mirror of
https://github.com/penpot/penpot.git
synced 2025-07-23 23:37:20 +02:00
This allows us be in control of the imagemagick version and not depend on the version available on the distro repository, which right now only ships the legacy 6.x version
152 lines
4.8 KiB
Text
152 lines
4.8 KiB
Text
FROM ubuntu:24.04 AS build
|
|
LABEL maintainer="Penpot <docker@penpot.app>"
|
|
|
|
ENV LANG='C.UTF-8' \
|
|
LC_ALL='C.UTF-8' \
|
|
JAVA_HOME="/opt/jdk" \
|
|
DEBIAN_FRONTEND=noninteractive \
|
|
NODE_VERSION=v22.16.0 \
|
|
IMAGEMAGICK_VERSION=7.1.1-47 \
|
|
TZ=Etc/UTC
|
|
|
|
RUN set -ex; \
|
|
apt-get -qq update; \
|
|
apt-get -qq upgrade; \
|
|
apt-get -qqy --no-install-recommends install \
|
|
curl \
|
|
ca-certificates \
|
|
binutils \
|
|
build-essential autoconf libtool pkg-config \
|
|
libltdl-dev \
|
|
libpng-dev libjpeg-dev libtiff-dev libwebp-dev libopenexr-dev libfftw3-dev \
|
|
libzip-dev \
|
|
liblcms2-dev liblzma-dev libzstd-dev \
|
|
libheif-dev librsvg2-dev \
|
|
; \
|
|
rm -rf /var/lib/apt/lists/*
|
|
|
|
RUN set -eux; \
|
|
curl -LfsSo /tmp/magick.tar.gz https://github.com/ImageMagick/ImageMagick/archive/refs/tags/${IMAGEMAGICK_VERSION}.tar.gz; \
|
|
mkdir -p /tmp/magick; \
|
|
cd /tmp/magick; \
|
|
tar -xf /tmp/magick.tar.gz --strip-components=1; \
|
|
./configure --prefix=/opt/imagick; \
|
|
make -j 2; \
|
|
make install; \
|
|
rm -rf /opt/imagick/lib/libMagick++*; \
|
|
rm -rf /opt/imagick/include; \
|
|
rm -rf /opt/imagick/share;
|
|
|
|
RUN set -eux; \
|
|
ARCH="$(dpkg --print-architecture)"; \
|
|
case "${ARCH}" in \
|
|
aarch64|arm64) \
|
|
OPENSSL_ARCH='linux-aarch64'; \
|
|
BINARY_URL="https://nodejs.org/dist/${NODE_VERSION}/node-${NODE_VERSION}-linux-arm64.tar.gz"; \
|
|
;; \
|
|
amd64|x86_64) \
|
|
OPENSSL_ARCH='linux-x86_64'; \
|
|
BINARY_URL="https://nodejs.org/dist/${NODE_VERSION}/node-${NODE_VERSION}-linux-x64.tar.gz"; \
|
|
;; \
|
|
*) \
|
|
echo "Unsupported arch: ${ARCH}"; \
|
|
exit 1; \
|
|
;; \
|
|
esac; \
|
|
curl -LfsSo /tmp/nodejs.tar.gz ${BINARY_URL}; \
|
|
mkdir -p /opt/node; \
|
|
cd /opt/node; \
|
|
tar -xf /tmp/nodejs.tar.gz --strip-components=1; \
|
|
chown -R root /opt/node; \
|
|
find /opt/node/include/node/openssl/archs -mindepth 1 -maxdepth 1 ! -name "$OPENSSL_ARCH" -exec rm -rf {} \; ; \
|
|
rm -rf /tmp/nodejs.tar.gz;
|
|
|
|
RUN set -eux; \
|
|
ARCH="$(dpkg --print-architecture)"; \
|
|
case "${ARCH}" in \
|
|
aarch64|arm64) \
|
|
ESUM='18071047526ab4b53131f9bb323e8703485ae37fcb2f2c5ef0f1b7bab66d1b94'; \
|
|
