From 37a0868a6a63057c1af9ab73c3af5b4e377ff9b5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Romain=20Pr=C3=A9vost?= <32127074+toindev@users.noreply.github.com> Date: Mon, 15 Dec 2025 16:40:29 +0100 Subject: [PATCH 1/5] chore: integrate upstream changes --- .env | 2 +- .github/actions/build-test-push/action.yml | 38 +- .github/workflows/continuous-delivery.yml | 150 +--- .github/workflows/continuous-integration.yml | 398 --------- FEATURE_SPECIFICATION.md | 765 ++++++++++++++++++ Makefile | 1 + build/Dockerfile | 29 +- go.mod | 6 + go.sum | 12 + pkg/gotenberg/mocks.go | 21 +- pkg/gotenberg/pdfengine.go | 3 + pkg/modules/chromium/chromium.go | 6 + pkg/modules/chromium/routes.go | 32 +- pkg/modules/exiftool/exiftool.go | 5 + .../libreoffice/pdfengine/pdfengine.go | 5 + pkg/modules/pdfcpu/doc.go | 3 +- pkg/modules/pdfcpu/pdfcpu.go | 22 + pkg/modules/pdfengines/multi.go | 46 +- pkg/modules/pdfengines/pdfengines.go | 31 +- pkg/modules/pdfengines/routes.go | 21 + pkg/modules/pdftk/pdftk.go | 5 + pkg/modules/qpdf/qpdf.go | 5 + 22 files changed, 1035 insertions(+), 571 deletions(-) delete mode 100644 .github/workflows/continuous-integration.yml create mode 100644 FEATURE_SPECIFICATION.md diff --git a/.env b/.env index 993c849f0..db1010749 100644 --- a/.env +++ b/.env @@ -1,5 +1,5 @@ GOTENBERG_VERSION=snapshot -DOCKER_REGISTRY=gotenberg +DOCKER_REGISTRY=ghcr.io/fulll DOCKER_REPOSITORY=gotenberg DOCKERFILE=build/Dockerfile DOCKERFILE_CLOUDRUN=build/Dockerfile.cloudrun diff --git a/.github/actions/build-test-push/action.yml b/.github/actions/build-test-push/action.yml index 5167de4b3..430f81b21 100644 --- a/.github/actions/build-test-push/action.yml +++ b/.github/actions/build-test-push/action.yml @@ -7,12 +7,12 @@ inputs: description: The GitHub token required: true default: ${{ github.token }} - docker_hub_username: - description: The Docker Hub username - required: true - docker_hub_password: - description: The Docker Hub password - required: true + # docker_hub_username: + # description: The Docker Hub username + # required: true + # docker_hub_password: + # description: The Docker Hub password + # required: true platform: description: linux/amd64, linux/ppc64le, linux/386, linux/arm64, linux/arm/v7 required: true @@ -50,12 +50,12 @@ runs: - name: Check out code uses: actions/checkout@v5 - - name: Log in to Docker Hub - if: inputs.docker_hub_username != '' - uses: docker/login-action@v3 - with: - username: ${{ inputs.docker_hub_username }} - password: ${{ inputs.docker_hub_password }} + # - name: Log in to Docker Hub + # if: inputs.docker_hub_username != '' + # uses: docker/login-action@v3 + # with: + # username: ${{ inputs.docker_hub_username }} + # password: ${{ inputs.docker_hub_password }} - name: Build ${{ inputs.platform }} id: build @@ -77,13 +77,13 @@ runs: --alternate-repository "${{ inputs.alternate_repository }}" \ --dry-run "${{ inputs.dry_run }}" - - name: Push - if: inputs.docker_hub_username != '' - shell: bash - run: | - .github/actions/build-test-push/push.sh \ - --tags "${{ steps.build.outputs.tags }},${{ steps.build.outputs.tags_cloud_run }},${{ steps.build.outputs.tags_aws_lambda }}" \ - --dry-run "${{ inputs.dry_run }}" + # - name: Push + # if: inputs.docker_hub_username != '' + # shell: bash + # run: | + # .github/actions/build-test-push/push.sh \ + # --tags "${{ steps.build.outputs.tags }},${{ steps.build.outputs.tags_cloud_run }},${{ steps.build.outputs.tags_aws_lambda }}" \ + # --dry-run "${{ inputs.dry_run }}" - name: Outputs shell: bash diff --git a/.github/workflows/continuous-delivery.yml b/.github/workflows/continuous-delivery.yml index ad0bf860a..f186146bd 100644 --- a/.github/workflows/continuous-delivery.yml +++ b/.github/workflows/continuous-delivery.yml @@ -19,132 +19,40 @@ jobs: - name: Checkout source code uses: actions/checkout@v6 + # action modified to onlu build - name: Build and push id: build_push uses: ./.github/actions/build-test-push with: - docker_hub_username: ${{ secrets.DOCKERHUB_USERNAME }} - docker_hub_password: ${{ secrets.DOCKERHUB_TOKEN }} version: ${{ github.event.release.tag_name }} platform: linux/amd64 skip_integrations_tests: true - release_386: - name: Release linux/386 - runs-on: ubuntu-latest - outputs: - tags: ${{ steps.build_push.outputs.tags }} - tags_cloud_run: ${{ steps.build_push.outputs.tags_cloud_run }} - tags_aws_lambda: ${{ steps.build_push.outputs.tags_aws_lambda }} - steps: - - name: Checkout source code - uses: actions/checkout@v6 - - - name: Build and push - id: build_push - uses: ./.github/actions/build-test-push - with: - docker_hub_username: ${{ secrets.DOCKERHUB_USERNAME }} - docker_hub_password: ${{ secrets.DOCKERHUB_TOKEN }} - version: ${{ github.event.release.tag_name }} - platform: linux/386 - skip_integrations_tests: true - - release_ppc64le: - name: Release linux/ppc64le - runs-on: ubuntu-24.04-ppc64le - outputs: - tags: ${{ steps.build_push.outputs.tags }} - tags_cloud_run: ${{ steps.build_push.outputs.tags_cloud_run }} - tags_aws_lambda: ${{ steps.build_push.outputs.tags_aws_lambda }} - steps: - - name: Checkout source code - uses: actions/checkout@v6 - - - name: Build and push - id: build_push - uses: ./.github/actions/build-test-push - with: - docker_hub_username: ${{ secrets.DOCKERHUB_USERNAME }} - docker_hub_password: ${{ secrets.DOCKERHUB_TOKEN }} - version: ${{ github.event.release.tag_name }} - platform: linux/ppc64le - skip_integrations_tests: true - - release_arm64: - name: Release linux/arm64 - runs-on: ubuntu-24.04-arm - outputs: - tags: ${{ steps.build_push.outputs.tags }} - tags_cloud_run: ${{ steps.build_push.outputs.tags_cloud_run }} - tags_aws_lambda: ${{ steps.build_push.outputs.tags_aws_lambda }} - steps: - - name: Checkout source code - uses: actions/checkout@v6 - - - name: Build and push - id: build_push - uses: ./.github/actions/build-test-push - with: - docker_hub_username: ${{ secrets.DOCKERHUB_USERNAME }} - docker_hub_password: ${{ secrets.DOCKERHUB_TOKEN }} - version: ${{ github.event.release.tag_name }} - platform: linux/arm64 - skip_integrations_tests: true - - release_arm_v7: - name: Release linux/arm/v7 - runs-on: ubuntu-24.04-arm - outputs: - tags: ${{ steps.build_push.outputs.tags }} - tags_cloud_run: ${{ steps.build_push.outputs.tags_cloud_run }} - tags_aws_lambda: ${{ steps.build_push.outputs.tags_aws_lambda }} - steps: - - name: Checkout source code - uses: actions/checkout@v6 - - - name: Build and push - id: build_push - uses: ./.github/actions/build-test-push - with: - docker_hub_username: ${{ secrets.DOCKERHUB_USERNAME }} - docker_hub_password: ${{ secrets.DOCKERHUB_TOKEN }} - version: ${{ github.event.release.tag_name }} - platform: linux/arm/v7 - skip_integrations_tests: true - - merge_clean_release_tags: - needs: - - release_amd64 - - release_386 - - release_ppc64le - - release_arm64 - - release_arm_v7 - name: Merge and clean release tags - runs-on: ubuntu-latest - steps: - - name: Checkout source code - uses: actions/checkout@v6 - - - name: Merge - uses: ./.github/actions/merge - with: - docker_hub_username: ${{ secrets.DOCKERHUB_USERNAME }} - docker_hub_password: ${{ secrets.DOCKERHUB_TOKEN }} - tags: "${{ needs.release_amd64.outputs.tags }},${{ needs.release_386.outputs.tags }},${{ needs.release_ppc64le.outputs.tags }},${{ needs.release_arm64.outputs.tags }},${{ needs.release_arm_v7.outputs.tags }}" - alternate_registry: thecodingmachine - - - name: Merge AWS Lambda - uses: ./.github/actions/merge - with: - docker_hub_username: ${{ secrets.DOCKERHUB_USERNAME }} - docker_hub_password: ${{ secrets.DOCKERHUB_TOKEN }} - tags: "${{ needs.release_amd64.outputs.tags_aws_lambda }},${{ needs.release_arm64.outputs.tags_aws_lambda }}" - alternate_registry: thecodingmachine - - - name: Clean - uses: ./.github/actions/clean - with: - docker_hub_username: ${{ secrets.DOCKERHUB_USERNAME }} - docker_hub_password: ${{ secrets.DOCKERHUB_TOKEN }} - tags: "${{ needs.release_amd64.outputs.tags }},${{ needs.release_386.outputs.tags }},${{ needs.release_ppc64le.outputs.tags }},${{ needs.release_arm64.outputs.tags }},${{ needs.release_arm_v7.outputs.tags }},${{ needs.release_amd64.outputs.tags_aws_lambda }},${{ needs.release_arm64.outputs.tags_aws_lambda }}" + # list docker images that have bee built + - name: Output built tags to console + run: | + echo "Tags: ${{ steps.build_push.outputs.tags }}" + echo "Cloud Run Tags: ${{ steps.build_push.outputs.tags_cloud_run }}" + echo "AWS Lambda Tags: ${{ steps.build_push.outputs.tags_aws_lambda }}" + + - name: generate aws credentials config + env: + AWS_CREDENTIALS: ${{ secrets.STAGING_AWS_CREDENTIALS }} + aws-region: eu-central-1 + run: | + mkdir -p "${HOME}/.aws" + echo "${AWS_CREDENTIALS}" > "${HOME}/.aws/credentials" + + # Get the image build by the upstream process then : + # - tag it for AWS ECR + # - push it to AWS ECR + - name: docker login and push + run: | + # Extract the tag name and strip the first letter using cut + TAG_NAME=$(echo "${{ github.event.release.tag_name }}" | cut -c 2-) + + docker tag ghcr.io/fulll/gotenberg:latest-cloudrun ${AWS_ECR_REGISTRY}/gotenberg-fulll:${TAG_NAME}-cloudrun + aws --region eu-central-1 ecr get-login-password | docker login --username AWS --password-stdin ${AWS_ECR_REGISTRY} + docker tag ${AWS_ECR_REGISTRY}/gotenberg-fulll:${TAG_NAME}-cloudrun ${AWS_ECR_REGISTRY}/gotenberg-fulll:latest + docker push ${AWS_ECR_REGISTRY}/gotenberg-fulll:${TAG_NAME}-cloudrun + docker push ${AWS_ECR_REGISTRY}/gotenberg-fulll:latest diff --git a/.github/workflows/continuous-integration.yml b/.github/workflows/continuous-integration.yml deleted file mode 100644 index dc6f1ba54..000000000 --- a/.github/workflows/continuous-integration.yml +++ /dev/null @@ -1,398 +0,0 @@ -name: Continuous Integration - -on: - push: - branches: - - main - pull_request: - branches: - - main - -concurrency: - group: ${{ (github.event_name == 'pull_request' && github.event.pull_request.number) || 'main' }} - cancel-in-progress: true - -permissions: - contents: write - -jobs: - lint: - name: Lint Golang codebase - runs-on: ubuntu-latest - steps: - - name: Checkout source code - uses: actions/checkout@v6 - - - name: Setup Go - uses: actions/setup-go@v6 - with: - go-version-file: go.mod - - - name: Run linters - uses: golangci/golangci-lint-action@v9 - with: - version: v2.5.0 - - lint-prettier: - name: Lint non-Golang codebase - runs-on: ubuntu-latest - steps: - - name: Checkout source code - uses: actions/checkout@v6 - - - name: Setup Node.js - uses: actions/setup-node@v6 - with: - node-version-file: .node-version - - - name: Install Dependencies - run: npm i - - - name: Run linters - run: make lint-prettier - - test-unit: - needs: - - lint - - lint-prettier - name: Run unit tests - runs-on: ubuntu-latest - steps: - - name: Checkout source code - uses: actions/checkout@v6 - - - name: Setup Go - uses: actions/setup-go@v6 - with: - go-version-file: go.mod - - - name: Run tests - run: make test-unit - - snapshot_amd64: - if: github.event_name == 'pull_request' - needs: - - test-unit - name: Snapshot linux/amd64 - runs-on: ubuntu-latest - outputs: - tags: ${{ steps.build_test_push.outputs.tags }} - tags_cloud_run: ${{ steps.build_test_push.outputs.tags_cloud_run }} - tags_aws_lambda: ${{ steps.build_test_push.outputs.tags_aws_lambda }} - steps: - - name: Checkout source code - uses: actions/checkout@v6 - - - name: Build, test and push - id: build_test_push - uses: ./.github/actions/build-test-push - with: - docker_hub_username: ${{ secrets.DOCKERHUB_USERNAME }} - docker_hub_password: ${{ secrets.DOCKERHUB_TOKEN }} - version: pr-${{ github.event.pull_request.number }} - platform: linux/amd64 - alternate_repository: snapshot - - snapshot_ppc64le: - if: github.event_name == 'pull_request' - needs: - - test-unit - name: Snapshot linux/ppc64le - runs-on: ubuntu-24.04-ppc64le - outputs: - tags: ${{ steps.build_test_push.outputs.tags }} - tags_cloud_run: ${{ steps.build_test_push.outputs.tags_cloud_run }} - tags_aws_lambda: ${{ steps.build_test_push.outputs.tags_aws_lambda }} - steps: - - name: Checkout source code - uses: actions/checkout@v6 - - - name: Build, test and push - id: build_test_push - uses: ./.github/actions/build-test-push - with: - docker_hub_username: ${{ secrets.DOCKERHUB_USERNAME }} - docker_hub_password: ${{ secrets.DOCKERHUB_TOKEN }} - version: pr-${{ github.event.pull_request.number }} - platform: linux/ppc64le - alternate_repository: snapshot - - snapshot_386: - if: github.event_name == 'pull_request' - needs: - - test-unit - name: Snapshot linux/386 - runs-on: ubuntu-latest - outputs: - tags: ${{ steps.build_test_push.outputs.tags }} - tags_cloud_run: ${{ steps.build_test_push.outputs.tags_cloud_run }} - tags_aws_lambda: ${{ steps.build_test_push.outputs.tags_aws_lambda }} - steps: - - name: Checkout source code - uses: actions/checkout@v6 - - - name: Build, test and push - id: build_test_push - uses: ./.github/actions/build-test-push - with: - docker_hub_username: ${{ secrets.DOCKERHUB_USERNAME }} - docker_hub_password: ${{ secrets.DOCKERHUB_TOKEN }} - version: pr-${{ github.event.pull_request.number }} - platform: linux/386 - alternate_repository: snapshot - - snapshot_arm64: - if: github.event_name == 'pull_request' - needs: - - test-unit - name: Snapshot linux/arm64 - runs-on: ubuntu-24.04-arm - outputs: - tags: ${{ steps.build_test_push.outputs.tags }} - tags_cloud_run: ${{ steps.build_test_push.outputs.tags_cloud_run }} - tags_aws_lambda: ${{ steps.build_test_push.outputs.tags_aws_lambda }} - steps: - - name: Checkout source code - uses: actions/checkout@v6 - - - name: Build, test and push - id: build_test_push - uses: ./.github/actions/build-test-push - with: - docker_hub_username: ${{ secrets.DOCKERHUB_USERNAME }} - docker_hub_password: ${{ secrets.DOCKERHUB_TOKEN }} - version: pr-${{ github.event.pull_request.number }} - platform: linux/arm64 - alternate_repository: snapshot - - snapshot_arm_v7: - if: github.event_name == 'pull_request' - needs: - - test-unit - name: Snapshot linux/arm/v7 - runs-on: ubuntu-24.04-arm - outputs: - tags: ${{ steps.build_test_push.outputs.tags }} - tags_cloud_run: ${{ steps.build_test_push.outputs.tags_cloud_run }} - tags_aws_lambda: ${{ steps.build_test_push.outputs.tags_aws_lambda }} - steps: - - name: Checkout source code - uses: actions/checkout@v6 - - - name: Build, test and push - id: build_test_push - uses: ./.github/actions/build-test-push - with: - docker_hub_username: ${{ secrets.DOCKERHUB_USERNAME }} - docker_hub_password: ${{ secrets.DOCKERHUB_TOKEN }} - version: pr-${{ github.event.pull_request.number }} - platform: linux/arm/v7 - alternate_repository: snapshot - - merge_clean_snapshot_guard: - needs: - - snapshot_amd64 - - snapshot_386 - - snapshot_ppc64le - - snapshot_arm64 - - snapshot_arm_v7 - name: Secrets access check - runs-on: ubuntu-latest - outputs: - continue: ${{ steps.check.outputs.continue }} - steps: - - name: Check - id: check - run: | - if [ -n "${{ secrets.DOCKERHUB_USERNAME }}" ]; then - echo "continue=true" >> "$GITHUB_OUTPUT" - else - echo "continue=false" >> "$GITHUB_OUTPUT" - fi - - merge_clean_snapshot_tags: - if: needs.merge_clean_snapshot_guard.outputs.continue == 'true' - needs: - - merge_clean_snapshot_guard - - snapshot_amd64 - - snapshot_386 - - snapshot_ppc64le - - snapshot_arm64 - - snapshot_arm_v7 - name: Merge and clean snapshot tags - runs-on: ubuntu-latest - steps: - - name: Checkout source code - uses: actions/checkout@v6 - - - name: Merge - uses: ./.github/actions/merge - with: - docker_hub_username: ${{ secrets.DOCKERHUB_USERNAME }} - docker_hub_password: ${{ secrets.DOCKERHUB_TOKEN }} - tags: "${{ needs.snapshot_amd64.outputs.tags }},${{ needs.snapshot_386.outputs.tags }},${{ needs.snapshot_ppc64le.outputs.tags }},${{ needs.snapshot_arm64.outputs.tags }},${{ needs.snapshot_arm_v7.outputs.tags }}" - - - name: Merge AWS Lambda - uses: ./.github/actions/merge - with: - docker_hub_username: ${{ secrets.DOCKERHUB_USERNAME }} - docker_hub_password: ${{ secrets.DOCKERHUB_TOKEN }} - tags: "${{ needs.snapshot_amd64.outputs.tags_aws_lambda }},${{ needs.snapshot_arm64.outputs.tags_aws_lambda }}" - - - name: Clean - uses: ./.github/actions/clean - with: - docker_hub_username: ${{ secrets.DOCKERHUB_USERNAME }} - docker_hub_password: ${{ secrets.DOCKERHUB_TOKEN }} - tags: "${{ needs.snapshot_amd64.outputs.tags }},${{ needs.snapshot_386.outputs.tags }},${{ needs.snapshot_ppc64le.outputs.tags }},${{ needs.snapshot_arm64.outputs.tags }},${{ needs.snapshot_arm_v7.outputs.tags }},${{ needs.snapshot_amd64.outputs.tags_aws_lambda }},${{ needs.snapshot_arm64.outputs.tags_aws_lambda }}" - - edge_amd64: - if: github.event_name == 'push' && github.ref == 'refs/heads/main' - needs: - - test-unit - name: Edge linux/amd64 - runs-on: ubuntu-latest - outputs: - tags: ${{ steps.build_test_push.outputs.tags }} - tags_cloud_run: ${{ steps.build_test_push.outputs.tags_cloud_run }} - tags_aws_lambda: ${{ steps.build_test_push.outputs.tags_aws_lambda }} - steps: - - name: Checkout source code - uses: actions/checkout@v6 - - - name: Build, test and push - id: build_test_push - uses: ./.github/actions/build-test-push - with: - docker_hub_username: ${{ secrets.DOCKERHUB_USERNAME }} - docker_hub_password: ${{ secrets.DOCKERHUB_TOKEN }} - version: edge - platform: linux/amd64 - - edge_386: - if: github.event_name == 'push' && github.ref == 'refs/heads/main' - needs: - - test-unit - name: Edge linux/386 - runs-on: ubuntu-latest - outputs: - tags: ${{ steps.build_test_push.outputs.tags }} - tags_cloud_run: ${{ steps.build_test_push.outputs.tags_cloud_run }} - tags_aws_lambda: ${{ steps.build_test_push.outputs.tags_aws_lambda }} - steps: - - name: Checkout source code - uses: actions/checkout@v6 - - - name: Build, test and push - id: build_test_push - uses: ./.github/actions/build-test-push - with: - docker_hub_username: ${{ secrets.DOCKERHUB_USERNAME }} - docker_hub_password: ${{ secrets.DOCKERHUB_TOKEN }} - version: edge - platform: linux/386 - - edge_ppc64le: - if: github.event_name == 'push' && github.ref == 'refs/heads/main' - needs: - - test-unit - name: Edge linux/ppc64le - runs-on: ubuntu-24.04-ppc64le - outputs: - tags: ${{ steps.build_test_push.outputs.tags }} - tags_cloud_run: ${{ steps.build_test_push.outputs.tags_cloud_run }} - tags_aws_lambda: ${{ steps.build_test_push.outputs.tags_aws_lambda }} - steps: - - name: Checkout source code - uses: actions/checkout@v6 - - - name: Build, test and push - id: build_test_push - uses: ./.github/actions/build-test-push - with: - docker_hub_username: ${{ secrets.DOCKERHUB_USERNAME }} - docker_hub_password: ${{ secrets.DOCKERHUB_TOKEN }} - version: edge - platform: linux/ppc64le - - edge_arm64: - if: github.event_name == 'push' && github.ref == 'refs/heads/main' - needs: - - test-unit - name: Edge linux/arm64 - runs-on: ubuntu-24.04-arm - outputs: - tags: ${{ steps.build_test_push.outputs.tags }} - tags_cloud_run: ${{ steps.build_test_push.outputs.tags_cloud_run }} - tags_aws_lambda: ${{ steps.build_test_push.outputs.tags_aws_lambda }} - steps: - - name: Checkout source code - uses: actions/checkout@v6 - - - name: Build, test and push - id: build_test_push - uses: ./.github/actions/build-test-push - with: - docker_hub_username: ${{ secrets.DOCKERHUB_USERNAME }} - docker_hub_password: ${{ secrets.DOCKERHUB_TOKEN }} - version: edge - platform: linux/arm64 - - edge_arm_v7: - if: github.event_name == 'push' && github.ref == 'refs/heads/main' - needs: - - test-unit - name: Edge linux/arm/v7 - runs-on: ubuntu-24.04-arm - outputs: - tags: ${{ steps.build_test_push.outputs.tags }} - tags_cloud_run: ${{ steps.build_test_push.outputs.tags_cloud_run }} - tags_aws_lambda: ${{ steps.build_test_push.outputs.tags_aws_lambda }} - steps: - - name: Checkout source code - uses: actions/checkout@v6 - - - name: Build, test and push - id: build_test_push - uses: ./.github/actions/build-test-push - with: - docker_hub_username: ${{ secrets.DOCKERHUB_USERNAME }} - docker_hub_password: ${{ secrets.DOCKERHUB_TOKEN }} - version: edge - platform: linux/arm/v7 - - merge_clean_edge_tags: - needs: - - edge_amd64 - - edge_386 - - edge_ppc64le - - edge_arm64 - - edge_arm_v7 - name: Merge and clean edge tags - runs-on: ubuntu-latest - steps: - - name: Checkout source code - uses: actions/checkout@v6 - - - name: Merge - uses: ./.github/actions/merge - with: - docker_hub_username: ${{ secrets.DOCKERHUB_USERNAME }} - docker_hub_password: ${{ secrets.DOCKERHUB_TOKEN }} - tags: "${{ needs.edge_amd64.outputs.tags }},${{ needs.edge_386.outputs.tags }},${{ needs.edge_ppc64le.outputs.tags }},${{ needs.edge_arm64.outputs.tags }},${{ needs.edge_arm_v7.outputs.tags }}" - alternate_registry: thecodingmachine - - - name: Merge AWS Lambda - uses: ./.github/actions/merge - with: - docker_hub_username: ${{ secrets.DOCKERHUB_USERNAME }} - docker_hub_password: ${{ secrets.DOCKERHUB_TOKEN }} - tags: "${{ needs.edge_amd64.outputs.tags_aws_lambda }},${{ needs.edge_arm64.outputs.tags_aws_lambda }}" - alternate_registry: thecodingmachine - - - name: Clean - uses: ./.github/actions/clean - with: - docker_hub_username: ${{ secrets.DOCKERHUB_USERNAME }} - docker_hub_password: ${{ secrets.DOCKERHUB_TOKEN }} - tags: "${{ needs.edge_amd64.outputs.tags }},${{ needs.edge_386.outputs.tags }},${{ needs.edge_ppc64le.outputs.tags }},${{ needs.edge_arm64.outputs.tags }},${{ needs.edge_arm_v7.outputs.tags }},${{ needs.edge_amd64.outputs.tags_aws_lambda }},${{ needs.edge_arm64.outputs.tags_aws_lambda }}" diff --git a/FEATURE_SPECIFICATION.md b/FEATURE_SPECIFICATION.md new file mode 100644 index 000000000..4d28e2c9c --- /dev/null +++ b/FEATURE_SPECIFICATION.md @@ -0,0 +1,765 @@ +# Feature Implementation Specification: PDF Bookmarks Import + +## Overview +This document specifies the changes implemented to add PDF bookmark import functionality to Gotenberg using the pdfcpu library. The feature allows users to provide bookmark data when converting HTML/Markdown to PDF via the Chromium module, which are then imported into the generated PDF using pdfcpu. + +## Core Feature: PDF Bookmarks Import + +### 1. PDF Engine Interface Extension + +**File**: `pkg/gotenberg/pdfengine.go` + +**Change**: Add a new method to the `PdfEngine` interface: + +```go +// ImportBookmarks imports bookmarks from a JSON file into a given PDF. +ImportBookmarks(ctx context.Context, logger *zap.Logger, inputPath, inputBookmarksPath, outputPath string) error +``` + +**Parameters**: +- `inputPath`: Path to the source PDF file +- `inputBookmarksPath`: Path to the JSON file containing bookmark data (in pdfcpu format) +- `outputPath`: Path where the PDF with imported bookmarks will be saved + +--- + +### 2. PdfCpu Implementation + +**File**: `pkg/modules/pdfcpu/pdfcpu.go` + +**Changes**: + +1. **Update module documentation** (`doc.go`): + - Add "2. Import bookmarks in a PDF file." to the list of capabilities + +2. **Implement `ImportBookmarks` method**: + +```go +func (engine *PdfCpu) ImportBookmarks(ctx context.Context, logger *zap.Logger, inputPath, inputBookmarksPath, outputPath string) error { + if inputBookmarksPath == "" { + return nil + } + + var args []string + args = append(args, "bookmarks", "import", inputPath, inputBookmarksPath, outputPath) + + cmd, err := gotenberg.CommandContext(ctx, logger, engine.binPath, args...) + if err != nil { + return fmt.Errorf("create command: %w", err) + } + + _, err = cmd.Exec() + if err == nil { + return nil + } + + return fmt.Errorf("ImportBookmarks PDFs with pdfcpu: %w", err) +} +``` + +**Logic**: +- If no bookmarks path provided, return nil (no-op) +- Execute pdfcpu command: `pdfcpu bookmarks import ` +- Handle errors appropriately + +--- + +### 3. Stub Implementations for Other PDF Engines + +Add `ImportBookmarks` methods returning `gotenberg.ErrPdfEngineMethodNotSupported` error to: + +**Files**: +- `pkg/modules/exiftool/exiftool.go` +- `pkg/modules/libreoffice/pdfengine/pdfengine.go` +- `pkg/modules/pdftk/pdftk.go` +- `pkg/modules/qpdf/qpdf.go` + +**Implementation** (same for all): + +```go +func (engine *[EngineName]) ImportBookmarks(ctx context.Context, logger *zap.Logger, inputPath, inputBookmarksPath, outputPath string) error { + return fmt.Errorf("import bookmarks into PDF with [EngineName]: %w", gotenberg.ErrPdfEngineMethodNotSupported) +} +``` + +--- + +### 4. Mock Update + +**File**: `pkg/gotenberg/mocks.go` + +**Changes**: + +1. Add `ImportBookmarksMock` field to `PdfEngineMock` struct: + +```go +type PdfEngineMock struct { + MergeMock func(ctx context.Context, logger *zap.Logger, inputPaths []string, outputPath string) error + ConvertMock func(ctx context.Context, logger *zap.Logger, formats PdfFormats, inputPath, outputPath string) error + ReadMetadataMock func(ctx context.Context, logger *zap.Logger, inputPath string) (map[string]interface{}, error) + WriteMetadataMock func(ctx context.Context, logger *zap.Logger, metadata map[string]interface{}, inputPath string) error + ImportBookmarksMock func(ctx context.Context, logger *zap.Logger, inputPath, inputBookmarksPath, outputPath string) error +} +``` + +2. Implement the mock method: + +```go +func (engine *PdfEngineMock) ImportBookmarks(ctx context.Context, logger *zap.Logger, inputPath, inputBookmarksPath, outputPath string) error { + return engine.ImportBookmarksMock(ctx, logger, inputPath, inputBookmarksPath, outputPath) +} +``` + +--- + +### 5. Multi PDF Engines Support + +**File**: `pkg/modules/pdfengines/multi.go` + +**Changes**: + +1. Add `importBookmarksEngines` field to `multiPdfEngines` struct: + +```go +type multiPdfEngines struct { + mergeEngines []gotenberg.PdfEngine + convertEngines []gotenberg.PdfEngine + readMedataEngines []gotenberg.PdfEngine + writeMedataEngines []gotenberg.PdfEngine + importBookmarksEngines []gotenberg.PdfEngine +} +``` + +2. Update constructor `newMultiPdfEngines` to accept the new parameter + +3. Implement `ImportBookmarks` method with concurrent engine execution pattern (similar to other methods): + +```go +func (multi *multiPdfEngines) ImportBookmarks(ctx context.Context, logger *zap.Logger, inputPath, inputBookmarksPath, outputPath string) error { + var err error + errChan := make(chan error, 1) + + for _, engine := range multi.importBookmarksEngines { + go func(engine gotenberg.PdfEngine) { + errChan <- engine.ImportBookmarks(ctx, logger, inputPath, inputBookmarksPath, outputPath) + }(engine) + + select { + case mergeErr := <-errChan: + errored := multierr.AppendInto(&err, mergeErr) + if !errored { + return nil + } + case <-ctx.Done(): + return ctx.Err() + } + } + + return fmt.Errorf("import bookmarks into PDF with multi PDF engines: %w", err) +} +``` + +**Note**: The logic tries engines in order until one succeeds or all fail. + +--- + +### 6. PDF Engines Module Configuration + +**File**: `pkg/modules/pdfengines/pdfengines.go` + +**Changes**: + +1. Add `importBookmarksNames` field to `PdfEngines` struct: + +```go +type PdfEngines struct { + mergeNames []string + convertNames []string + readMetadataNames []string + writeMedataNames []string + importBookmarksNames []string + engines []gotenberg.PdfEngine + disableRoutes bool +} +``` + +2. Add flag in `Descriptor()` method: + +```go +fs.StringSlice("pdfengines-import-bookmarks-engines", []string{"pdfcpu"}, "Set the PDF engines and