From 26340626df3ff46d183222ef9788500a782783a7 Mon Sep 17 00:00:00 2001 From: Peter Dave Hello Date: Fri, 20 Dec 2024 03:55:31 +0800 Subject: [PATCH 01/42] Update and improve zh_TW Traditional Chinese locale --- src/main/resources/messages_zh_TW.properties | 194 +++++++++---------- 1 file changed, 97 insertions(+), 97 deletions(-) diff --git a/src/main/resources/messages_zh_TW.properties b/src/main/resources/messages_zh_TW.properties index 741ec44d..acfe2c31 100644 --- a/src/main/resources/messages_zh_TW.properties +++ b/src/main/resources/messages_zh_TW.properties @@ -81,7 +81,7 @@ page=頁面 pages=頁面 loading=載入中... addToDoc=新增至文件 -reset=Reset +reset=重設 legal.privacy=隱私權政策 legal.terms=使用條款 @@ -142,7 +142,7 @@ navbar.language=語言 navbar.settings=設定 navbar.allTools=工具 navbar.multiTool=複合工具 -navbar.search=Search +navbar.search=搜尋 navbar.sections.organize=整理 navbar.sections.convertTo=轉換為 PDF navbar.sections.convertFrom=從 PDF 轉換 @@ -238,13 +238,13 @@ database.creationDate=建立日期 database.fileSize=檔案大小 database.deleteBackupFile=刪除備份檔案 database.importBackupFile=匯入備份檔案 -database.createBackupFile=Create Backup File +database.createBackupFile=建立備份檔案 database.downloadBackupFile=下載備份檔案 database.info_1=在匯入資料時,確保正確的結構至關重要。如果您不確定自己在做什麼,請尋求專業人士的建議和支援。結構錯誤可能會導致應用程式故障,甚至完全無法執行應用程式。 database.info_2=上傳時檔案名稱並不重要。上傳後將重新命名為 backup_user_yyyyMMddHHmm.sql 格式,以確保命名規範一致。 database.submit=匯入備份 database.importIntoDatabaseSuccessed=成功匯入資料庫 -database.backupCreated=Database backup successful +database.backupCreated=資料庫備份成功 database.fileNotFound=找不到檔案 database.fileNullOrEmpty=檔案不得為空或空白 database.failedImportFile=匯入檔案失敗 @@ -255,7 +255,7 @@ session.refreshPage=重新整理頁面 ############# # HOME-PAGE # ############# -home.desc=你的本機主機一站式 PDF 需求解決方案。 +home.desc=您的本機一站式 PDF 解決方案。 home.searchBar=搜尋功能... @@ -514,9 +514,9 @@ home.splitPdfByChapters.title=依章節分割 PDF home.splitPdfByChapters.desc=根據 PDF 的章節結構將其分割成多個檔案。 splitPdfByChapters.tags=分割,章節,書籤,整理 -home.validateSignature.title=Validate PDF Signature -home.validateSignature.desc=Verify digital signatures and certificates in PDF documents -validateSignature.tags=signature,verify,validate,pdf,certificate,digital signature,Validate Signature,Validate certificate +home.validateSignature.title=驗證 PDF 簽章 +home.validateSignature.desc=驗證 PDF 文件中的數位簽章與憑證 +validateSignature.tags=簽章,驗證,確認,pdf,憑證,數位簽章,驗證簽章,驗證憑證 #replace-invert-color replace-color.title=取代-反轉顏色 @@ -629,12 +629,12 @@ HTMLToPDF.help=接受 HTML 文件和包含所需 html/css/images 等的 ZIP HTMLToPDF.submit=轉換 HTMLToPDF.credit=此服務使用 WeasyPrint 進行轉換 HTMLToPDF.zoom=用於顯示網站的縮放級別。 -HTMLToPDF.pageWidth=頁面寬度-以釐米為單位(填空則使用預設值) -HTMLToPDF.pageHeight=頁面高度-以釐米為單位(填空則使用預設值) -HTMLToPDF.marginTop=頁面的上邊距-以毫米為單位(填空則使用預設值) -HTMLToPDF.marginBottom=頁面的下邊距-以毫米為單位(填空則使用預設值) -HTMLToPDF.marginLeft=頁面的左邊距-以毫米為單位(填空則使用預設值) -HTMLToPDF.marginRight=頁面的右邊距-以毫米為單位(填空則使用預設值) +HTMLToPDF.pageWidth=頁面寬度-以公分為單位(留空則使用預設值) +HTMLToPDF.pageHeight=頁面高度-以公分為單位(留空則使用預設值) +HTMLToPDF.marginTop=頁面的上邊距-以毫米為單位(留空則使用預設值) +HTMLToPDF.marginBottom=頁面的下邊距-以毫米為單位(留空則使用預設值) +HTMLToPDF.marginLeft=頁面的左邊距-以毫米為單位(留空則使用預設值) +HTMLToPDF.marginRight=頁面的右邊距-以毫米為單位(留空則使用預設值) HTMLToPDF.printBackground=渲染網站的背景。 HTMLToPDF.defaultHeader=啟用預設標頭(名稱和頁碼) HTMLToPDF.cssMediaType=更改頁面的 CSS 媒體類型。 @@ -748,13 +748,13 @@ scalePages.submit=送出 certSign.title=憑證簽章 certSign.header=使用你的憑證簽章(進行中) certSign.selectPDF=選擇要簽章的 PDF 檔案: -certSign.jksNote=注意:如果你的證書類型未在下面列出,請使用 keytool 命令列工具將其轉換為 Java Keystore (.jks) 檔。 然後,選擇下面的 .jks 文件選項。 -certSign.selectKey=選擇你的私鑰文件(PKCS#8 格式,可能是 .pem 或 .der): -certSign.selectCert=選擇你的憑證文件(X.509 格式,可能是 .pem 或 .der): -certSign.selectP12=選擇你的 PKCS#12 金鑰庫文件(.p12 或 .pfx)(可選,如果提供,它應包含你的私鑰和憑證): -certSign.selectJKS=選擇你的 Java Keystore 檔 (.jks 或 .keystore): +certSign.jksNote=注意:如果你的證書類型未被列在下方,請使用 keytool 命令列工具將其轉換為 Java Keystore (.jks) 檔案格式,然後選擇下面的 .jks 檔案選項。 +certSign.selectKey=選擇你的私鑰檔案(PKCS#8 格式,副檔名可能是 .pem 或 .der): +certSign.selectCert=選擇你的憑證檔案(X.509 格式,副檔名可能是 .pem 或 .der): +certSign.selectP12=選擇你的 PKCS#12 金鑰庫檔案(副檔名可能是 .p12 或 .pfx)(選填,如果有提供,則它應該包含你的私鑰和憑證): +certSign.selectJKS=選擇你的 Java Keystore 檔案 (副檔名可能是 .jks 或 .keystore): certSign.certType=憑證類型 -certSign.password=輸入你的金鑰庫或私鑰密碼(如果有): +certSign.password=輸入你的金鑰庫或私鑰密碼(如果有的話): certSign.showSig=顯示簽章 certSign.reason=原因 certSign.location=位置 @@ -824,12 +824,12 @@ sign.save=儲存簽章 sign.personalSigs=個人簽章 sign.sharedSigs=共用簽章 sign.noSavedSigs=尚未儲存任何簽章 -sign.addToAll=Add to all pages -sign.delete=Delete -sign.first=First page -sign.last=Last page -sign.next=Next page -sign.previous=Previous page +sign.addToAll=新增至所有頁面 +sign.delete=刪除 +sign.first=第一頁 +sign.last=最後一頁 +sign.next=下一頁 +sign.previous=上一頁 #repair repair.title=修復 @@ -946,39 +946,39 @@ pdfOrganiser.placeholder=(例如 1,3,2 或 4-8,2,10-12 或 2n-1) multiTool.title=PDF 複合工具 multiTool.header=PDF 複合工具 multiTool.uploadPrompts=檔名 -multiTool.selectAll=Select All -multiTool.deselectAll=Deselect All -multiTool.selectPages=Page Select -multiTool.selectedPages=Selected Pages -multiTool.page=Page -multiTool.deleteSelected=Delete Selected -multiTool.downloadAll=Export -multiTool.downloadSelected=Export Selected +multiTool.selectAll=全選 +multiTool.deselectAll=取消全選 +multiTool.selectPages=選取頁面 +multiTool.selectedPages=已選取的頁面 +multiTool.page=頁面 +multiTool.deleteSelected=刪除已選取的項目 +multiTool.downloadAll=匯出 +multiTool.downloadSelected=匯出已選取的項目 -multiTool.insertPageBreak=Insert Page Break -multiTool.addFile=Add File -multiTool.rotateLeft=Rotate Left -multiTool.rotateRight=Rotate Right -multiTool.split=Split -multiTool.moveLeft=Move Left -multiTool.moveRight=Move Right -multiTool.delete=Delete -multiTool.dragDropMessage=Page(s) Selected -multiTool.undo=Undo -multiTool.redo=Redo +multiTool.insertPageBreak=插入分頁符號 +multiTool.addFile=新增檔案 +multiTool.rotateLeft=向左旋轉 +multiTool.rotateRight=向右旋轉 +multiTool.split=分割 +multiTool.moveLeft=向左移動 +multiTool.moveRight=向右移動 +multiTool.delete=刪除 +multiTool.dragDropMessage=已選取的頁面 +multiTool.undo=復原 +multiTool.redo=重做 #decrypt -decrypt.passwordPrompt=This file is password-protected. Please enter the password: -decrypt.cancelled=Operation cancelled for PDF: {0} -decrypt.noPassword=No password provided for encrypted PDF: {0} -decrypt.invalidPassword=Please try again with the correct password. -decrypt.invalidPasswordHeader=Incorrect password or unsupported encryption for PDF: {0} -decrypt.unexpectedError=There was an error processing the file. Please try again. -decrypt.serverError=Server error while decrypting: {0} -decrypt.success=File decrypted successfully. +decrypt.passwordPrompt=此檔案已受密碼保護。請輸入密碼: +decrypt.cancelled=已取消處理 PDF:{0} +decrypt.noPassword=未提供加密 PDF 的密碼:{0} +decrypt.invalidPassword=請重新輸入正確的密碼。 +decrypt.invalidPasswordHeader=密碼錯誤或不支援的加密方式,PDF:{0} +decrypt.unexpectedError=處理檔案時發生錯誤。請再試一次。 +decrypt.serverError=解密時發生伺服器錯誤:{0} +decrypt.success=檔案已成功解密。 #multiTool-advert -multiTool-advert.message=This feature is also available in our multi-tool page. Check it out for enhanced page-by-page UI and additional features! +multiTool-advert.message=此功能也可以在我們的複合工具頁面中使用。前往查看並體驗更強大的逐頁操作介面及其他進階功能! #view pdf viewPdf.title=檢視 PDF @@ -1195,7 +1195,7 @@ split-by-size-or-count.submit=送出 #overlay-pdfs overlay-pdfs.header=覆蓋 PDF 檔案 -overlay-pdfs.baseFile.label=選擇基礎 PDF 檔案 +overlay-pdfs.baseFile.label=選擇基底 PDF 檔案 overlay-pdfs.overlayFiles.label=選擇覆蓋 PDF 檔案 overlay-pdfs.mode.label=選擇覆蓋模式 overlay-pdfs.mode.sequential=序列覆蓋 @@ -1281,49 +1281,49 @@ splitByChapters.desc.4=允許重複:如果勾選,允許同一頁面上的多 splitByChapters.submit=分割 PDF #File Chooser -fileChooser.click=Click -fileChooser.or=or -fileChooser.dragAndDrop=Drag & Drop -fileChooser.hoveredDragAndDrop=Drag & Drop file(s) here +fileChooser.click=點選 +fileChooser.or=或 +fileChooser.dragAndDrop=拖放檔案 +fileChooser.hoveredDragAndDrop=將檔案拖放至此 #release notes -releases.footer=Releases -releases.title=Release Notes -releases.header=Release Notes -releases.current.version=Current Release -releases.note=Release notes are only available in English +releases.footer=版本資訊 +releases.title=版本資訊 +releases.header=版本資訊 +releases.current.version=目前版本 +releases.note=版本資訊僅提供英文版本 #Validate Signature -validateSignature.title=Validate PDF Signatures -validateSignature.header=Validate Digital Signatures -validateSignature.selectPDF=Select signed PDF file -validateSignature.submit=Validate Signatures -validateSignature.results=Validation Results -validateSignature.status=Status -validateSignature.signer=Signer -validateSignature.date=Date -validateSignature.reason=Reason -validateSignature.location=Location -validateSignature.noSignatures=No digital signatures found in this document -validateSignature.status.valid=Valid -validateSignature.status.invalid=Invalid -validateSignature.chain.invalid=Certificate chain validation failed - cannot verify signer's identity -validateSignature.trust.invalid=Certificate not in trust store - source cannot be verified -validateSignature.cert.expired=Certificate has expired -validateSignature.cert.revoked=Certificate has been revoked -validateSignature.signature.info=Signature Information -validateSignature.signature=Signature -validateSignature.signature.mathValid=Signature is mathematically valid BUT: -validateSignature.selectCustomCert=Custom Certificate File X.509 (Optional) -validateSignature.cert.info=Certificate Details -validateSignature.cert.issuer=Issuer -validateSignature.cert.subject=Subject -validateSignature.cert.serialNumber=Serial Number -validateSignature.cert.validFrom=Valid From -validateSignature.cert.validUntil=Valid Until -validateSignature.cert.algorithm=Algorithm -validateSignature.cert.keySize=Key Size -validateSignature.cert.version=Version -validateSignature.cert.keyUsage=Key Usage -validateSignature.cert.selfSigned=Self-Signed -validateSignature.cert.bits=bits +validateSignature.title=驗證 PDF 簽章 +validateSignature.header=驗證數位簽章 +validateSignature.selectPDF=選擇已簽章的 PDF 檔案 +validateSignature.submit=驗證簽章 +validateSignature.results=驗證結果 +validateSignature.status=狀態 +validateSignature.signer=簽署者 +validateSignature.date=日期 +validateSignature.reason=原因 +validateSignature.location=位置 +validateSignature.noSignatures=此文件中未找到數位簽章 +validateSignature.status.valid=有效 +validateSignature.status.invalid=無效 +validateSignature.chain.invalid=憑證鏈驗證失敗 - 無法驗證簽署者身份 +validateSignature.trust.invalid=憑證不在信任儲存區中 - 無法驗證來源 +validateSignature.cert.expired=憑證已過期 +validateSignature.cert.revoked=憑證已被撤銷 +validateSignature.signature.info=簽章資訊 +validateSignature.signature=簽章 +validateSignature.signature.mathValid=簽章在數學上有效,但: +validateSignature.selectCustomCert=自訂 X.509 憑證檔案(選填) +validateSignature.cert.info=憑證詳細資訊 +validateSignature.cert.issuer=發行者 +validateSignature.cert.subject=主旨 +validateSignature.cert.serialNumber=序號 +validateSignature.cert.validFrom=有效期自 +validateSignature.cert.validUntil=有效期至 +validateSignature.cert.algorithm=演算法 +validateSignature.cert.keySize=金鑰長度 +validateSignature.cert.version=版本 +validateSignature.cert.keyUsage=金鑰用途 +validateSignature.cert.selfSigned=自我簽署 +validateSignature.cert.bits=位元 From bba3d653681552d3d1e10bb70668de09c1ddfba3 Mon Sep 17 00:00:00 2001 From: Anthony Stirling <77850077+Frooodle@users.noreply.github.com> Date: Sat, 21 Dec 2024 00:23:58 +0000 Subject: [PATCH 02/42] Create SECURITY.md --- SECURITY.md | 63 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 63 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..e67cdce4 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,63 @@ +# Security Policy + +## Reporting a Vulnerability + +The Stirling-PDF team takes security vulnerabilities seriously. We appreciate your efforts to responsibly disclose your findings. + +### How to Report + +You can report security vulnerabilities through two channels: + +1. **GitHub Security Advisory**: + - Navigate to the [Security tab](https://github.com/Stirling-Tools/Stirling-PDF/security) in our repository + - Click on "Report a vulnerability" + - Provide a detailed description of the vulnerability + +2. **Direct Email**: + - Send your report to security@stirlingpdf.com + - Please include as much information as possible about the vulnerability + +### What to Include + +When reporting a vulnerability, please provide: + +- A clear description of the vulnerability +- Steps to reproduce the issue +- Any potential impact +- If possible, suggestions for addressing the vulnerability +- Your contact information for follow-up questions + +### Response Time + +We aim to acknowledge receipt of your vulnerability report within 48 hours + +### Process + +1. Submit your report through one of the channels above +2. Receive an acknowledgment from our team +3. Our team will investigate and validate the issue +4. We will work on a fix and keep you updated on our progress +5. Once resolved, we will publish the fix and acknowledge your contribution (if desired) + +### Bug Bounty + +At this time, we do not offer a bug bounty program. However, we greatly appreciate your efforts in making Stirling-PDF more secure and will acknowledge your contribution in our release notes (unless you prefer to remain anonymous). + +## Supported Versions + +Only the latest version of Stirling-PDF is supported for security updates. We do not backport security fixes to older versions. + +| Version | Supported | +| ------- | ------------------ | +| Latest | :white_check_mark: | +| Older | :x: | + +**Please note:** Before reporting a security issue, ensure you are using the latest version of Stirling-PDF. Security reports for older versions will not be accepted. + +## Security Best Practices + +When deploying Stirling-PDF: + +1. Always use the latest version +2. Follow our deployment guidelines +3. Regularly check for and apply updates From dc5b214932c00b0d640b262d3977d15b5ff25a79 Mon Sep 17 00:00:00 2001 From: StepSecurity Bot Date: Sat, 21 Dec 2024 12:28:35 +0000 Subject: [PATCH 03/42] [StepSecurity] Apply security best practices Signed-off-by: StepSecurity Bot --- .github/dependabot.yml | 10 +++ .github/workflows/PR-Demo-Comment.yml | 26 +++++--- .github/workflows/PR-Demo-cleanup.yml | 7 ++- .github/workflows/auto-labeler.yml | 12 +++- .github/workflows/build.yml | 27 ++++++--- .github/workflows/check_properties.yml | 24 +++++--- .github/workflows/codeql.yml | 78 ++++++++++++++++++++++++ .github/workflows/dependency-review.yml | 27 +++++++++ .github/workflows/licenses-update.yml | 15 +++-- .github/workflows/manage-label.yml | 9 ++- .github/workflows/multiOSReleases.yml | 15 +++-- .github/workflows/push-docker.yml | 31 ++++++---- .github/workflows/releaseArtifacts.yml | 19 +++--- .github/workflows/scorecards.yml | 81 +++++++++++++++++++++++++ .github/workflows/stale.yml | 10 ++- .github/workflows/swagger.yml | 11 +++- .github/workflows/sync_files.yml | 11 +++- .pre-commit-config.yaml | 25 ++++++++ Dockerfile | 2 +- 19 files changed, 375 insertions(+), 65 deletions(-) create mode 100644 .github/workflows/codeql.yml create mode 100644 .github/workflows/dependency-review.yml create mode 100644 .github/workflows/scorecards.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 6bd86d3e..b6e3b58c 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -15,3 +15,13 @@ updates: directory: "/" # Location of Dockerfile schedule: interval: "weekly" + + - package-ecosystem: github-actions + directory: / + schedule: + interval: daily + + - package-ecosystem: pip + directory: /cucumber + schedule: + interval: daily diff --git a/.github/workflows/PR-Demo-Comment.yml b/.github/workflows/PR-Demo-Comment.yml index 057f8bd7..75ac9b66 100644 --- a/.github/workflows/PR-Demo-Comment.yml +++ b/.github/workflows/PR-Demo-Comment.yml @@ -28,9 +28,14 @@ jobs: pr_ref: ${{ steps.get-pr-info.outputs.ref }} steps: + - name: Harden Runner + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 + with: + egress-policy: audit + - name: Get PR data id: get-pr - uses: actions/github-script@v7 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: script: | const prNumber = context.payload.issue.number; @@ -39,7 +44,7 @@ jobs: - name: Get PR repository and ref id: get-pr-info - uses: actions/github-script@v7 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: script: | const { owner, repo } = context.repo; @@ -65,15 +70,20 @@ jobs: runs-on: ubuntu-latest steps: + - name: Harden Runner + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 + with: + egress-policy: audit + - name: Checkout PR - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: repository: ${{ needs.check-comment.outputs.pr_repository }} ref: ${{ needs.check-comment.outputs.pr_ref }} token: ${{ secrets.GITHUB_TOKEN }} - name: Set up JDK - uses: actions/setup-java@v4 + uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0 with: java-version: '17' distribution: 'temurin' @@ -84,20 +94,20 @@ jobs: DOCKER_ENABLE_SECURITY: false - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 - name: Get version number id: versionNumber run: echo "versionNumber=$(./gradlew printVersion --quiet | tail -1)" >> $GITHUB_OUTPUT - name: Login to Docker Hub - uses: docker/login-action@v3 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: username: ${{ secrets.DOCKER_HUB_USERNAME }} password: ${{ secrets.DOCKER_HUB_API }} - name: Build and push PR-specific image - uses: docker/build-push-action@v6 + uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 with: context: . file: ./Dockerfile @@ -158,7 +168,7 @@ jobs: - name: Post deployment URL to PR if: success() - uses: actions/github-script@v7 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: script: | const { GITHUB_REPOSITORY } = process.env; diff --git a/.github/workflows/PR-Demo-cleanup.yml b/.github/workflows/PR-Demo-cleanup.yml index 94f8bd3f..f0c40504 100644 --- a/.github/workflows/PR-Demo-cleanup.yml +++ b/.github/workflows/PR-Demo-cleanup.yml @@ -18,6 +18,11 @@ jobs: if: github.event.action == 'closed' steps: + - name: Harden Runner + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 + with: + egress-policy: audit + - name: Set up SSH run: | mkdir -p ~/.ssh/ @@ -60,7 +65,7 @@ jobs: - name: Post cleanup notice to PR if: steps.cleanup.outputs.cleanup_performed == 'true' - uses: actions/github-script@v7 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: script: | const { GITHUB_REPOSITORY } = process.env; diff --git a/.github/workflows/auto-labeler.yml b/.github/workflows/auto-labeler.yml index 30bf857f..b7c8470b 100644 --- a/.github/workflows/auto-labeler.yml +++ b/.github/workflows/auto-labeler.yml @@ -3,6 +3,9 @@ on: pull_request_target: types: [opened, synchronize] +permissions: + contents: read + jobs: labeler: permissions: @@ -10,10 +13,15 @@ jobs: pull-requests: write runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - name: