Stirling-Tools · Frooodle · Dec 22, 2024 · Dec 22, 2024 · Dec 22, 2024 · Dec 22, 2024
@@ -108,22 +108,29 @@ jobs:
         env:
           DIGEST: ${{ steps.build-push-regular.outputs.digest }}
           TAGS: ${{ steps.meta.outputs.tags }}
+          COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
+          COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
         run: |
           # Always sign images regardless of branch
           echo "$TAGS" | tr ',' '\n' | while read -r tag; do
-            cosign sign --yes "${tag}@${DIGEST}"
+            cosign sign --yes \
+              --key env://COSIGN_PRIVATE_KEY \
+              "${tag}@${DIGEST}"
           done
-
+          
           # For alpha builds specifically, we want to ensure they're marked as development builds
           if [[ "${{ github.ref }}" == "refs/heads/main" ]]; then
             echo "Signing alpha build with development attestation"
             echo "$TAGS" | tr ',' '\n' | while read -r tag; do
               if [[ $tag == *":alpha" ]]; then
-                cosign attest --predicate <(echo '{"type":"development"}') --yes "${tag}@${DIGEST}"
+                cosign attest --key env://COSIGN_PRIVATE_KEY \
+                  --predicate <(echo '{"type":"development"}') \
+                  --yes "${tag}@${DIGEST}"
               fi
             done
           fi
 
+
       - name: Generate tags ultra-lite
         id: meta2
         uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1
@@ -144,7 +151,7 @@ jobs:
         if: github.ref != 'refs/heads/main'
         with:
           context: .
-          file: ./Dockerfile-ultra-lite
+          file: ./Dockerfile.ultra-lite
           push: true
           cache-from: type=gha
           cache-to: type=gha,mode=max
@@ -160,9 +167,11 @@ jobs:
         env:
           DIGEST: ${{ steps.build-push-lite.outputs.digest }}
           TAGS: ${{ steps.meta2.outputs.tags }}
+          COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
+          COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
         run: |
           echo "$TAGS" | tr ',' '\n' | while read -r tag; do
-            cosign sign --yes "${tag}@${DIGEST}"
+            cosign sign --key env://COSIGN_PRIVATE_KEY --yes "${tag}@${DIGEST}"
           done
 
       - name: Generate tags fat
@@ -186,7 +195,7 @@ jobs:
         with:
           builder: ${{ steps.buildx.outputs.name }}
           context: .
-          file: ./Dockerfile-fat
+          file: ./Dockerfile.fat
           push: true
           cache-from: type=gha
           cache-to: type=gha,mode=max
@@ -202,7 +211,9 @@ jobs:
         env:
           DIGEST: ${{ steps.build-push-fat.outputs.digest }}
           TAGS: ${{ steps.meta3.outputs.tags }}
+          COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
+          COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
         run: |
           echo "$TAGS" | tr ',' '\n' | while read -r tag; do
-            cosign sign --yes "${tag}@${DIGEST}"
+            cosign sign --key env://COSIGN_PRIVATE_KEY --yes "${tag}@${DIGEST}"
           done
@@ -86,8 +86,8 @@ Stirling-PDF/
 │                   └── SPDF/
 ├── build.gradle           # Gradle build configuration
 ├── Dockerfile             # Main Dockerfile
-├── Dockerfile-ultra-lite  # Dockerfile for ultra-lite version
-├── Dockerfile-fat         # Dockerfile for fat version
+├── Dockerfile.ultra-lite  # Dockerfile for ultra-lite version
+├── Dockerfile.fat         # Dockerfile for fat version
 ├── docker-compose.yml     # Docker Compose configuration
 └── test.sh                # Test script to deploy all docker versions and run cuke tests
 ```
@@ -179,14 +179,14 @@ Stirling-PDF uses different Docker images for various configurations. The build
    For the ultra-lite version:
 
    ```bash
-   docker build --no-cache --pull --build-arg VERSION_TAG=alpha -t stirlingtools/stirling-pdf:latest-ultra-lite -f ./Dockerfile-ultra-lite .
+   docker build --no-cache --pull --build-arg VERSION_TAG=alpha -t stirlingtools/stirling-pdf:latest-ultra-lite -f ./Dockerfile.ultra-lite .
