From 15abef1b820581a1511192be3afef9bea61ab74e Mon Sep 17 00:00:00 2001 From: Anthony Stirling <77850077+Frooodle@users.noreply.github.com> Date: Sat, 21 Dec 2024 23:49:30 +0000 Subject: [PATCH 01/18] Update push-docker.yml --- .github/workflows/push-docker.yml | 55 +++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) diff --git a/.github/workflows/push-docker.yml b/.github/workflows/push-docker.yml index 45907e74..0d0d3ce1 100644 --- a/.github/workflows/push-docker.yml +++ b/.github/workflows/push-docker.yml @@ -10,6 +10,7 @@ on: permissions: contents: read packages: write + id-token: write jobs: push: @@ -37,6 +38,11 @@ jobs: env: DOCKER_ENABLE_SECURITY: false + - name: Install cosign + uses: sigstore/cosign-installer@v3.7.0 + with: + cosign-release: 'v2.4.1' + - name: Set up Docker Buildx id: buildx uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 @@ -80,6 +86,7 @@ jobs: type=raw,value=alpha,enable=${{ github.ref == 'refs/heads/main' }} - name: Build and push main Dockerfile + id: build-push-regular uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 with: builder: ${{ steps.buildx.outputs.name }} @@ -92,6 +99,28 @@ jobs: labels: ${{ steps.meta.outputs.labels }} build-args: VERSION_TAG=${{ steps.versionNumber.outputs.versionNumber }} platforms: linux/amd64,linux/arm64/v8 + provenance: true + sbom: true + + - name: Sign regular images + env: + DIGEST: ${{ steps.build-push-regular.outputs.digest }} + TAGS: ${{ steps.meta.outputs.tags }} + run: | + # Always sign images regardless of branch + echo "$TAGS" | tr ',' '\n' | while read -r tag; do + cosign sign --yes "${tag}@${DIGEST}" + done + + # For alpha builds specifically, we want to ensure they're marked as development builds + if [[ "${{ github.ref }}" == "refs/heads/main" ]]; then + echo "Signing alpha build with development attestation" + echo "$TAGS" | tr ',' '\n' | while read -r tag; do + if [[ $tag == *":alpha" ]]; then + cosign attest --predicate <(echo '{"type":"development"}') --yes "${tag}@${DIGEST}" + fi + done + fi - name: Generate tags ultra-lite id: meta2 @@ -108,6 +137,7 @@ jobs: type=raw,value=latest-ultra-lite,enable=${{ github.ref == 'refs/heads/master' }} - name: Build and push Dockerfile-ultra-lite + id: build-push-lite uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 if: github.ref != 'refs/heads/main' with: @@ -120,6 +150,18 @@ jobs: labels: ${{ steps.meta2.outputs.labels }} build-args: VERSION_TAG=${{ steps.versionNumber.outputs.versionNumber }} platforms: linux/amd64,linux/arm64/v8 + provenance: true + sbom: true + + - name: Sign ultra-lite images + if: github.ref != 'refs/heads/main' + env: + DIGEST: ${{ steps.build-push-lite.outputs.digest }} + TAGS: ${{ steps.meta2.outputs.tags }} + run: | + echo "$TAGS" | tr ',' '\n' | while read -r tag; do + cosign sign --yes "${tag}@${DIGEST}" + done - name: Generate tags fat id: meta3 @@ -136,6 +178,7 @@ jobs: type=raw,value=latest-fat,enable=${{ github.ref == 'refs/heads/master' }} - name: Build and push main Dockerfile fat + id: build-push-fat uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 if: github.ref != 'refs/heads/main' with: @@ -149,3 +192,15 @@ jobs: labels: ${{ steps.meta3.outputs.labels }} build-args: VERSION_TAG=${{ steps.versionNumber.outputs.versionNumber }} platforms: linux/amd64,linux/arm64/v8 + provenance: true + sbom: true + + - name: Sign fat images + if: github.ref != 'refs/heads/main' + env: + DIGEST: ${{ steps.build-push-fat.outputs.digest }} + TAGS: ${{ steps.meta3.outputs.tags }} + run: | + echo "$TAGS" | tr ',' '\n' | while read -r tag; do + cosign sign --yes "${tag}@${DIGEST}" + done From 4e45bae8567db3acffb8fe108819801dc8bd7fb7 Mon Sep 17 00:00:00 2001 From: Anthony Stirling <77850077+Frooodle@users.noreply.github.com> Date: Sun, 22 Dec 2024 00:09:52 +0000 Subject: [PATCH 02/18] Update Dockerfile --- Dockerfile | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/Dockerfile b/Dockerfile index 9577c9ca..0a17bb26 100644 --- a/Dockerfile +++ b/Dockerfile @@ -10,6 +10,18 @@ COPY build/libs/*.jar app.jar ARG VERSION_TAG +LABEL org.opencontainers.image.title="Stirling-PDF" +LABEL org.opencontainers.image.description="A powerful locally hosted web-based PDF manipulation tool supporting 35+ operations including merging, splitting, conversion, OCR, watermarking, and more." +LABEL org.opencontainers.image.source="https://github.com/Stirling-Tools/Stirling-PDF" +LABEL org.opencontainers.image.licenses="MIT" +LABEL org.opencontainers.image.vendor="Stirling-Tools" +LABEL org.opencontainers.image.url="https://www.stirlingpdf.com" +LABEL org.opencontainers.image.documentation="https://docs.stirlingpdf.com" +LABEL maintainer="Stirling-Tools" +LABEL org.opencontainers.image.authors="Stirling-Tools" +LABEL org.opencontainers.image.version="${VERSION_TAG}" +LABEL org.opencontainers.image.keywords="PDF, manipulation, merge, split, convert, OCR, watermark" + # Set Environment Variables ENV DOCKER_ENABLE_SECURITY=false \ VERSION_TAG=$VERSION_TAG \ @@ -19,6 +31,7 @@ ENV DOCKER_ENABLE_SECURITY=false \ PGID=1000 \ UMASK=022 + # JDK for app RUN echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/main" | tee -a /etc/apk/repositories && \ echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/community" | tee -a /etc/apk/repositories && \ From 974b947fc3375b7ddb9f4c498dd3bb70448b0ff8 Mon Sep 17 00:00:00 2001 From: Anthony Stirling <77850077+Frooodle@users.noreply.github.com> Date: Sun, 22 Dec 2024 00:10:31 +0000 Subject: [PATCH 03/18] Update Dockerfile-fat --- Dockerfile-fat | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/Dockerfile-fat b/Dockerfile-fat index c9641590..92a3837d 100644 --- a/Dockerfile-fat +++ b/Dockerfile-fat @@ -22,6 +22,18 @@ COPY --from=build /app/build/libs/*.jar app.jar ARG VERSION_TAG +LABEL org.opencontainers.image.title="Stirling-PDF" +LABEL org.opencontainers.image.description="A powerful locally hosted web-based PDF manipulation tool supporting 50+ operations including merging, splitting, conversion, OCR, watermarking, and more." +LABEL org.opencontainers.image.source="https://github.com/Stirling-Tools/Stirling-PDF" +LABEL org.opencontainers.image.licenses="MIT" +LABEL org.opencontainers.image.vendor="Stirling-Tools" +LABEL org.opencontainers.image.url="https://www.stirlingpdf.com" +LABEL org.opencontainers.image.documentation="https://docs.stirlingpdf.com" +LABEL maintainer="Stirling-Tools" +LABEL org.opencontainers.image.authors="Stirling-Tools" +LABEL org.opencontainers.image.version="${VERSION_TAG}" +LABEL org.opencontainers.image.keywords="PDF, manipulation, merge, split, convert, OCR, watermark" + # Set Environment Variables ENV DOCKER_ENABLE_SECURITY=false \ VERSION_TAG=$VERSION_TAG \ From fb6cefa301f2bf1d754f8c77a81b6e1f7a9a6136 Mon Sep 17 00:00:00 2001 From: Anthony Stirling <77850077+Frooodle@users.noreply.github.com> Date: Sun, 22 Dec 2024 00:10:48 +0000 Subject: [PATCH 04/18] Update Dockerfile-ultra-lite --- Dockerfile-ultra-lite | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/Dockerfile-ultra-lite b/Dockerfile-ultra-lite index 09e4a5a3..1aac6002 100644 --- a/Dockerfile-ultra-lite +++ b/Dockerfile-ultra-lite @@ -3,6 +3,18 @@ FROM alpine:3.21.0 ARG VERSION_TAG +LABEL org.opencontainers.image.title="Stirling-PDF" +LABEL org.opencontainers.image.description="A powerful locally hosted web-based PDF manipulation tool supporting 50+ operations including merging, splitting, conversion, OCR, watermarking, and more." +LABEL org.opencontainers.image.source="https://github.com/Stirling-Tools/Stirling-PDF" +LABEL org.opencontainers.image.licenses="MIT" +LABEL org.opencontainers.image.vendor="Stirling-Tools" +LABEL org.opencontainers.image.url="https://www.stirlingpdf.com" +LABEL org.opencontainers.image.documentation="https://docs.stirlingpdf.com" +LABEL maintainer="Stirling-Tools" +LABEL org.opencontainers.image.authors="Stirling-Tools" +LABEL org.opencontainers.image.version="${VERSION_TAG}" +LABEL org.opencontainers.image.keywords="PDF, manipulation, merge, split, convert, OCR, watermark" + # Set Environment Variables ENV DOCKER_ENABLE_SECURITY=false \ HOME=/home/stirlingpdfuser \ From 9820a3276d215a016574674cad46ac6ba4abb4c9 Mon Sep 17 00:00:00 2001 From: Anthony Stirling <77850077+Frooodle@users.noreply.github.com> Date: Sun, 22 Dec 2024 00:11:06 +0000 Subject: [PATCH 05/18] Update Dockerfile --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 0a17bb26..b1e958b7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -11,7 +11,7 @@ COPY build/libs/*.jar app.jar ARG VERSION_TAG LABEL org.opencontainers.image.title="Stirling-PDF" -LABEL org.opencontainers.image.description="A powerful locally hosted web-based PDF manipulation tool supporting 35+ operations including merging, splitting, conversion, OCR, watermarking, and more." +LABEL org.opencontainers.image.description="A powerful locally hosted web-based PDF manipulation tool supporting 50+ operations including merging, splitting, conversion, OCR, watermarking, and more." LABEL org.opencontainers.image.source="https://github.com/Stirling-Tools/Stirling-PDF" LABEL org.opencontainers.image.licenses="MIT" LABEL org.opencontainers.image.vendor="Stirling-Tools" From 6697cccfa9987879c873a63fe349ba4b41bd1045 Mon Sep 17 00:00:00 2001 From: Ludy87 Date: Sun, 22 Dec 2024 01:41:45 +0100 Subject: [PATCH 06/18] Bump peter-evans/create-pull-request from 6.1.0 to 7.0.5 --- .github/workflows/licenses-update.yml | 5 +++-- .github/workflows/sync_files.yml | 3 ++- .github/workflows/update-translations.yml | 2 +- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/.github/workflows/licenses-update.yml b/.github/workflows/licenses-update.yml index 8c1e1c29..409735c0 100644 --- a/.github/workflows/licenses-update.yml +++ b/.github/workflows/licenses-update.yml @@ -52,7 +52,7 @@ jobs: - name: Create Pull Request id: cpr if: env.CHANGES_DETECTED == 'true' - uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6.1.0 + uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5 with: token: ${{ secrets.GITHUB_TOKEN }} commit-message: "Update 3rd Party Licenses" @@ -65,9 +65,10 @@ jobs: Auto-generated by [create-pull-request][1] [1]: https://github.com/peter-evans/create-pull-request - labels: licenses + labels: licenses,github-actions draft: false delete-branch: true + sign-commits: true - name: Auto approve if: steps.cpr.outputs.pull-request-operation == 'created' diff --git a/.github/workflows/sync_files.yml b/.github/workflows/sync_files.yml index fc4a2fce..fbbb56ab 100644 --- a/.github/workflows/sync_files.yml +++ b/.github/workflows/sync_files.yml @@ -42,7 +42,7 @@ jobs: git diff --staged --quiet || git commit -m ":memo: Sync README > Made via sync_files.yml" || echo "no changes" - name: Create Pull Request - uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6.1.0 + uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5 with: token: ${{ secrets.GITHUB_TOKEN }} commit-message: Update files @@ -58,3 +58,4 @@ jobs: draft: false delete-branch: true labels: Documentation,Translation,github-actions + sign-commits: true diff --git a/.github/workflows/update-translations.yml b/.github/workflows/update-translations.yml index 141d9a72..c6b408c3 100644 --- a/.github/workflows/update-translations.yml +++ b/.github/workflows/update-translations.yml @@ -65,7 +65,7 @@ jobs: Auto-generated by [create-pull-request][1] [1]: https://github.com/peter-evans/create-pull-request - labels: Translation draft: false delete-branch: true + labels: Translation,github-actions sign-commits: true From 80f53e972aa83201c632304dee70b6a11e77850f Mon Sep 17 00:00:00 2001 From: Peter Dave Hello Date: Sun, 22 Dec 2024 06:10:58 +0800 Subject: [PATCH 07/18] Improve Markdown documentation a bit --- CONTRIBUTING.md | 10 +++++----- DeveloperGuide.md | 38 ++++++++++++++++++++------------------ HowToUseOCR.md | 3 ++- LocalRunGuide.md | 12 ++++++------ README.md | 35 ++++++++++++++++------------------- SECURITY.md | 2 +- Version-groups.md | 32 ++++++++++++++++---------------- 7 files changed, 66 insertions(+), 66 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 47f6215c..463cb433 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -18,9 +18,9 @@ For a detailed pull request tutorial, see [this guide](https://www.digitalocean. Please make sure your Pull Request adheres to the following guidelines: - Use the PR template provided. -- Keep your Pull Request title succinct, detailed and to the point. +- Keep your Pull Request title succinct, detailed, and to the point. - Keep commits atomic. One commit should contain one change. If you want to make multiple changes, submit multiple Pull Requests. -- Commits should be clear, concise and easy to understand. +- Commits should be clear, concise, and easy to understand. - References to the Issue number in the Pull Request and/or Commit message. ## Translations @@ -29,15 +29,15 @@ If you would like to add or modify a translation, please see [How to add new lan ## Docs -Documentation for Stirling-PDF is handled in a separate repository. Please see [Docs repository](https://github.com/Stirling-Tools/Stirling-Tools.github.io) or use "edit this page"-button at the bottom of each page at [https://docs.stirlingpdf.com/](https://docs.stirlingpdf.com/). +Documentation for Stirling-PDF is handled in a separate repository. Please see [Docs repository](https://github.com/Stirling-Tools/Stirling-Tools.github.io) or use the "edit this page"-button at the bottom of each page at [https://docs.stirlingpdf.com/](https://docs.stirlingpdf.com/). ## Fixing Bugs or Adding a New Feature First, make sure you've read the section [Pull Requests](#pull-requests). -To build from source, please follow this [Guide](LocalRunGuide.md). +To build from the source, please follow this [Guide](LocalRunGuide.md). -If, at any point of time, you have a question, please feel free to ask in the same issue thread or in our [Discord](https://discord.gg/FJUSXUSYec). +If, at any point in time, you have a question, please feel free to ask in the same issue thread or in our [Discord](https://discord.gg/FJUSXUSYec). ## License diff --git a/DeveloperGuide.md b/DeveloperGuide.md index 66b1751e..d9668279 100644 --- a/DeveloperGuide.md +++ b/DeveloperGuide.md @@ -2,7 +2,7 @@ ## 1. Introduction -Stirling-PDF is a robust, locally hosted web-based PDF manipulation tool. This guide focuses on Docker-based development and testing, which is the recommended approach for working with the full version of Stirling-PDF. +Stirling-PDF is a robust, locally hosted, web-based PDF manipulation tool. This guide focuses on Docker-based development and testing, which is the recommended approach for working with the full version of Stirling-PDF. ## 2. Project Overview @@ -25,7 +25,7 @@ Stirling-PDF is built using: - Docker - Git - Java JDK 17 or later -- Gradle 7.0 or later (Included within repo) +- Gradle 7.0 or later (Included within the repo) ### Setup Steps @@ -38,14 +38,14 @@ Stirling-PDF is built using: 2. Install Docker and JDK17 if not already installed. -3. Install a recommended Java IDE such as Eclipse, IntelliJ or VSCode +3. Install a recommended Java IDE such as Eclipse, IntelliJ, or VSCode 4. Lombok Setup Stirling-PDF uses Lombok to reduce boilerplate code. Some IDEs, like Eclipse, don't support Lombok out of the box. To set up Lombok in your development environment: Visit the [Lombok website](https://projectlombok.org/setup/) for installation instructions specific to your IDE. 5. Add environment variable -For local testing you should generally be testing the full 'Security' version of Stirling-PDF to do this you must add the environment flag DOCKER_ENABLE_SECURITY=true to your system and/or IDE build/run step +For local testing, you should generally be testing the full 'Security' version of Stirling-PDF. To do this, you must add the environment flag DOCKER_ENABLE_SECURITY=true to your system and/or IDE build/run step. ## 4. Project Structure @@ -102,7 +102,7 @@ Stirling-PDF offers several Docker versions: ### Example Docker Compose Files -Stirling-PDF provides several example Docker Compose files in the `exampleYmlFiles` directory such as : +Stirling-PDF provides several example Docker Compose files in the `exampleYmlFiles` directory, such as: - `docker-compose-latest.yml`: Latest version without security features - `docker-compose-latest-security.yml`: Latest version with security features enabled @@ -205,9 +205,9 @@ To run the test script: This script performs