Harden Runner + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 + with: + egress-policy: audit + + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Apply Labels - uses: actions/labeler@v5 + uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5.0.0 with: repo-token: ${{ secrets.GITHUB_TOKEN }} configuration-path: .github/labeler-config.yml diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 9146d798..cbf05eef 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -6,6 +6,9 @@ on: pull_request: branches: ["main"] +permissions: + contents: read + jobs: build: runs-on: ubuntu-latest @@ -21,17 +24,22 @@ jobs: jdk-version: [17, 21] steps: + - name: Harden Runner + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 + with: + egress-policy: audit + - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up JDK ${{ matrix.jdk-version }} - uses: actions/setup-java@v4 + uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0 with: java-version: ${{ matrix.jdk-version }} distribution: "temurin" - name: Set up Gradle - uses: gradle/actions/setup-gradle@v4 + uses: gradle/actions/setup-gradle@0bdd871935719febd78681f197cd39af5b6e16a6 # v4.2.2 with: gradle-version: 8.7 @@ -56,17 +64,22 @@ jobs: runs-on: ubuntu-latest steps: + - name: Harden Runner + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 + with: + egress-policy: audit + - name: Checkout Repository - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up Java 17 - uses: actions/setup-java@v4 + uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0 with: java-version: "17" distribution: "adopt" - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 - name: Install Docker Compose run: | @@ -74,7 +87,7 @@ jobs: sudo chmod +x /usr/local/bin/docker-compose - name: Set up Python - uses: actions/setup-python@v5 + uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 with: python-version: "3.12" diff --git a/.github/workflows/check_properties.yml b/.github/workflows/check_properties.yml index b46efdc5..83a6e7de 100644 --- a/.github/workflows/check_properties.yml +++ b/.github/workflows/check_properties.yml @@ -15,15 +15,20 @@ jobs: if: github.event_name == 'pull_request_target' runs-on: ubuntu-latest steps: + - name: Harden Runner + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 + with: + egress-policy: audit + - name: Checkout main branch first - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: main path: main-branch fetch-depth: 0 - name: Checkout PR branch - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: repository: ${{ github.event.pull_request.head.repo.full_name }} ref: ${{ github.event.pull_request.head.ref }} @@ -31,7 +36,7 @@ jobs: fetch-depth: 0 - name: Set up Python - uses: actions/setup-python@v5 + uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 with: python-version: "3.x" @@ -109,7 +114,7 @@ jobs: - name: Post comment on PR if: env.SCRIPT_OUTPUT != '' - uses: actions/github-script@v7 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 with: script: | const { GITHUB_REPOSITORY, SCRIPT_OUTPUT } = process.env; @@ -163,11 +168,16 @@ jobs: pull-requests: write runs-on: ubuntu-latest steps: + - name: Harden Runner + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 + with: + egress-policy: audit + - name: Checkout repository - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up Python - uses: actions/setup-python@v5 + uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 with: python-version: "3.x" @@ -192,7 +202,7 @@ jobs: - name: Create Pull Request id: cpr if: env.CHANGES_DETECTED == 'true' - uses: peter-evans/create-pull-request@v7 + uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5 with: token: ${{ secrets.GITHUB_TOKEN }} commit-message: "Update translation files" diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 00000000..70c92b11 --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,78 @@ +# For most projects, this workflow file will not need changing; you simply need +# to commit it to your repository. +# +# You may wish to alter this file to override the set of languages analyzed, +# or to provide custom queries or build logic. +# +# ******** NOTE ******** +# We have attempted to detect the languages in your repository. Please check +# the `language` matrix defined below to confirm you have the correct set of +# supported CodeQL languages. +# +name: "CodeQL" + +on: + push: + branches: ["main"] + pull_request: + # The branches below must be a subset of the branches above + branches: ["main"] + schedule: + - cron: "0 0 * * 1" + +permissions: + contents: read + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: ["java", "javascript", "python"] + # CodeQL supports [ $supported-codeql-languages ] + # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support + + steps: + - name: Harden Runner + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 + with: + egress-policy: audit + + - name: Checkout repository + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 + with: + languages: ${{ matrix.language }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + + # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). + # If this step fails, then you should remove it and run the build manually (see below) + - name: Autobuild + uses: github/codeql-action/autobuild@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 + + # ℹ️ Command-line programs to run using the OS shell. + # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun + + # If the Autobuild fails above, remove it and uncomment the following three lines. + # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance. + + # - run: | + # echo "Run, Build Application using script" + # ./location_of_script_within_repo/buildscript.sh + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 + with: + category: "/language:${{matrix.language}}" diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml new file mode 100644 index 00000000..21a469b1 --- /dev/null +++ b/.github/workflows/dependency-review.yml @@ -0,0 +1,27 @@ +# Dependency Review Action +# +# This Action will scan dependency manifest files that change as part of a Pull Request, +# surfacing known-vulnerable versions of the packages declared or updated in the PR. +# Once installed, if the workflow run is marked as required, +# PRs introducing known-vulnerable packages will be blocked from merging. +# +# Source repository: https://github.com/actions/dependency-review-action +name: 'Dependency Review' +on: [pull_request] + +permissions: + contents: read + +jobs: + dependency-review: + runs-on: ubuntu-latest + steps: + - name: Harden Runner + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 + with: + egress-policy: audit + + - name: 'Checkout Repository' + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - name: 'Dependency Review' + uses: actions/dependency-review-action@3b139cfc5fae8b618d3eae3675e383bb1769c019 # v4.5.0 diff --git a/.github/workflows/licenses-update.yml b/.github/workflows/licenses-update.yml index 52458a1f..fcbb2b23 100644 --- a/.github/workflows/licenses-update.yml +++ b/.github/workflows/licenses-update.yml @@ -16,16 +16,21 @@ jobs: runs-on: ubuntu-latest steps: + - name: Harden Runner + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 + with: + egress-policy: audit + - name: Check out code - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up JDK 17 - uses: actions/setup-java@v4 + uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0 with: java-version: "17" distribution: "adopt" - - uses: gradle/actions/setup-gradle@v4 + - uses: gradle/actions/setup-gradle@0bdd871935719febd78681f197cd39af5b6e16a6 # v4.2.2 - name: Run Gradle Command run: ./gradlew clean generateLicenseReport @@ -47,7 +52,7 @@ jobs: - name: Create Pull Request id: cpr if: env.CHANGES_DETECTED == 'true' - uses: peter-evans/create-pull-request@v6 + uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6.1.0 with: token: ${{ secrets.GITHUB_TOKEN }} commit-message: "Update 3rd Party Licenses" @@ -72,7 +77,7 @@ jobs: - name: Enable auto-merge if: steps.cpr.outputs.pull-request-operation == 'created' - uses: peter-evans/enable-pull-request-automerge@v3 + uses: peter-evans/enable-pull-request-automerge@a660677d5469627102a1c1e11409dd063606628d # v3.0.0 with: token: ${{ secrets.GITHUB_TOKEN }} pull-request-number: ${{ steps.cpr.outputs.pull-request-number }} diff --git a/.github/workflows/manage-label.yml b/.github/workflows/manage-label.yml index b1a239cf..5bad0231 100644 --- a/.github/workflows/manage-label.yml +++ b/.github/workflows/manage-label.yml @@ -13,11 +13,16 @@ jobs: name: Labeler runs-on: ubuntu-latest steps: + - name: Harden Runner + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 + with: + egress-policy: audit + - name: Check out the repository - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Run Labeler - uses: crazy-max/ghaction-github-labeler@v5 + uses: crazy-max/ghaction-github-labeler@de749cf181958193cb7debf1a9c5bb28922f3e1b # v5.0.0 with: github-token: ${{ secrets.GITHUB_TOKEN }} yaml-file: .github/labels.yml diff --git a/.github/workflows/multiOSReleases.yml b/.github/workflows/multiOSReleases.yml index a67b85a0..2bd5a9f6 100644 --- a/.github/workflows/multiOSReleases.yml +++ b/.github/workflows/multiOSReleases.yml @@ -24,15 +24,20 @@ jobs: runs-on: ${{ matrix.os }} steps: - - uses: actions/checkout@v4 + - name: Harden Runner + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 + with: + egress-policy: audit + + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up JDK 21 - uses: actions/setup-java@v4 + uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0 with: java-version: "21" distribution: "temurin" - - uses: gradle/actions/setup-gradle@v4 + - uses: gradle/actions/setup-gradle@0bdd871935719febd78681f197cd39af5b6e16a6 # v4.2.2 with: gradle-version: 8.7 @@ -83,7 +88,7 @@ jobs: # Upload installer as artifact for testing - name: Upload Installer Artifact - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: name: Stirling-PDF-${{ matrix.platform }}-installer.${{ matrix.ext }} path: Stirling-PDF-${{ matrix.platform }}-installer.${{ matrix.ext }} @@ -91,6 +96,6 @@ jobs: if-no-files-found: error - name: Upload binaries to release - uses: softprops/action-gh-release@v2 + uses: softprops/action-gh-release@e7a8f85e1c67a31e6ed99a94b41bd0b71bbee6b8 # v2.0.9 with: files: ./Stirling-PDF-${{ matrix.platform }}-installer.${{ matrix.ext }} diff --git a/.github/workflows/push-docker.yml b/.github/workflows/push-docker.yml index 2ca9a14d..45907e74 100644 --- a/.github/workflows/push-docker.yml +++ b/.github/workflows/push-docker.yml @@ -15,15 +15,20 @@ jobs: push: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - name: Harden Runner + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 + with: + egress-policy: audit + + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up JDK 17 - uses: actions/setup-java@v4 + uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0 with: java-version: "17" distribution: "temurin" - - uses: gradle/actions/setup-gradle@v4 + - uses: gradle/actions/setup-gradle@0bdd871935719febd78681f197cd39af5b6e16a6 # v4.2.2 with: gradle-version: 8.7 @@ -34,27 +39,27 @@ jobs: - name: Set up Docker Buildx id: buildx - uses: docker/setup-buildx-action@v3 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 - name: Get version number id: versionNumber run: echo "versionNumber=$(./gradlew printVersion --quiet | tail -1)" >> $GITHUB_OUTPUT - name: Login to Docker Hub - uses: docker/login-action@v3 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: username: ${{ secrets.DOCKER_HUB_USERNAME }} password: ${{ secrets.DOCKER_HUB_API }} - name: Login to GitHub Container Registry - uses: docker/login-action@v3 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: registry: ghcr.io username: ${{ github.actor }} password: ${{ github.token }} - name: Set up QEMU - uses: docker/setup-qemu-action@v3 + uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 - name: Convert repository owner to lowercase id: repoowner @@ -62,7 +67,7 @@ jobs: - name: Generate tags id: meta - uses: docker/metadata-action@v5 + uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1 with: images: | ${{ secrets.DOCKER_HUB_USERNAME }}/s-pdf @@ -75,7 +80,7 @@ jobs: type=raw,value=alpha,enable=${{ github.ref == 'refs/heads/main' }} - name: Build and push main Dockerfile - uses: docker/build-push-action@v6 + uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 with: builder: ${{ steps.buildx.outputs.name }} context: . @@ -90,7 +95,7 @@ jobs: - name: Generate tags ultra-lite id: meta2 - uses: docker/metadata-action@v5 + uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1 if: github.ref != 'refs/heads/main' with: images: | @@ -103,7 +108,7 @@ jobs: type=raw,value=latest-ultra-lite,enable=${{ github.ref == 'refs/heads/master' }} - name: Build and push Dockerfile-ultra-lite - uses: docker/build-push-action@v6 + uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 if: github.ref != 'refs/heads/main' with: context: . @@ -118,7 +123,7 @@ jobs: - name: Generate tags fat id: meta3 - uses: docker/metadata-action@v5 + uses: docker/metadata-action@369eb591f429131d6889c46b94e711f089e6ca96 # v5.6.1 if: github.ref != 'refs/heads/main' with: images: | @@ -131,7 +136,7 @@ jobs: type=raw,value=latest-fat,enable=${{ github.ref == 'refs/heads/master' }} - name: Build and push main Dockerfile fat - uses: docker/build-push-action@v6 + uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 if: github.ref != 'refs/heads/main' with: builder: ${{ steps.buildx.outputs.name }} diff --git a/.github/workflows/releaseArtifacts.yml b/.github/workflows/releaseArtifacts.yml index 59da4136..dd87aad1 100644 --- a/.github/workflows/releaseArtifacts.yml +++ b/.github/workflows/releaseArtifacts.yml @@ -19,15 +19,20 @@ jobs: - enable_security: false file_suffix: "" steps: - - uses: actions/checkout@v4 + - name: Harden Runner + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 + with: + egress-policy: audit + + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up JDK 17 - uses: actions/setup-java@v4 + uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0 with: java-version: "17" distribution: "temurin" - - uses: gradle/actions/setup-gradle@v4 + - uses: gradle/actions/setup-gradle@0bdd871935719febd78681f197cd39af5b6e16a6 # v4.2.2 with: gradle-version: 8.7 @@ -45,7 +50,7 @@ jobs: run: cp ./build/launch4j/Stirling-PDF.exe ./build/launch4j/Stirling-PDF-Server${{ matrix.file_suffix }}.exe - name: Upload Assets binarie - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: path: ./build/launch4j/Stirling-PDF-Server${{ matrix.file_suffix }}.exe name: Stirling-PDF-Server${{ matrix.file_suffix }}.exe @@ -54,7 +59,7 @@ jobs: if-no-files-found: error - name: Upload binaries to release - uses: softprops/action-gh-release@v2 + uses: softprops/action-gh-release@e7a8f85e1c67a31e6ed99a94b41bd0b71bbee6b8 # v2.0.9 with: files: ./build/launch4j/Stirling-PDF-Server${{ matrix.file_suffix }}.exe @@ -62,7 +67,7 @@ jobs: run: cp ./build/libs/Stirling-PDF-${{ steps.versionNumber.outputs.versionNumber }}.jar ./build/libs/Stirling-PDF${{ matrix.file_suffix }}.jar - name: Upload Assets jar binaries - uses: actions/upload-artifact@v4 + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 with: path: ./build/libs/Stirling-PDF${{ matrix.file_suffix }}.jar name: Stirling-PDF${{ matrix.file_suffix }}.jar @@ -71,6 +76,6 @@ jobs: if-no-files-found: error - name: Upload jar binaries to release - uses: softprops/action-gh-release@v2 + uses: softprops/action-gh-release@e7a8f85e1c67a31e6ed99a94b41bd0b71bbee6b8 # v2.0.9 with: files: ./build/libs/Stirling-PDF${{ matrix.file_suffix }}.jar diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml new file mode 100644 index 00000000..60c7b56e --- /dev/null +++ b/.github/workflows/scorecards.yml @@ -0,0 +1,81 @@ +# This workflow uses actions that are not certified by GitHub. They are provided +# by a third-party and are governed by separate terms of service, privacy +# policy, and support documentation. + +name: Scorecard supply-chain security +on: + # For Branch-Protection check. Only the default branch is supported. See + # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection + branch_protection_rule: + # To guarantee Maintained check is occasionally updated. See + # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained + schedule: + - cron: '20 7 * * 2' + push: + branches: ["main"] + +# Declare default permissions as read only. +permissions: read-all + +jobs: + analysis: + name: Scorecard analysis + runs-on: ubuntu-latest + permissions: + # Needed to upload the results to code-scanning dashboard. + security-events: write + # Needed to publish results and get a badge (see publish_results below). + id-token: write + contents: read + actions: read + # To allow GraphQL ListCommits to work + issues: read + pull-requests: read + # To detect SAST tools + checks: read + + steps: + - name: Harden Runner + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 + with: + egress-policy: audit + + - name: "Checkout code" + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + with: + persist-credentials: false + + - name: "Run analysis" + uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3 + with: + results_file: results.sarif + results_format: sarif + # (Optional) "write" PAT token. Uncomment the `repo_token` line below if: + # - you want to enable the Branch-Protection check on a *public* repository, or + # - you are installing Scorecards on a *private* repository + # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat. + # repo_token: ${{ secrets.SCORECARD_TOKEN }} + + # Public repositories: + # - Publish results to OpenSSF REST API for easy access by consumers + # - Allows the repository to include the Scorecard badge. + # - See https://github.com/ossf/scorecard-action#publishing-results. + # For private repositories: + # - `publish_results` will always be set to `false`, regardless + # of the value entered here. + publish_results: true + + # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF + # format to the repository Actions tab. + - name: "Upload artifact" + uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 + with: + name: SARIF file + path: results.sarif + retention-days: 5 + + # Upload the results to GitHub's code scanning dashboard. + - name: "Upload to code-scanning" + uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 + with: + sarif_file: results.sarif diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 485eefb3..f8631b55 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -5,6 +5,9 @@ on: - cron: "30 0 * * *" workflow_dispatch: +permissions: + contents: read + jobs: stale: runs-on: ubuntu-latest @@ -12,8 +15,13 @@ jobs: issues: write pull-requests: write steps: + - name: Harden Runner + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 + with: + egress-policy: audit + - name: 30 days stale issues - uses: actions/stale@v9 + uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e # v9.0.0 with: repo-token: ${{ secrets.GITHUB_TOKEN }} days-before-stale: 30 diff --git a/.github/workflows/swagger.yml b/.github/workflows/swagger.yml index 33aeed44..7d5cbab7 100644 --- a/.github/workflows/swagger.yml +++ b/.github/workflows/swagger.yml @@ -10,15 +10,20 @@ jobs: push: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - name: Harden Runner + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 + with: + egress-policy: audit + + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up JDK 17 - uses: actions/setup-java@v4 + uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0 with: java-version: "17" distribution: "temurin" - - uses: gradle/actions/setup-gradle@v4 + - uses: gradle/actions/setup-gradle@0bdd871935719febd78681f197cd39af5b6e16a6 # v4.2.2 - name: Generate Swagger documentation run: ./gradlew generateOpenApiDocs diff --git a/.github/workflows/sync_files.yml b/.github/workflows/sync_files.yml index d220f92d..b3f74275 100644 --- a/.github/workflows/sync_files.yml +++ b/.github/workflows/sync_files.yml @@ -17,9 +17,14 @@ jobs: sync-readme: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - name: Harden Runner + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 + with: + egress-policy: audit + + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Set up Python - uses: actions/setup-python@v5 + uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 with: python-version: "3.x" - name: Install dependencies @@ -36,7 +41,7 @@ jobs: git diff --staged --quiet || git commit -m ":memo: Sync README > Made via sync_files.yml" || echo "no changes" - name: Create Pull Request - uses: peter-evans/create-pull-request@v6 + uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6.1.0 with: token: ${{ secrets.GITHUB_TOKEN }} commit-message: Update files diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 45ce3639..96cb2fee 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -37,3 +37,28 @@ repos: language: python exclude: ^(src/main/resources/static/pdfjs|src/main/resources/static/pdfjs-legacy) files: ^.