs/*.jar app.jar - -# Set up necessary directories and permissions -RUN echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/main" | tee -a /etc/apk/repositories && \ - echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/community" | tee -a /etc/apk/repositories && \ - echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/testing" | tee -a /etc/apk/repositories && \ - apk upgrade --no-cache -a && \ - apk add --no-cache \ - ca-certificates \ - tzdata \ - tini \ - bash \ - curl \ - shadow \ - su-exec \ - openjdk21-jre && \ - # User permissions - mkdir -p /configs /logs /customFiles /usr/share/fonts/opentype/noto && \ - chmod +x /scripts/*.sh && \ - addgroup -S stirlingpdfgroup && adduser -S stirlingpdfuser -G stirlingpdfgroup && \ - chown -R stirlingpdfuser:stirlingpdfgroup $HOME /scripts /configs /customFiles /pipeline && \ - chown stirlingpdfuser:stirlingpdfgroup /app.jar - -# Set environment variables -ENV ENDPOINTS_GROUPS_TO_REMOVE=CLI - -EXPOSE 8080/tcp - -# Run the application -ENTRYPOINT ["tini", "--", "/scripts/init-without-ocr.sh"] -CMD ["java", "-Dfile.encoding=UTF-8", "-jar", "/app.jar"] From 34ddc298cf7f100f26f2f5d3e8aec547fc0481ae Mon Sep 17 00:00:00 2001 From: Anthony Stirling <77850077+Frooodle@users.noreply.github.com.> Date: Sun, 22 Dec 2024 11:48:06 +0000 Subject: [PATCH 3/7] test --- .github/workflows/push-docker.yml | 46 +++++++++++++++++-------------- 1 file changed, 25 insertions(+), 21 deletions(-) diff --git a/.github/workflows/push-docker.yml b/.github/workflows/push-docker.yml index a98608303ff..b26619cdab0 100644 --- a/.github/workflows/push-docker.yml +++ b/.github/workflows/push-docker.yml @@ -5,7 +5,7 @@ on: push: branches: - master - - main + - docker-rename permissions: contents: read @@ -85,9 +85,9 @@ jobs: tags: | type=raw,value=${{ steps.versionNumber.outputs.versionNumber }},enable=${{ github.ref == 'refs/heads/master' }} type=raw,value=latest,enable=${{ github.ref == 'refs/heads/master' }} - type=raw,value=alpha,enable=${{ github.ref == 'refs/heads/main' }} + type=raw,value=alpha,enable=${{ github.ref == 'refs/heads/docker-rename' }} - - name: Build and push main Dockerfile + - name: Build and push docker-rename Dockerfile id: build-push-regular uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 with: @@ -108,33 +108,33 @@ jobs: env: DIGEST: ${{ steps.build-push-regular.outputs.digest }} TAGS: ${{ steps.meta.outputs.tags }} + COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }} + COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} run: | # Always sign images regardless of branch echo "$TAGS" | tr ',' '\n' | while read -r tag; do cosign sign --yes \ - --identity-token ${ACTIONS_ID_TOKEN_REQUEST_TOKEN} \ - --force \ + --key env://COSIGN_PRIVATE_KEY \ "${tag}@${DIGEST}" done - - # For alpha builds specifically - if [[ "${{ github.ref }}" == "refs/heads/main" ]]; then + + # For alpha builds specifically, we want to ensure they're marked as development builds + if [[ "${{ github.ref }}" == "refs/heads/docker-rename" ]]; then echo "Signing alpha build with development attestation" echo "$TAGS" | tr ',' '\n' | while read -r tag; do if [[ $tag == *":alpha" ]]; then - cosign attest --yes \ - --identity-token ${ACTIONS_ID_TOKEN_REQUEST_TOKEN} \ - --force \ + cosign attest --key env://COSIGN_PRIVATE_KEY \ --predicate <(echo '{"type":"development"}') \ - "${tag}@${DIGEST}" + --yes "${tag}@${DIGEST}" fi done fi + - name: Generate tags ultra-lite id: meta2 uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1 - if: github.ref != 'refs/heads/main' + if: github.ref != 'refs/heads/docker-rename' with: images: | ${{ secrets.DOCKER_HUB_USERNAME }}/s-pdf @@ -148,7 +148,7 @@ jobs: - name: Build and push Dockerfile-ultra-lite id: build-push-lite uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 - if: github.ref != 'refs/heads/main' + if: github.ref != 'refs/heads/docker-rename' with: context: . file: ./Dockerfile.ultra-lite @@ -163,19 +163,21 @@ jobs: sbom: true - name: Sign ultra-lite images - if: github.ref != 'refs/heads/main' + if: github.ref != 'refs/heads/docker-rename' env: DIGEST: ${{ steps.build-push-lite.outputs.digest }} TAGS: ${{ steps.meta2.outputs.tags }} + COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }} + COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} run: | echo "$TAGS" | tr ',' '\n' | while read -r tag; do - cosign sign --yes "${tag}@${DIGEST}" + cosign sign --key env://COSIGN_PRIVATE_KEY --yes "${tag}@${DIGEST}" done - name: Generate tags fat id: meta3 uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1 - if: github.ref != 'refs/heads/main' + if: github.ref != 'refs/heads/docker-rename' with: images: | ${{ secrets.DOCKER_HUB_USERNAME }}/s-pdf @@ -186,10 +188,10 @@ jobs: type=raw,value=${{ steps.versionNumber.outputs.versionNumber }}-fat,enable=${{ github.ref == 'refs/heads/master' }} type=raw,value=latest-fat,enable=${{ github.ref == 'refs/heads/master' }} - - name: Build and push main Dockerfile fat + - name: Build and push docker-rename Dockerfile fat id: build-push-fat uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 - if: github.ref != 'refs/heads/main' + if: github.ref != 'refs/heads/docker-rename' with: builder: ${{ steps.buildx.outputs.name }} context: . @@ -205,11 +207,13 @@ jobs: sbom: true - name: Sign fat images - if: github.ref != 'refs/heads/main' + if: github.ref != 'refs/heads/docker-rename' env: DIGEST: ${{ steps.build-push-fat.outputs.digest }} TAGS: ${{ steps.meta3.outputs.tags }} + COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }} + COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} run: | echo "$TAGS" | tr ',' '\n' | while read -r tag; do - cosign sign --yes "${tag}@${DIGEST}" + cosign sign --key env://COSIGN_PRIVATE_KEY --yes "${tag}@${DIGEST}" done From 341a234b7c86668b191d0fb9bcf129a8aee61644 Mon Sep 17 00:00:00 2001 From: Anthony Stirling <77850077+Frooodle@users.noreply.github.com.> Date: Sun, 22 Dec 2024 11:55:40 +0000 Subject: [PATCH 4/7] quick fix --- Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Dockerfile b/Dockerfile index 63953434988..84f096ce154 100644 --- a/Dockerfile +++ b/Dockerfile @@ -37,6 +37,7 @@ RUN echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/main" | tee -a /et echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/community" | tee -a /etc/apk/repositories && \ echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/testing" | tee -a /etc/apk/repositories && \ apk upgrade --no-cache -a && \ + mkdir -p /usr/share/tessdata && \ apk add --no-cache \ ca-certificates \ tzdata \ From 5c1abdd49e5fd7a74c691d41c640dc595d44aac4 Mon Sep 17 00:00:00 2001 From: Anthony Stirling <77850077+Frooodle@users.noreply.github.com.> Date: Sun, 22 Dec 2024 12:00:52 +0000 Subject: [PATCH 5/7] fix --- Dockerfile | 4 +--- Dockerfile.fat | 3 +-- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index 84f096ce154..a5879b815be 100644 --- a/Dockerfile +++ b/Dockerfile @@ -37,7 +37,6 @@ RUN echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/main" | tee -a /et echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/community" | tee -a /etc/apk/repositories && \ echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/testing" | tee -a /etc/apk/repositories && \ apk upgrade --no-cache -a && \ - mkdir -p /usr/share/tessdata && \ apk add --no-cache \ ca-certificates \ tzdata \ @@ -71,8 +70,7 @@ RUN echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/main" | tee -a /et # User permissions addgroup -S stirlingpdfgroup && adduser -S stirlingpdfuser -G stirlingpdfgroup && \ chown -R stirlingpdfuser:stirlingpdfgroup $HOME /scripts /usr/share/fonts/opentype/noto /configs /customFiles /pipeline && \ - chown stirlingpdfuser:stirlingpdfgroup /app.jar && \ - tesseract --list-langs + chown stirlingpdfuser:stirlingpdfgroup /app.jar EXPOSE 8080/tcp diff --git a/Dockerfile.fat b/Dockerfile.fat index 6720bf9b613..9ae22f39b41 100644 --- a/Dockerfile.fat +++ b/Dockerfile.fat @@ -73,8 +73,7 @@ RUN echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/main" | tee -a /et # User permissions addgroup -S stirlingpdfgroup && adduser -S stirlingpdfuser -G stirlingpdfgroup && \ chown -R stirlingpdfuser:stirlingpdfgroup $HOME /scripts /usr/share/fonts/opentype/noto /configs /customFiles /pipeline && \ - chown stirlingpdfuser:stirlingpdfgroup /app.jar && \ - tesseract --list-langs + chown stirlingpdfuser:stirlingpdfgroup /app.jar EXPOSE 8080/tcp From a0f3d7b7d4d522f9acb8a0a88943e8c3a311a409 Mon Sep 17 00:00:00 2001 