Stirling-PDF/Dockerfile.ultra-lite

# use alpine
FROM alpine:3.21.2@sha256:56fa17d2a7e7f168a043a2712e63aed1f8543aeafdcee47c58dcffe38ed51099

ARG VERSION_TAG

# Set Environment Variables
ENV DOCKER_ENABLE_SECURITY=false \
    HOME=/home/stirlingpdfuser \
    VERSION_TAG=$VERSION_TAG \
    JAVA_TOOL_OPTIONS="-XX:+UnlockExperimentalVMOptions \
    -XX:MaxRAMPercentage=75 \
    -XX:InitiatingHeapOccupancyPercent=20 \
    -XX:+G1PeriodicGCInvokesConcurrent \
    -XX:G1PeriodicGCInterval=10000 \
    -XX:+UseStringDeduplication \
    -XX:G1PeriodicGCSystemLoadThreshold=70" \
    PUID=1000 \
    PGID=1000 \
    UMASK=022

# Copy necessary files
COPY scripts/download-security-jar.sh /scripts/download-security-jar.sh
COPY scripts/init-without-ocr.sh /scripts/init-without-ocr.sh
COPY scripts/installFonts.sh /scripts/installFonts.sh
COPY pipeline /pipeline
COPY build/libs/*.jar app.jar

# Set up necessary directories and permissions
RUN echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/main" | tee -a /etc/apk/repositories && \
    echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/community" | tee -a /etc/apk/repositories && \
    echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/testing" | tee -a /etc/apk/repositories && \
    apk upgrade --no-cache -a && \
    apk add --no-cache \
        ca-certificates \
        tzdata \
        tini \
        bash \
        curl \
        shadow \
        su-exec \
        openjdk21-jre && \
    # User permissions
    mkdir -p /configs /logs /customFiles /usr/share/fonts/opentype/noto && \
    chmod +x /scripts/*.sh && \
    addgroup -S stirlingpdfgroup && adduser -S stirlingpdfuser -G stirlingpdfgroup && \
    chown -R stirlingpdfuser:stirlingpdfgroup $HOME /scripts  /configs /customFiles /pipeline && \
    chown stirlingpdfuser:stirlingpdfgroup /app.jar

# Set environment variables
ENV ENDPOINTS_GROUPS_TO_REMOVE=CLI

EXPOSE 8080/tcp

# Run the application
ENTRYPOINT ["tini", "--", "/scripts/init-without-ocr.sh"]
CMD ["java", "-Dfile.encoding=UTF-8", "-jar", "/app.jar"]
switch images to alpine Signed-off-by: Zoey <zoey@z0ey.de> 2023-12-31 15:54:34 +01:00			`# use alpine`
[Snyk] Security upgrade alpine from 3.20.3 to 3.21.2 (#2669) ![snyk-top-banner](https://redirect.github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123) ### Snyk has created this PR to fix 1 vulnerabilities in the dockerfile dependencies of this project. Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image. #### Snyk changed the following file(s): - `Dockerfile` We recommend upgrading to `alpine:3.21.2`, as this image has only 0 known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected. #### Vulnerabilities that will be fixed with an upgrade: \| \| Issue \| Score \| :-------------------------:\|:-------------------------\|:------------------------- ![low severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/l.png 'low severity') \| CVE-2024-9143 <br/>[SNYK-ALPINE320-OPENSSL-8235201](https://snyk.io/vuln/SNYK-ALPINE320-OPENSSL-8235201) \|   54   ![low severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/l.png 'low severity') \| CVE-2024-9143 <br/>[SNYK-ALPINE320-OPENSSL-8235201](https://snyk.io/vuln/SNYK-ALPINE320-OPENSSL-8235201) \|   54   --- > [!IMPORTANT] > > - Check the changes in this PR to ensure they won't cause issues with your project. > - Max score is 1000. Note that the real score may have changed since the PR was raised. > - This PR was automatically created by Snyk using the credentials of a real user. --- Note: _You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs._ For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiJhYmYwMzliMi05OTRlLTRkMmMtYWZjOS04YzIwNWYxOWUwNTQiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6ImFiZjAzOWIyLTk5NGUtNGQyYy1hZmM5LThjMjA1ZjE5ZTA1NCJ9fQ==" width="0" height="0"/> 🧐 [View latest project report](https://app.snyk.io/org/frooodle/project/6c268b92-2569-4b08-8058-1f8f5d4acd0d?utm_source=github&utm_medium=referral&page=fix-pr) 📜 [Customise PR templates](https://docs.snyk.io/scan-using-snyk/pull-requests/snyk-fix-pull-or-merge-requests/customize-pr-templates?utm_source=github&utm_content=fix-pr-template) 🛠 [Adjust project settings](https://app.snyk.io/org/frooodle/project/6c268b92-2569-4b08-8058-1f8f5d4acd0d?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read about Snyk's upgrade logic](https://docs.snyk.io/scan-with-snyk/snyk-open-source/manage-vulnerabilities/upgrade-package-versions-to-fix-vulnerabilities?utm_source=github&utm_content=fix-pr-template) --- Learn how to fix vulnerabilities with free interactive lessons: 🦉 [Learn about vulnerability in an interactive lesson of Snyk Learn.](https://learn.snyk.io/?loc=fix-pr) [//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"alpine","from":"3.20.3","to":"3.21.2"}],"env":"prod","issuesToFix":["SNYK-ALPINE320-OPENSSL-8235201","SNYK-ALPINE320-OPENSSL-8235201"],"prId":"abf039b2-994e-4d2c-afc9-8c205f19e054","prPublicId":"abf039b2-994e-4d2c-afc9-8c205f19e054","packageManager":"dockerfile","priorityScoreList":[54],"projectPublicId":"6c268b92-2569-4b08-8058-1f8f5d4acd0d","projectUrl":"https://app.snyk.io/org/frooodle/project/6c268b92-2569-4b08-8058-1f8f5d4acd0d?utm_source=github&utm_medium=referral&page=fix-pr","prType":"fix","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":["updated-fix-title","priorityScore"],"type":"auto","upgrade":["SNYK-ALPINE320-OPENSSL-8235201","SNYK-ALPINE320-OPENSSL-8235201"],"vulns":["SNYK-ALPINE320-OPENSSL-8235201"],"patch":[],"isBreakingChange":false,"remediationStrategy":"vuln"}' --------- Co-authored-by: snyk-bot <snyk-bot@snyk.io> 2025-01-12 16:53:10 +01:00			`FROM alpine:3.21.2@sha256:56fa17d2a7e7f168a043a2712e63aed1f8543aeafdcee47c58dcffe38ed51099`
lots of stuff 2023-05-18 00:58:15 +02:00
ARG VERSION_TAG 2023-12-18 17:39:26 +01:00			`ARG VERSION_TAG`