*(\.html|\.css|\.js)$ + - repo: https://github.com/gherynos/pre-commit-java + rev: v0.2.4 + hooks: + - id: Checkstyle + - repo: https://github.com/gitleaks/gitleaks + rev: v8.16.3 + hooks: + - id: gitleaks + - repo: https://github.com/jumanjihouse/pre-commit-hooks + rev: 3.0.0 + hooks: + - id: shellcheck + - repo: https://github.com/pre-commit/mirrors-eslint + rev: v8.38.0 + hooks: + - id: eslint + - repo: https://github.com/pre-commit/pre-commit-hooks + rev: v4.4.0 + hooks: + - id: end-of-file-fixer + - id: trailing-whitespace + - repo: https://github.com/pylint-dev/pylint + rev: v2.17.2 + hooks: + - id: pylint diff --git a/Dockerfile b/Dockerfile index 08ef7664..9577c9ca 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ # Main stage -FROM alpine:3.20.3 +FROM alpine:3.20.3@sha256:1e42bbe2508154c9126d48c2b8a75420c3544343bf86fd041fb7527e017a4b4a # Copy necessary files COPY scripts /scripts From 3870f73949500ecb9f907e8b3d8caa000ac9cbbb Mon Sep 17 00:00:00 2001 From: Anthony Stirling <77850077+Frooodle@users.noreply.github.com> Date: Sat, 21 Dec 2024 12:30:44 +0000 Subject: [PATCH 04/42] Update dependabot.yml --- .github/dependabot.yml | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index b6e3b58c..db721365 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -11,6 +11,7 @@ updates: interval: "weekly" open-pull-requests-limit: 10 rebase-strategy: "auto" + - package-ecosystem: "docker" directory: "/" # Location of Dockerfile schedule: @@ -19,9 +20,4 @@ updates: - package-ecosystem: github-actions directory: / schedule: - interval: daily - - - package-ecosystem: pip - directory: /cucumber - schedule: - interval: daily + interval: weekly From ca9abf76be81516fcc0c28310c60d0ffc6a5a3e9 Mon Sep 17 00:00:00 2001 From: Anthony Stirling <77850077+Frooodle@users.noreply.github.com> Date: Sat, 21 Dec 2024 12:35:38 +0000 Subject: [PATCH 05/42] Update .pre-commit-config.yaml --- .pre-commit-config.yaml | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 96cb2fee..7b33ccc6 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -37,10 +37,10 @@ repos: language: python exclude: ^(src/main/resources/static/pdfjs|src/main/resources/static/pdfjs-legacy) files: ^.*(\.html|\.css|\.js)$ - - repo: https://github.com/gherynos/pre-commit-java - rev: v0.2.4 - hooks: - - id: Checkstyle +# - repo: https://github.com/gherynos/pre-commit-java +# rev: v0.2.4 +# hooks: +# - id: Checkstyle - repo: https://github.com/gitleaks/gitleaks rev: v8.16.3 hooks: @@ -48,17 +48,17 @@ repos: - repo: https://github.com/jumanjihouse/pre-commit-hooks rev: 3.0.0 hooks: - - id: shellcheck - - repo: https://github.com/pre-commit/mirrors-eslint - rev: v8.38.0 - hooks: - - id: eslint +# - id: shellcheck +# - repo: https://github.com/pre-commit/mirrors-eslint +# rev: v8.38.0 +# hooks: +# - id: eslint - repo: https://github.com/pre-commit/pre-commit-hooks rev: v4.4.0 hooks: - id: end-of-file-fixer - id: trailing-whitespace - - repo: https://github.com/pylint-dev/pylint - rev: v2.17.2 - hooks: - - id: pylint +# - repo: https://github.com/pylint-dev/pylint +# rev: v2.17.2 +# hooks: +# - id: pylint From 1795d5764a9709287519cb8d9fa1abc0ff392669 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 21 Dec 2024 12:37:29 +0000 Subject: [PATCH 06/42] Bump gradle from 8.11-jdk17 to 8.12-jdk17 Bumps gradle from 8.11-jdk17 to 8.12-jdk17. --- updated-dependencies: - dependency-name: gradle dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- Dockerfile-fat | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile-fat b/Dockerfile-fat index d34c7daa..c9641590 100644 --- a/Dockerfile-fat +++ b/Dockerfile-fat @@ -1,5 +1,5 @@ # Build the application -FROM gradle:8.11-jdk17 AS build +FROM gradle:8.12-jdk17 AS build # Set the working directory WORKDIR /app From daae6bfd3e143065b9c0f99d3ca1c269a9afb2a0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 21 Dec 2024 12:37:52 +0000 Subject: [PATCH 07/42] Bump springBootVersion from 3.4.0 to 3.4.1 Bumps `springBootVersion` from 3.4.0 to 3.4.1. Updates `org.springframework.boot:spring-boot-starter-web` from 3.4.0 to 3.4.1 - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](https://github.com/spring-projects/spring-boot/compare/v3.4.0...v3.4.1) Updates `org.springframework.boot:spring-boot-starter-jetty` from 3.4.0 to 3.4.1 - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](https://github.com/spring-projects/spring-boot/compare/v3.4.0...v3.4.1) Updates `org.springframework.boot:spring-boot-starter-thymeleaf` from 3.4.0 to 3.4.1 - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](https://github.com/spring-projects/spring-boot/compare/v3.4.0...v3.4.1) Updates `org.springframework.boot:spring-boot-starter-security` from 3.4.0 to 3.4.1 - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](https://github.com/spring-projects/spring-boot/compare/v3.4.0...v3.4.1) Updates `org.springframework.boot:spring-boot-starter-data-jpa` from 3.4.0 to 3.4.1 - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](https://github.com/spring-projects/spring-boot/compare/v3.4.0...v3.4.1) Updates `org.springframework.boot:spring-boot-starter-oauth2-client` from 3.4.0 to 3.4.1 - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](https://github.com/spring-projects/spring-boot/compare/v3.4.0...v3.4.1) Updates `org.springframework.session:spring-session-core` from 3.4.0 to 3.4.1 - [Release notes](https://github.com/spring-projects/spring-session/releases) - [Changelog](https://github.com/spring-projects/spring-session/blob/main/RELEASE.adoc) - [Commits](https://github.com/spring-projects/spring-session/compare/3.4.0...3.4.1) Updates `org.springframework.boot:spring-boot-starter-test` from 3.4.0 to 3.4.1 - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](https://github.com/spring-projects/spring-boot/compare/v3.4.0...v3.4.1) Updates `org.springframework.boot:spring-boot-starter-actuator` from 3.4.0 to 3.4.1 - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](https://github.com/spring-projects/spring-boot/compare/v3.4.0...v3.4.1) Updates `org.springframework.boot:spring-boot-devtools` from 3.4.0 to 3.4.1 - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](https://github.com/spring-projects/spring-boot/compare/v3.4.0...v3.4.1) --- updated-dependencies: - dependency-name: org.springframework.boot:spring-boot-starter-web dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.springframework.boot:spring-boot-starter-jetty dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.springframework.boot:spring-boot-starter-thymeleaf dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.springframework.boot:spring-boot-starter-security dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.springframework.boot:spring-boot-starter-data-jpa dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.springframework.boot:spring-boot-starter-oauth2-client dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.springframework.session:spring-session-core dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.springframework.boot:spring-boot-starter-test dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.springframework.boot:spring-boot-starter-actuator dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: org.springframework.boot:spring-boot-devtools dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index adbe18fa..62e5f824 100644 --- a/build.gradle +++ b/build.gradle @@ -16,7 +16,7 @@ plugins { import com.github.jk1.license.render.* ext { - springBootVersion = "3.4.0" + springBootVersion = "3.4.1" pdfboxVersion = "3.0.3" logbackVersion = "1.5.7" imageioVersion = "3.12.0" From 1006aa110e6c525000b633c8546726715e82582b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 21 Dec 2024 12:38:00 +0000 Subject: [PATCH 08/42] Bump io.spring.dependency-management from 1.1.6 to 1.1.7 Bumps [io.spring.dependency-management](https://github.com/spring-gradle-plugins/dependency-management-plugin) from 1.1.6 to 1.1.7. - [Release notes](https://github.com/spring-gradle-plugins/dependency-management-plugin/releases) - [Commits](https://github.com/spring-gradle-plugins/dependency-management-plugin/compare/v1.1.6...v1.1.7) --- updated-dependencies: - dependency-name: io.spring.dependency-management dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index adbe18fa..0b0b7776 100644 --- a/build.gradle +++ b/build.gradle @@ -1,7 +1,7 @@ plugins { id "java" id "org.springframework.boot" version "3.4.0" - id "io.spring.dependency-management" version "1.1.6" + id "io.spring.dependency-management" version "1.1.7" id "org.springdoc.openapi-gradle-plugin" version "1.8.0" id "io.swagger.swaggerhub" version "1.3.2" id "edu.sc.seis.launch4j" version "3.0.6" From b8466c2b97f4234a3fd2846adaa0ba9803c745d6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 21 Dec 2024 12:38:15 +0000 Subject: [PATCH 09/42] Bump org.springframework.boot from 3.4.0 to 3.4.1 Bumps [org.springframework.boot](https://github.com/spring-projects/spring-boot) from 3.4.0 to 3.4.1. - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](https://github.com/spring-projects/spring-boot/compare/v3.4.0...v3.4.1) --- updated-dependencies: - dependency-name: org.springframework.boot dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- build.gradle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.gradle b/build.gradle index adbe18fa..841e3f3c 100644 --- a/build.gradle +++ b/build.gradle @@ -1,6 +1,6 @@ plugins { id "java" - id "org.springframework.boot" version "3.4.0" + id "org.springframework.boot" version "3.4.1" id "io.spring.dependency-management" version "1.1.6" id "org.springdoc.openapi-gradle-plugin" version "1.8.0" id "io.swagger.swaggerhub" version "1.3.2" From 801a2a792b996dc56e911735a73bfcd2060de03c Mon Sep 17 00:00:00 2001 From: Anthony Stirling <77850077+Frooodle@users.noreply.github.com> Date: Sat, 21 Dec 2024 12:40:33 +0000 Subject: [PATCH 10/42] Update codeql.yml --- .github/workflows/codeql.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 70c92b11..44ec015a 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -35,7 +35,7 @@ jobs: strategy: fail-fast: false matrix: - language: ["java", "javascript", "python"] + language: ["java"] # CodeQL supports [ $supported-codeql-languages ] # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support From adb715f2f26565be85288d348ac2fd1c1f214f97 Mon Sep 17 00:00:00 2001 From: Anthony Stirling <77850077+Frooodle@users.noreply.github.com> Date: Sat, 21 Dec 2024 12:45:41 +0000 Subject: [PATCH 11/42] Update codeql.yml --- .github/workflows/codeql.yml | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 44ec015a..83a77d03 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -11,14 +11,15 @@ # name: "CodeQL" -on: - push: - branches: ["main"] - pull_request: +#disable for now +#on: +# push: +# branches: ["main"] +# pull_request: # The branches below must be a subset of the branches above - branches: ["main"] - schedule: - - cron: "0 0 * * 1" +# branches: ["main"] +# schedule: +# - cron: "0 0 * * 1" permissions: contents: read From 7b78c5cbf10bae1624731f857eea9110a13adf8a Mon Sep 17 00:00:00 2001 From: Ludy87 Date: Sat, 21 Dec 2024 13:50:03 +0100 Subject: [PATCH 12/42] Update .pre-commit-config.yaml --- .pre-commit-config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 7b33ccc6..297f22c7 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -48,7 +48,7 @@ repos: - repo: https://github.com/jumanjihouse/pre-commit-hooks rev: 3.0.0 hooks: -# - id: shellcheck + - id: shellcheck # - repo: https://github.com/pre-commit/mirrors-eslint # rev: v8.38.0 # hooks: From 1bfa534dcdd62605317a494fa69d852dee1158cc Mon Sep 17 00:00:00 2001 From: Anthony Stirling <77850077+Frooodle@users.noreply.github.com> Date: Sat, 21 Dec 2024 12:52:14 +0000 Subject: [PATCH 13/42] Update gradle-wrapper.properties --- gradle/wrapper/gradle-wrapper.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties index e48eca57..d6e308a6 100644 --- a/gradle/wrapper/gradle-wrapper.properties +++ b/gradle/wrapper/gradle-wrapper.properties @@ -1,5 +1,5 @@ distributionBase=GRADLE_USER_HOME distributionPath=wrapper/dists -distributionUrl=https\://services.gradle.org/distributions/gradle-8.11-bin.zip +distributionUrl=https\://services.gradle.org/distributions/gradle-8.12-bin.zip zipStoreBase=GRADLE_USER_HOME zipStorePath=wrapper/dists From ff99c464346633559856d1d7cc8f00b8fc124323 Mon Sep 17 00:00:00 2001 From: Anthony Stirling <77850077+Frooodle@users.noreply.github.com> Date: Sat, 21 Dec 2024 13:01:19 +0000 Subject: [PATCH 14/42] Rename codeql.yml to codeql.yml-disabled --- .github/workflows/{codeql.yml => codeql.yml-disabled} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename .github/workflows/{codeql.yml => codeql.yml-disabled} (100%) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml-disabled similarity index 100% rename from .github/workflows/codeql.yml rename to .github/workflows/codeql.yml-disabled From c877f122c4827353c3859ec1e9ce036a5d3d4cf8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 21 Dec 2024 13:02:23 +0000 Subject: [PATCH 15/42] Bump crazy-max/ghaction-github-labeler from 5.0.0 to 5.1.0 Bumps [crazy-max/ghaction-github-labeler](https://github.com/crazy-max/ghaction-github-labeler) from 5.0.0 to 5.1.0. - [Release notes](https://github.com/crazy-max/ghaction-github-labeler/releases) - [Commits](https://github.com/crazy-max/ghaction-github-labeler/compare/de749cf181958193cb7debf1a9c5bb28922f3e1b...b54af0c25861143e7c8813d7cbbf46d2c341680c) --- updated-dependencies: - dependency-name: crazy-max/ghaction-github-labeler dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/manage-label.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/manage-label.yml b/.github/workflows/manage-label.yml index 5bad0231..87e1ed79 100644 --- a/.github/workflows/manage-label.yml +++ b/.github/workflows/manage-label.yml @@ -22,7 +22,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Run Labeler - uses: crazy-max/ghaction-github-labeler@de749cf181958193cb7debf1a9c5bb28922f3e1b # v5.0.0 + uses: crazy-max/ghaction-github-labeler@b54af0c25861143e7c8813d7cbbf46d2c341680c # v5.1.0 with: github-token: ${{ secrets.GITHUB_TOKEN }} yaml-file: .github/labels.yml From e7f257685732baa453486dd981deaaf0d4ea5fec Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 21 Dec 2024 13:02:26 +0000 Subject: [PATCH 16/42] Bump softprops/action-gh-release from 2.0.9 to 2.2.0 Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 2.0.9 to 2.2.0. - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](https://github.com/softprops/action-gh-release/compare/e7a8f85e1c67a31e6ed99a94b41bd0b71bbee6b8...7b4da11513bf3f43f9999e90eabced41ab8bb048) --- updated-dependencies: - dependency-name: softprops/action-gh-release dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/multiOSReleases.yml | 2 +- .github/workflows/releaseArtifacts.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/multiOSReleases.yml b/.github/workflows/multiOSReleases.yml index 2bd5a9f6..bc88fa14 100644 --- a/.github/workflows/multiOSReleases.yml +++ b/.github/workflows/multiOSReleases.yml @@ -96,6 +96,6 @@ jobs: if-no-files-found: error - name: Upload binaries to release - uses: softprops/action-gh-release@e7a8f85e1c67a31e6ed99a94b41bd0b71bbee6b8 # v2.0.9 + uses: softprops/action-gh-release@7b4da11513bf3f43f9999e90eabced41ab8bb048 # v2.2.0 with: files: ./Stirling-PDF-${{ matrix.platform }}-installer.${{ matrix.ext }} diff --git a/.github/workflows/releaseArtifacts.yml b/.github/workflows/releaseArtifacts.yml index dd87aad1..0358b277 100644 --- a/.github/workflows/releaseArtifacts.yml +++ b/.github/workflows/releaseArtifacts.yml @@ -59,7 +59,7 @@ jobs: if-no-files-found: error - name: Upload binaries to release - uses: softprops/action-gh-release@e7a8f85e1c67a31e6ed99a94b41bd0b71bbee6b8 # v2.0.9 + uses: softprops/action-gh-release@7b4da11513bf3f43f9999e90eabced41ab8bb048 # v2.2.0 with: files: ./build/launch4j/Stirling-PDF-Server${{ matrix.file_suffix }}.exe @@ -76,6 +76,6 @@ jobs: if-no-files-found: error - name: Upload jar binaries to release - uses: softprops/action-gh-release@e7a8f85e1c67a31e6ed99a94b41bd0b71bbee6b8 # v2.0.9 + uses: softprops/action-gh-release@7b4da11513bf3f43f9999e90eabced41ab8bb048 # v2.2.0 with: files: ./build/libs/Stirling-PDF${{ matrix.file_suffix }}.jar From 226cbe1a8e013c1cfe7fbc07e0704b270ae92772 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 21 Dec 2024 13:51:06 +0000 Subject: [PATCH 17/42] Bump ossf/scorecard-action from 2.3.3 to 2.4.0 Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.3.3 to 2.4.0. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/dc50aa9510b46c811795eb24b2f1ba02a914e534...62b2cac7ed8198b15735ed49ab1e5cf35480ba46) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/scorecards.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 60c7b56e..d64327a2 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -46,7 +46,7 @@ jobs: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3 + uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0 with: results_file: results.sarif results_format: sarif From de6bfa2af219dce8549d7d76f63c178cdb97db6b Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Sat, 21 Dec 2024 13:52:55 +0000 Subject: [PATCH 18/42] :memo: Sync README > Made via sync_files.yml --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 1a7fb747..37d06f3c 100644 --- a/README.md +++ b/README.md @@ -225,7 +225,7 @@ Stirling-PDF currently supports 38 languages! | Spanish (Español) (es_ES) | ![91%](https://geps.dev/progress/91) | | Swedish (Svenska) (sv_SE) | ![90%](https://geps.dev/progress/90) | | Thai (ไทย) (th_TH) | ![90%](https://geps.dev/progress/90) | -| Traditional Chinese (繁體中文) (zh_TW) | ![91%](https://geps.dev/progress/91) | +| Traditional Chinese (繁體中文) (zh_TW) | ![99%](https://geps.dev/progress/99) | | Turkish (Türkçe) (tr_TR) | ![86%](https://geps.dev/progress/86) | | Ukrainian (Українська) (uk_UA) | ![76%](https://geps.dev/progress/76) | | Vietnamese (Tiếng Việt) (vi_VN) | ![83%](https://geps.dev/progress/83) | From b6c66c47cde8c4b526efffdcf5b558a5dd004887 Mon Sep 17 00:00:00 2001 From: GitHub Action Date: Sat, 21 Dec 2024 13:53:33 +0000 Subject: [PATCH 19/42] Update 3rd Party Licenses Signed-off-by: GitHub Action --- .../resources/static/3rdPartyLicenses.json | 168 +++++++++--------- 1 file changed, 84 insertions(+), 84 deletions(-) diff --git a/src/main/resources/static/3rdPartyLicenses.json b/src/main/resources/static/3rdPartyLicenses.json index 8c21c652..4a66897a 100644 --- a/src/main/resources/static/3rdPartyLicenses.json +++ b/src/main/resources/static/3rdPartyLicenses.json @@ -45,77 +45,77 @@ { "moduleName": "com.fasterxml.jackson.core:jackson-annotations", "moduleUrl": "https://github.com/FasterXML/jackson", - "moduleVersion": "2.18.1", + "moduleVersion": "2.18.2", "moduleLicense": "The Apache Software License, Version 2.0", "moduleLicenseUrl": "https://www.apache.org/licenses/LICENSE-2.0.txt" }, { "moduleName": "com.fasterxml.jackson.core:jackson-core", "moduleUrl": "https://github.com/FasterXML/jackson-core", - "moduleVersion": "2.18.1", + "moduleVersion": "2.18.2", "moduleLicense": "The Apache Software License, Version 2.0", "moduleLicenseUrl": "https://www.apache.org/licenses/LICENSE-2.0.txt" }, { "moduleName": "com.fasterxml.jackson.core:jackson-databind", "moduleUrl": "https://github.com/FasterXML/jackson", - "moduleVersion": "2.18.1", + "moduleVersion": "2.18.2", "moduleLicense": "The Apache Software License, Version 2.0", "moduleLicenseUrl": "https://www.apache.org/licenses/LICENSE-2.0.txt" }, { "moduleName": "com.fasterxml.jackson.dataformat:jackson-dataformat-yaml", "moduleUrl": "https://github.com/FasterXML/jackson-dataformats-text", - "moduleVersion": "2.18.1", + "moduleVersion": "2.18.2", "moduleLicense": "The Apache Software License, Version 2.0", "moduleLicenseUrl": "https://www.apache.org/licenses/LICENSE-2.0.txt" }, { "moduleName": "com.fasterxml.jackson.datatype:jackson-datatype-jdk8", "moduleUrl": "https://github.com/FasterXML/jackson-modules-java8/jackson-datatype-jdk8", - "moduleVersion": "2.18.1", + "moduleVersion": "2.18.2", "moduleLicense": "The Apache Software License, Version 2.0", "moduleLicenseUrl": "http://www.apache.org/licenses/LICENSE-2.0.txt" }, { "moduleName": "com.fasterxml.jackson.datatype:jackson-datatype-jsr310", "moduleUrl": "https://github.com/FasterXML/jackson-modules-java8/jackson-datatype-jsr310", - "moduleVersion": "2.18.1", + "moduleVersion": "2.18.2", "moduleLicense": "The Apache Software License, Version 2.0", "moduleLicenseUrl": "http://www.apache.org/licenses/LICENSE-2.0.txt" }, { "moduleName": "com.fasterxml.jackson.jaxrs:jackson-jaxrs-base", "moduleUrl": "https://github.com/FasterXML/jackson-jaxrs-providers/jackson-jaxrs-base", - "moduleVersion": "2.18.1", + "moduleVersion": "2.18.2", "moduleLicense": "The Apache Software License, Version 2.0", "moduleLicenseUrl": "https://www.apache.org/licenses/LICENSE-2.0.txt" }, { "moduleName": "com.fasterxml.jackson.jaxrs:jackson-jaxrs-json-provider", "moduleUrl": "https://github.com/FasterXML/jackson-jaxrs-providers/jackson-jaxrs-json-provider", - "moduleVersion": "2.18.1", + "moduleVersion": "2.18.2", "moduleLicense": "The Apache Software License, Version 2.0", "moduleLicenseUrl": "https://www.apache.org/licenses/LICENSE-2.0.txt" }, { "moduleName": "com.fasterxml.jackson.module:jackson-module-jaxb-annotations", "moduleUrl": "https://github.com/FasterXML/jackson-modules-base", - "moduleVersion": "2.18.1", + "moduleVersion": "2.18.2", "moduleLicense": "The Apache Software License, Version 2.0", "moduleLicenseUrl": "https://www.apache.org/licenses/LICENSE-2.0.txt" }, { "moduleName": "com.fasterxml.jackson.module:jackson-module-parameter-names", "moduleUrl": "https://github.com/FasterXML/jackson-modules-java8/jackson-module-parameter-names", - "moduleVersion": "2.18.1", + "moduleVersion": "2.18.2", "moduleLicense": "The Apache Software License, Version 2.0", "moduleLicenseUrl": "http://www.apache.org/licenses/LICENSE-2.0.txt" }, { "moduleName": "com.fasterxml.jackson:jackson-bom", "moduleUrl": "https://github.com/FasterXML/jackson-bom", - "moduleVersion": "2.18.1", + "moduleVersion": "2.18.2", "moduleLicense": "The Apache Software License, Version 2.0", "moduleLicenseUrl": "http://www.apache.org/licenses/LICENSE-2.0.txt" }, @@ -441,7 +441,7 @@ { "moduleName": "io.micrometer:micrometer-commons", "moduleUrl": "https://github.com/micrometer-metrics/micrometer", - "moduleVersion": "1.14.1", + "moduleVersion": "1.14.2", "moduleLicense": "The Apache Software License, Version 2.0", "moduleLicenseUrl": "http://www.apache.org/licenses/LICENSE-2.0.txt" }, @@ -455,14 +455,14 @@ { "moduleName": "io.micrometer:micrometer-jakarta9", "moduleUrl": "https://github.com/micrometer-metrics/micrometer", - "moduleVersion": "1.14.1", + "moduleVersion": "1.14.2", "moduleLicense": "The Apache Software License, Version 2.0", "moduleLicenseUrl": "http://www.apache.org/licenses/LICENSE-2.0.txt" }, { "moduleName": "io.micrometer:micrometer-observation", "moduleUrl": "https://github.com/micrometer-metrics/micrometer", - "moduleVersion": "1.14.1", + "moduleVersion": "1.14.2", "moduleLicense": "The Apache Software License, Version 2.0", "moduleLicenseUrl": "http://www.apache.org/licenses/LICENSE-2.0.txt" }, @@ -628,7 +628,7 @@ }, { "moduleName": "net.bytebuddy:byte-buddy", - "moduleVersion": "1.15.10", + "moduleVersion": "1.15.11", "moduleLicense": "Apache License, Version 2.0", "moduleLicenseUrl": "https://www.apache.org/licenses/LICENSE-2.0.txt" }, @@ -710,13 +710,13 @@ }, { "moduleName": "org.apache.logging.log4j:log4j-api", - "moduleVersion": "2.24.1", + "moduleVersion": "2.24.3", "moduleLicense": "Apache-2.0", "moduleLicenseUrl": "https://www.apache.org/licenses/LICENSE-2.0.txt" }, { "moduleName": "org.apache.logging.log4j:log4j-to-slf4j", - "moduleVersion": "2.24.1", + "moduleVersion": "2.24.3", "moduleLicense": "Apache-2.0", "moduleLicenseUrl": "https://www.apache.org/licenses/LICENSE-2.0.txt" }, @@ -764,7 +764,7 @@ { "moduleName": "org.apache.tomcat.embed:tomcat-embed-el", "moduleUrl": "https://tomcat.apache.org/", - "moduleVersion": "10.1.33", + "moduleVersion": "10.1.34", "moduleLicense": "Apache License, Version 2.0", "moduleLicenseUrl": "http://www.apache.org/licenses/LICENSE-2.0.txt" }, @@ -880,182 +880,182 @@ { "moduleName": "org.eclipse.jetty.ee10.websocket:jetty-ee10-websocket-jakarta-client", "moduleUrl": "https://jetty.org/", - "moduleVersion": "12.0.15", + "moduleVersion": "12.0.16", "moduleLicense": "Eclipse Public License - Version 2.0", "moduleLicenseUrl": "https://www.eclipse.org/legal/epl-2.0/" }, { "moduleName": "org.eclipse.jetty.ee10.websocket:jetty-ee10-websocket-jakarta-common", "moduleUrl": "https://jetty.org/", - "moduleVersion": "12.0.15", + "moduleVersion": "12.0.16", "moduleLicense": "Eclipse Public License - Version 2.0", "moduleLicenseUrl": "https://www.eclipse.org/legal/epl-2.0/" }, { "moduleName": "org.eclipse.jetty.ee10.websocket:jetty-ee10-websocket-jakarta-server", "moduleUrl": "https://jetty.org/", - "moduleVersion": "12.0.15", + "moduleVersion": "12.0.16", "moduleLicense": "Eclipse Public License - Version 2.0", "moduleLicenseUrl": "https://www.eclipse.org/legal/epl-2.0/" }, { "moduleName": "org.eclipse.jetty.ee10.websocket:jetty-ee10-websocket-jetty-server", "moduleUrl": "https://jetty.org/", - "moduleVersion": "12.0.15", + "moduleVersion": "12.0.16", "moduleLicense": "Eclipse Public License - Version 2.0", "moduleLicenseUrl": "https://www.eclipse.org/legal/epl-2.0/" }, { "moduleName": "org.eclipse.jetty.ee10.websocket:jetty-ee10-websocket-servlet", "moduleUrl": "https://jetty.org/", - "moduleVersion": "12.0.15", + "moduleVersion": "12.0.16", "moduleLicense": "Eclipse Public License - Version 2.0", "moduleLicenseUrl": "https://www.eclipse.org/legal/epl-2.0/" }, { "moduleName": "org.eclipse.jetty.ee10:jetty-ee10-annotations", "moduleUrl": "https://jetty.org/", - "moduleVersion": "12.0.15", + "moduleVersion": "12.0.16", "moduleLicense": "Eclipse Public License - Version 2.0", "moduleLicenseUrl": "https://www.eclipse.org/legal/epl-2.0/" }, { "moduleName": "org.eclipse.jetty.ee10:jetty-ee10-plus", "moduleUrl": "https://jetty.org/", - "moduleVersion": "12.0.15", + "moduleVersion": "12.0.16", "moduleLicense": "Eclipse Public License - Version 2.0", "moduleLicenseUrl": "https://www.eclipse.org/legal/epl-2.0/" }, { "moduleName": "org.eclipse.jetty.ee10:jetty-ee10-servlet", "moduleUrl": "https://jetty.org/", - "moduleVersion": "12.0.15", + "moduleVersion": "12.0.16", "moduleLicense": "Eclipse Public License - Version 2.0", "moduleLicenseUrl": "https://www.eclipse.org/legal/epl-2.0/" }, { "moduleName": "org.eclipse.jetty.ee10:jetty-ee10-servlets", "moduleUrl": "https://jetty.org/", - "moduleVersion": "12.0.15", + "moduleVersion": "12.0.16", "moduleLicense": "Eclipse Public License - Version 2.0", "moduleLicenseUrl": "https://www.eclipse.org/legal/epl-2.0/" }, { "moduleName": "org.eclipse.jetty.ee10:jetty-ee10-webapp", "moduleUrl": "https://jetty.org/", - "moduleVersion": "12.0.15", + "moduleVersion": "12.0.16", "moduleLicense": "Eclipse Public License - Version 2.0", "moduleLicenseUrl": "https://www.eclipse.org/legal/epl-2.0/" }, { "moduleName": "org.eclipse.jetty.websocket:jetty-websocket-core-client", "moduleUrl": "https://jetty.org/", - "moduleVersion": "12.0.15", + "moduleVersion": "12.0.16", "moduleLicense": "Eclipse Public License - Version 2.0", "moduleLicenseUrl": "https://www.eclipse.org/legal/epl-2.0/" }, { "moduleName": "org.eclipse.jetty.websocket:jetty-websocket-core-common", "moduleUrl": "https://jetty.org/", - "moduleVersion": "12.0.15", + "moduleVersion": "12.0.16", "moduleLicense": "Eclipse Public License - Version 2.0", "moduleLicenseUrl": "https://www.eclipse.org/legal/epl-2.0/" }, { "moduleName": "org.eclipse.jetty.websocket:jetty-websocket-core-server", "moduleUrl": "https://jetty.org/", - "moduleVersion": "12.0.15", + "moduleVersion": "12.0.16", "moduleLicense": "Eclipse Public License - Version 2.0", "moduleLicenseUrl": "https://www.eclipse.org/legal/epl-2.0/" }, { "moduleName": "org.eclipse.jetty.websocket:jetty-websocket-jetty-api", "moduleUrl": "https://jetty.org/", - "moduleVersion": "12.0.15", + "moduleVersion": "12.0.16", "moduleLicense": "Eclipse Public License - Version 2.0", "moduleLicenseUrl": "https://www.eclipse.org/legal/epl-2.0/" }, { "moduleName": "org.eclipse.jetty.websocket:jetty-websocket-jetty-common", "moduleUrl": "https://jetty.org/", - "moduleVersion": "12.0.15", + "moduleVersion": "12.0.16", "moduleLicense": "Eclipse Public License - Version 2.0", "moduleLicenseUrl": "https://www.eclipse.org/legal/epl-2.0/" }, { "moduleName": "org.eclipse.jetty:jetty-alpn-client", "moduleUrl": "https://jetty.org/", - "moduleVersion": "12.0.15", + "moduleVersion": "12.0.16", "moduleLicense": "Eclipse Public License - Version 2.0", "moduleLicenseUrl": "https://www.eclipse.org/legal/epl-2.0/" }, { "moduleName": "org.eclipse.jetty:jetty-client", "moduleUrl": "https://jetty.org/", - "moduleVersion": "12.0.15", + "moduleVersion": "12.0.16", "moduleLicense": "Eclipse Public License - Version 2.0", "moduleLicenseUrl": "https://www.eclipse.org/legal/epl-2.0/" }, { "moduleName": "org.eclipse.jetty:jetty-ee", "moduleUrl": "https://jetty.org/", - "moduleVersion": "12.0.15", + "moduleVersion": "12.0.16", "moduleLicense": "Eclipse Public License - Version 2.0", "moduleLicenseUrl": "https://www.eclipse.org/legal/epl-2.0/" }, { "moduleName": "org.eclipse.jetty:jetty-http", "moduleUrl": "https://jetty.org/", - "moduleVersion": "12.0.15", + "moduleVersion": "12.0.16", "moduleLicense": "Eclipse Public License - Version 2.0", "moduleLicenseUrl": "https://www.eclipse.org/legal/epl-2.0/" }, { "moduleName": "org.eclipse.jetty:jetty-io", "moduleUrl": "https://jetty.org/", - "moduleVersion": "12.0.15", + "moduleVersion": "12.0.16", "moduleLicense": "Eclipse Public License - Version 2.0", "moduleLicenseUrl": "https://www.eclipse.org/legal/epl-2.0/" }, { "moduleName": "org.eclipse.jetty:jetty-plus", "moduleUrl": "https://jetty.org/", - "moduleVersion": "12.0.15", + "moduleVersion": "12.0.16", "moduleLicense": "Eclipse Public License - Version 2.0", "moduleLicenseUrl": "https://www.eclipse.org/legal/epl-2.0/" }, { "moduleName": "org.eclipse.jetty:jetty-security", "moduleUrl": "https://jetty.org/", - "moduleVersion": "12.0.15", + "moduleVersion": "12.0.16", "moduleLicense": "Eclipse Public License - Version 2.0", "moduleLicenseUrl": "https://www.eclipse.org/legal/epl-2.0/" }, { "moduleName": "org.eclipse.jetty:jetty-server", "moduleUrl": "https://jetty.org/", - "moduleVersion": "12.0.15", + "moduleVersion": "12.0.16", "moduleLicense": "Eclipse Public License - Version 2.0", "moduleLicenseUrl": "https://www.eclipse.org/legal/epl-2.0/" }, { "moduleName": "org.eclipse.jetty:jetty-session", "moduleUrl": "https://jetty.org/", - "moduleVersion": "12.0.15", + "moduleVersion": "12.0.16", "moduleLicense": "Eclipse Public License - Version 2.0", "moduleLicenseUrl": "https://www.eclipse.org/legal/epl-2.0/" }, { "moduleName": "org.eclipse.jetty:jetty-util", "moduleUrl": "https://jetty.org/", - "moduleVersion": "12.0.15", + "moduleVersion": "12.0.16", "moduleLicense": "Eclipse Public License - Version 2.0", "moduleLicenseUrl": "https://www.eclipse.org/legal/epl-2.0/" }, { "moduleName": "org.eclipse.jetty:jetty-xml", "moduleUrl": "https://jetty.org/", - "moduleVersion": "12.0.15", + "moduleVersion": "12.0.16", "moduleLicense": "Eclipse Public License - Version 2.0", "moduleLicenseUrl": "https://www.eclipse.org/legal/epl-2.0/" }, @@ -1097,7 +1097,7 @@ { "moduleName": "org.hibernate.orm:hibernate-core", "moduleUrl": "https://www.hibernate.org/orm/6.6", - "moduleVersion": "6.6.2.Final", + "moduleVersion": "6.6.4.Final", "moduleLicense": "GNU Library General Public License v2.1 or later", "moduleLicenseUrl": "https://www.opensource.org/licenses/LGPL-2.1" }, @@ -1273,168 +1273,168 @@ { "moduleName": "org.springframework.boot:spring-boot", "moduleUrl": "https://spring.io/projects/spring-boot", - "moduleVersion": "3.4.0", + "moduleVersion": "3.4.1", "moduleLicense": "Apache License, Version 2.0", "moduleLicenseUrl": "https://www.apache.org/licenses/LICENSE-2.0" }, { "moduleName": "org.springframework.boot:spring-boot-actuator", "moduleUrl": "https://spring.io/projects/spring-boot", - "moduleVersion": "3.4.0", + "moduleVersion": "3.4.1", "moduleLicense": "Apache License, Version 2.0", "moduleLicenseUrl": "https://www.apache.org/licenses/LICENSE-2.0" }, { "moduleName": "org.springframework.boot:spring-boot-actuator-autoconfigure", "moduleUrl": "https://spring.io/projects/spring-boot", - "moduleVersion": "3.4.0", + "moduleVersion": "3.4.1", "moduleLicense": "Apache License, Version 2.0", "moduleLicenseUrl": "https://www.apache.org/licenses/LICENSE-2.0" }, { "moduleName": "org.springframework.boot:spring-boot-autoconfigure", "moduleUrl": "https://spring.io/projects/spring-boot", - "moduleVersion": "3.4.0", + "moduleVersion": "3.4.1", "moduleLicense": "Apache License, Version 2.0", "moduleLicenseUrl": "https://www.apache.org/licenses/LICENSE-2.0" }, { "moduleName": "org.springframework.boot:spring-boot-devtools", "moduleUrl": "https://spring.io/projects/spring-boot", - "moduleVersion": "3.4.0", + "moduleVersion": "3.4.1", "moduleLicense": "Apache License, Version 2.0", "moduleLicenseUrl": "https://www.apache.org/licenses/LICENSE-2.0" }, { "moduleName": "org.springframework.boot:spring-boot-starter", "moduleUrl": "https://spring.io/projects/spring-boot", - "moduleVersion": "3.4.0", + "moduleVersion": "3.4.1", "moduleLicense": "Apache License, Version 2.0", "moduleLicenseUrl": "https://www.apache.org/licenses/LICENSE-2.0" }, { "moduleName": "org.springframework.boot:spring-boot-starter-actuator", "moduleUrl": "https://spring.io/projects/spring-boot", - "moduleVersion": "3.4.0", + "moduleVersion": "3.4.1", "moduleLicense": "Apache License, Version 2.0", "moduleLicenseUrl": "https://www.apache.org/licenses/LICENSE-2.0" }, { "moduleName": "org.springframework.boot:spring-boot-starter-data-jpa", "moduleUrl": "https://spring.io/projects/spring-boot", - "moduleVersion": "3.4.0", + "moduleVersion": "3.4.1", "moduleLicense": "Apache License, Version 2.0", "moduleLicenseUrl": "https://www.apache.org/licenses/LICENSE-2.0" }, { "moduleName": "org.springframework.boot:spring-boot-starter-jdbc", "moduleUrl": "https://spring.io/projects/spring-boot", - "moduleVersion": "3.4.0", + "moduleVersion": "3.4.1", "moduleLicense": "Apache License, Version 