the following actions: -1. Builds all Docker images (full, ultra-lite, fat) -2. Runs each version to ensure it starts correctly -3. Executes Cucumber tests against main version and ensures feature compatibility, in the event these tests fail your PR will not be merged +1. Builds all Docker images (full, ultra-lite, fat). +2. Runs each version to ensure it starts correctly. +3. Executes Cucumber tests against the main version and ensures feature compatibility. In the event these tests fail, your PR will not be merged. Note: The `test.sh` script will run automatically when you raise a PR. However, it's recommended to run it locally first to save resources and catch any issues early. @@ -229,7 +229,7 @@ For quick iterations and development of Java backend, JavaScript, and UI compone To run Stirling-PDF locally: -1. Compile and run the project using built in IDE methods or by running: +1. Compile and run the project using built-in IDE methods or by running: ```bash ./gradlew bootRun @@ -261,7 +261,7 @@ Important notes: 6. Push your changes to your fork. 7. Submit a pull request to the main repository. -8. See additional [contributing guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) +8. See additional [contributing guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md). When you raise a PR: @@ -317,7 +317,7 @@ Remember to test your changes thoroughly to ensure they don't break any existing ### Overview of Thymeleaf -Thymeleaf is a server-side Java HTML template engine. It is used in Stirling-PDF to render dynamic web pages. Thymeleaf integrates heavily with Spring Boot +Thymeleaf is a server-side Java HTML template engine. It is used in Stirling-PDF to render dynamic web pages. Thymeleaf integrates heavily with Spring Boot. ### Thymeleaf overview @@ -327,22 +327,24 @@ Some examples of this are: ```html +``` or +```html ``` -Where it uses the th:block, th: indicating its a special thymeleaf element to be used serverside in generating the html, and block being the actual element type. -In this case we are inserting the ``navbar`` entry within the ``fragments/navbar.html`` fragment into the ``th:block`` element. +Where it uses the `th:block`, `th:` indicating it's a special Thymeleaf element to be used server-side in generating the HTML, and block being the actual element type. +In this case, we are inserting the `navbar` entry within the `fragments/navbar.html` fragment into the `th:block` element. -They can be more complex such as: +They can be more complex, such as: ```html ``` -Which is the same as above but passes the parameters title and header into the fragment common.html to be used in its HTML generation +Which is the same as above but passes the parameters title and header into the fragment `common.html` to be used in its HTML generation. -Thymeleaf can also be used to loop through objects or pass things from java side into html side. +Thymeleaf can also be used to loop through objects or pass things from the Java side into the HTML side. ```java @GetMapping @@ -352,7 +354,7 @@ Thymeleaf can also be used to loop through objects or pass things from java side } ``` -in above example if exampleData is a list of plain java objects of class Person and within it you had id, name, age etc. You can reference it like so +In the above example, if exampleData is a list of plain java objects of class Person and within it, you had id, name, age, etc. You can reference it like so ```html @@ -452,7 +454,7 @@ This would generate n entries of tr for each person in exampleData 1. **Create a New Thymeleaf Template:** - Create a new HTML file in the `src/main/resources/templates` directory. - Use Thymeleaf attributes to dynamically generate content. - - Use `extract-page.html` as a base example for the HTML template, useful to ensure importing of the general layout, navbar and footer. + - Use `extract-page.html` as a base example for the HTML template, which is useful to ensure importing of the general layout, navbar, and footer. ```html diff --git a/HowToUseOCR.md b/HowToUseOCR.md index 0a5cc94c..f529b72c 100644 --- a/HowToUseOCR.md +++ b/HowToUseOCR.md @@ -92,8 +92,9 @@ Verify installation: ``tesseract --list-langs`` You must then edit your ``/configs/settings.yml`` and change the system.tessdataDir to match the directory containing lang files + ``` system: tessdataDir: C:/Program Files/Tesseract-OCR/tessdata # path to the directory containing the Tessdata files. This setting is relevant for Windows systems. For Windows users, this path should be adjusted to point to the appropriate directory where the Tessdata files are stored. ``` - + \ No newline at end of file diff --git a/LocalRunGuide.md b/LocalRunGuide.md index 124cff9b..177299c6 100644 --- a/LocalRunGuide.md +++ b/LocalRunGuide.md @@ -13,7 +13,7 @@ You could theoretically use a Distrobox/Toolbox if your distribution has old or Install the following software, if not already installed: - Java 17 or later (21 recommended) -- Gradle 7.0 or later (included within repo so not needed on server) +- Gradle 7.0 or later (included within the repo, so not needed on the server) - Git - Python 3.8 (with pip) - Make @@ -32,7 +32,7 @@ sudo apt-get update sudo apt-get install -y git automake autoconf libtool libleptonica-dev pkg-config zlib1g-dev make g++ openjdk-21-jdk python3 python3-pip ``` -For Fedora-based systems use this command: +For Fedora-based systems, use this command: ```bash sudo dnf install -y git automake autoconf libtool leptonica-devel pkg-config zlib-devel make gcc-c++ java-21-openjdk python3 python3-pip @@ -68,7 +68,7 @@ nix-env -iA nixpkgs.jbig2enc ### Step 3: Install Additional Software -Next we need to install LibreOffice for conversions, qpdf for OCR, and OpenCV for pattern recognition functionality. +Next, we need to install LibreOffice for conversions, qpdf for OCR, and OpenCV for pattern recognition functionality. Install the following software: @@ -232,7 +232,7 @@ Terminal=true; EOF ``` -Note: Currently the app will run in the background until manually closed. +Note: Currently, the app will run in the background until it is manually closed. ### Optional: Changing the Host and Port of the Application @@ -251,7 +251,7 @@ server: ### Optional: Run Stirling-PDF as a Service (requires root) -First create a `.env` file, where you can store environment variables: +First, create a `.env` file, where you can store environment variables: ```bash touch /opt/Stirling-PDF/.env @@ -265,7 +265,7 @@ Create a new file where we store our service settings and open it with the nano nano /etc/systemd/system/stirlingpdf.service ``` -Paste this content, make sure to update the filename of the jar file. Press `Ctrl+S` and `Ctrl+X` to save and exit the nano editor: +Paste this content, and make sure to update the filename of the jar file. Press `Ctrl+S` and `Ctrl+X` to save and exit the nano editor: ```ini [Unit] diff --git a/README.md b/README.md index 5b879378..662fcb77 100644 --- a/README.md +++ b/README.md @@ -26,12 +26,11 @@ All files and PDFs exist either exclusively on the client side, reside in server - Optional Login and Authentication support (see [here](https://github.com/Stirling-Tools/Stirling-PDF/tree/main#login-authentication) for documentation) - Database Backup and Import (see [here](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/DATABASE.md) for documentation) - ## PDF Features ### Page Operations -- View and modify PDFs - View multi-page PDFs with custom viewing, sorting, and searching. Plus on-page edit features like annotate, draw, and adding text and images. (Using PDF.js with Joxit and Liberation fonts) +- View and modify PDFs - View multi-page PDFs with custom viewing, sorting, and searching. Plus, on-page edit features like annotating, drawing, and adding text and images. (Using PDF.js with Joxit and Liberation fonts) - Full interactive GUI for merging/splitting/rotating/moving PDFs and their pages - Merge multiple PDFs into a single resultant file - Split PDFs into multiple files at specified page numbers or extract all pages as individual files @@ -42,11 +41,11 @@ All files and PDFs exist either exclusively on the client side, reside in server - Scale page contents size by set percentage - Adjust contrast - Crop PDF -- Auto split PDF (with physically scanned page dividers) +- Auto-split PDF (with physically scanned page dividers) - Extract page(s) - Convert PDF to a single page - Overlay PDFs on top of each other -- PDF to single page +- PDF to a single page - Split PDF by sections ### Conversion Operations @@ -55,7 +54,7 @@ All files and PDFs exist either exclusively on the client side, reside in server - Convert any common file to PDF (using LibreOffice) - Convert PDF to Word/PowerPoint/others (using LibreOffice) - Convert HTML to PDF -- Convert PDF to xml +- Convert PDF to XML - Convert PDF to CSV - URL to PDF - Markdown to PDF @@ -83,9 +82,9 @@ All files and PDFs exist either exclusively on the client side, reside in server - Extract images from scans - Remove annotations - Add page numbers -- Auto rename file by detecting PDF header text -- OCR on PDF (using tesseract) -- PDF/A conversion (using libreoffice) +- Auto-rename files by detecting PDF header text +- OCR on PDF (using Tesseract OCR) +- PDF/A conversion (using LibreOffice) - Edit metadata - Flatten PDFs - Get all information on a PDF to view or export as JSON @@ -121,7 +120,7 @@ Please view the [LocalRunGuide](https://github.com/Stirling-Tools/Stirling-PDF/b > [!NOTE] > -Stirling-PDF has three different versions: a full version, an ultra-lite version, and a 'fat' version. Depending on the types of features you use, you may want a smaller image to save on space. To see what the different versions offer, please look at our [version mapping](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/Version-groups.md). For people that don't mind space optimization, just use the latest tag. +Stirling-PDF has three different versions: a full version, an ultra-lite version, and a 'fat' version. Depending on the types of features you use, you may want a smaller image to save on space. To see what the different versions offer, please look at our [version mapping](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/Version-groups.md). For people who don't mind space optimization, just use the latest tag. ![Docker Image Size (tag)](https://img.shields.io/docker/image-size/stirlingtools/stirling-pdf/latest?label=Stirling-PDF%20Full) ![Docker Image Size (tag)](https://img.shields.io/docker/image-size/stirlingtools/stirling-pdf/latest-ultra-lite?label=Stirling-PDF%20Ultra-Lite) @@ -178,7 +177,7 @@ Please view the [HowToUseOCR.md](https://github.com/Stirling-Tools/Stirling-PDF/ ## Reuse Stored Files -Certain functionality like `Sign` supports pre-saved files stored at `/customFiles/signatures/`. Image files placed within here will be accessible to be used via the web UI. Currently, this supports two folder types: +Certain functionality like `Sign` supports pre-saved files stored at `/customFiles/signatures/`. Image files placed here will be accessible via the web UI. Currently, this supports two folder types: - `/customFiles/signatures/ALL_USERS`: Accessible to all users, useful for organizations where many users use the same files or for users not using authentication - `/customFiles/signatures/{username}`: Such as `/customFiles/signatures/froodle`, accessible only to the `froodle` username, private for all others @@ -234,11 +233,11 @@ Please see our [Contributing Guide](CONTRIBUTING.md). ## Stirling PDF Enterprise -Stirling PDF offers a Enterprise edition of its software, This is the same great software but with added features and comforts +Stirling PDF offers an Enterprise edition of its software. This is the same great software but with added features and comforts. -### Whats included +### What's included -- Prioritised Support tickets via support@stirlingpdf.com to reach directly to Stirling-PDF team for support and 1:1 meetings where applicable (Provided they come from same email domain registered with us) +- Prioritized Support tickets via support@stirlingpdf.com to reach directly to Stirling-PDF team for support and 1:1 meetings where applicable (Provided they come from the same email domain registered with us) - Prioritised Enhancements to Stirling-PDF where applicable - Base SSO support - Advanced SSO such as automated login handling (Coming very soon) @@ -247,7 +246,7 @@ Stirling PDF offers a Enterprise edition of its software, This is the same great - Advanced user configurations (Coming soon) - Plus other exciting features to come -Check out of [docs](https://docs.stirlingpdf.com/Enterprise%20Edition) on it or our official [website](https://www.stirlingpdf.com) +Check out our [docs](https://docs.stirlingpdf.com/Enterprise%20Edition) on it or our official [website](https://www.stirlingpdf.com) ## Customization @@ -365,8 +364,6 @@ AutomaticallyGenerated: There is an additional config file `/configs/custom_settings.yml` where users familiar with Java and Spring `application.properties` can input their own settings on top of Stirling-PDF's existing ones. - - ### Extra Notes - **Endpoints**: Currently, the `ENDPOINTS_TO_REMOVE` and `GROUPS_TO_REMOVE` endpoints can include comma-separated lists of endpoints and groups to disable. For example, `ENDPOINTS_TO_REMOVE=img-to-pdf,remove-pages` would disable both image-to-pdf and remove pages, while `GROUPS_TO_REMOVE=LibreOffice` would disable all things that use LibreOffice. You can see a list of all endpoints and groups [here](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/Endpoint-groups.md). @@ -401,7 +398,7 @@ When you log in to Stirling-PDF, you will be redirected to the `/login` page to To access your account settings, go to Account Settings in the settings cog menu (top right in the navbar). This Account Settings menu is also where you find your API key. -To add new users, go to the bottom of Account Settings and hit 'Admin Settings'. Here you can add new users. The different roles mentioned within this are for rate limiting. This is a work in progress and will be expanded on more in the future. +To add new users, go to the bottom of Account Settings and hit 'Admin Settings'. Here, you can add new users. The different roles mentioned within this are for rate limiting. This is a work in progress and will be expanded on more in the future. For API usage, you must provide a header with `X-API-KEY` and the associated API key for that user. @@ -417,9 +414,9 @@ For API usage, you must provide a header with `X-API-KEY` and the associated API - Multi-page layout (stitch PDF pages together) support x rows y columns and custom page sizing - Fill forms manually or automatically -### Q2: Why is my application downloading .htm files? Why am i getting HTTP error 413? +### Q2: Why is my application downloading .htm files? Why am I getting HTTP error 413? -This is an issue commonly caused by your NGINX configuration. The default file upload size for NGINX is 1MB. You need to add the following in your Nginx sites-available file: `client_max_body_size SIZE;` (where "SIZE" is 50M for example for 50MB files). +This is an issue commonly caused by your NGINX configuration. The default file upload size for NGINX is 1MB. You need to add the following in your Nginx sites-available file: `client_max_body_size SIZE;` (where "SIZE" is 50M, for example, for 50MB files). ### Q3: Why is my download timing out? diff --git a/SECURITY.md b/SECURITY.md index e67cdce4..5f532aa7 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -8,7 +8,7 @@ The Stirling-PDF team takes security vulnerabilities seriously. We appreciate yo You can report security vulnerabilities through two channels: -1. **GitHub Security Advisory**: +1. **GitHub Security Advisory**: - Navigate to the [Security tab](https://github.com/Stirling-Tools/Stirling-PDF/security) in our repository - Click on "Report a vulnerability" - Provide a detailed description of the vulnerability diff --git a/Version-groups.md b/Version-groups.md index e7f5536c..c8f3aff8 100644 --- a/Version-groups.md +++ b/Version-groups.md @@ -1,14 +1,14 @@ -|All versions in a Docker environment can download Calibre as a optional extra at runtime to support `book-to-pdf` and `pdf-to-book` using parameter ``INSTALL_BOOK_AND_ADVANCED_HTML_OPS``. +All versions in a Docker environment can download Calibre as a optional extra at runtime to support `book-to-pdf` and `pdf-to-book` using parameter ``INSTALL_BOOK_AND_ADVANCED_HTML_OPS``. The 'Fat' container contains all those found in 'Full' with security jar along with this Calibre install. | Technology | Ultra-Lite | Full | | ---------- | :--------: | :---: | -| Java | ✔️ | ✔️ | -| JavaScript | ✔️ | ✔️ | +| Java | ✔️ | ✔️ | +| JavaScript | ✔️ | ✔️ | | Libre | | ✔️ | | Python | | ✔️ | | OpenCV | | ✔️ | -| qpdf | | ✔️ | +| qpdf | | ✔️ | | Operation | Ultra-Lite | Full | | ---------------------- | ---------- | ---- | @@ -54,15 +54,15 @@ The 'Fat' container contains all those found in 'Full' with security jar along w | ocr-pdf | | ✔️ | | pdf-to-pdfa | | ✔️ | | remove-blanks | | ✔️ | -pdf-to-text | ✔️ | ✔️ -pdf-to-html | | ✔️ -pdf-to-word | | ✔️ -pdf-to-presentation | | ✔️ -pdf-to-xml | | ✔️ -remove-annotations | ✔️ | ✔️ -remove-cert-sign | ✔️ | ✔️ -remove-image-pdf | ✔️ | ✔️ -file-to-pdf | | ✔️ -html-to-pdf | | ✔️ -url-to-pdf | | ✔️ -repair | | ✔️ +| pdf-to-text | ✔️ | ✔️ | +| pdf-to-html | | ✔️ | +| pdf-to-word | | ✔️ | +| pdf-to-presentation | | ✔️ | +| pdf-to-xml | | ✔️ | +| remove-annotations | ✔️ | ✔️ | +| remove-cert-sign | ✔️ | ✔️ | +| remove-image-pdf | ✔️ | ✔️ | +| file-to-pdf | | ✔️ | +| html-to-pdf | | ✔️ | +| url-to-pdf | | ✔️ | +| repair | | ✔️ | From b0881cdb4ca41bb73edfdc2841dede0eac5642be Mon Sep 17 00:00:00 2001 From: Peter Dave Hello Date: Sun, 22 Dec 2024 18:10:49 +0800 Subject: [PATCH 08/18] Standardize Alpine base image format and version across all Dockerfiles - Update all Dockerfiles to use `alpine:3.21.0` with SHA256 checksum - Ensure consistent image versioning, enhanced security, and reproducibility by explicitly specifying the digest. cc #2436 #2516 --- Dockerfile | 2 +- Dockerfile-fat | 2 +- Dockerfile-ultra-lite | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 9577c9ca..004ea9e8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ # Main stage -FROM alpine:3.20.3@sha256:1e42bbe2508154c9126d48c2b8a75420c3544343bf86fd041fb7527e017a4b4a +FROM alpine:3.21.0@sha256:21dc6063fd678b478f57c0e13f47560d0ea4eeba26dfc947b2a4f81f686b9f45 # Copy necessary files COPY scripts /scripts diff --git a/Dockerfile-fat b/Dockerfile-fat index c9641590..83996bef 100644 --- a/Dockerfile-fat +++ b/Dockerfile-fat @@ -12,7 +12,7 @@ RUN DOCKER_ENABLE_SECURITY=true \ ./gradlew clean build # Main stage -FROM alpine:3.20.3 +FROM alpine:3.21.0@sha256:21dc6063fd678b478f57c0e13f47560d0ea4eeba26dfc947b2a4f81f686b9f45 # Copy necessary files COPY scripts /scripts diff --git a/Dockerfile-ultra-lite b/Dockerfile-ultra-lite index 09e4a5a3..4953f338 100644 --- a/Dockerfile-ultra-lite +++ b/Dockerfile-ultra-lite @@ -1,5 +1,5 @@ # use alpine -FROM alpine:3.21.0 +FROM alpine:3.21.0@sha256:21dc6063fd678b478f57c0e13f47560d0ea4eeba26dfc947b2a4f81f686b9f45 ARG VERSION_TAG From 2a1dad80f025044167404b92e64fba1282517ea3 Mon Sep 17 00:00:00 2001 From: Anthony Stirling <77850077+Frooodle@users.noreply.github.com.> Date: Sun, 22 Dec 2024 11:17:22 +0000 Subject: [PATCH 09/18] rename --- .github/workflows/push-docker.yml | 6 +++--- DeveloperGuide.md | 8 ++++---- Dockerfile-fat => Dockerfile.fat | 2 +- Dockerfile-ultra-lite => Dockerfile.ultra-lite | 2 +- .../SPDF/config/security/CustomLogoutSuccessHandler.java | 6 +++--- .../SPDF/controller/web/AccountWebController.java | 4 ++-- test.sh | 6 +++--- test2.sh | 2 +- 8 files changed, 18 insertions(+), 18 deletions(-) rename Dockerfile-fat => Dockerfile.fat (96%) rename Dockerfile-ultra-lite => Dockerfile.ultra-lite (94%) diff --git a/.github/workflows/push-docker.yml b/.github/workflows/push-docker.yml index 2ca9a14d..531abf41 100644 --- a/.github/workflows/push-docker.yml +++ b/.github/workflows/push-docker.yml @@ -102,12 +102,12 @@ jobs: type=raw,value=${{ steps.versionNumber.outputs.versionNumber }}-ultra-lite,enable=${{ github.ref == 'refs/heads/master' }} type=raw,value=latest-ultra-lite,enable=${{ github.ref == 'refs/heads/master' }} - - name: Build and push Dockerfile-ultra-lite + - name: Build and push Dockerfile ultra-lite uses: docker/build-push-action@v6 if: github.ref != 'refs/heads/main' with: context: . - file: ./Dockerfile-ultra-lite + file: ./Dockerfile.ultra-lite push: true cache-from: type=gha cache-to: type=gha,mode=max @@ -136,7 +136,7 @@ jobs: with: builder: ${{ steps.buildx.outputs.name }} context: . - file: ./Dockerfile-fat + file: ./Dockerfile.fat push: true cache-from: type=gha cache-to: type=gha,mode=max diff --git a/DeveloperGuide.md b/DeveloperGuide.md index 66b1751e..1a43b641 100644 --- a/DeveloperGuide.md +++ b/DeveloperGuide.md @@ -86,8 +86,8 @@ Stirling-PDF/ │ └── SPDF/ ├── build.gradle # Gradle build configuration ├── Dockerfile # Main Dockerfile -├── Dockerfile-ultra-lite # Dockerfile for ultra-lite version -├── Dockerfile-fat # Dockerfile for fat version +├── Dockerfile.ultra-lite # Dockerfile for ultra-lite version +├── Dockerfile.fat # Dockerfile for fat version ├── docker-compose.yml # Docker Compose configuration └── test.sh # Test script to deploy all docker versions and run cuke tests ``` @@ -179,14 +179,14 @@ Stirling-PDF uses different Docker images for various configurations. The build For the ultra-lite version: ```bash - docker build --no-cache --pull --build-arg VERSION_TAG=alpha -t stirlingtools/stirling-pdf:latest-ultra-lite -f ./Dockerfile-ultra-lite . + docker build --no-cache --pull --build-arg VERSION_TAG=alpha -t stirlingtools/stirling-pdf:latest-ultra-lite -f ./Dockerfile.ultra-lite . ``` For the fat version (with security enabled): ```bash export DOCKER_ENABLE_SECURITY=true - docker build --no-cache --pull --build-arg VERSION_TAG=alpha -t stirlingtools/stirling-pdf:latest-fat -f ./Dockerfile-fat . + docker build --no-cache --pull --build-arg VERSION_TAG=alpha -t stirlingtools/stirling-pdf:latest-fat -f ./Dockerfile.fat . ``` Note: The `--no-cache` and `--pull` flags ensure that the build process uses the latest base images and doesn't use cached layers, which is useful for testing and ensuring reproducible builds. however to improve build times these can often be removed depending on your usecase diff --git a/Dockerfile-fat b/Dockerfile.fat similarity index 96% rename from Dockerfile-fat rename to Dockerfile.fat index d34c7daa..6720bf9b 100644 --- a/Dockerfile-fat +++ b/Dockerfile.fat @@ -12,7 +12,7 @@ RUN DOCKER_ENABLE_SECURITY=true \ ./gradlew clean build # Main stage -FROM alpine:3.20.3 +FROM alpine:3.21.0@sha256:21dc6063fd678b478f57c0e13f47560d0ea4eeba26dfc947b2a4f81f686b9f45 # Copy necessary files COPY scripts /scripts diff --git a/Dockerfile-ultra-lite b/Dockerfile.ultra-lite similarity index 94% rename from Dockerfile-ultra-lite rename to Dockerfile.ultra-lite index 09e4a5a3..4953f338 100644 --- a/Dockerfile-ultra-lite +++ b/Dockerfile.ultra-lite @@ -1,5 +1,5 @@ # use alpine -FROM alpine:3.21.0 +FROM alpine:3.21.0@sha256:21dc6063fd678b478f57c0e13f47560d0ea4eeba26dfc947b2a4f81f686b9f45 ARG VERSION_TAG diff --git a/src/main/java/stirling/software/SPDF/config/security/CustomLogoutSuccessHandler.java b/src/main/java/stirling/software/SPDF/config/security/CustomLogoutSuccessHandler.java index 8d5aa76d..2d022864 100644 --- a/src/main/java/stirling/software/SPDF/config/security/CustomLogoutSuccessHandler.java +++ b/src/main/java/stirling/software/SPDF/config/security/CustomLogoutSuccessHandler.java @@ -219,9 +219,9 @@ public class CustomLogoutSuccessHandler extends SimpleUrlLogoutSuccessHandler { // "https://accounts.google.com/Logout?continue=https://appengine.google.com/_ah/logout?continue=" // + response.encodeRedirectURL(redirect_url); log.info("Google does not have a specific logout URL"); - // log.info("Redirecting to Google logout URL: " + googleLogoutUrl); - // response.sendRedirect(googleLogoutUrl); - // break; + // log.info("Redirecting to Google logout URL: " + googleLogoutUrl); + // response.sendRedirect(googleLogoutUrl); + // break; default: String defaultRedirectUrl = request.getContextPath() + "/login?" + param; log.info("Redirecting to default logout URL: " + defaultRedirectUrl); diff --git a/src/main/java/stirling/software/SPDF/controller/web/AccountWebController.java b/src/main/java/stirling/software/SPDF/controller/web/AccountWebController.java index b4629020..3e478af2 