their order for the import bookmarks feature - empty means all") +``` + +**Default**: `["pdfcpu"]` + +3. Update `Provision()` to read and assign the flag: + +```go +importBookmarksNames := flags.MustStringSlice("pdfengines-import-bookmarks-engines") +// ... later in the method +mod.importBookmarksNames = defaultNames +if len(importBookmarksNames) > 0 { + mod.importBookmarksNames = importBookmarksNames +} +``` + +4. Add validation in `Validate()`: + +```go +findNonExistingEngines(mod.importBookmarksNames) +``` + +5. Add system message in `SystemMessages()`: + +```go +fmt.Sprintf("import bookmarks engines - %s", strings.Join(mod.importBookmarksNames[:], " ")) +``` + +6. Update `PdfEngine()` method to pass import bookmarks engines to constructor: + +```go +return newMultiPdfEngines( + engines(mod.mergeNames), + engines(mod.convertNames), + engines(mod.readMetadataNames), + engines(mod.writeMedataNames), + engines(mod.importBookmarksNames), +), nil +``` + +--- + +### 7. PDF Engines Routes Helper + +**File**: `pkg/modules/pdfengines/routes.go` + +**Add**: New stub function `ImportBookmarksStub`: + +```go +func ImportBookmarksStub(ctx *api.Context, engine gotenberg.PdfEngine, inputPath string, inputBookmarks []byte, outputPath string) (string, error) { + if len(inputBookmarks) == 0 { + fmt.Println("ImportBookmarksStub BM empty") + return inputPath, nil + } + + inputBookmarksPath := ctx.GeneratePath(".json") + err := os.WriteFile(inputBookmarksPath, inputBookmarks, 0o600) + if err != nil { + return "", fmt.Errorf("write file %v: %w", inputBookmarksPath, err) + } + err = engine.ImportBookmarks(ctx, ctx.Log(), inputPath, inputBookmarksPath, outputPath) + if err != nil { + return "", fmt.Errorf("import bookmarks %v: %w", inputPath, err) + } + + return outputPath, nil +} +``` + +**Logic**: +- Takes bookmark data as JSON bytes +- If empty, returns input path unchanged +- Creates temporary JSON file with bookmark data +- Calls engine's ImportBookmarks method +- Returns output path on success + +**Note**: Need to import "os" package. + +--- + +### 8. Chromium Module Integration + +**File**: `pkg/modules/chromium/chromium.go` + +**Changes**: + +1. Import pdfcpu package: + ```go + import "github.com/pdfcpu/pdfcpu/pkg/pdfcpu" + ``` + +2. Add `Bookmarks` field to `PdfOptions` struct: + +```go +type PdfOptions struct { + // ... existing fields ... + + // Bookmarks to be inserted unmarshaled + // as defined in pdfcpu bookmarks export + Bookmarks pdfcpu.BookmarkTree + + // ... remaining fields ... +} +``` + +3. Update `DefaultPdfOptions()` to initialize bookmarks: + +```go +func DefaultPdfOptions() PdfOptions { + return PdfOptions{ + // ... existing fields ... + Bookmarks: pdfcpu.BookmarkTree{}, + // ... remaining fields ... + } +} +``` + +--- + +**File**: `pkg/modules/chromium/routes.go` + +**Changes**: + +1. Import required packages: + ```go + import "github.com/pdfcpu/pdfcpu/pkg/pdfcpu" + ``` + +2. In `FormDataChromiumPdfOptions` function, add bookmark parsing: + + a. Add variable declaration: + ```go + var ( + // ... existing variables ... + bookmarks pdfcpu.BookmarkTree + ) + ``` + + b. Add custom form field handler: + ```go + Custom("bookmarks", func(value string) error { + if len(value) > 0 { + err := json.Unmarshal([]byte(value), &bookmarks) + if err != nil { + return fmt.Errorf("unmarshal bookmarks: %w", err) + } + } else { + bookmarks = defaultPdfOptions.Bookmarks + } + return nil + }) + ``` + + c. Include in returned options: + ```go + return formData, PdfOptions{ + // ... existing fields ... + Bookmarks: bookmarks, + // ... remaining fields ... + } + ``` + +3. In `convertUrl` function (after PDF generation, before conversion), add bookmark import logic: + +```go +if options.GenerateDocumentOutline { + if len(options.Bookmarks.Bookmarks) > 0 { + bookmarks, errMarshal := json.Marshal(options.Bookmarks) + outputBMPath := ctx.GeneratePath(".pdf") + + if errMarshal == nil { + outputPath, err = pdfengines.ImportBookmarksStub(ctx, engine, outputPath, bookmarks, outputBMPath) + if err != nil { + return fmt.Errorf("import bookmarks into PDF err: %w", err) + } + } else { + return fmt.Errorf("import bookmarks into PDF errMarshal : %w", errMarshal) + } + } +} +``` + +**Logic**: +- Only process bookmarks if `GenerateDocumentOutline` is true and bookmarks exist +- Marshal the bookmarks back to JSON +- Generate output path for PDF with bookmarks +- Call `ImportBookmarksStub` helper +- Update `outputPath` to the new path with bookmarks +- This happens **before** the `pdfengines.ConvertStub` call + +--- + +### 9. Test Updates + +**File**: `pkg/modules/pdfengines/multi_test.go` + +**Changes**: Add `nil` parameter to all `newMultiPdfEngines` calls in tests (for import bookmarks engines). + +Example: +```go +newMultiPdfEngines( + // ... existing parameters ... + nil, // import bookmarks engines +) +``` + +**Locations**: All test cases in `TestMultiPdfEngines_*` functions. + +--- + +**File**: `pkg/modules/pdfengines/pdfengines_test.go` + +**Changes**: + +1. Add `importBookmarksNames` field initialization in test structs: + +```go +mod := PdfEngines{ + mergeNames: []string{"foo", "bar"}, + convertNames: []string{"foo", "bar"}, + readMetadataNames: []string{"foo", "bar"}, + writeMedataNames: []string{"foo", "bar"}, + importBookmarksNames: []string{"foo", "bar"}, + engines: // ... +} +``` + +2. Update expected message count in `TestPdfEngines_SystemMessages`: + - Change from `4` to `5` messages + +3. Add expected message for import bookmarks: + +```go +expectedMessages := []string{ + // ... existing messages ... + fmt.Sprintf("import bookmarks engines - %s", strings.Join(mod.importBookmarksNames[:], " ")), +} +``` + +**Note**: Some test cases may have commented out assertions for `expectedImportBookmarksPdfEngines` - these should be implemented or left as TODOs based on project conventions. + +--- + +## Dependencies + +### Go Module Updates + +**File**: `go.mod` + +**Changes**: + +1. Add pdfcpu dependency in require block: + +```go +require ( + github.com/dlclark/regexp2 v1.11.4 + github.com/pdfcpu/pdfcpu v0.9.1 +) +``` + +2. Add indirect dependencies: + +```go +require ( + // ... existing ... + github.com/hhrutter/lzw v1.0.0 // indirect + github.com/hhrutter/tiff v1.0.1 // indirect + github.com/pkg/errors v0.9.1 // indirect + golang.org/x/image v0.21.0 // indirect + gopkg.in/yaml.v2 v2.4.0 // indirect +) +``` + +**File**: `go.sum` + +Updated with checksums for all new dependencies and their transitive dependencies. + +--- + +## Build and Deployment Changes + +### 1. Dockerfile + +**File**: `build/Dockerfile` + +**Changes**: Add support for pinning Chrome version via build argument: + +1. Add build argument: + ```dockerfile + ARG CHROME_VERSION + ``` + +2. Modify Chrome installation logic (line ~152) to support conditional installation: + +```dockerfile +RUN \ + /bin/bash -c \ + 'set -e &&\ + if [[ "$(dpkg --print-architecture)" == "amd64" ]]; then \ + apt-get update -qq &&\ + if [ -z "$CHROME_VERSION" ]; then \ + # Install latest stable version + curl https://dl.google.com/linux/linux_signing_key.pub | apt-key add - &&\ + echo "deb http://dl.google.com/linux/chrome/deb/ stable main" | tee /etc/apt/sources.list.d/google-chrome.list &&\ + apt-get update -qq &&\ + DEBIAN_FRONTEND=noninteractive apt-get install -y -qq --no-install-recommends --allow-unauthenticated google-chrome-stable &&\ + mv /usr/bin/google-chrome-stable /usr/bin/chromium; \ + else \ + # Install specific version + apt-get update -qq &&\ + curl --output /tmp/chrome.deb "https://dl.google.com/linux/chrome/deb/pool/main/g/google-chrome-stable/google-chrome-stable_${CHROME_VERSION}_amd64.deb" &&\ + DEBIAN_FRONTEND=noninteractive apt-get install -y -qq --no-install-recommends /tmp/chrome.deb &&\ + mv /usr/bin/google-chrome-stable /usr/bin/chromium &&\ + rm -rf /tmp/chrome.deb; \ + fi \ + elif [[ "$(dpkg --print-architecture)" == "armhf" ]]; then \ + # ... existing armhf logic unchanged ... +``` + +**Logic**: +- If `CHROME_VERSION` is empty/unset: install latest stable version (original behavior) +- If `CHROME_VERSION` is set: download and install specific .deb file from Google's repository + +--- + +### 2. Makefile + +**File**: `Makefile` + +**Changes**: + +1. Update default Docker registry: + ```makefile + DOCKER_REGISTRY=ghcr.io/fulll + ``` + (was: `DOCKER_REGISTRY=gotenberg`) + +2. Add `CHROME_VERSION` build argument to `build` target: + +```makefile +build: + # ... existing arguments ... + --build-arg CHROME_VERSION=$(CHROME_VERSION) \ + # ... rest of command ... +``` + +3. Add `CHROME_VERSION` to `build-tests` target: + +```makefile +build-tests: + # ... existing arguments ... + --build-arg CHROME_VERSION=$(CHROME_VERSION) \ + # ... rest of command ... +``` + +4. Add `CHROME_VERSION` parameter to `release` target: + +```makefile +release: + $(PDFCPU_VERSION) \ + $(DOCKER_REGISTRY) \ + $(DOCKER_REPOSITORY) \ + $(LINUX_AMD64_RELEASE) \ + $(CHROME_VERSION) # Add as 11th parameter +``` + +--- + +### 3. Release Script + +**File**: `scripts/release.sh` + +**Changes**: + +1. Add `CHROME_VERSION` parameter (11th argument): + ```bash + CHROME_VERSION="${11}" + ``` + +2. Remove multi-arch platform flag logic, force Linux AMD64 only: + ```bash + # Replace conditional logic with: + PLATFORM_FLAG="--platform linux/amd64" + ``` + (Note: Original had conditional for AMD64 only vs multi-arch) + +3. Add `CHROME_VERSION` build argument to docker buildx command: + +```bash +docker buildx build \ + # ... existing arguments ... + --build-arg CHROME_VERSION="$CHROME_VERSION" \ + # ... rest of command ... +``` + +--- + +### 4. GitHub Actions CI/CD + +**File**: `.github/workflows/continuous_delivery.yml` + +**Changes**: + +1. Update Docker registry from Docker Hub to GitHub Container Registry: + +```yaml +- name: Log in to Docker Hub Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} +``` + +2. Add Chrome version and release flag to build step: + +```yaml +- name: Build and push Docker image for release + env: + LINUX_AMD64_RELEASE: "true" + run: | + make release CHROME_VERSION=127.0.6533.119-1 GOTENBERG_VERSION=${{ github.event.release.tag_name }} DOCKER_REGISTRY=ghcr.io/fulll DOCKER_REPOSITORY=gotenberg +``` + +**Specifics**: +- `CHROME_VERSION=127.0.6533.119-1` (pinned version) +- `LINUX_AMD64_RELEASE="true"` +- Registry: `ghcr.io/fulll` +- Repository: `gotenberg` + +3. Add AWS ECR deployment steps: + +```yaml +- name: generate aws credentials config + env: + AWS_CREDENTIALS: ${{ secrets.STAGING_AWS_CREDENTIALS }} + aws-region: eu-central-1 + run: | + mkdir -p "${HOME}/.aws" + echo "${AWS_CREDENTIALS}" > "${HOME}/.aws/credentials" + +- name: docker login and push + run: | + # Extract tag name and strip first letter + TAG_NAME=$(echo "${{ github.event.release.tag_name }}" | cut -c 2-) + + docker pull ghcr.io/fulll/gotenberg:${TAG_NAME}-cloudrun + docker tag ghcr.io/fulll/gotenberg:${TAG_NAME}-cloudrun ${AWS_ECR_REGISTRY}/gotenberg-fulll:${TAG_NAME}-cloudrun + aws --region eu-central-1 ecr get-login-password | docker login --username AWS --password-stdin ${AWS_ECR_REGISTRY} + docker tag ${AWS_ECR_REGISTRY}/gotenberg-fulll:${TAG_NAME}-cloudrun ${AWS_ECR_REGISTRY}/gotenberg-fulll:latest + docker push ${AWS_ECR_REGISTRY}/gotenberg-fulll:${TAG_NAME}-cloudrun + docker push ${AWS_ECR_REGISTRY}/gotenberg-fulll:latest +``` + +**Logic**: +- Setup AWS credentials from secrets +- Extract release tag (remove 'v' prefix) +- Pull cloudrun variant from GitHub Container Registry +- Tag for AWS ECR (both versioned and latest) +- Push to ECR in eu-central-1 region + +**ECR Details**: +- Account ID: `private_from_secret` +- Region: `eu-central-1` +- Repository: `gotenberg-fulll` + +--- + +## API Usage + +### Request Parameters + +Users can now provide bookmarks when converting HTML/Markdown to PDF via Chromium routes: + +**Form Field**: `bookmarks` (string, JSON format) + +**Format**: JSON string matching pdfcpu BookmarkTree structure + +**Example**: +```json +{ + "Bookmarks": [ + { + "Title": "Chapter 1", + "PageFrom": 1, + "PageThru": -1, + "Kids": [ + { + "Title": "Section 1.1", + "PageFrom": 2, + "PageThru": -1 + } + ] + } + ] +} +``` + +**Behavior**: +- Bookmarks are only imported if `generateDocumentOutline` is `true` +- If bookmarks field is empty/missing, no bookmarks are added +- Invalid JSON returns error to user + +--- + +## Implementation Notes and Clarifications + +1. **Test Coverage**: + - In `pdfengines_test.go`, the commented-out assertions for `expectedImportBookmarksPdfEngines` are intentional + - No additional test implementation is required beyond what's shown + - Keep the commented code as-is + +2. **Debug Logging**: + - The `ImportBookmarksStub` function includes: `fmt.Println("ImportBookmarksStub BM empty")` + - **Keep this logging statement** - it's intentional for debugging purposes + +3. **Bookmark Validation**: + - No additional validation of bookmark structure is needed beyond JSON unmarshaling + - pdfcpu handles its own validation + - Keep the current simple approach + +4. **Implementation Approach**: + - The current approach (marshal to JSON → write temp file → call pdfcpu CLI) is intentional + - **Keep this approach** - do not refactor to use pdfcpu's Go API directly + - This maintains consistency with how other PDF operations are handled + +5. **Multi-Architecture Support**: + - **Linux AMD64 only** is intentional and required + - The project is customized for specific deployment needs + - Do not attempt to restore multi-arch support + +6. **AWS ECR Deployment**: + - AWS ECR push steps are **required and must be kept** + - This is for the project's specific deployment pipeline + - All AWS-related configuration should be preserved as-is + +7. **Chrome Version Pinning**: + - Chrome version **must be pinned** to a specific version for reproducible builds + - This allows control over Chrome updates in case new versions introduce breaking changes + - When reimplementing, update to the latest available stable Chrome version at that time, but keep it fixed (not "latest") + - Example: If current version is `127.0.6533.119-1`, find the latest stable version and pin to that specific version number + - Check https://dl.google.com/linux/chrome/deb/dists/stable/main/binary-amd64/Packages for available versions + +--- + +## Implementation Checklist + +When reimplementing on a newer version: + +- [ ] Add pdfcpu dependency to go.mod +- [ ] Extend PdfEngine interface with ImportBookmarks method +- [ ] Implement ImportBookmarks in pdfcpu module +- [ ] Add stub implementations in other PDF engines +- [ ] Update mock implementations +- [ ] Add multi-engine support for import bookmarks +- [ ] Add configuration flag for import bookmarks engines +- [ ] Update PdfEngines module to handle import bookmarks +- [ ] Add ImportBookmarksStub helper function +- [ ] Add Bookmarks field to Chromium PdfOptions +- [ ] Add bookmarks form field parsing in Chromium routes +- [ ] Integrate bookmark import in convertUrl function +- [ ] Update all test files with new parameters +- [ ] Add Chrome version build argument to Dockerfile +- [ ] Update Makefile with CHROME_VERSION support +- [ ] Update release script +- [ ] (Optional) Update CI/CD for specific deployment needs +- [ ] Test bookmark import with sample pdfcpu bookmark JSON +- [ ] Verify all PDF engines return appropriate errors +- [ ] Validate multi-engine fallback behavior + +--- + +## References + +- pdfcpu documentation: https://github.com/pdfcpu/pdfcpu +- pdfcpu bookmark format: See pdfcpu CLI documentation for `bookmarks export` command output format +- Original commit: `67c02e41cc185765ca4775a82556d55aaf882e8f` diff --git a/Makefile b/Makefile index d413b3077..d8272d52b 100644 --- a/Makefile +++ b/Makefile @@ -8,6 +8,7 @@ help: ## Show the help build: ## Build the Gotenberg's Docker image docker build \ -t $(DOCKER_REGISTRY)/$(DOCKER_REPOSITORY):$(GOTENBERG_VERSION) \ + -t gotenberg/gotenberg:snapshot \ -f $(DOCKERFILE) $(DOCKER_BUILD_CONTEXT) GOTENBERG_HIDE_BANNER=false diff --git a/build/Dockerfile b/build/Dockerfile index faf7c7100..ceb952c70 100644 --- a/build/Dockerfile +++ b/build/Dockerfile @@ -2,6 +2,7 @@ # concatenate them. Also, we have to repeat ARG instructions in each build # stage that uses them. ARG GOLANG_VERSION=1.25.4 +ARG CHROME_VERSION=143.0.7499.109-1 # ---------------------------------------------- # pdfcpu binary build stage @@ -91,6 +92,7 @@ FROM base-image-stage ARG GOTENBERG_VERSION=snapshot ARG GOTENBERG_USER_GID=1001 ARG GOTENBERG_USER_UID=1001 +ARG CHROME_VERSION # See https://github.com/googlefonts/noto-emoji/releases. ARG NOTO_COLOR_EMOJI_VERSION=v2.051 # See https://gitlab.com/pdftk-java/pdftk/-/releases - Binary package. @@ -191,9 +193,30 @@ RUN \ RUN \ # Install Chromium. - apt-get update -qq &&\ - apt-get upgrade -yqq &&\ - DEBIAN_FRONTEND=noninteractive apt-get install -y -qq --no-install-recommends chromium &&\ + /bin/bash -c \ + 'set -e &&\ + if [[ "$(dpkg --print-architecture)" == "amd64" ]]; then \ + apt-get update -qq &&\ + if [ -z "$CHROME_VERSION" ]; then \ + # Install latest stable version (use gpg dearmor instead of apt-key) + curl -fsSL https://dl.google.com/linux/linux_signing_key.pub -o /usr/share/keyrings/google-linux-signing-keyring.gpg &&\ + echo "deb [signed-by=/usr/share/keyrings/google-linux-signing-keyring.gpg] http://dl.google.com/linux/chrome/deb/ stable main" | tee /etc/apt/sources.list.d/google-chrome.list &&\ + apt-get update -qq &&\ + DEBIAN_FRONTEND=noninteractive apt-get install -y -qq --no-install-recommends --allow-unauthenticated google-chrome-stable &&\ + mv /usr/bin/google-chrome-stable /usr/bin/chromium; \ + else \ + # Install specific version + apt-get update -qq &&\ + curl --output /tmp/chrome.deb "https://dl.google.com/linux/chrome/deb/pool/main/g/google-chrome-stable/google-chrome-stable_${CHROME_VERSION}_amd64.deb" &&\ + DEBIAN_FRONTEND=noninteractive apt-get install -y -qq --no-install-recommends /tmp/chrome.deb &&\ + mv /usr/bin/google-chrome-stable /usr/bin/chromium &&\ + rm -rf /tmp/chrome.deb; \ + fi \ + elif [[ "$(dpkg --print-architecture)" == "armhf" ]]; then \ + apt-get update -qq &&\ + apt-get upgrade -yqq &&\ + DEBIAN_FRONTEND=noninteractive apt-get install -y -qq --no-install-recommends chromium; \ + fi' &&\ # Verify installation. chromium --version &&\ # Cleanup. diff --git a/go.mod b/go.mod index 8eda9434d..1959de790 100644 --- a/go.mod +++ b/go.mod @@ -18,6 +18,7 @@ require ( github.com/labstack/gommon v0.4.2 github.com/mholt/archives v0.1.5 github.com/microcosm-cc/bluemonday v1.0.27 + github.com/pdfcpu/pdfcpu v0.11.1 github.com/prometheus/client_golang v1.23.2 github.com/shirou/gopsutil/v4 v4.25.11 github.com/spf13/pflag v1.0.10 @@ -71,6 +72,9 @@ require ( github.com/hashicorp/go-memdb v1.3.5 // indirect github.com/hashicorp/golang-lru v1.0.2 // indirect github.com/hashicorp/golang-lru/v2 v2.0.7 // indirect + github.com/hhrutter/lzw v1.0.0 // indirect + github.com/hhrutter/pkcs7 v0.2.0 // indirect + github.com/hhrutter/tiff v1.0.2 // indirect github.com/klauspost/compress v1.18.2 // indirect github.com/klauspost/pgzip v1.2.6 // indirect github.com/lufia/plan9stats v0.0.0-20251013123823-9fd1530e3ec3 // indirect @@ -118,10 +122,12 @@ require ( go.yaml.in/yaml/v2 v2.4.3 // indirect go4.org v0.0.0-20230225012048-214862532bf5 // indirect golang.org/x/crypto v0.45.0 // indirect + golang.org/x/image v0.32.0 // indirect golang.org/x/sys v0.38.0 // indirect golang.org/x/time v0.14.0 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20250728155136-f173205681a0 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20250728155136-f173205681a0 // indirect google.golang.org/protobuf v1.36.10 // indirect + gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/go.sum b/go.sum index 50202b315..0d4b4140c 100644 --- a/go.sum +++ b/go.sum @@ -182,6 +182,12 @@ github.com/hashicorp/golang-lru v1.0.2 h1:dV3g9Z/unq5DpblPpw+Oqcv4dU/1omnb4Ok8iP github.com/hashicorp/golang-lru v1.0.2/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4= github.com/hashicorp/golang-lru/v2 v2.0.7 h1:a+bsQ5rvGLjzHuww6tVxozPZFVghXaHOwFs4luLUK2k= github.com/hashicorp/golang-lru/v2 v2.0.7/go.mod h1:QeFd9opnmA6QUJc5vARoKUSoFhyfM2/ZepoAG6RGpeM= +github.com/hhrutter/lzw v1.0.0 h1:laL89Llp86W3rRs83LvKbwYRx6INE8gDn0XNb1oXtm0= +github.com/hhrutter/lzw v1.0.0/go.mod h1:2HC6DJSn/n6iAZfgM3Pg+cP1KxeWc3ezG8bBqW5+WEo= +github.com/hhrutter/pkcs7 v0.2.0 h1:i4HN2XMbGQpZRnKBLsUwO3dSckzgX142TNqY/KfXg+I= +github.com/hhrutter/pkcs7 v0.2.0/go.mod h1:aEzKz0+ZAlz7YaEMY47jDHL14hVWD6iXt0AgqgAvWgE= +github.com/hhrutter/tiff v1.0.2 h1:7H3FQQpKu/i5WaSChoD1nnJbGx4MxU5TlNqqpxw55z8= +github.com/hhrutter/tiff v1.0.2/go.mod h1:pcOeuK5loFUE7Y/WnzGw20YxUdnqjY1P0Jlcieb/cCw= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= @@ -253,6 +259,8 @@ github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJw github.com/opencontainers/image-spec v1.1.1/go.mod h1:qpqAh3Dmcf36wStyyWU+kCeDgrGnAve2nCC8+7h8Q0M= github.com/orisano/pixelmatch v0.0.0-20220722002657-fb0b55479cde h1:x0TT0RDC7UhAVbbWWBzr41ElhJx5tXPWkIHA2HWPRuw= github.com/orisano/pixelmatch v0.0.0-20220722002657-fb0b55479cde/go.mod h1:nZgzbfBr3hhjoZnS66nKrHmduYNpc34ny7RK4z5/HM0= +github.com/pdfcpu/pdfcpu v0.11.1 h1:htHBSkGH5jMKWC6e0sihBFbcKZ8vG1M67c8/dJxhjas= +github.com/pdfcpu/pdfcpu v0.11.1/go.mod h1:pP3aGga7pRvwFWAm9WwFvo+V68DfANi9kxSQYioNYcw= github.com/pierrec/lz4/v4 v4.1.22 h1:cKFw6uJDK+/gfw5BcDL0JL5aBsAFdsIT18eRtLj7VIU= github.com/pierrec/lz4/v4 v4.1.22/go.mod h1:gZWDp/Ze/IJXGXf23ltt2EXimqmTUXEy0GFuRQyBid4= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= @@ -371,6 +379,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= +golang.org/x/image v0.32.0 h1:6lZQWq75h7L5IWNk0r+SCpUJ6tUVd3v4ZHnbRKLkUDQ= +golang.org/x/image v0.32.0/go.mod h1:/R37rrQmKXtO6tYXAjtDLwQgFLHmhW+V6ayXlxzP2Pc= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -537,6 +547,8 @@ gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntN gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= +gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= +gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/pkg/gotenberg/mocks.go b/pkg/gotenberg/mocks.go index 4478256e3..3e2236b75 100644 --- a/pkg/gotenberg/mocks.go +++ b/pkg/gotenberg/mocks.go @@ -46,14 +46,15 @@ func (mod *DebuggableMock) Debug() map[string]interface{} { // //nolint:dupl type PdfEngineMock struct { - MergeMock func(ctx context.Context, logger *zap.Logger, inputPaths []string, outputPath string) error - SplitMock func(ctx context.Context, logger *zap.Logger, mode SplitMode, inputPath, outputDirPath string) ([]string, error) - FlattenMock func(ctx context.Context, logger *zap.Logger, inputPath string) error - ConvertMock func(ctx context.Context, logger *zap.Logger, formats PdfFormats, inputPath, outputPath string) error - ReadMetadataMock func(ctx context.Context, logger *zap.Logger, inputPath string) (map[string]interface{}, error) - WriteMetadataMock func(ctx context.Context, logger *zap.Logger, metadata map[string]interface{}, inputPath string) error - EncryptMock func(ctx context.Context, logger *zap.Logger, inputPath, userPassword, ownerPassword string) error - EmbedFilesMock func(ctx context.Context, logger *zap.Logger, filePaths []string, inputPath string) error + MergeMock func(ctx context.Context, logger *zap.Logger, inputPaths []string, outputPath string) error + SplitMock func(ctx context.Context, logger *zap.Logger, mode SplitMode, inputPath, outputDirPath string) ([]string, error) + FlattenMock func(ctx context.Context, logger *zap.Logger, inputPath string) error + ConvertMock func(ctx context.Context, logger *zap.Logger, formats PdfFormats, inputPath, outputPath string) error + ReadMetadataMock func(ctx context.Context, logger *zap.Logger, inputPath string) (map[string]interface{}, error) + WriteMetadataMock func(ctx context.Context, logger *zap.Logger, metadata map[string]interface{}, inputPath string) error + EncryptMock func(ctx context.Context, logger *zap.Logger, inputPath, userPassword, ownerPassword string) error + EmbedFilesMock func(ctx context.Context, logger *zap.Logger, filePaths []string, inputPath string) error + ImportBookmarksMock func(ctx context.Context, logger *zap.Logger, inputPath, inputBookmarksPath, outputPath string) error } func (engine *PdfEngineMock) Merge(ctx context.Context, logger *zap.Logger, inputPaths []string, outputPath string) error { @@ -88,6 +89,10 @@ func (engine *PdfEngineMock) EmbedFiles(ctx context.Context, logger *zap.Logger, return engine.EmbedFilesMock(ctx, logger, filePaths, inputPath) } +func (engine *PdfEngineMock) ImportBookmarks(ctx context.Context, logger *zap.Logger, inputPath, inputBookmarksPath, outputPath string) error { + return engine.ImportBookmarksMock(ctx, logger, inputPath, inputBookmarksPath, outputPath) +} + // PdfEngineProviderMock is a mock for the [PdfEngineProvider] interface. type PdfEngineProviderMock struct { PdfEngineMock func() (PdfEngine, error) diff --git a/pkg/gotenberg/pdfengine.go b/pkg/gotenberg/pdfengine.go index 5e9dceb69..27f6c1e20 100644 --- a/pkg/gotenberg/pdfengine.go +++ b/pkg/gotenberg/pdfengine.go @@ -138,6 +138,9 @@ type PdfEngine interface { // WriteMetadata writes the metadata into a given PDF file. WriteMetadata(ctx context.Context, logger *zap.Logger, metadata map[string]interface{}, inputPath string) error + // ImportBookmarks imports bookmarks from a JSON file into a given PDF. + ImportBookmarks(ctx context.Context, logger *zap.Logger, inputPath, inputBookmarksPath, outputPath string) error + // Encrypt adds password protection to a PDF file. // The userPassword is required to open the document. // The ownerPassword provides full access to the document. diff --git a/pkg/modules/chromium/chromium.go b/pkg/modules/chromium/chromium.go index 2b32174db..0d3e88f74 100644 --- a/pkg/modules/chromium/chromium.go +++ b/pkg/modules/chromium/chromium.go @@ -13,6 +13,7 @@ import ( "github.com/alexliesenfeld/health" "github.com/chromedp/cdproto/network" "github.com/dlclark/regexp2" + "github.com/pdfcpu/pdfcpu/pkg/pdfcpu" flag "github.com/spf13/pflag" "go.uber.org/zap" @@ -228,6 +229,10 @@ type PdfOptions struct { // embedded into the PDF. GenerateDocumentOutline bool + // Bookmarks to be inserted unmarshaled + // as defined in pdfcpu bookmarks export + Bookmarks pdfcpu.BookmarkTree + // GenerateTaggedPdf defines whether to generate tagged (accessible) // PDF. GenerateTaggedPdf bool @@ -252,6 +257,7 @@ func DefaultPdfOptions() PdfOptions { FooterTemplate: "", PreferCssPageSize: false, GenerateDocumentOutline: false, + Bookmarks: pdfcpu.BookmarkTree{}, GenerateTaggedPdf: false, } } diff --git a/pkg/modules/chromium/routes.go b/pkg/modules/chromium/routes.go index 8af923075..3575b5bd8 100644 --- a/pkg/modules/chromium/routes.go +++ b/pkg/modules/chromium/routes.go @@ -17,6 +17,7 @@ import ( "github.com/gomarkdown/markdown" "github.com/labstack/echo/v4" "github.com/microcosm-cc/bluemonday" + "github.com/pdfcpu/pdfcpu/pkg/pdfcpu" "go.uber.org/multierr" "github.com/gotenberg/gotenberg/v8/pkg/gotenberg" @@ -236,6 +237,7 @@ func FormDataChromiumPdfOptions(ctx *api.Context) (*api.FormData, PdfOptions) { preferCssPageSize bool generateDocumentOutline bool generateTaggedPdf bool + bookmarks pdfcpu.BookmarkTree ) form. @@ -254,7 +256,18 @@ func FormDataChromiumPdfOptions(ctx *api.Context) (*api.FormData, PdfOptions) { Content("footer.html", &footerTemplate, defaultPdfOptions.FooterTemplate). Bool("preferCssPageSize", &preferCssPageSize, defaultPdfOptions.PreferCssPageSize). Bool("generateDocumentOutline", &generateDocumentOutline, defaultPdfOptions.GenerateDocumentOutline). - Bool("generateTaggedPdf", &generateTaggedPdf, defaultPdfOptions.GenerateTaggedPdf) + Bool("generateTaggedPdf", &generateTaggedPdf, defaultPdfOptions.GenerateTaggedPdf). + Custom("bookmarks", func(value string) error { + if len(value) > 0 { + err := json.Unmarshal([]byte(value), &bookmarks) + if err != nil { + return fmt.Errorf("unmarshal bookmarks: %w", err) + } + } else { + bookmarks = defaultPdfOptions.Bookmarks + } + return nil + }) pdfOptions := PdfOptions{ Options: options, @@ -273,6 +286,7 @@ func FormDataChromiumPdfOptions(ctx *api.Context) (*api.FormData, PdfOptions) { FooterTemplate: footerTemplate, PreferCssPageSize: preferCssPageSize, GenerateDocumentOutline: generateDocumentOutline, + Bookmarks: bookmarks, GenerateTaggedPdf: generateTaggedPdf, } @@ -695,6 +709,22 @@ func convertUrl(ctx *api.Context, chromium Api, engine gotenberg.PdfEngine, url return fmt.Errorf("convert to PDF: %w", err) } + if options.GenerateDocumentOutline { + if len(options.Bookmarks.Bookmarks) > 0 { + bookmarks, errMarshal := json.Marshal(options.Bookmarks) + outputBMPath := ctx.GeneratePath(".pdf") + + if errMarshal == nil { + outputPath, err = pdfengines.ImportBookmarksStub(ctx, engine, outputPath, bookmarks, outputBMPath) + if err != nil { + return fmt.Errorf("import bookmarks into PDF err: %w", err) + } + } else { + return fmt.Errorf("import bookmarks into PDF errMarshal : %w", errMarshal) + } + } + } + outputPaths, err := pdfengines.SplitPdfStub(ctx, engine, mode, []string{outputPath}) if err != nil { return fmt.Errorf("split PDF: %w", err) diff --git a/pkg/modules/exiftool/exiftool.go b/pkg/modules/exiftool/exiftool.go index d00127cdc..3b4294f8a 100644 --- a/pkg/modules/exiftool/exiftool.go +++ b/pkg/modules/exiftool/exiftool.go @@ -186,6 +186,11 @@ func (engine *ExifTool) EmbedFiles(ctx context.Context, logger *zap.Logger, file return fmt.Errorf("embed files with ExifTool: %w", gotenberg.ErrPdfEngineMethodNotSupported) } +// ImportBookmarks is not available in this implementation. +func (engine *ExifTool) ImportBookmarks(ctx context.Context, logger *zap.Logger, inputPath, inputBookmarksPath, outputPath string) error { + return fmt.Errorf("import bookmarks into PDF with ExifTool: %w", gotenberg.ErrPdfEngineMethodNotSupported) +} + // Interface guards. var ( _ gotenberg.Module = (*ExifTool)(nil) diff --git a/pkg/modules/libreoffice/pdfengine/pdfengine.go b/pkg/modules/libreoffice/pdfengine/pdfengine.go index e5a5c6618..3205aaaaa 100644 --- a/pkg/modules/libreoffice/pdfengine/pdfengine.go +++ b/pkg/modules/libreoffice/pdfengine/pdfengine.go @@ -101,6 +101,11 @@ func (engine *LibreOfficePdfEngine) EmbedFiles(ctx context.Context, logger *zap. return fmt.Errorf("embed files with LibreOffice: %w", gotenberg.ErrPdfEngineMethodNotSupported) } +// ImportBookmarks is not available in this implementation. +func (engine *LibreOfficePdfEngine) ImportBookmarks(ctx context.Context, logger *zap.Logger, inputPath, inputBookmarksPath, outputPath string) error { + return fmt.Errorf("import bookmarks into PDF with LibreOffice: %w", gotenberg.ErrPdfEngineMethodNotSupported) +} + // Interface guards. var ( _ gotenberg.Module = (*LibreOfficePdfEngine)(nil) diff --git a/pkg/modules/pdfcpu/doc.go b/pkg/modules/pdfcpu/doc.go index 6856a27ac..689a9a3d5 100644 --- a/pkg/modules/pdfcpu/doc.go +++ b/pkg/modules/pdfcpu/doc.go @@ -2,7 +2,8 @@ // interface using the pdfcpu command-line tool. This package allows for: // // 1. The merging of PDF files. -// 2. The splitting of PDF files. +// 2. Import bookmarks in a PDF file. +// 3. The splitting of PDF files. // // See: https://github.com/pdfcpu/pdfcpu. package pdfcpu diff --git a/pkg/modules/pdfcpu/pdfcpu.go b/pkg/modules/pdfcpu/pdfcpu.go index 37f0d2562..3047d5cd9 100644 --- a/pkg/modules/pdfcpu/pdfcpu.go +++ b/pkg/modules/pdfcpu/pdfcpu.go @@ -230,6 +230,28 @@ func (engine *PdfCpu) Encrypt(ctx context.Context, logger *zap.Logger, inputPath return nil } +// ImportBookmarks imports bookmarks from a JSON file into a given PDF. +func (engine *PdfCpu) ImportBookmarks(ctx context.Context, logger *zap.Logger, inputPath, inputBookmarksPath, outputPath string) error { + if inputBookmarksPath == "" { + return nil + } + + var args []string + args = append(args, "bookmarks", "import", inputPath, inputBookmarksPath, outputPath) + + cmd, err := gotenberg.CommandContext(ctx, logger, engine.binPath, args...) + if err != nil { + return fmt.Errorf("create command: %w", err) + } + + _, err = cmd.Exec() + if err == nil { + return nil + } + + return fmt.Errorf("import bookmarks into PDFs with pdfcpu: %w", err) +} + // Interface guards. var ( _ gotenberg.Module = (*PdfCpu)(nil) diff --git a/pkg/modules/pdfengines/multi.go b/pkg/modules/pdfengines/multi.go index 5726a2b06..935b1d7c2 100644 --- a/pkg/modules/pdfengines/multi.go +++ b/pkg/modules/pdfengines/multi.go @@ -20,6 +20,7 @@ type multiPdfEngines struct { writeMetadataEngines []gotenberg.PdfEngine passwordEngines []gotenberg.PdfEngine embedEngines []gotenberg.PdfEngine + importBookmarksEngines []gotenberg.PdfEngine } func newMultiPdfEngines( @@ -30,17 +31,19 @@ func newMultiPdfEngines( readMetadataEngines, writeMetadataEngines, passwordEngines, - embedEngines []gotenberg.PdfEngine, + embedEngines, + importBookmarksEngines []gotenberg.PdfEngine, ) *multiPdfEngines { return &multiPdfEngines{ - mergeEngines: mergeEngines, - splitEngines: splitEngines, - flattenEngines: flattenEngines, - convertEngines: convertEngines, - readMetadataEngines: readMetadataEngines, - writeMetadataEngines: writeMetadataEngines, - passwordEngines: passwordEngines, - embedEngines: embedEngines, + mergeEngines: mergeEngines, + splitEngines: splitEngines, + flattenEngines: flattenEngines, + convertEngines: convertEngines, + readMetadataEngines: readMetadataEngines, + writeMetadataEngines: writeMetadataEngines, + passwordEngines: passwordEngines, + embedEngines: embedEngines, + importBookmarksEngines: importBookmarksEngines, } } @@ -266,6 +269,31 @@ func (multi *multiPdfEngines) EmbedFiles(ctx context.Context, logger *zap.Logger return fmt.Errorf("embed files into PDF using multi PDF engines: %w", err) } +// ImportBookmarks imports bookmarks from a JSON file into a PDF using the first available +// engine that supports bookmark importing. +func (multi *multiPdfEngines) ImportBookmarks(ctx context.Context, logger *zap.Logger, inputPath, inputBookmarksPath, outputPath string) error { + var err error + errChan := make(chan error, 1) + + for _, engine := range multi.importBookmarksEngines { + go func(engine gotenberg.PdfEngine) { + errChan <- engine.ImportBookmarks(ctx, logger, inputPath, inputBookmarksPath, outputPath) + }(engine) + + select { + case mergeErr := <-errChan: + errored := multierr.AppendInto(&err, mergeErr) + if !errored { + return nil + } + case <-ctx.Done(): + return ctx.Err() + } + } + + return fmt.Errorf("import bookmarks into PDF with multi PDF engines: %w", err) +} + // Interface guards. var ( _ gotenberg.PdfEngine = (*multiPdfEngines)(nil) diff --git a/pkg/modules/pdfengines/pdfengines.go b/pkg/modules/pdfengines/pdfengines.go index 6fd70eca3..dbbd1c1c8 100644 --- a/pkg/modules/pdfengines/pdfengines.go +++ b/pkg/modules/pdfengines/pdfengines.go @@ -27,16 +27,17 @@ func init() { // the [api.Router] interface to expose relevant PDF processing routes if // enabled. type PdfEngines struct { - mergeNames []string - splitNames []string - flattenNames []string - convertNames []string - readMetadataNames []string - writeMetadataNames []string - encryptNames []string - embedNames []string - engines []gotenberg.PdfEngine - disableRoutes bool + mergeNames []string + splitNames []string + flattenNames []string + convertNames []string + readMetadataNames []string + writeMetadataNames []string + encryptNames []string + embedNames []string + importBookmarksNames []string + engines []gotenberg.PdfEngine + disableRoutes bool } // Descriptor returns a PdfEngines' module descriptor. @@ -53,6 +54,7 @@ func (mod *PdfEngines) Descriptor() gotenberg.ModuleDescriptor { fs.StringSlice("pdfengines-write-metadata-engines", []string{"exiftool"}, "Set the PDF engines and their order for the write metadata feature - empty means all") fs.StringSlice("pdfengines-encrypt-engines", []string{"qpdf", "pdftk", "pdfcpu"}, "Set the PDF engines and their order for the password protection feature - empty means all") fs.StringSlice("pdfengines-embed-engines", []string{"pdfcpu"}, "Set the PDF engines and their order for the file embedding feature - empty means all") + fs.StringSlice("pdfengines-import-bookmarks-engines", []string{"pdfcpu"}, "Set the PDF engines and their order for the import bookmarks feature - empty means all") fs.Bool("pdfengines-disable-routes", false, "Disable the routes") // Deprecated