2.0", "moduleLicenseUrl": "https://www.apache.org/licenses/LICENSE-2.0" }, { "moduleName": "org.springframework.boot:spring-boot-starter-jetty", "moduleUrl": "https://spring.io/projects/spring-boot", - "moduleVersion": "3.4.0", + "moduleVersion": "3.4.1", "moduleLicense": "Apache License, Version 2.0", "moduleLicenseUrl": "https://www.apache.org/licenses/LICENSE-2.0" }, { "moduleName": "org.springframework.boot:spring-boot-starter-json", "moduleUrl": "https://spring.io/projects/spring-boot", - "moduleVersion": "3.4.0", + "moduleVersion": "3.4.1", "moduleLicense": "Apache License, Version 2.0", "moduleLicenseUrl": "https://www.apache.org/licenses/LICENSE-2.0" }, { "moduleName": "org.springframework.boot:spring-boot-starter-logging", "moduleUrl": "https://spring.io/projects/spring-boot", - "moduleVersion": "3.4.0", + "moduleVersion": "3.4.1", "moduleLicense": "Apache License, Version 2.0", "moduleLicenseUrl": "https://www.apache.org/licenses/LICENSE-2.0" }, { "moduleName": "org.springframework.boot:spring-boot-starter-oauth2-client", "moduleUrl": "https://spring.io/projects/spring-boot", - "moduleVersion": "3.4.0", + "moduleVersion": "3.4.1", "moduleLicense": "Apache License, Version 2.0", "moduleLicenseUrl": "https://www.apache.org/licenses/LICENSE-2.0" }, { "moduleName": "org.springframework.boot:spring-boot-starter-security", "moduleUrl": "https://spring.io/projects/spring-boot", - "moduleVersion": "3.4.0", + "moduleVersion": "3.4.1", "moduleLicense": "Apache License, Version 2.0", "moduleLicenseUrl": "https://www.apache.org/licenses/LICENSE-2.0" }, { "moduleName": "org.springframework.boot:spring-boot-starter-thymeleaf", "moduleUrl": "https://spring.io/projects/spring-boot", - "moduleVersion": "3.4.0", + "moduleVersion": "3.4.1", "moduleLicense": "Apache License, Version 2.0", "moduleLicenseUrl": "https://www.apache.org/licenses/LICENSE-2.0" }, { "moduleName": "org.springframework.boot:spring-boot-starter-web", "moduleUrl": "https://spring.io/projects/spring-boot", - "moduleVersion": "3.4.0", + "moduleVersion": "3.4.1", "moduleLicense": "Apache License, Version 2.0", "moduleLicenseUrl": "https://www.apache.org/licenses/LICENSE-2.0" }, { "moduleName": "org.springframework.data:spring-data-commons", "moduleUrl": "https://spring.io/projects/spring-data", - "moduleVersion": "3.4.0", + "moduleVersion": "3.4.1", "moduleLicense": "Apache License, Version 2.0", "moduleLicenseUrl": "https://www.apache.org/licenses/LICENSE-2.0" }, { "moduleName": "org.springframework.data:spring-data-jpa", "moduleUrl": "https://projects.spring.io/spring-data-jpa", - "moduleVersion": "3.4.0", + "moduleVersion": "3.4.1", "moduleLicense": "Apache License, Version 2.0", "moduleLicenseUrl": "https://www.apache.org/licenses/LICENSE-2.0" }, { "moduleName": "org.springframework.security:spring-security-config", "moduleUrl": "https://spring.io/projects/spring-security", - "moduleVersion": "6.4.1", + "moduleVersion": "6.4.2", "moduleLicense": "Apache License, Version 2.0", "moduleLicenseUrl": "https://www.apache.org/licenses/LICENSE-2.0" }, { "moduleName": "org.springframework.security:spring-security-core", "moduleUrl": "https://spring.io/projects/spring-security", - "moduleVersion": "6.4.1", + "moduleVersion": "6.4.2", "moduleLicense": "Apache License, Version 2.0", "moduleLicenseUrl": "https://www.apache.org/licenses/LICENSE-2.0" }, { "moduleName": "org.springframework.security:spring-security-crypto", "moduleUrl": "https://spring.io/projects/spring-security", - "moduleVersion": "6.4.1", + "moduleVersion": "6.4.2", "moduleLicense": "Apache License, Version 2.0", "moduleLicenseUrl": "https://www.apache.org/licenses/LICENSE-2.0" }, { "moduleName": "org.springframework.security:spring-security-oauth2-client", "moduleUrl": "https://spring.io/projects/spring-security", - "moduleVersion": "6.4.1", + "moduleVersion": "6.4.2", "moduleLicense": "Apache License, Version 2.0", "moduleLicenseUrl": "https://www.apache.org/licenses/LICENSE-2.0" }, { "moduleName": "org.springframework.security:spring-security-oauth2-core", "moduleUrl": "https://spring.io/projects/spring-security", - "moduleVersion": "6.4.1", + "moduleVersion": "6.4.2", "moduleLicense": "Apache License, Version 2.0", "moduleLicenseUrl": "https://www.apache.org/licenses/LICENSE-2.0" }, { "moduleName": "org.springframework.security:spring-security-oauth2-jose", "moduleUrl": "https://spring.io/projects/spring-security", - "moduleVersion": "6.4.1", + "moduleVersion": "6.4.2", "moduleLicense": "Apache License, Version 2.0", "moduleLicenseUrl": "https://www.apache.org/licenses/LICENSE-2.0" }, @@ -1448,91 +1448,91 @@ { "moduleName": "org.springframework.security:spring-security-web", "moduleUrl": "https://spring.io/projects/spring-security", - "moduleVersion": "6.4.1", + "moduleVersion": "6.4.2", "moduleLicense": "Apache License, Version 2.0", "moduleLicenseUrl": "https://www.apache.org/licenses/LICENSE-2.0" }, { "moduleName": "org.springframework.session:spring-session-core", "moduleUrl": "https://spring.io/projects/spring-session", - "moduleVersion": "3.4.0", + "moduleVersion": "3.4.1", "moduleLicense": "Apache License, Version 2.0", "moduleLicenseUrl": "https://www.apache.org/licenses/LICENSE-2.0" }, { "moduleName": "org.springframework:spring-aop", "moduleUrl": "https://github.com/spring-projects/spring-framework", - "moduleVersion": "6.2.0", + "moduleVersion": "6.2.1", "moduleLicense": "Apache License, Version 2.0", "moduleLicenseUrl": "https://www.apache.org/licenses/LICENSE-2.0" }, { "moduleName": "org.springframework:spring-aspects", "moduleUrl": "https://github.com/spring-projects/spring-framework", - "moduleVersion": "6.2.0", + "moduleVersion": "6.2.1", "moduleLicense": "Apache License, Version 2.0", "moduleLicenseUrl": "https://www.apache.org/licenses/LICENSE-2.0" }, { "moduleName": "org.springframework:spring-beans", "moduleUrl": "https://github.com/spring-projects/spring-framework", - "moduleVersion": "6.2.0", + "moduleVersion": "6.2.1", "moduleLicense": "Apache License, Version 2.0", "moduleLicenseUrl": "https://www.apache.org/licenses/LICENSE-2.0" }, { "moduleName": "org.springframework:spring-context", "moduleUrl": "https://github.com/spring-projects/spring-framework", - "moduleVersion": "6.2.0", + "moduleVersion": "6.2.1", "moduleLicense": "Apache License, Version 2.0", "moduleLicenseUrl": "https://www.apache.org/licenses/LICENSE-2.0" }, { "moduleName": "org.springframework:spring-core", "moduleUrl": "https://github.com/spring-projects/spring-framework", - "moduleVersion": "6.2.0", + "moduleVersion": "6.2.1", "moduleLicense": "Apache License, Version 2.0", "moduleLicenseUrl": "https://www.apache.org/licenses/LICENSE-2.0" }, { "moduleName": "org.springframework:spring-expression", "moduleUrl": "https://github.com/spring-projects/spring-framework", - "moduleVersion": "6.2.0", + "moduleVersion": "6.2.1", "moduleLicense": "Apache License, Version 2.0", "moduleLicenseUrl": "https://www.apache.org/licenses/LICENSE-2.0" }, { "moduleName": "org.springframework:spring-jcl", "moduleUrl": "https://github.com/spring-projects/spring-framework", - "moduleVersion": "6.2.0", + "moduleVersion": "6.2.1", "moduleLicense": "Apache License, Version 2.0", "moduleLicenseUrl": "https://www.apache.org/licenses/LICENSE-2.0" }, { "moduleName": "org.springframework:spring-jdbc", "moduleUrl": "https://github.com/spring-projects/spring-framework", - "moduleVersion": "6.2.0", + "moduleVersion": "6.2.1", "moduleLicense": "Apache License, Version 2.0", "moduleLicenseUrl": "https://www.apache.org/licenses/LICENSE-2.0" }, { "moduleName": "org.springframework:spring-orm", "moduleUrl": "https://github.com/spring-projects/spring-framework", - "moduleVersion": "6.2.0", + "moduleVersion": "6.2.1", "moduleLicense": "Apache License, Version 2.0", "moduleLicenseUrl": "https://www.apache.org/licenses/LICENSE-2.0" }, { "moduleName": "org.springframework:spring-tx", "moduleUrl": "https://github.com/spring-projects/spring-framework", - "moduleVersion": "6.2.0", + "moduleVersion": "6.2.1", "moduleLicense": "Apache License, Version 2.0", "moduleLicenseUrl": "https://www.apache.org/licenses/LICENSE-2.0" }, { "moduleName": "org.springframework:spring-web", "moduleUrl": "https://github.com/spring-projects/spring-framework", - "moduleVersion": "6.2.0", + "moduleVersion": "6.2.1", "moduleLicense": "Apache License, Version 2.0", "moduleLicenseUrl": "https://www.apache.org/licenses/LICENSE-2.0" }, @@ -1551,7 +1551,7 @@ }, { "moduleName": "org.thymeleaf:thymeleaf", - "moduleVersion": "3.1.2.RELEASE", + "moduleVersion": "3.1.3.RELEASE", "moduleLicense": "The Apache Software License, Version 2.0", "moduleLicenseUrl": "https://www.apache.org/licenses/LICENSE-2.0.txt" }, @@ -1563,7 +1563,7 @@ }, { "moduleName": "org.thymeleaf:thymeleaf-spring6", - "moduleVersion": "3.1.2.RELEASE", + "moduleVersion": "3.1.3.RELEASE", "moduleLicense": "The Apache Software License, Version 2.0", "moduleLicenseUrl": "https://www.apache.org/licenses/LICENSE-2.0.txt" }, From 1defa441d6088c73b7d184fc7a2a1a9aaaa493ff Mon Sep 17 00:00:00 2001 From: Anthony Stirling <77850077+Frooodle@users.noreply.github.com> Date: Sat, 21 Dec 2024 14:31:25 +0000 Subject: [PATCH 20/42] Update scorecards.yml --- .github/workflows/scorecards.yml | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index d64327a2..f305074d 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -15,7 +15,15 @@ on: branches: ["main"] # Declare default permissions as read only. -permissions: read-all +permissions: + # Needs to be read-all for general access + contents: read + security-events: write # For uploading security results + id-token: write # For publishing results + actions: read + issues: read + pull-requests: read + checks: read jobs: analysis: From c08329ec48636767d7c92d132f3f3ce61edcb3f5 Mon Sep 17 00:00:00 2001 From: Ludy87 Date: Sat, 21 Dec 2024 15:34:07 +0100 Subject: [PATCH 21/42] Update .pre-commit-config.yaml no. 2 --- .github/dependabot.yml | 2 +- .github/release.yml | 4 +- .github/workflows/PR-Demo-Comment.yml | 22 +++++------ .github/workflows/PR-Demo-cleanup.yml | 14 +++---- .github/workflows/auto-labeler.yml | 2 +- .github/workflows/manage-label.yml | 2 +- .github/workflows/multiOSReleases.yml | 6 +-- .github/workflows/releaseArtifacts.yml | 2 +- .pre-commit-config.yaml | 55 +++++++++++--------------- 9 files changed, 51 insertions(+), 58 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index db721365..356b0263 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -11,7 +11,7 @@ updates: interval: "weekly" open-pull-requests-limit: 10 rebase-strategy: "auto" - + - package-ecosystem: "docker" directory: "/" # Location of Dockerfile schedule: diff --git a/.github/release.yml b/.github/release.yml index 90841a8d..361e7d70 100644 --- a/.github/release.yml +++ b/.github/release.yml @@ -9,7 +9,7 @@ changelog: - title: Bug Fixes labels: - Bug - + - title: Enhancements labels: - enhancement @@ -26,7 +26,7 @@ changelog: - title: Translation Changes labels: - Translation - + - title: Other Changes labels: - "*" diff --git a/.github/workflows/PR-Demo-Comment.yml b/.github/workflows/PR-Demo-Comment.yml index 75ac9b66..0ad56889 100644 --- a/.github/workflows/PR-Demo-Comment.yml +++ b/.github/workflows/PR-Demo-Comment.yml @@ -8,14 +8,14 @@ jobs: check-comment: runs-on: ubuntu-latest if: | - github.event.issue.pull_request && + github.event.issue.pull_request && ( contains(github.event.comment.body, 'prdeploy') || contains(github.event.comment.body, 'deploypr') ) - && + && ( - github.event.comment.user.login == 'frooodle' || + github.event.comment.user.login == 'frooodle' || github.event.comment.user.login == 'sf298' || github.event.comment.user.login == 'Ludy87' || github.event.comment.user.login == 'LaserKaspar' || @@ -49,26 +49,26 @@ jobs: script: | const { owner, repo } = context.repo; const prNumber = context.payload.issue.number; - + const { data: pr } = await github.rest.pulls.get({ owner, repo, pull_number: prNumber, }); - + // For forks, use the full repository name, for internal PRs use the current repo const repository = pr.head.repo.fork ? pr.head.repo.full_name : `${owner}/${repo}`; - + console.log(`PR Repository: ${repository}`); console.log(`PR Branch: ${pr.head.ref}`); - + core.setOutput('repository', repository); core.setOutput('ref', pr.head.ref); deploy-pr: needs: check-comment runs-on: ubuntu-latest - + steps: - name: Harden Runner uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 @@ -81,7 +81,7 @@ jobs: repository: ${{ needs.check-comment.outputs.pr_repository }} ref: ${{ needs.check-comment.outputs.pr_ref }} token: ${{ secrets.GITHUB_TOKEN }} - + - name: Set up JDK uses: actions/setup-java@7a6d8a8234af8eb26422e24e3006232cccaa061b # v4.6.0 with: @@ -156,10 +156,10 @@ jobs: ssh -i ../private.key -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -T ${{ secrets.VPS_USERNAME }}@${{ secrets.VPS_HOST }} << 'ENDSSH' # Create PR-specific directories mkdir -p /stirling/PR-${{ needs.check-comment.outputs.pr_number }}/{data,config,logs} - + # Move docker-compose file to correct location mv /tmp/docker-compose.yml /stirling/PR-${{ needs.check-comment.outputs.pr_number }}/docker-compose.yml - + # Start or restart the container cd /stirling/PR-${{ needs.check-comment.outputs.pr_number }} docker-compose pull diff --git a/.github/workflows/PR-Demo-cleanup.yml b/.github/workflows/PR-Demo-cleanup.yml index f0c40504..593dbe88 100644 --- a/.github/workflows/PR-Demo-cleanup.yml +++ b/.github/workflows/PR-Demo-cleanup.yml @@ -16,7 +16,7 @@ jobs: cleanup: runs-on: ubuntu-latest if: github.event.action == 'closed' - + steps: - name: Harden Runner uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 @@ -35,20 +35,20 @@ jobs: CLEANUP_STATUS=$(ssh -i ../private.key -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -T ${{ secrets.VPS_USERNAME }}@${{ secrets.VPS_HOST }} << 'ENDSSH' if [ -d "/stirling/PR-${{ github.event.pull_request.number }}" ]; then echo "Found PR directory, proceeding with cleanup..." - + # Stop and remove containers cd /stirling/PR-${{ github.event.pull_request.number }} docker-compose down || true - + # Go back to root before removal cd / - + # Remove PR-specific directories rm -rf /stirling/PR-${{ github.event.pull_request.number }} - + # Remove the Docker image docker rmi --no-prune ${{ secrets.DOCKER_HUB_USERNAME }}/test:pr-${{ github.event.pull_request.number }} || true - + echo "PERFORMED_CLEANUP" else echo "PR directory not found, nothing to clean up" @@ -56,7 +56,7 @@ jobs: fi ENDSSH ) - + if [[ $CLEANUP_STATUS == *"PERFORMED_CLEANUP"* ]]; then echo "cleanup_performed=true" >> $GITHUB_OUTPUT else diff --git a/.github/workflows/auto-labeler.yml b/.github/workflows/auto-labeler.yml index b7c8470b..d082c58a 100644 --- a/.github/workflows/auto-labeler.yml +++ b/.github/workflows/auto-labeler.yml @@ -19,7 +19,7 @@ jobs: egress-policy: audit - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - + - name: Apply Labels uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5.0.0 with: diff --git a/.github/workflows/manage-label.yml b/.github/workflows/manage-label.yml index 87e1ed79..a58c3681 100644 --- a/.github/workflows/manage-label.yml +++ b/.github/workflows/manage-label.yml @@ -26,4 +26,4 @@ jobs: with: github-token: ${{ secrets.GITHUB_TOKEN }} yaml-file: .github/labels.yml - skip-delete: true \ No newline at end of file + skip-delete: true diff --git a/.github/workflows/multiOSReleases.yml b/.github/workflows/multiOSReleases.yml index bc88fa14..b3973d39 100644 --- a/.github/workflows/multiOSReleases.yml +++ b/.github/workflows/multiOSReleases.yml @@ -22,7 +22,7 @@ jobs: # platform: linux # ext: deb runs-on: ${{ matrix.os }} - + steps: - name: Harden Runner uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 @@ -47,7 +47,7 @@ jobs: run: | curl -L -o wix.exe https://github.com/wixtoolset/wix3/releases/download/wix3141rtm/wix314.exe .\wix.exe /install /quiet - + # Install Linux dependencies - name: Install Linux Dependencies if: matrix.os == 'ubuntu-latest' @@ -89,7 +89,7 @@ jobs: # Upload installer as artifact for testing - name: Upload Installer Artifact uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b # v4.5.0 - with: + with: name: Stirling-PDF-${{ matrix.platform }}-installer.${{ matrix.ext }} path: Stirling-PDF-${{ matrix.platform }}-installer.${{ matrix.ext }} retention-days: 1 diff --git a/.github/workflows/releaseArtifacts.yml b/.github/workflows/releaseArtifacts.yml index 0358b277..5bee97c5 100644 --- a/.github/workflows/releaseArtifacts.yml +++ b/.github/workflows/releaseArtifacts.yml @@ -57,7 +57,7 @@ jobs: overwrite: true retention-days: 1 if-no-files-found: error - + - name: Upload binaries to release uses: softprops/action-gh-release@7b4da11513bf3f43f9999e90eabced41ab8bb048 # v2.2.0 with: diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 297f22c7..b603099d 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/astral-sh/ruff-pre-commit - rev: v0.2.1 + rev: v0.8.4 hooks: - id: ruff args: @@ -12,7 +12,7 @@ repos: files: ^((.github/scripts|scripts)/.+)?[^/]+\.py$ exclude: (split_photos.py) - repo: https://github.com/codespell-project/codespell - rev: v2.2.6 + rev: v2.3.0 hooks: - id: codespell args: @@ -21,6 +21,25 @@ repos: - --quiet-level=2 files: \.(properties|html|css|js|py|md)$ exclude: (.vscode|.devcontainer|src/main/resources|Dockerfile) + - repo: https://github.com/gitleaks/gitleaks + rev: v8.22.0 + hooks: + - id: gitleaks + - repo: https://github.com/jumanjihouse/pre-commit-hooks + rev: 3.0.0 + hooks: + - id: shellcheck + files: ^.*(\.bash|\.sh|\.ksh|\.zsh)$ + - repo: https://github.com/pre-commit/pre-commit-hooks + rev: v5.0.0 + hooks: + - id: end-of-file-fixer + files: ^.*(\.js|\.java|\.py|\.yml)$ + exclude: ^(.*/pdfjs.*|.*/thirdParty.*|bootstrap.*|.*\.min\..*|.*diff\.js$) + - id: trailing-whitespace + files: ^.*(\.js|\.java|\.py|\.yml)$ + exclude: ^(.*/pdfjs.*|.*/thirdParty.*|bootstrap.*|.*\.min\..*|.*diff\.js$) + - repo: local hooks: - id: check-duplicate-properties-keys @@ -28,37 +47,11 @@ repos: entry: python .github/scripts/check_duplicates.py language: python files: ^(src)/.+\.properties$ - - repo: local - hooks: - id: check-html-tabs name: Check HTML for tabs + description: Ensures HTML/CSS/JS files do not contain tab characters # args: ["--replace_with= "] entry: python .github/scripts/check_tabulator.py language: python - exclude: ^(src/main/resources/static/pdfjs|src/main/resources/static/pdfjs-legacy) - files: ^.