non root user and fix book/html calibre (#856)

* non root user and fix book/html calibre * version bump * Update docker-compose-latest.yml * remove customApp --------- Co-authored-by: systo <systo@host.docker.internal>
2024-03-04 20:51:49 +00:00
parent 20f532c872
commit ece1d071c0
42 changed files with 664 additions and 181 deletions
--- a/62
+++ b/62
@@ -1,6 +1,23 @@
 # Main stage
 FROM alpine:3.19.1

+# Copy necessary files
+COPY scripts /scripts
+COPY pipeline /pipeline
+COPY src/main/resources/static/fonts/*.ttf /usr/share/fonts/opentype/noto
+COPY src/main/resources/static/fonts/*.otf /usr/share/fonts/opentype/noto
+COPY build/libs/*.jar app.jar
+
+ARG VERSION_TAG
+
+
+# Set Environment Variables
+ENV DOCKER_ENABLE_SECURITY=false \
+    VERSION_TAG=$VERSION_TAG \
+    JAVA_TOOL_OPTIONS="$JAVA_TOOL_OPTIONS -XX:MaxRAMPercentage=75" \
+	HOME=/home/stirlingpdfuser
+
+
 # JDK for app
 RUN echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/main" | tee -a /etc/apk/repositories && \
    echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/community" | tee -a /etc/apk/repositories && \
@@ -12,6 +29,7 @@ RUN echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/main" | tee -a /et
        bash \
        curl \
        openjdk17-jre \
+        su-exec \
 # Doc conversion
        libreoffice@testing \
 # OCR MY PDF (unpaper for descew and other advanced featues)
@@ -24,46 +42,18 @@ RUN echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/main" | tee -a /et
    wget https://bootstrap.pypa.io/get-pip.py -qO - | python3 - --break-system-packages --no-cache-dir --upgrade && \
 # uno unoconv and HTML
    pip install --break-system-packages --no-cache-dir --upgrade unoconv WeasyPrint && \
-    mv /usr/share/tessdata /usr/share/tessdata-original
-
-
-
-ARG VERSION_TAG
-
-# Set Environment Variables
-ENV DOCKER_ENABLE_SECURITY=false \
-    HOME=/home/stirlingpdfuser \
-    VERSION_TAG=$VERSION_TAG \
-    JAVA_TOOL_OPTIONS="$JAVA_TOOL_OPTIONS -XX:MaxRAMPercentage=75"
-#    PUID=1000 \
-#    PGID=1000 \
-#    UMASK=022 \
-
-# Copy necessary files
-COPY scripts /scripts
-COPY pipeline /pipeline
-COPY src/main/resources/static/fonts/*.ttf /usr/share/fonts/opentype/noto
-COPY src/main/resources/static/fonts/*.otf /usr/share/fonts/opentype/noto
-COPY build/libs/*.jar app.jar
-
-# Create user and group
-##RUN groupadd -g $PGID stirlingpdfgroup && \
-##    useradd -u $PUID -g stirlingpdfgroup -s /bin/sh stirlingpdfuser && \
-##    mkdir -p $HOME && chown stirlingpdfuser:stirlingpdfgroup $HOME && \
-# Set up necessary directories and permissions
-RUN mkdir -p  /configs /logs /customFiles /pipeline/watchedFolders /pipeline/finishedFolders && \
-##&& \
-##    chown -R stirlingpdfuser:stirlingpdfgroup /scripts /usr/share/fonts/opentype/noto /usr/share/tesseract-ocr /configs /customFiles && \
-##    chown -R stirlingpdfuser:stirlingpdfgroup /usr/share/tesseract-ocr-original && \
-# Set font cache and permissions
+    mv /usr/share/tessdata /usr/share/tessdata-original && \
+    mkdir -p $HOME /configs /logs /customFiles /pipeline/watchedFolders /pipeline/finishedFolders && \
    fc-cache -f -v && \
-    chmod +x /scripts/*
-##    chown stirlingpdfuser:stirlingpdfgroup /app.jar && \
-##    chmod +x /scripts/init.sh
+    chmod +x /scripts/* && \
+    chmod +x /scripts/init.sh && \
+# User permissions
+    addgroup -S stirlingpdfgroup && adduser -S stirlingpdfuser -G stirlingpdfgroup && \
+    chown -R stirlingpdfuser:stirlingpdfgroup $HOME /scripts /usr/share/fonts/opentype/noto  /configs /customFiles /pipeline && \
+    chown stirlingpdfuser:stirlingpdfgroup /app.jar

 EXPOSE 8080

 # Set user and run command
-##USER stirlingpdfuser
 ENTRYPOINT ["tini", "--", "/scripts/init.sh"]
 CMD ["java", "-Dfile.encoding=UTF-8", "-jar", "/app.jar"]