mirror of
https://github.com/Frooodle/Stirling-PDF.git
synced 2025-01-19 00:07:17 +01:00
c78f924522
 ### Snyk has created this PR to fix 1 vulnerabilities in the dockerfile dependencies of this project. Keeping your Docker base image up-to-date means you’ll benefit from security fixes in the latest version of your chosen image. #### Snyk changed the following file(s): - `Dockerfile` We recommend upgrading to `alpine:3.21.2`, as this image has only **0** known vulnerabilities. To do this, merge this pull request, then verify your application still works as expected. #### Vulnerabilities that will be fixed with an upgrade: | | Issue | Score | :-------------------------:|:-------------------------|:-------------------------  | CVE-2024-9143 <br/>[SNYK-ALPINE320-OPENSSL-8235201](https://snyk.io/vuln/SNYK-ALPINE320-OPENSSL-8235201) | **54**  | CVE-2024-9143 <br/>[SNYK-ALPINE320-OPENSSL-8235201](https://snyk.io/vuln/SNYK-ALPINE320-OPENSSL-8235201) | **54** --- > [!IMPORTANT] > > - Check the changes in this PR to ensure they won't cause issues with your project. > - Max score is 1000. Note that the real score may have changed since the PR was raised. > - This PR was automatically created by Snyk using the credentials of a real user. --- **Note:** _You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs._ For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiJhYmYwMzliMi05OTRlLTRkMmMtYWZjOS04YzIwNWYxOWUwNTQiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6ImFiZjAzOWIyLTk5NGUtNGQyYy1hZmM5LThjMjA1ZjE5ZTA1NCJ9fQ==" width="0" height="0"/> 🧐 [View latest project report](https://app.snyk.io/org/frooodle/project/6c268b92-2569-4b08-8058-1f8f5d4acd0d?utm_source=github&utm_medium=referral&page=fix-pr) 📜 [Customise PR templates](https://docs.snyk.io/scan-using-snyk/pull-requests/snyk-fix-pull-or-merge-requests/customize-pr-templates?utm_source=github&utm_content=fix-pr-template) 🛠 [Adjust project settings](https://app.snyk.io/org/frooodle/project/6c268b92-2569-4b08-8058-1f8f5d4acd0d?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read about Snyk's upgrade logic](https://docs.snyk.io/scan-with-snyk/snyk-open-source/manage-vulnerabilities/upgrade-package-versions-to-fix-vulnerabilities?utm_source=github&utm_content=fix-pr-template) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Learn about vulnerability in an interactive lesson of Snyk Learn.](https://learn.snyk.io/?loc=fix-pr) [//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"alpine","from":"3.20.3","to":"3.21.2"}],"env":"prod","issuesToFix":["SNYK-ALPINE320-OPENSSL-8235201","SNYK-ALPINE320-OPENSSL-8235201"],"prId":"abf039b2-994e-4d2c-afc9-8c205f19e054","prPublicId":"abf039b2-994e-4d2c-afc9-8c205f19e054","packageManager":"dockerfile","priorityScoreList":[54],"projectPublicId":"6c268b92-2569-4b08-8058-1f8f5d4acd0d","projectUrl":"https://app.snyk.io/org/frooodle/project/6c268b92-2569-4b08-8058-1f8f5d4acd0d?utm_source=github&utm_medium=referral&page=fix-pr","prType":"fix","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":["updated-fix-title","priorityScore"],"type":"auto","upgrade":["SNYK-ALPINE320-OPENSSL-8235201","SNYK-ALPINE320-OPENSSL-8235201"],"vulns":["SNYK-ALPINE320-OPENSSL-8235201"],"patch":[],"isBreakingChange":false,"remediationStrategy":"vuln"}' --------- Co-authored-by: snyk-bot <snyk-bot@snyk.io>
83 lines
2.6 KiB
Docker
83 lines
2.6 KiB
Docker
# Build the application
|
|
FROM gradle:8.12-jdk17 AS build
|
|
|
|
# Set the working directory
|
|
WORKDIR /app
|
|
|
|
# Copy the entire project to the working directory
|
|
COPY . .