*(\.html|\.css|\.js)$ -# - repo: https://github.com/gherynos/pre-commit-java -# rev: v0.2.4 -# hooks: -# - id: Checkstyle - - repo: https://github.com/gitleaks/gitleaks - rev: v8.16.3 - hooks: - - id: gitleaks - - repo: https://github.com/jumanjihouse/pre-commit-hooks - rev: 3.0.0 - hooks: - - id: shellcheck -# - repo: https://github.com/pre-commit/mirrors-eslint -# rev: v8.38.0 -# hooks: -# - id: eslint - - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v4.4.0 - hooks: - - id: end-of-file-fixer - - id: trailing-whitespace -# - repo: https://github.com/pylint-dev/pylint -# rev: v2.17.2 -# hooks: -# - id: pylint + exclude: ^(.*/pdfjs.*|.*/thirdParty.*|bootstrap.*|.*\.min\..*|.*diff\.js$) + files: ^.*(\.html|\.css|\.js)$ \ No newline at end of file From 238db1aaff15cab5571ecf48879afb0fc8e85d3e Mon Sep 17 00:00:00 2001 From: Anthony Stirling <77850077+Frooodle@users.noreply.github.com> Date: Sat, 21 Dec 2024 14:34:29 +0000 Subject: [PATCH 22/42] Update scorecards.yml --- .github/workflows/scorecards.yml | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index f305074d..7c67832b 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -13,17 +13,7 @@ on: - cron: '20 7 * * 2' push: branches: ["main"] - -# Declare default permissions as read only. -permissions: - # Needs to be read-all for general access - contents: read - security-events: write # For uploading security results - id-token: write # For publishing results - actions: read - issues: read - pull-requests: read - checks: read +permissions: read-all jobs: analysis: From a909592533a601e7e84c4dd502c1419cd7799562 Mon Sep 17 00:00:00 2001 From: Anthony Stirling <77850077+Frooodle@users.noreply.github.com> Date: Sat, 21 Dec 2024 15:01:16 +0000 Subject: [PATCH 23/42] Update CODEOWNERS --- .github/CODEOWNERS | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 7c81b9b7..61d7c238 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1,2 +1,2 @@ # All PRs to V1 must be approved by Frooodle -* @Frooodle +* @Frooodle @reecebrowne @Ludy87 @DarioGii From d136f9bd3125fda5ac484b47ede3a31e91028314 Mon Sep 17 00:00:00 2001 From: Anthony Stirling <77850077+Frooodle@users.noreply.github.com> Date: Sat, 21 Dec 2024 15:55:47 +0000 Subject: [PATCH 24/42] Update README.md --- README.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/README.md b/README.md index 37d06f3c..5b879378 100644 --- a/README.md +++ b/README.md @@ -11,8 +11,6 @@ [Stirling-PDF](https://www.stirlingpdf.com) is a robust, locally hosted web-based PDF manipulation tool using Docker. It enables you to carry out various operations on PDF files, including splitting, merging, converting, reorganizing, adding images, rotating, compressing, and more. This locally hosted web application has evolved to encompass a comprehensive set of features, addressing all your PDF requirements. -Stirling-PDF does not initiate any outbound calls for record-keeping or tracking purposes. - All files and PDFs exist either exclusively on the client side, reside in server memory only during task execution, or temporarily reside in a file solely for the execution of the task. Any file downloaded by the user will have been deleted from the server by that point. ![stirling-home](images/stirling-home.jpg) From 67a08a7c05911189b3d7d13d6ccd7a76392aa52c Mon Sep 17 00:00:00 2001 From: Ludy87 Date: Sat, 21 Dec 2024 16:59:33 +0100 Subject: [PATCH 25/42] Update check_properties.yml --- .github/workflows/check_properties.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/check_properties.yml b/.github/workflows/check_properties.yml index 83a6e7de..2a7ba12b 100644 --- a/.github/workflows/check_properties.yml +++ b/.github/workflows/check_properties.yml @@ -31,7 +31,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: repository: ${{ github.event.pull_request.head.repo.full_name }} - ref: ${{ github.event.pull_request.head.ref }} + ref: refs/pull/${{ github.event.pull_request.number }}/merge path: pr-branch fetch-depth: 0 From 70cc03fc6374f4930f7ca24f4afdf1d485ec7292 Mon Sep 17 00:00:00 2001 From: Ludy87 Date: Sat, 21 Dec 2024 17:05:45 +0100 Subject: [PATCH 26/42] Removing duplicate permissions --- .github/workflows/auto-labeler.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/.github/workflows/auto-labeler.yml b/.github/workflows/auto-labeler.yml index b7c8470b..8856314a 100644 --- a/.github/workflows/auto-labeler.yml +++ b/.github/workflows/auto-labeler.yml @@ -5,12 +5,10 @@ on: permissions: contents: read + pull-requests: write jobs: labeler: - permissions: - contents: read - pull-requests: write runs-on: ubuntu-latest steps: - name: Harden Runner @@ -19,7 +17,7 @@ jobs: egress-policy: audit - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - + - name: Apply Labels uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5.0.0 with: From f09e70218de787726cc31fac6000a886643e82e6 Mon Sep 17 00:00:00 2001 From: Ludy87 Date: Sat, 21 Dec 2024 17:17:26 +0100 Subject: [PATCH 27/42] Update check_properties.yml --- .github/workflows/check_properties.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/check_properties.yml b/.github/workflows/check_properties.yml index 2a7ba12b..3988e850 100644 --- a/.github/workflows/check_properties.yml +++ b/.github/workflows/check_properties.yml @@ -31,7 +31,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: repository: ${{ github.event.pull_request.head.repo.full_name }} - ref: refs/pull/${{ github.event.pull_request.number }}/merge + ref: "${{ github.event.pull_request.merge_commit_sha }}" path: pr-branch fetch-depth: 0 From ae44c4c723249006f4d00aed8eeec302b19774a2 Mon Sep 17 00:00:00 2001 From: Ludy87 Date: Sat, 21 Dec 2024 17:50:42 +0100 Subject: [PATCH 28/42] Update check_properties.yml --- .github/workflows/check_properties.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/check_properties.yml b/.github/workflows/check_properties.yml index 3988e850..24f7f316 100644 --- a/.github/workflows/check_properties.yml +++ b/.github/workflows/check_properties.yml @@ -14,6 +14,8 @@ jobs: check-files: if: github.event_name == 'pull_request_target' runs-on: ubuntu-latest + permissions: + contents: read steps: - name: Harden Runner uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 From 12e8aceb4c03b67400a47b67b768267d93320ea1 Mon Sep 17 00:00:00 2001 From: Ludy87 Date: Sat, 21 Dec 2024 23:15:24 +0100 Subject: [PATCH 29/42] [Security] Dangerous-Workflow https://github.com/Ludy87/test_java/security/code-scanning/26 --- .github/workflows/check_properties.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/check_properties.yml b/.github/workflows/check_properties.yml index 24f7f316..dfc0e276 100644 --- a/.github/workflows/check_properties.yml +++ b/.github/workflows/check_properties.yml @@ -31,9 +31,11 @@ jobs: - name: Checkout PR branch uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + env: + PULL_REQUEST_REF: ${{ github.event.pull_request.head.ref }} with: repository: ${{ github.event.pull_request.head.repo.full_name }} - ref: "${{ github.event.pull_request.merge_commit_sha }}" + ref: $PULL_REQUEST_REF path: pr-branch fetch-depth: 0 From 0d2b5f605f5e587adb0bafb21b90b99cdb16ab62 Mon Sep 17 00:00:00 2001 From: Ludy87 Date: Sat, 21 Dec 2024 23:40:53 +0100 Subject: [PATCH 30/42] Permission Position moved to top level --- .github/workflows/build.yml | 8 +-- .github/workflows/check_properties.yml | 72 ++--------------------- .github/workflows/update-translations.yml | 70 ++++++++++++++++++++++ 3 files changed, 76 insertions(+), 74 deletions(-) create mode 100644 .github/workflows/update-translations.yml diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index cbf05eef..5ade8241 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -7,17 +7,13 @@ on: branches: ["main"] permissions: + actions: read contents: read + security-events: write jobs: build: runs-on: ubuntu-latest - - permissions: - actions: read - contents: read - security-events: write - strategy: fail-fast: false matrix: diff --git a/.github/workflows/check_properties.yml b/.github/workflows/check_properties.yml index dfc0e276..b365fe1b 100644 --- a/.github/workflows/check_properties.yml +++ b/.github/workflows/check_properties.yml @@ -1,21 +1,18 @@ -name: Check Properties Files +name: Check Properties Files on PR on: pull_request_target: types: [opened, synchronize, reopened] paths: - "src/main/resources/messages_*.properties" - push: - branches: ["main"] - paths: - - "src/main/resources/messages_en_GB.properties" + +permissions: + contents: read jobs: check-files: if: github.event_name == 'pull_request_target' runs-on: ubuntu-latest - permissions: - contents: read steps: - name: Harden Runner uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 @@ -164,64 +161,3 @@ jobs: run: | echo "Failing the job because errors were detected." exit 1 - - update-translations-main: - if: github.event_name == 'push' - permissions: - contents: write - pull-requests: write - runs-on: ubuntu-latest - steps: - - name: Harden Runner - uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 - with: - egress-policy: audit - - - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - - name: Set up Python - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 - with: - python-version: "3.x" - - - name: Run Python script to check files - id: run-check - run: | - echo "Running Python script to check files..." - python .github/scripts/check_language_properties.py \ - --reference-file src/main/resources/messages_en_GB.properties \ - --branch main - - - name: Set up git config - run: | - git config --global user.name "github-actions[bot]" - git config --global user.email "github-actions[bot]@users.noreply.github.com" - - - name: Add translation keys - run: | - git add src/main/resources/messages_*.properties - git diff --staged --quiet || echo "CHANGES_DETECTED=true" >> $GITHUB_ENV - - - name: Create Pull Request - id: cpr - if: env.CHANGES_DETECTED == 'true' - uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5 - with: - token: ${{ secrets.GITHUB_TOKEN }} - commit-message: "Update translation files" - committer: GitHub Action - author: GitHub Action - signoff: true - branch: update_translation_files - title: "Update translation files" - add-paths: | - src/main/resources/messages_*.properties - body: | - Auto-generated by [create-pull-request][1] - - [1]: https://github.com/peter-evans/create-pull-request - labels: Translation - draft: false - delete-branch: true - sign-commits: true diff --git a/.github/workflows/update-translations.yml b/.github/workflows/update-translations.yml new file mode 100644 index 00000000..f7107c6d --- /dev/null +++ b/.github/workflows/update-translations.yml @@ -0,0 +1,70 @@ +name: Update Translations + +on: + push: + branches: ["main"] + paths: + - "src/main/resources/messages_en_GB.properties" + +permissions: + contents: write + pull-requests: write + +jobs: + update-translations-main: + if: github.event_name == 'push' + runs-on: ubuntu-latest + steps: + - name: Harden Runner + uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 + with: + egress-policy: audit + + - name: Checkout repository + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + + - name: Set up Python + uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 + with: + python-version: "3.x" + + - name: Run Python script to check files + id: run-check + run: | + echo "Running Python script to check files..." + python .github/scripts/check_language_properties.py \ + --reference-file src/main/resources/messages_en_GB.properties \ + --branch main + + - name: Set up git config + run: | + git config --global user.name "github-actions[bot]" + git config --global user.email "github-actions[bot]@users.noreply.github.com" + + - name: Add translation keys + run: | + git add src/main/resources/messages_*.properties + git diff --staged --quiet || echo "CHANGES_DETECTED=true" >> $GITHUB_ENV + + - name: Create Pull Request + id: cpr + if: env.CHANGES_DETECTED == 'true' + uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5 + with: + token: ${{ secrets.GITHUB_TOKEN }} + commit-message: "Update translation files" + committer: GitHub Action + author: GitHub Action + signoff: true + branch: update_translation_files + title: "Update translation files" + add-paths: | + src/main/resources/messages_*.properties + body: | + Auto-generated by [create-pull-request][1] + + [1]: https://github.com/peter-evans/create-pull-request + labels: Translation + draft: false + delete-branch: true + sign-commits: true From 822ccbabdfd7d57c99a794f855415083374ec337 Mon Sep 17 00:00:00 2001 From: Ludy87 Date: Sat, 21 Dec 2024 23:47:53 +0100 Subject: [PATCH 31/42] Update build.yml --- .github/workflows/build.yml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 5ade8241..ddaf9108 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -6,14 +6,15 @@ on: pull_request: branches: ["main"] -permissions: - actions: read - contents: read - security-events: write +permissions: read-all jobs: build: runs-on: ubuntu-latest + + permissions: + security-events: write + strategy: fail-fast: false matrix: From e920eb0555a67404677549ef62ebcd06e3c111cb Mon Sep 17 00:00:00 2001 From: Ludy87 Date: Sat, 21 Dec 2024 23:48:02 +0100 Subject: [PATCH 32/42] Update check_properties.yml --- .github/workflows/check_properties.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/check_properties.yml b/.github/workflows/check_properties.yml index b365fe1b..0554c538 100644 --- a/.github/workflows/check_properties.yml +++ b/.github/workflows/check_properties.yml @@ -6,8 +6,7 @@ on: paths: - "src/main/resources/messages_*.properties" -permissions: - contents: read +permissions: read-all jobs: check-files: From 7ccb9db9f9f1f157a1e3e157ee530ab9047b9f5f Mon Sep 17 00:00:00 2001 From: Ludy87 Date: Sat, 21 Dec 2024 23:48:09 +0100 Subject: [PATCH 33/42] Update update-translations.yml --- .github/workflows/update-translations.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/workflows/update-translations.yml b/.github/workflows/update-translations.yml index f7107c6d..141d9a72 100644 --- a/.github/workflows/update-translations.yml +++ b/.github/workflows/update-translations.yml @@ -6,14 +6,15 @@ on: paths: - "src/main/resources/messages_en_GB.properties" -permissions: - contents: write - pull-requests: write +permissions: read-all jobs: update-translations-main: if: github.event_name == 'push' runs-on: ubuntu-latest + permissions: + contents: write + pull-requests: write steps: - name: Harden Runner uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 From f29d4db31e67da749a6a6859ab90d2edad2725f5 Mon Sep 17 00:00:00 2001 From: Ludy87 Date: Sun, 22 Dec 2024 00:33:41 +0100 Subject: [PATCH 34/42] [Security] Token permissions no. 2 --- .github/workflows/PR-Demo-cleanup.yml | 7 ++++--- .github/workflows/auto-labeler.yml | 6 +++--- .github/workflows/licenses-update.yml | 8 ++++---- .github/workflows/manage-label.yml | 6 +++--- .github/workflows/multiOSReleases.yml | 9 ++++++--- .github/workflows/push-docker.yml | 6 +++--- .github/workflows/releaseArtifacts.yml | 9 ++++++--- .github/workflows/stale.yml | 3 +-- .github/workflows/swagger.yml | 2 ++ .github/workflows/sync_files.yml | 7 ++++--- 10 files changed, 36 insertions(+), 27 deletions(-) diff --git a/.github/workflows/PR-Demo-cleanup.yml b/.github/workflows/PR-Demo-cleanup.yml index 593dbe88..6ed7bea8 100644 --- a/.github/workflows/PR-Demo-cleanup.yml +++ b/.github/workflows/PR-Demo-cleanup.yml @@ -4,9 +4,7 @@ on: pull_request: types: [opened, synchronize, reopened, closed] -permissions: - contents: write - pull-requests: write +permissions: read-all env: SERVER_IP: ${{ secrets.VPS_IP }} # Add this to your GitHub secrets @@ -15,6 +13,9 @@ env: jobs: cleanup: runs-on: ubuntu-latest + permissions: + contents: write + pull-requests: write if: github.event.action == 'closed' steps: diff --git a/.github/workflows/auto-labeler.yml b/.github/workflows/auto-labeler.yml index 8856314a..3495f7ae 100644 --- a/.github/workflows/auto-labeler.yml +++ b/.github/workflows/auto-labeler.yml @@ -3,13 +3,13 @@ on: pull_request_target: types: [opened, synchronize] -permissions: - contents: read - pull-requests: write +permissions: read-all jobs: labeler: runs-on: ubuntu-latest + permissions: + pull-requests: write steps: - name: Harden Runner uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 diff --git a/.github/workflows/licenses-update.yml b/.github/workflows/licenses-update.yml index fcbb2b23..8c1e1c29 100644 --- a/.github/workflows/licenses-update.yml +++ b/.github/workflows/licenses-update.yml @@ -7,14 +7,14 @@ on: paths: - "build.gradle" -permissions: - contents: write - pull-requests: write +permissions: read-all jobs: generate-license-report: runs-on: ubuntu-latest - + permissions: + contents: write + pull-requests: write steps: - name: Harden Runner uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 diff --git a/.github/workflows/manage-label.yml b/.github/workflows/manage-label.yml index a58c3681..05367ee8 100644 --- a/.github/workflows/manage-label.yml +++ b/.github/workflows/manage-label.yml @@ -4,14 +4,14 @@ on: schedule: - cron: "30 20 * * *" -permissions: - contents: read - issues: write +permissions: read-all jobs: labeler: name: Labeler runs-on: ubuntu-latest + permissions: + issues: write steps: - name: Harden Runner uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 diff --git a/.github/workflows/multiOSReleases.yml b/.github/workflows/multiOSReleases.yml index b3973d39..2792a909 100644 --- a/.github/workflows/multiOSReleases.yml +++ b/.github/workflows/multiOSReleases.yml @@ -4,9 +4,9 @@ on: workflow_dispatch: release: types: [created] -permissions: - contents: write - packages: write + +permissions: read-all + jobs: build-installers: strategy: @@ -22,6 +22,9 @@ jobs: # platform: linux # ext: deb runs-on: ${{ matrix.os }} + permissions: + contents: write + packages: write steps: - name: Harden Runner diff --git a/.github/workflows/push-docker.yml b/.github/workflows/push-docker.yml index 45907e74..a36aec1a 100644 --- a/.github/workflows/push-docker.yml +++ b/.github/workflows/push-docker.yml @@ -7,13 +7,13 @@ on: - master - main -permissions: - contents: read - packages: write +permissions: read-all jobs: push: runs-on: ubuntu-latest + permissions: + packages: write steps: - name: Harden Runner uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 diff --git a/.github/workflows/releaseArtifacts.yml b/.github/workflows/releaseArtifacts.yml index 5bee97c5..ceaa1d0f 100644 --- a/.github/workflows/releaseArtifacts.yml +++ b/.github/workflows/releaseArtifacts.yml @@ -4,12 +4,15 @@ on: workflow_dispatch: release: types: [created] -permissions: - contents: write - packages: write + +permissions: read-all + jobs: push: runs-on: ubuntu-latest + permissions: + contents: write + packages: write strategy: matrix: enable_security: [true, false] diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index f8631b55..3746016c 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -5,8 +5,7 @@ on: - cron: "30 0 * * *" workflow_dispatch: -permissions: - contents: read +permissions: read-all jobs: stale: diff --git a/.github/workflows/swagger.yml b/.github/workflows/swagger.yml index 7d5cbab7..50220868 100644 --- a/.github/workflows/swagger.yml +++ b/.github/workflows/swagger.yml @@ -6,6 +6,8 @@ on: branches: - master +permissions: read-all + jobs: push: runs-on: ubuntu-latest diff --git a/.github/workflows/sync_files.yml b/.github/workflows/sync_files.yml index b3f74275..fc4a2fce 100644 --- a/.github/workflows/sync_files.yml +++ b/.github/workflows/sync_files.yml @@ -9,13 +9,14 @@ on: - "src/main/resources/messages_*.properties" - "scripts/ignore_translation.toml" -permissions: - contents: write - pull-requests: write +permissions: read-all jobs: sync-readme: runs-on: ubuntu-latest + permissions: + contents: write + pull-requests: write steps: - name: Harden Runner uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2 From 15abef1b820581a1511192be3afef9bea61ab74e Mon Sep 17 00:00:00 2001 From: Anthony Stirling <77850077+Frooodle@users.noreply.github.com> Date: Sat, 21 Dec 2024 23:49:30 +0000 Subject: [PATCH 35/42] Update push-docker.yml --- .github/workflows/push-docker.yml | 55 +++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) diff --git a/.github/workflows/push-docker.yml b/.github/workflows/push-docker.yml index 45907e74..0d0d3ce1 100644 --- a/.github/workflows/push-docker.yml +++ b/.github/workflows/push-docker.yml @@ -10,6 +10,7 @@ on: permissions: contents: read packages: write + id-token: write jobs: push: @@ -37,6 +38,11 @@ jobs: env: DOCKER_ENABLE_SECURITY: false + - name: Install cosign + uses: sigstore/cosign-installer@v3.7.0 + with: + cosign-release: 'v2.4.1' + - name: Set up Docker Buildx id: buildx uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 @@ -80,6 +86,7 @@ jobs: type=raw,value=alpha,enable=${{ github.ref == 'refs/heads/main' }} - name: Build and push main Dockerfile + id: build-push-regular uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 with: builder: ${{ steps.buildx.outputs.name }} @@ -92,6 +99,28 @@ jobs: labels: ${{ steps.meta.outputs.labels }} build-args: VERSION_TAG=${{ steps.versionNumber.outputs.versionNumber }} platforms: linux/amd64,linux/arm64/v8 + provenance: true + sbom: true + + - name: Sign regular images + env: + DIGEST: ${{ steps.build-push-regular.outputs.digest }} + TAGS: ${{ steps.meta.outputs.tags }} + run: | + # Always sign images regardless of branch + echo "$TAGS" | tr ',' '\n' | while read -r tag; do + cosign sign --yes "${tag}@${DIGEST}" + done + + # For alpha builds specifically, we want to ensure they're marked as development builds + if [[ "${{ github.ref }}" == "refs/heads/main" ]]; then + echo "Signing alpha build with development attestation" + echo "$TAGS" | tr ',' '\n' | while read -r tag; do + if [[ $tag == *":alpha" ]]; then + cosign attest --predicate <(echo '{"type":"development"}') --yes "${tag}@${DIGEST}" + fi + done + fi - name: Generate tags ultra-lite id: meta2 @@ -108,6 +137,7 @@ jobs: type=raw,value=latest-ultra-lite,enable=${{ github.ref == 'refs/heads/master' }} - name: Build and push Dockerfile-ultra-lite + id: build-push-lite uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 if: github.ref != 'refs/heads/main' with: @@ -120,6 +150,18 @@ jobs: labels: ${{ steps.meta2.outputs.labels }} build-args: VERSION_TAG=${{ steps.versionNumber.outputs.versionNumber }} platforms: linux/amd64,linux/arm64/v8 + provenance: true + sbom: true + + - name: Sign ultra-lite images + if: github.ref != 'refs/heads/main' + env: + DIGEST: ${{ steps.build-push-lite.outputs.digest }} + TAGS: ${{ steps.meta2.outputs.tags }} + run: | + echo "$TAGS" | tr ',' '\n' | while read -r tag; do + cosign sign --yes "${tag}@${DIGEST}" + done - name: Generate tags fat id: meta3 @@ -136,6 +178,7 @@ jobs: type=raw,value=latest-fat,enable=${{ github.ref == 'refs/heads/master' }} - name: Build and push main Dockerfile fat + id: build-push-fat uses: docker/build-push-action@48aba3b46d1b1fec4febb7c5d0c644b249a11355 # v6.10.0 if: github.ref != 'refs/heads/main' with: @@ -149,3 +192,15 @@ jobs: labels: ${{ steps.meta3.outputs.labels }} build-args: VERSION_TAG=${{ steps.versionNumber.outputs.versionNumber }} platforms: linux/amd64,linux/arm64/v8 + provenance: true + sbom: true + + - name: Sign fat images + if: github.ref != 'refs/heads/main' + env: + DIGEST: ${{ steps.build-push-fat.outputs.digest }} + TAGS: ${{ steps.meta3.outputs.tags }} + run: | + echo "$TAGS" | tr ',' '\n' | while read -r tag; do + cosign sign --yes "${tag}@${DIGEST}" + done From 4e45bae8567db3acffb8fe108819801dc8bd7fb7 Mon Sep 17 00:00:00 2001 From: Anthony Stirling <77850077+Frooodle@users.noreply.github.com> Date: Sun, 22 Dec 2024 00:09:52 +0000 Subject: [PATCH 36/42] Update Dockerfile --- Dockerfile | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/Dockerfile b/Dockerfile index 9577c9ca..0a17bb26 100644 --- a/Dockerfile +++ b/Dockerfile @@ -10,6 +10,18 @@ COPY build/libs/*.jar app.jar ARG VERSION_TAG +LABEL org.opencontainers.image.title="Stirling-PDF" +LABEL org.opencontainers.image.description="A powerful locally hosted web-based PDF manipulation tool supporting 35+ operations including merging, splitting, conversion, OCR, watermarking, and more." +LABEL org.opencontainers.image.source="https://github.com/Stirling-Tools/Stirling-PDF" +LABEL org.opencontainers.image.licenses="MIT" +LABEL org.opencontainers.image.vendor="Stirling-Tools" +LABEL org.opencontainers.image.url="https://www.stirlingpdf.com" +LABEL org.opencontainers.image.documentation="https://docs.stirlingpdf.com" +LABEL maintainer="Stirling-Tools" +LABEL org.opencontainers.image.authors="Stirling-Tools" +LABEL org.opencontainers.image.version="${VERSION_TAG}" +LABEL org.opencontainers.image.keywords="PDF, manipulation, merge, split, convert, OCR, watermark" + # Set Environment Variables ENV DOCKER_ENABLE_SECURITY=false \ VERSION_TAG=$VERSION_TAG \ @@ -19,6 +31,7 @@ ENV DOCKER_ENABLE_SECURITY=false \ PGID=1000 \ UMASK=022 + # JDK for app RUN echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/main" | tee -a /etc/apk/repositories && \ echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/community" | tee -a /etc/apk/repositories && \ From 974b947fc3375b7ddb9f4c498dd3bb70448b0ff8 Mon Sep 17 00:00:00 2001 From: Anthony Stirling <77850077+Frooodle@users.noreply.github.com> Date: Sun, 22 Dec 2024 00:10:31 +0000 Subject: [PATCH 37/42] Update Dockerfile-fat --- Dockerfile-fat | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/Dockerfile-fat b/Dockerfile-fat index c9641590..92a3837d 100644 --- a/Dockerfile-fat +++ b/Dockerfile-fat @@ -22,6 +22,18 @@ COPY --from=build /app/build/libs/*.jar app.jar ARG VERSION_TAG +LABEL org.opencontainers.image.title="Stirling-PDF" +LABEL org.opencontainers.image.description="A powerful locally hosted web-based PDF manipulation tool supporting 50+ operations including merging, splitting, conversion, OCR, watermarking, and more." +LABEL org.opencontainers.image.source="https://github.com/Stirling-Tools/Stirling-PDF" +LABEL org.opencontainers.image.licenses="MIT" +LABEL org.opencontainers.image.vendor="Stirling-Tools" +LABEL org.opencontainers.image.url="https://www.stirlingpdf.com" +LABEL org.opencontainers.image.documentation="https://docs.stirlingpdf.com" +LABEL maintainer="Stirling-Tools" +LABEL org.opencontainers.image.authors="Stirling-Tools" +LABEL org.opencontainers.image.version="${VERSION_TAG}" +LABEL org.opencontainers.image.keywords="PDF, manipulation, merge, split, convert, OCR, watermark" + # Set Environment Variables ENV DOCKER_ENABLE_SECURITY=false \ VERSION_TAG=$VERSION_TAG \ From fb6cefa301f2bf1d754f8c77a81b6e1f7a9a6136 Mon Sep 17 00:00:00 2001 From: Anthony Stirling <77850077+Frooodle@users.noreply.github.com> Date: Sun, 22 Dec 2024 00:10:48 +0000 Subject: [PATCH 38/42] Update Dockerfile-ultra-lite --- Dockerfile-ultra-lite | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/Dockerfile-ultra-lite b/Dockerfile-ultra-lite index 09e4a5a3..1aac6002 100644 --- a/Dockerfile-ultra-lite +++ b/Dockerfile-ultra-lite @@ -3,6 +3,18 @@ FROM alpine:3.21.0 ARG VERSION_TAG +LABEL org.opencontainers.image.title="Stirling-PDF" +LABEL org.opencontainers.image.description="A powerful locally hosted web-based PDF manipulation tool supporting 50+ operations including merging, splitting, conversion, OCR, watermarking, and more." +LABEL org.opencontainers.image.source="https://github.com/Stirling-Tools/Stirling-PDF" +LABEL org.opencontainers.image.licenses="MIT" +LABEL org.opencontainers.image.vendor="Stirling-Tools" +LABEL org.opencontainers.image.url="https://www.stirlingpdf.com" +LABEL org.opencontainers.image.documentation="https://docs.stirlingpdf.com" +LABEL maintainer="Stirling-Tools" +LABEL org.opencontainers.image.authors="Stirling-Tools" +LABEL org.opencontainers.image.version="${VERSION_TAG}" +LABEL org.opencontainers.image.keywords="PDF, manipulation, merge, split, convert, OCR, watermark" + # Set Environment Variables ENV DOCKER_ENABLE_SECURITY=false \ HOME=/home/stirlingpdfuser \ From 9820a3276d215a016574674cad46ac6ba4abb4c9 Mon Sep 17 00:00:00 2001 From: Anthony Stirling <77850077+Frooodle@users.noreply.github.com> Date: Sun, 22 Dec 2024 00:11:06 +0000 Subject: [PATCH 39/42] Update Dockerfile --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 0a17bb26..b1e958b7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -11,7 +11,7 @@ COPY build/libs/*.jar app.jar ARG VERSION_TAG LABEL org.opencontainers.image.title="Stirling-PDF" -LABEL org.opencontainers.image.description="A powerful locally hosted web-based PDF manipulation tool supporting 35+ operations including merging, splitting, conversion, OCR, watermarking, and more." +LABEL org.opencontainers.image.description="A powerful locally hosted web-based PDF manipulation tool supporting 50+ operations including merging, splitting, conversion, OCR, watermarking, and more." LABEL org.opencontainers.image.source="https://github.com/Stirling-Tools/Stirling-PDF" LABEL org.opencontainers.image.licenses="MIT" LABEL org.opencontainers.image.vendor="Stirling-Tools" From 6697cccfa9987879c873a63fe349ba4b41bd1045 Mon Sep 17 00:00:00 2001 From: Ludy87 Date: Sun, 22 Dec 2024 01:41:45 +0100 Subject: [PATCH 40/42] Bump peter-evans/create-pull-request from 6.1.0 to 7.0.5 --- .github/workflows/licenses-update.yml | 5 +++-- .github/workflows/sync_files.yml | 3 ++- .github/workflows/update-translations.yml | 2 +- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/.github/workflows/licenses-update.yml b/.github/workflows/licenses-update.yml index 8c1e1c29..409735c0 100644 --- a/.github/workflows/licenses-update.yml +++ b/.github/workflows/licenses-update.yml @@ -52,7 +52,7 @@ jobs: - name: Create Pull Request id: cpr if: env.CHANGES_DETECTED == 'true' - uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6.1.0 + uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5 with: token: ${{ secrets.GITHUB_TOKEN }} commit-message: "Update 3rd Party Licenses" @@ -65,9 +65,10 @@ jobs: Auto-generated by [create-pull-request][1] [1]: https://github.com/peter-evans/create-pull-request - labels: licenses + labels: licenses,github-actions draft: false delete-branch: true + sign-commits: true - name: Auto approve if: steps.cpr.outputs.pull-request-operation == 'created' diff --git a/.github/workflows/sync_files.yml b/.github/workflows/sync_files.yml index fc4a2fce..fbbb56ab 100644 --- a/.github/workflows/sync_files.yml +++ b/.github/workflows/sync_files.yml @@ -42,7 +42,7 @@ jobs: git diff --staged --quiet || git commit -m ":memo: Sync README > Made via sync_files.yml" || echo "no changes" - name: Create Pull Request - uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6.1.0 + uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5 with: token: ${{ secrets.GITHUB_TOKEN }} commit-message: Update files @@ -58,3 +58,4 @@ jobs: draft: false delete-branch: true labels: Documentation,Translation,github-actions + sign-commits: true diff --git a/.github/workflows/update-translations.yml b/.github/workflows/update-translations.yml index 141d9a72..c6b408c3 100644 --- a/.github/workflows/update-translations.yml +++ b/.github/workflows/update-translations.yml @@ -65,7 +65,7 @@ jobs: Auto-generated by [create-pull-request][1] [1]: https://github.com/peter-evans/create-pull-request - labels: Translation draft: false delete-branch: true + labels: Translation,github-actions sign-commits: true From 80f53e972aa83201c632304dee70b6a11e77850f Mon Sep 17 00:00:00 2001 From: Peter Dave Hello Date: Sun, 22 Dec 2024 06:10:58 +0800 Subject: [PATCH 41/42] Improve Markdown documentation a bit --- CONTRIBUTING.md | 10 +++++----- DeveloperGuide.md | 38 ++++++++++++++++++++------------------ HowToUseOCR.md | 3 ++- LocalRunGuide.md | 12 ++++++------ README.md | 35 ++++++++++++++++------------------- SECURITY.md | 2 +- Version-groups.md | 32 ++++++++++++++++---------------- 7 files changed, 66 insertions(+), 66 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 47f6215c..463cb433 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -18,9 +18,9 @@ For a detailed pull request tutorial, see [this guide](https://www.digitalocean. Please make sure your Pull Request adheres to the following guidelines: - Use the PR template provided. -- Keep your Pull Request title succinct, detailed and to the point. +- Keep your Pull Request title succinct, detailed, and to the point. - Keep commits atomic. One commit should contain one change. If you want to make multiple changes, submit multiple Pull Requests. -- Commits should be clear, concise and easy to understand. +- Commits should be clear, concise, and easy to understand. - References to the Issue number in the Pull Request and/or Commit message. ## Translations @@ -29,15 +29,15 @@ If you would like to add or modify a translation, please see [How to add new lan ## Docs -Documentation for Stirling-PDF is handled in a separate repository. Please see [Docs repository](https://github.com/Stirling-Tools/Stirling-Tools.github.io) or use "edit this page"-button at the bottom of each page at [https://docs.stirlingpdf.com/](https://docs.stirlingpdf.com/). +Documentation for Stirling-PDF is handled in a separate repository. Please see [Docs repository](https://github.com/Stirling-Tools/Stirling-Tools.github.io) or use the "edit this page"-button at the bottom of each page at [https://docs.stirlingpdf.com/](https://docs.stirlingpdf.com/). ## Fixing Bugs or Adding a New Feature First, make sure you've read the section [Pull Requests](#pull-requests). -To build from source, please follow this [Guide](LocalRunGuide.md). +To build from the source, please follow this [Guide](LocalRunGuide.md). -If, at any point of time, you have a question, please feel free to ask in the same issue thread or in our [Discord](https://discord.gg/FJUSXUSYec). +If, at any point in time, you have a question, please feel free to ask in the same issue thread or in our [Discord](https://discord.gg/FJUSXUSYec). ## License diff --git a/DeveloperGuide.md b/DeveloperGuide.md index 66b1751e..d9668279 100644 --- a/DeveloperGuide.md +++ b/DeveloperGuide.md @@ -2,7 +2,7 @@ ## 1. Introduction -Stirling-PDF is a robust, locally hosted web-based PDF manipulation tool. This guide focuses on Docker-based development and testing, which is the recommended approach for working with the full version of Stirling-PDF. +Stirling-PDF is a robust, locally hosted, web-based PDF manipulation tool. This guide focuses on Docker-based development and testing, which is the recommended approach for working with the full version of Stirling-PDF. ## 2. Project Overview @@ -25,7 +25,7 @@ Stirling-PDF is built using: - Docker - Git - Java JDK 17 or later -- Gradle 7.0 or later (Included within repo) +- Gradle 7.0 or later (Included within the repo) ### Setup Steps @@ -38,14 +38,14 @@ Stirling-PDF is built using: 2. Install Docker and JDK17 if not already installed. -3. Install a recommended Java IDE such as Eclipse, IntelliJ or VSCode +3. Install a recommended Java IDE such as Eclipse, IntelliJ, or VSCode 4. Lombok Setup Stirling-PDF uses Lombok to reduce boilerplate code. Some IDEs, like Eclipse, don't support Lombok out of the box. To set up Lombok in your development environment: Visit the [Lombok website](https://projectlombok.org/setup/) for installation instructions specific to your IDE. 5. Add environment variable -For local testing you should generally be testing the full 'Security' version of Stirling-PDF to do this you must add the environment flag DOCKER_ENABLE_SECURITY=true to your system and/or IDE build/run step +For local testing, you should generally be testing the full 'Security' version of Stirling-PDF. To do this, you must add the environment flag DOCKER_ENABLE_SECURITY=true to your system and/or IDE build/run step. ## 4. Project Structure @@ -102,7 +102,7 @@ Stirling-PDF offers several Docker versions: ### Example Docker Compose Files -Stirling-PDF provides several example Docker Compose files in the `exampleYmlFiles` directory such as : +Stirling-PDF provides several example Docker Compose files in the `exampleYmlFiles` directory, such as: - `docker-compose-latest.yml`: Latest version without security features - `docker-compose-latest-security.yml`: Latest version with security features enabled @@ -205,9 +205,9 @@ To run the test script: This script performs the following actions: -1. Builds all Docker images (full, ultra-lite, fat) -2. Runs each version to ensure it starts correctly -3. Executes Cucumber tests against main version and ensures feature compatibility, in the event these tests fail your PR will not be merged +1. Builds all Docker images (full, ultra-lite, fat). +2. Runs each version to ensure it starts correctly. +3. Executes Cucumber tests against the main version and ensures feature compatibility. In the event these tests fail, your PR will not be merged. Note: The `test.sh` script will run automatically when you raise a PR. However, it's recommended to run it locally first to save resources and catch any issues early. @@ -229,7 +229,7 @@ For quick iterations