security 2023-09-04 19:42:22 +02:00			`# Set Environment Variables`
Update Dockerfile-ultra-lite login 2023-12-16 11:11:34 +01:00			`ENV DOCKER_ENABLE_SECURITY=false \`
security 2023-09-04 19:42:22 +02:00			`HOME=/home/stirlingpdfuser \`
MaxRAMPercentage 75 for #540 2023-12-28 18:49:45 +01:00			`VERSION_TAG=$VERSION_TAG \`
Test cleanup, JVM GC and api (#2787) # Description of Changes Please provide a summary of the changes, including: - What was changed - Why the change was made - Any challenges encountered Closes #(issue_number) --- ## Checklist ### General - [ ] I have read the [Contribution Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) - [ ] I have read the [Stirling-PDF Developer Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/DeveloperGuide.md) (if applicable) - [ ] I have read the [How to add new languages to Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/HowToAddNewLanguage.md) (if applicable) - [ ] I have performed a self-review of my own code - [ ] My changes generate no new warnings ### Documentation - [ ] I have updated relevant docs on [Stirling-PDF's doc repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/) (if functionality has heavily changed) - [ ] I have read the section [Add New Translation Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/HowToAddNewLanguage.md#add-new-translation-tags) (for new translation tags only) ### UI Changes (if applicable) - [ ] Screenshots or videos demonstrating the UI changes are attached (e.g., as comments or direct attachments in the PR) ### Testing (if applicable) - [ ] I have tested my changes locally. Refer to the [Testing Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/DeveloperGuide.md#6-testing) for more details. --------- Co-authored-by: a <a> 2025-01-26 14:10:16 +01:00			`JAVA_TOOL_OPTIONS="-XX:+UnlockExperimentalVMOptions \`
			`-XX:MaxRAMPercentage=75 \`
			`-XX:InitiatingHeapOccupancyPercent=20 \`
			`-XX:+G1PeriodicGCInvokesConcurrent \`
			`-XX:G1PeriodicGCInterval=10000 \`
			`-XX:+UseStringDeduplication \`
			`-XX:G1PeriodicGCSystemLoadThreshold=70" \`
update to alpine v3.20.0 (3/3) 2024-05-23 00:03:00 +02:00			`PUID=1000 \`
Custom uid (#883) * init * user and pass to just pass lang update * session management fixes and avoid demo user locking * fix for UMASK and extract cleanups 2024-03-08 21:49:19 +01:00			`PGID=1000 \`
			`UMASK=022`
security 2023-09-04 19:42:22 +02:00
switch images to alpine Signed-off-by: Zoey <zoey@z0ey.de> 2023-12-31 15:54:34 +01:00			`# Copy necessary files`
			`COPY scripts/download-security-jar.sh /scripts/download-security-jar.sh`
			`COPY scripts/init-without-ocr.sh /scripts/init-without-ocr.sh`
Fix startup errors on ultra-lite image (#1950) * Add installFonts.sh to ultra-lite image Signed-off-by: yubiuser <github@yubiuser.dev> * Create /usr/share/fonts/opentype/noto on ultra-lite images Signed-off-by: yubiuser <github@yubiuser.dev> --------- Signed-off-by: yubiuser <github@yubiuser.dev> 2024-09-22 22:25:38 +02:00			`COPY scripts/installFonts.sh /scripts/installFonts.sh`
switch images to alpine Signed-off-by: Zoey <zoey@z0ey.de> 2023-12-31 15:54:34 +01:00			`COPY pipeline /pipeline`
			`COPY build/libs/*.jar app.jar`