    ```
 
    For the fat version (with security enabled):
 
    ```bash
    export DOCKER_ENABLE_SECURITY=true
-   docker build --no-cache --pull --build-arg VERSION_TAG=alpha -t stirlingtools/stirling-pdf:latest-fat -f ./Dockerfile-fat .
+   docker build --no-cache --pull --build-arg VERSION_TAG=alpha -t stirlingtools/stirling-pdf:latest-fat -f ./Dockerfile.fat .
    ```
 
 Note: The `--no-cache` and `--pull` flags ensure that the build process uses the latest base images and doesn't use cached layers, which is useful for testing and ensuring reproducible builds. however to improve build times these can often be removed depending on your usecase

@@ -1,5 +1,5 @@
 # Main stage
-FROM alpine:3.21.0@sha256:21dc6063fd678b478f57c0e13f47560d0ea4eeba26dfc947b2a4f81f686b9f45
+FROM alpine:3.20.3
 
 # Copy necessary files
 COPY scripts /scripts
@@ -70,8 +70,7 @@ RUN echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/main" | tee -a /et
 # User permissions
     addgroup -S stirlingpdfgroup && adduser -S stirlingpdfuser -G stirlingpdfgroup && \
     chown -R stirlingpdfuser:stirlingpdfgroup $HOME /scripts /usr/share/fonts/opentype/noto /configs /customFiles /pipeline && \
-    chown stirlingpdfuser:stirlingpdfgroup /app.jar && \
-    tesseract --list-langs
+    chown stirlingpdfuser:stirlingpdfgroup /app.jar
 
 EXPOSE 8080/tcp
 

@@ -1,5 +1,5 @@
 # Build the application
-FROM gradle:8.12-jdk17 AS build
+FROM gradle:8.11-jdk17 AS build
 
 # Set the working directory
 WORKDIR /app
@@ -12,7 +12,7 @@ RUN DOCKER_ENABLE_SECURITY=true \
 ./gradlew clean build
 
 # Main stage
-FROM alpine:3.21.0@sha256:21dc6063fd678b478f57c0e13f47560d0ea4eeba26dfc947b2a4f81f686b9f45
+FROM alpine:3.20.3
 
 # Copy necessary files
 COPY scripts /scripts
@@ -22,18 +22,6 @@ COPY --from=build /app/build/libs/*.jar app.jar
 
 ARG VERSION_TAG
 
-LABEL org.opencontainers.image.title="Stirling-PDF"
-LABEL org.opencontainers.image.description="A powerful locally hosted web-based PDF manipulation tool supporting 50+ operations including merging, splitting, conversion, OCR, watermarking, and more."
-LABEL org.opencontainers.image.source="https://github.com/Stirling-Tools/Stirling-PDF"
-LABEL org.opencontainers.image.licenses="MIT"
-LABEL org.opencontainers.image.vendor="Stirling-Tools"
-LABEL org.opencontainers.image.url="https://www.stirlingpdf.com"
-LABEL org.opencontainers.image.documentation="https://docs.stirlingpdf.com"
-LABEL maintainer="Stirling-Tools"
-LABEL org.opencontainers.image.authors="Stirling-Tools"
-LABEL org.opencontainers.image.version="${VERSION_TAG}"
-LABEL org.opencontainers.image.keywords="PDF, manipulation, merge, split, convert, OCR, watermark"
-
 # Set Environment Variables
 ENV DOCKER_ENABLE_SECURITY=false \
     VERSION_TAG=$VERSION_TAG \
@@ -85,8 +73,7 @@ RUN echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/main" | tee -a /et
 # User permissions
     addgroup -S stirlingpdfgroup && adduser -S stirlingpdfuser -G stirlingpdfgroup && \
     chown -R stirlingpdfuser:stirlingpdfgroup $HOME /scripts /usr/share/fonts/opentype/noto /configs /customFiles /pipeline && \
-    chown stirlingpdfuser:stirlingpdfgroup /app.jar && \
-    tesseract --list-langs
+    chown stirlingpdfuser:stirlingpdfgroup /app.jar
 
 EXPOSE 8080/tcp
 

@@ -3,18 +3,6 @@ FROM alpine:3.21.0@sha256:21dc6063fd678b478f57c0e13f47560d0ea4eeba26dfc947b2a4f8
 
 ARG VERSION_TAG
 
-LABEL org.opencontainers.image.title="Stirling-PDF"
-LABEL org.opencontainers.image.description="A powerful locally hosted web-based PDF manipulation tool supporting 50+ operations including merging, splitting, conversion, OCR, watermarking, and more."