and development of Java backend, JavaScript, and UI compone To run Stirling-PDF locally: -1. Compile and run the project using built in IDE methods or by running: +1. Compile and run the project using built-in IDE methods or by running: ```bash ./gradlew bootRun @@ -261,7 +261,7 @@ Important notes: 6. Push your changes to your fork. 7. Submit a pull request to the main repository. -8. See additional [contributing guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md) +8. See additional [contributing guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md). When you raise a PR: @@ -317,7 +317,7 @@ Remember to test your changes thoroughly to ensure they don't break any existing ### Overview of Thymeleaf -Thymeleaf is a server-side Java HTML template engine. It is used in Stirling-PDF to render dynamic web pages. Thymeleaf integrates heavily with Spring Boot +Thymeleaf is a server-side Java HTML template engine. It is used in Stirling-PDF to render dynamic web pages. Thymeleaf integrates heavily with Spring Boot. ### Thymeleaf overview @@ -327,22 +327,24 @@ Some examples of this are: ```html +``` or +```html ``` -Where it uses the th:block, th: indicating its a special thymeleaf element to be used serverside in generating the html, and block being the actual element type. -In this case we are inserting the ``navbar`` entry within the ``fragments/navbar.html`` fragment into the ``th:block`` element. +Where it uses the `th:block`, `th:` indicating it's a special Thymeleaf element to be used server-side in generating the HTML, and block being the actual element type. +In this case, we are inserting the `navbar` entry within the `fragments/navbar.html` fragment into the `th:block` element. -They can be more complex such as: +They can be more complex, such as: ```html ``` -Which is the same as above but passes the parameters title and header into the fragment common.html to be used in its HTML generation +Which is the same as above but passes the parameters title and header into the fragment `common.html` to be used in its HTML generation. -Thymeleaf can also be used to loop through objects or pass things from java side into html side. +Thymeleaf can also be used to loop through objects or pass things from the Java side into the HTML side. ```java @GetMapping @@ -352,7 +354,7 @@ Thymeleaf can also be used to loop through objects or pass things from java side } ``` -in above example if exampleData is a list of plain java objects of class Person and within it you had id, name, age etc. You can reference it like so +In the above example, if exampleData is a list of plain java objects of class Person and within it, you had id, name, age, etc. You can reference it like so ```html @@ -452,7 +454,7 @@ This would generate n entries of tr for each person in exampleData 1. **Create a New Thymeleaf Template:** - Create a new HTML file in the `src/main/resources/templates` directory. - Use Thymeleaf attributes to dynamically generate content. - - Use `extract-page.html` as a base example for the HTML template, useful to ensure importing of the general layout, navbar and footer. + - Use `extract-page.html` as a base example for the HTML template, which is useful to ensure importing of the general layout, navbar, and footer. ```html diff --git a/HowToUseOCR.md b/HowToUseOCR.md index 0a5cc94c..f529b72c 100644 --- a/HowToUseOCR.md +++ b/HowToUseOCR.md @@ -92,8 +92,9 @@ Verify installation: ``tesseract --list-langs`` You must then edit your ``/configs/settings.yml`` and change the system.tessdataDir to match the directory containing lang files + ``` system: tessdataDir: C:/Program Files/Tesseract-OCR/tessdata # path to the directory containing the Tessdata files. This setting is relevant for Windows systems. For Windows users, this path should be adjusted to point to the appropriate directory where the Tessdata files are stored. ``` - + \ No newline at end of file diff --git a/LocalRunGuide.md b/LocalRunGuide.md index 124cff9b..177299c6 100644 --- a/LocalRunGuide.md +++ b/LocalRunGuide.md @@ -13,7 +13,7 @@ You could theoretically use a Distrobox/Toolbox if your distribution has old or Install the following software, if not already installed: - Java 17 or later (21 recommended) -- Gradle 7.0 or later (included within repo so not needed on server) +- Gradle 7.0 or later (included within the repo, so not needed on the server) - Git - Python 3.8 (with pip) - Make @@ -32,7 +32,7 @@ sudo apt-get update sudo apt-get install -y git automake autoconf libtool libleptonica-dev pkg-config zlib1g-dev make g++ openjdk-21-jdk python3 python3-pip ``` -For Fedora-based systems use this command: +For Fedora-based systems, use this command: ```bash sudo dnf install -y git automake autoconf libtool leptonica-devel pkg-config zlib-devel make gcc-c++ java-21-openjdk python3 python3-pip @@ -68,7 +68,7 @@ nix-env -iA nixpkgs.jbig2enc ### Step 3: Install Additional Software -Next we need to install LibreOffice for conversions, qpdf for OCR, and OpenCV for pattern recognition functionality. +Next, we need to install LibreOffice for conversions, qpdf for OCR, and OpenCV for pattern recognition functionality. Install the following software: @@ -232,7 +232,7 @@ Terminal=true; EOF ``` -Note: Currently the app will run in the background until manually closed. +Note: Currently, the app will run in the background until it is manually closed. ### Optional: Changing the Host and Port of the Application @@ -251,7 +251,7 @@ server: ### Optional: Run Stirling-PDF as a Service (requires root) -First create a `.env` file, where you can store environment variables: +First, create a `.env` file, where you can store environment variables: ```bash touch /opt/Stirling-PDF/.env @@ -265,7 +265,7 @@ Create a new file where we store our service settings and open it with the nano nano /etc/systemd/system/stirlingpdf.service ``` -Paste this content, make sure to update the filename of the jar file. Press `Ctrl+S` and `Ctrl+X` to save and exit the nano editor: +Paste this content, and make sure to update the filename of the jar file. Press `Ctrl+S` and `Ctrl+X` to save and exit the nano editor: ```ini [Unit] diff --git a/README.md b/README.md index 5b879378..662fcb77 100644 --- a/README.md +++ b/README.md @@ -26,12 +26,11 @@ All files and PDFs exist either exclusively on the client side, reside in server - Optional Login and Authentication support (see [here](https://github.com/Stirling-Tools/Stirling-PDF/tree/main#login-authentication) for documentation) - Database Backup and Import (see [here](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/DATABASE.md) for documentation) - ## PDF Features ### Page Operations -- View and modify PDFs - View multi-page PDFs with custom viewing, sorting, and searching. Plus on-page edit features like annotate, draw, and adding text and images. (Using PDF.js with Joxit and Liberation fonts) +- View and modify PDFs - View multi-page PDFs with custom viewing, sorting, and searching. Plus, on-page edit features like annotating, drawing, and adding text and images. (Using PDF.js with Joxit and Liberation fonts) - Full interactive GUI for merging/splitting/rotating/moving PDFs and their pages - Merge multiple PDFs into a single resultant file - Split PDFs into multiple files at specified page numbers or extract all pages as individual files @@ -42,11 +41,11 @@ All files and PDFs exist either exclusively on the client side, reside in server - Scale page contents size by set percentage - Adjust contrast - Crop PDF -- Auto split PDF (with physically scanned page dividers) +- Auto-split PDF (with physically scanned page dividers) - Extract page(s) - Convert PDF to a single page - Overlay PDFs on top of each other -- PDF to single page +- PDF to a single page - Split PDF by sections ### Conversion Operations @@ -55,7 +54,7 @@ All files and PDFs exist either exclusively on the client side, reside in server - Convert any common file to PDF (using LibreOffice) - Convert PDF to Word/PowerPoint/others (using LibreOffice) - Convert HTML to PDF -- Convert PDF to xml +- Convert PDF to XML - Convert PDF to CSV - URL to PDF - Markdown to PDF @@ -83,9 +82,9 @@ All files and PDFs exist either exclusively on the client side, reside in server - Extract images from scans - Remove annotations - Add page numbers -- Auto rename file by detecting PDF header text -- OCR on PDF (using tesseract) -- PDF/A conversion (using libreoffice) +- Auto-rename files by detecting PDF header text +- OCR on PDF (using Tesseract OCR) +- PDF/A conversion (using LibreOffice) - Edit metadata - Flatten PDFs - Get all information on a PDF to view or export as JSON @@ -121,7 +120,7 @@ Please view the [LocalRunGuide](https://github.com/Stirling-Tools/Stirling-PDF/b > [!NOTE] > -Stirling-PDF has three different versions: a full version, an ultra-lite version, and a 'fat' version. Depending on the types of features you use, you may want a smaller image to save on space. To see what the different versions offer, please look at our [version mapping](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/Version-groups.md). For people that don't mind space optimization, just use the latest tag. +Stirling-PDF has three different versions: a full version, an ultra-lite version, and a 'fat' version. Depending on the types of features you use, you may want a smaller image to save on space. To see what the different versions offer, please look at our [version mapping](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/Version-groups.md). For people who don't mind space optimization, just use the latest tag. ![Docker Image Size (tag)](https://img.shields.io/docker/image-size/stirlingtools/stirling-pdf/latest?label=Stirling-PDF%20Full) ![Docker Image Size (tag)](https://img.shields.io/docker/image-size/stirlingtools/stirling-pdf/latest-ultra-lite?label=Stirling-PDF%20Ultra-Lite) @@ -178,7 +177,7 @@ Please view the [HowToUseOCR.md](https://github.com/Stirling-Tools/Stirling-PDF/ ## Reuse Stored Files -Certain functionality like `Sign` supports pre-saved files stored at `/customFiles/signatures/`. Image files placed within here will be accessible to be used via the web UI. Currently, this supports two folder types: +Certain functionality like `Sign` supports pre-saved files stored at `/customFiles/signatures/`. Image files placed here will be accessible via the web UI. Currently, this supports two folder types: - `/customFiles/signatures/ALL_USERS`: Accessible to all users, useful for organizations where many users use the same files or for users not using authentication - `/customFiles/signatures/{username}`: Such as `/customFiles/signatures/froodle`, accessible only to the `froodle` username, private for all others @@ -234,11 +233,11 @@ Please see our [Contributing Guide](CONTRIBUTING.md). ## Stirling PDF Enterprise -Stirling PDF offers a Enterprise edition of its software, This is the same great software but with added features and comforts +Stirling PDF offers an Enterprise edition of its software. This is the same great software but with added features and comforts. -### Whats included +### What's included -- Prioritised Support tickets via support@stirlingpdf.com to reach directly to Stirling-PDF team for support and 1:1 meetings where applicable (Provided they come from same email domain registered with us) +- Prioritized Support tickets via support@stirlingpdf.com to reach directly to Stirling-PDF team for support and 1:1 meetings where applicable (Provided they come from the same email domain registered with us) - Prioritised Enhancements to Stirling-PDF where applicable - Base SSO support - Advanced SSO such as automated login handling (Coming very soon) @@ -247,7 +246,7 @@ Stirling PDF offers a Enterprise edition of its software, This is the same great - Advanced user configurations (Coming soon) - Plus other exciting features to come -Check out of [docs](https://docs.stirlingpdf.com/Enterprise%20Edition) on it or our official [website](https://www.stirlingpdf.com) +Check out our [docs](https://docs.stirlingpdf.com/Enterprise%20Edition) on it or our official [website](https://www.stirlingpdf.com) ## Customization @@ -365,8 +364,6 @@ AutomaticallyGenerated: There is an additional config file `/configs/custom_settings.yml` where users familiar with Java and Spring `application.properties` can input their own settings on top of Stirling-PDF's existing ones. - - ### Extra Notes - **Endpoints**: Currently, the `ENDPOINTS_TO_REMOVE` and `GROUPS_TO_REMOVE` endpoints can include comma-separated lists of endpoints and groups to disable. For example, `ENDPOINTS_TO_REMOVE=img-to-pdf,remove-pages` would disable both image-to-pdf and remove pages, while `GROUPS_TO_REMOVE=LibreOffice` would disable all things that use LibreOffice. You can see a list of all endpoints and groups [here](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/Endpoint-groups.md). @@ -401,7 +398,7 @@ When you log in to Stirling-PDF, you will be redirected to the `/login` page to To access your account settings, go to Account Settings in the settings cog menu (top right in the navbar). This Account Settings menu is also where you find your API key. -To add new users, go to the bottom of Account Settings and hit 'Admin Settings'. Here you can add new users. The different roles mentioned within this are for rate limiting. This is a work in progress and will be expanded on more in the future. +To add new users, go to the bottom of Account Settings and hit 'Admin Settings'. Here, you can add new users. The different roles mentioned within this are for rate limiting. This is a work in progress and will be expanded on more in the future. For API usage, you must provide a header with `X-API-KEY` and the associated API key for that user. @@ -417,9 +414,9 @@ For API usage, you must provide a header with `X-API-KEY` and the associated API - Multi-page layout (stitch PDF pages together) support x rows y columns and custom page sizing - Fill forms manually or automatically -### Q2: Why is my application downloading .htm files? Why am i getting HTTP error 413? +### Q2: Why is my application downloading .htm files? Why am I getting HTTP error 413? -This is an issue commonly caused by your NGINX configuration. The default file upload size for NGINX is 1MB. You need to add the following in your Nginx sites-available file: `client_max_body_size SIZE;` (where "SIZE" is 50M for example for 50MB files). +This is an issue commonly caused by your NGINX configuration. The default file upload size for NGINX is 1MB. You need to add the following in your Nginx sites-available file: `client_max_body_size SIZE;` (where "SIZE" is 50M, for example, for 50MB files). ### Q3: Why is my download timing out? diff --git a/SECURITY.md b/SECURITY.md index e67cdce4..5f532aa7 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -8,7 +8,7 @@ The Stirling-PDF team takes security vulnerabilities seriously. We appreciate yo You can report security vulnerabilities through two channels: -1. **GitHub Security Advisory**: +1. **GitHub Security Advisory**: - Navigate to the [Security tab](https://github.com/Stirling-Tools/Stirling-PDF/security) in our repository - Click on "Report a vulnerability" - Provide a detailed description of the vulnerability diff --git a/Version-groups.md b/Version-groups.md index e7f5536c..c8f3aff8 100644 --- a/Version-groups.md +++ b/Version-groups.md @@ -1,14 +1,14 @@ -|All versions in a Docker environment can download Calibre as a optional extra at runtime to support `book-to-pdf` and `pdf-to-book` using parameter ``INSTALL_BOOK_AND_ADVANCED_HTML_OPS``. +All versions in a Docker environment can download Calibre as a optional extra at runtime to support `book-to-pdf` and `pdf-to-book` using parameter ``INSTALL_BOOK_AND_ADVANCED_HTML_OPS``. The 'Fat' container contains all those found in 'Full' with security jar along with this Calibre install. | Technology | Ultra-Lite | Full | | ---------- | :--------: | :---: | -| Java | ✔️ | ✔️ | -| JavaScript | ✔️ | ✔️ | +| Java | ✔️ | ✔️ | +| JavaScript | ✔️ | ✔️ | | Libre | | ✔️ | | Python | | ✔️ | | OpenCV | | ✔️ | -| qpdf | | ✔️ | +| qpdf | | ✔️ | | Operation | Ultra-Lite | Full | | ---------------------- | ---------- | ---- | @@ -54,15 +54,15 @@ The 'Fat' container contains all those found in 'Full' with security jar along w | ocr-pdf | | ✔️ | | pdf-to-pdfa | | ✔️ | | remove-blanks | | ✔️ | -pdf-to-text | ✔️ | ✔️ -pdf-to-html | | ✔️ -pdf-to-word | | ✔️ -pdf-to-presentation | | ✔️ -pdf-to-xml | | ✔️ -remove-annotations | ✔️ | ✔️ -remove-cert-sign | ✔️ | ✔️ -remove-image-pdf | ✔️ | ✔️ -file-to-pdf | | ✔️ -html-to-pdf | | ✔️ -url-to-pdf | | ✔️ -repair | | ✔️ +| pdf-to-text | ✔️ | ✔️ | +| pdf-to-html | | ✔️ | +| pdf-to-word | | ✔️ | +| pdf-to-presentation | | ✔️ | +| pdf-to-xml | | ✔️ | +| remove-annotations | ✔️ | ✔️ | +| remove-cert-sign | ✔️ | ✔️ | +| remove-image-pdf | ✔️ | ✔️ | +| file-to-pdf | | ✔️ | +| html-to-pdf | | ✔️ | +| url-to-pdf | | ✔️ | +| repair | | ✔️ | From b0881cdb4ca41bb73edfdc2841dede0eac5642be Mon Sep 17 00:00:00 2001 From: Peter Dave Hello Date: Sun, 22 Dec 2024 18:10:49 +0800 Subject: [PATCH 42/42] Standardize Alpine base image format and version across all Dockerfiles - Update all Dockerfiles to use `alpine:3.21.0` with SHA256 checksum - Ensure consistent image versioning, enhanced security, and reproducibility by explicitly specifying the digest. cc #2436 #2516 --- Dockerfile | 2 +- Dockerfile-fat | 2 +- Dockerfile-ultra-lite | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index 9577c9ca..004ea9e8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ # Main stage -FROM alpine:3.20.3@sha256:1e42bbe2508154c9126d48c2b8a75420c3544343bf86fd041fb7527e017a4b4a +FROM alpine:3.21.0@sha256:21dc6063fd678b478f57c0e13f47560d0ea4eeba26dfc947b2a4f81f686b9f45 # Copy necessary files COPY scripts /scripts diff --git a/Dockerfile-fat b/Dockerfile-fat index c9641590..83996bef 100644 --- a/Dockerfile-fat +++ b/Dockerfile-fat @@ -12,7 +12,7 @@ RUN DOCKER_ENABLE_SECURITY=true \ ./gradlew clean build # Main stage -FROM alpine:3.20.3 +FROM alpine:3.21.0@sha256:21dc6063fd678b478f57c0e13f47560d0ea4eeba26dfc947b2a4f81f686b9f45 # Copy necessary files COPY scripts /scripts diff --git a/Dockerfile-ultra-lite b/Dockerfile-ultra-lite index 09e4a5a3..4953f338 100644 --- a/Dockerfile-ultra-lite +++ b/Dockerfile-ultra-lite @@ -1,5 +1,5 @@ # use alpine -FROM alpine:3.21.0 +FROM alpine:3.21.0@sha256:21dc6063fd678b478f57c0e13f47560d0ea4eeba26dfc947b2a4f81f686b9f45 ARG VERSION_TAG