security 2023-09-04 19:42:22 +02:00			`# Set up necessary directories and permissions`
update to alpine v3.20.0 (3/3) 2024-05-23 00:03:00 +02:00			`RUN echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/main" \| tee -a /etc/apk/repositories && \`
			`echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/community" \| tee -a /etc/apk/repositories && \`
			`echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/testing" \| tee -a /etc/apk/repositories && \`
			`apk upgrade --no-cache -a && \`
switch images to alpine Signed-off-by: Zoey <zoey@z0ey.de> 2023-12-31 15:54:34 +01:00			`apk add --no-cache \`
			`ca-certificates \`
			`tzdata \`
			`tini \`
			`bash \`
fix some things 2023-12-31 17:14:55 +01:00			`curl \`
fixes for user permissions (#892) 2024-03-09 15:03:46 +01:00			`shadow \`
update to alpine v3.20.0 (3/3) 2024-05-23 00:03:00 +02:00			`su-exec \`
logging for #1024 and jdk bump 2024-05-17 20:18:57 +02:00			`openjdk21-jre && \`
non root user and fix book/html calibre (#856) * non root user and fix book/html calibre * version bump * Update docker-compose-latest.yml * remove customApp --------- Co-authored-by: systo <systo@host.docker.internal> 2024-03-04 21:51:49 +01:00			`# User permissions`
Fix startup errors on ultra-lite image (#1950) * Add installFonts.sh to ultra-lite image Signed-off-by: yubiuser <github@yubiuser.dev> * Create /usr/share/fonts/opentype/noto on ultra-lite images Signed-off-by: yubiuser <github@yubiuser.dev> --------- Signed-off-by: yubiuser <github@yubiuser.dev> 2024-09-22 22:25:38 +02:00			`mkdir -p /configs /logs /customFiles /usr/share/fonts/opentype/noto && \`
update to alpine v3.20.0 (3/3) 2024-05-23 00:03:00 +02:00			`chmod +x /scripts/*.sh && \`
non root user and fix book/html calibre (#856) * non root user and fix book/html calibre * version bump * Update docker-compose-latest.yml * remove customApp --------- Co-authored-by: systo <systo@host.docker.internal> 2024-03-04 21:51:49 +01:00			`addgroup -S stirlingpdfgroup && adduser -S stirlingpdfuser -G stirlingpdfgroup && \`
			`chown -R stirlingpdfuser:stirlingpdfgroup $HOME /scripts /configs /customFiles /pipeline && \`
Fix startup errors on ultra-lite image (#1950) * Add installFonts.sh to ultra-lite image Signed-off-by: yubiuser <github@yubiuser.dev> * Create /usr/share/fonts/opentype/noto on ultra-lite images Signed-off-by: yubiuser <github@yubiuser.dev> --------- Signed-off-by: yubiuser <github@yubiuser.dev> 2024-09-22 22:25:38 +02:00			`chown stirlingpdfuser:stirlingpdfgroup /app.jar`
lots of stuff 2023-05-18 00:58:15 +02:00
			`# Set environment variables`
security 2023-09-04 19:42:22 +02:00			`ENV ENDPOINTS_GROUPS_TO_REMOVE=CLI`
Update Dockerfile-ultra-lite login 2023-12-16 11:11:34 +01:00
update to alpine v3.20.0 (3/3) 2024-05-23 00:03:00 +02:00			`EXPOSE 8080/tcp`
lots of stuff 2023-05-18 00:58:15 +02:00
			`# Run the application`
update to alpine v3.20.0 (3/3) 2024-05-23 00:03:00 +02:00			`ENTRYPOINT ["tini", "--", "/scripts/init-without-ocr.sh"]`
Set java file.encoding to support non-latin customizations with UI_APPNAME, UI_HOMEDESCRIPTION, etc 2023-12-29 10:35:02 +01:00			`CMD ["java", "-Dfile.encoding=UTF-8", "-jar", "/app.jar"]`