flags. @@ -80,6 +82,7 @@ func (mod *PdfEngines) Provision(ctx *gotenberg.Context) error { writeMetadataNames := flags.MustStringSlice("pdfengines-write-metadata-engines") encryptNames := flags.MustStringSlice("pdfengines-encrypt-engines") embedNames := flags.MustStringSlice("pdfengines-embed-engines") + importBookmarksNames := flags.MustStringSlice("pdfengines-import-bookmarks-engines") mod.disableRoutes = flags.MustBool("pdfengines-disable-routes") engines, err := ctx.Modules(new(gotenberg.PdfEngine)) @@ -146,6 +149,11 @@ func (mod *PdfEngines) Provision(ctx *gotenberg.Context) error { mod.embedNames = embedNames } + mod.importBookmarksNames = defaultNames + if len(importBookmarksNames) > 0 { + mod.importBookmarksNames = importBookmarksNames + } + return nil } @@ -201,6 +209,7 @@ func (mod *PdfEngines) Validate() error { findNonExistingEngines(mod.writeMetadataNames) findNonExistingEngines(mod.encryptNames) findNonExistingEngines(mod.embedNames) + findNonExistingEngines(mod.importBookmarksNames) if len(nonExistingEngines) == 0 { return nil @@ -220,6 +229,7 @@ func (mod *PdfEngines) SystemMessages() []string { fmt.Sprintf("read metadata engines - %s", strings.Join(mod.readMetadataNames[:], " ")), fmt.Sprintf("write metadata engines - %s", strings.Join(mod.writeMetadataNames[:], " ")), fmt.Sprintf("encrypt engines - %s", strings.Join(mod.encryptNames[:], " ")), + fmt.Sprintf("import bookmarks engines - %s", strings.Join(mod.importBookmarksNames[:], " ")), } } @@ -248,6 +258,7 @@ func (mod *PdfEngines) PdfEngine() (gotenberg.PdfEngine, error) { engines(mod.writeMetadataNames), engines(mod.encryptNames), engines(mod.embedNames), + engines(mod.importBookmarksNames), ), nil } diff --git a/pkg/modules/pdfengines/routes.go b/pkg/modules/pdfengines/routes.go index 334678e7b..576d2b7e4 100644 --- a/pkg/modules/pdfengines/routes.go +++ b/pkg/modules/pdfengines/routes.go @@ -5,6 +5,7 @@ import ( "errors" "fmt" "net/http" + "os" "path/filepath" "strconv" "strings" @@ -301,6 +302,26 @@ func EmbedFilesStub(ctx *api.Context, engine gotenberg.PdfEngine, embedPaths []s return nil } +// ImportBookmarksStub imports bookmarks into a PDF file. +func ImportBookmarksStub(ctx *api.Context, engine gotenberg.PdfEngine, inputPath string, inputBookmarks []byte, outputPath string) (string, error) { + if len(inputBookmarks) == 0 { + fmt.Println("ImportBookmarksStub BM empty") + return inputPath, nil + } + + inputBookmarksPath := ctx.GeneratePath(".json") + err := os.WriteFile(inputBookmarksPath, inputBookmarks, 0o600) + if err != nil { + return "", fmt.Errorf("write file %v: %w", inputBookmarksPath, err) + } + err = engine.ImportBookmarks(ctx, ctx.Log(), inputPath, inputBookmarksPath, outputPath) + if err != nil { + return "", fmt.Errorf("import bookmarks %v: %w", inputPath, err) + } + + return outputPath, nil +} + // mergeRoute returns an [api.Route] which can merge PDFs. func mergeRoute(engine gotenberg.PdfEngine) api.Route { return api.Route{ diff --git a/pkg/modules/pdftk/pdftk.go b/pkg/modules/pdftk/pdftk.go index f5c112b05..e67a087c6 100644 --- a/pkg/modules/pdftk/pdftk.go +++ b/pkg/modules/pdftk/pdftk.go @@ -188,6 +188,11 @@ func (engine *PdfTk) EmbedFiles(ctx context.Context, logger *zap.Logger, filePat return fmt.Errorf("embed files with PDFtk: %w", gotenberg.ErrPdfEngineMethodNotSupported) } +// ImportBookmarks is not available in this implementation. +func (engine *PdfTk) ImportBookmarks(ctx context.Context, logger *zap.Logger, inputPath, inputBookmarksPath, outputPath string) error { + return fmt.Errorf("import bookmarks into PDF with PDFtk: %w", gotenberg.ErrPdfEngineMethodNotSupported) +} + // Interface guards. var ( _ gotenberg.Module = (*PdfTk)(nil) diff --git a/pkg/modules/qpdf/qpdf.go b/pkg/modules/qpdf/qpdf.go index c8507983b..2d6e7ba7d 100644 --- a/pkg/modules/qpdf/qpdf.go +++ b/pkg/modules/qpdf/qpdf.go @@ -206,6 +206,11 @@ func (engine *QPdf) EmbedFiles(ctx context.Context, logger *zap.Logger, filePath return fmt.Errorf("embed files with QPDF: %w", gotenberg.ErrPdfEngineMethodNotSupported) } +// ImportBookmarks is not available in this implementation. +func (engine *QPdf) ImportBookmarks(ctx context.Context, logger *zap.Logger, inputPath, inputBookmarksPath, outputPath string) error { + return fmt.Errorf("import bookmarks into PDF with QPDF: %w", gotenberg.ErrPdfEngineMethodNotSupported) +} + var ( _ gotenberg.Module = (*QPdf)(nil) _ gotenberg.Provisioner = (*QPdf)(nil) From ca4db1f5ca11c286ee4f7c34187cf25628c91bf2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Romain=20Pr=C3=A9vost?= <32127074+toindev@users.noreply.github.com> Date: Fri, 13 Feb 2026 11:30:28 +0100 Subject: [PATCH 2/5] ci: use credentials --- .github/workflows/continuous-delivery.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/continuous-delivery.yml b/.github/workflows/continuous-delivery.yml index f186146bd..478b52e9c 100644 --- a/.github/workflows/continuous-delivery.yml +++ b/.github/workflows/continuous-delivery.yml @@ -56,3 +56,5 @@ jobs: docker tag ${AWS_ECR_REGISTRY}/gotenberg-fulll:${TAG_NAME}-cloudrun ${AWS_ECR_REGISTRY}/gotenberg-fulll:latest docker push ${AWS_ECR_REGISTRY}/gotenberg-fulll:${TAG_NAME}-cloudrun docker push ${AWS_ECR_REGISTRY}/gotenberg-fulll:latest + env: + AWS_ECR_REGISTRY: ${{ secrets.AWS_ECR_REGISTRY }} From 919e7cbfb538b0d2cce290bd7821986e796638b5 Mon Sep 17 00:00:00 2001 From: "aikido-autofix[bot]" <119856028+aikido-autofix[bot]@users.noreply.github.com> Date: Fri, 27 Feb 2026 10:22:08 +0000 Subject: [PATCH 3/5] fix(security): container autofix for gotenberg-fulll --- build/Dockerfile | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/build/Dockerfile b/build/Dockerfile index 4aeaff321..907c70460 100644 --- a/build/Dockerfile +++ b/build/Dockerfile @@ -56,7 +56,10 @@ RUN go build -o gotenberg -ldflags "-s -w -X 'github.com/gotenberg/gotenberg/v8/ # Custom JRE stage # Credits: https://github.com/jodconverter/docker-image-jodconverter-runtime # ---------------------------------------------- -FROM debian:13-slim AS custom-jre-stage +FROM debian:13-slim@sha256:1d3c811171a08a5adaa4a163fbafd96b61b87aa871bbc7aa15431ac275d3d430 AS custom-jre-stage + +# Setting DOCKERFILE_DATE forces a build cache refresh for the package upgrades +ENV DOCKERFILE_DATE=2026-02-26 RUN \ apt-get update -qq &&\ @@ -78,7 +81,7 @@ RUN jlink \ # ---------------------------------------------- # Base image stage # ---------------------------------------------- -FROM debian:13-slim AS base-image-stage +FROM debian:13-slim@sha256:1d3c811171a08a5adaa4a163fbafd96b61b87aa871bbc7aa15431ac275d3d430 AS base-image-stage ARG TIMEZONE=UTC ENV TZ=$TIMEZONE @@ -108,6 +111,9 @@ LABEL org.opencontainers.image.title="Gotenberg" \ org.opencontainers.image.documentation="https://gotenberg.dev" \ org.opencontainers.image.source="https://github.com/gotenberg/gotenberg" +# Setting DOCKERFILE_DATE forces a build cache refresh for the package upgrades +ENV DOCKERFILE_DATE=2026-02-26 + RUN \ # Create a non-root user. # All processes in the Docker container will run with this dedicated user. From bb9683f50bc9da71f9423dd77202a02ddf42c4a1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Romain=20Pr=C3=A9vost?= <32127074+toindev@users.noreply.github.com> Date: Wed, 4 Mar 2026 14:40:34 +0100 Subject: [PATCH 4/5] fix: init .aikido file https://github.com/fulll/chapter-secops/issues/1592 --- .aikido | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 .aikido diff --git a/.aikido b/.aikido new file mode 100644 index 000000000..814c5e38b --- /dev/null +++ b/.aikido @@ -0,0 +1,12 @@ +ignore: + cves: + CVE-2026-23949: + reason: python dependency, waiting for upstream release of gotenberg + CVE-2026-24049: + reason: python dependency, waiting for upstream release of gotenberg + CVE-2025-48924: + reason: java dependency, waiting for upstream release of gotenberg + CVE-2025-47914: + reason: Go dependency, waiting for upstream release of gotenberg + CVE-2025-58181: + reason: Go dependency, waiting for upstream release of gotenberg \ No newline at end of file From 0f6f1549f78607c5ac7a32120c5d277036be8d15 Mon Sep 17 00:00:00 2001 From: "aikido-autofix[bot]" <119856028+aikido-autofix[bot]@users.noreply.github.com> Date: Thu, 5 Mar 2026 13:17:12 +0000 Subject: [PATCH 5/5] fix(security): autofix Potential file inclusion attack via reading file --- pkg/modules/api/formdata.go | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/pkg/modules/api/formdata.go b/pkg/modules/api/formdata.go index 632a67d91..d82bbc941 100644 --- a/pkg/modules/api/formdata.go +++ b/pkg/modules/api/formdata.go @@ -547,6 +547,14 @@ func (form *FormData) mandatoryPath(filename string, target *string) *FormData { // readFile binds the content of a file to a string variable. It populates an // error if it fails to read the file content. func (form *FormData) readFile(path, filename string, target *string) *FormData { + if strings.Contains(path, "../") || strings.Contains(path, "..\\") { + form.append( + fmt.Errorf("invalid file path"), + ) + + return form + } + b, err := os.ReadFile(path) if err != nil { form.append(