-LABEL org.opencontainers.image.source="https://github.com/Stirling-Tools/Stirling-PDF"
-LABEL org.opencontainers.image.licenses="MIT"
-LABEL org.opencontainers.image.vendor="Stirling-Tools"
-LABEL org.opencontainers.image.url="https://www.stirlingpdf.com"
-LABEL org.opencontainers.image.documentation="https://docs.stirlingpdf.com"
-LABEL maintainer="Stirling-Tools"
-LABEL org.opencontainers.image.authors="Stirling-Tools"
-LABEL org.opencontainers.image.version="${VERSION_TAG}"
-LABEL org.opencontainers.image.keywords="PDF, manipulation, merge, split, convert, OCR, watermark"
-
 # Set Environment Variables
 ENV DOCKER_ENABLE_SECURITY=false \
     HOME=/home/stirlingpdfuser \

@@ -219,9 +219,9 @@ private void getRedirect_oauth2(
                 // "https://accounts.google.com/Logout?continue=https://appengine.google.com/_ah/logout?continue="
                 //                 + response.encodeRedirectURL(redirect_url);
                 log.info("Google does not have a specific logout URL");
-                // log.info("Redirecting to Google logout URL: " + googleLogoutUrl);
-                // response.sendRedirect(googleLogoutUrl);
-                // break;
+            // log.info("Redirecting to Google logout URL: " + googleLogoutUrl);
+            // response.sendRedirect(googleLogoutUrl);
+            // break;
             default:
                 String defaultRedirectUrl = request.getContextPath() + "/login?" + param;
                 log.info("Redirecting to default logout URL: " + defaultRedirectUrl);

@@ -167,8 +167,8 @@ public String login(HttpServletRequest request, Model model, Authentication auth
                 case "invalid_destination":
                     erroroauth = "login.invalid_destination";
                     break;
-                    // Valid InResponseTo was not available from the validation context, unable to
-                    // evaluate
+                // Valid InResponseTo was not available from the validation context, unable to
+                // evaluate
                 case "invalid_in_response_to":
                     erroroauth = "login.invalid_in_response_to";
                     break;

@@ -74,7 +74,7 @@ main() {
 
     # Building Docker images
    # docker build --no-cache --pull --build-arg VERSION_TAG=alpha -t stirlingtools/stirling-pdf:latest -f ./Dockerfile .
-  # docker build --no-cache --pull --build-arg VERSION_TAG=alpha -t stirlingtools/stirling-pdf:latest-ultra-lite -f ./Dockerfile-ultra-lite .
+  # docker build --no-cache --pull --build-arg VERSION_TAG=alpha -t stirlingtools/stirling-pdf:latest-ultra-lite -f ./Dockerfile.ultra-lite .
 
     # Test each configuration
     #run_tests "Stirling-PDF-Ultra-Lite" "./exampleYmlFiles/docker-compose-latest-ultra-lite.yml"
@@ -94,8 +94,8 @@ main() {
 
     # Building Docker images with security enabled
    # docker build --no-cache --pull --build-arg VERSION_TAG=alpha -t stirlingtools/stirling-pdf:latest -f ./Dockerfile .
- #   docker build --no-cache --pull --build-arg VERSION_TAG=alpha -t stirlingtools/stirling-pdf:latest-ultra-lite -f ./Dockerfile-ultra-lite .
-    docker build --no-cache --pull --build-arg VERSION_TAG=alpha -t stirlingtools/stirling-pdf:latest-fat -f ./Dockerfile-fat .
+ #   docker build --no-cache --pull --build-arg VERSION_TAG=alpha -t stirlingtools/stirling-pdf:latest-ultra-lite -f ./Dockerfile.ultra-lite .
+    docker build --no-cache --pull --build-arg VERSION_TAG=alpha -t stirlingtools/stirling-pdf:latest-fat -f ./Dockerfile.fat .
 
 
     # Test each configuration with security

@@ -65,7 +65,7 @@ build_and_test() {
             dockerfile_name="./Dockerfile"
             ;;
         ultra-lite)
-            dockerfile_name="./Dockerfile-ultra-lite"
+            dockerfile_name="./Dockerfile.ultra-lite"
             ;;
     esac