100644 --- a/src/main/java/stirling/software/SPDF/controller/web/AccountWebController.java +++ b/src/main/java/stirling/software/SPDF/controller/web/AccountWebController.java @@ -167,8 +167,8 @@ public class AccountWebController { case "invalid_destination": erroroauth = "login.invalid_destination"; break; - // Valid InResponseTo was not available from the validation context, unable to - // evaluate + // Valid InResponseTo was not available from the validation context, unable to + // evaluate case "invalid_in_response_to": erroroauth = "login.invalid_in_response_to"; break; diff --git a/test.sh b/test.sh index 2ad25905..d789c6be 100644 --- a/test.sh +++ b/test.sh @@ -74,7 +74,7 @@ main() { # Building Docker images # docker build --no-cache --pull --build-arg VERSION_TAG=alpha -t stirlingtools/stirling-pdf:latest -f ./Dockerfile . - # docker build --no-cache --pull --build-arg VERSION_TAG=alpha -t stirlingtools/stirling-pdf:latest-ultra-lite -f ./Dockerfile-ultra-lite . + # docker build --no-cache --pull --build-arg VERSION_TAG=alpha -t stirlingtools/stirling-pdf:latest-ultra-lite -f ./Dockerfile.ultra-lite . # Test each configuration #run_tests "Stirling-PDF-Ultra-Lite" "./exampleYmlFiles/docker-compose-latest-ultra-lite.yml" @@ -94,8 +94,8 @@ main() { # Building Docker images with security enabled # docker build --no-cache --pull --build-arg VERSION_TAG=alpha -t stirlingtools/stirling-pdf:latest -f ./Dockerfile . - # docker build --no-cache --pull --build-arg VERSION_TAG=alpha -t stirlingtools/stirling-pdf:latest-ultra-lite -f ./Dockerfile-ultra-lite . - docker build --no-cache --pull --build-arg VERSION_TAG=alpha -t stirlingtools/stirling-pdf:latest-fat -f ./Dockerfile-fat . + # docker build --no-cache --pull --build-arg VERSION_TAG=alpha -t stirlingtools/stirling-pdf:latest-ultra-lite -f ./Dockerfile.ultra-lite . + docker build --no-cache --pull --build-arg VERSION_TAG=alpha -t stirlingtools/stirling-pdf:latest-fat -f ./Dockerfile.fat . # Test each configuration with security diff --git a/test2.sh b/test2.sh index 61db7993..b33d2df8 100644 --- a/test2.sh +++ b/test2.sh @@ -65,7 +65,7 @@ build_and_test() { dockerfile_name="./Dockerfile" ;; ultra-lite) - dockerfile_name="./Dockerfile-ultra-lite" + dockerfile_name="./Dockerfile.ultra-lite" ;; esac From f4ae4ac5c4c899e8d1b12a0d82a38e91128cfb99 Mon Sep 17 00:00:00 2001 From: Anthony Stirling <77850077+Frooodle@users.noreply.github.com.> Date: Sun, 22 Dec 2024 11:20:46 +0000 Subject: [PATCH 10/18] reremove --- Dockerfile-fat | 95 ------------------------------------------- Dockerfile-ultra-lite | 62 ---------------------------- 2 files changed, 157 deletions(-) delete mode 100644 Dockerfile-fat delete mode 100644 Dockerfile-ultra-lite diff --git a/Dockerfile-fat b/Dockerfile-fat deleted file mode 100644 index 2d9cc944..00000000 --- a/Dockerfile-fat +++ /dev/null @@ -1,95 +0,0 @@ -# Build the application -FROM gradle:8.12-jdk17 AS build - -# Set the working directory -WORKDIR /app - -# Copy the entire project to the working directory -COPY . . - -# Build the application with DOCKER_ENABLE_SECURITY=false -RUN DOCKER_ENABLE_SECURITY=true \ -./gradlew clean build - -# Main stage -FROM alpine:3.21.0@sha256:21dc6063fd678b478f57c0e13f47560d0ea4eeba26dfc947b2a4f81f686b9f45 - -# Copy necessary files -COPY scripts /scripts -COPY pipeline /pipeline -COPY src/main/resources/static/fonts/*.ttf /usr/share/fonts/opentype/noto/ -COPY --from=build /app/build/libs/*.jar app.jar - -ARG VERSION_TAG - -LABEL org.opencontainers.image.title="Stirling-PDF" -LABEL org.opencontainers.image.description="A powerful locally hosted web-based PDF manipulation tool supporting 50+ operations including merging, splitting, conversion, OCR, watermarking, and more." -LABEL org.opencontainers.image.source="https://github.com/Stirling-Tools/Stirling-PDF" -LABEL org.opencontainers.image.licenses="MIT" -LABEL org.opencontainers.image.vendor="Stirling-Tools" -LABEL org.opencontainers.image.url="https://www.stirlingpdf.com" -LABEL org.opencontainers.image.documentation="https://docs.stirlingpdf.com" -LABEL maintainer="Stirling-Tools" -LABEL org.opencontainers.image.authors="Stirling-Tools" -LABEL org.opencontainers.image.version="${VERSION_TAG}" -LABEL org.opencontainers.image.keywords="PDF, manipulation, merge, split, convert, OCR, watermark" - -# Set Environment Variables -ENV DOCKER_ENABLE_SECURITY=false \ - VERSION_TAG=$VERSION_TAG \ - JAVA_TOOL_OPTIONS="$JAVA_TOOL_OPTIONS -XX:MaxRAMPercentage=75" \ - HOME=/home/stirlingpdfuser \ - PUID=1000 \ - PGID=1000 \ - UMASK=022 \ - FAT_DOCKER=true \ - INSTALL_BOOK_AND_ADVANCED_HTML_OPS=false - - -# JDK for app -RUN echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/main" | tee -a /etc/apk/repositories && \ - echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/community" | tee -a /etc/apk/repositories && \ - echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/testing" | tee -a /etc/apk/repositories && \ - apk upgrade --no-cache -a && \ - apk add --no-cache \ - ca-certificates \ - tzdata \ - tini \ - bash \ - curl \ - shadow \ - su-exec \ - openssl \ - openssl-dev \ - openjdk21-jre \ -# Doc conversion - libreoffice \ -# pdftohtml - poppler-utils \ -# OCR MY PDF (unpaper for descew and other advanced featues) - qpdf \ - tesseract-ocr-data-eng \ - font-terminus font-dejavu font-noto font-noto-cjk font-awesome font-noto-extra \ -# CV - py3-opencv \ -# python3/pip - python3 \ - py3-pip && \ -# uno unoconv and HTML - pip install --break-system-packages --no-cache-dir --upgrade unoconv WeasyPrint pdf2image pillow && \ - mv /usr/share/tessdata /usr/share/tessdata-original && \ - mkdir -p $HOME /configs /logs /customFiles /pipeline/watchedFolders /pipeline/finishedFolders && \ - fc-cache -f -v && \ - chmod +x /scripts/* && \ - chmod +x /scripts/init.sh && \ -# User permissions - addgroup -S stirlingpdfgroup && adduser -S stirlingpdfuser -G stirlingpdfgroup && \ - chown -R stirlingpdfuser:stirlingpdfgroup $HOME /scripts /usr/share/fonts/opentype/noto /configs /customFiles /pipeline && \ - chown stirlingpdfuser:stirlingpdfgroup /app.jar && \ - tesseract --list-langs - -EXPOSE 8080/tcp - -# Set user and run command -ENTRYPOINT ["tini", "--", "/scripts/init.sh"] -CMD ["java", "-Dfile.encoding=UTF-8", "-jar", "/app.jar"] diff --git a/Dockerfile-ultra-lite b/Dockerfile-ultra-lite deleted file mode 100644 index 1d87253d..00000000 --- a/Dockerfile-ultra-lite +++ /dev/null @@ -1,62 +0,0 @@ -# use alpine -FROM alpine:3.21.0@sha256:21dc6063fd678b478f57c0e13f47560d0ea4eeba26dfc947b2a4f81f686b9f45 - -ARG VERSION_TAG - -LABEL org.opencontainers.image.title="Stirling-PDF" -LABEL org.opencontainers.image.description="A powerful locally hosted web-based PDF manipulation tool supporting 50+ operations including merging, splitting, conversion, OCR, watermarking, and more." -LABEL org.opencontainers.image.source="https://github.com/Stirling-Tools/Stirling-PDF" -LABEL org.opencontainers.image.licenses="MIT" -LABEL org.opencontainers.image.vendor="Stirling-Tools" -LABEL org.opencontainers.image.url="https://www.stirlingpdf.com" -LABEL org.opencontainers.image.documentation="https://docs.stirlingpdf.com" -LABEL maintainer="Stirling-Tools" -LABEL org.opencontainers.image.authors="Stirling-Tools" -LABEL org.opencontainers.image.version="${VERSION_TAG}" -LABEL org.opencontainers.image.keywords="PDF, manipulation, merge, split, convert, OCR, watermark" - -# Set Environment Variables -ENV DOCKER_ENABLE_SECURITY=false \ - HOME=/home/stirlingpdfuser \ - VERSION_TAG=$VERSION_TAG \ - JAVA_TOOL_OPTIONS="$JAVA_TOOL_OPTIONS -XX:MaxRAMPercentage=75" \ - PUID=1000 \ - PGID=1000 \ - UMASK=022 - -# Copy necessary files -COPY scripts/download-security-jar.sh /scripts/download-security-jar.sh -COPY scripts/init-without-ocr.sh /scripts/init-without-ocr.sh -COPY scripts/installFonts.sh /scripts/installFonts.sh -COPY pipeline /pipeline -COPY build/libs/*.jar app.jar - -# Set up necessary directories and permissions -RUN echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/main" | tee -a /etc/apk/repositories && \ - echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/community" | tee -a /etc/apk/repositories && \ - echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/testing" | tee -a /etc/apk/repositories && \ - apk upgrade --no-cache -a && \ - apk add --no-cache \ - ca-certificates \ - tzdata \ - tini \ - bash \ - curl \ - shadow \ - su-exec \ - openjdk21-jre && \ - # User permissions - mkdir -p /configs /logs /customFiles /usr/share/fonts/opentype/noto && \ - chmod +x /scripts/*.sh && \ - addgroup -S stirlingpdfgroup && adduser -S stirlingpdfuser -G stirlingpdfgroup && \ - chown -R stirlingpdfuser:stirlingpdfgroup $HOME /scripts /configs /customFiles /pipeline && \ - chown stirlingpdfuser:stirlingpdfgroup /app.jar - -# Set environment variables -ENV ENDPOINTS_GROUPS_TO_REMOVE=CLI - -EXPOSE 8080/tcp - -# Run the application -ENTRYPOINT ["tini", "--", "/scripts/init-without-ocr.sh"] -CMD ["java", "-Dfile.encoding=UTF-8", "-jar", "/app.jar"] From 34ddc298cf7f100f26f2f5d3e8aec547fc0481ae Mon Sep 17 00:00:00 2001 From: Anthony Stirling <77850077+Frooodle@users.noreply.github.com.