FROM ubuntu:24.04 AS build LABEL maintainer="Penpot " ENV LANG='C.UTF-8' \ LC_ALL='C.UTF-8' \ JAVA_HOME="/opt/jdk" \ DEBIAN_FRONTEND=noninteractive \ NODE_VERSION=v22.19.0 \ TZ=Etc/UTC RUN set -ex; \ apt-get -qq update; \ apt-get -qq upgrade; \ apt-get -qqy --no-install-recommends install \ binutils \ ca-certificates \ curl \ ; \ rm -rf /var/lib/apt/lists/* RUN set -eux; \ ARCH="$(dpkg --print-architecture)"; \ case "${ARCH}" in \ aarch64|arm64) \ OPENSSL_ARCH='linux-aarch64'; \ BINARY_URL="https://nodejs.org/dist/${NODE_VERSION}/node-${NODE_VERSION}-linux-arm64.tar.gz"; \ ;; \ amd64|x86_64) \ OPENSSL_ARCH='linux-x86_64'; \ BINARY_URL="https://nodejs.org/dist/${NODE_VERSION}/node-${NODE_VERSION}-linux-x64.tar.gz"; \ ;; \ *) \ echo "Unsupported arch: ${ARCH}"; \ exit 1; \ ;; \ esac; \ curl -LfsSo /tmp/nodejs.tar.gz ${BINARY_URL}; \ mkdir -p /opt/node; \ cd /opt/node; \ tar -xf /tmp/nodejs.tar.gz --strip-components=1; \ chown -R root /opt/node; \ find /opt/node/include/node/openssl/archs -mindepth 1 -maxdepth 1 ! -name "$OPENSSL_ARCH" -exec rm -rf {} \; ; \ rm -rf /tmp/nodejs.tar.gz; RUN set -eux; \ ARCH="$(dpkg --print-architecture)"; \ case "${ARCH}" in \ aarch64|arm64) \ ESUM='6f8725d186d05c627176db9c46c732a6ef3ba41d9e9b3775c4727fc8ac642bb2'; \ BINARY_URL='https://github.com/adoptium/temurin24-binaries/releases/download/jdk-24.0.2%2B12/OpenJDK24U-jdk_aarch64_linux_hotspot_24.0.2_12.tar.gz'; \ ;; \ amd64|x86_64) \ ESUM='aea1cc55e51cf651c85f2f00ad021603fe269c4bb6493fa97a321ad770c9b096'; \ BINARY_URL='https://github.com/adoptium/temurin24-binaries/releases/download/jdk-24.0.2%2B12/OpenJDK24U-jdk_x64_linux_hotspot_24.0.2_12.tar.gz'; \ ;; \ *) \ echo "Unsupported arch: ${ARCH}"; \ exit 1; \ ;; \ esac; \ curl -LfsSo /tmp/openjdk.tar.gz ${BINARY_URL}; \ echo "${ESUM} */tmp/openjdk.tar.gz" | sha256sum -c -; \ mkdir -p /opt/jdk; \ cd /opt/jdk; \ tar -xf /tmp/openjdk.tar.gz --strip-components=1; \ rm -rf /tmp/openjdk.tar.gz; \ /opt/jdk/bin/jlink \ --no-header-files \ --no-man-pages \ --strip-debug \ --add-modules java.base,jdk.management.agent,java.se,jdk.compiler,jdk.javadoc,jdk.attach,jdk.unsupported \ --output /opt/jre; FROM ubuntu:24.04 AS image LABEL maintainer="Penpot " ENV LANG='C.UTF-8' \ LC_ALL='C.UTF-8' \ JAVA_HOME="/opt/jre" \ PATH=/opt/jre/bin:/opt/node/bin:/opt/imagick/bin:$PATH \ DEBIAN_FRONTEND=noninteractive \ TZ=Etc/UTC RUN set -ex; \ useradd -U -M -u 1001 -s /bin/false -d /opt/penpot penpot; \ apt-get -qq update; \ apt-get -qq upgrade; \ apt-get -qqy --no-install-recommends install \ ca-certificates \ curl \ fontconfig \ fontforge \ libfontconfig1 \ libfreetype6 \ libglib2.0-0 \ libgomp1 \ libheif1 \ libjpeg-turbo8 \ liblcms2-2 \ libopenexr-3-1-30 \ libopenjp2-7 \ libpng16-16 \ librsvg2-2 \ libtiff6 \ libwebp7 \ libwebpdemux2 \ libwebpmux3 \ libxml2 \ libzip4t64 \ libzstd1 \ python3 \ python3-tabulate \ tzdata \ woff-tools \ woff2 \ ; \ find tmp/usr/share/zoneinfo/* -type d ! -name 'Etc' |xargs rm -rf; \ rm -rf /var/lib /var/cache; \ rm -rf /usr/include; \ mkdir -p /opt/data/assets; \ mkdir -p /opt/penpot; \ chown -R penpot:penpot /opt/penpot; \ chown -R penpot:penpot /opt/data; \ rm -rf /var/lib/apt/lists/*; COPY --from=build /opt/jre /opt/jre COPY --from=build /opt/node /opt/node COPY --from=penpotapp/imagemagick:7.1.2-0 /opt/imagick /opt/imagick ARG BUNDLE_PATH="./bundle-backend/" COPY --chown=penpot:penpot $BUNDLE_PATH /opt/penpot/backend/ USER penpot:penpot WORKDIR /opt/penpot/backend CMD ["/bin/bash", "run.sh"]