|
|
|
|
# Build the application with DOCKER_ENABLE_SECURITY=false
|
|
RUN DOCKER_ENABLE_SECURITY=true \
|
|
./gradlew clean build
|
|
|
|
# Main stage
|
|
FROM alpine:3.21.2@sha256:56fa17d2a7e7f168a043a2712e63aed1f8543aeafdcee47c58dcffe38ed51099
|
|
|
|
# Copy necessary files
|
|
COPY scripts /scripts
|
|
COPY pipeline /pipeline
|
|
COPY src/main/resources/static/fonts/*.ttf /usr/share/fonts/opentype/noto/
|
|
COPY --from=build /app/build/libs/*.jar app.jar
|
|
|
|
ARG VERSION_TAG
|
|
|
|
# Set Environment Variables
|
|
ENV DOCKER_ENABLE_SECURITY=false \
|
|
VERSION_TAG=$VERSION_TAG \
|
|
JAVA_TOOL_OPTIONS="$JAVA_TOOL_OPTIONS -XX:MaxRAMPercentage=75" \
|
|
HOME=/home/stirlingpdfuser \
|
|
PUID=1000 \
|
|
PGID=1000 \
|
|
UMASK=022 \
|
|
FAT_DOCKER=true \
|
|
INSTALL_BOOK_AND_ADVANCED_HTML_OPS=false
|
|
|
|
|
|
# JDK for app
|
|
RUN echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/main" | tee -a /etc/apk/repositories && \
|
|
echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/community" | tee -a /etc/apk/repositories && \
|
|
echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/testing" | tee -a /etc/apk/repositories && \
|
|
apk upgrade --no-cache -a && \
|
|
apk add --no-cache \
|
|
ca-certificates \
|
|
tzdata \
|
|
tini \
|
|
bash \
|
|
curl \
|
|
shadow \
|
|
su-exec \
|
|
openssl \
|
|
openssl-dev \
|
|
openjdk21-jre \
|
|
# Doc conversion
|
|
libreoffice \
|
|
# pdftohtml
|
|
poppler-utils \
|
|
# OCR MY PDF (unpaper for descew and other advanced featues)
|
|
qpdf \
|
|
tesseract-ocr-data-eng \
|
|
font-terminus font-dejavu font-noto font-noto-cjk font-awesome font-noto-extra \
|
|
# CV
|
|
py3-opencv \
|
|
# python3/pip
|
|
python3 \
|
|
py3-pip && \
|
|
# uno unoconv and HTML
|
|
pip install --break-system-packages --no-cache-dir --upgrade unoconv WeasyPrint pdf2image pillow && \
|
|
mv /usr/share/tessdata /usr/share/tessdata-original && \
|
|
mkdir -p $HOME /configs /logs /customFiles /pipeline/watchedFolders /pipeline/finishedFolders && \
|
|
fc-cache -f -v && \
|
|
chmod +x /scripts/* && \
|
|
chmod +x /scripts/init.sh && \
|
|
# User permissions
|
|
addgroup -S stirlingpdfgroup && adduser -S stirlingpdfuser -G stirlingpdfgroup && \
|
|
chown -R stirlingpdfuser:stirlingpdfgroup $HOME /scripts /usr/share/fonts/opentype/noto /configs /customFiles /pipeline && \
|
|
chown stirlingpdfuser:stirlingpdfgroup /app.jar
|
|
|
|
EXPOSE 8080/tcp
|
|
|
|
# Set user and run command
|
|
ENTRYPOINT ["tini", "--", "/scripts/init.sh"]
|
|
CMD ["java", "-Dfile.encoding=UTF-8", "-jar", "/app.jar"]
|