From: Anthony Stirling <77850077+Frooodle@users.noreply.github.com> Date: Sun, 22 Dec 2024 12:41:53 +0000 Subject: [PATCH 6/7] Update push-docker.yml --- .github/workflows/push-docker.yml | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/.github/workflows/push-docker.yml b/.github/workflows/push-docker.yml index b26619cdab0..590e90cfa56 100644 --- a/.github/workflows/push-docker.yml +++ b/.github/workflows/push-docker.yml @@ -5,7 +5,7 @@ on: push: branches: - master - - docker-rename + - main permissions: contents: read @@ -85,9 +85,9 @@ jobs: tags: | type=raw,value=${{ steps.versionNumber.outputs.versionNumber }},enable=${{ github.ref == 'refs/heads/master' }} type=raw,value=latest,enable=${{ github.ref == 'refs/heads/master' }} - type=raw,value=alpha,enable=${{ github.ref == 'refs/heads/docker-rename' }} + type=raw,value=alpha,enable=${{ github.ref == 'refs/heads/main' }} - - name: Build and push docker-rename Dockerfile + - name: Build and push main Dockerfile id: build-push-regular uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 with: @@ -119,7 +119,7 @@ jobs: done # For alpha builds specifically, we want to ensure they're marked as development builds - if [[ "${{ github.ref }}" == "refs/heads/docker-rename" ]]; then + if [[ "${{ github.ref }}" == "refs/heads/main" ]]; then echo "Signing alpha build with development attestation" echo "$TAGS" | tr ',' '\n' | while read -r tag; do if [[ $tag == *":alpha" ]]; then @@ -134,7 +134,7 @@ jobs: - name: Generate tags ultra-lite id: meta2 uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1 - if: github.ref != 'refs/heads/docker-rename' + if: github.ref != 'refs/heads/main' with: images: | ${{ secrets.DOCKER_HUB_USERNAME }}/s-pdf @@ -148,7 +148,7 @@ jobs: - name: Build and push Dockerfile-ultra-lite id: build-push-lite uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 - if: github.ref != 'refs/heads/docker-rename' + if: github.ref != 'refs/heads/main' with: context: . file: ./Dockerfile.ultra-lite @@ -163,7 +163,7 @@ jobs: sbom: true - name: Sign ultra-lite images - if: github.ref != 'refs/heads/docker-rename' + if: github.ref != 'refs/heads/main' env: DIGEST: ${{ steps.build-push-lite.outputs.digest }} TAGS: ${{ steps.meta2.outputs.tags }} @@ -177,7 +177,7 @@ jobs: - name: Generate tags fat id: meta3 uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1 - if: github.ref != 'refs/heads/docker-rename' + if: github.ref != 'refs/heads/main' with: images: | ${{ secrets.DOCKER_HUB_USERNAME }}/s-pdf @@ -188,10 +188,10 @@ jobs: type=raw,value=${{ steps.versionNumber.outputs.versionNumber }}-fat,enable=${{ github.ref == 'refs/heads/master' }} type=raw,value=latest-fat,enable=${{ github.ref == 'refs/heads/master' }} - - name: Build and push docker-rename Dockerfile fat + - name: Build and push main Dockerfile fat id: build-push-fat uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 - if: github.ref != 'refs/heads/docker-rename' + if: github.ref != 'refs/heads/main' with: builder: ${{ steps.buildx.outputs.name }} context: . @@ -207,7 +207,7 @@ jobs: sbom: true - name: Sign fat images - if: github.ref != 'refs/heads/docker-rename' + if: github.ref != 'refs/heads/main' env: DIGEST: ${{ steps.build-push-fat.outputs.digest }} TAGS: ${{ steps.meta3.outputs.tags }} From 73ee9651a3738eeed61f28502b291cd6a47c2bf0 Mon Sep 17 00:00:00 2001 From: Anthony Stirling <77850077+Frooodle@users.noreply.github.com.> Date: Sun, 22 Dec 2024 13:37:41 +0000 Subject: [PATCH 7/7] 3.21.0 py3-opencv requires python 4.10 which means broken --- Dockerfile | 2 +- Dockerfile.fat | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index a5879b815be..900f4a40b52 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ # Main stage -FROM alpine:3.21.0@sha256:21dc6063fd678b478f57c0e13f47560d0ea4eeba26dfc947b2a4f81f686b9f45 +FROM alpine:3.20.3 # Copy necessary files COPY scripts /scripts diff --git a/Dockerfile.fat b/Dockerfile.fat index 9ae22f39b41..1ee201763c9 100644 --- a/Dockerfile.fat +++ b/Dockerfile.fat @@ -12,7 +12,7 @@ RUN DOCKER_ENABLE_SECURITY=true \ ./gradlew clean build # Main stage -FROM alpine:3.21.0@sha256:21dc6063fd678b478f57c0e13f47560d0ea4eeba26dfc947b2a4f81f686b9f45 +FROM alpine:3.20.3 # Copy necessary files COPY scripts /scripts