> Date: Sun, 22 Dec 2024 11:48:06 +0000 Subject: [PATCH 11/18] test --- .github/workflows/push-docker.yml | 46 +++++++++++++++++-------------- 1 file changed, 25 insertions(+), 21 deletions(-) diff --git a/.github/workflows/push-docker.yml b/.github/workflows/push-docker.yml index a9860830..b26619cd 100644 --- a/.github/workflows/push-docker.yml +++ b/.github/workflows/push-docker.yml @@ -5,7 +5,7 @@ on: push: branches: - master - - main + - docker-rename permissions: contents: read @@ -85,9 +85,9 @@ jobs: tags: | type=raw,value=${{ steps.versionNumber.outputs.versionNumber }},enable=${{ github.ref == 'refs/heads/master' }} type=raw,value=latest,enable=${{ github.ref == 'refs/heads/master' }} - type=raw,value=alpha,enable=${{ github.ref == 'refs/heads/main' }} + type=raw,value=alpha,enable=${{ github.ref == 'refs/heads/docker-rename' }} - - name: Build and push main Dockerfile + - name: Build and push docker-rename Dockerfile id: build-push-regular uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 with: @@ -108,33 +108,33 @@ jobs: env: DIGEST: ${{ steps.build-push-regular.outputs.digest }} TAGS: ${{ steps.meta.outputs.tags }} + COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }} + COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} run: | # Always sign images regardless of branch echo "$TAGS" | tr ',' '\n' | while read -r tag; do cosign sign --yes \ - --identity-token ${ACTIONS_ID_TOKEN_REQUEST_TOKEN} \ - --force \ + --key env://COSIGN_PRIVATE_KEY \ "${tag}@${DIGEST}" done - - # For alpha builds specifically - if [[ "${{ github.ref }}" == "refs/heads/main" ]]; then + + # For alpha builds specifically, we want to ensure they're marked as development builds + if [[ "${{ github.ref }}" == "refs/heads/docker-rename" ]]; then echo "Signing alpha build with development attestation" echo "$TAGS" | tr ',' '\n' | while read -r tag; do if [[ $tag == *":alpha" ]]; then - cosign attest --yes \ - --identity-token ${ACTIONS_ID_TOKEN_REQUEST_TOKEN} \ - --force \ + cosign attest --key env://COSIGN_PRIVATE_KEY \ --predicate <(echo '{"type":"development"}') \ - "${tag}@${DIGEST}" + --yes "${tag}@${DIGEST}" fi done fi + - name: Generate tags ultra-lite id: meta2 uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1 - if: github.ref != 'refs/heads/main' + if: github.ref != 'refs/heads/docker-rename' with: images: | ${{ secrets.DOCKER_HUB_USERNAME }}/s-pdf @@ -148,7 +148,7 @@ jobs: - name: Build and push Dockerfile-ultra-lite id: build-push-lite uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 - if: github.ref != 'refs/heads/main' + if: github.ref != 'refs/heads/docker-rename' with: context: . file: ./Dockerfile.ultra-lite @@ -163,19 +163,21 @@ jobs: sbom: true - name: Sign ultra-lite images - if: github.ref != 'refs/heads/main' + if: github.ref != 'refs/heads/docker-rename' env: DIGEST: ${{ steps.build-push-lite.outputs.digest }} TAGS: ${{ steps.meta2.outputs.tags }} + COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }} + COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} run: | echo "$TAGS" | tr ',' '\n' | while read -r tag; do - cosign sign --yes "${tag}@${DIGEST}" + cosign sign --key env://COSIGN_PRIVATE_KEY --yes "${tag}@${DIGEST}" done - name: Generate tags fat id: meta3 uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1 - if: github.ref != 'refs/heads/main' + if: github.ref != 'refs/heads/docker-rename' with: images: | ${{ secrets.DOCKER_HUB_USERNAME }}/s-pdf @@ -186,10 +188,10 @@ jobs: type=raw,value=${{ steps.versionNumber.outputs.versionNumber }}-fat,enable=${{ github.ref == 'refs/heads/master' }} type=raw,value=latest-fat,enable=${{ github.ref == 'refs/heads/master' }} - - name: Build and push main Dockerfile fat + - name: Build and push docker-rename Dockerfile fat id: build-push-fat uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 - if: github.ref != 'refs/heads/main' + if: github.ref != 'refs/heads/docker-rename' with: builder: ${{ steps.buildx.outputs.name }} context: . @@ -205,11 +207,13 @@ jobs: sbom: true - name: Sign fat images - if: github.ref != 'refs/heads/main' + if: github.ref != 'refs/heads/docker-rename' env: DIGEST: ${{ steps.build-push-fat.outputs.digest }} TAGS: ${{ steps.meta3.outputs.tags }} + COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }} + COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} run: | echo "$TAGS" | tr ',' '\n' | while read -r tag; do - cosign sign --yes "${tag}@${DIGEST}" + cosign sign --key env://COSIGN_PRIVATE_KEY --yes "${tag}@${DIGEST}" done From 341a234b7c86668b191d0fb9bcf129a8aee61644 Mon Sep 17 00:00:00 2001 From: Anthony Stirling <77850077+Frooodle@users.noreply.github.com.> Date: Sun, 22 Dec 2024 11:55:40 +0000 Subject: [PATCH 12/18] quick fix --- Dockerfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Dockerfile b/Dockerfile index 63953434..84f096ce 100644 --- a/Dockerfile +++ b/Dockerfile @@ -37,6 +37,7 @@ RUN echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/main" | tee -a /et echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/community" | tee -a /etc/apk/repositories && \ echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/testing" | tee -a /etc/apk/repositories && \ apk upgrade --no-cache -a && \ + mkdir -p /usr/share/tessdata && \ apk add --no-cache \ ca-certificates \ tzdata \ From 5c1abdd49e5fd7a74c691d41c640dc595d44aac4 Mon Sep 17 00:00:00 2001 From: Anthony Stirling <77850077+Frooodle@users.noreply.github.com.> Date: Sun, 22 Dec 2024 12:00:52 +0000 Subject: [PATCH 13/18] fix --- Dockerfile | 4 +--- Dockerfile.fat | 3 +-- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/Dockerfile b/Dockerfile index 84f096ce..a5879b81 100644 --- a/Dockerfile +++ b/Dockerfile @@ -37,7 +37,6 @@ RUN echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/main" | tee -a /et echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/community" | tee -a /etc/apk/repositories && \ echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/testing" | tee -a /etc/apk/repositories && \ apk upgrade --no-cache -a && \ - mkdir -p /usr/share/tessdata && \ apk add --no-cache \ ca-certificates \ tzdata \ @@ -71,8 +70,7 @@ RUN echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/main" | tee -a /et # User permissions addgroup -S stirlingpdfgroup && adduser -S stirlingpdfuser -G stirlingpdfgroup && \ chown -R stirlingpdfuser:stirlingpdfgroup $HOME /scripts /usr/share/fonts/opentype/noto /configs /customFiles /pipeline && \ - chown stirlingpdfuser:stirlingpdfgroup /app.jar && \ - tesseract --list-langs + chown stirlingpdfuser:stirlingpdfgroup /app.jar EXPOSE 8080/tcp diff --git a/Dockerfile.fat b/Dockerfile.fat index 6720bf9b..9ae22f39 100644 --- a/Dockerfile.fat +++ b/Dockerfile.fat @@ -73,8 +73,7 @@ RUN echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/main" | tee -a /et # User permissions addgroup -S stirlingpdfgroup && adduser -S stirlingpdfuser -G stirlingpdfgroup && \ chown -R stirlingpdfuser:stirlingpdfgroup $HOME /scripts /usr/share/fonts/opentype/noto /configs /customFiles /pipeline && \ - chown stirlingpdfuser:stirlingpdfgroup /app.jar && \ - tesseract --list-langs + chown stirlingpdfuser:stirlingpdfgroup /app.jar EXPOSE 8080/tcp From 74cab98a1b868143424157e74ba7846393ce027b Mon Sep 17 00:00:00 2001 From: Ludy87 Date: Sun, 22 Dec 2024 13:12:48 +0100 Subject: [PATCH 14/18] Rollback action-gh-release version from v2.2.0 to v2.1.0 https://github.com/softprops/action-gh-release/issues/556 --- .github/workflows/releaseArtifacts.