BINARY_URL='https://github.com/adoptium/temurin24-binaries/releases/download/jdk-24%2B36/OpenJDK24U-jdk_aarch64_linux_hotspot_24_36.tar.gz'; \
|
|
;; \
|
|
amd64|x86_64) \
|
|
ESUM='c340dee97b6aa215d248bc196dcac5b56e7be9b5c5d45e691344d40d5d0b171d'; \
|
|
BINARY_URL='https://github.com/adoptium/temurin24-binaries/releases/download/jdk-24%2B36/OpenJDK24U-jdk_x64_linux_hotspot_24_36.tar.gz'; \
|
|
;; \
|
|
*) \
|
|
echo "Unsupported arch: ${ARCH}"; \
|
|
exit 1; \
|
|
;; \
|
|
esac; \
|
|
curl -LfsSo /tmp/openjdk.tar.gz ${BINARY_URL}; \
|
|
echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \
|
|
mkdir -p /opt/jdk; \
|
|
cd /opt/jdk; \
|
|
tar -xf /tmp/openjdk.tar.gz --strip-components=1; \
|
|
rm -rf /tmp/openjdk.tar.gz; \
|
|
/opt/jdk/bin/jlink \
|
|
--no-header-files \
|
|
--no-man-pages \
|
|
--strip-debug \
|
|
--add-modules java.base,jdk.management.agent,java.se,jdk.compiler,jdk.javadoc,jdk.attach,jdk.unsupported \
|
|
--output /opt/jre;
|
|
|
|
FROM ubuntu:24.04 AS image
|
|
LABEL maintainer="Penpot <docker@penpot.app>"
|
|
|
|
ENV LANG='C.UTF-8' \
|
|
LC_ALL='C.UTF-8' \
|
|
JAVA_HOME="/opt/jre" \
|
|
PATH=/opt/jre/bin:/opt/node/bin:/opt/imagick/bin:$PATH \
|
|
DEBIAN_FRONTEND=noninteractive \
|
|
TZ=Etc/UTC
|
|
|
|
RUN set -ex; \
|
|
useradd -U -M -u 1001 -s /bin/false -d /opt/penpot penpot; \
|
|
apt-get -qq update; \
|
|
apt-get -qq upgrade; \
|
|
apt-get -qqy --no-install-recommends install \
|
|
tzdata \
|
|
ca-certificates \
|
|
fontconfig \
|
|
woff-tools \
|
|
woff2 \
|
|
python3 \
|
|
python3-tabulate \
|
|
fontforge \
|
|
\
|
|
libpng16-16 \
|
|
libjpeg-turbo8 \
|
|
libtiff6 \
|
|
libwebp7 \
|
|
libopenexr-3-1-30 \
|
|
libfreetype6 \
|
|
libfontconfig1 \
|
|
libglib2.0-0 \
|
|
libxml2 \
|
|
liblcms2-2 \
|
|
libheif1 \
|
|
libopenjp2-7 \
|
|
libzstd1 \
|
|
librsvg2-2 \
|
|
libgomp1 \
|
|
libwebpmux3 \
|
|
libwebpdemux2 \
|
|
libzip4t64 \
|
|
; \
|
|
find tmp/usr/share/zoneinfo/* -type d ! -name 'Etc' |xargs rm -rf; \
|
|
rm -rf /var/lib /var/cache; \
|
|
rm -rf /usr/include; \
|
|
mkdir -p /opt/data/assets; \
|
|
mkdir -p /opt/penpot; \
|
|
chown -R penpot:penpot /opt/penpot; \
|
|
chown -R penpot:penpot /opt/data; \
|
|
rm -rf /var/lib/apt/lists/*;
|
|
|
|
COPY --from=build /opt/jre /opt/jre
|
|
COPY --from=build /opt/node /opt/node
|
|
COPY --from=build /opt/imagick /opt/imagick
|
|
COPY --chown=penpot:penpot ./bundle-backend/ /opt/penpot/backend/
|
|
|
|
USER penpot:penpot
|
|
WORKDIR /opt/penpot/backend
|
|
CMD ["/bin/bash", "run.sh"]
|