casile 0.14.2

The command line interface to the CaSILE toolkit, a book publishing workflow employing SILE and other wizardry
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119

#syntax=docker/dockerfile:1.2

ARG ARCHTAG

FROM docker.io/library/archlinux:$ARCHTAG AS base

# Setup Caleb’s hosted Arch repository with prebuilt dependencies
RUN pacman-key --init && pacman-key --populate
RUN sed -i  /etc/pacman.conf -e \
	'/^.extra/{n;n;s!^!\n\[alerque\]\nServer = https://arch.alerque.com/$arch\n!}'
RUN pacman-key --recv-keys 63CC496475267693 && pacman-key --lsign-key 63CC496475267693

# This hack can convince Docker its cache is obsolete; e.g. when the contents
# of downloaded resources have changed since being fetched. It's helpful to have
# this as a separate layer because it saves time for local builds. Incrementing
# this when pushing dependency updates to Caleb's Arch user repository or just
# when the remote Docker Hub builds die should be enough.
ARG DOCKER_HUB_CACHE=1

ARG RUNTIME_DEPS

# Enable system locales for everything we have localizations for so tools like
# `date` will output matching localized strings. By default Arch Docker images
# have almost all locale data stripped out. This also makes it easier to
# rebuild custom Docker images with extra languages supported.
RUN sed -i -e '/^NoExtract.*locale/d' /etc/pacman.conf

# Freshen all base system packages
RUN pacman --needed --noconfirm -Syuq && yes | pacman -Sccq

# Rebuild locale database after having enabled localization, added our
# supported locales, and making sure glibc *at least* has been updated without
# blocking locale files.
RUN pacman --noconfirm -Sq glibc && yes | pacman -Sccq
RUN grep -E '^(en|tr)_'  /usr/share/i18n/SUPPORTED > /etc/locale.gen
RUN locale-gen

# Install run-time dependencies
RUN pacman --needed --noconfirm -Sq $RUNTIME_DEPS && yes | pacman -Sccq

RUN chsh -s /usr/bin/zsh && echo 'autoload -U zmv' >> /etc/zsh/zprofile

# Setup separate image for build so we don’t bloat the final image
FROM base AS builder

ARG BUILD_DEPS

# Install build time dependencies
RUN pacman --needed --noconfirm -Sq $BUILD_DEPS && yes | pacman -Sccq

# Set at build time, forces Docker’s layer caching to reset at this point
ARG REVISION

COPY ./ /src
WORKDIR /src

# GitHub Actions builder stopped providing git history :(
# See feature request at https://github.com/actions/runner/issues/767
RUN build-aux/bootstrap-docker.sh

RUN ./bootstrap.sh
RUN ./configure --mandir='${prefix}/man'
RUN make
RUN make check-version
RUN make install DESTDIR=/pkgdir
RUN node-prune /pkgdir/usr/local/share/casile/node_modules

FROM base AS final

# Same args as above, repeated because they went out of scope with FROM
ARG REVISION
ARG VERSION

# Allow `su` with no root password so non-priv users can install dependencies
RUN sed -i -e '/.so$/s/$/ nullok/' /etc/pam.d/su

# Set system locale to something other than 'C' that resolves to a real language
ENV LANG=en_US.UTF-8

# Make sure the current project volume can be manipulated inside Docker in
# spite of new default Git safety restrictions. We default the workdir to /data
# and suggest that to users but they are free to rearrange. More notably GH
# Actions injects a workdir of its choice externally at runtime and is subject
# to change, so we have to cover our bases. Everything inside the container has
# root permissions anyway so we're not really adding insecure surface area here.
RUN git config --system --add safe.directory '*'

# Set user info for when CaSILE commits directly, can of course be overridden
RUN git config --system user.name "The CaSILE Toolkit" && \
    git config --system user.email "casile@sile-typesetter.org"

# ImageMagick has started aggressively adding -dSAFER (also the default since
# Ghostscript 9.5) to callouts to `gs`. This works if the processes inside
# Docker are running as root, but we're often using setpriv to match file
# ownerships. Postscript files can read and write arbitrary files in this
# configuration so this would be unsafe to use on unknown content, but in our
# case the only content on the entire system (in the container) is our project.
RUN sed -i -e 's/dSAFER/dNOSAFER/g' /etc/ImageMagick-7/delegates.xml

# Makeup for our Pandoc fork being sideloaded by giving it access to system Lua stuff
RUN ln -s /usr/{,/local}/lib/lua && ln -s /usr/{,local/}share/lua

LABEL org.opencontainers.image.title="CaSILE"
LABEL org.opencontainers.image.description="A containerized version of the CaSILE toolkit, a book publishing workflow employing SILE and other wizardry"
LABEL org.opencontainers.image.authors="Caleb Maclennan <caleb@alerque.com>"
LABEL org.opencontainers.image.licenses="AGPL-3.0"
LABEL org.opencontainers.image.url="https://github.com/sile-typesetter/casile/pkgs/container/casile"
LABEL org.opencontainers.image.source="https://github.com/sile-typesetter/casile"
LABEL org.opencontainers.image.version="v$VERSION"
LABEL org.opencontainers.image.revision="$REVISION"

COPY build-aux/docker-fontconfig.conf /etc/fonts/conf.d/99-docker.conf

COPY --from=builder /pkgdir /
COPY --from=builder /src/lib/casile-entry.zsh /usr/local/bin
RUN casile --version

WORKDIR /data
ENTRYPOINT [ "casile-entry.zsh" ]