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/releaseArtifacts.yml b/.github/workflows/releaseArtifacts.yml index ceaa1d0f..21f2fb14 100644 --- a/.github/workflows/releaseArtifacts.yml +++ b/.github/workflows/releaseArtifacts.yml @@ -62,7 +62,7 @@ jobs: if-no-files-found: error - name: Upload binaries to release - uses: softprops/action-gh-release@7b4da11513bf3f43f9999e90eabced41ab8bb048 # v2.2.0 + uses: softprops/action-gh-release@01570a1f39cb168c169c802c3bceb9e93fb10974 # v2.1.0 with: files: ./build/launch4j/Stirling-PDF-Server${{ matrix.file_suffix }}.exe @@ -79,6 +79,6 @@ jobs: if-no-files-found: error - name: Upload jar binaries to release - uses: softprops/action-gh-release@7b4da11513bf3f43f9999e90eabced41ab8bb048 # v2.2.0 + uses: softprops/action-gh-release@01570a1f39cb168c169c802c3bceb9e93fb10974 # v2.1.0 with: files: ./build/libs/Stirling-PDF${{ matrix.file_suffix }}.jar From e833d688e7af0b63ecaf7600580a622f489bc891 Mon Sep 17 00:00:00 2001 From: Ludy87 Date: Sun, 22 Dec 2024 13:13:24 +0100 Subject: [PATCH 15/18] Update multiOSReleases.yml --- .github/workflows/multiOSReleases.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/multiOSReleases.yml b/.github/workflows/multiOSReleases.yml index 2792a909..e445dc2b 100644 --- a/.github/workflows/multiOSReleases.yml +++ b/.github/workflows/multiOSReleases.yml @@ -99,6 +99,6 @@ jobs: if-no-files-found: error - name: Upload binaries to release - uses: softprops/action-gh-release@7b4da11513bf3f43f9999e90eabced41ab8bb048 # v2.2.0 + uses: softprops/action-gh-release@01570a1f39cb168c169c802c3bceb9e93fb10974 # v2.1.0 with: files: ./Stirling-PDF-${{ matrix.platform }}-installer.${{ matrix.ext }} From 7223b379e76bc45d10a6d14edcaeefdea5590c05 Mon Sep 17 00:00:00 2001 From: Ludy87 Date: Sun, 22 Dec 2024 13:36:26 +0100 Subject: [PATCH 16/18] Introduces pre-commit github-action https://github.com/Stirling-Tools/Stirling-PDF/blob/main/.pre-commit-config.yaml --- .github/workflows/pre_commit.yml | 55 ++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) create mode 100644 .github/workflows/pre_commit.yml diff --git a/.github/workflows/pre_commit.yml b/.github/workflows/pre_commit.yml new file mode 100644 index 00000000..b8948ded --- /dev/null +++ b/.github/workflows/pre_commit.yml @@ -0,0 +1,55 @@ +name: Pre-commit + +on: + push: + branches: [main] + +permissions: read-all + +jobs: + update: + if: ${{ github.event.pull_request.user.login != 'dependabot[bot]' }} + runs-on: ubuntu-latest + permissions: + contents: write + pull-requests: write + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + token: ${{ secrets.GITHUB_TOKEN }} + - name: Set up Python + uses: actions/setup-python@v5 + with: + python-version: 3.12 + - name: Set up git config + run: | + git config --global user.name "github-actions[bot]" + git config --global user.email "github-actions[bot]@users.noreply.github.com" + - name: Install Dependencies + run: | + pip install pre-commit==4.0.1 + - name: Run pre-commit and git add + run: | + pre-commit run -c .pre-commit-config.yaml || true + git add . + git diff --staged --quiet || git commit -m ":file_folder: pre-commit + > Made via .github/workflows/pre_commit.yml" || echo "pre-commit: no changes" + - name: Create Pull Request + uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5 + with: + token: ${{ secrets.GITHUB_TOKEN }} + commit-message: Update files + committer: GitHub Action + author: GitHub Action + signoff: true + branch: pre-commit + title: "🔨 [pre-commit] Update files by " + body: | + Auto-generated by [create-pull-request][1] + + [1]: https://github.com/peter-evans/create-pull-request + draft: false + delete-branch: true + labels: github-actions + sign-commits: true From a0f3d7b7d4d522f9acb8a0a88943e8c3a311a409 Mon Sep 17 00:00:00 2001 From: Anthony Stirling <77850077+Frooodle@users.noreply.github.com> Date: Sun, 22 Dec 2024 12:41:53 +0000 Subject: [PATCH 17/18] Update push-docker.yml --- .github/workflows/push-docker.yml | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/.github/workflows/push-docker.yml b/.github/workflows/push-docker.yml index b26619cd..590e90cf 100644 --- a/.github/workflows/push-docker.yml +++ b/.github/workflows/push-docker.yml @@ -5,7 +5,7 @@ on: push: branches: - master - - docker-rename + - main permissions: contents: read @@ -85,9 +85,9 @@ jobs: tags: | type=raw,value=${{ steps.versionNumber.outputs.versionNumber }},enable=${{ github.ref == 'refs/heads/master' }} type=raw,value=latest,enable=${{ github.ref == 'refs/heads/master' }} - type=raw,value=alpha,enable=${{ github.ref == 'refs/heads/docker-rename' }} + type=raw,value=alpha,enable=${{ github.ref == 'refs/heads/main' }} - - name: Build and push docker-rename Dockerfile + - name: Build and push main Dockerfile id: build-push-regular uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 with: @@ -119,7 +119,7 @@ jobs: done # For alpha builds specifically, we want to ensure they're marked as development builds - if [[ "${{ github.ref }}" == "refs/heads/docker-rename" ]]; then + if [[ "${{ github.ref }}" == "refs/heads/main" ]]; then echo "Signing alpha build with development attestation" echo "$TAGS" | tr ',' '\n' | while read -r tag; do if [[ $tag == *":alpha" ]]; then @@ -134,7 +134,7 @@ jobs: - name: Generate tags ultra-lite id: meta2 uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1 - if: github.ref != 'refs/heads/docker-rename' + if: github.ref != 'refs/heads/main' with: images: | ${{ secrets.DOCKER_HUB_USERNAME }}/s-pdf @@ -148,7 +148,7 @@ jobs: - name: Build and push Dockerfile-ultra-lite id: build-push-lite uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 - if: github.ref != 'refs/heads/docker-rename' + if: github.ref != 'refs/heads/main' with: context: . file: ./Dockerfile.ultra-lite @@ -163,7 +163,7 @@ jobs: sbom: true - name: Sign ultra-lite images - if: github.ref != 'refs/heads/docker-rename' + if: github.ref != 'refs/heads/main' env: DIGEST: ${{ steps.build-push-lite.outputs.digest }} TAGS: ${{ steps.meta2.outputs.tags }} @@ -177,7 +177,7 @@ jobs: - name: Generate tags fat id: meta3 uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1 - if: github.ref != 'refs/heads/docker-rename' + if: github.ref != 'refs/heads/main' with: images: | ${{ secrets.DOCKER_HUB_USERNAME }}/s-pdf @@ -188,10 +188,10 @@ jobs: type=raw,value=${{ steps.versionNumber.outputs.versionNumber }}-fat,enable=${{ github.ref == 'refs/heads/master' }} type=raw,value=latest-fat,enable=${{ github.ref == 'refs/heads/master' }} - - name: Build and push docker-rename Dockerfile fat + - name: Build and push main Dockerfile fat id: build-push-fat uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 - if: github.ref != 'refs/heads/docker-rename' + if: github.ref != 'refs/heads/main' with: builder: ${{ steps.buildx.outputs.name }} context: . @@ -207,7 +207,7 @@ jobs: sbom: true - name: Sign fat images - if: github.ref != 'refs/heads/docker-rename' + if: github.ref != 'refs/heads/main' env: DIGEST: ${{ steps.build-push-fat.outputs.digest }} TAGS: ${{ steps.meta3.outputs.tags }} From 73ee9651a3738eeed61f28502b291cd6a47c2bf0 Mon Sep 17 00:00:00 2001 From: Anthony Stirling <77850077+Frooodle@users.noreply.github.com.> Date: Sun, 22 Dec 2024 13:37:41 +0000 Subject: [PATCH 18/18] 3.21.0 py3-opencv requires python 4.10 which means broken --- Dockerfile | 2 +- Dockerfile.fat | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index a5879b81..900f4a40 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ # Main stage -FROM alpine:3.21.0@sha256:21dc6063fd678b478f57c0e13f47560d0ea4eeba26dfc947b2a4f81f686b9f45 +FROM alpine:3.20.3 # Copy necessary files COPY scripts /scripts diff --git a/Dockerfile.fat b/Dockerfile.fat index 9ae22f39..1ee20176 100644 --- a/Dockerfile.fat +++ b/Dockerfile.fat @@ -12,7 +12,7 @@ RUN DOCKER_ENABLE_SECURITY=true \ ./gradlew clean build # Main stage -FROM alpine:3.21.0@sha256:21dc6063fd678b478f57c0e13f47560d0ea4eeba26dfc947b2a4f81f686b9f45 +FROM alpine:3.20.3 # Copy necessary files COPY scripts /scripts