FROM ubuntu:24.04 AS build LABEL maintainer="Penpot " ENV LANG='C.UTF-8' \ LC_ALL='C.UTF-8' \ JAVA_HOME="/opt/jdk" \ DEBIAN_FRONTEND=noninteractive \ NODE_VERSION=v22.16.0 \ IMAGEMAGICK_VERSION=7.1.1-47 \ TZ=Etc/UTC RUN set -ex; \ apt-get -qq update; \ apt-get -qq upgrade; \ apt-get -qqy --no-install-recommends install \ curl \ ca-certificates \ binutils \ build-essential autoconf libtool pkg-config \ libltdl-dev \ libpng-dev libjpeg-dev libtiff-dev libwebp-dev libopenexr-dev libfftw3-dev \ libzip-dev \ liblcms2-dev liblzma-dev libzstd-dev \ libheif-dev librsvg2-dev \ ; \ rm -rf /var/lib/apt/lists/* RUN set -eux; \ curl -LfsSo /tmp/magick.tar.gz https://github.com/ImageMagick/ImageMagick/archive/refs/tags/${IMAGEMAGICK_VERSION}.tar.gz; \ mkdir -p /tmp/magick; \ cd /tmp/magick; \ tar -xf /tmp/magick.tar.gz --strip-components=1; \ ./configure --prefix=/opt/imagick; \ make -j 2; \ make install; \ rm -rf /opt/imagick/lib/libMagick++*; \ rm -rf /opt/imagick/include; \ rm -rf /opt/imagick/share; RUN set -eux; \ ARCH="$(dpkg --print-architecture)"; \ case "${ARCH}" in \ aarch64|arm64) \ OPENSSL_ARCH='linux-aarch64'; \ BINARY_URL="https://nodejs.org/dist/${NODE_VERSION}/node-${NODE_VERSION}-linux-arm64.tar.gz"; \ ;; \ amd64|x86_64) \ OPENSSL_ARCH='linux-x86_64'; \ BINARY_URL="https://nodejs.org/dist/${NODE_VERSION}/node-${NODE_VERSION}-linux-x64.tar.gz"; \ ;; \ *) \ echo "Unsupported arch: ${ARCH}"; \ exit 1; \ ;; \ esac; \ curl -LfsSo /tmp/nodejs.tar.gz ${BINARY_URL}; \ mkdir -p /opt/node; \ cd /opt/node; \ tar -xf /tmp/nodejs.tar.gz --strip-components=1; \ chown -R root /opt/node; \ find /opt/node/include/node/openssl/archs -mindepth 1 -maxdepth 1 ! -name "$OPENSSL_ARCH" -exec rm -rf {} \; ; \ rm -rf /tmp/nodejs.tar.gz; RUN set -eux; \ ARCH="$(dpkg --print-architecture)"; \ case "${ARCH}" in \ aarch64|arm64) \ ESUM='18071047526ab4b53131f9bb323e8703485ae37fcb2f2c5ef0f1b7bab66d1b94'; \ BINARY_URL='https://github.com/adoptium/temurin24-binaries/releases/download/jdk-24%2B36/OpenJDK24U-jdk_aarch64_linux_hotspot_24_36.tar.gz'; \ ;; \ amd64|x86_64) \ ESUM='c340dee97b6aa215d248bc196dcac5b56e7be9b5c5d45e691344d40d5d0b171d'; \ BINARY_URL='https://github.com/adoptium/temurin24-binaries/releases/download/jdk-24%2B36/OpenJDK24U-jdk_x64_linux_hotspot_24_36.tar.gz'; \ ;; \ *) \ echo "Unsupported arch: ${ARCH}"; \ exit 1; \ ;; \ esac; \ curl -LfsSo /tmp/openjdk.tar.gz ${BINARY_URL}; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p /opt/jdk; \ cd /opt/jdk; \ tar -xf /tmp/openjdk.tar.gz --strip-components=1; \ rm -rf /tmp/openjdk.tar.gz; \ /opt/jdk/bin/jlink \ --no-header-files \ --no-man-pages \ --strip-debug \ --add-modules java.base,jdk.management.agent,java.se,jdk.compiler,jdk.javadoc,jdk.attach,jdk.unsupported \ --output /opt/jre; FROM ubuntu:24.04 AS image LABEL maintainer="Penpot " ENV LANG='C.UTF-8' \ LC_ALL='C.UTF-8' \ JAVA_HOME="/opt/jre" \ PATH=/opt/jre/bin:/opt/node/bin:/opt/imagick/bin:$PATH \ DEBIAN_FRONTEND=noninteractive \ TZ=Etc/UTC RUN set -ex; \ useradd -U -M -u 1001 -s /bin/false -d /opt/penpot penpot; \ apt-get -qq update; \ apt-get -qq upgrade; \ apt-get -qqy --no-install-recommends install \ tzdata \ ca-certificates \ fontconfig \ woff-tools \ woff2 \ python3 \ python3-tabulate \ fontforge \ \ libpng16-16 \ libjpeg-turbo8 \ libtiff6 \ libwebp7 \ libopenexr-3-1-30 \ libfreetype6 \ libfontconfig1 \ libglib2.0-0 \ libxml2 \ liblcms2-2 \ libheif1 \ libopenjp2-7 \ libzstd1 \ librsvg2-2 \ libgomp1 \ libwebpmux3 \ libwebpdemux2 \ libzip4t64 \ ; \ find tmp/usr/share/zoneinfo/* -type d ! -name 'Etc' |xargs rm -rf; \ rm -rf /var/lib /var/cache; \ rm -rf /usr/include; \ mkdir -p /opt/data/assets; \ mkdir -p /opt/penpot; \ chown -R penpot:penpot /opt/penpot; \ chown -R penpot:penpot /opt/data; \ rm -rf /var/lib/apt/lists/*; COPY --from=build /opt/jre /opt/jre COPY --from=build /opt/node /opt/node COPY --from=build /opt/imagick /opt/imagick COPY --chown=penpot:penpot ./bundle-backend/ /opt/penpot/backend/ USER penpot:penpot WORKDIR /opt/penpot/backend CMD ["/bin/bash", "run.sh"]